1/*
2 * Cryptographic API.
3 *
4 * s390 implementation of the AES Cipher Algorithm.
5 *
6 * s390 Version:
7 *   Copyright IBM Corp. 2005,2007
8 *   Author(s): Jan Glauber (jang@de.ibm.com)
9 *
10 * Derived from "crypto/aes.c"
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the Free
14 * Software Foundation; either version 2 of the License, or (at your option)
15 * any later version.
16 *
17 */
18
19#include <crypto/algapi.h>
20#include <linux/module.h>
21#include <linux/init.h>
22#include "crypt_s390.h"
23
24#define AES_MIN_KEY_SIZE	16
25#define AES_MAX_KEY_SIZE	32
26
27/* data block size for all key lengths */
28#define AES_BLOCK_SIZE		16
29
30#define AES_KEYLEN_128		1
31#define AES_KEYLEN_192		2
32#define AES_KEYLEN_256		4
33
34static char keylen_flag = 0;
35
36struct s390_aes_ctx {
37	u8 iv[AES_BLOCK_SIZE];
38	u8 key[AES_MAX_KEY_SIZE];
39	long enc;
40	long dec;
41	int key_len;
42};
43
44static int aes_set_key(struct crypto_tfm *tfm, const u8 *in_key,
45		       unsigned int key_len)
46{
47	struct s390_aes_ctx *sctx = crypto_tfm_ctx(tfm);
48	u32 *flags = &tfm->crt_flags;
49
50	switch (key_len) {
51	case 16:
52		if (!(keylen_flag & AES_KEYLEN_128))
53			goto fail;
54		break;
55	case 24:
56		if (!(keylen_flag & AES_KEYLEN_192))
57			goto fail;
58
59		break;
60	case 32:
61		if (!(keylen_flag & AES_KEYLEN_256))
62			goto fail;
63		break;
64	default:
65		goto fail;
66		break;
67	}
68
69	sctx->key_len = key_len;
70	memcpy(sctx->key, in_key, key_len);
71	return 0;
72fail:
73	*flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
74	return -EINVAL;
75}
76
77static void aes_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
78{
79	const struct s390_aes_ctx *sctx = crypto_tfm_ctx(tfm);
80
81	switch (sctx->key_len) {
82	case 16:
83		crypt_s390_km(KM_AES_128_ENCRYPT, &sctx->key, out, in,
84			      AES_BLOCK_SIZE);
85		break;
86	case 24:
87		crypt_s390_km(KM_AES_192_ENCRYPT, &sctx->key, out, in,
88			      AES_BLOCK_SIZE);
89		break;
90	case 32:
91		crypt_s390_km(KM_AES_256_ENCRYPT, &sctx->key, out, in,
92			      AES_BLOCK_SIZE);
93		break;
94	}
95}
96
97static void aes_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
98{
99	const struct s390_aes_ctx *sctx = crypto_tfm_ctx(tfm);
100
101	switch (sctx->key_len) {
102	case 16:
103		crypt_s390_km(KM_AES_128_DECRYPT, &sctx->key, out, in,
104			      AES_BLOCK_SIZE);
105		break;
106	case 24:
107		crypt_s390_km(KM_AES_192_DECRYPT, &sctx->key, out, in,
108			      AES_BLOCK_SIZE);
109		break;
110	case 32:
111		crypt_s390_km(KM_AES_256_DECRYPT, &sctx->key, out, in,
112			      AES_BLOCK_SIZE);
113		break;
114	}
115}
116
117
118static struct crypto_alg aes_alg = {
119	.cra_name		=	"aes",
120	.cra_driver_name	=	"aes-s390",
121	.cra_priority		=	CRYPT_S390_PRIORITY,
122	.cra_flags		=	CRYPTO_ALG_TYPE_CIPHER |
123					CRYPTO_ALG_NEED_FALLBACK,
124	.cra_blocksize		=	AES_BLOCK_SIZE,
125	.cra_ctxsize		=	sizeof(struct s390_aes_ctx),
126	.cra_module		=	THIS_MODULE,
127	.cra_list		=	LIST_HEAD_INIT(aes_alg.cra_list),
128	.cra_u			=	{
129		.cipher = {
130			.cia_min_keysize	=	AES_MIN_KEY_SIZE,
131			.cia_max_keysize	=	AES_MAX_KEY_SIZE,
132			.cia_setkey		=	aes_set_key,
133			.cia_encrypt		=	aes_encrypt,
134			.cia_decrypt		=	aes_decrypt,
135		}
136	}
137};
138
139static int ecb_aes_set_key(struct crypto_tfm *tfm, const u8 *in_key,
140			   unsigned int key_len)
141{
142	struct s390_aes_ctx *sctx = crypto_tfm_ctx(tfm);
143
144	switch (key_len) {
145	case 16:
146		sctx->enc = KM_AES_128_ENCRYPT;
147		sctx->dec = KM_AES_128_DECRYPT;
148		break;
149	case 24:
150		sctx->enc = KM_AES_192_ENCRYPT;
151		sctx->dec = KM_AES_192_DECRYPT;
152		break;
153	case 32:
154		sctx->enc = KM_AES_256_ENCRYPT;
155		sctx->dec = KM_AES_256_DECRYPT;
156		break;
157	}
158
159	return aes_set_key(tfm, in_key, key_len);
160}
161
162static int ecb_aes_crypt(struct blkcipher_desc *desc, long func, void *param,
163			 struct blkcipher_walk *walk)
164{
165	int ret = blkcipher_walk_virt(desc, walk);
166	unsigned int nbytes;
167
168	while ((nbytes = walk->nbytes)) {
169		/* only use complete blocks */
170		unsigned int n = nbytes & ~(AES_BLOCK_SIZE - 1);
171		u8 *out = walk->dst.virt.addr;
172		u8 *in = walk->src.virt.addr;
173
174		ret = crypt_s390_km(func, param, out, in, n);
175		BUG_ON((ret < 0) || (ret != n));
176
177		nbytes &= AES_BLOCK_SIZE - 1;
178		ret = blkcipher_walk_done(desc, walk, nbytes);
179	}
180
181	return ret;
182}
183
184static int ecb_aes_encrypt(struct blkcipher_desc *desc,
185			   struct scatterlist *dst, struct scatterlist *src,
186			   unsigned int nbytes)
187{
188	struct s390_aes_ctx *sctx = crypto_blkcipher_ctx(desc->tfm);
189	struct blkcipher_walk walk;
190
191	blkcipher_walk_init(&walk, dst, src, nbytes);
192	return ecb_aes_crypt(desc, sctx->enc, sctx->key, &walk);
193}
194
195static int ecb_aes_decrypt(struct blkcipher_desc *desc,
196			   struct scatterlist *dst, struct scatterlist *src,
197			   unsigned int nbytes)
198{
199	struct s390_aes_ctx *sctx = crypto_blkcipher_ctx(desc->tfm);
200	struct blkcipher_walk walk;
201
202	blkcipher_walk_init(&walk, dst, src, nbytes);
203	return ecb_aes_crypt(desc, sctx->dec, sctx->key, &walk);
204}
205
206static struct crypto_alg ecb_aes_alg = {
207	.cra_name		=	"ecb(aes)",
208	.cra_driver_name	=	"ecb-aes-s390",
209	.cra_priority		=	CRYPT_S390_COMPOSITE_PRIORITY,
210	.cra_flags		=	CRYPTO_ALG_TYPE_BLKCIPHER |
211					CRYPTO_ALG_NEED_FALLBACK,
212	.cra_blocksize		=	AES_BLOCK_SIZE,
213	.cra_ctxsize		=	sizeof(struct s390_aes_ctx),
214	.cra_type		=	&crypto_blkcipher_type,
215	.cra_module		=	THIS_MODULE,
216	.cra_list		=	LIST_HEAD_INIT(ecb_aes_alg.cra_list),
217	.cra_u			=	{
218		.blkcipher = {
219			.min_keysize		=	AES_MIN_KEY_SIZE,
220			.max_keysize		=	AES_MAX_KEY_SIZE,
221			.setkey			=	ecb_aes_set_key,
222			.encrypt		=	ecb_aes_encrypt,
223			.decrypt		=	ecb_aes_decrypt,
224		}
225	}
226};
227
228static int cbc_aes_set_key(struct crypto_tfm *tfm, const u8 *in_key,
229			   unsigned int key_len)
230{
231	struct s390_aes_ctx *sctx = crypto_tfm_ctx(tfm);
232
233	switch (key_len) {
234	case 16:
235		sctx->enc = KMC_AES_128_ENCRYPT;
236		sctx->dec = KMC_AES_128_DECRYPT;
237		break;
238	case 24:
239		sctx->enc = KMC_AES_192_ENCRYPT;
240		sctx->dec = KMC_AES_192_DECRYPT;
241		break;
242	case 32:
243		sctx->enc = KMC_AES_256_ENCRYPT;
244		sctx->dec = KMC_AES_256_DECRYPT;
245		break;
246	}
247
248	return aes_set_key(tfm, in_key, key_len);
249}
250
251static int cbc_aes_crypt(struct blkcipher_desc *desc, long func, void *param,
252			 struct blkcipher_walk *walk)
253{
254	int ret = blkcipher_walk_virt(desc, walk);
255	unsigned int nbytes = walk->nbytes;
256
257	if (!nbytes)
258		goto out;
259
260	memcpy(param, walk->iv, AES_BLOCK_SIZE);
261	do {
262		/* only use complete blocks */
263		unsigned int n = nbytes & ~(AES_BLOCK_SIZE - 1);
264		u8 *out = walk->dst.virt.addr;
265		u8 *in = walk->src.virt.addr;
266
267		ret = crypt_s390_kmc(func, param, out, in, n);
268		BUG_ON((ret < 0) || (ret != n));
269
270		nbytes &= AES_BLOCK_SIZE - 1;
271		ret = blkcipher_walk_done(desc, walk, nbytes);
272	} while ((nbytes = walk->nbytes));
273	memcpy(walk->iv, param, AES_BLOCK_SIZE);
274
275out:
276	return ret;
277}
278
279static int cbc_aes_encrypt(struct blkcipher_desc *desc,
280			   struct scatterlist *dst, struct scatterlist *src,
281			   unsigned int nbytes)
282{
283	struct s390_aes_ctx *sctx = crypto_blkcipher_ctx(desc->tfm);
284	struct blkcipher_walk walk;
285
286	blkcipher_walk_init(&walk, dst, src, nbytes);
287	return cbc_aes_crypt(desc, sctx->enc, sctx->iv, &walk);
288}
289
290static int cbc_aes_decrypt(struct blkcipher_desc *desc,
291			   struct scatterlist *dst, struct scatterlist *src,
292			   unsigned int nbytes)
293{
294	struct s390_aes_ctx *sctx = crypto_blkcipher_ctx(desc->tfm);
295	struct blkcipher_walk walk;
296
297	blkcipher_walk_init(&walk, dst, src, nbytes);
298	return cbc_aes_crypt(desc, sctx->dec, sctx->iv, &walk);
299}
300
301static struct crypto_alg cbc_aes_alg = {
302	.cra_name		=	"cbc(aes)",
303	.cra_driver_name	=	"cbc-aes-s390",
304	.cra_priority		=	CRYPT_S390_COMPOSITE_PRIORITY,
305	.cra_flags		=	CRYPTO_ALG_TYPE_BLKCIPHER |
306					CRYPTO_ALG_NEED_FALLBACK,
307	.cra_blocksize		=	AES_BLOCK_SIZE,
308	.cra_ctxsize		=	sizeof(struct s390_aes_ctx),
309	.cra_type		=	&crypto_blkcipher_type,
310	.cra_module		=	THIS_MODULE,
311	.cra_list		=	LIST_HEAD_INIT(cbc_aes_alg.cra_list),
312	.cra_u			=	{
313		.blkcipher = {
314			.min_keysize		=	AES_MIN_KEY_SIZE,
315			.max_keysize		=	AES_MAX_KEY_SIZE,
316			.ivsize			=	AES_BLOCK_SIZE,
317			.setkey			=	cbc_aes_set_key,
318			.encrypt		=	cbc_aes_encrypt,
319			.decrypt		=	cbc_aes_decrypt,
320		}
321	}
322};
323
324static int __init aes_init(void)
325{
326	int ret;
327
328	if (crypt_s390_func_available(KM_AES_128_ENCRYPT))
329		keylen_flag |= AES_KEYLEN_128;
330	if (crypt_s390_func_available(KM_AES_192_ENCRYPT))
331		keylen_flag |= AES_KEYLEN_192;
332	if (crypt_s390_func_available(KM_AES_256_ENCRYPT))
333		keylen_flag |= AES_KEYLEN_256;
334
335	if (!keylen_flag)
336		return -EOPNOTSUPP;
337
338	/* z9 109 and z9 BC/EC only support 128 bit key length */
339	if (keylen_flag == AES_KEYLEN_128) {
340		aes_alg.cra_u.cipher.cia_max_keysize = AES_MIN_KEY_SIZE;
341		ecb_aes_alg.cra_u.blkcipher.max_keysize = AES_MIN_KEY_SIZE;
342		cbc_aes_alg.cra_u.blkcipher.max_keysize = AES_MIN_KEY_SIZE;
343		printk(KERN_INFO
344		       "aes_s390: hardware acceleration only available for"
345		       "128 bit keys\n");
346	}
347
348	ret = crypto_register_alg(&aes_alg);
349	if (ret)
350		goto aes_err;
351
352	ret = crypto_register_alg(&ecb_aes_alg);
353	if (ret)
354		goto ecb_aes_err;
355
356	ret = crypto_register_alg(&cbc_aes_alg);
357	if (ret)
358		goto cbc_aes_err;
359
360out:
361	return ret;
362
363cbc_aes_err:
364	crypto_unregister_alg(&ecb_aes_alg);
365ecb_aes_err:
366	crypto_unregister_alg(&aes_alg);
367aes_err:
368	goto out;
369}
370
371static void __exit aes_fini(void)
372{
373	crypto_unregister_alg(&cbc_aes_alg);
374	crypto_unregister_alg(&ecb_aes_alg);
375	crypto_unregister_alg(&aes_alg);
376}
377
378module_init(aes_init);
379module_exit(aes_fini);
380
381MODULE_ALIAS("aes");
382
383MODULE_DESCRIPTION("Rijndael (AES) Cipher Algorithm");
384MODULE_LICENSE("GPL");
385