summaryrefslogtreecommitdiff
path: root/include/crypto/xts.h
diff options
context:
space:
mode:
authorStephan Mueller <smueller@chronox.de>2016-02-09 15:37:47 +0100
committerHerbert Xu <herbert@gondor.apana.org.au>2016-02-17 04:07:51 +0800
commit28856a9e52c7cac712af6c143de04766617535dc (patch)
tree4ee6c79e76f8eadc0148bfeb09fd146c9d53fabf /include/crypto/xts.h
parent730d02e27670fa5b6a55778d11023c5897d87d57 (diff)
crypto: xts - consolidate sanity check for keys
The patch centralizes the XTS key check logic into the service function xts_check_key which is invoked from the different XTS implementations. With this, the XTS implementations in ARM, ARM64, PPC and S390 have now a sanity check for the XTS keys similar to the other arches. In addition, this service function received a check to ensure that the key != the tweak key which is mandated by FIPS 140-2 IG A.9. As the check is not present in the standards defining XTS, it is only enforced in FIPS mode of the kernel. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'include/crypto/xts.h')
-rw-r--r--include/crypto/xts.h27
1 files changed, 27 insertions, 0 deletions
diff --git a/include/crypto/xts.h b/include/crypto/xts.h
index 72c09eb56437..ede6b97b24cc 100644
--- a/include/crypto/xts.h
+++ b/include/crypto/xts.h
@@ -2,6 +2,9 @@
#define _CRYPTO_XTS_H
#include <crypto/b128ops.h>
+#include <linux/crypto.h>
+#include <crypto/algapi.h>
+#include <linux/fips.h>
struct scatterlist;
struct blkcipher_desc;
@@ -24,4 +27,28 @@ int xts_crypt(struct blkcipher_desc *desc, struct scatterlist *dst,
struct scatterlist *src, unsigned int nbytes,
struct xts_crypt_req *req);
+static inline int xts_check_key(struct crypto_tfm *tfm,
+ const u8 *key, unsigned int keylen)
+{
+ u32 *flags = &tfm->crt_flags;
+
+ /*
+ * key consists of keys of equal size concatenated, therefore
+ * the length must be even.
+ */
+ if (keylen % 2) {
+ *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
+ return -EINVAL;
+ }
+
+ /* ensure that the AES and tweak key are not identical */
+ if (fips_enabled &&
+ !crypto_memneq(key, key + (keylen / 2), keylen / 2)) {
+ *flags |= CRYPTO_TFM_RES_WEAK_KEY;
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
#endif /* _CRYPTO_XTS_H */