-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AES-XTS support in PSA #6384
Comments
There's unfortunately a design flaw in the PSA API when it comes to XTS: it's specified as using an ordinary block cipher key, but XTS actually needs two keys or a double-size key. I wanted to specify a double-size key but never got around to adding this to the specification. How urgently do you need this? Would you be willing to contribute the code if I publish a specification draft? |
Oh, actually, no, we actually did fix the API specification and allow double-size keys (it's done for each block cipher key type, e.g. AES). Which means generating a 512-bit AES key (or even a 384-bit key, but AFAIR XTS isn't supposed to use 192-bit keys) is supposed to be supported. That's a bit weird, but it does keep the API specification simple. So we don't need to extend the API. This is just on the back burner because so far nobody had asked for it. |
Thanks for your answers.
Urgently as in not now, later :-) Just planning and considering to use PSA for a project.
At least it would be better to return Btw. regarding PSA, unless I missed something, I think it would be nice to have a function and/or a scheme to determine which algorithms are supported by a given implementation, so that it can be discovered before one starts processing. This could perhaps be defined as a validation function on psa_status_t psa_key_usage_supported (const psa_key_attributes_t *attributes);
If it's a matter of plugging the right existing bits at the right place. I could certainly give a hand with some guidance. |
Note: if we want to remove |
In Mbed TLS 4.0, we will remove the |
Suggested enhancement
I tried to use the
PSA_ALG_XTS
cipher with the psa library and ran into two issues:I was not able to generate a
PSA_KEY_TYPE_AES
key forAES-256-XTS
(bits = 512),psa_generate_key
returnsPSA_INVALID_ARGUMENT
. It works with bits = 256 though i.e.AES-128-XTS
.Trying to encrypt with
PSA_ALG_XTS
and a 256 bit AES key returnsPSA_NOT_SUPPORTED
. And indeed theswitch
statement here doesn't seem to mentionPSA_ALG_XTS
orMBEDTLS_MODE_XTS
.Justification
Mbed TLS needs this because it already seems to have support for it.
Edit (mpg): we might need this for 4.0
The text was updated successfully, but these errors were encountered: