2 * QEMU Crypto cipher algorithms
4 * Copyright (c) 2015 Red Hat, Inc.
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
21 #ifndef QCRYPTO_CIPHER_H
22 #define QCRYPTO_CIPHER_H
24 #include "qapi-types.h"
26 typedef struct QCryptoCipher QCryptoCipher
;
28 /* See also "QCryptoCipherAlgorithm" and "QCryptoCipherMode"
29 * enums defined in qapi/crypto.json */
34 * The QCryptoCipher object provides a way to perform encryption
35 * and decryption of data, with a standard API, regardless of the
36 * algorithm used. It further isolates the calling code from the
37 * details of the specific underlying implementation, whether
38 * built-in, libgcrypt or nettle.
40 * Each QCryptoCipher object is capable of performing both
41 * encryption and decryption, and can operate in a number
42 * or modes including ECB, CBC.
45 * <title>Encrypting data with AES-128 in CBC mode</title>
47 * QCryptoCipher *cipher;
52 * if (!qcrypto_cipher_supports(QCRYPTO_CIPHER_ALG_AES_128)) {
53 * error_report(errp, "Feature <blah> requires AES cipher support");
57 * cipher = qcrypto_cipher_new(QCRYPTO_CIPHER_ALG_AES_128,
58 * QCRYPTO_CIPHER_MODE_CBC,
65 * if (qcrypto_cipher_set_iv(cipher, iv, keylen, errp) < 0) {
69 * if (qcrypto_cipher_encrypt(cipher, rawdata, encdata, datalen, errp) < 0) {
73 * qcrypto_cipher_free(cipher);
79 struct QCryptoCipher
{
80 QCryptoCipherAlgorithm alg
;
81 QCryptoCipherMode mode
;
86 * qcrypto_cipher_supports:
87 * @alg: the cipher algorithm
88 * @mode: the cipher mode
90 * Determine if @alg cipher algorithm in @mode is supported by the
91 * current configured build
93 * Returns: true if the algorithm is supported, false otherwise
95 bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg
,
96 QCryptoCipherMode mode
);
99 * qcrypto_cipher_get_block_len:
100 * @alg: the cipher algorithm
102 * Get the required data block size in bytes. When
103 * encrypting data, it must be a multiple of the
106 * Returns: the block size in bytes
108 size_t qcrypto_cipher_get_block_len(QCryptoCipherAlgorithm alg
);
112 * qcrypto_cipher_get_key_len:
113 * @alg: the cipher algorithm
115 * Get the required key size in bytes.
117 * Returns: the key size in bytes
119 size_t qcrypto_cipher_get_key_len(QCryptoCipherAlgorithm alg
);
123 * qcrypto_cipher_get_iv_len:
124 * @alg: the cipher algorithm
125 * @mode: the cipher mode
127 * Get the required initialization vector size
128 * in bytes, if one is required.
130 * Returns: the IV size in bytes, or 0 if no IV is permitted
132 size_t qcrypto_cipher_get_iv_len(QCryptoCipherAlgorithm alg
,
133 QCryptoCipherMode mode
);
137 * qcrypto_cipher_new:
138 * @alg: the cipher algorithm
139 * @mode: the cipher usage mode
140 * @key: the private key bytes
141 * @nkey: the length of @key
142 * @errp: pointer to a NULL-initialized error object
144 * Creates a new cipher object for encrypting/decrypting
145 * data with the algorithm @alg in the usage mode @mode.
147 * The @key parameter provides the bytes representing
148 * the encryption/decryption key to use. The @nkey parameter
149 * specifies the length of @key in bytes. Each algorithm has
150 * one or more valid key lengths, and it is an error to provide
151 * a key of the incorrect length.
153 * The returned cipher object must be released with
154 * qcrypto_cipher_free() when no longer required
156 * Returns: a new cipher object, or NULL on error
158 QCryptoCipher
*qcrypto_cipher_new(QCryptoCipherAlgorithm alg
,
159 QCryptoCipherMode mode
,
160 const uint8_t *key
, size_t nkey
,
164 * qcrypto_cipher_free:
165 * @cipher: the cipher object
167 * Release the memory associated with @cipher that
168 * was previously allocated by qcrypto_cipher_new()
170 void qcrypto_cipher_free(QCryptoCipher
*cipher
);
173 * qcrypto_cipher_encrypt:
174 * @cipher: the cipher object
175 * @in: buffer holding the plain text input data
176 * @out: buffer to fill with the cipher text output data
177 * @len: the length of @in and @out buffers
178 * @errp: pointer to a NULL-initialized error object
180 * Encrypts the plain text stored in @in, filling
181 * @out with the resulting ciphered text. Both the
182 * @in and @out buffers must have the same size,
185 * Returns: 0 on success, or -1 on error
187 int qcrypto_cipher_encrypt(QCryptoCipher
*cipher
,
195 * qcrypto_cipher_decrypt:
196 * @cipher: the cipher object
197 * @in: buffer holding the cipher text input data
198 * @out: buffer to fill with the plain text output data
199 * @len: the length of @in and @out buffers
200 * @errp: pointer to a NULL-initialized error object
202 * Decrypts the cipher text stored in @in, filling
203 * @out with the resulting plain text. Both the
204 * @in and @out buffers must have the same size,
207 * Returns: 0 on success, or -1 on error
209 int qcrypto_cipher_decrypt(QCryptoCipher
*cipher
,
216 * qcrypto_cipher_setiv:
217 * @cipher: the cipher object
218 * @iv: the initialization vector or counter (CTR mode) bytes
219 * @niv: the length of @iv
220 * @errpr: pointer to a NULL-initialized error object
222 * If the @cipher object is setup to use a mode that requires
223 * initialization vectors or counter, this sets the @niv
224 * bytes. The @iv data should have the same length as the
225 * cipher key used when originally constructing the cipher
226 * object. It is an error to set an initialization vector
227 * or counter if the cipher mode does not require one.
229 * Returns: 0 on success, -1 on error
231 int qcrypto_cipher_setiv(QCryptoCipher
*cipher
,
232 const uint8_t *iv
, size_t niv
,
235 #endif /* QCRYPTO_CIPHER_H */