crypto::aes::xts
xts implements the AES-XTS cipher mode as defined in the IEEE Std 1619-2007.
AES-XTS is an unauthenticated transparent encryption scheme designed for use
cases like disk encryption. Transparent in the sense that the output size is the
same as the input size, and that blocks can be written or read in an arbitrary
order. Similarly to the ECB mode, XTS operates in blocks which are a multiple of
the AES block size.
The security guarantees can be compared to the ECB ones, but with a different
key for each block. That means following vulnerabilities exist:
- Traffic analysis: An observer can see when a certain block is written back to
disk with a different value.
- Replay: An adversary may change a block back to an old value, if write access
is available.
- Changing sectors: Changing of the cipher text will result in "random" plain
text. Authentication or error detection can be done before encryption, to
resist such attacks.
This is a low-level module which implements cryptographic primitives. Direct use
of cryptographic primitives is not recommended for non-experts, as incorrect use
of these primitives can easily lead to the introduction of security
vulnerabilities. Non-experts are advised to use the high-level operations
available in the top-level crypto module.
Be advised that Hare's cryptography implementations have not been audited.
Index
Types
type block;
Functions
fn decrypt(*block, []u8, []u8, u64) void;
fn encrypt(*block, []u8, []u8, u64) void;
fn finish(*block) void;
fn init(*block, []u8) void;
fn xts() block;
Types
type block
Show undocumented member
type block = struct {
b1: aes::block,
b2: aes::block,
x: [aes::BLOCKSZ]u8,
};
Functions
fn decrypt
fn decrypt(b: *block, dest: []u8, src: []u8, sector: u64) void;
Decrypts a block given its 'sector' number.
fn encrypt
fn encrypt(b: *block, dest: []u8, src: []u8, sector: u64) void;
Encrypts a block given its 'sector' number. The block must be a multiple of
crypto::aes::BLOCKSZ (16 bytes) in length.
fn finish
fn finish(b: *block) void;
Clears the sensible data of AES-XTS instance off the memory.
fn init
fn init(b: *block, key: []u8) void;
Initializes the AES-XTS instance. The key length must be 64, 48, or 32 bytes
(the size of two valid AES keys).
fn xts
fn xts() block;
Creates a AES-XTS instance. Must be initialized with init and always be
finished using finish to erase sensitive state from memory.