From patchwork Thu Jan 5 00:49:39 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Longpeng (Mike, Cloud Infrastructure Service Product Dept.)" X-Patchwork-Id: 711181 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3tv8K80hVFz9ssP for ; Thu, 5 Jan 2017 11:52:09 +1100 (AEDT) Received: from localhost ([::1]:43048 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cOwHl-0003Um-Gf for incoming@patchwork.ozlabs.org; Wed, 04 Jan 2017 19:52:05 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:60076) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cOwGF-00024u-45 for qemu-devel@nongnu.org; Wed, 04 Jan 2017 19:50:33 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cOwGB-0008M9-Hm for qemu-devel@nongnu.org; Wed, 04 Jan 2017 19:50:31 -0500 Received: from szxga02-in.huawei.com ([119.145.14.65]:41916) by eggs.gnu.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.71) (envelope-from ) id 1cOwGA-0008JL-Hy for qemu-devel@nongnu.org; Wed, 04 Jan 2017 19:50:27 -0500 Received: from 172.24.1.36 (EHLO szxeml422-hub.china.huawei.com) ([172.24.1.36]) by szxrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id DSZ81166; Thu, 05 Jan 2017 08:50:19 +0800 (CST) Received: from localhost (10.177.246.209) by szxeml422-hub.china.huawei.com (10.82.67.152) with Microsoft SMTP Server id 14.3.235.1; Thu, 5 Jan 2017 08:50:12 +0800 From: "Longpeng(Mike)" To: Date: Thu, 5 Jan 2017 08:49:39 +0800 Message-ID: <1483577381-38088-5-git-send-email-longpeng2@huawei.com> X-Mailer: git-send-email 1.8.4.msysgit.0 In-Reply-To: <1483577381-38088-1-git-send-email-longpeng2@huawei.com> References: <1483577381-38088-1-git-send-email-longpeng2@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.177.246.209] X-CFilter-Loop: Reflected X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A020203.586D984B.0144, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=0.0.0.0, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32 X-Mirapoint-Loop-Id: 87a66a309dded23078fdd9d6eb80d3cf X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.4.x-2.6.x [generic] [fuzzy] X-Received-From: 119.145.14.65 Subject: [Qemu-devel] [PATCH RESEND 4/6] crypto: implement gcrypt-backed AEAD algorithms X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "Longpeng\(Mike\)" , arei.gonglei@huawei.com, qemu-devel@nongnu.org, wu.wubin@huawei.com, jianjay.zhou@huawei.com Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" This patch add gcrypt-backed AEAD algorithms support Signed-off-by: Longpeng(Mike) --- crypto/aead-gcrypt.c | 173 +++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 167 insertions(+), 6 deletions(-) diff --git a/crypto/aead-gcrypt.c b/crypto/aead-gcrypt.c index 9465518..9892e3b 100644 --- a/crypto/aead-gcrypt.c +++ b/crypto/aead-gcrypt.c @@ -17,17 +17,100 @@ #include "crypto/aead.h" #include +typedef struct QCryptoAeadGcrypt QCryptoAeadGcrypt; +struct QCryptoAeadGcrypt { + gcry_cipher_hd_t handle; +}; + QCryptoAead *qcrypto_aead_new(QCryptoCipherAlgorithm alg, QCryptoCipherMode mode, const uint8_t *key, size_t nkey, Error **errp) { + QCryptoAead *aead; + QCryptoAeadGcrypt *ctx; + gcry_error_t err; + int gcryalg, gcrymode; + + switch (mode) { + case QCRYPTO_CIPHER_MODE_CCM: + gcrymode = GCRY_CIPHER_MODE_CCM; + break; + case QCRYPTO_CIPHER_MODE_GCM: + gcrymode = GCRY_CIPHER_MODE_GCM; + break; + default: + error_setg(errp, "Unsupported AEAD mode %s", + QCryptoCipherMode_lookup[mode]); + return NULL; + } + + if (nkey != qcrypto_aead_get_key_len(alg)) { + error_setg(errp, "Cipher key length %zu is invalid", + nkey); + return NULL; + } + + switch (alg) { + case QCRYPTO_CIPHER_ALG_AES_128: + gcryalg = GCRY_CIPHER_AES128; + break; + case QCRYPTO_CIPHER_ALG_AES_192: + gcryalg = GCRY_CIPHER_AES192; + break; + case QCRYPTO_CIPHER_ALG_AES_256: + gcryalg = GCRY_CIPHER_AES256; + break; + default: + error_setg(errp, "Unsupported AEAD algorithm %s", + QCryptoCipherAlgorithm_lookup[alg]); + return NULL; + } + + aead = g_new0(QCryptoAead, 1); + aead->alg = alg; + aead->mode = mode; + + ctx = g_new0(QCryptoAeadGcrypt, 1); + + err = gcry_cipher_open(&ctx->handle, gcryalg, gcrymode, 0); + if (err) { + error_setg(errp, "Cannot initialize aead: %s", + gcry_strerror(err)); + goto error; + } + + err = gcry_cipher_setkey(ctx->handle, key, nkey); + if (err) { + error_setg(errp, "Cannot set key: %s", + gcry_strerror(err)); + goto error; + } + + aead->opaque = ctx; + + return aead; + +error: + gcry_cipher_close(ctx->handle); + g_free(ctx); + g_free(aead); return NULL; } void qcrypto_aead_free(QCryptoAead *aead) { - return; + QCryptoAeadGcrypt *ctx; + + if (!aead) { + return; + } + + ctx = aead->opaque; + + gcry_cipher_close(ctx->handle); + g_free(ctx); + g_free(aead); } int qcrypto_aead_set_nonce(QCryptoAead *aead, @@ -36,14 +119,54 @@ int qcrypto_aead_set_nonce(QCryptoAead *aead, size_t tag_len, Error **errp) { - return -1; + QCryptoAeadGcrypt *ctx; + gcry_error_t err; + + ctx = aead->opaque; + + err = gcry_cipher_setiv(ctx->handle, nonce, nonce_len); + if (err) { + error_setg(errp, "Cannot set iv/nonce: %s", + gcry_strerror(err)); + return -1; + } + + if (aead->mode == QCRYPTO_CIPHER_MODE_CCM) { + size_t ctl_para[3]; + + ctl_para[0] = in_len; + ctl_para[1] = aad_len; + ctl_para[2] = tag_len; + + err = gcry_cipher_ctl(ctx->handle, GCRYCTL_SET_CCM_LENGTHS, + ctl_para, sizeof(ctl_para)); + if (err) { + error_setg(errp, "Cannot set lengths: %s", + gcry_strerror(err)); + return -1; + } + } + + return 0; } int qcrypto_aead_authenticate(QCryptoAead *aead, const uint8_t *aad, size_t aad_len, Error **errp) { - return -1; + QCryptoAeadGcrypt *ctx; + gcry_error_t err; + + ctx = aead->opaque; + + err = gcry_cipher_authenticate(ctx->handle, aad, aad_len); + if (err) { + error_setg(errp, "Cannot set associated data: %s", + gcry_strerror(err)); + return -1; + } + + return 0; } int qcrypto_aead_encrypt(QCryptoAead *aead, @@ -51,7 +174,20 @@ int qcrypto_aead_encrypt(QCryptoAead *aead, uint8_t *out, size_t out_len, Error **errp) { - return -1; + QCryptoAeadGcrypt *ctx; + gcry_error_t err; + + ctx = aead->opaque; + + err = gcry_cipher_encrypt(ctx->handle, out, out_len, + in, in_len); + if (err) { + error_setg(errp, "Cannot encrypt data: %s", + gcry_strerror(err)); + return -1; + } + + return 0; } int qcrypto_aead_decrypt(QCryptoAead *aead, @@ -59,12 +195,37 @@ int qcrypto_aead_decrypt(QCryptoAead *aead, uint8_t *out, size_t out_len, Error **errp) { - return -1; + QCryptoAeadGcrypt *ctx; + gcry_error_t err; + + ctx = aead->opaque; + + err = gcry_cipher_decrypt(ctx->handle, out, out_len, + in, in_len); + if (err) { + error_setg(errp, "Cannot decrypt data: %s", + gcry_strerror(err)); + return -1; + } + + return 0; } int qcrypto_aead_get_tag(QCryptoAead *aead, uint8_t *tag, size_t tag_len, Error **errp) { - return -1; + QCryptoAeadGcrypt *ctx; + gcry_error_t err; + + ctx = aead->opaque; + + err = gcry_cipher_gettag(ctx->handle, tag, tag_len); + if (err) { + error_setg(errp, "Cannot get tag: %s", + gcry_strerror(err)); + return -1; + } + + return 0; }