search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2020-07-28' into staging
[qemu/ar7.git] / crypto / cipher-nettle.c
blob7e9a4cc19993a1bccdf48c4e9e90aca162880f18
1 /*
2 * QEMU Crypto cipher nettle algorithms
3 *
4 * Copyright (c) 2015 Red Hat, Inc.
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 *
19 */
20
21 #include "qemu/osdep.h"
22 #ifdef CONFIG_QEMU_PRIVATE_XTS
23 #include "crypto/xts.h"
24 #endif
25 #include "cipherpriv.h"
26
27 #include <nettle/nettle-types.h>
28 #include <nettle/aes.h>
29 #include <nettle/des.h>
30 #include <nettle/cbc.h>
31 #include <nettle/cast128.h>
32 #include <nettle/serpent.h>
33 #include <nettle/twofish.h>
34 #include <nettle/ctr.h>
35 #ifndef CONFIG_QEMU_PRIVATE_XTS
36 #include <nettle/xts.h>
37 #endif
38
39 typedef void (*QCryptoCipherNettleFuncWrapper)(const void *ctx,
40 size_t length,
41 uint8_t *dst,
42 const uint8_t *src);
43
44 #if CONFIG_NETTLE_VERSION_MAJOR < 3
45 typedef nettle_crypt_func * QCryptoCipherNettleFuncNative;
46 typedef void * cipher_ctx_t;
47 typedef unsigned cipher_length_t;
48
49 #define cast5_set_key cast128_set_key
50
51 #define aes128_ctx aes_ctx
52 #define aes192_ctx aes_ctx
53 #define aes256_ctx aes_ctx
54 #define aes128_set_encrypt_key(c, k) \
55 aes_set_encrypt_key(c, 16, k)
56 #define aes192_set_encrypt_key(c, k) \
57 aes_set_encrypt_key(c, 24, k)
58 #define aes256_set_encrypt_key(c, k) \
59 aes_set_encrypt_key(c, 32, k)
60 #define aes128_set_decrypt_key(c, k) \
61 aes_set_decrypt_key(c, 16, k)
62 #define aes192_set_decrypt_key(c, k) \
63 aes_set_decrypt_key(c, 24, k)
64 #define aes256_set_decrypt_key(c, k) \
65 aes_set_decrypt_key(c, 32, k)
66 #define aes128_encrypt aes_encrypt
67 #define aes192_encrypt aes_encrypt
68 #define aes256_encrypt aes_encrypt
69 #define aes128_decrypt aes_decrypt
70 #define aes192_decrypt aes_decrypt
71 #define aes256_decrypt aes_decrypt
72 #else
73 typedef nettle_cipher_func * QCryptoCipherNettleFuncNative;
74 typedef const void * cipher_ctx_t;
75 typedef size_t cipher_length_t;
76 #endif
77
78 typedef struct QCryptoNettleAES128 {
79 struct aes128_ctx enc;
80 struct aes128_ctx dec;
81 } QCryptoNettleAES128;
82
83 typedef struct QCryptoNettleAES192 {
84 struct aes192_ctx enc;
85 struct aes192_ctx dec;
86 } QCryptoNettleAES192;
87
88 typedef struct QCryptoNettleAES256 {
89 struct aes256_ctx enc;
90 struct aes256_ctx dec;
91 } QCryptoNettleAES256;
92
93 static void aes128_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
94 uint8_t *dst, const uint8_t *src)
95 {
96 const QCryptoNettleAES128 *aesctx = ctx;
97 aes128_encrypt(&aesctx->enc, length, dst, src);
98 }
99
100 static void aes128_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
101 uint8_t *dst, const uint8_t *src)
102 {
103 const QCryptoNettleAES128 *aesctx = ctx;
104 aes128_decrypt(&aesctx->dec, length, dst, src);
105 }
106
107 static void aes192_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
108 uint8_t *dst, const uint8_t *src)
109 {
110 const QCryptoNettleAES192 *aesctx = ctx;
111 aes192_encrypt(&aesctx->enc, length, dst, src);
112 }
113
114 static void aes192_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
115 uint8_t *dst, const uint8_t *src)
116 {
117 const QCryptoNettleAES192 *aesctx = ctx;
118 aes192_decrypt(&aesctx->dec, length, dst, src);
119 }
120
121 static void aes256_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
122 uint8_t *dst, const uint8_t *src)
123 {
124 const QCryptoNettleAES256 *aesctx = ctx;
125 aes256_encrypt(&aesctx->enc, length, dst, src);
126 }
127
128 static void aes256_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
129 uint8_t *dst, const uint8_t *src)
130 {
131 const QCryptoNettleAES256 *aesctx = ctx;
132 aes256_decrypt(&aesctx->dec, length, dst, src);
133 }
134
135 static void des_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
136 uint8_t *dst, const uint8_t *src)
137 {
138 des_encrypt(ctx, length, dst, src);
139 }
140
141 static void des_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
142 uint8_t *dst, const uint8_t *src)
143 {
144 des_decrypt(ctx, length, dst, src);
145 }
146
147 static void des3_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
148 uint8_t *dst, const uint8_t *src)
149 {
150 des3_encrypt(ctx, length, dst, src);
151 }
152
153 static void des3_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
154 uint8_t *dst, const uint8_t *src)
155 {
156 des3_decrypt(ctx, length, dst, src);
157 }
158
159 static void cast128_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
160 uint8_t *dst, const uint8_t *src)
161 {
162 cast128_encrypt(ctx, length, dst, src);
163 }
164
165 static void cast128_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
166 uint8_t *dst, const uint8_t *src)
167 {
168 cast128_decrypt(ctx, length, dst, src);
169 }
170
171 static void serpent_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
172 uint8_t *dst, const uint8_t *src)
173 {
174 serpent_encrypt(ctx, length, dst, src);
175 }
176
177 static void serpent_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
178 uint8_t *dst, const uint8_t *src)
179 {
180 serpent_decrypt(ctx, length, dst, src);
181 }
182
183 static void twofish_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
184 uint8_t *dst, const uint8_t *src)
185 {
186 twofish_encrypt(ctx, length, dst, src);
187 }
188
189 static void twofish_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
190 uint8_t *dst, const uint8_t *src)
191 {
192 twofish_decrypt(ctx, length, dst, src);
193 }
194
195 static void aes128_encrypt_wrapper(const void *ctx, size_t length,
196 uint8_t *dst, const uint8_t *src)
197 {
198 const QCryptoNettleAES128 *aesctx = ctx;
199 aes128_encrypt(&aesctx->enc, length, dst, src);
200 }
201
202 static void aes128_decrypt_wrapper(const void *ctx, size_t length,
203 uint8_t *dst, const uint8_t *src)
204 {
205 const QCryptoNettleAES128 *aesctx = ctx;
206 aes128_decrypt(&aesctx->dec, length, dst, src);
207 }
208
209 static void aes192_encrypt_wrapper(const void *ctx, size_t length,
210 uint8_t *dst, const uint8_t *src)
211 {
212 const QCryptoNettleAES192 *aesctx = ctx;
213 aes192_encrypt(&aesctx->enc, length, dst, src);
214 }
215
216 static void aes192_decrypt_wrapper(const void *ctx, size_t length,
217 uint8_t *dst, const uint8_t *src)
218 {
219 const QCryptoNettleAES192 *aesctx = ctx;
220 aes192_decrypt(&aesctx->dec, length, dst, src);
221 }
222
223 static void aes256_encrypt_wrapper(const void *ctx, size_t length,
224 uint8_t *dst, const uint8_t *src)
225 {
226 const QCryptoNettleAES256 *aesctx = ctx;
227 aes256_encrypt(&aesctx->enc, length, dst, src);
228 }
229
230 static void aes256_decrypt_wrapper(const void *ctx, size_t length,
231 uint8_t *dst, const uint8_t *src)
232 {
233 const QCryptoNettleAES256 *aesctx = ctx;
234 aes256_decrypt(&aesctx->dec, length, dst, src);
235 }
236
237 static void des_encrypt_wrapper(const void *ctx, size_t length,
238 uint8_t *dst, const uint8_t *src)
239 {
240 des_encrypt(ctx, length, dst, src);
241 }
242
243 static void des_decrypt_wrapper(const void *ctx, size_t length,
244 uint8_t *dst, const uint8_t *src)
245 {
246 des_decrypt(ctx, length, dst, src);
247 }
248
249 static void des3_encrypt_wrapper(const void *ctx, size_t length,
250 uint8_t *dst, const uint8_t *src)
251 {
252 des3_encrypt(ctx, length, dst, src);
253 }
254
255 static void des3_decrypt_wrapper(const void *ctx, size_t length,
256 uint8_t *dst, const uint8_t *src)
257 {
258 des3_decrypt(ctx, length, dst, src);
259 }
260
261 static void cast128_encrypt_wrapper(const void *ctx, size_t length,
262 uint8_t *dst, const uint8_t *src)
263 {
264 cast128_encrypt(ctx, length, dst, src);
265 }
266
267 static void cast128_decrypt_wrapper(const void *ctx, size_t length,
268 uint8_t *dst, const uint8_t *src)
269 {
270 cast128_decrypt(ctx, length, dst, src);
271 }
272
273 static void serpent_encrypt_wrapper(const void *ctx, size_t length,
274 uint8_t *dst, const uint8_t *src)
275 {
276 serpent_encrypt(ctx, length, dst, src);
277 }
278
279 static void serpent_decrypt_wrapper(const void *ctx, size_t length,
280 uint8_t *dst, const uint8_t *src)
281 {
282 serpent_decrypt(ctx, length, dst, src);
283 }
284
285 static void twofish_encrypt_wrapper(const void *ctx, size_t length,
286 uint8_t *dst, const uint8_t *src)
287 {
288 twofish_encrypt(ctx, length, dst, src);
289 }
290
291 static void twofish_decrypt_wrapper(const void *ctx, size_t length,
292 uint8_t *dst, const uint8_t *src)
293 {
294 twofish_decrypt(ctx, length, dst, src);
295 }
296
297 typedef struct QCryptoCipherNettle QCryptoCipherNettle;
298 struct QCryptoCipherNettle {
299 /* Primary cipher context for all modes */
300 void *ctx;
301 /* Second cipher context for XTS mode only */
302 void *ctx_tweak;
303 /* Cipher callbacks for both contexts */
304 QCryptoCipherNettleFuncNative alg_encrypt_native;
305 QCryptoCipherNettleFuncNative alg_decrypt_native;
306 QCryptoCipherNettleFuncWrapper alg_encrypt_wrapper;
307 QCryptoCipherNettleFuncWrapper alg_decrypt_wrapper;
308 /* Initialization vector or Counter */
309 uint8_t *iv;
310 size_t blocksize;
311 };
312
313 bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg,
314 QCryptoCipherMode mode)
315 {
316 switch (alg) {
317 case QCRYPTO_CIPHER_ALG_DES_RFB:
318 case QCRYPTO_CIPHER_ALG_3DES:
319 case QCRYPTO_CIPHER_ALG_AES_128:
320 case QCRYPTO_CIPHER_ALG_AES_192:
321 case QCRYPTO_CIPHER_ALG_AES_256:
322 case QCRYPTO_CIPHER_ALG_CAST5_128:
323 case QCRYPTO_CIPHER_ALG_SERPENT_128:
324 case QCRYPTO_CIPHER_ALG_SERPENT_192:
325 case QCRYPTO_CIPHER_ALG_SERPENT_256:
326 case QCRYPTO_CIPHER_ALG_TWOFISH_128:
327 case QCRYPTO_CIPHER_ALG_TWOFISH_192:
328 case QCRYPTO_CIPHER_ALG_TWOFISH_256:
329 break;
330 default:
331 return false;
332 }
333
334 switch (mode) {
335 case QCRYPTO_CIPHER_MODE_ECB:
336 case QCRYPTO_CIPHER_MODE_CBC:
337 case QCRYPTO_CIPHER_MODE_XTS:
338 case QCRYPTO_CIPHER_MODE_CTR:
339 return true;
340 default:
341 return false;
342 }
343 }
344
345
346 static void
347 qcrypto_nettle_cipher_free_ctx(QCryptoCipherNettle *ctx)
348 {
349 if (!ctx) {
350 return;
351 }
352
353 g_free(ctx->iv);
354 g_free(ctx->ctx);
355 g_free(ctx->ctx_tweak);
356 g_free(ctx);
357 }
358
359
360 static QCryptoCipherNettle *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg,
361 QCryptoCipherMode mode,
362 const uint8_t *key,
363 size_t nkey,
364 Error **errp)
365 {
366 QCryptoCipherNettle *ctx;
367 uint8_t *rfbkey;
368
369 switch (mode) {
370 case QCRYPTO_CIPHER_MODE_ECB:
371 case QCRYPTO_CIPHER_MODE_CBC:
372 case QCRYPTO_CIPHER_MODE_XTS:
373 case QCRYPTO_CIPHER_MODE_CTR:
374 break;
375 default:
376 error_setg(errp, "Unsupported cipher mode %s",
377 QCryptoCipherMode_str(mode));
378 return NULL;
379 }
380
381 if (!qcrypto_cipher_validate_key_length(alg, mode, nkey, errp)) {
382 return NULL;
383 }
384
385 ctx = g_new0(QCryptoCipherNettle, 1);
386
387 switch (alg) {
388 case QCRYPTO_CIPHER_ALG_DES_RFB:
389 ctx->ctx = g_new0(struct des_ctx, 1);
390 rfbkey = qcrypto_cipher_munge_des_rfb_key(key, nkey);
391 des_set_key(ctx->ctx, rfbkey);
392 g_free(rfbkey);
393
394 ctx->alg_encrypt_native = des_encrypt_native;
395 ctx->alg_decrypt_native = des_decrypt_native;
396 ctx->alg_encrypt_wrapper = des_encrypt_wrapper;
397 ctx->alg_decrypt_wrapper = des_decrypt_wrapper;
398
399 ctx->blocksize = DES_BLOCK_SIZE;
400 break;
401
402 case QCRYPTO_CIPHER_ALG_3DES:
403 ctx->ctx = g_new0(struct des3_ctx, 1);
404 des3_set_key(ctx->ctx, key);
405
406 ctx->alg_encrypt_native = des3_encrypt_native;
407 ctx->alg_decrypt_native = des3_decrypt_native;
408 ctx->alg_encrypt_wrapper = des3_encrypt_wrapper;
409 ctx->alg_decrypt_wrapper = des3_decrypt_wrapper;
410
411 ctx->blocksize = DES3_BLOCK_SIZE;
412 break;
413
414 case QCRYPTO_CIPHER_ALG_AES_128:
415 ctx->ctx = g_new0(QCryptoNettleAES128, 1);
416
417 if (mode == QCRYPTO_CIPHER_MODE_XTS) {
418 ctx->ctx_tweak = g_new0(QCryptoNettleAES128, 1);
419
420 nkey /= 2;
421 aes128_set_encrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->enc,
422 key);
423 aes128_set_decrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->dec,
424 key);
425
426 aes128_set_encrypt_key(&((QCryptoNettleAES128 *)ctx->ctx_tweak)->
427 enc, key + nkey);
428 aes128_set_decrypt_key(&((QCryptoNettleAES128 *)ctx->ctx_tweak)->
429 dec, key + nkey);
430 } else {
431 aes128_set_encrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->enc,
432 key);
433 aes128_set_decrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->dec,
434 key);
435 }
436
437 ctx->alg_encrypt_native = aes128_encrypt_native;
438 ctx->alg_decrypt_native = aes128_decrypt_native;
439 ctx->alg_encrypt_wrapper = aes128_encrypt_wrapper;
440 ctx->alg_decrypt_wrapper = aes128_decrypt_wrapper;
441
442 ctx->blocksize = AES_BLOCK_SIZE;
443 break;
444
445 case QCRYPTO_CIPHER_ALG_AES_192:
446 ctx->ctx = g_new0(QCryptoNettleAES192, 1);
447
448 if (mode == QCRYPTO_CIPHER_MODE_XTS) {
449 ctx->ctx_tweak = g_new0(QCryptoNettleAES192, 1);
450
451 nkey /= 2;
452 aes192_set_encrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->enc,
453 key);
454 aes192_set_decrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->dec,
455 key);
456
457 aes192_set_encrypt_key(&((QCryptoNettleAES192 *)ctx->ctx_tweak)->
458 enc, key + nkey);
459 aes192_set_decrypt_key(&((QCryptoNettleAES192 *)ctx->ctx_tweak)->
460 dec, key + nkey);
461 } else {
462 aes192_set_encrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->enc,
463 key);
464 aes192_set_decrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->dec,
465 key);
466 }
467
468 ctx->alg_encrypt_native = aes192_encrypt_native;
469 ctx->alg_decrypt_native = aes192_decrypt_native;
470 ctx->alg_encrypt_wrapper = aes192_encrypt_wrapper;
471 ctx->alg_decrypt_wrapper = aes192_decrypt_wrapper;
472
473 ctx->blocksize = AES_BLOCK_SIZE;
474 break;
475
476 case QCRYPTO_CIPHER_ALG_AES_256:
477 ctx->ctx = g_new0(QCryptoNettleAES256, 1);
478
479 if (mode == QCRYPTO_CIPHER_MODE_XTS) {
480 ctx->ctx_tweak = g_new0(QCryptoNettleAES256, 1);
481
482 nkey /= 2;
483 aes256_set_encrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->enc,
484 key);
485 aes256_set_decrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->dec,
486 key);
487
488 aes256_set_encrypt_key(&((QCryptoNettleAES256 *)ctx->ctx_tweak)->
489 enc, key + nkey);
490 aes256_set_decrypt_key(&((QCryptoNettleAES256 *)ctx->ctx_tweak)->
491 dec, key + nkey);
492 } else {
493 aes256_set_encrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->enc,
494 key);
495 aes256_set_decrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->dec,
496 key);
497 }
498
499 ctx->alg_encrypt_native = aes256_encrypt_native;
500 ctx->alg_decrypt_native = aes256_decrypt_native;
501 ctx->alg_encrypt_wrapper = aes256_encrypt_wrapper;
502 ctx->alg_decrypt_wrapper = aes256_decrypt_wrapper;
503
504 ctx->blocksize = AES_BLOCK_SIZE;
505 break;
506
507 case QCRYPTO_CIPHER_ALG_CAST5_128:
508 ctx->ctx = g_new0(struct cast128_ctx, 1);
509
510 if (mode == QCRYPTO_CIPHER_MODE_XTS) {
511 ctx->ctx_tweak = g_new0(struct cast128_ctx, 1);
512
513 nkey /= 2;
514 cast5_set_key(ctx->ctx, nkey, key);
515 cast5_set_key(ctx->ctx_tweak, nkey, key + nkey);
516 } else {
517 cast5_set_key(ctx->ctx, nkey, key);
518 }
519
520 ctx->alg_encrypt_native = cast128_encrypt_native;
521 ctx->alg_decrypt_native = cast128_decrypt_native;
522 ctx->alg_encrypt_wrapper = cast128_encrypt_wrapper;
523 ctx->alg_decrypt_wrapper = cast128_decrypt_wrapper;
524
525 ctx->blocksize = CAST128_BLOCK_SIZE;
526 break;
527
528 case QCRYPTO_CIPHER_ALG_SERPENT_128:
529 case QCRYPTO_CIPHER_ALG_SERPENT_192:
530 case QCRYPTO_CIPHER_ALG_SERPENT_256:
531 ctx->ctx = g_new0(struct serpent_ctx, 1);
532
533 if (mode == QCRYPTO_CIPHER_MODE_XTS) {
534 ctx->ctx_tweak = g_new0(struct serpent_ctx, 1);
535
536 nkey /= 2;
537 serpent_set_key(ctx->ctx, nkey, key);
538 serpent_set_key(ctx->ctx_tweak, nkey, key + nkey);
539 } else {
540 serpent_set_key(ctx->ctx, nkey, key);
541 }
542
543 ctx->alg_encrypt_native = serpent_encrypt_native;
544 ctx->alg_decrypt_native = serpent_decrypt_native;
545 ctx->alg_encrypt_wrapper = serpent_encrypt_wrapper;
546 ctx->alg_decrypt_wrapper = serpent_decrypt_wrapper;
547
548 ctx->blocksize = SERPENT_BLOCK_SIZE;
549 break;
550
551 case QCRYPTO_CIPHER_ALG_TWOFISH_128:
552 case QCRYPTO_CIPHER_ALG_TWOFISH_192:
553 case QCRYPTO_CIPHER_ALG_TWOFISH_256:
554 ctx->ctx = g_new0(struct twofish_ctx, 1);
555
556 if (mode == QCRYPTO_CIPHER_MODE_XTS) {
557 ctx->ctx_tweak = g_new0(struct twofish_ctx, 1);
558
559 nkey /= 2;
560 twofish_set_key(ctx->ctx, nkey, key);
561 twofish_set_key(ctx->ctx_tweak, nkey, key + nkey);
562 } else {
563 twofish_set_key(ctx->ctx, nkey, key);
564 }
565
566 ctx->alg_encrypt_native = twofish_encrypt_native;
567 ctx->alg_decrypt_native = twofish_decrypt_native;
568 ctx->alg_encrypt_wrapper = twofish_encrypt_wrapper;
569 ctx->alg_decrypt_wrapper = twofish_decrypt_wrapper;
570
571 ctx->blocksize = TWOFISH_BLOCK_SIZE;
572 break;
573
574 default:
575 error_setg(errp, "Unsupported cipher algorithm %s",
576 QCryptoCipherAlgorithm_str(alg));
577 goto error;
578 }
579
580 if (mode == QCRYPTO_CIPHER_MODE_XTS &&
581 ctx->blocksize != XTS_BLOCK_SIZE) {
582 error_setg(errp, "Cipher block size %zu must equal XTS block size %d",
583 ctx->blocksize, XTS_BLOCK_SIZE);
584 goto error;
585 }
586
587 ctx->iv = g_new0(uint8_t, ctx->blocksize);
588
589 return ctx;
590
591 error:
592 qcrypto_nettle_cipher_free_ctx(ctx);
593 return NULL;
594 }
595
596
597 static void
598 qcrypto_nettle_cipher_ctx_free(QCryptoCipher *cipher)
599 {
600 QCryptoCipherNettle *ctx;
601
602 ctx = cipher->opaque;
603 qcrypto_nettle_cipher_free_ctx(ctx);
604 }
605
606
607 static int
608 qcrypto_nettle_cipher_encrypt(QCryptoCipher *cipher,
609 const void *in,
610 void *out,
611 size_t len,
612 Error **errp)
613 {
614 QCryptoCipherNettle *ctx = cipher->opaque;
615
616 if (len % ctx->blocksize) {
617 error_setg(errp, "Length %zu must be a multiple of block size %zu",
618 len, ctx->blocksize);
619 return -1;
620 }
621
622 switch (cipher->mode) {
623 case QCRYPTO_CIPHER_MODE_ECB:
624 ctx->alg_encrypt_wrapper(ctx->ctx, len, out, in);
625 break;
626
627 case QCRYPTO_CIPHER_MODE_CBC:
628 cbc_encrypt(ctx->ctx, ctx->alg_encrypt_native,
629 ctx->blocksize, ctx->iv,
630 len, out, in);
631 break;
632
633 case QCRYPTO_CIPHER_MODE_XTS:
634 #ifdef CONFIG_QEMU_PRIVATE_XTS
635 xts_encrypt(ctx->ctx, ctx->ctx_tweak,
636 ctx->alg_encrypt_wrapper, ctx->alg_encrypt_wrapper,
637 ctx->iv, len, out, in);
638 #else
639 xts_encrypt_message(ctx->ctx, ctx->ctx_tweak,
640 ctx->alg_encrypt_native,
641 ctx->iv, len, out, in);
642 #endif
643 break;
644
645 case QCRYPTO_CIPHER_MODE_CTR:
646 ctr_crypt(ctx->ctx, ctx->alg_encrypt_native,
647 ctx->blocksize, ctx->iv,
648 len, out, in);
649 break;
650
651 default:
652 error_setg(errp, "Unsupported cipher mode %s",
653 QCryptoCipherMode_str(cipher->mode));
654 return -1;
655 }
656 return 0;
657 }
658
659
660 static int
661 qcrypto_nettle_cipher_decrypt(QCryptoCipher *cipher,
662 const void *in,
663 void *out,
664 size_t len,
665 Error **errp)
666 {
667 QCryptoCipherNettle *ctx = cipher->opaque;
668
669 if (len % ctx->blocksize) {
670 error_setg(errp, "Length %zu must be a multiple of block size %zu",
671 len, ctx->blocksize);
672 return -1;
673 }
674
675 switch (cipher->mode) {
676 case QCRYPTO_CIPHER_MODE_ECB:
677 ctx->alg_decrypt_wrapper(ctx->ctx, len, out, in);
678 break;
679
680 case QCRYPTO_CIPHER_MODE_CBC:
681 cbc_decrypt(ctx->ctx, ctx->alg_decrypt_native,
682 ctx->blocksize, ctx->iv,
683 len, out, in);
684 break;
685
686 case QCRYPTO_CIPHER_MODE_XTS:
687 #ifdef CONFIG_QEMU_PRIVATE_XTS
688 xts_decrypt(ctx->ctx, ctx->ctx_tweak,
689 ctx->alg_encrypt_wrapper, ctx->alg_decrypt_wrapper,
690 ctx->iv, len, out, in);
691 #else
692 xts_decrypt_message(ctx->ctx, ctx->ctx_tweak,
693 ctx->alg_decrypt_native,
694 ctx->alg_encrypt_native,
695 ctx->iv, len, out, in);
696 #endif
697 break;
698 case QCRYPTO_CIPHER_MODE_CTR:
699 ctr_crypt(ctx->ctx, ctx->alg_encrypt_native,
700 ctx->blocksize, ctx->iv,
701 len, out, in);
702 break;
703
704 default:
705 error_setg(errp, "Unsupported cipher mode %s",
706 QCryptoCipherMode_str(cipher->mode));
707 return -1;
708 }
709 return 0;
710 }
711
712 static int
713 qcrypto_nettle_cipher_setiv(QCryptoCipher *cipher,
714 const uint8_t *iv, size_t niv,
715 Error **errp)
716 {
717 QCryptoCipherNettle *ctx = cipher->opaque;
718 if (niv != ctx->blocksize) {
719 error_setg(errp, "Expected IV size %zu not %zu",
720 ctx->blocksize, niv);
721 return -1;
722 }
723 memcpy(ctx->iv, iv, niv);
724 return 0;
725 }
726
727
728 static struct QCryptoCipherDriver qcrypto_cipher_lib_driver = {
729 .cipher_encrypt = qcrypto_nettle_cipher_encrypt,
730 .cipher_decrypt = qcrypto_nettle_cipher_decrypt,
731 .cipher_setiv = qcrypto_nettle_cipher_setiv,
732 .cipher_free = qcrypto_nettle_cipher_ctx_free,
733 };
AR7 emulation for QEMU