]> git.ipfire.org Git - thirdparty/qemu.git/blame - crypto/cipher-nettle.c.inc
projects / thirdparty / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
crypto: Introduce SM4 symmetric cipher algorithm
[thirdparty/qemu.git] / crypto / cipher-nettle.c.inc
CommitLineData
ed754746
DB		 1/*
2 * QEMU Crypto cipher nettle algorithms
3 *
4 * Copyright (c) 2015 Red Hat, Inc.
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
b7cbb874 9 * version 2.1 of the License, or (at your option) any later version.
ed754746
DB		 10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 *
19 */
20
dc2207af 21#ifdef CONFIG_QEMU_PRIVATE_XTS
eaec903c 22#include "crypto/xts.h"
dc2207af 23#endif
eaec903c 24
ed754746
DB		 25#include <nettle/nettle-types.h>
26#include <nettle/aes.h>
27#include <nettle/des.h>
28#include <nettle/cbc.h>
084a85ee 29#include <nettle/cast128.h>
94318522 30#include <nettle/serpent.h>
50f6753e 31#include <nettle/twofish.h>
3c28292f 32#include <nettle/ctr.h>
dc2207af
DB		 33#ifndef CONFIG_QEMU_PRIVATE_XTS
34#include <nettle/xts.h>
35#endif
52ed9f45
HH		 36#ifdef CONFIG_CRYPTO_SM4
37#include <nettle/sm4.h>
38#endif
ed754746 39
53ddad9b
RH		 40static inline bool qcrypto_length_check(size_t len, size_t blocksize,
41 Error **errp)
e8e67ca4 42{
53ddad9b
RH		 43 if (unlikely(len & (blocksize - 1))) {
44 error_setg(errp, "Length %zu must be a multiple of block size %zu",
45 len, blocksize);
46 return false;
47 }
48 return true;
e8e67ca4
DB		 49}
50
e8e67ca4 51
53ddad9b 52static void qcrypto_cipher_ctx_free(QCryptoCipher *ctx)
e8e67ca4 53{
53ddad9b 54 g_free(ctx);
e8e67ca4
DB		 55}
56
53ddad9b
RH		 57static int qcrypto_cipher_no_setiv(QCryptoCipher *cipher,
58 const uint8_t *iv, size_t niv,
59 Error **errp)
60{
61 error_setg(errp, "Setting IV is not supported");
62 return -1;
63}
64
65
66#define DEFINE_SETIV(NAME, TYPE, BLEN) \
67static int NAME##_setiv(QCryptoCipher *cipher, const uint8_t *iv, \
68 size_t niv, Error **errp) \
69{ \
70 TYPE *ctx = container_of(cipher, TYPE, base); \
71 if (niv != BLEN) { \
72 error_setg(errp, "Expected IV size %d not %zu", BLEN, niv); \
73 return -1; \
74 } \
75 memcpy(ctx->iv, iv, niv); \
76 return 0; \
77}
78
79
80#define DEFINE_ECB(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \
81static int NAME##_encrypt_ecb(QCryptoCipher *cipher, const void *in, \
82 void *out, size_t len, Error **errp) \
83{ \
84 TYPE *ctx = container_of(cipher, TYPE, base); \
85 if (!qcrypto_length_check(len, BLEN, errp)) { \
86 return -1; \
87 } \
88 ENCRYPT(&ctx->key, len, out, in); \
89 return 0; \
90} \
91static int NAME##_decrypt_ecb(QCryptoCipher *cipher, const void *in, \
92 void *out, size_t len, Error **errp) \
93{ \
94 TYPE *ctx = container_of(cipher, TYPE, base); \
95 if (!qcrypto_length_check(len, BLEN, errp)) { \
96 return -1; \
97 } \
98 DECRYPT(&ctx->key, len, out, in); \
99 return 0; \
100} \
101static const struct QCryptoCipherDriver NAME##_driver_ecb = { \
102 .cipher_encrypt = NAME##_encrypt_ecb, \
103 .cipher_decrypt = NAME##_decrypt_ecb, \
104 .cipher_setiv = qcrypto_cipher_no_setiv, \
105 .cipher_free = qcrypto_cipher_ctx_free, \
106};
e3ba0b67 107
f7ac78cf 108
53ddad9b
RH		 109#define DEFINE_CBC(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \
110static int NAME##_encrypt_cbc(QCryptoCipher *cipher, const void *in, \
111 void *out, size_t len, Error **errp) \
112{ \
113 TYPE *ctx = container_of(cipher, TYPE, base); \
114 if (!qcrypto_length_check(len, BLEN, errp)) { \
115 return -1; \
116 } \
117 cbc_encrypt(&ctx->key, ENCRYPT, BLEN, ctx->iv, len, out, in); \
118 return 0; \
119} \
120static int NAME##_decrypt_cbc(QCryptoCipher *cipher, const void *in, \
121 void *out, size_t len, Error **errp) \
122{ \
123 TYPE *ctx = container_of(cipher, TYPE, base); \
124 if (!qcrypto_length_check(len, BLEN, errp)) { \
125 return -1; \
126 } \
127 cbc_decrypt(&ctx->key, DECRYPT, BLEN, ctx->iv, len, out, in); \
128 return 0; \
129} \
130static const struct QCryptoCipherDriver NAME##_driver_cbc = { \
131 .cipher_encrypt = NAME##_encrypt_cbc, \
132 .cipher_decrypt = NAME##_decrypt_cbc, \
133 .cipher_setiv = NAME##_setiv, \
134 .cipher_free = qcrypto_cipher_ctx_free, \
135};
136
137
138#define DEFINE_CTR(NAME, TYPE, BLEN, ENCRYPT) \
139static int NAME##_encrypt_ctr(QCryptoCipher *cipher, const void *in, \
140 void *out, size_t len, Error **errp) \
141{ \
142 TYPE *ctx = container_of(cipher, TYPE, base); \
143 if (!qcrypto_length_check(len, BLEN, errp)) { \
144 return -1; \
145 } \
146 ctr_crypt(&ctx->key, ENCRYPT, BLEN, ctx->iv, len, out, in); \
147 return 0; \
148} \
149static const struct QCryptoCipherDriver NAME##_driver_ctr = { \
150 .cipher_encrypt = NAME##_encrypt_ctr, \
151 .cipher_decrypt = NAME##_encrypt_ctr, \
152 .cipher_setiv = NAME##_setiv, \
153 .cipher_free = qcrypto_cipher_ctx_free, \
154};
155
156
157#ifdef CONFIG_QEMU_PRIVATE_XTS
158#define DEFINE__XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \
159static void NAME##_xts_wrape(const void *ctx, size_t length, \
160 uint8_t *dst, const uint8_t *src) \
161{ \
115e4b70 162 ENCRYPT((const void *)ctx, length, dst, src); \
53ddad9b
RH		 163} \
164static void NAME##_xts_wrapd(const void *ctx, size_t length, \
165 uint8_t *dst, const uint8_t *src) \
166{ \
115e4b70 167 DECRYPT((const void *)ctx, length, dst, src); \
53ddad9b
RH		 168} \
169static int NAME##_encrypt_xts(QCryptoCipher *cipher, const void *in, \
170 void *out, size_t len, Error **errp) \
171{ \
172 TYPE *ctx = container_of(cipher, TYPE, base); \
173 if (!qcrypto_length_check(len, BLEN, errp)) { \
174 return -1; \
175 } \
176 xts_encrypt(&ctx->key, &ctx->key_xts, \
177 NAME##_xts_wrape, NAME##_xts_wrapd, \
178 ctx->iv, len, out, in); \
179 return 0; \
180} \
181static int NAME##_decrypt_xts(QCryptoCipher *cipher, const void *in, \
182 void *out, size_t len, Error **errp) \
183{ \
184 TYPE *ctx = container_of(cipher, TYPE, base); \
185 if (!qcrypto_length_check(len, BLEN, errp)) { \
186 return -1; \
187 } \
188 xts_decrypt(&ctx->key, &ctx->key_xts, \
189 NAME##_xts_wrape, NAME##_xts_wrapd, \
190 ctx->iv, len, out, in); \
191 return 0; \
192}
193#else
194#define DEFINE__XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \
195static int NAME##_encrypt_xts(QCryptoCipher *cipher, const void *in, \
196 void *out, size_t len, Error **errp) \
197{ \
198 TYPE *ctx = container_of(cipher, TYPE, base); \
199 if (!qcrypto_length_check(len, BLEN, errp)) { \
200 return -1; \
201 } \
202 xts_encrypt_message(&ctx->key, &ctx->key_xts, ENCRYPT, \
203 ctx->iv, len, out, in); \
204 return 0; \
205} \
206static int NAME##_decrypt_xts(QCryptoCipher *cipher, const void *in, \
207 void *out, size_t len, Error **errp) \
208{ \
209 TYPE *ctx = container_of(cipher, TYPE, base); \
210 if (!qcrypto_length_check(len, BLEN, errp)) { \
211 return -1; \
212 } \
213 xts_decrypt_message(&ctx->key, &ctx->key_xts, DECRYPT, ENCRYPT, \
214 ctx->iv, len, out, in); \
215 return 0; \
f7ac78cf 216}
53ddad9b
RH		 217#endif
218
219#define DEFINE_XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \
220 QEMU_BUILD_BUG_ON(BLEN != XTS_BLOCK_SIZE); \
221 DEFINE__XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \
222static const struct QCryptoCipherDriver NAME##_driver_xts = { \
223 .cipher_encrypt = NAME##_encrypt_xts, \
224 .cipher_decrypt = NAME##_decrypt_xts, \
225 .cipher_setiv = NAME##_setiv, \
226 .cipher_free = qcrypto_cipher_ctx_free, \
227};
228
229
230#define DEFINE_ECB_CBC_CTR(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \
231 DEFINE_SETIV(NAME, TYPE, BLEN) \
232 DEFINE_ECB(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \
233 DEFINE_CBC(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \
234 DEFINE_CTR(NAME, TYPE, BLEN, ENCRYPT)
235
236#define DEFINE_ECB_CBC_CTR_XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \
237 DEFINE_ECB_CBC_CTR(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \
238 DEFINE_XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT)
239
240
83bee4b5 241typedef struct QCryptoNettleDES {
53ddad9b
RH		 242 QCryptoCipher base;
243 struct des_ctx key;
244 uint8_t iv[DES_BLOCK_SIZE];
83bee4b5 245} QCryptoNettleDES;
f7ac78cf 246
115e4b70 247static void des_encrypt_native(const void *ctx, size_t length,
f7ac78cf
DB		 248 uint8_t *dst, const uint8_t *src)
249{
250 des_encrypt(ctx, length, dst, src);
251}
252
115e4b70 253static void des_decrypt_native(const void *ctx, size_t length,
f7ac78cf
DB		 254 uint8_t *dst, const uint8_t *src)
255{
256 des_decrypt(ctx, length, dst, src);
257}
258
83bee4b5 259DEFINE_ECB_CBC_CTR(qcrypto_nettle_des, QCryptoNettleDES,
53ddad9b
RH		 260 DES_BLOCK_SIZE, des_encrypt_native, des_decrypt_native)
261
262
263typedef struct QCryptoNettleDES3 {
264 QCryptoCipher base;
265 struct des3_ctx key;
266 uint8_t iv[DES3_BLOCK_SIZE];
267} QCryptoNettleDES3;
268
115e4b70 269static void des3_encrypt_native(const void *ctx, size_t length,
ffb7bf45
LM		 270 uint8_t *dst, const uint8_t *src)
271{
272 des3_encrypt(ctx, length, dst, src);
273}
274
115e4b70 275static void des3_decrypt_native(const void *ctx, size_t length,
ffb7bf45
LM		 276 uint8_t *dst, const uint8_t *src)
277{
278 des3_decrypt(ctx, length, dst, src);
279}
280
53ddad9b
RH		 281DEFINE_ECB_CBC_CTR(qcrypto_nettle_des3, QCryptoNettleDES3, DES3_BLOCK_SIZE,
282 des3_encrypt_native, des3_decrypt_native)
f7ac78cf 283
f7ac78cf 284
53ddad9b
RH		 285typedef struct QCryptoNettleAES128 {
286 QCryptoCipher base;
287 uint8_t iv[AES_BLOCK_SIZE];
288 /* First key from pair is encode, second key is decode. */
289 struct aes128_ctx key[2], key_xts[2];
290} QCryptoNettleAES128;
f7ac78cf 291
115e4b70 292static void aes128_encrypt_native(const void *ctx, size_t length,
53ddad9b 293 uint8_t *dst, const uint8_t *src)
f7ac78cf 294{
115e4b70 295 const struct aes128_ctx *keys = ctx;
53ddad9b 296 aes128_encrypt(&keys[0], length, dst, src);
f7ac78cf
DB		 297}
298
115e4b70 299static void aes128_decrypt_native(const void *ctx, size_t length,
53ddad9b 300 uint8_t *dst, const uint8_t *src)
f7ac78cf 301{
115e4b70 302 const struct aes128_ctx *keys = ctx;
53ddad9b 303 aes128_decrypt(&keys[1], length, dst, src);
f7ac78cf
DB		 304}
305
53ddad9b
RH		 306DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_aes128,
307 QCryptoNettleAES128, AES_BLOCK_SIZE,
308 aes128_encrypt_native, aes128_decrypt_native)
f7ac78cf 309
e8e67ca4 310
53ddad9b
RH		 311typedef struct QCryptoNettleAES192 {
312 QCryptoCipher base;
313 uint8_t iv[AES_BLOCK_SIZE];
314 /* First key from pair is encode, second key is decode. */
315 struct aes192_ctx key[2], key_xts[2];
316} QCryptoNettleAES192;
d3462e37 317
115e4b70 318static void aes192_encrypt_native(const void *ctx, size_t length,
53ddad9b 319 uint8_t *dst, const uint8_t *src)
d3462e37 320{
115e4b70 321 const struct aes192_ctx *keys = ctx;
53ddad9b 322 aes192_encrypt(&keys[0], length, dst, src);
e8e67ca4
DB		 323}
324
115e4b70 325static void aes192_decrypt_native(const void *ctx, size_t length,
53ddad9b 326 uint8_t *dst, const uint8_t *src)
e8e67ca4 327{
115e4b70 328 const struct aes192_ctx *keys = ctx;
53ddad9b 329 aes192_decrypt(&keys[1], length, dst, src);
e8e67ca4
DB		 330}
331
53ddad9b
RH		 332DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_aes192,
333 QCryptoNettleAES192, AES_BLOCK_SIZE,
334 aes192_encrypt_native, aes192_decrypt_native)
e8e67ca4 335
d3462e37 336
53ddad9b
RH		 337typedef struct QCryptoNettleAES256 {
338 QCryptoCipher base;
339 uint8_t iv[AES_BLOCK_SIZE];
340 /* First key from pair is encode, second key is decode. */
341 struct aes256_ctx key[2], key_xts[2];
342} QCryptoNettleAES256;
d3462e37 343
115e4b70 344static void aes256_encrypt_native(const void *ctx, size_t length,
53ddad9b 345 uint8_t *dst, const uint8_t *src)
d3462e37 346{
115e4b70 347 const struct aes256_ctx *keys = ctx;
53ddad9b 348 aes256_encrypt(&keys[0], length, dst, src);
d3462e37
RK		 349}
350
115e4b70
DB		 351static void aes256_decrypt_native(const void *ctx, size_t length,
352 uint8_t *dst, const uint8_t *src)
ffb7bf45 353{
115e4b70 354 const struct aes256_ctx *keys = ctx;
53ddad9b 355 aes256_decrypt(&keys[1], length, dst, src);
ffb7bf45
LM		 356}
357
53ddad9b
RH		 358DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_aes256,
359 QCryptoNettleAES256, AES_BLOCK_SIZE,
360 aes256_encrypt_native, aes256_decrypt_native)
ffb7bf45 361
53ddad9b
RH		 362
363typedef struct QCryptoNettleCAST128 {
364 QCryptoCipher base;
365 uint8_t iv[CAST128_BLOCK_SIZE];
366 struct cast128_ctx key, key_xts;
367} QCryptoNettleCAST128;
368
115e4b70 369static void cast128_encrypt_native(const void *ctx, size_t length,
53ddad9b 370 uint8_t *dst, const uint8_t *src)
084a85ee
DB		 371{
372 cast128_encrypt(ctx, length, dst, src);
373}
374
115e4b70 375static void cast128_decrypt_native(const void *ctx, size_t length,
53ddad9b 376 uint8_t *dst, const uint8_t *src)
084a85ee
DB		 377{
378 cast128_decrypt(ctx, length, dst, src);
379}
380
53ddad9b
RH		 381DEFINE_ECB_CBC_CTR(qcrypto_nettle_cast128,
382 QCryptoNettleCAST128, CAST128_BLOCK_SIZE,
383 cast128_encrypt_native, cast128_decrypt_native)
384
385
386typedef struct QCryptoNettleSerpent {
387 QCryptoCipher base;
388 uint8_t iv[SERPENT_BLOCK_SIZE];
389 struct serpent_ctx key, key_xts;
390} QCryptoNettleSerpent;
391
392
115e4b70 393static void serpent_encrypt_native(const void *ctx, size_t length,
53ddad9b 394 uint8_t *dst, const uint8_t *src)
94318522
DB		 395{
396 serpent_encrypt(ctx, length, dst, src);
397}
398
115e4b70 399static void serpent_decrypt_native(const void *ctx, size_t length,
53ddad9b 400 uint8_t *dst, const uint8_t *src)
94318522
DB		 401{
402 serpent_decrypt(ctx, length, dst, src);
403}
404
53ddad9b
RH		 405DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_serpent,
406 QCryptoNettleSerpent, SERPENT_BLOCK_SIZE,
407 serpent_encrypt_native, serpent_decrypt_native)
408
409
410typedef struct QCryptoNettleTwofish {
411 QCryptoCipher base;
412 uint8_t iv[TWOFISH_BLOCK_SIZE];
413 struct twofish_ctx key, key_xts;
414} QCryptoNettleTwofish;
415
115e4b70 416static void twofish_encrypt_native(const void *ctx, size_t length,
53ddad9b 417 uint8_t *dst, const uint8_t *src)
50f6753e
DB		 418{
419 twofish_encrypt(ctx, length, dst, src);
420}
421
115e4b70 422static void twofish_decrypt_native(const void *ctx, size_t length,
53ddad9b 423 uint8_t *dst, const uint8_t *src)
50f6753e
DB		 424{
425 twofish_decrypt(ctx, length, dst, src);
426}
427
53ddad9b
RH		 428DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_twofish,
429 QCryptoNettleTwofish, TWOFISH_BLOCK_SIZE,
430 twofish_encrypt_native, twofish_decrypt_native)
3eedf5cc 431
52ed9f45
HH		 432#ifdef CONFIG_CRYPTO_SM4
433typedef struct QCryptoNettleSm4 {
434 QCryptoCipher base;
435 struct sm4_ctx key[2];
436} QCryptoNettleSm4;
437
438static void sm4_encrypt_native(void *ctx, size_t length,
439 uint8_t *dst, const uint8_t *src)
440{
441 struct sm4_ctx *keys = ctx;
442 sm4_crypt(&keys[0], length, dst, src);
443}
444
445static void sm4_decrypt_native(void *ctx, size_t length,
446 uint8_t *dst, const uint8_t *src)
447{
448 struct sm4_ctx *keys = ctx;
449 sm4_crypt(&keys[1], length, dst, src);
450}
451
452DEFINE_ECB(qcrypto_nettle_sm4,
453 QCryptoNettleSm4, SM4_BLOCK_SIZE,
454 sm4_encrypt_native, sm4_decrypt_native)
455#endif
ed754746 456
f844836d
GA		 457bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg,
458 QCryptoCipherMode mode)
ed754746
DB		 459{
460 switch (alg) {
83bee4b5 461 case QCRYPTO_CIPHER_ALG_DES:
ffb7bf45 462 case QCRYPTO_CIPHER_ALG_3DES:
ed754746
DB		 463 case QCRYPTO_CIPHER_ALG_AES_128:
464 case QCRYPTO_CIPHER_ALG_AES_192:
465 case QCRYPTO_CIPHER_ALG_AES_256:
084a85ee 466 case QCRYPTO_CIPHER_ALG_CAST5_128:
94318522
DB		 467 case QCRYPTO_CIPHER_ALG_SERPENT_128:
468 case QCRYPTO_CIPHER_ALG_SERPENT_192:
469 case QCRYPTO_CIPHER_ALG_SERPENT_256:
50f6753e
DB		 470 case QCRYPTO_CIPHER_ALG_TWOFISH_128:
471 case QCRYPTO_CIPHER_ALG_TWOFISH_192:
472 case QCRYPTO_CIPHER_ALG_TWOFISH_256:
52ed9f45
HH		 473#ifdef CONFIG_CRYPTO_SM4
474 case QCRYPTO_CIPHER_ALG_SM4:
475#endif
f844836d
GA		 476 break;
477 default:
478 return false;
479 }
480
481 switch (mode) {
482 case QCRYPTO_CIPHER_MODE_ECB:
483 case QCRYPTO_CIPHER_MODE_CBC:
484 case QCRYPTO_CIPHER_MODE_XTS:
485 case QCRYPTO_CIPHER_MODE_CTR:
ed754746
DB		 486 return true;
487 default:
488 return false;
489 }
490}
491
3eedf5cc
RH		 492static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg,
493 QCryptoCipherMode mode,
494 const uint8_t *key,
495 size_t nkey,
496 Error **errp)
ed754746 497{
ed754746
DB		 498 switch (mode) {
499 case QCRYPTO_CIPHER_MODE_ECB:
500 case QCRYPTO_CIPHER_MODE_CBC:
eaec903c 501 case QCRYPTO_CIPHER_MODE_XTS:
3c28292f 502 case QCRYPTO_CIPHER_MODE_CTR:
ed754746
DB		 503 break;
504 default:
53ddad9b 505 goto bad_cipher_mode;
ed754746
DB		 506 }
507
eaec903c 508 if (!qcrypto_cipher_validate_key_length(alg, mode, nkey, errp)) {
ed754746
DB		 509 return NULL;
510 }
511
ed754746 512 switch (alg) {
83bee4b5 513 case QCRYPTO_CIPHER_ALG_DES:
53ddad9b 514 {
83bee4b5 515 QCryptoNettleDES *ctx;
53ddad9b 516 const QCryptoCipherDriver *drv;
53ddad9b
RH		 517
518 switch (mode) {
519 case QCRYPTO_CIPHER_MODE_ECB:
83bee4b5 520 drv = &qcrypto_nettle_des_driver_ecb;
53ddad9b
RH		 521 break;
522 case QCRYPTO_CIPHER_MODE_CBC:
83bee4b5 523 drv = &qcrypto_nettle_des_driver_cbc;
53ddad9b
RH		 524 break;
525 case QCRYPTO_CIPHER_MODE_CTR:
83bee4b5 526 drv = &qcrypto_nettle_des_driver_ctr;
53ddad9b
RH		 527 break;
528 default:
529 goto bad_cipher_mode;
530 }
531
83bee4b5 532 ctx = g_new0(QCryptoNettleDES, 1);
53ddad9b 533 ctx->base.driver = drv;
83bee4b5 534 des_set_key(&ctx->key, key);
53ddad9b
RH		 535
536 return &ctx->base;
537 }
ed754746 538
ffb7bf45 539 case QCRYPTO_CIPHER_ALG_3DES:
53ddad9b
RH		 540 {
541 QCryptoNettleDES3 *ctx;
542 const QCryptoCipherDriver *drv;
543
544 switch (mode) {
545 case QCRYPTO_CIPHER_MODE_ECB:
546 drv = &qcrypto_nettle_des3_driver_ecb;
547 break;
548 case QCRYPTO_CIPHER_MODE_CBC:
549 drv = &qcrypto_nettle_des3_driver_cbc;
550 break;
551 case QCRYPTO_CIPHER_MODE_CTR:
552 drv = &qcrypto_nettle_des3_driver_ctr;
553 break;
554 default:
555 goto bad_cipher_mode;
556 }
557
558 ctx = g_new0(QCryptoNettleDES3, 1);
559 ctx->base.driver = drv;
560 des3_set_key(&ctx->key, key);
561 return &ctx->base;
562 }
ffb7bf45 563
ed754746 564 case QCRYPTO_CIPHER_ALG_AES_128:
53ddad9b
RH		 565 {
566 QCryptoNettleAES128 *ctx = g_new0(QCryptoNettleAES128, 1);
567
568 switch (mode) {
569 case QCRYPTO_CIPHER_MODE_ECB:
570 ctx->base.driver = &qcrypto_nettle_aes128_driver_ecb;
571 break;
572 case QCRYPTO_CIPHER_MODE_CBC:
573 ctx->base.driver = &qcrypto_nettle_aes128_driver_cbc;
574 break;
575 case QCRYPTO_CIPHER_MODE_CTR:
576 ctx->base.driver = &qcrypto_nettle_aes128_driver_ctr;
577 break;
578 case QCRYPTO_CIPHER_MODE_XTS:
579 ctx->base.driver = &qcrypto_nettle_aes128_driver_xts;
580 nkey /= 2;
581 aes128_set_encrypt_key(&ctx->key_xts[0], key + nkey);
582 aes128_set_decrypt_key(&ctx->key_xts[1], key + nkey);
583 break;
584 default:
585 g_assert_not_reached();
586 }
587 aes128_set_encrypt_key(&ctx->key[0], key);
588 aes128_set_decrypt_key(&ctx->key[1], key);
589
590 return &ctx->base;
e8e67ca4
DB		 591 }
592
ed754746 593 case QCRYPTO_CIPHER_ALG_AES_192:
53ddad9b
RH		 594 {
595 QCryptoNettleAES192 *ctx = g_new0(QCryptoNettleAES192, 1);
596
597 switch (mode) {
598 case QCRYPTO_CIPHER_MODE_ECB:
599 ctx->base.driver = &qcrypto_nettle_aes192_driver_ecb;
600 break;
601 case QCRYPTO_CIPHER_MODE_CBC:
602 ctx->base.driver = &qcrypto_nettle_aes192_driver_cbc;
603 break;
604 case QCRYPTO_CIPHER_MODE_CTR:
605 ctx->base.driver = &qcrypto_nettle_aes192_driver_ctr;
606 break;
607 case QCRYPTO_CIPHER_MODE_XTS:
608 ctx->base.driver = &qcrypto_nettle_aes192_driver_xts;
609 nkey /= 2;
610 aes192_set_encrypt_key(&ctx->key_xts[0], key + nkey);
611 aes192_set_decrypt_key(&ctx->key_xts[1], key + nkey);
612 break;
613 default:
614 g_assert_not_reached();
615 }
616 aes192_set_encrypt_key(&ctx->key[0], key);
617 aes192_set_decrypt_key(&ctx->key[1], key);
618
619 return &ctx->base;
e8e67ca4
DB		 620 }
621
ed754746 622 case QCRYPTO_CIPHER_ALG_AES_256:
53ddad9b
RH		 623 {
624 QCryptoNettleAES256 *ctx = g_new0(QCryptoNettleAES256, 1);
625
626 switch (mode) {
627 case QCRYPTO_CIPHER_MODE_ECB:
628 ctx->base.driver = &qcrypto_nettle_aes256_driver_ecb;
629 break;
630 case QCRYPTO_CIPHER_MODE_CBC:
631 ctx->base.driver = &qcrypto_nettle_aes256_driver_cbc;
632 break;
633 case QCRYPTO_CIPHER_MODE_CTR:
634 ctx->base.driver = &qcrypto_nettle_aes256_driver_ctr;
635 break;
636 case QCRYPTO_CIPHER_MODE_XTS:
637 ctx->base.driver = &qcrypto_nettle_aes256_driver_xts;
638 nkey /= 2;
639 aes256_set_encrypt_key(&ctx->key_xts[0], key + nkey);
640 aes256_set_decrypt_key(&ctx->key_xts[1], key + nkey);
641 break;
642 default:
643 g_assert_not_reached();
644 }
645 aes256_set_encrypt_key(&ctx->key[0], key);
646 aes256_set_decrypt_key(&ctx->key[1], key);
647
648 return &ctx->base;
eaec903c 649 }
ed754746 650
084a85ee 651 case QCRYPTO_CIPHER_ALG_CAST5_128:
53ddad9b
RH		 652 {
653 QCryptoNettleCAST128 *ctx;
654 const QCryptoCipherDriver *drv;
655
656 switch (mode) {
657 case QCRYPTO_CIPHER_MODE_ECB:
658 drv = &qcrypto_nettle_cast128_driver_ecb;
659 break;
660 case QCRYPTO_CIPHER_MODE_CBC:
661 drv = &qcrypto_nettle_cast128_driver_cbc;
662 break;
663 case QCRYPTO_CIPHER_MODE_CTR:
664 drv = &qcrypto_nettle_cast128_driver_ctr;
665 break;
666 default:
667 goto bad_cipher_mode;
668 }
669
670 ctx = g_new0(QCryptoNettleCAST128, 1);
671 ctx->base.driver = drv;
672 cast5_set_key(&ctx->key, nkey, key);
673
674 return &ctx->base;
eaec903c 675 }
084a85ee 676
94318522
DB		 677 case QCRYPTO_CIPHER_ALG_SERPENT_128:
678 case QCRYPTO_CIPHER_ALG_SERPENT_192:
679 case QCRYPTO_CIPHER_ALG_SERPENT_256:
53ddad9b
RH		 680 {
681 QCryptoNettleSerpent *ctx = g_new0(QCryptoNettleSerpent, 1);
682
683 switch (mode) {
684 case QCRYPTO_CIPHER_MODE_ECB:
685 ctx->base.driver = &qcrypto_nettle_serpent_driver_ecb;
686 break;
687 case QCRYPTO_CIPHER_MODE_CBC:
688 ctx->base.driver = &qcrypto_nettle_serpent_driver_cbc;
689 break;
690 case QCRYPTO_CIPHER_MODE_CTR:
691 ctx->base.driver = &qcrypto_nettle_serpent_driver_ctr;
692 break;
693 case QCRYPTO_CIPHER_MODE_XTS:
694 ctx->base.driver = &qcrypto_nettle_serpent_driver_xts;
695 nkey /= 2;
696 serpent_set_key(&ctx->key_xts, nkey, key + nkey);
697 break;
698 default:
699 g_assert_not_reached();
700 }
701 serpent_set_key(&ctx->key, nkey, key);
702
703 return &ctx->base;
eaec903c 704 }
94318522 705
50f6753e
DB		 706 case QCRYPTO_CIPHER_ALG_TWOFISH_128:
707 case QCRYPTO_CIPHER_ALG_TWOFISH_192:
708 case QCRYPTO_CIPHER_ALG_TWOFISH_256:
53ddad9b
RH		 709 {
710 QCryptoNettleTwofish *ctx = g_new0(QCryptoNettleTwofish, 1);
711
712 switch (mode) {
713 case QCRYPTO_CIPHER_MODE_ECB:
714 ctx->base.driver = &qcrypto_nettle_twofish_driver_ecb;
715 break;
716 case QCRYPTO_CIPHER_MODE_CBC:
717 ctx->base.driver = &qcrypto_nettle_twofish_driver_cbc;
718 break;
719 case QCRYPTO_CIPHER_MODE_CTR:
720 ctx->base.driver = &qcrypto_nettle_twofish_driver_ctr;
721 break;
722 case QCRYPTO_CIPHER_MODE_XTS:
723 ctx->base.driver = &qcrypto_nettle_twofish_driver_xts;
724 nkey /= 2;
725 twofish_set_key(&ctx->key_xts, nkey, key + nkey);
726 break;
727 default:
728 g_assert_not_reached();
729 }
730 twofish_set_key(&ctx->key, nkey, key);
731
732 return &ctx->base;
eaec903c 733 }
52ed9f45
HH		 734#ifdef CONFIG_CRYPTO_SM4
735 case QCRYPTO_CIPHER_ALG_SM4:
736 {
737 QCryptoNettleSm4 *ctx = g_new0(QCryptoNettleSm4, 1);
738
739 switch (mode) {
740 case QCRYPTO_CIPHER_MODE_ECB:
741 ctx->base.driver = &qcrypto_nettle_sm4_driver_ecb;
742 break;
743 default:
744 goto bad_cipher_mode;
745 }
746
747 sm4_set_encrypt_key(&ctx->key[0], key);
748 sm4_set_decrypt_key(&ctx->key[1], key);
749
750 return &ctx->base;
751 }
752#endif
50f6753e 753
ed754746 754 default:
90d6f60d 755 error_setg(errp, "Unsupported cipher algorithm %s",
977c736f 756 QCryptoCipherAlgorithm_str(alg));
53ddad9b 757 return NULL;
a5d2f44d
DB		 758 }
759
53ddad9b
RH		 760 bad_cipher_mode:
761 error_setg(errp, "Unsupported cipher mode %s",
762 QCryptoCipherMode_str(mode));
ed754746
DB		 763 return NULL;
764}
Mirror of https://git.qemu.org/git/qemu.git