1// SPDX-License-Identifier: GPL-2.0
  2/*
  3 * Cryptographic API.
  4 *
  5 * s390 implementation of the GHASH algorithm for GCM (Galois/Counter Mode).
  6 *
  7 * Copyright IBM Corp. 2011
  8 * Author(s): Gerald Schaefer <gerald.schaefer@de.ibm.com>
  9 */
 10
 11#include <crypto/internal/hash.h>
 12#include <linux/module.h>
 13#include <linux/cpufeature.h>
 14#include <asm/cpacf.h>
 15
 16#define GHASH_BLOCK_SIZE	16
 17#define GHASH_DIGEST_SIZE	16
 18
 19struct ghash_ctx {
 20	u8 key[GHASH_BLOCK_SIZE];
 
 21};
 22
 23struct ghash_desc_ctx {
 24	u8 icv[GHASH_BLOCK_SIZE];
 25	u8 key[GHASH_BLOCK_SIZE];
 26	u8 buffer[GHASH_BLOCK_SIZE];
 27	u32 bytes;
 28};
 29
 30static int ghash_init(struct shash_desc *desc)
 31{
 32	struct ghash_desc_ctx *dctx = shash_desc_ctx(desc);
 33	struct ghash_ctx *ctx = crypto_shash_ctx(desc->tfm);
 34
 35	memset(dctx, 0, sizeof(*dctx));
 36	memcpy(dctx->key, ctx->key, GHASH_BLOCK_SIZE);
 37
 38	return 0;
 39}
 40
 41static int ghash_setkey(struct crypto_shash *tfm,
 42			const u8 *key, unsigned int keylen)
 43{
 44	struct ghash_ctx *ctx = crypto_shash_ctx(tfm);
 45
 46	if (keylen != GHASH_BLOCK_SIZE) {
 47		crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
 48		return -EINVAL;
 49	}
 50
 51	memcpy(ctx->key, key, GHASH_BLOCK_SIZE);
 
 52
 53	return 0;
 54}
 55
 56static int ghash_update(struct shash_desc *desc,
 57			 const u8 *src, unsigned int srclen)
 58{
 59	struct ghash_desc_ctx *dctx = shash_desc_ctx(desc);
 
 60	unsigned int n;
 61	u8 *buf = dctx->buffer;
 
 62
 63	if (dctx->bytes) {
 64		u8 *pos = buf + (GHASH_BLOCK_SIZE - dctx->bytes);
 65
 66		n = min(srclen, dctx->bytes);
 67		dctx->bytes -= n;
 68		srclen -= n;
 69
 70		memcpy(pos, src, n);
 71		src += n;
 72
 73		if (!dctx->bytes) {
 74			cpacf_kimd(CPACF_KIMD_GHASH, dctx, buf,
 75				   GHASH_BLOCK_SIZE);
 
 
 76		}
 77	}
 78
 79	n = srclen & ~(GHASH_BLOCK_SIZE - 1);
 80	if (n) {
 81		cpacf_kimd(CPACF_KIMD_GHASH, dctx, src, n);
 
 
 82		src += n;
 83		srclen -= n;
 84	}
 85
 86	if (srclen) {
 87		dctx->bytes = GHASH_BLOCK_SIZE - srclen;
 88		memcpy(buf, src, srclen);
 89	}
 90
 91	return 0;
 92}
 93
 94static int ghash_flush(struct ghash_desc_ctx *dctx)
 95{
 96	u8 *buf = dctx->buffer;
 
 97
 98	if (dctx->bytes) {
 99		u8 *pos = buf + (GHASH_BLOCK_SIZE - dctx->bytes);
100
101		memset(pos, 0, dctx->bytes);
102		cpacf_kimd(CPACF_KIMD_GHASH, dctx, buf, GHASH_BLOCK_SIZE);
103		dctx->bytes = 0;
 
 
104	}
105
 
106	return 0;
107}
108
109static int ghash_final(struct shash_desc *desc, u8 *dst)
110{
111	struct ghash_desc_ctx *dctx = shash_desc_ctx(desc);
 
112	int ret;
113
114	ret = ghash_flush(dctx);
115	if (!ret)
116		memcpy(dst, dctx->icv, GHASH_BLOCK_SIZE);
117	return ret;
118}
119
120static struct shash_alg ghash_alg = {
121	.digestsize	= GHASH_DIGEST_SIZE,
122	.init		= ghash_init,
123	.update		= ghash_update,
124	.final		= ghash_final,
125	.setkey		= ghash_setkey,
126	.descsize	= sizeof(struct ghash_desc_ctx),
127	.base		= {
128		.cra_name		= "ghash",
129		.cra_driver_name	= "ghash-s390",
130		.cra_priority		= 300,
 
131		.cra_blocksize		= GHASH_BLOCK_SIZE,
132		.cra_ctxsize		= sizeof(struct ghash_ctx),
133		.cra_module		= THIS_MODULE,
134	},
135};
136
137static int __init ghash_mod_init(void)
138{
139	if (!cpacf_query_func(CPACF_KIMD, CPACF_KIMD_GHASH))
140		return -ENODEV;
 
141
142	return crypto_register_shash(&ghash_alg);
143}
144
145static void __exit ghash_mod_exit(void)
146{
147	crypto_unregister_shash(&ghash_alg);
148}
149
150module_cpu_feature_match(MSA, ghash_mod_init);
151module_exit(ghash_mod_exit);
152
153MODULE_ALIAS_CRYPTO("ghash");
154
155MODULE_LICENSE("GPL");
156MODULE_DESCRIPTION("GHASH hash function, s390 implementation");

 
  1/*
  2 * Cryptographic API.
  3 *
  4 * s390 implementation of the GHASH algorithm for GCM (Galois/Counter Mode).
  5 *
  6 * Copyright IBM Corp. 2011
  7 * Author(s): Gerald Schaefer <gerald.schaefer@de.ibm.com>
  8 */
  9
 10#include <crypto/internal/hash.h>
 11#include <linux/module.h>
 12
 13#include "crypt_s390.h"
 14
 15#define GHASH_BLOCK_SIZE	16
 16#define GHASH_DIGEST_SIZE	16
 17
 18struct ghash_ctx {
 19	u8 icv[16];
 20	u8 key[16];
 21};
 22
 23struct ghash_desc_ctx {
 
 
 24	u8 buffer[GHASH_BLOCK_SIZE];
 25	u32 bytes;
 26};
 27
 28static int ghash_init(struct shash_desc *desc)
 29{
 30	struct ghash_desc_ctx *dctx = shash_desc_ctx(desc);
 
 31
 32	memset(dctx, 0, sizeof(*dctx));
 
 33
 34	return 0;
 35}
 36
 37static int ghash_setkey(struct crypto_shash *tfm,
 38			const u8 *key, unsigned int keylen)
 39{
 40	struct ghash_ctx *ctx = crypto_shash_ctx(tfm);
 41
 42	if (keylen != GHASH_BLOCK_SIZE) {
 43		crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
 44		return -EINVAL;
 45	}
 46
 47	memcpy(ctx->key, key, GHASH_BLOCK_SIZE);
 48	memset(ctx->icv, 0, GHASH_BLOCK_SIZE);
 49
 50	return 0;
 51}
 52
 53static int ghash_update(struct shash_desc *desc,
 54			 const u8 *src, unsigned int srclen)
 55{
 56	struct ghash_desc_ctx *dctx = shash_desc_ctx(desc);
 57	struct ghash_ctx *ctx = crypto_shash_ctx(desc->tfm);
 58	unsigned int n;
 59	u8 *buf = dctx->buffer;
 60	int ret;
 61
 62	if (dctx->bytes) {
 63		u8 *pos = buf + (GHASH_BLOCK_SIZE - dctx->bytes);
 64
 65		n = min(srclen, dctx->bytes);
 66		dctx->bytes -= n;
 67		srclen -= n;
 68
 69		memcpy(pos, src, n);
 70		src += n;
 71
 72		if (!dctx->bytes) {
 73			ret = crypt_s390_kimd(KIMD_GHASH, ctx, buf,
 74					      GHASH_BLOCK_SIZE);
 75			if (ret != GHASH_BLOCK_SIZE)
 76				return -EIO;
 77		}
 78	}
 79
 80	n = srclen & ~(GHASH_BLOCK_SIZE - 1);
 81	if (n) {
 82		ret = crypt_s390_kimd(KIMD_GHASH, ctx, src, n);
 83		if (ret != n)
 84			return -EIO;
 85		src += n;
 86		srclen -= n;
 87	}
 88
 89	if (srclen) {
 90		dctx->bytes = GHASH_BLOCK_SIZE - srclen;
 91		memcpy(buf, src, srclen);
 92	}
 93
 94	return 0;
 95}
 96
 97static int ghash_flush(struct ghash_ctx *ctx, struct ghash_desc_ctx *dctx)
 98{
 99	u8 *buf = dctx->buffer;
100	int ret;
101
102	if (dctx->bytes) {
103		u8 *pos = buf + (GHASH_BLOCK_SIZE - dctx->bytes);
104
105		memset(pos, 0, dctx->bytes);
106
107		ret = crypt_s390_kimd(KIMD_GHASH, ctx, buf, GHASH_BLOCK_SIZE);
108		if (ret != GHASH_BLOCK_SIZE)
109			return -EIO;
110	}
111
112	dctx->bytes = 0;
113	return 0;
114}
115
116static int ghash_final(struct shash_desc *desc, u8 *dst)
117{
118	struct ghash_desc_ctx *dctx = shash_desc_ctx(desc);
119	struct ghash_ctx *ctx = crypto_shash_ctx(desc->tfm);
120	int ret;
121
122	ret = ghash_flush(ctx, dctx);
123	if (!ret)
124		memcpy(dst, ctx->icv, GHASH_BLOCK_SIZE);
125	return ret;
126}
127
128static struct shash_alg ghash_alg = {
129	.digestsize	= GHASH_DIGEST_SIZE,
130	.init		= ghash_init,
131	.update		= ghash_update,
132	.final		= ghash_final,
133	.setkey		= ghash_setkey,
134	.descsize	= sizeof(struct ghash_desc_ctx),
135	.base		= {
136		.cra_name		= "ghash",
137		.cra_driver_name	= "ghash-s390",
138		.cra_priority		= CRYPT_S390_PRIORITY,
139		.cra_flags		= CRYPTO_ALG_TYPE_SHASH,
140		.cra_blocksize		= GHASH_BLOCK_SIZE,
141		.cra_ctxsize		= sizeof(struct ghash_ctx),
142		.cra_module		= THIS_MODULE,
143	},
144};
145
146static int __init ghash_mod_init(void)
147{
148	if (!crypt_s390_func_available(KIMD_GHASH,
149				       CRYPT_S390_MSA | CRYPT_S390_MSA4))
150		return -EOPNOTSUPP;
151
152	return crypto_register_shash(&ghash_alg);
153}
154
155static void __exit ghash_mod_exit(void)
156{
157	crypto_unregister_shash(&ghash_alg);
158}
159
160module_init(ghash_mod_init);
161module_exit(ghash_mod_exit);
162
163MODULE_ALIAS("ghash");
164
165MODULE_LICENSE("GPL");
166MODULE_DESCRIPTION("GHASH Message Digest Algorithm, s390 implementation");