diff options
author | Gonglei <arei.gonglei@huawei.com> | 2016-09-26 17:23:22 +0800 |
---|---|---|
committer | Daniel P. Berrange <berrange@redhat.com> | 2016-10-19 10:09:24 +0100 |
commit | 3c28292f390f642bbb3dba0949ecf36aaf7be0d6 (patch) | |
tree | 21c65cff1327d46cac536b32c671b6bcdd696715 /crypto/cipher-gcrypt.c | |
parent | f844836ddccf3dbcba142128da5dd8ee618f3e91 (diff) | |
download | qemu-3c28292f390f642bbb3dba0949ecf36aaf7be0d6.zip qemu-3c28292f390f642bbb3dba0949ecf36aaf7be0d6.tar.gz qemu-3c28292f390f642bbb3dba0949ecf36aaf7be0d6.tar.bz2 |
crypto: add CTR mode support
Introduce CTR mode support for the cipher APIs.
CTR mode uses a counter rather than a traditional IV.
The counter has additional properties, including a nonce
and initial counter block. We reuse the ctx->iv as
the counter for conveniences.
Both libgcrypt and nettle are support CTR mode, the
cipher-builtin doesn't support yet.
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Diffstat (limited to 'crypto/cipher-gcrypt.c')
-rw-r--r-- | crypto/cipher-gcrypt.c | 25 |
1 files changed, 19 insertions, 6 deletions
diff --git a/crypto/cipher-gcrypt.c b/crypto/cipher-gcrypt.c index 05026c0..c550db9 100644 --- a/crypto/cipher-gcrypt.c +++ b/crypto/cipher-gcrypt.c @@ -59,6 +59,7 @@ struct QCryptoCipherGcrypt { gcry_cipher_hd_t handle; gcry_cipher_hd_t tweakhandle; size_t blocksize; + /* Initialization vector or Counter */ uint8_t *iv; }; @@ -80,6 +81,9 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg, case QCRYPTO_CIPHER_MODE_CBC: gcrymode = GCRY_CIPHER_MODE_CBC; break; + case QCRYPTO_CIPHER_MODE_CTR: + gcrymode = GCRY_CIPHER_MODE_CTR; + break; default: error_setg(errp, "Unsupported cipher mode %s", QCryptoCipherMode_lookup[mode]); @@ -350,12 +354,21 @@ int qcrypto_cipher_setiv(QCryptoCipher *cipher, if (ctx->iv) { memcpy(ctx->iv, iv, niv); } else { - gcry_cipher_reset(ctx->handle); - err = gcry_cipher_setiv(ctx->handle, iv, niv); - if (err != 0) { - error_setg(errp, "Cannot set IV: %s", - gcry_strerror(err)); - return -1; + if (cipher->mode == QCRYPTO_CIPHER_MODE_CTR) { + err = gcry_cipher_setctr(ctx->handle, iv, niv); + if (err != 0) { + error_setg(errp, "Cannot set Counter: %s", + gcry_strerror(err)); + return -1; + } + } else { + gcry_cipher_reset(ctx->handle); + err = gcry_cipher_setiv(ctx->handle, iv, niv); + if (err != 0) { + error_setg(errp, "Cannot set IV: %s", + gcry_strerror(err)); + return -1; + } } } |