Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Cryptographic API. |
| 3 | * |
Jan Glauber | c1e26e1 | 2006-01-06 00:19:17 -0800 | [diff] [blame] | 4 | * s390 implementation of the DES Cipher Algorithm. |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 5 | * |
Jan Glauber | 86aa9fc | 2007-02-05 21:18:14 +0100 | [diff] [blame^] | 6 | * Copyright IBM Corp. 2003,2007 |
| 7 | * Author(s): Thomas Spatzier |
| 8 | * Jan Glauber (jan.glauber@de.ibm.com) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 9 | * |
| 10 | * This program is free software; you can redistribute it and/or modify |
| 11 | * it under the terms of the GNU General Public License as published by |
| 12 | * the Free Software Foundation; either version 2 of the License, or |
| 13 | * (at your option) any later version. |
| 14 | * |
| 15 | */ |
Herbert Xu | a9e62fa | 2006-08-21 21:39:24 +1000 | [diff] [blame] | 16 | |
| 17 | #include <crypto/algapi.h> |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 18 | #include <linux/init.h> |
| 19 | #include <linux/module.h> |
Jan Glauber | c135783 | 2006-01-14 13:20:53 -0800 | [diff] [blame] | 20 | |
Jan Glauber | c1e26e1 | 2006-01-06 00:19:17 -0800 | [diff] [blame] | 21 | #include "crypt_s390.h" |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 22 | #include "crypto_des.h" |
| 23 | |
| 24 | #define DES_BLOCK_SIZE 8 |
| 25 | #define DES_KEY_SIZE 8 |
| 26 | |
| 27 | #define DES3_128_KEY_SIZE (2 * DES_KEY_SIZE) |
| 28 | #define DES3_128_BLOCK_SIZE DES_BLOCK_SIZE |
| 29 | |
| 30 | #define DES3_192_KEY_SIZE (3 * DES_KEY_SIZE) |
| 31 | #define DES3_192_BLOCK_SIZE DES_BLOCK_SIZE |
| 32 | |
Jan Glauber | c1e26e1 | 2006-01-06 00:19:17 -0800 | [diff] [blame] | 33 | struct crypt_s390_des_ctx { |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 34 | u8 iv[DES_BLOCK_SIZE]; |
| 35 | u8 key[DES_KEY_SIZE]; |
| 36 | }; |
| 37 | |
Jan Glauber | c1e26e1 | 2006-01-06 00:19:17 -0800 | [diff] [blame] | 38 | struct crypt_s390_des3_128_ctx { |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 39 | u8 iv[DES_BLOCK_SIZE]; |
| 40 | u8 key[DES3_128_KEY_SIZE]; |
| 41 | }; |
| 42 | |
Jan Glauber | c1e26e1 | 2006-01-06 00:19:17 -0800 | [diff] [blame] | 43 | struct crypt_s390_des3_192_ctx { |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 44 | u8 iv[DES_BLOCK_SIZE]; |
| 45 | u8 key[DES3_192_KEY_SIZE]; |
| 46 | }; |
| 47 | |
Herbert Xu | 6c2bb98 | 2006-05-16 22:09:29 +1000 | [diff] [blame] | 48 | static int des_setkey(struct crypto_tfm *tfm, const u8 *key, |
Herbert Xu | 560c06a | 2006-08-13 14:16:39 +1000 | [diff] [blame] | 49 | unsigned int keylen) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 50 | { |
Herbert Xu | 6c2bb98 | 2006-05-16 22:09:29 +1000 | [diff] [blame] | 51 | struct crypt_s390_des_ctx *dctx = crypto_tfm_ctx(tfm); |
Herbert Xu | 560c06a | 2006-08-13 14:16:39 +1000 | [diff] [blame] | 52 | u32 *flags = &tfm->crt_flags; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 53 | int ret; |
| 54 | |
Jan Glauber | c135783 | 2006-01-14 13:20:53 -0800 | [diff] [blame] | 55 | /* test if key is valid (not a weak key) */ |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 56 | ret = crypto_des_check_key(key, keylen, flags); |
Jan Glauber | c135783 | 2006-01-14 13:20:53 -0800 | [diff] [blame] | 57 | if (ret == 0) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 58 | memcpy(dctx->key, key, keylen); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 59 | return ret; |
| 60 | } |
| 61 | |
Herbert Xu | 6c2bb98 | 2006-05-16 22:09:29 +1000 | [diff] [blame] | 62 | static void des_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 63 | { |
Herbert Xu | 6c2bb98 | 2006-05-16 22:09:29 +1000 | [diff] [blame] | 64 | struct crypt_s390_des_ctx *dctx = crypto_tfm_ctx(tfm); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 65 | |
Jan Glauber | b8dc603 | 2006-01-14 13:20:53 -0800 | [diff] [blame] | 66 | crypt_s390_km(KM_DEA_ENCRYPT, dctx->key, out, in, DES_BLOCK_SIZE); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 67 | } |
| 68 | |
Herbert Xu | 6c2bb98 | 2006-05-16 22:09:29 +1000 | [diff] [blame] | 69 | static void des_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 70 | { |
Herbert Xu | 6c2bb98 | 2006-05-16 22:09:29 +1000 | [diff] [blame] | 71 | struct crypt_s390_des_ctx *dctx = crypto_tfm_ctx(tfm); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 72 | |
Jan Glauber | b8dc603 | 2006-01-14 13:20:53 -0800 | [diff] [blame] | 73 | crypt_s390_km(KM_DEA_DECRYPT, dctx->key, out, in, DES_BLOCK_SIZE); |
| 74 | } |
| 75 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 76 | static struct crypto_alg des_alg = { |
| 77 | .cra_name = "des", |
Herbert Xu | 65b75c3 | 2006-08-21 21:18:50 +1000 | [diff] [blame] | 78 | .cra_driver_name = "des-s390", |
| 79 | .cra_priority = CRYPT_S390_PRIORITY, |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 80 | .cra_flags = CRYPTO_ALG_TYPE_CIPHER, |
| 81 | .cra_blocksize = DES_BLOCK_SIZE, |
Jan Glauber | c1e26e1 | 2006-01-06 00:19:17 -0800 | [diff] [blame] | 82 | .cra_ctxsize = sizeof(struct crypt_s390_des_ctx), |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 83 | .cra_module = THIS_MODULE, |
| 84 | .cra_list = LIST_HEAD_INIT(des_alg.cra_list), |
Jan Glauber | c135783 | 2006-01-14 13:20:53 -0800 | [diff] [blame] | 85 | .cra_u = { |
| 86 | .cipher = { |
| 87 | .cia_min_keysize = DES_KEY_SIZE, |
| 88 | .cia_max_keysize = DES_KEY_SIZE, |
| 89 | .cia_setkey = des_setkey, |
| 90 | .cia_encrypt = des_encrypt, |
Jan Glauber | b8dc603 | 2006-01-14 13:20:53 -0800 | [diff] [blame] | 91 | .cia_decrypt = des_decrypt, |
Jan Glauber | c135783 | 2006-01-14 13:20:53 -0800 | [diff] [blame] | 92 | } |
| 93 | } |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 94 | }; |
| 95 | |
Herbert Xu | a9e62fa | 2006-08-21 21:39:24 +1000 | [diff] [blame] | 96 | static int ecb_desall_crypt(struct blkcipher_desc *desc, long func, |
| 97 | void *param, struct blkcipher_walk *walk) |
| 98 | { |
| 99 | int ret = blkcipher_walk_virt(desc, walk); |
| 100 | unsigned int nbytes; |
| 101 | |
| 102 | while ((nbytes = walk->nbytes)) { |
| 103 | /* only use complete blocks */ |
| 104 | unsigned int n = nbytes & ~(DES_BLOCK_SIZE - 1); |
| 105 | u8 *out = walk->dst.virt.addr; |
| 106 | u8 *in = walk->src.virt.addr; |
| 107 | |
| 108 | ret = crypt_s390_km(func, param, out, in, n); |
| 109 | BUG_ON((ret < 0) || (ret != n)); |
| 110 | |
| 111 | nbytes &= DES_BLOCK_SIZE - 1; |
| 112 | ret = blkcipher_walk_done(desc, walk, nbytes); |
| 113 | } |
| 114 | |
| 115 | return ret; |
| 116 | } |
| 117 | |
| 118 | static int cbc_desall_crypt(struct blkcipher_desc *desc, long func, |
| 119 | void *param, struct blkcipher_walk *walk) |
| 120 | { |
| 121 | int ret = blkcipher_walk_virt(desc, walk); |
| 122 | unsigned int nbytes = walk->nbytes; |
| 123 | |
| 124 | if (!nbytes) |
| 125 | goto out; |
| 126 | |
| 127 | memcpy(param, walk->iv, DES_BLOCK_SIZE); |
| 128 | do { |
| 129 | /* only use complete blocks */ |
| 130 | unsigned int n = nbytes & ~(DES_BLOCK_SIZE - 1); |
| 131 | u8 *out = walk->dst.virt.addr; |
| 132 | u8 *in = walk->src.virt.addr; |
| 133 | |
| 134 | ret = crypt_s390_kmc(func, param, out, in, n); |
| 135 | BUG_ON((ret < 0) || (ret != n)); |
| 136 | |
| 137 | nbytes &= DES_BLOCK_SIZE - 1; |
| 138 | ret = blkcipher_walk_done(desc, walk, nbytes); |
| 139 | } while ((nbytes = walk->nbytes)); |
| 140 | memcpy(walk->iv, param, DES_BLOCK_SIZE); |
| 141 | |
| 142 | out: |
| 143 | return ret; |
| 144 | } |
| 145 | |
| 146 | static int ecb_des_encrypt(struct blkcipher_desc *desc, |
| 147 | struct scatterlist *dst, struct scatterlist *src, |
| 148 | unsigned int nbytes) |
| 149 | { |
| 150 | struct crypt_s390_des_ctx *sctx = crypto_blkcipher_ctx(desc->tfm); |
| 151 | struct blkcipher_walk walk; |
| 152 | |
| 153 | blkcipher_walk_init(&walk, dst, src, nbytes); |
| 154 | return ecb_desall_crypt(desc, KM_DEA_ENCRYPT, sctx->key, &walk); |
| 155 | } |
| 156 | |
| 157 | static int ecb_des_decrypt(struct blkcipher_desc *desc, |
| 158 | struct scatterlist *dst, struct scatterlist *src, |
| 159 | unsigned int nbytes) |
| 160 | { |
| 161 | struct crypt_s390_des_ctx *sctx = crypto_blkcipher_ctx(desc->tfm); |
| 162 | struct blkcipher_walk walk; |
| 163 | |
| 164 | blkcipher_walk_init(&walk, dst, src, nbytes); |
| 165 | return ecb_desall_crypt(desc, KM_DEA_DECRYPT, sctx->key, &walk); |
| 166 | } |
| 167 | |
| 168 | static struct crypto_alg ecb_des_alg = { |
| 169 | .cra_name = "ecb(des)", |
| 170 | .cra_driver_name = "ecb-des-s390", |
| 171 | .cra_priority = CRYPT_S390_COMPOSITE_PRIORITY, |
| 172 | .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, |
| 173 | .cra_blocksize = DES_BLOCK_SIZE, |
| 174 | .cra_ctxsize = sizeof(struct crypt_s390_des_ctx), |
| 175 | .cra_type = &crypto_blkcipher_type, |
| 176 | .cra_module = THIS_MODULE, |
| 177 | .cra_list = LIST_HEAD_INIT(ecb_des_alg.cra_list), |
| 178 | .cra_u = { |
| 179 | .blkcipher = { |
| 180 | .min_keysize = DES_KEY_SIZE, |
| 181 | .max_keysize = DES_KEY_SIZE, |
| 182 | .setkey = des_setkey, |
| 183 | .encrypt = ecb_des_encrypt, |
| 184 | .decrypt = ecb_des_decrypt, |
| 185 | } |
| 186 | } |
| 187 | }; |
| 188 | |
| 189 | static int cbc_des_encrypt(struct blkcipher_desc *desc, |
| 190 | struct scatterlist *dst, struct scatterlist *src, |
| 191 | unsigned int nbytes) |
| 192 | { |
| 193 | struct crypt_s390_des_ctx *sctx = crypto_blkcipher_ctx(desc->tfm); |
| 194 | struct blkcipher_walk walk; |
| 195 | |
| 196 | blkcipher_walk_init(&walk, dst, src, nbytes); |
| 197 | return cbc_desall_crypt(desc, KMC_DEA_ENCRYPT, sctx->iv, &walk); |
| 198 | } |
| 199 | |
| 200 | static int cbc_des_decrypt(struct blkcipher_desc *desc, |
| 201 | struct scatterlist *dst, struct scatterlist *src, |
| 202 | unsigned int nbytes) |
| 203 | { |
| 204 | struct crypt_s390_des_ctx *sctx = crypto_blkcipher_ctx(desc->tfm); |
| 205 | struct blkcipher_walk walk; |
| 206 | |
| 207 | blkcipher_walk_init(&walk, dst, src, nbytes); |
| 208 | return cbc_desall_crypt(desc, KMC_DEA_DECRYPT, sctx->iv, &walk); |
| 209 | } |
| 210 | |
| 211 | static struct crypto_alg cbc_des_alg = { |
| 212 | .cra_name = "cbc(des)", |
| 213 | .cra_driver_name = "cbc-des-s390", |
| 214 | .cra_priority = CRYPT_S390_COMPOSITE_PRIORITY, |
| 215 | .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, |
| 216 | .cra_blocksize = DES_BLOCK_SIZE, |
| 217 | .cra_ctxsize = sizeof(struct crypt_s390_des_ctx), |
| 218 | .cra_type = &crypto_blkcipher_type, |
| 219 | .cra_module = THIS_MODULE, |
| 220 | .cra_list = LIST_HEAD_INIT(cbc_des_alg.cra_list), |
| 221 | .cra_u = { |
| 222 | .blkcipher = { |
| 223 | .min_keysize = DES_KEY_SIZE, |
| 224 | .max_keysize = DES_KEY_SIZE, |
| 225 | .ivsize = DES_BLOCK_SIZE, |
| 226 | .setkey = des_setkey, |
| 227 | .encrypt = cbc_des_encrypt, |
| 228 | .decrypt = cbc_des_decrypt, |
| 229 | } |
| 230 | } |
| 231 | }; |
| 232 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 233 | /* |
| 234 | * RFC2451: |
| 235 | * |
| 236 | * For DES-EDE3, there is no known need to reject weak or |
| 237 | * complementation keys. Any weakness is obviated by the use of |
| 238 | * multiple keys. |
| 239 | * |
| 240 | * However, if the two independent 64-bit keys are equal, |
| 241 | * then the DES3 operation is simply the same as DES. |
| 242 | * Implementers MUST reject keys that exhibit this property. |
| 243 | * |
| 244 | */ |
Herbert Xu | 6c2bb98 | 2006-05-16 22:09:29 +1000 | [diff] [blame] | 245 | static int des3_128_setkey(struct crypto_tfm *tfm, const u8 *key, |
Herbert Xu | 560c06a | 2006-08-13 14:16:39 +1000 | [diff] [blame] | 246 | unsigned int keylen) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 247 | { |
| 248 | int i, ret; |
Herbert Xu | 6c2bb98 | 2006-05-16 22:09:29 +1000 | [diff] [blame] | 249 | struct crypt_s390_des3_128_ctx *dctx = crypto_tfm_ctx(tfm); |
Herbert Xu | 560c06a | 2006-08-13 14:16:39 +1000 | [diff] [blame] | 250 | const u8 *temp_key = key; |
| 251 | u32 *flags = &tfm->crt_flags; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 252 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 253 | if (!(memcmp(key, &key[DES_KEY_SIZE], DES_KEY_SIZE))) { |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 254 | *flags |= CRYPTO_TFM_RES_BAD_KEY_SCHED; |
| 255 | return -EINVAL; |
| 256 | } |
Jan Glauber | c135783 | 2006-01-14 13:20:53 -0800 | [diff] [blame] | 257 | for (i = 0; i < 2; i++, temp_key += DES_KEY_SIZE) { |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 258 | ret = crypto_des_check_key(temp_key, DES_KEY_SIZE, flags); |
| 259 | if (ret < 0) |
| 260 | return ret; |
| 261 | } |
| 262 | memcpy(dctx->key, key, keylen); |
| 263 | return 0; |
| 264 | } |
| 265 | |
Herbert Xu | 6c2bb98 | 2006-05-16 22:09:29 +1000 | [diff] [blame] | 266 | static void des3_128_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 267 | { |
Herbert Xu | 6c2bb98 | 2006-05-16 22:09:29 +1000 | [diff] [blame] | 268 | struct crypt_s390_des3_128_ctx *dctx = crypto_tfm_ctx(tfm); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 269 | |
Jan Glauber | c1e26e1 | 2006-01-06 00:19:17 -0800 | [diff] [blame] | 270 | crypt_s390_km(KM_TDEA_128_ENCRYPT, dctx->key, dst, (void*)src, |
Jan Glauber | c135783 | 2006-01-14 13:20:53 -0800 | [diff] [blame] | 271 | DES3_128_BLOCK_SIZE); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 272 | } |
| 273 | |
Herbert Xu | 6c2bb98 | 2006-05-16 22:09:29 +1000 | [diff] [blame] | 274 | static void des3_128_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 275 | { |
Herbert Xu | 6c2bb98 | 2006-05-16 22:09:29 +1000 | [diff] [blame] | 276 | struct crypt_s390_des3_128_ctx *dctx = crypto_tfm_ctx(tfm); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 277 | |
Jan Glauber | c1e26e1 | 2006-01-06 00:19:17 -0800 | [diff] [blame] | 278 | crypt_s390_km(KM_TDEA_128_DECRYPT, dctx->key, dst, (void*)src, |
Jan Glauber | c135783 | 2006-01-14 13:20:53 -0800 | [diff] [blame] | 279 | DES3_128_BLOCK_SIZE); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 280 | } |
| 281 | |
| 282 | static struct crypto_alg des3_128_alg = { |
| 283 | .cra_name = "des3_ede128", |
Herbert Xu | 65b75c3 | 2006-08-21 21:18:50 +1000 | [diff] [blame] | 284 | .cra_driver_name = "des3_ede128-s390", |
| 285 | .cra_priority = CRYPT_S390_PRIORITY, |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 286 | .cra_flags = CRYPTO_ALG_TYPE_CIPHER, |
| 287 | .cra_blocksize = DES3_128_BLOCK_SIZE, |
Jan Glauber | c1e26e1 | 2006-01-06 00:19:17 -0800 | [diff] [blame] | 288 | .cra_ctxsize = sizeof(struct crypt_s390_des3_128_ctx), |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 289 | .cra_module = THIS_MODULE, |
| 290 | .cra_list = LIST_HEAD_INIT(des3_128_alg.cra_list), |
Jan Glauber | c135783 | 2006-01-14 13:20:53 -0800 | [diff] [blame] | 291 | .cra_u = { |
| 292 | .cipher = { |
| 293 | .cia_min_keysize = DES3_128_KEY_SIZE, |
| 294 | .cia_max_keysize = DES3_128_KEY_SIZE, |
| 295 | .cia_setkey = des3_128_setkey, |
| 296 | .cia_encrypt = des3_128_encrypt, |
Jan Glauber | b8dc603 | 2006-01-14 13:20:53 -0800 | [diff] [blame] | 297 | .cia_decrypt = des3_128_decrypt, |
Jan Glauber | c135783 | 2006-01-14 13:20:53 -0800 | [diff] [blame] | 298 | } |
| 299 | } |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 300 | }; |
| 301 | |
Herbert Xu | a9e62fa | 2006-08-21 21:39:24 +1000 | [diff] [blame] | 302 | static int ecb_des3_128_encrypt(struct blkcipher_desc *desc, |
| 303 | struct scatterlist *dst, |
| 304 | struct scatterlist *src, unsigned int nbytes) |
| 305 | { |
| 306 | struct crypt_s390_des3_128_ctx *sctx = crypto_blkcipher_ctx(desc->tfm); |
| 307 | struct blkcipher_walk walk; |
| 308 | |
| 309 | blkcipher_walk_init(&walk, dst, src, nbytes); |
| 310 | return ecb_desall_crypt(desc, KM_TDEA_128_ENCRYPT, sctx->key, &walk); |
| 311 | } |
| 312 | |
| 313 | static int ecb_des3_128_decrypt(struct blkcipher_desc *desc, |
| 314 | struct scatterlist *dst, |
| 315 | struct scatterlist *src, unsigned int nbytes) |
| 316 | { |
| 317 | struct crypt_s390_des3_128_ctx *sctx = crypto_blkcipher_ctx(desc->tfm); |
| 318 | struct blkcipher_walk walk; |
| 319 | |
| 320 | blkcipher_walk_init(&walk, dst, src, nbytes); |
| 321 | return ecb_desall_crypt(desc, KM_TDEA_128_DECRYPT, sctx->key, &walk); |
| 322 | } |
| 323 | |
| 324 | static struct crypto_alg ecb_des3_128_alg = { |
| 325 | .cra_name = "ecb(des3_ede128)", |
| 326 | .cra_driver_name = "ecb-des3_ede128-s390", |
| 327 | .cra_priority = CRYPT_S390_COMPOSITE_PRIORITY, |
| 328 | .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, |
| 329 | .cra_blocksize = DES3_128_BLOCK_SIZE, |
| 330 | .cra_ctxsize = sizeof(struct crypt_s390_des3_128_ctx), |
| 331 | .cra_type = &crypto_blkcipher_type, |
| 332 | .cra_module = THIS_MODULE, |
| 333 | .cra_list = LIST_HEAD_INIT( |
| 334 | ecb_des3_128_alg.cra_list), |
| 335 | .cra_u = { |
| 336 | .blkcipher = { |
| 337 | .min_keysize = DES3_128_KEY_SIZE, |
| 338 | .max_keysize = DES3_128_KEY_SIZE, |
| 339 | .setkey = des3_128_setkey, |
| 340 | .encrypt = ecb_des3_128_encrypt, |
| 341 | .decrypt = ecb_des3_128_decrypt, |
| 342 | } |
| 343 | } |
| 344 | }; |
| 345 | |
| 346 | static int cbc_des3_128_encrypt(struct blkcipher_desc *desc, |
| 347 | struct scatterlist *dst, |
| 348 | struct scatterlist *src, unsigned int nbytes) |
| 349 | { |
| 350 | struct crypt_s390_des3_128_ctx *sctx = crypto_blkcipher_ctx(desc->tfm); |
| 351 | struct blkcipher_walk walk; |
| 352 | |
| 353 | blkcipher_walk_init(&walk, dst, src, nbytes); |
| 354 | return cbc_desall_crypt(desc, KMC_TDEA_128_ENCRYPT, sctx->iv, &walk); |
| 355 | } |
| 356 | |
| 357 | static int cbc_des3_128_decrypt(struct blkcipher_desc *desc, |
| 358 | struct scatterlist *dst, |
| 359 | struct scatterlist *src, unsigned int nbytes) |
| 360 | { |
| 361 | struct crypt_s390_des3_128_ctx *sctx = crypto_blkcipher_ctx(desc->tfm); |
| 362 | struct blkcipher_walk walk; |
| 363 | |
| 364 | blkcipher_walk_init(&walk, dst, src, nbytes); |
| 365 | return cbc_desall_crypt(desc, KMC_TDEA_128_DECRYPT, sctx->iv, &walk); |
| 366 | } |
| 367 | |
| 368 | static struct crypto_alg cbc_des3_128_alg = { |
| 369 | .cra_name = "cbc(des3_ede128)", |
| 370 | .cra_driver_name = "cbc-des3_ede128-s390", |
| 371 | .cra_priority = CRYPT_S390_COMPOSITE_PRIORITY, |
| 372 | .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, |
| 373 | .cra_blocksize = DES3_128_BLOCK_SIZE, |
| 374 | .cra_ctxsize = sizeof(struct crypt_s390_des3_128_ctx), |
| 375 | .cra_type = &crypto_blkcipher_type, |
| 376 | .cra_module = THIS_MODULE, |
| 377 | .cra_list = LIST_HEAD_INIT( |
| 378 | cbc_des3_128_alg.cra_list), |
| 379 | .cra_u = { |
| 380 | .blkcipher = { |
| 381 | .min_keysize = DES3_128_KEY_SIZE, |
| 382 | .max_keysize = DES3_128_KEY_SIZE, |
| 383 | .ivsize = DES3_128_BLOCK_SIZE, |
| 384 | .setkey = des3_128_setkey, |
| 385 | .encrypt = cbc_des3_128_encrypt, |
| 386 | .decrypt = cbc_des3_128_decrypt, |
| 387 | } |
| 388 | } |
| 389 | }; |
| 390 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 391 | /* |
| 392 | * RFC2451: |
| 393 | * |
| 394 | * For DES-EDE3, there is no known need to reject weak or |
| 395 | * complementation keys. Any weakness is obviated by the use of |
| 396 | * multiple keys. |
| 397 | * |
| 398 | * However, if the first two or last two independent 64-bit keys are |
| 399 | * equal (k1 == k2 or k2 == k3), then the DES3 operation is simply the |
| 400 | * same as DES. Implementers MUST reject keys that exhibit this |
| 401 | * property. |
| 402 | * |
| 403 | */ |
Herbert Xu | 6c2bb98 | 2006-05-16 22:09:29 +1000 | [diff] [blame] | 404 | static int des3_192_setkey(struct crypto_tfm *tfm, const u8 *key, |
Herbert Xu | 560c06a | 2006-08-13 14:16:39 +1000 | [diff] [blame] | 405 | unsigned int keylen) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 406 | { |
| 407 | int i, ret; |
Herbert Xu | 6c2bb98 | 2006-05-16 22:09:29 +1000 | [diff] [blame] | 408 | struct crypt_s390_des3_192_ctx *dctx = crypto_tfm_ctx(tfm); |
Herbert Xu | 560c06a | 2006-08-13 14:16:39 +1000 | [diff] [blame] | 409 | const u8 *temp_key = key; |
| 410 | u32 *flags = &tfm->crt_flags; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 411 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 412 | if (!(memcmp(key, &key[DES_KEY_SIZE], DES_KEY_SIZE) && |
| 413 | memcmp(&key[DES_KEY_SIZE], &key[DES_KEY_SIZE * 2], |
Jan Glauber | c135783 | 2006-01-14 13:20:53 -0800 | [diff] [blame] | 414 | DES_KEY_SIZE))) { |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 415 | |
| 416 | *flags |= CRYPTO_TFM_RES_BAD_KEY_SCHED; |
| 417 | return -EINVAL; |
| 418 | } |
| 419 | for (i = 0; i < 3; i++, temp_key += DES_KEY_SIZE) { |
| 420 | ret = crypto_des_check_key(temp_key, DES_KEY_SIZE, flags); |
Jan Glauber | c135783 | 2006-01-14 13:20:53 -0800 | [diff] [blame] | 421 | if (ret < 0) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 422 | return ret; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 423 | } |
| 424 | memcpy(dctx->key, key, keylen); |
| 425 | return 0; |
| 426 | } |
| 427 | |
Herbert Xu | 6c2bb98 | 2006-05-16 22:09:29 +1000 | [diff] [blame] | 428 | static void des3_192_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 429 | { |
Herbert Xu | 6c2bb98 | 2006-05-16 22:09:29 +1000 | [diff] [blame] | 430 | struct crypt_s390_des3_192_ctx *dctx = crypto_tfm_ctx(tfm); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 431 | |
Jan Glauber | c1e26e1 | 2006-01-06 00:19:17 -0800 | [diff] [blame] | 432 | crypt_s390_km(KM_TDEA_192_ENCRYPT, dctx->key, dst, (void*)src, |
Jan Glauber | c135783 | 2006-01-14 13:20:53 -0800 | [diff] [blame] | 433 | DES3_192_BLOCK_SIZE); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 434 | } |
| 435 | |
Herbert Xu | 6c2bb98 | 2006-05-16 22:09:29 +1000 | [diff] [blame] | 436 | static void des3_192_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 437 | { |
Herbert Xu | 6c2bb98 | 2006-05-16 22:09:29 +1000 | [diff] [blame] | 438 | struct crypt_s390_des3_192_ctx *dctx = crypto_tfm_ctx(tfm); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 439 | |
Jan Glauber | c1e26e1 | 2006-01-06 00:19:17 -0800 | [diff] [blame] | 440 | crypt_s390_km(KM_TDEA_192_DECRYPT, dctx->key, dst, (void*)src, |
Jan Glauber | c135783 | 2006-01-14 13:20:53 -0800 | [diff] [blame] | 441 | DES3_192_BLOCK_SIZE); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 442 | } |
| 443 | |
| 444 | static struct crypto_alg des3_192_alg = { |
| 445 | .cra_name = "des3_ede", |
Herbert Xu | 65b75c3 | 2006-08-21 21:18:50 +1000 | [diff] [blame] | 446 | .cra_driver_name = "des3_ede-s390", |
| 447 | .cra_priority = CRYPT_S390_PRIORITY, |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 448 | .cra_flags = CRYPTO_ALG_TYPE_CIPHER, |
| 449 | .cra_blocksize = DES3_192_BLOCK_SIZE, |
Jan Glauber | c1e26e1 | 2006-01-06 00:19:17 -0800 | [diff] [blame] | 450 | .cra_ctxsize = sizeof(struct crypt_s390_des3_192_ctx), |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 451 | .cra_module = THIS_MODULE, |
| 452 | .cra_list = LIST_HEAD_INIT(des3_192_alg.cra_list), |
Jan Glauber | c135783 | 2006-01-14 13:20:53 -0800 | [diff] [blame] | 453 | .cra_u = { |
| 454 | .cipher = { |
| 455 | .cia_min_keysize = DES3_192_KEY_SIZE, |
| 456 | .cia_max_keysize = DES3_192_KEY_SIZE, |
| 457 | .cia_setkey = des3_192_setkey, |
| 458 | .cia_encrypt = des3_192_encrypt, |
Jan Glauber | b8dc603 | 2006-01-14 13:20:53 -0800 | [diff] [blame] | 459 | .cia_decrypt = des3_192_decrypt, |
Jan Glauber | c135783 | 2006-01-14 13:20:53 -0800 | [diff] [blame] | 460 | } |
| 461 | } |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 462 | }; |
| 463 | |
Herbert Xu | a9e62fa | 2006-08-21 21:39:24 +1000 | [diff] [blame] | 464 | static int ecb_des3_192_encrypt(struct blkcipher_desc *desc, |
| 465 | struct scatterlist *dst, |
| 466 | struct scatterlist *src, unsigned int nbytes) |
| 467 | { |
| 468 | struct crypt_s390_des3_192_ctx *sctx = crypto_blkcipher_ctx(desc->tfm); |
| 469 | struct blkcipher_walk walk; |
| 470 | |
| 471 | blkcipher_walk_init(&walk, dst, src, nbytes); |
| 472 | return ecb_desall_crypt(desc, KM_TDEA_192_ENCRYPT, sctx->key, &walk); |
| 473 | } |
| 474 | |
| 475 | static int ecb_des3_192_decrypt(struct blkcipher_desc *desc, |
| 476 | struct scatterlist *dst, |
| 477 | struct scatterlist *src, unsigned int nbytes) |
| 478 | { |
| 479 | struct crypt_s390_des3_192_ctx *sctx = crypto_blkcipher_ctx(desc->tfm); |
| 480 | struct blkcipher_walk walk; |
| 481 | |
| 482 | blkcipher_walk_init(&walk, dst, src, nbytes); |
| 483 | return ecb_desall_crypt(desc, KM_TDEA_192_DECRYPT, sctx->key, &walk); |
| 484 | } |
| 485 | |
| 486 | static struct crypto_alg ecb_des3_192_alg = { |
| 487 | .cra_name = "ecb(des3_ede)", |
| 488 | .cra_driver_name = "ecb-des3_ede-s390", |
| 489 | .cra_priority = CRYPT_S390_COMPOSITE_PRIORITY, |
| 490 | .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, |
| 491 | .cra_blocksize = DES3_192_BLOCK_SIZE, |
| 492 | .cra_ctxsize = sizeof(struct crypt_s390_des3_192_ctx), |
| 493 | .cra_type = &crypto_blkcipher_type, |
| 494 | .cra_module = THIS_MODULE, |
| 495 | .cra_list = LIST_HEAD_INIT( |
| 496 | ecb_des3_192_alg.cra_list), |
| 497 | .cra_u = { |
| 498 | .blkcipher = { |
| 499 | .min_keysize = DES3_192_KEY_SIZE, |
| 500 | .max_keysize = DES3_192_KEY_SIZE, |
| 501 | .setkey = des3_192_setkey, |
| 502 | .encrypt = ecb_des3_192_encrypt, |
| 503 | .decrypt = ecb_des3_192_decrypt, |
| 504 | } |
| 505 | } |
| 506 | }; |
| 507 | |
| 508 | static int cbc_des3_192_encrypt(struct blkcipher_desc *desc, |
| 509 | struct scatterlist *dst, |
| 510 | struct scatterlist *src, unsigned int nbytes) |
| 511 | { |
| 512 | struct crypt_s390_des3_192_ctx *sctx = crypto_blkcipher_ctx(desc->tfm); |
| 513 | struct blkcipher_walk walk; |
| 514 | |
| 515 | blkcipher_walk_init(&walk, dst, src, nbytes); |
| 516 | return cbc_desall_crypt(desc, KMC_TDEA_192_ENCRYPT, sctx->iv, &walk); |
| 517 | } |
| 518 | |
| 519 | static int cbc_des3_192_decrypt(struct blkcipher_desc *desc, |
| 520 | struct scatterlist *dst, |
| 521 | struct scatterlist *src, unsigned int nbytes) |
| 522 | { |
| 523 | struct crypt_s390_des3_192_ctx *sctx = crypto_blkcipher_ctx(desc->tfm); |
| 524 | struct blkcipher_walk walk; |
| 525 | |
| 526 | blkcipher_walk_init(&walk, dst, src, nbytes); |
| 527 | return cbc_desall_crypt(desc, KMC_TDEA_192_DECRYPT, sctx->iv, &walk); |
| 528 | } |
| 529 | |
| 530 | static struct crypto_alg cbc_des3_192_alg = { |
| 531 | .cra_name = "cbc(des3_ede)", |
| 532 | .cra_driver_name = "cbc-des3_ede-s390", |
| 533 | .cra_priority = CRYPT_S390_COMPOSITE_PRIORITY, |
| 534 | .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, |
| 535 | .cra_blocksize = DES3_192_BLOCK_SIZE, |
| 536 | .cra_ctxsize = sizeof(struct crypt_s390_des3_192_ctx), |
| 537 | .cra_type = &crypto_blkcipher_type, |
| 538 | .cra_module = THIS_MODULE, |
| 539 | .cra_list = LIST_HEAD_INIT( |
| 540 | cbc_des3_192_alg.cra_list), |
| 541 | .cra_u = { |
| 542 | .blkcipher = { |
| 543 | .min_keysize = DES3_192_KEY_SIZE, |
| 544 | .max_keysize = DES3_192_KEY_SIZE, |
| 545 | .ivsize = DES3_192_BLOCK_SIZE, |
| 546 | .setkey = des3_192_setkey, |
| 547 | .encrypt = cbc_des3_192_encrypt, |
| 548 | .decrypt = cbc_des3_192_decrypt, |
| 549 | } |
| 550 | } |
| 551 | }; |
| 552 | |
Jan Glauber | c135783 | 2006-01-14 13:20:53 -0800 | [diff] [blame] | 553 | static int init(void) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 554 | { |
Jan Glauber | c135783 | 2006-01-14 13:20:53 -0800 | [diff] [blame] | 555 | int ret = 0; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 556 | |
Jan Glauber | c1e26e1 | 2006-01-06 00:19:17 -0800 | [diff] [blame] | 557 | if (!crypt_s390_func_available(KM_DEA_ENCRYPT) || |
| 558 | !crypt_s390_func_available(KM_TDEA_128_ENCRYPT) || |
Jan Glauber | c135783 | 2006-01-14 13:20:53 -0800 | [diff] [blame] | 559 | !crypt_s390_func_available(KM_TDEA_192_ENCRYPT)) |
Jan Glauber | 86aa9fc | 2007-02-05 21:18:14 +0100 | [diff] [blame^] | 560 | return -EOPNOTSUPP; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 561 | |
Herbert Xu | a9e62fa | 2006-08-21 21:39:24 +1000 | [diff] [blame] | 562 | ret = crypto_register_alg(&des_alg); |
| 563 | if (ret) |
| 564 | goto des_err; |
| 565 | ret = crypto_register_alg(&ecb_des_alg); |
| 566 | if (ret) |
| 567 | goto ecb_des_err; |
| 568 | ret = crypto_register_alg(&cbc_des_alg); |
| 569 | if (ret) |
| 570 | goto cbc_des_err; |
| 571 | |
| 572 | ret = crypto_register_alg(&des3_128_alg); |
| 573 | if (ret) |
| 574 | goto des3_128_err; |
| 575 | ret = crypto_register_alg(&ecb_des3_128_alg); |
| 576 | if (ret) |
| 577 | goto ecb_des3_128_err; |
| 578 | ret = crypto_register_alg(&cbc_des3_128_alg); |
| 579 | if (ret) |
| 580 | goto cbc_des3_128_err; |
| 581 | |
| 582 | ret = crypto_register_alg(&des3_192_alg); |
| 583 | if (ret) |
| 584 | goto des3_192_err; |
| 585 | ret = crypto_register_alg(&ecb_des3_192_alg); |
| 586 | if (ret) |
| 587 | goto ecb_des3_192_err; |
| 588 | ret = crypto_register_alg(&cbc_des3_192_alg); |
| 589 | if (ret) |
| 590 | goto cbc_des3_192_err; |
| 591 | |
| 592 | out: |
| 593 | return ret; |
| 594 | |
| 595 | cbc_des3_192_err: |
| 596 | crypto_unregister_alg(&ecb_des3_192_alg); |
| 597 | ecb_des3_192_err: |
| 598 | crypto_unregister_alg(&des3_192_alg); |
| 599 | des3_192_err: |
| 600 | crypto_unregister_alg(&cbc_des3_128_alg); |
| 601 | cbc_des3_128_err: |
| 602 | crypto_unregister_alg(&ecb_des3_128_alg); |
| 603 | ecb_des3_128_err: |
| 604 | crypto_unregister_alg(&des3_128_alg); |
| 605 | des3_128_err: |
| 606 | crypto_unregister_alg(&cbc_des_alg); |
| 607 | cbc_des_err: |
| 608 | crypto_unregister_alg(&ecb_des_alg); |
| 609 | ecb_des_err: |
| 610 | crypto_unregister_alg(&des_alg); |
| 611 | des_err: |
| 612 | goto out; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 613 | } |
| 614 | |
Jan Glauber | c135783 | 2006-01-14 13:20:53 -0800 | [diff] [blame] | 615 | static void __exit fini(void) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 616 | { |
Herbert Xu | a9e62fa | 2006-08-21 21:39:24 +1000 | [diff] [blame] | 617 | crypto_unregister_alg(&cbc_des3_192_alg); |
| 618 | crypto_unregister_alg(&ecb_des3_192_alg); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 619 | crypto_unregister_alg(&des3_192_alg); |
Herbert Xu | a9e62fa | 2006-08-21 21:39:24 +1000 | [diff] [blame] | 620 | crypto_unregister_alg(&cbc_des3_128_alg); |
| 621 | crypto_unregister_alg(&ecb_des3_128_alg); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 622 | crypto_unregister_alg(&des3_128_alg); |
Herbert Xu | a9e62fa | 2006-08-21 21:39:24 +1000 | [diff] [blame] | 623 | crypto_unregister_alg(&cbc_des_alg); |
| 624 | crypto_unregister_alg(&ecb_des_alg); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 625 | crypto_unregister_alg(&des_alg); |
| 626 | } |
| 627 | |
| 628 | module_init(init); |
| 629 | module_exit(fini); |
| 630 | |
| 631 | MODULE_ALIAS("des"); |
| 632 | MODULE_ALIAS("des3_ede"); |
| 633 | |
| 634 | MODULE_LICENSE("GPL"); |
| 635 | MODULE_DESCRIPTION("DES & Triple DES EDE Cipher Algorithms"); |