summaryrefslogtreecommitdiff
path: root/crypto/ivgen-essiv.c
blob: 634de63338e5a45345f1072fde8819d37f27d6b5 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
/*
 * QEMU Crypto block IV generator - essiv
 *
 * Copyright (c) 2015-2016 Red Hat, Inc.
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
 *
 */

#include "qemu/osdep.h"
#include "qapi/error.h"
#include "qemu/bswap.h"
#include "crypto/ivgen-essiv.h"

typedef struct QCryptoIVGenESSIV QCryptoIVGenESSIV;
struct QCryptoIVGenESSIV {
    QCryptoCipher *cipher;
};

static int qcrypto_ivgen_essiv_init(QCryptoIVGen *ivgen,
                                    const uint8_t *key, size_t nkey,
                                    Error **errp)
{
    uint8_t *salt;
    size_t nhash;
    size_t nsalt;
    QCryptoIVGenESSIV *essiv = g_new0(QCryptoIVGenESSIV, 1);

    /* Not necessarily the same as nkey */
    nsalt = qcrypto_cipher_get_key_len(ivgen->cipher);

    nhash = qcrypto_hash_digest_len(ivgen->hash);
    /* Salt must be larger of hash size or key size */
    salt = g_new0(uint8_t, MAX(nhash, nsalt));

    if (qcrypto_hash_bytes(ivgen->hash, (const gchar *)key, nkey,
                           &salt, &nhash,
                           errp) < 0) {
        g_free(essiv);
        return -1;
    }

    /* Now potentially truncate salt to match cipher key len */
    essiv->cipher = qcrypto_cipher_new(ivgen->cipher,
                                       QCRYPTO_CIPHER_MODE_ECB,
                                       salt, MIN(nhash, nsalt),
                                       errp);
    if (!essiv->cipher) {
        g_free(essiv);
        g_free(salt);
        return -1;
    }

    g_free(salt);
    ivgen->private = essiv;

    return 0;
}

static int qcrypto_ivgen_essiv_calculate(QCryptoIVGen *ivgen,
                                         uint64_t sector,
                                         uint8_t *iv, size_t niv,
                                         Error **errp)
{
    QCryptoIVGenESSIV *essiv = ivgen->private;
    size_t ndata = qcrypto_cipher_get_block_len(ivgen->cipher);
    uint8_t *data = g_new(uint8_t, ndata);

    sector = cpu_to_le64(sector);
    memcpy(data, (uint8_t *)&sector, ndata);
    if (sizeof(sector) < ndata) {
        memset(data + sizeof(sector), 0, ndata - sizeof(sector));
    }

    if (qcrypto_cipher_encrypt(essiv->cipher,
                               data,
                               data,
                               ndata,
                               errp) < 0) {
        g_free(data);
        return -1;
    }

    if (ndata > niv) {
        ndata = niv;
    }
    memcpy(iv, data, ndata);
    if (ndata < niv) {
        memset(iv + ndata, 0, niv - ndata);
    }
    g_free(data);
    return 0;
}

static void qcrypto_ivgen_essiv_cleanup(QCryptoIVGen *ivgen)
{
    QCryptoIVGenESSIV *essiv = ivgen->private;

    qcrypto_cipher_free(essiv->cipher);
    g_free(essiv);
}


struct QCryptoIVGenDriver qcrypto_ivgen_essiv = {
    .init = qcrypto_ivgen_essiv_init,
    .calculate = qcrypto_ivgen_essiv_calculate,
    .cleanup = qcrypto_ivgen_essiv_cleanup,
};