Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | /* |
2 | * Cryptographic API. | |
3 | * | |
c1e26e1e | 4 | * s390 implementation of the DES Cipher Algorithm. |
1da177e4 | 5 | * |
86aa9fc2 JG |
6 | * Copyright IBM Corp. 2003,2007 |
7 | * Author(s): Thomas Spatzier | |
8 | * Jan Glauber (jan.glauber@de.ibm.com) | |
1da177e4 LT |
9 | * |
10 | * This program is free software; you can redistribute it and/or modify | |
11 | * it under the terms of the GNU General Public License as published by | |
12 | * the Free Software Foundation; either version 2 of the License, or | |
13 | * (at your option) any later version. | |
14 | * | |
15 | */ | |
a9e62fad | 16 | |
1da177e4 LT |
17 | #include <linux/init.h> |
18 | #include <linux/module.h> | |
1efbd15c JG |
19 | #include <linux/crypto.h> |
20 | #include <crypto/algapi.h> | |
21 | #include <crypto/des.h> | |
c1357833 | 22 | |
c1e26e1e | 23 | #include "crypt_s390.h" |
1da177e4 | 24 | |
98971f84 | 25 | #define DES3_KEY_SIZE (3 * DES_KEY_SIZE) |
1da177e4 | 26 | |
98971f84 | 27 | struct s390_des_ctx { |
1da177e4 | 28 | u8 iv[DES_BLOCK_SIZE]; |
98971f84 | 29 | u8 key[DES3_KEY_SIZE]; |
1da177e4 LT |
30 | }; |
31 | ||
6c2bb98b | 32 | static int des_setkey(struct crypto_tfm *tfm, const u8 *key, |
98971f84 | 33 | unsigned int key_len) |
1da177e4 | 34 | { |
98971f84 | 35 | struct s390_des_ctx *ctx = crypto_tfm_ctx(tfm); |
560c06ae | 36 | u32 *flags = &tfm->crt_flags; |
1efbd15c | 37 | u32 tmp[DES_EXPKEY_WORDS]; |
1da177e4 | 38 | |
1efbd15c JG |
39 | /* check for weak keys */ |
40 | if (!des_ekey(tmp, key) && (*flags & CRYPTO_TFM_REQ_WEAK_KEY)) { | |
41 | *flags |= CRYPTO_TFM_RES_WEAK_KEY; | |
42 | return -EINVAL; | |
43 | } | |
44 | ||
98971f84 | 45 | memcpy(ctx->key, key, key_len); |
1efbd15c | 46 | return 0; |
1da177e4 LT |
47 | } |
48 | ||
6c2bb98b | 49 | static void des_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) |
1da177e4 | 50 | { |
98971f84 | 51 | struct s390_des_ctx *ctx = crypto_tfm_ctx(tfm); |
1da177e4 | 52 | |
98971f84 | 53 | crypt_s390_km(KM_DEA_ENCRYPT, ctx->key, out, in, DES_BLOCK_SIZE); |
1da177e4 LT |
54 | } |
55 | ||
6c2bb98b | 56 | static void des_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) |
1da177e4 | 57 | { |
98971f84 | 58 | struct s390_des_ctx *ctx = crypto_tfm_ctx(tfm); |
1da177e4 | 59 | |
98971f84 | 60 | crypt_s390_km(KM_DEA_DECRYPT, ctx->key, out, in, DES_BLOCK_SIZE); |
b8dc6038 JG |
61 | } |
62 | ||
1da177e4 LT |
63 | static struct crypto_alg des_alg = { |
64 | .cra_name = "des", | |
65b75c36 HX |
65 | .cra_driver_name = "des-s390", |
66 | .cra_priority = CRYPT_S390_PRIORITY, | |
1da177e4 LT |
67 | .cra_flags = CRYPTO_ALG_TYPE_CIPHER, |
68 | .cra_blocksize = DES_BLOCK_SIZE, | |
98971f84 | 69 | .cra_ctxsize = sizeof(struct s390_des_ctx), |
1da177e4 LT |
70 | .cra_module = THIS_MODULE, |
71 | .cra_list = LIST_HEAD_INIT(des_alg.cra_list), | |
c1357833 JG |
72 | .cra_u = { |
73 | .cipher = { | |
74 | .cia_min_keysize = DES_KEY_SIZE, | |
75 | .cia_max_keysize = DES_KEY_SIZE, | |
76 | .cia_setkey = des_setkey, | |
77 | .cia_encrypt = des_encrypt, | |
b8dc6038 | 78 | .cia_decrypt = des_decrypt, |
c1357833 JG |
79 | } |
80 | } | |
1da177e4 LT |
81 | }; |
82 | ||
a9e62fad | 83 | static int ecb_desall_crypt(struct blkcipher_desc *desc, long func, |
98971f84 | 84 | u8 *key, struct blkcipher_walk *walk) |
a9e62fad HX |
85 | { |
86 | int ret = blkcipher_walk_virt(desc, walk); | |
87 | unsigned int nbytes; | |
88 | ||
89 | while ((nbytes = walk->nbytes)) { | |
90 | /* only use complete blocks */ | |
91 | unsigned int n = nbytes & ~(DES_BLOCK_SIZE - 1); | |
92 | u8 *out = walk->dst.virt.addr; | |
93 | u8 *in = walk->src.virt.addr; | |
94 | ||
98971f84 | 95 | ret = crypt_s390_km(func, key, out, in, n); |
a9e62fad HX |
96 | BUG_ON((ret < 0) || (ret != n)); |
97 | ||
98 | nbytes &= DES_BLOCK_SIZE - 1; | |
99 | ret = blkcipher_walk_done(desc, walk, nbytes); | |
100 | } | |
101 | ||
102 | return ret; | |
103 | } | |
104 | ||
105 | static int cbc_desall_crypt(struct blkcipher_desc *desc, long func, | |
98971f84 | 106 | u8 *iv, struct blkcipher_walk *walk) |
a9e62fad HX |
107 | { |
108 | int ret = blkcipher_walk_virt(desc, walk); | |
109 | unsigned int nbytes = walk->nbytes; | |
110 | ||
111 | if (!nbytes) | |
112 | goto out; | |
113 | ||
98971f84 | 114 | memcpy(iv, walk->iv, DES_BLOCK_SIZE); |
a9e62fad HX |
115 | do { |
116 | /* only use complete blocks */ | |
117 | unsigned int n = nbytes & ~(DES_BLOCK_SIZE - 1); | |
118 | u8 *out = walk->dst.virt.addr; | |
119 | u8 *in = walk->src.virt.addr; | |
120 | ||
98971f84 | 121 | ret = crypt_s390_kmc(func, iv, out, in, n); |
a9e62fad HX |
122 | BUG_ON((ret < 0) || (ret != n)); |
123 | ||
124 | nbytes &= DES_BLOCK_SIZE - 1; | |
125 | ret = blkcipher_walk_done(desc, walk, nbytes); | |
126 | } while ((nbytes = walk->nbytes)); | |
98971f84 | 127 | memcpy(walk->iv, iv, DES_BLOCK_SIZE); |
a9e62fad HX |
128 | |
129 | out: | |
130 | return ret; | |
131 | } | |
132 | ||
133 | static int ecb_des_encrypt(struct blkcipher_desc *desc, | |
134 | struct scatterlist *dst, struct scatterlist *src, | |
135 | unsigned int nbytes) | |
136 | { | |
98971f84 | 137 | struct s390_des_ctx *ctx = crypto_blkcipher_ctx(desc->tfm); |
a9e62fad HX |
138 | struct blkcipher_walk walk; |
139 | ||
140 | blkcipher_walk_init(&walk, dst, src, nbytes); | |
98971f84 | 141 | return ecb_desall_crypt(desc, KM_DEA_ENCRYPT, ctx->key, &walk); |
a9e62fad HX |
142 | } |
143 | ||
144 | static int ecb_des_decrypt(struct blkcipher_desc *desc, | |
145 | struct scatterlist *dst, struct scatterlist *src, | |
146 | unsigned int nbytes) | |
147 | { | |
98971f84 | 148 | struct s390_des_ctx *ctx = crypto_blkcipher_ctx(desc->tfm); |
a9e62fad HX |
149 | struct blkcipher_walk walk; |
150 | ||
151 | blkcipher_walk_init(&walk, dst, src, nbytes); | |
98971f84 | 152 | return ecb_desall_crypt(desc, KM_DEA_DECRYPT, ctx->key, &walk); |
a9e62fad HX |
153 | } |
154 | ||
155 | static struct crypto_alg ecb_des_alg = { | |
156 | .cra_name = "ecb(des)", | |
157 | .cra_driver_name = "ecb-des-s390", | |
158 | .cra_priority = CRYPT_S390_COMPOSITE_PRIORITY, | |
159 | .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, | |
160 | .cra_blocksize = DES_BLOCK_SIZE, | |
98971f84 | 161 | .cra_ctxsize = sizeof(struct s390_des_ctx), |
a9e62fad HX |
162 | .cra_type = &crypto_blkcipher_type, |
163 | .cra_module = THIS_MODULE, | |
164 | .cra_list = LIST_HEAD_INIT(ecb_des_alg.cra_list), | |
165 | .cra_u = { | |
166 | .blkcipher = { | |
167 | .min_keysize = DES_KEY_SIZE, | |
168 | .max_keysize = DES_KEY_SIZE, | |
169 | .setkey = des_setkey, | |
170 | .encrypt = ecb_des_encrypt, | |
171 | .decrypt = ecb_des_decrypt, | |
172 | } | |
173 | } | |
174 | }; | |
175 | ||
176 | static int cbc_des_encrypt(struct blkcipher_desc *desc, | |
177 | struct scatterlist *dst, struct scatterlist *src, | |
178 | unsigned int nbytes) | |
179 | { | |
98971f84 | 180 | struct s390_des_ctx *ctx = crypto_blkcipher_ctx(desc->tfm); |
a9e62fad HX |
181 | struct blkcipher_walk walk; |
182 | ||
183 | blkcipher_walk_init(&walk, dst, src, nbytes); | |
98971f84 | 184 | return cbc_desall_crypt(desc, KMC_DEA_ENCRYPT, ctx->iv, &walk); |
a9e62fad HX |
185 | } |
186 | ||
187 | static int cbc_des_decrypt(struct blkcipher_desc *desc, | |
188 | struct scatterlist *dst, struct scatterlist *src, | |
189 | unsigned int nbytes) | |
190 | { | |
98971f84 | 191 | struct s390_des_ctx *ctx = crypto_blkcipher_ctx(desc->tfm); |
a9e62fad HX |
192 | struct blkcipher_walk walk; |
193 | ||
194 | blkcipher_walk_init(&walk, dst, src, nbytes); | |
98971f84 | 195 | return cbc_desall_crypt(desc, KMC_DEA_DECRYPT, ctx->iv, &walk); |
a9e62fad HX |
196 | } |
197 | ||
198 | static struct crypto_alg cbc_des_alg = { | |
199 | .cra_name = "cbc(des)", | |
200 | .cra_driver_name = "cbc-des-s390", | |
201 | .cra_priority = CRYPT_S390_COMPOSITE_PRIORITY, | |
202 | .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, | |
203 | .cra_blocksize = DES_BLOCK_SIZE, | |
98971f84 | 204 | .cra_ctxsize = sizeof(struct s390_des_ctx), |
a9e62fad HX |
205 | .cra_type = &crypto_blkcipher_type, |
206 | .cra_module = THIS_MODULE, | |
207 | .cra_list = LIST_HEAD_INIT(cbc_des_alg.cra_list), | |
208 | .cra_u = { | |
209 | .blkcipher = { | |
210 | .min_keysize = DES_KEY_SIZE, | |
211 | .max_keysize = DES_KEY_SIZE, | |
212 | .ivsize = DES_BLOCK_SIZE, | |
213 | .setkey = des_setkey, | |
214 | .encrypt = cbc_des_encrypt, | |
215 | .decrypt = cbc_des_decrypt, | |
216 | } | |
217 | } | |
218 | }; | |
219 | ||
1da177e4 LT |
220 | /* |
221 | * RFC2451: | |
222 | * | |
223 | * For DES-EDE3, there is no known need to reject weak or | |
224 | * complementation keys. Any weakness is obviated by the use of | |
225 | * multiple keys. | |
226 | * | |
227 | * However, if the first two or last two independent 64-bit keys are | |
228 | * equal (k1 == k2 or k2 == k3), then the DES3 operation is simply the | |
229 | * same as DES. Implementers MUST reject keys that exhibit this | |
230 | * property. | |
231 | * | |
232 | */ | |
98971f84 JG |
233 | static int des3_setkey(struct crypto_tfm *tfm, const u8 *key, |
234 | unsigned int key_len) | |
1da177e4 | 235 | { |
98971f84 | 236 | struct s390_des_ctx *ctx = crypto_tfm_ctx(tfm); |
560c06ae | 237 | u32 *flags = &tfm->crt_flags; |
1da177e4 | 238 | |
1da177e4 LT |
239 | if (!(memcmp(key, &key[DES_KEY_SIZE], DES_KEY_SIZE) && |
240 | memcmp(&key[DES_KEY_SIZE], &key[DES_KEY_SIZE * 2], | |
03b56ce5 JW |
241 | DES_KEY_SIZE)) && |
242 | (*flags & CRYPTO_TFM_REQ_WEAK_KEY)) { | |
243 | *flags |= CRYPTO_TFM_RES_WEAK_KEY; | |
1da177e4 LT |
244 | return -EINVAL; |
245 | } | |
98971f84 | 246 | memcpy(ctx->key, key, key_len); |
1da177e4 LT |
247 | return 0; |
248 | } | |
249 | ||
98971f84 | 250 | static void des3_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src) |
1da177e4 | 251 | { |
98971f84 | 252 | struct s390_des_ctx *ctx = crypto_tfm_ctx(tfm); |
1da177e4 | 253 | |
98971f84 | 254 | crypt_s390_km(KM_TDEA_192_ENCRYPT, ctx->key, dst, src, DES_BLOCK_SIZE); |
1da177e4 LT |
255 | } |
256 | ||
98971f84 | 257 | static void des3_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src) |
1da177e4 | 258 | { |
98971f84 | 259 | struct s390_des_ctx *ctx = crypto_tfm_ctx(tfm); |
1da177e4 | 260 | |
98971f84 | 261 | crypt_s390_km(KM_TDEA_192_DECRYPT, ctx->key, dst, src, DES_BLOCK_SIZE); |
1da177e4 LT |
262 | } |
263 | ||
98971f84 | 264 | static struct crypto_alg des3_alg = { |
1da177e4 | 265 | .cra_name = "des3_ede", |
65b75c36 HX |
266 | .cra_driver_name = "des3_ede-s390", |
267 | .cra_priority = CRYPT_S390_PRIORITY, | |
1da177e4 | 268 | .cra_flags = CRYPTO_ALG_TYPE_CIPHER, |
1efbd15c | 269 | .cra_blocksize = DES_BLOCK_SIZE, |
98971f84 | 270 | .cra_ctxsize = sizeof(struct s390_des_ctx), |
1da177e4 | 271 | .cra_module = THIS_MODULE, |
98971f84 | 272 | .cra_list = LIST_HEAD_INIT(des3_alg.cra_list), |
c1357833 JG |
273 | .cra_u = { |
274 | .cipher = { | |
98971f84 JG |
275 | .cia_min_keysize = DES3_KEY_SIZE, |
276 | .cia_max_keysize = DES3_KEY_SIZE, | |
277 | .cia_setkey = des3_setkey, | |
278 | .cia_encrypt = des3_encrypt, | |
279 | .cia_decrypt = des3_decrypt, | |
c1357833 JG |
280 | } |
281 | } | |
1da177e4 LT |
282 | }; |
283 | ||
98971f84 JG |
284 | static int ecb_des3_encrypt(struct blkcipher_desc *desc, |
285 | struct scatterlist *dst, struct scatterlist *src, | |
286 | unsigned int nbytes) | |
a9e62fad | 287 | { |
98971f84 | 288 | struct s390_des_ctx *ctx = crypto_blkcipher_ctx(desc->tfm); |
a9e62fad HX |
289 | struct blkcipher_walk walk; |
290 | ||
291 | blkcipher_walk_init(&walk, dst, src, nbytes); | |
98971f84 | 292 | return ecb_desall_crypt(desc, KM_TDEA_192_ENCRYPT, ctx->key, &walk); |
a9e62fad HX |
293 | } |
294 | ||
98971f84 JG |
295 | static int ecb_des3_decrypt(struct blkcipher_desc *desc, |
296 | struct scatterlist *dst, struct scatterlist *src, | |
297 | unsigned int nbytes) | |
a9e62fad | 298 | { |
98971f84 | 299 | struct s390_des_ctx *ctx = crypto_blkcipher_ctx(desc->tfm); |
a9e62fad HX |
300 | struct blkcipher_walk walk; |
301 | ||
302 | blkcipher_walk_init(&walk, dst, src, nbytes); | |
98971f84 | 303 | return ecb_desall_crypt(desc, KM_TDEA_192_DECRYPT, ctx->key, &walk); |
a9e62fad HX |
304 | } |
305 | ||
98971f84 | 306 | static struct crypto_alg ecb_des3_alg = { |
a9e62fad HX |
307 | .cra_name = "ecb(des3_ede)", |
308 | .cra_driver_name = "ecb-des3_ede-s390", | |
309 | .cra_priority = CRYPT_S390_COMPOSITE_PRIORITY, | |
310 | .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, | |
1efbd15c | 311 | .cra_blocksize = DES_BLOCK_SIZE, |
98971f84 | 312 | .cra_ctxsize = sizeof(struct s390_des_ctx), |
a9e62fad HX |
313 | .cra_type = &crypto_blkcipher_type, |
314 | .cra_module = THIS_MODULE, | |
315 | .cra_list = LIST_HEAD_INIT( | |
98971f84 | 316 | ecb_des3_alg.cra_list), |
a9e62fad HX |
317 | .cra_u = { |
318 | .blkcipher = { | |
98971f84 JG |
319 | .min_keysize = DES3_KEY_SIZE, |
320 | .max_keysize = DES3_KEY_SIZE, | |
321 | .setkey = des3_setkey, | |
322 | .encrypt = ecb_des3_encrypt, | |
323 | .decrypt = ecb_des3_decrypt, | |
a9e62fad HX |
324 | } |
325 | } | |
326 | }; | |
327 | ||
98971f84 JG |
328 | static int cbc_des3_encrypt(struct blkcipher_desc *desc, |
329 | struct scatterlist *dst, struct scatterlist *src, | |
330 | unsigned int nbytes) | |
a9e62fad | 331 | { |
98971f84 | 332 | struct s390_des_ctx *ctx = crypto_blkcipher_ctx(desc->tfm); |
a9e62fad HX |
333 | struct blkcipher_walk walk; |
334 | ||
335 | blkcipher_walk_init(&walk, dst, src, nbytes); | |
98971f84 | 336 | return cbc_desall_crypt(desc, KMC_TDEA_192_ENCRYPT, ctx->iv, &walk); |
a9e62fad HX |
337 | } |
338 | ||
98971f84 JG |
339 | static int cbc_des3_decrypt(struct blkcipher_desc *desc, |
340 | struct scatterlist *dst, struct scatterlist *src, | |
341 | unsigned int nbytes) | |
a9e62fad | 342 | { |
98971f84 | 343 | struct s390_des_ctx *ctx = crypto_blkcipher_ctx(desc->tfm); |
a9e62fad HX |
344 | struct blkcipher_walk walk; |
345 | ||
346 | blkcipher_walk_init(&walk, dst, src, nbytes); | |
98971f84 | 347 | return cbc_desall_crypt(desc, KMC_TDEA_192_DECRYPT, ctx->iv, &walk); |
a9e62fad HX |
348 | } |
349 | ||
98971f84 | 350 | static struct crypto_alg cbc_des3_alg = { |
a9e62fad HX |
351 | .cra_name = "cbc(des3_ede)", |
352 | .cra_driver_name = "cbc-des3_ede-s390", | |
353 | .cra_priority = CRYPT_S390_COMPOSITE_PRIORITY, | |
354 | .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, | |
1efbd15c | 355 | .cra_blocksize = DES_BLOCK_SIZE, |
98971f84 | 356 | .cra_ctxsize = sizeof(struct s390_des_ctx), |
a9e62fad HX |
357 | .cra_type = &crypto_blkcipher_type, |
358 | .cra_module = THIS_MODULE, | |
359 | .cra_list = LIST_HEAD_INIT( | |
98971f84 | 360 | cbc_des3_alg.cra_list), |
a9e62fad HX |
361 | .cra_u = { |
362 | .blkcipher = { | |
98971f84 JG |
363 | .min_keysize = DES3_KEY_SIZE, |
364 | .max_keysize = DES3_KEY_SIZE, | |
1efbd15c | 365 | .ivsize = DES_BLOCK_SIZE, |
98971f84 JG |
366 | .setkey = des3_setkey, |
367 | .encrypt = cbc_des3_encrypt, | |
368 | .decrypt = cbc_des3_decrypt, | |
a9e62fad HX |
369 | } |
370 | } | |
371 | }; | |
372 | ||
98971f84 | 373 | static int __init des_s390_init(void) |
1da177e4 | 374 | { |
80d663a4 | 375 | int ret; |
1da177e4 | 376 | |
1822bc90 JG |
377 | if (!crypt_s390_func_available(KM_DEA_ENCRYPT, CRYPT_S390_MSA) || |
378 | !crypt_s390_func_available(KM_TDEA_192_ENCRYPT, CRYPT_S390_MSA)) | |
86aa9fc2 | 379 | return -EOPNOTSUPP; |
1da177e4 | 380 | |
a9e62fad HX |
381 | ret = crypto_register_alg(&des_alg); |
382 | if (ret) | |
383 | goto des_err; | |
384 | ret = crypto_register_alg(&ecb_des_alg); | |
385 | if (ret) | |
386 | goto ecb_des_err; | |
387 | ret = crypto_register_alg(&cbc_des_alg); | |
388 | if (ret) | |
389 | goto cbc_des_err; | |
98971f84 | 390 | ret = crypto_register_alg(&des3_alg); |
a9e62fad | 391 | if (ret) |
98971f84 JG |
392 | goto des3_err; |
393 | ret = crypto_register_alg(&ecb_des3_alg); | |
a9e62fad | 394 | if (ret) |
98971f84 JG |
395 | goto ecb_des3_err; |
396 | ret = crypto_register_alg(&cbc_des3_alg); | |
a9e62fad | 397 | if (ret) |
98971f84 | 398 | goto cbc_des3_err; |
a9e62fad HX |
399 | out: |
400 | return ret; | |
401 | ||
98971f84 JG |
402 | cbc_des3_err: |
403 | crypto_unregister_alg(&ecb_des3_alg); | |
404 | ecb_des3_err: | |
405 | crypto_unregister_alg(&des3_alg); | |
406 | des3_err: | |
a9e62fad HX |
407 | crypto_unregister_alg(&cbc_des_alg); |
408 | cbc_des_err: | |
409 | crypto_unregister_alg(&ecb_des_alg); | |
410 | ecb_des_err: | |
411 | crypto_unregister_alg(&des_alg); | |
412 | des_err: | |
413 | goto out; | |
1da177e4 LT |
414 | } |
415 | ||
1efbd15c | 416 | static void __exit des_s390_exit(void) |
1da177e4 | 417 | { |
98971f84 JG |
418 | crypto_unregister_alg(&cbc_des3_alg); |
419 | crypto_unregister_alg(&ecb_des3_alg); | |
420 | crypto_unregister_alg(&des3_alg); | |
a9e62fad HX |
421 | crypto_unregister_alg(&cbc_des_alg); |
422 | crypto_unregister_alg(&ecb_des_alg); | |
1da177e4 LT |
423 | crypto_unregister_alg(&des_alg); |
424 | } | |
425 | ||
9f7819c1 | 426 | module_init(des_s390_init); |
1efbd15c | 427 | module_exit(des_s390_exit); |
1da177e4 LT |
428 | |
429 | MODULE_ALIAS("des"); | |
430 | MODULE_ALIAS("des3_ede"); | |
431 | ||
432 | MODULE_LICENSE("GPL"); | |
433 | MODULE_DESCRIPTION("DES & Triple DES EDE Cipher Algorithms"); |