1 /* 2 * QEMU Crypto cipher algorithms 3 * 4 * Copyright (c) 2015 Red Hat, Inc. 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2.1 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 18 * 19 */ 20 21 #include "qemu/osdep.h" 22 #include "qemu/host-utils.h" 23 #include "qapi/error.h" 24 #include "crypto/cipher.h" 25 #include "cipherpriv.h" 26 27 28 static const size_t alg_key_len[QCRYPTO_CIPHER_ALG__MAX] = { 29 [QCRYPTO_CIPHER_ALG_AES_128] = 16, 30 [QCRYPTO_CIPHER_ALG_AES_192] = 24, 31 [QCRYPTO_CIPHER_ALG_AES_256] = 32, 32 [QCRYPTO_CIPHER_ALG_DES] = 8, 33 [QCRYPTO_CIPHER_ALG_3DES] = 24, 34 [QCRYPTO_CIPHER_ALG_CAST5_128] = 16, 35 [QCRYPTO_CIPHER_ALG_SERPENT_128] = 16, 36 [QCRYPTO_CIPHER_ALG_SERPENT_192] = 24, 37 [QCRYPTO_CIPHER_ALG_SERPENT_256] = 32, 38 [QCRYPTO_CIPHER_ALG_TWOFISH_128] = 16, 39 [QCRYPTO_CIPHER_ALG_TWOFISH_192] = 24, 40 [QCRYPTO_CIPHER_ALG_TWOFISH_256] = 32, 41 }; 42 43 static const size_t alg_block_len[QCRYPTO_CIPHER_ALG__MAX] = { 44 [QCRYPTO_CIPHER_ALG_AES_128] = 16, 45 [QCRYPTO_CIPHER_ALG_AES_192] = 16, 46 [QCRYPTO_CIPHER_ALG_AES_256] = 16, 47 [QCRYPTO_CIPHER_ALG_DES] = 8, 48 [QCRYPTO_CIPHER_ALG_3DES] = 8, 49 [QCRYPTO_CIPHER_ALG_CAST5_128] = 8, 50 [QCRYPTO_CIPHER_ALG_SERPENT_128] = 16, 51 [QCRYPTO_CIPHER_ALG_SERPENT_192] = 16, 52 [QCRYPTO_CIPHER_ALG_SERPENT_256] = 16, 53 [QCRYPTO_CIPHER_ALG_TWOFISH_128] = 16, 54 [QCRYPTO_CIPHER_ALG_TWOFISH_192] = 16, 55 [QCRYPTO_CIPHER_ALG_TWOFISH_256] = 16, 56 }; 57 58 static const bool mode_need_iv[QCRYPTO_CIPHER_MODE__MAX] = { 59 [QCRYPTO_CIPHER_MODE_ECB] = false, 60 [QCRYPTO_CIPHER_MODE_CBC] = true, 61 [QCRYPTO_CIPHER_MODE_XTS] = true, 62 [QCRYPTO_CIPHER_MODE_CTR] = true, 63 }; 64 65 66 size_t qcrypto_cipher_get_block_len(QCryptoCipherAlgorithm alg) 67 { 68 assert(alg < G_N_ELEMENTS(alg_key_len)); 69 return alg_block_len[alg]; 70 } 71 72 73 size_t qcrypto_cipher_get_key_len(QCryptoCipherAlgorithm alg) 74 { 75 assert(alg < G_N_ELEMENTS(alg_key_len)); 76 return alg_key_len[alg]; 77 } 78 79 80 size_t qcrypto_cipher_get_iv_len(QCryptoCipherAlgorithm alg, 81 QCryptoCipherMode mode) 82 { 83 if (alg >= G_N_ELEMENTS(alg_block_len)) { 84 return 0; 85 } 86 if (mode >= G_N_ELEMENTS(mode_need_iv)) { 87 return 0; 88 } 89 90 if (mode_need_iv[mode]) { 91 return alg_block_len[alg]; 92 } 93 return 0; 94 } 95 96 97 static bool 98 qcrypto_cipher_validate_key_length(QCryptoCipherAlgorithm alg, 99 QCryptoCipherMode mode, 100 size_t nkey, 101 Error **errp) 102 { 103 if ((unsigned)alg >= QCRYPTO_CIPHER_ALG__MAX) { 104 error_setg(errp, "Cipher algorithm %d out of range", 105 alg); 106 return false; 107 } 108 109 if (mode == QCRYPTO_CIPHER_MODE_XTS) { 110 if (alg == QCRYPTO_CIPHER_ALG_DES || 111 alg == QCRYPTO_CIPHER_ALG_3DES) { 112 error_setg(errp, "XTS mode not compatible with DES/3DES"); 113 return false; 114 } 115 if (nkey % 2) { 116 error_setg(errp, "XTS cipher key length should be a multiple of 2"); 117 return false; 118 } 119 120 if (alg_key_len[alg] != (nkey / 2)) { 121 error_setg(errp, "Cipher key length %zu should be %zu", 122 nkey, alg_key_len[alg] * 2); 123 return false; 124 } 125 } else { 126 if (alg_key_len[alg] != nkey) { 127 error_setg(errp, "Cipher key length %zu should be %zu", 128 nkey, alg_key_len[alg]); 129 return false; 130 } 131 } 132 return true; 133 } 134 135 #ifdef CONFIG_GCRYPT 136 #include "cipher-gcrypt.c.inc" 137 #elif defined CONFIG_NETTLE 138 #include "cipher-nettle.c.inc" 139 #else 140 #include "cipher-builtin.c.inc" 141 #endif 142 143 QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg, 144 QCryptoCipherMode mode, 145 const uint8_t *key, size_t nkey, 146 Error **errp) 147 { 148 QCryptoCipher *cipher = NULL; 149 150 #ifdef CONFIG_AF_ALG 151 cipher = qcrypto_afalg_cipher_ctx_new(alg, mode, key, nkey, NULL); 152 #endif 153 154 if (!cipher) { 155 cipher = qcrypto_cipher_ctx_new(alg, mode, key, nkey, errp); 156 if (!cipher) { 157 return NULL; 158 } 159 } 160 161 cipher->alg = alg; 162 cipher->mode = mode; 163 164 return cipher; 165 } 166 167 168 int qcrypto_cipher_encrypt(QCryptoCipher *cipher, 169 const void *in, 170 void *out, 171 size_t len, 172 Error **errp) 173 { 174 const QCryptoCipherDriver *drv = cipher->driver; 175 return drv->cipher_encrypt(cipher, in, out, len, errp); 176 } 177 178 179 int qcrypto_cipher_decrypt(QCryptoCipher *cipher, 180 const void *in, 181 void *out, 182 size_t len, 183 Error **errp) 184 { 185 const QCryptoCipherDriver *drv = cipher->driver; 186 return drv->cipher_decrypt(cipher, in, out, len, errp); 187 } 188 189 190 int qcrypto_cipher_setiv(QCryptoCipher *cipher, 191 const uint8_t *iv, size_t niv, 192 Error **errp) 193 { 194 const QCryptoCipherDriver *drv = cipher->driver; 195 return drv->cipher_setiv(cipher, iv, niv, errp); 196 } 197 198 199 void qcrypto_cipher_free(QCryptoCipher *cipher) 200 { 201 if (cipher) { 202 cipher->driver->cipher_free(cipher); 203 } 204 } 205