aboutsummaryrefslogtreecommitdiff
path: root/crypto
diff options
context:
space:
mode:
authorDaniel P. Berrangé <berrange@redhat.com>2021-07-02 17:00:32 +0100
committerDaniel P. Berrangé <berrange@redhat.com>2021-07-14 14:15:52 +0100
commit6801404429d51b260e08c6ad54dbf3ac430016db (patch)
tree60727eadf0242895310f7dc98551949a7cd61aaa /crypto
parent21407ddf967f9b6f9ea22ab3a1644f6b29d53255 (diff)
downloadqemu-6801404429d51b260e08c6ad54dbf3ac430016db.zip
qemu-6801404429d51b260e08c6ad54dbf3ac430016db.tar.gz
qemu-6801404429d51b260e08c6ad54dbf3ac430016db.tar.bz2
crypto: delete built-in XTS cipher mode support
The built-in AES+XTS implementation is used for the LUKS encryption When building system emulators it is reasonable to expect that an external crypto library is being used instead. The performance of the builtin XTS implementation is terrible as it has no CPU acceleration support. It is thus not worth keeping a home grown XTS implementation for the built-in cipher backend. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Diffstat (limited to 'crypto')
-rw-r--r--crypto/cipher-builtin.c.inc60
-rw-r--r--crypto/meson.build6
2 files changed, 3 insertions, 63 deletions
diff --git a/crypto/cipher-builtin.c.inc b/crypto/cipher-builtin.c.inc
index 70743f2..b409089 100644
--- a/crypto/cipher-builtin.c.inc
+++ b/crypto/cipher-builtin.c.inc
@@ -19,7 +19,6 @@
*/
#include "crypto/aes.h"
-#include "crypto/xts.h"
typedef struct QCryptoCipherBuiltinAESContext QCryptoCipherBuiltinAESContext;
struct QCryptoCipherBuiltinAESContext {
@@ -31,7 +30,6 @@ typedef struct QCryptoCipherBuiltinAES QCryptoCipherBuiltinAES;
struct QCryptoCipherBuiltinAES {
QCryptoCipher base;
QCryptoCipherBuiltinAESContext key;
- QCryptoCipherBuiltinAESContext key_tweak;
uint8_t iv[AES_BLOCK_SIZE];
};
@@ -193,39 +191,6 @@ static int qcrypto_cipher_aes_decrypt_cbc(QCryptoCipher *cipher,
return 0;
}
-static int qcrypto_cipher_aes_encrypt_xts(QCryptoCipher *cipher,
- const void *in, void *out,
- size_t len, Error **errp)
-{
- QCryptoCipherBuiltinAES *ctx
- = container_of(cipher, QCryptoCipherBuiltinAES, base);
-
- if (!qcrypto_length_check(len, AES_BLOCK_SIZE, errp)) {
- return -1;
- }
- xts_encrypt(&ctx->key, &ctx->key_tweak,
- do_aes_encrypt_ecb, do_aes_decrypt_ecb,
- ctx->iv, len, out, in);
- return 0;
-}
-
-static int qcrypto_cipher_aes_decrypt_xts(QCryptoCipher *cipher,
- const void *in, void *out,
- size_t len, Error **errp)
-{
- QCryptoCipherBuiltinAES *ctx
- = container_of(cipher, QCryptoCipherBuiltinAES, base);
-
- if (!qcrypto_length_check(len, AES_BLOCK_SIZE, errp)) {
- return -1;
- }
- xts_decrypt(&ctx->key, &ctx->key_tweak,
- do_aes_encrypt_ecb, do_aes_decrypt_ecb,
- ctx->iv, len, out, in);
- return 0;
-}
-
-
static int qcrypto_cipher_aes_setiv(QCryptoCipher *cipher, const uint8_t *iv,
size_t niv, Error **errp)
{
@@ -256,14 +221,6 @@ static const struct QCryptoCipherDriver qcrypto_cipher_aes_driver_cbc = {
.cipher_free = qcrypto_cipher_ctx_free,
};
-static const struct QCryptoCipherDriver qcrypto_cipher_aes_driver_xts = {
- .cipher_encrypt = qcrypto_cipher_aes_encrypt_xts,
- .cipher_decrypt = qcrypto_cipher_aes_decrypt_xts,
- .cipher_setiv = qcrypto_cipher_aes_setiv,
- .cipher_free = qcrypto_cipher_ctx_free,
-};
-
-
bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg,
QCryptoCipherMode mode)
{
@@ -274,7 +231,6 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg,
switch (mode) {
case QCRYPTO_CIPHER_MODE_ECB:
case QCRYPTO_CIPHER_MODE_CBC:
- case QCRYPTO_CIPHER_MODE_XTS:
return true;
default:
return false;
@@ -310,9 +266,6 @@ static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg,
case QCRYPTO_CIPHER_MODE_CBC:
drv = &qcrypto_cipher_aes_driver_cbc;
break;
- case QCRYPTO_CIPHER_MODE_XTS:
- drv = &qcrypto_cipher_aes_driver_xts;
- break;
default:
goto bad_mode;
}
@@ -320,19 +273,6 @@ static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg,
ctx = g_new0(QCryptoCipherBuiltinAES, 1);
ctx->base.driver = drv;
- if (mode == QCRYPTO_CIPHER_MODE_XTS) {
- nkey /= 2;
- if (AES_set_encrypt_key(key + nkey, nkey * 8,
- &ctx->key_tweak.enc)) {
- error_setg(errp, "Failed to set encryption key");
- goto error;
- }
- if (AES_set_decrypt_key(key + nkey, nkey * 8,
- &ctx->key_tweak.dec)) {
- error_setg(errp, "Failed to set decryption key");
- goto error;
- }
- }
if (AES_set_encrypt_key(key, nkey * 8, &ctx->key.enc)) {
error_setg(errp, "Failed to set encryption key");
goto error;
diff --git a/crypto/meson.build b/crypto/meson.build
index b384ca8..fc8de28 100644
--- a/crypto/meson.build
+++ b/crypto/meson.build
@@ -23,14 +23,14 @@ crypto_ss.add(files(
if nettle.found()
crypto_ss.add(nettle, files('hash-nettle.c', 'hmac-nettle.c', 'pbkdf-nettle.c'))
+ if xts == 'private'
+ crypto_ss.add(files('xts.c'))
+ endif
elif gcrypt.found()
crypto_ss.add(gcrypt, files('hash-gcrypt.c', 'hmac-gcrypt.c', 'pbkdf-gcrypt.c'))
else
crypto_ss.add(files('hash-glib.c', 'hmac-glib.c', 'pbkdf-stub.c'))
endif
-if xts == 'private'
- crypto_ss.add(files('xts.c'))
-endif
crypto_ss.add(when: 'CONFIG_SECRET_KEYRING', if_true: files('secret_keyring.c'))
crypto_ss.add(when: 'CONFIG_AF_ALG', if_true: files('afalg.c', 'cipher-afalg.c', 'hash-afalg.c'))