1990672d4SGary R Hook /* 2990672d4SGary R Hook * AMD Cryptographic Coprocessor (CCP) DES3 crypto API support 3990672d4SGary R Hook * 468cc652fSGary R Hook * Copyright (C) 2016,2017 Advanced Micro Devices, Inc. 5990672d4SGary R Hook * 6990672d4SGary R Hook * Author: Gary R Hook <ghook@amd.com> 7990672d4SGary R Hook * 8990672d4SGary R Hook * This program is free software; you can redistribute it and/or modify 9990672d4SGary R Hook * it under the terms of the GNU General Public License version 2 as 10990672d4SGary R Hook * published by the Free Software Foundation. 11990672d4SGary R Hook */ 12990672d4SGary R Hook 13990672d4SGary R Hook #include <linux/module.h> 14990672d4SGary R Hook #include <linux/sched.h> 15990672d4SGary R Hook #include <linux/delay.h> 16990672d4SGary R Hook #include <linux/scatterlist.h> 17990672d4SGary R Hook #include <linux/crypto.h> 18990672d4SGary R Hook #include <crypto/algapi.h> 19990672d4SGary R Hook #include <crypto/scatterwalk.h> 20990672d4SGary R Hook #include <crypto/des.h> 21990672d4SGary R Hook 22990672d4SGary R Hook #include "ccp-crypto.h" 23990672d4SGary R Hook 24990672d4SGary R Hook static int ccp_des3_complete(struct crypto_async_request *async_req, int ret) 25990672d4SGary R Hook { 26990672d4SGary R Hook struct ablkcipher_request *req = ablkcipher_request_cast(async_req); 27990672d4SGary R Hook struct ccp_ctx *ctx = crypto_tfm_ctx(req->base.tfm); 28990672d4SGary R Hook struct ccp_des3_req_ctx *rctx = ablkcipher_request_ctx(req); 29990672d4SGary R Hook 30990672d4SGary R Hook if (ret) 31990672d4SGary R Hook return ret; 32990672d4SGary R Hook 33990672d4SGary R Hook if (ctx->u.des3.mode != CCP_DES3_MODE_ECB) 34990672d4SGary R Hook memcpy(req->info, rctx->iv, DES3_EDE_BLOCK_SIZE); 35990672d4SGary R Hook 36990672d4SGary R Hook return 0; 37990672d4SGary R Hook } 38990672d4SGary R Hook 39990672d4SGary R Hook static int ccp_des3_setkey(struct crypto_ablkcipher *tfm, const u8 *key, 40990672d4SGary R Hook unsigned int key_len) 41990672d4SGary R Hook { 42990672d4SGary R Hook struct ccp_ctx *ctx = crypto_tfm_ctx(crypto_ablkcipher_tfm(tfm)); 43990672d4SGary R Hook struct ccp_crypto_ablkcipher_alg *alg = 44990672d4SGary R Hook ccp_crypto_ablkcipher_alg(crypto_ablkcipher_tfm(tfm)); 45990672d4SGary R Hook u32 *flags = &tfm->base.crt_flags; 46990672d4SGary R Hook 47990672d4SGary R Hook 48990672d4SGary R Hook /* From des_generic.c: 49990672d4SGary R Hook * 50990672d4SGary R Hook * RFC2451: 51990672d4SGary R Hook * If the first two or last two independent 64-bit keys are 52990672d4SGary R Hook * equal (k1 == k2 or k2 == k3), then the DES3 operation is simply the 53990672d4SGary R Hook * same as DES. Implementers MUST reject keys that exhibit this 54990672d4SGary R Hook * property. 55990672d4SGary R Hook */ 56990672d4SGary R Hook const u32 *K = (const u32 *)key; 57990672d4SGary R Hook 58990672d4SGary R Hook if (unlikely(!((K[0] ^ K[2]) | (K[1] ^ K[3])) || 59990672d4SGary R Hook !((K[2] ^ K[4]) | (K[3] ^ K[5]))) && 60990672d4SGary R Hook (*flags & CRYPTO_TFM_REQ_WEAK_KEY)) { 61990672d4SGary R Hook *flags |= CRYPTO_TFM_RES_WEAK_KEY; 62990672d4SGary R Hook return -EINVAL; 63990672d4SGary R Hook } 64990672d4SGary R Hook 65990672d4SGary R Hook /* It's not clear that there is any support for a keysize of 112. 66990672d4SGary R Hook * If needed, the caller should make K1 == K3 67990672d4SGary R Hook */ 68990672d4SGary R Hook ctx->u.des3.type = CCP_DES3_TYPE_168; 69990672d4SGary R Hook ctx->u.des3.mode = alg->mode; 70990672d4SGary R Hook ctx->u.des3.key_len = key_len; 71990672d4SGary R Hook 72990672d4SGary R Hook memcpy(ctx->u.des3.key, key, key_len); 73990672d4SGary R Hook sg_init_one(&ctx->u.des3.key_sg, ctx->u.des3.key, key_len); 74990672d4SGary R Hook 75990672d4SGary R Hook return 0; 76990672d4SGary R Hook } 77990672d4SGary R Hook 78990672d4SGary R Hook static int ccp_des3_crypt(struct ablkcipher_request *req, bool encrypt) 79990672d4SGary R Hook { 80990672d4SGary R Hook struct ccp_ctx *ctx = crypto_tfm_ctx(req->base.tfm); 81990672d4SGary R Hook struct ccp_des3_req_ctx *rctx = ablkcipher_request_ctx(req); 82990672d4SGary R Hook struct scatterlist *iv_sg = NULL; 83990672d4SGary R Hook unsigned int iv_len = 0; 84990672d4SGary R Hook int ret; 85990672d4SGary R Hook 86990672d4SGary R Hook if (!ctx->u.des3.key_len) 87990672d4SGary R Hook return -EINVAL; 88990672d4SGary R Hook 89990672d4SGary R Hook if (((ctx->u.des3.mode == CCP_DES3_MODE_ECB) || 90990672d4SGary R Hook (ctx->u.des3.mode == CCP_DES3_MODE_CBC)) && 91990672d4SGary R Hook (req->nbytes & (DES3_EDE_BLOCK_SIZE - 1))) 92990672d4SGary R Hook return -EINVAL; 93990672d4SGary R Hook 94990672d4SGary R Hook if (ctx->u.des3.mode != CCP_DES3_MODE_ECB) { 95990672d4SGary R Hook if (!req->info) 96990672d4SGary R Hook return -EINVAL; 97990672d4SGary R Hook 98990672d4SGary R Hook memcpy(rctx->iv, req->info, DES3_EDE_BLOCK_SIZE); 99990672d4SGary R Hook iv_sg = &rctx->iv_sg; 100990672d4SGary R Hook iv_len = DES3_EDE_BLOCK_SIZE; 101990672d4SGary R Hook sg_init_one(iv_sg, rctx->iv, iv_len); 102990672d4SGary R Hook } 103990672d4SGary R Hook 104990672d4SGary R Hook memset(&rctx->cmd, 0, sizeof(rctx->cmd)); 105990672d4SGary R Hook INIT_LIST_HEAD(&rctx->cmd.entry); 106990672d4SGary R Hook rctx->cmd.engine = CCP_ENGINE_DES3; 107990672d4SGary R Hook rctx->cmd.u.des3.type = ctx->u.des3.type; 108990672d4SGary R Hook rctx->cmd.u.des3.mode = ctx->u.des3.mode; 109990672d4SGary R Hook rctx->cmd.u.des3.action = (encrypt) 110990672d4SGary R Hook ? CCP_DES3_ACTION_ENCRYPT 111990672d4SGary R Hook : CCP_DES3_ACTION_DECRYPT; 112990672d4SGary R Hook rctx->cmd.u.des3.key = &ctx->u.des3.key_sg; 113990672d4SGary R Hook rctx->cmd.u.des3.key_len = ctx->u.des3.key_len; 114990672d4SGary R Hook rctx->cmd.u.des3.iv = iv_sg; 115990672d4SGary R Hook rctx->cmd.u.des3.iv_len = iv_len; 116990672d4SGary R Hook rctx->cmd.u.des3.src = req->src; 117990672d4SGary R Hook rctx->cmd.u.des3.src_len = req->nbytes; 118990672d4SGary R Hook rctx->cmd.u.des3.dst = req->dst; 119990672d4SGary R Hook 120990672d4SGary R Hook ret = ccp_crypto_enqueue_request(&req->base, &rctx->cmd); 121990672d4SGary R Hook 122990672d4SGary R Hook return ret; 123990672d4SGary R Hook } 124990672d4SGary R Hook 125990672d4SGary R Hook static int ccp_des3_encrypt(struct ablkcipher_request *req) 126990672d4SGary R Hook { 127990672d4SGary R Hook return ccp_des3_crypt(req, true); 128990672d4SGary R Hook } 129990672d4SGary R Hook 130990672d4SGary R Hook static int ccp_des3_decrypt(struct ablkcipher_request *req) 131990672d4SGary R Hook { 132990672d4SGary R Hook return ccp_des3_crypt(req, false); 133990672d4SGary R Hook } 134990672d4SGary R Hook 135990672d4SGary R Hook static int ccp_des3_cra_init(struct crypto_tfm *tfm) 136990672d4SGary R Hook { 137990672d4SGary R Hook struct ccp_ctx *ctx = crypto_tfm_ctx(tfm); 138990672d4SGary R Hook 139990672d4SGary R Hook ctx->complete = ccp_des3_complete; 140990672d4SGary R Hook ctx->u.des3.key_len = 0; 141990672d4SGary R Hook 142990672d4SGary R Hook tfm->crt_ablkcipher.reqsize = sizeof(struct ccp_des3_req_ctx); 143990672d4SGary R Hook 144990672d4SGary R Hook return 0; 145990672d4SGary R Hook } 146990672d4SGary R Hook 147990672d4SGary R Hook static void ccp_des3_cra_exit(struct crypto_tfm *tfm) 148990672d4SGary R Hook { 149990672d4SGary R Hook } 150990672d4SGary R Hook 151990672d4SGary R Hook static struct crypto_alg ccp_des3_defaults = { 152990672d4SGary R Hook .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | 153990672d4SGary R Hook CRYPTO_ALG_ASYNC | 154990672d4SGary R Hook CRYPTO_ALG_KERN_DRIVER_ONLY | 155990672d4SGary R Hook CRYPTO_ALG_NEED_FALLBACK, 156990672d4SGary R Hook .cra_blocksize = DES3_EDE_BLOCK_SIZE, 157990672d4SGary R Hook .cra_ctxsize = sizeof(struct ccp_ctx), 158990672d4SGary R Hook .cra_priority = CCP_CRA_PRIORITY, 159990672d4SGary R Hook .cra_type = &crypto_ablkcipher_type, 160990672d4SGary R Hook .cra_init = ccp_des3_cra_init, 161990672d4SGary R Hook .cra_exit = ccp_des3_cra_exit, 162990672d4SGary R Hook .cra_module = THIS_MODULE, 163990672d4SGary R Hook .cra_ablkcipher = { 164990672d4SGary R Hook .setkey = ccp_des3_setkey, 165990672d4SGary R Hook .encrypt = ccp_des3_encrypt, 166990672d4SGary R Hook .decrypt = ccp_des3_decrypt, 167990672d4SGary R Hook .min_keysize = DES3_EDE_KEY_SIZE, 168990672d4SGary R Hook .max_keysize = DES3_EDE_KEY_SIZE, 169990672d4SGary R Hook }, 170990672d4SGary R Hook }; 171990672d4SGary R Hook 172990672d4SGary R Hook struct ccp_des3_def { 173990672d4SGary R Hook enum ccp_des3_mode mode; 174990672d4SGary R Hook unsigned int version; 175990672d4SGary R Hook const char *name; 176990672d4SGary R Hook const char *driver_name; 177990672d4SGary R Hook unsigned int blocksize; 178990672d4SGary R Hook unsigned int ivsize; 179990672d4SGary R Hook struct crypto_alg *alg_defaults; 180990672d4SGary R Hook }; 181990672d4SGary R Hook 182990672d4SGary R Hook static struct ccp_des3_def des3_algs[] = { 183990672d4SGary R Hook { 184990672d4SGary R Hook .mode = CCP_DES3_MODE_ECB, 185990672d4SGary R Hook .version = CCP_VERSION(5, 0), 186990672d4SGary R Hook .name = "ecb(des3_ede)", 187990672d4SGary R Hook .driver_name = "ecb-des3-ccp", 188990672d4SGary R Hook .blocksize = DES3_EDE_BLOCK_SIZE, 189990672d4SGary R Hook .ivsize = 0, 190990672d4SGary R Hook .alg_defaults = &ccp_des3_defaults, 191990672d4SGary R Hook }, 192990672d4SGary R Hook { 193990672d4SGary R Hook .mode = CCP_DES3_MODE_CBC, 194990672d4SGary R Hook .version = CCP_VERSION(5, 0), 195990672d4SGary R Hook .name = "cbc(des3_ede)", 196990672d4SGary R Hook .driver_name = "cbc-des3-ccp", 197990672d4SGary R Hook .blocksize = DES3_EDE_BLOCK_SIZE, 198990672d4SGary R Hook .ivsize = DES3_EDE_BLOCK_SIZE, 199990672d4SGary R Hook .alg_defaults = &ccp_des3_defaults, 200990672d4SGary R Hook }, 201990672d4SGary R Hook }; 202990672d4SGary R Hook 203990672d4SGary R Hook static int ccp_register_des3_alg(struct list_head *head, 204990672d4SGary R Hook const struct ccp_des3_def *def) 205990672d4SGary R Hook { 206990672d4SGary R Hook struct ccp_crypto_ablkcipher_alg *ccp_alg; 207990672d4SGary R Hook struct crypto_alg *alg; 208990672d4SGary R Hook int ret; 209990672d4SGary R Hook 210990672d4SGary R Hook ccp_alg = kzalloc(sizeof(*ccp_alg), GFP_KERNEL); 211990672d4SGary R Hook if (!ccp_alg) 212990672d4SGary R Hook return -ENOMEM; 213990672d4SGary R Hook 214990672d4SGary R Hook INIT_LIST_HEAD(&ccp_alg->entry); 215990672d4SGary R Hook 216990672d4SGary R Hook ccp_alg->mode = def->mode; 217990672d4SGary R Hook 218990672d4SGary R Hook /* Copy the defaults and override as necessary */ 219990672d4SGary R Hook alg = &ccp_alg->alg; 220990672d4SGary R Hook *alg = *def->alg_defaults; 221990672d4SGary R Hook snprintf(alg->cra_name, CRYPTO_MAX_ALG_NAME, "%s", def->name); 222990672d4SGary R Hook snprintf(alg->cra_driver_name, CRYPTO_MAX_ALG_NAME, "%s", 223990672d4SGary R Hook def->driver_name); 224990672d4SGary R Hook alg->cra_blocksize = def->blocksize; 225990672d4SGary R Hook alg->cra_ablkcipher.ivsize = def->ivsize; 226990672d4SGary R Hook 227990672d4SGary R Hook ret = crypto_register_alg(alg); 228990672d4SGary R Hook if (ret) { 229990672d4SGary R Hook pr_err("%s ablkcipher algorithm registration error (%d)\n", 230990672d4SGary R Hook alg->cra_name, ret); 231990672d4SGary R Hook kfree(ccp_alg); 232990672d4SGary R Hook return ret; 233990672d4SGary R Hook } 234990672d4SGary R Hook 235990672d4SGary R Hook list_add(&ccp_alg->entry, head); 236990672d4SGary R Hook 237990672d4SGary R Hook return 0; 238990672d4SGary R Hook } 239990672d4SGary R Hook 240990672d4SGary R Hook int ccp_register_des3_algs(struct list_head *head) 241990672d4SGary R Hook { 242990672d4SGary R Hook int i, ret; 243990672d4SGary R Hook unsigned int ccpversion = ccp_version(); 244990672d4SGary R Hook 245990672d4SGary R Hook for (i = 0; i < ARRAY_SIZE(des3_algs); i++) { 246990672d4SGary R Hook if (des3_algs[i].version > ccpversion) 247990672d4SGary R Hook continue; 248990672d4SGary R Hook ret = ccp_register_des3_alg(head, &des3_algs[i]); 249990672d4SGary R Hook if (ret) 250990672d4SGary R Hook return ret; 251990672d4SGary R Hook } 252990672d4SGary R Hook 253990672d4SGary R Hook return 0; 254990672d4SGary R Hook } 255