| blob | 42b39e18a23d49b1a5d86eaa5874f849f444b522 |
1 /*
2 * QEMU Crypto cipher nettle algorithms
3 *
4 * Copyright (c) 2015 Red Hat, Inc.
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 *
19 */
21 #ifdef CONFIG_QEMU_PRIVATE_XTS
22 #include "crypto/xts.h"
23 #endif
25 #include <nettle/nettle-types.h>
26 #include <nettle/aes.h>
27 #include <nettle/des.h>
28 #include <nettle/cbc.h>
29 #include <nettle/cast128.h>
30 #include <nettle/serpent.h>
31 #include <nettle/twofish.h>
32 #include <nettle/ctr.h>
33 #ifndef CONFIG_QEMU_PRIVATE_XTS
34 #include <nettle/xts.h>
35 #endif
36 #ifdef CONFIG_CRYPTO_SM4
37 #include <nettle/sm4.h>
38 #endif
40 static inline bool qcrypto_length_check(size_t len, size_t blocksize,
41 Error **errp)
42 {
43 if (unlikely(len & (blocksize - 1))) {
44 error_setg(errp, "Length %zu must be a multiple of block size %zu",
45 len, blocksize);
46 return false;
47 }
48 return true;
49 }
52 static void qcrypto_cipher_ctx_free(QCryptoCipher *ctx)
53 {
54 g_free(ctx);
55 }
57 static int qcrypto_cipher_no_setiv(QCryptoCipher *cipher,
58 const uint8_t *iv, size_t niv,
59 Error **errp)
60 {
61 error_setg(errp, "Setting IV is not supported");
62 return -1;
63 }
66 #define DEFINE_SETIV(NAME, TYPE, BLEN) \
67 static int NAME##_setiv(QCryptoCipher *cipher, const uint8_t *iv, \
68 size_t niv, Error **errp) \
69 { \
70 TYPE *ctx = container_of(cipher, TYPE, base); \
71 if (niv != BLEN) { \
72 error_setg(errp, "Expected IV size %d not %zu", BLEN, niv); \
73 return -1; \
74 } \
75 memcpy(ctx->iv, iv, niv); \
76 return 0; \
77 }
80 #define DEFINE_ECB(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \
81 static int NAME##_encrypt_ecb(QCryptoCipher *cipher, const void *in, \
82 void *out, size_t len, Error **errp) \
83 { \
84 TYPE *ctx = container_of(cipher, TYPE, base); \
85 if (!qcrypto_length_check(len, BLEN, errp)) { \
86 return -1; \
87 } \
88 ENCRYPT(&ctx->key, len, out, in); \
89 return 0; \
90 } \
91 static int NAME##_decrypt_ecb(QCryptoCipher *cipher, const void *in, \
92 void *out, size_t len, Error **errp) \
93 { \
94 TYPE *ctx = container_of(cipher, TYPE, base); \
95 if (!qcrypto_length_check(len, BLEN, errp)) { \
96 return -1; \
97 } \
98 DECRYPT(&ctx->key, len, out, in); \
99 return 0; \
100 } \
101 static const struct QCryptoCipherDriver NAME##_driver_ecb = { \
102 .cipher_encrypt = NAME##_encrypt_ecb, \
103 .cipher_decrypt = NAME##_decrypt_ecb, \
104 .cipher_setiv = qcrypto_cipher_no_setiv, \
105 .cipher_free = qcrypto_cipher_ctx_free, \
106 };
109 #define DEFINE_CBC(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \
110 static int NAME##_encrypt_cbc(QCryptoCipher *cipher, const void *in, \
111 void *out, size_t len, Error **errp) \
112 { \
113 TYPE *ctx = container_of(cipher, TYPE, base); \
114 if (!qcrypto_length_check(len, BLEN, errp)) { \
115 return -1; \
116 } \
117 cbc_encrypt(&ctx->key, ENCRYPT, BLEN, ctx->iv, len, out, in); \
118 return 0; \
119 } \
120 static int NAME##_decrypt_cbc(QCryptoCipher *cipher, const void *in, \
121 void *out, size_t len, Error **errp) \
122 { \
123 TYPE *ctx = container_of(cipher, TYPE, base); \
124 if (!qcrypto_length_check(len, BLEN, errp)) { \
125 return -1; \
126 } \
127 cbc_decrypt(&ctx->key, DECRYPT, BLEN, ctx->iv, len, out, in); \
128 return 0; \
129 } \
130 static const struct QCryptoCipherDriver NAME##_driver_cbc = { \
131 .cipher_encrypt = NAME##_encrypt_cbc, \
132 .cipher_decrypt = NAME##_decrypt_cbc, \
133 .cipher_setiv = NAME##_setiv, \
134 .cipher_free = qcrypto_cipher_ctx_free, \
135 };
138 #define DEFINE_CTR(NAME, TYPE, BLEN, ENCRYPT) \
139 static int NAME##_encrypt_ctr(QCryptoCipher *cipher, const void *in, \
140 void *out, size_t len, Error **errp) \
141 { \
142 TYPE *ctx = container_of(cipher, TYPE, base); \
143 if (!qcrypto_length_check(len, BLEN, errp)) { \
144 return -1; \
145 } \
146 ctr_crypt(&ctx->key, ENCRYPT, BLEN, ctx->iv, len, out, in); \
147 return 0; \
148 } \
149 static const struct QCryptoCipherDriver NAME##_driver_ctr = { \
150 .cipher_encrypt = NAME##_encrypt_ctr, \
151 .cipher_decrypt = NAME##_encrypt_ctr, \
152 .cipher_setiv = NAME##_setiv, \
153 .cipher_free = qcrypto_cipher_ctx_free, \
154 };
157 #ifdef CONFIG_QEMU_PRIVATE_XTS
158 #define DEFINE__XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \
159 static void NAME##_xts_wrape(const void *ctx, size_t length, \
160 uint8_t *dst, const uint8_t *src) \
161 { \
162 ENCRYPT((const void *)ctx, length, dst, src); \
163 } \
164 static void NAME##_xts_wrapd(const void *ctx, size_t length, \
165 uint8_t *dst, const uint8_t *src) \
166 { \
167 DECRYPT((const void *)ctx, length, dst, src); \
168 } \
169 static int NAME##_encrypt_xts(QCryptoCipher *cipher, const void *in, \
170 void *out, size_t len, Error **errp) \
171 { \
172 TYPE *ctx = container_of(cipher, TYPE, base); \
173 if (!qcrypto_length_check(len, BLEN, errp)) { \
174 return -1; \
175 } \
176 xts_encrypt(&ctx->key, &ctx->key_xts, \
177 NAME##_xts_wrape, NAME##_xts_wrapd, \
178 ctx->iv, len, out, in); \
179 return 0; \
180 } \
181 static int NAME##_decrypt_xts(QCryptoCipher *cipher, const void *in, \
182 void *out, size_t len, Error **errp) \
183 { \
184 TYPE *ctx = container_of(cipher, TYPE, base); \
185 if (!qcrypto_length_check(len, BLEN, errp)) { \
186 return -1; \
187 } \
188 xts_decrypt(&ctx->key, &ctx->key_xts, \
189 NAME##_xts_wrape, NAME##_xts_wrapd, \
190 ctx->iv, len, out, in); \
191 return 0; \
192 }
193 #else
194 #define DEFINE__XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \
195 static int NAME##_encrypt_xts(QCryptoCipher *cipher, const void *in, \
196 void *out, size_t len, Error **errp) \
197 { \
198 TYPE *ctx = container_of(cipher, TYPE, base); \
199 if (!qcrypto_length_check(len, BLEN, errp)) { \
200 return -1; \
201 } \
202 xts_encrypt_message(&ctx->key, &ctx->key_xts, ENCRYPT, \
203 ctx->iv, len, out, in); \
204 return 0; \
205 } \
206 static int NAME##_decrypt_xts(QCryptoCipher *cipher, const void *in, \
207 void *out, size_t len, Error **errp) \
208 { \
209 TYPE *ctx = container_of(cipher, TYPE, base); \
210 if (!qcrypto_length_check(len, BLEN, errp)) { \
211 return -1; \
212 } \
213 xts_decrypt_message(&ctx->key, &ctx->key_xts, DECRYPT, ENCRYPT, \
214 ctx->iv, len, out, in); \
215 return 0; \
216 }
217 #endif
219 #define DEFINE_XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \
220 QEMU_BUILD_BUG_ON(BLEN != XTS_BLOCK_SIZE); \
221 DEFINE__XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \
222 static const struct QCryptoCipherDriver NAME##_driver_xts = { \
223 .cipher_encrypt = NAME##_encrypt_xts, \
224 .cipher_decrypt = NAME##_decrypt_xts, \
225 .cipher_setiv = NAME##_setiv, \
226 .cipher_free = qcrypto_cipher_ctx_free, \
227 };
230 #define DEFINE_ECB_CBC_CTR(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \
231 DEFINE_SETIV(NAME, TYPE, BLEN) \
232 DEFINE_ECB(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \
233 DEFINE_CBC(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \
234 DEFINE_CTR(NAME, TYPE, BLEN, ENCRYPT)
236 #define DEFINE_ECB_CBC_CTR_XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \
237 DEFINE_ECB_CBC_CTR(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \
238 DEFINE_XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT)
241 typedef struct QCryptoNettleDES {
242 QCryptoCipher base;
243 struct des_ctx key;
244 uint8_t iv[DES_BLOCK_SIZE];
245 } QCryptoNettleDES;
247 static void des_encrypt_native(const void *ctx, size_t length,
248 uint8_t *dst, const uint8_t *src)
249 {
250 des_encrypt(ctx, length, dst, src);
251 }
253 static void des_decrypt_native(const void *ctx, size_t length,
254 uint8_t *dst, const uint8_t *src)
255 {
256 des_decrypt(ctx, length, dst, src);
257 }
259 DEFINE_ECB_CBC_CTR(qcrypto_nettle_des, QCryptoNettleDES,
260 DES_BLOCK_SIZE, des_encrypt_native, des_decrypt_native)
263 typedef struct QCryptoNettleDES3 {
264 QCryptoCipher base;
265 struct des3_ctx key;
266 uint8_t iv[DES3_BLOCK_SIZE];
267 } QCryptoNettleDES3;
269 static void des3_encrypt_native(const void *ctx, size_t length,
270 uint8_t *dst, const uint8_t *src)
271 {
272 des3_encrypt(ctx, length, dst, src);
273 }
275 static void des3_decrypt_native(const void *ctx, size_t length,
276 uint8_t *dst, const uint8_t *src)
277 {
278 des3_decrypt(ctx, length, dst, src);
279 }
281 DEFINE_ECB_CBC_CTR(qcrypto_nettle_des3, QCryptoNettleDES3, DES3_BLOCK_SIZE,
282 des3_encrypt_native, des3_decrypt_native)
285 typedef struct QCryptoNettleAES128 {
286 QCryptoCipher base;
287 uint8_t iv[AES_BLOCK_SIZE];
288 /* First key from pair is encode, second key is decode. */
289 struct aes128_ctx key[2], key_xts[2];
290 } QCryptoNettleAES128;
292 static void aes128_encrypt_native(const void *ctx, size_t length,
293 uint8_t *dst, const uint8_t *src)
294 {
295 const struct aes128_ctx *keys = ctx;
296 aes128_encrypt(&keys[0], length, dst, src);
297 }
299 static void aes128_decrypt_native(const void *ctx, size_t length,
300 uint8_t *dst, const uint8_t *src)
301 {
302 const struct aes128_ctx *keys = ctx;
303 aes128_decrypt(&keys[1], length, dst, src);
304 }
306 DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_aes128,
307 QCryptoNettleAES128, AES_BLOCK_SIZE,
308 aes128_encrypt_native, aes128_decrypt_native)
311 typedef struct QCryptoNettleAES192 {
312 QCryptoCipher base;
313 uint8_t iv[AES_BLOCK_SIZE];
314 /* First key from pair is encode, second key is decode. */
315 struct aes192_ctx key[2], key_xts[2];
316 } QCryptoNettleAES192;
318 static void aes192_encrypt_native(const void *ctx, size_t length,
319 uint8_t *dst, const uint8_t *src)
320 {
321 const struct aes192_ctx *keys = ctx;
322 aes192_encrypt(&keys[0], length, dst, src);
323 }
325 static void aes192_decrypt_native(const void *ctx, size_t length,
326 uint8_t *dst, const uint8_t *src)
327 {
328 const struct aes192_ctx *keys = ctx;
329 aes192_decrypt(&keys[1], length, dst, src);
330 }
332 DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_aes192,
333 QCryptoNettleAES192, AES_BLOCK_SIZE,
334 aes192_encrypt_native, aes192_decrypt_native)
337 typedef struct QCryptoNettleAES256 {
338 QCryptoCipher base;
339 uint8_t iv[AES_BLOCK_SIZE];
340 /* First key from pair is encode, second key is decode. */
341 struct aes256_ctx key[2], key_xts[2];
342 } QCryptoNettleAES256;
344 static void aes256_encrypt_native(const void *ctx, size_t length,
345 uint8_t *dst, const uint8_t *src)
346 {
347 const struct aes256_ctx *keys = ctx;
348 aes256_encrypt(&keys[0], length, dst, src);
349 }
351 static void aes256_decrypt_native(const void *ctx, size_t length,
352 uint8_t *dst, const uint8_t *src)
353 {
354 const struct aes256_ctx *keys = ctx;
355 aes256_decrypt(&keys[1], length, dst, src);
356 }
358 DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_aes256,
359 QCryptoNettleAES256, AES_BLOCK_SIZE,
360 aes256_encrypt_native, aes256_decrypt_native)
363 typedef struct QCryptoNettleCAST128 {
364 QCryptoCipher base;
365 uint8_t iv[CAST128_BLOCK_SIZE];
366 struct cast128_ctx key, key_xts;
367 } QCryptoNettleCAST128;
369 static void cast128_encrypt_native(const void *ctx, size_t length,
370 uint8_t *dst, const uint8_t *src)
371 {
372 cast128_encrypt(ctx, length, dst, src);
373 }
375 static void cast128_decrypt_native(const void *ctx, size_t length,
376 uint8_t *dst, const uint8_t *src)
377 {
378 cast128_decrypt(ctx, length, dst, src);
379 }
381 DEFINE_ECB_CBC_CTR(qcrypto_nettle_cast128,
382 QCryptoNettleCAST128, CAST128_BLOCK_SIZE,
383 cast128_encrypt_native, cast128_decrypt_native)
386 typedef struct QCryptoNettleSerpent {
387 QCryptoCipher base;
388 uint8_t iv[SERPENT_BLOCK_SIZE];
389 struct serpent_ctx key, key_xts;
390 } QCryptoNettleSerpent;
393 static void serpent_encrypt_native(const void *ctx, size_t length,
394 uint8_t *dst, const uint8_t *src)
395 {
396 serpent_encrypt(ctx, length, dst, src);
397 }
399 static void serpent_decrypt_native(const void *ctx, size_t length,
400 uint8_t *dst, const uint8_t *src)
401 {
402 serpent_decrypt(ctx, length, dst, src);
403 }
405 DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_serpent,
406 QCryptoNettleSerpent, SERPENT_BLOCK_SIZE,
407 serpent_encrypt_native, serpent_decrypt_native)
410 typedef struct QCryptoNettleTwofish {
411 QCryptoCipher base;
412 uint8_t iv[TWOFISH_BLOCK_SIZE];
413 struct twofish_ctx key, key_xts;
414 } QCryptoNettleTwofish;
416 static void twofish_encrypt_native(const void *ctx, size_t length,
417 uint8_t *dst, const uint8_t *src)
418 {
419 twofish_encrypt(ctx, length, dst, src);
420 }
422 static void twofish_decrypt_native(const void *ctx, size_t length,
423 uint8_t *dst, const uint8_t *src)
424 {
425 twofish_decrypt(ctx, length, dst, src);
426 }
428 DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_twofish,
429 QCryptoNettleTwofish, TWOFISH_BLOCK_SIZE,
430 twofish_encrypt_native, twofish_decrypt_native)
432 #ifdef CONFIG_CRYPTO_SM4
433 typedef struct QCryptoNettleSm4 {
434 QCryptoCipher base;
435 struct sm4_ctx key[2];
436 } QCryptoNettleSm4;
438 static void sm4_encrypt_native(void *ctx, size_t length,
439 uint8_t *dst, const uint8_t *src)
440 {
441 struct sm4_ctx *keys = ctx;
442 sm4_crypt(&keys[0], length, dst, src);
443 }
445 static void sm4_decrypt_native(void *ctx, size_t length,
446 uint8_t *dst, const uint8_t *src)
447 {
448 struct sm4_ctx *keys = ctx;
449 sm4_crypt(&keys[1], length, dst, src);
450 }
452 DEFINE_ECB(qcrypto_nettle_sm4,
453 QCryptoNettleSm4, SM4_BLOCK_SIZE,
454 sm4_encrypt_native, sm4_decrypt_native)
455 #endif
457 bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg,
458 QCryptoCipherMode mode)
459 {
460 switch (alg) {
461 case QCRYPTO_CIPHER_ALG_DES:
462 case QCRYPTO_CIPHER_ALG_3DES:
463 case QCRYPTO_CIPHER_ALG_AES_128:
464 case QCRYPTO_CIPHER_ALG_AES_192:
465 case QCRYPTO_CIPHER_ALG_AES_256:
466 case QCRYPTO_CIPHER_ALG_CAST5_128:
467 case QCRYPTO_CIPHER_ALG_SERPENT_128:
468 case QCRYPTO_CIPHER_ALG_SERPENT_192:
469 case QCRYPTO_CIPHER_ALG_SERPENT_256:
470 case QCRYPTO_CIPHER_ALG_TWOFISH_128:
471 case QCRYPTO_CIPHER_ALG_TWOFISH_192:
472 case QCRYPTO_CIPHER_ALG_TWOFISH_256:
473 #ifdef CONFIG_CRYPTO_SM4
474 case QCRYPTO_CIPHER_ALG_SM4:
475 #endif
476 break;
477 default:
478 return false;
479 }
481 switch (mode) {
482 case QCRYPTO_CIPHER_MODE_ECB:
483 case QCRYPTO_CIPHER_MODE_CBC:
484 case QCRYPTO_CIPHER_MODE_XTS:
485 case QCRYPTO_CIPHER_MODE_CTR:
486 return true;
487 default:
488 return false;
489 }
490 }
492 static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg,
493 QCryptoCipherMode mode,
494 const uint8_t *key,
495 size_t nkey,
496 Error **errp)
497 {
498 switch (mode) {
499 case QCRYPTO_CIPHER_MODE_ECB:
500 case QCRYPTO_CIPHER_MODE_CBC:
501 case QCRYPTO_CIPHER_MODE_XTS:
502 case QCRYPTO_CIPHER_MODE_CTR:
503 break;
504 default:
505 goto bad_cipher_mode;
506 }
508 if (!qcrypto_cipher_validate_key_length(alg, mode, nkey, errp)) {
509 return NULL;
510 }
512 switch (alg) {
513 case QCRYPTO_CIPHER_ALG_DES:
514 {
515 QCryptoNettleDES *ctx;
516 const QCryptoCipherDriver *drv;
518 switch (mode) {
519 case QCRYPTO_CIPHER_MODE_ECB:
520 drv = &qcrypto_nettle_des_driver_ecb;
521 break;
522 case QCRYPTO_CIPHER_MODE_CBC:
523 drv = &qcrypto_nettle_des_driver_cbc;
524 break;
525 case QCRYPTO_CIPHER_MODE_CTR:
526 drv = &qcrypto_nettle_des_driver_ctr;
527 break;
528 default:
529 goto bad_cipher_mode;
530 }
532 ctx = g_new0(QCryptoNettleDES, 1);
533 ctx->base.driver = drv;
534 des_set_key(&ctx->key, key);
536 return &ctx->base;
537 }
539 case QCRYPTO_CIPHER_ALG_3DES:
540 {
541 QCryptoNettleDES3 *ctx;
542 const QCryptoCipherDriver *drv;
544 switch (mode) {
545 case QCRYPTO_CIPHER_MODE_ECB:
546 drv = &qcrypto_nettle_des3_driver_ecb;
547 break;
548 case QCRYPTO_CIPHER_MODE_CBC:
549 drv = &qcrypto_nettle_des3_driver_cbc;
550 break;
551 case QCRYPTO_CIPHER_MODE_CTR:
552 drv = &qcrypto_nettle_des3_driver_ctr;
553 break;
554 default:
555 goto bad_cipher_mode;
556 }
558 ctx = g_new0(QCryptoNettleDES3, 1);
559 ctx->base.driver = drv;
560 des3_set_key(&ctx->key, key);
561 return &ctx->base;
562 }
564 case QCRYPTO_CIPHER_ALG_AES_128:
565 {
566 QCryptoNettleAES128 *ctx = g_new0(QCryptoNettleAES128, 1);
568 switch (mode) {
569 case QCRYPTO_CIPHER_MODE_ECB:
570 ctx->base.driver = &qcrypto_nettle_aes128_driver_ecb;
571 break;
572 case QCRYPTO_CIPHER_MODE_CBC:
573 ctx->base.driver = &qcrypto_nettle_aes128_driver_cbc;
574 break;
575 case QCRYPTO_CIPHER_MODE_CTR:
576 ctx->base.driver = &qcrypto_nettle_aes128_driver_ctr;
577 break;
578 case QCRYPTO_CIPHER_MODE_XTS:
579 ctx->base.driver = &qcrypto_nettle_aes128_driver_xts;
580 nkey /= 2;
581 aes128_set_encrypt_key(&ctx->key_xts[0], key + nkey);
582 aes128_set_decrypt_key(&ctx->key_xts[1], key + nkey);
583 break;
584 default:
585 g_assert_not_reached();
586 }
587 aes128_set_encrypt_key(&ctx->key[0], key);
588 aes128_set_decrypt_key(&ctx->key[1], key);
590 return &ctx->base;
591 }
593 case QCRYPTO_CIPHER_ALG_AES_192:
594 {
595 QCryptoNettleAES192 *ctx = g_new0(QCryptoNettleAES192, 1);
597 switch (mode) {
598 case QCRYPTO_CIPHER_MODE_ECB:
599 ctx->base.driver = &qcrypto_nettle_aes192_driver_ecb;
600 break;
601 case QCRYPTO_CIPHER_MODE_CBC:
602 ctx->base.driver = &qcrypto_nettle_aes192_driver_cbc;
603 break;
604 case QCRYPTO_CIPHER_MODE_CTR:
605 ctx->base.driver = &qcrypto_nettle_aes192_driver_ctr;
606 break;
607 case QCRYPTO_CIPHER_MODE_XTS:
608 ctx->base.driver = &qcrypto_nettle_aes192_driver_xts;
609 nkey /= 2;
610 aes192_set_encrypt_key(&ctx->key_xts[0], key + nkey);
611 aes192_set_decrypt_key(&ctx->key_xts[1], key + nkey);
612 break;
613 default:
614 g_assert_not_reached();
615 }
616 aes192_set_encrypt_key(&ctx->key[0], key);
617 aes192_set_decrypt_key(&ctx->key[1], key);
619 return &ctx->base;
620 }
622 case QCRYPTO_CIPHER_ALG_AES_256:
623 {
624 QCryptoNettleAES256 *ctx = g_new0(QCryptoNettleAES256, 1);
626 switch (mode) {
627 case QCRYPTO_CIPHER_MODE_ECB:
628 ctx->base.driver = &qcrypto_nettle_aes256_driver_ecb;
629 break;
630 case QCRYPTO_CIPHER_MODE_CBC:
631 ctx->base.driver = &qcrypto_nettle_aes256_driver_cbc;
632 break;
633 case QCRYPTO_CIPHER_MODE_CTR:
634 ctx->base.driver = &qcrypto_nettle_aes256_driver_ctr;
635 break;
636 case QCRYPTO_CIPHER_MODE_XTS:
637 ctx->base.driver = &qcrypto_nettle_aes256_driver_xts;
638 nkey /= 2;
639 aes256_set_encrypt_key(&ctx->key_xts[0], key + nkey);
640 aes256_set_decrypt_key(&ctx->key_xts[1], key + nkey);
641 break;
642 default:
643 g_assert_not_reached();
644 }
645 aes256_set_encrypt_key(&ctx->key[0], key);
646 aes256_set_decrypt_key(&ctx->key[1], key);
648 return &ctx->base;
649 }
651 case QCRYPTO_CIPHER_ALG_CAST5_128:
652 {
653 QCryptoNettleCAST128 *ctx;
654 const QCryptoCipherDriver *drv;
656 switch (mode) {
657 case QCRYPTO_CIPHER_MODE_ECB:
658 drv = &qcrypto_nettle_cast128_driver_ecb;
659 break;
660 case QCRYPTO_CIPHER_MODE_CBC:
661 drv = &qcrypto_nettle_cast128_driver_cbc;
662 break;
663 case QCRYPTO_CIPHER_MODE_CTR:
664 drv = &qcrypto_nettle_cast128_driver_ctr;
665 break;
666 default:
667 goto bad_cipher_mode;
668 }
670 ctx = g_new0(QCryptoNettleCAST128, 1);
671 ctx->base.driver = drv;
672 cast5_set_key(&ctx->key, nkey, key);
674 return &ctx->base;
675 }
677 case QCRYPTO_CIPHER_ALG_SERPENT_128:
678 case QCRYPTO_CIPHER_ALG_SERPENT_192:
679 case QCRYPTO_CIPHER_ALG_SERPENT_256:
680 {
681 QCryptoNettleSerpent *ctx = g_new0(QCryptoNettleSerpent, 1);
683 switch (mode) {
684 case QCRYPTO_CIPHER_MODE_ECB:
685 ctx->base.driver = &qcrypto_nettle_serpent_driver_ecb;
686 break;
687 case QCRYPTO_CIPHER_MODE_CBC:
688 ctx->base.driver = &qcrypto_nettle_serpent_driver_cbc;
689 break;
690 case QCRYPTO_CIPHER_MODE_CTR:
691 ctx->base.driver = &qcrypto_nettle_serpent_driver_ctr;
692 break;
693 case QCRYPTO_CIPHER_MODE_XTS:
694 ctx->base.driver = &qcrypto_nettle_serpent_driver_xts;
695 nkey /= 2;
696 serpent_set_key(&ctx->key_xts, nkey, key + nkey);
697 break;
698 default:
699 g_assert_not_reached();
700 }
701 serpent_set_key(&ctx->key, nkey, key);
703 return &ctx->base;
704 }
706 case QCRYPTO_CIPHER_ALG_TWOFISH_128:
707 case QCRYPTO_CIPHER_ALG_TWOFISH_192:
708 case QCRYPTO_CIPHER_ALG_TWOFISH_256:
709 {
710 QCryptoNettleTwofish *ctx = g_new0(QCryptoNettleTwofish, 1);
712 switch (mode) {
713 case QCRYPTO_CIPHER_MODE_ECB:
714 ctx->base.driver = &qcrypto_nettle_twofish_driver_ecb;
715 break;
716 case QCRYPTO_CIPHER_MODE_CBC:
717 ctx->base.driver = &qcrypto_nettle_twofish_driver_cbc;
718 break;
719 case QCRYPTO_CIPHER_MODE_CTR:
720 ctx->base.driver = &qcrypto_nettle_twofish_driver_ctr;
721 break;
722 case QCRYPTO_CIPHER_MODE_XTS:
723 ctx->base.driver = &qcrypto_nettle_twofish_driver_xts;
724 nkey /= 2;
725 twofish_set_key(&ctx->key_xts, nkey, key + nkey);
726 break;
727 default:
728 g_assert_not_reached();
729 }
730 twofish_set_key(&ctx->key, nkey, key);
732 return &ctx->base;
733 }
734 #ifdef CONFIG_CRYPTO_SM4
735 case QCRYPTO_CIPHER_ALG_SM4:
736 {
737 QCryptoNettleSm4 *ctx = g_new0(QCryptoNettleSm4, 1);
739 switch (mode) {
740 case QCRYPTO_CIPHER_MODE_ECB:
741 ctx->base.driver = &qcrypto_nettle_sm4_driver_ecb;
742 break;
743 default:
744 goto bad_cipher_mode;
745 }
747 sm4_set_encrypt_key(&ctx->key[0], key);
748 sm4_set_decrypt_key(&ctx->key[1], key);
750 return &ctx->base;
751 }
752 #endif
754 default:
755 error_setg(errp, "Unsupported cipher algorithm %s",
756 QCryptoCipherAlgorithm_str(alg));
757 return NULL;
758 }
760 bad_cipher_mode:
761 error_setg(errp, "Unsupported cipher mode %s",
762 QCryptoCipherMode_str(mode));
763 return NULL;
764 }