From: "Daniel P. Berrange" <berrange@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Gabriel L. Somlo" <somlo@cmu.edu>,
Markus Armbruster <armbru@redhat.com>
Subject: [Qemu-devel] [PATCH v1 2/2] crypto: fix cipher function signature mismatch with nettle & xts
Date: Fri, 18 Mar 2016 13:23:18 +0000 [thread overview]
Message-ID: <1458307398-26355-1-git-send-email-berrange@redhat.com> (raw)
In-Reply-To: <1458307316-25894-1-git-send-email-berrange@redhat.com>
For versions of nettle < 3.0.0, the cipher functions took a
'void *ctx' and 'unsigned len' instad of 'const void *ctx'
and 'size_t len'. The xts functions though are builtin to
QEMU and always expect the latter signatures. Define a
second set of wrappers to use with the correct signatures
needed by XTS mode.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
crypto/cipher-nettle.c | 141 +++++++++++++++++++++++++++++++++++++------------
1 file changed, 107 insertions(+), 34 deletions(-)
diff --git a/crypto/cipher-nettle.c b/crypto/cipher-nettle.c
index bec4f1c..f89adc0 100644
--- a/crypto/cipher-nettle.c
+++ b/crypto/cipher-nettle.c
@@ -29,85 +29,146 @@
#include <nettle/serpent.h>
#include <nettle/twofish.h>
+typedef void (*QCryptoCipherNettleFuncWrapper)(const void *ctx, size_t length,
+ uint8_t *dst, const uint8_t *src);
+
#if CONFIG_NETTLE_VERSION_MAJOR < 3
-typedef nettle_crypt_func nettle_cipher_func;
+typedef nettle_crypt_func *QCryptoCipherNettleFuncNative;
typedef void * cipher_ctx_t;
typedef unsigned cipher_length_t;
#define cast5_set_key cast128_set_key
#else
+typedef nettle_cipher_func *QCryptoCipherNettleFuncNative;
typedef const void * cipher_ctx_t;
typedef size_t cipher_length_t;
#endif
-static nettle_cipher_func aes_encrypt_wrapper;
-static nettle_cipher_func aes_decrypt_wrapper;
-static nettle_cipher_func des_encrypt_wrapper;
-static nettle_cipher_func des_decrypt_wrapper;
-
typedef struct QCryptoNettleAES {
struct aes_ctx enc;
struct aes_ctx dec;
} QCryptoNettleAES;
-static void aes_encrypt_wrapper(cipher_ctx_t ctx, cipher_length_t length,
+static void aes_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
+ uint8_t *dst, const uint8_t *src)
+{
+ const QCryptoNettleAES *aesctx = ctx;
+ aes_encrypt(&aesctx->enc, length, dst, src);
+}
+
+static void aes_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
+ uint8_t *dst, const uint8_t *src)
+{
+ const QCryptoNettleAES *aesctx = ctx;
+ aes_decrypt(&aesctx->dec, length, dst, src);
+}
+
+static void des_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
+ uint8_t *dst, const uint8_t *src)
+{
+ des_encrypt(ctx, length, dst, src);
+}
+
+static void des_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
+ uint8_t *dst, const uint8_t *src)
+{
+ des_decrypt(ctx, length, dst, src);
+}
+
+static void cast128_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
+ uint8_t *dst, const uint8_t *src)
+{
+ cast128_encrypt(ctx, length, dst, src);
+}
+
+static void cast128_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
+ uint8_t *dst, const uint8_t *src)
+{
+ cast128_decrypt(ctx, length, dst, src);
+}
+
+static void serpent_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
+ uint8_t *dst, const uint8_t *src)
+{
+ serpent_encrypt(ctx, length, dst, src);
+}
+
+static void serpent_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
+ uint8_t *dst, const uint8_t *src)
+{
+ serpent_decrypt(ctx, length, dst, src);
+}
+
+static void twofish_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
+ uint8_t *dst, const uint8_t *src)
+{
+ twofish_encrypt(ctx, length, dst, src);
+}
+
+static void twofish_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
+ uint8_t *dst, const uint8_t *src)
+{
+ twofish_decrypt(ctx, length, dst, src);
+}
+
+static void aes_encrypt_wrapper(const void *ctx, size_t length,
uint8_t *dst, const uint8_t *src)
{
const QCryptoNettleAES *aesctx = ctx;
aes_encrypt(&aesctx->enc, length, dst, src);
}
-static void aes_decrypt_wrapper(cipher_ctx_t ctx, cipher_length_t length,
+static void aes_decrypt_wrapper(const void *ctx, size_t length,
uint8_t *dst, const uint8_t *src)
{
const QCryptoNettleAES *aesctx = ctx;
aes_decrypt(&aesctx->dec, length, dst, src);
}
-static void des_encrypt_wrapper(cipher_ctx_t ctx, cipher_length_t length,
+static void des_encrypt_wrapper(const void *ctx, size_t length,
uint8_t *dst, const uint8_t *src)
{
des_encrypt(ctx, length, dst, src);
}
-static void des_decrypt_wrapper(cipher_ctx_t ctx, cipher_length_t length,
+static void des_decrypt_wrapper(const void *ctx, size_t length,
uint8_t *dst, const uint8_t *src)
{
des_decrypt(ctx, length, dst, src);
}
-static void cast128_encrypt_wrapper(cipher_ctx_t ctx, cipher_length_t length,
+static void cast128_encrypt_wrapper(const void *ctx, size_t length,
uint8_t *dst, const uint8_t *src)
{
cast128_encrypt(ctx, length, dst, src);
}
-static void cast128_decrypt_wrapper(cipher_ctx_t ctx, cipher_length_t length,
+static void cast128_decrypt_wrapper(const void *ctx, size_t length,
uint8_t *dst, const uint8_t *src)
{
cast128_decrypt(ctx, length, dst, src);
}
-static void serpent_encrypt_wrapper(cipher_ctx_t ctx, cipher_length_t length,
+static void serpent_encrypt_wrapper(const void *ctx, size_t length,
uint8_t *dst, const uint8_t *src)
{
serpent_encrypt(ctx, length, dst, src);
}
-static void serpent_decrypt_wrapper(cipher_ctx_t ctx, cipher_length_t length,
+static void serpent_decrypt_wrapper(const void *ctx, size_t length,
uint8_t *dst, const uint8_t *src)
{
serpent_decrypt(ctx, length, dst, src);
}
-static void twofish_encrypt_wrapper(cipher_ctx_t ctx, cipher_length_t length,
+static void twofish_encrypt_wrapper(const void *ctx, size_t length,
uint8_t *dst, const uint8_t *src)
{
twofish_encrypt(ctx, length, dst, src);
}
-static void twofish_decrypt_wrapper(cipher_ctx_t ctx, cipher_length_t length,
+static void twofish_decrypt_wrapper(const void *ctx, size_t length,
uint8_t *dst, const uint8_t *src)
{
twofish_decrypt(ctx, length, dst, src);
@@ -120,8 +181,10 @@ struct QCryptoCipherNettle {
/* Second cipher context for XTS mode only */
void *ctx_tweak;
/* Cipher callbacks for both contexts */
- nettle_cipher_func *alg_encrypt;
- nettle_cipher_func *alg_decrypt;
+ QCryptoCipherNettleFuncNative alg_encrypt_native;
+ QCryptoCipherNettleFuncNative alg_decrypt_native;
+ QCryptoCipherNettleFuncWrapper alg_encrypt_wrapper;
+ QCryptoCipherNettleFuncWrapper alg_decrypt_wrapper;
uint8_t *iv;
size_t blocksize;
@@ -184,8 +247,10 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
des_set_key(ctx->ctx, rfbkey);
g_free(rfbkey);
- ctx->alg_encrypt = des_encrypt_wrapper;
- ctx->alg_decrypt = des_decrypt_wrapper;
+ ctx->alg_encrypt_native = des_encrypt_native;
+ ctx->alg_decrypt_native = des_decrypt_native;
+ ctx->alg_encrypt_wrapper = des_encrypt_wrapper;
+ ctx->alg_decrypt_wrapper = des_decrypt_wrapper;
ctx->blocksize = DES_BLOCK_SIZE;
break;
@@ -215,8 +280,10 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
nkey, key);
}
- ctx->alg_encrypt = aes_encrypt_wrapper;
- ctx->alg_decrypt = aes_decrypt_wrapper;
+ ctx->alg_encrypt_native = aes_encrypt_native;
+ ctx->alg_decrypt_native = aes_decrypt_native;
+ ctx->alg_encrypt_wrapper = aes_encrypt_wrapper;
+ ctx->alg_decrypt_wrapper = aes_decrypt_wrapper;
ctx->blocksize = AES_BLOCK_SIZE;
break;
@@ -234,8 +301,10 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
cast5_set_key(ctx->ctx, nkey, key);
}
- ctx->alg_encrypt = cast128_encrypt_wrapper;
- ctx->alg_decrypt = cast128_decrypt_wrapper;
+ ctx->alg_encrypt_native = cast128_encrypt_native;
+ ctx->alg_decrypt_native = cast128_decrypt_native;
+ ctx->alg_encrypt_wrapper = cast128_encrypt_wrapper;
+ ctx->alg_decrypt_wrapper = cast128_decrypt_wrapper;
ctx->blocksize = CAST128_BLOCK_SIZE;
break;
@@ -255,8 +324,10 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
serpent_set_key(ctx->ctx, nkey, key);
}
- ctx->alg_encrypt = serpent_encrypt_wrapper;
- ctx->alg_decrypt = serpent_decrypt_wrapper;
+ ctx->alg_encrypt_native = serpent_encrypt_native;
+ ctx->alg_decrypt_native = serpent_decrypt_native;
+ ctx->alg_encrypt_wrapper = serpent_encrypt_wrapper;
+ ctx->alg_decrypt_wrapper = serpent_decrypt_wrapper;
ctx->blocksize = SERPENT_BLOCK_SIZE;
break;
@@ -276,8 +347,10 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
twofish_set_key(ctx->ctx, nkey, key);
}
- ctx->alg_encrypt = twofish_encrypt_wrapper;
- ctx->alg_decrypt = twofish_decrypt_wrapper;
+ ctx->alg_encrypt_native = twofish_encrypt_native;
+ ctx->alg_decrypt_native = twofish_decrypt_native;
+ ctx->alg_encrypt_wrapper = twofish_encrypt_wrapper;
+ ctx->alg_decrypt_wrapper = twofish_decrypt_wrapper;
ctx->blocksize = TWOFISH_BLOCK_SIZE;
break;
@@ -332,18 +405,18 @@ int qcrypto_cipher_encrypt(QCryptoCipher *cipher,
switch (cipher->mode) {
case QCRYPTO_CIPHER_MODE_ECB:
- ctx->alg_encrypt(ctx->ctx, len, out, in);
+ ctx->alg_encrypt_wrapper(ctx->ctx, len, out, in);
break;
case QCRYPTO_CIPHER_MODE_CBC:
- cbc_encrypt(ctx->ctx, ctx->alg_encrypt,
+ cbc_encrypt(ctx->ctx, ctx->alg_encrypt_native,
ctx->blocksize, ctx->iv,
len, out, in);
break;
case QCRYPTO_CIPHER_MODE_XTS:
xts_encrypt(ctx->ctx, ctx->ctx_tweak,
- ctx->alg_encrypt, ctx->alg_encrypt,
+ ctx->alg_encrypt_wrapper, ctx->alg_encrypt_wrapper,
ctx->iv, len, out, in);
break;
@@ -372,11 +445,11 @@ int qcrypto_cipher_decrypt(QCryptoCipher *cipher,
switch (cipher->mode) {
case QCRYPTO_CIPHER_MODE_ECB:
- ctx->alg_decrypt(ctx->ctx, len, out, in);
+ ctx->alg_decrypt_wrapper(ctx->ctx, len, out, in);
break;
case QCRYPTO_CIPHER_MODE_CBC:
- cbc_decrypt(ctx->ctx, ctx->alg_decrypt,
+ cbc_decrypt(ctx->ctx, ctx->alg_decrypt_native,
ctx->blocksize, ctx->iv,
len, out, in);
break;
@@ -388,7 +461,7 @@ int qcrypto_cipher_decrypt(QCryptoCipher *cipher,
return -1;
}
xts_decrypt(ctx->ctx, ctx->ctx_tweak,
- ctx->alg_encrypt, ctx->alg_decrypt,
+ ctx->alg_encrypt_wrapper, ctx->alg_decrypt_wrapper,
ctx->iv, len, out, in);
break;
--
2.5.0
next prev parent reply other threads:[~2016-03-18 13:23 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-18 13:21 [Qemu-devel] [PATCH v1 0/2] Fix build problems with nettle < 3.0.0 Daniel P. Berrange
2016-03-18 13:21 ` [Qemu-devel] [PATCH v1 1/2] crypto: add compat cast5_set_key " Daniel P. Berrange
2016-03-18 13:23 ` Daniel P. Berrange [this message]
2016-03-18 13:33 ` [Qemu-devel] [PATCH v1 0/2] Fix build problems " Gabriel L. Somlo
2016-03-18 20:38 ` Eduardo Habkost
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1458307398-26355-1-git-send-email-berrange@redhat.com \
--to=berrange@redhat.com \
--cc=armbru@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=somlo@cmu.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).