1 /*
2 * Cryptographic API.
3 *
4 * Support for s390 cryptographic instructions.
5 *
6 * Copyright IBM Corp. 2003, 2015
7 * Author(s): Thomas Spatzier
8 * Jan Glauber (jan.glauber@de.ibm.com)
9 * Harald Freudenberger (freude@de.ibm.com)
10 *
11 * This program is free software; you can redistribute it and/or modify it
12 * under the terms of the GNU General Public License as published by the Free
13 * Software Foundation; either version 2 of the License, or (at your option)
14 * any later version.
15 *
16 */
17 #ifndef _CRYPTO_ARCH_S390_CRYPT_S390_H
18 #define _CRYPTO_ARCH_S390_CRYPT_S390_H
19
20 #include <asm/errno.h>
21 #include <asm/facility.h>
22
23 #define CRYPT_S390_OP_MASK 0xFF00
24 #define CRYPT_S390_FUNC_MASK 0x00FF
25
26 #define CRYPT_S390_PRIORITY 300
27 #define CRYPT_S390_COMPOSITE_PRIORITY 400
28
29 #define CRYPT_S390_MSA 0x1
30 #define CRYPT_S390_MSA3 0x2
31 #define CRYPT_S390_MSA4 0x4
32 #define CRYPT_S390_MSA5 0x8
33
34 /* s390 cryptographic operations */
35 enum crypt_s390_operations {
36 CRYPT_S390_KM = 0x0100,
37 CRYPT_S390_KMC = 0x0200,
38 CRYPT_S390_KIMD = 0x0300,
39 CRYPT_S390_KLMD = 0x0400,
40 CRYPT_S390_KMAC = 0x0500,
41 CRYPT_S390_KMCTR = 0x0600,
42 CRYPT_S390_PPNO = 0x0700
43 };
44
45 /*
46 * function codes for KM (CIPHER MESSAGE) instruction
47 * 0x80 is the decipher modifier bit
48 */
49 enum crypt_s390_km_func {
50 KM_QUERY = CRYPT_S390_KM | 0x0,
51 KM_DEA_ENCRYPT = CRYPT_S390_KM | 0x1,
52 KM_DEA_DECRYPT = CRYPT_S390_KM | 0x1 | 0x80,
53 KM_TDEA_128_ENCRYPT = CRYPT_S390_KM | 0x2,
54 KM_TDEA_128_DECRYPT = CRYPT_S390_KM | 0x2 | 0x80,
55 KM_TDEA_192_ENCRYPT = CRYPT_S390_KM | 0x3,
56 KM_TDEA_192_DECRYPT = CRYPT_S390_KM | 0x3 | 0x80,
57 KM_AES_128_ENCRYPT = CRYPT_S390_KM | 0x12,
58 KM_AES_128_DECRYPT = CRYPT_S390_KM | 0x12 | 0x80,
59 KM_AES_192_ENCRYPT = CRYPT_S390_KM | 0x13,
60 KM_AES_192_DECRYPT = CRYPT_S390_KM | 0x13 | 0x80,
61 KM_AES_256_ENCRYPT = CRYPT_S390_KM | 0x14,
62 KM_AES_256_DECRYPT = CRYPT_S390_KM | 0x14 | 0x80,
63 KM_XTS_128_ENCRYPT = CRYPT_S390_KM | 0x32,
64 KM_XTS_128_DECRYPT = CRYPT_S390_KM | 0x32 | 0x80,
65 KM_XTS_256_ENCRYPT = CRYPT_S390_KM | 0x34,
66 KM_XTS_256_DECRYPT = CRYPT_S390_KM | 0x34 | 0x80,
67 };
68
69 /*
70 * function codes for KMC (CIPHER MESSAGE WITH CHAINING)
71 * instruction
72 */
73 enum crypt_s390_kmc_func {
74 KMC_QUERY = CRYPT_S390_KMC | 0x0,
75 KMC_DEA_ENCRYPT = CRYPT_S390_KMC | 0x1,
76 KMC_DEA_DECRYPT = CRYPT_S390_KMC | 0x1 | 0x80,
77 KMC_TDEA_128_ENCRYPT = CRYPT_S390_KMC | 0x2,
78 KMC_TDEA_128_DECRYPT = CRYPT_S390_KMC | 0x2 | 0x80,
79 KMC_TDEA_192_ENCRYPT = CRYPT_S390_KMC | 0x3,
80 KMC_TDEA_192_DECRYPT = CRYPT_S390_KMC | 0x3 | 0x80,
81 KMC_AES_128_ENCRYPT = CRYPT_S390_KMC | 0x12,
82 KMC_AES_128_DECRYPT = CRYPT_S390_KMC | 0x12 | 0x80,
83 KMC_AES_192_ENCRYPT = CRYPT_S390_KMC | 0x13,
84 KMC_AES_192_DECRYPT = CRYPT_S390_KMC | 0x13 | 0x80,
85 KMC_AES_256_ENCRYPT = CRYPT_S390_KMC | 0x14,
86 KMC_AES_256_DECRYPT = CRYPT_S390_KMC | 0x14 | 0x80,
87 KMC_PRNG = CRYPT_S390_KMC | 0x43,
88 };
89
90 /*
91 * function codes for KMCTR (CIPHER MESSAGE WITH COUNTER)
92 * instruction
93 */
94 enum crypt_s390_kmctr_func {
95 KMCTR_QUERY = CRYPT_S390_KMCTR | 0x0,
96 KMCTR_DEA_ENCRYPT = CRYPT_S390_KMCTR | 0x1,
97 KMCTR_DEA_DECRYPT = CRYPT_S390_KMCTR | 0x1 | 0x80,
98 KMCTR_TDEA_128_ENCRYPT = CRYPT_S390_KMCTR | 0x2,
99 KMCTR_TDEA_128_DECRYPT = CRYPT_S390_KMCTR | 0x2 | 0x80,
100 KMCTR_TDEA_192_ENCRYPT = CRYPT_S390_KMCTR | 0x3,
101 KMCTR_TDEA_192_DECRYPT = CRYPT_S390_KMCTR | 0x3 | 0x80,
102 KMCTR_AES_128_ENCRYPT = CRYPT_S390_KMCTR | 0x12,
103 KMCTR_AES_128_DECRYPT = CRYPT_S390_KMCTR | 0x12 | 0x80,
104 KMCTR_AES_192_ENCRYPT = CRYPT_S390_KMCTR | 0x13,
105 KMCTR_AES_192_DECRYPT = CRYPT_S390_KMCTR | 0x13 | 0x80,
106 KMCTR_AES_256_ENCRYPT = CRYPT_S390_KMCTR | 0x14,
107 KMCTR_AES_256_DECRYPT = CRYPT_S390_KMCTR | 0x14 | 0x80,
108 };
109
110 /*
111 * function codes for KIMD (COMPUTE INTERMEDIATE MESSAGE DIGEST)
112 * instruction
113 */
114 enum crypt_s390_kimd_func {
115 KIMD_QUERY = CRYPT_S390_KIMD | 0,
116 KIMD_SHA_1 = CRYPT_S390_KIMD | 1,
117 KIMD_SHA_256 = CRYPT_S390_KIMD | 2,
118 KIMD_SHA_512 = CRYPT_S390_KIMD | 3,
119 KIMD_GHASH = CRYPT_S390_KIMD | 65,
120 };
121
122 /*
123 * function codes for KLMD (COMPUTE LAST MESSAGE DIGEST)
124 * instruction
125 */
126 enum crypt_s390_klmd_func {
127 KLMD_QUERY = CRYPT_S390_KLMD | 0,
128 KLMD_SHA_1 = CRYPT_S390_KLMD | 1,
129 KLMD_SHA_256 = CRYPT_S390_KLMD | 2,
130 KLMD_SHA_512 = CRYPT_S390_KLMD | 3,
131 };
132
133 /*
134 * function codes for KMAC (COMPUTE MESSAGE AUTHENTICATION CODE)
135 * instruction
136 */
137 enum crypt_s390_kmac_func {
138 KMAC_QUERY = CRYPT_S390_KMAC | 0,
139 KMAC_DEA = CRYPT_S390_KMAC | 1,
140 KMAC_TDEA_128 = CRYPT_S390_KMAC | 2,
141 KMAC_TDEA_192 = CRYPT_S390_KMAC | 3
142 };
143
144 /*
145 * function codes for PPNO (PERFORM PSEUDORANDOM NUMBER
146 * OPERATION) instruction
147 */
148 enum crypt_s390_ppno_func {
149 PPNO_QUERY = CRYPT_S390_PPNO | 0,
150 PPNO_SHA512_DRNG_GEN = CRYPT_S390_PPNO | 3,
151 PPNO_SHA512_DRNG_SEED = CRYPT_S390_PPNO | 0x83
152 };
153
154 /**
155 * crypt_s390_km:
156 * @func: the function code passed to KM; see crypt_s390_km_func
157 * @param: address of parameter block; see POP for details on each func
158 * @dest: address of destination memory area
159 * @src: address of source memory area
160 * @src_len: length of src operand in bytes
161 *
162 * Executes the KM (CIPHER MESSAGE) operation of the CPU.
163 *
164 * Returns -1 for failure, 0 for the query func, number of processed
165 * bytes for encryption/decryption funcs
166 */
crypt_s390_km(long func,void * param,u8 * dest,const u8 * src,long src_len)167 static inline int crypt_s390_km(long func, void *param,
168 u8 *dest, const u8 *src, long src_len)
169 {
170 register long __func asm("0") = func & CRYPT_S390_FUNC_MASK;
171 register void *__param asm("1") = param;
172 register const u8 *__src asm("2") = src;
173 register long __src_len asm("3") = src_len;
174 register u8 *__dest asm("4") = dest;
175 int ret;
176
177 asm volatile(
178 "0: .insn rre,0xb92e0000,%3,%1\n" /* KM opcode */
179 "1: brc 1,0b\n" /* handle partial completion */
180 " la %0,0\n"
181 "2:\n"
182 EX_TABLE(0b, 2b) EX_TABLE(1b, 2b)
183 : "=d" (ret), "+a" (__src), "+d" (__src_len), "+a" (__dest)
184 : "d" (__func), "a" (__param), "0" (-1) : "cc", "memory");
185 if (ret < 0)
186 return ret;
187 return (func & CRYPT_S390_FUNC_MASK) ? src_len - __src_len : __src_len;
188 }
189
190 /**
191 * crypt_s390_kmc:
192 * @func: the function code passed to KM; see crypt_s390_kmc_func
193 * @param: address of parameter block; see POP for details on each func
194 * @dest: address of destination memory area
195 * @src: address of source memory area
196 * @src_len: length of src operand in bytes
197 *
198 * Executes the KMC (CIPHER MESSAGE WITH CHAINING) operation of the CPU.
199 *
200 * Returns -1 for failure, 0 for the query func, number of processed
201 * bytes for encryption/decryption funcs
202 */
crypt_s390_kmc(long func,void * param,u8 * dest,const u8 * src,long src_len)203 static inline int crypt_s390_kmc(long func, void *param,
204 u8 *dest, const u8 *src, long src_len)
205 {
206 register long __func asm("0") = func & CRYPT_S390_FUNC_MASK;
207 register void *__param asm("1") = param;
208 register const u8 *__src asm("2") = src;
209 register long __src_len asm("3") = src_len;
210 register u8 *__dest asm("4") = dest;
211 int ret;
212
213 asm volatile(
214 "0: .insn rre,0xb92f0000,%3,%1\n" /* KMC opcode */
215 "1: brc 1,0b\n" /* handle partial completion */
216 " la %0,0\n"
217 "2:\n"
218 EX_TABLE(0b, 2b) EX_TABLE(1b, 2b)
219 : "=d" (ret), "+a" (__src), "+d" (__src_len), "+a" (__dest)
220 : "d" (__func), "a" (__param), "0" (-1) : "cc", "memory");
221 if (ret < 0)
222 return ret;
223 return (func & CRYPT_S390_FUNC_MASK) ? src_len - __src_len : __src_len;
224 }
225
226 /**
227 * crypt_s390_kimd:
228 * @func: the function code passed to KM; see crypt_s390_kimd_func
229 * @param: address of parameter block; see POP for details on each func
230 * @src: address of source memory area
231 * @src_len: length of src operand in bytes
232 *
233 * Executes the KIMD (COMPUTE INTERMEDIATE MESSAGE DIGEST) operation
234 * of the CPU.
235 *
236 * Returns -1 for failure, 0 for the query func, number of processed
237 * bytes for digest funcs
238 */
crypt_s390_kimd(long func,void * param,const u8 * src,long src_len)239 static inline int crypt_s390_kimd(long func, void *param,
240 const u8 *src, long src_len)
241 {
242 register long __func asm("0") = func & CRYPT_S390_FUNC_MASK;
243 register void *__param asm("1") = param;
244 register const u8 *__src asm("2") = src;
245 register long __src_len asm("3") = src_len;
246 int ret;
247
248 asm volatile(
249 "0: .insn rre,0xb93e0000,%1,%1\n" /* KIMD opcode */
250 "1: brc 1,0b\n" /* handle partial completion */
251 " la %0,0\n"
252 "2:\n"
253 EX_TABLE(0b, 2b) EX_TABLE(1b, 2b)
254 : "=d" (ret), "+a" (__src), "+d" (__src_len)
255 : "d" (__func), "a" (__param), "0" (-1) : "cc", "memory");
256 if (ret < 0)
257 return ret;
258 return (func & CRYPT_S390_FUNC_MASK) ? src_len - __src_len : __src_len;
259 }
260
261 /**
262 * crypt_s390_klmd:
263 * @func: the function code passed to KM; see crypt_s390_klmd_func
264 * @param: address of parameter block; see POP for details on each func
265 * @src: address of source memory area
266 * @src_len: length of src operand in bytes
267 *
268 * Executes the KLMD (COMPUTE LAST MESSAGE DIGEST) operation of the CPU.
269 *
270 * Returns -1 for failure, 0 for the query func, number of processed
271 * bytes for digest funcs
272 */
crypt_s390_klmd(long func,void * param,const u8 * src,long src_len)273 static inline int crypt_s390_klmd(long func, void *param,
274 const u8 *src, long src_len)
275 {
276 register long __func asm("0") = func & CRYPT_S390_FUNC_MASK;
277 register void *__param asm("1") = param;
278 register const u8 *__src asm("2") = src;
279 register long __src_len asm("3") = src_len;
280 int ret;
281
282 asm volatile(
283 "0: .insn rre,0xb93f0000,%1,%1\n" /* KLMD opcode */
284 "1: brc 1,0b\n" /* handle partial completion */
285 " la %0,0\n"
286 "2:\n"
287 EX_TABLE(0b, 2b) EX_TABLE(1b, 2b)
288 : "=d" (ret), "+a" (__src), "+d" (__src_len)
289 : "d" (__func), "a" (__param), "0" (-1) : "cc", "memory");
290 if (ret < 0)
291 return ret;
292 return (func & CRYPT_S390_FUNC_MASK) ? src_len - __src_len : __src_len;
293 }
294
295 /**
296 * crypt_s390_kmac:
297 * @func: the function code passed to KM; see crypt_s390_klmd_func
298 * @param: address of parameter block; see POP for details on each func
299 * @src: address of source memory area
300 * @src_len: length of src operand in bytes
301 *
302 * Executes the KMAC (COMPUTE MESSAGE AUTHENTICATION CODE) operation
303 * of the CPU.
304 *
305 * Returns -1 for failure, 0 for the query func, number of processed
306 * bytes for digest funcs
307 */
crypt_s390_kmac(long func,void * param,const u8 * src,long src_len)308 static inline int crypt_s390_kmac(long func, void *param,
309 const u8 *src, long src_len)
310 {
311 register long __func asm("0") = func & CRYPT_S390_FUNC_MASK;
312 register void *__param asm("1") = param;
313 register const u8 *__src asm("2") = src;
314 register long __src_len asm("3") = src_len;
315 int ret;
316
317 asm volatile(
318 "0: .insn rre,0xb91e0000,%1,%1\n" /* KLAC opcode */
319 "1: brc 1,0b\n" /* handle partial completion */
320 " la %0,0\n"
321 "2:\n"
322 EX_TABLE(0b, 2b) EX_TABLE(1b, 2b)
323 : "=d" (ret), "+a" (__src), "+d" (__src_len)
324 : "d" (__func), "a" (__param), "0" (-1) : "cc", "memory");
325 if (ret < 0)
326 return ret;
327 return (func & CRYPT_S390_FUNC_MASK) ? src_len - __src_len : __src_len;
328 }
329
330 /**
331 * crypt_s390_kmctr:
332 * @func: the function code passed to KMCTR; see crypt_s390_kmctr_func
333 * @param: address of parameter block; see POP for details on each func
334 * @dest: address of destination memory area
335 * @src: address of source memory area
336 * @src_len: length of src operand in bytes
337 * @counter: address of counter value
338 *
339 * Executes the KMCTR (CIPHER MESSAGE WITH COUNTER) operation of the CPU.
340 *
341 * Returns -1 for failure, 0 for the query func, number of processed
342 * bytes for encryption/decryption funcs
343 */
crypt_s390_kmctr(long func,void * param,u8 * dest,const u8 * src,long src_len,u8 * counter)344 static inline int crypt_s390_kmctr(long func, void *param, u8 *dest,
345 const u8 *src, long src_len, u8 *counter)
346 {
347 register long __func asm("0") = func & CRYPT_S390_FUNC_MASK;
348 register void *__param asm("1") = param;
349 register const u8 *__src asm("2") = src;
350 register long __src_len asm("3") = src_len;
351 register u8 *__dest asm("4") = dest;
352 register u8 *__ctr asm("6") = counter;
353 int ret = -1;
354
355 asm volatile(
356 "0: .insn rrf,0xb92d0000,%3,%1,%4,0\n" /* KMCTR opcode */
357 "1: brc 1,0b\n" /* handle partial completion */
358 " la %0,0\n"
359 "2:\n"
360 EX_TABLE(0b, 2b) EX_TABLE(1b, 2b)
361 : "+d" (ret), "+a" (__src), "+d" (__src_len), "+a" (__dest),
362 "+a" (__ctr)
363 : "d" (__func), "a" (__param) : "cc", "memory");
364 if (ret < 0)
365 return ret;
366 return (func & CRYPT_S390_FUNC_MASK) ? src_len - __src_len : __src_len;
367 }
368
369 /**
370 * crypt_s390_ppno:
371 * @func: the function code passed to PPNO; see crypt_s390_ppno_func
372 * @param: address of parameter block; see POP for details on each func
373 * @dest: address of destination memory area
374 * @dest_len: size of destination memory area in bytes
375 * @seed: address of seed data
376 * @seed_len: size of seed data in bytes
377 *
378 * Executes the PPNO (PERFORM PSEUDORANDOM NUMBER OPERATION)
379 * operation of the CPU.
380 *
381 * Returns -1 for failure, 0 for the query func, number of random
382 * bytes stored in dest buffer for generate function
383 */
crypt_s390_ppno(long func,void * param,u8 * dest,long dest_len,const u8 * seed,long seed_len)384 static inline int crypt_s390_ppno(long func, void *param,
385 u8 *dest, long dest_len,
386 const u8 *seed, long seed_len)
387 {
388 register long __func asm("0") = func & CRYPT_S390_FUNC_MASK;
389 register void *__param asm("1") = param; /* param block (240 bytes) */
390 register u8 *__dest asm("2") = dest; /* buf for recv random bytes */
391 register long __dest_len asm("3") = dest_len; /* requested random bytes */
392 register const u8 *__seed asm("4") = seed; /* buf with seed data */
393 register long __seed_len asm("5") = seed_len; /* bytes in seed buf */
394 int ret = -1;
395
396 asm volatile (
397 "0: .insn rre,0xb93c0000,%1,%5\n" /* PPNO opcode */
398 "1: brc 1,0b\n" /* handle partial completion */
399 " la %0,0\n"
400 "2:\n"
401 EX_TABLE(0b, 2b) EX_TABLE(1b, 2b)
402 : "+d" (ret), "+a"(__dest), "+d"(__dest_len)
403 : "d"(__func), "a"(__param), "a"(__seed), "d"(__seed_len)
404 : "cc", "memory");
405 if (ret < 0)
406 return ret;
407 return (func & CRYPT_S390_FUNC_MASK) ? dest_len - __dest_len : 0;
408 }
409
410 /**
411 * crypt_s390_func_available:
412 * @func: the function code of the specific function; 0 if op in general
413 *
414 * Tests if a specific crypto function is implemented on the machine.
415 *
416 * Returns 1 if func available; 0 if func or op in general not available
417 */
crypt_s390_func_available(int func,unsigned int facility_mask)418 static inline int crypt_s390_func_available(int func,
419 unsigned int facility_mask)
420 {
421 unsigned char status[16];
422 int ret;
423
424 if (facility_mask & CRYPT_S390_MSA && !test_facility(17))
425 return 0;
426 if (facility_mask & CRYPT_S390_MSA3 && !test_facility(76))
427 return 0;
428 if (facility_mask & CRYPT_S390_MSA4 && !test_facility(77))
429 return 0;
430 if (facility_mask & CRYPT_S390_MSA5 && !test_facility(57))
431 return 0;
432
433 switch (func & CRYPT_S390_OP_MASK) {
434 case CRYPT_S390_KM:
435 ret = crypt_s390_km(KM_QUERY, &status, NULL, NULL, 0);
436 break;
437 case CRYPT_S390_KMC:
438 ret = crypt_s390_kmc(KMC_QUERY, &status, NULL, NULL, 0);
439 break;
440 case CRYPT_S390_KIMD:
441 ret = crypt_s390_kimd(KIMD_QUERY, &status, NULL, 0);
442 break;
443 case CRYPT_S390_KLMD:
444 ret = crypt_s390_klmd(KLMD_QUERY, &status, NULL, 0);
445 break;
446 case CRYPT_S390_KMAC:
447 ret = crypt_s390_kmac(KMAC_QUERY, &status, NULL, 0);
448 break;
449 case CRYPT_S390_KMCTR:
450 ret = crypt_s390_kmctr(KMCTR_QUERY, &status,
451 NULL, NULL, 0, NULL);
452 break;
453 case CRYPT_S390_PPNO:
454 ret = crypt_s390_ppno(PPNO_QUERY, &status,
455 NULL, 0, NULL, 0);
456 break;
457 default:
458 return 0;
459 }
460 if (ret < 0)
461 return 0;
462 func &= CRYPT_S390_FUNC_MASK;
463 func &= 0x7f; /* mask modifier bit */
464 return (status[func >> 3] & (0x80 >> (func & 7))) != 0;
465 }
466
467 /**
468 * crypt_s390_pcc:
469 * @func: the function code passed to KM; see crypt_s390_km_func
470 * @param: address of parameter block; see POP for details on each func
471 *
472 * Executes the PCC (PERFORM CRYPTOGRAPHIC COMPUTATION) operation of the CPU.
473 *
474 * Returns -1 for failure, 0 for success.
475 */
crypt_s390_pcc(long func,void * param)476 static inline int crypt_s390_pcc(long func, void *param)
477 {
478 register long __func asm("0") = func & 0x7f; /* encrypt or decrypt */
479 register void *__param asm("1") = param;
480 int ret = -1;
481
482 asm volatile(
483 "0: .insn rre,0xb92c0000,0,0\n" /* PCC opcode */
484 "1: brc 1,0b\n" /* handle partial completion */
485 " la %0,0\n"
486 "2:\n"
487 EX_TABLE(0b, 2b) EX_TABLE(1b, 2b)
488 : "+d" (ret)
489 : "d" (__func), "a" (__param) : "cc", "memory");
490 return ret;
491 }
492
493 #endif /* _CRYPTO_ARCH_S390_CRYPT_S390_H */
494