crypto/afsplit.c

   1 /*
   2  * QEMU Crypto anti forensic information splitter
   3  *
   4  * Copyright (c) 2015-2016 Red Hat, Inc.
   5  *
   6  * Derived from cryptsetup package lib/luks1/af.c
   7  *
   8  * Copyright (C) 2004, Clemens Fruhwirth <[email protected]>
   9  * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
  10  *
  11  * This library is free software; you can redistribute it and/or
  12  * modify it under the terms of the GNU General Public License
  13  * as published by the Free Software Foundation; either version 2
  14  * of the License, or (at your option) any later version.
  15  *
  16  * This library is distributed in the hope that it will be useful,
  17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  19  * Lesser General Public License for more details.
  20  *
  21  * You should have received a copy of the GNU Lesser General Public
  22  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
  23  *
  24  */
  25
  26 #include "qemu/osdep.h"
  27 #include "crypto/afsplit.h"
  28 #include "crypto/random.h"
  29
  30
  31 static void qcrypto_afsplit_xor(size_t blocklen,
  32                                 const uint8_t *in1,
  33                                 const uint8_t *in2,
  34                                 uint8_t *out)
  35 {
  36     size_t i;
  37     for (i = 0; i < blocklen; i++) {
  38         out[i] = in1[i] ^ in2[i];
  39     }
  40 }
  41
  42
  43 static int qcrypto_afsplit_hash(QCryptoHashAlgorithm hash,
  44                                 size_t blocklen,
  45                                 uint8_t *block,
  46                                 Error **errp)
  47 {
  48     size_t digestlen = qcrypto_hash_digest_len(hash);
  49
  50     size_t hashcount = blocklen / digestlen;
  51     size_t finallen = blocklen % digestlen;
  52     uint32_t i;
  53
  54     if (finallen) {
  55         hashcount++;
  56     } else {
  57         finallen = digestlen;
  58     }
  59
  60     for (i = 0; i < hashcount; i++) {
  61         uint8_t *out = NULL;
  62         size_t outlen = 0;
  63         uint32_t iv = cpu_to_be32(i);
  64         struct iovec in[] = {
  65             { .iov_base = &iv,
  66               .iov_len = sizeof(iv) },
  67             { .iov_base = block + (i * digestlen),
  68               .iov_len = (i == (hashcount - 1)) ? finallen : digestlen },
  69         };
  70
  71         if (qcrypto_hash_bytesv(hash,
  72                                 in,
  73                                 G_N_ELEMENTS(in),
  74                                 &out, &outlen,
  75                                 errp) < 0) {
  76             return -1;
  77         }
  78
  79         assert(outlen == digestlen);
  80         memcpy(block + (i * digestlen), out,
  81                (i == (hashcount - 1)) ? finallen : digestlen);
  82         g_free(out);
  83     }
  84
  85     return 0;
  86 }
  87
  88
  89 int qcrypto_afsplit_encode(QCryptoHashAlgorithm hash,
  90                            size_t blocklen,
  91                            uint32_t stripes,
  92                            const uint8_t *in,
  93                            uint8_t *out,
  94                            Error **errp)
  95 {
  96     uint8_t *block = g_new0(uint8_t, blocklen);
  97     size_t i;
  98     int ret = -1;
  99
 100     for (i = 0; i < (stripes - 1); i++) {
 101         if (qcrypto_random_bytes(out + (i * blocklen), blocklen, errp) < 0) {
 102             goto cleanup;
 103         }
 104
 105         qcrypto_afsplit_xor(blocklen,
 106                             out + (i * blocklen),
 107                             block,
 108                             block);
 109         if (qcrypto_afsplit_hash(hash, blocklen, block,
 110                                  errp) < 0) {
 111             goto cleanup;
 112         }
 113     }
 114     qcrypto_afsplit_xor(blocklen,
 115                         in,
 116                         block,
 117                         out + (i * blocklen));
 118     ret = 0;
 119
 120  cleanup:
 121     g_free(block);
 122     return ret;
 123 }
 124
 125
 126 int qcrypto_afsplit_decode(QCryptoHashAlgorithm hash,
 127                            size_t blocklen,
 128                            uint32_t stripes,
 129                            const uint8_t *in,
 130                            uint8_t *out,
 131                            Error **errp)
 132 {
 133     uint8_t *block = g_new0(uint8_t, blocklen);
 134     size_t i;
 135     int ret = -1;
 136
 137     for (i = 0; i < (stripes - 1); i++) {
 138         qcrypto_afsplit_xor(blocklen,
 139                             in + (i * blocklen),
 140                             block,
 141                             block);
 142         if (qcrypto_afsplit_hash(hash, blocklen, block,
 143                                  errp) < 0) {
 144             goto cleanup;
 145         }
 146     }
 147
 148     qcrypto_afsplit_xor(blocklen,
 149                         in + (i * blocklen),
 150                         block,
 151                         out);
 152
 153     ret = 0;
 154
 155  cleanup:
 156     g_free(block);
 157     return ret;
 158 }