luna - wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/aes.rs

   1/*
   2 * Copyright (C) 2006-2026 wolfSSL Inc.
   3 *
   4 * This file is part of wolfSSL.
   5 *
   6 * wolfSSL is free software; you can redistribute it and/or modify
   7 * it under the terms of the GNU General Public License as published by
   8 * the Free Software Foundation; either version 3 of the License, or
   9 * (at your option) any later version.
  10 *
  11 * wolfSSL is distributed in the hope that it will be useful,
  12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14 * GNU General Public License for more details.
  15 *
  16 * You should have received a copy of the GNU General Public License
  17 * along with this program; if not, write to the Free Software
  18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  19 */
  20
  21/*!
  22This module provides a Rust wrapper for the wolfCrypt library's Advanced
  23Encryption Standard (AES) functionality.
  24*/
  25
  26#![cfg(aes)]
  27
  28use crate::sys;
  29use core::mem::MaybeUninit;
  30use zeroize::{Zeroize, ZeroizeOnDrop};
  31
  32#[cfg(feature = "aead")]
  33use aead::{AeadCore, AeadInPlace, KeyInit, KeySizeUser};
  34
  35#[cfg(feature = "aead")]
  36use aead::generic_array::typenum::{U0, U12, U16, U32};
  37
  38#[cfg(all(feature = "cipher", not(feature = "aead")))]
  39use cipher::typenum::consts::{U16, U32};
  40
  41#[cfg(feature = "cipher")]
  42use cipher::typenum::consts::U24;
  43
  44#[cfg(feature = "cipher")]
  45use cipher::{
  46    BlockModeDecBackend, BlockModeDecClosure, BlockModeDecrypt,
  47    BlockModeEncBackend, BlockModeEncClosure, BlockModeEncrypt,
  48    IvSizeUser, KeyIvInit, ParBlocksSizeUser,
  49};
  50#[cfg(all(any(aes_ctr, aes_ofb), feature = "cipher"))]
  51use cipher::{StreamCipher,StreamCipherError};
  52
  53#[cfg(aes_wc_block_size)]
  54pub const AES_BLOCK_SIZE: usize = sys::WC_AES_BLOCK_SIZE as usize;
  55#[cfg(not(aes_wc_block_size))]
  56pub const AES_BLOCK_SIZE: usize = sys::AES_BLOCK_SIZE as usize;
  57
  58/// AES Cipher Block Chaining (CBC) mode.
  59///
  60/// # Example
  61/// ```rust
  62/// #[cfg(aes_cbc)]
  63/// {
  64/// use wolfssl_wolfcrypt::aes::CBC;
  65/// let mut cbc = CBC::new().expect("Failed to create CBC");
  66/// let key: &[u8; 16] = b"0123456789abcdef";
  67/// let iv: &[u8; 16] = b"1234567890abcdef";
  68/// let msg: [u8; 16] = [
  69///     0x6e, 0x6f, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74,
  70///     0x68, 0x65, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x20,
  71/// ];
  72/// let expected_cipher: [u8; 16] = [
  73///     0x95, 0x94, 0x92, 0x57, 0x5f, 0x42, 0x81, 0x53,
  74///     0x2c, 0xcc, 0x9d, 0x46, 0x77, 0xa2, 0x33, 0xcb
  75/// ];
  76/// cbc.init_encrypt(key, iv).expect("Error with init_encrypt()");
  77/// let mut cipher: [u8; 16] = [0; 16];
  78/// cbc.encrypt(&msg, &mut cipher).expect("Error with encrypt()");
  79/// assert_eq!(&cipher, &expected_cipher);
  80/// let mut plain_out = [0; 16];
  81/// cbc.init_decrypt(key, iv).expect("Error with init_decrypt()");
  82/// cbc.decrypt(&cipher, &mut plain_out).expect("Error with decrypt()");
  83/// assert_eq!(&plain_out, &msg);
  84/// }
  85/// ```
  86#[cfg(aes_cbc)]
  87pub struct CBC {
  88    ws_aes: sys::Aes,
  89}
  90#[cfg(aes_cbc)]
  91impl CBC {
  92    /// Create a new `CBC` instance.
  93    ///
  94    /// # Returns
  95    ///
  96    /// A Result which is Ok(CBC) on success or an Err containing the wolfSSL
  97    /// library return code on failure.
  98    pub fn new() -> Result<Self, i32> {
  99        Self::new_ex(None, None)
 100    }
 101
 102    /// Create a new `CBC` instance with optional heap and device ID.
 103    ///
 104    /// # Parameters
 105    ///
 106    /// * `heap`: Optional heap hint.
 107    /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware.
 108    ///
 109    /// # Returns
 110    ///
 111    /// A Result which is Ok(CBC) on success or an Err containing the wolfSSL
 112    /// library return code on failure.
 113    pub fn new_ex(heap: Option<*mut core::ffi::c_void>, dev_id: Option<i32>) -> Result<Self, i32> {
 114        let ws_aes = new_ws_aes(heap, dev_id)?;
 115        let cbc = CBC {ws_aes};
 116        Ok(cbc)
 117    }
 118
 119    fn init(&mut self, key: &[u8], iv: &[u8], dir: i32) -> Result<(), i32> {
 120        let key_size = crate::buffer_len_to_u32(key.len())?;
 121        if iv.len() != AES_BLOCK_SIZE {
 122            return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
 123        }
 124        let rc = unsafe {
 125            sys::wc_AesSetKey(&mut self.ws_aes, key.as_ptr(), key_size,
 126                iv.as_ptr(), dir)
 127        };
 128        if rc != 0 {
 129            return Err(rc);
 130        }
 131        Ok(())
 132    }
 133
 134    /// Initialize a CBC instance for encryption.
 135    ///
 136    /// This method must be called before calling `encrypt()`.
 137    ///
 138    /// # Parameters
 139    ///
 140    /// * `key`: A slice containing the encryption key to use. The key must be
 141    ///   16, 24, or 32 bytes in length.
 142    /// * `iv`: A slice containing the initialization vector (IV) to use. The
 143    ///   IV must be 16 bytes in length.
 144    ///
 145    /// # Returns
 146    ///
 147    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
 148    /// library return code on failure.
 149    pub fn init_encrypt(&mut self, key: &[u8], iv: &[u8]) -> Result<(), i32> {
 150        self.init(key, iv, sys::AES_ENCRYPTION as i32)
 151    }
 152
 153    /// Initialize a CBC instance for decryption.
 154    ///
 155    /// This method must be called before calling `decrypt()`.
 156    ///
 157    /// # Parameters
 158    ///
 159    /// * `key`: A slice containing the decryption key to use. The key must be
 160    ///   16, 24, or 32 bytes in length.
 161    /// * `iv`: A slice containing the initialization vector (IV) to use. The
 162    ///   IV must be 16 bytes in length.
 163    ///
 164    /// # Returns
 165    ///
 166    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
 167    /// library return code on failure.
 168    pub fn init_decrypt(&mut self, key: &[u8], iv: &[u8]) -> Result<(), i32> {
 169        self.init(key, iv, sys::AES_DECRYPTION as i32)
 170    }
 171
 172    /// Encrypt data.
 173    ///
 174    /// The `init_encrypt()` method must be called before calling this method.
 175    ///
 176    /// # Parameters
 177    ///
 178    /// * `din`: Data to encrypt. The size of the data must be a multiple of
 179    ///   16 bytes.
 180    /// * `dout`: Buffer in which to store the encrypted data. The size of
 181    ///   the buffer must match that of the `din` buffer.
 182    ///
 183    /// # Returns
 184    ///
 185    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
 186    /// library return code on failure.
 187    pub fn encrypt(&mut self, din: &[u8], dout: &mut [u8]) -> Result<(), i32> {
 188        let in_size = crate::buffer_len_to_u32(din.len())?;
 189        let out_size = crate::buffer_len_to_u32(dout.len())?;
 190        if in_size != out_size {
 191            return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
 192        }
 193        let rc = unsafe {
 194            sys::wc_AesCbcEncrypt(&mut self.ws_aes, dout.as_mut_ptr(), din.as_ptr(), in_size)
 195        };
 196        if rc != 0 {
 197            return Err(rc);
 198        }
 199        Ok(())
 200    }
 201
 202    /// Decrypt data.
 203    ///
 204    /// The `init_decrypt()` method must be called before calling this method.
 205    ///
 206    /// # Parameters
 207    ///
 208    /// * `din`: Data to decrypt. The size of the data must be a multiple of
 209    ///   16 bytes.
 210    /// * `dout`: Buffer in which to store the decrypted data. The size of
 211    ///   the data must match that of the `din` slice.
 212    ///
 213    /// # Returns
 214    ///
 215    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
 216    /// library return code on failure.
 217    pub fn decrypt(&mut self, din: &[u8], dout: &mut [u8]) -> Result<(), i32> {
 218        let in_size = crate::buffer_len_to_u32(din.len())?;
 219        let out_size = crate::buffer_len_to_u32(dout.len())?;
 220        if in_size != out_size {
 221            return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
 222        }
 223        let rc = unsafe {
 224            sys::wc_AesCbcDecrypt(&mut self.ws_aes, dout.as_mut_ptr(), din.as_ptr(), in_size)
 225        };
 226        if rc != 0 {
 227            return Err(rc);
 228        }
 229        Ok(())
 230    }
 231}
 232#[cfg(aes_cbc)]
 233impl CBC {
 234    fn zeroize(&mut self) {
 235        unsafe { crate::zeroize_raw(&mut self.ws_aes); }
 236    }
 237}
 238#[cfg(aes_cbc)]
 239impl Drop for CBC {
 240    /// Safely free the wolfSSL resources.
 241    fn drop(&mut self) {
 242        unsafe { sys::wc_AesFree(&mut self.ws_aes); }
 243        self.zeroize();
 244    }
 245}
 246
 247/// AES Counter with CBC-MAC (CCM) mode.
 248///
 249/// # Example
 250/// ```rust
 251/// #[cfg(aes_ccm)]
 252/// {
 253/// use wolfssl_wolfcrypt::aes::CCM;
 254/// let key: [u8; 16] = [
 255///     0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
 256///     0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf
 257/// ];
 258/// let nonce: [u8; 13] = [
 259///     0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xa0,
 260///     0xa1, 0xa2, 0xa3, 0xa4, 0xa5 ];
 261/// let plaintext: [u8; 23] = [
 262///     0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
 263///     0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
 264///     0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e
 265/// ];
 266/// let auth_data: [u8; 8] = [
 267///     0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
 268/// ];
 269/// let expected_ciphertext: [u8; 23] = [
 270///     0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2,
 271///     0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80,
 272///     0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84
 273/// ];
 274/// let expected_auth_tag: [u8; 8] = [
 275///     0x17, 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0
 276/// ];
 277///
 278/// let mut ccm = CCM::new().expect("Failed to create CCM");
 279/// ccm.init(&key).expect("Error with init()");
 280/// let mut auth_tag_out: [u8; 8] = [0; 8];
 281/// let mut cipher_out: [u8; 23] = [0; 23];
 282/// ccm.encrypt(&plaintext, &mut cipher_out,
 283///     &nonce, &auth_data, &mut auth_tag_out).expect("Error with encrypt()");
 284/// assert_eq!(cipher_out, expected_ciphertext);
 285/// assert_eq!(auth_tag_out, expected_auth_tag);
 286/// ccm.init(&key).expect("Error with init()");
 287/// let mut plain_out: [u8; 23] = [0; 23];
 288/// ccm.decrypt(&cipher_out, &mut plain_out,
 289///     &nonce, &auth_data, &auth_tag_out).expect("Error with decrypt()");
 290/// assert_eq!(plain_out, plaintext);
 291/// }
 292/// ```
 293#[cfg(aes_ccm)]
 294pub struct CCM {
 295    ws_aes: sys::Aes,
 296}
 297#[cfg(aes_ccm)]
 298impl CCM {
 299    /// Create a new `CCM` instance.
 300    ///
 301    /// # Returns
 302    ///
 303    /// A Result which is Ok(CCM) on success or an Err containing the wolfSSL
 304    /// library return code on failure.
 305    pub fn new() -> Result<Self, i32> {
 306        Self::new_ex(None, None)
 307    }
 308
 309    /// Create a new `CCM` instance with optional heap and device ID.
 310    ///
 311    /// # Parameters
 312    ///
 313    /// * `heap`: Optional heap hint.
 314    /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware.
 315    ///
 316    /// # Returns
 317    ///
 318    /// A Result which is Ok(CCM) on success or an Err containing the wolfSSL
 319    /// library return code on failure.
 320    pub fn new_ex(heap: Option<*mut core::ffi::c_void>, dev_id: Option<i32>) -> Result<Self, i32> {
 321        let ws_aes = new_ws_aes(heap, dev_id)?;
 322        let ccm = CCM {ws_aes};
 323        Ok(ccm)
 324    }
 325
 326    /// Initialize a CCM instance for encryption or decryption.
 327    ///
 328    /// This method must be called before calling `encrypt()` or `decrypt()`.
 329    ///
 330    /// # Parameters
 331    ///
 332    /// * `key`: A slice containing the encryption key to use. The key must be
 333    ///   16, 24, or 32 bytes in length.
 334    ///
 335    /// # Returns
 336    ///
 337    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
 338    /// library return code on failure.
 339    pub fn init(&mut self, key: &[u8]) -> Result<(), i32> {
 340        let key_size = crate::buffer_len_to_u32(key.len())?;
 341        let rc = unsafe {
 342            sys::wc_AesCcmSetKey(&mut self.ws_aes, key.as_ptr(), key_size)
 343        };
 344        if rc != 0 {
 345            return Err(rc);
 346        }
 347        Ok(())
 348    }
 349
 350    /// Encrypt data.
 351    ///
 352    /// The `init()` method must be called before calling this method.
 353    ///
 354    /// # Parameters
 355    ///
 356    /// * `din`: Data to encrypt.
 357    /// * `dout`: Buffer in which to store the encrypted data. The size of
 358    ///   the buffer must match that of the `din` buffer.
 359    /// * `nonce`: Nonce (number used once).
 360    /// * `auth`: Authentication data input.
 361    /// * `auth_tag`: Buffer in which to store the authentication tag.
 362    ///
 363    /// # Returns
 364    ///
 365    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
 366    /// library return code on failure.
 367    pub fn encrypt(&mut self, din: &[u8], dout: &mut [u8], nonce: &[u8], auth: &[u8], auth_tag: &mut [u8]) -> Result<(), i32> {
 368        let in_size = crate::buffer_len_to_u32(din.len())?;
 369        let out_size = crate::buffer_len_to_u32(dout.len())?;
 370        let nonce_size = crate::buffer_len_to_u32(nonce.len())?;
 371        let auth_size = crate::buffer_len_to_u32(auth.len())?;
 372        let auth_tag_size = crate::buffer_len_to_u32(auth_tag.len())?;
 373        if in_size != out_size {
 374            return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
 375        }
 376        let rc = unsafe {
 377            sys::wc_AesCcmEncrypt(&mut self.ws_aes, dout.as_mut_ptr(), din.as_ptr(), in_size,
 378                nonce.as_ptr(), nonce_size, auth_tag.as_mut_ptr(), auth_tag_size,
 379                auth.as_ptr(), auth_size)
 380        };
 381        if rc != 0 {
 382            return Err(rc);
 383        }
 384        Ok(())
 385    }
 386
 387    /// Decrypt data.
 388    ///
 389    /// The `init()` method must be called before calling this method.
 390    ///
 391    /// # Parameters
 392    ///
 393    /// * `din`: Data to decrypt.
 394    /// * `dout`: Buffer in which to store the decrypted data. The size of
 395    ///   the buffer must match that of the `din` buffer.
 396    /// * `nonce`: Nonce (number used once).
 397    /// * `auth`: Authentication data input.
 398    /// * `auth_tag`: Authentication tag input to verify.
 399    ///
 400    /// # Returns
 401    ///
 402    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
 403    /// library return code on failure.
 404    pub fn decrypt(&mut self, din: &[u8], dout: &mut [u8], nonce: &[u8], auth: &[u8], auth_tag: &[u8]) -> Result<(), i32> {
 405        let in_size = crate::buffer_len_to_u32(din.len())?;
 406        let out_size = crate::buffer_len_to_u32(dout.len())?;
 407        let nonce_size = crate::buffer_len_to_u32(nonce.len())?;
 408        let auth_size = crate::buffer_len_to_u32(auth.len())?;
 409        let auth_tag_size = crate::buffer_len_to_u32(auth_tag.len())?;
 410        if in_size != out_size {
 411            return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
 412        }
 413        let rc = unsafe {
 414            sys::wc_AesCcmDecrypt(&mut self.ws_aes, dout.as_mut_ptr(), din.as_ptr(), in_size,
 415                nonce.as_ptr(), nonce_size, auth_tag.as_ptr(), auth_tag_size,
 416                auth.as_ptr(), auth_size)
 417        };
 418        if rc != 0 {
 419            return Err(rc);
 420        }
 421        Ok(())
 422    }
 423}
 424#[cfg(aes_ccm)]
 425impl CCM {
 426    fn zeroize(&mut self) {
 427        unsafe { crate::zeroize_raw(&mut self.ws_aes); }
 428    }
 429}
 430#[cfg(aes_ccm)]
 431impl Drop for CCM {
 432    /// Safely free the wolfSSL resources.
 433    fn drop(&mut self) {
 434        unsafe { sys::wc_AesFree(&mut self.ws_aes); }
 435        self.zeroize();
 436    }
 437}
 438
 439// ---------------------------------------------------------------------------
 440// AES-CCM aead trait implementations
 441// ---------------------------------------------------------------------------
 442
 443/// Encrypt `buffer` in-place using AES-CCM (12-byte nonce, 16-byte tag).
 444#[cfg(all(aes_ccm, feature = "aead"))]
 445fn ccm_encrypt_in_place(
 446    key: &[u8],
 447    nonce: &[u8],
 448    aad: &[u8],
 449    buffer: &mut [u8],
 450    tag: &mut [u8],
 451) -> Result<(), aead::Error> {
 452    if buffer.len() > u32::MAX as usize || nonce.len() > u32::MAX as usize
 453        || tag.len() > u32::MAX as usize || aad.len() > u32::MAX as usize {
 454        return Err(aead::Error);
 455    }
 456    let mut ccm = CCM::new().map_err(|_| aead::Error)?;
 457    ccm.init(key).map_err(|_| aead::Error)?;
 458    // wolfCrypt CCM supports in-place operation (out == in).
 459    let buf_ptr = buffer.as_mut_ptr();
 460    let in_ptr = buf_ptr as *const u8;
 461    let rc = unsafe {
 462        sys::wc_AesCcmEncrypt(
 463            &mut ccm.ws_aes,
 464            buf_ptr, in_ptr, buffer.len() as u32,
 465            nonce.as_ptr(), nonce.len() as u32,
 466            tag.as_mut_ptr(), tag.len() as u32,
 467            aad.as_ptr(), aad.len() as u32,
 468        )
 469    };
 470    if rc != 0 {
 471        return Err(aead::Error);
 472    }
 473    Ok(())
 474}
 475
 476/// Decrypt `buffer` in-place using AES-CCM and verify `tag`.
 477#[cfg(all(aes_ccm, feature = "aead"))]
 478fn ccm_decrypt_in_place(
 479    key: &[u8],
 480    nonce: &[u8],
 481    aad: &[u8],
 482    buffer: &mut [u8],
 483    tag: &[u8],
 484) -> Result<(), aead::Error> {
 485    if buffer.len() > u32::MAX as usize || nonce.len() > u32::MAX as usize
 486        || tag.len() > u32::MAX as usize || aad.len() > u32::MAX as usize {
 487        return Err(aead::Error);
 488    }
 489    let mut ccm = CCM::new().map_err(|_| aead::Error)?;
 490    ccm.init(key).map_err(|_| aead::Error)?;
 491    let buf_ptr = buffer.as_mut_ptr();
 492    let in_ptr = buf_ptr as *const u8;
 493    let rc = unsafe {
 494        sys::wc_AesCcmDecrypt(
 495            &mut ccm.ws_aes,
 496            buf_ptr, in_ptr, buffer.len() as u32,
 497            nonce.as_ptr(), nonce.len() as u32,
 498            tag.as_ptr(), tag.len() as u32,
 499            aad.as_ptr(), aad.len() as u32,
 500        )
 501    };
 502    if rc != 0 {
 503        return Err(aead::Error);
 504    }
 505    Ok(())
 506}
 507
 508/// AES-128-CCM authenticated encryption (12-byte nonce, 16-byte tag).
 509#[cfg(all(aes_ccm, feature = "aead"))]
 510#[derive(Zeroize, ZeroizeOnDrop)]
 511pub struct Aes128Ccm {
 512    key: [u8; 16],
 513}
 514
 515#[cfg(all(aes_ccm, feature = "aead"))]
 516impl KeySizeUser for Aes128Ccm {
 517    type KeySize = U16;
 518}
 519
 520#[cfg(all(aes_ccm, feature = "aead"))]
 521impl AeadCore for Aes128Ccm {
 522    type NonceSize = U12;
 523    type TagSize = U16;
 524    type CiphertextOverhead = U0;
 525}
 526
 527#[cfg(all(aes_ccm, feature = "aead"))]
 528impl KeyInit for Aes128Ccm {
 529    fn new(key: &aead::Key<Self>) -> Self {
 530        let mut k = [0u8; 16];
 531        k.copy_from_slice(key.as_ref());
 532        Aes128Ccm { key: k }
 533    }
 534}
 535
 536#[cfg(all(aes_ccm, feature = "aead"))]
 537impl AeadInPlace for Aes128Ccm {
 538    fn encrypt_in_place_detached(
 539        &self,
 540        nonce: &aead::Nonce<Self>,
 541        associated_data: &[u8],
 542        buffer: &mut [u8],
 543    ) -> Result<aead::Tag<Self>, aead::Error> {
 544        let mut tag = aead::Tag::<Self>::default();
 545        ccm_encrypt_in_place(&self.key, nonce.as_ref(), associated_data, buffer, tag.as_mut())?;
 546        Ok(tag)
 547    }
 548
 549    fn decrypt_in_place_detached(
 550        &self,
 551        nonce: &aead::Nonce<Self>,
 552        associated_data: &[u8],
 553        buffer: &mut [u8],
 554        tag: &aead::Tag<Self>,
 555    ) -> Result<(), aead::Error> {
 556        ccm_decrypt_in_place(&self.key, nonce.as_ref(), associated_data, buffer, tag.as_ref())
 557    }
 558}
 559
 560/// AES-256-CCM authenticated encryption (12-byte nonce, 16-byte tag).
 561#[cfg(all(aes_ccm, feature = "aead"))]
 562#[derive(Zeroize, ZeroizeOnDrop)]
 563pub struct Aes256Ccm {
 564    key: [u8; 32],
 565}
 566
 567#[cfg(all(aes_ccm, feature = "aead"))]
 568impl KeySizeUser for Aes256Ccm {
 569    type KeySize = U32;
 570}
 571
 572#[cfg(all(aes_ccm, feature = "aead"))]
 573impl AeadCore for Aes256Ccm {
 574    type NonceSize = U12;
 575    type TagSize = U16;
 576    type CiphertextOverhead = U0;
 577}
 578
 579#[cfg(all(aes_ccm, feature = "aead"))]
 580impl KeyInit for Aes256Ccm {
 581    fn new(key: &aead::Key<Self>) -> Self {
 582        let mut k = [0u8; 32];
 583        k.copy_from_slice(key.as_ref());
 584        Aes256Ccm { key: k }
 585    }
 586}
 587
 588#[cfg(all(aes_ccm, feature = "aead"))]
 589impl AeadInPlace for Aes256Ccm {
 590    fn encrypt_in_place_detached(
 591        &self,
 592        nonce: &aead::Nonce<Self>,
 593        associated_data: &[u8],
 594        buffer: &mut [u8],
 595    ) -> Result<aead::Tag<Self>, aead::Error> {
 596        let mut tag = aead::Tag::<Self>::default();
 597        ccm_encrypt_in_place(&self.key, nonce.as_ref(), associated_data, buffer, tag.as_mut())?;
 598        Ok(tag)
 599    }
 600
 601    fn decrypt_in_place_detached(
 602        &self,
 603        nonce: &aead::Nonce<Self>,
 604        associated_data: &[u8],
 605        buffer: &mut [u8],
 606        tag: &aead::Tag<Self>,
 607    ) -> Result<(), aead::Error> {
 608        ccm_decrypt_in_place(&self.key, nonce.as_ref(), associated_data, buffer, tag.as_ref())
 609    }
 610}
 611
 612/// AES Cipher FeedBack (CFB) mode.
 613///
 614/// # Example
 615/// ```rust
 616/// #[cfg(aes_cfb)]
 617/// {
 618/// use wolfssl_wolfcrypt::aes::CFB;
 619/// let mut cfb = CFB::new().expect("Failed to create CFB");
 620/// let key: [u8; 16] = [
 621///     0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
 622///     0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
 623/// ];
 624/// let iv: [u8; 16] = [
 625///     0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
 626///     0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
 627/// ];
 628/// let msg: [u8; 48] = [
 629///     0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
 630///     0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
 631///     0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
 632///     0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
 633///     0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
 634///     0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef
 635/// ];
 636/// let cipher: [u8; 48] = [
 637///     0x3b,0x3f,0xd9,0x2e,0xb7,0x2d,0xad,0x20,
 638///     0x33,0x34,0x49,0xf8,0xe8,0x3c,0xfb,0x4a,
 639///     0xc8,0xa6,0x45,0x37,0xa0,0xb3,0xa9,0x3f,
 640///     0xcd,0xe3,0xcd,0xad,0x9f,0x1c,0xe5,0x8b,
 641///     0x26,0x75,0x1f,0x67,0xa3,0xcb,0xb1,0x40,
 642///     0xb1,0x80,0x8c,0xf1,0x87,0xa4,0xf4,0xdf
 643/// ];
 644/// cfb.init(&key, &iv).expect("Error with init()");
 645/// let mut outbuf: [u8; 48] = [0; 48];
 646/// cfb.encrypt(&msg[0..32], &mut outbuf[0..32]).expect("Error with encrypt()");
 647/// cfb.encrypt(&msg[32..48], &mut outbuf[32..48]).expect("Error with encrypt()");
 648/// assert_eq!(outbuf, cipher);
 649/// cfb.init(&key, &iv).expect("Error with init()");
 650/// let mut plain: [u8; 48] = [0; 48];
 651/// #[cfg(aes_decrypt)]
 652/// {
 653/// cfb.decrypt(&outbuf, &mut plain).expect("Error with decrypt()");
 654/// assert_eq!(plain, msg);
 655/// }
 656/// }
 657/// ```
 658#[cfg(aes_cfb)]
 659pub struct CFB {
 660    ws_aes: sys::Aes,
 661}
 662#[cfg(aes_cfb)]
 663impl CFB {
 664    /// Create a new `CFB` instance.
 665    ///
 666    /// # Returns
 667    ///
 668    /// A Result which is Ok(CFB) on success or an Err containing the wolfSSL
 669    /// library return code on failure.
 670    pub fn new() -> Result<Self, i32> {
 671        Self::new_ex(None, None)
 672    }
 673
 674    /// Create a new `CFB` instance with optional heap and device ID.
 675    ///
 676    /// # Parameters
 677    ///
 678    /// * `heap`: Optional heap hint.
 679    /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware.
 680    ///
 681    /// # Returns
 682    ///
 683    /// A Result which is Ok(CFB) on success or an Err containing the wolfSSL
 684    /// library return code on failure.
 685    pub fn new_ex(heap: Option<*mut core::ffi::c_void>, dev_id: Option<i32>) -> Result<Self, i32> {
 686        let ws_aes = new_ws_aes(heap, dev_id)?;
 687        let cfb = CFB {ws_aes};
 688        Ok(cfb)
 689    }
 690
 691    /// Initialize a CFB instance for encryption or decryption.
 692    ///
 693    /// This method must be called before calling `encrypt()`, `encrypt1()`,
 694    /// `encrypt8()`, `decrypt()`, `decrypt1()`, or `decrypt8()`.
 695    ///
 696    /// # Parameters
 697    ///
 698    /// * `key`: A slice containing the encryption key to use. The key must be
 699    ///   16, 24, or 32 bytes in length.
 700    /// * `iv`: A slice containing the initialization vector (IV) to use. The
 701    ///   IV must be 16 bytes in length.
 702    ///
 703    /// # Returns
 704    ///
 705    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
 706    /// library return code on failure.
 707    pub fn init(&mut self, key: &[u8], iv: &[u8]) -> Result<(), i32> {
 708        let key_size = crate::buffer_len_to_u32(key.len())?;
 709        if iv.len() != AES_BLOCK_SIZE {
 710            return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
 711        }
 712        let rc = unsafe {
 713            sys::wc_AesSetKey(&mut self.ws_aes, key.as_ptr(), key_size,
 714                iv.as_ptr(), sys::AES_ENCRYPTION as i32)
 715        };
 716        if rc != 0 {
 717            return Err(rc);
 718        }
 719        Ok(())
 720    }
 721
 722    /// Encrypt data in full-block CFB mode.
 723    ///
 724    /// The `init()` method must be called before calling this method.
 725    ///
 726    /// # Parameters
 727    ///
 728    /// * `din`: Data to encrypt.
 729    /// * `dout`: Buffer in which to store the encrypted data. The size of
 730    ///   the buffer must match that of the `din` buffer.
 731    ///
 732    /// # Returns
 733    ///
 734    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
 735    /// library return code on failure.
 736    pub fn encrypt(&mut self, din: &[u8], dout: &mut [u8]) -> Result<(), i32> {
 737        let in_size = crate::buffer_len_to_u32(din.len())?;
 738        let out_size = crate::buffer_len_to_u32(dout.len())?;
 739        if in_size != out_size {
 740            return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
 741        }
 742        let rc = unsafe {
 743            sys::wc_AesCfbEncrypt(&mut self.ws_aes, dout.as_mut_ptr(), din.as_ptr(), in_size)
 744        };
 745        if rc != 0 {
 746            return Err(rc);
 747        }
 748        Ok(())
 749    }
 750
 751    /// Encrypt data in 1-bit CFB mode.
 752    ///
 753    /// The `init()` method must be called before calling this method.
 754    ///
 755    /// # Parameters
 756    ///
 757    /// * `din`: Data to encrypt.
 758    /// * `dout`: Buffer in which to store the encrypted data. The size of
 759    ///   the buffer must match that of the `din` buffer.
 760    ///
 761    /// # Returns
 762    ///
 763    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
 764    /// library return code on failure.
 765    pub fn encrypt1(&mut self, din: &[u8], dout: &mut [u8]) -> Result<(), i32> {
 766        let in_size = crate::buffer_len_to_u32(din.len())?;
 767        let out_size = crate::buffer_len_to_u32(dout.len())?;
 768        if in_size != out_size {
 769            return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
 770        }
 771        let rc = unsafe {
 772            sys::wc_AesCfb1Encrypt(&mut self.ws_aes, dout.as_mut_ptr(), din.as_ptr(), in_size)
 773        };
 774        if rc != 0 {
 775            return Err(rc);
 776        }
 777        Ok(())
 778    }
 779
 780    /// Encrypt data in 8-bit CFB mode.
 781    ///
 782    /// The `init()` method must be called before calling this method.
 783    ///
 784    /// # Parameters
 785    ///
 786    /// * `din`: Data to encrypt.
 787    /// * `dout`: Buffer in which to store the encrypted data. The size of
 788    ///   the buffer must match that of the `din` buffer.
 789    ///
 790    /// # Returns
 791    ///
 792    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
 793    /// library return code on failure.
 794    pub fn encrypt8(&mut self, din: &[u8], dout: &mut [u8]) -> Result<(), i32> {
 795        let in_size = crate::buffer_len_to_u32(din.len())?;
 796        let out_size = crate::buffer_len_to_u32(dout.len())?;
 797        if in_size != out_size {
 798            return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
 799        }
 800        let rc = unsafe {
 801            sys::wc_AesCfb8Encrypt(&mut self.ws_aes, dout.as_mut_ptr(), din.as_ptr(), in_size)
 802        };
 803        if rc != 0 {
 804            return Err(rc);
 805        }
 806        Ok(())
 807    }
 808
 809    /// Decrypt data in full-block CFB mode.
 810    ///
 811    /// The `init()` method must be called before calling this method.
 812    ///
 813    /// # Parameters
 814    ///
 815    /// * `din`: Data to decrypt.
 816    /// * `dout`: Buffer in which to store the decrypted data. The size of
 817    ///   the buffer must match that of the `din` buffer.
 818    ///
 819    /// # Returns
 820    ///
 821    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
 822    /// library return code on failure.
 823    #[cfg(aes_decrypt)]
 824    pub fn decrypt(&mut self, din: &[u8], dout: &mut [u8]) -> Result<(), i32> {
 825        let in_size = crate::buffer_len_to_u32(din.len())?;
 826        let out_size = crate::buffer_len_to_u32(dout.len())?;
 827        if in_size != out_size {
 828            return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
 829        }
 830        let rc = unsafe {
 831            sys::wc_AesCfbDecrypt(&mut self.ws_aes, dout.as_mut_ptr(), din.as_ptr(), in_size)
 832        };
 833        if rc != 0 {
 834            return Err(rc);
 835        }
 836        Ok(())
 837    }
 838
 839    /// Decrypt data in 1-bit CFB mode.
 840    ///
 841    /// The `init()` method must be called before calling this method.
 842    ///
 843    /// # Parameters
 844    ///
 845    /// * `din`: Data to decrypt.
 846    /// * `dout`: Buffer in which to store the decrypted data. The size of
 847    ///   the buffer must match that of the `din` buffer.
 848    ///
 849    /// # Returns
 850    ///
 851    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
 852    /// library return code on failure.
 853    #[cfg(aes_decrypt)]
 854    pub fn decrypt1(&mut self, din: &[u8], dout: &mut [u8]) -> Result<(), i32> {
 855        let in_size = crate::buffer_len_to_u32(din.len())?;
 856        let out_size = crate::buffer_len_to_u32(dout.len())?;
 857        if in_size != out_size {
 858            return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
 859        }
 860        let rc = unsafe {
 861            sys::wc_AesCfb1Decrypt(&mut self.ws_aes, dout.as_mut_ptr(), din.as_ptr(), in_size)
 862        };
 863        if rc != 0 {
 864            return Err(rc);
 865        }
 866        Ok(())
 867    }
 868
 869    /// Decrypt data in 8-bit CFB mode.
 870    ///
 871    /// The `init()` method must be called before calling this method.
 872    ///
 873    /// # Parameters
 874    ///
 875    /// * `din`: Data to decrypt.
 876    /// * `dout`: Buffer in which to store the decrypted data. The size of
 877    ///   the buffer must match that of the `din` buffer.
 878    ///
 879    /// # Returns
 880    ///
 881    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
 882    /// library return code on failure.
 883    #[cfg(aes_decrypt)]
 884    pub fn decrypt8(&mut self, din: &[u8], dout: &mut [u8]) -> Result<(), i32> {
 885        let in_size = crate::buffer_len_to_u32(din.len())?;
 886        let out_size = crate::buffer_len_to_u32(dout.len())?;
 887        if in_size != out_size {
 888            return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
 889        }
 890        let rc = unsafe {
 891            sys::wc_AesCfb8Decrypt(&mut self.ws_aes, dout.as_mut_ptr(), din.as_ptr(), in_size)
 892        };
 893        if rc != 0 {
 894            return Err(rc);
 895        }
 896        Ok(())
 897    }
 898}
 899#[cfg(aes_cfb)]
 900impl CFB {
 901    fn zeroize(&mut self) {
 902        unsafe { crate::zeroize_raw(&mut self.ws_aes); }
 903    }
 904}
 905#[cfg(aes_cfb)]
 906impl Drop for CFB {
 907    /// Safely free the wolfSSL resources.
 908    fn drop(&mut self) {
 909        unsafe { sys::wc_AesFree(&mut self.ws_aes); }
 910        self.zeroize();
 911    }
 912}
 913
 914/// AES Counter (CTR) mode.
 915///
 916/// # Example
 917/// ```rust
 918/// #[cfg(aes_ctr)]
 919/// {
 920/// use wolfssl_wolfcrypt::aes::CTR;
 921/// let iv: [u8; 16] = [
 922///     0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
 923///     0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
 924/// ];
 925/// let msg: [u8; 64] = [
 926///     0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
 927///     0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
 928///     0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
 929///     0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
 930///     0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
 931///     0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
 932///     0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
 933///     0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
 934/// ];
 935/// let key: [u8; 16] = [
 936///     0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
 937///     0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
 938/// ];
 939/// let cipher: [u8; 64] = [
 940///     0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26,
 941///     0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce,
 942///     0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff,
 943///     0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff,
 944///     0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e,
 945///     0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab,
 946///     0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1,
 947///     0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee
 948/// ];
 949/// let mut ctr = CTR::new().expect("Failed to create CTR");
 950/// ctr.init(&key, &iv).expect("Error with init()");
 951/// let mut outbuf: [u8; 64] = [0; 64];
 952/// ctr.encrypt(&msg, &mut outbuf).expect("Error with encrypt()");
 953/// assert_eq!(outbuf, cipher);
 954/// ctr.init(&key, &iv).expect("Error with init()");
 955/// let mut plain: [u8; 64] = [0; 64];
 956/// ctr.decrypt(&outbuf, &mut plain).expect("Error with decrypt()");
 957/// assert_eq!(plain, msg);
 958/// }
 959/// ```
 960#[cfg(aes_ctr)]
 961pub struct CTR {
 962    ws_aes: sys::Aes,
 963}
 964#[cfg(aes_ctr)]
 965impl CTR {
 966    /// Create a new `CTR` instance.
 967    ///
 968    /// # Returns
 969    ///
 970    /// A Result which is Ok(CTR) on success or an Err containing the wolfSSL
 971    /// library return code on failure.
 972    pub fn new() -> Result<Self, i32> {
 973        Self::new_ex(None, None)
 974    }
 975
 976    /// Create a new `CTR` instance with optional heap and device ID.
 977    ///
 978    /// # Parameters
 979    ///
 980    /// * `heap`: Optional heap hint.
 981    /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware.
 982    ///
 983    /// # Returns
 984    ///
 985    /// A Result which is Ok(CTR) on success or an Err containing the wolfSSL
 986    /// library return code on failure.
 987    pub fn new_ex(heap: Option<*mut core::ffi::c_void>, dev_id: Option<i32>) -> Result<Self, i32> {
 988        let ws_aes = new_ws_aes(heap, dev_id)?;
 989        let ctr = CTR {ws_aes};
 990        Ok(ctr)
 991    }
 992
 993    /// Initialize a CTR instance for encryption or decryption.
 994    ///
 995    /// This method must be called before calling `encrypt()` or `decrypt()`.
 996    ///
 997    /// # Parameters
 998    ///
 999    /// * `key`: A slice containing the encryption key to use. The key must be
1000    ///   16, 24, or 32 bytes in length.
1001    /// * `iv`: A slice containing the initialization vector (IV) to use. The
1002    ///   IV must be 16 bytes in length.
1003    ///
1004    /// # Returns
1005    ///
1006    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
1007    /// library return code on failure.
1008    pub fn init(&mut self, key: &[u8], iv: &[u8]) -> Result<(), i32> {
1009        let key_size = crate::buffer_len_to_u32(key.len())?;
1010        if iv.len() != AES_BLOCK_SIZE {
1011            return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
1012        }
1013        let rc = unsafe {
1014            sys::wc_AesSetKeyDirect(&mut self.ws_aes, key.as_ptr(), key_size,
1015                iv.as_ptr(), sys::AES_ENCRYPTION as i32)
1016        };
1017        if rc != 0 {
1018            return Err(rc);
1019        }
1020        Ok(())
1021    }
1022
1023    fn encrypt_decrypt(&mut self, din: &[u8], dout: &mut [u8]) -> Result<(), i32> {
1024        let in_size = crate::buffer_len_to_u32(din.len())?;
1025        let out_size = crate::buffer_len_to_u32(dout.len())?;
1026        if in_size != out_size {
1027            return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
1028        }
1029        let rc = unsafe {
1030            sys::wc_AesCtrEncrypt(&mut self.ws_aes, dout.as_mut_ptr(), din.as_ptr(), in_size)
1031        };
1032        if rc != 0 {
1033            return Err(rc);
1034        }
1035        Ok(())
1036    }
1037
1038    /// Encrypt data.
1039    ///
1040    /// The `init()` method must be called before calling this method.
1041    ///
1042    /// # Parameters
1043    ///
1044    /// * `din`: Data to encrypt.
1045    /// * `dout`: Buffer in which to store the encrypted data. The size of
1046    ///   the buffer must match that of the `din` buffer.
1047    ///
1048    /// # Returns
1049    ///
1050    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
1051    /// library return code on failure.
1052    pub fn encrypt(&mut self, din: &[u8], dout: &mut [u8]) -> Result<(), i32> {
1053        self.encrypt_decrypt(din, dout)
1054    }
1055
1056    /// Decrypt data.
1057    ///
1058    /// The `init()` method must be called before calling this method.
1059    ///
1060    /// # Parameters
1061    ///
1062    /// * `din`: Data to decrypt.
1063    /// * `dout`: Buffer in which to store the decrypted data. The size of
1064    ///   the buffer must match that of the `din` buffer.
1065    ///
1066    /// # Returns
1067    ///
1068    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
1069    /// library return code on failure.
1070    pub fn decrypt(&mut self, din: &[u8], dout: &mut [u8]) -> Result<(), i32> {
1071        self.encrypt_decrypt(din, dout)
1072    }
1073}
1074#[cfg(aes_ctr)]
1075impl CTR {
1076    fn zeroize(&mut self) {
1077        unsafe { crate::zeroize_raw(&mut self.ws_aes); }
1078    }
1079}
1080#[cfg(aes_ctr)]
1081impl Drop for CTR {
1082    /// Safely free the wolfSSL resources.
1083    fn drop(&mut self) {
1084        unsafe { sys::wc_AesFree(&mut self.ws_aes); }
1085        self.zeroize();
1086    }
1087}
1088
1089/// AES Encrypt-Then-Authenticate-Then-Translate (EAX) mode.
1090///
1091/// # Example
1092/// ```rust
1093/// #[cfg(aes_eax)]
1094/// {
1095/// use wolfssl_wolfcrypt::aes::EAX;
1096/// let key: [u8; 16] = [
1097///     0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
1098///     0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
1099/// ];
1100/// let nonce: [u8; 16] = [
1101///     0x3c, 0x8c, 0xc2, 0x97, 0x0a, 0x00, 0x8f, 0x75,
1102///     0xcc, 0x5b, 0xea, 0xe2, 0x84, 0x72, 0x58, 0xc2
1103/// ];
1104/// let auth: &[u8] = &[];
1105/// let msg: [u8; 32] = [
1106///     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1107///     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1108///     0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
1109///     0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11
1110/// ];
1111/// let expected_cipher: [u8; 32] = [
1112///     0x3c, 0x44, 0x1f, 0x32, 0xce, 0x07, 0x82, 0x23,
1113///     0x64, 0xd7, 0xa2, 0x99, 0x0e, 0x50, 0xbb, 0x13,
1114///     0xd7, 0xb0, 0x2a, 0x26, 0x96, 0x9e, 0x4a, 0x93,
1115///     0x7e, 0x5e, 0x90, 0x73, 0xb0, 0xd9, 0xc9, 0x68
1116/// ];
1117/// let expected_auth_tag: [u8; 16] = [
1118///     0xdb, 0x90, 0xbd, 0xb3, 0xda, 0x3d, 0x00, 0xaf,
1119///     0xd0, 0xfc, 0x6a, 0x83, 0x55, 0x1d, 0xa9, 0x5e
1120/// ];
1121/// let mut cipher: [u8; 32] = [0; 32];
1122/// let mut auth_tag: [u8; 16] = [0; 16];
1123/// EAX::encrypt(&msg, &mut cipher, &key, &nonce, auth, &mut auth_tag).expect("Error with encrypt()");
1124/// assert_eq!(cipher, expected_cipher);
1125/// assert_eq!(auth_tag, expected_auth_tag);
1126/// let mut plain: [u8; 32] = [0; 32];
1127/// EAX::decrypt(&cipher, &mut plain, &key, &nonce, auth, &auth_tag).expect("Error with decrypt()");
1128/// assert_eq!(plain, msg);
1129/// }
1130/// ```
1131#[cfg(aes_eax)]
1132pub struct EAX {
1133}
1134#[cfg(aes_eax)]
1135impl EAX {
1136    /// Encrypt data.
1137    ///
1138    /// # Parameters
1139    ///
1140    /// * `din`: Data to encrypt.
1141    /// * `dout`: Buffer in which to store the encrypted data. The size of
1142    ///   the buffer must match that of the `din` buffer.
1143    /// * `key`: Encryption key to use. The key size must be 16, 24, or 32
1144    ///   bytes.
1145    /// * `nonce`: Nonce (number used once).
1146    /// * `auth`: Authentication data input.
1147    /// * `auth_tag`: Buffer in which to store the authentication tag.
1148    ///
1149    /// # Returns
1150    ///
1151    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
1152    /// library return code on failure.
1153    pub fn encrypt(din: &[u8], dout: &mut [u8], key: &[u8], nonce: &[u8],
1154            auth: &[u8], auth_tag: &mut [u8]) -> Result<(), i32> {
1155        let in_size = crate::buffer_len_to_u32(din.len())?;
1156        let out_size = crate::buffer_len_to_u32(dout.len())?;
1157        let key_size = crate::buffer_len_to_u32(key.len())?;
1158        let nonce_size = crate::buffer_len_to_u32(nonce.len())?;
1159        let auth_size = crate::buffer_len_to_u32(auth.len())?;
1160        let auth_tag_size = crate::buffer_len_to_u32(auth_tag.len())?;
1161        if in_size != out_size {
1162            return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
1163        }
1164        let rc = unsafe {
1165            sys::wc_AesEaxEncryptAuth(key.as_ptr(), key_size, dout.as_mut_ptr(),
1166                din.as_ptr(), in_size, nonce.as_ptr(), nonce_size,
1167                auth_tag.as_mut_ptr(), auth_tag_size, auth.as_ptr(), auth_size)
1168        };
1169        if rc != 0 {
1170            return Err(rc);
1171        }
1172        Ok(())
1173    }
1174
1175    /// Decrypt data.
1176    ///
1177    /// # Parameters
1178    ///
1179    /// * `din`: Data to decrypt.
1180    /// * `dout`: Buffer in which to store the decrypted data. The size of
1181    ///   the buffer must match that of the `din` buffer.
1182    /// * `key`: Decryption key to use. The key size must be 16, 24, or 32
1183    ///   bytes.
1184    /// * `nonce`: Nonce (number used once).
1185    /// * `auth`: Authentication data input.
1186    /// * `auth_tag`: Authentication tag input to verify.
1187    ///
1188    /// # Returns
1189    ///
1190    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
1191    /// library return code on failure.
1192    pub fn decrypt(din: &[u8], dout: &mut [u8], key: &[u8], nonce: &[u8],
1193            auth: &[u8], auth_tag: &[u8]) -> Result<(), i32> {
1194        let in_size = crate::buffer_len_to_u32(din.len())?;
1195        let out_size = crate::buffer_len_to_u32(dout.len())?;
1196        let key_size = crate::buffer_len_to_u32(key.len())?;
1197        let nonce_size = crate::buffer_len_to_u32(nonce.len())?;
1198        let auth_size = crate::buffer_len_to_u32(auth.len())?;
1199        let auth_tag_size = crate::buffer_len_to_u32(auth_tag.len())?;
1200        if in_size != out_size {
1201            return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
1202        }
1203        let rc = unsafe {
1204            sys::wc_AesEaxDecryptAuth(key.as_ptr(), key_size, dout.as_mut_ptr(),
1205                din.as_ptr(), in_size, nonce.as_ptr(), nonce_size,
1206                auth_tag.as_ptr(), auth_tag_size, auth.as_ptr(), auth_size)
1207        };
1208        if rc != 0 {
1209            return Err(rc);
1210        }
1211        Ok(())
1212    }
1213}
1214
1215/// AES Electronic CodeBook (ECB) mode.
1216///
1217/// # Example
1218/// ```rust
1219/// #[cfg(aes_ecb)]
1220/// {
1221/// use wolfssl_wolfcrypt::aes::ECB;
1222/// let mut ecb = ECB::new().expect("Failed to create ECB");
1223/// let key_128: &[u8; 16] = b"0123456789abcdef";
1224/// let msg: [u8; 16] = [
1225///     0x6e, 0x6f, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74,
1226///     0x68, 0x65, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x20
1227/// ];
1228/// let verify_ecb_128: [u8; 16] = [
1229///     0xd0, 0xc9, 0xd9, 0xc9, 0x40, 0xe8, 0x97, 0xb6,
1230///     0xc8, 0x8c, 0x33, 0x3b, 0xb5, 0x8f, 0x85, 0xd1
1231/// ];
1232/// ecb.init_encrypt(key_128).expect("Error with init_encrypt()");
1233/// let mut outbuf: [u8; 16] = [0; 16];
1234/// ecb.encrypt(&msg, &mut outbuf).expect("Error with encrypt()");
1235/// assert_eq!(&outbuf, &verify_ecb_128);
1236/// outbuf = [0; 16];
1237/// ecb.init_decrypt(key_128).expect("Error with init_decrypt()");
1238/// ecb.decrypt(&verify_ecb_128, &mut outbuf).expect("Error with decrypt()");
1239/// assert_eq!(&outbuf, &msg);
1240/// }
1241/// ```
1242#[cfg(aes_ecb)]
1243pub struct ECB {
1244    ws_aes: sys::Aes,
1245}
1246#[cfg(aes_ecb)]
1247impl ECB {
1248    /// Create a new `ECB` instance.
1249    ///
1250    /// # Returns
1251    ///
1252    /// A Result which is Ok(ECB) on success or an Err containing the wolfSSL
1253    /// library return code on failure.
1254    pub fn new() -> Result<Self, i32> {
1255        Self::new_ex(None, None)
1256    }
1257
1258    /// Create a new `ECB` instance with optional heap and device ID.
1259    ///
1260    /// # Parameters
1261    ///
1262    /// * `heap`: Optional heap hint.
1263    /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware.
1264    ///
1265    /// # Returns
1266    ///
1267    /// A Result which is Ok(ECB) on success or an Err containing the wolfSSL
1268    /// library return code on failure.
1269    pub fn new_ex(heap: Option<*mut core::ffi::c_void>, dev_id: Option<i32>) -> Result<Self, i32> {
1270        let ws_aes = new_ws_aes(heap, dev_id)?;
1271        let ecb = ECB {ws_aes};
1272        Ok(ecb)
1273    }
1274
1275    fn init(&mut self, key: &[u8], dir: i32) -> Result<(), i32> {
1276        let key_size = crate::buffer_len_to_u32(key.len())?;
1277        let rc = unsafe {
1278            sys::wc_AesSetKey(&mut self.ws_aes, key.as_ptr(), key_size,
1279                core::ptr::null(), dir)
1280        };
1281        if rc != 0 {
1282            return Err(rc);
1283        }
1284        Ok(())
1285    }
1286
1287    /// Initialize a ECB instance for encryption.
1288    ///
1289    /// This method must be called before calling `encrypt()`.
1290    ///
1291    /// # Parameters
1292    ///
1293    /// * `key`: A slice containing the encryption key to use. The key must be
1294    ///   16, 24, or 32 bytes in length.
1295    ///
1296    /// # Returns
1297    ///
1298    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
1299    /// library return code on failure.
1300    pub fn init_encrypt(&mut self, key: &[u8]) -> Result<(), i32> {
1301        self.init(key, sys::AES_ENCRYPTION as i32)
1302    }
1303
1304    /// Initialize a ECB instance for decryption.
1305    ///
1306    /// This method must be called before calling `decrypt()`.
1307    ///
1308    /// # Parameters
1309    ///
1310    /// * `key`: A slice containing the decryption key to use. The key must be
1311    ///   16, 24, or 32 bytes in length.
1312    ///
1313    /// # Returns
1314    ///
1315    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
1316    /// library return code on failure.
1317    pub fn init_decrypt(&mut self, key: &[u8]) -> Result<(), i32> {
1318        self.init(key, sys::AES_DECRYPTION as i32)
1319    }
1320
1321    /// Encrypt data.
1322    ///
1323    /// The `init_encrypt()` method must be called before calling this method.
1324    ///
1325    /// # Parameters
1326    ///
1327    /// * `din`: Data to encrypt. The size of the data must be a multiple of
1328    ///   16 bytes.
1329    /// * `dout`: Buffer in which to store the encrypted data. The size of
1330    ///   the buffer must match that of the `din` buffer.
1331    ///
1332    /// # Returns
1333    ///
1334    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
1335    /// library return code on failure.
1336    pub fn encrypt(&mut self, din: &[u8], dout: &mut [u8]) -> Result<(), i32> {
1337        let in_size = crate::buffer_len_to_u32(din.len())?;
1338        let out_size = crate::buffer_len_to_u32(dout.len())?;
1339        if in_size != out_size {
1340            return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
1341        }
1342        let rc = unsafe {
1343            sys::wc_AesEcbEncrypt(&mut self.ws_aes, dout.as_mut_ptr(), din.as_ptr(), in_size)
1344        };
1345        if rc != 0 {
1346            return Err(rc);
1347        }
1348        Ok(())
1349    }
1350
1351    /// Decrypt data.
1352    ///
1353    /// The `init_decrypt()` method must be called before calling this method.
1354    ///
1355    /// # Parameters
1356    ///
1357    /// * `din`: Data to decrypt. The size of the data must be a multiple of
1358    ///   16 bytes.
1359    /// * `dout`: Buffer in which to store the decrypted data. The size of
1360    ///   the buffer must match that of the `din` buffer.
1361    ///
1362    /// # Returns
1363    ///
1364    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
1365    /// library return code on failure.
1366    pub fn decrypt(&mut self, din: &[u8], dout: &mut [u8]) -> Result<(), i32> {
1367        let in_size = crate::buffer_len_to_u32(din.len())?;
1368        let out_size = crate::buffer_len_to_u32(dout.len())?;
1369        if in_size != out_size {
1370            return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
1371        }
1372        let rc = unsafe {
1373            sys::wc_AesEcbDecrypt(&mut self.ws_aes, dout.as_mut_ptr(), din.as_ptr(), in_size)
1374        };
1375        if rc != 0 {
1376            return Err(rc);
1377        }
1378        Ok(())
1379    }
1380}
1381#[cfg(aes_ecb)]
1382impl ECB {
1383    fn zeroize(&mut self) {
1384        unsafe { crate::zeroize_raw(&mut self.ws_aes); }
1385    }
1386}
1387#[cfg(aes_ecb)]
1388impl Drop for ECB {
1389    /// Safely free the wolfSSL resources.
1390    fn drop(&mut self) {
1391        unsafe { sys::wc_AesFree(&mut self.ws_aes); }
1392        self.zeroize();
1393    }
1394}
1395
1396/// AES Galois/Counter Mode (GCM) mode (one shot functionality).
1397///
1398/// This struct provides one-shot encryption and decryption functionality.
1399/// For streaming/chunking functionality, see the `GCMStream` struct instead.
1400///
1401/// # Example
1402/// ```rust
1403/// #[cfg(aes_gcm)]
1404/// {
1405/// use wolfssl_wolfcrypt::aes::GCM;
1406/// let key: [u8; 16] = [
1407///     0x29, 0x8e, 0xfa, 0x1c, 0xcf, 0x29, 0xcf, 0x62,
1408///     0xae, 0x68, 0x24, 0xbf, 0xc1, 0x95, 0x57, 0xfc
1409/// ];
1410/// let iv: [u8; 12] = [
1411///     0x6f, 0x58, 0xa9, 0x3f, 0xe1, 0xd2, 0x07, 0xfa,
1412///     0xe4, 0xed, 0x2f, 0x6d
1413/// ];
1414/// let plain: [u8; 32] = [
1415///     0xcc, 0x38, 0xbc, 0xcd, 0x6b, 0xc5, 0x36, 0xad,
1416///     0x91, 0x9b, 0x13, 0x95, 0xf5, 0xd6, 0x38, 0x01,
1417///     0xf9, 0x9f, 0x80, 0x68, 0xd6, 0x5c, 0xa5, 0xac,
1418///     0x63, 0x87, 0x2d, 0xaf, 0x16, 0xb9, 0x39, 0x01
1419/// ];
1420/// let auth: [u8; 16] = [
1421///     0x02, 0x1f, 0xaf, 0xd2, 0x38, 0x46, 0x39, 0x73,
1422///     0xff, 0xe8, 0x02, 0x56, 0xe5, 0xb1, 0xc6, 0xb1
1423/// ];
1424/// let expected_cipher: [u8; 32] = [
1425///     0xdf, 0xce, 0x4e, 0x9c, 0xd2, 0x91, 0x10, 0x3d,
1426///     0x7f, 0xe4, 0xe6, 0x33, 0x51, 0xd9, 0xe7, 0x9d,
1427///     0x3d, 0xfd, 0x39, 0x1e, 0x32, 0x67, 0x10, 0x46,
1428///     0x58, 0x21, 0x2d, 0xa9, 0x65, 0x21, 0xb7, 0xdb
1429/// ];
1430/// let expected_auth_tag: [u8; 16] = [
1431///     0x54, 0x24, 0x65, 0xef, 0x59, 0x93, 0x16, 0xf7,
1432///     0x3a, 0x7a, 0x56, 0x05, 0x09, 0xa2, 0xd9, 0xf2
1433/// ];
1434/// let mut gcm = GCM::new().expect("Failed to create GCM");
1435/// gcm.init(&key).expect("Error with init()");
1436/// let mut cipher: [u8; 32] = [0; 32];
1437/// let mut auth_tag: [u8; 16] = [0; 16];
1438/// gcm.encrypt(&plain, &mut cipher, &iv, &auth, &mut auth_tag).expect("Error with encrypt()");
1439/// assert_eq!(cipher, expected_cipher);
1440/// assert_eq!(auth_tag, expected_auth_tag);
1441/// let mut plain_out: [u8; 32] = [0; 32];
1442/// gcm.decrypt(&cipher, &mut plain_out, &iv, &auth, &auth_tag).expect("Error with decrypt()");
1443/// assert_eq!(plain_out, plain);
1444/// }
1445/// ```
1446#[cfg(aes_gcm)]
1447pub struct GCM {
1448    ws_aes: sys::Aes,
1449}
1450#[cfg(aes_gcm)]
1451impl GCM {
1452    /// Create a new `GCM` instance.
1453    ///
1454    /// # Returns
1455    ///
1456    /// A Result which is Ok(GCM) on success or an Err containing the wolfSSL
1457    /// library return code on failure.
1458    pub fn new() -> Result<Self, i32> {
1459        Self::new_ex(None, None)
1460    }
1461
1462    /// Create a new `GCM` instance with optional heap and device ID.
1463    ///
1464    /// # Parameters
1465    ///
1466    /// * `heap`: Optional heap hint.
1467    /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware.
1468    ///
1469    /// # Returns
1470    ///
1471    /// A Result which is Ok(GCM) on success or an Err containing the wolfSSL
1472    /// library return code on failure.
1473    pub fn new_ex(heap: Option<*mut core::ffi::c_void>, dev_id: Option<i32>) -> Result<Self, i32> {
1474        let ws_aes = new_ws_aes(heap, dev_id)?;
1475        let gcm = GCM {ws_aes};
1476        Ok(gcm)
1477    }
1478
1479    /// Initialize a GCM instance for encryption or decryption.
1480    ///
1481    /// This method must be called before calling `encrypt()` or `decrypt()`.
1482    ///
1483    /// # Parameters
1484    ///
1485    /// * `key`: A slice containing the encryption key to use. The key must be
1486    ///   16, 24, or 32 bytes in length.
1487    ///
1488    /// # Returns
1489    ///
1490    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
1491    /// library return code on failure.
1492    pub fn init(&mut self, key: &[u8]) -> Result<(), i32> {
1493        let key_size = crate::buffer_len_to_u32(key.len())?;
1494        let rc = unsafe {
1495            sys::wc_AesGcmSetKey(&mut self.ws_aes, key.as_ptr(), key_size)
1496        };
1497        if rc != 0 {
1498            return Err(rc);
1499        }
1500        Ok(())
1501    }
1502
1503    /// Encrypt data.
1504    ///
1505    /// The `init()` method must be called before calling this method.
1506    ///
1507    /// # Parameters
1508    ///
1509    /// * `din`: Data to encrypt.
1510    /// * `dout`: Buffer in which to store the encrypted data. The size of
1511    ///   the buffer must match that of the `din` buffer.
1512    /// * `iv`: Initialization vector to use for the encryption operation.
1513    /// * `auth`: Authentication data input.
1514    /// * `auth_tag`: Buffer in which to store the authentication tag.
1515    ///
1516    /// # Returns
1517    ///
1518    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
1519    /// library return code on failure.
1520    pub fn encrypt(&mut self, din: &[u8], dout: &mut [u8], iv: &[u8],
1521            auth: &[u8], auth_tag: &mut [u8]) -> Result<(), i32> {
1522        let in_size = crate::buffer_len_to_u32(din.len())?;
1523        let out_size = crate::buffer_len_to_u32(dout.len())?;
1524        let iv_size = crate::buffer_len_to_u32(iv.len())?;
1525        let auth_size = crate::buffer_len_to_u32(auth.len())?;
1526        let auth_tag_size = crate::buffer_len_to_u32(auth_tag.len())?;
1527        if in_size != out_size {
1528            return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
1529        }
1530        let rc = unsafe {
1531            sys::wc_AesGcmEncrypt(&mut self.ws_aes, dout.as_mut_ptr(), din.as_ptr(), in_size,
1532                iv.as_ptr(), iv_size, auth_tag.as_mut_ptr(), auth_tag_size,
1533                auth.as_ptr(), auth_size)
1534        };
1535        if rc != 0 {
1536            return Err(rc);
1537        }
1538        Ok(())
1539    }
1540
1541    /// Decrypt data.
1542    ///
1543    /// The `init()` method must be called before calling this method.
1544    ///
1545    /// # Parameters
1546    ///
1547    /// * `din`: Data to decrypt.
1548    /// * `dout`: Buffer in which to store the decrypted data. The size of
1549    ///   the buffer must match that of the `din` buffer.
1550    /// * `iv`: Initialization vector to use for the decryption operation.
1551    /// * `auth`: Authentication data input.
1552    /// * `auth_tag`: Authentication tag input to verify.
1553    ///
1554    /// # Returns
1555    ///
1556    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
1557    /// library return code on failure.
1558    pub fn decrypt(&mut self, din: &[u8], dout: &mut [u8], iv: &[u8],
1559            auth: &[u8], auth_tag: &[u8]) -> Result<(), i32> {
1560        let in_size = crate::buffer_len_to_u32(din.len())?;
1561        let out_size = crate::buffer_len_to_u32(dout.len())?;
1562        let iv_size = crate::buffer_len_to_u32(iv.len())?;
1563        let auth_size = crate::buffer_len_to_u32(auth.len())?;
1564        let auth_tag_size = crate::buffer_len_to_u32(auth_tag.len())?;
1565        if in_size != out_size {
1566            return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
1567        }
1568        let rc = unsafe {
1569            sys::wc_AesGcmDecrypt(&mut self.ws_aes, dout.as_mut_ptr(), din.as_ptr(), in_size,
1570                iv.as_ptr(), iv_size, auth_tag.as_ptr(), auth_tag_size,
1571                auth.as_ptr(), auth_size)
1572        };
1573        if rc != 0 {
1574            return Err(rc);
1575        }
1576        Ok(())
1577    }
1578}
1579#[cfg(aes_gcm)]
1580impl GCM {
1581    fn zeroize(&mut self) {
1582        unsafe { crate::zeroize_raw(&mut self.ws_aes); }
1583    }
1584}
1585#[cfg(aes_gcm)]
1586impl Drop for GCM {
1587    /// Safely free the wolfSSL resources.
1588    fn drop(&mut self) {
1589        unsafe { sys::wc_AesFree(&mut self.ws_aes); }
1590        self.zeroize();
1591    }
1592}
1593
1594// ---------------------------------------------------------------------------
1595// AES-GCM aead trait implementations
1596// ---------------------------------------------------------------------------
1597
1598/// Encrypt `buffer` in-place using AES-GCM (12-byte nonce, 16-byte tag).
1599///
1600/// wolfCrypt's `wc_AesGcmEncrypt` supports in-place operation (out == in).
1601#[cfg(all(aes_gcm, feature = "aead"))]
1602fn gcm_encrypt_in_place(
1603    key: &[u8],
1604    nonce: &[u8],
1605    aad: &[u8],
1606    buffer: &mut [u8],
1607    tag: &mut [u8],
1608) -> Result<(), aead::Error> {
1609    if buffer.len() > u32::MAX as usize || nonce.len() > u32::MAX as usize
1610        || tag.len() > u32::MAX as usize || aad.len() > u32::MAX as usize {
1611        return Err(aead::Error);
1612    }
1613    let mut gcm = GCM::new().map_err(|_| aead::Error)?;
1614    gcm.init(key).map_err(|_| aead::Error)?;
1615    let buf_ptr = buffer.as_mut_ptr();
1616    let in_ptr = buf_ptr as *const u8;
1617    let rc = unsafe {
1618        sys::wc_AesGcmEncrypt(
1619            &mut gcm.ws_aes,
1620            buf_ptr, in_ptr, buffer.len() as u32,
1621            nonce.as_ptr(), nonce.len() as u32,
1622            tag.as_mut_ptr(), tag.len() as u32,
1623            aad.as_ptr(), aad.len() as u32,
1624        )
1625    };
1626    if rc != 0 {
1627        return Err(aead::Error);
1628    }
1629    Ok(())
1630}
1631
1632/// Decrypt `buffer` in-place using AES-GCM and verify `tag`.
1633#[cfg(all(aes_gcm, feature = "aead"))]
1634fn gcm_decrypt_in_place(
1635    key: &[u8],
1636    nonce: &[u8],
1637    aad: &[u8],
1638    buffer: &mut [u8],
1639    tag: &[u8],
1640) -> Result<(), aead::Error> {
1641    if buffer.len() > u32::MAX as usize || nonce.len() > u32::MAX as usize
1642        || tag.len() > u32::MAX as usize || aad.len() > u32::MAX as usize {
1643        return Err(aead::Error);
1644    }
1645    let mut gcm = GCM::new().map_err(|_| aead::Error)?;
1646    gcm.init(key).map_err(|_| aead::Error)?;
1647    let buf_ptr = buffer.as_mut_ptr();
1648    let in_ptr = buf_ptr as *const u8;
1649    let rc = unsafe {
1650        sys::wc_AesGcmDecrypt(
1651            &mut gcm.ws_aes,
1652            buf_ptr, in_ptr, buffer.len() as u32,
1653            nonce.as_ptr(), nonce.len() as u32,
1654            tag.as_ptr(), tag.len() as u32,
1655            aad.as_ptr(), aad.len() as u32,
1656        )
1657    };
1658    if rc != 0 {
1659        return Err(aead::Error);
1660    }
1661    Ok(())
1662}
1663
1664/// AES-128-GCM authenticated encryption (12-byte nonce, 16-byte tag).
1665#[cfg(all(aes_gcm, feature = "aead"))]
1666#[derive(Zeroize, ZeroizeOnDrop)]
1667pub struct Aes128Gcm {
1668    key: [u8; 16],
1669}
1670
1671#[cfg(all(aes_gcm, feature = "aead"))]
1672impl KeySizeUser for Aes128Gcm {
1673    type KeySize = U16;
1674}
1675
1676#[cfg(all(aes_gcm, feature = "aead"))]
1677impl AeadCore for Aes128Gcm {
1678    type NonceSize = U12;
1679    type TagSize = U16;
1680    type CiphertextOverhead = U0;
1681}
1682
1683#[cfg(all(aes_gcm, feature = "aead"))]
1684impl KeyInit for Aes128Gcm {
1685    fn new(key: &aead::Key<Self>) -> Self {
1686        let mut k = [0u8; 16];
1687        k.copy_from_slice(key.as_ref());
1688        Aes128Gcm { key: k }
1689    }
1690}
1691
1692#[cfg(all(aes_gcm, feature = "aead"))]
1693impl AeadInPlace for Aes128Gcm {
1694    fn encrypt_in_place_detached(
1695        &self,
1696        nonce: &aead::Nonce<Self>,
1697        associated_data: &[u8],
1698        buffer: &mut [u8],
1699    ) -> Result<aead::Tag<Self>, aead::Error> {
1700        let mut tag = aead::Tag::<Self>::default();
1701        gcm_encrypt_in_place(&self.key, nonce.as_ref(), associated_data, buffer, tag.as_mut())?;
1702        Ok(tag)
1703    }
1704
1705    fn decrypt_in_place_detached(
1706        &self,
1707        nonce: &aead::Nonce<Self>,
1708        associated_data: &[u8],
1709        buffer: &mut [u8],
1710        tag: &aead::Tag<Self>,
1711    ) -> Result<(), aead::Error> {
1712        gcm_decrypt_in_place(&self.key, nonce.as_ref(), associated_data, buffer, tag.as_ref())
1713    }
1714}
1715
1716/// AES-256-GCM authenticated encryption (12-byte nonce, 16-byte tag).
1717#[cfg(all(aes_gcm, feature = "aead"))]
1718#[derive(Zeroize, ZeroizeOnDrop)]
1719pub struct Aes256Gcm {
1720    key: [u8; 32],
1721}
1722
1723#[cfg(all(aes_gcm, feature = "aead"))]
1724impl KeySizeUser for Aes256Gcm {
1725    type KeySize = U32;
1726}
1727
1728#[cfg(all(aes_gcm, feature = "aead"))]
1729impl AeadCore for Aes256Gcm {
1730    type NonceSize = U12;
1731    type TagSize = U16;
1732    type CiphertextOverhead = U0;
1733}
1734
1735#[cfg(all(aes_gcm, feature = "aead"))]
1736impl KeyInit for Aes256Gcm {
1737    fn new(key: &aead::Key<Self>) -> Self {
1738        let mut k = [0u8; 32];
1739        k.copy_from_slice(key.as_ref());
1740        Aes256Gcm { key: k }
1741    }
1742}
1743
1744#[cfg(all(aes_gcm, feature = "aead"))]
1745impl AeadInPlace for Aes256Gcm {
1746    fn encrypt_in_place_detached(
1747        &self,
1748        nonce: &aead::Nonce<Self>,
1749        associated_data: &[u8],
1750        buffer: &mut [u8],
1751    ) -> Result<aead::Tag<Self>, aead::Error> {
1752        let mut tag = aead::Tag::<Self>::default();
1753        gcm_encrypt_in_place(&self.key, nonce.as_ref(), associated_data, buffer, tag.as_mut())?;
1754        Ok(tag)
1755    }
1756
1757    fn decrypt_in_place_detached(
1758        &self,
1759        nonce: &aead::Nonce<Self>,
1760        associated_data: &[u8],
1761        buffer: &mut [u8],
1762        tag: &aead::Tag<Self>,
1763    ) -> Result<(), aead::Error> {
1764        gcm_decrypt_in_place(&self.key, nonce.as_ref(), associated_data, buffer, tag.as_ref())
1765    }
1766}
1767
1768/// AES Galois/Counter Mode (GCM) mode (streaming functionality).
1769///
1770/// This struct provides streaming/chunking encryption and decryption
1771/// functionality. For one-shot functionality, see the `GCM` struct instead.
1772///
1773/// # Example
1774/// ```rust
1775/// #[cfg(aes_gcm_stream)]
1776/// {
1777/// use wolfssl_wolfcrypt::aes::GCMStream;
1778/// let plain: [u8; 60] = [
1779///     0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
1780///     0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
1781///     0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
1782///     0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
1783///     0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
1784///     0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
1785///     0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
1786///     0xba, 0x63, 0x7b, 0x39
1787/// ];
1788/// let auth: [u8; 20] = [
1789///     0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
1790///     0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
1791///     0xab, 0xad, 0xda, 0xd2
1792/// ];
1793/// let key: [u8; 32] = [
1794///     0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
1795///     0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
1796///     0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
1797///     0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
1798/// ];
1799/// let iv: [u8; 12] = [
1800///     0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
1801///     0xde, 0xca, 0xf8, 0x88
1802/// ];
1803/// let expected_cipher: [u8; 60] = [
1804///     0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
1805///     0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
1806///     0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
1807///     0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
1808///     0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
1809///     0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
1810///     0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
1811///     0xbc, 0xc9, 0xf6, 0x62
1812/// ];
1813/// let expected_auth_tag: [u8; 16] = [
1814///     0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
1815///     0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b
1816/// ];
1817/// let mut gcmstream = GCMStream::new().expect("Failed to create GCMStream");
1818/// for chunk_size in 1..=auth.len() {
1819///     gcmstream.init(&key, &iv).expect("Error with init()");
1820///     let mut cipher: [u8; 60] = [0; 60];
1821///     let mut i = 0;
1822///     while i < auth.len() {
1823///         let mut end = i + chunk_size;
1824///         if end > auth.len() {
1825///             end = auth.len()
1826///         }
1827///         gcmstream.encrypt_update(&plain[0..0], &mut cipher[0..0], &auth[i..end]).expect("Error with encrypt_update()");
1828///         i += chunk_size;
1829///     }
1830///     i = 0;
1831///     while i < plain.len() {
1832///         let mut end = i + chunk_size;
1833///         if end > plain.len() {
1834///             end = plain.len()
1835///         }
1836///         gcmstream.encrypt_update(&plain[i..end], &mut cipher[i..end], &auth[0..0]).expect("Error with encrypt_update()");
1837///         i += chunk_size;
1838///     }
1839///     let mut auth_tag: [u8; 16] = [0; 16];
1840///     gcmstream.encrypt_final(&mut auth_tag).expect("Error with encrypt_final()");
1841///     assert_eq!(cipher, expected_cipher);
1842///     assert_eq!(auth_tag, expected_auth_tag);
1843/// }
1844/// }
1845/// ```
1846#[cfg(aes_gcm_stream)]
1847pub struct GCMStream {
1848    ws_aes: sys::Aes,
1849}
1850#[cfg(aes_gcm_stream)]
1851impl GCMStream {
1852    /// Create a new `GCMStream` instance.
1853    ///
1854    /// # Returns
1855    ///
1856    /// A Result which is Ok(GCMStream) on success or an Err containing the
1857    /// wolfSSL library return code on failure.
1858    pub fn new() -> Result<Self, i32> {
1859        Self::new_ex(None, None)
1860    }
1861
1862    /// Create a new `GCMStream` instance with heap and device ID.
1863    ///
1864    /// # Parameters
1865    ///
1866    /// * `heap`: Optional heap hint.
1867    /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware.
1868    ///
1869    /// # Returns
1870    ///
1871    /// A Result which is Ok(GCMStream) on success or an Err containing the
1872    /// wolfSSL library return code on failure.
1873    pub fn new_ex(heap: Option<*mut core::ffi::c_void>, dev_id: Option<i32>) -> Result<Self, i32> {
1874        let ws_aes = new_ws_aes(heap, dev_id)?;
1875        let gcmstream = GCMStream {ws_aes};
1876        Ok(gcmstream)
1877    }
1878
1879    /// Initialize a GCMStream instance for encryption or decryption.
1880    ///
1881    /// This method must be called before calling `encrypt_update()`,
1882    /// `encrypt_final()`, `decrypt_update()`, or `decrypt_final()`.
1883    ///
1884    /// # Parameters
1885    ///
1886    /// * `key`: A slice containing the encryption key to use. The key must be
1887    ///   16, 24, or 32 bytes in length.
1888    /// * `iv`: A slice containing the initialization vector (IV) to use.
1889    ///
1890    /// # Returns
1891    ///
1892    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
1893    /// library return code on failure.
1894    pub fn init(&mut self, key: &[u8], iv: &[u8]) -> Result<(), i32> {
1895        let key_size = crate::buffer_len_to_u32(key.len())?;
1896        let iv_size = crate::buffer_len_to_u32(iv.len())?;
1897        let rc = unsafe {
1898            sys::wc_AesGcmInit(&mut self.ws_aes, key.as_ptr(), key_size,
1899                iv.as_ptr(), iv_size)
1900        };
1901        if rc != 0 {
1902            return Err(rc);
1903        }
1904        Ok(())
1905    }
1906
1907    /// Add a chunk of data to encrypt or authentication data.
1908    ///
1909    /// All authentication data must be passed in to update before the
1910    /// plaintext to encrypt. The last part of the authentication data can be
1911    /// passed in with the same call as the first part of the plaintext data.
1912    ///
1913    /// The `init()` method must be called before calling this method.
1914    /// The `encrypt_final()` method must be called to finalize the encryption
1915    /// operation and retrieve the calculated authentication tag.
1916    ///
1917    /// # Parameters
1918    ///
1919    /// * `din`: Data to encrypt.
1920    /// * `dout`: Buffer in which to store the encrypted data. The size of
1921    ///   the buffer must match that of the `din` buffer.
1922    /// * `auth`: Authentication data input.
1923    ///
1924    /// # Returns
1925    ///
1926    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
1927    /// library return code on failure.
1928    pub fn encrypt_update(&mut self, din: &[u8], dout: &mut [u8],
1929            auth: &[u8]) -> Result<(), i32> {
1930        let in_size = crate::buffer_len_to_u32(din.len())?;
1931        let out_size = crate::buffer_len_to_u32(dout.len())?;
1932        let auth_size = crate::buffer_len_to_u32(auth.len())?;
1933        if in_size != out_size {
1934            return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
1935        }
1936        let rc = unsafe {
1937            sys::wc_AesGcmEncryptUpdate(&mut self.ws_aes, dout.as_mut_ptr(),
1938                din.as_ptr(), in_size, auth.as_ptr(), auth_size)
1939        };
1940        if rc != 0 {
1941            return Err(rc);
1942        }
1943        Ok(())
1944    }
1945
1946    /// Finalize encryption.
1947    ///
1948    /// The `init()` method must be called before calling this method.
1949    /// The `encrypt_update()` method must be called one or more times before
1950    /// calling this method to supply authentication data and plaintext input
1951    /// for encryption.
1952    ///
1953    /// # Parameters
1954    ///
1955    /// * `auth_tag`: Buffer in which to store the authentication tag.
1956    ///
1957    /// # Returns
1958    ///
1959    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
1960    /// library return code on failure.
1961    pub fn encrypt_final(&mut self, auth_tag: &mut [u8]) -> Result<(), i32> {
1962        let auth_tag_size = crate::buffer_len_to_u32(auth_tag.len())?;
1963        let rc = unsafe {
1964            sys::wc_AesGcmEncryptFinal(&mut self.ws_aes,
1965                auth_tag.as_mut_ptr(), auth_tag_size)
1966        };
1967        if rc != 0 {
1968            return Err(rc);
1969        }
1970        Ok(())
1971    }
1972
1973    /// Add a chunk of data to decrypt or authentication data.
1974    ///
1975    /// All authentication data must be passed in to update before the
1976    /// ciphertext to decrypt. The last part of the authentication data can be
1977    /// passed in with the same call as the first part of the ciphertext data.
1978    ///
1979    /// The `init()` method must be called before calling this method.
1980    /// The `decrypt_final()` method must be called to finalize the decryption
1981    /// operation and verify the authentication tag.
1982    ///
1983    /// # Parameters
1984    ///
1985    /// * `din`: Data to encrypt.
1986    /// * `dout`: Buffer in which to store the decrypted data. The size of
1987    ///   the buffer must match that of the `din` buffer.
1988    /// * `auth`: Authentication data input.
1989    ///
1990    /// # Returns
1991    ///
1992    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
1993    /// library return code on failure.
1994    pub fn decrypt_update(&mut self, din: &[u8], dout: &mut [u8],
1995            auth: &[u8]) -> Result<(), i32> {
1996        let in_size = crate::buffer_len_to_u32(din.len())?;
1997        let out_size = crate::buffer_len_to_u32(dout.len())?;
1998        let auth_size = crate::buffer_len_to_u32(auth.len())?;
1999        if in_size != out_size {
2000            return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
2001        }
2002        let rc = unsafe {
2003            sys::wc_AesGcmDecryptUpdate(&mut self.ws_aes, dout.as_mut_ptr(),
2004                din.as_ptr(), in_size, auth.as_ptr(), auth_size)
2005        };
2006        if rc != 0 {
2007            return Err(rc);
2008        }
2009        Ok(())
2010    }
2011
2012    /// Finalize decryption.
2013    ///
2014    /// The `init()` method must be called before calling this method.
2015    /// The `decrypt_update()` method must be called one or more times before
2016    /// calling this method to supply authentication data and ciphertext input
2017    /// for decryption.
2018    ///
2019    /// # Parameters
2020    ///
2021    /// * `auth_tag`: Authentication tag input to verify.
2022    ///
2023    /// # Returns
2024    ///
2025    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
2026    /// library return code on failure.
2027    pub fn decrypt_final(&mut self, auth_tag: &[u8]) -> Result<(), i32> {
2028        let auth_tag_size = crate::buffer_len_to_u32(auth_tag.len())?;
2029        let rc = unsafe {
2030            sys::wc_AesGcmDecryptFinal(&mut self.ws_aes,
2031                auth_tag.as_ptr(), auth_tag_size)
2032        };
2033        if rc != 0 {
2034            return Err(rc);
2035        }
2036        Ok(())
2037    }
2038}
2039#[cfg(aes_gcm_stream)]
2040impl GCMStream {
2041    fn zeroize(&mut self) {
2042        unsafe { crate::zeroize_raw(&mut self.ws_aes); }
2043    }
2044}
2045#[cfg(aes_gcm_stream)]
2046impl Drop for GCMStream {
2047    /// Safely free the wolfSSL resources.
2048    fn drop(&mut self) {
2049        unsafe { sys::wc_AesFree(&mut self.ws_aes); }
2050        self.zeroize();
2051    }
2052}
2053
2054/// AES Output FeedBack (OFB) mode.
2055///
2056/// # Example
2057/// ```rust
2058/// #[cfg(aes_ofb)]
2059/// {
2060/// use wolfssl_wolfcrypt::aes::OFB;
2061/// let key: [u8; 32] = [
2062///     0xc4,0xc7,0xfa,0xd6,0x53,0x5c,0xb8,0x71,
2063///     0x4a,0x5c,0x40,0x77,0x9a,0x8b,0xa1,0xd2,
2064///     0x53,0x3e,0x23,0xb4,0xb2,0x58,0x73,0x2a,
2065///     0x5b,0x78,0x01,0xf4,0xe3,0x71,0xa7,0x94
2066/// ];
2067/// let iv: [u8; 16] = [
2068///     0x5e,0xb9,0x33,0x13,0xb8,0x71,0xff,0x16,
2069///     0xb9,0x8a,0x9b,0xcb,0x43,0x33,0x0d,0x6f
2070/// ];
2071/// let plain: [u8; 48] = [
2072///     0x6d,0x0b,0xb0,0x79,0x63,0x84,0x71,0xe9,
2073///     0x39,0xd4,0x53,0x14,0x86,0xc1,0x4c,0x25,
2074///     0x9a,0xee,0xc6,0xf3,0xc0,0x0d,0xfd,0xd6,
2075///     0xc0,0x50,0xa8,0xba,0xa8,0x20,0xdb,0x71,
2076///     0xcc,0x12,0x2c,0x4e,0x0c,0x17,0x15,0xef,
2077///     0x55,0xf3,0x99,0x5a,0x6b,0xf0,0x2a,0x4c
2078/// ];
2079/// let expected_cipher: [u8; 48] = [
2080///     0x0f,0x54,0x61,0x71,0x59,0xd0,0x3f,0xfc,
2081///     0x1b,0xfa,0xfb,0x60,0x29,0x30,0xd7,0x00,
2082///     0xf4,0xa4,0xa8,0xe6,0xdd,0x93,0x94,0x46,
2083///     0x64,0xd2,0x19,0xc4,0xc5,0x4d,0xde,0x1b,
2084///     0x04,0x53,0xe1,0x73,0xf5,0x18,0x74,0xae,
2085///     0xfd,0x64,0xa2,0xe1,0xe2,0x76,0x13,0xb0
2086/// ];
2087/// let mut ofb = OFB::new().expect("Failed to create OFB");
2088/// ofb.init(&key, &iv).expect("Error with init()");
2089/// let mut cipher: [u8; 48] = [0; 48];
2090/// ofb.encrypt(&plain, &mut cipher).expect("Error with encrypt()");
2091/// assert_eq!(cipher, expected_cipher);
2092/// ofb.init(&key, &iv).expect("Error with init()");
2093/// let mut plain_out: [u8; 48] = [0; 48];
2094/// #[cfg(aes_decrypt)]
2095/// {
2096/// ofb.decrypt(&cipher, &mut plain_out).expect("Error with decrypt()");
2097/// assert_eq!(plain_out, plain);
2098/// }
2099/// }
2100/// ```
2101#[cfg(aes_ofb)]
2102pub struct OFB {
2103    ws_aes: sys::Aes,
2104}
2105#[cfg(aes_ofb)]
2106impl OFB {
2107    /// Create a new `OFB` instance.
2108    ///
2109    /// # Returns
2110    ///
2111    /// A Result which is Ok(OFB) on success or an Err containing the wolfSSL
2112    /// library return code on failure.
2113    pub fn new() -> Result<Self, i32> {
2114        Self::new_ex(None, None)
2115    }
2116
2117    /// Create a new `OFB` instance with optional heap and device ID.
2118    ///
2119    /// # Parameters
2120    ///
2121    /// * `heap`: Optional heap hint.
2122    /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware.
2123    ///
2124    /// # Returns
2125    ///
2126    /// A Result which is Ok(OFB) on success or an Err containing the wolfSSL
2127    /// library return code on failure.
2128    pub fn new_ex(heap: Option<*mut core::ffi::c_void>, dev_id: Option<i32>) -> Result<Self, i32> {
2129        let ws_aes = new_ws_aes(heap, dev_id)?;
2130        let ofb = OFB {ws_aes};
2131        Ok(ofb)
2132    }
2133
2134    /// Initialize a OFB instance for encryption or decryption.
2135    ///
2136    /// This method must be called before calling `encrypt()` or `decrypt()`.
2137    ///
2138    /// # Parameters
2139    ///
2140    /// * `key`: A slice containing the encryption key to use. The key must be
2141    ///   16, 24, or 32 bytes in length.
2142    /// * `iv`: A slice containing the initialization vector (IV) to use. The
2143    ///   IV must be 16 bytes in length.
2144    ///
2145    /// # Returns
2146    ///
2147    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
2148    /// library return code on failure.
2149    pub fn init(&mut self, key: &[u8], iv: &[u8]) -> Result<(), i32> {
2150        let key_size = crate::buffer_len_to_u32(key.len())?;
2151        if iv.len() != AES_BLOCK_SIZE {
2152            return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
2153        }
2154        let rc = unsafe {
2155            sys::wc_AesSetKey(&mut self.ws_aes, key.as_ptr(),
2156                key_size, iv.as_ptr(), sys::AES_ENCRYPTION as i32)
2157        };
2158        if rc != 0 {
2159            return Err(rc);
2160        }
2161        Ok(())
2162    }
2163
2164    /// Encrypt data.
2165    ///
2166    /// The `init()` method must be called before calling this method.
2167    ///
2168    /// # Parameters
2169    ///
2170    /// * `din`: Data to encrypt.
2171    /// * `dout`: Buffer in which to store the encrypted data. The size of
2172    ///   the buffer must match that of the `din` buffer.
2173    ///
2174    /// # Returns
2175    ///
2176    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
2177    /// library return code on failure.
2178    pub fn encrypt(&mut self, din: &[u8], dout: &mut [u8]) -> Result<(), i32> {
2179        let in_size = crate::buffer_len_to_u32(din.len())?;
2180        let out_size = crate::buffer_len_to_u32(dout.len())?;
2181        if in_size != out_size {
2182            return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
2183        }
2184        let rc = unsafe {
2185            sys::wc_AesOfbEncrypt(&mut self.ws_aes, dout.as_mut_ptr(), din.as_ptr(), in_size)
2186        };
2187        if rc != 0 {
2188            return Err(rc);
2189        }
2190        Ok(())
2191    }
2192
2193    /// Decrypt data.
2194    ///
2195    /// The `init()` method must be called before calling this method.
2196    ///
2197    /// # Parameters
2198    ///
2199    /// * `din`: Data to decrypt.
2200    /// * `dout`: Buffer in which to store the decrypted data. The size of
2201    ///   the buffer must match that of the `din` buffer.
2202    ///
2203    /// # Returns
2204    ///
2205    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
2206    /// library return code on failure.
2207    #[cfg(aes_decrypt)]
2208    pub fn decrypt(&mut self, din: &[u8], dout: &mut [u8]) -> Result<(), i32> {
2209        let in_size = crate::buffer_len_to_u32(din.len())?;
2210        let out_size = crate::buffer_len_to_u32(dout.len())?;
2211        if in_size != out_size {
2212            return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
2213        }
2214        let rc = unsafe {
2215            sys::wc_AesOfbDecrypt(&mut self.ws_aes, dout.as_mut_ptr(), din.as_ptr(), in_size)
2216        };
2217        if rc != 0 {
2218            return Err(rc);
2219        }
2220        Ok(())
2221    }
2222}
2223#[cfg(aes_ofb)]
2224impl OFB {
2225    fn zeroize(&mut self) {
2226        unsafe { crate::zeroize_raw(&mut self.ws_aes); }
2227    }
2228}
2229#[cfg(aes_ofb)]
2230impl Drop for OFB {
2231    /// Safely free the wolfSSL resources.
2232    fn drop(&mut self) {
2233        unsafe { sys::wc_AesFree(&mut self.ws_aes); }
2234        self.zeroize();
2235    }
2236}
2237
2238/// AES XEX-based Tweaked-Codebook Mode With Ciphertext Stealing (XTS) support
2239/// (one shot functionality).
2240///
2241/// This struct provides one-shot encryption and decryption functionality.
2242/// For streaming/chunking functionality, see the `XTSStream` struct instead.
2243///
2244/// # Example
2245/// ```rust
2246/// #[cfg(aes_xts)]
2247/// {
2248/// use wolfssl_wolfcrypt::aes::XTS;
2249/// let key: [u8; 32] = [
2250///     0xa1, 0xb9, 0x0c, 0xba, 0x3f, 0x06, 0xac, 0x35,
2251///     0x3b, 0x2c, 0x34, 0x38, 0x76, 0x08, 0x17, 0x62,
2252///     0x09, 0x09, 0x23, 0x02, 0x6e, 0x91, 0x77, 0x18,
2253///     0x15, 0xf2, 0x9d, 0xab, 0x01, 0x93, 0x2f, 0x2f
2254/// ];
2255/// let tweak: [u8; 16] = [
2256///     0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6,
2257///     0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
2258/// ];
2259/// let plain: [u8; 16] = [
2260///     0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
2261///     0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c
2262/// ];
2263/// let expected_cipher: [u8; 16] = [
2264///     0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a,
2265///     0x82, 0x50, 0x81, 0xd5, 0xbe, 0x47, 0x1c, 0x63
2266/// ];
2267/// let partial: [u8; 24] = [
2268///     0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
2269///     0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c,
2270///     0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
2271/// ];
2272/// let expected_partial_cipher: [u8; 24] = [
2273///     0x2b, 0xf7, 0x2c, 0xf3, 0xeb, 0x85, 0xef, 0x7b,
2274///     0x0b, 0x76, 0xa0, 0xaa, 0xf3, 0x3f, 0x25, 0x8b,
2275///     0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a
2276/// ];
2277///
2278/// let mut xts = XTS::new().expect("Failed to create XTS");
2279/// xts.init_encrypt(&key).expect("Error with init_encrypt()");
2280/// let mut cipher: [u8; 16] = [0; 16];
2281/// xts.encrypt(&plain, &mut cipher, &tweak).expect("Error with encrypt()");
2282/// assert_eq!(cipher, expected_cipher);
2283/// xts.init_decrypt(&key).expect("Error with init_decrypt()");
2284/// let mut plain_out: [u8; 16] = [0; 16];
2285/// xts.decrypt(&cipher, &mut plain_out, &tweak).expect("Error with decrypt()");
2286/// assert_eq!(plain_out, plain);
2287///
2288/// xts.init_encrypt(&key).expect("Error with init_encrypt()");
2289/// let mut partial_cipher: [u8; 24] = [0; 24];
2290/// xts.encrypt(&partial, &mut partial_cipher, &tweak).expect("Error with encrypt()");
2291/// assert_eq!(partial_cipher, expected_partial_cipher);
2292/// xts.init_decrypt(&key).expect("Error with init_decrypt()");
2293/// let mut partial_out: [u8; 24] = [0; 24];
2294/// xts.decrypt(&partial_cipher, &mut partial_out, &tweak).expect("Error with decrypt()");
2295/// assert_eq!(partial_out, partial);
2296/// }
2297/// ```
2298#[cfg(aes_xts)]
2299pub struct XTS {
2300    ws_xtsaes: sys::XtsAes,
2301}
2302#[cfg(aes_xts)]
2303impl XTS {
2304    /// Create a new `XTS` instance.
2305    ///
2306    /// # Returns
2307    ///
2308    /// A Result which is Ok(XTS) on success or an Err containing the wolfSSL
2309    /// library return code on failure.
2310    pub fn new() -> Result<Self, i32> {
2311        Self::new_ex(None, None)
2312    }
2313
2314    /// Create a new `XTS` instance with optional heap and device ID.
2315    ///
2316    /// # Parameters
2317    ///
2318    /// * `heap`: Optional heap hint.
2319    /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware.
2320    ///
2321    /// # Returns
2322    ///
2323    /// A Result which is Ok(XTS) on success or an Err containing the wolfSSL
2324    /// library return code on failure.
2325    pub fn new_ex(heap: Option<*mut core::ffi::c_void>, dev_id: Option<i32>) -> Result<Self, i32> {
2326        let ws_xtsaes = new_ws_xtsaes(heap, dev_id)?;
2327        let xts = XTS {ws_xtsaes};
2328        Ok(xts)
2329    }
2330
2331    fn init(&mut self, key: &[u8], dir: i32) -> Result<(), i32> {
2332        let key_size = crate::buffer_len_to_u32(key.len())?;
2333        let rc = unsafe {
2334            sys::wc_AesXtsSetKeyNoInit(&mut self.ws_xtsaes,
2335                key.as_ptr(), key_size, dir)
2336        };
2337        if rc != 0 {
2338            return Err(rc);
2339        }
2340        Ok(())
2341    }
2342
2343    /// Initialize a XTS instance for encryption.
2344    ///
2345    /// This method must be called before calling any encryption methods.
2346    ///
2347    /// # Parameters
2348    ///
2349    /// * `key`: A slice containing the encryption key to use. The key must be
2350    ///   16, 24, or 32 bytes in length.
2351    ///
2352    /// # Returns
2353    ///
2354    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
2355    /// library return code on failure.
2356    pub fn init_encrypt(&mut self, key: &[u8]) -> Result<(), i32> {
2357        self.init(key, sys::AES_ENCRYPTION as i32)
2358    }
2359
2360    /// Initialize a XTS instance for decryption.
2361    ///
2362    /// This method must be called before calling any decryption methods.
2363    ///
2364    /// # Parameters
2365    ///
2366    /// * `key`: A slice containing the decryption key to use. The key must be
2367    ///   16, 24, or 32 bytes in length.
2368    ///
2369    /// # Returns
2370    ///
2371    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
2372    /// library return code on failure.
2373    pub fn init_decrypt(&mut self, key: &[u8]) -> Result<(), i32> {
2374        self.init(key, sys::AES_DECRYPTION as i32)
2375    }
2376
2377    /// Encrypt data.
2378    ///
2379    /// The `init_encrypt()` method must be called before calling this method.
2380    ///
2381    /// # Parameters
2382    ///
2383    /// * `din`: Data to encrypt.
2384    /// * `dout`: Buffer in which to store the encrypted data. The size of
2385    ///   the buffer must match that of the `din` buffer.
2386    /// * `tweak`: Tweak value to use for the encryption operation.
2387    ///
2388    /// # Returns
2389    ///
2390    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
2391    /// library return code on failure.
2392    pub fn encrypt(&mut self, din: &[u8], dout: &mut [u8], tweak: &[u8]) -> Result<(), i32> {
2393        let in_size = crate::buffer_len_to_u32(din.len())?;
2394        let out_size = crate::buffer_len_to_u32(dout.len())?;
2395        let tweak_size = crate::buffer_len_to_u32(tweak.len())?;
2396        if in_size != out_size {
2397            return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
2398        }
2399        let rc = unsafe {
2400            sys::wc_AesXtsEncrypt(&mut self.ws_xtsaes, dout.as_mut_ptr(),
2401                din.as_ptr(), in_size, tweak.as_ptr(), tweak_size)
2402        };
2403        if rc != 0 {
2404            return Err(rc);
2405        }
2406        Ok(())
2407    }
2408
2409    /// Encrypt a sector of data.
2410    ///
2411    /// The `init_encrypt()` method must be called before calling this method.
2412    ///
2413    /// This method is the same as `encrypt()` except that a sector number is
2414    /// taken instead of a tweak buffer. Internally the sector number is
2415    /// expanded into the tweak value to use.
2416    ///
2417    /// # Parameters
2418    ///
2419    /// * `din`: Data to encrypt.
2420    /// * `dout`: Buffer in which to store the encrypted data. The size of
2421    ///   the buffer must match that of the `din` buffer.
2422    /// * `sector`: Sector number to use for encryption operation. This value
2423    ///   is expanded into a tweak value.
2424    ///
2425    /// # Returns
2426    ///
2427    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
2428    /// library return code on failure.
2429    pub fn encrypt_sector(&mut self, din: &[u8], dout: &mut [u8], sector: u64) -> Result<(), i32> {
2430        let in_size = crate::buffer_len_to_u32(din.len())?;
2431        let out_size = crate::buffer_len_to_u32(dout.len())?;
2432        if in_size != out_size {
2433            return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
2434        }
2435        let rc = unsafe {
2436            sys::wc_AesXtsEncryptSector(&mut self.ws_xtsaes, dout.as_mut_ptr(),
2437                din.as_ptr(), in_size, sector)
2438        };
2439        if rc != 0 {
2440            return Err(rc);
2441        }
2442        Ok(())
2443    }
2444
2445    /// Encrypt consecutive sectors of data.
2446    ///
2447    /// The `init_encrypt()` method must be called before calling this method.
2448    ///
2449    /// This method is the same as `encrypt_sector()` except that the sector
2450    /// number is automatically incremented every `sector_size` bytes.
2451    ///
2452    /// # Parameters
2453    ///
2454    /// * `din`: Data to encrypt.
2455    /// * `dout`: Buffer in which to store the encrypted data. The size of
2456    ///   the buffer must match that of the `din` buffer.
2457    /// * `sector`: Sector number to use for encryption operation. This value
2458    ///   is expanded into a tweak value.
2459    /// * `sector_size`: Sector size. The `sector` value is internally
2460    ///   incremented every `sector_size` bytes.
2461    ///
2462    /// # Returns
2463    ///
2464    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
2465    /// library return code on failure.
2466    pub fn encrypt_consecutive_sectors(&mut self, din: &[u8], dout: &mut [u8],
2467            sector: u64, sector_size: u32) -> Result<(), i32> {
2468        let in_size = crate::buffer_len_to_u32(din.len())?;
2469        let out_size = crate::buffer_len_to_u32(dout.len())?;
2470        if in_size != out_size {
2471            return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
2472        }
2473        let rc = unsafe {
2474            sys::wc_AesXtsEncryptConsecutiveSectors(&mut self.ws_xtsaes,
2475                dout.as_mut_ptr(), din.as_ptr(), in_size, sector, sector_size)
2476        };
2477        if rc != 0 {
2478            return Err(rc);
2479        }
2480        Ok(())
2481    }
2482
2483    /// Decrypt data.
2484    ///
2485    /// The `init_decrypt()` method must be called before calling this method.
2486    ///
2487    /// # Parameters
2488    ///
2489    /// * `din`: Data to decrypt.
2490    /// * `dout`: Buffer in which to store the decrypted data. The size of
2491    ///   the buffer must match that of the `din` buffer.
2492    /// * `tweak`: Tweak value to use for the decryption operation.
2493    ///
2494    /// # Returns
2495    ///
2496    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
2497    /// library return code on failure.
2498    pub fn decrypt(&mut self, din: &[u8], dout: &mut [u8], tweak: &[u8]) -> Result<(), i32> {
2499        let in_size = crate::buffer_len_to_u32(din.len())?;
2500        let out_size = crate::buffer_len_to_u32(dout.len())?;
2501        let tweak_size = crate::buffer_len_to_u32(tweak.len())?;
2502        if in_size != out_size {
2503            return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
2504        }
2505        let rc = unsafe {
2506            sys::wc_AesXtsDecrypt(&mut self.ws_xtsaes, dout.as_mut_ptr(),
2507                din.as_ptr(), in_size, tweak.as_ptr(), tweak_size)
2508        };
2509        if rc != 0 {
2510            return Err(rc);
2511        }
2512        Ok(())
2513    }
2514
2515    /// Decrypt a sector of data.
2516    ///
2517    /// The `init_decrypt()` method must be called before calling this method.
2518    ///
2519    /// This method is the same as `decrypt()` except that a sector number is
2520    /// taken instead of a tweak buffer. Internally the sector number is
2521    /// expanded into the tweak value to use.
2522    ///
2523    /// # Parameters
2524    ///
2525    /// * `din`: Data to decrypt.
2526    /// * `dout`: Buffer in which to store the decrypted data. The size of
2527    ///   the buffer must match that of the `din` buffer.
2528    /// * `sector`: Sector number to use for decryption operation. This value
2529    ///   is expanded into a tweak value.
2530    ///
2531    /// # Returns
2532    ///
2533    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
2534    /// library return code on failure.
2535    pub fn decrypt_sector(&mut self, din: &[u8], dout: &mut [u8], sector: u64) -> Result<(), i32> {
2536        let in_size = crate::buffer_len_to_u32(din.len())?;
2537        let out_size = crate::buffer_len_to_u32(dout.len())?;
2538        if in_size != out_size {
2539            return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
2540        }
2541        let rc = unsafe {
2542            sys::wc_AesXtsDecryptSector(&mut self.ws_xtsaes, dout.as_mut_ptr(),
2543                din.as_ptr(), in_size, sector)
2544        };
2545        if rc != 0 {
2546            return Err(rc);
2547        }
2548        Ok(())
2549    }
2550
2551    /// Decrypt consecutive sectors of data.
2552    ///
2553    /// The `init_decrypt()` method must be called before calling this method.
2554    ///
2555    /// This method is the same as `decrypt_sector()` except that the sector
2556    /// number is automatically incremented every `sector_size` bytes.
2557    ///
2558    /// # Parameters
2559    ///
2560    /// * `din`: Data to decrypt.
2561    /// * `dout`: Buffer in which to store the decrypted data. The size of
2562    ///   the buffer must match that of the `din` buffer.
2563    /// * `sector`: Sector number to use for decryption operation. This value
2564    ///   is expanded into a tweak value.
2565    /// * `sector_size`: Sector size. The `sector` value is internally
2566    ///   incremented every `sector_size` bytes.
2567    ///
2568    /// # Returns
2569    ///
2570    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
2571    /// library return code on failure.
2572    pub fn decrypt_consecutive_sectors(&mut self, din: &[u8], dout: &mut [u8],
2573            sector: u64, sector_size: u32) -> Result<(), i32> {
2574        let in_size = crate::buffer_len_to_u32(din.len())?;
2575        let out_size = crate::buffer_len_to_u32(dout.len())?;
2576        if in_size != out_size {
2577            return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
2578        }
2579        let rc = unsafe {
2580            sys::wc_AesXtsDecryptConsecutiveSectors(&mut self.ws_xtsaes,
2581                dout.as_mut_ptr(), din.as_ptr(), in_size, sector, sector_size)
2582        };
2583        if rc != 0 {
2584            return Err(rc);
2585        }
2586        Ok(())
2587    }
2588}
2589#[cfg(aes_xts)]
2590impl XTS {
2591    fn zeroize(&mut self) {
2592        unsafe { crate::zeroize_raw(&mut self.ws_xtsaes); }
2593    }
2594}
2595#[cfg(aes_xts)]
2596impl Drop for XTS {
2597    /// Safely free the wolfSSL resources.
2598    fn drop(&mut self) {
2599        unsafe { sys::wc_AesXtsFree(&mut self.ws_xtsaes); }
2600        self.zeroize();
2601    }
2602}
2603
2604/// AES XEX-based Tweaked-Codebook Mode With Ciphertext Stealing (XTS) support
2605/// (streaming functionality).
2606///
2607/// This struct provides streaming/chunking encryption and decryption
2608/// functionality. For one-shot functionality, see the `XTS` struct instead.
2609///
2610/// # Example
2611/// ```rust
2612/// #[cfg(aes_xts_stream)]
2613/// {
2614/// use wolfssl_wolfcrypt::aes::XTSStream;
2615/// let keys: [u8; 32] = [
2616///     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
2617///     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
2618///     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
2619///     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
2620/// ];
2621/// let tweak: [u8; 16] = [
2622///     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
2623///     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
2624/// ];
2625/// let plain: [u8; 40] = [
2626///     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
2627///     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
2628///     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
2629///     0x20, 0xff, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
2630///     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20
2631/// ];
2632/// let expected_cipher: [u8; 40] = [
2633///     0xA2, 0x07, 0x47, 0x76, 0x3F, 0xEC, 0x0C, 0x23,
2634///     0x1B, 0xD0, 0xBD, 0x46, 0x9A, 0x27, 0x38, 0x12,
2635///     0x95, 0x02, 0x3D, 0x5D, 0xC6, 0x94, 0x51, 0x36,
2636///     0xA0, 0x85, 0xD2, 0x69, 0x6E, 0x87, 0x0A, 0xBF,
2637///     0xB5, 0x5A, 0xDD, 0xCB, 0x80, 0xE0, 0xFC, 0xCD
2638/// ];
2639///
2640/// let mut xtsstream = XTSStream::new().expect("Failed to create XTSStream");
2641/// xtsstream.init_encrypt(&keys, &tweak).expect("Error with init_encrypt()");
2642/// let mut cipher: [u8; 40] = [0; 40];
2643/// xtsstream.encrypt_update(&plain[0..16], &mut cipher[0..16]).expect("Error with encrypt_update()");
2644/// xtsstream.encrypt_final(&plain[16..40], &mut cipher[16..40]).expect("Error with encrypt_final()");
2645/// assert_eq!(cipher, expected_cipher);
2646///
2647/// xtsstream.init_decrypt(&keys, &tweak).expect("Error with init_decrypt()");
2648/// let mut plain_out: [u8; 40] = [0; 40];
2649/// xtsstream.decrypt_update(&cipher[0..16], &mut plain_out[0..16]).expect("Error with decrypt_update()");
2650/// xtsstream.decrypt_final(&cipher[16..40], &mut plain_out[16..40]).expect("Error with decrypt_final()");
2651/// assert_eq!(plain_out, plain);
2652/// }
2653/// ```
2654#[cfg(aes_xts_stream)]
2655pub struct XTSStream {
2656    ws_xtsaes: sys::XtsAes,
2657    ws_xtsaesstreamdata: sys::XtsAesStreamData,
2658}
2659#[cfg(aes_xts_stream)]
2660impl XTSStream {
2661    /// Create a new `XTSStream` instance.
2662    ///
2663    /// # Returns
2664    ///
2665    /// A Result which is Ok(XTSStream) on success or an Err containing the
2666    /// wolfSSL library return code on failure.
2667    pub fn new() -> Result<Self, i32> {
2668        Self::new_ex(None, None)
2669    }
2670
2671    /// Create a new `XTSStream` instance with optional heap and device ID.
2672    ///
2673    /// # Parameters
2674    ///
2675    /// * `heap`: Optional heap hint.
2676    /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware.
2677    ///
2678    /// # Returns
2679    ///
2680    /// A Result which is Ok(XTSStream) on success or an Err containing the
2681    /// wolfSSL library return code on failure.
2682    pub fn new_ex(heap: Option<*mut core::ffi::c_void>, dev_id: Option<i32>) -> Result<Self, i32> {
2683        let ws_xtsaes = new_ws_xtsaes(heap, dev_id)?;
2684        let ws_xtsaesstreamdata: MaybeUninit<sys::XtsAesStreamData> = MaybeUninit::zeroed();
2685        let ws_xtsaesstreamdata = unsafe { ws_xtsaesstreamdata.assume_init() };
2686        let xtsstream = XTSStream {ws_xtsaes, ws_xtsaesstreamdata};
2687        Ok(xtsstream)
2688    }
2689
2690    /// Initialize a XTSStream instance for encryption.
2691    ///
2692    /// This method must be called before calling `encrypt_update()`.
2693    ///
2694    /// # Parameters
2695    ///
2696    /// * `key`: A slice containing the encryption key to use. The key must be
2697    ///   16, 24, or 32 bytes in length.
2698    /// * `tweak`: Tweak value to use for the encryption operation.
2699    ///
2700    /// # Returns
2701    ///
2702    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
2703    /// library return code on failure.
2704    pub fn init_encrypt(&mut self, key: &[u8], tweak: &[u8]) -> Result<(), i32> {
2705        let key_size = crate::buffer_len_to_u32(key.len())?;
2706        let rc = unsafe {
2707            sys::wc_AesXtsSetKeyNoInit(&mut self.ws_xtsaes,
2708                key.as_ptr(), key_size, sys::AES_ENCRYPTION as i32)
2709        };
2710        if rc != 0 {
2711            return Err(rc);
2712        }
2713        let tweak_size = crate::buffer_len_to_u32(tweak.len())?;
2714        let rc = unsafe {
2715            sys::wc_AesXtsEncryptInit(&mut self.ws_xtsaes,
2716                tweak.as_ptr(), tweak_size, &mut self.ws_xtsaesstreamdata)
2717        };
2718        if rc != 0 {
2719            return Err(rc);
2720        }
2721        Ok(())
2722    }
2723
2724    /// Initialize a XTSStream instance for decryption.
2725    ///
2726    /// This method must be called before calling `decrypt_update()`.
2727    ///
2728    /// # Parameters
2729    ///
2730    /// * `key`: A slice containing the decryption key to use. The key must be
2731    ///   16, 24, or 32 bytes in length.
2732    /// * `tweak`: Tweak value to use for the decryption operation.
2733    ///
2734    /// # Returns
2735    ///
2736    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
2737    /// library return code on failure.
2738    pub fn init_decrypt(&mut self, key: &[u8], tweak: &[u8]) -> Result<(), i32> {
2739        let key_size = crate::buffer_len_to_u32(key.len())?;
2740        let rc = unsafe {
2741            sys::wc_AesXtsSetKeyNoInit(&mut self.ws_xtsaes,
2742                key.as_ptr(), key_size, sys::AES_DECRYPTION as i32)
2743        };
2744        if rc != 0 {
2745            return Err(rc);
2746        }
2747        let tweak_size = crate::buffer_len_to_u32(tweak.len())?;
2748        let rc = unsafe {
2749            sys::wc_AesXtsDecryptInit(&mut self.ws_xtsaes,
2750                tweak.as_ptr(), tweak_size, &mut self.ws_xtsaesstreamdata)
2751        };
2752        if rc != 0 {
2753            return Err(rc);
2754        }
2755        Ok(())
2756    }
2757
2758    /// Add a chunk of data to encrypt.
2759    ///
2760    /// The `init_encrypt()` method must be called before calling this method.
2761    /// The `encrypt_final()` method must be called to finalize the encryption
2762    /// operation.
2763    ///
2764    /// # Parameters
2765    ///
2766    /// * `din`: Data to encrypt. The size of the data must be a multiple of
2767    ///   16 bytes. A final chunk of data that is not a multiple of 16 bytes
2768    ///   can be passed in to `encrypt_final()`.
2769    /// * `dout`: Buffer in which to store the encrypted data. The size of
2770    ///   the buffer must match that of the `din` buffer.
2771    ///
2772    /// # Returns
2773    ///
2774    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
2775    /// library return code on failure.
2776    pub fn encrypt_update(&mut self, din: &[u8], dout: &mut [u8]) -> Result<(), i32> {
2777        let in_size = crate::buffer_len_to_u32(din.len())?;
2778        let out_size = crate::buffer_len_to_u32(dout.len())?;
2779        if in_size != out_size {
2780            return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
2781        }
2782        let rc = unsafe {
2783            sys::wc_AesXtsEncryptUpdate(&mut self.ws_xtsaes, dout.as_mut_ptr(),
2784                din.as_ptr(), in_size, &mut self.ws_xtsaesstreamdata)
2785        };
2786        if rc != 0 {
2787            return Err(rc);
2788        }
2789        Ok(())
2790    }
2791
2792    /// Encrypt the final chunk of data.
2793    ///
2794    /// The `init_encrypt()` method must be called before calling this method.
2795    /// The `encrypt_update()` method may be called prior to this to encrypt
2796    /// blocks of data in chunks.
2797    ///
2798    /// # Parameters
2799    ///
2800    /// * `din`: Data to encrypt. The size of the data must be 0 or at least
2801    ///   16 bytes. It does not need to be a multiple of 16 bytes.
2802    /// * `dout`: Buffer in which to store the encrypted data. The size of
2803    ///   the buffer must match that of the `din` buffer.
2804    ///
2805    /// # Returns
2806    ///
2807    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
2808    /// library return code on failure.
2809    pub fn encrypt_final(&mut self, din: &[u8], dout: &mut [u8]) -> Result<(), i32> {
2810        let in_size = crate::buffer_len_to_u32(din.len())?;
2811        let out_size = crate::buffer_len_to_u32(dout.len())?;
2812        if in_size != out_size {
2813            return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
2814        }
2815        let rc = unsafe {
2816            sys::wc_AesXtsEncryptFinal(&mut self.ws_xtsaes, dout.as_mut_ptr(),
2817                din.as_ptr(), in_size, &mut self.ws_xtsaesstreamdata)
2818        };
2819        if rc != 0 {
2820            return Err(rc);
2821        }
2822        Ok(())
2823    }
2824
2825    /// Add a chunk of data to decrypt.
2826    ///
2827    /// The `init_decrypt()` method must be called before calling this method.
2828    /// The `decrypt_final()` method must be called to finalize the decryption
2829    /// operation.
2830    ///
2831    /// # Parameters
2832    ///
2833    /// * `din`: Data to decrypt. The size of the data must be a multiple of
2834    ///   16 bytes. A final chunk of data that is not a multiple of 16 bytes
2835    ///   can be passed in to `decrypt_final()`.
2836    /// * `dout`: Buffer in which to store the decrypted data. The size of
2837    ///   the buffer must match that of the `din` buffer.
2838    ///
2839    /// # Returns
2840    ///
2841    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
2842    /// library return code on failure.
2843    pub fn decrypt_update(&mut self, din: &[u8], dout: &mut [u8]) -> Result<(), i32> {
2844        let in_size = crate::buffer_len_to_u32(din.len())?;
2845        let out_size = crate::buffer_len_to_u32(dout.len())?;
2846        if in_size != out_size {
2847            return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
2848        }
2849        let rc = unsafe {
2850            sys::wc_AesXtsDecryptUpdate(&mut self.ws_xtsaes, dout.as_mut_ptr(),
2851                din.as_ptr(), in_size, &mut self.ws_xtsaesstreamdata)
2852        };
2853        if rc != 0 {
2854            return Err(rc);
2855        }
2856        Ok(())
2857    }
2858
2859    /// Decrypt the final chunk of data.
2860    ///
2861    /// The `init_decrypt()` method must be called before calling this method.
2862    /// The `decrypt_update()` method may be called prior to this to decrypt
2863    /// blocks of data in chunks.
2864    ///
2865    /// # Parameters
2866    ///
2867    /// * `din`: Data to decrypt. The size of the data must be 0 or at least
2868    ///   16 bytes. It does not need to be a multiple of 16 bytes.
2869    /// * `dout`: Buffer in which to store the decrypted data. The size of
2870    ///   the buffer must match that of the `din` buffer.
2871    ///
2872    /// # Returns
2873    ///
2874    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
2875    /// library return code on failure.
2876    pub fn decrypt_final(&mut self, din: &[u8], dout: &mut [u8]) -> Result<(), i32> {
2877        let in_size = crate::buffer_len_to_u32(din.len())?;
2878        let out_size = crate::buffer_len_to_u32(dout.len())?;
2879        if in_size != out_size {
2880            return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
2881        }
2882        let rc = unsafe {
2883            sys::wc_AesXtsDecryptFinal(&mut self.ws_xtsaes, dout.as_mut_ptr(),
2884                din.as_ptr(), in_size, &mut self.ws_xtsaesstreamdata)
2885        };
2886        if rc != 0 {
2887            return Err(rc);
2888        }
2889        Ok(())
2890    }
2891}
2892#[cfg(aes_xts_stream)]
2893impl XTSStream {
2894    fn zeroize(&mut self) {
2895        unsafe { crate::zeroize_raw(&mut self.ws_xtsaes); }
2896    }
2897}
2898#[cfg(aes_xts_stream)]
2899impl Drop for XTSStream {
2900    /// Safely free the wolfSSL resources.
2901    fn drop(&mut self) {
2902        unsafe { sys::wc_AesXtsFree(&mut self.ws_xtsaes); }
2903        self.zeroize();
2904    }
2905}
2906
2907// ---------------------------------------------------------------------------
2908// AES-ECB cipher trait implementations
2909// ---------------------------------------------------------------------------
2910
2911/// AES-128 ECB block cipher (encryption) implementing [`cipher::BlockModeEncrypt`].
2912///
2913/// The key schedule is computed once during construction via
2914/// [`cipher::KeyInit::new`] or [`cipher::KeyInit::new_from_slice`].
2915#[cfg(all(aes_ecb, feature = "cipher"))]
2916pub struct Aes128EcbEnc {
2917    inner: ECB,
2918}
2919
2920#[cfg(all(aes_ecb, feature = "cipher"))]
2921impl cipher::KeySizeUser for Aes128EcbEnc {
2922    type KeySize = U16;
2923}
2924
2925#[cfg(all(aes_ecb, feature = "cipher"))]
2926impl cipher::BlockSizeUser for Aes128EcbEnc {
2927    type BlockSize = U16;
2928}
2929
2930#[cfg(all(aes_ecb, feature = "cipher"))]
2931impl cipher::KeyInit for Aes128EcbEnc {
2932    fn new(key: &cipher::Key<Self>) -> Self {
2933        let mut ecb = ECB::new().expect("wc_AesInit failed");
2934        ecb.init_encrypt(key.as_ref()).expect("wc_AesSetKey failed");
2935        Self { inner: ecb }
2936    }
2937}
2938
2939#[cfg(all(aes_ecb, feature = "cipher"))]
2940struct Aes128EcbEncBackend<'a>(&'a mut Aes128EcbEnc);
2941
2942#[cfg(all(aes_ecb, feature = "cipher"))]
2943impl cipher::BlockSizeUser for Aes128EcbEncBackend<'_> {
2944    type BlockSize = U16;
2945}
2946
2947#[cfg(all(aes_ecb, feature = "cipher"))]
2948impl ParBlocksSizeUser for Aes128EcbEncBackend<'_> {
2949    type ParBlocksSize = cipher::typenum::consts::U1;
2950}
2951
2952#[cfg(all(aes_ecb, feature = "cipher"))]
2953impl BlockModeEncBackend for Aes128EcbEncBackend<'_> {
2954    fn encrypt_block(&mut self, mut block: cipher::InOut<'_, '_, cipher::Block<Self>>) {
2955        let in_block = *block.get_in();
2956        let out = block.get_out();
2957        self.0.inner.encrypt(in_block.as_ref(), out.as_mut()).expect("wc_AesEcbEncrypt failed");
2958    }
2959}
2960
2961#[cfg(all(aes_ecb, feature = "cipher"))]
2962impl BlockModeEncrypt for Aes128EcbEnc {
2963    fn encrypt_with_backend(&mut self, f: impl BlockModeEncClosure<BlockSize = Self::BlockSize>) {
2964        f.call(&mut Aes128EcbEncBackend(self));
2965    }
2966}
2967
2968/// AES-192 ECB block cipher (encryption) implementing [`cipher::BlockModeEncrypt`].
2969#[cfg(all(aes_ecb, feature = "cipher"))]
2970pub struct Aes192EcbEnc {
2971    inner: ECB,
2972}
2973
2974#[cfg(all(aes_ecb, feature = "cipher"))]
2975impl cipher::KeySizeUser for Aes192EcbEnc {
2976    type KeySize = U24;
2977}
2978
2979#[cfg(all(aes_ecb, feature = "cipher"))]
2980impl cipher::BlockSizeUser for Aes192EcbEnc {
2981    type BlockSize = U16;
2982}
2983
2984#[cfg(all(aes_ecb, feature = "cipher"))]
2985impl cipher::KeyInit for Aes192EcbEnc {
2986    fn new(key: &cipher::Key<Self>) -> Self {
2987        let mut ecb = ECB::new().expect("wc_AesInit failed");
2988        ecb.init_encrypt(key.as_ref()).expect("wc_AesSetKey failed");
2989        Self { inner: ecb }
2990    }
2991}
2992
2993#[cfg(all(aes_ecb, feature = "cipher"))]
2994struct Aes192EcbEncBackend<'a>(&'a mut Aes192EcbEnc);
2995
2996#[cfg(all(aes_ecb, feature = "cipher"))]
2997impl cipher::BlockSizeUser for Aes192EcbEncBackend<'_> {
2998    type BlockSize = U16;
2999}
3000
3001#[cfg(all(aes_ecb, feature = "cipher"))]
3002impl ParBlocksSizeUser for Aes192EcbEncBackend<'_> {
3003    type ParBlocksSize = cipher::typenum::consts::U1;
3004}
3005
3006#[cfg(all(aes_ecb, feature = "cipher"))]
3007impl BlockModeEncBackend for Aes192EcbEncBackend<'_> {
3008    fn encrypt_block(&mut self, mut block: cipher::InOut<'_, '_, cipher::Block<Self>>) {
3009        let in_block = *block.get_in();
3010        let out = block.get_out();
3011        self.0.inner.encrypt(in_block.as_ref(), out.as_mut()).expect("wc_AesEcbEncrypt failed");
3012    }
3013}
3014
3015#[cfg(all(aes_ecb, feature = "cipher"))]
3016impl BlockModeEncrypt for Aes192EcbEnc {
3017    fn encrypt_with_backend(&mut self, f: impl BlockModeEncClosure<BlockSize = Self::BlockSize>) {
3018        f.call(&mut Aes192EcbEncBackend(self));
3019    }
3020}
3021
3022/// AES-256 ECB block cipher (encryption) implementing [`cipher::BlockModeEncrypt`].
3023#[cfg(all(aes_ecb, feature = "cipher"))]
3024pub struct Aes256EcbEnc {
3025    inner: ECB,
3026}
3027
3028#[cfg(all(aes_ecb, feature = "cipher"))]
3029impl cipher::KeySizeUser for Aes256EcbEnc {
3030    type KeySize = U32;
3031}
3032
3033#[cfg(all(aes_ecb, feature = "cipher"))]
3034impl cipher::BlockSizeUser for Aes256EcbEnc {
3035    type BlockSize = U16;
3036}
3037
3038#[cfg(all(aes_ecb, feature = "cipher"))]
3039impl cipher::KeyInit for Aes256EcbEnc {
3040    fn new(key: &cipher::Key<Self>) -> Self {
3041        let mut ecb = ECB::new().expect("wc_AesInit failed");
3042        ecb.init_encrypt(key.as_ref()).expect("wc_AesSetKey failed");
3043        Self { inner: ecb }
3044    }
3045}
3046
3047#[cfg(all(aes_ecb, feature = "cipher"))]
3048struct Aes256EcbEncBackend<'a>(&'a mut Aes256EcbEnc);
3049
3050#[cfg(all(aes_ecb, feature = "cipher"))]
3051impl cipher::BlockSizeUser for Aes256EcbEncBackend<'_> {
3052    type BlockSize = U16;
3053}
3054
3055#[cfg(all(aes_ecb, feature = "cipher"))]
3056impl ParBlocksSizeUser for Aes256EcbEncBackend<'_> {
3057    type ParBlocksSize = cipher::typenum::consts::U1;
3058}
3059
3060#[cfg(all(aes_ecb, feature = "cipher"))]
3061impl BlockModeEncBackend for Aes256EcbEncBackend<'_> {
3062    fn encrypt_block(&mut self, mut block: cipher::InOut<'_, '_, cipher::Block<Self>>) {
3063        let in_block = *block.get_in();
3064        let out = block.get_out();
3065        self.0.inner.encrypt(in_block.as_ref(), out.as_mut()).expect("wc_AesEcbEncrypt failed");
3066    }
3067}
3068
3069#[cfg(all(aes_ecb, feature = "cipher"))]
3070impl BlockModeEncrypt for Aes256EcbEnc {
3071    fn encrypt_with_backend(&mut self, f: impl BlockModeEncClosure<BlockSize = Self::BlockSize>) {
3072        f.call(&mut Aes256EcbEncBackend(self));
3073    }
3074}
3075
3076/// AES-128 ECB block cipher (decryption) implementing [`cipher::BlockModeDecrypt`].
3077///
3078/// The key schedule is computed once during construction via
3079/// [`cipher::KeyInit::new`] or [`cipher::KeyInit::new_from_slice`].
3080#[cfg(all(aes_ecb, feature = "cipher"))]
3081pub struct Aes128EcbDec {
3082    inner: ECB,
3083}
3084
3085#[cfg(all(aes_ecb, feature = "cipher"))]
3086impl cipher::KeySizeUser for Aes128EcbDec {
3087    type KeySize = U16;
3088}
3089
3090#[cfg(all(aes_ecb, feature = "cipher"))]
3091impl cipher::BlockSizeUser for Aes128EcbDec {
3092    type BlockSize = U16;
3093}
3094
3095#[cfg(all(aes_ecb, feature = "cipher"))]
3096impl cipher::KeyInit for Aes128EcbDec {
3097    fn new(key: &cipher::Key<Self>) -> Self {
3098        let mut ecb = ECB::new().expect("wc_AesInit failed");
3099        ecb.init_decrypt(key.as_ref()).expect("wc_AesSetKey failed");
3100        Self { inner: ecb }
3101    }
3102}
3103
3104#[cfg(all(aes_ecb, feature = "cipher"))]
3105struct Aes128EcbDecBackend<'a>(&'a mut Aes128EcbDec);
3106
3107#[cfg(all(aes_ecb, feature = "cipher"))]
3108impl cipher::BlockSizeUser for Aes128EcbDecBackend<'_> {
3109    type BlockSize = U16;
3110}
3111
3112#[cfg(all(aes_ecb, feature = "cipher"))]
3113impl ParBlocksSizeUser for Aes128EcbDecBackend<'_> {
3114    type ParBlocksSize = cipher::typenum::consts::U1;
3115}
3116
3117#[cfg(all(aes_ecb, feature = "cipher"))]
3118impl BlockModeDecBackend for Aes128EcbDecBackend<'_> {
3119    fn decrypt_block(&mut self, mut block: cipher::InOut<'_, '_, cipher::Block<Self>>) {
3120        let in_block = *block.get_in();
3121        let out = block.get_out();
3122        self.0.inner.decrypt(in_block.as_ref(), out.as_mut()).expect("wc_AesEcbDecrypt failed");
3123    }
3124}
3125
3126#[cfg(all(aes_ecb, feature = "cipher"))]
3127impl BlockModeDecrypt for Aes128EcbDec {
3128    fn decrypt_with_backend(&mut self, f: impl BlockModeDecClosure<BlockSize = Self::BlockSize>) {
3129        f.call(&mut Aes128EcbDecBackend(self));
3130    }
3131}
3132
3133/// AES-192 ECB block cipher (decryption) implementing [`cipher::BlockModeDecrypt`].
3134#[cfg(all(aes_ecb, feature = "cipher"))]
3135pub struct Aes192EcbDec {
3136    inner: ECB,
3137}
3138
3139#[cfg(all(aes_ecb, feature = "cipher"))]
3140impl cipher::KeySizeUser for Aes192EcbDec {
3141    type KeySize = U24;
3142}
3143
3144#[cfg(all(aes_ecb, feature = "cipher"))]
3145impl cipher::BlockSizeUser for Aes192EcbDec {
3146    type BlockSize = U16;
3147}
3148
3149#[cfg(all(aes_ecb, feature = "cipher"))]
3150impl cipher::KeyInit for Aes192EcbDec {
3151    fn new(key: &cipher::Key<Self>) -> Self {
3152        let mut ecb = ECB::new().expect("wc_AesInit failed");
3153        ecb.init_decrypt(key.as_ref()).expect("wc_AesSetKey failed");
3154        Self { inner: ecb }
3155    }
3156}
3157
3158#[cfg(all(aes_ecb, feature = "cipher"))]
3159struct Aes192EcbDecBackend<'a>(&'a mut Aes192EcbDec);
3160
3161#[cfg(all(aes_ecb, feature = "cipher"))]
3162impl cipher::BlockSizeUser for Aes192EcbDecBackend<'_> {
3163    type BlockSize = U16;
3164}
3165
3166#[cfg(all(aes_ecb, feature = "cipher"))]
3167impl ParBlocksSizeUser for Aes192EcbDecBackend<'_> {
3168    type ParBlocksSize = cipher::typenum::consts::U1;
3169}
3170
3171#[cfg(all(aes_ecb, feature = "cipher"))]
3172impl BlockModeDecBackend for Aes192EcbDecBackend<'_> {
3173    fn decrypt_block(&mut self, mut block: cipher::InOut<'_, '_, cipher::Block<Self>>) {
3174        let in_block = *block.get_in();
3175        let out = block.get_out();
3176        self.0.inner.decrypt(in_block.as_ref(), out.as_mut()).expect("wc_AesEcbDecrypt failed");
3177    }
3178}
3179
3180#[cfg(all(aes_ecb, feature = "cipher"))]
3181impl BlockModeDecrypt for Aes192EcbDec {
3182    fn decrypt_with_backend(&mut self, f: impl BlockModeDecClosure<BlockSize = Self::BlockSize>) {
3183        f.call(&mut Aes192EcbDecBackend(self));
3184    }
3185}
3186
3187/// AES-256 ECB block cipher (decryption) implementing [`cipher::BlockModeDecrypt`].
3188#[cfg(all(aes_ecb, feature = "cipher"))]
3189pub struct Aes256EcbDec {
3190    inner: ECB,
3191}
3192
3193#[cfg(all(aes_ecb, feature = "cipher"))]
3194impl cipher::KeySizeUser for Aes256EcbDec {
3195    type KeySize = U32;
3196}
3197
3198#[cfg(all(aes_ecb, feature = "cipher"))]
3199impl cipher::BlockSizeUser for Aes256EcbDec {
3200    type BlockSize = U16;
3201}
3202
3203#[cfg(all(aes_ecb, feature = "cipher"))]
3204impl cipher::KeyInit for Aes256EcbDec {
3205    fn new(key: &cipher::Key<Self>) -> Self {
3206        let mut ecb = ECB::new().expect("wc_AesInit failed");
3207        ecb.init_decrypt(key.as_ref()).expect("wc_AesSetKey failed");
3208        Self { inner: ecb }
3209    }
3210}
3211
3212#[cfg(all(aes_ecb, feature = "cipher"))]
3213struct Aes256EcbDecBackend<'a>(&'a mut Aes256EcbDec);
3214
3215#[cfg(all(aes_ecb, feature = "cipher"))]
3216impl cipher::BlockSizeUser for Aes256EcbDecBackend<'_> {
3217    type BlockSize = U16;
3218}
3219
3220#[cfg(all(aes_ecb, feature = "cipher"))]
3221impl ParBlocksSizeUser for Aes256EcbDecBackend<'_> {
3222    type ParBlocksSize = cipher::typenum::consts::U1;
3223}
3224
3225#[cfg(all(aes_ecb, feature = "cipher"))]
3226impl BlockModeDecBackend for Aes256EcbDecBackend<'_> {
3227    fn decrypt_block(&mut self, mut block: cipher::InOut<'_, '_, cipher::Block<Self>>) {
3228        let in_block = *block.get_in();
3229        let out = block.get_out();
3230        self.0.inner.decrypt(in_block.as_ref(), out.as_mut()).expect("wc_AesEcbDecrypt failed");
3231    }
3232}
3233
3234#[cfg(all(aes_ecb, feature = "cipher"))]
3235impl BlockModeDecrypt for Aes256EcbDec {
3236    fn decrypt_with_backend(&mut self, f: impl BlockModeDecClosure<BlockSize = Self::BlockSize>) {
3237        f.call(&mut Aes256EcbDecBackend(self));
3238    }
3239}
3240
3241// ---------------------------------------------------------------------------
3242// AES-CTR cipher trait implementations
3243// ---------------------------------------------------------------------------
3244
3245/// AES-128 CTR stream cipher implementing [`cipher::StreamCipher`].
3246///
3247/// wolfCrypt AES-CTR supports in-place operation, so the in/out pointers from
3248/// the [`cipher::inout::InOutBuf`] are passed directly to `wc_AesCtrEncrypt`.
3249#[cfg(all(aes_ctr, feature = "cipher"))]
3250pub struct Aes128Ctr {
3251    inner: CTR,
3252}
3253
3254#[cfg(all(aes_ctr, feature = "cipher"))]
3255impl cipher::KeySizeUser for Aes128Ctr {
3256    type KeySize = U16;
3257}
3258
3259#[cfg(all(aes_ctr, feature = "cipher"))]
3260impl IvSizeUser for Aes128Ctr {
3261    type IvSize = U16;
3262}
3263
3264#[cfg(all(aes_ctr, feature = "cipher"))]
3265impl KeyIvInit for Aes128Ctr {
3266    fn new(key: &cipher::Key<Self>, iv: &cipher::Iv<Self>) -> Self {
3267        let mut ctr = CTR::new().expect("wc_AesInit failed");
3268        ctr.init(key.as_ref(), iv.as_ref()).expect("wc_AesSetKeyDirect failed");
3269        Self { inner: ctr }
3270    }
3271}
3272
3273#[cfg(all(aes_ctr, feature = "cipher"))]
3274impl StreamCipher for Aes128Ctr {
3275    fn check_remaining(&self, _data_len: usize) -> Result<(), StreamCipherError> {
3276        Ok(())
3277    }
3278
3279    fn unchecked_apply_keystream_inout(&mut self, mut buf: cipher::InOutBuf<'_, '_, u8>) {
3280        let len = buf.len();
3281        if len == 0 { return; }
3282        assert!(len <= u32::MAX as usize, "buffer too large for wc_AesCtrEncrypt");
3283        // wolfCrypt AES-CTR supports in-place operation (out == in).
3284        let in_ptr = buf.get_in().as_ptr();
3285        let out_ptr = buf.get_out().as_mut_ptr();
3286        // SAFETY: CTR in-place is valid; C function called directly to avoid
3287        // creating aliasing slices.
3288        let rc = unsafe { sys::wc_AesCtrEncrypt(&mut self.inner.ws_aes, out_ptr, in_ptr, len as u32) };
3289        assert_eq!(rc, 0, "wc_AesCtrEncrypt failed");
3290    }
3291
3292    fn unchecked_write_keystream(&mut self, buf: &mut [u8]) {
3293        buf.fill(0);
3294        self.unchecked_apply_keystream_inout(buf.into());
3295    }
3296}
3297
3298/// AES-192 CTR stream cipher implementing [`cipher::StreamCipher`].
3299#[cfg(all(aes_ctr, feature = "cipher"))]
3300pub struct Aes192Ctr {
3301    inner: CTR,
3302}
3303
3304#[cfg(all(aes_ctr, feature = "cipher"))]
3305impl cipher::KeySizeUser for Aes192Ctr {
3306    type KeySize = U24;
3307}
3308
3309#[cfg(all(aes_ctr, feature = "cipher"))]
3310impl IvSizeUser for Aes192Ctr {
3311    type IvSize = U16;
3312}
3313
3314#[cfg(all(aes_ctr, feature = "cipher"))]
3315impl KeyIvInit for Aes192Ctr {
3316    fn new(key: &cipher::Key<Self>, iv: &cipher::Iv<Self>) -> Self {
3317        let mut ctr = CTR::new().expect("wc_AesInit failed");
3318        ctr.init(key.as_ref(), iv.as_ref()).expect("wc_AesSetKeyDirect failed");
3319        Self { inner: ctr }
3320    }
3321}
3322
3323#[cfg(all(aes_ctr, feature = "cipher"))]
3324impl StreamCipher for Aes192Ctr {
3325    fn check_remaining(&self, _data_len: usize) -> Result<(), StreamCipherError> {
3326        Ok(())
3327    }
3328
3329    fn unchecked_apply_keystream_inout(&mut self, mut buf: cipher::InOutBuf<'_, '_, u8>) {
3330        let len = buf.len();
3331        if len == 0 { return; }
3332        assert!(len <= u32::MAX as usize, "buffer too large for wc_AesCtrEncrypt");
3333        let in_ptr = buf.get_in().as_ptr();
3334        let out_ptr = buf.get_out().as_mut_ptr();
3335        // SAFETY: CTR in-place is valid; C function called directly to avoid
3336        // creating aliasing slices.
3337        let rc = unsafe { sys::wc_AesCtrEncrypt(&mut self.inner.ws_aes, out_ptr, in_ptr, len as u32) };
3338        assert_eq!(rc, 0, "wc_AesCtrEncrypt failed");
3339    }
3340
3341    fn unchecked_write_keystream(&mut self, buf: &mut [u8]) {
3342        buf.fill(0);
3343        self.unchecked_apply_keystream_inout(buf.into());
3344    }
3345}
3346
3347/// AES-256 CTR stream cipher implementing [`cipher::StreamCipher`].
3348#[cfg(all(aes_ctr, feature = "cipher"))]
3349pub struct Aes256Ctr {
3350    inner: CTR,
3351}
3352
3353#[cfg(all(aes_ctr, feature = "cipher"))]
3354impl cipher::KeySizeUser for Aes256Ctr {
3355    type KeySize = U32;
3356}
3357
3358#[cfg(all(aes_ctr, feature = "cipher"))]
3359impl IvSizeUser for Aes256Ctr {
3360    type IvSize = U16;
3361}
3362
3363#[cfg(all(aes_ctr, feature = "cipher"))]
3364impl KeyIvInit for Aes256Ctr {
3365    fn new(key: &cipher::Key<Self>, iv: &cipher::Iv<Self>) -> Self {
3366        let mut ctr = CTR::new().expect("wc_AesInit failed");
3367        ctr.init(key.as_ref(), iv.as_ref()).expect("wc_AesSetKeyDirect failed");
3368        Self { inner: ctr }
3369    }
3370}
3371
3372#[cfg(all(aes_ctr, feature = "cipher"))]
3373impl StreamCipher for Aes256Ctr {
3374    fn check_remaining(&self, _data_len: usize) -> Result<(), StreamCipherError> {
3375        Ok(())
3376    }
3377
3378    fn unchecked_apply_keystream_inout(&mut self, mut buf: cipher::InOutBuf<'_, '_, u8>) {
3379        let len = buf.len();
3380        if len == 0 { return; }
3381        assert!(len <= u32::MAX as usize, "buffer too large for wc_AesCtrEncrypt");
3382        let in_ptr = buf.get_in().as_ptr();
3383        let out_ptr = buf.get_out().as_mut_ptr();
3384        // SAFETY: CTR in-place is valid; C function called directly to avoid
3385        // creating aliasing slices.
3386        let rc = unsafe { sys::wc_AesCtrEncrypt(&mut self.inner.ws_aes, out_ptr, in_ptr, len as u32) };
3387        assert_eq!(rc, 0, "wc_AesCtrEncrypt failed");
3388    }
3389
3390    fn unchecked_write_keystream(&mut self, buf: &mut [u8]) {
3391        buf.fill(0);
3392        self.unchecked_apply_keystream_inout(buf.into());
3393    }
3394}
3395
3396// ---------------------------------------------------------------------------
3397// AES-OFB cipher trait implementations
3398// ---------------------------------------------------------------------------
3399
3400/// AES-128 OFB stream cipher implementing [`cipher::StreamCipher`].
3401///
3402/// OFB (Output FeedBack) generates a keystream independent of the data, so
3403/// [`StreamCipher::apply_keystream`] is self-inverse and wolfCrypt supports
3404/// in-place operation.
3405#[cfg(all(aes_ofb, feature = "cipher"))]
3406pub struct Aes128Ofb {
3407    inner: OFB,
3408}
3409
3410#[cfg(all(aes_ofb, feature = "cipher"))]
3411impl cipher::KeySizeUser for Aes128Ofb {
3412    type KeySize = U16;
3413}
3414
3415#[cfg(all(aes_ofb, feature = "cipher"))]
3416impl IvSizeUser for Aes128Ofb {
3417    type IvSize = U16;
3418}
3419
3420#[cfg(all(aes_ofb, feature = "cipher"))]
3421impl KeyIvInit for Aes128Ofb {
3422    fn new(key: &cipher::Key<Self>, iv: &cipher::Iv<Self>) -> Self {
3423        let mut ofb = OFB::new().expect("wc_AesInit failed");
3424        ofb.init(key.as_ref(), iv.as_ref()).expect("wc_AesSetKey failed");
3425        Self { inner: ofb }
3426    }
3427}
3428
3429#[cfg(all(aes_ofb, feature = "cipher"))]
3430impl StreamCipher for Aes128Ofb {
3431    fn check_remaining(&self, _data_len: usize) -> Result<(), StreamCipherError> {
3432        Ok(())
3433    }
3434
3435    fn unchecked_apply_keystream_inout(&mut self, mut buf: cipher::InOutBuf<'_, '_, u8>) {
3436        let len = buf.len();
3437        if len == 0 { return; }
3438        assert!(len <= u32::MAX as usize, "buffer too large for wc_AesOfbEncrypt");
3439        // wolfCrypt AES-OFB supports in-place operation (out == in).
3440        let in_ptr = buf.get_in().as_ptr();
3441        let out_ptr = buf.get_out().as_mut_ptr();
3442        // SAFETY: OFB in-place is valid; C function called directly to avoid
3443        // creating aliasing slices.
3444        let rc = unsafe { sys::wc_AesOfbEncrypt(&mut self.inner.ws_aes, out_ptr, in_ptr, len as u32) };
3445        assert_eq!(rc, 0, "wc_AesOfbEncrypt failed");
3446    }
3447
3448    fn unchecked_write_keystream(&mut self, buf: &mut [u8]) {
3449        buf.fill(0);
3450        self.unchecked_apply_keystream_inout(buf.into());
3451    }
3452}
3453
3454/// AES-192 OFB stream cipher implementing [`cipher::StreamCipher`].
3455#[cfg(all(aes_ofb, feature = "cipher"))]
3456pub struct Aes192Ofb {
3457    inner: OFB,
3458}
3459
3460#[cfg(all(aes_ofb, feature = "cipher"))]
3461impl cipher::KeySizeUser for Aes192Ofb {
3462    type KeySize = U24;
3463}
3464
3465#[cfg(all(aes_ofb, feature = "cipher"))]
3466impl IvSizeUser for Aes192Ofb {
3467    type IvSize = U16;
3468}
3469
3470#[cfg(all(aes_ofb, feature = "cipher"))]
3471impl KeyIvInit for Aes192Ofb {
3472    fn new(key: &cipher::Key<Self>, iv: &cipher::Iv<Self>) -> Self {
3473        let mut ofb = OFB::new().expect("wc_AesInit failed");
3474        ofb.init(key.as_ref(), iv.as_ref()).expect("wc_AesSetKey failed");
3475        Self { inner: ofb }
3476    }
3477}
3478
3479#[cfg(all(aes_ofb, feature = "cipher"))]
3480impl StreamCipher for Aes192Ofb {
3481    fn check_remaining(&self, _data_len: usize) -> Result<(), StreamCipherError> {
3482        Ok(())
3483    }
3484
3485    fn unchecked_apply_keystream_inout(&mut self, mut buf: cipher::InOutBuf<'_, '_, u8>) {
3486        let len = buf.len();
3487        if len == 0 { return; }
3488        assert!(len <= u32::MAX as usize, "buffer too large for wc_AesOfbEncrypt");
3489        let in_ptr = buf.get_in().as_ptr();
3490        let out_ptr = buf.get_out().as_mut_ptr();
3491        // SAFETY: OFB in-place is valid; C function called directly to avoid
3492        // creating aliasing slices.
3493        let rc = unsafe { sys::wc_AesOfbEncrypt(&mut self.inner.ws_aes, out_ptr, in_ptr, len as u32) };
3494        assert_eq!(rc, 0, "wc_AesOfbEncrypt failed");
3495    }
3496
3497    fn unchecked_write_keystream(&mut self, buf: &mut [u8]) {
3498        buf.fill(0);
3499        self.unchecked_apply_keystream_inout(buf.into());
3500    }
3501}
3502
3503/// AES-256 OFB stream cipher implementing [`cipher::StreamCipher`].
3504#[cfg(all(aes_ofb, feature = "cipher"))]
3505pub struct Aes256Ofb {
3506    inner: OFB,
3507}
3508
3509#[cfg(all(aes_ofb, feature = "cipher"))]
3510impl cipher::KeySizeUser for Aes256Ofb {
3511    type KeySize = U32;
3512}
3513
3514#[cfg(all(aes_ofb, feature = "cipher"))]
3515impl IvSizeUser for Aes256Ofb {
3516    type IvSize = U16;
3517}
3518
3519#[cfg(all(aes_ofb, feature = "cipher"))]
3520impl KeyIvInit for Aes256Ofb {
3521    fn new(key: &cipher::Key<Self>, iv: &cipher::Iv<Self>) -> Self {
3522        let mut ofb = OFB::new().expect("wc_AesInit failed");
3523        ofb.init(key.as_ref(), iv.as_ref()).expect("wc_AesSetKey failed");
3524        Self { inner: ofb }
3525    }
3526}
3527
3528#[cfg(all(aes_ofb, feature = "cipher"))]
3529impl StreamCipher for Aes256Ofb {
3530    fn check_remaining(&self, _data_len: usize) -> Result<(), StreamCipherError> {
3531        Ok(())
3532    }
3533
3534    fn unchecked_apply_keystream_inout(&mut self, mut buf: cipher::InOutBuf<'_, '_, u8>) {
3535        let len = buf.len();
3536        if len == 0 { return; }
3537        assert!(len <= u32::MAX as usize, "buffer too large for wc_AesOfbEncrypt");
3538        let in_ptr = buf.get_in().as_ptr();
3539        let out_ptr = buf.get_out().as_mut_ptr();
3540        // SAFETY: OFB in-place is valid; C function called directly to avoid
3541        // creating aliasing slices.
3542        let rc = unsafe { sys::wc_AesOfbEncrypt(&mut self.inner.ws_aes, out_ptr, in_ptr, len as u32) };
3543        assert_eq!(rc, 0, "wc_AesOfbEncrypt failed");
3544    }
3545
3546    fn unchecked_write_keystream(&mut self, buf: &mut [u8]) {
3547        buf.fill(0);
3548        self.unchecked_apply_keystream_inout(buf.into());
3549    }
3550}
3551
3552// ---------------------------------------------------------------------------
3553// AES-CBC block mode trait implementations
3554// ---------------------------------------------------------------------------
3555
3556/// AES-128 CBC block cipher (encryption) implementing [`cipher::BlockModeEncrypt`].
3557///
3558/// CBC chains ciphertext blocks: each plaintext block is XORed with the
3559/// previous ciphertext block (or the IV for the first block) before
3560/// encryption. wolfCrypt maintains the IV state internally between calls,
3561/// so blocks can be encrypted one at a time and the chaining is preserved.
3562#[cfg(all(aes_cbc, feature = "cipher"))]
3563pub struct Aes128CbcEnc {
3564    inner: CBC,
3565}
3566
3567#[cfg(all(aes_cbc, feature = "cipher"))]
3568impl cipher::KeySizeUser for Aes128CbcEnc {
3569    type KeySize = U16;
3570}
3571
3572#[cfg(all(aes_cbc, feature = "cipher"))]
3573impl cipher::BlockSizeUser for Aes128CbcEnc {
3574    type BlockSize = U16;
3575}
3576
3577#[cfg(all(aes_cbc, feature = "cipher"))]
3578impl IvSizeUser for Aes128CbcEnc {
3579    type IvSize = U16;
3580}
3581
3582#[cfg(all(aes_cbc, feature = "cipher"))]
3583impl KeyIvInit for Aes128CbcEnc {
3584    fn new(key: &cipher::Key<Self>, iv: &cipher::Iv<Self>) -> Self {
3585        let mut cbc = CBC::new().expect("wc_AesInit failed");
3586        cbc.init_encrypt(key.as_ref(), iv.as_ref()).expect("wc_AesSetKey failed");
3587        Self { inner: cbc }
3588    }
3589}
3590
3591#[cfg(all(aes_cbc, feature = "cipher"))]
3592struct Aes128CbcEncBackend<'a>(&'a mut Aes128CbcEnc);
3593
3594#[cfg(all(aes_cbc, feature = "cipher"))]
3595impl cipher::BlockSizeUser for Aes128CbcEncBackend<'_> {
3596    type BlockSize = U16;
3597}
3598
3599#[cfg(all(aes_cbc, feature = "cipher"))]
3600impl ParBlocksSizeUser for Aes128CbcEncBackend<'_> {
3601    type ParBlocksSize = cipher::typenum::consts::U1;
3602}
3603
3604#[cfg(all(aes_cbc, feature = "cipher"))]
3605impl BlockModeEncBackend for Aes128CbcEncBackend<'_> {
3606    fn encrypt_block(&mut self, mut block: cipher::InOut<'_, '_, cipher::Block<Self>>) {
3607        let in_block = *block.get_in();
3608        let out = block.get_out();
3609        self.0.inner.encrypt(in_block.as_ref(), out.as_mut()).expect("wc_AesCbcEncrypt failed");
3610    }
3611}
3612
3613#[cfg(all(aes_cbc, feature = "cipher"))]
3614impl BlockModeEncrypt for Aes128CbcEnc {
3615    fn encrypt_with_backend(&mut self, f: impl BlockModeEncClosure<BlockSize = Self::BlockSize>) {
3616        f.call(&mut Aes128CbcEncBackend(self));
3617    }
3618}
3619
3620/// AES-192 CBC block cipher (encryption) implementing [`cipher::BlockModeEncrypt`].
3621#[cfg(all(aes_cbc, feature = "cipher"))]
3622pub struct Aes192CbcEnc {
3623    inner: CBC,
3624}
3625
3626#[cfg(all(aes_cbc, feature = "cipher"))]
3627impl cipher::KeySizeUser for Aes192CbcEnc {
3628    type KeySize = U24;
3629}
3630
3631#[cfg(all(aes_cbc, feature = "cipher"))]
3632impl cipher::BlockSizeUser for Aes192CbcEnc {
3633    type BlockSize = U16;
3634}
3635
3636#[cfg(all(aes_cbc, feature = "cipher"))]
3637impl IvSizeUser for Aes192CbcEnc {
3638    type IvSize = U16;
3639}
3640
3641#[cfg(all(aes_cbc, feature = "cipher"))]
3642impl KeyIvInit for Aes192CbcEnc {
3643    fn new(key: &cipher::Key<Self>, iv: &cipher::Iv<Self>) -> Self {
3644        let mut cbc = CBC::new().expect("wc_AesInit failed");
3645        cbc.init_encrypt(key.as_ref(), iv.as_ref()).expect("wc_AesSetKey failed");
3646        Self { inner: cbc }
3647    }
3648}
3649
3650#[cfg(all(aes_cbc, feature = "cipher"))]
3651struct Aes192CbcEncBackend<'a>(&'a mut Aes192CbcEnc);
3652
3653#[cfg(all(aes_cbc, feature = "cipher"))]
3654impl cipher::BlockSizeUser for Aes192CbcEncBackend<'_> {
3655    type BlockSize = U16;
3656}
3657
3658#[cfg(all(aes_cbc, feature = "cipher"))]
3659impl ParBlocksSizeUser for Aes192CbcEncBackend<'_> {
3660    type ParBlocksSize = cipher::typenum::consts::U1;
3661}
3662
3663#[cfg(all(aes_cbc, feature = "cipher"))]
3664impl BlockModeEncBackend for Aes192CbcEncBackend<'_> {
3665    fn encrypt_block(&mut self, mut block: cipher::InOut<'_, '_, cipher::Block<Self>>) {
3666        let in_block = *block.get_in();
3667        let out = block.get_out();
3668        self.0.inner.encrypt(in_block.as_ref(), out.as_mut()).expect("wc_AesCbcEncrypt failed");
3669    }
3670}
3671
3672#[cfg(all(aes_cbc, feature = "cipher"))]
3673impl BlockModeEncrypt for Aes192CbcEnc {
3674    fn encrypt_with_backend(&mut self, f: impl BlockModeEncClosure<BlockSize = Self::BlockSize>) {
3675        f.call(&mut Aes192CbcEncBackend(self));
3676    }
3677}
3678
3679/// AES-256 CBC block cipher (encryption) implementing [`cipher::BlockModeEncrypt`].
3680#[cfg(all(aes_cbc, feature = "cipher"))]
3681pub struct Aes256CbcEnc {
3682    inner: CBC,
3683}
3684
3685#[cfg(all(aes_cbc, feature = "cipher"))]
3686impl cipher::KeySizeUser for Aes256CbcEnc {
3687    type KeySize = U32;
3688}
3689
3690#[cfg(all(aes_cbc, feature = "cipher"))]
3691impl cipher::BlockSizeUser for Aes256CbcEnc {
3692    type BlockSize = U16;
3693}
3694
3695#[cfg(all(aes_cbc, feature = "cipher"))]
3696impl IvSizeUser for Aes256CbcEnc {
3697    type IvSize = U16;
3698}
3699
3700#[cfg(all(aes_cbc, feature = "cipher"))]
3701impl KeyIvInit for Aes256CbcEnc {
3702    fn new(key: &cipher::Key<Self>, iv: &cipher::Iv<Self>) -> Self {
3703        let mut cbc = CBC::new().expect("wc_AesInit failed");
3704        cbc.init_encrypt(key.as_ref(), iv.as_ref()).expect("wc_AesSetKey failed");
3705        Self { inner: cbc }
3706    }
3707}
3708
3709#[cfg(all(aes_cbc, feature = "cipher"))]
3710struct Aes256CbcEncBackend<'a>(&'a mut Aes256CbcEnc);
3711
3712#[cfg(all(aes_cbc, feature = "cipher"))]
3713impl cipher::BlockSizeUser for Aes256CbcEncBackend<'_> {
3714    type BlockSize = U16;
3715}
3716
3717#[cfg(all(aes_cbc, feature = "cipher"))]
3718impl ParBlocksSizeUser for Aes256CbcEncBackend<'_> {
3719    type ParBlocksSize = cipher::typenum::consts::U1;
3720}
3721
3722#[cfg(all(aes_cbc, feature = "cipher"))]
3723impl BlockModeEncBackend for Aes256CbcEncBackend<'_> {
3724    fn encrypt_block(&mut self, mut block: cipher::InOut<'_, '_, cipher::Block<Self>>) {
3725        let in_block = *block.get_in();
3726        let out = block.get_out();
3727        self.0.inner.encrypt(in_block.as_ref(), out.as_mut()).expect("wc_AesCbcEncrypt failed");
3728    }
3729}
3730
3731#[cfg(all(aes_cbc, feature = "cipher"))]
3732impl BlockModeEncrypt for Aes256CbcEnc {
3733    fn encrypt_with_backend(&mut self, f: impl BlockModeEncClosure<BlockSize = Self::BlockSize>) {
3734        f.call(&mut Aes256CbcEncBackend(self));
3735    }
3736}
3737
3738/// AES-128 CBC block cipher (decryption) implementing [`cipher::BlockModeDecrypt`].
3739///
3740/// wolfCrypt maintains the IV state (last ciphertext block) internally, so
3741/// blocks can be decrypted one at a time and the chaining is preserved.
3742#[cfg(all(aes_cbc, feature = "cipher"))]
3743pub struct Aes128CbcDec {
3744    inner: CBC,
3745}
3746
3747#[cfg(all(aes_cbc, feature = "cipher"))]
3748impl cipher::KeySizeUser for Aes128CbcDec {
3749    type KeySize = U16;
3750}
3751
3752#[cfg(all(aes_cbc, feature = "cipher"))]
3753impl cipher::BlockSizeUser for Aes128CbcDec {
3754    type BlockSize = U16;
3755}
3756
3757#[cfg(all(aes_cbc, feature = "cipher"))]
3758impl IvSizeUser for Aes128CbcDec {
3759    type IvSize = U16;
3760}
3761
3762#[cfg(all(aes_cbc, feature = "cipher"))]
3763impl KeyIvInit for Aes128CbcDec {
3764    fn new(key: &cipher::Key<Self>, iv: &cipher::Iv<Self>) -> Self {
3765        let mut cbc = CBC::new().expect("wc_AesInit failed");
3766        cbc.init_decrypt(key.as_ref(), iv.as_ref()).expect("wc_AesSetKey failed");
3767        Self { inner: cbc }
3768    }
3769}
3770
3771#[cfg(all(aes_cbc, feature = "cipher"))]
3772struct Aes128CbcDecBackend<'a>(&'a mut Aes128CbcDec);
3773
3774#[cfg(all(aes_cbc, feature = "cipher"))]
3775impl cipher::BlockSizeUser for Aes128CbcDecBackend<'_> {
3776    type BlockSize = U16;
3777}
3778
3779#[cfg(all(aes_cbc, feature = "cipher"))]
3780impl ParBlocksSizeUser for Aes128CbcDecBackend<'_> {
3781    type ParBlocksSize = cipher::typenum::consts::U1;
3782}
3783
3784#[cfg(all(aes_cbc, feature = "cipher"))]
3785impl BlockModeDecBackend for Aes128CbcDecBackend<'_> {
3786    fn decrypt_block(&mut self, mut block: cipher::InOut<'_, '_, cipher::Block<Self>>) {
3787        let in_block = *block.get_in();
3788        let out = block.get_out();
3789        self.0.inner.decrypt(in_block.as_ref(), out.as_mut()).expect("wc_AesCbcDecrypt failed");
3790    }
3791}
3792
3793#[cfg(all(aes_cbc, feature = "cipher"))]
3794impl BlockModeDecrypt for Aes128CbcDec {
3795    fn decrypt_with_backend(&mut self, f: impl BlockModeDecClosure<BlockSize = Self::BlockSize>) {
3796        f.call(&mut Aes128CbcDecBackend(self));
3797    }
3798}
3799
3800/// AES-192 CBC block cipher (decryption) implementing [`cipher::BlockModeDecrypt`].
3801#[cfg(all(aes_cbc, feature = "cipher"))]
3802pub struct Aes192CbcDec {
3803    inner: CBC,
3804}
3805
3806#[cfg(all(aes_cbc, feature = "cipher"))]
3807impl cipher::KeySizeUser for Aes192CbcDec {
3808    type KeySize = U24;
3809}
3810
3811#[cfg(all(aes_cbc, feature = "cipher"))]
3812impl cipher::BlockSizeUser for Aes192CbcDec {
3813    type BlockSize = U16;
3814}
3815
3816#[cfg(all(aes_cbc, feature = "cipher"))]
3817impl IvSizeUser for Aes192CbcDec {
3818    type IvSize = U16;
3819}
3820
3821#[cfg(all(aes_cbc, feature = "cipher"))]
3822impl KeyIvInit for Aes192CbcDec {
3823    fn new(key: &cipher::Key<Self>, iv: &cipher::Iv<Self>) -> Self {
3824        let mut cbc = CBC::new().expect("wc_AesInit failed");
3825        cbc.init_decrypt(key.as_ref(), iv.as_ref()).expect("wc_AesSetKey failed");
3826        Self { inner: cbc }
3827    }
3828}
3829
3830#[cfg(all(aes_cbc, feature = "cipher"))]
3831struct Aes192CbcDecBackend<'a>(&'a mut Aes192CbcDec);
3832
3833#[cfg(all(aes_cbc, feature = "cipher"))]
3834impl cipher::BlockSizeUser for Aes192CbcDecBackend<'_> {
3835    type BlockSize = U16;
3836}
3837
3838#[cfg(all(aes_cbc, feature = "cipher"))]
3839impl ParBlocksSizeUser for Aes192CbcDecBackend<'_> {
3840    type ParBlocksSize = cipher::typenum::consts::U1;
3841}
3842
3843#[cfg(all(aes_cbc, feature = "cipher"))]
3844impl BlockModeDecBackend for Aes192CbcDecBackend<'_> {
3845    fn decrypt_block(&mut self, mut block: cipher::InOut<'_, '_, cipher::Block<Self>>) {
3846        let in_block = *block.get_in();
3847        let out = block.get_out();
3848        self.0.inner.decrypt(in_block.as_ref(), out.as_mut()).expect("wc_AesCbcDecrypt failed");
3849    }
3850}
3851
3852#[cfg(all(aes_cbc, feature = "cipher"))]
3853impl BlockModeDecrypt for Aes192CbcDec {
3854    fn decrypt_with_backend(&mut self, f: impl BlockModeDecClosure<BlockSize = Self::BlockSize>) {
3855        f.call(&mut Aes192CbcDecBackend(self));
3856    }
3857}
3858
3859/// AES-256 CBC block cipher (decryption) implementing [`cipher::BlockModeDecrypt`].
3860#[cfg(all(aes_cbc, feature = "cipher"))]
3861pub struct Aes256CbcDec {
3862    inner: CBC,
3863}
3864
3865#[cfg(all(aes_cbc, feature = "cipher"))]
3866impl cipher::KeySizeUser for Aes256CbcDec {
3867    type KeySize = U32;
3868}
3869
3870#[cfg(all(aes_cbc, feature = "cipher"))]
3871impl cipher::BlockSizeUser for Aes256CbcDec {
3872    type BlockSize = U16;
3873}
3874
3875#[cfg(all(aes_cbc, feature = "cipher"))]
3876impl IvSizeUser for Aes256CbcDec {
3877    type IvSize = U16;
3878}
3879
3880#[cfg(all(aes_cbc, feature = "cipher"))]
3881impl KeyIvInit for Aes256CbcDec {
3882    fn new(key: &cipher::Key<Self>, iv: &cipher::Iv<Self>) -> Self {
3883        let mut cbc = CBC::new().expect("wc_AesInit failed");
3884        cbc.init_decrypt(key.as_ref(), iv.as_ref()).expect("wc_AesSetKey failed");
3885        Self { inner: cbc }
3886    }
3887}
3888
3889#[cfg(all(aes_cbc, feature = "cipher"))]
3890struct Aes256CbcDecBackend<'a>(&'a mut Aes256CbcDec);
3891
3892#[cfg(all(aes_cbc, feature = "cipher"))]
3893impl cipher::BlockSizeUser for Aes256CbcDecBackend<'_> {
3894    type BlockSize = U16;
3895}
3896
3897#[cfg(all(aes_cbc, feature = "cipher"))]
3898impl ParBlocksSizeUser for Aes256CbcDecBackend<'_> {
3899    type ParBlocksSize = cipher::typenum::consts::U1;
3900}
3901
3902#[cfg(all(aes_cbc, feature = "cipher"))]
3903impl BlockModeDecBackend for Aes256CbcDecBackend<'_> {
3904    fn decrypt_block(&mut self, mut block: cipher::InOut<'_, '_, cipher::Block<Self>>) {
3905        let in_block = *block.get_in();
3906        let out = block.get_out();
3907        self.0.inner.decrypt(in_block.as_ref(), out.as_mut()).expect("wc_AesCbcDecrypt failed");
3908    }
3909}
3910
3911#[cfg(all(aes_cbc, feature = "cipher"))]
3912impl BlockModeDecrypt for Aes256CbcDec {
3913    fn decrypt_with_backend(&mut self, f: impl BlockModeDecClosure<BlockSize = Self::BlockSize>) {
3914        f.call(&mut Aes256CbcDecBackend(self));
3915    }
3916}
3917
3918fn new_ws_aes(heap: Option<*mut core::ffi::c_void>, dev_id: Option<i32>) -> Result<sys::Aes, i32> {
3919    let heap = match heap {
3920        Some(heap) => heap,
3921        None => core::ptr::null_mut(),
3922    };
3923    let dev_id = match dev_id {
3924        Some(dev_id) => dev_id,
3925        None => sys::INVALID_DEVID,
3926    };
3927    let mut ws_aes: MaybeUninit<sys::Aes> = MaybeUninit::uninit();
3928    let rc = unsafe {
3929        sys::wc_AesInit(ws_aes.as_mut_ptr(), heap, dev_id)
3930    };
3931    if rc != 0 {
3932        return Err(rc);
3933    }
3934    let ws_aes = unsafe { ws_aes.assume_init() };
3935    Ok(ws_aes)
3936}
3937
3938#[cfg(any(aes_xts, aes_xts_stream))]
3939fn new_ws_xtsaes(heap: Option<*mut core::ffi::c_void>, dev_id: Option<i32>) -> Result<sys::XtsAes, i32> {
3940    let heap = match heap {
3941        Some(heap) => heap,
3942        None => core::ptr::null_mut(),
3943    };
3944    let dev_id = match dev_id {
3945        Some(dev_id) => dev_id,
3946        None => sys::INVALID_DEVID,
3947    };
3948    let mut ws_xtsaes: MaybeUninit<sys::XtsAes> = MaybeUninit::uninit();
3949    let rc = unsafe {
3950        sys::wc_AesXtsInit(ws_xtsaes.as_mut_ptr(), heap, dev_id)
3951    };
3952    if rc != 0 {
3953        return Err(rc);
3954    }
3955    let ws_xtsaes = unsafe { ws_xtsaes.assume_init() };
3956    Ok(ws_xtsaes)
3957}