diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..801571b
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,7 @@
+aes/
+gf256mul/
+memxor/
+bcal/
+*.swp
+*.o
+.DS_Store
diff --git a/aes.h b/aes.h
new file mode 100644
index 0000000..8e651f4
--- /dev/null
+++ b/aes.h
@@ -0,0 +1,43 @@
+/* aes.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+*/
+/**
+ * \file aes.h
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2008-12-30
+ * \license GPLv3 or later
+ *
+ */
+#ifndef AES_H_
+#define AES_H_
+
+#include
+
+#include "aes_types.h"
+#include "aes128_enc.h"
+#include "aes192_enc.h"
+#include "aes256_enc.h"
+#include "aes128_dec.h"
+#include "aes192_dec.h"
+#include "aes256_dec.h"
+#include "aes_enc.h"
+#include "aes_dec.h"
+#include "aes_keyschedule.h"
+
+#endif
diff --git a/aes128_dec.h b/aes128_dec.h
new file mode 100644
index 0000000..b5df9df
--- /dev/null
+++ b/aes128_dec.h
@@ -0,0 +1,46 @@
+/* aes128_dec.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+*/
+/**
+ * \file aes128_dec.h
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2008-12-30
+ * \license GPLv3 or later
+ * \ingroup AES
+ */
+
+#ifndef AES128_DEC_H_
+#define AES128_DEC_H_
+
+#include "aes_types.h"
+#include "aes_dec.h"
+
+/**
+ * \brief decrypt with 128 bit key.
+ *
+ * This function decrypts one block with the AES algorithm under control of
+ * a keyschedule produced from a 128 bit key.
+ * \param buffer pointer to the block to decrypt
+ * \param ctx pointer to the key schedule
+ */
+void aes128_dec(void* buffer, aes128_ctx_t* ctx);
+
+
+
+#endif /* AES128_DEC_H_ */
diff --git a/aes128_enc.h b/aes128_enc.h
new file mode 100644
index 0000000..98a8cc2
--- /dev/null
+++ b/aes128_enc.h
@@ -0,0 +1,47 @@
+/* aes128_enc.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+*/
+/**
+ * \file aes128_enc.h
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2008-12-30
+ * \license GPLv3 or later
+ * \ingroup AES
+ */
+
+#ifndef AES128_ENC_H_
+#define AES128_ENC_H_
+
+#include "aes_types.h"
+#include "aes_enc.h"
+
+
+/**
+ * \brief encrypt with 128 bit key.
+ *
+ * This function encrypts one block with the AES algorithm under control of
+ * a keyschedule produced from a 128 bit key.
+ * \param buffer pointer to the block to encrypt
+ * \param ctx pointer to the key schedule
+ */
+void aes128_enc(void* buffer, aes128_ctx_t* ctx);
+
+
+
+#endif /* AES128_ENC_H_ */
diff --git a/aes192_dec.h b/aes192_dec.h
new file mode 100644
index 0000000..577ab44
--- /dev/null
+++ b/aes192_dec.h
@@ -0,0 +1,46 @@
+/* aes192_dec.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+*/
+/**
+ * \file aes192_dec.h
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2008-12-31
+ * \license GPLv3 or later
+ * \ingroup AES
+ */
+
+#ifndef AES192_DEC_H_
+#define AES192_DEC_H_
+
+#include "aes_types.h"
+#include "aes_dec.h"
+
+/**
+ * \brief decrypt with 192 bit key.
+ *
+ * This function decrypts one block with the AES algorithm under control of
+ * a keyschedule produced from a 192 bit key.
+ * \param buffer pointer to the block to decrypt
+ * \param ctx pointer to the key schedule
+ */
+void aes192_dec(void* buffer, aes192_ctx_t* ctx);
+
+
+
+#endif /* AES192_DEC_H_ */
diff --git a/aes192_enc.h b/aes192_enc.h
new file mode 100644
index 0000000..1c39aa0
--- /dev/null
+++ b/aes192_enc.h
@@ -0,0 +1,47 @@
+/* aes192_enc.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+*/
+/**
+ * \file aes192_enc.h
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2008-12-31
+ * \license GPLv3 or later
+ * \ingroup AES
+ */
+
+#ifndef AES192_ENC_H_
+#define AES192_ENC_H_
+
+#include "aes_types.h"
+#include "aes_enc.h"
+
+
+/**
+ * \brief encrypt with 192 bit key.
+ *
+ * This function encrypts one block with the AES algorithm under control of
+ * a keyschedule produced from a 192 bit key.
+ * \param buffer pointer to the block to encrypt
+ * \param ctx pointer to the key schedule
+ */
+void aes192_enc(void* buffer, aes192_ctx_t* ctx);
+
+
+
+#endif /* AES192_ENC_H_ */
diff --git a/aes256_dec.h b/aes256_dec.h
new file mode 100644
index 0000000..14b8a0a
--- /dev/null
+++ b/aes256_dec.h
@@ -0,0 +1,46 @@
+/* aes256_dec.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+*/
+/**
+ * \file aes256_dec.h
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2008-12-31
+ * \license GPLv3 or later
+ * \ingroup AES
+ */
+
+#ifndef AES256_DEC_H_
+#define AES256_DEC_H_
+
+#include "aes_types.h"
+#include "aes_dec.h"
+
+/**
+ * \brief decrypt with 256 bit key.
+ *
+ * This function decrypts one block with the AES algorithm under control of
+ * a keyschedule produced from a 256 bit key.
+ * \param buffer pointer to the block to decrypt
+ * \param ctx pointer to the key schedule
+ */
+void aes256_dec(void* buffer, aes256_ctx_t* ctx);
+
+
+
+#endif /* AES256_DEC_H_ */
diff --git a/aes256_enc.h b/aes256_enc.h
new file mode 100644
index 0000000..a890cd3
--- /dev/null
+++ b/aes256_enc.h
@@ -0,0 +1,47 @@
+/* aes256_enc.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+*/
+/**
+ * \file aes256_enc.h
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2008-12-31
+ * \license GPLv3 or later
+ * \ingroup AES
+ */
+
+#ifndef AES256_ENC_H_
+#define AES256_ENC_H_
+
+#include "aes_types.h"
+#include "aes_enc.h"
+
+
+/**
+ * \brief encrypt with 256 bit key.
+ *
+ * This function encrypts one block with the AES algorithm under control of
+ * a keyschedule produced from a 256 bit key.
+ * \param buffer pointer to the block to encrypt
+ * \param ctx pointer to the key schedule
+ */
+void aes256_enc(void* buffer, aes256_ctx_t* ctx);
+
+
+
+#endif /* AES256_ENC_H_ */
diff --git a/aes_dec-asm_faster.S b/aes_dec-asm_faster.S
new file mode 100644
index 0000000..e743678
--- /dev/null
+++ b/aes_dec-asm_faster.S
@@ -0,0 +1,457 @@
+/* aes_dec-asm.S */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008, 2009 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+*/
+/**
+ * \file aes_dec-asm.S
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2009-01-10
+ * \license GPLv3 or later
+ *
+ */
+
+#include "avr-asm-macros.S"
+A = 28
+B = 29
+P = 0
+xREDUCER = 25
+
+.global aes256_dec
+aes256_dec:
+ ldi r20, 14
+ rjmp aes_decrypt_core
+
+.global aes192_dec
+aes192_dec:
+ ldi r20, 12
+ rjmp aes_decrypt_core
+
+.global aes128_dec
+aes128_dec:
+ ldi r20, 10
+
+
+/*
+ void aes_decrypt_core(aes_cipher_state_t* state, const aes_genctx_t* ks, uint8_t rounds)
+*/
+T0= 2
+T1= 3
+T2= 4
+T3= 5
+T4 = 6
+T5 = 7
+ST00 = 8
+ST01 = 9
+ST02 = 10
+ST03 = 11
+ST10 = 12
+ST11 = 13
+ST12 = 14
+ST13 = 15
+ST20 = 16
+ST21 = 17
+ST22 = 18
+ST23 = 19
+ST30 = 20
+ST31 = 21
+ST32 = 22
+ST33 = 23
+CTR = 24
+/*
+ * param state: r24:r25
+ * param ks: r22:r23
+ * param rounds: r20
+ */
+.global aes_decrypt_core
+aes_decrypt_core:
+ push_range 2, 17
+ push r28
+ push r29
+ push r24
+ push r25
+ movw r26, r22
+ movw r30, r24
+ mov CTR, r20
+ inc r20
+ swap r20 /* r20*16 */
+ add r26, r20
+ adc r27, r1
+ clt
+ .irp param, ST00, ST01, ST02, ST03, ST10, ST11, ST12, ST13, ST20, ST21, ST22, ST23, ST30, ST31, ST32, ST33
+ ld \param, Z+
+ .endr
+
+ ldi xREDUCER, 0x1b /* load reducer */
+
+
+ .irp param, ST33, ST32, ST31, ST30, ST23, ST22, ST21, ST20, ST13, ST12, ST11, ST10, ST03, ST02, ST01, ST00
+ ld r0, -X
+ eor \param, r0
+ .endr
+1:
+ dec CTR
+ brne 2f
+ set
+2:
+ ldi r31, hi8(aes_invsbox)
+ /* substitute and invShift */
+ .irp param, ST00, ST10, ST20, ST30
+ mov r30, \param
+ lpm \param, Z
+ .endr
+ mov r30, ST31
+ lpm T0, Z
+ mov r30, ST21
+ lpm ST31, Z
+ mov r30, ST11
+ lpm ST21, Z
+ mov r30, ST01
+ lpm ST11, Z
+ mov ST01, T0
+
+ mov r30, ST32
+ lpm T0, Z
+ mov r30, ST22
+ lpm T1,Z
+ mov r30, ST12
+ lpm ST32, Z
+ mov r30, ST02
+ lpm ST22, Z
+ mov ST12, T0
+ mov ST02, T1
+
+ mov r30, ST03
+ lpm T0, Z
+ mov r30, ST13
+ lpm ST03, Z
+ mov r30, ST23
+ lpm ST13, Z
+ mov r30, ST33
+ lpm ST23, Z
+ mov ST33, T0
+
+ /* key addition */
+ .irp param, ST33, ST32, ST31, ST30, ST23, ST22, ST21, ST20, ST13, ST12, ST11, ST10, ST03, ST02, ST01, ST00
+ ld r0, -X
+ eor \param, r0
+ .endr
+ brtc 2f
+exit:
+ pop r31
+ pop r30
+ st Z+, ST00
+ st Z+, ST01
+ st Z+, ST02
+ st Z+, ST03
+ st Z+, ST10
+ st Z+, ST11
+ st Z+, ST12
+ st Z+, ST13
+ st Z+, ST20
+ st Z+, ST21
+ st Z+, ST22
+ st Z+, ST23
+ st Z+, ST30
+ st Z+, ST31
+ st Z+, ST32
+ st Z+, ST33
+ pop r29
+ pop r28
+ pop_range 2, 17
+ ret
+2:
+ /* inv column (row) mixing*/
+ /* invMixCol (Row) 1 */
+ /* preparing */
+ ldi r31, hi8(lut_gf256mul_0x09)
+ mov T0, ST03
+ eor T0, ST02 ; T0 = t
+ mov T1, ST00
+ eor T1, ST01 ; T1 = u
+ mov r30, T0
+ eor r30, T1
+ lpm T2, Z ; T2 = v'
+
+ ldi r31, hi8(lut_gf256mul_0x04)
+ mov r30, ST02
+ eor r30, ST00
+ lpm T3, Z
+ eor T3, T2; T3 = w
+
+ mov r30, ST03
+ eor r30, ST01
+ lpm P, Z ; T2 = v
+ eor T2, P
+
+ /* now the big move */
+ mov T4, ST00
+ eor T4, ST03
+ lsl T4
+ brcc 3f
+ eor T4, xREDUCER
+3: eor T4, T2
+ eor ST03, T4
+
+ mov T4, ST02
+ eor T4, ST01
+ lsl T4
+ brcc 3f
+ eor T4, xREDUCER
+3: eor T4, T2
+ eor ST01, T4
+
+ lsl T0
+ brcc 3f
+ eor T0, xREDUCER
+3: eor T0, T3
+ eor ST02, T0
+
+ lsl T1
+ brcc 3f
+ eor T1, xREDUCER
+3: eor T1, T3
+ eor ST00, T1
+
+ /* invMixCol (Row) 2 */
+ /* preparing */
+ ldi r31, hi8(lut_gf256mul_0x09)
+ mov T0, ST13
+ eor T0, ST12 ; T0 = t
+ mov T1, ST10
+ eor T1, ST11 ; T1 = u
+ mov r30, T0
+ eor r30, T1
+
+ lpm T2, Z ; T2 = v'
+
+ ldi r31, hi8(lut_gf256mul_0x04)
+ mov r30, ST12
+ eor r30, ST10
+ lpm T3, Z
+ eor T3, T2; T3 = w
+
+ mov r30, ST13
+ eor r30, ST11
+ lpm P, Z
+ eor T2, P ; T2 = v
+
+ /* now the big move */
+ mov T4, ST10
+ eor T4, ST13
+ lsl T4
+ brcc 3f
+ eor T4, xREDUCER
+3: eor T4, T2
+ eor ST13, T4
+
+ mov T4, ST12
+ eor T4, ST11
+ lsl T4
+ brcc 3f
+ eor T4, xREDUCER
+3: eor T4, T2
+ eor ST11, T4
+
+ lsl T0
+ brcc 3f
+ eor T0, xREDUCER
+3: eor T0, T3
+ eor ST12, T0
+
+ lsl T1
+ brcc 3f
+ eor T1, xREDUCER
+3: eor T1, T3
+ eor ST10, T1
+
+ /* invMixCol (Row) 2 */
+ /* preparing */
+ ldi r31, hi8(lut_gf256mul_0x09)
+ mov T0, ST23
+ eor T0, ST22 ; T0 = t
+ mov T1, ST20
+ eor T1, ST21 ; T1 = u
+ mov r30, T0
+ eor r30, T1
+
+ lpm T2, Z ; T2 = v'
+
+ ldi r31, hi8(lut_gf256mul_0x04)
+ mov r30, ST22
+ eor r30, ST20
+ lpm T3, Z
+ eor T3, T2; T3 = w
+
+ mov r30, ST23
+ eor r30, ST21
+ lpm P, Z
+ eor T2, P ; T2 = v
+
+ /* now the big move */
+ mov T4, ST20
+ eor T4, ST23
+ lsl T4
+ brcc 3f
+ eor T4, xREDUCER
+3: eor T4, T2
+ eor ST23, T4
+
+ mov T4, ST22
+ eor T4, ST21
+ lsl T4
+ brcc 3f
+ eor T4, xREDUCER
+3: eor T4, T2
+ eor ST21, T4
+
+ lsl T0
+ brcc 3f
+ eor T0, xREDUCER
+3: eor T0, T3
+ eor ST22, T0
+
+ lsl T1
+ brcc 3f
+ eor T1, xREDUCER
+3: eor T1, T3
+ eor ST20, T1
+
+ /* invMixCol (Row) 3 */
+ /* preparing */
+ ldi r31, hi8(lut_gf256mul_0x09)
+ mov T0, ST33
+ eor T0, ST32 ; T0 = t
+ mov T1, ST30
+ eor T1, ST31 ; T1 = u
+ mov r30, T0
+ eor r30, T1
+
+ lpm T2, Z ; T2 = v'
+
+ ldi r31, hi8(lut_gf256mul_0x04)
+ mov r30, ST32
+ eor r30, ST30
+ lpm T3, Z
+ eor T3, T2; T3 = w
+
+ mov r30, ST33
+ eor r30, ST31
+ lpm P, Z
+ eor T2, P ; T2 = v
+
+ /* now the big move */
+ mov T4, ST30
+ eor T4, ST33
+ lsl T4
+ brcc 3f
+ eor T4, xREDUCER
+3: eor T4, T2
+ eor ST33, T4
+
+ mov T4, ST32
+ eor T4, ST31
+ lsl T4
+ brcc 3f
+ eor T4, xREDUCER
+3: eor T4, T2
+ eor ST31, T4
+
+ lsl T0
+ brcc 3f
+ eor T0, xREDUCER
+3: eor T0, T3
+ eor ST32, T0
+
+ lsl T1
+ brcc 3f
+ eor T1, xREDUCER
+3: eor T1, T3
+ eor ST30, T1
+
+ rjmp 1b
+
+.balign 256
+
+lut_gf256mul_0x09:
+.byte 0x00, 0x09, 0x12, 0x1B, 0x24, 0x2D, 0x36, 0x3F
+.byte 0x48, 0x41, 0x5A, 0x53, 0x6C, 0x65, 0x7E, 0x77
+.byte 0x90, 0x99, 0x82, 0x8B, 0xB4, 0xBD, 0xA6, 0xAF
+.byte 0xD8, 0xD1, 0xCA, 0xC3, 0xFC, 0xF5, 0xEE, 0xE7
+.byte 0x3B, 0x32, 0x29, 0x20, 0x1F, 0x16, 0x0D, 0x04
+.byte 0x73, 0x7A, 0x61, 0x68, 0x57, 0x5E, 0x45, 0x4C
+.byte 0xAB, 0xA2, 0xB9, 0xB0, 0x8F, 0x86, 0x9D, 0x94
+.byte 0xE3, 0xEA, 0xF1, 0xF8, 0xC7, 0xCE, 0xD5, 0xDC
+.byte 0x76, 0x7F, 0x64, 0x6D, 0x52, 0x5B, 0x40, 0x49
+.byte 0x3E, 0x37, 0x2C, 0x25, 0x1A, 0x13, 0x08, 0x01
+.byte 0xE6, 0xEF, 0xF4, 0xFD, 0xC2, 0xCB, 0xD0, 0xD9
+.byte 0xAE, 0xA7, 0xBC, 0xB5, 0x8A, 0x83, 0x98, 0x91
+.byte 0x4D, 0x44, 0x5F, 0x56, 0x69, 0x60, 0x7B, 0x72
+.byte 0x05, 0x0C, 0x17, 0x1E, 0x21, 0x28, 0x33, 0x3A
+.byte 0xDD, 0xD4, 0xCF, 0xC6, 0xF9, 0xF0, 0xEB, 0xE2
+.byte 0x95, 0x9C, 0x87, 0x8E, 0xB1, 0xB8, 0xA3, 0xAA
+.byte 0xEC, 0xE5, 0xFE, 0xF7, 0xC8, 0xC1, 0xDA, 0xD3
+.byte 0xA4, 0xAD, 0xB6, 0xBF, 0x80, 0x89, 0x92, 0x9B
+.byte 0x7C, 0x75, 0x6E, 0x67, 0x58, 0x51, 0x4A, 0x43
+.byte 0x34, 0x3D, 0x26, 0x2F, 0x10, 0x19, 0x02, 0x0B
+.byte 0xD7, 0xDE, 0xC5, 0xCC, 0xF3, 0xFA, 0xE1, 0xE8
+.byte 0x9F, 0x96, 0x8D, 0x84, 0xBB, 0xB2, 0xA9, 0xA0
+.byte 0x47, 0x4E, 0x55, 0x5C, 0x63, 0x6A, 0x71, 0x78
+.byte 0x0F, 0x06, 0x1D, 0x14, 0x2B, 0x22, 0x39, 0x30
+.byte 0x9A, 0x93, 0x88, 0x81, 0xBE, 0xB7, 0xAC, 0xA5
+.byte 0xD2, 0xDB, 0xC0, 0xC9, 0xF6, 0xFF, 0xE4, 0xED
+.byte 0x0A, 0x03, 0x18, 0x11, 0x2E, 0x27, 0x3C, 0x35
+.byte 0x42, 0x4B, 0x50, 0x59, 0x66, 0x6F, 0x74, 0x7D
+.byte 0xA1, 0xA8, 0xB3, 0xBA, 0x85, 0x8C, 0x97, 0x9E
+.byte 0xE9, 0xE0, 0xFB, 0xF2, 0xCD, 0xC4, 0xDF, 0xD6
+.byte 0x31, 0x38, 0x23, 0x2A, 0x15, 0x1C, 0x07, 0x0E
+.byte 0x79, 0x70, 0x6B, 0x62, 0x5D, 0x54, 0x4F, 0x46
+
+lut_gf256mul_0x04:
+.byte 0x00, 0x04, 0x08, 0x0C, 0x10, 0x14, 0x18, 0x1C
+.byte 0x20, 0x24, 0x28, 0x2C, 0x30, 0x34, 0x38, 0x3C
+.byte 0x40, 0x44, 0x48, 0x4C, 0x50, 0x54, 0x58, 0x5C
+.byte 0x60, 0x64, 0x68, 0x6C, 0x70, 0x74, 0x78, 0x7C
+.byte 0x80, 0x84, 0x88, 0x8C, 0x90, 0x94, 0x98, 0x9C
+.byte 0xA0, 0xA4, 0xA8, 0xAC, 0xB0, 0xB4, 0xB8, 0xBC
+.byte 0xC0, 0xC4, 0xC8, 0xCC, 0xD0, 0xD4, 0xD8, 0xDC
+.byte 0xE0, 0xE4, 0xE8, 0xEC, 0xF0, 0xF4, 0xF8, 0xFC
+.byte 0x1B, 0x1F, 0x13, 0x17, 0x0B, 0x0F, 0x03, 0x07
+.byte 0x3B, 0x3F, 0x33, 0x37, 0x2B, 0x2F, 0x23, 0x27
+.byte 0x5B, 0x5F, 0x53, 0x57, 0x4B, 0x4F, 0x43, 0x47
+.byte 0x7B, 0x7F, 0x73, 0x77, 0x6B, 0x6F, 0x63, 0x67
+.byte 0x9B, 0x9F, 0x93, 0x97, 0x8B, 0x8F, 0x83, 0x87
+.byte 0xBB, 0xBF, 0xB3, 0xB7, 0xAB, 0xAF, 0xA3, 0xA7
+.byte 0xDB, 0xDF, 0xD3, 0xD7, 0xCB, 0xCF, 0xC3, 0xC7
+.byte 0xFB, 0xFF, 0xF3, 0xF7, 0xEB, 0xEF, 0xE3, 0xE7
+.byte 0x36, 0x32, 0x3E, 0x3A, 0x26, 0x22, 0x2E, 0x2A
+.byte 0x16, 0x12, 0x1E, 0x1A, 0x06, 0x02, 0x0E, 0x0A
+.byte 0x76, 0x72, 0x7E, 0x7A, 0x66, 0x62, 0x6E, 0x6A
+.byte 0x56, 0x52, 0x5E, 0x5A, 0x46, 0x42, 0x4E, 0x4A
+.byte 0xB6, 0xB2, 0xBE, 0xBA, 0xA6, 0xA2, 0xAE, 0xAA
+.byte 0x96, 0x92, 0x9E, 0x9A, 0x86, 0x82, 0x8E, 0x8A
+.byte 0xF6, 0xF2, 0xFE, 0xFA, 0xE6, 0xE2, 0xEE, 0xEA
+.byte 0xD6, 0xD2, 0xDE, 0xDA, 0xC6, 0xC2, 0xCE, 0xCA
+.byte 0x2D, 0x29, 0x25, 0x21, 0x3D, 0x39, 0x35, 0x31
+.byte 0x0D, 0x09, 0x05, 0x01, 0x1D, 0x19, 0x15, 0x11
+.byte 0x6D, 0x69, 0x65, 0x61, 0x7D, 0x79, 0x75, 0x71
+.byte 0x4D, 0x49, 0x45, 0x41, 0x5D, 0x59, 0x55, 0x51
+.byte 0xAD, 0xA9, 0xA5, 0xA1, 0xBD, 0xB9, 0xB5, 0xB1
+.byte 0x8D, 0x89, 0x85, 0x81, 0x9D, 0x99, 0x95, 0x91
+.byte 0xED, 0xE9, 0xE5, 0xE1, 0xFD, 0xF9, 0xF5, 0xF1
+.byte 0xCD, 0xC9, 0xC5, 0xC1, 0xDD, 0xD9, 0xD5, 0xD1
+
diff --git a/aes_dec.h b/aes_dec.h
new file mode 100644
index 0000000..0517bd9
--- /dev/null
+++ b/aes_dec.h
@@ -0,0 +1,36 @@
+/* aes_dec.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+*/
+/**
+ * \file aes_dec.h
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2008-12-30
+ * \license GPLv3 or later
+ *
+ */
+#ifndef AES_DEC_H_
+#define AES_DEC_H_
+#include "aes_types.h"
+#include
+
+
+void aes_decrypt_core(aes_cipher_state_t* state,const aes_genctx_t* ks, uint8_t rounds);
+
+
+#endif
diff --git a/aes_enc-asm.S b/aes_enc-asm.S
new file mode 100644
index 0000000..5b46a2a
--- /dev/null
+++ b/aes_enc-asm.S
@@ -0,0 +1,341 @@
+/* aes_enc-asm.S */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008, 2009 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+*/
+/**
+ * \file aes_enc-asm.S
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2009-01-10
+ * \license GPLv3 or later
+ *
+ */
+
+#include "avr-asm-macros.S"
+
+
+/*
+ * param a: r24
+ * param b: r22
+ * param reducer: r0
+ */
+A = 28
+B = 29
+P = 0
+xREDUCER = 25
+
+.global aes256_enc
+aes256_enc:
+ ldi r20, 14
+ rjmp aes_encrypt_core
+
+.global aes192_enc
+aes192_enc:
+ ldi r20, 12
+ rjmp aes_encrypt_core
+
+.global aes128_enc
+aes128_enc:
+ ldi r20, 10
+
+
+/*
+ void aes_encrypt_core(aes_cipher_state_t* state, const aes_genctx_t* ks, uint8_t rounds)
+*/
+T0= 2
+T1= 3
+T2= 4
+T3= 5
+SBOX_SAVE0 = 6
+SBOX_SAVE1 = 7
+ST00 = 8
+ST01 = 9
+ST02 = 10
+ST03 = 11
+ST10 = 12
+ST11 = 13
+ST12 = 14
+ST13 = 15
+ST20 = 16
+ST21 = 17
+ST22 = 18
+ST23 = 19
+ST30 = 20
+ST31 = 21
+ST32 = 22
+ST33 = 23
+CTR = 24
+/*
+ * param state: r24:r25
+ * param ks: r22:r23
+ * param rounds: r20
+ */
+.global aes_encrypt_core
+aes_encrypt_core:
+ push_range 2, 17
+ push r28
+ push r29
+ push r24
+ push r25
+ movw r26, r22
+ movw r30, r24
+ mov CTR, r20
+ clt
+
+ .irp param,ST00, ST01, ST02, ST03, ST10, ST11, ST12, ST13, ST20, ST21, ST22, ST23, ST30, ST31, ST32, ST33
+ ld \param, Z+
+ .endr
+
+ ldi xREDUCER, 0x1b /* load reducer */
+ ldi r31, hi8(aes_sbox)
+
+ /* key whitening */
+1:
+ .irp param,ST00, ST01, ST02, ST03, ST10, ST11, ST12, ST13, ST20, ST21, ST22, ST23, ST30, ST31, ST32, ST33
+ ld r0, X+
+ eor \param, r0
+ .endr
+
+ brtc 2f
+exit:
+ pop r31
+ pop r30
+ st Z+, ST00
+ st Z+, ST01
+ st Z+, ST02
+ st Z+, ST03
+ st Z+, ST10
+ st Z+, ST11
+ st Z+, ST12
+ st Z+, ST13
+ st Z+, ST20
+ st Z+, ST21
+ st Z+, ST22
+ st Z+, ST23
+ st Z+, ST30
+ st Z+, ST31
+ st Z+, ST32
+ st Z+, ST33
+ pop r29
+ pop r28
+ pop_range 2, 17
+ ret
+
+2: dec CTR
+ brne 3f
+ set
+3:
+
+ /* encryption loop */
+
+ /* SBOX substitution and shifting */
+ mov r30, ST00
+ lpm ST00, Z
+ mov r30, ST10
+ lpm ST10, Z
+ mov r30, ST20
+ lpm ST20, Z
+ mov r30, ST30
+ lpm ST30, Z
+
+ mov r30, ST01
+ lpm T0, Z
+ mov r30, ST11
+ lpm ST01, Z
+ mov r30, ST21
+ lpm ST11, Z
+ mov r30, ST31
+ lpm ST21, Z
+ mov ST31, T0
+
+ mov r30, ST02
+ lpm T0, Z
+ mov r30, ST12
+ lpm T1, Z
+ mov r30, ST22
+ lpm ST02, Z
+ mov r30, ST32
+ lpm ST12, Z
+ mov ST22, T0
+ mov ST32, T1
+
+ mov r30, ST03
+ lpm T0, Z
+ mov r30, ST33
+ lpm ST03, Z
+ mov r30, ST23
+ lpm ST33, Z
+ mov r30, ST13
+ lpm ST23, Z
+ mov ST13, T0
+
+ /* mixcols (or rows in our case) */
+ brtc 2f
+ rjmp 1b
+2:
+ /* mixrow 1 */
+ mov r0, ST02
+ eor r0, ST03
+ mov T2, r0
+
+ mov T0, ST00
+ eor ST00, ST01
+ eor r0, ST00
+ lsl ST00
+ brcc 3f
+ eor ST00, xREDUCER
+3: eor ST00, r0
+ eor ST00, T0
+
+ mov T1, ST01
+ eor T1, ST02
+ lsl T1
+ brcc 3f
+ eor T1, xREDUCER
+3: eor T1, r0
+ eor ST01, T1
+
+ lsl T2
+ brcc 3f
+ eor T2, xREDUCER
+3: eor T2, r0
+ eor ST02, T2
+
+ eor T0, ST03
+ lsl T0
+ brcc 3f
+ eor T0, xREDUCER
+3: eor T0, r0
+ eor ST03, T0
+
+ /* mixrow 2 */
+ mov r0, ST12
+ eor r0, ST13
+ mov T2, r0
+
+ mov T0, ST10
+ eor ST10, ST11
+ eor r0, ST10
+ lsl ST10
+ brcc 3f
+ eor ST10, xREDUCER
+3: eor ST10, r0
+ eor ST10, T0
+
+ mov T1, ST11
+ eor T1, ST12
+ lsl T1
+ brcc 3f
+ eor T1, xREDUCER
+3: eor T1, r0
+ eor ST11, T1
+
+ lsl T2
+ brcc 3f
+ eor T2, xREDUCER
+3: eor T2, r0
+ eor ST12, T2
+
+ eor T0, ST13
+ lsl T0
+ brcc 3f
+ eor T0, xREDUCER
+3: eor T0, r0
+ eor ST13, T0
+
+ /* mixrow 3 */
+ mov r0, ST22
+ eor r0, ST23
+ mov T2, r0
+
+ mov T0, ST20
+ eor ST20, ST21
+ eor r0, ST20
+ lsl ST20
+ brcc 3f
+ eor ST20, xREDUCER
+3: eor ST20, r0
+ eor ST20, T0
+
+ mov T1, ST21
+ eor T1, ST22
+ lsl T1
+ brcc 3f
+ eor T1, xREDUCER
+3: eor T1, r0
+ eor ST21, T1
+
+ lsl T2
+ brcc 3f
+ eor T2, xREDUCER
+3: eor T2, r0
+ eor ST22, T2
+
+ eor T0, ST23
+ lsl T0
+ brcc 3f
+ eor T0, xREDUCER
+3: eor T0, r0
+ eor ST23, T0
+
+ /* mixrow 4 */
+ mov r0, ST32
+ eor r0, ST33
+ mov T2, r0
+
+ mov T0, ST30
+ eor ST30, ST31
+ eor r0, ST30
+ lsl ST30
+ brcc 3f
+ eor ST30, xREDUCER
+3: eor ST30, r0
+ eor ST30, T0
+
+ mov T1, ST31
+ eor T1, ST32
+ lsl T1
+ brcc 3f
+ eor T1, xREDUCER
+3: eor T1, r0
+ eor ST31, T1
+
+ lsl T2
+ brcc 3f
+ eor T2, xREDUCER
+3: eor T2, r0
+ eor ST32, T2
+
+ eor T0, ST33
+ lsl T0
+ brcc 3f
+ eor T0, xREDUCER
+3: eor T0, r0
+ eor ST33, T0
+ /* mix colums (rows) done */
+
+ /* add key*/
+ rjmp 1b
+
+
+
+
+
+
+
+
+
diff --git a/aes_enc.h b/aes_enc.h
new file mode 100644
index 0000000..fb25764
--- /dev/null
+++ b/aes_enc.h
@@ -0,0 +1,36 @@
+/* aes_enc.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+*/
+/**
+ * \file aes_enc.h
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2008-12-30
+ * \license GPLv3 or later
+ *
+ */
+#ifndef AES_ENC_H_
+#define AES_ENC_H_
+#include "aes_types.h"
+#include
+
+
+void aes_encrypt_core(aes_cipher_state_t* state, const aes_genctx_t* ks, uint8_t rounds);
+
+
+#endif
diff --git a/aes_invsbox-asm.S b/aes_invsbox-asm.S
new file mode 100644
index 0000000..9ab899f
--- /dev/null
+++ b/aes_invsbox-asm.S
@@ -0,0 +1,45 @@
+/* aes_sbox-asm.S */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008, 2009 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+*/
+/**
+ * \file aes_dec-asm.S
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2009-01-10
+ * \license GPLv3 or later
+ *
+ */
+.balign 256
+.global aes_invsbox
+aes_invsbox:
+.byte 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
+.byte 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
+.byte 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
+.byte 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
+.byte 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
+.byte 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
+.byte 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
+.byte 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
+.byte 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
+.byte 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
+.byte 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
+.byte 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
+.byte 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
+.byte 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
+.byte 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
+.byte 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
diff --git a/aes_invsbox.h b/aes_invsbox.h
new file mode 100644
index 0000000..42fe9a8
--- /dev/null
+++ b/aes_invsbox.h
@@ -0,0 +1,33 @@
+/* aes_invsbox.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+*/
+/**
+ * \file aes_invsbox.h
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2008-12-30
+ * \license GPLv3 or later
+ *
+ */
+#ifndef AES_INVSBOX_H_
+#define AES_INVSBOX_H_
+#include
+
+extern uint8_t aes_invsbox[];
+
+#endif
diff --git a/aes_keyschedule-asm.S b/aes_keyschedule-asm.S
new file mode 100644
index 0000000..c5d69ea
--- /dev/null
+++ b/aes_keyschedule-asm.S
@@ -0,0 +1,225 @@
+/* aes_keyschedule-asm */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008, 2009 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+*/
+/**
+ * \file aes_keyschedule-asm.S
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2009-01-09
+ * \license GPLv3 or later
+ *
+ */
+
+#include "avr-asm-macros.S"
+
+.global aes256_init
+aes256_init:
+ movw r20, r22
+ ldi r23, hi8(256)
+ ldi r22, lo8(256)
+ rjmp aes_init
+
+.global aes192_init
+aes192_init:
+ movw r20, r22
+ ldi r23, hi8(192)
+ ldi r22, lo8(192)
+ rjmp aes_init
+
+.global aes128_init
+aes128_init:
+ movw r20, r22
+ clr r23
+ ldi r22, 128
+
+/*
+void aes_init(const void* key, uint16_t keysize_b, aes_genctx_t* ctx){
+ uint8_t hi,i,nk, next_nk;
+ uint8_t rc=1;
+ uint8_t tmp[4];
+ nk=keysize_b>>5; / * 4, 6, 8 * /
+ hi=4*(nk+6+1);
+ memcpy(ctx, key, keysize_b/8);
+ next_nk = nk;
+ for(i=nk;ikey[0].ks))[i-1];
+ if(i!=next_nk){
+ if(nk==8 && i%8==4){
+ tmp[0] = pgm_read_byte(aes_sbox+tmp[0]);
+ tmp[1] = pgm_read_byte(aes_sbox+tmp[1]);
+ tmp[2] = pgm_read_byte(aes_sbox+tmp[2]);
+ tmp[3] = pgm_read_byte(aes_sbox+tmp[3]);
+ }
+ } else {
+ next_nk += nk;
+ aes_rotword(tmp);
+ tmp[0] = pgm_read_byte(aes_sbox+tmp[0]);
+ tmp[1] = pgm_read_byte(aes_sbox+tmp[1]);
+ tmp[2] = pgm_read_byte(aes_sbox+tmp[2]);
+ tmp[3] = pgm_read_byte(aes_sbox+tmp[3]);
+ tmp[0] ^= rc;
+ rc<<=1;
+ }
+ ((uint32_t*)(ctx->key[0].ks))[i] = ((uint32_t*)(ctx->key[0].ks))[i-nk]
+ ^ *((uint32_t*)tmp);
+ }
+}
+*/
+
+SBOX_SAVE0 = 14
+SBOX_SAVE1 = 15
+XRC = 17
+NK = 22
+C1 = 18
+NEXT_NK = 19
+HI = 23
+T0 = 20
+T1 = 21
+T2 = 24
+T3 = 25
+/*
+ * param key: r24:r25
+ * param keysize_b: r22:r23
+ * param ctx: r20:r21
+ */
+.global aes_init
+aes_init:
+ push_range 14, 17
+ push r28
+ push r29
+ movw r30, r20
+ movw r28, r20
+ movw r26, r24
+ lsr r23
+ ror r22
+ lsr r22
+ lsr r22 /* r22 contains keysize_b/8 */
+ mov C1, r22
+
+1: /* copy key to ctx */
+ ld r0, X+
+ st Z+, r0
+ dec C1
+ brne 1b
+
+ lsr NK
+ lsr NK
+ bst NK,3 /* set T if NK==8 */
+ mov NEXT_NK, NK
+ mov HI, NK
+ subi HI, -7
+ lsl HI
+ lsl HI
+ movw r26, r30
+ sbiw r26, 4
+ mov C1, NK
+ ldi r30, lo8(aes_sbox)
+ ldi r31, hi8(aes_sbox)
+ movw SBOX_SAVE0, r30
+ ldi XRC, 1
+1:
+ ld T0, X+
+ ld T1, X+
+ ld T2, X+
+ ld T3, X+
+ cp NEXT_NK, C1
+ breq 2f
+ brtc 5f
+ mov r16, C1
+ andi r16, 0x07
+ cpi r16, 0x04
+ brne 5f
+ movw r30, SBOX_SAVE0
+ add r30, T0
+ adc r31, r1
+ lpm T0, Z
+ movw r30, SBOX_SAVE0
+ add r30, T1
+ adc r31, r1
+ lpm T1, Z
+ movw r30, SBOX_SAVE0
+ add r30, T2
+ adc r31, r1
+ lpm T2, Z
+ movw r30, SBOX_SAVE0
+ add r30, T3
+ adc r31, r1
+ lpm T3, Z
+ rjmp 5f
+2:
+ add NEXT_NK, NK
+ movw r30, SBOX_SAVE0
+ add r30, T0
+ adc r31, r1
+ lpm r16, Z
+ movw r30, SBOX_SAVE0
+ add r30, T1
+ adc r31, r1
+ lpm T0, Z
+ movw r30, SBOX_SAVE0
+ add r30, T2
+ adc r31, r1
+ lpm T1, Z
+ movw r30, SBOX_SAVE0
+ add r30, T3
+ adc r31, r1
+ lpm T2, Z
+ mov T3, r16
+ eor T0, XRC
+ lsl XRC
+ brcc 3f
+ ldi XRC, 0x1b
+3:
+5:
+ movw r30, r26
+
+ ld r0, Y+
+ eor r0, T0
+ st Z+, r0
+ ld r0, Y+
+ eor r0 ,T1
+ st Z+, r0
+ ld r0, Y+
+ eor r0, T2
+ st Z+, r0
+ ld r0, Y+
+ eor r0, T3
+ st Z+, r0
+
+/*
+ st Z+, T0
+ st Z+, T1
+ st Z+, T2
+ st Z+, T3
+*/
+
+ inc C1
+ cp C1, HI
+ breq 6f
+ rjmp 1b
+6:
+
+ clt
+ pop r29
+ pop r28
+ pop_range 14, 17
+ ret
+
+
+
+
diff --git a/aes_keyschedule.h b/aes_keyschedule.h
new file mode 100644
index 0000000..ab5786a
--- /dev/null
+++ b/aes_keyschedule.h
@@ -0,0 +1,75 @@
+/* aes_keyschedule.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+*/
+/**
+ * \file aes_keyschedule.h
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2008-12-30
+ * \license GPLv3 or later
+ * \ingroup AES
+ */
+
+
+#ifndef AES_KEYSCHEDULE_H_
+#define AES_KEYSCHEDULE_H_
+
+#include "aes_types.h"
+/**
+ * \brief initialize the keyschedule
+ *
+ * This function computes the keyschedule from a given key with a given length
+ * and stores it in the context variable
+ * \param key pointer to the key material
+ * \param keysize_b length of the key in bits (valid are 128, 192 and 256)
+ * \param ctx pointer to the context where the keyschedule should be stored
+ */
+void aes_init(const void* key, uint16_t keysize_b, aes_genctx_t* ctx);
+
+/**
+ * \brief initialize the keyschedule for 128 bit key
+ *
+ * This function computes the keyschedule from a given 128 bit key
+ * and stores it in the context variable
+ * \param key pointer to the key material
+ * \param ctx pointer to the context where the keyschedule should be stored
+ */
+void aes128_init(const void* key, aes128_ctx_t* ctx);
+
+/**
+ * \brief initialize the keyschedule for 192 bit key
+ *
+ * This function computes the keyschedule from a given 192 bit key
+ * and stores it in the context variable
+ * \param key pointer to the key material
+ * \param ctx pointer to the context where the keyschedule should be stored
+ */
+void aes192_init(const void* key, aes192_ctx_t* ctx);
+
+/**
+ * \brief initialize the keyschedule for 256 bit key
+ *
+ * This function computes the keyschedule from a given 256 bit key
+ * and stores it in the context variable
+ * \param key pointer to the key material
+ * \param ctx pointer to the context where the keyschedule should be stored
+ */
+void aes256_init(const void* key, aes256_ctx_t* ctx);
+
+#endif /* AES_KEYSCHEDULE_H_ */
+
diff --git a/aes_sbox-asm.S b/aes_sbox-asm.S
new file mode 100644
index 0000000..e609698
--- /dev/null
+++ b/aes_sbox-asm.S
@@ -0,0 +1,47 @@
+/* aes_sbox-asm.S */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008, 2009 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+*/
+/**
+ * \file aes_dec-asm.S
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2009-01-10
+ * \license GPLv3 or later
+ *
+ */
+
+.balign 256
+.global aes_sbox
+aes_sbox:
+.byte 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
+.byte 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
+.byte 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
+.byte 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
+.byte 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
+.byte 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
+.byte 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
+.byte 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
+.byte 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
+.byte 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
+.byte 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
+.byte 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
+.byte 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
+.byte 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
+.byte 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
+.byte 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
+
diff --git a/aes_sbox.h b/aes_sbox.h
new file mode 100644
index 0000000..5bc03b7
--- /dev/null
+++ b/aes_sbox.h
@@ -0,0 +1,33 @@
+/* aes_sbox.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+*/
+/**
+ * \file aes_sbox.h
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2008-12-30
+ * \license GPLv3 or later
+ *
+ */
+#ifndef AES_SBOX_H_
+#define AES_SBOX_H_
+#include
+
+extern uint8_t aes_sbox[];
+
+#endif
diff --git a/aes_types.h b/aes_types.h
new file mode 100644
index 0000000..d69dd9f
--- /dev/null
+++ b/aes_types.h
@@ -0,0 +1,56 @@
+/* aes.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+*/
+/**
+ * \file aes_types.h
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2008-12-30
+ * \license GPLv3 or later
+ *
+ */
+#ifndef AES_TYPES_H_
+#define AES_TYPES_H_
+
+#include
+
+typedef struct{
+ uint8_t ks[16];
+} aes_roundkey_t;
+
+typedef struct{
+ aes_roundkey_t key[10+1];
+} aes128_ctx_t;
+
+typedef struct{
+ aes_roundkey_t key[12+1];
+} aes192_ctx_t;
+
+typedef struct{
+ aes_roundkey_t key[14+1];
+} aes256_ctx_t;
+
+typedef struct{
+ aes_roundkey_t key[1]; /* just to avoid the warning */
+} aes_genctx_t;
+
+typedef struct{
+ uint8_t s[16];
+} aes_cipher_state_t;
+
+#endif
diff --git a/avr-asm-macros.S b/avr-asm-macros.S
new file mode 100644
index 0000000..766cdae
--- /dev/null
+++ b/avr-asm-macros.S
@@ -0,0 +1,150 @@
+/* avr-asm-macros.S */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+*/
+
+/*
+ * File: avr-asm-macros.S
+ * Author: Daniel Otte
+ * Date: 2008-08-13
+ * License: GPLv3 or later
+ * Description: some macros which are quite usefull
+ *
+ */
+
+//#ifndef AVR_ASM_MACROS__S__
+//#define AVR_ASM_MACROS__S__
+#include
+
+/*******************************************************************************
+* MACRO SECTION *
+*******************************************************************************/
+
+.macro push_ p1:req, p2:vararg
+ push \p1
+.ifnb \p2
+ push_ \p2
+.endif
+.endm
+
+.macro pop_ p1:req, p2:vararg
+ pop \p1
+.ifnb \p2
+ pop_ \p2
+.endif
+.endm
+
+.macro push_range from:req, to:req
+ push \from
+.if \to-\from
+ push_range "(\from+1)",\to
+.endif
+.endm
+
+.macro pop_range from:req, to:req
+ pop \to
+.if \to-\from
+ pop_range \from,"(\to-1)"
+.endif
+.endm
+
+.macro stack_alloc size:req, reg1=r30, reg2=r31
+ in r0, _SFR_IO_ADDR(SREG)
+ in \reg1, _SFR_IO_ADDR(SPL)
+ in \reg2, _SFR_IO_ADDR(SPH)
+ sbiw \reg1, \size
+ cli
+ out _SFR_IO_ADDR(SPH), \reg2
+ out _SFR_IO_ADDR(SREG), r0
+ out _SFR_IO_ADDR(SPL), \reg1
+.endm
+
+.macro stack_free size:req, reg1=r30, reg2=r31
+ in r0, _SFR_IO_ADDR(SREG)
+ in \reg1, _SFR_IO_ADDR(SPL)
+ in \reg2, _SFR_IO_ADDR(SPH)
+ adiw \reg1, \size
+ cli
+ out _SFR_IO_ADDR(SPH), \reg2
+ out _SFR_IO_ADDR(SREG), r0
+ out _SFR_IO_ADDR(SPL), \reg1
+.endm
+
+
+.macro stack_alloc_large size:req, reg1=r30, reg2=r31
+ in r0, _SFR_IO_ADDR(SREG)
+ in \reg1, _SFR_IO_ADDR(SPL)
+ in \reg2, _SFR_IO_ADDR(SPH)
+ subi \reg1, lo8(\size)
+ sbci \reg2, hi8(\size)
+ cli
+ out _SFR_IO_ADDR(SPH), \reg2
+ out _SFR_IO_ADDR(SREG), r0
+ out _SFR_IO_ADDR(SPL), \reg1
+.endm
+
+.macro stack_free_large size:req, reg1=r30, reg2=r31
+ in r0, _SFR_IO_ADDR(SREG)
+ in \reg1, _SFR_IO_ADDR(SPL)
+ in \reg2, _SFR_IO_ADDR(SPH)
+ adiw \reg1, 63
+ adiw \reg1, (\size-63)
+ cli
+ out _SFR_IO_ADDR(SPH), \reg2
+ out _SFR_IO_ADDR(SREG), r0
+ out _SFR_IO_ADDR(SPL), \reg1
+.endm
+
+.macro stack_free_large2 size:req, reg1=r30, reg2=r31
+ in r0, _SFR_IO_ADDR(SREG)
+ in \reg1, _SFR_IO_ADDR(SPL)
+ in \reg2, _SFR_IO_ADDR(SPH)
+ adiw \reg1, 63
+ adiw \reg1, 63
+ adiw \reg1, (\size-63*2)
+ cli
+ out _SFR_IO_ADDR(SPH), \reg2
+ out _SFR_IO_ADDR(SREG), r0
+ out _SFR_IO_ADDR(SPL), \reg1
+.endm
+
+.macro stack_free_large3 size:req, reg1=r30, reg2=r31
+ in r0, _SFR_IO_ADDR(SREG)
+ in \reg1, _SFR_IO_ADDR(SPL)
+ in \reg2, _SFR_IO_ADDR(SPH)
+ push r16
+ push r17
+ ldi r16, lo8(\size)
+ ldi r17, hi8(\size)
+ add \reg1, r16
+ adc \reg2, r17
+ pop r17
+ pop r16
+ cli
+ out _SFR_IO_ADDR(SPH), \reg2
+ out _SFR_IO_ADDR(SREG), r0
+ out _SFR_IO_ADDR(SPL), \reg1
+.endm
+
+
+/*******************************************************************************
+* END of MACRO SECTION *
+*******************************************************************************/
+
+
+//#endif /* AVR_ASM_MACROS__S__ */
+
diff --git a/bcal-basic.c b/bcal-basic.c
new file mode 100644
index 0000000..3d7a65c
--- /dev/null
+++ b/bcal-basic.c
@@ -0,0 +1,94 @@
+/* bcal-basic.c */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+*/
+
+#include
+#include
+#include
+#include
+#include "blockcipher_descriptor.h"
+#include "keysize_descriptor.h"
+
+uint8_t bcal_cipher_init(const bcdesc_t* cipher_descriptor,
+ const void* key, uint16_t keysize_b, bcgen_ctx_t* ctx){
+ if(!is_valid_keysize_P((PGM_VOID_P)pgm_read_word(&(cipher_descriptor->valid_keysize_desc)),
+ keysize_b)){
+ return 1;
+ }
+ uint8_t flags;
+ bc_init_fpt init_fpt;
+ ctx->desc_ptr = (bcdesc_t*)cipher_descriptor;
+ ctx->keysize = keysize_b;
+ flags = pgm_read_byte(cipher_descriptor->flags);
+ init_fpt.initvoid = (void_fpt)(pgm_read_word(&(cipher_descriptor->init.initvoid)));
+ if(init_fpt.initvoid == NULL){
+ if(!(ctx->ctx = malloc((keysize_b+7)/8)))
+ return 2;
+ memcpy(ctx->ctx, key, (keysize_b+7)/8);
+ return 0;
+ }
+ if(!(ctx->ctx = malloc(pgm_read_word(&(cipher_descriptor->ctxsize_B)))))
+ return 3;
+ if((flags&BC_INIT_TYPE)==BC_INIT_TYPE_1){
+ init_fpt.init1((void*)key, (ctx->ctx));
+ }else{
+ init_fpt.init2((void*)key, keysize_b, (ctx->ctx));
+ }
+ return 0;
+}
+
+void bcal_cipher_free(bcgen_ctx_t* ctx){
+ if(!ctx)
+ return;
+ bc_free_fpt free_fpt;
+ free_fpt = (bc_free_fpt)(pgm_read_word(&(ctx->desc_ptr->free)));
+ if(free_fpt)
+ free_fpt((ctx->ctx));
+ free(ctx->ctx);
+}
+
+void bcal_cipher_enc(void* block, const bcgen_ctx_t* ctx){
+ bc_enc_fpt enc_fpt;
+ enc_fpt.encvoid = (void_fpt)pgm_read_word(&(ctx->desc_ptr->enc.encvoid));
+ if(!enc_fpt.encvoid){
+ /* very bad error, no enciphering function specified */
+ return;
+ }
+ enc_fpt.enc1(block, (ctx->ctx));
+
+}
+
+void bcal_cipher_dec(void* block, const bcgen_ctx_t* ctx){
+ bc_dec_fpt dec_fpt;
+ dec_fpt.decvoid = (void_fpt)pgm_read_word(&(ctx->desc_ptr->dec.decvoid));
+ if(!dec_fpt.decvoid){
+ /* very bad error, no deciphering function specified */
+ return;
+ }
+ dec_fpt.dec1(block, (ctx->ctx));
+}
+
+uint16_t bcal_cipher_getBlocksize_b(const bcdesc_t* desc){
+ return pgm_read_word(&(desc->blocksize_b));
+}
+
+PGM_VOID_P bcal_cipher_getKeysizeDesc(const bcdesc_t* desc){
+ return (PGM_VOID_P)pgm_read_word(&(desc->valid_keysize_desc));
+}
+
+
diff --git a/bcal-basic.h b/bcal-basic.h
new file mode 100644
index 0000000..e45b9b8
--- /dev/null
+++ b/bcal-basic.h
@@ -0,0 +1,36 @@
+/* bcal-basic.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+*/
+
+#ifndef BCAL_BASIC_H_
+#define BCAL_BASIC_H_
+
+#include
+#include
+#include "blockcipher_descriptor.h"
+#include "keysize_descriptor.h"
+#include
+
+uint8_t bcal_cipher_init(const bcdesc_t* cipher_descriptor,
+ const void* key, uint16_t keysize_b, bcgen_ctx_t* ctx);
+void bcal_cipher_free(bcgen_ctx_t* ctx);
+void bcal_cipher_enc(void* block, const bcgen_ctx_t* ctx);
+void bcal_cipher_dec(void* block, const bcgen_ctx_t* ctx);
+uint16_t bcal_cipher_getBlocksize_b(const bcdesc_t* desc);
+PGM_VOID_P bcal_cipher_getKeysizeDesc(const bcdesc_t* desc);
+#endif /* BCAL_BASIC_H_ */
diff --git a/bcal-cbc.c b/bcal-cbc.c
new file mode 100644
index 0000000..ee27c35
--- /dev/null
+++ b/bcal-cbc.c
@@ -0,0 +1,84 @@
+/* bcal-cbc.c */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+*/
+
+#include
+#include
+#include "bcal-cbc.h"
+#include "bcal-basic.h"
+#include "memxor.h"
+
+uint8_t bcal_cbc_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, bcal_cbc_ctx_t* ctx){
+ ctx->desc = (bcdesc_t*)desc;
+ ctx->blocksize_B = (bcal_cipher_getBlocksize_b(desc)+7)/8;
+ ctx->prev_block = malloc(ctx->blocksize_B);
+
+ if(ctx->prev_block==NULL){
+ return 0x11;
+ }
+ return bcal_cipher_init(desc, key, keysize_b, &(ctx->cctx));
+}
+
+void bcal_cbc_free(bcal_cbc_ctx_t* ctx){
+ bcal_cipher_free(&(ctx->cctx));
+ free(ctx->prev_block);
+}
+
+
+void bcal_cbc_loadIV(const void* iv, bcal_cbc_ctx_t* ctx){
+ if(iv){
+ memcpy(ctx->prev_block, iv, ctx->blocksize_B);
+ }
+}
+
+void bcal_cbc_encNext(void* block, bcal_cbc_ctx_t* ctx){
+ memxor(block, ctx->prev_block, ctx->blocksize_B);
+ bcal_cipher_enc(block, &(ctx->cctx));
+ memcpy(ctx->prev_block, block, ctx->blocksize_B);
+}
+
+void bcal_cbc_decNext(void* block, bcal_cbc_ctx_t* ctx){
+ uint8_t tmp[ctx->blocksize_B];
+ memcpy(tmp, block, ctx->blocksize_B);
+ bcal_cipher_dec(block, &(ctx->cctx));
+ memxor(block, ctx->prev_block, ctx->blocksize_B);
+ memcpy(ctx->prev_block, tmp, ctx->blocksize_B);
+}
+void bcal_cbc_decRand(void* block, const void* prev_block, bcal_cbc_ctx_t* ctx){
+ bcal_cipher_dec(block, &(ctx->cctx));
+ memxor(block, prev_block, ctx->blocksize_B);
+}
+
+void bcal_cbc_encMsg(const void* iv, void* msg, uint16_t msg_blocks, bcal_cbc_ctx_t* ctx){
+ bcal_cbc_loadIV(iv, ctx);
+ while(msg_blocks--){
+ bcal_cbc_encNext(msg, ctx);
+ msg = (uint8_t*)msg + ctx->blocksize_B;
+ }
+}
+
+void bcal_cbc_decMsg(const void* iv, void* msg, uint16_t msg_blocks, bcal_cbc_ctx_t* ctx){
+ msg=(uint8_t*)msg + (msg_blocks-1)*ctx->blocksize_B;
+ while(msg_blocks > 1){
+ bcal_cbc_decRand(msg, (uint8_t*)msg-ctx->blocksize_B, ctx);
+ msg_blocks -= 1;
+ msg=(uint8_t*)msg-ctx->blocksize_B;
+ }
+ bcal_cbc_decRand(msg, iv, ctx);
+}
+
diff --git a/bcal-cbc.h b/bcal-cbc.h
new file mode 100644
index 0000000..ba20186
--- /dev/null
+++ b/bcal-cbc.h
@@ -0,0 +1,44 @@
+/* bcal-cbc.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+*/
+
+#ifndef BCALCBC_H_
+#define BCALCBC_H_
+
+#include
+#include "blockcipher_descriptor.h"
+#include "bcal-basic.h"
+
+typedef struct{
+ bcdesc_t* desc;
+ bcgen_ctx_t cctx;
+ uint8_t* prev_block;
+ uint8_t blocksize_B;
+} bcal_cbc_ctx_t;
+
+uint8_t bcal_cbc_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, bcal_cbc_ctx_t* ctx);
+void bcal_cbc_free(bcal_cbc_ctx_t* ctx);
+void bcal_cbc_loadIV(const void* iv, bcal_cbc_ctx_t* ctx);
+void bcal_cbc_encNext(void* block, bcal_cbc_ctx_t* ctx);
+void bcal_cbc_decNext(void* block, bcal_cbc_ctx_t* ctx);
+void bcal_cbc_decRand(void* block, const void* prev_block, bcal_cbc_ctx_t* ctx);
+void bcal_cbc_encMsg(const void* iv, void* msg, uint16_t msg_blocks, bcal_cbc_ctx_t* ctx);
+void bcal_cbc_decMsg(const void* iv, void* msg, uint16_t msg_blocks, bcal_cbc_ctx_t* ctx);
+
+
+#endif /* BCALCBC_H_ */
diff --git a/bcal-cmac.c b/bcal-cmac.c
new file mode 100644
index 0000000..abc9dfa
--- /dev/null
+++ b/bcal-cmac.c
@@ -0,0 +1,152 @@
+/* bcal-omac.c */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+*/
+
+
+#include
+#include
+#include "bcal-basic.h"
+#include "bcal-cmac.h"
+#include "memxor.h"
+
+
+static uint8_t left_shift_be_block(void* block, uint8_t blocksize_B){
+ uint8_t c1=0, c2;
+ do{
+ --blocksize_B;
+ c2 = (((uint8_t*)block)[blocksize_B])>>7;
+ (((uint8_t*)block)[blocksize_B]) <<= 1;
+ (((uint8_t*)block)[blocksize_B]) |= c1;
+ c1 = c2;
+ }while(blocksize_B);
+ return c1;
+}
+
+static const uint8_t const_128 = 0x87;
+static const uint8_t const_64 = 0x1b;
+
+uint8_t bcal_cmac_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, bcal_cmac_ctx_t* ctx){
+ uint8_t r;
+ ctx->desc = (bcdesc_t*)desc;
+ ctx->blocksize_B = bcal_cipher_getBlocksize_b(desc)/8;
+ if (ctx->blocksize_B!=128/8 && ctx->blocksize_B!=64/8){
+ return 0x13;
+ }
+ ctx->accu = malloc(ctx->blocksize_B);
+ if(ctx->accu==NULL){
+ return 0x14;
+ }
+ ctx->k1 = malloc(ctx->blocksize_B);
+ if(ctx->k1==NULL){
+ return 0x15;
+ }
+ ctx->k2 = malloc(ctx->blocksize_B);
+ if(ctx->k2==NULL){
+ return 0x16;
+ }
+ ctx->lastblock = malloc(ctx->blocksize_B);
+ if(ctx->lastblock==NULL){
+ return 0x17;
+ }
+ r = bcal_cipher_init(desc, key, keysize_b, &(ctx->cctx));
+ if(r){
+ return r;
+ }
+ if(ctx->blocksize_B==128/8){
+ r = const_128;
+ }else{
+ r = const_64;
+ }
+ /* subkey computation */
+ memset(ctx->accu, 0x00, ctx->blocksize_B);
+ memset(ctx->k1, 0x00, ctx->blocksize_B);
+ bcal_cipher_enc(ctx->k1, &(ctx->cctx));
+ if(left_shift_be_block(ctx->k1, ctx->blocksize_B)){
+ ctx->k1[ctx->blocksize_B-1] ^= r;
+ }
+ memcpy(ctx->k2, ctx->k1, ctx->blocksize_B);
+ if(left_shift_be_block(ctx->k2, ctx->blocksize_B)){
+ ctx->k2[ctx->blocksize_B-1] ^= r;
+ }
+ ctx->last_set=0;
+ return 0;
+}
+
+void bcal_cmac_free(bcal_cmac_ctx_t* ctx){
+ free(ctx->accu);
+ free(ctx->k1);
+ free(ctx->k2);
+ bcal_cipher_free(&(ctx->cctx));
+}
+
+void bcal_cmac_nextBlock (bcal_cmac_ctx_t* ctx, const void* block){
+ if(ctx->last_set){
+ memxor(ctx->accu, ctx->lastblock, ctx->blocksize_B);
+ bcal_cipher_enc(ctx->accu, &(ctx->cctx));
+ }
+ memcpy(ctx->lastblock, block, ctx->blocksize_B);
+ ctx->last_set=1;
+}
+
+
+void bcal_cmac_lastBlock(bcal_cmac_ctx_t* ctx, const void* block, uint16_t length_b){
+ uint16_t blocksize_b;
+ blocksize_b = ctx->blocksize_B*8;
+ while(length_b>=blocksize_b){
+ bcal_cmac_nextBlock(ctx, block);
+ block = (uint8_t*)block + ctx->blocksize_B;
+ length_b -= blocksize_b;
+ }
+ if(ctx->last_set==0){
+ memxor(ctx->accu, block, (length_b+7)/8);
+ memxor(ctx->accu, ctx->k2, ctx->blocksize_B);
+ ctx->accu[length_b/8] ^= 0x80>>(length_b&7);
+ }else{
+ if(length_b==0){
+ memxor(ctx->accu, ctx->lastblock, ctx->blocksize_B);
+ memxor(ctx->accu, ctx->k1, ctx->blocksize_B);
+ }else{
+ memxor(ctx->accu, ctx->lastblock, ctx->blocksize_B);
+ bcal_cipher_enc(ctx->accu, &(ctx->cctx));
+ memxor(ctx->accu, block, (length_b+7)/8);
+ memxor(ctx->accu, ctx->k2, ctx->blocksize_B);
+ ctx->accu[length_b/8] ^= 0x80>>(length_b&7);
+ }
+ }
+ bcal_cipher_enc(ctx->accu, &(ctx->cctx));
+}
+
+void bcal_cmac_ctx2mac(void* dest, uint16_t length_b, const bcal_cmac_ctx_t* ctx){
+ memcpy(dest, ctx->accu, length_b/8);
+ if(length_b&7){
+ ((uint8_t*)dest)[length_b/8] &= 0xff>>(length_b&7);
+ ((uint8_t*)dest)[length_b/8] |= (0xff00>>(length_b&7))&(ctx->accu[length_b/8]);
+ }
+}
+
+void bcal_cmac(void* dest, uint16_t out_length_b, const void* block, uint32_t length_b, bcal_cmac_ctx_t* ctx){
+ uint16_t blocksize_b;
+ blocksize_b = ctx->blocksize_B*8;
+ while(length_b>blocksize_b){
+ bcal_cmac_nextBlock(ctx, block);
+ block = (uint8_t*)block + ctx->blocksize_B;
+ length_b -= blocksize_b;
+ }
+ bcal_cmac_lastBlock(ctx, block, length_b);
+ bcal_cmac_ctx2mac(dest, out_length_b, ctx);
+}
diff --git a/bcal-cmac.h b/bcal-cmac.h
new file mode 100644
index 0000000..be699b6
--- /dev/null
+++ b/bcal-cmac.h
@@ -0,0 +1,45 @@
+/* bcal-cmac.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+*/
+
+#ifndef BCALCMAC_H_
+#define BCALCMAC_H_
+
+#include
+#include "bcal-basic.h"
+#include "blockcipher_descriptor.h"
+
+typedef struct{
+ bcdesc_t* desc;
+ bcgen_ctx_t cctx;
+ uint8_t* accu;
+ uint8_t* k1;
+ uint8_t* k2;
+ uint8_t* lastblock;
+ uint8_t last_set;
+ uint8_t blocksize_B;
+} bcal_cmac_ctx_t;
+
+uint8_t bcal_cmac_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, bcal_cmac_ctx_t* ctx);
+void bcal_cmac_free(bcal_cmac_ctx_t* ctx);
+void bcal_cmac_nextBlock(bcal_cmac_ctx_t* ctx, const void* block);
+void bcal_cmac_lastBlock(bcal_cmac_ctx_t* ctx, const void* block, uint16_t length_b);
+void bcal_cmac_ctx2mac(void* dest, uint16_t length_b, const bcal_cmac_ctx_t* ctx);
+void bcal_cmac(void* dest, uint16_t out_length_b, const void* block, uint32_t length_b, bcal_cmac_ctx_t* ctx);
+
+#endif /* BCALCMAC_H_ */
diff --git a/bcal-ofb.c b/bcal-ofb.c
new file mode 100644
index 0000000..d7ae757
--- /dev/null
+++ b/bcal-ofb.c
@@ -0,0 +1,76 @@
+/* bcal-ofb.c */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+*/
+
+#include
+#include
+#include "bcal-ofb.h"
+#include "bcal-basic.h"
+#include "memxor.h"
+
+
+uint8_t bcal_ofb_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, bcal_ofb_ctx_t* ctx){
+ ctx->desc = (bcdesc_t*)desc;
+ ctx->blocksize_B = (bcal_cipher_getBlocksize_b(desc)+7)/8;
+ ctx->in_block=malloc(ctx->blocksize_B);
+ if(ctx->in_block==NULL){
+ return 0x11;
+ }
+ return bcal_cipher_init(desc, key, keysize_b, &(ctx->cctx));
+}
+
+void bcal_ofb_free(bcal_ofb_ctx_t* ctx){
+ free(ctx->in_block);
+ bcal_cipher_free(&(ctx->cctx));
+}
+
+void bcal_ofb_loadIV(const void* iv, bcal_ofb_ctx_t* ctx){
+ if(iv){
+ memcpy(ctx->in_block, iv, ctx->blocksize_B);
+ }
+}
+
+void bcal_ofb_encNext(void* block, bcal_ofb_ctx_t* ctx){
+ bcal_cipher_enc(ctx->in_block , &(ctx->cctx));
+ memxor(block, ctx->in_block, ctx->blocksize_B);
+}
+
+void bcal_ofb_decNext(void* block, bcal_ofb_ctx_t* ctx){
+ bcal_cipher_enc(ctx->in_block , &(ctx->cctx));
+ memxor(block, ctx->in_block, ctx->blocksize_B);
+}
+
+
+void bcal_ofb_encMsg(const void* iv, void* msg, uint32_t msg_len_b, bcal_ofb_ctx_t* ctx){
+ uint16_t block_len_b;
+ block_len_b = ctx->blocksize_B*8;
+ bcal_ofb_loadIV(iv, ctx);
+ while(msg_len_b>block_len_b){
+ bcal_ofb_encNext(msg, ctx);
+ msg_len_b -= block_len_b;
+ msg = (uint8_t*)msg + ctx->blocksize_B;
+ }
+ bcal_cipher_enc(ctx->in_block, &(ctx->cctx));
+ ctx->in_block[msg_len_b/8] = 0xff00>>(msg_len_b&7);
+ memxor(msg, ctx->in_block, (msg_len_b+7)/8);
+}
+
+void bcal_ofb_decMsg(const void* iv, void* msg, uint32_t msg_len_b, bcal_ofb_ctx_t* ctx){
+ bcal_ofb_encMsg(iv, msg, msg_len_b, ctx);
+}
+
diff --git a/bcal-ofb.h b/bcal-ofb.h
new file mode 100644
index 0000000..aa69c05
--- /dev/null
+++ b/bcal-ofb.h
@@ -0,0 +1,46 @@
+/* bcal-ofb.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+*/
+
+
+#ifndef BCALOFB_H_
+#define BCALOFB_H_
+
+#include
+#include "bcal-basic.h"
+#include "blockcipher_descriptor.h"
+
+
+typedef struct{
+ bcdesc_t* desc;
+ bcgen_ctx_t cctx;
+ uint8_t* in_block;
+ uint8_t blocksize_B;
+} bcal_ofb_ctx_t;
+
+
+uint8_t bcal_ofb_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, bcal_ofb_ctx_t* ctx);
+void bcal_ofb_free(bcal_ofb_ctx_t* ctx);
+void bcal_ofb_loadIV(const void* iv, bcal_ofb_ctx_t* ctx);
+void bcal_ofb_encNext(void* block, bcal_ofb_ctx_t* ctx);
+void bcal_ofb_decNext(void* block, bcal_ofb_ctx_t* ctx);
+void bcal_ofb_encMsg(const void* iv, void* msg, uint32_t msg_len_b, bcal_ofb_ctx_t* ctx);
+void bcal_ofb_decMsg(const void* iv, void* msg, uint32_t msg_len_b, bcal_ofb_ctx_t* ctx);
+
+
+#endif /* BCALOFB_H_ */
diff --git a/bcal_aes128.c b/bcal_aes128.c
new file mode 100644
index 0000000..946d7a9
--- /dev/null
+++ b/bcal_aes128.c
@@ -0,0 +1,55 @@
+/* bcal_aes128.c */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+*/
+/**
+ * \file bcal_aes128.c
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2009-01-08
+ * \license GPLv3 or later
+ *
+ */
+
+#include
+#include
+#include "blockcipher_descriptor.h"
+#include "aes.h"
+#include "aes128_enc.h"
+#include "aes128_dec.h"
+#include "aes_keyschedule.h"
+#include "keysize_descriptor.h"
+
+const char aes128_str[] PROGMEM = "AES-128";
+
+const uint8_t aes128_keysize_desc[] PROGMEM = { KS_TYPE_LIST, 1, KS_INT(128),
+ KS_TYPE_TERMINATOR };
+
+const bcdesc_t aes128_desc PROGMEM = {
+ BCDESC_TYPE_BLOCKCIPHER,
+ BC_INIT_TYPE_1,
+ aes128_str,
+ sizeof(aes128_ctx_t),
+ 128,
+ {(void_fpt)aes128_init},
+ {(void_fpt)aes128_enc},
+ {(void_fpt)aes128_dec},
+ (bc_free_fpt)NULL,
+ aes128_keysize_desc
+};
+
+
diff --git a/bcal_aes128.h b/bcal_aes128.h
new file mode 100644
index 0000000..7257425
--- /dev/null
+++ b/bcal_aes128.h
@@ -0,0 +1,35 @@
+/* bcal_aes128.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+*/
+/**
+ * \file bcal_aes128.h
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2009-01-08
+ * \license GPLv3 or later
+ *
+ */
+
+#include
+#include "blockcipher_descriptor.h"
+#include "aes.h"
+#include "aes128_enc.h"
+#include "aes128_dec.h"
+#include "keysize_descriptor.h"
+
+extern const bcdesc_t aes128_desc;
diff --git a/bcal_aes192.c b/bcal_aes192.c
new file mode 100644
index 0000000..48f9954
--- /dev/null
+++ b/bcal_aes192.c
@@ -0,0 +1,55 @@
+/* bcal_aes192.c */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+*/
+/**
+ * \file bcal_aes192.c
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2009-01-08
+ * \license GPLv3 or later
+ *
+ */
+
+#include
+#include
+#include "blockcipher_descriptor.h"
+#include "aes.h"
+#include "aes192_enc.h"
+#include "aes192_dec.h"
+#include "aes_keyschedule.h"
+#include "keysize_descriptor.h"
+
+const char aes192_str[] PROGMEM = "AES-192";
+
+const uint8_t aes192_keysize_desc[] PROGMEM = { KS_TYPE_LIST, 1, KS_INT(192),
+ KS_TYPE_TERMINATOR };
+
+const bcdesc_t aes192_desc PROGMEM = {
+ BCDESC_TYPE_BLOCKCIPHER,
+ BC_INIT_TYPE_1,
+ aes192_str,
+ sizeof(aes192_ctx_t),
+ 128,
+ {(void_fpt)aes192_init},
+ {(void_fpt)aes192_enc},
+ {(void_fpt)aes192_dec},
+ (bc_free_fpt)NULL,
+ aes192_keysize_desc
+};
+
+
diff --git a/bcal_aes192.h b/bcal_aes192.h
new file mode 100644
index 0000000..cff8371
--- /dev/null
+++ b/bcal_aes192.h
@@ -0,0 +1,35 @@
+/* bcal_aes192.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+*/
+/**
+ * \file bcal_aes192.h
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2009-01-08
+ * \license GPLv3 or later
+ *
+ */
+
+#include
+#include "blockcipher_descriptor.h"
+#include "aes.h"
+#include "aes192_enc.h"
+#include "aes192_dec.h"
+#include "keysize_descriptor.h"
+
+extern const bcdesc_t aes192_desc;
diff --git a/bcal_aes256.c b/bcal_aes256.c
new file mode 100644
index 0000000..12f5665
--- /dev/null
+++ b/bcal_aes256.c
@@ -0,0 +1,55 @@
+/* bcal_aes256.c */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+*/
+/**
+ * \file bcal_aes256.c
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2009-01-08
+ * \license GPLv3 or later
+ *
+ */
+
+#include
+#include
+#include "blockcipher_descriptor.h"
+#include "aes.h"
+#include "aes256_enc.h"
+#include "aes256_dec.h"
+#include "aes_keyschedule.h"
+#include "keysize_descriptor.h"
+
+const char aes256_str[] PROGMEM = "AES-256";
+
+const uint8_t aes256_keysize_desc[] PROGMEM = { KS_TYPE_LIST, 1, KS_INT(256),
+ KS_TYPE_TERMINATOR };
+
+const bcdesc_t aes256_desc PROGMEM = {
+ BCDESC_TYPE_BLOCKCIPHER,
+ BC_INIT_TYPE_1,
+ aes256_str,
+ sizeof(aes256_ctx_t),
+ 128,
+ {(void_fpt)aes256_init},
+ {(void_fpt)aes256_enc},
+ {(void_fpt)aes256_dec},
+ (bc_free_fpt)NULL,
+ aes256_keysize_desc
+};
+
+
diff --git a/bcal_aes256.h b/bcal_aes256.h
new file mode 100644
index 0000000..19dbb50
--- /dev/null
+++ b/bcal_aes256.h
@@ -0,0 +1,35 @@
+/* bcal_aes256.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+*/
+/**
+ * \file bcal_aes256.h
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2009-01-08
+ * \license GPLv3 or later
+ *
+ */
+
+#include
+#include "blockcipher_descriptor.h"
+#include "aes.h"
+#include "aes256_enc.h"
+#include "aes256_dec.h"
+#include "keysize_descriptor.h"
+
+extern const bcdesc_t aes256_desc;
diff --git a/blockcipher_descriptor.h b/blockcipher_descriptor.h
new file mode 100644
index 0000000..1fbeab8
--- /dev/null
+++ b/blockcipher_descriptor.h
@@ -0,0 +1,99 @@
+/* blockcipher_descriptor.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+*/
+/**
+ * \file blockcipher_descriptor.h
+ * \author Daniel Otte
+ * \date 2009-02-04
+ *
+ * \license GPLv3 or later
+ *
+ */
+
+#ifndef BLOCKCIPHER_DESCRIPTOR_H_
+#define BLOCKCIPHER_DESCRIPTOR_H_
+#include
+#include
+
+
+#ifndef VOID_FPT
+#define VOID_FPT
+typedef void(*void_fpt)(void);
+#endif
+
+typedef void(*bc_init1_fpt)(void*, void*);
+typedef void(*bc_init2_fpt)(void*, uint16_t,void*);
+typedef void(*bc_enc1_fpt)(void*, void*);
+typedef void(*bc_enc2_fpt)(void*, void*, void*);
+typedef void(*bc_dec1_fpt)(void*, void*);
+typedef void(*bc_dec2_fpt)(void*, void*, void*);
+typedef void(*bc_free_fpt)(void*);
+
+typedef union{
+ void_fpt initvoid;
+ bc_init1_fpt init1;
+ bc_init2_fpt init2;
+} bc_init_fpt;
+
+typedef union{
+ void_fpt encvoid;
+ bc_enc1_fpt enc1;
+ bc_enc2_fpt enc2;
+} bc_enc_fpt;
+
+typedef union{
+ void_fpt decvoid;
+ bc_dec1_fpt dec1;
+ bc_dec2_fpt dec2;
+} bc_dec_fpt;
+
+#define BC_INIT_TYPE 0x01
+#define BC_INIT_TYPE_1 0x00 /* for fix keylength */
+#define BC_INIT_TYPE_2 0x01 /* keylength is passed as second parameter */
+
+#define BC_ENC_TYPE 0x02
+#define BC_ENC_TYPE_1 0x00
+#define BC_ENC_TYPE_2 0x02
+#
+#define BC_DEC_TYPE 0x04
+#define BC_DEC_TYPE_1 0x00
+#define BC_DEC_TYPE_2 0x04
+
+#define BCDESC_TYPE_BLOCKCIPHER 0x01
+
+typedef struct {
+ uint8_t type; /* 1==blockcipher */
+ uint8_t flags;
+ PGM_P name;
+ uint16_t ctxsize_B;
+ uint16_t blocksize_b;
+ bc_init_fpt init;
+ bc_enc_fpt enc;
+ bc_dec_fpt dec;
+ bc_free_fpt free;
+ PGM_VOID_P valid_keysize_desc;
+} bcdesc_t; /* blockcipher descriptor type */
+
+typedef struct{
+ bcdesc_t* desc_ptr;
+ uint16_t keysize;
+ void* ctx;
+} bcgen_ctx_t;
+
+#endif /* BLOCKCIPHER_DESCRIPTOR_H_ */
+
diff --git a/cryptolib.c b/cryptolib.c
new file mode 100644
index 0000000..e1acea5
--- /dev/null
+++ b/cryptolib.c
@@ -0,0 +1,10 @@
+#include "cryptolib.h"
+#include
+#include "aes.h"
+#include "bcal_aes128.h"
+#include "bcal-cbc.h"
+
+
+void aes128_encrypt(uint8_t* key, uint8_t* iv, uint8_t* data, uint32_t data_len) {
+
+}
diff --git a/cryptolib.h b/cryptolib.h
new file mode 100644
index 0000000..663f450
--- /dev/null
+++ b/cryptolib.h
@@ -0,0 +1,6 @@
+#ifndef CRYPTOLIB_H
+#define CRYPTOLIB_H
+#include
+void aes128_encrypt(uint8_t* key, uint8_t* iv, uint8_t* data, uint32_t data_len);
+
+#endif
diff --git a/gf256mul.S b/gf256mul.S
new file mode 100644
index 0000000..b269d3a
--- /dev/null
+++ b/gf256mul.S
@@ -0,0 +1,82 @@
+/* gf256mul.S */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+*/
+
+/*
+ * File: gf256mul.S
+ * Author: Daniel Otte
+ * Date: 2008-12-19
+ * License: GPLv3 or later
+ * Description: peasant's algorithm for multiplication in GF(2^8)
+ *
+ */
+
+#include
+#define OPTIMIZE_SMALL_A
+
+/*
+ * param a: r24
+ * param b: r22
+ * param reducer: r20
+ */
+A = 23
+B = 22
+P = 24
+.global gf256mul
+
+#ifdef OPTIMIZE_SMALL_A
+gf256mul:
+ mov A, r24
+ clr r24
+1:
+ lsr A
+ breq 4f
+ brcc 2f
+ eor P, B
+2:
+ lsl B
+ brcc 3f
+ eor B, r20
+3:
+ rjmp 1b
+4:
+ brcc 2f
+ eor P, B
+2:
+ ret
+
+#else
+
+gf256mul:
+ mov r21, r24
+ clr r24
+ ldi r25, 8
+1:
+ lsr A
+ brcc 2f
+ eor P, B
+2:
+ lsl B
+ brcc 3f
+ eor B, r20
+3:
+ dec r25
+ brne 1b
+ ret
+
+#endif
diff --git a/gf256mul.h b/gf256mul.h
new file mode 100644
index 0000000..87f1cb3
--- /dev/null
+++ b/gf256mul.h
@@ -0,0 +1,37 @@
+/* gf256mul.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+*/
+#ifndef GF256MUL_H_
+#define GF256MUL_H_
+
+/**
+ * \author Daniel Otte
+ * \email daniel.otte@rub.de
+ * \date 2008-12-19
+ * \license GPLv3
+ * \brief
+ *
+ *
+ */
+
+#include
+
+uint8_t gf256mul(uint8_t a, uint8_t b, uint8_t reducer);
+
+#endif /* GF256MUL_H_ */
+
diff --git a/keysize_descriptor.c b/keysize_descriptor.c
new file mode 100644
index 0000000..d78ed03
--- /dev/null
+++ b/keysize_descriptor.c
@@ -0,0 +1,161 @@
+/* keysize_descriptor.c */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+*/
+/**
+ * \file keysize_descriptor.c
+ * \author Daniel Otte
+ * \email daniel.otte@rub.de
+ * \date 2009-01-07
+ * \license GPLv3 or later
+ */
+
+#include
+#include
+#include
+#include "keysize_descriptor.h"
+
+uint8_t is_valid_keysize_P(PGM_VOID_P ks_desc, uint16_t keysize){
+ uint8_t type;
+ type = pgm_read_byte(ks_desc++);
+ if(type==KS_TYPE_TERMINATOR)
+ return 0;
+ if(type==KS_TYPE_LIST){
+ uint8_t items;
+ uint16_t item;
+ items = pgm_read_byte(ks_desc++);
+ while(items--){
+ item = pgm_read_word(ks_desc);
+ ks_desc = (uint8_t*)ks_desc + 2;
+ if(item==keysize)
+ return 1;
+ }
+ ks_desc = (uint8_t*)ks_desc - 2;
+ }
+ if(type==KS_TYPE_RANGE){
+ uint16_t max, min;
+ min = pgm_read_word(ks_desc);
+ ks_desc = (uint8_t*)ks_desc + 2;
+ max = pgm_read_word(ks_desc);
+ if(min<=keysize && keysize<=max)
+ return 1;
+ }
+ if(type==KS_TYPE_ARG_RANGE){
+ uint16_t max, min, dist, offset;
+ min = pgm_read_word(ks_desc);
+ ks_desc = (uint8_t*)ks_desc + 2;
+ max = pgm_read_word(ks_desc);
+ ks_desc = (uint8_t*)ks_desc + 2;
+ dist = pgm_read_word(ks_desc);
+ ks_desc = (uint8_t*)ks_desc + 2;
+ offset = pgm_read_word(ks_desc);
+ if(min<=keysize && keysize<=max && (keysize%dist==offset))
+ return 1;
+ }
+ if(type>KS_TYPE_ARG_RANGE){
+ /* bad error, you may insert a big warning message here */
+ return 0;
+ }
+ return is_valid_keysize_P((uint8_t*)ks_desc+1, keysize); /* search the next record */
+}
+
+uint16_t get_keysize(PGM_VOID_P ks_desc){
+ uint8_t type;
+ uint16_t keysize;
+ type = pgm_read_byte(ks_desc);
+ if(type==KS_TYPE_LIST){
+ ks_desc = (uint8_t*)ks_desc + 1;
+ }
+ ks_desc = (uint8_t*)ks_desc + 1;
+ keysize = pgm_read_word(ks_desc);
+ return keysize;
+}
+
+uint16_t get_keysizes(PGM_VOID_P ks_desc, uint16_t** list){
+ uint8_t type;
+ uint16_t items;
+ uint8_t i;
+ type = pgm_read_byte(ks_desc);
+ ks_desc = (uint8_t*)ks_desc + 1;
+ if(type==KS_TYPE_LIST){
+ items = pgm_read_byte(ks_desc);
+ ks_desc = (uint8_t*)ks_desc + 1;
+ if(!*list){
+ *list = malloc(items*2);
+ if(!*list){
+ return 0;
+ }
+ }
+ for(i=0; i.
+*/
+/**
+ * \file keysize_descriptor.h
+ * \author Daniel Otte
+ * \email daniel.otte@rub.de
+ * \date 2009-01-07
+ * \license GPLv3 or later
+ */
+
+#ifndef KEYSIZE_DESCRIPTOR_H_
+#define KEYSIZE_DESCRIPTOR_H_
+
+#include
+#include
+
+#define KS_TYPE_TERMINATOR 0x00
+#define KS_TYPE_LIST 0x01
+#define KS_TYPE_RANGE 0x02
+#define KS_TYPE_ARG_RANGE 0x03
+
+#define KS_INT(a) ((a)&0xFF), ((a)>>8)
+
+typedef struct{ /* keysize is valid if listed in items */
+ uint8_t n_items; /* number of items (value 0 is reserved) */
+ uint16_t items[]; /* list of valid lengths */
+}keysize_desc_list_t;
+
+typedef struct{ /* keysize is valid if min<=keysize<=max */
+ uint16_t min;
+ uint16_t max;
+}keysize_desc_range_t;
+
+typedef struct{ /* keysize is valid if min<=keysize<=max and if keysize mod distance == offset */
+ uint16_t min;
+ uint16_t max;
+ uint16_t distance;
+ uint16_t offset;
+}keysize_desc_arg_range_t;
+
+uint8_t is_valid_keysize_P(PGM_VOID_P ks_desc, uint16_t keysize);
+uint16_t get_keysize(PGM_VOID_P ks_desc);
+uint16_t get_keysizes(PGM_VOID_P ks_desc, uint16_t** list);
+
+
+#endif /* KEYSIZE_DESCRIPTOR_H_ */
diff --git a/memxor.S b/memxor.S
new file mode 100644
index 0000000..a32058b
--- /dev/null
+++ b/memxor.S
@@ -0,0 +1,66 @@
+/* memxor.S */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+*/
+
+/*
+ * File: memxor.S
+ * Author: Daniel Otte
+ * Date: 2008-08-07
+ * License: GPLv3 or later
+ * Description: memxor, XORing one block into another
+ *
+ */
+
+/*
+ * void memxor(void* dest, const void* src, uint16_t n);
+ */
+ /*
+ * param dest is passed in r24:r25
+ * param src is passed in r22:r23
+ * param n is passed in r20:r21
+ */
+.global memxor
+memxor:
+ movw r30, r24
+ movw r26, r22
+ movw r24, r20
+ adiw r24, 0
+ breq 2f
+1:
+ ld r20, X+
+ ld r21, Z
+ eor r20, r21
+ st Z+, r20
+ sbiw r24, 1
+ brne 1b
+2:
+ ret
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/memxor.h b/memxor.h
new file mode 100644
index 0000000..4c0cc3d
--- /dev/null
+++ b/memxor.h
@@ -0,0 +1,9 @@
+#ifndef MEMXOR_H_
+#define MEMXOR_H_
+#include
+
+void memxor(void* dest, const void* src, uint16_t n);
+void memxor_P(void* dest, const void* src, uint16_t n);
+
+
+#endif