commit 9d3eba4666bb86268e1f6155ac5d556a9452e8d5
author Jaeden Amero <jaeden.amero@arm.com> Sat Apr 28 15:02:45 2018 +0100
committer Jaeden Amero <jaeden.amero@arm.com> Wed May 09 17:41:48 2018 +0100
tree cfc66288b6bd17ae8e3d7cb616346c06d7b7118f
parent 49411ccd0d35801da661078f8fbe8645ec55dc53

aes: Add AES-XTS cipher block mode

Add XEX-based tweaked-codebook mode with ciphertext stealing (XTS) for
use with AES.

include/mbedtls/aes.h

diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h
index e0fc238..ea69781 100644
--- a/include/mbedtls/aes.h
+++ b/include/mbedtls/aes.h
@@ -88,6 +88,18 @@
 }
 mbedtls_aes_context;
 
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+/**
+ * \brief The AES XTS context-type definition.
+ */
+typedef struct
+{
+    mbedtls_aes_context crypt; /*!< The AES context to use for AES block
+                                        encryption or decryption. */
+    mbedtls_aes_context tweak; /*!< The AES context used for tweak computation. */
+} mbedtls_aes_xts_context;
+#endif /* MBEDTLS_CIPHER_MODE_XTS */
+
 #else  /* MBEDTLS_AES_ALT */
 #include "aes_alt.h"
 #endif /* MBEDTLS_AES_ALT */
@@ -109,6 +121,25 @@
  */
 void mbedtls_aes_free( mbedtls_aes_context *ctx );
 
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+/**
+ * \brief          This function initializes the specified AES XTS context.
+ *
+ *                 It must be the first API called before using
+ *                 the context.
+ *
+ * \param ctx      The AES XTS context to initialize.
+ */
+void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx );
+
+/**
+ * \brief          This function releases and clears the specified AES XTS context.
+ *
+ * \param ctx      The AES XTS context to clear.
+ */
+void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx );
+#endif /* MBEDTLS_CIPHER_MODE_XTS */
+
 /**
  * \brief          This function sets the encryption key.
  *
@@ -141,6 +172,44 @@
 int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
                     unsigned int keybits );
 
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+/**
+ * \brief          This function sets the encryption key.
+ *
+ * \param ctx      The AES XTS context to which the key should be bound.
+ * \param key      The encryption key. This is comprised of the XTS key1
+ *                 concatenated with the XTS key2.
+ * \param keybits  The size of data passed in bits. Valid options are:
+ *                 <ul><li>256 bits</li>
+ *                 <li>384 bits</li>
+ *                 <li>512 bits</li></ul>
+ *
+ * \return         \c 0 on success.
+ * \return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
+ */
+int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx,
+                                const unsigned char *key,
+                                unsigned int keybits );
+
+/**
+ * \brief          This function sets the decryption key.
+ *
+ * \param ctx      The AES XTS context to which the key should be bound.
+ * \param key      The decryption key. This is comprised of the XTS key1
+ *                 concatenated with the XTS key2.
+ * \param keybits  The size of data passed. Valid options are:
+ *                 <ul><li>256 bits</li>
+ *                 <li>384 bits</li>
+ *                 <li>512 bits</li></ul>
+ *
+ * \return         \c 0 on success.
+ * \return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
+ */
+int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx,
+                                const unsigned char *key,
+                                unsigned int keybits );
+#endif /* MBEDTLS_CIPHER_MODE_XTS */
+
 /**
  * \brief          This function performs an AES single-block encryption or
  *                 decryption operation.
@@ -333,6 +402,44 @@
                        unsigned char *output );
 #endif /* MBEDTLS_CIPHER_MODE_CTR */
 
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+/**
+ * \brief      This function performs an AES-XTS encryption or decryption
+ *             operation for an entire XTS sector.
+ *
+ *             AES-XTS encrypts or decrypts blocks based on their location as
+ *             defined by a sector number. These must be provided by \p sector.
+ *
+ *             NIST SP 800-38E limits the maximum size of a data unit to 2**20
+ *             AES blocks. If the data unit is larger than this, this function
+ *             returns #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH.
+ *
+ * \param ctx          The AES XTS context to use for AES XTS operations.
+ * \param mode         The AES operation: #MBEDTLS_AES_ENCRYPT or
+ *                     #MBEDTLS_AES_DECRYPT.
+ * \param length       The length of both an entire sector and the input data
+ *                     in bytes. The length must be at least 16 bytes. The
+ *                     length does not need to be a multiple of 16 bytes.
+ * \param data_unit    The data unit (commonly a block device sector) address
+ *                     in byte array form. The least significant byte must be
+ *                     at sector[0]. The most significant byte must be at
+ *                     sector[15]. Array must be 16 bytes in length.
+ * \param input        The buffer holding the input data.
+ * \param output       The buffer holding the output data.
+ *
+ * \return             \c 0 on success.
+ * \return             #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH if length smaller
+ *                     than an AES block in size (16 bytes) or if the length is
+ *                     larger than 2**20 blocks.
+ */
+int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx,
+                           int mode,
+                           size_t length,
+                           const unsigned char data_unit[16],
+                           const unsigned char *input,
+                           unsigned char *output );
+#endif /* MBEDTLS_CIPHER_MODE_XTS */
+
 /**
  * \brief           Internal AES block encryption function. This is only
  *                  exposed to allow overriding it using