| blob | 6ecce5e8ea418576e9aa7c23002d2c7aae5ea0ec |
1 /*
2 * QEMU Crypto cipher nettle algorithms
3 *
4 * Copyright (c) 2015 Red Hat, Inc.
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 *
19 */
21 #ifdef CONFIG_QEMU_PRIVATE_XTS
22 #include "crypto/xts.h"
23 #endif
25 #include <nettle/nettle-types.h>
26 #include <nettle/aes.h>
27 #include <nettle/des.h>
28 #include <nettle/cbc.h>
29 #include <nettle/cast128.h>
30 #include <nettle/serpent.h>
31 #include <nettle/twofish.h>
32 #include <nettle/ctr.h>
33 #ifndef CONFIG_QEMU_PRIVATE_XTS
34 #include <nettle/xts.h>
35 #endif
37 typedef void (*QCryptoCipherNettleFuncWrapper)(const void *ctx,
38 size_t length,
39 uint8_t *dst,
40 const uint8_t *src);
42 #if CONFIG_NETTLE_VERSION_MAJOR < 3
43 typedef nettle_crypt_func * QCryptoCipherNettleFuncNative;
44 typedef void * cipher_ctx_t;
45 typedef unsigned cipher_length_t;
47 #define cast5_set_key cast128_set_key
49 #define aes128_ctx aes_ctx
50 #define aes192_ctx aes_ctx
51 #define aes256_ctx aes_ctx
52 #define aes128_set_encrypt_key(c, k) \
53 aes_set_encrypt_key(c, 16, k)
54 #define aes192_set_encrypt_key(c, k) \
55 aes_set_encrypt_key(c, 24, k)
56 #define aes256_set_encrypt_key(c, k) \
57 aes_set_encrypt_key(c, 32, k)
58 #define aes128_set_decrypt_key(c, k) \
59 aes_set_decrypt_key(c, 16, k)
60 #define aes192_set_decrypt_key(c, k) \
61 aes_set_decrypt_key(c, 24, k)
62 #define aes256_set_decrypt_key(c, k) \
63 aes_set_decrypt_key(c, 32, k)
64 #define aes128_encrypt aes_encrypt
65 #define aes192_encrypt aes_encrypt
66 #define aes256_encrypt aes_encrypt
67 #define aes128_decrypt aes_decrypt
68 #define aes192_decrypt aes_decrypt
69 #define aes256_decrypt aes_decrypt
70 #else
71 typedef nettle_cipher_func * QCryptoCipherNettleFuncNative;
72 typedef const void * cipher_ctx_t;
73 typedef size_t cipher_length_t;
74 #endif
76 typedef struct QCryptoNettleAES128 {
77 struct aes128_ctx enc;
78 struct aes128_ctx dec;
79 } QCryptoNettleAES128;
81 typedef struct QCryptoNettleAES192 {
82 struct aes192_ctx enc;
83 struct aes192_ctx dec;
84 } QCryptoNettleAES192;
86 typedef struct QCryptoNettleAES256 {
87 struct aes256_ctx enc;
88 struct aes256_ctx dec;
89 } QCryptoNettleAES256;
91 static void aes128_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
92 uint8_t *dst, const uint8_t *src)
93 {
94 const QCryptoNettleAES128 *aesctx = ctx;
95 aes128_encrypt(&aesctx->enc, length, dst, src);
96 }
98 static void aes128_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
99 uint8_t *dst, const uint8_t *src)
100 {
101 const QCryptoNettleAES128 *aesctx = ctx;
102 aes128_decrypt(&aesctx->dec, length, dst, src);
103 }
105 static void aes192_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
106 uint8_t *dst, const uint8_t *src)
107 {
108 const QCryptoNettleAES192 *aesctx = ctx;
109 aes192_encrypt(&aesctx->enc, length, dst, src);
110 }
112 static void aes192_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
113 uint8_t *dst, const uint8_t *src)
114 {
115 const QCryptoNettleAES192 *aesctx = ctx;
116 aes192_decrypt(&aesctx->dec, length, dst, src);
117 }
119 static void aes256_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
120 uint8_t *dst, const uint8_t *src)
121 {
122 const QCryptoNettleAES256 *aesctx = ctx;
123 aes256_encrypt(&aesctx->enc, length, dst, src);
124 }
126 static void aes256_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
127 uint8_t *dst, const uint8_t *src)
128 {
129 const QCryptoNettleAES256 *aesctx = ctx;
130 aes256_decrypt(&aesctx->dec, length, dst, src);
131 }
133 static void des_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
134 uint8_t *dst, const uint8_t *src)
135 {
136 des_encrypt(ctx, length, dst, src);
137 }
139 static void des_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
140 uint8_t *dst, const uint8_t *src)
141 {
142 des_decrypt(ctx, length, dst, src);
143 }
145 static void des3_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
146 uint8_t *dst, const uint8_t *src)
147 {
148 des3_encrypt(ctx, length, dst, src);
149 }
151 static void des3_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
152 uint8_t *dst, const uint8_t *src)
153 {
154 des3_decrypt(ctx, length, dst, src);
155 }
157 static void cast128_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
158 uint8_t *dst, const uint8_t *src)
159 {
160 cast128_encrypt(ctx, length, dst, src);
161 }
163 static void cast128_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
164 uint8_t *dst, const uint8_t *src)
165 {
166 cast128_decrypt(ctx, length, dst, src);
167 }
169 static void serpent_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
170 uint8_t *dst, const uint8_t *src)
171 {
172 serpent_encrypt(ctx, length, dst, src);
173 }
175 static void serpent_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
176 uint8_t *dst, const uint8_t *src)
177 {
178 serpent_decrypt(ctx, length, dst, src);
179 }
181 static void twofish_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
182 uint8_t *dst, const uint8_t *src)
183 {
184 twofish_encrypt(ctx, length, dst, src);
185 }
187 static void twofish_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
188 uint8_t *dst, const uint8_t *src)
189 {
190 twofish_decrypt(ctx, length, dst, src);
191 }
193 static void aes128_encrypt_wrapper(const void *ctx, size_t length,
194 uint8_t *dst, const uint8_t *src)
195 {
196 const QCryptoNettleAES128 *aesctx = ctx;
197 aes128_encrypt(&aesctx->enc, length, dst, src);
198 }
200 static void aes128_decrypt_wrapper(const void *ctx, size_t length,
201 uint8_t *dst, const uint8_t *src)
202 {
203 const QCryptoNettleAES128 *aesctx = ctx;
204 aes128_decrypt(&aesctx->dec, length, dst, src);
205 }
207 static void aes192_encrypt_wrapper(const void *ctx, size_t length,
208 uint8_t *dst, const uint8_t *src)
209 {
210 const QCryptoNettleAES192 *aesctx = ctx;
211 aes192_encrypt(&aesctx->enc, length, dst, src);
212 }
214 static void aes192_decrypt_wrapper(const void *ctx, size_t length,
215 uint8_t *dst, const uint8_t *src)
216 {
217 const QCryptoNettleAES192 *aesctx = ctx;
218 aes192_decrypt(&aesctx->dec, length, dst, src);
219 }
221 static void aes256_encrypt_wrapper(const void *ctx, size_t length,
222 uint8_t *dst, const uint8_t *src)
223 {
224 const QCryptoNettleAES256 *aesctx = ctx;
225 aes256_encrypt(&aesctx->enc, length, dst, src);
226 }
228 static void aes256_decrypt_wrapper(const void *ctx, size_t length,
229 uint8_t *dst, const uint8_t *src)
230 {
231 const QCryptoNettleAES256 *aesctx = ctx;
232 aes256_decrypt(&aesctx->dec, length, dst, src);
233 }
235 static void des_encrypt_wrapper(const void *ctx, size_t length,
236 uint8_t *dst, const uint8_t *src)
237 {
238 des_encrypt(ctx, length, dst, src);
239 }
241 static void des_decrypt_wrapper(const void *ctx, size_t length,
242 uint8_t *dst, const uint8_t *src)
243 {
244 des_decrypt(ctx, length, dst, src);
245 }
247 static void des3_encrypt_wrapper(const void *ctx, size_t length,
248 uint8_t *dst, const uint8_t *src)
249 {
250 des3_encrypt(ctx, length, dst, src);
251 }
253 static void des3_decrypt_wrapper(const void *ctx, size_t length,
254 uint8_t *dst, const uint8_t *src)
255 {
256 des3_decrypt(ctx, length, dst, src);
257 }
259 static void cast128_encrypt_wrapper(const void *ctx, size_t length,
260 uint8_t *dst, const uint8_t *src)
261 {
262 cast128_encrypt(ctx, length, dst, src);
263 }
265 static void cast128_decrypt_wrapper(const void *ctx, size_t length,
266 uint8_t *dst, const uint8_t *src)
267 {
268 cast128_decrypt(ctx, length, dst, src);
269 }
271 static void serpent_encrypt_wrapper(const void *ctx, size_t length,
272 uint8_t *dst, const uint8_t *src)
273 {
274 serpent_encrypt(ctx, length, dst, src);
275 }
277 static void serpent_decrypt_wrapper(const void *ctx, size_t length,
278 uint8_t *dst, const uint8_t *src)
279 {
280 serpent_decrypt(ctx, length, dst, src);
281 }
283 static void twofish_encrypt_wrapper(const void *ctx, size_t length,
284 uint8_t *dst, const uint8_t *src)
285 {
286 twofish_encrypt(ctx, length, dst, src);
287 }
289 static void twofish_decrypt_wrapper(const void *ctx, size_t length,
290 uint8_t *dst, const uint8_t *src)
291 {
292 twofish_decrypt(ctx, length, dst, src);
293 }
295 typedef struct QCryptoCipherNettle QCryptoCipherNettle;
296 struct QCryptoCipherNettle {
297 /* Primary cipher context for all modes */
298 void *ctx;
299 /* Second cipher context for XTS mode only */
300 void *ctx_tweak;
301 /* Cipher callbacks for both contexts */
302 QCryptoCipherNettleFuncNative alg_encrypt_native;
303 QCryptoCipherNettleFuncNative alg_decrypt_native;
304 QCryptoCipherNettleFuncWrapper alg_encrypt_wrapper;
305 QCryptoCipherNettleFuncWrapper alg_decrypt_wrapper;
306 /* Initialization vector or Counter */
307 uint8_t *iv;
308 size_t blocksize;
309 };
311 bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg,
312 QCryptoCipherMode mode)
313 {
314 switch (alg) {
315 case QCRYPTO_CIPHER_ALG_DES_RFB:
316 case QCRYPTO_CIPHER_ALG_3DES:
317 case QCRYPTO_CIPHER_ALG_AES_128:
318 case QCRYPTO_CIPHER_ALG_AES_192:
319 case QCRYPTO_CIPHER_ALG_AES_256:
320 case QCRYPTO_CIPHER_ALG_CAST5_128:
321 case QCRYPTO_CIPHER_ALG_SERPENT_128:
322 case QCRYPTO_CIPHER_ALG_SERPENT_192:
323 case QCRYPTO_CIPHER_ALG_SERPENT_256:
324 case QCRYPTO_CIPHER_ALG_TWOFISH_128:
325 case QCRYPTO_CIPHER_ALG_TWOFISH_192:
326 case QCRYPTO_CIPHER_ALG_TWOFISH_256:
327 break;
328 default:
329 return false;
330 }
332 switch (mode) {
333 case QCRYPTO_CIPHER_MODE_ECB:
334 case QCRYPTO_CIPHER_MODE_CBC:
335 case QCRYPTO_CIPHER_MODE_XTS:
336 case QCRYPTO_CIPHER_MODE_CTR:
337 return true;
338 default:
339 return false;
340 }
341 }
344 static void
345 qcrypto_nettle_cipher_free_ctx(QCryptoCipherNettle *ctx)
346 {
347 if (!ctx) {
348 return;
349 }
351 g_free(ctx->iv);
352 g_free(ctx->ctx);
353 g_free(ctx->ctx_tweak);
354 g_free(ctx);
355 }
358 static QCryptoCipherNettle *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg,
359 QCryptoCipherMode mode,
360 const uint8_t *key,
361 size_t nkey,
362 Error **errp)
363 {
364 QCryptoCipherNettle *ctx;
365 uint8_t *rfbkey;
367 switch (mode) {
368 case QCRYPTO_CIPHER_MODE_ECB:
369 case QCRYPTO_CIPHER_MODE_CBC:
370 case QCRYPTO_CIPHER_MODE_XTS:
371 case QCRYPTO_CIPHER_MODE_CTR:
372 break;
373 default:
374 error_setg(errp, "Unsupported cipher mode %s",
375 QCryptoCipherMode_str(mode));
376 return NULL;
377 }
379 if (!qcrypto_cipher_validate_key_length(alg, mode, nkey, errp)) {
380 return NULL;
381 }
383 ctx = g_new0(QCryptoCipherNettle, 1);
385 switch (alg) {
386 case QCRYPTO_CIPHER_ALG_DES_RFB:
387 ctx->ctx = g_new0(struct des_ctx, 1);
388 rfbkey = qcrypto_cipher_munge_des_rfb_key(key, nkey);
389 des_set_key(ctx->ctx, rfbkey);
390 g_free(rfbkey);
392 ctx->alg_encrypt_native = des_encrypt_native;
393 ctx->alg_decrypt_native = des_decrypt_native;
394 ctx->alg_encrypt_wrapper = des_encrypt_wrapper;
395 ctx->alg_decrypt_wrapper = des_decrypt_wrapper;
397 ctx->blocksize = DES_BLOCK_SIZE;
398 break;
400 case QCRYPTO_CIPHER_ALG_3DES:
401 ctx->ctx = g_new0(struct des3_ctx, 1);
402 des3_set_key(ctx->ctx, key);
404 ctx->alg_encrypt_native = des3_encrypt_native;
405 ctx->alg_decrypt_native = des3_decrypt_native;
406 ctx->alg_encrypt_wrapper = des3_encrypt_wrapper;
407 ctx->alg_decrypt_wrapper = des3_decrypt_wrapper;
409 ctx->blocksize = DES3_BLOCK_SIZE;
410 break;
412 case QCRYPTO_CIPHER_ALG_AES_128:
413 ctx->ctx = g_new0(QCryptoNettleAES128, 1);
415 if (mode == QCRYPTO_CIPHER_MODE_XTS) {
416 ctx->ctx_tweak = g_new0(QCryptoNettleAES128, 1);
418 nkey /= 2;
419 aes128_set_encrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->enc,
420 key);
421 aes128_set_decrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->dec,
422 key);
424 aes128_set_encrypt_key(&((QCryptoNettleAES128 *)ctx->ctx_tweak)->
425 enc, key + nkey);
426 aes128_set_decrypt_key(&((QCryptoNettleAES128 *)ctx->ctx_tweak)->
427 dec, key + nkey);
428 } else {
429 aes128_set_encrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->enc,
430 key);
431 aes128_set_decrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->dec,
432 key);
433 }
435 ctx->alg_encrypt_native = aes128_encrypt_native;
436 ctx->alg_decrypt_native = aes128_decrypt_native;
437 ctx->alg_encrypt_wrapper = aes128_encrypt_wrapper;
438 ctx->alg_decrypt_wrapper = aes128_decrypt_wrapper;
440 ctx->blocksize = AES_BLOCK_SIZE;
441 break;
443 case QCRYPTO_CIPHER_ALG_AES_192:
444 ctx->ctx = g_new0(QCryptoNettleAES192, 1);
446 if (mode == QCRYPTO_CIPHER_MODE_XTS) {
447 ctx->ctx_tweak = g_new0(QCryptoNettleAES192, 1);
449 nkey /= 2;
450 aes192_set_encrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->enc,
451 key);
452 aes192_set_decrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->dec,
453 key);
455 aes192_set_encrypt_key(&((QCryptoNettleAES192 *)ctx->ctx_tweak)->
456 enc, key + nkey);
457 aes192_set_decrypt_key(&((QCryptoNettleAES192 *)ctx->ctx_tweak)->
458 dec, key + nkey);
459 } else {
460 aes192_set_encrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->enc,
461 key);
462 aes192_set_decrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->dec,
463 key);
464 }
466 ctx->alg_encrypt_native = aes192_encrypt_native;
467 ctx->alg_decrypt_native = aes192_decrypt_native;
468 ctx->alg_encrypt_wrapper = aes192_encrypt_wrapper;
469 ctx->alg_decrypt_wrapper = aes192_decrypt_wrapper;
471 ctx->blocksize = AES_BLOCK_SIZE;
472 break;
474 case QCRYPTO_CIPHER_ALG_AES_256:
475 ctx->ctx = g_new0(QCryptoNettleAES256, 1);
477 if (mode == QCRYPTO_CIPHER_MODE_XTS) {
478 ctx->ctx_tweak = g_new0(QCryptoNettleAES256, 1);
480 nkey /= 2;
481 aes256_set_encrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->enc,
482 key);
483 aes256_set_decrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->dec,
484 key);
486 aes256_set_encrypt_key(&((QCryptoNettleAES256 *)ctx->ctx_tweak)->
487 enc, key + nkey);
488 aes256_set_decrypt_key(&((QCryptoNettleAES256 *)ctx->ctx_tweak)->
489 dec, key + nkey);
490 } else {
491 aes256_set_encrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->enc,
492 key);
493 aes256_set_decrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->dec,
494 key);
495 }
497 ctx->alg_encrypt_native = aes256_encrypt_native;
498 ctx->alg_decrypt_native = aes256_decrypt_native;
499 ctx->alg_encrypt_wrapper = aes256_encrypt_wrapper;
500 ctx->alg_decrypt_wrapper = aes256_decrypt_wrapper;
502 ctx->blocksize = AES_BLOCK_SIZE;
503 break;
505 case QCRYPTO_CIPHER_ALG_CAST5_128:
506 ctx->ctx = g_new0(struct cast128_ctx, 1);
508 if (mode == QCRYPTO_CIPHER_MODE_XTS) {
509 ctx->ctx_tweak = g_new0(struct cast128_ctx, 1);
511 nkey /= 2;
512 cast5_set_key(ctx->ctx, nkey, key);
513 cast5_set_key(ctx->ctx_tweak, nkey, key + nkey);
514 } else {
515 cast5_set_key(ctx->ctx, nkey, key);
516 }
518 ctx->alg_encrypt_native = cast128_encrypt_native;
519 ctx->alg_decrypt_native = cast128_decrypt_native;
520 ctx->alg_encrypt_wrapper = cast128_encrypt_wrapper;
521 ctx->alg_decrypt_wrapper = cast128_decrypt_wrapper;
523 ctx->blocksize = CAST128_BLOCK_SIZE;
524 break;
526 case QCRYPTO_CIPHER_ALG_SERPENT_128:
527 case QCRYPTO_CIPHER_ALG_SERPENT_192:
528 case QCRYPTO_CIPHER_ALG_SERPENT_256:
529 ctx->ctx = g_new0(struct serpent_ctx, 1);
531 if (mode == QCRYPTO_CIPHER_MODE_XTS) {
532 ctx->ctx_tweak = g_new0(struct serpent_ctx, 1);
534 nkey /= 2;
535 serpent_set_key(ctx->ctx, nkey, key);
536 serpent_set_key(ctx->ctx_tweak, nkey, key + nkey);
537 } else {
538 serpent_set_key(ctx->ctx, nkey, key);
539 }
541 ctx->alg_encrypt_native = serpent_encrypt_native;
542 ctx->alg_decrypt_native = serpent_decrypt_native;
543 ctx->alg_encrypt_wrapper = serpent_encrypt_wrapper;
544 ctx->alg_decrypt_wrapper = serpent_decrypt_wrapper;
546 ctx->blocksize = SERPENT_BLOCK_SIZE;
547 break;
549 case QCRYPTO_CIPHER_ALG_TWOFISH_128:
550 case QCRYPTO_CIPHER_ALG_TWOFISH_192:
551 case QCRYPTO_CIPHER_ALG_TWOFISH_256:
552 ctx->ctx = g_new0(struct twofish_ctx, 1);
554 if (mode == QCRYPTO_CIPHER_MODE_XTS) {
555 ctx->ctx_tweak = g_new0(struct twofish_ctx, 1);
557 nkey /= 2;
558 twofish_set_key(ctx->ctx, nkey, key);
559 twofish_set_key(ctx->ctx_tweak, nkey, key + nkey);
560 } else {
561 twofish_set_key(ctx->ctx, nkey, key);
562 }
564 ctx->alg_encrypt_native = twofish_encrypt_native;
565 ctx->alg_decrypt_native = twofish_decrypt_native;
566 ctx->alg_encrypt_wrapper = twofish_encrypt_wrapper;
567 ctx->alg_decrypt_wrapper = twofish_decrypt_wrapper;
569 ctx->blocksize = TWOFISH_BLOCK_SIZE;
570 break;
572 default:
573 error_setg(errp, "Unsupported cipher algorithm %s",
574 QCryptoCipherAlgorithm_str(alg));
575 goto error;
576 }
577 g_assert(is_power_of_2(ctx->blocksize));
579 if (mode == QCRYPTO_CIPHER_MODE_XTS &&
580 ctx->blocksize != XTS_BLOCK_SIZE) {
581 error_setg(errp, "Cipher block size %zu must equal XTS block size %d",
582 ctx->blocksize, XTS_BLOCK_SIZE);
583 goto error;
584 }
586 ctx->iv = g_new0(uint8_t, ctx->blocksize);
588 return ctx;
590 error:
591 qcrypto_nettle_cipher_free_ctx(ctx);
592 return NULL;
593 }
596 static void
597 qcrypto_nettle_cipher_ctx_free(QCryptoCipher *cipher)
598 {
599 QCryptoCipherNettle *ctx;
601 ctx = cipher->opaque;
602 qcrypto_nettle_cipher_free_ctx(ctx);
603 }
606 static int
607 qcrypto_nettle_cipher_encrypt(QCryptoCipher *cipher,
608 const void *in,
609 void *out,
610 size_t len,
611 Error **errp)
612 {
613 QCryptoCipherNettle *ctx = cipher->opaque;
615 if (len & (ctx->blocksize - 1)) {
616 error_setg(errp, "Length %zu must be a multiple of block size %zu",
617 len, ctx->blocksize);
618 return -1;
619 }
621 switch (cipher->mode) {
622 case QCRYPTO_CIPHER_MODE_ECB:
623 ctx->alg_encrypt_wrapper(ctx->ctx, len, out, in);
624 break;
626 case QCRYPTO_CIPHER_MODE_CBC:
627 cbc_encrypt(ctx->ctx, ctx->alg_encrypt_native,
628 ctx->blocksize, ctx->iv,
629 len, out, in);
630 break;
632 case QCRYPTO_CIPHER_MODE_XTS:
633 #ifdef CONFIG_QEMU_PRIVATE_XTS
634 xts_encrypt(ctx->ctx, ctx->ctx_tweak,
635 ctx->alg_encrypt_wrapper, ctx->alg_decrypt_wrapper,
636 ctx->iv, len, out, in);
637 #else
638 xts_encrypt_message(ctx->ctx, ctx->ctx_tweak,
639 ctx->alg_encrypt_native,
640 ctx->iv, len, out, in);
641 #endif
642 break;
644 case QCRYPTO_CIPHER_MODE_CTR:
645 ctr_crypt(ctx->ctx, ctx->alg_encrypt_native,
646 ctx->blocksize, ctx->iv,
647 len, out, in);
648 break;
650 default:
651 error_setg(errp, "Unsupported cipher mode %s",
652 QCryptoCipherMode_str(cipher->mode));
653 return -1;
654 }
655 return 0;
656 }
659 static int
660 qcrypto_nettle_cipher_decrypt(QCryptoCipher *cipher,
661 const void *in,
662 void *out,
663 size_t len,
664 Error **errp)
665 {
666 QCryptoCipherNettle *ctx = cipher->opaque;
668 if (len & (ctx->blocksize - 1)) {
669 error_setg(errp, "Length %zu must be a multiple of block size %zu",
670 len, ctx->blocksize);
671 return -1;
672 }
674 switch (cipher->mode) {
675 case QCRYPTO_CIPHER_MODE_ECB:
676 ctx->alg_decrypt_wrapper(ctx->ctx, len, out, in);
677 break;
679 case QCRYPTO_CIPHER_MODE_CBC:
680 cbc_decrypt(ctx->ctx, ctx->alg_decrypt_native,
681 ctx->blocksize, ctx->iv,
682 len, out, in);
683 break;
685 case QCRYPTO_CIPHER_MODE_XTS:
686 #ifdef CONFIG_QEMU_PRIVATE_XTS
687 xts_decrypt(ctx->ctx, ctx->ctx_tweak,
688 ctx->alg_encrypt_wrapper, ctx->alg_decrypt_wrapper,
689 ctx->iv, len, out, in);
690 #else
691 xts_decrypt_message(ctx->ctx, ctx->ctx_tweak,
692 ctx->alg_decrypt_native,
693 ctx->alg_encrypt_native,
694 ctx->iv, len, out, in);
695 #endif
696 break;
697 case QCRYPTO_CIPHER_MODE_CTR:
698 ctr_crypt(ctx->ctx, ctx->alg_encrypt_native,
699 ctx->blocksize, ctx->iv,
700 len, out, in);
701 break;
703 default:
704 error_setg(errp, "Unsupported cipher mode %s",
705 QCryptoCipherMode_str(cipher->mode));
706 return -1;
707 }
708 return 0;
709 }
711 static int
712 qcrypto_nettle_cipher_setiv(QCryptoCipher *cipher,
713 const uint8_t *iv, size_t niv,
714 Error **errp)
715 {
716 QCryptoCipherNettle *ctx = cipher->opaque;
717 if (niv != ctx->blocksize) {
718 error_setg(errp, "Expected IV size %zu not %zu",
719 ctx->blocksize, niv);
720 return -1;
721 }
722 memcpy(ctx->iv, iv, niv);
723 return 0;
724 }
727 static const struct QCryptoCipherDriver qcrypto_cipher_lib_driver = {
728 .cipher_encrypt = qcrypto_nettle_cipher_encrypt,
729 .cipher_decrypt = qcrypto_nettle_cipher_decrypt,
730 .cipher_setiv = qcrypto_nettle_cipher_setiv,
731 .cipher_free = qcrypto_nettle_cipher_ctx_free,
732 };