aboutsummaryrefslogtreecommitdiffstats
path: root/arch/s390/crypto
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@ppc970.osdl.org>2005-04-16 18:20:36 -0400
committerLinus Torvalds <torvalds@ppc970.osdl.org>2005-04-16 18:20:36 -0400
commit1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (patch)
tree0bba044c4ce775e45a88a51686b5d9f90697ea9d /arch/s390/crypto
Linux-2.6.12-rc2v2.6.12-rc2
Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip!
Diffstat (limited to 'arch/s390/crypto')
-rw-r--r--arch/s390/crypto/Makefile8
-rw-r--r--arch/s390/crypto/crypt_z990.h374
-rw-r--r--arch/s390/crypto/crypt_z990_query.c111
-rw-r--r--arch/s390/crypto/crypto_des.h18
-rw-r--r--arch/s390/crypto/des_check_key.c130
-rw-r--r--arch/s390/crypto/des_z990.c284
-rw-r--r--arch/s390/crypto/sha1_z990.c167
7 files changed, 1092 insertions, 0 deletions
diff --git a/arch/s390/crypto/Makefile b/arch/s390/crypto/Makefile
new file mode 100644
index 000000000000..96a05e6b51e0
--- /dev/null
+++ b/arch/s390/crypto/Makefile
@@ -0,0 +1,8 @@
1#
2# Cryptographic API
3#
4
5obj-$(CONFIG_CRYPTO_SHA1_Z990) += sha1_z990.o
6obj-$(CONFIG_CRYPTO_DES_Z990) += des_z990.o des_check_key.o
7
8obj-$(CONFIG_CRYPTO_TEST) += crypt_z990_query.o
diff --git a/arch/s390/crypto/crypt_z990.h b/arch/s390/crypto/crypt_z990.h
new file mode 100644
index 000000000000..4df660b99e5a
--- /dev/null
+++ b/arch/s390/crypto/crypt_z990.h
@@ -0,0 +1,374 @@
1/*
2 * Cryptographic API.
3 *
4 * Support for z990 cryptographic instructions.
5 *
6 * Copyright (C) 2003 IBM Deutschland GmbH, IBM Corporation
7 * Author(s): Thomas Spatzier (tspat@de.ibm.com)
8 *
9 * This program is free software; you can redistribute it and/or modify it
10 * under the terms of the GNU General Public License as published by the Free
11 * Software Foundation; either version 2 of the License, or (at your option)
12 * any later version.
13 *
14 */
15#ifndef _CRYPTO_ARCH_S390_CRYPT_Z990_H
16#define _CRYPTO_ARCH_S390_CRYPT_Z990_H
17
18#include <asm/errno.h>
19
20#define CRYPT_Z990_OP_MASK 0xFF00
21#define CRYPT_Z990_FUNC_MASK 0x00FF
22
23
24/*z990 cryptographic operations*/
25enum crypt_z990_operations {
26 CRYPT_Z990_KM = 0x0100,
27 CRYPT_Z990_KMC = 0x0200,
28 CRYPT_Z990_KIMD = 0x0300,
29 CRYPT_Z990_KLMD = 0x0400,
30 CRYPT_Z990_KMAC = 0x0500
31};
32
33/*function codes for KM (CIPHER MESSAGE) instruction*/
34enum crypt_z990_km_func {
35 KM_QUERY = CRYPT_Z990_KM | 0,
36 KM_DEA_ENCRYPT = CRYPT_Z990_KM | 1,
37 KM_DEA_DECRYPT = CRYPT_Z990_KM | 1 | 0x80, //modifier bit->decipher
38 KM_TDEA_128_ENCRYPT = CRYPT_Z990_KM | 2,
39 KM_TDEA_128_DECRYPT = CRYPT_Z990_KM | 2 | 0x80,
40 KM_TDEA_192_ENCRYPT = CRYPT_Z990_KM | 3,
41 KM_TDEA_192_DECRYPT = CRYPT_Z990_KM | 3 | 0x80,
42};
43
44/*function codes for KMC (CIPHER MESSAGE WITH CHAINING) instruction*/
45enum crypt_z990_kmc_func {
46 KMC_QUERY = CRYPT_Z990_KMC | 0,
47 KMC_DEA_ENCRYPT = CRYPT_Z990_KMC | 1,
48 KMC_DEA_DECRYPT = CRYPT_Z990_KMC | 1 | 0x80, //modifier bit->decipher
49 KMC_TDEA_128_ENCRYPT = CRYPT_Z990_KMC | 2,
50 KMC_TDEA_128_DECRYPT = CRYPT_Z990_KMC | 2 | 0x80,
51 KMC_TDEA_192_ENCRYPT = CRYPT_Z990_KMC | 3,
52 KMC_TDEA_192_DECRYPT = CRYPT_Z990_KMC | 3 | 0x80,
53};
54
55/*function codes for KIMD (COMPUTE INTERMEDIATE MESSAGE DIGEST) instruction*/
56enum crypt_z990_kimd_func {
57 KIMD_QUERY = CRYPT_Z990_KIMD | 0,
58 KIMD_SHA_1 = CRYPT_Z990_KIMD | 1,
59};
60
61/*function codes for KLMD (COMPUTE LAST MESSAGE DIGEST) instruction*/
62enum crypt_z990_klmd_func {
63 KLMD_QUERY = CRYPT_Z990_KLMD | 0,
64 KLMD_SHA_1 = CRYPT_Z990_KLMD | 1,
65};
66
67/*function codes for KMAC (COMPUTE MESSAGE AUTHENTICATION CODE) instruction*/
68enum crypt_z990_kmac_func {
69 KMAC_QUERY = CRYPT_Z990_KMAC | 0,
70 KMAC_DEA = CRYPT_Z990_KMAC | 1,
71 KMAC_TDEA_128 = CRYPT_Z990_KMAC | 2,
72 KMAC_TDEA_192 = CRYPT_Z990_KMAC | 3
73};
74
75/*status word for z990 crypto instructions' QUERY functions*/
76struct crypt_z990_query_status {
77 u64 high;
78 u64 low;
79};
80
81/*
82 * Standard fixup and ex_table sections for crypt_z990 inline functions.
83 * label 0: the z990 crypto operation
84 * label 1: just after 1 to catch illegal operation exception on non-z990
85 * label 6: the return point after fixup
86 * label 7: set error value if exception _in_ crypto operation
87 * label 8: set error value if illegal operation exception
88 * [ret] is the variable to receive the error code
89 * [ERR] is the error code value
90 */
91#ifndef __s390x__
92#define __crypt_z990_fixup \
93 ".section .fixup,\"ax\" \n" \
94 "7: lhi %0,%h[e1] \n" \
95 " bras 1,9f \n" \
96 " .long 6b \n" \
97 "8: lhi %0,%h[e2] \n" \
98 " bras 1,9f \n" \
99 " .long 6b \n" \
100 "9: l 1,0(1) \n" \
101 " br 1 \n" \
102 ".previous \n" \
103 ".section __ex_table,\"a\" \n" \
104 " .align 4 \n" \
105 " .long 0b,7b \n" \
106 " .long 1b,8b \n" \
107 ".previous"
108#else /* __s390x__ */
109#define __crypt_z990_fixup \
110 ".section .fixup,\"ax\" \n" \
111 "7: lhi %0,%h[e1] \n" \
112 " jg 6b \n" \
113 "8: lhi %0,%h[e2] \n" \
114 " jg 6b \n" \
115 ".previous\n" \
116 ".section __ex_table,\"a\" \n" \
117 " .align 8 \n" \
118 " .quad 0b,7b \n" \
119 " .quad 1b,8b \n" \
120 ".previous"
121#endif /* __s390x__ */
122
123/*
124 * Standard code for setting the result of z990 crypto instructions.
125 * %0: the register which will receive the result
126 * [result]: the register containing the result (e.g. second operand length
127 * to compute number of processed bytes].
128 */
129#ifndef __s390x__
130#define __crypt_z990_set_result \
131 " lr %0,%[result] \n"
132#else /* __s390x__ */
133#define __crypt_z990_set_result \
134 " lgr %0,%[result] \n"
135#endif
136
137/*
138 * Executes the KM (CIPHER MESSAGE) operation of the z990 CPU.
139 * @param func: the function code passed to KM; see crypt_z990_km_func
140 * @param param: address of parameter block; see POP for details on each func
141 * @param dest: address of destination memory area
142 * @param src: address of source memory area
143 * @param src_len: length of src operand in bytes
144 * @returns < zero for failure, 0 for the query func, number of processed bytes
145 * for encryption/decryption funcs
146 */
147static inline int
148crypt_z990_km(long func, void* param, u8* dest, const u8* src, long src_len)
149{
150 register long __func asm("0") = func & CRYPT_Z990_FUNC_MASK;
151 register void* __param asm("1") = param;
152 register u8* __dest asm("4") = dest;
153 register const u8* __src asm("2") = src;
154 register long __src_len asm("3") = src_len;
155 int ret;
156
157 ret = 0;
158 __asm__ __volatile__ (
159 "0: .insn rre,0xB92E0000,%1,%2 \n" //KM opcode
160 "1: brc 1,0b \n" //handle partial completion
161 __crypt_z990_set_result
162 "6: \n"
163 __crypt_z990_fixup
164 : "+d" (ret), "+a" (__dest), "+a" (__src),
165 [result] "+d" (__src_len)
166 : [e1] "K" (-EFAULT), [e2] "K" (-ENOSYS), "d" (__func),
167 "a" (__param)
168 : "cc", "memory"
169 );
170 if (ret >= 0 && func & CRYPT_Z990_FUNC_MASK){
171 ret = src_len - ret;
172 }
173 return ret;
174}
175
176/*
177 * Executes the KMC (CIPHER MESSAGE WITH CHAINING) operation of the z990 CPU.
178 * @param func: the function code passed to KM; see crypt_z990_kmc_func
179 * @param param: address of parameter block; see POP for details on each func
180 * @param dest: address of destination memory area
181 * @param src: address of source memory area
182 * @param src_len: length of src operand in bytes
183 * @returns < zero for failure, 0 for the query func, number of processed bytes
184 * for encryption/decryption funcs
185 */
186static inline int
187crypt_z990_kmc(long func, void* param, u8* dest, const u8* src, long src_len)
188{
189 register long __func asm("0") = func & CRYPT_Z990_FUNC_MASK;
190 register void* __param asm("1") = param;
191 register u8* __dest asm("4") = dest;
192 register const u8* __src asm("2") = src;
193 register long __src_len asm("3") = src_len;
194 int ret;
195
196 ret = 0;
197 __asm__ __volatile__ (
198 "0: .insn rre,0xB92F0000,%1,%2 \n" //KMC opcode
199 "1: brc 1,0b \n" //handle partial completion
200 __crypt_z990_set_result
201 "6: \n"
202 __crypt_z990_fixup
203 : "+d" (ret), "+a" (__dest), "+a" (__src),
204 [result] "+d" (__src_len)
205 : [e1] "K" (-EFAULT), [e2] "K" (-ENOSYS), "d" (__func),
206 "a" (__param)
207 : "cc", "memory"
208 );
209 if (ret >= 0 && func & CRYPT_Z990_FUNC_MASK){
210 ret = src_len - ret;
211 }
212 return ret;
213}
214
215/*
216 * Executes the KIMD (COMPUTE INTERMEDIATE MESSAGE DIGEST) operation
217 * of the z990 CPU.
218 * @param func: the function code passed to KM; see crypt_z990_kimd_func
219 * @param param: address of parameter block; see POP for details on each func
220 * @param src: address of source memory area
221 * @param src_len: length of src operand in bytes
222 * @returns < zero for failure, 0 for the query func, number of processed bytes
223 * for digest funcs
224 */
225static inline int
226crypt_z990_kimd(long func, void* param, const u8* src, long src_len)
227{
228 register long __func asm("0") = func & CRYPT_Z990_FUNC_MASK;
229 register void* __param asm("1") = param;
230 register const u8* __src asm("2") = src;
231 register long __src_len asm("3") = src_len;
232 int ret;
233
234 ret = 0;
235 __asm__ __volatile__ (
236 "0: .insn rre,0xB93E0000,%1,%1 \n" //KIMD opcode
237 "1: brc 1,0b \n" /*handle partical completion of kimd*/
238 __crypt_z990_set_result
239 "6: \n"
240 __crypt_z990_fixup
241 : "+d" (ret), "+a" (__src), [result] "+d" (__src_len)
242 : [e1] "K" (-EFAULT), [e2] "K" (-ENOSYS), "d" (__func),
243 "a" (__param)
244 : "cc", "memory"
245 );
246 if (ret >= 0 && (func & CRYPT_Z990_FUNC_MASK)){
247 ret = src_len - ret;
248 }
249 return ret;
250}
251
252/*
253 * Executes the KLMD (COMPUTE LAST MESSAGE DIGEST) operation of the z990 CPU.
254 * @param func: the function code passed to KM; see crypt_z990_klmd_func
255 * @param param: address of parameter block; see POP for details on each func
256 * @param src: address of source memory area
257 * @param src_len: length of src operand in bytes
258 * @returns < zero for failure, 0 for the query func, number of processed bytes
259 * for digest funcs
260 */
261static inline int
262crypt_z990_klmd(long func, void* param, const u8* src, long src_len)
263{
264 register long __func asm("0") = func & CRYPT_Z990_FUNC_MASK;
265 register void* __param asm("1") = param;
266 register const u8* __src asm("2") = src;
267 register long __src_len asm("3") = src_len;
268 int ret;
269
270 ret = 0;
271 __asm__ __volatile__ (
272 "0: .insn rre,0xB93F0000,%1,%1 \n" //KLMD opcode
273 "1: brc 1,0b \n" /*handle partical completion of klmd*/
274 __crypt_z990_set_result
275 "6: \n"
276 __crypt_z990_fixup
277 : "+d" (ret), "+a" (__src), [result] "+d" (__src_len)
278 : [e1] "K" (-EFAULT), [e2] "K" (-ENOSYS), "d" (__func),
279 "a" (__param)
280 : "cc", "memory"
281 );
282 if (ret >= 0 && func & CRYPT_Z990_FUNC_MASK){
283 ret = src_len - ret;
284 }
285 return ret;
286}
287
288/*
289 * Executes the KMAC (COMPUTE MESSAGE AUTHENTICATION CODE) operation
290 * of the z990 CPU.
291 * @param func: the function code passed to KM; see crypt_z990_klmd_func
292 * @param param: address of parameter block; see POP for details on each func
293 * @param src: address of source memory area
294 * @param src_len: length of src operand in bytes
295 * @returns < zero for failure, 0 for the query func, number of processed bytes
296 * for digest funcs
297 */
298static inline int
299crypt_z990_kmac(long func, void* param, const u8* src, long src_len)
300{
301 register long __func asm("0") = func & CRYPT_Z990_FUNC_MASK;
302 register void* __param asm("1") = param;
303 register const u8* __src asm("2") = src;
304 register long __src_len asm("3") = src_len;
305 int ret;
306
307 ret = 0;
308 __asm__ __volatile__ (
309 "0: .insn rre,0xB91E0000,%5,%5 \n" //KMAC opcode
310 "1: brc 1,0b \n" /*handle partical completion of klmd*/
311 __crypt_z990_set_result
312 "6: \n"
313 __crypt_z990_fixup
314 : "+d" (ret), "+a" (__src), [result] "+d" (__src_len)
315 : [e1] "K" (-EFAULT), [e2] "K" (-ENOSYS), "d" (__func),
316 "a" (__param)
317 : "cc", "memory"
318 );
319 if (ret >= 0 && func & CRYPT_Z990_FUNC_MASK){
320 ret = src_len - ret;
321 }
322 return ret;
323}
324
325/**
326 * Tests if a specific z990 crypto function is implemented on the machine.
327 * @param func: the function code of the specific function; 0 if op in general
328 * @return 1 if func available; 0 if func or op in general not available
329 */
330static inline int
331crypt_z990_func_available(int func)
332{
333 int ret;
334
335 struct crypt_z990_query_status status = {
336 .high = 0,
337 .low = 0
338 };
339 switch (func & CRYPT_Z990_OP_MASK){
340 case CRYPT_Z990_KM:
341 ret = crypt_z990_km(KM_QUERY, &status, NULL, NULL, 0);
342 break;
343 case CRYPT_Z990_KMC:
344 ret = crypt_z990_kmc(KMC_QUERY, &status, NULL, NULL, 0);
345 break;
346 case CRYPT_Z990_KIMD:
347 ret = crypt_z990_kimd(KIMD_QUERY, &status, NULL, 0);
348 break;
349 case CRYPT_Z990_KLMD:
350 ret = crypt_z990_klmd(KLMD_QUERY, &status, NULL, 0);
351 break;
352 case CRYPT_Z990_KMAC:
353 ret = crypt_z990_kmac(KMAC_QUERY, &status, NULL, 0);
354 break;
355 default:
356 ret = 0;
357 return ret;
358 }
359 if (ret >= 0){
360 func &= CRYPT_Z990_FUNC_MASK;
361 func &= 0x7f; //mask modifier bit
362 if (func < 64){
363 ret = (status.high >> (64 - func - 1)) & 0x1;
364 } else {
365 ret = (status.low >> (128 - func - 1)) & 0x1;
366 }
367 } else {
368 ret = 0;
369 }
370 return ret;
371}
372
373
374#endif // _CRYPTO_ARCH_S390_CRYPT_Z990_H
diff --git a/arch/s390/crypto/crypt_z990_query.c b/arch/s390/crypto/crypt_z990_query.c
new file mode 100644
index 000000000000..7133983d1384
--- /dev/null
+++ b/arch/s390/crypto/crypt_z990_query.c
@@ -0,0 +1,111 @@
1/*
2 * Cryptographic API.
3 *
4 * Support for z990 cryptographic instructions.
5 * Testing module for querying processor crypto capabilities.
6 *
7 * Copyright (c) 2003 IBM Deutschland Entwicklung GmbH, IBM Corporation
8 * Author(s): Thomas Spatzier (tspat@de.ibm.com)
9 *
10 * This program is free software; you can redistribute it and/or modify it
11 * under the terms of the GNU General Public License as published by the Free
12 * Software Foundation; either version 2 of the License, or (at your option)
13 * any later version.
14 *
15 */
16#include <linux/module.h>
17#include <linux/init.h>
18#include <linux/kernel.h>
19#include <asm/errno.h>
20#include "crypt_z990.h"
21
22static void
23query_available_functions(void)
24{
25 printk(KERN_INFO "#####################\n");
26 //query available KM functions
27 printk(KERN_INFO "KM_QUERY: %d\n",
28 crypt_z990_func_available(KM_QUERY));
29 printk(KERN_INFO "KM_DEA: %d\n",
30 crypt_z990_func_available(KM_DEA_ENCRYPT));
31 printk(KERN_INFO "KM_TDEA_128: %d\n",
32 crypt_z990_func_available(KM_TDEA_128_ENCRYPT));
33 printk(KERN_INFO "KM_TDEA_192: %d\n",
34 crypt_z990_func_available(KM_TDEA_192_ENCRYPT));
35 //query available KMC functions
36 printk(KERN_INFO "KMC_QUERY: %d\n",
37 crypt_z990_func_available(KMC_QUERY));
38 printk(KERN_INFO "KMC_DEA: %d\n",
39 crypt_z990_func_available(KMC_DEA_ENCRYPT));
40 printk(KERN_INFO "KMC_TDEA_128: %d\n",
41 crypt_z990_func_available(KMC_TDEA_128_ENCRYPT));
42 printk(KERN_INFO "KMC_TDEA_192: %d\n",
43 crypt_z990_func_available(KMC_TDEA_192_ENCRYPT));
44 //query available KIMD fucntions
45 printk(KERN_INFO "KIMD_QUERY: %d\n",
46 crypt_z990_func_available(KIMD_QUERY));
47 printk(KERN_INFO "KIMD_SHA_1: %d\n",
48 crypt_z990_func_available(KIMD_SHA_1));
49 //query available KLMD functions
50 printk(KERN_INFO "KLMD_QUERY: %d\n",
51 crypt_z990_func_available(KLMD_QUERY));
52 printk(KERN_INFO "KLMD_SHA_1: %d\n",
53 crypt_z990_func_available(KLMD_SHA_1));
54 //query available KMAC functions
55 printk(KERN_INFO "KMAC_QUERY: %d\n",
56 crypt_z990_func_available(KMAC_QUERY));
57 printk(KERN_INFO "KMAC_DEA: %d\n",
58 crypt_z990_func_available(KMAC_DEA));
59 printk(KERN_INFO "KMAC_TDEA_128: %d\n",
60 crypt_z990_func_available(KMAC_TDEA_128));
61 printk(KERN_INFO "KMAC_TDEA_192: %d\n",
62 crypt_z990_func_available(KMAC_TDEA_192));
63}
64
65static int
66init(void)
67{
68 struct crypt_z990_query_status status = {
69 .high = 0,
70 .low = 0
71 };
72
73 printk(KERN_INFO "crypt_z990: querying available crypto functions\n");
74 crypt_z990_km(KM_QUERY, &status, NULL, NULL, 0);
75 printk(KERN_INFO "KM: %016llx %016llx\n",
76 (unsigned long long) status.high,
77 (unsigned long long) status.low);
78 status.high = status.low = 0;
79 crypt_z990_kmc(KMC_QUERY, &status, NULL, NULL, 0);
80 printk(KERN_INFO "KMC: %016llx %016llx\n",
81 (unsigned long long) status.high,
82 (unsigned long long) status.low);
83 status.high = status.low = 0;
84 crypt_z990_kimd(KIMD_QUERY, &status, NULL, 0);
85 printk(KERN_INFO "KIMD: %016llx %016llx\n",
86 (unsigned long long) status.high,
87 (unsigned long long) status.low);
88 status.high = status.low = 0;
89 crypt_z990_klmd(KLMD_QUERY, &status, NULL, 0);
90 printk(KERN_INFO "KLMD: %016llx %016llx\n",
91 (unsigned long long) status.high,
92 (unsigned long long) status.low);
93 status.high = status.low = 0;
94 crypt_z990_kmac(KMAC_QUERY, &status, NULL, 0);
95 printk(KERN_INFO "KMAC: %016llx %016llx\n",
96 (unsigned long long) status.high,
97 (unsigned long long) status.low);
98
99 query_available_functions();
100 return -1;
101}
102
103static void __exit
104cleanup(void)
105{
106}
107
108module_init(init);
109module_exit(cleanup);
110
111MODULE_LICENSE("GPL");
diff --git a/arch/s390/crypto/crypto_des.h b/arch/s390/crypto/crypto_des.h
new file mode 100644
index 000000000000..c964b64111dd
--- /dev/null
+++ b/arch/s390/crypto/crypto_des.h
@@ -0,0 +1,18 @@
1/*
2 * Cryptographic API.
3 *
4 * Function for checking keys for the DES and Tripple DES Encryption
5 * algorithms.
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 */
13#ifndef __CRYPTO_DES_H__
14#define __CRYPTO_DES_H__
15
16extern int crypto_des_check_key(const u8*, unsigned int, u32*);
17
18#endif //__CRYPTO_DES_H__
diff --git a/arch/s390/crypto/des_check_key.c b/arch/s390/crypto/des_check_key.c
new file mode 100644
index 000000000000..e3f5c5f238fe
--- /dev/null
+++ b/arch/s390/crypto/des_check_key.c
@@ -0,0 +1,130 @@
1/*
2 * Cryptographic API.
3 *
4 * Function for checking keys for the DES and Tripple DES Encryption
5 * algorithms.
6 *
7 * Originally released as descore by Dana L. How <how@isl.stanford.edu>.
8 * Modified by Raimar Falke <rf13@inf.tu-dresden.de> for the Linux-Kernel.
9 * Derived from Cryptoapi and Nettle implementations, adapted for in-place
10 * scatterlist interface. Changed LGPL to GPL per section 3 of the LGPL.
11 *
12 * s390 Version:
13 * Copyright (C) 2003 IBM Deutschland GmbH, IBM Corporation
14 * Author(s): Thomas Spatzier (tspat@de.ibm.com)
15 *
16 * Derived from "crypto/des.c"
17 * Copyright (c) 1992 Dana L. How.
18 * Copyright (c) Raimar Falke <rf13@inf.tu-dresden.de>
19 * Copyright (c) Gisle Sflensminde <gisle@ii.uib.no>
20 * Copyright (C) 2001 Niels Mvller.
21 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
22 *
23 * This program is free software; you can redistribute it and/or modify
24 * it under the terms of the GNU General Public License as published by
25 * the Free Software Foundation; either version 2 of the License, or
26 * (at your option) any later version.
27 *
28 */
29#include <linux/init.h>
30#include <linux/module.h>
31#include <linux/errno.h>
32#include <linux/crypto.h>
33
34#define ROR(d,c,o) ((d) = (d) >> (c) | (d) << (o))
35
36static const u8 parity[] = {
37 8,1,0,8,0,8,8,0,0,8,8,0,8,0,2,8,0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,3,
38 0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8,
39 0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8,
40 8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8,0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,
41 0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8,
42 8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8,0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,
43 8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8,0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,
44 4,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,8,5,0,8,0,8,8,0,0,8,8,0,8,0,6,8,
45};
46
47/*
48 * RFC2451: Weak key checks SHOULD be performed.
49 */
50int
51crypto_des_check_key(const u8 *key, unsigned int keylen, u32 *flags)
52{
53 u32 n, w;
54
55 n = parity[key[0]]; n <<= 4;
56 n |= parity[key[1]]; n <<= 4;
57 n |= parity[key[2]]; n <<= 4;
58 n |= parity[key[3]]; n <<= 4;
59 n |= parity[key[4]]; n <<= 4;
60 n |= parity[key[5]]; n <<= 4;
61 n |= parity[key[6]]; n <<= 4;
62 n |= parity[key[7]];
63 w = 0x88888888L;
64
65 if ((*flags & CRYPTO_TFM_REQ_WEAK_KEY)
66 && !((n - (w >> 3)) & w)) { /* 1 in 10^10 keys passes this test */
67 if (n < 0x41415151) {
68 if (n < 0x31312121) {
69 if (n < 0x14141515) {
70 /* 01 01 01 01 01 01 01 01 */
71 if (n == 0x11111111) goto weak;
72 /* 01 1F 01 1F 01 0E 01 0E */
73 if (n == 0x13131212) goto weak;
74 } else {
75 /* 01 E0 01 E0 01 F1 01 F1 */
76 if (n == 0x14141515) goto weak;
77 /* 01 FE 01 FE 01 FE 01 FE */
78 if (n == 0x16161616) goto weak;
79 }
80 } else {
81 if (n < 0x34342525) {
82 /* 1F 01 1F 01 0E 01 0E 01 */
83 if (n == 0x31312121) goto weak;
84 /* 1F 1F 1F 1F 0E 0E 0E 0E (?) */
85 if (n == 0x33332222) goto weak;
86 } else {
87 /* 1F E0 1F E0 0E F1 0E F1 */
88 if (n == 0x34342525) goto weak;
89 /* 1F FE 1F FE 0E FE 0E FE */
90 if (n == 0x36362626) goto weak;
91 }
92 }
93 } else {
94 if (n < 0x61616161) {
95 if (n < 0x44445555) {
96 /* E0 01 E0 01 F1 01 F1 01 */
97 if (n == 0x41415151) goto weak;
98 /* E0 1F E0 1F F1 0E F1 0E */
99 if (n == 0x43435252) goto weak;
100 } else {
101 /* E0 E0 E0 E0 F1 F1 F1 F1 (?) */
102 if (n == 0x44445555) goto weak;
103 /* E0 FE E0 FE F1 FE F1 FE */
104 if (n == 0x46465656) goto weak;
105 }
106 } else {
107 if (n < 0x64646565) {
108 /* FE 01 FE 01 FE 01 FE 01 */
109 if (n == 0x61616161) goto weak;
110 /* FE 1F FE 1F FE 0E FE 0E */
111 if (n == 0x63636262) goto weak;
112 } else {
113 /* FE E0 FE E0 FE F1 FE F1 */
114 if (n == 0x64646565) goto weak;
115 /* FE FE FE FE FE FE FE FE */
116 if (n == 0x66666666) goto weak;
117 }
118 }
119 }
120 }
121 return 0;
122weak:
123 *flags |= CRYPTO_TFM_RES_WEAK_KEY;
124 return -EINVAL;
125}
126
127EXPORT_SYMBOL(crypto_des_check_key);
128
129MODULE_LICENSE("GPL");
130MODULE_DESCRIPTION("Key Check function for DES & DES3 Cipher Algorithms");
diff --git a/arch/s390/crypto/des_z990.c b/arch/s390/crypto/des_z990.c
new file mode 100644
index 000000000000..813cf37b1177
--- /dev/null
+++ b/arch/s390/crypto/des_z990.c
@@ -0,0 +1,284 @@
1/*
2 * Cryptographic API.
3 *
4 * z990 implementation of the DES Cipher Algorithm.
5 *
6 * Copyright (c) 2003 IBM Deutschland Entwicklung GmbH, IBM Corporation
7 * Author(s): Thomas Spatzier (tspat@de.ibm.com)
8 *
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
14 *
15 */
16#include <linux/init.h>
17#include <linux/module.h>
18#include <linux/mm.h>
19#include <linux/errno.h>
20#include <asm/scatterlist.h>
21#include <linux/crypto.h>
22#include "crypt_z990.h"
23#include "crypto_des.h"
24
25#define DES_BLOCK_SIZE 8
26#define DES_KEY_SIZE 8
27
28#define DES3_128_KEY_SIZE (2 * DES_KEY_SIZE)
29#define DES3_128_BLOCK_SIZE DES_BLOCK_SIZE
30
31#define DES3_192_KEY_SIZE (3 * DES_KEY_SIZE)
32#define DES3_192_BLOCK_SIZE DES_BLOCK_SIZE
33
34struct crypt_z990_des_ctx {
35 u8 iv[DES_BLOCK_SIZE];
36 u8 key[DES_KEY_SIZE];
37};
38
39struct crypt_z990_des3_128_ctx {
40 u8 iv[DES_BLOCK_SIZE];
41 u8 key[DES3_128_KEY_SIZE];
42};
43
44struct crypt_z990_des3_192_ctx {
45 u8 iv[DES_BLOCK_SIZE];
46 u8 key[DES3_192_KEY_SIZE];
47};
48
49static int
50des_setkey(void *ctx, const u8 *key, unsigned int keylen, u32 *flags)
51{
52 struct crypt_z990_des_ctx *dctx;
53 int ret;
54
55 dctx = ctx;
56 //test if key is valid (not a weak key)
57 ret = crypto_des_check_key(key, keylen, flags);
58 if (ret == 0){
59 memcpy(dctx->key, key, keylen);
60 }
61 return ret;
62}
63
64
65static void
66des_encrypt(void *ctx, u8 *dst, const u8 *src)
67{
68 struct crypt_z990_des_ctx *dctx;
69
70 dctx = ctx;
71 crypt_z990_km(KM_DEA_ENCRYPT, dctx->key, dst, src, DES_BLOCK_SIZE);
72}
73
74static void
75des_decrypt(void *ctx, u8 *dst, const u8 *src)
76{
77 struct crypt_z990_des_ctx *dctx;
78
79 dctx = ctx;
80 crypt_z990_km(KM_DEA_DECRYPT, dctx->key, dst, src, DES_BLOCK_SIZE);
81}
82
83static struct crypto_alg des_alg = {
84 .cra_name = "des",
85 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
86 .cra_blocksize = DES_BLOCK_SIZE,
87 .cra_ctxsize = sizeof(struct crypt_z990_des_ctx),
88 .cra_module = THIS_MODULE,
89 .cra_list = LIST_HEAD_INIT(des_alg.cra_list),
90 .cra_u = { .cipher = {
91 .cia_min_keysize = DES_KEY_SIZE,
92 .cia_max_keysize = DES_KEY_SIZE,
93 .cia_setkey = des_setkey,
94 .cia_encrypt = des_encrypt,
95 .cia_decrypt = des_decrypt } }
96};
97
98/*
99 * RFC2451:
100 *
101 * For DES-EDE3, there is no known need to reject weak or
102 * complementation keys. Any weakness is obviated by the use of
103 * multiple keys.
104 *
105 * However, if the two independent 64-bit keys are equal,
106 * then the DES3 operation is simply the same as DES.
107 * Implementers MUST reject keys that exhibit this property.
108 *
109 */
110static int
111des3_128_setkey(void *ctx, const u8 *key, unsigned int keylen, u32 *flags)
112{
113 int i, ret;
114 struct crypt_z990_des3_128_ctx *dctx;
115 const u8* temp_key = key;
116
117 dctx = ctx;
118 if (!(memcmp(key, &key[DES_KEY_SIZE], DES_KEY_SIZE))) {
119
120 *flags |= CRYPTO_TFM_RES_BAD_KEY_SCHED;
121 return -EINVAL;
122 }
123 for (i = 0; i < 2; i++, temp_key += DES_KEY_SIZE) {
124 ret = crypto_des_check_key(temp_key, DES_KEY_SIZE, flags);
125 if (ret < 0)
126 return ret;
127 }
128 memcpy(dctx->key, key, keylen);
129 return 0;
130}
131
132static void
133des3_128_encrypt(void *ctx, u8 *dst, const u8 *src)
134{
135 struct crypt_z990_des3_128_ctx *dctx;
136
137 dctx = ctx;
138 crypt_z990_km(KM_TDEA_128_ENCRYPT, dctx->key, dst, (void*)src,
139 DES3_128_BLOCK_SIZE);
140}
141
142static void
143des3_128_decrypt(void *ctx, u8 *dst, const u8 *src)
144{
145 struct crypt_z990_des3_128_ctx *dctx;
146
147 dctx = ctx;
148 crypt_z990_km(KM_TDEA_128_DECRYPT, dctx->key, dst, (void*)src,
149 DES3_128_BLOCK_SIZE);
150}
151
152static struct crypto_alg des3_128_alg = {
153 .cra_name = "des3_ede128",
154 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
155 .cra_blocksize = DES3_128_BLOCK_SIZE,
156 .cra_ctxsize = sizeof(struct crypt_z990_des3_128_ctx),
157 .cra_module = THIS_MODULE,
158 .cra_list = LIST_HEAD_INIT(des3_128_alg.cra_list),
159 .cra_u = { .cipher = {
160 .cia_min_keysize = DES3_128_KEY_SIZE,
161 .cia_max_keysize = DES3_128_KEY_SIZE,
162 .cia_setkey = des3_128_setkey,
163 .cia_encrypt = des3_128_encrypt,
164 .cia_decrypt = des3_128_decrypt } }
165};
166
167/*
168 * RFC2451:
169 *
170 * For DES-EDE3, there is no known need to reject weak or
171 * complementation keys. Any weakness is obviated by the use of
172 * multiple keys.
173 *
174 * However, if the first two or last two independent 64-bit keys are
175 * equal (k1 == k2 or k2 == k3), then the DES3 operation is simply the
176 * same as DES. Implementers MUST reject keys that exhibit this
177 * property.
178 *
179 */
180static int
181des3_192_setkey(void *ctx, const u8 *key, unsigned int keylen, u32 *flags)
182{
183 int i, ret;
184 struct crypt_z990_des3_192_ctx *dctx;
185 const u8* temp_key;
186
187 dctx = ctx;
188 temp_key = key;
189 if (!(memcmp(key, &key[DES_KEY_SIZE], DES_KEY_SIZE) &&
190 memcmp(&key[DES_KEY_SIZE], &key[DES_KEY_SIZE * 2],
191 DES_KEY_SIZE))) {
192
193 *flags |= CRYPTO_TFM_RES_BAD_KEY_SCHED;
194 return -EINVAL;
195 }
196 for (i = 0; i < 3; i++, temp_key += DES_KEY_SIZE) {
197 ret = crypto_des_check_key(temp_key, DES_KEY_SIZE, flags);
198 if (ret < 0){
199 return ret;
200 }
201 }
202 memcpy(dctx->key, key, keylen);
203 return 0;
204}
205
206static void
207des3_192_encrypt(void *ctx, u8 *dst, const u8 *src)
208{
209 struct crypt_z990_des3_192_ctx *dctx;
210
211 dctx = ctx;
212 crypt_z990_km(KM_TDEA_192_ENCRYPT, dctx->key, dst, (void*)src,
213 DES3_192_BLOCK_SIZE);
214}
215
216static void
217des3_192_decrypt(void *ctx, u8 *dst, const u8 *src)
218{
219 struct crypt_z990_des3_192_ctx *dctx;
220
221 dctx = ctx;
222 crypt_z990_km(KM_TDEA_192_DECRYPT, dctx->key, dst, (void*)src,
223 DES3_192_BLOCK_SIZE);
224}
225
226static struct crypto_alg des3_192_alg = {
227 .cra_name = "des3_ede",
228 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
229 .cra_blocksize = DES3_192_BLOCK_SIZE,
230 .cra_ctxsize = sizeof(struct crypt_z990_des3_192_ctx),
231 .cra_module = THIS_MODULE,
232 .cra_list = LIST_HEAD_INIT(des3_192_alg.cra_list),
233 .cra_u = { .cipher = {
234 .cia_min_keysize = DES3_192_KEY_SIZE,
235 .cia_max_keysize = DES3_192_KEY_SIZE,
236 .cia_setkey = des3_192_setkey,
237 .cia_encrypt = des3_192_encrypt,
238 .cia_decrypt = des3_192_decrypt } }
239};
240
241
242
243static int
244init(void)
245{
246 int ret;
247
248 if (!crypt_z990_func_available(KM_DEA_ENCRYPT) ||
249 !crypt_z990_func_available(KM_TDEA_128_ENCRYPT) ||
250 !crypt_z990_func_available(KM_TDEA_192_ENCRYPT)){
251 return -ENOSYS;
252 }
253
254 ret = 0;
255 ret |= (crypto_register_alg(&des_alg) == 0)? 0:1;
256 ret |= (crypto_register_alg(&des3_128_alg) == 0)? 0:2;
257 ret |= (crypto_register_alg(&des3_192_alg) == 0)? 0:4;
258 if (ret){
259 crypto_unregister_alg(&des3_192_alg);
260 crypto_unregister_alg(&des3_128_alg);
261 crypto_unregister_alg(&des_alg);
262 return -EEXIST;
263 }
264
265 printk(KERN_INFO "crypt_z990: des_z990 loaded.\n");
266 return 0;
267}
268
269static void __exit
270fini(void)
271{
272 crypto_unregister_alg(&des3_192_alg);
273 crypto_unregister_alg(&des3_128_alg);
274 crypto_unregister_alg(&des_alg);
275}
276
277module_init(init);
278module_exit(fini);
279
280MODULE_ALIAS("des");
281MODULE_ALIAS("des3_ede");
282
283MODULE_LICENSE("GPL");
284MODULE_DESCRIPTION("DES & Triple DES EDE Cipher Algorithms");
diff --git a/arch/s390/crypto/sha1_z990.c b/arch/s390/crypto/sha1_z990.c
new file mode 100644
index 000000000000..298174ddf5b1
--- /dev/null
+++ b/arch/s390/crypto/sha1_z990.c
@@ -0,0 +1,167 @@
1/*
2 * Cryptographic API.
3 *
4 * z990 implementation of the SHA1 Secure Hash Algorithm.
5 *
6 * Derived from cryptoapi implementation, adapted for in-place
7 * scatterlist interface. Originally based on the public domain
8 * implementation written by Steve Reid.
9 *
10 * s390 Version:
11 * Copyright (C) 2003 IBM Deutschland GmbH, IBM Corporation
12 * Author(s): Thomas Spatzier (tspat@de.ibm.com)
13 *
14 * Derived from "crypto/sha1.c"
15 * Copyright (c) Alan Smithee.
16 * Copyright (c) Andrew McDonald <andrew@mcdonald.org.uk>
17 * Copyright (c) Jean-Francois Dive <jef@linuxbe.org>
18 *
19 * This program is free software; you can redistribute it and/or modify it
20 * under the terms of the GNU General Public License as published by the Free
21 * Software Foundation; either version 2 of the License, or (at your option)
22 * any later version.
23 *
24 */
25#include <linux/init.h>
26#include <linux/module.h>
27#include <linux/mm.h>
28#include <linux/crypto.h>
29#include <asm/scatterlist.h>
30#include <asm/byteorder.h>
31#include "crypt_z990.h"
32
33#define SHA1_DIGEST_SIZE 20
34#define SHA1_BLOCK_SIZE 64
35
36struct crypt_z990_sha1_ctx {
37 u64 count;
38 u32 state[5];
39 u32 buf_len;
40 u8 buffer[2 * SHA1_BLOCK_SIZE];
41};
42
43static void
44sha1_init(void *ctx)
45{
46 static const struct crypt_z990_sha1_ctx initstate = {
47 .state = {
48 0x67452301,
49 0xEFCDAB89,
50 0x98BADCFE,
51 0x10325476,
52 0xC3D2E1F0
53 },
54 };
55 memcpy(ctx, &initstate, sizeof(initstate));
56}
57
58static void
59sha1_update(void *ctx, const u8 *data, unsigned int len)
60{
61 struct crypt_z990_sha1_ctx *sctx;
62 long imd_len;
63
64 sctx = ctx;
65 sctx->count += len * 8; //message bit length
66
67 //anything in buffer yet? -> must be completed
68 if (sctx->buf_len && (sctx->buf_len + len) >= SHA1_BLOCK_SIZE) {
69 //complete full block and hash
70 memcpy(sctx->buffer + sctx->buf_len, data,
71 SHA1_BLOCK_SIZE - sctx->buf_len);
72 crypt_z990_kimd(KIMD_SHA_1, sctx->state, sctx->buffer,
73 SHA1_BLOCK_SIZE);
74 data += SHA1_BLOCK_SIZE - sctx->buf_len;
75 len -= SHA1_BLOCK_SIZE - sctx->buf_len;
76 sctx->buf_len = 0;
77 }
78
79 //rest of data contains full blocks?
80 imd_len = len & ~0x3ful;
81 if (imd_len){
82 crypt_z990_kimd(KIMD_SHA_1, sctx->state, data, imd_len);
83 data += imd_len;
84 len -= imd_len;
85 }
86 //anything left? store in buffer
87 if (len){
88 memcpy(sctx->buffer + sctx->buf_len , data, len);
89 sctx->buf_len += len;
90 }
91}
92
93
94static void
95pad_message(struct crypt_z990_sha1_ctx* sctx)
96{
97 int index;
98
99 index = sctx->buf_len;
100 sctx->buf_len = (sctx->buf_len < 56)?
101 SHA1_BLOCK_SIZE:2 * SHA1_BLOCK_SIZE;
102 //start pad with 1
103 sctx->buffer[index] = 0x80;
104 //pad with zeros
105 index++;
106 memset(sctx->buffer + index, 0x00, sctx->buf_len - index);
107 //append length
108 memcpy(sctx->buffer + sctx->buf_len - 8, &sctx->count,
109 sizeof sctx->count);
110}
111
112/* Add padding and return the message digest. */
113static void
114sha1_final(void* ctx, u8 *out)
115{
116 struct crypt_z990_sha1_ctx *sctx = ctx;
117
118 //must perform manual padding
119 pad_message(sctx);
120 crypt_z990_kimd(KIMD_SHA_1, sctx->state, sctx->buffer, sctx->buf_len);
121 //copy digest to out
122 memcpy(out, sctx->state, SHA1_DIGEST_SIZE);
123 /* Wipe context */
124 memset(sctx, 0, sizeof *sctx);
125}
126
127static struct crypto_alg alg = {
128 .cra_name = "sha1",
129 .cra_flags = CRYPTO_ALG_TYPE_DIGEST,
130 .cra_blocksize = SHA1_BLOCK_SIZE,
131 .cra_ctxsize = sizeof(struct crypt_z990_sha1_ctx),
132 .cra_module = THIS_MODULE,
133 .cra_list = LIST_HEAD_INIT(alg.cra_list),
134 .cra_u = { .digest = {
135 .dia_digestsize = SHA1_DIGEST_SIZE,
136 .dia_init = sha1_init,
137 .dia_update = sha1_update,
138 .dia_final = sha1_final } }
139};
140
141static int
142init(void)
143{
144 int ret = -ENOSYS;
145
146 if (crypt_z990_func_available(KIMD_SHA_1)){
147 ret = crypto_register_alg(&alg);
148 if (ret == 0){
149 printk(KERN_INFO "crypt_z990: sha1_z990 loaded.\n");
150 }
151 }
152 return ret;
153}
154
155static void __exit
156fini(void)
157{
158 crypto_unregister_alg(&alg);
159}
160
161module_init(init);
162module_exit(fini);
163
164MODULE_ALIAS("sha1");
165
166MODULE_LICENSE("GPL");
167MODULE_DESCRIPTION("SHA1 Secure Hash Algorithm");