1 /* SPDX-License-Identifier: GPL-2.0 */
2 /*
3 * CP Assist for Cryptographic Functions (CPACF)
4 *
5 * Copyright IBM Corp. 2003, 2017
6 * Author(s): Thomas Spatzier
7 * Jan Glauber
8 * Harald Freudenberger (freude@de.ibm.com)
9 * Martin Schwidefsky <schwidefsky@de.ibm.com>
10 */
11 #ifndef _ASM_S390_CPACF_H
12 #define _ASM_S390_CPACF_H
13
14 #include <asm/facility.h>
15
16 /*
17 * Instruction opcodes for the CPACF instructions
18 */
19 #define CPACF_KMAC 0xb91e /* MSA */
20 #define CPACF_KM 0xb92e /* MSA */
21 #define CPACF_KMC 0xb92f /* MSA */
22 #define CPACF_KIMD 0xb93e /* MSA */
23 #define CPACF_KLMD 0xb93f /* MSA */
24 #define CPACF_PCKMO 0xb928 /* MSA3 */
25 #define CPACF_KMF 0xb92a /* MSA4 */
26 #define CPACF_KMO 0xb92b /* MSA4 */
27 #define CPACF_PCC 0xb92c /* MSA4 */
28 #define CPACF_KMCTR 0xb92d /* MSA4 */
29 #define CPACF_PRNO 0xb93c /* MSA5 */
30 #define CPACF_KMA 0xb929 /* MSA8 */
31 #define CPACF_KDSA 0xb93a /* MSA9 */
32
33 /*
34 * En/decryption modifier bits
35 */
36 #define CPACF_ENCRYPT 0x00
37 #define CPACF_DECRYPT 0x80
38
39 /*
40 * Function codes for the KM (CIPHER MESSAGE) instruction
41 */
42 #define CPACF_KM_QUERY 0x00
43 #define CPACF_KM_DEA 0x01
44 #define CPACF_KM_TDEA_128 0x02
45 #define CPACF_KM_TDEA_192 0x03
46 #define CPACF_KM_AES_128 0x12
47 #define CPACF_KM_AES_192 0x13
48 #define CPACF_KM_AES_256 0x14
49 #define CPACF_KM_PAES_128 0x1a
50 #define CPACF_KM_PAES_192 0x1b
51 #define CPACF_KM_PAES_256 0x1c
52 #define CPACF_KM_XTS_128 0x32
53 #define CPACF_KM_XTS_256 0x34
54 #define CPACF_KM_PXTS_128 0x3a
55 #define CPACF_KM_PXTS_256 0x3c
56
57 /*
58 * Function codes for the KMC (CIPHER MESSAGE WITH CHAINING)
59 * instruction
60 */
61 #define CPACF_KMC_QUERY 0x00
62 #define CPACF_KMC_DEA 0x01
63 #define CPACF_KMC_TDEA_128 0x02
64 #define CPACF_KMC_TDEA_192 0x03
65 #define CPACF_KMC_AES_128 0x12
66 #define CPACF_KMC_AES_192 0x13
67 #define CPACF_KMC_AES_256 0x14
68 #define CPACF_KMC_PAES_128 0x1a
69 #define CPACF_KMC_PAES_192 0x1b
70 #define CPACF_KMC_PAES_256 0x1c
71 #define CPACF_KMC_PRNG 0x43
72
73 /*
74 * Function codes for the KMCTR (CIPHER MESSAGE WITH COUNTER)
75 * instruction
76 */
77 #define CPACF_KMCTR_QUERY 0x00
78 #define CPACF_KMCTR_DEA 0x01
79 #define CPACF_KMCTR_TDEA_128 0x02
80 #define CPACF_KMCTR_TDEA_192 0x03
81 #define CPACF_KMCTR_AES_128 0x12
82 #define CPACF_KMCTR_AES_192 0x13
83 #define CPACF_KMCTR_AES_256 0x14
84 #define CPACF_KMCTR_PAES_128 0x1a
85 #define CPACF_KMCTR_PAES_192 0x1b
86 #define CPACF_KMCTR_PAES_256 0x1c
87
88 /*
89 * Function codes for the KIMD (COMPUTE INTERMEDIATE MESSAGE DIGEST)
90 * instruction
91 */
92 #define CPACF_KIMD_QUERY 0x00
93 #define CPACF_KIMD_SHA_1 0x01
94 #define CPACF_KIMD_SHA_256 0x02
95 #define CPACF_KIMD_SHA_512 0x03
96 #define CPACF_KIMD_SHA3_224 0x20
97 #define CPACF_KIMD_SHA3_256 0x21
98 #define CPACF_KIMD_SHA3_384 0x22
99 #define CPACF_KIMD_SHA3_512 0x23
100 #define CPACF_KIMD_GHASH 0x41
101
102 /*
103 * Function codes for the KLMD (COMPUTE LAST MESSAGE DIGEST)
104 * instruction
105 */
106 #define CPACF_KLMD_QUERY 0x00
107 #define CPACF_KLMD_SHA_1 0x01
108 #define CPACF_KLMD_SHA_256 0x02
109 #define CPACF_KLMD_SHA_512 0x03
110 #define CPACF_KLMD_SHA3_224 0x20
111 #define CPACF_KLMD_SHA3_256 0x21
112 #define CPACF_KLMD_SHA3_384 0x22
113 #define CPACF_KLMD_SHA3_512 0x23
114
115 /*
116 * function codes for the KMAC (COMPUTE MESSAGE AUTHENTICATION CODE)
117 * instruction
118 */
119 #define CPACF_KMAC_QUERY 0x00
120 #define CPACF_KMAC_DEA 0x01
121 #define CPACF_KMAC_TDEA_128 0x02
122 #define CPACF_KMAC_TDEA_192 0x03
123
124 /*
125 * Function codes for the PCKMO (PERFORM CRYPTOGRAPHIC KEY MANAGEMENT)
126 * instruction
127 */
128 #define CPACF_PCKMO_QUERY 0x00
129 #define CPACF_PCKMO_ENC_DES_KEY 0x01
130 #define CPACF_PCKMO_ENC_TDES_128_KEY 0x02
131 #define CPACF_PCKMO_ENC_TDES_192_KEY 0x03
132 #define CPACF_PCKMO_ENC_AES_128_KEY 0x12
133 #define CPACF_PCKMO_ENC_AES_192_KEY 0x13
134 #define CPACF_PCKMO_ENC_AES_256_KEY 0x14
135
136 /*
137 * Function codes for the PRNO (PERFORM RANDOM NUMBER OPERATION)
138 * instruction
139 */
140 #define CPACF_PRNO_QUERY 0x00
141 #define CPACF_PRNO_SHA512_DRNG_GEN 0x03
142 #define CPACF_PRNO_SHA512_DRNG_SEED 0x83
143 #define CPACF_PRNO_TRNG_Q_R2C_RATIO 0x70
144 #define CPACF_PRNO_TRNG 0x72
145
146 /*
147 * Function codes for the KMA (CIPHER MESSAGE WITH AUTHENTICATION)
148 * instruction
149 */
150 #define CPACF_KMA_QUERY 0x00
151 #define CPACF_KMA_GCM_AES_128 0x12
152 #define CPACF_KMA_GCM_AES_192 0x13
153 #define CPACF_KMA_GCM_AES_256 0x14
154
155 /*
156 * Flags for the KMA (CIPHER MESSAGE WITH AUTHENTICATION) instruction
157 */
158 #define CPACF_KMA_LPC 0x100 /* Last-Plaintext/Ciphertext */
159 #define CPACF_KMA_LAAD 0x200 /* Last-AAD */
160 #define CPACF_KMA_HS 0x400 /* Hash-subkey Supplied */
161
162 typedef struct { unsigned char bytes[16]; } cpacf_mask_t;
163
164 /**
165 * cpacf_query() - check if a specific CPACF function is available
166 * @opcode: the opcode of the crypto instruction
167 * @func: the function code to test for
168 *
169 * Executes the query function for the given crypto instruction @opcode
170 * and checks if @func is available
171 *
172 * Returns 1 if @func is available for @opcode, 0 otherwise
173 */
__cpacf_query(unsigned int opcode,cpacf_mask_t * mask)174 static __always_inline void __cpacf_query(unsigned int opcode, cpacf_mask_t *mask)
175 {
176 asm volatile(
177 " lghi 0,0\n" /* query function */
178 " lgr 1,%[mask]\n"
179 " spm 0\n" /* pckmo doesn't change the cc */
180 /* Parameter regs are ignored, but must be nonzero and unique */
181 "0: .insn rrf,%[opc] << 16,2,4,6,0\n"
182 " brc 1,0b\n" /* handle partial completion */
183 : "=m" (*mask)
184 : [mask] "d" ((unsigned long)mask), [opc] "i" (opcode)
185 : "cc", "0", "1");
186 }
187
__cpacf_check_opcode(unsigned int opcode)188 static __always_inline int __cpacf_check_opcode(unsigned int opcode)
189 {
190 switch (opcode) {
191 case CPACF_KMAC:
192 case CPACF_KM:
193 case CPACF_KMC:
194 case CPACF_KIMD:
195 case CPACF_KLMD:
196 return test_facility(17); /* check for MSA */
197 case CPACF_PCKMO:
198 return test_facility(76); /* check for MSA3 */
199 case CPACF_KMF:
200 case CPACF_KMO:
201 case CPACF_PCC:
202 case CPACF_KMCTR:
203 return test_facility(77); /* check for MSA4 */
204 case CPACF_PRNO:
205 return test_facility(57); /* check for MSA5 */
206 case CPACF_KMA:
207 return test_facility(146); /* check for MSA8 */
208 default:
209 BUG();
210 }
211 }
212
cpacf_query(unsigned int opcode,cpacf_mask_t * mask)213 static __always_inline int cpacf_query(unsigned int opcode, cpacf_mask_t *mask)
214 {
215 if (__cpacf_check_opcode(opcode)) {
216 __cpacf_query(opcode, mask);
217 return 1;
218 }
219 memset(mask, 0, sizeof(*mask));
220 return 0;
221 }
222
cpacf_test_func(cpacf_mask_t * mask,unsigned int func)223 static inline int cpacf_test_func(cpacf_mask_t *mask, unsigned int func)
224 {
225 return (mask->bytes[func >> 3] & (0x80 >> (func & 7))) != 0;
226 }
227
cpacf_query_func(unsigned int opcode,unsigned int func)228 static __always_inline int cpacf_query_func(unsigned int opcode, unsigned int func)
229 {
230 cpacf_mask_t mask;
231
232 if (cpacf_query(opcode, &mask))
233 return cpacf_test_func(&mask, func);
234 return 0;
235 }
236
237 /**
238 * cpacf_km() - executes the KM (CIPHER MESSAGE) instruction
239 * @func: the function code passed to KM; see CPACF_KM_xxx defines
240 * @param: address of parameter block; see POP for details on each func
241 * @dest: address of destination memory area
242 * @src: address of source memory area
243 * @src_len: length of src operand in bytes
244 *
245 * Returns 0 for the query func, number of processed bytes for
246 * encryption/decryption funcs
247 */
cpacf_km(unsigned long func,void * param,u8 * dest,const u8 * src,long src_len)248 static inline int cpacf_km(unsigned long func, void *param,
249 u8 *dest, const u8 *src, long src_len)
250 {
251 union register_pair d, s;
252
253 d.even = (unsigned long)dest;
254 s.even = (unsigned long)src;
255 s.odd = (unsigned long)src_len;
256 asm volatile(
257 " lgr 0,%[fc]\n"
258 " lgr 1,%[pba]\n"
259 "0: .insn rre,%[opc] << 16,%[dst],%[src]\n"
260 " brc 1,0b\n" /* handle partial completion */
261 : [src] "+&d" (s.pair), [dst] "+&d" (d.pair)
262 : [fc] "d" (func), [pba] "d" ((unsigned long)param),
263 [opc] "i" (CPACF_KM)
264 : "cc", "memory", "0", "1");
265
266 return src_len - s.odd;
267 }
268
269 /**
270 * cpacf_kmc() - executes the KMC (CIPHER MESSAGE WITH CHAINING) instruction
271 * @func: the function code passed to KM; see CPACF_KMC_xxx defines
272 * @param: address of parameter block; see POP for details on each func
273 * @dest: address of destination memory area
274 * @src: address of source memory area
275 * @src_len: length of src operand in bytes
276 *
277 * Returns 0 for the query func, number of processed bytes for
278 * encryption/decryption funcs
279 */
cpacf_kmc(unsigned long func,void * param,u8 * dest,const u8 * src,long src_len)280 static inline int cpacf_kmc(unsigned long func, void *param,
281 u8 *dest, const u8 *src, long src_len)
282 {
283 union register_pair d, s;
284
285 d.even = (unsigned long)dest;
286 s.even = (unsigned long)src;
287 s.odd = (unsigned long)src_len;
288 asm volatile(
289 " lgr 0,%[fc]\n"
290 " lgr 1,%[pba]\n"
291 "0: .insn rre,%[opc] << 16,%[dst],%[src]\n"
292 " brc 1,0b\n" /* handle partial completion */
293 : [src] "+&d" (s.pair), [dst] "+&d" (d.pair)
294 : [fc] "d" (func), [pba] "d" ((unsigned long)param),
295 [opc] "i" (CPACF_KMC)
296 : "cc", "memory", "0", "1");
297
298 return src_len - s.odd;
299 }
300
301 /**
302 * cpacf_kimd() - executes the KIMD (COMPUTE INTERMEDIATE MESSAGE DIGEST)
303 * instruction
304 * @func: the function code passed to KM; see CPACF_KIMD_xxx defines
305 * @param: address of parameter block; see POP for details on each func
306 * @src: address of source memory area
307 * @src_len: length of src operand in bytes
308 */
cpacf_kimd(unsigned long func,void * param,const u8 * src,long src_len)309 static inline void cpacf_kimd(unsigned long func, void *param,
310 const u8 *src, long src_len)
311 {
312 union register_pair s;
313
314 s.even = (unsigned long)src;
315 s.odd = (unsigned long)src_len;
316 asm volatile(
317 " lgr 0,%[fc]\n"
318 " lgr 1,%[pba]\n"
319 "0: .insn rre,%[opc] << 16,0,%[src]\n"
320 " brc 1,0b\n" /* handle partial completion */
321 : [src] "+&d" (s.pair)
322 : [fc] "d" (func), [pba] "d" ((unsigned long)(param)),
323 [opc] "i" (CPACF_KIMD)
324 : "cc", "memory", "0", "1");
325 }
326
327 /**
328 * cpacf_klmd() - executes the KLMD (COMPUTE LAST MESSAGE DIGEST) instruction
329 * @func: the function code passed to KM; see CPACF_KLMD_xxx defines
330 * @param: address of parameter block; see POP for details on each func
331 * @src: address of source memory area
332 * @src_len: length of src operand in bytes
333 */
cpacf_klmd(unsigned long func,void * param,const u8 * src,long src_len)334 static inline void cpacf_klmd(unsigned long func, void *param,
335 const u8 *src, long src_len)
336 {
337 union register_pair s;
338
339 s.even = (unsigned long)src;
340 s.odd = (unsigned long)src_len;
341 asm volatile(
342 " lgr 0,%[fc]\n"
343 " lgr 1,%[pba]\n"
344 "0: .insn rre,%[opc] << 16,0,%[src]\n"
345 " brc 1,0b\n" /* handle partial completion */
346 : [src] "+&d" (s.pair)
347 : [fc] "d" (func), [pba] "d" ((unsigned long)param),
348 [opc] "i" (CPACF_KLMD)
349 : "cc", "memory", "0", "1");
350 }
351
352 /**
353 * cpacf_kmac() - executes the KMAC (COMPUTE MESSAGE AUTHENTICATION CODE)
354 * instruction
355 * @func: the function code passed to KM; see CPACF_KMAC_xxx defines
356 * @param: address of parameter block; see POP for details on each func
357 * @src: address of source memory area
358 * @src_len: length of src operand in bytes
359 *
360 * Returns 0 for the query func, number of processed bytes for digest funcs
361 */
cpacf_kmac(unsigned long func,void * param,const u8 * src,long src_len)362 static inline int cpacf_kmac(unsigned long func, void *param,
363 const u8 *src, long src_len)
364 {
365 union register_pair s;
366
367 s.even = (unsigned long)src;
368 s.odd = (unsigned long)src_len;
369 asm volatile(
370 " lgr 0,%[fc]\n"
371 " lgr 1,%[pba]\n"
372 "0: .insn rre,%[opc] << 16,0,%[src]\n"
373 " brc 1,0b\n" /* handle partial completion */
374 : [src] "+&d" (s.pair)
375 : [fc] "d" (func), [pba] "d" ((unsigned long)param),
376 [opc] "i" (CPACF_KMAC)
377 : "cc", "memory", "0", "1");
378
379 return src_len - s.odd;
380 }
381
382 /**
383 * cpacf_kmctr() - executes the KMCTR (CIPHER MESSAGE WITH COUNTER) instruction
384 * @func: the function code passed to KMCTR; see CPACF_KMCTR_xxx defines
385 * @param: address of parameter block; see POP for details on each func
386 * @dest: address of destination memory area
387 * @src: address of source memory area
388 * @src_len: length of src operand in bytes
389 * @counter: address of counter value
390 *
391 * Returns 0 for the query func, number of processed bytes for
392 * encryption/decryption funcs
393 */
cpacf_kmctr(unsigned long func,void * param,u8 * dest,const u8 * src,long src_len,u8 * counter)394 static inline int cpacf_kmctr(unsigned long func, void *param, u8 *dest,
395 const u8 *src, long src_len, u8 *counter)
396 {
397 union register_pair d, s, c;
398
399 d.even = (unsigned long)dest;
400 s.even = (unsigned long)src;
401 s.odd = (unsigned long)src_len;
402 c.even = (unsigned long)counter;
403 asm volatile(
404 " lgr 0,%[fc]\n"
405 " lgr 1,%[pba]\n"
406 "0: .insn rrf,%[opc] << 16,%[dst],%[src],%[ctr],0\n"
407 " brc 1,0b\n" /* handle partial completion */
408 : [src] "+&d" (s.pair), [dst] "+&d" (d.pair),
409 [ctr] "+&d" (c.pair)
410 : [fc] "d" (func), [pba] "d" ((unsigned long)param),
411 [opc] "i" (CPACF_KMCTR)
412 : "cc", "memory", "0", "1");
413
414 return src_len - s.odd;
415 }
416
417 /**
418 * cpacf_prno() - executes the PRNO (PERFORM RANDOM NUMBER OPERATION)
419 * instruction
420 * @func: the function code passed to PRNO; see CPACF_PRNO_xxx defines
421 * @param: address of parameter block; see POP for details on each func
422 * @dest: address of destination memory area
423 * @dest_len: size of destination memory area in bytes
424 * @seed: address of seed data
425 * @seed_len: size of seed data in bytes
426 */
cpacf_prno(unsigned long func,void * param,u8 * dest,unsigned long dest_len,const u8 * seed,unsigned long seed_len)427 static inline void cpacf_prno(unsigned long func, void *param,
428 u8 *dest, unsigned long dest_len,
429 const u8 *seed, unsigned long seed_len)
430 {
431 union register_pair d, s;
432
433 d.even = (unsigned long)dest;
434 d.odd = (unsigned long)dest_len;
435 s.even = (unsigned long)seed;
436 s.odd = (unsigned long)seed_len;
437 asm volatile (
438 " lgr 0,%[fc]\n"
439 " lgr 1,%[pba]\n"
440 "0: .insn rre,%[opc] << 16,%[dst],%[seed]\n"
441 " brc 1,0b\n" /* handle partial completion */
442 : [dst] "+&d" (d.pair)
443 : [fc] "d" (func), [pba] "d" ((unsigned long)param),
444 [seed] "d" (s.pair), [opc] "i" (CPACF_PRNO)
445 : "cc", "memory", "0", "1");
446 }
447
448 /**
449 * cpacf_trng() - executes the TRNG subfunction of the PRNO instruction
450 * @ucbuf: buffer for unconditioned data
451 * @ucbuf_len: amount of unconditioned data to fetch in bytes
452 * @cbuf: buffer for conditioned data
453 * @cbuf_len: amount of conditioned data to fetch in bytes
454 */
cpacf_trng(u8 * ucbuf,unsigned long ucbuf_len,u8 * cbuf,unsigned long cbuf_len)455 static inline void cpacf_trng(u8 *ucbuf, unsigned long ucbuf_len,
456 u8 *cbuf, unsigned long cbuf_len)
457 {
458 union register_pair u, c;
459
460 u.even = (unsigned long)ucbuf;
461 u.odd = (unsigned long)ucbuf_len;
462 c.even = (unsigned long)cbuf;
463 c.odd = (unsigned long)cbuf_len;
464 asm volatile (
465 " lghi 0,%[fc]\n"
466 "0: .insn rre,%[opc] << 16,%[ucbuf],%[cbuf]\n"
467 " brc 1,0b\n" /* handle partial completion */
468 : [ucbuf] "+&d" (u.pair), [cbuf] "+&d" (c.pair)
469 : [fc] "K" (CPACF_PRNO_TRNG), [opc] "i" (CPACF_PRNO)
470 : "cc", "memory", "0");
471 }
472
473 /**
474 * cpacf_pcc() - executes the PCC (PERFORM CRYPTOGRAPHIC COMPUTATION)
475 * instruction
476 * @func: the function code passed to PCC; see CPACF_KM_xxx defines
477 * @param: address of parameter block; see POP for details on each func
478 */
cpacf_pcc(unsigned long func,void * param)479 static inline void cpacf_pcc(unsigned long func, void *param)
480 {
481 asm volatile(
482 " lgr 0,%[fc]\n"
483 " lgr 1,%[pba]\n"
484 "0: .insn rre,%[opc] << 16,0,0\n" /* PCC opcode */
485 " brc 1,0b\n" /* handle partial completion */
486 :
487 : [fc] "d" (func), [pba] "d" ((unsigned long)param),
488 [opc] "i" (CPACF_PCC)
489 : "cc", "memory", "0", "1");
490 }
491
492 /**
493 * cpacf_pckmo() - executes the PCKMO (PERFORM CRYPTOGRAPHIC KEY
494 * MANAGEMENT) instruction
495 * @func: the function code passed to PCKMO; see CPACF_PCKMO_xxx defines
496 * @param: address of parameter block; see POP for details on each func
497 *
498 * Returns 0.
499 */
cpacf_pckmo(long func,void * param)500 static inline void cpacf_pckmo(long func, void *param)
501 {
502 asm volatile(
503 " lgr 0,%[fc]\n"
504 " lgr 1,%[pba]\n"
505 " .insn rre,%[opc] << 16,0,0\n" /* PCKMO opcode */
506 :
507 : [fc] "d" (func), [pba] "d" ((unsigned long)param),
508 [opc] "i" (CPACF_PCKMO)
509 : "cc", "memory", "0", "1");
510 }
511
512 /**
513 * cpacf_kma() - executes the KMA (CIPHER MESSAGE WITH AUTHENTICATION)
514 * instruction
515 * @func: the function code passed to KMA; see CPACF_KMA_xxx defines
516 * @param: address of parameter block; see POP for details on each func
517 * @dest: address of destination memory area
518 * @src: address of source memory area
519 * @src_len: length of src operand in bytes
520 * @aad: address of additional authenticated data memory area
521 * @aad_len: length of aad operand in bytes
522 */
cpacf_kma(unsigned long func,void * param,u8 * dest,const u8 * src,unsigned long src_len,const u8 * aad,unsigned long aad_len)523 static inline void cpacf_kma(unsigned long func, void *param, u8 *dest,
524 const u8 *src, unsigned long src_len,
525 const u8 *aad, unsigned long aad_len)
526 {
527 union register_pair d, s, a;
528
529 d.even = (unsigned long)dest;
530 s.even = (unsigned long)src;
531 s.odd = (unsigned long)src_len;
532 a.even = (unsigned long)aad;
533 a.odd = (unsigned long)aad_len;
534 asm volatile(
535 " lgr 0,%[fc]\n"
536 " lgr 1,%[pba]\n"
537 "0: .insn rrf,%[opc] << 16,%[dst],%[src],%[aad],0\n"
538 " brc 1,0b\n" /* handle partial completion */
539 : [dst] "+&d" (d.pair), [src] "+&d" (s.pair),
540 [aad] "+&d" (a.pair)
541 : [fc] "d" (func), [pba] "d" ((unsigned long)param),
542 [opc] "i" (CPACF_KMA)
543 : "cc", "memory", "0", "1");
544 }
545
546 #endif /* _ASM_S390_CPACF_H */
547