[deliverable/linux.git] / arch / s390 / crypto / des_s390.c

/*
 * Cryptographic API.
 *
 * s390 implementation of the DES Cipher Algorithm.
 *
 * Copyright IBM Corp. 2003,2007
 * Author(s): Thomas Spatzier
 *	      Jan Glauber (jan.glauber@de.ibm.com)
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 */

#include <linux/init.h>
#include <linux/module.h>
#include <linux/crypto.h>
#include <crypto/algapi.h>
#include <crypto/des.h>

#include "crypt_s390.h"

#define DES3_KEY_SIZE	(3 * DES_KEY_SIZE)

struct s390_des_ctx {
	u8 iv[DES_BLOCK_SIZE];
	u8 key[DES3_KEY_SIZE];
};

static int des_setkey(struct crypto_tfm *tfm, const u8 *key,
		      unsigned int key_len)
{
	struct s390_des_ctx *ctx = crypto_tfm_ctx(tfm);
	u32 *flags = &tfm->crt_flags;
	u32 tmp[DES_EXPKEY_WORDS];

	/* check for weak keys */
	if (!des_ekey(tmp, key) && (*flags & CRYPTO_TFM_REQ_WEAK_KEY)) {
		*flags |= CRYPTO_TFM_RES_WEAK_KEY;
		return -EINVAL;
	}

	memcpy(ctx->key, key, key_len);
	return 0;
}

static void des_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
{
	struct s390_des_ctx *ctx = crypto_tfm_ctx(tfm);

	crypt_s390_km(KM_DEA_ENCRYPT, ctx->key, out, in, DES_BLOCK_SIZE);
}

static void des_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
{
	struct s390_des_ctx *ctx = crypto_tfm_ctx(tfm);

	crypt_s390_km(KM_DEA_DECRYPT, ctx->key, out, in, DES_BLOCK_SIZE);
}

static struct crypto_alg des_alg = {
	.cra_name		=	"des",
	.cra_driver_name	=	"des-s390",
	.cra_priority		=	CRYPT_S390_PRIORITY,
	.cra_flags		=	CRYPTO_ALG_TYPE_CIPHER,
	.cra_blocksize		=	DES_BLOCK_SIZE,
	.cra_ctxsize		=	sizeof(struct s390_des_ctx),
	.cra_module		=	THIS_MODULE,
	.cra_list		=	LIST_HEAD_INIT(des_alg.cra_list),
	.cra_u			=	{
		.cipher = {
			.cia_min_keysize	=	DES_KEY_SIZE,
			.cia_max_keysize	=	DES_KEY_SIZE,
			.cia_setkey		=	des_setkey,
			.cia_encrypt		=	des_encrypt,
			.cia_decrypt		=	des_decrypt,
		}
	}
};

static int ecb_desall_crypt(struct blkcipher_desc *desc, long func,
			    u8 *key, struct blkcipher_walk *walk)
{
	int ret = blkcipher_walk_virt(desc, walk);
	unsigned int nbytes;

	while ((nbytes = walk->nbytes)) {
		/* only use complete blocks */
		unsigned int n = nbytes & ~(DES_BLOCK_SIZE - 1);
		u8 *out = walk->dst.virt.addr;
		u8 *in = walk->src.virt.addr;

		ret = crypt_s390_km(func, key, out, in, n);
		BUG_ON((ret < 0) || (ret != n));

		nbytes &= DES_BLOCK_SIZE - 1;
		ret = blkcipher_walk_done(desc, walk, nbytes);
	}

	return ret;
}

static int cbc_desall_crypt(struct blkcipher_desc *desc, long func,
			    u8 *iv, struct blkcipher_walk *walk)
{
	int ret = blkcipher_walk_virt(desc, walk);
	unsigned int nbytes = walk->nbytes;

	if (!nbytes)
		goto out;

	memcpy(iv, walk->iv, DES_BLOCK_SIZE);
	do {
		/* only use complete blocks */
		unsigned int n = nbytes & ~(DES_BLOCK_SIZE - 1);
		u8 *out = walk->dst.virt.addr;
		u8 *in = walk->src.virt.addr;

		ret = crypt_s390_kmc(func, iv, out, in, n);
		BUG_ON((ret < 0) || (ret != n));

		nbytes &= DES_BLOCK_SIZE - 1;
		ret = blkcipher_walk_done(desc, walk, nbytes);
	} while ((nbytes = walk->nbytes));
	memcpy(walk->iv, iv, DES_BLOCK_SIZE);

out:
	return ret;
}

static int ecb_des_encrypt(struct blkcipher_desc *desc,
			   struct scatterlist *dst, struct scatterlist *src,
			   unsigned int nbytes)
{
	struct s390_des_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
	struct blkcipher_walk walk;

	blkcipher_walk_init(&walk, dst, src, nbytes);
	return ecb_desall_crypt(desc, KM_DEA_ENCRYPT, ctx->key, &walk);
}

static int ecb_des_decrypt(struct blkcipher_desc *desc,
			   struct scatterlist *dst, struct scatterlist *src,
			   unsigned int nbytes)
{
	struct s390_des_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
	struct blkcipher_walk walk;

	blkcipher_walk_init(&walk, dst, src, nbytes);
	return ecb_desall_crypt(desc, KM_DEA_DECRYPT, ctx->key, &walk);
}

static struct crypto_alg ecb_des_alg = {
	.cra_name		=	"ecb(des)",
	.cra_driver_name	=	"ecb-des-s390",
	.cra_priority		=	CRYPT_S390_COMPOSITE_PRIORITY,
	.cra_flags		=	CRYPTO_ALG_TYPE_BLKCIPHER,
	.cra_blocksize		=	DES_BLOCK_SIZE,
	.cra_ctxsize		=	sizeof(struct s390_des_ctx),
	.cra_type		=	&crypto_blkcipher_type,
	.cra_module		=	THIS_MODULE,
	.cra_list		=	LIST_HEAD_INIT(ecb_des_alg.cra_list),
	.cra_u			=	{
		.blkcipher = {
			.min_keysize		=	DES_KEY_SIZE,
			.max_keysize		=	DES_KEY_SIZE,
			.setkey			=	des_setkey,
			.encrypt		=	ecb_des_encrypt,
			.decrypt		=	ecb_des_decrypt,
		}
	}
};

static int cbc_des_encrypt(struct blkcipher_desc *desc,
			   struct scatterlist *dst, struct scatterlist *src,
			   unsigned int nbytes)
{
	struct s390_des_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
	struct blkcipher_walk walk;

	blkcipher_walk_init(&walk, dst, src, nbytes);
	return cbc_desall_crypt(desc, KMC_DEA_ENCRYPT, ctx->iv, &walk);
}

static int cbc_des_decrypt(struct blkcipher_desc *desc,
			   struct scatterlist *dst, struct scatterlist *src,
			   unsigned int nbytes)
{
	struct s390_des_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
	struct blkcipher_walk walk;

	blkcipher_walk_init(&walk, dst, src, nbytes);
	return cbc_desall_crypt(desc, KMC_DEA_DECRYPT, ctx->iv, &walk);
}

static struct crypto_alg cbc_des_alg = {
	.cra_name		=	"cbc(des)",
	.cra_driver_name	=	"cbc-des-s390",
	.cra_priority		=	CRYPT_S390_COMPOSITE_PRIORITY,
	.cra_flags		=	CRYPTO_ALG_TYPE_BLKCIPHER,
	.cra_blocksize		=	DES_BLOCK_SIZE,
	.cra_ctxsize		=	sizeof(struct s390_des_ctx),
	.cra_type		=	&crypto_blkcipher_type,
	.cra_module		=	THIS_MODULE,
	.cra_list		=	LIST_HEAD_INIT(cbc_des_alg.cra_list),
	.cra_u			=	{
		.blkcipher = {
			.min_keysize		=	DES_KEY_SIZE,
			.max_keysize		=	DES_KEY_SIZE,
			.ivsize			=	DES_BLOCK_SIZE,
			.setkey			=	des_setkey,
			.encrypt		=	cbc_des_encrypt,
			.decrypt		=	cbc_des_decrypt,
		}
	}
};

/*
 * RFC2451:
 *
 *   For DES-EDE3, there is no known need to reject weak or
 *   complementation keys.  Any weakness is obviated by the use of
 *   multiple keys.
 *
 *   However, if the first two or last two independent 64-bit keys are
 *   equal (k1 == k2 or k2 == k3), then the DES3 operation is simply the
 *   same as DES.  Implementers MUST reject keys that exhibit this
 *   property.
 *
 */
static int des3_setkey(struct crypto_tfm *tfm, const u8 *key,
		       unsigned int key_len)
{
	struct s390_des_ctx *ctx = crypto_tfm_ctx(tfm);
	u32 *flags = &tfm->crt_flags;

	if (!(memcmp(key, &key[DES_KEY_SIZE], DES_KEY_SIZE) &&
	    memcmp(&key[DES_KEY_SIZE], &key[DES_KEY_SIZE * 2],
		   DES_KEY_SIZE)) &&
	    (*flags & CRYPTO_TFM_REQ_WEAK_KEY)) {
		*flags |= CRYPTO_TFM_RES_WEAK_KEY;
		return -EINVAL;
	}
	memcpy(ctx->key, key, key_len);
	return 0;
}

static void des3_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
{
	struct s390_des_ctx *ctx = crypto_tfm_ctx(tfm);

	crypt_s390_km(KM_TDEA_192_ENCRYPT, ctx->key, dst, src, DES_BLOCK_SIZE);
}

static void des3_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
{
	struct s390_des_ctx *ctx = crypto_tfm_ctx(tfm);

	crypt_s390_km(KM_TDEA_192_DECRYPT, ctx->key, dst, src, DES_BLOCK_SIZE);
}

static struct crypto_alg des3_alg = {
	.cra_name		=	"des3_ede",
	.cra_driver_name	=	"des3_ede-s390",
	.cra_priority		=	CRYPT_S390_PRIORITY,
	.cra_flags		=	CRYPTO_ALG_TYPE_CIPHER,
	.cra_blocksize		=	DES_BLOCK_SIZE,
	.cra_ctxsize		=	sizeof(struct s390_des_ctx),
	.cra_module		=	THIS_MODULE,
	.cra_list		=	LIST_HEAD_INIT(des3_alg.cra_list),
	.cra_u			=	{
		.cipher = {
			.cia_min_keysize	=	DES3_KEY_SIZE,
			.cia_max_keysize	=	DES3_KEY_SIZE,
			.cia_setkey		=	des3_setkey,
			.cia_encrypt		=	des3_encrypt,
			.cia_decrypt		=	des3_decrypt,
		}
	}
};

static int ecb_des3_encrypt(struct blkcipher_desc *desc,
			    struct scatterlist *dst, struct scatterlist *src,
			    unsigned int nbytes)
{
	struct s390_des_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
	struct blkcipher_walk walk;

	blkcipher_walk_init(&walk, dst, src, nbytes);
	return ecb_desall_crypt(desc, KM_TDEA_192_ENCRYPT, ctx->key, &walk);
}

static int ecb_des3_decrypt(struct blkcipher_desc *desc,
			    struct scatterlist *dst, struct scatterlist *src,
			    unsigned int nbytes)
{
	struct s390_des_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
	struct blkcipher_walk walk;

	blkcipher_walk_init(&walk, dst, src, nbytes);
	return ecb_desall_crypt(desc, KM_TDEA_192_DECRYPT, ctx->key, &walk);
}

static struct crypto_alg ecb_des3_alg = {
	.cra_name		=	"ecb(des3_ede)",
	.cra_driver_name	=	"ecb-des3_ede-s390",
	.cra_priority		=	CRYPT_S390_COMPOSITE_PRIORITY,
	.cra_flags		=	CRYPTO_ALG_TYPE_BLKCIPHER,
	.cra_blocksize		=	DES_BLOCK_SIZE,
	.cra_ctxsize		=	sizeof(struct s390_des_ctx),
	.cra_type		=	&crypto_blkcipher_type,
	.cra_module		=	THIS_MODULE,
	.cra_list		=	LIST_HEAD_INIT(
						ecb_des3_alg.cra_list),
	.cra_u			=	{
		.blkcipher = {
			.min_keysize		=	DES3_KEY_SIZE,
			.max_keysize		=	DES3_KEY_SIZE,
			.setkey			=	des3_setkey,
			.encrypt		=	ecb_des3_encrypt,
			.decrypt		=	ecb_des3_decrypt,
		}
	}
};

static int cbc_des3_encrypt(struct blkcipher_desc *desc,
			    struct scatterlist *dst, struct scatterlist *src,
			    unsigned int nbytes)
{
	struct s390_des_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
	struct blkcipher_walk walk;

	blkcipher_walk_init(&walk, dst, src, nbytes);
	return cbc_desall_crypt(desc, KMC_TDEA_192_ENCRYPT, ctx->iv, &walk);
}

static int cbc_des3_decrypt(struct blkcipher_desc *desc,
			    struct scatterlist *dst, struct scatterlist *src,
			    unsigned int nbytes)
{
	struct s390_des_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
	struct blkcipher_walk walk;

	blkcipher_walk_init(&walk, dst, src, nbytes);
	return cbc_desall_crypt(desc, KMC_TDEA_192_DECRYPT, ctx->iv, &walk);
}

static struct crypto_alg cbc_des3_alg = {
	.cra_name		=	"cbc(des3_ede)",
	.cra_driver_name	=	"cbc-des3_ede-s390",
	.cra_priority		=	CRYPT_S390_COMPOSITE_PRIORITY,
	.cra_flags		=	CRYPTO_ALG_TYPE_BLKCIPHER,
	.cra_blocksize		=	DES_BLOCK_SIZE,
	.cra_ctxsize		=	sizeof(struct s390_des_ctx),
	.cra_type		=	&crypto_blkcipher_type,
	.cra_module		=	THIS_MODULE,
	.cra_list		=	LIST_HEAD_INIT(
						cbc_des3_alg.cra_list),
	.cra_u			=	{
		.blkcipher = {
			.min_keysize		=	DES3_KEY_SIZE,
			.max_keysize		=	DES3_KEY_SIZE,
			.ivsize			=	DES_BLOCK_SIZE,
			.setkey			=	des3_setkey,
			.encrypt		=	cbc_des3_encrypt,
			.decrypt		=	cbc_des3_decrypt,
		}
	}
};

static int __init des_s390_init(void)
{
	int ret;

	if (!crypt_s390_func_available(KM_DEA_ENCRYPT, CRYPT_S390_MSA) ||
	    !crypt_s390_func_available(KM_TDEA_192_ENCRYPT, CRYPT_S390_MSA))
		return -EOPNOTSUPP;

	ret = crypto_register_alg(&des_alg);
	if (ret)
		goto des_err;
	ret = crypto_register_alg(&ecb_des_alg);
	if (ret)
		goto ecb_des_err;
	ret = crypto_register_alg(&cbc_des_alg);
	if (ret)
		goto cbc_des_err;
	ret = crypto_register_alg(&des3_alg);
	if (ret)
		goto des3_err;
	ret = crypto_register_alg(&ecb_des3_alg);
	if (ret)
		goto ecb_des3_err;
	ret = crypto_register_alg(&cbc_des3_alg);
	if (ret)
		goto cbc_des3_err;
out:
	return ret;

cbc_des3_err:
	crypto_unregister_alg(&ecb_des3_alg);
ecb_des3_err:
	crypto_unregister_alg(&des3_alg);
des3_err:
	crypto_unregister_alg(&cbc_des_alg);
cbc_des_err:
	crypto_unregister_alg(&ecb_des_alg);
ecb_des_err:
	crypto_unregister_alg(&des_alg);
des_err:
	goto out;
}

static void __exit des_s390_exit(void)
{
	crypto_unregister_alg(&cbc_des3_alg);
	crypto_unregister_alg(&ecb_des3_alg);
	crypto_unregister_alg(&des3_alg);
	crypto_unregister_alg(&cbc_des_alg);
	crypto_unregister_alg(&ecb_des_alg);
	crypto_unregister_alg(&des_alg);
}

module_init(des_s390_init);
module_exit(des_s390_exit);

MODULE_ALIAS("des");
MODULE_ALIAS("des3_ede");

MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("DES & Triple DES EDE Cipher Algorithms");
Commit	Line	Data
1da177e4 LT	1	/*
	2	* Cryptographic API.
	3	*
c1e26e1e	4	* s390 implementation of the DES Cipher Algorithm.
1da177e4	5	*
86aa9fc2 JG	6	* Copyright IBM Corp. 2003,2007
	7	* Author(s): Thomas Spatzier
	8	* Jan Glauber (jan.glauber@de.ibm.com)
1da177e4 LT	9	*
	10	* This program is free software; you can redistribute it and/or modify
	11	* it under the terms of the GNU General Public License as published by
	12	* the Free Software Foundation; either version 2 of the License, or
	13	* (at your option) any later version.
	14	*
	15	*/
a9e62fad	16
1da177e4 LT	17	#include <linux/init.h>
1da177e4 LT	18	#include <linux/module.h>
1efbd15c JG	19	#include <linux/crypto.h>
	20	#include <crypto/algapi.h>
	21	#include <crypto/des.h>
c1357833	22
c1e26e1e	23	#include "crypt_s390.h"
1da177e4	24
98971f84	25	#define DES3_KEY_SIZE (3 * DES_KEY_SIZE)
1da177e4	26
98971f84	27	struct s390_des_ctx {
1da177e4	28	u8 iv[DES_BLOCK_SIZE];
98971f84	29	u8 key[DES3_KEY_SIZE];
1da177e4 LT	30	};
1da177e4 LT	31
6c2bb98b	32	static int des_setkey(struct crypto_tfm tfm, const u8 key,
98971f84	33	unsigned int key_len)
1da177e4	34	{
98971f84	35	struct s390_des_ctx *ctx = crypto_tfm_ctx(tfm);
560c06ae	36	u32 *flags = &tfm->crt_flags;
1efbd15c	37	u32 tmp[DES_EXPKEY_WORDS];
1da177e4	38
1efbd15c JG	39	/* check for weak keys */
	40	if (!des_ekey(tmp, key) && (*flags & CRYPTO_TFM_REQ_WEAK_KEY)) {
	41	*flags \|= CRYPTO_TFM_RES_WEAK_KEY;
	42	return -EINVAL;
	43	}
	44
98971f84	45	memcpy(ctx->key, key, key_len);
1efbd15c	46	return 0;
1da177e4 LT	47	}
1da177e4 LT	48
6c2bb98b	49	static void des_encrypt(struct crypto_tfm tfm, u8 out, const u8 *in)
1da177e4	50	{
98971f84	51	struct s390_des_ctx *ctx = crypto_tfm_ctx(tfm);
1da177e4	52
98971f84	53	crypt_s390_km(KM_DEA_ENCRYPT, ctx->key, out, in, DES_BLOCK_SIZE);
1da177e4 LT	54	}
1da177e4 LT	55
6c2bb98b	56	static void des_decrypt(struct crypto_tfm tfm, u8 out, const u8 *in)
1da177e4	57	{
98971f84	58	struct s390_des_ctx *ctx = crypto_tfm_ctx(tfm);
1da177e4	59
98971f84	60	crypt_s390_km(KM_DEA_DECRYPT, ctx->key, out, in, DES_BLOCK_SIZE);
b8dc6038 JG	61	}
b8dc6038 JG	62
1da177e4 LT	63	static struct crypto_alg des_alg = {
1da177e4 LT	64	.cra_name = "des",
65b75c36 HX	65	.cra_driver_name = "des-s390",
65b75c36 HX	66	.cra_priority = CRYPT_S390_PRIORITY,
1da177e4 LT	67	.cra_flags = CRYPTO_ALG_TYPE_CIPHER,
1da177e4 LT	68	.cra_blocksize = DES_BLOCK_SIZE,
98971f84	69	.cra_ctxsize = sizeof(struct s390_des_ctx),
1da177e4 LT	70	.cra_module = THIS_MODULE,
1da177e4 LT	71	.cra_list = LIST_HEAD_INIT(des_alg.cra_list),
c1357833 JG	72	.cra_u = {
	73	.cipher = {
	74	.cia_min_keysize = DES_KEY_SIZE,
	75	.cia_max_keysize = DES_KEY_SIZE,
	76	.cia_setkey = des_setkey,
	77	.cia_encrypt = des_encrypt,
b8dc6038	78	.cia_decrypt = des_decrypt,
c1357833 JG	79	}
c1357833 JG	80	}
1da177e4 LT	81	};
1da177e4 LT	82
a9e62fad	83	static int ecb_desall_crypt(struct blkcipher_desc *desc, long func,
98971f84	84	u8 key, struct blkcipher_walk walk)
a9e62fad HX	85	{
	86	int ret = blkcipher_walk_virt(desc, walk);
	87	unsigned int nbytes;
	88
	89	while ((nbytes = walk->nbytes)) {
	90	/* only use complete blocks */
	91	unsigned int n = nbytes & ~(DES_BLOCK_SIZE - 1);
	92	u8 *out = walk->dst.virt.addr;
	93	u8 *in = walk->src.virt.addr;
	94
98971f84	95	ret = crypt_s390_km(func, key, out, in, n);
a9e62fad HX	96	BUG_ON((ret < 0) \|\| (ret != n));
	97
	98	nbytes &= DES_BLOCK_SIZE - 1;
	99	ret = blkcipher_walk_done(desc, walk, nbytes);
	100	}
	101
	102	return ret;
	103	}
	104
	105	static int cbc_desall_crypt(struct blkcipher_desc *desc, long func,
98971f84	106	u8 iv, struct blkcipher_walk walk)
a9e62fad HX	107	{
	108	int ret = blkcipher_walk_virt(desc, walk);
	109	unsigned int nbytes = walk->nbytes;
	110
	111	if (!nbytes)
	112	goto out;
	113
98971f84	114	memcpy(iv, walk->iv, DES_BLOCK_SIZE);
a9e62fad HX	115	do {
	116	/* only use complete blocks */
	117	unsigned int n = nbytes & ~(DES_BLOCK_SIZE - 1);
	118	u8 *out = walk->dst.virt.addr;
	119	u8 *in = walk->src.virt.addr;
	120
98971f84	121	ret = crypt_s390_kmc(func, iv, out, in, n);
a9e62fad HX	122	BUG_ON((ret < 0) \|\| (ret != n));
	123
	124	nbytes &= DES_BLOCK_SIZE - 1;
	125	ret = blkcipher_walk_done(desc, walk, nbytes);
	126	} while ((nbytes = walk->nbytes));
98971f84	127	memcpy(walk->iv, iv, DES_BLOCK_SIZE);
a9e62fad HX	128
	129	out:
	130	return ret;
	131	}
	132
	133	static int ecb_des_encrypt(struct blkcipher_desc *desc,
	134	struct scatterlist dst, struct scatterlist src,
	135	unsigned int nbytes)
	136	{
98971f84	137	struct s390_des_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
a9e62fad HX	138	struct blkcipher_walk walk;
	139
	140	blkcipher_walk_init(&walk, dst, src, nbytes);
98971f84	141	return ecb_desall_crypt(desc, KM_DEA_ENCRYPT, ctx->key, &walk);
a9e62fad HX	142	}
	143
	144	static int ecb_des_decrypt(struct blkcipher_desc *desc,
	145	struct scatterlist dst, struct scatterlist src,
	146	unsigned int nbytes)
	147	{
98971f84	148	struct s390_des_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
a9e62fad HX	149	struct blkcipher_walk walk;
	150
	151	blkcipher_walk_init(&walk, dst, src, nbytes);
98971f84	152	return ecb_desall_crypt(desc, KM_DEA_DECRYPT, ctx->key, &walk);
a9e62fad HX	153	}
	154
	155	static struct crypto_alg ecb_des_alg = {
	156	.cra_name = "ecb(des)",
	157	.cra_driver_name = "ecb-des-s390",
	158	.cra_priority = CRYPT_S390_COMPOSITE_PRIORITY,
	159	.cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER,
	160	.cra_blocksize = DES_BLOCK_SIZE,
98971f84	161	.cra_ctxsize = sizeof(struct s390_des_ctx),
a9e62fad HX	162	.cra_type = &crypto_blkcipher_type,
	163	.cra_module = THIS_MODULE,
	164	.cra_list = LIST_HEAD_INIT(ecb_des_alg.cra_list),
	165	.cra_u = {
	166	.blkcipher = {
	167	.min_keysize = DES_KEY_SIZE,
	168	.max_keysize = DES_KEY_SIZE,
	169	.setkey = des_setkey,
	170	.encrypt = ecb_des_encrypt,
	171	.decrypt = ecb_des_decrypt,
	172	}
	173	}
	174	};
	175
	176	static int cbc_des_encrypt(struct blkcipher_desc *desc,
	177	struct scatterlist dst, struct scatterlist src,
	178	unsigned int nbytes)
	179	{
98971f84	180	struct s390_des_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
a9e62fad HX	181	struct blkcipher_walk walk;
	182
	183	blkcipher_walk_init(&walk, dst, src, nbytes);
98971f84	184	return cbc_desall_crypt(desc, KMC_DEA_ENCRYPT, ctx->iv, &walk);
a9e62fad HX	185	}
	186
	187	static int cbc_des_decrypt(struct blkcipher_desc *desc,
	188	struct scatterlist dst, struct scatterlist src,
	189	unsigned int nbytes)
	190	{
98971f84	191	struct s390_des_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
a9e62fad HX	192	struct blkcipher_walk walk;
	193
	194	blkcipher_walk_init(&walk, dst, src, nbytes);
98971f84	195	return cbc_desall_crypt(desc, KMC_DEA_DECRYPT, ctx->iv, &walk);
a9e62fad HX	196	}
	197
	198	static struct crypto_alg cbc_des_alg = {
	199	.cra_name = "cbc(des)",
	200	.cra_driver_name = "cbc-des-s390",
	201	.cra_priority = CRYPT_S390_COMPOSITE_PRIORITY,
	202	.cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER,
	203	.cra_blocksize = DES_BLOCK_SIZE,
98971f84	204	.cra_ctxsize = sizeof(struct s390_des_ctx),
a9e62fad HX	205	.cra_type = &crypto_blkcipher_type,
	206	.cra_module = THIS_MODULE,
	207	.cra_list = LIST_HEAD_INIT(cbc_des_alg.cra_list),
	208	.cra_u = {
	209	.blkcipher = {
	210	.min_keysize = DES_KEY_SIZE,
	211	.max_keysize = DES_KEY_SIZE,
	212	.ivsize = DES_BLOCK_SIZE,
	213	.setkey = des_setkey,
	214	.encrypt = cbc_des_encrypt,
	215	.decrypt = cbc_des_decrypt,
	216	}
	217	}
	218	};
	219
1da177e4 LT	220	/*
	221	* RFC2451:
	222	*
	223	* For DES-EDE3, there is no known need to reject weak or
	224	* complementation keys. Any weakness is obviated by the use of
	225	* multiple keys.
	226	*
	227	* However, if the first two or last two independent 64-bit keys are
	228	* equal (k1 == k2 or k2 == k3), then the DES3 operation is simply the
	229	* same as DES. Implementers MUST reject keys that exhibit this
	230	* property.
	231	*
	232	*/
98971f84 JG	233	static int des3_setkey(struct crypto_tfm tfm, const u8 key,
98971f84 JG	234	unsigned int key_len)
1da177e4	235	{
98971f84	236	struct s390_des_ctx *ctx = crypto_tfm_ctx(tfm);
560c06ae	237	u32 *flags = &tfm->crt_flags;
1da177e4	238
1da177e4 LT	239	if (!(memcmp(key, &key[DES_KEY_SIZE], DES_KEY_SIZE) &&
1da177e4 LT	240	memcmp(&key[DES_KEY_SIZE], &key[DES_KEY_SIZE * 2],
03b56ce5 JW	241	DES_KEY_SIZE)) &&
	242	(*flags & CRYPTO_TFM_REQ_WEAK_KEY)) {
	243	*flags \|= CRYPTO_TFM_RES_WEAK_KEY;
1da177e4 LT	244	return -EINVAL;
1da177e4 LT	245	}
98971f84	246	memcpy(ctx->key, key, key_len);
1da177e4 LT	247	return 0;
	248	}
	249
98971f84	250	static void des3_encrypt(struct crypto_tfm tfm, u8 dst, const u8 *src)
1da177e4	251	{
98971f84	252	struct s390_des_ctx *ctx = crypto_tfm_ctx(tfm);
1da177e4	253
98971f84	254	crypt_s390_km(KM_TDEA_192_ENCRYPT, ctx->key, dst, src, DES_BLOCK_SIZE);
1da177e4 LT	255	}
1da177e4 LT	256
98971f84	257	static void des3_decrypt(struct crypto_tfm tfm, u8 dst, const u8 *src)
1da177e4	258	{
98971f84	259	struct s390_des_ctx *ctx = crypto_tfm_ctx(tfm);
1da177e4	260
98971f84	261	crypt_s390_km(KM_TDEA_192_DECRYPT, ctx->key, dst, src, DES_BLOCK_SIZE);
1da177e4 LT	262	}
1da177e4 LT	263
98971f84	264	static struct crypto_alg des3_alg = {
1da177e4	265	.cra_name = "des3_ede",
65b75c36 HX	266	.cra_driver_name = "des3_ede-s390",
65b75c36 HX	267	.cra_priority = CRYPT_S390_PRIORITY,
1da177e4	268	.cra_flags = CRYPTO_ALG_TYPE_CIPHER,
1efbd15c	269	.cra_blocksize = DES_BLOCK_SIZE,
98971f84	270	.cra_ctxsize = sizeof(struct s390_des_ctx),
1da177e4	271	.cra_module = THIS_MODULE,
98971f84	272	.cra_list = LIST_HEAD_INIT(des3_alg.cra_list),
c1357833 JG	273	.cra_u = {
c1357833 JG	274	.cipher = {
98971f84 JG	275	.cia_min_keysize = DES3_KEY_SIZE,
	276	.cia_max_keysize = DES3_KEY_SIZE,
	277	.cia_setkey = des3_setkey,
	278	.cia_encrypt = des3_encrypt,
	279	.cia_decrypt = des3_decrypt,
c1357833 JG	280	}
c1357833 JG	281	}
1da177e4 LT	282	};
1da177e4 LT	283
98971f84 JG	284	static int ecb_des3_encrypt(struct blkcipher_desc *desc,
	285	struct scatterlist dst, struct scatterlist src,
	286	unsigned int nbytes)
a9e62fad	287	{
98971f84	288	struct s390_des_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
a9e62fad HX	289	struct blkcipher_walk walk;
	290
	291	blkcipher_walk_init(&walk, dst, src, nbytes);
98971f84	292	return ecb_desall_crypt(desc, KM_TDEA_192_ENCRYPT, ctx->key, &walk);
a9e62fad HX	293	}
a9e62fad HX	294
98971f84 JG	295	static int ecb_des3_decrypt(struct blkcipher_desc *desc,
	296	struct scatterlist dst, struct scatterlist src,
	297	unsigned int nbytes)
a9e62fad	298	{
98971f84	299	struct s390_des_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
a9e62fad HX	300	struct blkcipher_walk walk;
	301
	302	blkcipher_walk_init(&walk, dst, src, nbytes);
98971f84	303	return ecb_desall_crypt(desc, KM_TDEA_192_DECRYPT, ctx->key, &walk);
a9e62fad HX	304	}
a9e62fad HX	305
98971f84	306	static struct crypto_alg ecb_des3_alg = {
a9e62fad HX	307	.cra_name = "ecb(des3_ede)",
	308	.cra_driver_name = "ecb-des3_ede-s390",
	309	.cra_priority = CRYPT_S390_COMPOSITE_PRIORITY,
	310	.cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER,
1efbd15c	311	.cra_blocksize = DES_BLOCK_SIZE,
98971f84	312	.cra_ctxsize = sizeof(struct s390_des_ctx),
a9e62fad HX	313	.cra_type = &crypto_blkcipher_type,
	314	.cra_module = THIS_MODULE,
	315	.cra_list = LIST_HEAD_INIT(
98971f84	316	ecb_des3_alg.cra_list),
a9e62fad HX	317	.cra_u = {
a9e62fad HX	318	.blkcipher = {
98971f84 JG	319	.min_keysize = DES3_KEY_SIZE,
	320	.max_keysize = DES3_KEY_SIZE,
	321	.setkey = des3_setkey,
	322	.encrypt = ecb_des3_encrypt,
	323	.decrypt = ecb_des3_decrypt,
a9e62fad HX	324	}
	325	}
	326	};
	327
98971f84 JG	328	static int cbc_des3_encrypt(struct blkcipher_desc *desc,
	329	struct scatterlist dst, struct scatterlist src,
	330	unsigned int nbytes)
a9e62fad	331	{
98971f84	332	struct s390_des_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
a9e62fad HX	333	struct blkcipher_walk walk;
	334
	335	blkcipher_walk_init(&walk, dst, src, nbytes);
98971f84	336	return cbc_desall_crypt(desc, KMC_TDEA_192_ENCRYPT, ctx->iv, &walk);
a9e62fad HX	337	}
a9e62fad HX	338
98971f84 JG	339	static int cbc_des3_decrypt(struct blkcipher_desc *desc,
	340	struct scatterlist dst, struct scatterlist src,
	341	unsigned int nbytes)
a9e62fad	342	{
98971f84	343	struct s390_des_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
a9e62fad HX	344	struct blkcipher_walk walk;
	345
	346	blkcipher_walk_init(&walk, dst, src, nbytes);
98971f84	347	return cbc_desall_crypt(desc, KMC_TDEA_192_DECRYPT, ctx->iv, &walk);
a9e62fad HX	348	}
a9e62fad HX	349
98971f84	350	static struct crypto_alg cbc_des3_alg = {
a9e62fad HX	351	.cra_name = "cbc(des3_ede)",
	352	.cra_driver_name = "cbc-des3_ede-s390",
	353	.cra_priority = CRYPT_S390_COMPOSITE_PRIORITY,
	354	.cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER,
1efbd15c	355	.cra_blocksize = DES_BLOCK_SIZE,
98971f84	356	.cra_ctxsize = sizeof(struct s390_des_ctx),
a9e62fad HX	357	.cra_type = &crypto_blkcipher_type,
	358	.cra_module = THIS_MODULE,
	359	.cra_list = LIST_HEAD_INIT(
98971f84	360	cbc_des3_alg.cra_list),
a9e62fad HX	361	.cra_u = {
a9e62fad HX	362	.blkcipher = {
98971f84 JG	363	.min_keysize = DES3_KEY_SIZE,
98971f84 JG	364	.max_keysize = DES3_KEY_SIZE,
1efbd15c	365	.ivsize = DES_BLOCK_SIZE,
98971f84 JG	366	.setkey = des3_setkey,
	367	.encrypt = cbc_des3_encrypt,
	368	.decrypt = cbc_des3_decrypt,
a9e62fad HX	369	}
	370	}
	371	};
	372
98971f84	373	static int __init des_s390_init(void)
1da177e4	374	{
80d663a4	375	int ret;
1da177e4	376
1822bc90 JG	377	if (!crypt_s390_func_available(KM_DEA_ENCRYPT, CRYPT_S390_MSA) \|\|
1822bc90 JG	378	!crypt_s390_func_available(KM_TDEA_192_ENCRYPT, CRYPT_S390_MSA))
86aa9fc2	379	return -EOPNOTSUPP;
1da177e4	380
a9e62fad HX	381	ret = crypto_register_alg(&des_alg);
	382	if (ret)
	383	goto des_err;
	384	ret = crypto_register_alg(&ecb_des_alg);
	385	if (ret)
	386	goto ecb_des_err;
	387	ret = crypto_register_alg(&cbc_des_alg);
	388	if (ret)
	389	goto cbc_des_err;
98971f84	390	ret = crypto_register_alg(&des3_alg);
a9e62fad	391	if (ret)
98971f84 JG	392	goto des3_err;
98971f84 JG	393	ret = crypto_register_alg(&ecb_des3_alg);
a9e62fad	394	if (ret)
98971f84 JG	395	goto ecb_des3_err;
98971f84 JG	396	ret = crypto_register_alg(&cbc_des3_alg);
a9e62fad	397	if (ret)
98971f84	398	goto cbc_des3_err;
a9e62fad HX	399	out:
	400	return ret;
	401
98971f84 JG	402	cbc_des3_err:
	403	crypto_unregister_alg(&ecb_des3_alg);
	404	ecb_des3_err:
	405	crypto_unregister_alg(&des3_alg);
	406	des3_err:
a9e62fad HX	407	crypto_unregister_alg(&cbc_des_alg);
	408	cbc_des_err:
	409	crypto_unregister_alg(&ecb_des_alg);
	410	ecb_des_err:
	411	crypto_unregister_alg(&des_alg);
	412	des_err:
	413	goto out;
1da177e4 LT	414	}
1da177e4 LT	415
1efbd15c	416	static void __exit des_s390_exit(void)
1da177e4	417	{
98971f84 JG	418	crypto_unregister_alg(&cbc_des3_alg);
	419	crypto_unregister_alg(&ecb_des3_alg);
	420	crypto_unregister_alg(&des3_alg);
a9e62fad HX	421	crypto_unregister_alg(&cbc_des_alg);
a9e62fad HX	422	crypto_unregister_alg(&ecb_des_alg);
1da177e4 LT	423	crypto_unregister_alg(&des_alg);
	424	}
	425
9f7819c1	426	module_init(des_s390_init);
1efbd15c	427	module_exit(des_s390_exit);
1da177e4 LT	428
	429	MODULE_ALIAS("des");
	430	MODULE_ALIAS("des3_ede");
	431
	432	MODULE_LICENSE("GPL");
	433	MODULE_DESCRIPTION("DES & Triple DES EDE Cipher Algorithms");