AES-XTS key size

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

AFAICS, IEEE 1619-2007 standard mentions only XTS-AES-128 and
XTS-AES-256, meaning that the keys should be either 256 or 512 bits.

Further, NIST SP800-38E mentions that an implementation may restrict
support to only one of XTS-AES-{128,256}, but does not explicitly allow
other cipher suites.

I don't see this enforcement in crypto/xts.c (XTS SW implementation),
though I noticed that XTS mode is used for other ciphers besides AES.

More, tcrypt has xts(aes) speed tests checking also for XTS-AES-192.
For HW crypto engines adhering strictly to IEEE P1619-2007 this is a
problem:
[...]
tcrypt: test 5 (384 bit key, 16 byte blocks):
caam_jr 8020000.jr: key size mismatch
tcrypt: setkey() failed flags=200000
[...]

Is the kernel more permissive than the standard?

Thanks,
Horia

--
dm-devel mailing list
dm-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/dm-devel



[Index of Archives]     [DM Crypt]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite Discussion]     [KDE Users]     [Fedora Docs]

  Powered by Linux