XTS mode

[theli-ua]

Any plans for XTS?

[newpavlov]

Currently I don't have plans on implementing it myself, but I will gladly accept PRs!

Probably it will be better to introduce this mode as a separate crate, independent from block-modes.

[pheki]

I actually implemented XTS, but I'm having a little trouble conforming to the BlockMode trait:

• The new and new_fix signatures doesn't make much sense, as XTS needs two ciphers (usually two different keys with the same algorithm).

Other details:

• XTS itself cannot be implemented in term of en(de)crypt_blocks, as encrypt_blocks expects padded, full blocks and XTS use unpadded blocks to perform the stealing, encrypt_blocks will need to be implemented in terms of encrypt, instead of the opposite.

• Padding is not used, so the generic argument P: Padding will just be completely ignored.

For reference, the signatures I'm using (the tweak could be moved to the struct so its like an IV):

pub struct Xts128<C: BlockCipher> {
    cipher_1: C,
    cipher_2: C,
}

pub fn new(cipher_1: C, cipher_2: C) -> Xts128<C>;

pub fn encrypt_sector(&mut self, sector: &mut [u8], mut tweak: [u8; 0x10]);

pub fn decrypt_sector(&mut self, sector: &mut [u8], mut tweak: [u8; 0x10]);

What do you think? Does it even make sense to impl BlockMode for Xts128?

[pheki]

I've published a crate with XTS support (currently only 128-bits): xts-mode (docs.rs, repository).

[newpavlov]

Closing it in favor of RustCrypto/block-modes#1