From: "Longpeng(Mike)" <longpeng2@huawei.com>
To: berrange@redhat.com
Cc: wu.wubin@huawei.com, jianjay.zhou@huawei.com,
arei.gonglei@huawei.com, qemu-devel@nongnu.org,
"Longpeng(Mike)" <longpeng2@huawei.com>
Subject: [Qemu-devel] [PATCH RESEND 4/6] crypto: implement gcrypt-backed AEAD algorithms
Date: Thu, 5 Jan 2017 08:49:39 +0800 [thread overview]
Message-ID: <1483577381-38088-5-git-send-email-longpeng2@huawei.com> (raw)
In-Reply-To: <1483577381-38088-1-git-send-email-longpeng2@huawei.com>
This patch add gcrypt-backed AEAD algorithms support
Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com>
---
crypto/aead-gcrypt.c | 173 +++++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 167 insertions(+), 6 deletions(-)
diff --git a/crypto/aead-gcrypt.c b/crypto/aead-gcrypt.c
index 9465518..9892e3b 100644
--- a/crypto/aead-gcrypt.c
+++ b/crypto/aead-gcrypt.c
@@ -17,17 +17,100 @@
#include "crypto/aead.h"
#include <gcrypt.h>
+typedef struct QCryptoAeadGcrypt QCryptoAeadGcrypt;
+struct QCryptoAeadGcrypt {
+ gcry_cipher_hd_t handle;
+};
+
QCryptoAead *qcrypto_aead_new(QCryptoCipherAlgorithm alg,
QCryptoCipherMode mode,
const uint8_t *key, size_t nkey,
Error **errp)
{
+ QCryptoAead *aead;
+ QCryptoAeadGcrypt *ctx;
+ gcry_error_t err;
+ int gcryalg, gcrymode;
+
+ switch (mode) {
+ case QCRYPTO_CIPHER_MODE_CCM:
+ gcrymode = GCRY_CIPHER_MODE_CCM;
+ break;
+ case QCRYPTO_CIPHER_MODE_GCM:
+ gcrymode = GCRY_CIPHER_MODE_GCM;
+ break;
+ default:
+ error_setg(errp, "Unsupported AEAD mode %s",
+ QCryptoCipherMode_lookup[mode]);
+ return NULL;
+ }
+
+ if (nkey != qcrypto_aead_get_key_len(alg)) {
+ error_setg(errp, "Cipher key length %zu is invalid",
+ nkey);
+ return NULL;
+ }
+
+ switch (alg) {
+ case QCRYPTO_CIPHER_ALG_AES_128:
+ gcryalg = GCRY_CIPHER_AES128;
+ break;
+ case QCRYPTO_CIPHER_ALG_AES_192:
+ gcryalg = GCRY_CIPHER_AES192;
+ break;
+ case QCRYPTO_CIPHER_ALG_AES_256:
+ gcryalg = GCRY_CIPHER_AES256;
+ break;
+ default:
+ error_setg(errp, "Unsupported AEAD algorithm %s",
+ QCryptoCipherAlgorithm_lookup[alg]);
+ return NULL;
+ }
+
+ aead = g_new0(QCryptoAead, 1);
+ aead->alg = alg;
+ aead->mode = mode;
+
+ ctx = g_new0(QCryptoAeadGcrypt, 1);
+
+ err = gcry_cipher_open(&ctx->handle, gcryalg, gcrymode, 0);
+ if (err) {
+ error_setg(errp, "Cannot initialize aead: %s",
+ gcry_strerror(err));
+ goto error;
+ }
+
+ err = gcry_cipher_setkey(ctx->handle, key, nkey);
+ if (err) {
+ error_setg(errp, "Cannot set key: %s",
+ gcry_strerror(err));
+ goto error;
+ }
+
+ aead->opaque = ctx;
+
+ return aead;
+
+error:
+ gcry_cipher_close(ctx->handle);
+ g_free(ctx);
+ g_free(aead);
return NULL;
}
void qcrypto_aead_free(QCryptoAead *aead)
{
- return;
+ QCryptoAeadGcrypt *ctx;
+
+ if (!aead) {
+ return;
+ }
+
+ ctx = aead->opaque;
+
+ gcry_cipher_close(ctx->handle);
+ g_free(ctx);
+ g_free(aead);
}
int qcrypto_aead_set_nonce(QCryptoAead *aead,
@@ -36,14 +119,54 @@ int qcrypto_aead_set_nonce(QCryptoAead *aead,
size_t tag_len,
Error **errp)
{
- return -1;
+ QCryptoAeadGcrypt *ctx;
+ gcry_error_t err;
+
+ ctx = aead->opaque;
+
+ err = gcry_cipher_setiv(ctx->handle, nonce, nonce_len);
+ if (err) {
+ error_setg(errp, "Cannot set iv/nonce: %s",
+ gcry_strerror(err));
+ return -1;
+ }
+
+ if (aead->mode == QCRYPTO_CIPHER_MODE_CCM) {
+ size_t ctl_para[3];
+
+ ctl_para[0] = in_len;
+ ctl_para[1] = aad_len;
+ ctl_para[2] = tag_len;
+
+ err = gcry_cipher_ctl(ctx->handle, GCRYCTL_SET_CCM_LENGTHS,
+ ctl_para, sizeof(ctl_para));
+ if (err) {
+ error_setg(errp, "Cannot set lengths: %s",
+ gcry_strerror(err));
+ return -1;
+ }
+ }
+
+ return 0;
}
int qcrypto_aead_authenticate(QCryptoAead *aead,
const uint8_t *aad, size_t aad_len,
Error **errp)
{
- return -1;
+ QCryptoAeadGcrypt *ctx;
+ gcry_error_t err;
+
+ ctx = aead->opaque;
+
+ err = gcry_cipher_authenticate(ctx->handle, aad, aad_len);
+ if (err) {
+ error_setg(errp, "Cannot set associated data: %s",
+ gcry_strerror(err));
+ return -1;
+ }
+
+ return 0;
}
int qcrypto_aead_encrypt(QCryptoAead *aead,
@@ -51,7 +174,20 @@ int qcrypto_aead_encrypt(QCryptoAead *aead,
uint8_t *out, size_t out_len,
Error **errp)
{
- return -1;
+ QCryptoAeadGcrypt *ctx;
+ gcry_error_t err;
+
+ ctx = aead->opaque;
+
+ err = gcry_cipher_encrypt(ctx->handle, out, out_len,
+ in, in_len);
+ if (err) {
+ error_setg(errp, "Cannot encrypt data: %s",
+ gcry_strerror(err));
+ return -1;
+ }
+
+ return 0;
}
int qcrypto_aead_decrypt(QCryptoAead *aead,
@@ -59,12 +195,37 @@ int qcrypto_aead_decrypt(QCryptoAead *aead,
uint8_t *out, size_t out_len,
Error **errp)
{
- return -1;
+ QCryptoAeadGcrypt *ctx;
+ gcry_error_t err;
+
+ ctx = aead->opaque;
+
+ err = gcry_cipher_decrypt(ctx->handle, out, out_len,
+ in, in_len);
+ if (err) {
+ error_setg(errp, "Cannot decrypt data: %s",
+ gcry_strerror(err));
+ return -1;
+ }
+
+ return 0;
}
int qcrypto_aead_get_tag(QCryptoAead *aead,
uint8_t *tag, size_t tag_len,
Error **errp)
{
- return -1;
+ QCryptoAeadGcrypt *ctx;
+ gcry_error_t err;
+
+ ctx = aead->opaque;
+
+ err = gcry_cipher_gettag(ctx->handle, tag, tag_len);
+ if (err) {
+ error_setg(errp, "Cannot get tag: %s",
+ gcry_strerror(err));
+ return -1;
+ }
+
+ return 0;
}
--
1.8.3.1
next prev parent reply other threads:[~2017-01-05 0:50 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-05 0:49 [Qemu-devel] [PATCH RESEND 0/6] crypto:add AEAD algorithms support Longpeng(Mike)
2017-01-05 0:49 ` [Qemu-devel] [PATCH RESEND 1/6] configure: add CONFIG_GCRYPT/NETTLE_AEAD item Longpeng(Mike)
2017-01-05 0:49 ` [Qemu-devel] [PATCH RESEND 2/6] crypto: add AEAD algorithms framework Longpeng(Mike)
2017-01-06 11:28 ` Daniel P. Berrange
2017-01-07 7:33 ` Longpeng (Mike)
2017-01-05 0:49 ` [Qemu-devel] [PATCH RESEND 3/6] crypto: implement nettle-backed AEAD algorithms Longpeng(Mike)
2017-01-05 0:49 ` Longpeng(Mike) [this message]
2017-01-05 0:49 ` [Qemu-devel] [PATCH RESEND 5/6] crypto: implement other common funcs for " Longpeng(Mike)
2017-01-05 0:49 ` [Qemu-devel] [PATCH RESEND 6/6] crypto: add AEAD algorithms testcases Longpeng(Mike)
2017-01-06 11:28 ` Daniel P. Berrange
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1483577381-38088-5-git-send-email-longpeng2@huawei.com \
--to=longpeng2@huawei.com \
--cc=arei.gonglei@huawei.com \
--cc=berrange@redhat.com \
--cc=jianjay.zhou@huawei.com \
--cc=qemu-devel@nongnu.org \
--cc=wu.wubin@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).