search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
crypto: add support for the cast5-128 cipher algorithm
[qemu/ar7.git] / crypto / cipher-gcrypt.c
blobaa1d8c58897f521b487f332c6f52706b285e6e14
1 /*
2 * QEMU Crypto cipher libgcrypt algorithms
3 *
4 * Copyright (c) 2015 Red Hat, Inc.
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 *
19 */
20
21 #include "qemu/osdep.h"
22 #include <gcrypt.h>
23
24
25 bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg)
26 {
27 switch (alg) {
28 case QCRYPTO_CIPHER_ALG_DES_RFB:
29 case QCRYPTO_CIPHER_ALG_AES_128:
30 case QCRYPTO_CIPHER_ALG_AES_192:
31 case QCRYPTO_CIPHER_ALG_AES_256:
32 case QCRYPTO_CIPHER_ALG_CAST5_128:
33 return true;
34 default:
35 return false;
36 }
37 }
38
39 typedef struct QCryptoCipherGcrypt QCryptoCipherGcrypt;
40 struct QCryptoCipherGcrypt {
41 gcry_cipher_hd_t handle;
42 size_t blocksize;
43 };
44
45 QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
46 QCryptoCipherMode mode,
47 const uint8_t *key, size_t nkey,
48 Error **errp)
49 {
50 QCryptoCipher *cipher;
51 QCryptoCipherGcrypt *ctx;
52 gcry_error_t err;
53 int gcryalg, gcrymode;
54
55 switch (mode) {
56 case QCRYPTO_CIPHER_MODE_ECB:
57 gcrymode = GCRY_CIPHER_MODE_ECB;
58 break;
59 case QCRYPTO_CIPHER_MODE_CBC:
60 gcrymode = GCRY_CIPHER_MODE_CBC;
61 break;
62 default:
63 error_setg(errp, "Unsupported cipher mode %d", mode);
64 return NULL;
65 }
66
67 if (!qcrypto_cipher_validate_key_length(alg, nkey, errp)) {
68 return NULL;
69 }
70
71 switch (alg) {
72 case QCRYPTO_CIPHER_ALG_DES_RFB:
73 gcryalg = GCRY_CIPHER_DES;
74 break;
75
76 case QCRYPTO_CIPHER_ALG_AES_128:
77 gcryalg = GCRY_CIPHER_AES128;
78 break;
79
80 case QCRYPTO_CIPHER_ALG_AES_192:
81 gcryalg = GCRY_CIPHER_AES192;
82 break;
83
84 case QCRYPTO_CIPHER_ALG_AES_256:
85 gcryalg = GCRY_CIPHER_AES256;
86 break;
87
88 case QCRYPTO_CIPHER_ALG_CAST5_128:
89 gcryalg = GCRY_CIPHER_CAST5;
90 break;
91
92 default:
93 error_setg(errp, "Unsupported cipher algorithm %d", alg);
94 return NULL;
95 }
96
97 cipher = g_new0(QCryptoCipher, 1);
98 cipher->alg = alg;
99 cipher->mode = mode;
100
101 ctx = g_new0(QCryptoCipherGcrypt, 1);
102
103 err = gcry_cipher_open(&ctx->handle, gcryalg, gcrymode, 0);
104 if (err != 0) {
105 error_setg(errp, "Cannot initialize cipher: %s",
106 gcry_strerror(err));
107 goto error;
108 }
109
110 if (cipher->alg == QCRYPTO_CIPHER_ALG_DES_RFB) {
111 /* We're using standard DES cipher from gcrypt, so we need
112 * to munge the key so that the results are the same as the
113 * bizarre RFB variant of DES :-)
114 */
115 uint8_t *rfbkey = qcrypto_cipher_munge_des_rfb_key(key, nkey);
116 err = gcry_cipher_setkey(ctx->handle, rfbkey, nkey);
117 g_free(rfbkey);
118 ctx->blocksize = 8;
119 } else {
120 err = gcry_cipher_setkey(ctx->handle, key, nkey);
121 switch (cipher->alg) {
122 case QCRYPTO_CIPHER_ALG_AES_128:
123 case QCRYPTO_CIPHER_ALG_AES_192:
124 case QCRYPTO_CIPHER_ALG_AES_256:
125 ctx->blocksize = 16;
126 break;
127 case QCRYPTO_CIPHER_ALG_CAST5_128:
128 ctx->blocksize = 8;
129 break;
130 default:
131 g_assert_not_reached();
132 }
133 }
134 if (err != 0) {
135 error_setg(errp, "Cannot set key: %s",
136 gcry_strerror(err));
137 goto error;
138 }
139
140 cipher->opaque = ctx;
141 return cipher;
142
143 error:
144 gcry_cipher_close(ctx->handle);
145 g_free(ctx);
146 g_free(cipher);
147 return NULL;
148 }
149
150
151 void qcrypto_cipher_free(QCryptoCipher *cipher)
152 {
153 QCryptoCipherGcrypt *ctx;
154 if (!cipher) {
155 return;
156 }
157 ctx = cipher->opaque;
158 gcry_cipher_close(ctx->handle);
159 g_free(ctx);
160 g_free(cipher);
161 }
162
163
164 int qcrypto_cipher_encrypt(QCryptoCipher *cipher,
165 const void *in,
166 void *out,
167 size_t len,
168 Error **errp)
169 {
170 QCryptoCipherGcrypt *ctx = cipher->opaque;
171 gcry_error_t err;
172
173 if (len % ctx->blocksize) {
174 error_setg(errp, "Length %zu must be a multiple of block size %zu",
175 len, ctx->blocksize);
176 return -1;
177 }
178
179 err = gcry_cipher_encrypt(ctx->handle,
180 out, len,
181 in, len);
182 if (err != 0) {
183 error_setg(errp, "Cannot encrypt data: %s",
184 gcry_strerror(err));
185 return -1;
186 }
187
188 return 0;
189 }
190
191
192 int qcrypto_cipher_decrypt(QCryptoCipher *cipher,
193 const void *in,
194 void *out,
195 size_t len,
196 Error **errp)
197 {
198 QCryptoCipherGcrypt *ctx = cipher->opaque;
199 gcry_error_t err;
200
201 if (len % ctx->blocksize) {
202 error_setg(errp, "Length %zu must be a multiple of block size %zu",
203 len, ctx->blocksize);
204 return -1;
205 }
206
207 err = gcry_cipher_decrypt(ctx->handle,
208 out, len,
209 in, len);
210 if (err != 0) {
211 error_setg(errp, "Cannot decrypt data: %s",
212 gcry_strerror(err));
213 return -1;
214 }
215
216 return 0;
217 }
218
219 int qcrypto_cipher_setiv(QCryptoCipher *cipher,
220 const uint8_t *iv, size_t niv,
221 Error **errp)
222 {
223 QCryptoCipherGcrypt *ctx = cipher->opaque;
224 gcry_error_t err;
225
226 if (niv != ctx->blocksize) {
227 error_setg(errp, "Expected IV size %zu not %zu",
228 ctx->blocksize, niv);
229 return -1;
230 }
231
232 gcry_cipher_reset(ctx->handle);
233 err = gcry_cipher_setiv(ctx->handle, iv, niv);
234 if (err != 0) {
235 error_setg(errp, "Cannot set IV: %s",
236 gcry_strerror(err));
237 return -1;
238 }
239
240 return 0;
241 }
AR7 emulation for QEMU