aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/xts.c
diff options
context:
space:
mode:
authorTimos Ampelikiotis <t.ampelikiotis@virtualopensystems.com>2023-10-10 11:40:56 +0000
committerTimos Ampelikiotis <t.ampelikiotis@virtualopensystems.com>2023-10-10 11:40:56 +0000
commite02cda008591317b1625707ff8e115a4841aa889 (patch)
treeaee302e3cf8b59ec2d32ec481be3d1afddfc8968 /crypto/xts.c
parentcc668e6b7e0ffd8c9d130513d12053cf5eda1d3b (diff)
Introduce Virtio-loopback epsilon release:
Epsilon release introduces a new compatibility layer which make virtio-loopback design to work with QEMU and rust-vmm vhost-user backend without require any changes. Signed-off-by: Timos Ampelikiotis <t.ampelikiotis@virtualopensystems.com> Change-Id: I52e57563e08a7d0bdc002f8e928ee61ba0c53dd9
Diffstat (limited to 'crypto/xts.c')
-rw-r--r--crypto/xts.c250
1 files changed, 250 insertions, 0 deletions
diff --git a/crypto/xts.c b/crypto/xts.c
new file mode 100644
index 000000000..d4a49fdb7
--- /dev/null
+++ b/crypto/xts.c
@@ -0,0 +1,250 @@
+/*
+ * QEMU Crypto XTS cipher mode
+ *
+ * Copyright (c) 2015-2016 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ * This code is originally derived from public domain / WTFPL code in
+ * LibTomCrypt crytographic library http://libtom.org. The XTS code
+ * was donated by Elliptic Semiconductor Inc (www.ellipticsemi.com)
+ * to the LibTom Projects
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/bswap.h"
+#include "crypto/xts.h"
+
+typedef union {
+ uint8_t b[XTS_BLOCK_SIZE];
+ uint64_t u[2];
+} xts_uint128;
+
+static inline void xts_uint128_xor(xts_uint128 *D,
+ const xts_uint128 *S1,
+ const xts_uint128 *S2)
+{
+ D->u[0] = S1->u[0] ^ S2->u[0];
+ D->u[1] = S1->u[1] ^ S2->u[1];
+}
+
+static inline void xts_uint128_cpu_to_les(xts_uint128 *v)
+{
+ cpu_to_le64s(&v->u[0]);
+ cpu_to_le64s(&v->u[1]);
+}
+
+static inline void xts_uint128_le_to_cpus(xts_uint128 *v)
+{
+ le64_to_cpus(&v->u[0]);
+ le64_to_cpus(&v->u[1]);
+}
+
+static void xts_mult_x(xts_uint128 *I)
+{
+ uint64_t tt;
+
+ xts_uint128_le_to_cpus(I);
+
+ tt = I->u[0] >> 63;
+ I->u[0] <<= 1;
+
+ if (I->u[1] >> 63) {
+ I->u[0] ^= 0x87;
+ }
+ I->u[1] <<= 1;
+ I->u[1] |= tt;
+
+ xts_uint128_cpu_to_les(I);
+}
+
+
+/**
+ * xts_tweak_encdec:
+ * @param ctxt: the cipher context
+ * @param func: the cipher function
+ * @src: buffer providing the input text of XTS_BLOCK_SIZE bytes
+ * @dst: buffer to output the output text of XTS_BLOCK_SIZE bytes
+ * @iv: the initialization vector tweak of XTS_BLOCK_SIZE bytes
+ *
+ * Encrypt/decrypt data with a tweak
+ */
+static inline void xts_tweak_encdec(const void *ctx,
+ xts_cipher_func *func,
+ const xts_uint128 *src,
+ xts_uint128 *dst,
+ xts_uint128 *iv)
+{
+ /* tweak encrypt block i */
+ xts_uint128_xor(dst, src, iv);
+
+ func(ctx, XTS_BLOCK_SIZE, dst->b, dst->b);
+
+ xts_uint128_xor(dst, dst, iv);
+
+ /* LFSR the tweak */
+ xts_mult_x(iv);
+}
+
+
+void xts_decrypt(const void *datactx,
+ const void *tweakctx,
+ xts_cipher_func *encfunc,
+ xts_cipher_func *decfunc,
+ uint8_t *iv,
+ size_t length,
+ uint8_t *dst,
+ const uint8_t *src)
+{
+ xts_uint128 PP, CC, T;
+ unsigned long i, m, mo, lim;
+
+ /* get number of blocks */
+ m = length >> 4;
+ mo = length & 15;
+
+ /* must have at least one full block */
+ g_assert(m != 0);
+
+ if (mo == 0) {
+ lim = m;
+ } else {
+ lim = m - 1;
+ }
+
+ /* encrypt the iv */
+ encfunc(tweakctx, XTS_BLOCK_SIZE, T.b, iv);
+
+ if (QEMU_PTR_IS_ALIGNED(src, sizeof(uint64_t)) &&
+ QEMU_PTR_IS_ALIGNED(dst, sizeof(uint64_t))) {
+ xts_uint128 *S = (xts_uint128 *)src;
+ xts_uint128 *D = (xts_uint128 *)dst;
+ for (i = 0; i < lim; i++, S++, D++) {
+ xts_tweak_encdec(datactx, decfunc, S, D, &T);
+ }
+ } else {
+ xts_uint128 D;
+
+ for (i = 0; i < lim; i++) {
+ memcpy(&D, src, XTS_BLOCK_SIZE);
+ xts_tweak_encdec(datactx, decfunc, &D, &D, &T);
+ memcpy(dst, &D, XTS_BLOCK_SIZE);
+ src += XTS_BLOCK_SIZE;
+ dst += XTS_BLOCK_SIZE;
+ }
+ }
+
+ /* if length is not a multiple of XTS_BLOCK_SIZE then */
+ if (mo > 0) {
+ xts_uint128 S, D;
+ memcpy(&CC, &T, XTS_BLOCK_SIZE);
+ xts_mult_x(&CC);
+
+ /* PP = tweak decrypt block m-1 */
+ memcpy(&S, src, XTS_BLOCK_SIZE);
+ xts_tweak_encdec(datactx, decfunc, &S, &PP, &CC);
+
+ /* Pm = first length % XTS_BLOCK_SIZE bytes of PP */
+ for (i = 0; i < mo; i++) {
+ CC.b[i] = src[XTS_BLOCK_SIZE + i];
+ dst[XTS_BLOCK_SIZE + i] = PP.b[i];
+ }
+ for (; i < XTS_BLOCK_SIZE; i++) {
+ CC.b[i] = PP.b[i];
+ }
+
+ /* Pm-1 = Tweak uncrypt CC */
+ xts_tweak_encdec(datactx, decfunc, &CC, &D, &T);
+ memcpy(dst, &D, XTS_BLOCK_SIZE);
+ }
+
+ /* Decrypt the iv back */
+ decfunc(tweakctx, XTS_BLOCK_SIZE, iv, T.b);
+}
+
+
+void xts_encrypt(const void *datactx,
+ const void *tweakctx,
+ xts_cipher_func *encfunc,
+ xts_cipher_func *decfunc,
+ uint8_t *iv,
+ size_t length,
+ uint8_t *dst,
+ const uint8_t *src)
+{
+ xts_uint128 PP, CC, T;
+ unsigned long i, m, mo, lim;
+
+ /* get number of blocks */
+ m = length >> 4;
+ mo = length & 15;
+
+ /* must have at least one full block */
+ g_assert(m != 0);
+
+ if (mo == 0) {
+ lim = m;
+ } else {
+ lim = m - 1;
+ }
+
+ /* encrypt the iv */
+ encfunc(tweakctx, XTS_BLOCK_SIZE, T.b, iv);
+
+ if (QEMU_PTR_IS_ALIGNED(src, sizeof(uint64_t)) &&
+ QEMU_PTR_IS_ALIGNED(dst, sizeof(uint64_t))) {
+ xts_uint128 *S = (xts_uint128 *)src;
+ xts_uint128 *D = (xts_uint128 *)dst;
+ for (i = 0; i < lim; i++, S++, D++) {
+ xts_tweak_encdec(datactx, encfunc, S, D, &T);
+ }
+ } else {
+ xts_uint128 D;
+
+ for (i = 0; i < lim; i++) {
+ memcpy(&D, src, XTS_BLOCK_SIZE);
+ xts_tweak_encdec(datactx, encfunc, &D, &D, &T);
+ memcpy(dst, &D, XTS_BLOCK_SIZE);
+
+ dst += XTS_BLOCK_SIZE;
+ src += XTS_BLOCK_SIZE;
+ }
+ }
+
+ /* if length is not a multiple of XTS_BLOCK_SIZE then */
+ if (mo > 0) {
+ xts_uint128 S, D;
+ /* CC = tweak encrypt block m-1 */
+ memcpy(&S, src, XTS_BLOCK_SIZE);
+ xts_tweak_encdec(datactx, encfunc, &S, &CC, &T);
+
+ /* Cm = first length % XTS_BLOCK_SIZE bytes of CC */
+ for (i = 0; i < mo; i++) {
+ PP.b[i] = src[XTS_BLOCK_SIZE + i];
+ dst[XTS_BLOCK_SIZE + i] = CC.b[i];
+ }
+
+ for (; i < XTS_BLOCK_SIZE; i++) {
+ PP.b[i] = CC.b[i];
+ }
+
+ /* Cm-1 = Tweak encrypt PP */
+ xts_tweak_encdec(datactx, encfunc, &PP, &D, &T);
+ memcpy(dst, &D, XTS_BLOCK_SIZE);
+ }
+
+ /* Decrypt the iv back */
+ decfunc(tweakctx, XTS_BLOCK_SIZE, iv, T.b);
+}