From patchwork Mon Mar 21 10:07:16 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 8631301 Return-Path: X-Original-To: patchwork-qemu-devel@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 06FE6C0553 for ; Mon, 21 Mar 2016 10:14:43 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 116BD2021B for ; Mon, 21 Mar 2016 10:14:42 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id E55F82022D for ; Mon, 21 Mar 2016 10:14:40 +0000 (UTC) Received: from localhost ([::1]:56720 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ahwrA-00040h-9n for patchwork-qemu-devel@patchwork.kernel.org; Mon, 21 Mar 2016 06:14:40 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:38055) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ahwkB-0008RJ-F7 for qemu-devel@nongnu.org; Mon, 21 Mar 2016 06:07:31 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ahwk9-0006H6-AC for qemu-devel@nongnu.org; Mon, 21 Mar 2016 06:07:27 -0400 Received: from mx1.redhat.com ([209.132.183.28]:44836) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ahwk9-0006Gz-2n for qemu-devel@nongnu.org; Mon, 21 Mar 2016 06:07:25 -0400 Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) by mx1.redhat.com (Postfix) with ESMTPS id C853D112D2A; Mon, 21 Mar 2016 10:07:24 +0000 (UTC) Received: from t530wlan.home.berrange.com.com (vpn1-7-230.ams2.redhat.com [10.36.7.230]) by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u2LA7LFq009340; Mon, 21 Mar 2016 06:07:23 -0400 From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Mon, 21 Mar 2016 10:07:16 +0000 Message-Id: <1458554836-8864-3-git-send-email-berrange@redhat.com> In-Reply-To: <1458554836-8864-1-git-send-email-berrange@redhat.com> References: <1458554836-8864-1-git-send-email-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.24 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Mon, 21 Mar 2016 10:07:24 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Cc: Peter Maydell Subject: [Qemu-devel] [PULL v1 2/2] crypto: fix cipher function signature mismatch with nettle & xts X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP For versions of nettle < 3.0.0, the cipher functions took a 'void *ctx' and 'unsigned len' instad of 'const void *ctx' and 'size_t len'. The xts functions though are builtin to QEMU and always expect the latter signatures. Define a second set of wrappers to use with the correct signatures needed by XTS mode. Signed-off-by: Daniel P. Berrange --- crypto/cipher-nettle.c | 144 +++++++++++++++++++++++++++++++++++++------------ 1 file changed, 109 insertions(+), 35 deletions(-) diff --git a/crypto/cipher-nettle.c b/crypto/cipher-nettle.c index bec4f1c..70909fb 100644 --- a/crypto/cipher-nettle.c +++ b/crypto/cipher-nettle.c @@ -29,85 +29,147 @@ #include #include -#if CONFIG_NETTLE_VERSION_MAJOR < 3 -typedef nettle_crypt_func nettle_cipher_func; +typedef void (*QCryptoCipherNettleFuncWrapper)(const void *ctx, + size_t length, + uint8_t *dst, + const uint8_t *src); +#if CONFIG_NETTLE_VERSION_MAJOR < 3 +typedef nettle_crypt_func * QCryptoCipherNettleFuncNative; typedef void * cipher_ctx_t; typedef unsigned cipher_length_t; #define cast5_set_key cast128_set_key #else +typedef nettle_cipher_func * QCryptoCipherNettleFuncNative; typedef const void * cipher_ctx_t; typedef size_t cipher_length_t; #endif -static nettle_cipher_func aes_encrypt_wrapper; -static nettle_cipher_func aes_decrypt_wrapper; -static nettle_cipher_func des_encrypt_wrapper; -static nettle_cipher_func des_decrypt_wrapper; - typedef struct QCryptoNettleAES { struct aes_ctx enc; struct aes_ctx dec; } QCryptoNettleAES; -static void aes_encrypt_wrapper(cipher_ctx_t ctx, cipher_length_t length, +static void aes_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, + uint8_t *dst, const uint8_t *src) +{ + const QCryptoNettleAES *aesctx = ctx; + aes_encrypt(&aesctx->enc, length, dst, src); +} + +static void aes_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, + uint8_t *dst, const uint8_t *src) +{ + const QCryptoNettleAES *aesctx = ctx; + aes_decrypt(&aesctx->dec, length, dst, src); +} + +static void des_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, + uint8_t *dst, const uint8_t *src) +{ + des_encrypt(ctx, length, dst, src); +} + +static void des_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, + uint8_t *dst, const uint8_t *src) +{ + des_decrypt(ctx, length, dst, src); +} + +static void cast128_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, + uint8_t *dst, const uint8_t *src) +{ + cast128_encrypt(ctx, length, dst, src); +} + +static void cast128_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, + uint8_t *dst, const uint8_t *src) +{ + cast128_decrypt(ctx, length, dst, src); +} + +static void serpent_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, + uint8_t *dst, const uint8_t *src) +{ + serpent_encrypt(ctx, length, dst, src); +} + +static void serpent_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, + uint8_t *dst, const uint8_t *src) +{ + serpent_decrypt(ctx, length, dst, src); +} + +static void twofish_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, + uint8_t *dst, const uint8_t *src) +{ + twofish_encrypt(ctx, length, dst, src); +} + +static void twofish_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, + uint8_t *dst, const uint8_t *src) +{ + twofish_decrypt(ctx, length, dst, src); +} + +static void aes_encrypt_wrapper(const void *ctx, size_t length, uint8_t *dst, const uint8_t *src) { const QCryptoNettleAES *aesctx = ctx; aes_encrypt(&aesctx->enc, length, dst, src); } -static void aes_decrypt_wrapper(cipher_ctx_t ctx, cipher_length_t length, +static void aes_decrypt_wrapper(const void *ctx, size_t length, uint8_t *dst, const uint8_t *src) { const QCryptoNettleAES *aesctx = ctx; aes_decrypt(&aesctx->dec, length, dst, src); } -static void des_encrypt_wrapper(cipher_ctx_t ctx, cipher_length_t length, +static void des_encrypt_wrapper(const void *ctx, size_t length, uint8_t *dst, const uint8_t *src) { des_encrypt(ctx, length, dst, src); } -static void des_decrypt_wrapper(cipher_ctx_t ctx, cipher_length_t length, +static void des_decrypt_wrapper(const void *ctx, size_t length, uint8_t *dst, const uint8_t *src) { des_decrypt(ctx, length, dst, src); } -static void cast128_encrypt_wrapper(cipher_ctx_t ctx, cipher_length_t length, +static void cast128_encrypt_wrapper(const void *ctx, size_t length, uint8_t *dst, const uint8_t *src) { cast128_encrypt(ctx, length, dst, src); } -static void cast128_decrypt_wrapper(cipher_ctx_t ctx, cipher_length_t length, +static void cast128_decrypt_wrapper(const void *ctx, size_t length, uint8_t *dst, const uint8_t *src) { cast128_decrypt(ctx, length, dst, src); } -static void serpent_encrypt_wrapper(cipher_ctx_t ctx, cipher_length_t length, +static void serpent_encrypt_wrapper(const void *ctx, size_t length, uint8_t *dst, const uint8_t *src) { serpent_encrypt(ctx, length, dst, src); } -static void serpent_decrypt_wrapper(cipher_ctx_t ctx, cipher_length_t length, +static void serpent_decrypt_wrapper(const void *ctx, size_t length, uint8_t *dst, const uint8_t *src) { serpent_decrypt(ctx, length, dst, src); } -static void twofish_encrypt_wrapper(cipher_ctx_t ctx, cipher_length_t length, +static void twofish_encrypt_wrapper(const void *ctx, size_t length, uint8_t *dst, const uint8_t *src) { twofish_encrypt(ctx, length, dst, src); } -static void twofish_decrypt_wrapper(cipher_ctx_t ctx, cipher_length_t length, +static void twofish_decrypt_wrapper(const void *ctx, size_t length, uint8_t *dst, const uint8_t *src) { twofish_decrypt(ctx, length, dst, src); @@ -120,8 +182,10 @@ struct QCryptoCipherNettle { /* Second cipher context for XTS mode only */ void *ctx_tweak; /* Cipher callbacks for both contexts */ - nettle_cipher_func *alg_encrypt; - nettle_cipher_func *alg_decrypt; + QCryptoCipherNettleFuncNative alg_encrypt_native; + QCryptoCipherNettleFuncNative alg_decrypt_native; + QCryptoCipherNettleFuncWrapper alg_encrypt_wrapper; + QCryptoCipherNettleFuncWrapper alg_decrypt_wrapper; uint8_t *iv; size_t blocksize; @@ -184,8 +248,10 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg, des_set_key(ctx->ctx, rfbkey); g_free(rfbkey); - ctx->alg_encrypt = des_encrypt_wrapper; - ctx->alg_decrypt = des_decrypt_wrapper; + ctx->alg_encrypt_native = des_encrypt_native; + ctx->alg_decrypt_native = des_decrypt_native; + ctx->alg_encrypt_wrapper = des_encrypt_wrapper; + ctx->alg_decrypt_wrapper = des_decrypt_wrapper; ctx->blocksize = DES_BLOCK_SIZE; break; @@ -215,8 +281,10 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg, nkey, key); } - ctx->alg_encrypt = aes_encrypt_wrapper; - ctx->alg_decrypt = aes_decrypt_wrapper; + ctx->alg_encrypt_native = aes_encrypt_native; + ctx->alg_decrypt_native = aes_decrypt_native; + ctx->alg_encrypt_wrapper = aes_encrypt_wrapper; + ctx->alg_decrypt_wrapper = aes_decrypt_wrapper; ctx->blocksize = AES_BLOCK_SIZE; break; @@ -234,8 +302,10 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg, cast5_set_key(ctx->ctx, nkey, key); } - ctx->alg_encrypt = cast128_encrypt_wrapper; - ctx->alg_decrypt = cast128_decrypt_wrapper; + ctx->alg_encrypt_native = cast128_encrypt_native; + ctx->alg_decrypt_native = cast128_decrypt_native; + ctx->alg_encrypt_wrapper = cast128_encrypt_wrapper; + ctx->alg_decrypt_wrapper = cast128_decrypt_wrapper; ctx->blocksize = CAST128_BLOCK_SIZE; break; @@ -255,8 +325,10 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg, serpent_set_key(ctx->ctx, nkey, key); } - ctx->alg_encrypt = serpent_encrypt_wrapper; - ctx->alg_decrypt = serpent_decrypt_wrapper; + ctx->alg_encrypt_native = serpent_encrypt_native; + ctx->alg_decrypt_native = serpent_decrypt_native; + ctx->alg_encrypt_wrapper = serpent_encrypt_wrapper; + ctx->alg_decrypt_wrapper = serpent_decrypt_wrapper; ctx->blocksize = SERPENT_BLOCK_SIZE; break; @@ -276,8 +348,10 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg, twofish_set_key(ctx->ctx, nkey, key); } - ctx->alg_encrypt = twofish_encrypt_wrapper; - ctx->alg_decrypt = twofish_decrypt_wrapper; + ctx->alg_encrypt_native = twofish_encrypt_native; + ctx->alg_decrypt_native = twofish_decrypt_native; + ctx->alg_encrypt_wrapper = twofish_encrypt_wrapper; + ctx->alg_decrypt_wrapper = twofish_decrypt_wrapper; ctx->blocksize = TWOFISH_BLOCK_SIZE; break; @@ -332,18 +406,18 @@ int qcrypto_cipher_encrypt(QCryptoCipher *cipher, switch (cipher->mode) { case QCRYPTO_CIPHER_MODE_ECB: - ctx->alg_encrypt(ctx->ctx, len, out, in); + ctx->alg_encrypt_wrapper(ctx->ctx, len, out, in); break; case QCRYPTO_CIPHER_MODE_CBC: - cbc_encrypt(ctx->ctx, ctx->alg_encrypt, + cbc_encrypt(ctx->ctx, ctx->alg_encrypt_native, ctx->blocksize, ctx->iv, len, out, in); break; case QCRYPTO_CIPHER_MODE_XTS: xts_encrypt(ctx->ctx, ctx->ctx_tweak, - ctx->alg_encrypt, ctx->alg_encrypt, + ctx->alg_encrypt_wrapper, ctx->alg_encrypt_wrapper, ctx->iv, len, out, in); break; @@ -372,11 +446,11 @@ int qcrypto_cipher_decrypt(QCryptoCipher *cipher, switch (cipher->mode) { case QCRYPTO_CIPHER_MODE_ECB: - ctx->alg_decrypt(ctx->ctx, len, out, in); + ctx->alg_decrypt_wrapper(ctx->ctx, len, out, in); break; case QCRYPTO_CIPHER_MODE_CBC: - cbc_decrypt(ctx->ctx, ctx->alg_decrypt, + cbc_decrypt(ctx->ctx, ctx->alg_decrypt_native, ctx->blocksize, ctx->iv, len, out, in); break; @@ -388,7 +462,7 @@ int qcrypto_cipher_decrypt(QCryptoCipher *cipher, return -1; } xts_decrypt(ctx->ctx, ctx->ctx_tweak, - ctx->alg_encrypt, ctx->alg_decrypt, + ctx->alg_encrypt_wrapper, ctx->alg_decrypt_wrapper, ctx->iv, len, out, in); break;