2 * QEMU Crypto cipher libgcrypt algorithms
4 * Copyright (c) 2015 Red Hat, Inc.
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
21 #ifdef CONFIG_QEMU_PRIVATE_XTS
22 #include "crypto/xts.h"
27 static const struct QCryptoCipherDriver qcrypto_cipher_lib_driver;
29 bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg,
30 QCryptoCipherMode mode)
33 case QCRYPTO_CIPHER_ALG_DES_RFB:
34 case QCRYPTO_CIPHER_ALG_3DES:
35 case QCRYPTO_CIPHER_ALG_AES_128:
36 case QCRYPTO_CIPHER_ALG_AES_192:
37 case QCRYPTO_CIPHER_ALG_AES_256:
38 case QCRYPTO_CIPHER_ALG_CAST5_128:
39 case QCRYPTO_CIPHER_ALG_SERPENT_128:
40 case QCRYPTO_CIPHER_ALG_SERPENT_192:
41 case QCRYPTO_CIPHER_ALG_SERPENT_256:
42 case QCRYPTO_CIPHER_ALG_TWOFISH_128:
43 case QCRYPTO_CIPHER_ALG_TWOFISH_256:
50 case QCRYPTO_CIPHER_MODE_ECB:
51 case QCRYPTO_CIPHER_MODE_CBC:
52 case QCRYPTO_CIPHER_MODE_XTS:
53 case QCRYPTO_CIPHER_MODE_CTR:
60 typedef struct QCryptoCipherGcrypt QCryptoCipherGcrypt;
61 struct QCryptoCipherGcrypt {
63 gcry_cipher_hd_t handle;
65 #ifdef CONFIG_QEMU_PRIVATE_XTS
66 gcry_cipher_hd_t tweakhandle;
67 /* Initialization vector or Counter */
73 qcrypto_gcrypt_cipher_free_ctx(QCryptoCipherGcrypt *ctx,
74 QCryptoCipherMode mode)
80 gcry_cipher_close(ctx->handle);
81 #ifdef CONFIG_QEMU_PRIVATE_XTS
82 if (mode == QCRYPTO_CIPHER_MODE_XTS) {
83 gcry_cipher_close(ctx->tweakhandle);
91 static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg,
92 QCryptoCipherMode mode,
97 QCryptoCipherGcrypt *ctx;
99 int gcryalg, gcrymode;
102 case QCRYPTO_CIPHER_MODE_ECB:
103 gcrymode = GCRY_CIPHER_MODE_ECB;
105 case QCRYPTO_CIPHER_MODE_XTS:
106 #ifdef CONFIG_QEMU_PRIVATE_XTS
107 gcrymode = GCRY_CIPHER_MODE_ECB;
109 gcrymode = GCRY_CIPHER_MODE_XTS;
112 case QCRYPTO_CIPHER_MODE_CBC:
113 gcrymode = GCRY_CIPHER_MODE_CBC;
115 case QCRYPTO_CIPHER_MODE_CTR:
116 gcrymode = GCRY_CIPHER_MODE_CTR;
119 error_setg(errp, "Unsupported cipher mode %s",
120 QCryptoCipherMode_str(mode));
124 if (!qcrypto_cipher_validate_key_length(alg, mode, nkey, errp)) {
129 case QCRYPTO_CIPHER_ALG_DES_RFB:
130 gcryalg = GCRY_CIPHER_DES;
133 case QCRYPTO_CIPHER_ALG_3DES:
134 gcryalg = GCRY_CIPHER_3DES;
137 case QCRYPTO_CIPHER_ALG_AES_128:
138 gcryalg = GCRY_CIPHER_AES128;
141 case QCRYPTO_CIPHER_ALG_AES_192:
142 gcryalg = GCRY_CIPHER_AES192;
145 case QCRYPTO_CIPHER_ALG_AES_256:
146 gcryalg = GCRY_CIPHER_AES256;
149 case QCRYPTO_CIPHER_ALG_CAST5_128:
150 gcryalg = GCRY_CIPHER_CAST5;
153 case QCRYPTO_CIPHER_ALG_SERPENT_128:
154 gcryalg = GCRY_CIPHER_SERPENT128;
157 case QCRYPTO_CIPHER_ALG_SERPENT_192:
158 gcryalg = GCRY_CIPHER_SERPENT192;
161 case QCRYPTO_CIPHER_ALG_SERPENT_256:
162 gcryalg = GCRY_CIPHER_SERPENT256;
165 case QCRYPTO_CIPHER_ALG_TWOFISH_128:
166 gcryalg = GCRY_CIPHER_TWOFISH128;
169 case QCRYPTO_CIPHER_ALG_TWOFISH_256:
170 gcryalg = GCRY_CIPHER_TWOFISH;
174 error_setg(errp, "Unsupported cipher algorithm %s",
175 QCryptoCipherAlgorithm_str(alg));
179 ctx = g_new0(QCryptoCipherGcrypt, 1);
181 err = gcry_cipher_open(&ctx->handle, gcryalg, gcrymode, 0);
183 error_setg(errp, "Cannot initialize cipher: %s",
187 #ifdef CONFIG_QEMU_PRIVATE_XTS
188 if (mode == QCRYPTO_CIPHER_MODE_XTS) {
189 err = gcry_cipher_open(&ctx->tweakhandle, gcryalg, gcrymode, 0);
191 error_setg(errp, "Cannot initialize cipher: %s",
198 if (alg == QCRYPTO_CIPHER_ALG_DES_RFB) {
199 /* We're using standard DES cipher from gcrypt, so we need
200 * to munge the key so that the results are the same as the
201 * bizarre RFB variant of DES :-)
203 uint8_t *rfbkey = qcrypto_cipher_munge_des_rfb_key(key, nkey);
204 err = gcry_cipher_setkey(ctx->handle, rfbkey, nkey);
208 #ifdef CONFIG_QEMU_PRIVATE_XTS
209 if (mode == QCRYPTO_CIPHER_MODE_XTS) {
211 err = gcry_cipher_setkey(ctx->handle, key, nkey);
213 error_setg(errp, "Cannot set key: %s",
217 err = gcry_cipher_setkey(ctx->tweakhandle, key + nkey, nkey);
220 err = gcry_cipher_setkey(ctx->handle, key, nkey);
221 #ifdef CONFIG_QEMU_PRIVATE_XTS
225 error_setg(errp, "Cannot set key: %s",
230 case QCRYPTO_CIPHER_ALG_AES_128:
231 case QCRYPTO_CIPHER_ALG_AES_192:
232 case QCRYPTO_CIPHER_ALG_AES_256:
233 case QCRYPTO_CIPHER_ALG_SERPENT_128:
234 case QCRYPTO_CIPHER_ALG_SERPENT_192:
235 case QCRYPTO_CIPHER_ALG_SERPENT_256:
236 case QCRYPTO_CIPHER_ALG_TWOFISH_128:
237 case QCRYPTO_CIPHER_ALG_TWOFISH_256:
240 case QCRYPTO_CIPHER_ALG_3DES:
241 case QCRYPTO_CIPHER_ALG_CAST5_128:
245 g_assert_not_reached();
248 g_assert(is_power_of_2(ctx->blocksize));
250 #ifdef CONFIG_QEMU_PRIVATE_XTS
251 if (mode == QCRYPTO_CIPHER_MODE_XTS) {
252 if (ctx->blocksize != XTS_BLOCK_SIZE) {
254 "Cipher block size %zu must equal XTS block size %d",
255 ctx->blocksize, XTS_BLOCK_SIZE);
258 ctx->iv = g_new0(uint8_t, ctx->blocksize);
262 ctx->base.driver = &qcrypto_cipher_lib_driver;
266 qcrypto_gcrypt_cipher_free_ctx(ctx, mode);
272 qcrypto_gcrypt_cipher_ctx_free(QCryptoCipher *cipher)
274 QCryptoCipherGcrypt *ctx = container_of(cipher, QCryptoCipherGcrypt, base);
276 qcrypto_gcrypt_cipher_free_ctx(ctx, cipher->mode);
280 #ifdef CONFIG_QEMU_PRIVATE_XTS
281 static void qcrypto_gcrypt_xts_encrypt(const void *ctx,
287 err = gcry_cipher_encrypt((gcry_cipher_hd_t)ctx, dst, length, src, length);
291 static void qcrypto_gcrypt_xts_decrypt(const void *ctx,
297 err = gcry_cipher_decrypt((gcry_cipher_hd_t)ctx, dst, length, src, length);
303 qcrypto_gcrypt_cipher_encrypt(QCryptoCipher *cipher,
309 QCryptoCipherGcrypt *ctx = container_of(cipher, QCryptoCipherGcrypt, base);
312 if (len & (ctx->blocksize - 1)) {
313 error_setg(errp, "Length %zu must be a multiple of block size %zu",
314 len, ctx->blocksize);
318 #ifdef CONFIG_QEMU_PRIVATE_XTS
319 if (cipher->mode == QCRYPTO_CIPHER_MODE_XTS) {
320 xts_encrypt(ctx->handle, ctx->tweakhandle,
321 qcrypto_gcrypt_xts_encrypt,
322 qcrypto_gcrypt_xts_decrypt,
323 ctx->iv, len, out, in);
328 err = gcry_cipher_encrypt(ctx->handle,
332 error_setg(errp, "Cannot encrypt data: %s",
342 qcrypto_gcrypt_cipher_decrypt(QCryptoCipher *cipher,
348 QCryptoCipherGcrypt *ctx = container_of(cipher, QCryptoCipherGcrypt, base);
351 if (len & (ctx->blocksize - 1)) {
352 error_setg(errp, "Length %zu must be a multiple of block size %zu",
353 len, ctx->blocksize);
357 #ifdef CONFIG_QEMU_PRIVATE_XTS
358 if (cipher->mode == QCRYPTO_CIPHER_MODE_XTS) {
359 xts_decrypt(ctx->handle, ctx->tweakhandle,
360 qcrypto_gcrypt_xts_encrypt,
361 qcrypto_gcrypt_xts_decrypt,
362 ctx->iv, len, out, in);
367 err = gcry_cipher_decrypt(ctx->handle,
371 error_setg(errp, "Cannot decrypt data: %s",
380 qcrypto_gcrypt_cipher_setiv(QCryptoCipher *cipher,
381 const uint8_t *iv, size_t niv,
384 QCryptoCipherGcrypt *ctx = container_of(cipher, QCryptoCipherGcrypt, base);
387 if (niv != ctx->blocksize) {
388 error_setg(errp, "Expected IV size %zu not %zu",
389 ctx->blocksize, niv);
393 #ifdef CONFIG_QEMU_PRIVATE_XTS
395 memcpy(ctx->iv, iv, niv);
400 if (cipher->mode == QCRYPTO_CIPHER_MODE_CTR) {
401 err = gcry_cipher_setctr(ctx->handle, iv, niv);
403 error_setg(errp, "Cannot set Counter: %s",
408 gcry_cipher_reset(ctx->handle);
409 err = gcry_cipher_setiv(ctx->handle, iv, niv);
411 error_setg(errp, "Cannot set IV: %s",
421 static const struct QCryptoCipherDriver qcrypto_cipher_lib_driver = {
422 .cipher_encrypt = qcrypto_gcrypt_cipher_encrypt,
423 .cipher_decrypt = qcrypto_gcrypt_cipher_decrypt,
424 .cipher_setiv = qcrypto_gcrypt_cipher_setiv,
425 .cipher_free = qcrypto_gcrypt_cipher_ctx_free,