summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--arch/s390/crypto/Makefile1
-rw-r--r--arch/s390/crypto/aes_s390.c248
-rw-r--r--arch/s390/crypto/crypt_s390.h40
-rw-r--r--arch/s390/crypto/crypt_s390_query.c12
-rw-r--r--arch/s390/defconfig1
-rw-r--r--crypto/Kconfig20
6 files changed, 308 insertions, 14 deletions
diff --git a/arch/s390/crypto/Makefile b/arch/s390/crypto/Makefile
index 3fccf61ee1d1..bfe2541dc5cf 100644
--- a/arch/s390/crypto/Makefile
+++ b/arch/s390/crypto/Makefile
@@ -5,5 +5,6 @@
obj-$(CONFIG_CRYPTO_SHA1_S390) += sha1_s390.o
obj-$(CONFIG_CRYPTO_SHA256_S390) += sha256_s390.o
obj-$(CONFIG_CRYPTO_DES_S390) += des_s390.o des_check_key.o
+obj-$(CONFIG_CRYPTO_AES_S390) += aes_s390.o
obj-$(CONFIG_CRYPTO_TEST) += crypt_s390_query.o
diff --git a/arch/s390/crypto/aes_s390.c b/arch/s390/crypto/aes_s390.c
new file mode 100644
index 000000000000..7a1033d8e00f
--- /dev/null
+++ b/arch/s390/crypto/aes_s390.c
@@ -0,0 +1,248 @@
+/*
+ * Cryptographic API.
+ *
+ * s390 implementation of the AES Cipher Algorithm.
+ *
+ * s390 Version:
+ * Copyright (C) 2005 IBM Deutschland GmbH, IBM Corporation
+ * Author(s): Jan Glauber (jang@de.ibm.com)
+ *
+ * Derived from "crypto/aes.c"
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ *
+ */
+
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/crypto.h>
+#include "crypt_s390.h"
+
+#define AES_MIN_KEY_SIZE 16
+#define AES_MAX_KEY_SIZE 32
+
+/* data block size for all key lengths */
+#define AES_BLOCK_SIZE 16
+
+int has_aes_128 = 0;
+int has_aes_192 = 0;
+int has_aes_256 = 0;
+
+struct s390_aes_ctx {
+ u8 iv[AES_BLOCK_SIZE];
+ u8 key[AES_MAX_KEY_SIZE];
+ int key_len;
+};
+
+static int aes_set_key(void *ctx, const u8 *in_key, unsigned int key_len,
+ u32 *flags)
+{
+ struct s390_aes_ctx *sctx = ctx;
+
+ switch (key_len) {
+ case 16:
+ if (!has_aes_128)
+ goto fail;
+ break;
+ case 24:
+ if (!has_aes_192)
+ goto fail;
+
+ break;
+ case 32:
+ if (!has_aes_256)
+ goto fail;
+ break;
+ default:
+ /* invalid key length */
+ goto fail;
+ break;
+ }
+
+ sctx->key_len = key_len;
+ memcpy(sctx->key, in_key, key_len);
+ return 0;
+fail:
+ *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
+ return -EINVAL;
+}
+
+static void aes_encrypt(void *ctx, u8 *out, const u8 *in)
+{
+ const struct s390_aes_ctx *sctx = ctx;
+
+ switch (sctx->key_len) {
+ case 16:
+ crypt_s390_km(KM_AES_128_ENCRYPT, &sctx->key, out, in,
+ AES_BLOCK_SIZE);
+ break;
+ case 24:
+ crypt_s390_km(KM_AES_192_ENCRYPT, &sctx->key, out, in,
+ AES_BLOCK_SIZE);
+ break;
+ case 32:
+ crypt_s390_km(KM_AES_256_ENCRYPT, &sctx->key, out, in,
+ AES_BLOCK_SIZE);
+ break;
+ }
+}
+
+static void aes_decrypt(void *ctx, u8 *out, const u8 *in)
+{
+ const struct s390_aes_ctx *sctx = ctx;
+
+ switch (sctx->key_len) {
+ case 16:
+ crypt_s390_km(KM_AES_128_DECRYPT, &sctx->key, out, in,
+ AES_BLOCK_SIZE);
+ break;
+ case 24:
+ crypt_s390_km(KM_AES_192_DECRYPT, &sctx->key, out, in,
+ AES_BLOCK_SIZE);
+ break;
+ case 32:
+ crypt_s390_km(KM_AES_256_DECRYPT, &sctx->key, out, in,
+ AES_BLOCK_SIZE);
+ break;
+ }
+}
+
+static unsigned int aes_encrypt_ecb(const struct cipher_desc *desc, u8 *out,
+ const u8 *in, unsigned int nbytes)
+{
+ struct s390_aes_ctx *sctx = crypto_tfm_ctx(desc->tfm);
+
+ switch (sctx->key_len) {
+ case 16:
+ crypt_s390_km(KM_AES_128_ENCRYPT, &sctx->key, out, in, nbytes);
+ break;
+ case 24:
+ crypt_s390_km(KM_AES_192_ENCRYPT, &sctx->key, out, in, nbytes);
+ break;
+ case 32:
+ crypt_s390_km(KM_AES_256_ENCRYPT, &sctx->key, out, in, nbytes);
+ break;
+ }
+ return nbytes & ~(AES_BLOCK_SIZE - 1);
+}
+
+static unsigned int aes_decrypt_ecb(const struct cipher_desc *desc, u8 *out,
+ const u8 *in, unsigned int nbytes)
+{
+ struct s390_aes_ctx *sctx = crypto_tfm_ctx(desc->tfm);
+
+ switch (sctx->key_len) {
+ case 16:
+ crypt_s390_km(KM_AES_128_DECRYPT, &sctx->key, out, in, nbytes);
+ break;
+ case 24:
+ crypt_s390_km(KM_AES_192_DECRYPT, &sctx->key, out, in, nbytes);
+ break;
+ case 32:
+ crypt_s390_km(KM_AES_256_DECRYPT, &sctx->key, out, in, nbytes);
+ break;
+ }
+ return nbytes & ~(AES_BLOCK_SIZE - 1);
+}
+
+static unsigned int aes_encrypt_cbc(const struct cipher_desc *desc, u8 *out,
+ const u8 *in, unsigned int nbytes)
+{
+ struct s390_aes_ctx *sctx = crypto_tfm_ctx(desc->tfm);
+
+ memcpy(&sctx->iv, desc->info, AES_BLOCK_SIZE);
+ switch (sctx->key_len) {
+ case 16:
+ crypt_s390_kmc(KMC_AES_128_ENCRYPT, &sctx->iv, out, in, nbytes);
+ break;
+ case 24:
+ crypt_s390_kmc(KMC_AES_192_ENCRYPT, &sctx->iv, out, in, nbytes);
+ break;
+ case 32:
+ crypt_s390_kmc(KMC_AES_256_ENCRYPT, &sctx->iv, out, in, nbytes);
+ break;
+ }
+ memcpy(desc->info, &sctx->iv, AES_BLOCK_SIZE);
+
+ return nbytes & ~(AES_BLOCK_SIZE - 1);
+}
+
+static unsigned int aes_decrypt_cbc(const struct cipher_desc *desc, u8 *out,
+ const u8 *in, unsigned int nbytes)
+{
+ struct s390_aes_ctx *sctx = crypto_tfm_ctx(desc->tfm);
+
+ memcpy(&sctx->iv, desc->info, AES_BLOCK_SIZE);
+ switch (sctx->key_len) {
+ case 16:
+ crypt_s390_kmc(KMC_AES_128_DECRYPT, &sctx->iv, out, in, nbytes);
+ break;
+ case 24:
+ crypt_s390_kmc(KMC_AES_192_DECRYPT, &sctx->iv, out, in, nbytes);
+ break;
+ case 32:
+ crypt_s390_kmc(KMC_AES_256_DECRYPT, &sctx->iv, out, in, nbytes);
+ break;
+ }
+ return nbytes & ~(AES_BLOCK_SIZE - 1);
+}
+
+
+static struct crypto_alg aes_alg = {
+ .cra_name = "aes",
+ .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
+ .cra_blocksize = AES_BLOCK_SIZE,
+ .cra_ctxsize = sizeof(struct s390_aes_ctx),
+ .cra_module = THIS_MODULE,
+ .cra_list = LIST_HEAD_INIT(aes_alg.cra_list),
+ .cra_u = {
+ .cipher = {
+ .cia_min_keysize = AES_MIN_KEY_SIZE,
+ .cia_max_keysize = AES_MAX_KEY_SIZE,
+ .cia_setkey = aes_set_key,
+ .cia_encrypt = aes_encrypt,
+ .cia_decrypt = aes_decrypt,
+ .cia_encrypt_ecb = aes_encrypt_ecb,
+ .cia_decrypt_ecb = aes_decrypt_ecb,
+ .cia_encrypt_cbc = aes_encrypt_cbc,
+ .cia_decrypt_cbc = aes_decrypt_cbc,
+ }
+ }
+};
+
+static int __init aes_init(void)
+{
+ int ret;
+
+ if (crypt_s390_func_available(KM_AES_128_ENCRYPT))
+ has_aes_128 = 1;
+ if (crypt_s390_func_available(KM_AES_192_ENCRYPT))
+ has_aes_192 = 1;
+ if (crypt_s390_func_available(KM_AES_256_ENCRYPT))
+ has_aes_256 = 1;
+
+ if (!has_aes_128 && !has_aes_192 && !has_aes_256)
+ return -ENOSYS;
+
+ ret = crypto_register_alg(&aes_alg);
+ if (ret != 0)
+ printk(KERN_INFO "crypt_s390: aes_s390 couldn't be loaded.\n");
+ return ret;
+}
+
+static void __exit aes_fini(void)
+{
+ crypto_unregister_alg(&aes_alg);
+}
+
+module_init(aes_init);
+module_exit(aes_fini);
+
+MODULE_ALIAS("aes");
+
+MODULE_DESCRIPTION("Rijndael (AES) Cipher Algorithm");
+MODULE_LICENSE("GPL");
+
diff --git a/arch/s390/crypto/crypt_s390.h b/arch/s390/crypto/crypt_s390.h
index b70a410ac311..d6712cfa6def 100644
--- a/arch/s390/crypto/crypt_s390.h
+++ b/arch/s390/crypto/crypt_s390.h
@@ -33,26 +33,38 @@ enum crypt_s390_operations {
* 0x80 is the decipher modifier bit
*/
enum crypt_s390_km_func {
- KM_QUERY = CRYPT_S390_KM | 0,
- KM_DEA_ENCRYPT = CRYPT_S390_KM | 1,
- KM_DEA_DECRYPT = CRYPT_S390_KM | 1 | 0x80,
- KM_TDEA_128_ENCRYPT = CRYPT_S390_KM | 2,
- KM_TDEA_128_DECRYPT = CRYPT_S390_KM | 2 | 0x80,
- KM_TDEA_192_ENCRYPT = CRYPT_S390_KM | 3,
- KM_TDEA_192_DECRYPT = CRYPT_S390_KM | 3 | 0x80,
+ KM_QUERY = CRYPT_S390_KM | 0x0,
+ KM_DEA_ENCRYPT = CRYPT_S390_KM | 0x1,
+ KM_DEA_DECRYPT = CRYPT_S390_KM | 0x1 | 0x80,
+ KM_TDEA_128_ENCRYPT = CRYPT_S390_KM | 0x2,
+ KM_TDEA_128_DECRYPT = CRYPT_S390_KM | 0x2 | 0x80,
+ KM_TDEA_192_ENCRYPT = CRYPT_S390_KM | 0x3,
+ KM_TDEA_192_DECRYPT = CRYPT_S390_KM | 0x3 | 0x80,
+ KM_AES_128_ENCRYPT = CRYPT_S390_KM | 0x12,
+ KM_AES_128_DECRYPT = CRYPT_S390_KM | 0x12 | 0x80,
+ KM_AES_192_ENCRYPT = CRYPT_S390_KM | 0x13,
+ KM_AES_192_DECRYPT = CRYPT_S390_KM | 0x13 | 0x80,
+ KM_AES_256_ENCRYPT = CRYPT_S390_KM | 0x14,
+ KM_AES_256_DECRYPT = CRYPT_S390_KM | 0x14 | 0x80,
};
/* function codes for KMC (CIPHER MESSAGE WITH CHAINING)
* instruction
*/
enum crypt_s390_kmc_func {
- KMC_QUERY = CRYPT_S390_KMC | 0,
- KMC_DEA_ENCRYPT = CRYPT_S390_KMC | 1,
- KMC_DEA_DECRYPT = CRYPT_S390_KMC | 1 | 0x80,
- KMC_TDEA_128_ENCRYPT = CRYPT_S390_KMC | 2,
- KMC_TDEA_128_DECRYPT = CRYPT_S390_KMC | 2 | 0x80,
- KMC_TDEA_192_ENCRYPT = CRYPT_S390_KMC | 3,
- KMC_TDEA_192_DECRYPT = CRYPT_S390_KMC | 3 | 0x80,
+ KMC_QUERY = CRYPT_S390_KMC | 0x0,
+ KMC_DEA_ENCRYPT = CRYPT_S390_KMC | 0x1,
+ KMC_DEA_DECRYPT = CRYPT_S390_KMC | 0x1 | 0x80,
+ KMC_TDEA_128_ENCRYPT = CRYPT_S390_KMC | 0x2,
+ KMC_TDEA_128_DECRYPT = CRYPT_S390_KMC | 0x2 | 0x80,
+ KMC_TDEA_192_ENCRYPT = CRYPT_S390_KMC | 0x3,
+ KMC_TDEA_192_DECRYPT = CRYPT_S390_KMC | 0x3 | 0x80,
+ KMC_AES_128_ENCRYPT = CRYPT_S390_KMC | 0x12,
+ KMC_AES_128_DECRYPT = CRYPT_S390_KMC | 0x12 | 0x80,
+ KMC_AES_192_ENCRYPT = CRYPT_S390_KMC | 0x13,
+ KMC_AES_192_DECRYPT = CRYPT_S390_KMC | 0x13 | 0x80,
+ KMC_AES_256_ENCRYPT = CRYPT_S390_KMC | 0x14,
+ KMC_AES_256_DECRYPT = CRYPT_S390_KMC | 0x14 | 0x80,
};
/* function codes for KIMD (COMPUTE INTERMEDIATE MESSAGE DIGEST)
diff --git a/arch/s390/crypto/crypt_s390_query.c b/arch/s390/crypto/crypt_s390_query.c
index 67081b81a4a3..def02bdc44a4 100644
--- a/arch/s390/crypto/crypt_s390_query.c
+++ b/arch/s390/crypto/crypt_s390_query.c
@@ -32,6 +32,12 @@ static void query_available_functions(void)
crypt_s390_func_available(KM_TDEA_128_ENCRYPT));
printk(KERN_INFO "KM_TDEA_192: %d\n",
crypt_s390_func_available(KM_TDEA_192_ENCRYPT));
+ printk(KERN_INFO "KM_AES_128: %d\n",
+ crypt_s390_func_available(KM_AES_128_ENCRYPT));
+ printk(KERN_INFO "KM_AES_192: %d\n",
+ crypt_s390_func_available(KM_AES_192_ENCRYPT));
+ printk(KERN_INFO "KM_AES_256: %d\n",
+ crypt_s390_func_available(KM_AES_256_ENCRYPT));
/* query available KMC functions */
printk(KERN_INFO "KMC_QUERY: %d\n",
@@ -42,6 +48,12 @@ static void query_available_functions(void)
crypt_s390_func_available(KMC_TDEA_128_ENCRYPT));
printk(KERN_INFO "KMC_TDEA_192: %d\n",
crypt_s390_func_available(KMC_TDEA_192_ENCRYPT));
+ printk(KERN_INFO "KMC_AES_128: %d\n",
+ crypt_s390_func_available(KMC_AES_128_ENCRYPT));
+ printk(KERN_INFO "KMC_AES_192: %d\n",
+ crypt_s390_func_available(KMC_AES_192_ENCRYPT));
+ printk(KERN_INFO "KMC_AES_256: %d\n",
+ crypt_s390_func_available(KMC_AES_256_ENCRYPT));
/* query available KIMD fucntions */
printk(KERN_INFO "KIMD_QUERY: %d\n",
diff --git a/arch/s390/defconfig b/arch/s390/defconfig
index fd00a9f53d53..f195c7ea1d7b 100644
--- a/arch/s390/defconfig
+++ b/arch/s390/defconfig
@@ -644,6 +644,7 @@ CONFIG_CRYPTO=y
# CONFIG_CRYPTO_TWOFISH is not set
# CONFIG_CRYPTO_SERPENT is not set
# CONFIG_CRYPTO_AES is not set
+# CONFIG_CRYPTO_AES_S390 is not set
# CONFIG_CRYPTO_CAST5 is not set
# CONFIG_CRYPTO_CAST6 is not set
# CONFIG_CRYPTO_TEA is not set
diff --git a/crypto/Kconfig b/crypto/Kconfig
index 9fdab742b10f..c696f7ab729e 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -215,6 +215,26 @@ config CRYPTO_AES_X86_64
See <http://csrc.nist.gov/encryption/aes/> for more information.
+config CRYPTO_AES_S390
+ tristate "AES cipher algorithms (s390)"
+ depends on CRYPTO && ARCH_S390
+ help
+ This is the s390 hardware accelerated implementation of the
+ AES cipher algorithms (FIPS-197). AES uses the Rijndael
+ algorithm.
+
+ Rijndael appears to be consistently a very good performer in
+ both hardware and software across a wide range of computing
+ environments regardless of its use in feedback or non-feedback
+ modes. Its key setup time is excellent, and its key agility is
+ good. Rijndael's very low memory requirements make it very well
+ suited for restricted-space environments, in which it also
+ demonstrates excellent performance. Rijndael's operations are
+ among the easiest to defend against power and timing attacks.
+
+ On s390 the System z9-109 currently only supports the key size
+ of 128 bit.
+
config CRYPTO_CAST5
tristate "CAST5 (CAST-128) cipher algorithm"
depends on CRYPTO