xref: /openbmc/qemu/crypto/cipher.c (revision b8eada54b2ad8a7d98d93d5ab4d3e888c5880097)
1  /*
2   * QEMU Crypto cipher algorithms
3   *
4   * Copyright (c) 2015 Red Hat, Inc.
5   *
6   * This library is free software; you can redistribute it and/or
7   * modify it under the terms of the GNU Lesser General Public
8   * License as published by the Free Software Foundation; either
9   * version 2.1 of the License, or (at your option) any later version.
10   *
11   * This library is distributed in the hope that it will be useful,
12   * but WITHOUT ANY WARRANTY; without even the implied warranty of
13   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14   * Lesser General Public License for more details.
15   *
16   * You should have received a copy of the GNU Lesser General Public
17   * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18   *
19   */
20  
21  #include "qemu/osdep.h"
22  #include "qemu/host-utils.h"
23  #include "qapi/error.h"
24  #include "crypto/cipher.h"
25  #include "cipherpriv.h"
26  
27  
28  static const size_t alg_key_len[QCRYPTO_CIPHER_ALGO__MAX] = {
29      [QCRYPTO_CIPHER_ALGO_AES_128] = 16,
30      [QCRYPTO_CIPHER_ALGO_AES_192] = 24,
31      [QCRYPTO_CIPHER_ALGO_AES_256] = 32,
32      [QCRYPTO_CIPHER_ALGO_DES] = 8,
33      [QCRYPTO_CIPHER_ALGO_3DES] = 24,
34      [QCRYPTO_CIPHER_ALGO_CAST5_128] = 16,
35      [QCRYPTO_CIPHER_ALGO_SERPENT_128] = 16,
36      [QCRYPTO_CIPHER_ALGO_SERPENT_192] = 24,
37      [QCRYPTO_CIPHER_ALGO_SERPENT_256] = 32,
38      [QCRYPTO_CIPHER_ALGO_TWOFISH_128] = 16,
39      [QCRYPTO_CIPHER_ALGO_TWOFISH_192] = 24,
40      [QCRYPTO_CIPHER_ALGO_TWOFISH_256] = 32,
41  #ifdef CONFIG_CRYPTO_SM4
42      [QCRYPTO_CIPHER_ALGO_SM4] = 16,
43  #endif
44  };
45  
46  static const size_t alg_block_len[QCRYPTO_CIPHER_ALGO__MAX] = {
47      [QCRYPTO_CIPHER_ALGO_AES_128] = 16,
48      [QCRYPTO_CIPHER_ALGO_AES_192] = 16,
49      [QCRYPTO_CIPHER_ALGO_AES_256] = 16,
50      [QCRYPTO_CIPHER_ALGO_DES] = 8,
51      [QCRYPTO_CIPHER_ALGO_3DES] = 8,
52      [QCRYPTO_CIPHER_ALGO_CAST5_128] = 8,
53      [QCRYPTO_CIPHER_ALGO_SERPENT_128] = 16,
54      [QCRYPTO_CIPHER_ALGO_SERPENT_192] = 16,
55      [QCRYPTO_CIPHER_ALGO_SERPENT_256] = 16,
56      [QCRYPTO_CIPHER_ALGO_TWOFISH_128] = 16,
57      [QCRYPTO_CIPHER_ALGO_TWOFISH_192] = 16,
58      [QCRYPTO_CIPHER_ALGO_TWOFISH_256] = 16,
59  #ifdef CONFIG_CRYPTO_SM4
60      [QCRYPTO_CIPHER_ALGO_SM4] = 16,
61  #endif
62  };
63  
64  static const bool mode_need_iv[QCRYPTO_CIPHER_MODE__MAX] = {
65      [QCRYPTO_CIPHER_MODE_ECB] = false,
66      [QCRYPTO_CIPHER_MODE_CBC] = true,
67      [QCRYPTO_CIPHER_MODE_XTS] = true,
68      [QCRYPTO_CIPHER_MODE_CTR] = true,
69  };
70  
71  
qcrypto_cipher_get_block_len(QCryptoCipherAlgo alg)72  size_t qcrypto_cipher_get_block_len(QCryptoCipherAlgo alg)
73  {
74      assert(alg < G_N_ELEMENTS(alg_key_len));
75      return alg_block_len[alg];
76  }
77  
78  
qcrypto_cipher_get_key_len(QCryptoCipherAlgo alg)79  size_t qcrypto_cipher_get_key_len(QCryptoCipherAlgo alg)
80  {
81      assert(alg < G_N_ELEMENTS(alg_key_len));
82      return alg_key_len[alg];
83  }
84  
85  
qcrypto_cipher_get_iv_len(QCryptoCipherAlgo alg,QCryptoCipherMode mode)86  size_t qcrypto_cipher_get_iv_len(QCryptoCipherAlgo alg,
87                                   QCryptoCipherMode mode)
88  {
89      if (alg >= G_N_ELEMENTS(alg_block_len)) {
90          return 0;
91      }
92      if (mode >= G_N_ELEMENTS(mode_need_iv)) {
93          return 0;
94      }
95  
96      if (mode_need_iv[mode]) {
97          return alg_block_len[alg];
98      }
99      return 0;
100  }
101  
102  
103  static bool
qcrypto_cipher_validate_key_length(QCryptoCipherAlgo alg,QCryptoCipherMode mode,size_t nkey,Error ** errp)104  qcrypto_cipher_validate_key_length(QCryptoCipherAlgo alg,
105                                     QCryptoCipherMode mode,
106                                     size_t nkey,
107                                     Error **errp)
108  {
109      if ((unsigned)alg >= QCRYPTO_CIPHER_ALGO__MAX) {
110          error_setg(errp, "Cipher algorithm %d out of range",
111                     alg);
112          return false;
113      }
114  
115      if (mode == QCRYPTO_CIPHER_MODE_XTS) {
116          if (alg == QCRYPTO_CIPHER_ALGO_DES ||
117              alg == QCRYPTO_CIPHER_ALGO_3DES) {
118              error_setg(errp, "XTS mode not compatible with DES/3DES");
119              return false;
120          }
121          if (nkey % 2) {
122              error_setg(errp, "XTS cipher key length should be a multiple of 2");
123              return false;
124          }
125  
126          if (alg_key_len[alg] != (nkey / 2)) {
127              error_setg(errp, "Cipher key length %zu should be %zu",
128                         nkey, alg_key_len[alg] * 2);
129              return false;
130          }
131      } else {
132          if (alg_key_len[alg] != nkey) {
133              error_setg(errp, "Cipher key length %zu should be %zu",
134                         nkey, alg_key_len[alg]);
135              return false;
136          }
137      }
138      return true;
139  }
140  
141  #ifdef CONFIG_GCRYPT
142  #include "cipher-gcrypt.c.inc"
143  #elif defined CONFIG_NETTLE
144  #include "cipher-nettle.c.inc"
145  #elif defined CONFIG_GNUTLS_CRYPTO
146  #include "cipher-gnutls.c.inc"
147  #else
148  #include "cipher-builtin.c.inc"
149  #endif
150  
qcrypto_cipher_new(QCryptoCipherAlgo alg,QCryptoCipherMode mode,const uint8_t * key,size_t nkey,Error ** errp)151  QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgo alg,
152                                    QCryptoCipherMode mode,
153                                    const uint8_t *key, size_t nkey,
154                                    Error **errp)
155  {
156      QCryptoCipher *cipher = NULL;
157  
158  #ifdef CONFIG_AF_ALG
159      cipher = qcrypto_afalg_cipher_ctx_new(alg, mode, key, nkey, NULL);
160  #endif
161  
162      if (!cipher) {
163          cipher = qcrypto_cipher_ctx_new(alg, mode, key, nkey, errp);
164          if (!cipher) {
165              return NULL;
166          }
167      }
168  
169      cipher->alg = alg;
170      cipher->mode = mode;
171  
172      return cipher;
173  }
174  
175  
qcrypto_cipher_encrypt(QCryptoCipher * cipher,const void * in,void * out,size_t len,Error ** errp)176  int qcrypto_cipher_encrypt(QCryptoCipher *cipher,
177                             const void *in,
178                             void *out,
179                             size_t len,
180                             Error **errp)
181  {
182      const QCryptoCipherDriver *drv = cipher->driver;
183      return drv->cipher_encrypt(cipher, in, out, len, errp);
184  }
185  
186  
qcrypto_cipher_decrypt(QCryptoCipher * cipher,const void * in,void * out,size_t len,Error ** errp)187  int qcrypto_cipher_decrypt(QCryptoCipher *cipher,
188                             const void *in,
189                             void *out,
190                             size_t len,
191                             Error **errp)
192  {
193      const QCryptoCipherDriver *drv = cipher->driver;
194      return drv->cipher_decrypt(cipher, in, out, len, errp);
195  }
196  
197  
qcrypto_cipher_setiv(QCryptoCipher * cipher,const uint8_t * iv,size_t niv,Error ** errp)198  int qcrypto_cipher_setiv(QCryptoCipher *cipher,
199                           const uint8_t *iv, size_t niv,
200                           Error **errp)
201  {
202      const QCryptoCipherDriver *drv = cipher->driver;
203      return drv->cipher_setiv(cipher, iv, niv, errp);
204  }
205  
206  
qcrypto_cipher_free(QCryptoCipher * cipher)207  void qcrypto_cipher_free(QCryptoCipher *cipher)
208  {
209      if (cipher) {
210          cipher->driver->cipher_free(cipher);
211      }
212  }
213