summaryrefslogtreecommitdiffstats
path: root/arch/s390/crypto/paes_s390.c
AgeCommit message (Collapse)AuthorFilesLines
2018-10-10s390/crypto: Enhance paes cipher to accept variable length key materialIngo Franzki1-26/+37
Enhance the paes_s390 kernel module to allow the paes cipher to accept variable length key material. The key material accepted by the paes cipher is a key blob of various types. As of today, two key blob types are supported: CCA secure key blobs and protected key blobs. Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Harald Freudenberger <freude@linux.ibm.com> Reviewed-by: Hendrik Brueckner <brueckner@linux.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-09-04s390/crypto: Fix return code checking in cbc_paes_crypt()Ingo Franzki1-1/+1
The return code of cpacf_kmc() is less than the number of bytes to process in case of an error, not greater. The crypt routines for the other cipher modes already have this correctly. Cc: stable@vger.kernel.org # v4.11+ Fixes: 279378430768 ("s390/crypt: Add protected key AES module") Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Acked-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-04-10s390/crypto: Adjust s390 aes and paes cipher prioritiesHarald Freudenberger1-4/+4
Tests with paes-xts and debugging investigations showed that the ciphers are not always correctly resolved. The rules for cipher priorities seem to be: - Ecb-aes should have a prio greater than the generic ecb-aes. - The mode specialized ciphers (like cbc-aes-s390) should have a prio greater than the sum of the more generic combinations (like cbs(aes)). This patch adjusts the cipher priorities for the s390 aes and paes in kernel crypto implementations. Signed-off-by: Harald Freudenberger <freude@linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2017-11-24s390: crypto: Remove redundant license textGreg Kroah-Hartman1-5/+0
Now that the SPDX tag is in all arch/s390/crypto/ files, that identifies the license in a specific and legally-defined manner. So the extra GPL text wording can be removed as it is no longer needed at all. This is done on a quest to remove the 700+ different ways that files in the kernel describe the GPL license text. And there's unneeded stuff like the address (sometimes incorrect) for the FSF which is never needed. No copyright headers or other non-license-description text was removed. Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: "David S. Miller" <davem@davemloft.net> Cc: Martin Schwidefsky <schwidefsky@de.ibm.com> Cc: Heiko Carstens <heiko.carstens@de.ibm.com> Cc: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2017-11-24s390: crypto: add SPDX identifiers to the remaining filesGreg Kroah-Hartman1-0/+1
It's good to have SPDX identifiers in all files to make it easier to audit the kernel tree for correct licenses. Update the arch/s390/crypto/ files with the correct SPDX license identifier based on the license text in the file itself. The SPDX identifier is a legally binding shorthand, which can be used instead of the full boiler plate text. This work is based on a script and data from Thomas Gleixner, Philippe Ombredanne, and Kate Stewart. Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: "David S. Miller" <davem@davemloft.net> Cc: Martin Schwidefsky <schwidefsky@de.ibm.com> Cc: Heiko Carstens <heiko.carstens@de.ibm.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Kate Stewart <kstewart@linuxfoundation.org> Cc: Philippe Ombredanne <pombredanne@nexb.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2017-04-26s390/crypt: use the correct module alias for paes_s390.Harald Freudenberger1-1/+1
For automatic module loading (e.g. as it is used with cryptsetup) an alias "paes" for the paes_s390 kernel module is needed. Correct the paes_s390 module alias from "aes-all" to "paes". Signed-off-by: Harald Freudenberger <freude@linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2017-03-01s390/crypt: fix missing unlock in ctr_paes_crypt on error pathMartin Schwidefsky1-1/+4
The ctr mode of protected key aes uses the ctrblk page if the ctrblk_lock could be acquired. If the protected key has to be reestablished and this operation fails the unlock for the ctrblk_lock is missing. Add it. Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2017-02-24s390/crypt: Add protected key AES moduleMartin Schwidefsky1-0/+619
This patch introduces a new in-kernel-crypto blockcipher called 'paes' which implements AES with protected keys. The paes blockcipher can be used similar to the aes blockcipher but uses secure key material to derive the working protected key and so offers an encryption implementation where never a clear key value is exposed in memory. The paes module is only available for the s390 platform providing a minimal hardware support of CPACF enabled with at least MSA level 3. Upon module initialization these requirements are checked. Includes additional contribution from Harald Freudenberger. Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-19 07:20:48 +0000