pub struct AesXts { /* private fields */ }Expand description
AES-XTS state. Holds the two AES key schedules K1 (for the
data block encryption) and K2 (for the tweak encryption).
Construction is the bottleneck — both key schedules are
expanded once at new and reused for every sector.
Implementations§
Source§impl AesXts
impl AesXts
Sourcepub fn new(key: &[u8]) -> Option<Self>
pub fn new(key: &[u8]) -> Option<Self>
Initialise XTS with a concatenated key K = K1 || K2.
Accepts:
- 32 bytes – XTS-AES-128 (each half is a 16-byte AES-128 key)
- 64 bytes – XTS-AES-256 (each half is a 32-byte AES-256 key)
Returns None if the key length is invalid or if K1 == K2
(the IEEE 1619 spec mandates the two halves be distinct, since
K1 == K2 collapses XTS to a degenerate variant of XEX with
a tweak that’s just AES_K(i) and exposes a known-plaintext
distinguishing attack).
Sourcepub fn encrypt_sector(&self, tweak: &[u8; 16], data: &mut [u8])
pub fn encrypt_sector(&self, tweak: &[u8; 16], data: &mut [u8])
Encrypt one sector in place.
tweak is 16 bytes (little-endian encoding of the sector
sequence number; pad with zeros for sequence numbers smaller
than 128 bits, which is the common case).
data may be any length >= 16 bytes (XTS is not defined
for < 16 bytes — fewer than one block has nothing to “steal”
from). Returns silently with the data unchanged if the
length is below 16. For lengths that are multiples of 16, it
is plain XEX. Otherwise the last full block and the partial
tail are joined via ciphertext stealing per IEEE 1619 §5.3.2.
Sourcepub fn decrypt_sector(&self, tweak: &[u8; 16], data: &mut [u8])
pub fn decrypt_sector(&self, tweak: &[u8; 16], data: &mut [u8])
Decrypt one sector in place.
Inverse of Self::encrypt_sector. Same length / tweak conventions.