1 /*
2  * AMD Cryptographic Coprocessor (CCP) DES3 crypto API support
3  *
4  * Copyright (C) 2016,2017 Advanced Micro Devices, Inc.
5  *
6  * Author: Gary R Hook <ghook@amd.com>
7  *
8  * This program is free software; you can redistribute it and/or modify
9  * it under the terms of the GNU General Public License version 2 as
10  * published by the Free Software Foundation.
11  */
12 
13 #include <linux/module.h>
14 #include <linux/sched.h>
15 #include <linux/delay.h>
16 #include <linux/scatterlist.h>
17 #include <linux/crypto.h>
18 #include <crypto/algapi.h>
19 #include <crypto/scatterwalk.h>
20 #include <crypto/des.h>
21 
22 #include "ccp-crypto.h"
23 
24 static int ccp_des3_complete(struct crypto_async_request *async_req, int ret)
25 {
26 	struct ablkcipher_request *req = ablkcipher_request_cast(async_req);
27 	struct ccp_ctx *ctx = crypto_tfm_ctx(req->base.tfm);
28 	struct ccp_des3_req_ctx *rctx = ablkcipher_request_ctx(req);
29 
30 	if (ret)
31 		return ret;
32 
33 	if (ctx->u.des3.mode != CCP_DES3_MODE_ECB)
34 		memcpy(req->info, rctx->iv, DES3_EDE_BLOCK_SIZE);
35 
36 	return 0;
37 }
38 
39 static int ccp_des3_setkey(struct crypto_ablkcipher *tfm, const u8 *key,
40 		unsigned int key_len)
41 {
42 	struct ccp_ctx *ctx = crypto_tfm_ctx(crypto_ablkcipher_tfm(tfm));
43 	struct ccp_crypto_ablkcipher_alg *alg =
44 		ccp_crypto_ablkcipher_alg(crypto_ablkcipher_tfm(tfm));
45 	u32 *flags = &tfm->base.crt_flags;
46 
47 
48 	/* From des_generic.c:
49 	 *
50 	 * RFC2451:
51 	 *   If the first two or last two independent 64-bit keys are
52 	 *   equal (k1 == k2 or k2 == k3), then the DES3 operation is simply the
53 	 *   same as DES.  Implementers MUST reject keys that exhibit this
54 	 *   property.
55 	 */
56 	const u32 *K = (const u32 *)key;
57 
58 	if (unlikely(!((K[0] ^ K[2]) | (K[1] ^ K[3])) ||
59 		     !((K[2] ^ K[4]) | (K[3] ^ K[5]))) &&
60 		     (*flags & CRYPTO_TFM_REQ_WEAK_KEY)) {
61 		*flags |= CRYPTO_TFM_RES_WEAK_KEY;
62 		return -EINVAL;
63 	}
64 
65 	/* It's not clear that there is any support for a keysize of 112.
66 	 * If needed, the caller should make K1 == K3
67 	 */
68 	ctx->u.des3.type = CCP_DES3_TYPE_168;
69 	ctx->u.des3.mode = alg->mode;
70 	ctx->u.des3.key_len = key_len;
71 
72 	memcpy(ctx->u.des3.key, key, key_len);
73 	sg_init_one(&ctx->u.des3.key_sg, ctx->u.des3.key, key_len);
74 
75 	return 0;
76 }
77 
78 static int ccp_des3_crypt(struct ablkcipher_request *req, bool encrypt)
79 {
80 	struct ccp_ctx *ctx = crypto_tfm_ctx(req->base.tfm);
81 	struct ccp_des3_req_ctx *rctx = ablkcipher_request_ctx(req);
82 	struct scatterlist *iv_sg = NULL;
83 	unsigned int iv_len = 0;
84 	int ret;
85 
86 	if (!ctx->u.des3.key_len)
87 		return -EINVAL;
88 
89 	if (((ctx->u.des3.mode == CCP_DES3_MODE_ECB) ||
90 	     (ctx->u.des3.mode == CCP_DES3_MODE_CBC)) &&
91 	    (req->nbytes & (DES3_EDE_BLOCK_SIZE - 1)))
92 		return -EINVAL;
93 
94 	if (ctx->u.des3.mode != CCP_DES3_MODE_ECB) {
95 		if (!req->info)
96 			return -EINVAL;
97 
98 		memcpy(rctx->iv, req->info, DES3_EDE_BLOCK_SIZE);
99 		iv_sg = &rctx->iv_sg;
100 		iv_len = DES3_EDE_BLOCK_SIZE;
101 		sg_init_one(iv_sg, rctx->iv, iv_len);
102 	}
103 
104 	memset(&rctx->cmd, 0, sizeof(rctx->cmd));
105 	INIT_LIST_HEAD(&rctx->cmd.entry);
106 	rctx->cmd.engine = CCP_ENGINE_DES3;
107 	rctx->cmd.u.des3.type = ctx->u.des3.type;
108 	rctx->cmd.u.des3.mode = ctx->u.des3.mode;
109 	rctx->cmd.u.des3.action = (encrypt)
110 				  ? CCP_DES3_ACTION_ENCRYPT
111 				  : CCP_DES3_ACTION_DECRYPT;
112 	rctx->cmd.u.des3.key = &ctx->u.des3.key_sg;
113 	rctx->cmd.u.des3.key_len = ctx->u.des3.key_len;
114 	rctx->cmd.u.des3.iv = iv_sg;
115 	rctx->cmd.u.des3.iv_len = iv_len;
116 	rctx->cmd.u.des3.src = req->src;
117 	rctx->cmd.u.des3.src_len = req->nbytes;
118 	rctx->cmd.u.des3.dst = req->dst;
119 
120 	ret = ccp_crypto_enqueue_request(&req->base, &rctx->cmd);
121 
122 	return ret;
123 }
124 
125 static int ccp_des3_encrypt(struct ablkcipher_request *req)
126 {
127 	return ccp_des3_crypt(req, true);
128 }
129 
130 static int ccp_des3_decrypt(struct ablkcipher_request *req)
131 {
132 	return ccp_des3_crypt(req, false);
133 }
134 
135 static int ccp_des3_cra_init(struct crypto_tfm *tfm)
136 {
137 	struct ccp_ctx *ctx = crypto_tfm_ctx(tfm);
138 
139 	ctx->complete = ccp_des3_complete;
140 	ctx->u.des3.key_len = 0;
141 
142 	tfm->crt_ablkcipher.reqsize = sizeof(struct ccp_des3_req_ctx);
143 
144 	return 0;
145 }
146 
147 static void ccp_des3_cra_exit(struct crypto_tfm *tfm)
148 {
149 }
150 
151 static struct crypto_alg ccp_des3_defaults = {
152 	.cra_flags	= CRYPTO_ALG_TYPE_ABLKCIPHER |
153 		CRYPTO_ALG_ASYNC |
154 		CRYPTO_ALG_KERN_DRIVER_ONLY |
155 		CRYPTO_ALG_NEED_FALLBACK,
156 	.cra_blocksize	= DES3_EDE_BLOCK_SIZE,
157 	.cra_ctxsize	= sizeof(struct ccp_ctx),
158 	.cra_priority	= CCP_CRA_PRIORITY,
159 	.cra_type	= &crypto_ablkcipher_type,
160 	.cra_init	= ccp_des3_cra_init,
161 	.cra_exit	= ccp_des3_cra_exit,
162 	.cra_module	= THIS_MODULE,
163 	.cra_ablkcipher	= {
164 		.setkey		= ccp_des3_setkey,
165 		.encrypt	= ccp_des3_encrypt,
166 		.decrypt	= ccp_des3_decrypt,
167 		.min_keysize	= DES3_EDE_KEY_SIZE,
168 		.max_keysize	= DES3_EDE_KEY_SIZE,
169 	},
170 };
171 
172 struct ccp_des3_def {
173 	enum ccp_des3_mode mode;
174 	unsigned int version;
175 	const char *name;
176 	const char *driver_name;
177 	unsigned int blocksize;
178 	unsigned int ivsize;
179 	struct crypto_alg *alg_defaults;
180 };
181 
182 static struct ccp_des3_def des3_algs[] = {
183 	{
184 		.mode		= CCP_DES3_MODE_ECB,
185 		.version	= CCP_VERSION(5, 0),
186 		.name		= "ecb(des3_ede)",
187 		.driver_name	= "ecb-des3-ccp",
188 		.blocksize	= DES3_EDE_BLOCK_SIZE,
189 		.ivsize		= 0,
190 		.alg_defaults	= &ccp_des3_defaults,
191 	},
192 	{
193 		.mode		= CCP_DES3_MODE_CBC,
194 		.version	= CCP_VERSION(5, 0),
195 		.name		= "cbc(des3_ede)",
196 		.driver_name	= "cbc-des3-ccp",
197 		.blocksize	= DES3_EDE_BLOCK_SIZE,
198 		.ivsize		= DES3_EDE_BLOCK_SIZE,
199 		.alg_defaults	= &ccp_des3_defaults,
200 	},
201 };
202 
203 static int ccp_register_des3_alg(struct list_head *head,
204 				 const struct ccp_des3_def *def)
205 {
206 	struct ccp_crypto_ablkcipher_alg *ccp_alg;
207 	struct crypto_alg *alg;
208 	int ret;
209 
210 	ccp_alg = kzalloc(sizeof(*ccp_alg), GFP_KERNEL);
211 	if (!ccp_alg)
212 		return -ENOMEM;
213 
214 	INIT_LIST_HEAD(&ccp_alg->entry);
215 
216 	ccp_alg->mode = def->mode;
217 
218 	/* Copy the defaults and override as necessary */
219 	alg = &ccp_alg->alg;
220 	*alg = *def->alg_defaults;
221 	snprintf(alg->cra_name, CRYPTO_MAX_ALG_NAME, "%s", def->name);
222 	snprintf(alg->cra_driver_name, CRYPTO_MAX_ALG_NAME, "%s",
223 			def->driver_name);
224 	alg->cra_blocksize = def->blocksize;
225 	alg->cra_ablkcipher.ivsize = def->ivsize;
226 
227 	ret = crypto_register_alg(alg);
228 	if (ret) {
229 		pr_err("%s ablkcipher algorithm registration error (%d)\n",
230 				alg->cra_name, ret);
231 		kfree(ccp_alg);
232 		return ret;
233 	}
234 
235 	list_add(&ccp_alg->entry, head);
236 
237 	return 0;
238 }
239 
240 int ccp_register_des3_algs(struct list_head *head)
241 {
242 	int i, ret;
243 	unsigned int ccpversion = ccp_version();
244 
245 	for (i = 0; i < ARRAY_SIZE(des3_algs); i++) {
246 		if (des3_algs[i].version > ccpversion)
247 			continue;
248 		ret = ccp_register_des3_alg(head, &des3_algs[i]);
249 		if (ret)
250 			return ret;
251 	}
252 
253 	return 0;
254 }
255