4 * s390 implementation of the DES Cipher Algorithm.
6 * Copyright (c) 2003 IBM Deutschland Entwicklung GmbH, IBM Corporation
7 * Author(s): Thomas Spatzier (tspat@de.ibm.com)
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
16 #include <linux/init.h>
17 #include <linux/module.h>
18 #include <linux/crypto.h>
20 #include "crypt_s390.h"
21 #include "crypto_des.h"
23 #define DES_BLOCK_SIZE 8
24 #define DES_KEY_SIZE 8
26 #define DES3_128_KEY_SIZE (2 * DES_KEY_SIZE)
27 #define DES3_128_BLOCK_SIZE DES_BLOCK_SIZE
29 #define DES3_192_KEY_SIZE (3 * DES_KEY_SIZE)
30 #define DES3_192_BLOCK_SIZE DES_BLOCK_SIZE
32 struct crypt_s390_des_ctx
{
33 u8 iv
[DES_BLOCK_SIZE
];
37 struct crypt_s390_des3_128_ctx
{
38 u8 iv
[DES_BLOCK_SIZE
];
39 u8 key
[DES3_128_KEY_SIZE
];
42 struct crypt_s390_des3_192_ctx
{
43 u8 iv
[DES_BLOCK_SIZE
];
44 u8 key
[DES3_192_KEY_SIZE
];
47 static int des_setkey(struct crypto_tfm
*tfm
, const u8
*key
,
50 struct crypt_s390_des_ctx
*dctx
= crypto_tfm_ctx(tfm
);
51 u32
*flags
= &tfm
->crt_flags
;
54 /* test if key is valid (not a weak key) */
55 ret
= crypto_des_check_key(key
, keylen
, flags
);
57 memcpy(dctx
->key
, key
, keylen
);
61 static void des_encrypt(struct crypto_tfm
*tfm
, u8
*out
, const u8
*in
)
63 struct crypt_s390_des_ctx
*dctx
= crypto_tfm_ctx(tfm
);
65 crypt_s390_km(KM_DEA_ENCRYPT
, dctx
->key
, out
, in
, DES_BLOCK_SIZE
);
68 static void des_decrypt(struct crypto_tfm
*tfm
, u8
*out
, const u8
*in
)
70 struct crypt_s390_des_ctx
*dctx
= crypto_tfm_ctx(tfm
);
72 crypt_s390_km(KM_DEA_DECRYPT
, dctx
->key
, out
, in
, DES_BLOCK_SIZE
);
75 static unsigned int des_encrypt_ecb(const struct cipher_desc
*desc
, u8
*out
,
76 const u8
*in
, unsigned int nbytes
)
78 struct crypt_s390_des_ctx
*sctx
= crypto_tfm_ctx(desc
->tfm
);
81 /* only use complete blocks */
82 nbytes
&= ~(DES_BLOCK_SIZE
- 1);
83 ret
= crypt_s390_km(KM_DEA_ENCRYPT
, sctx
->key
, out
, in
, nbytes
);
84 BUG_ON((ret
< 0) || (ret
!= nbytes
));
89 static unsigned int des_decrypt_ecb(const struct cipher_desc
*desc
, u8
*out
,
90 const u8
*in
, unsigned int nbytes
)
92 struct crypt_s390_des_ctx
*sctx
= crypto_tfm_ctx(desc
->tfm
);
95 /* only use complete blocks */
96 nbytes
&= ~(DES_BLOCK_SIZE
- 1);
97 ret
= crypt_s390_km(KM_DEA_DECRYPT
, sctx
->key
, out
, in
, nbytes
);
98 BUG_ON((ret
< 0) || (ret
!= nbytes
));
103 static unsigned int des_encrypt_cbc(const struct cipher_desc
*desc
, u8
*out
,
104 const u8
*in
, unsigned int nbytes
)
106 struct crypt_s390_des_ctx
*sctx
= crypto_tfm_ctx(desc
->tfm
);
109 /* only use complete blocks */
110 nbytes
&= ~(DES_BLOCK_SIZE
- 1);
112 memcpy(sctx
->iv
, desc
->info
, DES_BLOCK_SIZE
);
113 ret
= crypt_s390_kmc(KMC_DEA_ENCRYPT
, &sctx
->iv
, out
, in
, nbytes
);
114 BUG_ON((ret
< 0) || (ret
!= nbytes
));
116 memcpy(desc
->info
, sctx
->iv
, DES_BLOCK_SIZE
);
120 static unsigned int des_decrypt_cbc(const struct cipher_desc
*desc
, u8
*out
,
121 const u8
*in
, unsigned int nbytes
)
123 struct crypt_s390_des_ctx
*sctx
= crypto_tfm_ctx(desc
->tfm
);
126 /* only use complete blocks */
127 nbytes
&= ~(DES_BLOCK_SIZE
- 1);
129 memcpy(&sctx
->iv
, desc
->info
, DES_BLOCK_SIZE
);
130 ret
= crypt_s390_kmc(KMC_DEA_DECRYPT
, &sctx
->iv
, out
, in
, nbytes
);
131 BUG_ON((ret
< 0) || (ret
!= nbytes
));
136 static struct crypto_alg des_alg
= {
138 .cra_flags
= CRYPTO_ALG_TYPE_CIPHER
,
139 .cra_blocksize
= DES_BLOCK_SIZE
,
140 .cra_ctxsize
= sizeof(struct crypt_s390_des_ctx
),
141 .cra_module
= THIS_MODULE
,
142 .cra_list
= LIST_HEAD_INIT(des_alg
.cra_list
),
145 .cia_min_keysize
= DES_KEY_SIZE
,
146 .cia_max_keysize
= DES_KEY_SIZE
,
147 .cia_setkey
= des_setkey
,
148 .cia_encrypt
= des_encrypt
,
149 .cia_decrypt
= des_decrypt
,
150 .cia_encrypt_ecb
= des_encrypt_ecb
,
151 .cia_decrypt_ecb
= des_decrypt_ecb
,
152 .cia_encrypt_cbc
= des_encrypt_cbc
,
153 .cia_decrypt_cbc
= des_decrypt_cbc
,
161 * For DES-EDE3, there is no known need to reject weak or
162 * complementation keys. Any weakness is obviated by the use of
165 * However, if the two independent 64-bit keys are equal,
166 * then the DES3 operation is simply the same as DES.
167 * Implementers MUST reject keys that exhibit this property.
170 static int des3_128_setkey(struct crypto_tfm
*tfm
, const u8
*key
,
174 struct crypt_s390_des3_128_ctx
*dctx
= crypto_tfm_ctx(tfm
);
175 const u8
*temp_key
= key
;
176 u32
*flags
= &tfm
->crt_flags
;
178 if (!(memcmp(key
, &key
[DES_KEY_SIZE
], DES_KEY_SIZE
))) {
179 *flags
|= CRYPTO_TFM_RES_BAD_KEY_SCHED
;
182 for (i
= 0; i
< 2; i
++, temp_key
+= DES_KEY_SIZE
) {
183 ret
= crypto_des_check_key(temp_key
, DES_KEY_SIZE
, flags
);
187 memcpy(dctx
->key
, key
, keylen
);
191 static void des3_128_encrypt(struct crypto_tfm
*tfm
, u8
*dst
, const u8
*src
)
193 struct crypt_s390_des3_128_ctx
*dctx
= crypto_tfm_ctx(tfm
);
195 crypt_s390_km(KM_TDEA_128_ENCRYPT
, dctx
->key
, dst
, (void*)src
,
196 DES3_128_BLOCK_SIZE
);
199 static void des3_128_decrypt(struct crypto_tfm
*tfm
, u8
*dst
, const u8
*src
)
201 struct crypt_s390_des3_128_ctx
*dctx
= crypto_tfm_ctx(tfm
);
203 crypt_s390_km(KM_TDEA_128_DECRYPT
, dctx
->key
, dst
, (void*)src
,
204 DES3_128_BLOCK_SIZE
);
207 static unsigned int des3_128_encrypt_ecb(const struct cipher_desc
*desc
,
208 u8
*out
, const u8
*in
,
211 struct crypt_s390_des3_128_ctx
*sctx
= crypto_tfm_ctx(desc
->tfm
);
214 /* only use complete blocks */
215 nbytes
&= ~(DES3_128_BLOCK_SIZE
- 1);
216 ret
= crypt_s390_km(KM_TDEA_128_ENCRYPT
, sctx
->key
, out
, in
, nbytes
);
217 BUG_ON((ret
< 0) || (ret
!= nbytes
));
222 static unsigned int des3_128_decrypt_ecb(const struct cipher_desc
*desc
,
223 u8
*out
, const u8
*in
,
226 struct crypt_s390_des3_128_ctx
*sctx
= crypto_tfm_ctx(desc
->tfm
);
229 /* only use complete blocks */
230 nbytes
&= ~(DES3_128_BLOCK_SIZE
- 1);
231 ret
= crypt_s390_km(KM_TDEA_128_DECRYPT
, sctx
->key
, out
, in
, nbytes
);
232 BUG_ON((ret
< 0) || (ret
!= nbytes
));
237 static unsigned int des3_128_encrypt_cbc(const struct cipher_desc
*desc
,
238 u8
*out
, const u8
*in
,
241 struct crypt_s390_des3_128_ctx
*sctx
= crypto_tfm_ctx(desc
->tfm
);
244 /* only use complete blocks */
245 nbytes
&= ~(DES3_128_BLOCK_SIZE
- 1);
247 memcpy(sctx
->iv
, desc
->info
, DES3_128_BLOCK_SIZE
);
248 ret
= crypt_s390_kmc(KMC_TDEA_128_ENCRYPT
, &sctx
->iv
, out
, in
, nbytes
);
249 BUG_ON((ret
< 0) || (ret
!= nbytes
));
251 memcpy(desc
->info
, sctx
->iv
, DES3_128_BLOCK_SIZE
);
255 static unsigned int des3_128_decrypt_cbc(const struct cipher_desc
*desc
,
256 u8
*out
, const u8
*in
,
259 struct crypt_s390_des3_128_ctx
*sctx
= crypto_tfm_ctx(desc
->tfm
);
262 /* only use complete blocks */
263 nbytes
&= ~(DES3_128_BLOCK_SIZE
- 1);
265 memcpy(&sctx
->iv
, desc
->info
, DES3_128_BLOCK_SIZE
);
266 ret
= crypt_s390_kmc(KMC_TDEA_128_DECRYPT
, &sctx
->iv
, out
, in
, nbytes
);
267 BUG_ON((ret
< 0) || (ret
!= nbytes
));
272 static struct crypto_alg des3_128_alg
= {
273 .cra_name
= "des3_ede128",
274 .cra_flags
= CRYPTO_ALG_TYPE_CIPHER
,
275 .cra_blocksize
= DES3_128_BLOCK_SIZE
,
276 .cra_ctxsize
= sizeof(struct crypt_s390_des3_128_ctx
),
277 .cra_module
= THIS_MODULE
,
278 .cra_list
= LIST_HEAD_INIT(des3_128_alg
.cra_list
),
281 .cia_min_keysize
= DES3_128_KEY_SIZE
,
282 .cia_max_keysize
= DES3_128_KEY_SIZE
,
283 .cia_setkey
= des3_128_setkey
,
284 .cia_encrypt
= des3_128_encrypt
,
285 .cia_decrypt
= des3_128_decrypt
,
286 .cia_encrypt_ecb
= des3_128_encrypt_ecb
,
287 .cia_decrypt_ecb
= des3_128_decrypt_ecb
,
288 .cia_encrypt_cbc
= des3_128_encrypt_cbc
,
289 .cia_decrypt_cbc
= des3_128_decrypt_cbc
,
297 * For DES-EDE3, there is no known need to reject weak or
298 * complementation keys. Any weakness is obviated by the use of
301 * However, if the first two or last two independent 64-bit keys are
302 * equal (k1 == k2 or k2 == k3), then the DES3 operation is simply the
303 * same as DES. Implementers MUST reject keys that exhibit this
307 static int des3_192_setkey(struct crypto_tfm
*tfm
, const u8
*key
,
311 struct crypt_s390_des3_192_ctx
*dctx
= crypto_tfm_ctx(tfm
);
312 const u8
*temp_key
= key
;
313 u32
*flags
= &tfm
->crt_flags
;
315 if (!(memcmp(key
, &key
[DES_KEY_SIZE
], DES_KEY_SIZE
) &&
316 memcmp(&key
[DES_KEY_SIZE
], &key
[DES_KEY_SIZE
* 2],
319 *flags
|= CRYPTO_TFM_RES_BAD_KEY_SCHED
;
322 for (i
= 0; i
< 3; i
++, temp_key
+= DES_KEY_SIZE
) {
323 ret
= crypto_des_check_key(temp_key
, DES_KEY_SIZE
, flags
);
327 memcpy(dctx
->key
, key
, keylen
);
331 static void des3_192_encrypt(struct crypto_tfm
*tfm
, u8
*dst
, const u8
*src
)
333 struct crypt_s390_des3_192_ctx
*dctx
= crypto_tfm_ctx(tfm
);
335 crypt_s390_km(KM_TDEA_192_ENCRYPT
, dctx
->key
, dst
, (void*)src
,
336 DES3_192_BLOCK_SIZE
);
339 static void des3_192_decrypt(struct crypto_tfm
*tfm
, u8
*dst
, const u8
*src
)
341 struct crypt_s390_des3_192_ctx
*dctx
= crypto_tfm_ctx(tfm
);
343 crypt_s390_km(KM_TDEA_192_DECRYPT
, dctx
->key
, dst
, (void*)src
,
344 DES3_192_BLOCK_SIZE
);
347 static unsigned int des3_192_encrypt_ecb(const struct cipher_desc
*desc
,
348 u8
*out
, const u8
*in
,
351 struct crypt_s390_des3_192_ctx
*sctx
= crypto_tfm_ctx(desc
->tfm
);
354 /* only use complete blocks */
355 nbytes
&= ~(DES3_192_BLOCK_SIZE
- 1);
356 ret
= crypt_s390_km(KM_TDEA_192_ENCRYPT
, sctx
->key
, out
, in
, nbytes
);
357 BUG_ON((ret
< 0) || (ret
!= nbytes
));
362 static unsigned int des3_192_decrypt_ecb(const struct cipher_desc
*desc
,
363 u8
*out
, const u8
*in
,
366 struct crypt_s390_des3_192_ctx
*sctx
= crypto_tfm_ctx(desc
->tfm
);
369 /* only use complete blocks */
370 nbytes
&= ~(DES3_192_BLOCK_SIZE
- 1);
371 ret
= crypt_s390_km(KM_TDEA_192_DECRYPT
, sctx
->key
, out
, in
, nbytes
);
372 BUG_ON((ret
< 0) || (ret
!= nbytes
));
377 static unsigned int des3_192_encrypt_cbc(const struct cipher_desc
*desc
,
378 u8
*out
, const u8
*in
,
381 struct crypt_s390_des3_192_ctx
*sctx
= crypto_tfm_ctx(desc
->tfm
);
384 /* only use complete blocks */
385 nbytes
&= ~(DES3_192_BLOCK_SIZE
- 1);
387 memcpy(sctx
->iv
, desc
->info
, DES3_192_BLOCK_SIZE
);
388 ret
= crypt_s390_kmc(KMC_TDEA_192_ENCRYPT
, &sctx
->iv
, out
, in
, nbytes
);
389 BUG_ON((ret
< 0) || (ret
!= nbytes
));
391 memcpy(desc
->info
, sctx
->iv
, DES3_192_BLOCK_SIZE
);
395 static unsigned int des3_192_decrypt_cbc(const struct cipher_desc
*desc
,
396 u8
*out
, const u8
*in
,
399 struct crypt_s390_des3_192_ctx
*sctx
= crypto_tfm_ctx(desc
->tfm
);
402 /* only use complete blocks */
403 nbytes
&= ~(DES3_192_BLOCK_SIZE
- 1);
405 memcpy(&sctx
->iv
, desc
->info
, DES3_192_BLOCK_SIZE
);
406 ret
= crypt_s390_kmc(KMC_TDEA_192_DECRYPT
, &sctx
->iv
, out
, in
, nbytes
);
407 BUG_ON((ret
< 0) || (ret
!= nbytes
));
412 static struct crypto_alg des3_192_alg
= {
413 .cra_name
= "des3_ede",
414 .cra_flags
= CRYPTO_ALG_TYPE_CIPHER
,
415 .cra_blocksize
= DES3_192_BLOCK_SIZE
,
416 .cra_ctxsize
= sizeof(struct crypt_s390_des3_192_ctx
),
417 .cra_module
= THIS_MODULE
,
418 .cra_list
= LIST_HEAD_INIT(des3_192_alg
.cra_list
),
421 .cia_min_keysize
= DES3_192_KEY_SIZE
,
422 .cia_max_keysize
= DES3_192_KEY_SIZE
,
423 .cia_setkey
= des3_192_setkey
,
424 .cia_encrypt
= des3_192_encrypt
,
425 .cia_decrypt
= des3_192_decrypt
,
426 .cia_encrypt_ecb
= des3_192_encrypt_ecb
,
427 .cia_decrypt_ecb
= des3_192_decrypt_ecb
,
428 .cia_encrypt_cbc
= des3_192_encrypt_cbc
,
429 .cia_decrypt_cbc
= des3_192_decrypt_cbc
,
434 static int init(void)
438 if (!crypt_s390_func_available(KM_DEA_ENCRYPT
) ||
439 !crypt_s390_func_available(KM_TDEA_128_ENCRYPT
) ||
440 !crypt_s390_func_available(KM_TDEA_192_ENCRYPT
))
443 ret
|= (crypto_register_alg(&des_alg
) == 0) ? 0:1;
444 ret
|= (crypto_register_alg(&des3_128_alg
) == 0) ? 0:2;
445 ret
|= (crypto_register_alg(&des3_192_alg
) == 0) ? 0:4;
447 crypto_unregister_alg(&des3_192_alg
);
448 crypto_unregister_alg(&des3_128_alg
);
449 crypto_unregister_alg(&des_alg
);
455 static void __exit
fini(void)
457 crypto_unregister_alg(&des3_192_alg
);
458 crypto_unregister_alg(&des3_128_alg
);
459 crypto_unregister_alg(&des_alg
);
466 MODULE_ALIAS("des3_ede");
468 MODULE_LICENSE("GPL");
469 MODULE_DESCRIPTION("DES & Triple DES EDE Cipher Algorithms");