From patchwork Thu Sep 10 10:06:07 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 305744 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.6 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id AE8FBC433E2 for ; Thu, 10 Sep 2020 10:07:37 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 0948E20BED for ; Thu, 10 Sep 2020 10:07:36 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="d8KZpOxG" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 0948E20BED Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:46028 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kGJUN-0001k3-QM for qemu-devel@archiver.kernel.org; Thu, 10 Sep 2020 06:07:35 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:43546) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kGJTM-0008UC-Lu for qemu-devel@nongnu.org; Thu, 10 Sep 2020 06:06:32 -0400 Received: from us-smtp-2.mimecast.com ([207.211.31.81]:44742 helo=us-smtp-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1kGJTK-0007fr-B1 for qemu-devel@nongnu.org; Thu, 10 Sep 2020 06:06:32 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1599732389; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ZYz9Tr2y212XkXHhsr+3qx5QuMca9yqiXm4k6okHSa4=; b=d8KZpOxGHldPWLs58UppGUSE6WZcgEVMQNfI67TBOURzvRmd4jWr+uY+YuXpDWM0X21QAE /DOzzSfuJjYA9eV08utdTXS6sXUx6KnTYGxeypFJuIR0wSi69EYqw+qXb7qypIRgSUg9Rn Efbhoz3BSprvfiYTcukV8DwU+gDAMCw= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-1-C36wSHbTOIq5ThHOaB1LvA-1; Thu, 10 Sep 2020 06:06:27 -0400 X-MC-Unique: C36wSHbTOIq5ThHOaB1LvA-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id A38A71074640 for ; Thu, 10 Sep 2020 10:06:26 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-112-4.ams2.redhat.com [10.36.112.4]) by smtp.corp.redhat.com (Postfix) with ESMTP id 675C31002D41; Thu, 10 Sep 2020 10:06:25 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 01/17] tests: fix output message formatting for crypto benchmarks Date: Thu, 10 Sep 2020 11:06:07 +0100 Message-Id: <20200910100623.1088965-2-berrange@redhat.com> In-Reply-To: <20200910100623.1088965-1-berrange@redhat.com> References: <20200910100623.1088965-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0.002 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=207.211.31.81; envelope-from=berrange@redhat.com; helo=us-smtp-1.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/09/10 00:49:43 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" The output was changed from g_print to g_test_message in commit 24441f912e67233d9c52ce6b459ed75de2484525 Author: Marc-André Lureau Date: Fri Aug 28 15:07:30 2020 +0400 tests: do not print benchmark output to stdout As this makes the TAP output invalid. Use g_test_message(). The functions do not result in equivalent output. The g_print statements were putting all the information on a single line for ease of interpretation. The change to g_test_message split the output across many lines making it painful to read. The opportunity is used to tweak the information printed to be more consistent across tests. Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Daniel P. Berrangé --- tests/benchmark-crypto-cipher.c | 12 ++++++++---- tests/benchmark-crypto-hash.c | 4 +++- tests/benchmark-crypto-hmac.c | 7 +++---- 3 files changed, 14 insertions(+), 9 deletions(-) diff --git a/tests/benchmark-crypto-cipher.c b/tests/benchmark-crypto-cipher.c index 1936aa4ae0..c04f0a0fba 100644 --- a/tests/benchmark-crypto-cipher.c +++ b/tests/benchmark-crypto-cipher.c @@ -70,8 +70,10 @@ static void test_cipher_speed(size_t chunk_size, } g_test_timer_elapsed(); - g_test_message("Enc chunk %zu bytes ", chunk_size); - g_test_message("%.2f MB/sec ", (double)total / MiB / g_test_timer_last()); + g_test_message("enc(%s-%s) chunk %zu bytes %.2f MB/sec ", + QCryptoCipherAlgorithm_str(alg), + QCryptoCipherMode_str(mode), + chunk_size, (double)total / MiB / g_test_timer_last()); g_test_timer_start(); remain = total; @@ -85,8 +87,10 @@ static void test_cipher_speed(size_t chunk_size, } g_test_timer_elapsed(); - g_test_message("Dec chunk %zu bytes ", chunk_size); - g_test_message("%.2f MB/sec ", (double)total / MiB / g_test_timer_last()); + g_test_message("dec(%s-%s) chunk %zu bytes %.2f MB/sec ", + QCryptoCipherAlgorithm_str(alg), + QCryptoCipherMode_str(mode), + chunk_size, (double)total / MiB / g_test_timer_last()); qcrypto_cipher_free(cipher); g_free(plaintext); diff --git a/tests/benchmark-crypto-hash.c b/tests/benchmark-crypto-hash.c index 598111e75a..927b00bb4d 100644 --- a/tests/benchmark-crypto-hash.c +++ b/tests/benchmark-crypto-hash.c @@ -48,7 +48,9 @@ static void test_hash_speed(const void *opaque) } g_test_timer_elapsed(); - g_test_message("%.2f MB/sec ", (double)total / MiB / g_test_timer_last()); + g_test_message("hash(%s): chunk %zu bytes %.2f MB/sec", + QCryptoHashAlgorithm_str(opts->alg), + opts->chunk_size, total / g_test_timer_last()); g_free(out); g_free(in); diff --git a/tests/benchmark-crypto-hmac.c b/tests/benchmark-crypto-hmac.c index f9fa22df95..5cca636789 100644 --- a/tests/benchmark-crypto-hmac.c +++ b/tests/benchmark-crypto-hmac.c @@ -55,10 +55,9 @@ static void test_hmac_speed(const void *opaque) } while (g_test_timer_elapsed() < 5.0); total /= MiB; - g_test_message("hmac(sha256): "); - g_test_message("Testing chunk_size %zu bytes ", chunk_size); - g_test_message("done: %.2f MB in %.2f secs: ", total, g_test_timer_last()); - g_test_message("%.2f MB/sec\n", total / g_test_timer_last()); + g_test_message("hmac(%s): chunk %zu bytes %.2f MB/sec", + QCryptoHashAlgorithm_str(QCRYPTO_HASH_ALG_SHA256), + chunk_size, total / g_test_timer_last()); g_free(out); g_free(in); From patchwork Thu Sep 10 10:06:08 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 249581 Delivered-To: patch@linaro.org Received: by 2002:a05:6e02:ecf:0:0:0:0 with SMTP id i15csp570717ilk; Thu, 10 Sep 2020 03:06:53 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwA54Yz4GpWbaVCCsU6feUuYQX5ckFZlcU+kONfHu8LaDwdqIxCnaelSvqKKNepExIvylc/ X-Received: by 2002:a25:4004:: with SMTP id n4mr10781746yba.343.1599732413102; Thu, 10 Sep 2020 03:06:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1599732413; cv=none; d=google.com; s=arc-20160816; b=PbLMjWsp6rva4hz6KKofW6FSzD7ezQwr7DbSFUrvcovx4AV+hgI+EcLmi4k3prHNqT UaRayuCNkCGdO26B0aNahu/zkzWBFzCXgCNkGbfw1dS2BC8cFg8cXibfKaRbYJEk0AyX dQx8vC2jcCwS3OY8zgmummw2yQ8655Jx3xWFc0wb7FCeIIaC5Aswl0+vo7FGSwTfRM3R SMfDUZ4k1SrMheq/9ZcX/XvNknkx7ErGHthi5+YM13AvZ1RdtZByEM8+2IBpZj8Ao94t TCktFNMzfD/Izr9bOoWPouRNjE92R7Feq8WfCanNp1QGyQl0Gu0b4xQ65S1Dbku8rHbo 5ADw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:to:from :dkim-signature; bh=WL9HiUwIz+WYhnrnfM+ZjFXjjET46LmVvkoQ4mSa12Q=; b=c+JUGoJ8McbpYnedRDdtzbycItQ7upPnLSqHmx/ExnPu1ETAV3ff73Ds00tnHHbZm1 MYQbqjJpz7Z7g/FEmvWsnQ0KnocZ5Cx61v0/ndrMsD/sTmrBoLe7yho3hNgEsW8RhUwa 2FbucGDrOWEBaUMCkE2/ViZKpevAkRFLHRu7m44Hz9oLRxjh2JDJMz+5xwclcyhZwBYy uSb2Z3ImvgvkiZMMhW9tFVRiZIvef0d39IpHbz8hCfqwpSqLOJPY1zESAMoQK+Qrjrjx DPkFE1rvFb/pjRf0ly0p4L66J6jBz3mMG2LBd9FsYj91Dz5G/jWb5vxrmWOzzBnzCs3a CkWw== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@redhat.com header.s=mimecast20190719 header.b=VtICTKqa; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id b2si5273628yba.307.2020.09.10.03.06.52 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 10 Sep 2020 03:06:53 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=fail header.i=@redhat.com header.s=mimecast20190719 header.b=VtICTKqa; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from localhost ([::1]:42196 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kGJTg-00005C-6Y for patch@linaro.org; Thu, 10 Sep 2020 06:06:52 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:43568) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kGJTO-0008Vk-EB for qemu-devel@nongnu.org; Thu, 10 Sep 2020 06:06:34 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:56689) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1kGJTM-0007fy-Ki for qemu-devel@nongnu.org; Thu, 10 Sep 2020 06:06:34 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1599732391; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=WL9HiUwIz+WYhnrnfM+ZjFXjjET46LmVvkoQ4mSa12Q=; b=VtICTKqaDuY/eon8K2zUInVeNItabvIu6qZmvSUMyhtUO4yRxh3n/AUayOcL9LSJB0dUVD x87r1X7V3DHc2PQXqWfW2SM9XaX6C3XZ4mUqKkaGDVH2fVE6Y4n3qyxMdgLcsUw4JLoW+e Pd3g3xGB74I6VbD2Am4wt7Vrwod1xDU= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-491-DhBfS2Y-MfiQ00-9ZYS6KQ-1; Thu, 10 Sep 2020 06:06:29 -0400 X-MC-Unique: DhBfS2Y-MfiQ00-9ZYS6KQ-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 2CB5E1009441; Thu, 10 Sep 2020 10:06:28 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-112-4.ams2.redhat.com [10.36.112.4]) by smtp.corp.redhat.com (Postfix) with ESMTP id F34D01002D41; Thu, 10 Sep 2020 10:06:26 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 02/17] crypto: Assume blocksize is a power of 2 Date: Thu, 10 Sep 2020 11:06:08 +0100 Message-Id: <20200910100623.1088965-3-berrange@redhat.com> In-Reply-To: <20200910100623.1088965-1-berrange@redhat.com> References: <20200910100623.1088965-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0.002 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=216.205.24.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/09/10 00:49:43 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Henderson , =?utf-8?q?Daniel_P?= =?utf-8?b?LiBCZXJyYW5nw6k=?= Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" From: Richard Henderson The check in the encode/decode path using full division has a noticeable amount of overhead. By asserting the blocksize is a power of 2, we can reduce this check to a mask. Signed-off-by: Richard Henderson Signed-off-by: Daniel P. Berrangé --- crypto/cipher-builtin.c | 4 ++-- crypto/cipher-gcrypt.c | 5 +++-- crypto/cipher-nettle.c | 5 +++-- crypto/cipher.c | 1 + 4 files changed, 9 insertions(+), 6 deletions(-) -- 2.26.2 diff --git a/crypto/cipher-builtin.c b/crypto/cipher-builtin.c index 35cf7820d9..6eafd39da0 100644 --- a/crypto/cipher-builtin.c +++ b/crypto/cipher-builtin.c @@ -484,7 +484,7 @@ qcrypto_builtin_cipher_encrypt(QCryptoCipher *cipher, { QCryptoCipherBuiltin *ctxt = cipher->opaque; - if (len % ctxt->blocksize) { + if (len & (ctxt->blocksize - 1)) { error_setg(errp, "Length %zu must be a multiple of block size %zu", len, ctxt->blocksize); return -1; @@ -503,7 +503,7 @@ qcrypto_builtin_cipher_decrypt(QCryptoCipher *cipher, { QCryptoCipherBuiltin *ctxt = cipher->opaque; - if (len % ctxt->blocksize) { + if (len & (ctxt->blocksize - 1)) { error_setg(errp, "Length %zu must be a multiple of block size %zu", len, ctxt->blocksize); return -1; diff --git a/crypto/cipher-gcrypt.c b/crypto/cipher-gcrypt.c index 2864099527..81e4745bff 100644 --- a/crypto/cipher-gcrypt.c +++ b/crypto/cipher-gcrypt.c @@ -245,6 +245,7 @@ static QCryptoCipherGcrypt *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg, g_assert_not_reached(); } } + g_assert(is_power_of_2(ctx->blocksize)); #ifdef CONFIG_QEMU_PRIVATE_XTS if (mode == QCRYPTO_CIPHER_MODE_XTS) { @@ -305,7 +306,7 @@ qcrypto_gcrypt_cipher_encrypt(QCryptoCipher *cipher, QCryptoCipherGcrypt *ctx = cipher->opaque; gcry_error_t err; - if (len % ctx->blocksize) { + if (len & (ctx->blocksize - 1)) { error_setg(errp, "Length %zu must be a multiple of block size %zu", len, ctx->blocksize); return -1; @@ -344,7 +345,7 @@ qcrypto_gcrypt_cipher_decrypt(QCryptoCipher *cipher, QCryptoCipherGcrypt *ctx = cipher->opaque; gcry_error_t err; - if (len % ctx->blocksize) { + if (len & (ctx->blocksize - 1)) { error_setg(errp, "Length %zu must be a multiple of block size %zu", len, ctx->blocksize); return -1; diff --git a/crypto/cipher-nettle.c b/crypto/cipher-nettle.c index 7e9a4cc199..0677fdfd33 100644 --- a/crypto/cipher-nettle.c +++ b/crypto/cipher-nettle.c @@ -576,6 +576,7 @@ static QCryptoCipherNettle *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg, QCryptoCipherAlgorithm_str(alg)); goto error; } + g_assert(is_power_of_2(ctx->blocksize)); if (mode == QCRYPTO_CIPHER_MODE_XTS && ctx->blocksize != XTS_BLOCK_SIZE) { @@ -613,7 +614,7 @@ qcrypto_nettle_cipher_encrypt(QCryptoCipher *cipher, { QCryptoCipherNettle *ctx = cipher->opaque; - if (len % ctx->blocksize) { + if (len & (ctx->blocksize - 1)) { error_setg(errp, "Length %zu must be a multiple of block size %zu", len, ctx->blocksize); return -1; @@ -666,7 +667,7 @@ qcrypto_nettle_cipher_decrypt(QCryptoCipher *cipher, { QCryptoCipherNettle *ctx = cipher->opaque; - if (len % ctx->blocksize) { + if (len & (ctx->blocksize - 1)) { error_setg(errp, "Length %zu must be a multiple of block size %zu", len, ctx->blocksize); return -1; diff --git a/crypto/cipher.c b/crypto/cipher.c index e5adb56271..2722dc7d87 100644 --- a/crypto/cipher.c +++ b/crypto/cipher.c @@ -19,6 +19,7 @@ */ #include "qemu/osdep.h" +#include "qemu/host-utils.h" #include "qapi/error.h" #include "crypto/cipher.h" #include "cipherpriv.h" From patchwork Thu Sep 10 10:06:09 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 249584 Delivered-To: patch@linaro.org Received: by 2002:a17:906:6011:0:0:0:0 with SMTP id o17csp1239159ejj; Thu, 10 Sep 2020 03:08:15 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwmEVmSQqWw3DePeb/ozsjlIoq6hE6Xx/GPNHmQYiIU37lV93MMteJi6sP5ObIOwPzhxW2+ X-Received: by 2002:a25:d5:: with SMTP id 204mr12561709yba.101.1599732495542; Thu, 10 Sep 2020 03:08:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1599732495; cv=none; d=google.com; s=arc-20160816; b=MbL4eDN6E4Fd73hUoI/Mm4WnRotUvqZvDhi6HOLUKks2GSIcOKqen36p7mVov/h77l 9B/xD7utOuZsyE38s37t4Z6qVcZEEiZOfW1bV3MlIv20RNPT+qDXMDFr1T3p/85AIB2d d+n7F+u+H7gfqg0oMrUcxrCqPCyetSPWhTcet5EKzHp2ED5fIU3b/M0OGOV1mfCRwbql 2hFG5UJ/Jhuvn25cFP7UqNaave3/hcN0IyJHh3zuRYX1NVQtz19xtZs8NT4GeRGrLJdE o9AlkQ5xDN5jcuiyefLAQmbrxK2B62I/CTiyT1POysSxE5K8KDg6pMYxCNWgk4AIEfNV mD8w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:to:from :dkim-signature; bh=22/8j3nSglJouwHuKcmQ4OJ5TmHD2LDjjXggNCdZvbI=; b=o/VMXjFjpV7p5kdIk677EymdXybtF05DVJ91vH2As6UXeAdtjJdd5lxC48O8K6MPSi Eo5O1Zc479TnONuEPFUX2vVaBLxOC1gzXtjXowr2cKQO2s9RQcxivDbXlcsKj3Rg6qE+ CXyO2MAAG78ZOK25voZthunNCK7luUZBjH4wxRxIGY4WVJ2mIz7frc2c2vJXYsIhO1ox 3CidW1aiXz8YrdZkY27pZjCt4apJMDtwkkPD11ZixR1ZxxYQxz7UbDuu8k/8zATumYM3 1S7TzxRpc9Rs15gCMjS75ZcNhVzEprG3V3lXwoMXqmJllO2XysAKD/QPN4qTdk9HYGxz Z+Qw== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@redhat.com header.s=mimecast20190719 header.b=JCiZo0TI; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id d4si5044905ybr.182.2020.09.10.03.08.15 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 10 Sep 2020 03:08:15 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=fail header.i=@redhat.com header.s=mimecast20190719 header.b=JCiZo0TI; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from localhost ([::1]:50524 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kGJV0-0003Yk-SK for patch@linaro.org; Thu, 10 Sep 2020 06:08:14 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:43572) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kGJTP-000050-1g for qemu-devel@nongnu.org; Thu, 10 Sep 2020 06:06:35 -0400 Received: from us-smtp-2.mimecast.com ([207.211.31.81]:55513 helo=us-smtp-delivery-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1kGJTN-0007gL-CP for qemu-devel@nongnu.org; Thu, 10 Sep 2020 06:06:34 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1599732392; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=22/8j3nSglJouwHuKcmQ4OJ5TmHD2LDjjXggNCdZvbI=; b=JCiZo0TI8+992qhNuDeMp+xESNdfC33bWBA7jcPmEmrn0mPCy7EOfixDizhfKVBdvhPQBS 4eBUm/EZRtSPh9ySLXULqpZG6366PBXq666/o+Fl512VhvFkdhD9ds3tksieKrwAyuCBC7 /X6q7yu3NA5uSpRBM3HW0w0xx0hOUU4= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-543-MCA9rrJEPMKASciiV7urdA-1; Thu, 10 Sep 2020 06:06:30 -0400 X-MC-Unique: MCA9rrJEPMKASciiV7urdA-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id C5B9464081; Thu, 10 Sep 2020 10:06:29 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-112-4.ams2.redhat.com [10.36.112.4]) by smtp.corp.redhat.com (Postfix) with ESMTP id 8826F1002D5C; Thu, 10 Sep 2020 10:06:28 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 03/17] crypto: Rename cipher include files to .c.inc Date: Thu, 10 Sep 2020 11:06:09 +0100 Message-Id: <20200910100623.1088965-4-berrange@redhat.com> In-Reply-To: <20200910100623.1088965-1-berrange@redhat.com> References: <20200910100623.1088965-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0.002 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=207.211.31.81; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-1.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/09/10 00:49:43 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Henderson , =?utf-8?q?Daniel_P?= =?utf-8?b?LiBCZXJyYW5nw6k=?= , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" From: Richard Henderson QEMU standard procedure for included c files is to use *.c.inc. E.g. there are a different set of checks that are applied. Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Richard Henderson Signed-off-by: Daniel P. Berrangé --- crypto/{cipher-builtin.c => cipher-builtin.c.inc} | 0 crypto/{cipher-gcrypt.c => cipher-gcrypt.c.inc} | 0 crypto/{cipher-nettle.c => cipher-nettle.c.inc} | 0 crypto/cipher.c | 6 +++--- 4 files changed, 3 insertions(+), 3 deletions(-) rename crypto/{cipher-builtin.c => cipher-builtin.c.inc} (100%) rename crypto/{cipher-gcrypt.c => cipher-gcrypt.c.inc} (100%) rename crypto/{cipher-nettle.c => cipher-nettle.c.inc} (100%) -- 2.26.2 diff --git a/crypto/cipher-builtin.c b/crypto/cipher-builtin.c.inc similarity index 100% rename from crypto/cipher-builtin.c rename to crypto/cipher-builtin.c.inc diff --git a/crypto/cipher-gcrypt.c b/crypto/cipher-gcrypt.c.inc similarity index 100% rename from crypto/cipher-gcrypt.c rename to crypto/cipher-gcrypt.c.inc diff --git a/crypto/cipher-nettle.c b/crypto/cipher-nettle.c.inc similarity index 100% rename from crypto/cipher-nettle.c rename to crypto/cipher-nettle.c.inc diff --git a/crypto/cipher.c b/crypto/cipher.c index 2722dc7d87..005b5da4de 100644 --- a/crypto/cipher.c +++ b/crypto/cipher.c @@ -151,11 +151,11 @@ qcrypto_cipher_munge_des_rfb_key(const uint8_t *key, #endif /* CONFIG_GCRYPT || CONFIG_NETTLE */ #ifdef CONFIG_GCRYPT -#include "cipher-gcrypt.c" +#include "cipher-gcrypt.c.inc" #elif defined CONFIG_NETTLE -#include "cipher-nettle.c" +#include "cipher-nettle.c.inc" #else -#include "cipher-builtin.c" +#include "cipher-builtin.c.inc" #endif QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg, From patchwork Thu Sep 10 10:06:10 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 249583 Delivered-To: patch@linaro.org Received: by 2002:a17:906:6011:0:0:0:0 with SMTP id o17csp1239097ejj; Thu, 10 Sep 2020 03:08:10 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx0lckGh2hbFn3xMFlLJPJcXYrj9LfIkc9N9M0a7LloNZDSZFExnJWFfuFN1763KD2a5qI2 X-Received: by 2002:a25:e80f:: with SMTP id k15mr11863731ybd.359.1599732490359; Thu, 10 Sep 2020 03:08:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1599732490; cv=none; d=google.com; s=arc-20160816; b=oDAjlXFyOL/yyzG/JOeSnyDOma7zwYxeR4PgOUrkwtIZgo5S3Ggh0kfCNv/7t5IhiU B+xKENpXfnyDXykC1WrCEuzZULS7w4BykmIgsCQ0j+30OD2vhXBEcmffr5k9Z7t4ULQU /TXScflaas57UAPstqbiuSVnAb/ALoPadZvGhkgZRvffiSBDKDBdWTxuEjkFRP9uMbDl mmc0Bb6RMJ2C++HsPpWefJIsCQr2Gerh6gThIXeENnTtzPaxBBx06wgc2ecW1VSbPGOr eiVZL0V+5KkYRqE01qh2plPRTRR3l3dDkosMHXY2vWv8CdZ6Cc3WD/RdHQ/mLpmTvLvp dwvQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:to:from :dkim-signature; bh=ePjSYCtsoDm6neGSzzJ1Nkocp6K3wm3BNYSOcxSHwwc=; b=Vbw1jRQOi73NsAFhBOkbWHlXcLJSDxpZEzcQNa0fH1wVW3Sv92Qifn/Z5iV7YgxSJB j1n9adfCdI/UHnTOTwoN5kdlQgmokARwA066jR2RQ5C3C92J4tkgOfLJnQK5OBnoFaJp 2GhG/1Yz4Eh+Jy3hAdvkyj27VqK/4/CU2/3mPvSO0fxcT/jUEbpOiYg5wizuKrv7gf8F wy/hpkn5ikeTDK20VoYWWmDXQ4pVAhHf5xiZkcjk0HolWil5eOa81CzfRmsKVERNRPvR 6F6gAoFIzXxzm4czM5zr+IXJTCLWyZjwIE3JDcCwAhIFpOloRmOobttIDnviPFucJNyg DndA== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@redhat.com header.s=mimecast20190719 header.b=IomuB4En; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id 67si5100444ybo.449.2020.09.10.03.08.10 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 10 Sep 2020 03:08:10 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=fail header.i=@redhat.com header.s=mimecast20190719 header.b=IomuB4En; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from localhost ([::1]:49924 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kGJUv-0003Jy-OG for patch@linaro.org; Thu, 10 Sep 2020 06:08:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:43598) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kGJTR-0000Bl-KC for qemu-devel@nongnu.org; Thu, 10 Sep 2020 06:06:37 -0400 Received: from us-smtp-1.mimecast.com ([205.139.110.61]:31322 helo=us-smtp-delivery-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1kGJTP-0007gp-Qq for qemu-devel@nongnu.org; Thu, 10 Sep 2020 06:06:37 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1599732394; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ePjSYCtsoDm6neGSzzJ1Nkocp6K3wm3BNYSOcxSHwwc=; b=IomuB4EnNHNhgV/DA4VSQmv3ixlbmQGZ3TnSVP7f8aLUl8bwJGNDnlMEaPXzV/sxYXDe/9 kcB3TC2ruFP+1bIiJTUixBU9ZcHJ3SYX2tvlMGypVdsMspCLMfWbbrkzYtH9yNUuFvzU0S zR3FOiq11menHb0hBsVniJxj89XEbrM= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-414-vhXRUKP4PyWLGZ9VPL-5qw-1; Thu, 10 Sep 2020 06:06:32 -0400 X-MC-Unique: vhXRUKP4PyWLGZ9VPL-5qw-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 6E91E107464B; Thu, 10 Sep 2020 10:06:31 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-112-4.ams2.redhat.com [10.36.112.4]) by smtp.corp.redhat.com (Postfix) with ESMTP id 30AA91002D41; Thu, 10 Sep 2020 10:06:29 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 04/17] crypto: Remove redundant includes Date: Thu, 10 Sep 2020 11:06:10 +0100 Message-Id: <20200910100623.1088965-5-berrange@redhat.com> In-Reply-To: <20200910100623.1088965-1-berrange@redhat.com> References: <20200910100623.1088965-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0.002 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=205.139.110.61; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-1.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/09/10 01:44:54 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Henderson , =?utf-8?q?Daniel_P?= =?utf-8?b?LiBCZXJyYW5nw6k=?= , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" From: Richard Henderson Both qemu/osdep.h and cipherpriv.h have already been included by the parent cipher.c. Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Richard Henderson Signed-off-by: Daniel P. Berrangé --- crypto/cipher-builtin.c.inc | 2 -- crypto/cipher-gcrypt.c.inc | 2 -- crypto/cipher-nettle.c.inc | 2 -- 3 files changed, 6 deletions(-) -- 2.26.2 diff --git a/crypto/cipher-builtin.c.inc b/crypto/cipher-builtin.c.inc index 6eafd39da0..56d45b0227 100644 --- a/crypto/cipher-builtin.c.inc +++ b/crypto/cipher-builtin.c.inc @@ -18,11 +18,9 @@ * */ -#include "qemu/osdep.h" #include "crypto/aes.h" #include "crypto/desrfb.h" #include "crypto/xts.h" -#include "cipherpriv.h" typedef struct QCryptoCipherBuiltinAESContext QCryptoCipherBuiltinAESContext; struct QCryptoCipherBuiltinAESContext { diff --git a/crypto/cipher-gcrypt.c.inc b/crypto/cipher-gcrypt.c.inc index 81e4745bff..a62839914b 100644 --- a/crypto/cipher-gcrypt.c.inc +++ b/crypto/cipher-gcrypt.c.inc @@ -18,11 +18,9 @@ * */ -#include "qemu/osdep.h" #ifdef CONFIG_QEMU_PRIVATE_XTS #include "crypto/xts.h" #endif -#include "cipherpriv.h" #include diff --git a/crypto/cipher-nettle.c.inc b/crypto/cipher-nettle.c.inc index 0677fdfd33..256931a823 100644 --- a/crypto/cipher-nettle.c.inc +++ b/crypto/cipher-nettle.c.inc @@ -18,11 +18,9 @@ * */ -#include "qemu/osdep.h" #ifdef CONFIG_QEMU_PRIVATE_XTS #include "crypto/xts.h" #endif -#include "cipherpriv.h" #include #include From patchwork Thu Sep 10 10:06:11 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 249586 Delivered-To: patch@linaro.org Received: by 2002:a17:906:6011:0:0:0:0 with SMTP id o17csp1239676ejj; Thu, 10 Sep 2020 03:09:04 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzkk2tGSTKqH+f0/IstwvDsYJ28RllWDoQx38KdGtTnFlkAZdt62ydAUTBOTK8hey4ZdIEz X-Received: by 2002:a25:c604:: with SMTP id k4mr12575657ybf.204.1599732544191; Thu, 10 Sep 2020 03:09:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1599732544; cv=none; d=google.com; s=arc-20160816; b=Ib0txuy90LCxnpVGRT19CfrmTrcvC6h2THqGhT1Gk8EwxINcj/gVNJN+tAmBYTQEw8 vSU/fzrYFargAoeSVz8GvZFqVT0fzqE0WAtU+ZZRWi+WUWJIazRZOClfug38xfh6TWbh gFLXZ7+qGsa+BAo2iOxlcbDoJF8+IpVhKQUimF65a9ZP3GCHCtBRCHPgRWTg2Q6nJl4q 5ZPrqCXL1TKVnut0u98qYXnYBV7h6CcbiLLei18rcJ1zHhIxgOPe652RPYQkurUPWuIq qhKroPRFksKXM7yk40aEWhUxSW/wRr4VNXf9GkGuVZNLCy+xIr8Lcfh+E1/9ctJ3s+yv aK/A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:to:from :dkim-signature; bh=VbA/0OZZqYQXGOKSJcnbgEpaJYkroA6FF95iuoW/fyc=; b=Hrnr6nnqCQyPMWxRndnVaESF3JciXfjsX/p+JzRjbDWTDGB0ls+PjD5LhoRT95ebwF icy0mL2az+jIaCkEDl6byVhUIpHMNaSOD++Aeo304ELebr7WG4B2yYb+Em4HE99q3Sr/ KtcdezIrSlaNjpLXZB4DySFCrm7Cptm5ojiGfYXtnRtuBSbM4frbaAWO7HugvqhUAq/i haaBdoOsvV6KqjjhUeEZwHAs99MiU+qtjZqNII65oEGvn+rYn77NODc6MBqczbITbyv9 LcvcdQgrDATPsh48NRZfqND6PEraErqAq4G6vSHlrjnBf9z+g/NBo4H46qH4htIbDqsG VawQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@redhat.com header.s=mimecast20190719 header.b=aSBsCPCh; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id v66si5311527ybb.411.2020.09.10.03.09.04 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 10 Sep 2020 03:09:04 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=fail header.i=@redhat.com header.s=mimecast20190719 header.b=aSBsCPCh; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from localhost ([::1]:53340 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kGJVn-0004hf-IU for patch@linaro.org; Thu, 10 Sep 2020 06:09:03 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:43608) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kGJTS-0000DQ-AL for qemu-devel@nongnu.org; Thu, 10 Sep 2020 06:06:38 -0400 Received: from us-smtp-delivery-1.mimecast.com ([207.211.31.120]:44596 helo=us-smtp-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1kGJTQ-0007h0-I3 for qemu-devel@nongnu.org; Thu, 10 Sep 2020 06:06:37 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1599732396; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=VbA/0OZZqYQXGOKSJcnbgEpaJYkroA6FF95iuoW/fyc=; b=aSBsCPChqyHaRG+y/bsFg8KfdmuoIv2/iX/QHv99cUt2JfEJZtVK/qzDayqPY5ZiAavuiE RouAgRJBLRxHGjlLOFKr4kn7gkt9jef8cpsD2WJbe3JUo18gPyaW3NP2ShS5Df0Dsrivb9 cqICxO0WIiF0BzCdzLeukCA9su9kYtk= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-277-beKPAsqGMwyrFiUs6GdnWg-1; Thu, 10 Sep 2020 06:06:33 -0400 X-MC-Unique: beKPAsqGMwyrFiUs6GdnWg-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id CC8A118BA283; Thu, 10 Sep 2020 10:06:32 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-112-4.ams2.redhat.com [10.36.112.4]) by smtp.corp.redhat.com (Postfix) with ESMTP id CC33E1002D41; Thu, 10 Sep 2020 10:06:31 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 05/17] crypto/nettle: Fix xts_encrypt arguments Date: Thu, 10 Sep 2020 11:06:11 +0100 Message-Id: <20200910100623.1088965-6-berrange@redhat.com> In-Reply-To: <20200910100623.1088965-1-berrange@redhat.com> References: <20200910100623.1088965-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0.002 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=207.211.31.120; envelope-from=berrange@redhat.com; helo=us-smtp-1.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/09/10 03:02:23 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Henderson , =?utf-8?q?Daniel_P?= =?utf-8?b?LiBCZXJyYW5nw6k=?= Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" From: Richard Henderson The fourth argument to xts_encrypt should be the decrypt callback; we were accidentally passing encrypt twice. Signed-off-by: Richard Henderson Signed-off-by: Daniel P. Berrangé --- crypto/cipher-nettle.c.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.26.2 diff --git a/crypto/cipher-nettle.c.inc b/crypto/cipher-nettle.c.inc index 256931a823..0404cfc6da 100644 --- a/crypto/cipher-nettle.c.inc +++ b/crypto/cipher-nettle.c.inc @@ -632,7 +632,7 @@ qcrypto_nettle_cipher_encrypt(QCryptoCipher *cipher, case QCRYPTO_CIPHER_MODE_XTS: #ifdef CONFIG_QEMU_PRIVATE_XTS xts_encrypt(ctx->ctx, ctx->ctx_tweak, - ctx->alg_encrypt_wrapper, ctx->alg_encrypt_wrapper, + ctx->alg_encrypt_wrapper, ctx->alg_decrypt_wrapper, ctx->iv, len, out, in); #else xts_encrypt_message(ctx->ctx, ctx->ctx_tweak, From patchwork Thu Sep 10 10:06:12 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 249582 Delivered-To: patch@linaro.org Received: by 2002:a17:906:6011:0:0:0:0 with SMTP id o17csp1238414ejj; Thu, 10 Sep 2020 03:07:01 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwXT3i+VkCdvJSCxDhFk8udBE7Q6OXw1y6mUhp847lusOnn9EFDa5mitrwa0wFZUYq+Arrj X-Received: by 2002:a25:9745:: with SMTP id h5mr8980673ybo.104.1599732421339; Thu, 10 Sep 2020 03:07:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1599732421; cv=none; d=google.com; s=arc-20160816; b=g1aPbdk3xrZ5hPfJ5fa+IUQbTK/pnBZlogPDmYmN1ivwQ1woDhNvrKWDQ854IZi8rj BcyvlVC5bq6wIDyhljF5CHZJ0aeYtPlgx/ZWxHsew7cI3aAXFl1+lN0avuvUaCzjXt8k 3R96ERKF7ym+xoc1OmmtgE5954zmOxL8M8/azN5vBR+nynT4ka7JlYfGJvLX3sddWo3x mSga7K0w/qjGayuXfPMOayAVDfP6KqLvEWMjhny5AQuWzlEn4mUCQ2trgpzDKUBJNo8O pXX3zwkPG2MYbfVci2xHuf2fNknkd6ahg3vZT+VKFd06gDQzPT8Rd0dPxax5bZPmZi2B YA1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:to:from :dkim-signature; bh=19KEz/DRMwQy3pUnVgUen5fEjahzfLsC3s499xtdYUY=; b=Gb33ahjnOgFkCUF9L003zNQvBVeDrag0GmgXdLqXyktzFgpaBY15nEljg5cZwlJcqZ SHhuO0nDKkDTvC2WXCia0PMBLyKmia4HzlhlnikCspwN/rqTgHjJBVOFSJy/HaJGnRWX AfB4duWTna1eeyTx6iPDQN3a6+9LNz5ZE62E6/9lnjOuwZmfzytTQhc/NWN0dDaHpxbV Ty5p2F/Gq3l+yj0xuFOeMmCjQz7wRxU0rc91HuO/aTIT+TU1t20NWgey0RY8vBeb6r9C bNaIs6gyKS0JlFJ5+3DLMIKDlv60nkI30TcRUInpJ3PESx8HpQxQQS01A5DRR9HuQ1oX sV5Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@redhat.com header.s=mimecast20190719 header.b=jTNfyef5; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id e76si5224011ybb.54.2020.09.10.03.07.01 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 10 Sep 2020 03:07:01 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=fail header.i=@redhat.com header.s=mimecast20190719 header.b=jTNfyef5; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from localhost ([::1]:42782 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kGJTo-0000LH-Ib for patch@linaro.org; Thu, 10 Sep 2020 06:07:00 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:43636) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kGJTU-0000IG-7z for qemu-devel@nongnu.org; Thu, 10 Sep 2020 06:06:40 -0400 Received: from us-smtp-2.mimecast.com ([207.211.31.81]:40793 helo=us-smtp-delivery-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1kGJTS-0007hK-D0 for qemu-devel@nongnu.org; Thu, 10 Sep 2020 06:06:39 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1599732397; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=19KEz/DRMwQy3pUnVgUen5fEjahzfLsC3s499xtdYUY=; b=jTNfyef5TSZ8MKLEXlMUPrHfUhs3me93aC33HYisOdhDrMVGCIEQDRN/Rp33tmlgJ5c54y e6EoFGmOhDp/g41EvuKmdu5W2dMwL7ABu0d4X1tgnUOpWIn8HKJIXC24HevgD364oblqGs QTg3qTIMLJpdy6GuCJELrhVfTBetAGg= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-577-r64GhKoJNuiCjhXsU8REIg-1; Thu, 10 Sep 2020 06:06:35 -0400 X-MC-Unique: r64GhKoJNuiCjhXsU8REIg-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7271B8018A1; Thu, 10 Sep 2020 10:06:34 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-112-4.ams2.redhat.com [10.36.112.4]) by smtp.corp.redhat.com (Postfix) with ESMTP id 23E981002D5C; Thu, 10 Sep 2020 10:06:32 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 06/17] crypto: Move QCryptoCipherDriver typedef to crypto/cipher.h Date: Thu, 10 Sep 2020 11:06:12 +0100 Message-Id: <20200910100623.1088965-7-berrange@redhat.com> In-Reply-To: <20200910100623.1088965-1-berrange@redhat.com> References: <20200910100623.1088965-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0.002 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=207.211.31.81; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-1.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/09/10 00:49:43 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Henderson , =?utf-8?q?Daniel_P?= =?utf-8?b?LiBCZXJyYW5nw6k=?= Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" From: Richard Henderson Allow the use in QCryptoCipher to be properly typed with the opaque struct pointer. Signed-off-by: Richard Henderson Signed-off-by: Daniel P. Berrangé --- crypto/cipherpriv.h | 2 -- include/crypto/cipher.h | 1 + 2 files changed, 1 insertion(+), 2 deletions(-) -- 2.26.2 diff --git a/crypto/cipherpriv.h b/crypto/cipherpriv.h index 0823239f41..9228c9fc3a 100644 --- a/crypto/cipherpriv.h +++ b/crypto/cipherpriv.h @@ -17,8 +17,6 @@ #include "qapi/qapi-types-crypto.h" -typedef struct QCryptoCipherDriver QCryptoCipherDriver; - struct QCryptoCipherDriver { int (*cipher_encrypt)(QCryptoCipher *cipher, const void *in, diff --git a/include/crypto/cipher.h b/include/crypto/cipher.h index 5928e5ecc7..8a42a683a4 100644 --- a/include/crypto/cipher.h +++ b/include/crypto/cipher.h @@ -24,6 +24,7 @@ #include "qapi/qapi-types-crypto.h" typedef struct QCryptoCipher QCryptoCipher; +typedef struct QCryptoCipherDriver QCryptoCipherDriver; /* See also "QCryptoCipherAlgorithm" and "QCryptoCipherMode" * enums defined in qapi/crypto.json */ From patchwork Thu Sep 10 10:06:13 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 249590 Delivered-To: patch@linaro.org Received: by 2002:a17:906:6011:0:0:0:0 with SMTP id o17csp1240418ejj; Thu, 10 Sep 2020 03:10:16 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzEwMXEKHOxoNeBlJt1jDqkEEdeY9uuT/vzq6NVpM7V5C4jKUmf2TVDB45LSJsmfJmHWa43 X-Received: by 2002:a25:1d5:: with SMTP id 204mr11680254ybb.212.1599732615997; Thu, 10 Sep 2020 03:10:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1599732615; cv=none; d=google.com; s=arc-20160816; b=X0cxaGETWt7XOq8EtwAiIAmHPlRux8A4zA9cJVwssOKqF75Ask/x6+BxF397x677FZ Mo6KpR93j9JlwLYJVd8LksF89pcR+x/Vq+te2Zr9GtCdLx1nX4rStEuvq9pQH5lnJ7C0 PnpxLklNv6HC+DKs3MKte/+KRjj7lsrlYBMdLr4fwRe+I0ymMeP3ApjP2oi9DMe+DOre exFRFUx4QSwInYSRsVMxQiPA5w/emcBtE8yqaJK6DJVJRcIlyve1q5i6CnOiqQf0+5/7 lLA2LMGKJtdJkZrx2BhLV+Euzy8OizGAnhZHnGAdi4u8htwMvNzvEBYsfuSuwTaEQRIi xwww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:to:from :dkim-signature; bh=EgC3toX5BHn1BmzSD7aTNv/qJ03wUJgQwo/wZpP42u0=; b=Iky3d15YJuHWn7qwhChoI+6zWL5lhxYMQJodM3xh9lpeH8lTf6rY5dwDl7sAOXroPY 8YYHkLMSpAGjgeT+1giXF2Bmn1A/IsTIiVO+29NImEtzomD3o0oGCVYBSqT+vk7zzd68 2Nrlgsor0UfXFGuHk5546ssvhMcpkMuBy+rMr4Uud9QX0i/vUC2FbiLRI9YmUZ3J6r5p 3qhaQLFH1VX3DFT61CZKnQ1KAjNU0k6tr3DQSp4nsf3BLB7h2kx89Ln4OFYoeaDtJy63 qXbqqfexr0QRRF7ZiTcnk2QsAvf6PfwdHctqvdfNGx2kk+YQQdRrO8GcqbYcbnDZbLv0 4vrQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@redhat.com header.s=mimecast20190719 header.b=XwQUWpzH; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id n16si5267768ybh.172.2020.09.10.03.10.15 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 10 Sep 2020 03:10:15 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=fail header.i=@redhat.com header.s=mimecast20190719 header.b=XwQUWpzH; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from localhost ([::1]:33370 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kGJWx-000861-8X for patch@linaro.org; Thu, 10 Sep 2020 06:10:15 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:43658) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kGJTW-0000MO-Gp for qemu-devel@nongnu.org; Thu, 10 Sep 2020 06:06:42 -0400 Received: from us-smtp-delivery-124.mimecast.com ([63.128.21.124]:53924) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1kGJTT-0007hY-Vb for qemu-devel@nongnu.org; Thu, 10 Sep 2020 06:06:42 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1599732398; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=EgC3toX5BHn1BmzSD7aTNv/qJ03wUJgQwo/wZpP42u0=; b=XwQUWpzHFEWyGzRoI1UMiuWJeGeZlPS56C+LFnAleSCtvQ+ztA2zt36WGJZrh+rBkA/Teq gz85tMO+u+P8ApF5jUHDjnAKnAjXTkGbz6M3gUZxatzv++w2z9KQC0mCZOxCKRA7cKpxIA tlMj+NLRFmCqUJqlSmkL0ZBToV0Og6c= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-586-Ga2o15xON8yjSxx9ZmfHTQ-1; Thu, 10 Sep 2020 06:06:36 -0400 X-MC-Unique: Ga2o15xON8yjSxx9ZmfHTQ-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 9EF9D802B6B; Thu, 10 Sep 2020 10:06:35 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-112-4.ams2.redhat.com [10.36.112.4]) by smtp.corp.redhat.com (Postfix) with ESMTP id C12D41002D41; Thu, 10 Sep 2020 10:06:34 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 07/17] crypto: Use the correct const type for driver Date: Thu, 10 Sep 2020 11:06:13 +0100 Message-Id: <20200910100623.1088965-8-berrange@redhat.com> In-Reply-To: <20200910100623.1088965-1-berrange@redhat.com> References: <20200910100623.1088965-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0.002 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=63.128.21.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/09/10 02:38:59 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Henderson , =?utf-8?q?Daniel_P?= =?utf-8?b?LiBCZXJyYW5nw6k=?= Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" From: Richard Henderson This allows the in memory structures to be read-only. Signed-off-by: Richard Henderson Signed-off-by: Daniel P. Berrangé --- crypto/cipher-afalg.c | 2 +- crypto/cipher-builtin.c.inc | 2 +- crypto/cipher-gcrypt.c.inc | 2 +- crypto/cipher-nettle.c.inc | 2 +- crypto/cipher.c | 12 ++++++------ crypto/cipherpriv.h | 2 +- include/crypto/cipher.h | 2 +- 7 files changed, 12 insertions(+), 12 deletions(-) -- 2.26.2 diff --git a/crypto/cipher-afalg.c b/crypto/cipher-afalg.c index cd72284690..5c7c44761b 100644 --- a/crypto/cipher-afalg.c +++ b/crypto/cipher-afalg.c @@ -218,7 +218,7 @@ static void qcrypto_afalg_comm_ctx_free(QCryptoCipher *cipher) qcrypto_afalg_comm_free(cipher->opaque); } -struct QCryptoCipherDriver qcrypto_cipher_afalg_driver = { +const struct QCryptoCipherDriver qcrypto_cipher_afalg_driver = { .cipher_encrypt = qcrypto_afalg_cipher_encrypt, .cipher_decrypt = qcrypto_afalg_cipher_decrypt, .cipher_setiv = qcrypto_afalg_cipher_setiv, diff --git a/crypto/cipher-builtin.c.inc b/crypto/cipher-builtin.c.inc index 56d45b0227..156f32f1c7 100644 --- a/crypto/cipher-builtin.c.inc +++ b/crypto/cipher-builtin.c.inc @@ -522,7 +522,7 @@ qcrypto_builtin_cipher_setiv(QCryptoCipher *cipher, } -static struct QCryptoCipherDriver qcrypto_cipher_lib_driver = { +static const struct QCryptoCipherDriver qcrypto_cipher_lib_driver = { .cipher_encrypt = qcrypto_builtin_cipher_encrypt, .cipher_decrypt = qcrypto_builtin_cipher_decrypt, .cipher_setiv = qcrypto_builtin_cipher_setiv, diff --git a/crypto/cipher-gcrypt.c.inc b/crypto/cipher-gcrypt.c.inc index a62839914b..18850fadb9 100644 --- a/crypto/cipher-gcrypt.c.inc +++ b/crypto/cipher-gcrypt.c.inc @@ -413,7 +413,7 @@ qcrypto_gcrypt_cipher_setiv(QCryptoCipher *cipher, } -static struct QCryptoCipherDriver qcrypto_cipher_lib_driver = { +static const struct QCryptoCipherDriver qcrypto_cipher_lib_driver = { .cipher_encrypt = qcrypto_gcrypt_cipher_encrypt, .cipher_decrypt = qcrypto_gcrypt_cipher_decrypt, .cipher_setiv = qcrypto_gcrypt_cipher_setiv, diff --git a/crypto/cipher-nettle.c.inc b/crypto/cipher-nettle.c.inc index 0404cfc6da..6ecce5e8ea 100644 --- a/crypto/cipher-nettle.c.inc +++ b/crypto/cipher-nettle.c.inc @@ -724,7 +724,7 @@ qcrypto_nettle_cipher_setiv(QCryptoCipher *cipher, } -static struct QCryptoCipherDriver qcrypto_cipher_lib_driver = { +static const struct QCryptoCipherDriver qcrypto_cipher_lib_driver = { .cipher_encrypt = qcrypto_nettle_cipher_encrypt, .cipher_decrypt = qcrypto_nettle_cipher_decrypt, .cipher_setiv = qcrypto_nettle_cipher_setiv, diff --git a/crypto/cipher.c b/crypto/cipher.c index 005b5da4de..3ca4a7e662 100644 --- a/crypto/cipher.c +++ b/crypto/cipher.c @@ -165,7 +165,7 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg, { QCryptoCipher *cipher; void *ctx = NULL; - QCryptoCipherDriver *drv = NULL; + const QCryptoCipherDriver *drv = NULL; #ifdef CONFIG_AF_ALG ctx = qcrypto_afalg_cipher_ctx_new(alg, mode, key, nkey, NULL); @@ -187,7 +187,7 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg, cipher->alg = alg; cipher->mode = mode; cipher->opaque = ctx; - cipher->driver = (void *)drv; + cipher->driver = drv; return cipher; } @@ -199,7 +199,7 @@ int qcrypto_cipher_encrypt(QCryptoCipher *cipher, size_t len, Error **errp) { - QCryptoCipherDriver *drv = cipher->driver; + const QCryptoCipherDriver *drv = cipher->driver; return drv->cipher_encrypt(cipher, in, out, len, errp); } @@ -210,7 +210,7 @@ int qcrypto_cipher_decrypt(QCryptoCipher *cipher, size_t len, Error **errp) { - QCryptoCipherDriver *drv = cipher->driver; + const QCryptoCipherDriver *drv = cipher->driver; return drv->cipher_decrypt(cipher, in, out, len, errp); } @@ -219,14 +219,14 @@ int qcrypto_cipher_setiv(QCryptoCipher *cipher, const uint8_t *iv, size_t niv, Error **errp) { - QCryptoCipherDriver *drv = cipher->driver; + const QCryptoCipherDriver *drv = cipher->driver; return drv->cipher_setiv(cipher, iv, niv, errp); } void qcrypto_cipher_free(QCryptoCipher *cipher) { - QCryptoCipherDriver *drv; + const QCryptoCipherDriver *drv; if (cipher) { drv = cipher->driver; drv->cipher_free(cipher); diff --git a/crypto/cipherpriv.h b/crypto/cipherpriv.h index 9228c9fc3a..b73be33bd2 100644 --- a/crypto/cipherpriv.h +++ b/crypto/cipherpriv.h @@ -47,7 +47,7 @@ qcrypto_afalg_cipher_ctx_new(QCryptoCipherAlgorithm alg, const uint8_t *key, size_t nkey, Error **errp); -extern struct QCryptoCipherDriver qcrypto_cipher_afalg_driver; +extern const struct QCryptoCipherDriver qcrypto_cipher_afalg_driver; #endif diff --git a/include/crypto/cipher.h b/include/crypto/cipher.h index 8a42a683a4..cc57179a4d 100644 --- a/include/crypto/cipher.h +++ b/include/crypto/cipher.h @@ -81,7 +81,7 @@ struct QCryptoCipher { QCryptoCipherAlgorithm alg; QCryptoCipherMode mode; void *opaque; - void *driver; + const QCryptoCipherDriver *driver; }; /** From patchwork Thu Sep 10 10:06:14 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 249585 Delivered-To: patch@linaro.org Received: by 2002:a17:906:6011:0:0:0:0 with SMTP id o17csp1239227ejj; Thu, 10 Sep 2020 03:08:22 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy5FzjSQ0GbA0qLLlpMb/CeQHIaFK43ucYQeSZp3kCAL1jGP2IgFxRnpSbhUq3+nlqiy6WM X-Received: by 2002:a25:47c3:: with SMTP id u186mr13053316yba.271.1599732502357; Thu, 10 Sep 2020 03:08:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1599732502; cv=none; d=google.com; s=arc-20160816; b=ZhSMQdBbxyG8S+kVOFme+JgXlZ/lx1PIet87NK1eB3Ur6ujWJX9ZtMIPUhe1H8YQ72 GzeJBQ5jgWm7BWTV78iSPY21rW/ERmiBH4COiwB3qZGQDQ2m6x1OTSzfUzM/Aw+cC+Qs pqafb31PSYq3HQwnGOY4o4+kijvQiW6vjFfYpCwWooFoPYz8T7L1l6MWvyRFLph2jMZJ +XyMtfSLoiM1U/1WAbrylzQ2s5xQ8/LSFa+IaLovRyIbo71UnPoyLX+ZndedjUEWZNCJ BETroCOff7yHIzhGE2KxRjYSFOTISeTmCHvjHM/qmv01ov60R4zIcLlDQ8msznaMg1S7 PTaw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:to:from :dkim-signature; bh=bVZPMD+AIZrLMsJu3MarbFpKaLTjhfH4X3KAM0N6Wfo=; b=0o72iFy3EJr2u2l9jIHyhb0mWwBZdXbr2ZMXEcDBdHn9sxUjsL+iMc0vCIGa0EUTPX 0qj6CVkGSerU4JH1Zp8JfL2gI2ByUvXpcCfX4BvjraDG3QLp/Pp2zgeExSp2BCeKIExT hGy/Nv123nBVYd5gaoOp0twHN0tc0HJfl8kEKS0joaryIUf6dsNwxdEackYidPFU8nzD +MCKwnevbIQRI7r4Zb3j8YITGMfHReS2yS4ScaGW5M+7rfcIed1pz/FooppqzlUcPGr+ OP3dbGd5Eq8bf3ypAfbiRrhVtLh48l/x6hnMho9UbGQxUXmzTDS6njoph8gnz5SVnxkS rh/g== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@redhat.com header.s=mimecast20190719 header.b=MxIuC4P1; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id v137si5455073ybe.62.2020.09.10.03.08.22 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 10 Sep 2020 03:08:22 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=fail header.i=@redhat.com header.s=mimecast20190719 header.b=MxIuC4P1; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from localhost ([::1]:51214 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kGJV7-0003r8-Lf for patch@linaro.org; Thu, 10 Sep 2020 06:08:21 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:43664) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kGJTX-0000NX-GH for qemu-devel@nongnu.org; Thu, 10 Sep 2020 06:06:43 -0400 Received: from us-smtp-2.mimecast.com ([207.211.31.81]:50460 helo=us-smtp-delivery-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1kGJTU-0007hn-Qq for qemu-devel@nongnu.org; Thu, 10 Sep 2020 06:06:43 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1599732400; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=bVZPMD+AIZrLMsJu3MarbFpKaLTjhfH4X3KAM0N6Wfo=; b=MxIuC4P1//iy8OhpV6FzdFmOtnvantuvCCqwn0Pfst8BA9SWoswdMe3Y7Nvk6XfxCm824U WteWxtzb8p0W/ygxq0uTgx9g5WedAvNECz6jatOEdVHqjL1SgZyuLnTcQFCO7MpLLMJcVS sfjUD29vJkz/+9yxsXzb+RV6jLgrQNk= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-89-kwmkB3uQNVunQ4Ex9iCP9Q-1; Thu, 10 Sep 2020 06:06:38 -0400 X-MC-Unique: kwmkB3uQNVunQ4Ex9iCP9Q-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 2D6C764081; Thu, 10 Sep 2020 10:06:37 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-112-4.ams2.redhat.com [10.36.112.4]) by smtp.corp.redhat.com (Postfix) with ESMTP id EAA011002D5C; Thu, 10 Sep 2020 10:06:35 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 08/17] crypto: Allocate QCryptoCipher with the subclass Date: Thu, 10 Sep 2020 11:06:14 +0100 Message-Id: <20200910100623.1088965-9-berrange@redhat.com> In-Reply-To: <20200910100623.1088965-1-berrange@redhat.com> References: <20200910100623.1088965-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0.003 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=207.211.31.81; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-1.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/09/10 00:49:43 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Henderson , =?utf-8?q?Daniel_P?= =?utf-8?b?LiBCZXJyYW5nw6k=?= Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" From: Richard Henderson Merge the allocation of "opaque" into the allocation of "cipher". This is step one in reducing the indirection in these classes. Signed-off-by: Richard Henderson Signed-off-by: Daniel P. Berrangé --- crypto/afalgpriv.h | 3 ++ crypto/cipher-afalg.c | 20 ++++++----- crypto/cipher-builtin.c.inc | 68 +++++++++++++++++++------------------ crypto/cipher-gcrypt.c.inc | 23 +++++++------ crypto/cipher-nettle.c.inc | 24 +++++++------ crypto/cipher.c | 20 ++++------- crypto/cipherpriv.h | 2 +- include/crypto/cipher.h | 1 - 8 files changed, 84 insertions(+), 77 deletions(-) -- 2.26.2 diff --git a/crypto/afalgpriv.h b/crypto/afalgpriv.h index f6550b5c51..5a2393f1b7 100644 --- a/crypto/afalgpriv.h +++ b/crypto/afalgpriv.h @@ -15,6 +15,7 @@ #define QCRYPTO_AFALGPRIV_H #include +#include "crypto/cipher.h" #define SALG_TYPE_LEN_MAX 14 #define SALG_NAME_LEN_MAX 64 @@ -32,6 +33,8 @@ typedef struct QCryptoAFAlg QCryptoAFAlg; struct QCryptoAFAlg { + QCryptoCipher base; + int tfmfd; int opfd; struct msghdr *msg; diff --git a/crypto/cipher-afalg.c b/crypto/cipher-afalg.c index 5c7c44761b..86e5249bd6 100644 --- a/crypto/cipher-afalg.c +++ b/crypto/cipher-afalg.c @@ -58,7 +58,7 @@ qcrypto_afalg_cipher_format_name(QCryptoCipherAlgorithm alg, return name; } -QCryptoAFAlg * +QCryptoCipher * qcrypto_afalg_cipher_ctx_new(QCryptoCipherAlgorithm alg, QCryptoCipherMode mode, const uint8_t *key, @@ -109,7 +109,7 @@ qcrypto_afalg_cipher_ctx_new(QCryptoCipherAlgorithm alg, } afalg->cmsg = CMSG_FIRSTHDR(afalg->msg); - return afalg; + return &afalg->base; } static int @@ -117,9 +117,9 @@ qcrypto_afalg_cipher_setiv(QCryptoCipher *cipher, const uint8_t *iv, size_t niv, Error **errp) { + QCryptoAFAlg *afalg = container_of(cipher, QCryptoAFAlg, base); struct af_alg_iv *alg_iv; size_t expect_niv; - QCryptoAFAlg *afalg = cipher->opaque; expect_niv = qcrypto_cipher_get_iv_len(cipher->alg, cipher->mode); if (niv != expect_niv) { @@ -200,8 +200,9 @@ qcrypto_afalg_cipher_encrypt(QCryptoCipher *cipher, const void *in, void *out, size_t len, Error **errp) { - return qcrypto_afalg_cipher_op(cipher->opaque, in, out, - len, true, errp); + QCryptoAFAlg *afalg = container_of(cipher, QCryptoAFAlg, base); + + return qcrypto_afalg_cipher_op(afalg, in, out, len, true, errp); } static int @@ -209,13 +210,16 @@ qcrypto_afalg_cipher_decrypt(QCryptoCipher *cipher, const void *in, void *out, size_t len, Error **errp) { - return qcrypto_afalg_cipher_op(cipher->opaque, in, out, - len, false, errp); + QCryptoAFAlg *afalg = container_of(cipher, QCryptoAFAlg, base); + + return qcrypto_afalg_cipher_op(afalg, in, out, len, false, errp); } static void qcrypto_afalg_comm_ctx_free(QCryptoCipher *cipher) { - qcrypto_afalg_comm_free(cipher->opaque); + QCryptoAFAlg *afalg = container_of(cipher, QCryptoAFAlg, base); + + qcrypto_afalg_comm_free(afalg); } const struct QCryptoCipherDriver qcrypto_cipher_afalg_driver = { diff --git a/crypto/cipher-builtin.c.inc b/crypto/cipher-builtin.c.inc index 156f32f1c7..6a03e23040 100644 --- a/crypto/cipher-builtin.c.inc +++ b/crypto/cipher-builtin.c.inc @@ -41,6 +41,8 @@ struct QCryptoCipherBuiltinDESRFB { typedef struct QCryptoCipherBuiltin QCryptoCipherBuiltin; struct QCryptoCipherBuiltin { + QCryptoCipher base; + union { QCryptoCipherBuiltinAES aes; QCryptoCipherBuiltinDESRFB desrfb; @@ -65,10 +67,7 @@ struct QCryptoCipherBuiltin { static void qcrypto_cipher_free_aes(QCryptoCipher *cipher) { - QCryptoCipherBuiltin *ctxt = cipher->opaque; - - g_free(ctxt); - cipher->opaque = NULL; + g_free(cipher); } @@ -152,7 +151,8 @@ static int qcrypto_cipher_encrypt_aes(QCryptoCipher *cipher, size_t len, Error **errp) { - QCryptoCipherBuiltin *ctxt = cipher->opaque; + QCryptoCipherBuiltin *ctxt + = container_of(cipher, QCryptoCipherBuiltin, base); switch (cipher->mode) { case QCRYPTO_CIPHER_MODE_ECB: @@ -186,7 +186,8 @@ static int qcrypto_cipher_decrypt_aes(QCryptoCipher *cipher, size_t len, Error **errp) { - QCryptoCipherBuiltin *ctxt = cipher->opaque; + QCryptoCipherBuiltin *ctxt + = container_of(cipher, QCryptoCipherBuiltin, base); switch (cipher->mode) { case QCRYPTO_CIPHER_MODE_ECB: @@ -217,7 +218,9 @@ static int qcrypto_cipher_setiv_aes(QCryptoCipher *cipher, const uint8_t *iv, size_t niv, Error **errp) { - QCryptoCipherBuiltin *ctxt = cipher->opaque; + QCryptoCipherBuiltin *ctxt + = container_of(cipher, QCryptoCipherBuiltin, base); + if (niv != AES_BLOCK_SIZE) { error_setg(errp, "IV must be %d bytes not %zu", AES_BLOCK_SIZE, niv); @@ -232,7 +235,7 @@ static int qcrypto_cipher_setiv_aes(QCryptoCipher *cipher, -static QCryptoCipherBuiltin * +static QCryptoCipher * qcrypto_cipher_init_aes(QCryptoCipherMode mode, const uint8_t *key, size_t nkey, Error **errp) @@ -289,7 +292,7 @@ qcrypto_cipher_init_aes(QCryptoCipherMode mode, ctxt->encrypt = qcrypto_cipher_encrypt_aes; ctxt->decrypt = qcrypto_cipher_decrypt_aes; - return ctxt; + return &ctxt->base; error: g_free(ctxt); @@ -299,11 +302,11 @@ qcrypto_cipher_init_aes(QCryptoCipherMode mode, static void qcrypto_cipher_free_des_rfb(QCryptoCipher *cipher) { - QCryptoCipherBuiltin *ctxt = cipher->opaque; + QCryptoCipherBuiltin *ctxt + = container_of(cipher, QCryptoCipherBuiltin, base); g_free(ctxt->state.desrfb.key); g_free(ctxt); - cipher->opaque = NULL; } @@ -313,7 +316,8 @@ static int qcrypto_cipher_encrypt_des_rfb(QCryptoCipher *cipher, size_t len, Error **errp) { - QCryptoCipherBuiltin *ctxt = cipher->opaque; + QCryptoCipherBuiltin *ctxt + = container_of(cipher, QCryptoCipherBuiltin, base); size_t i; if (len % 8) { @@ -338,7 +342,8 @@ static int qcrypto_cipher_decrypt_des_rfb(QCryptoCipher *cipher, size_t len, Error **errp) { - QCryptoCipherBuiltin *ctxt = cipher->opaque; + QCryptoCipherBuiltin *ctxt + = container_of(cipher, QCryptoCipherBuiltin, base); size_t i; if (len % 8) { @@ -366,7 +371,7 @@ static int qcrypto_cipher_setiv_des_rfb(QCryptoCipher *cipher, } -static QCryptoCipherBuiltin * +static QCryptoCipher * qcrypto_cipher_init_des_rfb(QCryptoCipherMode mode, const uint8_t *key, size_t nkey, Error **errp) @@ -391,7 +396,7 @@ qcrypto_cipher_init_des_rfb(QCryptoCipherMode mode, ctxt->encrypt = qcrypto_cipher_encrypt_des_rfb; ctxt->decrypt = qcrypto_cipher_decrypt_des_rfb; - return ctxt; + return &ctxt->base; } @@ -421,14 +426,12 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, } -static QCryptoCipherBuiltin *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg, - QCryptoCipherMode mode, - const uint8_t *key, - size_t nkey, - Error **errp) +static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg, + QCryptoCipherMode mode, + const uint8_t *key, + size_t nkey, + Error **errp) { - QCryptoCipherBuiltin *ctxt; - switch (mode) { case QCRYPTO_CIPHER_MODE_ECB: case QCRYPTO_CIPHER_MODE_CBC: @@ -446,29 +449,25 @@ static QCryptoCipherBuiltin *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg, switch (alg) { case QCRYPTO_CIPHER_ALG_DES_RFB: - ctxt = qcrypto_cipher_init_des_rfb(mode, key, nkey, errp); - break; + return qcrypto_cipher_init_des_rfb(mode, key, nkey, errp); case QCRYPTO_CIPHER_ALG_AES_128: case QCRYPTO_CIPHER_ALG_AES_192: case QCRYPTO_CIPHER_ALG_AES_256: - ctxt = qcrypto_cipher_init_aes(mode, key, nkey, errp); - break; + return qcrypto_cipher_init_aes(mode, key, nkey, errp); default: error_setg(errp, "Unsupported cipher algorithm %s", QCryptoCipherAlgorithm_str(alg)); return NULL; } - - return ctxt; } static void qcrypto_builtin_cipher_ctx_free(QCryptoCipher *cipher) { - QCryptoCipherBuiltin *ctxt; + QCryptoCipherBuiltin *ctxt + = container_of(cipher, QCryptoCipherBuiltin, base); - ctxt = cipher->opaque; ctxt->free(cipher); } @@ -480,7 +479,8 @@ qcrypto_builtin_cipher_encrypt(QCryptoCipher *cipher, size_t len, Error **errp) { - QCryptoCipherBuiltin *ctxt = cipher->opaque; + QCryptoCipherBuiltin *ctxt + = container_of(cipher, QCryptoCipherBuiltin, base); if (len & (ctxt->blocksize - 1)) { error_setg(errp, "Length %zu must be a multiple of block size %zu", @@ -499,7 +499,8 @@ qcrypto_builtin_cipher_decrypt(QCryptoCipher *cipher, size_t len, Error **errp) { - QCryptoCipherBuiltin *ctxt = cipher->opaque; + QCryptoCipherBuiltin *ctxt + = container_of(cipher, QCryptoCipherBuiltin, base); if (len & (ctxt->blocksize - 1)) { error_setg(errp, "Length %zu must be a multiple of block size %zu", @@ -516,7 +517,8 @@ qcrypto_builtin_cipher_setiv(QCryptoCipher *cipher, const uint8_t *iv, size_t niv, Error **errp) { - QCryptoCipherBuiltin *ctxt = cipher->opaque; + QCryptoCipherBuiltin *ctxt + = container_of(cipher, QCryptoCipherBuiltin, base); return ctxt->setiv(cipher, iv, niv, errp); } diff --git a/crypto/cipher-gcrypt.c.inc b/crypto/cipher-gcrypt.c.inc index 18850fadb9..3b3c85e265 100644 --- a/crypto/cipher-gcrypt.c.inc +++ b/crypto/cipher-gcrypt.c.inc @@ -58,6 +58,7 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, typedef struct QCryptoCipherGcrypt QCryptoCipherGcrypt; struct QCryptoCipherGcrypt { + QCryptoCipher base; gcry_cipher_hd_t handle; size_t blocksize; #ifdef CONFIG_QEMU_PRIVATE_XTS @@ -86,11 +87,11 @@ qcrypto_gcrypt_cipher_free_ctx(QCryptoCipherGcrypt *ctx, } -static QCryptoCipherGcrypt *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg, - QCryptoCipherMode mode, - const uint8_t *key, - size_t nkey, - Error **errp) +static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg, + QCryptoCipherMode mode, + const uint8_t *key, + size_t nkey, + Error **errp) { QCryptoCipherGcrypt *ctx; gcry_error_t err; @@ -257,7 +258,7 @@ static QCryptoCipherGcrypt *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg, } #endif - return ctx; + return &ctx->base; error: qcrypto_gcrypt_cipher_free_ctx(ctx, mode); @@ -268,7 +269,9 @@ static QCryptoCipherGcrypt *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg, static void qcrypto_gcrypt_cipher_ctx_free(QCryptoCipher *cipher) { - qcrypto_gcrypt_cipher_free_ctx(cipher->opaque, cipher->mode); + QCryptoCipherGcrypt *ctx = container_of(cipher, QCryptoCipherGcrypt, base); + + qcrypto_gcrypt_cipher_free_ctx(ctx, cipher->mode); } @@ -301,7 +304,7 @@ qcrypto_gcrypt_cipher_encrypt(QCryptoCipher *cipher, size_t len, Error **errp) { - QCryptoCipherGcrypt *ctx = cipher->opaque; + QCryptoCipherGcrypt *ctx = container_of(cipher, QCryptoCipherGcrypt, base); gcry_error_t err; if (len & (ctx->blocksize - 1)) { @@ -340,7 +343,7 @@ qcrypto_gcrypt_cipher_decrypt(QCryptoCipher *cipher, size_t len, Error **errp) { - QCryptoCipherGcrypt *ctx = cipher->opaque; + QCryptoCipherGcrypt *ctx = container_of(cipher, QCryptoCipherGcrypt, base); gcry_error_t err; if (len & (ctx->blocksize - 1)) { @@ -376,7 +379,7 @@ qcrypto_gcrypt_cipher_setiv(QCryptoCipher *cipher, const uint8_t *iv, size_t niv, Error **errp) { - QCryptoCipherGcrypt *ctx = cipher->opaque; + QCryptoCipherGcrypt *ctx = container_of(cipher, QCryptoCipherGcrypt, base); gcry_error_t err; if (niv != ctx->blocksize) { diff --git a/crypto/cipher-nettle.c.inc b/crypto/cipher-nettle.c.inc index 6ecce5e8ea..d8371d1f37 100644 --- a/crypto/cipher-nettle.c.inc +++ b/crypto/cipher-nettle.c.inc @@ -294,6 +294,8 @@ static void twofish_decrypt_wrapper(const void *ctx, size_t length, typedef struct QCryptoCipherNettle QCryptoCipherNettle; struct QCryptoCipherNettle { + QCryptoCipher base; + /* Primary cipher context for all modes */ void *ctx; /* Second cipher context for XTS mode only */ @@ -355,11 +357,11 @@ qcrypto_nettle_cipher_free_ctx(QCryptoCipherNettle *ctx) } -static QCryptoCipherNettle *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg, - QCryptoCipherMode mode, - const uint8_t *key, - size_t nkey, - Error **errp) +static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg, + QCryptoCipherMode mode, + const uint8_t *key, + size_t nkey, + Error **errp) { QCryptoCipherNettle *ctx; uint8_t *rfbkey; @@ -585,7 +587,7 @@ static QCryptoCipherNettle *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg, ctx->iv = g_new0(uint8_t, ctx->blocksize); - return ctx; + return &ctx->base; error: qcrypto_nettle_cipher_free_ctx(ctx); @@ -596,9 +598,8 @@ static QCryptoCipherNettle *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg, static void qcrypto_nettle_cipher_ctx_free(QCryptoCipher *cipher) { - QCryptoCipherNettle *ctx; + QCryptoCipherNettle *ctx = container_of(cipher, QCryptoCipherNettle, base); - ctx = cipher->opaque; qcrypto_nettle_cipher_free_ctx(ctx); } @@ -610,7 +611,7 @@ qcrypto_nettle_cipher_encrypt(QCryptoCipher *cipher, size_t len, Error **errp) { - QCryptoCipherNettle *ctx = cipher->opaque; + QCryptoCipherNettle *ctx = container_of(cipher, QCryptoCipherNettle, base); if (len & (ctx->blocksize - 1)) { error_setg(errp, "Length %zu must be a multiple of block size %zu", @@ -663,7 +664,7 @@ qcrypto_nettle_cipher_decrypt(QCryptoCipher *cipher, size_t len, Error **errp) { - QCryptoCipherNettle *ctx = cipher->opaque; + QCryptoCipherNettle *ctx = container_of(cipher, QCryptoCipherNettle, base); if (len & (ctx->blocksize - 1)) { error_setg(errp, "Length %zu must be a multiple of block size %zu", @@ -713,7 +714,8 @@ qcrypto_nettle_cipher_setiv(QCryptoCipher *cipher, const uint8_t *iv, size_t niv, Error **errp) { - QCryptoCipherNettle *ctx = cipher->opaque; + QCryptoCipherNettle *ctx = container_of(cipher, QCryptoCipherNettle, base); + if (niv != ctx->blocksize) { error_setg(errp, "Expected IV size %zu not %zu", ctx->blocksize, niv); diff --git a/crypto/cipher.c b/crypto/cipher.c index 3ca4a7e662..737fc0735d 100644 --- a/crypto/cipher.c +++ b/crypto/cipher.c @@ -163,30 +163,27 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg, const uint8_t *key, size_t nkey, Error **errp) { - QCryptoCipher *cipher; - void *ctx = NULL; + QCryptoCipher *cipher = NULL; const QCryptoCipherDriver *drv = NULL; #ifdef CONFIG_AF_ALG - ctx = qcrypto_afalg_cipher_ctx_new(alg, mode, key, nkey, NULL); - if (ctx) { + cipher = qcrypto_afalg_cipher_ctx_new(alg, mode, key, nkey, NULL); + if (cipher) { drv = &qcrypto_cipher_afalg_driver; } #endif - if (!ctx) { - ctx = qcrypto_cipher_ctx_new(alg, mode, key, nkey, errp); - if (!ctx) { + if (!cipher) { + cipher = qcrypto_cipher_ctx_new(alg, mode, key, nkey, errp); + if (!cipher) { return NULL; } drv = &qcrypto_cipher_lib_driver; } - cipher = g_new0(QCryptoCipher, 1); cipher->alg = alg; cipher->mode = mode; - cipher->opaque = ctx; cipher->driver = drv; return cipher; @@ -226,10 +223,7 @@ int qcrypto_cipher_setiv(QCryptoCipher *cipher, void qcrypto_cipher_free(QCryptoCipher *cipher) { - const QCryptoCipherDriver *drv; if (cipher) { - drv = cipher->driver; - drv->cipher_free(cipher); - g_free(cipher); + cipher->driver->cipher_free(cipher); } } diff --git a/crypto/cipherpriv.h b/crypto/cipherpriv.h index b73be33bd2..437b109b5e 100644 --- a/crypto/cipherpriv.h +++ b/crypto/cipherpriv.h @@ -41,7 +41,7 @@ struct QCryptoCipherDriver { #include "afalgpriv.h" -extern QCryptoAFAlg * +extern QCryptoCipher * qcrypto_afalg_cipher_ctx_new(QCryptoCipherAlgorithm alg, QCryptoCipherMode mode, const uint8_t *key, diff --git a/include/crypto/cipher.h b/include/crypto/cipher.h index cc57179a4d..083e12a7d9 100644 --- a/include/crypto/cipher.h +++ b/include/crypto/cipher.h @@ -80,7 +80,6 @@ typedef struct QCryptoCipherDriver QCryptoCipherDriver; struct QCryptoCipher { QCryptoCipherAlgorithm alg; QCryptoCipherMode mode; - void *opaque; const QCryptoCipherDriver *driver; }; From patchwork Thu Sep 10 10:06:15 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 249587 Delivered-To: patch@linaro.org Received: by 2002:a17:906:6011:0:0:0:0 with SMTP id o17csp1240028ejj; Thu, 10 Sep 2020 03:09:38 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxNOgtDoFyzMF9Tzhx797VA6fbwWgJUV53KPsLq+qSSTjHgJ1JzDyHKlBZ0JR4xBUq7G5A2 X-Received: by 2002:a25:1f44:: with SMTP id f65mr12133996ybf.438.1599732578657; Thu, 10 Sep 2020 03:09:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1599732578; cv=none; d=google.com; s=arc-20160816; b=yLcWXCu8jnDupsaaAATOoGZxPuhR06pJSyijIxajtkr9Ug0x6+oFUxy/z3lU72sAiM BS2PDH53Nm8U5AP6+y149Kb0iLCSu3dS0695jWAZ67QEVeuIH5/W7K3jho4pxgqTtKTD 6qwzp+xt7HVnAdQ3PsmN6FfqfwDA9S66Wk0EiqN1nHMAsf5IvCRFLv7EvdRMCeKZr9Ma Bi+rToqeT2HMEhjBGCWCVnA1nQ+o6mVl0OpW6C/lhtdgEeDTyqzW71EZ1+2xi5g6F5/G fyyP+TEVEzWdoqorkSoTsTo+R76bsJkDrpTvncUFwKaNVi27P5kBBvooJwrLJI62io5N l4TA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:to:from :dkim-signature; bh=JOk10kb0mszjBp1j55p7ooi4MUv5zXNABmQ7poAPUnQ=; b=Qi8hq36T8YjTUjoGAyo56Y30GXfLWmjFJMc4zu3O4smv83eIl+IZEcaHSN/HTf9Doo WVkKgNx5YgYAoHrkNEjjjmfy2IPoCNi0wXE57vqZo4/ISSvjc5FPVZdgY3tZN+FVEv84 7trmytHcnH0sP8QTUm81TQM8wBguomlgb/qBGIVNPCyTz48knfOZVBniHGHG2jYf22CG x5PMkXbWMU1u34sk+48y9++A/i27ANh9CbRMpaqm6FKe3TuKtPHOthFORllHqQx2ESzJ PZANqBExQvixH3ZZvKhXrRexeu3IVyvAR296TF9hU27hVxpMVi/fOK6vdZz7FWYZsqth oKCw== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@redhat.com header.s=mimecast20190719 header.b=GI4iMYKU; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id k14si5622380ybk.363.2020.09.10.03.09.38 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 10 Sep 2020 03:09:38 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=fail header.i=@redhat.com header.s=mimecast20190719 header.b=GI4iMYKU; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from localhost ([::1]:58816 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kGJWM-0006wp-12 for patch@linaro.org; Thu, 10 Sep 2020 06:09:38 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:43688) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kGJTZ-0000QF-BH for qemu-devel@nongnu.org; Thu, 10 Sep 2020 06:06:46 -0400 Received: from us-smtp-delivery-1.mimecast.com ([207.211.31.120]:44663 helo=us-smtp-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1kGJTX-0007i0-4J for qemu-devel@nongnu.org; Thu, 10 Sep 2020 06:06:45 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1599732402; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=JOk10kb0mszjBp1j55p7ooi4MUv5zXNABmQ7poAPUnQ=; b=GI4iMYKUIZrSvVA5iO75F17cTkMqT8GDZk0kS8VfEh1TvVH5IWCSPtPpCqBLDJ2MfJP9bW tLB7gKRnPp3B3Ikdykv+Vw8AGT0FxirBQ84/s1RFQYLOUsGZsknr97X8u0ZH7Jqk+YN6HW kzmZN+XJhyBAs6kexQZr58ys8dDOFS8= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-35-SoqMgi60N1WDPZXCipCFEg-1; Thu, 10 Sep 2020 06:06:39 -0400 X-MC-Unique: SoqMgi60N1WDPZXCipCFEg-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 969D11009443; Thu, 10 Sep 2020 10:06:38 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-112-4.ams2.redhat.com [10.36.112.4]) by smtp.corp.redhat.com (Postfix) with ESMTP id 8AB271002D41; Thu, 10 Sep 2020 10:06:37 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 09/17] crypto: Move cipher->driver init to qcrypto_*_cipher_ctx_new Date: Thu, 10 Sep 2020 11:06:15 +0100 Message-Id: <20200910100623.1088965-10-berrange@redhat.com> In-Reply-To: <20200910100623.1088965-1-berrange@redhat.com> References: <20200910100623.1088965-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0.002 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=207.211.31.120; envelope-from=berrange@redhat.com; helo=us-smtp-1.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/09/10 03:02:23 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Henderson , =?utf-8?q?Daniel_P?= =?utf-8?b?LiBCZXJyYW5nw6k=?= Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" From: Richard Henderson The class vtable should be set by the class initializer. This will also allow additional subclassing, reducing the amount of indirection in the hierarchy. Signed-off-by: Richard Henderson Signed-off-by: Daniel P. Berrangé --- crypto/cipher-afalg.c | 5 ++++- crypto/cipher-builtin.c.inc | 4 ++++ crypto/cipher-gcrypt.c.inc | 2 ++ crypto/cipher-nettle.c.inc | 3 +++ crypto/cipher.c | 7 ------- crypto/cipherpriv.h | 2 -- 6 files changed, 13 insertions(+), 10 deletions(-) -- 2.26.2 diff --git a/crypto/cipher-afalg.c b/crypto/cipher-afalg.c index 86e5249bd6..052355a8a9 100644 --- a/crypto/cipher-afalg.c +++ b/crypto/cipher-afalg.c @@ -58,6 +58,8 @@ qcrypto_afalg_cipher_format_name(QCryptoCipherAlgorithm alg, return name; } +static const struct QCryptoCipherDriver qcrypto_cipher_afalg_driver; + QCryptoCipher * qcrypto_afalg_cipher_ctx_new(QCryptoCipherAlgorithm alg, QCryptoCipherMode mode, @@ -109,6 +111,7 @@ qcrypto_afalg_cipher_ctx_new(QCryptoCipherAlgorithm alg, } afalg->cmsg = CMSG_FIRSTHDR(afalg->msg); + afalg->base.driver = &qcrypto_cipher_afalg_driver; return &afalg->base; } @@ -222,7 +225,7 @@ static void qcrypto_afalg_comm_ctx_free(QCryptoCipher *cipher) qcrypto_afalg_comm_free(afalg); } -const struct QCryptoCipherDriver qcrypto_cipher_afalg_driver = { +static const struct QCryptoCipherDriver qcrypto_cipher_afalg_driver = { .cipher_encrypt = qcrypto_afalg_cipher_encrypt, .cipher_decrypt = qcrypto_afalg_cipher_decrypt, .cipher_setiv = qcrypto_afalg_cipher_setiv, diff --git a/crypto/cipher-builtin.c.inc b/crypto/cipher-builtin.c.inc index 6a03e23040..1444139f36 100644 --- a/crypto/cipher-builtin.c.inc +++ b/crypto/cipher-builtin.c.inc @@ -22,6 +22,8 @@ #include "crypto/desrfb.h" #include "crypto/xts.h" +static const struct QCryptoCipherDriver qcrypto_cipher_lib_driver; + typedef struct QCryptoCipherBuiltinAESContext QCryptoCipherBuiltinAESContext; struct QCryptoCipherBuiltinAESContext { AES_KEY enc; @@ -292,6 +294,7 @@ qcrypto_cipher_init_aes(QCryptoCipherMode mode, ctxt->encrypt = qcrypto_cipher_encrypt_aes; ctxt->decrypt = qcrypto_cipher_decrypt_aes; + ctxt->base.driver = &qcrypto_cipher_lib_driver; return &ctxt->base; error: @@ -396,6 +399,7 @@ qcrypto_cipher_init_des_rfb(QCryptoCipherMode mode, ctxt->encrypt = qcrypto_cipher_encrypt_des_rfb; ctxt->decrypt = qcrypto_cipher_decrypt_des_rfb; + ctxt->base.driver = &qcrypto_cipher_lib_driver; return &ctxt->base; } diff --git a/crypto/cipher-gcrypt.c.inc b/crypto/cipher-gcrypt.c.inc index 3b3c85e265..7a1fbc9745 100644 --- a/crypto/cipher-gcrypt.c.inc +++ b/crypto/cipher-gcrypt.c.inc @@ -24,6 +24,7 @@ #include +static const struct QCryptoCipherDriver qcrypto_cipher_lib_driver; bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, QCryptoCipherMode mode) @@ -258,6 +259,7 @@ static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg, } #endif + ctx->base.driver = &qcrypto_cipher_lib_driver; return &ctx->base; error: diff --git a/crypto/cipher-nettle.c.inc b/crypto/cipher-nettle.c.inc index d8371d1f37..36d57ef430 100644 --- a/crypto/cipher-nettle.c.inc +++ b/crypto/cipher-nettle.c.inc @@ -34,6 +34,8 @@ #include #endif +static const struct QCryptoCipherDriver qcrypto_cipher_lib_driver; + typedef void (*QCryptoCipherNettleFuncWrapper)(const void *ctx, size_t length, uint8_t *dst, @@ -587,6 +589,7 @@ static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg, ctx->iv = g_new0(uint8_t, ctx->blocksize); + ctx->base.driver = &qcrypto_cipher_lib_driver; return &ctx->base; error: diff --git a/crypto/cipher.c b/crypto/cipher.c index 737fc0735d..3711b552fa 100644 --- a/crypto/cipher.c +++ b/crypto/cipher.c @@ -164,13 +164,9 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg, Error **errp) { QCryptoCipher *cipher = NULL; - const QCryptoCipherDriver *drv = NULL; #ifdef CONFIG_AF_ALG cipher = qcrypto_afalg_cipher_ctx_new(alg, mode, key, nkey, NULL); - if (cipher) { - drv = &qcrypto_cipher_afalg_driver; - } #endif if (!cipher) { @@ -178,13 +174,10 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg, if (!cipher) { return NULL; } - - drv = &qcrypto_cipher_lib_driver; } cipher->alg = alg; cipher->mode = mode; - cipher->driver = drv; return cipher; } diff --git a/crypto/cipherpriv.h b/crypto/cipherpriv.h index 437b109b5e..396527857d 100644 --- a/crypto/cipherpriv.h +++ b/crypto/cipherpriv.h @@ -47,8 +47,6 @@ qcrypto_afalg_cipher_ctx_new(QCryptoCipherAlgorithm alg, const uint8_t *key, size_t nkey, Error **errp); -extern const struct QCryptoCipherDriver qcrypto_cipher_afalg_driver; - #endif #endif From patchwork Thu Sep 10 10:06:16 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 249589 Delivered-To: patch@linaro.org Received: by 2002:a17:906:6011:0:0:0:0 with SMTP id o17csp1240308ejj; Thu, 10 Sep 2020 03:10:05 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyP8myV24FxjBE8TUd0fUtZS9HsiHoPjql4GR23nsxzrADu0tF0AdQu95zvGLVuU+xcodwG X-Received: by 2002:a5b:c86:: with SMTP id i6mr11186875ybq.400.1599732605828; Thu, 10 Sep 2020 03:10:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1599732605; cv=none; d=google.com; s=arc-20160816; b=gJZox5SGVJ5+NUogvA8Eto2tCpiz0Y1B5s7T1kCTwzWef/u6adNevEVk7maMDlpYo4 hQFkrCGVY2TovpPgmGNzEQXOfmAWZGKxcEO/GndrGVGOuoUp9D//bo05xEiXP1N6sOmY DJjsx5udCmxKPZ3oimrThclruePvofVm7oCbInVbSJDQT0HxhuFvkL+DKMbZtxQxTL0a c6i3OcIltlchWseBh5HUgEAm/LWgcwFJl3I1REO6euWn0lxDWk7I102L2d3UI2eCyFh2 MIc3WsNCxE8HpndkTkkD0Gw+kcelzoARmSBoHZUQTS92SCuguv9A4dGbZuz6g8rQGPQw LkhQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:to:from :dkim-signature; bh=LZmUthsQHGdqq+Z0/yMwoLNJz4uIPUN1e7DgJ0tmhBk=; b=OmfAxLoS1nj7WCMUyxdcZtRUn9WcUUcNNKVfI6kLPnHOdVVD5RWHqXAYhtbbbZPTZa dehI/+p8beeLz1o/HQPa10bGF1JGdEb54Go/lw4oY9yUsO19CHhwGz12uTGAgRsrVr+z KwwDEv8YauONa3isy7NtVasCkGHoRu7nVNQ+VsC/xWEyOYyutKZLQ0uHE3mlacmFjsLM f6T3Dy6O3xPTTUJld54MBlxXbdCCLAmT87Lg3np1EzgLA0PaGTS4g7EJonyKqzlrD277 3MaeG2tcu1qkK+9jP8sb+2ULGMhssQSubUCGoWDo7DM6q2108IuP3vr0N+PwBjxHooi1 bNbQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@redhat.com header.s=mimecast20190719 header.b=EE3YfGUM; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id e142si5197159ybh.104.2020.09.10.03.10.05 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 10 Sep 2020 03:10:05 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=fail header.i=@redhat.com header.s=mimecast20190719 header.b=EE3YfGUM; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from localhost ([::1]:58198 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kGJWn-0006hJ-3O for patch@linaro.org; Thu, 10 Sep 2020 06:10:05 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:43712) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kGJTa-0000RT-Tl for qemu-devel@nongnu.org; Thu, 10 Sep 2020 06:06:47 -0400 Received: from us-smtp-delivery-124.mimecast.com ([63.128.21.124]:45303) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1kGJTY-0007i8-05 for qemu-devel@nongnu.org; Thu, 10 Sep 2020 06:06:46 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1599732403; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=LZmUthsQHGdqq+Z0/yMwoLNJz4uIPUN1e7DgJ0tmhBk=; b=EE3YfGUMgGjDvHekgTlXBLmaSDefmdRVTr4KTPuj8E+3Qxysn9zTQxpMAPaFIpq41mEf+A /xGDI2tYycCyi7xbVCrrOKoqSp6a81cP1dWM8QxOJ0928g7ICkrKZ0dXoKBtijp66V+YUI 2W4Ra8/VYf7TLjZwxn7X6uB0j4Rx7U0= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-86-0FdH3YMPPhC3PI6G-mUaZg-1; Thu, 10 Sep 2020 06:06:41 -0400 X-MC-Unique: 0FdH3YMPPhC3PI6G-mUaZg-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 3F372107464E; Thu, 10 Sep 2020 10:06:40 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-112-4.ams2.redhat.com [10.36.112.4]) by smtp.corp.redhat.com (Postfix) with ESMTP id 002131002D41; Thu, 10 Sep 2020 10:06:38 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 10/17] crypto: Constify cipher data tables Date: Thu, 10 Sep 2020 11:06:16 +0100 Message-Id: <20200910100623.1088965-11-berrange@redhat.com> In-Reply-To: <20200910100623.1088965-1-berrange@redhat.com> References: <20200910100623.1088965-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0.002 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=63.128.21.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/09/10 02:38:59 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Henderson , =?utf-8?q?Daniel_P?= =?utf-8?b?LiBCZXJyYW5nw6k=?= , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" From: Richard Henderson Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Richard Henderson Signed-off-by: Daniel P. Berrangé --- crypto/cipher.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) -- 2.26.2 diff --git a/crypto/cipher.c b/crypto/cipher.c index 3711b552fa..068b2fb867 100644 --- a/crypto/cipher.c +++ b/crypto/cipher.c @@ -25,7 +25,7 @@ #include "cipherpriv.h" -static size_t alg_key_len[QCRYPTO_CIPHER_ALG__MAX] = { +static const size_t alg_key_len[QCRYPTO_CIPHER_ALG__MAX] = { [QCRYPTO_CIPHER_ALG_AES_128] = 16, [QCRYPTO_CIPHER_ALG_AES_192] = 24, [QCRYPTO_CIPHER_ALG_AES_256] = 32, @@ -40,7 +40,7 @@ static size_t alg_key_len[QCRYPTO_CIPHER_ALG__MAX] = { [QCRYPTO_CIPHER_ALG_TWOFISH_256] = 32, }; -static size_t alg_block_len[QCRYPTO_CIPHER_ALG__MAX] = { +static const size_t alg_block_len[QCRYPTO_CIPHER_ALG__MAX] = { [QCRYPTO_CIPHER_ALG_AES_128] = 16, [QCRYPTO_CIPHER_ALG_AES_192] = 16, [QCRYPTO_CIPHER_ALG_AES_256] = 16, @@ -55,7 +55,7 @@ static size_t alg_block_len[QCRYPTO_CIPHER_ALG__MAX] = { [QCRYPTO_CIPHER_ALG_TWOFISH_256] = 16, }; -static bool mode_need_iv[QCRYPTO_CIPHER_MODE__MAX] = { +static const bool mode_need_iv[QCRYPTO_CIPHER_MODE__MAX] = { [QCRYPTO_CIPHER_MODE_ECB] = false, [QCRYPTO_CIPHER_MODE_CBC] = true, [QCRYPTO_CIPHER_MODE_XTS] = true, From patchwork Thu Sep 10 10:06:17 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 249592 Delivered-To: patch@linaro.org Received: by 2002:a17:906:6011:0:0:0:0 with SMTP id o17csp1241874ejj; Thu, 10 Sep 2020 03:12:45 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwh4Pdwt6kr20/5UG/altiwyKZufWAk9fzedAsFlAdQHIbtLYiatIoABRz0kBFfs++bAzk1 X-Received: by 2002:a5b:50:: with SMTP id e16mr2398711ybp.353.1599732765530; Thu, 10 Sep 2020 03:12:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1599732765; cv=none; d=google.com; s=arc-20160816; b=ICBnX8r7Psz4NCWbIzxmBcf16x3dfcTkFpk0Y70wVzHYbHjwEy8+GvH8CoFzGdVR1Y Bo4KckQ323y5w/5gUzUpOQRfIs8PWJZSrwqELuz9kqA82Qi2LbkWbsz0cu5JDVJdqwaZ lAjdEb/q7ipqUqydn2GrIaTjU8M9Cdi+zySkXJJRoMfqsgld3+EIzJdjpKdBWyaVGuam DS28QsoJYA7N7V4782y7D/Kel+LGbOuthFbZHoqWfLdZ61cu883iEGLEy7WcbmI6iiMe lYp7aDYKLwKo+Ly2pMvVE3Gg2j0GNd2OUKBBEHJbyLXy5iyPC8Zub5/ixlyEP46efKJz 7ydQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:to:from :dkim-signature; bh=Yq0dLty2zOPZXtWacMEsSs09G1z6ITTkf3f7aeY0XKI=; b=LaLk66DZTKW8bKWsbC4sUJWcj8xKvIeVk8GMZd9/qHNwtS4Za+6aTuGRgfdT+IUcuh tg0JepFEkrx1iVD27GLFREIKa8XFeXap/qqZekDf88udOMDmSHr/hhDwdsUtjofI8bni xC820K2s2Ebc9h25oxZ6Pr00zrPgX83St0VV12Xf5Ezx+Zp39otjEv/7i1FrR866fOei /C8jHRJ832FcANeox/GR3jy2lu5rNTJtRFzYuqM2xlI+aJY/BWRCVwKjwLSESOuGR3SW iIzfwoRCBAekfZthXY2v7TvDjZpUZCVIbUXmeiZ0ZmzYLHi1XIGtICupYXKBc4OuF9Hd DW6A== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@redhat.com header.s=mimecast20190719 header.b=QI0w8kCO; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id t4si5303736ybp.211.2020.09.10.03.12.45 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 10 Sep 2020 03:12:45 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=fail header.i=@redhat.com header.s=mimecast20190719 header.b=QI0w8kCO; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from localhost ([::1]:41844 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kGJZM-0003GZ-S6 for patch@linaro.org; Thu, 10 Sep 2020 06:12:44 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:43718) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kGJTb-0000Sh-Me for qemu-devel@nongnu.org; Thu, 10 Sep 2020 06:06:47 -0400 Received: from us-smtp-1.mimecast.com ([205.139.110.61]:32364 helo=us-smtp-delivery-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1kGJTZ-0007iL-8M for qemu-devel@nongnu.org; Thu, 10 Sep 2020 06:06:47 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1599732404; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Yq0dLty2zOPZXtWacMEsSs09G1z6ITTkf3f7aeY0XKI=; b=QI0w8kCOsoqTFJrh7Rwx0Y2xGs+eR/vQb6LrBgRMgyyZO+EROS7a3V61hcXVnFT/L074ym 26weHqh6yKFH7nJc9j4JpyEU/BNf6J5mwhuMiCrGrNLHHxxcBFCS4RqAqOrQOIHu/azhF2 Ba0890On0WE+obe4Zfdmig6C3IZEntA= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-152-grfCSkOxNSeMiHmFzGDQmA-1; Thu, 10 Sep 2020 06:06:42 -0400 X-MC-Unique: grfCSkOxNSeMiHmFzGDQmA-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id A380B1009443; Thu, 10 Sep 2020 10:06:41 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-112-4.ams2.redhat.com [10.36.112.4]) by smtp.corp.redhat.com (Postfix) with ESMTP id 9BEE91002D41; Thu, 10 Sep 2020 10:06:40 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 11/17] crypto/builtin: Remove odd-sized AES block handling Date: Thu, 10 Sep 2020 11:06:17 +0100 Message-Id: <20200910100623.1088965-12-berrange@redhat.com> In-Reply-To: <20200910100623.1088965-1-berrange@redhat.com> References: <20200910100623.1088965-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0.002 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=205.139.110.61; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-1.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/09/10 01:44:54 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Henderson , =?utf-8?q?Daniel_P?= =?utf-8?b?LiBCZXJyYW5nw6k=?= Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" From: Richard Henderson We verified that the data block is properly sized modulo AES_BLOCK_SIZE within qcrypto_builtin_cipher_{en,de}crypt. Therefore we will never have to handle odd sized blocks. Signed-off-by: Richard Henderson Signed-off-by: Daniel P. Berrangé --- crypto/cipher-builtin.c.inc | 40 +++++++++++-------------------------- 1 file changed, 12 insertions(+), 28 deletions(-) -- 2.26.2 diff --git a/crypto/cipher-builtin.c.inc b/crypto/cipher-builtin.c.inc index 1444139f36..e2ae5d090c 100644 --- a/crypto/cipher-builtin.c.inc +++ b/crypto/cipher-builtin.c.inc @@ -80,21 +80,13 @@ static void qcrypto_cipher_aes_ecb_encrypt(const AES_KEY *key, { const uint8_t *inptr = in; uint8_t *outptr = out; + + /* We have already verified that len % AES_BLOCK_SIZE == 0. */ while (len) { - if (len > AES_BLOCK_SIZE) { - AES_encrypt(inptr, outptr, key); - inptr += AES_BLOCK_SIZE; - outptr += AES_BLOCK_SIZE; - len -= AES_BLOCK_SIZE; - } else { - uint8_t tmp1[AES_BLOCK_SIZE], tmp2[AES_BLOCK_SIZE]; - memcpy(tmp1, inptr, len); - /* Fill with 0 to avoid valgrind uninitialized reads */ - memset(tmp1 + len, 0, sizeof(tmp1) - len); - AES_encrypt(tmp1, tmp2, key); - memcpy(outptr, tmp2, len); - len = 0; - } + AES_encrypt(inptr, outptr, key); + inptr += AES_BLOCK_SIZE; + outptr += AES_BLOCK_SIZE; + len -= AES_BLOCK_SIZE; } } @@ -106,21 +98,13 @@ static void qcrypto_cipher_aes_ecb_decrypt(const AES_KEY *key, { const uint8_t *inptr = in; uint8_t *outptr = out; + + /* We have already verified that len % AES_BLOCK_SIZE == 0. */ while (len) { - if (len > AES_BLOCK_SIZE) { - AES_decrypt(inptr, outptr, key); - inptr += AES_BLOCK_SIZE; - outptr += AES_BLOCK_SIZE; - len -= AES_BLOCK_SIZE; - } else { - uint8_t tmp1[AES_BLOCK_SIZE], tmp2[AES_BLOCK_SIZE]; - memcpy(tmp1, inptr, len); - /* Fill with 0 to avoid valgrind uninitialized reads */ - memset(tmp1 + len, 0, sizeof(tmp1) - len); - AES_decrypt(tmp1, tmp2, key); - memcpy(outptr, tmp2, len); - len = 0; - } + AES_decrypt(inptr, outptr, key); + inptr += AES_BLOCK_SIZE; + outptr += AES_BLOCK_SIZE; + len -= AES_BLOCK_SIZE; } } From patchwork Thu Sep 10 10:06:18 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 249591 Delivered-To: patch@linaro.org Received: by 2002:a17:906:6011:0:0:0:0 with SMTP id o17csp1241477ejj; Thu, 10 Sep 2020 03:12:02 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwGRTaQtQ3YKaLnh29437hYn9r0VLsNnTN5tuuOPIueHLtJwDsTVR89tNEXEYC4NfPEK7mX X-Received: by 2002:a25:ef03:: with SMTP id g3mr10582723ybd.364.1599732721911; Thu, 10 Sep 2020 03:12:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1599732721; cv=none; d=google.com; s=arc-20160816; b=r3fDoxT8jCo+rH/iJK3jDpRRcefjMjos7xmd51z8M6ioU4d+ZcObybxQ0ZVBToKP2Y QKZvZb+/tBslyof306lfDmaU7Q3FyjitWzgK4QJCnouMxfU57lMYWf04yPUylD5xnRa8 6r+6jyQqwW+LMIgFLB4Ge0bQUWlOl3yXBYtG3cvYUM4bG0dXFf6IniSKjOvL32b5HvE9 65/Ftkbj5asZzB11r1r4I2mjUTfd0fEn2MXKtSxBC6mxqA7JapWf6Bdniu1bfSw4CSt3 6MB+USoCVmxnfv0b3tWZlrUIxBqFoMFM810J2azUgPpb2vAA4ov2pGvcNnlf8iYVN85J oG4Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:to:from :dkim-signature; bh=Ks5DjWJdmSrk8l3V2pBehAqHtpAVlLDpFKUC7ipwfQ4=; b=ITQlrS6bPBLK1Mdfg0TBh/Tp6CMHiqQ12xRu1itWxifoDmbEVJQS2bQedSz7BHlXq0 PzNcgjart/YEnLOCPzMmPa3fFtXdn3sTo5osMzliE4mXW0vfqtkqAf9yXfjg+Q+aEvWj EMe7nVap0Wocve10nmtXoDO46noIuohWefa1eTAZl587TO7uUBBpAT71nwKzwz6iOBjY oZsU2KdDu9iZ4BBvYx/NH5PGB4YF0SoJGkVcgr3OlkPQQbUKaH45HMZP1d2FxuRIARKH aV4RmYj3u2N0ohRmEPO6FQ1gc+RBa0zkSljZ464B4UD3yeyAC4LH7flcla9PjhRThKs/ qqiQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@redhat.com header.s=mimecast20190719 header.b=LLAwAj8K; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id p77si5506220ybg.413.2020.09.10.03.12.01 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 10 Sep 2020 03:12:01 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=fail header.i=@redhat.com header.s=mimecast20190719 header.b=LLAwAj8K; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from localhost ([::1]:38934 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kGJYf-00024e-6Y for patch@linaro.org; Thu, 10 Sep 2020 06:12:01 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:43732) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kGJTd-0000U1-Be for qemu-devel@nongnu.org; Thu, 10 Sep 2020 06:06:49 -0400 Received: from us-smtp-delivery-1.mimecast.com ([205.139.110.120]:54284 helo=us-smtp-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1kGJTb-0007il-Az for qemu-devel@nongnu.org; Thu, 10 Sep 2020 06:06:49 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1599732406; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Ks5DjWJdmSrk8l3V2pBehAqHtpAVlLDpFKUC7ipwfQ4=; b=LLAwAj8KBtCTwrMnY1KVpoTd2UlPwNyfQYW9+K27G1w2HG0PhBGBlyggGf4vbuboawORqo IlnOIICqR7snqy8Qw9/zuZhlBa3Firi1xv5+GcoGvvP1lTFOSuuKe55EVhVLjKeg3NYGvq /dveAdh0OqLFmHUCfMzTx2OD0NGlyh0= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-182-xWiUS65bMwuoiiwoPK5N3Q-1; Thu, 10 Sep 2020 06:06:44 -0400 X-MC-Unique: xWiUS65bMwuoiiwoPK5N3Q-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 1A5E2801F95; Thu, 10 Sep 2020 10:06:43 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-112-4.ams2.redhat.com [10.36.112.4]) by smtp.corp.redhat.com (Postfix) with ESMTP id 11FFB1002D41; Thu, 10 Sep 2020 10:06:41 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 12/17] crypto/builtin: Merge qcrypto_cipher_aes_{ecb, xts}_{en, de}crypt Date: Thu, 10 Sep 2020 11:06:18 +0100 Message-Id: <20200910100623.1088965-13-berrange@redhat.com> In-Reply-To: <20200910100623.1088965-1-berrange@redhat.com> References: <20200910100623.1088965-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0.003 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=205.139.110.120; envelope-from=berrange@redhat.com; helo=us-smtp-1.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/09/10 01:23:25 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Henderson , =?utf-8?q?Daniel_P?= =?utf-8?b?LiBCZXJyYW5nw6k=?= , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" From: Richard Henderson There's no real reason we need two separate helper functions here. Standardize on the function signature required for xts_encrypt. Rename to do_aes_{en,de}crypt_ecb, since the helper does not itself do anything with respect to xts. Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Richard Henderson Signed-off-by: Daniel P. Berrangé --- crypto/cipher-builtin.c.inc | 73 +++++++++++-------------------------- 1 file changed, 22 insertions(+), 51 deletions(-) -- 2.26.2 diff --git a/crypto/cipher-builtin.c.inc b/crypto/cipher-builtin.c.inc index e2ae5d090c..8e21f2673f 100644 --- a/crypto/cipher-builtin.c.inc +++ b/crypto/cipher-builtin.c.inc @@ -72,65 +72,38 @@ static void qcrypto_cipher_free_aes(QCryptoCipher *cipher) g_free(cipher); } - -static void qcrypto_cipher_aes_ecb_encrypt(const AES_KEY *key, - const void *in, - void *out, - size_t len) +static void do_aes_encrypt_ecb(const void *vctx, + size_t len, + uint8_t *out, + const uint8_t *in) { - const uint8_t *inptr = in; - uint8_t *outptr = out; + const QCryptoCipherBuiltinAESContext *ctx = vctx; /* We have already verified that len % AES_BLOCK_SIZE == 0. */ while (len) { - AES_encrypt(inptr, outptr, key); - inptr += AES_BLOCK_SIZE; - outptr += AES_BLOCK_SIZE; + AES_encrypt(in, out, &ctx->enc); + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; len -= AES_BLOCK_SIZE; } } - -static void qcrypto_cipher_aes_ecb_decrypt(const AES_KEY *key, - const void *in, - void *out, - size_t len) +static void do_aes_decrypt_ecb(const void *vctx, + size_t len, + uint8_t *out, + const uint8_t *in) { - const uint8_t *inptr = in; - uint8_t *outptr = out; + const QCryptoCipherBuiltinAESContext *ctx = vctx; /* We have already verified that len % AES_BLOCK_SIZE == 0. */ while (len) { - AES_decrypt(inptr, outptr, key); - inptr += AES_BLOCK_SIZE; - outptr += AES_BLOCK_SIZE; + AES_decrypt(in, out, &ctx->dec); + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; len -= AES_BLOCK_SIZE; } } - -static void qcrypto_cipher_aes_xts_encrypt(const void *ctx, - size_t length, - uint8_t *dst, - const uint8_t *src) -{ - const QCryptoCipherBuiltinAESContext *aesctx = ctx; - - qcrypto_cipher_aes_ecb_encrypt(&aesctx->enc, src, dst, length); -} - - -static void qcrypto_cipher_aes_xts_decrypt(const void *ctx, - size_t length, - uint8_t *dst, - const uint8_t *src) -{ - const QCryptoCipherBuiltinAESContext *aesctx = ctx; - - qcrypto_cipher_aes_ecb_decrypt(&aesctx->dec, src, dst, length); -} - - static int qcrypto_cipher_encrypt_aes(QCryptoCipher *cipher, const void *in, void *out, @@ -142,8 +115,7 @@ static int qcrypto_cipher_encrypt_aes(QCryptoCipher *cipher, switch (cipher->mode) { case QCRYPTO_CIPHER_MODE_ECB: - qcrypto_cipher_aes_ecb_encrypt(&ctxt->state.aes.key.enc, - in, out, len); + do_aes_encrypt_ecb(&ctxt->state.aes.key, len, out, in); break; case QCRYPTO_CIPHER_MODE_CBC: AES_cbc_encrypt(in, out, len, @@ -153,8 +125,8 @@ static int qcrypto_cipher_encrypt_aes(QCryptoCipher *cipher, case QCRYPTO_CIPHER_MODE_XTS: xts_encrypt(&ctxt->state.aes.key, &ctxt->state.aes.key_tweak, - qcrypto_cipher_aes_xts_encrypt, - qcrypto_cipher_aes_xts_decrypt, + do_aes_encrypt_ecb, + do_aes_decrypt_ecb, ctxt->state.aes.iv, len, out, in); break; @@ -177,8 +149,7 @@ static int qcrypto_cipher_decrypt_aes(QCryptoCipher *cipher, switch (cipher->mode) { case QCRYPTO_CIPHER_MODE_ECB: - qcrypto_cipher_aes_ecb_decrypt(&ctxt->state.aes.key.dec, - in, out, len); + do_aes_decrypt_ecb(&ctxt->state.aes.key, len, out, in); break; case QCRYPTO_CIPHER_MODE_CBC: AES_cbc_encrypt(in, out, len, @@ -188,8 +159,8 @@ static int qcrypto_cipher_decrypt_aes(QCryptoCipher *cipher, case QCRYPTO_CIPHER_MODE_XTS: xts_decrypt(&ctxt->state.aes.key, &ctxt->state.aes.key_tweak, - qcrypto_cipher_aes_xts_encrypt, - qcrypto_cipher_aes_xts_decrypt, + do_aes_encrypt_ecb, + do_aes_decrypt_ecb, ctxt->state.aes.iv, len, out, in); break; From patchwork Thu Sep 10 10:06:19 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 249593 Delivered-To: patch@linaro.org Received: by 2002:a17:906:6011:0:0:0:0 with SMTP id o17csp1242496ejj; Thu, 10 Sep 2020 03:13:46 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwgky+t5T6NtHyBoO15eScvuZVnveBgNsrpwWoHOHk0YEPStCPBvvm1jGlmMyurqI8NEysM X-Received: by 2002:a25:c842:: with SMTP id y63mr11477369ybf.135.1599732826467; Thu, 10 Sep 2020 03:13:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1599732826; cv=none; d=google.com; s=arc-20160816; b=JfFI8q4CN/vJ5Ci6UHXxrtpJ+zdRZ1brCQrMLqPkCfNaX2+q+DjOff1HicuUaX/4ra D3GaDXSIInTQ6HfOx9gV51V5BTxYAnkM+HM843ZaJn/Jm529Gk3Bt+0uwrJeemKkwR6h 2YGhFSPPjYbmkN/NBeDGs1p4DsfFqkvV0tTZTsB2UhdSraHFxZRB8p8ap0tgM2MUNw1O 46vqaWRLyMuGK2MDq7uRmYjvC69cEYo4e6/qIb2BNhqlm9fn3NLHdndrehSs99+v8xQw TNTu5e9C9XXu9ObctAqOoznNNl6IUAcNQgUiNT+SCzD39TAhijZelptNYVC2i3Lr9SJZ 7DjA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:to:from :dkim-signature; bh=z5kz+dl4NiZGR3DyQwvuH4nV2SaU5K6TRvwu9idGUNw=; b=uu9/wN9h/Famn7XfURbO7cnFJGHO+bwg0HkcxGRjz+flg2mIgyOjY7R56Vuuo+pS5T o2IoALpLjZUP9BNN2Pi1FqF7yeHemoAXO5lLpyZ/3pVfXYuMUNYyrDwPsVVXSxeZvTey DfRWiwaEHjfS/hGt8hR+hFnGf1R2j2QaPfcRN1e4LfZ4C0nBu4MkFKnzfxZGLNLjA6gL a+5wgOy+jtC8LM9eCAyliI7soh4pIZeNpKGKJC9rpglgZsSo5sA0X9wDmnttHpIRM8yq +w4mm+h6kWwLICSHYtezDjrjVjISEts9cWNoMcXBE9AqIrsZE8OfUgI3HEKn9XqvXvBB QVYg== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@redhat.com header.s=mimecast20190719 header.b=fd4wcEAS; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id 69si5398317ybl.442.2020.09.10.03.13.46 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 10 Sep 2020 03:13:46 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=fail header.i=@redhat.com header.s=mimecast20190719 header.b=fd4wcEAS; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from localhost ([::1]:47000 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kGJaL-0005Pz-SO for patch@linaro.org; Thu, 10 Sep 2020 06:13:45 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:43760) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kGJTf-0000Wi-PZ for qemu-devel@nongnu.org; Thu, 10 Sep 2020 06:06:51 -0400 Received: from us-smtp-2.mimecast.com ([207.211.31.81]:21140 helo=us-smtp-delivery-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1kGJTd-0007j0-5L for qemu-devel@nongnu.org; Thu, 10 Sep 2020 06:06:51 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1599732408; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=z5kz+dl4NiZGR3DyQwvuH4nV2SaU5K6TRvwu9idGUNw=; b=fd4wcEASKQ4MI22OK3oNTIrEHi2rsLYOmcOMAEA5iQZWHlr+MVRZcNsLw7hrDefttw9YfY qsDQpkeXeYUKyxFwsjiXmr+aJ8nMvxJXyvIwPJvPqjs8FeVuhl3ACCm6vrfi92B3gV6xNZ cjRwEQeIKQdUK5e2N4ddCtZBLNTjl7w= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-227-icB0_c8eMwesHJwalp4Ajg-1; Thu, 10 Sep 2020 06:06:45 -0400 X-MC-Unique: icB0_c8eMwesHJwalp4Ajg-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id C96E6801AB8; Thu, 10 Sep 2020 10:06:44 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-112-4.ams2.redhat.com [10.36.112.4]) by smtp.corp.redhat.com (Postfix) with ESMTP id 7BC1F1002D5C; Thu, 10 Sep 2020 10:06:43 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 13/17] crypto/builtin: Move AES_cbc_encrypt into cipher-builtin.inc.c Date: Thu, 10 Sep 2020 11:06:19 +0100 Message-Id: <20200910100623.1088965-14-berrange@redhat.com> In-Reply-To: <20200910100623.1088965-1-berrange@redhat.com> References: <20200910100623.1088965-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0.002 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=207.211.31.81; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-1.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/09/10 00:49:43 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Henderson , =?utf-8?q?Daniel_P?= =?utf-8?b?LiBCZXJyYW5nw6k=?= , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" From: Richard Henderson By making the function private, we will be able to make further simplifications. Re-indent the migrated code and fix the missing braces for CODING_STYLE. Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Richard Henderson Signed-off-by: Daniel P. Berrangé --- crypto/aes.c | 51 --------------------------------- crypto/cipher-builtin.c.inc | 56 +++++++++++++++++++++++++++++++++++++ include/crypto/aes.h | 4 --- 3 files changed, 56 insertions(+), 55 deletions(-) -- 2.26.2 diff --git a/crypto/aes.c b/crypto/aes.c index 0f6a195af8..159800df65 100644 --- a/crypto/aes.c +++ b/crypto/aes.c @@ -1599,54 +1599,3 @@ void AES_decrypt(const unsigned char *in, unsigned char *out, } #endif /* AES_ASM */ - -void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const AES_KEY *key, - unsigned char *ivec, const int enc) -{ - - unsigned long n; - unsigned long len = length; - unsigned char tmp[AES_BLOCK_SIZE]; - - assert(in && out && key && ivec); - - if (enc) { - while (len >= AES_BLOCK_SIZE) { - for(n=0; n < AES_BLOCK_SIZE; ++n) - tmp[n] = in[n] ^ ivec[n]; - AES_encrypt(tmp, out, key); - memcpy(ivec, out, AES_BLOCK_SIZE); - len -= AES_BLOCK_SIZE; - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; - } - if (len) { - for(n=0; n < len; ++n) - tmp[n] = in[n] ^ ivec[n]; - for(n=len; n < AES_BLOCK_SIZE; ++n) - tmp[n] = ivec[n]; - AES_encrypt(tmp, tmp, key); - memcpy(out, tmp, AES_BLOCK_SIZE); - memcpy(ivec, tmp, AES_BLOCK_SIZE); - } - } else { - while (len >= AES_BLOCK_SIZE) { - memcpy(tmp, in, AES_BLOCK_SIZE); - AES_decrypt(in, out, key); - for(n=0; n < AES_BLOCK_SIZE; ++n) - out[n] ^= ivec[n]; - memcpy(ivec, tmp, AES_BLOCK_SIZE); - len -= AES_BLOCK_SIZE; - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; - } - if (len) { - memcpy(tmp, in, AES_BLOCK_SIZE); - AES_decrypt(tmp, tmp, key); - for(n=0; n < len; ++n) - out[n] = tmp[n] ^ ivec[n]; - memcpy(ivec, tmp, AES_BLOCK_SIZE); - } - } -} diff --git a/crypto/cipher-builtin.c.inc b/crypto/cipher-builtin.c.inc index 8e21f2673f..61baad265a 100644 --- a/crypto/cipher-builtin.c.inc +++ b/crypto/cipher-builtin.c.inc @@ -104,6 +104,62 @@ static void do_aes_decrypt_ecb(const void *vctx, } } +static void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, + const unsigned long length, const AES_KEY *key, + unsigned char *ivec, const int enc) +{ + unsigned long n; + unsigned long len = length; + unsigned char tmp[AES_BLOCK_SIZE]; + + assert(in && out && key && ivec); + + if (enc) { + while (len >= AES_BLOCK_SIZE) { + for (n = 0; n < AES_BLOCK_SIZE; ++n) { + tmp[n] = in[n] ^ ivec[n]; + } + AES_encrypt(tmp, out, key); + memcpy(ivec, out, AES_BLOCK_SIZE); + len -= AES_BLOCK_SIZE; + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + } + if (len) { + for (n = 0; n < len; ++n) { + tmp[n] = in[n] ^ ivec[n]; + } + for (n = len; n < AES_BLOCK_SIZE; ++n) { + tmp[n] = ivec[n]; + } + AES_encrypt(tmp, tmp, key); + memcpy(out, tmp, AES_BLOCK_SIZE); + memcpy(ivec, tmp, AES_BLOCK_SIZE); + } + } else { + while (len >= AES_BLOCK_SIZE) { + memcpy(tmp, in, AES_BLOCK_SIZE); + AES_decrypt(in, out, key); + for (n = 0; n < AES_BLOCK_SIZE; ++n) { + out[n] ^= ivec[n]; + } + memcpy(ivec, tmp, AES_BLOCK_SIZE); + len -= AES_BLOCK_SIZE; + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + } + if (len) { + memcpy(tmp, in, AES_BLOCK_SIZE); + AES_decrypt(tmp, tmp, key); + for (n = 0; n < len; ++n) { + out[n] = tmp[n] ^ ivec[n]; + } + memcpy(ivec, tmp, AES_BLOCK_SIZE); + } + } +} + + static int qcrypto_cipher_encrypt_aes(QCryptoCipher *cipher, const void *in, void *out, diff --git a/include/crypto/aes.h b/include/crypto/aes.h index 12fb321b89..ba297d6a73 100644 --- a/include/crypto/aes.h +++ b/include/crypto/aes.h @@ -16,7 +16,6 @@ typedef struct aes_key_st AES_KEY; #define AES_set_decrypt_key QEMU_AES_set_decrypt_key #define AES_encrypt QEMU_AES_encrypt #define AES_decrypt QEMU_AES_decrypt -#define AES_cbc_encrypt QEMU_AES_cbc_encrypt int AES_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key); @@ -27,9 +26,6 @@ void AES_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key); void AES_decrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key); -void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const AES_KEY *key, - unsigned char *ivec, const int enc); extern const uint8_t AES_sbox[256]; extern const uint8_t AES_isbox[256]; From patchwork Thu Sep 10 10:06:20 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 249594 Delivered-To: patch@linaro.org Received: by 2002:a17:906:6011:0:0:0:0 with SMTP id o17csp1242944ejj; Thu, 10 Sep 2020 03:14:31 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw9e6kMqDy+8ibcvmuAJ3KAiTexWT663UzdogHni04gAlFnCberipr5xASQXTP7LGY2cEPG X-Received: by 2002:a25:d18d:: with SMTP id i135mr13347686ybg.71.1599732871592; Thu, 10 Sep 2020 03:14:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1599732871; cv=none; d=google.com; s=arc-20160816; b=A0YmPGbHvce21zn5X/Xi9gsw4DYtDd0GHORfaM8PaMIcdI59VS+tGghxQqcePb7oH8 CgwSUWphu/DkQuHHzcTtHBfAOkMaB4Dyw2HTEbnIH3s5VLBKmAffULJ953sVtG3nWvG0 wuh7FB9GeBT7FWI1FPoySd1ekdYA5WV1y7AbpzIlfKmJ4UQP0eZxdmrD3KMwKlWgP8mi 9/ViEFTznCbc9vK5IQFMEnqRKfyYtPU0kLPyVO8d+CElewE5LR/Jd7gjM2G0wr4e0Ue9 E7gTzu/2MHOy+F57mFY88WOcktRtJuByy+YB4H81ChNSTkY/778xKfZIKgfpsgYouHek Wl7w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:to:from :dkim-signature; bh=A2f9SYRD21RntK1btIFerAtriqCpg0ZbaBGhCatpAE8=; b=H8zGRNLfXg1eRx4mdH9DFZ9Uy5w1lJywVZFliJzlIh1Zup2Mu2clHMLQM/iD0yXbU0 p8Wu7ATUNp9ndzfUX6Y8mXpvZgn8Nt/li9+s7+Tm+h9IlPYNJZjPG+Mr/3ks3rh7YVFs t4MEfYddE/jR2BbVoH3doDX80zPgfbcAAluiK7Kd6GW5sPbCBDMyhi11gc+WchsaDlr8 YLdnr+iD1Y0s/vWe7CskWJsIcP3E6bqmb5xIZa7bc/Tz2QZThU5DhE0uSTGA0AWOqYeu taVqURCAdFr8YXDkY1L4GiRrRyx+o3cUk9eYq/ToyapoYtq3RWnoIAc0+k9Lm8yz1oBr DC9A== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@redhat.com header.s=mimecast20190719 header.b=XXaeao1s; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id t124si5623066ybf.356.2020.09.10.03.14.31 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 10 Sep 2020 03:14:31 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=fail header.i=@redhat.com header.s=mimecast20190719 header.b=XXaeao1s; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from localhost ([::1]:51426 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kGJb4-0007ET-Vm for patch@linaro.org; Thu, 10 Sep 2020 06:14:31 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:43770) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kGJTg-0000YJ-DZ for qemu-devel@nongnu.org; Thu, 10 Sep 2020 06:06:52 -0400 Received: from us-smtp-1.mimecast.com ([205.139.110.61]:25962 helo=us-smtp-delivery-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1kGJTe-0007jB-D3 for qemu-devel@nongnu.org; Thu, 10 Sep 2020 06:06:52 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1599732409; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=A2f9SYRD21RntK1btIFerAtriqCpg0ZbaBGhCatpAE8=; b=XXaeao1st3EqOXatkE5+9OjVuLD1rhb2UEsOaPViQyZ8HEYytOUNqLMljbAQk7AOdu0eIS v1jOL28ScOvK7DJcXjbWPorZsnz9PoRHqKMLwx/Fu8q+pUbbX6XyH1/6TnzmGuvVaWICuK NebDDDTW0P4LZl/g8BKRzjcubQ0M83U= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-490-dKfCdj3fOdWSqvA7Zy6txA-1; Thu, 10 Sep 2020 06:06:47 -0400 X-MC-Unique: dKfCdj3fOdWSqvA7Zy6txA-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 4C91F64082; Thu, 10 Sep 2020 10:06:46 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-112-4.ams2.redhat.com [10.36.112.4]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1CD6D1002D41; Thu, 10 Sep 2020 10:06:44 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 14/17] crypto/builtin: Split and simplify AES_encrypt_cbc Date: Thu, 10 Sep 2020 11:06:20 +0100 Message-Id: <20200910100623.1088965-15-berrange@redhat.com> In-Reply-To: <20200910100623.1088965-1-berrange@redhat.com> References: <20200910100623.1088965-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0.003 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=205.139.110.61; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-1.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/09/10 01:44:54 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Henderson , =?utf-8?q?Daniel_P?= =?utf-8?b?LiBCZXJyYW5nw6k=?= Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" From: Richard Henderson Split into encrypt/decrypt functions, dropping the "enc" argument. Now that the function is private to this file, we know that "len" is a multiple of AES_BLOCK_SIZE. So drop the odd block size code. Name the functions do_aes_*crypt_cbc to match the *_ecb functions. Reorder and re-type the arguments to match as well. Signed-off-by: Richard Henderson Signed-off-by: Daniel P. Berrangé --- crypto/cipher-builtin.c.inc | 99 ++++++++++++++++--------------------- 1 file changed, 43 insertions(+), 56 deletions(-) -- 2.26.2 diff --git a/crypto/cipher-builtin.c.inc b/crypto/cipher-builtin.c.inc index 61baad265a..b1fe3b08c3 100644 --- a/crypto/cipher-builtin.c.inc +++ b/crypto/cipher-builtin.c.inc @@ -104,61 +104,50 @@ static void do_aes_decrypt_ecb(const void *vctx, } } -static void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const AES_KEY *key, - unsigned char *ivec, const int enc) +static void do_aes_encrypt_cbc(const AES_KEY *key, + size_t len, + uint8_t *out, + const uint8_t *in, + uint8_t *ivec) { - unsigned long n; - unsigned long len = length; - unsigned char tmp[AES_BLOCK_SIZE]; - - assert(in && out && key && ivec); - - if (enc) { - while (len >= AES_BLOCK_SIZE) { - for (n = 0; n < AES_BLOCK_SIZE; ++n) { - tmp[n] = in[n] ^ ivec[n]; - } - AES_encrypt(tmp, out, key); - memcpy(ivec, out, AES_BLOCK_SIZE); - len -= AES_BLOCK_SIZE; - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; - } - if (len) { - for (n = 0; n < len; ++n) { - tmp[n] = in[n] ^ ivec[n]; - } - for (n = len; n < AES_BLOCK_SIZE; ++n) { - tmp[n] = ivec[n]; - } - AES_encrypt(tmp, tmp, key); - memcpy(out, tmp, AES_BLOCK_SIZE); - memcpy(ivec, tmp, AES_BLOCK_SIZE); - } - } else { - while (len >= AES_BLOCK_SIZE) { - memcpy(tmp, in, AES_BLOCK_SIZE); - AES_decrypt(in, out, key); - for (n = 0; n < AES_BLOCK_SIZE; ++n) { - out[n] ^= ivec[n]; - } - memcpy(ivec, tmp, AES_BLOCK_SIZE); - len -= AES_BLOCK_SIZE; - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; - } - if (len) { - memcpy(tmp, in, AES_BLOCK_SIZE); - AES_decrypt(tmp, tmp, key); - for (n = 0; n < len; ++n) { - out[n] = tmp[n] ^ ivec[n]; - } - memcpy(ivec, tmp, AES_BLOCK_SIZE); + uint8_t tmp[AES_BLOCK_SIZE]; + size_t n; + + /* We have already verified that len % AES_BLOCK_SIZE == 0. */ + while (len) { + for (n = 0; n < AES_BLOCK_SIZE; ++n) { + tmp[n] = in[n] ^ ivec[n]; } + AES_encrypt(tmp, out, key); + memcpy(ivec, out, AES_BLOCK_SIZE); + len -= AES_BLOCK_SIZE; + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; } } +static void do_aes_decrypt_cbc(const AES_KEY *key, + size_t len, + uint8_t *out, + const uint8_t *in, + uint8_t *ivec) +{ + uint8_t tmp[AES_BLOCK_SIZE]; + size_t n; + + /* We have already verified that len % AES_BLOCK_SIZE == 0. */ + while (len) { + memcpy(tmp, in, AES_BLOCK_SIZE); + AES_decrypt(in, out, key); + for (n = 0; n < AES_BLOCK_SIZE; ++n) { + out[n] ^= ivec[n]; + } + memcpy(ivec, tmp, AES_BLOCK_SIZE); + len -= AES_BLOCK_SIZE; + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + } +} static int qcrypto_cipher_encrypt_aes(QCryptoCipher *cipher, const void *in, @@ -174,9 +163,8 @@ static int qcrypto_cipher_encrypt_aes(QCryptoCipher *cipher, do_aes_encrypt_ecb(&ctxt->state.aes.key, len, out, in); break; case QCRYPTO_CIPHER_MODE_CBC: - AES_cbc_encrypt(in, out, len, - &ctxt->state.aes.key.enc, - ctxt->state.aes.iv, 1); + do_aes_encrypt_cbc(&ctxt->state.aes.key.enc, len, out, in, + ctxt->state.aes.iv); break; case QCRYPTO_CIPHER_MODE_XTS: xts_encrypt(&ctxt->state.aes.key, @@ -208,9 +196,8 @@ static int qcrypto_cipher_decrypt_aes(QCryptoCipher *cipher, do_aes_decrypt_ecb(&ctxt->state.aes.key, len, out, in); break; case QCRYPTO_CIPHER_MODE_CBC: - AES_cbc_encrypt(in, out, len, - &ctxt->state.aes.key.dec, - ctxt->state.aes.iv, 0); + do_aes_decrypt_cbc(&ctxt->state.aes.key.dec, len, out, in, + ctxt->state.aes.iv); break; case QCRYPTO_CIPHER_MODE_XTS: xts_decrypt(&ctxt->state.aes.key, From patchwork Thu Sep 10 10:06:21 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 249596 Delivered-To: patch@linaro.org Received: by 2002:a17:906:6011:0:0:0:0 with SMTP id o17csp1243820ejj; Thu, 10 Sep 2020 03:16:07 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzOHTBgJvJvrNR5rInGlzvaxRuIp4oL9g8czgt+g45q9hPutfJmtmPhXJO+5WCAiDO1R/N0 X-Received: by 2002:a25:cad1:: with SMTP id a200mr10070201ybg.424.1599732966851; Thu, 10 Sep 2020 03:16:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1599732966; cv=none; d=google.com; s=arc-20160816; b=S7O82FpvbppWAMY2ZW5+Tq17Xrm+5fNAX8soJEO0fSdcmtmO50O7H7R1+jE/pjgDW9 K8eRwU2Sh18OPR/1Xr2AFOjvoY74UGfClLDnfIFepf9U1rrhfgvPhiZiEFtA/FVVB/Qd uhpOQkNAevletfTvWPaQ7mcAGCHSHc5m0PRh2ZvQXVzygFVIQYWPPOIPbm1b/pm/nSKn 72LdTybelZIprAizhZPTlYsGuf/LqHTtBtGK5MaPyOb4fcFNCDQ+GwDGEHwR8949KTYn KbvY8mO3s5UIXHjKaoi5cX/hpA33BGNwTTqiYujLUei5/3FaXupEgxgM6jqgeSKM7Z7k G7Fw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:to:from :dkim-signature; bh=kQAjIvRFPGeB+uOYcrZForNu6YLc+GC6+X5PocLP3I4=; b=DAmNVlnvirciwOld31JAbX0cFhV1mZKoVS1ugcfWmUhzSk69mTp/dWjlpDaelFfb9n 87KQ8tF1yDMQkc9HDNHTQEGzDzfM7s9EgShbiGgGw2Y6kLykHwTIQJXJgOCeKoKE4I9e VCNX/VT+OddAHcLUjOBv4oqnjO+4tBi77l6vIwnmHRjGEZjIA0UOdH/3MdRP/4BHOpnj ByVqOZQUGny/ojsfY54S4ij4RCdzjYY0vqwLt85v9DZ454bhWr38cPt6xtSVpigxUsoe LwBWggaQssaFGg0FFE8IM/JOkwNv8WH1wqGgjBajZ3l366b6XBKLZRlZEYjxf7WE0qJ2 0ReQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@redhat.com header.s=mimecast20190719 header.b=Exk7hNt2; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id f14si4931961ybg.476.2020.09.10.03.16.06 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 10 Sep 2020 03:16:06 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=fail header.i=@redhat.com header.s=mimecast20190719 header.b=Exk7hNt2; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from localhost ([::1]:57484 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kGJcc-0001NS-75 for patch@linaro.org; Thu, 10 Sep 2020 06:16:06 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:43798) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kGJTi-0000cy-RC for qemu-devel@nongnu.org; Thu, 10 Sep 2020 06:06:54 -0400 Received: from us-smtp-1.mimecast.com ([205.139.110.61]:52684 helo=us-smtp-delivery-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1kGJTf-0007jK-OU for qemu-devel@nongnu.org; Thu, 10 Sep 2020 06:06:54 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1599732411; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=kQAjIvRFPGeB+uOYcrZForNu6YLc+GC6+X5PocLP3I4=; b=Exk7hNt2WIUybhID2kmdAlaWKKvmjrU8uB5WNV/BZ6TLFEb4WYqrF1vEexxmcJbZgDgwjW kbkZeXwJfX4qZUjTTP4M8qiGgOnc1mqPeK4qSI6+6we4RzbkZPoGZGOvtnigwRSDz8B/dr TpTiwml2zg1VHJ7F2nuEsM+f8j0RCP0= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-48-bRJSIcSuOJC56A_prj0LQg-1; Thu, 10 Sep 2020 06:06:48 -0400 X-MC-Unique: bRJSIcSuOJC56A_prj0LQg-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id D8F9064081; Thu, 10 Sep 2020 10:06:47 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-112-4.ams2.redhat.com [10.36.112.4]) by smtp.corp.redhat.com (Postfix) with ESMTP id A69781002D41; Thu, 10 Sep 2020 10:06:46 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 15/17] crypto/builtin: Split QCryptoCipherBuiltin into subclasses Date: Thu, 10 Sep 2020 11:06:21 +0100 Message-Id: <20200910100623.1088965-16-berrange@redhat.com> In-Reply-To: <20200910100623.1088965-1-berrange@redhat.com> References: <20200910100623.1088965-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0.003 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=205.139.110.61; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-1.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/09/10 01:44:54 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Henderson , =?utf-8?q?Daniel_P?= =?utf-8?b?LiBCZXJyYW5nw6k=?= Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" From: Richard Henderson We had a second set of function pointers in QCryptoCipherBuiltin, which are redundant with QCryptoCipherDriver. Split the AES and DES implementations to avoid one level of indirection. Signed-off-by: Richard Henderson Signed-off-by: Daniel P. Berrangé --- crypto/cipher-builtin.c.inc | 519 +++++++++++++++--------------------- 1 file changed, 210 insertions(+), 309 deletions(-) -- 2.26.2 diff --git a/crypto/cipher-builtin.c.inc b/crypto/cipher-builtin.c.inc index b1fe3b08c3..7597cf4a10 100644 --- a/crypto/cipher-builtin.c.inc +++ b/crypto/cipher-builtin.c.inc @@ -22,56 +22,45 @@ #include "crypto/desrfb.h" #include "crypto/xts.h" -static const struct QCryptoCipherDriver qcrypto_cipher_lib_driver; - typedef struct QCryptoCipherBuiltinAESContext QCryptoCipherBuiltinAESContext; struct QCryptoCipherBuiltinAESContext { AES_KEY enc; AES_KEY dec; }; + typedef struct QCryptoCipherBuiltinAES QCryptoCipherBuiltinAES; struct QCryptoCipherBuiltinAES { + QCryptoCipher base; QCryptoCipherBuiltinAESContext key; QCryptoCipherBuiltinAESContext key_tweak; uint8_t iv[AES_BLOCK_SIZE]; }; -typedef struct QCryptoCipherBuiltinDESRFB QCryptoCipherBuiltinDESRFB; -struct QCryptoCipherBuiltinDESRFB { - uint8_t *key; - size_t nkey; -}; -typedef struct QCryptoCipherBuiltin QCryptoCipherBuiltin; -struct QCryptoCipherBuiltin { - QCryptoCipher base; - - union { - QCryptoCipherBuiltinAES aes; - QCryptoCipherBuiltinDESRFB desrfb; - } state; - size_t blocksize; - void (*free)(QCryptoCipher *cipher); - int (*setiv)(QCryptoCipher *cipher, - const uint8_t *iv, size_t niv, - Error **errp); - int (*encrypt)(QCryptoCipher *cipher, - const void *in, - void *out, - size_t len, - Error **errp); - int (*decrypt)(QCryptoCipher *cipher, - const void *in, - void *out, - size_t len, - Error **errp); -}; +static inline bool qcrypto_length_check(size_t len, size_t blocksize, + Error **errp) +{ + if (unlikely(len & (blocksize - 1))) { + error_setg(errp, "Length %zu must be a multiple of block size %zu", + len, blocksize); + return false; + } + return true; +} -static void qcrypto_cipher_free_aes(QCryptoCipher *cipher) +static void qcrypto_cipher_ctx_free(QCryptoCipher *cipher) { g_free(cipher); } +static int qcrypto_cipher_no_setiv(QCryptoCipher *cipher, + const uint8_t *iv, size_t niv, + Error **errp) +{ + error_setg(errp, "Setting IV is not supported"); + return -1; +} + static void do_aes_encrypt_ecb(const void *vctx, size_t len, uint8_t *out, @@ -149,185 +138,154 @@ static void do_aes_decrypt_cbc(const AES_KEY *key, } } -static int qcrypto_cipher_encrypt_aes(QCryptoCipher *cipher, - const void *in, - void *out, - size_t len, - Error **errp) +static int qcrypto_cipher_aes_encrypt_ecb(QCryptoCipher *cipher, + const void *in, void *out, + size_t len, Error **errp) { - QCryptoCipherBuiltin *ctxt - = container_of(cipher, QCryptoCipherBuiltin, base); + QCryptoCipherBuiltinAES *ctx + = container_of(cipher, QCryptoCipherBuiltinAES, base); - switch (cipher->mode) { - case QCRYPTO_CIPHER_MODE_ECB: - do_aes_encrypt_ecb(&ctxt->state.aes.key, len, out, in); - break; - case QCRYPTO_CIPHER_MODE_CBC: - do_aes_encrypt_cbc(&ctxt->state.aes.key.enc, len, out, in, - ctxt->state.aes.iv); - break; - case QCRYPTO_CIPHER_MODE_XTS: - xts_encrypt(&ctxt->state.aes.key, - &ctxt->state.aes.key_tweak, - do_aes_encrypt_ecb, - do_aes_decrypt_ecb, - ctxt->state.aes.iv, - len, out, in); - break; - default: - g_assert_not_reached(); + if (!qcrypto_length_check(len, AES_BLOCK_SIZE, errp)) { + return -1; } - + do_aes_encrypt_ecb(&ctx->key, len, out, in); return 0; } - -static int qcrypto_cipher_decrypt_aes(QCryptoCipher *cipher, - const void *in, - void *out, - size_t len, - Error **errp) +static int qcrypto_cipher_aes_decrypt_ecb(QCryptoCipher *cipher, + const void *in, void *out, + size_t len, Error **errp) { - QCryptoCipherBuiltin *ctxt - = container_of(cipher, QCryptoCipherBuiltin, base); + QCryptoCipherBuiltinAES *ctx + = container_of(cipher, QCryptoCipherBuiltinAES, base); - switch (cipher->mode) { - case QCRYPTO_CIPHER_MODE_ECB: - do_aes_decrypt_ecb(&ctxt->state.aes.key, len, out, in); - break; - case QCRYPTO_CIPHER_MODE_CBC: - do_aes_decrypt_cbc(&ctxt->state.aes.key.dec, len, out, in, - ctxt->state.aes.iv); - break; - case QCRYPTO_CIPHER_MODE_XTS: - xts_decrypt(&ctxt->state.aes.key, - &ctxt->state.aes.key_tweak, - do_aes_encrypt_ecb, - do_aes_decrypt_ecb, - ctxt->state.aes.iv, - len, out, in); - break; - default: - g_assert_not_reached(); + if (!qcrypto_length_check(len, AES_BLOCK_SIZE, errp)) { + return -1; } - + do_aes_decrypt_ecb(&ctx->key, len, out, in); return 0; } -static int qcrypto_cipher_setiv_aes(QCryptoCipher *cipher, - const uint8_t *iv, size_t niv, - Error **errp) +static int qcrypto_cipher_aes_encrypt_cbc(QCryptoCipher *cipher, + const void *in, void *out, + size_t len, Error **errp) { - QCryptoCipherBuiltin *ctxt - = container_of(cipher, QCryptoCipherBuiltin, base); + QCryptoCipherBuiltinAES *ctx + = container_of(cipher, QCryptoCipherBuiltinAES, base); - if (niv != AES_BLOCK_SIZE) { - error_setg(errp, "IV must be %d bytes not %zu", - AES_BLOCK_SIZE, niv); + if (!qcrypto_length_check(len, AES_BLOCK_SIZE, errp)) { return -1; } - - memcpy(ctxt->state.aes.iv, iv, AES_BLOCK_SIZE); - + do_aes_encrypt_cbc(&ctx->key.enc, len, out, in, ctx->iv); return 0; } +static int qcrypto_cipher_aes_decrypt_cbc(QCryptoCipher *cipher, + const void *in, void *out, + size_t len, Error **errp) +{ + QCryptoCipherBuiltinAES *ctx + = container_of(cipher, QCryptoCipherBuiltinAES, base); + if (!qcrypto_length_check(len, AES_BLOCK_SIZE, errp)) { + return -1; + } + do_aes_decrypt_cbc(&ctx->key.dec, len, out, in, ctx->iv); + return 0; +} - -static QCryptoCipher * -qcrypto_cipher_init_aes(QCryptoCipherMode mode, - const uint8_t *key, size_t nkey, - Error **errp) +static int qcrypto_cipher_aes_encrypt_xts(QCryptoCipher *cipher, + const void *in, void *out, + size_t len, Error **errp) { - QCryptoCipherBuiltin *ctxt; + QCryptoCipherBuiltinAES *ctx + = container_of(cipher, QCryptoCipherBuiltinAES, base); - if (mode != QCRYPTO_CIPHER_MODE_CBC && - mode != QCRYPTO_CIPHER_MODE_ECB && - mode != QCRYPTO_CIPHER_MODE_XTS) { - error_setg(errp, "Unsupported cipher mode %s", - QCryptoCipherMode_str(mode)); - return NULL; + if (!qcrypto_length_check(len, AES_BLOCK_SIZE, errp)) { + return -1; } + xts_encrypt(&ctx->key, &ctx->key_tweak, + do_aes_encrypt_ecb, do_aes_decrypt_ecb, + ctx->iv, len, out, in); + return 0; +} - ctxt = g_new0(QCryptoCipherBuiltin, 1); +static int qcrypto_cipher_aes_decrypt_xts(QCryptoCipher *cipher, + const void *in, void *out, + size_t len, Error **errp) +{ + QCryptoCipherBuiltinAES *ctx + = container_of(cipher, QCryptoCipherBuiltinAES, base); - if (mode == QCRYPTO_CIPHER_MODE_XTS) { - if (AES_set_encrypt_key(key, nkey * 4, &ctxt->state.aes.key.enc) != 0) { - error_setg(errp, "Failed to set encryption key"); - goto error; - } + if (!qcrypto_length_check(len, AES_BLOCK_SIZE, errp)) { + return -1; + } + xts_decrypt(&ctx->key, &ctx->key_tweak, + do_aes_encrypt_ecb, do_aes_decrypt_ecb, + ctx->iv, len, out, in); + return 0; +} - if (AES_set_decrypt_key(key, nkey * 4, &ctxt->state.aes.key.dec) != 0) { - error_setg(errp, "Failed to set decryption key"); - goto error; - } - if (AES_set_encrypt_key(key + (nkey / 2), nkey * 4, - &ctxt->state.aes.key_tweak.enc) != 0) { - error_setg(errp, "Failed to set encryption key"); - goto error; - } - - if (AES_set_decrypt_key(key + (nkey / 2), nkey * 4, - &ctxt->state.aes.key_tweak.dec) != 0) { - error_setg(errp, "Failed to set decryption key"); - goto error; - } - } else { - if (AES_set_encrypt_key(key, nkey * 8, &ctxt->state.aes.key.enc) != 0) { - error_setg(errp, "Failed to set encryption key"); - goto error; - } +static int qcrypto_cipher_aes_setiv(QCryptoCipher *cipher, const uint8_t *iv, + size_t niv, Error **errp) +{ + QCryptoCipherBuiltinAES *ctx + = container_of(cipher, QCryptoCipherBuiltinAES, base); - if (AES_set_decrypt_key(key, nkey * 8, &ctxt->state.aes.key.dec) != 0) { - error_setg(errp, "Failed to set decryption key"); - goto error; - } + if (niv != AES_BLOCK_SIZE) { + error_setg(errp, "IV must be %d bytes not %zu", + AES_BLOCK_SIZE, niv); + return -1; } - ctxt->blocksize = AES_BLOCK_SIZE; - ctxt->free = qcrypto_cipher_free_aes; - ctxt->setiv = qcrypto_cipher_setiv_aes; - ctxt->encrypt = qcrypto_cipher_encrypt_aes; - ctxt->decrypt = qcrypto_cipher_decrypt_aes; + memcpy(ctx->iv, iv, AES_BLOCK_SIZE); + return 0; +} - ctxt->base.driver = &qcrypto_cipher_lib_driver; - return &ctxt->base; +static const struct QCryptoCipherDriver qcrypto_cipher_aes_driver_ecb = { + .cipher_encrypt = qcrypto_cipher_aes_encrypt_ecb, + .cipher_decrypt = qcrypto_cipher_aes_decrypt_ecb, + .cipher_setiv = qcrypto_cipher_no_setiv, + .cipher_free = qcrypto_cipher_ctx_free, +}; - error: - g_free(ctxt); - return NULL; -} +static const struct QCryptoCipherDriver qcrypto_cipher_aes_driver_cbc = { + .cipher_encrypt = qcrypto_cipher_aes_encrypt_cbc, + .cipher_decrypt = qcrypto_cipher_aes_decrypt_cbc, + .cipher_setiv = qcrypto_cipher_aes_setiv, + .cipher_free = qcrypto_cipher_ctx_free, +}; +static const struct QCryptoCipherDriver qcrypto_cipher_aes_driver_xts = { + .cipher_encrypt = qcrypto_cipher_aes_encrypt_xts, + .cipher_decrypt = qcrypto_cipher_aes_decrypt_xts, + .cipher_setiv = qcrypto_cipher_aes_setiv, + .cipher_free = qcrypto_cipher_ctx_free, +}; -static void qcrypto_cipher_free_des_rfb(QCryptoCipher *cipher) -{ - QCryptoCipherBuiltin *ctxt - = container_of(cipher, QCryptoCipherBuiltin, base); - g_free(ctxt->state.desrfb.key); - g_free(ctxt); -} +typedef struct QCryptoCipherBuiltinDESRFB QCryptoCipherBuiltinDESRFB; +struct QCryptoCipherBuiltinDESRFB { + QCryptoCipher base; + /* C.f. alg_key_len[QCRYPTO_CIPHER_ALG_DES_RFB] */ + uint8_t key[8]; +}; static int qcrypto_cipher_encrypt_des_rfb(QCryptoCipher *cipher, - const void *in, - void *out, - size_t len, - Error **errp) + const void *in, void *out, + size_t len, Error **errp) { - QCryptoCipherBuiltin *ctxt - = container_of(cipher, QCryptoCipherBuiltin, base); + QCryptoCipherBuiltinDESRFB *ctx + = container_of(cipher, QCryptoCipherBuiltinDESRFB, base); size_t i; - if (len % 8) { - error_setg(errp, "Buffer size must be multiple of 8 not %zu", - len); + if (!qcrypto_length_check(len, 8, errp)) { return -1; } - deskey(ctxt->state.desrfb.key, EN0); + deskey(ctx->key, EN0); for (i = 0; i < len; i += 8) { des((void *)in + i, out + i); @@ -336,24 +294,19 @@ static int qcrypto_cipher_encrypt_des_rfb(QCryptoCipher *cipher, return 0; } - static int qcrypto_cipher_decrypt_des_rfb(QCryptoCipher *cipher, - const void *in, - void *out, - size_t len, - Error **errp) + const void *in, void *out, + size_t len, Error **errp) { - QCryptoCipherBuiltin *ctxt - = container_of(cipher, QCryptoCipherBuiltin, base); + QCryptoCipherBuiltinDESRFB *ctx + = container_of(cipher, QCryptoCipherBuiltinDESRFB, base); size_t i; - if (len % 8) { - error_setg(errp, "Buffer size must be multiple of 8 not %zu", - len); + if (!qcrypto_length_check(len, 8, errp)) { return -1; } - deskey(ctxt->state.desrfb.key, DE1); + deskey(ctx->key, DE1); for (i = 0; i < len; i += 8) { des((void *)in + i, out + i); @@ -362,173 +315,121 @@ static int qcrypto_cipher_decrypt_des_rfb(QCryptoCipher *cipher, return 0; } - -static int qcrypto_cipher_setiv_des_rfb(QCryptoCipher *cipher, - const uint8_t *iv, size_t niv, - Error **errp) -{ - error_setg(errp, "Setting IV is not supported"); - return -1; -} - - -static QCryptoCipher * -qcrypto_cipher_init_des_rfb(QCryptoCipherMode mode, - const uint8_t *key, size_t nkey, - Error **errp) -{ - QCryptoCipherBuiltin *ctxt; - - if (mode != QCRYPTO_CIPHER_MODE_ECB) { - error_setg(errp, "Unsupported cipher mode %s", - QCryptoCipherMode_str(mode)); - return NULL; - } - - ctxt = g_new0(QCryptoCipherBuiltin, 1); - - ctxt->state.desrfb.key = g_new0(uint8_t, nkey); - memcpy(ctxt->state.desrfb.key, key, nkey); - ctxt->state.desrfb.nkey = nkey; - - ctxt->blocksize = 8; - ctxt->free = qcrypto_cipher_free_des_rfb; - ctxt->setiv = qcrypto_cipher_setiv_des_rfb; - ctxt->encrypt = qcrypto_cipher_encrypt_des_rfb; - ctxt->decrypt = qcrypto_cipher_decrypt_des_rfb; - - ctxt->base.driver = &qcrypto_cipher_lib_driver; - return &ctxt->base; -} - +static const struct QCryptoCipherDriver qcrypto_cipher_des_rfb_driver = { + .cipher_encrypt = qcrypto_cipher_encrypt_des_rfb, + .cipher_decrypt = qcrypto_cipher_decrypt_des_rfb, + .cipher_setiv = qcrypto_cipher_no_setiv, + .cipher_free = qcrypto_cipher_ctx_free, +}; bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, QCryptoCipherMode mode) { switch (alg) { case QCRYPTO_CIPHER_ALG_DES_RFB: + return mode == QCRYPTO_CIPHER_MODE_ECB; case QCRYPTO_CIPHER_ALG_AES_128: case QCRYPTO_CIPHER_ALG_AES_192: case QCRYPTO_CIPHER_ALG_AES_256: + switch (mode) { + case QCRYPTO_CIPHER_MODE_ECB: + case QCRYPTO_CIPHER_MODE_CBC: + case QCRYPTO_CIPHER_MODE_XTS: + return true; + default: + return false; + } break; default: return false; } - - switch (mode) { - case QCRYPTO_CIPHER_MODE_ECB: - case QCRYPTO_CIPHER_MODE_CBC: - case QCRYPTO_CIPHER_MODE_XTS: - return true; - case QCRYPTO_CIPHER_MODE_CTR: - return false; - default: - return false; - } } - static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg, QCryptoCipherMode mode, const uint8_t *key, size_t nkey, Error **errp) { - switch (mode) { - case QCRYPTO_CIPHER_MODE_ECB: - case QCRYPTO_CIPHER_MODE_CBC: - case QCRYPTO_CIPHER_MODE_XTS: - break; - default: - error_setg(errp, "Unsupported cipher mode %s", - QCryptoCipherMode_str(mode)); - return NULL; - } - if (!qcrypto_cipher_validate_key_length(alg, mode, nkey, errp)) { return NULL; } switch (alg) { case QCRYPTO_CIPHER_ALG_DES_RFB: - return qcrypto_cipher_init_des_rfb(mode, key, nkey, errp); + if (mode == QCRYPTO_CIPHER_MODE_ECB) { + QCryptoCipherBuiltinDESRFB *ctx; + + ctx = g_new0(QCryptoCipherBuiltinDESRFB, 1); + ctx->base.driver = &qcrypto_cipher_des_rfb_driver; + memcpy(ctx->key, key, sizeof(ctx->key)); + + return &ctx->base; + } + goto bad_mode; + case QCRYPTO_CIPHER_ALG_AES_128: case QCRYPTO_CIPHER_ALG_AES_192: case QCRYPTO_CIPHER_ALG_AES_256: - return qcrypto_cipher_init_aes(mode, key, nkey, errp); + { + QCryptoCipherBuiltinAES *ctx; + const QCryptoCipherDriver *drv; + + switch (mode) { + case QCRYPTO_CIPHER_MODE_ECB: + drv = &qcrypto_cipher_aes_driver_ecb; + break; + case QCRYPTO_CIPHER_MODE_CBC: + drv = &qcrypto_cipher_aes_driver_cbc; + break; + case QCRYPTO_CIPHER_MODE_XTS: + drv = &qcrypto_cipher_aes_driver_xts; + break; + default: + goto bad_mode; + } + + ctx = g_new0(QCryptoCipherBuiltinAES, 1); + ctx->base.driver = drv; + + if (mode == QCRYPTO_CIPHER_MODE_XTS) { + nkey /= 2; + if (AES_set_encrypt_key(key + nkey, nkey * 8, + &ctx->key_tweak.enc)) { + error_setg(errp, "Failed to set encryption key"); + goto error; + } + if (AES_set_decrypt_key(key + nkey, nkey * 8, + &ctx->key_tweak.dec)) { + error_setg(errp, "Failed to set decryption key"); + goto error; + } + } + if (AES_set_encrypt_key(key, nkey * 8, &ctx->key.enc)) { + error_setg(errp, "Failed to set encryption key"); + goto error; + } + if (AES_set_decrypt_key(key, nkey * 8, &ctx->key.dec)) { + error_setg(errp, "Failed to set decryption key"); + goto error; + } + + return &ctx->base; + + error: + g_free(ctx); + return NULL; + } + default: error_setg(errp, "Unsupported cipher algorithm %s", QCryptoCipherAlgorithm_str(alg)); return NULL; } -} - -static void -qcrypto_builtin_cipher_ctx_free(QCryptoCipher *cipher) -{ - QCryptoCipherBuiltin *ctxt - = container_of(cipher, QCryptoCipherBuiltin, base); - - ctxt->free(cipher); -} - -static int -qcrypto_builtin_cipher_encrypt(QCryptoCipher *cipher, - const void *in, - void *out, - size_t len, - Error **errp) -{ - QCryptoCipherBuiltin *ctxt - = container_of(cipher, QCryptoCipherBuiltin, base); - - if (len & (ctxt->blocksize - 1)) { - error_setg(errp, "Length %zu must be a multiple of block size %zu", - len, ctxt->blocksize); - return -1; - } - - return ctxt->encrypt(cipher, in, out, len, errp); -} - - -static int -qcrypto_builtin_cipher_decrypt(QCryptoCipher *cipher, - const void *in, - void *out, - size_t len, - Error **errp) -{ - QCryptoCipherBuiltin *ctxt - = container_of(cipher, QCryptoCipherBuiltin, base); - - if (len & (ctxt->blocksize - 1)) { - error_setg(errp, "Length %zu must be a multiple of block size %zu", - len, ctxt->blocksize); - return -1; - } - - return ctxt->decrypt(cipher, in, out, len, errp); -} - - -static int -qcrypto_builtin_cipher_setiv(QCryptoCipher *cipher, - const uint8_t *iv, size_t niv, - Error **errp) -{ - QCryptoCipherBuiltin *ctxt - = container_of(cipher, QCryptoCipherBuiltin, base); - - return ctxt->setiv(cipher, iv, niv, errp); + bad_mode: + error_setg(errp, "Unsupported cipher mode %s", + QCryptoCipherMode_str(mode)); + return NULL; } - - -static const struct QCryptoCipherDriver qcrypto_cipher_lib_driver = { - .cipher_encrypt = qcrypto_builtin_cipher_encrypt, - .cipher_decrypt = qcrypto_builtin_cipher_decrypt, - .cipher_setiv = qcrypto_builtin_cipher_setiv, - .cipher_free = qcrypto_builtin_cipher_ctx_free, -}; From patchwork Thu Sep 10 10:06:22 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 249597 Delivered-To: patch@linaro.org Received: by 2002:a17:906:6011:0:0:0:0 with SMTP id o17csp1244629ejj; Thu, 10 Sep 2020 03:17:25 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwMfd0gW0KoQnzaZJ1WaM2ezE6l+L62MiCPbw/0AAXQwIWlcb8KT2B95xON29KwkgFDIMzz X-Received: by 2002:a25:bc82:: with SMTP id e2mr10962722ybk.435.1599733045129; Thu, 10 Sep 2020 03:17:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1599733045; cv=none; d=google.com; s=arc-20160816; b=FMMK+oRVp+0e+3Zk3xV7lOwXw67NjIWi8itdxFkmyaBpWu2n1TxCkYfyzz0S9ox5+C fPloRGnZCPqC71SSm/Fn3kr7eBRbMA6Am+a1SRaX+qa7EqDlWTrVHc/MJwOvIdL9YV3A 4ElV6HlhMvmy2PJD3G8eaPr9yK9l/5Yjs7FDVz/Gl0NCCCfMGYqcQu7bmetmSAFgVr9z L/hN71LCSJL8C5OGCxfMatzMURhtUlPjeptvK82Iq4ZrC5c8Rf7J4KTB5gsCylDqLMhV /Gsi8Jk6CQRPVT17YqA1YhEVbdCBddnJJcVcagZxTqwTgIsn3P0K6YM48K7QtzBYZPZv DW8w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:to:from :dkim-signature; bh=73HHEIGlY/hZctJZLMHHG3WOSHX3jrqwZpdOvpAJYoA=; b=ZZHRh5M9jLKLwLnXhZ7A7n6+Wmj7BRI1Lk/ofllOnbqZeo/yT6ZLVA8lVbP8kSqzqd FxKm8daWDFvfewigCn4WtxugEpm3i/2zoe+vszlbbjvcOJNPPOoCUlth4FsjqcXkUgYN iGFsikFXQvsXG93Pu2trmHsz5IMV1ngSTGzymB/rDMFtt1WVDa+sqL6W+Ed5qEmUG9sV LZzGk4qZj0nPuL6w2nolR42crb4I94KvvlLiq2CldyrZ+1N7dxVsPLvVo9Y3W8ulirQ4 fRsKD2fT47E5cjjC3u4xlwFikIt6HR0hrkle8x1VWuOC/RMCaUkf7LeNR5cR+qx4PRie 3siQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@redhat.com header.s=mimecast20190719 header.b=IjT4U6DH; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id c6si5171279ybk.112.2020.09.10.03.17.24 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 10 Sep 2020 03:17:25 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=fail header.i=@redhat.com header.s=mimecast20190719 header.b=IjT4U6DH; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from localhost ([::1]:34944 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kGJds-0003iW-FE for patch@linaro.org; Thu, 10 Sep 2020 06:17:24 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:43824) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kGJTm-0000mK-43 for qemu-devel@nongnu.org; Thu, 10 Sep 2020 06:06:58 -0400 Received: from us-smtp-delivery-1.mimecast.com ([207.211.31.120]:54334 helo=us-smtp-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1kGJTi-0007ji-0D for qemu-devel@nongnu.org; Thu, 10 Sep 2020 06:06:57 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1599732413; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=73HHEIGlY/hZctJZLMHHG3WOSHX3jrqwZpdOvpAJYoA=; b=IjT4U6DHRGK6MX15WIiJwCeWK4sL6PXwG6y6qoOfdEm3HfDaud5VmsvuUVuRGJnEvqcSQU 2DRUJOJUenloqYE1RS3AXjZVmxBEJiJlXYj4TgIUKRXvh2TGoNZqiXUQwsEfP7Du6DXdiD e2j375RkrP69F2eLw0HUM28Hn1lMTpk= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-573-kMd-53VOOuCU902WfeGRIQ-1; Thu, 10 Sep 2020 06:06:51 -0400 X-MC-Unique: kMd-53VOOuCU902WfeGRIQ-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id F22948018A1; Thu, 10 Sep 2020 10:06:49 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-112-4.ams2.redhat.com [10.36.112.4]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4EC101002D41; Thu, 10 Sep 2020 10:06:48 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 16/17] crypto/nettle: Split QCryptoCipherNettle into subclasses Date: Thu, 10 Sep 2020 11:06:22 +0100 Message-Id: <20200910100623.1088965-17-berrange@redhat.com> In-Reply-To: <20200910100623.1088965-1-berrange@redhat.com> References: <20200910100623.1088965-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0.002 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=207.211.31.120; envelope-from=berrange@redhat.com; helo=us-smtp-1.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/09/10 03:02:23 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Henderson , =?utf-8?q?Daniel_P?= =?utf-8?b?LiBCZXJyYW5nw6k=?= Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" From: Richard Henderson Use separate classes for each cipher entry point: des_rfb, des3, aes128, aes192, aes256, cast128, serpent, and twofish. Generate wrappers for XTS only for CONFIG_QEMU_PRIVATE_XTS. This eliminates unreachable wrappers for DES_RFB, DES3 and CAST128, which have blocksizes that do not allow XTS mode. Signed-off-by: Richard Henderson Signed-off-by: Daniel P. Berrangé --- crypto/cipher-nettle.c.inc | 999 +++++++++++++++++++------------------ 1 file changed, 511 insertions(+), 488 deletions(-) -- 2.26.2 diff --git a/crypto/cipher-nettle.c.inc b/crypto/cipher-nettle.c.inc index 36d57ef430..cac771e4ff 100644 --- a/crypto/cipher-nettle.c.inc +++ b/crypto/cipher-nettle.c.inc @@ -34,8 +34,6 @@ #include #endif -static const struct QCryptoCipherDriver qcrypto_cipher_lib_driver; - typedef void (*QCryptoCipherNettleFuncWrapper)(const void *ctx, size_t length, uint8_t *dst, @@ -45,6 +43,7 @@ typedef void (*QCryptoCipherNettleFuncWrapper)(const void *ctx, typedef nettle_crypt_func * QCryptoCipherNettleFuncNative; typedef void * cipher_ctx_t; typedef unsigned cipher_length_t; +#define CONST_CTX #define cast5_set_key cast128_set_key @@ -73,64 +72,215 @@ typedef unsigned cipher_length_t; typedef nettle_cipher_func * QCryptoCipherNettleFuncNative; typedef const void * cipher_ctx_t; typedef size_t cipher_length_t; +#define CONST_CTX const #endif -typedef struct QCryptoNettleAES128 { - struct aes128_ctx enc; - struct aes128_ctx dec; -} QCryptoNettleAES128; - -typedef struct QCryptoNettleAES192 { - struct aes192_ctx enc; - struct aes192_ctx dec; -} QCryptoNettleAES192; - -typedef struct QCryptoNettleAES256 { - struct aes256_ctx enc; - struct aes256_ctx dec; -} QCryptoNettleAES256; - -static void aes128_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, - uint8_t *dst, const uint8_t *src) +static inline bool qcrypto_length_check(size_t len, size_t blocksize, + Error **errp) { - const QCryptoNettleAES128 *aesctx = ctx; - aes128_encrypt(&aesctx->enc, length, dst, src); + if (unlikely(len & (blocksize - 1))) { + error_setg(errp, "Length %zu must be a multiple of block size %zu", + len, blocksize); + return false; + } + return true; } -static void aes128_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, - uint8_t *dst, const uint8_t *src) -{ - const QCryptoNettleAES128 *aesctx = ctx; - aes128_decrypt(&aesctx->dec, length, dst, src); -} -static void aes192_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, - uint8_t *dst, const uint8_t *src) +static void qcrypto_cipher_ctx_free(QCryptoCipher *ctx) { - const QCryptoNettleAES192 *aesctx = ctx; - aes192_encrypt(&aesctx->enc, length, dst, src); + g_free(ctx); } -static void aes192_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, - uint8_t *dst, const uint8_t *src) -{ - const QCryptoNettleAES192 *aesctx = ctx; - aes192_decrypt(&aesctx->dec, length, dst, src); -} +static int qcrypto_cipher_no_setiv(QCryptoCipher *cipher, + const uint8_t *iv, size_t niv, + Error **errp) +{ + error_setg(errp, "Setting IV is not supported"); + return -1; +} + + +#define DEFINE_SETIV(NAME, TYPE, BLEN) \ +static int NAME##_setiv(QCryptoCipher *cipher, const uint8_t *iv, \ + size_t niv, Error **errp) \ +{ \ + TYPE *ctx = container_of(cipher, TYPE, base); \ + if (niv != BLEN) { \ + error_setg(errp, "Expected IV size %d not %zu", BLEN, niv); \ + return -1; \ + } \ + memcpy(ctx->iv, iv, niv); \ + return 0; \ +} + + +#define DEFINE_ECB(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ +static int NAME##_encrypt_ecb(QCryptoCipher *cipher, const void *in, \ + void *out, size_t len, Error **errp) \ +{ \ + TYPE *ctx = container_of(cipher, TYPE, base); \ + if (!qcrypto_length_check(len, BLEN, errp)) { \ + return -1; \ + } \ + ENCRYPT(&ctx->key, len, out, in); \ + return 0; \ +} \ +static int NAME##_decrypt_ecb(QCryptoCipher *cipher, const void *in, \ + void *out, size_t len, Error **errp) \ +{ \ + TYPE *ctx = container_of(cipher, TYPE, base); \ + if (!qcrypto_length_check(len, BLEN, errp)) { \ + return -1; \ + } \ + DECRYPT(&ctx->key, len, out, in); \ + return 0; \ +} \ +static const struct QCryptoCipherDriver NAME##_driver_ecb = { \ + .cipher_encrypt = NAME##_encrypt_ecb, \ + .cipher_decrypt = NAME##_decrypt_ecb, \ + .cipher_setiv = qcrypto_cipher_no_setiv, \ + .cipher_free = qcrypto_cipher_ctx_free, \ +}; -static void aes256_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, - uint8_t *dst, const uint8_t *src) -{ - const QCryptoNettleAES256 *aesctx = ctx; - aes256_encrypt(&aesctx->enc, length, dst, src); -} -static void aes256_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, - uint8_t *dst, const uint8_t *src) -{ - const QCryptoNettleAES256 *aesctx = ctx; - aes256_decrypt(&aesctx->dec, length, dst, src); +#define DEFINE_CBC(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ +static int NAME##_encrypt_cbc(QCryptoCipher *cipher, const void *in, \ + void *out, size_t len, Error **errp) \ +{ \ + TYPE *ctx = container_of(cipher, TYPE, base); \ + if (!qcrypto_length_check(len, BLEN, errp)) { \ + return -1; \ + } \ + cbc_encrypt(&ctx->key, ENCRYPT, BLEN, ctx->iv, len, out, in); \ + return 0; \ +} \ +static int NAME##_decrypt_cbc(QCryptoCipher *cipher, const void *in, \ + void *out, size_t len, Error **errp) \ +{ \ + TYPE *ctx = container_of(cipher, TYPE, base); \ + if (!qcrypto_length_check(len, BLEN, errp)) { \ + return -1; \ + } \ + cbc_decrypt(&ctx->key, DECRYPT, BLEN, ctx->iv, len, out, in); \ + return 0; \ +} \ +static const struct QCryptoCipherDriver NAME##_driver_cbc = { \ + .cipher_encrypt = NAME##_encrypt_cbc, \ + .cipher_decrypt = NAME##_decrypt_cbc, \ + .cipher_setiv = NAME##_setiv, \ + .cipher_free = qcrypto_cipher_ctx_free, \ +}; + + +#define DEFINE_CTR(NAME, TYPE, BLEN, ENCRYPT) \ +static int NAME##_encrypt_ctr(QCryptoCipher *cipher, const void *in, \ + void *out, size_t len, Error **errp) \ +{ \ + TYPE *ctx = container_of(cipher, TYPE, base); \ + if (!qcrypto_length_check(len, BLEN, errp)) { \ + return -1; \ + } \ + ctr_crypt(&ctx->key, ENCRYPT, BLEN, ctx->iv, len, out, in); \ + return 0; \ +} \ +static const struct QCryptoCipherDriver NAME##_driver_ctr = { \ + .cipher_encrypt = NAME##_encrypt_ctr, \ + .cipher_decrypt = NAME##_encrypt_ctr, \ + .cipher_setiv = NAME##_setiv, \ + .cipher_free = qcrypto_cipher_ctx_free, \ +}; + + +#ifdef CONFIG_QEMU_PRIVATE_XTS +#define DEFINE__XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ +static void NAME##_xts_wrape(const void *ctx, size_t length, \ + uint8_t *dst, const uint8_t *src) \ +{ \ + ENCRYPT((cipher_ctx_t)ctx, length, dst, src); \ +} \ +static void NAME##_xts_wrapd(const void *ctx, size_t length, \ + uint8_t *dst, const uint8_t *src) \ +{ \ + DECRYPT((cipher_ctx_t)ctx, length, dst, src); \ +} \ +static int NAME##_encrypt_xts(QCryptoCipher *cipher, const void *in, \ + void *out, size_t len, Error **errp) \ +{ \ + TYPE *ctx = container_of(cipher, TYPE, base); \ + if (!qcrypto_length_check(len, BLEN, errp)) { \ + return -1; \ + } \ + xts_encrypt(&ctx->key, &ctx->key_xts, \ + NAME##_xts_wrape, NAME##_xts_wrapd, \ + ctx->iv, len, out, in); \ + return 0; \ +} \ +static int NAME##_decrypt_xts(QCryptoCipher *cipher, const void *in, \ + void *out, size_t len, Error **errp) \ +{ \ + TYPE *ctx = container_of(cipher, TYPE, base); \ + if (!qcrypto_length_check(len, BLEN, errp)) { \ + return -1; \ + } \ + xts_decrypt(&ctx->key, &ctx->key_xts, \ + NAME##_xts_wrape, NAME##_xts_wrapd, \ + ctx->iv, len, out, in); \ + return 0; \ +} +#else +#define DEFINE__XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ +static int NAME##_encrypt_xts(QCryptoCipher *cipher, const void *in, \ + void *out, size_t len, Error **errp) \ +{ \ + TYPE *ctx = container_of(cipher, TYPE, base); \ + if (!qcrypto_length_check(len, BLEN, errp)) { \ + return -1; \ + } \ + xts_encrypt_message(&ctx->key, &ctx->key_xts, ENCRYPT, \ + ctx->iv, len, out, in); \ + return 0; \ +} \ +static int NAME##_decrypt_xts(QCryptoCipher *cipher, const void *in, \ + void *out, size_t len, Error **errp) \ +{ \ + TYPE *ctx = container_of(cipher, TYPE, base); \ + if (!qcrypto_length_check(len, BLEN, errp)) { \ + return -1; \ + } \ + xts_decrypt_message(&ctx->key, &ctx->key_xts, DECRYPT, ENCRYPT, \ + ctx->iv, len, out, in); \ + return 0; \ } +#endif + +#define DEFINE_XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ + QEMU_BUILD_BUG_ON(BLEN != XTS_BLOCK_SIZE); \ + DEFINE__XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ +static const struct QCryptoCipherDriver NAME##_driver_xts = { \ + .cipher_encrypt = NAME##_encrypt_xts, \ + .cipher_decrypt = NAME##_decrypt_xts, \ + .cipher_setiv = NAME##_setiv, \ + .cipher_free = qcrypto_cipher_ctx_free, \ +}; + + +#define DEFINE_ECB_CBC_CTR(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ + DEFINE_SETIV(NAME, TYPE, BLEN) \ + DEFINE_ECB(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ + DEFINE_CBC(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ + DEFINE_CTR(NAME, TYPE, BLEN, ENCRYPT) + +#define DEFINE_ECB_CBC_CTR_XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ + DEFINE_ECB_CBC_CTR(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ + DEFINE_XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) + + +typedef struct QCryptoNettleDESRFB { + QCryptoCipher base; + struct des_ctx key; + uint8_t iv[DES_BLOCK_SIZE]; +} QCryptoNettleDESRFB; static void des_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, uint8_t *dst, const uint8_t *src) @@ -144,6 +294,16 @@ static void des_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, des_decrypt(ctx, length, dst, src); } +DEFINE_ECB_CBC_CTR(qcrypto_nettle_des_rfb, QCryptoNettleDESRFB, + DES_BLOCK_SIZE, des_encrypt_native, des_decrypt_native) + + +typedef struct QCryptoNettleDES3 { + QCryptoCipher base; + struct des3_ctx key; + uint8_t iv[DES3_BLOCK_SIZE]; +} QCryptoNettleDES3; + static void des3_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, uint8_t *dst, const uint8_t *src) { @@ -156,161 +316,157 @@ static void des3_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, des3_decrypt(ctx, length, dst, src); } -static void cast128_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, - uint8_t *dst, const uint8_t *src) -{ - cast128_encrypt(ctx, length, dst, src); -} +DEFINE_ECB_CBC_CTR(qcrypto_nettle_des3, QCryptoNettleDES3, DES3_BLOCK_SIZE, + des3_encrypt_native, des3_decrypt_native) -static void cast128_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, - uint8_t *dst, const uint8_t *src) -{ - cast128_decrypt(ctx, length, dst, src); -} -static void serpent_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, - uint8_t *dst, const uint8_t *src) -{ - serpent_encrypt(ctx, length, dst, src); -} +typedef struct QCryptoNettleAES128 { + QCryptoCipher base; + uint8_t iv[AES_BLOCK_SIZE]; + /* First key from pair is encode, second key is decode. */ + struct aes128_ctx key[2], key_xts[2]; +} QCryptoNettleAES128; -static void serpent_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, - uint8_t *dst, const uint8_t *src) +static void aes128_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, + uint8_t *dst, const uint8_t *src) { - serpent_decrypt(ctx, length, dst, src); + CONST_CTX struct aes128_ctx *keys = ctx; + aes128_encrypt(&keys[0], length, dst, src); } -static void twofish_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, - uint8_t *dst, const uint8_t *src) +static void aes128_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, + uint8_t *dst, const uint8_t *src) { - twofish_encrypt(ctx, length, dst, src); + CONST_CTX struct aes128_ctx *keys = ctx; + aes128_decrypt(&keys[1], length, dst, src); } -static void twofish_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, - uint8_t *dst, const uint8_t *src) -{ - twofish_decrypt(ctx, length, dst, src); -} +DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_aes128, + QCryptoNettleAES128, AES_BLOCK_SIZE, + aes128_encrypt_native, aes128_decrypt_native) -static void aes128_encrypt_wrapper(const void *ctx, size_t length, - uint8_t *dst, const uint8_t *src) -{ - const QCryptoNettleAES128 *aesctx = ctx; - aes128_encrypt(&aesctx->enc, length, dst, src); -} -static void aes128_decrypt_wrapper(const void *ctx, size_t length, - uint8_t *dst, const uint8_t *src) -{ - const QCryptoNettleAES128 *aesctx = ctx; - aes128_decrypt(&aesctx->dec, length, dst, src); -} +typedef struct QCryptoNettleAES192 { + QCryptoCipher base; + uint8_t iv[AES_BLOCK_SIZE]; + /* First key from pair is encode, second key is decode. */ + struct aes192_ctx key[2], key_xts[2]; +} QCryptoNettleAES192; -static void aes192_encrypt_wrapper(const void *ctx, size_t length, - uint8_t *dst, const uint8_t *src) +static void aes192_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, + uint8_t *dst, const uint8_t *src) { - const QCryptoNettleAES192 *aesctx = ctx; - aes192_encrypt(&aesctx->enc, length, dst, src); + CONST_CTX struct aes192_ctx *keys = ctx; + aes192_encrypt(&keys[0], length, dst, src); } -static void aes192_decrypt_wrapper(const void *ctx, size_t length, - uint8_t *dst, const uint8_t *src) +static void aes192_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, + uint8_t *dst, const uint8_t *src) { - const QCryptoNettleAES192 *aesctx = ctx; - aes192_decrypt(&aesctx->dec, length, dst, src); + CONST_CTX struct aes192_ctx *keys = ctx; + aes192_decrypt(&keys[1], length, dst, src); } -static void aes256_encrypt_wrapper(const void *ctx, size_t length, - uint8_t *dst, const uint8_t *src) -{ - const QCryptoNettleAES256 *aesctx = ctx; - aes256_encrypt(&aesctx->enc, length, dst, src); -} +DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_aes192, + QCryptoNettleAES192, AES_BLOCK_SIZE, + aes192_encrypt_native, aes192_decrypt_native) -static void aes256_decrypt_wrapper(const void *ctx, size_t length, - uint8_t *dst, const uint8_t *src) -{ - const QCryptoNettleAES256 *aesctx = ctx; - aes256_decrypt(&aesctx->dec, length, dst, src); -} -static void des_encrypt_wrapper(const void *ctx, size_t length, - uint8_t *dst, const uint8_t *src) -{ - des_encrypt(ctx, length, dst, src); -} +typedef struct QCryptoNettleAES256 { + QCryptoCipher base; + uint8_t iv[AES_BLOCK_SIZE]; + /* First key from pair is encode, second key is decode. */ + struct aes256_ctx key[2], key_xts[2]; +} QCryptoNettleAES256; -static void des_decrypt_wrapper(const void *ctx, size_t length, - uint8_t *dst, const uint8_t *src) +static void aes256_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, + uint8_t *dst, const uint8_t *src) { - des_decrypt(ctx, length, dst, src); + CONST_CTX struct aes256_ctx *keys = ctx; + aes256_encrypt(&keys[0], length, dst, src); } -static void des3_encrypt_wrapper(const void *ctx, size_t length, - uint8_t *dst, const uint8_t *src) +static void aes256_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, + uint8_t *dst, const uint8_t *src) { - des3_encrypt(ctx, length, dst, src); + CONST_CTX struct aes256_ctx *keys = ctx; + aes256_decrypt(&keys[1], length, dst, src); } -static void des3_decrypt_wrapper(const void *ctx, size_t length, - uint8_t *dst, const uint8_t *src) -{ - des3_decrypt(ctx, length, dst, src); -} +DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_aes256, + QCryptoNettleAES256, AES_BLOCK_SIZE, + aes256_encrypt_native, aes256_decrypt_native) -static void cast128_encrypt_wrapper(const void *ctx, size_t length, - uint8_t *dst, const uint8_t *src) + +typedef struct QCryptoNettleCAST128 { + QCryptoCipher base; + uint8_t iv[CAST128_BLOCK_SIZE]; + struct cast128_ctx key, key_xts; +} QCryptoNettleCAST128; + +static void cast128_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, + uint8_t *dst, const uint8_t *src) { cast128_encrypt(ctx, length, dst, src); } -static void cast128_decrypt_wrapper(const void *ctx, size_t length, - uint8_t *dst, const uint8_t *src) +static void cast128_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, + uint8_t *dst, const uint8_t *src) { cast128_decrypt(ctx, length, dst, src); } -static void serpent_encrypt_wrapper(const void *ctx, size_t length, - uint8_t *dst, const uint8_t *src) +DEFINE_ECB_CBC_CTR(qcrypto_nettle_cast128, + QCryptoNettleCAST128, CAST128_BLOCK_SIZE, + cast128_encrypt_native, cast128_decrypt_native) + + +typedef struct QCryptoNettleSerpent { + QCryptoCipher base; + uint8_t iv[SERPENT_BLOCK_SIZE]; + struct serpent_ctx key, key_xts; +} QCryptoNettleSerpent; + + +static void serpent_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, + uint8_t *dst, const uint8_t *src) { serpent_encrypt(ctx, length, dst, src); } -static void serpent_decrypt_wrapper(const void *ctx, size_t length, - uint8_t *dst, const uint8_t *src) +static void serpent_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, + uint8_t *dst, const uint8_t *src) { serpent_decrypt(ctx, length, dst, src); } -static void twofish_encrypt_wrapper(const void *ctx, size_t length, - uint8_t *dst, const uint8_t *src) +DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_serpent, + QCryptoNettleSerpent, SERPENT_BLOCK_SIZE, + serpent_encrypt_native, serpent_decrypt_native) + + +typedef struct QCryptoNettleTwofish { + QCryptoCipher base; + uint8_t iv[TWOFISH_BLOCK_SIZE]; + struct twofish_ctx key, key_xts; +} QCryptoNettleTwofish; + +static void twofish_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, + uint8_t *dst, const uint8_t *src) { twofish_encrypt(ctx, length, dst, src); } -static void twofish_decrypt_wrapper(const void *ctx, size_t length, - uint8_t *dst, const uint8_t *src) +static void twofish_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, + uint8_t *dst, const uint8_t *src) { twofish_decrypt(ctx, length, dst, src); } -typedef struct QCryptoCipherNettle QCryptoCipherNettle; -struct QCryptoCipherNettle { - QCryptoCipher base; +DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_twofish, + QCryptoNettleTwofish, TWOFISH_BLOCK_SIZE, + twofish_encrypt_native, twofish_decrypt_native) - /* Primary cipher context for all modes */ - void *ctx; - /* Second cipher context for XTS mode only */ - void *ctx_tweak; - /* Cipher callbacks for both contexts */ - QCryptoCipherNettleFuncNative alg_encrypt_native; - QCryptoCipherNettleFuncNative alg_decrypt_native; - QCryptoCipherNettleFuncWrapper alg_encrypt_wrapper; - QCryptoCipherNettleFuncWrapper alg_decrypt_wrapper; - /* Initialization vector or Counter */ - uint8_t *iv; - size_t blocksize; -}; bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, QCryptoCipherMode mode) @@ -344,30 +500,12 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, } } - -static void -qcrypto_nettle_cipher_free_ctx(QCryptoCipherNettle *ctx) -{ - if (!ctx) { - return; - } - - g_free(ctx->iv); - g_free(ctx->ctx); - g_free(ctx->ctx_tweak); - g_free(ctx); -} - - static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg, QCryptoCipherMode mode, const uint8_t *key, size_t nkey, Error **errp) { - QCryptoCipherNettle *ctx; - uint8_t *rfbkey; - switch (mode) { case QCRYPTO_CIPHER_MODE_ECB: case QCRYPTO_CIPHER_MODE_CBC: @@ -375,363 +513,248 @@ static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg, case QCRYPTO_CIPHER_MODE_CTR: break; default: - error_setg(errp, "Unsupported cipher mode %s", - QCryptoCipherMode_str(mode)); - return NULL; + goto bad_cipher_mode; } if (!qcrypto_cipher_validate_key_length(alg, mode, nkey, errp)) { return NULL; } - ctx = g_new0(QCryptoCipherNettle, 1); - switch (alg) { case QCRYPTO_CIPHER_ALG_DES_RFB: - ctx->ctx = g_new0(struct des_ctx, 1); - rfbkey = qcrypto_cipher_munge_des_rfb_key(key, nkey); - des_set_key(ctx->ctx, rfbkey); - g_free(rfbkey); - - ctx->alg_encrypt_native = des_encrypt_native; - ctx->alg_decrypt_native = des_decrypt_native; - ctx->alg_encrypt_wrapper = des_encrypt_wrapper; - ctx->alg_decrypt_wrapper = des_decrypt_wrapper; - - ctx->blocksize = DES_BLOCK_SIZE; - break; + { + QCryptoNettleDESRFB *ctx; + const QCryptoCipherDriver *drv; + uint8_t *rfbkey; + + switch (mode) { + case QCRYPTO_CIPHER_MODE_ECB: + drv = &qcrypto_nettle_des_rfb_driver_ecb; + break; + case QCRYPTO_CIPHER_MODE_CBC: + drv = &qcrypto_nettle_des_rfb_driver_cbc; + break; + case QCRYPTO_CIPHER_MODE_CTR: + drv = &qcrypto_nettle_des_rfb_driver_ctr; + break; + default: + goto bad_cipher_mode; + } + + ctx = g_new0(QCryptoNettleDESRFB, 1); + ctx->base.driver = drv; + + rfbkey = qcrypto_cipher_munge_des_rfb_key(key, nkey); + des_set_key(&ctx->key, rfbkey); + g_free(rfbkey); + + return &ctx->base; + } case QCRYPTO_CIPHER_ALG_3DES: - ctx->ctx = g_new0(struct des3_ctx, 1); - des3_set_key(ctx->ctx, key); - - ctx->alg_encrypt_native = des3_encrypt_native; - ctx->alg_decrypt_native = des3_decrypt_native; - ctx->alg_encrypt_wrapper = des3_encrypt_wrapper; - ctx->alg_decrypt_wrapper = des3_decrypt_wrapper; - - ctx->blocksize = DES3_BLOCK_SIZE; - break; + { + QCryptoNettleDES3 *ctx; + const QCryptoCipherDriver *drv; + + switch (mode) { + case QCRYPTO_CIPHER_MODE_ECB: + drv = &qcrypto_nettle_des3_driver_ecb; + break; + case QCRYPTO_CIPHER_MODE_CBC: + drv = &qcrypto_nettle_des3_driver_cbc; + break; + case QCRYPTO_CIPHER_MODE_CTR: + drv = &qcrypto_nettle_des3_driver_ctr; + break; + default: + goto bad_cipher_mode; + } + + ctx = g_new0(QCryptoNettleDES3, 1); + ctx->base.driver = drv; + des3_set_key(&ctx->key, key); + return &ctx->base; + } case QCRYPTO_CIPHER_ALG_AES_128: - ctx->ctx = g_new0(QCryptoNettleAES128, 1); - - if (mode == QCRYPTO_CIPHER_MODE_XTS) { - ctx->ctx_tweak = g_new0(QCryptoNettleAES128, 1); - - nkey /= 2; - aes128_set_encrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->enc, - key); - aes128_set_decrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->dec, - key); - - aes128_set_encrypt_key(&((QCryptoNettleAES128 *)ctx->ctx_tweak)-> - enc, key + nkey); - aes128_set_decrypt_key(&((QCryptoNettleAES128 *)ctx->ctx_tweak)-> - dec, key + nkey); - } else { - aes128_set_encrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->enc, - key); - aes128_set_decrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->dec, - key); + { + QCryptoNettleAES128 *ctx = g_new0(QCryptoNettleAES128, 1); + + switch (mode) { + case QCRYPTO_CIPHER_MODE_ECB: + ctx->base.driver = &qcrypto_nettle_aes128_driver_ecb; + break; + case QCRYPTO_CIPHER_MODE_CBC: + ctx->base.driver = &qcrypto_nettle_aes128_driver_cbc; + break; + case QCRYPTO_CIPHER_MODE_CTR: + ctx->base.driver = &qcrypto_nettle_aes128_driver_ctr; + break; + case QCRYPTO_CIPHER_MODE_XTS: + ctx->base.driver = &qcrypto_nettle_aes128_driver_xts; + nkey /= 2; + aes128_set_encrypt_key(&ctx->key_xts[0], key + nkey); + aes128_set_decrypt_key(&ctx->key_xts[1], key + nkey); + break; + default: + g_assert_not_reached(); + } + aes128_set_encrypt_key(&ctx->key[0], key); + aes128_set_decrypt_key(&ctx->key[1], key); + + return &ctx->base; } - ctx->alg_encrypt_native = aes128_encrypt_native; - ctx->alg_decrypt_native = aes128_decrypt_native; - ctx->alg_encrypt_wrapper = aes128_encrypt_wrapper; - ctx->alg_decrypt_wrapper = aes128_decrypt_wrapper; - - ctx->blocksize = AES_BLOCK_SIZE; - break; - case QCRYPTO_CIPHER_ALG_AES_192: - ctx->ctx = g_new0(QCryptoNettleAES192, 1); - - if (mode == QCRYPTO_CIPHER_MODE_XTS) { - ctx->ctx_tweak = g_new0(QCryptoNettleAES192, 1); - - nkey /= 2; - aes192_set_encrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->enc, - key); - aes192_set_decrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->dec, - key); - - aes192_set_encrypt_key(&((QCryptoNettleAES192 *)ctx->ctx_tweak)-> - enc, key + nkey); - aes192_set_decrypt_key(&((QCryptoNettleAES192 *)ctx->ctx_tweak)-> - dec, key + nkey); - } else { - aes192_set_encrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->enc, - key); - aes192_set_decrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->dec, - key); + { + QCryptoNettleAES192 *ctx = g_new0(QCryptoNettleAES192, 1); + + switch (mode) { + case QCRYPTO_CIPHER_MODE_ECB: + ctx->base.driver = &qcrypto_nettle_aes192_driver_ecb; + break; + case QCRYPTO_CIPHER_MODE_CBC: + ctx->base.driver = &qcrypto_nettle_aes192_driver_cbc; + break; + case QCRYPTO_CIPHER_MODE_CTR: + ctx->base.driver = &qcrypto_nettle_aes192_driver_ctr; + break; + case QCRYPTO_CIPHER_MODE_XTS: + ctx->base.driver = &qcrypto_nettle_aes192_driver_xts; + nkey /= 2; + aes192_set_encrypt_key(&ctx->key_xts[0], key + nkey); + aes192_set_decrypt_key(&ctx->key_xts[1], key + nkey); + break; + default: + g_assert_not_reached(); + } + aes192_set_encrypt_key(&ctx->key[0], key); + aes192_set_decrypt_key(&ctx->key[1], key); + + return &ctx->base; } - ctx->alg_encrypt_native = aes192_encrypt_native; - ctx->alg_decrypt_native = aes192_decrypt_native; - ctx->alg_encrypt_wrapper = aes192_encrypt_wrapper; - ctx->alg_decrypt_wrapper = aes192_decrypt_wrapper; - - ctx->blocksize = AES_BLOCK_SIZE; - break; - case QCRYPTO_CIPHER_ALG_AES_256: - ctx->ctx = g_new0(QCryptoNettleAES256, 1); - - if (mode == QCRYPTO_CIPHER_MODE_XTS) { - ctx->ctx_tweak = g_new0(QCryptoNettleAES256, 1); - - nkey /= 2; - aes256_set_encrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->enc, - key); - aes256_set_decrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->dec, - key); - - aes256_set_encrypt_key(&((QCryptoNettleAES256 *)ctx->ctx_tweak)-> - enc, key + nkey); - aes256_set_decrypt_key(&((QCryptoNettleAES256 *)ctx->ctx_tweak)-> - dec, key + nkey); - } else { - aes256_set_encrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->enc, - key); - aes256_set_decrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->dec, - key); + { + QCryptoNettleAES256 *ctx = g_new0(QCryptoNettleAES256, 1); + + switch (mode) { + case QCRYPTO_CIPHER_MODE_ECB: + ctx->base.driver = &qcrypto_nettle_aes256_driver_ecb; + break; + case QCRYPTO_CIPHER_MODE_CBC: + ctx->base.driver = &qcrypto_nettle_aes256_driver_cbc; + break; + case QCRYPTO_CIPHER_MODE_CTR: + ctx->base.driver = &qcrypto_nettle_aes256_driver_ctr; + break; + case QCRYPTO_CIPHER_MODE_XTS: + ctx->base.driver = &qcrypto_nettle_aes256_driver_xts; + nkey /= 2; + aes256_set_encrypt_key(&ctx->key_xts[0], key + nkey); + aes256_set_decrypt_key(&ctx->key_xts[1], key + nkey); + break; + default: + g_assert_not_reached(); + } + aes256_set_encrypt_key(&ctx->key[0], key); + aes256_set_decrypt_key(&ctx->key[1], key); + + return &ctx->base; } - ctx->alg_encrypt_native = aes256_encrypt_native; - ctx->alg_decrypt_native = aes256_decrypt_native; - ctx->alg_encrypt_wrapper = aes256_encrypt_wrapper; - ctx->alg_decrypt_wrapper = aes256_decrypt_wrapper; - - ctx->blocksize = AES_BLOCK_SIZE; - break; - case QCRYPTO_CIPHER_ALG_CAST5_128: - ctx->ctx = g_new0(struct cast128_ctx, 1); - - if (mode == QCRYPTO_CIPHER_MODE_XTS) { - ctx->ctx_tweak = g_new0(struct cast128_ctx, 1); - - nkey /= 2; - cast5_set_key(ctx->ctx, nkey, key); - cast5_set_key(ctx->ctx_tweak, nkey, key + nkey); - } else { - cast5_set_key(ctx->ctx, nkey, key); + { + QCryptoNettleCAST128 *ctx; + const QCryptoCipherDriver *drv; + + switch (mode) { + case QCRYPTO_CIPHER_MODE_ECB: + drv = &qcrypto_nettle_cast128_driver_ecb; + break; + case QCRYPTO_CIPHER_MODE_CBC: + drv = &qcrypto_nettle_cast128_driver_cbc; + break; + case QCRYPTO_CIPHER_MODE_CTR: + drv = &qcrypto_nettle_cast128_driver_ctr; + break; + default: + goto bad_cipher_mode; + } + + ctx = g_new0(QCryptoNettleCAST128, 1); + ctx->base.driver = drv; + cast5_set_key(&ctx->key, nkey, key); + + return &ctx->base; } - ctx->alg_encrypt_native = cast128_encrypt_native; - ctx->alg_decrypt_native = cast128_decrypt_native; - ctx->alg_encrypt_wrapper = cast128_encrypt_wrapper; - ctx->alg_decrypt_wrapper = cast128_decrypt_wrapper; - - ctx->blocksize = CAST128_BLOCK_SIZE; - break; - case QCRYPTO_CIPHER_ALG_SERPENT_128: case QCRYPTO_CIPHER_ALG_SERPENT_192: case QCRYPTO_CIPHER_ALG_SERPENT_256: - ctx->ctx = g_new0(struct serpent_ctx, 1); - - if (mode == QCRYPTO_CIPHER_MODE_XTS) { - ctx->ctx_tweak = g_new0(struct serpent_ctx, 1); - - nkey /= 2; - serpent_set_key(ctx->ctx, nkey, key); - serpent_set_key(ctx->ctx_tweak, nkey, key + nkey); - } else { - serpent_set_key(ctx->ctx, nkey, key); + { + QCryptoNettleSerpent *ctx = g_new0(QCryptoNettleSerpent, 1); + + switch (mode) { + case QCRYPTO_CIPHER_MODE_ECB: + ctx->base.driver = &qcrypto_nettle_serpent_driver_ecb; + break; + case QCRYPTO_CIPHER_MODE_CBC: + ctx->base.driver = &qcrypto_nettle_serpent_driver_cbc; + break; + case QCRYPTO_CIPHER_MODE_CTR: + ctx->base.driver = &qcrypto_nettle_serpent_driver_ctr; + break; + case QCRYPTO_CIPHER_MODE_XTS: + ctx->base.driver = &qcrypto_nettle_serpent_driver_xts; + nkey /= 2; + serpent_set_key(&ctx->key_xts, nkey, key + nkey); + break; + default: + g_assert_not_reached(); + } + serpent_set_key(&ctx->key, nkey, key); + + return &ctx->base; } - ctx->alg_encrypt_native = serpent_encrypt_native; - ctx->alg_decrypt_native = serpent_decrypt_native; - ctx->alg_encrypt_wrapper = serpent_encrypt_wrapper; - ctx->alg_decrypt_wrapper = serpent_decrypt_wrapper; - - ctx->blocksize = SERPENT_BLOCK_SIZE; - break; - case QCRYPTO_CIPHER_ALG_TWOFISH_128: case QCRYPTO_CIPHER_ALG_TWOFISH_192: case QCRYPTO_CIPHER_ALG_TWOFISH_256: - ctx->ctx = g_new0(struct twofish_ctx, 1); - - if (mode == QCRYPTO_CIPHER_MODE_XTS) { - ctx->ctx_tweak = g_new0(struct twofish_ctx, 1); - - nkey /= 2; - twofish_set_key(ctx->ctx, nkey, key); - twofish_set_key(ctx->ctx_tweak, nkey, key + nkey); - } else { - twofish_set_key(ctx->ctx, nkey, key); + { + QCryptoNettleTwofish *ctx = g_new0(QCryptoNettleTwofish, 1); + + switch (mode) { + case QCRYPTO_CIPHER_MODE_ECB: + ctx->base.driver = &qcrypto_nettle_twofish_driver_ecb; + break; + case QCRYPTO_CIPHER_MODE_CBC: + ctx->base.driver = &qcrypto_nettle_twofish_driver_cbc; + break; + case QCRYPTO_CIPHER_MODE_CTR: + ctx->base.driver = &qcrypto_nettle_twofish_driver_ctr; + break; + case QCRYPTO_CIPHER_MODE_XTS: + ctx->base.driver = &qcrypto_nettle_twofish_driver_xts; + nkey /= 2; + twofish_set_key(&ctx->key_xts, nkey, key + nkey); + break; + default: + g_assert_not_reached(); + } + twofish_set_key(&ctx->key, nkey, key); + + return &ctx->base; } - ctx->alg_encrypt_native = twofish_encrypt_native; - ctx->alg_decrypt_native = twofish_decrypt_native; - ctx->alg_encrypt_wrapper = twofish_encrypt_wrapper; - ctx->alg_decrypt_wrapper = twofish_decrypt_wrapper; - - ctx->blocksize = TWOFISH_BLOCK_SIZE; - break; - default: error_setg(errp, "Unsupported cipher algorithm %s", QCryptoCipherAlgorithm_str(alg)); - goto error; - } - g_assert(is_power_of_2(ctx->blocksize)); - - if (mode == QCRYPTO_CIPHER_MODE_XTS && - ctx->blocksize != XTS_BLOCK_SIZE) { - error_setg(errp, "Cipher block size %zu must equal XTS block size %d", - ctx->blocksize, XTS_BLOCK_SIZE); - goto error; + return NULL; } - ctx->iv = g_new0(uint8_t, ctx->blocksize); - - ctx->base.driver = &qcrypto_cipher_lib_driver; - return &ctx->base; - - error: - qcrypto_nettle_cipher_free_ctx(ctx); + bad_cipher_mode: + error_setg(errp, "Unsupported cipher mode %s", + QCryptoCipherMode_str(mode)); return NULL; } - - -static void -qcrypto_nettle_cipher_ctx_free(QCryptoCipher *cipher) -{ - QCryptoCipherNettle *ctx = container_of(cipher, QCryptoCipherNettle, base); - - qcrypto_nettle_cipher_free_ctx(ctx); -} - - -static int -qcrypto_nettle_cipher_encrypt(QCryptoCipher *cipher, - const void *in, - void *out, - size_t len, - Error **errp) -{ - QCryptoCipherNettle *ctx = container_of(cipher, QCryptoCipherNettle, base); - - if (len & (ctx->blocksize - 1)) { - error_setg(errp, "Length %zu must be a multiple of block size %zu", - len, ctx->blocksize); - return -1; - } - - switch (cipher->mode) { - case QCRYPTO_CIPHER_MODE_ECB: - ctx->alg_encrypt_wrapper(ctx->ctx, len, out, in); - break; - - case QCRYPTO_CIPHER_MODE_CBC: - cbc_encrypt(ctx->ctx, ctx->alg_encrypt_native, - ctx->blocksize, ctx->iv, - len, out, in); - break; - - case QCRYPTO_CIPHER_MODE_XTS: -#ifdef CONFIG_QEMU_PRIVATE_XTS - xts_encrypt(ctx->ctx, ctx->ctx_tweak, - ctx->alg_encrypt_wrapper, ctx->alg_decrypt_wrapper, - ctx->iv, len, out, in); -#else - xts_encrypt_message(ctx->ctx, ctx->ctx_tweak, - ctx->alg_encrypt_native, - ctx->iv, len, out, in); -#endif - break; - - case QCRYPTO_CIPHER_MODE_CTR: - ctr_crypt(ctx->ctx, ctx->alg_encrypt_native, - ctx->blocksize, ctx->iv, - len, out, in); - break; - - default: - error_setg(errp, "Unsupported cipher mode %s", - QCryptoCipherMode_str(cipher->mode)); - return -1; - } - return 0; -} - - -static int -qcrypto_nettle_cipher_decrypt(QCryptoCipher *cipher, - const void *in, - void *out, - size_t len, - Error **errp) -{ - QCryptoCipherNettle *ctx = container_of(cipher, QCryptoCipherNettle, base); - - if (len & (ctx->blocksize - 1)) { - error_setg(errp, "Length %zu must be a multiple of block size %zu", - len, ctx->blocksize); - return -1; - } - - switch (cipher->mode) { - case QCRYPTO_CIPHER_MODE_ECB: - ctx->alg_decrypt_wrapper(ctx->ctx, len, out, in); - break; - - case QCRYPTO_CIPHER_MODE_CBC: - cbc_decrypt(ctx->ctx, ctx->alg_decrypt_native, - ctx->blocksize, ctx->iv, - len, out, in); - break; - - case QCRYPTO_CIPHER_MODE_XTS: -#ifdef CONFIG_QEMU_PRIVATE_XTS - xts_decrypt(ctx->ctx, ctx->ctx_tweak, - ctx->alg_encrypt_wrapper, ctx->alg_decrypt_wrapper, - ctx->iv, len, out, in); -#else - xts_decrypt_message(ctx->ctx, ctx->ctx_tweak, - ctx->alg_decrypt_native, - ctx->alg_encrypt_native, - ctx->iv, len, out, in); -#endif - break; - case QCRYPTO_CIPHER_MODE_CTR: - ctr_crypt(ctx->ctx, ctx->alg_encrypt_native, - ctx->blocksize, ctx->iv, - len, out, in); - break; - - default: - error_setg(errp, "Unsupported cipher mode %s", - QCryptoCipherMode_str(cipher->mode)); - return -1; - } - return 0; -} - -static int -qcrypto_nettle_cipher_setiv(QCryptoCipher *cipher, - const uint8_t *iv, size_t niv, - Error **errp) -{ - QCryptoCipherNettle *ctx = container_of(cipher, QCryptoCipherNettle, base); - - if (niv != ctx->blocksize) { - error_setg(errp, "Expected IV size %zu not %zu", - ctx->blocksize, niv); - return -1; - } - memcpy(ctx->iv, iv, niv); - return 0; -} - - -static const struct QCryptoCipherDriver qcrypto_cipher_lib_driver = { - .cipher_encrypt = qcrypto_nettle_cipher_encrypt, - .cipher_decrypt = qcrypto_nettle_cipher_decrypt, - .cipher_setiv = qcrypto_nettle_cipher_setiv, - .cipher_free = qcrypto_nettle_cipher_ctx_free, -}; From patchwork Thu Sep 10 10:06:23 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 249588 Delivered-To: patch@linaro.org Received: by 2002:a17:906:6011:0:0:0:0 with SMTP id o17csp1240246ejj; Thu, 10 Sep 2020 03:10:00 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxn0HkY/mW6cfDLebY8Gu5KMK/5k8fFgIIhIOb4eFnmTTpLegVQwuyvhehL8dudAdDRpkvf X-Received: by 2002:a25:874d:: with SMTP id e13mr12285718ybn.68.1599732600043; Thu, 10 Sep 2020 03:10:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1599732600; cv=none; d=google.com; s=arc-20160816; b=qCKfwnj1VXG4CY7rO5Ple33db+JtFdtbvwQyawmCULpfz61C+0TNvLAPfoVGOh2G5D tIGQ5cMcGvTiWgbIJRu83qyYZOFUpWykH9pLNGqMo2Yc1dwUQiK1BxnZxLSBqywxDOpX p3xqUesFtWmNiw0RdowINBqfI5Tdf56lX7ccJJuDZUMuovudC5AZ16Dg1OA7lyFklG/z N/Rz7NE76ZQ+CHzxVyZvSAZPqBmqXBxsCjRm2VmC856qydmMCphCTXCph3M9qFmNPWoL haUVTvgiy/7PsoJpEiErvxDQi4xFiW3wykXGqlxcFAIyFY0U+cahiIG428CoMHWtYV7n Rgjw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:to:from :dkim-signature; bh=7lKKRAfzAa7nguSIodEPu42yVYk+gGWaxh96Reo7ZjI=; b=rcwUO535W359QbPJPbTuOy0TbyxZV3EVzdUB7cab6YQ3NxhFd6Y+p8qRuutHJRV7xE O2RlghwEmDDBpL4LiLyL2Ru1XFzqzuOgQufoBPXeLvQ3xjqkrR/g7/QgPC9viIrIcxSC DrhYJU6WPjAZoJvIiI/FpBJLgpaBHW7Q5tXet8bZxC+gTnB4VJOXKMsSqXfXR01LKVCT /7ouZLgPCV+K6ke/xguP6mO6IHN/aAsH6fdtDygkoODLy8Y0qLL3fKiC9muYvzPD0W0t qk6Xks37/fp+MxUF7hfErU/9Fyg9L02X2Niuug1N/4Lt3AQz/8TXCam6M7CLvRmk/aQU 9MXg== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@redhat.com header.s=mimecast20190719 header.b=ESX2oHcB; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id w191si5889921ybg.323.2020.09.10.03.09.59 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 10 Sep 2020 03:10:00 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=fail header.i=@redhat.com header.s=mimecast20190719 header.b=ESX2oHcB; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from localhost ([::1]:60040 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kGJWh-0007RF-8n for patch@linaro.org; Thu, 10 Sep 2020 06:09:59 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:43828) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kGJTm-0000oQ-U0 for qemu-devel@nongnu.org; Thu, 10 Sep 2020 06:06:59 -0400 Received: from us-smtp-delivery-1.mimecast.com ([207.211.31.120]:30377 helo=us-smtp-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1kGJTj-0007jw-8A for qemu-devel@nongnu.org; Thu, 10 Sep 2020 06:06:58 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1599732414; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=7lKKRAfzAa7nguSIodEPu42yVYk+gGWaxh96Reo7ZjI=; b=ESX2oHcB0n6xfCF3bDGawKPp2Kaj4xgNEnnfZ/3BB4TNzAMXS8QW9brsnrUrJN9fq1wKSb h8I4aVKZyqn1D1Y+5K6FfMEkHpd+ihFEt0sv/X//dd3OmYcekcmnseODLnYRHMQtF2X2s1 rPunBz4Ca4KIY0Q6Jco2l242cHDIXT8= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-325-f3n_n02ANGmhc9JkhlIlnw-1; Thu, 10 Sep 2020 06:06:52 -0400 X-MC-Unique: f3n_n02ANGmhc9JkhlIlnw-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 5DD7F1DE01; Thu, 10 Sep 2020 10:06:51 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-112-4.ams2.redhat.com [10.36.112.4]) by smtp.corp.redhat.com (Postfix) with ESMTP id 59DCF1002D41; Thu, 10 Sep 2020 10:06:50 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 17/17] crypto/gcrypt: Split QCryptoCipherGcrypt into subclasses Date: Thu, 10 Sep 2020 11:06:23 +0100 Message-Id: <20200910100623.1088965-18-berrange@redhat.com> In-Reply-To: <20200910100623.1088965-1-berrange@redhat.com> References: <20200910100623.1088965-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0.002 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=207.211.31.120; envelope-from=berrange@redhat.com; helo=us-smtp-1.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/09/10 03:02:23 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Henderson , =?utf-8?q?Daniel_P?= =?utf-8?b?LiBCZXJyYW5nw6k=?= Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" From: Richard Henderson With gcrypt, most of the dispatch happens in the library, so there aren't many classes to create. However, we can still create separate dispatch for CTR mode, and for CONFIG_QEMU_PRIVATE_XTS, which avoids needing to check for these modes at runtime. Signed-off-by: Richard Henderson Signed-off-by: Daniel P. Berrangé --- crypto/cipher-gcrypt.c.inc | 493 ++++++++++++++++++------------------- 1 file changed, 238 insertions(+), 255 deletions(-) -- 2.26.2 diff --git a/crypto/cipher-gcrypt.c.inc b/crypto/cipher-gcrypt.c.inc index 7a1fbc9745..42d4137534 100644 --- a/crypto/cipher-gcrypt.c.inc +++ b/crypto/cipher-gcrypt.c.inc @@ -24,8 +24,6 @@ #include -static const struct QCryptoCipherDriver qcrypto_cipher_lib_driver; - bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, QCryptoCipherMode mode) { @@ -57,36 +55,212 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, } } -typedef struct QCryptoCipherGcrypt QCryptoCipherGcrypt; -struct QCryptoCipherGcrypt { +typedef struct QCryptoCipherGcrypt { QCryptoCipher base; gcry_cipher_hd_t handle; size_t blocksize; #ifdef CONFIG_QEMU_PRIVATE_XTS gcry_cipher_hd_t tweakhandle; - /* Initialization vector or Counter */ - uint8_t *iv; + uint8_t iv[XTS_BLOCK_SIZE]; #endif -}; +} QCryptoCipherGcrypt; + -static void -qcrypto_gcrypt_cipher_free_ctx(QCryptoCipherGcrypt *ctx, - QCryptoCipherMode mode) +static void qcrypto_gcrypt_ctx_free(QCryptoCipher *cipher) { - if (!ctx) { - return; - } + QCryptoCipherGcrypt *ctx = container_of(cipher, QCryptoCipherGcrypt, base); gcry_cipher_close(ctx->handle); + g_free(ctx); +} + +static int qcrypto_gcrypt_encrypt(QCryptoCipher *cipher, const void *in, + void *out, size_t len, Error **errp) +{ + QCryptoCipherGcrypt *ctx = container_of(cipher, QCryptoCipherGcrypt, base); + gcry_error_t err; + + if (len & (ctx->blocksize - 1)) { + error_setg(errp, "Length %zu must be a multiple of block size %zu", + len, ctx->blocksize); + return -1; + } + + err = gcry_cipher_encrypt(ctx->handle, out, len, in, len); + if (err != 0) { + error_setg(errp, "Cannot encrypt data: %s", gcry_strerror(err)); + return -1; + } + + return 0; +} + + +static int qcrypto_gcrypt_decrypt(QCryptoCipher *cipher, const void *in, + void *out, size_t len, Error **errp) +{ + QCryptoCipherGcrypt *ctx = container_of(cipher, QCryptoCipherGcrypt, base); + gcry_error_t err; + + if (len & (ctx->blocksize - 1)) { + error_setg(errp, "Length %zu must be a multiple of block size %zu", + len, ctx->blocksize); + return -1; + } + + err = gcry_cipher_decrypt(ctx->handle, out, len, in, len); + if (err != 0) { + error_setg(errp, "Cannot decrypt data: %s", + gcry_strerror(err)); + return -1; + } + + return 0; +} + +static int qcrypto_gcrypt_setiv(QCryptoCipher *cipher, + const uint8_t *iv, size_t niv, + Error **errp) +{ + QCryptoCipherGcrypt *ctx = container_of(cipher, QCryptoCipherGcrypt, base); + gcry_error_t err; + + if (niv != ctx->blocksize) { + error_setg(errp, "Expected IV size %zu not %zu", + ctx->blocksize, niv); + return -1; + } + + gcry_cipher_reset(ctx->handle); + err = gcry_cipher_setiv(ctx->handle, iv, niv); + if (err != 0) { + error_setg(errp, "Cannot set IV: %s", gcry_strerror(err)); + return -1; + } + + return 0; +} + +static int qcrypto_gcrypt_ctr_setiv(QCryptoCipher *cipher, + const uint8_t *iv, size_t niv, + Error **errp) +{ + QCryptoCipherGcrypt *ctx = container_of(cipher, QCryptoCipherGcrypt, base); + gcry_error_t err; + + if (niv != ctx->blocksize) { + error_setg(errp, "Expected IV size %zu not %zu", + ctx->blocksize, niv); + return -1; + } + + err = gcry_cipher_setctr(ctx->handle, iv, niv); + if (err != 0) { + error_setg(errp, "Cannot set Counter: %s", gcry_strerror(err)); + return -1; + } + + return 0; +} + + +static const struct QCryptoCipherDriver qcrypto_gcrypt_driver = { + .cipher_encrypt = qcrypto_gcrypt_encrypt, + .cipher_decrypt = qcrypto_gcrypt_decrypt, + .cipher_setiv = qcrypto_gcrypt_setiv, + .cipher_free = qcrypto_gcrypt_ctx_free, +}; + +static const struct QCryptoCipherDriver qcrypto_gcrypt_ctr_driver = { + .cipher_encrypt = qcrypto_gcrypt_encrypt, + .cipher_decrypt = qcrypto_gcrypt_decrypt, + .cipher_setiv = qcrypto_gcrypt_ctr_setiv, + .cipher_free = qcrypto_gcrypt_ctx_free, +}; + #ifdef CONFIG_QEMU_PRIVATE_XTS - if (mode == QCRYPTO_CIPHER_MODE_XTS) { - gcry_cipher_close(ctx->tweakhandle); +static void qcrypto_gcrypt_xts_ctx_free(QCryptoCipher *cipher) +{ + QCryptoCipherGcrypt *ctx = container_of(cipher, QCryptoCipherGcrypt, base); + + gcry_cipher_close(ctx->tweakhandle); + qcrypto_gcrypt_ctx_free(cipher); +} + +static void qcrypto_gcrypt_xts_wrape(const void *ctx, size_t length, + uint8_t *dst, const uint8_t *src) +{ + gcry_error_t err; + err = gcry_cipher_encrypt((gcry_cipher_hd_t)ctx, dst, length, src, length); + g_assert(err == 0); +} + +static void qcrypto_gcrypt_xts_wrapd(const void *ctx, size_t length, + uint8_t *dst, const uint8_t *src) +{ + gcry_error_t err; + err = gcry_cipher_decrypt((gcry_cipher_hd_t)ctx, dst, length, src, length); + g_assert(err == 0); +} + +static int qcrypto_gcrypt_xts_encrypt(QCryptoCipher *cipher, const void *in, + void *out, size_t len, Error **errp) +{ + QCryptoCipherGcrypt *ctx = container_of(cipher, QCryptoCipherGcrypt, base); + + if (len & (ctx->blocksize - 1)) { + error_setg(errp, "Length %zu must be a multiple of block size %zu", + len, ctx->blocksize); + return -1; } - g_free(ctx->iv); -#endif - g_free(ctx); + + xts_encrypt(ctx->handle, ctx->tweakhandle, + qcrypto_gcrypt_xts_wrape, qcrypto_gcrypt_xts_wrapd, + ctx->iv, len, out, in); + return 0; +} + +static int qcrypto_gcrypt_xts_decrypt(QCryptoCipher *cipher, const void *in, + void *out, size_t len, Error **errp) +{ + QCryptoCipherGcrypt *ctx = container_of(cipher, QCryptoCipherGcrypt, base); + + if (len & (ctx->blocksize - 1)) { + error_setg(errp, "Length %zu must be a multiple of block size %zu", + len, ctx->blocksize); + return -1; + } + + xts_decrypt(ctx->handle, ctx->tweakhandle, + qcrypto_gcrypt_xts_wrape, qcrypto_gcrypt_xts_wrapd, + ctx->iv, len, out, in); + return 0; +} + +static int qcrypto_gcrypt_xts_setiv(QCryptoCipher *cipher, + const uint8_t *iv, size_t niv, + Error **errp) +{ + QCryptoCipherGcrypt *ctx = container_of(cipher, QCryptoCipherGcrypt, base); + + if (niv != ctx->blocksize) { + error_setg(errp, "Expected IV size %zu not %zu", + ctx->blocksize, niv); + return -1; + } + + memcpy(ctx->iv, iv, niv); + return 0; } +static const struct QCryptoCipherDriver qcrypto_gcrypt_xts_driver = { + .cipher_encrypt = qcrypto_gcrypt_xts_encrypt, + .cipher_decrypt = qcrypto_gcrypt_xts_decrypt, + .cipher_setiv = qcrypto_gcrypt_xts_setiv, + .cipher_free = qcrypto_gcrypt_xts_ctx_free, +}; +#endif /* CONFIG_QEMU_PRIVATE_XTS */ + static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg, QCryptoCipherMode mode, @@ -95,32 +269,10 @@ static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg, Error **errp) { QCryptoCipherGcrypt *ctx; + const QCryptoCipherDriver *drv; gcry_error_t err; int gcryalg, gcrymode; - switch (mode) { - case QCRYPTO_CIPHER_MODE_ECB: - gcrymode = GCRY_CIPHER_MODE_ECB; - break; - case QCRYPTO_CIPHER_MODE_XTS: -#ifdef CONFIG_QEMU_PRIVATE_XTS - gcrymode = GCRY_CIPHER_MODE_ECB; -#else - gcrymode = GCRY_CIPHER_MODE_XTS; -#endif - break; - case QCRYPTO_CIPHER_MODE_CBC: - gcrymode = GCRY_CIPHER_MODE_CBC; - break; - case QCRYPTO_CIPHER_MODE_CTR: - gcrymode = GCRY_CIPHER_MODE_CTR; - break; - default: - error_setg(errp, "Unsupported cipher mode %s", - QCryptoCipherMode_str(mode)); - return NULL; - } - if (!qcrypto_cipher_validate_key_length(alg, mode, nkey, errp)) { return NULL; } @@ -129,54 +281,70 @@ static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg, case QCRYPTO_CIPHER_ALG_DES_RFB: gcryalg = GCRY_CIPHER_DES; break; - case QCRYPTO_CIPHER_ALG_3DES: gcryalg = GCRY_CIPHER_3DES; break; - case QCRYPTO_CIPHER_ALG_AES_128: gcryalg = GCRY_CIPHER_AES128; break; - case QCRYPTO_CIPHER_ALG_AES_192: gcryalg = GCRY_CIPHER_AES192; break; - case QCRYPTO_CIPHER_ALG_AES_256: gcryalg = GCRY_CIPHER_AES256; break; - case QCRYPTO_CIPHER_ALG_CAST5_128: gcryalg = GCRY_CIPHER_CAST5; break; - case QCRYPTO_CIPHER_ALG_SERPENT_128: gcryalg = GCRY_CIPHER_SERPENT128; break; - case QCRYPTO_CIPHER_ALG_SERPENT_192: gcryalg = GCRY_CIPHER_SERPENT192; break; - case QCRYPTO_CIPHER_ALG_SERPENT_256: gcryalg = GCRY_CIPHER_SERPENT256; break; - case QCRYPTO_CIPHER_ALG_TWOFISH_128: gcryalg = GCRY_CIPHER_TWOFISH128; break; - case QCRYPTO_CIPHER_ALG_TWOFISH_256: gcryalg = GCRY_CIPHER_TWOFISH; break; - default: error_setg(errp, "Unsupported cipher algorithm %s", QCryptoCipherAlgorithm_str(alg)); return NULL; } + drv = &qcrypto_gcrypt_driver; + switch (mode) { + case QCRYPTO_CIPHER_MODE_ECB: + gcrymode = GCRY_CIPHER_MODE_ECB; + break; + case QCRYPTO_CIPHER_MODE_XTS: +#ifdef CONFIG_QEMU_PRIVATE_XTS + drv = &qcrypto_gcrypt_xts_driver; + gcrymode = GCRY_CIPHER_MODE_ECB; +#else + gcrymode = GCRY_CIPHER_MODE_XTS; +#endif + break; + case QCRYPTO_CIPHER_MODE_CBC: + gcrymode = GCRY_CIPHER_MODE_CBC; + break; + case QCRYPTO_CIPHER_MODE_CTR: + drv = &qcrypto_gcrypt_ctr_driver; + gcrymode = GCRY_CIPHER_MODE_CTR; + break; + default: + error_setg(errp, "Unsupported cipher mode %s", + QCryptoCipherMode_str(mode)); + return NULL; + } + ctx = g_new0(QCryptoCipherGcrypt, 1); + ctx->base.driver = drv; err = gcry_cipher_open(&ctx->handle, gcryalg, gcrymode, 0); if (err != 0) { @@ -184,8 +352,16 @@ static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg, gcry_strerror(err)); goto error; } + ctx->blocksize = gcry_cipher_get_algo_blklen(gcryalg); + #ifdef CONFIG_QEMU_PRIVATE_XTS if (mode == QCRYPTO_CIPHER_MODE_XTS) { + if (ctx->blocksize != XTS_BLOCK_SIZE) { + error_setg(errp, + "Cipher block size %zu must equal XTS block size %d", + ctx->blocksize, XTS_BLOCK_SIZE); + goto error; + } err = gcry_cipher_open(&ctx->tweakhandle, gcryalg, gcrymode, 0); if (err != 0) { error_setg(errp, "Cannot initialize cipher: %s", @@ -203,224 +379,31 @@ static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg, uint8_t *rfbkey = qcrypto_cipher_munge_des_rfb_key(key, nkey); err = gcry_cipher_setkey(ctx->handle, rfbkey, nkey); g_free(rfbkey); - ctx->blocksize = 8; } else { #ifdef CONFIG_QEMU_PRIVATE_XTS if (mode == QCRYPTO_CIPHER_MODE_XTS) { nkey /= 2; - err = gcry_cipher_setkey(ctx->handle, key, nkey); + err = gcry_cipher_setkey(ctx->tweakhandle, key + nkey, nkey); if (err != 0) { - error_setg(errp, "Cannot set key: %s", - gcry_strerror(err)); + error_setg(errp, "Cannot set key: %s", gcry_strerror(err)); goto error; } - err = gcry_cipher_setkey(ctx->tweakhandle, key + nkey, nkey); - } else { -#endif - err = gcry_cipher_setkey(ctx->handle, key, nkey); -#ifdef CONFIG_QEMU_PRIVATE_XTS } #endif - if (err != 0) { - error_setg(errp, "Cannot set key: %s", - gcry_strerror(err)); - goto error; - } - switch (alg) { - case QCRYPTO_CIPHER_ALG_AES_128: - case QCRYPTO_CIPHER_ALG_AES_192: - case QCRYPTO_CIPHER_ALG_AES_256: - case QCRYPTO_CIPHER_ALG_SERPENT_128: - case QCRYPTO_CIPHER_ALG_SERPENT_192: - case QCRYPTO_CIPHER_ALG_SERPENT_256: - case QCRYPTO_CIPHER_ALG_TWOFISH_128: - case QCRYPTO_CIPHER_ALG_TWOFISH_256: - ctx->blocksize = 16; - break; - case QCRYPTO_CIPHER_ALG_3DES: - case QCRYPTO_CIPHER_ALG_CAST5_128: - ctx->blocksize = 8; - break; - default: - g_assert_not_reached(); - } + err = gcry_cipher_setkey(ctx->handle, key, nkey); } - g_assert(is_power_of_2(ctx->blocksize)); - -#ifdef CONFIG_QEMU_PRIVATE_XTS - if (mode == QCRYPTO_CIPHER_MODE_XTS) { - if (ctx->blocksize != XTS_BLOCK_SIZE) { - error_setg(errp, - "Cipher block size %zu must equal XTS block size %d", - ctx->blocksize, XTS_BLOCK_SIZE); - goto error; - } - ctx->iv = g_new0(uint8_t, ctx->blocksize); + if (err != 0) { + error_setg(errp, "Cannot set key: %s", gcry_strerror(err)); + goto error; } -#endif - ctx->base.driver = &qcrypto_cipher_lib_driver; return &ctx->base; error: - qcrypto_gcrypt_cipher_free_ctx(ctx, mode); - return NULL; -} - - -static void -qcrypto_gcrypt_cipher_ctx_free(QCryptoCipher *cipher) -{ - QCryptoCipherGcrypt *ctx = container_of(cipher, QCryptoCipherGcrypt, base); - - qcrypto_gcrypt_cipher_free_ctx(ctx, cipher->mode); -} - - -#ifdef CONFIG_QEMU_PRIVATE_XTS -static void qcrypto_gcrypt_xts_encrypt(const void *ctx, - size_t length, - uint8_t *dst, - const uint8_t *src) -{ - gcry_error_t err; - err = gcry_cipher_encrypt((gcry_cipher_hd_t)ctx, dst, length, src, length); - g_assert(err == 0); -} - -static void qcrypto_gcrypt_xts_decrypt(const void *ctx, - size_t length, - uint8_t *dst, - const uint8_t *src) -{ - gcry_error_t err; - err = gcry_cipher_decrypt((gcry_cipher_hd_t)ctx, dst, length, src, length); - g_assert(err == 0); -} -#endif - -static int -qcrypto_gcrypt_cipher_encrypt(QCryptoCipher *cipher, - const void *in, - void *out, - size_t len, - Error **errp) -{ - QCryptoCipherGcrypt *ctx = container_of(cipher, QCryptoCipherGcrypt, base); - gcry_error_t err; - - if (len & (ctx->blocksize - 1)) { - error_setg(errp, "Length %zu must be a multiple of block size %zu", - len, ctx->blocksize); - return -1; - } - -#ifdef CONFIG_QEMU_PRIVATE_XTS - if (cipher->mode == QCRYPTO_CIPHER_MODE_XTS) { - xts_encrypt(ctx->handle, ctx->tweakhandle, - qcrypto_gcrypt_xts_encrypt, - qcrypto_gcrypt_xts_decrypt, - ctx->iv, len, out, in); - return 0; - } -#endif - - err = gcry_cipher_encrypt(ctx->handle, - out, len, - in, len); - if (err != 0) { - error_setg(errp, "Cannot encrypt data: %s", - gcry_strerror(err)); - return -1; - } - - return 0; -} - - -static int -qcrypto_gcrypt_cipher_decrypt(QCryptoCipher *cipher, - const void *in, - void *out, - size_t len, - Error **errp) -{ - QCryptoCipherGcrypt *ctx = container_of(cipher, QCryptoCipherGcrypt, base); - gcry_error_t err; - - if (len & (ctx->blocksize - 1)) { - error_setg(errp, "Length %zu must be a multiple of block size %zu", - len, ctx->blocksize); - return -1; - } - -#ifdef CONFIG_QEMU_PRIVATE_XTS - if (cipher->mode == QCRYPTO_CIPHER_MODE_XTS) { - xts_decrypt(ctx->handle, ctx->tweakhandle, - qcrypto_gcrypt_xts_encrypt, - qcrypto_gcrypt_xts_decrypt, - ctx->iv, len, out, in); - return 0; - } -#endif - - err = gcry_cipher_decrypt(ctx->handle, - out, len, - in, len); - if (err != 0) { - error_setg(errp, "Cannot decrypt data: %s", - gcry_strerror(err)); - return -1; - } - - return 0; -} - -static int -qcrypto_gcrypt_cipher_setiv(QCryptoCipher *cipher, - const uint8_t *iv, size_t niv, - Error **errp) -{ - QCryptoCipherGcrypt *ctx = container_of(cipher, QCryptoCipherGcrypt, base); - gcry_error_t err; - - if (niv != ctx->blocksize) { - error_setg(errp, "Expected IV size %zu not %zu", - ctx->blocksize, niv); - return -1; - } - #ifdef CONFIG_QEMU_PRIVATE_XTS - if (ctx->iv) { - memcpy(ctx->iv, iv, niv); - return 0; - } + gcry_cipher_close(ctx->tweakhandle); #endif - - if (cipher->mode == QCRYPTO_CIPHER_MODE_CTR) { - err = gcry_cipher_setctr(ctx->handle, iv, niv); - if (err != 0) { - error_setg(errp, "Cannot set Counter: %s", - gcry_strerror(err)); - return -1; - } - } else { - gcry_cipher_reset(ctx->handle); - err = gcry_cipher_setiv(ctx->handle, iv, niv); - if (err != 0) { - error_setg(errp, "Cannot set IV: %s", - gcry_strerror(err)); - return -1; - } - } - - return 0; + gcry_cipher_close(ctx->handle); + g_free(ctx); + return NULL; } - - -static const struct QCryptoCipherDriver qcrypto_cipher_lib_driver = { - .cipher_encrypt = qcrypto_gcrypt_cipher_encrypt, - .cipher_decrypt = qcrypto_gcrypt_cipher_decrypt, - .cipher_setiv = qcrypto_gcrypt_cipher_setiv, - .cipher_free = qcrypto_gcrypt_cipher_ctx_free, -};