From nobody Wed Feb 11 05:13:29 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=linaro.org ARC-Seal: i=1; a=rsa-sha256; t=1598634488; cv=none; d=zohomail.com; s=zohoarc; b=ARiERhWwIc02DxM0mNMfE/O4qv2+rn2tTDeMrb1keYZE86xYsuDpQBPpBs4KLh4cSbFj/Dr8ILMGINEo82wQeWTelGWZ8KH06sMKO+3ATH66yKjGjj7EM2Rr24lgAPF2jafQPc2xmO/jUWLL9Ptb2mMzW6y3ji5xvNmEWDSsQsA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1598634488; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=6oAAd13GwF/3Te3K0+i8T99RpHAlTgI/+rDnUt7DA9A=; b=ZV2soZQm3qaAx2blWD7mM2Pse4FZ60WzQXTOvgLcZBxijUwu0/eVSsgGooZUuQmYYUv0XwykVaiEnCsPRAAzgYMObRK8boyYCE5kVc9BnZGDCUFd/S34Jf+kBnTkT0HWshTrE561gt2b3hs4tTtdODeRFlNwTM3xHyM+iuqNix0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1598634488220907.40351655993; Fri, 28 Aug 2020 10:08:08 -0700 (PDT) Received: from localhost ([::1]:43324 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kBhrD-0000Xy-Cc for importer@patchew.org; Fri, 28 Aug 2020 13:08:07 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:36840) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kBhp1-0004Kh-96 for qemu-devel@nongnu.org; Fri, 28 Aug 2020 13:05:51 -0400 Received: from mail-pl1-x643.google.com ([2607:f8b0:4864:20::643]:37671) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1kBhoy-000381-Na for qemu-devel@nongnu.org; Fri, 28 Aug 2020 13:05:50 -0400 Received: by mail-pl1-x643.google.com with SMTP id c15so787918plq.4 for ; Fri, 28 Aug 2020 10:05:48 -0700 (PDT) Received: from localhost.localdomain ([71.212.141.89]) by smtp.gmail.com with ESMTPSA id q12sm2277495pff.196.2020.08.28.10.05.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 28 Aug 2020 10:05:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=6oAAd13GwF/3Te3K0+i8T99RpHAlTgI/+rDnUt7DA9A=; b=aZDhrPedvmbMt4La7SABNowNFitHiAKxBVa/W0nKiodr6ADYUz/2pk/DBnszvAxnQ0 a793gQPcgBTaYe4ZSRy+rly5vRnCPy4XH+KIj3lenGZwZ8J0FijPiWXlFesv2U0JUC3Q gipm9XJNH3zjjSB1VaOFM+IF845iuruNB5xVvqVqKib3mstZfskW3dK7nTVHB34Okt/f tGb4BWINkJBNd5wsSgZJFC9K4jbgVVr/55svNr66C/g8qUwzP0PPJuviBNSFEyoYUsUf hv2hI7PuKvds6tvF7aAg1bM2yWc2XGt3kytno58pgOefQUqoNp71pSHvB/rrzla49MM1 Be2g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=6oAAd13GwF/3Te3K0+i8T99RpHAlTgI/+rDnUt7DA9A=; b=KtdLlLIGLxYep0Fn9huYZ+YjIL7Rt4SoUmTOhSK7ZB8XkB7l/smYZxxg1woiqSNHfg 2ca+88l+XxziZZQk0fBT22F7sfS2DEb6j11BijVvm3R9XYcz/8JnUpoteuMXUBZ7U0T4 daIl+AkQZ1S8rWx3OFbAfjPFL8Xs/gSIGxFAQPAuGq8V2r7JnSTLv+nVZ8rbDvI2w6F1 uAnW14+3HEBL/TKWqk1duaRvfX7hIdfqXIJ4cBx/fiZzTTVfBiAsDa6LwUnBBaK9DGGN yJnQsJTdV6z2LF6+wufyRegFbYVPRI9vMbqQs1E+0Rz6+VAiw5c0Yz6XiEvDT306tI7K J+hQ== X-Gm-Message-State: AOAM530EaLxEC1bI4YFU3jmf65lCKVYKC3baLRBl6JCvg76bUbFrq0iP HZTY40GrSChlnzqvk8yTMcRMU6sEMiAuCw== X-Google-Smtp-Source: ABdhPJzlAiJUnzfzT1GTSZZQ4a+ZiA74TeFxShmtkSgCknuR/CSKaxkdR3Iu31AAAz4zPIfL3h73sQ== X-Received: by 2002:a17:90a:f691:: with SMTP id cl17mr40474pjb.8.1598634346720; Fri, 28 Aug 2020 10:05:46 -0700 (PDT) From: Richard Henderson To: qemu-devel@nongnu.org Subject: [PATCH v2 16/16] crypto/gcrypt: Split QCryptoCipherGcrypt into subclasses Date: Fri, 28 Aug 2020 10:05:23 -0700 Message-Id: <20200828170523.418603-17-richard.henderson@linaro.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200828170523.418603-1-richard.henderson@linaro.org> References: <20200828170523.418603-1-richard.henderson@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::643; envelope-from=richard.henderson@linaro.org; helo=mail-pl1-x643.google.com X-detected-operating-system: by eggs.gnu.org: No matching host in p0f cache. That's all we know. X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: berrange@redhat.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @linaro.org) Content-Type: text/plain; charset="utf-8" With gcrypt, most of the dispatch happens in the library, so there aren't many classes to create. However, we can still create separate dispatch for CTR mode, and for CONFIG_QEMU_PRIVATE_XTS, which avoids needing to check for these modes at runtime. Signed-off-by: Richard Henderson --- crypto/cipher-gcrypt.c.inc | 497 ++++++++++++++++++------------------- 1 file changed, 240 insertions(+), 257 deletions(-) diff --git a/crypto/cipher-gcrypt.c.inc b/crypto/cipher-gcrypt.c.inc index 7a1fbc9745..42d4137534 100644 --- a/crypto/cipher-gcrypt.c.inc +++ b/crypto/cipher-gcrypt.c.inc @@ -24,8 +24,6 @@ =20 #include =20 -static const struct QCryptoCipherDriver qcrypto_cipher_lib_driver; - bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, QCryptoCipherMode mode) { @@ -57,36 +55,212 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgorithm al= g, } } =20 -typedef struct QCryptoCipherGcrypt QCryptoCipherGcrypt; -struct QCryptoCipherGcrypt { +typedef struct QCryptoCipherGcrypt { QCryptoCipher base; gcry_cipher_hd_t handle; size_t blocksize; #ifdef CONFIG_QEMU_PRIVATE_XTS gcry_cipher_hd_t tweakhandle; - /* Initialization vector or Counter */ - uint8_t *iv; + uint8_t iv[XTS_BLOCK_SIZE]; #endif -}; +} QCryptoCipherGcrypt; =20 -static void -qcrypto_gcrypt_cipher_free_ctx(QCryptoCipherGcrypt *ctx, - QCryptoCipherMode mode) + +static void qcrypto_gcrypt_ctx_free(QCryptoCipher *cipher) { - if (!ctx) { - return; - } + QCryptoCipherGcrypt *ctx =3D container_of(cipher, QCryptoCipherGcrypt,= base); =20 gcry_cipher_close(ctx->handle); -#ifdef CONFIG_QEMU_PRIVATE_XTS - if (mode =3D=3D QCRYPTO_CIPHER_MODE_XTS) { - gcry_cipher_close(ctx->tweakhandle); - } - g_free(ctx->iv); -#endif g_free(ctx); } =20 +static int qcrypto_gcrypt_encrypt(QCryptoCipher *cipher, const void *in, + void *out, size_t len, Error **errp) +{ + QCryptoCipherGcrypt *ctx =3D container_of(cipher, QCryptoCipherGcrypt,= base); + gcry_error_t err; + + if (len & (ctx->blocksize - 1)) { + error_setg(errp, "Length %zu must be a multiple of block size %zu", + len, ctx->blocksize); + return -1; + } + + err =3D gcry_cipher_encrypt(ctx->handle, out, len, in, len); + if (err !=3D 0) { + error_setg(errp, "Cannot encrypt data: %s", gcry_strerror(err)); + return -1; + } + + return 0; +} + + +static int qcrypto_gcrypt_decrypt(QCryptoCipher *cipher, const void *in, + void *out, size_t len, Error **errp) +{ + QCryptoCipherGcrypt *ctx =3D container_of(cipher, QCryptoCipherGcrypt,= base); + gcry_error_t err; + + if (len & (ctx->blocksize - 1)) { + error_setg(errp, "Length %zu must be a multiple of block size %zu", + len, ctx->blocksize); + return -1; + } + + err =3D gcry_cipher_decrypt(ctx->handle, out, len, in, len); + if (err !=3D 0) { + error_setg(errp, "Cannot decrypt data: %s", + gcry_strerror(err)); + return -1; + } + + return 0; +} + +static int qcrypto_gcrypt_setiv(QCryptoCipher *cipher, + const uint8_t *iv, size_t niv, + Error **errp) +{ + QCryptoCipherGcrypt *ctx =3D container_of(cipher, QCryptoCipherGcrypt,= base); + gcry_error_t err; + + if (niv !=3D ctx->blocksize) { + error_setg(errp, "Expected IV size %zu not %zu", + ctx->blocksize, niv); + return -1; + } + + gcry_cipher_reset(ctx->handle); + err =3D gcry_cipher_setiv(ctx->handle, iv, niv); + if (err !=3D 0) { + error_setg(errp, "Cannot set IV: %s", gcry_strerror(err)); + return -1; + } + + return 0; +} + +static int qcrypto_gcrypt_ctr_setiv(QCryptoCipher *cipher, + const uint8_t *iv, size_t niv, + Error **errp) +{ + QCryptoCipherGcrypt *ctx =3D container_of(cipher, QCryptoCipherGcrypt,= base); + gcry_error_t err; + + if (niv !=3D ctx->blocksize) { + error_setg(errp, "Expected IV size %zu not %zu", + ctx->blocksize, niv); + return -1; + } + + err =3D gcry_cipher_setctr(ctx->handle, iv, niv); + if (err !=3D 0) { + error_setg(errp, "Cannot set Counter: %s", gcry_strerror(err)); + return -1; + } + + return 0; +} + + +static const struct QCryptoCipherDriver qcrypto_gcrypt_driver =3D { + .cipher_encrypt =3D qcrypto_gcrypt_encrypt, + .cipher_decrypt =3D qcrypto_gcrypt_decrypt, + .cipher_setiv =3D qcrypto_gcrypt_setiv, + .cipher_free =3D qcrypto_gcrypt_ctx_free, +}; + +static const struct QCryptoCipherDriver qcrypto_gcrypt_ctr_driver =3D { + .cipher_encrypt =3D qcrypto_gcrypt_encrypt, + .cipher_decrypt =3D qcrypto_gcrypt_decrypt, + .cipher_setiv =3D qcrypto_gcrypt_ctr_setiv, + .cipher_free =3D qcrypto_gcrypt_ctx_free, +}; + +#ifdef CONFIG_QEMU_PRIVATE_XTS +static void qcrypto_gcrypt_xts_ctx_free(QCryptoCipher *cipher) +{ + QCryptoCipherGcrypt *ctx =3D container_of(cipher, QCryptoCipherGcrypt,= base); + + gcry_cipher_close(ctx->tweakhandle); + qcrypto_gcrypt_ctx_free(cipher); +} + +static void qcrypto_gcrypt_xts_wrape(const void *ctx, size_t length, + uint8_t *dst, const uint8_t *src) +{ + gcry_error_t err; + err =3D gcry_cipher_encrypt((gcry_cipher_hd_t)ctx, dst, length, src, l= ength); + g_assert(err =3D=3D 0); +} + +static void qcrypto_gcrypt_xts_wrapd(const void *ctx, size_t length, + uint8_t *dst, const uint8_t *src) +{ + gcry_error_t err; + err =3D gcry_cipher_decrypt((gcry_cipher_hd_t)ctx, dst, length, src, l= ength); + g_assert(err =3D=3D 0); +} + +static int qcrypto_gcrypt_xts_encrypt(QCryptoCipher *cipher, const void *i= n, + void *out, size_t len, Error **errp) +{ + QCryptoCipherGcrypt *ctx =3D container_of(cipher, QCryptoCipherGcrypt,= base); + + if (len & (ctx->blocksize - 1)) { + error_setg(errp, "Length %zu must be a multiple of block size %zu", + len, ctx->blocksize); + return -1; + } + + xts_encrypt(ctx->handle, ctx->tweakhandle, + qcrypto_gcrypt_xts_wrape, qcrypto_gcrypt_xts_wrapd, + ctx->iv, len, out, in); + return 0; +} + +static int qcrypto_gcrypt_xts_decrypt(QCryptoCipher *cipher, const void *i= n, + void *out, size_t len, Error **errp) +{ + QCryptoCipherGcrypt *ctx =3D container_of(cipher, QCryptoCipherGcrypt,= base); + + if (len & (ctx->blocksize - 1)) { + error_setg(errp, "Length %zu must be a multiple of block size %zu", + len, ctx->blocksize); + return -1; + } + + xts_decrypt(ctx->handle, ctx->tweakhandle, + qcrypto_gcrypt_xts_wrape, qcrypto_gcrypt_xts_wrapd, + ctx->iv, len, out, in); + return 0; +} + +static int qcrypto_gcrypt_xts_setiv(QCryptoCipher *cipher, + const uint8_t *iv, size_t niv, + Error **errp) +{ + QCryptoCipherGcrypt *ctx =3D container_of(cipher, QCryptoCipherGcrypt,= base); + + if (niv !=3D ctx->blocksize) { + error_setg(errp, "Expected IV size %zu not %zu", + ctx->blocksize, niv); + return -1; + } + + memcpy(ctx->iv, iv, niv); + return 0; +} + +static const struct QCryptoCipherDriver qcrypto_gcrypt_xts_driver =3D { + .cipher_encrypt =3D qcrypto_gcrypt_xts_encrypt, + .cipher_decrypt =3D qcrypto_gcrypt_xts_decrypt, + .cipher_setiv =3D qcrypto_gcrypt_xts_setiv, + .cipher_free =3D qcrypto_gcrypt_xts_ctx_free, +}; +#endif /* CONFIG_QEMU_PRIVATE_XTS */ + =20 static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg, QCryptoCipherMode mode, @@ -95,32 +269,10 @@ static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCi= pherAlgorithm alg, Error **errp) { QCryptoCipherGcrypt *ctx; + const QCryptoCipherDriver *drv; gcry_error_t err; int gcryalg, gcrymode; =20 - switch (mode) { - case QCRYPTO_CIPHER_MODE_ECB: - gcrymode =3D GCRY_CIPHER_MODE_ECB; - break; - case QCRYPTO_CIPHER_MODE_XTS: -#ifdef CONFIG_QEMU_PRIVATE_XTS - gcrymode =3D GCRY_CIPHER_MODE_ECB; -#else - gcrymode =3D GCRY_CIPHER_MODE_XTS; -#endif - break; - case QCRYPTO_CIPHER_MODE_CBC: - gcrymode =3D GCRY_CIPHER_MODE_CBC; - break; - case QCRYPTO_CIPHER_MODE_CTR: - gcrymode =3D GCRY_CIPHER_MODE_CTR; - break; - default: - error_setg(errp, "Unsupported cipher mode %s", - QCryptoCipherMode_str(mode)); - return NULL; - } - if (!qcrypto_cipher_validate_key_length(alg, mode, nkey, errp)) { return NULL; } @@ -129,54 +281,70 @@ static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoC= ipherAlgorithm alg, case QCRYPTO_CIPHER_ALG_DES_RFB: gcryalg =3D GCRY_CIPHER_DES; break; - case QCRYPTO_CIPHER_ALG_3DES: gcryalg =3D GCRY_CIPHER_3DES; break; - case QCRYPTO_CIPHER_ALG_AES_128: gcryalg =3D GCRY_CIPHER_AES128; break; - case QCRYPTO_CIPHER_ALG_AES_192: gcryalg =3D GCRY_CIPHER_AES192; break; - case QCRYPTO_CIPHER_ALG_AES_256: gcryalg =3D GCRY_CIPHER_AES256; break; - case QCRYPTO_CIPHER_ALG_CAST5_128: gcryalg =3D GCRY_CIPHER_CAST5; break; - case QCRYPTO_CIPHER_ALG_SERPENT_128: gcryalg =3D GCRY_CIPHER_SERPENT128; break; - case QCRYPTO_CIPHER_ALG_SERPENT_192: gcryalg =3D GCRY_CIPHER_SERPENT192; break; - case QCRYPTO_CIPHER_ALG_SERPENT_256: gcryalg =3D GCRY_CIPHER_SERPENT256; break; - case QCRYPTO_CIPHER_ALG_TWOFISH_128: gcryalg =3D GCRY_CIPHER_TWOFISH128; break; - case QCRYPTO_CIPHER_ALG_TWOFISH_256: gcryalg =3D GCRY_CIPHER_TWOFISH; break; - default: error_setg(errp, "Unsupported cipher algorithm %s", QCryptoCipherAlgorithm_str(alg)); return NULL; } =20 + drv =3D &qcrypto_gcrypt_driver; + switch (mode) { + case QCRYPTO_CIPHER_MODE_ECB: + gcrymode =3D GCRY_CIPHER_MODE_ECB; + break; + case QCRYPTO_CIPHER_MODE_XTS: +#ifdef CONFIG_QEMU_PRIVATE_XTS + drv =3D &qcrypto_gcrypt_xts_driver; + gcrymode =3D GCRY_CIPHER_MODE_ECB; +#else + gcrymode =3D GCRY_CIPHER_MODE_XTS; +#endif + break; + case QCRYPTO_CIPHER_MODE_CBC: + gcrymode =3D GCRY_CIPHER_MODE_CBC; + break; + case QCRYPTO_CIPHER_MODE_CTR: + drv =3D &qcrypto_gcrypt_ctr_driver; + gcrymode =3D GCRY_CIPHER_MODE_CTR; + break; + default: + error_setg(errp, "Unsupported cipher mode %s", + QCryptoCipherMode_str(mode)); + return NULL; + } + ctx =3D g_new0(QCryptoCipherGcrypt, 1); + ctx->base.driver =3D drv; =20 err =3D gcry_cipher_open(&ctx->handle, gcryalg, gcrymode, 0); if (err !=3D 0) { @@ -184,8 +352,16 @@ static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCi= pherAlgorithm alg, gcry_strerror(err)); goto error; } + ctx->blocksize =3D gcry_cipher_get_algo_blklen(gcryalg); + #ifdef CONFIG_QEMU_PRIVATE_XTS if (mode =3D=3D QCRYPTO_CIPHER_MODE_XTS) { + if (ctx->blocksize !=3D XTS_BLOCK_SIZE) { + error_setg(errp, + "Cipher block size %zu must equal XTS block size %d= ", + ctx->blocksize, XTS_BLOCK_SIZE); + goto error; + } err =3D gcry_cipher_open(&ctx->tweakhandle, gcryalg, gcrymode, 0); if (err !=3D 0) { error_setg(errp, "Cannot initialize cipher: %s", @@ -203,224 +379,31 @@ static QCryptoCipher *qcrypto_cipher_ctx_new(QCrypto= CipherAlgorithm alg, uint8_t *rfbkey =3D qcrypto_cipher_munge_des_rfb_key(key, nkey); err =3D gcry_cipher_setkey(ctx->handle, rfbkey, nkey); g_free(rfbkey); - ctx->blocksize =3D 8; } else { #ifdef CONFIG_QEMU_PRIVATE_XTS if (mode =3D=3D QCRYPTO_CIPHER_MODE_XTS) { nkey /=3D 2; - err =3D gcry_cipher_setkey(ctx->handle, key, nkey); + err =3D gcry_cipher_setkey(ctx->tweakhandle, key + nkey, nkey); if (err !=3D 0) { - error_setg(errp, "Cannot set key: %s", - gcry_strerror(err)); + error_setg(errp, "Cannot set key: %s", gcry_strerror(err)); goto error; } - err =3D gcry_cipher_setkey(ctx->tweakhandle, key + nkey, nkey); - } else { -#endif - err =3D gcry_cipher_setkey(ctx->handle, key, nkey); -#ifdef CONFIG_QEMU_PRIVATE_XTS } #endif - if (err !=3D 0) { - error_setg(errp, "Cannot set key: %s", - gcry_strerror(err)); - goto error; - } - switch (alg) { - case QCRYPTO_CIPHER_ALG_AES_128: - case QCRYPTO_CIPHER_ALG_AES_192: - case QCRYPTO_CIPHER_ALG_AES_256: - case QCRYPTO_CIPHER_ALG_SERPENT_128: - case QCRYPTO_CIPHER_ALG_SERPENT_192: - case QCRYPTO_CIPHER_ALG_SERPENT_256: - case QCRYPTO_CIPHER_ALG_TWOFISH_128: - case QCRYPTO_CIPHER_ALG_TWOFISH_256: - ctx->blocksize =3D 16; - break; - case QCRYPTO_CIPHER_ALG_3DES: - case QCRYPTO_CIPHER_ALG_CAST5_128: - ctx->blocksize =3D 8; - break; - default: - g_assert_not_reached(); - } + err =3D gcry_cipher_setkey(ctx->handle, key, nkey); } - g_assert(is_power_of_2(ctx->blocksize)); - -#ifdef CONFIG_QEMU_PRIVATE_XTS - if (mode =3D=3D QCRYPTO_CIPHER_MODE_XTS) { - if (ctx->blocksize !=3D XTS_BLOCK_SIZE) { - error_setg(errp, - "Cipher block size %zu must equal XTS block size %d= ", - ctx->blocksize, XTS_BLOCK_SIZE); - goto error; - } - ctx->iv =3D g_new0(uint8_t, ctx->blocksize); + if (err !=3D 0) { + error_setg(errp, "Cannot set key: %s", gcry_strerror(err)); + goto error; } -#endif =20 - ctx->base.driver =3D &qcrypto_cipher_lib_driver; return &ctx->base; =20 error: - qcrypto_gcrypt_cipher_free_ctx(ctx, mode); +#ifdef CONFIG_QEMU_PRIVATE_XTS + gcry_cipher_close(ctx->tweakhandle); +#endif + gcry_cipher_close(ctx->handle); + g_free(ctx); return NULL; } - - -static void -qcrypto_gcrypt_cipher_ctx_free(QCryptoCipher *cipher) -{ - QCryptoCipherGcrypt *ctx =3D container_of(cipher, QCryptoCipherGcrypt,= base); - - qcrypto_gcrypt_cipher_free_ctx(ctx, cipher->mode); -} - - -#ifdef CONFIG_QEMU_PRIVATE_XTS -static void qcrypto_gcrypt_xts_encrypt(const void *ctx, - size_t length, - uint8_t *dst, - const uint8_t *src) -{ - gcry_error_t err; - err =3D gcry_cipher_encrypt((gcry_cipher_hd_t)ctx, dst, length, src, l= ength); - g_assert(err =3D=3D 0); -} - -static void qcrypto_gcrypt_xts_decrypt(const void *ctx, - size_t length, - uint8_t *dst, - const uint8_t *src) -{ - gcry_error_t err; - err =3D gcry_cipher_decrypt((gcry_cipher_hd_t)ctx, dst, length, src, l= ength); - g_assert(err =3D=3D 0); -} -#endif - -static int -qcrypto_gcrypt_cipher_encrypt(QCryptoCipher *cipher, - const void *in, - void *out, - size_t len, - Error **errp) -{ - QCryptoCipherGcrypt *ctx =3D container_of(cipher, QCryptoCipherGcrypt,= base); - gcry_error_t err; - - if (len & (ctx->blocksize - 1)) { - error_setg(errp, "Length %zu must be a multiple of block size %zu", - len, ctx->blocksize); - return -1; - } - -#ifdef CONFIG_QEMU_PRIVATE_XTS - if (cipher->mode =3D=3D QCRYPTO_CIPHER_MODE_XTS) { - xts_encrypt(ctx->handle, ctx->tweakhandle, - qcrypto_gcrypt_xts_encrypt, - qcrypto_gcrypt_xts_decrypt, - ctx->iv, len, out, in); - return 0; - } -#endif - - err =3D gcry_cipher_encrypt(ctx->handle, - out, len, - in, len); - if (err !=3D 0) { - error_setg(errp, "Cannot encrypt data: %s", - gcry_strerror(err)); - return -1; - } - - return 0; -} - - -static int -qcrypto_gcrypt_cipher_decrypt(QCryptoCipher *cipher, - const void *in, - void *out, - size_t len, - Error **errp) -{ - QCryptoCipherGcrypt *ctx =3D container_of(cipher, QCryptoCipherGcrypt,= base); - gcry_error_t err; - - if (len & (ctx->blocksize - 1)) { - error_setg(errp, "Length %zu must be a multiple of block size %zu", - len, ctx->blocksize); - return -1; - } - -#ifdef CONFIG_QEMU_PRIVATE_XTS - if (cipher->mode =3D=3D QCRYPTO_CIPHER_MODE_XTS) { - xts_decrypt(ctx->handle, ctx->tweakhandle, - qcrypto_gcrypt_xts_encrypt, - qcrypto_gcrypt_xts_decrypt, - ctx->iv, len, out, in); - return 0; - } -#endif - - err =3D gcry_cipher_decrypt(ctx->handle, - out, len, - in, len); - if (err !=3D 0) { - error_setg(errp, "Cannot decrypt data: %s", - gcry_strerror(err)); - return -1; - } - - return 0; -} - -static int -qcrypto_gcrypt_cipher_setiv(QCryptoCipher *cipher, - const uint8_t *iv, size_t niv, - Error **errp) -{ - QCryptoCipherGcrypt *ctx =3D container_of(cipher, QCryptoCipherGcrypt,= base); - gcry_error_t err; - - if (niv !=3D ctx->blocksize) { - error_setg(errp, "Expected IV size %zu not %zu", - ctx->blocksize, niv); - return -1; - } - -#ifdef CONFIG_QEMU_PRIVATE_XTS - if (ctx->iv) { - memcpy(ctx->iv, iv, niv); - return 0; - } -#endif - - if (cipher->mode =3D=3D QCRYPTO_CIPHER_MODE_CTR) { - err =3D gcry_cipher_setctr(ctx->handle, iv, niv); - if (err !=3D 0) { - error_setg(errp, "Cannot set Counter: %s", - gcry_strerror(err)); - return -1; - } - } else { - gcry_cipher_reset(ctx->handle); - err =3D gcry_cipher_setiv(ctx->handle, iv, niv); - if (err !=3D 0) { - error_setg(errp, "Cannot set IV: %s", - gcry_strerror(err)); - return -1; - } - } - - return 0; -} - - -static const struct QCryptoCipherDriver qcrypto_cipher_lib_driver =3D { - .cipher_encrypt =3D qcrypto_gcrypt_cipher_encrypt, - .cipher_decrypt =3D qcrypto_gcrypt_cipher_decrypt, - .cipher_setiv =3D qcrypto_gcrypt_cipher_setiv, - .cipher_free =3D qcrypto_gcrypt_cipher_ctx_free, -}; --=20 2.25.1