Arduino Cryptography Library
Public Member Functions | List of all members
XTS< T1, T2 > Class Template Reference

Implementation of the XTS mode for 128-bit block ciphers. More...

#include <XTS.h>

Inheritance diagram for XTS< T1, T2 >:
XTSCommon

Public Member Functions

 XTS ()
 Constructs an object for encrypting sectors in XTS mode. More...
 
 ~XTS ()
 Clears all sensitive information and destroys this object.
 
- Public Member Functions inherited from XTSCommon
virtual ~XTSCommon ()
 Clears all sensitive information and destroys this object.
 
virtual size_t keySize () const
 Gets the size of the key for XTS mode. More...
 
size_t tweakSize () const
 Gets the maximum supported size for the tweak. More...
 
size_t sectorSize () const
 Gets the size of sectors encrypted or decrypted by this class. More...
 
bool setSectorSize (size_t size)
 Sets the size of sectors encrypted or decrypted by this class. More...
 
virtual bool setKey (const uint8_t *key, size_t len)
 Sets the key to use for XTS mode. More...
 
bool setTweak (const uint8_t *tweak, size_t len)
 Sets the tweak value for the current sector to encrypt or decrypt. More...
 
void encryptSector (uint8_t *output, const uint8_t *input)
 Encrypts an entire sector of data. More...
 
void decryptSector (uint8_t *output, const uint8_t *input)
 Decrypts an entire sector of data. More...
 
void clear ()
 Clears all security-sensitive state from this XTS object.
 

Additional Inherited Members

- Protected Member Functions inherited from XTSCommon
 XTSCommon ()
 Constructs an XTS object with a default sector size of 512 bytes.
 
void setBlockCiphers (BlockCipher *cipher1, BlockCipher *cipher2)
 Sets the two block ciphers to use for XTS mode. More...
 

Detailed Description

template<typename T1, typename T2 = T1>
class XTS< T1, T2 >

Implementation of the XTS mode for 128-bit block ciphers.

XTS mode implements the XEX tweakable block cipher mode with ciphertext stealing for data that isn't a multiple of the 128-bit block size.

XTS was designed for use in disk encryption where a large number of equal-sized "sectors" need to be encrypted in a way that information from one sector cannot be used to decrypt the other sectors. The mode combines the key with a sector-specific "tweak" which is usually based on the sector number.

Some Arduino systems have SD cards, but typically embedded systems do not have disk drives. However, XTS can still be useful on Arduino systems with lots of EEPROM or flash memory. If the application needs to store critical security parameters like private keys then XTS can be used to encrypt non-volatile memory to protect the parameters.

The following example encrypts a sector using XTS mode:

xts.setSectorSize(520);
xts.setKey(key, 64); // Twice the AES256 key size.
xts.setTweak(sectorNumber, sizeof(sectorNumber));
xts.encryptSector(output, input);
virtual bool setKey(const uint8_t *key, size_t len)
Sets the key to use for XTS mode.
Definition: XTS.cpp:119
bool setTweak(const uint8_t *tweak, size_t len)
Sets the tweak value for the current sector to encrypt or decrypt.
Definition: XTS.cpp:142
bool setSectorSize(size_t size)
Sets the size of sectors encrypted or decrypted by this class.
Definition: XTS.cpp:97
void encryptSector(uint8_t *output, const uint8_t *input)
Encrypts an entire sector of data.
Definition: XTS.cpp:170
Implementation of the XTS mode for 128-bit block ciphers.
Definition: XTS.h:80

XTS keys are twice the size of the underlying block cipher (AES256 in the above example). The XTS key is divided into two halves. The first half is used to encrypt the plaintext and the second half is used to encrypt the sector-specific tweak. The same key can be used for both, in which case XTS is equivalent to the original XEX design upon which XTS was based. The companion XTSSingleKey class can be used for single-key scenarios.

The template parameter must be a concrete subclass of BlockCipher indicating the specific block cipher to use. The example above uses AES256 as the underlying cipher.

It is also possible to specify two different block ciphers, as long as they have the same key size. Because the second half of the key is only used to encrypt tweaks and never decrypt, a reduced block cipher implementation like SpeckTiny that only supports encryption can be used for the second block cipher:

This might save some memory that would otherwise be needed for the decryption key schedule of the second block cipher. XTSSingleKey provides another method to save memory.

References: IEEE Std. 1619-2007, NIST SP 800-38E, a href="http://web.cs.ucdavis.edu/~rogaway/papers/offsets.pdf">XEX.

See also
XTSSingleKey, XTSCommon

Definition at line 79 of file XTS.h.

Constructor & Destructor Documentation

◆ XTS()

template<typename T1 , typename T2 = T1>
XTS< T1, T2 >::XTS ( )
inline

Constructs an object for encrypting sectors in XTS mode.

This constructor should be followed by a call to setSectorSize(). The default sector size is 512 bytes.

Definition at line 82 of file XTS.h.


The documentation for this class was generated from the following files: