2 * QEMU Crypto cipher nettle algorithms
4 * Copyright (c) 2015 Red Hat, Inc.
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
21 #include "qemu/osdep.h"
22 #include <nettle/nettle-types.h>
23 #include <nettle/aes.h>
24 #include <nettle/des.h>
25 #include <nettle/cbc.h>
26 #include <nettle/cast128.h>
27 #include <nettle/serpent.h>
28 #include <nettle/twofish.h>
30 #if CONFIG_NETTLE_VERSION_MAJOR < 3
31 typedef nettle_crypt_func nettle_cipher_func
;
33 typedef void * cipher_ctx_t
;
34 typedef unsigned cipher_length_t
;
36 typedef const void * cipher_ctx_t
;
37 typedef size_t cipher_length_t
;
40 static nettle_cipher_func aes_encrypt_wrapper
;
41 static nettle_cipher_func aes_decrypt_wrapper
;
42 static nettle_cipher_func des_encrypt_wrapper
;
43 static nettle_cipher_func des_decrypt_wrapper
;
45 typedef struct QCryptoNettleAES
{
50 static void aes_encrypt_wrapper(cipher_ctx_t ctx
, cipher_length_t length
,
51 uint8_t *dst
, const uint8_t *src
)
53 const QCryptoNettleAES
*aesctx
= ctx
;
54 aes_encrypt(&aesctx
->enc
, length
, dst
, src
);
57 static void aes_decrypt_wrapper(cipher_ctx_t ctx
, cipher_length_t length
,
58 uint8_t *dst
, const uint8_t *src
)
60 const QCryptoNettleAES
*aesctx
= ctx
;
61 aes_decrypt(&aesctx
->dec
, length
, dst
, src
);
64 static void des_encrypt_wrapper(cipher_ctx_t ctx
, cipher_length_t length
,
65 uint8_t *dst
, const uint8_t *src
)
67 des_encrypt(ctx
, length
, dst
, src
);
70 static void des_decrypt_wrapper(cipher_ctx_t ctx
, cipher_length_t length
,
71 uint8_t *dst
, const uint8_t *src
)
73 des_decrypt(ctx
, length
, dst
, src
);
76 static void cast128_encrypt_wrapper(cipher_ctx_t ctx
, cipher_length_t length
,
77 uint8_t *dst
, const uint8_t *src
)
79 cast128_encrypt(ctx
, length
, dst
, src
);
82 static void cast128_decrypt_wrapper(cipher_ctx_t ctx
, cipher_length_t length
,
83 uint8_t *dst
, const uint8_t *src
)
85 cast128_decrypt(ctx
, length
, dst
, src
);
88 static void serpent_encrypt_wrapper(cipher_ctx_t ctx
, cipher_length_t length
,
89 uint8_t *dst
, const uint8_t *src
)
91 serpent_encrypt(ctx
, length
, dst
, src
);
94 static void serpent_decrypt_wrapper(cipher_ctx_t ctx
, cipher_length_t length
,
95 uint8_t *dst
, const uint8_t *src
)
97 serpent_decrypt(ctx
, length
, dst
, src
);
100 static void twofish_encrypt_wrapper(cipher_ctx_t ctx
, cipher_length_t length
,
101 uint8_t *dst
, const uint8_t *src
)
103 twofish_encrypt(ctx
, length
, dst
, src
);
106 static void twofish_decrypt_wrapper(cipher_ctx_t ctx
, cipher_length_t length
,
107 uint8_t *dst
, const uint8_t *src
)
109 twofish_decrypt(ctx
, length
, dst
, src
);
112 typedef struct QCryptoCipherNettle QCryptoCipherNettle
;
113 struct QCryptoCipherNettle
{
115 nettle_cipher_func
*alg_encrypt
;
116 nettle_cipher_func
*alg_decrypt
;
121 bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg
)
124 case QCRYPTO_CIPHER_ALG_DES_RFB
:
125 case QCRYPTO_CIPHER_ALG_AES_128
:
126 case QCRYPTO_CIPHER_ALG_AES_192
:
127 case QCRYPTO_CIPHER_ALG_AES_256
:
128 case QCRYPTO_CIPHER_ALG_CAST5_128
:
129 case QCRYPTO_CIPHER_ALG_SERPENT_128
:
130 case QCRYPTO_CIPHER_ALG_SERPENT_192
:
131 case QCRYPTO_CIPHER_ALG_SERPENT_256
:
132 case QCRYPTO_CIPHER_ALG_TWOFISH_128
:
133 case QCRYPTO_CIPHER_ALG_TWOFISH_192
:
134 case QCRYPTO_CIPHER_ALG_TWOFISH_256
:
142 QCryptoCipher
*qcrypto_cipher_new(QCryptoCipherAlgorithm alg
,
143 QCryptoCipherMode mode
,
144 const uint8_t *key
, size_t nkey
,
147 QCryptoCipher
*cipher
;
148 QCryptoCipherNettle
*ctx
;
152 case QCRYPTO_CIPHER_MODE_ECB
:
153 case QCRYPTO_CIPHER_MODE_CBC
:
156 error_setg(errp
, "Unsupported cipher mode %d", mode
);
160 if (!qcrypto_cipher_validate_key_length(alg
, nkey
, errp
)) {
164 cipher
= g_new0(QCryptoCipher
, 1);
168 ctx
= g_new0(QCryptoCipherNettle
, 1);
171 case QCRYPTO_CIPHER_ALG_DES_RFB
:
172 ctx
->ctx
= g_new0(struct des_ctx
, 1);
173 rfbkey
= qcrypto_cipher_munge_des_rfb_key(key
, nkey
);
174 des_set_key(ctx
->ctx
, rfbkey
);
177 ctx
->alg_encrypt
= des_encrypt_wrapper
;
178 ctx
->alg_decrypt
= des_decrypt_wrapper
;
180 ctx
->blocksize
= DES_BLOCK_SIZE
;
183 case QCRYPTO_CIPHER_ALG_AES_128
:
184 case QCRYPTO_CIPHER_ALG_AES_192
:
185 case QCRYPTO_CIPHER_ALG_AES_256
:
186 ctx
->ctx
= g_new0(QCryptoNettleAES
, 1);
188 aes_set_encrypt_key(&((QCryptoNettleAES
*)ctx
->ctx
)->enc
, nkey
, key
);
189 aes_set_decrypt_key(&((QCryptoNettleAES
*)ctx
->ctx
)->dec
, nkey
, key
);
191 ctx
->alg_encrypt
= aes_encrypt_wrapper
;
192 ctx
->alg_decrypt
= aes_decrypt_wrapper
;
194 ctx
->blocksize
= AES_BLOCK_SIZE
;
197 case QCRYPTO_CIPHER_ALG_CAST5_128
:
198 ctx
->ctx
= g_new0(struct cast128_ctx
, 1);
200 cast5_set_key(ctx
->ctx
, nkey
, key
);
202 ctx
->alg_encrypt
= cast128_encrypt_wrapper
;
203 ctx
->alg_decrypt
= cast128_decrypt_wrapper
;
205 ctx
->blocksize
= CAST128_BLOCK_SIZE
;
208 case QCRYPTO_CIPHER_ALG_SERPENT_128
:
209 case QCRYPTO_CIPHER_ALG_SERPENT_192
:
210 case QCRYPTO_CIPHER_ALG_SERPENT_256
:
211 ctx
->ctx
= g_new0(struct serpent_ctx
, 1);
213 serpent_set_key(ctx
->ctx
, nkey
, key
);
215 ctx
->alg_encrypt
= serpent_encrypt_wrapper
;
216 ctx
->alg_decrypt
= serpent_decrypt_wrapper
;
218 ctx
->blocksize
= SERPENT_BLOCK_SIZE
;
221 case QCRYPTO_CIPHER_ALG_TWOFISH_128
:
222 case QCRYPTO_CIPHER_ALG_TWOFISH_192
:
223 case QCRYPTO_CIPHER_ALG_TWOFISH_256
:
224 ctx
->ctx
= g_new0(struct twofish_ctx
, 1);
226 twofish_set_key(ctx
->ctx
, nkey
, key
);
228 ctx
->alg_encrypt
= twofish_encrypt_wrapper
;
229 ctx
->alg_decrypt
= twofish_decrypt_wrapper
;
231 ctx
->blocksize
= TWOFISH_BLOCK_SIZE
;
235 error_setg(errp
, "Unsupported cipher algorithm %d", alg
);
239 ctx
->iv
= g_new0(uint8_t, ctx
->blocksize
);
240 cipher
->opaque
= ctx
;
251 void qcrypto_cipher_free(QCryptoCipher
*cipher
)
253 QCryptoCipherNettle
*ctx
;
259 ctx
= cipher
->opaque
;
267 int qcrypto_cipher_encrypt(QCryptoCipher
*cipher
,
273 QCryptoCipherNettle
*ctx
= cipher
->opaque
;
275 if (len
% ctx
->blocksize
) {
276 error_setg(errp
, "Length %zu must be a multiple of block size %zu",
277 len
, ctx
->blocksize
);
281 switch (cipher
->mode
) {
282 case QCRYPTO_CIPHER_MODE_ECB
:
283 ctx
->alg_encrypt(ctx
->ctx
, len
, out
, in
);
286 case QCRYPTO_CIPHER_MODE_CBC
:
287 cbc_encrypt(ctx
->ctx
, ctx
->alg_encrypt
,
288 ctx
->blocksize
, ctx
->iv
,
293 error_setg(errp
, "Unsupported cipher algorithm %d",
301 int qcrypto_cipher_decrypt(QCryptoCipher
*cipher
,
307 QCryptoCipherNettle
*ctx
= cipher
->opaque
;
309 if (len
% ctx
->blocksize
) {
310 error_setg(errp
, "Length %zu must be a multiple of block size %zu",
311 len
, ctx
->blocksize
);
315 switch (cipher
->mode
) {
316 case QCRYPTO_CIPHER_MODE_ECB
:
317 ctx
->alg_decrypt(ctx
->ctx
, len
, out
, in
);
320 case QCRYPTO_CIPHER_MODE_CBC
:
321 cbc_decrypt(ctx
->ctx
, ctx
->alg_decrypt
,
322 ctx
->blocksize
, ctx
->iv
,
327 error_setg(errp
, "Unsupported cipher algorithm %d",
334 int qcrypto_cipher_setiv(QCryptoCipher
*cipher
,
335 const uint8_t *iv
, size_t niv
,
338 QCryptoCipherNettle
*ctx
= cipher
->opaque
;
339 if (niv
!= ctx
->blocksize
) {
340 error_setg(errp
, "Expected IV size %zu not %zu",
341 ctx
->blocksize
, niv
);
344 memcpy(ctx
->iv
, iv
, niv
);