Implementation of the XTS mode for 128-bit block ciphers. More...
#include <XTS.h>
Public Member Functions | |
| XTS () | |
| Constructs an object for encrypting sectors in XTS mode. More... | |
| ~XTS () | |
| Clears all sensitive information and destroys this object. | |
 Public Member Functions inherited from XTSCommon | |
| virtual | ~XTSCommon () |
| Clears all sensitive information and destroys this object. | |
| virtual size_t | keySize () const |
| Gets the size of the key for XTS mode. More... | |
| size_t | tweakSize () const |
| Gets the maximum supported size for the tweak. More... | |
| size_t | sectorSize () const |
| Gets the size of sectors encrypted or decrypted by this class. More... | |
| bool | setSectorSize (size_t size) |
| Sets the size of sectors encrypted or decrypted by this class. More... | |
| virtual bool | setKey (const uint8_t *key, size_t len) |
| Sets the key to use for XTS mode. More... | |
| bool | setTweak (const uint8_t *tweak, size_t len) |
| Sets the tweak value for the current sector to encrypt or decrypt. More... | |
| void | encryptSector (uint8_t *output, const uint8_t *input) |
| Encrypts an entire sector of data. More... | |
| void | decryptSector (uint8_t *output, const uint8_t *input) |
| Decrypts an entire sector of data. More... | |
| void | clear () |
| Clears all security-sensitive state from this XTS object. | |
Additional Inherited Members | |
| Protected Member Functions inherited from XTSCommon | |
| XTSCommon () | |
| Constructs an XTS object with a default sector size of 512 bytes. | |
| void | setBlockCiphers (BlockCipher *cipher1, BlockCipher *cipher2) |
| Sets the two block ciphers to use for XTS mode. More... | |
Detailed Description
template<typename T1, typename T2 = T1>
class XTS< T1, T2 >
Implementation of the XTS mode for 128-bit block ciphers.
XTS mode implements the XEX tweakable block cipher mode with ciphertext stealing for data that isn't a multiple of the 128-bit block size.
XTS was designed for use in disk encryption where a large number of equal-sized "sectors" need to be encrypted in a way that information from one sector cannot be used to decrypt the other sectors. The mode combines the key with a sector-specific "tweak" which is usually based on the sector number.
Some Arduino systems have SD cards, but typically embedded systems do not have disk drives. However, XTS can still be useful on Arduino systems with lots of EEPROM or flash memory. If the application needs to store critical security parameters like private keys then XTS can be used to encrypt non-volatile memory to protect the parameters.
The following example encrypts a sector using XTS mode:
XTS keys are twice the size of the underlying block cipher (AES256 in the above example). The XTS key is divided into two halves. The first half is used to encrypt the plaintext and the second half is used to encrypt the sector-specific tweak. The same key can be used for both, in which case XTS is equivalent to the original XEX design upon which XTS was based. The companion XTSSingleKey class can be used for single-key scenarios.
The template parameter must be a concrete subclass of BlockCipher indicating the specific block cipher to use. The example above uses AES256 as the underlying cipher.
It is also possible to specify two different block ciphers, as long as they have the same key size. Because the second half of the key is only used to encrypt tweaks and never decrypt, a reduced block cipher implementation like SpeckTiny that only supports encryption can be used for the second block cipher:
This might save some memory that would otherwise be needed for the decryption key schedule of the second block cipher. XTSSingleKey provides another method to save memory.
References: IEEE Std. 1619-2007, NIST SP 800-38E, a href="http://web.cs.ucdavis.edu/~rogaway/papers/offsets.pdf">XEX.
- See also
- XTSSingleKey, XTSCommon
Constructor & Destructor Documentation
◆ XTS()
Constructs an object for encrypting sectors in XTS mode.
This constructor should be followed by a call to setSectorSize(). The default sector size is 512 bytes.
The documentation for this class was generated from the following files:
