linux/include/crypto/xts.h

#ifndef _CRYPTO_XTS_H
#define _CRYPTO_XTS_H

#include <crypto/b128ops.h>
#include <crypto/internal/skcipher.h>
#include <linux/fips.h>

struct scatterlist;
struct blkcipher_desc;

#define XTS_BLOCK_SIZE 16

struct xts_crypt_req {
	be128 *tbuf;
	unsigned int tbuflen;

	void *tweak_ctx;
	void (*tweak_fn)(void *ctx, u8* dst, const u8* src);
	void *crypt_ctx;
	void (*crypt_fn)(void *ctx, u8 *blks, unsigned int nbytes);
};

#define XTS_TWEAK_CAST(x) ((void (*)(void *, u8*, const u8*))(x))

int xts_crypt(struct blkcipher_desc *desc, struct scatterlist *dst,
	      struct scatterlist *src, unsigned int nbytes,
	      struct xts_crypt_req *req);

static inline int xts_check_key(struct crypto_tfm *tfm,
				const u8 *key, unsigned int keylen)
{
	u32 *flags = &tfm->crt_flags;

	/*
	 * key consists of keys of equal size concatenated, therefore
	 * the length must be even.
	 */
	if (keylen % 2) {
		*flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
		return -EINVAL;
	}

	/* ensure that the AES and tweak key are not identical */
	if (fips_enabled &&
	    !crypto_memneq(key, key + (keylen / 2), keylen / 2)) {
		*flags |= CRYPTO_TFM_RES_WEAK_KEY;
		return -EINVAL;
	}

	return 0;
}

static inline int xts_verify_key(struct crypto_skcipher *tfm,
				 const u8 *key, unsigned int keylen)
{
	/*
	 * key consists of keys of equal size concatenated, therefore
	 * the length must be even.
	 */
	if (keylen % 2) {
		crypto_skcipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
		return -EINVAL;
	}

	/* ensure that the AES and tweak key are not identical */
	if ((fips_enabled || crypto_skcipher_get_flags(tfm) &
			     CRYPTO_TFM_REQ_WEAK_KEY) &&
	    !crypto_memneq(key, key + (keylen / 2), keylen / 2)) {
		crypto_skcipher_set_flags(tfm, CRYPTO_TFM_RES_WEAK_KEY);
		return -EINVAL;
	}

	return 0;
}

#endif  /* _CRYPTO_XTS_H */
crypto: xts: add interface for parallelized cipher implementations Add xts_crypt() function that can be used by cipher implementations that can benefit from parallelized cipher operations. Signed-off-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2011-11-09 11:56:06 +08:00			`#ifndef _CRYPTO_XTS_H`
			`#define _CRYPTO_XTS_H`

			`#include <crypto/b128ops.h>`
crypto: xts - Convert to skcipher This patch converts xts over to the skcipher interface. It also optimises the implementation to be based on ECB instead of the underlying cipher. For compatibility the existing naming scheme of xts(aes) is maintained as opposed to the more obvious one of xts(ecb(aes)). Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2016-11-22 20:08:19 +08:00			`#include <crypto/internal/skcipher.h>`
crypto: xts - consolidate sanity check for keys The patch centralizes the XTS key check logic into the service function xts_check_key which is invoked from the different XTS implementations. With this, the XTS implementations in ARM, ARM64, PPC and S390 have now a sanity check for the XTS keys similar to the other arches. In addition, this service function received a check to ensure that the key != the tweak key which is mandated by FIPS 140-2 IG A.9. As the check is not present in the standards defining XTS, it is only enforced in FIPS mode of the kernel. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2016-02-09 15:37:47 +01:00			`#include <linux/fips.h>`
crypto: xts: add interface for parallelized cipher implementations Add xts_crypt() function that can be used by cipher implementations that can benefit from parallelized cipher operations. Signed-off-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2011-11-09 11:56:06 +08:00
			`struct scatterlist;`
			`struct blkcipher_desc;`

			`#define XTS_BLOCK_SIZE 16`

			`struct xts_crypt_req {`
			`be128 *tbuf;`
			`unsigned int tbuflen;`

			`void *tweak_ctx;`
			`void (tweak_fn)(void ctx, u8* dst, const u8* src);`
			`void *crypt_ctx;`
			`void (crypt_fn)(void ctx, u8 *blks, unsigned int nbytes);`
			`};`

			`#define XTS_TWEAK_CAST(x) ((void ()(void , u8, const u8))(x))`

			`int xts_crypt(struct blkcipher_desc desc, struct scatterlist dst,`
			`struct scatterlist *src, unsigned int nbytes,`
			`struct xts_crypt_req *req);`

crypto: xts - consolidate sanity check for keys The patch centralizes the XTS key check logic into the service function xts_check_key which is invoked from the different XTS implementations. With this, the XTS implementations in ARM, ARM64, PPC and S390 have now a sanity check for the XTS keys similar to the other arches. In addition, this service function received a check to ensure that the key != the tweak key which is mandated by FIPS 140-2 IG A.9. As the check is not present in the standards defining XTS, it is only enforced in FIPS mode of the kernel. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2016-02-09 15:37:47 +01:00			`static inline int xts_check_key(struct crypto_tfm *tfm,`
			`const u8 *key, unsigned int keylen)`
			`{`
			`u32 *flags = &tfm->crt_flags;`

			`/*`
			`* key consists of keys of equal size concatenated, therefore`
			`* the length must be even.`
			`*/`
			`if (keylen % 2) {`
			`*flags \|= CRYPTO_TFM_RES_BAD_KEY_LEN;`
			`return -EINVAL;`
			`}`

			`/* ensure that the AES and tweak key are not identical */`
			`if (fips_enabled &&`
			`!crypto_memneq(key, key + (keylen / 2), keylen / 2)) {`
			`*flags \|= CRYPTO_TFM_RES_WEAK_KEY;`
			`return -EINVAL;`
			`}`

			`return 0;`
			`}`

crypto: xts - Convert to skcipher This patch converts xts over to the skcipher interface. It also optimises the implementation to be based on ECB instead of the underlying cipher. For compatibility the existing naming scheme of xts(aes) is maintained as opposed to the more obvious one of xts(ecb(aes)). Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2016-11-22 20:08:19 +08:00			`static inline int xts_verify_key(struct crypto_skcipher *tfm,`
			`const u8 *key, unsigned int keylen)`
			`{`
			`/*`
			`* key consists of keys of equal size concatenated, therefore`
			`* the length must be even.`
			`*/`
			`if (keylen % 2) {`
			`crypto_skcipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);`
			`return -EINVAL;`
			`}`

			`/* ensure that the AES and tweak key are not identical */`
			`if ((fips_enabled \|\| crypto_skcipher_get_flags(tfm) &`
			`CRYPTO_TFM_REQ_WEAK_KEY) &&`
			`!crypto_memneq(key, key + (keylen / 2), keylen / 2)) {`
			`crypto_skcipher_set_flags(tfm, CRYPTO_TFM_RES_WEAK_KEY);`
			`return -EINVAL;`
			`}`

			`return 0;`
			`}`

crypto: xts: add interface for parallelized cipher implementations Add xts_crypt() function that can be used by cipher implementations that can benefit from parallelized cipher operations. Signed-off-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2011-11-09 11:56:06 +08:00			`#endif /* _CRYPTO_XTS_H */`