Hi,
AFAICS, IEEE 1619-2007 standard mentions only XTS-AES-128 and
XTS-AES-256, meaning that the keys should be either 256 or 512 bits.
Further, NIST SP800-38E mentions that an implementation may restrict
support to only one of XTS-AES-{128,256}, but does not explicitly allow
other cipher suites.
I don't see this enforcement in crypto/xts.c (XTS SW implementation),
though I noticed that XTS mode is used for other ciphers besides AES.
More, tcrypt has xts(aes) speed tests checking also for XTS-AES-192.
For HW crypto engines adhering strictly to IEEE P1619-2007 this is a
problem:
[...]
tcrypt: test 5 (384 bit key, 16 byte blocks):
caam_jr 8020000.jr: key size mismatch
tcrypt: setkey() failed flags=200000
[...]
Is the kernel more permissive than the standard?
Thanks,
Horia
