1/* 2 * Cryptographic API. 3 * 4 * s390 implementation of the AES Cipher Algorithm. 5 * 6 * s390 Version: 7 * Copyright IBM Corp. 2005,2007 8 * Author(s): Jan Glauber (jang@de.ibm.com) 9 * 10 * Derived from "crypto/aes.c" 11 * 12 * This program is free software; you can redistribute it and/or modify it 13 * under the terms of the GNU General Public License as published by the Free 14 * Software Foundation; either version 2 of the License, or (at your option) 15 * any later version. 16 * 17 */ 18 19#include <crypto/algapi.h> 20#include <linux/module.h> 21#include <linux/init.h> 22#include "crypt_s390.h" 23 24#define AES_MIN_KEY_SIZE 16 25#define AES_MAX_KEY_SIZE 32 26 27/* data block size for all key lengths */ 28#define AES_BLOCK_SIZE 16 29 30#define AES_KEYLEN_128 1 31#define AES_KEYLEN_192 2 32#define AES_KEYLEN_256 4 33 34static char keylen_flag = 0; 35 36struct s390_aes_ctx { 37 u8 iv[AES_BLOCK_SIZE]; 38 u8 key[AES_MAX_KEY_SIZE]; 39 long enc; 40 long dec; 41 int key_len; 42}; 43 44static int aes_set_key(struct crypto_tfm *tfm, const u8 *in_key, 45 unsigned int key_len) 46{ 47 struct s390_aes_ctx *sctx = crypto_tfm_ctx(tfm); 48 u32 *flags = &tfm->crt_flags; 49 50 switch (key_len) { 51 case 16: 52 if (!(keylen_flag & AES_KEYLEN_128)) 53 goto fail; 54 break; 55 case 24: 56 if (!(keylen_flag & AES_KEYLEN_192)) 57 goto fail; 58 59 break; 60 case 32: 61 if (!(keylen_flag & AES_KEYLEN_256)) 62 goto fail; 63 break; 64 default: 65 goto fail; 66 break; 67 } 68 69 sctx->key_len = key_len; 70 memcpy(sctx->key, in_key, key_len); 71 return 0; 72fail: 73 *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN; 74 return -EINVAL; 75} 76 77static void aes_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) 78{ 79 const struct s390_aes_ctx *sctx = crypto_tfm_ctx(tfm); 80 81 switch (sctx->key_len) { 82 case 16: 83 crypt_s390_km(KM_AES_128_ENCRYPT, &sctx->key, out, in, 84 AES_BLOCK_SIZE); 85 break; 86 case 24: 87 crypt_s390_km(KM_AES_192_ENCRYPT, &sctx->key, out, in, 88 AES_BLOCK_SIZE); 89 break; 90 case 32: 91 crypt_s390_km(KM_AES_256_ENCRYPT, &sctx->key, out, in, 92 AES_BLOCK_SIZE); 93 break; 94 } 95} 96 97static void aes_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) 98{ 99 const struct s390_aes_ctx *sctx = crypto_tfm_ctx(tfm); 100 101 switch (sctx->key_len) { 102 case 16: 103 crypt_s390_km(KM_AES_128_DECRYPT, &sctx->key, out, in, 104 AES_BLOCK_SIZE); 105 break; 106 case 24: 107 crypt_s390_km(KM_AES_192_DECRYPT, &sctx->key, out, in, 108 AES_BLOCK_SIZE); 109 break; 110 case 32: 111 crypt_s390_km(KM_AES_256_DECRYPT, &sctx->key, out, in, 112 AES_BLOCK_SIZE); 113 break; 114 } 115} 116 117 118static struct crypto_alg aes_alg = { 119 .cra_name = "aes", 120 .cra_driver_name = "aes-s390", 121 .cra_priority = CRYPT_S390_PRIORITY, 122 .cra_flags = CRYPTO_ALG_TYPE_CIPHER | 123 CRYPTO_ALG_NEED_FALLBACK, 124 .cra_blocksize = AES_BLOCK_SIZE, 125 .cra_ctxsize = sizeof(struct s390_aes_ctx), 126 .cra_module = THIS_MODULE, 127 .cra_list = LIST_HEAD_INIT(aes_alg.cra_list), 128 .cra_u = { 129 .cipher = { 130 .cia_min_keysize = AES_MIN_KEY_SIZE, 131 .cia_max_keysize = AES_MAX_KEY_SIZE, 132 .cia_setkey = aes_set_key, 133 .cia_encrypt = aes_encrypt, 134 .cia_decrypt = aes_decrypt, 135 } 136 } 137}; 138 139static int ecb_aes_set_key(struct crypto_tfm *tfm, const u8 *in_key, 140 unsigned int key_len) 141{ 142 struct s390_aes_ctx *sctx = crypto_tfm_ctx(tfm); 143 144 switch (key_len) { 145 case 16: 146 sctx->enc = KM_AES_128_ENCRYPT; 147 sctx->dec = KM_AES_128_DECRYPT; 148 break; 149 case 24: 150 sctx->enc = KM_AES_192_ENCRYPT; 151 sctx->dec = KM_AES_192_DECRYPT; 152 break; 153 case 32: 154 sctx->enc = KM_AES_256_ENCRYPT; 155 sctx->dec = KM_AES_256_DECRYPT; 156 break; 157 } 158 159 return aes_set_key(tfm, in_key, key_len); 160} 161 162static int ecb_aes_crypt(struct blkcipher_desc *desc, long func, void *param, 163 struct blkcipher_walk *walk) 164{ 165 int ret = blkcipher_walk_virt(desc, walk); 166 unsigned int nbytes; 167 168 while ((nbytes = walk->nbytes)) { 169 /* only use complete blocks */ 170 unsigned int n = nbytes & ~(AES_BLOCK_SIZE - 1); 171 u8 *out = walk->dst.virt.addr; 172 u8 *in = walk->src.virt.addr; 173 174 ret = crypt_s390_km(func, param, out, in, n); 175 BUG_ON((ret < 0) || (ret != n)); 176 177 nbytes &= AES_BLOCK_SIZE - 1; 178 ret = blkcipher_walk_done(desc, walk, nbytes); 179 } 180 181 return ret; 182} 183 184static int ecb_aes_encrypt(struct blkcipher_desc *desc, 185 struct scatterlist *dst, struct scatterlist *src, 186 unsigned int nbytes) 187{ 188 struct s390_aes_ctx *sctx = crypto_blkcipher_ctx(desc->tfm); 189 struct blkcipher_walk walk; 190 191 blkcipher_walk_init(&walk, dst, src, nbytes); 192 return ecb_aes_crypt(desc, sctx->enc, sctx->key, &walk); 193} 194 195static int ecb_aes_decrypt(struct blkcipher_desc *desc, 196 struct scatterlist *dst, struct scatterlist *src, 197 unsigned int nbytes) 198{ 199 struct s390_aes_ctx *sctx = crypto_blkcipher_ctx(desc->tfm); 200 struct blkcipher_walk walk; 201 202 blkcipher_walk_init(&walk, dst, src, nbytes); 203 return ecb_aes_crypt(desc, sctx->dec, sctx->key, &walk); 204} 205 206static struct crypto_alg ecb_aes_alg = { 207 .cra_name = "ecb(aes)", 208 .cra_driver_name = "ecb-aes-s390", 209 .cra_priority = CRYPT_S390_COMPOSITE_PRIORITY, 210 .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER | 211 CRYPTO_ALG_NEED_FALLBACK, 212 .cra_blocksize = AES_BLOCK_SIZE, 213 .cra_ctxsize = sizeof(struct s390_aes_ctx), 214 .cra_type = &crypto_blkcipher_type, 215 .cra_module = THIS_MODULE, 216 .cra_list = LIST_HEAD_INIT(ecb_aes_alg.cra_list), 217 .cra_u = { 218 .blkcipher = { 219 .min_keysize = AES_MIN_KEY_SIZE, 220 .max_keysize = AES_MAX_KEY_SIZE, 221 .setkey = ecb_aes_set_key, 222 .encrypt = ecb_aes_encrypt, 223 .decrypt = ecb_aes_decrypt, 224 } 225 } 226}; 227 228static int cbc_aes_set_key(struct crypto_tfm *tfm, const u8 *in_key, 229 unsigned int key_len) 230{ 231 struct s390_aes_ctx *sctx = crypto_tfm_ctx(tfm); 232 233 switch (key_len) { 234 case 16: 235 sctx->enc = KMC_AES_128_ENCRYPT; 236 sctx->dec = KMC_AES_128_DECRYPT; 237 break; 238 case 24: 239 sctx->enc = KMC_AES_192_ENCRYPT; 240 sctx->dec = KMC_AES_192_DECRYPT; 241 break; 242 case 32: 243 sctx->enc = KMC_AES_256_ENCRYPT; 244 sctx->dec = KMC_AES_256_DECRYPT; 245 break; 246 } 247 248 return aes_set_key(tfm, in_key, key_len); 249} 250 251static int cbc_aes_crypt(struct blkcipher_desc *desc, long func, void *param, 252 struct blkcipher_walk *walk) 253{ 254 int ret = blkcipher_walk_virt(desc, walk); 255 unsigned int nbytes = walk->nbytes; 256 257 if (!nbytes) 258 goto out; 259 260 memcpy(param, walk->iv, AES_BLOCK_SIZE); 261 do { 262 /* only use complete blocks */ 263 unsigned int n = nbytes & ~(AES_BLOCK_SIZE - 1); 264 u8 *out = walk->dst.virt.addr; 265 u8 *in = walk->src.virt.addr; 266 267 ret = crypt_s390_kmc(func, param, out, in, n); 268 BUG_ON((ret < 0) || (ret != n)); 269 270 nbytes &= AES_BLOCK_SIZE - 1; 271 ret = blkcipher_walk_done(desc, walk, nbytes); 272 } while ((nbytes = walk->nbytes)); 273 memcpy(walk->iv, param, AES_BLOCK_SIZE); 274 275out: 276 return ret; 277} 278 279static int cbc_aes_encrypt(struct blkcipher_desc *desc, 280 struct scatterlist *dst, struct scatterlist *src, 281 unsigned int nbytes) 282{ 283 struct s390_aes_ctx *sctx = crypto_blkcipher_ctx(desc->tfm); 284 struct blkcipher_walk walk; 285 286 blkcipher_walk_init(&walk, dst, src, nbytes); 287 return cbc_aes_crypt(desc, sctx->enc, sctx->iv, &walk); 288} 289 290static int cbc_aes_decrypt(struct blkcipher_desc *desc, 291 struct scatterlist *dst, struct scatterlist *src, 292 unsigned int nbytes) 293{ 294 struct s390_aes_ctx *sctx = crypto_blkcipher_ctx(desc->tfm); 295 struct blkcipher_walk walk; 296 297 blkcipher_walk_init(&walk, dst, src, nbytes); 298 return cbc_aes_crypt(desc, sctx->dec, sctx->iv, &walk); 299} 300 301static struct crypto_alg cbc_aes_alg = { 302 .cra_name = "cbc(aes)", 303 .cra_driver_name = "cbc-aes-s390", 304 .cra_priority = CRYPT_S390_COMPOSITE_PRIORITY, 305 .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER | 306 CRYPTO_ALG_NEED_FALLBACK, 307 .cra_blocksize = AES_BLOCK_SIZE, 308 .cra_ctxsize = sizeof(struct s390_aes_ctx), 309 .cra_type = &crypto_blkcipher_type, 310 .cra_module = THIS_MODULE, 311 .cra_list = LIST_HEAD_INIT(cbc_aes_alg.cra_list), 312 .cra_u = { 313 .blkcipher = { 314 .min_keysize = AES_MIN_KEY_SIZE, 315 .max_keysize = AES_MAX_KEY_SIZE, 316 .ivsize = AES_BLOCK_SIZE, 317 .setkey = cbc_aes_set_key, 318 .encrypt = cbc_aes_encrypt, 319 .decrypt = cbc_aes_decrypt, 320 } 321 } 322}; 323 324static int __init aes_init(void) 325{ 326 int ret; 327 328 if (crypt_s390_func_available(KM_AES_128_ENCRYPT)) 329 keylen_flag |= AES_KEYLEN_128; 330 if (crypt_s390_func_available(KM_AES_192_ENCRYPT)) 331 keylen_flag |= AES_KEYLEN_192; 332 if (crypt_s390_func_available(KM_AES_256_ENCRYPT)) 333 keylen_flag |= AES_KEYLEN_256; 334 335 if (!keylen_flag) 336 return -EOPNOTSUPP; 337 338 /* z9 109 and z9 BC/EC only support 128 bit key length */ 339 if (keylen_flag == AES_KEYLEN_128) { 340 aes_alg.cra_u.cipher.cia_max_keysize = AES_MIN_KEY_SIZE; 341 ecb_aes_alg.cra_u.blkcipher.max_keysize = AES_MIN_KEY_SIZE; 342 cbc_aes_alg.cra_u.blkcipher.max_keysize = AES_MIN_KEY_SIZE; 343 printk(KERN_INFO 344 "aes_s390: hardware acceleration only available for" 345 "128 bit keys\n"); 346 } 347 348 ret = crypto_register_alg(&aes_alg); 349 if (ret) 350 goto aes_err; 351 352 ret = crypto_register_alg(&ecb_aes_alg); 353 if (ret) 354 goto ecb_aes_err; 355 356 ret = crypto_register_alg(&cbc_aes_alg); 357 if (ret) 358 goto cbc_aes_err; 359 360out: 361 return ret; 362 363cbc_aes_err: 364 crypto_unregister_alg(&ecb_aes_alg); 365ecb_aes_err: 366 crypto_unregister_alg(&aes_alg); 367aes_err: 368 goto out; 369} 370 371static void __exit aes_fini(void) 372{ 373 crypto_unregister_alg(&cbc_aes_alg); 374 crypto_unregister_alg(&ecb_aes_alg); 375 crypto_unregister_alg(&aes_alg); 376} 377 378module_init(aes_init); 379module_exit(aes_fini); 380 381MODULE_ALIAS("aes"); 382 383MODULE_DESCRIPTION("Rijndael (AES) Cipher Algorithm"); 384MODULE_LICENSE("GPL"); 385