1 /* 2 * QEMU Crypto cipher algorithms 3 * 4 * Copyright (c) 2015 Red Hat, Inc. 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2.1 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 18 * 19 */ 20 21 #include "qemu/osdep.h" 22 #include "qemu/host-utils.h" 23 #include "qapi/error.h" 24 #include "crypto/cipher.h" 25 #include "cipherpriv.h" 26 27 28 static const size_t alg_key_len[QCRYPTO_CIPHER_ALG__MAX] = { 29 [QCRYPTO_CIPHER_ALG_AES_128] = 16, 30 [QCRYPTO_CIPHER_ALG_AES_192] = 24, 31 [QCRYPTO_CIPHER_ALG_AES_256] = 32, 32 [QCRYPTO_CIPHER_ALG_DES] = 8, 33 [QCRYPTO_CIPHER_ALG_3DES] = 24, 34 [QCRYPTO_CIPHER_ALG_CAST5_128] = 16, 35 [QCRYPTO_CIPHER_ALG_SERPENT_128] = 16, 36 [QCRYPTO_CIPHER_ALG_SERPENT_192] = 24, 37 [QCRYPTO_CIPHER_ALG_SERPENT_256] = 32, 38 [QCRYPTO_CIPHER_ALG_TWOFISH_128] = 16, 39 [QCRYPTO_CIPHER_ALG_TWOFISH_192] = 24, 40 [QCRYPTO_CIPHER_ALG_TWOFISH_256] = 32, 41 }; 42 43 static const size_t alg_block_len[QCRYPTO_CIPHER_ALG__MAX] = { 44 [QCRYPTO_CIPHER_ALG_AES_128] = 16, 45 [QCRYPTO_CIPHER_ALG_AES_192] = 16, 46 [QCRYPTO_CIPHER_ALG_AES_256] = 16, 47 [QCRYPTO_CIPHER_ALG_DES] = 8, 48 [QCRYPTO_CIPHER_ALG_3DES] = 8, 49 [QCRYPTO_CIPHER_ALG_CAST5_128] = 8, 50 [QCRYPTO_CIPHER_ALG_SERPENT_128] = 16, 51 [QCRYPTO_CIPHER_ALG_SERPENT_192] = 16, 52 [QCRYPTO_CIPHER_ALG_SERPENT_256] = 16, 53 [QCRYPTO_CIPHER_ALG_TWOFISH_128] = 16, 54 [QCRYPTO_CIPHER_ALG_TWOFISH_192] = 16, 55 [QCRYPTO_CIPHER_ALG_TWOFISH_256] = 16, 56 }; 57 58 static const bool mode_need_iv[QCRYPTO_CIPHER_MODE__MAX] = { 59 [QCRYPTO_CIPHER_MODE_ECB] = false, 60 [QCRYPTO_CIPHER_MODE_CBC] = true, 61 [QCRYPTO_CIPHER_MODE_XTS] = true, 62 [QCRYPTO_CIPHER_MODE_CTR] = true, 63 }; 64 65 66 size_t qcrypto_cipher_get_block_len(QCryptoCipherAlgorithm alg) 67 { 68 assert(alg < G_N_ELEMENTS(alg_key_len)); 69 return alg_block_len[alg]; 70 } 71 72 73 size_t qcrypto_cipher_get_key_len(QCryptoCipherAlgorithm alg) 74 { 75 assert(alg < G_N_ELEMENTS(alg_key_len)); 76 return alg_key_len[alg]; 77 } 78 79 80 size_t qcrypto_cipher_get_iv_len(QCryptoCipherAlgorithm alg, 81 QCryptoCipherMode mode) 82 { 83 if (alg >= G_N_ELEMENTS(alg_block_len)) { 84 return 0; 85 } 86 if (mode >= G_N_ELEMENTS(mode_need_iv)) { 87 return 0; 88 } 89 90 if (mode_need_iv[mode]) { 91 return alg_block_len[alg]; 92 } 93 return 0; 94 } 95 96 97 static bool 98 qcrypto_cipher_validate_key_length(QCryptoCipherAlgorithm alg, 99 QCryptoCipherMode mode, 100 size_t nkey, 101 Error **errp) 102 { 103 if ((unsigned)alg >= QCRYPTO_CIPHER_ALG__MAX) { 104 error_setg(errp, "Cipher algorithm %d out of range", 105 alg); 106 return false; 107 } 108 109 if (mode == QCRYPTO_CIPHER_MODE_XTS) { 110 if (alg == QCRYPTO_CIPHER_ALG_DES || 111 alg == QCRYPTO_CIPHER_ALG_3DES) { 112 error_setg(errp, "XTS mode not compatible with DES/3DES"); 113 return false; 114 } 115 if (nkey % 2) { 116 error_setg(errp, "XTS cipher key length should be a multiple of 2"); 117 return false; 118 } 119 120 if (alg_key_len[alg] != (nkey / 2)) { 121 error_setg(errp, "Cipher key length %zu should be %zu", 122 nkey, alg_key_len[alg] * 2); 123 return false; 124 } 125 } else { 126 if (alg_key_len[alg] != nkey) { 127 error_setg(errp, "Cipher key length %zu should be %zu", 128 nkey, alg_key_len[alg]); 129 return false; 130 } 131 } 132 return true; 133 } 134 135 #ifdef CONFIG_GCRYPT 136 #include "cipher-gcrypt.c.inc" 137 #elif defined CONFIG_NETTLE 138 #include "cipher-nettle.c.inc" 139 #elif defined CONFIG_GNUTLS_CRYPTO 140 #include "cipher-gnutls.c.inc" 141 #else 142 #include "cipher-builtin.c.inc" 143 #endif 144 145 QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg, 146 QCryptoCipherMode mode, 147 const uint8_t *key, size_t nkey, 148 Error **errp) 149 { 150 QCryptoCipher *cipher = NULL; 151 152 #ifdef CONFIG_AF_ALG 153 cipher = qcrypto_afalg_cipher_ctx_new(alg, mode, key, nkey, NULL); 154 #endif 155 156 if (!cipher) { 157 cipher = qcrypto_cipher_ctx_new(alg, mode, key, nkey, errp); 158 if (!cipher) { 159 return NULL; 160 } 161 } 162 163 cipher->alg = alg; 164 cipher->mode = mode; 165 166 return cipher; 167 } 168 169 170 int qcrypto_cipher_encrypt(QCryptoCipher *cipher, 171 const void *in, 172 void *out, 173 size_t len, 174 Error **errp) 175 { 176 const QCryptoCipherDriver *drv = cipher->driver; 177 return drv->cipher_encrypt(cipher, in, out, len, errp); 178 } 179 180 181 int qcrypto_cipher_decrypt(QCryptoCipher *cipher, 182 const void *in, 183 void *out, 184 size_t len, 185 Error **errp) 186 { 187 const QCryptoCipherDriver *drv = cipher->driver; 188 return drv->cipher_decrypt(cipher, in, out, len, errp); 189 } 190 191 192 int qcrypto_cipher_setiv(QCryptoCipher *cipher, 193 const uint8_t *iv, size_t niv, 194 Error **errp) 195 { 196 const QCryptoCipherDriver *drv = cipher->driver; 197 return drv->cipher_setiv(cipher, iv, niv, errp); 198 } 199 200 201 void qcrypto_cipher_free(QCryptoCipher *cipher) 202 { 203 if (cipher) { 204 cipher->driver->cipher_free(cipher); 205 } 206 } 207