]>
Commit | Line | Data |
---|---|---|
ca38a4cc DB |
1 | /* |
2 | * QEMU Crypto cipher algorithms | |
3 | * | |
4 | * Copyright (c) 2015 Red Hat, Inc. | |
5 | * | |
6 | * This library is free software; you can redistribute it and/or | |
7 | * modify it under the terms of the GNU Lesser General Public | |
8 | * License as published by the Free Software Foundation; either | |
b7cbb874 | 9 | * version 2.1 of the License, or (at your option) any later version. |
ca38a4cc DB |
10 | * |
11 | * This library is distributed in the hope that it will be useful, | |
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
14 | * Lesser General Public License for more details. | |
15 | * | |
16 | * You should have received a copy of the GNU Lesser General Public | |
17 | * License along with this library; if not, see <http://www.gnu.org/licenses/>. | |
18 | * | |
19 | */ | |
20 | ||
42f7a448 | 21 | #include "qemu/osdep.h" |
eba29771 | 22 | #include "qemu/host-utils.h" |
da34e65c | 23 | #include "qapi/error.h" |
ca38a4cc | 24 | #include "crypto/cipher.h" |
75c80078 | 25 | #include "cipherpriv.h" |
ca38a4cc | 26 | |
62893b67 | 27 | |
e46064a4 | 28 | static const size_t alg_key_len[QCRYPTO_CIPHER_ALG__MAX] = { |
ca38a4cc DB |
29 | [QCRYPTO_CIPHER_ALG_AES_128] = 16, |
30 | [QCRYPTO_CIPHER_ALG_AES_192] = 24, | |
31 | [QCRYPTO_CIPHER_ALG_AES_256] = 32, | |
83bee4b5 | 32 | [QCRYPTO_CIPHER_ALG_DES] = 8, |
ffb7bf45 | 33 | [QCRYPTO_CIPHER_ALG_3DES] = 24, |
084a85ee | 34 | [QCRYPTO_CIPHER_ALG_CAST5_128] = 16, |
94318522 DB |
35 | [QCRYPTO_CIPHER_ALG_SERPENT_128] = 16, |
36 | [QCRYPTO_CIPHER_ALG_SERPENT_192] = 24, | |
37 | [QCRYPTO_CIPHER_ALG_SERPENT_256] = 32, | |
50f6753e DB |
38 | [QCRYPTO_CIPHER_ALG_TWOFISH_128] = 16, |
39 | [QCRYPTO_CIPHER_ALG_TWOFISH_192] = 24, | |
40 | [QCRYPTO_CIPHER_ALG_TWOFISH_256] = 32, | |
52ed9f45 HH |
41 | #ifdef CONFIG_CRYPTO_SM4 |
42 | [QCRYPTO_CIPHER_ALG_SM4] = 16, | |
43 | #endif | |
ca38a4cc DB |
44 | }; |
45 | ||
e46064a4 | 46 | static const size_t alg_block_len[QCRYPTO_CIPHER_ALG__MAX] = { |
dd2bf9eb DB |
47 | [QCRYPTO_CIPHER_ALG_AES_128] = 16, |
48 | [QCRYPTO_CIPHER_ALG_AES_192] = 16, | |
49 | [QCRYPTO_CIPHER_ALG_AES_256] = 16, | |
83bee4b5 | 50 | [QCRYPTO_CIPHER_ALG_DES] = 8, |
ffb7bf45 | 51 | [QCRYPTO_CIPHER_ALG_3DES] = 8, |
084a85ee | 52 | [QCRYPTO_CIPHER_ALG_CAST5_128] = 8, |
94318522 DB |
53 | [QCRYPTO_CIPHER_ALG_SERPENT_128] = 16, |
54 | [QCRYPTO_CIPHER_ALG_SERPENT_192] = 16, | |
55 | [QCRYPTO_CIPHER_ALG_SERPENT_256] = 16, | |
50f6753e DB |
56 | [QCRYPTO_CIPHER_ALG_TWOFISH_128] = 16, |
57 | [QCRYPTO_CIPHER_ALG_TWOFISH_192] = 16, | |
58 | [QCRYPTO_CIPHER_ALG_TWOFISH_256] = 16, | |
52ed9f45 HH |
59 | #ifdef CONFIG_CRYPTO_SM4 |
60 | [QCRYPTO_CIPHER_ALG_SM4] = 16, | |
61 | #endif | |
dd2bf9eb DB |
62 | }; |
63 | ||
e46064a4 | 64 | static const bool mode_need_iv[QCRYPTO_CIPHER_MODE__MAX] = { |
dd2bf9eb DB |
65 | [QCRYPTO_CIPHER_MODE_ECB] = false, |
66 | [QCRYPTO_CIPHER_MODE_CBC] = true, | |
eaec903c | 67 | [QCRYPTO_CIPHER_MODE_XTS] = true, |
3c28292f | 68 | [QCRYPTO_CIPHER_MODE_CTR] = true, |
dd2bf9eb DB |
69 | }; |
70 | ||
71 | ||
72 | size_t qcrypto_cipher_get_block_len(QCryptoCipherAlgorithm alg) | |
73 | { | |
32c813e6 | 74 | assert(alg < G_N_ELEMENTS(alg_key_len)); |
dd2bf9eb DB |
75 | return alg_block_len[alg]; |
76 | } | |
77 | ||
78 | ||
79 | size_t qcrypto_cipher_get_key_len(QCryptoCipherAlgorithm alg) | |
80 | { | |
32c813e6 | 81 | assert(alg < G_N_ELEMENTS(alg_key_len)); |
dd2bf9eb DB |
82 | return alg_key_len[alg]; |
83 | } | |
84 | ||
85 | ||
86 | size_t qcrypto_cipher_get_iv_len(QCryptoCipherAlgorithm alg, | |
87 | QCryptoCipherMode mode) | |
88 | { | |
89 | if (alg >= G_N_ELEMENTS(alg_block_len)) { | |
90 | return 0; | |
91 | } | |
92 | if (mode >= G_N_ELEMENTS(mode_need_iv)) { | |
93 | return 0; | |
94 | } | |
95 | ||
96 | if (mode_need_iv[mode]) { | |
97 | return alg_block_len[alg]; | |
98 | } | |
99 | return 0; | |
100 | } | |
101 | ||
102 | ||
ca38a4cc DB |
103 | static bool |
104 | qcrypto_cipher_validate_key_length(QCryptoCipherAlgorithm alg, | |
eaec903c | 105 | QCryptoCipherMode mode, |
ca38a4cc DB |
106 | size_t nkey, |
107 | Error **errp) | |
108 | { | |
d8c02bcc | 109 | if ((unsigned)alg >= QCRYPTO_CIPHER_ALG__MAX) { |
ca38a4cc DB |
110 | error_setg(errp, "Cipher algorithm %d out of range", |
111 | alg); | |
112 | return false; | |
113 | } | |
114 | ||
eaec903c | 115 | if (mode == QCRYPTO_CIPHER_MODE_XTS) { |
83bee4b5 DB |
116 | if (alg == QCRYPTO_CIPHER_ALG_DES || |
117 | alg == QCRYPTO_CIPHER_ALG_3DES) { | |
118 | error_setg(errp, "XTS mode not compatible with DES/3DES"); | |
eaec903c DB |
119 | return false; |
120 | } | |
121 | if (nkey % 2) { | |
122 | error_setg(errp, "XTS cipher key length should be a multiple of 2"); | |
123 | return false; | |
124 | } | |
125 | ||
126 | if (alg_key_len[alg] != (nkey / 2)) { | |
127 | error_setg(errp, "Cipher key length %zu should be %zu", | |
128 | nkey, alg_key_len[alg] * 2); | |
129 | return false; | |
130 | } | |
131 | } else { | |
132 | if (alg_key_len[alg] != nkey) { | |
133 | error_setg(errp, "Cipher key length %zu should be %zu", | |
134 | nkey, alg_key_len[alg]); | |
135 | return false; | |
136 | } | |
ca38a4cc DB |
137 | } |
138 | return true; | |
139 | } | |
140 | ||
91bfcdb0 | 141 | #ifdef CONFIG_GCRYPT |
6d92bdf4 | 142 | #include "cipher-gcrypt.c.inc" |
91bfcdb0 | 143 | #elif defined CONFIG_NETTLE |
6d92bdf4 | 144 | #include "cipher-nettle.c.inc" |
3d2b61ff DB |
145 | #elif defined CONFIG_GNUTLS_CRYPTO |
146 | #include "cipher-gnutls.c.inc" | |
62893b67 | 147 | #else |
6d92bdf4 | 148 | #include "cipher-builtin.c.inc" |
62893b67 | 149 | #endif |
75c80078 LM |
150 | |
151 | QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg, | |
152 | QCryptoCipherMode mode, | |
153 | const uint8_t *key, size_t nkey, | |
154 | Error **errp) | |
155 | { | |
3eedf5cc | 156 | QCryptoCipher *cipher = NULL; |
25c60df3 LM |
157 | |
158 | #ifdef CONFIG_AF_ALG | |
3eedf5cc | 159 | cipher = qcrypto_afalg_cipher_ctx_new(alg, mode, key, nkey, NULL); |
25c60df3 | 160 | #endif |
75c80078 | 161 | |
3eedf5cc RH |
162 | if (!cipher) { |
163 | cipher = qcrypto_cipher_ctx_new(alg, mode, key, nkey, errp); | |
164 | if (!cipher) { | |
25c60df3 LM |
165 | return NULL; |
166 | } | |
75c80078 LM |
167 | } |
168 | ||
75c80078 LM |
169 | cipher->alg = alg; |
170 | cipher->mode = mode; | |
75c80078 LM |
171 | |
172 | return cipher; | |
173 | } | |
174 | ||
175 | ||
176 | int qcrypto_cipher_encrypt(QCryptoCipher *cipher, | |
177 | const void *in, | |
178 | void *out, | |
179 | size_t len, | |
180 | Error **errp) | |
181 | { | |
7b5dbfb7 | 182 | const QCryptoCipherDriver *drv = cipher->driver; |
75c80078 LM |
183 | return drv->cipher_encrypt(cipher, in, out, len, errp); |
184 | } | |
185 | ||
186 | ||
187 | int qcrypto_cipher_decrypt(QCryptoCipher *cipher, | |
188 | const void *in, | |
189 | void *out, | |
190 | size_t len, | |
191 | Error **errp) | |
192 | { | |
7b5dbfb7 | 193 | const QCryptoCipherDriver *drv = cipher->driver; |
75c80078 LM |
194 | return drv->cipher_decrypt(cipher, in, out, len, errp); |
195 | } | |
196 | ||
197 | ||
198 | int qcrypto_cipher_setiv(QCryptoCipher *cipher, | |
199 | const uint8_t *iv, size_t niv, | |
200 | Error **errp) | |
201 | { | |
7b5dbfb7 | 202 | const QCryptoCipherDriver *drv = cipher->driver; |
75c80078 LM |
203 | return drv->cipher_setiv(cipher, iv, niv, errp); |
204 | } | |
205 | ||
206 | ||
207 | void qcrypto_cipher_free(QCryptoCipher *cipher) | |
208 | { | |
75c80078 | 209 | if (cipher) { |
3eedf5cc | 210 | cipher->driver->cipher_free(cipher); |
75c80078 LM |
211 | } |
212 | } |