| blob | cac771e4ff7bd93a055a968aa5ad4cd0750ec9b5 |
1 /*
2 * QEMU Crypto cipher nettle algorithms
3 *
4 * Copyright (c) 2015 Red Hat, Inc.
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 *
19 */
21 #ifdef CONFIG_QEMU_PRIVATE_XTS
22 #include "crypto/xts.h"
23 #endif
25 #include <nettle/nettle-types.h>
26 #include <nettle/aes.h>
27 #include <nettle/des.h>
28 #include <nettle/cbc.h>
29 #include <nettle/cast128.h>
30 #include <nettle/serpent.h>
31 #include <nettle/twofish.h>
32 #include <nettle/ctr.h>
33 #ifndef CONFIG_QEMU_PRIVATE_XTS
34 #include <nettle/xts.h>
35 #endif
37 typedef void (*QCryptoCipherNettleFuncWrapper)(const void *ctx,
38 size_t length,
39 uint8_t *dst,
40 const uint8_t *src);
42 #if CONFIG_NETTLE_VERSION_MAJOR < 3
43 typedef nettle_crypt_func * QCryptoCipherNettleFuncNative;
44 typedef void * cipher_ctx_t;
45 typedef unsigned cipher_length_t;
46 #define CONST_CTX
48 #define cast5_set_key cast128_set_key
50 #define aes128_ctx aes_ctx
51 #define aes192_ctx aes_ctx
52 #define aes256_ctx aes_ctx
53 #define aes128_set_encrypt_key(c, k) \
54 aes_set_encrypt_key(c, 16, k)
55 #define aes192_set_encrypt_key(c, k) \
56 aes_set_encrypt_key(c, 24, k)
57 #define aes256_set_encrypt_key(c, k) \
58 aes_set_encrypt_key(c, 32, k)
59 #define aes128_set_decrypt_key(c, k) \
60 aes_set_decrypt_key(c, 16, k)
61 #define aes192_set_decrypt_key(c, k) \
62 aes_set_decrypt_key(c, 24, k)
63 #define aes256_set_decrypt_key(c, k) \
64 aes_set_decrypt_key(c, 32, k)
65 #define aes128_encrypt aes_encrypt
66 #define aes192_encrypt aes_encrypt
67 #define aes256_encrypt aes_encrypt
68 #define aes128_decrypt aes_decrypt
69 #define aes192_decrypt aes_decrypt
70 #define aes256_decrypt aes_decrypt
71 #else
72 typedef nettle_cipher_func * QCryptoCipherNettleFuncNative;
73 typedef const void * cipher_ctx_t;
74 typedef size_t cipher_length_t;
75 #define CONST_CTX const
76 #endif
78 static inline bool qcrypto_length_check(size_t len, size_t blocksize,
79 Error **errp)
80 {
81 if (unlikely(len & (blocksize - 1))) {
82 error_setg(errp, "Length %zu must be a multiple of block size %zu",
83 len, blocksize);
84 return false;
85 }
86 return true;
87 }
90 static void qcrypto_cipher_ctx_free(QCryptoCipher *ctx)
91 {
92 g_free(ctx);
93 }
95 static int qcrypto_cipher_no_setiv(QCryptoCipher *cipher,
96 const uint8_t *iv, size_t niv,
97 Error **errp)
98 {
99 error_setg(errp, "Setting IV is not supported");
100 return -1;
101 }
104 #define DEFINE_SETIV(NAME, TYPE, BLEN) \
105 static int NAME##_setiv(QCryptoCipher *cipher, const uint8_t *iv, \
106 size_t niv, Error **errp) \
107 { \
108 TYPE *ctx = container_of(cipher, TYPE, base); \
109 if (niv != BLEN) { \
110 error_setg(errp, "Expected IV size %d not %zu", BLEN, niv); \
111 return -1; \
112 } \
113 memcpy(ctx->iv, iv, niv); \
114 return 0; \
115 }
118 #define DEFINE_ECB(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \
119 static int NAME##_encrypt_ecb(QCryptoCipher *cipher, const void *in, \
120 void *out, size_t len, Error **errp) \
121 { \
122 TYPE *ctx = container_of(cipher, TYPE, base); \
123 if (!qcrypto_length_check(len, BLEN, errp)) { \
124 return -1; \
125 } \
126 ENCRYPT(&ctx->key, len, out, in); \
127 return 0; \
128 } \
129 static int NAME##_decrypt_ecb(QCryptoCipher *cipher, const void *in, \
130 void *out, size_t len, Error **errp) \
131 { \
132 TYPE *ctx = container_of(cipher, TYPE, base); \
133 if (!qcrypto_length_check(len, BLEN, errp)) { \
134 return -1; \
135 } \
136 DECRYPT(&ctx->key, len, out, in); \
137 return 0; \
138 } \
139 static const struct QCryptoCipherDriver NAME##_driver_ecb = { \
140 .cipher_encrypt = NAME##_encrypt_ecb, \
141 .cipher_decrypt = NAME##_decrypt_ecb, \
142 .cipher_setiv = qcrypto_cipher_no_setiv, \
143 .cipher_free = qcrypto_cipher_ctx_free, \
144 };
147 #define DEFINE_CBC(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \
148 static int NAME##_encrypt_cbc(QCryptoCipher *cipher, const void *in, \
149 void *out, size_t len, Error **errp) \
150 { \
151 TYPE *ctx = container_of(cipher, TYPE, base); \
152 if (!qcrypto_length_check(len, BLEN, errp)) { \
153 return -1; \
154 } \
155 cbc_encrypt(&ctx->key, ENCRYPT, BLEN, ctx->iv, len, out, in); \
156 return 0; \
157 } \
158 static int NAME##_decrypt_cbc(QCryptoCipher *cipher, const void *in, \
159 void *out, size_t len, Error **errp) \
160 { \
161 TYPE *ctx = container_of(cipher, TYPE, base); \
162 if (!qcrypto_length_check(len, BLEN, errp)) { \
163 return -1; \
164 } \
165 cbc_decrypt(&ctx->key, DECRYPT, BLEN, ctx->iv, len, out, in); \
166 return 0; \
167 } \
168 static const struct QCryptoCipherDriver NAME##_driver_cbc = { \
169 .cipher_encrypt = NAME##_encrypt_cbc, \
170 .cipher_decrypt = NAME##_decrypt_cbc, \
171 .cipher_setiv = NAME##_setiv, \
172 .cipher_free = qcrypto_cipher_ctx_free, \
173 };
176 #define DEFINE_CTR(NAME, TYPE, BLEN, ENCRYPT) \
177 static int NAME##_encrypt_ctr(QCryptoCipher *cipher, const void *in, \
178 void *out, size_t len, Error **errp) \
179 { \
180 TYPE *ctx = container_of(cipher, TYPE, base); \
181 if (!qcrypto_length_check(len, BLEN, errp)) { \
182 return -1; \
183 } \
184 ctr_crypt(&ctx->key, ENCRYPT, BLEN, ctx->iv, len, out, in); \
185 return 0; \
186 } \
187 static const struct QCryptoCipherDriver NAME##_driver_ctr = { \
188 .cipher_encrypt = NAME##_encrypt_ctr, \
189 .cipher_decrypt = NAME##_encrypt_ctr, \
190 .cipher_setiv = NAME##_setiv, \
191 .cipher_free = qcrypto_cipher_ctx_free, \
192 };
195 #ifdef CONFIG_QEMU_PRIVATE_XTS
196 #define DEFINE__XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \
197 static void NAME##_xts_wrape(const void *ctx, size_t length, \
198 uint8_t *dst, const uint8_t *src) \
199 { \
200 ENCRYPT((cipher_ctx_t)ctx, length, dst, src); \
201 } \
202 static void NAME##_xts_wrapd(const void *ctx, size_t length, \
203 uint8_t *dst, const uint8_t *src) \
204 { \
205 DECRYPT((cipher_ctx_t)ctx, length, dst, src); \
206 } \
207 static int NAME##_encrypt_xts(QCryptoCipher *cipher, const void *in, \
208 void *out, size_t len, Error **errp) \
209 { \
210 TYPE *ctx = container_of(cipher, TYPE, base); \
211 if (!qcrypto_length_check(len, BLEN, errp)) { \
212 return -1; \
213 } \
214 xts_encrypt(&ctx->key, &ctx->key_xts, \
215 NAME##_xts_wrape, NAME##_xts_wrapd, \
216 ctx->iv, len, out, in); \
217 return 0; \
218 } \
219 static int NAME##_decrypt_xts(QCryptoCipher *cipher, const void *in, \
220 void *out, size_t len, Error **errp) \
221 { \
222 TYPE *ctx = container_of(cipher, TYPE, base); \
223 if (!qcrypto_length_check(len, BLEN, errp)) { \
224 return -1; \
225 } \
226 xts_decrypt(&ctx->key, &ctx->key_xts, \
227 NAME##_xts_wrape, NAME##_xts_wrapd, \
228 ctx->iv, len, out, in); \
229 return 0; \
230 }
231 #else
232 #define DEFINE__XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \
233 static int NAME##_encrypt_xts(QCryptoCipher *cipher, const void *in, \
234 void *out, size_t len, Error **errp) \
235 { \
236 TYPE *ctx = container_of(cipher, TYPE, base); \
237 if (!qcrypto_length_check(len, BLEN, errp)) { \
238 return -1; \
239 } \
240 xts_encrypt_message(&ctx->key, &ctx->key_xts, ENCRYPT, \
241 ctx->iv, len, out, in); \
242 return 0; \
243 } \
244 static int NAME##_decrypt_xts(QCryptoCipher *cipher, const void *in, \
245 void *out, size_t len, Error **errp) \
246 { \
247 TYPE *ctx = container_of(cipher, TYPE, base); \
248 if (!qcrypto_length_check(len, BLEN, errp)) { \
249 return -1; \
250 } \
251 xts_decrypt_message(&ctx->key, &ctx->key_xts, DECRYPT, ENCRYPT, \
252 ctx->iv, len, out, in); \
253 return 0; \
254 }
255 #endif
257 #define DEFINE_XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \
258 QEMU_BUILD_BUG_ON(BLEN != XTS_BLOCK_SIZE); \
259 DEFINE__XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \
260 static const struct QCryptoCipherDriver NAME##_driver_xts = { \
261 .cipher_encrypt = NAME##_encrypt_xts, \
262 .cipher_decrypt = NAME##_decrypt_xts, \
263 .cipher_setiv = NAME##_setiv, \
264 .cipher_free = qcrypto_cipher_ctx_free, \
265 };
268 #define DEFINE_ECB_CBC_CTR(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \
269 DEFINE_SETIV(NAME, TYPE, BLEN) \
270 DEFINE_ECB(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \
271 DEFINE_CBC(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \
272 DEFINE_CTR(NAME, TYPE, BLEN, ENCRYPT)
274 #define DEFINE_ECB_CBC_CTR_XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \
275 DEFINE_ECB_CBC_CTR(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \
276 DEFINE_XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT)
279 typedef struct QCryptoNettleDESRFB {
280 QCryptoCipher base;
281 struct des_ctx key;
282 uint8_t iv[DES_BLOCK_SIZE];
283 } QCryptoNettleDESRFB;
285 static void des_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
286 uint8_t *dst, const uint8_t *src)
287 {
288 des_encrypt(ctx, length, dst, src);
289 }
291 static void des_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
292 uint8_t *dst, const uint8_t *src)
293 {
294 des_decrypt(ctx, length, dst, src);
295 }
297 DEFINE_ECB_CBC_CTR(qcrypto_nettle_des_rfb, QCryptoNettleDESRFB,
298 DES_BLOCK_SIZE, des_encrypt_native, des_decrypt_native)
301 typedef struct QCryptoNettleDES3 {
302 QCryptoCipher base;
303 struct des3_ctx key;
304 uint8_t iv[DES3_BLOCK_SIZE];
305 } QCryptoNettleDES3;
307 static void des3_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
308 uint8_t *dst, const uint8_t *src)
309 {
310 des3_encrypt(ctx, length, dst, src);
311 }
313 static void des3_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
314 uint8_t *dst, const uint8_t *src)
315 {
316 des3_decrypt(ctx, length, dst, src);
317 }
319 DEFINE_ECB_CBC_CTR(qcrypto_nettle_des3, QCryptoNettleDES3, DES3_BLOCK_SIZE,
320 des3_encrypt_native, des3_decrypt_native)
323 typedef struct QCryptoNettleAES128 {
324 QCryptoCipher base;
325 uint8_t iv[AES_BLOCK_SIZE];
326 /* First key from pair is encode, second key is decode. */
327 struct aes128_ctx key[2], key_xts[2];
328 } QCryptoNettleAES128;
330 static void aes128_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
331 uint8_t *dst, const uint8_t *src)
332 {
333 CONST_CTX struct aes128_ctx *keys = ctx;
334 aes128_encrypt(&keys[0], length, dst, src);
335 }
337 static void aes128_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
338 uint8_t *dst, const uint8_t *src)
339 {
340 CONST_CTX struct aes128_ctx *keys = ctx;
341 aes128_decrypt(&keys[1], length, dst, src);
342 }
344 DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_aes128,
345 QCryptoNettleAES128, AES_BLOCK_SIZE,
346 aes128_encrypt_native, aes128_decrypt_native)
349 typedef struct QCryptoNettleAES192 {
350 QCryptoCipher base;
351 uint8_t iv[AES_BLOCK_SIZE];
352 /* First key from pair is encode, second key is decode. */
353 struct aes192_ctx key[2], key_xts[2];
354 } QCryptoNettleAES192;
356 static void aes192_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
357 uint8_t *dst, const uint8_t *src)
358 {
359 CONST_CTX struct aes192_ctx *keys = ctx;
360 aes192_encrypt(&keys[0], length, dst, src);
361 }
363 static void aes192_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
364 uint8_t *dst, const uint8_t *src)
365 {
366 CONST_CTX struct aes192_ctx *keys = ctx;
367 aes192_decrypt(&keys[1], length, dst, src);
368 }
370 DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_aes192,
371 QCryptoNettleAES192, AES_BLOCK_SIZE,
372 aes192_encrypt_native, aes192_decrypt_native)
375 typedef struct QCryptoNettleAES256 {
376 QCryptoCipher base;
377 uint8_t iv[AES_BLOCK_SIZE];
378 /* First key from pair is encode, second key is decode. */
379 struct aes256_ctx key[2], key_xts[2];
380 } QCryptoNettleAES256;
382 static void aes256_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
383 uint8_t *dst, const uint8_t *src)
384 {
385 CONST_CTX struct aes256_ctx *keys = ctx;
386 aes256_encrypt(&keys[0], length, dst, src);
387 }
389 static void aes256_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
390 uint8_t *dst, const uint8_t *src)
391 {
392 CONST_CTX struct aes256_ctx *keys = ctx;
393 aes256_decrypt(&keys[1], length, dst, src);
394 }
396 DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_aes256,
397 QCryptoNettleAES256, AES_BLOCK_SIZE,
398 aes256_encrypt_native, aes256_decrypt_native)
401 typedef struct QCryptoNettleCAST128 {
402 QCryptoCipher base;
403 uint8_t iv[CAST128_BLOCK_SIZE];
404 struct cast128_ctx key, key_xts;
405 } QCryptoNettleCAST128;
407 static void cast128_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
408 uint8_t *dst, const uint8_t *src)
409 {
410 cast128_encrypt(ctx, length, dst, src);
411 }
413 static void cast128_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
414 uint8_t *dst, const uint8_t *src)
415 {
416 cast128_decrypt(ctx, length, dst, src);
417 }
419 DEFINE_ECB_CBC_CTR(qcrypto_nettle_cast128,
420 QCryptoNettleCAST128, CAST128_BLOCK_SIZE,
421 cast128_encrypt_native, cast128_decrypt_native)
424 typedef struct QCryptoNettleSerpent {
425 QCryptoCipher base;
426 uint8_t iv[SERPENT_BLOCK_SIZE];
427 struct serpent_ctx key, key_xts;
428 } QCryptoNettleSerpent;
431 static void serpent_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
432 uint8_t *dst, const uint8_t *src)
433 {
434 serpent_encrypt(ctx, length, dst, src);
435 }
437 static void serpent_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
438 uint8_t *dst, const uint8_t *src)
439 {
440 serpent_decrypt(ctx, length, dst, src);
441 }
443 DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_serpent,
444 QCryptoNettleSerpent, SERPENT_BLOCK_SIZE,
445 serpent_encrypt_native, serpent_decrypt_native)
448 typedef struct QCryptoNettleTwofish {
449 QCryptoCipher base;
450 uint8_t iv[TWOFISH_BLOCK_SIZE];
451 struct twofish_ctx key, key_xts;
452 } QCryptoNettleTwofish;
454 static void twofish_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
455 uint8_t *dst, const uint8_t *src)
456 {
457 twofish_encrypt(ctx, length, dst, src);
458 }
460 static void twofish_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
461 uint8_t *dst, const uint8_t *src)
462 {
463 twofish_decrypt(ctx, length, dst, src);
464 }
466 DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_twofish,
467 QCryptoNettleTwofish, TWOFISH_BLOCK_SIZE,
468 twofish_encrypt_native, twofish_decrypt_native)
471 bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg,
472 QCryptoCipherMode mode)
473 {
474 switch (alg) {
475 case QCRYPTO_CIPHER_ALG_DES_RFB:
476 case QCRYPTO_CIPHER_ALG_3DES:
477 case QCRYPTO_CIPHER_ALG_AES_128:
478 case QCRYPTO_CIPHER_ALG_AES_192:
479 case QCRYPTO_CIPHER_ALG_AES_256:
480 case QCRYPTO_CIPHER_ALG_CAST5_128:
481 case QCRYPTO_CIPHER_ALG_SERPENT_128:
482 case QCRYPTO_CIPHER_ALG_SERPENT_192:
483 case QCRYPTO_CIPHER_ALG_SERPENT_256:
484 case QCRYPTO_CIPHER_ALG_TWOFISH_128:
485 case QCRYPTO_CIPHER_ALG_TWOFISH_192:
486 case QCRYPTO_CIPHER_ALG_TWOFISH_256:
487 break;
488 default:
489 return false;
490 }
492 switch (mode) {
493 case QCRYPTO_CIPHER_MODE_ECB:
494 case QCRYPTO_CIPHER_MODE_CBC:
495 case QCRYPTO_CIPHER_MODE_XTS:
496 case QCRYPTO_CIPHER_MODE_CTR:
497 return true;
498 default:
499 return false;
500 }
501 }
503 static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg,
504 QCryptoCipherMode mode,
505 const uint8_t *key,
506 size_t nkey,
507 Error **errp)
508 {
509 switch (mode) {
510 case QCRYPTO_CIPHER_MODE_ECB:
511 case QCRYPTO_CIPHER_MODE_CBC:
512 case QCRYPTO_CIPHER_MODE_XTS:
513 case QCRYPTO_CIPHER_MODE_CTR:
514 break;
515 default:
516 goto bad_cipher_mode;
517 }
519 if (!qcrypto_cipher_validate_key_length(alg, mode, nkey, errp)) {
520 return NULL;
521 }
523 switch (alg) {
524 case QCRYPTO_CIPHER_ALG_DES_RFB:
525 {
526 QCryptoNettleDESRFB *ctx;
527 const QCryptoCipherDriver *drv;
528 uint8_t *rfbkey;
530 switch (mode) {
531 case QCRYPTO_CIPHER_MODE_ECB:
532 drv = &qcrypto_nettle_des_rfb_driver_ecb;
533 break;
534 case QCRYPTO_CIPHER_MODE_CBC:
535 drv = &qcrypto_nettle_des_rfb_driver_cbc;
536 break;
537 case QCRYPTO_CIPHER_MODE_CTR:
538 drv = &qcrypto_nettle_des_rfb_driver_ctr;
539 break;
540 default:
541 goto bad_cipher_mode;
542 }
544 ctx = g_new0(QCryptoNettleDESRFB, 1);
545 ctx->base.driver = drv;
547 rfbkey = qcrypto_cipher_munge_des_rfb_key(key, nkey);
548 des_set_key(&ctx->key, rfbkey);
549 g_free(rfbkey);
551 return &ctx->base;
552 }
554 case QCRYPTO_CIPHER_ALG_3DES:
555 {
556 QCryptoNettleDES3 *ctx;
557 const QCryptoCipherDriver *drv;
559 switch (mode) {
560 case QCRYPTO_CIPHER_MODE_ECB:
561 drv = &qcrypto_nettle_des3_driver_ecb;
562 break;
563 case QCRYPTO_CIPHER_MODE_CBC:
564 drv = &qcrypto_nettle_des3_driver_cbc;
565 break;
566 case QCRYPTO_CIPHER_MODE_CTR:
567 drv = &qcrypto_nettle_des3_driver_ctr;
568 break;
569 default:
570 goto bad_cipher_mode;
571 }
573 ctx = g_new0(QCryptoNettleDES3, 1);
574 ctx->base.driver = drv;
575 des3_set_key(&ctx->key, key);
576 return &ctx->base;
577 }
579 case QCRYPTO_CIPHER_ALG_AES_128:
580 {
581 QCryptoNettleAES128 *ctx = g_new0(QCryptoNettleAES128, 1);
583 switch (mode) {
584 case QCRYPTO_CIPHER_MODE_ECB:
585 ctx->base.driver = &qcrypto_nettle_aes128_driver_ecb;
586 break;
587 case QCRYPTO_CIPHER_MODE_CBC:
588 ctx->base.driver = &qcrypto_nettle_aes128_driver_cbc;
589 break;
590 case QCRYPTO_CIPHER_MODE_CTR:
591 ctx->base.driver = &qcrypto_nettle_aes128_driver_ctr;
592 break;
593 case QCRYPTO_CIPHER_MODE_XTS:
594 ctx->base.driver = &qcrypto_nettle_aes128_driver_xts;
595 nkey /= 2;
596 aes128_set_encrypt_key(&ctx->key_xts[0], key + nkey);
597 aes128_set_decrypt_key(&ctx->key_xts[1], key + nkey);
598 break;
599 default:
600 g_assert_not_reached();
601 }
602 aes128_set_encrypt_key(&ctx->key[0], key);
603 aes128_set_decrypt_key(&ctx->key[1], key);
605 return &ctx->base;
606 }
608 case QCRYPTO_CIPHER_ALG_AES_192:
609 {
610 QCryptoNettleAES192 *ctx = g_new0(QCryptoNettleAES192, 1);
612 switch (mode) {
613 case QCRYPTO_CIPHER_MODE_ECB:
614 ctx->base.driver = &qcrypto_nettle_aes192_driver_ecb;
615 break;
616 case QCRYPTO_CIPHER_MODE_CBC:
617 ctx->base.driver = &qcrypto_nettle_aes192_driver_cbc;
618 break;
619 case QCRYPTO_CIPHER_MODE_CTR:
620 ctx->base.driver = &qcrypto_nettle_aes192_driver_ctr;
621 break;
622 case QCRYPTO_CIPHER_MODE_XTS:
623 ctx->base.driver = &qcrypto_nettle_aes192_driver_xts;
624 nkey /= 2;
625 aes192_set_encrypt_key(&ctx->key_xts[0], key + nkey);
626 aes192_set_decrypt_key(&ctx->key_xts[1], key + nkey);
627 break;
628 default:
629 g_assert_not_reached();
630 }
631 aes192_set_encrypt_key(&ctx->key[0], key);
632 aes192_set_decrypt_key(&ctx->key[1], key);
634 return &ctx->base;
635 }
637 case QCRYPTO_CIPHER_ALG_AES_256:
638 {
639 QCryptoNettleAES256 *ctx = g_new0(QCryptoNettleAES256, 1);
641 switch (mode) {
642 case QCRYPTO_CIPHER_MODE_ECB:
643 ctx->base.driver = &qcrypto_nettle_aes256_driver_ecb;
644 break;
645 case QCRYPTO_CIPHER_MODE_CBC:
646 ctx->base.driver = &qcrypto_nettle_aes256_driver_cbc;
647 break;
648 case QCRYPTO_CIPHER_MODE_CTR:
649 ctx->base.driver = &qcrypto_nettle_aes256_driver_ctr;
650 break;
651 case QCRYPTO_CIPHER_MODE_XTS:
652 ctx->base.driver = &qcrypto_nettle_aes256_driver_xts;
653 nkey /= 2;
654 aes256_set_encrypt_key(&ctx->key_xts[0], key + nkey);
655 aes256_set_decrypt_key(&ctx->key_xts[1], key + nkey);
656 break;
657 default:
658 g_assert_not_reached();
659 }
660 aes256_set_encrypt_key(&ctx->key[0], key);
661 aes256_set_decrypt_key(&ctx->key[1], key);
663 return &ctx->base;
664 }
666 case QCRYPTO_CIPHER_ALG_CAST5_128:
667 {
668 QCryptoNettleCAST128 *ctx;
669 const QCryptoCipherDriver *drv;
671 switch (mode) {
672 case QCRYPTO_CIPHER_MODE_ECB:
673 drv = &qcrypto_nettle_cast128_driver_ecb;
674 break;
675 case QCRYPTO_CIPHER_MODE_CBC:
676 drv = &qcrypto_nettle_cast128_driver_cbc;
677 break;
678 case QCRYPTO_CIPHER_MODE_CTR:
679 drv = &qcrypto_nettle_cast128_driver_ctr;
680 break;
681 default:
682 goto bad_cipher_mode;
683 }
685 ctx = g_new0(QCryptoNettleCAST128, 1);
686 ctx->base.driver = drv;
687 cast5_set_key(&ctx->key, nkey, key);
689 return &ctx->base;
690 }
692 case QCRYPTO_CIPHER_ALG_SERPENT_128:
693 case QCRYPTO_CIPHER_ALG_SERPENT_192:
694 case QCRYPTO_CIPHER_ALG_SERPENT_256:
695 {
696 QCryptoNettleSerpent *ctx = g_new0(QCryptoNettleSerpent, 1);
698 switch (mode) {
699 case QCRYPTO_CIPHER_MODE_ECB:
700 ctx->base.driver = &qcrypto_nettle_serpent_driver_ecb;
701 break;
702 case QCRYPTO_CIPHER_MODE_CBC:
703 ctx->base.driver = &qcrypto_nettle_serpent_driver_cbc;
704 break;
705 case QCRYPTO_CIPHER_MODE_CTR:
706 ctx->base.driver = &qcrypto_nettle_serpent_driver_ctr;
707 break;
708 case QCRYPTO_CIPHER_MODE_XTS:
709 ctx->base.driver = &qcrypto_nettle_serpent_driver_xts;
710 nkey /= 2;
711 serpent_set_key(&ctx->key_xts, nkey, key + nkey);
712 break;
713 default:
714 g_assert_not_reached();
715 }
716 serpent_set_key(&ctx->key, nkey, key);
718 return &ctx->base;
719 }
721 case QCRYPTO_CIPHER_ALG_TWOFISH_128:
722 case QCRYPTO_CIPHER_ALG_TWOFISH_192:
723 case QCRYPTO_CIPHER_ALG_TWOFISH_256:
724 {
725 QCryptoNettleTwofish *ctx = g_new0(QCryptoNettleTwofish, 1);
727 switch (mode) {
728 case QCRYPTO_CIPHER_MODE_ECB:
729 ctx->base.driver = &qcrypto_nettle_twofish_driver_ecb;
730 break;
731 case QCRYPTO_CIPHER_MODE_CBC:
732 ctx->base.driver = &qcrypto_nettle_twofish_driver_cbc;
733 break;
734 case QCRYPTO_CIPHER_MODE_CTR:
735 ctx->base.driver = &qcrypto_nettle_twofish_driver_ctr;
736 break;
737 case QCRYPTO_CIPHER_MODE_XTS:
738 ctx->base.driver = &qcrypto_nettle_twofish_driver_xts;
739 nkey /= 2;
740 twofish_set_key(&ctx->key_xts, nkey, key + nkey);
741 break;
742 default:
743 g_assert_not_reached();
744 }
745 twofish_set_key(&ctx->key, nkey, key);
747 return &ctx->base;
748 }
750 default:
751 error_setg(errp, "Unsupported cipher algorithm %s",
752 QCryptoCipherAlgorithm_str(alg));
753 return NULL;
754 }
756 bad_cipher_mode:
757 error_setg(errp, "Unsupported cipher mode %s",
758 QCryptoCipherMode_str(mode));
759 return NULL;
760 }