| blob | 36d57ef430eea5ab1e151e3db59bfd220c26c8c4 |
1 /*
2 * QEMU Crypto cipher nettle algorithms
3 *
4 * Copyright (c) 2015 Red Hat, Inc.
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 *
19 */
21 #ifdef CONFIG_QEMU_PRIVATE_XTS
22 #include "crypto/xts.h"
23 #endif
25 #include <nettle/nettle-types.h>
26 #include <nettle/aes.h>
27 #include <nettle/des.h>
28 #include <nettle/cbc.h>
29 #include <nettle/cast128.h>
30 #include <nettle/serpent.h>
31 #include <nettle/twofish.h>
32 #include <nettle/ctr.h>
33 #ifndef CONFIG_QEMU_PRIVATE_XTS
34 #include <nettle/xts.h>
35 #endif
37 static const struct QCryptoCipherDriver qcrypto_cipher_lib_driver;
39 typedef void (*QCryptoCipherNettleFuncWrapper)(const void *ctx,
40 size_t length,
41 uint8_t *dst,
42 const uint8_t *src);
44 #if CONFIG_NETTLE_VERSION_MAJOR < 3
45 typedef nettle_crypt_func * QCryptoCipherNettleFuncNative;
46 typedef void * cipher_ctx_t;
47 typedef unsigned cipher_length_t;
49 #define cast5_set_key cast128_set_key
51 #define aes128_ctx aes_ctx
52 #define aes192_ctx aes_ctx
53 #define aes256_ctx aes_ctx
54 #define aes128_set_encrypt_key(c, k) \
55 aes_set_encrypt_key(c, 16, k)
56 #define aes192_set_encrypt_key(c, k) \
57 aes_set_encrypt_key(c, 24, k)
58 #define aes256_set_encrypt_key(c, k) \
59 aes_set_encrypt_key(c, 32, k)
60 #define aes128_set_decrypt_key(c, k) \
61 aes_set_decrypt_key(c, 16, k)
62 #define aes192_set_decrypt_key(c, k) \
63 aes_set_decrypt_key(c, 24, k)
64 #define aes256_set_decrypt_key(c, k) \
65 aes_set_decrypt_key(c, 32, k)
66 #define aes128_encrypt aes_encrypt
67 #define aes192_encrypt aes_encrypt
68 #define aes256_encrypt aes_encrypt
69 #define aes128_decrypt aes_decrypt
70 #define aes192_decrypt aes_decrypt
71 #define aes256_decrypt aes_decrypt
72 #else
73 typedef nettle_cipher_func * QCryptoCipherNettleFuncNative;
74 typedef const void * cipher_ctx_t;
75 typedef size_t cipher_length_t;
76 #endif
78 typedef struct QCryptoNettleAES128 {
79 struct aes128_ctx enc;
80 struct aes128_ctx dec;
81 } QCryptoNettleAES128;
83 typedef struct QCryptoNettleAES192 {
84 struct aes192_ctx enc;
85 struct aes192_ctx dec;
86 } QCryptoNettleAES192;
88 typedef struct QCryptoNettleAES256 {
89 struct aes256_ctx enc;
90 struct aes256_ctx dec;
91 } QCryptoNettleAES256;
93 static void aes128_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
94 uint8_t *dst, const uint8_t *src)
95 {
96 const QCryptoNettleAES128 *aesctx = ctx;
97 aes128_encrypt(&aesctx->enc, length, dst, src);
98 }
100 static void aes128_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
101 uint8_t *dst, const uint8_t *src)
102 {
103 const QCryptoNettleAES128 *aesctx = ctx;
104 aes128_decrypt(&aesctx->dec, length, dst, src);
105 }
107 static void aes192_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
108 uint8_t *dst, const uint8_t *src)
109 {
110 const QCryptoNettleAES192 *aesctx = ctx;
111 aes192_encrypt(&aesctx->enc, length, dst, src);
112 }
114 static void aes192_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
115 uint8_t *dst, const uint8_t *src)
116 {
117 const QCryptoNettleAES192 *aesctx = ctx;
118 aes192_decrypt(&aesctx->dec, length, dst, src);
119 }
121 static void aes256_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
122 uint8_t *dst, const uint8_t *src)
123 {
124 const QCryptoNettleAES256 *aesctx = ctx;
125 aes256_encrypt(&aesctx->enc, length, dst, src);
126 }
128 static void aes256_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
129 uint8_t *dst, const uint8_t *src)
130 {
131 const QCryptoNettleAES256 *aesctx = ctx;
132 aes256_decrypt(&aesctx->dec, length, dst, src);
133 }
135 static void des_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
136 uint8_t *dst, const uint8_t *src)
137 {
138 des_encrypt(ctx, length, dst, src);
139 }
141 static void des_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
142 uint8_t *dst, const uint8_t *src)
143 {
144 des_decrypt(ctx, length, dst, src);
145 }
147 static void des3_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
148 uint8_t *dst, const uint8_t *src)
149 {
150 des3_encrypt(ctx, length, dst, src);
151 }
153 static void des3_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
154 uint8_t *dst, const uint8_t *src)
155 {
156 des3_decrypt(ctx, length, dst, src);
157 }
159 static void cast128_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
160 uint8_t *dst, const uint8_t *src)
161 {
162 cast128_encrypt(ctx, length, dst, src);
163 }
165 static void cast128_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
166 uint8_t *dst, const uint8_t *src)
167 {
168 cast128_decrypt(ctx, length, dst, src);
169 }
171 static void serpent_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
172 uint8_t *dst, const uint8_t *src)
173 {
174 serpent_encrypt(ctx, length, dst, src);
175 }
177 static void serpent_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
178 uint8_t *dst, const uint8_t *src)
179 {
180 serpent_decrypt(ctx, length, dst, src);
181 }
183 static void twofish_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
184 uint8_t *dst, const uint8_t *src)
185 {
186 twofish_encrypt(ctx, length, dst, src);
187 }
189 static void twofish_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
190 uint8_t *dst, const uint8_t *src)
191 {
192 twofish_decrypt(ctx, length, dst, src);
193 }
195 static void aes128_encrypt_wrapper(const void *ctx, size_t length,
196 uint8_t *dst, const uint8_t *src)
197 {
198 const QCryptoNettleAES128 *aesctx = ctx;
199 aes128_encrypt(&aesctx->enc, length, dst, src);
200 }
202 static void aes128_decrypt_wrapper(const void *ctx, size_t length,
203 uint8_t *dst, const uint8_t *src)
204 {
205 const QCryptoNettleAES128 *aesctx = ctx;
206 aes128_decrypt(&aesctx->dec, length, dst, src);
207 }
209 static void aes192_encrypt_wrapper(const void *ctx, size_t length,
210 uint8_t *dst, const uint8_t *src)
211 {
212 const QCryptoNettleAES192 *aesctx = ctx;
213 aes192_encrypt(&aesctx->enc, length, dst, src);
214 }
216 static void aes192_decrypt_wrapper(const void *ctx, size_t length,
217 uint8_t *dst, const uint8_t *src)
218 {
219 const QCryptoNettleAES192 *aesctx = ctx;
220 aes192_decrypt(&aesctx->dec, length, dst, src);
221 }
223 static void aes256_encrypt_wrapper(const void *ctx, size_t length,
224 uint8_t *dst, const uint8_t *src)
225 {
226 const QCryptoNettleAES256 *aesctx = ctx;
227 aes256_encrypt(&aesctx->enc, length, dst, src);
228 }
230 static void aes256_decrypt_wrapper(const void *ctx, size_t length,
231 uint8_t *dst, const uint8_t *src)
232 {
233 const QCryptoNettleAES256 *aesctx = ctx;
234 aes256_decrypt(&aesctx->dec, length, dst, src);
235 }
237 static void des_encrypt_wrapper(const void *ctx, size_t length,
238 uint8_t *dst, const uint8_t *src)
239 {
240 des_encrypt(ctx, length, dst, src);
241 }
243 static void des_decrypt_wrapper(const void *ctx, size_t length,
244 uint8_t *dst, const uint8_t *src)
245 {
246 des_decrypt(ctx, length, dst, src);
247 }
249 static void des3_encrypt_wrapper(const void *ctx, size_t length,
250 uint8_t *dst, const uint8_t *src)
251 {
252 des3_encrypt(ctx, length, dst, src);
253 }
255 static void des3_decrypt_wrapper(const void *ctx, size_t length,
256 uint8_t *dst, const uint8_t *src)
257 {
258 des3_decrypt(ctx, length, dst, src);
259 }
261 static void cast128_encrypt_wrapper(const void *ctx, size_t length,
262 uint8_t *dst, const uint8_t *src)
263 {
264 cast128_encrypt(ctx, length, dst, src);
265 }
267 static void cast128_decrypt_wrapper(const void *ctx, size_t length,
268 uint8_t *dst, const uint8_t *src)
269 {
270 cast128_decrypt(ctx, length, dst, src);
271 }
273 static void serpent_encrypt_wrapper(const void *ctx, size_t length,
274 uint8_t *dst, const uint8_t *src)
275 {
276 serpent_encrypt(ctx, length, dst, src);
277 }
279 static void serpent_decrypt_wrapper(const void *ctx, size_t length,
280 uint8_t *dst, const uint8_t *src)
281 {
282 serpent_decrypt(ctx, length, dst, src);
283 }
285 static void twofish_encrypt_wrapper(const void *ctx, size_t length,
286 uint8_t *dst, const uint8_t *src)
287 {
288 twofish_encrypt(ctx, length, dst, src);
289 }
291 static void twofish_decrypt_wrapper(const void *ctx, size_t length,
292 uint8_t *dst, const uint8_t *src)
293 {
294 twofish_decrypt(ctx, length, dst, src);
295 }
297 typedef struct QCryptoCipherNettle QCryptoCipherNettle;
298 struct QCryptoCipherNettle {
299 QCryptoCipher base;
301 /* Primary cipher context for all modes */
302 void *ctx;
303 /* Second cipher context for XTS mode only */
304 void *ctx_tweak;
305 /* Cipher callbacks for both contexts */
306 QCryptoCipherNettleFuncNative alg_encrypt_native;
307 QCryptoCipherNettleFuncNative alg_decrypt_native;
308 QCryptoCipherNettleFuncWrapper alg_encrypt_wrapper;
309 QCryptoCipherNettleFuncWrapper alg_decrypt_wrapper;
310 /* Initialization vector or Counter */
311 uint8_t *iv;
312 size_t blocksize;
313 };
315 bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg,
316 QCryptoCipherMode mode)
317 {
318 switch (alg) {
319 case QCRYPTO_CIPHER_ALG_DES_RFB:
320 case QCRYPTO_CIPHER_ALG_3DES:
321 case QCRYPTO_CIPHER_ALG_AES_128:
322 case QCRYPTO_CIPHER_ALG_AES_192:
323 case QCRYPTO_CIPHER_ALG_AES_256:
324 case QCRYPTO_CIPHER_ALG_CAST5_128:
325 case QCRYPTO_CIPHER_ALG_SERPENT_128:
326 case QCRYPTO_CIPHER_ALG_SERPENT_192:
327 case QCRYPTO_CIPHER_ALG_SERPENT_256:
328 case QCRYPTO_CIPHER_ALG_TWOFISH_128:
329 case QCRYPTO_CIPHER_ALG_TWOFISH_192:
330 case QCRYPTO_CIPHER_ALG_TWOFISH_256:
331 break;
332 default:
333 return false;
334 }
336 switch (mode) {
337 case QCRYPTO_CIPHER_MODE_ECB:
338 case QCRYPTO_CIPHER_MODE_CBC:
339 case QCRYPTO_CIPHER_MODE_XTS:
340 case QCRYPTO_CIPHER_MODE_CTR:
341 return true;
342 default:
343 return false;
344 }
345 }
348 static void
349 qcrypto_nettle_cipher_free_ctx(QCryptoCipherNettle *ctx)
350 {
351 if (!ctx) {
352 return;
353 }
355 g_free(ctx->iv);
356 g_free(ctx->ctx);
357 g_free(ctx->ctx_tweak);
358 g_free(ctx);
359 }
362 static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg,
363 QCryptoCipherMode mode,
364 const uint8_t *key,
365 size_t nkey,
366 Error **errp)
367 {
368 QCryptoCipherNettle *ctx;
369 uint8_t *rfbkey;
371 switch (mode) {
372 case QCRYPTO_CIPHER_MODE_ECB:
373 case QCRYPTO_CIPHER_MODE_CBC:
374 case QCRYPTO_CIPHER_MODE_XTS:
375 case QCRYPTO_CIPHER_MODE_CTR:
376 break;
377 default:
378 error_setg(errp, "Unsupported cipher mode %s",
379 QCryptoCipherMode_str(mode));
380 return NULL;
381 }
383 if (!qcrypto_cipher_validate_key_length(alg, mode, nkey, errp)) {
384 return NULL;
385 }
387 ctx = g_new0(QCryptoCipherNettle, 1);
389 switch (alg) {
390 case QCRYPTO_CIPHER_ALG_DES_RFB:
391 ctx->ctx = g_new0(struct des_ctx, 1);
392 rfbkey = qcrypto_cipher_munge_des_rfb_key(key, nkey);
393 des_set_key(ctx->ctx, rfbkey);
394 g_free(rfbkey);
396 ctx->alg_encrypt_native = des_encrypt_native;
397 ctx->alg_decrypt_native = des_decrypt_native;
398 ctx->alg_encrypt_wrapper = des_encrypt_wrapper;
399 ctx->alg_decrypt_wrapper = des_decrypt_wrapper;
401 ctx->blocksize = DES_BLOCK_SIZE;
402 break;
404 case QCRYPTO_CIPHER_ALG_3DES:
405 ctx->ctx = g_new0(struct des3_ctx, 1);
406 des3_set_key(ctx->ctx, key);
408 ctx->alg_encrypt_native = des3_encrypt_native;
409 ctx->alg_decrypt_native = des3_decrypt_native;
410 ctx->alg_encrypt_wrapper = des3_encrypt_wrapper;
411 ctx->alg_decrypt_wrapper = des3_decrypt_wrapper;
413 ctx->blocksize = DES3_BLOCK_SIZE;
414 break;
416 case QCRYPTO_CIPHER_ALG_AES_128:
417 ctx->ctx = g_new0(QCryptoNettleAES128, 1);
419 if (mode == QCRYPTO_CIPHER_MODE_XTS) {
420 ctx->ctx_tweak = g_new0(QCryptoNettleAES128, 1);
422 nkey /= 2;
423 aes128_set_encrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->enc,
424 key);
425 aes128_set_decrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->dec,
426 key);
428 aes128_set_encrypt_key(&((QCryptoNettleAES128 *)ctx->ctx_tweak)->
429 enc, key + nkey);
430 aes128_set_decrypt_key(&((QCryptoNettleAES128 *)ctx->ctx_tweak)->
431 dec, key + nkey);
432 } else {
433 aes128_set_encrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->enc,
434 key);
435 aes128_set_decrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->dec,
436 key);
437 }
439 ctx->alg_encrypt_native = aes128_encrypt_native;
440 ctx->alg_decrypt_native = aes128_decrypt_native;
441 ctx->alg_encrypt_wrapper = aes128_encrypt_wrapper;
442 ctx->alg_decrypt_wrapper = aes128_decrypt_wrapper;
444 ctx->blocksize = AES_BLOCK_SIZE;
445 break;
447 case QCRYPTO_CIPHER_ALG_AES_192:
448 ctx->ctx = g_new0(QCryptoNettleAES192, 1);
450 if (mode == QCRYPTO_CIPHER_MODE_XTS) {
451 ctx->ctx_tweak = g_new0(QCryptoNettleAES192, 1);
453 nkey /= 2;
454 aes192_set_encrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->enc,
455 key);
456 aes192_set_decrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->dec,
457 key);
459 aes192_set_encrypt_key(&((QCryptoNettleAES192 *)ctx->ctx_tweak)->
460 enc, key + nkey);
461 aes192_set_decrypt_key(&((QCryptoNettleAES192 *)ctx->ctx_tweak)->
462 dec, key + nkey);
463 } else {
464 aes192_set_encrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->enc,
465 key);
466 aes192_set_decrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->dec,
467 key);
468 }
470 ctx->alg_encrypt_native = aes192_encrypt_native;
471 ctx->alg_decrypt_native = aes192_decrypt_native;
472 ctx->alg_encrypt_wrapper = aes192_encrypt_wrapper;
473 ctx->alg_decrypt_wrapper = aes192_decrypt_wrapper;
475 ctx->blocksize = AES_BLOCK_SIZE;
476 break;
478 case QCRYPTO_CIPHER_ALG_AES_256:
479 ctx->ctx = g_new0(QCryptoNettleAES256, 1);
481 if (mode == QCRYPTO_CIPHER_MODE_XTS) {
482 ctx->ctx_tweak = g_new0(QCryptoNettleAES256, 1);
484 nkey /= 2;
485 aes256_set_encrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->enc,
486 key);
487 aes256_set_decrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->dec,
488 key);
490 aes256_set_encrypt_key(&((QCryptoNettleAES256 *)ctx->ctx_tweak)->
491 enc, key + nkey);
492 aes256_set_decrypt_key(&((QCryptoNettleAES256 *)ctx->ctx_tweak)->
493 dec, key + nkey);
494 } else {
495 aes256_set_encrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->enc,
496 key);
497 aes256_set_decrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->dec,
498 key);
499 }
501 ctx->alg_encrypt_native = aes256_encrypt_native;
502 ctx->alg_decrypt_native = aes256_decrypt_native;
503 ctx->alg_encrypt_wrapper = aes256_encrypt_wrapper;
504 ctx->alg_decrypt_wrapper = aes256_decrypt_wrapper;
506 ctx->blocksize = AES_BLOCK_SIZE;
507 break;
509 case QCRYPTO_CIPHER_ALG_CAST5_128:
510 ctx->ctx = g_new0(struct cast128_ctx, 1);
512 if (mode == QCRYPTO_CIPHER_MODE_XTS) {
513 ctx->ctx_tweak = g_new0(struct cast128_ctx, 1);
515 nkey /= 2;
516 cast5_set_key(ctx->ctx, nkey, key);
517 cast5_set_key(ctx->ctx_tweak, nkey, key + nkey);
518 } else {
519 cast5_set_key(ctx->ctx, nkey, key);
520 }
522 ctx->alg_encrypt_native = cast128_encrypt_native;
523 ctx->alg_decrypt_native = cast128_decrypt_native;
524 ctx->alg_encrypt_wrapper = cast128_encrypt_wrapper;
525 ctx->alg_decrypt_wrapper = cast128_decrypt_wrapper;
527 ctx->blocksize = CAST128_BLOCK_SIZE;
528 break;
530 case QCRYPTO_CIPHER_ALG_SERPENT_128:
531 case QCRYPTO_CIPHER_ALG_SERPENT_192:
532 case QCRYPTO_CIPHER_ALG_SERPENT_256:
533 ctx->ctx = g_new0(struct serpent_ctx, 1);
535 if (mode == QCRYPTO_CIPHER_MODE_XTS) {
536 ctx->ctx_tweak = g_new0(struct serpent_ctx, 1);
538 nkey /= 2;
539 serpent_set_key(ctx->ctx, nkey, key);
540 serpent_set_key(ctx->ctx_tweak, nkey, key + nkey);
541 } else {
542 serpent_set_key(ctx->ctx, nkey, key);
543 }
545 ctx->alg_encrypt_native = serpent_encrypt_native;
546 ctx->alg_decrypt_native = serpent_decrypt_native;
547 ctx->alg_encrypt_wrapper = serpent_encrypt_wrapper;
548 ctx->alg_decrypt_wrapper = serpent_decrypt_wrapper;
550 ctx->blocksize = SERPENT_BLOCK_SIZE;
551 break;
553 case QCRYPTO_CIPHER_ALG_TWOFISH_128:
554 case QCRYPTO_CIPHER_ALG_TWOFISH_192:
555 case QCRYPTO_CIPHER_ALG_TWOFISH_256:
556 ctx->ctx = g_new0(struct twofish_ctx, 1);
558 if (mode == QCRYPTO_CIPHER_MODE_XTS) {
559 ctx->ctx_tweak = g_new0(struct twofish_ctx, 1);
561 nkey /= 2;
562 twofish_set_key(ctx->ctx, nkey, key);
563 twofish_set_key(ctx->ctx_tweak, nkey, key + nkey);
564 } else {
565 twofish_set_key(ctx->ctx, nkey, key);
566 }
568 ctx->alg_encrypt_native = twofish_encrypt_native;
569 ctx->alg_decrypt_native = twofish_decrypt_native;
570 ctx->alg_encrypt_wrapper = twofish_encrypt_wrapper;
571 ctx->alg_decrypt_wrapper = twofish_decrypt_wrapper;
573 ctx->blocksize = TWOFISH_BLOCK_SIZE;
574 break;
576 default:
577 error_setg(errp, "Unsupported cipher algorithm %s",
578 QCryptoCipherAlgorithm_str(alg));
579 goto error;
580 }
581 g_assert(is_power_of_2(ctx->blocksize));
583 if (mode == QCRYPTO_CIPHER_MODE_XTS &&
584 ctx->blocksize != XTS_BLOCK_SIZE) {
585 error_setg(errp, "Cipher block size %zu must equal XTS block size %d",
586 ctx->blocksize, XTS_BLOCK_SIZE);
587 goto error;
588 }
590 ctx->iv = g_new0(uint8_t, ctx->blocksize);
592 ctx->base.driver = &qcrypto_cipher_lib_driver;
593 return &ctx->base;
595 error:
596 qcrypto_nettle_cipher_free_ctx(ctx);
597 return NULL;
598 }
601 static void
602 qcrypto_nettle_cipher_ctx_free(QCryptoCipher *cipher)
603 {
604 QCryptoCipherNettle *ctx = container_of(cipher, QCryptoCipherNettle, base);
606 qcrypto_nettle_cipher_free_ctx(ctx);
607 }
610 static int
611 qcrypto_nettle_cipher_encrypt(QCryptoCipher *cipher,
612 const void *in,
613 void *out,
614 size_t len,
615 Error **errp)
616 {
617 QCryptoCipherNettle *ctx = container_of(cipher, QCryptoCipherNettle, base);
619 if (len & (ctx->blocksize - 1)) {
620 error_setg(errp, "Length %zu must be a multiple of block size %zu",
621 len, ctx->blocksize);
622 return -1;
623 }
625 switch (cipher->mode) {
626 case QCRYPTO_CIPHER_MODE_ECB:
627 ctx->alg_encrypt_wrapper(ctx->ctx, len, out, in);
628 break;
630 case QCRYPTO_CIPHER_MODE_CBC:
631 cbc_encrypt(ctx->ctx, ctx->alg_encrypt_native,
632 ctx->blocksize, ctx->iv,
633 len, out, in);
634 break;
636 case QCRYPTO_CIPHER_MODE_XTS:
637 #ifdef CONFIG_QEMU_PRIVATE_XTS
638 xts_encrypt(ctx->ctx, ctx->ctx_tweak,
639 ctx->alg_encrypt_wrapper, ctx->alg_decrypt_wrapper,
640 ctx->iv, len, out, in);
641 #else
642 xts_encrypt_message(ctx->ctx, ctx->ctx_tweak,
643 ctx->alg_encrypt_native,
644 ctx->iv, len, out, in);
645 #endif
646 break;
648 case QCRYPTO_CIPHER_MODE_CTR:
649 ctr_crypt(ctx->ctx, ctx->alg_encrypt_native,
650 ctx->blocksize, ctx->iv,
651 len, out, in);
652 break;
654 default:
655 error_setg(errp, "Unsupported cipher mode %s",
656 QCryptoCipherMode_str(cipher->mode));
657 return -1;
658 }
659 return 0;
660 }
663 static int
664 qcrypto_nettle_cipher_decrypt(QCryptoCipher *cipher,
665 const void *in,
666 void *out,
667 size_t len,
668 Error **errp)
669 {
670 QCryptoCipherNettle *ctx = container_of(cipher, QCryptoCipherNettle, base);
672 if (len & (ctx->blocksize - 1)) {
673 error_setg(errp, "Length %zu must be a multiple of block size %zu",
674 len, ctx->blocksize);
675 return -1;
676 }
678 switch (cipher->mode) {
679 case QCRYPTO_CIPHER_MODE_ECB:
680 ctx->alg_decrypt_wrapper(ctx->ctx, len, out, in);
681 break;
683 case QCRYPTO_CIPHER_MODE_CBC:
684 cbc_decrypt(ctx->ctx, ctx->alg_decrypt_native,
685 ctx->blocksize, ctx->iv,
686 len, out, in);
687 break;
689 case QCRYPTO_CIPHER_MODE_XTS:
690 #ifdef CONFIG_QEMU_PRIVATE_XTS
691 xts_decrypt(ctx->ctx, ctx->ctx_tweak,
692 ctx->alg_encrypt_wrapper, ctx->alg_decrypt_wrapper,
693 ctx->iv, len, out, in);
694 #else
695 xts_decrypt_message(ctx->ctx, ctx->ctx_tweak,
696 ctx->alg_decrypt_native,
697 ctx->alg_encrypt_native,
698 ctx->iv, len, out, in);
699 #endif
700 break;
701 case QCRYPTO_CIPHER_MODE_CTR:
702 ctr_crypt(ctx->ctx, ctx->alg_encrypt_native,
703 ctx->blocksize, ctx->iv,
704 len, out, in);
705 break;
707 default:
708 error_setg(errp, "Unsupported cipher mode %s",
709 QCryptoCipherMode_str(cipher->mode));
710 return -1;
711 }
712 return 0;
713 }
715 static int
716 qcrypto_nettle_cipher_setiv(QCryptoCipher *cipher,
717 const uint8_t *iv, size_t niv,
718 Error **errp)
719 {
720 QCryptoCipherNettle *ctx = container_of(cipher, QCryptoCipherNettle, base);
722 if (niv != ctx->blocksize) {
723 error_setg(errp, "Expected IV size %zu not %zu",
724 ctx->blocksize, niv);
725 return -1;
726 }
727 memcpy(ctx->iv, iv, niv);
728 return 0;
729 }
732 static const struct QCryptoCipherDriver qcrypto_cipher_lib_driver = {
733 .cipher_encrypt = qcrypto_nettle_cipher_encrypt,
734 .cipher_decrypt = qcrypto_nettle_cipher_decrypt,
735 .cipher_setiv = qcrypto_nettle_cipher_setiv,
736 .cipher_free = qcrypto_nettle_cipher_ctx_free,
737 };