From 3c28292f390f642bbb3dba0949ecf36aaf7be0d6 Mon Sep 17 00:00:00 2001
From: Gonglei <arei.gonglei@huawei.com>
Date: Mon, 26 Sep 2016 17:23:22 +0800
Subject: crypto: add CTR mode support

Introduce CTR mode support for the cipher APIs.
CTR mode uses a counter rather than a traditional IV.
The counter has additional properties, including a nonce
and initial counter block. We reuse the ctx->iv as
the counter for conveniences.

Both libgcrypt and nettle are support CTR mode, the
cipher-builtin doesn't support yet.

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
 crypto/cipher-nettle.c | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

(limited to 'crypto/cipher-nettle.c')

diff --git a/crypto/cipher-nettle.c b/crypto/cipher-nettle.c
index 72d106922d..cd094cd6a5 100644
--- a/crypto/cipher-nettle.c
+++ b/crypto/cipher-nettle.c
@@ -28,6 +28,7 @@
 #include <nettle/cast128.h>
 #include <nettle/serpent.h>
 #include <nettle/twofish.h>
+#include <nettle/ctr.h>
 
 typedef void (*QCryptoCipherNettleFuncWrapper)(const void *ctx,
                                                size_t length,
@@ -186,7 +187,7 @@ struct QCryptoCipherNettle {
     QCryptoCipherNettleFuncNative alg_decrypt_native;
     QCryptoCipherNettleFuncWrapper alg_encrypt_wrapper;
     QCryptoCipherNettleFuncWrapper alg_decrypt_wrapper;
-
+    /* Initialization vector or Counter */
     uint8_t *iv;
     size_t blocksize;
 };
@@ -236,6 +237,7 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
     case QCRYPTO_CIPHER_MODE_ECB:
     case QCRYPTO_CIPHER_MODE_CBC:
     case QCRYPTO_CIPHER_MODE_XTS:
+    case QCRYPTO_CIPHER_MODE_CTR:
         break;
     default:
         error_setg(errp, "Unsupported cipher mode %s",
@@ -441,6 +443,12 @@ int qcrypto_cipher_encrypt(QCryptoCipher *cipher,
                     ctx->iv, len, out, in);
         break;
 
+    case QCRYPTO_CIPHER_MODE_CTR:
+        ctr_crypt(ctx->ctx, ctx->alg_encrypt_native,
+                    ctx->blocksize, ctx->iv,
+                    len, out, in);
+        break;
+
     default:
         error_setg(errp, "Unsupported cipher mode %s",
                    QCryptoCipherMode_lookup[cipher->mode]);
@@ -480,6 +488,11 @@ int qcrypto_cipher_decrypt(QCryptoCipher *cipher,
                     ctx->alg_encrypt_wrapper, ctx->alg_decrypt_wrapper,
                     ctx->iv, len, out, in);
         break;
+    case QCRYPTO_CIPHER_MODE_CTR:
+        ctr_crypt(ctx->ctx, ctx->alg_encrypt_native,
+                    ctx->blocksize, ctx->iv,
+                    len, out, in);
+        break;
 
     default:
         error_setg(errp, "Unsupported cipher mode %s",
-- 
cgit 1.4.1