cipher.c - cachepc-qemu - Fork of AMDESE/qemu with changes for cachepc side-channel attack

	cachepc-qemu Fork of AMDESE/qemu with changes for cachepc side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-qemu
	Log \| Files \| Refs \| Submodules \| LICENSE \| sfeed.txt
cipher.c (5915B)
      1/*
      2 * QEMU Crypto cipher algorithms
      3 *
      4 * Copyright (c) 2015 Red Hat, Inc.
      5 *
      6 * This library is free software; you can redistribute it and/or
      7 * modify it under the terms of the GNU Lesser General Public
      8 * License as published by the Free Software Foundation; either
      9 * version 2.1 of the License, or (at your option) any later version.
     10 *
     11 * This library is distributed in the hope that it will be useful,
     12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
     13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
     14 * Lesser General Public License for more details.
     15 *
     16 * You should have received a copy of the GNU Lesser General Public
     17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
     18 *
     19 */
     20
     21#include "qemu/osdep.h"
     22#include "qemu/host-utils.h"
     23#include "qapi/error.h"
     24#include "crypto/cipher.h"
     25#include "cipherpriv.h"
     26
     27
     28static const size_t alg_key_len[QCRYPTO_CIPHER_ALG__MAX] = {
     29    [QCRYPTO_CIPHER_ALG_AES_128] = 16,
     30    [QCRYPTO_CIPHER_ALG_AES_192] = 24,
     31    [QCRYPTO_CIPHER_ALG_AES_256] = 32,
     32    [QCRYPTO_CIPHER_ALG_DES] = 8,
     33    [QCRYPTO_CIPHER_ALG_3DES] = 24,
     34    [QCRYPTO_CIPHER_ALG_CAST5_128] = 16,
     35    [QCRYPTO_CIPHER_ALG_SERPENT_128] = 16,
     36    [QCRYPTO_CIPHER_ALG_SERPENT_192] = 24,
     37    [QCRYPTO_CIPHER_ALG_SERPENT_256] = 32,
     38    [QCRYPTO_CIPHER_ALG_TWOFISH_128] = 16,
     39    [QCRYPTO_CIPHER_ALG_TWOFISH_192] = 24,
     40    [QCRYPTO_CIPHER_ALG_TWOFISH_256] = 32,
     41};
     42
     43static const size_t alg_block_len[QCRYPTO_CIPHER_ALG__MAX] = {
     44    [QCRYPTO_CIPHER_ALG_AES_128] = 16,
     45    [QCRYPTO_CIPHER_ALG_AES_192] = 16,
     46    [QCRYPTO_CIPHER_ALG_AES_256] = 16,
     47    [QCRYPTO_CIPHER_ALG_DES] = 8,
     48    [QCRYPTO_CIPHER_ALG_3DES] = 8,
     49    [QCRYPTO_CIPHER_ALG_CAST5_128] = 8,
     50    [QCRYPTO_CIPHER_ALG_SERPENT_128] = 16,
     51    [QCRYPTO_CIPHER_ALG_SERPENT_192] = 16,
     52    [QCRYPTO_CIPHER_ALG_SERPENT_256] = 16,
     53    [QCRYPTO_CIPHER_ALG_TWOFISH_128] = 16,
     54    [QCRYPTO_CIPHER_ALG_TWOFISH_192] = 16,
     55    [QCRYPTO_CIPHER_ALG_TWOFISH_256] = 16,
     56};
     57
     58static const bool mode_need_iv[QCRYPTO_CIPHER_MODE__MAX] = {
     59    [QCRYPTO_CIPHER_MODE_ECB] = false,
     60    [QCRYPTO_CIPHER_MODE_CBC] = true,
     61    [QCRYPTO_CIPHER_MODE_XTS] = true,
     62    [QCRYPTO_CIPHER_MODE_CTR] = true,
     63};
     64
     65
     66size_t qcrypto_cipher_get_block_len(QCryptoCipherAlgorithm alg)
     67{
     68    assert(alg < G_N_ELEMENTS(alg_key_len));
     69    return alg_block_len[alg];
     70}
     71
     72
     73size_t qcrypto_cipher_get_key_len(QCryptoCipherAlgorithm alg)
     74{
     75    assert(alg < G_N_ELEMENTS(alg_key_len));
     76    return alg_key_len[alg];
     77}
     78
     79
     80size_t qcrypto_cipher_get_iv_len(QCryptoCipherAlgorithm alg,
     81                                 QCryptoCipherMode mode)
     82{
     83    if (alg >= G_N_ELEMENTS(alg_block_len)) {
     84        return 0;
     85    }
     86    if (mode >= G_N_ELEMENTS(mode_need_iv)) {
     87        return 0;
     88    }
     89
     90    if (mode_need_iv[mode]) {
     91        return alg_block_len[alg];
     92    }
     93    return 0;
     94}
     95
     96
     97static bool
     98qcrypto_cipher_validate_key_length(QCryptoCipherAlgorithm alg,
     99                                   QCryptoCipherMode mode,
    100                                   size_t nkey,
    101                                   Error **errp)
    102{
    103    if ((unsigned)alg >= QCRYPTO_CIPHER_ALG__MAX) {
    104        error_setg(errp, "Cipher algorithm %d out of range",
    105                   alg);
    106        return false;
    107    }
    108
    109    if (mode == QCRYPTO_CIPHER_MODE_XTS) {
    110        if (alg == QCRYPTO_CIPHER_ALG_DES ||
    111            alg == QCRYPTO_CIPHER_ALG_3DES) {
    112            error_setg(errp, "XTS mode not compatible with DES/3DES");
    113            return false;
    114        }
    115        if (nkey % 2) {
    116            error_setg(errp, "XTS cipher key length should be a multiple of 2");
    117            return false;
    118        }
    119
    120        if (alg_key_len[alg] != (nkey / 2)) {
    121            error_setg(errp, "Cipher key length %zu should be %zu",
    122                       nkey, alg_key_len[alg] * 2);
    123            return false;
    124        }
    125    } else {
    126        if (alg_key_len[alg] != nkey) {
    127            error_setg(errp, "Cipher key length %zu should be %zu",
    128                       nkey, alg_key_len[alg]);
    129            return false;
    130        }
    131    }
    132    return true;
    133}
    134
    135#ifdef CONFIG_GCRYPT
    136#include "cipher-gcrypt.c.inc"
    137#elif defined CONFIG_NETTLE
    138#include "cipher-nettle.c.inc"
    139#elif defined CONFIG_GNUTLS_CRYPTO
    140#include "cipher-gnutls.c.inc"
    141#else
    142#include "cipher-builtin.c.inc"
    143#endif
    144
    145QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
    146                                  QCryptoCipherMode mode,
    147                                  const uint8_t *key, size_t nkey,
    148                                  Error **errp)
    149{
    150    QCryptoCipher *cipher = NULL;
    151
    152#ifdef CONFIG_AF_ALG
    153    cipher = qcrypto_afalg_cipher_ctx_new(alg, mode, key, nkey, NULL);
    154#endif
    155
    156    if (!cipher) {
    157        cipher = qcrypto_cipher_ctx_new(alg, mode, key, nkey, errp);
    158        if (!cipher) {
    159            return NULL;
    160        }
    161    }
    162
    163    cipher->alg = alg;
    164    cipher->mode = mode;
    165
    166    return cipher;
    167}
    168
    169
    170int qcrypto_cipher_encrypt(QCryptoCipher *cipher,
    171                           const void *in,
    172                           void *out,
    173                           size_t len,
    174                           Error **errp)
    175{
    176    const QCryptoCipherDriver *drv = cipher->driver;
    177    return drv->cipher_encrypt(cipher, in, out, len, errp);
    178}
    179
    180
    181int qcrypto_cipher_decrypt(QCryptoCipher *cipher,
    182                           const void *in,
    183                           void *out,
    184                           size_t len,
    185                           Error **errp)
    186{
    187    const QCryptoCipherDriver *drv = cipher->driver;
    188    return drv->cipher_decrypt(cipher, in, out, len, errp);
    189}
    190
    191
    192int qcrypto_cipher_setiv(QCryptoCipher *cipher,
    193                         const uint8_t *iv, size_t niv,
    194                         Error **errp)
    195{
    196    const QCryptoCipherDriver *drv = cipher->driver;
    197    return drv->cipher_setiv(cipher, iv, niv, errp);
    198}
    199
    200
    201void qcrypto_cipher_free(QCryptoCipher *cipher)
    202{
    203    if (cipher) {
    204        cipher->driver->cipher_free(cipher);
    205    }
    206}