crypto: add CTR mode support

Introduce CTR mode support for the cipher APIs. CTR mode uses a counter rather than a traditional IV. The counter has additional properties, including a nonce and initial counter block. We reuse the ctx->iv as the counter for conveniences. Both libgcrypt and nettle are support CTR mode, the cipher-builtin doesn't support yet. Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2025-12-17 21:26:13 -07:00 · 2016-09-26 17:23:22 +08:00 · 2016-09-26 17:23:22 +08:00 · 3c28292f39
commit 3c28292f39
parent f844836ddc
6 changed files with 94 additions and 11 deletions
--- a/crypto/cipher-nettle.c
+++ b/crypto/cipher-nettle.c
@ -28,6 +28,7 @@
 #include <nettle/cast128.h>
 #include <nettle/serpent.h>
 #include <nettle/twofish.h>
+#include <nettle/ctr.h>

 typedef void (*QCryptoCipherNettleFuncWrapper)(const void *ctx,
                                               size_t length,
@ -186,7 +187,7 @@ struct QCryptoCipherNettle {
    QCryptoCipherNettleFuncNative alg_decrypt_native;
    QCryptoCipherNettleFuncWrapper alg_encrypt_wrapper;
    QCryptoCipherNettleFuncWrapper alg_decrypt_wrapper;
-
+    /* Initialization vector or Counter */
    uint8_t *iv;
    size_t blocksize;
 };
@ -236,6 +237,7 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
    case QCRYPTO_CIPHER_MODE_ECB:
    case QCRYPTO_CIPHER_MODE_CBC:
    case QCRYPTO_CIPHER_MODE_XTS:
+    case QCRYPTO_CIPHER_MODE_CTR:
        break;
    default:
        error_setg(errp, "Unsupported cipher mode %s",
@ -441,6 +443,12 @@ int qcrypto_cipher_encrypt(QCryptoCipher *cipher,
                    ctx->iv, len, out, in);
        break;

+    case QCRYPTO_CIPHER_MODE_CTR:
+        ctr_crypt(ctx->ctx, ctx->alg_encrypt_native,
+                    ctx->blocksize, ctx->iv,
+                    len, out, in);
+        break;
+
    default:
        error_setg(errp, "Unsupported cipher mode %s",
                   QCryptoCipherMode_lookup[cipher->mode]);
@ -480,6 +488,11 @@ int qcrypto_cipher_decrypt(QCryptoCipher *cipher,
                    ctx->alg_encrypt_wrapper, ctx->alg_decrypt_wrapper,
                    ctx->iv, len, out, in);
        break;
+    case QCRYPTO_CIPHER_MODE_CTR:
+        ctr_crypt(ctx->ctx, ctx->alg_encrypt_native,
+                    ctx->blocksize, ctx->iv,
+                    len, out, in);
+        break;

    default:
        error_setg(errp, "Unsupported cipher mode %s",