1/* 2 * QEMU Crypto cipher nettle algorithms 3 * 4 * Copyright (c) 2015 Red Hat, Inc. 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2.1 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 18 * 19 */ 20 21#ifdef CONFIG_QEMU_PRIVATE_XTS 22#include "crypto/xts.h" 23#endif 24 25#include <nettle/nettle-types.h> 26#include <nettle/aes.h> 27#include <nettle/des.h> 28#include <nettle/cbc.h> 29#include <nettle/cast128.h> 30#include <nettle/serpent.h> 31#include <nettle/twofish.h> 32#include <nettle/ctr.h> 33#ifndef CONFIG_QEMU_PRIVATE_XTS 34#include <nettle/xts.h> 35#endif 36#ifdef CONFIG_CRYPTO_SM4 37#include <nettle/sm4.h> 38#endif 39 40static inline bool qcrypto_length_check(size_t len, size_t blocksize, 41 Error **errp) 42{ 43 if (unlikely(len & (blocksize - 1))) { 44 error_setg(errp, "Length %zu must be a multiple of block size %zu", 45 len, blocksize); 46 return false; 47 } 48 return true; 49} 50 51 52static void qcrypto_cipher_ctx_free(QCryptoCipher *ctx) 53{ 54 g_free(ctx); 55} 56 57static int qcrypto_cipher_no_setiv(QCryptoCipher *cipher, 58 const uint8_t *iv, size_t niv, 59 Error **errp) 60{ 61 error_setg(errp, "Setting IV is not supported"); 62 return -1; 63} 64 65 66#define DEFINE_SETIV(NAME, TYPE, BLEN) \ 67static int NAME##_setiv(QCryptoCipher *cipher, const uint8_t *iv, \ 68 size_t niv, Error **errp) \ 69{ \ 70 TYPE *ctx = container_of(cipher, TYPE, base); \ 71 if (niv != BLEN) { \ 72 error_setg(errp, "Expected IV size %d not %zu", BLEN, niv); \ 73 return -1; \ 74 } \ 75 memcpy(ctx->iv, iv, niv); \ 76 return 0; \ 77} 78 79 80#define DEFINE_ECB(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ 81static int NAME##_encrypt_ecb(QCryptoCipher *cipher, const void *in, \ 82 void *out, size_t len, Error **errp) \ 83{ \ 84 TYPE *ctx = container_of(cipher, TYPE, base); \ 85 if (!qcrypto_length_check(len, BLEN, errp)) { \ 86 return -1; \ 87 } \ 88 ENCRYPT(&ctx->key, len, out, in); \ 89 return 0; \ 90} \ 91static int NAME##_decrypt_ecb(QCryptoCipher *cipher, const void *in, \ 92 void *out, size_t len, Error **errp) \ 93{ \ 94 TYPE *ctx = container_of(cipher, TYPE, base); \ 95 if (!qcrypto_length_check(len, BLEN, errp)) { \ 96 return -1; \ 97 } \ 98 DECRYPT(&ctx->key, len, out, in); \ 99 return 0; \ 100} \ 101static const struct QCryptoCipherDriver NAME##_driver_ecb = { \ 102 .cipher_encrypt = NAME##_encrypt_ecb, \ 103 .cipher_decrypt = NAME##_decrypt_ecb, \ 104 .cipher_setiv = qcrypto_cipher_no_setiv, \ 105 .cipher_free = qcrypto_cipher_ctx_free, \ 106}; 107 108 109#define DEFINE_CBC(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ 110static int NAME##_encrypt_cbc(QCryptoCipher *cipher, const void *in, \ 111 void *out, size_t len, Error **errp) \ 112{ \ 113 TYPE *ctx = container_of(cipher, TYPE, base); \ 114 if (!qcrypto_length_check(len, BLEN, errp)) { \ 115 return -1; \ 116 } \ 117 cbc_encrypt(&ctx->key, ENCRYPT, BLEN, ctx->iv, len, out, in); \ 118 return 0; \ 119} \ 120static int NAME##_decrypt_cbc(QCryptoCipher *cipher, const void *in, \ 121 void *out, size_t len, Error **errp) \ 122{ \ 123 TYPE *ctx = container_of(cipher, TYPE, base); \ 124 if (!qcrypto_length_check(len, BLEN, errp)) { \ 125 return -1; \ 126 } \ 127 cbc_decrypt(&ctx->key, DECRYPT, BLEN, ctx->iv, len, out, in); \ 128 return 0; \ 129} \ 130static const struct QCryptoCipherDriver NAME##_driver_cbc = { \ 131 .cipher_encrypt = NAME##_encrypt_cbc, \ 132 .cipher_decrypt = NAME##_decrypt_cbc, \ 133 .cipher_setiv = NAME##_setiv, \ 134 .cipher_free = qcrypto_cipher_ctx_free, \ 135}; 136 137 138#define DEFINE_CTR(NAME, TYPE, BLEN, ENCRYPT) \ 139static int NAME##_encrypt_ctr(QCryptoCipher *cipher, const void *in, \ 140 void *out, size_t len, Error **errp) \ 141{ \ 142 TYPE *ctx = container_of(cipher, TYPE, base); \ 143 if (!qcrypto_length_check(len, BLEN, errp)) { \ 144 return -1; \ 145 } \ 146 ctr_crypt(&ctx->key, ENCRYPT, BLEN, ctx->iv, len, out, in); \ 147 return 0; \ 148} \ 149static const struct QCryptoCipherDriver NAME##_driver_ctr = { \ 150 .cipher_encrypt = NAME##_encrypt_ctr, \ 151 .cipher_decrypt = NAME##_encrypt_ctr, \ 152 .cipher_setiv = NAME##_setiv, \ 153 .cipher_free = qcrypto_cipher_ctx_free, \ 154}; 155 156 157#ifdef CONFIG_QEMU_PRIVATE_XTS 158#define DEFINE__XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ 159static void NAME##_xts_wrape(const void *ctx, size_t length, \ 160 uint8_t *dst, const uint8_t *src) \ 161{ \ 162 ENCRYPT((const void *)ctx, length, dst, src); \ 163} \ 164static void NAME##_xts_wrapd(const void *ctx, size_t length, \ 165 uint8_t *dst, const uint8_t *src) \ 166{ \ 167 DECRYPT((const void *)ctx, length, dst, src); \ 168} \ 169static int NAME##_encrypt_xts(QCryptoCipher *cipher, const void *in, \ 170 void *out, size_t len, Error **errp) \ 171{ \ 172 TYPE *ctx = container_of(cipher, TYPE, base); \ 173 if (!qcrypto_length_check(len, BLEN, errp)) { \ 174 return -1; \ 175 } \ 176 xts_encrypt(&ctx->key, &ctx->key_xts, \ 177 NAME##_xts_wrape, NAME##_xts_wrapd, \ 178 ctx->iv, len, out, in); \ 179 return 0; \ 180} \ 181static int NAME##_decrypt_xts(QCryptoCipher *cipher, const void *in, \ 182 void *out, size_t len, Error **errp) \ 183{ \ 184 TYPE *ctx = container_of(cipher, TYPE, base); \ 185 if (!qcrypto_length_check(len, BLEN, errp)) { \ 186 return -1; \ 187 } \ 188 xts_decrypt(&ctx->key, &ctx->key_xts, \ 189 NAME##_xts_wrape, NAME##_xts_wrapd, \ 190 ctx->iv, len, out, in); \ 191 return 0; \ 192} 193#else 194#define DEFINE__XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ 195static int NAME##_encrypt_xts(QCryptoCipher *cipher, const void *in, \ 196 void *out, size_t len, Error **errp) \ 197{ \ 198 TYPE *ctx = container_of(cipher, TYPE, base); \ 199 if (!qcrypto_length_check(len, BLEN, errp)) { \ 200 return -1; \ 201 } \ 202 xts_encrypt_message(&ctx->key, &ctx->key_xts, ENCRYPT, \ 203 ctx->iv, len, out, in); \ 204 return 0; \ 205} \ 206static int NAME##_decrypt_xts(QCryptoCipher *cipher, const void *in, \ 207 void *out, size_t len, Error **errp) \ 208{ \ 209 TYPE *ctx = container_of(cipher, TYPE, base); \ 210 if (!qcrypto_length_check(len, BLEN, errp)) { \ 211 return -1; \ 212 } \ 213 xts_decrypt_message(&ctx->key, &ctx->key_xts, DECRYPT, ENCRYPT, \ 214 ctx->iv, len, out, in); \ 215 return 0; \ 216} 217#endif 218 219#define DEFINE_XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ 220 QEMU_BUILD_BUG_ON(BLEN != XTS_BLOCK_SIZE); \ 221 DEFINE__XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ 222static const struct QCryptoCipherDriver NAME##_driver_xts = { \ 223 .cipher_encrypt = NAME##_encrypt_xts, \ 224 .cipher_decrypt = NAME##_decrypt_xts, \ 225 .cipher_setiv = NAME##_setiv, \ 226 .cipher_free = qcrypto_cipher_ctx_free, \ 227}; 228 229 230#define DEFINE_ECB_CBC_CTR(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ 231 DEFINE_SETIV(NAME, TYPE, BLEN) \ 232 DEFINE_ECB(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ 233 DEFINE_CBC(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ 234 DEFINE_CTR(NAME, TYPE, BLEN, ENCRYPT) 235 236#define DEFINE_ECB_CBC_CTR_XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ 237 DEFINE_ECB_CBC_CTR(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ 238 DEFINE_XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) 239 240 241typedef struct QCryptoNettleDES { 242 QCryptoCipher base; 243 struct des_ctx key; 244 uint8_t iv[DES_BLOCK_SIZE]; 245} QCryptoNettleDES; 246 247static void des_encrypt_native(const void *ctx, size_t length, 248 uint8_t *dst, const uint8_t *src) 249{ 250 des_encrypt(ctx, length, dst, src); 251} 252 253static void des_decrypt_native(const void *ctx, size_t length, 254 uint8_t *dst, const uint8_t *src) 255{ 256 des_decrypt(ctx, length, dst, src); 257} 258 259DEFINE_ECB_CBC_CTR(qcrypto_nettle_des, QCryptoNettleDES, 260 DES_BLOCK_SIZE, des_encrypt_native, des_decrypt_native) 261 262 263typedef struct QCryptoNettleDES3 { 264 QCryptoCipher base; 265 struct des3_ctx key; 266 uint8_t iv[DES3_BLOCK_SIZE]; 267} QCryptoNettleDES3; 268 269static void des3_encrypt_native(const void *ctx, size_t length, 270 uint8_t *dst, const uint8_t *src) 271{ 272 des3_encrypt(ctx, length, dst, src); 273} 274 275static void des3_decrypt_native(const void *ctx, size_t length, 276 uint8_t *dst, const uint8_t *src) 277{ 278 des3_decrypt(ctx, length, dst, src); 279} 280 281DEFINE_ECB_CBC_CTR(qcrypto_nettle_des3, QCryptoNettleDES3, DES3_BLOCK_SIZE, 282 des3_encrypt_native, des3_decrypt_native) 283 284 285typedef struct QCryptoNettleAES128 { 286 QCryptoCipher base; 287 uint8_t iv[AES_BLOCK_SIZE]; 288 /* First key from pair is encode, second key is decode. */ 289 struct aes128_ctx key[2], key_xts[2]; 290} QCryptoNettleAES128; 291 292static void aes128_encrypt_native(const void *ctx, size_t length, 293 uint8_t *dst, const uint8_t *src) 294{ 295 const struct aes128_ctx *keys = ctx; 296 aes128_encrypt(&keys[0], length, dst, src); 297} 298 299static void aes128_decrypt_native(const void *ctx, size_t length, 300 uint8_t *dst, const uint8_t *src) 301{ 302 const struct aes128_ctx *keys = ctx; 303 aes128_decrypt(&keys[1], length, dst, src); 304} 305 306DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_aes128, 307 QCryptoNettleAES128, AES_BLOCK_SIZE, 308 aes128_encrypt_native, aes128_decrypt_native) 309 310 311typedef struct QCryptoNettleAES192 { 312 QCryptoCipher base; 313 uint8_t iv[AES_BLOCK_SIZE]; 314 /* First key from pair is encode, second key is decode. */ 315 struct aes192_ctx key[2], key_xts[2]; 316} QCryptoNettleAES192; 317 318static void aes192_encrypt_native(const void *ctx, size_t length, 319 uint8_t *dst, const uint8_t *src) 320{ 321 const struct aes192_ctx *keys = ctx; 322 aes192_encrypt(&keys[0], length, dst, src); 323} 324 325static void aes192_decrypt_native(const void *ctx, size_t length, 326 uint8_t *dst, const uint8_t *src) 327{ 328 const struct aes192_ctx *keys = ctx; 329 aes192_decrypt(&keys[1], length, dst, src); 330} 331 332DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_aes192, 333 QCryptoNettleAES192, AES_BLOCK_SIZE, 334 aes192_encrypt_native, aes192_decrypt_native) 335 336 337typedef struct QCryptoNettleAES256 { 338 QCryptoCipher base; 339 uint8_t iv[AES_BLOCK_SIZE]; 340 /* First key from pair is encode, second key is decode. */ 341 struct aes256_ctx key[2], key_xts[2]; 342} QCryptoNettleAES256; 343 344static void aes256_encrypt_native(const void *ctx, size_t length, 345 uint8_t *dst, const uint8_t *src) 346{ 347 const struct aes256_ctx *keys = ctx; 348 aes256_encrypt(&keys[0], length, dst, src); 349} 350 351static void aes256_decrypt_native(const void *ctx, size_t length, 352 uint8_t *dst, const uint8_t *src) 353{ 354 const struct aes256_ctx *keys = ctx; 355 aes256_decrypt(&keys[1], length, dst, src); 356} 357 358DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_aes256, 359 QCryptoNettleAES256, AES_BLOCK_SIZE, 360 aes256_encrypt_native, aes256_decrypt_native) 361 362 363typedef struct QCryptoNettleCAST128 { 364 QCryptoCipher base; 365 uint8_t iv[CAST128_BLOCK_SIZE]; 366 struct cast128_ctx key, key_xts; 367} QCryptoNettleCAST128; 368 369static void cast128_encrypt_native(const void *ctx, size_t length, 370 uint8_t *dst, const uint8_t *src) 371{ 372 cast128_encrypt(ctx, length, dst, src); 373} 374 375static void cast128_decrypt_native(const void *ctx, size_t length, 376 uint8_t *dst, const uint8_t *src) 377{ 378 cast128_decrypt(ctx, length, dst, src); 379} 380 381DEFINE_ECB_CBC_CTR(qcrypto_nettle_cast128, 382 QCryptoNettleCAST128, CAST128_BLOCK_SIZE, 383 cast128_encrypt_native, cast128_decrypt_native) 384 385 386typedef struct QCryptoNettleSerpent { 387 QCryptoCipher base; 388 uint8_t iv[SERPENT_BLOCK_SIZE]; 389 struct serpent_ctx key, key_xts; 390} QCryptoNettleSerpent; 391 392 393static void serpent_encrypt_native(const void *ctx, size_t length, 394 uint8_t *dst, const uint8_t *src) 395{ 396 serpent_encrypt(ctx, length, dst, src); 397} 398 399static void serpent_decrypt_native(const void *ctx, size_t length, 400 uint8_t *dst, const uint8_t *src) 401{ 402 serpent_decrypt(ctx, length, dst, src); 403} 404 405DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_serpent, 406 QCryptoNettleSerpent, SERPENT_BLOCK_SIZE, 407 serpent_encrypt_native, serpent_decrypt_native) 408 409 410typedef struct QCryptoNettleTwofish { 411 QCryptoCipher base; 412 uint8_t iv[TWOFISH_BLOCK_SIZE]; 413 struct twofish_ctx key, key_xts; 414} QCryptoNettleTwofish; 415 416static void twofish_encrypt_native(const void *ctx, size_t length, 417 uint8_t *dst, const uint8_t *src) 418{ 419 twofish_encrypt(ctx, length, dst, src); 420} 421 422static void twofish_decrypt_native(const void *ctx, size_t length, 423 uint8_t *dst, const uint8_t *src) 424{ 425 twofish_decrypt(ctx, length, dst, src); 426} 427 428DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_twofish, 429 QCryptoNettleTwofish, TWOFISH_BLOCK_SIZE, 430 twofish_encrypt_native, twofish_decrypt_native) 431 432#ifdef CONFIG_CRYPTO_SM4 433typedef struct QCryptoNettleSm4 { 434 QCryptoCipher base; 435 struct sm4_ctx key[2]; 436} QCryptoNettleSm4; 437 438static void sm4_encrypt_native(void *ctx, size_t length, 439 uint8_t *dst, const uint8_t *src) 440{ 441 struct sm4_ctx *keys = ctx; 442 sm4_crypt(&keys[0], length, dst, src); 443} 444 445static void sm4_decrypt_native(void *ctx, size_t length, 446 uint8_t *dst, const uint8_t *src) 447{ 448 struct sm4_ctx *keys = ctx; 449 sm4_crypt(&keys[1], length, dst, src); 450} 451 452DEFINE_ECB(qcrypto_nettle_sm4, 453 QCryptoNettleSm4, SM4_BLOCK_SIZE, 454 sm4_encrypt_native, sm4_decrypt_native) 455#endif 456 457bool qcrypto_cipher_supports(QCryptoCipherAlgo alg, 458 QCryptoCipherMode mode) 459{ 460 switch (alg) { 461 case QCRYPTO_CIPHER_ALGO_DES: 462 case QCRYPTO_CIPHER_ALGO_3DES: 463 case QCRYPTO_CIPHER_ALGO_AES_128: 464 case QCRYPTO_CIPHER_ALGO_AES_192: 465 case QCRYPTO_CIPHER_ALGO_AES_256: 466 case QCRYPTO_CIPHER_ALGO_CAST5_128: 467 case QCRYPTO_CIPHER_ALGO_SERPENT_128: 468 case QCRYPTO_CIPHER_ALGO_SERPENT_192: 469 case QCRYPTO_CIPHER_ALGO_SERPENT_256: 470 case QCRYPTO_CIPHER_ALGO_TWOFISH_128: 471 case QCRYPTO_CIPHER_ALGO_TWOFISH_192: 472 case QCRYPTO_CIPHER_ALGO_TWOFISH_256: 473#ifdef CONFIG_CRYPTO_SM4 474 case QCRYPTO_CIPHER_ALGO_SM4: 475#endif 476 break; 477 default: 478 return false; 479 } 480 481 switch (mode) { 482 case QCRYPTO_CIPHER_MODE_ECB: 483 case QCRYPTO_CIPHER_MODE_CBC: 484 case QCRYPTO_CIPHER_MODE_XTS: 485 case QCRYPTO_CIPHER_MODE_CTR: 486 return true; 487 default: 488 return false; 489 } 490} 491 492static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgo alg, 493 QCryptoCipherMode mode, 494 const uint8_t *key, 495 size_t nkey, 496 Error **errp) 497{ 498 switch (mode) { 499 case QCRYPTO_CIPHER_MODE_ECB: 500 case QCRYPTO_CIPHER_MODE_CBC: 501 case QCRYPTO_CIPHER_MODE_XTS: 502 case QCRYPTO_CIPHER_MODE_CTR: 503 break; 504 default: 505 goto bad_cipher_mode; 506 } 507 508 if (!qcrypto_cipher_validate_key_length(alg, mode, nkey, errp)) { 509 return NULL; 510 } 511 512 switch (alg) { 513 case QCRYPTO_CIPHER_ALGO_DES: 514 { 515 QCryptoNettleDES *ctx; 516 const QCryptoCipherDriver *drv; 517 518 switch (mode) { 519 case QCRYPTO_CIPHER_MODE_ECB: 520 drv = &qcrypto_nettle_des_driver_ecb; 521 break; 522 case QCRYPTO_CIPHER_MODE_CBC: 523 drv = &qcrypto_nettle_des_driver_cbc; 524 break; 525 case QCRYPTO_CIPHER_MODE_CTR: 526 drv = &qcrypto_nettle_des_driver_ctr; 527 break; 528 case QCRYPTO_CIPHER_MODE_XTS: 529 goto bad_cipher_mode; 530 default: 531 g_assert_not_reached(); 532 } 533 534 ctx = g_new0(QCryptoNettleDES, 1); 535 ctx->base.driver = drv; 536 des_set_key(&ctx->key, key); 537 538 return &ctx->base; 539 } 540 541 case QCRYPTO_CIPHER_ALGO_3DES: 542 { 543 QCryptoNettleDES3 *ctx; 544 const QCryptoCipherDriver *drv; 545 546 switch (mode) { 547 case QCRYPTO_CIPHER_MODE_ECB: 548 drv = &qcrypto_nettle_des3_driver_ecb; 549 break; 550 case QCRYPTO_CIPHER_MODE_CBC: 551 drv = &qcrypto_nettle_des3_driver_cbc; 552 break; 553 case QCRYPTO_CIPHER_MODE_CTR: 554 drv = &qcrypto_nettle_des3_driver_ctr; 555 break; 556 case QCRYPTO_CIPHER_MODE_XTS: 557 goto bad_cipher_mode; 558 default: 559 g_assert_not_reached(); 560 } 561 562 ctx = g_new0(QCryptoNettleDES3, 1); 563 ctx->base.driver = drv; 564 des3_set_key(&ctx->key, key); 565 return &ctx->base; 566 } 567 568 case QCRYPTO_CIPHER_ALGO_AES_128: 569 { 570 QCryptoNettleAES128 *ctx = g_new0(QCryptoNettleAES128, 1); 571 572 switch (mode) { 573 case QCRYPTO_CIPHER_MODE_ECB: 574 ctx->base.driver = &qcrypto_nettle_aes128_driver_ecb; 575 break; 576 case QCRYPTO_CIPHER_MODE_CBC: 577 ctx->base.driver = &qcrypto_nettle_aes128_driver_cbc; 578 break; 579 case QCRYPTO_CIPHER_MODE_CTR: 580 ctx->base.driver = &qcrypto_nettle_aes128_driver_ctr; 581 break; 582 case QCRYPTO_CIPHER_MODE_XTS: 583 ctx->base.driver = &qcrypto_nettle_aes128_driver_xts; 584 nkey /= 2; 585 aes128_set_encrypt_key(&ctx->key_xts[0], key + nkey); 586 aes128_set_decrypt_key(&ctx->key_xts[1], key + nkey); 587 break; 588 default: 589 g_assert_not_reached(); 590 } 591 aes128_set_encrypt_key(&ctx->key[0], key); 592 aes128_set_decrypt_key(&ctx->key[1], key); 593 594 return &ctx->base; 595 } 596 597 case QCRYPTO_CIPHER_ALGO_AES_192: 598 { 599 QCryptoNettleAES192 *ctx = g_new0(QCryptoNettleAES192, 1); 600 601 switch (mode) { 602 case QCRYPTO_CIPHER_MODE_ECB: 603 ctx->base.driver = &qcrypto_nettle_aes192_driver_ecb; 604 break; 605 case QCRYPTO_CIPHER_MODE_CBC: 606 ctx->base.driver = &qcrypto_nettle_aes192_driver_cbc; 607 break; 608 case QCRYPTO_CIPHER_MODE_CTR: 609 ctx->base.driver = &qcrypto_nettle_aes192_driver_ctr; 610 break; 611 case QCRYPTO_CIPHER_MODE_XTS: 612 ctx->base.driver = &qcrypto_nettle_aes192_driver_xts; 613 nkey /= 2; 614 aes192_set_encrypt_key(&ctx->key_xts[0], key + nkey); 615 aes192_set_decrypt_key(&ctx->key_xts[1], key + nkey); 616 break; 617 default: 618 g_assert_not_reached(); 619 } 620 aes192_set_encrypt_key(&ctx->key[0], key); 621 aes192_set_decrypt_key(&ctx->key[1], key); 622 623 return &ctx->base; 624 } 625 626 case QCRYPTO_CIPHER_ALGO_AES_256: 627 { 628 QCryptoNettleAES256 *ctx = g_new0(QCryptoNettleAES256, 1); 629 630 switch (mode) { 631 case QCRYPTO_CIPHER_MODE_ECB: 632 ctx->base.driver = &qcrypto_nettle_aes256_driver_ecb; 633 break; 634 case QCRYPTO_CIPHER_MODE_CBC: 635 ctx->base.driver = &qcrypto_nettle_aes256_driver_cbc; 636 break; 637 case QCRYPTO_CIPHER_MODE_CTR: 638 ctx->base.driver = &qcrypto_nettle_aes256_driver_ctr; 639 break; 640 case QCRYPTO_CIPHER_MODE_XTS: 641 ctx->base.driver = &qcrypto_nettle_aes256_driver_xts; 642 nkey /= 2; 643 aes256_set_encrypt_key(&ctx->key_xts[0], key + nkey); 644 aes256_set_decrypt_key(&ctx->key_xts[1], key + nkey); 645 break; 646 default: 647 g_assert_not_reached(); 648 } 649 aes256_set_encrypt_key(&ctx->key[0], key); 650 aes256_set_decrypt_key(&ctx->key[1], key); 651 652 return &ctx->base; 653 } 654 655 case QCRYPTO_CIPHER_ALGO_CAST5_128: 656 { 657 QCryptoNettleCAST128 *ctx; 658 const QCryptoCipherDriver *drv; 659 660 switch (mode) { 661 case QCRYPTO_CIPHER_MODE_ECB: 662 drv = &qcrypto_nettle_cast128_driver_ecb; 663 break; 664 case QCRYPTO_CIPHER_MODE_CBC: 665 drv = &qcrypto_nettle_cast128_driver_cbc; 666 break; 667 case QCRYPTO_CIPHER_MODE_CTR: 668 drv = &qcrypto_nettle_cast128_driver_ctr; 669 break; 670 case QCRYPTO_CIPHER_MODE_XTS: 671 goto bad_cipher_mode; 672 default: 673 g_assert_not_reached(); 674 } 675 676 ctx = g_new0(QCryptoNettleCAST128, 1); 677 ctx->base.driver = drv; 678 cast5_set_key(&ctx->key, nkey, key); 679 680 return &ctx->base; 681 } 682 683 case QCRYPTO_CIPHER_ALGO_SERPENT_128: 684 case QCRYPTO_CIPHER_ALGO_SERPENT_192: 685 case QCRYPTO_CIPHER_ALGO_SERPENT_256: 686 { 687 QCryptoNettleSerpent *ctx = g_new0(QCryptoNettleSerpent, 1); 688 689 switch (mode) { 690 case QCRYPTO_CIPHER_MODE_ECB: 691 ctx->base.driver = &qcrypto_nettle_serpent_driver_ecb; 692 break; 693 case QCRYPTO_CIPHER_MODE_CBC: 694 ctx->base.driver = &qcrypto_nettle_serpent_driver_cbc; 695 break; 696 case QCRYPTO_CIPHER_MODE_CTR: 697 ctx->base.driver = &qcrypto_nettle_serpent_driver_ctr; 698 break; 699 case QCRYPTO_CIPHER_MODE_XTS: 700 ctx->base.driver = &qcrypto_nettle_serpent_driver_xts; 701 nkey /= 2; 702 serpent_set_key(&ctx->key_xts, nkey, key + nkey); 703 break; 704 default: 705 g_assert_not_reached(); 706 } 707 serpent_set_key(&ctx->key, nkey, key); 708 709 return &ctx->base; 710 } 711 712 case QCRYPTO_CIPHER_ALGO_TWOFISH_128: 713 case QCRYPTO_CIPHER_ALGO_TWOFISH_192: 714 case QCRYPTO_CIPHER_ALGO_TWOFISH_256: 715 { 716 QCryptoNettleTwofish *ctx = g_new0(QCryptoNettleTwofish, 1); 717 718 switch (mode) { 719 case QCRYPTO_CIPHER_MODE_ECB: 720 ctx->base.driver = &qcrypto_nettle_twofish_driver_ecb; 721 break; 722 case QCRYPTO_CIPHER_MODE_CBC: 723 ctx->base.driver = &qcrypto_nettle_twofish_driver_cbc; 724 break; 725 case QCRYPTO_CIPHER_MODE_CTR: 726 ctx->base.driver = &qcrypto_nettle_twofish_driver_ctr; 727 break; 728 case QCRYPTO_CIPHER_MODE_XTS: 729 ctx->base.driver = &qcrypto_nettle_twofish_driver_xts; 730 nkey /= 2; 731 twofish_set_key(&ctx->key_xts, nkey, key + nkey); 732 break; 733 default: 734 g_assert_not_reached(); 735 } 736 twofish_set_key(&ctx->key, nkey, key); 737 738 return &ctx->base; 739 } 740#ifdef CONFIG_CRYPTO_SM4 741 case QCRYPTO_CIPHER_ALGO_SM4: 742 { 743 QCryptoNettleSm4 *ctx; 744 const QCryptoCipherDriver *drv; 745 746 switch (mode) { 747 case QCRYPTO_CIPHER_MODE_ECB: 748 drv = &qcrypto_nettle_sm4_driver_ecb; 749 break; 750 case QCRYPTO_CIPHER_MODE_CBC: 751 case QCRYPTO_CIPHER_MODE_CTR: 752 case QCRYPTO_CIPHER_MODE_XTS: 753 goto bad_cipher_mode; 754 default: 755 g_assert_not_reached(); 756 } 757 758 ctx = g_new0(QCryptoNettleSm4, 1); 759 ctx->base.driver = drv; 760 sm4_set_encrypt_key(&ctx->key[0], key); 761 sm4_set_decrypt_key(&ctx->key[1], key); 762 763 return &ctx->base; 764 } 765#endif 766 767 default: 768 error_setg(errp, "Unsupported cipher algorithm %s", 769 QCryptoCipherAlgo_str(alg)); 770 return NULL; 771 } 772 773 bad_cipher_mode: 774 error_setg(errp, "Unsupported cipher mode %s", 775 QCryptoCipherMode_str(mode)); 776 return NULL; 777} 778