Commit 27937843 authored by Martin Schwidefsky's avatar Martin Schwidefsky

s390/crypt: Add protected key AES module

This patch introduces a new in-kernel-crypto blockcipher
called 'paes' which implements AES with protected keys.
The paes blockcipher can be used similar to the aes
blockcipher but uses secure key material to derive the
working protected key and so offers an encryption
implementation where never a clear key value is exposed
in memory.

The paes module is only available for the s390 platform
providing a minimal hardware support of CPACF enabled
with at least MSA level 3. Upon module initialization
these requirements are checked.

Includes additional contribution from Harald Freudenberger.
Signed-off-by: default avatarMartin Schwidefsky <schwidefsky@de.ibm.com>
parent 8693b914
...@@ -6,7 +6,7 @@ obj-$(CONFIG_CRYPTO_SHA1_S390) += sha1_s390.o sha_common.o ...@@ -6,7 +6,7 @@ obj-$(CONFIG_CRYPTO_SHA1_S390) += sha1_s390.o sha_common.o
obj-$(CONFIG_CRYPTO_SHA256_S390) += sha256_s390.o sha_common.o obj-$(CONFIG_CRYPTO_SHA256_S390) += sha256_s390.o sha_common.o
obj-$(CONFIG_CRYPTO_SHA512_S390) += sha512_s390.o sha_common.o obj-$(CONFIG_CRYPTO_SHA512_S390) += sha512_s390.o sha_common.o
obj-$(CONFIG_CRYPTO_DES_S390) += des_s390.o obj-$(CONFIG_CRYPTO_DES_S390) += des_s390.o
obj-$(CONFIG_CRYPTO_AES_S390) += aes_s390.o obj-$(CONFIG_CRYPTO_AES_S390) += aes_s390.o paes_s390.o
obj-$(CONFIG_S390_PRNG) += prng.o obj-$(CONFIG_S390_PRNG) += prng.o
obj-$(CONFIG_CRYPTO_GHASH_S390) += ghash_s390.o obj-$(CONFIG_CRYPTO_GHASH_S390) += ghash_s390.o
obj-$(CONFIG_CRYPTO_CRC32_S390) += crc32-vx_s390.o obj-$(CONFIG_CRYPTO_CRC32_S390) += crc32-vx_s390.o
......
This diff is collapsed.
...@@ -28,8 +28,9 @@ ...@@ -28,8 +28,9 @@
#define CPACF_PPNO 0xb93c /* MSA5 */ #define CPACF_PPNO 0xb93c /* MSA5 */
/* /*
* Decryption modifier bit * En/decryption modifier bits
*/ */
#define CPACF_ENCRYPT 0x00
#define CPACF_DECRYPT 0x80 #define CPACF_DECRYPT 0x80
/* /*
...@@ -42,8 +43,13 @@ ...@@ -42,8 +43,13 @@
#define CPACF_KM_AES_128 0x12 #define CPACF_KM_AES_128 0x12
#define CPACF_KM_AES_192 0x13 #define CPACF_KM_AES_192 0x13
#define CPACF_KM_AES_256 0x14 #define CPACF_KM_AES_256 0x14
#define CPACF_KM_PAES_128 0x1a
#define CPACF_KM_PAES_192 0x1b
#define CPACF_KM_PAES_256 0x1c
#define CPACF_KM_XTS_128 0x32 #define CPACF_KM_XTS_128 0x32
#define CPACF_KM_XTS_256 0x34 #define CPACF_KM_XTS_256 0x34
#define CPACF_KM_PXTS_128 0x3a
#define CPACF_KM_PXTS_256 0x3c
/* /*
* Function codes for the KMC (CIPHER MESSAGE WITH CHAINING) * Function codes for the KMC (CIPHER MESSAGE WITH CHAINING)
...@@ -56,6 +62,9 @@ ...@@ -56,6 +62,9 @@
#define CPACF_KMC_AES_128 0x12 #define CPACF_KMC_AES_128 0x12
#define CPACF_KMC_AES_192 0x13 #define CPACF_KMC_AES_192 0x13
#define CPACF_KMC_AES_256 0x14 #define CPACF_KMC_AES_256 0x14
#define CPACF_KMC_PAES_128 0x1a
#define CPACF_KMC_PAES_192 0x1b
#define CPACF_KMC_PAES_256 0x1c
#define CPACF_KMC_PRNG 0x43 #define CPACF_KMC_PRNG 0x43
/* /*
...@@ -69,6 +78,9 @@ ...@@ -69,6 +78,9 @@
#define CPACF_KMCTR_AES_128 0x12 #define CPACF_KMCTR_AES_128 0x12
#define CPACF_KMCTR_AES_192 0x13 #define CPACF_KMCTR_AES_192 0x13
#define CPACF_KMCTR_AES_256 0x14 #define CPACF_KMCTR_AES_256 0x14
#define CPACF_KMCTR_PAES_128 0x1a
#define CPACF_KMCTR_PAES_192 0x1b
#define CPACF_KMCTR_PAES_256 0x1c
/* /*
* Function codes for the KIMD (COMPUTE INTERMEDIATE MESSAGE DIGEST) * Function codes for the KIMD (COMPUTE INTERMEDIATE MESSAGE DIGEST)
......
...@@ -137,6 +137,7 @@ config CRYPTO_AES_S390 ...@@ -137,6 +137,7 @@ config CRYPTO_AES_S390
depends on S390 depends on S390
select CRYPTO_ALGAPI select CRYPTO_ALGAPI
select CRYPTO_BLKCIPHER select CRYPTO_BLKCIPHER
select PKEY
help help
This is the s390 hardware accelerated implementation of the This is the s390 hardware accelerated implementation of the
AES cipher algorithms (FIPS-197). AES cipher algorithms (FIPS-197).
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment