crypto: introduce generic cipher API & built-in implementation (ca38a4cc) · Commits · SUMMER2020 / students / proj-2021291

crypto/Makefile.objs

+1 −0

Original line number	Diff line number	Diff line
		@@ -2,3 +2,4 @@ util-obj-y += init.o
		util-obj-y += hash.o
		util-obj-y += aes.o
		util-obj-y += desrfb.o
		util-obj-y += cipher.o

crypto/cipher-builtin.c

0 → 100644

+398 −0

Original line number	Diff line number	Diff line
		/*
		* QEMU Crypto cipher built-in algorithms
		*
		* Copyright (c) 2015 Red Hat, Inc.
		*
		* This library is free software; you can redistribute it and/or
		* modify it under the terms of the GNU Lesser General Public
		* License as published by the Free Software Foundation; either
		* version 2 of the License, or (at your option) any later version.
		*
		* This library is distributed in the hope that it will be useful,
		* but WITHOUT ANY WARRANTY; without even the implied warranty of
		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
		* Lesser General Public License for more details.
		*
		* You should have received a copy of the GNU Lesser General Public
		* License along with this library; if not, see <http://www.gnu.org/licenses/>.
		*
		*/

		#include "crypto/aes.h"
		#include "crypto/desrfb.h"

		typedef struct QCryptoCipherBuiltinAES QCryptoCipherBuiltinAES;
		struct QCryptoCipherBuiltinAES {
		AES_KEY encrypt_key;
		AES_KEY decrypt_key;
		uint8_t *iv;
		size_t niv;
		};
		typedef struct QCryptoCipherBuiltinDESRFB QCryptoCipherBuiltinDESRFB;
		struct QCryptoCipherBuiltinDESRFB {
		uint8_t *key;
		size_t nkey;
		};

		typedef struct QCryptoCipherBuiltin QCryptoCipherBuiltin;
		struct QCryptoCipherBuiltin {
		union {
		QCryptoCipherBuiltinAES aes;
		QCryptoCipherBuiltinDESRFB desrfb;
		} state;
		void (free)(QCryptoCipher cipher);
		int (setiv)(QCryptoCipher cipher,
		const uint8_t *iv, size_t niv,
		Error **errp);
		int (encrypt)(QCryptoCipher cipher,
		const void *in,
		void *out,
		size_t len,
		Error **errp);
		int (decrypt)(QCryptoCipher cipher,
		const void *in,
		void *out,
		size_t len,
		Error **errp);
		};


		static void qcrypto_cipher_free_aes(QCryptoCipher *cipher)
		{
		QCryptoCipherBuiltin *ctxt = cipher->opaque;

		g_free(ctxt->state.aes.iv);
		g_free(ctxt);
		cipher->opaque = NULL;
		}


		static int qcrypto_cipher_encrypt_aes(QCryptoCipher *cipher,
		const void *in,
		void *out,
		size_t len,
		Error **errp)
		{
		QCryptoCipherBuiltin *ctxt = cipher->opaque;

		if (cipher->mode == QCRYPTO_CIPHER_MODE_ECB) {
		const uint8_t *inptr = in;
		uint8_t *outptr = out;
		while (len) {
		if (len > AES_BLOCK_SIZE) {
		AES_encrypt(inptr, outptr, &ctxt->state.aes.encrypt_key);
		inptr += AES_BLOCK_SIZE;
		outptr += AES_BLOCK_SIZE;
		len -= AES_BLOCK_SIZE;
		} else {
		uint8_t tmp1[AES_BLOCK_SIZE], tmp2[AES_BLOCK_SIZE];
		memcpy(tmp1, inptr, len);
		/* Fill with 0 to avoid valgrind uninitialized reads */
		memset(tmp1 + len, 0, sizeof(tmp1) - len);
		AES_encrypt(tmp1, tmp2, &ctxt->state.aes.encrypt_key);
		memcpy(outptr, tmp2, len);
		len = 0;
		}
		}
		} else {
		AES_cbc_encrypt(in, out, len,
		&ctxt->state.aes.encrypt_key,
		ctxt->state.aes.iv, 1);
		}

		return 0;
		}


		static int qcrypto_cipher_decrypt_aes(QCryptoCipher *cipher,
		const void *in,
		void *out,
		size_t len,
		Error **errp)
		{
		QCryptoCipherBuiltin *ctxt = cipher->opaque;

		if (cipher->mode == QCRYPTO_CIPHER_MODE_ECB) {
		const uint8_t *inptr = in;
		uint8_t *outptr = out;
		while (len) {
		if (len > AES_BLOCK_SIZE) {
		AES_decrypt(inptr, outptr, &ctxt->state.aes.encrypt_key);
		inptr += AES_BLOCK_SIZE;
		outptr += AES_BLOCK_SIZE;
		len -= AES_BLOCK_SIZE;
		} else {
		uint8_t tmp1[AES_BLOCK_SIZE], tmp2[AES_BLOCK_SIZE];
		memcpy(tmp1, inptr, len);
		/* Fill with 0 to avoid valgrind uninitialized reads */
		memset(tmp1 + len, 0, sizeof(tmp1) - len);
		AES_decrypt(tmp1, tmp2, &ctxt->state.aes.encrypt_key);
		memcpy(outptr, tmp2, len);
		len = 0;
		}
		}
		} else {
		AES_cbc_encrypt(in, out, len,
		&ctxt->state.aes.encrypt_key,
		ctxt->state.aes.iv, 1);
		}

		return 0;
		}

		static int qcrypto_cipher_setiv_aes(QCryptoCipher *cipher,
		const uint8_t *iv, size_t niv,
		Error **errp)
		{
		QCryptoCipherBuiltin *ctxt = cipher->opaque;
		if (niv != 16) {
		error_setg(errp, "IV must be 16 bytes not %zu", niv);
		return -1;
		}

		g_free(ctxt->state.aes.iv);
		ctxt->state.aes.iv = g_new0(uint8_t, niv);
		memcpy(ctxt->state.aes.iv, iv, niv);
		ctxt->state.aes.niv = niv;

		return 0;
		}




		static int qcrypto_cipher_init_aes(QCryptoCipher *cipher,
		const uint8_t *key, size_t nkey,
		Error **errp)
		{
		QCryptoCipherBuiltin *ctxt;

		if (cipher->mode != QCRYPTO_CIPHER_MODE_CBC &&
		cipher->mode != QCRYPTO_CIPHER_MODE_ECB) {
		error_setg(errp, "Unsupported cipher mode %d", cipher->mode);
		return -1;
		}

		ctxt = g_new0(QCryptoCipherBuiltin, 1);

		if (AES_set_encrypt_key(key, nkey * 8, &ctxt->state.aes.encrypt_key) != 0) {
		error_setg(errp, "Failed to set encryption key");
		goto error;
		}

		if (AES_set_decrypt_key(key, nkey * 8, &ctxt->state.aes.decrypt_key) != 0) {
		error_setg(errp, "Failed to set decryption key");
		goto error;
		}

		ctxt->free = qcrypto_cipher_free_aes;
		ctxt->setiv = qcrypto_cipher_setiv_aes;
		ctxt->encrypt = qcrypto_cipher_encrypt_aes;
		ctxt->decrypt = qcrypto_cipher_decrypt_aes;

		cipher->opaque = ctxt;

		return 0;

		error:
		g_free(ctxt);
		return -1;
		}


		static void qcrypto_cipher_free_des_rfb(QCryptoCipher *cipher)
		{
		QCryptoCipherBuiltin *ctxt = cipher->opaque;

		g_free(ctxt->state.desrfb.key);
		g_free(ctxt);
		cipher->opaque = NULL;
		}


		static int qcrypto_cipher_encrypt_des_rfb(QCryptoCipher *cipher,
		const void *in,
		void *out,
		size_t len,
		Error **errp)
		{
		QCryptoCipherBuiltin *ctxt = cipher->opaque;
		size_t i;

		if (len % 8) {
		error_setg(errp, "Buffer size must be multiple of 8 not %zu",
		len);
		return -1;
		}

		deskey(ctxt->state.desrfb.key, EN0);

		for (i = 0; i < len; i += 8) {
		des((void *)in + i, out + i);
		}

		return 0;
		}


		static int qcrypto_cipher_decrypt_des_rfb(QCryptoCipher *cipher,
		const void *in,
		void *out,
		size_t len,
		Error **errp)
		{
		QCryptoCipherBuiltin *ctxt = cipher->opaque;
		size_t i;

		if (len % 8) {
		error_setg(errp, "Buffer size must be multiple of 8 not %zu",
		len);
		return -1;
		}

		deskey(ctxt->state.desrfb.key, DE1);

		for (i = 0; i < len; i += 8) {
		des((void *)in + i, out + i);
		}

		return 0;
		}


		static int qcrypto_cipher_setiv_des_rfb(QCryptoCipher *cipher,
		const uint8_t *iv, size_t niv,
		Error **errp)
		{
		error_setg(errp, "Setting IV is not supported");
		return -1;
		}


		static int qcrypto_cipher_init_des_rfb(QCryptoCipher *cipher,
		const uint8_t *key, size_t nkey,
		Error **errp)
		{
		QCryptoCipherBuiltin *ctxt;

		if (cipher->mode != QCRYPTO_CIPHER_MODE_ECB) {
		error_setg(errp, "Unsupported cipher mode %d", cipher->mode);
		return -1;
		}

		ctxt = g_new0(QCryptoCipherBuiltin, 1);

		ctxt->state.desrfb.key = g_new0(uint8_t, nkey);
		memcpy(ctxt->state.desrfb.key, key, nkey);
		ctxt->state.desrfb.nkey = nkey;

		ctxt->free = qcrypto_cipher_free_des_rfb;
		ctxt->setiv = qcrypto_cipher_setiv_des_rfb;
		ctxt->encrypt = qcrypto_cipher_encrypt_des_rfb;
		ctxt->decrypt = qcrypto_cipher_decrypt_des_rfb;

		cipher->opaque = ctxt;

		return 0;
		}


		bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg)
		{
		switch (alg) {
		case QCRYPTO_CIPHER_ALG_DES_RFB:
		case QCRYPTO_CIPHER_ALG_AES_128:
		case QCRYPTO_CIPHER_ALG_AES_192:
		case QCRYPTO_CIPHER_ALG_AES_256:
		return true;
		default:
		return false;
		}
		}


		QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
		QCryptoCipherMode mode,
		const uint8_t *key, size_t nkey,
		Error **errp)
		{
		QCryptoCipher *cipher;

		cipher = g_new0(QCryptoCipher, 1);
		cipher->alg = alg;
		cipher->mode = mode;

		if (!qcrypto_cipher_validate_key_length(alg, nkey, errp)) {
		goto error;
		}

		switch (cipher->alg) {
		case QCRYPTO_CIPHER_ALG_DES_RFB:
		if (qcrypto_cipher_init_des_rfb(cipher, key, nkey, errp) < 0) {
		goto error;
		}
		break;
		case QCRYPTO_CIPHER_ALG_AES_128:
		case QCRYPTO_CIPHER_ALG_AES_192:
		case QCRYPTO_CIPHER_ALG_AES_256:
		if (qcrypto_cipher_init_aes(cipher, key, nkey, errp) < 0) {
		goto error;
		}
		break;
		default:
		error_setg(errp,
		"Unsupported cipher algorithm %d", cipher->alg);
		goto error;
		}

		return cipher;

		error:
		g_free(cipher);
		return NULL;
		}

		void qcrypto_cipher_free(QCryptoCipher *cipher)
		{
		QCryptoCipherBuiltin *ctxt = cipher->opaque;
		if (!cipher) {
		return;
		}

		ctxt->free(cipher);
		g_free(cipher);
		}


		int qcrypto_cipher_encrypt(QCryptoCipher *cipher,
		const void *in,
		void *out,
		size_t len,
		Error **errp)
		{
		QCryptoCipherBuiltin *ctxt = cipher->opaque;

		return ctxt->encrypt(cipher, in, out, len, errp);
		}


		int qcrypto_cipher_decrypt(QCryptoCipher *cipher,
		const void *in,
		void *out,
		size_t len,
		Error **errp)
		{
		QCryptoCipherBuiltin *ctxt = cipher->opaque;

		return ctxt->decrypt(cipher, in, out, len, errp);
		}


		int qcrypto_cipher_setiv(QCryptoCipher *cipher,
		const uint8_t *iv, size_t niv,
		Error **errp)
		{
		QCryptoCipherBuiltin *ctxt = cipher->opaque;

		return ctxt->setiv(cipher, iv, niv, errp);
		}

crypto/cipher.c

0 → 100644

+49 −0

Original line number	Diff line number	Diff line
		/*
		* QEMU Crypto cipher algorithms
		*
		* Copyright (c) 2015 Red Hat, Inc.
		*
		* This library is free software; you can redistribute it and/or
		* modify it under the terms of the GNU Lesser General Public
		* License as published by the Free Software Foundation; either
		* version 2 of the License, or (at your option) any later version.
		*
		* This library is distributed in the hope that it will be useful,
		* but WITHOUT ANY WARRANTY; without even the implied warranty of
		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
		* Lesser General Public License for more details.
		*
		* You should have received a copy of the GNU Lesser General Public
		* License along with this library; if not, see <http://www.gnu.org/licenses/>.
		*
		*/

		#include "crypto/cipher.h"

		static size_t alg_key_len[QCRYPTO_CIPHER_ALG_LAST] = {
		[QCRYPTO_CIPHER_ALG_AES_128] = 16,
		[QCRYPTO_CIPHER_ALG_AES_192] = 24,
		[QCRYPTO_CIPHER_ALG_AES_256] = 32,
		[QCRYPTO_CIPHER_ALG_DES_RFB] = 8,
		};

		static bool
		qcrypto_cipher_validate_key_length(QCryptoCipherAlgorithm alg,
		size_t nkey,
		Error **errp)
		{
		if ((unsigned)alg >= QCRYPTO_CIPHER_ALG_LAST) {
		error_setg(errp, "Cipher algorithm %d out of range",
		alg);
		return false;
		}

		if (alg_key_len[alg] != nkey) {
		error_setg(errp, "Cipher key length %zu should be %zu",
		alg_key_len[alg], nkey);
		return false;
		}
		return true;
		}

		#include "crypto/cipher-builtin.c"

include/crypto/cipher.h

0 → 100644

+210 −0

Original line number	Diff line number	Diff line
		/*
		* QEMU Crypto cipher algorithms
		*
		* Copyright (c) 2015 Red Hat, Inc.
		*
		* This library is free software; you can redistribute it and/or
		* modify it under the terms of the GNU Lesser General Public
		* License as published by the Free Software Foundation; either
		* version 2 of the License, or (at your option) any later version.
		*
		* This library is distributed in the hope that it will be useful,
		* but WITHOUT ANY WARRANTY; without even the implied warranty of
		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
		* Lesser General Public License for more details.
		*
		* You should have received a copy of the GNU Lesser General Public
		* License along with this library; if not, see <http://www.gnu.org/licenses/>.
		*
		*/

		#ifndef QCRYPTO_CIPHER_H__
		#define QCRYPTO_CIPHER_H__

		#include "qemu-common.h"
		#include "qapi/error.h"

		typedef struct QCryptoCipher QCryptoCipher;

		typedef enum {
		QCRYPTO_CIPHER_ALG_AES_128,
		QCRYPTO_CIPHER_ALG_AES_192,
		QCRYPTO_CIPHER_ALG_AES_256,
		QCRYPTO_CIPHER_ALG_DES_RFB, /* A stupid variant on DES for VNC */

		QCRYPTO_CIPHER_ALG_LAST
		} QCryptoCipherAlgorithm;

		typedef enum {
		QCRYPTO_CIPHER_MODE_ECB,
		QCRYPTO_CIPHER_MODE_CBC,

		QCRYPTO_CIPHER_MODE_LAST
		} QCryptoCipherMode;

		/**
		* QCryptoCipher:
		*
		* The QCryptoCipher object provides a way to perform encryption
		* and decryption of data, with a standard API, regardless of the
		* algorithm used. It further isolates the calling code from the
		* details of the specific underlying implementation, whether
		* built-in, libgcrypt or nettle.
		*
		* Each QCryptoCipher object is capable of performing both
		* encryption and decryption, and can operate in a number
		* or modes including ECB, CBC.
		*
		* <example>
		* <title>Encrypting data with AES-128 in CBC mode</title>
		* <programlisting>
		* QCryptoCipher *cipher;
		* uint8_t key = ....;
		* size_t keylen = 16;
		* uint8_t iv = ....;
		*
		* if (!qcrypto_cipher_supports(QCRYPTO_CIPHER_ALG_AES_128)) {
		* error_report(errp, "Feature <blah> requires AES cipher support");
		* return -1;
		* }
		*
		* cipher = qcrypto_cipher_new(QCRYPTO_CIPHER_ALG_AES_128,
		* QCRYPTO_CIPHER_MODE_CBC,
		* key, keylen,
		* errp);
		* if (!cipher) {
		* return -1;
		* }
		*
		* if (qcrypto_cipher_set_iv(cipher, iv, keylen, errp) < 0) {
		* return -1;
		* }
		*
		* if (qcrypto_cipher_encrypt(cipher, rawdata, encdata, datalen, errp) < 0) {
		* return -1;
		* }
		*
		* qcrypto_cipher_free(cipher);
		* </programlisting>
		* </example>
		*
		*/

		struct QCryptoCipher {
		QCryptoCipherAlgorithm alg;
		QCryptoCipherMode mode;
		void *opaque;
		};

		/**
		* qcrypto_cipher_supports:
		* @alg: the cipher algorithm
		*
		* Determine if @alg cipher algorithm is supported by the
		* current configured build
		*
		* Returns: true if the algorithm is supported, false otherwise
		*/
		bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg);


		/**
		* qcrypto_cipher_new:
		* @alg: the cipher algorithm
		* @mode: the cipher usage mode
		* @key: the private key bytes
		* @nkey: the length of @key
		* @errp: pointer to an uninitialized error object
		*
		* Creates a new cipher object for encrypting/decrypting
		* data with the algorithm @alg in the usage mode @mode.
		*
		* The @key parameter provides the bytes representing
		* the encryption/decryption key to use. The @nkey parameter
		* specifies the length of @key in bytes. Each algorithm has
		* one or more valid key lengths, and it is an error to provide
		* a key of the incorrect length.
		*
		* The returned cipher object must be released with
		* qcrypto_cipher_free() when no longer required
		*
		* Returns: a new cipher object, or NULL on error
		*/
		QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
		QCryptoCipherMode mode,
		const uint8_t *key, size_t nkey,
		Error **errp);

		/**
		* qcrypto_cipher_free:
		* @cipher: the cipher object
		*
		* Release the memory associated with @cipher that
		* was previously allocated by qcrypto_cipher_new()
		*/
		void qcrypto_cipher_free(QCryptoCipher *cipher);

		/**
		* qcrypto_cipher_encrypt:
		* @cipher: the cipher object
		* @in: buffer holding the plain text input data
		* @out: buffer to fill with the cipher text output data
		* @len: the length of @in and @out buffers
		* @errp: pointer to an uninitialized error object
		*
		* Encrypts the plain text stored in @in, filling
		* @out with the resulting ciphered text. Both the
		* @in and @out buffers must have the same size,
		* given by @len.
		*
		* Returns: 0 on success, or -1 on error
		*/
		int qcrypto_cipher_encrypt(QCryptoCipher *cipher,
		const void *in,
		void *out,
		size_t len,
		Error **errp);


		/**
		* qcrypto_cipher_decrypt:
		* @cipher: the cipher object
		* @in: buffer holding the cipher text input data
		* @out: buffer to fill with the plain text output data
		* @len: the length of @in and @out buffers
		* @errp: pointer to an uninitialized error object
		*
		* Decrypts the cipher text stored in @in, filling
		* @out with the resulting plain text. Both the
		* @in and @out buffers must have the same size,
		* given by @len.
		*
		* Returns: 0 on success, or -1 on error
		*/
		int qcrypto_cipher_decrypt(QCryptoCipher *cipher,
		const void *in,
		void *out,
		size_t len,
		Error **errp);

		/**
		* qcrypto_cipher_setiv:
		* @cipher: the cipher object
		* @iv: the initialization vector bytes
		* @niv: the length of @iv
		* @errpr: pointer to an uninitialized error object
		*
		* If the @cipher object is setup to use a mode that requires
		* initialization vectors, this sets the initialization vector
		* bytes. The @iv data should have the same length as the
		* cipher key used when originally constructing the cipher
		* object. It is an error to set an initialization vector
		* if the cipher mode does not require one.
		*
		* Returns: 0 on success, -1 on error
		*/
		int qcrypto_cipher_setiv(QCryptoCipher *cipher,
		const uint8_t *iv, size_t niv,
		Error **errp);

		#endif /* QCRYPTO_CIPHER_H__ */

tests/.gitignore

+1 −0

Original line number	Diff line number	Diff line
		@@ -10,6 +10,7 @@ rcutorture
		test-aio
		test-bitops
		test-coroutine
		test-crypto-cipher
		test-crypto-hash
		test-cutils
		test-hbitmap