Various cleanups to the software encryption transform interface.

- Consistently use 'void *' for key schedules / key contexts instead
  of a mix of 'caddr_t', 'uint8_t *', and 'void *'.

- Add a ctxsize member to enc_xform similar to what auth transforms use
  and require callers to malloc/zfree the context.  The setkey callback
  now supplies the caller-allocated context pointer and the zerokey
  callback is removed.  Callers now always use zfree() to ensure
  key contexts are zeroed.

- Consistently use C99 initializers for all statically-initialized
  instances of 'struct enc_xform'.

- Change the encrypt and decrypt functions to accept separate in and
  out buffer pointers.  Almost all of the backend crypto functions
  already supported separate input and output buffers and this makes
  it simpler to support separate buffers in OCF.

- Remove xform_userland.h shim to permit transforms to be compiled in
  userland.  Transforms no longer call malloc/free directly.

Reviewed by:	cem (earlier version)
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D24855

1 files changed, 42 insertions, 49 deletions

diff --git a/sys/opencrypto/xform_aes_icm.c b/sys/opencrypto/xform_aes_icm.c
index ba3eca0a839e..0423a83b4c5c 100644
--- a/sys/opencrypto/xform_aes_icm.c
+++ b/sys/opencrypto/xform_aes_icm.c
@@ -52,43 +52,50 @@ __FBSDID("$FreeBSD$");
 
 #include <opencrypto/xform_enc.h>
 
-static	int aes_icm_setkey(u_int8_t **, const u_int8_t *, int);
-static	void aes_icm_crypt(caddr_t, u_int8_t *);
-static	void aes_icm_zerokey(u_int8_t **);
-static	void aes_icm_reinit(caddr_t, const u_int8_t *);
-static	void aes_gcm_reinit(caddr_t, const u_int8_t *);
-static	void aes_ccm_reinit(caddr_t, const u_int8_t *);
+static	int aes_icm_setkey(void *, const uint8_t *, int);
+static	void aes_icm_crypt(void *, const uint8_t *, uint8_t *);
+static	void aes_icm_reinit(void *, const uint8_t *);
+static	void aes_gcm_reinit(void *, const uint8_t *);
+static	void aes_ccm_reinit(void *, const uint8_t *);
 
 /* Encryption instances */
 struct enc_xform enc_xform_aes_icm = {
-	CRYPTO_AES_ICM, "AES-ICM",
-	AES_BLOCK_LEN, AES_BLOCK_LEN, AES_MIN_KEY, AES_MAX_KEY,
-	aes_icm_crypt,
-	aes_icm_crypt,
-	aes_icm_setkey,
-	aes_icm_zerokey,
-	aes_icm_reinit,
+	.type = CRYPTO_AES_ICM,
+	.name = "AES-ICM",
+	.ctxsize = sizeof(struct aes_icm_ctx),
+	.blocksize = AES_BLOCK_LEN,
+	.ivsize = AES_BLOCK_LEN,
+	.minkey = AES_MIN_KEY,
+	.maxkey = AES_MAX_KEY,
+	.encrypt = aes_icm_crypt,
+	.decrypt = aes_icm_crypt,
+	.setkey = aes_icm_setkey,
+	.reinit = aes_icm_reinit,
 };
 
 struct enc_xform enc_xform_aes_nist_gcm = {
-	CRYPTO_AES_NIST_GCM_16, "AES-GCM",
-	AES_ICM_BLOCK_LEN, AES_GCM_IV_LEN, AES_MIN_KEY, AES_MAX_KEY,
-	aes_icm_crypt,
-	aes_icm_crypt,
-	aes_icm_setkey,
-	aes_icm_zerokey,
-	aes_gcm_reinit,
+	.type = CRYPTO_AES_NIST_GCM_16,
+	.name = "AES-GCM",
+	.ctxsize = sizeof(struct aes_icm_ctx),
+	.blocksize = AES_ICM_BLOCK_LEN,
+	.ivsize = AES_GCM_IV_LEN,
+	.minkey = AES_MIN_KEY,
+	.maxkey = AES_MAX_KEY,
+	.encrypt = aes_icm_crypt,
+	.decrypt = aes_icm_crypt,
+	.setkey = aes_icm_setkey,
+	.reinit = aes_gcm_reinit,
 };
 
 struct enc_xform enc_xform_ccm = {
 	.type = CRYPTO_AES_CCM_16,
 	.name = "AES-CCM",
+	.ctxsize = sizeof(struct aes_icm_ctx),
 	.blocksize = AES_ICM_BLOCK_LEN, .ivsize = AES_CCM_IV_LEN,
 	.minkey = AES_MIN_KEY, .maxkey = AES_MAX_KEY,
 	.encrypt = aes_icm_crypt,
 	.decrypt = aes_icm_crypt,
 	.setkey = aes_icm_setkey,
-	.zerokey = aes_icm_zerokey,
 	.reinit = aes_ccm_reinit,
 };
 
@@ -96,33 +103,33 @@ struct enc_xform enc_xform_ccm = {
  * Encryption wrapper routines.
  */
 static void
-aes_icm_reinit(caddr_t key, const u_int8_t *iv)
+aes_icm_reinit(void *key, const uint8_t *iv)
 {
 	struct aes_icm_ctx *ctx;
 
-	ctx = (struct aes_icm_ctx *)key;
+	ctx = key;
 	bcopy(iv, ctx->ac_block, AESICM_BLOCKSIZE);
 }
 
 static void
-aes_gcm_reinit(caddr_t key, const u_int8_t *iv)
+aes_gcm_reinit(void *key, const uint8_t *iv)
 {
 	struct aes_icm_ctx *ctx;
 
 	aes_icm_reinit(key, iv);
 
-	ctx = (struct aes_icm_ctx *)key;
+	ctx = key;
 	/* GCM starts with 2 as counter 1 is used for final xor of tag. */
 	bzero(&ctx->ac_block[AESICM_BLOCKSIZE - 4], 4);
 	ctx->ac_block[AESICM_BLOCKSIZE - 1] = 2;
 }
 
 static void
-aes_ccm_reinit(caddr_t key, const u_int8_t *iv)
+aes_ccm_reinit(void *key, const uint8_t *iv)
 {
 	struct aes_icm_ctx *ctx;
 
-	ctx = (struct aes_icm_ctx*)key;
+	ctx = key;
 
 	/* CCM has flags, then the IV, then the counter, which starts at 1 */
 	bzero(ctx->ac_block, sizeof(ctx->ac_block));
@@ -133,16 +140,16 @@ aes_ccm_reinit(caddr_t key, const u_int8_t *iv)
 }
 
 static void
-aes_icm_crypt(caddr_t key, u_int8_t *data)
+aes_icm_crypt(void *key, const uint8_t *in, uint8_t *out)
 {
 	struct aes_icm_ctx *ctx;
-	u_int8_t keystream[AESICM_BLOCKSIZE];
+	uint8_t keystream[AESICM_BLOCKSIZE];
 	int i;
 
-	ctx = (struct aes_icm_ctx *)key;
+	ctx = key;
 	rijndaelEncrypt(ctx->ac_ek, ctx->ac_nr, ctx->ac_block, keystream);
 	for (i = 0; i < AESICM_BLOCKSIZE; i++)
-		data[i] ^= keystream[i];
+		out[i] = in[i] ^ keystream[i];
 	explicit_bzero(keystream, sizeof(keystream));
 
 	/* increment counter */
@@ -153,28 +160,14 @@ aes_icm_crypt(caddr_t key, u_int8_t *data)
 }
 
 static int
-aes_icm_setkey(u_int8_t **sched, const u_int8_t *key, int len)
+aes_icm_setkey(void *sched, const uint8_t *key, int len)
 {
 	struct aes_icm_ctx *ctx;
 
 	if (len != 16 && len != 24 && len != 32)
-		return EINVAL;
+		return (EINVAL);
 
-	*sched = KMALLOC(sizeof(struct aes_icm_ctx), M_CRYPTO_DATA,
-	    M_NOWAIT | M_ZERO);
-	if (*sched == NULL)
-		return ENOMEM;
-
-	ctx = (struct aes_icm_ctx *)*sched;
+	ctx = sched;
 	ctx->ac_nr = rijndaelKeySetupEnc(ctx->ac_ek, key, len * 8);
-	return 0;
-}
-
-static void
-aes_icm_zerokey(u_int8_t **sched)
-{
-
-	bzero(*sched, sizeof(struct aes_icm_ctx));
-	KFREE(*sched, M_CRYPTO_DATA);
-	*sched = NULL;
+	return (0);
 }