xref: /openbmc/linux/include/crypto/xts.h (revision 1c4428b295884316eaff16be9c1d85f7c2361696) 
1b2441318SGreg Kroah-Hartman /* SPDX-License-Identifier: GPL-2.0 */
2ce004556SJussi Kivilinna #ifndef _CRYPTO_XTS_H
3ce004556SJussi Kivilinna #define _CRYPTO_XTS_H
4ce004556SJussi Kivilinna 
5ce004556SJussi Kivilinna #include <crypto/b128ops.h>
6f1c131b4SHerbert Xu #include <crypto/internal/skcipher.h>
728856a9eSStephan Mueller #include <linux/fips.h>
8ce004556SJussi Kivilinna 
9ce004556SJussi Kivilinna #define XTS_BLOCK_SIZE 16
10ce004556SJussi Kivilinna 
1128856a9eSStephan Mueller static inline int xts_check_key(struct crypto_tfm *tfm,
1228856a9eSStephan Mueller 				const u8 *key, unsigned int keylen)
1328856a9eSStephan Mueller {
1428856a9eSStephan Mueller 	/*
1528856a9eSStephan Mueller 	 * key consists of keys of equal size concatenated, therefore
1628856a9eSStephan Mueller 	 * the length must be even.
1728856a9eSStephan Mueller 	 */
18674f368aSEric Biggers 	if (keylen % 2)
1928856a9eSStephan Mueller 		return -EINVAL;
2028856a9eSStephan Mueller 
2128856a9eSStephan Mueller 	/* ensure that the AES and tweak key are not identical */
22c4c4db0dSEric Biggers 	if (fips_enabled && !crypto_memneq(key, key + (keylen / 2), keylen / 2))
2328856a9eSStephan Mueller 		return -EINVAL;
2428856a9eSStephan Mueller 
2528856a9eSStephan Mueller 	return 0;
2628856a9eSStephan Mueller }
2728856a9eSStephan Mueller 
28f1c131b4SHerbert Xu static inline int xts_verify_key(struct crypto_skcipher *tfm,
29f1c131b4SHerbert Xu 				 const u8 *key, unsigned int keylen)
30f1c131b4SHerbert Xu {
31f1c131b4SHerbert Xu 	/*
32f1c131b4SHerbert Xu 	 * key consists of keys of equal size concatenated, therefore
33f1c131b4SHerbert Xu 	 * the length must be even.
34f1c131b4SHerbert Xu 	 */
35674f368aSEric Biggers 	if (keylen % 2)
36f1c131b4SHerbert Xu 		return -EINVAL;
37f1c131b4SHerbert Xu 
38*1c4428b2SNicolai Stange 	/*
39*1c4428b2SNicolai Stange 	 * In FIPS mode only a combined key length of either 256 or
40*1c4428b2SNicolai Stange 	 * 512 bits is allowed, c.f. FIPS 140-3 IG C.I.
41*1c4428b2SNicolai Stange 	 */
42*1c4428b2SNicolai Stange 	if (fips_enabled && keylen != 32 && keylen != 64)
43*1c4428b2SNicolai Stange 		return -EINVAL;
44*1c4428b2SNicolai Stange 
45f1c131b4SHerbert Xu 	/* ensure that the AES and tweak key are not identical */
46231baecdSEric Biggers 	if ((fips_enabled || (crypto_skcipher_get_flags(tfm) &
47231baecdSEric Biggers 			      CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) &&
48c4c4db0dSEric Biggers 	    !crypto_memneq(key, key + (keylen / 2), keylen / 2))
49f1c131b4SHerbert Xu 		return -EINVAL;
50f1c131b4SHerbert Xu 
51f1c131b4SHerbert Xu 	return 0;
52f1c131b4SHerbert Xu }
53f1c131b4SHerbert Xu 
54ce004556SJussi Kivilinna #endif  /* _CRYPTO_XTS_H */
55