1/* 2 * QEMU Crypto cipher nettle algorithms 3 * 4 * Copyright (c) 2015 Red Hat, Inc. 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2.1 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 18 * 19 */ 20 21#ifdef CONFIG_QEMU_PRIVATE_XTS 22#include "crypto/xts.h" 23#endif 24 25#include <nettle/nettle-types.h> 26#include <nettle/aes.h> 27#include <nettle/des.h> 28#include <nettle/cbc.h> 29#include <nettle/cast128.h> 30#include <nettle/serpent.h> 31#include <nettle/twofish.h> 32#include <nettle/ctr.h> 33#ifndef CONFIG_QEMU_PRIVATE_XTS 34#include <nettle/xts.h> 35#endif 36 37static inline bool qcrypto_length_check(size_t len, size_t blocksize, 38 Error **errp) 39{ 40 if (unlikely(len & (blocksize - 1))) { 41 error_setg(errp, "Length %zu must be a multiple of block size %zu", 42 len, blocksize); 43 return false; 44 } 45 return true; 46} 47 48 49static void qcrypto_cipher_ctx_free(QCryptoCipher *ctx) 50{ 51 g_free(ctx); 52} 53 54static int qcrypto_cipher_no_setiv(QCryptoCipher *cipher, 55 const uint8_t *iv, size_t niv, 56 Error **errp) 57{ 58 error_setg(errp, "Setting IV is not supported"); 59 return -1; 60} 61 62 63#define DEFINE_SETIV(NAME, TYPE, BLEN) \ 64static int NAME##_setiv(QCryptoCipher *cipher, const uint8_t *iv, \ 65 size_t niv, Error **errp) \ 66{ \ 67 TYPE *ctx = container_of(cipher, TYPE, base); \ 68 if (niv != BLEN) { \ 69 error_setg(errp, "Expected IV size %d not %zu", BLEN, niv); \ 70 return -1; \ 71 } \ 72 memcpy(ctx->iv, iv, niv); \ 73 return 0; \ 74} 75 76 77#define DEFINE_ECB(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ 78static int NAME##_encrypt_ecb(QCryptoCipher *cipher, const void *in, \ 79 void *out, size_t len, Error **errp) \ 80{ \ 81 TYPE *ctx = container_of(cipher, TYPE, base); \ 82 if (!qcrypto_length_check(len, BLEN, errp)) { \ 83 return -1; \ 84 } \ 85 ENCRYPT(&ctx->key, len, out, in); \ 86 return 0; \ 87} \ 88static int NAME##_decrypt_ecb(QCryptoCipher *cipher, const void *in, \ 89 void *out, size_t len, Error **errp) \ 90{ \ 91 TYPE *ctx = container_of(cipher, TYPE, base); \ 92 if (!qcrypto_length_check(len, BLEN, errp)) { \ 93 return -1; \ 94 } \ 95 DECRYPT(&ctx->key, len, out, in); \ 96 return 0; \ 97} \ 98static const struct QCryptoCipherDriver NAME##_driver_ecb = { \ 99 .cipher_encrypt = NAME##_encrypt_ecb, \ 100 .cipher_decrypt = NAME##_decrypt_ecb, \ 101 .cipher_setiv = qcrypto_cipher_no_setiv, \ 102 .cipher_free = qcrypto_cipher_ctx_free, \ 103}; 104 105 106#define DEFINE_CBC(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ 107static int NAME##_encrypt_cbc(QCryptoCipher *cipher, const void *in, \ 108 void *out, size_t len, Error **errp) \ 109{ \ 110 TYPE *ctx = container_of(cipher, TYPE, base); \ 111 if (!qcrypto_length_check(len, BLEN, errp)) { \ 112 return -1; \ 113 } \ 114 cbc_encrypt(&ctx->key, ENCRYPT, BLEN, ctx->iv, len, out, in); \ 115 return 0; \ 116} \ 117static int NAME##_decrypt_cbc(QCryptoCipher *cipher, const void *in, \ 118 void *out, size_t len, Error **errp) \ 119{ \ 120 TYPE *ctx = container_of(cipher, TYPE, base); \ 121 if (!qcrypto_length_check(len, BLEN, errp)) { \ 122 return -1; \ 123 } \ 124 cbc_decrypt(&ctx->key, DECRYPT, BLEN, ctx->iv, len, out, in); \ 125 return 0; \ 126} \ 127static const struct QCryptoCipherDriver NAME##_driver_cbc = { \ 128 .cipher_encrypt = NAME##_encrypt_cbc, \ 129 .cipher_decrypt = NAME##_decrypt_cbc, \ 130 .cipher_setiv = NAME##_setiv, \ 131 .cipher_free = qcrypto_cipher_ctx_free, \ 132}; 133 134 135#define DEFINE_CTR(NAME, TYPE, BLEN, ENCRYPT) \ 136static int NAME##_encrypt_ctr(QCryptoCipher *cipher, const void *in, \ 137 void *out, size_t len, Error **errp) \ 138{ \ 139 TYPE *ctx = container_of(cipher, TYPE, base); \ 140 if (!qcrypto_length_check(len, BLEN, errp)) { \ 141 return -1; \ 142 } \ 143 ctr_crypt(&ctx->key, ENCRYPT, BLEN, ctx->iv, len, out, in); \ 144 return 0; \ 145} \ 146static const struct QCryptoCipherDriver NAME##_driver_ctr = { \ 147 .cipher_encrypt = NAME##_encrypt_ctr, \ 148 .cipher_decrypt = NAME##_encrypt_ctr, \ 149 .cipher_setiv = NAME##_setiv, \ 150 .cipher_free = qcrypto_cipher_ctx_free, \ 151}; 152 153 154#ifdef CONFIG_QEMU_PRIVATE_XTS 155#define DEFINE__XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ 156static void NAME##_xts_wrape(const void *ctx, size_t length, \ 157 uint8_t *dst, const uint8_t *src) \ 158{ \ 159 ENCRYPT((const void *)ctx, length, dst, src); \ 160} \ 161static void NAME##_xts_wrapd(const void *ctx, size_t length, \ 162 uint8_t *dst, const uint8_t *src) \ 163{ \ 164 DECRYPT((const void *)ctx, length, dst, src); \ 165} \ 166static int NAME##_encrypt_xts(QCryptoCipher *cipher, const void *in, \ 167 void *out, size_t len, Error **errp) \ 168{ \ 169 TYPE *ctx = container_of(cipher, TYPE, base); \ 170 if (!qcrypto_length_check(len, BLEN, errp)) { \ 171 return -1; \ 172 } \ 173 xts_encrypt(&ctx->key, &ctx->key_xts, \ 174 NAME##_xts_wrape, NAME##_xts_wrapd, \ 175 ctx->iv, len, out, in); \ 176 return 0; \ 177} \ 178static int NAME##_decrypt_xts(QCryptoCipher *cipher, const void *in, \ 179 void *out, size_t len, Error **errp) \ 180{ \ 181 TYPE *ctx = container_of(cipher, TYPE, base); \ 182 if (!qcrypto_length_check(len, BLEN, errp)) { \ 183 return -1; \ 184 } \ 185 xts_decrypt(&ctx->key, &ctx->key_xts, \ 186 NAME##_xts_wrape, NAME##_xts_wrapd, \ 187 ctx->iv, len, out, in); \ 188 return 0; \ 189} 190#else 191#define DEFINE__XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ 192static int NAME##_encrypt_xts(QCryptoCipher *cipher, const void *in, \ 193 void *out, size_t len, Error **errp) \ 194{ \ 195 TYPE *ctx = container_of(cipher, TYPE, base); \ 196 if (!qcrypto_length_check(len, BLEN, errp)) { \ 197 return -1; \ 198 } \ 199 xts_encrypt_message(&ctx->key, &ctx->key_xts, ENCRYPT, \ 200 ctx->iv, len, out, in); \ 201 return 0; \ 202} \ 203static int NAME##_decrypt_xts(QCryptoCipher *cipher, const void *in, \ 204 void *out, size_t len, Error **errp) \ 205{ \ 206 TYPE *ctx = container_of(cipher, TYPE, base); \ 207 if (!qcrypto_length_check(len, BLEN, errp)) { \ 208 return -1; \ 209 } \ 210 xts_decrypt_message(&ctx->key, &ctx->key_xts, DECRYPT, ENCRYPT, \ 211 ctx->iv, len, out, in); \ 212 return 0; \ 213} 214#endif 215 216#define DEFINE_XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ 217 QEMU_BUILD_BUG_ON(BLEN != XTS_BLOCK_SIZE); \ 218 DEFINE__XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ 219static const struct QCryptoCipherDriver NAME##_driver_xts = { \ 220 .cipher_encrypt = NAME##_encrypt_xts, \ 221 .cipher_decrypt = NAME##_decrypt_xts, \ 222 .cipher_setiv = NAME##_setiv, \ 223 .cipher_free = qcrypto_cipher_ctx_free, \ 224}; 225 226 227#define DEFINE_ECB_CBC_CTR(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ 228 DEFINE_SETIV(NAME, TYPE, BLEN) \ 229 DEFINE_ECB(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ 230 DEFINE_CBC(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ 231 DEFINE_CTR(NAME, TYPE, BLEN, ENCRYPT) 232 233#define DEFINE_ECB_CBC_CTR_XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ 234 DEFINE_ECB_CBC_CTR(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ 235 DEFINE_XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) 236 237 238typedef struct QCryptoNettleDESRFB { 239 QCryptoCipher base; 240 struct des_ctx key; 241 uint8_t iv[DES_BLOCK_SIZE]; 242} QCryptoNettleDESRFB; 243 244static void des_encrypt_native(const void *ctx, size_t length, 245 uint8_t *dst, const uint8_t *src) 246{ 247 des_encrypt(ctx, length, dst, src); 248} 249 250static void des_decrypt_native(const void *ctx, size_t length, 251 uint8_t *dst, const uint8_t *src) 252{ 253 des_decrypt(ctx, length, dst, src); 254} 255 256DEFINE_ECB_CBC_CTR(qcrypto_nettle_des_rfb, QCryptoNettleDESRFB, 257 DES_BLOCK_SIZE, des_encrypt_native, des_decrypt_native) 258 259 260typedef struct QCryptoNettleDES3 { 261 QCryptoCipher base; 262 struct des3_ctx key; 263 uint8_t iv[DES3_BLOCK_SIZE]; 264} QCryptoNettleDES3; 265 266static void des3_encrypt_native(const void *ctx, size_t length, 267 uint8_t *dst, const uint8_t *src) 268{ 269 des3_encrypt(ctx, length, dst, src); 270} 271 272static void des3_decrypt_native(const void *ctx, size_t length, 273 uint8_t *dst, const uint8_t *src) 274{ 275 des3_decrypt(ctx, length, dst, src); 276} 277 278DEFINE_ECB_CBC_CTR(qcrypto_nettle_des3, QCryptoNettleDES3, DES3_BLOCK_SIZE, 279 des3_encrypt_native, des3_decrypt_native) 280 281 282typedef struct QCryptoNettleAES128 { 283 QCryptoCipher base; 284 uint8_t iv[AES_BLOCK_SIZE]; 285 /* First key from pair is encode, second key is decode. */ 286 struct aes128_ctx key[2], key_xts[2]; 287} QCryptoNettleAES128; 288 289static void aes128_encrypt_native(const void *ctx, size_t length, 290 uint8_t *dst, const uint8_t *src) 291{ 292 const struct aes128_ctx *keys = ctx; 293 aes128_encrypt(&keys[0], length, dst, src); 294} 295 296static void aes128_decrypt_native(const void *ctx, size_t length, 297 uint8_t *dst, const uint8_t *src) 298{ 299 const struct aes128_ctx *keys = ctx; 300 aes128_decrypt(&keys[1], length, dst, src); 301} 302 303DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_aes128, 304 QCryptoNettleAES128, AES_BLOCK_SIZE, 305 aes128_encrypt_native, aes128_decrypt_native) 306 307 308typedef struct QCryptoNettleAES192 { 309 QCryptoCipher base; 310 uint8_t iv[AES_BLOCK_SIZE]; 311 /* First key from pair is encode, second key is decode. */ 312 struct aes192_ctx key[2], key_xts[2]; 313} QCryptoNettleAES192; 314 315static void aes192_encrypt_native(const void *ctx, size_t length, 316 uint8_t *dst, const uint8_t *src) 317{ 318 const struct aes192_ctx *keys = ctx; 319 aes192_encrypt(&keys[0], length, dst, src); 320} 321 322static void aes192_decrypt_native(const void *ctx, size_t length, 323 uint8_t *dst, const uint8_t *src) 324{ 325 const struct aes192_ctx *keys = ctx; 326 aes192_decrypt(&keys[1], length, dst, src); 327} 328 329DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_aes192, 330 QCryptoNettleAES192, AES_BLOCK_SIZE, 331 aes192_encrypt_native, aes192_decrypt_native) 332 333 334typedef struct QCryptoNettleAES256 { 335 QCryptoCipher base; 336 uint8_t iv[AES_BLOCK_SIZE]; 337 /* First key from pair is encode, second key is decode. */ 338 struct aes256_ctx key[2], key_xts[2]; 339} QCryptoNettleAES256; 340 341static void aes256_encrypt_native(const void *ctx, size_t length, 342 uint8_t *dst, const uint8_t *src) 343{ 344 const struct aes256_ctx *keys = ctx; 345 aes256_encrypt(&keys[0], length, dst, src); 346} 347 348static void aes256_decrypt_native(const void *ctx, size_t length, 349 uint8_t *dst, const uint8_t *src) 350{ 351 const struct aes256_ctx *keys = ctx; 352 aes256_decrypt(&keys[1], length, dst, src); 353} 354 355DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_aes256, 356 QCryptoNettleAES256, AES_BLOCK_SIZE, 357 aes256_encrypt_native, aes256_decrypt_native) 358 359 360typedef struct QCryptoNettleCAST128 { 361 QCryptoCipher base; 362 uint8_t iv[CAST128_BLOCK_SIZE]; 363 struct cast128_ctx key, key_xts; 364} QCryptoNettleCAST128; 365 366static void cast128_encrypt_native(const void *ctx, size_t length, 367 uint8_t *dst, const uint8_t *src) 368{ 369 cast128_encrypt(ctx, length, dst, src); 370} 371 372static void cast128_decrypt_native(const void *ctx, size_t length, 373 uint8_t *dst, const uint8_t *src) 374{ 375 cast128_decrypt(ctx, length, dst, src); 376} 377 378DEFINE_ECB_CBC_CTR(qcrypto_nettle_cast128, 379 QCryptoNettleCAST128, CAST128_BLOCK_SIZE, 380 cast128_encrypt_native, cast128_decrypt_native) 381 382 383typedef struct QCryptoNettleSerpent { 384 QCryptoCipher base; 385 uint8_t iv[SERPENT_BLOCK_SIZE]; 386 struct serpent_ctx key, key_xts; 387} QCryptoNettleSerpent; 388 389 390static void serpent_encrypt_native(const void *ctx, size_t length, 391 uint8_t *dst, const uint8_t *src) 392{ 393 serpent_encrypt(ctx, length, dst, src); 394} 395 396static void serpent_decrypt_native(const void *ctx, size_t length, 397 uint8_t *dst, const uint8_t *src) 398{ 399 serpent_decrypt(ctx, length, dst, src); 400} 401 402DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_serpent, 403 QCryptoNettleSerpent, SERPENT_BLOCK_SIZE, 404 serpent_encrypt_native, serpent_decrypt_native) 405 406 407typedef struct QCryptoNettleTwofish { 408 QCryptoCipher base; 409 uint8_t iv[TWOFISH_BLOCK_SIZE]; 410 struct twofish_ctx key, key_xts; 411} QCryptoNettleTwofish; 412 413static void twofish_encrypt_native(const void *ctx, size_t length, 414 uint8_t *dst, const uint8_t *src) 415{ 416 twofish_encrypt(ctx, length, dst, src); 417} 418 419static void twofish_decrypt_native(const void *ctx, size_t length, 420 uint8_t *dst, const uint8_t *src) 421{ 422 twofish_decrypt(ctx, length, dst, src); 423} 424 425DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_twofish, 426 QCryptoNettleTwofish, TWOFISH_BLOCK_SIZE, 427 twofish_encrypt_native, twofish_decrypt_native) 428 429 430bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, 431 QCryptoCipherMode mode) 432{ 433 switch (alg) { 434 case QCRYPTO_CIPHER_ALG_DES_RFB: 435 case QCRYPTO_CIPHER_ALG_3DES: 436 case QCRYPTO_CIPHER_ALG_AES_128: 437 case QCRYPTO_CIPHER_ALG_AES_192: 438 case QCRYPTO_CIPHER_ALG_AES_256: 439 case QCRYPTO_CIPHER_ALG_CAST5_128: 440 case QCRYPTO_CIPHER_ALG_SERPENT_128: 441 case QCRYPTO_CIPHER_ALG_SERPENT_192: 442 case QCRYPTO_CIPHER_ALG_SERPENT_256: 443 case QCRYPTO_CIPHER_ALG_TWOFISH_128: 444 case QCRYPTO_CIPHER_ALG_TWOFISH_192: 445 case QCRYPTO_CIPHER_ALG_TWOFISH_256: 446 break; 447 default: 448 return false; 449 } 450 451 switch (mode) { 452 case QCRYPTO_CIPHER_MODE_ECB: 453 case QCRYPTO_CIPHER_MODE_CBC: 454 case QCRYPTO_CIPHER_MODE_XTS: 455 case QCRYPTO_CIPHER_MODE_CTR: 456 return true; 457 default: 458 return false; 459 } 460} 461 462static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg, 463 QCryptoCipherMode mode, 464 const uint8_t *key, 465 size_t nkey, 466 Error **errp) 467{ 468 switch (mode) { 469 case QCRYPTO_CIPHER_MODE_ECB: 470 case QCRYPTO_CIPHER_MODE_CBC: 471 case QCRYPTO_CIPHER_MODE_XTS: 472 case QCRYPTO_CIPHER_MODE_CTR: 473 break; 474 default: 475 goto bad_cipher_mode; 476 } 477 478 if (!qcrypto_cipher_validate_key_length(alg, mode, nkey, errp)) { 479 return NULL; 480 } 481 482 switch (alg) { 483 case QCRYPTO_CIPHER_ALG_DES_RFB: 484 { 485 QCryptoNettleDESRFB *ctx; 486 const QCryptoCipherDriver *drv; 487 uint8_t *rfbkey; 488 489 switch (mode) { 490 case QCRYPTO_CIPHER_MODE_ECB: 491 drv = &qcrypto_nettle_des_rfb_driver_ecb; 492 break; 493 case QCRYPTO_CIPHER_MODE_CBC: 494 drv = &qcrypto_nettle_des_rfb_driver_cbc; 495 break; 496 case QCRYPTO_CIPHER_MODE_CTR: 497 drv = &qcrypto_nettle_des_rfb_driver_ctr; 498 break; 499 default: 500 goto bad_cipher_mode; 501 } 502 503 ctx = g_new0(QCryptoNettleDESRFB, 1); 504 ctx->base.driver = drv; 505 506 rfbkey = qcrypto_cipher_munge_des_rfb_key(key, nkey); 507 des_set_key(&ctx->key, rfbkey); 508 g_free(rfbkey); 509 510 return &ctx->base; 511 } 512 513 case QCRYPTO_CIPHER_ALG_3DES: 514 { 515 QCryptoNettleDES3 *ctx; 516 const QCryptoCipherDriver *drv; 517 518 switch (mode) { 519 case QCRYPTO_CIPHER_MODE_ECB: 520 drv = &qcrypto_nettle_des3_driver_ecb; 521 break; 522 case QCRYPTO_CIPHER_MODE_CBC: 523 drv = &qcrypto_nettle_des3_driver_cbc; 524 break; 525 case QCRYPTO_CIPHER_MODE_CTR: 526 drv = &qcrypto_nettle_des3_driver_ctr; 527 break; 528 default: 529 goto bad_cipher_mode; 530 } 531 532 ctx = g_new0(QCryptoNettleDES3, 1); 533 ctx->base.driver = drv; 534 des3_set_key(&ctx->key, key); 535 return &ctx->base; 536 } 537 538 case QCRYPTO_CIPHER_ALG_AES_128: 539 { 540 QCryptoNettleAES128 *ctx = g_new0(QCryptoNettleAES128, 1); 541 542 switch (mode) { 543 case QCRYPTO_CIPHER_MODE_ECB: 544 ctx->base.driver = &qcrypto_nettle_aes128_driver_ecb; 545 break; 546 case QCRYPTO_CIPHER_MODE_CBC: 547 ctx->base.driver = &qcrypto_nettle_aes128_driver_cbc; 548 break; 549 case QCRYPTO_CIPHER_MODE_CTR: 550 ctx->base.driver = &qcrypto_nettle_aes128_driver_ctr; 551 break; 552 case QCRYPTO_CIPHER_MODE_XTS: 553 ctx->base.driver = &qcrypto_nettle_aes128_driver_xts; 554 nkey /= 2; 555 aes128_set_encrypt_key(&ctx->key_xts[0], key + nkey); 556 aes128_set_decrypt_key(&ctx->key_xts[1], key + nkey); 557 break; 558 default: 559 g_assert_not_reached(); 560 } 561 aes128_set_encrypt_key(&ctx->key[0], key); 562 aes128_set_decrypt_key(&ctx->key[1], key); 563 564 return &ctx->base; 565 } 566 567 case QCRYPTO_CIPHER_ALG_AES_192: 568 { 569 QCryptoNettleAES192 *ctx = g_new0(QCryptoNettleAES192, 1); 570 571 switch (mode) { 572 case QCRYPTO_CIPHER_MODE_ECB: 573 ctx->base.driver = &qcrypto_nettle_aes192_driver_ecb; 574 break; 575 case QCRYPTO_CIPHER_MODE_CBC: 576 ctx->base.driver = &qcrypto_nettle_aes192_driver_cbc; 577 break; 578 case QCRYPTO_CIPHER_MODE_CTR: 579 ctx->base.driver = &qcrypto_nettle_aes192_driver_ctr; 580 break; 581 case QCRYPTO_CIPHER_MODE_XTS: 582 ctx->base.driver = &qcrypto_nettle_aes192_driver_xts; 583 nkey /= 2; 584 aes192_set_encrypt_key(&ctx->key_xts[0], key + nkey); 585 aes192_set_decrypt_key(&ctx->key_xts[1], key + nkey); 586 break; 587 default: 588 g_assert_not_reached(); 589 } 590 aes192_set_encrypt_key(&ctx->key[0], key); 591 aes192_set_decrypt_key(&ctx->key[1], key); 592 593 return &ctx->base; 594 } 595 596 case QCRYPTO_CIPHER_ALG_AES_256: 597 { 598 QCryptoNettleAES256 *ctx = g_new0(QCryptoNettleAES256, 1); 599 600 switch (mode) { 601 case QCRYPTO_CIPHER_MODE_ECB: 602 ctx->base.driver = &qcrypto_nettle_aes256_driver_ecb; 603 break; 604 case QCRYPTO_CIPHER_MODE_CBC: 605 ctx->base.driver = &qcrypto_nettle_aes256_driver_cbc; 606 break; 607 case QCRYPTO_CIPHER_MODE_CTR: 608 ctx->base.driver = &qcrypto_nettle_aes256_driver_ctr; 609 break; 610 case QCRYPTO_CIPHER_MODE_XTS: 611 ctx->base.driver = &qcrypto_nettle_aes256_driver_xts; 612 nkey /= 2; 613 aes256_set_encrypt_key(&ctx->key_xts[0], key + nkey); 614 aes256_set_decrypt_key(&ctx->key_xts[1], key + nkey); 615 break; 616 default: 617 g_assert_not_reached(); 618 } 619 aes256_set_encrypt_key(&ctx->key[0], key); 620 aes256_set_decrypt_key(&ctx->key[1], key); 621 622 return &ctx->base; 623 } 624 625 case QCRYPTO_CIPHER_ALG_CAST5_128: 626 { 627 QCryptoNettleCAST128 *ctx; 628 const QCryptoCipherDriver *drv; 629 630 switch (mode) { 631 case QCRYPTO_CIPHER_MODE_ECB: 632 drv = &qcrypto_nettle_cast128_driver_ecb; 633 break; 634 case QCRYPTO_CIPHER_MODE_CBC: 635 drv = &qcrypto_nettle_cast128_driver_cbc; 636 break; 637 case QCRYPTO_CIPHER_MODE_CTR: 638 drv = &qcrypto_nettle_cast128_driver_ctr; 639 break; 640 default: 641 goto bad_cipher_mode; 642 } 643 644 ctx = g_new0(QCryptoNettleCAST128, 1); 645 ctx->base.driver = drv; 646 cast5_set_key(&ctx->key, nkey, key); 647 648 return &ctx->base; 649 } 650 651 case QCRYPTO_CIPHER_ALG_SERPENT_128: 652 case QCRYPTO_CIPHER_ALG_SERPENT_192: 653 case QCRYPTO_CIPHER_ALG_SERPENT_256: 654 { 655 QCryptoNettleSerpent *ctx = g_new0(QCryptoNettleSerpent, 1); 656 657 switch (mode) { 658 case QCRYPTO_CIPHER_MODE_ECB: 659 ctx->base.driver = &qcrypto_nettle_serpent_driver_ecb; 660 break; 661 case QCRYPTO_CIPHER_MODE_CBC: 662 ctx->base.driver = &qcrypto_nettle_serpent_driver_cbc; 663 break; 664 case QCRYPTO_CIPHER_MODE_CTR: 665 ctx->base.driver = &qcrypto_nettle_serpent_driver_ctr; 666 break; 667 case QCRYPTO_CIPHER_MODE_XTS: 668 ctx->base.driver = &qcrypto_nettle_serpent_driver_xts; 669 nkey /= 2; 670 serpent_set_key(&ctx->key_xts, nkey, key + nkey); 671 break; 672 default: 673 g_assert_not_reached(); 674 } 675 serpent_set_key(&ctx->key, nkey, key); 676 677 return &ctx->base; 678 } 679 680 case QCRYPTO_CIPHER_ALG_TWOFISH_128: 681 case QCRYPTO_CIPHER_ALG_TWOFISH_192: 682 case QCRYPTO_CIPHER_ALG_TWOFISH_256: 683 { 684 QCryptoNettleTwofish *ctx = g_new0(QCryptoNettleTwofish, 1); 685 686 switch (mode) { 687 case QCRYPTO_CIPHER_MODE_ECB: 688 ctx->base.driver = &qcrypto_nettle_twofish_driver_ecb; 689 break; 690 case QCRYPTO_CIPHER_MODE_CBC: 691 ctx->base.driver = &qcrypto_nettle_twofish_driver_cbc; 692 break; 693 case QCRYPTO_CIPHER_MODE_CTR: 694 ctx->base.driver = &qcrypto_nettle_twofish_driver_ctr; 695 break; 696 case QCRYPTO_CIPHER_MODE_XTS: 697 ctx->base.driver = &qcrypto_nettle_twofish_driver_xts; 698 nkey /= 2; 699 twofish_set_key(&ctx->key_xts, nkey, key + nkey); 700 break; 701 default: 702 g_assert_not_reached(); 703 } 704 twofish_set_key(&ctx->key, nkey, key); 705 706 return &ctx->base; 707 } 708 709 default: 710 error_setg(errp, "Unsupported cipher algorithm %s", 711 QCryptoCipherAlgorithm_str(alg)); 712 return NULL; 713 } 714 715 bad_cipher_mode: 716 error_setg(errp, "Unsupported cipher mode %s", 717 QCryptoCipherMode_str(mode)); 718 return NULL; 719} 720