1
2
3
4
5
6
7
8
9
10
11#include <crypto/algapi.h>
12#include <crypto/des.h>
13#include <crypto/internal/skcipher.h>
14#include <linux/crypto.h>
15#include <linux/init.h>
16#include <linux/module.h>
17#include <linux/types.h>
18
19struct des3_ede_x86_ctx {
20 struct des3_ede_ctx enc;
21 struct des3_ede_ctx dec;
22};
23
24
25asmlinkage void des3_ede_x86_64_crypt_blk(const u32 *expkey, u8 *dst,
26 const u8 *src);
27
28
29asmlinkage void des3_ede_x86_64_crypt_blk_3way(const u32 *expkey, u8 *dst,
30 const u8 *src);
31
32static inline void des3_ede_enc_blk(struct des3_ede_x86_ctx *ctx, u8 *dst,
33 const u8 *src)
34{
35 u32 *enc_ctx = ctx->enc.expkey;
36
37 des3_ede_x86_64_crypt_blk(enc_ctx, dst, src);
38}
39
40static inline void des3_ede_dec_blk(struct des3_ede_x86_ctx *ctx, u8 *dst,
41 const u8 *src)
42{
43 u32 *dec_ctx = ctx->dec.expkey;
44
45 des3_ede_x86_64_crypt_blk(dec_ctx, dst, src);
46}
47
48static inline void des3_ede_enc_blk_3way(struct des3_ede_x86_ctx *ctx, u8 *dst,
49 const u8 *src)
50{
51 u32 *enc_ctx = ctx->enc.expkey;
52
53 des3_ede_x86_64_crypt_blk_3way(enc_ctx, dst, src);
54}
55
56static inline void des3_ede_dec_blk_3way(struct des3_ede_x86_ctx *ctx, u8 *dst,
57 const u8 *src)
58{
59 u32 *dec_ctx = ctx->dec.expkey;
60
61 des3_ede_x86_64_crypt_blk_3way(dec_ctx, dst, src);
62}
63
64static void des3_ede_x86_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
65{
66 des3_ede_enc_blk(crypto_tfm_ctx(tfm), dst, src);
67}
68
69static void des3_ede_x86_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
70{
71 des3_ede_dec_blk(crypto_tfm_ctx(tfm), dst, src);
72}
73
74static int ecb_crypt(struct skcipher_request *req, const u32 *expkey)
75{
76 const unsigned int bsize = DES3_EDE_BLOCK_SIZE;
77 struct skcipher_walk walk;
78 unsigned int nbytes;
79 int err;
80
81 err = skcipher_walk_virt(&walk, req, false);
82
83 while ((nbytes = walk.nbytes)) {
84 u8 *wsrc = walk.src.virt.addr;
85 u8 *wdst = walk.dst.virt.addr;
86
87
88 if (nbytes >= bsize * 3) {
89 do {
90 des3_ede_x86_64_crypt_blk_3way(expkey, wdst,
91 wsrc);
92
93 wsrc += bsize * 3;
94 wdst += bsize * 3;
95 nbytes -= bsize * 3;
96 } while (nbytes >= bsize * 3);
97
98 if (nbytes < bsize)
99 goto done;
100 }
101
102
103 do {
104 des3_ede_x86_64_crypt_blk(expkey, wdst, wsrc);
105
106 wsrc += bsize;
107 wdst += bsize;
108 nbytes -= bsize;
109 } while (nbytes >= bsize);
110
111done:
112 err = skcipher_walk_done(&walk, nbytes);
113 }
114
115 return err;
116}
117
118static int ecb_encrypt(struct skcipher_request *req)
119{
120 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
121 struct des3_ede_x86_ctx *ctx = crypto_skcipher_ctx(tfm);
122
123 return ecb_crypt(req, ctx->enc.expkey);
124}
125
126static int ecb_decrypt(struct skcipher_request *req)
127{
128 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
129 struct des3_ede_x86_ctx *ctx = crypto_skcipher_ctx(tfm);
130
131 return ecb_crypt(req, ctx->dec.expkey);
132}
133
134static unsigned int __cbc_encrypt(struct des3_ede_x86_ctx *ctx,
135 struct skcipher_walk *walk)
136{
137 unsigned int bsize = DES3_EDE_BLOCK_SIZE;
138 unsigned int nbytes = walk->nbytes;
139 u64 *src = (u64 *)walk->src.virt.addr;
140 u64 *dst = (u64 *)walk->dst.virt.addr;
141 u64 *iv = (u64 *)walk->iv;
142
143 do {
144 *dst = *src ^ *iv;
145 des3_ede_enc_blk(ctx, (u8 *)dst, (u8 *)dst);
146 iv = dst;
147
148 src += 1;
149 dst += 1;
150 nbytes -= bsize;
151 } while (nbytes >= bsize);
152
153 *(u64 *)walk->iv = *iv;
154 return nbytes;
155}
156
157static int cbc_encrypt(struct skcipher_request *req)
158{
159 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
160 struct des3_ede_x86_ctx *ctx = crypto_skcipher_ctx(tfm);
161 struct skcipher_walk walk;
162 unsigned int nbytes;
163 int err;
164
165 err = skcipher_walk_virt(&walk, req, false);
166
167 while ((nbytes = walk.nbytes)) {
168 nbytes = __cbc_encrypt(ctx, &walk);
169 err = skcipher_walk_done(&walk, nbytes);
170 }
171
172 return err;
173}
174
175static unsigned int __cbc_decrypt(struct des3_ede_x86_ctx *ctx,
176 struct skcipher_walk *walk)
177{
178 unsigned int bsize = DES3_EDE_BLOCK_SIZE;
179 unsigned int nbytes = walk->nbytes;
180 u64 *src = (u64 *)walk->src.virt.addr;
181 u64 *dst = (u64 *)walk->dst.virt.addr;
182 u64 ivs[3 - 1];
183 u64 last_iv;
184
185
186 src += nbytes / bsize - 1;
187 dst += nbytes / bsize - 1;
188
189 last_iv = *src;
190
191
192 if (nbytes >= bsize * 3) {
193 do {
194 nbytes -= bsize * 3 - bsize;
195 src -= 3 - 1;
196 dst -= 3 - 1;
197
198 ivs[0] = src[0];
199 ivs[1] = src[1];
200
201 des3_ede_dec_blk_3way(ctx, (u8 *)dst, (u8 *)src);
202
203 dst[1] ^= ivs[0];
204 dst[2] ^= ivs[1];
205
206 nbytes -= bsize;
207 if (nbytes < bsize)
208 goto done;
209
210 *dst ^= *(src - 1);
211 src -= 1;
212 dst -= 1;
213 } while (nbytes >= bsize * 3);
214 }
215
216
217 for (;;) {
218 des3_ede_dec_blk(ctx, (u8 *)dst, (u8 *)src);
219
220 nbytes -= bsize;
221 if (nbytes < bsize)
222 break;
223
224 *dst ^= *(src - 1);
225 src -= 1;
226 dst -= 1;
227 }
228
229done:
230 *dst ^= *(u64 *)walk->iv;
231 *(u64 *)walk->iv = last_iv;
232
233 return nbytes;
234}
235
236static int cbc_decrypt(struct skcipher_request *req)
237{
238 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
239 struct des3_ede_x86_ctx *ctx = crypto_skcipher_ctx(tfm);
240 struct skcipher_walk walk;
241 unsigned int nbytes;
242 int err;
243
244 err = skcipher_walk_virt(&walk, req, false);
245
246 while ((nbytes = walk.nbytes)) {
247 nbytes = __cbc_decrypt(ctx, &walk);
248 err = skcipher_walk_done(&walk, nbytes);
249 }
250
251 return err;
252}
253
254static int des3_ede_x86_setkey(struct crypto_tfm *tfm, const u8 *key,
255 unsigned int keylen)
256{
257 struct des3_ede_x86_ctx *ctx = crypto_tfm_ctx(tfm);
258 u32 i, j, tmp;
259 int err;
260
261 err = des3_ede_expand_key(&ctx->enc, key, keylen);
262 if (err == -ENOKEY) {
263 if (crypto_tfm_get_flags(tfm) & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)
264 err = -EINVAL;
265 else
266 err = 0;
267 }
268
269 if (err) {
270 memset(ctx, 0, sizeof(*ctx));
271 return err;
272 }
273
274
275
276 j = DES3_EDE_EXPKEY_WORDS - 2;
277 for (i = 0; i < DES3_EDE_EXPKEY_WORDS; i += 2, j -= 2) {
278 tmp = ror32(ctx->enc.expkey[i + 1], 4);
279 ctx->enc.expkey[i + 1] = tmp;
280
281 ctx->dec.expkey[j + 0] = ctx->enc.expkey[i + 0];
282 ctx->dec.expkey[j + 1] = tmp;
283 }
284
285 return 0;
286}
287
288static int des3_ede_x86_setkey_skcipher(struct crypto_skcipher *tfm,
289 const u8 *key,
290 unsigned int keylen)
291{
292 return des3_ede_x86_setkey(&tfm->base, key, keylen);
293}
294
295static struct crypto_alg des3_ede_cipher = {
296 .cra_name = "des3_ede",
297 .cra_driver_name = "des3_ede-asm",
298 .cra_priority = 200,
299 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
300 .cra_blocksize = DES3_EDE_BLOCK_SIZE,
301 .cra_ctxsize = sizeof(struct des3_ede_x86_ctx),
302 .cra_alignmask = 0,
303 .cra_module = THIS_MODULE,
304 .cra_u = {
305 .cipher = {
306 .cia_min_keysize = DES3_EDE_KEY_SIZE,
307 .cia_max_keysize = DES3_EDE_KEY_SIZE,
308 .cia_setkey = des3_ede_x86_setkey,
309 .cia_encrypt = des3_ede_x86_encrypt,
310 .cia_decrypt = des3_ede_x86_decrypt,
311 }
312 }
313};
314
315static struct skcipher_alg des3_ede_skciphers[] = {
316 {
317 .base.cra_name = "ecb(des3_ede)",
318 .base.cra_driver_name = "ecb-des3_ede-asm",
319 .base.cra_priority = 300,
320 .base.cra_blocksize = DES3_EDE_BLOCK_SIZE,
321 .base.cra_ctxsize = sizeof(struct des3_ede_x86_ctx),
322 .base.cra_module = THIS_MODULE,
323 .min_keysize = DES3_EDE_KEY_SIZE,
324 .max_keysize = DES3_EDE_KEY_SIZE,
325 .setkey = des3_ede_x86_setkey_skcipher,
326 .encrypt = ecb_encrypt,
327 .decrypt = ecb_decrypt,
328 }, {
329 .base.cra_name = "cbc(des3_ede)",
330 .base.cra_driver_name = "cbc-des3_ede-asm",
331 .base.cra_priority = 300,
332 .base.cra_blocksize = DES3_EDE_BLOCK_SIZE,
333 .base.cra_ctxsize = sizeof(struct des3_ede_x86_ctx),
334 .base.cra_module = THIS_MODULE,
335 .min_keysize = DES3_EDE_KEY_SIZE,
336 .max_keysize = DES3_EDE_KEY_SIZE,
337 .ivsize = DES3_EDE_BLOCK_SIZE,
338 .setkey = des3_ede_x86_setkey_skcipher,
339 .encrypt = cbc_encrypt,
340 .decrypt = cbc_decrypt,
341 }
342};
343
344static bool is_blacklisted_cpu(void)
345{
346 if (boot_cpu_data.x86_vendor != X86_VENDOR_INTEL)
347 return false;
348
349 if (boot_cpu_data.x86 == 0x0f) {
350
351
352
353
354
355 return true;
356 }
357
358 return false;
359}
360
361static int force;
362module_param(force, int, 0);
363MODULE_PARM_DESC(force, "Force module load, ignore CPU blacklist");
364
365static int __init des3_ede_x86_init(void)
366{
367 int err;
368
369 if (!force && is_blacklisted_cpu()) {
370 pr_info("des3_ede-x86_64: performance on this CPU would be suboptimal: disabling des3_ede-x86_64.\n");
371 return -ENODEV;
372 }
373
374 err = crypto_register_alg(&des3_ede_cipher);
375 if (err)
376 return err;
377
378 err = crypto_register_skciphers(des3_ede_skciphers,
379 ARRAY_SIZE(des3_ede_skciphers));
380 if (err)
381 crypto_unregister_alg(&des3_ede_cipher);
382
383 return err;
384}
385
386static void __exit des3_ede_x86_fini(void)
387{
388 crypto_unregister_alg(&des3_ede_cipher);
389 crypto_unregister_skciphers(des3_ede_skciphers,
390 ARRAY_SIZE(des3_ede_skciphers));
391}
392
393module_init(des3_ede_x86_init);
394module_exit(des3_ede_x86_fini);
395
396MODULE_LICENSE("GPL");
397MODULE_DESCRIPTION("Triple DES EDE Cipher Algorithm, asm optimized");
398MODULE_ALIAS_CRYPTO("des3_ede");
399MODULE_ALIAS_CRYPTO("des3_ede-asm");
400MODULE_AUTHOR("Jussi Kivilinna <jussi.kivilinna@iki.fi>");
401
