aboutsummaryrefslogtreecommitdiff
path: root/crypto
diff options
context:
space:
mode:
authorGonglei <arei.gonglei@huawei.com>2016-09-26 17:23:22 +0800
committerDaniel P. Berrange <berrange@redhat.com>2016-10-19 10:09:24 +0100
commit3c28292f390f642bbb3dba0949ecf36aaf7be0d6 (patch)
tree21c65cff1327d46cac536b32c671b6bcdd696715 /crypto
parentf844836ddccf3dbcba142128da5dd8ee618f3e91 (diff)
downloadqemu-3c28292f390f642bbb3dba0949ecf36aaf7be0d6.zip
qemu-3c28292f390f642bbb3dba0949ecf36aaf7be0d6.tar.gz
qemu-3c28292f390f642bbb3dba0949ecf36aaf7be0d6.tar.bz2
crypto: add CTR mode support
Introduce CTR mode support for the cipher APIs. CTR mode uses a counter rather than a traditional IV. The counter has additional properties, including a nonce and initial counter block. We reuse the ctx->iv as the counter for conveniences. Both libgcrypt and nettle are support CTR mode, the cipher-builtin doesn't support yet. Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Diffstat (limited to 'crypto')
-rw-r--r--crypto/cipher-gcrypt.c25
-rw-r--r--crypto/cipher-nettle.c15
-rw-r--r--crypto/cipher.c1
3 files changed, 34 insertions, 7 deletions
diff --git a/crypto/cipher-gcrypt.c b/crypto/cipher-gcrypt.c
index 05026c0..c550db9 100644
--- a/crypto/cipher-gcrypt.c
+++ b/crypto/cipher-gcrypt.c
@@ -59,6 +59,7 @@ struct QCryptoCipherGcrypt {
gcry_cipher_hd_t handle;
gcry_cipher_hd_t tweakhandle;
size_t blocksize;
+ /* Initialization vector or Counter */
uint8_t *iv;
};
@@ -80,6 +81,9 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
case QCRYPTO_CIPHER_MODE_CBC:
gcrymode = GCRY_CIPHER_MODE_CBC;
break;
+ case QCRYPTO_CIPHER_MODE_CTR:
+ gcrymode = GCRY_CIPHER_MODE_CTR;
+ break;
default:
error_setg(errp, "Unsupported cipher mode %s",
QCryptoCipherMode_lookup[mode]);
@@ -350,12 +354,21 @@ int qcrypto_cipher_setiv(QCryptoCipher *cipher,
if (ctx->iv) {
memcpy(ctx->iv, iv, niv);
} else {
- gcry_cipher_reset(ctx->handle);
- err = gcry_cipher_setiv(ctx->handle, iv, niv);
- if (err != 0) {
- error_setg(errp, "Cannot set IV: %s",
- gcry_strerror(err));
- return -1;
+ if (cipher->mode == QCRYPTO_CIPHER_MODE_CTR) {
+ err = gcry_cipher_setctr(ctx->handle, iv, niv);
+ if (err != 0) {
+ error_setg(errp, "Cannot set Counter: %s",
+ gcry_strerror(err));
+ return -1;
+ }
+ } else {
+ gcry_cipher_reset(ctx->handle);
+ err = gcry_cipher_setiv(ctx->handle, iv, niv);
+ if (err != 0) {
+ error_setg(errp, "Cannot set IV: %s",
+ gcry_strerror(err));
+ return -1;
+ }
}
}
diff --git a/crypto/cipher-nettle.c b/crypto/cipher-nettle.c
index 72d1069..cd094cd 100644
--- a/crypto/cipher-nettle.c
+++ b/crypto/cipher-nettle.c
@@ -28,6 +28,7 @@
#include <nettle/cast128.h>
#include <nettle/serpent.h>
#include <nettle/twofish.h>
+#include <nettle/ctr.h>
typedef void (*QCryptoCipherNettleFuncWrapper)(const void *ctx,
size_t length,
@@ -186,7 +187,7 @@ struct QCryptoCipherNettle {
QCryptoCipherNettleFuncNative alg_decrypt_native;
QCryptoCipherNettleFuncWrapper alg_encrypt_wrapper;
QCryptoCipherNettleFuncWrapper alg_decrypt_wrapper;
-
+ /* Initialization vector or Counter */
uint8_t *iv;
size_t blocksize;
};
@@ -236,6 +237,7 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
case QCRYPTO_CIPHER_MODE_ECB:
case QCRYPTO_CIPHER_MODE_CBC:
case QCRYPTO_CIPHER_MODE_XTS:
+ case QCRYPTO_CIPHER_MODE_CTR:
break;
default:
error_setg(errp, "Unsupported cipher mode %s",
@@ -441,6 +443,12 @@ int qcrypto_cipher_encrypt(QCryptoCipher *cipher,
ctx->iv, len, out, in);
break;
+ case QCRYPTO_CIPHER_MODE_CTR:
+ ctr_crypt(ctx->ctx, ctx->alg_encrypt_native,
+ ctx->blocksize, ctx->iv,
+ len, out, in);
+ break;
+
default:
error_setg(errp, "Unsupported cipher mode %s",
QCryptoCipherMode_lookup[cipher->mode]);
@@ -480,6 +488,11 @@ int qcrypto_cipher_decrypt(QCryptoCipher *cipher,
ctx->alg_encrypt_wrapper, ctx->alg_decrypt_wrapper,
ctx->iv, len, out, in);
break;
+ case QCRYPTO_CIPHER_MODE_CTR:
+ ctr_crypt(ctx->ctx, ctx->alg_encrypt_native,
+ ctx->blocksize, ctx->iv,
+ len, out, in);
+ break;
default:
error_setg(errp, "Unsupported cipher mode %s",
diff --git a/crypto/cipher.c b/crypto/cipher.c
index cafb454..a9bca41 100644
--- a/crypto/cipher.c
+++ b/crypto/cipher.c
@@ -55,6 +55,7 @@ static bool mode_need_iv[QCRYPTO_CIPHER_MODE__MAX] = {
[QCRYPTO_CIPHER_MODE_ECB] = false,
[QCRYPTO_CIPHER_MODE_CBC] = true,
[QCRYPTO_CIPHER_MODE_XTS] = true,
+ [QCRYPTO_CIPHER_MODE_CTR] = true,
};