Daniel P. Berrangé <berra...@redhat.com> writes:
> The aes_ctx struct and aes_* functions have been deprecated in nettle > 3.5, in favour of keysize specific functions which were introduced > first in nettle 3.0. > > Switch QEMU code to use the new APIs and add some backcompat defines > such that it still builds on nettle 2.7 > > Signed-off-by: Daniel P. Berrangé <berra...@redhat.com> Reviewed-by: Alex Bennée <alex.ben...@linaro.org> Tested-by: Alex Bennée <alex.ben...@linaro.org> > --- > crypto/cipher-nettle.c | 218 ++++++++++++++++++++++++++++++++++------- > 1 file changed, 183 insertions(+), 35 deletions(-) > > diff --git a/crypto/cipher-nettle.c b/crypto/cipher-nettle.c > index 3848cb3b3a..115d16dd7b 100644 > --- a/crypto/cipher-nettle.c > +++ b/crypto/cipher-nettle.c > @@ -42,29 +42,89 @@ typedef void * cipher_ctx_t; > typedef unsigned cipher_length_t; > > #define cast5_set_key cast128_set_key > + > +#define aes128_ctx aes_ctx > +#define aes192_ctx aes_ctx > +#define aes256_ctx aes_ctx > +#define aes128_set_encrypt_key(c, k) \ > + aes_set_encrypt_key(c, 16, k) > +#define aes192_set_encrypt_key(c, k) \ > + aes_set_encrypt_key(c, 24, k) > +#define aes256_set_encrypt_key(c, k) \ > + aes_set_encrypt_key(c, 32, k) > +#define aes128_set_decrypt_key(c, k) \ > + aes_set_decrypt_key(c, 16, k) > +#define aes192_set_decrypt_key(c, k) \ > + aes_set_decrypt_key(c, 24, k) > +#define aes256_set_decrypt_key(c, k) \ > + aes_set_decrypt_key(c, 32, k) > +#define aes128_encrypt aes_encrypt > +#define aes192_encrypt aes_encrypt > +#define aes256_encrypt aes_encrypt > +#define aes128_decrypt aes_decrypt > +#define aes192_decrypt aes_decrypt > +#define aes256_decrypt aes_decrypt > #else > typedef nettle_cipher_func * QCryptoCipherNettleFuncNative; > typedef const void * cipher_ctx_t; > typedef size_t cipher_length_t; > #endif > > -typedef struct QCryptoNettleAES { > - struct aes_ctx enc; > - struct aes_ctx dec; > -} QCryptoNettleAES; > +typedef struct QCryptoNettleAES128 { > + struct aes128_ctx enc; > + struct aes128_ctx dec; > +} QCryptoNettleAES128; > + > +typedef struct QCryptoNettleAES192 { > + struct aes192_ctx enc; > + struct aes192_ctx dec; > +} QCryptoNettleAES192; > + > +typedef struct QCryptoNettleAES256 { > + struct aes256_ctx enc; > + struct aes256_ctx dec; > +} QCryptoNettleAES256; > + > +static void aes128_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, > + uint8_t *dst, const uint8_t *src) > +{ > + const QCryptoNettleAES128 *aesctx = ctx; > + aes128_encrypt(&aesctx->enc, length, dst, src); > +} > + > +static void aes128_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, > + uint8_t *dst, const uint8_t *src) > +{ > + const QCryptoNettleAES128 *aesctx = ctx; > + aes128_decrypt(&aesctx->dec, length, dst, src); > +} > + > +static void aes192_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, > + uint8_t *dst, const uint8_t *src) > +{ > + const QCryptoNettleAES192 *aesctx = ctx; > + aes192_encrypt(&aesctx->enc, length, dst, src); > +} > + > +static void aes192_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, > + uint8_t *dst, const uint8_t *src) > +{ > + const QCryptoNettleAES192 *aesctx = ctx; > + aes192_decrypt(&aesctx->dec, length, dst, src); > +} > > -static void aes_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, > +static void aes256_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, > uint8_t *dst, const uint8_t *src) > { > - const QCryptoNettleAES *aesctx = ctx; > - aes_encrypt(&aesctx->enc, length, dst, src); > + const QCryptoNettleAES256 *aesctx = ctx; > + aes256_encrypt(&aesctx->enc, length, dst, src); > } > > -static void aes_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, > +static void aes256_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, > uint8_t *dst, const uint8_t *src) > { > - const QCryptoNettleAES *aesctx = ctx; > - aes_decrypt(&aesctx->dec, length, dst, src); > + const QCryptoNettleAES256 *aesctx = ctx; > + aes256_decrypt(&aesctx->dec, length, dst, src); > } > > static void des_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, > @@ -127,18 +187,46 @@ static void twofish_decrypt_native(cipher_ctx_t ctx, > cipher_length_t length, > twofish_decrypt(ctx, length, dst, src); > } > > -static void aes_encrypt_wrapper(const void *ctx, size_t length, > +static void aes128_encrypt_wrapper(const void *ctx, size_t length, > + uint8_t *dst, const uint8_t *src) > +{ > + const QCryptoNettleAES128 *aesctx = ctx; > + aes128_encrypt(&aesctx->enc, length, dst, src); > +} > + > +static void aes128_decrypt_wrapper(const void *ctx, size_t length, > uint8_t *dst, const uint8_t *src) > { > - const QCryptoNettleAES *aesctx = ctx; > - aes_encrypt(&aesctx->enc, length, dst, src); > + const QCryptoNettleAES128 *aesctx = ctx; > + aes128_decrypt(&aesctx->dec, length, dst, src); > } > > -static void aes_decrypt_wrapper(const void *ctx, size_t length, > +static void aes192_encrypt_wrapper(const void *ctx, size_t length, > uint8_t *dst, const uint8_t *src) > { > - const QCryptoNettleAES *aesctx = ctx; > - aes_decrypt(&aesctx->dec, length, dst, src); > + const QCryptoNettleAES192 *aesctx = ctx; > + aes192_encrypt(&aesctx->enc, length, dst, src); > +} > + > +static void aes192_decrypt_wrapper(const void *ctx, size_t length, > + uint8_t *dst, const uint8_t *src) > +{ > + const QCryptoNettleAES192 *aesctx = ctx; > + aes192_decrypt(&aesctx->dec, length, dst, src); > +} > + > +static void aes256_encrypt_wrapper(const void *ctx, size_t length, > + uint8_t *dst, const uint8_t *src) > +{ > + const QCryptoNettleAES256 *aesctx = ctx; > + aes256_encrypt(&aesctx->enc, length, dst, src); > +} > + > +static void aes256_decrypt_wrapper(const void *ctx, size_t length, > + uint8_t *dst, const uint8_t *src) > +{ > + const QCryptoNettleAES256 *aesctx = ctx; > + aes256_decrypt(&aesctx->dec, length, dst, src); > } > > static void des_encrypt_wrapper(const void *ctx, size_t length, > @@ -319,34 +407,94 @@ static QCryptoCipherNettle > *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg, > break; > > case QCRYPTO_CIPHER_ALG_AES_128: > + ctx->ctx = g_new0(QCryptoNettleAES128, 1); > + > + if (mode == QCRYPTO_CIPHER_MODE_XTS) { > + ctx->ctx_tweak = g_new0(QCryptoNettleAES128, 1); > + > + nkey /= 2; > + aes128_set_encrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->enc, > + key); > + aes128_set_decrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->dec, > + key); > + > + aes128_set_encrypt_key(&((QCryptoNettleAES128 *)ctx->ctx_tweak)-> > + enc, key + nkey); > + aes128_set_decrypt_key(&((QCryptoNettleAES128 *)ctx->ctx_tweak)-> > + dec, key + nkey); > + } else { > + aes128_set_encrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->enc, > + key); > + aes128_set_decrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->dec, > + key); > + } > + > + ctx->alg_encrypt_native = aes128_encrypt_native; > + ctx->alg_decrypt_native = aes128_decrypt_native; > + ctx->alg_encrypt_wrapper = aes128_encrypt_wrapper; > + ctx->alg_decrypt_wrapper = aes128_decrypt_wrapper; > + > + ctx->blocksize = AES_BLOCK_SIZE; > + break; > + > case QCRYPTO_CIPHER_ALG_AES_192: > + ctx->ctx = g_new0(QCryptoNettleAES192, 1); > + > + if (mode == QCRYPTO_CIPHER_MODE_XTS) { > + ctx->ctx_tweak = g_new0(QCryptoNettleAES192, 1); > + > + nkey /= 2; > + aes192_set_encrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->enc, > + key); > + aes192_set_decrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->dec, > + key); > + > + aes192_set_encrypt_key(&((QCryptoNettleAES192 *)ctx->ctx_tweak)-> > + enc, key + nkey); > + aes192_set_decrypt_key(&((QCryptoNettleAES192 *)ctx->ctx_tweak)-> > + dec, key + nkey); > + } else { > + aes192_set_encrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->enc, > + key); > + aes192_set_decrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->dec, > + key); > + } > + > + ctx->alg_encrypt_native = aes192_encrypt_native; > + ctx->alg_decrypt_native = aes192_decrypt_native; > + ctx->alg_encrypt_wrapper = aes192_encrypt_wrapper; > + ctx->alg_decrypt_wrapper = aes192_decrypt_wrapper; > + > + ctx->blocksize = AES_BLOCK_SIZE; > + break; > + > case QCRYPTO_CIPHER_ALG_AES_256: > - ctx->ctx = g_new0(QCryptoNettleAES, 1); > + ctx->ctx = g_new0(QCryptoNettleAES256, 1); > > if (mode == QCRYPTO_CIPHER_MODE_XTS) { > - ctx->ctx_tweak = g_new0(QCryptoNettleAES, 1); > + ctx->ctx_tweak = g_new0(QCryptoNettleAES256, 1); > > nkey /= 2; > - aes_set_encrypt_key(&((QCryptoNettleAES *)ctx->ctx)->enc, > - nkey, key); > - aes_set_decrypt_key(&((QCryptoNettleAES *)ctx->ctx)->dec, > - nkey, key); > - > - aes_set_encrypt_key(&((QCryptoNettleAES *)ctx->ctx_tweak)->enc, > - nkey, key + nkey); > - aes_set_decrypt_key(&((QCryptoNettleAES *)ctx->ctx_tweak)->dec, > - nkey, key + nkey); > + aes256_set_encrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->enc, > + key); > + aes256_set_decrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->dec, > + key); > + > + aes256_set_encrypt_key(&((QCryptoNettleAES256 *)ctx->ctx_tweak)-> > + enc, key + nkey); > + aes256_set_decrypt_key(&((QCryptoNettleAES256 *)ctx->ctx_tweak)-> > + dec, key + nkey); > } else { > - aes_set_encrypt_key(&((QCryptoNettleAES *)ctx->ctx)->enc, > - nkey, key); > - aes_set_decrypt_key(&((QCryptoNettleAES *)ctx->ctx)->dec, > - nkey, key); > + aes256_set_encrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->enc, > + key); > + aes256_set_decrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->dec, > + key); > } > > - ctx->alg_encrypt_native = aes_encrypt_native; > - ctx->alg_decrypt_native = aes_decrypt_native; > - ctx->alg_encrypt_wrapper = aes_encrypt_wrapper; > - ctx->alg_decrypt_wrapper = aes_decrypt_wrapper; > + ctx->alg_encrypt_native = aes256_encrypt_native; > + ctx->alg_decrypt_native = aes256_decrypt_native; > + ctx->alg_encrypt_wrapper = aes256_encrypt_wrapper; > + ctx->alg_decrypt_wrapper = aes256_decrypt_wrapper; > > ctx->blocksize = AES_BLOCK_SIZE; > break; -- Alex Bennée