Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | /* |
2 | * Cryptographic API. | |
3 | * | |
c1e26e1e | 4 | * s390 implementation of the DES Cipher Algorithm. |
1da177e4 | 5 | * |
86aa9fc2 JG |
6 | * Copyright IBM Corp. 2003,2007 |
7 | * Author(s): Thomas Spatzier | |
8 | * Jan Glauber (jan.glauber@de.ibm.com) | |
1da177e4 LT |
9 | * |
10 | * This program is free software; you can redistribute it and/or modify | |
11 | * it under the terms of the GNU General Public License as published by | |
12 | * the Free Software Foundation; either version 2 of the License, or | |
13 | * (at your option) any later version. | |
14 | * | |
15 | */ | |
a9e62fad HX |
16 | |
17 | #include <crypto/algapi.h> | |
1da177e4 LT |
18 | #include <linux/init.h> |
19 | #include <linux/module.h> | |
c1357833 | 20 | |
c1e26e1e | 21 | #include "crypt_s390.h" |
1da177e4 LT |
22 | #include "crypto_des.h" |
23 | ||
24 | #define DES_BLOCK_SIZE 8 | |
25 | #define DES_KEY_SIZE 8 | |
26 | ||
1da177e4 LT |
27 | #define DES3_192_KEY_SIZE (3 * DES_KEY_SIZE) |
28 | #define DES3_192_BLOCK_SIZE DES_BLOCK_SIZE | |
29 | ||
c1e26e1e | 30 | struct crypt_s390_des_ctx { |
1da177e4 LT |
31 | u8 iv[DES_BLOCK_SIZE]; |
32 | u8 key[DES_KEY_SIZE]; | |
33 | }; | |
34 | ||
c1e26e1e | 35 | struct crypt_s390_des3_192_ctx { |
1da177e4 LT |
36 | u8 iv[DES_BLOCK_SIZE]; |
37 | u8 key[DES3_192_KEY_SIZE]; | |
38 | }; | |
39 | ||
6c2bb98b | 40 | static int des_setkey(struct crypto_tfm *tfm, const u8 *key, |
560c06ae | 41 | unsigned int keylen) |
1da177e4 | 42 | { |
6c2bb98b | 43 | struct crypt_s390_des_ctx *dctx = crypto_tfm_ctx(tfm); |
560c06ae | 44 | u32 *flags = &tfm->crt_flags; |
1da177e4 LT |
45 | int ret; |
46 | ||
c1357833 | 47 | /* test if key is valid (not a weak key) */ |
1da177e4 | 48 | ret = crypto_des_check_key(key, keylen, flags); |
c1357833 | 49 | if (ret == 0) |
1da177e4 | 50 | memcpy(dctx->key, key, keylen); |
1da177e4 LT |
51 | return ret; |
52 | } | |
53 | ||
6c2bb98b | 54 | static void des_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) |
1da177e4 | 55 | { |
6c2bb98b | 56 | struct crypt_s390_des_ctx *dctx = crypto_tfm_ctx(tfm); |
1da177e4 | 57 | |
b8dc6038 | 58 | crypt_s390_km(KM_DEA_ENCRYPT, dctx->key, out, in, DES_BLOCK_SIZE); |
1da177e4 LT |
59 | } |
60 | ||
6c2bb98b | 61 | static void des_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) |
1da177e4 | 62 | { |
6c2bb98b | 63 | struct crypt_s390_des_ctx *dctx = crypto_tfm_ctx(tfm); |
1da177e4 | 64 | |
b8dc6038 JG |
65 | crypt_s390_km(KM_DEA_DECRYPT, dctx->key, out, in, DES_BLOCK_SIZE); |
66 | } | |
67 | ||
1da177e4 LT |
68 | static struct crypto_alg des_alg = { |
69 | .cra_name = "des", | |
65b75c36 HX |
70 | .cra_driver_name = "des-s390", |
71 | .cra_priority = CRYPT_S390_PRIORITY, | |
1da177e4 LT |
72 | .cra_flags = CRYPTO_ALG_TYPE_CIPHER, |
73 | .cra_blocksize = DES_BLOCK_SIZE, | |
c1e26e1e | 74 | .cra_ctxsize = sizeof(struct crypt_s390_des_ctx), |
1da177e4 LT |
75 | .cra_module = THIS_MODULE, |
76 | .cra_list = LIST_HEAD_INIT(des_alg.cra_list), | |
c1357833 JG |
77 | .cra_u = { |
78 | .cipher = { | |
79 | .cia_min_keysize = DES_KEY_SIZE, | |
80 | .cia_max_keysize = DES_KEY_SIZE, | |
81 | .cia_setkey = des_setkey, | |
82 | .cia_encrypt = des_encrypt, | |
b8dc6038 | 83 | .cia_decrypt = des_decrypt, |
c1357833 JG |
84 | } |
85 | } | |
1da177e4 LT |
86 | }; |
87 | ||
a9e62fad HX |
88 | static int ecb_desall_crypt(struct blkcipher_desc *desc, long func, |
89 | void *param, struct blkcipher_walk *walk) | |
90 | { | |
91 | int ret = blkcipher_walk_virt(desc, walk); | |
92 | unsigned int nbytes; | |
93 | ||
94 | while ((nbytes = walk->nbytes)) { | |
95 | /* only use complete blocks */ | |
96 | unsigned int n = nbytes & ~(DES_BLOCK_SIZE - 1); | |
97 | u8 *out = walk->dst.virt.addr; | |
98 | u8 *in = walk->src.virt.addr; | |
99 | ||
100 | ret = crypt_s390_km(func, param, out, in, n); | |
101 | BUG_ON((ret < 0) || (ret != n)); | |
102 | ||
103 | nbytes &= DES_BLOCK_SIZE - 1; | |
104 | ret = blkcipher_walk_done(desc, walk, nbytes); | |
105 | } | |
106 | ||
107 | return ret; | |
108 | } | |
109 | ||
110 | static int cbc_desall_crypt(struct blkcipher_desc *desc, long func, | |
111 | void *param, struct blkcipher_walk *walk) | |
112 | { | |
113 | int ret = blkcipher_walk_virt(desc, walk); | |
114 | unsigned int nbytes = walk->nbytes; | |
115 | ||
116 | if (!nbytes) | |
117 | goto out; | |
118 | ||
119 | memcpy(param, walk->iv, DES_BLOCK_SIZE); | |
120 | do { | |
121 | /* only use complete blocks */ | |
122 | unsigned int n = nbytes & ~(DES_BLOCK_SIZE - 1); | |
123 | u8 *out = walk->dst.virt.addr; | |
124 | u8 *in = walk->src.virt.addr; | |
125 | ||
126 | ret = crypt_s390_kmc(func, param, out, in, n); | |
127 | BUG_ON((ret < 0) || (ret != n)); | |
128 | ||
129 | nbytes &= DES_BLOCK_SIZE - 1; | |
130 | ret = blkcipher_walk_done(desc, walk, nbytes); | |
131 | } while ((nbytes = walk->nbytes)); | |
132 | memcpy(walk->iv, param, DES_BLOCK_SIZE); | |
133 | ||
134 | out: | |
135 | return ret; | |
136 | } | |
137 | ||
138 | static int ecb_des_encrypt(struct blkcipher_desc *desc, | |
139 | struct scatterlist *dst, struct scatterlist *src, | |
140 | unsigned int nbytes) | |
141 | { | |
142 | struct crypt_s390_des_ctx *sctx = crypto_blkcipher_ctx(desc->tfm); | |
143 | struct blkcipher_walk walk; | |
144 | ||
145 | blkcipher_walk_init(&walk, dst, src, nbytes); | |
146 | return ecb_desall_crypt(desc, KM_DEA_ENCRYPT, sctx->key, &walk); | |
147 | } | |
148 | ||
149 | static int ecb_des_decrypt(struct blkcipher_desc *desc, | |
150 | struct scatterlist *dst, struct scatterlist *src, | |
151 | unsigned int nbytes) | |
152 | { | |
153 | struct crypt_s390_des_ctx *sctx = crypto_blkcipher_ctx(desc->tfm); | |
154 | struct blkcipher_walk walk; | |
155 | ||
156 | blkcipher_walk_init(&walk, dst, src, nbytes); | |
157 | return ecb_desall_crypt(desc, KM_DEA_DECRYPT, sctx->key, &walk); | |
158 | } | |
159 | ||
160 | static struct crypto_alg ecb_des_alg = { | |
161 | .cra_name = "ecb(des)", | |
162 | .cra_driver_name = "ecb-des-s390", | |
163 | .cra_priority = CRYPT_S390_COMPOSITE_PRIORITY, | |
164 | .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, | |
165 | .cra_blocksize = DES_BLOCK_SIZE, | |
166 | .cra_ctxsize = sizeof(struct crypt_s390_des_ctx), | |
167 | .cra_type = &crypto_blkcipher_type, | |
168 | .cra_module = THIS_MODULE, | |
169 | .cra_list = LIST_HEAD_INIT(ecb_des_alg.cra_list), | |
170 | .cra_u = { | |
171 | .blkcipher = { | |
172 | .min_keysize = DES_KEY_SIZE, | |
173 | .max_keysize = DES_KEY_SIZE, | |
174 | .setkey = des_setkey, | |
175 | .encrypt = ecb_des_encrypt, | |
176 | .decrypt = ecb_des_decrypt, | |
177 | } | |
178 | } | |
179 | }; | |
180 | ||
181 | static int cbc_des_encrypt(struct blkcipher_desc *desc, | |
182 | struct scatterlist *dst, struct scatterlist *src, | |
183 | unsigned int nbytes) | |
184 | { | |
185 | struct crypt_s390_des_ctx *sctx = crypto_blkcipher_ctx(desc->tfm); | |
186 | struct blkcipher_walk walk; | |
187 | ||
188 | blkcipher_walk_init(&walk, dst, src, nbytes); | |
189 | return cbc_desall_crypt(desc, KMC_DEA_ENCRYPT, sctx->iv, &walk); | |
190 | } | |
191 | ||
192 | static int cbc_des_decrypt(struct blkcipher_desc *desc, | |
193 | struct scatterlist *dst, struct scatterlist *src, | |
194 | unsigned int nbytes) | |
195 | { | |
196 | struct crypt_s390_des_ctx *sctx = crypto_blkcipher_ctx(desc->tfm); | |
197 | struct blkcipher_walk walk; | |
198 | ||
199 | blkcipher_walk_init(&walk, dst, src, nbytes); | |
200 | return cbc_desall_crypt(desc, KMC_DEA_DECRYPT, sctx->iv, &walk); | |
201 | } | |
202 | ||
203 | static struct crypto_alg cbc_des_alg = { | |
204 | .cra_name = "cbc(des)", | |
205 | .cra_driver_name = "cbc-des-s390", | |
206 | .cra_priority = CRYPT_S390_COMPOSITE_PRIORITY, | |
207 | .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, | |
208 | .cra_blocksize = DES_BLOCK_SIZE, | |
209 | .cra_ctxsize = sizeof(struct crypt_s390_des_ctx), | |
210 | .cra_type = &crypto_blkcipher_type, | |
211 | .cra_module = THIS_MODULE, | |
212 | .cra_list = LIST_HEAD_INIT(cbc_des_alg.cra_list), | |
213 | .cra_u = { | |
214 | .blkcipher = { | |
215 | .min_keysize = DES_KEY_SIZE, | |
216 | .max_keysize = DES_KEY_SIZE, | |
217 | .ivsize = DES_BLOCK_SIZE, | |
218 | .setkey = des_setkey, | |
219 | .encrypt = cbc_des_encrypt, | |
220 | .decrypt = cbc_des_decrypt, | |
221 | } | |
222 | } | |
223 | }; | |
224 | ||
1da177e4 LT |
225 | /* |
226 | * RFC2451: | |
227 | * | |
228 | * For DES-EDE3, there is no known need to reject weak or | |
229 | * complementation keys. Any weakness is obviated by the use of | |
230 | * multiple keys. | |
231 | * | |
232 | * However, if the first two or last two independent 64-bit keys are | |
233 | * equal (k1 == k2 or k2 == k3), then the DES3 operation is simply the | |
234 | * same as DES. Implementers MUST reject keys that exhibit this | |
235 | * property. | |
236 | * | |
237 | */ | |
6c2bb98b | 238 | static int des3_192_setkey(struct crypto_tfm *tfm, const u8 *key, |
560c06ae | 239 | unsigned int keylen) |
1da177e4 LT |
240 | { |
241 | int i, ret; | |
6c2bb98b | 242 | struct crypt_s390_des3_192_ctx *dctx = crypto_tfm_ctx(tfm); |
560c06ae HX |
243 | const u8 *temp_key = key; |
244 | u32 *flags = &tfm->crt_flags; | |
1da177e4 | 245 | |
1da177e4 LT |
246 | if (!(memcmp(key, &key[DES_KEY_SIZE], DES_KEY_SIZE) && |
247 | memcmp(&key[DES_KEY_SIZE], &key[DES_KEY_SIZE * 2], | |
03b56ce5 JW |
248 | DES_KEY_SIZE)) && |
249 | (*flags & CRYPTO_TFM_REQ_WEAK_KEY)) { | |
250 | *flags |= CRYPTO_TFM_RES_WEAK_KEY; | |
1da177e4 LT |
251 | return -EINVAL; |
252 | } | |
253 | for (i = 0; i < 3; i++, temp_key += DES_KEY_SIZE) { | |
254 | ret = crypto_des_check_key(temp_key, DES_KEY_SIZE, flags); | |
c1357833 | 255 | if (ret < 0) |
1da177e4 | 256 | return ret; |
1da177e4 LT |
257 | } |
258 | memcpy(dctx->key, key, keylen); | |
259 | return 0; | |
260 | } | |
261 | ||
6c2bb98b | 262 | static void des3_192_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src) |
1da177e4 | 263 | { |
6c2bb98b | 264 | struct crypt_s390_des3_192_ctx *dctx = crypto_tfm_ctx(tfm); |
1da177e4 | 265 | |
c1e26e1e | 266 | crypt_s390_km(KM_TDEA_192_ENCRYPT, dctx->key, dst, (void*)src, |
c1357833 | 267 | DES3_192_BLOCK_SIZE); |
1da177e4 LT |
268 | } |
269 | ||
6c2bb98b | 270 | static void des3_192_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src) |
1da177e4 | 271 | { |
6c2bb98b | 272 | struct crypt_s390_des3_192_ctx *dctx = crypto_tfm_ctx(tfm); |
1da177e4 | 273 | |
c1e26e1e | 274 | crypt_s390_km(KM_TDEA_192_DECRYPT, dctx->key, dst, (void*)src, |
c1357833 | 275 | DES3_192_BLOCK_SIZE); |
1da177e4 LT |
276 | } |
277 | ||
278 | static struct crypto_alg des3_192_alg = { | |
279 | .cra_name = "des3_ede", | |
65b75c36 HX |
280 | .cra_driver_name = "des3_ede-s390", |
281 | .cra_priority = CRYPT_S390_PRIORITY, | |
1da177e4 LT |
282 | .cra_flags = CRYPTO_ALG_TYPE_CIPHER, |
283 | .cra_blocksize = DES3_192_BLOCK_SIZE, | |
c1e26e1e | 284 | .cra_ctxsize = sizeof(struct crypt_s390_des3_192_ctx), |
1da177e4 LT |
285 | .cra_module = THIS_MODULE, |
286 | .cra_list = LIST_HEAD_INIT(des3_192_alg.cra_list), | |
c1357833 JG |
287 | .cra_u = { |
288 | .cipher = { | |
289 | .cia_min_keysize = DES3_192_KEY_SIZE, | |
290 | .cia_max_keysize = DES3_192_KEY_SIZE, | |
291 | .cia_setkey = des3_192_setkey, | |
292 | .cia_encrypt = des3_192_encrypt, | |
b8dc6038 | 293 | .cia_decrypt = des3_192_decrypt, |
c1357833 JG |
294 | } |
295 | } | |
1da177e4 LT |
296 | }; |
297 | ||
a9e62fad HX |
298 | static int ecb_des3_192_encrypt(struct blkcipher_desc *desc, |
299 | struct scatterlist *dst, | |
300 | struct scatterlist *src, unsigned int nbytes) | |
301 | { | |
302 | struct crypt_s390_des3_192_ctx *sctx = crypto_blkcipher_ctx(desc->tfm); | |
303 | struct blkcipher_walk walk; | |
304 | ||
305 | blkcipher_walk_init(&walk, dst, src, nbytes); | |
306 | return ecb_desall_crypt(desc, KM_TDEA_192_ENCRYPT, sctx->key, &walk); | |
307 | } | |
308 | ||
309 | static int ecb_des3_192_decrypt(struct blkcipher_desc *desc, | |
310 | struct scatterlist *dst, | |
311 | struct scatterlist *src, unsigned int nbytes) | |
312 | { | |
313 | struct crypt_s390_des3_192_ctx *sctx = crypto_blkcipher_ctx(desc->tfm); | |
314 | struct blkcipher_walk walk; | |
315 | ||
316 | blkcipher_walk_init(&walk, dst, src, nbytes); | |
317 | return ecb_desall_crypt(desc, KM_TDEA_192_DECRYPT, sctx->key, &walk); | |
318 | } | |
319 | ||
320 | static struct crypto_alg ecb_des3_192_alg = { | |
321 | .cra_name = "ecb(des3_ede)", | |
322 | .cra_driver_name = "ecb-des3_ede-s390", | |
323 | .cra_priority = CRYPT_S390_COMPOSITE_PRIORITY, | |
324 | .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, | |
325 | .cra_blocksize = DES3_192_BLOCK_SIZE, | |
326 | .cra_ctxsize = sizeof(struct crypt_s390_des3_192_ctx), | |
327 | .cra_type = &crypto_blkcipher_type, | |
328 | .cra_module = THIS_MODULE, | |
329 | .cra_list = LIST_HEAD_INIT( | |
330 | ecb_des3_192_alg.cra_list), | |
331 | .cra_u = { | |
332 | .blkcipher = { | |
333 | .min_keysize = DES3_192_KEY_SIZE, | |
334 | .max_keysize = DES3_192_KEY_SIZE, | |
335 | .setkey = des3_192_setkey, | |
336 | .encrypt = ecb_des3_192_encrypt, | |
337 | .decrypt = ecb_des3_192_decrypt, | |
338 | } | |
339 | } | |
340 | }; | |
341 | ||
342 | static int cbc_des3_192_encrypt(struct blkcipher_desc *desc, | |
343 | struct scatterlist *dst, | |
344 | struct scatterlist *src, unsigned int nbytes) | |
345 | { | |
346 | struct crypt_s390_des3_192_ctx *sctx = crypto_blkcipher_ctx(desc->tfm); | |
347 | struct blkcipher_walk walk; | |
348 | ||
349 | blkcipher_walk_init(&walk, dst, src, nbytes); | |
350 | return cbc_desall_crypt(desc, KMC_TDEA_192_ENCRYPT, sctx->iv, &walk); | |
351 | } | |
352 | ||
353 | static int cbc_des3_192_decrypt(struct blkcipher_desc *desc, | |
354 | struct scatterlist *dst, | |
355 | struct scatterlist *src, unsigned int nbytes) | |
356 | { | |
357 | struct crypt_s390_des3_192_ctx *sctx = crypto_blkcipher_ctx(desc->tfm); | |
358 | struct blkcipher_walk walk; | |
359 | ||
360 | blkcipher_walk_init(&walk, dst, src, nbytes); | |
361 | return cbc_desall_crypt(desc, KMC_TDEA_192_DECRYPT, sctx->iv, &walk); | |
362 | } | |
363 | ||
364 | static struct crypto_alg cbc_des3_192_alg = { | |
365 | .cra_name = "cbc(des3_ede)", | |
366 | .cra_driver_name = "cbc-des3_ede-s390", | |
367 | .cra_priority = CRYPT_S390_COMPOSITE_PRIORITY, | |
368 | .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, | |
369 | .cra_blocksize = DES3_192_BLOCK_SIZE, | |
370 | .cra_ctxsize = sizeof(struct crypt_s390_des3_192_ctx), | |
371 | .cra_type = &crypto_blkcipher_type, | |
372 | .cra_module = THIS_MODULE, | |
373 | .cra_list = LIST_HEAD_INIT( | |
374 | cbc_des3_192_alg.cra_list), | |
375 | .cra_u = { | |
376 | .blkcipher = { | |
377 | .min_keysize = DES3_192_KEY_SIZE, | |
378 | .max_keysize = DES3_192_KEY_SIZE, | |
379 | .ivsize = DES3_192_BLOCK_SIZE, | |
380 | .setkey = des3_192_setkey, | |
381 | .encrypt = cbc_des3_192_encrypt, | |
382 | .decrypt = cbc_des3_192_decrypt, | |
383 | } | |
384 | } | |
385 | }; | |
386 | ||
9f7819c1 | 387 | static int des_s390_init(void) |
1da177e4 | 388 | { |
80d663a4 | 389 | int ret; |
1da177e4 | 390 | |
c1e26e1e | 391 | if (!crypt_s390_func_available(KM_DEA_ENCRYPT) || |
c1357833 | 392 | !crypt_s390_func_available(KM_TDEA_192_ENCRYPT)) |
86aa9fc2 | 393 | return -EOPNOTSUPP; |
1da177e4 | 394 | |
a9e62fad HX |
395 | ret = crypto_register_alg(&des_alg); |
396 | if (ret) | |
397 | goto des_err; | |
398 | ret = crypto_register_alg(&ecb_des_alg); | |
399 | if (ret) | |
400 | goto ecb_des_err; | |
401 | ret = crypto_register_alg(&cbc_des_alg); | |
402 | if (ret) | |
403 | goto cbc_des_err; | |
a9e62fad HX |
404 | ret = crypto_register_alg(&des3_192_alg); |
405 | if (ret) | |
406 | goto des3_192_err; | |
407 | ret = crypto_register_alg(&ecb_des3_192_alg); | |
408 | if (ret) | |
409 | goto ecb_des3_192_err; | |
410 | ret = crypto_register_alg(&cbc_des3_192_alg); | |
411 | if (ret) | |
412 | goto cbc_des3_192_err; | |
a9e62fad HX |
413 | out: |
414 | return ret; | |
415 | ||
416 | cbc_des3_192_err: | |
417 | crypto_unregister_alg(&ecb_des3_192_alg); | |
418 | ecb_des3_192_err: | |
419 | crypto_unregister_alg(&des3_192_alg); | |
420 | des3_192_err: | |
a9e62fad HX |
421 | crypto_unregister_alg(&cbc_des_alg); |
422 | cbc_des_err: | |
423 | crypto_unregister_alg(&ecb_des_alg); | |
424 | ecb_des_err: | |
425 | crypto_unregister_alg(&des_alg); | |
426 | des_err: | |
427 | goto out; | |
1da177e4 LT |
428 | } |
429 | ||
9f7819c1 | 430 | static void __exit des_s390_fini(void) |
1da177e4 | 431 | { |
a9e62fad HX |
432 | crypto_unregister_alg(&cbc_des3_192_alg); |
433 | crypto_unregister_alg(&ecb_des3_192_alg); | |
1da177e4 | 434 | crypto_unregister_alg(&des3_192_alg); |
a9e62fad HX |
435 | crypto_unregister_alg(&cbc_des_alg); |
436 | crypto_unregister_alg(&ecb_des_alg); | |
1da177e4 LT |
437 | crypto_unregister_alg(&des_alg); |
438 | } | |
439 | ||
9f7819c1 HC |
440 | module_init(des_s390_init); |
441 | module_exit(des_s390_fini); | |
1da177e4 LT |
442 | |
443 | MODULE_ALIAS("des"); | |
444 | MODULE_ALIAS("des3_ede"); | |
445 | ||
446 | MODULE_LICENSE("GPL"); | |
447 | MODULE_DESCRIPTION("DES & Triple DES EDE Cipher Algorithms"); |