1 /* DYNCRYPT.C (c) Bernard van der Helm, 2003-2011 */
2 /* z/Architecture crypto instructions */
3
4 /*----------------------------------------------------------------------------*/
5 /* Implementation of the z/Architecture crypto instructions described in */
6 /* SA22-7832-04: z/Architecture Principles of Operation within the Hercules */
7 /* z/Architecture emulator. */
8 /* */
9 /* (c) Copyright Bernard van der Helm, 2003-2011 */
10 /* Noordwijkerhout, The Netherlands. */
11 /*----------------------------------------------------------------------------*/
12
13 // $Id$
14
15 #include "hstdinc.h"
16
17 #ifndef _DYNCRYPT_C_
18 #define _DYNCRYPT_C_
19 #endif /* #ifndef _DYNCRYPT_C_ */
20
21 #ifndef _DYNCRYPT_DLL_
22 #define _DYNCRYPT_DLL_
23 #endif /* #ifndef _DYNCRYPT_DLL_ */
24
25 #include "hercules.h"
26 #include "opcode.h"
27 #include "inline.h"
28 #include "aes.h"
29 #include "des.h"
30 #include "sha1.h"
31 #include "sha256.h"
32
33 /*----------------------------------------------------------------------------*/
34 /* Sanity compile check */
35 /*----------------------------------------------------------------------------*/
36 #if defined(FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_1) && !defined(FEATURE_MESSAGE_SECURITY_ASSIST)
37 #error You cannot have "Message Security Assist extension 1" without having "Message Security Assist"
38 #endif /* #if ... */
39 #if defined(FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_2) && !defined(FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_1)
40 #error You cannot have "Message Security Assist extension 2" without having "Message Security Assist extension 1"
41 #endif /* #if ... */
42 #if defined(FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_3) && !defined(FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_2)
43 #error You cannot have "Message Security Assist extension 3" without having "Message Security Assist extension 2"
44 #endif /* #if ... */
45 #if defined(FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_4) && !defined(FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_3)
46 #error You cannot have "Message Security Assist extension 4" without having "Message Security Assist extension 3"
47 #endif /* #if ... */
48
49 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST
50 /*----------------------------------------------------------------------------*/
51 /* Debugging options */
52 /*----------------------------------------------------------------------------*/
53 #if 0
54 #define OPTION_KIMD_DEBUG
55 #define OPTION_KLMD_DEBUG
56 #define OPTION_KM_DEBUG
57 #define OPTION_KMAC_DEBUG
58 #define OPTION_KMC_DEBUG
59 #define OPTION_KMCTR_DEBUG
60 #define OPTION_KMF_DEBUG
61 #define OPTION_KMO_DEBUG
62 #define OPTION_PCC_DEBUG
63 #define OPTION_PCKMO_DEBUG
64 #endif /* #if 0|1 */
65
66 /*----------------------------------------------------------------------------*/
67 /* General Purpose Register 0 macro's (GR0) */
68 /*----------------------------------------------------------------------------*/
69 /* fc : Function code */
70 /* m : Modifier bit */
71 /* lcfb : Length of cipher feedback */
72 /* wrap : Indication if key is wrapped */
73 /* tfc : Function code without wrap indication */
74 /*----------------------------------------------------------------------------*/
75 #define GR0_fc(regs) ((regs)->GR_L(0) & 0x0000007F)
76 #define GR0_m(regs) (((regs)->GR_L(0) & 0x00000080) ? TRUE : FALSE)
77 #define GR0_lcfb(regs) ((regs)->GR_L(0) >> 24)
78 #define GR0_wrap(egs) (((regs)->GR_L(0) & 0x08) ? TRUE : FALSE)
79 #define GR0_tfc(regs) (GR0_fc(regs) & 0x77)
80
81 /*----------------------------------------------------------------------------*/
82 /* Bit strings for query functions */
83 /*----------------------------------------------------------------------------*/
84 #undef KIMD_BITS
85 #undef KLMD_BITS
86 #undef KM_BITS
87 #undef KMAC_BITS
88 #undef KMC_BITS
89 #undef KMCTR_BITS
90 #undef KMF_BITS
91 #undef KMO_BITS
92 #undef PCC_BITS
93 #undef PCKMO_BITS
94
95 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_4
96 #define KIMD_BITS { 0xf0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
97 #else
98 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_2
99 #define KIMD_BITS { 0xf0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
100 #else
101 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_1
102 #define KIMD_BITS { 0xe0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
103 #else
104 #define KIMD_BITS { 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
105 #endif
106 #endif
107 #endif
108
109 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_2
110 #define KLMD_BITS { 0xf0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
111 #else
112 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_1
113 #define KLMD_BITS { 0xe0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
114 #else
115 #define KLMD_BITS { 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
116 #endif
117 #endif
118
119 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_4
120 #define KM_BITS { 0xf0, 0x70, 0x38, 0x38, 0x00, 0x00, 0x28, 0x28, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
121 #else
122 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_3
123 #define KM_BITS { 0xf0, 0x70, 0x38, 0x38, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
124 #else
125 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_2
126 #define KM_BITS { 0xf0, 0x00, 0x38, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
127 #else
128 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_1
129 #define KM_BITS { 0xf0, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
130 #else
131 #define KM_BITS { 0xf0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
132 #endif
133 #endif
134 #endif
135 #endif
136
137 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_4
138 #define KMAC_BITS { 0xf0, 0x70, 0x38, 0x38, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
139 #else
140 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_3
141 #define KMAC_BITS { 0xf0, 0x70, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
142 #else
143 #define KMAC_BITS { 0xf0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
144 #endif
145 #endif
146
147 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_3
148 #define KMC_BITS { 0xf0, 0x70, 0x38, 0x38, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
149 #else
150 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_2
151 #define KMC_BITS { 0xf0, 0x00, 0x38, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
152 #else
153 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_1
154 #define KMC_BITS { 0xf0, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
155 #else
156 #define KMC_BITS { 0xf0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
157 #endif
158 #endif
159 #endif
160
161 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_3
162 #define PCKMO_BITS { 0xf0, 0x00, 0x38, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
163 #endif
164
165 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_4
166 #define KMCTR_BITS { 0xf0, 0x70, 0x38, 0x38, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
167 #define KMF_BITS { 0xf0, 0x70, 0x38, 0x38, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
168 #define KMO_BITS { 0xf0, 0x70, 0x38, 0x38, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
169 #define PCC_BITS { 0xf0, 0x70, 0x38, 0x38, 0x00, 0x00, 0x28, 0x28, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
170 #endif
171
172 /*----------------------------------------------------------------------------*/
173 /* Write bytes on one line */
174 /*----------------------------------------------------------------------------*/
175 #define LOGBYTE(s, v, x) \
176 { \
177 int i; \
178 \
179 logmsg(" " s " "); \
180 for(i = 0; i < (x); i++) \
181 logmsg("%02X", (v)[i]); \
182 logmsg(" | "); \
183 for(i = 0; i < (x); i++) \
184 { \
185 if(isprint(guest_to_host((v)[i]))) \
186 logmsg("%c", guest_to_host((v)[i])); \
187 else \
188 logmsg("."); \
189 } \
190 logmsg(" |\n"); \
191 }
192
193 /*----------------------------------------------------------------------------*/
194 /* Write bytes on multiple lines */
195 /*----------------------------------------------------------------------------*/
196 #define LOGBYTE2(s, v, x, y) \
197 { \
198 int i; \
199 int j; \
200 \
201 logmsg(" " s "\n"); \
202 for(i = 0; i < (y); i++) \
203 { \
204 logmsg(" "); \
205 for(j = 0; j < (x); j++) \
206 logmsg("%02X", (v)[i * (x) + j]); \
207 logmsg(" | "); \
208 for(j = 0; j < (x); j++) \
209 { \
210 if(isprint(guest_to_host((v)[i * (x) + j]))) \
211 logmsg("%c", guest_to_host((v)[i * (x) + j])); \
212 else \
213 logmsg("."); \
214 } \
215 logmsg(" |\n"); \
216 } \
217 }
218
219 /*----------------------------------------------------------------------------*/
220 /* CPU determined amount of data (processed in one go) */
221 /*----------------------------------------------------------------------------*/
222 #define PROCESS_MAX 16384
223
224 /*----------------------------------------------------------------------------*/
225 /* Used for printing debugging info */
226 /*----------------------------------------------------------------------------*/
227 #define TRUEFALSE(boolean) ((boolean) ? "True" : "False")
228
229 #ifndef __STATIC_FUNCTIONS__
230 #define __STATIC_FUNCTIONS__
231 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_4
232 /*----------------------------------------------------------------------------*/
233 /* GCM multiplication over GF(2^128) */
234 /*----------------------------------------------------------------------------*/
235 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
236 *
237 * LibTomCrypt is a library that provides various cryptographic
238 * algorithms in a highly modular and flexible manner.
239 *
240 * The library is free for all purposes without any express
241 * guarantee it works.
242 *
243 * Tom St Denis, tomstdenis@..., http://libtomcrypt.org
244 */
245
246 /* Remarks Bernard van der Helm & JW: Strongly adjusted for
247 * Hercules-390. We need the internal functions gcm_gf_mult
248 * and xts_mult_x. The rest of of the code is deleted.
249 *
250 * Thanks Tom!
251 */
252
253 /* Hercules adjustments */
254 #define zeromem(dst, len) memset((dst), 0, (len))
255 #define XMEMCPY memcpy
256
257 /* Original code from gcm_gf_mult.c */
258 /* right shift */
gcm_rightshift(unsigned char * a)259 static void gcm_rightshift(unsigned char *a)
260 {
261 int x;
262
263 for(x = 15; x > 0; x--)
264 a[x] = (a[x] >> 1) | ((a[x-1] << 7) & 0x80);
265 a[0] >>= 1;
266 }
267
268 /* c = b*a */
269 static const unsigned char mask[] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
270 static const unsigned char poly[] = { 0x00, 0xE1 };
271
gcm_gf_mult(const unsigned char * a,const unsigned char * b,unsigned char * c)272 void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char *c)
273 {
274 unsigned char Z[16], V[16];
275 unsigned char x, y, z;
276
277 zeromem(Z, 16);
278 XMEMCPY(V, a, 16);
279 for (x = 0; x < 128; x++)
280 {
281 if(b[x>>3] & mask[x&7])
282 {
283 for(y = 0; y < 16; y++)
284 Z[y] ^= V[y];
285 }
286 z = V[15] & 0x01;
287 gcm_rightshift(V);
288 V[0] ^= poly[z];
289 }
290 XMEMCPY(c, Z, 16);
291 }
292
293 /* I = 2*I */
xts_mult_x(unsigned char * I)294 void xts_mult_x(unsigned char *I)
295 {
296 int x;
297 unsigned char t, tt;
298
299 for (x = t = 0; x < 16; x++) {
300 tt = I[x] >> 7;
301 I[x] = ((I[x] << 1) | t) & 0xFF;
302 t = tt;
303 }
304 if (tt) {
305 I[0] ^= 0x87;
306 }
307 }
308
309 /* c = b*a -- bit swapped call of gcm_gf_mult for use with xts */
xts_gf_mult(const unsigned char * a,const unsigned char * b,unsigned char * c)310 void xts_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char *c)
311 {
312 unsigned char a_r[16], b_r[16], c_r[16];
313 int i;
314 static const unsigned char BitReverseTable256[] =
315 {
316 0x00, 0x80, 0x40, 0xC0, 0x20, 0xA0, 0x60, 0xE0, 0x10, 0x90, 0x50, 0xD0, 0x30, 0xB0, 0x70, 0xF0,
317 0x08, 0x88, 0x48, 0xC8, 0x28, 0xA8, 0x68, 0xE8, 0x18, 0x98, 0x58, 0xD8, 0x38, 0xB8, 0x78, 0xF8,
318 0x04, 0x84, 0x44, 0xC4, 0x24, 0xA4, 0x64, 0xE4, 0x14, 0x94, 0x54, 0xD4, 0x34, 0xB4, 0x74, 0xF4,
319 0x0C, 0x8C, 0x4C, 0xCC, 0x2C, 0xAC, 0x6C, 0xEC, 0x1C, 0x9C, 0x5C, 0xDC, 0x3C, 0xBC, 0x7C, 0xFC,
320 0x02, 0x82, 0x42, 0xC2, 0x22, 0xA2, 0x62, 0xE2, 0x12, 0x92, 0x52, 0xD2, 0x32, 0xB2, 0x72, 0xF2,
321 0x0A, 0x8A, 0x4A, 0xCA, 0x2A, 0xAA, 0x6A, 0xEA, 0x1A, 0x9A, 0x5A, 0xDA, 0x3A, 0xBA, 0x7A, 0xFA,
322 0x06, 0x86, 0x46, 0xC6, 0x26, 0xA6, 0x66, 0xE6, 0x16, 0x96, 0x56, 0xD6, 0x36, 0xB6, 0x76, 0xF6,
323 0x0E, 0x8E, 0x4E, 0xCE, 0x2E, 0xAE, 0x6E, 0xEE, 0x1E, 0x9E, 0x5E, 0xDE, 0x3E, 0xBE, 0x7E, 0xFE,
324 0x01, 0x81, 0x41, 0xC1, 0x21, 0xA1, 0x61, 0xE1, 0x11, 0x91, 0x51, 0xD1, 0x31, 0xB1, 0x71, 0xF1,
325 0x09, 0x89, 0x49, 0xC9, 0x29, 0xA9, 0x69, 0xE9, 0x19, 0x99, 0x59, 0xD9, 0x39, 0xB9, 0x79, 0xF9,
326 0x05, 0x85, 0x45, 0xC5, 0x25, 0xA5, 0x65, 0xE5, 0x15, 0x95, 0x55, 0xD5, 0x35, 0xB5, 0x75, 0xF5,
327 0x0D, 0x8D, 0x4D, 0xCD, 0x2D, 0xAD, 0x6D, 0xED, 0x1D, 0x9D, 0x5D, 0xDD, 0x3D, 0xBD, 0x7D, 0xFD,
328 0x03, 0x83, 0x43, 0xC3, 0x23, 0xA3, 0x63, 0xE3, 0x13, 0x93, 0x53, 0xD3, 0x33, 0xB3, 0x73, 0xF3,
329 0x0B, 0x8B, 0x4B, 0xCB, 0x2B, 0xAB, 0x6B, 0xEB, 0x1B, 0x9B, 0x5B, 0xDB, 0x3B, 0xBB, 0x7B, 0xFB,
330 0x07, 0x87, 0x47, 0xC7, 0x27, 0xA7, 0x67, 0xE7, 0x17, 0x97, 0x57, 0xD7, 0x37, 0xB7, 0x77, 0xF7,
331 0x0F, 0x8F, 0x4F, 0xCF, 0x2F, 0xAF, 0x6F, 0xEF, 0x1F, 0x9F, 0x5F, 0xDF, 0x3F, 0xBF, 0x7F, 0xFF
332 };
333
334 for (i=0; i<=15; i++)
335 {
336 a_r[i] = BitReverseTable256[a[i]];
337 b_r[i] = BitReverseTable256[b[i]];
338 }
339 gcm_gf_mult(a_r, b_r, c_r);
340 for (i=0; i<=15; i++) c[i] = BitReverseTable256[c_r[i]];
341 }
342 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_4 */
343
344 /*----------------------------------------------------------------------------*/
345 /* Get the chaining vector for output processing */
346 /*----------------------------------------------------------------------------*/
sha1_getcv(sha1_context * ctx,BYTE icv[20])347 static void sha1_getcv(sha1_context *ctx, BYTE icv[20])
348 {
349 int i, j;
350
351 for(i = 0, j = 0; i < 5; i++)
352 {
353 icv[j++] = (ctx->state[i] & 0xff000000) >> 24;
354 icv[j++] = (ctx->state[i] & 0x00ff0000) >> 16;
355 icv[j++] = (ctx->state[i] & 0x0000ff00) >> 8;
356 icv[j++] = (ctx->state[i] & 0x000000ff);
357 }
358 }
359
360 /*----------------------------------------------------------------------------*/
361 /* Set the initial chaining value */
362 /*----------------------------------------------------------------------------*/
sha1_seticv(sha1_context * ctx,BYTE icv[20])363 static void sha1_seticv(sha1_context *ctx, BYTE icv[20])
364 {
365 int i, j;
366
367 for(i = 0, j = 0; i < 5; i++)
368 {
369 ctx->state[i] = icv[j++] << 24;
370 ctx->state[i] |= icv[j++] << 16;
371 ctx->state[i] |= icv[j++] << 8;
372 ctx->state[i] |= icv[j++];
373 }
374 }
375
376 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_1
377 /*----------------------------------------------------------------------------*/
378 /* Get the chaining vector for output processing */
379 /*----------------------------------------------------------------------------*/
sha256_getcv(sha256_context * ctx,BYTE icv[32])380 static void sha256_getcv(sha256_context *ctx, BYTE icv[32])
381 {
382 int i, j;
383
384 for(i = 0, j = 0; i < 8; i++)
385 {
386 icv[j++] = (ctx->state[i] & 0xff000000) >> 24;
387 icv[j++] = (ctx->state[i] & 0x00ff0000) >> 16;
388 icv[j++] = (ctx->state[i] & 0x0000ff00) >> 8;
389 icv[j++] = (ctx->state[i] & 0x000000ff);
390 }
391 }
392
393 /*----------------------------------------------------------------------------*/
394 /* Set the initial chaining value */
395 /*----------------------------------------------------------------------------*/
sha256_seticv(sha256_context * ctx,BYTE icv[32])396 static void sha256_seticv(sha256_context *ctx, BYTE icv[32])
397 {
398 int i, j;
399
400 for(i = 0, j = 0; i < 8; i++)
401 {
402 ctx->state[i] = icv[j++] << 24;
403 ctx->state[i] |= icv[j++] << 16;
404 ctx->state[i] |= icv[j++] << 8;
405 ctx->state[i] |= icv[j++];
406 }
407 }
408 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_1 */
409
410 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_2
411 /*----------------------------------------------------------------------------*/
412 /* Get the chaining vector for output processing */
413 /*----------------------------------------------------------------------------*/
sha512_getcv(sha512_context * ctx,BYTE icv[64])414 static void sha512_getcv(sha512_context *ctx, BYTE icv[64])
415 {
416 int i, j;
417
418 for(i = 0, j = 0; i < 8; i++)
419 {
420 icv[j++] = (ctx->state[i] & 0xff00000000000000LL) >> 56;
421 icv[j++] = (ctx->state[i] & 0x00ff000000000000LL) >> 48;
422 icv[j++] = (ctx->state[i] & 0x0000ff0000000000LL) >> 40;
423 icv[j++] = (ctx->state[i] & 0x000000ff00000000LL) >> 32;
424 icv[j++] = (ctx->state[i] & 0x00000000ff000000LL) >> 24;
425 icv[j++] = (ctx->state[i] & 0x0000000000ff0000LL) >> 16;
426 icv[j++] = (ctx->state[i] & 0x000000000000ff00LL) >> 8;
427 icv[j++] = (ctx->state[i] & 0x00000000000000ffLL);
428 }
429 }
430
431 /*----------------------------------------------------------------------------*/
432 /* Set the initial chaining value */
433 /*----------------------------------------------------------------------------*/
sha512_seticv(sha512_context * ctx,BYTE icv[64])434 static void sha512_seticv(sha512_context *ctx, BYTE icv[64])
435 {
436 int i, j;
437
438 for(i = 0, j = 0; i < 8; i++)
439 {
440 ctx->state[i] = (U64) icv[j++] << 56;
441 ctx->state[i] |= (U64) icv[j++] << 48;
442 ctx->state[i] |= (U64) icv[j++] << 40;
443 ctx->state[i] |= (U64) icv[j++] << 32;
444 ctx->state[i] |= (U64) icv[j++] << 24;
445 ctx->state[i] |= (U64) icv[j++] << 16;
446 ctx->state[i] |= (U64) icv[j++] << 8;
447 ctx->state[i] |= (U64) icv[j++];
448 }
449 }
450 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_2 */
451
452 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_4
453 /*----------------------------------------------------------------------------*/
454 /* Shif left */
455 /*----------------------------------------------------------------------------*/
shift_left(BYTE * dst,BYTE * src,int len)456 void shift_left(BYTE *dst, BYTE* src, int len)
457 {
458 int carry;
459 int i;
460
461 carry = 0;
462 for(i = 0; i < len; i++)
463 {
464 if(carry)
465 {
466 carry = src[len - 1 - i] & 0x80;
467 dst[len - 1 - i] = src[len - 1 - i] << 1;
468 dst[len - 1 - i] |= 0x01;
469 }
470 else
471 {
472 carry = src[len - 1 - i] & 0x80;
473 dst[len - 1 - i] = src[len - 1 - i] << 1;
474 }
475 }
476 }
477 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_4 */
478
479 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_3
480 /*----------------------------------------------------------------------------*/
481 /* Unwrap key using aes */
482 /*----------------------------------------------------------------------------*/
unwrap_aes(BYTE * key,int keylen)483 static int unwrap_aes(BYTE *key, int keylen)
484 {
485 BYTE buf[16];
486 aes_context context;
487 BYTE cv[16];
488 int i;
489
490 obtain_lock(&sysblk.wklock);
491
492 /* Verify verification pattern */
493 if(unlikely(memcmp(&key[keylen], sysblk.wkvpaes_reg, 32)))
494 {
495 release_lock(&sysblk.wklock);
496 return(1);
497 }
498 aes_set_key(&context, sysblk.wkaes_reg, 256);
499 release_lock(&sysblk.wklock);
500 switch(keylen)
501 {
502 case 16:
503 {
504 aes_decrypt(&context, key, key);
505 break;
506 }
507 case 24:
508 {
509 aes_decrypt(&context, &key[8], buf);
510 memcpy(&key[8], &buf[8], 8);
511 memcpy(cv, key, 8);
512 aes_decrypt(&context, key, key);
513 for(i = 0; i < 8; i++)
514 key[i + 16] = buf[i] ^ cv[i];
515 break;
516 }
517 case 32:
518 {
519 memcpy(cv, key, 16);
520 aes_decrypt(&context, key, key);
521 aes_decrypt(&context, &key[16], &key[16]);
522 for(i = 0; i < 16; i++)
523 key[i + 16] ^= cv[i];
524 break;
525 }
526 }
527 return(0);
528 }
529
530 /*----------------------------------------------------------------------------*/
531 /* Unwrap key using dea */
532 /*----------------------------------------------------------------------------*/
unwrap_dea(BYTE * key,int keylen)533 static int unwrap_dea(BYTE *key, int keylen)
534 {
535 BYTE cv[16];
536 des3_context context;
537 int i;
538 int j;
539
540 obtain_lock(&sysblk.wklock);
541
542 /* Verify verification pattern */
543 if(unlikely(memcmp(&key[keylen], sysblk.wkvpdea_reg, 24)))
544 {
545 release_lock(&sysblk.wklock);
546 return(1);
547 }
548 des3_set_3keys(&context, sysblk.wkdea_reg, &sysblk.wkdea_reg[8], &sysblk.wkdea_reg[16]);
549 release_lock(&sysblk.wklock);
550 for(i = 0; i < keylen; i += 8)
551 {
552 /* Save cv */
553 memcpy(cv, &cv[8], 8);
554 memcpy(&cv[8], &key[i], 8);
555
556 des3_decrypt(&context, &key[i], &key[i]);
557 des3_encrypt(&context, &key[i], &key[i]);
558 des3_decrypt(&context, &key[i], &key[i]);
559 if(i)
560 {
561 /* XOR */
562 for(j = 0; j < 8; j++)
563 key[i + j] ^= cv[j];
564 }
565 }
566 return(0);
567 }
568
569 /*----------------------------------------------------------------------------*/
570 /* Wrap key using aes */
571 /*----------------------------------------------------------------------------*/
wrap_aes(BYTE * key,int keylen)572 static void wrap_aes(BYTE *key, int keylen)
573 {
574 BYTE buf[16];
575 aes_context context;
576 BYTE cv[16];
577 int i;
578
579 obtain_lock(&sysblk.wklock);
580 memcpy(&key[keylen], sysblk.wkvpaes_reg, 32);
581 aes_set_key(&context, sysblk.wkaes_reg, 256);
582 release_lock(&sysblk.wklock);
583 switch(keylen)
584 {
585 case 16:
586 {
587 aes_encrypt(&context, key, key);
588 break;
589 }
590 case 24:
591 {
592 aes_encrypt(&context, key, cv);
593 memcpy(buf, &key[16], 8);
594 memset(&buf[8], 0, 8);
595 for(i = 0; i < 16; i++)
596 buf[i] ^= cv[i];
597 aes_encrypt(&context, buf, buf);
598 memcpy(key, cv, 8);
599 memcpy(&key[8], buf, 16);
600 break;
601 }
602 case 32:
603 {
604 aes_encrypt(&context, key, key);
605 for(i = 0; i < 16; i++)
606 key[i + 16] ^= key[i];
607 aes_encrypt(&context, &key[16], &key[16]);
608 break;
609 }
610 }
611 }
612
613 /*----------------------------------------------------------------------------*/
614 /* Wrap key using dea */
615 /*----------------------------------------------------------------------------*/
wrap_dea(BYTE * key,int keylen)616 static void wrap_dea(BYTE *key, int keylen)
617 {
618 des3_context context;
619 int i;
620 int j;
621
622 obtain_lock(&sysblk.wklock);
623 memcpy(&key[keylen], sysblk.wkvpdea_reg, 24);
624 des3_set_3keys(&context, sysblk.wkdea_reg, &sysblk.wkdea_reg[8], &sysblk.wkdea_reg[16]);
625 release_lock(&sysblk.wklock);
626 for(i = 0; i < keylen; i += 8)
627 {
628 if(i)
629 {
630 /* XOR */
631 for(j = 0; j < 8; j++)
632 key[i + j] ^= key[i + j - 8];
633 }
634 des3_encrypt(&context, &key[i], &key[i]);
635 des3_decrypt(&context, &key[i], &key[i]);
636 des3_encrypt(&context, &key[i], &key[i]);
637 }
638 }
639 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_3 */
640
641 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_4
642 /*----------------------------------------------------------------------------*/
643 /* 2^m table with GF multiplication entries 127, 126, 125, ... */
644 /* 2 2^b1 */
645 /* 2*2 2^b10 */
646 /* 2*2*2*2 2^b100 */
647 /* 2*2*2*2*2*2*2*2 2^b1000 */
648 /* ... */
649 /*----------------------------------------------------------------------------*/
650 #if 0
651 #include <stdio.h>
652 #include <string.h>
653
654 /*----------------------------------------------------------------------------*/
655 /* GCM multiplication over GF(2^128) */
656 /*----------------------------------------------------------------------------*/
657 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
658 *
659 * LibTomCrypt is a library that provides various cryptographic
660 * algorithms in a highly modular and flexible manner.
661 *
662 * The library is free for all purposes without any express
663 * guarantee it works.
664 *
665 * Tom St Denis, tomstdenis@..., http://libtomcrypt.org
666 */
667
668 /* Remarks Bernard van der Helm & JW: Strongly adjusted for
669 * Hercules-390. We need the internal functions gcm_gf_mult
670 * and xts_mult_x. The rest of of the code is deleted.
671 *
672 * Thanks Tom!
673 */
674
675 /* Hercules adjustments */
676 #define zeromem(dst, len) memset((dst), 0, (len))
677 #define XMEMCPY memcpy
678
679 /* Original code from gcm_gf_mult.c */
680 /* right shift */
681 static void gcm_rightshift(unsigned char *a)
682 {
683 int x;
684
685 for(x = 15; x > 0; x--)
686 a[x] = (a[x] >> 1) | ((a[x-1] << 7) & 0x80);
687 a[0] >>= 1;
688 }
689
690 /* c = b*a */
691 static const unsigned char mask[] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
692 static const unsigned char poly[] = { 0x00, 0xE1 };
693
694 void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char *c)
695 {
696 unsigned char Z[16], V[16];
697 unsigned char x, y, z;
698
699 zeromem(Z, 16);
700 XMEMCPY(V, a, 16);
701 for (x = 0; x < 128; x++)
702 {
703 if(b[x>>3] & mask[x&7])
704 {
705 for(y = 0; y < 16; y++)
706 Z[y] ^= V[y];
707 }
708 z = V[15] & 0x01;
709 gcm_rightshift(V);
710 V[0] ^= poly[z];
711 }
712 XMEMCPY(c, Z, 16);
713 }
714
715 /* I = 2*I */
716 void xts_mult_x(unsigned char *I)
717 {
718 int x;
719 unsigned char t, tt;
720
721 for (x = t = 0; x < 16; x++) {
722 tt = I[x] >> 7;
723 I[x] = ((I[x] << 1) | t) & 0xFF;
724 t = tt;
725 }
726 if (tt) {
727 I[0] ^= 0x87;
728 }
729 }
730
731 /* c = b*a -- bit swapped call of gcm_gf_mult for use with xts */
732 void xts_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char *c)
733 {
734 unsigned char a_r[16], b_r[16], c_r[16];
735 int i;
736 static const unsigned char BitReverseTable256[] =
737 {
738 0x00, 0x80, 0x40, 0xC0, 0x20, 0xA0, 0x60, 0xE0, 0x10, 0x90, 0x50, 0xD0, 0x30, 0xB0, 0x70, 0xF0,
739 0x08, 0x88, 0x48, 0xC8, 0x28, 0xA8, 0x68, 0xE8, 0x18, 0x98, 0x58, 0xD8, 0x38, 0xB8, 0x78, 0xF8,
740 0x04, 0x84, 0x44, 0xC4, 0x24, 0xA4, 0x64, 0xE4, 0x14, 0x94, 0x54, 0xD4, 0x34, 0xB4, 0x74, 0xF4,
741 0x0C, 0x8C, 0x4C, 0xCC, 0x2C, 0xAC, 0x6C, 0xEC, 0x1C, 0x9C, 0x5C, 0xDC, 0x3C, 0xBC, 0x7C, 0xFC,
742 0x02, 0x82, 0x42, 0xC2, 0x22, 0xA2, 0x62, 0xE2, 0x12, 0x92, 0x52, 0xD2, 0x32, 0xB2, 0x72, 0xF2,
743 0x0A, 0x8A, 0x4A, 0xCA, 0x2A, 0xAA, 0x6A, 0xEA, 0x1A, 0x9A, 0x5A, 0xDA, 0x3A, 0xBA, 0x7A, 0xFA,
744 0x06, 0x86, 0x46, 0xC6, 0x26, 0xA6, 0x66, 0xE6, 0x16, 0x96, 0x56, 0xD6, 0x36, 0xB6, 0x76, 0xF6,
745 0x0E, 0x8E, 0x4E, 0xCE, 0x2E, 0xAE, 0x6E, 0xEE, 0x1E, 0x9E, 0x5E, 0xDE, 0x3E, 0xBE, 0x7E, 0xFE,
746 0x01, 0x81, 0x41, 0xC1, 0x21, 0xA1, 0x61, 0xE1, 0x11, 0x91, 0x51, 0xD1, 0x31, 0xB1, 0x71, 0xF1,
747 0x09, 0x89, 0x49, 0xC9, 0x29, 0xA9, 0x69, 0xE9, 0x19, 0x99, 0x59, 0xD9, 0x39, 0xB9, 0x79, 0xF9,
748 0x05, 0x85, 0x45, 0xC5, 0x25, 0xA5, 0x65, 0xE5, 0x15, 0x95, 0x55, 0xD5, 0x35, 0xB5, 0x75, 0xF5,
749 0x0D, 0x8D, 0x4D, 0xCD, 0x2D, 0xAD, 0x6D, 0xED, 0x1D, 0x9D, 0x5D, 0xDD, 0x3D, 0xBD, 0x7D, 0xFD,
750 0x03, 0x83, 0x43, 0xC3, 0x23, 0xA3, 0x63, 0xE3, 0x13, 0x93, 0x53, 0xD3, 0x33, 0xB3, 0x73, 0xF3,
751 0x0B, 0x8B, 0x4B, 0xCB, 0x2B, 0xAB, 0x6B, 0xEB, 0x1B, 0x9B, 0x5B, 0xDB, 0x3B, 0xBB, 0x7B, 0xFB,
752 0x07, 0x87, 0x47, 0xC7, 0x27, 0xA7, 0x67, 0xE7, 0x17, 0x97, 0x57, 0xD7, 0x37, 0xB7, 0x77, 0xF7,
753 0x0F, 0x8F, 0x4F, 0xCF, 0x2F, 0xAF, 0x6F, 0xEF, 0x1F, 0x9F, 0x5F, 0xDF, 0x3F, 0xBF, 0x7F, 0xFF
754 };
755
756 for (i=0; i<=15; i++)
757 {
758 a_r[i] = BitReverseTable256[a[i]];
759 b_r[i] = BitReverseTable256[b[i]];
760 }
761 gcm_gf_mult(a_r, b_r, c_r);
762 for (i=0; i<=15; i++) c[i] = BitReverseTable256[c_r[i]];
763 }
764
765 void power(unsigned char *a, unsigned int b)
766 {
767 unsigned long long i;
768 for(i=1; i<=b; i++)
769 xts_mult_x(a);
770 }
771
772 #define P(a) { int _i; printf(" { "); for(_i = 0; _i < 16; _i++) { printf("0x%02x", a[_i]); printf((_i < 15 ? ", " : " ")); } printf("},\n"); }
773
774 /*----------------------------------------------------------------------------*/
775 /* Program to generate exp_table */
776 /* Many thanks to Evert Combe */
777 /*----------------------------------------------------------------------------*/
778 int main(void)
779 {
780 unsigned char exp_table[128][16];
781 unsigned char a[16];
782 unsigned long long i;
783
784 zeromem(a, 16);
785 a[0] = 2;
786 for(i = 1; i <= 128 ; i++)
787 {
788 memcpy(exp_table[128 - i], a, 16);
789 xts_gf_mult(a, a, a);
790 }
791 for(i = 0; i < 128; i++)
792 P(exp_table[i]);
793
794 printf("Checking last 32 entries\n");
795 zeromem(a, 16);
796 a[0] = 2;
797 P(a);
798 for(i = 2; i < 0xffffffff; i <<= 1)
799 {
800 zeromem(a, 16);
801 a[0] = 2;
802 power(a, i - 1);
803 P(a);
804 }
805 return(0);
806 }
807 #endif /* #if 0 */
808
809 static BYTE exp_table[128][16] =
810 {
811 { 0xa4, 0x6d, 0xdb, 0xb6, 0x6d, 0xdb, 0xb6, 0x6d, 0x92, 0x24, 0x49, 0x92, 0x24, 0x49, 0x92, 0x24 },
812 { 0x5a, 0x45, 0x51, 0x14, 0x8a, 0xa2, 0x28, 0x8a, 0x61, 0x18, 0x86, 0x61, 0x9a, 0xa6, 0x69, 0x9a },
813 { 0xac, 0xb6, 0xf3, 0x3c, 0x45, 0x51, 0xd7, 0x75, 0xdb, 0xb6, 0xae, 0xeb, 0xfb, 0xbe, 0xae, 0xeb },
814 { 0x92, 0xcf, 0xb6, 0xe7, 0x28, 0x00, 0x49, 0xdb, 0x75, 0x9e, 0x24, 0x08, 0xc3, 0x71, 0x1c, 0xc7 },
815 { 0x98, 0x29, 0xb7, 0x52, 0x3e, 0xd5, 0xac, 0xeb, 0xea, 0x8a, 0x92, 0x86, 0x30, 0x4d, 0xd3, 0x34 },
816 { 0xa5, 0x75, 0x1a, 0xb6, 0x81, 0x7a, 0x63, 0x18, 0x61, 0x6e, 0xa4, 0xe3, 0x78, 0xca, 0xb2, 0x2c },
817 { 0x06, 0x4f, 0x09, 0x28, 0x0e, 0xbb, 0x06, 0x86, 0x41, 0x19, 0xb8, 0x20, 0x9d, 0x18, 0x86, 0x61 },
818 { 0xb9, 0x17, 0xaf, 0x7f, 0xe2, 0xab, 0x24, 0x8a, 0xf9, 0x0d, 0xab, 0x34, 0x69, 0x65, 0x21, 0x08 },
819 { 0xc5, 0x8c, 0x3c, 0x3e, 0x5f, 0xa3, 0x15, 0x60, 0xb5, 0x2a, 0x1c, 0x14, 0xde, 0x41, 0x64, 0xdf },
820 { 0x6c, 0x77, 0x82, 0x2a, 0xce, 0x66, 0x2b, 0xab, 0x33, 0x0f, 0x8b, 0x64, 0x47, 0x00, 0x93, 0x30 },
821 { 0xac, 0x13, 0x6f, 0x36, 0x52, 0x0f, 0xbd, 0xeb, 0x0b, 0xf1, 0xbc, 0xe2, 0x22, 0x9a, 0x6d, 0x9a },
822 { 0x9d, 0x77, 0x37, 0x05, 0x91, 0xaf, 0xa7, 0x77, 0x6e, 0xf4, 0x06, 0x8e, 0x3f, 0xe7, 0xa2, 0xeb },
823 { 0x68, 0xed, 0xcb, 0x5a, 0xc6, 0xa9, 0x2b, 0x02, 0x67, 0xb6, 0x55, 0x67, 0xe4, 0x86, 0x8b, 0x71 },
824 { 0xc1, 0xac, 0xe2, 0x06, 0x2c, 0x14, 0xc3, 0x12, 0xe0, 0xdc, 0x57, 0xfd, 0xc2, 0x66, 0xa7, 0xbe },
825 { 0x52, 0xf7, 0x0e, 0x21, 0x67, 0x69, 0xb6, 0x9c, 0x1e, 0xb5, 0xdb, 0x27, 0x85, 0x8d, 0xf5, 0xaa },
826 { 0xd5, 0x64, 0x57, 0x5f, 0x5b, 0xf8, 0xbd, 0x46, 0xc2, 0x2d, 0x44, 0x17, 0x1b, 0x43, 0x7a, 0xc7 },
827 { 0xca, 0xf4, 0x80, 0xce, 0x40, 0x11, 0x93, 0x8d, 0x08, 0xf9, 0xc4, 0xd8, 0xd7, 0x26, 0x02, 0xef },
828 { 0x62, 0x45, 0xee, 0xbb, 0x2b, 0x44, 0x31, 0xfb, 0x88, 0x5c, 0x92, 0x85, 0x56, 0x7a, 0x0a, 0x39 },
829 { 0x0f, 0x7e, 0xa0, 0x29, 0x58, 0xda, 0xb3, 0x46, 0x6d, 0x1c, 0xff, 0xab, 0x97, 0xa5, 0xd4, 0x0d },
830 { 0x1d, 0x69, 0xf1, 0x7a, 0x67, 0x56, 0xaf, 0xeb, 0x9d, 0x28, 0xeb, 0x4a, 0x04, 0xc7, 0x77, 0xb3 },
831 { 0x00, 0x04, 0x5a, 0xb7, 0xc9, 0x36, 0xef, 0xc3, 0x9f, 0xb8, 0x90, 0xe3, 0x45, 0x95, 0x34, 0x74 },
832 { 0xa3, 0x57, 0x77, 0x72, 0x64, 0xbc, 0xfb, 0x27, 0xb6, 0xe6, 0xf5, 0x58, 0xe1, 0xe7, 0x7f, 0xbf },
833 { 0x53, 0xbe, 0xfd, 0xf9, 0x8f, 0x1b, 0x4b, 0x58, 0xb5, 0xd0, 0x72, 0xbc, 0x18, 0x4c, 0xae, 0xe2 },
834 { 0x26, 0x26, 0x80, 0x72, 0x9e, 0x20, 0xa9, 0xab, 0x39, 0x57, 0xb1, 0x96, 0xc8, 0x3b, 0xfb, 0x18 },
835 { 0x98, 0xde, 0x73, 0x58, 0x44, 0x8c, 0x90, 0x42, 0xbd, 0xf5, 0x2c, 0xc7, 0x90, 0x58, 0xb8, 0xfa },
836 { 0xd8, 0xc1, 0xca, 0x5a, 0x03, 0xee, 0xa7, 0x8d, 0x31, 0x04, 0xa0, 0xb5, 0x53, 0x34, 0x21, 0xc7 },
837 { 0xf1, 0xad, 0x31, 0xd1, 0xff, 0x32, 0xad, 0x5b, 0xec, 0xdc, 0x8f, 0xa1, 0x49, 0x3e, 0x40, 0xa6 },
838 { 0x55, 0x39, 0x50, 0x01, 0xbe, 0x3d, 0xcf, 0xb5, 0xe1, 0x5b, 0xf5, 0xb1, 0x33, 0x1a, 0x62, 0x8b },
839 { 0x7c, 0xc7, 0xb9, 0x38, 0x66, 0xc6, 0x4f, 0xff, 0xd6, 0xb6, 0xba, 0x3e, 0x95, 0x88, 0xf9, 0xa2 },
840 { 0x54, 0x51, 0x2d, 0x6b, 0xf0, 0xc0, 0x52, 0x24, 0xa6, 0xf3, 0x82, 0x8f, 0x75, 0x9c, 0xcc, 0x18 },
841 { 0xa1, 0x82, 0xb8, 0x37, 0x4d, 0x0e, 0xe3, 0x29, 0xdb, 0xf0, 0x13, 0x09, 0x75, 0xea, 0x7b, 0x21 },
842 { 0x7b, 0xdd, 0x20, 0xd6, 0x8e, 0x75, 0xa8, 0xdc, 0xca, 0x98, 0x06, 0x45, 0xc1, 0xdf, 0xe2, 0x40 },
843 { 0x9d, 0x67, 0xea, 0x02, 0xab, 0xdf, 0xaa, 0x3c, 0x32, 0x7d, 0x08, 0x5e, 0xa1, 0x24, 0x31, 0x6c },
844 { 0x55, 0x0c, 0x78, 0x74, 0xe3, 0x86, 0x8e, 0x04, 0x67, 0xfc, 0x78, 0x0c, 0x0d, 0x22, 0x65, 0x9f },
845 { 0xb3, 0x40, 0x1b, 0x97, 0x11, 0x20, 0xc5, 0xf1, 0x4d, 0x64, 0xee, 0x6c, 0x56, 0x04, 0x42, 0x86 },
846 { 0x97, 0xf3, 0xa8, 0x2e, 0x6b, 0x65, 0x43, 0x18, 0x25, 0x82, 0x64, 0x53, 0x40, 0x45, 0xdb, 0xef },
847 { 0x5b, 0x5f, 0xa3, 0xf2, 0x32, 0x06, 0x0e, 0xf5, 0x8a, 0x2a, 0xf6, 0x96, 0x10, 0xb4, 0x6d, 0x38 },
848 { 0xc3, 0x85, 0xf8, 0x69, 0xc8, 0x87, 0x92, 0x87, 0xdd, 0xc3, 0x4b, 0x89, 0x47, 0xa7, 0xad, 0xbb },
849 { 0x44, 0xe5, 0xbd, 0x6a, 0x1a, 0xf9, 0xa6, 0xac, 0x37, 0xd7, 0x7c, 0xca, 0x7c, 0xa0, 0x74, 0x55 },
850 { 0x06, 0x23, 0xf4, 0x6d, 0xab, 0xdf, 0x4f, 0x49, 0xad, 0x63, 0xe0, 0x3a, 0x34, 0xcf, 0xc0, 0x92 },
851 { 0x38, 0xaa, 0x78, 0xfb, 0x3a, 0x81, 0x3c, 0xcd, 0xf4, 0xf3, 0x78, 0x20, 0x67, 0x47, 0x86, 0x7c },
852 { 0x31, 0x96, 0x4e, 0x57, 0x2c, 0xa0, 0xd1, 0x9a, 0x1d, 0xc6, 0xc9, 0xa0, 0x51, 0x64, 0x26, 0x28 },
853 { 0x3b, 0x27, 0x2e, 0xc5, 0x4c, 0x91, 0x00, 0x78, 0xef, 0xb4, 0x1b, 0x78, 0x59, 0x88, 0x64, 0xd6 },
854 { 0xba, 0x5e, 0xda, 0x0d, 0x44, 0x08, 0xed, 0x00, 0x99, 0x5b, 0x80, 0x44, 0xe5, 0x44, 0xa0, 0x59 },
855 { 0xed, 0xe9, 0xdc, 0xbf, 0x06, 0xce, 0xc4, 0xdf, 0x07, 0xb3, 0x4d, 0x6c, 0xb1, 0x25, 0x25, 0x05 },
856 { 0x45, 0xed, 0x44, 0xc4, 0x78, 0xbd, 0x41, 0x84, 0x73, 0x71, 0xa2, 0x15, 0x19, 0xf2, 0xd3, 0x92 },
857 { 0x99, 0xf1, 0x5d, 0xa9, 0xc7, 0x1f, 0x58, 0x13, 0x3b, 0xc9, 0xe0, 0x7f, 0xf6, 0xda, 0x74, 0xca },
858 { 0x7a, 0xe4, 0x1e, 0x81, 0xc2, 0x87, 0x2a, 0x04, 0x77, 0xa9, 0xdc, 0xb4, 0x32, 0xd5, 0xa3, 0x79 },
859 { 0x6e, 0x96, 0x66, 0xfa, 0x3e, 0x40, 0xc3, 0x1e, 0x89, 0x7f, 0xca, 0x49, 0x1f, 0x1a, 0xed, 0xba },
860 { 0xd8, 0x5b, 0xea, 0x61, 0x8f, 0x96, 0xfa, 0xb4, 0x59, 0x8f, 0xdb, 0x07, 0x2a, 0xfa, 0x94, 0xaa },
861 { 0x62, 0xec, 0x3d, 0x2e, 0x00, 0x38, 0x51, 0x23, 0x6a, 0x2c, 0xca, 0xc1, 0x14, 0x03, 0x8f, 0x1c },
862 { 0x3d, 0x5b, 0x3b, 0xb6, 0xe4, 0x1b, 0xcb, 0x00, 0x56, 0xd4, 0xd6, 0x66, 0x44, 0x81, 0xb4, 0xde },
863 { 0x23, 0x22, 0xe5, 0xd1, 0x03, 0x6b, 0x2c, 0x02, 0xb0, 0xc2, 0x6a, 0x48, 0x5b, 0x43, 0x12, 0x5c },
864 { 0xbb, 0x59, 0x37, 0x05, 0x00, 0x84, 0x40, 0xe9, 0xbd, 0x81, 0x9d, 0x02, 0x7c, 0x04, 0x4b, 0xfb },
865 { 0x6e, 0x36, 0xa0, 0xd5, 0x4e, 0x02, 0xf4, 0x92, 0x4c, 0xff, 0x7f, 0x3b, 0x37, 0x03, 0xb6, 0xc6 },
866 { 0x19, 0xc4, 0xd7, 0x7c, 0xdc, 0x4e, 0x10, 0xf9, 0xf4, 0x13, 0x4b, 0xee, 0x1d, 0x0f, 0xfd, 0xca },
867 { 0xec, 0x97, 0xcb, 0x2f, 0xec, 0x39, 0x3c, 0xdd, 0xc9, 0xd7, 0xdc, 0x56, 0x6e, 0x70, 0xf9, 0x31 },
868 { 0x35, 0x9c, 0x95, 0x7a, 0xca, 0x30, 0xbd, 0x44, 0xee, 0x9c, 0xba, 0x7b, 0x11, 0x4a, 0x2d, 0xf7 },
869 { 0x6a, 0x0f, 0x8b, 0x13, 0x3e, 0xc6, 0x55, 0x6f, 0xe9, 0x47, 0x41, 0x6c, 0xcc, 0xf1, 0x4f, 0x74 },
870 { 0x6a, 0x54, 0x97, 0xaf, 0x0b, 0x64, 0x42, 0x2b, 0xf9, 0xfc, 0x10, 0xf0, 0x91, 0x44, 0x88, 0xbf },
871 { 0x94, 0xa4, 0x61, 0x65, 0x14, 0x32, 0xcb, 0x55, 0xff, 0x8e, 0xbf, 0xd4, 0xa8, 0xad, 0x25, 0xe3 },
872 { 0xbc, 0xa3, 0x36, 0x97, 0x7d, 0x65, 0x7f, 0xd4, 0x53, 0xf6, 0x2f, 0xda, 0x31, 0x7e, 0xc5, 0xc2 },
873 { 0x65, 0x2a, 0x7e, 0xd8, 0xc6, 0x92, 0x42, 0x0e, 0xc3, 0xcb, 0x40, 0xed, 0xe6, 0x30, 0x9d, 0x7c },
874 { 0xf6, 0x99, 0xa2, 0x95, 0xa7, 0x98, 0xe5, 0x44, 0xb9, 0x32, 0x58, 0x6b, 0xea, 0x1f, 0x65, 0x61 },
875 { 0xac, 0xf2, 0xa1, 0xa9, 0x37, 0xe1, 0xaa, 0x81, 0x85, 0x81, 0xa1, 0x01, 0x2e, 0x2b, 0x4e, 0xf6 },
876 { 0x4f, 0xe8, 0xd6, 0x92, 0x26, 0xa5, 0x6e, 0xac, 0x75, 0x57, 0x3f, 0x7e, 0x13, 0x6c, 0xd4, 0x3d },
877 { 0x3a, 0xcb, 0xa8, 0x66, 0xf8, 0xf6, 0xde, 0xdd, 0x56, 0x83, 0x89, 0x3b, 0xfd, 0xf0, 0xd6, 0x9e },
878 { 0x44, 0x64, 0xa8, 0x70, 0x98, 0x42, 0x8d, 0xe6, 0xa2, 0x43, 0x3c, 0x7a, 0x82, 0x0e, 0x3e, 0x78 },
879 { 0x96, 0xd9, 0x5a, 0x8b, 0x4f, 0xba, 0x28, 0x67, 0x2d, 0xf7, 0xb5, 0xe7, 0x4a, 0xd4, 0x07, 0x9f },
880 { 0x35, 0x97, 0xdb, 0x77, 0x6f, 0x9e, 0x05, 0x4e, 0xa1, 0x86, 0x8f, 0x42, 0x74, 0xe7, 0xa4, 0x14 },
881 { 0xa8, 0x55, 0x57, 0x73, 0x13, 0x86, 0x22, 0xbb, 0x82, 0x67, 0x14, 0xb0, 0x11, 0x03, 0x74, 0xb7 },
882 { 0x73, 0x19, 0x78, 0xac, 0x75, 0xb0, 0x13, 0xe2, 0x93, 0xbd, 0x34, 0x54, 0x43, 0x52, 0x02, 0x74 },
883 { 0xf7, 0x60, 0xb8, 0x18, 0x3b, 0x51, 0xcf, 0xfb, 0x4d, 0xc4, 0x52, 0x8b, 0xc5, 0x92, 0xfd, 0xf6 },
884 { 0x5f, 0x90, 0x62, 0x93, 0x46, 0x21, 0xa3, 0xab, 0xbe, 0xb3, 0x92, 0xc7, 0xa4, 0x14, 0x58, 0x3c },
885 { 0x23, 0x04, 0xda, 0x58, 0xa4, 0x31, 0xbb, 0xcc, 0x36, 0x34, 0x40, 0xc7, 0x51, 0x83, 0x48, 0x60 },
886 { 0x96, 0x74, 0x4b, 0x9c, 0x11, 0x53, 0x9b, 0x93, 0x6d, 0x68, 0xf7, 0xe8, 0xd2, 0xa6, 0x7d, 0x09 },
887 { 0xdb, 0xe4, 0x08, 0x66, 0xf1, 0x1b, 0xb2, 0xc8, 0xf7, 0x84, 0xb4, 0xee, 0x29, 0x8c, 0x75, 0x4d },
888 { 0xa6, 0x66, 0x8f, 0xbd, 0xc0, 0x34, 0x76, 0x68, 0xe5, 0xbd, 0xb1, 0xe8, 0x5a, 0x8e, 0x32, 0x4d },
889 { 0xc0, 0xe6, 0x1d, 0x42, 0x59, 0x11, 0x7c, 0xb8, 0xf5, 0x8c, 0x2c, 0x44, 0x1e, 0x8c, 0xcf, 0xfb },
890 { 0xfd, 0x81, 0xeb, 0xd9, 0x16, 0x78, 0x1d, 0xfe, 0x18, 0x02, 0x92, 0x72, 0x17, 0xb6, 0x16, 0xe3 },
891 { 0x1e, 0x3b, 0x0b, 0x77, 0x6f, 0x6c, 0x21, 0x66, 0xc8, 0xa1, 0x44, 0x70, 0xd9, 0x67, 0xc2, 0xaf },
892 { 0xaa, 0x5a, 0x67, 0x0b, 0x5b, 0xd1, 0xa3, 0xab, 0x46, 0x99, 0xbb, 0x99, 0x3e, 0x09, 0x0a, 0x71 },
893 { 0x48, 0x11, 0x30, 0x58, 0xba, 0xda, 0x1a, 0x7d, 0x6a, 0x06, 0x5b, 0xc7, 0x5f, 0x85, 0xfb, 0x64 },
894 { 0xec, 0x7e, 0x20, 0x8f, 0x42, 0x3b, 0xbf, 0xd9, 0x49, 0x96, 0xa3, 0xd6, 0xd9, 0x7d, 0x80, 0xd3 },
895 { 0x85, 0x0c, 0x93, 0x58, 0x82, 0x08, 0x85, 0xe3, 0x0e, 0x14, 0xb9, 0x7a, 0x59, 0xa7, 0xd7, 0xee },
896 { 0x99, 0x10, 0xd5, 0x0d, 0x62, 0xd7, 0x7b, 0xe7, 0xb3, 0x4c, 0xb3, 0x75, 0x00, 0x0e, 0xc2, 0xc7 },
897 { 0xa8, 0xea, 0xc9, 0x4c, 0x1c, 0x37, 0x46, 0x50, 0x6c, 0xb3, 0x10, 0xaf, 0x68, 0xbe, 0xdd, 0xa7 },
898 { 0x12, 0xca, 0x6b, 0x11, 0xc6, 0xc9, 0x94, 0x17, 0x8e, 0xde, 0xf4, 0xb6, 0x8b, 0x54, 0x54, 0x18 },
899 { 0x0d, 0xee, 0x14, 0x73, 0x07, 0x9c, 0xe2, 0x2e, 0xa2, 0x92, 0x85, 0xfc, 0x5c, 0xae, 0xfe, 0xdf },
900 { 0xf8, 0xa6, 0x83, 0xe1, 0xa9, 0xad, 0xd3, 0xc1, 0xe2, 0x2f, 0xa0, 0xb8, 0x58, 0x3a, 0xab, 0xea },
901 { 0xde, 0x64, 0xa5, 0x73, 0xf1, 0x62, 0xea, 0xa5, 0xae, 0xac, 0x73, 0x5a, 0x47, 0x1e, 0x62, 0x1c },
902 { 0xa4, 0x17, 0xff, 0x7a, 0x00, 0xaa, 0xbb, 0x09, 0x08, 0xbc, 0xd1, 0xc1, 0xe1, 0x22, 0xb0, 0x20 },
903 { 0x74, 0xdd, 0x90, 0xc1, 0x40, 0xc5, 0x16, 0x70, 0x27, 0x0e, 0x70, 0x4c, 0xe0, 0x37, 0xf5, 0xd3 },
904 { 0x70, 0x7a, 0x8e, 0xdd, 0x44, 0x7b, 0x0a, 0x80, 0x5f, 0x5a, 0x12, 0x09, 0xdd, 0xb2, 0xd1, 0xca },
905 { 0xb2, 0xa7, 0x11, 0x5b, 0xa9, 0x74, 0x0a, 0xde, 0x0f, 0x33, 0xb9, 0x36, 0x22, 0x20, 0xc3, 0xce },
906 { 0x2a, 0x05, 0x95, 0x06, 0xf8, 0x7a, 0x77, 0x21, 0x18, 0xb0, 0xd3, 0x5d, 0x99, 0x0a, 0x2d, 0x78 },
907 { 0xb0, 0x22, 0xde, 0x68, 0x69, 0x9e, 0x60, 0x62, 0x92, 0xfc, 0xf1, 0xd2, 0xe4, 0xde, 0xdc, 0x60 },
908 { 0xc2, 0xf6, 0x38, 0x4f, 0x71, 0x24, 0xb8, 0xfb, 0x67, 0x28, 0xcf, 0x42, 0x73, 0xa7, 0x31, 0xd3 },
909 { 0x19, 0xd3, 0x5a, 0x9d, 0xc7, 0x38, 0x17, 0x89, 0x8a, 0x22, 0x2d, 0xc7, 0xbb, 0x6e, 0xe6, 0xcb },
910 { 0x53, 0x9c, 0x5e, 0x2c, 0xc5, 0xef, 0xb7, 0xa5, 0x82, 0x5f, 0xf3, 0x16, 0x43, 0x34, 0x0e, 0x15 },
911 { 0x29, 0x38, 0xf3, 0xc3, 0x95, 0x69, 0x72, 0x1f, 0x32, 0xf2, 0xc7, 0x53, 0x23, 0xfc, 0xf6, 0x24 },
912 { 0x44, 0xc2, 0x34, 0x76, 0x83, 0xb3, 0xad, 0x5a, 0x0d, 0x35, 0x61, 0x06, 0x3d, 0xd8, 0x3b, 0x2c },
913 { 0x39, 0x4c, 0xcf, 0x7c, 0x68, 0xf5, 0x4b, 0xe9, 0xa6, 0x99, 0x75, 0x95, 0xf6, 0x4b, 0x84, 0xbb },
914 { 0x1d, 0x48, 0x0f, 0x62, 0x6b, 0x93, 0x97, 0x1a, 0x4d, 0x61, 0xad, 0x56, 0x17, 0xa4, 0xf8, 0xc7 },
915 { 0xad, 0x45, 0xde, 0xf9, 0x80, 0x51, 0xd1, 0x38, 0xdf, 0xbd, 0x82, 0x95, 0xf6, 0x91, 0xad, 0x83 },
916 { 0x4d, 0x26, 0xbe, 0xee, 0x87, 0x45, 0xb1, 0x97, 0x93, 0x57, 0xda, 0x9e, 0x57, 0x13, 0xa5, 0x83 },
917 { 0xed, 0x59, 0x06, 0x9c, 0xf0, 0x89, 0x82, 0x21, 0x42, 0x55, 0x93, 0x58, 0x03, 0xa3, 0xb4, 0x11 },
918 { 0xb9, 0x82, 0xfe, 0x65, 0xf8, 0xa6, 0xe1, 0x54, 0xde, 0x5f, 0x5e, 0xd3, 0xff, 0xde, 0xaf, 0x01 },
919 { 0xb4, 0x11, 0xb3, 0x30, 0x2d, 0x35, 0xd0, 0xca, 0x58, 0x65, 0x75, 0xb7, 0x4e, 0x59, 0x15, 0xb7 },
920 { 0x1e, 0xea, 0x04, 0xdf, 0x11, 0x8e, 0x61, 0xea, 0x01, 0x65, 0x2d, 0x31, 0x9b, 0x50, 0x69, 0x8b },
921 { 0x87, 0x79, 0x18, 0x75, 0xc7, 0x92, 0xc6, 0x93, 0xc6, 0x86, 0x14, 0x54, 0xd2, 0x40, 0x01, 0x86 },
922 { 0x70, 0xef, 0x78, 0x69, 0x19, 0xe6, 0x8f, 0x11, 0x61, 0x09, 0x11, 0x11, 0x11, 0x00, 0x01, 0x10 },
923 { 0x40, 0x50, 0x55, 0x50, 0x15, 0x55, 0x05, 0x41, 0x54, 0x44, 0x50, 0x01, 0x04, 0x00, 0x00, 0x00 },
924 { 0xc8, 0xcf, 0xf7, 0x93, 0xae, 0x1c, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
925 { 0x86, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xea, 0xca, 0x21, 0x00, 0x00, 0x00, 0x00, 0x00 },
926 { 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x87, 0x00, 0x00, 0x00 },
927 { 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00 },
928 { 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
929 { 0x11, 0x01, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
930 { 0x15, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
931 { 0x87, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
932 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
933 { 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
934 { 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
935 { 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
936 { 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
937 { 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
938 { 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
939 };
940 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_4 */
941 #endif /* #ifndef __STATIC_FUNCTIONS__ */
942
943 /*----------------------------------------------------------------------------*/
944 /* Needed functions from sha1.c and sha256.c. */
945 /* We do our own counting and padding, we only need the hashing. */
946 /*----------------------------------------------------------------------------*/
947 void sha1_process(sha1_context *ctx, BYTE data[64]);
948 void sha256_process(sha256_context *ctx, BYTE data[64]);
949 void sha512_process(sha512_context *ctx, BYTE data[128]);
950
951 /*----------------------------------------------------------------------------*/
952 /* Compute intermediate message digest (KIMD) FC 1-3 */
953 /*----------------------------------------------------------------------------*/
ARCH_DEP(kimd_sha)954 static void ARCH_DEP(kimd_sha)(int r1, int r2, REGS *regs, int klmd)
955 {
956 sha1_context sha1_ctx;
957
958 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_1
959 sha256_context sha256_ctx;
960 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_1 */
961
962 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_2
963 sha512_context sha512_ctx;
964 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_2 */
965
966 int crypted;
967 int fc;
968 BYTE message_block[128];
969 int message_blocklen = 0;
970 BYTE parameter_block[64];
971 int parameter_blocklen = 0;
972
973 UNREFERENCED(r1);
974
975 /* Initialize values */
976 fc = GR0_fc(regs);
977 switch(fc)
978 {
979 case 1: /* sha-1 */
980 {
981 message_blocklen = 64;
982 parameter_blocklen = 20;
983 break;
984 }
985
986 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_1
987 case 2: /* sha-256 */
988 {
989 message_blocklen = 64;
990 parameter_blocklen = 32;
991 break;
992 }
993 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_1 */
994
995 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_2
996 case 3: /* sha-512 */
997 {
998 message_blocklen = 128;
999 parameter_blocklen = 64;
1000 }
1001 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_2 */
1002
1003 }
1004
1005 /* Check special conditions */
1006 if(unlikely(!klmd && (GR_A(r2 + 1, regs) % message_blocklen)))
1007 ARCH_DEP(program_interrupt)(regs, PGM_SPECIFICATION_EXCEPTION);
1008
1009 /* Return with cc 0 on zero length */
1010 if(unlikely(!GR_A(r2 + 1, regs)))
1011 {
1012 regs->psw.cc = 0;
1013 return;
1014 }
1015
1016 /* Test writeability output chaining value */
1017 ARCH_DEP(validate_operand)(GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, parameter_blocklen - 1, ACCTYPE_WRITE, regs);
1018
1019 /* Fetch the parameter block */
1020 ARCH_DEP(vfetchc)(parameter_block, parameter_blocklen - 1, GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, regs);
1021
1022 #ifdef OPTION_KIMD_DEBUG
1023 if(parameter_blocklen > 32)
1024 {
1025 LOGBYTE2("icv :", parameter_block, 16, parameter_blocklen / 16);
1026 }
1027 else
1028 {
1029 LOGBYTE("icv :", parameter_block, parameter_blocklen);
1030 }
1031 #endif /* #ifdef OPTION_KIMD_DEBUG */
1032
1033 /* Set initial chaining value */
1034 switch(fc)
1035 {
1036 case 1: /* sha-1 */
1037 {
1038 sha1_seticv(&sha1_ctx, parameter_block);
1039 break;
1040 }
1041
1042 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_1
1043 case 2: /* sha-256 */
1044 {
1045 sha256_seticv(&sha256_ctx, parameter_block);
1046 break;
1047 }
1048 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_1 */
1049
1050 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_2
1051 case 3: /* sha-512 */
1052 {
1053 sha512_seticv(&sha512_ctx, parameter_block);
1054 break;
1055 }
1056 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_2 */
1057
1058 }
1059
1060 /* Try to process the CPU-determined amount of data */
1061 for(crypted = 0; crypted < PROCESS_MAX; crypted += message_blocklen)
1062 {
1063 /* Fetch and process a block of data */
1064 ARCH_DEP(vfetchc)(message_block, message_blocklen - 1, GR_A(r2, regs) & ADDRESS_MAXWRAP(regs), r2, regs);
1065
1066 #ifdef OPTION_KIMD_DEBUG
1067 LOGBYTE2("input :", message_block, 16, message_blocklen / 16);
1068 #endif /* #ifdef OPTION_KIMD_DEBUG */
1069
1070 switch(fc)
1071 {
1072 case 1: /* sha-1 */
1073 {
1074 sha1_process(&sha1_ctx, message_block);
1075 sha1_getcv(&sha1_ctx, parameter_block);
1076 break;
1077 }
1078
1079 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_1
1080 case 2: /* sha-256 */
1081 {
1082 sha256_process(&sha256_ctx, message_block);
1083 sha256_getcv(&sha256_ctx, parameter_block);
1084 break;
1085 }
1086 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_1 */
1087
1088 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_2
1089 case 3: /* sha-512 */
1090 {
1091 sha512_process(&sha512_ctx, message_block);
1092 sha512_getcv(&sha512_ctx, parameter_block);
1093 break;
1094 }
1095 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_2 */
1096
1097 }
1098
1099 /* Store the output chaining value */
1100 ARCH_DEP(vstorec)(parameter_block, parameter_blocklen - 1, GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, regs);
1101
1102 #ifdef OPTION_KIMD_DEBUG
1103 if(parameter_blocklen > 32)
1104 {
1105 LOGBYTE2("ocv :", parameter_block, 16, parameter_blocklen / 16);
1106 }
1107 else
1108 {
1109 LOGBYTE("ocv :", parameter_block, parameter_blocklen);
1110 }
1111 #endif /* #ifdef OPTION_KIMD_DEBUG */
1112
1113 /* Update the registers */
1114 SET_GR_A(r2, regs, GR_A(r2, regs) + message_blocklen);
1115 SET_GR_A(r2 + 1, regs, GR_A(r2 + 1, regs) - message_blocklen);
1116
1117 #ifdef OPTION_KIMD_DEBUG
1118 logmsg(" GR%02d : " F_GREG "\n", r2, (regs)->GR(r2));
1119 logmsg(" GR%02d : " F_GREG "\n", r2 + 1, (regs)->GR(r2 + 1));
1120 #endif /* #ifdef OPTION_KIMD_DEBUG */
1121
1122 /* check for end of data */
1123 if(unlikely(GR_A(r2 + 1, regs) < 64))
1124 {
1125 if(unlikely(klmd))
1126 return;
1127 regs->psw.cc = 0;
1128 return;
1129 }
1130 }
1131
1132 /* CPU-determined amount of data processed */
1133 regs->psw.cc = 3;
1134 }
1135
1136 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_4
1137 /*----------------------------------------------------------------------------*/
1138 /* Compute intermediate message digest (KIMD) FC 65 */
1139 /*----------------------------------------------------------------------------*/
ARCH_DEP(kimd_ghash)1140 static void ARCH_DEP(kimd_ghash)(int r1, int r2, REGS *regs)
1141 {
1142 int crypted;
1143 int i;
1144 BYTE message_block[16];
1145 BYTE parameter_block[32];
1146
1147 UNREFERENCED(r1);
1148
1149 /* Check special conditions */
1150 if(unlikely(GR_A(r2 + 1, regs) % 16))
1151 ARCH_DEP(program_interrupt)(regs, PGM_SPECIFICATION_EXCEPTION);
1152
1153 /* Return with cc 0 on zero length */
1154 if(unlikely(!GR_A(r2 + 1, regs)))
1155 {
1156 regs->psw.cc = 0;
1157 return;
1158 }
1159
1160 /* Test writeability output chaining value */
1161 ARCH_DEP(validate_operand)(GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, 15, ACCTYPE_WRITE, regs);
1162
1163 /* Fetch the parameter block */
1164 ARCH_DEP(vfetchc)(parameter_block, 31, GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, regs);
1165
1166 #ifdef OPTION_KIMD_DEBUG
1167 LOGBYTE("icv :", parameter_block, 16);
1168 LOGBYTE("h :", ¶meter_block[16], 16);
1169 #endif /* #ifdef OPTION_KIMD_DEBUG */
1170
1171 /* Try to process the CPU-determined amount of data */
1172 for(crypted = 0; crypted < PROCESS_MAX; crypted += 16)
1173 {
1174 /* Fetch and process a block of data */
1175 ARCH_DEP(vfetchc)(message_block, 15, GR_A(r2, regs) & ADDRESS_MAXWRAP(regs), r2, regs);
1176
1177 #ifdef OPTION_KIMD_DEBUG
1178 LOGBYTE("input :", message_block, 16);
1179 #endif /* #ifdef OPTION_KIMD_DEBUG */
1180
1181 /* XOR and multiply */
1182 for(i = 0; i < 16; i++)
1183 parameter_block[i] ^= message_block[i];
1184 gcm_gf_mult(parameter_block, ¶meter_block[16], parameter_block);
1185
1186 /* Store the output chaining value */
1187 ARCH_DEP(vstorec)(parameter_block, 15, GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, regs);
1188
1189 #ifdef OPTION_KIMD_DEBUG
1190 LOGBYTE("ocv :", parameter_block, 16);
1191 #endif /* #ifdef OPTION_KIMD_DEBUG */
1192
1193 /* Update the registers */
1194 SET_GR_A(r2, regs, GR_A(r2, regs) + 16);
1195 SET_GR_A(r2 + 1, regs, GR_A(r2 + 1, regs) - 16);
1196
1197 #ifdef OPTION_KIMD_DEBUG
1198 logmsg(" GR%02d : " F_GREG "\n", r2, (regs)->GR(r2));
1199 logmsg(" GR%02d : " F_GREG "\n", r2 + 1, (regs)->GR(r2 + 1));
1200 #endif /* #ifdef OPTION_KIMD_DEBUG */
1201
1202 /* check for end of data */
1203 if(unlikely(!GR_A(r2 + 1, regs)))
1204 {
1205 regs->psw.cc = 0;
1206 return;
1207 }
1208 }
1209
1210 /* CPU-determined amount of data processed */
1211 regs->psw.cc = 3;
1212 }
1213 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_4 */
1214
1215 /*----------------------------------------------------------------------------*/
1216 /* Compute last message digest (KLMD) FC 1-3 */
1217 /*----------------------------------------------------------------------------*/
ARCH_DEP(klmd_sha)1218 static void ARCH_DEP(klmd_sha)(int r1, int r2, REGS *regs)
1219 {
1220 sha1_context sha1_ctx;
1221
1222 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_1
1223 sha256_context sha256_ctx;
1224 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_1 */
1225
1226 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_2
1227 sha512_context sha512_ctx;
1228 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_2 */
1229
1230 int fc;
1231 int i;
1232 int mbllen = 0;
1233 BYTE message_block[128];
1234 int message_blocklen = 0;
1235 BYTE parameter_block[80];
1236 int parameter_blocklen = 0;
1237
1238 UNREFERENCED(r1);
1239
1240 /* Initialize values */
1241 fc = GR0_fc(regs);
1242 switch(fc)
1243 {
1244 case 1: /* sha-1 */
1245 {
1246 mbllen = 8;
1247 message_blocklen = 64;
1248 parameter_blocklen = 20;
1249 break;
1250 }
1251
1252 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_1
1253 case 2: /* sha-256 */
1254 {
1255 mbllen = 8;
1256 message_blocklen = 64;
1257 parameter_blocklen = 32;
1258 break;
1259 }
1260 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_1 */
1261
1262 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_2
1263 case 3: /* sha-512 */
1264 {
1265 mbllen = 16;
1266 message_blocklen = 128;
1267 parameter_blocklen = 64;
1268 }
1269 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_2 */
1270
1271 }
1272
1273 /* Process intermediate message blocks */
1274 if(unlikely(GR_A(r2 + 1, regs) >= (unsigned) message_blocklen))
1275 {
1276 ARCH_DEP(kimd_sha)(r1, r2, regs, 1);
1277 if(regs->psw.cc == 3)
1278 return;
1279 }
1280
1281 /* Test writeability output chaining value */
1282 ARCH_DEP(validate_operand)(GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, parameter_blocklen - 1, ACCTYPE_WRITE, regs);
1283
1284 /* Fetch the parameter block */
1285 ARCH_DEP(vfetchc)(parameter_block, parameter_blocklen + mbllen - 1, GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, regs);
1286
1287 #ifdef OPTION_KLMD_DEBUG
1288 if(parameter_blocklen > 32)
1289 {
1290 LOGBYTE2("icv :", parameter_block, 16, parameter_blocklen / 16);
1291 }
1292 else
1293 {
1294 LOGBYTE("icv :", parameter_block, parameter_blocklen);
1295 }
1296 LOGBYTE("mbl :", ¶meter_block[parameter_blocklen], mbllen);
1297 #endif /* #ifdef OPTION_KLMD_DEBUG */
1298
1299 /* Set initial chaining value */
1300 switch(fc)
1301 {
1302 case 1: /* sha-1 */
1303 {
1304 sha1_seticv(&sha1_ctx, parameter_block);
1305 break;
1306 }
1307
1308 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_1
1309 case 2: /* sha-256 */
1310 {
1311 sha256_seticv(&sha256_ctx, parameter_block);
1312 break;
1313 }
1314 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_1 */
1315
1316 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_2
1317 case 3: /* sha-512 */
1318 {
1319 sha512_seticv(&sha512_ctx, parameter_block);
1320 break;
1321 }
1322 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_2 */
1323
1324 }
1325
1326 /* Fetch and process possible last block of data */
1327 if(likely(GR_A(r2 + 1, regs)))
1328 {
1329 ARCH_DEP(vfetchc)(message_block, GR_A(r2 + 1, regs) - 1, GR_A(r2, regs) & ADDRESS_MAXWRAP(regs), r2, regs);
1330
1331 #ifdef OPTION_KLMD_DEBUG
1332 if(GR_A(r2 + 1, regs) > 32)
1333 {
1334 LOGBYTE("input :", message_block, 32);
1335 LOGBYTE(" ", &message_block[32], (int) GR_A(r2 + 1, regs) - 32);
1336 }
1337 else
1338 LOGBYTE("input :", message_block, (int) GR_A(r2 + 1, regs));
1339 #endif /* #ifdef OPTION_KLMD_DEBUG */
1340
1341 }
1342
1343 /* Do the padding */
1344 i = GR_A(r2 + 1, regs);
1345 if(unlikely(i >= (message_blocklen - mbllen)))
1346 {
1347 message_block[i++] = 0x80;
1348 while(i < message_blocklen)
1349 message_block[i++] = 0x00;
1350 switch(fc)
1351 {
1352 case 1: /* sha-1 */
1353 {
1354 sha1_process(&sha1_ctx, message_block);
1355 break;
1356 }
1357
1358 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_1
1359 case 2: /* sha-256 */
1360 {
1361 sha256_process(&sha256_ctx, message_block);
1362 break;
1363 }
1364 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_1 */
1365
1366 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_2
1367 case 3: /* sha-512 */
1368 {
1369 sha512_process(&sha512_ctx, message_block);
1370 break;
1371 }
1372 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_2 */
1373
1374 }
1375 for(i = 0; i < message_blocklen - mbllen; i++)
1376 message_block[i] = 0x00;
1377 }
1378 else
1379 {
1380 message_block[i++] = 0x80;
1381 while(i < message_blocklen - mbllen)
1382 message_block[i++] = 0x00;
1383 }
1384
1385 /* Set the message bit length */
1386 memcpy(&message_block[message_blocklen - mbllen], ¶meter_block[parameter_blocklen], mbllen);
1387
1388 /* Calculate and store the message digest */
1389 switch(fc)
1390 {
1391 case 1: /* sha-1 */
1392 {
1393 sha1_process(&sha1_ctx, message_block);
1394 sha1_getcv(&sha1_ctx, parameter_block);
1395 break;
1396 }
1397
1398 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_1
1399 case 2: /* sha-256 */
1400 {
1401 sha256_process(&sha256_ctx, message_block);
1402 sha256_getcv(&sha256_ctx, parameter_block);
1403 break;
1404 }
1405 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_1 */
1406
1407 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_2
1408 case 3: /* sha-512 */
1409 {
1410 sha512_process(&sha512_ctx, message_block);
1411 sha512_getcv(&sha512_ctx, parameter_block);
1412 break;
1413 }
1414 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_2 */
1415
1416 }
1417 ARCH_DEP(vstorec)(parameter_block, parameter_blocklen - 1, GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, regs);
1418
1419 #ifdef OPTION_KLMD_DEBUG
1420 if(parameter_blocklen > 32)
1421 {
1422 LOGBYTE2("md :", parameter_block, 16, parameter_blocklen / 16);
1423 }
1424 else
1425 {
1426 LOGBYTE("md :", parameter_block, parameter_blocklen);
1427 }
1428 #endif /* #ifdef OPTION_KLMD_DEBUG */
1429
1430 /* Update registers */
1431 SET_GR_A(r2, regs, GR_A(r2, regs) + GR_A(r2 + 1, regs));
1432 SET_GR_A(r2 + 1, regs, 0);
1433
1434 #ifdef OPTION_KLMD_DEBUG
1435 logmsg(" GR%02d : " F_GREG "\n", r2, (regs)->GR(r2));
1436 logmsg(" GR%02d : " F_GREG "\n", r2 + 1, (regs)->GR(r2 + 1));
1437 #endif /* #ifdef OPTION_KLMD_DEBUG */
1438
1439 /* Set condition code */
1440 regs->psw.cc = 0;
1441 }
1442
1443 /*----------------------------------------------------------------------------*/
1444 /* Cipher message (KM) FC 1-3 and 9-11 */
1445 /*----------------------------------------------------------------------------*/
ARCH_DEP(km_dea)1446 static void ARCH_DEP(km_dea)(int r1, int r2, REGS *regs)
1447 {
1448 int crypted;
1449 des_context des_ctx;
1450 des3_context des3_ctx;
1451 int keylen;
1452 BYTE message_block[8];
1453 int modifier_bit;
1454 BYTE parameter_block[48];
1455 int parameter_blocklen;
1456 int r1_is_not_r2;
1457 int tfc;
1458 int wrap;
1459
1460 /* Check special conditions */
1461 if(unlikely(GR_A(r2 + 1, regs) % 8))
1462 ARCH_DEP(program_interrupt)(regs, PGM_SPECIFICATION_EXCEPTION);
1463
1464 /* Return with cc 0 on zero length */
1465 if(unlikely(!GR_A(r2 + 1, regs)))
1466 {
1467 regs->psw.cc = 0;
1468 return;
1469 }
1470
1471 /* Initialize values */
1472 tfc = GR0_tfc(regs);
1473 wrap = GR0_wrap(regs);
1474 keylen = tfc * 8;
1475 parameter_blocklen = keylen;
1476 if(wrap)
1477 parameter_blocklen += 24;
1478
1479 /* Fetch the parameter block */
1480 ARCH_DEP(vfetchc)(parameter_block, parameter_blocklen - 1, GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, regs);
1481
1482 #ifdef OPTION_KM_DEBUG
1483 switch(tfc)
1484 {
1485 case 1: /* dea */
1486 {
1487 LOGBYTE("k :", parameter_block, 8);
1488 break;
1489 }
1490 case 2: /* tdea-128 */
1491 {
1492 LOGBYTE("k1 :", parameter_block, 8);
1493 LOGBYTE("k2 :", ¶meter_block[8], 8);
1494 break;
1495 }
1496 case 3: /* tdea-192 */
1497 {
1498 LOGBYTE("k1 :", parameter_block, 8);
1499 LOGBYTE("k2 :", ¶meter_block[8], 8);
1500 LOGBYTE("k3 :", ¶meter_block[16], 8);
1501 break;
1502 }
1503 }
1504 if(wrap)
1505 LOGBYTE("wkvp :", ¶meter_block[keylen], 24);
1506 #endif /* #ifdef OPTION_KM_DEBUG */
1507
1508 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_3
1509 /* Verify and unwrap */
1510 if(wrap && unwrap_dea(parameter_block, keylen))
1511 {
1512
1513 #ifdef OPTION_KM_DEBUG
1514 logmsg("Wrapping Verification Pattern does not match, return with cc1\n");
1515 #endif /* #ifdef OPTION_KM_DEBUG */
1516
1517 regs->psw.cc = 1;
1518 return;
1519 }
1520 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_3 */
1521
1522 /* Set the cryptographic key */
1523 switch(tfc)
1524 {
1525 case 1: /* dea */
1526 {
1527 des_set_key(&des_ctx, parameter_block);
1528 break;
1529 }
1530 case 2: /* tdea-128 */
1531 {
1532 des3_set_2keys(&des3_ctx, parameter_block, ¶meter_block[8]);
1533 break;
1534 }
1535 case 3: /* tdea-192 */
1536 {
1537 des3_set_3keys(&des3_ctx, parameter_block, ¶meter_block[8], ¶meter_block[16]);
1538 break;
1539 }
1540 }
1541
1542 /* Try to process the CPU-determined amount of data */
1543 modifier_bit = GR0_m(regs);
1544 r1_is_not_r2 = r1 != r2;
1545 for(crypted = 0; crypted < PROCESS_MAX; crypted += 8)
1546 {
1547 /* Fetch a block of data */
1548 ARCH_DEP(vfetchc)(message_block, 7, GR_A(r2, regs) & ADDRESS_MAXWRAP(regs), r2, regs);
1549
1550 #ifdef OPTION_KM_DEBUG
1551 LOGBYTE("input :", message_block, 8);
1552 #endif /* #ifdef OPTION_KM_DEBUG */
1553
1554 /* Do the job */
1555 switch(tfc)
1556 {
1557 case 1: /* dea */
1558 {
1559 if(modifier_bit)
1560 des_decrypt(&des_ctx, message_block, message_block);
1561 else
1562 des_encrypt(&des_ctx, message_block, message_block);
1563 break;
1564 }
1565 case 2: /* tdea-128 */
1566 case 3: /* tdea-192 */
1567 {
1568 if(modifier_bit)
1569 des3_decrypt(&des3_ctx, message_block, message_block);
1570 else
1571 des3_encrypt(&des3_ctx, message_block, message_block);
1572 break;
1573 }
1574 }
1575
1576 /* Store the output */
1577 ARCH_DEP(vstorec)(message_block, 7, GR_A(r1, regs) & ADDRESS_MAXWRAP(regs), r1, regs);
1578
1579 #ifdef OPTION_KM_DEBUG
1580 LOGBYTE("output:", message_block, 8);
1581 #endif /* #ifdef OPTION_KM_DEBUG */
1582
1583 /* Update the registers */
1584 SET_GR_A(r1, regs, GR_A(r1, regs) + 8);
1585 if(likely(r1_is_not_r2))
1586 SET_GR_A(r2, regs, GR_A(r2, regs) + 8);
1587 SET_GR_A(r2 + 1, regs, GR_A(r2 + 1, regs) - 8);
1588
1589 #ifdef OPTION_KM_DEBUG
1590 logmsg(" GR%02d : " F_GREG "\n", r1, (regs)->GR(r1));
1591 logmsg(" GR%02d : " F_GREG "\n", r2, (regs)->GR(r2));
1592 logmsg(" GR%02d : " F_GREG "\n", r2 + 1, (regs)->GR(r2 + 1));
1593 #endif /* #ifdef OPTION_KM_DEBUG */
1594
1595 /* check for end of data */
1596 if(unlikely(!GR_A(r2 + 1, regs)))
1597 {
1598 regs->psw.cc = 0;
1599 return;
1600 }
1601 }
1602
1603 /* CPU-determined amount of data processed */
1604 regs->psw.cc = 3;
1605 }
1606
1607 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_1
1608 /*----------------------------------------------------------------------------*/
1609 /* Cipher message (KM) FC 18-20 and 26-28 */
1610 /*----------------------------------------------------------------------------*/
ARCH_DEP(km_aes)1611 static void ARCH_DEP(km_aes)(int r1, int r2, REGS *regs)
1612 {
1613 aes_context context;
1614 int crypted;
1615 int keylen;
1616 BYTE message_block[16];
1617 int modifier_bit;
1618 BYTE parameter_block[64];
1619 int parameter_blocklen;
1620 int r1_is_not_r2;
1621 int tfc;
1622 int wrap;
1623
1624 /* Check special conditions */
1625 if(unlikely(GR_A(r2 + 1, regs) % 16))
1626 ARCH_DEP(program_interrupt)(regs, PGM_SPECIFICATION_EXCEPTION);
1627
1628 /* Return with cc 0 on zero length */
1629 if(unlikely(!GR_A(r2 + 1, regs)))
1630 {
1631 regs->psw.cc = 0;
1632 return;
1633 }
1634
1635 /* Initialize values */
1636 tfc = GR0_tfc(regs);
1637 wrap = GR0_wrap(regs);
1638 keylen = (tfc - 17) * 8 + 8;
1639 parameter_blocklen = keylen;
1640 if(wrap)
1641 parameter_blocklen += 32;
1642
1643 /* Fetch the parameter block */
1644 ARCH_DEP(vfetchc)(parameter_block, parameter_blocklen - 1, GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, regs);
1645
1646 #ifdef OPTION_KM_DEBUG
1647 LOGBYTE("k :", parameter_block, keylen);
1648 if(wrap)
1649 LOGBYTE("wkvp :", ¶meter_block[keylen], 32);
1650 #endif /* #ifdef OPTION_KM_DEBUG */
1651
1652 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_3
1653 /* Verify and unwrap */
1654 if(wrap && unwrap_aes(parameter_block, keylen))
1655 {
1656
1657 #ifdef OPTION_KM_DEBUG
1658 logmsg("Wrapping Verification Pattern does not match, return with cc1\n");
1659 #endif /* #ifdef OPTION_KM_DEBUG */
1660
1661 regs->psw.cc = 1;
1662 return;
1663 }
1664 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_3 */
1665
1666 /* Set the cryptographic keys */
1667 aes_set_key(&context, parameter_block, keylen * 8);
1668
1669 /* Try to process the CPU-determined amount of data */
1670 modifier_bit = GR0_m(regs);
1671 r1_is_not_r2 = r1 != r2;
1672 for(crypted = 0; crypted < PROCESS_MAX; crypted += 16)
1673 {
1674 /* Fetch a block of data */
1675 ARCH_DEP(vfetchc)(message_block, 15, GR_A(r2, regs) & ADDRESS_MAXWRAP(regs), r2, regs);
1676
1677 #ifdef OPTION_KM_DEBUG
1678 LOGBYTE("input :", message_block, 16);
1679 #endif /* #ifdef OPTION_KM_DEBUG */
1680
1681 /* Do the job */
1682 if(modifier_bit)
1683 aes_decrypt(&context, message_block, message_block);
1684 else
1685 aes_encrypt(&context, message_block, message_block);
1686
1687 /* Store the output */
1688 ARCH_DEP(vstorec)(message_block, 15, GR_A(r1, regs) & ADDRESS_MAXWRAP(regs), r1, regs);
1689
1690 #ifdef OPTION_KM_DEBUG
1691 LOGBYTE("output:", message_block, 16);
1692 #endif /* #ifdef OPTION_KM_DEBUG */
1693
1694 /* Update the registers */
1695 SET_GR_A(r1, regs, GR_A(r1, regs) + 16);
1696 if(likely(r1_is_not_r2))
1697 SET_GR_A(r2, regs, GR_A(r2, regs) + 16);
1698 SET_GR_A(r2 + 1, regs, GR_A(r2 + 1, regs) - 16);
1699
1700 #ifdef OPTION_KM_DEBUG
1701 logmsg(" GR%02d : " F_GREG "\n", r1, (regs)->GR(r1));
1702 logmsg(" GR%02d : " F_GREG "\n", r2, (regs)->GR(r2));
1703 logmsg(" GR%02d : " F_GREG "\n", r2 + 1, (regs)->GR(r2 + 1));
1704 #endif /* #ifdef OPTION_KM_DEBUG */
1705
1706 /* check for end of data */
1707 if(unlikely(!GR_A(r2 + 1, regs)))
1708 {
1709 regs->psw.cc = 0;
1710 return;
1711 }
1712 }
1713
1714 /* CPU-determined amount of data processed */
1715 regs->psw.cc = 3;
1716 }
1717 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_1 */
1718
1719 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_4
1720 /*----------------------------------------------------------------------------*/
1721 /* Cipher message (KM) FC 50, 52, 58 and 60 */
1722 /*----------------------------------------------------------------------------*/
ARCH_DEP(km_xts_aes)1723 static void ARCH_DEP(km_xts_aes)(int r1, int r2, REGS *regs)
1724 {
1725 aes_context context;
1726 int crypted;
1727 int i;
1728 int keylen;
1729 BYTE message_block[16];
1730 int modifier_bit;
1731 BYTE parameter_block[80];
1732 int parameter_blocklen;
1733 int r1_is_not_r2;
1734 int tfc;
1735 int wrap;
1736 BYTE *xts;
1737
1738 /* Check special conditions */
1739 if(unlikely(GR_A(r2 + 1, regs) % 16))
1740 ARCH_DEP(program_interrupt)(regs, PGM_SPECIFICATION_EXCEPTION);
1741
1742 /* Return with cc 0 on zero length */
1743 if(unlikely(!GR_A(r2 + 1, regs)))
1744 {
1745 regs->psw.cc = 0;
1746 return;
1747 }
1748
1749 /* Initialize values */
1750 tfc = GR0_tfc(regs);
1751 wrap = GR0_wrap(regs);
1752 keylen = (tfc - 49) * 8 + 8;
1753 parameter_blocklen = keylen + 16;
1754 if(wrap)
1755 parameter_blocklen += 32;
1756
1757 /* Test writeability output chaining value */
1758 ARCH_DEP(validate_operand)((GR_A(1, regs) + parameter_blocklen - 16) & ADDRESS_MAXWRAP(regs), 1, 15, ACCTYPE_WRITE, regs);
1759
1760 /* Fetch the parameter block */
1761 ARCH_DEP(vfetchc)(parameter_block, parameter_blocklen - 1, GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, regs);
1762 xts = ¶meter_block[parameter_blocklen - 16];
1763
1764 #ifdef OPTION_KM_DEBUG
1765 LOGBYTE("k :", parameter_block, keylen);
1766 if(wrap)
1767 LOGBYTE("wkvp :", ¶meter_block[keylen], 32);
1768 LOGBYTE("xts :", xts, 16);
1769 #endif /* #ifdef OPTION_KM_DEBUG */
1770
1771 /* Verify and unwrap */
1772 if(wrap && unwrap_aes(parameter_block, keylen))
1773 {
1774
1775 #ifdef OPTION_KM_DEBUG
1776 logmsg("Wrapping Verification Pattern does not match, return with cc1\n");
1777 #endif /* #ifdef OPTION_KM_DEBUG */
1778
1779 regs->psw.cc = 1;
1780 return;
1781 }
1782
1783 /* Set the cryptographic keys */
1784 aes_set_key(&context, parameter_block, keylen * 8);
1785
1786 /* Try to process the CPU-determined amount of data */
1787 modifier_bit = GR0_m(regs);
1788 r1_is_not_r2 = r1 != r2;
1789 for(crypted = 0; crypted < PROCESS_MAX; crypted += 16)
1790 {
1791 /* Fetch a block of data */
1792 ARCH_DEP(vfetchc)(message_block, 15, GR_A(r2, regs) & ADDRESS_MAXWRAP(regs), r2, regs);
1793
1794 #ifdef OPTION_KM_DEBUG
1795 LOGBYTE("input :", message_block, 16);
1796 #endif /* #ifdef OPTION_KM_DEBUG */
1797
1798 /* XOR, decrypt/encrypt and XOR again*/
1799 for(i = 0; i < 16; i++)
1800 message_block[i] ^= parameter_block[parameter_blocklen - 16 + i];
1801 if(modifier_bit)
1802 aes_decrypt(&context, message_block, message_block);
1803 else
1804 aes_encrypt(&context, message_block, message_block);
1805 for(i = 0; i < 16; i++)
1806 message_block[i] ^= parameter_block[parameter_blocklen - 16 + i];
1807
1808 /* Calculate output XTS */
1809 xts_mult_x(xts);
1810
1811 /* Store the output and XTS */
1812 ARCH_DEP(vstorec)(message_block, 15, GR_A(r1, regs) & ADDRESS_MAXWRAP(regs), r1, regs);
1813 ARCH_DEP(vstorec)(xts, 15, (GR_A(1, regs) + parameter_blocklen - 16) & ADDRESS_MAXWRAP(regs), 1, regs);
1814
1815 #ifdef OPTION_KM_DEBUG
1816 LOGBYTE("output:", message_block, 16);
1817 LOGBYTE("xts :", xts, 16);
1818 #endif /* #ifdef OPTION_KM_DEBUG */
1819
1820 /* Update the registers */
1821 SET_GR_A(r1, regs, GR_A(r1, regs) + 16);
1822 if(likely(r1_is_not_r2))
1823 SET_GR_A(r2, regs, GR_A(r2, regs) + 16);
1824 SET_GR_A(r2 + 1, regs, GR_A(r2 + 1, regs) - 16);
1825
1826 #ifdef OPTION_KM_DEBUG
1827 logmsg(" GR%02d : " F_GREG "\n", r1, (regs)->GR(r1));
1828 logmsg(" GR%02d : " F_GREG "\n", r2, (regs)->GR(r2));
1829 logmsg(" GR%02d : " F_GREG "\n", r2 + 1, (regs)->GR(r2 + 1));
1830 #endif /* #ifdef OPTION_KM_DEBUG */
1831
1832 /* check for end of data */
1833 if(unlikely(!GR_A(r2 + 1, regs)))
1834 {
1835 regs->psw.cc = 0;
1836 return;
1837 }
1838 }
1839
1840 /* CPU-determined amount of data processed */
1841 regs->psw.cc = 3;
1842 }
1843 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_4 */
1844
1845 /*----------------------------------------------------------------------------*/
1846 /* Compute message authentication code (KMAC) FC 1-3 and 9-11 */
1847 /*----------------------------------------------------------------------------*/
ARCH_DEP(kmac_dea)1848 static void ARCH_DEP(kmac_dea)(int r1, int r2, REGS *regs)
1849 {
1850 des_context context1;
1851 des_context context2;
1852 des_context context3;
1853 int crypted;
1854 int i;
1855 int keylen;
1856 BYTE message_block[8];
1857 BYTE parameter_block[56];
1858 int parameter_blocklen;
1859 int tfc;
1860 int wrap;
1861
1862 UNREFERENCED(r1);
1863
1864 /* Check special conditions */
1865 if(unlikely(GR_A(r2 + 1, regs) % 8))
1866 ARCH_DEP(program_interrupt)(regs, PGM_SPECIFICATION_EXCEPTION);
1867
1868 /* Return with cc 0 on zero length */
1869 if(unlikely(!GR_A(r2 + 1, regs)))
1870 {
1871 regs->psw.cc = 0;
1872 return;
1873 }
1874
1875 /* Initialize values */
1876 tfc = GR0_tfc(regs);
1877 wrap = GR0_wrap(regs);
1878 keylen = tfc * 8;
1879 parameter_blocklen = keylen + 8;
1880 if(wrap)
1881 parameter_blocklen += 24;
1882
1883 /* Test writeability output chaining value */
1884 ARCH_DEP(validate_operand)(GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, 7, ACCTYPE_WRITE, regs);
1885
1886 /* Fetch the parameter block */
1887 ARCH_DEP(vfetchc)(parameter_block, parameter_blocklen - 1, GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, regs);
1888
1889 #ifdef OPTION_KMAC_DEBUG
1890 LOGBYTE("icv :", parameter_block, 8);
1891 switch(tfc)
1892 {
1893 case 1: /* dea */
1894 {
1895 LOGBYTE("k1 :", ¶meter_block[8], 8);
1896 break;
1897 }
1898 case 2: /* tdea-128 */
1899 {
1900 LOGBYTE("k1 :", ¶meter_block[8], 8);
1901 LOGBYTE("k2 :", ¶meter_block[16], 8);
1902 break;
1903 }
1904 case 3: /* tdea-192 */
1905 {
1906 LOGBYTE("k1 :", ¶meter_block[8], 8);
1907 LOGBYTE("k2 :", ¶meter_block[16], 8);
1908 LOGBYTE("k3 :", ¶meter_block[24], 8);
1909 break;
1910 }
1911 }
1912 if(wrap)
1913 LOGBYTE("wkvp :", ¶meter_block[keylen + 8], 24);
1914 #endif /* #ifdef OPTION_KMAC_DEBUG */
1915
1916 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_3
1917 /* Verify and unwrap */
1918 if(wrap && unwrap_dea(¶meter_block[8], keylen))
1919 {
1920
1921 #ifdef OPTION_KM_DEBUG
1922 logmsg("Wrapping Verification Pattern does not match, return with cc1\n");
1923 #endif /* #ifdef OPTION_KM_DEBUG */
1924
1925 regs->psw.cc = 1;
1926 return;
1927 }
1928 #endif /* #ifdef #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_3 */
1929
1930 /* Set the cryptographic key */
1931 switch(tfc)
1932 {
1933 case 1: /* dea */
1934 {
1935 des_set_key(&context1, ¶meter_block[8]);
1936 break;
1937 }
1938 case 2: /* tdea-128 */
1939 {
1940 des_set_key(&context1, ¶meter_block[8]);
1941 des_set_key(&context2, ¶meter_block[16]);
1942 break;
1943 }
1944 case 3: /* tdea-192 */
1945 {
1946 des_set_key(&context1, ¶meter_block[8]);
1947 des_set_key(&context2, ¶meter_block[16]);
1948 des_set_key(&context3, ¶meter_block[24]);
1949 break;
1950 }
1951 }
1952
1953 /* Try to process the CPU-determined amount of data */
1954 for(crypted = 0; crypted < PROCESS_MAX; crypted += 8)
1955 {
1956 /* Fetch a block of data */
1957 ARCH_DEP(vfetchc)(message_block, 7, GR_A(r2, regs) & ADDRESS_MAXWRAP(regs), r2, regs);
1958
1959 #ifdef OPTION_KMAC_DEBUG
1960 LOGBYTE("input :", message_block, 8);
1961 #endif /* #ifdef OPTION_KMAC_DEBUG */
1962
1963 /* XOR the message with chaining value */
1964 for(i = 0; i < 8; i++)
1965 message_block[i] ^= parameter_block[i];
1966
1967 /* Calculate the output chaining value */
1968 switch(tfc)
1969 {
1970 case 1: /* dea */
1971 {
1972 des_encrypt(&context1, message_block, parameter_block);
1973 break;
1974 }
1975 case 2: /* tdea-128 */
1976 {
1977 des_encrypt(&context1, message_block, parameter_block);
1978 des_decrypt(&context2, parameter_block, parameter_block);
1979 des_encrypt(&context1, parameter_block, parameter_block);
1980 break;
1981 }
1982 case 3: /* tdea-192 */
1983 {
1984 des_encrypt(&context1, message_block, parameter_block);
1985 des_decrypt(&context2, parameter_block, parameter_block);
1986 des_encrypt(&context3, parameter_block, parameter_block);
1987 break;
1988 }
1989 }
1990
1991 /* Store the output chaining value */
1992 ARCH_DEP(vstorec)(parameter_block, 7, GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, regs);
1993
1994 #ifdef OPTION_KMAC_DEBUG
1995 LOGBYTE("ocv :", parameter_block, 8);
1996 #endif /* #ifdef OPTION_KMAC_DEBUG */
1997
1998 /* Update the registers */
1999 SET_GR_A(r2, regs, GR_A(r2, regs) + 8);
2000 SET_GR_A(r2 + 1, regs, GR_A(r2 + 1, regs) - 8);
2001
2002 #ifdef OPTION_KMAC_DEBUG
2003 logmsg(" GR%02d : " F_GREG "\n", r2, (regs)->GR(r2));
2004 logmsg(" GR%02d : " F_GREG "\n", r2 + 1, (regs)->GR(r2 + 1));
2005 #endif /* #ifdef OPTION_KMAC_DEBUG */
2006
2007 /* check for end of data */
2008 if(unlikely(!GR_A(r2 + 1, regs)))
2009 {
2010 regs->psw.cc = 0;
2011 return;
2012 }
2013 }
2014
2015 /* CPU-determined amount of data processed */
2016 regs->psw.cc = 3;
2017 }
2018
2019 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_4
2020 /*----------------------------------------------------------------------------*/
2021 /* Compute message authentication code (KMAC) FC 18-20 and 26-28 */
2022 /*----------------------------------------------------------------------------*/
ARCH_DEP(kmac_aes)2023 static void ARCH_DEP(kmac_aes)(int r1, int r2, REGS *regs)
2024 {
2025 aes_context context;
2026 int crypted;
2027 int i;
2028 int keylen;
2029 BYTE message_block[16];
2030 BYTE parameter_block[80];
2031 int parameter_blocklen;
2032 int tfc;
2033 int wrap;
2034
2035 UNREFERENCED(r1);
2036
2037 /* Check special conditions */
2038 if(unlikely(GR_A(r2 + 1, regs) % 16))
2039 ARCH_DEP(program_interrupt)(regs, PGM_SPECIFICATION_EXCEPTION);
2040
2041 /* Return with cc 0 on zero length */
2042 if(unlikely(!GR_A(r2 + 1, regs)))
2043 {
2044 regs->psw.cc = 0;
2045 return;
2046 }
2047
2048 /* Initialize values */
2049 tfc = GR0_tfc(regs);
2050 wrap = GR0_wrap(regs);
2051 keylen = (tfc - 17) * 8 + 8;
2052 parameter_blocklen = keylen + 16;
2053 if(wrap)
2054 parameter_blocklen += 32;
2055
2056 /* Test writeability output chaining value */
2057 ARCH_DEP(validate_operand)(GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, 15, ACCTYPE_WRITE, regs);
2058
2059 /* Fetch the parameter block */
2060 ARCH_DEP(vfetchc)(parameter_block, parameter_blocklen - 1, GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, regs);
2061
2062 #ifdef OPTION_KMAC_DEBUG
2063 LOGBYTE("icv :", parameter_block, 16);
2064 LOGBYTE("k :", ¶meter_block[16], keylen);
2065 if(wrap)
2066 LOGBYTE("wkvp :", ¶meter_block[keylen + 16], 32);
2067 #endif /* #ifdef OPTION_KMAC_DEBUG */
2068
2069 /* Verify and unwrap */
2070 if(wrap && unwrap_aes(¶meter_block[16], keylen))
2071 {
2072
2073 #ifdef OPTION_KMAC_DEBUG
2074 logmsg("Wrapping Verification Pattern does not match, return with cc1\n");
2075 #endif /* #ifdef OPTION_KMAC_DEBUG */
2076
2077 regs->psw.cc = 1;
2078 return;
2079 }
2080
2081 /* Set the cryptographic key */
2082 aes_set_key(&context, ¶meter_block[16], keylen * 8);
2083
2084 /* Try to process the CPU-determined amount of data */
2085 for(crypted = 0; crypted < PROCESS_MAX; crypted += 16)
2086 {
2087 /* Fetch a block of data */
2088 ARCH_DEP(vfetchc)(message_block, 15, GR_A(r2, regs) & ADDRESS_MAXWRAP(regs), r2, regs);
2089
2090 #ifdef OPTION_KMAC_DEBUG
2091 LOGBYTE("input :", message_block, 16);
2092 #endif /* #ifdef OPTION_KMAC_DEBUG */
2093
2094 /* XOR the message with chaining value */
2095 for(i = 0; i < 16; i++)
2096 message_block[i] ^= parameter_block[i];
2097
2098 /* Calculate the output chaining value */
2099 aes_encrypt(&context, message_block, parameter_block);
2100
2101 /* Store the output chaining value */
2102 ARCH_DEP(vstorec)(parameter_block, 15, GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, regs);
2103
2104 #ifdef OPTION_KMAC_DEBUG
2105 LOGBYTE("ocv :", parameter_block, 16);
2106 #endif /* #ifdef OPTION_KMAC_DEBUG */
2107
2108 /* Update the registers */
2109 SET_GR_A(r2, regs, GR_A(r2, regs) + 16);
2110 SET_GR_A(r2 + 1, regs, GR_A(r2 + 1, regs) - 16);
2111
2112 #ifdef OPTION_KMAC_DEBUG
2113 logmsg(" GR%02d : " F_GREG "\n", r2, (regs)->GR(r2));
2114 logmsg(" GR%02d : " F_GREG "\n", r2 + 1, (regs)->GR(r2 + 1));
2115 #endif /* #ifdef OPTION_KMAC_DEBUG */
2116
2117 /* check for end of data */
2118 if(unlikely(!GR_A(r2 + 1, regs)))
2119 {
2120 regs->psw.cc = 0;
2121 return;
2122 }
2123 }
2124
2125 /* CPU-determined amount of data processed */
2126 regs->psw.cc = 3;
2127 }
2128 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_4 */
2129
2130 /*----------------------------------------------------------------------------*/
2131 /* Cipher message with chaining (KMC) FC 1-3 and 9-11 */
2132 /*----------------------------------------------------------------------------*/
ARCH_DEP(kmc_dea)2133 static void ARCH_DEP(kmc_dea)(int r1, int r2, REGS *regs)
2134 {
2135 des_context context1;
2136 des_context context2;
2137 des_context context3;
2138 int crypted;
2139 int i;
2140 int keylen;
2141 BYTE message_block[8];
2142 int modifier_bit;
2143 BYTE ocv[8];
2144 BYTE parameter_block[56];
2145 int parameter_blocklen;
2146 int r1_is_not_r2;
2147 int tfc;
2148 int wrap;
2149
2150 /* Check special conditions */
2151 if(unlikely(GR_A(r2 + 1, regs) % 8))
2152 ARCH_DEP(program_interrupt)(regs, PGM_SPECIFICATION_EXCEPTION);
2153
2154 /* Return with cc 0 on zero length */
2155 if(unlikely(!GR_A(r2 + 1, regs)))
2156 {
2157 regs->psw.cc = 0;
2158 return;
2159 }
2160
2161 /* Initialize values */
2162 tfc = GR0_tfc(regs);
2163 wrap = GR0_wrap(regs);
2164 keylen = tfc * 8;
2165 parameter_blocklen = keylen + 8;
2166 if(wrap)
2167 parameter_blocklen += 24;
2168
2169 /* Test writeability output chaining value */
2170 ARCH_DEP(validate_operand)(GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, 7, ACCTYPE_WRITE, regs);
2171
2172 /* Fetch the parameter block */
2173 ARCH_DEP(vfetchc)(parameter_block, parameter_blocklen - 1, GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, regs);
2174
2175 #ifdef OPTION_KMC_DEBUG
2176 LOGBYTE("icv :", parameter_block, 8);
2177 switch(tfc)
2178 {
2179 case 1: /* dea */
2180 {
2181 LOGBYTE("k :", ¶meter_block[8], 8);
2182 break;
2183 }
2184 case 2: /* tdea-128 */
2185 {
2186 LOGBYTE("k1 :", ¶meter_block[8], 8);
2187 LOGBYTE("k2 :", ¶meter_block[16], 8);
2188 break;
2189 }
2190 case 3: /* tdea-192 */
2191 {
2192 LOGBYTE("k1 :", ¶meter_block[8], 8);
2193 LOGBYTE("k2 :", ¶meter_block[16], 8);
2194 LOGBYTE("k3 :", ¶meter_block[24], 8);
2195 break;
2196 }
2197 }
2198 if(wrap)
2199 LOGBYTE("wkvp :", ¶meter_block[keylen + 8], 24);
2200 #endif /* #ifdef OPTION_KMC_DEBUG */
2201
2202 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_3
2203 /* Verify and unwrap */
2204 if(wrap && unwrap_dea(¶meter_block[8], keylen))
2205 {
2206
2207 #ifdef OPTION_KMC_DEBUG
2208 logmsg("Wrapping Verification Pattern does not match, return with cc1\n");
2209 #endif /* #ifdef OPTION_KMC_DEBUG */
2210
2211 regs->psw.cc = 1;
2212 return;
2213 }
2214 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_3 */
2215
2216 /* Set the cryptographic key */
2217 switch(tfc)
2218 {
2219 case 1: /* dea */
2220 {
2221 des_set_key(&context1, ¶meter_block[8]);
2222 break;
2223 }
2224 case 2: /* tdea-128 */
2225 {
2226 des_set_key(&context1, ¶meter_block[8]);
2227 des_set_key(&context2, ¶meter_block[16]);
2228 break;
2229 }
2230 case 3: /* tdea-192 */
2231 {
2232 des_set_key(&context1, ¶meter_block[8]);
2233 des_set_key(&context2, ¶meter_block[16]);
2234 des_set_key(&context3, ¶meter_block[24]);
2235 break;
2236 }
2237 }
2238
2239 /* Try to process the CPU-determined amount of data */
2240 modifier_bit = GR0_m(regs);
2241 r1_is_not_r2 = r1 != r2;
2242 for(crypted = 0; crypted < PROCESS_MAX; crypted += 8)
2243 {
2244 /* Fetch a block of data */
2245 ARCH_DEP(vfetchc)(message_block, 7, GR_A(r2, regs) & ADDRESS_MAXWRAP(regs), r2, regs);
2246
2247 #ifdef OPTION_KMC_DEBUG
2248 LOGBYTE("input :", message_block, 8);
2249 #endif /* #ifdef OPTION_KMC_DEBUG */
2250
2251 /* Do the job */
2252 switch(tfc)
2253 {
2254 case 1: /* dea */
2255 {
2256 if(modifier_bit)
2257 {
2258 /* Save, decrypt and XOR */
2259 memcpy(ocv, message_block, 8);
2260 des_decrypt(&context1, message_block, message_block);
2261 for(i = 0; i < 8; i++)
2262 message_block[i] ^= parameter_block[i];
2263 }
2264 else
2265 {
2266 /* XOR, encrypt and save */
2267 for(i = 0; i < 8; i++)
2268 message_block[i] ^= parameter_block[i];
2269 des_encrypt(&context1, message_block, message_block);
2270 memcpy(ocv, message_block, 8);
2271 }
2272 break;
2273 }
2274 case 2: /* tdea-128 */
2275 {
2276 if(modifier_bit)
2277 {
2278 /* Save, decrypt and XOR */
2279 memcpy(ocv, message_block, 8);
2280 des_decrypt(&context1, message_block, message_block);
2281 des_encrypt(&context2, message_block, message_block);
2282 des_decrypt(&context1, message_block, message_block);
2283 for(i = 0; i < 8; i++)
2284 message_block[i] ^= parameter_block[i];
2285 }
2286 else
2287 {
2288 /* XOR, encrypt and save */
2289 for(i = 0 ; i < 8; i++)
2290 message_block[i] ^= parameter_block[i];
2291 des_encrypt(&context1, message_block, message_block);
2292 des_decrypt(&context2, message_block, message_block);
2293 des_encrypt(&context1, message_block, message_block);
2294 memcpy(ocv, message_block, 8);
2295 }
2296 break;
2297 }
2298 case 3: /* tdea-192 */
2299 {
2300 if(modifier_bit)
2301 {
2302 /* Save, decrypt and XOR */
2303 memcpy(ocv, message_block, 8);
2304 des_decrypt(&context3, message_block, message_block);
2305 des_encrypt(&context2, message_block, message_block);
2306 des_decrypt(&context1, message_block, message_block);
2307 for(i = 0; i < 8; i++)
2308 message_block[i] ^= parameter_block[i];
2309 }
2310 else
2311 {
2312 /* XOR, encrypt and save */
2313 for(i = 0; i < 8; i++)
2314 message_block[i] ^= parameter_block[i];
2315 des_encrypt(&context1, message_block, message_block);
2316 des_decrypt(&context2, message_block, message_block);
2317 des_encrypt(&context3, message_block, message_block);
2318 memcpy(ocv, message_block, 8);
2319 }
2320 break;
2321 }
2322 }
2323
2324 /* Store the output */
2325 ARCH_DEP(vstorec)(message_block, 7, GR_A(r1, regs) & ADDRESS_MAXWRAP(regs), r1, regs);
2326
2327 #ifdef OPTION_KMC_DEBUG
2328 LOGBYTE("output:", message_block, 8);
2329 #endif /* #ifdef OPTION_KMC_DEBUG */
2330
2331 /* Store the output chaining value */
2332 ARCH_DEP(vstorec)(ocv, 7, GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, regs);
2333
2334 #ifdef OPTION_KMC_DEBUG
2335 LOGBYTE("ocv :", ocv, 8);
2336 #endif /* #ifdef OPTION_KMC_DEBUG */
2337
2338 /* Update the registers */
2339 SET_GR_A(r1, regs, GR_A(r1, regs) + 8);
2340 if(likely(r1_is_not_r2))
2341 SET_GR_A(r2, regs, GR_A(r2, regs) + 8);
2342 SET_GR_A(r2 + 1, regs, GR_A(r2 + 1, regs) - 8);
2343
2344 #ifdef OPTION_KMC_DEBUG
2345 logmsg(" GR%02d : " F_GREG "\n", r1, (regs)->GR(r1));
2346 logmsg(" GR%02d : " F_GREG "\n", r2, (regs)->GR(r2));
2347 logmsg(" GR%02d : " F_GREG "\n", r2 + 1, (regs)->GR(r2 + 1));
2348 #endif /* #ifdef OPTION_KMC_DEBUG */
2349
2350 /* check for end of data */
2351 if(unlikely(!GR_A(r2 + 1, regs)))
2352 {
2353 regs->psw.cc = 0;
2354 return;
2355 }
2356
2357 /* Set cv for next 8 bytes */
2358 memcpy(parameter_block, ocv, 8);
2359 }
2360
2361 /* CPU-determined amount of data processed */
2362 regs->psw.cc = 3;
2363 }
2364
2365 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_1
2366 /*----------------------------------------------------------------------------*/
2367 /* Cipher message with chaining (KMC) FC 18-20 and 26-28 */
2368 /*----------------------------------------------------------------------------*/
ARCH_DEP(kmc_aes)2369 static void ARCH_DEP(kmc_aes)(int r1, int r2, REGS *regs)
2370 {
2371 aes_context context;
2372 int crypted;
2373 int i;
2374 int keylen;
2375 BYTE message_block[16];
2376 int modifier_bit;
2377 BYTE ocv[16];
2378 BYTE parameter_block[80];
2379 int parameter_blocklen;
2380 int r1_is_not_r2;
2381 int tfc;
2382 int wrap;
2383
2384 /* Check special conditions */
2385 if(unlikely(GR_A(r2 + 1, regs) % 16))
2386 ARCH_DEP(program_interrupt)(regs, PGM_SPECIFICATION_EXCEPTION);
2387
2388 /* Return with cc 0 on zero length */
2389 if(unlikely(!GR_A(r2 + 1, regs)))
2390 {
2391 regs->psw.cc = 0;
2392 return;
2393 }
2394
2395 /* Initialize values */
2396 tfc = GR0_tfc(regs);
2397 wrap = GR0_wrap(regs);
2398 keylen = (tfc - 17) * 8 + 8;
2399 parameter_blocklen = keylen + 16;
2400 if(wrap)
2401 parameter_blocklen += 32;
2402
2403 /* Test writeability output chaining value */
2404 ARCH_DEP(validate_operand)(GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, 15, ACCTYPE_WRITE, regs);
2405
2406 /* Fetch the parameter block */
2407 ARCH_DEP(vfetchc)(parameter_block, parameter_blocklen - 1, GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, regs);
2408
2409 #ifdef OPTION_KMC_DEBUG
2410 LOGBYTE("icv :", parameter_block, 16);
2411 LOGBYTE("k :", ¶meter_block[16], keylen);
2412 if(wrap)
2413 LOGBYTE("wkvp :", ¶meter_block[keylen + 16], 32);
2414 #endif /* #ifdef OPTION_KMC_DEBUG */
2415
2416 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_3
2417 /* Verify and unwrap */
2418 if(wrap && unwrap_aes(¶meter_block[16], keylen))
2419 {
2420
2421 #ifdef OPTION_KM_DEBUG
2422 logmsg("Wrapping Verification Pattern does not match, return with cc1\n");
2423 #endif /* #ifdef OPTION_KMC_DEBUG */
2424
2425 regs->psw.cc = 1;
2426 return;
2427 }
2428 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_3 */
2429
2430 /* Set the cryptographic key */
2431 aes_set_key(&context, ¶meter_block[16], keylen * 8);
2432
2433 /* Try to process the CPU-determined amount of data */
2434 modifier_bit = GR0_m(regs);
2435 r1_is_not_r2 = r1 != r2;
2436 for(crypted = 0; crypted < PROCESS_MAX; crypted += 16)
2437 {
2438 /* Fetch a block of data */
2439 ARCH_DEP(vfetchc)(message_block, 15, GR_A(r2, regs) & ADDRESS_MAXWRAP(regs), r2, regs);
2440
2441 #ifdef OPTION_KMC_DEBUG
2442 LOGBYTE("input :", message_block, 16);
2443 #endif /* #ifdef OPTION_KMC_DEBUG */
2444
2445 /* Do the job */
2446 if(modifier_bit)
2447 {
2448
2449 /* Save, decrypt and XOR */
2450 memcpy(ocv, message_block, 16);
2451 aes_decrypt(&context, message_block, message_block);
2452 for(i = 0; i < 16; i++)
2453 message_block[i] ^= parameter_block[i];
2454 }
2455 else
2456 {
2457 /* XOR, encrypt and save */
2458 for(i = 0; i < 16; i++)
2459 message_block[i] ^= parameter_block[i];
2460 aes_encrypt(&context, message_block, message_block);
2461 memcpy(ocv, message_block, 16);
2462 }
2463
2464 /* Store the output */
2465 ARCH_DEP(vstorec)(message_block, 15, GR_A(r1, regs) & ADDRESS_MAXWRAP(regs), r1, regs);
2466
2467 #ifdef OPTION_KMC_DEBUG
2468 LOGBYTE("output:", message_block, 16);
2469 #endif /* #ifdef OPTION_KMC_DEBUG */
2470
2471 /* Store the output chaining value */
2472 ARCH_DEP(vstorec)(ocv, 15, GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, regs);
2473
2474 #ifdef OPTION_KMC_DEBUG
2475 LOGBYTE("ocv :", ocv, 16);
2476 #endif /* #ifdef OPTION_KMC_DEBUG */
2477
2478 /* Update the registers */
2479 SET_GR_A(r1, regs, GR_A(r1, regs) + 16);
2480 if(likely(r1_is_not_r2))
2481 SET_GR_A(r2, regs, GR_A(r2, regs) + 16);
2482 SET_GR_A(r2 + 1, regs, GR_A(r2 + 1, regs) - 16);
2483
2484 #ifdef OPTION_KMC_DEBUG
2485 logmsg(" GR%02d : " F_GREG "\n", r1, (regs)->GR(r1));
2486 logmsg(" GR%02d : " F_GREG "\n", r2, (regs)->GR(r2));
2487 logmsg(" GR%02d : " F_GREG "\n", r2 + 1, (regs)->GR(r2 + 1));
2488 #endif /* #ifdef OPTION_KMC_DEBUG */
2489
2490 /* check for end of data */
2491 if(unlikely(!GR_A(r2 + 1, regs)))
2492 {
2493 regs->psw.cc = 0;
2494 return;
2495 }
2496
2497 /* Set cv for next 16 bytes */
2498 memcpy(parameter_block, ocv, 16);
2499 }
2500
2501 /* CPU-determined amount of data processed */
2502 regs->psw.cc = 3;
2503 }
2504 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_1 */
2505
2506 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_1
2507 /*----------------------------------------------------------------------------*/
2508 /* Cipher message with chaining (KMC) FC 67 */
2509 /*----------------------------------------------------------------------------*/
ARCH_DEP(kmc_prng)2510 static void ARCH_DEP(kmc_prng)(int r1, int r2, REGS *regs)
2511 {
2512 des_context context1;
2513 des_context context2;
2514 des_context context3;
2515 int i;
2516 int crypted;
2517 BYTE message_block[8];
2518 BYTE parameter_block[32];
2519 BYTE ocv[8];
2520 BYTE tcv[8];
2521 int r1_is_not_r2;
2522
2523 /* Check special conditions */
2524 if(unlikely(GR_A(r2 + 1, regs) % 8))
2525 ARCH_DEP(program_interrupt)(regs, PGM_SPECIFICATION_EXCEPTION);
2526
2527 /* Return with cc 0 on zero length */
2528 if(unlikely(!GR_A(r2 + 1, regs)))
2529 {
2530 regs->psw.cc = 0;
2531 return;
2532 }
2533
2534 /* Test writeability output chaining value */
2535 ARCH_DEP(validate_operand)(GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, 7, ACCTYPE_WRITE, regs);
2536
2537 /* Fetch the parameter block */
2538 ARCH_DEP(vfetchc)(parameter_block, 31, GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, regs);
2539
2540 #ifdef OPTION_KMC_DEBUG
2541 LOGBYTE("icv :", parameter_block, 8);
2542 LOGBYTE("k1 :", ¶meter_block[8], 8);
2543 LOGBYTE("k2 :", ¶meter_block[16], 8);
2544 LOGBYTE("k3 :", ¶meter_block[24], 8);
2545 #endif /* #ifdef OPTION_KMC_DEBUG */
2546
2547 /* Set the cryptographic keys */
2548 des_set_key(&context1, ¶meter_block[8]);
2549 des_set_key(&context2, ¶meter_block[16]);
2550 des_set_key(&context3, ¶meter_block[24]);
2551
2552 /* Try to process the CPU-determined amount of data */
2553 r1_is_not_r2 = r1 != r2;
2554 for(crypted = 0; crypted < PROCESS_MAX; crypted += 8)
2555 {
2556 /* Fetch a block of data */
2557 ARCH_DEP(vfetchc)(message_block, 7, GR_A(r2, regs) & ADDRESS_MAXWRAP(regs), r2, regs);
2558
2559 #ifdef OPTION_KMC_DEBUG
2560 LOGBYTE("input :", message_block, 8);
2561 #endif /* #ifdef OPTION_KMC_DEBUG */
2562
2563 /* Do the job */
2564 des_encrypt(&context1, message_block, message_block);
2565 des_decrypt(&context2, message_block, message_block);
2566 des_encrypt(&context3, message_block, message_block);
2567
2568 /* Save the temporary cv */
2569 memcpy(tcv, message_block, 8);
2570
2571 /* XOR */
2572 for(i = 0; i < 8; i++)
2573 message_block[i] ^= parameter_block[i];
2574
2575 des_encrypt(&context1, message_block, message_block);
2576 des_decrypt(&context2, message_block, message_block);
2577 des_encrypt(&context3, message_block, message_block);
2578
2579 /* Store the output */
2580 ARCH_DEP(vstorec)(message_block, 7, GR_A(r1, regs) & ADDRESS_MAXWRAP(regs), r1, regs);
2581
2582 #ifdef OPTION_KMC_DEBUG
2583 LOGBYTE("output:", message_block, 8);
2584 #endif /* #ifdef OPTION_KMC_DEBUG */
2585
2586 /* XOR */
2587 for(i = 0; i < 8; i++)
2588 message_block[i] ^= tcv[i];
2589
2590 des_encrypt(&context1, message_block, message_block);
2591 des_decrypt(&context2, message_block, message_block);
2592 des_encrypt(&context3, message_block, message_block);
2593
2594 /* Save the ocv */
2595 memcpy(ocv, message_block, 8);
2596
2597 /* Store the output chaining value */
2598 ARCH_DEP(vstorec)(ocv, 7, GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, regs);
2599
2600 #ifdef OPTION_KMC_DEBUG
2601 LOGBYTE("ocv :", ocv, 8);
2602 #endif /* #ifdef OPTION_KMC_DEBUG */
2603
2604 /* Update the registers */
2605 SET_GR_A(r1, regs, GR_A(r1, regs) + 8);
2606 if(likely(r1_is_not_r2))
2607 SET_GR_A(r2, regs, GR_A(r2, regs) + 8);
2608 SET_GR_A(r2 + 1, regs, GR_A(r2 + 1, regs) - 8);
2609
2610 #ifdef OPTION_KMC_DEBUG
2611 logmsg(" GR%02d : " F_GREG "\n", r1, (regs)->GR(r1));
2612 logmsg(" GR%02d : " F_GREG "\n", r2, (regs)->GR(r2));
2613 logmsg(" GR%02d : " F_GREG "\n", r2 + 1, (regs)->GR(r2 + 1));
2614 #endif /* #ifdef OPTION_KMC_DEBUG */
2615
2616 /* check for end of data */
2617 if(unlikely(!GR_A(r2 + 1, regs)))
2618 {
2619 regs->psw.cc = 0;
2620 return;
2621 }
2622
2623 /* Set cv for next 8 bytes */
2624 memcpy(parameter_block, ocv, 8);
2625 }
2626
2627 /* CPU-determined amount of data processed */
2628 regs->psw.cc = 3;
2629 }
2630 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_1 */
2631
2632 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_4
2633 /*----------------------------------------------------------------------------*/
2634 /* Cipher message with counter (KMCTR) FC 1-3 and 9-11 */
2635 /*----------------------------------------------------------------------------*/
ARCH_DEP(kmctr_dea)2636 static void ARCH_DEP(kmctr_dea)(int r1, int r2, int r3, REGS *regs)
2637 {
2638 des_context context1;
2639 des_context context2;
2640 des_context context3;
2641 BYTE countervalue_block[8];
2642 int crypted;
2643 int i;
2644 int keylen;
2645 BYTE message_block[8];
2646 BYTE parameter_block[48];
2647 int parameter_blocklen;
2648 int r1_is_not_r2;
2649 int r1_is_not_r3;
2650 int r2_is_not_r3;
2651 int tfc;
2652 int wrap;
2653
2654 /* Check special conditions */
2655 if(unlikely(GR_A(r2 + 1, regs) % 8))
2656 ARCH_DEP(program_interrupt)(regs, PGM_SPECIFICATION_EXCEPTION);
2657
2658 /* Return with cc 0 on zero length */
2659 if(unlikely(!GR_A(r2 + 1, regs)))
2660 {
2661 regs->psw.cc = 0;
2662 return;
2663 }
2664
2665 /* Initialize values */
2666 tfc = GR0_tfc(regs);
2667 wrap = GR0_wrap(regs);
2668 keylen = tfc * 8;
2669 parameter_blocklen = keylen;
2670 if(wrap)
2671 parameter_blocklen += 24;
2672
2673 /* Fetch the parameter block */
2674 ARCH_DEP(vfetchc)(parameter_block, parameter_blocklen - 1, GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, regs);
2675
2676 #ifdef OPTION_KMCTR_DEBUG
2677 switch(tfc)
2678 {
2679 case 1: /* dea */
2680 {
2681 LOGBYTE("k :", parameter_block, 8);
2682 break;
2683 }
2684 case 2: /* tdea-128 */
2685 {
2686 LOGBYTE("k1 :", parameter_block, 8);
2687 LOGBYTE("k2 :", ¶meter_block[8], 8);
2688 break;
2689 }
2690 case 3: /* tdea-192 */
2691 {
2692 LOGBYTE("k1 :", parameter_block, 8);
2693 LOGBYTE("k2 :", ¶meter_block[8], 8);
2694 LOGBYTE("k3 :", ¶meter_block[16], 8);
2695 break;
2696 }
2697 }
2698 if(wrap)
2699 LOGBYTE("wkvp :", ¶meter_block[parameter_blocklen - 24], 24);
2700 #endif /* #ifdef OPTION_KMCTR_DEBUG */
2701
2702 /* Verify and unwrap */
2703 if(wrap && unwrap_dea(parameter_block, keylen))
2704 {
2705
2706 #ifdef OPTION_KMCTR_DEBUG
2707 logmsg("Wrapping Verification Pattern does not match, return with cc1\n");
2708 #endif /* #ifdef OPTION_KMCTR_DEBUG */
2709
2710 regs->psw.cc = 1;
2711 return;
2712 }
2713
2714 /* Set the cryptographic key */
2715 switch(tfc)
2716 {
2717 case 1: /* dea */
2718 {
2719 des_set_key(&context1, parameter_block);
2720 break;
2721 }
2722 case 2: /* tdea-128 */
2723 {
2724 des_set_key(&context1, parameter_block);
2725 des_set_key(&context2, ¶meter_block[8]);
2726 break;
2727 }
2728 case 3: /* tdea-192 */
2729 {
2730 des_set_key(&context1, parameter_block);
2731 des_set_key(&context2, ¶meter_block[8]);
2732 des_set_key(&context3, ¶meter_block[16]);
2733 break;
2734 }
2735 }
2736
2737 /* Try to process the CPU-determined amount of data */
2738 r1_is_not_r2 = r1 != r2;
2739 r1_is_not_r3 = r1 != r3;
2740 r2_is_not_r3 = r2 != r3;
2741 for(crypted = 0; crypted < PROCESS_MAX; crypted += 8)
2742 {
2743 /* Fetch a block of data and counter-value */
2744 ARCH_DEP(vfetchc)(message_block, 7, GR_A(r2, regs) & ADDRESS_MAXWRAP(regs), r2, regs);
2745 ARCH_DEP(vfetchc)(countervalue_block, 7, GR_A(r3, regs) & ADDRESS_MAXWRAP(regs), r3, regs);
2746
2747 #ifdef OPTION_KMCTR_DEBUG
2748 LOGBYTE("input :", message_block, 8);
2749 LOGBYTE("cv :", countervalue_block, 8);
2750 #endif /* #ifdef OPTION_KMCTR_DEBUG */
2751
2752 /* Do the job */
2753 switch(tfc)
2754 {
2755 /* Encrypt */
2756 case 1: /* dea */
2757 {
2758 des_encrypt(&context1, countervalue_block, countervalue_block);
2759 break;
2760 }
2761 case 2: /* tdea-128 */
2762 {
2763 des_encrypt(&context1, countervalue_block, countervalue_block);
2764 des_decrypt(&context2, countervalue_block, countervalue_block);
2765 des_encrypt(&context1, countervalue_block, countervalue_block);
2766 break;
2767 }
2768 case 3: /* tdea-192 */
2769 {
2770 des_encrypt(&context1, countervalue_block, countervalue_block);
2771 des_decrypt(&context2, countervalue_block, countervalue_block);
2772 des_encrypt(&context3, countervalue_block, countervalue_block);
2773 break;
2774 }
2775 }
2776
2777 /* XOR */
2778 for(i = 0; i < 8; i++)
2779 countervalue_block[i] ^= message_block[i];
2780
2781 /* Store the output */
2782 ARCH_DEP(vstorec)(countervalue_block, 7, GR_A(r1, regs) & ADDRESS_MAXWRAP(regs), r1, regs);
2783
2784 #ifdef OPTION_KMCTR_DEBUG
2785 LOGBYTE("output:", countervalue_block, 8);
2786 #endif /* #ifdef OPTION_KMCTR_DEBUG */
2787
2788 /* Update the registers */
2789 SET_GR_A(r1, regs, GR_A(r1, regs) + 8);
2790 if(likely(r1_is_not_r2))
2791 SET_GR_A(r2, regs, GR_A(r2, regs) + 8);
2792 SET_GR_A(r2 + 1, regs, GR_A(r2 + 1, regs) - 8);
2793 if(likely(r1_is_not_r3 && r2_is_not_r3))
2794 SET_GR_A(r3, regs, GR_A(r3, regs) + 8);
2795
2796 #ifdef OPTION_KMCTR_DEBUG
2797 logmsg(" GR%02d : " F_GREG "\n", r1, (regs)->GR(r1));
2798 logmsg(" GR%02d : " F_GREG "\n", r2, (regs)->GR(r2));
2799 logmsg(" GR%02d : " F_GREG "\n", r2 + 1, (regs)->GR(r2 + 1));
2800 logmsg(" GR%02d : " F_GREG "\n", r3, (regs)->GR(r3));
2801 #endif /* #ifdef OPTION_KMCTR_DEBUG */
2802
2803 /* check for end of data */
2804 if(unlikely(!GR_A(r2 + 1, regs)))
2805 {
2806 regs->psw.cc = 0;
2807 return;
2808 }
2809 }
2810
2811 /* CPU-determined amount of data processed */
2812 regs->psw.cc = 3;
2813 }
2814
2815 /*----------------------------------------------------------------------------*/
2816 /* Cipher message with counter (KMCTR) FC 18-20 and 26-28 */
2817 /*----------------------------------------------------------------------------*/
ARCH_DEP(kmctr_aes)2818 static void ARCH_DEP(kmctr_aes)(int r1, int r2, int r3, REGS *regs)
2819 {
2820 aes_context context;
2821 BYTE countervalue_block[16];
2822 int crypted;
2823 int i;
2824 int keylen;
2825 BYTE message_block[16];
2826 BYTE parameter_block[64];
2827 int parameter_blocklen;
2828 int r1_is_not_r2;
2829 int r1_is_not_r3;
2830 int r2_is_not_r3;
2831 int tfc;
2832 int wrap;
2833
2834 /* Check special conditions */
2835 if(unlikely(GR_A(r2 + 1, regs) % 16))
2836 ARCH_DEP(program_interrupt)(regs, PGM_SPECIFICATION_EXCEPTION);
2837
2838 /* Return with cc 0 on zero length */
2839 if(unlikely(!GR_A(r2 + 1, regs)))
2840 {
2841 regs->psw.cc = 0;
2842 return;
2843 }
2844
2845 /* Initialize values */
2846 tfc = GR0_tfc(regs);
2847 wrap = GR0_wrap(regs);
2848 keylen = (tfc - 17) * 8 + 8;
2849 parameter_blocklen = keylen;
2850 if(wrap)
2851 parameter_blocklen += 32;
2852
2853 /* Fetch the parameter block */
2854 ARCH_DEP(vfetchc)(parameter_block, parameter_blocklen - 1, GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, regs);
2855
2856 #ifdef OPTION_KMCTR_DEBUG
2857 LOGBYTE("k :", parameter_block, keylen);
2858 if(wrap)
2859 LOGBYTE("wkvp :", ¶meter_block[parameter_blocklen - 32], 32);
2860 #endif /* #ifdef OPTION_KMCTR_DEBUG */
2861
2862 if(wrap && unwrap_aes(parameter_block, keylen))
2863 {
2864
2865 #ifdef OPTION_KMCTR_DEBUG
2866 logmsg("Wrapping Verification Pattern does not match, return with cc1\n");
2867 #endif /* #ifdef OPTION_KMCTR_DEBUG */
2868
2869 regs->psw.cc = 1;
2870 return;
2871 }
2872
2873 /* Set the cryptographic key */
2874 aes_set_key(&context, parameter_block, keylen * 8);
2875
2876 /* Try to process the CPU-determined amount of data */
2877 r1_is_not_r2 = r1 != r2;
2878 r1_is_not_r3 = r1 != r3;
2879 r2_is_not_r3 = r1 != r2;
2880 for(crypted = 0; crypted < PROCESS_MAX; crypted += 16)
2881 {
2882 /* Fetch a block of data and counter-value */
2883 ARCH_DEP(vfetchc)(message_block, 15, GR_A(r2, regs) & ADDRESS_MAXWRAP(regs), r2, regs);
2884 ARCH_DEP(vfetchc)(countervalue_block, 15, GR_A(r3, regs) & ADDRESS_MAXWRAP(regs), r3, regs);
2885
2886 #ifdef OPTION_KMCTR_DEBUG
2887 LOGBYTE("input :", message_block, 16);
2888 LOGBYTE("cv :", countervalue_block, 16);
2889 #endif /* #ifdef OPTION_KMCTR_DEBUG */
2890
2891 /* Do the job */
2892 /* Encrypt and XOR */
2893 aes_encrypt(&context, countervalue_block, countervalue_block);
2894 for(i = 0; i < 16; i++)
2895 countervalue_block[i] ^= message_block[i];
2896
2897 /* Store the output */
2898 ARCH_DEP(vstorec)(countervalue_block, 15, GR_A(r1, regs) & ADDRESS_MAXWRAP(regs), r1, regs);
2899
2900 #ifdef OPTION_KMCTR_DEBUG
2901 LOGBYTE("output:", countervalue_block, 16);
2902 #endif /* #ifdef OPTION_KMCTR_DEBUG */
2903
2904 /* Update the registers */
2905 SET_GR_A(r1, regs, GR_A(r1, regs) + 16);
2906 if(likely(r1_is_not_r2))
2907 SET_GR_A(r2, regs, GR_A(r2, regs) + 16);
2908 SET_GR_A(r2 + 1, regs, GR_A(r2 + 1, regs) - 16);
2909 if(likely(r1_is_not_r3 && r2_is_not_r3))
2910 SET_GR_A(r3, regs, GR_A(r3, regs) + 16);
2911
2912 #ifdef OPTION_KMCTR_DEBUG
2913 logmsg(" GR%02d : " F_GREG "\n", r1, (regs)->GR(r1));
2914 logmsg(" GR%02d : " F_GREG "\n", r2, (regs)->GR(r2));
2915 logmsg(" GR%02d : " F_GREG "\n", r2 + 1, (regs)->GR(r2 + 1));
2916 logmsg(" GR%02d : " F_GREG "\n", r3, (regs)->GR(r3));
2917 #endif /* #ifdef OPTION_KMCTR_DEBUG */
2918
2919 /* check for end of data */
2920 if(unlikely(!GR_A(r2 + 1, regs)))
2921 {
2922 regs->psw.cc = 0;
2923 return;
2924 }
2925 }
2926
2927 /* CPU-determined amount of data processed */
2928 regs->psw.cc = 3;
2929 }
2930
2931 /*----------------------------------------------------------------------------*/
2932 /* Cipher message with cipher feedback (KMF) FC 1-3 and 9-11 */
2933 /*----------------------------------------------------------------------------*/
ARCH_DEP(kmf_dea)2934 static void ARCH_DEP(kmf_dea)(int r1, int r2, REGS *regs)
2935 {
2936 des_context context1;
2937 des_context context2;
2938 des_context context3;
2939 int crypted;
2940 int i;
2941 int keylen;
2942 int lcfb;
2943 BYTE message_block[8];
2944 int modifier_bit;
2945 BYTE output_block[8];
2946 BYTE parameter_block[56];
2947 int parameter_blocklen;
2948 int r1_is_not_r2;
2949 int tfc;
2950 int wrap;
2951
2952 /* Initialize values */
2953 lcfb = GR0_lcfb(regs);
2954
2955 /* Check special conditions */
2956 if(unlikely(!lcfb || lcfb > 8 || GR_A(r2 + 1, regs) % lcfb))
2957 ARCH_DEP(program_interrupt)(regs, PGM_SPECIFICATION_EXCEPTION);
2958
2959 /* Return with cc 0 on zero length */
2960 if(unlikely(!GR_A(r2 + 1, regs)))
2961 {
2962 regs->psw.cc = 0;
2963 return;
2964 }
2965
2966 /* Initialize values */
2967 tfc = GR0_tfc(regs);
2968 wrap = GR0_wrap(regs);
2969 keylen = tfc * 8;
2970 parameter_blocklen = keylen + 8;
2971 if(wrap)
2972 parameter_blocklen += 24;
2973
2974 /* Test writeability output chaining value */
2975 ARCH_DEP(validate_operand)(GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, 7, ACCTYPE_WRITE, regs);
2976
2977 /* Fetch the parameter block */
2978 ARCH_DEP(vfetchc)(parameter_block, parameter_blocklen - 1, GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, regs);
2979
2980 #ifdef OPTION_KMF_DEBUG
2981 LOGBYTE("cv :", parameter_block, 8);
2982 switch(tfc)
2983 {
2984 case 1: /* dea */
2985 {
2986 LOGBYTE("k :", ¶meter_block[8], 8);
2987 break;
2988 }
2989 case 2: /* tdea-128 */
2990 {
2991 LOGBYTE("k1 :", ¶meter_block[8], 8);
2992 LOGBYTE("k2 :", ¶meter_block[16], 8);
2993 break;
2994 }
2995 case 3: /* tdea-192 */
2996 {
2997 LOGBYTE("k1 :", ¶meter_block[8], 8);
2998 LOGBYTE("k2 :", ¶meter_block[16], 8);
2999 LOGBYTE("k3 :", ¶meter_block[24], 8);
3000 break;
3001 }
3002 }
3003 if(wrap)
3004 LOGBYTE("wkvp :", ¶meter_block[parameter_blocklen - 24], 24);
3005 #endif /* #ifdef OPTION_KMF_DEBUG */
3006
3007 /* Verify and unwrap */
3008 if(wrap && unwrap_dea(¶meter_block[8], keylen))
3009 {
3010
3011 #ifdef OPTION_KMF_DEBUG
3012 logmsg("Wrapping Verification Pattern does not match, return with cc1\n");
3013 #endif /* #ifdef OPTION_KMF_DEBUG */
3014
3015 regs->psw.cc = 1;
3016 return;
3017 }
3018
3019 /* Set the cryptographic key */
3020 switch(tfc)
3021 {
3022 case 1: /* dea */
3023 {
3024 des_set_key(&context1, ¶meter_block[8]);
3025 break;
3026 }
3027 case 2: /* tdea-128 */
3028 {
3029 des_set_key(&context1, ¶meter_block[8]);
3030 des_set_key(&context2, ¶meter_block[16]);
3031 break;
3032 }
3033 case 3: /* tdea-192 */
3034 {
3035 des_set_key(&context1, ¶meter_block[8]);
3036 des_set_key(&context2, ¶meter_block[16]);
3037 des_set_key(&context3, ¶meter_block[24]);
3038 break;
3039 }
3040 }
3041
3042 /* Try to process the CPU-determined amount of data */
3043 modifier_bit = GR0_m(regs);
3044 r1_is_not_r2 = r1 != r2;
3045 for(crypted = 0; crypted < PROCESS_MAX; crypted += lcfb)
3046 {
3047 /* Do the job */
3048 switch(tfc)
3049 {
3050 case 1: /* dea */
3051 {
3052 des_encrypt(&context1, parameter_block, output_block);
3053 break;
3054 }
3055 case 2: /* tdea-128 */
3056 {
3057 des_encrypt(&context1, parameter_block, output_block);
3058 des_decrypt(&context2, output_block, output_block);
3059 des_encrypt(&context1, output_block, output_block);
3060 break;
3061 }
3062 case 3: /* tdea-192 */
3063 {
3064 des_encrypt(&context1, parameter_block, output_block);
3065 des_decrypt(&context2, output_block, output_block);
3066 des_encrypt(&context3, output_block, output_block);
3067 break;
3068 }
3069 }
3070 ARCH_DEP(vfetchc)(message_block, lcfb - 1, GR_A(r2, regs) & ADDRESS_MAXWRAP(regs), r2, regs);
3071
3072 #ifdef OPTION_KMF_DEBUG
3073 LOGBYTE("input :", message_block, lcfb);
3074 #endif /* #ifdef OPTION_KMF_DEBUG */
3075
3076 for(i = 0; i < lcfb; i++)
3077 output_block[i] ^= message_block[i];
3078 for(i = 0; i < 8 - lcfb; i++)
3079 parameter_block[i] = parameter_block[i + lcfb];
3080 if(modifier_bit)
3081 {
3082 /* Decipher */
3083 for(i = 0; i < lcfb; i++)
3084 parameter_block[i + 8 - lcfb] = message_block[i];
3085 }
3086 else
3087 {
3088 /* Encipher */
3089 for(i = 0; i < lcfb; i++)
3090 parameter_block[i + 8 - lcfb] = output_block[i];
3091 }
3092
3093 /* Store the output */
3094 ARCH_DEP(vstorec)(output_block, lcfb - 1, GR_A(r1, regs) & ADDRESS_MAXWRAP(regs), r1, regs);
3095
3096 #ifdef OPTION_KMF_DEBUG
3097 LOGBYTE("output:", output_block, lcfb);
3098 #endif /* #ifdef OPTION_KMF_DEBUG */
3099
3100 /* Store the chaining value */
3101 ARCH_DEP(vstorec)(parameter_block, 7, GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, regs);
3102
3103 #ifdef OPTION_KMF_DEBUG
3104 LOGBYTE("cv :", parameter_block, 8);
3105 #endif /* #ifdef OPTION_KMF_DEBUG */
3106
3107 /* Update the registers */
3108 SET_GR_A(r1, regs, GR_A(r1, regs) + lcfb);
3109 if(likely(r1_is_not_r2))
3110 SET_GR_A(r2, regs, GR_A(r2, regs) + lcfb);
3111 SET_GR_A(r2 + 1, regs, GR_A(r2 + 1, regs) - lcfb);
3112
3113 #ifdef OPTION_KMF_DEBUG
3114 logmsg(" GR%02d : " F_GREG "\n", r1, (regs)->GR(r1));
3115 logmsg(" GR%02d : " F_GREG "\n", r2, (regs)->GR(r2));
3116 logmsg(" GR%02d : " F_GREG "\n", r2 + 1, (regs)->GR(r2 + 1));
3117 #endif /* #ifdef OPTION_KMF_DEBUG */
3118
3119 /* check for end of data */
3120 if(unlikely(!GR_A(r2 + 1, regs)))
3121 {
3122 regs->psw.cc = 0;
3123 return;
3124 }
3125 }
3126
3127 /* CPU-determined amount of data processed */
3128 regs->psw.cc = 3;
3129 }
3130
3131 /*----------------------------------------------------------------------------*/
3132 /* Cipher message with cipher feedback (KMF) FC 18-20 and 26-28 */
3133 /*----------------------------------------------------------------------------*/
ARCH_DEP(kmf_aes)3134 static void ARCH_DEP(kmf_aes)(int r1, int r2, REGS *regs)
3135 {
3136 aes_context context;
3137 int crypted;
3138 int i;
3139 int keylen;
3140 int lcfb;
3141 BYTE message_block[16];
3142 int modifier_bit;
3143 BYTE output_block[16];
3144 BYTE parameter_block[80];
3145 int parameter_blocklen;
3146 int r1_is_not_r2;
3147 int tfc;
3148 int wrap;
3149
3150 /* Initialize values */
3151 lcfb = GR0_lcfb(regs);
3152
3153 /* Check special conditions */
3154 if(unlikely(!lcfb || lcfb > 16 || GR_A(r2 + 1, regs) % lcfb))
3155 ARCH_DEP(program_interrupt)(regs, PGM_SPECIFICATION_EXCEPTION);
3156
3157 /* Return with cc 0 on zero length */
3158 if(unlikely(!GR_A(r2 + 1, regs)))
3159 {
3160 regs->psw.cc = 0;
3161 return;
3162 }
3163
3164 /* Initialize values */
3165 tfc = GR0_tfc(regs);
3166 wrap = GR0_wrap(regs);
3167 keylen = (tfc - 17) * 8 + 8;
3168 parameter_blocklen = keylen + 16;
3169 if(wrap)
3170 parameter_blocklen += 32;
3171
3172 /* Test writeability output chaining value */
3173 ARCH_DEP(validate_operand)(GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, 15, ACCTYPE_WRITE, regs);
3174
3175 /* Fetch the parameter block */
3176 ARCH_DEP(vfetchc)(parameter_block, parameter_blocklen - 1, GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, regs);
3177
3178 #ifdef OPTION_KMF_DEBUG
3179 LOGBYTE("cv :", parameter_block, 16);
3180 LOGBYTE("k :", ¶meter_block[16], keylen);
3181 if(wrap)
3182 LOGBYTE("wkvp :", ¶meter_block[parameter_blocklen - 32], 32);
3183 #endif /* #ifdef OPTION_KMF_DEBUG */
3184
3185 /* Verify and unwrap */
3186 if(wrap && unwrap_aes(¶meter_block[16], keylen))
3187 {
3188
3189 #ifdef OPTION_KMF_DEBUG
3190 logmsg("Wrapping Verification Pattern does not match, return with cc1\n");
3191 #endif /* #ifdef OPTION_KMF_DEBUG */
3192
3193 regs->psw.cc = 1;
3194 return;
3195 }
3196
3197 /* Set the cryptographic key */
3198 aes_set_key(&context, ¶meter_block[16], keylen * 8);
3199
3200 /* Try to process the CPU-determined amount of data */
3201 modifier_bit = GR0_m(regs);
3202 r1_is_not_r2 = r1 != r2;
3203 for(crypted = 0; crypted < PROCESS_MAX; crypted += lcfb)
3204 {
3205 aes_encrypt(&context, parameter_block, output_block);
3206 ARCH_DEP(vfetchc)(message_block, lcfb - 1, GR_A(r2, regs) & ADDRESS_MAXWRAP(regs), r2, regs);
3207
3208 #ifdef OPTION_KMF_DEBUG
3209 LOGBYTE("input :", message_block, lcfb);
3210 #endif /* #ifdef OPTION_KMF_DEBUG */
3211
3212 for(i = 0; i < lcfb; i++)
3213 output_block[i] ^= message_block[i];
3214 for(i = 0; i < 16 - lcfb; i++)
3215 parameter_block[i] = parameter_block[i + lcfb];
3216 if(modifier_bit)
3217 {
3218 /* Decipher */
3219 for(i = 0; i < lcfb; i++)
3220 parameter_block[i + 16 - lcfb] = message_block[i];
3221 }
3222 else
3223 {
3224 /* Encipher */
3225 for(i = 0; i < lcfb; i++)
3226 parameter_block[i + 16 - lcfb] = output_block[i];
3227 }
3228
3229 /* Store the output */
3230 ARCH_DEP(vstorec)(output_block, lcfb - 1, GR_A(r1, regs) & ADDRESS_MAXWRAP(regs), r1, regs);
3231
3232 #ifdef OPTION_KMF_DEBUG
3233 LOGBYTE("output:", output_block, lcfb);
3234 #endif /* #ifdef OPTION_KMF_DEBUG */
3235
3236 /* Store the chaining value */
3237 ARCH_DEP(vstorec)(parameter_block, 15, GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, regs);
3238
3239 #ifdef OPTION_KMF_DEBUG
3240 LOGBYTE("cv :", parameter_block, 16);
3241 #endif /* #ifdef OPTION_KMF_DEBUG */
3242
3243 /* Update the registers */
3244 SET_GR_A(r1, regs, GR_A(r1, regs) + lcfb);
3245 if(likely(r1_is_not_r2))
3246 SET_GR_A(r2, regs, GR_A(r2, regs) + lcfb);
3247 SET_GR_A(r2 + 1, regs, GR_A(r2 + 1, regs) - lcfb);
3248
3249 #ifdef OPTION_KMF_DEBUG
3250 logmsg(" GR%02d : " F_GREG "\n", r1, (regs)->GR(r1));
3251 logmsg(" GR%02d : " F_GREG "\n", r2, (regs)->GR(r2));
3252 logmsg(" GR%02d : " F_GREG "\n", r2 + 1, (regs)->GR(r2 + 1));
3253 #endif /* #ifdef OPTION_KMF_DEBUG */
3254
3255 /* check for end of data */
3256 if(unlikely(!GR_A(r2 + 1, regs)))
3257 {
3258 regs->psw.cc = 0;
3259 return;
3260 }
3261 }
3262
3263 /* CPU-determined amount of data processed */
3264 regs->psw.cc = 3;
3265 }
3266
3267 /*----------------------------------------------------------------------------*/
3268 /* Cipher message with output feedback (KMO) FC 1-3 and 9-11 */
3269 /*----------------------------------------------------------------------------*/
ARCH_DEP(kmo_dea)3270 static void ARCH_DEP(kmo_dea)(int r1, int r2, REGS *regs)
3271 {
3272 des_context context1;
3273 des_context context2;
3274 des_context context3;
3275 int crypted;
3276 int i;
3277 int keylen;
3278 BYTE message_block[8];
3279 BYTE parameter_block[56];
3280 int parameter_blocklen;
3281 int r1_is_not_r2;
3282 int tfc;
3283 int wrap;
3284
3285 /* Check special conditions */
3286 if(unlikely(GR_A(r2 + 1, regs) % 8))
3287 ARCH_DEP(program_interrupt)(regs, PGM_SPECIFICATION_EXCEPTION);
3288
3289 /* Return with cc 0 on zero length */
3290 if(unlikely(!GR_A(r2 + 1, regs)))
3291 {
3292 regs->psw.cc = 0;
3293 return;
3294 }
3295
3296 /* Initialize values */
3297 tfc = GR0_tfc(regs);
3298 wrap = GR0_wrap(regs);
3299 keylen = tfc * 8;
3300 parameter_blocklen = keylen + 8;
3301 if(wrap)
3302 parameter_blocklen += 24;
3303
3304 /* Test writeability output chaining value */
3305 ARCH_DEP(validate_operand)(GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, 7, ACCTYPE_WRITE, regs);
3306
3307 /* Fetch the parameter block */
3308 ARCH_DEP(vfetchc)(parameter_block, parameter_blocklen - 1, GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, regs);
3309
3310 #ifdef OPTION_KMO_DEBUG
3311 LOGBYTE("cv :", parameter_block, 8);
3312 switch(tfc)
3313 {
3314 case 1: /* dea */
3315 {
3316 LOGBYTE("k :", ¶meter_block[8], 8);
3317 break;
3318 }
3319 case 2: /* tdea-128 */
3320 {
3321 LOGBYTE("k1 :", ¶meter_block[8], 8);
3322 LOGBYTE("k2 :", ¶meter_block[16], 8);
3323 break;
3324 }
3325 case 3: /* tdea-192 */
3326 {
3327 LOGBYTE("k1 :", ¶meter_block[8], 8);
3328 LOGBYTE("k2 :", ¶meter_block[16], 8);
3329 LOGBYTE("k3 :", ¶meter_block[24], 8);
3330 break;
3331 }
3332 }
3333 if(wrap)
3334 LOGBYTE("wkvp :", ¶meter_block[keylen + 8], 24);
3335 #endif /* #ifdef OPTION_KMO_DEBUG */
3336
3337 /* Verify and unwrap */
3338 if(wrap && unwrap_dea(¶meter_block[8], keylen))
3339 {
3340
3341 #ifdef OPTION_KMO_DEBUG
3342 logmsg("Wrapping Verification Pattern does not match, return with cc1\n");
3343 #endif /* #ifdef OPTION_KMO_DEBUG */
3344
3345 regs->psw.cc = 1;
3346 return;
3347 }
3348
3349 /* Set the cryptographic key */
3350 switch(tfc)
3351 {
3352 case 1: /* dea */
3353 {
3354 des_set_key(&context1, ¶meter_block[8]);
3355 break;
3356 }
3357 case 2: /* tdea-128 */
3358 {
3359 des_set_key(&context1, ¶meter_block[8]);
3360 des_set_key(&context2, ¶meter_block[16]);
3361 break;
3362 }
3363 case 3: /* tdea-192 */
3364 {
3365 des_set_key(&context1, ¶meter_block[8]);
3366 des_set_key(&context2, ¶meter_block[16]);
3367 des_set_key(&context3, ¶meter_block[24]);
3368 break;
3369 }
3370 }
3371
3372 /* Try to process the CPU-determined amount of data */
3373 r1_is_not_r2 = r1 != r2;
3374 for(crypted = 0; crypted < PROCESS_MAX; crypted += 8)
3375 {
3376 /* Do the job */
3377 switch(tfc)
3378 {
3379 case 1: /* dea */
3380 {
3381 des_encrypt(&context1, parameter_block, parameter_block);
3382 break;
3383 }
3384 case 2: /* tdea-128 */
3385 {
3386 des_encrypt(&context1, parameter_block, parameter_block);
3387 des_decrypt(&context2, parameter_block, parameter_block);
3388 des_encrypt(&context1, parameter_block, parameter_block);
3389 break;
3390 }
3391 case 3: /* tdea-192 */
3392 {
3393 des_encrypt(&context1, parameter_block, parameter_block);
3394 des_decrypt(&context2, parameter_block, parameter_block);
3395 des_encrypt(&context3, parameter_block, parameter_block);
3396 break;
3397 }
3398 }
3399 ARCH_DEP(vfetchc)(message_block, 7, GR_A(r2, regs) & ADDRESS_MAXWRAP(regs), r2, regs);
3400
3401 #ifdef OPTION_KMO_DEBUG
3402 LOGBYTE("input :", message_block, 8);
3403 #endif /* #ifdef OPTION_KMO_DEBUG */
3404
3405 for(i = 0; i < 8; i++)
3406 message_block[i] ^= parameter_block[i];
3407
3408 /* Store the output */
3409 ARCH_DEP(vstorec)(message_block, 7, GR_A(r1, regs) & ADDRESS_MAXWRAP(regs), r1, regs);
3410
3411 #ifdef OPTION_KMO_DEBUG
3412 LOGBYTE("output:", message_block, 8);
3413 #endif /* #ifdef OPTION_KMO_DEBUG */
3414
3415 /* Store the chaining value */
3416 ARCH_DEP(vstorec)(parameter_block, 7, GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, regs);
3417
3418 #ifdef OPTION_KMO_DEBUG
3419 LOGBYTE("cv :", parameter_block, 8);
3420 #endif /* #ifdef OPTION_KMO_DEBUG */
3421
3422 /* Update the registers */
3423 SET_GR_A(r1, regs, GR_A(r1, regs) + 8);
3424 if(likely(r1_is_not_r2))
3425 SET_GR_A(r2, regs, GR_A(r2, regs) + 8);
3426 SET_GR_A(r2 + 1, regs, GR_A(r2 + 1, regs) - 8);
3427
3428 #ifdef OPTION_KMO_DEBUG
3429 logmsg(" GR%02d : " F_GREG "\n", r1, (regs)->GR(r1));
3430 logmsg(" GR%02d : " F_GREG "\n", r2, (regs)->GR(r2));
3431 logmsg(" GR%02d : " F_GREG "\n", r2 + 1, (regs)->GR(r2 + 1));
3432 #endif /* #ifdef OPTION_KMO_DEBUG */
3433
3434 /* check for end of data */
3435 if(unlikely(!GR_A(r2 + 1, regs)))
3436 {
3437 regs->psw.cc = 0;
3438 return;
3439 }
3440 }
3441
3442 /* CPU-determined amount of data processed */
3443 regs->psw.cc = 3;
3444 }
3445
3446 /*----------------------------------------------------------------------------*/
3447 /* Cipher message with output feedback (KMO) FC 18-20 and 26-28 */
3448 /*----------------------------------------------------------------------------*/
ARCH_DEP(kmo_aes)3449 static void ARCH_DEP(kmo_aes)(int r1, int r2, REGS *regs)
3450 {
3451 aes_context context;
3452 int crypted;
3453 int i;
3454 int keylen;
3455 BYTE message_block[16];
3456 BYTE parameter_block[80];
3457 int parameter_blocklen;
3458 int r1_is_not_r2;
3459 int tfc;
3460 int wrap;
3461
3462 /* Check special conditions */
3463 if(unlikely(GR_A(r2 + 1, regs) % 16))
3464 ARCH_DEP(program_interrupt)(regs, PGM_SPECIFICATION_EXCEPTION);
3465
3466 /* Return with cc 0 on zero length */
3467 if(unlikely(!GR_A(r2 + 1, regs)))
3468 {
3469 regs->psw.cc = 0;
3470 return;
3471 }
3472
3473 /* Initialize values */
3474 tfc = GR0_tfc(regs);
3475 wrap = GR0_wrap(regs);
3476 keylen = (tfc - 17) * 8 + 8;
3477 parameter_blocklen = keylen + 16;
3478 if(wrap)
3479 parameter_blocklen += 32;
3480
3481 /* Test writeability output chaining value */
3482 ARCH_DEP(validate_operand)(GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, 15, ACCTYPE_WRITE, regs);
3483
3484 /* Fetch the parameter block */
3485 ARCH_DEP(vfetchc)(parameter_block, parameter_blocklen - 1, GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, regs);
3486
3487 #ifdef OPTION_KMO_DEBUG
3488 LOGBYTE("cv :", parameter_block, 16);
3489 LOGBYTE("k :", ¶meter_block[16], keylen);
3490 if(wrap)
3491 LOGBYTE("wkvp :", ¶meter_block[keylen + 16], 32);
3492 #endif /* #ifdef OPTION_KMO_DEBUG */
3493
3494 /* Verify and unwrap */
3495 if(wrap && unwrap_aes(¶meter_block[16], keylen))
3496 {
3497
3498 #ifdef OPTION_KMO_DEBUG
3499 logmsg("Wrapping Verification Pattern does not match, return with cc1\n");
3500 #endif /* #ifdef OPTION_KMO_DEBUG */
3501
3502 regs->psw.cc = 1;
3503 return;
3504 }
3505
3506 /* Set the cryptographic key */
3507 aes_set_key(&context, ¶meter_block[16], keylen * 8);
3508
3509 /* Try to process the CPU-determined amount of data */
3510 r1_is_not_r2 = r1 != r2;
3511 for(crypted = 0; crypted < PROCESS_MAX; crypted += 16)
3512 {
3513 aes_encrypt(&context, parameter_block, parameter_block);
3514 ARCH_DEP(vfetchc)(message_block, 15, GR_A(r2, regs) & ADDRESS_MAXWRAP(regs), r2, regs);
3515
3516 #ifdef OPTION_KMO_DEBUG
3517 LOGBYTE("input :", message_block, 16);
3518 #endif /* #ifdef OPTION_KMO_DEBUG */
3519
3520 for(i = 0; i < 16; i++)
3521 message_block[i] ^= parameter_block[i];
3522
3523 /* Store the output */
3524 ARCH_DEP(vstorec)(message_block, 15, GR_A(r1, regs) & ADDRESS_MAXWRAP(regs), r1, regs);
3525
3526 #ifdef OPTION_KMO_DEBUG
3527 LOGBYTE("output:", message_block, 16);
3528 #endif /* #ifdef OPTION_KMO_DEBUG */
3529
3530 /* Store the chaining value */
3531 ARCH_DEP(vstorec)(parameter_block, 15, GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, regs);
3532
3533 #ifdef OPTION_KMO_DEBUG
3534 LOGBYTE("cv :", parameter_block, 16);
3535 #endif /* #ifdef OPTION_KMO_DEBUG */
3536
3537 /* Update the registers */
3538 SET_GR_A(r1, regs, GR_A(r1, regs) + 16);
3539 if(likely(r1_is_not_r2))
3540 SET_GR_A(r2, regs, GR_A(r2, regs) + 16);
3541 SET_GR_A(r2 + 1, regs, GR_A(r2 + 1, regs) - 16);
3542
3543 #ifdef OPTION_KMO_DEBUG
3544 logmsg(" GR%02d : " F_GREG "\n", r1, (regs)->GR(r1));
3545 logmsg(" GR%02d : " F_GREG "\n", r2, (regs)->GR(r2));
3546 logmsg(" GR%02d : " F_GREG "\n", r2 + 1, (regs)->GR(r2 + 1));
3547 #endif /* #ifdef OPTION_KMO_DEBUG */
3548
3549 /* check for end of data */
3550 if(unlikely(!GR_A(r2 + 1, regs)))
3551 {
3552 regs->psw.cc = 0;
3553 return;
3554 }
3555 }
3556
3557 /* CPU-determined amount of data processed */
3558 regs->psw.cc = 3;
3559 }
3560
3561 /*----------------------------------------------------------------------------*/
3562 /* Perform cryptographic computation (PCC) FC 1-3 and 9-11 */
3563 /*----------------------------------------------------------------------------*/
ARCH_DEP(pcc_cmac_dea)3564 static void ARCH_DEP(pcc_cmac_dea)(REGS *regs)
3565 {
3566 des_context context1;
3567 des_context context2;
3568 des_context context3;
3569 int i;
3570 BYTE k[8];
3571 int keylen;
3572 BYTE mask[8] = { 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff };
3573 BYTE parameter_block[72];
3574 int parameter_blocklen;
3575 BYTE r64[8] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1b };
3576 int tfc;
3577 int wrap;
3578
3579 /* Check special conditions */
3580 if(unlikely(GR0_m(regs)))
3581 ARCH_DEP(program_interrupt)(regs, PGM_SPECIFICATION_EXCEPTION);
3582
3583 /* Initialize values */
3584 tfc = GR0_tfc(regs);
3585 wrap = GR0_wrap(regs);
3586 keylen = tfc * 8;
3587 parameter_blocklen = keylen + 24;
3588 if(wrap)
3589 parameter_blocklen += 24;
3590
3591 /* Test writeability output chaining value */
3592 ARCH_DEP(validate_operand)((GR_A(1, regs) + 16) & ADDRESS_MAXWRAP(regs), 1, 7, ACCTYPE_WRITE, regs);
3593
3594 /* Fetch the parameter block */
3595 ARCH_DEP(vfetchc)(parameter_block, parameter_blocklen - 1, GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, regs);
3596
3597 #ifdef OPTION_PCC_DEBUG
3598 LOGBYTE("ml :", parameter_block, 1);
3599 LOGBYTE("msg :", ¶meter_block[8], 8);
3600 LOGBYTE("icv :", ¶meter_block[16], 8);
3601 switch(tfc)
3602 {
3603 case 1: /* dea */
3604 {
3605 LOGBYTE("k :", ¶meter_block[24], 8);
3606 break;
3607 }
3608 case 2: /* tdea-128 */
3609 {
3610 LOGBYTE("k1 :", ¶meter_block[24], 8);
3611 LOGBYTE("k2 :", ¶meter_block[32], 8);
3612 break;
3613 }
3614 case 3: /* tdea-192 */
3615 {
3616 LOGBYTE("k1 :", ¶meter_block[24], 8);
3617 LOGBYTE("k2 :", ¶meter_block[32], 8);
3618 LOGBYTE("k3 :", ¶meter_block[40], 8);
3619 break;
3620 }
3621 }
3622 if(wrap)
3623 LOGBYTE("wkvp :", ¶meter_block[keylen + 24], 24);
3624 #endif /* #ifdef OPTION_PCC_DEBUG */
3625
3626 /* Verify and unwrap */
3627 if(wrap && unwrap_dea(¶meter_block[24], keylen))
3628 {
3629
3630 #ifdef OPTION_PCC_DEBUG
3631 logmsg("Wrapping Verification Pattern does not match, return with cc1\n");
3632 #endif /* #ifdef OPTION_PCC_DEBUG */
3633
3634 regs->psw.cc = 1;
3635 return;
3636 }
3637
3638 /* Set the cryptographic key */
3639 switch(tfc)
3640 {
3641 case 1: /* dea */
3642 {
3643 des_set_key(&context1, ¶meter_block[24]);
3644 break;
3645 }
3646 case 2: /* tdea-128 */
3647 {
3648 des_set_key(&context1, ¶meter_block[24]);
3649 des_set_key(&context2, ¶meter_block[32]);
3650 break;
3651 }
3652 case 3: /* tdea-192 */
3653 {
3654 des_set_key(&context1, ¶meter_block[24]);
3655 des_set_key(&context2, ¶meter_block[32]);
3656 des_set_key(&context3, ¶meter_block[40]);
3657 break;
3658 }
3659 }
3660
3661 /* Check validity ML value */
3662 if(parameter_block[0] > 64)
3663 {
3664 regs->psw.cc = 2;
3665 return;
3666 }
3667
3668 /* Place the one bit */
3669 if(parameter_block[0] != 64)
3670 parameter_block[(parameter_block[0] / 8) + 8] |= (0x80 >> (parameter_block[0] % 8));
3671
3672 /* Pad with zeroes */
3673 if(parameter_block[0] < 63)
3674 {
3675 parameter_block[(parameter_block[0] / 8) + 8] &= mask[parameter_block[0] % 8];
3676 for(i = (parameter_block[0] / 8) + 1; i < 8; i++)
3677 parameter_block[i + 8] = 0x00;
3678 }
3679
3680 #ifdef OPTION_PCC_DEBUG
3681 LOGBYTE("msg :", ¶meter_block[8], 8);
3682 #endif /* #ifdef OPTION_PCC_DEBUG */
3683
3684 /* Calculate subkey */
3685 memset(k, 0, 8);
3686 switch(tfc)
3687 {
3688 case 1: /* dea */
3689 {
3690 des_encrypt(&context1, k, k);
3691 break;
3692 }
3693 case 2: /* tdea-128 */
3694 {
3695 des_encrypt(&context1, k, k);
3696 des_decrypt(&context2, k, k);
3697 des_encrypt(&context1, k, k);
3698 break;
3699 }
3700 case 3: /* tdea-192 */
3701 {
3702 des_encrypt(&context1, k, k);
3703 des_decrypt(&context2, k, k);
3704 des_encrypt(&context3, k, k);
3705 break;
3706 }
3707 }
3708
3709 /* Calculate subkeys Kx and Ky */
3710 if(!(k[0] & 0x80))
3711 shift_left(k, k, 8);
3712 else
3713 {
3714 shift_left(k, k, 8);
3715 for(i = 0; i < 8; i++)
3716 k[i] ^= r64[i];
3717 }
3718 if(parameter_block[0] != 64)
3719 {
3720 if(!(k[0] & 0x80))
3721 shift_left(k, k, 8);
3722 else
3723 {
3724 shift_left(k, k, 8);
3725 for(i = 0; i < 8; i++)
3726 k[i] ^= r64[i];
3727 }
3728 }
3729
3730 #ifdef OPTION_PCC_DEBUG
3731 LOGBYTE("Subkey:", k, 8);
3732 #endif /* #ifdef OPTION_PCC_DEBUG */
3733
3734 /* XOR with kx or ky and encrypt */
3735 for(i = 0; i < 8; i++)
3736 {
3737 parameter_block[i + 8] ^= k[i];
3738 parameter_block[i + 8] ^= parameter_block[i + 16];
3739 }
3740 switch(tfc)
3741 {
3742 case 1: /* dea */
3743 {
3744 des_encrypt(&context1, ¶meter_block[8], ¶meter_block[8]);
3745 break;
3746 }
3747 case 2: /* tdea-128 */
3748 {
3749 des_encrypt(&context1, ¶meter_block[8], ¶meter_block[8]);
3750 des_decrypt(&context2, ¶meter_block[8], ¶meter_block[8]);
3751 des_encrypt(&context1, ¶meter_block[8], ¶meter_block[8]);
3752 break;
3753 }
3754 case 3: /* tdea-192 */
3755 {
3756 des_encrypt(&context1, ¶meter_block[8], ¶meter_block[8]);
3757 des_decrypt(&context2, ¶meter_block[8], ¶meter_block[8]);
3758 des_encrypt(&context3, ¶meter_block[8], ¶meter_block[8]);
3759 break;
3760 }
3761 }
3762
3763 #ifdef OPTION_PCC_DEBUG
3764 LOGBYTE("cmac :", ¶meter_block[8], 8);
3765 #endif /* #ifdef OPTION_PCC_DEBUG */
3766
3767 /* Store the CMAC */
3768 ARCH_DEP(vstorec)(¶meter_block[8], 7, (GR_A(1, regs) + 16) & ADDRESS_MAXWRAP(regs), 1, regs);
3769
3770 /* Normal completion */
3771 regs->psw.cc = 0;
3772 }
3773
3774 /*----------------------------------------------------------------------------*/
3775 /* Perform cryptographic computation (PCC) FC 18-20 and 26-28 */
3776 /*----------------------------------------------------------------------------*/
ARCH_DEP(pcc_cmac_aes)3777 static void ARCH_DEP(pcc_cmac_aes)(REGS *regs)
3778 {
3779 aes_context context;
3780 int i;
3781 BYTE k[16];
3782 int keylen;
3783 BYTE mask[8] = { 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff };
3784 BYTE parameter_block[104];
3785 int parameter_blocklen;
3786 BYTE r128[16] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x87 };
3787 int tfc;
3788 int wrap;
3789
3790 /* Check special conditions */
3791 if(unlikely(GR0_m(regs)))
3792 ARCH_DEP(program_interrupt)(regs, PGM_SPECIFICATION_EXCEPTION);
3793
3794 /* Initialize values */
3795 tfc = GR0_tfc(regs);
3796 wrap = GR0_wrap(regs);
3797 keylen = (tfc - 17) * 8 + 8;
3798 parameter_blocklen = keylen + 40;
3799 if(wrap)
3800 parameter_blocklen += 32;
3801
3802 /* Test writeability output chaining value */
3803 ARCH_DEP(validate_operand)((GR_A(1, regs) + 24) & ADDRESS_MAXWRAP(regs), 1, 15, ACCTYPE_WRITE, regs);
3804
3805 /* Fetch the parameter block */
3806 ARCH_DEP(vfetchc)(parameter_block, parameter_blocklen - 1, GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, regs);
3807
3808 #ifdef OPTION_PCC_DEBUG
3809 LOGBYTE("ml :", parameter_block, 1);
3810 LOGBYTE("msg :", ¶meter_block[8], 16);
3811 LOGBYTE("icv :", ¶meter_block[24], 16);
3812 LOGBYTE("k :", ¶meter_block[40], keylen);
3813 if(wrap)
3814 LOGBYTE("wkvp :", ¶meter_block[keylen + 40], 32);
3815 #endif /* #ifdef OPTION_PCC_DEBUG */
3816
3817 /* Verify and unwrap */
3818 if(wrap && unwrap_aes(¶meter_block[40], keylen))
3819 {
3820
3821 #ifdef OPTION_PCC_DEBUG
3822 logmsg("Wrapping Verification Pattern does not match, return with cc1\n");
3823 #endif /* #ifdef OPTION_PCC_DEBUG */
3824
3825 regs->psw.cc = 1;
3826 return;
3827 }
3828
3829 /* Set the cryptographic key */
3830 aes_set_key(&context, ¶meter_block[40], keylen * 8);
3831
3832 /* Check validity ML value */
3833 if(parameter_block[0] > 128)
3834 {
3835 regs->psw.cc = 2;
3836 return;
3837 }
3838
3839 /* Place the one bit */
3840 if(parameter_block[0] != 128)
3841 parameter_block[(parameter_block[0] / 8) + 8] |= (0x80 >> (parameter_block[0] % 8));
3842
3843 /* Pad with zeroes */
3844 if(parameter_block[0] < 127)
3845 {
3846 parameter_block[(parameter_block[0] / 8) + 8] &= mask[parameter_block[0] % 8];
3847 for(i = (parameter_block[0] / 8) + 1; i < 16; i++)
3848 parameter_block[i + 8] = 0x00;
3849 }
3850
3851 #ifdef OPTION_PCC_DEBUG
3852 LOGBYTE("msg :", ¶meter_block[8], 16);
3853 #endif /* #ifdef OPTION_PCC_DEBUG */
3854
3855 /* Calculate subkeys */
3856 memset(k, 0, 16);
3857 aes_encrypt(&context, k, k);
3858
3859 /* Calculate subkeys Kx and Ky */
3860 if(!(k[0] & 0x80))
3861 shift_left(k, k, 16);
3862 else
3863 {
3864 shift_left(k, k, 16);
3865 for(i = 0; i < 16; i++)
3866 k[i] ^= r128[i];
3867 }
3868 if(parameter_block[0] != 128)
3869 {
3870 if(!(k[0] & 0x80))
3871 shift_left(k, k, 16);
3872 else
3873 {
3874 shift_left(k, k, 16);
3875 for(i = 0; i < 16; i++)
3876 k[i] ^= r128[i];
3877 }
3878 }
3879
3880 #ifdef OPTION_PCC_DEBUG
3881 LOGBYTE("Subkey:", k, 16);
3882 #endif /* #ifdef OPTION_PCC_DEBUG */
3883
3884 /* XOR with kx or ky and encrypt */
3885 for(i = 0; i < 16; i++)
3886 {
3887 parameter_block[i + 8] ^= k[i];
3888 parameter_block[i + 8] ^= parameter_block[i + 24];
3889 }
3890 aes_encrypt(&context, ¶meter_block[8], ¶meter_block[8]);
3891
3892 #ifdef OPTION_PCC_DEBUG
3893 LOGBYTE("cmac :", ¶meter_block[8], 16);
3894 #endif /* #ifdef OPTION_PCC_DEBUG */
3895
3896 /* Store the CMAC */
3897 ARCH_DEP(vstorec)(¶meter_block[8], 15, (GR_A(1, regs) + 24) & ADDRESS_MAXWRAP(regs), 1, regs);
3898
3899 /* Normal completion */
3900 regs->psw.cc = 0;
3901 }
3902
3903 /*----------------------------------------------------------------------------*/
3904 /* Perform cryptographic computation (PCC) FC 50, 52, 58 and 60 */
3905 /*----------------------------------------------------------------------------*/
ARCH_DEP(pcc_xts_aes)3906 static void ARCH_DEP(pcc_xts_aes)(REGS *regs)
3907 {
3908 BYTE *bsn;
3909 aes_context context;
3910 BYTE *ibi;
3911 int keylen;
3912 BYTE mask[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
3913 BYTE parameter_block[128];
3914 int parameter_blocklen;
3915 int tfc;
3916 BYTE *tweak;
3917 int wrap;
3918 BYTE *xts;
3919 BYTE zero[16] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
3920
3921 /* Check special conditions */
3922 if(unlikely(GR0_m(regs)))
3923 ARCH_DEP(program_interrupt)(regs, PGM_SPECIFICATION_EXCEPTION);
3924
3925 /* Initialize values */
3926 tfc = GR0_tfc(regs);
3927 wrap = GR0_wrap(regs);
3928 keylen = (tfc - 49) * 8 + 8;
3929 parameter_blocklen = keylen + 64;
3930 if(wrap)
3931 parameter_blocklen += 32;
3932
3933 /* Test writeability XTS parameter */
3934 ARCH_DEP(validate_operand)((GR_A(1, regs) + parameter_blocklen - 16) & ADDRESS_MAXWRAP(regs), 1, 31, ACCTYPE_WRITE, regs);
3935
3936 /* Fetch the parameter block */
3937 ARCH_DEP(vfetchc)(parameter_block, parameter_blocklen - 1, GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, regs);
3938 tweak = ¶meter_block[parameter_blocklen - 64];
3939 bsn = ¶meter_block[parameter_blocklen - 48];
3940 ibi = ¶meter_block[parameter_blocklen - 32];
3941 xts = ¶meter_block[parameter_blocklen - 16];
3942
3943 #ifdef OPTION_PCC_DEBUG
3944 LOGBYTE("k :", parameter_block, keylen);
3945 if(wrap)
3946 LOGBYTE("wkvp :", ¶meter_block[keylen], 32);
3947 LOGBYTE("tweak :", tweak, 16);
3948 LOGBYTE("bsn :", bsn, 16);
3949 LOGBYTE("ibi :", ibi, 16);
3950 LOGBYTE("xts :", xts, 16);
3951 #endif /* #ifdef OPTION_PCC_DEBUG */
3952
3953 /* Verify and unwrap */
3954 if(wrap && unwrap_aes(parameter_block, keylen))
3955 {
3956
3957 #ifdef OPTION_PCC_DEBUG
3958 logmsg("Wrapping Verification Pattern does not match, return with cc1\n");
3959 #endif /* #ifdef OPTION_PCC_DEBUG */
3960
3961 regs->psw.cc = 1;
3962 return;
3963 }
3964
3965 /* Encrypt tweak */
3966 aes_set_key(&context, parameter_block, keylen * 8);
3967 aes_encrypt(&context, tweak, tweak);
3968
3969 /* Check block sequential number (j) == 0 */
3970 if(!memcmp(bsn, zero, 16))
3971 {
3972 memset(ibi, 0, 15);
3973 ibi[15] = 128;
3974 memcpy(xts, tweak, 16);
3975 }
3976 else
3977 {
3978 /* Check intermediate block index (t) > 127 */
3979 if(memcmp(ibi, zero, 15) || ibi[15] > 127)
3980 {
3981 /* Invalid imtermediate block index, return with cc2 */
3982 regs->psw.cc = 2;
3983 return;
3984 }
3985
3986 /* Intitial execution? */
3987 if(!ibi[15]) memcpy(xts, tweak, 16);
3988
3989 /* Calculate xts parameter */
3990 do
3991 {
3992 if(bsn[ibi[15] / 8] & mask[ibi[15] % 8])
3993 {
3994 #ifdef OPTION_PCC_DEBUG
3995 LOGBYTE("ibi :", ibi, 16);
3996 LOGBYTE("xts :", xts, 16);
3997 #endif /* #ifdef OPTION_PCC_DEBUG */
3998 xts_gf_mult(xts, exp_table[ibi[15]], xts);
3999 }
4000 ibi[15]++;
4001 }
4002 while(ibi[15] != 128);
4003 }
4004
4005 #ifdef OPTION_PCC_DEBUG
4006 LOGBYTE("ibi :", ibi, 16);
4007 LOGBYTE("xts :", xts, 16);
4008 #endif /* #ifdef OPTION_PCC_DEBUG */
4009
4010 /* Store Intermediate Bit Index and XTS */
4011 ARCH_DEP(vstorec)(ibi, 31, (GR_A(1, regs) + parameter_blocklen - 32) & ADDRESS_MAXWRAP(regs), 1, regs);
4012
4013 /* Normal completion */
4014 regs->psw.cc = 0;
4015 }
4016 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_4 */
4017
4018 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_3
4019 /*----------------------------------------------------------------------------*/
4020 /* Perform cryptographic key management operation (PCKMO) FC 1-3 [RRE] */
4021 /*----------------------------------------------------------------------------*/
ARCH_DEP(pckmo_dea)4022 static void ARCH_DEP(pckmo_dea)(REGS *regs)
4023 {
4024 int fc;
4025 int keylen;
4026 BYTE parameter_block[64];
4027 int parameter_blocklen;
4028
4029 /* Initialize values */
4030 fc = GR0_fc(regs);
4031 keylen = fc * 8;
4032 parameter_blocklen = keylen + 24;
4033
4034 /* Test writeability */
4035 ARCH_DEP(validate_operand)(GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, parameter_blocklen - 1, ACCTYPE_WRITE, regs);
4036
4037 /* Fetch the parameter block */
4038 ARCH_DEP(vfetchc)(parameter_block, parameter_blocklen - 1, GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, regs);
4039
4040 #ifdef OPTION_PCKMO_DEBUG
4041 LOGBYTE("key in : ", parameter_block, keylen);
4042 LOGBYTE("wkvp : ", ¶meter_block[keylen], parameter_blocklen - keylen);
4043 #endif /* #ifdef OPTION_PCKMO_DEBUG */
4044
4045 /* Encrypt the key and fill the wrapping key verification pattern */
4046 wrap_dea(parameter_block, keylen);
4047
4048 /* Store the parameterblock */
4049 ARCH_DEP(vstorec)(parameter_block, parameter_blocklen - 1, GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, regs);
4050
4051 #ifdef OPTION_PCKMO_DEBUG
4052 LOGBYTE("key out: ", parameter_block, keylen);
4053 LOGBYTE("wkvp : ", ¶meter_block[keylen], parameter_blocklen - keylen);
4054 #endif /* #ifdef OPTION_PCKMO_DEBUG */
4055 }
4056
4057 /*----------------------------------------------------------------------------*/
4058 /* Perform cryptographic key management operation (PCKMO) FC 18-20 [RRE] */
4059 /*----------------------------------------------------------------------------*/
ARCH_DEP(pckmo_aes)4060 static void ARCH_DEP(pckmo_aes)(REGS *regs)
4061 {
4062 int fc;
4063 int keylen;
4064 BYTE parameter_block[64];
4065 int parameter_blocklen;
4066
4067 /* Initialize values */
4068 fc = GR0_fc(regs);
4069 keylen = (fc - 16) * 8;
4070 parameter_blocklen = keylen + 32;
4071
4072 /* Test writeability */
4073 ARCH_DEP(validate_operand)(GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, parameter_blocklen - 1, ACCTYPE_WRITE, regs);
4074
4075 /* Fetch the parameter block */
4076 ARCH_DEP(vfetchc)(parameter_block, parameter_blocklen - 1, GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, regs);
4077
4078 #ifdef OPTION_PCKMO_DEBUG
4079 LOGBYTE("key in : ", parameter_block, keylen);
4080 LOGBYTE("wkvp : ", ¶meter_block[keylen], parameter_blocklen - keylen);
4081 #endif /* #ifdef OPTION_PCKMO_DEBUG */
4082
4083 /* Encrypt the key and fill the wrapping key verification pattern */
4084 wrap_aes(parameter_block, keylen);
4085
4086 /* Store the parameterblock */
4087 ARCH_DEP(vstorec)(parameter_block, parameter_blocklen - 1, GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, regs);
4088
4089 #ifdef OPTION_PCKMO_DEBUG
4090 LOGBYTE("key out: ", parameter_block, keylen);
4091 LOGBYTE("wkvp : ", ¶meter_block[keylen], parameter_blocklen - keylen);
4092 #endif /* #ifdef OPTION_PCKMO_DEBUG */
4093 }
4094 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_3 */
4095
4096 /*----------------------------------------------------------------------------*/
4097 /* B93E KIMD - Compute intermediate message digest [RRE] */
4098 /*----------------------------------------------------------------------------*/
DEF_INST(compute_intermediate_message_digest_d)4099 DEF_INST(compute_intermediate_message_digest_d)
4100 {
4101 int r1;
4102 int r2;
4103
4104 RRE(inst, regs, r1, r2);
4105
4106 #ifdef OPTION_KIMD_DEBUG
4107 logmsg("KIMD: compute intermediate message digest\n");
4108 logmsg(" r1 : GR%02d\n", r1);
4109 logmsg(" address : " F_VADR "\n", regs->GR(r1));
4110 logmsg(" r2 : GR%02d\n", r2);
4111 logmsg(" address : " F_VADR "\n", regs->GR(r2));
4112 logmsg(" length : " F_GREG "\n", regs->GR(r2 + 1));
4113 logmsg(" GR00 : " F_GREG "\n", regs->GR(0));
4114 logmsg(" bit 56 : %s\n", TRUEFALSE(GR0_m(regs)));
4115 logmsg(" fc : %d\n", GR0_fc(regs));
4116 logmsg(" GR01 : " F_GREG "\n", regs->GR(1));
4117 #endif /* #ifdef OPTION_KIMD_DEBUG */
4118
4119 /* Check special conditions */
4120 if(unlikely(!r2 || r2 & 0x01 || GR0_m(regs)))
4121 ARCH_DEP(program_interrupt)(regs, PGM_SPECIFICATION_EXCEPTION);
4122
4123 switch(GR0_fc(regs))
4124 {
4125 case 0: /* Query */
4126 {
4127 BYTE parameter_block[16] = KIMD_BITS;
4128
4129 /* Store the parameter block */
4130 ARCH_DEP(vstorec)(parameter_block, 15, GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, regs);
4131
4132 #ifdef OPTION_KIMD_DEBUG
4133 LOGBYTE("output:", parameter_block, 16);
4134 #endif /* #ifdef OPTION_KIMD_DEBUG */
4135
4136 /* Set condition code 0 */
4137 regs->psw.cc = 0;
4138 return;
4139 }
4140 case 1: /* sha-1 */
4141 {
4142 ARCH_DEP(kimd_sha)(r1, r2, regs, 0);
4143 break;
4144 }
4145
4146 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_1
4147 case 2: /* sha-256 */
4148 {
4149 ARCH_DEP(kimd_sha)(r1, r2, regs, 0);
4150 break;
4151 }
4152 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_1 */
4153
4154 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_2
4155 case 3: /* sha-512 */
4156 {
4157 ARCH_DEP(kimd_sha)(r1, r2, regs, 0);
4158 break;
4159 }
4160 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_2 */
4161
4162 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_4
4163 case 65: /* ghash */
4164 {
4165 ARCH_DEP(kimd_ghash)(r1, r2, regs);
4166 break;
4167 }
4168 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_4 */
4169
4170 default:
4171 {
4172 ARCH_DEP(program_interrupt)(regs, PGM_SPECIFICATION_EXCEPTION);
4173 break;
4174 }
4175 }
4176 }
4177
4178 /*----------------------------------------------------------------------------*/
4179 /* B93F KLMD - Compute last message digest [RRE] */
4180 /*----------------------------------------------------------------------------*/
DEF_INST(compute_last_message_digest_d)4181 DEF_INST(compute_last_message_digest_d)
4182 {
4183 int r1;
4184 int r2;
4185
4186 RRE(inst, regs, r1, r2);
4187
4188 #ifdef OPTION_KLMD_DEBUG
4189 logmsg("KLMD: compute last message digest\n");
4190 logmsg(" r1 : GR%02d\n", r1);
4191 logmsg(" address : " F_VADR "\n", regs->GR(r1));
4192 logmsg(" r2 : GR%02d\n", r2);
4193 logmsg(" address : " F_VADR "\n", regs->GR(r2));
4194 logmsg(" length : " F_GREG "\n", regs->GR(r2 + 1));
4195 logmsg(" GR00 : " F_GREG "\n", regs->GR(0));
4196 logmsg(" bit 56 : %s\n", TRUEFALSE(GR0_m(regs)));
4197 logmsg(" fc : %d\n", GR0_fc(regs));
4198 logmsg(" GR01 : " F_GREG "\n", regs->GR(1));
4199 #endif /* #ifdef OPTION_KLMD_DEBUG */
4200
4201 /* Check special conditions */
4202 if(unlikely(!r2 || r2 & 0x01 || GR0_m(regs)))
4203 ARCH_DEP(program_interrupt)(regs, PGM_SPECIFICATION_EXCEPTION);
4204
4205 switch(GR0_fc(regs))
4206 {
4207 case 0: /* Query */
4208 {
4209 BYTE parameter_block[16] = KLMD_BITS;
4210
4211 /* Store the parameter block */
4212 ARCH_DEP(vstorec)(parameter_block, 15, GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, regs);
4213
4214 #ifdef OPTION_KLMD_DEBUG
4215 LOGBYTE("output:", parameter_block, 16);
4216 #endif /* #ifdef OPTION_KLMD_DEBUG */
4217
4218 /* Set condition code 0 */
4219 regs->psw.cc = 0;
4220 return;
4221 }
4222 case 1: /* sha-1 */
4223 {
4224 ARCH_DEP(klmd_sha)(r1, r2, regs);
4225 break;
4226 }
4227 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_1
4228 case 2: /* sha-256 */
4229 {
4230 ARCH_DEP(klmd_sha)(r1, r2, regs);
4231 break;
4232 }
4233 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_1 */
4234
4235 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_2
4236 case 3: /* sha-512 */
4237 {
4238 ARCH_DEP(klmd_sha)(r1, r2, regs);
4239 break;
4240 }
4241 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_2 */
4242
4243 default:
4244 {
4245 ARCH_DEP(program_interrupt)(regs, PGM_SPECIFICATION_EXCEPTION);
4246 break;
4247 }
4248 }
4249 }
4250
4251 /*----------------------------------------------------------------------------*/
4252 /* B92E KM - Cipher message [RRE] */
4253 /*----------------------------------------------------------------------------*/
DEF_INST(cipher_message_d)4254 DEF_INST(cipher_message_d)
4255 {
4256 int r1;
4257 int r2;
4258
4259 RRE(inst, regs, r1, r2);
4260
4261 #ifdef OPTION_KM_DEBUG
4262 logmsg("KM: cipher message\n");
4263 logmsg(" r1 : GR%02d\n", r1);
4264 logmsg(" address : " F_VADR "\n", regs->GR(r1));
4265 logmsg(" r2 : GR%02d\n", r2);
4266 logmsg(" address : " F_VADR "\n", regs->GR(r2));
4267 logmsg(" length : " F_GREG "\n", regs->GR(r2 + 1));
4268 logmsg(" GR00 : " F_GREG "\n", regs->GR(0));
4269 logmsg(" m : %s\n", TRUEFALSE(GR0_m(regs)));
4270 logmsg(" fc : %d\n", GR0_fc(regs));
4271 logmsg(" GR01 : " F_GREG "\n", regs->GR(1));
4272 #endif /* #ifdef OPTION_KM_DEBUG */
4273
4274 /* Check special conditions */
4275 if(unlikely(!r1 || r1 & 0x01 || !r2 || r2 & 0x01))
4276 ARCH_DEP(program_interrupt)(regs, PGM_SPECIFICATION_EXCEPTION);
4277
4278 switch(GR0_fc(regs))
4279 {
4280 case 0: /* Query */
4281 {
4282 BYTE parameter_block[16] = KM_BITS;
4283
4284 /* Store the parameter block */
4285 ARCH_DEP(vstorec)(parameter_block, 15, GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, regs);
4286
4287 #ifdef OPTION_KM_DEBUG
4288 LOGBYTE("output:", parameter_block, 16);
4289 #endif /* #ifdef OPTION_KM_DEBUG */
4290
4291 /* Set condition code 0 */
4292 regs->psw.cc = 0;
4293 return;
4294 }
4295 case 1: /* dea */
4296 case 2: /* tdea-128 */
4297 case 3: /* tdea-192 */
4298 {
4299 ARCH_DEP(km_dea)(r1, r2, regs);
4300 break;
4301 }
4302
4303 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_3
4304 case 9: /* encrypted dea */
4305 case 10: /* encrypted tdea-128 */
4306 case 11: /* encrypted tdea-192 */
4307 {
4308 ARCH_DEP(km_dea)(r1, r2, regs);
4309 break;
4310 }
4311 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_3 */
4312
4313 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_1
4314 case 18: /* aes-128 */
4315 {
4316 ARCH_DEP(km_aes)(r1, r2, regs);
4317 break;
4318 }
4319 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_1 */
4320
4321 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_2
4322 case 19: /* aes-192 */
4323 case 20: /* aes-256 */
4324 {
4325 ARCH_DEP(km_aes)(r1, r2, regs);
4326 break;
4327 }
4328 #endif /* #ifdef #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_2 */
4329
4330 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_3
4331 case 26: /* encrypted aes-128 */
4332 case 27: /* encrypted aes-192 */
4333 case 28: /* encrypted aes-256 */
4334 {
4335 ARCH_DEP(km_aes)(r1, r2, regs);
4336 break;
4337 }
4338 #endif /* #ifdef #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_3 */
4339
4340 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_4
4341 case 50: /* xts aes-128 */
4342 case 52: /* xts aes-256 */
4343 case 58: /* encrypted xts aes-128 */
4344 case 60: /* encrypted xts aes-256 */
4345 {
4346 ARCH_DEP(km_xts_aes)(r1, r2, regs);
4347 break;
4348 }
4349 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_4 */
4350
4351 default:
4352 {
4353 ARCH_DEP(program_interrupt)(regs, PGM_SPECIFICATION_EXCEPTION);
4354 break;
4355 }
4356 }
4357 }
4358
4359 /*----------------------------------------------------------------------------*/
4360 /* B91E KMAC - Compute message authentication code [RRE] */
4361 /*----------------------------------------------------------------------------*/
DEF_INST(compute_message_authentication_code_d)4362 DEF_INST(compute_message_authentication_code_d)
4363 {
4364 int r1;
4365 int r2;
4366
4367 RRE(inst, regs, r1, r2);
4368
4369 #ifdef OPTION_KMAC_DEBUG
4370 logmsg("KMAC: compute message authentication code\n");
4371 logmsg(" r2 : GR%02d\n", r2);
4372 logmsg(" address : " F_VADR "\n", regs->GR(r2));
4373 logmsg(" length : " F_GREG "\n", regs->GR(r2 + 1));
4374 logmsg(" GR00 : " F_GREG "\n", regs->GR(0));
4375 logmsg(" bit 56 : %s\n", TRUEFALSE(GR0_m(regs)));
4376 logmsg(" fc : %d\n", GR0_fc(regs));
4377 logmsg(" GR01 : " F_GREG "\n", regs->GR(1));
4378 #endif /* #ifdef OPTION_KMAC_DEBUG */
4379
4380 /* Check special conditions */
4381 if(unlikely(!r2 || r2 & 0x01 || GR0_m(regs)))
4382 ARCH_DEP(program_interrupt)(regs, PGM_SPECIFICATION_EXCEPTION);
4383
4384 switch(GR0_fc(regs))
4385 {
4386 case 0: /* Query */
4387 {
4388 BYTE parameter_block[16] = KMAC_BITS;
4389
4390 /* Store the parameter block */
4391 ARCH_DEP(vstorec)(parameter_block, 15, GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, regs);
4392
4393 #ifdef OPTION_KMAC_DEBUG
4394 LOGBYTE("output:", parameter_block, 16);
4395 #endif /* #ifdef OPTION_KMAC_DEBUG */
4396
4397 /* Set condition code 0 */
4398 regs->psw.cc = 0;
4399 return;
4400 }
4401 case 1: /* dea */
4402 case 2: /* tdea-128 */
4403 case 3: /* tdea-192 */
4404 {
4405 ARCH_DEP(kmac_dea)(r1, r2, regs);
4406 break;
4407 }
4408
4409 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_3
4410 case 9: /* encrypted dea */
4411 case 10: /* encrypted tdea-128 */
4412 case 11: /* encrypted tdea-192 */
4413 {
4414 ARCH_DEP(kmac_dea)(r1, r2, regs);
4415 break;
4416 }
4417 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_3 */
4418
4419 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_4
4420 case 18: /* aes */
4421 case 19: /* aes-192 */
4422 case 20: /* aes-256 */
4423 case 26: /* encrypted aes */
4424 case 27: /* encrypted aes-192 */
4425 case 28: /* encrypted aes-256 */
4426 {
4427 ARCH_DEP(kmac_aes)(r1, r2, regs);
4428 break;
4429 }
4430 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_4 */
4431
4432 default:
4433 {
4434 ARCH_DEP(program_interrupt)(regs, PGM_SPECIFICATION_EXCEPTION);
4435 break;
4436 }
4437 }
4438 }
4439
4440 /*----------------------------------------------------------------------------*/
4441 /* B92F KMC - Cipher message with chaining [RRE] */
4442 /*----------------------------------------------------------------------------*/
DEF_INST(cipher_message_with_chaining_d)4443 DEF_INST(cipher_message_with_chaining_d)
4444 {
4445 int r1;
4446 int r2;
4447
4448 RRE(inst, regs, r1, r2);
4449
4450 #ifdef OPTION_KMC_DEBUG
4451 logmsg("KMC: cipher message with chaining\n");
4452 logmsg(" r1 : GR%02d\n", r1);
4453 logmsg(" address : " F_VADR "\n", regs->GR(r1));
4454 logmsg(" r2 : GR%02d\n", r2);
4455 logmsg(" address : " F_VADR "\n", regs->GR(r2));
4456 logmsg(" length : " F_GREG "\n", regs->GR(r2 + 1));
4457 logmsg(" GR00 : " F_GREG "\n", regs->GR(0));
4458 logmsg(" m : %s\n", TRUEFALSE(GR0_m(regs)));
4459 logmsg(" fc : %d\n", GR0_fc(regs));
4460 logmsg(" GR01 : " F_GREG "\n", regs->GR(1));
4461 #endif /* #ifdef OPTION_KMC_DEBUG */
4462
4463 /* Check special conditions */
4464 if(unlikely(!r1 || r1 & 0x01 || !r2 || r2 & 0x01))
4465 ARCH_DEP(program_interrupt)(regs, PGM_SPECIFICATION_EXCEPTION);
4466
4467 switch(GR0_fc(regs))
4468 {
4469 case 0: /* Query */
4470 {
4471 BYTE parameter_block[16] = KMC_BITS;
4472
4473 /* Store the parameter block */
4474 ARCH_DEP(vstorec)(parameter_block, 15, GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, regs);
4475
4476 #ifdef OPTION_KMC_DEBUG
4477 LOGBYTE("output:", parameter_block, 16);
4478 #endif /* #ifdef OPTION_KMC_DEBUG */
4479
4480 /* Set condition code 0 */
4481 regs->psw.cc = 0;
4482 return;
4483 }
4484 case 1: /* dea */
4485 case 2: /* tdea-128 */
4486 case 3: /* tdea-192 */
4487 {
4488 ARCH_DEP(kmc_dea)(r1, r2, regs);
4489 break;
4490 }
4491
4492 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_3
4493 case 9: /* encrypted dea */
4494 case 10: /* encrypted tdea-128 */
4495 case 11: /* encrypted tdea-192 */
4496 {
4497 ARCH_DEP(kmc_dea)(r1, r2, regs);
4498 break;
4499 }
4500 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_3 */
4501
4502 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_1
4503 case 18: /* aes-128 */
4504 {
4505 ARCH_DEP(kmc_aes)(r1, r2, regs);
4506 break;
4507 }
4508 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_1 */
4509
4510 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_2
4511 case 19: /* aes-192 */
4512 case 20: /* aes-256 */
4513 {
4514 ARCH_DEP(kmc_aes)(r1, r2, regs);
4515 break;
4516 }
4517 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_2 */
4518
4519 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_3
4520 case 26: /* encrypted aes-128 */
4521 case 27: /* encrypted aes-192 */
4522 case 28: /* encrypted aes-256 */
4523 {
4524 ARCH_DEP(kmc_aes)(r1, r2, regs);
4525 break;
4526 }
4527 #endif /* FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_3 */
4528
4529 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_1
4530 case 67: /* prng */
4531 {
4532 ARCH_DEP(kmc_prng)(r1, r2, regs);
4533 break;
4534 }
4535 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_1 */
4536
4537 default:
4538 {
4539 ARCH_DEP(program_interrupt)(regs, PGM_SPECIFICATION_EXCEPTION);
4540 break;
4541 }
4542 }
4543 }
4544
4545 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_4
4546 /*----------------------------------------------------------------------------*/
4547 /* B92D KMCTR - Cipher message with counter [RRF] */
4548 /*----------------------------------------------------------------------------*/
DEF_INST(cipher_message_with_counter_d)4549 DEF_INST(cipher_message_with_counter_d)
4550 {
4551 int r1;
4552 int r2;
4553 int r3;
4554
4555 RRF_M(inst, regs, r1, r2, r3);
4556
4557 #ifdef OPTION_KMCTR_DEBUG
4558 logmsg("KMCTR: cipher message with counter\n");
4559 logmsg(" r1 : GR%02d\n", r1);
4560 logmsg(" address : " F_VADR "\n", regs->GR(r1));
4561 logmsg(" r2 : GR%02d\n", r2);
4562 logmsg(" address : " F_VADR "\n", regs->GR(r2));
4563 logmsg(" length : " F_GREG "\n", regs->GR(r2 + 1));
4564 logmsg(" r3 : GR%02d\n", r3);
4565 logmsg(" GR00 : " F_GREG "\n", regs->GR(0));
4566 logmsg(" fc : %d\n", GR0_fc(regs));
4567 logmsg(" GR01 : " F_GREG "\n", regs->GR(1));
4568 #endif /* #ifdef OPTION_KMCTR_DEBUG */
4569
4570 /* Check special conditions */
4571 if(unlikely(!r1 || r1 & 0x01 || !r2 || r2 & 0x01 || !r3 || r3 & 0x01))
4572 ARCH_DEP(program_interrupt)(regs, PGM_SPECIFICATION_EXCEPTION);
4573
4574 switch(GR0_fc(regs))
4575 {
4576 case 0: /* Query */
4577 {
4578 BYTE parameter_block[16] = KMO_BITS;
4579
4580 /* Store the parameter block */
4581 ARCH_DEP(vstorec)(parameter_block, 15, GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, regs);
4582
4583 #ifdef OPTION_KMCTR_DEBUG
4584 LOGBYTE("output:", parameter_block, 16);
4585 #endif /* #ifdef OPTION_KMCTR_DEBUG */
4586
4587 /* Set condition code 0 */
4588 regs->psw.cc = 0;
4589 return;
4590 }
4591
4592 case 1: /* dea */
4593 case 2: /* tdea-128 */
4594 case 3: /* tdea-192 */
4595 case 9: /* encrypted dea */
4596 case 10: /* encrypted tdea-128 */
4597 case 11: /* encrypted tdea-192 */
4598 {
4599 ARCH_DEP(kmctr_dea)(r1, r2, r3, regs);
4600 break;
4601 }
4602 case 18: /* aes-128 */
4603 case 19: /* aes-192 */
4604 case 20: /* aes-256 */
4605 case 26: /* encrypted aes-128 */
4606 case 27: /* encrypted aes-192 */
4607 case 28: /* encrypted aes-256 */
4608 {
4609 ARCH_DEP(kmctr_aes)(r1, r2, r3, regs);
4610 break;
4611 }
4612 default:
4613 {
4614 ARCH_DEP(program_interrupt)(regs, PGM_SPECIFICATION_EXCEPTION);
4615 break;
4616 }
4617 }
4618 }
4619
4620 /*----------------------------------------------------------------------------*/
4621 /* B92A KMF - Cipher message with cipher feedback [RRE] */
4622 /*----------------------------------------------------------------------------*/
DEF_INST(cipher_message_with_cipher_feedback_d)4623 DEF_INST(cipher_message_with_cipher_feedback_d)
4624 {
4625 int r1;
4626 int r2;
4627
4628 RRE(inst, regs, r1, r2);
4629
4630 #ifdef OPTION_KMF_DEBUG
4631 logmsg("KMF: cipher message with cipher feedback\n");
4632 logmsg(" r1 : GR%02d\n", r1);
4633 logmsg(" address : " F_VADR "\n", regs->GR(r1));
4634 logmsg(" r2 : GR%02d\n", r2);
4635 logmsg(" address : " F_VADR "\n", regs->GR(r2));
4636 logmsg(" length : " F_GREG "\n", regs->GR(r2 + 1));
4637 logmsg(" GR00 : " F_GREG "\n", regs->GR(0));
4638 logmsg(" lcfb : %d\n", GR0_lcfb(regs));
4639 logmsg(" m : %s\n", TRUEFALSE(GR0_m(regs)));
4640 logmsg(" fc : %d\n", GR0_fc(regs));
4641 logmsg(" GR01 : " F_GREG "\n", regs->GR(1));
4642 #endif /* #ifdef OPTION_KMF_DEBUG */
4643
4644 /* Check special conditions */
4645 if(unlikely(!r1 || r1 & 0x01 || !r2 || r2 & 0x01))
4646 ARCH_DEP(program_interrupt)(regs, PGM_SPECIFICATION_EXCEPTION);
4647
4648 switch(GR0_fc(regs))
4649 {
4650 case 0: /* Query */
4651 {
4652 BYTE parameter_block[16] = KMF_BITS;
4653
4654 /* Store the parameter block */
4655 ARCH_DEP(vstorec)(parameter_block, 15, GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, regs);
4656
4657 #ifdef OPTION_KMF_DEBUG
4658 LOGBYTE("output:", parameter_block, 16);
4659 #endif /* #ifdef OPTION_KMF_DEBUG */
4660
4661 /* Set condition code 0 */
4662 regs->psw.cc = 0;
4663 return;
4664 }
4665
4666 case 1: /* dea */
4667 case 2: /* tdea-128 */
4668 case 3: /* tdea-192 */
4669 case 9: /* encrypted dea */
4670 case 10: /* encrypted tdea-128 */
4671 case 11: /* encrypted tdea-192 */
4672 {
4673 ARCH_DEP(kmf_dea)(r1, r2, regs);
4674 break;
4675 }
4676 case 18: /* aes-128 */
4677 case 19: /* aes-192 */
4678 case 20: /* aes-256 */
4679 case 26: /* encrypted aes-128 */
4680 case 27: /* encrypted aes-192 */
4681 case 28: /* encrypted aes-256 */
4682 {
4683 ARCH_DEP(kmf_aes)(r1, r2, regs);
4684 break;
4685 }
4686 default:
4687 {
4688 ARCH_DEP(program_interrupt)(regs, PGM_SPECIFICATION_EXCEPTION);
4689 break;
4690 }
4691 }
4692 }
4693
4694 /*----------------------------------------------------------------------------*/
4695 /* B92B KMO - Cipher message with output feedback [RRE] */
4696 /*----------------------------------------------------------------------------*/
DEF_INST(cipher_message_with_output_feedback_d)4697 DEF_INST(cipher_message_with_output_feedback_d)
4698 {
4699 int r1;
4700 int r2;
4701
4702 RRE(inst, regs, r1, r2);
4703
4704 #ifdef OPTION_KMO_DEBUG
4705 logmsg("KMO: cipher message with output feedback\n");
4706 logmsg(" r1 : GR%02d\n", r1);
4707 logmsg(" address : " F_VADR "\n", regs->GR(r1));
4708 logmsg(" r2 : GR%02d\n", r2);
4709 logmsg(" address : " F_VADR "\n", regs->GR(r2));
4710 logmsg(" length : " F_GREG "\n", regs->GR(r2 + 1));
4711 logmsg(" GR00 : " F_GREG "\n", regs->GR(0));
4712 logmsg(" fc : %d\n", GR0_fc(regs));
4713 logmsg(" GR01 : " F_GREG "\n", regs->GR(1));
4714 #endif /* #ifdef OPTION_KMO_DEBUG */
4715
4716 /* Check special conditions */
4717 if(unlikely(!r1 || r1 & 0x01 || !r2 || r2 & 0x01))
4718 ARCH_DEP(program_interrupt)(regs, PGM_SPECIFICATION_EXCEPTION);
4719
4720 switch(GR0_fc(regs))
4721 {
4722 case 0: /* Query */
4723 {
4724 BYTE parameter_block[16] = KMO_BITS;
4725
4726 /* Store the parameter block */
4727 ARCH_DEP(vstorec)(parameter_block, 15, GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, regs);
4728
4729 #ifdef OPTION_KMO_DEBUG
4730 LOGBYTE("output:", parameter_block, 16);
4731 #endif /* #ifdef OPTION_KMO_DEBUG */
4732
4733 /* Set condition code 0 */
4734 regs->psw.cc = 0;
4735 return;
4736 }
4737 case 1: /* dea */
4738 case 2: /* tdea-128 */
4739 case 3: /* tdea-192 */
4740 case 9: /* encrypted dea */
4741 case 10: /* encrypted tdea-128 */
4742 case 11: /* encrypted tdea-192 */
4743 {
4744 ARCH_DEP(kmo_dea)(r1, r2, regs);
4745 break;
4746 }
4747 case 18: /* aes-128 */
4748 case 19: /* aes-192 */
4749 case 20: /* aes-256 */
4750 case 26: /* encrypted aes-128 */
4751 case 27: /* encrypted aes-192 */
4752 case 28: /* encrypted aes-256 */
4753 {
4754 ARCH_DEP(kmo_aes)(r1, r2, regs);
4755 break;
4756 }
4757 default:
4758 {
4759 ARCH_DEP(program_interrupt)(regs, PGM_SPECIFICATION_EXCEPTION);
4760 break;
4761 }
4762 }
4763 }
4764
4765 /*----------------------------------------------------------------------------*/
4766 /* B92C PCC - Perform cryptographic computation [RRE] */
4767 /*----------------------------------------------------------------------------*/
DEF_INST(perform_cryptographic_computation_d)4768 DEF_INST(perform_cryptographic_computation_d)
4769 {
4770 int r1;
4771 int r2;
4772
4773 RRE(inst, regs, r1, r2);
4774
4775 #ifdef OPTION_PCC_DEBUG
4776 logmsg("PCC: perform cryptographic computation\n");
4777 logmsg(" GR00 : " F_GREG "\n", regs->GR(0));
4778 logmsg(" bit 56 : %s\n", TRUEFALSE(GR0_m(regs)));
4779 logmsg(" fc : %d\n", GR0_fc(regs));
4780 logmsg(" GR01 : " F_GREG "\n", regs->GR(1));
4781 #endif /* #ifdef OPTION_PCC_DEBUG */
4782
4783 /* Check special conditions */
4784 if(unlikely(GR0_m(regs)))
4785 ARCH_DEP(program_interrupt)(regs, PGM_SPECIFICATION_EXCEPTION);
4786
4787 switch(GR0_fc(regs))
4788 {
4789 case 0: /* Query */
4790 {
4791 BYTE parameter_block[16] = PCC_BITS;
4792
4793 /* Store the parameter block */
4794 ARCH_DEP(vstorec)(parameter_block, 15, GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, regs);
4795
4796 #ifdef OPTION_PCC_DEBUG
4797 LOGBYTE("output:", parameter_block, 16);
4798 #endif /* #ifdef OPTION_PCC_DEBUG */
4799
4800 /* Set condition code 0 */
4801 regs->psw.cc = 0;
4802 return;
4803 }
4804 case 1: /* dea */
4805 case 2: /* tdea-128 */
4806 case 3: /* tdea-192 */
4807 case 9: /* encrypted dea */
4808 case 10: /* encrypted tdea-128 */
4809 case 11: /* encrypted tdea-192 */
4810 {
4811 ARCH_DEP(pcc_cmac_dea)(regs);
4812 break;
4813 }
4814 case 18: /* aes-128 */
4815 case 19: /* aes-192 */
4816 case 20: /* aes-256 */
4817 case 26: /* encrypted aes-128 */
4818 case 27: /* encrypted aes-192 */
4819 case 28: /* encrypted aes-256 */
4820 {
4821 ARCH_DEP(pcc_cmac_aes)(regs);
4822 break;
4823 }
4824 case 50: /* aes-128 */
4825 case 52: /* aes-256 */
4826 case 58: /* encrypted aes-128 */
4827 case 60: /* encrypted aes-256 */
4828 {
4829 ARCH_DEP(pcc_xts_aes)(regs);
4830 break;
4831 }
4832 default:
4833 {
4834 ARCH_DEP(program_interrupt)(regs, PGM_SPECIFICATION_EXCEPTION);
4835 break;
4836 }
4837 }
4838
4839 }
4840 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_4 */
4841
4842 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_3
4843 /*----------------------------------------------------------------------------*/
4844 /* B928 PCKMO - Perform cryptographic key management operation [RRE] */
4845 /*----------------------------------------------------------------------------*/
DEF_INST(perform_cryptographic_key_management_operation_d)4846 DEF_INST(perform_cryptographic_key_management_operation_d)
4847 {
4848 int fc;
4849 int r1;
4850 int r2;
4851
4852 RRE(inst, regs, r1, r2);
4853
4854 #ifdef OPTION_PCKMO_DEBUG
4855 logmsg("PCKMO: perform cryptographic key management operation\n");
4856 logmsg(" GR00 : " F_GREG "\n", regs->GR(0));
4857 logmsg(" bit 56 : %s\n", TRUEFALSE(GR0_m(regs)));
4858 logmsg(" fc : %d\n", GR0_fc(regs));
4859 logmsg(" GR01 : " F_GREG "\n", regs->GR(1));
4860 #endif /* #ifdef OPTION_PCKMO_DEBUG */
4861
4862 /* Privileged operation */
4863 PRIV_CHECK(regs);
4864
4865 /* Check special conditions */
4866 if(unlikely(GR0_m(regs)))
4867 ARCH_DEP(program_interrupt)(regs, PGM_SPECIFICATION_EXCEPTION);
4868
4869 /* Initialize values */
4870 fc = GR0_fc(regs);
4871 switch(fc)
4872 {
4873 case 0: /* Query */
4874 {
4875 BYTE parameter_block[16] = PCKMO_BITS;
4876
4877 /* Store the parameter block */
4878 ARCH_DEP(vstorec)(parameter_block, 15, GR_A(1, regs) & ADDRESS_MAXWRAP(regs), 1, regs);
4879
4880 #ifdef OPTION_PCKMO_DEBUG
4881 LOGBYTE("output:", parameter_block, 16);
4882 #endif /* #ifdef OPTION_PCKMO_DEBUG */
4883
4884 return;
4885 }
4886 case 1: /* encrypt-dea */
4887 case 2: /* encrypt-tdea-128 */
4888 case 3: /* encrypt-tdea-192 */
4889 {
4890 ARCH_DEP(pckmo_dea)(regs);
4891 break;
4892 }
4893 case 18: /* encrypt-aes-128 */
4894 case 19: /* encrypt-aes-192 */
4895 case 20: /* encrypt-aes-256 */
4896 {
4897 ARCH_DEP(pckmo_aes)(regs);
4898 break;
4899 }
4900 default:
4901 {
4902 ARCH_DEP(program_interrupt)(regs, PGM_SPECIFICATION_EXCEPTION);
4903 break;
4904 }
4905 }
4906 }
4907 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_3 */
4908
4909 #endif /* #ifdef FEATURE_MESSAGE_SECURITY_ASSIST */
4910
4911 #ifndef _GEN_ARCH
4912
4913 #ifdef _ARCHMODE2
4914 #define _GEN_ARCH _ARCHMODE2
4915 #include "dyncrypt.c"
4916 #endif /* #ifdef _ARCHMODE2 */
4917 #ifdef _ARCHMODE3
4918 #undef _GEN_ARCH
4919 #define _GEN_ARCH _ARCHMODE3
4920 #include "dyncrypt.c"
4921 #endif /* #ifdef _ARCHMODE3 */
4922
4923 HDL_DEPENDENCY_SECTION;
4924 {
4925 HDL_DEPENDENCY(HERCULES);
4926 HDL_DEPENDENCY(REGS);
4927 // HDL_DEPENDENCY(DEVBLK);
4928 HDL_DEPENDENCY(SYSBLK);
4929 // HDL_DEPENDENCY(WEBBLK);
4930 }
4931 END_DEPENDENCY_SECTION;
4932
4933 HDL_REGISTER_SECTION;
4934 {
4935 #if defined(_390_FEATURE_MESSAGE_SECURITY_ASSIST)
4936 HDL_REGISTER(s390_cipher_message, s390_cipher_message_d);
4937 HDL_REGISTER(s390_cipher_message_with_chaining, s390_cipher_message_with_chaining_d);
4938 HDL_REGISTER(s390_cipher_message_with_cipher_feedback, s390_cipher_message_with_cipher_feedback_d);
4939 HDL_REGISTER(s390_cipher_message_with_counter, s390_cipher_message_with_counter_d);
4940 HDL_REGISTER(s390_cipher_message_with_output_feedback, s390_cipher_message_with_output_feedback_d);
4941 HDL_REGISTER(s390_compute_intermediate_message_digest, s390_compute_intermediate_message_digest_d);
4942 HDL_REGISTER(s390_compute_last_message_digest, s390_compute_last_message_digest_d);
4943 HDL_REGISTER(s390_compute_message_authentication_code, s390_compute_message_authentication_code_d);
4944 HDL_REGISTER(s390_perform_cryptographic_computation, s390_perform_cryptographic_computation_d);
4945 HDL_REGISTER(s390_perform_cryptographic_key_management_operation, s390_perform_cryptographic_key_management_operation_d);
4946 #endif /*defined(_390_FEATURE_MESSAGE_SECURITY_ASSIST)*/
4947
4948 #if defined(_900_FEATURE_MESSAGE_SECURITY_ASSIST)
4949 HDL_REGISTER(z900_cipher_message, z900_cipher_message_d);
4950 HDL_REGISTER(z900_cipher_message_with_chaining, z900_cipher_message_with_chaining_d);
4951 HDL_REGISTER(z900_cipher_message_with_cipher_feedback, z900_cipher_message_with_cipher_feedback_d);
4952 HDL_REGISTER(z900_cipher_message_with_counter, z900_cipher_message_with_counter_d);
4953 HDL_REGISTER(z900_cipher_message_with_output_feedback, z900_cipher_message_with_output_feedback_d);
4954 HDL_REGISTER(z900_compute_intermediate_message_digest, z900_compute_intermediate_message_digest_d);
4955 HDL_REGISTER(z900_compute_last_message_digest, z900_compute_last_message_digest_d);
4956 HDL_REGISTER(z900_compute_message_authentication_code, z900_compute_message_authentication_code_d);
4957 HDL_REGISTER(z900_perform_cryptographic_computation, z900_perform_cryptographic_computation_d);
4958 HDL_REGISTER(z900_perform_cryptographic_key_management_operation, z900_perform_cryptographic_key_management_operation_d);
4959 #endif /*defined(_900_FEATURE_MESSAGE_SECURITY_ASSIST)*/
4960
4961 logmsg("Crypto module loaded (c) Copyright Bernard van der Helm, 2003-2010\n");
4962 logmsg(" Active: Message Security Assist\n");
4963 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_1
4964 logmsg(" Message Security Assist Extension 1\n");
4965 #endif
4966 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_2
4967 logmsg(" Message Security Assist Extension 2\n");
4968 #endif
4969 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_3
4970 logmsg(" Message Security Assist Extension 3\n");
4971 #endif
4972 #ifdef FEATURE_MESSAGE_SECURITY_ASSIST_EXTENSION_4
4973 logmsg(" Message Security Assist Extension 4\n");
4974 #endif
4975 }
4976 END_REGISTER_SECTION;
4977
4978 #endif /* #ifndef _GEN_ARCH */
4979