search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging
[qemu/ar7.git] / crypto / cipher-nettle.c
blobd7411bb8ff9ecc095c2be81f13c7eb1f6b9f5c19
1 /*
2 * QEMU Crypto cipher nettle algorithms
3 *
4 * Copyright (c) 2015 Red Hat, Inc.
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 *
19 */
20
21 #include "qemu/osdep.h"
22 #include "crypto/xts.h"
23 #include "cipherpriv.h"
24
25 #include <nettle/nettle-types.h>
26 #include <nettle/aes.h>
27 #include <nettle/des.h>
28 #include <nettle/cbc.h>
29 #include <nettle/cast128.h>
30 #include <nettle/serpent.h>
31 #include <nettle/twofish.h>
32 #include <nettle/ctr.h>
33
34 typedef void (*QCryptoCipherNettleFuncWrapper)(const void *ctx,
35 size_t length,
36 uint8_t *dst,
37 const uint8_t *src);
38
39 #if CONFIG_NETTLE_VERSION_MAJOR < 3
40 typedef nettle_crypt_func * QCryptoCipherNettleFuncNative;
41 typedef void * cipher_ctx_t;
42 typedef unsigned cipher_length_t;
43
44 #define cast5_set_key cast128_set_key
45
46 #define aes128_ctx aes_ctx
47 #define aes192_ctx aes_ctx
48 #define aes256_ctx aes_ctx
49 #define aes128_set_encrypt_key(c, k) \
50 aes_set_encrypt_key(c, 16, k)
51 #define aes192_set_encrypt_key(c, k) \
52 aes_set_encrypt_key(c, 24, k)
53 #define aes256_set_encrypt_key(c, k) \
54 aes_set_encrypt_key(c, 32, k)
55 #define aes128_set_decrypt_key(c, k) \
56 aes_set_decrypt_key(c, 16, k)
57 #define aes192_set_decrypt_key(c, k) \
58 aes_set_decrypt_key(c, 24, k)
59 #define aes256_set_decrypt_key(c, k) \
60 aes_set_decrypt_key(c, 32, k)
61 #define aes128_encrypt aes_encrypt
62 #define aes192_encrypt aes_encrypt
63 #define aes256_encrypt aes_encrypt
64 #define aes128_decrypt aes_decrypt
65 #define aes192_decrypt aes_decrypt
66 #define aes256_decrypt aes_decrypt
67 #else
68 typedef nettle_cipher_func * QCryptoCipherNettleFuncNative;
69 typedef const void * cipher_ctx_t;
70 typedef size_t cipher_length_t;
71 #endif
72
73 typedef struct QCryptoNettleAES128 {
74 struct aes128_ctx enc;
75 struct aes128_ctx dec;
76 } QCryptoNettleAES128;
77
78 typedef struct QCryptoNettleAES192 {
79 struct aes192_ctx enc;
80 struct aes192_ctx dec;
81 } QCryptoNettleAES192;
82
83 typedef struct QCryptoNettleAES256 {
84 struct aes256_ctx enc;
85 struct aes256_ctx dec;
86 } QCryptoNettleAES256;
87
88 static void aes128_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
89 uint8_t *dst, const uint8_t *src)
90 {
91 const QCryptoNettleAES128 *aesctx = ctx;
92 aes128_encrypt(&aesctx->enc, length, dst, src);
93 }
94
95 static void aes128_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
96 uint8_t *dst, const uint8_t *src)
97 {
98 const QCryptoNettleAES128 *aesctx = ctx;
99 aes128_decrypt(&aesctx->dec, length, dst, src);
100 }
101
102 static void aes192_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
103 uint8_t *dst, const uint8_t *src)
104 {
105 const QCryptoNettleAES192 *aesctx = ctx;
106 aes192_encrypt(&aesctx->enc, length, dst, src);
107 }
108
109 static void aes192_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
110 uint8_t *dst, const uint8_t *src)
111 {
112 const QCryptoNettleAES192 *aesctx = ctx;
113 aes192_decrypt(&aesctx->dec, length, dst, src);
114 }
115
116 static void aes256_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
117 uint8_t *dst, const uint8_t *src)
118 {
119 const QCryptoNettleAES256 *aesctx = ctx;
120 aes256_encrypt(&aesctx->enc, length, dst, src);
121 }
122
123 static void aes256_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
124 uint8_t *dst, const uint8_t *src)
125 {
126 const QCryptoNettleAES256 *aesctx = ctx;
127 aes256_decrypt(&aesctx->dec, length, dst, src);
128 }
129
130 static void des_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
131 uint8_t *dst, const uint8_t *src)
132 {
133 des_encrypt(ctx, length, dst, src);
134 }
135
136 static void des_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
137 uint8_t *dst, const uint8_t *src)
138 {
139 des_decrypt(ctx, length, dst, src);
140 }
141
142 static void des3_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
143 uint8_t *dst, const uint8_t *src)
144 {
145 des3_encrypt(ctx, length, dst, src);
146 }
147
148 static void des3_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
149 uint8_t *dst, const uint8_t *src)
150 {
151 des3_decrypt(ctx, length, dst, src);
152 }
153
154 static void cast128_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
155 uint8_t *dst, const uint8_t *src)
156 {
157 cast128_encrypt(ctx, length, dst, src);
158 }
159
160 static void cast128_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
161 uint8_t *dst, const uint8_t *src)
162 {
163 cast128_decrypt(ctx, length, dst, src);
164 }
165
166 static void serpent_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
167 uint8_t *dst, const uint8_t *src)
168 {
169 serpent_encrypt(ctx, length, dst, src);
170 }
171
172 static void serpent_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
173 uint8_t *dst, const uint8_t *src)
174 {
175 serpent_decrypt(ctx, length, dst, src);
176 }
177
178 static void twofish_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
179 uint8_t *dst, const uint8_t *src)
180 {
181 twofish_encrypt(ctx, length, dst, src);
182 }
183
184 static void twofish_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
185 uint8_t *dst, const uint8_t *src)
186 {
187 twofish_decrypt(ctx, length, dst, src);
188 }
189
190 static void aes128_encrypt_wrapper(const void *ctx, size_t length,
191 uint8_t *dst, const uint8_t *src)
192 {
193 const QCryptoNettleAES128 *aesctx = ctx;
194 aes128_encrypt(&aesctx->enc, length, dst, src);
195 }
196
197 static void aes128_decrypt_wrapper(const void *ctx, size_t length,
198 uint8_t *dst, const uint8_t *src)
199 {
200 const QCryptoNettleAES128 *aesctx = ctx;
201 aes128_decrypt(&aesctx->dec, length, dst, src);
202 }
203
204 static void aes192_encrypt_wrapper(const void *ctx, size_t length,
205 uint8_t *dst, const uint8_t *src)
206 {
207 const QCryptoNettleAES192 *aesctx = ctx;
208 aes192_encrypt(&aesctx->enc, length, dst, src);
209 }
210
211 static void aes192_decrypt_wrapper(const void *ctx, size_t length,
212 uint8_t *dst, const uint8_t *src)
213 {
214 const QCryptoNettleAES192 *aesctx = ctx;
215 aes192_decrypt(&aesctx->dec, length, dst, src);
216 }
217
218 static void aes256_encrypt_wrapper(const void *ctx, size_t length,
219 uint8_t *dst, const uint8_t *src)
220 {
221 const QCryptoNettleAES256 *aesctx = ctx;
222 aes256_encrypt(&aesctx->enc, length, dst, src);
223 }
224
225 static void aes256_decrypt_wrapper(const void *ctx, size_t length,
226 uint8_t *dst, const uint8_t *src)
227 {
228 const QCryptoNettleAES256 *aesctx = ctx;
229 aes256_decrypt(&aesctx->dec, length, dst, src);
230 }
231
232 static void des_encrypt_wrapper(const void *ctx, size_t length,
233 uint8_t *dst, const uint8_t *src)
234 {
235 des_encrypt(ctx, length, dst, src);
236 }
237
238 static void des_decrypt_wrapper(const void *ctx, size_t length,
239 uint8_t *dst, const uint8_t *src)
240 {
241 des_decrypt(ctx, length, dst, src);
242 }
243
244 static void des3_encrypt_wrapper(const void *ctx, size_t length,
245 uint8_t *dst, const uint8_t *src)
246 {
247 des3_encrypt(ctx, length, dst, src);
248 }
249
250 static void des3_decrypt_wrapper(const void *ctx, size_t length,
251 uint8_t *dst, const uint8_t *src)
252 {
253 des3_decrypt(ctx, length, dst, src);
254 }
255
256 static void cast128_encrypt_wrapper(const void *ctx, size_t length,
257 uint8_t *dst, const uint8_t *src)
258 {
259 cast128_encrypt(ctx, length, dst, src);
260 }
261
262 static void cast128_decrypt_wrapper(const void *ctx, size_t length,
263 uint8_t *dst, const uint8_t *src)
264 {
265 cast128_decrypt(ctx, length, dst, src);
266 }
267
268 static void serpent_encrypt_wrapper(const void *ctx, size_t length,
269 uint8_t *dst, const uint8_t *src)
270 {
271 serpent_encrypt(ctx, length, dst, src);
272 }
273
274 static void serpent_decrypt_wrapper(const void *ctx, size_t length,
275 uint8_t *dst, const uint8_t *src)
276 {
277 serpent_decrypt(ctx, length, dst, src);
278 }
279
280 static void twofish_encrypt_wrapper(const void *ctx, size_t length,
281 uint8_t *dst, const uint8_t *src)
282 {
283 twofish_encrypt(ctx, length, dst, src);
284 }
285
286 static void twofish_decrypt_wrapper(const void *ctx, size_t length,
287 uint8_t *dst, const uint8_t *src)
288 {
289 twofish_decrypt(ctx, length, dst, src);
290 }
291
292 typedef struct QCryptoCipherNettle QCryptoCipherNettle;
293 struct QCryptoCipherNettle {
294 /* Primary cipher context for all modes */
295 void *ctx;
296 /* Second cipher context for XTS mode only */
297 void *ctx_tweak;
298 /* Cipher callbacks for both contexts */
299 QCryptoCipherNettleFuncNative alg_encrypt_native;
300 QCryptoCipherNettleFuncNative alg_decrypt_native;
301 QCryptoCipherNettleFuncWrapper alg_encrypt_wrapper;
302 QCryptoCipherNettleFuncWrapper alg_decrypt_wrapper;
303 /* Initialization vector or Counter */
304 uint8_t *iv;
305 size_t blocksize;
306 };
307
308 bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg,
309 QCryptoCipherMode mode)
310 {
311 switch (alg) {
312 case QCRYPTO_CIPHER_ALG_DES_RFB:
313 case QCRYPTO_CIPHER_ALG_3DES:
314 case QCRYPTO_CIPHER_ALG_AES_128:
315 case QCRYPTO_CIPHER_ALG_AES_192:
316 case QCRYPTO_CIPHER_ALG_AES_256:
317 case QCRYPTO_CIPHER_ALG_CAST5_128:
318 case QCRYPTO_CIPHER_ALG_SERPENT_128:
319 case QCRYPTO_CIPHER_ALG_SERPENT_192:
320 case QCRYPTO_CIPHER_ALG_SERPENT_256:
321 case QCRYPTO_CIPHER_ALG_TWOFISH_128:
322 case QCRYPTO_CIPHER_ALG_TWOFISH_192:
323 case QCRYPTO_CIPHER_ALG_TWOFISH_256:
324 break;
325 default:
326 return false;
327 }
328
329 switch (mode) {
330 case QCRYPTO_CIPHER_MODE_ECB:
331 case QCRYPTO_CIPHER_MODE_CBC:
332 case QCRYPTO_CIPHER_MODE_XTS:
333 case QCRYPTO_CIPHER_MODE_CTR:
334 return true;
335 default:
336 return false;
337 }
338 }
339
340
341 static void
342 qcrypto_nettle_cipher_free_ctx(QCryptoCipherNettle *ctx)
343 {
344 if (!ctx) {
345 return;
346 }
347
348 g_free(ctx->iv);
349 g_free(ctx->ctx);
350 g_free(ctx->ctx_tweak);
351 g_free(ctx);
352 }
353
354
355 static QCryptoCipherNettle *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg,
356 QCryptoCipherMode mode,
357 const uint8_t *key,
358 size_t nkey,
359 Error **errp)
360 {
361 QCryptoCipherNettle *ctx;
362 uint8_t *rfbkey;
363
364 switch (mode) {
365 case QCRYPTO_CIPHER_MODE_ECB:
366 case QCRYPTO_CIPHER_MODE_CBC:
367 case QCRYPTO_CIPHER_MODE_XTS:
368 case QCRYPTO_CIPHER_MODE_CTR:
369 break;
370 default:
371 error_setg(errp, "Unsupported cipher mode %s",
372 QCryptoCipherMode_str(mode));
373 return NULL;
374 }
375
376 if (!qcrypto_cipher_validate_key_length(alg, mode, nkey, errp)) {
377 return NULL;
378 }
379
380 ctx = g_new0(QCryptoCipherNettle, 1);
381
382 switch (alg) {
383 case QCRYPTO_CIPHER_ALG_DES_RFB:
384 ctx->ctx = g_new0(struct des_ctx, 1);
385 rfbkey = qcrypto_cipher_munge_des_rfb_key(key, nkey);
386 des_set_key(ctx->ctx, rfbkey);
387 g_free(rfbkey);
388
389 ctx->alg_encrypt_native = des_encrypt_native;
390 ctx->alg_decrypt_native = des_decrypt_native;
391 ctx->alg_encrypt_wrapper = des_encrypt_wrapper;
392 ctx->alg_decrypt_wrapper = des_decrypt_wrapper;
393
394 ctx->blocksize = DES_BLOCK_SIZE;
395 break;
396
397 case QCRYPTO_CIPHER_ALG_3DES:
398 ctx->ctx = g_new0(struct des3_ctx, 1);
399 des3_set_key(ctx->ctx, key);
400
401 ctx->alg_encrypt_native = des3_encrypt_native;
402 ctx->alg_decrypt_native = des3_decrypt_native;
403 ctx->alg_encrypt_wrapper = des3_encrypt_wrapper;
404 ctx->alg_decrypt_wrapper = des3_decrypt_wrapper;
405
406 ctx->blocksize = DES3_BLOCK_SIZE;
407 break;
408
409 case QCRYPTO_CIPHER_ALG_AES_128:
410 ctx->ctx = g_new0(QCryptoNettleAES128, 1);
411
412 if (mode == QCRYPTO_CIPHER_MODE_XTS) {
413 ctx->ctx_tweak = g_new0(QCryptoNettleAES128, 1);
414
415 nkey /= 2;
416 aes128_set_encrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->enc,
417 key);
418 aes128_set_decrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->dec,
419 key);
420
421 aes128_set_encrypt_key(&((QCryptoNettleAES128 *)ctx->ctx_tweak)->
422 enc, key + nkey);
423 aes128_set_decrypt_key(&((QCryptoNettleAES128 *)ctx->ctx_tweak)->
424 dec, key + nkey);
425 } else {
426 aes128_set_encrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->enc,
427 key);
428 aes128_set_decrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->dec,
429 key);
430 }
431
432 ctx->alg_encrypt_native = aes128_encrypt_native;
433 ctx->alg_decrypt_native = aes128_decrypt_native;
434 ctx->alg_encrypt_wrapper = aes128_encrypt_wrapper;
435 ctx->alg_decrypt_wrapper = aes128_decrypt_wrapper;
436
437 ctx->blocksize = AES_BLOCK_SIZE;
438 break;
439
440 case QCRYPTO_CIPHER_ALG_AES_192:
441 ctx->ctx = g_new0(QCryptoNettleAES192, 1);
442
443 if (mode == QCRYPTO_CIPHER_MODE_XTS) {
444 ctx->ctx_tweak = g_new0(QCryptoNettleAES192, 1);
445
446 nkey /= 2;
447 aes192_set_encrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->enc,
448 key);
449 aes192_set_decrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->dec,
450 key);
451
452 aes192_set_encrypt_key(&((QCryptoNettleAES192 *)ctx->ctx_tweak)->
453 enc, key + nkey);
454 aes192_set_decrypt_key(&((QCryptoNettleAES192 *)ctx->ctx_tweak)->
455 dec, key + nkey);
456 } else {
457 aes192_set_encrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->enc,
458 key);
459 aes192_set_decrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->dec,
460 key);
461 }
462
463 ctx->alg_encrypt_native = aes192_encrypt_native;
464 ctx->alg_decrypt_native = aes192_decrypt_native;
465 ctx->alg_encrypt_wrapper = aes192_encrypt_wrapper;
466 ctx->alg_decrypt_wrapper = aes192_decrypt_wrapper;
467
468 ctx->blocksize = AES_BLOCK_SIZE;
469 break;
470
471 case QCRYPTO_CIPHER_ALG_AES_256:
472 ctx->ctx = g_new0(QCryptoNettleAES256, 1);
473
474 if (mode == QCRYPTO_CIPHER_MODE_XTS) {
475 ctx->ctx_tweak = g_new0(QCryptoNettleAES256, 1);
476
477 nkey /= 2;
478 aes256_set_encrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->enc,
479 key);
480 aes256_set_decrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->dec,
481 key);
482
483 aes256_set_encrypt_key(&((QCryptoNettleAES256 *)ctx->ctx_tweak)->
484 enc, key + nkey);
485 aes256_set_decrypt_key(&((QCryptoNettleAES256 *)ctx->ctx_tweak)->
486 dec, key + nkey);
487 } else {
488 aes256_set_encrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->enc,
489 key);
490 aes256_set_decrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->dec,
491 key);
492 }
493
494 ctx->alg_encrypt_native = aes256_encrypt_native;
495 ctx->alg_decrypt_native = aes256_decrypt_native;
496 ctx->alg_encrypt_wrapper = aes256_encrypt_wrapper;
497 ctx->alg_decrypt_wrapper = aes256_decrypt_wrapper;
498
499 ctx->blocksize = AES_BLOCK_SIZE;
500 break;
501
502 case QCRYPTO_CIPHER_ALG_CAST5_128:
503 ctx->ctx = g_new0(struct cast128_ctx, 1);
504
505 if (mode == QCRYPTO_CIPHER_MODE_XTS) {
506 ctx->ctx_tweak = g_new0(struct cast128_ctx, 1);
507
508 nkey /= 2;
509 cast5_set_key(ctx->ctx, nkey, key);
510 cast5_set_key(ctx->ctx_tweak, nkey, key + nkey);
511 } else {
512 cast5_set_key(ctx->ctx, nkey, key);
513 }
514
515 ctx->alg_encrypt_native = cast128_encrypt_native;
516 ctx->alg_decrypt_native = cast128_decrypt_native;
517 ctx->alg_encrypt_wrapper = cast128_encrypt_wrapper;
518 ctx->alg_decrypt_wrapper = cast128_decrypt_wrapper;
519
520 ctx->blocksize = CAST128_BLOCK_SIZE;
521 break;
522
523 case QCRYPTO_CIPHER_ALG_SERPENT_128:
524 case QCRYPTO_CIPHER_ALG_SERPENT_192:
525 case QCRYPTO_CIPHER_ALG_SERPENT_256:
526 ctx->ctx = g_new0(struct serpent_ctx, 1);
527
528 if (mode == QCRYPTO_CIPHER_MODE_XTS) {
529 ctx->ctx_tweak = g_new0(struct serpent_ctx, 1);
530
531 nkey /= 2;
532 serpent_set_key(ctx->ctx, nkey, key);
533 serpent_set_key(ctx->ctx_tweak, nkey, key + nkey);
534 } else {
535 serpent_set_key(ctx->ctx, nkey, key);
536 }
537
538 ctx->alg_encrypt_native = serpent_encrypt_native;
539 ctx->alg_decrypt_native = serpent_decrypt_native;
540 ctx->alg_encrypt_wrapper = serpent_encrypt_wrapper;
541 ctx->alg_decrypt_wrapper = serpent_decrypt_wrapper;
542
543 ctx->blocksize = SERPENT_BLOCK_SIZE;
544 break;
545
546 case QCRYPTO_CIPHER_ALG_TWOFISH_128:
547 case QCRYPTO_CIPHER_ALG_TWOFISH_192:
548 case QCRYPTO_CIPHER_ALG_TWOFISH_256:
549 ctx->ctx = g_new0(struct twofish_ctx, 1);
550
551 if (mode == QCRYPTO_CIPHER_MODE_XTS) {
552 ctx->ctx_tweak = g_new0(struct twofish_ctx, 1);
553
554 nkey /= 2;
555 twofish_set_key(ctx->ctx, nkey, key);
556 twofish_set_key(ctx->ctx_tweak, nkey, key + nkey);
557 } else {
558 twofish_set_key(ctx->ctx, nkey, key);
559 }
560
561 ctx->alg_encrypt_native = twofish_encrypt_native;
562 ctx->alg_decrypt_native = twofish_decrypt_native;
563 ctx->alg_encrypt_wrapper = twofish_encrypt_wrapper;
564 ctx->alg_decrypt_wrapper = twofish_decrypt_wrapper;
565
566 ctx->blocksize = TWOFISH_BLOCK_SIZE;
567 break;
568
569 default:
570 error_setg(errp, "Unsupported cipher algorithm %s",
571 QCryptoCipherAlgorithm_str(alg));
572 goto error;
573 }
574
575 if (mode == QCRYPTO_CIPHER_MODE_XTS &&
576 ctx->blocksize != XTS_BLOCK_SIZE) {
577 error_setg(errp, "Cipher block size %zu must equal XTS block size %d",
578 ctx->blocksize, XTS_BLOCK_SIZE);
579 goto error;
580 }
581
582 ctx->iv = g_new0(uint8_t, ctx->blocksize);
583
584 return ctx;
585
586 error:
587 qcrypto_nettle_cipher_free_ctx(ctx);
588 return NULL;
589 }
590
591
592 static void
593 qcrypto_nettle_cipher_ctx_free(QCryptoCipher *cipher)
594 {
595 QCryptoCipherNettle *ctx;
596
597 ctx = cipher->opaque;
598 qcrypto_nettle_cipher_free_ctx(ctx);
599 }
600
601
602 static int
603 qcrypto_nettle_cipher_encrypt(QCryptoCipher *cipher,
604 const void *in,
605 void *out,
606 size_t len,
607 Error **errp)
608 {
609 QCryptoCipherNettle *ctx = cipher->opaque;
610
611 if (len % ctx->blocksize) {
612 error_setg(errp, "Length %zu must be a multiple of block size %zu",
613 len, ctx->blocksize);
614 return -1;
615 }
616
617 switch (cipher->mode) {
618 case QCRYPTO_CIPHER_MODE_ECB:
619 ctx->alg_encrypt_wrapper(ctx->ctx, len, out, in);
620 break;
621
622 case QCRYPTO_CIPHER_MODE_CBC:
623 cbc_encrypt(ctx->ctx, ctx->alg_encrypt_native,
624 ctx->blocksize, ctx->iv,
625 len, out, in);
626 break;
627
628 case QCRYPTO_CIPHER_MODE_XTS:
629 xts_encrypt(ctx->ctx, ctx->ctx_tweak,
630 ctx->alg_encrypt_wrapper, ctx->alg_encrypt_wrapper,
631 ctx->iv, len, out, in);
632 break;
633
634 case QCRYPTO_CIPHER_MODE_CTR:
635 ctr_crypt(ctx->ctx, ctx->alg_encrypt_native,
636 ctx->blocksize, ctx->iv,
637 len, out, in);
638 break;
639
640 default:
641 error_setg(errp, "Unsupported cipher mode %s",
642 QCryptoCipherMode_str(cipher->mode));
643 return -1;
644 }
645 return 0;
646 }
647
648
649 static int
650 qcrypto_nettle_cipher_decrypt(QCryptoCipher *cipher,
651 const void *in,
652 void *out,
653 size_t len,
654 Error **errp)
655 {
656 QCryptoCipherNettle *ctx = cipher->opaque;
657
658 if (len % ctx->blocksize) {
659 error_setg(errp, "Length %zu must be a multiple of block size %zu",
660 len, ctx->blocksize);
661 return -1;
662 }
663
664 switch (cipher->mode) {
665 case QCRYPTO_CIPHER_MODE_ECB:
666 ctx->alg_decrypt_wrapper(ctx->ctx, len, out, in);
667 break;
668
669 case QCRYPTO_CIPHER_MODE_CBC:
670 cbc_decrypt(ctx->ctx, ctx->alg_decrypt_native,
671 ctx->blocksize, ctx->iv,
672 len, out, in);
673 break;
674
675 case QCRYPTO_CIPHER_MODE_XTS:
676 xts_decrypt(ctx->ctx, ctx->ctx_tweak,
677 ctx->alg_encrypt_wrapper, ctx->alg_decrypt_wrapper,
678 ctx->iv, len, out, in);
679 break;
680 case QCRYPTO_CIPHER_MODE_CTR:
681 ctr_crypt(ctx->ctx, ctx->alg_encrypt_native,
682 ctx->blocksize, ctx->iv,
683 len, out, in);
684 break;
685
686 default:
687 error_setg(errp, "Unsupported cipher mode %s",
688 QCryptoCipherMode_str(cipher->mode));
689 return -1;
690 }
691 return 0;
692 }
693
694 static int
695 qcrypto_nettle_cipher_setiv(QCryptoCipher *cipher,
696 const uint8_t *iv, size_t niv,
697 Error **errp)
698 {
699 QCryptoCipherNettle *ctx = cipher->opaque;
700 if (niv != ctx->blocksize) {
701 error_setg(errp, "Expected IV size %zu not %zu",
702 ctx->blocksize, niv);
703 return -1;
704 }
705 memcpy(ctx->iv, iv, niv);
706 return 0;
707 }
708
709
710 static struct QCryptoCipherDriver qcrypto_cipher_lib_driver = {
711 .cipher_encrypt = qcrypto_nettle_cipher_encrypt,
712 .cipher_decrypt = qcrypto_nettle_cipher_decrypt,
713 .cipher_setiv = qcrypto_nettle_cipher_setiv,
714 .cipher_free = qcrypto_nettle_cipher_ctx_free,
715 };
AR7 emulation for QEMU