From: "Daniel P. Berrange" <berrange@redhat.com>
To: qemu-devel@nongnu.org
Cc: Fam Zheng <famz@redhat.com>
Subject: [Qemu-devel] [PATCH v3 11/26] crypto: wire up XTS mode for cipher APIs
Date: Mon, 15 Feb 2016 16:10:44 +0000 [thread overview]
Message-ID: <1455552659-14000-12-git-send-email-berrange@redhat.com> (raw)
In-Reply-To: <1455552659-14000-1-git-send-email-berrange@redhat.com>
Introduce 'XTS' as a permitted mode for the cipher APIs.
With XTS the key provided must be twice the size of the
key normally required for any given algorithm. This is
because the key will be split into two pieces for use
in XTS mode.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
crypto/cipher-builtin.c | 85 +++++++++++++++++++++++++---
crypto/cipher-gcrypt.c | 123 ++++++++++++++++++++++++++++++++---------
crypto/cipher-nettle.c | 79 ++++++++++++++++++++++++--
crypto/cipher.c | 27 +++++++--
qapi/crypto.json | 3 +-
tests/test-crypto-cipher.c | 134 ++++++++++++++++++++++++++++++++++++++++++++-
6 files changed, 405 insertions(+), 46 deletions(-)
diff --git a/crypto/cipher-builtin.c b/crypto/cipher-builtin.c
index 836ed1a..88963f6 100644
--- a/crypto/cipher-builtin.c
+++ b/crypto/cipher-builtin.c
@@ -21,6 +21,7 @@
#include "qemu/osdep.h"
#include "crypto/aes.h"
#include "crypto/desrfb.h"
+#include "crypto/xts.h"
typedef struct QCryptoCipherBuiltinAESContext QCryptoCipherBuiltinAESContext;
struct QCryptoCipherBuiltinAESContext {
@@ -30,6 +31,7 @@ struct QCryptoCipherBuiltinAESContext {
typedef struct QCryptoCipherBuiltinAES QCryptoCipherBuiltinAES;
struct QCryptoCipherBuiltinAES {
QCryptoCipherBuiltinAESContext key;
+ QCryptoCipherBuiltinAESContext key_tweak;
uint8_t iv[AES_BLOCK_SIZE];
};
typedef struct QCryptoCipherBuiltinDESRFB QCryptoCipherBuiltinDESRFB;
@@ -123,6 +125,30 @@ static void qcrypto_cipher_aes_ecb_decrypt(AES_KEY *key,
}
+static void qcrypto_cipher_aes_xts_encrypt(const void *ctx,
+ size_t length,
+ uint8_t *dst,
+ const uint8_t *src)
+{
+ const QCryptoCipherBuiltinAESContext *aesctx = ctx;
+
+ qcrypto_cipher_aes_ecb_encrypt((AES_KEY *)&aesctx->enc,
+ src, dst, length);
+}
+
+
+static void qcrypto_cipher_aes_xts_decrypt(const void *ctx,
+ size_t length,
+ uint8_t *dst,
+ const uint8_t *src)
+{
+ const QCryptoCipherBuiltinAESContext *aesctx = ctx;
+
+ qcrypto_cipher_aes_ecb_decrypt((AES_KEY *)&aesctx->dec,
+ src, dst, length);
+}
+
+
static int qcrypto_cipher_encrypt_aes(QCryptoCipher *cipher,
const void *in,
void *out,
@@ -141,6 +167,14 @@ static int qcrypto_cipher_encrypt_aes(QCryptoCipher *cipher,
&ctxt->state.aes.key.enc,
ctxt->state.aes.iv, 1);
break;
+ case QCRYPTO_CIPHER_MODE_XTS:
+ xts_encrypt(&ctxt->state.aes.key,
+ &ctxt->state.aes.key_tweak,
+ qcrypto_cipher_aes_xts_encrypt,
+ qcrypto_cipher_aes_xts_decrypt,
+ ctxt->state.aes.iv,
+ len, out, in);
+ break;
default:
g_assert_not_reached();
}
@@ -167,6 +201,14 @@ static int qcrypto_cipher_decrypt_aes(QCryptoCipher *cipher,
&ctxt->state.aes.key.dec,
ctxt->state.aes.iv, 0);
break;
+ case QCRYPTO_CIPHER_MODE_XTS:
+ xts_decrypt(&ctxt->state.aes.key,
+ &ctxt->state.aes.key_tweak,
+ qcrypto_cipher_aes_xts_encrypt,
+ qcrypto_cipher_aes_xts_decrypt,
+ ctxt->state.aes.iv,
+ len, out, in);
+ break;
default:
g_assert_not_reached();
}
@@ -200,21 +242,46 @@ static int qcrypto_cipher_init_aes(QCryptoCipher *cipher,
QCryptoCipherBuiltin *ctxt;
if (cipher->mode != QCRYPTO_CIPHER_MODE_CBC &&
- cipher->mode != QCRYPTO_CIPHER_MODE_ECB) {
+ cipher->mode != QCRYPTO_CIPHER_MODE_ECB &&
+ cipher->mode != QCRYPTO_CIPHER_MODE_XTS) {
error_setg(errp, "Unsupported cipher mode %d", cipher->mode);
return -1;
}
ctxt = g_new0(QCryptoCipherBuiltin, 1);
- if (AES_set_encrypt_key(key, nkey * 8, &ctxt->state.aes.key.enc) != 0) {
- error_setg(errp, "Failed to set encryption key");
- goto error;
- }
+ if (cipher->mode == QCRYPTO_CIPHER_MODE_XTS) {
+ if (AES_set_encrypt_key(key, nkey * 4, &ctxt->state.aes.key.enc) != 0) {
+ error_setg(errp, "Failed to set encryption key");
+ goto error;
+ }
- if (AES_set_decrypt_key(key, nkey * 8, &ctxt->state.aes.key.dec) != 0) {
- error_setg(errp, "Failed to set decryption key");
- goto error;
+ if (AES_set_decrypt_key(key, nkey * 4, &ctxt->state.aes.key.dec) != 0) {
+ error_setg(errp, "Failed to set decryption key");
+ goto error;
+ }
+
+ if (AES_set_encrypt_key(key + (nkey / 2), nkey * 4,
+ &ctxt->state.aes.key_tweak.enc) != 0) {
+ error_setg(errp, "Failed to set encryption key");
+ goto error;
+ }
+
+ if (AES_set_decrypt_key(key + (nkey / 2), nkey * 4,
+ &ctxt->state.aes.key_tweak.dec) != 0) {
+ error_setg(errp, "Failed to set decryption key");
+ goto error;
+ }
+ } else {
+ if (AES_set_encrypt_key(key, nkey * 8, &ctxt->state.aes.key.enc) != 0) {
+ error_setg(errp, "Failed to set encryption key");
+ goto error;
+ }
+
+ if (AES_set_decrypt_key(key, nkey * 8, &ctxt->state.aes.key.dec) != 0) {
+ error_setg(errp, "Failed to set decryption key");
+ goto error;
+ }
}
ctxt->blocksize = AES_BLOCK_SIZE;
@@ -356,7 +423,7 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
cipher->alg = alg;
cipher->mode = mode;
- if (!qcrypto_cipher_validate_key_length(alg, nkey, errp)) {
+ if (!qcrypto_cipher_validate_key_length(alg, mode, nkey, errp)) {
goto error;
}
diff --git a/crypto/cipher-gcrypt.c b/crypto/cipher-gcrypt.c
index ce26456..ede2f70 100644
--- a/crypto/cipher-gcrypt.c
+++ b/crypto/cipher-gcrypt.c
@@ -19,6 +19,8 @@
*/
#include "qemu/osdep.h"
+#include "crypto/xts.h"
+
#include <gcrypt.h>
@@ -44,7 +46,9 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg)
typedef struct QCryptoCipherGcrypt QCryptoCipherGcrypt;
struct QCryptoCipherGcrypt {
gcry_cipher_hd_t handle;
+ gcry_cipher_hd_t tweakhandle;
size_t blocksize;
+ uint8_t *iv;
};
QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
@@ -59,6 +63,7 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
switch (mode) {
case QCRYPTO_CIPHER_MODE_ECB:
+ case QCRYPTO_CIPHER_MODE_XTS:
gcrymode = GCRY_CIPHER_MODE_ECB;
break;
case QCRYPTO_CIPHER_MODE_CBC:
@@ -69,7 +74,7 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
return NULL;
}
- if (!qcrypto_cipher_validate_key_length(alg, nkey, errp)) {
+ if (!qcrypto_cipher_validate_key_length(alg, mode, nkey, errp)) {
return NULL;
}
@@ -131,6 +136,14 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
gcry_strerror(err));
goto error;
}
+ if (cipher->mode == QCRYPTO_CIPHER_MODE_XTS) {
+ err = gcry_cipher_open(&ctx->tweakhandle, gcryalg, gcrymode, 0);
+ if (err != 0) {
+ error_setg(errp, "Cannot initialize cipher: %s",
+ gcry_strerror(err));
+ goto error;
+ }
+ }
if (cipher->alg == QCRYPTO_CIPHER_ALG_DES_RFB) {
/* We're using standard DES cipher from gcrypt, so we need
@@ -142,7 +155,23 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
g_free(rfbkey);
ctx->blocksize = 8;
} else {
- err = gcry_cipher_setkey(ctx->handle, key, nkey);
+ if (cipher->mode == QCRYPTO_CIPHER_MODE_XTS) {
+ nkey /= 2;
+ err = gcry_cipher_setkey(ctx->handle, key, nkey);
+ if (err != 0) {
+ error_setg(errp, "Cannot set key: %s",
+ gcry_strerror(err));
+ goto error;
+ }
+ err = gcry_cipher_setkey(ctx->tweakhandle, key + nkey, nkey);
+ } else {
+ err = gcry_cipher_setkey(ctx->handle, key, nkey);
+ }
+ if (err != 0) {
+ error_setg(errp, "Cannot set key: %s",
+ gcry_strerror(err));
+ goto error;
+ }
switch (cipher->alg) {
case QCRYPTO_CIPHER_ALG_AES_128:
case QCRYPTO_CIPHER_ALG_AES_192:
@@ -161,10 +190,9 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
g_assert_not_reached();
}
}
- if (err != 0) {
- error_setg(errp, "Cannot set key: %s",
- gcry_strerror(err));
- goto error;
+
+ if (cipher->mode == QCRYPTO_CIPHER_MODE_XTS) {
+ ctx->iv = g_new0(uint8_t, ctx->blocksize);
}
cipher->opaque = ctx;
@@ -172,6 +200,9 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
error:
gcry_cipher_close(ctx->handle);
+ if (cipher->mode == QCRYPTO_CIPHER_MODE_XTS) {
+ gcry_cipher_close(ctx->tweakhandle);
+ }
g_free(ctx);
g_free(cipher);
return NULL;
@@ -186,11 +217,35 @@ void qcrypto_cipher_free(QCryptoCipher *cipher)
}
ctx = cipher->opaque;
gcry_cipher_close(ctx->handle);
+ if (cipher->mode == QCRYPTO_CIPHER_MODE_XTS) {
+ gcry_cipher_close(ctx->tweakhandle);
+ }
+ g_free(ctx->iv);
g_free(ctx);
g_free(cipher);
}
+static void qcrypto_gcrypt_xts_encrypt(const void *ctx,
+ size_t length,
+ uint8_t *dst,
+ const uint8_t *src)
+{
+ gcry_error_t err;
+ err = gcry_cipher_encrypt((gcry_cipher_hd_t)ctx, dst, length, src, length);
+ g_assert(err == 0);
+}
+
+static void qcrypto_gcrypt_xts_decrypt(const void *ctx,
+ size_t length,
+ uint8_t *dst,
+ const uint8_t *src)
+{
+ gcry_error_t err;
+ err = gcry_cipher_decrypt((gcry_cipher_hd_t)ctx, dst, length, src, length);
+ g_assert(err == 0);
+}
+
int qcrypto_cipher_encrypt(QCryptoCipher *cipher,
const void *in,
void *out,
@@ -206,13 +261,20 @@ int qcrypto_cipher_encrypt(QCryptoCipher *cipher,
return -1;
}
- err = gcry_cipher_encrypt(ctx->handle,
- out, len,
- in, len);
- if (err != 0) {
- error_setg(errp, "Cannot encrypt data: %s",
- gcry_strerror(err));
- return -1;
+ if (cipher->mode == QCRYPTO_CIPHER_MODE_XTS) {
+ xts_encrypt(ctx->handle, ctx->tweakhandle,
+ qcrypto_gcrypt_xts_encrypt,
+ qcrypto_gcrypt_xts_decrypt,
+ ctx->iv, len, out, in);
+ } else {
+ err = gcry_cipher_encrypt(ctx->handle,
+ out, len,
+ in, len);
+ if (err != 0) {
+ error_setg(errp, "Cannot encrypt data: %s",
+ gcry_strerror(err));
+ return -1;
+ }
}
return 0;
@@ -234,13 +296,20 @@ int qcrypto_cipher_decrypt(QCryptoCipher *cipher,
return -1;
}
- err = gcry_cipher_decrypt(ctx->handle,
- out, len,
- in, len);
- if (err != 0) {
- error_setg(errp, "Cannot decrypt data: %s",
- gcry_strerror(err));
- return -1;
+ if (cipher->mode == QCRYPTO_CIPHER_MODE_XTS) {
+ xts_decrypt(ctx->handle, ctx->tweakhandle,
+ qcrypto_gcrypt_xts_encrypt,
+ qcrypto_gcrypt_xts_decrypt,
+ ctx->iv, len, out, in);
+ } else {
+ err = gcry_cipher_decrypt(ctx->handle,
+ out, len,
+ in, len);
+ if (err != 0) {
+ error_setg(errp, "Cannot decrypt data: %s",
+ gcry_strerror(err));
+ return -1;
+ }
}
return 0;
@@ -259,12 +328,16 @@ int qcrypto_cipher_setiv(QCryptoCipher *cipher,
return -1;
}
- gcry_cipher_reset(ctx->handle);
- err = gcry_cipher_setiv(ctx->handle, iv, niv);
- if (err != 0) {
- error_setg(errp, "Cannot set IV: %s",
+ if (ctx->iv) {
+ memcpy(ctx->iv, iv, niv);
+ } else {
+ gcry_cipher_reset(ctx->handle);
+ err = gcry_cipher_setiv(ctx->handle, iv, niv);
+ if (err != 0) {
+ error_setg(errp, "Cannot set IV: %s",
gcry_strerror(err));
- return -1;
+ return -1;
+ }
}
return 0;
diff --git a/crypto/cipher-nettle.c b/crypto/cipher-nettle.c
index ed08782..3c982e4 100644
--- a/crypto/cipher-nettle.c
+++ b/crypto/cipher-nettle.c
@@ -19,6 +19,8 @@
*/
#include "qemu/osdep.h"
+#include "crypto/xts.h"
+
#include <nettle/nettle-types.h>
#include <nettle/aes.h>
#include <nettle/des.h>
@@ -111,9 +113,14 @@ static void twofish_decrypt_wrapper(cipher_ctx_t ctx, cipher_length_t length,
typedef struct QCryptoCipherNettle QCryptoCipherNettle;
struct QCryptoCipherNettle {
+ /* Primary cipher context for all modes */
void *ctx;
+ /* Second cipher context for XTS mode only */
+ void *ctx_tweak;
+ /* Cipher callbacks for both contexts */
nettle_cipher_func *alg_encrypt;
nettle_cipher_func *alg_decrypt;
+
uint8_t *iv;
size_t blocksize;
};
@@ -151,13 +158,14 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
switch (mode) {
case QCRYPTO_CIPHER_MODE_ECB:
case QCRYPTO_CIPHER_MODE_CBC:
+ case QCRYPTO_CIPHER_MODE_XTS:
break;
default:
error_setg(errp, "Unsupported cipher mode %d", mode);
return NULL;
}
- if (!qcrypto_cipher_validate_key_length(alg, nkey, errp)) {
+ if (!qcrypto_cipher_validate_key_length(alg, mode, nkey, errp)) {
return NULL;
}
@@ -185,8 +193,25 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
case QCRYPTO_CIPHER_ALG_AES_256:
ctx->ctx = g_new0(QCryptoNettleAES, 1);
- aes_set_encrypt_key(&((QCryptoNettleAES *)ctx->ctx)->enc, nkey, key);
- aes_set_decrypt_key(&((QCryptoNettleAES *)ctx->ctx)->dec, nkey, key);
+ if (mode == QCRYPTO_CIPHER_MODE_XTS) {
+ ctx->ctx_tweak = g_new0(QCryptoNettleAES, 1);
+
+ nkey /= 2;
+ aes_set_encrypt_key(&((QCryptoNettleAES *)ctx->ctx)->enc,
+ nkey, key);
+ aes_set_decrypt_key(&((QCryptoNettleAES *)ctx->ctx)->dec,
+ nkey, key);
+
+ aes_set_encrypt_key(&((QCryptoNettleAES *)ctx->ctx_tweak)->enc,
+ nkey, key + nkey);
+ aes_set_decrypt_key(&((QCryptoNettleAES *)ctx->ctx_tweak)->dec,
+ nkey, key + nkey);
+ } else {
+ aes_set_encrypt_key(&((QCryptoNettleAES *)ctx->ctx)->enc,
+ nkey, key);
+ aes_set_decrypt_key(&((QCryptoNettleAES *)ctx->ctx)->dec,
+ nkey, key);
+ }
ctx->alg_encrypt = aes_encrypt_wrapper;
ctx->alg_decrypt = aes_decrypt_wrapper;
@@ -197,7 +222,15 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
case QCRYPTO_CIPHER_ALG_CAST5_128:
ctx->ctx = g_new0(struct cast128_ctx, 1);
- cast5_set_key(ctx->ctx, nkey, key);
+ if (mode == QCRYPTO_CIPHER_MODE_XTS) {
+ ctx->ctx_tweak = g_new0(struct cast128_ctx, 1);
+
+ nkey /= 2;
+ cast5_set_key(ctx->ctx, nkey, key);
+ cast5_set_key(ctx->ctx_tweak, nkey, key + nkey);
+ } else {
+ cast5_set_key(ctx->ctx, nkey, key);
+ }
ctx->alg_encrypt = cast128_encrypt_wrapper;
ctx->alg_decrypt = cast128_decrypt_wrapper;
@@ -210,7 +243,15 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
case QCRYPTO_CIPHER_ALG_SERPENT_256:
ctx->ctx = g_new0(struct serpent_ctx, 1);
- serpent_set_key(ctx->ctx, nkey, key);
+ if (mode == QCRYPTO_CIPHER_MODE_XTS) {
+ ctx->ctx_tweak = g_new0(struct serpent_ctx, 1);
+
+ nkey /= 2;
+ serpent_set_key(ctx->ctx, nkey, key);
+ serpent_set_key(ctx->ctx_tweak, nkey, key + nkey);
+ } else {
+ serpent_set_key(ctx->ctx, nkey, key);
+ }
ctx->alg_encrypt = serpent_encrypt_wrapper;
ctx->alg_decrypt = serpent_decrypt_wrapper;
@@ -223,7 +264,15 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
case QCRYPTO_CIPHER_ALG_TWOFISH_256:
ctx->ctx = g_new0(struct twofish_ctx, 1);
- twofish_set_key(ctx->ctx, nkey, key);
+ if (mode == QCRYPTO_CIPHER_MODE_XTS) {
+ ctx->ctx_tweak = g_new0(struct twofish_ctx, 1);
+
+ nkey /= 2;
+ twofish_set_key(ctx->ctx, nkey, key);
+ twofish_set_key(ctx->ctx_tweak, nkey, key + nkey);
+ } else {
+ twofish_set_key(ctx->ctx, nkey, key);
+ }
ctx->alg_encrypt = twofish_encrypt_wrapper;
ctx->alg_decrypt = twofish_decrypt_wrapper;
@@ -259,6 +308,7 @@ void qcrypto_cipher_free(QCryptoCipher *cipher)
ctx = cipher->opaque;
g_free(ctx->iv);
g_free(ctx->ctx);
+ g_free(ctx->ctx_tweak);
g_free(ctx);
g_free(cipher);
}
@@ -289,6 +339,12 @@ int qcrypto_cipher_encrypt(QCryptoCipher *cipher,
len, out, in);
break;
+ case QCRYPTO_CIPHER_MODE_XTS:
+ xts_encrypt(ctx->ctx, ctx->ctx_tweak,
+ ctx->alg_encrypt, ctx->alg_encrypt,
+ ctx->iv, len, out, in);
+ break;
+
default:
error_setg(errp, "Unsupported cipher algorithm %d",
cipher->alg);
@@ -323,6 +379,17 @@ int qcrypto_cipher_decrypt(QCryptoCipher *cipher,
len, out, in);
break;
+ case QCRYPTO_CIPHER_MODE_XTS:
+ if (ctx->blocksize != XTS_BLOCK_SIZE) {
+ error_setg(errp, "Block size must be %d not %zu",
+ XTS_BLOCK_SIZE, ctx->blocksize);
+ return -1;
+ }
+ xts_decrypt(ctx->ctx, ctx->ctx_tweak,
+ ctx->alg_encrypt, ctx->alg_decrypt,
+ ctx->iv, len, out, in);
+ break;
+
default:
error_setg(errp, "Unsupported cipher algorithm %d",
cipher->alg);
diff --git a/crypto/cipher.c b/crypto/cipher.c
index 89fa5a2..5402d18 100644
--- a/crypto/cipher.c
+++ b/crypto/cipher.c
@@ -53,6 +53,7 @@ static size_t alg_block_len[QCRYPTO_CIPHER_ALG__MAX] = {
static bool mode_need_iv[QCRYPTO_CIPHER_MODE__MAX] = {
[QCRYPTO_CIPHER_MODE_ECB] = false,
[QCRYPTO_CIPHER_MODE_CBC] = true,
+ [QCRYPTO_CIPHER_MODE_XTS] = true,
};
@@ -93,6 +94,7 @@ size_t qcrypto_cipher_get_iv_len(QCryptoCipherAlgorithm alg,
static bool
qcrypto_cipher_validate_key_length(QCryptoCipherAlgorithm alg,
+ QCryptoCipherMode mode,
size_t nkey,
Error **errp)
{
@@ -102,10 +104,27 @@ qcrypto_cipher_validate_key_length(QCryptoCipherAlgorithm alg,
return false;
}
- if (alg_key_len[alg] != nkey) {
- error_setg(errp, "Cipher key length %zu should be %zu",
- nkey, alg_key_len[alg]);
- return false;
+ if (mode == QCRYPTO_CIPHER_MODE_XTS) {
+ if (alg == QCRYPTO_CIPHER_ALG_DES_RFB) {
+ error_setg(errp, "XTS mode not compatible with DES-RFB");
+ return false;
+ }
+ if (nkey % 2) {
+ error_setg(errp, "XTS cipher key length should be a multiple of 2");
+ return false;
+ }
+
+ if (alg_key_len[alg] != (nkey / 2)) {
+ error_setg(errp, "Cipher key length %zu should be %zu",
+ nkey, alg_key_len[alg] * 2);
+ return false;
+ }
+ } else {
+ if (alg_key_len[alg] != nkey) {
+ error_setg(errp, "Cipher key length %zu should be %zu",
+ nkey, alg_key_len[alg]);
+ return false;
+ }
}
return true;
}
diff --git a/qapi/crypto.json b/qapi/crypto.json
index 63c001a..a0314f0 100644
--- a/qapi/crypto.json
+++ b/qapi/crypto.json
@@ -84,11 +84,12 @@
#
# @ecb: Electronic Code Book
# @cbc: Cipher Block Chaining
+# @xts: XEX with tweaked code book and ciphertext stealing
# Since: 2.6
##
{ 'enum': 'QCryptoCipherMode',
'prefix': 'QCRYPTO_CIPHER_MODE',
- 'data': ['ecb', 'cbc']}
+ 'data': ['ecb', 'cbc', 'xts']}
##
diff --git a/tests/test-crypto-cipher.c b/tests/test-crypto-cipher.c
index 109e831..036b56d 100644
--- a/tests/test-crypto-cipher.c
+++ b/tests/test-crypto-cipher.c
@@ -241,6 +241,134 @@ static QCryptoCipherTestData test_data[] = {
.plaintext = "90afe91bb288544f2c32dc239b2635e6",
.ciphertext = "6cb4561c40bf0a9705931cb6d408e7fa",
},
+ {
+ /* #1 32 byte key, 32 byte PTX */
+ .path = "/crypto/cipher/aes-xts-128-1",
+ .alg = QCRYPTO_CIPHER_ALG_AES_128,
+ .mode = QCRYPTO_CIPHER_MODE_XTS,
+ .key =
+ "00000000000000000000000000000000"
+ "00000000000000000000000000000000",
+ .iv =
+ "00000000000000000000000000000000",
+ .plaintext =
+ "00000000000000000000000000000000"
+ "00000000000000000000000000000000",
+ .ciphertext =
+ "917cf69ebd68b2ec9b9fe9a3eadda692"
+ "cd43d2f59598ed858c02c2652fbf922e",
+ },
+ {
+ /* #2, 32 byte key, 32 byte PTX */
+ .path = "/crypto/cipher/aes-xts-128-2",
+ .alg = QCRYPTO_CIPHER_ALG_AES_128,
+ .mode = QCRYPTO_CIPHER_MODE_XTS,
+ .key =
+ "11111111111111111111111111111111"
+ "22222222222222222222222222222222",
+ .iv =
+ "33333333330000000000000000000000",
+ .plaintext =
+ "44444444444444444444444444444444"
+ "44444444444444444444444444444444",
+ .ciphertext =
+ "c454185e6a16936e39334038acef838b"
+ "fb186fff7480adc4289382ecd6d394f0",
+ },
+ {
+ /* #5 from xts.7, 32 byte key, 32 byte PTX */
+ .path = "/crypto/cipher/aes-xts-128-3",
+ .alg = QCRYPTO_CIPHER_ALG_AES_128,
+ .mode = QCRYPTO_CIPHER_MODE_XTS,
+ .key =
+ "fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0"
+ "bfbebdbcbbbab9b8b7b6b5b4b3b2b1b0",
+ .iv =
+ "9a785634120000000000000000000000",
+ .plaintext =
+ "44444444444444444444444444444444"
+ "44444444444444444444444444444444",
+ .ciphertext =
+ "b01f86f8edc1863706fa8a4253e34f28"
+ "af319de38334870f4dd1f94cbe9832f1",
+ },
+ {
+ /* #4, 32 byte key, 512 byte PTX */
+ .path = "/crypto/cipher/aes-xts-128-4",
+ .alg = QCRYPTO_CIPHER_ALG_AES_128,
+ .mode = QCRYPTO_CIPHER_MODE_XTS,
+ .key =
+ "27182818284590452353602874713526"
+ "31415926535897932384626433832795",
+ .iv =
+ "00000000000000000000000000000000",
+ .plaintext =
+ "000102030405060708090a0b0c0d0e0f"
+ "101112131415161718191a1b1c1d1e1f"
+ "202122232425262728292a2b2c2d2e2f"
+ "303132333435363738393a3b3c3d3e3f"
+ "404142434445464748494a4b4c4d4e4f"
+ "505152535455565758595a5b5c5d5e5f"
+ "606162636465666768696a6b6c6d6e6f"
+ "707172737475767778797a7b7c7d7e7f"
+ "808182838485868788898a8b8c8d8e8f"
+ "909192939495969798999a9b9c9d9e9f"
+ "a0a1a2a3a4a5a6a7a8a9aaabacadaeaf"
+ "b0b1b2b3b4b5b6b7b8b9babbbcbdbebf"
+ "c0c1c2c3c4c5c6c7c8c9cacbcccdcecf"
+ "d0d1d2d3d4d5d6d7d8d9dadbdcdddedf"
+ "e0e1e2e3e4e5e6e7e8e9eaebecedeeef"
+ "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff"
+ "000102030405060708090a0b0c0d0e0f"
+ "101112131415161718191a1b1c1d1e1f"
+ "202122232425262728292a2b2c2d2e2f"
+ "303132333435363738393a3b3c3d3e3f"
+ "404142434445464748494a4b4c4d4e4f"
+ "505152535455565758595a5b5c5d5e5f"
+ "606162636465666768696a6b6c6d6e6f"
+ "707172737475767778797a7b7c7d7e7f"
+ "808182838485868788898a8b8c8d8e8f"
+ "909192939495969798999a9b9c9d9e9f"
+ "a0a1a2a3a4a5a6a7a8a9aaabacadaeaf"
+ "b0b1b2b3b4b5b6b7b8b9babbbcbdbebf"
+ "c0c1c2c3c4c5c6c7c8c9cacbcccdcecf"
+ "d0d1d2d3d4d5d6d7d8d9dadbdcdddedf"
+ "e0e1e2e3e4e5e6e7e8e9eaebecedeeef"
+ "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
+ .ciphertext =
+ "27a7479befa1d476489f308cd4cfa6e2"
+ "a96e4bbe3208ff25287dd3819616e89c"
+ "c78cf7f5e543445f8333d8fa7f560000"
+ "05279fa5d8b5e4ad40e736ddb4d35412"
+ "328063fd2aab53e5ea1e0a9f332500a5"
+ "df9487d07a5c92cc512c8866c7e860ce"
+ "93fdf166a24912b422976146ae20ce84"
+ "6bb7dc9ba94a767aaef20c0d61ad0265"
+ "5ea92dc4c4e41a8952c651d33174be51"
+ "a10c421110e6d81588ede82103a252d8"
+ "a750e8768defffed9122810aaeb99f91"
+ "72af82b604dc4b8e51bcb08235a6f434"
+ "1332e4ca60482a4ba1a03b3e65008fc5"
+ "da76b70bf1690db4eae29c5f1badd03c"
+ "5ccf2a55d705ddcd86d449511ceb7ec3"
+ "0bf12b1fa35b913f9f747a8afd1b130e"
+ "94bff94effd01a91735ca1726acd0b19"
+ "7c4e5b03393697e126826fb6bbde8ecc"
+ "1e08298516e2c9ed03ff3c1b7860f6de"
+ "76d4cecd94c8119855ef5297ca67e9f3"
+ "e7ff72b1e99785ca0a7e7720c5b36dc6"
+ "d72cac9574c8cbbc2f801e23e56fd344"
+ "b07f22154beba0f08ce8891e643ed995"
+ "c94d9a69c9f1b5f499027a78572aeebd"
+ "74d20cc39881c213ee770b1010e4bea7"
+ "18846977ae119f7a023ab58cca0ad752"
+ "afe656bb3c17256a9f6e9bf19fdd5a38"
+ "fc82bbe872c5539edb609ef4f79c203e"
+ "bb140f2e583cb2ad15b4aa5b655016a8"
+ "449277dbd477ef2c8d6c017db738b18d"
+ "eb4a427d1923ce3ff262735779a418f2"
+ "0a282df920147beabe421ee5319d0568",
+ },
};
@@ -327,7 +455,11 @@ static void test_cipher(const void *opaque)
blocksize = qcrypto_cipher_get_block_len(data->alg);
ivsize = qcrypto_cipher_get_iv_len(data->alg, data->mode);
- g_assert_cmpint(keysize, ==, nkey);
+ if (data->mode == QCRYPTO_CIPHER_MODE_XTS) {
+ g_assert_cmpint(keysize * 2, ==, nkey);
+ } else {
+ g_assert_cmpint(keysize, ==, nkey);
+ }
g_assert_cmpint(ivsize, ==, niv);
if (niv) {
g_assert_cmpint(blocksize, ==, niv);
--
2.5.0
next prev parent reply other threads:[~2016-02-15 16:11 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-15 16:10 [Qemu-devel] [PATCH v3 00/26] Support LUKS encryption in block devices Daniel P. Berrange
2016-02-15 16:10 ` [Qemu-devel] [PATCH v3 01/26] crypto: add cryptographic random byte source Daniel P. Berrange
2016-02-15 16:10 ` [Qemu-devel] [PATCH v3 02/26] crypto: add support for PBKDF2 algorithm Daniel P. Berrange
2016-02-15 16:10 ` [Qemu-devel] [PATCH v3 03/26] crypto: add support for generating initialization vectors Daniel P. Berrange
2016-02-15 16:10 ` [Qemu-devel] [PATCH v3 04/26] crypto: add support for anti-forensic split algorithm Daniel P. Berrange
2016-02-15 16:10 ` [Qemu-devel] [PATCH v3 05/26] crypto: skip testing of unsupported cipher algorithms Daniel P. Berrange
2016-02-15 16:10 ` [Qemu-devel] [PATCH v3 06/26] crypto: add support for the cast5-128 cipher algorithm Daniel P. Berrange
2016-02-15 16:10 ` [Qemu-devel] [PATCH v3 07/26] crypto: add support for the serpent " Daniel P. Berrange
2016-02-15 16:10 ` [Qemu-devel] [PATCH v3 08/26] crypto: add support for the twofish " Daniel P. Berrange
2016-02-15 16:10 ` [Qemu-devel] [PATCH v3 09/26] crypto: import an implementation of the XTS cipher mode Daniel P. Berrange
2016-02-15 16:10 ` [Qemu-devel] [PATCH v3 10/26] crypto: refactor code for dealing with AES cipher Daniel P. Berrange
2016-02-15 16:10 ` Daniel P. Berrange [this message]
2016-02-15 16:10 ` [Qemu-devel] [PATCH v3 12/26] crypto: add block encryption framework Daniel P. Berrange
2016-02-15 16:10 ` [Qemu-devel] [PATCH v3 13/26] crypto: implement the LUKS block encryption format Daniel P. Berrange
2016-02-15 16:10 ` [Qemu-devel] [PATCH v3 14/26] block: add flag to indicate that no I/O will be performed Daniel P. Berrange
2016-02-15 16:10 ` [Qemu-devel] [PATCH v3 15/26] qemu-img/qemu-io: don't prompt for passwords if not required Daniel P. Berrange
2016-02-15 16:10 ` [Qemu-devel] [PATCH v3 16/26] tests: redirect stderr to stdout for iotests Daniel P. Berrange
2016-02-15 16:10 ` [Qemu-devel] [PATCH v3 17/26] tests: refactor python I/O tests helper main method Daniel P. Berrange
2016-02-15 16:10 ` [Qemu-devel] [PATCH v3 18/26] tests: add output filter to python I/O tests helper Daniel P. Berrange
2016-02-15 16:10 ` [Qemu-devel] [PATCH v3 19/26] block: add generic full disk encryption driver Daniel P. Berrange
2016-02-15 16:10 ` [Qemu-devel] [PATCH v3 20/26] qcow2: make qcow2_encrypt_sectors encrypt in place Daniel P. Berrange
2016-02-15 16:10 ` [Qemu-devel] [PATCH v3 21/26] qcow2: convert QCow2 to use QCryptoBlock for encryption Daniel P. Berrange
2016-02-15 16:10 ` [Qemu-devel] [PATCH v3 22/26] qcow: make encrypt_sectors encrypt in place Daniel P. Berrange
2016-02-15 16:10 ` [Qemu-devel] [PATCH v3 23/26] qcow: convert QCow to use QCryptoBlock for encryption Daniel P. Berrange
2016-02-15 16:10 ` [Qemu-devel] [PATCH v3 24/26] block: rip out all traces of password prompting Daniel P. Berrange
2016-02-15 16:10 ` [Qemu-devel] [PATCH v3 25/26] block: remove all encryption handling APIs Daniel P. Berrange
2016-02-15 16:10 ` [Qemu-devel] [PATCH v3 26/26] block: remove support for legecy AES qcow/qcow2 encryption Daniel P. Berrange
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1455552659-14000-12-git-send-email-berrange@redhat.com \
--to=berrange@redhat.com \
--cc=famz@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.