From: "Daniel P. Berrange" <berrange@redhat.com>
To: qemu-devel@nongnu.org
Cc: Peter Maydell <peter.maydell@linaro.org>,
Gonglei <arei.gonglei@huawei.com>,
"Daniel P . Berrange" <berrange@redhat.com>
Subject: [Qemu-devel] [PULL v1 2/6] crypto: add CTR mode support
Date: Thu, 20 Oct 2016 14:45:06 +0100 [thread overview]
Message-ID: <1476971110-10403-3-git-send-email-berrange@redhat.com> (raw)
In-Reply-To: <1476971110-10403-1-git-send-email-berrange@redhat.com>
From: Gonglei <arei.gonglei@huawei.com>
Introduce CTR mode support for the cipher APIs.
CTR mode uses a counter rather than a traditional IV.
The counter has additional properties, including a nonce
and initial counter block. We reuse the ctx->iv as
the counter for conveniences.
Both libgcrypt and nettle are support CTR mode, the
cipher-builtin doesn't support yet.
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
crypto/cipher-gcrypt.c | 25 ++++++++++++++++-----
crypto/cipher-nettle.c | 15 ++++++++++++-
crypto/cipher.c | 1 +
include/crypto/cipher.h | 6 ++---
qapi/crypto.json | 3 ++-
tests/test-crypto-cipher.c | 55 ++++++++++++++++++++++++++++++++++++++++++++++
6 files changed, 94 insertions(+), 11 deletions(-)
diff --git a/crypto/cipher-gcrypt.c b/crypto/cipher-gcrypt.c
index 05026c0..c550db9 100644
--- a/crypto/cipher-gcrypt.c
+++ b/crypto/cipher-gcrypt.c
@@ -59,6 +59,7 @@ struct QCryptoCipherGcrypt {
gcry_cipher_hd_t handle;
gcry_cipher_hd_t tweakhandle;
size_t blocksize;
+ /* Initialization vector or Counter */
uint8_t *iv;
};
@@ -80,6 +81,9 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
case QCRYPTO_CIPHER_MODE_CBC:
gcrymode = GCRY_CIPHER_MODE_CBC;
break;
+ case QCRYPTO_CIPHER_MODE_CTR:
+ gcrymode = GCRY_CIPHER_MODE_CTR;
+ break;
default:
error_setg(errp, "Unsupported cipher mode %s",
QCryptoCipherMode_lookup[mode]);
@@ -350,12 +354,21 @@ int qcrypto_cipher_setiv(QCryptoCipher *cipher,
if (ctx->iv) {
memcpy(ctx->iv, iv, niv);
} else {
- gcry_cipher_reset(ctx->handle);
- err = gcry_cipher_setiv(ctx->handle, iv, niv);
- if (err != 0) {
- error_setg(errp, "Cannot set IV: %s",
- gcry_strerror(err));
- return -1;
+ if (cipher->mode == QCRYPTO_CIPHER_MODE_CTR) {
+ err = gcry_cipher_setctr(ctx->handle, iv, niv);
+ if (err != 0) {
+ error_setg(errp, "Cannot set Counter: %s",
+ gcry_strerror(err));
+ return -1;
+ }
+ } else {
+ gcry_cipher_reset(ctx->handle);
+ err = gcry_cipher_setiv(ctx->handle, iv, niv);
+ if (err != 0) {
+ error_setg(errp, "Cannot set IV: %s",
+ gcry_strerror(err));
+ return -1;
+ }
}
}
diff --git a/crypto/cipher-nettle.c b/crypto/cipher-nettle.c
index 72d1069..cd094cd 100644
--- a/crypto/cipher-nettle.c
+++ b/crypto/cipher-nettle.c
@@ -28,6 +28,7 @@
#include <nettle/cast128.h>
#include <nettle/serpent.h>
#include <nettle/twofish.h>
+#include <nettle/ctr.h>
typedef void (*QCryptoCipherNettleFuncWrapper)(const void *ctx,
size_t length,
@@ -186,7 +187,7 @@ struct QCryptoCipherNettle {
QCryptoCipherNettleFuncNative alg_decrypt_native;
QCryptoCipherNettleFuncWrapper alg_encrypt_wrapper;
QCryptoCipherNettleFuncWrapper alg_decrypt_wrapper;
-
+ /* Initialization vector or Counter */
uint8_t *iv;
size_t blocksize;
};
@@ -236,6 +237,7 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
case QCRYPTO_CIPHER_MODE_ECB:
case QCRYPTO_CIPHER_MODE_CBC:
case QCRYPTO_CIPHER_MODE_XTS:
+ case QCRYPTO_CIPHER_MODE_CTR:
break;
default:
error_setg(errp, "Unsupported cipher mode %s",
@@ -441,6 +443,12 @@ int qcrypto_cipher_encrypt(QCryptoCipher *cipher,
ctx->iv, len, out, in);
break;
+ case QCRYPTO_CIPHER_MODE_CTR:
+ ctr_crypt(ctx->ctx, ctx->alg_encrypt_native,
+ ctx->blocksize, ctx->iv,
+ len, out, in);
+ break;
+
default:
error_setg(errp, "Unsupported cipher mode %s",
QCryptoCipherMode_lookup[cipher->mode]);
@@ -480,6 +488,11 @@ int qcrypto_cipher_decrypt(QCryptoCipher *cipher,
ctx->alg_encrypt_wrapper, ctx->alg_decrypt_wrapper,
ctx->iv, len, out, in);
break;
+ case QCRYPTO_CIPHER_MODE_CTR:
+ ctr_crypt(ctx->ctx, ctx->alg_encrypt_native,
+ ctx->blocksize, ctx->iv,
+ len, out, in);
+ break;
default:
error_setg(errp, "Unsupported cipher mode %s",
diff --git a/crypto/cipher.c b/crypto/cipher.c
index cafb454..a9bca41 100644
--- a/crypto/cipher.c
+++ b/crypto/cipher.c
@@ -55,6 +55,7 @@ static bool mode_need_iv[QCRYPTO_CIPHER_MODE__MAX] = {
[QCRYPTO_CIPHER_MODE_ECB] = false,
[QCRYPTO_CIPHER_MODE_CBC] = true,
[QCRYPTO_CIPHER_MODE_XTS] = true,
+ [QCRYPTO_CIPHER_MODE_CTR] = true,
};
diff --git a/include/crypto/cipher.h b/include/crypto/cipher.h
index 97638e7..bec9f41 100644
--- a/include/crypto/cipher.h
+++ b/include/crypto/cipher.h
@@ -215,16 +215,16 @@ int qcrypto_cipher_decrypt(QCryptoCipher *cipher,
/**
* qcrypto_cipher_setiv:
* @cipher: the cipher object
- * @iv: the initialization vector bytes
+ * @iv: the initialization vector or counter (CTR mode) bytes
* @niv: the length of @iv
* @errpr: pointer to a NULL-initialized error object
*
* If the @cipher object is setup to use a mode that requires
- * initialization vectors, this sets the initialization vector
+ * initialization vectors or counter, this sets the @niv
* bytes. The @iv data should have the same length as the
* cipher key used when originally constructing the cipher
* object. It is an error to set an initialization vector
- * if the cipher mode does not require one.
+ * or counter if the cipher mode does not require one.
*
* Returns: 0 on success, -1 on error
*/
diff --git a/qapi/crypto.json b/qapi/crypto.json
index 6933b13..5c9d7d4 100644
--- a/qapi/crypto.json
+++ b/qapi/crypto.json
@@ -89,11 +89,12 @@
# @ecb: Electronic Code Book
# @cbc: Cipher Block Chaining
# @xts: XEX with tweaked code book and ciphertext stealing
+# @ctr: Counter (Since 2.8)
# Since: 2.6
##
{ 'enum': 'QCryptoCipherMode',
'prefix': 'QCRYPTO_CIPHER_MODE',
- 'data': ['ecb', 'cbc', 'xts']}
+ 'data': ['ecb', 'cbc', 'xts', 'ctr']}
##
diff --git a/tests/test-crypto-cipher.c b/tests/test-crypto-cipher.c
index 8492978..5d9e535 100644
--- a/tests/test-crypto-cipher.c
+++ b/tests/test-crypto-cipher.c
@@ -380,6 +380,61 @@ static QCryptoCipherTestData test_data[] = {
.key =
"27182818284590452353602874713526"
"31415926535897932384626433832795",
+ },
+ {
+ /* NIST F.5.1 CTR-AES128.Encrypt */
+ .path = "/crypto/cipher/aes-ctr-128",
+ .alg = QCRYPTO_CIPHER_ALG_AES_128,
+ .mode = QCRYPTO_CIPHER_MODE_CTR,
+ .key = "2b7e151628aed2a6abf7158809cf4f3c",
+ .iv = "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
+ .plaintext =
+ "6bc1bee22e409f96e93d7e117393172a"
+ "ae2d8a571e03ac9c9eb76fac45af8e51"
+ "30c81c46a35ce411e5fbc1191a0a52ef"
+ "f69f2445df4f9b17ad2b417be66c3710",
+ .ciphertext =
+ "874d6191b620e3261bef6864990db6ce"
+ "9806f66b7970fdff8617187bb9fffdff"
+ "5ae4df3edbd5d35e5b4f09020db03eab"
+ "1e031dda2fbe03d1792170a0f3009cee",
+ },
+ {
+ /* NIST F.5.3 CTR-AES192.Encrypt */
+ .path = "/crypto/cipher/aes-ctr-192",
+ .alg = QCRYPTO_CIPHER_ALG_AES_192,
+ .mode = QCRYPTO_CIPHER_MODE_CTR,
+ .key = "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b",
+ .iv = "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
+ .plaintext =
+ "6bc1bee22e409f96e93d7e117393172a"
+ "ae2d8a571e03ac9c9eb76fac45af8e51"
+ "30c81c46a35ce411e5fbc1191a0a52ef"
+ "f69f2445df4f9b17ad2b417be66c3710",
+ .ciphertext =
+ "1abc932417521ca24f2b0459fe7e6e0b"
+ "090339ec0aa6faefd5ccc2c6f4ce8e94"
+ "1e36b26bd1ebc670d1bd1d665620abf7"
+ "4f78a7f6d29809585a97daec58c6b050",
+ },
+ {
+ /* NIST F.5.5 CTR-AES256.Encrypt */
+ .path = "/crypto/cipher/aes-ctr-256",
+ .alg = QCRYPTO_CIPHER_ALG_AES_256,
+ .mode = QCRYPTO_CIPHER_MODE_CTR,
+ .key = "603deb1015ca71be2b73aef0857d7781"
+ "1f352c073b6108d72d9810a30914dff4",
+ .iv = "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
+ .plaintext =
+ "6bc1bee22e409f96e93d7e117393172a"
+ "ae2d8a571e03ac9c9eb76fac45af8e51"
+ "30c81c46a35ce411e5fbc1191a0a52ef"
+ "f69f2445df4f9b17ad2b417be66c3710",
+ .ciphertext =
+ "601ec313775789a5b7a7f504bbf3d228"
+ "f443e3ca4d62b59aca84e990cacaf5c5"
+ "2b0930daa23de94ce87017ba2d84988d"
+ "dfc9c58db67aada613c2dd08457941a6",
}
};
--
2.7.4
next prev parent reply other threads:[~2016-10-20 13:45 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-20 13:45 [Qemu-devel] [PULL v1 0/6] Merge qcrypto 2016/10/20 Daniel P. Berrange
2016-10-20 13:45 ` [Qemu-devel] [PULL v1 1/6] crypto: extend mode as a parameter in qcrypto_cipher_supports() Daniel P. Berrange
2016-10-20 13:45 ` Daniel P. Berrange [this message]
2016-10-20 13:45 ` [Qemu-devel] [PULL v1 3/6] crypto: add mode check in qcrypto_cipher_new() for cipher-builtin Daniel P. Berrange
2016-10-20 13:45 ` [Qemu-devel] [PULL v1 4/6] qtest: fix make check complaint in crypto module Daniel P. Berrange
2016-10-20 13:45 ` [Qemu-devel] [PULL v1 5/6] crypto: fix initialization of crypto in tests Daniel P. Berrange
2016-10-20 13:45 ` [Qemu-devel] [PULL v1 6/6] crypto: fix initialization of gcrypt threading Daniel P. Berrange
2016-10-20 14:57 ` [Qemu-devel] [PULL v1 0/6] Merge qcrypto 2016/10/20 Peter Maydell
-- strict thread matches above, loose matches on Subject: below --
2016-10-19 10:02 [Qemu-devel] [PULL v1 0/6] Merge qcrypto 2016/10/19 Daniel P. Berrange
2016-10-19 10:02 ` [Qemu-devel] [PULL v1 2/6] crypto: add CTR mode support Daniel P. Berrange
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1476971110-10403-3-git-send-email-berrange@redhat.com \
--to=berrange@redhat.com \
--cc=arei.gonglei@huawei.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.