About AES
AES (Advanced Encryption Standard) is a subset of the Rijndael encryption algorithm (limited to a block size of 128 bit). AES was announced by National Institute of Standards and Technology (NIST) as U.S. standard
FIPS PUB 197 (FIPS 197) on November 26, 2001 after a 5-year standardization process in which fifteen competing designs were presented and evaluated before Rijndael was selected as the most suitable (see Advanced Encryption Standard process for more details). It became effective as a standard May 26, 2002. As of 2009, AES is one of the most popular algorithms used in symmetric key cryptography.
For our implementation we use the optimizations for 8-Bit CPUs presented in
http://gladman.plushost.co.uk/oldsite/cryptography_technology/rijndael/aes.spec.v316.pdf.
You may be also interested in the
Wikipedia article on AES.
Implementation files
AES in C
The C implementation consists of multiple files:
- aes.h: general AES declarations, used for de- and encryption (this file includes all others)
- aes_types.h: declaration of types for round-key handling
- aes_enc.c, aes_enc.h: AES encryption functions, not used for decryption
- aes_dec.c, aes_dec.h: AES decryption functions, not used for encryption
- aes_sbox.c, aes_sbox.h: AES encryption sbox, not used for decryption
- aes_invsbox.c, aes_invsbox.h: AES decryption sbox, not used for encryption
- aes_keyschedule.c, aes_keyschedule.h: AES keyschedule generator, used for producing the roundkeys for de- and encryption
- gf256mul.S, gf256mul.h: implements multiplication in GF(28), used for de- and encryption
- aes128_enc.c, aes128_enc.h: functions for 128 bit key encryption, only used for 128 bit encryption
- aes128_dec.c, aes128_dec.h: functions for 128 bit key decryption, only used for 128 bit decryption
- aes192_enc.c, aes192_enc.h: functions for 192 bit key encryption, only used for 192 bit encryption
- aes192_dec.c, aes192_dec.h: functions for 192 bit key decryption, only used for 192 bit decryption
- aes256_enc.c, aes256_enc.h: functions for 256 bit key encryption, only used for 256 bit encryption
- aes256_dec.c, aes256_dec.h: functions for 256 bit key decryption, only used for 256 bit decryption
As you can see, the AES implementation is split up in many small pieces, which allows you to reduce the required flash size.
AES in ASM
Interface
Items
The interface to our AES implementation consits of the following items:
Example
#include
#include "aes.h"
...
/* a sample key, key must be located in RAM */
uint8_t key[] = { 0x01, 0x23, 0x45, 0x67,
0x89, 0xAB, 0xCD, OxEF,
0x01, 0x23, 0x45, 0x67,
0x89, 0xAB, 0xCD, OxEF };
/* sample data, you can encrypt what you want but keep in mind that only 128 bits (not less not more) get encrypted*/
uint8_t data[] = { 0x01, 0x02, 0x03, 0x04,
0x05, 0x06, 0x07, 0x08,
0x09, 0x0A, 0x0B, 0x0C,
0x0D, 0x0E, 0x0F, 0x00 };
aes128_ctx_t ctx; /* the context where the round keys are stored */
aes128_init(key, &ctx); /* generating the round keys from the 128 bit key */
aes128_enc(data, &ctx); /* encrypting the data block */
...
aes128_dec(data, &ctx); /* decrypting the data block */
...
Component weight (flash size)
C implementation
| size (bytes) | component | req. for encryption | req. for decryption | req. for 128 bit | req. for 192 bit | req. for 256 bit |
| 652 | aes_enc.o | x | o | x | x | x |
| 834 | aes_dec.o | o | x | x | x | x |
| 256 | aes_sbox.o | x | o | x | x | x |
| 256 | aes_invsbox.o | o | x | x | x | x |
| 486 | aes_keyschedule.o | x | x | x | x | x |
| 26 | gf256mul.o | x | x | x | x | x |
| 8 | aes128_enc.o | x | o | x | x | x |
| 8 | aes128_dec.o | o | x | x | x | x |
| 8 | aes192_enc.o | x | o | o | x | o |
| 8 | aes192_dec.o | o | x | o | x | o |
| 8 | aes256_enc.o | x | o | o | o | x |
| 8 | aes256_dec.o | o | x | o | o | x |
ASM implementation
| size (bytes) | component | req. for encryption | req. for decryption |
| 550 | aes_enc-asm.o | x | o |
| 770 | aes_dec-asm.o | o | x (alt. aes_dec-asm_faster.o) |
| 1280 | aes_dec-asm_faster.o | o | x (alt. aes_dec-asm.o ) |
| 256 | aes_sbox-asm.o | x | o |
| 256 | aes_invsbox-asm.o | o | x |
| 238 | aes_keyschedule-asm.o | x | x |
Component speed
C implementation
| function | clock cycles |
| init (128 bit) | 4632 |
| init (192 bit) | 5082 |
| init (256 bit) | 6161 |
| enc (128 bit) | 21279 |
| enc (192 bit) | 25724 |
| enc (256 bit) | 30174 |
| dec (128 bit) | 39340 |
| dec (192 bit) | 47799 |
| dec (256 bit) | 56253 |
ASM implementation
| function | clock cycles |
| init (128 bit) | 2039 |
| init (192 bit) | 2267 |
| init (256 bit) | 2852 |
| enc (128 bit) | 2555 |
| enc (192 bit) | 3039 |
| enc (256 bit) | 3521 |
| dec (128 bit) | 6764 |
| dec (192 bit) | 8164 |
| dec (256 bit) | 9562 |
fast decryption
| function | clock cycles |
| dec (128 bit) | 3193 |
| dec (192 bit) | 3819 |
| dec (256 bit) | 4443 |
댓글 없음:
댓글 쓰기