diff options
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/cipher-builtin.c | 25 | ||||
| -rw-r--r-- | crypto/cipher-gcrypt.c | 38 | ||||
| -rw-r--r-- | crypto/cipher-nettle.c | 28 | ||||
| -rw-r--r-- | crypto/cipher.c | 1 | ||||
| -rw-r--r-- | crypto/init.c | 7 |
5 files changed, 86 insertions, 13 deletions
diff --git a/crypto/cipher-builtin.c b/crypto/cipher-builtin.c index 9d258428b0..b4bc2b9ca6 100644 --- a/crypto/cipher-builtin.c +++ b/crypto/cipher-builtin.c @@ -400,14 +400,26 @@ static int qcrypto_cipher_init_des_rfb(QCryptoCipher *cipher, } -bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg) +bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, + QCryptoCipherMode mode) { switch (alg) { case QCRYPTO_CIPHER_ALG_DES_RFB: case QCRYPTO_CIPHER_ALG_AES_128: case QCRYPTO_CIPHER_ALG_AES_192: case QCRYPTO_CIPHER_ALG_AES_256: + break; + default: + return false; + } + + switch (mode) { + case QCRYPTO_CIPHER_MODE_ECB: + case QCRYPTO_CIPHER_MODE_CBC: + case QCRYPTO_CIPHER_MODE_XTS: return true; + case QCRYPTO_CIPHER_MODE_CTR: + return false; default: return false; } @@ -421,6 +433,17 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg, { QCryptoCipher *cipher; + switch (mode) { + case QCRYPTO_CIPHER_MODE_ECB: + case QCRYPTO_CIPHER_MODE_CBC: + case QCRYPTO_CIPHER_MODE_XTS: + break; + default: + error_setg(errp, "Unsupported cipher mode %s", + QCryptoCipherMode_lookup[mode]); + return NULL; + } + cipher = g_new0(QCryptoCipher, 1); cipher->alg = alg; cipher->mode = mode; diff --git a/crypto/cipher-gcrypt.c b/crypto/cipher-gcrypt.c index da3f4c74db..c550db9008 100644 --- a/crypto/cipher-gcrypt.c +++ b/crypto/cipher-gcrypt.c @@ -24,7 +24,8 @@ #include <gcrypt.h> -bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg) +bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, + QCryptoCipherMode mode) { switch (alg) { case QCRYPTO_CIPHER_ALG_DES_RFB: @@ -37,6 +38,16 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg) case QCRYPTO_CIPHER_ALG_SERPENT_256: case QCRYPTO_CIPHER_ALG_TWOFISH_128: case QCRYPTO_CIPHER_ALG_TWOFISH_256: + break; + default: + return false; + } + + switch (mode) { + case QCRYPTO_CIPHER_MODE_ECB: + case QCRYPTO_CIPHER_MODE_CBC: + case QCRYPTO_CIPHER_MODE_XTS: + case QCRYPTO_CIPHER_MODE_CTR: return true; default: return false; @@ -48,6 +59,7 @@ struct QCryptoCipherGcrypt { gcry_cipher_hd_t handle; gcry_cipher_hd_t tweakhandle; size_t blocksize; + /* Initialization vector or Counter */ uint8_t *iv; }; @@ -69,6 +81,9 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg, case QCRYPTO_CIPHER_MODE_CBC: gcrymode = GCRY_CIPHER_MODE_CBC; break; + case QCRYPTO_CIPHER_MODE_CTR: + gcrymode = GCRY_CIPHER_MODE_CTR; + break; default: error_setg(errp, "Unsupported cipher mode %s", QCryptoCipherMode_lookup[mode]); @@ -339,12 +354,21 @@ int qcrypto_cipher_setiv(QCryptoCipher *cipher, if (ctx->iv) { memcpy(ctx->iv, iv, niv); } else { - gcry_cipher_reset(ctx->handle); - err = gcry_cipher_setiv(ctx->handle, iv, niv); - if (err != 0) { - error_setg(errp, "Cannot set IV: %s", - gcry_strerror(err)); - return -1; + if (cipher->mode == QCRYPTO_CIPHER_MODE_CTR) { + err = gcry_cipher_setctr(ctx->handle, iv, niv); + if (err != 0) { + error_setg(errp, "Cannot set Counter: %s", + gcry_strerror(err)); + return -1; + } + } else { + gcry_cipher_reset(ctx->handle); + err = gcry_cipher_setiv(ctx->handle, iv, niv); + if (err != 0) { + error_setg(errp, "Cannot set IV: %s", + gcry_strerror(err)); + return -1; + } } } diff --git a/crypto/cipher-nettle.c b/crypto/cipher-nettle.c index 879d831694..cd094cd6a5 100644 --- a/crypto/cipher-nettle.c +++ b/crypto/cipher-nettle.c @@ -28,6 +28,7 @@ #include <nettle/cast128.h> #include <nettle/serpent.h> #include <nettle/twofish.h> +#include <nettle/ctr.h> typedef void (*QCryptoCipherNettleFuncWrapper)(const void *ctx, size_t length, @@ -186,12 +187,13 @@ struct QCryptoCipherNettle { QCryptoCipherNettleFuncNative alg_decrypt_native; QCryptoCipherNettleFuncWrapper alg_encrypt_wrapper; QCryptoCipherNettleFuncWrapper alg_decrypt_wrapper; - + /* Initialization vector or Counter */ uint8_t *iv; size_t blocksize; }; -bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg) +bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, + QCryptoCipherMode mode) { switch (alg) { case QCRYPTO_CIPHER_ALG_DES_RFB: @@ -205,6 +207,16 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg) case QCRYPTO_CIPHER_ALG_TWOFISH_128: case QCRYPTO_CIPHER_ALG_TWOFISH_192: case QCRYPTO_CIPHER_ALG_TWOFISH_256: + break; + default: + return false; + } + + switch (mode) { + case QCRYPTO_CIPHER_MODE_ECB: + case QCRYPTO_CIPHER_MODE_CBC: + case QCRYPTO_CIPHER_MODE_XTS: + case QCRYPTO_CIPHER_MODE_CTR: return true; default: return false; @@ -225,6 +237,7 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg, case QCRYPTO_CIPHER_MODE_ECB: case QCRYPTO_CIPHER_MODE_CBC: case QCRYPTO_CIPHER_MODE_XTS: + case QCRYPTO_CIPHER_MODE_CTR: break; default: error_setg(errp, "Unsupported cipher mode %s", @@ -430,6 +443,12 @@ int qcrypto_cipher_encrypt(QCryptoCipher *cipher, ctx->iv, len, out, in); break; + case QCRYPTO_CIPHER_MODE_CTR: + ctr_crypt(ctx->ctx, ctx->alg_encrypt_native, + ctx->blocksize, ctx->iv, + len, out, in); + break; + default: error_setg(errp, "Unsupported cipher mode %s", QCryptoCipherMode_lookup[cipher->mode]); @@ -469,6 +488,11 @@ int qcrypto_cipher_decrypt(QCryptoCipher *cipher, ctx->alg_encrypt_wrapper, ctx->alg_decrypt_wrapper, ctx->iv, len, out, in); break; + case QCRYPTO_CIPHER_MODE_CTR: + ctr_crypt(ctx->ctx, ctx->alg_encrypt_native, + ctx->blocksize, ctx->iv, + len, out, in); + break; default: error_setg(errp, "Unsupported cipher mode %s", diff --git a/crypto/cipher.c b/crypto/cipher.c index cafb454363..a9bca41302 100644 --- a/crypto/cipher.c +++ b/crypto/cipher.c @@ -55,6 +55,7 @@ static bool mode_need_iv[QCRYPTO_CIPHER_MODE__MAX] = { [QCRYPTO_CIPHER_MODE_ECB] = false, [QCRYPTO_CIPHER_MODE_CBC] = true, [QCRYPTO_CIPHER_MODE_XTS] = true, + [QCRYPTO_CIPHER_MODE_CTR] = true, }; diff --git a/crypto/init.c b/crypto/init.c index 16e099b489..f65207e57d 100644 --- a/crypto/init.c +++ b/crypto/init.c @@ -119,6 +119,10 @@ static struct gcry_thread_cbs qcrypto_gcrypt_thread_impl = { int qcrypto_init(Error **errp) { +#ifdef QCRYPTO_INIT_GCRYPT_THREADS + gcry_control(GCRYCTL_SET_THREAD_CBS, &qcrypto_gcrypt_thread_impl); +#endif /* QCRYPTO_INIT_GCRYPT_THREADS */ + #ifdef CONFIG_GNUTLS int ret; ret = gnutls_global_init(); @@ -139,9 +143,6 @@ int qcrypto_init(Error **errp) error_setg(errp, "Unable to initialize gcrypt"); return -1; } -#ifdef QCRYPTO_INIT_GCRYPT_THREADS - gcry_control(GCRYCTL_SET_THREAD_CBS, &qcrypto_gcrypt_thread_impl); -#endif /* QCRYPTO_INIT_GCRYPT_THREADS */ gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); #endif |