1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21#include "qemu/osdep.h"
22#include "crypto/xts.h"
23#include "cipherpriv.h"
24
25#include <nettle/nettle-types.h>
26#include <nettle/aes.h>
27#include <nettle/des.h>
28#include <nettle/cbc.h>
29#include <nettle/cast128.h>
30#include <nettle/serpent.h>
31#include <nettle/twofish.h>
32#include <nettle/ctr.h>
33
34typedef void (*QCryptoCipherNettleFuncWrapper)(const void *ctx,
35 size_t length,
36 uint8_t *dst,
37 const uint8_t *src);
38
39#if CONFIG_NETTLE_VERSION_MAJOR < 3
40typedef nettle_crypt_func * QCryptoCipherNettleFuncNative;
41typedef void * cipher_ctx_t;
42typedef unsigned cipher_length_t;
43
44#define cast5_set_key cast128_set_key
45
46#define aes128_ctx aes_ctx
47#define aes192_ctx aes_ctx
48#define aes256_ctx aes_ctx
49#define aes128_set_encrypt_key(c, k) \
50 aes_set_encrypt_key(c, 16, k)
51#define aes192_set_encrypt_key(c, k) \
52 aes_set_encrypt_key(c, 24, k)
53#define aes256_set_encrypt_key(c, k) \
54 aes_set_encrypt_key(c, 32, k)
55#define aes128_set_decrypt_key(c, k) \
56 aes_set_decrypt_key(c, 16, k)
57#define aes192_set_decrypt_key(c, k) \
58 aes_set_decrypt_key(c, 24, k)
59#define aes256_set_decrypt_key(c, k) \
60 aes_set_decrypt_key(c, 32, k)
61#define aes128_encrypt aes_encrypt
62#define aes192_encrypt aes_encrypt
63#define aes256_encrypt aes_encrypt
64#define aes128_decrypt aes_decrypt
65#define aes192_decrypt aes_decrypt
66#define aes256_decrypt aes_decrypt
67#else
68typedef nettle_cipher_func * QCryptoCipherNettleFuncNative;
69typedef const void * cipher_ctx_t;
70typedef size_t cipher_length_t;
71#endif
72
73typedef struct QCryptoNettleAES128 {
74 struct aes128_ctx enc;
75 struct aes128_ctx dec;
76} QCryptoNettleAES128;
77
78typedef struct QCryptoNettleAES192 {
79 struct aes192_ctx enc;
80 struct aes192_ctx dec;
81} QCryptoNettleAES192;
82
83typedef struct QCryptoNettleAES256 {
84 struct aes256_ctx enc;
85 struct aes256_ctx dec;
86} QCryptoNettleAES256;
87
88static void aes128_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
89 uint8_t *dst, const uint8_t *src)
90{
91 const QCryptoNettleAES128 *aesctx = ctx;
92 aes128_encrypt(&aesctx->enc, length, dst, src);
93}
94
95static void aes128_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
96 uint8_t *dst, const uint8_t *src)
97{
98 const QCryptoNettleAES128 *aesctx = ctx;
99 aes128_decrypt(&aesctx->dec, length, dst, src);
100}
101
102static void aes192_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
103 uint8_t *dst, const uint8_t *src)
104{
105 const QCryptoNettleAES192 *aesctx = ctx;
106 aes192_encrypt(&aesctx->enc, length, dst, src);
107}
108
109static void aes192_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
110 uint8_t *dst, const uint8_t *src)
111{
112 const QCryptoNettleAES192 *aesctx = ctx;
113 aes192_decrypt(&aesctx->dec, length, dst, src);
114}
115
116static void aes256_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
117 uint8_t *dst, const uint8_t *src)
118{
119 const QCryptoNettleAES256 *aesctx = ctx;
120 aes256_encrypt(&aesctx->enc, length, dst, src);
121}
122
123static void aes256_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
124 uint8_t *dst, const uint8_t *src)
125{
126 const QCryptoNettleAES256 *aesctx = ctx;
127 aes256_decrypt(&aesctx->dec, length, dst, src);
128}
129
130static void des_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
131 uint8_t *dst, const uint8_t *src)
132{
133 des_encrypt(ctx, length, dst, src);
134}
135
136static void des_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
137 uint8_t *dst, const uint8_t *src)
138{
139 des_decrypt(ctx, length, dst, src);
140}
141
142static void des3_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
143 uint8_t *dst, const uint8_t *src)
144{
145 des3_encrypt(ctx, length, dst, src);
146}
147
148static void des3_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
149 uint8_t *dst, const uint8_t *src)
150{
151 des3_decrypt(ctx, length, dst, src);
152}
153
154static void cast128_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
155 uint8_t *dst, const uint8_t *src)
156{
157 cast128_encrypt(ctx, length, dst, src);
158}
159
160static void cast128_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
161 uint8_t *dst, const uint8_t *src)
162{
163 cast128_decrypt(ctx, length, dst, src);
164}
165
166static void serpent_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
167 uint8_t *dst, const uint8_t *src)
168{
169 serpent_encrypt(ctx, length, dst, src);
170}
171
172static void serpent_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
173 uint8_t *dst, const uint8_t *src)
174{
175 serpent_decrypt(ctx, length, dst, src);
176}
177
178static void twofish_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
179 uint8_t *dst, const uint8_t *src)
180{
181 twofish_encrypt(ctx, length, dst, src);
182}
183
184static void twofish_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
185 uint8_t *dst, const uint8_t *src)
186{
187 twofish_decrypt(ctx, length, dst, src);
188}
189
190static void aes128_encrypt_wrapper(const void *ctx, size_t length,
191 uint8_t *dst, const uint8_t *src)
192{
193 const QCryptoNettleAES128 *aesctx = ctx;
194 aes128_encrypt(&aesctx->enc, length, dst, src);
195}
196
197static void aes128_decrypt_wrapper(const void *ctx, size_t length,
198 uint8_t *dst, const uint8_t *src)
199{
200 const QCryptoNettleAES128 *aesctx = ctx;
201 aes128_decrypt(&aesctx->dec, length, dst, src);
202}
203
204static void aes192_encrypt_wrapper(const void *ctx, size_t length,
205 uint8_t *dst, const uint8_t *src)
206{
207 const QCryptoNettleAES192 *aesctx = ctx;
208 aes192_encrypt(&aesctx->enc, length, dst, src);
209}
210
211static void aes192_decrypt_wrapper(const void *ctx, size_t length,
212 uint8_t *dst, const uint8_t *src)
213{
214 const QCryptoNettleAES192 *aesctx = ctx;
215 aes192_decrypt(&aesctx->dec, length, dst, src);
216}
217
218static void aes256_encrypt_wrapper(const void *ctx, size_t length,
219 uint8_t *dst, const uint8_t *src)
220{
221 const QCryptoNettleAES256 *aesctx = ctx;
222 aes256_encrypt(&aesctx->enc, length, dst, src);
223}
224
225static void aes256_decrypt_wrapper(const void *ctx, size_t length,
226 uint8_t *dst, const uint8_t *src)
227{
228 const QCryptoNettleAES256 *aesctx = ctx;
229 aes256_decrypt(&aesctx->dec, length, dst, src);
230}
231
232static void des_encrypt_wrapper(const void *ctx, size_t length,
233 uint8_t *dst, const uint8_t *src)
234{
235 des_encrypt(ctx, length, dst, src);
236}
237
238static void des_decrypt_wrapper(const void *ctx, size_t length,
239 uint8_t *dst, const uint8_t *src)
240{
241 des_decrypt(ctx, length, dst, src);
242}
243
244static void des3_encrypt_wrapper(const void *ctx, size_t length,
245 uint8_t *dst, const uint8_t *src)
246{
247 des3_encrypt(ctx, length, dst, src);
248}
249
250static void des3_decrypt_wrapper(const void *ctx, size_t length,
251 uint8_t *dst, const uint8_t *src)
252{
253 des3_decrypt(ctx, length, dst, src);
254}
255
256static void cast128_encrypt_wrapper(const void *ctx, size_t length,
257 uint8_t *dst, const uint8_t *src)
258{
259 cast128_encrypt(ctx, length, dst, src);
260}
261
262static void cast128_decrypt_wrapper(const void *ctx, size_t length,
263 uint8_t *dst, const uint8_t *src)
264{
265 cast128_decrypt(ctx, length, dst, src);
266}
267
268static void serpent_encrypt_wrapper(const void *ctx, size_t length,
269 uint8_t *dst, const uint8_t *src)
270{
271 serpent_encrypt(ctx, length, dst, src);
272}
273
274static void serpent_decrypt_wrapper(const void *ctx, size_t length,
275 uint8_t *dst, const uint8_t *src)
276{
277 serpent_decrypt(ctx, length, dst, src);
278}
279
280static void twofish_encrypt_wrapper(const void *ctx, size_t length,
281 uint8_t *dst, const uint8_t *src)
282{
283 twofish_encrypt(ctx, length, dst, src);
284}
285
286static void twofish_decrypt_wrapper(const void *ctx, size_t length,
287 uint8_t *dst, const uint8_t *src)
288{
289 twofish_decrypt(ctx, length, dst, src);
290}
291
292typedef struct QCryptoCipherNettle QCryptoCipherNettle;
293struct QCryptoCipherNettle {
294
295 void *ctx;
296
297 void *ctx_tweak;
298
299 QCryptoCipherNettleFuncNative alg_encrypt_native;
300 QCryptoCipherNettleFuncNative alg_decrypt_native;
301 QCryptoCipherNettleFuncWrapper alg_encrypt_wrapper;
302 QCryptoCipherNettleFuncWrapper alg_decrypt_wrapper;
303
304 uint8_t *iv;
305 size_t blocksize;
306};
307
308bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg,
309 QCryptoCipherMode mode)
310{
311 switch (alg) {
312 case QCRYPTO_CIPHER_ALG_DES_RFB:
313 case QCRYPTO_CIPHER_ALG_3DES:
314 case QCRYPTO_CIPHER_ALG_AES_128:
315 case QCRYPTO_CIPHER_ALG_AES_192:
316 case QCRYPTO_CIPHER_ALG_AES_256:
317 case QCRYPTO_CIPHER_ALG_CAST5_128:
318 case QCRYPTO_CIPHER_ALG_SERPENT_128:
319 case QCRYPTO_CIPHER_ALG_SERPENT_192:
320 case QCRYPTO_CIPHER_ALG_SERPENT_256:
321 case QCRYPTO_CIPHER_ALG_TWOFISH_128:
322 case QCRYPTO_CIPHER_ALG_TWOFISH_192:
323 case QCRYPTO_CIPHER_ALG_TWOFISH_256:
324 break;
325 default:
326 return false;
327 }
328
329 switch (mode) {
330 case QCRYPTO_CIPHER_MODE_ECB:
331 case QCRYPTO_CIPHER_MODE_CBC:
332 case QCRYPTO_CIPHER_MODE_XTS:
333 case QCRYPTO_CIPHER_MODE_CTR:
334 return true;
335 default:
336 return false;
337 }
338}
339
340
341static void
342qcrypto_nettle_cipher_free_ctx(QCryptoCipherNettle *ctx)
343{
344 if (!ctx) {
345 return;
346 }
347
348 g_free(ctx->iv);
349 g_free(ctx->ctx);
350 g_free(ctx->ctx_tweak);
351 g_free(ctx);
352}
353
354
355static QCryptoCipherNettle *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg,
356 QCryptoCipherMode mode,
357 const uint8_t *key,
358 size_t nkey,
359 Error **errp)
360{
361 QCryptoCipherNettle *ctx;
362 uint8_t *rfbkey;
363
364 switch (mode) {
365 case QCRYPTO_CIPHER_MODE_ECB:
366 case QCRYPTO_CIPHER_MODE_CBC:
367 case QCRYPTO_CIPHER_MODE_XTS:
368 case QCRYPTO_CIPHER_MODE_CTR:
369 break;
370 default:
371 error_setg(errp, "Unsupported cipher mode %s",
372 QCryptoCipherMode_str(mode));
373 return NULL;
374 }
375
376 if (!qcrypto_cipher_validate_key_length(alg, mode, nkey, errp)) {
377 return NULL;
378 }
379
380 ctx = g_new0(QCryptoCipherNettle, 1);
381
382 switch (alg) {
383 case QCRYPTO_CIPHER_ALG_DES_RFB:
384 ctx->ctx = g_new0(struct des_ctx, 1);
385 rfbkey = qcrypto_cipher_munge_des_rfb_key(key, nkey);
386 des_set_key(ctx->ctx, rfbkey);
387 g_free(rfbkey);
388
389 ctx->alg_encrypt_native = des_encrypt_native;
390 ctx->alg_decrypt_native = des_decrypt_native;
391 ctx->alg_encrypt_wrapper = des_encrypt_wrapper;
392 ctx->alg_decrypt_wrapper = des_decrypt_wrapper;
393
394 ctx->blocksize = DES_BLOCK_SIZE;
395 break;
396
397 case QCRYPTO_CIPHER_ALG_3DES:
398 ctx->ctx = g_new0(struct des3_ctx, 1);
399 des3_set_key(ctx->ctx, key);
400
401 ctx->alg_encrypt_native = des3_encrypt_native;
402 ctx->alg_decrypt_native = des3_decrypt_native;
403 ctx->alg_encrypt_wrapper = des3_encrypt_wrapper;
404 ctx->alg_decrypt_wrapper = des3_decrypt_wrapper;
405
406 ctx->blocksize = DES3_BLOCK_SIZE;
407 break;
408
409 case QCRYPTO_CIPHER_ALG_AES_128:
410 ctx->ctx = g_new0(QCryptoNettleAES128, 1);
411
412 if (mode == QCRYPTO_CIPHER_MODE_XTS) {
413 ctx->ctx_tweak = g_new0(QCryptoNettleAES128, 1);
414
415 nkey /= 2;
416 aes128_set_encrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->enc,
417 key);
418 aes128_set_decrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->dec,
419 key);
420
421 aes128_set_encrypt_key(&((QCryptoNettleAES128 *)ctx->ctx_tweak)->
422 enc, key + nkey);
423 aes128_set_decrypt_key(&((QCryptoNettleAES128 *)ctx->ctx_tweak)->
424 dec, key + nkey);
425 } else {
426 aes128_set_encrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->enc,
427 key);
428 aes128_set_decrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->dec,
429 key);
430 }
431
432 ctx->alg_encrypt_native = aes128_encrypt_native;
433 ctx->alg_decrypt_native = aes128_decrypt_native;
434 ctx->alg_encrypt_wrapper = aes128_encrypt_wrapper;
435 ctx->alg_decrypt_wrapper = aes128_decrypt_wrapper;
436
437 ctx->blocksize = AES_BLOCK_SIZE;
438 break;
439
440 case QCRYPTO_CIPHER_ALG_AES_192:
441 ctx->ctx = g_new0(QCryptoNettleAES192, 1);
442
443 if (mode == QCRYPTO_CIPHER_MODE_XTS) {
444 ctx->ctx_tweak = g_new0(QCryptoNettleAES192, 1);
445
446 nkey /= 2;
447 aes192_set_encrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->enc,
448 key);
449 aes192_set_decrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->dec,
450 key);
451
452 aes192_set_encrypt_key(&((QCryptoNettleAES192 *)ctx->ctx_tweak)->
453 enc, key + nkey);
454 aes192_set_decrypt_key(&((QCryptoNettleAES192 *)ctx->ctx_tweak)->
455 dec, key + nkey);
456 } else {
457 aes192_set_encrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->enc,
458 key);
459 aes192_set_decrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->dec,
460 key);
461 }
462
463 ctx->alg_encrypt_native = aes192_encrypt_native;
464 ctx->alg_decrypt_native = aes192_decrypt_native;
465 ctx->alg_encrypt_wrapper = aes192_encrypt_wrapper;
466 ctx->alg_decrypt_wrapper = aes192_decrypt_wrapper;
467
468 ctx->blocksize = AES_BLOCK_SIZE;
469 break;
470
471 case QCRYPTO_CIPHER_ALG_AES_256:
472 ctx->ctx = g_new0(QCryptoNettleAES256, 1);
473
474 if (mode == QCRYPTO_CIPHER_MODE_XTS) {
475 ctx->ctx_tweak = g_new0(QCryptoNettleAES256, 1);
476
477 nkey /= 2;
478 aes256_set_encrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->enc,
479 key);
480 aes256_set_decrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->dec,
481 key);
482
483 aes256_set_encrypt_key(&((QCryptoNettleAES256 *)ctx->ctx_tweak)->
484 enc, key + nkey);
485 aes256_set_decrypt_key(&((QCryptoNettleAES256 *)ctx->ctx_tweak)->
486 dec, key + nkey);
487 } else {
488 aes256_set_encrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->enc,
489 key);
490 aes256_set_decrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->dec,
491 key);
492 }
493
494 ctx->alg_encrypt_native = aes256_encrypt_native;
495 ctx->alg_decrypt_native = aes256_decrypt_native;
496 ctx->alg_encrypt_wrapper = aes256_encrypt_wrapper;
497 ctx->alg_decrypt_wrapper = aes256_decrypt_wrapper;
498
499 ctx->blocksize = AES_BLOCK_SIZE;
500 break;
501
502 case QCRYPTO_CIPHER_ALG_CAST5_128:
503 ctx->ctx = g_new0(struct cast128_ctx, 1);
504
505 if (mode == QCRYPTO_CIPHER_MODE_XTS) {
506 ctx->ctx_tweak = g_new0(struct cast128_ctx, 1);
507
508 nkey /= 2;
509 cast5_set_key(ctx->ctx, nkey, key);
510 cast5_set_key(ctx->ctx_tweak, nkey, key + nkey);
511 } else {
512 cast5_set_key(ctx->ctx, nkey, key);
513 }
514
515 ctx->alg_encrypt_native = cast128_encrypt_native;
516 ctx->alg_decrypt_native = cast128_decrypt_native;
517 ctx->alg_encrypt_wrapper = cast128_encrypt_wrapper;
518 ctx->alg_decrypt_wrapper = cast128_decrypt_wrapper;
519
520 ctx->blocksize = CAST128_BLOCK_SIZE;
521 break;
522
523 case QCRYPTO_CIPHER_ALG_SERPENT_128:
524 case QCRYPTO_CIPHER_ALG_SERPENT_192:
525 case QCRYPTO_CIPHER_ALG_SERPENT_256:
526 ctx->ctx = g_new0(struct serpent_ctx, 1);
527
528 if (mode == QCRYPTO_CIPHER_MODE_XTS) {
529 ctx->ctx_tweak = g_new0(struct serpent_ctx, 1);
530
531 nkey /= 2;
532 serpent_set_key(ctx->ctx, nkey, key);
533 serpent_set_key(ctx->ctx_tweak, nkey, key + nkey);
534 } else {
535 serpent_set_key(ctx->ctx, nkey, key);
536 }
537
538 ctx->alg_encrypt_native = serpent_encrypt_native;
539 ctx->alg_decrypt_native = serpent_decrypt_native;
540 ctx->alg_encrypt_wrapper = serpent_encrypt_wrapper;
541 ctx->alg_decrypt_wrapper = serpent_decrypt_wrapper;
542
543 ctx->blocksize = SERPENT_BLOCK_SIZE;
544 break;
545
546 case QCRYPTO_CIPHER_ALG_TWOFISH_128:
547 case QCRYPTO_CIPHER_ALG_TWOFISH_192:
548 case QCRYPTO_CIPHER_ALG_TWOFISH_256:
549 ctx->ctx = g_new0(struct twofish_ctx, 1);
550
551 if (mode == QCRYPTO_CIPHER_MODE_XTS) {
552 ctx->ctx_tweak = g_new0(struct twofish_ctx, 1);
553
554 nkey /= 2;
555 twofish_set_key(ctx->ctx, nkey, key);
556 twofish_set_key(ctx->ctx_tweak, nkey, key + nkey);
557 } else {
558 twofish_set_key(ctx->ctx, nkey, key);
559 }
560
561 ctx->alg_encrypt_native = twofish_encrypt_native;
562 ctx->alg_decrypt_native = twofish_decrypt_native;
563 ctx->alg_encrypt_wrapper = twofish_encrypt_wrapper;
564 ctx->alg_decrypt_wrapper = twofish_decrypt_wrapper;
565
566 ctx->blocksize = TWOFISH_BLOCK_SIZE;
567 break;
568
569 default:
570 error_setg(errp, "Unsupported cipher algorithm %s",
571 QCryptoCipherAlgorithm_str(alg));
572 goto error;
573 }
574
575 if (mode == QCRYPTO_CIPHER_MODE_XTS &&
576 ctx->blocksize != XTS_BLOCK_SIZE) {
577 error_setg(errp, "Cipher block size %zu must equal XTS block size %d",
578 ctx->blocksize, XTS_BLOCK_SIZE);
579 goto error;
580 }
581
582 ctx->iv = g_new0(uint8_t, ctx->blocksize);
583
584 return ctx;
585
586 error:
587 qcrypto_nettle_cipher_free_ctx(ctx);
588 return NULL;
589}
590
591
592static void
593qcrypto_nettle_cipher_ctx_free(QCryptoCipher *cipher)
594{
595 QCryptoCipherNettle *ctx;
596
597 ctx = cipher->opaque;
598 qcrypto_nettle_cipher_free_ctx(ctx);
599}
600
601
602static int
603qcrypto_nettle_cipher_encrypt(QCryptoCipher *cipher,
604 const void *in,
605 void *out,
606 size_t len,
607 Error **errp)
608{
609 QCryptoCipherNettle *ctx = cipher->opaque;
610
611 if (len % ctx->blocksize) {
612 error_setg(errp, "Length %zu must be a multiple of block size %zu",
613 len, ctx->blocksize);
614 return -1;
615 }
616
617 switch (cipher->mode) {
618 case QCRYPTO_CIPHER_MODE_ECB:
619 ctx->alg_encrypt_wrapper(ctx->ctx, len, out, in);
620 break;
621
622 case QCRYPTO_CIPHER_MODE_CBC:
623 cbc_encrypt(ctx->ctx, ctx->alg_encrypt_native,
624 ctx->blocksize, ctx->iv,
625 len, out, in);
626 break;
627
628 case QCRYPTO_CIPHER_MODE_XTS:
629 xts_encrypt(ctx->ctx, ctx->ctx_tweak,
630 ctx->alg_encrypt_wrapper, ctx->alg_encrypt_wrapper,
631 ctx->iv, len, out, in);
632 break;
633
634 case QCRYPTO_CIPHER_MODE_CTR:
635 ctr_crypt(ctx->ctx, ctx->alg_encrypt_native,
636 ctx->blocksize, ctx->iv,
637 len, out, in);
638 break;
639
640 default:
641 error_setg(errp, "Unsupported cipher mode %s",
642 QCryptoCipherMode_str(cipher->mode));
643 return -1;
644 }
645 return 0;
646}
647
648
649static int
650qcrypto_nettle_cipher_decrypt(QCryptoCipher *cipher,
651 const void *in,
652 void *out,
653 size_t len,
654 Error **errp)
655{
656 QCryptoCipherNettle *ctx = cipher->opaque;
657
658 if (len % ctx->blocksize) {
659 error_setg(errp, "Length %zu must be a multiple of block size %zu",
660 len, ctx->blocksize);
661 return -1;
662 }
663
664 switch (cipher->mode) {
665 case QCRYPTO_CIPHER_MODE_ECB:
666 ctx->alg_decrypt_wrapper(ctx->ctx, len, out, in);
667 break;
668
669 case QCRYPTO_CIPHER_MODE_CBC:
670 cbc_decrypt(ctx->ctx, ctx->alg_decrypt_native,
671 ctx->blocksize, ctx->iv,
672 len, out, in);
673 break;
674
675 case QCRYPTO_CIPHER_MODE_XTS:
676 xts_decrypt(ctx->ctx, ctx->ctx_tweak,
677 ctx->alg_encrypt_wrapper, ctx->alg_decrypt_wrapper,
678 ctx->iv, len, out, in);
679 break;
680 case QCRYPTO_CIPHER_MODE_CTR:
681 ctr_crypt(ctx->ctx, ctx->alg_encrypt_native,
682 ctx->blocksize, ctx->iv,
683 len, out, in);
684 break;
685
686 default:
687 error_setg(errp, "Unsupported cipher mode %s",
688 QCryptoCipherMode_str(cipher->mode));
689 return -1;
690 }
691 return 0;
692}
693
694static int
695qcrypto_nettle_cipher_setiv(QCryptoCipher *cipher,
696 const uint8_t *iv, size_t niv,
697 Error **errp)
698{
699 QCryptoCipherNettle *ctx = cipher->opaque;
700 if (niv != ctx->blocksize) {
701 error_setg(errp, "Expected IV size %zu not %zu",
702 ctx->blocksize, niv);
703 return -1;
704 }
705 memcpy(ctx->iv, iv, niv);
706 return 0;
707}
708
709
710static struct QCryptoCipherDriver qcrypto_cipher_lib_driver = {
711 .cipher_encrypt = qcrypto_nettle_cipher_encrypt,
712 .cipher_decrypt = qcrypto_nettle_cipher_decrypt,
713 .cipher_setiv = qcrypto_nettle_cipher_setiv,
714 .cipher_free = qcrypto_nettle_cipher_ctx_free,
715};
716
