Module aes 

AES (Rijndael, 128-bit block) — AES-128, AES-192, AES-256.

Implemented from FIPS PUB 197 (2001), the complete Rijndael specification for a 128-bit block width with 10, 12, or 14 rounds depending on key length.

Default path — fast software T-tables

The active encrypt/decrypt path uses the classic T-table software design: each middle round folds SubBytes, ShiftRows, MixColumns, and AddRoundKey into four 256-entry u32 lookup tables computed at compile time from the FIPS 197 S-boxes.

This software path is intentionally optimized for throughput, not constant-time behavior. Use Aes128Ct, Aes192Ct, or Aes256Ct for the software-only Boyar-Peralta path when constant-time behavior matters. Hardware AES (for example AES-NI or ARMv8 Crypto Extensions) is still the preferred option when it is available.

Tests

All vectors are from NIST CAVP KAT_AES.zip (CAVS 11.1, 2011-04-22), downloaded directly from csrc.nist.gov.

Structs

Aes128

AES-128 cipher: 128-bit key, 10 rounds.

Aes192

AES-192 cipher: 192-bit key, 12 rounds.

Aes256

AES-256 cipher: 256-bit key, 14 rounds.

Aes128Ct

AES-128 constant-time software path.

Aes192Ct

AES-192 constant-time software path.

Aes256Ct

AES-256 constant-time software path.