From patchwork Wed Jan 15 16:22:27 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Harald Freudenberger X-Patchwork-Id: 13940616 X-Patchwork-Delegate: herbert@gondor.apana.org.au Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2025F14D2B9; Wed, 15 Jan 2025 16:22:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.158.5 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736958160; cv=none; b=qjLVmcInTwlnniFfMmLtgeFDafb4jNEFXZjZA5/gj29K6hwHxY/+TGH7rF5zj2AIUizWewgfqJvsBtMq3YAhZrIXHlR9BFc8lLoO7jOsBq/xBK5ZvUe7kZqdk/ENDyFN3Ao5Ns3b+xybFgh56b2q78m1gG2FBhaiKbUqb5gx+r8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736958160; c=relaxed/simple; bh=ADFRSAzm+tOB1BuB5MVG+obXR3rDsoHWpt6GfHSel0Y=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=NLocQ1lmI3xkyJ0+MU/Awcyn2BREGW7EelCdUPFZxq70dweM4TupE+stzQceVD1zrkEmJ+b1bKVPLAc5PO1CM42+3eBKwnejub10jH/rTJquKj8geKxIGqCN4K1jFAv7CXBYK91c13bclaxm11jb5wt12xfVkArjCNAHb9PJsCc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=nfch8q12; arc=none smtp.client-ip=148.163.158.5 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="nfch8q12" Received: from pps.filterd (m0360072.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 50FGK98k025951; Wed, 15 Jan 2025 16:22:35 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=zqw2cRGCyNuHDcmTc mmMEA0nDM95Ca6wVjUxbwztkD0=; b=nfch8q12uY7P2zqM/vX+xP2NSN7GrMDoK ViGe+rl95UbtP7NDL+6OwzA9me/CU6SOh2lapjAme5lC7pUtLHxQ15c0CgZJyGb2 TefT45UuhVjgkUOqbNgiZQdcJctBKomhBQ7jR1K+GLh7vcwFmJt+KqogrLgPyr1K XODZdaXifUwJE5zZkYRGsgONJT7MXe5VPD7SJx8kK3WBZqa6xKNhCAEtg9VRSVBp giqDgXbJIFRaA6OGyGrqF+RRF8gVBiVDdP4gjV4GKALsDoaIGkxl2CV88laMHTV3 EH6k9rNoyVCUCfWTrTjJM7Ee+9E9I6V8WIRa7Kz0E5hYJH6YWfqtg== Received: from ppma11.dal12v.mail.ibm.com (db.9e.1632.ip4.static.sl-reverse.com [50.22.158.219]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4469732ata-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 15 Jan 2025 16:22:35 +0000 (GMT) Received: from pps.filterd (ppma11.dal12v.mail.ibm.com [127.0.0.1]) by ppma11.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 50FFW6C9016512; Wed, 15 Jan 2025 16:22:34 GMT Received: from smtprelay06.fra02v.mail.ibm.com ([9.218.2.230]) by ppma11.dal12v.mail.ibm.com (PPS) with ESMTPS id 4445p1rwdf-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 15 Jan 2025 16:22:34 +0000 Received: from smtpav06.fra02v.mail.ibm.com (smtpav06.fra02v.mail.ibm.com [10.20.54.105]) by smtprelay06.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 50FGMWbf14090656 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 15 Jan 2025 16:22:32 GMT Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C354A20040; Wed, 15 Jan 2025 16:22:32 +0000 (GMT) Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 77FB12004D; Wed, 15 Jan 2025 16:22:32 +0000 (GMT) Received: from funtu2.fritz.box?044ibm.com (unknown [9.171.28.131]) by smtpav06.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 15 Jan 2025 16:22:32 +0000 (GMT) From: Harald Freudenberger To: herbert@gondor.apana.org.au, davem@davemloft.net, dengler@linux.ibm.com Cc: linux-s390@vger.kernel.org, linux-crypto@vger.kernel.org Subject: [PATCH v10 1/5] s390/crypto: Add protected key hmac subfunctions for KMAC Date: Wed, 15 Jan 2025 17:22:27 +0100 Message-ID: <20250115162231.83516-2-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250115162231.83516-1-freude@linux.ibm.com> References: <20250115162231.83516-1-freude@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: EiR_98JeJGFiiNKA89paq8DmeeuM1upA X-Proofpoint-GUID: EiR_98JeJGFiiNKA89paq8DmeeuM1upA X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1057,Hydra:6.0.680,FMLib:17.12.68.34 definitions=2025-01-15_07,2025-01-15_02,2024-11-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 bulkscore=0 malwarescore=0 adultscore=0 priorityscore=1501 phishscore=0 clxscore=1015 suspectscore=0 spamscore=0 impostorscore=0 lowpriorityscore=0 mlxlogscore=590 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2411120000 definitions=main-2501150119 From: Holger Dengler The CPACF KMAC instruction supports new subfunctions for protected key hmac. Add defines for these 4 new subfuctions. Signed-off-by: Holger Dengler Signed-off-by: Harald Freudenberger --- arch/s390/include/asm/cpacf.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/s390/include/asm/cpacf.h b/arch/s390/include/asm/cpacf.h index 59ab1192e2d5..0468dd5c4690 100644 --- a/arch/s390/include/asm/cpacf.h +++ b/arch/s390/include/asm/cpacf.h @@ -129,6 +129,10 @@ #define CPACF_KMAC_HMAC_SHA_256 0x71 #define CPACF_KMAC_HMAC_SHA_384 0x72 #define CPACF_KMAC_HMAC_SHA_512 0x73 +#define CPACF_KMAC_PHMAC_SHA_224 0x78 +#define CPACF_KMAC_PHMAC_SHA_256 0x79 +#define CPACF_KMAC_PHMAC_SHA_384 0x7a +#define CPACF_KMAC_PHMAC_SHA_512 0x7b /* * Function codes for the PCKMO (PERFORM CRYPTOGRAPHIC KEY MANAGEMENT) From patchwork Wed Jan 15 16:22:28 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Harald Freudenberger X-Patchwork-Id: 13940620 X-Patchwork-Delegate: herbert@gondor.apana.org.au Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CD89F152E0C; Wed, 15 Jan 2025 16:22:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.158.5 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736958162; cv=none; b=VxGI4ggD5MZDo/2tOCPM/OTgyjDrqAFjQTrAbOHvHmPAfQC2AfDbvyT/HejtKPxplk+232JHmDjlJrP9zZQ/8jh/Sii3OnWG/MQ0f8vejH7NxO1DpD41hXHT8m9dWTao1TjeSqLHWIJhsFQvsKDQUAeIGLbzXZechXHlokbOG4U= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736958162; c=relaxed/simple; bh=vgmgYLOBPnEbpUEyKnRCw3aRJjuZbCI1ZfB9GMYBTho=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ft7lga6o6P4BEY0Jl2ha3D5w4LIiTGpLVqBPtas42EulgSMK7eVEtsT+TkTOSYOvQmtNWYXm4XVfBIstokxjEjAepgxp8hOR3Ggxl936xbv+2b3WfUDbkB7mInCwnyAXddzw5SGek1bIOWaY+SISttgyaiMKBT/vjbSvKnGdtsY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=VK03Ii0P; arc=none smtp.client-ip=148.163.158.5 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="VK03Ii0P" Received: from pps.filterd (m0360072.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 50FGK9fg026061; Wed, 15 Jan 2025 16:22:36 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=oOrZr22BEwbcRes2u BZtbBOeQ8uYxXObtZIBxCWrVIs=; b=VK03Ii0PExuVrxD4x6+EFibMqnARzQRJd W64XEvw37myDvM3iA/B1eGESKPJ6NfNLTG3a6uyJo7Y0gNSM09VbTEjuT3D5FNOt j4aC/xRPXQdpF6DEWun/HrUR1NlCP/kSGOErmtVAbWRBD8dJ7NT91/G9jwBMY5/F PUU841l+L8UZ95IZCHXaMY9miTAMmzQRWoOsLvaOPy61dn5MAeGFNe2FWXIg/otk oCpI8M6TfQpqLtjugj90CbST1GXCazd6N5nXLNV+1cwssPZ89V2lHKkxe7jGwSDr xzypLfLz9IwCK28UDw8+7+1TzJlgSseJkVmR6WscIB7BEEt2BddHw== Received: from ppma23.wdc07v.mail.ibm.com (5d.69.3da9.ip4.static.sl-reverse.com [169.61.105.93]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4469732ate-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 15 Jan 2025 16:22:36 +0000 (GMT) Received: from pps.filterd (ppma23.wdc07v.mail.ibm.com [127.0.0.1]) by ppma23.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 50FEVMuq017359; Wed, 15 Jan 2025 16:22:35 GMT Received: from smtprelay01.fra02v.mail.ibm.com ([9.218.2.227]) by ppma23.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4444fk965e-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 15 Jan 2025 16:22:35 +0000 Received: from smtpav06.fra02v.mail.ibm.com (smtpav06.fra02v.mail.ibm.com [10.20.54.105]) by smtprelay01.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 50FGMXIe56558008 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 15 Jan 2025 16:22:33 GMT Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 30D3C20040; Wed, 15 Jan 2025 16:22:33 +0000 (GMT) Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D1B2C20049; Wed, 15 Jan 2025 16:22:32 +0000 (GMT) Received: from funtu2.fritz.box?044ibm.com (unknown [9.171.28.131]) by smtpav06.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 15 Jan 2025 16:22:32 +0000 (GMT) From: Harald Freudenberger To: herbert@gondor.apana.org.au, davem@davemloft.net, dengler@linux.ibm.com Cc: linux-s390@vger.kernel.org, linux-crypto@vger.kernel.org Subject: [PATCH v10 2/5] s390/crypto: New s390 specific protected key hash phmac Date: Wed, 15 Jan 2025 17:22:28 +0100 Message-ID: <20250115162231.83516-3-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250115162231.83516-1-freude@linux.ibm.com> References: <20250115162231.83516-1-freude@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: GOEnZ4bJcBAgFLFsS8veS4doic0x5ygD X-Proofpoint-GUID: GOEnZ4bJcBAgFLFsS8veS4doic0x5ygD X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1057,Hydra:6.0.680,FMLib:17.12.68.34 definitions=2025-01-15_07,2025-01-15_02,2024-11-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 bulkscore=0 malwarescore=0 adultscore=0 priorityscore=1501 phishscore=0 clxscore=1015 suspectscore=0 spamscore=0 impostorscore=0 lowpriorityscore=0 mlxlogscore=999 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2411120000 definitions=main-2501150119 Add support for protected key hmac ("phmac") for s390 arch. With the latest machine generation there is now support for protected key (that is a key wrapped by a master key stored in firmware) hmac for sha2 (sha224, sha256, sha384 and sha512) for the s390 specific CPACF instruction kmac. This patch adds support via 4 new ahashes registered as phmac(sha224), phmac(sha256), phmac(sha384) and phmac(sha512). Co-developed-by: Holger Dengler Signed-off-by: Holger Dengler Signed-off-by: Harald Freudenberger --- arch/s390/configs/debug_defconfig | 1 + arch/s390/configs/defconfig | 1 + arch/s390/crypto/Makefile | 1 + arch/s390/crypto/phmac_s390.c | 852 ++++++++++++++++++++++++++++++ drivers/crypto/Kconfig | 12 + 5 files changed, 867 insertions(+) create mode 100644 arch/s390/crypto/phmac_s390.c diff --git a/arch/s390/configs/debug_defconfig b/arch/s390/configs/debug_defconfig index d8d227ab82de..c857618087fe 100644 --- a/arch/s390/configs/debug_defconfig +++ b/arch/s390/configs/debug_defconfig @@ -813,6 +813,7 @@ CONFIG_PKEY_EP11=m CONFIG_PKEY_PCKMO=m CONFIG_PKEY_UV=m CONFIG_CRYPTO_PAES_S390=m +CONFIG_CRYPTO_PHMAC_S390=m CONFIG_CRYPTO_DEV_VIRTIO=m CONFIG_SYSTEM_BLACKLIST_KEYRING=y CONFIG_CORDIC=m diff --git a/arch/s390/configs/defconfig b/arch/s390/configs/defconfig index 6c2f2bb4fbf8..94bde39967a5 100644 --- a/arch/s390/configs/defconfig +++ b/arch/s390/configs/defconfig @@ -800,6 +800,7 @@ CONFIG_PKEY_EP11=m CONFIG_PKEY_PCKMO=m CONFIG_PKEY_UV=m CONFIG_CRYPTO_PAES_S390=m +CONFIG_CRYPTO_PHMAC_S390=m CONFIG_CRYPTO_DEV_VIRTIO=m CONFIG_SYSTEM_BLACKLIST_KEYRING=y CONFIG_CORDIC=m diff --git a/arch/s390/crypto/Makefile b/arch/s390/crypto/Makefile index a0cb96937c3d..47637140b95c 100644 --- a/arch/s390/crypto/Makefile +++ b/arch/s390/crypto/Makefile @@ -16,6 +16,7 @@ obj-$(CONFIG_S390_PRNG) += prng.o obj-$(CONFIG_CRYPTO_GHASH_S390) += ghash_s390.o obj-$(CONFIG_CRYPTO_CRC32_S390) += crc32-vx_s390.o obj-$(CONFIG_CRYPTO_HMAC_S390) += hmac_s390.o +obj-$(CONFIG_CRYPTO_PHMAC_S390) += phmac_s390.o obj-y += arch_random.o crc32-vx_s390-y := crc32-vx.o crc32le-vx.o crc32be-vx.o diff --git a/arch/s390/crypto/phmac_s390.c b/arch/s390/crypto/phmac_s390.c new file mode 100644 index 000000000000..b2b389e94a37 --- /dev/null +++ b/arch/s390/crypto/phmac_s390.c @@ -0,0 +1,852 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright IBM Corp. 2024 + * + * s390 specific HMAC support for protected keys. + */ + +#define KMSG_COMPONENT "phmac_s390" +#define pr_fmt(fmt) KMSG_COMPONENT ": " fmt + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* + * KMAC param block layout for sha2 function codes: + * The layout of the param block for the KMAC instruction depends on the + * blocksize of the used hashing sha2-algorithm function codes. The param block + * contains the hash chaining value (cv), the input message bit-length (imbl) + * and the hmac-secret (key). To prevent code duplication, the sizes of all + * these are calculated based on the blocksize. + * + * param-block: + * +-------+ + * | cv | + * +-------+ + * | imbl | + * +-------+ + * | key | + * +-------+ + * + * sizes: + * part | sh2-alg | calculation | size | type + * -----+---------+-------------+------+-------- + * cv | 224/256 | blocksize/2 | 32 | u64[8] + * | 384/512 | | 64 | u128[8] + * imbl | 224/256 | blocksize/8 | 8 | u64 + * | 384/512 | | 16 | u128 + * key | 224/256 | blocksize | 96 | u8[96] + * | 384/512 | | 160 | u8[160] + */ + +#define MAX_DIGEST_SIZE SHA512_DIGEST_SIZE +#define MAX_IMBL_SIZE sizeof(u128) +#define MAX_BLOCK_SIZE SHA512_BLOCK_SIZE + +#define SHA2_CV_SIZE(bs) ((bs) >> 1) +#define SHA2_IMBL_SIZE(bs) ((bs) >> 3) + +#define SHA2_IMBL_OFFSET(bs) (SHA2_CV_SIZE(bs)) +#define SHA2_KEY_OFFSET(bs) (SHA2_CV_SIZE(bs) + SHA2_IMBL_SIZE(bs)) + +#define PHMAC_SHA256_KEY_SIZE (SHA256_BLOCK_SIZE + 32) +#define PHMAC_SHA512_KEY_SIZE (SHA512_BLOCK_SIZE + 32) +#define PHMAC_MAX_KEY_SIZE PHMAC_SHA512_KEY_SIZE + +struct phmac_protkey { + u32 type; + u32 len; + u8 protkey[PHMAC_MAX_KEY_SIZE]; +}; + +#define PK_STATE_NO_KEY 0 +#define PK_STATE_NEEDS_CONVERT 1 +#define PK_STATE_CONVERT_IN_PROGRESS 2 +#define PK_STATE_VALID 3 + +struct s390_phmac_ctx { + u8 *key; + unsigned int keylen; + + /* the work struct for asynch key convert */ + struct delayed_work work; + + /* spinlock to atomic read/update the following fields */ + spinlock_t pk_lock; + /* see PK_STATE* defines above, < 0 holds convert failure rc */ + int pk_state; + /* if state is valid, pk holds the protected key */ + struct phmac_protkey pk; +}; + +union s390_kmac_gr0 { + unsigned long reg; + struct { + unsigned long : 48; + unsigned long ikp : 1; + unsigned long iimp : 1; + unsigned long ccup : 1; + unsigned long : 6; + unsigned long fc : 7; + }; +}; + +struct s390_kmac_sha2_ctx { + u8 param[MAX_DIGEST_SIZE + MAX_IMBL_SIZE + PHMAC_MAX_KEY_SIZE]; + union s390_kmac_gr0 gr0; + u8 buf[MAX_BLOCK_SIZE]; + unsigned int buflen; +}; + +struct s390_phmac_req_ctx { + struct delayed_work work; + struct ahash_request *req; + struct s390_kmac_sha2_ctx sha2_ctx; +}; + +/* + * kmac_sha2_set_imbl - sets the input message bit-length based on the blocksize + */ +static inline void kmac_sha2_set_imbl(u8 *param, unsigned int buflen, + unsigned int blocksize) +{ + u8 *imbl = param + SHA2_IMBL_OFFSET(blocksize); + + switch (blocksize) { + case SHA256_BLOCK_SIZE: + *(u64 *)imbl = (u64)buflen * BITS_PER_BYTE; + break; + case SHA512_BLOCK_SIZE: + *(u128 *)imbl = (u128)buflen * BITS_PER_BYTE; + break; + default: + break; + } +} + +/* + * Convert the raw key material into a protected key via PKEY api. + * This function may sleep - don't call in non-sleeping context. + */ +static int phmac_convert_key(struct s390_phmac_ctx *tfm_ctx) +{ + struct phmac_protkey pk; + int i, rc; + + pk.len = sizeof(pk.protkey); + + /* try three times in case of busy card */ + for (rc = -EIO, i = 0; rc && i < 3; i++) { + if (rc == -EBUSY && msleep_interruptible((1 << i) * 100)) { + rc = -EINTR; + goto out; + } + rc = pkey_key2protkey(tfm_ctx->key, tfm_ctx->keylen, + pk.protkey, &pk.len, &pk.type); + } + if (rc) + goto out; + + spin_lock_bh(&tfm_ctx->pk_lock); + tfm_ctx->pk = pk; + tfm_ctx->pk_state = PK_STATE_VALID; + spin_unlock_bh(&tfm_ctx->pk_lock); + + memzero_explicit(&pk, sizeof(pk)); + +out: + pr_debug("rc=%d\n", rc); + return rc; +} + +static void phmac_wq_convert_key_fn(struct work_struct *work) +{ + struct delayed_work *dwork = to_delayed_work(work); + struct s390_phmac_ctx *tfm_ctx = + container_of(dwork, struct s390_phmac_ctx, work); + int rc; + + rc = phmac_convert_key(tfm_ctx); + pr_debug("asynch convert done, rc=%d\n", rc); +} + +static int phmac_init(struct crypto_ahash *tfm, + struct s390_kmac_sha2_ctx *ctx, + bool maysleep) +{ + struct s390_phmac_ctx *tfm_ctx = crypto_ahash_ctx(tfm); + unsigned int ds = crypto_ahash_digestsize(tfm); + unsigned int bs = crypto_ahash_blocksize(tfm); + int i, rc, pk_state; + + spin_lock_bh(&tfm_ctx->pk_lock); + pk_state = tfm_ctx->pk_state; + spin_unlock_bh(&tfm_ctx->pk_lock); + + switch (pk_state) { + case PK_STATE_NO_KEY: + return -ENOKEY; + case PK_STATE_NEEDS_CONVERT: + if (!maysleep) + return -EKEYEXPIRED; + rc = phmac_convert_key(tfm_ctx); + if (rc) + return rc; + break; + case PK_STATE_CONVERT_IN_PROGRESS: + if (!maysleep) + return -EKEYEXPIRED; + for (i = 0; pk_state != PK_STATE_VALID && i < 3; i++) { + if (msleep_interruptible((1 << i) * 100)) + return -EINTR; + spin_lock_bh(&tfm_ctx->pk_lock); + pk_state = tfm_ctx->pk_state; + spin_unlock_bh(&tfm_ctx->pk_lock); + } + if (pk_state != PK_STATE_VALID) + return -EKEYEXPIRED; + break; + case PK_STATE_VALID: + break; + default: + return pk_state < 0 ? pk_state : -EIO; + } + + /* pk is valid, prepare the sha2 context */ + + spin_lock_bh(&tfm_ctx->pk_lock); + memcpy(ctx->param + SHA2_KEY_OFFSET(bs), + tfm_ctx->pk.protkey, tfm_ctx->pk.len); + spin_unlock_bh(&tfm_ctx->pk_lock); + + ctx->buflen = 0; + ctx->gr0.reg = 0; + + /* set function code, check for valid protected key type */ + rc = 0; + switch (ds) { + case SHA224_DIGEST_SIZE: + ctx->gr0.fc = CPACF_KMAC_PHMAC_SHA_224; + if (tfm_ctx->pk.type != PKEY_KEYTYPE_HMAC_512) + rc = -EINVAL; + break; + case SHA256_DIGEST_SIZE: + ctx->gr0.fc = CPACF_KMAC_PHMAC_SHA_256; + if (tfm_ctx->pk.type != PKEY_KEYTYPE_HMAC_512) + rc = -EINVAL; + break; + case SHA384_DIGEST_SIZE: + ctx->gr0.fc = CPACF_KMAC_PHMAC_SHA_384; + if (tfm_ctx->pk.type != PKEY_KEYTYPE_HMAC_1024) + rc = -EINVAL; + break; + case SHA512_DIGEST_SIZE: + ctx->gr0.fc = CPACF_KMAC_PHMAC_SHA_512; + if (tfm_ctx->pk.type != PKEY_KEYTYPE_HMAC_1024) + rc = -EINVAL; + break; + default: + rc = -EINVAL; + } + + return rc; +} + +static void phmac_wq_init_fn(struct work_struct *work) +{ + struct delayed_work *dwork = to_delayed_work(work); + struct s390_phmac_req_ctx *req_ctx = + container_of(dwork, struct s390_phmac_req_ctx, work); + struct ahash_request *req = req_ctx->req; + struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); + struct s390_kmac_sha2_ctx *ctx = &req_ctx->sha2_ctx; + int rc; + + rc = phmac_init(tfm, ctx, true); + + pr_debug("req complete with rc=%d\n", rc); + local_bh_disable(); + ahash_request_complete(req, rc); + local_bh_enable(); +} + +static int s390_phmac_init(struct ahash_request *req) +{ + struct s390_phmac_req_ctx *req_ctx = ahash_request_ctx(req); + struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); + struct s390_kmac_sha2_ctx *ctx = &req_ctx->sha2_ctx; + int rc; + + /* + * First try synchronous. If this fails for any reason + * schedule this request asynchronous via workqueue. + */ + + rc = phmac_init(tfm, ctx, false); + if (!rc) + goto out; + + req_ctx->req = req; + INIT_DELAYED_WORK(&req_ctx->work, phmac_wq_init_fn); + schedule_delayed_work(&req_ctx->work, 0); + rc = -EINPROGRESS; + +out: + pr_debug("rc=%d\n", rc); + return rc; +} + +static int phmac_update(struct crypto_ahash *tfm, + struct s390_kmac_sha2_ctx *ctx, + const u8 *data, unsigned int len, + bool maysleep) +{ + struct s390_phmac_ctx *tfm_ctx = crypto_ahash_ctx(tfm); + unsigned int bs = crypto_ahash_blocksize(tfm); + unsigned int offset, n, k; + int rc; + + /* check current buffer */ + offset = ctx->buflen % bs; + ctx->buflen += len; + if (offset + len < bs) + goto store; + + /* process one stored block */ + if (offset) { + n = bs - offset; + memcpy(ctx->buf + offset, data, n); + ctx->gr0.iimp = 1; + for (k = bs;;) { + k -= _cpacf_kmac(&ctx->gr0.reg, ctx->param, + ctx->buf + bs - k, k); + if (likely(!k)) + break; + if (!maysleep) + return -EKEYEXPIRED; + rc = phmac_convert_key(tfm_ctx); + if (rc) + return rc; + spin_lock_bh(&tfm_ctx->pk_lock); + memcpy(ctx->param + SHA2_KEY_OFFSET(bs), + tfm_ctx->pk.protkey, tfm_ctx->pk.len); + spin_unlock_bh(&tfm_ctx->pk_lock); + } + data += n; + len -= n; + offset = 0; + } + + /* process as many blocks as possible */ + if (len >= bs) { + n = (len / bs) * bs; + ctx->gr0.iimp = 1; + for (k = n;;) { + k -= _cpacf_kmac(&ctx->gr0.reg, ctx->param, + data + n - k, k); + if (likely(!k)) + break; + if (!maysleep) + return -EKEYEXPIRED; + rc = phmac_convert_key(tfm_ctx); + if (rc) + return rc; + spin_lock_bh(&tfm_ctx->pk_lock); + memcpy(ctx->param + SHA2_KEY_OFFSET(bs), + tfm_ctx->pk.protkey, tfm_ctx->pk.len); + spin_unlock_bh(&tfm_ctx->pk_lock); + } + data += n; + len -= n; + } + +store: + /* store incomplete block in buffer */ + if (len) + memcpy(ctx->buf + offset, data, len); + + return 0; +} + +static void phmac_wq_update_fn(struct work_struct *work) +{ + struct delayed_work *dwork = to_delayed_work(work); + struct s390_phmac_req_ctx *req_ctx = + container_of(dwork, struct s390_phmac_req_ctx, work); + struct ahash_request *req = req_ctx->req; + struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); + struct s390_kmac_sha2_ctx *ctx = &req_ctx->sha2_ctx; + struct crypto_hash_walk walk; + int nbytes, rc = 0; + + for (nbytes = crypto_hash_walk_first(req, &walk); nbytes > 0; + nbytes = crypto_hash_walk_done(&walk, 0)) { + rc = phmac_update(tfm, ctx, walk.data, nbytes, true); + if (rc) { + crypto_hash_walk_done(&walk, rc); + break; + } + } + + pr_debug("req complete with rc=%d\n", rc); + local_bh_disable(); + ahash_request_complete(req, rc); + local_bh_enable(); +} + +static int s390_phmac_update(struct ahash_request *req) +{ + struct s390_phmac_req_ctx *req_ctx = ahash_request_ctx(req); + struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); + struct s390_kmac_sha2_ctx *ctx = &req_ctx->sha2_ctx; + struct s390_kmac_sha2_ctx ctx_backup; + struct crypto_hash_walk walk; + int nbytes, rc = 0; + + /* + * First try synchronous. If this fails for any reason + * schedule this request asynchronous via workqueue. + */ + + memcpy(&ctx_backup, ctx, sizeof(*ctx)); + + for (nbytes = crypto_hash_walk_first(req, &walk); nbytes > 0; + nbytes = crypto_hash_walk_done(&walk, 0)) { + rc = phmac_update(tfm, ctx, walk.data, nbytes, false); + if (rc) { + crypto_hash_walk_done(&walk, rc); + break; + } + } + if (!rc) + goto out; + + memcpy(ctx, &ctx_backup, sizeof(*ctx)); + + req_ctx->req = req; + INIT_DELAYED_WORK(&req_ctx->work, phmac_wq_update_fn); + schedule_delayed_work(&req_ctx->work, 0); + rc = -EINPROGRESS; + +out: + pr_debug("rc=%d\n", rc); + return rc; +} + +static int phmac_final(struct crypto_ahash *tfm, + struct s390_kmac_sha2_ctx *ctx, + unsigned char *result, + bool maysleep) +{ + struct s390_phmac_ctx *tfm_ctx = crypto_ahash_ctx(tfm); + unsigned int ds = crypto_ahash_digestsize(tfm); + unsigned int bs = crypto_ahash_blocksize(tfm); + unsigned int n, k; + int rc; + + n = ctx->buflen % bs; + ctx->gr0.iimp = 0; + kmac_sha2_set_imbl(ctx->param, ctx->buflen, bs); + for (k = n;;) { + k -= _cpacf_kmac(&ctx->gr0.reg, ctx->param, + ctx->buf + n - k, k); + if (likely(!k)) + break; + if (!maysleep) + return -EKEYEXPIRED; + rc = phmac_convert_key(tfm_ctx); + if (rc) + return rc; + spin_lock_bh(&tfm_ctx->pk_lock); + memcpy(ctx->param + SHA2_KEY_OFFSET(bs), + tfm_ctx->pk.protkey, tfm_ctx->pk.len); + spin_unlock_bh(&tfm_ctx->pk_lock); + } + + memcpy(result, ctx->param, ds); + + return 0; +} + +static void phmac_wq_final_fn(struct work_struct *work) +{ + struct delayed_work *dwork = to_delayed_work(work); + struct s390_phmac_req_ctx *req_ctx = + container_of(dwork, struct s390_phmac_req_ctx, work); + struct ahash_request *req = req_ctx->req; + struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); + struct s390_kmac_sha2_ctx *ctx = &req_ctx->sha2_ctx; + int rc; + + rc = phmac_final(tfm, ctx, req->result, true); + + pr_debug("req complete with rc=%d\n", rc); + local_bh_disable(); + ahash_request_complete(req, rc); + local_bh_enable(); +} + +static int s390_phmac_final(struct ahash_request *req) +{ + struct s390_phmac_req_ctx *req_ctx = ahash_request_ctx(req); + struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); + struct s390_kmac_sha2_ctx *ctx = &req_ctx->sha2_ctx; + struct s390_kmac_sha2_ctx ctx_backup; + int rc; + + /* + * First try synchronous. If this fails for any reason + * schedule this request asynchronous via workqueue. + */ + + memcpy(&ctx_backup, ctx, sizeof(*ctx)); + + rc = phmac_final(tfm, ctx, req->result, false); + if (!rc) + goto out; + + memcpy(ctx, &ctx_backup, sizeof(*ctx)); + + req_ctx->req = req; + INIT_DELAYED_WORK(&req_ctx->work, phmac_wq_final_fn); + schedule_delayed_work(&req_ctx->work, 0); + rc = -EINPROGRESS; + +out: + pr_debug("rc=%d\n", rc); + return rc; +} + +static void phmac_wq_finup_fn(struct work_struct *work) +{ + struct delayed_work *dwork = to_delayed_work(work); + struct s390_phmac_req_ctx *req_ctx = + container_of(dwork, struct s390_phmac_req_ctx, work); + struct ahash_request *req = req_ctx->req; + struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); + struct s390_kmac_sha2_ctx *ctx = &req_ctx->sha2_ctx; + struct crypto_hash_walk walk; + int nbytes, rc = 0; + + for (nbytes = crypto_hash_walk_first(req, &walk); nbytes > 0; + nbytes = crypto_hash_walk_done(&walk, 0)) { + rc = phmac_update(tfm, ctx, walk.data, nbytes, true); + if (rc) { + crypto_hash_walk_done(&walk, rc); + break; + } + } + if (rc) + goto out; + + rc = phmac_final(tfm, ctx, req->result, true); + +out: + pr_debug("req complete with rc=%d\n", rc); + local_bh_disable(); + ahash_request_complete(req, rc); + local_bh_enable(); +} + +static int s390_phmac_finup(struct ahash_request *req) +{ + struct s390_phmac_req_ctx *req_ctx = ahash_request_ctx(req); + struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); + struct s390_kmac_sha2_ctx *ctx = &req_ctx->sha2_ctx; + struct s390_kmac_sha2_ctx ctx_backup; + struct crypto_hash_walk walk; + int nbytes, rc = 0; + + /* + * First try synchronous. If this fails for any reason + * schedule this request asynchronous via workqueue. + */ + + memcpy(&ctx_backup, ctx, sizeof(*ctx)); + + for (nbytes = crypto_hash_walk_first(req, &walk); nbytes > 0; + nbytes = crypto_hash_walk_done(&walk, 0)) { + rc = phmac_update(tfm, ctx, walk.data, nbytes, false); + if (rc) { + crypto_hash_walk_done(&walk, rc); + break; + } + } + + if (!rc) + rc = phmac_final(tfm, ctx, req->result, false); + if (!rc) + goto out; + + memcpy(ctx, &ctx_backup, sizeof(*ctx)); + + req_ctx->req = req; + INIT_DELAYED_WORK(&req_ctx->work, phmac_wq_finup_fn); + schedule_delayed_work(&req_ctx->work, 0); + rc = -EINPROGRESS; + +out: + pr_debug("rc=%d\n", rc); + return rc; +} + +static void phmac_wq_digest_fn(struct work_struct *work) +{ + struct delayed_work *dwork = to_delayed_work(work); + struct s390_phmac_req_ctx *req_ctx = + container_of(dwork, struct s390_phmac_req_ctx, work); + struct ahash_request *req = req_ctx->req; + struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); + struct s390_kmac_sha2_ctx *ctx = &req_ctx->sha2_ctx; + struct crypto_hash_walk walk; + int nbytes, rc = 0; + + rc = phmac_init(tfm, ctx, true); + if (rc) + goto out; + + for (nbytes = crypto_hash_walk_first(req, &walk); nbytes > 0; + nbytes = crypto_hash_walk_done(&walk, 0)) { + rc = phmac_update(tfm, ctx, walk.data, nbytes, true); + if (rc) { + crypto_hash_walk_done(&walk, rc); + break; + } + } + if (rc) + goto out; + + rc = phmac_final(tfm, ctx, req->result, true); + +out: + pr_debug("req complete with rc=%d\n", rc); + local_bh_disable(); + ahash_request_complete(req, rc); + local_bh_enable(); +} + +static int s390_phmac_digest(struct ahash_request *req) +{ + struct s390_phmac_req_ctx *req_ctx = ahash_request_ctx(req); + struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); + struct s390_kmac_sha2_ctx *ctx = &req_ctx->sha2_ctx; + struct crypto_hash_walk walk; + int nbytes, rc; + + /* + * First try synchronous. If this fails for any reason + * schedule this request asynchronous via workqueue. + */ + + rc = phmac_init(tfm, ctx, false); + if (rc) + goto via_wq; + + for (nbytes = crypto_hash_walk_first(req, &walk); nbytes > 0; + nbytes = crypto_hash_walk_done(&walk, 0)) { + rc = phmac_update(tfm, ctx, walk.data, nbytes, false); + if (rc) { + crypto_hash_walk_done(&walk, rc); + break; + } + } + if (rc) + goto via_wq; + + rc = phmac_final(tfm, ctx, req->result, false); + if (!rc) + goto out; + +via_wq: + req_ctx->req = req; + INIT_DELAYED_WORK(&req_ctx->work, phmac_wq_digest_fn); + schedule_delayed_work(&req_ctx->work, 0); + rc = -EINPROGRESS; + +out: + pr_debug("rc=%d\n", rc); + return rc; +} + +static int s390_phmac_setkey(struct crypto_ahash *tfm, + const u8 *key, unsigned int keylen) +{ + struct s390_phmac_ctx *tfm_ctx = crypto_ahash_ctx(tfm); + + if (tfm_ctx->keylen) { + kfree_sensitive(tfm_ctx->key); + tfm_ctx->key = NULL; + tfm_ctx->keylen = 0; + } + + tfm_ctx->key = kmemdup(key, keylen, GFP_ATOMIC); + if (!tfm_ctx->key) + return -ENOMEM; + tfm_ctx->keylen = keylen; + + /* Always trigger an asynch key convert */ + spin_lock_bh(&tfm_ctx->pk_lock); + tfm_ctx->pk_state = PK_STATE_CONVERT_IN_PROGRESS; + spin_unlock_bh(&tfm_ctx->pk_lock); + schedule_delayed_work(&tfm_ctx->work, 0); + + pr_debug("rc=0\n"); + return 0; +} + +static int s390_phmac_import(struct ahash_request *req, const void *in) +{ + struct s390_phmac_req_ctx *req_ctx = ahash_request_ctx(req); + struct s390_kmac_sha2_ctx *ctx = &req_ctx->sha2_ctx; + + memcpy(ctx, in, sizeof(*ctx)); + + return 0; +} + +static int s390_phmac_export(struct ahash_request *req, void *out) +{ + struct s390_phmac_req_ctx *req_ctx = ahash_request_ctx(req); + struct s390_kmac_sha2_ctx *ctx = &req_ctx->sha2_ctx; + + memcpy(out, ctx, sizeof(*ctx)); + + return 0; +} + +static int s390_phmac_init_tfm(struct crypto_ahash *tfm) +{ + struct s390_phmac_ctx *tfm_ctx = crypto_ahash_ctx(tfm); + + tfm_ctx->key = NULL; + tfm_ctx->keylen = 0; + + INIT_DELAYED_WORK(&tfm_ctx->work, phmac_wq_convert_key_fn); + + tfm_ctx->pk_state = PK_STATE_NO_KEY; + spin_lock_init(&tfm_ctx->pk_lock); + + crypto_ahash_set_reqsize(tfm, sizeof(struct s390_phmac_req_ctx)); + + pr_debug("rc=0\n"); + return 0; +} + +static void s390_phmac_exit_tfm(struct crypto_ahash *tfm) +{ + struct s390_phmac_ctx *tfm_ctx = crypto_ahash_ctx(tfm); + + flush_delayed_work(&tfm_ctx->work); + + memzero_explicit(&tfm_ctx->pk, sizeof(tfm_ctx->pk)); + kfree_sensitive(tfm_ctx->key); + + pr_debug("\n"); +} + +#define S390_ASYNC_PHMAC_ALG(x) \ +{ \ + .init = s390_phmac_init, \ + .update = s390_phmac_update, \ + .final = s390_phmac_final, \ + .finup = s390_phmac_finup, \ + .digest = s390_phmac_digest, \ + .setkey = s390_phmac_setkey, \ + .import = s390_phmac_import, \ + .export = s390_phmac_export, \ + .init_tfm = s390_phmac_init_tfm, \ + .exit_tfm = s390_phmac_exit_tfm, \ + .halg = { \ + .digestsize = SHA##x##_DIGEST_SIZE, \ + .statesize = sizeof(struct s390_kmac_sha2_ctx), \ + .base = { \ + .cra_name = "phmac(sha" #x ")", \ + .cra_driver_name = "phmac_s390_sha" #x, \ + .cra_blocksize = SHA##x##_BLOCK_SIZE, \ + .cra_priority = 400, \ + .cra_flags = CRYPTO_ALG_ASYNC, \ + .cra_ctxsize = sizeof(struct s390_phmac_ctx), \ + .cra_module = THIS_MODULE, \ + }, \ + }, \ +} + +static struct s390_hmac_alg { + unsigned int fc; + struct ahash_alg alg; + bool registered; +} s390_hmac_algs[] = { + { + .fc = CPACF_KMAC_PHMAC_SHA_224, + .alg = S390_ASYNC_PHMAC_ALG(224), + }, { + .fc = CPACF_KMAC_PHMAC_SHA_256, + .alg = S390_ASYNC_PHMAC_ALG(256), + }, { + .fc = CPACF_KMAC_PHMAC_SHA_384, + .alg = S390_ASYNC_PHMAC_ALG(384), + }, { + .fc = CPACF_KMAC_PHMAC_SHA_512, + .alg = S390_ASYNC_PHMAC_ALG(512), + } +}; + +static __always_inline void _s390_hmac_algs_unregister(void) +{ + struct s390_hmac_alg *hmac; + int i; + + for (i = ARRAY_SIZE(s390_hmac_algs) - 1; i >= 0; i--) { + hmac = &s390_hmac_algs[i]; + if (hmac->registered) + crypto_unregister_ahash(&hmac->alg); + } +} + +static int __init phmac_s390_init(void) +{ + struct s390_hmac_alg *hmac; + int i, rc = -ENODEV; + + for (i = 0; i < ARRAY_SIZE(s390_hmac_algs); i++) { + hmac = &s390_hmac_algs[i]; + if (!cpacf_query_func(CPACF_KMAC, hmac->fc)) + continue; + rc = crypto_register_ahash(&hmac->alg); + if (rc) { + pr_err("unable to register %s\n", + hmac->alg.halg.base.cra_name); + goto out; + } + hmac->registered = true; + pr_debug("registered %s\n", hmac->alg.halg.base.cra_name); + } + return rc; +out: + _s390_hmac_algs_unregister(); + return rc; +} + +static void __exit phmac_s390_exit(void) +{ + _s390_hmac_algs_unregister(); +} + +module_init(phmac_s390_init); +module_exit(phmac_s390_exit); + +MODULE_ALIAS_CRYPTO("phmac(sha224)"); +MODULE_ALIAS_CRYPTO("phmac(sha256)"); +MODULE_ALIAS_CRYPTO("phmac(sha384)"); +MODULE_ALIAS_CRYPTO("phmac(sha512)"); + +MODULE_DESCRIPTION("S390 HMAC driver for protected keys"); +MODULE_LICENSE("GPL"); diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig index 0a9cdd31cbd9..519305e04f18 100644 --- a/drivers/crypto/Kconfig +++ b/drivers/crypto/Kconfig @@ -187,6 +187,18 @@ config CRYPTO_PAES_S390 Select this option if you want to use the paes cipher for example to use protected key encrypted devices. +config CRYPTO_PHMAC_S390 + tristate "PHMAC cipher algorithms" + depends on S390 + depends on PKEY + select CRYPTO_HASH + help + This is the s390 hardware accelerated implementation of the + protected key HMAC support for SHA224, SHA256, SHA384 and SHA512. + + Select this option if you want to use the phmac digests + for example to use dm-integrity with secure/protected keys. + config S390_PRNG tristate "Pseudo random number generator device driver" depends on S390 From patchwork Wed Jan 15 16:22:29 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Harald Freudenberger X-Patchwork-Id: 13940618 X-Patchwork-Delegate: herbert@gondor.apana.org.au Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B196686348; Wed, 15 Jan 2025 16:22:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.158.5 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736958161; cv=none; b=jA5GzFRHJHjn78MuljBPmsNWi3dKJeB2lzcwyN0NP7hOBfz7vIxmTpMgUvM/uyhp87ruQbtI6qWZj/DzYTDdHI86psfbOOiDl2rteRCrI6Le2Tb2Hy2p7roT5IDUbK6NO52cpDgiXDqzjztOw7/6o5obggyAAttD22/5HZ6n6OA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736958161; c=relaxed/simple; bh=A3z6j+fkdV4BAojk6viwkJSKja55R83Ja6SscZTL6rw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=cJPy33dXBCVhnkhV94tpqVzO8ubjIyZnx9GNsWH3elf4/SBdULTrjA6yxoASyfECkcShqW3hsvA/LpgibOzhbU6pY/3y3chaejeTXnzt/6Sheyrr4qvckqdfrE5YhPwPonOdRVmCPj2jvQhp7x8PNzuqbMINQK5E5sf/SdJlUIU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=XKLUar5+; arc=none smtp.client-ip=148.163.158.5 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="XKLUar5+" Received: from pps.filterd (m0353725.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 50FGK8Yg020082; Wed, 15 Jan 2025 16:22:36 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=DfZdLU74MgekTvz1V r/xGJNwtHeoMIRggJ3r2aMl5jA=; b=XKLUar5+mIE5SAvNGNt+4/4QAd0bePeJE YYqEFde0kFx0AM5O9A273LJZ30FyJLA6649rDHGm09Mwf89cEl43WfCA8XPYZJ5X fSPrgc5sGfd1j58WaWkE73B9QHszN/I0GoA7ZyXlaJ1g6L3henhKNrWP55IsKuHY 2bzUpy6tsF3tkE802uSRaUXLfhScLaiaGxfnopp4FCsnaIuzxxdx2v+fNBv7dH/u pHEBs0/xd2aLpXEA+yGODCe3D6Rk1pYzWQBNRt5NUX4jKCvz2JR9A4BJ1HfmCCnh Lus+ocv9m9dki5fRQhpjs6RLe5IoYfa9TAmkI/DQ9A61CI5F2XzoQ== Received: from ppma11.dal12v.mail.ibm.com (db.9e.1632.ip4.static.sl-reverse.com [50.22.158.219]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 446eg5rs6j-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 15 Jan 2025 16:22:35 +0000 (GMT) Received: from pps.filterd (ppma11.dal12v.mail.ibm.com [127.0.0.1]) by ppma11.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 50FFkYEl016485; Wed, 15 Jan 2025 16:22:35 GMT Received: from smtprelay01.fra02v.mail.ibm.com ([9.218.2.227]) by ppma11.dal12v.mail.ibm.com (PPS) with ESMTPS id 4445p1rwdj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 15 Jan 2025 16:22:35 +0000 Received: from smtpav06.fra02v.mail.ibm.com (smtpav06.fra02v.mail.ibm.com [10.20.54.105]) by smtprelay01.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 50FGMXKM56558010 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 15 Jan 2025 16:22:33 GMT Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 76E7A20040; Wed, 15 Jan 2025 16:22:33 +0000 (GMT) Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 3E9E72004B; Wed, 15 Jan 2025 16:22:33 +0000 (GMT) Received: from funtu2.fritz.box?044ibm.com (unknown [9.171.28.131]) by smtpav06.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 15 Jan 2025 16:22:33 +0000 (GMT) From: Harald Freudenberger To: herbert@gondor.apana.org.au, davem@davemloft.net, dengler@linux.ibm.com Cc: linux-s390@vger.kernel.org, linux-crypto@vger.kernel.org Subject: [PATCH v10 3/5] crypto: api - Add crypto_tfm_alg_get_flags() helper inline function Date: Wed, 15 Jan 2025 17:22:29 +0100 Message-ID: <20250115162231.83516-4-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250115162231.83516-1-freude@linux.ibm.com> References: <20250115162231.83516-1-freude@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: HV8pXH4XtBkgBEBJQjtzF0gwSWkIjXh8 X-Proofpoint-ORIG-GUID: HV8pXH4XtBkgBEBJQjtzF0gwSWkIjXh8 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1057,Hydra:6.0.680,FMLib:17.12.68.34 definitions=2025-01-15_07,2025-01-15_02,2024-11-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 suspectscore=0 clxscore=1015 phishscore=0 malwarescore=0 spamscore=0 adultscore=0 mlxscore=0 impostorscore=0 lowpriorityscore=0 mlxlogscore=609 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2411120000 definitions=main-2501150119 Add a little helper inline function crypto_tfm_alg_get_flags() to the crypto.h header file to retrieve the alg flags. Signed-off-by: Harald Freudenberger --- include/linux/crypto.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/include/linux/crypto.h b/include/linux/crypto.h index b164da5e129e..8b37d381cd97 100644 --- a/include/linux/crypto.h +++ b/include/linux/crypto.h @@ -472,6 +472,11 @@ static inline unsigned int crypto_tfm_alg_alignmask(struct crypto_tfm *tfm) return tfm->__crt_alg->cra_alignmask; } +static inline u32 crypto_tfm_alg_get_flags(struct crypto_tfm *tfm) +{ + return tfm->__crt_alg->cra_flags; +} + static inline u32 crypto_tfm_get_flags(struct crypto_tfm *tfm) { return tfm->crt_flags; From patchwork Wed Jan 15 16:22:30 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Harald Freudenberger X-Patchwork-Id: 13940619 X-Patchwork-Delegate: herbert@gondor.apana.org.au Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 534F2158DC6; Wed, 15 Jan 2025 16:22:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.158.5 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736958162; cv=none; b=ezC2d2QlvBxKn5aX11bN7BZzlPsZ+WxH8/iNccON139XrwMroUHyLHJt8kvA3hewibT4qBrROE14Bl5GNlfwZdsm/LDuY3XVGdl8YMqNb+Gz5sZmg/zpgQHEekbkNg51Q+YyZL82elRid7Ao57Z9e034UrN278PC0DNAqp38i2c= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736958162; c=relaxed/simple; bh=p5ZpTr4sbDrte3PsdrsB3cROgFOE+iMcJSrgT+WCXsA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=PAGi/cUIyPipAYCal5f7yhkkdDp4Nm8OXXPLbG0lkMbb2dVfuq0jKNFS7B7wFyS3mh1VpzONF/ODtqBRKA3OX6WFVPGGCoa94l7zL2EiT8se15QgJJkFikx3wCejfLdLtY6FM1cUAxTd6OvgWq6bQoa3zpDuTyl8tBVOxKmlqxQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=fM9zID86; arc=none smtp.client-ip=148.163.158.5 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="fM9zID86" Received: from pps.filterd (m0356516.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 50FGK9CG020367; Wed, 15 Jan 2025 16:22:36 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=bNHWQSMCBCudm6w0E 4mZexLnvtJzgLOtBCMsqtokzhw=; b=fM9zID865EYJkbj9lcYeEsv/57J+eg3sJ MLVcZlMObo5Gbd93a9Z35NxpXP9nxYRuBVhrJnN+sjWNUVwdsMzMDALrk6TSMuCJ ou06Ri+Ms0MOndRBXlwx6tAGBaIzMns6ff3hXB4+vGJHovNzQpiYfFuuDHj7kdv4 SL67VrGsHDio6ayPokvpNl6hgN+whZX/IoXJYGT01SuOYFcjtXYrwGRVCTPwx0XM 8nWzT3PQqP28Ay5AigN8n10hpPr7tT1oOitYrKehLVSbdT1A+bEYkq4CQccqnZCc iduMyMkS6cffvS4ARKk5bnMjCB+BY1D87t/o4fo2P9ZY1KdOIzYOA== Received: from ppma23.wdc07v.mail.ibm.com (5d.69.3da9.ip4.static.sl-reverse.com [169.61.105.93]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4461rbkwkj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 15 Jan 2025 16:22:36 +0000 (GMT) Received: from pps.filterd (ppma23.wdc07v.mail.ibm.com [127.0.0.1]) by ppma23.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 50FEscFq017003; Wed, 15 Jan 2025 16:22:35 GMT Received: from smtprelay01.fra02v.mail.ibm.com ([9.218.2.227]) by ppma23.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4444fk965f-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 15 Jan 2025 16:22:35 +0000 Received: from smtpav06.fra02v.mail.ibm.com (smtpav06.fra02v.mail.ibm.com [10.20.54.105]) by smtprelay01.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 50FGMXxo29950386 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 15 Jan 2025 16:22:33 GMT Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id BBA9E20040; Wed, 15 Jan 2025 16:22:33 +0000 (GMT) Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 874AE2004B; Wed, 15 Jan 2025 16:22:33 +0000 (GMT) Received: from funtu2.fritz.box?044ibm.com (unknown [9.171.28.131]) by smtpav06.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 15 Jan 2025 16:22:33 +0000 (GMT) From: Harald Freudenberger To: herbert@gondor.apana.org.au, davem@davemloft.net, dengler@linux.ibm.com Cc: linux-s390@vger.kernel.org, linux-crypto@vger.kernel.org Subject: [PATCH v10 4/5] s390/crypto: Add selftest support for phmac Date: Wed, 15 Jan 2025 17:22:30 +0100 Message-ID: <20250115162231.83516-5-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250115162231.83516-1-freude@linux.ibm.com> References: <20250115162231.83516-1-freude@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: ZbsM7EgdYrY07bYnSMx7lZSbDx7MIIS6 X-Proofpoint-GUID: ZbsM7EgdYrY07bYnSMx7lZSbDx7MIIS6 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1057,Hydra:6.0.680,FMLib:17.12.68.34 definitions=2025-01-15_07,2025-01-15_02,2024-11-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 impostorscore=0 mlxscore=0 suspectscore=0 mlxlogscore=999 adultscore=0 bulkscore=0 phishscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2411120000 definitions=main-2501150119 Add key preparation code in case of selftest running to the phmac setkey function: As long as the CRYPTO_ALG_TESTED flag is not set, all setkey() invocations are assumed to carry sheer hmac clear key values and thus need some preparation to work with the phmac implementation. Thus it is possible to use the already available hmac test vectors implemented in the testmanager to test the phmac code. When the CRYPTO_ALG_TESTED flag is set (after larval state) the phmac code assumes the key material is a blob digestible by the pkey kernel module which converts the blob into a working key for the phmac code. Signed-off-by: Harald Freudenberger --- arch/s390/crypto/phmac_s390.c | 151 +++++++++++++++++++++++++++++++++- 1 file changed, 147 insertions(+), 4 deletions(-) diff --git a/arch/s390/crypto/phmac_s390.c b/arch/s390/crypto/phmac_s390.c index b2b389e94a37..5123664e4d2e 100644 --- a/arch/s390/crypto/phmac_s390.c +++ b/arch/s390/crypto/phmac_s390.c @@ -112,6 +112,19 @@ struct s390_phmac_req_ctx { struct s390_kmac_sha2_ctx sha2_ctx; }; +/* + * Pkey 'token' struct used to derive a protected key value from a clear key. + */ +struct hmac_clrkey_token { + u8 type; + u8 res0[3]; + u8 version; + u8 res1[3]; + u32 keytype; + u32 len; + u8 key[]; +} __packed; + /* * kmac_sha2_set_imbl - sets the input message bit-length based on the blocksize */ @@ -132,6 +145,101 @@ static inline void kmac_sha2_set_imbl(u8 *param, unsigned int buflen, } } +static int hash_key(const u8 *in, unsigned int inlen, + u8 *digest, unsigned int digestsize) +{ + unsigned long func; + union { + struct sha256_paramblock { + u32 h[8]; + u64 mbl; + } sha256; + struct sha512_paramblock { + u64 h[8]; + u128 mbl; + } sha512; + } __packed param; + +#define PARAM_INIT(x, y, z) \ + param.sha##x.h[0] = SHA##y ## _H0; \ + param.sha##x.h[1] = SHA##y ## _H1; \ + param.sha##x.h[2] = SHA##y ## _H2; \ + param.sha##x.h[3] = SHA##y ## _H3; \ + param.sha##x.h[4] = SHA##y ## _H4; \ + param.sha##x.h[5] = SHA##y ## _H5; \ + param.sha##x.h[6] = SHA##y ## _H6; \ + param.sha##x.h[7] = SHA##y ## _H7; \ + param.sha##x.mbl = (z) + + switch (digestsize) { + case SHA224_DIGEST_SIZE: + func = CPACF_KLMD_SHA_256; + PARAM_INIT(256, 224, inlen * 8); + break; + case SHA256_DIGEST_SIZE: + func = CPACF_KLMD_SHA_256; + PARAM_INIT(256, 256, inlen * 8); + break; + case SHA384_DIGEST_SIZE: + func = CPACF_KLMD_SHA_512; + PARAM_INIT(512, 384, inlen * 8); + break; + case SHA512_DIGEST_SIZE: + func = CPACF_KLMD_SHA_512; + PARAM_INIT(512, 512, inlen * 8); + break; + default: + return -EINVAL; + } + +#undef PARAM_INIT + + cpacf_klmd(func, ¶m, in, inlen); + + memcpy(digest, ¶m, digestsize); + + return 0; +} + +/* + * make_clrkey_token() - wrap the clear key into a pkey clearkey token. + */ +static inline int make_clrkey_token(const u8 *clrkey, size_t clrkeylen, + unsigned int digestsize, u8 *dest) +{ + struct hmac_clrkey_token *token = (struct hmac_clrkey_token *)dest; + unsigned int blocksize; + int rc; + + token->type = 0x00; + token->version = 0x02; + switch (digestsize) { + case SHA224_DIGEST_SIZE: + case SHA256_DIGEST_SIZE: + token->keytype = PKEY_KEYTYPE_HMAC_512; + blocksize = 64; + break; + case SHA384_DIGEST_SIZE: + case SHA512_DIGEST_SIZE: + token->keytype = PKEY_KEYTYPE_HMAC_1024; + blocksize = 128; + break; + default: + return -EINVAL; + } + token->len = blocksize; + + if (clrkeylen > blocksize) { + rc = hash_key(clrkey, clrkeylen, token->key, digestsize); + if (rc) + return rc; + } else { + memcpy(token->key, clrkey, clrkeylen); + } + + return 0; +} + /* * Convert the raw key material into a protected key via PKEY api. * This function may sleep - don't call in non-sleeping context. @@ -680,6 +788,12 @@ static int s390_phmac_setkey(struct crypto_ahash *tfm, const u8 *key, unsigned int keylen) { struct s390_phmac_ctx *tfm_ctx = crypto_ahash_ctx(tfm); + struct crypto_tfm *tfm_base = crypto_ahash_tfm(tfm); + unsigned int ds = crypto_ahash_digestsize(tfm); + unsigned int bs = crypto_ahash_blocksize(tfm); + unsigned int tmpkeylen; + u8 *tmpkey = NULL; + int rc = 0; if (tfm_ctx->keylen) { kfree_sensitive(tfm_ctx->key); @@ -687,9 +801,31 @@ static int s390_phmac_setkey(struct crypto_ahash *tfm, tfm_ctx->keylen = 0; } + if (!(crypto_tfm_alg_get_flags(tfm_base) & CRYPTO_ALG_TESTED)) { + /* + * selftest running: key is a raw hmac clear key and needs + * to get embedded into a 'clear key token' in order to have + * it correctly processed by the pkey module. + */ + tmpkeylen = sizeof(struct hmac_clrkey_token) + bs; + tmpkey = kzalloc(tmpkeylen, GFP_ATOMIC); + if (!tmpkey) { + rc = -ENOMEM; + goto out; + } + rc = make_clrkey_token(key, keylen, ds, tmpkey); + if (rc) + goto out; + keylen = tmpkeylen; + key = tmpkey; + } + + /* key is always a key token digestable by PKEY */ tfm_ctx->key = kmemdup(key, keylen, GFP_ATOMIC); - if (!tfm_ctx->key) - return -ENOMEM; + if (!tfm_ctx->key) { + rc = -ENOMEM; + goto out; + } tfm_ctx->keylen = keylen; /* Always trigger an asynch key convert */ @@ -698,8 +834,10 @@ static int s390_phmac_setkey(struct crypto_ahash *tfm, spin_unlock_bh(&tfm_ctx->pk_lock); schedule_delayed_work(&tfm_ctx->work, 0); - pr_debug("rc=0\n"); - return 0; +out: + kfree(tmpkey); + pr_debug("rc=%d\n", rc); + return rc; } static int s390_phmac_import(struct ahash_request *req, const void *in) @@ -816,6 +954,11 @@ static int __init phmac_s390_init(void) struct s390_hmac_alg *hmac; int i, rc = -ENODEV; + if (!cpacf_query_func(CPACF_KLMD, CPACF_KLMD_SHA_256)) + return -ENODEV; + if (!cpacf_query_func(CPACF_KLMD, CPACF_KLMD_SHA_512)) + return -ENODEV; + for (i = 0; i < ARRAY_SIZE(s390_hmac_algs); i++) { hmac = &s390_hmac_algs[i]; if (!cpacf_query_func(CPACF_KMAC, hmac->fc)) From patchwork Wed Jan 15 16:22:31 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Harald Freudenberger X-Patchwork-Id: 13940617 X-Patchwork-Delegate: herbert@gondor.apana.org.au Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7ADA85474C; Wed, 15 Jan 2025 16:22:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.156.1 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736958161; cv=none; b=eXTwELL/A+2NymDLy/r9bflhFzPVh1RJov4EvWKSACnLHUQFG3t0AarSLQ7cztGd6ky+zXmX2/Yj7HP7ZVfU/H6PlA2cCmg1KlmaGlQQI74HMqZAqT0nmo+6xa5RpaiiW7EluwGhPYNsGpfeA+LrarTLQI64Ia/uvvhsGkeUDmU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736958161; c=relaxed/simple; bh=+WwJ8F6ZFB+Y70Rh+IBXqJkbTupGeGbqbv7vhgoQdc4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=REsT8ofN3Ntnxa/t7V71LjvuFw9G+32Qc5bRZs9htPwbVYM/3pArxpcv4n+0+zfEiT/dL760mLtM3v/vljUx0sbyQOojFsitfhUW6wxO1SbcMf5Lm1zQ5TGNwho/ApaVcVv/QXF5i9Y5CtuoM8qPdnelrTwaWXftudYiXV0NFH8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=WgdQmKbv; arc=none smtp.client-ip=148.163.156.1 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="WgdQmKbv" Received: from pps.filterd (m0360083.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 50FGK8LU031748; Wed, 15 Jan 2025 16:22:37 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=04ZoER5a9xXXtppa1 hsb1VYkbpO6YQBoFgrNvXDygSQ=; b=WgdQmKbvZTNu6Ff+6BvJJ00COW+7NsK36 3q5z4jVituLCbST05K5UfUubj3Bc8YHhIamvyt7d074Ax/4dY4h+qwBNRjqmBFXc bC088yp6iMHSx1KEAkRXUwJJclIrsaxg/VCpkRcKwhRYVarvfMokwrQUCSKUx/pB 9fivzmO+V9cBEinZ466FtvS/EHiFxQGhtTLJFk6P5JYY/8oasZd0Xi1RUnWP3hqb Ei8T244wQAVywpsbi8nt3p4zx1/Q8G+akLD+Uh5IwQqAxRGhRj4n2CChH90pPZOS XSZzJW/JgzrmUEH5WfJLoOxLjEeXjONKTJ6ucy1UR036dkXG2kt+A== Received: from ppma23.wdc07v.mail.ibm.com (5d.69.3da9.ip4.static.sl-reverse.com [169.61.105.93]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4465gbu9nk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 15 Jan 2025 16:22:37 +0000 (GMT) Received: from pps.filterd (ppma23.wdc07v.mail.ibm.com [127.0.0.1]) by ppma23.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 50FEfONK017014; Wed, 15 Jan 2025 16:22:36 GMT Received: from smtprelay02.fra02v.mail.ibm.com ([9.218.2.226]) by ppma23.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4444fk965g-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 15 Jan 2025 16:22:35 +0000 Received: from smtpav06.fra02v.mail.ibm.com (smtpav06.fra02v.mail.ibm.com [10.20.54.105]) by smtprelay02.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 50FGMYH68388904 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 15 Jan 2025 16:22:34 GMT Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0B38D20040; Wed, 15 Jan 2025 16:22:34 +0000 (GMT) Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id CB71120049; Wed, 15 Jan 2025 16:22:33 +0000 (GMT) Received: from funtu2.fritz.box?044ibm.com (unknown [9.171.28.131]) by smtpav06.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 15 Jan 2025 16:22:33 +0000 (GMT) From: Harald Freudenberger To: herbert@gondor.apana.org.au, davem@davemloft.net, dengler@linux.ibm.com Cc: linux-s390@vger.kernel.org, linux-crypto@vger.kernel.org Subject: [PATCH v10 5/5] crypto: testmgr - Enable phmac selftest Date: Wed, 15 Jan 2025 17:22:31 +0100 Message-ID: <20250115162231.83516-6-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250115162231.83516-1-freude@linux.ibm.com> References: <20250115162231.83516-1-freude@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: GtqRcsAQuDJdU0T6VFSCbEt2ktPLeJyV X-Proofpoint-ORIG-GUID: GtqRcsAQuDJdU0T6VFSCbEt2ktPLeJyV X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1057,Hydra:6.0.680,FMLib:17.12.68.34 definitions=2025-01-15_07,2025-01-15_02,2024-11-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 spamscore=0 adultscore=0 mlxlogscore=973 phishscore=0 priorityscore=1501 suspectscore=0 bulkscore=0 malwarescore=0 impostorscore=0 lowpriorityscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2411120000 definitions=main-2501150119 Add phmac selftest invocation to the crypto testmanager. Signed-off-by: Harald Freudenberger --- crypto/testmgr.c | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 1f5f48ab18c7..e753a68be861 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -5539,6 +5539,36 @@ static const struct alg_test_desc alg_test_descs[] = { .cipher = __VECS(fcrypt_pcbc_tv_template) } }, { +#if IS_ENABLED(CONFIG_CRYPTO_PHMAC_S390) + .alg = "phmac(sha224)", + .test = alg_test_hash, + .fips_allowed = 1, + .suite = { + .hash = __VECS(hmac_sha224_tv_template) + } + }, { + .alg = "phmac(sha256)", + .test = alg_test_hash, + .fips_allowed = 1, + .suite = { + .hash = __VECS(hmac_sha256_tv_template) + } + }, { + .alg = "phmac(sha384)", + .test = alg_test_hash, + .fips_allowed = 1, + .suite = { + .hash = __VECS(hmac_sha384_tv_template) + } + }, { + .alg = "phmac(sha512)", + .test = alg_test_hash, + .fips_allowed = 1, + .suite = { + .hash = __VECS(hmac_sha512_tv_template) + } + }, { +#endif .alg = "pkcs1(rsa,none)", .test = alg_test_sig, .suite = {