1/* 2 * QEMU Crypto cipher nettle algorithms 3 * 4 * Copyright (c) 2015 Red Hat, Inc. 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2.1 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 18 * 19 */ 20 21#ifdef CONFIG_QEMU_PRIVATE_XTS 22#include "crypto/xts.h" 23#endif 24 25#include <nettle/nettle-types.h> 26#include <nettle/aes.h> 27#include <nettle/des.h> 28#include <nettle/cbc.h> 29#include <nettle/cast128.h> 30#include <nettle/serpent.h> 31#include <nettle/twofish.h> 32#include <nettle/ctr.h> 33#ifndef CONFIG_QEMU_PRIVATE_XTS 34#include <nettle/xts.h> 35#endif 36#ifdef CONFIG_CRYPTO_SM4 37#include <nettle/sm4.h> 38#endif 39 40static inline bool qcrypto_length_check(size_t len, size_t blocksize, 41 Error **errp) 42{ 43 if (unlikely(len & (blocksize - 1))) { 44 error_setg(errp, "Length %zu must be a multiple of block size %zu", 45 len, blocksize); 46 return false; 47 } 48 return true; 49} 50 51 52static void qcrypto_cipher_ctx_free(QCryptoCipher *ctx) 53{ 54 g_free(ctx); 55} 56 57static int qcrypto_cipher_no_setiv(QCryptoCipher *cipher, 58 const uint8_t *iv, size_t niv, 59 Error **errp) 60{ 61 error_setg(errp, "Setting IV is not supported"); 62 return -1; 63} 64 65 66#define DEFINE_SETIV(NAME, TYPE, BLEN) \ 67static int NAME##_setiv(QCryptoCipher *cipher, const uint8_t *iv, \ 68 size_t niv, Error **errp) \ 69{ \ 70 TYPE *ctx = container_of(cipher, TYPE, base); \ 71 if (niv != BLEN) { \ 72 error_setg(errp, "Expected IV size %d not %zu", BLEN, niv); \ 73 return -1; \ 74 } \ 75 memcpy(ctx->iv, iv, niv); \ 76 return 0; \ 77} 78 79 80#define DEFINE_ECB(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ 81static int NAME##_encrypt_ecb(QCryptoCipher *cipher, const void *in, \ 82 void *out, size_t len, Error **errp) \ 83{ \ 84 TYPE *ctx = container_of(cipher, TYPE, base); \ 85 if (!qcrypto_length_check(len, BLEN, errp)) { \ 86 return -1; \ 87 } \ 88 ENCRYPT(&ctx->key, len, out, in); \ 89 return 0; \ 90} \ 91static int NAME##_decrypt_ecb(QCryptoCipher *cipher, const void *in, \ 92 void *out, size_t len, Error **errp) \ 93{ \ 94 TYPE *ctx = container_of(cipher, TYPE, base); \ 95 if (!qcrypto_length_check(len, BLEN, errp)) { \ 96 return -1; \ 97 } \ 98 DECRYPT(&ctx->key, len, out, in); \ 99 return 0; \ 100} \ 101static const struct QCryptoCipherDriver NAME##_driver_ecb = { \ 102 .cipher_encrypt = NAME##_encrypt_ecb, \ 103 .cipher_decrypt = NAME##_decrypt_ecb, \ 104 .cipher_setiv = qcrypto_cipher_no_setiv, \ 105 .cipher_free = qcrypto_cipher_ctx_free, \ 106}; 107 108 109#define DEFINE_CBC(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ 110static int NAME##_encrypt_cbc(QCryptoCipher *cipher, const void *in, \ 111 void *out, size_t len, Error **errp) \ 112{ \ 113 TYPE *ctx = container_of(cipher, TYPE, base); \ 114 if (!qcrypto_length_check(len, BLEN, errp)) { \ 115 return -1; \ 116 } \ 117 cbc_encrypt(&ctx->key, ENCRYPT, BLEN, ctx->iv, len, out, in); \ 118 return 0; \ 119} \ 120static int NAME##_decrypt_cbc(QCryptoCipher *cipher, const void *in, \ 121 void *out, size_t len, Error **errp) \ 122{ \ 123 TYPE *ctx = container_of(cipher, TYPE, base); \ 124 if (!qcrypto_length_check(len, BLEN, errp)) { \ 125 return -1; \ 126 } \ 127 cbc_decrypt(&ctx->key, DECRYPT, BLEN, ctx->iv, len, out, in); \ 128 return 0; \ 129} \ 130static const struct QCryptoCipherDriver NAME##_driver_cbc = { \ 131 .cipher_encrypt = NAME##_encrypt_cbc, \ 132 .cipher_decrypt = NAME##_decrypt_cbc, \ 133 .cipher_setiv = NAME##_setiv, \ 134 .cipher_free = qcrypto_cipher_ctx_free, \ 135}; 136 137 138#define DEFINE_CTR(NAME, TYPE, BLEN, ENCRYPT) \ 139static int NAME##_encrypt_ctr(QCryptoCipher *cipher, const void *in, \ 140 void *out, size_t len, Error **errp) \ 141{ \ 142 TYPE *ctx = container_of(cipher, TYPE, base); \ 143 if (!qcrypto_length_check(len, BLEN, errp)) { \ 144 return -1; \ 145 } \ 146 ctr_crypt(&ctx->key, ENCRYPT, BLEN, ctx->iv, len, out, in); \ 147 return 0; \ 148} \ 149static const struct QCryptoCipherDriver NAME##_driver_ctr = { \ 150 .cipher_encrypt = NAME##_encrypt_ctr, \ 151 .cipher_decrypt = NAME##_encrypt_ctr, \ 152 .cipher_setiv = NAME##_setiv, \ 153 .cipher_free = qcrypto_cipher_ctx_free, \ 154}; 155 156 157#ifdef CONFIG_QEMU_PRIVATE_XTS 158#define DEFINE__XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ 159static void NAME##_xts_wrape(const void *ctx, size_t length, \ 160 uint8_t *dst, const uint8_t *src) \ 161{ \ 162 ENCRYPT((const void *)ctx, length, dst, src); \ 163} \ 164static void NAME##_xts_wrapd(const void *ctx, size_t length, \ 165 uint8_t *dst, const uint8_t *src) \ 166{ \ 167 DECRYPT((const void *)ctx, length, dst, src); \ 168} \ 169static int NAME##_encrypt_xts(QCryptoCipher *cipher, const void *in, \ 170 void *out, size_t len, Error **errp) \ 171{ \ 172 TYPE *ctx = container_of(cipher, TYPE, base); \ 173 if (!qcrypto_length_check(len, BLEN, errp)) { \ 174 return -1; \ 175 } \ 176 xts_encrypt(&ctx->key, &ctx->key_xts, \ 177 NAME##_xts_wrape, NAME##_xts_wrapd, \ 178 ctx->iv, len, out, in); \ 179 return 0; \ 180} \ 181static int NAME##_decrypt_xts(QCryptoCipher *cipher, const void *in, \ 182 void *out, size_t len, Error **errp) \ 183{ \ 184 TYPE *ctx = container_of(cipher, TYPE, base); \ 185 if (!qcrypto_length_check(len, BLEN, errp)) { \ 186 return -1; \ 187 } \ 188 xts_decrypt(&ctx->key, &ctx->key_xts, \ 189 NAME##_xts_wrape, NAME##_xts_wrapd, \ 190 ctx->iv, len, out, in); \ 191 return 0; \ 192} 193#else 194#define DEFINE__XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ 195static int NAME##_encrypt_xts(QCryptoCipher *cipher, const void *in, \ 196 void *out, size_t len, Error **errp) \ 197{ \ 198 TYPE *ctx = container_of(cipher, TYPE, base); \ 199 if (!qcrypto_length_check(len, BLEN, errp)) { \ 200 return -1; \ 201 } \ 202 xts_encrypt_message(&ctx->key, &ctx->key_xts, ENCRYPT, \ 203 ctx->iv, len, out, in); \ 204 return 0; \ 205} \ 206static int NAME##_decrypt_xts(QCryptoCipher *cipher, const void *in, \ 207 void *out, size_t len, Error **errp) \ 208{ \ 209 TYPE *ctx = container_of(cipher, TYPE, base); \ 210 if (!qcrypto_length_check(len, BLEN, errp)) { \ 211 return -1; \ 212 } \ 213 xts_decrypt_message(&ctx->key, &ctx->key_xts, DECRYPT, ENCRYPT, \ 214 ctx->iv, len, out, in); \ 215 return 0; \ 216} 217#endif 218 219#define DEFINE_XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ 220 QEMU_BUILD_BUG_ON(BLEN != XTS_BLOCK_SIZE); \ 221 DEFINE__XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ 222static const struct QCryptoCipherDriver NAME##_driver_xts = { \ 223 .cipher_encrypt = NAME##_encrypt_xts, \ 224 .cipher_decrypt = NAME##_decrypt_xts, \ 225 .cipher_setiv = NAME##_setiv, \ 226 .cipher_free = qcrypto_cipher_ctx_free, \ 227}; 228 229 230#define DEFINE_ECB_CBC_CTR(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ 231 DEFINE_SETIV(NAME, TYPE, BLEN) \ 232 DEFINE_ECB(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ 233 DEFINE_CBC(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ 234 DEFINE_CTR(NAME, TYPE, BLEN, ENCRYPT) 235 236#define DEFINE_ECB_CBC_CTR_XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ 237 DEFINE_ECB_CBC_CTR(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ 238 DEFINE_XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) 239 240 241typedef struct QCryptoNettleDES { 242 QCryptoCipher base; 243 struct des_ctx key; 244 uint8_t iv[DES_BLOCK_SIZE]; 245} QCryptoNettleDES; 246 247static void des_encrypt_native(const void *ctx, size_t length, 248 uint8_t *dst, const uint8_t *src) 249{ 250 des_encrypt(ctx, length, dst, src); 251} 252 253static void des_decrypt_native(const void *ctx, size_t length, 254 uint8_t *dst, const uint8_t *src) 255{ 256 des_decrypt(ctx, length, dst, src); 257} 258 259DEFINE_ECB_CBC_CTR(qcrypto_nettle_des, QCryptoNettleDES, 260 DES_BLOCK_SIZE, des_encrypt_native, des_decrypt_native) 261 262 263typedef struct QCryptoNettleDES3 { 264 QCryptoCipher base; 265 struct des3_ctx key; 266 uint8_t iv[DES3_BLOCK_SIZE]; 267} QCryptoNettleDES3; 268 269static void des3_encrypt_native(const void *ctx, size_t length, 270 uint8_t *dst, const uint8_t *src) 271{ 272 des3_encrypt(ctx, length, dst, src); 273} 274 275static void des3_decrypt_native(const void *ctx, size_t length, 276 uint8_t *dst, const uint8_t *src) 277{ 278 des3_decrypt(ctx, length, dst, src); 279} 280 281DEFINE_ECB_CBC_CTR(qcrypto_nettle_des3, QCryptoNettleDES3, DES3_BLOCK_SIZE, 282 des3_encrypt_native, des3_decrypt_native) 283 284 285typedef struct QCryptoNettleAES128 { 286 QCryptoCipher base; 287 uint8_t iv[AES_BLOCK_SIZE]; 288 /* First key from pair is encode, second key is decode. */ 289 struct aes128_ctx key[2], key_xts[2]; 290} QCryptoNettleAES128; 291 292static void aes128_encrypt_native(const void *ctx, size_t length, 293 uint8_t *dst, const uint8_t *src) 294{ 295 const struct aes128_ctx *keys = ctx; 296 aes128_encrypt(&keys[0], length, dst, src); 297} 298 299static void aes128_decrypt_native(const void *ctx, size_t length, 300 uint8_t *dst, const uint8_t *src) 301{ 302 const struct aes128_ctx *keys = ctx; 303 aes128_decrypt(&keys[1], length, dst, src); 304} 305 306DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_aes128, 307 QCryptoNettleAES128, AES_BLOCK_SIZE, 308 aes128_encrypt_native, aes128_decrypt_native) 309 310 311typedef struct QCryptoNettleAES192 { 312 QCryptoCipher base; 313 uint8_t iv[AES_BLOCK_SIZE]; 314 /* First key from pair is encode, second key is decode. */ 315 struct aes192_ctx key[2], key_xts[2]; 316} QCryptoNettleAES192; 317 318static void aes192_encrypt_native(const void *ctx, size_t length, 319 uint8_t *dst, const uint8_t *src) 320{ 321 const struct aes192_ctx *keys = ctx; 322 aes192_encrypt(&keys[0], length, dst, src); 323} 324 325static void aes192_decrypt_native(const void *ctx, size_t length, 326 uint8_t *dst, const uint8_t *src) 327{ 328 const struct aes192_ctx *keys = ctx; 329 aes192_decrypt(&keys[1], length, dst, src); 330} 331 332DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_aes192, 333 QCryptoNettleAES192, AES_BLOCK_SIZE, 334 aes192_encrypt_native, aes192_decrypt_native) 335 336 337typedef struct QCryptoNettleAES256 { 338 QCryptoCipher base; 339 uint8_t iv[AES_BLOCK_SIZE]; 340 /* First key from pair is encode, second key is decode. */ 341 struct aes256_ctx key[2], key_xts[2]; 342} QCryptoNettleAES256; 343 344static void aes256_encrypt_native(const void *ctx, size_t length, 345 uint8_t *dst, const uint8_t *src) 346{ 347 const struct aes256_ctx *keys = ctx; 348 aes256_encrypt(&keys[0], length, dst, src); 349} 350 351static void aes256_decrypt_native(const void *ctx, size_t length, 352 uint8_t *dst, const uint8_t *src) 353{ 354 const struct aes256_ctx *keys = ctx; 355 aes256_decrypt(&keys[1], length, dst, src); 356} 357 358DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_aes256, 359 QCryptoNettleAES256, AES_BLOCK_SIZE, 360 aes256_encrypt_native, aes256_decrypt_native) 361 362 363typedef struct QCryptoNettleCAST128 { 364 QCryptoCipher base; 365 uint8_t iv[CAST128_BLOCK_SIZE]; 366 struct cast128_ctx key, key_xts; 367} QCryptoNettleCAST128; 368 369static void cast128_encrypt_native(const void *ctx, size_t length, 370 uint8_t *dst, const uint8_t *src) 371{ 372 cast128_encrypt(ctx, length, dst, src); 373} 374 375static void cast128_decrypt_native(const void *ctx, size_t length, 376 uint8_t *dst, const uint8_t *src) 377{ 378 cast128_decrypt(ctx, length, dst, src); 379} 380 381DEFINE_ECB_CBC_CTR(qcrypto_nettle_cast128, 382 QCryptoNettleCAST128, CAST128_BLOCK_SIZE, 383 cast128_encrypt_native, cast128_decrypt_native) 384 385 386typedef struct QCryptoNettleSerpent { 387 QCryptoCipher base; 388 uint8_t iv[SERPENT_BLOCK_SIZE]; 389 struct serpent_ctx key, key_xts; 390} QCryptoNettleSerpent; 391 392 393static void serpent_encrypt_native(const void *ctx, size_t length, 394 uint8_t *dst, const uint8_t *src) 395{ 396 serpent_encrypt(ctx, length, dst, src); 397} 398 399static void serpent_decrypt_native(const void *ctx, size_t length, 400 uint8_t *dst, const uint8_t *src) 401{ 402 serpent_decrypt(ctx, length, dst, src); 403} 404 405DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_serpent, 406 QCryptoNettleSerpent, SERPENT_BLOCK_SIZE, 407 serpent_encrypt_native, serpent_decrypt_native) 408 409 410typedef struct QCryptoNettleTwofish { 411 QCryptoCipher base; 412 uint8_t iv[TWOFISH_BLOCK_SIZE]; 413 struct twofish_ctx key, key_xts; 414} QCryptoNettleTwofish; 415 416static void twofish_encrypt_native(const void *ctx, size_t length, 417 uint8_t *dst, const uint8_t *src) 418{ 419 twofish_encrypt(ctx, length, dst, src); 420} 421 422static void twofish_decrypt_native(const void *ctx, size_t length, 423 uint8_t *dst, const uint8_t *src) 424{ 425 twofish_decrypt(ctx, length, dst, src); 426} 427 428DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_twofish, 429 QCryptoNettleTwofish, TWOFISH_BLOCK_SIZE, 430 twofish_encrypt_native, twofish_decrypt_native) 431 432#ifdef CONFIG_CRYPTO_SM4 433typedef struct QCryptoNettleSm4 { 434 QCryptoCipher base; 435 struct sm4_ctx key[2]; 436} QCryptoNettleSm4; 437 438static void sm4_encrypt_native(void *ctx, size_t length, 439 uint8_t *dst, const uint8_t *src) 440{ 441 struct sm4_ctx *keys = ctx; 442 sm4_crypt(&keys[0], length, dst, src); 443} 444 445static void sm4_decrypt_native(void *ctx, size_t length, 446 uint8_t *dst, const uint8_t *src) 447{ 448 struct sm4_ctx *keys = ctx; 449 sm4_crypt(&keys[1], length, dst, src); 450} 451 452DEFINE_ECB(qcrypto_nettle_sm4, 453 QCryptoNettleSm4, SM4_BLOCK_SIZE, 454 sm4_encrypt_native, sm4_decrypt_native) 455#endif 456 457bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, 458 QCryptoCipherMode mode) 459{ 460 switch (alg) { 461 case QCRYPTO_CIPHER_ALG_DES: 462 case QCRYPTO_CIPHER_ALG_3DES: 463 case QCRYPTO_CIPHER_ALG_AES_128: 464 case QCRYPTO_CIPHER_ALG_AES_192: 465 case QCRYPTO_CIPHER_ALG_AES_256: 466 case QCRYPTO_CIPHER_ALG_CAST5_128: 467 case QCRYPTO_CIPHER_ALG_SERPENT_128: 468 case QCRYPTO_CIPHER_ALG_SERPENT_192: 469 case QCRYPTO_CIPHER_ALG_SERPENT_256: 470 case QCRYPTO_CIPHER_ALG_TWOFISH_128: 471 case QCRYPTO_CIPHER_ALG_TWOFISH_192: 472 case QCRYPTO_CIPHER_ALG_TWOFISH_256: 473#ifdef CONFIG_CRYPTO_SM4 474 case QCRYPTO_CIPHER_ALG_SM4: 475#endif 476 break; 477 default: 478 return false; 479 } 480 481 switch (mode) { 482 case QCRYPTO_CIPHER_MODE_ECB: 483 case QCRYPTO_CIPHER_MODE_CBC: 484 case QCRYPTO_CIPHER_MODE_XTS: 485 case QCRYPTO_CIPHER_MODE_CTR: 486 return true; 487 default: 488 return false; 489 } 490} 491 492static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg, 493 QCryptoCipherMode mode, 494 const uint8_t *key, 495 size_t nkey, 496 Error **errp) 497{ 498 switch (mode) { 499 case QCRYPTO_CIPHER_MODE_ECB: 500 case QCRYPTO_CIPHER_MODE_CBC: 501 case QCRYPTO_CIPHER_MODE_XTS: 502 case QCRYPTO_CIPHER_MODE_CTR: 503 break; 504 default: 505 goto bad_cipher_mode; 506 } 507 508 if (!qcrypto_cipher_validate_key_length(alg, mode, nkey, errp)) { 509 return NULL; 510 } 511 512 switch (alg) { 513 case QCRYPTO_CIPHER_ALG_DES: 514 { 515 QCryptoNettleDES *ctx; 516 const QCryptoCipherDriver *drv; 517 518 switch (mode) { 519 case QCRYPTO_CIPHER_MODE_ECB: 520 drv = &qcrypto_nettle_des_driver_ecb; 521 break; 522 case QCRYPTO_CIPHER_MODE_CBC: 523 drv = &qcrypto_nettle_des_driver_cbc; 524 break; 525 case QCRYPTO_CIPHER_MODE_CTR: 526 drv = &qcrypto_nettle_des_driver_ctr; 527 break; 528 default: 529 goto bad_cipher_mode; 530 } 531 532 ctx = g_new0(QCryptoNettleDES, 1); 533 ctx->base.driver = drv; 534 des_set_key(&ctx->key, key); 535 536 return &ctx->base; 537 } 538 539 case QCRYPTO_CIPHER_ALG_3DES: 540 { 541 QCryptoNettleDES3 *ctx; 542 const QCryptoCipherDriver *drv; 543 544 switch (mode) { 545 case QCRYPTO_CIPHER_MODE_ECB: 546 drv = &qcrypto_nettle_des3_driver_ecb; 547 break; 548 case QCRYPTO_CIPHER_MODE_CBC: 549 drv = &qcrypto_nettle_des3_driver_cbc; 550 break; 551 case QCRYPTO_CIPHER_MODE_CTR: 552 drv = &qcrypto_nettle_des3_driver_ctr; 553 break; 554 default: 555 goto bad_cipher_mode; 556 } 557 558 ctx = g_new0(QCryptoNettleDES3, 1); 559 ctx->base.driver = drv; 560 des3_set_key(&ctx->key, key); 561 return &ctx->base; 562 } 563 564 case QCRYPTO_CIPHER_ALG_AES_128: 565 { 566 QCryptoNettleAES128 *ctx = g_new0(QCryptoNettleAES128, 1); 567 568 switch (mode) { 569 case QCRYPTO_CIPHER_MODE_ECB: 570 ctx->base.driver = &qcrypto_nettle_aes128_driver_ecb; 571 break; 572 case QCRYPTO_CIPHER_MODE_CBC: 573 ctx->base.driver = &qcrypto_nettle_aes128_driver_cbc; 574 break; 575 case QCRYPTO_CIPHER_MODE_CTR: 576 ctx->base.driver = &qcrypto_nettle_aes128_driver_ctr; 577 break; 578 case QCRYPTO_CIPHER_MODE_XTS: 579 ctx->base.driver = &qcrypto_nettle_aes128_driver_xts; 580 nkey /= 2; 581 aes128_set_encrypt_key(&ctx->key_xts[0], key + nkey); 582 aes128_set_decrypt_key(&ctx->key_xts[1], key + nkey); 583 break; 584 default: 585 g_assert_not_reached(); 586 } 587 aes128_set_encrypt_key(&ctx->key[0], key); 588 aes128_set_decrypt_key(&ctx->key[1], key); 589 590 return &ctx->base; 591 } 592 593 case QCRYPTO_CIPHER_ALG_AES_192: 594 { 595 QCryptoNettleAES192 *ctx = g_new0(QCryptoNettleAES192, 1); 596 597 switch (mode) { 598 case QCRYPTO_CIPHER_MODE_ECB: 599 ctx->base.driver = &qcrypto_nettle_aes192_driver_ecb; 600 break; 601 case QCRYPTO_CIPHER_MODE_CBC: 602 ctx->base.driver = &qcrypto_nettle_aes192_driver_cbc; 603 break; 604 case QCRYPTO_CIPHER_MODE_CTR: 605 ctx->base.driver = &qcrypto_nettle_aes192_driver_ctr; 606 break; 607 case QCRYPTO_CIPHER_MODE_XTS: 608 ctx->base.driver = &qcrypto_nettle_aes192_driver_xts; 609 nkey /= 2; 610 aes192_set_encrypt_key(&ctx->key_xts[0], key + nkey); 611 aes192_set_decrypt_key(&ctx->key_xts[1], key + nkey); 612 break; 613 default: 614 g_assert_not_reached(); 615 } 616 aes192_set_encrypt_key(&ctx->key[0], key); 617 aes192_set_decrypt_key(&ctx->key[1], key); 618 619 return &ctx->base; 620 } 621 622 case QCRYPTO_CIPHER_ALG_AES_256: 623 { 624 QCryptoNettleAES256 *ctx = g_new0(QCryptoNettleAES256, 1); 625 626 switch (mode) { 627 case QCRYPTO_CIPHER_MODE_ECB: 628 ctx->base.driver = &qcrypto_nettle_aes256_driver_ecb; 629 break; 630 case QCRYPTO_CIPHER_MODE_CBC: 631 ctx->base.driver = &qcrypto_nettle_aes256_driver_cbc; 632 break; 633 case QCRYPTO_CIPHER_MODE_CTR: 634 ctx->base.driver = &qcrypto_nettle_aes256_driver_ctr; 635 break; 636 case QCRYPTO_CIPHER_MODE_XTS: 637 ctx->base.driver = &qcrypto_nettle_aes256_driver_xts; 638 nkey /= 2; 639 aes256_set_encrypt_key(&ctx->key_xts[0], key + nkey); 640 aes256_set_decrypt_key(&ctx->key_xts[1], key + nkey); 641 break; 642 default: 643 g_assert_not_reached(); 644 } 645 aes256_set_encrypt_key(&ctx->key[0], key); 646 aes256_set_decrypt_key(&ctx->key[1], key); 647 648 return &ctx->base; 649 } 650 651 case QCRYPTO_CIPHER_ALG_CAST5_128: 652 { 653 QCryptoNettleCAST128 *ctx; 654 const QCryptoCipherDriver *drv; 655 656 switch (mode) { 657 case QCRYPTO_CIPHER_MODE_ECB: 658 drv = &qcrypto_nettle_cast128_driver_ecb; 659 break; 660 case QCRYPTO_CIPHER_MODE_CBC: 661 drv = &qcrypto_nettle_cast128_driver_cbc; 662 break; 663 case QCRYPTO_CIPHER_MODE_CTR: 664 drv = &qcrypto_nettle_cast128_driver_ctr; 665 break; 666 default: 667 goto bad_cipher_mode; 668 } 669 670 ctx = g_new0(QCryptoNettleCAST128, 1); 671 ctx->base.driver = drv; 672 cast5_set_key(&ctx->key, nkey, key); 673 674 return &ctx->base; 675 } 676 677 case QCRYPTO_CIPHER_ALG_SERPENT_128: 678 case QCRYPTO_CIPHER_ALG_SERPENT_192: 679 case QCRYPTO_CIPHER_ALG_SERPENT_256: 680 { 681 QCryptoNettleSerpent *ctx = g_new0(QCryptoNettleSerpent, 1); 682 683 switch (mode) { 684 case QCRYPTO_CIPHER_MODE_ECB: 685 ctx->base.driver = &qcrypto_nettle_serpent_driver_ecb; 686 break; 687 case QCRYPTO_CIPHER_MODE_CBC: 688 ctx->base.driver = &qcrypto_nettle_serpent_driver_cbc; 689 break; 690 case QCRYPTO_CIPHER_MODE_CTR: 691 ctx->base.driver = &qcrypto_nettle_serpent_driver_ctr; 692 break; 693 case QCRYPTO_CIPHER_MODE_XTS: 694 ctx->base.driver = &qcrypto_nettle_serpent_driver_xts; 695 nkey /= 2; 696 serpent_set_key(&ctx->key_xts, nkey, key + nkey); 697 break; 698 default: 699 g_assert_not_reached(); 700 } 701 serpent_set_key(&ctx->key, nkey, key); 702 703 return &ctx->base; 704 } 705 706 case QCRYPTO_CIPHER_ALG_TWOFISH_128: 707 case QCRYPTO_CIPHER_ALG_TWOFISH_192: 708 case QCRYPTO_CIPHER_ALG_TWOFISH_256: 709 { 710 QCryptoNettleTwofish *ctx = g_new0(QCryptoNettleTwofish, 1); 711 712 switch (mode) { 713 case QCRYPTO_CIPHER_MODE_ECB: 714 ctx->base.driver = &qcrypto_nettle_twofish_driver_ecb; 715 break; 716 case QCRYPTO_CIPHER_MODE_CBC: 717 ctx->base.driver = &qcrypto_nettle_twofish_driver_cbc; 718 break; 719 case QCRYPTO_CIPHER_MODE_CTR: 720 ctx->base.driver = &qcrypto_nettle_twofish_driver_ctr; 721 break; 722 case QCRYPTO_CIPHER_MODE_XTS: 723 ctx->base.driver = &qcrypto_nettle_twofish_driver_xts; 724 nkey /= 2; 725 twofish_set_key(&ctx->key_xts, nkey, key + nkey); 726 break; 727 default: 728 g_assert_not_reached(); 729 } 730 twofish_set_key(&ctx->key, nkey, key); 731 732 return &ctx->base; 733 } 734#ifdef CONFIG_CRYPTO_SM4 735 case QCRYPTO_CIPHER_ALG_SM4: 736 { 737 QCryptoNettleSm4 *ctx; 738 const QCryptoCipherDriver *drv; 739 740 switch (mode) { 741 case QCRYPTO_CIPHER_MODE_ECB: 742 drv = &qcrypto_nettle_sm4_driver_ecb; 743 break; 744 default: 745 goto bad_cipher_mode; 746 } 747 748 ctx = g_new0(QCryptoNettleSm4, 1); 749 ctx->base.driver = drv; 750 sm4_set_encrypt_key(&ctx->key[0], key); 751 sm4_set_decrypt_key(&ctx->key[1], key); 752 753 return &ctx->base; 754 } 755#endif 756 757 default: 758 error_setg(errp, "Unsupported cipher algorithm %s", 759 QCryptoCipherAlgorithm_str(alg)); 760 return NULL; 761 } 762 763 bad_cipher_mode: 764 error_setg(errp, "Unsupported cipher mode %s", 765 QCryptoCipherMode_str(mode)); 766 return NULL; 767} 768