Lines Matching +full:pk +full:- +full:pk
1 // SPDX-License-Identifier: GPL-2.0+
45 hwh->walkbytes = crypto_hash_walk_first(req, &hwh->walk); in hwh_prepare()
46 if (hwh->walkbytes < 0) in hwh_prepare()
47 return hwh->walkbytes; in hwh_prepare()
48 hwh->walkaddr = hwh->walk.data; in hwh_prepare()
63 return crypto_hash_walk_done(&hwh->walk, n); in hwh_advance()
65 hwh->walkbytes -= n; in hwh_advance()
66 hwh->walkaddr += n; in hwh_advance()
67 if (hwh->walkbytes > 0) in hwh_advance()
70 hwh->walkbytes = crypto_hash_walk_done(&hwh->walk, 0); in hwh_advance()
71 if (hwh->walkbytes < 0) in hwh_advance()
72 return hwh->walkbytes; in hwh_advance()
74 hwh->walkaddr = hwh->walk.data; in hwh_advance()
81 * blocksize of the used hashing sha2-algorithm function codes. The param block
82 * contains the hash chaining value (cv), the input message bit-length (imbl)
83 * and the hmac-secret (key). To prevent code duplication, the sizes of all
86 * param-block:
87 * +-------+
89 * +-------+
91 * +-------+
93 * +-------+
96 * part | sh2-alg | calculation | size | type
97 * -----+---------+-------------+------+--------
149 /* if state is valid, pk holds the protected key */
150 struct phmac_protkey pk; member
243 return -EINVAL; in hash_key()
256 * make_clrkey_token() - wrap the clear key into a pkey clearkey token.
265 token->type = 0x00; in make_clrkey_token()
266 token->version = 0x02; in make_clrkey_token()
270 token->keytype = PKEY_KEYTYPE_HMAC_512; in make_clrkey_token()
275 token->keytype = PKEY_KEYTYPE_HMAC_1024; in make_clrkey_token()
279 return -EINVAL; in make_clrkey_token()
281 token->len = blocksize; in make_clrkey_token()
284 rc = hash_key(clrkey, clrkeylen, token->key, digestsize); in make_clrkey_token()
288 memcpy(token->key, clrkey, clrkeylen); in make_clrkey_token()
295 * phmac_tfm_ctx_setkey() - Set key value into tfm context, maybe construct
301 if (keylen > sizeof(tfm_ctx->keybuf)) in phmac_tfm_ctx_setkey()
302 return -EINVAL; in phmac_tfm_ctx_setkey()
304 memcpy(tfm_ctx->keybuf, key, keylen); in phmac_tfm_ctx_setkey()
305 tfm_ctx->keylen = keylen; in phmac_tfm_ctx_setkey()
312 * This function may sleep - don't call in non-sleeping context.
315 struct phmac_protkey *pk) in convert_key() argument
319 pk->len = sizeof(pk->protkey); in convert_key()
323 * of 200, 400, 800 and 1600 ms - in total 3 s. in convert_key()
325 for (rc = -EIO, i = 0; rc && i < 5; i++) { in convert_key()
326 if (rc == -EBUSY && msleep_interruptible((1 << i) * 100)) { in convert_key()
327 rc = -EINTR; in convert_key()
331 pk->protkey, &pk->len, &pk->type, in convert_key()
341 * (Re-)Convert the raw key material from the tfm ctx into a protected
346 * atomic update of the pk and the pk state but does not guarantee any
350 * code triggers a (re-)conversion this does no harm. This may lead to
356 struct phmac_protkey pk; in phmac_convert_key() local
359 spin_lock_bh(&tfm_ctx->pk_lock); in phmac_convert_key()
360 tfm_ctx->pk_state = PK_STATE_CONVERT_IN_PROGRESS; in phmac_convert_key()
361 spin_unlock_bh(&tfm_ctx->pk_lock); in phmac_convert_key()
363 rc = convert_key(tfm_ctx->keybuf, tfm_ctx->keylen, &pk); in phmac_convert_key()
366 spin_lock_bh(&tfm_ctx->pk_lock); in phmac_convert_key()
368 tfm_ctx->pk_state = rc; in phmac_convert_key()
370 tfm_ctx->pk_state = PK_STATE_VALID; in phmac_convert_key()
371 tfm_ctx->pk = pk; in phmac_convert_key()
373 spin_unlock_bh(&tfm_ctx->pk_lock); in phmac_convert_key()
375 memzero_explicit(&pk, sizeof(pk)); in phmac_convert_key()
381 * kmac_sha2_set_imbl - sets the input message bit-length based on the blocksize
405 struct kmac_sha2_ctx *ctx = &req_ctx->kmac_ctx; in phmac_kmac_update()
406 struct hash_walk_helper *hwh = &req_ctx->hwh; in phmac_kmac_update()
418 while (hwh->walkbytes > 0) { in phmac_kmac_update()
420 offset = ctx->buflen[0] % bs; in phmac_kmac_update()
421 if (offset + hwh->walkbytes < bs) in phmac_kmac_update()
426 n = bs - offset; in phmac_kmac_update()
427 memcpy(ctx->buf + offset, hwh->walkaddr, n); in phmac_kmac_update()
428 ctx->gr0.iimp = 1; in phmac_kmac_update()
430 k = _cpacf_kmac(&ctx->gr0.reg, ctx->param, ctx->buf, bs); in phmac_kmac_update()
440 rc = -EIO; in phmac_kmac_update()
443 /* protected key is invalid and needs re-conversion */ in phmac_kmac_update()
445 rc = -EKEYEXPIRED; in phmac_kmac_update()
451 spin_lock_bh(&tfm_ctx->pk_lock); in phmac_kmac_update()
452 memcpy(ctx->param + SHA2_KEY_OFFSET(bs), in phmac_kmac_update()
453 tfm_ctx->pk.protkey, tfm_ctx->pk.len); in phmac_kmac_update()
454 spin_unlock_bh(&tfm_ctx->pk_lock); in phmac_kmac_update()
456 ctx->buflen[0] += n; in phmac_kmac_update()
457 if (ctx->buflen[0] < n) in phmac_kmac_update()
458 ctx->buflen[1]++; in phmac_kmac_update()
466 while (hwh->walkbytes >= bs) { in phmac_kmac_update()
467 n = (hwh->walkbytes / bs) * bs; in phmac_kmac_update()
468 ctx->gr0.iimp = 1; in phmac_kmac_update()
469 k = _cpacf_kmac(&ctx->gr0.reg, ctx->param, hwh->walkaddr, n); in phmac_kmac_update()
471 ctx->buflen[0] += k; in phmac_kmac_update()
472 if (ctx->buflen[0] < k) in phmac_kmac_update()
473 ctx->buflen[1]++; in phmac_kmac_update()
479 /* protected key is invalid and needs re-conversion */ in phmac_kmac_update()
481 rc = -EKEYEXPIRED; in phmac_kmac_update()
487 spin_lock_bh(&tfm_ctx->pk_lock); in phmac_kmac_update()
488 memcpy(ctx->param + SHA2_KEY_OFFSET(bs), in phmac_kmac_update()
489 tfm_ctx->pk.protkey, tfm_ctx->pk.len); in phmac_kmac_update()
490 spin_unlock_bh(&tfm_ctx->pk_lock); in phmac_kmac_update()
496 if (hwh->walkbytes) { in phmac_kmac_update()
497 memcpy(ctx->buf + offset, hwh->walkaddr, hwh->walkbytes); in phmac_kmac_update()
498 ctx->buflen[0] += hwh->walkbytes; in phmac_kmac_update()
499 if (ctx->buflen[0] < hwh->walkbytes) in phmac_kmac_update()
500 ctx->buflen[1]++; in phmac_kmac_update()
501 rc = hwh_advance(hwh, hwh->walkbytes); in phmac_kmac_update()
506 } /* end of while (hwh->walkbytes > 0) */ in phmac_kmac_update()
518 struct kmac_sha2_ctx *ctx = &req_ctx->kmac_ctx; in phmac_kmac_final()
524 n = ctx->buflen[0] % bs; in phmac_kmac_final()
525 ctx->gr0.iimp = 0; in phmac_kmac_final()
526 kmac_sha2_set_imbl(ctx->param, ctx->buflen[0], ctx->buflen[1], bs); in phmac_kmac_final()
528 k = _cpacf_kmac(&ctx->gr0.reg, ctx->param, ctx->buf, n); in phmac_kmac_final()
533 rc = -EIO; in phmac_kmac_final()
536 /* protected key is invalid and needs re-conversion */ in phmac_kmac_final()
538 rc = -EKEYEXPIRED; in phmac_kmac_final()
544 spin_lock_bh(&tfm_ctx->pk_lock); in phmac_kmac_final()
545 memcpy(ctx->param + SHA2_KEY_OFFSET(bs), in phmac_kmac_final()
546 tfm_ctx->pk.protkey, tfm_ctx->pk.len); in phmac_kmac_final()
547 spin_unlock_bh(&tfm_ctx->pk_lock); in phmac_kmac_final()
550 memcpy(req->result, ctx->param, ds); in phmac_kmac_final()
562 struct kmac_sha2_ctx *kmac_ctx = &req_ctx->kmac_ctx; in phmac_init()
573 if (!tfm_ctx->fc) { in phmac_init()
574 rc = -ENOKEY; in phmac_init()
577 kmac_ctx->gr0.fc = tfm_ctx->fc; in phmac_init()
580 * Copy the pk from tfm ctx into kmac ctx. The protected key in phmac_init()
583 spin_lock_bh(&tfm_ctx->pk_lock); in phmac_init()
584 memcpy(kmac_ctx->param + SHA2_KEY_OFFSET(bs), in phmac_init()
585 tfm_ctx->pk.protkey, tfm_ctx->pk.len); in phmac_init()
586 spin_unlock_bh(&tfm_ctx->pk_lock); in phmac_init()
598 struct kmac_sha2_ctx *kmac_ctx = &req_ctx->kmac_ctx; in phmac_update()
599 struct hash_walk_helper *hwh = &req_ctx->hwh; in phmac_update()
608 if (!atomic_read(&tfm_ctx->via_engine_ctr)) { in phmac_update()
619 if (rc == 0 || rc == -EKEYEXPIRED) { in phmac_update()
620 req_ctx->async_op = OP_UPDATE; in phmac_update()
621 atomic_inc(&tfm_ctx->via_engine_ctr); in phmac_update()
623 if (rc != -EINPROGRESS) in phmac_update()
624 atomic_dec(&tfm_ctx->via_engine_ctr); in phmac_update()
627 if (rc != -EINPROGRESS) { in phmac_update()
642 struct kmac_sha2_ctx *kmac_ctx = &req_ctx->kmac_ctx; in phmac_final()
646 if (!atomic_read(&tfm_ctx->via_engine_ctr)) { in phmac_final()
657 if (rc == 0 || rc == -EKEYEXPIRED) { in phmac_final()
658 req_ctx->async_op = OP_FINAL; in phmac_final()
659 atomic_inc(&tfm_ctx->via_engine_ctr); in phmac_final()
661 if (rc != -EINPROGRESS) in phmac_final()
662 atomic_dec(&tfm_ctx->via_engine_ctr); in phmac_final()
666 if (rc != -EINPROGRESS) in phmac_final()
677 struct kmac_sha2_ctx *kmac_ctx = &req_ctx->kmac_ctx; in phmac_finup()
678 struct hash_walk_helper *hwh = &req_ctx->hwh; in phmac_finup()
686 req_ctx->async_op = OP_FINUP; in phmac_finup()
689 if (!atomic_read(&tfm_ctx->via_engine_ctr)) { in phmac_finup()
692 req_ctx->async_op = OP_FINAL; in phmac_finup()
694 if (!rc && req_ctx->async_op == OP_FINAL && in phmac_finup()
695 !atomic_read(&tfm_ctx->via_engine_ctr)) { in phmac_finup()
706 if (rc == 0 || rc == -EKEYEXPIRED) { in phmac_finup()
707 /* req->async_op has been set to either OP_FINUP or OP_FINAL */ in phmac_finup()
708 atomic_inc(&tfm_ctx->via_engine_ctr); in phmac_finup()
710 if (rc != -EINPROGRESS) in phmac_finup()
711 atomic_dec(&tfm_ctx->via_engine_ctr); in phmac_finup()
714 if (rc != -EINPROGRESS) in phmac_finup()
718 if (rc != -EINPROGRESS) in phmac_finup()
758 rc = -ENOMEM; in phmac_setkey()
778 /* set function code in tfm context, check for valid pk type */ in phmac_setkey()
781 if (tfm_ctx->pk.type != PKEY_KEYTYPE_HMAC_512) in phmac_setkey()
782 rc = -EINVAL; in phmac_setkey()
784 tfm_ctx->fc = CPACF_KMAC_PHMAC_SHA_224; in phmac_setkey()
787 if (tfm_ctx->pk.type != PKEY_KEYTYPE_HMAC_512) in phmac_setkey()
788 rc = -EINVAL; in phmac_setkey()
790 tfm_ctx->fc = CPACF_KMAC_PHMAC_SHA_256; in phmac_setkey()
793 if (tfm_ctx->pk.type != PKEY_KEYTYPE_HMAC_1024) in phmac_setkey()
794 rc = -EINVAL; in phmac_setkey()
796 tfm_ctx->fc = CPACF_KMAC_PHMAC_SHA_384; in phmac_setkey()
799 if (tfm_ctx->pk.type != PKEY_KEYTYPE_HMAC_1024) in phmac_setkey()
800 rc = -EINVAL; in phmac_setkey()
802 tfm_ctx->fc = CPACF_KMAC_PHMAC_SHA_512; in phmac_setkey()
805 tfm_ctx->fc = 0; in phmac_setkey()
806 rc = -EINVAL; in phmac_setkey()
818 struct kmac_sha2_ctx *ctx = &req_ctx->kmac_ctx; in phmac_export()
828 struct kmac_sha2_ctx *ctx = &req_ctx->kmac_ctx; in phmac_import()
841 spin_lock_init(&tfm_ctx->pk_lock); in phmac_init_tfm()
852 memzero_explicit(tfm_ctx->keybuf, sizeof(tfm_ctx->keybuf)); in phmac_exit_tfm()
853 memzero_explicit(&tfm_ctx->pk, sizeof(tfm_ctx->pk)); in phmac_exit_tfm()
862 struct kmac_sha2_ctx *kmac_ctx = &req_ctx->kmac_ctx; in phmac_do_one_request()
863 struct hash_walk_helper *hwh = &req_ctx->hwh; in phmac_do_one_request()
864 int rc = -EINVAL; in phmac_do_one_request()
868 * 1. req->async_op == OP_UPDATE with req->nbytes > 0 in phmac_do_one_request()
869 * 2. req->async_op == OP_FINUP with req->nbytes > 0 in phmac_do_one_request()
870 * 3. req->async_op == OP_FINAL in phmac_do_one_request()
875 switch (req_ctx->async_op) { in phmac_do_one_request()
879 if (rc == -EKEYEXPIRED) { in phmac_do_one_request()
882 * Trigger a re-schedule of this request by returning in phmac_do_one_request()
883 * -ENOSPC ("hardware queue full") to the crypto engine. in phmac_do_one_request()
884 * To avoid immediately re-invocation of this callback, in phmac_do_one_request()
889 return -ENOSPC; in phmac_do_one_request()
894 if (req_ctx->async_op == OP_UPDATE) in phmac_do_one_request()
896 req_ctx->async_op = OP_FINAL; in phmac_do_one_request()
900 if (rc == -EKEYEXPIRED) { in phmac_do_one_request()
903 * Trigger a re-schedule of this request by returning in phmac_do_one_request()
904 * -ENOSPC ("hardware queue full") to the crypto engine. in phmac_do_one_request()
905 * To avoid immediately re-invocation of this callback, in phmac_do_one_request()
910 return -ENOSPC; in phmac_do_one_request()
915 return -EOPNOTSUPP; in phmac_do_one_request()
919 if (rc || req_ctx->async_op == OP_FINAL) in phmac_do_one_request()
923 atomic_dec(&tfm_ctx->via_engine_ctr); in phmac_do_one_request()
997 for (i = ARRAY_SIZE(phmac_algs) - 1; i >= 0; i--) { in s390_phmac_exit()
999 if (phmac->registered) in s390_phmac_exit()
1000 crypto_engine_unregister_ahash(&phmac->alg); in s390_phmac_exit()
1013 return -ENODEV; in s390_phmac_init()
1015 return -ENODEV; in s390_phmac_init()
1027 rc = -ENOMEM; in s390_phmac_init()
1039 if (!cpacf_query_func(CPACF_KMAC, phmac->fc)) in s390_phmac_init()
1041 rc = crypto_engine_register_ahash(&phmac->alg); in s390_phmac_init()
1044 phmac->registered = true; in s390_phmac_init()
1045 pr_debug("%s registered\n", phmac->alg.base.halg.base.cra_name); in s390_phmac_init()