*
*/
+#include "qemu/osdep.h"
+#include "qapi/error.h"
#include "crypto/cipher.h"
+#include "cipherpriv.h"
static size_t alg_key_len[QCRYPTO_CIPHER_ALG__MAX] = {
[QCRYPTO_CIPHER_ALG_AES_192] = 24,
[QCRYPTO_CIPHER_ALG_AES_256] = 32,
[QCRYPTO_CIPHER_ALG_DES_RFB] = 8,
+ [QCRYPTO_CIPHER_ALG_3DES] = 24,
+ [QCRYPTO_CIPHER_ALG_CAST5_128] = 16,
+ [QCRYPTO_CIPHER_ALG_SERPENT_128] = 16,
+ [QCRYPTO_CIPHER_ALG_SERPENT_192] = 24,
+ [QCRYPTO_CIPHER_ALG_SERPENT_256] = 32,
+ [QCRYPTO_CIPHER_ALG_TWOFISH_128] = 16,
+ [QCRYPTO_CIPHER_ALG_TWOFISH_192] = 24,
+ [QCRYPTO_CIPHER_ALG_TWOFISH_256] = 32,
};
static size_t alg_block_len[QCRYPTO_CIPHER_ALG__MAX] = {
[QCRYPTO_CIPHER_ALG_AES_192] = 16,
[QCRYPTO_CIPHER_ALG_AES_256] = 16,
[QCRYPTO_CIPHER_ALG_DES_RFB] = 8,
+ [QCRYPTO_CIPHER_ALG_3DES] = 8,
+ [QCRYPTO_CIPHER_ALG_CAST5_128] = 8,
+ [QCRYPTO_CIPHER_ALG_SERPENT_128] = 16,
+ [QCRYPTO_CIPHER_ALG_SERPENT_192] = 16,
+ [QCRYPTO_CIPHER_ALG_SERPENT_256] = 16,
+ [QCRYPTO_CIPHER_ALG_TWOFISH_128] = 16,
+ [QCRYPTO_CIPHER_ALG_TWOFISH_192] = 16,
+ [QCRYPTO_CIPHER_ALG_TWOFISH_256] = 16,
};
static bool mode_need_iv[QCRYPTO_CIPHER_MODE__MAX] = {
[QCRYPTO_CIPHER_MODE_ECB] = false,
[QCRYPTO_CIPHER_MODE_CBC] = true,
+ [QCRYPTO_CIPHER_MODE_XTS] = true,
+ [QCRYPTO_CIPHER_MODE_CTR] = true,
};
size_t qcrypto_cipher_get_block_len(QCryptoCipherAlgorithm alg)
{
- if (alg >= G_N_ELEMENTS(alg_key_len)) {
- return 0;
- }
+ assert(alg < G_N_ELEMENTS(alg_key_len));
return alg_block_len[alg];
}
size_t qcrypto_cipher_get_key_len(QCryptoCipherAlgorithm alg)
{
- if (alg >= G_N_ELEMENTS(alg_key_len)) {
- return 0;
- }
+ assert(alg < G_N_ELEMENTS(alg_key_len));
return alg_key_len[alg];
}
static bool
qcrypto_cipher_validate_key_length(QCryptoCipherAlgorithm alg,
+ QCryptoCipherMode mode,
size_t nkey,
Error **errp)
{
return false;
}
- if (alg_key_len[alg] != nkey) {
- error_setg(errp, "Cipher key length %zu should be %zu",
- nkey, alg_key_len[alg]);
- return false;
+ if (mode == QCRYPTO_CIPHER_MODE_XTS) {
+ if (alg == QCRYPTO_CIPHER_ALG_DES_RFB
+ || alg == QCRYPTO_CIPHER_ALG_3DES) {
+ error_setg(errp, "XTS mode not compatible with DES-RFB/3DES");
+ return false;
+ }
+ if (nkey % 2) {
+ error_setg(errp, "XTS cipher key length should be a multiple of 2");
+ return false;
+ }
+
+ if (alg_key_len[alg] != (nkey / 2)) {
+ error_setg(errp, "Cipher key length %zu should be %zu",
+ nkey, alg_key_len[alg] * 2);
+ return false;
+ }
+ } else {
+ if (alg_key_len[alg] != nkey) {
+ error_setg(errp, "Cipher key length %zu should be %zu",
+ nkey, alg_key_len[alg]);
+ return false;
+ }
}
return true;
}
#endif /* CONFIG_GCRYPT || CONFIG_NETTLE */
#ifdef CONFIG_GCRYPT
-#include "crypto/cipher-gcrypt.c"
+#include "cipher-gcrypt.c"
#elif defined CONFIG_NETTLE
-#include "crypto/cipher-nettle.c"
+#include "cipher-nettle.c"
#else
-#include "crypto/cipher-builtin.c"
+#include "cipher-builtin.c"
+#endif
+
+QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
+ QCryptoCipherMode mode,
+ const uint8_t *key, size_t nkey,
+ Error **errp)
+{
+ QCryptoCipher *cipher;
+ void *ctx = NULL;
+ QCryptoCipherDriver *drv = NULL;
+
+#ifdef CONFIG_AF_ALG
+ ctx = qcrypto_afalg_cipher_ctx_new(alg, mode, key, nkey, NULL);
+ if (ctx) {
+ drv = &qcrypto_cipher_afalg_driver;
+ }
#endif
+
+ if (!ctx) {
+ ctx = qcrypto_cipher_ctx_new(alg, mode, key, nkey, errp);
+ if (!ctx) {
+ return NULL;
+ }
+
+ drv = &qcrypto_cipher_lib_driver;
+ }
+
+ cipher = g_new0(QCryptoCipher, 1);
+ cipher->alg = alg;
+ cipher->mode = mode;
+ cipher->opaque = ctx;
+ cipher->driver = (void *)drv;
+
+ return cipher;
+}
+
+
+int qcrypto_cipher_encrypt(QCryptoCipher *cipher,
+ const void *in,
+ void *out,
+ size_t len,
+ Error **errp)
+{
+ QCryptoCipherDriver *drv = cipher->driver;
+ return drv->cipher_encrypt(cipher, in, out, len, errp);
+}
+
+
+int qcrypto_cipher_decrypt(QCryptoCipher *cipher,
+ const void *in,
+ void *out,
+ size_t len,
+ Error **errp)
+{
+ QCryptoCipherDriver *drv = cipher->driver;
+ return drv->cipher_decrypt(cipher, in, out, len, errp);
+}
+
+
+int qcrypto_cipher_setiv(QCryptoCipher *cipher,
+ const uint8_t *iv, size_t niv,
+ Error **errp)
+{
+ QCryptoCipherDriver *drv = cipher->driver;
+ return drv->cipher_setiv(cipher, iv, niv, errp);
+}
+
+
+void qcrypto_cipher_free(QCryptoCipher *cipher)
+{
+ QCryptoCipherDriver *drv;
+ if (cipher) {
+ drv = cipher->driver;
+ drv->cipher_free(cipher);
+ g_free(cipher);
+ }
+}
projects / qemu.git / blobdiff