1c1e26e1eSJan Glauber /* 2c1e26e1eSJan Glauber * Cryptographic API. 3c1e26e1eSJan Glauber * 4c1e26e1eSJan Glauber * s390 implementation of the DES Cipher Algorithm. 5c1e26e1eSJan Glauber * 6c1e26e1eSJan Glauber * Copyright (c) 2003 IBM Deutschland Entwicklung GmbH, IBM Corporation 7c1e26e1eSJan Glauber * Author(s): Thomas Spatzier (tspat@de.ibm.com) 8c1e26e1eSJan Glauber * 9c1e26e1eSJan Glauber * 10c1e26e1eSJan Glauber * This program is free software; you can redistribute it and/or modify 11c1e26e1eSJan Glauber * it under the terms of the GNU General Public License as published by 12c1e26e1eSJan Glauber * the Free Software Foundation; either version 2 of the License, or 13c1e26e1eSJan Glauber * (at your option) any later version. 14c1e26e1eSJan Glauber * 15c1e26e1eSJan Glauber */ 16c1e26e1eSJan Glauber #include <linux/init.h> 17c1e26e1eSJan Glauber #include <linux/module.h> 18c1e26e1eSJan Glauber #include <linux/crypto.h> 19c1357833SJan Glauber 20c1e26e1eSJan Glauber #include "crypt_s390.h" 21c1e26e1eSJan Glauber #include "crypto_des.h" 22c1e26e1eSJan Glauber 23c1e26e1eSJan Glauber #define DES_BLOCK_SIZE 8 24c1e26e1eSJan Glauber #define DES_KEY_SIZE 8 25c1e26e1eSJan Glauber 26c1e26e1eSJan Glauber #define DES3_128_KEY_SIZE (2 * DES_KEY_SIZE) 27c1e26e1eSJan Glauber #define DES3_128_BLOCK_SIZE DES_BLOCK_SIZE 28c1e26e1eSJan Glauber 29c1e26e1eSJan Glauber #define DES3_192_KEY_SIZE (3 * DES_KEY_SIZE) 30c1e26e1eSJan Glauber #define DES3_192_BLOCK_SIZE DES_BLOCK_SIZE 31c1e26e1eSJan Glauber 32c1e26e1eSJan Glauber struct crypt_s390_des_ctx { 33c1e26e1eSJan Glauber u8 iv[DES_BLOCK_SIZE]; 34c1e26e1eSJan Glauber u8 key[DES_KEY_SIZE]; 35c1e26e1eSJan Glauber }; 36c1e26e1eSJan Glauber 37c1e26e1eSJan Glauber struct crypt_s390_des3_128_ctx { 38c1e26e1eSJan Glauber u8 iv[DES_BLOCK_SIZE]; 39c1e26e1eSJan Glauber u8 key[DES3_128_KEY_SIZE]; 40c1e26e1eSJan Glauber }; 41c1e26e1eSJan Glauber 42c1e26e1eSJan Glauber struct crypt_s390_des3_192_ctx { 43c1e26e1eSJan Glauber u8 iv[DES_BLOCK_SIZE]; 44c1e26e1eSJan Glauber u8 key[DES3_192_KEY_SIZE]; 45c1e26e1eSJan Glauber }; 46c1e26e1eSJan Glauber 47c1357833SJan Glauber static int des_setkey(void *ctx, const u8 *key, unsigned int keylen, 48c1357833SJan Glauber u32 *flags) 49c1e26e1eSJan Glauber { 50c1357833SJan Glauber struct crypt_s390_des_ctx *dctx = ctx; 51c1e26e1eSJan Glauber int ret; 52c1e26e1eSJan Glauber 53c1357833SJan Glauber /* test if key is valid (not a weak key) */ 54c1e26e1eSJan Glauber ret = crypto_des_check_key(key, keylen, flags); 55c1357833SJan Glauber if (ret == 0) 56c1e26e1eSJan Glauber memcpy(dctx->key, key, keylen); 57c1e26e1eSJan Glauber return ret; 58c1e26e1eSJan Glauber } 59c1e26e1eSJan Glauber 60c1357833SJan Glauber static void des_encrypt(void *ctx, u8 *dst, const u8 *src) 61c1e26e1eSJan Glauber { 62c1357833SJan Glauber struct crypt_s390_des_ctx *dctx = ctx; 63c1e26e1eSJan Glauber 64c1e26e1eSJan Glauber crypt_s390_km(KM_DEA_ENCRYPT, dctx->key, dst, src, DES_BLOCK_SIZE); 65c1e26e1eSJan Glauber } 66c1e26e1eSJan Glauber 67c1357833SJan Glauber static void des_decrypt(void *ctx, u8 *dst, const u8 *src) 68c1e26e1eSJan Glauber { 69c1357833SJan Glauber struct crypt_s390_des_ctx *dctx = ctx; 70c1e26e1eSJan Glauber 71c1e26e1eSJan Glauber crypt_s390_km(KM_DEA_DECRYPT, dctx->key, dst, src, DES_BLOCK_SIZE); 72c1e26e1eSJan Glauber } 73c1e26e1eSJan Glauber 74c1e26e1eSJan Glauber static struct crypto_alg des_alg = { 75c1e26e1eSJan Glauber .cra_name = "des", 76c1e26e1eSJan Glauber .cra_flags = CRYPTO_ALG_TYPE_CIPHER, 77c1e26e1eSJan Glauber .cra_blocksize = DES_BLOCK_SIZE, 78c1e26e1eSJan Glauber .cra_ctxsize = sizeof(struct crypt_s390_des_ctx), 79c1e26e1eSJan Glauber .cra_module = THIS_MODULE, 80c1e26e1eSJan Glauber .cra_list = LIST_HEAD_INIT(des_alg.cra_list), 81c1357833SJan Glauber .cra_u = { 82c1357833SJan Glauber .cipher = { 83c1e26e1eSJan Glauber .cia_min_keysize = DES_KEY_SIZE, 84c1e26e1eSJan Glauber .cia_max_keysize = DES_KEY_SIZE, 85c1e26e1eSJan Glauber .cia_setkey = des_setkey, 86c1e26e1eSJan Glauber .cia_encrypt = des_encrypt, 87c1357833SJan Glauber .cia_decrypt = des_decrypt 88c1357833SJan Glauber } 89c1357833SJan Glauber } 90c1e26e1eSJan Glauber }; 91c1e26e1eSJan Glauber 92c1e26e1eSJan Glauber /* 93c1e26e1eSJan Glauber * RFC2451: 94c1e26e1eSJan Glauber * 95c1e26e1eSJan Glauber * For DES-EDE3, there is no known need to reject weak or 96c1e26e1eSJan Glauber * complementation keys. Any weakness is obviated by the use of 97c1e26e1eSJan Glauber * multiple keys. 98c1e26e1eSJan Glauber * 99c1e26e1eSJan Glauber * However, if the two independent 64-bit keys are equal, 100c1e26e1eSJan Glauber * then the DES3 operation is simply the same as DES. 101c1e26e1eSJan Glauber * Implementers MUST reject keys that exhibit this property. 102c1e26e1eSJan Glauber * 103c1e26e1eSJan Glauber */ 104c1357833SJan Glauber static int des3_128_setkey(void *ctx, const u8 *key, unsigned int keylen, 105c1357833SJan Glauber u32 *flags) 106c1e26e1eSJan Glauber { 107c1e26e1eSJan Glauber int i, ret; 108c1357833SJan Glauber struct crypt_s390_des3_128_ctx *dctx = ctx; 109c1e26e1eSJan Glauber const u8* temp_key = key; 110c1e26e1eSJan Glauber 111c1e26e1eSJan Glauber if (!(memcmp(key, &key[DES_KEY_SIZE], DES_KEY_SIZE))) { 112c1e26e1eSJan Glauber *flags |= CRYPTO_TFM_RES_BAD_KEY_SCHED; 113c1e26e1eSJan Glauber return -EINVAL; 114c1e26e1eSJan Glauber } 115c1e26e1eSJan Glauber for (i = 0; i < 2; i++, temp_key += DES_KEY_SIZE) { 116c1e26e1eSJan Glauber ret = crypto_des_check_key(temp_key, DES_KEY_SIZE, flags); 117c1e26e1eSJan Glauber if (ret < 0) 118c1e26e1eSJan Glauber return ret; 119c1e26e1eSJan Glauber } 120c1e26e1eSJan Glauber memcpy(dctx->key, key, keylen); 121c1e26e1eSJan Glauber return 0; 122c1e26e1eSJan Glauber } 123c1e26e1eSJan Glauber 124c1357833SJan Glauber static void des3_128_encrypt(void *ctx, u8 *dst, const u8 *src) 125c1e26e1eSJan Glauber { 126c1357833SJan Glauber struct crypt_s390_des3_128_ctx *dctx = ctx; 127c1e26e1eSJan Glauber 128c1e26e1eSJan Glauber crypt_s390_km(KM_TDEA_128_ENCRYPT, dctx->key, dst, (void*)src, 129c1e26e1eSJan Glauber DES3_128_BLOCK_SIZE); 130c1e26e1eSJan Glauber } 131c1e26e1eSJan Glauber 132c1357833SJan Glauber static void des3_128_decrypt(void *ctx, u8 *dst, const u8 *src) 133c1e26e1eSJan Glauber { 134c1357833SJan Glauber struct crypt_s390_des3_128_ctx *dctx = ctx; 135c1e26e1eSJan Glauber 136c1e26e1eSJan Glauber crypt_s390_km(KM_TDEA_128_DECRYPT, dctx->key, dst, (void*)src, 137c1e26e1eSJan Glauber DES3_128_BLOCK_SIZE); 138c1e26e1eSJan Glauber } 139c1e26e1eSJan Glauber 140c1e26e1eSJan Glauber static struct crypto_alg des3_128_alg = { 141c1e26e1eSJan Glauber .cra_name = "des3_ede128", 142c1e26e1eSJan Glauber .cra_flags = CRYPTO_ALG_TYPE_CIPHER, 143c1e26e1eSJan Glauber .cra_blocksize = DES3_128_BLOCK_SIZE, 144c1e26e1eSJan Glauber .cra_ctxsize = sizeof(struct crypt_s390_des3_128_ctx), 145c1e26e1eSJan Glauber .cra_module = THIS_MODULE, 146c1e26e1eSJan Glauber .cra_list = LIST_HEAD_INIT(des3_128_alg.cra_list), 147c1357833SJan Glauber .cra_u = { 148c1357833SJan Glauber .cipher = { 149c1e26e1eSJan Glauber .cia_min_keysize = DES3_128_KEY_SIZE, 150c1e26e1eSJan Glauber .cia_max_keysize = DES3_128_KEY_SIZE, 151c1e26e1eSJan Glauber .cia_setkey = des3_128_setkey, 152c1e26e1eSJan Glauber .cia_encrypt = des3_128_encrypt, 153c1357833SJan Glauber .cia_decrypt = des3_128_decrypt 154c1357833SJan Glauber } 155c1357833SJan Glauber } 156c1e26e1eSJan Glauber }; 157c1e26e1eSJan Glauber 158c1e26e1eSJan Glauber /* 159c1e26e1eSJan Glauber * RFC2451: 160c1e26e1eSJan Glauber * 161c1e26e1eSJan Glauber * For DES-EDE3, there is no known need to reject weak or 162c1e26e1eSJan Glauber * complementation keys. Any weakness is obviated by the use of 163c1e26e1eSJan Glauber * multiple keys. 164c1e26e1eSJan Glauber * 165c1e26e1eSJan Glauber * However, if the first two or last two independent 64-bit keys are 166c1e26e1eSJan Glauber * equal (k1 == k2 or k2 == k3), then the DES3 operation is simply the 167c1e26e1eSJan Glauber * same as DES. Implementers MUST reject keys that exhibit this 168c1e26e1eSJan Glauber * property. 169c1e26e1eSJan Glauber * 170c1e26e1eSJan Glauber */ 171c1357833SJan Glauber static int des3_192_setkey(void *ctx, const u8 *key, unsigned int keylen, 172c1357833SJan Glauber u32 *flags) 173c1e26e1eSJan Glauber { 174c1e26e1eSJan Glauber int i, ret; 175c1357833SJan Glauber struct crypt_s390_des3_192_ctx *dctx = ctx; 176c1357833SJan Glauber const u8* temp_key = key; 177c1e26e1eSJan Glauber 178c1e26e1eSJan Glauber if (!(memcmp(key, &key[DES_KEY_SIZE], DES_KEY_SIZE) && 179c1e26e1eSJan Glauber memcmp(&key[DES_KEY_SIZE], &key[DES_KEY_SIZE * 2], 180c1e26e1eSJan Glauber DES_KEY_SIZE))) { 181c1e26e1eSJan Glauber 182c1e26e1eSJan Glauber *flags |= CRYPTO_TFM_RES_BAD_KEY_SCHED; 183c1e26e1eSJan Glauber return -EINVAL; 184c1e26e1eSJan Glauber } 185c1e26e1eSJan Glauber for (i = 0; i < 3; i++, temp_key += DES_KEY_SIZE) { 186c1e26e1eSJan Glauber ret = crypto_des_check_key(temp_key, DES_KEY_SIZE, flags); 187c1357833SJan Glauber if (ret < 0) 188c1e26e1eSJan Glauber return ret; 189c1e26e1eSJan Glauber } 190c1e26e1eSJan Glauber memcpy(dctx->key, key, keylen); 191c1e26e1eSJan Glauber return 0; 192c1e26e1eSJan Glauber } 193c1e26e1eSJan Glauber 194c1357833SJan Glauber static void des3_192_encrypt(void *ctx, u8 *dst, const u8 *src) 195c1e26e1eSJan Glauber { 196c1357833SJan Glauber struct crypt_s390_des3_192_ctx *dctx = ctx; 197c1e26e1eSJan Glauber 198c1e26e1eSJan Glauber crypt_s390_km(KM_TDEA_192_ENCRYPT, dctx->key, dst, (void*)src, 199c1e26e1eSJan Glauber DES3_192_BLOCK_SIZE); 200c1e26e1eSJan Glauber } 201c1e26e1eSJan Glauber 202c1357833SJan Glauber static void des3_192_decrypt(void *ctx, u8 *dst, const u8 *src) 203c1e26e1eSJan Glauber { 204c1357833SJan Glauber struct crypt_s390_des3_192_ctx *dctx = ctx; 205c1e26e1eSJan Glauber 206c1e26e1eSJan Glauber crypt_s390_km(KM_TDEA_192_DECRYPT, dctx->key, dst, (void*)src, 207c1e26e1eSJan Glauber DES3_192_BLOCK_SIZE); 208c1e26e1eSJan Glauber } 209c1e26e1eSJan Glauber 210c1e26e1eSJan Glauber static struct crypto_alg des3_192_alg = { 211c1e26e1eSJan Glauber .cra_name = "des3_ede", 212c1e26e1eSJan Glauber .cra_flags = CRYPTO_ALG_TYPE_CIPHER, 213c1e26e1eSJan Glauber .cra_blocksize = DES3_192_BLOCK_SIZE, 214c1e26e1eSJan Glauber .cra_ctxsize = sizeof(struct crypt_s390_des3_192_ctx), 215c1e26e1eSJan Glauber .cra_module = THIS_MODULE, 216c1e26e1eSJan Glauber .cra_list = LIST_HEAD_INIT(des3_192_alg.cra_list), 217c1357833SJan Glauber .cra_u = { 218c1357833SJan Glauber .cipher = { 219c1e26e1eSJan Glauber .cia_min_keysize = DES3_192_KEY_SIZE, 220c1e26e1eSJan Glauber .cia_max_keysize = DES3_192_KEY_SIZE, 221c1e26e1eSJan Glauber .cia_setkey = des3_192_setkey, 222c1e26e1eSJan Glauber .cia_encrypt = des3_192_encrypt, 223c1357833SJan Glauber .cia_decrypt = des3_192_decrypt 224c1357833SJan Glauber } 225c1357833SJan Glauber } 226c1e26e1eSJan Glauber }; 227c1e26e1eSJan Glauber 228c1357833SJan Glauber static int init(void) 229c1e26e1eSJan Glauber { 230c1357833SJan Glauber int ret = 0; 231c1e26e1eSJan Glauber 232c1e26e1eSJan Glauber if (!crypt_s390_func_available(KM_DEA_ENCRYPT) || 233c1e26e1eSJan Glauber !crypt_s390_func_available(KM_TDEA_128_ENCRYPT) || 234c1357833SJan Glauber !crypt_s390_func_available(KM_TDEA_192_ENCRYPT)) 235c1e26e1eSJan Glauber return -ENOSYS; 236c1e26e1eSJan Glauber 237c1e26e1eSJan Glauber ret |= (crypto_register_alg(&des_alg) == 0) ? 0:1; 238c1e26e1eSJan Glauber ret |= (crypto_register_alg(&des3_128_alg) == 0) ? 0:2; 239c1e26e1eSJan Glauber ret |= (crypto_register_alg(&des3_192_alg) == 0) ? 0:4; 240c1e26e1eSJan Glauber if (ret) { 241c1e26e1eSJan Glauber crypto_unregister_alg(&des3_192_alg); 242c1e26e1eSJan Glauber crypto_unregister_alg(&des3_128_alg); 243c1e26e1eSJan Glauber crypto_unregister_alg(&des_alg); 244c1e26e1eSJan Glauber return -EEXIST; 245c1e26e1eSJan Glauber } 246c1e26e1eSJan Glauber return 0; 247c1e26e1eSJan Glauber } 248c1e26e1eSJan Glauber 249c1357833SJan Glauber static void __exit fini(void) 250c1e26e1eSJan Glauber { 251c1e26e1eSJan Glauber crypto_unregister_alg(&des3_192_alg); 252c1e26e1eSJan Glauber crypto_unregister_alg(&des3_128_alg); 253c1e26e1eSJan Glauber crypto_unregister_alg(&des_alg); 254c1e26e1eSJan Glauber } 255c1e26e1eSJan Glauber 256c1e26e1eSJan Glauber module_init(init); 257c1e26e1eSJan Glauber module_exit(fini); 258c1e26e1eSJan Glauber 259c1e26e1eSJan Glauber MODULE_ALIAS("des"); 260c1e26e1eSJan Glauber MODULE_ALIAS("des3_ede"); 261c1e26e1eSJan Glauber 262c1e26e1eSJan Glauber MODULE_LICENSE("GPL"); 263c1e26e1eSJan Glauber MODULE_DESCRIPTION("DES & Triple DES EDE Cipher Algorithms"); 264