jcs.org / qemu
qemu with hax to log dma reads & writes jcs.org/2018/11/12/vfio
fork atom
qemu / crypto / cipher-nettle.c
at master 733 lines 24 kB view raw
Daniel P. Berrangé crypto: add support for nettle's native XTS impl
dc2207af
1/* 2 * QEMU Crypto cipher nettle algorithms 3 * 4 * Copyright (c) 2015 Red Hat, Inc. 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2.1 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 18 * 19 */ 20 21#include "qemu/osdep.h" 22#ifdef CONFIG_QEMU_PRIVATE_XTS 23#include "crypto/xts.h" 24#endif 25#include "cipherpriv.h" 26 27#include <nettle/nettle-types.h> 28#include <nettle/aes.h> 29#include <nettle/des.h> 30#include <nettle/cbc.h> 31#include <nettle/cast128.h> 32#include <nettle/serpent.h> 33#include <nettle/twofish.h> 34#include <nettle/ctr.h> 35#ifndef CONFIG_QEMU_PRIVATE_XTS 36#include <nettle/xts.h> 37#endif 38 39typedef void (*QCryptoCipherNettleFuncWrapper)(const void *ctx, 40 size_t length, 41 uint8_t *dst, 42 const uint8_t *src); 43 44#if CONFIG_NETTLE_VERSION_MAJOR < 3 45typedef nettle_crypt_func * QCryptoCipherNettleFuncNative; 46typedef void * cipher_ctx_t; 47typedef unsigned cipher_length_t; 48 49#define cast5_set_key cast128_set_key 50 51#define aes128_ctx aes_ctx 52#define aes192_ctx aes_ctx 53#define aes256_ctx aes_ctx 54#define aes128_set_encrypt_key(c, k) \ 55 aes_set_encrypt_key(c, 16, k) 56#define aes192_set_encrypt_key(c, k) \ 57 aes_set_encrypt_key(c, 24, k) 58#define aes256_set_encrypt_key(c, k) \ 59 aes_set_encrypt_key(c, 32, k) 60#define aes128_set_decrypt_key(c, k) \ 61 aes_set_decrypt_key(c, 16, k) 62#define aes192_set_decrypt_key(c, k) \ 63 aes_set_decrypt_key(c, 24, k) 64#define aes256_set_decrypt_key(c, k) \ 65 aes_set_decrypt_key(c, 32, k) 66#define aes128_encrypt aes_encrypt 67#define aes192_encrypt aes_encrypt 68#define aes256_encrypt aes_encrypt 69#define aes128_decrypt aes_decrypt 70#define aes192_decrypt aes_decrypt 71#define aes256_decrypt aes_decrypt 72#else 73typedef nettle_cipher_func * QCryptoCipherNettleFuncNative; 74typedef const void * cipher_ctx_t; 75typedef size_t cipher_length_t; 76#endif 77 78typedef struct QCryptoNettleAES128 { 79 struct aes128_ctx enc; 80 struct aes128_ctx dec; 81} QCryptoNettleAES128; 82 83typedef struct QCryptoNettleAES192 { 84 struct aes192_ctx enc; 85 struct aes192_ctx dec; 86} QCryptoNettleAES192; 87 88typedef struct QCryptoNettleAES256 { 89 struct aes256_ctx enc; 90 struct aes256_ctx dec; 91} QCryptoNettleAES256; 92 93static void aes128_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, 94 uint8_t *dst, const uint8_t *src) 95{ 96 const QCryptoNettleAES128 *aesctx = ctx; 97 aes128_encrypt(&aesctx->enc, length, dst, src); 98} 99 100static void aes128_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, 101 uint8_t *dst, const uint8_t *src) 102{ 103 const QCryptoNettleAES128 *aesctx = ctx; 104 aes128_decrypt(&aesctx->dec, length, dst, src); 105} 106 107static void aes192_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, 108 uint8_t *dst, const uint8_t *src) 109{ 110 const QCryptoNettleAES192 *aesctx = ctx; 111 aes192_encrypt(&aesctx->enc, length, dst, src); 112} 113 114static void aes192_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, 115 uint8_t *dst, const uint8_t *src) 116{ 117 const QCryptoNettleAES192 *aesctx = ctx; 118 aes192_decrypt(&aesctx->dec, length, dst, src); 119} 120 121static void aes256_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, 122 uint8_t *dst, const uint8_t *src) 123{ 124 const QCryptoNettleAES256 *aesctx = ctx; 125 aes256_encrypt(&aesctx->enc, length, dst, src); 126} 127 128static void aes256_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, 129 uint8_t *dst, const uint8_t *src) 130{ 131 const QCryptoNettleAES256 *aesctx = ctx; 132 aes256_decrypt(&aesctx->dec, length, dst, src); 133} 134 135static void des_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, 136 uint8_t *dst, const uint8_t *src) 137{ 138 des_encrypt(ctx, length, dst, src); 139} 140 141static void des_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, 142 uint8_t *dst, const uint8_t *src) 143{ 144 des_decrypt(ctx, length, dst, src); 145} 146 147static void des3_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, 148 uint8_t *dst, const uint8_t *src) 149{ 150 des3_encrypt(ctx, length, dst, src); 151} 152 153static void des3_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, 154 uint8_t *dst, const uint8_t *src) 155{ 156 des3_decrypt(ctx, length, dst, src); 157} 158 159static void cast128_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, 160 uint8_t *dst, const uint8_t *src) 161{ 162 cast128_encrypt(ctx, length, dst, src); 163} 164 165static void cast128_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, 166 uint8_t *dst, const uint8_t *src) 167{ 168 cast128_decrypt(ctx, length, dst, src); 169} 170 171static void serpent_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, 172 uint8_t *dst, const uint8_t *src) 173{ 174 serpent_encrypt(ctx, length, dst, src); 175} 176 177static void serpent_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, 178 uint8_t *dst, const uint8_t *src) 179{ 180 serpent_decrypt(ctx, length, dst, src); 181} 182 183static void twofish_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, 184 uint8_t *dst, const uint8_t *src) 185{ 186 twofish_encrypt(ctx, length, dst, src); 187} 188 189static void twofish_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, 190 uint8_t *dst, const uint8_t *src) 191{ 192 twofish_decrypt(ctx, length, dst, src); 193} 194 195static void aes128_encrypt_wrapper(const void *ctx, size_t length, 196 uint8_t *dst, const uint8_t *src) 197{ 198 const QCryptoNettleAES128 *aesctx = ctx; 199 aes128_encrypt(&aesctx->enc, length, dst, src); 200} 201 202static void aes128_decrypt_wrapper(const void *ctx, size_t length, 203 uint8_t *dst, const uint8_t *src) 204{ 205 const QCryptoNettleAES128 *aesctx = ctx; 206 aes128_decrypt(&aesctx->dec, length, dst, src); 207} 208 209static void aes192_encrypt_wrapper(const void *ctx, size_t length, 210 uint8_t *dst, const uint8_t *src) 211{ 212 const QCryptoNettleAES192 *aesctx = ctx; 213 aes192_encrypt(&aesctx->enc, length, dst, src); 214} 215 216static void aes192_decrypt_wrapper(const void *ctx, size_t length, 217 uint8_t *dst, const uint8_t *src) 218{ 219 const QCryptoNettleAES192 *aesctx = ctx; 220 aes192_decrypt(&aesctx->dec, length, dst, src); 221} 222 223static void aes256_encrypt_wrapper(const void *ctx, size_t length, 224 uint8_t *dst, const uint8_t *src) 225{ 226 const QCryptoNettleAES256 *aesctx = ctx; 227 aes256_encrypt(&aesctx->enc, length, dst, src); 228} 229 230static void aes256_decrypt_wrapper(const void *ctx, size_t length, 231 uint8_t *dst, const uint8_t *src) 232{ 233 const QCryptoNettleAES256 *aesctx = ctx; 234 aes256_decrypt(&aesctx->dec, length, dst, src); 235} 236 237static void des_encrypt_wrapper(const void *ctx, size_t length, 238 uint8_t *dst, const uint8_t *src) 239{ 240 des_encrypt(ctx, length, dst, src); 241} 242 243static void des_decrypt_wrapper(const void *ctx, size_t length, 244 uint8_t *dst, const uint8_t *src) 245{ 246 des_decrypt(ctx, length, dst, src); 247} 248 249static void des3_encrypt_wrapper(const void *ctx, size_t length, 250 uint8_t *dst, const uint8_t *src) 251{ 252 des3_encrypt(ctx, length, dst, src); 253} 254 255static void des3_decrypt_wrapper(const void *ctx, size_t length, 256 uint8_t *dst, const uint8_t *src) 257{ 258 des3_decrypt(ctx, length, dst, src); 259} 260 261static void cast128_encrypt_wrapper(const void *ctx, size_t length, 262 uint8_t *dst, const uint8_t *src) 263{ 264 cast128_encrypt(ctx, length, dst, src); 265} 266 267static void cast128_decrypt_wrapper(const void *ctx, size_t length, 268 uint8_t *dst, const uint8_t *src) 269{ 270 cast128_decrypt(ctx, length, dst, src); 271} 272 273static void serpent_encrypt_wrapper(const void *ctx, size_t length, 274 uint8_t *dst, const uint8_t *src) 275{ 276 serpent_encrypt(ctx, length, dst, src); 277} 278 279static void serpent_decrypt_wrapper(const void *ctx, size_t length, 280 uint8_t *dst, const uint8_t *src) 281{ 282 serpent_decrypt(ctx, length, dst, src); 283} 284 285static void twofish_encrypt_wrapper(const void *ctx, size_t length, 286 uint8_t *dst, const uint8_t *src) 287{ 288 twofish_encrypt(ctx, length, dst, src); 289} 290 291static void twofish_decrypt_wrapper(const void *ctx, size_t length, 292 uint8_t *dst, const uint8_t *src) 293{ 294 twofish_decrypt(ctx, length, dst, src); 295} 296 297typedef struct QCryptoCipherNettle QCryptoCipherNettle; 298struct QCryptoCipherNettle { 299 /* Primary cipher context for all modes */ 300 void *ctx; 301 /* Second cipher context for XTS mode only */ 302 void *ctx_tweak; 303 /* Cipher callbacks for both contexts */ 304 QCryptoCipherNettleFuncNative alg_encrypt_native; 305 QCryptoCipherNettleFuncNative alg_decrypt_native; 306 QCryptoCipherNettleFuncWrapper alg_encrypt_wrapper; 307 QCryptoCipherNettleFuncWrapper alg_decrypt_wrapper; 308 /* Initialization vector or Counter */ 309 uint8_t *iv; 310 size_t blocksize; 311}; 312 313bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, 314 QCryptoCipherMode mode) 315{ 316 switch (alg) { 317 case QCRYPTO_CIPHER_ALG_DES_RFB: 318 case QCRYPTO_CIPHER_ALG_3DES: 319 case QCRYPTO_CIPHER_ALG_AES_128: 320 case QCRYPTO_CIPHER_ALG_AES_192: 321 case QCRYPTO_CIPHER_ALG_AES_256: 322 case QCRYPTO_CIPHER_ALG_CAST5_128: 323 case QCRYPTO_CIPHER_ALG_SERPENT_128: 324 case QCRYPTO_CIPHER_ALG_SERPENT_192: 325 case QCRYPTO_CIPHER_ALG_SERPENT_256: 326 case QCRYPTO_CIPHER_ALG_TWOFISH_128: 327 case QCRYPTO_CIPHER_ALG_TWOFISH_192: 328 case QCRYPTO_CIPHER_ALG_TWOFISH_256: 329 break; 330 default: 331 return false; 332 } 333 334 switch (mode) { 335 case QCRYPTO_CIPHER_MODE_ECB: 336 case QCRYPTO_CIPHER_MODE_CBC: 337 case QCRYPTO_CIPHER_MODE_XTS: 338 case QCRYPTO_CIPHER_MODE_CTR: 339 return true; 340 default: 341 return false; 342 } 343} 344 345 346static void 347qcrypto_nettle_cipher_free_ctx(QCryptoCipherNettle *ctx) 348{ 349 if (!ctx) { 350 return; 351 } 352 353 g_free(ctx->iv); 354 g_free(ctx->ctx); 355 g_free(ctx->ctx_tweak); 356 g_free(ctx); 357} 358 359 360static QCryptoCipherNettle *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg, 361 QCryptoCipherMode mode, 362 const uint8_t *key, 363 size_t nkey, 364 Error **errp) 365{ 366 QCryptoCipherNettle *ctx; 367 uint8_t *rfbkey; 368 369 switch (mode) { 370 case QCRYPTO_CIPHER_MODE_ECB: 371 case QCRYPTO_CIPHER_MODE_CBC: 372 case QCRYPTO_CIPHER_MODE_XTS: 373 case QCRYPTO_CIPHER_MODE_CTR: 374 break; 375 default: 376 error_setg(errp, "Unsupported cipher mode %s", 377 QCryptoCipherMode_str(mode)); 378 return NULL; 379 } 380 381 if (!qcrypto_cipher_validate_key_length(alg, mode, nkey, errp)) { 382 return NULL; 383 } 384 385 ctx = g_new0(QCryptoCipherNettle, 1); 386 387 switch (alg) { 388 case QCRYPTO_CIPHER_ALG_DES_RFB: 389 ctx->ctx = g_new0(struct des_ctx, 1); 390 rfbkey = qcrypto_cipher_munge_des_rfb_key(key, nkey); 391 des_set_key(ctx->ctx, rfbkey); 392 g_free(rfbkey); 393 394 ctx->alg_encrypt_native = des_encrypt_native; 395 ctx->alg_decrypt_native = des_decrypt_native; 396 ctx->alg_encrypt_wrapper = des_encrypt_wrapper; 397 ctx->alg_decrypt_wrapper = des_decrypt_wrapper; 398 399 ctx->blocksize = DES_BLOCK_SIZE; 400 break; 401 402 case QCRYPTO_CIPHER_ALG_3DES: 403 ctx->ctx = g_new0(struct des3_ctx, 1); 404 des3_set_key(ctx->ctx, key); 405 406 ctx->alg_encrypt_native = des3_encrypt_native; 407 ctx->alg_decrypt_native = des3_decrypt_native; 408 ctx->alg_encrypt_wrapper = des3_encrypt_wrapper; 409 ctx->alg_decrypt_wrapper = des3_decrypt_wrapper; 410 411 ctx->blocksize = DES3_BLOCK_SIZE; 412 break; 413 414 case QCRYPTO_CIPHER_ALG_AES_128: 415 ctx->ctx = g_new0(QCryptoNettleAES128, 1); 416 417 if (mode == QCRYPTO_CIPHER_MODE_XTS) { 418 ctx->ctx_tweak = g_new0(QCryptoNettleAES128, 1); 419 420 nkey /= 2; 421 aes128_set_encrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->enc, 422 key); 423 aes128_set_decrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->dec, 424 key); 425 426 aes128_set_encrypt_key(&((QCryptoNettleAES128 *)ctx->ctx_tweak)-> 427 enc, key + nkey); 428 aes128_set_decrypt_key(&((QCryptoNettleAES128 *)ctx->ctx_tweak)-> 429 dec, key + nkey); 430 } else { 431 aes128_set_encrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->enc, 432 key); 433 aes128_set_decrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->dec, 434 key); 435 } 436 437 ctx->alg_encrypt_native = aes128_encrypt_native; 438 ctx->alg_decrypt_native = aes128_decrypt_native; 439 ctx->alg_encrypt_wrapper = aes128_encrypt_wrapper; 440 ctx->alg_decrypt_wrapper = aes128_decrypt_wrapper; 441 442 ctx->blocksize = AES_BLOCK_SIZE; 443 break; 444 445 case QCRYPTO_CIPHER_ALG_AES_192: 446 ctx->ctx = g_new0(QCryptoNettleAES192, 1); 447 448 if (mode == QCRYPTO_CIPHER_MODE_XTS) { 449 ctx->ctx_tweak = g_new0(QCryptoNettleAES192, 1); 450 451 nkey /= 2; 452 aes192_set_encrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->enc, 453 key); 454 aes192_set_decrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->dec, 455 key); 456 457 aes192_set_encrypt_key(&((QCryptoNettleAES192 *)ctx->ctx_tweak)-> 458 enc, key + nkey); 459 aes192_set_decrypt_key(&((QCryptoNettleAES192 *)ctx->ctx_tweak)-> 460 dec, key + nkey); 461 } else { 462 aes192_set_encrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->enc, 463 key); 464 aes192_set_decrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->dec, 465 key); 466 } 467 468 ctx->alg_encrypt_native = aes192_encrypt_native; 469 ctx->alg_decrypt_native = aes192_decrypt_native; 470 ctx->alg_encrypt_wrapper = aes192_encrypt_wrapper; 471 ctx->alg_decrypt_wrapper = aes192_decrypt_wrapper; 472 473 ctx->blocksize = AES_BLOCK_SIZE; 474 break; 475 476 case QCRYPTO_CIPHER_ALG_AES_256: 477 ctx->ctx = g_new0(QCryptoNettleAES256, 1); 478 479 if (mode == QCRYPTO_CIPHER_MODE_XTS) { 480 ctx->ctx_tweak = g_new0(QCryptoNettleAES256, 1); 481 482 nkey /= 2; 483 aes256_set_encrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->enc, 484 key); 485 aes256_set_decrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->dec, 486 key); 487 488 aes256_set_encrypt_key(&((QCryptoNettleAES256 *)ctx->ctx_tweak)-> 489 enc, key + nkey); 490 aes256_set_decrypt_key(&((QCryptoNettleAES256 *)ctx->ctx_tweak)-> 491 dec, key + nkey); 492 } else { 493 aes256_set_encrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->enc, 494 key); 495 aes256_set_decrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->dec, 496 key); 497 } 498 499 ctx->alg_encrypt_native = aes256_encrypt_native; 500 ctx->alg_decrypt_native = aes256_decrypt_native; 501 ctx->alg_encrypt_wrapper = aes256_encrypt_wrapper; 502 ctx->alg_decrypt_wrapper = aes256_decrypt_wrapper; 503 504 ctx->blocksize = AES_BLOCK_SIZE; 505 break; 506 507 case QCRYPTO_CIPHER_ALG_CAST5_128: 508 ctx->ctx = g_new0(struct cast128_ctx, 1); 509 510 if (mode == QCRYPTO_CIPHER_MODE_XTS) { 511 ctx->ctx_tweak = g_new0(struct cast128_ctx, 1); 512 513 nkey /= 2; 514 cast5_set_key(ctx->ctx, nkey, key); 515 cast5_set_key(ctx->ctx_tweak, nkey, key + nkey); 516 } else { 517 cast5_set_key(ctx->ctx, nkey, key); 518 } 519 520 ctx->alg_encrypt_native = cast128_encrypt_native; 521 ctx->alg_decrypt_native = cast128_decrypt_native; 522 ctx->alg_encrypt_wrapper = cast128_encrypt_wrapper; 523 ctx->alg_decrypt_wrapper = cast128_decrypt_wrapper; 524 525 ctx->blocksize = CAST128_BLOCK_SIZE; 526 break; 527 528 case QCRYPTO_CIPHER_ALG_SERPENT_128: 529 case QCRYPTO_CIPHER_ALG_SERPENT_192: 530 case QCRYPTO_CIPHER_ALG_SERPENT_256: 531 ctx->ctx = g_new0(struct serpent_ctx, 1); 532 533 if (mode == QCRYPTO_CIPHER_MODE_XTS) { 534 ctx->ctx_tweak = g_new0(struct serpent_ctx, 1); 535 536 nkey /= 2; 537 serpent_set_key(ctx->ctx, nkey, key); 538 serpent_set_key(ctx->ctx_tweak, nkey, key + nkey); 539 } else { 540 serpent_set_key(ctx->ctx, nkey, key); 541 } 542 543 ctx->alg_encrypt_native = serpent_encrypt_native; 544 ctx->alg_decrypt_native = serpent_decrypt_native; 545 ctx->alg_encrypt_wrapper = serpent_encrypt_wrapper; 546 ctx->alg_decrypt_wrapper = serpent_decrypt_wrapper; 547 548 ctx->blocksize = SERPENT_BLOCK_SIZE; 549 break; 550 551 case QCRYPTO_CIPHER_ALG_TWOFISH_128: 552 case QCRYPTO_CIPHER_ALG_TWOFISH_192: 553 case QCRYPTO_CIPHER_ALG_TWOFISH_256: 554 ctx->ctx = g_new0(struct twofish_ctx, 1); 555 556 if (mode == QCRYPTO_CIPHER_MODE_XTS) { 557 ctx->ctx_tweak = g_new0(struct twofish_ctx, 1); 558 559 nkey /= 2; 560 twofish_set_key(ctx->ctx, nkey, key); 561 twofish_set_key(ctx->ctx_tweak, nkey, key + nkey); 562 } else { 563 twofish_set_key(ctx->ctx, nkey, key); 564 } 565 566 ctx->alg_encrypt_native = twofish_encrypt_native; 567 ctx->alg_decrypt_native = twofish_decrypt_native; 568 ctx->alg_encrypt_wrapper = twofish_encrypt_wrapper; 569 ctx->alg_decrypt_wrapper = twofish_decrypt_wrapper; 570 571 ctx->blocksize = TWOFISH_BLOCK_SIZE; 572 break; 573 574 default: 575 error_setg(errp, "Unsupported cipher algorithm %s", 576 QCryptoCipherAlgorithm_str(alg)); 577 goto error; 578 } 579 580 if (mode == QCRYPTO_CIPHER_MODE_XTS && 581 ctx->blocksize != XTS_BLOCK_SIZE) { 582 error_setg(errp, "Cipher block size %zu must equal XTS block size %d", 583 ctx->blocksize, XTS_BLOCK_SIZE); 584 goto error; 585 } 586 587 ctx->iv = g_new0(uint8_t, ctx->blocksize); 588 589 return ctx; 590 591 error: 592 qcrypto_nettle_cipher_free_ctx(ctx); 593 return NULL; 594} 595 596 597static void 598qcrypto_nettle_cipher_ctx_free(QCryptoCipher *cipher) 599{ 600 QCryptoCipherNettle *ctx; 601 602 ctx = cipher->opaque; 603 qcrypto_nettle_cipher_free_ctx(ctx); 604} 605 606 607static int 608qcrypto_nettle_cipher_encrypt(QCryptoCipher *cipher, 609 const void *in, 610 void *out, 611 size_t len, 612 Error **errp) 613{ 614 QCryptoCipherNettle *ctx = cipher->opaque; 615 616 if (len % ctx->blocksize) { 617 error_setg(errp, "Length %zu must be a multiple of block size %zu", 618 len, ctx->blocksize); 619 return -1; 620 } 621 622 switch (cipher->mode) { 623 case QCRYPTO_CIPHER_MODE_ECB: 624 ctx->alg_encrypt_wrapper(ctx->ctx, len, out, in); 625 break; 626 627 case QCRYPTO_CIPHER_MODE_CBC: 628 cbc_encrypt(ctx->ctx, ctx->alg_encrypt_native, 629 ctx->blocksize, ctx->iv, 630 len, out, in); 631 break; 632 633 case QCRYPTO_CIPHER_MODE_XTS: 634#ifdef CONFIG_QEMU_PRIVATE_XTS 635 xts_encrypt(ctx->ctx, ctx->ctx_tweak, 636 ctx->alg_encrypt_wrapper, ctx->alg_encrypt_wrapper, 637 ctx->iv, len, out, in); 638#else 639 xts_encrypt_message(ctx->ctx, ctx->ctx_tweak, 640 ctx->alg_encrypt_native, 641 ctx->iv, len, out, in); 642#endif 643 break; 644 645 case QCRYPTO_CIPHER_MODE_CTR: 646 ctr_crypt(ctx->ctx, ctx->alg_encrypt_native, 647 ctx->blocksize, ctx->iv, 648 len, out, in); 649 break; 650 651 default: 652 error_setg(errp, "Unsupported cipher mode %s", 653 QCryptoCipherMode_str(cipher->mode)); 654 return -1; 655 } 656 return 0; 657} 658 659 660static int 661qcrypto_nettle_cipher_decrypt(QCryptoCipher *cipher, 662 const void *in, 663 void *out, 664 size_t len, 665 Error **errp) 666{ 667 QCryptoCipherNettle *ctx = cipher->opaque; 668 669 if (len % ctx->blocksize) { 670 error_setg(errp, "Length %zu must be a multiple of block size %zu", 671 len, ctx->blocksize); 672 return -1; 673 } 674 675 switch (cipher->mode) { 676 case QCRYPTO_CIPHER_MODE_ECB: 677 ctx->alg_decrypt_wrapper(ctx->ctx, len, out, in); 678 break; 679 680 case QCRYPTO_CIPHER_MODE_CBC: 681 cbc_decrypt(ctx->ctx, ctx->alg_decrypt_native, 682 ctx->blocksize, ctx->iv, 683 len, out, in); 684 break; 685 686 case QCRYPTO_CIPHER_MODE_XTS: 687#ifdef CONFIG_QEMU_PRIVATE_XTS 688 xts_decrypt(ctx->ctx, ctx->ctx_tweak, 689 ctx->alg_encrypt_wrapper, ctx->alg_decrypt_wrapper, 690 ctx->iv, len, out, in); 691#else 692 xts_decrypt_message(ctx->ctx, ctx->ctx_tweak, 693 ctx->alg_decrypt_native, 694 ctx->alg_encrypt_native, 695 ctx->iv, len, out, in); 696#endif 697 break; 698 case QCRYPTO_CIPHER_MODE_CTR: 699 ctr_crypt(ctx->ctx, ctx->alg_encrypt_native, 700 ctx->blocksize, ctx->iv, 701 len, out, in); 702 break; 703 704 default: 705 error_setg(errp, "Unsupported cipher mode %s", 706 QCryptoCipherMode_str(cipher->mode)); 707 return -1; 708 } 709 return 0; 710} 711 712static int 713qcrypto_nettle_cipher_setiv(QCryptoCipher *cipher, 714 const uint8_t *iv, size_t niv, 715 Error **errp) 716{ 717 QCryptoCipherNettle *ctx = cipher->opaque; 718 if (niv != ctx->blocksize) { 719 error_setg(errp, "Expected IV size %zu not %zu", 720 ctx->blocksize, niv); 721 return -1; 722 } 723 memcpy(ctx->iv, iv, niv); 724 return 0; 725} 726 727 728static struct QCryptoCipherDriver qcrypto_cipher_lib_driver = { 729 .cipher_encrypt = qcrypto_nettle_cipher_encrypt, 730 .cipher_decrypt = qcrypto_nettle_cipher_decrypt, 731 .cipher_setiv = qcrypto_nettle_cipher_setiv, 732 .cipher_free = qcrypto_nettle_cipher_ctx_free, 733};