Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

The padata parallel execution mechanism

Last updated for 2.6.34

Last updated for 2.6.36

Padata is a mechanism by which the kernel can farm work out to be done in

parallel on multiple CPUs while retaining the ordering of tasks.  It was

    #include <linux/padata.h>

    struct padata_instance *padata_alloc(const struct cpumask *cpumask,

				         struct workqueue_struct *wq);

    struct padata_instance *padata_alloc(struct workqueue_struct *wq,

					 const struct cpumask *pcpumask,

					 const struct cpumask *cbcpumask);

The cpumask describes which processors will be used to execute work

submitted to this instance.  The workqueue wq is where the work will

actually be done; it should be a multithreaded queue, naturally.

The pcpumask describes which processors will be used to execute work

submitted to this instance in parallel. The cbcpumask defines which

processors are allowed to use as the serialization callback processor.

The workqueue wq is where the work will actually be done; it should be

a multithreaded queue, naturally.

To allocate a padata instance with the cpu_possible_mask for both

cpumasks this helper function can be used:

    struct padata_instance *padata_alloc_possible(struct workqueue_struct *wq);

Note: Padata maintains two kinds of cpumasks internally. The user supplied

cpumasks, submitted by padata_alloc/padata_alloc_possible and the 'usable'

cpumasks. The usable cpumasks are always the subset of active cpus in the

user supplied cpumasks, these are the cpumasks padata actually use. So

it is legal to supply a cpumask to padata that contains offline cpus.

Once a offline cpu in the user supplied cpumask comes online, padata

is going to use it.

There are functions for enabling and disabling the instance:

    void padata_start(struct padata_instance *pinst);

    int padata_start(struct padata_instance *pinst);

    void padata_stop(struct padata_instance *pinst);

These functions literally do nothing beyond setting or clearing the

"padata_start() was called" flag; if that flag is not set, other functions

will refuse to work.

These functions are setting or clearing the "PADATA_INIT" flag;

if that flag is not set, other functions will refuse to work.

padata_start returns zero on success (flag set) or -EINVAL if the

padata cpumask contains no active cpu (flag not set).

padata_stop clears the flag and blocks until the padata instance

is unused.

The list of CPUs to be used can be adjusted with these functions:

    int padata_set_cpumask(struct padata_instance *pinst,

    int padata_set_cpumasks(struct padata_instance *pinst,

			    cpumask_var_t pcpumask,

			    cpumask_var_t cbcpumask);

    int padata_set_cpumask(struct padata_instance *pinst, int cpumask_type,

			   cpumask_var_t cpumask);

    int padata_add_cpu(struct padata_instance *pinst, int cpu);

    int padata_remove_cpu(struct padata_instance *pinst, int cpu);

    int padata_add_cpu(struct padata_instance *pinst, int cpu, int mask);

    int padata_remove_cpu(struct padata_instance *pinst, int cpu, int mask);

Changing the CPU masks are expensive operations, though, so it should not be

done with great frequency.

It's possible to change both cpumasks of a padata instance with

padata_set_cpumasks by specifying the cpumasks for parallel execution (pcpumask)

and for the serial callback function (cbcpumask). padata_set_cpumask is to

change just one of the cpumasks. Here cpumask_type is one of PADATA_CPU_SERIAL,

PADATA_CPU_PARALLEL and cpumask specifies the new cpumask to use.

To simply add or remove one cpu from a certain cpumask the functions

padata_add_cpu/padata_remove_cpu are used. cpu specifies the cpu to add or

remove and mask is one of PADATA_CPU_SERIAL, PADATA_CPU_PARALLEL.

If a user is interested in padata cpumask changes, he can register to

the padata cpumask change notifier:

    int padata_register_cpumask_notifier(struct padata_instance *pinst,

					 struct notifier_block *nblock);

To unregister from that notifier:

    int padata_unregister_cpumask_notifier(struct padata_instance *pinst,

					   struct notifier_block *nblock);

The padata cpumask change notifier notifies about changes of the usable

cpumasks, i.e. the subset of active cpus in the user supplied cpumask.

Padata calls the notifier chain with:

    blocking_notifier_call_chain(&pinst->cpumask_change_notifier,

				 notification_mask,

				 &pd_new->cpumask);

Changing the CPU mask has the look of an expensive operation, though, so it

probably should not be done with great frequency.

Here cpumask_change_notifier is registered notifier, notification_mask

is one of PADATA_CPU_SERIAL, PADATA_CPU_PARALLEL and cpumask is a pointer

to a struct padata_cpumask that contains the new cpumask informations.

Actually submitting work to the padata instance requires the creation of a

padata_priv structure:

This structure will almost certainly be embedded within some larger

structure specific to the work to be done.  Most its fields are private to

padata, but the structure should be zeroed at initialization time, and the

padata, but the structure should be zeroed at initialisation time, and the

parallel() and serial() functions should be provided.  Those functions will

be called in the process of getting the work done as we will see

momentarily.

The pinst and padata structures must be set up as described above; cb_cpu

specifies which CPU will be used for the final callback when the work is

done; it must be in the current instance's CPU mask.  The return value from

padata_do_parallel() is a little strange; zero is an error return

indicating that the caller forgot the padata_start() formalities.  -EBUSY

means that somebody, somewhere else is messing with the instance's CPU

mask, while -EINVAL is a complaint about cb_cpu not being in that CPU mask.

If all goes well, this function will return -EINPROGRESS, indicating that

the work is in progress.

padata_do_parallel() is zero on success, indicating that the work is in

progress. -EBUSY means that somebody, somewhere else is messing with the

instance's CPU mask, while -EINVAL is a complaint about cb_cpu not being

in that CPU mask or about a not running instance.

Each task submitted to padata_do_parallel() will, in turn, be passed to

exactly one call to the above-mentioned parallel() function, on one CPU, so

obj-$(CONFIG_CRYPTO_SHA1_S390) += sha1_s390.o sha_common.o

obj-$(CONFIG_CRYPTO_SHA256_S390) += sha256_s390.o sha_common.o

obj-$(CONFIG_CRYPTO_SHA512_S390) += sha512_s390.o sha_common.o

obj-$(CONFIG_CRYPTO_DES_S390) += des_s390.o des_check_key.o

obj-$(CONFIG_CRYPTO_DES_S390) += des_s390.o

obj-$(CONFIG_CRYPTO_AES_S390) += aes_s390.o

obj-$(CONFIG_S390_PRNG) += prng.o

extern int crypto_des_check_key(const u8*, unsigned int, u32*);

#endif //__CRYPTO_DES_H__

#endif /*__CRYPTO_DES_H__*/

 *

 */

#include <crypto/algapi.h>

#include <linux/init.h>

#include <linux/module.h>

#include <linux/crypto.h>

#include <crypto/algapi.h>

#include <crypto/des.h>

#include "crypt_s390.h"

#include "crypto_des.h"

#define DES_BLOCK_SIZE 8

#define DES_KEY_SIZE 8

#define DES3_128_KEY_SIZE	(2 * DES_KEY_SIZE)

#define DES3_128_BLOCK_SIZE	DES_BLOCK_SIZE

#define DES3_192_KEY_SIZE	(3 * DES_KEY_SIZE)

#define DES3_192_BLOCK_SIZE	DES_BLOCK_SIZE

struct crypt_s390_des_ctx {

	u8 iv[DES_BLOCK_SIZE];

	u8 key[DES_KEY_SIZE];

};

struct crypt_s390_des3_128_ctx {

	u8 iv[DES_BLOCK_SIZE];

	u8 key[DES3_128_KEY_SIZE];

};

struct crypt_s390_des3_192_ctx {

	u8 iv[DES_BLOCK_SIZE];

	u8 key[DES3_192_KEY_SIZE];

{

	struct crypt_s390_des_ctx *dctx = crypto_tfm_ctx(tfm);

	u32 *flags = &tfm->crt_flags;

	int ret;

	u32 tmp[DES_EXPKEY_WORDS];

	/* check for weak keys */

	if (!des_ekey(tmp, key) && (*flags & CRYPTO_TFM_REQ_WEAK_KEY)) {

		*flags |= CRYPTO_TFM_RES_WEAK_KEY;

		return -EINVAL;

	}

	/* test if key is valid (not a weak key) */

	ret = crypto_des_check_key(key, keylen, flags);

	if (ret == 0)

	memcpy(dctx->key, key, keylen);

	return ret;

	return 0;

}

static void des_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)

	}

};

/*

 * RFC2451:

 *

 *   For DES-EDE3, there is no known need to reject weak or

 *   complementation keys.  Any weakness is obviated by the use of

 *   multiple keys.

 *

 *   However, if the two  independent 64-bit keys are equal,

 *   then the DES3 operation is simply the same as DES.

 *   Implementers MUST reject keys that exhibit this property.

 *

 */

static int des3_128_setkey(struct crypto_tfm *tfm, const u8 *key,

			   unsigned int keylen)

{

	int i, ret;

	struct crypt_s390_des3_128_ctx *dctx = crypto_tfm_ctx(tfm);

	const u8 *temp_key = key;

	u32 *flags = &tfm->crt_flags;

	if (!(memcmp(key, &key[DES_KEY_SIZE], DES_KEY_SIZE)) &&

	    (*flags & CRYPTO_TFM_REQ_WEAK_KEY)) {

		*flags |= CRYPTO_TFM_RES_WEAK_KEY;

		return -EINVAL;

	}

	for (i = 0; i < 2; i++, temp_key += DES_KEY_SIZE) {

		ret = crypto_des_check_key(temp_key, DES_KEY_SIZE, flags);

		if (ret < 0)

			return ret;

	}

	memcpy(dctx->key, key, keylen);

	return 0;

}

static void des3_128_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)

{

	struct crypt_s390_des3_128_ctx *dctx = crypto_tfm_ctx(tfm);

	crypt_s390_km(KM_TDEA_128_ENCRYPT, dctx->key, dst, (void*)src,

		      DES3_128_BLOCK_SIZE);

}

static void des3_128_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)

{

	struct crypt_s390_des3_128_ctx *dctx = crypto_tfm_ctx(tfm);

	crypt_s390_km(KM_TDEA_128_DECRYPT, dctx->key, dst, (void*)src,

		      DES3_128_BLOCK_SIZE);

}

static struct crypto_alg des3_128_alg = {

	.cra_name		=	"des3_ede128",

	.cra_driver_name	=	"des3_ede128-s390",

	.cra_priority		=	CRYPT_S390_PRIORITY,

	.cra_flags		=	CRYPTO_ALG_TYPE_CIPHER,

	.cra_blocksize		=	DES3_128_BLOCK_SIZE,

	.cra_ctxsize		=	sizeof(struct crypt_s390_des3_128_ctx),

	.cra_module		=	THIS_MODULE,

	.cra_list		=	LIST_HEAD_INIT(des3_128_alg.cra_list),

	.cra_u			=	{

		.cipher = {

			.cia_min_keysize	=	DES3_128_KEY_SIZE,

			.cia_max_keysize	=	DES3_128_KEY_SIZE,

			.cia_setkey		=	des3_128_setkey,

			.cia_encrypt		=	des3_128_encrypt,

			.cia_decrypt		=	des3_128_decrypt,

		}

	}

};

static int ecb_des3_128_encrypt(struct blkcipher_desc *desc,

				struct scatterlist *dst,

				struct scatterlist *src, unsigned int nbytes)

{

	struct crypt_s390_des3_128_ctx *sctx = crypto_blkcipher_ctx(desc->tfm);

	struct blkcipher_walk walk;

	blkcipher_walk_init(&walk, dst, src, nbytes);

	return ecb_desall_crypt(desc, KM_TDEA_128_ENCRYPT, sctx->key, &walk);

}

static int ecb_des3_128_decrypt(struct blkcipher_desc *desc,

				struct scatterlist *dst,

				struct scatterlist *src, unsigned int nbytes)

{

	struct crypt_s390_des3_128_ctx *sctx = crypto_blkcipher_ctx(desc->tfm);

	struct blkcipher_walk walk;

	blkcipher_walk_init(&walk, dst, src, nbytes);

	return ecb_desall_crypt(desc, KM_TDEA_128_DECRYPT, sctx->key, &walk);

}

static struct crypto_alg ecb_des3_128_alg = {

	.cra_name		=	"ecb(des3_ede128)",

	.cra_driver_name	=	"ecb-des3_ede128-s390",

	.cra_priority		=	CRYPT_S390_COMPOSITE_PRIORITY,

	.cra_flags		=	CRYPTO_ALG_TYPE_BLKCIPHER,

	.cra_blocksize		=	DES3_128_BLOCK_SIZE,

	.cra_ctxsize		=	sizeof(struct crypt_s390_des3_128_ctx),

	.cra_type		=	&crypto_blkcipher_type,

	.cra_module		=	THIS_MODULE,

	.cra_list		=	LIST_HEAD_INIT(

						ecb_des3_128_alg.cra_list),

	.cra_u			=	{

		.blkcipher = {

			.min_keysize		=	DES3_128_KEY_SIZE,

			.max_keysize		=	DES3_128_KEY_SIZE,

			.setkey			=	des3_128_setkey,

			.encrypt		=	ecb_des3_128_encrypt,

			.decrypt		=	ecb_des3_128_decrypt,

		}

	}

};

static int cbc_des3_128_encrypt(struct blkcipher_desc *desc,

				struct scatterlist *dst,

				struct scatterlist *src, unsigned int nbytes)

{

	struct crypt_s390_des3_128_ctx *sctx = crypto_blkcipher_ctx(desc->tfm);

	struct blkcipher_walk walk;

	blkcipher_walk_init(&walk, dst, src, nbytes);

	return cbc_desall_crypt(desc, KMC_TDEA_128_ENCRYPT, sctx->iv, &walk);

}

static int cbc_des3_128_decrypt(struct blkcipher_desc *desc,

				struct scatterlist *dst,

				struct scatterlist *src, unsigned int nbytes)

{

	struct crypt_s390_des3_128_ctx *sctx = crypto_blkcipher_ctx(desc->tfm);

	struct blkcipher_walk walk;

	blkcipher_walk_init(&walk, dst, src, nbytes);

	return cbc_desall_crypt(desc, KMC_TDEA_128_DECRYPT, sctx->iv, &walk);

}

static struct crypto_alg cbc_des3_128_alg = {

	.cra_name		=	"cbc(des3_ede128)",

	.cra_driver_name	=	"cbc-des3_ede128-s390",

	.cra_priority		=	CRYPT_S390_COMPOSITE_PRIORITY,

	.cra_flags		=	CRYPTO_ALG_TYPE_BLKCIPHER,

	.cra_blocksize		=	DES3_128_BLOCK_SIZE,

	.cra_ctxsize		=	sizeof(struct crypt_s390_des3_128_ctx),

	.cra_type		=	&crypto_blkcipher_type,

	.cra_module		=	THIS_MODULE,

	.cra_list		=	LIST_HEAD_INIT(

						cbc_des3_128_alg.cra_list),

	.cra_u			=	{

		.blkcipher = {

			.min_keysize		=	DES3_128_KEY_SIZE,

			.max_keysize		=	DES3_128_KEY_SIZE,

			.ivsize			=	DES3_128_BLOCK_SIZE,

			.setkey			=	des3_128_setkey,

			.encrypt		=	cbc_des3_128_encrypt,

			.decrypt		=	cbc_des3_128_decrypt,

		}

	}

};

/*

 * RFC2451:

 *

static int des3_192_setkey(struct crypto_tfm *tfm, const u8 *key,

			   unsigned int keylen)

{

	int i, ret;

	struct crypt_s390_des3_192_ctx *dctx = crypto_tfm_ctx(tfm);

	const u8 *temp_key = key;

	u32 *flags = &tfm->crt_flags;

	if (!(memcmp(key, &key[DES_KEY_SIZE], DES_KEY_SIZE) &&

		*flags |= CRYPTO_TFM_RES_WEAK_KEY;

		return -EINVAL;

	}

	for (i = 0; i < 3; i++, temp_key += DES_KEY_SIZE) {

		ret = crypto_des_check_key(temp_key, DES_KEY_SIZE, flags);

		if (ret < 0)

			return ret;

	}

	memcpy(dctx->key, key, keylen);

	return 0;

}

	struct crypt_s390_des3_192_ctx *dctx = crypto_tfm_ctx(tfm);

	crypt_s390_km(KM_TDEA_192_ENCRYPT, dctx->key, dst, (void*)src,

		      DES3_192_BLOCK_SIZE);

		      DES_BLOCK_SIZE);

}

static void des3_192_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)

	struct crypt_s390_des3_192_ctx *dctx = crypto_tfm_ctx(tfm);

	crypt_s390_km(KM_TDEA_192_DECRYPT, dctx->key, dst, (void*)src,

		      DES3_192_BLOCK_SIZE);

		      DES_BLOCK_SIZE);

}

static struct crypto_alg des3_192_alg = {

	.cra_driver_name	=	"des3_ede-s390",

	.cra_priority		=	CRYPT_S390_PRIORITY,

	.cra_flags		=	CRYPTO_ALG_TYPE_CIPHER,

	.cra_blocksize		=	DES3_192_BLOCK_SIZE,

	.cra_blocksize		=	DES_BLOCK_SIZE,

	.cra_ctxsize		=	sizeof(struct crypt_s390_des3_192_ctx),

	.cra_module		=	THIS_MODULE,

	.cra_list		=	LIST_HEAD_INIT(des3_192_alg.cra_list),

	.cra_driver_name	=	"ecb-des3_ede-s390",

	.cra_priority		=	CRYPT_S390_COMPOSITE_PRIORITY,

	.cra_flags		=	CRYPTO_ALG_TYPE_BLKCIPHER,

	.cra_blocksize		=	DES3_192_BLOCK_SIZE,

	.cra_blocksize		=	DES_BLOCK_SIZE,

	.cra_ctxsize		=	sizeof(struct crypt_s390_des3_192_ctx),

	.cra_type		=	&crypto_blkcipher_type,

	.cra_module		=	THIS_MODULE,

	.cra_driver_name	=	"cbc-des3_ede-s390",

	.cra_priority		=	CRYPT_S390_COMPOSITE_PRIORITY,

	.cra_flags		=	CRYPTO_ALG_TYPE_BLKCIPHER,

	.cra_blocksize		=	DES3_192_BLOCK_SIZE,

	.cra_blocksize		=	DES_BLOCK_SIZE,

	.cra_ctxsize		=	sizeof(struct crypt_s390_des3_192_ctx),

	.cra_type		=	&crypto_blkcipher_type,

	.cra_module		=	THIS_MODULE,

		.blkcipher = {

			.min_keysize		=	DES3_192_KEY_SIZE,

			.max_keysize		=	DES3_192_KEY_SIZE,

			.ivsize			=	DES3_192_BLOCK_SIZE,

			.ivsize			=	DES_BLOCK_SIZE,

			.setkey			=	des3_192_setkey,

			.encrypt		=	cbc_des3_192_encrypt,

			.decrypt		=	cbc_des3_192_decrypt,

static int des_s390_init(void)

{

	int ret = 0;

	int ret;

	if (!crypt_s390_func_available(KM_DEA_ENCRYPT) ||

	    !crypt_s390_func_available(KM_TDEA_128_ENCRYPT) ||

	    !crypt_s390_func_available(KM_TDEA_192_ENCRYPT))

		return -EOPNOTSUPP;

	ret = crypto_register_alg(&cbc_des_alg);

	if (ret)

		goto cbc_des_err;

	ret = crypto_register_alg(&des3_128_alg);

	if (ret)

		goto des3_128_err;

	ret = crypto_register_alg(&ecb_des3_128_alg);

	if (ret)

		goto ecb_des3_128_err;

	ret = crypto_register_alg(&cbc_des3_128_alg);

	if (ret)

		goto cbc_des3_128_err;

	ret = crypto_register_alg(&des3_192_alg);

	if (ret)

		goto des3_192_err;

	ret = crypto_register_alg(&cbc_des3_192_alg);

	if (ret)

		goto cbc_des3_192_err;

out:

	return ret;

ecb_des3_192_err:

	crypto_unregister_alg(&des3_192_alg);

des3_192_err:

	crypto_unregister_alg(&cbc_des3_128_alg);

cbc_des3_128_err:

	crypto_unregister_alg(&ecb_des3_128_alg);

ecb_des3_128_err:

	crypto_unregister_alg(&des3_128_alg);

des3_128_err:

	crypto_unregister_alg(&cbc_des_alg);

cbc_des_err:

	crypto_unregister_alg(&ecb_des_alg);

	goto out;

}

static void __exit des_s390_fini(void)

static void __exit des_s390_exit(void)

{

	crypto_unregister_alg(&cbc_des3_192_alg);

	crypto_unregister_alg(&ecb_des3_192_alg);

	crypto_unregister_alg(&des3_192_alg);

	crypto_unregister_alg(&cbc_des3_128_alg);

	crypto_unregister_alg(&ecb_des3_128_alg);

	crypto_unregister_alg(&des3_128_alg);

	crypto_unregister_alg(&cbc_des_alg);

	crypto_unregister_alg(&ecb_des_alg);

	crypto_unregister_alg(&des_alg);

}

module_init(des_s390_init);

module_exit(des_s390_fini);

module_exit(des_s390_exit);

MODULE_ALIAS("des");

MODULE_ALIAS("des3_ede");

	select CRYPTO_ALGAPI2

config CRYPTO_PCOMP

	tristate

	select CRYPTO_PCOMP2

	select CRYPTO_ALGAPI

config CRYPTO_PCOMP2

	tristate

	select CRYPTO_ALGAPI2

	select CRYPTO_AEAD2

	select CRYPTO_HASH2

	select CRYPTO_BLKCIPHER2

	select CRYPTO_PCOMP

	select CRYPTO_PCOMP2

config CRYPTO_MANAGER_TESTS

	bool "Run algolithms' self-tests"

	default y

	depends on CRYPTO_MANAGER2

	help

	  Run cryptomanager's tests for the new crypto algorithms being

	  registered.

config CRYPTO_GF128MUL

	tristate "GF(2^128) multiplication functions (EXPERIMENTAL)"