xref: /linux/arch/s390/include/asm/cpacf.h (revision eb01fe7abbe2d0b38824d2a93fdb4cc3eaf2ccc1)
1 /* SPDX-License-Identifier: GPL-2.0 */
2 /*
3  * CP Assist for Cryptographic Functions (CPACF)
4  *
5  * Copyright IBM Corp. 2003, 2023
6  * Author(s): Thomas Spatzier
7  *	      Jan Glauber
8  *	      Harald Freudenberger (freude@de.ibm.com)
9  *	      Martin Schwidefsky <schwidefsky@de.ibm.com>
10  */
11 #ifndef _ASM_S390_CPACF_H
12 #define _ASM_S390_CPACF_H
13 
14 #include <asm/facility.h>
15 
16 /*
17  * Instruction opcodes for the CPACF instructions
18  */
19 #define CPACF_KMAC		0xb91e		/* MSA	*/
20 #define CPACF_KM		0xb92e		/* MSA	*/
21 #define CPACF_KMC		0xb92f		/* MSA	*/
22 #define CPACF_KIMD		0xb93e		/* MSA	*/
23 #define CPACF_KLMD		0xb93f		/* MSA	*/
24 #define CPACF_PCKMO		0xb928		/* MSA3 */
25 #define CPACF_KMF		0xb92a		/* MSA4 */
26 #define CPACF_KMO		0xb92b		/* MSA4 */
27 #define CPACF_PCC		0xb92c		/* MSA4 */
28 #define CPACF_KMCTR		0xb92d		/* MSA4 */
29 #define CPACF_PRNO		0xb93c		/* MSA5 */
30 #define CPACF_KMA		0xb929		/* MSA8 */
31 #define CPACF_KDSA		0xb93a		/* MSA9 */
32 
33 /*
34  * En/decryption modifier bits
35  */
36 #define CPACF_ENCRYPT		0x00
37 #define CPACF_DECRYPT		0x80
38 
39 /*
40  * Function codes for the KM (CIPHER MESSAGE) instruction
41  */
42 #define CPACF_KM_QUERY		0x00
43 #define CPACF_KM_DEA		0x01
44 #define CPACF_KM_TDEA_128	0x02
45 #define CPACF_KM_TDEA_192	0x03
46 #define CPACF_KM_AES_128	0x12
47 #define CPACF_KM_AES_192	0x13
48 #define CPACF_KM_AES_256	0x14
49 #define CPACF_KM_PAES_128	0x1a
50 #define CPACF_KM_PAES_192	0x1b
51 #define CPACF_KM_PAES_256	0x1c
52 #define CPACF_KM_XTS_128	0x32
53 #define CPACF_KM_XTS_256	0x34
54 #define CPACF_KM_PXTS_128	0x3a
55 #define CPACF_KM_PXTS_256	0x3c
56 
57 /*
58  * Function codes for the KMC (CIPHER MESSAGE WITH CHAINING)
59  * instruction
60  */
61 #define CPACF_KMC_QUERY		0x00
62 #define CPACF_KMC_DEA		0x01
63 #define CPACF_KMC_TDEA_128	0x02
64 #define CPACF_KMC_TDEA_192	0x03
65 #define CPACF_KMC_AES_128	0x12
66 #define CPACF_KMC_AES_192	0x13
67 #define CPACF_KMC_AES_256	0x14
68 #define CPACF_KMC_PAES_128	0x1a
69 #define CPACF_KMC_PAES_192	0x1b
70 #define CPACF_KMC_PAES_256	0x1c
71 #define CPACF_KMC_PRNG		0x43
72 
73 /*
74  * Function codes for the KMCTR (CIPHER MESSAGE WITH COUNTER)
75  * instruction
76  */
77 #define CPACF_KMCTR_QUERY	0x00
78 #define CPACF_KMCTR_DEA		0x01
79 #define CPACF_KMCTR_TDEA_128	0x02
80 #define CPACF_KMCTR_TDEA_192	0x03
81 #define CPACF_KMCTR_AES_128	0x12
82 #define CPACF_KMCTR_AES_192	0x13
83 #define CPACF_KMCTR_AES_256	0x14
84 #define CPACF_KMCTR_PAES_128	0x1a
85 #define CPACF_KMCTR_PAES_192	0x1b
86 #define CPACF_KMCTR_PAES_256	0x1c
87 
88 /*
89  * Function codes for the KIMD (COMPUTE INTERMEDIATE MESSAGE DIGEST)
90  * instruction
91  */
92 #define CPACF_KIMD_QUERY	0x00
93 #define CPACF_KIMD_SHA_1	0x01
94 #define CPACF_KIMD_SHA_256	0x02
95 #define CPACF_KIMD_SHA_512	0x03
96 #define CPACF_KIMD_SHA3_224	0x20
97 #define CPACF_KIMD_SHA3_256	0x21
98 #define CPACF_KIMD_SHA3_384	0x22
99 #define CPACF_KIMD_SHA3_512	0x23
100 #define CPACF_KIMD_GHASH	0x41
101 
102 /*
103  * Function codes for the KLMD (COMPUTE LAST MESSAGE DIGEST)
104  * instruction
105  */
106 #define CPACF_KLMD_QUERY	0x00
107 #define CPACF_KLMD_SHA_1	0x01
108 #define CPACF_KLMD_SHA_256	0x02
109 #define CPACF_KLMD_SHA_512	0x03
110 #define CPACF_KLMD_SHA3_224	0x20
111 #define CPACF_KLMD_SHA3_256	0x21
112 #define CPACF_KLMD_SHA3_384	0x22
113 #define CPACF_KLMD_SHA3_512	0x23
114 
115 /*
116  * function codes for the KMAC (COMPUTE MESSAGE AUTHENTICATION CODE)
117  * instruction
118  */
119 #define CPACF_KMAC_QUERY	0x00
120 #define CPACF_KMAC_DEA		0x01
121 #define CPACF_KMAC_TDEA_128	0x02
122 #define CPACF_KMAC_TDEA_192	0x03
123 
124 /*
125  * Function codes for the PCKMO (PERFORM CRYPTOGRAPHIC KEY MANAGEMENT)
126  * instruction
127  */
128 #define CPACF_PCKMO_QUERY		0x00
129 #define CPACF_PCKMO_ENC_DES_KEY		0x01
130 #define CPACF_PCKMO_ENC_TDES_128_KEY	0x02
131 #define CPACF_PCKMO_ENC_TDES_192_KEY	0x03
132 #define CPACF_PCKMO_ENC_AES_128_KEY	0x12
133 #define CPACF_PCKMO_ENC_AES_192_KEY	0x13
134 #define CPACF_PCKMO_ENC_AES_256_KEY	0x14
135 #define CPACF_PCKMO_ENC_ECC_P256_KEY	0x20
136 #define CPACF_PCKMO_ENC_ECC_P384_KEY	0x21
137 #define CPACF_PCKMO_ENC_ECC_P521_KEY	0x22
138 #define CPACF_PCKMO_ENC_ECC_ED25519_KEY	0x28
139 #define CPACF_PCKMO_ENC_ECC_ED448_KEY	0x29
140 
141 /*
142  * Function codes for the PRNO (PERFORM RANDOM NUMBER OPERATION)
143  * instruction
144  */
145 #define CPACF_PRNO_QUERY		0x00
146 #define CPACF_PRNO_SHA512_DRNG_GEN	0x03
147 #define CPACF_PRNO_SHA512_DRNG_SEED	0x83
148 #define CPACF_PRNO_TRNG_Q_R2C_RATIO	0x70
149 #define CPACF_PRNO_TRNG			0x72
150 
151 /*
152  * Function codes for the KMA (CIPHER MESSAGE WITH AUTHENTICATION)
153  * instruction
154  */
155 #define CPACF_KMA_QUERY		0x00
156 #define CPACF_KMA_GCM_AES_128	0x12
157 #define CPACF_KMA_GCM_AES_192	0x13
158 #define CPACF_KMA_GCM_AES_256	0x14
159 
160 /*
161  * Flags for the KMA (CIPHER MESSAGE WITH AUTHENTICATION) instruction
162  */
163 #define CPACF_KMA_LPC	0x100	/* Last-Plaintext/Ciphertext */
164 #define CPACF_KMA_LAAD	0x200	/* Last-AAD */
165 #define CPACF_KMA_HS	0x400	/* Hash-subkey Supplied */
166 
167 typedef struct { unsigned char bytes[16]; } cpacf_mask_t;
168 
169 /**
170  * cpacf_query() - check if a specific CPACF function is available
171  * @opcode: the opcode of the crypto instruction
172  * @func: the function code to test for
173  *
174  * Executes the query function for the given crypto instruction @opcode
175  * and checks if @func is available
176  *
177  * Returns 1 if @func is available for @opcode, 0 otherwise
178  */
179 static __always_inline void __cpacf_query(unsigned int opcode, cpacf_mask_t *mask)
180 {
181 	asm volatile(
182 		"	lghi	0,0\n" /* query function */
183 		"	lgr	1,%[mask]\n"
184 		"	spm	0\n" /* pckmo doesn't change the cc */
185 		/* Parameter regs are ignored, but must be nonzero and unique */
186 		"0:	.insn	rrf,%[opc] << 16,2,4,6,0\n"
187 		"	brc	1,0b\n"	/* handle partial completion */
188 		: "=m" (*mask)
189 		: [mask] "d" ((unsigned long)mask), [opc] "i" (opcode)
190 		: "cc", "0", "1");
191 }
192 
193 static __always_inline int __cpacf_check_opcode(unsigned int opcode)
194 {
195 	switch (opcode) {
196 	case CPACF_KMAC:
197 	case CPACF_KM:
198 	case CPACF_KMC:
199 	case CPACF_KIMD:
200 	case CPACF_KLMD:
201 		return test_facility(17);	/* check for MSA */
202 	case CPACF_PCKMO:
203 		return test_facility(76);	/* check for MSA3 */
204 	case CPACF_KMF:
205 	case CPACF_KMO:
206 	case CPACF_PCC:
207 	case CPACF_KMCTR:
208 		return test_facility(77);	/* check for MSA4 */
209 	case CPACF_PRNO:
210 		return test_facility(57);	/* check for MSA5 */
211 	case CPACF_KMA:
212 		return test_facility(146);	/* check for MSA8 */
213 	default:
214 		BUG();
215 	}
216 }
217 
218 static __always_inline int cpacf_query(unsigned int opcode, cpacf_mask_t *mask)
219 {
220 	if (__cpacf_check_opcode(opcode)) {
221 		__cpacf_query(opcode, mask);
222 		return 1;
223 	}
224 	memset(mask, 0, sizeof(*mask));
225 	return 0;
226 }
227 
228 static inline int cpacf_test_func(cpacf_mask_t *mask, unsigned int func)
229 {
230 	return (mask->bytes[func >> 3] & (0x80 >> (func & 7))) != 0;
231 }
232 
233 static __always_inline int cpacf_query_func(unsigned int opcode, unsigned int func)
234 {
235 	cpacf_mask_t mask;
236 
237 	if (cpacf_query(opcode, &mask))
238 		return cpacf_test_func(&mask, func);
239 	return 0;
240 }
241 
242 /**
243  * cpacf_km() - executes the KM (CIPHER MESSAGE) instruction
244  * @func: the function code passed to KM; see CPACF_KM_xxx defines
245  * @param: address of parameter block; see POP for details on each func
246  * @dest: address of destination memory area
247  * @src: address of source memory area
248  * @src_len: length of src operand in bytes
249  *
250  * Returns 0 for the query func, number of processed bytes for
251  * encryption/decryption funcs
252  */
253 static inline int cpacf_km(unsigned long func, void *param,
254 			   u8 *dest, const u8 *src, long src_len)
255 {
256 	union register_pair d, s;
257 
258 	d.even = (unsigned long)dest;
259 	s.even = (unsigned long)src;
260 	s.odd  = (unsigned long)src_len;
261 	asm volatile(
262 		"	lgr	0,%[fc]\n"
263 		"	lgr	1,%[pba]\n"
264 		"0:	.insn	rre,%[opc] << 16,%[dst],%[src]\n"
265 		"	brc	1,0b\n" /* handle partial completion */
266 		: [src] "+&d" (s.pair), [dst] "+&d" (d.pair)
267 		: [fc] "d" (func), [pba] "d" ((unsigned long)param),
268 		  [opc] "i" (CPACF_KM)
269 		: "cc", "memory", "0", "1");
270 
271 	return src_len - s.odd;
272 }
273 
274 /**
275  * cpacf_kmc() - executes the KMC (CIPHER MESSAGE WITH CHAINING) instruction
276  * @func: the function code passed to KM; see CPACF_KMC_xxx defines
277  * @param: address of parameter block; see POP for details on each func
278  * @dest: address of destination memory area
279  * @src: address of source memory area
280  * @src_len: length of src operand in bytes
281  *
282  * Returns 0 for the query func, number of processed bytes for
283  * encryption/decryption funcs
284  */
285 static inline int cpacf_kmc(unsigned long func, void *param,
286 			    u8 *dest, const u8 *src, long src_len)
287 {
288 	union register_pair d, s;
289 
290 	d.even = (unsigned long)dest;
291 	s.even = (unsigned long)src;
292 	s.odd  = (unsigned long)src_len;
293 	asm volatile(
294 		"	lgr	0,%[fc]\n"
295 		"	lgr	1,%[pba]\n"
296 		"0:	.insn	rre,%[opc] << 16,%[dst],%[src]\n"
297 		"	brc	1,0b\n" /* handle partial completion */
298 		: [src] "+&d" (s.pair), [dst] "+&d" (d.pair)
299 		: [fc] "d" (func), [pba] "d" ((unsigned long)param),
300 		  [opc] "i" (CPACF_KMC)
301 		: "cc", "memory", "0", "1");
302 
303 	return src_len - s.odd;
304 }
305 
306 /**
307  * cpacf_kimd() - executes the KIMD (COMPUTE INTERMEDIATE MESSAGE DIGEST)
308  *		  instruction
309  * @func: the function code passed to KM; see CPACF_KIMD_xxx defines
310  * @param: address of parameter block; see POP for details on each func
311  * @src: address of source memory area
312  * @src_len: length of src operand in bytes
313  */
314 static inline void cpacf_kimd(unsigned long func, void *param,
315 			      const u8 *src, long src_len)
316 {
317 	union register_pair s;
318 
319 	s.even = (unsigned long)src;
320 	s.odd  = (unsigned long)src_len;
321 	asm volatile(
322 		"	lgr	0,%[fc]\n"
323 		"	lgr	1,%[pba]\n"
324 		"0:	.insn	rre,%[opc] << 16,0,%[src]\n"
325 		"	brc	1,0b\n" /* handle partial completion */
326 		: [src] "+&d" (s.pair)
327 		: [fc] "d" (func), [pba] "d" ((unsigned long)(param)),
328 		  [opc] "i" (CPACF_KIMD)
329 		: "cc", "memory", "0", "1");
330 }
331 
332 /**
333  * cpacf_klmd() - executes the KLMD (COMPUTE LAST MESSAGE DIGEST) instruction
334  * @func: the function code passed to KM; see CPACF_KLMD_xxx defines
335  * @param: address of parameter block; see POP for details on each func
336  * @src: address of source memory area
337  * @src_len: length of src operand in bytes
338  */
339 static inline void cpacf_klmd(unsigned long func, void *param,
340 			      const u8 *src, long src_len)
341 {
342 	union register_pair s;
343 
344 	s.even = (unsigned long)src;
345 	s.odd  = (unsigned long)src_len;
346 	asm volatile(
347 		"	lgr	0,%[fc]\n"
348 		"	lgr	1,%[pba]\n"
349 		"0:	.insn	rre,%[opc] << 16,0,%[src]\n"
350 		"	brc	1,0b\n" /* handle partial completion */
351 		: [src] "+&d" (s.pair)
352 		: [fc] "d" (func), [pba] "d" ((unsigned long)param),
353 		  [opc] "i" (CPACF_KLMD)
354 		: "cc", "memory", "0", "1");
355 }
356 
357 /**
358  * cpacf_kmac() - executes the KMAC (COMPUTE MESSAGE AUTHENTICATION CODE)
359  *		  instruction
360  * @func: the function code passed to KM; see CPACF_KMAC_xxx defines
361  * @param: address of parameter block; see POP for details on each func
362  * @src: address of source memory area
363  * @src_len: length of src operand in bytes
364  *
365  * Returns 0 for the query func, number of processed bytes for digest funcs
366  */
367 static inline int cpacf_kmac(unsigned long func, void *param,
368 			     const u8 *src, long src_len)
369 {
370 	union register_pair s;
371 
372 	s.even = (unsigned long)src;
373 	s.odd  = (unsigned long)src_len;
374 	asm volatile(
375 		"	lgr	0,%[fc]\n"
376 		"	lgr	1,%[pba]\n"
377 		"0:	.insn	rre,%[opc] << 16,0,%[src]\n"
378 		"	brc	1,0b\n" /* handle partial completion */
379 		: [src] "+&d" (s.pair)
380 		: [fc] "d" (func), [pba] "d" ((unsigned long)param),
381 		  [opc] "i" (CPACF_KMAC)
382 		: "cc", "memory", "0", "1");
383 
384 	return src_len - s.odd;
385 }
386 
387 /**
388  * cpacf_kmctr() - executes the KMCTR (CIPHER MESSAGE WITH COUNTER) instruction
389  * @func: the function code passed to KMCTR; see CPACF_KMCTR_xxx defines
390  * @param: address of parameter block; see POP for details on each func
391  * @dest: address of destination memory area
392  * @src: address of source memory area
393  * @src_len: length of src operand in bytes
394  * @counter: address of counter value
395  *
396  * Returns 0 for the query func, number of processed bytes for
397  * encryption/decryption funcs
398  */
399 static inline int cpacf_kmctr(unsigned long func, void *param, u8 *dest,
400 			      const u8 *src, long src_len, u8 *counter)
401 {
402 	union register_pair d, s, c;
403 
404 	d.even = (unsigned long)dest;
405 	s.even = (unsigned long)src;
406 	s.odd  = (unsigned long)src_len;
407 	c.even = (unsigned long)counter;
408 	asm volatile(
409 		"	lgr	0,%[fc]\n"
410 		"	lgr	1,%[pba]\n"
411 		"0:	.insn	rrf,%[opc] << 16,%[dst],%[src],%[ctr],0\n"
412 		"	brc	1,0b\n" /* handle partial completion */
413 		: [src] "+&d" (s.pair), [dst] "+&d" (d.pair),
414 		  [ctr] "+&d" (c.pair)
415 		: [fc] "d" (func), [pba] "d" ((unsigned long)param),
416 		  [opc] "i" (CPACF_KMCTR)
417 		: "cc", "memory", "0", "1");
418 
419 	return src_len - s.odd;
420 }
421 
422 /**
423  * cpacf_prno() - executes the PRNO (PERFORM RANDOM NUMBER OPERATION)
424  *		  instruction
425  * @func: the function code passed to PRNO; see CPACF_PRNO_xxx defines
426  * @param: address of parameter block; see POP for details on each func
427  * @dest: address of destination memory area
428  * @dest_len: size of destination memory area in bytes
429  * @seed: address of seed data
430  * @seed_len: size of seed data in bytes
431  */
432 static inline void cpacf_prno(unsigned long func, void *param,
433 			      u8 *dest, unsigned long dest_len,
434 			      const u8 *seed, unsigned long seed_len)
435 {
436 	union register_pair d, s;
437 
438 	d.even = (unsigned long)dest;
439 	d.odd  = (unsigned long)dest_len;
440 	s.even = (unsigned long)seed;
441 	s.odd  = (unsigned long)seed_len;
442 	asm volatile (
443 		"	lgr	0,%[fc]\n"
444 		"	lgr	1,%[pba]\n"
445 		"0:	.insn	rre,%[opc] << 16,%[dst],%[seed]\n"
446 		"	brc	1,0b\n"	  /* handle partial completion */
447 		: [dst] "+&d" (d.pair)
448 		: [fc] "d" (func), [pba] "d" ((unsigned long)param),
449 		  [seed] "d" (s.pair), [opc] "i" (CPACF_PRNO)
450 		: "cc", "memory", "0", "1");
451 }
452 
453 /**
454  * cpacf_trng() - executes the TRNG subfunction of the PRNO instruction
455  * @ucbuf: buffer for unconditioned data
456  * @ucbuf_len: amount of unconditioned data to fetch in bytes
457  * @cbuf: buffer for conditioned data
458  * @cbuf_len: amount of conditioned data to fetch in bytes
459  */
460 static inline void cpacf_trng(u8 *ucbuf, unsigned long ucbuf_len,
461 			      u8 *cbuf, unsigned long cbuf_len)
462 {
463 	union register_pair u, c;
464 
465 	u.even = (unsigned long)ucbuf;
466 	u.odd  = (unsigned long)ucbuf_len;
467 	c.even = (unsigned long)cbuf;
468 	c.odd  = (unsigned long)cbuf_len;
469 	asm volatile (
470 		"	lghi	0,%[fc]\n"
471 		"0:	.insn	rre,%[opc] << 16,%[ucbuf],%[cbuf]\n"
472 		"	brc	1,0b\n"	  /* handle partial completion */
473 		: [ucbuf] "+&d" (u.pair), [cbuf] "+&d" (c.pair)
474 		: [fc] "K" (CPACF_PRNO_TRNG), [opc] "i" (CPACF_PRNO)
475 		: "cc", "memory", "0");
476 }
477 
478 /**
479  * cpacf_pcc() - executes the PCC (PERFORM CRYPTOGRAPHIC COMPUTATION)
480  *		 instruction
481  * @func: the function code passed to PCC; see CPACF_KM_xxx defines
482  * @param: address of parameter block; see POP for details on each func
483  */
484 static inline void cpacf_pcc(unsigned long func, void *param)
485 {
486 	asm volatile(
487 		"	lgr	0,%[fc]\n"
488 		"	lgr	1,%[pba]\n"
489 		"0:	.insn	rre,%[opc] << 16,0,0\n" /* PCC opcode */
490 		"	brc	1,0b\n" /* handle partial completion */
491 		:
492 		: [fc] "d" (func), [pba] "d" ((unsigned long)param),
493 		  [opc] "i" (CPACF_PCC)
494 		: "cc", "memory", "0", "1");
495 }
496 
497 /**
498  * cpacf_pckmo() - executes the PCKMO (PERFORM CRYPTOGRAPHIC KEY
499  *		  MANAGEMENT) instruction
500  * @func: the function code passed to PCKMO; see CPACF_PCKMO_xxx defines
501  * @param: address of parameter block; see POP for details on each func
502  *
503  * Returns 0.
504  */
505 static inline void cpacf_pckmo(long func, void *param)
506 {
507 	asm volatile(
508 		"	lgr	0,%[fc]\n"
509 		"	lgr	1,%[pba]\n"
510 		"       .insn   rre,%[opc] << 16,0,0\n" /* PCKMO opcode */
511 		:
512 		: [fc] "d" (func), [pba] "d" ((unsigned long)param),
513 		  [opc] "i" (CPACF_PCKMO)
514 		: "cc", "memory", "0", "1");
515 }
516 
517 /**
518  * cpacf_kma() - executes the KMA (CIPHER MESSAGE WITH AUTHENTICATION)
519  *		 instruction
520  * @func: the function code passed to KMA; see CPACF_KMA_xxx defines
521  * @param: address of parameter block; see POP for details on each func
522  * @dest: address of destination memory area
523  * @src: address of source memory area
524  * @src_len: length of src operand in bytes
525  * @aad: address of additional authenticated data memory area
526  * @aad_len: length of aad operand in bytes
527  */
528 static inline void cpacf_kma(unsigned long func, void *param, u8 *dest,
529 			     const u8 *src, unsigned long src_len,
530 			     const u8 *aad, unsigned long aad_len)
531 {
532 	union register_pair d, s, a;
533 
534 	d.even = (unsigned long)dest;
535 	s.even = (unsigned long)src;
536 	s.odd  = (unsigned long)src_len;
537 	a.even = (unsigned long)aad;
538 	a.odd  = (unsigned long)aad_len;
539 	asm volatile(
540 		"	lgr	0,%[fc]\n"
541 		"	lgr	1,%[pba]\n"
542 		"0:	.insn	rrf,%[opc] << 16,%[dst],%[src],%[aad],0\n"
543 		"	brc	1,0b\n"	/* handle partial completion */
544 		: [dst] "+&d" (d.pair), [src] "+&d" (s.pair),
545 		  [aad] "+&d" (a.pair)
546 		: [fc] "d" (func), [pba] "d" ((unsigned long)param),
547 		  [opc] "i" (CPACF_KMA)
548 		: "cc", "memory", "0", "1");
549 }
550 
551 #endif	/* _ASM_S390_CPACF_H */
552