tree: https://kernel.googlesource.com/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master head: 0fe1c5a77257b9006b0b4b60652927d647bdd1a3 commit: e59c1c98745637796df824c0177f279b6e9cad94 [18/80] crypto: aes - create AES library based on the fixed time AES code config: s390-debug_defconfig (attached as .config) compiler: s390-linux-gcc (GCC) 7.4.0 reproduce: wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross git checkout e59c1c98745637796df824c0177f279b6e9cad94 # save the attached .config to linux build tree GCC_VERSION=7.4.0 make.cross ARCH=s390 If you fix the issue, kindly add following tag Reported-by: kbuild test robot <lkp@xxxxxxxxx> All errors (new ones prefixed by >>): >> arch/s390/crypto/aes_s390.c:111:13: error: conflicting types for 'aes_encrypt' static void aes_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) ^~~~~~~~~~~ In file included from arch/s390/crypto/aes_s390.c:20:0: include/crypto/aes.h:64:6: note: previous declaration of 'aes_encrypt' was here void aes_encrypt(const struct crypto_aes_ctx *ctx, u8 *out, const u8 *in); ^~~~~~~~~~~ >> arch/s390/crypto/aes_s390.c:122:13: error: conflicting types for 'aes_decrypt' static void aes_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) ^~~~~~~~~~~ In file included from arch/s390/crypto/aes_s390.c:20:0: include/crypto/aes.h:72:6: note: previous declaration of 'aes_decrypt' was here void aes_decrypt(const struct crypto_aes_ctx *ctx, u8 *out, const u8 *in); ^~~~~~~~~~~ vim +/aes_encrypt +111 arch/s390/crypto/aes_s390.c b0c3e75d857f378 Sebastian Siewior 2007-12-01 110 6c2bb98bc33ae33 Herbert Xu 2006-05-16 @111 static void aes_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) bf754ae8ef8bc44 Jan Glauber 2006-01-06 112 { e6a67ad0e290872 Chen Gang 2015-01-01 113 struct s390_aes_ctx *sctx = crypto_tfm_ctx(tfm); bf754ae8ef8bc44 Jan Glauber 2006-01-06 114 69c0e360f990c2d Martin Schwidefsky 2016-08-18 115 if (unlikely(!sctx->fc)) { b0c3e75d857f378 Sebastian Siewior 2007-12-01 116 crypto_cipher_encrypt_one(sctx->fallback.cip, out, in); b0c3e75d857f378 Sebastian Siewior 2007-12-01 117 return; b0c3e75d857f378 Sebastian Siewior 2007-12-01 118 } 69c0e360f990c2d Martin Schwidefsky 2016-08-18 119 cpacf_km(sctx->fc, &sctx->key, out, in, AES_BLOCK_SIZE); bf754ae8ef8bc44 Jan Glauber 2006-01-06 120 } bf754ae8ef8bc44 Jan Glauber 2006-01-06 121 6c2bb98bc33ae33 Herbert Xu 2006-05-16 @122 static void aes_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) bf754ae8ef8bc44 Jan Glauber 2006-01-06 123 { e6a67ad0e290872 Chen Gang 2015-01-01 124 struct s390_aes_ctx *sctx = crypto_tfm_ctx(tfm); bf754ae8ef8bc44 Jan Glauber 2006-01-06 125 69c0e360f990c2d Martin Schwidefsky 2016-08-18 126 if (unlikely(!sctx->fc)) { b0c3e75d857f378 Sebastian Siewior 2007-12-01 127 crypto_cipher_decrypt_one(sctx->fallback.cip, out, in); b0c3e75d857f378 Sebastian Siewior 2007-12-01 128 return; b0c3e75d857f378 Sebastian Siewior 2007-12-01 129 } 69c0e360f990c2d Martin Schwidefsky 2016-08-18 130 cpacf_km(sctx->fc | CPACF_DECRYPT, edc63a3785b4845 Martin Schwidefsky 2016-08-15 131 &sctx->key, out, in, AES_BLOCK_SIZE); bf754ae8ef8bc44 Jan Glauber 2006-01-06 132 } bf754ae8ef8bc44 Jan Glauber 2006-01-06 133 b0c3e75d857f378 Sebastian Siewior 2007-12-01 134 static int fallback_init_cip(struct crypto_tfm *tfm) b0c3e75d857f378 Sebastian Siewior 2007-12-01 135 { b0c3e75d857f378 Sebastian Siewior 2007-12-01 136 const char *name = tfm->__crt_alg->cra_name; b0c3e75d857f378 Sebastian Siewior 2007-12-01 137 struct s390_aes_ctx *sctx = crypto_tfm_ctx(tfm); b0c3e75d857f378 Sebastian Siewior 2007-12-01 138 b0c3e75d857f378 Sebastian Siewior 2007-12-01 139 sctx->fallback.cip = crypto_alloc_cipher(name, 0, 1ad0f1603a6b2af Eric Biggers 2018-11-14 140 CRYPTO_ALG_NEED_FALLBACK); b0c3e75d857f378 Sebastian Siewior 2007-12-01 141 b0c3e75d857f378 Sebastian Siewior 2007-12-01 142 if (IS_ERR(sctx->fallback.cip)) { 39f09392498d8ee Jan Glauber 2008-12-25 143 pr_err("Allocating AES fallback algorithm %s failed\n", 39f09392498d8ee Jan Glauber 2008-12-25 144 name); b59cdcb339fc728 Roel Kluin 2009-12-18 145 return PTR_ERR(sctx->fallback.cip); b0c3e75d857f378 Sebastian Siewior 2007-12-01 146 } b0c3e75d857f378 Sebastian Siewior 2007-12-01 147 b0c3e75d857f378 Sebastian Siewior 2007-12-01 148 return 0; b0c3e75d857f378 Sebastian Siewior 2007-12-01 149 } b0c3e75d857f378 Sebastian Siewior 2007-12-01 150 b0c3e75d857f378 Sebastian Siewior 2007-12-01 151 static void fallback_exit_cip(struct crypto_tfm *tfm) b0c3e75d857f378 Sebastian Siewior 2007-12-01 152 { b0c3e75d857f378 Sebastian Siewior 2007-12-01 153 struct s390_aes_ctx *sctx = crypto_tfm_ctx(tfm); b0c3e75d857f378 Sebastian Siewior 2007-12-01 154 b0c3e75d857f378 Sebastian Siewior 2007-12-01 155 crypto_free_cipher(sctx->fallback.cip); b0c3e75d857f378 Sebastian Siewior 2007-12-01 156 sctx->fallback.cip = NULL; b0c3e75d857f378 Sebastian Siewior 2007-12-01 157 } bf754ae8ef8bc44 Jan Glauber 2006-01-06 158 bf754ae8ef8bc44 Jan Glauber 2006-01-06 159 static struct crypto_alg aes_alg = { bf754ae8ef8bc44 Jan Glauber 2006-01-06 160 .cra_name = "aes", 65b75c36f4e8422 Herbert Xu 2006-08-21 161 .cra_driver_name = "aes-s390", c7d4d259b747786 Martin Schwidefsky 2016-03-17 162 .cra_priority = 300, f67d1369665b2ce Jan Glauber 2007-05-04 163 .cra_flags = CRYPTO_ALG_TYPE_CIPHER | f67d1369665b2ce Jan Glauber 2007-05-04 164 CRYPTO_ALG_NEED_FALLBACK, bf754ae8ef8bc44 Jan Glauber 2006-01-06 165 .cra_blocksize = AES_BLOCK_SIZE, bf754ae8ef8bc44 Jan Glauber 2006-01-06 166 .cra_ctxsize = sizeof(struct s390_aes_ctx), bf754ae8ef8bc44 Jan Glauber 2006-01-06 167 .cra_module = THIS_MODULE, b0c3e75d857f378 Sebastian Siewior 2007-12-01 168 .cra_init = fallback_init_cip, b0c3e75d857f378 Sebastian Siewior 2007-12-01 169 .cra_exit = fallback_exit_cip, bf754ae8ef8bc44 Jan Glauber 2006-01-06 170 .cra_u = { bf754ae8ef8bc44 Jan Glauber 2006-01-06 171 .cipher = { bf754ae8ef8bc44 Jan Glauber 2006-01-06 172 .cia_min_keysize = AES_MIN_KEY_SIZE, bf754ae8ef8bc44 Jan Glauber 2006-01-06 173 .cia_max_keysize = AES_MAX_KEY_SIZE, bf754ae8ef8bc44 Jan Glauber 2006-01-06 174 .cia_setkey = aes_set_key, bf754ae8ef8bc44 Jan Glauber 2006-01-06 175 .cia_encrypt = aes_encrypt, bf754ae8ef8bc44 Jan Glauber 2006-01-06 176 .cia_decrypt = aes_decrypt, bf754ae8ef8bc44 Jan Glauber 2006-01-06 177 } bf754ae8ef8bc44 Jan Glauber 2006-01-06 178 } bf754ae8ef8bc44 Jan Glauber 2006-01-06 179 }; bf754ae8ef8bc44 Jan Glauber 2006-01-06 180 b0c3e75d857f378 Sebastian Siewior 2007-12-01 181 static int setkey_fallback_blk(struct crypto_tfm *tfm, const u8 *key, b0c3e75d857f378 Sebastian Siewior 2007-12-01 182 unsigned int len) b0c3e75d857f378 Sebastian Siewior 2007-12-01 183 { b0c3e75d857f378 Sebastian Siewior 2007-12-01 184 struct s390_aes_ctx *sctx = crypto_tfm_ctx(tfm); b0c3e75d857f378 Sebastian Siewior 2007-12-01 185 unsigned int ret; b0c3e75d857f378 Sebastian Siewior 2007-12-01 186 531fa5d620b1e81 Kees Cook 2018-09-18 187 crypto_sync_skcipher_clear_flags(sctx->fallback.blk, 531fa5d620b1e81 Kees Cook 2018-09-18 188 CRYPTO_TFM_REQ_MASK); 531fa5d620b1e81 Kees Cook 2018-09-18 189 crypto_sync_skcipher_set_flags(sctx->fallback.blk, tfm->crt_flags & b0c3e75d857f378 Sebastian Siewior 2007-12-01 190 CRYPTO_TFM_REQ_MASK); b0c3e75d857f378 Sebastian Siewior 2007-12-01 191 531fa5d620b1e81 Kees Cook 2018-09-18 192 ret = crypto_sync_skcipher_setkey(sctx->fallback.blk, key, len); 64e26807bb93b4a Herbert Xu 2016-06-29 193 b0c3e75d857f378 Sebastian Siewior 2007-12-01 194 tfm->crt_flags &= ~CRYPTO_TFM_RES_MASK; 531fa5d620b1e81 Kees Cook 2018-09-18 195 tfm->crt_flags |= crypto_sync_skcipher_get_flags(sctx->fallback.blk) & 64e26807bb93b4a Herbert Xu 2016-06-29 196 CRYPTO_TFM_RES_MASK; 64e26807bb93b4a Herbert Xu 2016-06-29 197 b0c3e75d857f378 Sebastian Siewior 2007-12-01 198 return ret; b0c3e75d857f378 Sebastian Siewior 2007-12-01 199 } b0c3e75d857f378 Sebastian Siewior 2007-12-01 200 b0c3e75d857f378 Sebastian Siewior 2007-12-01 201 static int fallback_blk_dec(struct blkcipher_desc *desc, b0c3e75d857f378 Sebastian Siewior 2007-12-01 202 struct scatterlist *dst, struct scatterlist *src, b0c3e75d857f378 Sebastian Siewior 2007-12-01 203 unsigned int nbytes) b0c3e75d857f378 Sebastian Siewior 2007-12-01 204 { b0c3e75d857f378 Sebastian Siewior 2007-12-01 205 unsigned int ret; 64e26807bb93b4a Herbert Xu 2016-06-29 206 struct crypto_blkcipher *tfm = desc->tfm; 64e26807bb93b4a Herbert Xu 2016-06-29 207 struct s390_aes_ctx *sctx = crypto_blkcipher_ctx(tfm); 531fa5d620b1e81 Kees Cook 2018-09-18 208 SYNC_SKCIPHER_REQUEST_ON_STACK(req, sctx->fallback.blk); b0c3e75d857f378 Sebastian Siewior 2007-12-01 209 531fa5d620b1e81 Kees Cook 2018-09-18 210 skcipher_request_set_sync_tfm(req, sctx->fallback.blk); 64e26807bb93b4a Herbert Xu 2016-06-29 211 skcipher_request_set_callback(req, desc->flags, NULL, NULL); 64e26807bb93b4a Herbert Xu 2016-06-29 212 skcipher_request_set_crypt(req, src, dst, nbytes, desc->info); b0c3e75d857f378 Sebastian Siewior 2007-12-01 213 64e26807bb93b4a Herbert Xu 2016-06-29 214 ret = crypto_skcipher_decrypt(req); b0c3e75d857f378 Sebastian Siewior 2007-12-01 215 64e26807bb93b4a Herbert Xu 2016-06-29 216 skcipher_request_zero(req); b0c3e75d857f378 Sebastian Siewior 2007-12-01 217 return ret; b0c3e75d857f378 Sebastian Siewior 2007-12-01 218 } b0c3e75d857f378 Sebastian Siewior 2007-12-01 219 b0c3e75d857f378 Sebastian Siewior 2007-12-01 220 static int fallback_blk_enc(struct blkcipher_desc *desc, b0c3e75d857f378 Sebastian Siewior 2007-12-01 221 struct scatterlist *dst, struct scatterlist *src, b0c3e75d857f378 Sebastian Siewior 2007-12-01 222 unsigned int nbytes) b0c3e75d857f378 Sebastian Siewior 2007-12-01 223 { b0c3e75d857f378 Sebastian Siewior 2007-12-01 224 unsigned int ret; 64e26807bb93b4a Herbert Xu 2016-06-29 225 struct crypto_blkcipher *tfm = desc->tfm; 64e26807bb93b4a Herbert Xu 2016-06-29 226 struct s390_aes_ctx *sctx = crypto_blkcipher_ctx(tfm); 531fa5d620b1e81 Kees Cook 2018-09-18 227 SYNC_SKCIPHER_REQUEST_ON_STACK(req, sctx->fallback.blk); b0c3e75d857f378 Sebastian Siewior 2007-12-01 228 531fa5d620b1e81 Kees Cook 2018-09-18 229 skcipher_request_set_sync_tfm(req, sctx->fallback.blk); 64e26807bb93b4a Herbert Xu 2016-06-29 230 skcipher_request_set_callback(req, desc->flags, NULL, NULL); 64e26807bb93b4a Herbert Xu 2016-06-29 231 skcipher_request_set_crypt(req, src, dst, nbytes, desc->info); b0c3e75d857f378 Sebastian Siewior 2007-12-01 232 64e26807bb93b4a Herbert Xu 2016-06-29 233 ret = crypto_skcipher_encrypt(req); b0c3e75d857f378 Sebastian Siewior 2007-12-01 234 return ret; b0c3e75d857f378 Sebastian Siewior 2007-12-01 235 } b0c3e75d857f378 Sebastian Siewior 2007-12-01 236 a9e62fadf0b02ba Herbert Xu 2006-08-21 237 static int ecb_aes_set_key(struct crypto_tfm *tfm, const u8 *in_key, a9e62fadf0b02ba Herbert Xu 2006-08-21 238 unsigned int key_len) a9e62fadf0b02ba Herbert Xu 2006-08-21 239 { a9e62fadf0b02ba Herbert Xu 2006-08-21 240 struct s390_aes_ctx *sctx = crypto_tfm_ctx(tfm); 69c0e360f990c2d Martin Schwidefsky 2016-08-18 241 unsigned long fc; b0c3e75d857f378 Sebastian Siewior 2007-12-01 242 69c0e360f990c2d Martin Schwidefsky 2016-08-18 243 /* Pick the correct function code based on the key length */ 69c0e360f990c2d Martin Schwidefsky 2016-08-18 244 fc = (key_len == 16) ? CPACF_KM_AES_128 : 69c0e360f990c2d Martin Schwidefsky 2016-08-18 245 (key_len == 24) ? CPACF_KM_AES_192 : 69c0e360f990c2d Martin Schwidefsky 2016-08-18 246 (key_len == 32) ? CPACF_KM_AES_256 : 0; a9e62fadf0b02ba Herbert Xu 2006-08-21 247 69c0e360f990c2d Martin Schwidefsky 2016-08-18 248 /* Check if the function code is available */ 69c0e360f990c2d Martin Schwidefsky 2016-08-18 249 sctx->fc = (fc && cpacf_test_func(&km_functions, fc)) ? fc : 0; 69c0e360f990c2d Martin Schwidefsky 2016-08-18 250 if (!sctx->fc) 69c0e360f990c2d Martin Schwidefsky 2016-08-18 251 return setkey_fallback_blk(tfm, in_key, key_len); a9e62fadf0b02ba Herbert Xu 2006-08-21 252 69c0e360f990c2d Martin Schwidefsky 2016-08-18 253 sctx->key_len = key_len; 69c0e360f990c2d Martin Schwidefsky 2016-08-18 254 memcpy(sctx->key, in_key, key_len); 69c0e360f990c2d Martin Schwidefsky 2016-08-18 255 return 0; a9e62fadf0b02ba Herbert Xu 2006-08-21 256 } a9e62fadf0b02ba Herbert Xu 2006-08-21 257 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 258 static int ecb_aes_crypt(struct blkcipher_desc *desc, unsigned long modifier, a9e62fadf0b02ba Herbert Xu 2006-08-21 259 struct blkcipher_walk *walk) a9e62fadf0b02ba Herbert Xu 2006-08-21 260 { 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 261 struct s390_aes_ctx *sctx = crypto_blkcipher_ctx(desc->tfm); 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 262 unsigned int nbytes, n; 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 263 int ret; a9e62fadf0b02ba Herbert Xu 2006-08-21 264 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 265 ret = blkcipher_walk_virt(desc, walk); 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 266 while ((nbytes = walk->nbytes) >= AES_BLOCK_SIZE) { a9e62fadf0b02ba Herbert Xu 2006-08-21 267 /* only use complete blocks */ 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 268 n = nbytes & ~(AES_BLOCK_SIZE - 1); 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 269 cpacf_km(sctx->fc | modifier, sctx->key, 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 270 walk->dst.virt.addr, walk->src.virt.addr, n); 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 271 ret = blkcipher_walk_done(desc, walk, nbytes - n); a9e62fadf0b02ba Herbert Xu 2006-08-21 272 } a9e62fadf0b02ba Herbert Xu 2006-08-21 273 a9e62fadf0b02ba Herbert Xu 2006-08-21 274 return ret; a9e62fadf0b02ba Herbert Xu 2006-08-21 275 } a9e62fadf0b02ba Herbert Xu 2006-08-21 276 a9e62fadf0b02ba Herbert Xu 2006-08-21 277 static int ecb_aes_encrypt(struct blkcipher_desc *desc, a9e62fadf0b02ba Herbert Xu 2006-08-21 278 struct scatterlist *dst, struct scatterlist *src, a9e62fadf0b02ba Herbert Xu 2006-08-21 279 unsigned int nbytes) a9e62fadf0b02ba Herbert Xu 2006-08-21 280 { a9e62fadf0b02ba Herbert Xu 2006-08-21 281 struct s390_aes_ctx *sctx = crypto_blkcipher_ctx(desc->tfm); a9e62fadf0b02ba Herbert Xu 2006-08-21 282 struct blkcipher_walk walk; a9e62fadf0b02ba Herbert Xu 2006-08-21 283 69c0e360f990c2d Martin Schwidefsky 2016-08-18 284 if (unlikely(!sctx->fc)) b0c3e75d857f378 Sebastian Siewior 2007-12-01 285 return fallback_blk_enc(desc, dst, src, nbytes); b0c3e75d857f378 Sebastian Siewior 2007-12-01 286 a9e62fadf0b02ba Herbert Xu 2006-08-21 287 blkcipher_walk_init(&walk, dst, src, nbytes); 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 288 return ecb_aes_crypt(desc, 0, &walk); a9e62fadf0b02ba Herbert Xu 2006-08-21 289 } a9e62fadf0b02ba Herbert Xu 2006-08-21 290 a9e62fadf0b02ba Herbert Xu 2006-08-21 291 static int ecb_aes_decrypt(struct blkcipher_desc *desc, a9e62fadf0b02ba Herbert Xu 2006-08-21 292 struct scatterlist *dst, struct scatterlist *src, a9e62fadf0b02ba Herbert Xu 2006-08-21 293 unsigned int nbytes) a9e62fadf0b02ba Herbert Xu 2006-08-21 294 { a9e62fadf0b02ba Herbert Xu 2006-08-21 295 struct s390_aes_ctx *sctx = crypto_blkcipher_ctx(desc->tfm); a9e62fadf0b02ba Herbert Xu 2006-08-21 296 struct blkcipher_walk walk; a9e62fadf0b02ba Herbert Xu 2006-08-21 297 69c0e360f990c2d Martin Schwidefsky 2016-08-18 298 if (unlikely(!sctx->fc)) b0c3e75d857f378 Sebastian Siewior 2007-12-01 299 return fallback_blk_dec(desc, dst, src, nbytes); b0c3e75d857f378 Sebastian Siewior 2007-12-01 300 a9e62fadf0b02ba Herbert Xu 2006-08-21 301 blkcipher_walk_init(&walk, dst, src, nbytes); 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 302 return ecb_aes_crypt(desc, CPACF_DECRYPT, &walk); a9e62fadf0b02ba Herbert Xu 2006-08-21 303 } a9e62fadf0b02ba Herbert Xu 2006-08-21 304 b0c3e75d857f378 Sebastian Siewior 2007-12-01 305 static int fallback_init_blk(struct crypto_tfm *tfm) b0c3e75d857f378 Sebastian Siewior 2007-12-01 306 { b0c3e75d857f378 Sebastian Siewior 2007-12-01 307 const char *name = tfm->__crt_alg->cra_name; b0c3e75d857f378 Sebastian Siewior 2007-12-01 308 struct s390_aes_ctx *sctx = crypto_tfm_ctx(tfm); b0c3e75d857f378 Sebastian Siewior 2007-12-01 309 531fa5d620b1e81 Kees Cook 2018-09-18 310 sctx->fallback.blk = crypto_alloc_sync_skcipher(name, 0, 64e26807bb93b4a Herbert Xu 2016-06-29 311 CRYPTO_ALG_NEED_FALLBACK); b0c3e75d857f378 Sebastian Siewior 2007-12-01 312 b0c3e75d857f378 Sebastian Siewior 2007-12-01 313 if (IS_ERR(sctx->fallback.blk)) { 39f09392498d8ee Jan Glauber 2008-12-25 314 pr_err("Allocating AES fallback algorithm %s failed\n", 39f09392498d8ee Jan Glauber 2008-12-25 315 name); b0c3e75d857f378 Sebastian Siewior 2007-12-01 316 return PTR_ERR(sctx->fallback.blk); b0c3e75d857f378 Sebastian Siewior 2007-12-01 317 } b0c3e75d857f378 Sebastian Siewior 2007-12-01 318 b0c3e75d857f378 Sebastian Siewior 2007-12-01 319 return 0; b0c3e75d857f378 Sebastian Siewior 2007-12-01 320 } b0c3e75d857f378 Sebastian Siewior 2007-12-01 321 b0c3e75d857f378 Sebastian Siewior 2007-12-01 322 static void fallback_exit_blk(struct crypto_tfm *tfm) b0c3e75d857f378 Sebastian Siewior 2007-12-01 323 { b0c3e75d857f378 Sebastian Siewior 2007-12-01 324 struct s390_aes_ctx *sctx = crypto_tfm_ctx(tfm); b0c3e75d857f378 Sebastian Siewior 2007-12-01 325 531fa5d620b1e81 Kees Cook 2018-09-18 326 crypto_free_sync_skcipher(sctx->fallback.blk); b0c3e75d857f378 Sebastian Siewior 2007-12-01 327 } b0c3e75d857f378 Sebastian Siewior 2007-12-01 328 a9e62fadf0b02ba Herbert Xu 2006-08-21 329 static struct crypto_alg ecb_aes_alg = { a9e62fadf0b02ba Herbert Xu 2006-08-21 330 .cra_name = "ecb(aes)", a9e62fadf0b02ba Herbert Xu 2006-08-21 331 .cra_driver_name = "ecb-aes-s390", aff304e7a0e8f92 Harald Freudenberger 2018-04-05 332 .cra_priority = 401, /* combo: aes + ecb + 1 */ f67d1369665b2ce Jan Glauber 2007-05-04 333 .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER | f67d1369665b2ce Jan Glauber 2007-05-04 334 CRYPTO_ALG_NEED_FALLBACK, a9e62fadf0b02ba Herbert Xu 2006-08-21 335 .cra_blocksize = AES_BLOCK_SIZE, a9e62fadf0b02ba Herbert Xu 2006-08-21 336 .cra_ctxsize = sizeof(struct s390_aes_ctx), a9e62fadf0b02ba Herbert Xu 2006-08-21 337 .cra_type = &crypto_blkcipher_type, a9e62fadf0b02ba Herbert Xu 2006-08-21 338 .cra_module = THIS_MODULE, b0c3e75d857f378 Sebastian Siewior 2007-12-01 339 .cra_init = fallback_init_blk, b0c3e75d857f378 Sebastian Siewior 2007-12-01 340 .cra_exit = fallback_exit_blk, a9e62fadf0b02ba Herbert Xu 2006-08-21 341 .cra_u = { a9e62fadf0b02ba Herbert Xu 2006-08-21 342 .blkcipher = { a9e62fadf0b02ba Herbert Xu 2006-08-21 343 .min_keysize = AES_MIN_KEY_SIZE, a9e62fadf0b02ba Herbert Xu 2006-08-21 344 .max_keysize = AES_MAX_KEY_SIZE, a9e62fadf0b02ba Herbert Xu 2006-08-21 345 .setkey = ecb_aes_set_key, a9e62fadf0b02ba Herbert Xu 2006-08-21 346 .encrypt = ecb_aes_encrypt, a9e62fadf0b02ba Herbert Xu 2006-08-21 347 .decrypt = ecb_aes_decrypt, a9e62fadf0b02ba Herbert Xu 2006-08-21 348 } a9e62fadf0b02ba Herbert Xu 2006-08-21 349 } a9e62fadf0b02ba Herbert Xu 2006-08-21 350 }; a9e62fadf0b02ba Herbert Xu 2006-08-21 351 a9e62fadf0b02ba Herbert Xu 2006-08-21 352 static int cbc_aes_set_key(struct crypto_tfm *tfm, const u8 *in_key, a9e62fadf0b02ba Herbert Xu 2006-08-21 353 unsigned int key_len) a9e62fadf0b02ba Herbert Xu 2006-08-21 354 { a9e62fadf0b02ba Herbert Xu 2006-08-21 355 struct s390_aes_ctx *sctx = crypto_tfm_ctx(tfm); 69c0e360f990c2d Martin Schwidefsky 2016-08-18 356 unsigned long fc; b0c3e75d857f378 Sebastian Siewior 2007-12-01 357 69c0e360f990c2d Martin Schwidefsky 2016-08-18 358 /* Pick the correct function code based on the key length */ 69c0e360f990c2d Martin Schwidefsky 2016-08-18 359 fc = (key_len == 16) ? CPACF_KMC_AES_128 : 69c0e360f990c2d Martin Schwidefsky 2016-08-18 360 (key_len == 24) ? CPACF_KMC_AES_192 : 69c0e360f990c2d Martin Schwidefsky 2016-08-18 361 (key_len == 32) ? CPACF_KMC_AES_256 : 0; a9e62fadf0b02ba Herbert Xu 2006-08-21 362 69c0e360f990c2d Martin Schwidefsky 2016-08-18 363 /* Check if the function code is available */ 69c0e360f990c2d Martin Schwidefsky 2016-08-18 364 sctx->fc = (fc && cpacf_test_func(&kmc_functions, fc)) ? fc : 0; 69c0e360f990c2d Martin Schwidefsky 2016-08-18 365 if (!sctx->fc) 69c0e360f990c2d Martin Schwidefsky 2016-08-18 366 return setkey_fallback_blk(tfm, in_key, key_len); a9e62fadf0b02ba Herbert Xu 2006-08-21 367 69c0e360f990c2d Martin Schwidefsky 2016-08-18 368 sctx->key_len = key_len; 69c0e360f990c2d Martin Schwidefsky 2016-08-18 369 memcpy(sctx->key, in_key, key_len); 69c0e360f990c2d Martin Schwidefsky 2016-08-18 370 return 0; a9e62fadf0b02ba Herbert Xu 2006-08-21 371 } a9e62fadf0b02ba Herbert Xu 2006-08-21 372 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 373 static int cbc_aes_crypt(struct blkcipher_desc *desc, unsigned long modifier, a9e62fadf0b02ba Herbert Xu 2006-08-21 374 struct blkcipher_walk *walk) a9e62fadf0b02ba Herbert Xu 2006-08-21 375 { f262f0f5cad0c9e Herbert Xu 2013-11-05 376 struct s390_aes_ctx *sctx = crypto_blkcipher_ctx(desc->tfm); 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 377 unsigned int nbytes, n; 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 378 int ret; f262f0f5cad0c9e Herbert Xu 2013-11-05 379 struct { f262f0f5cad0c9e Herbert Xu 2013-11-05 380 u8 iv[AES_BLOCK_SIZE]; f262f0f5cad0c9e Herbert Xu 2013-11-05 381 u8 key[AES_MAX_KEY_SIZE]; f262f0f5cad0c9e Herbert Xu 2013-11-05 382 } param; a9e62fadf0b02ba Herbert Xu 2006-08-21 383 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 384 ret = blkcipher_walk_virt(desc, walk); f262f0f5cad0c9e Herbert Xu 2013-11-05 385 memcpy(param.iv, walk->iv, AES_BLOCK_SIZE); f262f0f5cad0c9e Herbert Xu 2013-11-05 386 memcpy(param.key, sctx->key, sctx->key_len); 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 387 while ((nbytes = walk->nbytes) >= AES_BLOCK_SIZE) { a9e62fadf0b02ba Herbert Xu 2006-08-21 388 /* only use complete blocks */ 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 389 n = nbytes & ~(AES_BLOCK_SIZE - 1); 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 390 cpacf_kmc(sctx->fc | modifier, ¶m, 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 391 walk->dst.virt.addr, walk->src.virt.addr, n); 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 392 ret = blkcipher_walk_done(desc, walk, nbytes - n); 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 393 } f262f0f5cad0c9e Herbert Xu 2013-11-05 394 memcpy(walk->iv, param.iv, AES_BLOCK_SIZE); a9e62fadf0b02ba Herbert Xu 2006-08-21 395 return ret; a9e62fadf0b02ba Herbert Xu 2006-08-21 396 } a9e62fadf0b02ba Herbert Xu 2006-08-21 397 a9e62fadf0b02ba Herbert Xu 2006-08-21 398 static int cbc_aes_encrypt(struct blkcipher_desc *desc, a9e62fadf0b02ba Herbert Xu 2006-08-21 399 struct scatterlist *dst, struct scatterlist *src, a9e62fadf0b02ba Herbert Xu 2006-08-21 400 unsigned int nbytes) a9e62fadf0b02ba Herbert Xu 2006-08-21 401 { a9e62fadf0b02ba Herbert Xu 2006-08-21 402 struct s390_aes_ctx *sctx = crypto_blkcipher_ctx(desc->tfm); a9e62fadf0b02ba Herbert Xu 2006-08-21 403 struct blkcipher_walk walk; a9e62fadf0b02ba Herbert Xu 2006-08-21 404 69c0e360f990c2d Martin Schwidefsky 2016-08-18 405 if (unlikely(!sctx->fc)) b0c3e75d857f378 Sebastian Siewior 2007-12-01 406 return fallback_blk_enc(desc, dst, src, nbytes); b0c3e75d857f378 Sebastian Siewior 2007-12-01 407 a9e62fadf0b02ba Herbert Xu 2006-08-21 408 blkcipher_walk_init(&walk, dst, src, nbytes); 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 409 return cbc_aes_crypt(desc, 0, &walk); a9e62fadf0b02ba Herbert Xu 2006-08-21 410 } a9e62fadf0b02ba Herbert Xu 2006-08-21 411 a9e62fadf0b02ba Herbert Xu 2006-08-21 412 static int cbc_aes_decrypt(struct blkcipher_desc *desc, a9e62fadf0b02ba Herbert Xu 2006-08-21 413 struct scatterlist *dst, struct scatterlist *src, a9e62fadf0b02ba Herbert Xu 2006-08-21 414 unsigned int nbytes) a9e62fadf0b02ba Herbert Xu 2006-08-21 415 { a9e62fadf0b02ba Herbert Xu 2006-08-21 416 struct s390_aes_ctx *sctx = crypto_blkcipher_ctx(desc->tfm); a9e62fadf0b02ba Herbert Xu 2006-08-21 417 struct blkcipher_walk walk; a9e62fadf0b02ba Herbert Xu 2006-08-21 418 69c0e360f990c2d Martin Schwidefsky 2016-08-18 419 if (unlikely(!sctx->fc)) b0c3e75d857f378 Sebastian Siewior 2007-12-01 420 return fallback_blk_dec(desc, dst, src, nbytes); b0c3e75d857f378 Sebastian Siewior 2007-12-01 421 a9e62fadf0b02ba Herbert Xu 2006-08-21 422 blkcipher_walk_init(&walk, dst, src, nbytes); 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 423 return cbc_aes_crypt(desc, CPACF_DECRYPT, &walk); a9e62fadf0b02ba Herbert Xu 2006-08-21 424 } a9e62fadf0b02ba Herbert Xu 2006-08-21 425 a9e62fadf0b02ba Herbert Xu 2006-08-21 426 static struct crypto_alg cbc_aes_alg = { a9e62fadf0b02ba Herbert Xu 2006-08-21 427 .cra_name = "cbc(aes)", a9e62fadf0b02ba Herbert Xu 2006-08-21 428 .cra_driver_name = "cbc-aes-s390", aff304e7a0e8f92 Harald Freudenberger 2018-04-05 429 .cra_priority = 402, /* ecb-aes-s390 + 1 */ f67d1369665b2ce Jan Glauber 2007-05-04 430 .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER | f67d1369665b2ce Jan Glauber 2007-05-04 431 CRYPTO_ALG_NEED_FALLBACK, a9e62fadf0b02ba Herbert Xu 2006-08-21 432 .cra_blocksize = AES_BLOCK_SIZE, a9e62fadf0b02ba Herbert Xu 2006-08-21 433 .cra_ctxsize = sizeof(struct s390_aes_ctx), a9e62fadf0b02ba Herbert Xu 2006-08-21 434 .cra_type = &crypto_blkcipher_type, a9e62fadf0b02ba Herbert Xu 2006-08-21 435 .cra_module = THIS_MODULE, b0c3e75d857f378 Sebastian Siewior 2007-12-01 436 .cra_init = fallback_init_blk, b0c3e75d857f378 Sebastian Siewior 2007-12-01 437 .cra_exit = fallback_exit_blk, a9e62fadf0b02ba Herbert Xu 2006-08-21 438 .cra_u = { a9e62fadf0b02ba Herbert Xu 2006-08-21 439 .blkcipher = { a9e62fadf0b02ba Herbert Xu 2006-08-21 440 .min_keysize = AES_MIN_KEY_SIZE, a9e62fadf0b02ba Herbert Xu 2006-08-21 441 .max_keysize = AES_MAX_KEY_SIZE, a9e62fadf0b02ba Herbert Xu 2006-08-21 442 .ivsize = AES_BLOCK_SIZE, a9e62fadf0b02ba Herbert Xu 2006-08-21 443 .setkey = cbc_aes_set_key, a9e62fadf0b02ba Herbert Xu 2006-08-21 444 .encrypt = cbc_aes_encrypt, a9e62fadf0b02ba Herbert Xu 2006-08-21 445 .decrypt = cbc_aes_decrypt, a9e62fadf0b02ba Herbert Xu 2006-08-21 446 } a9e62fadf0b02ba Herbert Xu 2006-08-21 447 } a9e62fadf0b02ba Herbert Xu 2006-08-21 448 }; a9e62fadf0b02ba Herbert Xu 2006-08-21 449 99d97222150a24e Gerald Schaefer 2011-04-26 450 static int xts_fallback_setkey(struct crypto_tfm *tfm, const u8 *key, 99d97222150a24e Gerald Schaefer 2011-04-26 451 unsigned int len) 99d97222150a24e Gerald Schaefer 2011-04-26 452 { 99d97222150a24e Gerald Schaefer 2011-04-26 453 struct s390_xts_ctx *xts_ctx = crypto_tfm_ctx(tfm); 99d97222150a24e Gerald Schaefer 2011-04-26 454 unsigned int ret; 99d97222150a24e Gerald Schaefer 2011-04-26 455 531fa5d620b1e81 Kees Cook 2018-09-18 456 crypto_sync_skcipher_clear_flags(xts_ctx->fallback, 531fa5d620b1e81 Kees Cook 2018-09-18 457 CRYPTO_TFM_REQ_MASK); 531fa5d620b1e81 Kees Cook 2018-09-18 458 crypto_sync_skcipher_set_flags(xts_ctx->fallback, tfm->crt_flags & 99d97222150a24e Gerald Schaefer 2011-04-26 459 CRYPTO_TFM_REQ_MASK); 99d97222150a24e Gerald Schaefer 2011-04-26 460 531fa5d620b1e81 Kees Cook 2018-09-18 461 ret = crypto_sync_skcipher_setkey(xts_ctx->fallback, key, len); 64e26807bb93b4a Herbert Xu 2016-06-29 462 99d97222150a24e Gerald Schaefer 2011-04-26 463 tfm->crt_flags &= ~CRYPTO_TFM_RES_MASK; 531fa5d620b1e81 Kees Cook 2018-09-18 464 tfm->crt_flags |= crypto_sync_skcipher_get_flags(xts_ctx->fallback) & 64e26807bb93b4a Herbert Xu 2016-06-29 465 CRYPTO_TFM_RES_MASK; 64e26807bb93b4a Herbert Xu 2016-06-29 466 99d97222150a24e Gerald Schaefer 2011-04-26 467 return ret; 99d97222150a24e Gerald Schaefer 2011-04-26 468 } 99d97222150a24e Gerald Schaefer 2011-04-26 469 99d97222150a24e Gerald Schaefer 2011-04-26 470 static int xts_fallback_decrypt(struct blkcipher_desc *desc, 99d97222150a24e Gerald Schaefer 2011-04-26 471 struct scatterlist *dst, struct scatterlist *src, 99d97222150a24e Gerald Schaefer 2011-04-26 472 unsigned int nbytes) 99d97222150a24e Gerald Schaefer 2011-04-26 473 { 64e26807bb93b4a Herbert Xu 2016-06-29 474 struct crypto_blkcipher *tfm = desc->tfm; 64e26807bb93b4a Herbert Xu 2016-06-29 475 struct s390_xts_ctx *xts_ctx = crypto_blkcipher_ctx(tfm); 531fa5d620b1e81 Kees Cook 2018-09-18 476 SYNC_SKCIPHER_REQUEST_ON_STACK(req, xts_ctx->fallback); 99d97222150a24e Gerald Schaefer 2011-04-26 477 unsigned int ret; 99d97222150a24e Gerald Schaefer 2011-04-26 478 531fa5d620b1e81 Kees Cook 2018-09-18 479 skcipher_request_set_sync_tfm(req, xts_ctx->fallback); 64e26807bb93b4a Herbert Xu 2016-06-29 480 skcipher_request_set_callback(req, desc->flags, NULL, NULL); 64e26807bb93b4a Herbert Xu 2016-06-29 481 skcipher_request_set_crypt(req, src, dst, nbytes, desc->info); 99d97222150a24e Gerald Schaefer 2011-04-26 482 64e26807bb93b4a Herbert Xu 2016-06-29 483 ret = crypto_skcipher_decrypt(req); 99d97222150a24e Gerald Schaefer 2011-04-26 484 64e26807bb93b4a Herbert Xu 2016-06-29 485 skcipher_request_zero(req); 99d97222150a24e Gerald Schaefer 2011-04-26 486 return ret; 99d97222150a24e Gerald Schaefer 2011-04-26 487 } 99d97222150a24e Gerald Schaefer 2011-04-26 488 99d97222150a24e Gerald Schaefer 2011-04-26 489 static int xts_fallback_encrypt(struct blkcipher_desc *desc, 99d97222150a24e Gerald Schaefer 2011-04-26 490 struct scatterlist *dst, struct scatterlist *src, 99d97222150a24e Gerald Schaefer 2011-04-26 491 unsigned int nbytes) 99d97222150a24e Gerald Schaefer 2011-04-26 492 { 64e26807bb93b4a Herbert Xu 2016-06-29 493 struct crypto_blkcipher *tfm = desc->tfm; 64e26807bb93b4a Herbert Xu 2016-06-29 494 struct s390_xts_ctx *xts_ctx = crypto_blkcipher_ctx(tfm); 531fa5d620b1e81 Kees Cook 2018-09-18 495 SYNC_SKCIPHER_REQUEST_ON_STACK(req, xts_ctx->fallback); 99d97222150a24e Gerald Schaefer 2011-04-26 496 unsigned int ret; 99d97222150a24e Gerald Schaefer 2011-04-26 497 531fa5d620b1e81 Kees Cook 2018-09-18 498 skcipher_request_set_sync_tfm(req, xts_ctx->fallback); 64e26807bb93b4a Herbert Xu 2016-06-29 499 skcipher_request_set_callback(req, desc->flags, NULL, NULL); 64e26807bb93b4a Herbert Xu 2016-06-29 500 skcipher_request_set_crypt(req, src, dst, nbytes, desc->info); 99d97222150a24e Gerald Schaefer 2011-04-26 501 64e26807bb93b4a Herbert Xu 2016-06-29 502 ret = crypto_skcipher_encrypt(req); 99d97222150a24e Gerald Schaefer 2011-04-26 503 64e26807bb93b4a Herbert Xu 2016-06-29 504 skcipher_request_zero(req); 99d97222150a24e Gerald Schaefer 2011-04-26 505 return ret; 99d97222150a24e Gerald Schaefer 2011-04-26 506 } 99d97222150a24e Gerald Schaefer 2011-04-26 507 99d97222150a24e Gerald Schaefer 2011-04-26 508 static int xts_aes_set_key(struct crypto_tfm *tfm, const u8 *in_key, 99d97222150a24e Gerald Schaefer 2011-04-26 509 unsigned int key_len) 99d97222150a24e Gerald Schaefer 2011-04-26 510 { 99d97222150a24e Gerald Schaefer 2011-04-26 511 struct s390_xts_ctx *xts_ctx = crypto_tfm_ctx(tfm); 69c0e360f990c2d Martin Schwidefsky 2016-08-18 512 unsigned long fc; 28856a9e52c7cac Stephan Mueller 2016-02-09 513 int err; 28856a9e52c7cac Stephan Mueller 2016-02-09 514 28856a9e52c7cac Stephan Mueller 2016-02-09 515 err = xts_check_key(tfm, in_key, key_len); 28856a9e52c7cac Stephan Mueller 2016-02-09 516 if (err) 28856a9e52c7cac Stephan Mueller 2016-02-09 517 return err; 99d97222150a24e Gerald Schaefer 2011-04-26 518 a4f2779ecf2f42b Harald Freudenberger 2016-12-15 519 /* In fips mode only 128 bit or 256 bit keys are valid */ a4f2779ecf2f42b Harald Freudenberger 2016-12-15 520 if (fips_enabled && key_len != 32 && key_len != 64) { a4f2779ecf2f42b Harald Freudenberger 2016-12-15 521 tfm->crt_flags |= CRYPTO_TFM_RES_BAD_KEY_LEN; a4f2779ecf2f42b Harald Freudenberger 2016-12-15 522 return -EINVAL; a4f2779ecf2f42b Harald Freudenberger 2016-12-15 523 } a4f2779ecf2f42b Harald Freudenberger 2016-12-15 524 69c0e360f990c2d Martin Schwidefsky 2016-08-18 525 /* Pick the correct function code based on the key length */ 69c0e360f990c2d Martin Schwidefsky 2016-08-18 526 fc = (key_len == 32) ? CPACF_KM_XTS_128 : 69c0e360f990c2d Martin Schwidefsky 2016-08-18 527 (key_len == 64) ? CPACF_KM_XTS_256 : 0; 69c0e360f990c2d Martin Schwidefsky 2016-08-18 528 69c0e360f990c2d Martin Schwidefsky 2016-08-18 529 /* Check if the function code is available */ 69c0e360f990c2d Martin Schwidefsky 2016-08-18 530 xts_ctx->fc = (fc && cpacf_test_func(&km_functions, fc)) ? fc : 0; 69c0e360f990c2d Martin Schwidefsky 2016-08-18 531 if (!xts_ctx->fc) 69c0e360f990c2d Martin Schwidefsky 2016-08-18 532 return xts_fallback_setkey(tfm, in_key, key_len); 69c0e360f990c2d Martin Schwidefsky 2016-08-18 533 69c0e360f990c2d Martin Schwidefsky 2016-08-18 534 /* Split the XTS key into the two subkeys */ 69c0e360f990c2d Martin Schwidefsky 2016-08-18 535 key_len = key_len / 2; 99d97222150a24e Gerald Schaefer 2011-04-26 536 xts_ctx->key_len = key_len; 69c0e360f990c2d Martin Schwidefsky 2016-08-18 537 memcpy(xts_ctx->key, in_key, key_len); 69c0e360f990c2d Martin Schwidefsky 2016-08-18 538 memcpy(xts_ctx->pcc_key, in_key + key_len, key_len); 99d97222150a24e Gerald Schaefer 2011-04-26 539 return 0; 99d97222150a24e Gerald Schaefer 2011-04-26 540 } 99d97222150a24e Gerald Schaefer 2011-04-26 541 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 542 static int xts_aes_crypt(struct blkcipher_desc *desc, unsigned long modifier, 99d97222150a24e Gerald Schaefer 2011-04-26 543 struct blkcipher_walk *walk) 99d97222150a24e Gerald Schaefer 2011-04-26 544 { 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 545 struct s390_xts_ctx *xts_ctx = crypto_blkcipher_ctx(desc->tfm); 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 546 unsigned int offset, nbytes, n; 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 547 int ret; 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 548 struct { 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 549 u8 key[32]; 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 550 u8 tweak[16]; 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 551 u8 block[16]; 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 552 u8 bit[16]; 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 553 u8 xts[16]; 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 554 } pcc_param; 9dda2769af4f3f3 Gerald Schaefer 2013-11-19 555 struct { 9dda2769af4f3f3 Gerald Schaefer 2013-11-19 556 u8 key[32]; 9dda2769af4f3f3 Gerald Schaefer 2013-11-19 557 u8 init[16]; 9dda2769af4f3f3 Gerald Schaefer 2013-11-19 558 } xts_param; 99d97222150a24e Gerald Schaefer 2011-04-26 559 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 560 ret = blkcipher_walk_virt(desc, walk); 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 561 offset = xts_ctx->key_len & 0x10; 9dda2769af4f3f3 Gerald Schaefer 2013-11-19 562 memset(pcc_param.block, 0, sizeof(pcc_param.block)); 9dda2769af4f3f3 Gerald Schaefer 2013-11-19 563 memset(pcc_param.bit, 0, sizeof(pcc_param.bit)); 9dda2769af4f3f3 Gerald Schaefer 2013-11-19 564 memset(pcc_param.xts, 0, sizeof(pcc_param.xts)); 9dda2769af4f3f3 Gerald Schaefer 2013-11-19 565 memcpy(pcc_param.tweak, walk->iv, sizeof(pcc_param.tweak)); 69c0e360f990c2d Martin Schwidefsky 2016-08-18 566 memcpy(pcc_param.key + offset, xts_ctx->pcc_key, xts_ctx->key_len); 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 567 cpacf_pcc(xts_ctx->fc, pcc_param.key + offset); 99d97222150a24e Gerald Schaefer 2011-04-26 568 69c0e360f990c2d Martin Schwidefsky 2016-08-18 569 memcpy(xts_param.key + offset, xts_ctx->key, xts_ctx->key_len); 9dda2769af4f3f3 Gerald Schaefer 2013-11-19 570 memcpy(xts_param.init, pcc_param.xts, 16); 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 571 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 572 while ((nbytes = walk->nbytes) >= AES_BLOCK_SIZE) { 99d97222150a24e Gerald Schaefer 2011-04-26 573 /* only use complete blocks */ 99d97222150a24e Gerald Schaefer 2011-04-26 574 n = nbytes & ~(AES_BLOCK_SIZE - 1); 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 575 cpacf_km(xts_ctx->fc | modifier, xts_param.key + offset, 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 576 walk->dst.virt.addr, walk->src.virt.addr, n); 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 577 ret = blkcipher_walk_done(desc, walk, nbytes - n); 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 578 } 99d97222150a24e Gerald Schaefer 2011-04-26 579 return ret; 99d97222150a24e Gerald Schaefer 2011-04-26 580 } 99d97222150a24e Gerald Schaefer 2011-04-26 581 99d97222150a24e Gerald Schaefer 2011-04-26 582 static int xts_aes_encrypt(struct blkcipher_desc *desc, 99d97222150a24e Gerald Schaefer 2011-04-26 583 struct scatterlist *dst, struct scatterlist *src, 99d97222150a24e Gerald Schaefer 2011-04-26 584 unsigned int nbytes) 99d97222150a24e Gerald Schaefer 2011-04-26 585 { 99d97222150a24e Gerald Schaefer 2011-04-26 586 struct s390_xts_ctx *xts_ctx = crypto_blkcipher_ctx(desc->tfm); 99d97222150a24e Gerald Schaefer 2011-04-26 587 struct blkcipher_walk walk; 99d97222150a24e Gerald Schaefer 2011-04-26 588 69c0e360f990c2d Martin Schwidefsky 2016-08-18 589 if (unlikely(!xts_ctx->fc)) 99d97222150a24e Gerald Schaefer 2011-04-26 590 return xts_fallback_encrypt(desc, dst, src, nbytes); 99d97222150a24e Gerald Schaefer 2011-04-26 591 99d97222150a24e Gerald Schaefer 2011-04-26 592 blkcipher_walk_init(&walk, dst, src, nbytes); 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 593 return xts_aes_crypt(desc, 0, &walk); 99d97222150a24e Gerald Schaefer 2011-04-26 594 } 99d97222150a24e Gerald Schaefer 2011-04-26 595 99d97222150a24e Gerald Schaefer 2011-04-26 596 static int xts_aes_decrypt(struct blkcipher_desc *desc, 99d97222150a24e Gerald Schaefer 2011-04-26 597 struct scatterlist *dst, struct scatterlist *src, 99d97222150a24e Gerald Schaefer 2011-04-26 598 unsigned int nbytes) 99d97222150a24e Gerald Schaefer 2011-04-26 599 { 99d97222150a24e Gerald Schaefer 2011-04-26 600 struct s390_xts_ctx *xts_ctx = crypto_blkcipher_ctx(desc->tfm); 99d97222150a24e Gerald Schaefer 2011-04-26 601 struct blkcipher_walk walk; 99d97222150a24e Gerald Schaefer 2011-04-26 602 69c0e360f990c2d Martin Schwidefsky 2016-08-18 603 if (unlikely(!xts_ctx->fc)) 99d97222150a24e Gerald Schaefer 2011-04-26 604 return xts_fallback_decrypt(desc, dst, src, nbytes); 99d97222150a24e Gerald Schaefer 2011-04-26 605 99d97222150a24e Gerald Schaefer 2011-04-26 606 blkcipher_walk_init(&walk, dst, src, nbytes); 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 607 return xts_aes_crypt(desc, CPACF_DECRYPT, &walk); 99d97222150a24e Gerald Schaefer 2011-04-26 608 } 99d97222150a24e Gerald Schaefer 2011-04-26 609 99d97222150a24e Gerald Schaefer 2011-04-26 610 static int xts_fallback_init(struct crypto_tfm *tfm) 99d97222150a24e Gerald Schaefer 2011-04-26 611 { 99d97222150a24e Gerald Schaefer 2011-04-26 612 const char *name = tfm->__crt_alg->cra_name; 99d97222150a24e Gerald Schaefer 2011-04-26 613 struct s390_xts_ctx *xts_ctx = crypto_tfm_ctx(tfm); 99d97222150a24e Gerald Schaefer 2011-04-26 614 531fa5d620b1e81 Kees Cook 2018-09-18 615 xts_ctx->fallback = crypto_alloc_sync_skcipher(name, 0, 64e26807bb93b4a Herbert Xu 2016-06-29 616 CRYPTO_ALG_NEED_FALLBACK); 99d97222150a24e Gerald Schaefer 2011-04-26 617 99d97222150a24e Gerald Schaefer 2011-04-26 618 if (IS_ERR(xts_ctx->fallback)) { 99d97222150a24e Gerald Schaefer 2011-04-26 619 pr_err("Allocating XTS fallback algorithm %s failed\n", 99d97222150a24e Gerald Schaefer 2011-04-26 620 name); 99d97222150a24e Gerald Schaefer 2011-04-26 621 return PTR_ERR(xts_ctx->fallback); 99d97222150a24e Gerald Schaefer 2011-04-26 622 } 99d97222150a24e Gerald Schaefer 2011-04-26 623 return 0; 99d97222150a24e Gerald Schaefer 2011-04-26 624 } 99d97222150a24e Gerald Schaefer 2011-04-26 625 99d97222150a24e Gerald Schaefer 2011-04-26 626 static void xts_fallback_exit(struct crypto_tfm *tfm) 99d97222150a24e Gerald Schaefer 2011-04-26 627 { 99d97222150a24e Gerald Schaefer 2011-04-26 628 struct s390_xts_ctx *xts_ctx = crypto_tfm_ctx(tfm); 99d97222150a24e Gerald Schaefer 2011-04-26 629 531fa5d620b1e81 Kees Cook 2018-09-18 630 crypto_free_sync_skcipher(xts_ctx->fallback); 99d97222150a24e Gerald Schaefer 2011-04-26 631 } 99d97222150a24e Gerald Schaefer 2011-04-26 632 99d97222150a24e Gerald Schaefer 2011-04-26 633 static struct crypto_alg xts_aes_alg = { 99d97222150a24e Gerald Schaefer 2011-04-26 634 .cra_name = "xts(aes)", 99d97222150a24e Gerald Schaefer 2011-04-26 635 .cra_driver_name = "xts-aes-s390", aff304e7a0e8f92 Harald Freudenberger 2018-04-05 636 .cra_priority = 402, /* ecb-aes-s390 + 1 */ 99d97222150a24e Gerald Schaefer 2011-04-26 637 .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER | 99d97222150a24e Gerald Schaefer 2011-04-26 638 CRYPTO_ALG_NEED_FALLBACK, 99d97222150a24e Gerald Schaefer 2011-04-26 639 .cra_blocksize = AES_BLOCK_SIZE, 99d97222150a24e Gerald Schaefer 2011-04-26 640 .cra_ctxsize = sizeof(struct s390_xts_ctx), 99d97222150a24e Gerald Schaefer 2011-04-26 641 .cra_type = &crypto_blkcipher_type, 99d97222150a24e Gerald Schaefer 2011-04-26 642 .cra_module = THIS_MODULE, 99d97222150a24e Gerald Schaefer 2011-04-26 643 .cra_init = xts_fallback_init, 99d97222150a24e Gerald Schaefer 2011-04-26 644 .cra_exit = xts_fallback_exit, 99d97222150a24e Gerald Schaefer 2011-04-26 645 .cra_u = { 99d97222150a24e Gerald Schaefer 2011-04-26 646 .blkcipher = { 99d97222150a24e Gerald Schaefer 2011-04-26 647 .min_keysize = 2 * AES_MIN_KEY_SIZE, 99d97222150a24e Gerald Schaefer 2011-04-26 648 .max_keysize = 2 * AES_MAX_KEY_SIZE, 99d97222150a24e Gerald Schaefer 2011-04-26 649 .ivsize = AES_BLOCK_SIZE, 99d97222150a24e Gerald Schaefer 2011-04-26 650 .setkey = xts_aes_set_key, 99d97222150a24e Gerald Schaefer 2011-04-26 651 .encrypt = xts_aes_encrypt, 99d97222150a24e Gerald Schaefer 2011-04-26 652 .decrypt = xts_aes_decrypt, 99d97222150a24e Gerald Schaefer 2011-04-26 653 } 99d97222150a24e Gerald Schaefer 2011-04-26 654 } 99d97222150a24e Gerald Schaefer 2011-04-26 655 }; 99d97222150a24e Gerald Schaefer 2011-04-26 656 0200f3ecc19660b Gerald Schaefer 2011-05-04 657 static int ctr_aes_set_key(struct crypto_tfm *tfm, const u8 *in_key, 0200f3ecc19660b Gerald Schaefer 2011-05-04 658 unsigned int key_len) 0200f3ecc19660b Gerald Schaefer 2011-05-04 659 { 0200f3ecc19660b Gerald Schaefer 2011-05-04 660 struct s390_aes_ctx *sctx = crypto_tfm_ctx(tfm); 69c0e360f990c2d Martin Schwidefsky 2016-08-18 661 unsigned long fc; 0200f3ecc19660b Gerald Schaefer 2011-05-04 662 69c0e360f990c2d Martin Schwidefsky 2016-08-18 663 /* Pick the correct function code based on the key length */ 69c0e360f990c2d Martin Schwidefsky 2016-08-18 664 fc = (key_len == 16) ? CPACF_KMCTR_AES_128 : 69c0e360f990c2d Martin Schwidefsky 2016-08-18 665 (key_len == 24) ? CPACF_KMCTR_AES_192 : 69c0e360f990c2d Martin Schwidefsky 2016-08-18 666 (key_len == 32) ? CPACF_KMCTR_AES_256 : 0; 69c0e360f990c2d Martin Schwidefsky 2016-08-18 667 69c0e360f990c2d Martin Schwidefsky 2016-08-18 668 /* Check if the function code is available */ 69c0e360f990c2d Martin Schwidefsky 2016-08-18 669 sctx->fc = (fc && cpacf_test_func(&kmctr_functions, fc)) ? fc : 0; 69c0e360f990c2d Martin Schwidefsky 2016-08-18 670 if (!sctx->fc) 69c0e360f990c2d Martin Schwidefsky 2016-08-18 671 return setkey_fallback_blk(tfm, in_key, key_len); 0200f3ecc19660b Gerald Schaefer 2011-05-04 672 69c0e360f990c2d Martin Schwidefsky 2016-08-18 673 sctx->key_len = key_len; 69c0e360f990c2d Martin Schwidefsky 2016-08-18 674 memcpy(sctx->key, in_key, key_len); 69c0e360f990c2d Martin Schwidefsky 2016-08-18 675 return 0; 0200f3ecc19660b Gerald Schaefer 2011-05-04 676 } 0200f3ecc19660b Gerald Schaefer 2011-05-04 677 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 678 static unsigned int __ctrblk_init(u8 *ctrptr, u8 *iv, unsigned int nbytes) 0519e9ad89e5cd6 Harald Freudenberger 2014-01-16 679 { 0519e9ad89e5cd6 Harald Freudenberger 2014-01-16 680 unsigned int i, n; 0519e9ad89e5cd6 Harald Freudenberger 2014-01-16 681 0519e9ad89e5cd6 Harald Freudenberger 2014-01-16 682 /* only use complete blocks, max. PAGE_SIZE */ 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 683 memcpy(ctrptr, iv, AES_BLOCK_SIZE); 0519e9ad89e5cd6 Harald Freudenberger 2014-01-16 684 n = (nbytes > PAGE_SIZE) ? PAGE_SIZE : nbytes & ~(AES_BLOCK_SIZE - 1); 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 685 for (i = (n / AES_BLOCK_SIZE) - 1; i > 0; i--) { 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 686 memcpy(ctrptr + AES_BLOCK_SIZE, ctrptr, AES_BLOCK_SIZE); 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 687 crypto_inc(ctrptr + AES_BLOCK_SIZE, AES_BLOCK_SIZE); 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 688 ctrptr += AES_BLOCK_SIZE; 0519e9ad89e5cd6 Harald Freudenberger 2014-01-16 689 } 0519e9ad89e5cd6 Harald Freudenberger 2014-01-16 690 return n; 0519e9ad89e5cd6 Harald Freudenberger 2014-01-16 691 } 0519e9ad89e5cd6 Harald Freudenberger 2014-01-16 692 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 693 static int ctr_aes_crypt(struct blkcipher_desc *desc, unsigned long modifier, 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 694 struct blkcipher_walk *walk) 0200f3ecc19660b Gerald Schaefer 2011-05-04 695 { 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 696 struct s390_aes_ctx *sctx = crypto_blkcipher_ctx(desc->tfm); 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 697 u8 buf[AES_BLOCK_SIZE], *ctrptr; 0519e9ad89e5cd6 Harald Freudenberger 2014-01-16 698 unsigned int n, nbytes; 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 699 int ret, locked; 0200f3ecc19660b Gerald Schaefer 2011-05-04 700 1c2c7029c008922 Harald Freudenberger 2019-05-27 701 locked = mutex_trylock(&ctrblk_lock); 0200f3ecc19660b Gerald Schaefer 2011-05-04 702 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 703 ret = blkcipher_walk_virt_block(desc, walk, AES_BLOCK_SIZE); 0200f3ecc19660b Gerald Schaefer 2011-05-04 704 while ((nbytes = walk->nbytes) >= AES_BLOCK_SIZE) { 0519e9ad89e5cd6 Harald Freudenberger 2014-01-16 705 n = AES_BLOCK_SIZE; 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 706 if (nbytes >= 2*AES_BLOCK_SIZE && locked) 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 707 n = __ctrblk_init(ctrblk, walk->iv, nbytes); 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 708 ctrptr = (n > AES_BLOCK_SIZE) ? ctrblk : walk->iv; 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 709 cpacf_kmctr(sctx->fc | modifier, sctx->key, 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 710 walk->dst.virt.addr, walk->src.virt.addr, 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 711 n, ctrptr); 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 712 if (ctrptr == ctrblk) 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 713 memcpy(walk->iv, ctrptr + n - AES_BLOCK_SIZE, 0200f3ecc19660b Gerald Schaefer 2011-05-04 714 AES_BLOCK_SIZE); 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 715 crypto_inc(walk->iv, AES_BLOCK_SIZE); 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 716 ret = blkcipher_walk_done(desc, walk, nbytes - n); 0519e9ad89e5cd6 Harald Freudenberger 2014-01-16 717 } 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 718 if (locked) 1c2c7029c008922 Harald Freudenberger 2019-05-27 719 mutex_unlock(&ctrblk_lock); 0200f3ecc19660b Gerald Schaefer 2011-05-04 720 /* 0200f3ecc19660b Gerald Schaefer 2011-05-04 721 * final block may be < AES_BLOCK_SIZE, copy only nbytes 0200f3ecc19660b Gerald Schaefer 2011-05-04 722 */ 0200f3ecc19660b Gerald Schaefer 2011-05-04 723 if (nbytes) { 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 724 cpacf_kmctr(sctx->fc | modifier, sctx->key, 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 725 buf, walk->src.virt.addr, 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 726 AES_BLOCK_SIZE, walk->iv); 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 727 memcpy(walk->dst.virt.addr, buf, nbytes); 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 728 crypto_inc(walk->iv, AES_BLOCK_SIZE); 0200f3ecc19660b Gerald Schaefer 2011-05-04 729 ret = blkcipher_walk_done(desc, walk, 0); 0200f3ecc19660b Gerald Schaefer 2011-05-04 730 } 0519e9ad89e5cd6 Harald Freudenberger 2014-01-16 731 0200f3ecc19660b Gerald Schaefer 2011-05-04 732 return ret; 0200f3ecc19660b Gerald Schaefer 2011-05-04 733 } 0200f3ecc19660b Gerald Schaefer 2011-05-04 734 0200f3ecc19660b Gerald Schaefer 2011-05-04 735 static int ctr_aes_encrypt(struct blkcipher_desc *desc, 0200f3ecc19660b Gerald Schaefer 2011-05-04 736 struct scatterlist *dst, struct scatterlist *src, 0200f3ecc19660b Gerald Schaefer 2011-05-04 737 unsigned int nbytes) 0200f3ecc19660b Gerald Schaefer 2011-05-04 738 { 0200f3ecc19660b Gerald Schaefer 2011-05-04 739 struct s390_aes_ctx *sctx = crypto_blkcipher_ctx(desc->tfm); 0200f3ecc19660b Gerald Schaefer 2011-05-04 740 struct blkcipher_walk walk; 0200f3ecc19660b Gerald Schaefer 2011-05-04 741 69c0e360f990c2d Martin Schwidefsky 2016-08-18 742 if (unlikely(!sctx->fc)) 69c0e360f990c2d Martin Schwidefsky 2016-08-18 743 return fallback_blk_enc(desc, dst, src, nbytes); 69c0e360f990c2d Martin Schwidefsky 2016-08-18 744 0200f3ecc19660b Gerald Schaefer 2011-05-04 745 blkcipher_walk_init(&walk, dst, src, nbytes); 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 746 return ctr_aes_crypt(desc, 0, &walk); 0200f3ecc19660b Gerald Schaefer 2011-05-04 747 } 0200f3ecc19660b Gerald Schaefer 2011-05-04 748 0200f3ecc19660b Gerald Schaefer 2011-05-04 749 static int ctr_aes_decrypt(struct blkcipher_desc *desc, 0200f3ecc19660b Gerald Schaefer 2011-05-04 750 struct scatterlist *dst, struct scatterlist *src, 0200f3ecc19660b Gerald Schaefer 2011-05-04 751 unsigned int nbytes) 0200f3ecc19660b Gerald Schaefer 2011-05-04 752 { 0200f3ecc19660b Gerald Schaefer 2011-05-04 753 struct s390_aes_ctx *sctx = crypto_blkcipher_ctx(desc->tfm); 0200f3ecc19660b Gerald Schaefer 2011-05-04 754 struct blkcipher_walk walk; 0200f3ecc19660b Gerald Schaefer 2011-05-04 755 69c0e360f990c2d Martin Schwidefsky 2016-08-18 756 if (unlikely(!sctx->fc)) 69c0e360f990c2d Martin Schwidefsky 2016-08-18 757 return fallback_blk_dec(desc, dst, src, nbytes); 69c0e360f990c2d Martin Schwidefsky 2016-08-18 758 0200f3ecc19660b Gerald Schaefer 2011-05-04 759 blkcipher_walk_init(&walk, dst, src, nbytes); 7bac4f5b8e3a607 Martin Schwidefsky 2016-08-15 760 return ctr_aes_crypt(desc, CPACF_DECRYPT, &walk); 0200f3ecc19660b Gerald Schaefer 2011-05-04 761 } 0200f3ecc19660b Gerald Schaefer 2011-05-04 762 0200f3ecc19660b Gerald Schaefer 2011-05-04 763 static struct crypto_alg ctr_aes_alg = { 0200f3ecc19660b Gerald Schaefer 2011-05-04 764 .cra_name = "ctr(aes)", 0200f3ecc19660b Gerald Schaefer 2011-05-04 765 .cra_driver_name = "ctr-aes-s390", aff304e7a0e8f92 Harald Freudenberger 2018-04-05 766 .cra_priority = 402, /* ecb-aes-s390 + 1 */ 69c0e360f990c2d Martin Schwidefsky 2016-08-18 767 .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER | 69c0e360f990c2d Martin Schwidefsky 2016-08-18 768 CRYPTO_ALG_NEED_FALLBACK, 0200f3ecc19660b Gerald Schaefer 2011-05-04 769 .cra_blocksize = 1, 0200f3ecc19660b Gerald Schaefer 2011-05-04 770 .cra_ctxsize = sizeof(struct s390_aes_ctx), 0200f3ecc19660b Gerald Schaefer 2011-05-04 771 .cra_type = &crypto_blkcipher_type, 0200f3ecc19660b Gerald Schaefer 2011-05-04 772 .cra_module = THIS_MODULE, 69c0e360f990c2d Martin Schwidefsky 2016-08-18 773 .cra_init = fallback_init_blk, 69c0e360f990c2d Martin Schwidefsky 2016-08-18 774 .cra_exit = fallback_exit_blk, 0200f3ecc19660b Gerald Schaefer 2011-05-04 775 .cra_u = { 0200f3ecc19660b Gerald Schaefer 2011-05-04 776 .blkcipher = { 0200f3ecc19660b Gerald Schaefer 2011-05-04 777 .min_keysize = AES_MIN_KEY_SIZE, 0200f3ecc19660b Gerald Schaefer 2011-05-04 778 .max_keysize = AES_MAX_KEY_SIZE, 0200f3ecc19660b Gerald Schaefer 2011-05-04 779 .ivsize = AES_BLOCK_SIZE, 0200f3ecc19660b Gerald Schaefer 2011-05-04 780 .setkey = ctr_aes_set_key, 0200f3ecc19660b Gerald Schaefer 2011-05-04 781 .encrypt = ctr_aes_encrypt, 0200f3ecc19660b Gerald Schaefer 2011-05-04 782 .decrypt = ctr_aes_decrypt, 0200f3ecc19660b Gerald Schaefer 2011-05-04 783 } 0200f3ecc19660b Gerald Schaefer 2011-05-04 784 } 0200f3ecc19660b Gerald Schaefer 2011-05-04 785 }; 0200f3ecc19660b Gerald Schaefer 2011-05-04 786 bf7fa038707c4c7 Harald Freudenberger 2017-09-18 787 static int gcm_aes_setkey(struct crypto_aead *tfm, const u8 *key, bf7fa038707c4c7 Harald Freudenberger 2017-09-18 788 unsigned int keylen) bf7fa038707c4c7 Harald Freudenberger 2017-09-18 789 { bf7fa038707c4c7 Harald Freudenberger 2017-09-18 790 struct s390_aes_ctx *ctx = crypto_aead_ctx(tfm); bf7fa038707c4c7 Harald Freudenberger 2017-09-18 791 bf7fa038707c4c7 Harald Freudenberger 2017-09-18 792 switch (keylen) { bf7fa038707c4c7 Harald Freudenberger 2017-09-18 793 case AES_KEYSIZE_128: bf7fa038707c4c7 Harald Freudenberger 2017-09-18 794 ctx->fc = CPACF_KMA_GCM_AES_128; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 795 break; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 796 case AES_KEYSIZE_192: bf7fa038707c4c7 Harald Freudenberger 2017-09-18 797 ctx->fc = CPACF_KMA_GCM_AES_192; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 798 break; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 799 case AES_KEYSIZE_256: bf7fa038707c4c7 Harald Freudenberger 2017-09-18 800 ctx->fc = CPACF_KMA_GCM_AES_256; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 801 break; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 802 default: bf7fa038707c4c7 Harald Freudenberger 2017-09-18 803 return -EINVAL; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 804 } bf7fa038707c4c7 Harald Freudenberger 2017-09-18 805 bf7fa038707c4c7 Harald Freudenberger 2017-09-18 806 memcpy(ctx->key, key, keylen); bf7fa038707c4c7 Harald Freudenberger 2017-09-18 807 ctx->key_len = keylen; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 808 return 0; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 809 } bf7fa038707c4c7 Harald Freudenberger 2017-09-18 810 bf7fa038707c4c7 Harald Freudenberger 2017-09-18 811 static int gcm_aes_setauthsize(struct crypto_aead *tfm, unsigned int authsize) bf7fa038707c4c7 Harald Freudenberger 2017-09-18 812 { bf7fa038707c4c7 Harald Freudenberger 2017-09-18 813 switch (authsize) { bf7fa038707c4c7 Harald Freudenberger 2017-09-18 814 case 4: bf7fa038707c4c7 Harald Freudenberger 2017-09-18 815 case 8: bf7fa038707c4c7 Harald Freudenberger 2017-09-18 816 case 12: bf7fa038707c4c7 Harald Freudenberger 2017-09-18 817 case 13: bf7fa038707c4c7 Harald Freudenberger 2017-09-18 818 case 14: bf7fa038707c4c7 Harald Freudenberger 2017-09-18 819 case 15: bf7fa038707c4c7 Harald Freudenberger 2017-09-18 820 case 16: bf7fa038707c4c7 Harald Freudenberger 2017-09-18 821 break; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 822 default: bf7fa038707c4c7 Harald Freudenberger 2017-09-18 823 return -EINVAL; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 824 } bf7fa038707c4c7 Harald Freudenberger 2017-09-18 825 bf7fa038707c4c7 Harald Freudenberger 2017-09-18 826 return 0; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 827 } bf7fa038707c4c7 Harald Freudenberger 2017-09-18 828 bef9f0ba300a55d Harald Freudenberger 2019-05-23 829 static void gcm_walk_start(struct gcm_sg_walk *gw, struct scatterlist *sg, bf7fa038707c4c7 Harald Freudenberger 2017-09-18 830 unsigned int len) bf7fa038707c4c7 Harald Freudenberger 2017-09-18 831 { bf7fa038707c4c7 Harald Freudenberger 2017-09-18 832 memset(gw, 0, sizeof(*gw)); bf7fa038707c4c7 Harald Freudenberger 2017-09-18 833 gw->walk_bytes_remain = len; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 834 scatterwalk_start(&gw->walk, sg); bf7fa038707c4c7 Harald Freudenberger 2017-09-18 835 } bf7fa038707c4c7 Harald Freudenberger 2017-09-18 836 bef9f0ba300a55d Harald Freudenberger 2019-05-23 837 static inline unsigned int _gcm_sg_clamp_and_map(struct gcm_sg_walk *gw) bef9f0ba300a55d Harald Freudenberger 2019-05-23 838 { bef9f0ba300a55d Harald Freudenberger 2019-05-23 839 struct scatterlist *nextsg; bef9f0ba300a55d Harald Freudenberger 2019-05-23 840 bef9f0ba300a55d Harald Freudenberger 2019-05-23 841 gw->walk_bytes = scatterwalk_clamp(&gw->walk, gw->walk_bytes_remain); bef9f0ba300a55d Harald Freudenberger 2019-05-23 842 while (!gw->walk_bytes) { bef9f0ba300a55d Harald Freudenberger 2019-05-23 843 nextsg = sg_next(gw->walk.sg); bef9f0ba300a55d Harald Freudenberger 2019-05-23 844 if (!nextsg) bef9f0ba300a55d Harald Freudenberger 2019-05-23 845 return 0; bef9f0ba300a55d Harald Freudenberger 2019-05-23 846 scatterwalk_start(&gw->walk, nextsg); bef9f0ba300a55d Harald Freudenberger 2019-05-23 847 gw->walk_bytes = scatterwalk_clamp(&gw->walk, bef9f0ba300a55d Harald Freudenberger 2019-05-23 848 gw->walk_bytes_remain); bef9f0ba300a55d Harald Freudenberger 2019-05-23 849 } bef9f0ba300a55d Harald Freudenberger 2019-05-23 850 gw->walk_ptr = scatterwalk_map(&gw->walk); bef9f0ba300a55d Harald Freudenberger 2019-05-23 851 return gw->walk_bytes; bef9f0ba300a55d Harald Freudenberger 2019-05-23 852 } bef9f0ba300a55d Harald Freudenberger 2019-05-23 853 bef9f0ba300a55d Harald Freudenberger 2019-05-23 854 static inline void _gcm_sg_unmap_and_advance(struct gcm_sg_walk *gw, bef9f0ba300a55d Harald Freudenberger 2019-05-23 855 unsigned int nbytes) bef9f0ba300a55d Harald Freudenberger 2019-05-23 856 { bef9f0ba300a55d Harald Freudenberger 2019-05-23 857 gw->walk_bytes_remain -= nbytes; bef9f0ba300a55d Harald Freudenberger 2019-05-23 858 scatterwalk_unmap(&gw->walk); bef9f0ba300a55d Harald Freudenberger 2019-05-23 859 scatterwalk_advance(&gw->walk, nbytes); bef9f0ba300a55d Harald Freudenberger 2019-05-23 860 scatterwalk_done(&gw->walk, 0, gw->walk_bytes_remain); bef9f0ba300a55d Harald Freudenberger 2019-05-23 861 gw->walk_ptr = NULL; bef9f0ba300a55d Harald Freudenberger 2019-05-23 862 } bef9f0ba300a55d Harald Freudenberger 2019-05-23 863 bef9f0ba300a55d Harald Freudenberger 2019-05-23 864 static int gcm_in_walk_go(struct gcm_sg_walk *gw, unsigned int minbytesneeded) bf7fa038707c4c7 Harald Freudenberger 2017-09-18 865 { bf7fa038707c4c7 Harald Freudenberger 2017-09-18 866 int n; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 867 bf7fa038707c4c7 Harald Freudenberger 2017-09-18 868 if (gw->buf_bytes && gw->buf_bytes >= minbytesneeded) { bf7fa038707c4c7 Harald Freudenberger 2017-09-18 869 gw->ptr = gw->buf; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 870 gw->nbytes = gw->buf_bytes; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 871 goto out; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 872 } bf7fa038707c4c7 Harald Freudenberger 2017-09-18 873 bf7fa038707c4c7 Harald Freudenberger 2017-09-18 874 if (gw->walk_bytes_remain == 0) { bf7fa038707c4c7 Harald Freudenberger 2017-09-18 875 gw->ptr = NULL; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 876 gw->nbytes = 0; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 877 goto out; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 878 } bf7fa038707c4c7 Harald Freudenberger 2017-09-18 879 bef9f0ba300a55d Harald Freudenberger 2019-05-23 880 if (!_gcm_sg_clamp_and_map(gw)) { bef9f0ba300a55d Harald Freudenberger 2019-05-23 881 gw->ptr = NULL; bef9f0ba300a55d Harald Freudenberger 2019-05-23 882 gw->nbytes = 0; bef9f0ba300a55d Harald Freudenberger 2019-05-23 883 goto out; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 884 } bf7fa038707c4c7 Harald Freudenberger 2017-09-18 885 bf7fa038707c4c7 Harald Freudenberger 2017-09-18 886 if (!gw->buf_bytes && gw->walk_bytes >= minbytesneeded) { bf7fa038707c4c7 Harald Freudenberger 2017-09-18 887 gw->ptr = gw->walk_ptr; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 888 gw->nbytes = gw->walk_bytes; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 889 goto out; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 890 } bf7fa038707c4c7 Harald Freudenberger 2017-09-18 891 bf7fa038707c4c7 Harald Freudenberger 2017-09-18 892 while (1) { bf7fa038707c4c7 Harald Freudenberger 2017-09-18 893 n = min(gw->walk_bytes, AES_BLOCK_SIZE - gw->buf_bytes); bf7fa038707c4c7 Harald Freudenberger 2017-09-18 894 memcpy(gw->buf + gw->buf_bytes, gw->walk_ptr, n); bf7fa038707c4c7 Harald Freudenberger 2017-09-18 895 gw->buf_bytes += n; bef9f0ba300a55d Harald Freudenberger 2019-05-23 896 _gcm_sg_unmap_and_advance(gw, n); bf7fa038707c4c7 Harald Freudenberger 2017-09-18 897 if (gw->buf_bytes >= minbytesneeded) { bf7fa038707c4c7 Harald Freudenberger 2017-09-18 898 gw->ptr = gw->buf; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 899 gw->nbytes = gw->buf_bytes; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 900 goto out; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 901 } bef9f0ba300a55d Harald Freudenberger 2019-05-23 902 if (!_gcm_sg_clamp_and_map(gw)) { bef9f0ba300a55d Harald Freudenberger 2019-05-23 903 gw->ptr = NULL; bef9f0ba300a55d Harald Freudenberger 2019-05-23 904 gw->nbytes = 0; bef9f0ba300a55d Harald Freudenberger 2019-05-23 905 goto out; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 906 } bf7fa038707c4c7 Harald Freudenberger 2017-09-18 907 } bf7fa038707c4c7 Harald Freudenberger 2017-09-18 908 bf7fa038707c4c7 Harald Freudenberger 2017-09-18 909 out: bf7fa038707c4c7 Harald Freudenberger 2017-09-18 910 return gw->nbytes; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 911 } bf7fa038707c4c7 Harald Freudenberger 2017-09-18 912 bef9f0ba300a55d Harald Freudenberger 2019-05-23 913 static int gcm_out_walk_go(struct gcm_sg_walk *gw, unsigned int minbytesneeded) bf7fa038707c4c7 Harald Freudenberger 2017-09-18 914 { bef9f0ba300a55d Harald Freudenberger 2019-05-23 915 if (gw->walk_bytes_remain == 0) { bef9f0ba300a55d Harald Freudenberger 2019-05-23 916 gw->ptr = NULL; bef9f0ba300a55d Harald Freudenberger 2019-05-23 917 gw->nbytes = 0; bef9f0ba300a55d Harald Freudenberger 2019-05-23 918 goto out; bef9f0ba300a55d Harald Freudenberger 2019-05-23 919 } bef9f0ba300a55d Harald Freudenberger 2019-05-23 920 bef9f0ba300a55d Harald Freudenberger 2019-05-23 921 if (!_gcm_sg_clamp_and_map(gw)) { bef9f0ba300a55d Harald Freudenberger 2019-05-23 922 gw->ptr = NULL; bef9f0ba300a55d Harald Freudenberger 2019-05-23 923 gw->nbytes = 0; bef9f0ba300a55d Harald Freudenberger 2019-05-23 924 goto out; bef9f0ba300a55d Harald Freudenberger 2019-05-23 925 } bef9f0ba300a55d Harald Freudenberger 2019-05-23 926 bef9f0ba300a55d Harald Freudenberger 2019-05-23 927 if (gw->walk_bytes >= minbytesneeded) { bef9f0ba300a55d Harald Freudenberger 2019-05-23 928 gw->ptr = gw->walk_ptr; bef9f0ba300a55d Harald Freudenberger 2019-05-23 929 gw->nbytes = gw->walk_bytes; bef9f0ba300a55d Harald Freudenberger 2019-05-23 930 goto out; bef9f0ba300a55d Harald Freudenberger 2019-05-23 931 } bef9f0ba300a55d Harald Freudenberger 2019-05-23 932 bef9f0ba300a55d Harald Freudenberger 2019-05-23 933 scatterwalk_unmap(&gw->walk); bef9f0ba300a55d Harald Freudenberger 2019-05-23 934 gw->walk_ptr = NULL; bef9f0ba300a55d Harald Freudenberger 2019-05-23 935 bef9f0ba300a55d Harald Freudenberger 2019-05-23 936 gw->ptr = gw->buf; bef9f0ba300a55d Harald Freudenberger 2019-05-23 937 gw->nbytes = sizeof(gw->buf); bef9f0ba300a55d Harald Freudenberger 2019-05-23 938 bef9f0ba300a55d Harald Freudenberger 2019-05-23 939 out: bef9f0ba300a55d Harald Freudenberger 2019-05-23 940 return gw->nbytes; bef9f0ba300a55d Harald Freudenberger 2019-05-23 941 } bf7fa038707c4c7 Harald Freudenberger 2017-09-18 942 bef9f0ba300a55d Harald Freudenberger 2019-05-23 943 static int gcm_in_walk_done(struct gcm_sg_walk *gw, unsigned int bytesdone) bef9f0ba300a55d Harald Freudenberger 2019-05-23 944 { bf7fa038707c4c7 Harald Freudenberger 2017-09-18 945 if (gw->ptr == NULL) bef9f0ba300a55d Harald Freudenberger 2019-05-23 946 return 0; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 947 bf7fa038707c4c7 Harald Freudenberger 2017-09-18 948 if (gw->ptr == gw->buf) { bef9f0ba300a55d Harald Freudenberger 2019-05-23 949 int n = gw->buf_bytes - bytesdone; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 950 if (n > 0) { bf7fa038707c4c7 Harald Freudenberger 2017-09-18 951 memmove(gw->buf, gw->buf + bytesdone, n); bef9f0ba300a55d Harald Freudenberger 2019-05-23 952 gw->buf_bytes = n; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 953 } else bf7fa038707c4c7 Harald Freudenberger 2017-09-18 954 gw->buf_bytes = 0; bef9f0ba300a55d Harald Freudenberger 2019-05-23 955 } else bef9f0ba300a55d Harald Freudenberger 2019-05-23 956 _gcm_sg_unmap_and_advance(gw, bytesdone); bef9f0ba300a55d Harald Freudenberger 2019-05-23 957 bef9f0ba300a55d Harald Freudenberger 2019-05-23 958 return bytesdone; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 959 } bef9f0ba300a55d Harald Freudenberger 2019-05-23 960 bef9f0ba300a55d Harald Freudenberger 2019-05-23 961 static int gcm_out_walk_done(struct gcm_sg_walk *gw, unsigned int bytesdone) bef9f0ba300a55d Harald Freudenberger 2019-05-23 962 { bef9f0ba300a55d Harald Freudenberger 2019-05-23 963 int i, n; bef9f0ba300a55d Harald Freudenberger 2019-05-23 964 bef9f0ba300a55d Harald Freudenberger 2019-05-23 965 if (gw->ptr == NULL) bef9f0ba300a55d Harald Freudenberger 2019-05-23 966 return 0; bef9f0ba300a55d Harald Freudenberger 2019-05-23 967 bef9f0ba300a55d Harald Freudenberger 2019-05-23 968 if (gw->ptr == gw->buf) { bef9f0ba300a55d Harald Freudenberger 2019-05-23 969 for (i = 0; i < bytesdone; i += n) { bef9f0ba300a55d Harald Freudenberger 2019-05-23 970 if (!_gcm_sg_clamp_and_map(gw)) bef9f0ba300a55d Harald Freudenberger 2019-05-23 971 return i; bef9f0ba300a55d Harald Freudenberger 2019-05-23 972 n = min(gw->walk_bytes, bytesdone - i); bef9f0ba300a55d Harald Freudenberger 2019-05-23 973 memcpy(gw->walk_ptr, gw->buf + i, n); bef9f0ba300a55d Harald Freudenberger 2019-05-23 974 _gcm_sg_unmap_and_advance(gw, n); bef9f0ba300a55d Harald Freudenberger 2019-05-23 975 } bef9f0ba300a55d Harald Freudenberger 2019-05-23 976 } else bef9f0ba300a55d Harald Freudenberger 2019-05-23 977 _gcm_sg_unmap_and_advance(gw, bytesdone); bef9f0ba300a55d Harald Freudenberger 2019-05-23 978 bef9f0ba300a55d Harald Freudenberger 2019-05-23 979 return bytesdone; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 980 } bf7fa038707c4c7 Harald Freudenberger 2017-09-18 981 bf7fa038707c4c7 Harald Freudenberger 2017-09-18 982 static int gcm_aes_crypt(struct aead_request *req, unsigned int flags) bf7fa038707c4c7 Harald Freudenberger 2017-09-18 983 { bf7fa038707c4c7 Harald Freudenberger 2017-09-18 984 struct crypto_aead *tfm = crypto_aead_reqtfm(req); bf7fa038707c4c7 Harald Freudenberger 2017-09-18 985 struct s390_aes_ctx *ctx = crypto_aead_ctx(tfm); bf7fa038707c4c7 Harald Freudenberger 2017-09-18 986 unsigned int ivsize = crypto_aead_ivsize(tfm); bf7fa038707c4c7 Harald Freudenberger 2017-09-18 987 unsigned int taglen = crypto_aead_authsize(tfm); bf7fa038707c4c7 Harald Freudenberger 2017-09-18 988 unsigned int aadlen = req->assoclen; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 989 unsigned int pclen = req->cryptlen; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 990 int ret = 0; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 991 bef9f0ba300a55d Harald Freudenberger 2019-05-23 992 unsigned int n, len, in_bytes, out_bytes, bf7fa038707c4c7 Harald Freudenberger 2017-09-18 993 min_bytes, bytes, aad_bytes, pc_bytes; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 994 struct gcm_sg_walk gw_in, gw_out; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 995 u8 tag[GHASH_DIGEST_SIZE]; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 996 bf7fa038707c4c7 Harald Freudenberger 2017-09-18 997 struct { bf7fa038707c4c7 Harald Freudenberger 2017-09-18 998 u32 _[3]; /* reserved */ bf7fa038707c4c7 Harald Freudenberger 2017-09-18 999 u32 cv; /* Counter Value */ bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1000 u8 t[GHASH_DIGEST_SIZE];/* Tag */ bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1001 u8 h[AES_BLOCK_SIZE]; /* Hash-subkey */ bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1002 u64 taadl; /* Total AAD Length */ bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1003 u64 tpcl; /* Total Plain-/Cipher-text Length */ bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1004 u8 j0[GHASH_BLOCK_SIZE];/* initial counter value */ bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1005 u8 k[AES_MAX_KEY_SIZE]; /* Key */ bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1006 } param; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1007 bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1008 /* bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1009 * encrypt bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1010 * req->src: aad||plaintext bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1011 * req->dst: aad||ciphertext||tag bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1012 * decrypt bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1013 * req->src: aad||ciphertext||tag bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1014 * req->dst: aad||plaintext, return 0 or -EBADMSG bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1015 * aad, plaintext and ciphertext may be empty. bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1016 */ bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1017 if (flags & CPACF_DECRYPT) bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1018 pclen -= taglen; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1019 len = aadlen + pclen; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1020 bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1021 memset(¶m, 0, sizeof(param)); bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1022 param.cv = 1; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1023 param.taadl = aadlen * 8; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1024 param.tpcl = pclen * 8; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1025 memcpy(param.j0, req->iv, ivsize); bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1026 *(u32 *)(param.j0 + ivsize) = 1; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1027 memcpy(param.k, ctx->key, ctx->key_len); bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1028 bef9f0ba300a55d Harald Freudenberger 2019-05-23 1029 gcm_walk_start(&gw_in, req->src, len); bef9f0ba300a55d Harald Freudenberger 2019-05-23 1030 gcm_walk_start(&gw_out, req->dst, len); bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1031 bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1032 do { bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1033 min_bytes = min_t(unsigned int, bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1034 aadlen > 0 ? aadlen : pclen, AES_BLOCK_SIZE); bef9f0ba300a55d Harald Freudenberger 2019-05-23 1035 in_bytes = gcm_in_walk_go(&gw_in, min_bytes); bef9f0ba300a55d Harald Freudenberger 2019-05-23 1036 out_bytes = gcm_out_walk_go(&gw_out, min_bytes); bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1037 bytes = min(in_bytes, out_bytes); bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1038 bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1039 if (aadlen + pclen <= bytes) { bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1040 aad_bytes = aadlen; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1041 pc_bytes = pclen; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1042 flags |= CPACF_KMA_LAAD | CPACF_KMA_LPC; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1043 } else { bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1044 if (aadlen <= bytes) { bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1045 aad_bytes = aadlen; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1046 pc_bytes = (bytes - aadlen) & bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1047 ~(AES_BLOCK_SIZE - 1); bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1048 flags |= CPACF_KMA_LAAD; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1049 } else { bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1050 aad_bytes = bytes & ~(AES_BLOCK_SIZE - 1); bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1051 pc_bytes = 0; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1052 } bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1053 } bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1054 bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1055 if (aad_bytes > 0) bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1056 memcpy(gw_out.ptr, gw_in.ptr, aad_bytes); bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1057 bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1058 cpacf_kma(ctx->fc | flags, ¶m, bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1059 gw_out.ptr + aad_bytes, bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1060 gw_in.ptr + aad_bytes, pc_bytes, bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1061 gw_in.ptr, aad_bytes); bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1062 bef9f0ba300a55d Harald Freudenberger 2019-05-23 1063 n = aad_bytes + pc_bytes; bef9f0ba300a55d Harald Freudenberger 2019-05-23 1064 if (gcm_in_walk_done(&gw_in, n) != n) bef9f0ba300a55d Harald Freudenberger 2019-05-23 1065 return -ENOMEM; bef9f0ba300a55d Harald Freudenberger 2019-05-23 1066 if (gcm_out_walk_done(&gw_out, n) != n) bef9f0ba300a55d Harald Freudenberger 2019-05-23 1067 return -ENOMEM; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1068 aadlen -= aad_bytes; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1069 pclen -= pc_bytes; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1070 } while (aadlen + pclen > 0); bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1071 bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1072 if (flags & CPACF_DECRYPT) { bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1073 scatterwalk_map_and_copy(tag, req->src, len, taglen, 0); bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1074 if (crypto_memneq(tag, param.t, taglen)) bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1075 ret = -EBADMSG; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1076 } else bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1077 scatterwalk_map_and_copy(param.t, req->dst, len, taglen, 1); bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1078 bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1079 memzero_explicit(¶m, sizeof(param)); bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1080 return ret; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1081 } bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1082 bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1083 static int gcm_aes_encrypt(struct aead_request *req) bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1084 { bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1085 return gcm_aes_crypt(req, CPACF_ENCRYPT); bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1086 } bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1087 bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1088 static int gcm_aes_decrypt(struct aead_request *req) bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1089 { bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1090 return gcm_aes_crypt(req, CPACF_DECRYPT); bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1091 } bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1092 bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1093 static struct aead_alg gcm_aes_aead = { bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1094 .setkey = gcm_aes_setkey, bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1095 .setauthsize = gcm_aes_setauthsize, bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1096 .encrypt = gcm_aes_encrypt, bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1097 .decrypt = gcm_aes_decrypt, bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1098 bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1099 .ivsize = GHASH_BLOCK_SIZE - sizeof(u32), bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1100 .maxauthsize = GHASH_DIGEST_SIZE, bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1101 .chunksize = AES_BLOCK_SIZE, bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1102 bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1103 .base = { bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1104 .cra_blocksize = 1, bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1105 .cra_ctxsize = sizeof(struct s390_aes_ctx), bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1106 .cra_priority = 900, bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1107 .cra_name = "gcm(aes)", bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1108 .cra_driver_name = "gcm-aes-s390", bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1109 .cra_module = THIS_MODULE, bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1110 }, bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1111 }; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1112 d863d5945f2be0a Martin Schwidefsky 2016-08-18 1113 static struct crypto_alg *aes_s390_algs_ptr[5]; d863d5945f2be0a Martin Schwidefsky 2016-08-18 1114 static int aes_s390_algs_num; c7260ca335a09fb Harald Freudenberger 2018-03-01 1115 static struct aead_alg *aes_s390_aead_alg; d863d5945f2be0a Martin Schwidefsky 2016-08-18 1116 d863d5945f2be0a Martin Schwidefsky 2016-08-18 1117 static int aes_s390_register_alg(struct crypto_alg *alg) d863d5945f2be0a Martin Schwidefsky 2016-08-18 1118 { d863d5945f2be0a Martin Schwidefsky 2016-08-18 1119 int ret; d863d5945f2be0a Martin Schwidefsky 2016-08-18 1120 d863d5945f2be0a Martin Schwidefsky 2016-08-18 1121 ret = crypto_register_alg(alg); d863d5945f2be0a Martin Schwidefsky 2016-08-18 1122 if (!ret) d863d5945f2be0a Martin Schwidefsky 2016-08-18 1123 aes_s390_algs_ptr[aes_s390_algs_num++] = alg; d863d5945f2be0a Martin Schwidefsky 2016-08-18 1124 return ret; d863d5945f2be0a Martin Schwidefsky 2016-08-18 1125 } d863d5945f2be0a Martin Schwidefsky 2016-08-18 1126 d863d5945f2be0a Martin Schwidefsky 2016-08-18 1127 static void aes_s390_fini(void) d863d5945f2be0a Martin Schwidefsky 2016-08-18 1128 { d863d5945f2be0a Martin Schwidefsky 2016-08-18 1129 while (aes_s390_algs_num--) d863d5945f2be0a Martin Schwidefsky 2016-08-18 1130 crypto_unregister_alg(aes_s390_algs_ptr[aes_s390_algs_num]); d863d5945f2be0a Martin Schwidefsky 2016-08-18 1131 if (ctrblk) d863d5945f2be0a Martin Schwidefsky 2016-08-18 1132 free_page((unsigned long) ctrblk); bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1133 c7260ca335a09fb Harald Freudenberger 2018-03-01 1134 if (aes_s390_aead_alg) c7260ca335a09fb Harald Freudenberger 2018-03-01 1135 crypto_unregister_aead(aes_s390_aead_alg); d863d5945f2be0a Martin Schwidefsky 2016-08-18 1136 } 4f57ba716b12ab9 Ingo Tuchscherer 2013-10-15 1137 9f7819c1e51d531 Heiko Carstens 2008-04-17 1138 static int __init aes_s390_init(void) bf754ae8ef8bc44 Jan Glauber 2006-01-06 1139 { bf754ae8ef8bc44 Jan Glauber 2006-01-06 1140 int ret; bf754ae8ef8bc44 Jan Glauber 2006-01-06 1141 bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1142 /* Query available functions for KM, KMC, KMCTR and KMA */ 69c0e360f990c2d Martin Schwidefsky 2016-08-18 1143 cpacf_query(CPACF_KM, &km_functions); 69c0e360f990c2d Martin Schwidefsky 2016-08-18 1144 cpacf_query(CPACF_KMC, &kmc_functions); 69c0e360f990c2d Martin Schwidefsky 2016-08-18 1145 cpacf_query(CPACF_KMCTR, &kmctr_functions); bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1146 cpacf_query(CPACF_KMA, &kma_functions); bf754ae8ef8bc44 Jan Glauber 2006-01-06 1147 69c0e360f990c2d Martin Schwidefsky 2016-08-18 1148 if (cpacf_test_func(&km_functions, CPACF_KM_AES_128) || 69c0e360f990c2d Martin Schwidefsky 2016-08-18 1149 cpacf_test_func(&km_functions, CPACF_KM_AES_192) || 69c0e360f990c2d Martin Schwidefsky 2016-08-18 1150 cpacf_test_func(&km_functions, CPACF_KM_AES_256)) { d863d5945f2be0a Martin Schwidefsky 2016-08-18 1151 ret = aes_s390_register_alg(&aes_alg); 86aa9fc2456d8a6 Jan Glauber 2007-02-05 1152 if (ret) d863d5945f2be0a Martin Schwidefsky 2016-08-18 1153 goto out_err; d863d5945f2be0a Martin Schwidefsky 2016-08-18 1154 ret = aes_s390_register_alg(&ecb_aes_alg); 86aa9fc2456d8a6 Jan Glauber 2007-02-05 1155 if (ret) d863d5945f2be0a Martin Schwidefsky 2016-08-18 1156 goto out_err; 69c0e360f990c2d Martin Schwidefsky 2016-08-18 1157 } a9e62fadf0b02ba Herbert Xu 2006-08-21 1158 69c0e360f990c2d Martin Schwidefsky 2016-08-18 1159 if (cpacf_test_func(&kmc_functions, CPACF_KMC_AES_128) || 69c0e360f990c2d Martin Schwidefsky 2016-08-18 1160 cpacf_test_func(&kmc_functions, CPACF_KMC_AES_192) || 69c0e360f990c2d Martin Schwidefsky 2016-08-18 1161 cpacf_test_func(&kmc_functions, CPACF_KMC_AES_256)) { d863d5945f2be0a Martin Schwidefsky 2016-08-18 1162 ret = aes_s390_register_alg(&cbc_aes_alg); 86aa9fc2456d8a6 Jan Glauber 2007-02-05 1163 if (ret) d863d5945f2be0a Martin Schwidefsky 2016-08-18 1164 goto out_err; 69c0e360f990c2d Martin Schwidefsky 2016-08-18 1165 } a9e62fadf0b02ba Herbert Xu 2006-08-21 1166 69c0e360f990c2d Martin Schwidefsky 2016-08-18 1167 if (cpacf_test_func(&km_functions, CPACF_KM_XTS_128) || 69c0e360f990c2d Martin Schwidefsky 2016-08-18 1168 cpacf_test_func(&km_functions, CPACF_KM_XTS_256)) { d863d5945f2be0a Martin Schwidefsky 2016-08-18 1169 ret = aes_s390_register_alg(&xts_aes_alg); 99d97222150a24e Gerald Schaefer 2011-04-26 1170 if (ret) d863d5945f2be0a Martin Schwidefsky 2016-08-18 1171 goto out_err; 99d97222150a24e Gerald Schaefer 2011-04-26 1172 } 99d97222150a24e Gerald Schaefer 2011-04-26 1173 69c0e360f990c2d Martin Schwidefsky 2016-08-18 1174 if (cpacf_test_func(&kmctr_functions, CPACF_KMCTR_AES_128) || 69c0e360f990c2d Martin Schwidefsky 2016-08-18 1175 cpacf_test_func(&kmctr_functions, CPACF_KMCTR_AES_192) || 69c0e360f990c2d Martin Schwidefsky 2016-08-18 1176 cpacf_test_func(&kmctr_functions, CPACF_KMCTR_AES_256)) { 0200f3ecc19660b Gerald Schaefer 2011-05-04 1177 ctrblk = (u8 *) __get_free_page(GFP_KERNEL); 0200f3ecc19660b Gerald Schaefer 2011-05-04 1178 if (!ctrblk) { 0200f3ecc19660b Gerald Schaefer 2011-05-04 1179 ret = -ENOMEM; d863d5945f2be0a Martin Schwidefsky 2016-08-18 1180 goto out_err; 0200f3ecc19660b Gerald Schaefer 2011-05-04 1181 } d863d5945f2be0a Martin Schwidefsky 2016-08-18 1182 ret = aes_s390_register_alg(&ctr_aes_alg); d863d5945f2be0a Martin Schwidefsky 2016-08-18 1183 if (ret) d863d5945f2be0a Martin Schwidefsky 2016-08-18 1184 goto out_err; 0200f3ecc19660b Gerald Schaefer 2011-05-04 1185 } 0200f3ecc19660b Gerald Schaefer 2011-05-04 1186 bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1187 if (cpacf_test_func(&kma_functions, CPACF_KMA_GCM_AES_128) || bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1188 cpacf_test_func(&kma_functions, CPACF_KMA_GCM_AES_192) || bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1189 cpacf_test_func(&kma_functions, CPACF_KMA_GCM_AES_256)) { bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1190 ret = crypto_register_aead(&gcm_aes_aead); bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1191 if (ret) bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1192 goto out_err; c7260ca335a09fb Harald Freudenberger 2018-03-01 1193 aes_s390_aead_alg = &gcm_aes_aead; bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1194 } bf7fa038707c4c7 Harald Freudenberger 2017-09-18 1195 d863d5945f2be0a Martin Schwidefsky 2016-08-18 1196 return 0; d863d5945f2be0a Martin Schwidefsky 2016-08-18 1197 out_err: d863d5945f2be0a Martin Schwidefsky 2016-08-18 1198 aes_s390_fini(); bf754ae8ef8bc44 Jan Glauber 2006-01-06 1199 return ret; bf754ae8ef8bc44 Jan Glauber 2006-01-06 1200 } bf754ae8ef8bc44 Jan Glauber 2006-01-06 1201 d05377c12ae2ac8 Hendrik Brueckner 2015-02-19 1202 module_cpu_feature_match(MSA, aes_s390_init); 9f7819c1e51d531 Heiko Carstens 2008-04-17 1203 module_exit(aes_s390_fini); bf754ae8ef8bc44 Jan Glauber 2006-01-06 1204 5d26a105b5a73e5 Kees Cook 2014-11-20 1205 MODULE_ALIAS_CRYPTO("aes-all"); bf754ae8ef8bc44 Jan Glauber 2006-01-06 1206 bf754ae8ef8bc44 Jan Glauber 2006-01-06 1207 MODULE_DESCRIPTION("Rijndael (AES) Cipher Algorithm"); bf754ae8ef8bc44 Jan Glauber 2006-01-06 1208 MODULE_LICENSE("GPL"); :::::: The code at line 111 was first introduced by commit :::::: 6c2bb98bc33ae33c7a33a133a4cd5a06395fece5 [CRYPTO] all: Pass tfm instead of ctx to algorithms :::::: TO: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> :::::: CC: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> --- 0-DAY kernel test infrastructure Open Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation
Attachment:
.config.gz
Description: application/gzip