On Wed, Dec 07, 2016 at 04:33:41PM +0800, Longpeng(Mike) wrote: > Libgcrypt and nettle support 3des-ede, so this patch add 3des-ede > support when using libgcrypt or nettle. > > Signed-off-by: Longpeng(Mike) <longpe...@huawei.com> > --- > crypto/cipher-gcrypt.c | 6 ++++++ > crypto/cipher-nettle.c | 37 +++++++++++++++++++++++++++++++++++++ > crypto/cipher.c | 7 +++++-- > qapi/crypto.json | 3 ++- > tests/test-crypto-cipher.c | 44 ++++++++++++++++++++++++++++++++++++++++++++ > 5 files changed, 94 insertions(+), 3 deletions(-) > > diff --git a/crypto/cipher-gcrypt.c b/crypto/cipher-gcrypt.c > index c550db9..5dd0db1 100644 > --- a/crypto/cipher-gcrypt.c > +++ b/crypto/cipher-gcrypt.c > @@ -29,6 +29,7 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, > { > switch (alg) { > case QCRYPTO_CIPHER_ALG_DES_RFB: > + case QCRYPTO_CIPHER_ALG_3DES_EDE: > case QCRYPTO_CIPHER_ALG_AES_128: > case QCRYPTO_CIPHER_ALG_AES_192: > case QCRYPTO_CIPHER_ALG_AES_256: > @@ -99,6 +100,10 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm > alg, > gcryalg = GCRY_CIPHER_DES; > break; > > + case QCRYPTO_CIPHER_ALG_3DES_EDE: > + gcryalg = GCRY_CIPHER_3DES; > + break; > + > case QCRYPTO_CIPHER_ALG_AES_128: > gcryalg = GCRY_CIPHER_AES128; > break; > @@ -200,6 +205,7 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm > alg, > case QCRYPTO_CIPHER_ALG_TWOFISH_256: > ctx->blocksize = 16; > break; > + case QCRYPTO_CIPHER_ALG_3DES_EDE: > case QCRYPTO_CIPHER_ALG_CAST5_128: > ctx->blocksize = 8; > break; > diff --git a/crypto/cipher-nettle.c b/crypto/cipher-nettle.c > index cd094cd..0353b4d 100644 > --- a/crypto/cipher-nettle.c > +++ b/crypto/cipher-nettle.c > @@ -78,6 +78,18 @@ static void des_decrypt_native(cipher_ctx_t ctx, > cipher_length_t length, > des_decrypt(ctx, length, dst, src); > } > > +static void des3_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, > + uint8_t *dst, const uint8_t *src) > +{ > + des3_encrypt(ctx, length, dst, src); > +} > + > +static void des3_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, > + uint8_t *dst, const uint8_t *src) > +{ > + des3_decrypt(ctx, length, dst, src); > +} > + > static void cast128_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, > uint8_t *dst, const uint8_t *src) > { > @@ -140,6 +152,18 @@ static void des_decrypt_wrapper(const void *ctx, size_t > length, > des_decrypt(ctx, length, dst, src); > } > > +static void des3_encrypt_wrapper(const void *ctx, size_t length, > + uint8_t *dst, const uint8_t *src) > +{ > + des3_encrypt(ctx, length, dst, src); > +} > + > +static void des3_decrypt_wrapper(const void *ctx, size_t length, > + uint8_t *dst, const uint8_t *src) > +{ > + des3_decrypt(ctx, length, dst, src); > +} > + > static void cast128_encrypt_wrapper(const void *ctx, size_t length, > uint8_t *dst, const uint8_t *src) > { > @@ -197,6 +221,7 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, > { > switch (alg) { > case QCRYPTO_CIPHER_ALG_DES_RFB: > + case QCRYPTO_CIPHER_ALG_3DES_EDE: > case QCRYPTO_CIPHER_ALG_AES_128: > case QCRYPTO_CIPHER_ALG_AES_192: > case QCRYPTO_CIPHER_ALG_AES_256: > @@ -270,6 +295,18 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm > alg, > ctx->blocksize = DES_BLOCK_SIZE; > break; > > + case QCRYPTO_CIPHER_ALG_3DES_EDE: > + ctx->ctx = g_new0(struct des3_ctx, 1); > + des3_set_key(ctx->ctx, key); > + > + ctx->alg_encrypt_native = des3_encrypt_native; > + ctx->alg_decrypt_native = des3_decrypt_native; > + ctx->alg_encrypt_wrapper = des3_encrypt_wrapper; > + ctx->alg_decrypt_wrapper = des3_decrypt_wrapper; > + > + ctx->blocksize = DES3_BLOCK_SIZE; > + break; > + > case QCRYPTO_CIPHER_ALG_AES_128: > case QCRYPTO_CIPHER_ALG_AES_192: > case QCRYPTO_CIPHER_ALG_AES_256: > diff --git a/crypto/cipher.c b/crypto/cipher.c > index a9bca41..97147b1 100644 > --- a/crypto/cipher.c > +++ b/crypto/cipher.c > @@ -28,6 +28,7 @@ static size_t alg_key_len[QCRYPTO_CIPHER_ALG__MAX] = { > [QCRYPTO_CIPHER_ALG_AES_192] = 24, > [QCRYPTO_CIPHER_ALG_AES_256] = 32, > [QCRYPTO_CIPHER_ALG_DES_RFB] = 8, > + [QCRYPTO_CIPHER_ALG_3DES_EDE] = 24, > [QCRYPTO_CIPHER_ALG_CAST5_128] = 16, > [QCRYPTO_CIPHER_ALG_SERPENT_128] = 16, > [QCRYPTO_CIPHER_ALG_SERPENT_192] = 24, > @@ -42,6 +43,7 @@ static size_t alg_block_len[QCRYPTO_CIPHER_ALG__MAX] = { > [QCRYPTO_CIPHER_ALG_AES_192] = 16, > [QCRYPTO_CIPHER_ALG_AES_256] = 16, > [QCRYPTO_CIPHER_ALG_DES_RFB] = 8, > + [QCRYPTO_CIPHER_ALG_3DES_EDE] = 8, > [QCRYPTO_CIPHER_ALG_CAST5_128] = 8, > [QCRYPTO_CIPHER_ALG_SERPENT_128] = 16, > [QCRYPTO_CIPHER_ALG_SERPENT_192] = 16, > @@ -107,8 +109,9 @@ qcrypto_cipher_validate_key_length(QCryptoCipherAlgorithm > alg, > } > > if (mode == QCRYPTO_CIPHER_MODE_XTS) { > - if (alg == QCRYPTO_CIPHER_ALG_DES_RFB) { > - error_setg(errp, "XTS mode not compatible with DES-RFB"); > + if (alg == QCRYPTO_CIPHER_ALG_DES_RFB > + || alg == QCRYPTO_CIPHER_ALG_3DES_EDE) { > + error_setg(errp, "XTS mode not compatible with > DES-RFB/3DES-EDE"); > return false; > } > if (nkey % 2) { > diff --git a/qapi/crypto.json b/qapi/crypto.json > index 5c9d7d4..848b6cd 100644 > --- a/qapi/crypto.json > +++ b/qapi/crypto.json > @@ -63,6 +63,7 @@ > # @aes-192: AES with 192 bit / 24 byte keys > # @aes-256: AES with 256 bit / 32 byte keys > # @des-rfb: RFB specific variant of single DES. Do not use except in VNC. > +# @3des-ede: 3DES-EDE with 192 bit / 24 byte keys
Lets just call this '3des' as 'ede' is can be assumed, eg # @3des: 3DES (EDE) with 192 bit / 24 byte keys Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://entangle-photo.org -o- http://search.cpan.org/~danberr/ :|