[qemu.git] / crypto / ivgen-essiv.c

/*
 * QEMU Crypto block IV generator - essiv
 *
 * Copyright (c) 2015-2016 Red Hat, Inc.
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
 *
 */

#include "qemu/osdep.h"
#include "qapi/error.h"
#include "qemu/bswap.h"
#include "crypto/ivgen-essiv.h"

typedef struct QCryptoIVGenESSIV QCryptoIVGenESSIV;
struct QCryptoIVGenESSIV {
    QCryptoCipher *cipher;
};

static int qcrypto_ivgen_essiv_init(QCryptoIVGen *ivgen,
                                    const uint8_t *key, size_t nkey,
                                    Error **errp)
{
    uint8_t *salt;
    size_t nhash;
    size_t nsalt;
    QCryptoIVGenESSIV *essiv = g_new0(QCryptoIVGenESSIV, 1);

    /* Not necessarily the same as nkey */
    nsalt = qcrypto_cipher_get_key_len(ivgen->cipher);

    nhash = qcrypto_hash_digest_len(ivgen->hash);
    /* Salt must be larger of hash size or key size */
    salt = g_new0(uint8_t, MAX(nhash, nsalt));

    if (qcrypto_hash_bytes(ivgen->hash, (const gchar *)key, nkey,
                           &salt, &nhash,
                           errp) < 0) {
        g_free(essiv);
        return -1;
    }

    /* Now potentially truncate salt to match cipher key len */
    essiv->cipher = qcrypto_cipher_new(ivgen->cipher,
                                       QCRYPTO_CIPHER_MODE_ECB,
                                       salt, MIN(nhash, nsalt),
                                       errp);
    if (!essiv->cipher) {
        g_free(essiv);
        g_free(salt);
        return -1;
    }

    g_free(salt);
    ivgen->private = essiv;

    return 0;
}

static int qcrypto_ivgen_essiv_calculate(QCryptoIVGen *ivgen,
                                         uint64_t sector,
                                         uint8_t *iv, size_t niv,
                                         Error **errp)
{
    QCryptoIVGenESSIV *essiv = ivgen->private;
    size_t ndata = qcrypto_cipher_get_block_len(ivgen->cipher);
    uint8_t *data = g_new(uint8_t, ndata);

    sector = cpu_to_le64(sector);
    memcpy(data, (uint8_t *)&sector, ndata);
    if (sizeof(sector) < ndata) {
        memset(data + sizeof(sector), 0, ndata - sizeof(sector));
    }

    if (qcrypto_cipher_encrypt(essiv->cipher,
                               data,
                               data,
                               ndata,
                               errp) < 0) {
        g_free(data);
        return -1;
    }

    if (ndata > niv) {
        ndata = niv;
    }
    memcpy(iv, data, ndata);
    if (ndata < niv) {
        memset(iv + ndata, 0, niv - ndata);
    }
    g_free(data);
    return 0;
}

static void qcrypto_ivgen_essiv_cleanup(QCryptoIVGen *ivgen)
{
    QCryptoIVGenESSIV *essiv = ivgen->private;

    qcrypto_cipher_free(essiv->cipher);
    g_free(essiv);
}


struct QCryptoIVGenDriver qcrypto_ivgen_essiv = {
    .init = qcrypto_ivgen_essiv_init,
    .calculate = qcrypto_ivgen_essiv_calculate,
    .cleanup = qcrypto_ivgen_essiv_cleanup,
};
Commit	Line	Data
cb730894 DB	1	/*
	2	* QEMU Crypto block IV generator - essiv
	3	*
	4	* Copyright (c) 2015-2016 Red Hat, Inc.
	5	*
	6	* This library is free software; you can redistribute it and/or
	7	* modify it under the terms of the GNU Lesser General Public
	8	* License as published by the Free Software Foundation; either
	9	* version 2 of the License, or (at your option) any later version.
	10	*
	11	* This library is distributed in the hope that it will be useful,
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	14	* Lesser General Public License for more details.
	15	*
	16	* You should have received a copy of the GNU Lesser General Public
	17	* License along with this library; if not, see <http://www.gnu.org/licenses/>.
	18	*
	19	*/
	20
	21	#include "qemu/osdep.h"
da34e65c	22	#include "qapi/error.h"
7136fc1d	23	#include "qemu/bswap.h"
cb730894 DB	24	#include "crypto/ivgen-essiv.h"
	25
	26	typedef struct QCryptoIVGenESSIV QCryptoIVGenESSIV;
	27	struct QCryptoIVGenESSIV {
	28	QCryptoCipher *cipher;
	29	};
	30
	31	static int qcrypto_ivgen_essiv_init(QCryptoIVGen *ivgen,
	32	const uint8_t *key, size_t nkey,
	33	Error **errp)
	34	{
	35	uint8_t *salt;
	36	size_t nhash;
	37	size_t nsalt;
	38	QCryptoIVGenESSIV *essiv = g_new0(QCryptoIVGenESSIV, 1);
	39
	40	/* Not necessarily the same as nkey */
	41	nsalt = qcrypto_cipher_get_key_len(ivgen->cipher);
	42
	43	nhash = qcrypto_hash_digest_len(ivgen->hash);
	44	/* Salt must be larger of hash size or key size */
	45	salt = g_new0(uint8_t, MAX(nhash, nsalt));
	46
	47	if (qcrypto_hash_bytes(ivgen->hash, (const gchar *)key, nkey,
	48	&salt, &nhash,
	49	errp) < 0) {
	50	g_free(essiv);
	51	return -1;
	52	}
	53
	54	/* Now potentially truncate salt to match cipher key len */
	55	essiv->cipher = qcrypto_cipher_new(ivgen->cipher,
	56	QCRYPTO_CIPHER_MODE_ECB,
	57	salt, MIN(nhash, nsalt),
	58	errp);
	59	if (!essiv->cipher) {
	60	g_free(essiv);
	61	g_free(salt);
	62	return -1;
	63	}
	64
	65	g_free(salt);
	66	ivgen->private = essiv;
	67
	68	return 0;
	69	}
	70
	71	static int qcrypto_ivgen_essiv_calculate(QCryptoIVGen *ivgen,
	72	uint64_t sector,
	73	uint8_t *iv, size_t niv,
	74	Error **errp)
	75	{
	76	QCryptoIVGenESSIV *essiv = ivgen->private;
	77	size_t ndata = qcrypto_cipher_get_block_len(ivgen->cipher);
	78	uint8_t *data = g_new(uint8_t, ndata);
	79
	80	sector = cpu_to_le64(sector);
	81	memcpy(data, (uint8_t *)&sector, ndata);
	82	if (sizeof(sector) < ndata) {
	83	memset(data + sizeof(sector), 0, ndata - sizeof(sector));
	84	}
	85
	86	if (qcrypto_cipher_encrypt(essiv->cipher,
	87	data,
88	data,
89	ndata,
90	errp) < 0) {
91	g_free(data);
92	return -1;
93	}
94
95	if (ndata > niv) {
96	ndata = niv;
97	}
98	memcpy(iv, data, ndata);
99	if (ndata < niv) {
100	memset(iv + ndata, 0, niv - ndata);
101	}
102	g_free(data);
103	return 0;
104	}
105
106	static void qcrypto_ivgen_essiv_cleanup(QCryptoIVGen *ivgen)
107	{
108	QCryptoIVGenESSIV *essiv = ivgen->private;
109
110	qcrypto_cipher_free(essiv->cipher);
111	g_free(essiv);
112	}
113
114
115	struct QCryptoIVGenDriver qcrypto_ivgen_essiv = {
116	.init = qcrypto_ivgen_essiv_init,
117	.calculate = qcrypto_ivgen_essiv_calculate,
118	.cleanup = qcrypto_ivgen_essiv_cleanup,
119	};
120