[deliverable/linux.git] / arch / s390 / crypto / des_s390.c

/*
 * Cryptographic API.
 *
 * s390 implementation of the DES Cipher Algorithm.
 *
 * Copyright (c) 2003 IBM Deutschland Entwicklung GmbH, IBM Corporation
 * Author(s): Thomas Spatzier (tspat@de.ibm.com)
 *
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 */
#include <linux/init.h>
#include <linux/module.h>
#include <linux/crypto.h>

#include "crypt_s390.h"
#include "crypto_des.h"

#define DES_BLOCK_SIZE 8
#define DES_KEY_SIZE 8

#define DES3_128_KEY_SIZE	(2 * DES_KEY_SIZE)
#define DES3_128_BLOCK_SIZE	DES_BLOCK_SIZE

#define DES3_192_KEY_SIZE	(3 * DES_KEY_SIZE)
#define DES3_192_BLOCK_SIZE	DES_BLOCK_SIZE

struct crypt_s390_des_ctx {
	u8 iv[DES_BLOCK_SIZE];
	u8 key[DES_KEY_SIZE];
};

struct crypt_s390_des3_128_ctx {
	u8 iv[DES_BLOCK_SIZE];
	u8 key[DES3_128_KEY_SIZE];
};

struct crypt_s390_des3_192_ctx {
	u8 iv[DES_BLOCK_SIZE];
	u8 key[DES3_192_KEY_SIZE];
};

static int des_setkey(struct crypto_tfm *tfm, const u8 *key,
		      unsigned int keylen)
{
	struct crypt_s390_des_ctx *dctx = crypto_tfm_ctx(tfm);
	u32 *flags = &tfm->crt_flags;
	int ret;

	/* test if key is valid (not a weak key) */
	ret = crypto_des_check_key(key, keylen, flags);
	if (ret == 0)
		memcpy(dctx->key, key, keylen);
	return ret;
}

static void des_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
{
	struct crypt_s390_des_ctx *dctx = crypto_tfm_ctx(tfm);

	crypt_s390_km(KM_DEA_ENCRYPT, dctx->key, out, in, DES_BLOCK_SIZE);
}

static void des_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
{
	struct crypt_s390_des_ctx *dctx = crypto_tfm_ctx(tfm);

	crypt_s390_km(KM_DEA_DECRYPT, dctx->key, out, in, DES_BLOCK_SIZE);
}

static unsigned int des_encrypt_ecb(const struct cipher_desc *desc, u8 *out,
				    const u8 *in, unsigned int nbytes)
{
	struct crypt_s390_des_ctx *sctx = crypto_tfm_ctx(desc->tfm);
	int ret;

	/* only use complete blocks */
	nbytes &= ~(DES_BLOCK_SIZE - 1);
	ret = crypt_s390_km(KM_DEA_ENCRYPT, sctx->key, out, in, nbytes);
	BUG_ON((ret < 0) || (ret != nbytes));

	return nbytes;
}

static unsigned int des_decrypt_ecb(const struct cipher_desc *desc, u8 *out,
				    const u8 *in, unsigned int nbytes)
{
	struct crypt_s390_des_ctx *sctx = crypto_tfm_ctx(desc->tfm);
	int ret;

	/* only use complete blocks */
	nbytes &= ~(DES_BLOCK_SIZE - 1);
	ret = crypt_s390_km(KM_DEA_DECRYPT, sctx->key, out, in, nbytes);
	BUG_ON((ret < 0) || (ret != nbytes));

	return nbytes;
}

static unsigned int des_encrypt_cbc(const struct cipher_desc *desc, u8 *out,
				    const u8 *in, unsigned int nbytes)
{
	struct crypt_s390_des_ctx *sctx = crypto_tfm_ctx(desc->tfm);
	int ret;

	/* only use complete blocks */
	nbytes &= ~(DES_BLOCK_SIZE - 1);

	memcpy(sctx->iv, desc->info, DES_BLOCK_SIZE);
	ret = crypt_s390_kmc(KMC_DEA_ENCRYPT, &sctx->iv, out, in, nbytes);
	BUG_ON((ret < 0) || (ret != nbytes));

	memcpy(desc->info, sctx->iv, DES_BLOCK_SIZE);
	return nbytes;
}

static unsigned int des_decrypt_cbc(const struct cipher_desc *desc, u8 *out,
				    const u8 *in, unsigned int nbytes)
{
	struct crypt_s390_des_ctx *sctx = crypto_tfm_ctx(desc->tfm);
	int ret;

	/* only use complete blocks */
	nbytes &= ~(DES_BLOCK_SIZE - 1);

	memcpy(&sctx->iv, desc->info, DES_BLOCK_SIZE);
	ret = crypt_s390_kmc(KMC_DEA_DECRYPT, &sctx->iv, out, in, nbytes);
	BUG_ON((ret < 0) || (ret != nbytes));

	return nbytes;
}

static struct crypto_alg des_alg = {
	.cra_name		=	"des",
	.cra_driver_name	=	"des-s390",
	.cra_priority		=	CRYPT_S390_PRIORITY,
	.cra_flags		=	CRYPTO_ALG_TYPE_CIPHER,
	.cra_blocksize		=	DES_BLOCK_SIZE,
	.cra_ctxsize		=	sizeof(struct crypt_s390_des_ctx),
	.cra_module		=	THIS_MODULE,
	.cra_list		=	LIST_HEAD_INIT(des_alg.cra_list),
	.cra_u			=	{
		.cipher = {
			.cia_min_keysize	=	DES_KEY_SIZE,
			.cia_max_keysize	=	DES_KEY_SIZE,
			.cia_setkey		=	des_setkey,
			.cia_encrypt		=	des_encrypt,
			.cia_decrypt		=	des_decrypt,
			.cia_encrypt_ecb	=	des_encrypt_ecb,
			.cia_decrypt_ecb	=	des_decrypt_ecb,
			.cia_encrypt_cbc	=	des_encrypt_cbc,
			.cia_decrypt_cbc	=	des_decrypt_cbc,
		}
	}
};

/*
 * RFC2451:
 *
 *   For DES-EDE3, there is no known need to reject weak or
 *   complementation keys.  Any weakness is obviated by the use of
 *   multiple keys.
 *
 *   However, if the two  independent 64-bit keys are equal,
 *   then the DES3 operation is simply the same as DES.
 *   Implementers MUST reject keys that exhibit this property.
 *
 */
static int des3_128_setkey(struct crypto_tfm *tfm, const u8 *key,
			   unsigned int keylen)
{
	int i, ret;
	struct crypt_s390_des3_128_ctx *dctx = crypto_tfm_ctx(tfm);
	const u8 *temp_key = key;
	u32 *flags = &tfm->crt_flags;

	if (!(memcmp(key, &key[DES_KEY_SIZE], DES_KEY_SIZE))) {
		*flags |= CRYPTO_TFM_RES_BAD_KEY_SCHED;
		return -EINVAL;
	}
	for (i = 0; i < 2; i++, temp_key += DES_KEY_SIZE) {
		ret = crypto_des_check_key(temp_key, DES_KEY_SIZE, flags);
		if (ret < 0)
			return ret;
	}
	memcpy(dctx->key, key, keylen);
	return 0;
}

static void des3_128_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
{
	struct crypt_s390_des3_128_ctx *dctx = crypto_tfm_ctx(tfm);

	crypt_s390_km(KM_TDEA_128_ENCRYPT, dctx->key, dst, (void*)src,
		      DES3_128_BLOCK_SIZE);
}

static void des3_128_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
{
	struct crypt_s390_des3_128_ctx *dctx = crypto_tfm_ctx(tfm);

	crypt_s390_km(KM_TDEA_128_DECRYPT, dctx->key, dst, (void*)src,
		      DES3_128_BLOCK_SIZE);
}

static unsigned int des3_128_encrypt_ecb(const struct cipher_desc *desc,
					 u8 *out, const u8 *in,
					 unsigned int nbytes)
{
	struct crypt_s390_des3_128_ctx *sctx = crypto_tfm_ctx(desc->tfm);
	int ret;

	/* only use complete blocks */
	nbytes &= ~(DES3_128_BLOCK_SIZE - 1);
	ret = crypt_s390_km(KM_TDEA_128_ENCRYPT, sctx->key, out, in, nbytes);
	BUG_ON((ret < 0) || (ret != nbytes));

	return nbytes;
}

static unsigned int des3_128_decrypt_ecb(const struct cipher_desc *desc,
					 u8 *out, const u8 *in,
					 unsigned int nbytes)
{
	struct crypt_s390_des3_128_ctx *sctx = crypto_tfm_ctx(desc->tfm);
	int ret;

	/* only use complete blocks */
	nbytes &= ~(DES3_128_BLOCK_SIZE - 1);
	ret = crypt_s390_km(KM_TDEA_128_DECRYPT, sctx->key, out, in, nbytes);
	BUG_ON((ret < 0) || (ret != nbytes));

	return nbytes;
}

static unsigned int des3_128_encrypt_cbc(const struct cipher_desc *desc,
					 u8 *out, const u8 *in,
					 unsigned int nbytes)
{
	struct crypt_s390_des3_128_ctx *sctx = crypto_tfm_ctx(desc->tfm);
	int ret;

	/* only use complete blocks */
	nbytes &= ~(DES3_128_BLOCK_SIZE - 1);

	memcpy(sctx->iv, desc->info, DES3_128_BLOCK_SIZE);
	ret = crypt_s390_kmc(KMC_TDEA_128_ENCRYPT, &sctx->iv, out, in, nbytes);
	BUG_ON((ret < 0) || (ret != nbytes));

	memcpy(desc->info, sctx->iv, DES3_128_BLOCK_SIZE);
	return nbytes;
}

static unsigned int des3_128_decrypt_cbc(const struct cipher_desc *desc,
					 u8 *out, const u8 *in,
					 unsigned int nbytes)
{
	struct crypt_s390_des3_128_ctx *sctx = crypto_tfm_ctx(desc->tfm);
	int ret;

	/* only use complete blocks */
	nbytes &= ~(DES3_128_BLOCK_SIZE - 1);

	memcpy(&sctx->iv, desc->info, DES3_128_BLOCK_SIZE);
	ret = crypt_s390_kmc(KMC_TDEA_128_DECRYPT, &sctx->iv, out, in, nbytes);
	BUG_ON((ret < 0) || (ret != nbytes));

	return nbytes;
}

static struct crypto_alg des3_128_alg = {
	.cra_name		=	"des3_ede128",
	.cra_driver_name	=	"des3_ede128-s390",
	.cra_priority		=	CRYPT_S390_PRIORITY,
	.cra_flags		=	CRYPTO_ALG_TYPE_CIPHER,
	.cra_blocksize		=	DES3_128_BLOCK_SIZE,
	.cra_ctxsize		=	sizeof(struct crypt_s390_des3_128_ctx),
	.cra_module		=	THIS_MODULE,
	.cra_list		=	LIST_HEAD_INIT(des3_128_alg.cra_list),
	.cra_u			=	{
		.cipher = {
			.cia_min_keysize	=	DES3_128_KEY_SIZE,
			.cia_max_keysize	=	DES3_128_KEY_SIZE,
			.cia_setkey		=	des3_128_setkey,
			.cia_encrypt		=	des3_128_encrypt,
			.cia_decrypt		=	des3_128_decrypt,
			.cia_encrypt_ecb	=	des3_128_encrypt_ecb,
			.cia_decrypt_ecb	=	des3_128_decrypt_ecb,
			.cia_encrypt_cbc	=	des3_128_encrypt_cbc,
			.cia_decrypt_cbc	=	des3_128_decrypt_cbc,
		}
	}
};

/*
 * RFC2451:
 *
 *   For DES-EDE3, there is no known need to reject weak or
 *   complementation keys.  Any weakness is obviated by the use of
 *   multiple keys.
 *
 *   However, if the first two or last two independent 64-bit keys are
 *   equal (k1 == k2 or k2 == k3), then the DES3 operation is simply the
 *   same as DES.  Implementers MUST reject keys that exhibit this
 *   property.
 *
 */
static int des3_192_setkey(struct crypto_tfm *tfm, const u8 *key,
			   unsigned int keylen)
{
	int i, ret;
	struct crypt_s390_des3_192_ctx *dctx = crypto_tfm_ctx(tfm);
	const u8 *temp_key = key;
	u32 *flags = &tfm->crt_flags;

	if (!(memcmp(key, &key[DES_KEY_SIZE], DES_KEY_SIZE) &&
	    memcmp(&key[DES_KEY_SIZE], &key[DES_KEY_SIZE * 2],
		   DES_KEY_SIZE))) {

		*flags |= CRYPTO_TFM_RES_BAD_KEY_SCHED;
		return -EINVAL;
	}
	for (i = 0; i < 3; i++, temp_key += DES_KEY_SIZE) {
		ret = crypto_des_check_key(temp_key, DES_KEY_SIZE, flags);
		if (ret < 0)
			return ret;
	}
	memcpy(dctx->key, key, keylen);
	return 0;
}

static void des3_192_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
{
	struct crypt_s390_des3_192_ctx *dctx = crypto_tfm_ctx(tfm);

	crypt_s390_km(KM_TDEA_192_ENCRYPT, dctx->key, dst, (void*)src,
		      DES3_192_BLOCK_SIZE);
}

static void des3_192_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
{
	struct crypt_s390_des3_192_ctx *dctx = crypto_tfm_ctx(tfm);

	crypt_s390_km(KM_TDEA_192_DECRYPT, dctx->key, dst, (void*)src,
		      DES3_192_BLOCK_SIZE);
}

static unsigned int des3_192_encrypt_ecb(const struct cipher_desc *desc,
					 u8 *out, const u8 *in,
					 unsigned int nbytes)
{
	struct crypt_s390_des3_192_ctx *sctx = crypto_tfm_ctx(desc->tfm);
	int ret;

	/* only use complete blocks */
	nbytes &= ~(DES3_192_BLOCK_SIZE - 1);
	ret = crypt_s390_km(KM_TDEA_192_ENCRYPT, sctx->key, out, in, nbytes);
	BUG_ON((ret < 0) || (ret != nbytes));

	return nbytes;
}

static unsigned int des3_192_decrypt_ecb(const struct cipher_desc *desc,
					 u8 *out, const u8 *in,
					 unsigned int nbytes)
{
	struct crypt_s390_des3_192_ctx *sctx = crypto_tfm_ctx(desc->tfm);
	int ret;

	/* only use complete blocks */
	nbytes &= ~(DES3_192_BLOCK_SIZE - 1);
	ret = crypt_s390_km(KM_TDEA_192_DECRYPT, sctx->key, out, in, nbytes);
	BUG_ON((ret < 0) || (ret != nbytes));

	return nbytes;
}

static unsigned int des3_192_encrypt_cbc(const struct cipher_desc *desc,
					 u8 *out, const u8 *in,
					 unsigned int nbytes)
{
	struct crypt_s390_des3_192_ctx *sctx = crypto_tfm_ctx(desc->tfm);
	int ret;

	/* only use complete blocks */
	nbytes &= ~(DES3_192_BLOCK_SIZE - 1);

	memcpy(sctx->iv, desc->info, DES3_192_BLOCK_SIZE);
	ret = crypt_s390_kmc(KMC_TDEA_192_ENCRYPT, &sctx->iv, out, in, nbytes);
	BUG_ON((ret < 0) || (ret != nbytes));

	memcpy(desc->info, sctx->iv, DES3_192_BLOCK_SIZE);
	return nbytes;
}

static unsigned int des3_192_decrypt_cbc(const struct cipher_desc *desc,
					 u8 *out, const u8 *in,
					 unsigned int nbytes)
{
	struct crypt_s390_des3_192_ctx *sctx = crypto_tfm_ctx(desc->tfm);
	int ret;

	/* only use complete blocks */
	nbytes &= ~(DES3_192_BLOCK_SIZE - 1);

	memcpy(&sctx->iv, desc->info, DES3_192_BLOCK_SIZE);
	ret = crypt_s390_kmc(KMC_TDEA_192_DECRYPT, &sctx->iv, out, in, nbytes);
	BUG_ON((ret < 0) || (ret != nbytes));

	return nbytes;
}

static struct crypto_alg des3_192_alg = {
	.cra_name		=	"des3_ede",
	.cra_driver_name	=	"des3_ede-s390",
	.cra_priority		=	CRYPT_S390_PRIORITY,
	.cra_flags		=	CRYPTO_ALG_TYPE_CIPHER,
	.cra_blocksize		=	DES3_192_BLOCK_SIZE,
	.cra_ctxsize		=	sizeof(struct crypt_s390_des3_192_ctx),
	.cra_module		=	THIS_MODULE,
	.cra_list		=	LIST_HEAD_INIT(des3_192_alg.cra_list),
	.cra_u			=	{
		.cipher = {
			.cia_min_keysize	=	DES3_192_KEY_SIZE,
			.cia_max_keysize	=	DES3_192_KEY_SIZE,
			.cia_setkey		=	des3_192_setkey,
			.cia_encrypt		=	des3_192_encrypt,
			.cia_decrypt		=	des3_192_decrypt,
			.cia_encrypt_ecb	=	des3_192_encrypt_ecb,
			.cia_decrypt_ecb	=	des3_192_decrypt_ecb,
			.cia_encrypt_cbc	=	des3_192_encrypt_cbc,
			.cia_decrypt_cbc	=	des3_192_decrypt_cbc,
		}
	}
};

static int init(void)
{
	int ret = 0;

	if (!crypt_s390_func_available(KM_DEA_ENCRYPT) ||
	    !crypt_s390_func_available(KM_TDEA_128_ENCRYPT) ||
	    !crypt_s390_func_available(KM_TDEA_192_ENCRYPT))
		return -ENOSYS;

	ret |= (crypto_register_alg(&des_alg) == 0) ? 0:1;
	ret |= (crypto_register_alg(&des3_128_alg) == 0) ? 0:2;
	ret |= (crypto_register_alg(&des3_192_alg) == 0) ? 0:4;
	if (ret) {
		crypto_unregister_alg(&des3_192_alg);
		crypto_unregister_alg(&des3_128_alg);
		crypto_unregister_alg(&des_alg);
		return -EEXIST;
	}
	return 0;
}

static void __exit fini(void)
{
	crypto_unregister_alg(&des3_192_alg);
	crypto_unregister_alg(&des3_128_alg);
	crypto_unregister_alg(&des_alg);
}

module_init(init);
module_exit(fini);

MODULE_ALIAS("des");
MODULE_ALIAS("des3_ede");

MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("DES & Triple DES EDE Cipher Algorithms");
Commit	Line	Data
1da177e4 LT	1	/*
	2	* Cryptographic API.
	3	*
c1e26e1e	4	* s390 implementation of the DES Cipher Algorithm.
1da177e4 LT	5	*
	6	* Copyright (c) 2003 IBM Deutschland Entwicklung GmbH, IBM Corporation
	7	* Author(s): Thomas Spatzier (tspat@de.ibm.com)
	8	*
	9	*
	10	* This program is free software; you can redistribute it and/or modify
	11	* it under the terms of the GNU General Public License as published by
	12	* the Free Software Foundation; either version 2 of the License, or
	13	* (at your option) any later version.
	14	*
	15	*/
	16	#include <linux/init.h>
	17	#include <linux/module.h>
1da177e4	18	#include <linux/crypto.h>
c1357833	19
c1e26e1e	20	#include "crypt_s390.h"
1da177e4 LT	21	#include "crypto_des.h"
	22
	23	#define DES_BLOCK_SIZE 8
	24	#define DES_KEY_SIZE 8
	25
	26	#define DES3_128_KEY_SIZE (2 * DES_KEY_SIZE)
	27	#define DES3_128_BLOCK_SIZE DES_BLOCK_SIZE
	28
	29	#define DES3_192_KEY_SIZE (3 * DES_KEY_SIZE)
	30	#define DES3_192_BLOCK_SIZE DES_BLOCK_SIZE
	31
c1e26e1e	32	struct crypt_s390_des_ctx {
1da177e4 LT	33	u8 iv[DES_BLOCK_SIZE];
	34	u8 key[DES_KEY_SIZE];
	35	};
	36
c1e26e1e	37	struct crypt_s390_des3_128_ctx {
1da177e4 LT	38	u8 iv[DES_BLOCK_SIZE];
	39	u8 key[DES3_128_KEY_SIZE];
	40	};
	41
c1e26e1e	42	struct crypt_s390_des3_192_ctx {
1da177e4 LT	43	u8 iv[DES_BLOCK_SIZE];
	44	u8 key[DES3_192_KEY_SIZE];
	45	};
	46
6c2bb98b	47	static int des_setkey(struct crypto_tfm tfm, const u8 key,
560c06ae	48	unsigned int keylen)
1da177e4	49	{
6c2bb98b	50	struct crypt_s390_des_ctx *dctx = crypto_tfm_ctx(tfm);
560c06ae	51	u32 *flags = &tfm->crt_flags;
1da177e4 LT	52	int ret;
1da177e4 LT	53
c1357833	54	/* test if key is valid (not a weak key) */
1da177e4	55	ret = crypto_des_check_key(key, keylen, flags);
c1357833	56	if (ret == 0)
1da177e4	57	memcpy(dctx->key, key, keylen);
1da177e4 LT	58	return ret;
	59	}
	60
6c2bb98b	61	static void des_encrypt(struct crypto_tfm tfm, u8 out, const u8 *in)
1da177e4	62	{
6c2bb98b	63	struct crypt_s390_des_ctx *dctx = crypto_tfm_ctx(tfm);
1da177e4	64
b8dc6038	65	crypt_s390_km(KM_DEA_ENCRYPT, dctx->key, out, in, DES_BLOCK_SIZE);
1da177e4 LT	66	}
1da177e4 LT	67
6c2bb98b	68	static void des_decrypt(struct crypto_tfm tfm, u8 out, const u8 *in)
1da177e4	69	{
6c2bb98b	70	struct crypt_s390_des_ctx *dctx = crypto_tfm_ctx(tfm);
1da177e4	71
b8dc6038 JG	72	crypt_s390_km(KM_DEA_DECRYPT, dctx->key, out, in, DES_BLOCK_SIZE);
	73	}
	74
	75	static unsigned int des_encrypt_ecb(const struct cipher_desc desc, u8 out,
	76	const u8 *in, unsigned int nbytes)
	77	{
	78	struct crypt_s390_des_ctx *sctx = crypto_tfm_ctx(desc->tfm);
	79	int ret;
	80
	81	/* only use complete blocks */
	82	nbytes &= ~(DES_BLOCK_SIZE - 1);
	83	ret = crypt_s390_km(KM_DEA_ENCRYPT, sctx->key, out, in, nbytes);
	84	BUG_ON((ret < 0) \|\| (ret != nbytes));
	85
	86	return nbytes;
	87	}
	88
	89	static unsigned int des_decrypt_ecb(const struct cipher_desc desc, u8 out,
	90	const u8 *in, unsigned int nbytes)
	91	{
	92	struct crypt_s390_des_ctx *sctx = crypto_tfm_ctx(desc->tfm);
	93	int ret;
	94
	95	/* only use complete blocks */
	96	nbytes &= ~(DES_BLOCK_SIZE - 1);
	97	ret = crypt_s390_km(KM_DEA_DECRYPT, sctx->key, out, in, nbytes);
	98	BUG_ON((ret < 0) \|\| (ret != nbytes));
	99
	100	return nbytes;
	101	}
	102
	103	static unsigned int des_encrypt_cbc(const struct cipher_desc desc, u8 out,
	104	const u8 *in, unsigned int nbytes)
	105	{
	106	struct crypt_s390_des_ctx *sctx = crypto_tfm_ctx(desc->tfm);
	107	int ret;
	108
	109	/* only use complete blocks */
	110	nbytes &= ~(DES_BLOCK_SIZE - 1);
	111
	112	memcpy(sctx->iv, desc->info, DES_BLOCK_SIZE);
	113	ret = crypt_s390_kmc(KMC_DEA_ENCRYPT, &sctx->iv, out, in, nbytes);
	114	BUG_ON((ret < 0) \|\| (ret != nbytes));
	115
	116	memcpy(desc->info, sctx->iv, DES_BLOCK_SIZE);
	117	return nbytes;
	118	}
	119
	120	static unsigned int des_decrypt_cbc(const struct cipher_desc desc, u8 out,
	121	const u8 *in, unsigned int nbytes)
	122	{
	123	struct crypt_s390_des_ctx *sctx = crypto_tfm_ctx(desc->tfm);
	124	int ret;
	125
	126	/* only use complete blocks */
	127	nbytes &= ~(DES_BLOCK_SIZE - 1);
	128
	129	memcpy(&sctx->iv, desc->info, DES_BLOCK_SIZE);
	130	ret = crypt_s390_kmc(KMC_DEA_DECRYPT, &sctx->iv, out, in, nbytes);
	131	BUG_ON((ret < 0) \|\| (ret != nbytes));
	132
	133	return nbytes;
1da177e4 LT	134	}
	135
	136	static struct crypto_alg des_alg = {
	137	.cra_name = "des",
65b75c36 HX	138	.cra_driver_name = "des-s390",
65b75c36 HX	139	.cra_priority = CRYPT_S390_PRIORITY,
1da177e4 LT	140	.cra_flags = CRYPTO_ALG_TYPE_CIPHER,
1da177e4 LT	141	.cra_blocksize = DES_BLOCK_SIZE,
c1e26e1e	142	.cra_ctxsize = sizeof(struct crypt_s390_des_ctx),
1da177e4 LT	143	.cra_module = THIS_MODULE,
1da177e4 LT	144	.cra_list = LIST_HEAD_INIT(des_alg.cra_list),
c1357833 JG	145	.cra_u = {
	146	.cipher = {
	147	.cia_min_keysize = DES_KEY_SIZE,
	148	.cia_max_keysize = DES_KEY_SIZE,
	149	.cia_setkey = des_setkey,
	150	.cia_encrypt = des_encrypt,
b8dc6038 JG	151	.cia_decrypt = des_decrypt,
	152	.cia_encrypt_ecb = des_encrypt_ecb,
	153	.cia_decrypt_ecb = des_decrypt_ecb,
	154	.cia_encrypt_cbc = des_encrypt_cbc,
	155	.cia_decrypt_cbc = des_decrypt_cbc,
c1357833 JG	156	}
c1357833 JG	157	}
1da177e4 LT	158	};
	159
	160	/*
	161	* RFC2451:
	162	*
	163	* For DES-EDE3, there is no known need to reject weak or
	164	* complementation keys. Any weakness is obviated by the use of
	165	* multiple keys.
	166	*
	167	* However, if the two independent 64-bit keys are equal,
	168	* then the DES3 operation is simply the same as DES.
	169	* Implementers MUST reject keys that exhibit this property.
	170	*
	171	*/
6c2bb98b	172	static int des3_128_setkey(struct crypto_tfm tfm, const u8 key,
560c06ae	173	unsigned int keylen)
1da177e4 LT	174	{
1da177e4 LT	175	int i, ret;
6c2bb98b	176	struct crypt_s390_des3_128_ctx *dctx = crypto_tfm_ctx(tfm);
560c06ae HX	177	const u8 *temp_key = key;
560c06ae HX	178	u32 *flags = &tfm->crt_flags;
1da177e4	179
1da177e4	180	if (!(memcmp(key, &key[DES_KEY_SIZE], DES_KEY_SIZE))) {
1da177e4 LT	181	*flags \|= CRYPTO_TFM_RES_BAD_KEY_SCHED;
	182	return -EINVAL;
	183	}
c1357833	184	for (i = 0; i < 2; i++, temp_key += DES_KEY_SIZE) {
1da177e4 LT	185	ret = crypto_des_check_key(temp_key, DES_KEY_SIZE, flags);
	186	if (ret < 0)
	187	return ret;
	188	}
	189	memcpy(dctx->key, key, keylen);
	190	return 0;
	191	}
	192
6c2bb98b	193	static void des3_128_encrypt(struct crypto_tfm tfm, u8 dst, const u8 *src)
1da177e4	194	{
6c2bb98b	195	struct crypt_s390_des3_128_ctx *dctx = crypto_tfm_ctx(tfm);
1da177e4	196
c1e26e1e	197	crypt_s390_km(KM_TDEA_128_ENCRYPT, dctx->key, dst, (void*)src,
c1357833	198	DES3_128_BLOCK_SIZE);
1da177e4 LT	199	}
1da177e4 LT	200
6c2bb98b	201	static void des3_128_decrypt(struct crypto_tfm tfm, u8 dst, const u8 *src)
1da177e4	202	{
6c2bb98b	203	struct crypt_s390_des3_128_ctx *dctx = crypto_tfm_ctx(tfm);
1da177e4	204
c1e26e1e	205	crypt_s390_km(KM_TDEA_128_DECRYPT, dctx->key, dst, (void*)src,
c1357833	206	DES3_128_BLOCK_SIZE);
1da177e4 LT	207	}
1da177e4 LT	208
b8dc6038 JG	209	static unsigned int des3_128_encrypt_ecb(const struct cipher_desc *desc,
	210	u8 out, const u8 in,
	211	unsigned int nbytes)
	212	{
	213	struct crypt_s390_des3_128_ctx *sctx = crypto_tfm_ctx(desc->tfm);
	214	int ret;
	215
	216	/* only use complete blocks */
	217	nbytes &= ~(DES3_128_BLOCK_SIZE - 1);
	218	ret = crypt_s390_km(KM_TDEA_128_ENCRYPT, sctx->key, out, in, nbytes);
	219	BUG_ON((ret < 0) \|\| (ret != nbytes));
	220
	221	return nbytes;
	222	}
	223
	224	static unsigned int des3_128_decrypt_ecb(const struct cipher_desc *desc,
	225	u8 out, const u8 in,
	226	unsigned int nbytes)
	227	{
	228	struct crypt_s390_des3_128_ctx *sctx = crypto_tfm_ctx(desc->tfm);
	229	int ret;
	230
	231	/* only use complete blocks */
	232	nbytes &= ~(DES3_128_BLOCK_SIZE - 1);
	233	ret = crypt_s390_km(KM_TDEA_128_DECRYPT, sctx->key, out, in, nbytes);
	234	BUG_ON((ret < 0) \|\| (ret != nbytes));
	235
	236	return nbytes;
	237	}
	238
	239	static unsigned int des3_128_encrypt_cbc(const struct cipher_desc *desc,
	240	u8 out, const u8 in,
	241	unsigned int nbytes)
	242	{
	243	struct crypt_s390_des3_128_ctx *sctx = crypto_tfm_ctx(desc->tfm);
	244	int ret;
	245
	246	/* only use complete blocks */
	247	nbytes &= ~(DES3_128_BLOCK_SIZE - 1);
	248
	249	memcpy(sctx->iv, desc->info, DES3_128_BLOCK_SIZE);
	250	ret = crypt_s390_kmc(KMC_TDEA_128_ENCRYPT, &sctx->iv, out, in, nbytes);
	251	BUG_ON((ret < 0) \|\| (ret != nbytes));
	252
	253	memcpy(desc->info, sctx->iv, DES3_128_BLOCK_SIZE);
	254	return nbytes;
	255	}
	256
	257	static unsigned int des3_128_decrypt_cbc(const struct cipher_desc *desc,
	258	u8 out, const u8 in,
	259	unsigned int nbytes)
	260	{
	261	struct crypt_s390_des3_128_ctx *sctx = crypto_tfm_ctx(desc->tfm);
	262	int ret;
	263
	264	/* only use complete blocks */
	265	nbytes &= ~(DES3_128_BLOCK_SIZE - 1);
	266
	267	memcpy(&sctx->iv, desc->info, DES3_128_BLOCK_SIZE);
	268	ret = crypt_s390_kmc(KMC_TDEA_128_DECRYPT, &sctx->iv, out, in, nbytes);
	269	BUG_ON((ret < 0) \|\| (ret != nbytes));
	270
	271	return nbytes;
	272	}
273
1da177e4 LT	274	static struct crypto_alg des3_128_alg = {
1da177e4 LT	275	.cra_name = "des3_ede128",
65b75c36 HX	276	.cra_driver_name = "des3_ede128-s390",
65b75c36 HX	277	.cra_priority = CRYPT_S390_PRIORITY,
1da177e4 LT	278	.cra_flags = CRYPTO_ALG_TYPE_CIPHER,
1da177e4 LT	279	.cra_blocksize = DES3_128_BLOCK_SIZE,
c1e26e1e	280	.cra_ctxsize = sizeof(struct crypt_s390_des3_128_ctx),
1da177e4 LT	281	.cra_module = THIS_MODULE,
1da177e4 LT	282	.cra_list = LIST_HEAD_INIT(des3_128_alg.cra_list),
c1357833 JG	283	.cra_u = {
	284	.cipher = {
	285	.cia_min_keysize = DES3_128_KEY_SIZE,
	286	.cia_max_keysize = DES3_128_KEY_SIZE,
	287	.cia_setkey = des3_128_setkey,
	288	.cia_encrypt = des3_128_encrypt,
b8dc6038 JG	289	.cia_decrypt = des3_128_decrypt,
	290	.cia_encrypt_ecb = des3_128_encrypt_ecb,
	291	.cia_decrypt_ecb = des3_128_decrypt_ecb,
	292	.cia_encrypt_cbc = des3_128_encrypt_cbc,
	293	.cia_decrypt_cbc = des3_128_decrypt_cbc,
c1357833 JG	294	}
c1357833 JG	295	}
1da177e4 LT	296	};
	297
	298	/*
	299	* RFC2451:
	300	*
	301	* For DES-EDE3, there is no known need to reject weak or
	302	* complementation keys. Any weakness is obviated by the use of
	303	* multiple keys.
	304	*
	305	* However, if the first two or last two independent 64-bit keys are
	306	* equal (k1 == k2 or k2 == k3), then the DES3 operation is simply the
	307	* same as DES. Implementers MUST reject keys that exhibit this
	308	* property.
	309	*
	310	*/
6c2bb98b	311	static int des3_192_setkey(struct crypto_tfm tfm, const u8 key,
560c06ae	312	unsigned int keylen)
1da177e4 LT	313	{
1da177e4 LT	314	int i, ret;
6c2bb98b	315	struct crypt_s390_des3_192_ctx *dctx = crypto_tfm_ctx(tfm);
560c06ae HX	316	const u8 *temp_key = key;
560c06ae HX	317	u32 *flags = &tfm->crt_flags;
1da177e4	318
1da177e4 LT	319	if (!(memcmp(key, &key[DES_KEY_SIZE], DES_KEY_SIZE) &&
1da177e4 LT	320	memcmp(&key[DES_KEY_SIZE], &key[DES_KEY_SIZE * 2],
c1357833	321	DES_KEY_SIZE))) {
1da177e4 LT	322
	323	*flags \|= CRYPTO_TFM_RES_BAD_KEY_SCHED;
	324	return -EINVAL;
	325	}
	326	for (i = 0; i < 3; i++, temp_key += DES_KEY_SIZE) {
	327	ret = crypto_des_check_key(temp_key, DES_KEY_SIZE, flags);
c1357833	328	if (ret < 0)
1da177e4	329	return ret;
1da177e4 LT	330	}
	331	memcpy(dctx->key, key, keylen);
	332	return 0;
	333	}
	334
6c2bb98b	335	static void des3_192_encrypt(struct crypto_tfm tfm, u8 dst, const u8 *src)
1da177e4	336	{
6c2bb98b	337	struct crypt_s390_des3_192_ctx *dctx = crypto_tfm_ctx(tfm);
1da177e4	338
c1e26e1e	339	crypt_s390_km(KM_TDEA_192_ENCRYPT, dctx->key, dst, (void*)src,
c1357833	340	DES3_192_BLOCK_SIZE);
1da177e4 LT	341	}
1da177e4 LT	342
6c2bb98b	343	static void des3_192_decrypt(struct crypto_tfm tfm, u8 dst, const u8 *src)
1da177e4	344	{
6c2bb98b	345	struct crypt_s390_des3_192_ctx *dctx = crypto_tfm_ctx(tfm);
1da177e4	346
c1e26e1e	347	crypt_s390_km(KM_TDEA_192_DECRYPT, dctx->key, dst, (void*)src,
c1357833	348	DES3_192_BLOCK_SIZE);
1da177e4 LT	349	}
1da177e4 LT	350
b8dc6038 JG	351	static unsigned int des3_192_encrypt_ecb(const struct cipher_desc *desc,
	352	u8 out, const u8 in,
	353	unsigned int nbytes)
	354	{
	355	struct crypt_s390_des3_192_ctx *sctx = crypto_tfm_ctx(desc->tfm);
	356	int ret;
	357
	358	/* only use complete blocks */
	359	nbytes &= ~(DES3_192_BLOCK_SIZE - 1);
	360	ret = crypt_s390_km(KM_TDEA_192_ENCRYPT, sctx->key, out, in, nbytes);
	361	BUG_ON((ret < 0) \|\| (ret != nbytes));
	362
	363	return nbytes;
	364	}
	365
	366	static unsigned int des3_192_decrypt_ecb(const struct cipher_desc *desc,
	367	u8 out, const u8 in,
	368	unsigned int nbytes)
	369	{
	370	struct crypt_s390_des3_192_ctx *sctx = crypto_tfm_ctx(desc->tfm);
	371	int ret;
	372
	373	/* only use complete blocks */
	374	nbytes &= ~(DES3_192_BLOCK_SIZE - 1);
	375	ret = crypt_s390_km(KM_TDEA_192_DECRYPT, sctx->key, out, in, nbytes);
	376	BUG_ON((ret < 0) \|\| (ret != nbytes));
	377
	378	return nbytes;
	379	}
	380
	381	static unsigned int des3_192_encrypt_cbc(const struct cipher_desc *desc,
	382	u8 out, const u8 in,
	383	unsigned int nbytes)
	384	{
	385	struct crypt_s390_des3_192_ctx *sctx = crypto_tfm_ctx(desc->tfm);
	386	int ret;
	387
	388	/* only use complete blocks */
	389	nbytes &= ~(DES3_192_BLOCK_SIZE - 1);
	390
	391	memcpy(sctx->iv, desc->info, DES3_192_BLOCK_SIZE);
	392	ret = crypt_s390_kmc(KMC_TDEA_192_ENCRYPT, &sctx->iv, out, in, nbytes);
	393	BUG_ON((ret < 0) \|\| (ret != nbytes));
	394
	395	memcpy(desc->info, sctx->iv, DES3_192_BLOCK_SIZE);
	396	return nbytes;
	397	}
	398
	399	static unsigned int des3_192_decrypt_cbc(const struct cipher_desc *desc,
	400	u8 out, const u8 in,
	401	unsigned int nbytes)
	402	{
	403	struct crypt_s390_des3_192_ctx *sctx = crypto_tfm_ctx(desc->tfm);
	404	int ret;
	405
	406	/* only use complete blocks */
	407	nbytes &= ~(DES3_192_BLOCK_SIZE - 1);
	408
	409	memcpy(&sctx->iv, desc->info, DES3_192_BLOCK_SIZE);
	410	ret = crypt_s390_kmc(KMC_TDEA_192_DECRYPT, &sctx->iv, out, in, nbytes);
	411	BUG_ON((ret < 0) \|\| (ret != nbytes));
	412
	413	return nbytes;
	414	}
415
1da177e4 LT	416	static struct crypto_alg des3_192_alg = {
1da177e4 LT	417	.cra_name = "des3_ede",
65b75c36 HX	418	.cra_driver_name = "des3_ede-s390",
65b75c36 HX	419	.cra_priority = CRYPT_S390_PRIORITY,
1da177e4 LT	420	.cra_flags = CRYPTO_ALG_TYPE_CIPHER,
1da177e4 LT	421	.cra_blocksize = DES3_192_BLOCK_SIZE,
c1e26e1e	422	.cra_ctxsize = sizeof(struct crypt_s390_des3_192_ctx),
1da177e4 LT	423	.cra_module = THIS_MODULE,
1da177e4 LT	424	.cra_list = LIST_HEAD_INIT(des3_192_alg.cra_list),
c1357833 JG	425	.cra_u = {
	426	.cipher = {
	427	.cia_min_keysize = DES3_192_KEY_SIZE,
	428	.cia_max_keysize = DES3_192_KEY_SIZE,
	429	.cia_setkey = des3_192_setkey,
	430	.cia_encrypt = des3_192_encrypt,
b8dc6038 JG	431	.cia_decrypt = des3_192_decrypt,
	432	.cia_encrypt_ecb = des3_192_encrypt_ecb,
	433	.cia_decrypt_ecb = des3_192_decrypt_ecb,
	434	.cia_encrypt_cbc = des3_192_encrypt_cbc,
	435	.cia_decrypt_cbc = des3_192_decrypt_cbc,
c1357833 JG	436	}
c1357833 JG	437	}
1da177e4 LT	438	};
1da177e4 LT	439
c1357833	440	static int init(void)
1da177e4	441	{
c1357833	442	int ret = 0;
1da177e4	443
c1e26e1e JG	444	if (!crypt_s390_func_available(KM_DEA_ENCRYPT) \|\|
c1e26e1e JG	445	!crypt_s390_func_available(KM_TDEA_128_ENCRYPT) \|\|
c1357833	446	!crypt_s390_func_available(KM_TDEA_192_ENCRYPT))
1da177e4	447	return -ENOSYS;
1da177e4	448
c1357833 JG	449	ret \|= (crypto_register_alg(&des_alg) == 0) ? 0:1;
	450	ret \|= (crypto_register_alg(&des3_128_alg) == 0) ? 0:2;
	451	ret \|= (crypto_register_alg(&des3_192_alg) == 0) ? 0:4;
	452	if (ret) {
1da177e4 LT	453	crypto_unregister_alg(&des3_192_alg);
	454	crypto_unregister_alg(&des3_128_alg);
	455	crypto_unregister_alg(&des_alg);
	456	return -EEXIST;
	457	}
1da177e4 LT	458	return 0;
	459	}
	460
c1357833	461	static void __exit fini(void)
1da177e4 LT	462	{
	463	crypto_unregister_alg(&des3_192_alg);
	464	crypto_unregister_alg(&des3_128_alg);
	465	crypto_unregister_alg(&des_alg);
	466	}
	467
	468	module_init(init);
	469	module_exit(fini);
	470
	471	MODULE_ALIAS("des");
	472	MODULE_ALIAS("des3_ede");
	473
	474	MODULE_LICENSE("GPL");
	475	MODULE_DESCRIPTION("DES & Triple DES EDE Cipher Algorithms");