1 | /* |
2 | * QEMU Crypto cipher algorithms |
3 | * |
4 | * Copyright (c) 2015 Red Hat, Inc. |
5 | * |
6 | * This library is free software; you can redistribute it and/or |
7 | * modify it under the terms of the GNU Lesser General Public |
8 | * License as published by the Free Software Foundation; either |
9 | * version 2.1 of the License, or (at your option) any later version. |
10 | * |
11 | * This library is distributed in the hope that it will be useful, |
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
14 | * Lesser General Public License for more details. |
15 | * |
16 | * You should have received a copy of the GNU Lesser General Public |
17 | * License along with this library; if not, see <http://www.gnu.org/licenses/>. |
18 | * |
19 | */ |
20 | |
21 | #include "qemu/osdep.h" |
22 | #include "qapi/error.h" |
23 | #include "crypto/cipher.h" |
24 | #include "cipherpriv.h" |
25 | |
26 | |
27 | static size_t alg_key_len[QCRYPTO_CIPHER_ALG__MAX] = { |
28 | [QCRYPTO_CIPHER_ALG_AES_128] = 16, |
29 | [QCRYPTO_CIPHER_ALG_AES_192] = 24, |
30 | [QCRYPTO_CIPHER_ALG_AES_256] = 32, |
31 | [QCRYPTO_CIPHER_ALG_DES_RFB] = 8, |
32 | [QCRYPTO_CIPHER_ALG_3DES] = 24, |
33 | [QCRYPTO_CIPHER_ALG_CAST5_128] = 16, |
34 | [QCRYPTO_CIPHER_ALG_SERPENT_128] = 16, |
35 | [QCRYPTO_CIPHER_ALG_SERPENT_192] = 24, |
36 | [QCRYPTO_CIPHER_ALG_SERPENT_256] = 32, |
37 | [QCRYPTO_CIPHER_ALG_TWOFISH_128] = 16, |
38 | [QCRYPTO_CIPHER_ALG_TWOFISH_192] = 24, |
39 | [QCRYPTO_CIPHER_ALG_TWOFISH_256] = 32, |
40 | }; |
41 | |
42 | static size_t alg_block_len[QCRYPTO_CIPHER_ALG__MAX] = { |
43 | [QCRYPTO_CIPHER_ALG_AES_128] = 16, |
44 | [QCRYPTO_CIPHER_ALG_AES_192] = 16, |
45 | [QCRYPTO_CIPHER_ALG_AES_256] = 16, |
46 | [QCRYPTO_CIPHER_ALG_DES_RFB] = 8, |
47 | [QCRYPTO_CIPHER_ALG_3DES] = 8, |
48 | [QCRYPTO_CIPHER_ALG_CAST5_128] = 8, |
49 | [QCRYPTO_CIPHER_ALG_SERPENT_128] = 16, |
50 | [QCRYPTO_CIPHER_ALG_SERPENT_192] = 16, |
51 | [QCRYPTO_CIPHER_ALG_SERPENT_256] = 16, |
52 | [QCRYPTO_CIPHER_ALG_TWOFISH_128] = 16, |
53 | [QCRYPTO_CIPHER_ALG_TWOFISH_192] = 16, |
54 | [QCRYPTO_CIPHER_ALG_TWOFISH_256] = 16, |
55 | }; |
56 | |
57 | static bool mode_need_iv[QCRYPTO_CIPHER_MODE__MAX] = { |
58 | [QCRYPTO_CIPHER_MODE_ECB] = false, |
59 | [QCRYPTO_CIPHER_MODE_CBC] = true, |
60 | [QCRYPTO_CIPHER_MODE_XTS] = true, |
61 | [QCRYPTO_CIPHER_MODE_CTR] = true, |
62 | }; |
63 | |
64 | |
65 | size_t qcrypto_cipher_get_block_len(QCryptoCipherAlgorithm alg) |
66 | { |
67 | assert(alg < G_N_ELEMENTS(alg_key_len)); |
68 | return alg_block_len[alg]; |
69 | } |
70 | |
71 | |
72 | size_t qcrypto_cipher_get_key_len(QCryptoCipherAlgorithm alg) |
73 | { |
74 | assert(alg < G_N_ELEMENTS(alg_key_len)); |
75 | return alg_key_len[alg]; |
76 | } |
77 | |
78 | |
79 | size_t qcrypto_cipher_get_iv_len(QCryptoCipherAlgorithm alg, |
80 | QCryptoCipherMode mode) |
81 | { |
82 | if (alg >= G_N_ELEMENTS(alg_block_len)) { |
83 | return 0; |
84 | } |
85 | if (mode >= G_N_ELEMENTS(mode_need_iv)) { |
86 | return 0; |
87 | } |
88 | |
89 | if (mode_need_iv[mode]) { |
90 | return alg_block_len[alg]; |
91 | } |
92 | return 0; |
93 | } |
94 | |
95 | |
96 | static bool |
97 | qcrypto_cipher_validate_key_length(QCryptoCipherAlgorithm alg, |
98 | QCryptoCipherMode mode, |
99 | size_t nkey, |
100 | Error **errp) |
101 | { |
102 | if ((unsigned)alg >= QCRYPTO_CIPHER_ALG__MAX) { |
103 | error_setg(errp, "Cipher algorithm %d out of range" , |
104 | alg); |
105 | return false; |
106 | } |
107 | |
108 | if (mode == QCRYPTO_CIPHER_MODE_XTS) { |
109 | if (alg == QCRYPTO_CIPHER_ALG_DES_RFB |
110 | || alg == QCRYPTO_CIPHER_ALG_3DES) { |
111 | error_setg(errp, "XTS mode not compatible with DES-RFB/3DES" ); |
112 | return false; |
113 | } |
114 | if (nkey % 2) { |
115 | error_setg(errp, "XTS cipher key length should be a multiple of 2" ); |
116 | return false; |
117 | } |
118 | |
119 | if (alg_key_len[alg] != (nkey / 2)) { |
120 | error_setg(errp, "Cipher key length %zu should be %zu" , |
121 | nkey, alg_key_len[alg] * 2); |
122 | return false; |
123 | } |
124 | } else { |
125 | if (alg_key_len[alg] != nkey) { |
126 | error_setg(errp, "Cipher key length %zu should be %zu" , |
127 | nkey, alg_key_len[alg]); |
128 | return false; |
129 | } |
130 | } |
131 | return true; |
132 | } |
133 | |
134 | #if defined(CONFIG_GCRYPT) || defined(CONFIG_NETTLE) |
135 | static uint8_t * |
136 | qcrypto_cipher_munge_des_rfb_key(const uint8_t *key, |
137 | size_t nkey) |
138 | { |
139 | uint8_t *ret = g_new0(uint8_t, nkey); |
140 | size_t i; |
141 | for (i = 0; i < nkey; i++) { |
142 | uint8_t r = key[i]; |
143 | r = (r & 0xf0) >> 4 | (r & 0x0f) << 4; |
144 | r = (r & 0xcc) >> 2 | (r & 0x33) << 2; |
145 | r = (r & 0xaa) >> 1 | (r & 0x55) << 1; |
146 | ret[i] = r; |
147 | } |
148 | return ret; |
149 | } |
150 | #endif /* CONFIG_GCRYPT || CONFIG_NETTLE */ |
151 | |
152 | #ifdef CONFIG_GCRYPT |
153 | #include "cipher-gcrypt.c" |
154 | #elif defined CONFIG_NETTLE |
155 | #include "cipher-nettle.c" |
156 | #else |
157 | #include "cipher-builtin.c" |
158 | #endif |
159 | |
160 | QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg, |
161 | QCryptoCipherMode mode, |
162 | const uint8_t *key, size_t nkey, |
163 | Error **errp) |
164 | { |
165 | QCryptoCipher *cipher; |
166 | void *ctx = NULL; |
167 | QCryptoCipherDriver *drv = NULL; |
168 | |
169 | #ifdef CONFIG_AF_ALG |
170 | ctx = qcrypto_afalg_cipher_ctx_new(alg, mode, key, nkey, NULL); |
171 | if (ctx) { |
172 | drv = &qcrypto_cipher_afalg_driver; |
173 | } |
174 | #endif |
175 | |
176 | if (!ctx) { |
177 | ctx = qcrypto_cipher_ctx_new(alg, mode, key, nkey, errp); |
178 | if (!ctx) { |
179 | return NULL; |
180 | } |
181 | |
182 | drv = &qcrypto_cipher_lib_driver; |
183 | } |
184 | |
185 | cipher = g_new0(QCryptoCipher, 1); |
186 | cipher->alg = alg; |
187 | cipher->mode = mode; |
188 | cipher->opaque = ctx; |
189 | cipher->driver = (void *)drv; |
190 | |
191 | return cipher; |
192 | } |
193 | |
194 | |
195 | int qcrypto_cipher_encrypt(QCryptoCipher *cipher, |
196 | const void *in, |
197 | void *out, |
198 | size_t len, |
199 | Error **errp) |
200 | { |
201 | QCryptoCipherDriver *drv = cipher->driver; |
202 | return drv->cipher_encrypt(cipher, in, out, len, errp); |
203 | } |
204 | |
205 | |
206 | int qcrypto_cipher_decrypt(QCryptoCipher *cipher, |
207 | const void *in, |
208 | void *out, |
209 | size_t len, |
210 | Error **errp) |
211 | { |
212 | QCryptoCipherDriver *drv = cipher->driver; |
213 | return drv->cipher_decrypt(cipher, in, out, len, errp); |
214 | } |
215 | |
216 | |
217 | int qcrypto_cipher_setiv(QCryptoCipher *cipher, |
218 | const uint8_t *iv, size_t niv, |
219 | Error **errp) |
220 | { |
221 | QCryptoCipherDriver *drv = cipher->driver; |
222 | return drv->cipher_setiv(cipher, iv, niv, errp); |
223 | } |
224 | |
225 | |
226 | void qcrypto_cipher_free(QCryptoCipher *cipher) |
227 | { |
228 | QCryptoCipherDriver *drv; |
229 | if (cipher) { |
230 | drv = cipher->driver; |
231 | drv->cipher_free(cipher); |
232 | g_free(cipher); |
233 | } |
234 | } |
235 | |