| From: |
| Harald Freudenberger <freude-AT-linux.ibm.com> |
| To: |
| herbert-AT-gondor.apana.org.au, davem-AT-davemloft.net, dengler-AT-linux.ibm.com |
| Subject: |
| [PATCH v5 0/3] New s390 specific protected key hmac |
| Date: |
| Fri, 22 Nov 2024 15:34:24 +0100 |
| Message-ID: |
| <20241122143427.135682-1-freude@linux.ibm.com> |
| Cc: |
| linux-s390-AT-vger.kernel.org, linux-crypto-AT-vger.kernel.org |
| Archive-link: |
| Article |
Add support for protected key hmac ("phmac") for s390 arch.
With the latest machine generation there is now support for
protected key (that is a key wrapped by a master key stored
in firmware) hmac for sha2 (sha224, sha256, sha384 and sha512)
for the s390 specific CPACF instruction kmac.
This patch adds support via 4 new shashes registered as
phmac(sha224), phmac(sha256), phmac(sha384) and phmac(sha512).
Please note that as of now, there is no selftest enabled for
these shashes, but the implementation has been tested with
testcases via AF_ALG interface. However, there may come an
improvement soon to use the available clear key hmac selftests.
Changelog:
v1: Initial version
v2: Increase HASH_MAX_DESCSIZE generic (not just for arch s390).
Fix one finding to use kmemdup instead of kmalloc/memcpy from test
robot. Remove unneeded cpacf subfunctions checks. Simplify
clone_tfm() function. Rebased to s390/features.
v3: Feedback from Herbert: Use GFP_ATOMIC in setkey function.
Feedback from Holger: rework tfm clone function, move convert key
invocation from setkey to init function. Rebased to updated
s390/features from 11/7/2024. Ready for integration if there are
no complains on v3.
v4: Rewind back more or less to v2. Add code to check for non-sleeping
context. Non-sleeping context during attempt to derive the
protected key from raw key material is not accepted and
-EOPNOTSUPP is returned (also currently all derivation pathes
would in fact never sleep). In general the phmac implementation is
not to be used within non-sleeping context and the code header
mentions this. Tested with (patched) dm-integrity - works fine.
v5: As suggested by Herbert now the shashes have been marked as
'internal' and wrapped by ahashes which use the cryptd if an
atomic context is detected. So the visible phmac algorithms are
now ahashes. Unfortunately the dm-integrity implementation
currently requests and deals only with shashes and this phmac
implementation is not fitting to the original goal any more...
Harald Freudenberger (1):
s390/crypto: New s390 specific protected key hash phmac
Holger Dengler (2):
crypto: api - Adjust HASH_MAX_DESCSIZE for s390-phmac context
s390/crypto: Add protected key hmac subfunctions for KMAC
arch/s390/configs/debug_defconfig | 1 +
arch/s390/configs/defconfig | 1 +
arch/s390/crypto/Makefile | 1 +
arch/s390/crypto/phmac_s390.c | 661 ++++++++++++++++++++++++++++++
arch/s390/include/asm/cpacf.h | 4 +
drivers/crypto/Kconfig | 12 +
include/crypto/hash.h | 5 +-
7 files changed, 682 insertions(+), 3 deletions(-)
create mode 100644 arch/s390/crypto/phmac_s390.c
base-commit: 3f020399e4f1c690ce87b4c472f75b1fc89e07d5
--
2.43.0
