1b2441318SGreg Kroah-Hartman /* SPDX-License-Identifier: GPL-2.0 */ 2ce004556SJussi Kivilinna #ifndef _CRYPTO_XTS_H 3ce004556SJussi Kivilinna #define _CRYPTO_XTS_H 4ce004556SJussi Kivilinna 5ce004556SJussi Kivilinna #include <crypto/b128ops.h> 6f1c131b4SHerbert Xu #include <crypto/internal/skcipher.h> 728856a9eSStephan Mueller #include <linux/fips.h> 8ce004556SJussi Kivilinna 9ce004556SJussi Kivilinna #define XTS_BLOCK_SIZE 16 10ce004556SJussi Kivilinna xts_verify_key(struct crypto_skcipher * tfm,const u8 * key,unsigned int keylen)11f1c131b4SHerbert Xustatic inline int xts_verify_key(struct crypto_skcipher *tfm, 12f1c131b4SHerbert Xu const u8 *key, unsigned int keylen) 13f1c131b4SHerbert Xu { 14f1c131b4SHerbert Xu /* 15f1c131b4SHerbert Xu * key consists of keys of equal size concatenated, therefore 16f1c131b4SHerbert Xu * the length must be even. 17f1c131b4SHerbert Xu */ 18674f368aSEric Biggers if (keylen % 2) 19f1c131b4SHerbert Xu return -EINVAL; 20f1c131b4SHerbert Xu 211c4428b2SNicolai Stange /* 221c4428b2SNicolai Stange * In FIPS mode only a combined key length of either 256 or 231c4428b2SNicolai Stange * 512 bits is allowed, c.f. FIPS 140-3 IG C.I. 241c4428b2SNicolai Stange */ 251c4428b2SNicolai Stange if (fips_enabled && keylen != 32 && keylen != 64) 261c4428b2SNicolai Stange return -EINVAL; 271c4428b2SNicolai Stange 28*0ee43367SVladis Dronov /* 29*0ee43367SVladis Dronov * Ensure that the AES and tweak key are not identical when 30*0ee43367SVladis Dronov * in FIPS mode or the FORBID_WEAK_KEYS flag is set. 31*0ee43367SVladis Dronov */ 32231baecdSEric Biggers if ((fips_enabled || (crypto_skcipher_get_flags(tfm) & 33231baecdSEric Biggers CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) && 34c4c4db0dSEric Biggers !crypto_memneq(key, key + (keylen / 2), keylen / 2)) 35f1c131b4SHerbert Xu return -EINVAL; 36f1c131b4SHerbert Xu 37f1c131b4SHerbert Xu return 0; 38f1c131b4SHerbert Xu } 39f1c131b4SHerbert Xu 40ce004556SJussi Kivilinna #endif /* _CRYPTO_XTS_H */ 41