1
2
3
4
5
6
7
8
9
10#include <crypto/internal/hash.h>
11#include <linux/module.h>
12
13#include "crypt_s390.h"
14
15#define GHASH_BLOCK_SIZE 16
16#define GHASH_DIGEST_SIZE 16
17
18struct ghash_ctx {
19 u8 icv[16];
20 u8 key[16];
21};
22
23struct ghash_desc_ctx {
24 u8 buffer[GHASH_BLOCK_SIZE];
25 u32 bytes;
26};
27
28static int ghash_init(struct shash_desc *desc)
29{
30 struct ghash_desc_ctx *dctx = shash_desc_ctx(desc);
31
32 memset(dctx, 0, sizeof(*dctx));
33
34 return 0;
35}
36
37static int ghash_setkey(struct crypto_shash *tfm,
38 const u8 *key, unsigned int keylen)
39{
40 struct ghash_ctx *ctx = crypto_shash_ctx(tfm);
41
42 if (keylen != GHASH_BLOCK_SIZE) {
43 crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
44 return -EINVAL;
45 }
46
47 memcpy(ctx->key, key, GHASH_BLOCK_SIZE);
48 memset(ctx->icv, 0, GHASH_BLOCK_SIZE);
49
50 return 0;
51}
52
53static int ghash_update(struct shash_desc *desc,
54 const u8 *src, unsigned int srclen)
55{
56 struct ghash_desc_ctx *dctx = shash_desc_ctx(desc);
57 struct ghash_ctx *ctx = crypto_shash_ctx(desc->tfm);
58 unsigned int n;
59 u8 *buf = dctx->buffer;
60 int ret;
61
62 if (dctx->bytes) {
63 u8 *pos = buf + (GHASH_BLOCK_SIZE - dctx->bytes);
64
65 n = min(srclen, dctx->bytes);
66 dctx->bytes -= n;
67 srclen -= n;
68
69 memcpy(pos, src, n);
70 src += n;
71
72 if (!dctx->bytes) {
73 ret = crypt_s390_kimd(KIMD_GHASH, ctx, buf,
74 GHASH_BLOCK_SIZE);
75 if (ret != GHASH_BLOCK_SIZE)
76 return -EIO;
77 }
78 }
79
80 n = srclen & ~(GHASH_BLOCK_SIZE - 1);
81 if (n) {
82 ret = crypt_s390_kimd(KIMD_GHASH, ctx, src, n);
83 if (ret != n)
84 return -EIO;
85 src += n;
86 srclen -= n;
87 }
88
89 if (srclen) {
90 dctx->bytes = GHASH_BLOCK_SIZE - srclen;
91 memcpy(buf, src, srclen);
92 }
93
94 return 0;
95}
96
97static int ghash_flush(struct ghash_ctx *ctx, struct ghash_desc_ctx *dctx)
98{
99 u8 *buf = dctx->buffer;
100 int ret;
101
102 if (dctx->bytes) {
103 u8 *pos = buf + (GHASH_BLOCK_SIZE - dctx->bytes);
104
105 memset(pos, 0, dctx->bytes);
106
107 ret = crypt_s390_kimd(KIMD_GHASH, ctx, buf, GHASH_BLOCK_SIZE);
108 if (ret != GHASH_BLOCK_SIZE)
109 return -EIO;
110 }
111
112 dctx->bytes = 0;
113 return 0;
114}
115
116static int ghash_final(struct shash_desc *desc, u8 *dst)
117{
118 struct ghash_desc_ctx *dctx = shash_desc_ctx(desc);
119 struct ghash_ctx *ctx = crypto_shash_ctx(desc->tfm);
120 int ret;
121
122 ret = ghash_flush(ctx, dctx);
123 if (!ret)
124 memcpy(dst, ctx->icv, GHASH_BLOCK_SIZE);
125 return ret;
126}
127
128static struct shash_alg ghash_alg = {
129 .digestsize = GHASH_DIGEST_SIZE,
130 .init = ghash_init,
131 .update = ghash_update,
132 .final = ghash_final,
133 .setkey = ghash_setkey,
134 .descsize = sizeof(struct ghash_desc_ctx),
135 .base = {
136 .cra_name = "ghash",
137 .cra_driver_name = "ghash-s390",
138 .cra_priority = CRYPT_S390_PRIORITY,
139 .cra_flags = CRYPTO_ALG_TYPE_SHASH,
140 .cra_blocksize = GHASH_BLOCK_SIZE,
141 .cra_ctxsize = sizeof(struct ghash_ctx),
142 .cra_module = THIS_MODULE,
143 },
144};
145
146static int __init ghash_mod_init(void)
147{
148 if (!crypt_s390_func_available(KIMD_GHASH,
149 CRYPT_S390_MSA | CRYPT_S390_MSA4))
150 return -EOPNOTSUPP;
151
152 return crypto_register_shash(&ghash_alg);
153}
154
155static void __exit ghash_mod_exit(void)
156{
157 crypto_unregister_shash(&ghash_alg);
158}
159
160module_init(ghash_mod_init);
161module_exit(ghash_mod_exit);
162
163MODULE_ALIAS("ghash");
164
165MODULE_LICENSE("GPL");
166MODULE_DESCRIPTION("GHASH Message Digest Algorithm, s390 implementation");
167
