xref: /openbmc/linux/include/crypto/xts.h (revision 231baecdef7a906579925ccf1bd45aa734f32320) 
1b2441318SGreg Kroah-Hartman /* SPDX-License-Identifier: GPL-2.0 */
2ce004556SJussi Kivilinna #ifndef _CRYPTO_XTS_H
3ce004556SJussi Kivilinna #define _CRYPTO_XTS_H
4ce004556SJussi Kivilinna 
5ce004556SJussi Kivilinna #include <crypto/b128ops.h>
6f1c131b4SHerbert Xu #include <crypto/internal/skcipher.h>
728856a9eSStephan Mueller #include <linux/fips.h>
8ce004556SJussi Kivilinna 
9ce004556SJussi Kivilinna #define XTS_BLOCK_SIZE 16
10ce004556SJussi Kivilinna 
11ce004556SJussi Kivilinna #define XTS_TWEAK_CAST(x) ((void (*)(void *, u8*, const u8*))(x))
12ce004556SJussi Kivilinna 
1328856a9eSStephan Mueller static inline int xts_check_key(struct crypto_tfm *tfm,
1428856a9eSStephan Mueller 				const u8 *key, unsigned int keylen)
1528856a9eSStephan Mueller {
1628856a9eSStephan Mueller 	u32 *flags = &tfm->crt_flags;
1728856a9eSStephan Mueller 
1828856a9eSStephan Mueller 	/*
1928856a9eSStephan Mueller 	 * key consists of keys of equal size concatenated, therefore
2028856a9eSStephan Mueller 	 * the length must be even.
2128856a9eSStephan Mueller 	 */
2228856a9eSStephan Mueller 	if (keylen % 2) {
2328856a9eSStephan Mueller 		*flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
2428856a9eSStephan Mueller 		return -EINVAL;
2528856a9eSStephan Mueller 	}
2628856a9eSStephan Mueller 
2728856a9eSStephan Mueller 	/* ensure that the AES and tweak key are not identical */
2828856a9eSStephan Mueller 	if (fips_enabled &&
2928856a9eSStephan Mueller 	    !crypto_memneq(key, key + (keylen / 2), keylen / 2)) {
3028856a9eSStephan Mueller 		*flags |= CRYPTO_TFM_RES_WEAK_KEY;
3128856a9eSStephan Mueller 		return -EINVAL;
3228856a9eSStephan Mueller 	}
3328856a9eSStephan Mueller 
3428856a9eSStephan Mueller 	return 0;
3528856a9eSStephan Mueller }
3628856a9eSStephan Mueller 
37f1c131b4SHerbert Xu static inline int xts_verify_key(struct crypto_skcipher *tfm,
38f1c131b4SHerbert Xu 				 const u8 *key, unsigned int keylen)
39f1c131b4SHerbert Xu {
40f1c131b4SHerbert Xu 	/*
41f1c131b4SHerbert Xu 	 * key consists of keys of equal size concatenated, therefore
42f1c131b4SHerbert Xu 	 * the length must be even.
43f1c131b4SHerbert Xu 	 */
44f1c131b4SHerbert Xu 	if (keylen % 2) {
45f1c131b4SHerbert Xu 		crypto_skcipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
46f1c131b4SHerbert Xu 		return -EINVAL;
47f1c131b4SHerbert Xu 	}
48f1c131b4SHerbert Xu 
49f1c131b4SHerbert Xu 	/* ensure that the AES and tweak key are not identical */
50*231baecdSEric Biggers 	if ((fips_enabled || (crypto_skcipher_get_flags(tfm) &
51*231baecdSEric Biggers 			      CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) &&
52f1c131b4SHerbert Xu 	    !crypto_memneq(key, key + (keylen / 2), keylen / 2)) {
53f1c131b4SHerbert Xu 		crypto_skcipher_set_flags(tfm, CRYPTO_TFM_RES_WEAK_KEY);
54f1c131b4SHerbert Xu 		return -EINVAL;
55f1c131b4SHerbert Xu 	}
56f1c131b4SHerbert Xu 
57f1c131b4SHerbert Xu 	return 0;
58f1c131b4SHerbert Xu }
59f1c131b4SHerbert Xu 
60ce004556SJussi Kivilinna #endif  /* _CRYPTO_XTS_H */
61