mirror of
				git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
				synced 2025-09-18 22:14:16 +00:00 
			
		
		
		
	[PATCH] s390: aes support
Add support for the hardware accelerated AES crypto algorithm. Signed-off-by: Jan Glauber <jan.glauber@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This commit is contained in:
		
							parent
							
								
									0a497c17fe
								
							
						
					
					
						commit
						bf754ae8ef
					
				
					 6 changed files with 308 additions and 14 deletions
				
			
		|  | @ -5,5 +5,6 @@ | |||
| obj-$(CONFIG_CRYPTO_SHA1_S390) += sha1_s390.o | ||||
| obj-$(CONFIG_CRYPTO_SHA256_S390) += sha256_s390.o | ||||
| obj-$(CONFIG_CRYPTO_DES_S390) += des_s390.o des_check_key.o | ||||
| obj-$(CONFIG_CRYPTO_AES_S390) += aes_s390.o | ||||
| 
 | ||||
| obj-$(CONFIG_CRYPTO_TEST) += crypt_s390_query.o | ||||
|  |  | |||
							
								
								
									
										248
									
								
								arch/s390/crypto/aes_s390.c
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										248
									
								
								arch/s390/crypto/aes_s390.c
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,248 @@ | |||
| /*
 | ||||
|  * Cryptographic API. | ||||
|  * | ||||
|  * s390 implementation of the AES Cipher Algorithm. | ||||
|  * | ||||
|  * s390 Version: | ||||
|  *   Copyright (C) 2005 IBM Deutschland GmbH, IBM Corporation | ||||
|  *   Author(s): Jan Glauber (jang@de.ibm.com) | ||||
|  * | ||||
|  * Derived from "crypto/aes.c" | ||||
|  * | ||||
|  * This program is free software; you can redistribute it and/or modify it | ||||
|  * under the terms of the GNU General Public License as published by the Free | ||||
|  * Software Foundation; either version 2 of the License, or (at your option) | ||||
|  * any later version. | ||||
|  * | ||||
|  */ | ||||
| 
 | ||||
| #include <linux/module.h> | ||||
| #include <linux/init.h> | ||||
| #include <linux/crypto.h> | ||||
| #include "crypt_s390.h" | ||||
| 
 | ||||
| #define AES_MIN_KEY_SIZE	16 | ||||
| #define AES_MAX_KEY_SIZE	32 | ||||
| 
 | ||||
| /* data block size for all key lengths */ | ||||
| #define AES_BLOCK_SIZE		16 | ||||
| 
 | ||||
| int has_aes_128 = 0; | ||||
| int has_aes_192 = 0; | ||||
| int has_aes_256 = 0; | ||||
| 
 | ||||
| struct s390_aes_ctx { | ||||
| 	u8 iv[AES_BLOCK_SIZE]; | ||||
| 	u8 key[AES_MAX_KEY_SIZE]; | ||||
| 	int key_len; | ||||
| }; | ||||
| 
 | ||||
| static int aes_set_key(void *ctx, const u8 *in_key, unsigned int key_len, | ||||
| 		       u32 *flags) | ||||
| { | ||||
| 	struct s390_aes_ctx *sctx = ctx; | ||||
| 
 | ||||
| 	switch (key_len) { | ||||
| 	case 16: | ||||
| 		if (!has_aes_128) | ||||
| 			goto fail; | ||||
| 		break; | ||||
| 	case 24: | ||||
| 		if (!has_aes_192) | ||||
| 			goto fail; | ||||
| 
 | ||||
| 		break; | ||||
| 	case 32: | ||||
| 		if (!has_aes_256) | ||||
| 			goto fail; | ||||
| 		break; | ||||
| 	default: | ||||
| 		/* invalid key length */ | ||||
| 		goto fail; | ||||
| 		break; | ||||
| 	} | ||||
| 
 | ||||
| 	sctx->key_len = key_len; | ||||
| 	memcpy(sctx->key, in_key, key_len); | ||||
| 	return 0; | ||||
| fail: | ||||
| 	*flags |= CRYPTO_TFM_RES_BAD_KEY_LEN; | ||||
| 	return -EINVAL; | ||||
| } | ||||
| 
 | ||||
| static void aes_encrypt(void *ctx, u8 *out, const u8 *in) | ||||
| { | ||||
| 	const struct s390_aes_ctx *sctx = ctx; | ||||
| 
 | ||||
| 	switch (sctx->key_len) { | ||||
| 	case 16: | ||||
| 		crypt_s390_km(KM_AES_128_ENCRYPT, &sctx->key, out, in, | ||||
| 			      AES_BLOCK_SIZE); | ||||
| 		break; | ||||
| 	case 24: | ||||
| 		crypt_s390_km(KM_AES_192_ENCRYPT, &sctx->key, out, in, | ||||
| 			      AES_BLOCK_SIZE); | ||||
| 		break; | ||||
| 	case 32: | ||||
| 		crypt_s390_km(KM_AES_256_ENCRYPT, &sctx->key, out, in, | ||||
| 			      AES_BLOCK_SIZE); | ||||
| 		break; | ||||
| 	} | ||||
| } | ||||
| 
 | ||||
| static void aes_decrypt(void *ctx, u8 *out, const u8 *in) | ||||
| { | ||||
| 	const struct s390_aes_ctx *sctx = ctx; | ||||
| 
 | ||||
| 	switch (sctx->key_len) { | ||||
| 	case 16: | ||||
| 		crypt_s390_km(KM_AES_128_DECRYPT, &sctx->key, out, in, | ||||
| 			      AES_BLOCK_SIZE); | ||||
| 		break; | ||||
| 	case 24: | ||||
| 		crypt_s390_km(KM_AES_192_DECRYPT, &sctx->key, out, in, | ||||
| 			      AES_BLOCK_SIZE); | ||||
| 		break; | ||||
| 	case 32: | ||||
| 		crypt_s390_km(KM_AES_256_DECRYPT, &sctx->key, out, in, | ||||
| 			      AES_BLOCK_SIZE); | ||||
| 		break; | ||||
| 	} | ||||
| } | ||||
| 
 | ||||
| static unsigned int aes_encrypt_ecb(const struct cipher_desc *desc, u8 *out, | ||||
| 				    const u8 *in, unsigned int nbytes) | ||||
| { | ||||
| 	struct s390_aes_ctx *sctx = crypto_tfm_ctx(desc->tfm); | ||||
| 
 | ||||
| 	switch (sctx->key_len) { | ||||
| 	case 16: | ||||
| 		crypt_s390_km(KM_AES_128_ENCRYPT, &sctx->key, out, in, nbytes); | ||||
| 		break; | ||||
| 	case 24: | ||||
| 		crypt_s390_km(KM_AES_192_ENCRYPT, &sctx->key, out, in, nbytes); | ||||
| 		break; | ||||
| 	case 32: | ||||
| 		crypt_s390_km(KM_AES_256_ENCRYPT, &sctx->key, out, in, nbytes); | ||||
| 		break; | ||||
| 	} | ||||
| 	return nbytes & ~(AES_BLOCK_SIZE - 1); | ||||
| } | ||||
| 
 | ||||
| static unsigned int aes_decrypt_ecb(const struct cipher_desc *desc, u8 *out, | ||||
| 				    const u8 *in, unsigned int nbytes) | ||||
| { | ||||
| 	struct s390_aes_ctx *sctx = crypto_tfm_ctx(desc->tfm); | ||||
| 
 | ||||
| 	switch (sctx->key_len) { | ||||
| 	case 16: | ||||
| 		crypt_s390_km(KM_AES_128_DECRYPT, &sctx->key, out, in, nbytes); | ||||
| 		break; | ||||
| 	case 24: | ||||
| 		crypt_s390_km(KM_AES_192_DECRYPT, &sctx->key, out, in, nbytes); | ||||
| 		break; | ||||
| 	case 32: | ||||
| 		crypt_s390_km(KM_AES_256_DECRYPT, &sctx->key, out, in, nbytes); | ||||
| 		break; | ||||
| 	} | ||||
| 	return nbytes & ~(AES_BLOCK_SIZE - 1); | ||||
| } | ||||
| 
 | ||||
| static unsigned int aes_encrypt_cbc(const struct cipher_desc *desc, u8 *out, | ||||
| 				    const u8 *in, unsigned int nbytes) | ||||
| { | ||||
| 	struct s390_aes_ctx *sctx = crypto_tfm_ctx(desc->tfm); | ||||
| 
 | ||||
| 	memcpy(&sctx->iv, desc->info, AES_BLOCK_SIZE); | ||||
| 	switch (sctx->key_len) { | ||||
| 	case 16: | ||||
| 		crypt_s390_kmc(KMC_AES_128_ENCRYPT, &sctx->iv, out, in, nbytes); | ||||
| 		break; | ||||
| 	case 24: | ||||
| 		crypt_s390_kmc(KMC_AES_192_ENCRYPT, &sctx->iv, out, in, nbytes); | ||||
| 		break; | ||||
| 	case 32: | ||||
| 		crypt_s390_kmc(KMC_AES_256_ENCRYPT, &sctx->iv, out, in, nbytes); | ||||
| 		break; | ||||
| 	} | ||||
| 	memcpy(desc->info, &sctx->iv, AES_BLOCK_SIZE); | ||||
| 
 | ||||
| 	return nbytes & ~(AES_BLOCK_SIZE - 1); | ||||
| } | ||||
| 
 | ||||
| static unsigned int aes_decrypt_cbc(const struct cipher_desc *desc, u8 *out, | ||||
| 				    const u8 *in, unsigned int nbytes) | ||||
| { | ||||
| 	struct s390_aes_ctx *sctx = crypto_tfm_ctx(desc->tfm); | ||||
| 
 | ||||
| 	memcpy(&sctx->iv, desc->info, AES_BLOCK_SIZE); | ||||
| 	switch (sctx->key_len) { | ||||
| 	case 16: | ||||
| 		crypt_s390_kmc(KMC_AES_128_DECRYPT, &sctx->iv, out, in, nbytes); | ||||
| 		break; | ||||
| 	case 24: | ||||
| 		crypt_s390_kmc(KMC_AES_192_DECRYPT, &sctx->iv, out, in, nbytes); | ||||
| 		break; | ||||
| 	case 32: | ||||
| 		crypt_s390_kmc(KMC_AES_256_DECRYPT, &sctx->iv, out, in, nbytes); | ||||
| 		break; | ||||
| 	} | ||||
| 	return nbytes & ~(AES_BLOCK_SIZE - 1); | ||||
| } | ||||
| 
 | ||||
| 
 | ||||
| static struct crypto_alg aes_alg = { | ||||
| 	.cra_name		=	"aes", | ||||
| 	.cra_flags		=	CRYPTO_ALG_TYPE_CIPHER, | ||||
| 	.cra_blocksize		=	AES_BLOCK_SIZE, | ||||
| 	.cra_ctxsize		=	sizeof(struct s390_aes_ctx), | ||||
| 	.cra_module		=	THIS_MODULE, | ||||
| 	.cra_list		=	LIST_HEAD_INIT(aes_alg.cra_list), | ||||
| 	.cra_u			=	{ | ||||
| 		.cipher = { | ||||
| 			.cia_min_keysize	=	AES_MIN_KEY_SIZE, | ||||
| 			.cia_max_keysize	=	AES_MAX_KEY_SIZE, | ||||
| 			.cia_setkey		=	aes_set_key, | ||||
| 			.cia_encrypt		=	aes_encrypt, | ||||
| 			.cia_decrypt		=	aes_decrypt, | ||||
| 			.cia_encrypt_ecb	=	aes_encrypt_ecb, | ||||
| 			.cia_decrypt_ecb	=	aes_decrypt_ecb, | ||||
| 			.cia_encrypt_cbc	=	aes_encrypt_cbc, | ||||
| 			.cia_decrypt_cbc	=	aes_decrypt_cbc, | ||||
| 		} | ||||
| 	} | ||||
| }; | ||||
| 
 | ||||
| static int __init aes_init(void) | ||||
| { | ||||
| 	int ret; | ||||
| 
 | ||||
| 	if (crypt_s390_func_available(KM_AES_128_ENCRYPT)) | ||||
| 		has_aes_128 = 1; | ||||
| 	if (crypt_s390_func_available(KM_AES_192_ENCRYPT)) | ||||
| 		has_aes_192 = 1; | ||||
| 	if (crypt_s390_func_available(KM_AES_256_ENCRYPT)) | ||||
| 		has_aes_256 = 1; | ||||
| 
 | ||||
| 	if (!has_aes_128 && !has_aes_192 && !has_aes_256) | ||||
| 		return -ENOSYS; | ||||
| 
 | ||||
| 	ret = crypto_register_alg(&aes_alg); | ||||
| 	if (ret != 0) | ||||
| 		printk(KERN_INFO "crypt_s390: aes_s390 couldn't be loaded.\n"); | ||||
| 	return ret; | ||||
| } | ||||
| 
 | ||||
| static void __exit aes_fini(void) | ||||
| { | ||||
| 	crypto_unregister_alg(&aes_alg); | ||||
| } | ||||
| 
 | ||||
| module_init(aes_init); | ||||
| module_exit(aes_fini); | ||||
| 
 | ||||
| MODULE_ALIAS("aes"); | ||||
| 
 | ||||
| MODULE_DESCRIPTION("Rijndael (AES) Cipher Algorithm"); | ||||
| MODULE_LICENSE("GPL"); | ||||
| 
 | ||||
|  | @ -33,26 +33,38 @@ enum crypt_s390_operations { | |||
|  * 0x80 is the decipher modifier bit | ||||
|  */ | ||||
| enum crypt_s390_km_func { | ||||
| 	KM_QUERY            = CRYPT_S390_KM | 0, | ||||
| 	KM_DEA_ENCRYPT      = CRYPT_S390_KM | 1, | ||||
| 	KM_DEA_DECRYPT      = CRYPT_S390_KM | 1 | 0x80, | ||||
| 	KM_TDEA_128_ENCRYPT = CRYPT_S390_KM | 2, | ||||
| 	KM_TDEA_128_DECRYPT = CRYPT_S390_KM | 2 | 0x80, | ||||
| 	KM_TDEA_192_ENCRYPT = CRYPT_S390_KM | 3, | ||||
| 	KM_TDEA_192_DECRYPT = CRYPT_S390_KM | 3 | 0x80, | ||||
| 	KM_QUERY	    = CRYPT_S390_KM | 0x0, | ||||
| 	KM_DEA_ENCRYPT      = CRYPT_S390_KM | 0x1, | ||||
| 	KM_DEA_DECRYPT      = CRYPT_S390_KM | 0x1 | 0x80, | ||||
| 	KM_TDEA_128_ENCRYPT = CRYPT_S390_KM | 0x2, | ||||
| 	KM_TDEA_128_DECRYPT = CRYPT_S390_KM | 0x2 | 0x80, | ||||
| 	KM_TDEA_192_ENCRYPT = CRYPT_S390_KM | 0x3, | ||||
| 	KM_TDEA_192_DECRYPT = CRYPT_S390_KM | 0x3 | 0x80, | ||||
| 	KM_AES_128_ENCRYPT  = CRYPT_S390_KM | 0x12, | ||||
| 	KM_AES_128_DECRYPT  = CRYPT_S390_KM | 0x12 | 0x80, | ||||
| 	KM_AES_192_ENCRYPT  = CRYPT_S390_KM | 0x13, | ||||
| 	KM_AES_192_DECRYPT  = CRYPT_S390_KM | 0x13 | 0x80, | ||||
| 	KM_AES_256_ENCRYPT  = CRYPT_S390_KM | 0x14, | ||||
| 	KM_AES_256_DECRYPT  = CRYPT_S390_KM | 0x14 | 0x80, | ||||
| }; | ||||
| 
 | ||||
| /* function codes for KMC (CIPHER MESSAGE WITH CHAINING)
 | ||||
|  * instruction | ||||
|  */ | ||||
| enum crypt_s390_kmc_func { | ||||
| 	KMC_QUERY            = CRYPT_S390_KMC | 0, | ||||
| 	KMC_DEA_ENCRYPT      = CRYPT_S390_KMC | 1, | ||||
| 	KMC_DEA_DECRYPT      = CRYPT_S390_KMC | 1 | 0x80, | ||||
| 	KMC_TDEA_128_ENCRYPT = CRYPT_S390_KMC | 2, | ||||
| 	KMC_TDEA_128_DECRYPT = CRYPT_S390_KMC | 2 | 0x80, | ||||
| 	KMC_TDEA_192_ENCRYPT = CRYPT_S390_KMC | 3, | ||||
| 	KMC_TDEA_192_DECRYPT = CRYPT_S390_KMC | 3 | 0x80, | ||||
| 	KMC_QUERY            = CRYPT_S390_KMC | 0x0, | ||||
| 	KMC_DEA_ENCRYPT      = CRYPT_S390_KMC | 0x1, | ||||
| 	KMC_DEA_DECRYPT      = CRYPT_S390_KMC | 0x1 | 0x80, | ||||
| 	KMC_TDEA_128_ENCRYPT = CRYPT_S390_KMC | 0x2, | ||||
| 	KMC_TDEA_128_DECRYPT = CRYPT_S390_KMC | 0x2 | 0x80, | ||||
| 	KMC_TDEA_192_ENCRYPT = CRYPT_S390_KMC | 0x3, | ||||
| 	KMC_TDEA_192_DECRYPT = CRYPT_S390_KMC | 0x3 | 0x80, | ||||
| 	KMC_AES_128_ENCRYPT  = CRYPT_S390_KMC | 0x12, | ||||
| 	KMC_AES_128_DECRYPT  = CRYPT_S390_KMC | 0x12 | 0x80, | ||||
| 	KMC_AES_192_ENCRYPT  = CRYPT_S390_KMC | 0x13, | ||||
| 	KMC_AES_192_DECRYPT  = CRYPT_S390_KMC | 0x13 | 0x80, | ||||
| 	KMC_AES_256_ENCRYPT  = CRYPT_S390_KMC | 0x14, | ||||
| 	KMC_AES_256_DECRYPT  = CRYPT_S390_KMC | 0x14 | 0x80, | ||||
| }; | ||||
| 
 | ||||
| /* function codes for KIMD (COMPUTE INTERMEDIATE MESSAGE DIGEST)
 | ||||
|  |  | |||
|  | @ -32,6 +32,12 @@ static void query_available_functions(void) | |||
| 		crypt_s390_func_available(KM_TDEA_128_ENCRYPT)); | ||||
| 	printk(KERN_INFO "KM_TDEA_192: %d\n", | ||||
| 		crypt_s390_func_available(KM_TDEA_192_ENCRYPT)); | ||||
| 	printk(KERN_INFO "KM_AES_128: %d\n", | ||||
| 		crypt_s390_func_available(KM_AES_128_ENCRYPT)); | ||||
| 	printk(KERN_INFO "KM_AES_192: %d\n", | ||||
| 		crypt_s390_func_available(KM_AES_192_ENCRYPT)); | ||||
| 	printk(KERN_INFO "KM_AES_256: %d\n", | ||||
| 		crypt_s390_func_available(KM_AES_256_ENCRYPT)); | ||||
| 
 | ||||
| 	/* query available KMC functions */ | ||||
| 	printk(KERN_INFO "KMC_QUERY: %d\n", | ||||
|  | @ -42,6 +48,12 @@ static void query_available_functions(void) | |||
| 		crypt_s390_func_available(KMC_TDEA_128_ENCRYPT)); | ||||
| 	printk(KERN_INFO "KMC_TDEA_192: %d\n", | ||||
| 		crypt_s390_func_available(KMC_TDEA_192_ENCRYPT)); | ||||
| 	printk(KERN_INFO "KMC_AES_128: %d\n", | ||||
| 		crypt_s390_func_available(KMC_AES_128_ENCRYPT)); | ||||
| 	printk(KERN_INFO "KMC_AES_192: %d\n", | ||||
| 		crypt_s390_func_available(KMC_AES_192_ENCRYPT)); | ||||
| 	printk(KERN_INFO "KMC_AES_256: %d\n", | ||||
| 		crypt_s390_func_available(KMC_AES_256_ENCRYPT)); | ||||
| 
 | ||||
| 	/* query available KIMD fucntions */ | ||||
| 	printk(KERN_INFO "KIMD_QUERY: %d\n", | ||||
|  |  | |||
|  | @ -644,6 +644,7 @@ CONFIG_CRYPTO=y | |||
| # CONFIG_CRYPTO_TWOFISH is not set | ||||
| # CONFIG_CRYPTO_SERPENT is not set | ||||
| # CONFIG_CRYPTO_AES is not set | ||||
| # CONFIG_CRYPTO_AES_S390 is not set | ||||
| # CONFIG_CRYPTO_CAST5 is not set | ||||
| # CONFIG_CRYPTO_CAST6 is not set | ||||
| # CONFIG_CRYPTO_TEA is not set | ||||
|  |  | |||
|  | @ -215,6 +215,26 @@ config CRYPTO_AES_X86_64 | |||
| 
 | ||||
| 	  See <http://csrc.nist.gov/encryption/aes/> for more information. | ||||
| 
 | ||||
| config CRYPTO_AES_S390 | ||||
| 	tristate "AES cipher algorithms (s390)" | ||||
| 	depends on CRYPTO && ARCH_S390 | ||||
| 	help | ||||
| 	  This is the s390 hardware accelerated implementation of the | ||||
| 	  AES cipher algorithms (FIPS-197). AES uses the Rijndael | ||||
| 	  algorithm. | ||||
| 
 | ||||
| 	  Rijndael appears to be consistently a very good performer in | ||||
| 	  both hardware and software across a wide range of computing | ||||
| 	  environments regardless of its use in feedback or non-feedback | ||||
| 	  modes. Its key setup time is excellent, and its key agility is | ||||
| 	  good. Rijndael's very low memory requirements make it very well | ||||
| 	  suited for restricted-space environments, in which it also | ||||
| 	  demonstrates excellent performance. Rijndael's operations are | ||||
| 	  among the easiest to defend against power and timing attacks. | ||||
| 
 | ||||
| 	  On s390 the System z9-109 currently only supports the key size | ||||
| 	  of 128 bit. | ||||
| 
 | ||||
| config CRYPTO_CAST5 | ||||
| 	tristate "CAST5 (CAST-128) cipher algorithm" | ||||
| 	depends on CRYPTO | ||||
|  |  | |||
		Loading…
	
	Add table
		
		Reference in a new issue
	
	 Jan Glauber
						Jan Glauber