include/crypto/cipher.h

   1 /*
   2  * QEMU Crypto cipher algorithms
   3  *
   4  * Copyright (c) 2015 Red Hat, Inc.
   5  *
   6  * This library is free software; you can redistribute it and/or
   7  * modify it under the terms of the GNU Lesser General Public
   8  * License as published by the Free Software Foundation; either
   9  * version 2 of the License, or (at your option) any later version.
  10  *
  11  * This library is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14  * Lesser General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU Lesser General Public
  17  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
  18  *
  19  */
  20
  21 #ifndef QCRYPTO_CIPHER_H
  22 #define QCRYPTO_CIPHER_H
  23
  24 #include "qapi/qapi-types-crypto.h"
  25
  26 typedef struct QCryptoCipher QCryptoCipher;
  27
  28 /* See also "QCryptoCipherAlgorithm" and "QCryptoCipherMode"
  29  * enums defined in qapi/crypto.json */
  30
  31 /**
  32  * QCryptoCipher:
  33  *
  34  * The QCryptoCipher object provides a way to perform encryption
  35  * and decryption of data, with a standard API, regardless of the
  36  * algorithm used. It further isolates the calling code from the
  37  * details of the specific underlying implementation, whether
  38  * built-in, libgcrypt or nettle.
  39  *
  40  * Each QCryptoCipher object is capable of performing both
  41  * encryption and decryption, and can operate in a number
  42  * or modes including ECB, CBC.
  43  *
  44  * <example>
  45  *   <title>Encrypting data with AES-128 in CBC mode</title>
  46  *   <programlisting>
  47  * QCryptoCipher *cipher;
  48  * uint8_t key = ....;
  49  * size_t keylen = 16;
  50  * uint8_t iv = ....;
  51  *
  52  * if (!qcrypto_cipher_supports(QCRYPTO_CIPHER_ALG_AES_128)) {
  53  *    error_report(errp, "Feature <blah> requires AES cipher support");
  54  *    return -1;
  55  * }
  56  *
  57  * cipher = qcrypto_cipher_new(QCRYPTO_CIPHER_ALG_AES_128,
  58  *                             QCRYPTO_CIPHER_MODE_CBC,
  59  *                             key, keylen,
  60  *                             errp);
  61  * if (!cipher) {
  62  *    return -1;
  63  * }
  64  *
  65  * if (qcrypto_cipher_set_iv(cipher, iv, keylen, errp) < 0) {
  66  *    return -1;
  67  * }
  68  *
  69  * if (qcrypto_cipher_encrypt(cipher, rawdata, encdata, datalen, errp) < 0) {
  70  *    return -1;
  71  * }
  72  *
  73  * qcrypto_cipher_free(cipher);
  74  *   </programlisting>
  75  * </example>
  76  *
  77  */
  78
  79 struct QCryptoCipher {
  80     QCryptoCipherAlgorithm alg;
  81     QCryptoCipherMode mode;
  82     void *opaque;
  83     void *driver;
  84 };
  85
  86 /**
  87  * qcrypto_cipher_supports:
  88  * @alg: the cipher algorithm
  89  * @mode: the cipher mode
  90  *
  91  * Determine if @alg cipher algorithm in @mode is supported by the
  92  * current configured build
  93  *
  94  * Returns: true if the algorithm is supported, false otherwise
  95  */
  96 bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg,
  97                              QCryptoCipherMode mode);
  98
  99 /**
 100  * qcrypto_cipher_get_block_len:
 101  * @alg: the cipher algorithm
 102  *
 103  * Get the required data block size in bytes. When
 104  * encrypting data, it must be a multiple of the
 105  * block size.
 106  *
 107  * Returns: the block size in bytes
 108  */
 109 size_t qcrypto_cipher_get_block_len(QCryptoCipherAlgorithm alg);
 110
 111
 112 /**
 113  * qcrypto_cipher_get_key_len:
 114  * @alg: the cipher algorithm
 115  *
 116  * Get the required key size in bytes.
 117  *
 118  * Returns: the key size in bytes
 119  */
 120 size_t qcrypto_cipher_get_key_len(QCryptoCipherAlgorithm alg);
 121
 122
 123 /**
 124  * qcrypto_cipher_get_iv_len:
 125  * @alg: the cipher algorithm
 126  * @mode: the cipher mode
 127  *
 128  * Get the required initialization vector size
 129  * in bytes, if one is required.
 130  *
 131  * Returns: the IV size in bytes, or 0 if no IV is permitted
 132  */
 133 size_t qcrypto_cipher_get_iv_len(QCryptoCipherAlgorithm alg,
 134                                  QCryptoCipherMode mode);
 135
 136
 137 /**
 138  * qcrypto_cipher_new:
 139  * @alg: the cipher algorithm
 140  * @mode: the cipher usage mode
 141  * @key: the private key bytes
 142  * @nkey: the length of @key
 143  * @errp: pointer to a NULL-initialized error object
 144  *
 145  * Creates a new cipher object for encrypting/decrypting
 146  * data with the algorithm @alg in the usage mode @mode.
 147  *
 148  * The @key parameter provides the bytes representing
 149  * the encryption/decryption key to use. The @nkey parameter
 150  * specifies the length of @key in bytes. Each algorithm has
 151  * one or more valid key lengths, and it is an error to provide
 152  * a key of the incorrect length.
 153  *
 154  * The returned cipher object must be released with
 155  * qcrypto_cipher_free() when no longer required
 156  *
 157  * Returns: a new cipher object, or NULL on error
 158  */
 159 QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
 160                                   QCryptoCipherMode mode,
 161                                   const uint8_t *key, size_t nkey,
 162                                   Error **errp);
 163
 164 /**
 165  * qcrypto_cipher_free:
 166  * @cipher: the cipher object
 167  *
 168  * Release the memory associated with @cipher that
 169  * was previously allocated by qcrypto_cipher_new()
 170  */
 171 void qcrypto_cipher_free(QCryptoCipher *cipher);
 172
 173 /**
 174  * qcrypto_cipher_encrypt:
 175  * @cipher: the cipher object
 176  * @in: buffer holding the plain text input data
 177  * @out: buffer to fill with the cipher text output data
 178  * @len: the length of @in and @out buffers
 179  * @errp: pointer to a NULL-initialized error object
 180  *
 181  * Encrypts the plain text stored in @in, filling
 182  * @out with the resulting ciphered text. Both the
 183  * @in and @out buffers must have the same size,
 184  * given by @len.
 185  *
 186  * Returns: 0 on success, or -1 on error
 187  */
 188 int qcrypto_cipher_encrypt(QCryptoCipher *cipher,
 189                            const void *in,
 190                            void *out,
 191                            size_t len,
 192                            Error **errp);
 193
 194
 195 /**
 196  * qcrypto_cipher_decrypt:
 197  * @cipher: the cipher object
 198  * @in: buffer holding the cipher text input data
 199  * @out: buffer to fill with the plain text output data
 200  * @len: the length of @in and @out buffers
 201  * @errp: pointer to a NULL-initialized error object
 202  *
 203  * Decrypts the cipher text stored in @in, filling
 204  * @out with the resulting plain text. Both the
 205  * @in and @out buffers must have the same size,
 206  * given by @len.
 207  *
 208  * Returns: 0 on success, or -1 on error
 209  */
 210 int qcrypto_cipher_decrypt(QCryptoCipher *cipher,
 211                            const void *in,
 212                            void *out,
 213                            size_t len,
 214                            Error **errp);
 215
 216 /**
 217  * qcrypto_cipher_setiv:
 218  * @cipher: the cipher object
 219  * @iv: the initialization vector or counter (CTR mode) bytes
 220  * @niv: the length of @iv
 221  * @errpr: pointer to a NULL-initialized error object
 222  *
 223  * If the @cipher object is setup to use a mode that requires
 224  * initialization vectors or counter, this sets the @niv
 225  * bytes. The @iv data should have the same length as the
 226  * cipher key used when originally constructing the cipher
 227  * object. It is an error to set an initialization vector
 228  * or counter if the cipher mode does not require one.
 229  *
 230  * Returns: 0 on success, -1 on error
 231  */
 232 int qcrypto_cipher_setiv(QCryptoCipher *cipher,
 233                          const uint8_t *iv, size_t niv,
 234                          Error **errp);
 235
 236 #endif /* QCRYPTO_CIPHER_H */