1/* 2 * QEMU Crypto cipher algorithms 3 * 4 * Copyright (c) 2015 Red Hat, Inc. 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2.1 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 18 * 19 */ 20 21#ifndef QCRYPTO_CIPHER_H 22#define QCRYPTO_CIPHER_H 23 24#include "qapi/qapi-types-crypto.h" 25 26typedef struct QCryptoCipher QCryptoCipher; 27 28/* See also "QCryptoCipherAlgorithm" and "QCryptoCipherMode" 29 * enums defined in qapi/crypto.json */ 30 31/** 32 * QCryptoCipher: 33 * 34 * The QCryptoCipher object provides a way to perform encryption 35 * and decryption of data, with a standard API, regardless of the 36 * algorithm used. It further isolates the calling code from the 37 * details of the specific underlying implementation, whether 38 * built-in, libgcrypt or nettle. 39 * 40 * Each QCryptoCipher object is capable of performing both 41 * encryption and decryption, and can operate in a number 42 * or modes including ECB, CBC. 43 * 44 * <example> 45 * <title>Encrypting data with AES-128 in CBC mode</title> 46 * <programlisting> 47 * QCryptoCipher *cipher; 48 * uint8_t key = ....; 49 * size_t keylen = 16; 50 * uint8_t iv = ....; 51 * 52 * if (!qcrypto_cipher_supports(QCRYPTO_CIPHER_ALG_AES_128)) { 53 * error_report(errp, "Feature <blah> requires AES cipher support"); 54 * return -1; 55 * } 56 * 57 * cipher = qcrypto_cipher_new(QCRYPTO_CIPHER_ALG_AES_128, 58 * QCRYPTO_CIPHER_MODE_CBC, 59 * key, keylen, 60 * errp); 61 * if (!cipher) { 62 * return -1; 63 * } 64 * 65 * if (qcrypto_cipher_set_iv(cipher, iv, keylen, errp) < 0) { 66 * return -1; 67 * } 68 * 69 * if (qcrypto_cipher_encrypt(cipher, rawdata, encdata, datalen, errp) < 0) { 70 * return -1; 71 * } 72 * 73 * qcrypto_cipher_free(cipher); 74 * </programlisting> 75 * </example> 76 * 77 */ 78 79struct QCryptoCipher { 80 QCryptoCipherAlgorithm alg; 81 QCryptoCipherMode mode; 82 void *opaque; 83 void *driver; 84}; 85 86/** 87 * qcrypto_cipher_supports: 88 * @alg: the cipher algorithm 89 * @mode: the cipher mode 90 * 91 * Determine if @alg cipher algorithm in @mode is supported by the 92 * current configured build 93 * 94 * Returns: true if the algorithm is supported, false otherwise 95 */ 96bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, 97 QCryptoCipherMode mode); 98 99/** 100 * qcrypto_cipher_get_block_len: 101 * @alg: the cipher algorithm 102 * 103 * Get the required data block size in bytes. When 104 * encrypting data, it must be a multiple of the 105 * block size. 106 * 107 * Returns: the block size in bytes 108 */ 109size_t qcrypto_cipher_get_block_len(QCryptoCipherAlgorithm alg); 110 111 112/** 113 * qcrypto_cipher_get_key_len: 114 * @alg: the cipher algorithm 115 * 116 * Get the required key size in bytes. 117 * 118 * Returns: the key size in bytes 119 */ 120size_t qcrypto_cipher_get_key_len(QCryptoCipherAlgorithm alg); 121 122 123/** 124 * qcrypto_cipher_get_iv_len: 125 * @alg: the cipher algorithm 126 * @mode: the cipher mode 127 * 128 * Get the required initialization vector size 129 * in bytes, if one is required. 130 * 131 * Returns: the IV size in bytes, or 0 if no IV is permitted 132 */ 133size_t qcrypto_cipher_get_iv_len(QCryptoCipherAlgorithm alg, 134 QCryptoCipherMode mode); 135 136 137/** 138 * qcrypto_cipher_new: 139 * @alg: the cipher algorithm 140 * @mode: the cipher usage mode 141 * @key: the private key bytes 142 * @nkey: the length of @key 143 * @errp: pointer to a NULL-initialized error object 144 * 145 * Creates a new cipher object for encrypting/decrypting 146 * data with the algorithm @alg in the usage mode @mode. 147 * 148 * The @key parameter provides the bytes representing 149 * the encryption/decryption key to use. The @nkey parameter 150 * specifies the length of @key in bytes. Each algorithm has 151 * one or more valid key lengths, and it is an error to provide 152 * a key of the incorrect length. 153 * 154 * The returned cipher object must be released with 155 * qcrypto_cipher_free() when no longer required 156 * 157 * Returns: a new cipher object, or NULL on error 158 */ 159QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg, 160 QCryptoCipherMode mode, 161 const uint8_t *key, size_t nkey, 162 Error **errp); 163 164/** 165 * qcrypto_cipher_free: 166 * @cipher: the cipher object 167 * 168 * Release the memory associated with @cipher that 169 * was previously allocated by qcrypto_cipher_new() 170 */ 171void qcrypto_cipher_free(QCryptoCipher *cipher); 172 173/** 174 * qcrypto_cipher_encrypt: 175 * @cipher: the cipher object 176 * @in: buffer holding the plain text input data 177 * @out: buffer to fill with the cipher text output data 178 * @len: the length of @in and @out buffers 179 * @errp: pointer to a NULL-initialized error object 180 * 181 * Encrypts the plain text stored in @in, filling 182 * @out with the resulting ciphered text. Both the 183 * @in and @out buffers must have the same size, 184 * given by @len. 185 * 186 * Returns: 0 on success, or -1 on error 187 */ 188int qcrypto_cipher_encrypt(QCryptoCipher *cipher, 189 const void *in, 190 void *out, 191 size_t len, 192 Error **errp); 193 194 195/** 196 * qcrypto_cipher_decrypt: 197 * @cipher: the cipher object 198 * @in: buffer holding the cipher text input data 199 * @out: buffer to fill with the plain text output data 200 * @len: the length of @in and @out buffers 201 * @errp: pointer to a NULL-initialized error object 202 * 203 * Decrypts the cipher text stored in @in, filling 204 * @out with the resulting plain text. Both the 205 * @in and @out buffers must have the same size, 206 * given by @len. 207 * 208 * Returns: 0 on success, or -1 on error 209 */ 210int qcrypto_cipher_decrypt(QCryptoCipher *cipher, 211 const void *in, 212 void *out, 213 size_t len, 214 Error **errp); 215 216/** 217 * qcrypto_cipher_setiv: 218 * @cipher: the cipher object 219 * @iv: the initialization vector or counter (CTR mode) bytes 220 * @niv: the length of @iv 221 * @errpr: pointer to a NULL-initialized error object 222 * 223 * If the @cipher object is setup to use a mode that requires 224 * initialization vectors or counter, this sets the @niv 225 * bytes. The @iv data should have the same length as the 226 * cipher key used when originally constructing the cipher 227 * object. It is an error to set an initialization vector 228 * or counter if the cipher mode does not require one. 229 * 230 * Returns: 0 on success, -1 on error 231 */ 232int qcrypto_cipher_setiv(QCryptoCipher *cipher, 233 const uint8_t *iv, size_t niv, 234 Error **errp); 235 236#endif /* QCRYPTO_CIPHER_H */ 237