Update to also support AES-192 and AES-256.

2025-02-20 09:28:57 +00:00 · 2017-06-27 01:36:56 -05:00 · 2017-06-27 01:36:56 -05:00 · 4314644e75
commit 4314644e75
parent 293828584f
4 changed files with 293 additions and 93 deletions
--- a/aes.asm
+++ b/aes.asm
@ -166,16 +166,19 @@ XtimeE	anop
 	dc h'd7 d9 cb c5 ef e1 f3 fd a7 a9 bb b5 9f 91 83 8d'

 Rcon	anop
-	dc h'01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00'
-	dc h'02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00'
-	dc h'04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00'
-	dc h'08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00'
-	dc h'10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00'
+	dc h'01 01 01 00 00 00 00 00 00 00 00 00 00 00 00 00'
+	dc h'02 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00'
+	dc h'04 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00'
+	dc h'08 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00'
+	dc h'10 00 04 00 00 00 00 00 00 08 00 00 00 00 00 00'
 	dc h'20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00'
-	dc h'40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00'
-	dc h'80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00'
-	dc h'1b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00'
-	dc h'36 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00'
+	dc h'40 10 08 00 00 00 00 00 00 00 00 00 00 00 00 00'
+	dc h'80 00 00 00 00 00 00 00 00 20 00 00 00 00 00 00'
+	dc h'1b 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00'
+	dc h'36 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00'
+	dc h'6c 00 20 00 00 00 00 00 00 80 00 00 00 00 00 00'
+	dc h'd8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00'
+	dc h'ab 1b 40'
 	end

 state1	gequ	0
@ -183,101 +186,104 @@ state2	gequ	16
 keysize	gequ	32
 rk	gequ	33

+* Constants used for keysize
+keysize_128 gequ 0
+keysize_192 gequ 64
+keysize_256 gequ 128
+

 * Callable from C, with state structure pointer on stack.
 aes_expandkey128 start
-	phb
-	plx
-	ply
-	tdc
-	pld
-	plb
-	plb
-	phy
-	phx
-	plb
-	pha
-	jsl	ExpandKey128
-	pld
-	rtl
+	CFunction ExpandKey128
 	end

+aes_expandkey192 start
+	CFunction ExpandKey192
+	end
+
+aes_expandkey256 start
+	CFunction ExpandKey256
+	end

 * Call with DP = AES state structure (with key expanded),
-*           DP = bank containing AES tables.
+*           DB = bank containing AES tables.
 ExpandKey128 start
 	using	tables

+	stz	keysize-1		;keysize_128
+	
 	ldx	#16
 	clc

 top	anop
-	ShortRegs
-	
-	ldy	rk-3,x
-	lda	Sbox,y
-	eor	Rcon-16,x
-	eor	rk-16,x
-	sta	rk,x
-	
-	ldy	rk-2,x
-	lda	Sbox,y
-	eor	rk+1-16,x
-	sta	rk+1,x
-	
-	ldy	rk-1,x
-	lda	Sbox,y
-	eor	rk+2-16,x
-	sta	rk+2,x
-	
-	ldy	rk-4,x
-	lda	Sbox,y
-	eor	rk+3-16,x
-	sta	rk+3,x
-
-	LongRegs
-
-	lda	rk+0,x
-	eor	rk+0+4-16,x
-	sta	rk+0+4,x
-	eor	rk+4+4-16,x
-	sta	rk+4+4,x
-	eor	rk+8+4-16,x
-	sta	rk+8+4,x
-	
-	lda	rk+2,x
-	eor	rk+2+4-16,x
-	sta	rk+2+4,x
-	eor	rk+6+4-16,x
-	sta	rk+6+4,x
-	eor	rk+10+4-16,x
-	sta	rk+10+4,x
+	ExpandKeyCore 16,0
+	ExpandKeyIter 16,3

 	txa
 	adc	#16
 	tax
-	cmp	#16*12
+	cmp	#16*11
 	blt	top
 	rtl
 	end


+ExpandKey192 start
+	using	tables
+
+	lda	#keysize_192|8
+	sta	keysize-1
+
+	ldx	#24
+	clc
+
+top	anop
+	ExpandKeyCore 24,1
+	ExpandKeyIter 24,5
+
+	txa
+	adc	#24
+	tax
+	cmp	#16*13
+	blt	top
+	rtl
+	end
+
+
+ExpandKey256 start
+	using	tables
+	
+	lda	#keysize_256|8
+	sta	keysize-1
+
+	ldx	#32
+	clc
+
+top	anop
+	ExpandKeyCore 32,2
+	ExpandKeyIter 32,3
+
+	txa
+	adc	#16
+	tax
+	cmp	#16*15
+	bge	done
+
+	ExpandKeySubst 32,2
+	ExpandKeyIter 32,3
+
+	txa
+	adc	#16
+	tax
+	brl	top
+
+done	rtl
+	end
+
+
 * Callable from C, with state structure pointer on stack.
 aes_encrypt start
-	phb
-	plx
-	ply
-	tdc
-	pld
-	plb
-	plb
-	phy
-	phx
-	plb
-	pha
-	jsl	AES_ENCRYPT
-	pld
-	rtl
+	CFunction AES_ENCRYPT
 	end


@ -299,12 +305,33 @@ AES_ENCRYPT start
 	NormalRound 7
 	NormalRound 8
 	NormalRound 9
-
-	FinalRound 10
 	
-	LongRegs
+	lda	keysize
+	bne	cont1
+	jmp	finish_aes128

+cont1	NormalRound 10
+	NormalRound 11
+
+	lda	keysize
+	bmi	cont2
+	jmp	finish_aes192
+	
+cont2	NormalRound 12
+	NormalRound 13
+
+finish_aes256 anop
+	FinalRound 14
+	LongRegs
+	rtl
+
+finish_aes192 anop
+	FinalRound 12
+	LongRegs
+	rtl
+
+finish_aes128 anop
+	FinalRound 10
+	LongRegs
 	rtl
 	end
-
-
--- a/aes.h
+++ b/aes.h
@ -1,12 +1,13 @@
-enum aes_keysize {aes_keysize_128=0, aes_keysize_192=64, aes_keysize_256=128};
-
 struct aes_state {
 	unsigned char data[16];
-	unsigned char reserved[16];
-	unsigned char keysize;
-	unsigned char key[16*15];
+	unsigned char reserved1[17];
+	unsigned char key[32];
+	unsigned char reserved2[16*13];
 };

 /* state must be in bank 0, preferably page-aligned. */
 void aes_expandkey128(struct aes_state *state);
+void aes_expandkey192(struct aes_state *state);
+void aes_expandkey256(struct aes_state *state);
+
 void aes_encrypt(struct aes_state *state);
--- a/aes.macros
+++ b/aes.macros
@ -1,3 +1,105 @@
+* This makes a function wrapper that is callable from C,
+* taking a pointer to the state structure as its argument.
+	macro
+	CFunction &fn
+	phb
+	plx
+	ply
+	tdc
+	pld
+	plb
+	plb
+	phy
+	phx
+	plb
+	pha
+	jsl	&fn
+	pld
+	rtl
+	mend
+
+
+	macro
+	ExpandKeyCore &xorback,&rconoffset
+
+	ShortRegs
+	
+	ldy	rk-3,x
+	lda	Sbox,y
+	eor	Rcon-&xorback+&rconoffset,x
+	eor	rk-&xorback,x
+	sta	rk,x
+	
+	ldy	rk-2,x
+	lda	Sbox,y
+	eor	rk+1-&xorback,x
+	sta	rk+1,x
+	
+	ldy	rk-1,x
+	lda	Sbox,y
+	eor	rk+2-&xorback,x
+	sta	rk+2,x
+	
+	ldy	rk-4,x
+	lda	Sbox,y
+	eor	rk+3-&xorback,x
+	sta	rk+3,x
+
+	LongRegs
+
+	mend
+
+* Secondary substitution step used when expanding AES-256 keys
+	macro
+	ExpandKeySubst &xorback,&rconoffset
+
+	ShortRegs
+	
+	ldy	rk-4,x
+	lda	Sbox,y
+	eor	rk-&xorback,x
+	sta	rk,x
+	
+	ldy	rk+1-4,x
+	lda	Sbox,y
+	eor	rk+1-&xorback,x
+	sta	rk+1,x
+	
+	ldy	rk+2-4,x
+	lda	Sbox,y
+	eor	rk+2-&xorback,x
+	sta	rk+2,x
+	
+	ldy	rk+3-4,x
+	lda	Sbox,y
+	eor	rk+3-&xorback,x
+	sta	rk+3,x
+
+	LongRegs
+
+	mend
+
+
+	macro
+	ExpandKeyIter &xorback,&nwords
+	lcla	&i
+	lda	rk,x
+.loop1
+	eor	rk+&i+4-&xorback,x
+	sta	rk+&i+4,x
+&i	seta	&i+4
+	aif	&i/4<&nwords,.loop1
+
+&i	seta	2
+	lda	rk+2,x
+.loop2
+	eor	rk+&i+4-&xorback,x
+	sta	rk+&i+4,x
+&i	seta	&i+4
+	aif	&i/4<&nwords,.loop2
+	mend
+
+
 	macro
 	AddInitialRoundKey
 	lcla	&i
@ -11,8 +113,8 @@


 	macro
-	NormalRound &round
-
+&lbl	NormalRound &round
+&lbl	anop
 	aif	&round/2*2=&round,.evenround
 	MixColumn 0,0,5,10,15,state1,state2
 	MixColumn 4,4,9,14,3,state1,state2
@ -68,7 +170,13 @@
 	eor	Xtime3Sbox,X
 	ldy	&state+&D
 	eor	Xtime2Sbox,Y
+	aif	(rk+&round*16+&i+3)>255,.bigindex
 	eor	rk+&round*16+&i+3
+	ago	.cont
+.bigindex
+	ldx	#&round*16+&i+3
+	eor	rk,X
+.cont
 	sta	&out+&i+3
 	aif	&i<>12,.skip2
 	tay
@ -109,7 +217,13 @@
 	ldy	state2+&from
 .skip
 	lda	Sbox,Y
+	aif	(rk+&round*16+&to)>255,.bigindex
 	eor	rk+&round*16+&to
+	ago	.cont
+.bigindex
+	ldx	#&round*16+&to
+	eor	rk,X
+.cont
 	sta	state1+&to

 	mend
--- a/aestest.c
+++ b/aestest.c
@ -12,12 +12,11 @@ void print_hexbytes(char *prefix, unsigned char *data, unsigned int n) {
    printf("\n");
 }

-int main(void) {
+void aes128_test(void) {
    int i;
    struct aes_state aes_state = {
        {0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xaa,0xbb,0xcc,0xdd,0xee,0xff},
        {0},
-        aes_keysize_128,
        {0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f}
    };
    
@ -35,3 +34,62 @@ int main(void) {
    
    print_hexbytes("Output:       ", aes_state.data, 16);
 }
+
+void aes192_test(void) {
+    int i;
+    struct aes_state aes_state = {
+        {0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xaa,0xbb,0xcc,0xdd,0xee,0xff},
+        {0},
+        {0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,
+	 0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17}
+    };
+    
+    print_hexbytes("Input:        ", aes_state.data, 16);
+    print_hexbytes("Key:          ", aes_state.key, 24);
+    
+    aes_expandkey192(&aes_state);
+    
+    for (i = 1; i <= 12; i++) {
+        printf("Round key %2i: ", i);
+        print_hexbytes("", aes_state.key + i*16, 16);
+    }
+    
+    aes_encrypt(&aes_state);
+    
+    print_hexbytes("Output:       ", aes_state.data, 16);
+}
+
+void aes256_test(void) {
+    int i;
+    struct aes_state aes_state = {
+        {0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xaa,0xbb,0xcc,0xdd,0xee,0xff},
+        {0},
+        {0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,
+	 0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f}
+    };
+    
+    print_hexbytes("Input:        ", aes_state.data, 16);
+    print_hexbytes("Key:          ", aes_state.key, 32);
+    
+    aes_expandkey256(&aes_state);
+    
+    for (i = 1; i <= 14; i++) {
+        printf("Round key %2i: ", i);
+        print_hexbytes("", aes_state.key + i*16, 16);
+    }
+    
+    aes_encrypt(&aes_state);
+    
+    print_hexbytes("Output:       ", aes_state.data, 16);
+}
+
+int main(void) {
+	printf("AES-128 test:\n");
+	aes128_test();
+	
+	printf("AES-192 test:\n");
+	aes192_test();
+
+	printf("AES-256 test:\n");
+	aes256_test();
+}