]>
Commit | Line | Data |
---|---|---|
ed754746 DB |
1 | /* |
2 | * QEMU Crypto cipher nettle algorithms | |
3 | * | |
4 | * Copyright (c) 2015 Red Hat, Inc. | |
5 | * | |
6 | * This library is free software; you can redistribute it and/or | |
7 | * modify it under the terms of the GNU Lesser General Public | |
8 | * License as published by the Free Software Foundation; either | |
b7cbb874 | 9 | * version 2.1 of the License, or (at your option) any later version. |
ed754746 DB |
10 | * |
11 | * This library is distributed in the hope that it will be useful, | |
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
14 | * Lesser General Public License for more details. | |
15 | * | |
16 | * You should have received a copy of the GNU Lesser General Public | |
17 | * License along with this library; if not, see <http://www.gnu.org/licenses/>. | |
18 | * | |
19 | */ | |
20 | ||
dc2207af | 21 | #ifdef CONFIG_QEMU_PRIVATE_XTS |
eaec903c | 22 | #include "crypto/xts.h" |
dc2207af | 23 | #endif |
eaec903c | 24 | |
ed754746 DB |
25 | #include <nettle/nettle-types.h> |
26 | #include <nettle/aes.h> | |
27 | #include <nettle/des.h> | |
28 | #include <nettle/cbc.h> | |
084a85ee | 29 | #include <nettle/cast128.h> |
94318522 | 30 | #include <nettle/serpent.h> |
50f6753e | 31 | #include <nettle/twofish.h> |
3c28292f | 32 | #include <nettle/ctr.h> |
dc2207af DB |
33 | #ifndef CONFIG_QEMU_PRIVATE_XTS |
34 | #include <nettle/xts.h> | |
35 | #endif | |
52ed9f45 HH |
36 | #ifdef CONFIG_CRYPTO_SM4 |
37 | #include <nettle/sm4.h> | |
38 | #endif | |
ed754746 | 39 | |
53ddad9b RH |
40 | static inline bool qcrypto_length_check(size_t len, size_t blocksize, |
41 | Error **errp) | |
e8e67ca4 | 42 | { |
53ddad9b RH |
43 | if (unlikely(len & (blocksize - 1))) { |
44 | error_setg(errp, "Length %zu must be a multiple of block size %zu", | |
45 | len, blocksize); | |
46 | return false; | |
47 | } | |
48 | return true; | |
e8e67ca4 DB |
49 | } |
50 | ||
e8e67ca4 | 51 | |
53ddad9b | 52 | static void qcrypto_cipher_ctx_free(QCryptoCipher *ctx) |
e8e67ca4 | 53 | { |
53ddad9b | 54 | g_free(ctx); |
e8e67ca4 DB |
55 | } |
56 | ||
53ddad9b RH |
57 | static int qcrypto_cipher_no_setiv(QCryptoCipher *cipher, |
58 | const uint8_t *iv, size_t niv, | |
59 | Error **errp) | |
60 | { | |
61 | error_setg(errp, "Setting IV is not supported"); | |
62 | return -1; | |
63 | } | |
64 | ||
65 | ||
66 | #define DEFINE_SETIV(NAME, TYPE, BLEN) \ | |
67 | static int NAME##_setiv(QCryptoCipher *cipher, const uint8_t *iv, \ | |
68 | size_t niv, Error **errp) \ | |
69 | { \ | |
70 | TYPE *ctx = container_of(cipher, TYPE, base); \ | |
71 | if (niv != BLEN) { \ | |
72 | error_setg(errp, "Expected IV size %d not %zu", BLEN, niv); \ | |
73 | return -1; \ | |
74 | } \ | |
75 | memcpy(ctx->iv, iv, niv); \ | |
76 | return 0; \ | |
77 | } | |
78 | ||
79 | ||
80 | #define DEFINE_ECB(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ | |
81 | static int NAME##_encrypt_ecb(QCryptoCipher *cipher, const void *in, \ | |
82 | void *out, size_t len, Error **errp) \ | |
83 | { \ | |
84 | TYPE *ctx = container_of(cipher, TYPE, base); \ | |
85 | if (!qcrypto_length_check(len, BLEN, errp)) { \ | |
86 | return -1; \ | |
87 | } \ | |
88 | ENCRYPT(&ctx->key, len, out, in); \ | |
89 | return 0; \ | |
90 | } \ | |
91 | static int NAME##_decrypt_ecb(QCryptoCipher *cipher, const void *in, \ | |
92 | void *out, size_t len, Error **errp) \ | |
93 | { \ | |
94 | TYPE *ctx = container_of(cipher, TYPE, base); \ | |
95 | if (!qcrypto_length_check(len, BLEN, errp)) { \ | |
96 | return -1; \ | |
97 | } \ | |
98 | DECRYPT(&ctx->key, len, out, in); \ | |
99 | return 0; \ | |
100 | } \ | |
101 | static const struct QCryptoCipherDriver NAME##_driver_ecb = { \ | |
102 | .cipher_encrypt = NAME##_encrypt_ecb, \ | |
103 | .cipher_decrypt = NAME##_decrypt_ecb, \ | |
104 | .cipher_setiv = qcrypto_cipher_no_setiv, \ | |
105 | .cipher_free = qcrypto_cipher_ctx_free, \ | |
106 | }; | |
e3ba0b67 | 107 | |
f7ac78cf | 108 | |
53ddad9b RH |
109 | #define DEFINE_CBC(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ |
110 | static int NAME##_encrypt_cbc(QCryptoCipher *cipher, const void *in, \ | |
111 | void *out, size_t len, Error **errp) \ | |
112 | { \ | |
113 | TYPE *ctx = container_of(cipher, TYPE, base); \ | |
114 | if (!qcrypto_length_check(len, BLEN, errp)) { \ | |
115 | return -1; \ | |
116 | } \ | |
117 | cbc_encrypt(&ctx->key, ENCRYPT, BLEN, ctx->iv, len, out, in); \ | |
118 | return 0; \ | |
119 | } \ | |
120 | static int NAME##_decrypt_cbc(QCryptoCipher *cipher, const void *in, \ | |
121 | void *out, size_t len, Error **errp) \ | |
122 | { \ | |
123 | TYPE *ctx = container_of(cipher, TYPE, base); \ | |
124 | if (!qcrypto_length_check(len, BLEN, errp)) { \ | |
125 | return -1; \ | |
126 | } \ | |
127 | cbc_decrypt(&ctx->key, DECRYPT, BLEN, ctx->iv, len, out, in); \ | |
128 | return 0; \ | |
129 | } \ | |
130 | static const struct QCryptoCipherDriver NAME##_driver_cbc = { \ | |
131 | .cipher_encrypt = NAME##_encrypt_cbc, \ | |
132 | .cipher_decrypt = NAME##_decrypt_cbc, \ | |
133 | .cipher_setiv = NAME##_setiv, \ | |
134 | .cipher_free = qcrypto_cipher_ctx_free, \ | |
135 | }; | |
136 | ||
137 | ||
138 | #define DEFINE_CTR(NAME, TYPE, BLEN, ENCRYPT) \ | |
139 | static int NAME##_encrypt_ctr(QCryptoCipher *cipher, const void *in, \ | |
140 | void *out, size_t len, Error **errp) \ | |
141 | { \ | |
142 | TYPE *ctx = container_of(cipher, TYPE, base); \ | |
143 | if (!qcrypto_length_check(len, BLEN, errp)) { \ | |
144 | return -1; \ | |
145 | } \ | |
146 | ctr_crypt(&ctx->key, ENCRYPT, BLEN, ctx->iv, len, out, in); \ | |
147 | return 0; \ | |
148 | } \ | |
149 | static const struct QCryptoCipherDriver NAME##_driver_ctr = { \ | |
150 | .cipher_encrypt = NAME##_encrypt_ctr, \ | |
151 | .cipher_decrypt = NAME##_encrypt_ctr, \ | |
152 | .cipher_setiv = NAME##_setiv, \ | |
153 | .cipher_free = qcrypto_cipher_ctx_free, \ | |
154 | }; | |
155 | ||
156 | ||
157 | #ifdef CONFIG_QEMU_PRIVATE_XTS | |
158 | #define DEFINE__XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ | |
159 | static void NAME##_xts_wrape(const void *ctx, size_t length, \ | |
160 | uint8_t *dst, const uint8_t *src) \ | |
161 | { \ | |
115e4b70 | 162 | ENCRYPT((const void *)ctx, length, dst, src); \ |
53ddad9b RH |
163 | } \ |
164 | static void NAME##_xts_wrapd(const void *ctx, size_t length, \ | |
165 | uint8_t *dst, const uint8_t *src) \ | |
166 | { \ | |
115e4b70 | 167 | DECRYPT((const void *)ctx, length, dst, src); \ |
53ddad9b RH |
168 | } \ |
169 | static int NAME##_encrypt_xts(QCryptoCipher *cipher, const void *in, \ | |
170 | void *out, size_t len, Error **errp) \ | |
171 | { \ | |
172 | TYPE *ctx = container_of(cipher, TYPE, base); \ | |
173 | if (!qcrypto_length_check(len, BLEN, errp)) { \ | |
174 | return -1; \ | |
175 | } \ | |
176 | xts_encrypt(&ctx->key, &ctx->key_xts, \ | |
177 | NAME##_xts_wrape, NAME##_xts_wrapd, \ | |
178 | ctx->iv, len, out, in); \ | |
179 | return 0; \ | |
180 | } \ | |
181 | static int NAME##_decrypt_xts(QCryptoCipher *cipher, const void *in, \ | |
182 | void *out, size_t len, Error **errp) \ | |
183 | { \ | |
184 | TYPE *ctx = container_of(cipher, TYPE, base); \ | |
185 | if (!qcrypto_length_check(len, BLEN, errp)) { \ | |
186 | return -1; \ | |
187 | } \ | |
188 | xts_decrypt(&ctx->key, &ctx->key_xts, \ | |
189 | NAME##_xts_wrape, NAME##_xts_wrapd, \ | |
190 | ctx->iv, len, out, in); \ | |
191 | return 0; \ | |
192 | } | |
193 | #else | |
194 | #define DEFINE__XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ | |
195 | static int NAME##_encrypt_xts(QCryptoCipher *cipher, const void *in, \ | |
196 | void *out, size_t len, Error **errp) \ | |
197 | { \ | |
198 | TYPE *ctx = container_of(cipher, TYPE, base); \ | |
199 | if (!qcrypto_length_check(len, BLEN, errp)) { \ | |
200 | return -1; \ | |
201 | } \ | |
202 | xts_encrypt_message(&ctx->key, &ctx->key_xts, ENCRYPT, \ | |
203 | ctx->iv, len, out, in); \ | |
204 | return 0; \ | |
205 | } \ | |
206 | static int NAME##_decrypt_xts(QCryptoCipher *cipher, const void *in, \ | |
207 | void *out, size_t len, Error **errp) \ | |
208 | { \ | |
209 | TYPE *ctx = container_of(cipher, TYPE, base); \ | |
210 | if (!qcrypto_length_check(len, BLEN, errp)) { \ | |
211 | return -1; \ | |
212 | } \ | |
213 | xts_decrypt_message(&ctx->key, &ctx->key_xts, DECRYPT, ENCRYPT, \ | |
214 | ctx->iv, len, out, in); \ | |
215 | return 0; \ | |
f7ac78cf | 216 | } |
53ddad9b RH |
217 | #endif |
218 | ||
219 | #define DEFINE_XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ | |
220 | QEMU_BUILD_BUG_ON(BLEN != XTS_BLOCK_SIZE); \ | |
221 | DEFINE__XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ | |
222 | static const struct QCryptoCipherDriver NAME##_driver_xts = { \ | |
223 | .cipher_encrypt = NAME##_encrypt_xts, \ | |
224 | .cipher_decrypt = NAME##_decrypt_xts, \ | |
225 | .cipher_setiv = NAME##_setiv, \ | |
226 | .cipher_free = qcrypto_cipher_ctx_free, \ | |
227 | }; | |
228 | ||
229 | ||
230 | #define DEFINE_ECB_CBC_CTR(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ | |
231 | DEFINE_SETIV(NAME, TYPE, BLEN) \ | |
232 | DEFINE_ECB(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ | |
233 | DEFINE_CBC(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ | |
234 | DEFINE_CTR(NAME, TYPE, BLEN, ENCRYPT) | |
235 | ||
236 | #define DEFINE_ECB_CBC_CTR_XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ | |
237 | DEFINE_ECB_CBC_CTR(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ | |
238 | DEFINE_XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) | |
239 | ||
240 | ||
83bee4b5 | 241 | typedef struct QCryptoNettleDES { |
53ddad9b RH |
242 | QCryptoCipher base; |
243 | struct des_ctx key; | |
244 | uint8_t iv[DES_BLOCK_SIZE]; | |
83bee4b5 | 245 | } QCryptoNettleDES; |
f7ac78cf | 246 | |
115e4b70 | 247 | static void des_encrypt_native(const void *ctx, size_t length, |
f7ac78cf DB |
248 | uint8_t *dst, const uint8_t *src) |
249 | { | |
250 | des_encrypt(ctx, length, dst, src); | |
251 | } | |
252 | ||
115e4b70 | 253 | static void des_decrypt_native(const void *ctx, size_t length, |
f7ac78cf DB |
254 | uint8_t *dst, const uint8_t *src) |
255 | { | |
256 | des_decrypt(ctx, length, dst, src); | |
257 | } | |
258 | ||
83bee4b5 | 259 | DEFINE_ECB_CBC_CTR(qcrypto_nettle_des, QCryptoNettleDES, |
53ddad9b RH |
260 | DES_BLOCK_SIZE, des_encrypt_native, des_decrypt_native) |
261 | ||
262 | ||
263 | typedef struct QCryptoNettleDES3 { | |
264 | QCryptoCipher base; | |
265 | struct des3_ctx key; | |
266 | uint8_t iv[DES3_BLOCK_SIZE]; | |
267 | } QCryptoNettleDES3; | |
268 | ||
115e4b70 | 269 | static void des3_encrypt_native(const void *ctx, size_t length, |
ffb7bf45 LM |
270 | uint8_t *dst, const uint8_t *src) |
271 | { | |
272 | des3_encrypt(ctx, length, dst, src); | |
273 | } | |
274 | ||
115e4b70 | 275 | static void des3_decrypt_native(const void *ctx, size_t length, |
ffb7bf45 LM |
276 | uint8_t *dst, const uint8_t *src) |
277 | { | |
278 | des3_decrypt(ctx, length, dst, src); | |
279 | } | |
280 | ||
53ddad9b RH |
281 | DEFINE_ECB_CBC_CTR(qcrypto_nettle_des3, QCryptoNettleDES3, DES3_BLOCK_SIZE, |
282 | des3_encrypt_native, des3_decrypt_native) | |
f7ac78cf | 283 | |
f7ac78cf | 284 | |
53ddad9b RH |
285 | typedef struct QCryptoNettleAES128 { |
286 | QCryptoCipher base; | |
287 | uint8_t iv[AES_BLOCK_SIZE]; | |
288 | /* First key from pair is encode, second key is decode. */ | |
289 | struct aes128_ctx key[2], key_xts[2]; | |
290 | } QCryptoNettleAES128; | |
f7ac78cf | 291 | |
115e4b70 | 292 | static void aes128_encrypt_native(const void *ctx, size_t length, |
53ddad9b | 293 | uint8_t *dst, const uint8_t *src) |
f7ac78cf | 294 | { |
115e4b70 | 295 | const struct aes128_ctx *keys = ctx; |
53ddad9b | 296 | aes128_encrypt(&keys[0], length, dst, src); |
f7ac78cf DB |
297 | } |
298 | ||
115e4b70 | 299 | static void aes128_decrypt_native(const void *ctx, size_t length, |
53ddad9b | 300 | uint8_t *dst, const uint8_t *src) |
f7ac78cf | 301 | { |
115e4b70 | 302 | const struct aes128_ctx *keys = ctx; |
53ddad9b | 303 | aes128_decrypt(&keys[1], length, dst, src); |
f7ac78cf DB |
304 | } |
305 | ||
53ddad9b RH |
306 | DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_aes128, |
307 | QCryptoNettleAES128, AES_BLOCK_SIZE, | |
308 | aes128_encrypt_native, aes128_decrypt_native) | |
f7ac78cf | 309 | |
e8e67ca4 | 310 | |
53ddad9b RH |
311 | typedef struct QCryptoNettleAES192 { |
312 | QCryptoCipher base; | |
313 | uint8_t iv[AES_BLOCK_SIZE]; | |
314 | /* First key from pair is encode, second key is decode. */ | |
315 | struct aes192_ctx key[2], key_xts[2]; | |
316 | } QCryptoNettleAES192; | |
d3462e37 | 317 | |
115e4b70 | 318 | static void aes192_encrypt_native(const void *ctx, size_t length, |
53ddad9b | 319 | uint8_t *dst, const uint8_t *src) |
d3462e37 | 320 | { |
115e4b70 | 321 | const struct aes192_ctx *keys = ctx; |
53ddad9b | 322 | aes192_encrypt(&keys[0], length, dst, src); |
e8e67ca4 DB |
323 | } |
324 | ||
115e4b70 | 325 | static void aes192_decrypt_native(const void *ctx, size_t length, |
53ddad9b | 326 | uint8_t *dst, const uint8_t *src) |
e8e67ca4 | 327 | { |
115e4b70 | 328 | const struct aes192_ctx *keys = ctx; |
53ddad9b | 329 | aes192_decrypt(&keys[1], length, dst, src); |
e8e67ca4 DB |
330 | } |
331 | ||
53ddad9b RH |
332 | DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_aes192, |
333 | QCryptoNettleAES192, AES_BLOCK_SIZE, | |
334 | aes192_encrypt_native, aes192_decrypt_native) | |
e8e67ca4 | 335 | |
d3462e37 | 336 | |
53ddad9b RH |
337 | typedef struct QCryptoNettleAES256 { |
338 | QCryptoCipher base; | |
339 | uint8_t iv[AES_BLOCK_SIZE]; | |
340 | /* First key from pair is encode, second key is decode. */ | |
341 | struct aes256_ctx key[2], key_xts[2]; | |
342 | } QCryptoNettleAES256; | |
d3462e37 | 343 | |
115e4b70 | 344 | static void aes256_encrypt_native(const void *ctx, size_t length, |
53ddad9b | 345 | uint8_t *dst, const uint8_t *src) |
d3462e37 | 346 | { |
115e4b70 | 347 | const struct aes256_ctx *keys = ctx; |
53ddad9b | 348 | aes256_encrypt(&keys[0], length, dst, src); |
d3462e37 RK |
349 | } |
350 | ||
115e4b70 DB |
351 | static void aes256_decrypt_native(const void *ctx, size_t length, |
352 | uint8_t *dst, const uint8_t *src) | |
ffb7bf45 | 353 | { |
115e4b70 | 354 | const struct aes256_ctx *keys = ctx; |
53ddad9b | 355 | aes256_decrypt(&keys[1], length, dst, src); |
ffb7bf45 LM |
356 | } |
357 | ||
53ddad9b RH |
358 | DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_aes256, |
359 | QCryptoNettleAES256, AES_BLOCK_SIZE, | |
360 | aes256_encrypt_native, aes256_decrypt_native) | |
ffb7bf45 | 361 | |
53ddad9b RH |
362 | |
363 | typedef struct QCryptoNettleCAST128 { | |
364 | QCryptoCipher base; | |
365 | uint8_t iv[CAST128_BLOCK_SIZE]; | |
366 | struct cast128_ctx key, key_xts; | |
367 | } QCryptoNettleCAST128; | |
368 | ||
115e4b70 | 369 | static void cast128_encrypt_native(const void *ctx, size_t length, |
53ddad9b | 370 | uint8_t *dst, const uint8_t *src) |
084a85ee DB |
371 | { |
372 | cast128_encrypt(ctx, length, dst, src); | |
373 | } | |
374 | ||
115e4b70 | 375 | static void cast128_decrypt_native(const void *ctx, size_t length, |
53ddad9b | 376 | uint8_t *dst, const uint8_t *src) |
084a85ee DB |
377 | { |
378 | cast128_decrypt(ctx, length, dst, src); | |
379 | } | |
380 | ||
53ddad9b RH |
381 | DEFINE_ECB_CBC_CTR(qcrypto_nettle_cast128, |
382 | QCryptoNettleCAST128, CAST128_BLOCK_SIZE, | |
383 | cast128_encrypt_native, cast128_decrypt_native) | |
384 | ||
385 | ||
386 | typedef struct QCryptoNettleSerpent { | |
387 | QCryptoCipher base; | |
388 | uint8_t iv[SERPENT_BLOCK_SIZE]; | |
389 | struct serpent_ctx key, key_xts; | |
390 | } QCryptoNettleSerpent; | |
391 | ||
392 | ||
115e4b70 | 393 | static void serpent_encrypt_native(const void *ctx, size_t length, |
53ddad9b | 394 | uint8_t *dst, const uint8_t *src) |
94318522 DB |
395 | { |
396 | serpent_encrypt(ctx, length, dst, src); | |
397 | } | |
398 | ||
115e4b70 | 399 | static void serpent_decrypt_native(const void *ctx, size_t length, |
53ddad9b | 400 | uint8_t *dst, const uint8_t *src) |
94318522 DB |
401 | { |
402 | serpent_decrypt(ctx, length, dst, src); | |
403 | } | |
404 | ||
53ddad9b RH |
405 | DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_serpent, |
406 | QCryptoNettleSerpent, SERPENT_BLOCK_SIZE, | |
407 | serpent_encrypt_native, serpent_decrypt_native) | |
408 | ||
409 | ||
410 | typedef struct QCryptoNettleTwofish { | |
411 | QCryptoCipher base; | |
412 | uint8_t iv[TWOFISH_BLOCK_SIZE]; | |
413 | struct twofish_ctx key, key_xts; | |
414 | } QCryptoNettleTwofish; | |
415 | ||
115e4b70 | 416 | static void twofish_encrypt_native(const void *ctx, size_t length, |
53ddad9b | 417 | uint8_t *dst, const uint8_t *src) |
50f6753e DB |
418 | { |
419 | twofish_encrypt(ctx, length, dst, src); | |
420 | } | |
421 | ||
115e4b70 | 422 | static void twofish_decrypt_native(const void *ctx, size_t length, |
53ddad9b | 423 | uint8_t *dst, const uint8_t *src) |
50f6753e DB |
424 | { |
425 | twofish_decrypt(ctx, length, dst, src); | |
426 | } | |
427 | ||
53ddad9b RH |
428 | DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_twofish, |
429 | QCryptoNettleTwofish, TWOFISH_BLOCK_SIZE, | |
430 | twofish_encrypt_native, twofish_decrypt_native) | |
3eedf5cc | 431 | |
52ed9f45 HH |
432 | #ifdef CONFIG_CRYPTO_SM4 |
433 | typedef struct QCryptoNettleSm4 { | |
434 | QCryptoCipher base; | |
435 | struct sm4_ctx key[2]; | |
436 | } QCryptoNettleSm4; | |
437 | ||
438 | static void sm4_encrypt_native(void *ctx, size_t length, | |
439 | uint8_t *dst, const uint8_t *src) | |
440 | { | |
441 | struct sm4_ctx *keys = ctx; | |
442 | sm4_crypt(&keys[0], length, dst, src); | |
443 | } | |
444 | ||
445 | static void sm4_decrypt_native(void *ctx, size_t length, | |
446 | uint8_t *dst, const uint8_t *src) | |
447 | { | |
448 | struct sm4_ctx *keys = ctx; | |
449 | sm4_crypt(&keys[1], length, dst, src); | |
450 | } | |
451 | ||
452 | DEFINE_ECB(qcrypto_nettle_sm4, | |
453 | QCryptoNettleSm4, SM4_BLOCK_SIZE, | |
454 | sm4_encrypt_native, sm4_decrypt_native) | |
455 | #endif | |
ed754746 | 456 | |
f844836d GA |
457 | bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, |
458 | QCryptoCipherMode mode) | |
ed754746 DB |
459 | { |
460 | switch (alg) { | |
83bee4b5 | 461 | case QCRYPTO_CIPHER_ALG_DES: |
ffb7bf45 | 462 | case QCRYPTO_CIPHER_ALG_3DES: |
ed754746 DB |
463 | case QCRYPTO_CIPHER_ALG_AES_128: |
464 | case QCRYPTO_CIPHER_ALG_AES_192: | |
465 | case QCRYPTO_CIPHER_ALG_AES_256: | |
084a85ee | 466 | case QCRYPTO_CIPHER_ALG_CAST5_128: |
94318522 DB |
467 | case QCRYPTO_CIPHER_ALG_SERPENT_128: |
468 | case QCRYPTO_CIPHER_ALG_SERPENT_192: | |
469 | case QCRYPTO_CIPHER_ALG_SERPENT_256: | |
50f6753e DB |
470 | case QCRYPTO_CIPHER_ALG_TWOFISH_128: |
471 | case QCRYPTO_CIPHER_ALG_TWOFISH_192: | |
472 | case QCRYPTO_CIPHER_ALG_TWOFISH_256: | |
52ed9f45 HH |
473 | #ifdef CONFIG_CRYPTO_SM4 |
474 | case QCRYPTO_CIPHER_ALG_SM4: | |
475 | #endif | |
f844836d GA |
476 | break; |
477 | default: | |
478 | return false; | |
479 | } | |
480 | ||
481 | switch (mode) { | |
482 | case QCRYPTO_CIPHER_MODE_ECB: | |
483 | case QCRYPTO_CIPHER_MODE_CBC: | |
484 | case QCRYPTO_CIPHER_MODE_XTS: | |
485 | case QCRYPTO_CIPHER_MODE_CTR: | |
ed754746 DB |
486 | return true; |
487 | default: | |
488 | return false; | |
489 | } | |
490 | } | |
491 | ||
3eedf5cc RH |
492 | static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg, |
493 | QCryptoCipherMode mode, | |
494 | const uint8_t *key, | |
495 | size_t nkey, | |
496 | Error **errp) | |
ed754746 | 497 | { |
ed754746 DB |
498 | switch (mode) { |
499 | case QCRYPTO_CIPHER_MODE_ECB: | |
500 | case QCRYPTO_CIPHER_MODE_CBC: | |
eaec903c | 501 | case QCRYPTO_CIPHER_MODE_XTS: |
3c28292f | 502 | case QCRYPTO_CIPHER_MODE_CTR: |
ed754746 DB |
503 | break; |
504 | default: | |
53ddad9b | 505 | goto bad_cipher_mode; |
ed754746 DB |
506 | } |
507 | ||
eaec903c | 508 | if (!qcrypto_cipher_validate_key_length(alg, mode, nkey, errp)) { |
ed754746 DB |
509 | return NULL; |
510 | } | |
511 | ||
ed754746 | 512 | switch (alg) { |
83bee4b5 | 513 | case QCRYPTO_CIPHER_ALG_DES: |
53ddad9b | 514 | { |
83bee4b5 | 515 | QCryptoNettleDES *ctx; |
53ddad9b | 516 | const QCryptoCipherDriver *drv; |
53ddad9b RH |
517 | |
518 | switch (mode) { | |
519 | case QCRYPTO_CIPHER_MODE_ECB: | |
83bee4b5 | 520 | drv = &qcrypto_nettle_des_driver_ecb; |
53ddad9b RH |
521 | break; |
522 | case QCRYPTO_CIPHER_MODE_CBC: | |
83bee4b5 | 523 | drv = &qcrypto_nettle_des_driver_cbc; |
53ddad9b RH |
524 | break; |
525 | case QCRYPTO_CIPHER_MODE_CTR: | |
83bee4b5 | 526 | drv = &qcrypto_nettle_des_driver_ctr; |
53ddad9b RH |
527 | break; |
528 | default: | |
529 | goto bad_cipher_mode; | |
530 | } | |
531 | ||
83bee4b5 | 532 | ctx = g_new0(QCryptoNettleDES, 1); |
53ddad9b | 533 | ctx->base.driver = drv; |
83bee4b5 | 534 | des_set_key(&ctx->key, key); |
53ddad9b RH |
535 | |
536 | return &ctx->base; | |
537 | } | |
ed754746 | 538 | |
ffb7bf45 | 539 | case QCRYPTO_CIPHER_ALG_3DES: |
53ddad9b RH |
540 | { |
541 | QCryptoNettleDES3 *ctx; | |
542 | const QCryptoCipherDriver *drv; | |
543 | ||
544 | switch (mode) { | |
545 | case QCRYPTO_CIPHER_MODE_ECB: | |
546 | drv = &qcrypto_nettle_des3_driver_ecb; | |
547 | break; | |
548 | case QCRYPTO_CIPHER_MODE_CBC: | |
549 | drv = &qcrypto_nettle_des3_driver_cbc; | |
550 | break; | |
551 | case QCRYPTO_CIPHER_MODE_CTR: | |
552 | drv = &qcrypto_nettle_des3_driver_ctr; | |
553 | break; | |
554 | default: | |
555 | goto bad_cipher_mode; | |
556 | } | |
557 | ||
558 | ctx = g_new0(QCryptoNettleDES3, 1); | |
559 | ctx->base.driver = drv; | |
560 | des3_set_key(&ctx->key, key); | |
561 | return &ctx->base; | |
562 | } | |
ffb7bf45 | 563 | |
ed754746 | 564 | case QCRYPTO_CIPHER_ALG_AES_128: |
53ddad9b RH |
565 | { |
566 | QCryptoNettleAES128 *ctx = g_new0(QCryptoNettleAES128, 1); | |
567 | ||
568 | switch (mode) { | |
569 | case QCRYPTO_CIPHER_MODE_ECB: | |
570 | ctx->base.driver = &qcrypto_nettle_aes128_driver_ecb; | |
571 | break; | |
572 | case QCRYPTO_CIPHER_MODE_CBC: | |
573 | ctx->base.driver = &qcrypto_nettle_aes128_driver_cbc; | |
574 | break; | |
575 | case QCRYPTO_CIPHER_MODE_CTR: | |
576 | ctx->base.driver = &qcrypto_nettle_aes128_driver_ctr; | |
577 | break; | |
578 | case QCRYPTO_CIPHER_MODE_XTS: | |
579 | ctx->base.driver = &qcrypto_nettle_aes128_driver_xts; | |
580 | nkey /= 2; | |
581 | aes128_set_encrypt_key(&ctx->key_xts[0], key + nkey); | |
582 | aes128_set_decrypt_key(&ctx->key_xts[1], key + nkey); | |
583 | break; | |
584 | default: | |
585 | g_assert_not_reached(); | |
586 | } | |
587 | aes128_set_encrypt_key(&ctx->key[0], key); | |
588 | aes128_set_decrypt_key(&ctx->key[1], key); | |
589 | ||
590 | return &ctx->base; | |
e8e67ca4 DB |
591 | } |
592 | ||
ed754746 | 593 | case QCRYPTO_CIPHER_ALG_AES_192: |
53ddad9b RH |
594 | { |
595 | QCryptoNettleAES192 *ctx = g_new0(QCryptoNettleAES192, 1); | |
596 | ||
597 | switch (mode) { | |
598 | case QCRYPTO_CIPHER_MODE_ECB: | |
599 | ctx->base.driver = &qcrypto_nettle_aes192_driver_ecb; | |
600 | break; | |
601 | case QCRYPTO_CIPHER_MODE_CBC: | |
602 | ctx->base.driver = &qcrypto_nettle_aes192_driver_cbc; | |
603 | break; | |
604 | case QCRYPTO_CIPHER_MODE_CTR: | |
605 | ctx->base.driver = &qcrypto_nettle_aes192_driver_ctr; | |
606 | break; | |
607 | case QCRYPTO_CIPHER_MODE_XTS: | |
608 | ctx->base.driver = &qcrypto_nettle_aes192_driver_xts; | |
609 | nkey /= 2; | |
610 | aes192_set_encrypt_key(&ctx->key_xts[0], key + nkey); | |
611 | aes192_set_decrypt_key(&ctx->key_xts[1], key + nkey); | |
612 | break; | |
613 | default: | |
614 | g_assert_not_reached(); | |
615 | } | |
616 | aes192_set_encrypt_key(&ctx->key[0], key); | |
617 | aes192_set_decrypt_key(&ctx->key[1], key); | |
618 | ||
619 | return &ctx->base; | |
e8e67ca4 DB |
620 | } |
621 | ||
ed754746 | 622 | case QCRYPTO_CIPHER_ALG_AES_256: |
53ddad9b RH |
623 | { |
624 | QCryptoNettleAES256 *ctx = g_new0(QCryptoNettleAES256, 1); | |
625 | ||
626 | switch (mode) { | |
627 | case QCRYPTO_CIPHER_MODE_ECB: | |
628 | ctx->base.driver = &qcrypto_nettle_aes256_driver_ecb; | |
629 | break; | |
630 | case QCRYPTO_CIPHER_MODE_CBC: | |
631 | ctx->base.driver = &qcrypto_nettle_aes256_driver_cbc; | |
632 | break; | |
633 | case QCRYPTO_CIPHER_MODE_CTR: | |
634 | ctx->base.driver = &qcrypto_nettle_aes256_driver_ctr; | |
635 | break; | |
636 | case QCRYPTO_CIPHER_MODE_XTS: | |
637 | ctx->base.driver = &qcrypto_nettle_aes256_driver_xts; | |
638 | nkey /= 2; | |
639 | aes256_set_encrypt_key(&ctx->key_xts[0], key + nkey); | |
640 | aes256_set_decrypt_key(&ctx->key_xts[1], key + nkey); | |
641 | break; | |
642 | default: | |
643 | g_assert_not_reached(); | |
644 | } | |
645 | aes256_set_encrypt_key(&ctx->key[0], key); | |
646 | aes256_set_decrypt_key(&ctx->key[1], key); | |
647 | ||
648 | return &ctx->base; | |
eaec903c | 649 | } |
ed754746 | 650 | |
084a85ee | 651 | case QCRYPTO_CIPHER_ALG_CAST5_128: |
53ddad9b RH |
652 | { |
653 | QCryptoNettleCAST128 *ctx; | |
654 | const QCryptoCipherDriver *drv; | |
655 | ||
656 | switch (mode) { | |
657 | case QCRYPTO_CIPHER_MODE_ECB: | |
658 | drv = &qcrypto_nettle_cast128_driver_ecb; | |
659 | break; | |
660 | case QCRYPTO_CIPHER_MODE_CBC: | |
661 | drv = &qcrypto_nettle_cast128_driver_cbc; | |
662 | break; | |
663 | case QCRYPTO_CIPHER_MODE_CTR: | |
664 | drv = &qcrypto_nettle_cast128_driver_ctr; | |
665 | break; | |
666 | default: | |
667 | goto bad_cipher_mode; | |
668 | } | |
669 | ||
670 | ctx = g_new0(QCryptoNettleCAST128, 1); | |
671 | ctx->base.driver = drv; | |
672 | cast5_set_key(&ctx->key, nkey, key); | |
673 | ||
674 | return &ctx->base; | |
eaec903c | 675 | } |
084a85ee | 676 | |
94318522 DB |
677 | case QCRYPTO_CIPHER_ALG_SERPENT_128: |
678 | case QCRYPTO_CIPHER_ALG_SERPENT_192: | |
679 | case QCRYPTO_CIPHER_ALG_SERPENT_256: | |
53ddad9b RH |
680 | { |
681 | QCryptoNettleSerpent *ctx = g_new0(QCryptoNettleSerpent, 1); | |
682 | ||
683 | switch (mode) { | |
684 | case QCRYPTO_CIPHER_MODE_ECB: | |
685 | ctx->base.driver = &qcrypto_nettle_serpent_driver_ecb; | |
686 | break; | |
687 | case QCRYPTO_CIPHER_MODE_CBC: | |
688 | ctx->base.driver = &qcrypto_nettle_serpent_driver_cbc; | |
689 | break; | |
690 | case QCRYPTO_CIPHER_MODE_CTR: | |
691 | ctx->base.driver = &qcrypto_nettle_serpent_driver_ctr; | |
692 | break; | |
693 | case QCRYPTO_CIPHER_MODE_XTS: | |
694 | ctx->base.driver = &qcrypto_nettle_serpent_driver_xts; | |
695 | nkey /= 2; | |
696 | serpent_set_key(&ctx->key_xts, nkey, key + nkey); | |
697 | break; | |
698 | default: | |
699 | g_assert_not_reached(); | |
700 | } | |
701 | serpent_set_key(&ctx->key, nkey, key); | |
702 | ||
703 | return &ctx->base; | |
eaec903c | 704 | } |
94318522 | 705 | |
50f6753e DB |
706 | case QCRYPTO_CIPHER_ALG_TWOFISH_128: |
707 | case QCRYPTO_CIPHER_ALG_TWOFISH_192: | |
708 | case QCRYPTO_CIPHER_ALG_TWOFISH_256: | |
53ddad9b RH |
709 | { |
710 | QCryptoNettleTwofish *ctx = g_new0(QCryptoNettleTwofish, 1); | |
711 | ||
712 | switch (mode) { | |
713 | case QCRYPTO_CIPHER_MODE_ECB: | |
714 | ctx->base.driver = &qcrypto_nettle_twofish_driver_ecb; | |
715 | break; | |
716 | case QCRYPTO_CIPHER_MODE_CBC: | |
717 | ctx->base.driver = &qcrypto_nettle_twofish_driver_cbc; | |
718 | break; | |
719 | case QCRYPTO_CIPHER_MODE_CTR: | |
720 | ctx->base.driver = &qcrypto_nettle_twofish_driver_ctr; | |
721 | break; | |
722 | case QCRYPTO_CIPHER_MODE_XTS: | |
723 | ctx->base.driver = &qcrypto_nettle_twofish_driver_xts; | |
724 | nkey /= 2; | |
725 | twofish_set_key(&ctx->key_xts, nkey, key + nkey); | |
726 | break; | |
727 | default: | |
728 | g_assert_not_reached(); | |
729 | } | |
730 | twofish_set_key(&ctx->key, nkey, key); | |
731 | ||
732 | return &ctx->base; | |
eaec903c | 733 | } |
52ed9f45 HH |
734 | #ifdef CONFIG_CRYPTO_SM4 |
735 | case QCRYPTO_CIPHER_ALG_SM4: | |
736 | { | |
737 | QCryptoNettleSm4 *ctx = g_new0(QCryptoNettleSm4, 1); | |
738 | ||
739 | switch (mode) { | |
740 | case QCRYPTO_CIPHER_MODE_ECB: | |
741 | ctx->base.driver = &qcrypto_nettle_sm4_driver_ecb; | |
742 | break; | |
743 | default: | |
744 | goto bad_cipher_mode; | |
745 | } | |
746 | ||
747 | sm4_set_encrypt_key(&ctx->key[0], key); | |
748 | sm4_set_decrypt_key(&ctx->key[1], key); | |
749 | ||
750 | return &ctx->base; | |
751 | } | |
752 | #endif | |
50f6753e | 753 | |
ed754746 | 754 | default: |
90d6f60d | 755 | error_setg(errp, "Unsupported cipher algorithm %s", |
977c736f | 756 | QCryptoCipherAlgorithm_str(alg)); |
53ddad9b | 757 | return NULL; |
a5d2f44d DB |
758 | } |
759 | ||
53ddad9b RH |
760 | bad_cipher_mode: |
761 | error_setg(errp, "Unsupported cipher mode %s", | |
762 | QCryptoCipherMode_str(mode)); | |
ed754746 DB |
763 | return NULL; |
764 | } |