From cd9fc5e54161b8be647ed5b2b295db6835ba4e3e Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Wed, 30 May 2018 15:23:24 +0100 Subject: [PATCH] aes: xts: Rename iv to data_unit XTS doesn't have an IV, it has a "Data Unit". Rename iv for parity with the XTS standard. --- include/mbedtls/aes.h | 6 +++--- library/aes.c | 5 +++-- tests/suites/test_suite_aes.function | 16 ++++++++-------- 3 files changed, 14 insertions(+), 13 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 60b9857b1..74c528fb6 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -290,7 +290,7 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx, * * AES-XTS encrypts or decrypts blocks based on their location as * defined by a data unit number. The data unit number must be - * provided by \p iv. + * provided by \p data_unit. * * NIST SP 800-38E limits the maximum size of a data unit to 2^20 * AES blocks. If the data unit is larger than this, this function @@ -302,7 +302,7 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx, * \param length The length of a data unit in bytes. This can be any * length between 16 bytes and 2^24 bytes inclusive * (between 1 and 2^20 block cipher blocks). - * \param iv The address of the data unit encoded as an array of 16 + * \param data_unit The address of the data unit encoded as an array of 16 * bytes in little-endian format. For disk encryption, this * is typically the index of the block device sector that * contains the data. @@ -321,7 +321,7 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx, int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx, int mode, size_t length, - const unsigned char iv[16], + const unsigned char data_unit[16], const unsigned char *input, unsigned char *output ); #endif /* MBEDTLS_CIPHER_MODE_XTS */ diff --git a/library/aes.c b/library/aes.c index 80447b7a3..a2d1b6dd1 100644 --- a/library/aes.c +++ b/library/aes.c @@ -1131,7 +1131,7 @@ static void mbedtls_gf128mul_x_ble( unsigned char r[16], int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx, int mode, size_t length, - const unsigned char iv[16], + const unsigned char data_unit[16], const unsigned char *input, unsigned char *output ) { @@ -1151,7 +1151,8 @@ int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx, return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH; /* Compute the tweak. */ - ret = mbedtls_aes_crypt_ecb( &ctx->tweak, MBEDTLS_AES_ENCRYPT, iv, tweak ); + ret = mbedtls_aes_crypt_ecb( &ctx->tweak, MBEDTLS_AES_ENCRYPT, + data_unit, tweak ); if( ret != 0 ) return( ret ); diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index d781d2eaa..165f702e6 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -152,12 +152,12 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_XTS */ -void aes_encrypt_xts( char *hex_key_string, char *hex_iv_string, +void aes_encrypt_xts( char *hex_key_string, char *hex_data_unit_string, char *hex_src_string, char *hex_dst_string, int data_unit_len, int xts_result ) { unsigned char key_str[100] = { 0, }; - unsigned char iv_str[100] = { 0, }; + unsigned char data_unit_str[100] = { 0, }; unsigned char src_str[100] = { 0, }; unsigned char dst_str[100] = { 0, }; unsigned char output[100] = { 0, }; @@ -167,13 +167,13 @@ void aes_encrypt_xts( char *hex_key_string, char *hex_iv_string, mbedtls_aes_xts_init( &ctx ); key_len = unhexify( key_str, hex_key_string ); - unhexify( iv_str, hex_iv_string ); + unhexify( data_unit_str, hex_data_unit_string ); data_len = unhexify( src_str, hex_src_string ); TEST_ASSERT( data_len == data_unit_len / 8 ); mbedtls_aes_xts_setkey_enc( &ctx, key_str, key_len * 8 ); - TEST_ASSERT( mbedtls_aes_crypt_xts( &ctx, MBEDTLS_AES_ENCRYPT, data_len, iv_str, src_str, output ) == xts_result ); + TEST_ASSERT( mbedtls_aes_crypt_xts( &ctx, MBEDTLS_AES_ENCRYPT, data_len, data_unit_str, src_str, output ) == xts_result ); if( xts_result == 0 ) { hexify( dst_str, output, data_len ); @@ -187,12 +187,12 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_XTS */ -void aes_decrypt_xts( char *hex_key_string, char *hex_iv_string, +void aes_decrypt_xts( char *hex_key_string, char *hex_data_unit_string, char *hex_src_string, char *hex_dst_string, int data_unit_len, int xts_result ) { unsigned char key_str[100] = { 0, }; - unsigned char iv_str[100] = { 0, }; + unsigned char data_unit_str[100] = { 0, }; unsigned char src_str[100] = { 0, }; unsigned char dst_str[100] = { 0, }; unsigned char output[100] = { 0, }; @@ -202,13 +202,13 @@ void aes_decrypt_xts( char *hex_key_string, char *hex_iv_string, mbedtls_aes_xts_init( &ctx ); key_len = unhexify( key_str, hex_key_string ); - unhexify( iv_str, hex_iv_string ); + unhexify( data_unit_str, hex_data_unit_string ); data_len = unhexify( src_str, hex_src_string ); TEST_ASSERT( data_len == data_unit_len / 8 ); mbedtls_aes_xts_setkey_dec( &ctx, key_str, key_len * 8 ); - TEST_ASSERT( mbedtls_aes_crypt_xts( &ctx, MBEDTLS_AES_DECRYPT, data_len, iv_str, src_str, output ) == xts_result ); + TEST_ASSERT( mbedtls_aes_crypt_xts( &ctx, MBEDTLS_AES_DECRYPT, data_len, data_unit_str, src_str, output ) == xts_result ); if( xts_result == 0 ) { hexify( dst_str, output, data_len );