1 /* 2 * QEMU Crypto cipher algorithms 3 * 4 * Copyright (c) 2015 Red Hat, Inc. 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 18 * 19 */ 20 21 #include "qemu/osdep.h" 22 #include "qapi/error.h" 23 #include "crypto/cipher.h" 24 #include "cipherpriv.h" 25 26 27 static size_t alg_key_len[QCRYPTO_CIPHER_ALG__MAX] = { 28 [QCRYPTO_CIPHER_ALG_AES_128] = 16, 29 [QCRYPTO_CIPHER_ALG_AES_192] = 24, 30 [QCRYPTO_CIPHER_ALG_AES_256] = 32, 31 [QCRYPTO_CIPHER_ALG_DES_RFB] = 8, 32 [QCRYPTO_CIPHER_ALG_3DES] = 24, 33 [QCRYPTO_CIPHER_ALG_CAST5_128] = 16, 34 [QCRYPTO_CIPHER_ALG_SERPENT_128] = 16, 35 [QCRYPTO_CIPHER_ALG_SERPENT_192] = 24, 36 [QCRYPTO_CIPHER_ALG_SERPENT_256] = 32, 37 [QCRYPTO_CIPHER_ALG_TWOFISH_128] = 16, 38 [QCRYPTO_CIPHER_ALG_TWOFISH_192] = 24, 39 [QCRYPTO_CIPHER_ALG_TWOFISH_256] = 32, 40 }; 41 42 static size_t alg_block_len[QCRYPTO_CIPHER_ALG__MAX] = { 43 [QCRYPTO_CIPHER_ALG_AES_128] = 16, 44 [QCRYPTO_CIPHER_ALG_AES_192] = 16, 45 [QCRYPTO_CIPHER_ALG_AES_256] = 16, 46 [QCRYPTO_CIPHER_ALG_DES_RFB] = 8, 47 [QCRYPTO_CIPHER_ALG_3DES] = 8, 48 [QCRYPTO_CIPHER_ALG_CAST5_128] = 8, 49 [QCRYPTO_CIPHER_ALG_SERPENT_128] = 16, 50 [QCRYPTO_CIPHER_ALG_SERPENT_192] = 16, 51 [QCRYPTO_CIPHER_ALG_SERPENT_256] = 16, 52 [QCRYPTO_CIPHER_ALG_TWOFISH_128] = 16, 53 [QCRYPTO_CIPHER_ALG_TWOFISH_192] = 16, 54 [QCRYPTO_CIPHER_ALG_TWOFISH_256] = 16, 55 }; 56 57 static bool mode_need_iv[QCRYPTO_CIPHER_MODE__MAX] = { 58 [QCRYPTO_CIPHER_MODE_ECB] = false, 59 [QCRYPTO_CIPHER_MODE_CBC] = true, 60 [QCRYPTO_CIPHER_MODE_XTS] = true, 61 [QCRYPTO_CIPHER_MODE_CTR] = true, 62 }; 63 64 65 size_t qcrypto_cipher_get_block_len(QCryptoCipherAlgorithm alg) 66 { 67 assert(alg < G_N_ELEMENTS(alg_key_len)); 68 return alg_block_len[alg]; 69 } 70 71 72 size_t qcrypto_cipher_get_key_len(QCryptoCipherAlgorithm alg) 73 { 74 assert(alg < G_N_ELEMENTS(alg_key_len)); 75 return alg_key_len[alg]; 76 } 77 78 79 size_t qcrypto_cipher_get_iv_len(QCryptoCipherAlgorithm alg, 80 QCryptoCipherMode mode) 81 { 82 if (alg >= G_N_ELEMENTS(alg_block_len)) { 83 return 0; 84 } 85 if (mode >= G_N_ELEMENTS(mode_need_iv)) { 86 return 0; 87 } 88 89 if (mode_need_iv[mode]) { 90 return alg_block_len[alg]; 91 } 92 return 0; 93 } 94 95 96 static bool 97 qcrypto_cipher_validate_key_length(QCryptoCipherAlgorithm alg, 98 QCryptoCipherMode mode, 99 size_t nkey, 100 Error **errp) 101 { 102 if ((unsigned)alg >= QCRYPTO_CIPHER_ALG__MAX) { 103 error_setg(errp, "Cipher algorithm %d out of range", 104 alg); 105 return false; 106 } 107 108 if (mode == QCRYPTO_CIPHER_MODE_XTS) { 109 if (alg == QCRYPTO_CIPHER_ALG_DES_RFB 110 || alg == QCRYPTO_CIPHER_ALG_3DES) { 111 error_setg(errp, "XTS mode not compatible with DES-RFB/3DES"); 112 return false; 113 } 114 if (nkey % 2) { 115 error_setg(errp, "XTS cipher key length should be a multiple of 2"); 116 return false; 117 } 118 119 if (alg_key_len[alg] != (nkey / 2)) { 120 error_setg(errp, "Cipher key length %zu should be %zu", 121 nkey, alg_key_len[alg] * 2); 122 return false; 123 } 124 } else { 125 if (alg_key_len[alg] != nkey) { 126 error_setg(errp, "Cipher key length %zu should be %zu", 127 nkey, alg_key_len[alg]); 128 return false; 129 } 130 } 131 return true; 132 } 133 134 #if defined(CONFIG_GCRYPT) || defined(CONFIG_NETTLE) 135 static uint8_t * 136 qcrypto_cipher_munge_des_rfb_key(const uint8_t *key, 137 size_t nkey) 138 { 139 uint8_t *ret = g_new0(uint8_t, nkey); 140 size_t i; 141 for (i = 0; i < nkey; i++) { 142 uint8_t r = key[i]; 143 r = (r & 0xf0) >> 4 | (r & 0x0f) << 4; 144 r = (r & 0xcc) >> 2 | (r & 0x33) << 2; 145 r = (r & 0xaa) >> 1 | (r & 0x55) << 1; 146 ret[i] = r; 147 } 148 return ret; 149 } 150 #endif /* CONFIG_GCRYPT || CONFIG_NETTLE */ 151 152 #ifdef CONFIG_GCRYPT 153 #include "cipher-gcrypt.c" 154 #elif defined CONFIG_NETTLE 155 #include "cipher-nettle.c" 156 #else 157 #include "cipher-builtin.c" 158 #endif 159 160 QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg, 161 QCryptoCipherMode mode, 162 const uint8_t *key, size_t nkey, 163 Error **errp) 164 { 165 QCryptoCipher *cipher; 166 void *ctx = NULL; 167 QCryptoCipherDriver *drv = NULL; 168 169 #ifdef CONFIG_AF_ALG 170 ctx = qcrypto_afalg_cipher_ctx_new(alg, mode, key, nkey, NULL); 171 if (ctx) { 172 drv = &qcrypto_cipher_afalg_driver; 173 } 174 #endif 175 176 if (!ctx) { 177 ctx = qcrypto_cipher_ctx_new(alg, mode, key, nkey, errp); 178 if (!ctx) { 179 return NULL; 180 } 181 182 drv = &qcrypto_cipher_lib_driver; 183 } 184 185 cipher = g_new0(QCryptoCipher, 1); 186 cipher->alg = alg; 187 cipher->mode = mode; 188 cipher->opaque = ctx; 189 cipher->driver = (void *)drv; 190 191 return cipher; 192 } 193 194 195 int qcrypto_cipher_encrypt(QCryptoCipher *cipher, 196 const void *in, 197 void *out, 198 size_t len, 199 Error **errp) 200 { 201 QCryptoCipherDriver *drv = cipher->driver; 202 return drv->cipher_encrypt(cipher, in, out, len, errp); 203 } 204 205 206 int qcrypto_cipher_decrypt(QCryptoCipher *cipher, 207 const void *in, 208 void *out, 209 size_t len, 210 Error **errp) 211 { 212 QCryptoCipherDriver *drv = cipher->driver; 213 return drv->cipher_decrypt(cipher, in, out, len, errp); 214 } 215 216 217 int qcrypto_cipher_setiv(QCryptoCipher *cipher, 218 const uint8_t *iv, size_t niv, 219 Error **errp) 220 { 221 QCryptoCipherDriver *drv = cipher->driver; 222 return drv->cipher_setiv(cipher, iv, niv, errp); 223 } 224 225 226 void qcrypto_cipher_free(QCryptoCipher *cipher) 227 { 228 QCryptoCipherDriver *drv; 229 if (cipher) { 230 drv = cipher->driver; 231 drv->cipher_free(cipher); 232 g_free(cipher); 233 } 234 } 235