1 // SPDX-License-Identifier: GPL-2.0
67  * make_clrkey_token() - wrap the raw key ck with pkey clearkey token
83 	token->type = 0x00;  in make_clrkey_token()
84 	token->version = 0x02;  in make_clrkey_token()
85 	token->keytype = (cklen - 8) >> 3;  in make_clrkey_token()
86 	token->len = cklen;  in make_clrkey_token()
87 	memcpy(token->key, ck, cklen);  in make_clrkey_token()
101 		memset(kb->keybuf, 0, sizeof(kb->keybuf));  in _key_to_kb()
102 		kb->keylen = make_clrkey_token(key, keylen, kb->keybuf);  in _key_to_kb()
103 		kb->key = kb->keybuf;  in _key_to_kb()
107 		if (keylen <= sizeof(kb->keybuf))  in _key_to_kb()
108 			kb->key = kb->keybuf;  in _key_to_kb()
110 			kb->key = kmalloc(keylen, GFP_KERNEL);  in _key_to_kb()
111 			if (!kb->key)  in _key_to_kb()
112 				return -ENOMEM;  in _key_to_kb()
114 		memcpy(kb->key, key, keylen);  in _key_to_kb()
115 		kb->keylen = keylen;  in _key_to_kb()
128 	memset(kb->keybuf, 0, sizeof(kb->keybuf));  in _xts_key_to_kb()
134 		kb->key = kb->keybuf;  in _xts_key_to_kb()
135 		kb->keylen  = make_clrkey_token(key, cklen, kb->key);  in _xts_key_to_kb()
136 		kb->keylen += make_clrkey_token(key + cklen, cklen,  in _xts_key_to_kb()
137 						kb->key + kb->keylen);  in _xts_key_to_kb()
141 		if (keylen <= sizeof(kb->keybuf)) {  in _xts_key_to_kb()
142 			kb->key = kb->keybuf;  in _xts_key_to_kb()
144 			kb->key = kmalloc(keylen, GFP_KERNEL);  in _xts_key_to_kb()
145 			if (!kb->key)  in _xts_key_to_kb()
146 				return -ENOMEM;  in _xts_key_to_kb()
148 		memcpy(kb->key, key, keylen);  in _xts_key_to_kb()
149 		kb->keylen = keylen;  in _xts_key_to_kb()
158 	if (kb->key && kb->key != kb->keybuf  in _free_kb_keybuf()
159 	    && kb->keylen > sizeof(kb->keybuf)) {  in _free_kb_keybuf()
160 		kfree_sensitive(kb->key);  in _free_kb_keybuf()
161 		kb->key = NULL;  in _free_kb_keybuf()
163 	memzero_explicit(kb->keybuf, sizeof(kb->keybuf));  in _free_kb_keybuf()
168 	struct paes_protkey pk;  member
175 	struct paes_protkey pk[2];  member
181 				      struct paes_protkey *pk)  in __paes_keyblob2pkey()  argument
183 	int i, rc = -EIO;  in __paes_keyblob2pkey()
187 		if (rc == -EBUSY && in_task()) {  in __paes_keyblob2pkey()
189 				return -EINTR;  in __paes_keyblob2pkey()
191 		rc = pkey_key2protkey(key, keylen, pk->protkey, &pk->len,  in __paes_keyblob2pkey()
192 				      &pk->type);  in __paes_keyblob2pkey()
200 	struct paes_protkey pk;  in __paes_convert_key()  local
203 	pk.len = sizeof(pk.protkey);  in __paes_convert_key()
204 	rc = __paes_keyblob2pkey(ctx->kb.key, ctx->kb.keylen, &pk);  in __paes_convert_key()
208 	spin_lock_bh(&ctx->pk_lock);  in __paes_convert_key()
209 	memcpy(&ctx->pk, &pk, sizeof(pk));  in __paes_convert_key()
210 	spin_unlock_bh(&ctx->pk_lock);  in __paes_convert_key()
219 	ctx->kb.key = NULL;  in ecb_paes_init()
220 	spin_lock_init(&ctx->pk_lock);  in ecb_paes_init()
229 	_free_kb_keybuf(&ctx->kb);  in ecb_paes_exit()
242 	fc = (ctx->pk.type == PKEY_KEYTYPE_AES_128) ? CPACF_KM_PAES_128 :  in __ecb_paes_set_key()
243 		(ctx->pk.type == PKEY_KEYTYPE_AES_192) ? CPACF_KM_PAES_192 :  in __ecb_paes_set_key()
244 		(ctx->pk.type == PKEY_KEYTYPE_AES_256) ? CPACF_KM_PAES_256 : 0;  in __ecb_paes_set_key()
247 	ctx->fc = (fc && cpacf_test_func(&km_functions, fc)) ? fc : 0;  in __ecb_paes_set_key()
249 	return ctx->fc ? 0 : -EINVAL;  in __ecb_paes_set_key()
258 	_free_kb_keybuf(&ctx->kb);  in ecb_paes_set_key()
259 	rc = _key_to_kb(&ctx->kb, in_key, key_len);  in ecb_paes_set_key()
281 	spin_lock_bh(&ctx->pk_lock);  in ecb_paes_crypt()
282 	memcpy(param.key, ctx->pk.protkey, PAES_256_PROTKEY_SIZE);  in ecb_paes_crypt()
283 	spin_unlock_bh(&ctx->pk_lock);  in ecb_paes_crypt()
287 		n = nbytes & ~(AES_BLOCK_SIZE - 1);  in ecb_paes_crypt()
288 		k = cpacf_km(ctx->fc | modifier, &param,  in ecb_paes_crypt()
291 			rc = skcipher_walk_done(&walk, nbytes - k);  in ecb_paes_crypt()
294 				return skcipher_walk_done(&walk, -EIO);  in ecb_paes_crypt()
295 			spin_lock_bh(&ctx->pk_lock);  in ecb_paes_crypt()
296 			memcpy(param.key, ctx->pk.protkey, PAES_256_PROTKEY_SIZE);  in ecb_paes_crypt()
297 			spin_unlock_bh(&ctx->pk_lock);  in ecb_paes_crypt()
315 	.base.cra_driver_name	=	"ecb-paes-s390",
334 	ctx->kb.key = NULL;  in cbc_paes_init()
335 	spin_lock_init(&ctx->pk_lock);  in cbc_paes_init()
344 	_free_kb_keybuf(&ctx->kb);  in cbc_paes_exit()
357 	fc = (ctx->pk.type == PKEY_KEYTYPE_AES_128) ? CPACF_KMC_PAES_128 :  in __cbc_paes_set_key()
358 		(ctx->pk.type == PKEY_KEYTYPE_AES_192) ? CPACF_KMC_PAES_192 :  in __cbc_paes_set_key()
359 		(ctx->pk.type == PKEY_KEYTYPE_AES_256) ? CPACF_KMC_PAES_256 : 0;  in __cbc_paes_set_key()
362 	ctx->fc = (fc && cpacf_test_func(&kmc_functions, fc)) ? fc : 0;  in __cbc_paes_set_key()
364 	return ctx->fc ? 0 : -EINVAL;  in __cbc_paes_set_key()
373 	_free_kb_keybuf(&ctx->kb);  in cbc_paes_set_key()
374 	rc = _key_to_kb(&ctx->kb, in_key, key_len);  in cbc_paes_set_key()
398 	spin_lock_bh(&ctx->pk_lock);  in cbc_paes_crypt()
399 	memcpy(param.key, ctx->pk.protkey, PAES_256_PROTKEY_SIZE);  in cbc_paes_crypt()
400 	spin_unlock_bh(&ctx->pk_lock);  in cbc_paes_crypt()
404 		n = nbytes & ~(AES_BLOCK_SIZE - 1);  in cbc_paes_crypt()
405 		k = cpacf_kmc(ctx->fc | modifier, &param,  in cbc_paes_crypt()
409 			rc = skcipher_walk_done(&walk, nbytes - k);  in cbc_paes_crypt()
413 				return skcipher_walk_done(&walk, -EIO);  in cbc_paes_crypt()
414 			spin_lock_bh(&ctx->pk_lock);  in cbc_paes_crypt()
415 			memcpy(param.key, ctx->pk.protkey, PAES_256_PROTKEY_SIZE);  in cbc_paes_crypt()
416 			spin_unlock_bh(&ctx->pk_lock);  in cbc_paes_crypt()
434 	.base.cra_driver_name	=	"cbc-paes-s390",
435 	.base.cra_priority	=	402,	/* ecb-paes-s390 + 1 */
454 	ctx->kb.key = NULL;  in xts_paes_init()
455 	spin_lock_init(&ctx->pk_lock);  in xts_paes_init()
464 	_free_kb_keybuf(&ctx->kb);  in xts_paes_exit()
476 	rc = __paes_keyblob2pkey(ctx->kb.key, ctx->kb.keylen, &pk0);  in __xts_paes_convert_key()
484 		if (ctx->kb.keylen % 2)  in __xts_paes_convert_key()
485 			return -EINVAL;  in __xts_paes_convert_key()
486 		split_keylen = ctx->kb.keylen / 2;  in __xts_paes_convert_key()
488 		rc = __paes_keyblob2pkey(ctx->kb.key + split_keylen,  in __xts_paes_convert_key()
494 			return -EINVAL;  in __xts_paes_convert_key()
503 		return -EINVAL;  in __xts_paes_convert_key()
506 	spin_lock_bh(&ctx->pk_lock);  in __xts_paes_convert_key()
507 	ctx->pk[0] = pk0;  in __xts_paes_convert_key()
508 	ctx->pk[1] = pk1;  in __xts_paes_convert_key()
509 	spin_unlock_bh(&ctx->pk_lock);  in __xts_paes_convert_key()
524 	switch (ctx->pk[0].type) {  in __xts_paes_set_key()
543 	ctx->fc = (fc && cpacf_test_func(&km_functions, fc)) ? fc : 0;  in __xts_paes_set_key()
545 	return ctx->fc ? 0 : -EINVAL;  in __xts_paes_set_key()
558 		return -EINVAL;  in xts_paes_set_key()
560 	_free_kb_keybuf(&ctx->kb);  in xts_paes_set_key()
561 	rc = _xts_key_to_kb(&ctx->kb, in_key, in_keylen);  in xts_paes_set_key()
570 	 * It is not possible on a single protected key (e.g. full AES-XTS) to  in xts_paes_set_key()
573 	if (ctx->pk[0].type == PKEY_KEYTYPE_AES_XTS_128 ||  in xts_paes_set_key()
574 	    ctx->pk[0].type == PKEY_KEYTYPE_AES_XTS_256)  in xts_paes_set_key()
581 	ckey_len = (ctx->pk[0].type == PKEY_KEYTYPE_AES_128) ?  in xts_paes_set_key()
583 	memcpy(ckey, ctx->pk[0].protkey, ckey_len);  in xts_paes_set_key()
584 	memcpy(ckey + ckey_len, ctx->pk[1].protkey, ckey_len);  in xts_paes_set_key()
609 	keylen = (ctx->pk[0].type == PKEY_KEYTYPE_AES_XTS_128) ? 32 : 64;  in paes_xts_crypt_full()
610 	offset = (ctx->pk[0].type == PKEY_KEYTYPE_AES_XTS_128) ? 32 : 0;  in paes_xts_crypt_full()
612 	spin_lock_bh(&ctx->pk_lock);  in paes_xts_crypt_full()
613 	memcpy(fxts_param.key + offset, ctx->pk[0].protkey, keylen);  in paes_xts_crypt_full()
614 	memcpy(fxts_param.wkvp, ctx->pk[0].protkey + keylen,  in paes_xts_crypt_full()
616 	spin_unlock_bh(&ctx->pk_lock);  in paes_xts_crypt_full()
618 	fxts_param.nap[0] = 0x01; /* initial alpha power (1, little-endian) */  in paes_xts_crypt_full()
622 		n = nbytes & ~(AES_BLOCK_SIZE - 1);  in paes_xts_crypt_full()
623 		k = cpacf_km(ctx->fc | modifier, fxts_param.key + offset,  in paes_xts_crypt_full()
626 			rc = skcipher_walk_done(&walk, nbytes - k);  in paes_xts_crypt_full()
629 				return skcipher_walk_done(&walk, -EIO);  in paes_xts_crypt_full()
630 			spin_lock_bh(&ctx->pk_lock);  in paes_xts_crypt_full()
631 			memcpy(fxts_param.key + offset, ctx->pk[0].protkey,  in paes_xts_crypt_full()
633 			memcpy(fxts_param.wkvp, ctx->pk[0].protkey + keylen,  in paes_xts_crypt_full()
635 			spin_unlock_bh(&ctx->pk_lock);  in paes_xts_crypt_full()
665 	keylen = (ctx->pk[0].type == PKEY_KEYTYPE_AES_128) ? 48 : 64;  in paes_xts_crypt()
666 	offset = (ctx->pk[0].type == PKEY_KEYTYPE_AES_128) ? 16 : 0;  in paes_xts_crypt()
670 	spin_lock_bh(&ctx->pk_lock);  in paes_xts_crypt()
671 	memcpy(pcc_param.key + offset, ctx->pk[1].protkey, keylen);  in paes_xts_crypt()
672 	memcpy(xts_param.key + offset, ctx->pk[0].protkey, keylen);  in paes_xts_crypt()
673 	spin_unlock_bh(&ctx->pk_lock);  in paes_xts_crypt()
674 	cpacf_pcc(ctx->fc, pcc_param.key + offset);  in paes_xts_crypt()
679 		n = nbytes & ~(AES_BLOCK_SIZE - 1);  in paes_xts_crypt()
680 		k = cpacf_km(ctx->fc | modifier, xts_param.key + offset,  in paes_xts_crypt()
683 			rc = skcipher_walk_done(&walk, nbytes - k);  in paes_xts_crypt()
686 				return skcipher_walk_done(&walk, -EIO);  in paes_xts_crypt()
687 			spin_lock_bh(&ctx->pk_lock);  in paes_xts_crypt()
689 			       ctx->pk[0].protkey, keylen);  in paes_xts_crypt()
690 			spin_unlock_bh(&ctx->pk_lock);  in paes_xts_crypt()
702 	switch (ctx->fc) {  in xts_paes_crypt()
710 		return -EINVAL;  in xts_paes_crypt()
726 	.base.cra_driver_name	=	"xts-paes-s390",
727 	.base.cra_priority	=	402,	/* ecb-paes-s390 + 1 */
746 	ctx->kb.key = NULL;  in ctr_paes_init()
747 	spin_lock_init(&ctx->pk_lock);  in ctr_paes_init()
756 	_free_kb_keybuf(&ctx->kb);  in ctr_paes_exit()
769 	fc = (ctx->pk.type == PKEY_KEYTYPE_AES_128) ? CPACF_KMCTR_PAES_128 :  in __ctr_paes_set_key()
770 		(ctx->pk.type == PKEY_KEYTYPE_AES_192) ? CPACF_KMCTR_PAES_192 :  in __ctr_paes_set_key()
771 		(ctx->pk.type == PKEY_KEYTYPE_AES_256) ?  in __ctr_paes_set_key()
775 	ctx->fc = (fc && cpacf_test_func(&kmctr_functions, fc)) ? fc : 0;  in __ctr_paes_set_key()
777 	return ctx->fc ? 0 : -EINVAL;  in __ctr_paes_set_key()
786 	_free_kb_keybuf(&ctx->kb);  in ctr_paes_set_key()
787 	rc = _key_to_kb(&ctx->kb, in_key, key_len);  in ctr_paes_set_key()
800 	n = (nbytes > PAGE_SIZE) ? PAGE_SIZE : nbytes & ~(AES_BLOCK_SIZE - 1);  in __ctrblk_init()
801 	for (i = (n / AES_BLOCK_SIZE) - 1; i > 0; i--) {  in __ctrblk_init()
825 	spin_lock_bh(&ctx->pk_lock);  in ctr_paes_crypt()
826 	memcpy(param.key, ctx->pk.protkey, PAES_256_PROTKEY_SIZE);  in ctr_paes_crypt()
827 	spin_unlock_bh(&ctx->pk_lock);  in ctr_paes_crypt()
836 		k = cpacf_kmctr(ctx->fc, &param, walk.dst.virt.addr,  in ctr_paes_crypt()
840 				memcpy(walk.iv, ctrptr + k - AES_BLOCK_SIZE,  in ctr_paes_crypt()
843 			rc = skcipher_walk_done(&walk, nbytes - k);  in ctr_paes_crypt()
849 				return skcipher_walk_done(&walk, -EIO);  in ctr_paes_crypt()
851 			spin_lock_bh(&ctx->pk_lock);  in ctr_paes_crypt()
852 			memcpy(param.key, ctx->pk.protkey, PAES_256_PROTKEY_SIZE);  in ctr_paes_crypt()
853 			spin_unlock_bh(&ctx->pk_lock);  in ctr_paes_crypt()
865 			if (cpacf_kmctr(ctx->fc, &param, buf,  in ctr_paes_crypt()
870 				return skcipher_walk_done(&walk, -EIO);  in ctr_paes_crypt()
871 			spin_lock_bh(&ctx->pk_lock);  in ctr_paes_crypt()
872 			memcpy(param.key, ctx->pk.protkey, PAES_256_PROTKEY_SIZE);  in ctr_paes_crypt()
873 			spin_unlock_bh(&ctx->pk_lock);  in ctr_paes_crypt()
885 	.base.cra_driver_name	=	"ctr-paes-s390",
886 	.base.cra_priority	=	402,	/* ecb-paes-s390 + 1 */
904 	if (!list_empty(&alg->base.cra_list))  in __crypto_unregister_skcipher()
955 			rc = -ENOMEM;  in paes_s390_init()