From patchwork Fri Jul 19 13:25:45 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 11050087 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 22058112C for ; Fri, 19 Jul 2019 13:26:46 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0F6A82885F for ; Fri, 19 Jul 2019 13:26:46 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 0367C28893; Fri, 19 Jul 2019 13:26:46 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 49F422885F for ; Fri, 19 Jul 2019 13:26:45 +0000 (UTC) Received: from localhost ([::1]:45214 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hoSuK-0006EP-2O for patchwork-qemu-devel@patchwork.kernel.org; Fri, 19 Jul 2019 09:26:44 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:35159) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hoStY-0002wj-Q3 for qemu-devel@nongnu.org; Fri, 19 Jul 2019 09:25:58 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hoStW-0007vH-VK for qemu-devel@nongnu.org; Fri, 19 Jul 2019 09:25:56 -0400 Received: from mx1.redhat.com ([209.132.183.28]:48552) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hoStW-0007uM-Nm for qemu-devel@nongnu.org; Fri, 19 Jul 2019 09:25:54 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 129593DBC5; Fri, 19 Jul 2019 13:25:54 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-112-48.ams2.redhat.com [10.36.112.48]) by smtp.corp.redhat.com (Postfix) with ESMTP id 9EA995D719; Fri, 19 Jul 2019 13:25:52 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Date: Fri, 19 Jul 2019 14:25:45 +0100 Message-Id: <20190719132549.14726-2-berrange@redhat.com> In-Reply-To: <20190719132549.14726-1-berrange@redhat.com> References: <20190719132549.14726-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Fri, 19 Jul 2019 13:25:54 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PULL 1/5] crypto: switch to modern nettle AES APIs X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?Alex_Benn=C3=A9e?= , =?utf-8?q?Daniel_?= =?utf-8?q?P=2E_Berrang=C3=A9?= Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP The aes_ctx struct and aes_* functions have been deprecated in nettle 3.5, in favour of keysize specific functions which were introduced first in nettle 3.0. Switch QEMU code to use the new APIs and add some backcompat defines such that it still builds on nettle 2.7 Reviewed-by: Alex Bennée Tested-by: Alex Bennée Signed-off-by: Daniel P. Berrangé --- crypto/cipher-nettle.c | 218 ++++++++++++++++++++++++++++++++++------- 1 file changed, 183 insertions(+), 35 deletions(-) diff --git a/crypto/cipher-nettle.c b/crypto/cipher-nettle.c index 3848cb3b3a..115d16dd7b 100644 --- a/crypto/cipher-nettle.c +++ b/crypto/cipher-nettle.c @@ -42,29 +42,89 @@ typedef void * cipher_ctx_t; typedef unsigned cipher_length_t; #define cast5_set_key cast128_set_key + +#define aes128_ctx aes_ctx +#define aes192_ctx aes_ctx +#define aes256_ctx aes_ctx +#define aes128_set_encrypt_key(c, k) \ + aes_set_encrypt_key(c, 16, k) +#define aes192_set_encrypt_key(c, k) \ + aes_set_encrypt_key(c, 24, k) +#define aes256_set_encrypt_key(c, k) \ + aes_set_encrypt_key(c, 32, k) +#define aes128_set_decrypt_key(c, k) \ + aes_set_decrypt_key(c, 16, k) +#define aes192_set_decrypt_key(c, k) \ + aes_set_decrypt_key(c, 24, k) +#define aes256_set_decrypt_key(c, k) \ + aes_set_decrypt_key(c, 32, k) +#define aes128_encrypt aes_encrypt +#define aes192_encrypt aes_encrypt +#define aes256_encrypt aes_encrypt +#define aes128_decrypt aes_decrypt +#define aes192_decrypt aes_decrypt +#define aes256_decrypt aes_decrypt #else typedef nettle_cipher_func * QCryptoCipherNettleFuncNative; typedef const void * cipher_ctx_t; typedef size_t cipher_length_t; #endif -typedef struct QCryptoNettleAES { - struct aes_ctx enc; - struct aes_ctx dec; -} QCryptoNettleAES; +typedef struct QCryptoNettleAES128 { + struct aes128_ctx enc; + struct aes128_ctx dec; +} QCryptoNettleAES128; + +typedef struct QCryptoNettleAES192 { + struct aes192_ctx enc; + struct aes192_ctx dec; +} QCryptoNettleAES192; + +typedef struct QCryptoNettleAES256 { + struct aes256_ctx enc; + struct aes256_ctx dec; +} QCryptoNettleAES256; + +static void aes128_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, + uint8_t *dst, const uint8_t *src) +{ + const QCryptoNettleAES128 *aesctx = ctx; + aes128_encrypt(&aesctx->enc, length, dst, src); +} + +static void aes128_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, + uint8_t *dst, const uint8_t *src) +{ + const QCryptoNettleAES128 *aesctx = ctx; + aes128_decrypt(&aesctx->dec, length, dst, src); +} + +static void aes192_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, + uint8_t *dst, const uint8_t *src) +{ + const QCryptoNettleAES192 *aesctx = ctx; + aes192_encrypt(&aesctx->enc, length, dst, src); +} + +static void aes192_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, + uint8_t *dst, const uint8_t *src) +{ + const QCryptoNettleAES192 *aesctx = ctx; + aes192_decrypt(&aesctx->dec, length, dst, src); +} -static void aes_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, +static void aes256_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, uint8_t *dst, const uint8_t *src) { - const QCryptoNettleAES *aesctx = ctx; - aes_encrypt(&aesctx->enc, length, dst, src); + const QCryptoNettleAES256 *aesctx = ctx; + aes256_encrypt(&aesctx->enc, length, dst, src); } -static void aes_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, +static void aes256_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, uint8_t *dst, const uint8_t *src) { - const QCryptoNettleAES *aesctx = ctx; - aes_decrypt(&aesctx->dec, length, dst, src); + const QCryptoNettleAES256 *aesctx = ctx; + aes256_decrypt(&aesctx->dec, length, dst, src); } static void des_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, @@ -127,18 +187,46 @@ static void twofish_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, twofish_decrypt(ctx, length, dst, src); } -static void aes_encrypt_wrapper(const void *ctx, size_t length, +static void aes128_encrypt_wrapper(const void *ctx, size_t length, + uint8_t *dst, const uint8_t *src) +{ + const QCryptoNettleAES128 *aesctx = ctx; + aes128_encrypt(&aesctx->enc, length, dst, src); +} + +static void aes128_decrypt_wrapper(const void *ctx, size_t length, uint8_t *dst, const uint8_t *src) { - const QCryptoNettleAES *aesctx = ctx; - aes_encrypt(&aesctx->enc, length, dst, src); + const QCryptoNettleAES128 *aesctx = ctx; + aes128_decrypt(&aesctx->dec, length, dst, src); } -static void aes_decrypt_wrapper(const void *ctx, size_t length, +static void aes192_encrypt_wrapper(const void *ctx, size_t length, uint8_t *dst, const uint8_t *src) { - const QCryptoNettleAES *aesctx = ctx; - aes_decrypt(&aesctx->dec, length, dst, src); + const QCryptoNettleAES192 *aesctx = ctx; + aes192_encrypt(&aesctx->enc, length, dst, src); +} + +static void aes192_decrypt_wrapper(const void *ctx, size_t length, + uint8_t *dst, const uint8_t *src) +{ + const QCryptoNettleAES192 *aesctx = ctx; + aes192_decrypt(&aesctx->dec, length, dst, src); +} + +static void aes256_encrypt_wrapper(const void *ctx, size_t length, + uint8_t *dst, const uint8_t *src) +{ + const QCryptoNettleAES256 *aesctx = ctx; + aes256_encrypt(&aesctx->enc, length, dst, src); +} + +static void aes256_decrypt_wrapper(const void *ctx, size_t length, + uint8_t *dst, const uint8_t *src) +{ + const QCryptoNettleAES256 *aesctx = ctx; + aes256_decrypt(&aesctx->dec, length, dst, src); } static void des_encrypt_wrapper(const void *ctx, size_t length, @@ -319,34 +407,94 @@ static QCryptoCipherNettle *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg, break; case QCRYPTO_CIPHER_ALG_AES_128: + ctx->ctx = g_new0(QCryptoNettleAES128, 1); + + if (mode == QCRYPTO_CIPHER_MODE_XTS) { + ctx->ctx_tweak = g_new0(QCryptoNettleAES128, 1); + + nkey /= 2; + aes128_set_encrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->enc, + key); + aes128_set_decrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->dec, + key); + + aes128_set_encrypt_key(&((QCryptoNettleAES128 *)ctx->ctx_tweak)-> + enc, key + nkey); + aes128_set_decrypt_key(&((QCryptoNettleAES128 *)ctx->ctx_tweak)-> + dec, key + nkey); + } else { + aes128_set_encrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->enc, + key); + aes128_set_decrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->dec, + key); + } + + ctx->alg_encrypt_native = aes128_encrypt_native; + ctx->alg_decrypt_native = aes128_decrypt_native; + ctx->alg_encrypt_wrapper = aes128_encrypt_wrapper; + ctx->alg_decrypt_wrapper = aes128_decrypt_wrapper; + + ctx->blocksize = AES_BLOCK_SIZE; + break; + case QCRYPTO_CIPHER_ALG_AES_192: + ctx->ctx = g_new0(QCryptoNettleAES192, 1); + + if (mode == QCRYPTO_CIPHER_MODE_XTS) { + ctx->ctx_tweak = g_new0(QCryptoNettleAES192, 1); + + nkey /= 2; + aes192_set_encrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->enc, + key); + aes192_set_decrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->dec, + key); + + aes192_set_encrypt_key(&((QCryptoNettleAES192 *)ctx->ctx_tweak)-> + enc, key + nkey); + aes192_set_decrypt_key(&((QCryptoNettleAES192 *)ctx->ctx_tweak)-> + dec, key + nkey); + } else { + aes192_set_encrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->enc, + key); + aes192_set_decrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->dec, + key); + } + + ctx->alg_encrypt_native = aes192_encrypt_native; + ctx->alg_decrypt_native = aes192_decrypt_native; + ctx->alg_encrypt_wrapper = aes192_encrypt_wrapper; + ctx->alg_decrypt_wrapper = aes192_decrypt_wrapper; + + ctx->blocksize = AES_BLOCK_SIZE; + break; + case QCRYPTO_CIPHER_ALG_AES_256: - ctx->ctx = g_new0(QCryptoNettleAES, 1); + ctx->ctx = g_new0(QCryptoNettleAES256, 1); if (mode == QCRYPTO_CIPHER_MODE_XTS) { - ctx->ctx_tweak = g_new0(QCryptoNettleAES, 1); + ctx->ctx_tweak = g_new0(QCryptoNettleAES256, 1); nkey /= 2; - aes_set_encrypt_key(&((QCryptoNettleAES *)ctx->ctx)->enc, - nkey, key); - aes_set_decrypt_key(&((QCryptoNettleAES *)ctx->ctx)->dec, - nkey, key); - - aes_set_encrypt_key(&((QCryptoNettleAES *)ctx->ctx_tweak)->enc, - nkey, key + nkey); - aes_set_decrypt_key(&((QCryptoNettleAES *)ctx->ctx_tweak)->dec, - nkey, key + nkey); + aes256_set_encrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->enc, + key); + aes256_set_decrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->dec, + key); + + aes256_set_encrypt_key(&((QCryptoNettleAES256 *)ctx->ctx_tweak)-> + enc, key + nkey); + aes256_set_decrypt_key(&((QCryptoNettleAES256 *)ctx->ctx_tweak)-> + dec, key + nkey); } else { - aes_set_encrypt_key(&((QCryptoNettleAES *)ctx->ctx)->enc, - nkey, key); - aes_set_decrypt_key(&((QCryptoNettleAES *)ctx->ctx)->dec, - nkey, key); + aes256_set_encrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->enc, + key); + aes256_set_decrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->dec, + key); } - ctx->alg_encrypt_native = aes_encrypt_native; - ctx->alg_decrypt_native = aes_decrypt_native; - ctx->alg_encrypt_wrapper = aes_encrypt_wrapper; - ctx->alg_decrypt_wrapper = aes_decrypt_wrapper; + ctx->alg_encrypt_native = aes256_encrypt_native; + ctx->alg_decrypt_native = aes256_decrypt_native; + ctx->alg_encrypt_wrapper = aes256_encrypt_wrapper; + ctx->alg_decrypt_wrapper = aes256_decrypt_wrapper; ctx->blocksize = AES_BLOCK_SIZE; break;