1/* 2 * QEMU Crypto cipher nettle algorithms 3 * 4 * Copyright (c) 2015 Red Hat, Inc. 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2.1 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 18 * 19 */ 20 21#ifdef CONFIG_QEMU_PRIVATE_XTS 22#include "crypto/xts.h" 23#endif 24 25#include <nettle/nettle-types.h> 26#include <nettle/aes.h> 27#include <nettle/des.h> 28#include <nettle/cbc.h> 29#include <nettle/cast128.h> 30#include <nettle/serpent.h> 31#include <nettle/twofish.h> 32#include <nettle/ctr.h> 33#ifndef CONFIG_QEMU_PRIVATE_XTS 34#include <nettle/xts.h> 35#endif 36 37typedef void (*QCryptoCipherNettleFuncWrapper)(const void *ctx, 38 size_t length, 39 uint8_t *dst, 40 const uint8_t *src); 41 42#if CONFIG_NETTLE_VERSION_MAJOR < 3 43typedef nettle_crypt_func * QCryptoCipherNettleFuncNative; 44typedef void * cipher_ctx_t; 45typedef unsigned cipher_length_t; 46#define CONST_CTX 47 48#define cast5_set_key cast128_set_key 49 50#define aes128_ctx aes_ctx 51#define aes192_ctx aes_ctx 52#define aes256_ctx aes_ctx 53#define aes128_set_encrypt_key(c, k) \ 54 aes_set_encrypt_key(c, 16, k) 55#define aes192_set_encrypt_key(c, k) \ 56 aes_set_encrypt_key(c, 24, k) 57#define aes256_set_encrypt_key(c, k) \ 58 aes_set_encrypt_key(c, 32, k) 59#define aes128_set_decrypt_key(c, k) \ 60 aes_set_decrypt_key(c, 16, k) 61#define aes192_set_decrypt_key(c, k) \ 62 aes_set_decrypt_key(c, 24, k) 63#define aes256_set_decrypt_key(c, k) \ 64 aes_set_decrypt_key(c, 32, k) 65#define aes128_encrypt aes_encrypt 66#define aes192_encrypt aes_encrypt 67#define aes256_encrypt aes_encrypt 68#define aes128_decrypt aes_decrypt 69#define aes192_decrypt aes_decrypt 70#define aes256_decrypt aes_decrypt 71#else 72typedef nettle_cipher_func * QCryptoCipherNettleFuncNative; 73typedef const void * cipher_ctx_t; 74typedef size_t cipher_length_t; 75#define CONST_CTX const 76#endif 77 78static inline bool qcrypto_length_check(size_t len, size_t blocksize, 79 Error **errp) 80{ 81 if (unlikely(len & (blocksize - 1))) { 82 error_setg(errp, "Length %zu must be a multiple of block size %zu", 83 len, blocksize); 84 return false; 85 } 86 return true; 87} 88 89 90static void qcrypto_cipher_ctx_free(QCryptoCipher *ctx) 91{ 92 g_free(ctx); 93} 94 95static int qcrypto_cipher_no_setiv(QCryptoCipher *cipher, 96 const uint8_t *iv, size_t niv, 97 Error **errp) 98{ 99 error_setg(errp, "Setting IV is not supported"); 100 return -1; 101} 102 103 104#define DEFINE_SETIV(NAME, TYPE, BLEN) \ 105static int NAME##_setiv(QCryptoCipher *cipher, const uint8_t *iv, \ 106 size_t niv, Error **errp) \ 107{ \ 108 TYPE *ctx = container_of(cipher, TYPE, base); \ 109 if (niv != BLEN) { \ 110 error_setg(errp, "Expected IV size %d not %zu", BLEN, niv); \ 111 return -1; \ 112 } \ 113 memcpy(ctx->iv, iv, niv); \ 114 return 0; \ 115} 116 117 118#define DEFINE_ECB(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ 119static int NAME##_encrypt_ecb(QCryptoCipher *cipher, const void *in, \ 120 void *out, size_t len, Error **errp) \ 121{ \ 122 TYPE *ctx = container_of(cipher, TYPE, base); \ 123 if (!qcrypto_length_check(len, BLEN, errp)) { \ 124 return -1; \ 125 } \ 126 ENCRYPT(&ctx->key, len, out, in); \ 127 return 0; \ 128} \ 129static int NAME##_decrypt_ecb(QCryptoCipher *cipher, const void *in, \ 130 void *out, size_t len, Error **errp) \ 131{ \ 132 TYPE *ctx = container_of(cipher, TYPE, base); \ 133 if (!qcrypto_length_check(len, BLEN, errp)) { \ 134 return -1; \ 135 } \ 136 DECRYPT(&ctx->key, len, out, in); \ 137 return 0; \ 138} \ 139static const struct QCryptoCipherDriver NAME##_driver_ecb = { \ 140 .cipher_encrypt = NAME##_encrypt_ecb, \ 141 .cipher_decrypt = NAME##_decrypt_ecb, \ 142 .cipher_setiv = qcrypto_cipher_no_setiv, \ 143 .cipher_free = qcrypto_cipher_ctx_free, \ 144}; 145 146 147#define DEFINE_CBC(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ 148static int NAME##_encrypt_cbc(QCryptoCipher *cipher, const void *in, \ 149 void *out, size_t len, Error **errp) \ 150{ \ 151 TYPE *ctx = container_of(cipher, TYPE, base); \ 152 if (!qcrypto_length_check(len, BLEN, errp)) { \ 153 return -1; \ 154 } \ 155 cbc_encrypt(&ctx->key, ENCRYPT, BLEN, ctx->iv, len, out, in); \ 156 return 0; \ 157} \ 158static int NAME##_decrypt_cbc(QCryptoCipher *cipher, const void *in, \ 159 void *out, size_t len, Error **errp) \ 160{ \ 161 TYPE *ctx = container_of(cipher, TYPE, base); \ 162 if (!qcrypto_length_check(len, BLEN, errp)) { \ 163 return -1; \ 164 } \ 165 cbc_decrypt(&ctx->key, DECRYPT, BLEN, ctx->iv, len, out, in); \ 166 return 0; \ 167} \ 168static const struct QCryptoCipherDriver NAME##_driver_cbc = { \ 169 .cipher_encrypt = NAME##_encrypt_cbc, \ 170 .cipher_decrypt = NAME##_decrypt_cbc, \ 171 .cipher_setiv = NAME##_setiv, \ 172 .cipher_free = qcrypto_cipher_ctx_free, \ 173}; 174 175 176#define DEFINE_CTR(NAME, TYPE, BLEN, ENCRYPT) \ 177static int NAME##_encrypt_ctr(QCryptoCipher *cipher, const void *in, \ 178 void *out, size_t len, Error **errp) \ 179{ \ 180 TYPE *ctx = container_of(cipher, TYPE, base); \ 181 if (!qcrypto_length_check(len, BLEN, errp)) { \ 182 return -1; \ 183 } \ 184 ctr_crypt(&ctx->key, ENCRYPT, BLEN, ctx->iv, len, out, in); \ 185 return 0; \ 186} \ 187static const struct QCryptoCipherDriver NAME##_driver_ctr = { \ 188 .cipher_encrypt = NAME##_encrypt_ctr, \ 189 .cipher_decrypt = NAME##_encrypt_ctr, \ 190 .cipher_setiv = NAME##_setiv, \ 191 .cipher_free = qcrypto_cipher_ctx_free, \ 192}; 193 194 195#ifdef CONFIG_QEMU_PRIVATE_XTS 196#define DEFINE__XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ 197static void NAME##_xts_wrape(const void *ctx, size_t length, \ 198 uint8_t *dst, const uint8_t *src) \ 199{ \ 200 ENCRYPT((cipher_ctx_t)ctx, length, dst, src); \ 201} \ 202static void NAME##_xts_wrapd(const void *ctx, size_t length, \ 203 uint8_t *dst, const uint8_t *src) \ 204{ \ 205 DECRYPT((cipher_ctx_t)ctx, length, dst, src); \ 206} \ 207static int NAME##_encrypt_xts(QCryptoCipher *cipher, const void *in, \ 208 void *out, size_t len, Error **errp) \ 209{ \ 210 TYPE *ctx = container_of(cipher, TYPE, base); \ 211 if (!qcrypto_length_check(len, BLEN, errp)) { \ 212 return -1; \ 213 } \ 214 xts_encrypt(&ctx->key, &ctx->key_xts, \ 215 NAME##_xts_wrape, NAME##_xts_wrapd, \ 216 ctx->iv, len, out, in); \ 217 return 0; \ 218} \ 219static int NAME##_decrypt_xts(QCryptoCipher *cipher, const void *in, \ 220 void *out, size_t len, Error **errp) \ 221{ \ 222 TYPE *ctx = container_of(cipher, TYPE, base); \ 223 if (!qcrypto_length_check(len, BLEN, errp)) { \ 224 return -1; \ 225 } \ 226 xts_decrypt(&ctx->key, &ctx->key_xts, \ 227 NAME##_xts_wrape, NAME##_xts_wrapd, \ 228 ctx->iv, len, out, in); \ 229 return 0; \ 230} 231#else 232#define DEFINE__XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ 233static int NAME##_encrypt_xts(QCryptoCipher *cipher, const void *in, \ 234 void *out, size_t len, Error **errp) \ 235{ \ 236 TYPE *ctx = container_of(cipher, TYPE, base); \ 237 if (!qcrypto_length_check(len, BLEN, errp)) { \ 238 return -1; \ 239 } \ 240 xts_encrypt_message(&ctx->key, &ctx->key_xts, ENCRYPT, \ 241 ctx->iv, len, out, in); \ 242 return 0; \ 243} \ 244static int NAME##_decrypt_xts(QCryptoCipher *cipher, const void *in, \ 245 void *out, size_t len, Error **errp) \ 246{ \ 247 TYPE *ctx = container_of(cipher, TYPE, base); \ 248 if (!qcrypto_length_check(len, BLEN, errp)) { \ 249 return -1; \ 250 } \ 251 xts_decrypt_message(&ctx->key, &ctx->key_xts, DECRYPT, ENCRYPT, \ 252 ctx->iv, len, out, in); \ 253 return 0; \ 254} 255#endif 256 257#define DEFINE_XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ 258 QEMU_BUILD_BUG_ON(BLEN != XTS_BLOCK_SIZE); \ 259 DEFINE__XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ 260static const struct QCryptoCipherDriver NAME##_driver_xts = { \ 261 .cipher_encrypt = NAME##_encrypt_xts, \ 262 .cipher_decrypt = NAME##_decrypt_xts, \ 263 .cipher_setiv = NAME##_setiv, \ 264 .cipher_free = qcrypto_cipher_ctx_free, \ 265}; 266 267 268#define DEFINE_ECB_CBC_CTR(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ 269 DEFINE_SETIV(NAME, TYPE, BLEN) \ 270 DEFINE_ECB(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ 271 DEFINE_CBC(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ 272 DEFINE_CTR(NAME, TYPE, BLEN, ENCRYPT) 273 274#define DEFINE_ECB_CBC_CTR_XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ 275 DEFINE_ECB_CBC_CTR(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ 276 DEFINE_XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) 277 278 279typedef struct QCryptoNettleDESRFB { 280 QCryptoCipher base; 281 struct des_ctx key; 282 uint8_t iv[DES_BLOCK_SIZE]; 283} QCryptoNettleDESRFB; 284 285static void des_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, 286 uint8_t *dst, const uint8_t *src) 287{ 288 des_encrypt(ctx, length, dst, src); 289} 290 291static void des_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, 292 uint8_t *dst, const uint8_t *src) 293{ 294 des_decrypt(ctx, length, dst, src); 295} 296 297DEFINE_ECB_CBC_CTR(qcrypto_nettle_des_rfb, QCryptoNettleDESRFB, 298 DES_BLOCK_SIZE, des_encrypt_native, des_decrypt_native) 299 300 301typedef struct QCryptoNettleDES3 { 302 QCryptoCipher base; 303 struct des3_ctx key; 304 uint8_t iv[DES3_BLOCK_SIZE]; 305} QCryptoNettleDES3; 306 307static void des3_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, 308 uint8_t *dst, const uint8_t *src) 309{ 310 des3_encrypt(ctx, length, dst, src); 311} 312 313static void des3_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, 314 uint8_t *dst, const uint8_t *src) 315{ 316 des3_decrypt(ctx, length, dst, src); 317} 318 319DEFINE_ECB_CBC_CTR(qcrypto_nettle_des3, QCryptoNettleDES3, DES3_BLOCK_SIZE, 320 des3_encrypt_native, des3_decrypt_native) 321 322 323typedef struct QCryptoNettleAES128 { 324 QCryptoCipher base; 325 uint8_t iv[AES_BLOCK_SIZE]; 326 /* First key from pair is encode, second key is decode. */ 327 struct aes128_ctx key[2], key_xts[2]; 328} QCryptoNettleAES128; 329 330static void aes128_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, 331 uint8_t *dst, const uint8_t *src) 332{ 333 CONST_CTX struct aes128_ctx *keys = ctx; 334 aes128_encrypt(&keys[0], length, dst, src); 335} 336 337static void aes128_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, 338 uint8_t *dst, const uint8_t *src) 339{ 340 CONST_CTX struct aes128_ctx *keys = ctx; 341 aes128_decrypt(&keys[1], length, dst, src); 342} 343 344DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_aes128, 345 QCryptoNettleAES128, AES_BLOCK_SIZE, 346 aes128_encrypt_native, aes128_decrypt_native) 347 348 349typedef struct QCryptoNettleAES192 { 350 QCryptoCipher base; 351 uint8_t iv[AES_BLOCK_SIZE]; 352 /* First key from pair is encode, second key is decode. */ 353 struct aes192_ctx key[2], key_xts[2]; 354} QCryptoNettleAES192; 355 356static void aes192_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, 357 uint8_t *dst, const uint8_t *src) 358{ 359 CONST_CTX struct aes192_ctx *keys = ctx; 360 aes192_encrypt(&keys[0], length, dst, src); 361} 362 363static void aes192_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, 364 uint8_t *dst, const uint8_t *src) 365{ 366 CONST_CTX struct aes192_ctx *keys = ctx; 367 aes192_decrypt(&keys[1], length, dst, src); 368} 369 370DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_aes192, 371 QCryptoNettleAES192, AES_BLOCK_SIZE, 372 aes192_encrypt_native, aes192_decrypt_native) 373 374 375typedef struct QCryptoNettleAES256 { 376 QCryptoCipher base; 377 uint8_t iv[AES_BLOCK_SIZE]; 378 /* First key from pair is encode, second key is decode. */ 379 struct aes256_ctx key[2], key_xts[2]; 380} QCryptoNettleAES256; 381 382static void aes256_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, 383 uint8_t *dst, const uint8_t *src) 384{ 385 CONST_CTX struct aes256_ctx *keys = ctx; 386 aes256_encrypt(&keys[0], length, dst, src); 387} 388 389static void aes256_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, 390 uint8_t *dst, const uint8_t *src) 391{ 392 CONST_CTX struct aes256_ctx *keys = ctx; 393 aes256_decrypt(&keys[1], length, dst, src); 394} 395 396DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_aes256, 397 QCryptoNettleAES256, AES_BLOCK_SIZE, 398 aes256_encrypt_native, aes256_decrypt_native) 399 400 401typedef struct QCryptoNettleCAST128 { 402 QCryptoCipher base; 403 uint8_t iv[CAST128_BLOCK_SIZE]; 404 struct cast128_ctx key, key_xts; 405} QCryptoNettleCAST128; 406 407static void cast128_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, 408 uint8_t *dst, const uint8_t *src) 409{ 410 cast128_encrypt(ctx, length, dst, src); 411} 412 413static void cast128_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, 414 uint8_t *dst, const uint8_t *src) 415{ 416 cast128_decrypt(ctx, length, dst, src); 417} 418 419DEFINE_ECB_CBC_CTR(qcrypto_nettle_cast128, 420 QCryptoNettleCAST128, CAST128_BLOCK_SIZE, 421 cast128_encrypt_native, cast128_decrypt_native) 422 423 424typedef struct QCryptoNettleSerpent { 425 QCryptoCipher base; 426 uint8_t iv[SERPENT_BLOCK_SIZE]; 427 struct serpent_ctx key, key_xts; 428} QCryptoNettleSerpent; 429 430 431static void serpent_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, 432 uint8_t *dst, const uint8_t *src) 433{ 434 serpent_encrypt(ctx, length, dst, src); 435} 436 437static void serpent_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, 438 uint8_t *dst, const uint8_t *src) 439{ 440 serpent_decrypt(ctx, length, dst, src); 441} 442 443DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_serpent, 444 QCryptoNettleSerpent, SERPENT_BLOCK_SIZE, 445 serpent_encrypt_native, serpent_decrypt_native) 446 447 448typedef struct QCryptoNettleTwofish { 449 QCryptoCipher base; 450 uint8_t iv[TWOFISH_BLOCK_SIZE]; 451 struct twofish_ctx key, key_xts; 452} QCryptoNettleTwofish; 453 454static void twofish_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, 455 uint8_t *dst, const uint8_t *src) 456{ 457 twofish_encrypt(ctx, length, dst, src); 458} 459 460static void twofish_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, 461 uint8_t *dst, const uint8_t *src) 462{ 463 twofish_decrypt(ctx, length, dst, src); 464} 465 466DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_twofish, 467 QCryptoNettleTwofish, TWOFISH_BLOCK_SIZE, 468 twofish_encrypt_native, twofish_decrypt_native) 469 470 471bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, 472 QCryptoCipherMode mode) 473{ 474 switch (alg) { 475 case QCRYPTO_CIPHER_ALG_DES_RFB: 476 case QCRYPTO_CIPHER_ALG_3DES: 477 case QCRYPTO_CIPHER_ALG_AES_128: 478 case QCRYPTO_CIPHER_ALG_AES_192: 479 case QCRYPTO_CIPHER_ALG_AES_256: 480 case QCRYPTO_CIPHER_ALG_CAST5_128: 481 case QCRYPTO_CIPHER_ALG_SERPENT_128: 482 case QCRYPTO_CIPHER_ALG_SERPENT_192: 483 case QCRYPTO_CIPHER_ALG_SERPENT_256: 484 case QCRYPTO_CIPHER_ALG_TWOFISH_128: 485 case QCRYPTO_CIPHER_ALG_TWOFISH_192: 486 case QCRYPTO_CIPHER_ALG_TWOFISH_256: 487 break; 488 default: 489 return false; 490 } 491 492 switch (mode) { 493 case QCRYPTO_CIPHER_MODE_ECB: 494 case QCRYPTO_CIPHER_MODE_CBC: 495 case QCRYPTO_CIPHER_MODE_XTS: 496 case QCRYPTO_CIPHER_MODE_CTR: 497 return true; 498 default: 499 return false; 500 } 501} 502 503static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg, 504 QCryptoCipherMode mode, 505 const uint8_t *key, 506 size_t nkey, 507 Error **errp) 508{ 509 switch (mode) { 510 case QCRYPTO_CIPHER_MODE_ECB: 511 case QCRYPTO_CIPHER_MODE_CBC: 512 case QCRYPTO_CIPHER_MODE_XTS: 513 case QCRYPTO_CIPHER_MODE_CTR: 514 break; 515 default: 516 goto bad_cipher_mode; 517 } 518 519 if (!qcrypto_cipher_validate_key_length(alg, mode, nkey, errp)) { 520 return NULL; 521 } 522 523 switch (alg) { 524 case QCRYPTO_CIPHER_ALG_DES_RFB: 525 { 526 QCryptoNettleDESRFB *ctx; 527 const QCryptoCipherDriver *drv; 528 uint8_t *rfbkey; 529 530 switch (mode) { 531 case QCRYPTO_CIPHER_MODE_ECB: 532 drv = &qcrypto_nettle_des_rfb_driver_ecb; 533 break; 534 case QCRYPTO_CIPHER_MODE_CBC: 535 drv = &qcrypto_nettle_des_rfb_driver_cbc; 536 break; 537 case QCRYPTO_CIPHER_MODE_CTR: 538 drv = &qcrypto_nettle_des_rfb_driver_ctr; 539 break; 540 default: 541 goto bad_cipher_mode; 542 } 543 544 ctx = g_new0(QCryptoNettleDESRFB, 1); 545 ctx->base.driver = drv; 546 547 rfbkey = qcrypto_cipher_munge_des_rfb_key(key, nkey); 548 des_set_key(&ctx->key, rfbkey); 549 g_free(rfbkey); 550 551 return &ctx->base; 552 } 553 554 case QCRYPTO_CIPHER_ALG_3DES: 555 { 556 QCryptoNettleDES3 *ctx; 557 const QCryptoCipherDriver *drv; 558 559 switch (mode) { 560 case QCRYPTO_CIPHER_MODE_ECB: 561 drv = &qcrypto_nettle_des3_driver_ecb; 562 break; 563 case QCRYPTO_CIPHER_MODE_CBC: 564 drv = &qcrypto_nettle_des3_driver_cbc; 565 break; 566 case QCRYPTO_CIPHER_MODE_CTR: 567 drv = &qcrypto_nettle_des3_driver_ctr; 568 break; 569 default: 570 goto bad_cipher_mode; 571 } 572 573 ctx = g_new0(QCryptoNettleDES3, 1); 574 ctx->base.driver = drv; 575 des3_set_key(&ctx->key, key); 576 return &ctx->base; 577 } 578 579 case QCRYPTO_CIPHER_ALG_AES_128: 580 { 581 QCryptoNettleAES128 *ctx = g_new0(QCryptoNettleAES128, 1); 582 583 switch (mode) { 584 case QCRYPTO_CIPHER_MODE_ECB: 585 ctx->base.driver = &qcrypto_nettle_aes128_driver_ecb; 586 break; 587 case QCRYPTO_CIPHER_MODE_CBC: 588 ctx->base.driver = &qcrypto_nettle_aes128_driver_cbc; 589 break; 590 case QCRYPTO_CIPHER_MODE_CTR: 591 ctx->base.driver = &qcrypto_nettle_aes128_driver_ctr; 592 break; 593 case QCRYPTO_CIPHER_MODE_XTS: 594 ctx->base.driver = &qcrypto_nettle_aes128_driver_xts; 595 nkey /= 2; 596 aes128_set_encrypt_key(&ctx->key_xts[0], key + nkey); 597 aes128_set_decrypt_key(&ctx->key_xts[1], key + nkey); 598 break; 599 default: 600 g_assert_not_reached(); 601 } 602 aes128_set_encrypt_key(&ctx->key[0], key); 603 aes128_set_decrypt_key(&ctx->key[1], key); 604 605 return &ctx->base; 606 } 607 608 case QCRYPTO_CIPHER_ALG_AES_192: 609 { 610 QCryptoNettleAES192 *ctx = g_new0(QCryptoNettleAES192, 1); 611 612 switch (mode) { 613 case QCRYPTO_CIPHER_MODE_ECB: 614 ctx->base.driver = &qcrypto_nettle_aes192_driver_ecb; 615 break; 616 case QCRYPTO_CIPHER_MODE_CBC: 617 ctx->base.driver = &qcrypto_nettle_aes192_driver_cbc; 618 break; 619 case QCRYPTO_CIPHER_MODE_CTR: 620 ctx->base.driver = &qcrypto_nettle_aes192_driver_ctr; 621 break; 622 case QCRYPTO_CIPHER_MODE_XTS: 623 ctx->base.driver = &qcrypto_nettle_aes192_driver_xts; 624 nkey /= 2; 625 aes192_set_encrypt_key(&ctx->key_xts[0], key + nkey); 626 aes192_set_decrypt_key(&ctx->key_xts[1], key + nkey); 627 break; 628 default: 629 g_assert_not_reached(); 630 } 631 aes192_set_encrypt_key(&ctx->key[0], key); 632 aes192_set_decrypt_key(&ctx->key[1], key); 633 634 return &ctx->base; 635 } 636 637 case QCRYPTO_CIPHER_ALG_AES_256: 638 { 639 QCryptoNettleAES256 *ctx = g_new0(QCryptoNettleAES256, 1); 640 641 switch (mode) { 642 case QCRYPTO_CIPHER_MODE_ECB: 643 ctx->base.driver = &qcrypto_nettle_aes256_driver_ecb; 644 break; 645 case QCRYPTO_CIPHER_MODE_CBC: 646 ctx->base.driver = &qcrypto_nettle_aes256_driver_cbc; 647 break; 648 case QCRYPTO_CIPHER_MODE_CTR: 649 ctx->base.driver = &qcrypto_nettle_aes256_driver_ctr; 650 break; 651 case QCRYPTO_CIPHER_MODE_XTS: 652 ctx->base.driver = &qcrypto_nettle_aes256_driver_xts; 653 nkey /= 2; 654 aes256_set_encrypt_key(&ctx->key_xts[0], key + nkey); 655 aes256_set_decrypt_key(&ctx->key_xts[1], key + nkey); 656 break; 657 default: 658 g_assert_not_reached(); 659 } 660 aes256_set_encrypt_key(&ctx->key[0], key); 661 aes256_set_decrypt_key(&ctx->key[1], key); 662 663 return &ctx->base; 664 } 665 666 case QCRYPTO_CIPHER_ALG_CAST5_128: 667 { 668 QCryptoNettleCAST128 *ctx; 669 const QCryptoCipherDriver *drv; 670 671 switch (mode) { 672 case QCRYPTO_CIPHER_MODE_ECB: 673 drv = &qcrypto_nettle_cast128_driver_ecb; 674 break; 675 case QCRYPTO_CIPHER_MODE_CBC: 676 drv = &qcrypto_nettle_cast128_driver_cbc; 677 break; 678 case QCRYPTO_CIPHER_MODE_CTR: 679 drv = &qcrypto_nettle_cast128_driver_ctr; 680 break; 681 default: 682 goto bad_cipher_mode; 683 } 684 685 ctx = g_new0(QCryptoNettleCAST128, 1); 686 ctx->base.driver = drv; 687 cast5_set_key(&ctx->key, nkey, key); 688 689 return &ctx->base; 690 } 691 692 case QCRYPTO_CIPHER_ALG_SERPENT_128: 693 case QCRYPTO_CIPHER_ALG_SERPENT_192: 694 case QCRYPTO_CIPHER_ALG_SERPENT_256: 695 { 696 QCryptoNettleSerpent *ctx = g_new0(QCryptoNettleSerpent, 1); 697 698 switch (mode) { 699 case QCRYPTO_CIPHER_MODE_ECB: 700 ctx->base.driver = &qcrypto_nettle_serpent_driver_ecb; 701 break; 702 case QCRYPTO_CIPHER_MODE_CBC: 703 ctx->base.driver = &qcrypto_nettle_serpent_driver_cbc; 704 break; 705 case QCRYPTO_CIPHER_MODE_CTR: 706 ctx->base.driver = &qcrypto_nettle_serpent_driver_ctr; 707 break; 708 case QCRYPTO_CIPHER_MODE_XTS: 709 ctx->base.driver = &qcrypto_nettle_serpent_driver_xts; 710 nkey /= 2; 711 serpent_set_key(&ctx->key_xts, nkey, key + nkey); 712 break; 713 default: 714 g_assert_not_reached(); 715 } 716 serpent_set_key(&ctx->key, nkey, key); 717 718 return &ctx->base; 719 } 720 721 case QCRYPTO_CIPHER_ALG_TWOFISH_128: 722 case QCRYPTO_CIPHER_ALG_TWOFISH_192: 723 case QCRYPTO_CIPHER_ALG_TWOFISH_256: 724 { 725 QCryptoNettleTwofish *ctx = g_new0(QCryptoNettleTwofish, 1); 726 727 switch (mode) { 728 case QCRYPTO_CIPHER_MODE_ECB: 729 ctx->base.driver = &qcrypto_nettle_twofish_driver_ecb; 730 break; 731 case QCRYPTO_CIPHER_MODE_CBC: 732 ctx->base.driver = &qcrypto_nettle_twofish_driver_cbc; 733 break; 734 case QCRYPTO_CIPHER_MODE_CTR: 735 ctx->base.driver = &qcrypto_nettle_twofish_driver_ctr; 736 break; 737 case QCRYPTO_CIPHER_MODE_XTS: 738 ctx->base.driver = &qcrypto_nettle_twofish_driver_xts; 739 nkey /= 2; 740 twofish_set_key(&ctx->key_xts, nkey, key + nkey); 741 break; 742 default: 743 g_assert_not_reached(); 744 } 745 twofish_set_key(&ctx->key, nkey, key); 746 747 return &ctx->base; 748 } 749 750 default: 751 error_setg(errp, "Unsupported cipher algorithm %s", 752 QCryptoCipherAlgorithm_str(alg)); 753 return NULL; 754 } 755 756 bad_cipher_mode: 757 error_setg(errp, "Unsupported cipher mode %s", 758 QCryptoCipherMode_str(mode)); 759 return NULL; 760} 761