On 30/10/2024 17:22, Harald Freudenberger wrote:
> From: Holger Dengler <dengler@xxxxxxxxxxxxx>
>
> Add support for protected key hmac ("phmac") for s390 arch.
>
> With the latest machine generation there is now support for
> protected key (that is a key wrapped by a master key stored
> in firmware) hmac for sha2 (sha224, sha256, sha384 and sha512)
> for the s390 specific CPACF instruction kmac.
>
> This patch adds support via 4 new shashes registered as
> phmac(sha224), phmac(sha256), phmac(sha384) and phmac(sha512).
>
> Please note that as of now, there is no selftest enabled for
> these shashes, but the implementation has been tested with
> testcases via AF_ALG interface.
>
> Signed-off-by: Holger Dengler <dengler@xxxxxxxxxxxxx>
> Signed-off-by: Harald Freudenberger <freude@xxxxxxxxxxxxx>
> ---
> arch/s390/configs/debug_defconfig | 1 +
> arch/s390/configs/defconfig | 1 +
> arch/s390/crypto/Makefile | 1 +
> arch/s390/crypto/phmac_s390.c | 484 ++++++++++++++++++++++++++++++
> drivers/crypto/Kconfig | 12 +
> 5 files changed, 499 insertions(+)
> create mode 100644 arch/s390/crypto/phmac_s390.c
>
[...]
> diff --git a/arch/s390/crypto/phmac_s390.c b/arch/s390/crypto/phmac_s390.c
> new file mode 100644
> index 000000000000..7f68ba29626f
> --- /dev/null
> +++ b/arch/s390/crypto/phmac_s390.c
> @@ -0,0 +1,484 @@
[...]
> +static int s390_phmac_sha2_clone_tfm(struct crypto_shash *dst,
> + struct crypto_shash *src)
> +{
> + struct s390_phmac_ctx *dst_ctx = crypto_shash_ctx(dst);
> + struct s390_phmac_ctx *src_ctx = crypto_shash_ctx(src);
> + int rc;
> +
> + rc = s390_phmac_sha2_init_tfm(dst);
> + if (rc)
> + return rc;
> +
> + if (src_ctx->key && src_ctx->keylen) {
> + dst_ctx->key = kmemdup(src_ctx->key, src_ctx->keylen,
> + GFP_KERNEL);
> + if (!dst_ctx->key)
> + return -ENOMEM;
> + dst_ctx->keylen = src_ctx->keylen;
> + return phmac_convert_key(dst_ctx);
This will clone only parts of the tfm_ctx, e.g. the function code (fc) is missing. I would highly recommend to just call setkey() here instead.
> + }
> +
> + return 0;
> +}
[...]
> +static int __init phmac_s390_init(void)
> +{
> + struct s390_hmac_alg *hmac;
> + int i, rc = -ENODEV;
> +
> + if (!cpacf_query_func(CPACF_KLMD, CPACF_KLMD_SHA_256))
> + return -ENODEV;
> + if (!cpacf_query_func(CPACF_KLMD, CPACF_KLMD_SHA_512))
> + return -ENODEV;
These two check are not neccessary. Please remove them.
[...]
--
Mit freundlichen Grüßen / Kind regards
Holger Dengler
--
IBM Systems, Linux on IBM Z Development
dengler@xxxxxxxxxxxxx
