| blob | fc6f40c0260fac2e61379d2ad2a2f51c950bf5fb |
1 /*
2 * QEMU Crypto cipher nettle algorithms
3 *
4 * Copyright (c) 2015 Red Hat, Inc.
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 *
19 */
21 #ifdef CONFIG_QEMU_PRIVATE_XTS
22 #include "crypto/xts.h"
23 #endif
25 #include <nettle/nettle-types.h>
26 #include <nettle/aes.h>
27 #include <nettle/des.h>
28 #include <nettle/cbc.h>
29 #include <nettle/cast128.h>
30 #include <nettle/serpent.h>
31 #include <nettle/twofish.h>
32 #include <nettle/ctr.h>
33 #ifndef CONFIG_QEMU_PRIVATE_XTS
34 #include <nettle/xts.h>
35 #endif
37 static inline bool qcrypto_length_check(size_t len, size_t blocksize,
38 Error **errp)
39 {
40 if (unlikely(len & (blocksize - 1))) {
41 error_setg(errp, "Length %zu must be a multiple of block size %zu",
42 len, blocksize);
43 return false;
44 }
45 return true;
46 }
49 static void qcrypto_cipher_ctx_free(QCryptoCipher *ctx)
50 {
51 g_free(ctx);
52 }
54 static int qcrypto_cipher_no_setiv(QCryptoCipher *cipher,
55 const uint8_t *iv, size_t niv,
56 Error **errp)
57 {
58 error_setg(errp, "Setting IV is not supported");
59 return -1;
60 }
63 #define DEFINE_SETIV(NAME, TYPE, BLEN) \
64 static int NAME##_setiv(QCryptoCipher *cipher, const uint8_t *iv, \
65 size_t niv, Error **errp) \
66 { \
67 TYPE *ctx = container_of(cipher, TYPE, base); \
68 if (niv != BLEN) { \
69 error_setg(errp, "Expected IV size %d not %zu", BLEN, niv); \
70 return -1; \
71 } \
72 memcpy(ctx->iv, iv, niv); \
73 return 0; \
74 }
77 #define DEFINE_ECB(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \
78 static int NAME##_encrypt_ecb(QCryptoCipher *cipher, const void *in, \
79 void *out, size_t len, Error **errp) \
80 { \
81 TYPE *ctx = container_of(cipher, TYPE, base); \
82 if (!qcrypto_length_check(len, BLEN, errp)) { \
83 return -1; \
84 } \
85 ENCRYPT(&ctx->key, len, out, in); \
86 return 0; \
87 } \
88 static int NAME##_decrypt_ecb(QCryptoCipher *cipher, const void *in, \
89 void *out, size_t len, Error **errp) \
90 { \
91 TYPE *ctx = container_of(cipher, TYPE, base); \
92 if (!qcrypto_length_check(len, BLEN, errp)) { \
93 return -1; \
94 } \
95 DECRYPT(&ctx->key, len, out, in); \
96 return 0; \
97 } \
98 static const struct QCryptoCipherDriver NAME##_driver_ecb = { \
99 .cipher_encrypt = NAME##_encrypt_ecb, \
100 .cipher_decrypt = NAME##_decrypt_ecb, \
101 .cipher_setiv = qcrypto_cipher_no_setiv, \
102 .cipher_free = qcrypto_cipher_ctx_free, \
103 };
106 #define DEFINE_CBC(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \
107 static int NAME##_encrypt_cbc(QCryptoCipher *cipher, const void *in, \
108 void *out, size_t len, Error **errp) \
109 { \
110 TYPE *ctx = container_of(cipher, TYPE, base); \
111 if (!qcrypto_length_check(len, BLEN, errp)) { \
112 return -1; \
113 } \
114 cbc_encrypt(&ctx->key, ENCRYPT, BLEN, ctx->iv, len, out, in); \
115 return 0; \
116 } \
117 static int NAME##_decrypt_cbc(QCryptoCipher *cipher, const void *in, \
118 void *out, size_t len, Error **errp) \
119 { \
120 TYPE *ctx = container_of(cipher, TYPE, base); \
121 if (!qcrypto_length_check(len, BLEN, errp)) { \
122 return -1; \
123 } \
124 cbc_decrypt(&ctx->key, DECRYPT, BLEN, ctx->iv, len, out, in); \
125 return 0; \
126 } \
127 static const struct QCryptoCipherDriver NAME##_driver_cbc = { \
128 .cipher_encrypt = NAME##_encrypt_cbc, \
129 .cipher_decrypt = NAME##_decrypt_cbc, \
130 .cipher_setiv = NAME##_setiv, \
131 .cipher_free = qcrypto_cipher_ctx_free, \
132 };
135 #define DEFINE_CTR(NAME, TYPE, BLEN, ENCRYPT) \
136 static int NAME##_encrypt_ctr(QCryptoCipher *cipher, const void *in, \
137 void *out, size_t len, Error **errp) \
138 { \
139 TYPE *ctx = container_of(cipher, TYPE, base); \
140 if (!qcrypto_length_check(len, BLEN, errp)) { \
141 return -1; \
142 } \
143 ctr_crypt(&ctx->key, ENCRYPT, BLEN, ctx->iv, len, out, in); \
144 return 0; \
145 } \
146 static const struct QCryptoCipherDriver NAME##_driver_ctr = { \
147 .cipher_encrypt = NAME##_encrypt_ctr, \
148 .cipher_decrypt = NAME##_encrypt_ctr, \
149 .cipher_setiv = NAME##_setiv, \
150 .cipher_free = qcrypto_cipher_ctx_free, \
151 };
154 #ifdef CONFIG_QEMU_PRIVATE_XTS
155 #define DEFINE__XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \
156 static void NAME##_xts_wrape(const void *ctx, size_t length, \
157 uint8_t *dst, const uint8_t *src) \
158 { \
159 ENCRYPT((const void *)ctx, length, dst, src); \
160 } \
161 static void NAME##_xts_wrapd(const void *ctx, size_t length, \
162 uint8_t *dst, const uint8_t *src) \
163 { \
164 DECRYPT((const void *)ctx, length, dst, src); \
165 } \
166 static int NAME##_encrypt_xts(QCryptoCipher *cipher, const void *in, \
167 void *out, size_t len, Error **errp) \
168 { \
169 TYPE *ctx = container_of(cipher, TYPE, base); \
170 if (!qcrypto_length_check(len, BLEN, errp)) { \
171 return -1; \
172 } \
173 xts_encrypt(&ctx->key, &ctx->key_xts, \
174 NAME##_xts_wrape, NAME##_xts_wrapd, \
175 ctx->iv, len, out, in); \
176 return 0; \
177 } \
178 static int NAME##_decrypt_xts(QCryptoCipher *cipher, const void *in, \
179 void *out, size_t len, Error **errp) \
180 { \
181 TYPE *ctx = container_of(cipher, TYPE, base); \
182 if (!qcrypto_length_check(len, BLEN, errp)) { \
183 return -1; \
184 } \
185 xts_decrypt(&ctx->key, &ctx->key_xts, \
186 NAME##_xts_wrape, NAME##_xts_wrapd, \
187 ctx->iv, len, out, in); \
188 return 0; \
189 }
190 #else
191 #define DEFINE__XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \
192 static int NAME##_encrypt_xts(QCryptoCipher *cipher, const void *in, \
193 void *out, size_t len, Error **errp) \
194 { \
195 TYPE *ctx = container_of(cipher, TYPE, base); \
196 if (!qcrypto_length_check(len, BLEN, errp)) { \
197 return -1; \
198 } \
199 xts_encrypt_message(&ctx->key, &ctx->key_xts, ENCRYPT, \
200 ctx->iv, len, out, in); \
201 return 0; \
202 } \
203 static int NAME##_decrypt_xts(QCryptoCipher *cipher, const void *in, \
204 void *out, size_t len, Error **errp) \
205 { \
206 TYPE *ctx = container_of(cipher, TYPE, base); \
207 if (!qcrypto_length_check(len, BLEN, errp)) { \
208 return -1; \
209 } \
210 xts_decrypt_message(&ctx->key, &ctx->key_xts, DECRYPT, ENCRYPT, \
211 ctx->iv, len, out, in); \
212 return 0; \
213 }
214 #endif
216 #define DEFINE_XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \
217 QEMU_BUILD_BUG_ON(BLEN != XTS_BLOCK_SIZE); \
218 DEFINE__XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \
219 static const struct QCryptoCipherDriver NAME##_driver_xts = { \
220 .cipher_encrypt = NAME##_encrypt_xts, \
221 .cipher_decrypt = NAME##_decrypt_xts, \
222 .cipher_setiv = NAME##_setiv, \
223 .cipher_free = qcrypto_cipher_ctx_free, \
224 };
227 #define DEFINE_ECB_CBC_CTR(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \
228 DEFINE_SETIV(NAME, TYPE, BLEN) \
229 DEFINE_ECB(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \
230 DEFINE_CBC(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \
231 DEFINE_CTR(NAME, TYPE, BLEN, ENCRYPT)
233 #define DEFINE_ECB_CBC_CTR_XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \
234 DEFINE_ECB_CBC_CTR(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \
235 DEFINE_XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT)
238 typedef struct QCryptoNettleDESRFB {
239 QCryptoCipher base;
240 struct des_ctx key;
241 uint8_t iv[DES_BLOCK_SIZE];
242 } QCryptoNettleDESRFB;
244 static void des_encrypt_native(const void *ctx, size_t length,
245 uint8_t *dst, const uint8_t *src)
246 {
247 des_encrypt(ctx, length, dst, src);
248 }
250 static void des_decrypt_native(const void *ctx, size_t length,
251 uint8_t *dst, const uint8_t *src)
252 {
253 des_decrypt(ctx, length, dst, src);
254 }
256 DEFINE_ECB_CBC_CTR(qcrypto_nettle_des_rfb, QCryptoNettleDESRFB,
257 DES_BLOCK_SIZE, des_encrypt_native, des_decrypt_native)
260 typedef struct QCryptoNettleDES3 {
261 QCryptoCipher base;
262 struct des3_ctx key;
263 uint8_t iv[DES3_BLOCK_SIZE];
264 } QCryptoNettleDES3;
266 static void des3_encrypt_native(const void *ctx, size_t length,
267 uint8_t *dst, const uint8_t *src)
268 {
269 des3_encrypt(ctx, length, dst, src);
270 }
272 static void des3_decrypt_native(const void *ctx, size_t length,
273 uint8_t *dst, const uint8_t *src)
274 {
275 des3_decrypt(ctx, length, dst, src);
276 }
278 DEFINE_ECB_CBC_CTR(qcrypto_nettle_des3, QCryptoNettleDES3, DES3_BLOCK_SIZE,
279 des3_encrypt_native, des3_decrypt_native)
282 typedef struct QCryptoNettleAES128 {
283 QCryptoCipher base;
284 uint8_t iv[AES_BLOCK_SIZE];
285 /* First key from pair is encode, second key is decode. */
286 struct aes128_ctx key[2], key_xts[2];
287 } QCryptoNettleAES128;
289 static void aes128_encrypt_native(const void *ctx, size_t length,
290 uint8_t *dst, const uint8_t *src)
291 {
292 const struct aes128_ctx *keys = ctx;
293 aes128_encrypt(&keys[0], length, dst, src);
294 }
296 static void aes128_decrypt_native(const void *ctx, size_t length,
297 uint8_t *dst, const uint8_t *src)
298 {
299 const struct aes128_ctx *keys = ctx;
300 aes128_decrypt(&keys[1], length, dst, src);
301 }
303 DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_aes128,
304 QCryptoNettleAES128, AES_BLOCK_SIZE,
305 aes128_encrypt_native, aes128_decrypt_native)
308 typedef struct QCryptoNettleAES192 {
309 QCryptoCipher base;
310 uint8_t iv[AES_BLOCK_SIZE];
311 /* First key from pair is encode, second key is decode. */
312 struct aes192_ctx key[2], key_xts[2];
313 } QCryptoNettleAES192;
315 static void aes192_encrypt_native(const void *ctx, size_t length,
316 uint8_t *dst, const uint8_t *src)
317 {
318 const struct aes192_ctx *keys = ctx;
319 aes192_encrypt(&keys[0], length, dst, src);
320 }
322 static void aes192_decrypt_native(const void *ctx, size_t length,
323 uint8_t *dst, const uint8_t *src)
324 {
325 const struct aes192_ctx *keys = ctx;
326 aes192_decrypt(&keys[1], length, dst, src);
327 }
329 DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_aes192,
330 QCryptoNettleAES192, AES_BLOCK_SIZE,
331 aes192_encrypt_native, aes192_decrypt_native)
334 typedef struct QCryptoNettleAES256 {
335 QCryptoCipher base;
336 uint8_t iv[AES_BLOCK_SIZE];
337 /* First key from pair is encode, second key is decode. */
338 struct aes256_ctx key[2], key_xts[2];
339 } QCryptoNettleAES256;
341 static void aes256_encrypt_native(const void *ctx, size_t length,
342 uint8_t *dst, const uint8_t *src)
343 {
344 const struct aes256_ctx *keys = ctx;
345 aes256_encrypt(&keys[0], length, dst, src);
346 }
348 static void aes256_decrypt_native(const void *ctx, size_t length,
349 uint8_t *dst, const uint8_t *src)
350 {
351 const struct aes256_ctx *keys = ctx;
352 aes256_decrypt(&keys[1], length, dst, src);
353 }
355 DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_aes256,
356 QCryptoNettleAES256, AES_BLOCK_SIZE,
357 aes256_encrypt_native, aes256_decrypt_native)
360 typedef struct QCryptoNettleCAST128 {
361 QCryptoCipher base;
362 uint8_t iv[CAST128_BLOCK_SIZE];
363 struct cast128_ctx key, key_xts;
364 } QCryptoNettleCAST128;
366 static void cast128_encrypt_native(const void *ctx, size_t length,
367 uint8_t *dst, const uint8_t *src)
368 {
369 cast128_encrypt(ctx, length, dst, src);
370 }
372 static void cast128_decrypt_native(const void *ctx, size_t length,
373 uint8_t *dst, const uint8_t *src)
374 {
375 cast128_decrypt(ctx, length, dst, src);
376 }
378 DEFINE_ECB_CBC_CTR(qcrypto_nettle_cast128,
379 QCryptoNettleCAST128, CAST128_BLOCK_SIZE,
380 cast128_encrypt_native, cast128_decrypt_native)
383 typedef struct QCryptoNettleSerpent {
384 QCryptoCipher base;
385 uint8_t iv[SERPENT_BLOCK_SIZE];
386 struct serpent_ctx key, key_xts;
387 } QCryptoNettleSerpent;
390 static void serpent_encrypt_native(const void *ctx, size_t length,
391 uint8_t *dst, const uint8_t *src)
392 {
393 serpent_encrypt(ctx, length, dst, src);
394 }
396 static void serpent_decrypt_native(const void *ctx, size_t length,
397 uint8_t *dst, const uint8_t *src)
398 {
399 serpent_decrypt(ctx, length, dst, src);
400 }
402 DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_serpent,
403 QCryptoNettleSerpent, SERPENT_BLOCK_SIZE,
404 serpent_encrypt_native, serpent_decrypt_native)
407 typedef struct QCryptoNettleTwofish {
408 QCryptoCipher base;
409 uint8_t iv[TWOFISH_BLOCK_SIZE];
410 struct twofish_ctx key, key_xts;
411 } QCryptoNettleTwofish;
413 static void twofish_encrypt_native(const void *ctx, size_t length,
414 uint8_t *dst, const uint8_t *src)
415 {
416 twofish_encrypt(ctx, length, dst, src);
417 }
419 static void twofish_decrypt_native(const void *ctx, size_t length,
420 uint8_t *dst, const uint8_t *src)
421 {
422 twofish_decrypt(ctx, length, dst, src);
423 }
425 DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_twofish,
426 QCryptoNettleTwofish, TWOFISH_BLOCK_SIZE,
427 twofish_encrypt_native, twofish_decrypt_native)
430 bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg,
431 QCryptoCipherMode mode)
432 {
433 switch (alg) {
434 case QCRYPTO_CIPHER_ALG_DES_RFB:
435 case QCRYPTO_CIPHER_ALG_3DES:
436 case QCRYPTO_CIPHER_ALG_AES_128:
437 case QCRYPTO_CIPHER_ALG_AES_192:
438 case QCRYPTO_CIPHER_ALG_AES_256:
439 case QCRYPTO_CIPHER_ALG_CAST5_128:
440 case QCRYPTO_CIPHER_ALG_SERPENT_128:
441 case QCRYPTO_CIPHER_ALG_SERPENT_192:
442 case QCRYPTO_CIPHER_ALG_SERPENT_256:
443 case QCRYPTO_CIPHER_ALG_TWOFISH_128:
444 case QCRYPTO_CIPHER_ALG_TWOFISH_192:
445 case QCRYPTO_CIPHER_ALG_TWOFISH_256:
446 break;
447 default:
448 return false;
449 }
451 switch (mode) {
452 case QCRYPTO_CIPHER_MODE_ECB:
453 case QCRYPTO_CIPHER_MODE_CBC:
454 case QCRYPTO_CIPHER_MODE_XTS:
455 case QCRYPTO_CIPHER_MODE_CTR:
456 return true;
457 default:
458 return false;
459 }
460 }
462 static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg,
463 QCryptoCipherMode mode,
464 const uint8_t *key,
465 size_t nkey,
466 Error **errp)
467 {
468 switch (mode) {
469 case QCRYPTO_CIPHER_MODE_ECB:
470 case QCRYPTO_CIPHER_MODE_CBC:
471 case QCRYPTO_CIPHER_MODE_XTS:
472 case QCRYPTO_CIPHER_MODE_CTR:
473 break;
474 default:
475 goto bad_cipher_mode;
476 }
478 if (!qcrypto_cipher_validate_key_length(alg, mode, nkey, errp)) {
479 return NULL;
480 }
482 switch (alg) {
483 case QCRYPTO_CIPHER_ALG_DES_RFB:
484 {
485 QCryptoNettleDESRFB *ctx;
486 const QCryptoCipherDriver *drv;
487 uint8_t *rfbkey;
489 switch (mode) {
490 case QCRYPTO_CIPHER_MODE_ECB:
491 drv = &qcrypto_nettle_des_rfb_driver_ecb;
492 break;
493 case QCRYPTO_CIPHER_MODE_CBC:
494 drv = &qcrypto_nettle_des_rfb_driver_cbc;
495 break;
496 case QCRYPTO_CIPHER_MODE_CTR:
497 drv = &qcrypto_nettle_des_rfb_driver_ctr;
498 break;
499 default:
500 goto bad_cipher_mode;
501 }
503 ctx = g_new0(QCryptoNettleDESRFB, 1);
504 ctx->base.driver = drv;
506 rfbkey = qcrypto_cipher_munge_des_rfb_key(key, nkey);
507 des_set_key(&ctx->key, rfbkey);
508 g_free(rfbkey);
510 return &ctx->base;
511 }
513 case QCRYPTO_CIPHER_ALG_3DES:
514 {
515 QCryptoNettleDES3 *ctx;
516 const QCryptoCipherDriver *drv;
518 switch (mode) {
519 case QCRYPTO_CIPHER_MODE_ECB:
520 drv = &qcrypto_nettle_des3_driver_ecb;
521 break;
522 case QCRYPTO_CIPHER_MODE_CBC:
523 drv = &qcrypto_nettle_des3_driver_cbc;
524 break;
525 case QCRYPTO_CIPHER_MODE_CTR:
526 drv = &qcrypto_nettle_des3_driver_ctr;
527 break;
528 default:
529 goto bad_cipher_mode;
530 }
532 ctx = g_new0(QCryptoNettleDES3, 1);
533 ctx->base.driver = drv;
534 des3_set_key(&ctx->key, key);
535 return &ctx->base;
536 }
538 case QCRYPTO_CIPHER_ALG_AES_128:
539 {
540 QCryptoNettleAES128 *ctx = g_new0(QCryptoNettleAES128, 1);
542 switch (mode) {
543 case QCRYPTO_CIPHER_MODE_ECB:
544 ctx->base.driver = &qcrypto_nettle_aes128_driver_ecb;
545 break;
546 case QCRYPTO_CIPHER_MODE_CBC:
547 ctx->base.driver = &qcrypto_nettle_aes128_driver_cbc;
548 break;
549 case QCRYPTO_CIPHER_MODE_CTR:
550 ctx->base.driver = &qcrypto_nettle_aes128_driver_ctr;
551 break;
552 case QCRYPTO_CIPHER_MODE_XTS:
553 ctx->base.driver = &qcrypto_nettle_aes128_driver_xts;
554 nkey /= 2;
555 aes128_set_encrypt_key(&ctx->key_xts[0], key + nkey);
556 aes128_set_decrypt_key(&ctx->key_xts[1], key + nkey);
557 break;
558 default:
559 g_assert_not_reached();
560 }
561 aes128_set_encrypt_key(&ctx->key[0], key);
562 aes128_set_decrypt_key(&ctx->key[1], key);
564 return &ctx->base;
565 }
567 case QCRYPTO_CIPHER_ALG_AES_192:
568 {
569 QCryptoNettleAES192 *ctx = g_new0(QCryptoNettleAES192, 1);
571 switch (mode) {
572 case QCRYPTO_CIPHER_MODE_ECB:
573 ctx->base.driver = &qcrypto_nettle_aes192_driver_ecb;
574 break;
575 case QCRYPTO_CIPHER_MODE_CBC:
576 ctx->base.driver = &qcrypto_nettle_aes192_driver_cbc;
577 break;
578 case QCRYPTO_CIPHER_MODE_CTR:
579 ctx->base.driver = &qcrypto_nettle_aes192_driver_ctr;
580 break;
581 case QCRYPTO_CIPHER_MODE_XTS:
582 ctx->base.driver = &qcrypto_nettle_aes192_driver_xts;
583 nkey /= 2;
584 aes192_set_encrypt_key(&ctx->key_xts[0], key + nkey);
585 aes192_set_decrypt_key(&ctx->key_xts[1], key + nkey);
586 break;
587 default:
588 g_assert_not_reached();
589 }
590 aes192_set_encrypt_key(&ctx->key[0], key);
591 aes192_set_decrypt_key(&ctx->key[1], key);
593 return &ctx->base;
594 }
596 case QCRYPTO_CIPHER_ALG_AES_256:
597 {
598 QCryptoNettleAES256 *ctx = g_new0(QCryptoNettleAES256, 1);
600 switch (mode) {
601 case QCRYPTO_CIPHER_MODE_ECB:
602 ctx->base.driver = &qcrypto_nettle_aes256_driver_ecb;
603 break;
604 case QCRYPTO_CIPHER_MODE_CBC:
605 ctx->base.driver = &qcrypto_nettle_aes256_driver_cbc;
606 break;
607 case QCRYPTO_CIPHER_MODE_CTR:
608 ctx->base.driver = &qcrypto_nettle_aes256_driver_ctr;
609 break;
610 case QCRYPTO_CIPHER_MODE_XTS:
611 ctx->base.driver = &qcrypto_nettle_aes256_driver_xts;
612 nkey /= 2;
613 aes256_set_encrypt_key(&ctx->key_xts[0], key + nkey);
614 aes256_set_decrypt_key(&ctx->key_xts[1], key + nkey);
615 break;
616 default:
617 g_assert_not_reached();
618 }
619 aes256_set_encrypt_key(&ctx->key[0], key);
620 aes256_set_decrypt_key(&ctx->key[1], key);
622 return &ctx->base;
623 }
625 case QCRYPTO_CIPHER_ALG_CAST5_128:
626 {
627 QCryptoNettleCAST128 *ctx;
628 const QCryptoCipherDriver *drv;
630 switch (mode) {
631 case QCRYPTO_CIPHER_MODE_ECB:
632 drv = &qcrypto_nettle_cast128_driver_ecb;
633 break;
634 case QCRYPTO_CIPHER_MODE_CBC:
635 drv = &qcrypto_nettle_cast128_driver_cbc;
636 break;
637 case QCRYPTO_CIPHER_MODE_CTR:
638 drv = &qcrypto_nettle_cast128_driver_ctr;
639 break;
640 default:
641 goto bad_cipher_mode;
642 }
644 ctx = g_new0(QCryptoNettleCAST128, 1);
645 ctx->base.driver = drv;
646 cast5_set_key(&ctx->key, nkey, key);
648 return &ctx->base;
649 }
651 case QCRYPTO_CIPHER_ALG_SERPENT_128:
652 case QCRYPTO_CIPHER_ALG_SERPENT_192:
653 case QCRYPTO_CIPHER_ALG_SERPENT_256:
654 {
655 QCryptoNettleSerpent *ctx = g_new0(QCryptoNettleSerpent, 1);
657 switch (mode) {
658 case QCRYPTO_CIPHER_MODE_ECB:
659 ctx->base.driver = &qcrypto_nettle_serpent_driver_ecb;
660 break;
661 case QCRYPTO_CIPHER_MODE_CBC:
662 ctx->base.driver = &qcrypto_nettle_serpent_driver_cbc;
663 break;
664 case QCRYPTO_CIPHER_MODE_CTR:
665 ctx->base.driver = &qcrypto_nettle_serpent_driver_ctr;
666 break;
667 case QCRYPTO_CIPHER_MODE_XTS:
668 ctx->base.driver = &qcrypto_nettle_serpent_driver_xts;
669 nkey /= 2;
670 serpent_set_key(&ctx->key_xts, nkey, key + nkey);
671 break;
672 default:
673 g_assert_not_reached();
674 }
675 serpent_set_key(&ctx->key, nkey, key);
677 return &ctx->base;
678 }
680 case QCRYPTO_CIPHER_ALG_TWOFISH_128:
681 case QCRYPTO_CIPHER_ALG_TWOFISH_192:
682 case QCRYPTO_CIPHER_ALG_TWOFISH_256:
683 {
684 QCryptoNettleTwofish *ctx = g_new0(QCryptoNettleTwofish, 1);
686 switch (mode) {
687 case QCRYPTO_CIPHER_MODE_ECB:
688 ctx->base.driver = &qcrypto_nettle_twofish_driver_ecb;
689 break;
690 case QCRYPTO_CIPHER_MODE_CBC:
691 ctx->base.driver = &qcrypto_nettle_twofish_driver_cbc;
692 break;
693 case QCRYPTO_CIPHER_MODE_CTR:
694 ctx->base.driver = &qcrypto_nettle_twofish_driver_ctr;
695 break;
696 case QCRYPTO_CIPHER_MODE_XTS:
697 ctx->base.driver = &qcrypto_nettle_twofish_driver_xts;
698 nkey /= 2;
699 twofish_set_key(&ctx->key_xts, nkey, key + nkey);
700 break;
701 default:
702 g_assert_not_reached();
703 }
704 twofish_set_key(&ctx->key, nkey, key);
706 return &ctx->base;
707 }
709 default:
710 error_setg(errp, "Unsupported cipher algorithm %s",
711 QCryptoCipherAlgorithm_str(alg));
712 return NULL;
713 }
715 bad_cipher_mode:
716 error_setg(errp, "Unsupported cipher mode %s",
717 QCryptoCipherMode_str(mode));
718 return NULL;
719 }