Commit | Line | Data |
---|---|---|
df1309ce GS |
1 | /* |
2 | * Cryptographic API. | |
3 | * | |
4 | * s390 implementation of the GHASH algorithm for GCM (Galois/Counter Mode). | |
5 | * | |
6 | * Copyright IBM Corp. 2011 | |
7 | * Author(s): Gerald Schaefer <gerald.schaefer@de.ibm.com> | |
8 | */ | |
9 | ||
10 | #include <crypto/internal/hash.h> | |
11 | #include <linux/module.h> | |
d05377c1 | 12 | #include <linux/cpufeature.h> |
c7d4d259 | 13 | #include <asm/cpacf.h> |
df1309ce GS |
14 | |
15 | #define GHASH_BLOCK_SIZE 16 | |
16 | #define GHASH_DIGEST_SIZE 16 | |
17 | ||
18 | struct ghash_ctx { | |
a1cae34e | 19 | u8 key[GHASH_BLOCK_SIZE]; |
df1309ce GS |
20 | }; |
21 | ||
22 | struct ghash_desc_ctx { | |
a1cae34e HF |
23 | u8 icv[GHASH_BLOCK_SIZE]; |
24 | u8 key[GHASH_BLOCK_SIZE]; | |
df1309ce GS |
25 | u8 buffer[GHASH_BLOCK_SIZE]; |
26 | u32 bytes; | |
27 | }; | |
28 | ||
29 | static int ghash_init(struct shash_desc *desc) | |
30 | { | |
31 | struct ghash_desc_ctx *dctx = shash_desc_ctx(desc); | |
a1cae34e | 32 | struct ghash_ctx *ctx = crypto_shash_ctx(desc->tfm); |
df1309ce GS |
33 | |
34 | memset(dctx, 0, sizeof(*dctx)); | |
a1cae34e | 35 | memcpy(dctx->key, ctx->key, GHASH_BLOCK_SIZE); |
df1309ce GS |
36 | |
37 | return 0; | |
38 | } | |
39 | ||
40 | static int ghash_setkey(struct crypto_shash *tfm, | |
41 | const u8 *key, unsigned int keylen) | |
42 | { | |
43 | struct ghash_ctx *ctx = crypto_shash_ctx(tfm); | |
44 | ||
45 | if (keylen != GHASH_BLOCK_SIZE) { | |
46 | crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN); | |
47 | return -EINVAL; | |
48 | } | |
49 | ||
50 | memcpy(ctx->key, key, GHASH_BLOCK_SIZE); | |
df1309ce GS |
51 | |
52 | return 0; | |
53 | } | |
54 | ||
55 | static int ghash_update(struct shash_desc *desc, | |
56 | const u8 *src, unsigned int srclen) | |
57 | { | |
58 | struct ghash_desc_ctx *dctx = shash_desc_ctx(desc); | |
df1309ce GS |
59 | unsigned int n; |
60 | u8 *buf = dctx->buffer; | |
df1309ce GS |
61 | |
62 | if (dctx->bytes) { | |
63 | u8 *pos = buf + (GHASH_BLOCK_SIZE - dctx->bytes); | |
64 | ||
65 | n = min(srclen, dctx->bytes); | |
66 | dctx->bytes -= n; | |
67 | srclen -= n; | |
68 | ||
69 | memcpy(pos, src, n); | |
70 | src += n; | |
71 | ||
72 | if (!dctx->bytes) { | |
0177db01 MS |
73 | cpacf_kimd(CPACF_KIMD_GHASH, dctx, buf, |
74 | GHASH_BLOCK_SIZE); | |
df1309ce GS |
75 | } |
76 | } | |
77 | ||
78 | n = srclen & ~(GHASH_BLOCK_SIZE - 1); | |
79 | if (n) { | |
0177db01 | 80 | cpacf_kimd(CPACF_KIMD_GHASH, dctx, src, n); |
df1309ce GS |
81 | src += n; |
82 | srclen -= n; | |
83 | } | |
84 | ||
85 | if (srclen) { | |
86 | dctx->bytes = GHASH_BLOCK_SIZE - srclen; | |
87 | memcpy(buf, src, srclen); | |
88 | } | |
89 | ||
90 | return 0; | |
91 | } | |
92 | ||
a1cae34e | 93 | static int ghash_flush(struct ghash_desc_ctx *dctx) |
df1309ce GS |
94 | { |
95 | u8 *buf = dctx->buffer; | |
df1309ce GS |
96 | |
97 | if (dctx->bytes) { | |
98 | u8 *pos = buf + (GHASH_BLOCK_SIZE - dctx->bytes); | |
99 | ||
100 | memset(pos, 0, dctx->bytes); | |
0177db01 | 101 | cpacf_kimd(CPACF_KIMD_GHASH, dctx, buf, GHASH_BLOCK_SIZE); |
a1cae34e | 102 | dctx->bytes = 0; |
df1309ce GS |
103 | } |
104 | ||
36eb2caa | 105 | return 0; |
df1309ce GS |
106 | } |
107 | ||
108 | static int ghash_final(struct shash_desc *desc, u8 *dst) | |
109 | { | |
110 | struct ghash_desc_ctx *dctx = shash_desc_ctx(desc); | |
36eb2caa | 111 | int ret; |
df1309ce | 112 | |
a1cae34e | 113 | ret = ghash_flush(dctx); |
36eb2caa | 114 | if (!ret) |
a1cae34e | 115 | memcpy(dst, dctx->icv, GHASH_BLOCK_SIZE); |
36eb2caa | 116 | return ret; |
df1309ce GS |
117 | } |
118 | ||
119 | static struct shash_alg ghash_alg = { | |
120 | .digestsize = GHASH_DIGEST_SIZE, | |
121 | .init = ghash_init, | |
122 | .update = ghash_update, | |
123 | .final = ghash_final, | |
124 | .setkey = ghash_setkey, | |
125 | .descsize = sizeof(struct ghash_desc_ctx), | |
126 | .base = { | |
127 | .cra_name = "ghash", | |
128 | .cra_driver_name = "ghash-s390", | |
c7d4d259 | 129 | .cra_priority = 300, |
df1309ce GS |
130 | .cra_flags = CRYPTO_ALG_TYPE_SHASH, |
131 | .cra_blocksize = GHASH_BLOCK_SIZE, | |
132 | .cra_ctxsize = sizeof(struct ghash_ctx), | |
133 | .cra_module = THIS_MODULE, | |
df1309ce GS |
134 | }, |
135 | }; | |
136 | ||
137 | static int __init ghash_mod_init(void) | |
138 | { | |
69c0e360 | 139 | if (!cpacf_query_func(CPACF_KIMD, CPACF_KIMD_GHASH)) |
df1309ce GS |
140 | return -EOPNOTSUPP; |
141 | ||
142 | return crypto_register_shash(&ghash_alg); | |
143 | } | |
144 | ||
145 | static void __exit ghash_mod_exit(void) | |
146 | { | |
147 | crypto_unregister_shash(&ghash_alg); | |
148 | } | |
149 | ||
d05377c1 | 150 | module_cpu_feature_match(MSA, ghash_mod_init); |
df1309ce GS |
151 | module_exit(ghash_mod_exit); |
152 | ||
5d26a105 | 153 | MODULE_ALIAS_CRYPTO("ghash"); |
df1309ce GS |
154 | |
155 | MODULE_LICENSE("GPL"); | |
156 | MODULE_DESCRIPTION("GHASH Message Digest Algorithm, s390 implementation"); |