aboutsummaryrefslogtreecommitdiff
path: root/crypto/cipher-builtin.c
AgeCommit message (Collapse)Author
2016-10-19crypto: add mode check in qcrypto_cipher_new() for cipher-builtinGonglei
Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-10-19crypto: extend mode as a parameter in qcrypto_cipher_supports()Gonglei
It can't guarantee all cipher modes are supported if one cipher algorithm is supported by a backend. Let's extend qcrypto_cipher_supports() to take both the algorithm and mode as parameters. Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-09-12crypto: report enum strings instead of values in errorsDaniel P. Berrange
Several error messages print out the raw enum value, which is less than helpful to users, as these values are not documented, nor stable across QEMU releases. Switch to use the enum string instead. The nettle impl also had two typos where it mistakenly said "algorithm" instead of "mode", and actually reported the algorithm value too. Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-03-17crypto: wire up XTS mode for cipher APIsDaniel P. Berrange
Introduce 'XTS' as a permitted mode for the cipher APIs. With XTS the key provided must be twice the size of the key normally required for any given algorithm. This is because the key will be split into two pieces for use in XTS mode. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-03-17crypto: refactor code for dealing with AES cipherDaniel P. Berrange
The built-in and nettle cipher backends for AES maintain two separate AES contexts, one for encryption and one for decryption. This is going to be inconvenient for the future code dealing with XTS, so wrap them up in a single struct so there is just one pointer to pass around for both encryption and decryption. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-01-29crypto: Clean up includesPeter Maydell
Clean up includes so that osdep.h is included first and headers which it implies are not included manually. This commit was created with scripts/clean-includes. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1453832250-766-3-git-send-email-peter.maydell@linaro.org
2015-10-22crypto: add sanity checking of plaintext/ciphertext lengthDaniel P. Berrange
When encrypting/decrypting data, the plaintext/ciphertext buffers are required to be a multiple of the cipher block size. If this is not done, nettle will abort and gcrypt will report an error. To get consistent behaviour add explicit checks upfront for the buffer sizes. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-10-22crypto: don't let builtin aes crash if no IV is providedDaniel P. Berrange
If no IV is provided, then use a default IV of all-zeros instead of crashing. This gives parity with gcrypt and nettle backends. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-07-27crypto: fix built-in AES decrypt functionDaniel P. Berrange
The qcrypto_cipher_decrypt_aes method was using the wrong key material, and passing the wrong mode. This caused it to incorrectly decrypt ciphertext. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Message-Id: <1437740634-6261-1-git-send-email-berrange@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-07-09crypto: fix builtin qcrypto_cipher_freePaolo Bonzini
This was dereferencing a pointer before checking if it was NULL. Reported-by: Christian Borntraeger <borntraeger@de.ibm.com> Reported-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-07-08crypto: introduce generic cipher API & built-in implementationDaniel P. Berrange
Introduce a generic cipher API and an implementation of it that supports only the built-in AES and DES-RFB algorithms. The test suite checks the supported algorithms + modes to validate that every backend implementation is actually correctly complying with the specs. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Message-Id: <1435770638-25715-5-git-send-email-berrange@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>