/
valemobil
/
qemu
GigaCode
beta
ОбзорЦентр заботыВойти

qemu

Форк
0
Ветки: 48Коммиты: 115287Теги: 388
qemu
/crypto
/
cipher.c 
212 строк · 5.9 Кб
1
/*
2
 * QEMU Crypto cipher algorithms
3
 *
4
 * Copyright (c) 2015 Red Hat, Inc.
5
 *
6
 * This library is free software; you can redistribute it and/or
7
 * modify it under the terms of the GNU Lesser General Public
8
 * License as published by the Free Software Foundation; either
9
 * version 2.1 of the License, or (at your option) any later version.
10
 *
11
 * This library is distributed in the hope that it will be useful,
12
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14
 * Lesser General Public License for more details.
15
 *
16
 * You should have received a copy of the GNU Lesser General Public
17
 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18
 *
19
 */
20


21
#include "qemu/osdep.h"
22
#include "qemu/host-utils.h"
23
#include "qapi/error.h"
24
#include "crypto/cipher.h"
25
#include "cipherpriv.h"
26


27


28
static const size_t alg_key_len[QCRYPTO_CIPHER_ALG__MAX] = {
29
    [QCRYPTO_CIPHER_ALG_AES_128] = 16,
30
    [QCRYPTO_CIPHER_ALG_AES_192] = 24,
31
    [QCRYPTO_CIPHER_ALG_AES_256] = 32,
32
    [QCRYPTO_CIPHER_ALG_DES] = 8,
33
    [QCRYPTO_CIPHER_ALG_3DES] = 24,
34
    [QCRYPTO_CIPHER_ALG_CAST5_128] = 16,
35
    [QCRYPTO_CIPHER_ALG_SERPENT_128] = 16,
36
    [QCRYPTO_CIPHER_ALG_SERPENT_192] = 24,
37
    [QCRYPTO_CIPHER_ALG_SERPENT_256] = 32,
38
    [QCRYPTO_CIPHER_ALG_TWOFISH_128] = 16,
39
    [QCRYPTO_CIPHER_ALG_TWOFISH_192] = 24,
40
    [QCRYPTO_CIPHER_ALG_TWOFISH_256] = 32,
41
#ifdef CONFIG_CRYPTO_SM4
42
    [QCRYPTO_CIPHER_ALG_SM4] = 16,
43
#endif
44
};
45


46
static const size_t alg_block_len[QCRYPTO_CIPHER_ALG__MAX] = {
47
    [QCRYPTO_CIPHER_ALG_AES_128] = 16,
48
    [QCRYPTO_CIPHER_ALG_AES_192] = 16,
49
    [QCRYPTO_CIPHER_ALG_AES_256] = 16,
50
    [QCRYPTO_CIPHER_ALG_DES] = 8,
51
    [QCRYPTO_CIPHER_ALG_3DES] = 8,
52
    [QCRYPTO_CIPHER_ALG_CAST5_128] = 8,
53
    [QCRYPTO_CIPHER_ALG_SERPENT_128] = 16,
54
    [QCRYPTO_CIPHER_ALG_SERPENT_192] = 16,
55
    [QCRYPTO_CIPHER_ALG_SERPENT_256] = 16,
56
    [QCRYPTO_CIPHER_ALG_TWOFISH_128] = 16,
57
    [QCRYPTO_CIPHER_ALG_TWOFISH_192] = 16,
58
    [QCRYPTO_CIPHER_ALG_TWOFISH_256] = 16,
59
#ifdef CONFIG_CRYPTO_SM4
60
    [QCRYPTO_CIPHER_ALG_SM4] = 16,
61
#endif
62
};
63


64
static const bool mode_need_iv[QCRYPTO_CIPHER_MODE__MAX] = {
65
    [QCRYPTO_CIPHER_MODE_ECB] = false,
66
    [QCRYPTO_CIPHER_MODE_CBC] = true,
67
    [QCRYPTO_CIPHER_MODE_XTS] = true,
68
    [QCRYPTO_CIPHER_MODE_CTR] = true,
69
};
70


71


72
size_t qcrypto_cipher_get_block_len(QCryptoCipherAlgorithm alg)
73
{
74
    assert(alg < G_N_ELEMENTS(alg_key_len));
75
    return alg_block_len[alg];
76
}
77


78


79
size_t qcrypto_cipher_get_key_len(QCryptoCipherAlgorithm alg)
80
{
81
    assert(alg < G_N_ELEMENTS(alg_key_len));
82
    return alg_key_len[alg];
83
}
84


85


86
size_t qcrypto_cipher_get_iv_len(QCryptoCipherAlgorithm alg,
87
                                 QCryptoCipherMode mode)
88
{
89
    if (alg >= G_N_ELEMENTS(alg_block_len)) {
90
        return 0;
91
    }
92
    if (mode >= G_N_ELEMENTS(mode_need_iv)) {
93
        return 0;
94
    }
95


96
    if (mode_need_iv[mode]) {
97
        return alg_block_len[alg];
98
    }
99
    return 0;
100
}
101


102


103
static bool
104
qcrypto_cipher_validate_key_length(QCryptoCipherAlgorithm alg,
105
                                   QCryptoCipherMode mode,
106
                                   size_t nkey,
107
                                   Error **errp)
108
{
109
    if ((unsigned)alg >= QCRYPTO_CIPHER_ALG__MAX) {
110
        error_setg(errp, "Cipher algorithm %d out of range",
111
                   alg);
112
        return false;
113
    }
114


115
    if (mode == QCRYPTO_CIPHER_MODE_XTS) {
116
        if (alg == QCRYPTO_CIPHER_ALG_DES ||
117
            alg == QCRYPTO_CIPHER_ALG_3DES) {
118
            error_setg(errp, "XTS mode not compatible with DES/3DES");
119
            return false;
120
        }
121
        if (nkey % 2) {
122
            error_setg(errp, "XTS cipher key length should be a multiple of 2");
123
            return false;
124
        }
125


126
        if (alg_key_len[alg] != (nkey / 2)) {
127
            error_setg(errp, "Cipher key length %zu should be %zu",
128
                       nkey, alg_key_len[alg] * 2);
129
            return false;
130
        }
131
    } else {
132
        if (alg_key_len[alg] != nkey) {
133
            error_setg(errp, "Cipher key length %zu should be %zu",
134
                       nkey, alg_key_len[alg]);
135
            return false;
136
        }
137
    }
138
    return true;
139
}
140


141
#ifdef CONFIG_GCRYPT
142
#include "cipher-gcrypt.c.inc"
143
#elif defined CONFIG_NETTLE
144
#include "cipher-nettle.c.inc"
145
#elif defined CONFIG_GNUTLS_CRYPTO
146
#include "cipher-gnutls.c.inc"
147
#else
148
#include "cipher-builtin.c.inc"
149
#endif
150


151
QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
152
                                  QCryptoCipherMode mode,
153
                                  const uint8_t *key, size_t nkey,
154
                                  Error **errp)
155
{
156
    QCryptoCipher *cipher = NULL;
157


158
#ifdef CONFIG_AF_ALG
159
    cipher = qcrypto_afalg_cipher_ctx_new(alg, mode, key, nkey, NULL);
160
#endif
161


162
    if (!cipher) {
163
        cipher = qcrypto_cipher_ctx_new(alg, mode, key, nkey, errp);
164
        if (!cipher) {
165
            return NULL;
166
        }
167
    }
168


169
    cipher->alg = alg;
170
    cipher->mode = mode;
171


172
    return cipher;
173
}
174


175


176
int qcrypto_cipher_encrypt(QCryptoCipher *cipher,
177
                           const void *in,
178
                           void *out,
179
                           size_t len,
180
                           Error **errp)
181
{
182
    const QCryptoCipherDriver *drv = cipher->driver;
183
    return drv->cipher_encrypt(cipher, in, out, len, errp);
184
}
185


186


187
int qcrypto_cipher_decrypt(QCryptoCipher *cipher,
188
                           const void *in,
189
                           void *out,
190
                           size_t len,
191
                           Error **errp)
192
{
193
    const QCryptoCipherDriver *drv = cipher->driver;
194
    return drv->cipher_decrypt(cipher, in, out, len, errp);
195
}
196


197


198
int qcrypto_cipher_setiv(QCryptoCipher *cipher,
199
                         const uint8_t *iv, size_t niv,
200
                         Error **errp)
201
{
202
    const QCryptoCipherDriver *drv = cipher->driver;
203
    return drv->cipher_setiv(cipher, iv, niv, errp);
204
}
205


206


207
void qcrypto_cipher_free(QCryptoCipher *cipher)
208
{
209
    if (cipher) {
210
        cipher->driver->cipher_free(cipher);
211
    }
212
}
213

Использование cookies

Мы используем файлы cookie в соответствии с Политикой конфиденциальности и Политикой использования cookies.

Нажимая кнопку «Принимаю», Вы даете АО «СберТех» согласие на обработку Ваших персональных данных в целях совершенствования нашего веб-сайта и Сервиса GitVerse, а также повышения удобства их использования.

Запретить использование cookies Вы можете самостоятельно в настройках Вашего браузера.