include/crypto/xts.h

   1 /* SPDX-License-Identifier: GPL-2.0 */
   2 #ifndef _CRYPTO_XTS_H
   3 #define _CRYPTO_XTS_H
   4
   5 #include <crypto/b128ops.h>
   6 #include <crypto/internal/skcipher.h>
   7 #include <linux/fips.h>
   8
   9 #define XTS_BLOCK_SIZE 16
  10
  11 static inline int xts_verify_key(struct crypto_skcipher *tfm,
  12                                  const u8 *key, unsigned int keylen)
  13 {
  14         /*
  15          * key consists of keys of equal size concatenated, therefore
  16          * the length must be even.
  17          */
  18         if (keylen % 2)
  19                 return -EINVAL;
  20
  21         /*
  22          * In FIPS mode only a combined key length of either 256 or
  23          * 512 bits is allowed, c.f. FIPS 140-3 IG C.I.
  24          */
  25         if (fips_enabled && keylen != 32 && keylen != 64)
  26                 return -EINVAL;
  27
  28         /*
  29          * Ensure that the AES and tweak key are not identical when
  30          * in FIPS mode or the FORBID_WEAK_KEYS flag is set.
  31          */
  32         if ((fips_enabled || (crypto_skcipher_get_flags(tfm) &
  33                               CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) &&
  34             !crypto_memneq(key, key + (keylen / 2), keylen / 2))
  35                 return -EINVAL;
  36
  37         return 0;
  38 }
  39
  40 #endif  /* _CRYPTO_XTS_H */