]>
Commit | Line | Data |
---|---|---|
df1309ce GS |
1 | /* |
2 | * Cryptographic API. | |
3 | * | |
4 | * s390 implementation of the GHASH algorithm for GCM (Galois/Counter Mode). | |
5 | * | |
6 | * Copyright IBM Corp. 2011 | |
7 | * Author(s): Gerald Schaefer <gerald.schaefer@de.ibm.com> | |
8 | */ | |
9 | ||
10 | #include <crypto/internal/hash.h> | |
11 | #include <linux/module.h> | |
12 | ||
13 | #include "crypt_s390.h" | |
14 | ||
15 | #define GHASH_BLOCK_SIZE 16 | |
16 | #define GHASH_DIGEST_SIZE 16 | |
17 | ||
18 | struct ghash_ctx { | |
19 | u8 icv[16]; | |
20 | u8 key[16]; | |
21 | }; | |
22 | ||
23 | struct ghash_desc_ctx { | |
24 | u8 buffer[GHASH_BLOCK_SIZE]; | |
25 | u32 bytes; | |
26 | }; | |
27 | ||
28 | static int ghash_init(struct shash_desc *desc) | |
29 | { | |
30 | struct ghash_desc_ctx *dctx = shash_desc_ctx(desc); | |
31 | ||
32 | memset(dctx, 0, sizeof(*dctx)); | |
33 | ||
34 | return 0; | |
35 | } | |
36 | ||
37 | static int ghash_setkey(struct crypto_shash *tfm, | |
38 | const u8 *key, unsigned int keylen) | |
39 | { | |
40 | struct ghash_ctx *ctx = crypto_shash_ctx(tfm); | |
41 | ||
42 | if (keylen != GHASH_BLOCK_SIZE) { | |
43 | crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN); | |
44 | return -EINVAL; | |
45 | } | |
46 | ||
47 | memcpy(ctx->key, key, GHASH_BLOCK_SIZE); | |
48 | memset(ctx->icv, 0, GHASH_BLOCK_SIZE); | |
49 | ||
50 | return 0; | |
51 | } | |
52 | ||
53 | static int ghash_update(struct shash_desc *desc, | |
54 | const u8 *src, unsigned int srclen) | |
55 | { | |
56 | struct ghash_desc_ctx *dctx = shash_desc_ctx(desc); | |
57 | struct ghash_ctx *ctx = crypto_shash_ctx(desc->tfm); | |
58 | unsigned int n; | |
59 | u8 *buf = dctx->buffer; | |
60 | int ret; | |
61 | ||
62 | if (dctx->bytes) { | |
63 | u8 *pos = buf + (GHASH_BLOCK_SIZE - dctx->bytes); | |
64 | ||
65 | n = min(srclen, dctx->bytes); | |
66 | dctx->bytes -= n; | |
67 | srclen -= n; | |
68 | ||
69 | memcpy(pos, src, n); | |
70 | src += n; | |
71 | ||
72 | if (!dctx->bytes) { | |
73 | ret = crypt_s390_kimd(KIMD_GHASH, ctx, buf, | |
74 | GHASH_BLOCK_SIZE); | |
36eb2caa JG |
75 | if (ret != GHASH_BLOCK_SIZE) |
76 | return -EIO; | |
df1309ce GS |
77 | } |
78 | } | |
79 | ||
80 | n = srclen & ~(GHASH_BLOCK_SIZE - 1); | |
81 | if (n) { | |
82 | ret = crypt_s390_kimd(KIMD_GHASH, ctx, src, n); | |
36eb2caa JG |
83 | if (ret != n) |
84 | return -EIO; | |
df1309ce GS |
85 | src += n; |
86 | srclen -= n; | |
87 | } | |
88 | ||
89 | if (srclen) { | |
90 | dctx->bytes = GHASH_BLOCK_SIZE - srclen; | |
91 | memcpy(buf, src, srclen); | |
92 | } | |
93 | ||
94 | return 0; | |
95 | } | |
96 | ||
36eb2caa | 97 | static int ghash_flush(struct ghash_ctx *ctx, struct ghash_desc_ctx *dctx) |
df1309ce GS |
98 | { |
99 | u8 *buf = dctx->buffer; | |
100 | int ret; | |
101 | ||
102 | if (dctx->bytes) { | |
103 | u8 *pos = buf + (GHASH_BLOCK_SIZE - dctx->bytes); | |
104 | ||
105 | memset(pos, 0, dctx->bytes); | |
106 | ||
107 | ret = crypt_s390_kimd(KIMD_GHASH, ctx, buf, GHASH_BLOCK_SIZE); | |
36eb2caa JG |
108 | if (ret != GHASH_BLOCK_SIZE) |
109 | return -EIO; | |
df1309ce GS |
110 | } |
111 | ||
112 | dctx->bytes = 0; | |
36eb2caa | 113 | return 0; |
df1309ce GS |
114 | } |
115 | ||
116 | static int ghash_final(struct shash_desc *desc, u8 *dst) | |
117 | { | |
118 | struct ghash_desc_ctx *dctx = shash_desc_ctx(desc); | |
119 | struct ghash_ctx *ctx = crypto_shash_ctx(desc->tfm); | |
36eb2caa | 120 | int ret; |
df1309ce | 121 | |
36eb2caa JG |
122 | ret = ghash_flush(ctx, dctx); |
123 | if (!ret) | |
124 | memcpy(dst, ctx->icv, GHASH_BLOCK_SIZE); | |
125 | return ret; | |
df1309ce GS |
126 | } |
127 | ||
128 | static struct shash_alg ghash_alg = { | |
129 | .digestsize = GHASH_DIGEST_SIZE, | |
130 | .init = ghash_init, | |
131 | .update = ghash_update, | |
132 | .final = ghash_final, | |
133 | .setkey = ghash_setkey, | |
134 | .descsize = sizeof(struct ghash_desc_ctx), | |
135 | .base = { | |
136 | .cra_name = "ghash", | |
137 | .cra_driver_name = "ghash-s390", | |
138 | .cra_priority = CRYPT_S390_PRIORITY, | |
139 | .cra_flags = CRYPTO_ALG_TYPE_SHASH, | |
140 | .cra_blocksize = GHASH_BLOCK_SIZE, | |
141 | .cra_ctxsize = sizeof(struct ghash_ctx), | |
142 | .cra_module = THIS_MODULE, | |
df1309ce GS |
143 | }, |
144 | }; | |
145 | ||
146 | static int __init ghash_mod_init(void) | |
147 | { | |
148 | if (!crypt_s390_func_available(KIMD_GHASH, | |
149 | CRYPT_S390_MSA | CRYPT_S390_MSA4)) | |
150 | return -EOPNOTSUPP; | |
151 | ||
152 | return crypto_register_shash(&ghash_alg); | |
153 | } | |
154 | ||
155 | static void __exit ghash_mod_exit(void) | |
156 | { | |
157 | crypto_unregister_shash(&ghash_alg); | |
158 | } | |
159 | ||
160 | module_init(ghash_mod_init); | |
161 | module_exit(ghash_mod_exit); | |
162 | ||
163 | MODULE_ALIAS("ghash"); | |
164 | ||
165 | MODULE_LICENSE("GPL"); | |
166 | MODULE_DESCRIPTION("GHASH Message Digest Algorithm, s390 implementation"); |