From nobody Fri Nov 14 18:02:30 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1761924784; cv=none; d=zohomail.com; s=zohoarc; b=MrEFJW9zQbYecmuGqkVUKj2ADoEMpXnEOsDhCxoIumecTKzBlAZMkRRHg5kywZ8eA378KiC+y7h40WQvvjM7mOrHrNHICAHCe5ZMnxEiE0nmSfkc1lsNU2OTWQdnwL8njRlibw+KcDO4dSXMTHNZQvz2SX0/HRSqCuDkMAc+buI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1761924784; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=ntx6LmVUpm16j7OVIaSJ4B5OnzS0Nxk0aVFKLvDu1rU=; b=i+++s43aw2uRNqY0bMrA2i9cOuuEFId0a9xuDVJOPOc2xQXvvBbVEr8K/sAlDu+zaadNWzNeN8aNDnwEBjBhsm7KPeCyp3L6IpfhRhlXR4D3zX6QbFzhxs0pvrN944EHo1nVyoEp/2GkFvz9DLak2DwzApLtQ+hXFRJpTSqg53Y= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 176192478435045.68523058898893; Fri, 31 Oct 2025 08:33:04 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vEr6L-00056c-Qq; Fri, 31 Oct 2025 11:31:41 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vEr65-00052S-DY for qemu-devel@nongnu.org; Fri, 31 Oct 2025 11:31:34 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vEr5u-0001kB-Ec for qemu-devel@nongnu.org; Fri, 31 Oct 2025 11:31:24 -0400 Received: from mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-298-Hz0ECbIcPzq7aAgd-ml1qQ-1; Fri, 31 Oct 2025 11:31:10 -0400 Received: from mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.12]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 448411956080; Fri, 31 Oct 2025 15:31:09 +0000 (UTC) Received: from toolbx.lcy.redhat.com (dhcp-17-192.lcy.redhat.com [10.42.17.192]) by mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 68B1919560A2; Fri, 31 Oct 2025 15:31:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1761924672; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ntx6LmVUpm16j7OVIaSJ4B5OnzS0Nxk0aVFKLvDu1rU=; b=cH6l+ZsS/oyVKRoAuCKlP+r6Qb6VniD4XtViKc3bizOCFHwA59XJ+uVdt+VJGvGfaaCjwE vAjTJwRMUtApXKReVAXP5ZrAZv4pYhd4aheNnaMTXFC/Rd1LqbvRHsm36qvyH8k1OqOFv8 MNrVnk6CJAKvOUYF61K4u8kTNIxau2I= X-MC-Unique: Hz0ECbIcPzq7aAgd-ml1qQ-1 X-Mimecast-MFC-AGG-ID: Hz0ECbIcPzq7aAgd-ml1qQ_1761924669 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Paolo Bonzini , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH 5/5] crypto: drop in-tree XTS cipher mode impl Date: Fri, 31 Oct 2025 15:30:56 +0000 Message-ID: <20251031153056.296078-6-berrange@redhat.com> In-Reply-To: <20251031153056.296078-1-berrange@redhat.com> References: <20251031153056.296078-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.12 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1761924786509154100 nettle included XTS in 3.4.1, so with the new min version we no longer require the in-tree XTS cipher mode impl. Signed-off-by: Daniel P. Berrang=C3=A9 --- crypto/cipher-nettle.c.inc | 44 --- crypto/meson.build | 3 - crypto/xts.c | 250 ----------------- include/crypto/xts.h | 82 ------ meson.build | 8 - tests/unit/meson.build | 3 - tests/unit/test-crypto-xts.c | 529 ----------------------------------- 7 files changed, 919 deletions(-) delete mode 100644 crypto/xts.c delete mode 100644 include/crypto/xts.h delete mode 100644 tests/unit/test-crypto-xts.c diff --git a/crypto/cipher-nettle.c.inc b/crypto/cipher-nettle.c.inc index ae91363772..1afdc391b4 100644 --- a/crypto/cipher-nettle.c.inc +++ b/crypto/cipher-nettle.c.inc @@ -18,10 +18,6 @@ * */ =20 -#ifdef CONFIG_QEMU_PRIVATE_XTS -#include "crypto/xts.h" -#endif - #include #include #include @@ -30,9 +26,7 @@ #include #include #include -#ifndef CONFIG_QEMU_PRIVATE_XTS #include -#endif #ifdef CONFIG_CRYPTO_SM4 #include #endif @@ -154,43 +148,6 @@ static const struct QCryptoCipherDriver NAME##_driver_= ctr =3D { \ }; =20 =20 -#ifdef CONFIG_QEMU_PRIVATE_XTS -#define DEFINE__XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ -static void NAME##_xts_wrape(const void *ctx, size_t length, \ - uint8_t *dst, const uint8_t *src) \ -{ \ - ENCRYPT((const void *)ctx, length, dst, src); \ -} \ -static void NAME##_xts_wrapd(const void *ctx, size_t length, \ - uint8_t *dst, const uint8_t *src) \ -{ \ - DECRYPT((const void *)ctx, length, dst, src); \ -} \ -static int NAME##_encrypt_xts(QCryptoCipher *cipher, const void *in, \ - void *out, size_t len, Error **errp) \ -{ \ - TYPE *ctx =3D container_of(cipher, TYPE, base); \ - if (!qcrypto_length_check(len, BLEN, errp)) { \ - return -1; \ - } \ - xts_encrypt(&ctx->key, &ctx->key_xts, \ - NAME##_xts_wrape, NAME##_xts_wrapd, \ - ctx->iv, len, out, in); \ - return 0; \ -} \ -static int NAME##_decrypt_xts(QCryptoCipher *cipher, const void *in, \ - void *out, size_t len, Error **errp) \ -{ \ - TYPE *ctx =3D container_of(cipher, TYPE, base); \ - if (!qcrypto_length_check(len, BLEN, errp)) { \ - return -1; \ - } \ - xts_decrypt(&ctx->key, &ctx->key_xts, \ - NAME##_xts_wrape, NAME##_xts_wrapd, \ - ctx->iv, len, out, in); \ - return 0; \ -} -#else #define DEFINE__XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ static int NAME##_encrypt_xts(QCryptoCipher *cipher, const void *in, \ void *out, size_t len, Error **errp) \ @@ -214,7 +171,6 @@ static int NAME##_decrypt_xts(QCryptoCipher *cipher, co= nst void *in, \ ctx->iv, len, out, in); \ return 0; \ } -#endif =20 #define DEFINE_XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ QEMU_BUILD_BUG_ON(BLEN !=3D XTS_BLOCK_SIZE); \ diff --git a/crypto/meson.build b/crypto/meson.build index dd61ed9174..110c347033 100644 --- a/crypto/meson.build +++ b/crypto/meson.build @@ -33,9 +33,6 @@ if nettle.found() if hogweed.found() crypto_ss.add(gmp, hogweed) endif - if xts =3D=3D 'private' - crypto_ss.add(files('xts.c')) - endif elif gcrypt.found() crypto_ss.add(gcrypt, files('hash-gcrypt.c', 'hmac-gcrypt.c', 'pbkdf-gcr= ypt.c')) elif gnutls.found() diff --git a/crypto/xts.c b/crypto/xts.c deleted file mode 100644 index d4a49fdb70..0000000000 --- a/crypto/xts.c +++ /dev/null @@ -1,250 +0,0 @@ -/* - * QEMU Crypto XTS cipher mode - * - * Copyright (c) 2015-2016 Red Hat, Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, see . - * - * This code is originally derived from public domain / WTFPL code in - * LibTomCrypt crytographic library http://libtom.org. The XTS code - * was donated by Elliptic Semiconductor Inc (www.ellipticsemi.com) - * to the LibTom Projects - * - */ - -#include "qemu/osdep.h" -#include "qemu/bswap.h" -#include "crypto/xts.h" - -typedef union { - uint8_t b[XTS_BLOCK_SIZE]; - uint64_t u[2]; -} xts_uint128; - -static inline void xts_uint128_xor(xts_uint128 *D, - const xts_uint128 *S1, - const xts_uint128 *S2) -{ - D->u[0] =3D S1->u[0] ^ S2->u[0]; - D->u[1] =3D S1->u[1] ^ S2->u[1]; -} - -static inline void xts_uint128_cpu_to_les(xts_uint128 *v) -{ - cpu_to_le64s(&v->u[0]); - cpu_to_le64s(&v->u[1]); -} - -static inline void xts_uint128_le_to_cpus(xts_uint128 *v) -{ - le64_to_cpus(&v->u[0]); - le64_to_cpus(&v->u[1]); -} - -static void xts_mult_x(xts_uint128 *I) -{ - uint64_t tt; - - xts_uint128_le_to_cpus(I); - - tt =3D I->u[0] >> 63; - I->u[0] <<=3D 1; - - if (I->u[1] >> 63) { - I->u[0] ^=3D 0x87; - } - I->u[1] <<=3D 1; - I->u[1] |=3D tt; - - xts_uint128_cpu_to_les(I); -} - - -/** - * xts_tweak_encdec: - * @param ctxt: the cipher context - * @param func: the cipher function - * @src: buffer providing the input text of XTS_BLOCK_SIZE bytes - * @dst: buffer to output the output text of XTS_BLOCK_SIZE bytes - * @iv: the initialization vector tweak of XTS_BLOCK_SIZE bytes - * - * Encrypt/decrypt data with a tweak - */ -static inline void xts_tweak_encdec(const void *ctx, - xts_cipher_func *func, - const xts_uint128 *src, - xts_uint128 *dst, - xts_uint128 *iv) -{ - /* tweak encrypt block i */ - xts_uint128_xor(dst, src, iv); - - func(ctx, XTS_BLOCK_SIZE, dst->b, dst->b); - - xts_uint128_xor(dst, dst, iv); - - /* LFSR the tweak */ - xts_mult_x(iv); -} - - -void xts_decrypt(const void *datactx, - const void *tweakctx, - xts_cipher_func *encfunc, - xts_cipher_func *decfunc, - uint8_t *iv, - size_t length, - uint8_t *dst, - const uint8_t *src) -{ - xts_uint128 PP, CC, T; - unsigned long i, m, mo, lim; - - /* get number of blocks */ - m =3D length >> 4; - mo =3D length & 15; - - /* must have at least one full block */ - g_assert(m !=3D 0); - - if (mo =3D=3D 0) { - lim =3D m; - } else { - lim =3D m - 1; - } - - /* encrypt the iv */ - encfunc(tweakctx, XTS_BLOCK_SIZE, T.b, iv); - - if (QEMU_PTR_IS_ALIGNED(src, sizeof(uint64_t)) && - QEMU_PTR_IS_ALIGNED(dst, sizeof(uint64_t))) { - xts_uint128 *S =3D (xts_uint128 *)src; - xts_uint128 *D =3D (xts_uint128 *)dst; - for (i =3D 0; i < lim; i++, S++, D++) { - xts_tweak_encdec(datactx, decfunc, S, D, &T); - } - } else { - xts_uint128 D; - - for (i =3D 0; i < lim; i++) { - memcpy(&D, src, XTS_BLOCK_SIZE); - xts_tweak_encdec(datactx, decfunc, &D, &D, &T); - memcpy(dst, &D, XTS_BLOCK_SIZE); - src +=3D XTS_BLOCK_SIZE; - dst +=3D XTS_BLOCK_SIZE; - } - } - - /* if length is not a multiple of XTS_BLOCK_SIZE then */ - if (mo > 0) { - xts_uint128 S, D; - memcpy(&CC, &T, XTS_BLOCK_SIZE); - xts_mult_x(&CC); - - /* PP =3D tweak decrypt block m-1 */ - memcpy(&S, src, XTS_BLOCK_SIZE); - xts_tweak_encdec(datactx, decfunc, &S, &PP, &CC); - - /* Pm =3D first length % XTS_BLOCK_SIZE bytes of PP */ - for (i =3D 0; i < mo; i++) { - CC.b[i] =3D src[XTS_BLOCK_SIZE + i]; - dst[XTS_BLOCK_SIZE + i] =3D PP.b[i]; - } - for (; i < XTS_BLOCK_SIZE; i++) { - CC.b[i] =3D PP.b[i]; - } - - /* Pm-1 =3D Tweak uncrypt CC */ - xts_tweak_encdec(datactx, decfunc, &CC, &D, &T); - memcpy(dst, &D, XTS_BLOCK_SIZE); - } - - /* Decrypt the iv back */ - decfunc(tweakctx, XTS_BLOCK_SIZE, iv, T.b); -} - - -void xts_encrypt(const void *datactx, - const void *tweakctx, - xts_cipher_func *encfunc, - xts_cipher_func *decfunc, - uint8_t *iv, - size_t length, - uint8_t *dst, - const uint8_t *src) -{ - xts_uint128 PP, CC, T; - unsigned long i, m, mo, lim; - - /* get number of blocks */ - m =3D length >> 4; - mo =3D length & 15; - - /* must have at least one full block */ - g_assert(m !=3D 0); - - if (mo =3D=3D 0) { - lim =3D m; - } else { - lim =3D m - 1; - } - - /* encrypt the iv */ - encfunc(tweakctx, XTS_BLOCK_SIZE, T.b, iv); - - if (QEMU_PTR_IS_ALIGNED(src, sizeof(uint64_t)) && - QEMU_PTR_IS_ALIGNED(dst, sizeof(uint64_t))) { - xts_uint128 *S =3D (xts_uint128 *)src; - xts_uint128 *D =3D (xts_uint128 *)dst; - for (i =3D 0; i < lim; i++, S++, D++) { - xts_tweak_encdec(datactx, encfunc, S, D, &T); - } - } else { - xts_uint128 D; - - for (i =3D 0; i < lim; i++) { - memcpy(&D, src, XTS_BLOCK_SIZE); - xts_tweak_encdec(datactx, encfunc, &D, &D, &T); - memcpy(dst, &D, XTS_BLOCK_SIZE); - - dst +=3D XTS_BLOCK_SIZE; - src +=3D XTS_BLOCK_SIZE; - } - } - - /* if length is not a multiple of XTS_BLOCK_SIZE then */ - if (mo > 0) { - xts_uint128 S, D; - /* CC =3D tweak encrypt block m-1 */ - memcpy(&S, src, XTS_BLOCK_SIZE); - xts_tweak_encdec(datactx, encfunc, &S, &CC, &T); - - /* Cm =3D first length % XTS_BLOCK_SIZE bytes of CC */ - for (i =3D 0; i < mo; i++) { - PP.b[i] =3D src[XTS_BLOCK_SIZE + i]; - dst[XTS_BLOCK_SIZE + i] =3D CC.b[i]; - } - - for (; i < XTS_BLOCK_SIZE; i++) { - PP.b[i] =3D CC.b[i]; - } - - /* Cm-1 =3D Tweak encrypt PP */ - xts_tweak_encdec(datactx, encfunc, &PP, &D, &T); - memcpy(dst, &D, XTS_BLOCK_SIZE); - } - - /* Decrypt the iv back */ - decfunc(tweakctx, XTS_BLOCK_SIZE, iv, T.b); -} diff --git a/include/crypto/xts.h b/include/crypto/xts.h deleted file mode 100644 index f267b7824a..0000000000 --- a/include/crypto/xts.h +++ /dev/null @@ -1,82 +0,0 @@ -/* - * QEMU Crypto XTS cipher mode - * - * Copyright (c) 2015-2016 Red Hat, Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, see . - * - * This code is originally derived from public domain / WTFPL code in - * LibTomCrypt crytographic library http://libtom.org. The XTS code - * was donated by Elliptic Semiconductor Inc (www.ellipticsemi.com) - * to the LibTom Projects - * - */ - -#ifndef QCRYPTO_XTS_H -#define QCRYPTO_XTS_H - - -#define XTS_BLOCK_SIZE 16 - -typedef void xts_cipher_func(const void *ctx, - size_t length, - uint8_t *dst, - const uint8_t *src); - -/** - * xts_decrypt: - * @datactx: the cipher context for data decryption - * @tweakctx: the cipher context for tweak decryption - * @encfunc: the cipher function for encryption - * @decfunc: the cipher function for decryption - * @iv: the initialization vector tweak of XTS_BLOCK_SIZE bytes - * @length: the length of @dst and @src - * @dst: buffer to hold the decrypted plaintext - * @src: buffer providing the ciphertext - * - * Decrypts @src into @dst - */ -void xts_decrypt(const void *datactx, - const void *tweakctx, - xts_cipher_func *encfunc, - xts_cipher_func *decfunc, - uint8_t *iv, - size_t length, - uint8_t *dst, - const uint8_t *src); - -/** - * xts_decrypt: - * @datactx: the cipher context for data encryption - * @tweakctx: the cipher context for tweak encryption - * @encfunc: the cipher function for encryption - * @decfunc: the cipher function for decryption - * @iv: the initialization vector tweak of XTS_BLOCK_SIZE bytes - * @length: the length of @dst and @src - * @dst: buffer to hold the encrypted ciphertext - * @src: buffer providing the plaintext - * - * Decrypts @src into @dst - */ -void xts_encrypt(const void *datactx, - const void *tweakctx, - xts_cipher_func *encfunc, - xts_cipher_func *decfunc, - uint8_t *iv, - size_t length, - uint8_t *dst, - const uint8_t *src); - - -#endif /* QCRYPTO_XTS_H */ diff --git a/meson.build b/meson.build index ad0aa6ccc0..b8c1296d3b 100644 --- a/meson.build +++ b/meson.build @@ -1846,7 +1846,6 @@ nettle =3D not_found hogweed =3D not_found crypto_sm4 =3D not_found crypto_sm3 =3D not_found -xts =3D 'none' =20 if get_option('nettle').enabled() and get_option('gcrypt').enabled() error('Only one of gcrypt & nettle can be enabled') @@ -1872,9 +1871,6 @@ if not gnutls.found() nettle =3D dependency('nettle', version: '>=3D3.7.3', method: 'pkg-config', required: get_option('nettle')) - if nettle.found() and not cc.has_header('nettle/xts.h', dependencies: = nettle) - xts =3D 'private' - endif crypto_sm4 =3D nettle # SM4 ALG is available in nettle >=3D 3.9 if nettle.found() and not cc.links(''' @@ -2566,7 +2562,6 @@ config_host_data.set('CONFIG_NETTLE', nettle.found()) config_host_data.set('CONFIG_CRYPTO_SM4', crypto_sm4.found()) config_host_data.set('CONFIG_CRYPTO_SM3', crypto_sm3.found()) config_host_data.set('CONFIG_HOGWEED', hogweed.found()) -config_host_data.set('CONFIG_QEMU_PRIVATE_XTS', xts =3D=3D 'private') config_host_data.set('CONFIG_MALLOC_TRIM', has_malloc_trim) config_host_data.set('CONFIG_ZSTD', zstd.found()) config_host_data.set('CONFIG_QPL', qpl.found()) @@ -4862,9 +4857,6 @@ if gnutls.found() endif summary_info +=3D {'libgcrypt': gcrypt} summary_info +=3D {'nettle': nettle} -if nettle.found() - summary_info +=3D {' XTS': xts !=3D 'private'} -endif summary_info +=3D {'SM4 ALG support': crypto_sm4} summary_info +=3D {'SM3 ALG support': crypto_sm3} summary_info +=3D {'AF_ALG support': have_afalg} diff --git a/tests/unit/meson.build b/tests/unit/meson.build index d5248ae51d..bd58029060 100644 --- a/tests/unit/meson.build +++ b/tests/unit/meson.build @@ -110,9 +110,6 @@ if have_block if pam.found() tests +=3D {'test-authz-pam': [authz]} endif - if xts =3D=3D 'private' - tests +=3D {'test-crypto-xts': [crypto, io]} - endif if host_os !=3D 'windows' tests +=3D { 'test-image-locking': [testblock], diff --git a/tests/unit/test-crypto-xts.c b/tests/unit/test-crypto-xts.c deleted file mode 100644 index 7acbc956fd..0000000000 --- a/tests/unit/test-crypto-xts.c +++ /dev/null @@ -1,529 +0,0 @@ -/* - * QEMU Crypto XTS cipher mode - * - * Copyright (c) 2015-2018 Red Hat, Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, see . - * - * This code is originally derived from public domain / WTFPL code in - * LibTomCrypt crytographic library http://libtom.org. The XTS code - * was donated by Elliptic Semiconductor Inc (www.ellipticsemi.com) - * to the LibTom Projects - * - */ - -#include "qemu/osdep.h" -#include "crypto/init.h" -#include "crypto/xts.h" -#include "crypto/aes.h" - -typedef struct { - const char *path; - int keylen; - unsigned char key1[32]; - unsigned char key2[32]; - uint64_t seqnum; - unsigned long PTLEN; - unsigned char PTX[512], CTX[512]; -} QCryptoXTSTestData; - -static const QCryptoXTSTestData test_data[] =3D { - /* #1 32 byte key, 32 byte PTX */ - { - "/crypto/xts/t-1-key-32-ptx-32", - 32, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - 0, - 32, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x91, 0x7c, 0xf6, 0x9e, 0xbd, 0x68, 0xb2, 0xec, - 0x9b, 0x9f, 0xe9, 0xa3, 0xea, 0xdd, 0xa6, 0x92, - 0xcd, 0x43, 0xd2, 0xf5, 0x95, 0x98, 0xed, 0x85, - 0x8c, 0x02, 0xc2, 0x65, 0x2f, 0xbf, 0x92, 0x2e }, - }, - - /* #2, 32 byte key, 32 byte PTX */ - { - "/crypto/xts/t-2-key-32-ptx-32", - 32, - { 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, - 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 }, - { 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, - 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 }, - 0x3333333333LL, - 32, - { 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, - 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, - 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, - 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44 }, - { 0xc4, 0x54, 0x18, 0x5e, 0x6a, 0x16, 0x93, 0x6e, - 0x39, 0x33, 0x40, 0x38, 0xac, 0xef, 0x83, 0x8b, - 0xfb, 0x18, 0x6f, 0xff, 0x74, 0x80, 0xad, 0xc4, - 0x28, 0x93, 0x82, 0xec, 0xd6, 0xd3, 0x94, 0xf0 }, - }, - - /* #5 from xts.7, 32 byte key, 32 byte PTX */ - { - "/crypto/xts/t-5-key-32-ptx-32", - 32, - { 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, - 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0 }, - { 0xbf, 0xbe, 0xbd, 0xbc, 0xbb, 0xba, 0xb9, 0xb8, - 0xb7, 0xb6, 0xb5, 0xb4, 0xb3, 0xb2, 0xb1, 0xb0 }, - 0x123456789aLL, - 32, - { 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, - 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, - 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, - 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44 }, - { 0xb0, 0x1f, 0x86, 0xf8, 0xed, 0xc1, 0x86, 0x37, - 0x06, 0xfa, 0x8a, 0x42, 0x53, 0xe3, 0x4f, 0x28, - 0xaf, 0x31, 0x9d, 0xe3, 0x83, 0x34, 0x87, 0x0f, - 0x4d, 0xd1, 0xf9, 0x4c, 0xbe, 0x98, 0x32, 0xf1 }, - }, - - /* #4, 32 byte key, 512 byte PTX */ - { - "/crypto/xts/t-4-key-32-ptx-512", - 32, - { 0x27, 0x18, 0x28, 0x18, 0x28, 0x45, 0x90, 0x45, - 0x23, 0x53, 0x60, 0x28, 0x74, 0x71, 0x35, 0x26 }, - { 0x31, 0x41, 0x59, 0x26, 0x53, 0x58, 0x97, 0x93, - 0x23, 0x84, 0x62, 0x64, 0x33, 0x83, 0x27, 0x95 }, - 0, - 512, - { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, - 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, - 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, - 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, - 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, - 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, - 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, - 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, - 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, - 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, - 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, - 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, - 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, - 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, - 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, - 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, - 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, - 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, - 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, - 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, - 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, - 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, - 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, - 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, - 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, - 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, - 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, - 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, - 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, - 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, - 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, - 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, - 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, - 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, - 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, - 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, - 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, - 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, - 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, - 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, - 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, - 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, - 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, - 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, - 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, - 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, - 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, - 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, - 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, - 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, - 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, - 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, - 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff, - }, - { - 0x27, 0xa7, 0x47, 0x9b, 0xef, 0xa1, 0xd4, 0x76, - 0x48, 0x9f, 0x30, 0x8c, 0xd4, 0xcf, 0xa6, 0xe2, - 0xa9, 0x6e, 0x4b, 0xbe, 0x32, 0x08, 0xff, 0x25, - 0x28, 0x7d, 0xd3, 0x81, 0x96, 0x16, 0xe8, 0x9c, - 0xc7, 0x8c, 0xf7, 0xf5, 0xe5, 0x43, 0x44, 0x5f, - 0x83, 0x33, 0xd8, 0xfa, 0x7f, 0x56, 0x00, 0x00, - 0x05, 0x27, 0x9f, 0xa5, 0xd8, 0xb5, 0xe4, 0xad, - 0x40, 0xe7, 0x36, 0xdd, 0xb4, 0xd3, 0x54, 0x12, - 0x32, 0x80, 0x63, 0xfd, 0x2a, 0xab, 0x53, 0xe5, - 0xea, 0x1e, 0x0a, 0x9f, 0x33, 0x25, 0x00, 0xa5, - 0xdf, 0x94, 0x87, 0xd0, 0x7a, 0x5c, 0x92, 0xcc, - 0x51, 0x2c, 0x88, 0x66, 0xc7, 0xe8, 0x60, 0xce, - 0x93, 0xfd, 0xf1, 0x66, 0xa2, 0x49, 0x12, 0xb4, - 0x22, 0x97, 0x61, 0x46, 0xae, 0x20, 0xce, 0x84, - 0x6b, 0xb7, 0xdc, 0x9b, 0xa9, 0x4a, 0x76, 0x7a, - 0xae, 0xf2, 0x0c, 0x0d, 0x61, 0xad, 0x02, 0x65, - 0x5e, 0xa9, 0x2d, 0xc4, 0xc4, 0xe4, 0x1a, 0x89, - 0x52, 0xc6, 0x51, 0xd3, 0x31, 0x74, 0xbe, 0x51, - 0xa1, 0x0c, 0x42, 0x11, 0x10, 0xe6, 0xd8, 0x15, - 0x88, 0xed, 0xe8, 0x21, 0x03, 0xa2, 0x52, 0xd8, - 0xa7, 0x50, 0xe8, 0x76, 0x8d, 0xef, 0xff, 0xed, - 0x91, 0x22, 0x81, 0x0a, 0xae, 0xb9, 0x9f, 0x91, - 0x72, 0xaf, 0x82, 0xb6, 0x04, 0xdc, 0x4b, 0x8e, - 0x51, 0xbc, 0xb0, 0x82, 0x35, 0xa6, 0xf4, 0x34, - 0x13, 0x32, 0xe4, 0xca, 0x60, 0x48, 0x2a, 0x4b, - 0xa1, 0xa0, 0x3b, 0x3e, 0x65, 0x00, 0x8f, 0xc5, - 0xda, 0x76, 0xb7, 0x0b, 0xf1, 0x69, 0x0d, 0xb4, - 0xea, 0xe2, 0x9c, 0x5f, 0x1b, 0xad, 0xd0, 0x3c, - 0x5c, 0xcf, 0x2a, 0x55, 0xd7, 0x05, 0xdd, 0xcd, - 0x86, 0xd4, 0x49, 0x51, 0x1c, 0xeb, 0x7e, 0xc3, - 0x0b, 0xf1, 0x2b, 0x1f, 0xa3, 0x5b, 0x91, 0x3f, - 0x9f, 0x74, 0x7a, 0x8a, 0xfd, 0x1b, 0x13, 0x0e, - 0x94, 0xbf, 0xf9, 0x4e, 0xff, 0xd0, 0x1a, 0x91, - 0x73, 0x5c, 0xa1, 0x72, 0x6a, 0xcd, 0x0b, 0x19, - 0x7c, 0x4e, 0x5b, 0x03, 0x39, 0x36, 0x97, 0xe1, - 0x26, 0x82, 0x6f, 0xb6, 0xbb, 0xde, 0x8e, 0xcc, - 0x1e, 0x08, 0x29, 0x85, 0x16, 0xe2, 0xc9, 0xed, - 0x03, 0xff, 0x3c, 0x1b, 0x78, 0x60, 0xf6, 0xde, - 0x76, 0xd4, 0xce, 0xcd, 0x94, 0xc8, 0x11, 0x98, - 0x55, 0xef, 0x52, 0x97, 0xca, 0x67, 0xe9, 0xf3, - 0xe7, 0xff, 0x72, 0xb1, 0xe9, 0x97, 0x85, 0xca, - 0x0a, 0x7e, 0x77, 0x20, 0xc5, 0xb3, 0x6d, 0xc6, - 0xd7, 0x2c, 0xac, 0x95, 0x74, 0xc8, 0xcb, 0xbc, - 0x2f, 0x80, 0x1e, 0x23, 0xe5, 0x6f, 0xd3, 0x44, - 0xb0, 0x7f, 0x22, 0x15, 0x4b, 0xeb, 0xa0, 0xf0, - 0x8c, 0xe8, 0x89, 0x1e, 0x64, 0x3e, 0xd9, 0x95, - 0xc9, 0x4d, 0x9a, 0x69, 0xc9, 0xf1, 0xb5, 0xf4, - 0x99, 0x02, 0x7a, 0x78, 0x57, 0x2a, 0xee, 0xbd, - 0x74, 0xd2, 0x0c, 0xc3, 0x98, 0x81, 0xc2, 0x13, - 0xee, 0x77, 0x0b, 0x10, 0x10, 0xe4, 0xbe, 0xa7, - 0x18, 0x84, 0x69, 0x77, 0xae, 0x11, 0x9f, 0x7a, - 0x02, 0x3a, 0xb5, 0x8c, 0xca, 0x0a, 0xd7, 0x52, - 0xaf, 0xe6, 0x56, 0xbb, 0x3c, 0x17, 0x25, 0x6a, - 0x9f, 0x6e, 0x9b, 0xf1, 0x9f, 0xdd, 0x5a, 0x38, - 0xfc, 0x82, 0xbb, 0xe8, 0x72, 0xc5, 0x53, 0x9e, - 0xdb, 0x60, 0x9e, 0xf4, 0xf7, 0x9c, 0x20, 0x3e, - 0xbb, 0x14, 0x0f, 0x2e, 0x58, 0x3c, 0xb2, 0xad, - 0x15, 0xb4, 0xaa, 0x5b, 0x65, 0x50, 0x16, 0xa8, - 0x44, 0x92, 0x77, 0xdb, 0xd4, 0x77, 0xef, 0x2c, - 0x8d, 0x6c, 0x01, 0x7d, 0xb7, 0x38, 0xb1, 0x8d, - 0xeb, 0x4a, 0x42, 0x7d, 0x19, 0x23, 0xce, 0x3f, - 0xf2, 0x62, 0x73, 0x57, 0x79, 0xa4, 0x18, 0xf2, - 0x0a, 0x28, 0x2d, 0xf9, 0x20, 0x14, 0x7b, 0xea, - 0xbe, 0x42, 0x1e, 0xe5, 0x31, 0x9d, 0x05, 0x68, - } - }, - - /* #7, 32 byte key, 17 byte PTX */ - { - "/crypto/xts/t-7-key-32-ptx-17", - 32, - { 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, - 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0 }, - { 0xbf, 0xbe, 0xbd, 0xbc, 0xbb, 0xba, 0xb9, 0xb8, - 0xb7, 0xb6, 0xb5, 0xb4, 0xb3, 0xb2, 0xb1, 0xb0 }, - 0x123456789aLL, - 17, - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10 }, - { 0x6c, 0x16, 0x25, 0xdb, 0x46, 0x71, 0x52, 0x2d, - 0x3d, 0x75, 0x99, 0x60, 0x1d, 0xe7, 0xca, 0x09, 0xed }, - }, - - /* #15, 32 byte key, 25 byte PTX */ - { - "/crypto/xts/t-15-key-32-ptx-25", - 32, - { 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, - 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0 }, - { 0xbf, 0xbe, 0xbd, 0xbc, 0xbb, 0xba, 0xb9, 0xb8, - 0xb7, 0xb6, 0xb5, 0xb4, 0xb3, 0xb2, 0xb1, 0xb0 }, - 0x123456789aLL, - 25, - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18 }, - { 0x8f, 0x4d, 0xcb, 0xad, 0x55, 0x55, 0x8d, 0x7b, - 0x4e, 0x01, 0xd9, 0x37, 0x9c, 0xd4, 0xea, 0x22, - 0xed, 0xbf, 0x9d, 0xac, 0xe4, 0x5d, 0x6f, 0x6a, 0x73 }, - }, - - /* #21, 32 byte key, 31 byte PTX */ - { - "/crypto/xts/t-21-key-32-ptx-31", - 32, - { 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, - 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0 }, - { 0xbf, 0xbe, 0xbd, 0xbc, 0xbb, 0xba, 0xb9, 0xb8, - 0xb7, 0xb6, 0xb5, 0xb4, 0xb3, 0xb2, 0xb1, 0xb0 }, - 0x123456789aLL, - 31, - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e }, - { 0xd0, 0x5b, 0xc0, 0x90, 0xa8, 0xe0, 0x4f, 0x1b, - 0x3d, 0x3e, 0xcd, 0xd5, 0xba, 0xec, 0x0f, 0xd4, - 0xed, 0xbf, 0x9d, 0xac, 0xe4, 0x5d, 0x6f, 0x6a, - 0x73, 0x06, 0xe6, 0x4b, 0xe5, 0xdd, 0x82 }, - }, -}; - -#define STORE64L(x, y) \ - do { \ - (y)[7] =3D (unsigned char)(((x) >> 56) & 255); \ - (y)[6] =3D (unsigned char)(((x) >> 48) & 255); \ - (y)[5] =3D (unsigned char)(((x) >> 40) & 255); \ - (y)[4] =3D (unsigned char)(((x) >> 32) & 255); \ - (y)[3] =3D (unsigned char)(((x) >> 24) & 255); \ - (y)[2] =3D (unsigned char)(((x) >> 16) & 255); \ - (y)[1] =3D (unsigned char)(((x) >> 8) & 255); \ - (y)[0] =3D (unsigned char)((x) & 255); \ - } while (0) - -struct TestAES { - AES_KEY enc; - AES_KEY dec; -}; - -static void test_xts_aes_encrypt(const void *ctx, - size_t length, - uint8_t *dst, - const uint8_t *src) -{ - const struct TestAES *aesctx =3D ctx; - - AES_encrypt(src, dst, &aesctx->enc); -} - - -static void test_xts_aes_decrypt(const void *ctx, - size_t length, - uint8_t *dst, - const uint8_t *src) -{ - const struct TestAES *aesctx =3D ctx; - - AES_decrypt(src, dst, &aesctx->dec); -} - - -static void test_xts(const void *opaque) -{ - const QCryptoXTSTestData *data =3D opaque; - uint8_t out[512], Torg[16], T[16]; - uint64_t seq; - struct TestAES aesdata; - struct TestAES aestweak; - - AES_set_encrypt_key(data->key1, data->keylen / 2 * 8, &aesdata.enc); - AES_set_decrypt_key(data->key1, data->keylen / 2 * 8, &aesdata.dec); - AES_set_encrypt_key(data->key2, data->keylen / 2 * 8, &aestweak.enc); - AES_set_decrypt_key(data->key2, data->keylen / 2 * 8, &aestweak.dec); - - seq =3D data->seqnum; - STORE64L(seq, Torg); - memset(Torg + 8, 0, 8); - - memcpy(T, Torg, sizeof(T)); - xts_encrypt(&aesdata, &aestweak, - test_xts_aes_encrypt, - test_xts_aes_decrypt, - T, data->PTLEN, out, data->PTX); - - g_assert(memcmp(out, data->CTX, data->PTLEN) =3D=3D 0); - - memcpy(T, Torg, sizeof(T)); - xts_decrypt(&aesdata, &aestweak, - test_xts_aes_encrypt, - test_xts_aes_decrypt, - T, data->PTLEN, out, data->CTX); - - g_assert(memcmp(out, data->PTX, data->PTLEN) =3D=3D 0); -} - - -static void test_xts_split(const void *opaque) -{ - const QCryptoXTSTestData *data =3D opaque; - uint8_t out[512], Torg[16], T[16]; - uint64_t seq; - unsigned long len =3D data->PTLEN / 2; - struct TestAES aesdata; - struct TestAES aestweak; - - AES_set_encrypt_key(data->key1, data->keylen / 2 * 8, &aesdata.enc); - AES_set_decrypt_key(data->key1, data->keylen / 2 * 8, &aesdata.dec); - AES_set_encrypt_key(data->key2, data->keylen / 2 * 8, &aestweak.enc); - AES_set_decrypt_key(data->key2, data->keylen / 2 * 8, &aestweak.dec); - - seq =3D data->seqnum; - STORE64L(seq, Torg); - memset(Torg + 8, 0, 8); - - memcpy(T, Torg, sizeof(T)); - xts_encrypt(&aesdata, &aestweak, - test_xts_aes_encrypt, - test_xts_aes_decrypt, - T, len, out, data->PTX); - xts_encrypt(&aesdata, &aestweak, - test_xts_aes_encrypt, - test_xts_aes_decrypt, - T, len, &out[len], &data->PTX[len]); - - g_assert(memcmp(out, data->CTX, data->PTLEN) =3D=3D 0); - - memcpy(T, Torg, sizeof(T)); - xts_decrypt(&aesdata, &aestweak, - test_xts_aes_encrypt, - test_xts_aes_decrypt, - T, len, out, data->CTX); - xts_decrypt(&aesdata, &aestweak, - test_xts_aes_encrypt, - test_xts_aes_decrypt, - T, len, &out[len], &data->CTX[len]); - - g_assert(memcmp(out, data->PTX, data->PTLEN) =3D=3D 0); -} - - -static void test_xts_unaligned(const void *opaque) -{ -#define BAD_ALIGN 3 - const QCryptoXTSTestData *data =3D opaque; - uint8_t in[512 + BAD_ALIGN], out[512 + BAD_ALIGN]; - uint8_t Torg[16], T[16 + BAD_ALIGN]; - uint64_t seq; - struct TestAES aesdata; - struct TestAES aestweak; - - AES_set_encrypt_key(data->key1, data->keylen / 2 * 8, &aesdata.enc); - AES_set_decrypt_key(data->key1, data->keylen / 2 * 8, &aesdata.dec); - AES_set_encrypt_key(data->key2, data->keylen / 2 * 8, &aestweak.enc); - AES_set_decrypt_key(data->key2, data->keylen / 2 * 8, &aestweak.dec); - - seq =3D data->seqnum; - STORE64L(seq, Torg); - memset(Torg + 8, 0, 8); - - /* IV not aligned */ - memcpy(T + BAD_ALIGN, Torg, 16); - memcpy(in, data->PTX, data->PTLEN); - xts_encrypt(&aesdata, &aestweak, - test_xts_aes_encrypt, - test_xts_aes_decrypt, - T + BAD_ALIGN, data->PTLEN, out, in); - - g_assert(memcmp(out, data->CTX, data->PTLEN) =3D=3D 0); - - /* plain text not aligned */ - memcpy(T, Torg, 16); - memcpy(in + BAD_ALIGN, data->PTX, data->PTLEN); - xts_encrypt(&aesdata, &aestweak, - test_xts_aes_encrypt, - test_xts_aes_decrypt, - T, data->PTLEN, out, in + BAD_ALIGN); - - g_assert(memcmp(out, data->CTX, data->PTLEN) =3D=3D 0); - - /* cipher text not aligned */ - memcpy(T, Torg, 16); - memcpy(in, data->PTX, data->PTLEN); - xts_encrypt(&aesdata, &aestweak, - test_xts_aes_encrypt, - test_xts_aes_decrypt, - T, data->PTLEN, out + BAD_ALIGN, in); - - g_assert(memcmp(out + BAD_ALIGN, data->CTX, data->PTLEN) =3D=3D 0); - - - /* IV not aligned */ - memcpy(T + BAD_ALIGN, Torg, 16); - memcpy(in, data->CTX, data->PTLEN); - xts_decrypt(&aesdata, &aestweak, - test_xts_aes_encrypt, - test_xts_aes_decrypt, - T + BAD_ALIGN, data->PTLEN, out, in); - - g_assert(memcmp(out, data->PTX, data->PTLEN) =3D=3D 0); - - /* cipher text not aligned */ - memcpy(T, Torg, 16); - memcpy(in + BAD_ALIGN, data->CTX, data->PTLEN); - xts_decrypt(&aesdata, &aestweak, - test_xts_aes_encrypt, - test_xts_aes_decrypt, - T, data->PTLEN, out, in + BAD_ALIGN); - - g_assert(memcmp(out, data->PTX, data->PTLEN) =3D=3D 0); - - /* plain text not aligned */ - memcpy(T, Torg, 16); - memcpy(in, data->CTX, data->PTLEN); - xts_decrypt(&aesdata, &aestweak, - test_xts_aes_encrypt, - test_xts_aes_decrypt, - T, data->PTLEN, out + BAD_ALIGN, in); - - g_assert(memcmp(out + BAD_ALIGN, data->PTX, data->PTLEN) =3D=3D 0); -} - - -int main(int argc, char **argv) -{ - size_t i; - - g_test_init(&argc, &argv, NULL); - - g_assert(qcrypto_init(NULL) =3D=3D 0); - - for (i =3D 0; i < G_N_ELEMENTS(test_data); i++) { - gchar *path =3D g_strdup_printf("%s/basic", test_data[i].path); - g_test_add_data_func(path, &test_data[i], test_xts); - g_free(path); - - /* skip the cases where the length is smaller than 2*blocklen - * or the length is not a multiple of 32 - */ - if ((test_data[i].PTLEN >=3D 32) && !(test_data[i].PTLEN % 32)) { - path =3D g_strdup_printf("%s/split", test_data[i].path); - g_test_add_data_func(path, &test_data[i], test_xts_split); - g_free(path); - } - - path =3D g_strdup_printf("%s/unaligned", test_data[i].path); - g_test_add_data_func(path, &test_data[i], test_xts_unaligned); - g_free(path); - } - - return g_test_run(); -} --=20 2.51.1