[mirror_ubuntu-artful-kernel.git] / arch / s390 / crypto / ghash_s390.c

/*
 * Cryptographic API.
 *
 * s390 implementation of the GHASH algorithm for GCM (Galois/Counter Mode).
 *
 * Copyright IBM Corp. 2011
 * Author(s): Gerald Schaefer <gerald.schaefer@de.ibm.com>
 */

#include <crypto/internal/hash.h>
#include <linux/module.h>

#include "crypt_s390.h"

#define GHASH_BLOCK_SIZE	16
#define GHASH_DIGEST_SIZE	16

struct ghash_ctx {
	u8 icv[16];
	u8 key[16];
};

struct ghash_desc_ctx {
	u8 buffer[GHASH_BLOCK_SIZE];
	u32 bytes;
};

static int ghash_init(struct shash_desc *desc)
{
	struct ghash_desc_ctx *dctx = shash_desc_ctx(desc);

	memset(dctx, 0, sizeof(*dctx));

	return 0;
}

static int ghash_setkey(struct crypto_shash *tfm,
			const u8 *key, unsigned int keylen)
{
	struct ghash_ctx *ctx = crypto_shash_ctx(tfm);

	if (keylen != GHASH_BLOCK_SIZE) {
		crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
		return -EINVAL;
	}

	memcpy(ctx->key, key, GHASH_BLOCK_SIZE);
	memset(ctx->icv, 0, GHASH_BLOCK_SIZE);

	return 0;
}

static int ghash_update(struct shash_desc *desc,
			 const u8 *src, unsigned int srclen)
{
	struct ghash_desc_ctx *dctx = shash_desc_ctx(desc);
	struct ghash_ctx *ctx = crypto_shash_ctx(desc->tfm);
	unsigned int n;
	u8 *buf = dctx->buffer;
	int ret;

	if (dctx->bytes) {
		u8 *pos = buf + (GHASH_BLOCK_SIZE - dctx->bytes);

		n = min(srclen, dctx->bytes);
		dctx->bytes -= n;
		srclen -= n;

		memcpy(pos, src, n);
		src += n;

		if (!dctx->bytes) {
			ret = crypt_s390_kimd(KIMD_GHASH, ctx, buf,
					      GHASH_BLOCK_SIZE);
			if (ret != GHASH_BLOCK_SIZE)
				return -EIO;
		}
	}

	n = srclen & ~(GHASH_BLOCK_SIZE - 1);
	if (n) {
		ret = crypt_s390_kimd(KIMD_GHASH, ctx, src, n);
		if (ret != n)
			return -EIO;
		src += n;
		srclen -= n;
	}

	if (srclen) {
		dctx->bytes = GHASH_BLOCK_SIZE - srclen;
		memcpy(buf, src, srclen);
	}

	return 0;
}

static int ghash_flush(struct ghash_ctx *ctx, struct ghash_desc_ctx *dctx)
{
	u8 *buf = dctx->buffer;
	int ret;

	if (dctx->bytes) {
		u8 *pos = buf + (GHASH_BLOCK_SIZE - dctx->bytes);

		memset(pos, 0, dctx->bytes);

		ret = crypt_s390_kimd(KIMD_GHASH, ctx, buf, GHASH_BLOCK_SIZE);
		if (ret != GHASH_BLOCK_SIZE)
			return -EIO;
	}

	dctx->bytes = 0;
	return 0;
}

static int ghash_final(struct shash_desc *desc, u8 *dst)
{
	struct ghash_desc_ctx *dctx = shash_desc_ctx(desc);
	struct ghash_ctx *ctx = crypto_shash_ctx(desc->tfm);
	int ret;

	ret = ghash_flush(ctx, dctx);
	if (!ret)
		memcpy(dst, ctx->icv, GHASH_BLOCK_SIZE);
	return ret;
}

static struct shash_alg ghash_alg = {
	.digestsize	= GHASH_DIGEST_SIZE,
	.init		= ghash_init,
	.update		= ghash_update,
	.final		= ghash_final,
	.setkey		= ghash_setkey,
	.descsize	= sizeof(struct ghash_desc_ctx),
	.base		= {
		.cra_name		= "ghash",
		.cra_driver_name	= "ghash-s390",
		.cra_priority		= CRYPT_S390_PRIORITY,
		.cra_flags		= CRYPTO_ALG_TYPE_SHASH,
		.cra_blocksize		= GHASH_BLOCK_SIZE,
		.cra_ctxsize		= sizeof(struct ghash_ctx),
		.cra_module		= THIS_MODULE,
	},
};

static int __init ghash_mod_init(void)
{
	if (!crypt_s390_func_available(KIMD_GHASH,
				       CRYPT_S390_MSA | CRYPT_S390_MSA4))
		return -EOPNOTSUPP;

	return crypto_register_shash(&ghash_alg);
}

static void __exit ghash_mod_exit(void)
{
	crypto_unregister_shash(&ghash_alg);
}

module_init(ghash_mod_init);
module_exit(ghash_mod_exit);

MODULE_ALIAS("ghash");

MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("GHASH Message Digest Algorithm, s390 implementation");
Commit	Line	Data
df1309ce GS	1	/*
	2	* Cryptographic API.
	3	*
	4	* s390 implementation of the GHASH algorithm for GCM (Galois/Counter Mode).
	5	*
	6	* Copyright IBM Corp. 2011
	7	* Author(s): Gerald Schaefer <gerald.schaefer@de.ibm.com>
	8	*/
	9
	10	#include <crypto/internal/hash.h>
	11	#include <linux/module.h>
	12
	13	#include "crypt_s390.h"
	14
	15	#define GHASH_BLOCK_SIZE 16
	16	#define GHASH_DIGEST_SIZE 16
	17
	18	struct ghash_ctx {
	19	u8 icv[16];
	20	u8 key[16];
	21	};
	22
	23	struct ghash_desc_ctx {
	24	u8 buffer[GHASH_BLOCK_SIZE];
	25	u32 bytes;
	26	};
	27
	28	static int ghash_init(struct shash_desc *desc)
	29	{
	30	struct ghash_desc_ctx *dctx = shash_desc_ctx(desc);
	31
	32	memset(dctx, 0, sizeof(*dctx));
	33
	34	return 0;
	35	}
	36
	37	static int ghash_setkey(struct crypto_shash *tfm,
	38	const u8 *key, unsigned int keylen)
	39	{
	40	struct ghash_ctx *ctx = crypto_shash_ctx(tfm);
	41
	42	if (keylen != GHASH_BLOCK_SIZE) {
	43	crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
	44	return -EINVAL;
	45	}
	46
	47	memcpy(ctx->key, key, GHASH_BLOCK_SIZE);
	48	memset(ctx->icv, 0, GHASH_BLOCK_SIZE);
	49
	50	return 0;
	51	}
	52
	53	static int ghash_update(struct shash_desc *desc,
	54	const u8 *src, unsigned int srclen)
	55	{
	56	struct ghash_desc_ctx *dctx = shash_desc_ctx(desc);
	57	struct ghash_ctx *ctx = crypto_shash_ctx(desc->tfm);
	58	unsigned int n;
	59	u8 *buf = dctx->buffer;
	60	int ret;
	61
	62	if (dctx->bytes) {
	63	u8 *pos = buf + (GHASH_BLOCK_SIZE - dctx->bytes);
	64
65	n = min(srclen, dctx->bytes);
66	dctx->bytes -= n;
67	srclen -= n;
68
69	memcpy(pos, src, n);
70	src += n;
71
72	if (!dctx->bytes) {
73	ret = crypt_s390_kimd(KIMD_GHASH, ctx, buf,
74	GHASH_BLOCK_SIZE);
36eb2caa JG	75	if (ret != GHASH_BLOCK_SIZE)
36eb2caa JG	76	return -EIO;
df1309ce GS	77	}
	78	}
	79
	80	n = srclen & ~(GHASH_BLOCK_SIZE - 1);
	81	if (n) {
	82	ret = crypt_s390_kimd(KIMD_GHASH, ctx, src, n);
36eb2caa JG	83	if (ret != n)
36eb2caa JG	84	return -EIO;
df1309ce GS	85	src += n;
	86	srclen -= n;
	87	}
	88
	89	if (srclen) {
	90	dctx->bytes = GHASH_BLOCK_SIZE - srclen;
	91	memcpy(buf, src, srclen);
	92	}
	93
	94	return 0;
	95	}
	96
36eb2caa	97	static int ghash_flush(struct ghash_ctx ctx, struct ghash_desc_ctx dctx)
df1309ce GS	98	{
	99	u8 *buf = dctx->buffer;
	100	int ret;
	101
	102	if (dctx->bytes) {
	103	u8 *pos = buf + (GHASH_BLOCK_SIZE - dctx->bytes);
	104
	105	memset(pos, 0, dctx->bytes);
	106
	107	ret = crypt_s390_kimd(KIMD_GHASH, ctx, buf, GHASH_BLOCK_SIZE);
36eb2caa JG	108	if (ret != GHASH_BLOCK_SIZE)
36eb2caa JG	109	return -EIO;
df1309ce GS	110	}
	111
	112	dctx->bytes = 0;
36eb2caa	113	return 0;
df1309ce GS	114	}
	115
	116	static int ghash_final(struct shash_desc desc, u8 dst)
	117	{
	118	struct ghash_desc_ctx *dctx = shash_desc_ctx(desc);
	119	struct ghash_ctx *ctx = crypto_shash_ctx(desc->tfm);
36eb2caa	120	int ret;
df1309ce	121
36eb2caa JG	122	ret = ghash_flush(ctx, dctx);
	123	if (!ret)
	124	memcpy(dst, ctx->icv, GHASH_BLOCK_SIZE);
	125	return ret;
df1309ce GS	126	}
	127
	128	static struct shash_alg ghash_alg = {
	129	.digestsize = GHASH_DIGEST_SIZE,
	130	.init = ghash_init,
	131	.update = ghash_update,
	132	.final = ghash_final,
	133	.setkey = ghash_setkey,
	134	.descsize = sizeof(struct ghash_desc_ctx),
	135	.base = {
	136	.cra_name = "ghash",
	137	.cra_driver_name = "ghash-s390",
	138	.cra_priority = CRYPT_S390_PRIORITY,
	139	.cra_flags = CRYPTO_ALG_TYPE_SHASH,
	140	.cra_blocksize = GHASH_BLOCK_SIZE,
	141	.cra_ctxsize = sizeof(struct ghash_ctx),
	142	.cra_module = THIS_MODULE,
df1309ce GS	143	},
	144	};
	145
	146	static int __init ghash_mod_init(void)
	147	{
	148	if (!crypt_s390_func_available(KIMD_GHASH,
	149	CRYPT_S390_MSA \| CRYPT_S390_MSA4))
	150	return -EOPNOTSUPP;
	151
	152	return crypto_register_shash(&ghash_alg);
	153	}
	154
	155	static void __exit ghash_mod_exit(void)
	156	{
	157	crypto_unregister_shash(&ghash_alg);
	158	}
	159
	160	module_init(ghash_mod_init);
	161	module_exit(ghash_mod_exit);
	162
	163	MODULE_ALIAS("ghash");
	164
	165	MODULE_LICENSE("GPL");
	166	MODULE_DESCRIPTION("GHASH Message Digest Algorithm, s390 implementation");