2015-07-01 19:10:33 +02:00
|
|
|
/*
|
|
|
|
* QEMU Crypto cipher libgcrypt algorithms
|
|
|
|
*
|
|
|
|
* Copyright (c) 2015 Red Hat, Inc.
|
|
|
|
*
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
|
|
* License as published by the Free Software Foundation; either
|
2019-02-13 16:54:59 +01:00
|
|
|
* version 2.1 of the License, or (at your option) any later version.
|
2015-07-01 19:10:33 +02:00
|
|
|
*
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
* Lesser General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
|
|
* License along with this library; if not, see <http://www.gnu.org/licenses/>.
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <gcrypt.h>
|
|
|
|
|
2024-03-11 13:08:22 +01:00
|
|
|
static int qcrypto_cipher_alg_to_gcry_alg(QCryptoCipherAlgorithm alg)
|
|
|
|
{
|
|
|
|
switch (alg) {
|
|
|
|
case QCRYPTO_CIPHER_ALG_DES:
|
|
|
|
return GCRY_CIPHER_DES;
|
|
|
|
case QCRYPTO_CIPHER_ALG_3DES:
|
|
|
|
return GCRY_CIPHER_3DES;
|
|
|
|
case QCRYPTO_CIPHER_ALG_AES_128:
|
|
|
|
return GCRY_CIPHER_AES128;
|
|
|
|
case QCRYPTO_CIPHER_ALG_AES_192:
|
|
|
|
return GCRY_CIPHER_AES192;
|
|
|
|
case QCRYPTO_CIPHER_ALG_AES_256:
|
|
|
|
return GCRY_CIPHER_AES256;
|
|
|
|
case QCRYPTO_CIPHER_ALG_CAST5_128:
|
|
|
|
return GCRY_CIPHER_CAST5;
|
|
|
|
case QCRYPTO_CIPHER_ALG_SERPENT_128:
|
|
|
|
return GCRY_CIPHER_SERPENT128;
|
|
|
|
case QCRYPTO_CIPHER_ALG_SERPENT_192:
|
|
|
|
return GCRY_CIPHER_SERPENT192;
|
|
|
|
case QCRYPTO_CIPHER_ALG_SERPENT_256:
|
|
|
|
return GCRY_CIPHER_SERPENT256;
|
|
|
|
case QCRYPTO_CIPHER_ALG_TWOFISH_128:
|
|
|
|
return GCRY_CIPHER_TWOFISH128;
|
|
|
|
case QCRYPTO_CIPHER_ALG_TWOFISH_256:
|
|
|
|
return GCRY_CIPHER_TWOFISH;
|
|
|
|
#ifdef CONFIG_CRYPTO_SM4
|
|
|
|
case QCRYPTO_CIPHER_ALG_SM4:
|
|
|
|
return GCRY_CIPHER_SM4;
|
|
|
|
#endif
|
|
|
|
default:
|
|
|
|
return GCRY_CIPHER_NONE;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static int qcrypto_cipher_mode_to_gcry_mode(QCryptoCipherMode mode)
|
|
|
|
{
|
|
|
|
switch (mode) {
|
|
|
|
case QCRYPTO_CIPHER_MODE_ECB:
|
|
|
|
return GCRY_CIPHER_MODE_ECB;
|
|
|
|
case QCRYPTO_CIPHER_MODE_XTS:
|
|
|
|
return GCRY_CIPHER_MODE_XTS;
|
|
|
|
case QCRYPTO_CIPHER_MODE_CBC:
|
|
|
|
return GCRY_CIPHER_MODE_CBC;
|
|
|
|
case QCRYPTO_CIPHER_MODE_CTR:
|
|
|
|
return GCRY_CIPHER_MODE_CTR;
|
|
|
|
default:
|
|
|
|
return GCRY_CIPHER_MODE_NONE;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-09-26 11:23:21 +02:00
|
|
|
bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg,
|
|
|
|
QCryptoCipherMode mode)
|
2015-07-01 19:10:33 +02:00
|
|
|
{
|
|
|
|
switch (alg) {
|
crypto: replace 'des-rfb' cipher with 'des'
Currently the crypto layer exposes support for a 'des-rfb'
algorithm which is just normal single-DES, with the bits
in each key byte reversed. This special key munging is
required by the RFB protocol password authentication
mechanism.
Since the crypto layer is generic shared code, it makes
more sense to do the key byte munging in the VNC server
code, and expose normal single-DES support.
Replacing cipher 'des-rfb' by 'des' looks like an incompatible
interface change, but it doesn't matter. While the QMP schema
allows any QCryptoCipherAlgorithm for the 'cipher-alg' field
in QCryptoBlockCreateOptionsLUKS, the code restricts what can
be used at runtime. Thus the only effect is a change in error
message.
Original behaviour:
$ qemu-img create -f luks --object secret,id=sec0,data=123 -o cipher-alg=des-rfb,key-secret=sec0 demo.luks 1G
Formatting 'demo.luks', fmt=luks size=1073741824 key-secret=sec0 cipher-alg=des-rfb
qemu-img: demo.luks: Algorithm 'des-rfb' not supported
New behaviour:
$ qemu-img create -f luks --object secret,id=sec0,data=123 -o cipher-alg=des-rfb,key-secret=sec0 demo.luks 1G
Formatting 'demo.luks', fmt=luks size=1073741824 key-secret=sec0 cipher-alg=des-fish
qemu-img: demo.luks: Invalid parameter 'des-rfb'
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-06-29 15:25:32 +02:00
|
|
|
case QCRYPTO_CIPHER_ALG_DES:
|
2016-12-08 03:33:28 +01:00
|
|
|
case QCRYPTO_CIPHER_ALG_3DES:
|
2015-07-01 19:10:33 +02:00
|
|
|
case QCRYPTO_CIPHER_ALG_AES_128:
|
|
|
|
case QCRYPTO_CIPHER_ALG_AES_192:
|
|
|
|
case QCRYPTO_CIPHER_ALG_AES_256:
|
2016-02-10 18:07:42 +01:00
|
|
|
case QCRYPTO_CIPHER_ALG_CAST5_128:
|
2016-02-10 18:07:42 +01:00
|
|
|
case QCRYPTO_CIPHER_ALG_SERPENT_128:
|
|
|
|
case QCRYPTO_CIPHER_ALG_SERPENT_192:
|
|
|
|
case QCRYPTO_CIPHER_ALG_SERPENT_256:
|
2016-02-10 18:07:42 +01:00
|
|
|
case QCRYPTO_CIPHER_ALG_TWOFISH_128:
|
|
|
|
case QCRYPTO_CIPHER_ALG_TWOFISH_256:
|
2023-12-07 16:47:35 +01:00
|
|
|
#ifdef CONFIG_CRYPTO_SM4
|
|
|
|
case QCRYPTO_CIPHER_ALG_SM4:
|
|
|
|
#endif
|
2016-09-26 11:23:21 +02:00
|
|
|
break;
|
|
|
|
default:
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2024-03-11 13:09:25 +01:00
|
|
|
if (gcry_cipher_algo_info(qcrypto_cipher_alg_to_gcry_alg(alg),
|
|
|
|
GCRYCTL_TEST_ALGO, NULL, NULL) != 0) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2016-09-26 11:23:21 +02:00
|
|
|
switch (mode) {
|
|
|
|
case QCRYPTO_CIPHER_MODE_ECB:
|
|
|
|
case QCRYPTO_CIPHER_MODE_CBC:
|
|
|
|
case QCRYPTO_CIPHER_MODE_XTS:
|
|
|
|
case QCRYPTO_CIPHER_MODE_CTR:
|
2015-07-01 19:10:33 +02:00
|
|
|
return true;
|
|
|
|
default:
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-08-28 19:05:23 +02:00
|
|
|
typedef struct QCryptoCipherGcrypt {
|
2020-08-28 19:05:14 +02:00
|
|
|
QCryptoCipher base;
|
2015-10-16 17:35:06 +02:00
|
|
|
gcry_cipher_hd_t handle;
|
|
|
|
size_t blocksize;
|
2020-08-28 19:05:23 +02:00
|
|
|
} QCryptoCipherGcrypt;
|
|
|
|
|
2015-07-01 19:10:33 +02:00
|
|
|
|
2020-08-28 19:05:23 +02:00
|
|
|
static void qcrypto_gcrypt_ctx_free(QCryptoCipher *cipher)
|
2017-07-14 20:03:54 +02:00
|
|
|
{
|
2020-08-28 19:05:23 +02:00
|
|
|
QCryptoCipherGcrypt *ctx = container_of(cipher, QCryptoCipherGcrypt, base);
|
2017-07-14 20:03:54 +02:00
|
|
|
|
|
|
|
gcry_cipher_close(ctx->handle);
|
2020-08-28 19:05:23 +02:00
|
|
|
g_free(ctx);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int qcrypto_gcrypt_encrypt(QCryptoCipher *cipher, const void *in,
|
|
|
|
void *out, size_t len, Error **errp)
|
|
|
|
{
|
|
|
|
QCryptoCipherGcrypt *ctx = container_of(cipher, QCryptoCipherGcrypt, base);
|
|
|
|
gcry_error_t err;
|
|
|
|
|
|
|
|
if (len & (ctx->blocksize - 1)) {
|
|
|
|
error_setg(errp, "Length %zu must be a multiple of block size %zu",
|
|
|
|
len, ctx->blocksize);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
err = gcry_cipher_encrypt(ctx->handle, out, len, in, len);
|
|
|
|
if (err != 0) {
|
|
|
|
error_setg(errp, "Cannot encrypt data: %s", gcry_strerror(err));
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int qcrypto_gcrypt_decrypt(QCryptoCipher *cipher, const void *in,
|
|
|
|
void *out, size_t len, Error **errp)
|
|
|
|
{
|
|
|
|
QCryptoCipherGcrypt *ctx = container_of(cipher, QCryptoCipherGcrypt, base);
|
|
|
|
gcry_error_t err;
|
|
|
|
|
|
|
|
if (len & (ctx->blocksize - 1)) {
|
|
|
|
error_setg(errp, "Length %zu must be a multiple of block size %zu",
|
|
|
|
len, ctx->blocksize);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
err = gcry_cipher_decrypt(ctx->handle, out, len, in, len);
|
|
|
|
if (err != 0) {
|
|
|
|
error_setg(errp, "Cannot decrypt data: %s",
|
|
|
|
gcry_strerror(err));
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int qcrypto_gcrypt_setiv(QCryptoCipher *cipher,
|
|
|
|
const uint8_t *iv, size_t niv,
|
|
|
|
Error **errp)
|
|
|
|
{
|
|
|
|
QCryptoCipherGcrypt *ctx = container_of(cipher, QCryptoCipherGcrypt, base);
|
|
|
|
gcry_error_t err;
|
|
|
|
|
|
|
|
if (niv != ctx->blocksize) {
|
|
|
|
error_setg(errp, "Expected IV size %zu not %zu",
|
|
|
|
ctx->blocksize, niv);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
gcry_cipher_reset(ctx->handle);
|
|
|
|
err = gcry_cipher_setiv(ctx->handle, iv, niv);
|
|
|
|
if (err != 0) {
|
|
|
|
error_setg(errp, "Cannot set IV: %s", gcry_strerror(err));
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int qcrypto_gcrypt_ctr_setiv(QCryptoCipher *cipher,
|
|
|
|
const uint8_t *iv, size_t niv,
|
|
|
|
Error **errp)
|
|
|
|
{
|
|
|
|
QCryptoCipherGcrypt *ctx = container_of(cipher, QCryptoCipherGcrypt, base);
|
|
|
|
gcry_error_t err;
|
|
|
|
|
|
|
|
if (niv != ctx->blocksize) {
|
|
|
|
error_setg(errp, "Expected IV size %zu not %zu",
|
|
|
|
ctx->blocksize, niv);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
err = gcry_cipher_setctr(ctx->handle, iv, niv);
|
|
|
|
if (err != 0) {
|
|
|
|
error_setg(errp, "Cannot set Counter: %s", gcry_strerror(err));
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static const struct QCryptoCipherDriver qcrypto_gcrypt_driver = {
|
|
|
|
.cipher_encrypt = qcrypto_gcrypt_encrypt,
|
|
|
|
.cipher_decrypt = qcrypto_gcrypt_decrypt,
|
|
|
|
.cipher_setiv = qcrypto_gcrypt_setiv,
|
|
|
|
.cipher_free = qcrypto_gcrypt_ctx_free,
|
|
|
|
};
|
|
|
|
|
|
|
|
static const struct QCryptoCipherDriver qcrypto_gcrypt_ctr_driver = {
|
|
|
|
.cipher_encrypt = qcrypto_gcrypt_encrypt,
|
|
|
|
.cipher_decrypt = qcrypto_gcrypt_decrypt,
|
|
|
|
.cipher_setiv = qcrypto_gcrypt_ctr_setiv,
|
|
|
|
.cipher_free = qcrypto_gcrypt_ctx_free,
|
|
|
|
};
|
|
|
|
|
2020-08-28 19:05:14 +02:00
|
|
|
static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg,
|
|
|
|
QCryptoCipherMode mode,
|
|
|
|
const uint8_t *key,
|
|
|
|
size_t nkey,
|
|
|
|
Error **errp)
|
2015-07-01 19:10:33 +02:00
|
|
|
{
|
2015-10-16 17:35:06 +02:00
|
|
|
QCryptoCipherGcrypt *ctx;
|
2020-08-28 19:05:23 +02:00
|
|
|
const QCryptoCipherDriver *drv;
|
2015-07-01 19:10:33 +02:00
|
|
|
gcry_error_t err;
|
|
|
|
int gcryalg, gcrymode;
|
|
|
|
|
2016-02-11 15:05:21 +01:00
|
|
|
if (!qcrypto_cipher_validate_key_length(alg, mode, nkey, errp)) {
|
2015-07-01 19:10:33 +02:00
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2024-03-11 13:08:22 +01:00
|
|
|
gcryalg = qcrypto_cipher_alg_to_gcry_alg(alg);
|
|
|
|
if (gcryalg == GCRY_CIPHER_NONE) {
|
2016-09-05 19:02:05 +02:00
|
|
|
error_setg(errp, "Unsupported cipher algorithm %s",
|
2017-08-24 10:46:08 +02:00
|
|
|
QCryptoCipherAlgorithm_str(alg));
|
2015-07-01 19:10:33 +02:00
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2024-03-11 13:08:22 +01:00
|
|
|
gcrymode = qcrypto_cipher_mode_to_gcry_mode(mode);
|
|
|
|
if (gcrymode == GCRY_CIPHER_MODE_NONE) {
|
2020-08-28 19:05:23 +02:00
|
|
|
error_setg(errp, "Unsupported cipher mode %s",
|
|
|
|
QCryptoCipherMode_str(mode));
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2024-03-11 13:08:22 +01:00
|
|
|
if (mode == QCRYPTO_CIPHER_MODE_CTR) {
|
|
|
|
drv = &qcrypto_gcrypt_ctr_driver;
|
|
|
|
} else {
|
|
|
|
drv = &qcrypto_gcrypt_driver;
|
|
|
|
}
|
|
|
|
|
2015-10-16 17:35:06 +02:00
|
|
|
ctx = g_new0(QCryptoCipherGcrypt, 1);
|
2020-08-28 19:05:23 +02:00
|
|
|
ctx->base.driver = drv;
|
2015-10-16 17:35:06 +02:00
|
|
|
|
|
|
|
err = gcry_cipher_open(&ctx->handle, gcryalg, gcrymode, 0);
|
2015-07-01 19:10:33 +02:00
|
|
|
if (err != 0) {
|
|
|
|
error_setg(errp, "Cannot initialize cipher: %s",
|
|
|
|
gcry_strerror(err));
|
|
|
|
goto error;
|
|
|
|
}
|
2020-08-28 19:05:23 +02:00
|
|
|
ctx->blocksize = gcry_cipher_get_algo_blklen(gcryalg);
|
|
|
|
|
crypto: replace 'des-rfb' cipher with 'des'
Currently the crypto layer exposes support for a 'des-rfb'
algorithm which is just normal single-DES, with the bits
in each key byte reversed. This special key munging is
required by the RFB protocol password authentication
mechanism.
Since the crypto layer is generic shared code, it makes
more sense to do the key byte munging in the VNC server
code, and expose normal single-DES support.
Replacing cipher 'des-rfb' by 'des' looks like an incompatible
interface change, but it doesn't matter. While the QMP schema
allows any QCryptoCipherAlgorithm for the 'cipher-alg' field
in QCryptoBlockCreateOptionsLUKS, the code restricts what can
be used at runtime. Thus the only effect is a change in error
message.
Original behaviour:
$ qemu-img create -f luks --object secret,id=sec0,data=123 -o cipher-alg=des-rfb,key-secret=sec0 demo.luks 1G
Formatting 'demo.luks', fmt=luks size=1073741824 key-secret=sec0 cipher-alg=des-rfb
qemu-img: demo.luks: Algorithm 'des-rfb' not supported
New behaviour:
$ qemu-img create -f luks --object secret,id=sec0,data=123 -o cipher-alg=des-rfb,key-secret=sec0 demo.luks 1G
Formatting 'demo.luks', fmt=luks size=1073741824 key-secret=sec0 cipher-alg=des-fish
qemu-img: demo.luks: Invalid parameter 'des-rfb'
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-06-29 15:25:32 +02:00
|
|
|
err = gcry_cipher_setkey(ctx->handle, key, nkey);
|
2020-08-28 19:05:23 +02:00
|
|
|
if (err != 0) {
|
|
|
|
error_setg(errp, "Cannot set key: %s", gcry_strerror(err));
|
|
|
|
goto error;
|
2015-07-01 19:10:33 +02:00
|
|
|
}
|
|
|
|
|
2020-08-28 19:05:14 +02:00
|
|
|
return &ctx->base;
|
2015-07-01 19:10:33 +02:00
|
|
|
|
|
|
|
error:
|
2020-08-28 19:05:23 +02:00
|
|
|
gcry_cipher_close(ctx->handle);
|
|
|
|
g_free(ctx);
|
|
|
|
return NULL;
|
2015-07-01 19:10:33 +02:00
|
|
|
}
|