cipher: Add wrappers for AES-XTS

AES-XTS does not support multipart use as it can only operate on an entire
sector at a time.

library/cipher_wrap.c

@@ -161,6 +161,33 @@ static int aes_crypt_ctr_wrap( void *ctx, size_t length, size_t *nc_off,
 }
 #endif /* MBEDTLS_CIPHER_MODE_CTR */
 
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+static int aes_crypt_xts_wrap( void *ctx, mbedtls_operation_t operation,
+                               size_t length,
+                               const unsigned char data_unit[16],
+                               const unsigned char *input,
+                               unsigned char *output )
+{
+    mbedtls_aes_xts_context *xts_ctx = ctx;
+    int mode;
+
+    switch( operation )
+    {
+        case MBEDTLS_ENCRYPT:
+            mode = MBEDTLS_AES_ENCRYPT;
+            break;
+        case MBEDTLS_DECRYPT:
+            mode = MBEDTLS_AES_DECRYPT;
+            break;
+        default:
+            return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+    }
+
+    return mbedtls_aes_crypt_xts( xts_ctx, mode, length,
+                                  data_unit, input, output );
+}
+#endif /* MBEDTLS_CIPHER_MODE_XTS */
+
 static int aes_setkey_dec_wrap( void *ctx, const unsigned char *key,
                                 unsigned int key_bitlen )
 {
@@ -206,6 +233,9 @@ static const mbedtls_cipher_base_t aes_info = {
 #if defined(MBEDTLS_CIPHER_MODE_CTR)
     aes_crypt_ctr_wrap,
 #endif
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+    NULL,
+#endif
 #if defined(MBEDTLS_CIPHER_MODE_STREAM)
     NULL,
 #endif
@@ -388,6 +418,92 @@ static const mbedtls_cipher_info_t aes_256_ctr_info = {
 };
 #endif /* MBEDTLS_CIPHER_MODE_CTR */
 
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+static int xts_aes_setkey_enc_wrap( void *ctx, const unsigned char *key,
+                                    unsigned int key_bitlen )
+{
+    mbedtls_aes_xts_context *xts_ctx = ctx;
+    return( mbedtls_aes_xts_setkey_enc( xts_ctx, key, key_bitlen ) );
+}
+
+static int xts_aes_setkey_dec_wrap( void *ctx, const unsigned char *key,
+                                    unsigned int key_bitlen )
+{
+    mbedtls_aes_xts_context *xts_ctx = ctx;
+    return( mbedtls_aes_xts_setkey_dec( xts_ctx, key, key_bitlen ) );
+}
+
+static void *xts_aes_ctx_alloc( void )
+{
+    mbedtls_aes_xts_context *xts_ctx = mbedtls_calloc( 1, sizeof( *xts_ctx ) );
+
+    if( xts_ctx != NULL )
+        mbedtls_aes_xts_init( xts_ctx );
+
+    return( xts_ctx );
+}
+
+static void xts_aes_ctx_free( void *ctx )
+{
+    mbedtls_aes_xts_context *xts_ctx = ctx;
+
+    if( xts_ctx == NULL )
+        return;
+
+    mbedtls_aes_xts_free( xts_ctx );
+    mbedtls_free( xts_ctx );
+}
+
+static const mbedtls_cipher_base_t xts_aes_info = {
+    MBEDTLS_CIPHER_ID_AES,
+    NULL,
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+    NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_OFB)
+    NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+    NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+    aes_crypt_xts_wrap,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_STREAM)
+    NULL,
+#endif
+    xts_aes_setkey_enc_wrap,
+    xts_aes_setkey_dec_wrap,
+    xts_aes_ctx_alloc,
+    xts_aes_ctx_free
+};
+
+static const mbedtls_cipher_info_t aes_128_xts_info = {
+    MBEDTLS_CIPHER_AES_128_XTS,
+    MBEDTLS_MODE_XTS,
+    256,
+    "AES-128-XTS",
+    16,
+    0,
+    16,
+    &xts_aes_info
+};
+
+static const mbedtls_cipher_info_t aes_256_xts_info = {
+    MBEDTLS_CIPHER_AES_256_XTS,
+    MBEDTLS_MODE_XTS,
+    512,
+    "AES-256-XTS",
+    16,
+    0,
+    16,
+    &xts_aes_info
+};
+#endif /* MBEDTLS_CIPHER_MODE_XTS */
+
 #if defined(MBEDTLS_GCM_C)
 static int gcm_aes_setkey_wrap( void *ctx, const unsigned char *key,
                                 unsigned int key_bitlen )
@@ -411,6 +527,9 @@ static const mbedtls_cipher_base_t gcm_aes_info = {
 #if defined(MBEDTLS_CIPHER_MODE_CTR)
     NULL,
 #endif
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+    NULL,
+#endif
 #if defined(MBEDTLS_CIPHER_MODE_STREAM)
     NULL,
 #endif
@@ -477,6 +596,9 @@ static const mbedtls_cipher_base_t ccm_aes_info = {
 #if defined(MBEDTLS_CIPHER_MODE_CTR)
     NULL,
 #endif
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+    NULL,
+#endif
 #if defined(MBEDTLS_CIPHER_MODE_STREAM)
     NULL,
 #endif
@@ -607,6 +729,9 @@ static const mbedtls_cipher_base_t camellia_info = {
 #if defined(MBEDTLS_CIPHER_MODE_CTR)
     camellia_crypt_ctr_wrap,
 #endif
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+    NULL,
+#endif
 #if defined(MBEDTLS_CIPHER_MODE_STREAM)
     NULL,
 #endif
@@ -777,6 +902,9 @@ static const mbedtls_cipher_base_t gcm_camellia_info = {
 #if defined(MBEDTLS_CIPHER_MODE_CTR)
     NULL,
 #endif
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+    NULL,
+#endif
 #if defined(MBEDTLS_CIPHER_MODE_STREAM)
     NULL,
 #endif
@@ -843,6 +971,9 @@ static const mbedtls_cipher_base_t ccm_camellia_info = {
 #if defined(MBEDTLS_CIPHER_MODE_CTR)
     NULL,
 #endif
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+    NULL,
+#endif
 #if defined(MBEDTLS_CIPHER_MODE_STREAM)
     NULL,
 #endif
@@ -974,6 +1105,9 @@ static const mbedtls_cipher_base_t aria_info = {
 #if defined(MBEDTLS_CIPHER_MODE_CTR)
     aria_crypt_ctr_wrap,
 #endif
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+    NULL,
+#endif
 #if defined(MBEDTLS_CIPHER_MODE_STREAM)
     NULL,
 #endif
@@ -1144,6 +1278,9 @@ static const mbedtls_cipher_base_t gcm_aria_info = {
 #if defined(MBEDTLS_CIPHER_MODE_CTR)
     NULL,
 #endif
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+    NULL,
+#endif
 #if defined(MBEDTLS_CIPHER_MODE_STREAM)
     NULL,
 #endif
@@ -1210,6 +1347,9 @@ static const mbedtls_cipher_base_t ccm_aria_info = {
 #if defined(MBEDTLS_CIPHER_MODE_CTR)
     NULL,
 #endif
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+    NULL,
+#endif
 #if defined(MBEDTLS_CIPHER_MODE_STREAM)
     NULL,
 #endif
@@ -1389,6 +1529,9 @@ static const mbedtls_cipher_base_t des_info = {
 #if defined(MBEDTLS_CIPHER_MODE_CTR)
     NULL,
 #endif
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+    NULL,
+#endif
 #if defined(MBEDTLS_CIPHER_MODE_STREAM)
     NULL,
 #endif
@@ -1437,6 +1580,9 @@ static const mbedtls_cipher_base_t des_ede_info = {
 #if defined(MBEDTLS_CIPHER_MODE_CTR)
     NULL,
 #endif
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+    NULL,
+#endif
 #if defined(MBEDTLS_CIPHER_MODE_STREAM)
     NULL,
 #endif
@@ -1485,6 +1631,9 @@ static const mbedtls_cipher_base_t des_ede3_info = {
 #if defined(MBEDTLS_CIPHER_MODE_CTR)
     NULL,
 #endif
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+    NULL,
+#endif
 #if defined(MBEDTLS_CIPHER_MODE_STREAM)
     NULL,
 #endif
@@ -1597,6 +1746,9 @@ static const mbedtls_cipher_base_t blowfish_info = {
 #if defined(MBEDTLS_CIPHER_MODE_CTR)
     blowfish_crypt_ctr_wrap,
 #endif
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+    NULL,
+#endif
 #if defined(MBEDTLS_CIPHER_MODE_STREAM)
     NULL,
 #endif
@@ -1710,6 +1862,9 @@ static const mbedtls_cipher_base_t arc4_base_info = {
 #if defined(MBEDTLS_CIPHER_MODE_CTR)
     NULL,
 #endif
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+    NULL,
+#endif
 #if defined(MBEDTLS_CIPHER_MODE_STREAM)
     arc4_crypt_stream_wrap,
 #endif
@@ -1776,6 +1931,9 @@ static const mbedtls_cipher_base_t null_base_info = {
 #if defined(MBEDTLS_CIPHER_MODE_CTR)
     NULL,
 #endif
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+    NULL,
+#endif
 #if defined(MBEDTLS_CIPHER_MODE_STREAM)
     null_crypt_stream,
 #endif
@@ -1823,6 +1981,10 @@ const mbedtls_cipher_definition_t mbedtls_cipher_definitions[] =
     { MBEDTLS_CIPHER_AES_192_CTR,          &aes_192_ctr_info },
     { MBEDTLS_CIPHER_AES_256_CTR,          &aes_256_ctr_info },
 #endif
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+    { MBEDTLS_CIPHER_AES_128_XTS,          &aes_128_xts_info },
+    { MBEDTLS_CIPHER_AES_256_XTS,          &aes_256_xts_info },
+#endif
 #if defined(MBEDTLS_GCM_C)
     { MBEDTLS_CIPHER_AES_128_GCM,          &aes_128_gcm_info },
     { MBEDTLS_CIPHER_AES_192_GCM,          &aes_192_gcm_info },