[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH for-4.1 1/2] crypto: switch to modern nettle AES
From: |
Alex Bennée |
Subject: |
Re: [Qemu-devel] [PATCH for-4.1 1/2] crypto: switch to modern nettle AES APIs |
Date: |
Fri, 12 Jul 2019 13:09:25 +0100 |
User-agent: |
mu4e 1.3.2; emacs 26.1 |
Daniel P. Berrangé <address@hidden> writes:
> The aes_ctx struct and aes_* functions have been deprecated in nettle
> 3.5, in favour of keysize specific functions which were introduced
> first in nettle 3.0.
>
> Switch QEMU code to use the new APIs and add some backcompat defines
> such that it still builds on nettle 2.7
>
> Signed-off-by: Daniel P. Berrangé <address@hidden>
Reviewed-by: Alex Bennée <address@hidden>
Tested-by: Alex Bennée <address@hidden>
> ---
> crypto/cipher-nettle.c | 218 ++++++++++++++++++++++++++++++++++-------
> 1 file changed, 183 insertions(+), 35 deletions(-)
>
> diff --git a/crypto/cipher-nettle.c b/crypto/cipher-nettle.c
> index 3848cb3b3a..115d16dd7b 100644
> --- a/crypto/cipher-nettle.c
> +++ b/crypto/cipher-nettle.c
> @@ -42,29 +42,89 @@ typedef void * cipher_ctx_t;
> typedef unsigned cipher_length_t;
>
> #define cast5_set_key cast128_set_key
> +
> +#define aes128_ctx aes_ctx
> +#define aes192_ctx aes_ctx
> +#define aes256_ctx aes_ctx
> +#define aes128_set_encrypt_key(c, k) \
> + aes_set_encrypt_key(c, 16, k)
> +#define aes192_set_encrypt_key(c, k) \
> + aes_set_encrypt_key(c, 24, k)
> +#define aes256_set_encrypt_key(c, k) \
> + aes_set_encrypt_key(c, 32, k)
> +#define aes128_set_decrypt_key(c, k) \
> + aes_set_decrypt_key(c, 16, k)
> +#define aes192_set_decrypt_key(c, k) \
> + aes_set_decrypt_key(c, 24, k)
> +#define aes256_set_decrypt_key(c, k) \
> + aes_set_decrypt_key(c, 32, k)
> +#define aes128_encrypt aes_encrypt
> +#define aes192_encrypt aes_encrypt
> +#define aes256_encrypt aes_encrypt
> +#define aes128_decrypt aes_decrypt
> +#define aes192_decrypt aes_decrypt
> +#define aes256_decrypt aes_decrypt
> #else
> typedef nettle_cipher_func * QCryptoCipherNettleFuncNative;
> typedef const void * cipher_ctx_t;
> typedef size_t cipher_length_t;
> #endif
>
> -typedef struct QCryptoNettleAES {
> - struct aes_ctx enc;
> - struct aes_ctx dec;
> -} QCryptoNettleAES;
> +typedef struct QCryptoNettleAES128 {
> + struct aes128_ctx enc;
> + struct aes128_ctx dec;
> +} QCryptoNettleAES128;
> +
> +typedef struct QCryptoNettleAES192 {
> + struct aes192_ctx enc;
> + struct aes192_ctx dec;
> +} QCryptoNettleAES192;
> +
> +typedef struct QCryptoNettleAES256 {
> + struct aes256_ctx enc;
> + struct aes256_ctx dec;
> +} QCryptoNettleAES256;
> +
> +static void aes128_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
> + uint8_t *dst, const uint8_t *src)
> +{
> + const QCryptoNettleAES128 *aesctx = ctx;
> + aes128_encrypt(&aesctx->enc, length, dst, src);
> +}
> +
> +static void aes128_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
> + uint8_t *dst, const uint8_t *src)
> +{
> + const QCryptoNettleAES128 *aesctx = ctx;
> + aes128_decrypt(&aesctx->dec, length, dst, src);
> +}
> +
> +static void aes192_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
> + uint8_t *dst, const uint8_t *src)
> +{
> + const QCryptoNettleAES192 *aesctx = ctx;
> + aes192_encrypt(&aesctx->enc, length, dst, src);
> +}
> +
> +static void aes192_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
> + uint8_t *dst, const uint8_t *src)
> +{
> + const QCryptoNettleAES192 *aesctx = ctx;
> + aes192_decrypt(&aesctx->dec, length, dst, src);
> +}
>
> -static void aes_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
> +static void aes256_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
> uint8_t *dst, const uint8_t *src)
> {
> - const QCryptoNettleAES *aesctx = ctx;
> - aes_encrypt(&aesctx->enc, length, dst, src);
> + const QCryptoNettleAES256 *aesctx = ctx;
> + aes256_encrypt(&aesctx->enc, length, dst, src);
> }
>
> -static void aes_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
> +static void aes256_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
> uint8_t *dst, const uint8_t *src)
> {
> - const QCryptoNettleAES *aesctx = ctx;
> - aes_decrypt(&aesctx->dec, length, dst, src);
> + const QCryptoNettleAES256 *aesctx = ctx;
> + aes256_decrypt(&aesctx->dec, length, dst, src);
> }
>
> static void des_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
> @@ -127,18 +187,46 @@ static void twofish_decrypt_native(cipher_ctx_t ctx,
> cipher_length_t length,
> twofish_decrypt(ctx, length, dst, src);
> }
>
> -static void aes_encrypt_wrapper(const void *ctx, size_t length,
> +static void aes128_encrypt_wrapper(const void *ctx, size_t length,
> + uint8_t *dst, const uint8_t *src)
> +{
> + const QCryptoNettleAES128 *aesctx = ctx;
> + aes128_encrypt(&aesctx->enc, length, dst, src);
> +}
> +
> +static void aes128_decrypt_wrapper(const void *ctx, size_t length,
> uint8_t *dst, const uint8_t *src)
> {
> - const QCryptoNettleAES *aesctx = ctx;
> - aes_encrypt(&aesctx->enc, length, dst, src);
> + const QCryptoNettleAES128 *aesctx = ctx;
> + aes128_decrypt(&aesctx->dec, length, dst, src);
> }
>
> -static void aes_decrypt_wrapper(const void *ctx, size_t length,
> +static void aes192_encrypt_wrapper(const void *ctx, size_t length,
> uint8_t *dst, const uint8_t *src)
> {
> - const QCryptoNettleAES *aesctx = ctx;
> - aes_decrypt(&aesctx->dec, length, dst, src);
> + const QCryptoNettleAES192 *aesctx = ctx;
> + aes192_encrypt(&aesctx->enc, length, dst, src);
> +}
> +
> +static void aes192_decrypt_wrapper(const void *ctx, size_t length,
> + uint8_t *dst, const uint8_t *src)
> +{
> + const QCryptoNettleAES192 *aesctx = ctx;
> + aes192_decrypt(&aesctx->dec, length, dst, src);
> +}
> +
> +static void aes256_encrypt_wrapper(const void *ctx, size_t length,
> + uint8_t *dst, const uint8_t *src)
> +{
> + const QCryptoNettleAES256 *aesctx = ctx;
> + aes256_encrypt(&aesctx->enc, length, dst, src);
> +}
> +
> +static void aes256_decrypt_wrapper(const void *ctx, size_t length,
> + uint8_t *dst, const uint8_t *src)
> +{
> + const QCryptoNettleAES256 *aesctx = ctx;
> + aes256_decrypt(&aesctx->dec, length, dst, src);
> }
>
> static void des_encrypt_wrapper(const void *ctx, size_t length,
> @@ -319,34 +407,94 @@ static QCryptoCipherNettle
> *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg,
> break;
>
> case QCRYPTO_CIPHER_ALG_AES_128:
> + ctx->ctx = g_new0(QCryptoNettleAES128, 1);
> +
> + if (mode == QCRYPTO_CIPHER_MODE_XTS) {
> + ctx->ctx_tweak = g_new0(QCryptoNettleAES128, 1);
> +
> + nkey /= 2;
> + aes128_set_encrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->enc,
> + key);
> + aes128_set_decrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->dec,
> + key);
> +
> + aes128_set_encrypt_key(&((QCryptoNettleAES128 *)ctx->ctx_tweak)->
> + enc, key + nkey);
> + aes128_set_decrypt_key(&((QCryptoNettleAES128 *)ctx->ctx_tweak)->
> + dec, key + nkey);
> + } else {
> + aes128_set_encrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->enc,
> + key);
> + aes128_set_decrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->dec,
> + key);
> + }
> +
> + ctx->alg_encrypt_native = aes128_encrypt_native;
> + ctx->alg_decrypt_native = aes128_decrypt_native;
> + ctx->alg_encrypt_wrapper = aes128_encrypt_wrapper;
> + ctx->alg_decrypt_wrapper = aes128_decrypt_wrapper;
> +
> + ctx->blocksize = AES_BLOCK_SIZE;
> + break;
> +
> case QCRYPTO_CIPHER_ALG_AES_192:
> + ctx->ctx = g_new0(QCryptoNettleAES192, 1);
> +
> + if (mode == QCRYPTO_CIPHER_MODE_XTS) {
> + ctx->ctx_tweak = g_new0(QCryptoNettleAES192, 1);
> +
> + nkey /= 2;
> + aes192_set_encrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->enc,
> + key);
> + aes192_set_decrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->dec,
> + key);
> +
> + aes192_set_encrypt_key(&((QCryptoNettleAES192 *)ctx->ctx_tweak)->
> + enc, key + nkey);
> + aes192_set_decrypt_key(&((QCryptoNettleAES192 *)ctx->ctx_tweak)->
> + dec, key + nkey);
> + } else {
> + aes192_set_encrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->enc,
> + key);
> + aes192_set_decrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->dec,
> + key);
> + }
> +
> + ctx->alg_encrypt_native = aes192_encrypt_native;
> + ctx->alg_decrypt_native = aes192_decrypt_native;
> + ctx->alg_encrypt_wrapper = aes192_encrypt_wrapper;
> + ctx->alg_decrypt_wrapper = aes192_decrypt_wrapper;
> +
> + ctx->blocksize = AES_BLOCK_SIZE;
> + break;
> +
> case QCRYPTO_CIPHER_ALG_AES_256:
> - ctx->ctx = g_new0(QCryptoNettleAES, 1);
> + ctx->ctx = g_new0(QCryptoNettleAES256, 1);
>
> if (mode == QCRYPTO_CIPHER_MODE_XTS) {
> - ctx->ctx_tweak = g_new0(QCryptoNettleAES, 1);
> + ctx->ctx_tweak = g_new0(QCryptoNettleAES256, 1);
>
> nkey /= 2;
> - aes_set_encrypt_key(&((QCryptoNettleAES *)ctx->ctx)->enc,
> - nkey, key);
> - aes_set_decrypt_key(&((QCryptoNettleAES *)ctx->ctx)->dec,
> - nkey, key);
> -
> - aes_set_encrypt_key(&((QCryptoNettleAES *)ctx->ctx_tweak)->enc,
> - nkey, key + nkey);
> - aes_set_decrypt_key(&((QCryptoNettleAES *)ctx->ctx_tweak)->dec,
> - nkey, key + nkey);
> + aes256_set_encrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->enc,
> + key);
> + aes256_set_decrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->dec,
> + key);
> +
> + aes256_set_encrypt_key(&((QCryptoNettleAES256 *)ctx->ctx_tweak)->
> + enc, key + nkey);
> + aes256_set_decrypt_key(&((QCryptoNettleAES256 *)ctx->ctx_tweak)->
> + dec, key + nkey);
> } else {
> - aes_set_encrypt_key(&((QCryptoNettleAES *)ctx->ctx)->enc,
> - nkey, key);
> - aes_set_decrypt_key(&((QCryptoNettleAES *)ctx->ctx)->dec,
> - nkey, key);
> + aes256_set_encrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->enc,
> + key);
> + aes256_set_decrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->dec,
> + key);
> }
>
> - ctx->alg_encrypt_native = aes_encrypt_native;
> - ctx->alg_decrypt_native = aes_decrypt_native;
> - ctx->alg_encrypt_wrapper = aes_encrypt_wrapper;
> - ctx->alg_decrypt_wrapper = aes_decrypt_wrapper;
> + ctx->alg_encrypt_native = aes256_encrypt_native;
> + ctx->alg_decrypt_native = aes256_decrypt_native;
> + ctx->alg_encrypt_wrapper = aes256_encrypt_wrapper;
> + ctx->alg_decrypt_wrapper = aes256_decrypt_wrapper;
>
> ctx->blocksize = AES_BLOCK_SIZE;
> break;
--
Alex Bennée