From 604973f1fe41b817c1badb3df2008fe641e50ae6 Mon Sep 17 00:00:00 2001 From: Jan Glauber Date: Thu, 6 Mar 2008 19:50:20 +0800 Subject: [CRYPTO] s390: Generic sha_update and sha_final The sha_{update|final} functions are similar for every sha variant. Since that is error-prone and redundant replace these functions by a shared generic implementation for s390. Signed-off-by: Jan Glauber Signed-off-by: Herbert Xu --- arch/s390/crypto/Makefile | 4 +- arch/s390/crypto/sha.h | 34 ++++++++++++++++ arch/s390/crypto/sha1_s390.c | 91 +++--------------------------------------- arch/s390/crypto/sha256_s390.c | 90 +++-------------------------------------- arch/s390/crypto/sha_common.c | 90 +++++++++++++++++++++++++++++++++++++++++ 5 files changed, 138 insertions(+), 171 deletions(-) create mode 100644 arch/s390/crypto/sha.h create mode 100644 arch/s390/crypto/sha_common.c (limited to 'arch/s390') diff --git a/arch/s390/crypto/Makefile b/arch/s390/crypto/Makefile index 14e552c5cc43..5f1a5f89cc9e 100644 --- a/arch/s390/crypto/Makefile +++ b/arch/s390/crypto/Makefile @@ -2,8 +2,8 @@ # Cryptographic API # -obj-$(CONFIG_CRYPTO_SHA1_S390) += sha1_s390.o -obj-$(CONFIG_CRYPTO_SHA256_S390) += sha256_s390.o +obj-$(CONFIG_CRYPTO_SHA1_S390) += sha1_s390.o sha_common.o +obj-$(CONFIG_CRYPTO_SHA256_S390) += sha256_s390.o sha_common.o obj-$(CONFIG_CRYPTO_DES_S390) += des_s390.o des_check_key.o obj-$(CONFIG_CRYPTO_AES_S390) += aes_s390.o obj-$(CONFIG_S390_PRNG) += prng.o diff --git a/arch/s390/crypto/sha.h b/arch/s390/crypto/sha.h new file mode 100644 index 000000000000..b7a52ab5db97 --- /dev/null +++ b/arch/s390/crypto/sha.h @@ -0,0 +1,34 @@ +/* + * Cryptographic API. + * + * s390 generic implementation of the SHA Secure Hash Algorithms. + * + * Copyright IBM Corp. 2007 + * Author(s): Jan Glauber (jang@de.ibm.com) + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + * + */ +#ifndef _CRYPTO_ARCH_S390_SHA_H +#define _CRYPTO_ARCH_S390_SHA_H + +#include +#include + +/* must be big enough for the largest SHA variant */ +#define SHA_MAX_BLOCK_SIZE SHA256_BLOCK_SIZE + +struct s390_sha_ctx { + u64 count; /* message length in bytes */ + u32 state[8]; + u8 buf[2 * SHA_MAX_BLOCK_SIZE]; + int func; /* KIMD function to use */ +}; + +void s390_sha_update(struct crypto_tfm *tfm, const u8 *data, unsigned int len); +void s390_sha_final(struct crypto_tfm *tfm, u8 *out); + +#endif diff --git a/arch/s390/crypto/sha1_s390.c b/arch/s390/crypto/sha1_s390.c index 9cf9eca22747..b3cb5a89b00d 100644 --- a/arch/s390/crypto/sha1_s390.c +++ b/arch/s390/crypto/sha1_s390.c @@ -29,16 +29,11 @@ #include #include "crypt_s390.h" - -struct s390_sha1_ctx { - u64 count; /* message length */ - u32 state[5]; - u8 buf[2 * SHA1_BLOCK_SIZE]; -}; +#include "sha.h" static void sha1_init(struct crypto_tfm *tfm) { - struct s390_sha1_ctx *sctx = crypto_tfm_ctx(tfm); + struct s390_sha_ctx *sctx = crypto_tfm_ctx(tfm); sctx->state[0] = SHA1_H0; sctx->state[1] = SHA1_H1; @@ -46,79 +41,7 @@ static void sha1_init(struct crypto_tfm *tfm) sctx->state[3] = SHA1_H3; sctx->state[4] = SHA1_H4; sctx->count = 0; -} - -static void sha1_update(struct crypto_tfm *tfm, const u8 *data, - unsigned int len) -{ - struct s390_sha1_ctx *sctx = crypto_tfm_ctx(tfm); - unsigned int index; - int ret; - - /* how much is already in the buffer? */ - index = sctx->count & 0x3f; - - sctx->count += len; - - if (index + len < SHA1_BLOCK_SIZE) - goto store; - - /* process one stored block */ - if (index) { - memcpy(sctx->buf + index, data, SHA1_BLOCK_SIZE - index); - ret = crypt_s390_kimd(KIMD_SHA_1, sctx->state, sctx->buf, - SHA1_BLOCK_SIZE); - BUG_ON(ret != SHA1_BLOCK_SIZE); - data += SHA1_BLOCK_SIZE - index; - len -= SHA1_BLOCK_SIZE - index; - } - - /* process as many blocks as possible */ - if (len >= SHA1_BLOCK_SIZE) { - ret = crypt_s390_kimd(KIMD_SHA_1, sctx->state, data, - len & ~(SHA1_BLOCK_SIZE - 1)); - BUG_ON(ret != (len & ~(SHA1_BLOCK_SIZE - 1))); - data += ret; - len -= ret; - } - -store: - /* anything left? */ - if (len) - memcpy(sctx->buf + index , data, len); -} - -/* Add padding and return the message digest. */ -static void sha1_final(struct crypto_tfm *tfm, u8 *out) -{ - struct s390_sha1_ctx *sctx = crypto_tfm_ctx(tfm); - u64 bits; - unsigned int index, end; - int ret; - - /* must perform manual padding */ - index = sctx->count & 0x3f; - end = (index < 56) ? SHA1_BLOCK_SIZE : (2 * SHA1_BLOCK_SIZE); - - /* start pad with 1 */ - sctx->buf[index] = 0x80; - - /* pad with zeros */ - index++; - memset(sctx->buf + index, 0x00, end - index - 8); - - /* append message length */ - bits = sctx->count * 8; - memcpy(sctx->buf + end - 8, &bits, sizeof(bits)); - - ret = crypt_s390_kimd(KIMD_SHA_1, sctx->state, sctx->buf, end); - BUG_ON(ret != end); - - /* copy digest to out */ - memcpy(out, sctx->state, SHA1_DIGEST_SIZE); - - /* wipe context */ - memset(sctx, 0, sizeof *sctx); + sctx->func = KIMD_SHA_1; } static struct crypto_alg alg = { @@ -127,21 +50,20 @@ static struct crypto_alg alg = { .cra_priority = CRYPT_S390_PRIORITY, .cra_flags = CRYPTO_ALG_TYPE_DIGEST, .cra_blocksize = SHA1_BLOCK_SIZE, - .cra_ctxsize = sizeof(struct s390_sha1_ctx), + .cra_ctxsize = sizeof(struct s390_sha_ctx), .cra_module = THIS_MODULE, .cra_list = LIST_HEAD_INIT(alg.cra_list), .cra_u = { .digest = { .dia_digestsize = SHA1_DIGEST_SIZE, .dia_init = sha1_init, - .dia_update = sha1_update, - .dia_final = sha1_final } } + .dia_update = s390_sha_update, + .dia_final = s390_sha_final } } }; static int __init sha1_s390_init(void) { if (!crypt_s390_func_available(KIMD_SHA_1)) return -EOPNOTSUPP; - return crypto_register_alg(&alg); } @@ -154,6 +76,5 @@ module_init(sha1_s390_init); module_exit(sha1_s390_fini); MODULE_ALIAS("sha1"); - MODULE_LICENSE("GPL"); MODULE_DESCRIPTION("SHA1 Secure Hash Algorithm"); diff --git a/arch/s390/crypto/sha256_s390.c b/arch/s390/crypto/sha256_s390.c index 2a3d756b35d4..19c03fb6ba7e 100644 --- a/arch/s390/crypto/sha256_s390.c +++ b/arch/s390/crypto/sha256_s390.c @@ -22,16 +22,11 @@ #include #include "crypt_s390.h" - -struct s390_sha256_ctx { - u64 count; /* message length */ - u32 state[8]; - u8 buf[2 * SHA256_BLOCK_SIZE]; -}; +#include "sha.h" static void sha256_init(struct crypto_tfm *tfm) { - struct s390_sha256_ctx *sctx = crypto_tfm_ctx(tfm); + struct s390_sha_ctx *sctx = crypto_tfm_ctx(tfm); sctx->state[0] = SHA256_H0; sctx->state[1] = SHA256_H1; @@ -42,79 +37,7 @@ static void sha256_init(struct crypto_tfm *tfm) sctx->state[6] = SHA256_H6; sctx->state[7] = SHA256_H7; sctx->count = 0; -} - -static void sha256_update(struct crypto_tfm *tfm, const u8 *data, - unsigned int len) -{ - struct s390_sha256_ctx *sctx = crypto_tfm_ctx(tfm); - unsigned int index; - int ret; - - /* how much is already in the buffer? */ - index = sctx->count & 0x3f; - - sctx->count += len; - - if ((index + len) < SHA256_BLOCK_SIZE) - goto store; - - /* process one stored block */ - if (index) { - memcpy(sctx->buf + index, data, SHA256_BLOCK_SIZE - index); - ret = crypt_s390_kimd(KIMD_SHA_256, sctx->state, sctx->buf, - SHA256_BLOCK_SIZE); - BUG_ON(ret != SHA256_BLOCK_SIZE); - data += SHA256_BLOCK_SIZE - index; - len -= SHA256_BLOCK_SIZE - index; - } - - /* process as many blocks as possible */ - if (len >= SHA256_BLOCK_SIZE) { - ret = crypt_s390_kimd(KIMD_SHA_256, sctx->state, data, - len & ~(SHA256_BLOCK_SIZE - 1)); - BUG_ON(ret != (len & ~(SHA256_BLOCK_SIZE - 1))); - data += ret; - len -= ret; - } - -store: - /* anything left? */ - if (len) - memcpy(sctx->buf + index , data, len); -} - -/* Add padding and return the message digest */ -static void sha256_final(struct crypto_tfm *tfm, u8 *out) -{ - struct s390_sha256_ctx *sctx = crypto_tfm_ctx(tfm); - u64 bits; - unsigned int index, end; - int ret; - - /* must perform manual padding */ - index = sctx->count & 0x3f; - end = (index < 56) ? SHA256_BLOCK_SIZE : (2 * SHA256_BLOCK_SIZE); - - /* start pad with 1 */ - sctx->buf[index] = 0x80; - - /* pad with zeros */ - index++; - memset(sctx->buf + index, 0x00, end - index - 8); - - /* append message length */ - bits = sctx->count * 8; - memcpy(sctx->buf + end - 8, &bits, sizeof(bits)); - - ret = crypt_s390_kimd(KIMD_SHA_256, sctx->state, sctx->buf, end); - BUG_ON(ret != end); - - /* copy digest to out */ - memcpy(out, sctx->state, SHA256_DIGEST_SIZE); - - /* wipe context */ - memset(sctx, 0, sizeof *sctx); + sctx->func = KIMD_SHA_256; } static struct crypto_alg alg = { @@ -123,14 +46,14 @@ static struct crypto_alg alg = { .cra_priority = CRYPT_S390_PRIORITY, .cra_flags = CRYPTO_ALG_TYPE_DIGEST, .cra_blocksize = SHA256_BLOCK_SIZE, - .cra_ctxsize = sizeof(struct s390_sha256_ctx), + .cra_ctxsize = sizeof(struct s390_sha_ctx), .cra_module = THIS_MODULE, .cra_list = LIST_HEAD_INIT(alg.cra_list), .cra_u = { .digest = { .dia_digestsize = SHA256_DIGEST_SIZE, .dia_init = sha256_init, - .dia_update = sha256_update, - .dia_final = sha256_final } } + .dia_update = s390_sha_update, + .dia_final = s390_sha_final } } }; static int sha256_s390_init(void) @@ -150,6 +73,5 @@ module_init(sha256_s390_init); module_exit(sha256_s390_fini); MODULE_ALIAS("sha256"); - MODULE_LICENSE("GPL"); MODULE_DESCRIPTION("SHA256 Secure Hash Algorithm"); diff --git a/arch/s390/crypto/sha_common.c b/arch/s390/crypto/sha_common.c new file mode 100644 index 000000000000..80b6f2ba005e --- /dev/null +++ b/arch/s390/crypto/sha_common.c @@ -0,0 +1,90 @@ +/* + * Cryptographic API. + * + * s390 generic implementation of the SHA Secure Hash Algorithms. + * + * Copyright IBM Corp. 2007 + * Author(s): Jan Glauber (jang@de.ibm.com) + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + * + */ + +#include +#include "sha.h" +#include "crypt_s390.h" + +void s390_sha_update(struct crypto_tfm *tfm, const u8 *data, unsigned int len) +{ + struct s390_sha_ctx *ctx = crypto_tfm_ctx(tfm); + unsigned int bsize = crypto_tfm_alg_blocksize(tfm); + unsigned int index; + int ret; + + /* how much is already in the buffer? */ + index = ctx->count & (bsize - 1); + ctx->count += len; + + if ((index + len) < bsize) + goto store; + + /* process one stored block */ + if (index) { + memcpy(ctx->buf + index, data, bsize - index); + ret = crypt_s390_kimd(ctx->func, ctx->state, ctx->buf, bsize); + BUG_ON(ret != bsize); + data += bsize - index; + len -= bsize - index; + } + + /* process as many blocks as possible */ + if (len >= bsize) { + ret = crypt_s390_kimd(ctx->func, ctx->state, data, + len & ~(bsize - 1)); + BUG_ON(ret != (len & ~(bsize - 1))); + data += ret; + len -= ret; + } +store: + if (len) + memcpy(ctx->buf + index , data, len); +} +EXPORT_SYMBOL_GPL(s390_sha_update); + +void s390_sha_final(struct crypto_tfm *tfm, u8 *out) +{ + struct s390_sha_ctx *ctx = crypto_tfm_ctx(tfm); + unsigned int bsize = crypto_tfm_alg_blocksize(tfm); + u64 bits; + unsigned int index, end; + int ret; + + /* must perform manual padding */ + index = ctx->count & (bsize - 1); + end = (index < bsize - 8) ? bsize : (2 * bsize); + + /* start pad with 1 */ + ctx->buf[index] = 0x80; + index++; + + /* pad with zeros */ + memset(ctx->buf + index, 0x00, end - index - 8); + + bits = ctx->count * 8; + memcpy(ctx->buf + end - 8, &bits, sizeof(bits)); + + ret = crypt_s390_kimd(ctx->func, ctx->state, ctx->buf, end); + BUG_ON(ret != end); + + /* copy digest to out */ + memcpy(out, ctx->state, crypto_hash_digestsize(crypto_hash_cast(tfm))); + /* wipe context */ + memset(ctx, 0, sizeof *ctx); +} +EXPORT_SYMBOL_GPL(s390_sha_final); + +MODULE_LICENSE("GPL"); +MODULE_DESCRIPTION("s390 SHA cipher common functions"); -- cgit v1.2.3-59-g8ed1b From 291dc7c0996b09a7c58b2cf6e9cc3495123a607e Mon Sep 17 00:00:00 2001 From: Jan Glauber Date: Thu, 6 Mar 2008 19:52:00 +0800 Subject: [CRYPTO] sha512: Hardware acceleration for s390 Exploit the System z10 hardware acceleration for SHA512. Signed-off-by: Jan Glauber Signed-off-by: Herbert Xu --- arch/s390/crypto/Makefile | 1 + arch/s390/crypto/crypt_s390.h | 2 ++ arch/s390/crypto/sha.h | 5 +-- arch/s390/crypto/sha512_s390.c | 71 ++++++++++++++++++++++++++++++++++++++++++ arch/s390/crypto/sha_common.c | 11 +++++-- drivers/crypto/Kconfig | 11 +++++++ 6 files changed, 97 insertions(+), 4 deletions(-) create mode 100644 arch/s390/crypto/sha512_s390.c (limited to 'arch/s390') diff --git a/arch/s390/crypto/Makefile b/arch/s390/crypto/Makefile index 5f1a5f89cc9e..6a1157fa4f98 100644 --- a/arch/s390/crypto/Makefile +++ b/arch/s390/crypto/Makefile @@ -4,6 +4,7 @@ obj-$(CONFIG_CRYPTO_SHA1_S390) += sha1_s390.o sha_common.o obj-$(CONFIG_CRYPTO_SHA256_S390) += sha256_s390.o sha_common.o +obj-$(CONFIG_CRYPTO_SHA512_S390) += sha512_s390.o sha_common.o obj-$(CONFIG_CRYPTO_DES_S390) += des_s390.o des_check_key.o obj-$(CONFIG_CRYPTO_AES_S390) += aes_s390.o obj-$(CONFIG_S390_PRNG) += prng.o diff --git a/arch/s390/crypto/crypt_s390.h b/arch/s390/crypto/crypt_s390.h index 95f5160df27f..9992f95ef992 100644 --- a/arch/s390/crypto/crypt_s390.h +++ b/arch/s390/crypto/crypt_s390.h @@ -82,6 +82,7 @@ enum crypt_s390_kimd_func { KIMD_QUERY = CRYPT_S390_KIMD | 0, KIMD_SHA_1 = CRYPT_S390_KIMD | 1, KIMD_SHA_256 = CRYPT_S390_KIMD | 2, + KIMD_SHA_512 = CRYPT_S390_KIMD | 3, }; /* @@ -92,6 +93,7 @@ enum crypt_s390_klmd_func { KLMD_QUERY = CRYPT_S390_KLMD | 0, KLMD_SHA_1 = CRYPT_S390_KLMD | 1, KLMD_SHA_256 = CRYPT_S390_KLMD | 2, + KLMD_SHA_512 = CRYPT_S390_KLMD | 3, }; /* diff --git a/arch/s390/crypto/sha.h b/arch/s390/crypto/sha.h index b7a52ab5db97..1ceafa571eab 100644 --- a/arch/s390/crypto/sha.h +++ b/arch/s390/crypto/sha.h @@ -19,11 +19,12 @@ #include /* must be big enough for the largest SHA variant */ -#define SHA_MAX_BLOCK_SIZE SHA256_BLOCK_SIZE +#define SHA_MAX_STATE_SIZE 16 +#define SHA_MAX_BLOCK_SIZE SHA512_BLOCK_SIZE struct s390_sha_ctx { u64 count; /* message length in bytes */ - u32 state[8]; + u32 state[SHA_MAX_STATE_SIZE]; u8 buf[2 * SHA_MAX_BLOCK_SIZE]; int func; /* KIMD function to use */ }; diff --git a/arch/s390/crypto/sha512_s390.c b/arch/s390/crypto/sha512_s390.c new file mode 100644 index 000000000000..4d651bbce0f4 --- /dev/null +++ b/arch/s390/crypto/sha512_s390.c @@ -0,0 +1,71 @@ +/* + * Cryptographic API. + * + * s390 implementation of the SHA512 Secure Hash Algorithm. + * + * Copyright IBM Corp. 2007 + * Author(s): Jan Glauber (jang@de.ibm.com) + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + * + */ +#include +#include +#include + +#include "sha.h" +#include "crypt_s390.h" + +static void sha512_init(struct crypto_tfm *tfm) +{ + struct s390_sha_ctx *ctx = crypto_tfm_ctx(tfm); + + *(__u64 *)&ctx->state[0] = 0x6a09e667f3bcc908ULL; + *(__u64 *)&ctx->state[2] = 0xbb67ae8584caa73bULL; + *(__u64 *)&ctx->state[4] = 0x3c6ef372fe94f82bULL; + *(__u64 *)&ctx->state[6] = 0xa54ff53a5f1d36f1ULL; + *(__u64 *)&ctx->state[8] = 0x510e527fade682d1ULL; + *(__u64 *)&ctx->state[10] = 0x9b05688c2b3e6c1fULL; + *(__u64 *)&ctx->state[12] = 0x1f83d9abfb41bd6bULL; + *(__u64 *)&ctx->state[14] = 0x5be0cd19137e2179ULL; + ctx->count = 0; + ctx->func = KIMD_SHA_512; +} + +static struct crypto_alg alg = { + .cra_name = "sha512", + .cra_driver_name = "sha512-s390", + .cra_priority = CRYPT_S390_PRIORITY, + .cra_flags = CRYPTO_ALG_TYPE_DIGEST, + .cra_blocksize = SHA512_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct s390_sha_ctx), + .cra_module = THIS_MODULE, + .cra_list = LIST_HEAD_INIT(alg.cra_list), + .cra_u = { .digest = { + .dia_digestsize = SHA512_DIGEST_SIZE, + .dia_init = sha512_init, + .dia_update = s390_sha_update, + .dia_final = s390_sha_final } } +}; + +static int __init init(void) +{ + if (!crypt_s390_func_available(KIMD_SHA_512)) + return -EOPNOTSUPP; + return crypto_register_alg(&alg); +} + +static void __exit fini(void) +{ + crypto_unregister_alg(&alg); +} + +module_init(init); +module_exit(fini); + +MODULE_ALIAS("sha512"); +MODULE_LICENSE("GPL"); +MODULE_DESCRIPTION("SHA512 Secure Hash Algorithm"); diff --git a/arch/s390/crypto/sha_common.c b/arch/s390/crypto/sha_common.c index 80b6f2ba005e..9d6eb8c3d37e 100644 --- a/arch/s390/crypto/sha_common.c +++ b/arch/s390/crypto/sha_common.c @@ -59,12 +59,15 @@ void s390_sha_final(struct crypto_tfm *tfm, u8 *out) struct s390_sha_ctx *ctx = crypto_tfm_ctx(tfm); unsigned int bsize = crypto_tfm_alg_blocksize(tfm); u64 bits; - unsigned int index, end; + unsigned int index, end, plen; int ret; + /* SHA-512 uses 128 bit padding length */ + plen = (bsize > SHA256_BLOCK_SIZE) ? 16 : 8; + /* must perform manual padding */ index = ctx->count & (bsize - 1); - end = (index < bsize - 8) ? bsize : (2 * bsize); + end = (index < bsize - plen) ? bsize : (2 * bsize); /* start pad with 1 */ ctx->buf[index] = 0x80; @@ -73,6 +76,10 @@ void s390_sha_final(struct crypto_tfm *tfm, u8 *out) /* pad with zeros */ memset(ctx->buf + index, 0x00, end - index - 8); + /* + * Append message length. Well, SHA-512 wants a 128 bit lenght value, + * nevertheless we use u64, should be enough for now... + */ bits = ctx->count * 8; memcpy(ctx->buf + end - 8, &bits, sizeof(bits)); diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig index 6d2f0c8d419a..ea7b19047270 100644 --- a/drivers/crypto/Kconfig +++ b/drivers/crypto/Kconfig @@ -101,6 +101,17 @@ config CRYPTO_SHA256_S390 This version of SHA implements a 256 bit hash with 128 bits of security against collision attacks. +config CRYPTO_SHA512_S390 + tristate "SHA512 digest algorithm" + depends on S390 + select CRYPTO_ALGAPI + help + This is the s390 hardware accelerated implementation of the + SHA512 secure hash standard. + + This version of SHA implements a 512 bit hash with 256 bits of + security against collision attacks. + config CRYPTO_DES_S390 tristate "DES and Triple DES cipher algorithms" depends on S390 -- cgit v1.2.3-59-g8ed1b From 4e2c6d7f4d8f466f4420e10dda7126537de09c94 Mon Sep 17 00:00:00 2001 From: Jan Glauber Date: Thu, 6 Mar 2008 19:53:50 +0800 Subject: [CRYPTO] sha384: Hardware acceleration for s390 Exploit the System z10 hardware acceleration for SHA384. Signed-off-by: Jan Glauber Signed-off-by: Herbert Xu --- arch/s390/crypto/sha512_s390.c | 57 ++++++++++++++++++++++++++++++++++++------ drivers/crypto/Kconfig | 6 +++-- 2 files changed, 54 insertions(+), 9 deletions(-) (limited to 'arch/s390') diff --git a/arch/s390/crypto/sha512_s390.c b/arch/s390/crypto/sha512_s390.c index 4d651bbce0f4..23c7861f6aeb 100644 --- a/arch/s390/crypto/sha512_s390.c +++ b/arch/s390/crypto/sha512_s390.c @@ -1,7 +1,7 @@ /* * Cryptographic API. * - * s390 implementation of the SHA512 Secure Hash Algorithm. + * s390 implementation of the SHA512 and SHA38 Secure Hash Algorithm. * * Copyright IBM Corp. 2007 * Author(s): Jan Glauber (jang@de.ibm.com) @@ -35,7 +35,7 @@ static void sha512_init(struct crypto_tfm *tfm) ctx->func = KIMD_SHA_512; } -static struct crypto_alg alg = { +static struct crypto_alg sha512_alg = { .cra_name = "sha512", .cra_driver_name = "sha512-s390", .cra_priority = CRYPT_S390_PRIORITY, @@ -43,7 +43,7 @@ static struct crypto_alg alg = { .cra_blocksize = SHA512_BLOCK_SIZE, .cra_ctxsize = sizeof(struct s390_sha_ctx), .cra_module = THIS_MODULE, - .cra_list = LIST_HEAD_INIT(alg.cra_list), + .cra_list = LIST_HEAD_INIT(sha512_alg.cra_list), .cra_u = { .digest = { .dia_digestsize = SHA512_DIGEST_SIZE, .dia_init = sha512_init, @@ -51,21 +51,64 @@ static struct crypto_alg alg = { .dia_final = s390_sha_final } } }; +MODULE_ALIAS("sha512"); + +static void sha384_init(struct crypto_tfm *tfm) +{ + struct s390_sha_ctx *ctx = crypto_tfm_ctx(tfm); + + *(__u64 *)&ctx->state[0] = 0xcbbb9d5dc1059ed8ULL; + *(__u64 *)&ctx->state[2] = 0x629a292a367cd507ULL; + *(__u64 *)&ctx->state[4] = 0x9159015a3070dd17ULL; + *(__u64 *)&ctx->state[6] = 0x152fecd8f70e5939ULL; + *(__u64 *)&ctx->state[8] = 0x67332667ffc00b31ULL; + *(__u64 *)&ctx->state[10] = 0x8eb44a8768581511ULL; + *(__u64 *)&ctx->state[12] = 0xdb0c2e0d64f98fa7ULL; + *(__u64 *)&ctx->state[14] = 0x47b5481dbefa4fa4ULL; + ctx->count = 0; + ctx->func = KIMD_SHA_512; +} + +static struct crypto_alg sha384_alg = { + .cra_name = "sha384", + .cra_driver_name = "sha384-s390", + .cra_priority = CRYPT_S390_PRIORITY, + .cra_flags = CRYPTO_ALG_TYPE_DIGEST, + .cra_blocksize = SHA384_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct s390_sha_ctx), + .cra_module = THIS_MODULE, + .cra_list = LIST_HEAD_INIT(sha384_alg.cra_list), + .cra_u = { .digest = { + .dia_digestsize = SHA384_DIGEST_SIZE, + .dia_init = sha384_init, + .dia_update = s390_sha_update, + .dia_final = s390_sha_final } } +}; + +MODULE_ALIAS("sha384"); + static int __init init(void) { + int ret; + if (!crypt_s390_func_available(KIMD_SHA_512)) return -EOPNOTSUPP; - return crypto_register_alg(&alg); + if ((ret = crypto_register_alg(&sha512_alg)) < 0) + goto out; + if ((ret = crypto_register_alg(&sha384_alg)) < 0) + crypto_unregister_alg(&sha512_alg); +out: + return ret; } static void __exit fini(void) { - crypto_unregister_alg(&alg); + crypto_unregister_alg(&sha512_alg); + crypto_unregister_alg(&sha384_alg); } module_init(init); module_exit(fini); -MODULE_ALIAS("sha512"); MODULE_LICENSE("GPL"); -MODULE_DESCRIPTION("SHA512 Secure Hash Algorithm"); +MODULE_DESCRIPTION("SHA512 and SHA-384 Secure Hash Algorithm"); diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig index ea7b19047270..e15dbc61f20f 100644 --- a/drivers/crypto/Kconfig +++ b/drivers/crypto/Kconfig @@ -102,7 +102,7 @@ config CRYPTO_SHA256_S390 security against collision attacks. config CRYPTO_SHA512_S390 - tristate "SHA512 digest algorithm" + tristate "SHA384 and SHA512 digest algorithm" depends on S390 select CRYPTO_ALGAPI help @@ -110,7 +110,9 @@ config CRYPTO_SHA512_S390 SHA512 secure hash standard. This version of SHA implements a 512 bit hash with 256 bits of - security against collision attacks. + security against collision attacks. The code also includes SHA-384, + a 384 bit hash with 192 bits of security against collision attacks. + config CRYPTO_DES_S390 tristate "DES and Triple DES cipher algorithms" -- cgit v1.2.3-59-g8ed1b