162306a36Sopenharmony_ci/* SPDX-License-Identifier: GPL-2.0 */ 262306a36Sopenharmony_ci#ifndef _CRYPTO_XTS_H 362306a36Sopenharmony_ci#define _CRYPTO_XTS_H 462306a36Sopenharmony_ci 562306a36Sopenharmony_ci#include <crypto/b128ops.h> 662306a36Sopenharmony_ci#include <crypto/internal/skcipher.h> 762306a36Sopenharmony_ci#include <linux/fips.h> 862306a36Sopenharmony_ci 962306a36Sopenharmony_ci#define XTS_BLOCK_SIZE 16 1062306a36Sopenharmony_ci 1162306a36Sopenharmony_cistatic inline int xts_verify_key(struct crypto_skcipher *tfm, 1262306a36Sopenharmony_ci const u8 *key, unsigned int keylen) 1362306a36Sopenharmony_ci{ 1462306a36Sopenharmony_ci /* 1562306a36Sopenharmony_ci * key consists of keys of equal size concatenated, therefore 1662306a36Sopenharmony_ci * the length must be even. 1762306a36Sopenharmony_ci */ 1862306a36Sopenharmony_ci if (keylen % 2) 1962306a36Sopenharmony_ci return -EINVAL; 2062306a36Sopenharmony_ci 2162306a36Sopenharmony_ci /* 2262306a36Sopenharmony_ci * In FIPS mode only a combined key length of either 256 or 2362306a36Sopenharmony_ci * 512 bits is allowed, c.f. FIPS 140-3 IG C.I. 2462306a36Sopenharmony_ci */ 2562306a36Sopenharmony_ci if (fips_enabled && keylen != 32 && keylen != 64) 2662306a36Sopenharmony_ci return -EINVAL; 2762306a36Sopenharmony_ci 2862306a36Sopenharmony_ci /* 2962306a36Sopenharmony_ci * Ensure that the AES and tweak key are not identical when 3062306a36Sopenharmony_ci * in FIPS mode or the FORBID_WEAK_KEYS flag is set. 3162306a36Sopenharmony_ci */ 3262306a36Sopenharmony_ci if ((fips_enabled || (crypto_skcipher_get_flags(tfm) & 3362306a36Sopenharmony_ci CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) && 3462306a36Sopenharmony_ci !crypto_memneq(key, key + (keylen / 2), keylen / 2)) 3562306a36Sopenharmony_ci return -EINVAL; 3662306a36Sopenharmony_ci 3762306a36Sopenharmony_ci return 0; 3862306a36Sopenharmony_ci} 3962306a36Sopenharmony_ci 4062306a36Sopenharmony_ci#endif /* _CRYPTO_XTS_H */ 41