1 /* SPDX-License-Identifier: GPL-2.0 */ 2 /* 3 * CP Assist for Cryptographic Functions (CPACF) 4 * 5 * Copyright IBM Corp. 2003, 2023 6 * Author(s): Thomas Spatzier 7 * Jan Glauber 8 * Harald Freudenberger (freude@de.ibm.com) 9 * Martin Schwidefsky <schwidefsky@de.ibm.com> 10 */ 11 #ifndef _ASM_S390_CPACF_H 12 #define _ASM_S390_CPACF_H 13 14 #include <asm/facility.h> 15 16 /* 17 * Instruction opcodes for the CPACF instructions 18 */ 19 #define CPACF_KMAC 0xb91e /* MSA */ 20 #define CPACF_KM 0xb92e /* MSA */ 21 #define CPACF_KMC 0xb92f /* MSA */ 22 #define CPACF_KIMD 0xb93e /* MSA */ 23 #define CPACF_KLMD 0xb93f /* MSA */ 24 #define CPACF_PCKMO 0xb928 /* MSA3 */ 25 #define CPACF_KMF 0xb92a /* MSA4 */ 26 #define CPACF_KMO 0xb92b /* MSA4 */ 27 #define CPACF_PCC 0xb92c /* MSA4 */ 28 #define CPACF_KMCTR 0xb92d /* MSA4 */ 29 #define CPACF_PRNO 0xb93c /* MSA5 */ 30 #define CPACF_KMA 0xb929 /* MSA8 */ 31 #define CPACF_KDSA 0xb93a /* MSA9 */ 32 33 /* 34 * En/decryption modifier bits 35 */ 36 #define CPACF_ENCRYPT 0x00 37 #define CPACF_DECRYPT 0x80 38 39 /* 40 * Function codes for the KM (CIPHER MESSAGE) instruction 41 */ 42 #define CPACF_KM_QUERY 0x00 43 #define CPACF_KM_DEA 0x01 44 #define CPACF_KM_TDEA_128 0x02 45 #define CPACF_KM_TDEA_192 0x03 46 #define CPACF_KM_AES_128 0x12 47 #define CPACF_KM_AES_192 0x13 48 #define CPACF_KM_AES_256 0x14 49 #define CPACF_KM_PAES_128 0x1a 50 #define CPACF_KM_PAES_192 0x1b 51 #define CPACF_KM_PAES_256 0x1c 52 #define CPACF_KM_XTS_128 0x32 53 #define CPACF_KM_XTS_256 0x34 54 #define CPACF_KM_PXTS_128 0x3a 55 #define CPACF_KM_PXTS_256 0x3c 56 57 /* 58 * Function codes for the KMC (CIPHER MESSAGE WITH CHAINING) 59 * instruction 60 */ 61 #define CPACF_KMC_QUERY 0x00 62 #define CPACF_KMC_DEA 0x01 63 #define CPACF_KMC_TDEA_128 0x02 64 #define CPACF_KMC_TDEA_192 0x03 65 #define CPACF_KMC_AES_128 0x12 66 #define CPACF_KMC_AES_192 0x13 67 #define CPACF_KMC_AES_256 0x14 68 #define CPACF_KMC_PAES_128 0x1a 69 #define CPACF_KMC_PAES_192 0x1b 70 #define CPACF_KMC_PAES_256 0x1c 71 #define CPACF_KMC_PRNG 0x43 72 73 /* 74 * Function codes for the KMCTR (CIPHER MESSAGE WITH COUNTER) 75 * instruction 76 */ 77 #define CPACF_KMCTR_QUERY 0x00 78 #define CPACF_KMCTR_DEA 0x01 79 #define CPACF_KMCTR_TDEA_128 0x02 80 #define CPACF_KMCTR_TDEA_192 0x03 81 #define CPACF_KMCTR_AES_128 0x12 82 #define CPACF_KMCTR_AES_192 0x13 83 #define CPACF_KMCTR_AES_256 0x14 84 #define CPACF_KMCTR_PAES_128 0x1a 85 #define CPACF_KMCTR_PAES_192 0x1b 86 #define CPACF_KMCTR_PAES_256 0x1c 87 88 /* 89 * Function codes for the KIMD (COMPUTE INTERMEDIATE MESSAGE DIGEST) 90 * instruction 91 */ 92 #define CPACF_KIMD_QUERY 0x00 93 #define CPACF_KIMD_SHA_1 0x01 94 #define CPACF_KIMD_SHA_256 0x02 95 #define CPACF_KIMD_SHA_512 0x03 96 #define CPACF_KIMD_SHA3_224 0x20 97 #define CPACF_KIMD_SHA3_256 0x21 98 #define CPACF_KIMD_SHA3_384 0x22 99 #define CPACF_KIMD_SHA3_512 0x23 100 #define CPACF_KIMD_GHASH 0x41 101 102 /* 103 * Function codes for the KLMD (COMPUTE LAST MESSAGE DIGEST) 104 * instruction 105 */ 106 #define CPACF_KLMD_QUERY 0x00 107 #define CPACF_KLMD_SHA_1 0x01 108 #define CPACF_KLMD_SHA_256 0x02 109 #define CPACF_KLMD_SHA_512 0x03 110 #define CPACF_KLMD_SHA3_224 0x20 111 #define CPACF_KLMD_SHA3_256 0x21 112 #define CPACF_KLMD_SHA3_384 0x22 113 #define CPACF_KLMD_SHA3_512 0x23 114 115 /* 116 * function codes for the KMAC (COMPUTE MESSAGE AUTHENTICATION CODE) 117 * instruction 118 */ 119 #define CPACF_KMAC_QUERY 0x00 120 #define CPACF_KMAC_DEA 0x01 121 #define CPACF_KMAC_TDEA_128 0x02 122 #define CPACF_KMAC_TDEA_192 0x03 123 124 /* 125 * Function codes for the PCKMO (PERFORM CRYPTOGRAPHIC KEY MANAGEMENT) 126 * instruction 127 */ 128 #define CPACF_PCKMO_QUERY 0x00 129 #define CPACF_PCKMO_ENC_DES_KEY 0x01 130 #define CPACF_PCKMO_ENC_TDES_128_KEY 0x02 131 #define CPACF_PCKMO_ENC_TDES_192_KEY 0x03 132 #define CPACF_PCKMO_ENC_AES_128_KEY 0x12 133 #define CPACF_PCKMO_ENC_AES_192_KEY 0x13 134 #define CPACF_PCKMO_ENC_AES_256_KEY 0x14 135 #define CPACF_PCKMO_ENC_ECC_P256_KEY 0x20 136 #define CPACF_PCKMO_ENC_ECC_P384_KEY 0x21 137 #define CPACF_PCKMO_ENC_ECC_P521_KEY 0x22 138 #define CPACF_PCKMO_ENC_ECC_ED25519_KEY 0x28 139 #define CPACF_PCKMO_ENC_ECC_ED448_KEY 0x29 140 141 /* 142 * Function codes for the PRNO (PERFORM RANDOM NUMBER OPERATION) 143 * instruction 144 */ 145 #define CPACF_PRNO_QUERY 0x00 146 #define CPACF_PRNO_SHA512_DRNG_GEN 0x03 147 #define CPACF_PRNO_SHA512_DRNG_SEED 0x83 148 #define CPACF_PRNO_TRNG_Q_R2C_RATIO 0x70 149 #define CPACF_PRNO_TRNG 0x72 150 151 /* 152 * Function codes for the KMA (CIPHER MESSAGE WITH AUTHENTICATION) 153 * instruction 154 */ 155 #define CPACF_KMA_QUERY 0x00 156 #define CPACF_KMA_GCM_AES_128 0x12 157 #define CPACF_KMA_GCM_AES_192 0x13 158 #define CPACF_KMA_GCM_AES_256 0x14 159 160 /* 161 * Flags for the KMA (CIPHER MESSAGE WITH AUTHENTICATION) instruction 162 */ 163 #define CPACF_KMA_LPC 0x100 /* Last-Plaintext/Ciphertext */ 164 #define CPACF_KMA_LAAD 0x200 /* Last-AAD */ 165 #define CPACF_KMA_HS 0x400 /* Hash-subkey Supplied */ 166 167 typedef struct { unsigned char bytes[16]; } cpacf_mask_t; 168 169 /** 170 * cpacf_query() - check if a specific CPACF function is available 171 * @opcode: the opcode of the crypto instruction 172 * @func: the function code to test for 173 * 174 * Executes the query function for the given crypto instruction @opcode 175 * and checks if @func is available 176 * 177 * Returns 1 if @func is available for @opcode, 0 otherwise 178 */ 179 static __always_inline void __cpacf_query(unsigned int opcode, cpacf_mask_t *mask) 180 { 181 asm volatile( 182 " lghi 0,0\n" /* query function */ 183 " lgr 1,%[mask]\n" 184 " spm 0\n" /* pckmo doesn't change the cc */ 185 /* Parameter regs are ignored, but must be nonzero and unique */ 186 "0: .insn rrf,%[opc] << 16,2,4,6,0\n" 187 " brc 1,0b\n" /* handle partial completion */ 188 : "=m" (*mask) 189 : [mask] "d" ((unsigned long)mask), [opc] "i" (opcode) 190 : "cc", "0", "1"); 191 } 192 193 static __always_inline int __cpacf_check_opcode(unsigned int opcode) 194 { 195 switch (opcode) { 196 case CPACF_KMAC: 197 case CPACF_KM: 198 case CPACF_KMC: 199 case CPACF_KIMD: 200 case CPACF_KLMD: 201 return test_facility(17); /* check for MSA */ 202 case CPACF_PCKMO: 203 return test_facility(76); /* check for MSA3 */ 204 case CPACF_KMF: 205 case CPACF_KMO: 206 case CPACF_PCC: 207 case CPACF_KMCTR: 208 return test_facility(77); /* check for MSA4 */ 209 case CPACF_PRNO: 210 return test_facility(57); /* check for MSA5 */ 211 case CPACF_KMA: 212 return test_facility(146); /* check for MSA8 */ 213 default: 214 BUG(); 215 } 216 } 217 218 static __always_inline int cpacf_query(unsigned int opcode, cpacf_mask_t *mask) 219 { 220 if (__cpacf_check_opcode(opcode)) { 221 __cpacf_query(opcode, mask); 222 return 1; 223 } 224 memset(mask, 0, sizeof(*mask)); 225 return 0; 226 } 227 228 static inline int cpacf_test_func(cpacf_mask_t *mask, unsigned int func) 229 { 230 return (mask->bytes[func >> 3] & (0x80 >> (func & 7))) != 0; 231 } 232 233 static __always_inline int cpacf_query_func(unsigned int opcode, unsigned int func) 234 { 235 cpacf_mask_t mask; 236 237 if (cpacf_query(opcode, &mask)) 238 return cpacf_test_func(&mask, func); 239 return 0; 240 } 241 242 /** 243 * cpacf_km() - executes the KM (CIPHER MESSAGE) instruction 244 * @func: the function code passed to KM; see CPACF_KM_xxx defines 245 * @param: address of parameter block; see POP for details on each func 246 * @dest: address of destination memory area 247 * @src: address of source memory area 248 * @src_len: length of src operand in bytes 249 * 250 * Returns 0 for the query func, number of processed bytes for 251 * encryption/decryption funcs 252 */ 253 static inline int cpacf_km(unsigned long func, void *param, 254 u8 *dest, const u8 *src, long src_len) 255 { 256 union register_pair d, s; 257 258 d.even = (unsigned long)dest; 259 s.even = (unsigned long)src; 260 s.odd = (unsigned long)src_len; 261 asm volatile( 262 " lgr 0,%[fc]\n" 263 " lgr 1,%[pba]\n" 264 "0: .insn rre,%[opc] << 16,%[dst],%[src]\n" 265 " brc 1,0b\n" /* handle partial completion */ 266 : [src] "+&d" (s.pair), [dst] "+&d" (d.pair) 267 : [fc] "d" (func), [pba] "d" ((unsigned long)param), 268 [opc] "i" (CPACF_KM) 269 : "cc", "memory", "0", "1"); 270 271 return src_len - s.odd; 272 } 273 274 /** 275 * cpacf_kmc() - executes the KMC (CIPHER MESSAGE WITH CHAINING) instruction 276 * @func: the function code passed to KM; see CPACF_KMC_xxx defines 277 * @param: address of parameter block; see POP for details on each func 278 * @dest: address of destination memory area 279 * @src: address of source memory area 280 * @src_len: length of src operand in bytes 281 * 282 * Returns 0 for the query func, number of processed bytes for 283 * encryption/decryption funcs 284 */ 285 static inline int cpacf_kmc(unsigned long func, void *param, 286 u8 *dest, const u8 *src, long src_len) 287 { 288 union register_pair d, s; 289 290 d.even = (unsigned long)dest; 291 s.even = (unsigned long)src; 292 s.odd = (unsigned long)src_len; 293 asm volatile( 294 " lgr 0,%[fc]\n" 295 " lgr 1,%[pba]\n" 296 "0: .insn rre,%[opc] << 16,%[dst],%[src]\n" 297 " brc 1,0b\n" /* handle partial completion */ 298 : [src] "+&d" (s.pair), [dst] "+&d" (d.pair) 299 : [fc] "d" (func), [pba] "d" ((unsigned long)param), 300 [opc] "i" (CPACF_KMC) 301 : "cc", "memory", "0", "1"); 302 303 return src_len - s.odd; 304 } 305 306 /** 307 * cpacf_kimd() - executes the KIMD (COMPUTE INTERMEDIATE MESSAGE DIGEST) 308 * instruction 309 * @func: the function code passed to KM; see CPACF_KIMD_xxx defines 310 * @param: address of parameter block; see POP for details on each func 311 * @src: address of source memory area 312 * @src_len: length of src operand in bytes 313 */ 314 static inline void cpacf_kimd(unsigned long func, void *param, 315 const u8 *src, long src_len) 316 { 317 union register_pair s; 318 319 s.even = (unsigned long)src; 320 s.odd = (unsigned long)src_len; 321 asm volatile( 322 " lgr 0,%[fc]\n" 323 " lgr 1,%[pba]\n" 324 "0: .insn rre,%[opc] << 16,0,%[src]\n" 325 " brc 1,0b\n" /* handle partial completion */ 326 : [src] "+&d" (s.pair) 327 : [fc] "d" (func), [pba] "d" ((unsigned long)(param)), 328 [opc] "i" (CPACF_KIMD) 329 : "cc", "memory", "0", "1"); 330 } 331 332 /** 333 * cpacf_klmd() - executes the KLMD (COMPUTE LAST MESSAGE DIGEST) instruction 334 * @func: the function code passed to KM; see CPACF_KLMD_xxx defines 335 * @param: address of parameter block; see POP for details on each func 336 * @src: address of source memory area 337 * @src_len: length of src operand in bytes 338 */ 339 static inline void cpacf_klmd(unsigned long func, void *param, 340 const u8 *src, long src_len) 341 { 342 union register_pair s; 343 344 s.even = (unsigned long)src; 345 s.odd = (unsigned long)src_len; 346 asm volatile( 347 " lgr 0,%[fc]\n" 348 " lgr 1,%[pba]\n" 349 "0: .insn rre,%[opc] << 16,0,%[src]\n" 350 " brc 1,0b\n" /* handle partial completion */ 351 : [src] "+&d" (s.pair) 352 : [fc] "d" (func), [pba] "d" ((unsigned long)param), 353 [opc] "i" (CPACF_KLMD) 354 : "cc", "memory", "0", "1"); 355 } 356 357 /** 358 * cpacf_kmac() - executes the KMAC (COMPUTE MESSAGE AUTHENTICATION CODE) 359 * instruction 360 * @func: the function code passed to KM; see CPACF_KMAC_xxx defines 361 * @param: address of parameter block; see POP for details on each func 362 * @src: address of source memory area 363 * @src_len: length of src operand in bytes 364 * 365 * Returns 0 for the query func, number of processed bytes for digest funcs 366 */ 367 static inline int cpacf_kmac(unsigned long func, void *param, 368 const u8 *src, long src_len) 369 { 370 union register_pair s; 371 372 s.even = (unsigned long)src; 373 s.odd = (unsigned long)src_len; 374 asm volatile( 375 " lgr 0,%[fc]\n" 376 " lgr 1,%[pba]\n" 377 "0: .insn rre,%[opc] << 16,0,%[src]\n" 378 " brc 1,0b\n" /* handle partial completion */ 379 : [src] "+&d" (s.pair) 380 : [fc] "d" (func), [pba] "d" ((unsigned long)param), 381 [opc] "i" (CPACF_KMAC) 382 : "cc", "memory", "0", "1"); 383 384 return src_len - s.odd; 385 } 386 387 /** 388 * cpacf_kmctr() - executes the KMCTR (CIPHER MESSAGE WITH COUNTER) instruction 389 * @func: the function code passed to KMCTR; see CPACF_KMCTR_xxx defines 390 * @param: address of parameter block; see POP for details on each func 391 * @dest: address of destination memory area 392 * @src: address of source memory area 393 * @src_len: length of src operand in bytes 394 * @counter: address of counter value 395 * 396 * Returns 0 for the query func, number of processed bytes for 397 * encryption/decryption funcs 398 */ 399 static inline int cpacf_kmctr(unsigned long func, void *param, u8 *dest, 400 const u8 *src, long src_len, u8 *counter) 401 { 402 union register_pair d, s, c; 403 404 d.even = (unsigned long)dest; 405 s.even = (unsigned long)src; 406 s.odd = (unsigned long)src_len; 407 c.even = (unsigned long)counter; 408 asm volatile( 409 " lgr 0,%[fc]\n" 410 " lgr 1,%[pba]\n" 411 "0: .insn rrf,%[opc] << 16,%[dst],%[src],%[ctr],0\n" 412 " brc 1,0b\n" /* handle partial completion */ 413 : [src] "+&d" (s.pair), [dst] "+&d" (d.pair), 414 [ctr] "+&d" (c.pair) 415 : [fc] "d" (func), [pba] "d" ((unsigned long)param), 416 [opc] "i" (CPACF_KMCTR) 417 : "cc", "memory", "0", "1"); 418 419 return src_len - s.odd; 420 } 421 422 /** 423 * cpacf_prno() - executes the PRNO (PERFORM RANDOM NUMBER OPERATION) 424 * instruction 425 * @func: the function code passed to PRNO; see CPACF_PRNO_xxx defines 426 * @param: address of parameter block; see POP for details on each func 427 * @dest: address of destination memory area 428 * @dest_len: size of destination memory area in bytes 429 * @seed: address of seed data 430 * @seed_len: size of seed data in bytes 431 */ 432 static inline void cpacf_prno(unsigned long func, void *param, 433 u8 *dest, unsigned long dest_len, 434 const u8 *seed, unsigned long seed_len) 435 { 436 union register_pair d, s; 437 438 d.even = (unsigned long)dest; 439 d.odd = (unsigned long)dest_len; 440 s.even = (unsigned long)seed; 441 s.odd = (unsigned long)seed_len; 442 asm volatile ( 443 " lgr 0,%[fc]\n" 444 " lgr 1,%[pba]\n" 445 "0: .insn rre,%[opc] << 16,%[dst],%[seed]\n" 446 " brc 1,0b\n" /* handle partial completion */ 447 : [dst] "+&d" (d.pair) 448 : [fc] "d" (func), [pba] "d" ((unsigned long)param), 449 [seed] "d" (s.pair), [opc] "i" (CPACF_PRNO) 450 : "cc", "memory", "0", "1"); 451 } 452 453 /** 454 * cpacf_trng() - executes the TRNG subfunction of the PRNO instruction 455 * @ucbuf: buffer for unconditioned data 456 * @ucbuf_len: amount of unconditioned data to fetch in bytes 457 * @cbuf: buffer for conditioned data 458 * @cbuf_len: amount of conditioned data to fetch in bytes 459 */ 460 static inline void cpacf_trng(u8 *ucbuf, unsigned long ucbuf_len, 461 u8 *cbuf, unsigned long cbuf_len) 462 { 463 union register_pair u, c; 464 465 u.even = (unsigned long)ucbuf; 466 u.odd = (unsigned long)ucbuf_len; 467 c.even = (unsigned long)cbuf; 468 c.odd = (unsigned long)cbuf_len; 469 asm volatile ( 470 " lghi 0,%[fc]\n" 471 "0: .insn rre,%[opc] << 16,%[ucbuf],%[cbuf]\n" 472 " brc 1,0b\n" /* handle partial completion */ 473 : [ucbuf] "+&d" (u.pair), [cbuf] "+&d" (c.pair) 474 : [fc] "K" (CPACF_PRNO_TRNG), [opc] "i" (CPACF_PRNO) 475 : "cc", "memory", "0"); 476 } 477 478 /** 479 * cpacf_pcc() - executes the PCC (PERFORM CRYPTOGRAPHIC COMPUTATION) 480 * instruction 481 * @func: the function code passed to PCC; see CPACF_KM_xxx defines 482 * @param: address of parameter block; see POP for details on each func 483 */ 484 static inline void cpacf_pcc(unsigned long func, void *param) 485 { 486 asm volatile( 487 " lgr 0,%[fc]\n" 488 " lgr 1,%[pba]\n" 489 "0: .insn rre,%[opc] << 16,0,0\n" /* PCC opcode */ 490 " brc 1,0b\n" /* handle partial completion */ 491 : 492 : [fc] "d" (func), [pba] "d" ((unsigned long)param), 493 [opc] "i" (CPACF_PCC) 494 : "cc", "memory", "0", "1"); 495 } 496 497 /** 498 * cpacf_pckmo() - executes the PCKMO (PERFORM CRYPTOGRAPHIC KEY 499 * MANAGEMENT) instruction 500 * @func: the function code passed to PCKMO; see CPACF_PCKMO_xxx defines 501 * @param: address of parameter block; see POP for details on each func 502 * 503 * Returns 0. 504 */ 505 static inline void cpacf_pckmo(long func, void *param) 506 { 507 asm volatile( 508 " lgr 0,%[fc]\n" 509 " lgr 1,%[pba]\n" 510 " .insn rre,%[opc] << 16,0,0\n" /* PCKMO opcode */ 511 : 512 : [fc] "d" (func), [pba] "d" ((unsigned long)param), 513 [opc] "i" (CPACF_PCKMO) 514 : "cc", "memory", "0", "1"); 515 } 516 517 /** 518 * cpacf_kma() - executes the KMA (CIPHER MESSAGE WITH AUTHENTICATION) 519 * instruction 520 * @func: the function code passed to KMA; see CPACF_KMA_xxx defines 521 * @param: address of parameter block; see POP for details on each func 522 * @dest: address of destination memory area 523 * @src: address of source memory area 524 * @src_len: length of src operand in bytes 525 * @aad: address of additional authenticated data memory area 526 * @aad_len: length of aad operand in bytes 527 */ 528 static inline void cpacf_kma(unsigned long func, void *param, u8 *dest, 529 const u8 *src, unsigned long src_len, 530 const u8 *aad, unsigned long aad_len) 531 { 532 union register_pair d, s, a; 533 534 d.even = (unsigned long)dest; 535 s.even = (unsigned long)src; 536 s.odd = (unsigned long)src_len; 537 a.even = (unsigned long)aad; 538 a.odd = (unsigned long)aad_len; 539 asm volatile( 540 " lgr 0,%[fc]\n" 541 " lgr 1,%[pba]\n" 542 "0: .insn rrf,%[opc] << 16,%[dst],%[src],%[aad],0\n" 543 " brc 1,0b\n" /* handle partial completion */ 544 : [dst] "+&d" (d.pair), [src] "+&d" (s.pair), 545 [aad] "+&d" (a.pair) 546 : [fc] "d" (func), [pba] "d" ((unsigned long)param), 547 [opc] "i" (CPACF_KMA) 548 : "cc", "memory", "0", "1"); 549 } 550 551 #endif /* _ASM_S390_CPACF_H */ 552