]>
Commit | Line | Data |
---|---|---|
bf754ae8 JG |
1 | /* |
2 | * Cryptographic API. | |
3 | * | |
4 | * s390 implementation of the AES Cipher Algorithm. | |
5 | * | |
6 | * s390 Version: | |
a53c8fab | 7 | * Copyright IBM Corp. 2005, 2007 |
bf754ae8 | 8 | * Author(s): Jan Glauber (jang@de.ibm.com) |
b0c3e75d | 9 | * Sebastian Siewior (sebastian@breakpoint.cc> SW-Fallback |
bf754ae8 | 10 | * |
f8246af0 | 11 | * Derived from "crypto/aes_generic.c" |
bf754ae8 JG |
12 | * |
13 | * This program is free software; you can redistribute it and/or modify it | |
14 | * under the terms of the GNU General Public License as published by the Free | |
15 | * Software Foundation; either version 2 of the License, or (at your option) | |
16 | * any later version. | |
17 | * | |
18 | */ | |
19 | ||
39f09392 JG |
20 | #define KMSG_COMPONENT "aes_s390" |
21 | #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt | |
22 | ||
89e12654 | 23 | #include <crypto/aes.h> |
a9e62fad | 24 | #include <crypto/algapi.h> |
64e26807 | 25 | #include <crypto/internal/skcipher.h> |
b0c3e75d | 26 | #include <linux/err.h> |
bf754ae8 | 27 | #include <linux/module.h> |
d05377c1 | 28 | #include <linux/cpufeature.h> |
bf754ae8 | 29 | #include <linux/init.h> |
0519e9ad | 30 | #include <linux/spinlock.h> |
49abc0d2 | 31 | #include <crypto/xts.h> |
c7d4d259 | 32 | #include <asm/cpacf.h> |
bf754ae8 | 33 | |
86aa9fc2 JG |
34 | #define AES_KEYLEN_128 1 |
35 | #define AES_KEYLEN_192 2 | |
36 | #define AES_KEYLEN_256 4 | |
37 | ||
0200f3ec | 38 | static u8 *ctrblk; |
0519e9ad | 39 | static DEFINE_SPINLOCK(ctrblk_lock); |
0200f3ec | 40 | static char keylen_flag; |
bf754ae8 JG |
41 | |
42 | struct s390_aes_ctx { | |
bf754ae8 JG |
43 | u8 key[AES_MAX_KEY_SIZE]; |
44 | int key_len; | |
edc63a37 | 45 | unsigned long fc; |
b0c3e75d | 46 | union { |
64e26807 | 47 | struct crypto_skcipher *blk; |
b0c3e75d SS |
48 | struct crypto_cipher *cip; |
49 | } fallback; | |
bf754ae8 JG |
50 | }; |
51 | ||
99d97222 GS |
52 | struct pcc_param { |
53 | u8 key[32]; | |
54 | u8 tweak[16]; | |
55 | u8 block[16]; | |
56 | u8 bit[16]; | |
57 | u8 xts[16]; | |
58 | }; | |
59 | ||
60 | struct s390_xts_ctx { | |
61 | u8 key[32]; | |
9dda2769 | 62 | u8 pcc_key[32]; |
99d97222 | 63 | int key_len; |
edc63a37 | 64 | unsigned long fc; |
64e26807 | 65 | struct crypto_skcipher *fallback; |
99d97222 GS |
66 | }; |
67 | ||
b0c3e75d SS |
68 | /* |
69 | * Check if the key_len is supported by the HW. | |
70 | * Returns 0 if it is, a positive number if it is not and software fallback is | |
71 | * required or a negative number in case the key size is not valid | |
72 | */ | |
73 | static int need_fallback(unsigned int key_len) | |
bf754ae8 | 74 | { |
bf754ae8 JG |
75 | switch (key_len) { |
76 | case 16: | |
86aa9fc2 | 77 | if (!(keylen_flag & AES_KEYLEN_128)) |
b0c3e75d | 78 | return 1; |
bf754ae8 JG |
79 | break; |
80 | case 24: | |
86aa9fc2 | 81 | if (!(keylen_flag & AES_KEYLEN_192)) |
b0c3e75d | 82 | return 1; |
bf754ae8 JG |
83 | break; |
84 | case 32: | |
86aa9fc2 | 85 | if (!(keylen_flag & AES_KEYLEN_256)) |
b0c3e75d | 86 | return 1; |
bf754ae8 JG |
87 | break; |
88 | default: | |
b0c3e75d | 89 | return -1; |
bf754ae8 JG |
90 | break; |
91 | } | |
b0c3e75d SS |
92 | return 0; |
93 | } | |
94 | ||
95 | static int setkey_fallback_cip(struct crypto_tfm *tfm, const u8 *in_key, | |
96 | unsigned int key_len) | |
97 | { | |
98 | struct s390_aes_ctx *sctx = crypto_tfm_ctx(tfm); | |
99 | int ret; | |
100 | ||
d7ac7690 RK |
101 | sctx->fallback.cip->base.crt_flags &= ~CRYPTO_TFM_REQ_MASK; |
102 | sctx->fallback.cip->base.crt_flags |= (tfm->crt_flags & | |
b0c3e75d SS |
103 | CRYPTO_TFM_REQ_MASK); |
104 | ||
105 | ret = crypto_cipher_setkey(sctx->fallback.cip, in_key, key_len); | |
106 | if (ret) { | |
107 | tfm->crt_flags &= ~CRYPTO_TFM_RES_MASK; | |
d7ac7690 | 108 | tfm->crt_flags |= (sctx->fallback.cip->base.crt_flags & |
b0c3e75d SS |
109 | CRYPTO_TFM_RES_MASK); |
110 | } | |
111 | return ret; | |
112 | } | |
113 | ||
114 | static int aes_set_key(struct crypto_tfm *tfm, const u8 *in_key, | |
115 | unsigned int key_len) | |
116 | { | |
117 | struct s390_aes_ctx *sctx = crypto_tfm_ctx(tfm); | |
118 | u32 *flags = &tfm->crt_flags; | |
119 | int ret; | |
120 | ||
121 | ret = need_fallback(key_len); | |
122 | if (ret < 0) { | |
123 | *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN; | |
124 | return -EINVAL; | |
125 | } | |
bf754ae8 JG |
126 | |
127 | sctx->key_len = key_len; | |
b0c3e75d SS |
128 | if (!ret) { |
129 | memcpy(sctx->key, in_key, key_len); | |
130 | return 0; | |
131 | } | |
132 | ||
133 | return setkey_fallback_cip(tfm, in_key, key_len); | |
bf754ae8 JG |
134 | } |
135 | ||
6c2bb98b | 136 | static void aes_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) |
bf754ae8 | 137 | { |
e6a67ad0 | 138 | struct s390_aes_ctx *sctx = crypto_tfm_ctx(tfm); |
bf754ae8 | 139 | |
b0c3e75d SS |
140 | if (unlikely(need_fallback(sctx->key_len))) { |
141 | crypto_cipher_encrypt_one(sctx->fallback.cip, out, in); | |
142 | return; | |
143 | } | |
144 | ||
bf754ae8 JG |
145 | switch (sctx->key_len) { |
146 | case 16: | |
edc63a37 MS |
147 | cpacf_km(CPACF_KM_AES_128, |
148 | &sctx->key, out, in, AES_BLOCK_SIZE); | |
bf754ae8 JG |
149 | break; |
150 | case 24: | |
edc63a37 MS |
151 | cpacf_km(CPACF_KM_AES_192, |
152 | &sctx->key, out, in, AES_BLOCK_SIZE); | |
bf754ae8 JG |
153 | break; |
154 | case 32: | |
edc63a37 MS |
155 | cpacf_km(CPACF_KM_AES_256, |
156 | &sctx->key, out, in, AES_BLOCK_SIZE); | |
bf754ae8 JG |
157 | break; |
158 | } | |
159 | } | |
160 | ||
6c2bb98b | 161 | static void aes_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) |
bf754ae8 | 162 | { |
e6a67ad0 | 163 | struct s390_aes_ctx *sctx = crypto_tfm_ctx(tfm); |
bf754ae8 | 164 | |
b0c3e75d SS |
165 | if (unlikely(need_fallback(sctx->key_len))) { |
166 | crypto_cipher_decrypt_one(sctx->fallback.cip, out, in); | |
167 | return; | |
168 | } | |
169 | ||
bf754ae8 JG |
170 | switch (sctx->key_len) { |
171 | case 16: | |
edc63a37 MS |
172 | cpacf_km(CPACF_KM_AES_128 | CPACF_DECRYPT, |
173 | &sctx->key, out, in, AES_BLOCK_SIZE); | |
bf754ae8 JG |
174 | break; |
175 | case 24: | |
edc63a37 MS |
176 | cpacf_km(CPACF_KM_AES_192 | CPACF_DECRYPT, |
177 | &sctx->key, out, in, AES_BLOCK_SIZE); | |
bf754ae8 JG |
178 | break; |
179 | case 32: | |
edc63a37 MS |
180 | cpacf_km(CPACF_KM_AES_256 | CPACF_DECRYPT, |
181 | &sctx->key, out, in, AES_BLOCK_SIZE); | |
bf754ae8 JG |
182 | break; |
183 | } | |
184 | } | |
185 | ||
b0c3e75d SS |
186 | static int fallback_init_cip(struct crypto_tfm *tfm) |
187 | { | |
188 | const char *name = tfm->__crt_alg->cra_name; | |
189 | struct s390_aes_ctx *sctx = crypto_tfm_ctx(tfm); | |
190 | ||
191 | sctx->fallback.cip = crypto_alloc_cipher(name, 0, | |
192 | CRYPTO_ALG_ASYNC | CRYPTO_ALG_NEED_FALLBACK); | |
193 | ||
194 | if (IS_ERR(sctx->fallback.cip)) { | |
39f09392 JG |
195 | pr_err("Allocating AES fallback algorithm %s failed\n", |
196 | name); | |
b59cdcb3 | 197 | return PTR_ERR(sctx->fallback.cip); |
b0c3e75d SS |
198 | } |
199 | ||
200 | return 0; | |
201 | } | |
202 | ||
203 | static void fallback_exit_cip(struct crypto_tfm *tfm) | |
204 | { | |
205 | struct s390_aes_ctx *sctx = crypto_tfm_ctx(tfm); | |
206 | ||
207 | crypto_free_cipher(sctx->fallback.cip); | |
208 | sctx->fallback.cip = NULL; | |
209 | } | |
bf754ae8 JG |
210 | |
211 | static struct crypto_alg aes_alg = { | |
212 | .cra_name = "aes", | |
65b75c36 | 213 | .cra_driver_name = "aes-s390", |
c7d4d259 | 214 | .cra_priority = 300, |
f67d1369 JG |
215 | .cra_flags = CRYPTO_ALG_TYPE_CIPHER | |
216 | CRYPTO_ALG_NEED_FALLBACK, | |
bf754ae8 JG |
217 | .cra_blocksize = AES_BLOCK_SIZE, |
218 | .cra_ctxsize = sizeof(struct s390_aes_ctx), | |
219 | .cra_module = THIS_MODULE, | |
b0c3e75d SS |
220 | .cra_init = fallback_init_cip, |
221 | .cra_exit = fallback_exit_cip, | |
bf754ae8 JG |
222 | .cra_u = { |
223 | .cipher = { | |
224 | .cia_min_keysize = AES_MIN_KEY_SIZE, | |
225 | .cia_max_keysize = AES_MAX_KEY_SIZE, | |
226 | .cia_setkey = aes_set_key, | |
227 | .cia_encrypt = aes_encrypt, | |
228 | .cia_decrypt = aes_decrypt, | |
bf754ae8 JG |
229 | } |
230 | } | |
231 | }; | |
232 | ||
b0c3e75d SS |
233 | static int setkey_fallback_blk(struct crypto_tfm *tfm, const u8 *key, |
234 | unsigned int len) | |
235 | { | |
236 | struct s390_aes_ctx *sctx = crypto_tfm_ctx(tfm); | |
237 | unsigned int ret; | |
238 | ||
64e26807 HX |
239 | crypto_skcipher_clear_flags(sctx->fallback.blk, CRYPTO_TFM_REQ_MASK); |
240 | crypto_skcipher_set_flags(sctx->fallback.blk, tfm->crt_flags & | |
241 | CRYPTO_TFM_REQ_MASK); | |
242 | ||
243 | ret = crypto_skcipher_setkey(sctx->fallback.blk, key, len); | |
244 | ||
245 | tfm->crt_flags &= ~CRYPTO_TFM_RES_MASK; | |
246 | tfm->crt_flags |= crypto_skcipher_get_flags(sctx->fallback.blk) & | |
247 | CRYPTO_TFM_RES_MASK; | |
b0c3e75d | 248 | |
b0c3e75d SS |
249 | return ret; |
250 | } | |
251 | ||
252 | static int fallback_blk_dec(struct blkcipher_desc *desc, | |
253 | struct scatterlist *dst, struct scatterlist *src, | |
254 | unsigned int nbytes) | |
255 | { | |
256 | unsigned int ret; | |
64e26807 HX |
257 | struct crypto_blkcipher *tfm = desc->tfm; |
258 | struct s390_aes_ctx *sctx = crypto_blkcipher_ctx(tfm); | |
259 | SKCIPHER_REQUEST_ON_STACK(req, sctx->fallback.blk); | |
b0c3e75d | 260 | |
64e26807 HX |
261 | skcipher_request_set_tfm(req, sctx->fallback.blk); |
262 | skcipher_request_set_callback(req, desc->flags, NULL, NULL); | |
263 | skcipher_request_set_crypt(req, src, dst, nbytes, desc->info); | |
b0c3e75d | 264 | |
64e26807 | 265 | ret = crypto_skcipher_decrypt(req); |
b0c3e75d | 266 | |
64e26807 | 267 | skcipher_request_zero(req); |
b0c3e75d SS |
268 | return ret; |
269 | } | |
270 | ||
271 | static int fallback_blk_enc(struct blkcipher_desc *desc, | |
272 | struct scatterlist *dst, struct scatterlist *src, | |
273 | unsigned int nbytes) | |
274 | { | |
275 | unsigned int ret; | |
64e26807 HX |
276 | struct crypto_blkcipher *tfm = desc->tfm; |
277 | struct s390_aes_ctx *sctx = crypto_blkcipher_ctx(tfm); | |
278 | SKCIPHER_REQUEST_ON_STACK(req, sctx->fallback.blk); | |
b0c3e75d | 279 | |
64e26807 HX |
280 | skcipher_request_set_tfm(req, sctx->fallback.blk); |
281 | skcipher_request_set_callback(req, desc->flags, NULL, NULL); | |
282 | skcipher_request_set_crypt(req, src, dst, nbytes, desc->info); | |
b0c3e75d | 283 | |
64e26807 | 284 | ret = crypto_skcipher_encrypt(req); |
b0c3e75d SS |
285 | return ret; |
286 | } | |
287 | ||
a9e62fad HX |
288 | static int ecb_aes_set_key(struct crypto_tfm *tfm, const u8 *in_key, |
289 | unsigned int key_len) | |
290 | { | |
291 | struct s390_aes_ctx *sctx = crypto_tfm_ctx(tfm); | |
b0c3e75d SS |
292 | int ret; |
293 | ||
294 | ret = need_fallback(key_len); | |
295 | if (ret > 0) { | |
296 | sctx->key_len = key_len; | |
297 | return setkey_fallback_blk(tfm, in_key, key_len); | |
298 | } | |
a9e62fad HX |
299 | |
300 | switch (key_len) { | |
301 | case 16: | |
edc63a37 | 302 | sctx->fc = CPACF_KM_AES_128; |
a9e62fad HX |
303 | break; |
304 | case 24: | |
edc63a37 | 305 | sctx->fc = CPACF_KM_AES_192; |
a9e62fad HX |
306 | break; |
307 | case 32: | |
edc63a37 | 308 | sctx->fc = CPACF_KM_AES_256; |
a9e62fad HX |
309 | break; |
310 | } | |
311 | ||
312 | return aes_set_key(tfm, in_key, key_len); | |
313 | } | |
314 | ||
315 | static int ecb_aes_crypt(struct blkcipher_desc *desc, long func, void *param, | |
316 | struct blkcipher_walk *walk) | |
317 | { | |
318 | int ret = blkcipher_walk_virt(desc, walk); | |
319 | unsigned int nbytes; | |
320 | ||
321 | while ((nbytes = walk->nbytes)) { | |
322 | /* only use complete blocks */ | |
323 | unsigned int n = nbytes & ~(AES_BLOCK_SIZE - 1); | |
324 | u8 *out = walk->dst.virt.addr; | |
325 | u8 *in = walk->src.virt.addr; | |
326 | ||
0177db01 | 327 | cpacf_km(func, param, out, in, n); |
a9e62fad HX |
328 | |
329 | nbytes &= AES_BLOCK_SIZE - 1; | |
330 | ret = blkcipher_walk_done(desc, walk, nbytes); | |
331 | } | |
332 | ||
333 | return ret; | |
334 | } | |
335 | ||
336 | static int ecb_aes_encrypt(struct blkcipher_desc *desc, | |
337 | struct scatterlist *dst, struct scatterlist *src, | |
338 | unsigned int nbytes) | |
339 | { | |
340 | struct s390_aes_ctx *sctx = crypto_blkcipher_ctx(desc->tfm); | |
341 | struct blkcipher_walk walk; | |
342 | ||
b0c3e75d SS |
343 | if (unlikely(need_fallback(sctx->key_len))) |
344 | return fallback_blk_enc(desc, dst, src, nbytes); | |
345 | ||
a9e62fad | 346 | blkcipher_walk_init(&walk, dst, src, nbytes); |
edc63a37 | 347 | return ecb_aes_crypt(desc, sctx->fc, sctx->key, &walk); |
a9e62fad HX |
348 | } |
349 | ||
350 | static int ecb_aes_decrypt(struct blkcipher_desc *desc, | |
351 | struct scatterlist *dst, struct scatterlist *src, | |
352 | unsigned int nbytes) | |
353 | { | |
354 | struct s390_aes_ctx *sctx = crypto_blkcipher_ctx(desc->tfm); | |
355 | struct blkcipher_walk walk; | |
356 | ||
b0c3e75d SS |
357 | if (unlikely(need_fallback(sctx->key_len))) |
358 | return fallback_blk_dec(desc, dst, src, nbytes); | |
359 | ||
a9e62fad | 360 | blkcipher_walk_init(&walk, dst, src, nbytes); |
edc63a37 | 361 | return ecb_aes_crypt(desc, sctx->fc | CPACF_DECRYPT, sctx->key, &walk); |
a9e62fad HX |
362 | } |
363 | ||
b0c3e75d SS |
364 | static int fallback_init_blk(struct crypto_tfm *tfm) |
365 | { | |
366 | const char *name = tfm->__crt_alg->cra_name; | |
367 | struct s390_aes_ctx *sctx = crypto_tfm_ctx(tfm); | |
368 | ||
64e26807 HX |
369 | sctx->fallback.blk = crypto_alloc_skcipher(name, 0, |
370 | CRYPTO_ALG_ASYNC | | |
371 | CRYPTO_ALG_NEED_FALLBACK); | |
b0c3e75d SS |
372 | |
373 | if (IS_ERR(sctx->fallback.blk)) { | |
39f09392 JG |
374 | pr_err("Allocating AES fallback algorithm %s failed\n", |
375 | name); | |
b0c3e75d SS |
376 | return PTR_ERR(sctx->fallback.blk); |
377 | } | |
378 | ||
379 | return 0; | |
380 | } | |
381 | ||
382 | static void fallback_exit_blk(struct crypto_tfm *tfm) | |
383 | { | |
384 | struct s390_aes_ctx *sctx = crypto_tfm_ctx(tfm); | |
385 | ||
64e26807 | 386 | crypto_free_skcipher(sctx->fallback.blk); |
b0c3e75d SS |
387 | } |
388 | ||
a9e62fad HX |
389 | static struct crypto_alg ecb_aes_alg = { |
390 | .cra_name = "ecb(aes)", | |
391 | .cra_driver_name = "ecb-aes-s390", | |
c7d4d259 | 392 | .cra_priority = 400, /* combo: aes + ecb */ |
f67d1369 JG |
393 | .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER | |
394 | CRYPTO_ALG_NEED_FALLBACK, | |
a9e62fad HX |
395 | .cra_blocksize = AES_BLOCK_SIZE, |
396 | .cra_ctxsize = sizeof(struct s390_aes_ctx), | |
397 | .cra_type = &crypto_blkcipher_type, | |
398 | .cra_module = THIS_MODULE, | |
b0c3e75d SS |
399 | .cra_init = fallback_init_blk, |
400 | .cra_exit = fallback_exit_blk, | |
a9e62fad HX |
401 | .cra_u = { |
402 | .blkcipher = { | |
403 | .min_keysize = AES_MIN_KEY_SIZE, | |
404 | .max_keysize = AES_MAX_KEY_SIZE, | |
405 | .setkey = ecb_aes_set_key, | |
406 | .encrypt = ecb_aes_encrypt, | |
407 | .decrypt = ecb_aes_decrypt, | |
408 | } | |
409 | } | |
410 | }; | |
411 | ||
412 | static int cbc_aes_set_key(struct crypto_tfm *tfm, const u8 *in_key, | |
413 | unsigned int key_len) | |
414 | { | |
415 | struct s390_aes_ctx *sctx = crypto_tfm_ctx(tfm); | |
b0c3e75d SS |
416 | int ret; |
417 | ||
418 | ret = need_fallback(key_len); | |
419 | if (ret > 0) { | |
420 | sctx->key_len = key_len; | |
421 | return setkey_fallback_blk(tfm, in_key, key_len); | |
422 | } | |
a9e62fad HX |
423 | |
424 | switch (key_len) { | |
425 | case 16: | |
edc63a37 | 426 | sctx->fc = CPACF_KMC_AES_128; |
a9e62fad HX |
427 | break; |
428 | case 24: | |
edc63a37 | 429 | sctx->fc = CPACF_KMC_AES_192; |
a9e62fad HX |
430 | break; |
431 | case 32: | |
edc63a37 | 432 | sctx->fc = CPACF_KMC_AES_256; |
a9e62fad HX |
433 | break; |
434 | } | |
435 | ||
436 | return aes_set_key(tfm, in_key, key_len); | |
437 | } | |
438 | ||
f262f0f5 | 439 | static int cbc_aes_crypt(struct blkcipher_desc *desc, long func, |
a9e62fad HX |
440 | struct blkcipher_walk *walk) |
441 | { | |
f262f0f5 | 442 | struct s390_aes_ctx *sctx = crypto_blkcipher_ctx(desc->tfm); |
a9e62fad HX |
443 | int ret = blkcipher_walk_virt(desc, walk); |
444 | unsigned int nbytes = walk->nbytes; | |
f262f0f5 HX |
445 | struct { |
446 | u8 iv[AES_BLOCK_SIZE]; | |
447 | u8 key[AES_MAX_KEY_SIZE]; | |
448 | } param; | |
a9e62fad HX |
449 | |
450 | if (!nbytes) | |
451 | goto out; | |
452 | ||
f262f0f5 HX |
453 | memcpy(param.iv, walk->iv, AES_BLOCK_SIZE); |
454 | memcpy(param.key, sctx->key, sctx->key_len); | |
a9e62fad HX |
455 | do { |
456 | /* only use complete blocks */ | |
457 | unsigned int n = nbytes & ~(AES_BLOCK_SIZE - 1); | |
458 | u8 *out = walk->dst.virt.addr; | |
459 | u8 *in = walk->src.virt.addr; | |
460 | ||
0177db01 | 461 | cpacf_kmc(func, ¶m, out, in, n); |
a9e62fad HX |
462 | |
463 | nbytes &= AES_BLOCK_SIZE - 1; | |
464 | ret = blkcipher_walk_done(desc, walk, nbytes); | |
465 | } while ((nbytes = walk->nbytes)); | |
f262f0f5 | 466 | memcpy(walk->iv, param.iv, AES_BLOCK_SIZE); |
a9e62fad HX |
467 | |
468 | out: | |
469 | return ret; | |
470 | } | |
471 | ||
472 | static int cbc_aes_encrypt(struct blkcipher_desc *desc, | |
473 | struct scatterlist *dst, struct scatterlist *src, | |
474 | unsigned int nbytes) | |
475 | { | |
476 | struct s390_aes_ctx *sctx = crypto_blkcipher_ctx(desc->tfm); | |
477 | struct blkcipher_walk walk; | |
478 | ||
b0c3e75d SS |
479 | if (unlikely(need_fallback(sctx->key_len))) |
480 | return fallback_blk_enc(desc, dst, src, nbytes); | |
481 | ||
a9e62fad | 482 | blkcipher_walk_init(&walk, dst, src, nbytes); |
edc63a37 | 483 | return cbc_aes_crypt(desc, sctx->fc, &walk); |
a9e62fad HX |
484 | } |
485 | ||
486 | static int cbc_aes_decrypt(struct blkcipher_desc *desc, | |
487 | struct scatterlist *dst, struct scatterlist *src, | |
488 | unsigned int nbytes) | |
489 | { | |
490 | struct s390_aes_ctx *sctx = crypto_blkcipher_ctx(desc->tfm); | |
491 | struct blkcipher_walk walk; | |
492 | ||
b0c3e75d SS |
493 | if (unlikely(need_fallback(sctx->key_len))) |
494 | return fallback_blk_dec(desc, dst, src, nbytes); | |
495 | ||
a9e62fad | 496 | blkcipher_walk_init(&walk, dst, src, nbytes); |
edc63a37 | 497 | return cbc_aes_crypt(desc, sctx->fc | CPACF_DECRYPT, &walk); |
a9e62fad HX |
498 | } |
499 | ||
500 | static struct crypto_alg cbc_aes_alg = { | |
501 | .cra_name = "cbc(aes)", | |
502 | .cra_driver_name = "cbc-aes-s390", | |
c7d4d259 | 503 | .cra_priority = 400, /* combo: aes + cbc */ |
f67d1369 JG |
504 | .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER | |
505 | CRYPTO_ALG_NEED_FALLBACK, | |
a9e62fad HX |
506 | .cra_blocksize = AES_BLOCK_SIZE, |
507 | .cra_ctxsize = sizeof(struct s390_aes_ctx), | |
508 | .cra_type = &crypto_blkcipher_type, | |
509 | .cra_module = THIS_MODULE, | |
b0c3e75d SS |
510 | .cra_init = fallback_init_blk, |
511 | .cra_exit = fallback_exit_blk, | |
a9e62fad HX |
512 | .cra_u = { |
513 | .blkcipher = { | |
514 | .min_keysize = AES_MIN_KEY_SIZE, | |
515 | .max_keysize = AES_MAX_KEY_SIZE, | |
516 | .ivsize = AES_BLOCK_SIZE, | |
517 | .setkey = cbc_aes_set_key, | |
518 | .encrypt = cbc_aes_encrypt, | |
519 | .decrypt = cbc_aes_decrypt, | |
520 | } | |
521 | } | |
522 | }; | |
523 | ||
99d97222 GS |
524 | static int xts_fallback_setkey(struct crypto_tfm *tfm, const u8 *key, |
525 | unsigned int len) | |
526 | { | |
527 | struct s390_xts_ctx *xts_ctx = crypto_tfm_ctx(tfm); | |
528 | unsigned int ret; | |
529 | ||
64e26807 HX |
530 | crypto_skcipher_clear_flags(xts_ctx->fallback, CRYPTO_TFM_REQ_MASK); |
531 | crypto_skcipher_set_flags(xts_ctx->fallback, tfm->crt_flags & | |
532 | CRYPTO_TFM_REQ_MASK); | |
533 | ||
534 | ret = crypto_skcipher_setkey(xts_ctx->fallback, key, len); | |
535 | ||
536 | tfm->crt_flags &= ~CRYPTO_TFM_RES_MASK; | |
537 | tfm->crt_flags |= crypto_skcipher_get_flags(xts_ctx->fallback) & | |
538 | CRYPTO_TFM_RES_MASK; | |
99d97222 | 539 | |
99d97222 GS |
540 | return ret; |
541 | } | |
542 | ||
543 | static int xts_fallback_decrypt(struct blkcipher_desc *desc, | |
544 | struct scatterlist *dst, struct scatterlist *src, | |
545 | unsigned int nbytes) | |
546 | { | |
64e26807 HX |
547 | struct crypto_blkcipher *tfm = desc->tfm; |
548 | struct s390_xts_ctx *xts_ctx = crypto_blkcipher_ctx(tfm); | |
549 | SKCIPHER_REQUEST_ON_STACK(req, xts_ctx->fallback); | |
99d97222 GS |
550 | unsigned int ret; |
551 | ||
64e26807 HX |
552 | skcipher_request_set_tfm(req, xts_ctx->fallback); |
553 | skcipher_request_set_callback(req, desc->flags, NULL, NULL); | |
554 | skcipher_request_set_crypt(req, src, dst, nbytes, desc->info); | |
99d97222 | 555 | |
64e26807 | 556 | ret = crypto_skcipher_decrypt(req); |
99d97222 | 557 | |
64e26807 | 558 | skcipher_request_zero(req); |
99d97222 GS |
559 | return ret; |
560 | } | |
561 | ||
562 | static int xts_fallback_encrypt(struct blkcipher_desc *desc, | |
563 | struct scatterlist *dst, struct scatterlist *src, | |
564 | unsigned int nbytes) | |
565 | { | |
64e26807 HX |
566 | struct crypto_blkcipher *tfm = desc->tfm; |
567 | struct s390_xts_ctx *xts_ctx = crypto_blkcipher_ctx(tfm); | |
568 | SKCIPHER_REQUEST_ON_STACK(req, xts_ctx->fallback); | |
99d97222 GS |
569 | unsigned int ret; |
570 | ||
64e26807 HX |
571 | skcipher_request_set_tfm(req, xts_ctx->fallback); |
572 | skcipher_request_set_callback(req, desc->flags, NULL, NULL); | |
573 | skcipher_request_set_crypt(req, src, dst, nbytes, desc->info); | |
99d97222 | 574 | |
64e26807 | 575 | ret = crypto_skcipher_encrypt(req); |
99d97222 | 576 | |
64e26807 | 577 | skcipher_request_zero(req); |
99d97222 GS |
578 | return ret; |
579 | } | |
580 | ||
581 | static int xts_aes_set_key(struct crypto_tfm *tfm, const u8 *in_key, | |
582 | unsigned int key_len) | |
583 | { | |
584 | struct s390_xts_ctx *xts_ctx = crypto_tfm_ctx(tfm); | |
585 | u32 *flags = &tfm->crt_flags; | |
28856a9e SM |
586 | int err; |
587 | ||
588 | err = xts_check_key(tfm, in_key, key_len); | |
589 | if (err) | |
590 | return err; | |
99d97222 GS |
591 | |
592 | switch (key_len) { | |
593 | case 32: | |
edc63a37 | 594 | xts_ctx->fc = CPACF_KM_XTS_128; |
99d97222 | 595 | memcpy(xts_ctx->key + 16, in_key, 16); |
9dda2769 | 596 | memcpy(xts_ctx->pcc_key + 16, in_key + 16, 16); |
99d97222 GS |
597 | break; |
598 | case 48: | |
edc63a37 | 599 | xts_ctx->fc = 0; |
99d97222 GS |
600 | xts_fallback_setkey(tfm, in_key, key_len); |
601 | break; | |
602 | case 64: | |
edc63a37 | 603 | xts_ctx->fc = CPACF_KM_XTS_256; |
99d97222 | 604 | memcpy(xts_ctx->key, in_key, 32); |
9dda2769 | 605 | memcpy(xts_ctx->pcc_key, in_key + 32, 32); |
99d97222 GS |
606 | break; |
607 | default: | |
608 | *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN; | |
609 | return -EINVAL; | |
610 | } | |
611 | xts_ctx->key_len = key_len; | |
612 | return 0; | |
613 | } | |
614 | ||
615 | static int xts_aes_crypt(struct blkcipher_desc *desc, long func, | |
616 | struct s390_xts_ctx *xts_ctx, | |
617 | struct blkcipher_walk *walk) | |
618 | { | |
619 | unsigned int offset = (xts_ctx->key_len >> 1) & 0x10; | |
620 | int ret = blkcipher_walk_virt(desc, walk); | |
621 | unsigned int nbytes = walk->nbytes; | |
622 | unsigned int n; | |
623 | u8 *in, *out; | |
9dda2769 GS |
624 | struct pcc_param pcc_param; |
625 | struct { | |
626 | u8 key[32]; | |
627 | u8 init[16]; | |
628 | } xts_param; | |
99d97222 GS |
629 | |
630 | if (!nbytes) | |
631 | goto out; | |
632 | ||
9dda2769 GS |
633 | memset(pcc_param.block, 0, sizeof(pcc_param.block)); |
634 | memset(pcc_param.bit, 0, sizeof(pcc_param.bit)); | |
635 | memset(pcc_param.xts, 0, sizeof(pcc_param.xts)); | |
636 | memcpy(pcc_param.tweak, walk->iv, sizeof(pcc_param.tweak)); | |
637 | memcpy(pcc_param.key, xts_ctx->pcc_key, 32); | |
c7d4d259 | 638 | /* remove decipher modifier bit from 'func' and call PCC */ |
0177db01 | 639 | cpacf_pcc(func & 0x7f, &pcc_param.key[offset]); |
99d97222 | 640 | |
9dda2769 GS |
641 | memcpy(xts_param.key, xts_ctx->key, 32); |
642 | memcpy(xts_param.init, pcc_param.xts, 16); | |
99d97222 GS |
643 | do { |
644 | /* only use complete blocks */ | |
645 | n = nbytes & ~(AES_BLOCK_SIZE - 1); | |
646 | out = walk->dst.virt.addr; | |
647 | in = walk->src.virt.addr; | |
648 | ||
0177db01 | 649 | cpacf_km(func, &xts_param.key[offset], out, in, n); |
99d97222 GS |
650 | |
651 | nbytes &= AES_BLOCK_SIZE - 1; | |
652 | ret = blkcipher_walk_done(desc, walk, nbytes); | |
653 | } while ((nbytes = walk->nbytes)); | |
654 | out: | |
655 | return ret; | |
656 | } | |
657 | ||
658 | static int xts_aes_encrypt(struct blkcipher_desc *desc, | |
659 | struct scatterlist *dst, struct scatterlist *src, | |
660 | unsigned int nbytes) | |
661 | { | |
662 | struct s390_xts_ctx *xts_ctx = crypto_blkcipher_ctx(desc->tfm); | |
663 | struct blkcipher_walk walk; | |
664 | ||
665 | if (unlikely(xts_ctx->key_len == 48)) | |
666 | return xts_fallback_encrypt(desc, dst, src, nbytes); | |
667 | ||
668 | blkcipher_walk_init(&walk, dst, src, nbytes); | |
edc63a37 | 669 | return xts_aes_crypt(desc, xts_ctx->fc, xts_ctx, &walk); |
99d97222 GS |
670 | } |
671 | ||
672 | static int xts_aes_decrypt(struct blkcipher_desc *desc, | |
673 | struct scatterlist *dst, struct scatterlist *src, | |
674 | unsigned int nbytes) | |
675 | { | |
676 | struct s390_xts_ctx *xts_ctx = crypto_blkcipher_ctx(desc->tfm); | |
677 | struct blkcipher_walk walk; | |
678 | ||
679 | if (unlikely(xts_ctx->key_len == 48)) | |
680 | return xts_fallback_decrypt(desc, dst, src, nbytes); | |
681 | ||
682 | blkcipher_walk_init(&walk, dst, src, nbytes); | |
edc63a37 | 683 | return xts_aes_crypt(desc, xts_ctx->fc | CPACF_DECRYPT, xts_ctx, &walk); |
99d97222 GS |
684 | } |
685 | ||
686 | static int xts_fallback_init(struct crypto_tfm *tfm) | |
687 | { | |
688 | const char *name = tfm->__crt_alg->cra_name; | |
689 | struct s390_xts_ctx *xts_ctx = crypto_tfm_ctx(tfm); | |
690 | ||
64e26807 HX |
691 | xts_ctx->fallback = crypto_alloc_skcipher(name, 0, |
692 | CRYPTO_ALG_ASYNC | | |
693 | CRYPTO_ALG_NEED_FALLBACK); | |
99d97222 GS |
694 | |
695 | if (IS_ERR(xts_ctx->fallback)) { | |
696 | pr_err("Allocating XTS fallback algorithm %s failed\n", | |
697 | name); | |
698 | return PTR_ERR(xts_ctx->fallback); | |
699 | } | |
700 | return 0; | |
701 | } | |
702 | ||
703 | static void xts_fallback_exit(struct crypto_tfm *tfm) | |
704 | { | |
705 | struct s390_xts_ctx *xts_ctx = crypto_tfm_ctx(tfm); | |
706 | ||
64e26807 | 707 | crypto_free_skcipher(xts_ctx->fallback); |
99d97222 GS |
708 | } |
709 | ||
710 | static struct crypto_alg xts_aes_alg = { | |
711 | .cra_name = "xts(aes)", | |
712 | .cra_driver_name = "xts-aes-s390", | |
c7d4d259 | 713 | .cra_priority = 400, /* combo: aes + xts */ |
99d97222 GS |
714 | .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER | |
715 | CRYPTO_ALG_NEED_FALLBACK, | |
716 | .cra_blocksize = AES_BLOCK_SIZE, | |
717 | .cra_ctxsize = sizeof(struct s390_xts_ctx), | |
718 | .cra_type = &crypto_blkcipher_type, | |
719 | .cra_module = THIS_MODULE, | |
99d97222 GS |
720 | .cra_init = xts_fallback_init, |
721 | .cra_exit = xts_fallback_exit, | |
722 | .cra_u = { | |
723 | .blkcipher = { | |
724 | .min_keysize = 2 * AES_MIN_KEY_SIZE, | |
725 | .max_keysize = 2 * AES_MAX_KEY_SIZE, | |
726 | .ivsize = AES_BLOCK_SIZE, | |
727 | .setkey = xts_aes_set_key, | |
728 | .encrypt = xts_aes_encrypt, | |
729 | .decrypt = xts_aes_decrypt, | |
730 | } | |
731 | } | |
732 | }; | |
733 | ||
0200f3ec GS |
734 | static int ctr_aes_set_key(struct crypto_tfm *tfm, const u8 *in_key, |
735 | unsigned int key_len) | |
736 | { | |
737 | struct s390_aes_ctx *sctx = crypto_tfm_ctx(tfm); | |
738 | ||
739 | switch (key_len) { | |
740 | case 16: | |
edc63a37 | 741 | sctx->fc = CPACF_KMCTR_AES_128; |
0200f3ec GS |
742 | break; |
743 | case 24: | |
edc63a37 | 744 | sctx->fc = CPACF_KMCTR_AES_192; |
0200f3ec GS |
745 | break; |
746 | case 32: | |
edc63a37 | 747 | sctx->fc = CPACF_KMCTR_AES_256; |
0200f3ec GS |
748 | break; |
749 | } | |
750 | ||
751 | return aes_set_key(tfm, in_key, key_len); | |
752 | } | |
753 | ||
0519e9ad HF |
754 | static unsigned int __ctrblk_init(u8 *ctrptr, unsigned int nbytes) |
755 | { | |
756 | unsigned int i, n; | |
757 | ||
758 | /* only use complete blocks, max. PAGE_SIZE */ | |
759 | n = (nbytes > PAGE_SIZE) ? PAGE_SIZE : nbytes & ~(AES_BLOCK_SIZE - 1); | |
760 | for (i = AES_BLOCK_SIZE; i < n; i += AES_BLOCK_SIZE) { | |
761 | memcpy(ctrptr + i, ctrptr + i - AES_BLOCK_SIZE, | |
762 | AES_BLOCK_SIZE); | |
763 | crypto_inc(ctrptr + i, AES_BLOCK_SIZE); | |
764 | } | |
765 | return n; | |
766 | } | |
767 | ||
0200f3ec GS |
768 | static int ctr_aes_crypt(struct blkcipher_desc *desc, long func, |
769 | struct s390_aes_ctx *sctx, struct blkcipher_walk *walk) | |
770 | { | |
771 | int ret = blkcipher_walk_virt_block(desc, walk, AES_BLOCK_SIZE); | |
0519e9ad HF |
772 | unsigned int n, nbytes; |
773 | u8 buf[AES_BLOCK_SIZE], ctrbuf[AES_BLOCK_SIZE]; | |
774 | u8 *out, *in, *ctrptr = ctrbuf; | |
0200f3ec GS |
775 | |
776 | if (!walk->nbytes) | |
777 | return ret; | |
778 | ||
0519e9ad HF |
779 | if (spin_trylock(&ctrblk_lock)) |
780 | ctrptr = ctrblk; | |
781 | ||
782 | memcpy(ctrptr, walk->iv, AES_BLOCK_SIZE); | |
0200f3ec GS |
783 | while ((nbytes = walk->nbytes) >= AES_BLOCK_SIZE) { |
784 | out = walk->dst.virt.addr; | |
785 | in = walk->src.virt.addr; | |
786 | while (nbytes >= AES_BLOCK_SIZE) { | |
0519e9ad HF |
787 | if (ctrptr == ctrblk) |
788 | n = __ctrblk_init(ctrptr, nbytes); | |
789 | else | |
790 | n = AES_BLOCK_SIZE; | |
0177db01 | 791 | cpacf_kmctr(func, sctx->key, out, in, n, ctrptr); |
0200f3ec | 792 | if (n > AES_BLOCK_SIZE) |
0519e9ad | 793 | memcpy(ctrptr, ctrptr + n - AES_BLOCK_SIZE, |
0200f3ec | 794 | AES_BLOCK_SIZE); |
0519e9ad | 795 | crypto_inc(ctrptr, AES_BLOCK_SIZE); |
0200f3ec GS |
796 | out += n; |
797 | in += n; | |
798 | nbytes -= n; | |
799 | } | |
800 | ret = blkcipher_walk_done(desc, walk, nbytes); | |
801 | } | |
0519e9ad HF |
802 | if (ctrptr == ctrblk) { |
803 | if (nbytes) | |
804 | memcpy(ctrbuf, ctrptr, AES_BLOCK_SIZE); | |
805 | else | |
806 | memcpy(walk->iv, ctrptr, AES_BLOCK_SIZE); | |
807 | spin_unlock(&ctrblk_lock); | |
3901c112 HF |
808 | } else { |
809 | if (!nbytes) | |
810 | memcpy(walk->iv, ctrptr, AES_BLOCK_SIZE); | |
0519e9ad | 811 | } |
0200f3ec GS |
812 | /* |
813 | * final block may be < AES_BLOCK_SIZE, copy only nbytes | |
814 | */ | |
815 | if (nbytes) { | |
816 | out = walk->dst.virt.addr; | |
817 | in = walk->src.virt.addr; | |
0177db01 | 818 | cpacf_kmctr(func, sctx->key, buf, in, AES_BLOCK_SIZE, ctrbuf); |
0200f3ec | 819 | memcpy(out, buf, nbytes); |
0519e9ad | 820 | crypto_inc(ctrbuf, AES_BLOCK_SIZE); |
0200f3ec | 821 | ret = blkcipher_walk_done(desc, walk, 0); |
0519e9ad | 822 | memcpy(walk->iv, ctrbuf, AES_BLOCK_SIZE); |
0200f3ec | 823 | } |
0519e9ad | 824 | |
0200f3ec GS |
825 | return ret; |
826 | } | |
827 | ||
828 | static int ctr_aes_encrypt(struct blkcipher_desc *desc, | |
829 | struct scatterlist *dst, struct scatterlist *src, | |
830 | unsigned int nbytes) | |
831 | { | |
832 | struct s390_aes_ctx *sctx = crypto_blkcipher_ctx(desc->tfm); | |
833 | struct blkcipher_walk walk; | |
834 | ||
835 | blkcipher_walk_init(&walk, dst, src, nbytes); | |
edc63a37 | 836 | return ctr_aes_crypt(desc, sctx->fc, sctx, &walk); |
0200f3ec GS |
837 | } |
838 | ||
839 | static int ctr_aes_decrypt(struct blkcipher_desc *desc, | |
840 | struct scatterlist *dst, struct scatterlist *src, | |
841 | unsigned int nbytes) | |
842 | { | |
843 | struct s390_aes_ctx *sctx = crypto_blkcipher_ctx(desc->tfm); | |
844 | struct blkcipher_walk walk; | |
845 | ||
846 | blkcipher_walk_init(&walk, dst, src, nbytes); | |
edc63a37 | 847 | return ctr_aes_crypt(desc, sctx->fc | CPACF_DECRYPT, sctx, &walk); |
0200f3ec GS |
848 | } |
849 | ||
850 | static struct crypto_alg ctr_aes_alg = { | |
851 | .cra_name = "ctr(aes)", | |
852 | .cra_driver_name = "ctr-aes-s390", | |
c7d4d259 | 853 | .cra_priority = 400, /* combo: aes + ctr */ |
0200f3ec GS |
854 | .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, |
855 | .cra_blocksize = 1, | |
856 | .cra_ctxsize = sizeof(struct s390_aes_ctx), | |
857 | .cra_type = &crypto_blkcipher_type, | |
858 | .cra_module = THIS_MODULE, | |
0200f3ec GS |
859 | .cra_u = { |
860 | .blkcipher = { | |
861 | .min_keysize = AES_MIN_KEY_SIZE, | |
862 | .max_keysize = AES_MAX_KEY_SIZE, | |
863 | .ivsize = AES_BLOCK_SIZE, | |
864 | .setkey = ctr_aes_set_key, | |
865 | .encrypt = ctr_aes_encrypt, | |
866 | .decrypt = ctr_aes_decrypt, | |
867 | } | |
868 | } | |
869 | }; | |
870 | ||
d863d594 MS |
871 | static struct crypto_alg *aes_s390_algs_ptr[5]; |
872 | static int aes_s390_algs_num; | |
873 | ||
874 | static int aes_s390_register_alg(struct crypto_alg *alg) | |
875 | { | |
876 | int ret; | |
877 | ||
878 | ret = crypto_register_alg(alg); | |
879 | if (!ret) | |
880 | aes_s390_algs_ptr[aes_s390_algs_num++] = alg; | |
881 | return ret; | |
882 | } | |
883 | ||
884 | static void aes_s390_fini(void) | |
885 | { | |
886 | while (aes_s390_algs_num--) | |
887 | crypto_unregister_alg(aes_s390_algs_ptr[aes_s390_algs_num]); | |
888 | if (ctrblk) | |
889 | free_page((unsigned long) ctrblk); | |
890 | } | |
4f57ba71 | 891 | |
9f7819c1 | 892 | static int __init aes_s390_init(void) |
bf754ae8 JG |
893 | { |
894 | int ret; | |
895 | ||
edc63a37 | 896 | if (cpacf_query(CPACF_KM, CPACF_KM_AES_128)) |
86aa9fc2 | 897 | keylen_flag |= AES_KEYLEN_128; |
edc63a37 | 898 | if (cpacf_query(CPACF_KM, CPACF_KM_AES_192)) |
86aa9fc2 | 899 | keylen_flag |= AES_KEYLEN_192; |
edc63a37 | 900 | if (cpacf_query(CPACF_KM, CPACF_KM_AES_256)) |
86aa9fc2 JG |
901 | keylen_flag |= AES_KEYLEN_256; |
902 | ||
903 | if (!keylen_flag) | |
904 | return -EOPNOTSUPP; | |
bf754ae8 | 905 | |
86aa9fc2 | 906 | /* z9 109 and z9 BC/EC only support 128 bit key length */ |
b0c3e75d | 907 | if (keylen_flag == AES_KEYLEN_128) |
39f09392 JG |
908 | pr_info("AES hardware acceleration is only available for" |
909 | " 128-bit keys\n"); | |
bf754ae8 | 910 | |
d863d594 | 911 | ret = aes_s390_register_alg(&aes_alg); |
86aa9fc2 | 912 | if (ret) |
d863d594 | 913 | goto out_err; |
a9e62fad | 914 | |
d863d594 | 915 | ret = aes_s390_register_alg(&ecb_aes_alg); |
86aa9fc2 | 916 | if (ret) |
d863d594 | 917 | goto out_err; |
a9e62fad | 918 | |
d863d594 | 919 | ret = aes_s390_register_alg(&cbc_aes_alg); |
86aa9fc2 | 920 | if (ret) |
d863d594 | 921 | goto out_err; |
a9e62fad | 922 | |
edc63a37 MS |
923 | if (cpacf_query(CPACF_KM, CPACF_KM_XTS_128) && |
924 | cpacf_query(CPACF_KM, CPACF_KM_XTS_256)) { | |
d863d594 | 925 | ret = aes_s390_register_alg(&xts_aes_alg); |
99d97222 | 926 | if (ret) |
d863d594 | 927 | goto out_err; |
99d97222 GS |
928 | } |
929 | ||
edc63a37 MS |
930 | if (cpacf_query(CPACF_KMCTR, CPACF_KMCTR_AES_128) && |
931 | cpacf_query(CPACF_KMCTR, CPACF_KMCTR_AES_192) && | |
932 | cpacf_query(CPACF_KMCTR, CPACF_KMCTR_AES_256)) { | |
0200f3ec GS |
933 | ctrblk = (u8 *) __get_free_page(GFP_KERNEL); |
934 | if (!ctrblk) { | |
935 | ret = -ENOMEM; | |
d863d594 | 936 | goto out_err; |
0200f3ec | 937 | } |
d863d594 MS |
938 | ret = aes_s390_register_alg(&ctr_aes_alg); |
939 | if (ret) | |
940 | goto out_err; | |
0200f3ec GS |
941 | } |
942 | ||
d863d594 MS |
943 | return 0; |
944 | out_err: | |
945 | aes_s390_fini(); | |
bf754ae8 | 946 | return ret; |
bf754ae8 JG |
947 | } |
948 | ||
d05377c1 | 949 | module_cpu_feature_match(MSA, aes_s390_init); |
9f7819c1 | 950 | module_exit(aes_s390_fini); |
bf754ae8 | 951 | |
5d26a105 | 952 | MODULE_ALIAS_CRYPTO("aes-all"); |
bf754ae8 JG |
953 | |
954 | MODULE_DESCRIPTION("Rijndael (AES) Cipher Algorithm"); | |
955 | MODULE_LICENSE("GPL"); |