aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGerald Schaefer <gerald.schaefer@de.ibm.com>2011-04-19 15:29:18 -0400
committerHerbert Xu <herbert@gondor.apana.org.au>2011-05-04 01:06:32 -0400
commitdf1309ce955a490eac6697a41159b43e24d35995 (patch)
treefd53613e37728e3774c3343bc31cbf7c6d983750
parent99d97222150a24e6096805530e141af94183b9a1 (diff)
crypto: s390 - add System z hardware support for GHASH
This patch adds System z hardware acceleration support for the GHASH algorithm for GCM (Galois/Counter Mode). The hardware support is available beginning with System z196. Signed-off-by: Jan Glauber <jang@linux.vnet.ibm.com> Signed-off-by: Gerald Schaefer <gerald.schaefer@de.ibm.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-rw-r--r--arch/s390/crypto/Makefile1
-rw-r--r--arch/s390/crypto/crypt_s390.h1
-rw-r--r--arch/s390/crypto/ghash_s390.c162
-rw-r--r--drivers/crypto/Kconfig10
4 files changed, 174 insertions, 0 deletions
diff --git a/arch/s390/crypto/Makefile b/arch/s390/crypto/Makefile
index 1cf81d77c5a5..7f0b7cda6259 100644
--- a/arch/s390/crypto/Makefile
+++ b/arch/s390/crypto/Makefile
@@ -8,3 +8,4 @@ obj-$(CONFIG_CRYPTO_SHA512_S390) += sha512_s390.o sha_common.o
8obj-$(CONFIG_CRYPTO_DES_S390) += des_s390.o 8obj-$(CONFIG_CRYPTO_DES_S390) += des_s390.o
9obj-$(CONFIG_CRYPTO_AES_S390) += aes_s390.o 9obj-$(CONFIG_CRYPTO_AES_S390) += aes_s390.o
10obj-$(CONFIG_S390_PRNG) += prng.o 10obj-$(CONFIG_S390_PRNG) += prng.o
11obj-$(CONFIG_CRYPTO_GHASH_S390) += ghash_s390.o
diff --git a/arch/s390/crypto/crypt_s390.h b/arch/s390/crypto/crypt_s390.h
index 7cbfaf080a59..eb2e39186b6b 100644
--- a/arch/s390/crypto/crypt_s390.h
+++ b/arch/s390/crypto/crypt_s390.h
@@ -91,6 +91,7 @@ enum crypt_s390_kimd_func {
91 KIMD_SHA_1 = CRYPT_S390_KIMD | 1, 91 KIMD_SHA_1 = CRYPT_S390_KIMD | 1,
92 KIMD_SHA_256 = CRYPT_S390_KIMD | 2, 92 KIMD_SHA_256 = CRYPT_S390_KIMD | 2,
93 KIMD_SHA_512 = CRYPT_S390_KIMD | 3, 93 KIMD_SHA_512 = CRYPT_S390_KIMD | 3,
94 KIMD_GHASH = CRYPT_S390_KIMD | 65,
94}; 95};
95 96
96/* 97/*
diff --git a/arch/s390/crypto/ghash_s390.c b/arch/s390/crypto/ghash_s390.c
new file mode 100644
index 000000000000..b1bd170f24b1
--- /dev/null
+++ b/arch/s390/crypto/ghash_s390.c
@@ -0,0 +1,162 @@
1/*
2 * Cryptographic API.
3 *
4 * s390 implementation of the GHASH algorithm for GCM (Galois/Counter Mode).
5 *
6 * Copyright IBM Corp. 2011
7 * Author(s): Gerald Schaefer <gerald.schaefer@de.ibm.com>
8 */
9
10#include <crypto/internal/hash.h>
11#include <linux/module.h>
12
13#include "crypt_s390.h"
14
15#define GHASH_BLOCK_SIZE 16
16#define GHASH_DIGEST_SIZE 16
17
18struct ghash_ctx {
19 u8 icv[16];
20 u8 key[16];
21};
22
23struct ghash_desc_ctx {
24 u8 buffer[GHASH_BLOCK_SIZE];
25 u32 bytes;
26};
27
28static int ghash_init(struct shash_desc *desc)
29{
30 struct ghash_desc_ctx *dctx = shash_desc_ctx(desc);
31
32 memset(dctx, 0, sizeof(*dctx));
33
34 return 0;
35}
36
37static int ghash_setkey(struct crypto_shash *tfm,
38 const u8 *key, unsigned int keylen)
39{
40 struct ghash_ctx *ctx = crypto_shash_ctx(tfm);
41
42 if (keylen != GHASH_BLOCK_SIZE) {
43 crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
44 return -EINVAL;
45 }
46
47 memcpy(ctx->key, key, GHASH_BLOCK_SIZE);
48 memset(ctx->icv, 0, GHASH_BLOCK_SIZE);
49
50 return 0;
51}
52
53static int ghash_update(struct shash_desc *desc,
54 const u8 *src, unsigned int srclen)
55{
56 struct ghash_desc_ctx *dctx = shash_desc_ctx(desc);
57 struct ghash_ctx *ctx = crypto_shash_ctx(desc->tfm);
58 unsigned int n;
59 u8 *buf = dctx->buffer;
60 int ret;
61
62 if (dctx->bytes) {
63 u8 *pos = buf + (GHASH_BLOCK_SIZE - dctx->bytes);
64
65 n = min(srclen, dctx->bytes);
66 dctx->bytes -= n;
67 srclen -= n;
68
69 memcpy(pos, src, n);
70 src += n;
71
72 if (!dctx->bytes) {
73 ret = crypt_s390_kimd(KIMD_GHASH, ctx, buf,
74 GHASH_BLOCK_SIZE);
75 BUG_ON(ret != GHASH_BLOCK_SIZE);
76 }
77 }
78
79 n = srclen & ~(GHASH_BLOCK_SIZE - 1);
80 if (n) {
81 ret = crypt_s390_kimd(KIMD_GHASH, ctx, src, n);
82 BUG_ON(ret != n);
83 src += n;
84 srclen -= n;
85 }
86
87 if (srclen) {
88 dctx->bytes = GHASH_BLOCK_SIZE - srclen;
89 memcpy(buf, src, srclen);
90 }
91
92 return 0;
93}
94
95static void ghash_flush(struct ghash_ctx *ctx, struct ghash_desc_ctx *dctx)
96{
97 u8 *buf = dctx->buffer;
98 int ret;
99
100 if (dctx->bytes) {
101 u8 *pos = buf + (GHASH_BLOCK_SIZE - dctx->bytes);
102
103 memset(pos, 0, dctx->bytes);
104
105 ret = crypt_s390_kimd(KIMD_GHASH, ctx, buf, GHASH_BLOCK_SIZE);
106 BUG_ON(ret != GHASH_BLOCK_SIZE);
107 }
108
109 dctx->bytes = 0;
110}
111
112static int ghash_final(struct shash_desc *desc, u8 *dst)
113{
114 struct ghash_desc_ctx *dctx = shash_desc_ctx(desc);
115 struct ghash_ctx *ctx = crypto_shash_ctx(desc->tfm);
116
117 ghash_flush(ctx, dctx);
118 memcpy(dst, ctx->icv, GHASH_BLOCK_SIZE);
119
120 return 0;
121}
122
123static struct shash_alg ghash_alg = {
124 .digestsize = GHASH_DIGEST_SIZE,
125 .init = ghash_init,
126 .update = ghash_update,
127 .final = ghash_final,
128 .setkey = ghash_setkey,
129 .descsize = sizeof(struct ghash_desc_ctx),
130 .base = {
131 .cra_name = "ghash",
132 .cra_driver_name = "ghash-s390",
133 .cra_priority = CRYPT_S390_PRIORITY,
134 .cra_flags = CRYPTO_ALG_TYPE_SHASH,
135 .cra_blocksize = GHASH_BLOCK_SIZE,
136 .cra_ctxsize = sizeof(struct ghash_ctx),
137 .cra_module = THIS_MODULE,
138 .cra_list = LIST_HEAD_INIT(ghash_alg.base.cra_list),
139 },
140};
141
142static int __init ghash_mod_init(void)
143{
144 if (!crypt_s390_func_available(KIMD_GHASH,
145 CRYPT_S390_MSA | CRYPT_S390_MSA4))
146 return -EOPNOTSUPP;
147
148 return crypto_register_shash(&ghash_alg);
149}
150
151static void __exit ghash_mod_exit(void)
152{
153 crypto_unregister_shash(&ghash_alg);
154}
155
156module_init(ghash_mod_init);
157module_exit(ghash_mod_exit);
158
159MODULE_ALIAS("ghash");
160
161MODULE_LICENSE("GPL");
162MODULE_DESCRIPTION("GHASH Message Digest Algorithm, s390 implementation");
diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig
index 78df36adbe6c..d459cc7894d9 100644
--- a/drivers/crypto/Kconfig
+++ b/drivers/crypto/Kconfig
@@ -151,6 +151,16 @@ config S390_PRNG
151 ANSI X9.17 standard. The PRNG is usable via the char device 151 ANSI X9.17 standard. The PRNG is usable via the char device
152 /dev/prandom. 152 /dev/prandom.
153 153
154config CRYPTO_GHASH_S390
155 tristate "GHASH digest algorithm"
156 depends on S390
157 select CRYPTO_HASH
158 help
159 This is the s390 hardware accelerated implementation of the
160 GHASH message digest algorithm for GCM (Galois/Counter Mode).
161
162 It is available as of z196.
163
154config CRYPTO_DEV_MV_CESA 164config CRYPTO_DEV_MV_CESA
155 tristate "Marvell's Cryptographic Engine" 165 tristate "Marvell's Cryptographic Engine"
156 depends on PLAT_ORION 166 depends on PLAT_ORION