From e382f507fb67863be02bfa69b08533cc55f0cd96 Mon Sep 17 00:00:00 2001 From: Patrick Steuer Date: Thu, 27 Jun 2019 01:07:54 +0200 Subject: [PATCH 1/1] s390x assembly pack: add support for pcc and kma instructions Signed-off-by: Patrick Steuer Reviewed-by: Richard Levitte Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/9258) --- crypto/s390x_arch.h | 22 ++++++++ crypto/s390xcap.c | 119 +++++++++++++++++++++++++++++++++++++++++++ crypto/s390xcpuid.pl | 71 ++++++++++++++++++++++++++ 3 files changed, 212 insertions(+) diff --git a/crypto/s390x_arch.h b/crypto/s390x_arch.h index 501283e0cd..5e12542c1b 100644 --- a/crypto/s390x_arch.h +++ b/crypto/s390x_arch.h @@ -26,6 +26,9 @@ void s390x_kmf(const unsigned char *in, size_t len, unsigned char *out, unsigned int fc, void *param); void s390x_kma(const unsigned char *aad, size_t alen, const unsigned char *in, size_t len, unsigned char *out, unsigned int fc, void *param); +int s390x_pcc(unsigned int fc, void *param); +int s390x_kdsa(unsigned int fc, void *param, const unsigned char *in, + size_t len); /* * The field elements of OPENSSL_s390xcap_P are the 64-bit words returned by @@ -45,6 +48,8 @@ struct OPENSSL_s390xcap_st { unsigned long long kmf[2]; unsigned long long prno[2]; unsigned long long kma[2]; + unsigned long long pcc[2]; + unsigned long long kdsa[2]; }; extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P; @@ -69,6 +74,8 @@ extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P; # define S390X_KMF 0x90 # define S390X_PRNO 0xa0 # define S390X_KMA 0xb0 +# define S390X_PCC 0xc0 +# define S390X_KDSA 0xd0 /* Facility Bit Numbers */ # define S390X_MSA 17 /* message-security-assist */ @@ -80,6 +87,7 @@ extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P; # define S390X_VXD 134 /* vector packed decimal */ # define S390X_VXE 135 /* vector enhancements 1 */ # define S390X_MSA8 146 /* message-security-assist-ext. 8 */ +# define S390X_MSA9 155 /* message-security-assist-ext. 9 */ /* Function Codes */ @@ -111,10 +119,24 @@ extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P; # define S390X_SHA_512_DRNG 3 # define S390X_TRNG 114 +/* pcc */ +# define S390X_SCALAR_MULTIPLY_P256 64 +# define S390X_SCALAR_MULTIPLY_P384 65 +# define S390X_SCALAR_MULTIPLY_P521 66 + +/* kdsa */ +# define S390X_ECDSA_VERIFY_P256 1 +# define S390X_ECDSA_VERIFY_P384 2 +# define S390X_ECDSA_VERIFY_P521 3 +# define S390X_ECDSA_SIGN_P256 9 +# define S390X_ECDSA_SIGN_P384 10 +# define S390X_ECDSA_SIGN_P521 11 + /* Register 0 Flags */ # define S390X_DECRYPT 0x80 # define S390X_KMA_LPC 0x100 # define S390X_KMA_LAAD 0x200 # define S390X_KMA_HS 0x400 +# define S390X_KDSA_D 0x80 #endif diff --git a/crypto/s390xcap.c b/crypto/s390xcap.c index 717849e574..b75eacf22f 100644 --- a/crypto/s390xcap.c +++ b/crypto/s390xcap.c @@ -137,6 +137,10 @@ void OPENSSL_cpuid_setup(void) OPENSSL_s390xcap_P.prno[1] &= cap.prno[1]; OPENSSL_s390xcap_P.kma[0] &= cap.kma[0]; OPENSSL_s390xcap_P.kma[1] &= cap.kma[1]; + OPENSSL_s390xcap_P.pcc[0] &= cap.pcc[0]; + OPENSSL_s390xcap_P.pcc[1] &= cap.pcc[1]; + OPENSSL_s390xcap_P.kdsa[0] &= cap.kdsa[0]; + OPENSSL_s390xcap_P.kdsa[1] &= cap.kdsa[1]; } } @@ -163,6 +167,8 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap) /*.kmf = */{0ULL, 0ULL}, /*.prno = */{0ULL, 0ULL}, /*.kma = */{0ULL, 0ULL}, + /*.pcc = */{0ULL, 0ULL}, + /*.kdsa = */{0ULL, 0ULL}, }; /*- @@ -189,6 +195,8 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap) /*.kmf = */{0ULL, 0ULL}, /*.prno = */{0ULL, 0ULL}, /*.kma = */{0ULL, 0ULL}, + /*.pcc = */{0ULL, 0ULL}, + /*.kdsa = */{0ULL, 0ULL}, }; /*- @@ -220,6 +228,8 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap) /*.kmf = */{0ULL, 0ULL}, /*.prno = */{0ULL, 0ULL}, /*.kma = */{0ULL, 0ULL}, + /*.pcc = */{0ULL, 0ULL}, + /*.kdsa = */{0ULL, 0ULL}, }; /*- @@ -257,6 +267,8 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap) /*.kmf = */{0ULL, 0ULL}, /*.prno = */{0ULL, 0ULL}, /*.kma = */{0ULL, 0ULL}, + /*.pcc = */{0ULL, 0ULL}, + /*.kdsa = */{0ULL, 0ULL}, }; /*- @@ -313,6 +325,9 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap) 0ULL}, /*.prno = */{0ULL, 0ULL}, /*.kma = */{0ULL, 0ULL}, + /*.pcc = */{S390X_CAPBIT(S390X_QUERY), + 0ULL}, + /*.kdsa = */{0ULL, 0ULL}, }; /*- @@ -369,6 +384,9 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap) 0ULL}, /*.prno = */{0ULL, 0ULL}, /*.kma = */{0ULL, 0ULL}, + /*.pcc = */{S390X_CAPBIT(S390X_QUERY), + 0ULL}, + /*.kdsa = */{0ULL, 0ULL}, }; /*- @@ -429,6 +447,9 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap) | S390X_CAPBIT(S390X_SHA_512_DRNG), 0ULL}, /*.kma = */{0ULL, 0ULL}, + /*.pcc = */{S390X_CAPBIT(S390X_QUERY), + 0ULL}, + /*.kdsa = */{0ULL, 0ULL}, }; /*- @@ -508,6 +529,101 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap) | S390X_CAPBIT(S390X_AES_192) | S390X_CAPBIT(S390X_AES_256), 0ULL}, + /*.pcc = */{S390X_CAPBIT(S390X_QUERY), + 0ULL}, + /*.kdsa = */{0ULL, 0ULL}, + }; + + /*- + * z15 (2019) - z/Architecture POP SA22-7832-12 + * Implements MSA and MSA1-9. + */ + static const struct OPENSSL_s390xcap_st z15 = { + /*.stfle = */{S390X_CAPBIT(S390X_MSA) + | S390X_CAPBIT(S390X_STCKF) + | S390X_CAPBIT(S390X_MSA5), + S390X_CAPBIT(S390X_MSA3) + | S390X_CAPBIT(S390X_MSA4), + S390X_CAPBIT(S390X_VX) + | S390X_CAPBIT(S390X_VXD) + | S390X_CAPBIT(S390X_VXE) + | S390X_CAPBIT(S390X_MSA8), + 0ULL}, + /*.kimd = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_SHA_1) + | S390X_CAPBIT(S390X_SHA_256) + | S390X_CAPBIT(S390X_SHA_512) + | S390X_CAPBIT(S390X_SHA3_224) + | S390X_CAPBIT(S390X_SHA3_256) + | S390X_CAPBIT(S390X_SHA3_384) + | S390X_CAPBIT(S390X_SHA3_512) + | S390X_CAPBIT(S390X_SHAKE_128) + | S390X_CAPBIT(S390X_SHAKE_256), + S390X_CAPBIT(S390X_GHASH)}, + /*.klmd = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_SHA_1) + | S390X_CAPBIT(S390X_SHA_256) + | S390X_CAPBIT(S390X_SHA_512) + | S390X_CAPBIT(S390X_SHA3_224) + | S390X_CAPBIT(S390X_SHA3_256) + | S390X_CAPBIT(S390X_SHA3_384) + | S390X_CAPBIT(S390X_SHA3_512) + | S390X_CAPBIT(S390X_SHAKE_128) + | S390X_CAPBIT(S390X_SHAKE_256), + 0ULL}, + /*.km = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_AES_128) + | S390X_CAPBIT(S390X_AES_192) + | S390X_CAPBIT(S390X_AES_256) + | S390X_CAPBIT(S390X_XTS_AES_128) + | S390X_CAPBIT(S390X_XTS_AES_256), + 0ULL}, + /*.kmc = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_AES_128) + | S390X_CAPBIT(S390X_AES_192) + | S390X_CAPBIT(S390X_AES_256), + 0ULL}, + /*.kmac = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_AES_128) + | S390X_CAPBIT(S390X_AES_192) + | S390X_CAPBIT(S390X_AES_256), + 0ULL}, + /*.kmctr = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_AES_128) + | S390X_CAPBIT(S390X_AES_192) + | S390X_CAPBIT(S390X_AES_256), + 0ULL}, + /*.kmo = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_AES_128) + | S390X_CAPBIT(S390X_AES_192) + | S390X_CAPBIT(S390X_AES_256), + 0ULL}, + /*.kmf = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_AES_128) + | S390X_CAPBIT(S390X_AES_192) + | S390X_CAPBIT(S390X_AES_256), + 0ULL}, + /*.prno = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_SHA_512_DRNG), + S390X_CAPBIT(S390X_TRNG)}, + /*.kma = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_AES_128) + | S390X_CAPBIT(S390X_AES_192) + | S390X_CAPBIT(S390X_AES_256), + 0ULL}, + /*.pcc = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P256) + | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P384) + | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P521), + 0ULL}, + /*.kdsa = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_ECDSA_VERIFY_P256) + | S390X_CAPBIT(S390X_ECDSA_VERIFY_P384) + | S390X_CAPBIT(S390X_ECDSA_VERIFY_P521) + | S390X_CAPBIT(S390X_ECDSA_SIGN_P256) + | S390X_CAPBIT(S390X_ECDSA_SIGN_P384) + | S390X_CAPBIT(S390X_ECDSA_SIGN_P521), + 0ULL}, }; char *tok_begin, *tok_end, *buff, tok[S390X_STFLE_MAX][LEN + 1]; @@ -551,6 +667,8 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap) else if TOK_FUNC(kmf) else if TOK_FUNC(prno) else if TOK_FUNC(kma) + else if TOK_FUNC(pcc) + else if TOK_FUNC(kdsa) /* CPU model tokens */ else if TOK_CPU(z900) @@ -561,6 +679,7 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap) else if TOK_CPU(zEC12) else if TOK_CPU(z13) else if TOK_CPU(z14) + else if TOK_CPU(z15) /* whitespace(ignored) or invalid tokens */ else { diff --git a/crypto/s390xcpuid.pl b/crypto/s390xcpuid.pl index 790fbc2c80..2678b21ea1 100755 --- a/crypto/s390xcpuid.pl +++ b/crypto/s390xcpuid.pl @@ -77,8 +77,13 @@ OPENSSL_s390x_functions: stg %r0,S390X_PRNO+8(%r4) stg %r0,S390X_KMA(%r4) stg %r0,S390X_KMA+8(%r4) + stg %r0,S390X_PCC(%r4) + stg %r0,S390X_PCC+8(%r4) + stg %r0,S390X_KDSA(%r4) + stg %r0,S390X_KDSA+8(%r4) lmg %r2,%r3,S390X_STFLE(%r4) + tmhl %r2,0x4000 # check for message-security-assist jz .Lret @@ -102,6 +107,13 @@ OPENSSL_s390x_functions: la %r1,S390X_KMAC(%r4) .long 0xb91e0042 # kmac %r4,%r2 + tmhh %r3,0x0003 # check for message-security-assist-3 + jz .Lret + + lghi %r0,S390X_QUERY # query pcc capability vector + la %r1,S390X_PCC(%r4) + .long 0xb92c0000 # pcc + tmhh %r3,0x0004 # check for message-security-assist-4 jz .Lret @@ -125,6 +137,7 @@ OPENSSL_s390x_functions: .long 0xb93c0042 # prno %r4,%r2 lg %r2,S390X_STFLE+16(%r4) + tmhl %r2,0x2000 # check for message-security-assist-8 jz .Lret @@ -132,6 +145,13 @@ OPENSSL_s390x_functions: la %r1,S390X_KMA(%r4) .long 0xb9294022 # kma %r2,%r4,%r2 + tmhl %r2,0x0010 # check for message-security-assist-9 + jz .Lret + + lghi %r0,S390X_QUERY # query kdsa capability vector + la %r1,S390X_KDSA(%r4) + .long 0xb93a0002 # kdsa %r0,%r2 + .Lret: br $ra .size OPENSSL_s390x_functions,.-OPENSSL_s390x_functions @@ -422,6 +442,57 @@ s390x_kma: ___ } +################ +# void s390x_pcc(unsigned int fc, void *param) +{ +my ($fc,$param) = map("%r$_",(2..3)); +$code.=<<___; +.globl s390x_pcc +.type s390x_pcc,\@function +.align 16 +s390x_pcc: + lr %r0,$fc + l${g}r %r1,$param + lhi %r2,0 + + .long 0xb92c0000 # pcc + brc 1,.-4 # pay attention to "partial completion" + brc 7,.Lpcc_err # if CC==0 return 0, else return 1 +.Lpcc_out: + br $ra +.Lpcc_err: + lhi %r2,1 + j .Lpcc_out +.size s390x_pcc,.-s390x_pcc +___ +} + +################ +# void s390x_kdsa(unsigned int fc, void *param, +# const unsigned char *in, size_t len) +{ +my ($fc,$param,$in,$len) = map("%r$_",(2..5)); +$code.=<<___; +.globl s390x_kdsa +.type s390x_kdsa,\@function +.align 16 +s390x_kdsa: + lr %r0,$fc + l${g}r %r1,$param + lhi %r2,0 + + .long 0xb93a0004 # kdsa %r0,$in + brc 1,.-4 # pay attention to "partial completion" + brc 7,.Lkdsa_err # if CC==0 return 0, else return 1 +.Lkdsa_out: + br $ra +.Lkdsa_err: + lhi %r2,1 + j .Lkdsa_out +.size s390x_kdsa,.-s390x_kdsa +___ +} + $code.=<<___; .section .init brasl $ra,OPENSSL_cpuid_setup -- 2.34.1