1ce004556SJussi Kivilinna #ifndef _CRYPTO_XTS_H 2ce004556SJussi Kivilinna #define _CRYPTO_XTS_H 3ce004556SJussi Kivilinna 4ce004556SJussi Kivilinna #include <crypto/b128ops.h> 5*f1c131b4SHerbert Xu #include <crypto/internal/skcipher.h> 628856a9eSStephan Mueller #include <linux/fips.h> 7ce004556SJussi Kivilinna 8ce004556SJussi Kivilinna struct scatterlist; 9ce004556SJussi Kivilinna struct blkcipher_desc; 10ce004556SJussi Kivilinna 11ce004556SJussi Kivilinna #define XTS_BLOCK_SIZE 16 12ce004556SJussi Kivilinna 13ce004556SJussi Kivilinna struct xts_crypt_req { 14ce004556SJussi Kivilinna be128 *tbuf; 15ce004556SJussi Kivilinna unsigned int tbuflen; 16ce004556SJussi Kivilinna 17ce004556SJussi Kivilinna void *tweak_ctx; 18ce004556SJussi Kivilinna void (*tweak_fn)(void *ctx, u8* dst, const u8* src); 19ce004556SJussi Kivilinna void *crypt_ctx; 20ce004556SJussi Kivilinna void (*crypt_fn)(void *ctx, u8 *blks, unsigned int nbytes); 21ce004556SJussi Kivilinna }; 22ce004556SJussi Kivilinna 23ce004556SJussi Kivilinna #define XTS_TWEAK_CAST(x) ((void (*)(void *, u8*, const u8*))(x)) 24ce004556SJussi Kivilinna 25ce004556SJussi Kivilinna int xts_crypt(struct blkcipher_desc *desc, struct scatterlist *dst, 26ce004556SJussi Kivilinna struct scatterlist *src, unsigned int nbytes, 27ce004556SJussi Kivilinna struct xts_crypt_req *req); 28ce004556SJussi Kivilinna 2928856a9eSStephan Mueller static inline int xts_check_key(struct crypto_tfm *tfm, 3028856a9eSStephan Mueller const u8 *key, unsigned int keylen) 3128856a9eSStephan Mueller { 3228856a9eSStephan Mueller u32 *flags = &tfm->crt_flags; 3328856a9eSStephan Mueller 3428856a9eSStephan Mueller /* 3528856a9eSStephan Mueller * key consists of keys of equal size concatenated, therefore 3628856a9eSStephan Mueller * the length must be even. 3728856a9eSStephan Mueller */ 3828856a9eSStephan Mueller if (keylen % 2) { 3928856a9eSStephan Mueller *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN; 4028856a9eSStephan Mueller return -EINVAL; 4128856a9eSStephan Mueller } 4228856a9eSStephan Mueller 4328856a9eSStephan Mueller /* ensure that the AES and tweak key are not identical */ 4428856a9eSStephan Mueller if (fips_enabled && 4528856a9eSStephan Mueller !crypto_memneq(key, key + (keylen / 2), keylen / 2)) { 4628856a9eSStephan Mueller *flags |= CRYPTO_TFM_RES_WEAK_KEY; 4728856a9eSStephan Mueller return -EINVAL; 4828856a9eSStephan Mueller } 4928856a9eSStephan Mueller 5028856a9eSStephan Mueller return 0; 5128856a9eSStephan Mueller } 5228856a9eSStephan Mueller 53*f1c131b4SHerbert Xu static inline int xts_verify_key(struct crypto_skcipher *tfm, 54*f1c131b4SHerbert Xu const u8 *key, unsigned int keylen) 55*f1c131b4SHerbert Xu { 56*f1c131b4SHerbert Xu /* 57*f1c131b4SHerbert Xu * key consists of keys of equal size concatenated, therefore 58*f1c131b4SHerbert Xu * the length must be even. 59*f1c131b4SHerbert Xu */ 60*f1c131b4SHerbert Xu if (keylen % 2) { 61*f1c131b4SHerbert Xu crypto_skcipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN); 62*f1c131b4SHerbert Xu return -EINVAL; 63*f1c131b4SHerbert Xu } 64*f1c131b4SHerbert Xu 65*f1c131b4SHerbert Xu /* ensure that the AES and tweak key are not identical */ 66*f1c131b4SHerbert Xu if ((fips_enabled || crypto_skcipher_get_flags(tfm) & 67*f1c131b4SHerbert Xu CRYPTO_TFM_REQ_WEAK_KEY) && 68*f1c131b4SHerbert Xu !crypto_memneq(key, key + (keylen / 2), keylen / 2)) { 69*f1c131b4SHerbert Xu crypto_skcipher_set_flags(tfm, CRYPTO_TFM_RES_WEAK_KEY); 70*f1c131b4SHerbert Xu return -EINVAL; 71*f1c131b4SHerbert Xu } 72*f1c131b4SHerbert Xu 73*f1c131b4SHerbert Xu return 0; 74*f1c131b4SHerbert Xu } 75*f1c131b4SHerbert Xu 76ce004556SJussi Kivilinna #endif /* _CRYPTO_XTS_H */ 77