From: "Daniel P. Berrange" <berrange@redhat.com>
To: qemu-devel@nongnu.org
Cc: Fam Zheng <famz@redhat.com>, qemu-block@nongnu.org
Subject: [Qemu-devel] [PATCH v4 10/26] crypto: refactor code for dealing with AES cipher
Date: Mon, 29 Feb 2016 12:00:45 +0000 [thread overview]
Message-ID: <1456747261-22032-11-git-send-email-berrange@redhat.com> (raw)
In-Reply-To: <1456747261-22032-1-git-send-email-berrange@redhat.com>
The built-in and nettle cipher backends for AES maintain
two separate AES contexts, one for encryption and one for
decryption. This is going to be inconvenient for the future
code dealing with XTS, so wrap them up in a single struct
so there is just one pointer to pass around for both
encryptin and decryption.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
crypto/cipher-builtin.c | 126 ++++++++++++++++++++++++++++++------------------
crypto/cipher-nettle.c | 57 +++++++++++-----------
2 files changed, 109 insertions(+), 74 deletions(-)
diff --git a/crypto/cipher-builtin.c b/crypto/cipher-builtin.c
index 138b7a0..836ed1a 100644
--- a/crypto/cipher-builtin.c
+++ b/crypto/cipher-builtin.c
@@ -22,10 +22,14 @@
#include "crypto/aes.h"
#include "crypto/desrfb.h"
+typedef struct QCryptoCipherBuiltinAESContext QCryptoCipherBuiltinAESContext;
+struct QCryptoCipherBuiltinAESContext {
+ AES_KEY enc;
+ AES_KEY dec;
+};
typedef struct QCryptoCipherBuiltinAES QCryptoCipherBuiltinAES;
struct QCryptoCipherBuiltinAES {
- AES_KEY encrypt_key;
- AES_KEY decrypt_key;
+ QCryptoCipherBuiltinAESContext key;
uint8_t iv[AES_BLOCK_SIZE];
};
typedef struct QCryptoCipherBuiltinDESRFB QCryptoCipherBuiltinDESRFB;
@@ -67,6 +71,58 @@ static void qcrypto_cipher_free_aes(QCryptoCipher *cipher)
}
+static void qcrypto_cipher_aes_ecb_encrypt(AES_KEY *key,
+ const void *in,
+ void *out,
+ size_t len)
+{
+ const uint8_t *inptr = in;
+ uint8_t *outptr = out;
+ while (len) {
+ if (len > AES_BLOCK_SIZE) {
+ AES_encrypt(inptr, outptr, key);
+ inptr += AES_BLOCK_SIZE;
+ outptr += AES_BLOCK_SIZE;
+ len -= AES_BLOCK_SIZE;
+ } else {
+ uint8_t tmp1[AES_BLOCK_SIZE], tmp2[AES_BLOCK_SIZE];
+ memcpy(tmp1, inptr, len);
+ /* Fill with 0 to avoid valgrind uninitialized reads */
+ memset(tmp1 + len, 0, sizeof(tmp1) - len);
+ AES_encrypt(tmp1, tmp2, key);
+ memcpy(outptr, tmp2, len);
+ len = 0;
+ }
+ }
+}
+
+
+static void qcrypto_cipher_aes_ecb_decrypt(AES_KEY *key,
+ const void *in,
+ void *out,
+ size_t len)
+{
+ const uint8_t *inptr = in;
+ uint8_t *outptr = out;
+ while (len) {
+ if (len > AES_BLOCK_SIZE) {
+ AES_decrypt(inptr, outptr, key);
+ inptr += AES_BLOCK_SIZE;
+ outptr += AES_BLOCK_SIZE;
+ len -= AES_BLOCK_SIZE;
+ } else {
+ uint8_t tmp1[AES_BLOCK_SIZE], tmp2[AES_BLOCK_SIZE];
+ memcpy(tmp1, inptr, len);
+ /* Fill with 0 to avoid valgrind uninitialized reads */
+ memset(tmp1 + len, 0, sizeof(tmp1) - len);
+ AES_decrypt(tmp1, tmp2, key);
+ memcpy(outptr, tmp2, len);
+ len = 0;
+ }
+ }
+}
+
+
static int qcrypto_cipher_encrypt_aes(QCryptoCipher *cipher,
const void *in,
void *out,
@@ -75,29 +131,18 @@ static int qcrypto_cipher_encrypt_aes(QCryptoCipher *cipher,
{
QCryptoCipherBuiltin *ctxt = cipher->opaque;
- if (cipher->mode == QCRYPTO_CIPHER_MODE_ECB) {
- const uint8_t *inptr = in;
- uint8_t *outptr = out;
- while (len) {
- if (len > AES_BLOCK_SIZE) {
- AES_encrypt(inptr, outptr, &ctxt->state.aes.encrypt_key);
- inptr += AES_BLOCK_SIZE;
- outptr += AES_BLOCK_SIZE;
- len -= AES_BLOCK_SIZE;
- } else {
- uint8_t tmp1[AES_BLOCK_SIZE], tmp2[AES_BLOCK_SIZE];
- memcpy(tmp1, inptr, len);
- /* Fill with 0 to avoid valgrind uninitialized reads */
- memset(tmp1 + len, 0, sizeof(tmp1) - len);
- AES_encrypt(tmp1, tmp2, &ctxt->state.aes.encrypt_key);
- memcpy(outptr, tmp2, len);
- len = 0;
- }
- }
- } else {
+ switch (cipher->mode) {
+ case QCRYPTO_CIPHER_MODE_ECB:
+ qcrypto_cipher_aes_ecb_encrypt(&ctxt->state.aes.key.enc,
+ in, out, len);
+ break;
+ case QCRYPTO_CIPHER_MODE_CBC:
AES_cbc_encrypt(in, out, len,
- &ctxt->state.aes.encrypt_key,
+ &ctxt->state.aes.key.enc,
ctxt->state.aes.iv, 1);
+ break;
+ default:
+ g_assert_not_reached();
}
return 0;
@@ -112,29 +157,18 @@ static int qcrypto_cipher_decrypt_aes(QCryptoCipher *cipher,
{
QCryptoCipherBuiltin *ctxt = cipher->opaque;
- if (cipher->mode == QCRYPTO_CIPHER_MODE_ECB) {
- const uint8_t *inptr = in;
- uint8_t *outptr = out;
- while (len) {
- if (len > AES_BLOCK_SIZE) {
- AES_decrypt(inptr, outptr, &ctxt->state.aes.decrypt_key);
- inptr += AES_BLOCK_SIZE;
- outptr += AES_BLOCK_SIZE;
- len -= AES_BLOCK_SIZE;
- } else {
- uint8_t tmp1[AES_BLOCK_SIZE], tmp2[AES_BLOCK_SIZE];
- memcpy(tmp1, inptr, len);
- /* Fill with 0 to avoid valgrind uninitialized reads */
- memset(tmp1 + len, 0, sizeof(tmp1) - len);
- AES_decrypt(tmp1, tmp2, &ctxt->state.aes.decrypt_key);
- memcpy(outptr, tmp2, len);
- len = 0;
- }
- }
- } else {
+ switch (cipher->mode) {
+ case QCRYPTO_CIPHER_MODE_ECB:
+ qcrypto_cipher_aes_ecb_decrypt(&ctxt->state.aes.key.dec,
+ in, out, len);
+ break;
+ case QCRYPTO_CIPHER_MODE_CBC:
AES_cbc_encrypt(in, out, len,
- &ctxt->state.aes.decrypt_key,
+ &ctxt->state.aes.key.dec,
ctxt->state.aes.iv, 0);
+ break;
+ default:
+ g_assert_not_reached();
}
return 0;
@@ -173,12 +207,12 @@ static int qcrypto_cipher_init_aes(QCryptoCipher *cipher,
ctxt = g_new0(QCryptoCipherBuiltin, 1);
- if (AES_set_encrypt_key(key, nkey * 8, &ctxt->state.aes.encrypt_key) != 0) {
+ if (AES_set_encrypt_key(key, nkey * 8, &ctxt->state.aes.key.enc) != 0) {
error_setg(errp, "Failed to set encryption key");
goto error;
}
- if (AES_set_decrypt_key(key, nkey * 8, &ctxt->state.aes.decrypt_key) != 0) {
+ if (AES_set_decrypt_key(key, nkey * 8, &ctxt->state.aes.key.dec) != 0) {
error_setg(errp, "Failed to set decryption key");
goto error;
}
diff --git a/crypto/cipher-nettle.c b/crypto/cipher-nettle.c
index 9b057fd..ed08782 100644
--- a/crypto/cipher-nettle.c
+++ b/crypto/cipher-nettle.c
@@ -42,16 +42,23 @@ static nettle_cipher_func aes_decrypt_wrapper;
static nettle_cipher_func des_encrypt_wrapper;
static nettle_cipher_func des_decrypt_wrapper;
+typedef struct QCryptoNettleAES {
+ struct aes_ctx enc;
+ struct aes_ctx dec;
+} QCryptoNettleAES;
+
static void aes_encrypt_wrapper(cipher_ctx_t ctx, cipher_length_t length,
uint8_t *dst, const uint8_t *src)
{
- aes_encrypt(ctx, length, dst, src);
+ const QCryptoNettleAES *aesctx = ctx;
+ aes_encrypt(&aesctx->enc, length, dst, src);
}
static void aes_decrypt_wrapper(cipher_ctx_t ctx, cipher_length_t length,
uint8_t *dst, const uint8_t *src)
{
- aes_decrypt(ctx, length, dst, src);
+ const QCryptoNettleAES *aesctx = ctx;
+ aes_decrypt(&aesctx->dec, length, dst, src);
}
static void des_encrypt_wrapper(cipher_ctx_t ctx, cipher_length_t length,
@@ -104,8 +111,7 @@ static void twofish_decrypt_wrapper(cipher_ctx_t ctx, cipher_length_t length,
typedef struct QCryptoCipherNettle QCryptoCipherNettle;
struct QCryptoCipherNettle {
- void *ctx_encrypt;
- void *ctx_decrypt;
+ void *ctx;
nettle_cipher_func *alg_encrypt;
nettle_cipher_func *alg_decrypt;
uint8_t *iv;
@@ -163,10 +169,9 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
switch (alg) {
case QCRYPTO_CIPHER_ALG_DES_RFB:
- ctx->ctx_encrypt = g_new0(struct des_ctx, 1);
- ctx->ctx_decrypt = NULL; /* 1 ctx can do both */
+ ctx->ctx = g_new0(struct des_ctx, 1);
rfbkey = qcrypto_cipher_munge_des_rfb_key(key, nkey);
- des_set_key(ctx->ctx_encrypt, rfbkey);
+ des_set_key(ctx->ctx, rfbkey);
g_free(rfbkey);
ctx->alg_encrypt = des_encrypt_wrapper;
@@ -178,11 +183,10 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
case QCRYPTO_CIPHER_ALG_AES_128:
case QCRYPTO_CIPHER_ALG_AES_192:
case QCRYPTO_CIPHER_ALG_AES_256:
- ctx->ctx_encrypt = g_new0(struct aes_ctx, 1);
- ctx->ctx_decrypt = g_new0(struct aes_ctx, 1);
+ ctx->ctx = g_new0(QCryptoNettleAES, 1);
- aes_set_encrypt_key(ctx->ctx_encrypt, nkey, key);
- aes_set_decrypt_key(ctx->ctx_decrypt, nkey, key);
+ aes_set_encrypt_key(&((QCryptoNettleAES *)ctx->ctx)->enc, nkey, key);
+ aes_set_decrypt_key(&((QCryptoNettleAES *)ctx->ctx)->dec, nkey, key);
ctx->alg_encrypt = aes_encrypt_wrapper;
ctx->alg_decrypt = aes_decrypt_wrapper;
@@ -191,10 +195,9 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
break;
case QCRYPTO_CIPHER_ALG_CAST5_128:
- ctx->ctx_encrypt = g_new0(struct cast128_ctx, 1);
- ctx->ctx_decrypt = NULL; /* 1 ctx can do both */
+ ctx->ctx = g_new0(struct cast128_ctx, 1);
- cast5_set_key(ctx->ctx_encrypt, nkey, key);
+ cast5_set_key(ctx->ctx, nkey, key);
ctx->alg_encrypt = cast128_encrypt_wrapper;
ctx->alg_decrypt = cast128_decrypt_wrapper;
@@ -205,10 +208,9 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
case QCRYPTO_CIPHER_ALG_SERPENT_128:
case QCRYPTO_CIPHER_ALG_SERPENT_192:
case QCRYPTO_CIPHER_ALG_SERPENT_256:
- ctx->ctx_encrypt = g_new0(struct serpent_ctx, 1);
- ctx->ctx_decrypt = NULL; /* 1 ctx can do both */
+ ctx->ctx = g_new0(struct serpent_ctx, 1);
- serpent_set_key(ctx->ctx_encrypt, nkey, key);
+ serpent_set_key(ctx->ctx, nkey, key);
ctx->alg_encrypt = serpent_encrypt_wrapper;
ctx->alg_decrypt = serpent_decrypt_wrapper;
@@ -219,10 +221,9 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
case QCRYPTO_CIPHER_ALG_TWOFISH_128:
case QCRYPTO_CIPHER_ALG_TWOFISH_192:
case QCRYPTO_CIPHER_ALG_TWOFISH_256:
- ctx->ctx_encrypt = g_new0(struct twofish_ctx, 1);
- ctx->ctx_decrypt = NULL; /* 1 ctx can do both */
+ ctx->ctx = g_new0(struct twofish_ctx, 1);
- twofish_set_key(ctx->ctx_encrypt, nkey, key);
+ twofish_set_key(ctx->ctx, nkey, key);
ctx->alg_encrypt = twofish_encrypt_wrapper;
ctx->alg_decrypt = twofish_decrypt_wrapper;
@@ -257,8 +258,7 @@ void qcrypto_cipher_free(QCryptoCipher *cipher)
ctx = cipher->opaque;
g_free(ctx->iv);
- g_free(ctx->ctx_encrypt);
- g_free(ctx->ctx_decrypt);
+ g_free(ctx->ctx);
g_free(ctx);
g_free(cipher);
}
@@ -280,14 +280,15 @@ int qcrypto_cipher_encrypt(QCryptoCipher *cipher,
switch (cipher->mode) {
case QCRYPTO_CIPHER_MODE_ECB:
- ctx->alg_encrypt(ctx->ctx_encrypt, len, out, in);
+ ctx->alg_encrypt(ctx->ctx, len, out, in);
break;
case QCRYPTO_CIPHER_MODE_CBC:
- cbc_encrypt(ctx->ctx_encrypt, ctx->alg_encrypt,
+ cbc_encrypt(ctx->ctx, ctx->alg_encrypt,
ctx->blocksize, ctx->iv,
len, out, in);
break;
+
default:
error_setg(errp, "Unsupported cipher algorithm %d",
cipher->alg);
@@ -313,15 +314,15 @@ int qcrypto_cipher_decrypt(QCryptoCipher *cipher,
switch (cipher->mode) {
case QCRYPTO_CIPHER_MODE_ECB:
- ctx->alg_decrypt(ctx->ctx_decrypt ? ctx->ctx_decrypt : ctx->ctx_encrypt,
- len, out, in);
+ ctx->alg_decrypt(ctx->ctx, len, out, in);
break;
case QCRYPTO_CIPHER_MODE_CBC:
- cbc_decrypt(ctx->ctx_decrypt ? ctx->ctx_decrypt : ctx->ctx_encrypt,
- ctx->alg_decrypt, ctx->blocksize, ctx->iv,
+ cbc_decrypt(ctx->ctx, ctx->alg_decrypt,
+ ctx->blocksize, ctx->iv,
len, out, in);
break;
+
default:
error_setg(errp, "Unsupported cipher algorithm %d",
cipher->alg);
--
2.5.0
next prev parent reply other threads:[~2016-02-29 12:01 UTC|newest]
Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-29 12:00 [Qemu-devel] [PATCH v4 00/26] Support LUKS encryption in block devices Daniel P. Berrange
2016-02-29 12:00 ` [Qemu-devel] [PATCH v4 01/26] crypto: add cryptographic random byte source Daniel P. Berrange
2016-02-29 12:00 ` [Qemu-devel] [PATCH v4 02/26] crypto: add support for PBKDF2 algorithm Daniel P. Berrange
2016-03-03 0:20 ` Eric Blake
2016-03-07 5:18 ` Fam Zheng
2016-02-29 12:00 ` [Qemu-devel] [PATCH v4 03/26] crypto: add support for generating initialization vectors Daniel P. Berrange
2016-03-03 0:31 ` Eric Blake
2016-03-03 10:49 ` Daniel P. Berrange
2016-03-07 5:39 ` Fam Zheng
2016-02-29 12:00 ` [Qemu-devel] [PATCH v4 04/26] crypto: add support for anti-forensic split algorithm Daniel P. Berrange
2016-03-03 0:41 ` Eric Blake
2016-03-07 5:51 ` Fam Zheng
2016-03-11 16:55 ` Daniel P. Berrange
2016-03-14 3:23 ` Fam Zheng
2016-02-29 12:00 ` [Qemu-devel] [PATCH v4 05/26] crypto: skip testing of unsupported cipher algorithms Daniel P. Berrange
2016-03-07 5:52 ` Fam Zheng
2016-03-11 19:10 ` Eric Blake
2016-02-29 12:00 ` [Qemu-devel] [PATCH v4 06/26] crypto: add support for the cast5-128 cipher algorithm Daniel P. Berrange
2016-03-07 5:56 ` Fam Zheng
2016-03-11 19:14 ` Eric Blake
2016-02-29 12:00 ` [Qemu-devel] [PATCH v4 07/26] crypto: add support for the serpent " Daniel P. Berrange
2016-03-07 6:05 ` Fam Zheng
2016-03-11 19:18 ` Eric Blake
2016-02-29 12:00 ` [Qemu-devel] [PATCH v4 08/26] crypto: add support for the twofish " Daniel P. Berrange
2016-03-08 6:01 ` Fam Zheng
2016-03-11 19:19 ` Eric Blake
2016-02-29 12:00 ` [Qemu-devel] [PATCH v4 09/26] crypto: import an implementation of the XTS cipher mode Daniel P. Berrange
2016-03-11 19:51 ` Eric Blake
2016-03-14 14:22 ` Daniel P. Berrange
2016-02-29 12:00 ` Daniel P. Berrange [this message]
2016-03-11 20:14 ` [Qemu-devel] [PATCH v4 10/26] crypto: refactor code for dealing with AES cipher Eric Blake
2016-02-29 12:00 ` [Qemu-devel] [PATCH v4 11/26] crypto: wire up XTS mode for cipher APIs Daniel P. Berrange
2016-03-11 20:23 ` Eric Blake
2016-02-29 12:00 ` [Qemu-devel] [PATCH v4 12/26] crypto: add block encryption framework Daniel P. Berrange
2016-03-11 20:58 ` Eric Blake
2016-02-29 12:00 ` [Qemu-devel] [PATCH v4 13/26] crypto: implement the LUKS block encryption format Daniel P. Berrange
2016-03-11 22:31 ` Eric Blake
2016-03-14 14:27 ` Daniel P. Berrange
2016-02-29 12:00 ` [Qemu-devel] [PATCH v4 14/26] block: add flag to indicate that no I/O will be performed Daniel P. Berrange
2016-02-29 12:00 ` [Qemu-devel] [PATCH v4 15/26] qemu-img/qemu-io: don't prompt for passwords if not required Daniel P. Berrange
2016-02-29 12:00 ` [Qemu-devel] [PATCH v4 16/26] tests: redirect stderr to stdout for iotests Daniel P. Berrange
2016-03-11 22:51 ` Eric Blake
2016-02-29 12:00 ` [Qemu-devel] [PATCH v4 17/26] tests: refactor python I/O tests helper main method Daniel P. Berrange
2016-03-11 22:57 ` Eric Blake
2016-02-29 12:00 ` [Qemu-devel] [PATCH v4 18/26] tests: add output filter to python I/O tests helper Daniel P. Berrange
2016-03-14 17:57 ` Eric Blake
2016-03-14 18:33 ` Daniel P. Berrange
2016-02-29 12:00 ` [Qemu-devel] [PATCH v4 19/26] block: add generic full disk encryption driver Daniel P. Berrange
2016-03-15 13:59 ` Eric Blake
2016-03-15 14:03 ` Daniel P. Berrange
2016-02-29 12:00 ` [Qemu-devel] [PATCH v4 20/26] qcow2: make qcow2_encrypt_sectors encrypt in place Daniel P. Berrange
2016-02-29 12:00 ` [Qemu-devel] [PATCH v4 21/26] qcow2: convert QCow2 to use QCryptoBlock for encryption Daniel P. Berrange
2016-02-29 12:00 ` [Qemu-devel] [PATCH v4 22/26] qcow: make encrypt_sectors encrypt in place Daniel P. Berrange
2016-02-29 12:00 ` [Qemu-devel] [PATCH v4 23/26] qcow: convert QCow to use QCryptoBlock for encryption Daniel P. Berrange
2016-02-29 12:00 ` [Qemu-devel] [PATCH v4 24/26] block: rip out all traces of password prompting Daniel P. Berrange
2016-05-12 20:35 ` Eric Blake
2016-02-29 12:01 ` [Qemu-devel] [PATCH v4 25/26] block: remove all encryption handling APIs Daniel P. Berrange
2016-02-29 12:01 ` [Qemu-devel] [PATCH v4 26/26] block: remove support for legecy AES qcow/qcow2 encryption Daniel P. Berrange
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1456747261-22032-11-git-send-email-berrange@redhat.com \
--to=berrange@redhat.com \
--cc=famz@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.