^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) // SPDX-License-Identifier: GPL-2.0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) * Cryptographic API.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) * s390 implementation of the AES Cipher Algorithm with protected keys.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7) * s390 Version:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) * Copyright IBM Corp. 2017,2020
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) * Author(s): Martin Schwidefsky <schwidefsky@de.ibm.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) * Harald Freudenberger <freude@de.ibm.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) #define KMSG_COMPONENT "paes_s390"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) #include <crypto/aes.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) #include <crypto/algapi.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) #include <linux/bug.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) #include <linux/err.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) #include <linux/module.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) #include <linux/cpufeature.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) #include <linux/init.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) #include <linux/mutex.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) #include <linux/spinlock.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) #include <crypto/internal/skcipher.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) #include <crypto/xts.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) #include <asm/cpacf.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) #include <asm/pkey.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) * Key blobs smaller/bigger than these defines are rejected
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) * by the common code even before the individual setkey function
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) * is called. As paes can handle different kinds of key blobs
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) * and padding is also possible, the limits need to be generous.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) #define PAES_MIN_KEYSIZE 16
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) #define PAES_MAX_KEYSIZE 320
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) static u8 *ctrblk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) static DEFINE_MUTEX(ctrblk_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) static cpacf_mask_t km_functions, kmc_functions, kmctr_functions;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) struct key_blob {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) * Small keys will be stored in the keybuf. Larger keys are
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) * stored in extra allocated memory. In both cases does
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) * key point to the memory where the key is stored.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) * The code distinguishes by checking keylen against
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) * sizeof(keybuf). See the two following helper functions.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) u8 *key;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) u8 keybuf[128];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) unsigned int keylen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) static inline int _key_to_kb(struct key_blob *kb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) const u8 *key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) unsigned int keylen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) struct clearkey_header {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) u8 type;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) u8 res0[3];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) u8 version;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) u8 res1[3];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) u32 keytype;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) u32 len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68) } __packed * h;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) switch (keylen) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) case 16:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72) case 24:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) case 32:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) /* clear key value, prepare pkey clear key token in keybuf */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) memset(kb->keybuf, 0, sizeof(kb->keybuf));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) h = (struct clearkey_header *) kb->keybuf;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) h->version = 0x02; /* TOKVER_CLEAR_KEY */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) h->keytype = (keylen - 8) >> 3;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) h->len = keylen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) memcpy(kb->keybuf + sizeof(*h), key, keylen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) kb->keylen = sizeof(*h) + keylen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) kb->key = kb->keybuf;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) /* other key material, let pkey handle this */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) if (keylen <= sizeof(kb->keybuf))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) kb->key = kb->keybuf;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88) else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89) kb->key = kmalloc(keylen, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) if (!kb->key)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93) memcpy(kb->key, key, keylen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94) kb->keylen = keylen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) static inline void _free_kb_keybuf(struct key_blob *kb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) if (kb->key && kb->key != kb->keybuf
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) && kb->keylen > sizeof(kb->keybuf)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) kfree(kb->key);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) kb->key = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) struct s390_paes_ctx {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) struct key_blob kb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) struct pkey_protkey pk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) spinlock_t pk_lock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) unsigned long fc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) struct s390_pxts_ctx {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) struct key_blob kb[2];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) struct pkey_protkey pk[2];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) spinlock_t pk_lock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) unsigned long fc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) static inline int __paes_keyblob2pkey(struct key_blob *kb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) struct pkey_protkey *pk)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) int i, ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) /* try three times in case of failure */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) for (i = 0; i < 3; i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) ret = pkey_keyblob2pkey(kb->key, kb->keylen, pk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) if (ret == 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) static inline int __paes_convert_key(struct s390_paes_ctx *ctx)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) struct pkey_protkey pkey;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) if (__paes_keyblob2pkey(&ctx->kb, &pkey))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) spin_lock_bh(&ctx->pk_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) memcpy(&ctx->pk, &pkey, sizeof(pkey));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) spin_unlock_bh(&ctx->pk_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) static int ecb_paes_init(struct crypto_skcipher *tfm)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) struct s390_paes_ctx *ctx = crypto_skcipher_ctx(tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) ctx->kb.key = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) spin_lock_init(&ctx->pk_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) static void ecb_paes_exit(struct crypto_skcipher *tfm)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) struct s390_paes_ctx *ctx = crypto_skcipher_ctx(tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) _free_kb_keybuf(&ctx->kb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) static inline int __ecb_paes_set_key(struct s390_paes_ctx *ctx)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) unsigned long fc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) if (__paes_convert_key(ctx))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) /* Pick the correct function code based on the protected key type */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) fc = (ctx->pk.type == PKEY_KEYTYPE_AES_128) ? CPACF_KM_PAES_128 :
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) (ctx->pk.type == PKEY_KEYTYPE_AES_192) ? CPACF_KM_PAES_192 :
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) (ctx->pk.type == PKEY_KEYTYPE_AES_256) ? CPACF_KM_PAES_256 : 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) /* Check if the function code is available */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) ctx->fc = (fc && cpacf_test_func(&km_functions, fc)) ? fc : 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) return ctx->fc ? 0 : -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) static int ecb_paes_set_key(struct crypto_skcipher *tfm, const u8 *in_key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) unsigned int key_len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) struct s390_paes_ctx *ctx = crypto_skcipher_ctx(tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) _free_kb_keybuf(&ctx->kb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) rc = _key_to_kb(&ctx->kb, in_key, key_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) return __ecb_paes_set_key(ctx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) static int ecb_paes_crypt(struct skcipher_request *req, unsigned long modifier)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) struct s390_paes_ctx *ctx = crypto_skcipher_ctx(tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) struct skcipher_walk walk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) unsigned int nbytes, n, k;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) int ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) struct {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) u8 key[MAXPROTKEYSIZE];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) } param;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) ret = skcipher_walk_virt(&walk, req, false);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) if (ret)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) spin_lock_bh(&ctx->pk_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) memcpy(param.key, ctx->pk.protkey, MAXPROTKEYSIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219) spin_unlock_bh(&ctx->pk_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) while ((nbytes = walk.nbytes) != 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) /* only use complete blocks */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) n = nbytes & ~(AES_BLOCK_SIZE - 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) k = cpacf_km(ctx->fc | modifier, ¶m,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) walk.dst.virt.addr, walk.src.virt.addr, n);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) if (k)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) ret = skcipher_walk_done(&walk, nbytes - k);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) if (k < n) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) if (__paes_convert_key(ctx))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) return skcipher_walk_done(&walk, -EIO);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) spin_lock_bh(&ctx->pk_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) memcpy(param.key, ctx->pk.protkey, MAXPROTKEYSIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) spin_unlock_bh(&ctx->pk_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) static int ecb_paes_encrypt(struct skcipher_request *req)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241) return ecb_paes_crypt(req, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244) static int ecb_paes_decrypt(struct skcipher_request *req)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246) return ecb_paes_crypt(req, CPACF_DECRYPT);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249) static struct skcipher_alg ecb_paes_alg = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250) .base.cra_name = "ecb(paes)",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251) .base.cra_driver_name = "ecb-paes-s390",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) .base.cra_priority = 401, /* combo: aes + ecb + 1 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253) .base.cra_blocksize = AES_BLOCK_SIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254) .base.cra_ctxsize = sizeof(struct s390_paes_ctx),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255) .base.cra_module = THIS_MODULE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256) .base.cra_list = LIST_HEAD_INIT(ecb_paes_alg.base.cra_list),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257) .init = ecb_paes_init,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258) .exit = ecb_paes_exit,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259) .min_keysize = PAES_MIN_KEYSIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 260) .max_keysize = PAES_MAX_KEYSIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 261) .setkey = ecb_paes_set_key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 262) .encrypt = ecb_paes_encrypt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 263) .decrypt = ecb_paes_decrypt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 264) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 265)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 266) static int cbc_paes_init(struct crypto_skcipher *tfm)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 267) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 268) struct s390_paes_ctx *ctx = crypto_skcipher_ctx(tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 269)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 270) ctx->kb.key = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 271) spin_lock_init(&ctx->pk_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 272)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 273) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 274) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 275)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 276) static void cbc_paes_exit(struct crypto_skcipher *tfm)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 277) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 278) struct s390_paes_ctx *ctx = crypto_skcipher_ctx(tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 279)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 280) _free_kb_keybuf(&ctx->kb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 281) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 282)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 283) static inline int __cbc_paes_set_key(struct s390_paes_ctx *ctx)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 284) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 285) unsigned long fc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 286)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 287) if (__paes_convert_key(ctx))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 288) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 289)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 290) /* Pick the correct function code based on the protected key type */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 291) fc = (ctx->pk.type == PKEY_KEYTYPE_AES_128) ? CPACF_KMC_PAES_128 :
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 292) (ctx->pk.type == PKEY_KEYTYPE_AES_192) ? CPACF_KMC_PAES_192 :
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 293) (ctx->pk.type == PKEY_KEYTYPE_AES_256) ? CPACF_KMC_PAES_256 : 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 294)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 295) /* Check if the function code is available */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 296) ctx->fc = (fc && cpacf_test_func(&kmc_functions, fc)) ? fc : 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 297)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 298) return ctx->fc ? 0 : -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 299) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 300)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 301) static int cbc_paes_set_key(struct crypto_skcipher *tfm, const u8 *in_key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 302) unsigned int key_len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 303) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 304) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 305) struct s390_paes_ctx *ctx = crypto_skcipher_ctx(tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 306)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 307) _free_kb_keybuf(&ctx->kb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 308) rc = _key_to_kb(&ctx->kb, in_key, key_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 309) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 310) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 311)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 312) return __cbc_paes_set_key(ctx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 313) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 314)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 315) static int cbc_paes_crypt(struct skcipher_request *req, unsigned long modifier)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 316) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 317) struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 318) struct s390_paes_ctx *ctx = crypto_skcipher_ctx(tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 319) struct skcipher_walk walk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 320) unsigned int nbytes, n, k;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 321) int ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 322) struct {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 323) u8 iv[AES_BLOCK_SIZE];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 324) u8 key[MAXPROTKEYSIZE];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 325) } param;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 326)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 327) ret = skcipher_walk_virt(&walk, req, false);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 328) if (ret)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 329) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 330)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 331) memcpy(param.iv, walk.iv, AES_BLOCK_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 332) spin_lock_bh(&ctx->pk_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 333) memcpy(param.key, ctx->pk.protkey, MAXPROTKEYSIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 334) spin_unlock_bh(&ctx->pk_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 335)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 336) while ((nbytes = walk.nbytes) != 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 337) /* only use complete blocks */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 338) n = nbytes & ~(AES_BLOCK_SIZE - 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 339) k = cpacf_kmc(ctx->fc | modifier, ¶m,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 340) walk.dst.virt.addr, walk.src.virt.addr, n);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 341) if (k) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 342) memcpy(walk.iv, param.iv, AES_BLOCK_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 343) ret = skcipher_walk_done(&walk, nbytes - k);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 344) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 345) if (k < n) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 346) if (__paes_convert_key(ctx))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 347) return skcipher_walk_done(&walk, -EIO);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 348) spin_lock_bh(&ctx->pk_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 349) memcpy(param.key, ctx->pk.protkey, MAXPROTKEYSIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 350) spin_unlock_bh(&ctx->pk_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 351) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 352) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 353) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 354) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 355)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 356) static int cbc_paes_encrypt(struct skcipher_request *req)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 357) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 358) return cbc_paes_crypt(req, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 359) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 360)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 361) static int cbc_paes_decrypt(struct skcipher_request *req)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 362) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 363) return cbc_paes_crypt(req, CPACF_DECRYPT);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 364) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 365)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 366) static struct skcipher_alg cbc_paes_alg = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 367) .base.cra_name = "cbc(paes)",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 368) .base.cra_driver_name = "cbc-paes-s390",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 369) .base.cra_priority = 402, /* ecb-paes-s390 + 1 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 370) .base.cra_blocksize = AES_BLOCK_SIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 371) .base.cra_ctxsize = sizeof(struct s390_paes_ctx),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 372) .base.cra_module = THIS_MODULE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 373) .base.cra_list = LIST_HEAD_INIT(cbc_paes_alg.base.cra_list),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 374) .init = cbc_paes_init,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 375) .exit = cbc_paes_exit,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 376) .min_keysize = PAES_MIN_KEYSIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 377) .max_keysize = PAES_MAX_KEYSIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 378) .ivsize = AES_BLOCK_SIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 379) .setkey = cbc_paes_set_key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 380) .encrypt = cbc_paes_encrypt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 381) .decrypt = cbc_paes_decrypt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 382) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 383)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 384) static int xts_paes_init(struct crypto_skcipher *tfm)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 385) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 386) struct s390_pxts_ctx *ctx = crypto_skcipher_ctx(tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 387)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 388) ctx->kb[0].key = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 389) ctx->kb[1].key = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 390) spin_lock_init(&ctx->pk_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 391)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 392) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 393) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 394)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 395) static void xts_paes_exit(struct crypto_skcipher *tfm)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 396) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 397) struct s390_pxts_ctx *ctx = crypto_skcipher_ctx(tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 398)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 399) _free_kb_keybuf(&ctx->kb[0]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 400) _free_kb_keybuf(&ctx->kb[1]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 401) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 402)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 403) static inline int __xts_paes_convert_key(struct s390_pxts_ctx *ctx)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 404) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 405) struct pkey_protkey pkey0, pkey1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 406)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 407) if (__paes_keyblob2pkey(&ctx->kb[0], &pkey0) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 408) __paes_keyblob2pkey(&ctx->kb[1], &pkey1))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 409) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 410)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 411) spin_lock_bh(&ctx->pk_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 412) memcpy(&ctx->pk[0], &pkey0, sizeof(pkey0));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 413) memcpy(&ctx->pk[1], &pkey1, sizeof(pkey1));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 414) spin_unlock_bh(&ctx->pk_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 415)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 416) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 417) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 418)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 419) static inline int __xts_paes_set_key(struct s390_pxts_ctx *ctx)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 420) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 421) unsigned long fc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 422)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 423) if (__xts_paes_convert_key(ctx))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 424) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 425)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 426) if (ctx->pk[0].type != ctx->pk[1].type)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 427) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 428)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 429) /* Pick the correct function code based on the protected key type */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 430) fc = (ctx->pk[0].type == PKEY_KEYTYPE_AES_128) ? CPACF_KM_PXTS_128 :
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 431) (ctx->pk[0].type == PKEY_KEYTYPE_AES_256) ?
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 432) CPACF_KM_PXTS_256 : 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 433)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 434) /* Check if the function code is available */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 435) ctx->fc = (fc && cpacf_test_func(&km_functions, fc)) ? fc : 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 436)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 437) return ctx->fc ? 0 : -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 438) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 439)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 440) static int xts_paes_set_key(struct crypto_skcipher *tfm, const u8 *in_key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 441) unsigned int xts_key_len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 442) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 443) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 444) struct s390_pxts_ctx *ctx = crypto_skcipher_ctx(tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 445) u8 ckey[2 * AES_MAX_KEY_SIZE];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 446) unsigned int ckey_len, key_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 447)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 448) if (xts_key_len % 2)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 449) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 450)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 451) key_len = xts_key_len / 2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 452)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 453) _free_kb_keybuf(&ctx->kb[0]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 454) _free_kb_keybuf(&ctx->kb[1]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 455) rc = _key_to_kb(&ctx->kb[0], in_key, key_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 456) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 457) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 458) rc = _key_to_kb(&ctx->kb[1], in_key + key_len, key_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 459) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 460) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 461)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 462) rc = __xts_paes_set_key(ctx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 463) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 464) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 465)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 466) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 467) * xts_check_key verifies the key length is not odd and makes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 468) * sure that the two keys are not the same. This can be done
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 469) * on the two protected keys as well
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 470) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 471) ckey_len = (ctx->pk[0].type == PKEY_KEYTYPE_AES_128) ?
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 472) AES_KEYSIZE_128 : AES_KEYSIZE_256;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 473) memcpy(ckey, ctx->pk[0].protkey, ckey_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 474) memcpy(ckey + ckey_len, ctx->pk[1].protkey, ckey_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 475) return xts_verify_key(tfm, ckey, 2*ckey_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 476) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 477)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 478) static int xts_paes_crypt(struct skcipher_request *req, unsigned long modifier)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 479) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 480) struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 481) struct s390_pxts_ctx *ctx = crypto_skcipher_ctx(tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 482) struct skcipher_walk walk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 483) unsigned int keylen, offset, nbytes, n, k;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 484) int ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 485) struct {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 486) u8 key[MAXPROTKEYSIZE]; /* key + verification pattern */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 487) u8 tweak[16];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 488) u8 block[16];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 489) u8 bit[16];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 490) u8 xts[16];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 491) } pcc_param;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 492) struct {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 493) u8 key[MAXPROTKEYSIZE]; /* key + verification pattern */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 494) u8 init[16];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 495) } xts_param;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 496)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 497) ret = skcipher_walk_virt(&walk, req, false);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 498) if (ret)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 499) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 500)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 501) keylen = (ctx->pk[0].type == PKEY_KEYTYPE_AES_128) ? 48 : 64;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 502) offset = (ctx->pk[0].type == PKEY_KEYTYPE_AES_128) ? 16 : 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 503)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 504) memset(&pcc_param, 0, sizeof(pcc_param));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 505) memcpy(pcc_param.tweak, walk.iv, sizeof(pcc_param.tweak));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 506) spin_lock_bh(&ctx->pk_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 507) memcpy(pcc_param.key + offset, ctx->pk[1].protkey, keylen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 508) memcpy(xts_param.key + offset, ctx->pk[0].protkey, keylen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 509) spin_unlock_bh(&ctx->pk_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 510) cpacf_pcc(ctx->fc, pcc_param.key + offset);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 511) memcpy(xts_param.init, pcc_param.xts, 16);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 512)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 513) while ((nbytes = walk.nbytes) != 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 514) /* only use complete blocks */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 515) n = nbytes & ~(AES_BLOCK_SIZE - 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 516) k = cpacf_km(ctx->fc | modifier, xts_param.key + offset,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 517) walk.dst.virt.addr, walk.src.virt.addr, n);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 518) if (k)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 519) ret = skcipher_walk_done(&walk, nbytes - k);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 520) if (k < n) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 521) if (__xts_paes_convert_key(ctx))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 522) return skcipher_walk_done(&walk, -EIO);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 523) spin_lock_bh(&ctx->pk_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 524) memcpy(xts_param.key + offset,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 525) ctx->pk[0].protkey, keylen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 526) spin_unlock_bh(&ctx->pk_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 527) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 528) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 529)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 530) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 531) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 532)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 533) static int xts_paes_encrypt(struct skcipher_request *req)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 534) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 535) return xts_paes_crypt(req, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 536) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 537)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 538) static int xts_paes_decrypt(struct skcipher_request *req)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 539) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 540) return xts_paes_crypt(req, CPACF_DECRYPT);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 541) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 542)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 543) static struct skcipher_alg xts_paes_alg = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 544) .base.cra_name = "xts(paes)",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 545) .base.cra_driver_name = "xts-paes-s390",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 546) .base.cra_priority = 402, /* ecb-paes-s390 + 1 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 547) .base.cra_blocksize = AES_BLOCK_SIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 548) .base.cra_ctxsize = sizeof(struct s390_pxts_ctx),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 549) .base.cra_module = THIS_MODULE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 550) .base.cra_list = LIST_HEAD_INIT(xts_paes_alg.base.cra_list),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 551) .init = xts_paes_init,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 552) .exit = xts_paes_exit,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 553) .min_keysize = 2 * PAES_MIN_KEYSIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 554) .max_keysize = 2 * PAES_MAX_KEYSIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 555) .ivsize = AES_BLOCK_SIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 556) .setkey = xts_paes_set_key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 557) .encrypt = xts_paes_encrypt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 558) .decrypt = xts_paes_decrypt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 559) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 560)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 561) static int ctr_paes_init(struct crypto_skcipher *tfm)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 562) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 563) struct s390_paes_ctx *ctx = crypto_skcipher_ctx(tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 564)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 565) ctx->kb.key = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 566) spin_lock_init(&ctx->pk_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 567)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 568) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 569) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 570)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 571) static void ctr_paes_exit(struct crypto_skcipher *tfm)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 572) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 573) struct s390_paes_ctx *ctx = crypto_skcipher_ctx(tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 574)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 575) _free_kb_keybuf(&ctx->kb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 576) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 577)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 578) static inline int __ctr_paes_set_key(struct s390_paes_ctx *ctx)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 579) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 580) unsigned long fc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 581)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 582) if (__paes_convert_key(ctx))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 583) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 584)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 585) /* Pick the correct function code based on the protected key type */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 586) fc = (ctx->pk.type == PKEY_KEYTYPE_AES_128) ? CPACF_KMCTR_PAES_128 :
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 587) (ctx->pk.type == PKEY_KEYTYPE_AES_192) ? CPACF_KMCTR_PAES_192 :
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 588) (ctx->pk.type == PKEY_KEYTYPE_AES_256) ?
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 589) CPACF_KMCTR_PAES_256 : 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 590)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 591) /* Check if the function code is available */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 592) ctx->fc = (fc && cpacf_test_func(&kmctr_functions, fc)) ? fc : 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 593)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 594) return ctx->fc ? 0 : -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 595) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 596)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 597) static int ctr_paes_set_key(struct crypto_skcipher *tfm, const u8 *in_key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 598) unsigned int key_len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 599) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 600) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 601) struct s390_paes_ctx *ctx = crypto_skcipher_ctx(tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 602)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 603) _free_kb_keybuf(&ctx->kb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 604) rc = _key_to_kb(&ctx->kb, in_key, key_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 605) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 606) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 607)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 608) return __ctr_paes_set_key(ctx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 609) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 610)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 611) static unsigned int __ctrblk_init(u8 *ctrptr, u8 *iv, unsigned int nbytes)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 612) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 613) unsigned int i, n;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 614)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 615) /* only use complete blocks, max. PAGE_SIZE */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 616) memcpy(ctrptr, iv, AES_BLOCK_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 617) n = (nbytes > PAGE_SIZE) ? PAGE_SIZE : nbytes & ~(AES_BLOCK_SIZE - 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 618) for (i = (n / AES_BLOCK_SIZE) - 1; i > 0; i--) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 619) memcpy(ctrptr + AES_BLOCK_SIZE, ctrptr, AES_BLOCK_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 620) crypto_inc(ctrptr + AES_BLOCK_SIZE, AES_BLOCK_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 621) ctrptr += AES_BLOCK_SIZE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 622) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 623) return n;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 624) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 625)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 626) static int ctr_paes_crypt(struct skcipher_request *req)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 627) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 628) struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 629) struct s390_paes_ctx *ctx = crypto_skcipher_ctx(tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 630) u8 buf[AES_BLOCK_SIZE], *ctrptr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 631) struct skcipher_walk walk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 632) unsigned int nbytes, n, k;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 633) int ret, locked;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 634) struct {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 635) u8 key[MAXPROTKEYSIZE];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 636) } param;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 637)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 638) ret = skcipher_walk_virt(&walk, req, false);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 639) if (ret)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 640) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 641)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 642) spin_lock_bh(&ctx->pk_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 643) memcpy(param.key, ctx->pk.protkey, MAXPROTKEYSIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 644) spin_unlock_bh(&ctx->pk_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 645)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 646) locked = mutex_trylock(&ctrblk_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 647)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 648) while ((nbytes = walk.nbytes) >= AES_BLOCK_SIZE) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 649) n = AES_BLOCK_SIZE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 650) if (nbytes >= 2*AES_BLOCK_SIZE && locked)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 651) n = __ctrblk_init(ctrblk, walk.iv, nbytes);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 652) ctrptr = (n > AES_BLOCK_SIZE) ? ctrblk : walk.iv;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 653) k = cpacf_kmctr(ctx->fc, ¶m, walk.dst.virt.addr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 654) walk.src.virt.addr, n, ctrptr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 655) if (k) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 656) if (ctrptr == ctrblk)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 657) memcpy(walk.iv, ctrptr + k - AES_BLOCK_SIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 658) AES_BLOCK_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 659) crypto_inc(walk.iv, AES_BLOCK_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 660) ret = skcipher_walk_done(&walk, nbytes - k);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 661) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 662) if (k < n) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 663) if (__paes_convert_key(ctx)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 664) if (locked)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 665) mutex_unlock(&ctrblk_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 666) return skcipher_walk_done(&walk, -EIO);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 667) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 668) spin_lock_bh(&ctx->pk_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 669) memcpy(param.key, ctx->pk.protkey, MAXPROTKEYSIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 670) spin_unlock_bh(&ctx->pk_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 671) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 672) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 673) if (locked)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 674) mutex_unlock(&ctrblk_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 675) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 676) * final block may be < AES_BLOCK_SIZE, copy only nbytes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 677) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 678) if (nbytes) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 679) while (1) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 680) if (cpacf_kmctr(ctx->fc, ¶m, buf,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 681) walk.src.virt.addr, AES_BLOCK_SIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 682) walk.iv) == AES_BLOCK_SIZE)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 683) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 684) if (__paes_convert_key(ctx))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 685) return skcipher_walk_done(&walk, -EIO);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 686) spin_lock_bh(&ctx->pk_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 687) memcpy(param.key, ctx->pk.protkey, MAXPROTKEYSIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 688) spin_unlock_bh(&ctx->pk_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 689) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 690) memcpy(walk.dst.virt.addr, buf, nbytes);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 691) crypto_inc(walk.iv, AES_BLOCK_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 692) ret = skcipher_walk_done(&walk, nbytes);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 693) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 694)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 695) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 696) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 697)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 698) static struct skcipher_alg ctr_paes_alg = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 699) .base.cra_name = "ctr(paes)",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 700) .base.cra_driver_name = "ctr-paes-s390",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 701) .base.cra_priority = 402, /* ecb-paes-s390 + 1 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 702) .base.cra_blocksize = 1,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 703) .base.cra_ctxsize = sizeof(struct s390_paes_ctx),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 704) .base.cra_module = THIS_MODULE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 705) .base.cra_list = LIST_HEAD_INIT(ctr_paes_alg.base.cra_list),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 706) .init = ctr_paes_init,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 707) .exit = ctr_paes_exit,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 708) .min_keysize = PAES_MIN_KEYSIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 709) .max_keysize = PAES_MAX_KEYSIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 710) .ivsize = AES_BLOCK_SIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 711) .setkey = ctr_paes_set_key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 712) .encrypt = ctr_paes_crypt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 713) .decrypt = ctr_paes_crypt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 714) .chunksize = AES_BLOCK_SIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 715) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 716)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 717) static inline void __crypto_unregister_skcipher(struct skcipher_alg *alg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 718) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 719) if (!list_empty(&alg->base.cra_list))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 720) crypto_unregister_skcipher(alg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 721) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 722)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 723) static void paes_s390_fini(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 724) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 725) __crypto_unregister_skcipher(&ctr_paes_alg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 726) __crypto_unregister_skcipher(&xts_paes_alg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 727) __crypto_unregister_skcipher(&cbc_paes_alg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 728) __crypto_unregister_skcipher(&ecb_paes_alg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 729) if (ctrblk)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 730) free_page((unsigned long) ctrblk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 731) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 732)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 733) static int __init paes_s390_init(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 734) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 735) int ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 736)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 737) /* Query available functions for KM, KMC and KMCTR */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 738) cpacf_query(CPACF_KM, &km_functions);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 739) cpacf_query(CPACF_KMC, &kmc_functions);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 740) cpacf_query(CPACF_KMCTR, &kmctr_functions);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 741)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 742) if (cpacf_test_func(&km_functions, CPACF_KM_PAES_128) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 743) cpacf_test_func(&km_functions, CPACF_KM_PAES_192) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 744) cpacf_test_func(&km_functions, CPACF_KM_PAES_256)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 745) ret = crypto_register_skcipher(&ecb_paes_alg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 746) if (ret)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 747) goto out_err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 748) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 749)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 750) if (cpacf_test_func(&kmc_functions, CPACF_KMC_PAES_128) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 751) cpacf_test_func(&kmc_functions, CPACF_KMC_PAES_192) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 752) cpacf_test_func(&kmc_functions, CPACF_KMC_PAES_256)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 753) ret = crypto_register_skcipher(&cbc_paes_alg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 754) if (ret)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 755) goto out_err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 756) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 757)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 758) if (cpacf_test_func(&km_functions, CPACF_KM_PXTS_128) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 759) cpacf_test_func(&km_functions, CPACF_KM_PXTS_256)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 760) ret = crypto_register_skcipher(&xts_paes_alg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 761) if (ret)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 762) goto out_err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 763) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 764)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 765) if (cpacf_test_func(&kmctr_functions, CPACF_KMCTR_PAES_128) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 766) cpacf_test_func(&kmctr_functions, CPACF_KMCTR_PAES_192) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 767) cpacf_test_func(&kmctr_functions, CPACF_KMCTR_PAES_256)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 768) ctrblk = (u8 *) __get_free_page(GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 769) if (!ctrblk) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 770) ret = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 771) goto out_err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 772) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 773) ret = crypto_register_skcipher(&ctr_paes_alg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 774) if (ret)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 775) goto out_err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 776) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 777)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 778) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 779) out_err:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 780) paes_s390_fini();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 781) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 782) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 783)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 784) module_init(paes_s390_init);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 785) module_exit(paes_s390_fini);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 786)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 787) MODULE_ALIAS_CRYPTO("paes");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 788)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 789) MODULE_DESCRIPTION("Rijndael (AES) Cipher Algorithm with protected keys");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 790) MODULE_LICENSE("GPL");
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags