@@ -1733,5 +1733,244 @@ WOLFSSL_API int wc_AesEaxDecryptFinal(AesEax* eax,
17331733*/
17341734WOLFSSL_API int wc_AesEaxFree (AesEax * eax );
17351735
1736+ /*!
1737+ \ingroup AES
1738+ \brief This function performs AES encryption using Ciphertext Stealing (CTS)
1739+ mode. It is a one-shot API that handles all operations in a single call.
1740+
1741+ \return 0 on successful encryption.
1742+ \return BAD_FUNC_ARG if input arguments are invalid.
1743+ \return other negative error codes for encryption failures.
1744+
1745+ \param key pointer to the AES key used for encryption.
1746+ \param keySz size of the AES key in bytes (16, 24, or 32 bytes).
1747+ \param[out] out buffer to hold the encrypted ciphertext. Must be at least
1748+ the size of the input.
1749+ \param in pointer to the plaintext input data to encrypt.
1750+ \param inSz size of the plaintext input data in bytes.
1751+ \param iv pointer to the initialization vector (IV) used for encryption.
1752+ Must be 16 bytes.
1753+
1754+ _Example_
1755+ \code
1756+ byte key[16] = { 0 };
1757+ byte iv[16] = { 0 };
1758+ byte plaintext[] = { 0x01, 0x02, 0x03, 0x04, 0x05 };
1759+ byte ciphertext[sizeof(plaintext)];
1760+
1761+ int ret = wc_AesCtsEncrypt(key, sizeof(key), ciphertext, plaintext,
1762+ sizeof(plaintext), iv);
1763+ if (ret != 0) {
1764+ // handle encryption error
1765+ }
1766+ \endcode
17361767
1768+ \sa wc_AesCtsDecrypt
1769+ */
1770+ int wc_AesCtsEncrypt (const byte * key , word32 keySz , byte * out ,
1771+ const byte * in , word32 inSz ,
1772+ const byte * iv );
17371773
1774+ /*!
1775+ \ingroup AES
1776+ \brief This function performs AES encryption using Ciphertext Stealing (CTS)
1777+ mode. It is a one-shot API that handles all operations in a single call.
1778+
1779+ \return 0 on successful encryption.
1780+ \return BAD_FUNC_ARG if input arguments are invalid.
1781+ \return other negative error codes for encryption failures.
1782+
1783+ \param key pointer to the AES key used for encryption.
1784+ \param keySz size of the AES key in bytes (16, 24, or 32 bytes).
1785+ \param[out] out buffer to hold the encrypted ciphertext. Must be at least
1786+ the same size as the input plaintext.
1787+ \param in pointer to the plaintext input data to encrypt.
1788+ \param inSz size of the plaintext input data in bytes.
1789+ \param iv pointer to the initialization vector (IV) used for encryption.
1790+ Must be 16 bytes.
1791+ _Example_
1792+ \code
1793+ byte key[16] = { 0 };
1794+ byte iv[16] = { 0 };
1795+ byte plaintext[] = { 0x01, 0x02, 0x03, 0x04, 0x05 };
1796+ byte ciphertext[sizeof(plaintext)];
1797+ int ret = wc_AesCtsEncrypt(key, sizeof(key), ciphertext, plaintext,
1798+ sizeof(plaintext), iv);
1799+ if (ret != 0) {
1800+ // handle encryption error
1801+ }
1802+ \endcode
1803+ \sa wc_AesCtsDecrypt
1804+ */
1805+ int wc_AesCtsEncrypt (const byte * key , word32 keySz , byte * out ,
1806+ const byte * in , word32 inSz ,
1807+ const byte * iv );
1808+
1809+ /*!
1810+ \ingroup AES
1811+ \brief This function performs AES decryption using Ciphertext Stealing (CTS) mode.
1812+ It is a one-shot API that handles all operations in a single call.
1813+ \return 0 on successful decryption.
1814+ \return BAD_FUNC_ARG if input arguments are invalid.
1815+ \return other negative error codes for decryption failures.
1816+ \param key pointer to the AES key used for decryption.
1817+ \param keySz size of the AES key in bytes (16, 24, or 32 bytes).
1818+ \param[out] out buffer to hold the decrypted plaintext. Must be at least
1819+ the same size as the input ciphertext.
1820+ \param in pointer to the ciphertext input data to decrypt.
1821+ \param inSz size of the ciphertext input data in bytes.
1822+ \param iv pointer to the initialization vector (IV) used for decryption.
1823+ Must be 16 bytes.
1824+ _Example_
1825+ \code
1826+ byte key[16] = { 0 };
1827+ byte iv[16] = { 0 };
1828+ byte ciphertext[] = { 0x01, 0x02, 0x03, 0x04, 0x05 };
1829+ byte plaintext[sizeof(ciphertext)];
1830+ int ret = wc_AesCtsDecrypt(key, sizeof(key), plaintext, ciphertext,
1831+ sizeof(ciphertext), iv);
1832+ if (ret != 0) {
1833+ // handle decryption error
1834+ }
1835+ \endcode
1836+ \sa wc_AesCtsEncrypt
1837+ */
1838+ int wc_AesCtsDecrypt (const byte * key , word32 keySz , byte * out ,
1839+ const byte * in , word32 inSz ,
1840+ const byte * iv );
1841+
1842+ /*!
1843+ \ingroup AES
1844+ \brief This function performs an update step of the AES CTS encryption.
1845+ It processes a chunk of plaintext and stores intermediate data.
1846+ \return 0 on successful processing.
1847+ \return BAD_FUNC_ARG if input arguments are invalid.
1848+ \param aes pointer to the Aes structure holding the context of the operation.
1849+ \param[out] out buffer to hold the encrypted ciphertext. Must be large enough
1850+ to store the output from this update step.
1851+ \param[out] outSz size in bytes of the output data written to the \c out buffer.
1852+ On input, it should contain the maximum number of bytes that can
1853+ be written to the \c out buffer.
1854+ \param in pointer to the plaintext input data to encrypt.
1855+ \param inSz size of the plaintext input data in bytes.
1856+ _Example_
1857+ \code
1858+ Aes aes;
1859+ wc_AesInit(&aes, NULL, INVALID_DEVID);
1860+ byte key[16] = { 0 };
1861+ byte iv[16] = { 0 };
1862+ byte plaintext[] = { ... };
1863+ byte ciphertext[sizeof(plaintext)];
1864+ word32 outSz = sizeof(ciphertext);
1865+ wc_AesSetKey(&aes, key, sizeof(key), iv, AES_ENCRYPTION);
1866+ int ret = wc_AesCtsEncryptUpdate(&aes, ciphertext, &outSz, plaintext, sizeof(plaintext));
1867+ if (ret != 0) {
1868+ // handle error
1869+ }
1870+ wc_AesFree(&aes);
1871+ \endcode
1872+ \sa wc_AesCtsDecryptUpdate
1873+ */
1874+ int wc_AesCtsEncryptUpdate (Aes * aes , byte * out , word32 * outSz ,
1875+ const byte * in , word32 inSz );
1876+
1877+ /*!
1878+ \ingroup AES
1879+ \brief This function finalizes the AES CTS encryption operation.
1880+ It processes any remaining plaintext and completes the encryption.
1881+ \return 0 on successful encryption completion.
1882+ \return BAD_FUNC_ARG if input arguments are invalid.
1883+ \param aes pointer to the Aes structure holding the context of the operation.
1884+ \param[out] out buffer to hold the final encrypted ciphertext. Must be large
1885+ enough to store any remaining ciphertext from this final step.
1886+ \param[out] outSz size in bytes of the output data written to the \c out buffer.
1887+ On input, it should contain the maximum number of bytes that can
1888+ be written to the \c out buffer.
1889+ _Example_
1890+ \code
1891+ Aes aes;
1892+ wc_AesInit(&aes, NULL, INVALID_DEVID);
1893+ byte key[16] = { 0 };
1894+ byte iv[16] = { 0 };
1895+ byte plaintext[] = { ... };
1896+ byte ciphertext[sizeof(plaintext)];
1897+ word32 outSz = sizeof(ciphertext);
1898+ wc_AesSetKey(&aes, key, sizeof(key), iv, AES_ENCRYPTION);
1899+ // Perform any required update steps using wc_AesCtsEncryptUpdate
1900+ int ret = wc_AesCtsEncryptFinal(&aes, ciphertext, &outSz);
1901+ if (ret != 0) {
1902+ // handle error
1903+ }
1904+ wc_AesFree(&aes);
1905+ \endcode
1906+ \sa wc_AesCtsDecryptFinal
1907+ */
1908+ int wc_AesCtsEncryptFinal (Aes * aes , byte * out , word32 * outSz );
1909+
1910+ /*!
1911+ \ingroup AES
1912+ \brief This function performs an update step of the AES CTS decryption.
1913+ It processes a chunk of ciphertext and stores intermediate data.
1914+ \return 0 on successful processing.
1915+ \return BAD_FUNC_ARG if input arguments are invalid.
1916+ \param aes pointer to the Aes structure holding the context of the operation.
1917+ \param[out] out buffer to hold the decrypted plaintext. Must be large enough
1918+ to store the output from this update step.
1919+ \param[out] outSz size in bytes of the output data written to the \c out buffer.
1920+ On input, it should contain the maximum number of bytes that can
1921+ be written to the \c out buffer.
1922+ \param in pointer to the ciphertext input data to decrypt.
1923+ \param inSz size of the ciphertext input data in bytes.
1924+ _Example_
1925+ \code
1926+ Aes aes;
1927+ wc_AesInit(&aes, NULL, INVALID_DEVID);
1928+ byte key[16] = { 0 };
1929+ byte iv[16] = { 0 };
1930+ byte ciphertext[] = { ... };
1931+ byte plaintext[sizeof(ciphertext)];
1932+ word32 outSz = sizeof(plaintext);
1933+ wc_AesSetKey(&aes, key, sizeof(key), iv, AES_DECRYPTION);
1934+ int ret = wc_AesCtsDecryptUpdate(&aes, plaintext, &outSz, ciphertext, sizeof(ciphertext));
1935+ if (ret != 0) {
1936+ // handle error
1937+ }
1938+ wc_AesFree(&aes);
1939+ \endcode
1940+ \sa wc_AesCtsEncryptUpdate
1941+ */
1942+ int wc_AesCtsDecryptUpdate (Aes * aes , byte * out , word32 * outSz ,
1943+ const byte * in , word32 inSz );
1944+
1945+ /*!
1946+ \ingroup AES
1947+ \brief This function finalizes the AES CTS decryption operation.
1948+ It processes any remaining ciphertext and completes the decryption.
1949+ \return 0 on successful decryption completion.
1950+ \return BAD_FUNC_ARG if input arguments are invalid.
1951+ \param aes pointer to the Aes structure holding the context of the operation.
1952+ \param[out] out buffer to hold the final decrypted plaintext. Must be large
1953+ enough to store any remaining plaintext from this final step.
1954+ \param[out] outSz size in bytes of the output data written to the \c out buffer.
1955+ On input, it should contain the maximum number of bytes that can
1956+ be written to the \c out buffer.
1957+ _Example_
1958+ \code
1959+ Aes aes;
1960+ wc_AesInit(&aes, NULL, INVALID_DEVID);
1961+ byte key[16] = { 0 };
1962+ byte iv[16] = { 0 };
1963+ byte ciphertext[] = { ... };
1964+ byte plaintext[sizeof(ciphertext)];
1965+ word32 outSz = sizeof(plaintext);
1966+ wc_AesSetKey(&aes, key, sizeof(key), iv, AES_DECRYPTION);
1967+ // Perform any required update steps using wc_AesCtsDecryptUpdate
1968+ int ret = wc_AesCtsDecryptFinal(&aes, plaintext, &outSz);
1969+ if (ret != 0) {
1970+ // handle error
1971+ }
1972+ wc_AesFree(&aes);
1973+ \endcode
1974+ \sa wc_AesCtsEncryptFinal
1975+ */
1976+ int wc_AesCtsDecryptFinal (Aes * aes , byte * out , word32 * outSz );
0 commit comments