From: "Daniel P. Berrangé" <berrange@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Eric Blake" <eblake@redhat.com>,
"Daniel P. Berrangé" <berrange@redhat.com>,
"Gerd Hoffmann" <kraxel@redhat.com>,
"Markus Armbruster" <armbru@redhat.com>
Subject: [PATCH 14/18] crypto: add gnutls cipher provider
Date: Tue, 6 Jul 2021 10:59:20 +0100 [thread overview]
Message-ID: <20210706095924.764117-15-berrange@redhat.com> (raw)
In-Reply-To: <20210706095924.764117-1-berrange@redhat.com>
Add an implementation of the QEMU cipher APIs to the gnutls
crypto backend. XTS support is only available for gnutls
version >= 3.6.8. Since ECB mode is not exposed by gnutls
APIs, we can't use the private XTS code for compatibility.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
crypto/cipher-gnutls.c.inc | 325 +++++++++++++++++++++++++++++++++++++
crypto/cipher.c | 2 +
2 files changed, 327 insertions(+)
create mode 100644 crypto/cipher-gnutls.c.inc
diff --git a/crypto/cipher-gnutls.c.inc b/crypto/cipher-gnutls.c.inc
new file mode 100644
index 0000000000..eb6eb49546
--- /dev/null
+++ b/crypto/cipher-gnutls.c.inc
@@ -0,0 +1,325 @@
+/*
+ * QEMU Crypto cipher gnutls algorithms
+ *
+ * Copyright (c) 2021 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "cipherpriv.h"
+
+#include <gnutls/crypto.h>
+
+#if GNUTLS_VERSION_NUMBER >= 0x030608
+#define QEMU_GNUTLS_XTS
+#endif
+
+bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg,
+ QCryptoCipherMode mode)
+{
+
+ switch (mode) {
+ case QCRYPTO_CIPHER_MODE_ECB:
+ case QCRYPTO_CIPHER_MODE_CBC:
+ switch (alg) {
+ case QCRYPTO_CIPHER_ALG_AES_128:
+ case QCRYPTO_CIPHER_ALG_AES_192:
+ case QCRYPTO_CIPHER_ALG_AES_256:
+ case QCRYPTO_CIPHER_ALG_DES:
+ case QCRYPTO_CIPHER_ALG_3DES:
+ return true;
+ default:
+ return false;
+ }
+#ifdef QEMU_GNUTLS_XTS
+ case QCRYPTO_CIPHER_MODE_XTS:
+ switch (alg) {
+ case QCRYPTO_CIPHER_ALG_AES_128:
+ case QCRYPTO_CIPHER_ALG_AES_256:
+ return true;
+ default:
+ return false;
+ }
+ return true;
+#endif
+ default:
+ return false;
+ }
+}
+
+typedef struct QCryptoCipherGnutls QCryptoCipherGnutls;
+struct QCryptoCipherGnutls {
+ QCryptoCipher base;
+ gnutls_cipher_hd_t handle; /* XTS & CBC mode */
+ gnutls_cipher_algorithm_t galg; /* ECB mode */
+ guint8 *key; /* ECB mode */
+ size_t nkey; /* ECB mode */
+ size_t blocksize;
+};
+
+
+static void
+qcrypto_gnutls_cipher_free(QCryptoCipher *cipher)
+{
+ QCryptoCipherGnutls *ctx = container_of(cipher, QCryptoCipherGnutls, base);
+
+ g_free(ctx->key);
+ if (ctx->handle) {
+ gnutls_cipher_deinit(ctx->handle);
+ }
+ g_free(ctx);
+}
+
+
+static int
+qcrypto_gnutls_cipher_encrypt(QCryptoCipher *cipher,
+ const void *in,
+ void *out,
+ size_t len,
+ Error **errp)
+{
+ QCryptoCipherGnutls *ctx = container_of(cipher, QCryptoCipherGnutls, base);
+ int err;
+
+ if (len % ctx->blocksize) {
+ error_setg(errp, "Length %zu must be a multiple of block size %zu",
+ len, ctx->blocksize);
+ return -1;
+ }
+
+ if (ctx->handle) { /* CBC / XTS mode */
+ err = gnutls_cipher_encrypt2(ctx->handle,
+ in, len,
+ out, len);
+ if (err != 0) {
+ error_setg(errp, "Cannot encrypt data: %s",
+ gnutls_strerror(err));
+ return -1;
+ }
+ } else { /* ECB mode very inefficiently faked with CBC */
+ g_autofree unsigned char *iv = g_new0(unsigned char, ctx->blocksize);
+ while (len) {
+ gnutls_cipher_hd_t handle;
+ gnutls_datum_t gkey = { (unsigned char *)ctx->key, ctx->nkey };
+ int err = gnutls_cipher_init(&handle, ctx->galg, &gkey, NULL);
+ if (err != 0) {
+ error_setg(errp, "Cannot initialize cipher: %s",
+ gnutls_strerror(err));
+ return -1;
+ }
+
+ gnutls_cipher_set_iv(handle, iv, ctx->blocksize);
+
+ err = gnutls_cipher_encrypt2(handle,
+ in, ctx->blocksize,
+ out, ctx->blocksize);
+ if (err != 0) {
+ gnutls_cipher_deinit(handle);
+ error_setg(errp, "Cannot encrypt data: %s",
+ gnutls_strerror(err));
+ return -1;
+ }
+ gnutls_cipher_deinit(handle);
+
+ len -= ctx->blocksize;
+ in += ctx->blocksize;
+ out += ctx->blocksize;
+ }
+ }
+
+ return 0;
+}
+
+
+static int
+qcrypto_gnutls_cipher_decrypt(QCryptoCipher *cipher,
+ const void *in,
+ void *out,
+ size_t len,
+ Error **errp)
+{
+ QCryptoCipherGnutls *ctx = container_of(cipher, QCryptoCipherGnutls, base);
+ int err;
+
+ if (len % ctx->blocksize) {
+ error_setg(errp, "Length %zu must be a multiple of block size %zu",
+ len, ctx->blocksize);
+ return -1;
+ }
+
+ if (ctx->handle) { /* CBC / XTS mode */
+ err = gnutls_cipher_decrypt2(ctx->handle,
+ in, len,
+ out, len);
+
+ if (err != 0) {
+ error_setg(errp, "Cannot decrypt data: %s",
+ gnutls_strerror(err));
+ return -1;
+ }
+ } else { /* ECB mode very inefficiently faked with CBC */
+ g_autofree unsigned char *iv = g_new0(unsigned char, ctx->blocksize);
+ while (len) {
+ gnutls_cipher_hd_t handle;
+ gnutls_datum_t gkey = { (unsigned char *)ctx->key, ctx->nkey };
+ int err = gnutls_cipher_init(&handle, ctx->galg, &gkey, NULL);
+ if (err != 0) {
+ error_setg(errp, "Cannot initialize cipher: %s",
+ gnutls_strerror(err));
+ return -1;
+ }
+
+ gnutls_cipher_set_iv(handle, iv, ctx->blocksize);
+
+ err = gnutls_cipher_decrypt2(handle,
+ in, ctx->blocksize,
+ out, ctx->blocksize);
+ if (err != 0) {
+ gnutls_cipher_deinit(handle);
+ error_setg(errp, "Cannot encrypt data: %s",
+ gnutls_strerror(err));
+ return -1;
+ }
+ gnutls_cipher_deinit(handle);
+
+ len -= ctx->blocksize;
+ in += ctx->blocksize;
+ out += ctx->blocksize;
+ }
+ }
+
+ return 0;
+}
+
+static int
+qcrypto_gnutls_cipher_setiv(QCryptoCipher *cipher,
+ const uint8_t *iv, size_t niv,
+ Error **errp)
+{
+ QCryptoCipherGnutls *ctx = container_of(cipher, QCryptoCipherGnutls, base);
+
+ if (niv != ctx->blocksize) {
+ error_setg(errp, "Expected IV size %zu not %zu",
+ ctx->blocksize, niv);
+ return -1;
+ }
+
+ gnutls_cipher_set_iv(ctx->handle, (unsigned char *)iv, niv);
+
+ return 0;
+}
+
+
+static struct QCryptoCipherDriver gnutls_driver = {
+ .cipher_encrypt = qcrypto_gnutls_cipher_encrypt,
+ .cipher_decrypt = qcrypto_gnutls_cipher_decrypt,
+ .cipher_setiv = qcrypto_gnutls_cipher_setiv,
+ .cipher_free = qcrypto_gnutls_cipher_free,
+};
+
+static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg,
+ QCryptoCipherMode mode,
+ const uint8_t *key,
+ size_t nkey,
+ Error **errp)
+{
+ QCryptoCipherGnutls *ctx;
+ gnutls_datum_t gkey = { (unsigned char *)key, nkey };
+ gnutls_cipher_algorithm_t galg = GNUTLS_CIPHER_UNKNOWN;
+ int err;
+
+ switch (mode) {
+#ifdef QEMU_GNUTLS_XTS
+ case QCRYPTO_CIPHER_MODE_XTS:
+ switch (alg) {
+ case QCRYPTO_CIPHER_ALG_AES_128:
+ galg = GNUTLS_CIPHER_AES_128_XTS;
+ break;
+ case QCRYPTO_CIPHER_ALG_AES_256:
+ galg = GNUTLS_CIPHER_AES_256_XTS;
+ break;
+ default:
+ break;
+ }
+ break;
+#endif
+
+ case QCRYPTO_CIPHER_MODE_ECB:
+ case QCRYPTO_CIPHER_MODE_CBC:
+ switch (alg) {
+ case QCRYPTO_CIPHER_ALG_AES_128:
+ galg = GNUTLS_CIPHER_AES_128_CBC;
+ break;
+ case QCRYPTO_CIPHER_ALG_AES_192:
+ galg = GNUTLS_CIPHER_AES_192_CBC;
+ break;
+ case QCRYPTO_CIPHER_ALG_AES_256:
+ galg = GNUTLS_CIPHER_AES_256_CBC;
+ break;
+ case QCRYPTO_CIPHER_ALG_DES:
+ galg = GNUTLS_CIPHER_DES_CBC;
+ break;
+ case QCRYPTO_CIPHER_ALG_3DES:
+ galg = GNUTLS_CIPHER_3DES_CBC;
+ break;
+ default:
+ break;
+ }
+ break;
+ default:
+ break;
+ }
+
+ if (galg == GNUTLS_CIPHER_UNKNOWN) {
+ error_setg(errp, "Unsupported cipher algorithm %s with %s mode",
+ QCryptoCipherAlgorithm_str(alg),
+ QCryptoCipherMode_str(mode));
+ return NULL;
+ }
+
+ if (!qcrypto_cipher_validate_key_length(alg, mode, nkey, errp)) {
+ return NULL;
+ }
+
+ ctx = g_new0(QCryptoCipherGnutls, 1);
+ ctx->base.driver = &gnutls_driver;
+
+ if (mode == QCRYPTO_CIPHER_MODE_ECB) {
+ ctx->key = g_new0(guint8, nkey);
+ memcpy(ctx->key, key, nkey);
+ ctx->nkey = nkey;
+ ctx->galg = galg;
+ } else {
+ err = gnutls_cipher_init(&ctx->handle, galg, &gkey, NULL);
+ if (err != 0) {
+ error_setg(errp, "Cannot initialize cipher: %s",
+ gnutls_strerror(err));
+ goto error;
+ }
+ }
+
+ if (alg == QCRYPTO_CIPHER_ALG_DES ||
+ alg == QCRYPTO_CIPHER_ALG_3DES)
+ ctx->blocksize = 8;
+ else
+ ctx->blocksize = 16;
+
+ return &ctx->base;
+
+ error:
+ qcrypto_gnutls_cipher_free(&ctx->base);
+ return NULL;
+}
diff --git a/crypto/cipher.c b/crypto/cipher.c
index 1f5528be49..74b09a5b26 100644
--- a/crypto/cipher.c
+++ b/crypto/cipher.c
@@ -136,6 +136,8 @@ qcrypto_cipher_validate_key_length(QCryptoCipherAlgorithm alg,
#include "cipher-gcrypt.c.inc"
#elif defined CONFIG_NETTLE
#include "cipher-nettle.c.inc"
+#elif defined CONFIG_GNUTLS_CRYPTO
+#include "cipher-gnutls.c.inc"
#else
#include "cipher-builtin.c.inc"
#endif
--
2.31.1
next prev parent reply other threads:[~2021-07-06 10:12 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-06 9:59 [PATCH 00/18] crypto: misc cleanup and introduce gnutls backend driver Daniel P. Berrangé
2021-07-06 9:59 ` [PATCH 01/18] crypto: remove conditional around 3DES crypto test cases Daniel P. Berrangé
2021-07-08 18:27 ` Eric Blake
2021-07-06 9:59 ` [PATCH 02/18] crypto: remove obsolete crypto test condition Daniel P. Berrangé
2021-07-08 18:28 ` Eric Blake
2021-07-06 9:59 ` [PATCH 03/18] crypto: skip essiv ivgen tests if AES+ECB isn't available Daniel P. Berrangé
2021-07-08 18:29 ` Eric Blake
2021-07-06 9:59 ` [PATCH 04/18] crypto: use &error_fatal in crypto tests Daniel P. Berrangé
2021-07-08 18:33 ` Eric Blake
2021-07-06 9:59 ` [PATCH 05/18] crypto: fix gcrypt min version 1.8 regression Daniel P. Berrangé
2021-07-08 18:34 ` Eric Blake
2021-07-06 9:59 ` [PATCH 06/18] crypto: drop gcrypt thread initialization code Daniel P. Berrangé
2021-07-08 18:36 ` Eric Blake
2021-07-06 9:59 ` [PATCH 07/18] crypto: drop custom XTS support in gcrypt driver Daniel P. Berrangé
2021-07-08 18:40 ` Eric Blake
2021-07-06 9:59 ` [PATCH 08/18] crypto: add crypto tests for single block DES-ECB and DES-CBC Daniel P. Berrangé
2021-07-08 18:50 ` Eric Blake
2021-07-09 13:53 ` Daniel P. Berrangé
2021-07-06 9:59 ` [PATCH 09/18] crypto: delete built-in DES implementation Daniel P. Berrangé
2021-07-08 18:54 ` Eric Blake
2021-07-06 9:59 ` [PATCH 10/18] crypto: delete built-in XTS cipher mode support Daniel P. Berrangé
2021-07-08 18:56 ` Eric Blake
2021-07-06 9:59 ` [PATCH 11/18] crypto: rename des-rfb cipher to just des Daniel P. Berrangé
2021-07-07 12:47 ` Markus Armbruster
2021-07-07 13:48 ` Daniel P. Berrangé
2021-07-08 14:41 ` Markus Armbruster
2021-07-09 13:59 ` Daniel P. Berrangé
2021-07-08 19:50 ` Eric Blake
2021-07-06 9:59 ` [PATCH 12/18] crypto: flip priority of backends to prefer gcrypt Daniel P. Berrangé
2021-07-08 18:59 ` Eric Blake
2021-07-06 9:59 ` [PATCH 13/18] crypto: introduce build system for gnutls crypto backend Daniel P. Berrangé
2021-07-08 19:03 ` Eric Blake
2021-07-06 9:59 ` Daniel P. Berrangé [this message]
2021-07-08 19:13 ` [PATCH 14/18] crypto: add gnutls cipher provider Eric Blake
2021-07-06 9:59 ` [PATCH 15/18] crypto: add gnutls hash provider Daniel P. Berrangé
2021-07-08 19:29 ` Eric Blake
2021-07-06 9:59 ` [PATCH 16/18] crypto: add gnutls hmac provider Daniel P. Berrangé
2021-07-08 19:35 ` Eric Blake
2021-07-09 14:03 ` Daniel P. Berrangé
2021-07-06 9:59 ` [PATCH 17/18] crypto: add gnutls pbkdf provider Daniel P. Berrangé
2021-07-08 19:43 ` Eric Blake
2021-07-06 9:59 ` [PATCH 18/18] crypto: prefer gnutls as the crypto backend if new enough Daniel P. Berrangé
2021-07-08 19:52 ` Eric Blake
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210706095924.764117-15-berrange@redhat.com \
--to=berrange@redhat.com \
--cc=armbru@redhat.com \
--cc=eblake@redhat.com \
--cc=kraxel@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.