1 /* 2 * QEMU Crypto cipher algorithms 3 * 4 * Copyright (c) 2015 Red Hat, Inc. 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2.1 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 18 * 19 */ 20 21 #include "qemu/osdep.h" 22 #include "qemu/host-utils.h" 23 #include "qapi/error.h" 24 #include "crypto/cipher.h" 25 #include "cipherpriv.h" 26 27 28 static const size_t alg_key_len[QCRYPTO_CIPHER_ALGO__MAX] = { 29 [QCRYPTO_CIPHER_ALGO_AES_128] = 16, 30 [QCRYPTO_CIPHER_ALGO_AES_192] = 24, 31 [QCRYPTO_CIPHER_ALGO_AES_256] = 32, 32 [QCRYPTO_CIPHER_ALGO_DES] = 8, 33 [QCRYPTO_CIPHER_ALGO_3DES] = 24, 34 [QCRYPTO_CIPHER_ALGO_CAST5_128] = 16, 35 [QCRYPTO_CIPHER_ALGO_SERPENT_128] = 16, 36 [QCRYPTO_CIPHER_ALGO_SERPENT_192] = 24, 37 [QCRYPTO_CIPHER_ALGO_SERPENT_256] = 32, 38 [QCRYPTO_CIPHER_ALGO_TWOFISH_128] = 16, 39 [QCRYPTO_CIPHER_ALGO_TWOFISH_192] = 24, 40 [QCRYPTO_CIPHER_ALGO_TWOFISH_256] = 32, 41 #ifdef CONFIG_CRYPTO_SM4 42 [QCRYPTO_CIPHER_ALGO_SM4] = 16, 43 #endif 44 }; 45 46 static const size_t alg_block_len[QCRYPTO_CIPHER_ALGO__MAX] = { 47 [QCRYPTO_CIPHER_ALGO_AES_128] = 16, 48 [QCRYPTO_CIPHER_ALGO_AES_192] = 16, 49 [QCRYPTO_CIPHER_ALGO_AES_256] = 16, 50 [QCRYPTO_CIPHER_ALGO_DES] = 8, 51 [QCRYPTO_CIPHER_ALGO_3DES] = 8, 52 [QCRYPTO_CIPHER_ALGO_CAST5_128] = 8, 53 [QCRYPTO_CIPHER_ALGO_SERPENT_128] = 16, 54 [QCRYPTO_CIPHER_ALGO_SERPENT_192] = 16, 55 [QCRYPTO_CIPHER_ALGO_SERPENT_256] = 16, 56 [QCRYPTO_CIPHER_ALGO_TWOFISH_128] = 16, 57 [QCRYPTO_CIPHER_ALGO_TWOFISH_192] = 16, 58 [QCRYPTO_CIPHER_ALGO_TWOFISH_256] = 16, 59 #ifdef CONFIG_CRYPTO_SM4 60 [QCRYPTO_CIPHER_ALGO_SM4] = 16, 61 #endif 62 }; 63 64 static const bool mode_need_iv[QCRYPTO_CIPHER_MODE__MAX] = { 65 [QCRYPTO_CIPHER_MODE_ECB] = false, 66 [QCRYPTO_CIPHER_MODE_CBC] = true, 67 [QCRYPTO_CIPHER_MODE_XTS] = true, 68 [QCRYPTO_CIPHER_MODE_CTR] = true, 69 }; 70 71 72 size_t qcrypto_cipher_get_block_len(QCryptoCipherAlgo alg) 73 { 74 assert(alg < G_N_ELEMENTS(alg_key_len)); 75 return alg_block_len[alg]; 76 } 77 78 79 size_t qcrypto_cipher_get_key_len(QCryptoCipherAlgo alg) 80 { 81 assert(alg < G_N_ELEMENTS(alg_key_len)); 82 return alg_key_len[alg]; 83 } 84 85 86 size_t qcrypto_cipher_get_iv_len(QCryptoCipherAlgo alg, 87 QCryptoCipherMode mode) 88 { 89 if (alg >= G_N_ELEMENTS(alg_block_len)) { 90 return 0; 91 } 92 if (mode >= G_N_ELEMENTS(mode_need_iv)) { 93 return 0; 94 } 95 96 if (mode_need_iv[mode]) { 97 return alg_block_len[alg]; 98 } 99 return 0; 100 } 101 102 103 static bool 104 qcrypto_cipher_validate_key_length(QCryptoCipherAlgo alg, 105 QCryptoCipherMode mode, 106 size_t nkey, 107 Error **errp) 108 { 109 if ((unsigned)alg >= QCRYPTO_CIPHER_ALGO__MAX) { 110 error_setg(errp, "Cipher algorithm %d out of range", 111 alg); 112 return false; 113 } 114 115 if (mode == QCRYPTO_CIPHER_MODE_XTS) { 116 if (alg == QCRYPTO_CIPHER_ALGO_DES || 117 alg == QCRYPTO_CIPHER_ALGO_3DES) { 118 error_setg(errp, "XTS mode not compatible with DES/3DES"); 119 return false; 120 } 121 if (nkey % 2) { 122 error_setg(errp, "XTS cipher key length should be a multiple of 2"); 123 return false; 124 } 125 126 if (alg_key_len[alg] != (nkey / 2)) { 127 error_setg(errp, "Cipher key length %zu should be %zu", 128 nkey, alg_key_len[alg] * 2); 129 return false; 130 } 131 } else { 132 if (alg_key_len[alg] != nkey) { 133 error_setg(errp, "Cipher key length %zu should be %zu", 134 nkey, alg_key_len[alg]); 135 return false; 136 } 137 } 138 return true; 139 } 140 141 #ifdef CONFIG_GCRYPT 142 #include "cipher-gcrypt.c.inc" 143 #elif defined CONFIG_NETTLE 144 #include "cipher-nettle.c.inc" 145 #elif defined CONFIG_GNUTLS_CRYPTO 146 #include "cipher-gnutls.c.inc" 147 #else 148 #include "cipher-builtin.c.inc" 149 #endif 150 151 QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgo alg, 152 QCryptoCipherMode mode, 153 const uint8_t *key, size_t nkey, 154 Error **errp) 155 { 156 QCryptoCipher *cipher = NULL; 157 158 #ifdef CONFIG_AF_ALG 159 cipher = qcrypto_afalg_cipher_ctx_new(alg, mode, key, nkey, NULL); 160 #endif 161 162 if (!cipher) { 163 cipher = qcrypto_cipher_ctx_new(alg, mode, key, nkey, errp); 164 if (!cipher) { 165 return NULL; 166 } 167 } 168 169 cipher->alg = alg; 170 cipher->mode = mode; 171 172 return cipher; 173 } 174 175 176 int qcrypto_cipher_encrypt(QCryptoCipher *cipher, 177 const void *in, 178 void *out, 179 size_t len, 180 Error **errp) 181 { 182 const QCryptoCipherDriver *drv = cipher->driver; 183 return drv->cipher_encrypt(cipher, in, out, len, errp); 184 } 185 186 187 int qcrypto_cipher_decrypt(QCryptoCipher *cipher, 188 const void *in, 189 void *out, 190 size_t len, 191 Error **errp) 192 { 193 const QCryptoCipherDriver *drv = cipher->driver; 194 return drv->cipher_decrypt(cipher, in, out, len, errp); 195 } 196 197 198 int qcrypto_cipher_setiv(QCryptoCipher *cipher, 199 const uint8_t *iv, size_t niv, 200 Error **errp) 201 { 202 const QCryptoCipherDriver *drv = cipher->driver; 203 return drv->cipher_setiv(cipher, iv, niv, errp); 204 } 205 206 207 void qcrypto_cipher_free(QCryptoCipher *cipher) 208 { 209 if (cipher) { 210 cipher->driver->cipher_free(cipher); 211 } 212 } 213