TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 5f77801ac3f6212f66547df93c11d8add3261878^! / . / include / mbedtls
commit5f77801ac3f6212f66547df93c11d8add3261878[log] [tgz]
authorAorimn <aorimn@gmail.com>Thu Jun 09 23:22:58 2016 +0200
committerJaeden Amero <jaeden.amero@arm.com>Wed Jun 13 12:03:27 2018 +0100
treea42c6e51668e99272ff6709d05fea958eb5ec9ce
parent380162c34c7a43818968b718a151717350ae7bef [diff]
Implement AES-XTS mode

XTS mode is fully known as "xor-encrypt-xor with ciphertext-stealing".
This is the generalization of the XEX mode.
This implementation is limited to an 8-bits (1 byte) boundary, which
doesn't seem to be what was thought considering some test vectors [1].

This commit comes with tests, extracted from [1], and benchmarks.
Although, benchmarks aren't really nice here, as they work with a buffer
of a multiple of 16 bytes, which isn't a challenge for XTS compared to
XEX.

[1] http://csrc.nist.gov/groups/STM/cavp/documents/aes/XTSTestVectors.zip

diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h
index 652281c..c42ca7a 100644
--- a/include/mbedtls/aes.h
+++ b/include/mbedtls/aes.h

@@ -237,6 +237,34 @@
                     unsigned char *output );
 #endif /* MBEDTLS_CIPHER_MODE_XEX */
 
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+/**
+ * \brief           AES-XTS buffer encryption/decryption
+ *                  Length should be greater or equal than the block size (16
+ *                  bytes, 128 bits)
+ *
+ * Warning: The bits_length parameter must given be in bits, not bytes like the
+ * other modes
+ *
+ * \param crypt_ctx AES context for encrypting data
+ * \param tweak_ctx AES context for xor-ing with data
+ * \param mode      MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
+ * \param bits_length length of the input data (in bits)
+ * \param iv        initialization vector
+ * \param input     buffer holding the input data
+ * \param output    buffer holding the output data
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
+ */
+int mbedtls_aes_crypt_xts( mbedtls_aes_context *crypt_ctx,
+                    mbedtls_aes_context *tweak_ctx,
+                    int mode,
+                    size_t bits_length,
+                    unsigned char iv[16],
+                    const unsigned char *input,
+                    unsigned char *output );
+#endif /* MBEDTLS_CIPHER_MODE_XTS */
+
 #if defined(MBEDTLS_CIPHER_MODE_CFB)
 /**
  * \brief This function performs an AES-CFB128 encryption or decryption

diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 09379a0..3a7c159 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h

@@ -509,6 +509,14 @@
 #define MBEDTLS_CIPHER_MODE_XEX
 
 /**
+ * \def MBEDTLS_CIPHER_MODE_XTS
+ *
+ * Enable Xor-encrypt-xor with ciphertext stealing mode (XTS) for symmetric
+ * ciphers.
+ */
+#define MBEDTLS_CIPHER_MODE_XTS
+
+/**
  * \def MBEDTLS_CIPHER_MODE_OFB
  *
  * Enable Output Feedback mode (OFB) for symmetric ciphers.