2 * QEMU Crypto cipher nettle algorithms
4 * Copyright (c) 2015 Red Hat, Inc.
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
21 #ifdef CONFIG_QEMU_PRIVATE_XTS
22 #include "crypto/xts.h"
25 #include <nettle/nettle-types.h>
26 #include <nettle/aes.h>
27 #include <nettle/des.h>
28 #include <nettle/cbc.h>
29 #include <nettle/cast128.h>
30 #include <nettle/serpent.h>
31 #include <nettle/twofish.h>
32 #include <nettle/ctr.h>
33 #ifndef CONFIG_QEMU_PRIVATE_XTS
34 #include <nettle/xts.h>
37 static const struct QCryptoCipherDriver qcrypto_cipher_lib_driver;
39 typedef void (*QCryptoCipherNettleFuncWrapper)(const void *ctx,
44 #if CONFIG_NETTLE_VERSION_MAJOR < 3
45 typedef nettle_crypt_func * QCryptoCipherNettleFuncNative;
46 typedef void * cipher_ctx_t;
47 typedef unsigned cipher_length_t;
49 #define cast5_set_key cast128_set_key
51 #define aes128_ctx aes_ctx
52 #define aes192_ctx aes_ctx
53 #define aes256_ctx aes_ctx
54 #define aes128_set_encrypt_key(c, k) \
55 aes_set_encrypt_key(c, 16, k)
56 #define aes192_set_encrypt_key(c, k) \
57 aes_set_encrypt_key(c, 24, k)
58 #define aes256_set_encrypt_key(c, k) \
59 aes_set_encrypt_key(c, 32, k)
60 #define aes128_set_decrypt_key(c, k) \
61 aes_set_decrypt_key(c, 16, k)
62 #define aes192_set_decrypt_key(c, k) \
63 aes_set_decrypt_key(c, 24, k)
64 #define aes256_set_decrypt_key(c, k) \
65 aes_set_decrypt_key(c, 32, k)
66 #define aes128_encrypt aes_encrypt
67 #define aes192_encrypt aes_encrypt
68 #define aes256_encrypt aes_encrypt
69 #define aes128_decrypt aes_decrypt
70 #define aes192_decrypt aes_decrypt
71 #define aes256_decrypt aes_decrypt
73 typedef nettle_cipher_func * QCryptoCipherNettleFuncNative;
74 typedef const void * cipher_ctx_t;
75 typedef size_t cipher_length_t;
78 typedef struct QCryptoNettleAES128 {
79 struct aes128_ctx enc;
80 struct aes128_ctx dec;
81 } QCryptoNettleAES128;
83 typedef struct QCryptoNettleAES192 {
84 struct aes192_ctx enc;
85 struct aes192_ctx dec;
86 } QCryptoNettleAES192;
88 typedef struct QCryptoNettleAES256 {
89 struct aes256_ctx enc;
90 struct aes256_ctx dec;
91 } QCryptoNettleAES256;
93 static void aes128_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
94 uint8_t *dst, const uint8_t *src)
96 const QCryptoNettleAES128 *aesctx = ctx;
97 aes128_encrypt(&aesctx->enc, length, dst, src);
100 static void aes128_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
101 uint8_t *dst, const uint8_t *src)
103 const QCryptoNettleAES128 *aesctx = ctx;
104 aes128_decrypt(&aesctx->dec, length, dst, src);
107 static void aes192_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
108 uint8_t *dst, const uint8_t *src)
110 const QCryptoNettleAES192 *aesctx = ctx;
111 aes192_encrypt(&aesctx->enc, length, dst, src);
114 static void aes192_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
115 uint8_t *dst, const uint8_t *src)
117 const QCryptoNettleAES192 *aesctx = ctx;
118 aes192_decrypt(&aesctx->dec, length, dst, src);
121 static void aes256_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
122 uint8_t *dst, const uint8_t *src)
124 const QCryptoNettleAES256 *aesctx = ctx;
125 aes256_encrypt(&aesctx->enc, length, dst, src);
128 static void aes256_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
129 uint8_t *dst, const uint8_t *src)
131 const QCryptoNettleAES256 *aesctx = ctx;
132 aes256_decrypt(&aesctx->dec, length, dst, src);
135 static void des_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
136 uint8_t *dst, const uint8_t *src)
138 des_encrypt(ctx, length, dst, src);
141 static void des_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
142 uint8_t *dst, const uint8_t *src)
144 des_decrypt(ctx, length, dst, src);
147 static void des3_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
148 uint8_t *dst, const uint8_t *src)
150 des3_encrypt(ctx, length, dst, src);
153 static void des3_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
154 uint8_t *dst, const uint8_t *src)
156 des3_decrypt(ctx, length, dst, src);
159 static void cast128_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
160 uint8_t *dst, const uint8_t *src)
162 cast128_encrypt(ctx, length, dst, src);
165 static void cast128_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
166 uint8_t *dst, const uint8_t *src)
168 cast128_decrypt(ctx, length, dst, src);
171 static void serpent_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
172 uint8_t *dst, const uint8_t *src)
174 serpent_encrypt(ctx, length, dst, src);
177 static void serpent_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
178 uint8_t *dst, const uint8_t *src)
180 serpent_decrypt(ctx, length, dst, src);
183 static void twofish_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
184 uint8_t *dst, const uint8_t *src)
186 twofish_encrypt(ctx, length, dst, src);
189 static void twofish_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
190 uint8_t *dst, const uint8_t *src)
192 twofish_decrypt(ctx, length, dst, src);
195 static void aes128_encrypt_wrapper(const void *ctx, size_t length,
196 uint8_t *dst, const uint8_t *src)
198 const QCryptoNettleAES128 *aesctx = ctx;
199 aes128_encrypt(&aesctx->enc, length, dst, src);
202 static void aes128_decrypt_wrapper(const void *ctx, size_t length,
203 uint8_t *dst, const uint8_t *src)
205 const QCryptoNettleAES128 *aesctx = ctx;
206 aes128_decrypt(&aesctx->dec, length, dst, src);
209 static void aes192_encrypt_wrapper(const void *ctx, size_t length,
210 uint8_t *dst, const uint8_t *src)
212 const QCryptoNettleAES192 *aesctx = ctx;
213 aes192_encrypt(&aesctx->enc, length, dst, src);
216 static void aes192_decrypt_wrapper(const void *ctx, size_t length,
217 uint8_t *dst, const uint8_t *src)
219 const QCryptoNettleAES192 *aesctx = ctx;
220 aes192_decrypt(&aesctx->dec, length, dst, src);
223 static void aes256_encrypt_wrapper(const void *ctx, size_t length,
224 uint8_t *dst, const uint8_t *src)
226 const QCryptoNettleAES256 *aesctx = ctx;
227 aes256_encrypt(&aesctx->enc, length, dst, src);
230 static void aes256_decrypt_wrapper(const void *ctx, size_t length,
231 uint8_t *dst, const uint8_t *src)
233 const QCryptoNettleAES256 *aesctx = ctx;
234 aes256_decrypt(&aesctx->dec, length, dst, src);
237 static void des_encrypt_wrapper(const void *ctx, size_t length,
238 uint8_t *dst, const uint8_t *src)
240 des_encrypt(ctx, length, dst, src);
243 static void des_decrypt_wrapper(const void *ctx, size_t length,
244 uint8_t *dst, const uint8_t *src)
246 des_decrypt(ctx, length, dst, src);
249 static void des3_encrypt_wrapper(const void *ctx, size_t length,
250 uint8_t *dst, const uint8_t *src)
252 des3_encrypt(ctx, length, dst, src);
255 static void des3_decrypt_wrapper(const void *ctx, size_t length,
256 uint8_t *dst, const uint8_t *src)
258 des3_decrypt(ctx, length, dst, src);
261 static void cast128_encrypt_wrapper(const void *ctx, size_t length,
262 uint8_t *dst, const uint8_t *src)
264 cast128_encrypt(ctx, length, dst, src);
267 static void cast128_decrypt_wrapper(const void *ctx, size_t length,
268 uint8_t *dst, const uint8_t *src)
270 cast128_decrypt(ctx, length, dst, src);
273 static void serpent_encrypt_wrapper(const void *ctx, size_t length,
274 uint8_t *dst, const uint8_t *src)
276 serpent_encrypt(ctx, length, dst, src);
279 static void serpent_decrypt_wrapper(const void *ctx, size_t length,
280 uint8_t *dst, const uint8_t *src)
282 serpent_decrypt(ctx, length, dst, src);
285 static void twofish_encrypt_wrapper(const void *ctx, size_t length,
286 uint8_t *dst, const uint8_t *src)
288 twofish_encrypt(ctx, length, dst, src);
291 static void twofish_decrypt_wrapper(const void *ctx, size_t length,
292 uint8_t *dst, const uint8_t *src)
294 twofish_decrypt(ctx, length, dst, src);
297 typedef struct QCryptoCipherNettle QCryptoCipherNettle;
298 struct QCryptoCipherNettle {
301 /* Primary cipher context for all modes */
303 /* Second cipher context for XTS mode only */
305 /* Cipher callbacks for both contexts */
306 QCryptoCipherNettleFuncNative alg_encrypt_native;
307 QCryptoCipherNettleFuncNative alg_decrypt_native;
308 QCryptoCipherNettleFuncWrapper alg_encrypt_wrapper;
309 QCryptoCipherNettleFuncWrapper alg_decrypt_wrapper;
310 /* Initialization vector or Counter */
315 bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg,
316 QCryptoCipherMode mode)
319 case QCRYPTO_CIPHER_ALG_DES_RFB:
320 case QCRYPTO_CIPHER_ALG_3DES:
321 case QCRYPTO_CIPHER_ALG_AES_128:
322 case QCRYPTO_CIPHER_ALG_AES_192:
323 case QCRYPTO_CIPHER_ALG_AES_256:
324 case QCRYPTO_CIPHER_ALG_CAST5_128:
325 case QCRYPTO_CIPHER_ALG_SERPENT_128:
326 case QCRYPTO_CIPHER_ALG_SERPENT_192:
327 case QCRYPTO_CIPHER_ALG_SERPENT_256:
328 case QCRYPTO_CIPHER_ALG_TWOFISH_128:
329 case QCRYPTO_CIPHER_ALG_TWOFISH_192:
330 case QCRYPTO_CIPHER_ALG_TWOFISH_256:
337 case QCRYPTO_CIPHER_MODE_ECB:
338 case QCRYPTO_CIPHER_MODE_CBC:
339 case QCRYPTO_CIPHER_MODE_XTS:
340 case QCRYPTO_CIPHER_MODE_CTR:
349 qcrypto_nettle_cipher_free_ctx(QCryptoCipherNettle *ctx)
357 g_free(ctx->ctx_tweak);
362 static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg,
363 QCryptoCipherMode mode,
368 QCryptoCipherNettle *ctx;
372 case QCRYPTO_CIPHER_MODE_ECB:
373 case QCRYPTO_CIPHER_MODE_CBC:
374 case QCRYPTO_CIPHER_MODE_XTS:
375 case QCRYPTO_CIPHER_MODE_CTR:
378 error_setg(errp, "Unsupported cipher mode %s",
379 QCryptoCipherMode_str(mode));
383 if (!qcrypto_cipher_validate_key_length(alg, mode, nkey, errp)) {
387 ctx = g_new0(QCryptoCipherNettle, 1);
390 case QCRYPTO_CIPHER_ALG_DES_RFB:
391 ctx->ctx = g_new0(struct des_ctx, 1);
392 rfbkey = qcrypto_cipher_munge_des_rfb_key(key, nkey);
393 des_set_key(ctx->ctx, rfbkey);
396 ctx->alg_encrypt_native = des_encrypt_native;
397 ctx->alg_decrypt_native = des_decrypt_native;
398 ctx->alg_encrypt_wrapper = des_encrypt_wrapper;
399 ctx->alg_decrypt_wrapper = des_decrypt_wrapper;
401 ctx->blocksize = DES_BLOCK_SIZE;
404 case QCRYPTO_CIPHER_ALG_3DES:
405 ctx->ctx = g_new0(struct des3_ctx, 1);
406 des3_set_key(ctx->ctx, key);
408 ctx->alg_encrypt_native = des3_encrypt_native;
409 ctx->alg_decrypt_native = des3_decrypt_native;
410 ctx->alg_encrypt_wrapper = des3_encrypt_wrapper;
411 ctx->alg_decrypt_wrapper = des3_decrypt_wrapper;
413 ctx->blocksize = DES3_BLOCK_SIZE;
416 case QCRYPTO_CIPHER_ALG_AES_128:
417 ctx->ctx = g_new0(QCryptoNettleAES128, 1);
419 if (mode == QCRYPTO_CIPHER_MODE_XTS) {
420 ctx->ctx_tweak = g_new0(QCryptoNettleAES128, 1);
423 aes128_set_encrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->enc,
425 aes128_set_decrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->dec,
428 aes128_set_encrypt_key(&((QCryptoNettleAES128 *)ctx->ctx_tweak)->
430 aes128_set_decrypt_key(&((QCryptoNettleAES128 *)ctx->ctx_tweak)->
433 aes128_set_encrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->enc,
435 aes128_set_decrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->dec,
439 ctx->alg_encrypt_native = aes128_encrypt_native;
440 ctx->alg_decrypt_native = aes128_decrypt_native;
441 ctx->alg_encrypt_wrapper = aes128_encrypt_wrapper;
442 ctx->alg_decrypt_wrapper = aes128_decrypt_wrapper;
444 ctx->blocksize = AES_BLOCK_SIZE;
447 case QCRYPTO_CIPHER_ALG_AES_192:
448 ctx->ctx = g_new0(QCryptoNettleAES192, 1);
450 if (mode == QCRYPTO_CIPHER_MODE_XTS) {
451 ctx->ctx_tweak = g_new0(QCryptoNettleAES192, 1);
454 aes192_set_encrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->enc,
456 aes192_set_decrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->dec,
459 aes192_set_encrypt_key(&((QCryptoNettleAES192 *)ctx->ctx_tweak)->
461 aes192_set_decrypt_key(&((QCryptoNettleAES192 *)ctx->ctx_tweak)->
464 aes192_set_encrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->enc,
466 aes192_set_decrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->dec,
470 ctx->alg_encrypt_native = aes192_encrypt_native;
471 ctx->alg_decrypt_native = aes192_decrypt_native;
472 ctx->alg_encrypt_wrapper = aes192_encrypt_wrapper;
473 ctx->alg_decrypt_wrapper = aes192_decrypt_wrapper;
475 ctx->blocksize = AES_BLOCK_SIZE;
478 case QCRYPTO_CIPHER_ALG_AES_256:
479 ctx->ctx = g_new0(QCryptoNettleAES256, 1);
481 if (mode == QCRYPTO_CIPHER_MODE_XTS) {
482 ctx->ctx_tweak = g_new0(QCryptoNettleAES256, 1);
485 aes256_set_encrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->enc,
487 aes256_set_decrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->dec,
490 aes256_set_encrypt_key(&((QCryptoNettleAES256 *)ctx->ctx_tweak)->
492 aes256_set_decrypt_key(&((QCryptoNettleAES256 *)ctx->ctx_tweak)->
495 aes256_set_encrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->enc,
497 aes256_set_decrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->dec,
501 ctx->alg_encrypt_native = aes256_encrypt_native;
502 ctx->alg_decrypt_native = aes256_decrypt_native;
503 ctx->alg_encrypt_wrapper = aes256_encrypt_wrapper;
504 ctx->alg_decrypt_wrapper = aes256_decrypt_wrapper;
506 ctx->blocksize = AES_BLOCK_SIZE;
509 case QCRYPTO_CIPHER_ALG_CAST5_128:
510 ctx->ctx = g_new0(struct cast128_ctx, 1);
512 if (mode == QCRYPTO_CIPHER_MODE_XTS) {
513 ctx->ctx_tweak = g_new0(struct cast128_ctx, 1);
516 cast5_set_key(ctx->ctx, nkey, key);
517 cast5_set_key(ctx->ctx_tweak, nkey, key + nkey);
519 cast5_set_key(ctx->ctx, nkey, key);
522 ctx->alg_encrypt_native = cast128_encrypt_native;
523 ctx->alg_decrypt_native = cast128_decrypt_native;
524 ctx->alg_encrypt_wrapper = cast128_encrypt_wrapper;
525 ctx->alg_decrypt_wrapper = cast128_decrypt_wrapper;
527 ctx->blocksize = CAST128_BLOCK_SIZE;
530 case QCRYPTO_CIPHER_ALG_SERPENT_128:
531 case QCRYPTO_CIPHER_ALG_SERPENT_192:
532 case QCRYPTO_CIPHER_ALG_SERPENT_256:
533 ctx->ctx = g_new0(struct serpent_ctx, 1);
535 if (mode == QCRYPTO_CIPHER_MODE_XTS) {
536 ctx->ctx_tweak = g_new0(struct serpent_ctx, 1);
539 serpent_set_key(ctx->ctx, nkey, key);
540 serpent_set_key(ctx->ctx_tweak, nkey, key + nkey);
542 serpent_set_key(ctx->ctx, nkey, key);
545 ctx->alg_encrypt_native = serpent_encrypt_native;
546 ctx->alg_decrypt_native = serpent_decrypt_native;
547 ctx->alg_encrypt_wrapper = serpent_encrypt_wrapper;
548 ctx->alg_decrypt_wrapper = serpent_decrypt_wrapper;
550 ctx->blocksize = SERPENT_BLOCK_SIZE;
553 case QCRYPTO_CIPHER_ALG_TWOFISH_128:
554 case QCRYPTO_CIPHER_ALG_TWOFISH_192:
555 case QCRYPTO_CIPHER_ALG_TWOFISH_256:
556 ctx->ctx = g_new0(struct twofish_ctx, 1);
558 if (mode == QCRYPTO_CIPHER_MODE_XTS) {
559 ctx->ctx_tweak = g_new0(struct twofish_ctx, 1);
562 twofish_set_key(ctx->ctx, nkey, key);
563 twofish_set_key(ctx->ctx_tweak, nkey, key + nkey);
565 twofish_set_key(ctx->ctx, nkey, key);
568 ctx->alg_encrypt_native = twofish_encrypt_native;
569 ctx->alg_decrypt_native = twofish_decrypt_native;
570 ctx->alg_encrypt_wrapper = twofish_encrypt_wrapper;
571 ctx->alg_decrypt_wrapper = twofish_decrypt_wrapper;
573 ctx->blocksize = TWOFISH_BLOCK_SIZE;
577 error_setg(errp, "Unsupported cipher algorithm %s",
578 QCryptoCipherAlgorithm_str(alg));
581 g_assert(is_power_of_2(ctx->blocksize));
583 if (mode == QCRYPTO_CIPHER_MODE_XTS &&
584 ctx->blocksize != XTS_BLOCK_SIZE) {
585 error_setg(errp, "Cipher block size %zu must equal XTS block size %d",
586 ctx->blocksize, XTS_BLOCK_SIZE);
590 ctx->iv = g_new0(uint8_t, ctx->blocksize);
592 ctx->base.driver = &qcrypto_cipher_lib_driver;
596 qcrypto_nettle_cipher_free_ctx(ctx);
602 qcrypto_nettle_cipher_ctx_free(QCryptoCipher *cipher)
604 QCryptoCipherNettle *ctx = container_of(cipher, QCryptoCipherNettle, base);
606 qcrypto_nettle_cipher_free_ctx(ctx);
611 qcrypto_nettle_cipher_encrypt(QCryptoCipher *cipher,
617 QCryptoCipherNettle *ctx = container_of(cipher, QCryptoCipherNettle, base);
619 if (len & (ctx->blocksize - 1)) {
620 error_setg(errp, "Length %zu must be a multiple of block size %zu",
621 len, ctx->blocksize);
625 switch (cipher->mode) {
626 case QCRYPTO_CIPHER_MODE_ECB:
627 ctx->alg_encrypt_wrapper(ctx->ctx, len, out, in);
630 case QCRYPTO_CIPHER_MODE_CBC:
631 cbc_encrypt(ctx->ctx, ctx->alg_encrypt_native,
632 ctx->blocksize, ctx->iv,
636 case QCRYPTO_CIPHER_MODE_XTS:
637 #ifdef CONFIG_QEMU_PRIVATE_XTS
638 xts_encrypt(ctx->ctx, ctx->ctx_tweak,
639 ctx->alg_encrypt_wrapper, ctx->alg_decrypt_wrapper,
640 ctx->iv, len, out, in);
642 xts_encrypt_message(ctx->ctx, ctx->ctx_tweak,
643 ctx->alg_encrypt_native,
644 ctx->iv, len, out, in);
648 case QCRYPTO_CIPHER_MODE_CTR:
649 ctr_crypt(ctx->ctx, ctx->alg_encrypt_native,
650 ctx->blocksize, ctx->iv,
655 error_setg(errp, "Unsupported cipher mode %s",
656 QCryptoCipherMode_str(cipher->mode));
664 qcrypto_nettle_cipher_decrypt(QCryptoCipher *cipher,
670 QCryptoCipherNettle *ctx = container_of(cipher, QCryptoCipherNettle, base);
672 if (len & (ctx->blocksize - 1)) {
673 error_setg(errp, "Length %zu must be a multiple of block size %zu",
674 len, ctx->blocksize);
678 switch (cipher->mode) {
679 case QCRYPTO_CIPHER_MODE_ECB:
680 ctx->alg_decrypt_wrapper(ctx->ctx, len, out, in);
683 case QCRYPTO_CIPHER_MODE_CBC:
684 cbc_decrypt(ctx->ctx, ctx->alg_decrypt_native,
685 ctx->blocksize, ctx->iv,
689 case QCRYPTO_CIPHER_MODE_XTS:
690 #ifdef CONFIG_QEMU_PRIVATE_XTS
691 xts_decrypt(ctx->ctx, ctx->ctx_tweak,
692 ctx->alg_encrypt_wrapper, ctx->alg_decrypt_wrapper,
693 ctx->iv, len, out, in);
695 xts_decrypt_message(ctx->ctx, ctx->ctx_tweak,
696 ctx->alg_decrypt_native,
697 ctx->alg_encrypt_native,
698 ctx->iv, len, out, in);
701 case QCRYPTO_CIPHER_MODE_CTR:
702 ctr_crypt(ctx->ctx, ctx->alg_encrypt_native,
703 ctx->blocksize, ctx->iv,
708 error_setg(errp, "Unsupported cipher mode %s",
709 QCryptoCipherMode_str(cipher->mode));
716 qcrypto_nettle_cipher_setiv(QCryptoCipher *cipher,
717 const uint8_t *iv, size_t niv,
720 QCryptoCipherNettle *ctx = container_of(cipher, QCryptoCipherNettle, base);
722 if (niv != ctx->blocksize) {
723 error_setg(errp, "Expected IV size %zu not %zu",
724 ctx->blocksize, niv);
727 memcpy(ctx->iv, iv, niv);
732 static const struct QCryptoCipherDriver qcrypto_cipher_lib_driver = {
733 .cipher_encrypt = qcrypto_nettle_cipher_encrypt,
734 .cipher_decrypt = qcrypto_nettle_cipher_decrypt,
735 .cipher_setiv = qcrypto_nettle_cipher_setiv,
736 .cipher_free = qcrypto_nettle_cipher_ctx_free,