RustCrypto
XTS Mode
I implemented the trait on the pre release of cipher.
Suggestions for the cipher crate:
- There does not seem to be a way to return errors using the traits. In ciphertext stealing case, this happens when the plain/ciphertext is shorter then the blocksize. The
ctscrate simply bypasses the trait system and implement the encryption methods directly on the struct. - The macros for tests does not work for ciphertext stealing as the tests asserts that the inputs are a multiple of the blocksize.
- There are no traits for seeking, for block ciphers that supports it (another good use case is CBC decryption)
Missing:
- [x] Find out how to integrate ciphertext stealing with the
ciphertraits correctly (cannot actually be done, see comment below) - [x] Ciphertext stealing tests
- [x] Benchmarks
- [ ] Optimise use of the
InOut-based methods, as I initially wrote the implementation in-place. - [x] Finish up documentation
- [x] Make GF operations constant time
If you've got any suggestion for the first point, it would be appreciated!
Okay, I found the underlying issue: BlockModeEncrypt/Decrypt simply does not support encrypting/decrypting data that's not aligned to a block without using padding. Therefore, it simply cannot provide ciphertext stealing.
For now, I will do like the cts crate is doing and manually implement the encrypt/decrypt methods on the Encryptor/Decryptor
Opened up for review, since the InOut refactoring to do can be done in a separate PR.
All IEEE 1619-2018 tests passes, parallel computing is supported, and doc is done.
Made a rookie mistake, the GF operations are not constant time. This should be an easy fix
Right now I work on other things, so I will try to take a look at this in a week or two.
