On 05/11/2024 14:58, Harald Freudenberger wrote:
> From: Holger Dengler <dengler@xxxxxxxxxxxxx>
>
> Add support for protected key hmac ("phmac") for s390 arch.
>
> With the latest machine generation there is now support for
> protected key (that is a key wrapped by a master key stored
> in firmware) hmac for sha2 (sha224, sha256, sha384 and sha512)
> for the s390 specific CPACF instruction kmac.
>
> This patch adds support via 4 new shashes registered as
> phmac(sha224), phmac(sha256), phmac(sha384) and phmac(sha512).
>
> Please note that as of now, there is no selftest enabled for
> these shashes, but the implementation has been tested with
> testcases via AF_ALG interface.
>
> Signed-off-by: Holger Dengler <dengler@xxxxxxxxxxxxx>
> Signed-off-by: Harald Freudenberger <freude@xxxxxxxxxxxxx>
> ---
> arch/s390/configs/debug_defconfig | 1 +
> arch/s390/configs/defconfig | 1 +
> arch/s390/crypto/Makefile | 1 +
> arch/s390/crypto/phmac_s390.c | 468 ++++++++++++++++++++++++++++++
> drivers/crypto/Kconfig | 12 +
> 5 files changed, 483 insertions(+)
> create mode 100644 arch/s390/crypto/phmac_s390.c
>
[...]
> diff --git a/arch/s390/crypto/phmac_s390.c b/arch/s390/crypto/phmac_s390.c
> new file mode 100644
> index 000000000000..10835fcb818a
> --- /dev/null
> +++ b/arch/s390/crypto/phmac_s390.c
> @@ -0,0 +1,468 @@
[...]
> +static int s390_phmac_sha2_clone_tfm(struct crypto_shash *dst,
> + struct crypto_shash *src)
> +{
> + struct s390_phmac_ctx *src_ctx = crypto_shash_ctx(src);
> + int rc;
> +
> + rc = s390_phmac_sha2_init_tfm(dst);
> + if (rc)
> + return rc;
> +
> + return s390_phmac_sha2_setkey(dst, src_ctx->key, src_ctx->keylen);
You should call setkey() only if the key in src_ctx has been set.
return src_ctx->key ? s390_phmac_sha2_setkey(dst, src_ctx->key, src_ctx->keylen) : 0;
> +}
--
Mit freundlichen Grüßen / Kind regards
Holger Dengler
--
IBM Systems, Linux on IBM Z Development
dengler@xxxxxxxxxxxxx
