aboutsummaryrefslogtreecommitdiff
path: root/crypto/cipher-nettle.c
AgeCommit message (Collapse)Author
2019-10-28crypto: add support for nettle's native XTS implDaniel P. Berrangé
Nettle 3.5.0 will add support for the XTS mode. Use this because long term we wish to delete QEMU's XTS impl to avoid carrying private crypto algorithm impls. Unfortunately this degrades nettle performance from 612 MB/s to 568 MB/s as nettle's XTS impl isn't so well optimized yet. Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Stefano Garzarella <sgarzare@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-19crypto: Fix LGPL information in the file headersThomas Huth
It's either "GNU *Library* General Public License version 2" or "GNU Lesser General Public License version *2.1*", but there was no "version 2.0" of the "Lesser" license. So assume that version 2.1 is meant here. Signed-off-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-19crypto: switch to modern nettle AES APIsDaniel P. Berrangé
The aes_ctx struct and aes_* functions have been deprecated in nettle 3.5, in favour of keysize specific functions which were introduced first in nettle 3.0. Switch QEMU code to use the new APIs and add some backcompat defines such that it still builds on nettle 2.7 Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Tested-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2017-09-04qapi: Mechanically convert FOO_lookup[...] to FOO_str(...)Markus Armbruster
Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <1503564371-26090-14-git-send-email-armbru@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2017-07-19crypto: cipher: add cipher driver frameworkLongpeng(Mike)
1) makes the public APIs in cipher-nettle/gcrypt/builtin static, and rename them with "nettle/gcrypt/builtin" prefix. 2) introduces cipher framework, including QCryptoCipherDriver and new public APIs. Reviewed-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-07-19crypto: cipher: introduce qcrypto_cipher_ctx_new for nettle-backendLongpeng(Mike)
Extracts qcrypto_cipher_ctx_new() from qcrypto_cipher_new() for nettle-backend impls. Reviewed-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-07-19crypto: cipher: introduce context free functionLongpeng(Mike)
Refactors the qcrypto_cipher_free(), splits it into two parts. One is gcrypt/nettle__cipher_free_ctx() to free the special context. This makes code more clear, what's more, it would be used by the later patch. Reviewed-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-12-21crypto: add 3des-ede support when using libgcrypt/nettleLongpeng(Mike)
Libgcrypt and nettle support 3des-ede, so this patch add 3des-ede support when using libgcrypt or nettle. Reviewed-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-12-21cipher: fix leak on initialization errorMarc-André Lureau
On error path, ctx may be leaked. Assign ctx earlier, and call qcrypto_cipher_free() on error. Spotted thanks to ASAN. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-10-19crypto: add CTR mode supportGonglei
Introduce CTR mode support for the cipher APIs. CTR mode uses a counter rather than a traditional IV. The counter has additional properties, including a nonce and initial counter block. We reuse the ctx->iv as the counter for conveniences. Both libgcrypt and nettle are support CTR mode, the cipher-builtin doesn't support yet. Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-10-19crypto: extend mode as a parameter in qcrypto_cipher_supports()Gonglei
It can't guarantee all cipher modes are supported if one cipher algorithm is supported by a backend. Let's extend qcrypto_cipher_supports() to take both the algorithm and mode as parameters. Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-09-12crypto: report enum strings instead of values in errorsDaniel P. Berrange
Several error messages print out the raw enum value, which is less than helpful to users, as these values are not documented, nor stable across QEMU releases. Switch to use the enum string instead. The nettle impl also had two typos where it mistakenly said "algorithm" instead of "mode", and actually reported the algorithm value too. Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-09-12crypto: ensure XTS is only used with ciphers with 16 byte blocksDaniel P. Berrange
The XTS cipher mode needs to be used with a cipher which has a block size of 16 bytes. If a mis-matching block size is used, the code will either corrupt memory beyond the IV array, or not fully encrypt/decrypt the IV. This fixes a memory corruption crash when attempting to use cast5-128 with xts, since the former has an 8 byte block size. A test case is added to ensure the cipher creation fails with such an invalid combination. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-03-21crypto: fix cipher function signature mismatch with nettle & xtsDaniel P. Berrange
For versions of nettle < 3.0.0, the cipher functions took a 'void *ctx' and 'unsigned len' instad of 'const void *ctx' and 'size_t len'. The xts functions though are builtin to QEMU and always expect the latter signatures. Define a second set of wrappers to use with the correct signatures needed by XTS mode. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-03-21crypto: add compat cast5_set_key with nettle < 3.0.0Daniel P. Berrange
Prior to the nettle 3.0.0 release, the cast5_set_key function was actually named cast128_set_key, so we must add a compatibility definition. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-03-17crypto: wire up XTS mode for cipher APIsDaniel P. Berrange
Introduce 'XTS' as a permitted mode for the cipher APIs. With XTS the key provided must be twice the size of the key normally required for any given algorithm. This is because the key will be split into two pieces for use in XTS mode. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-03-17crypto: refactor code for dealing with AES cipherDaniel P. Berrange
The built-in and nettle cipher backends for AES maintain two separate AES contexts, one for encryption and one for decryption. This is going to be inconvenient for the future code dealing with XTS, so wrap them up in a single struct so there is just one pointer to pass around for both encryption and decryption. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-03-17crypto: add support for the twofish cipher algorithmDaniel P. Berrange
New cipher algorithms 'twofish-128', 'twofish-192' and 'twofish-256' are defined for the Twofish algorithm. The gcrypt backend does not support 'twofish-192'. The nettle and gcrypt cipher backends are updated to support the new cipher and a test vector added to the cipher test suite. The new algorithm is enabled in the LUKS block encryption driver. Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-03-17crypto: add support for the serpent cipher algorithmDaniel P. Berrange
New cipher algorithms 'serpent-128', 'serpent-192' and 'serpent-256' are defined for the Serpent algorithm. The nettle and gcrypt cipher backends are updated to support the new cipher and a test vector added to the cipher test suite. The new algorithm is enabled in the LUKS block encryption driver. Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-03-17crypto: add support for the cast5-128 cipher algorithmDaniel P. Berrange
A new cipher algorithm 'cast-5-128' is defined for the Cast-5 algorithm with 128 bit key size. Smaller key sizes are supported by Cast-5, but nothing in QEMU should use them, so only 128 bit keys are permitted. The nettle and gcrypt cipher backends are updated to support the new cipher and a test vector added to the cipher test suite. The new algorithm is enabled in the LUKS block encryption driver. Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-01-29crypto: Clean up includesPeter Maydell
Clean up includes so that osdep.h is included first and headers which it implies are not included manually. This commit was created with scripts/clean-includes. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1453832250-766-3-git-send-email-peter.maydell@linaro.org
2015-10-22crypto: add sanity checking of plaintext/ciphertext lengthDaniel P. Berrange
When encrypting/decrypting data, the plaintext/ciphertext buffers are required to be a multiple of the cipher block size. If this is not done, nettle will abort and gcrypt will report an error. To get consistent behaviour add explicit checks upfront for the buffer sizes. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-07-20crypto: Fix aes_decrypt_wrapper()Kevin Wolf
Commit d3462e3 broke qcow2's encryption functionality by using encrypt instead of decrypt in the wrapper function it introduces. This was found by qemu-iotests case 134. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
2015-07-16crypto: avoid undefined behavior in nettle callsRadim Krčmář
Calling a function pointer that was cast from an incompatible function results in undefined behavior. 'void *' isn't compatible with 'struct XXX *', so we can't cast to nettle_cipher_func, but have to provide a wrapper. (Conversion from 'void *' to 'struct XXX *' might require computation, which won't be done if we drop argument's true type, and pointers can have different sizes so passing arguments on stack would bug.) Having two different prototypes based on nettle version doesn't make this solution any nicer. Reported-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Radim Krčmář <rkrcmar@redhat.com> Message-Id: <1437062641-12684-3-git-send-email-rkrcmar@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-07-16crypto: fix build with nettle >= 3.0.0Radim Krčmář
In nettle 3, cbc_encrypt() accepts 'nettle_cipher_func' instead of 'nettle_crypt_func' and these two differ in 'const' qualifier of the first argument. The build fails with: In file included from crypto/cipher.c:71:0: ./crypto/cipher-nettle.c: In function ‘qcrypto_cipher_encrypt’: ./crypto/cipher-nettle.c:154:38: error: passing argument 2 of ‘nettle_cbc_encrypt’ from incompatible pointer type cbc_encrypt(ctx->ctx_encrypt, ctx->alg_encrypt, ^ In file included from ./crypto/cipher-nettle.c:24:0, from crypto/cipher.c:71: /usr/include/nettle/cbc.h:48:1: note: expected ‘void (*)(const void *, size_t, uint8_t *, const uint8_t *) but argument is of type ‘void (*)( void *, size_t, uint8_t *, const uint8_t *) To allow both versions, we switch to the new definition and #if typedef it for old versions. Signed-off-by: Radim Krčmář <rkrcmar@redhat.com> Message-Id: <1436548682-9315-2-git-send-email-rkrcmar@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-07-08crypto: add a nettle cipher implementationDaniel P. Berrange
If we are linking to gnutls already and gnutls is built against nettle, then we should use nettle as a cipher backend in preference to our built-in backend. This will be used when linking against some GNUTLS 2.x versions and all GNUTLS 3.x versions. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Message-Id: <1435770638-25715-7-git-send-email-berrange@redhat.com> [Change "#elif" to "#elif defined". - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>