Initial working implementation of AES-128 encryption.

aes.asm

@@ -0,0 +1,315 @@
+	case	on
+	mcopy	aes.macros
+
+	align	256
+tables	privdata
+Sbox	anop		; forward s-box
+	dc h'63 7c 77 7b f2 6b 6f c5 30 01 67 2b fe d7 ab 76'
+	dc h'ca 82 c9 7d fa 59 47 f0 ad d4 a2 af 9c a4 72 c0'
+	dc h'b7 fd 93 26 36 3f f7 cc 34 a5 e5 f1 71 d8 31 15'
+	dc h'04 c7 23 c3 18 96 05 9a 07 12 80 e2 eb 27 b2 75'
+	dc h'09 83 2c 1a 1b 6e 5a a0 52 3b d6 b3 29 e3 2f 84'
+	dc h'53 d1 00 ed 20 fc b1 5b 6a cb be 39 4a 4c 58 cf'
+	dc h'd0 ef aa fb 43 4d 33 85 45 f9 02 7f 50 3c 9f a8'
+	dc h'51 a3 40 8f 92 9d 38 f5 bc b6 da 21 10 ff f3 d2'
+	dc h'cd 0c 13 ec 5f 97 44 17 c4 a7 7e 3d 64 5d 19 73'
+	dc h'60 81 4f dc 22 2a 90 88 46 ee b8 14 de 5e 0b db'
+	dc h'e0 32 3a 0a 49 06 24 5c c2 d3 ac 62 91 95 e4 79'
+	dc h'e7 c8 37 6d 8d d5 4e a9 6c 56 f4 ea 65 7a ae 08'
+	dc h'ba 78 25 2e 1c a6 b4 c6 e8 dd 74 1f 4b bd 8b 8a'
+	dc h'70 3e b5 66 48 03 f6 0e 61 35 57 b9 86 c1 1d 9e'
+	dc h'e1 f8 98 11 69 d9 8e 94 9b 1e 87 e9 ce 55 28 df'
+	dc h'8c a1 89 0d bf e6 42 68 41 99 2d 0f b0 54 bb 16'
+
+InvSbox	anop		; inverse s-box
+	dc h'52 09 6a d5 30 36 a5 38 bf 40 a3 9e 81 f3 d7 fb'
+	dc h'7c e3 39 82 9b 2f ff 87 34 8e 43 44 c4 de e9 cb'
+	dc h'54 7b 94 32 a6 c2 23 3d ee 4c 95 0b 42 fa c3 4e'
+	dc h'08 2e a1 66 28 d9 24 b2 76 5b a2 49 6d 8b d1 25'
+	dc h'72 f8 f6 64 86 68 98 16 d4 a4 5c cc 5d 65 b6 92'
+	dc h'6c 70 48 50 fd ed b9 da 5e 15 46 57 a7 8d 9d 84'
+	dc h'90 d8 ab 00 8c bc d3 0a f7 e4 58 05 b8 b3 45 06'
+	dc h'd0 2c 1e 8f ca 3f 0f 02 c1 af bd 03 01 13 8a 6b'
+	dc h'3a 91 11 41 4f 67 dc ea 97 f2 cf ce f0 b4 e6 73'
+	dc h'96 ac 74 22 e7 ad 35 85 e2 f9 37 e8 1c 75 df 6e'
+	dc h'47 f1 1a 71 1d 29 c5 89 6f b7 62 0e aa 18 be 1b'
+	dc h'fc 56 3e 4b c6 d2 79 20 9a db c0 fe 78 cd 5a f4'
+	dc h'1f dd a8 33 88 07 c7 31 b1 12 10 59 27 80 ec 5f'
+	dc h'60 51 7f a9 19 b5 4a 0d 2d e5 7a 9f 93 c9 9c ef'
+	dc h'a0 e0 3b 4d ae 2a f5 b0 c8 eb bb 3c 83 53 99 61'
+	dc h'17 2b 04 7e ba 77 d6 26 e1 69 14 63 55 21 0c 7d'
+
+Xtime2Sbox anop		; combined Xtimes2[Sbox[]]
+	dc h'c6 f8 ee f6 ff d6 de 91 60 02 ce 56 e7 b5 4d ec'
+	dc h'8f 1f 89 fa ef b2 8e fb 41 b3 5f 45 23 53 e4 9b'
+	dc h'75 e1 3d 4c 6c 7e f5 83 68 51 d1 f9 e2 ab 62 2a'
+	dc h'08 95 46 9d 30 37 0a 2f 0e 24 1b df cd 4e 7f ea'
+	dc h'12 1d 58 34 36 dc b4 5b a4 76 b7 7d 52 dd 5e 13'
+	dc h'a6 b9 00 c1 40 e3 79 b6 d4 8d 67 72 94 98 b0 85'
+	dc h'bb c5 4f ed 86 9a 66 11 8a e9 04 fe a0 78 25 4b'
+	dc h'a2 5d 80 05 3f 21 70 f1 63 77 af 42 20 e5 fd bf'
+	dc h'81 18 26 c3 be 35 88 2e 93 55 fc 7a c8 ba 32 e6'
+	dc h'c0 19 9e a3 44 54 3b 0b 8c c7 6b 28 a7 bc 16 ad'
+	dc h'db 64 74 14 92 0c 48 b8 9f bd 43 c4 39 31 d3 f2'
+	dc h'd5 8b 6e da 01 b1 9c 49 d8 ac f3 cf ca f4 47 10'
+	dc h'6f f0 4a 5c 38 57 73 97 cb a1 e8 3e 96 61 0d 0f'
+	dc h'e0 7c 71 cc 90 06 f7 1c c2 6a ae 69 17 99 3a 27'
+	dc h'd9 eb 2b 22 d2 a9 07 33 2d 3c 15 c9 87 aa 50 a5'
+	dc h'03 59 09 1a 65 d7 84 d0 82 29 5a 1e 7b a8 6d 2c'
+
+Xtime3Sbox anop		; combined Xtimes3[Sbox[]]
+	dc h'a5 84 99 8d 0d bd b1 54 50 03 a9 7d 19 62 e6 9a'
+	dc h'45 9d 40 87 15 eb c9 0b ec 67 fd ea bf f7 96 5b'
+	dc h'c2 1c ae 6a 5a 41 02 4f 5c f4 34 08 93 73 53 3f'
+	dc h'0c 52 65 5e 28 a1 0f b5 09 36 9b 3d 26 69 cd 9f'
+	dc h'1b 9e 74 2e 2d b2 ee fb f6 4d 61 ce 7b 3e 71 97'
+	dc h'f5 68 00 2c 60 1f c8 ed be 46 d9 4b de d4 e8 4a'
+	dc h'6b 2a e5 16 c5 d7 55 94 cf 10 06 81 f0 44 ba e3'
+	dc h'f3 fe c0 8a ad bc 48 04 df c1 75 63 30 1a 0e 6d'
+	dc h'4c 14 35 2f e1 a2 cc 39 57 f2 82 47 ac e7 2b 95'
+	dc h'a0 98 d1 7f 66 7e ab 83 ca 29 d3 3c 79 e2 1d 76'
+	dc h'3b 56 4e 1e db 0a 6c e4 5d 6e ef a6 a8 a4 37 8b'
+	dc h'32 43 59 b7 8c 64 d2 e0 b4 fa 07 25 af 8e e9 18'
+	dc h'd5 88 6f 72 24 f1 c7 51 23 7c 9c 21 dd dc 86 85'
+	dc h'90 42 c4 aa d8 05 01 12 a3 5f f9 d0 91 58 27 b9'
+	dc h'38 13 b3 33 bb 70 89 a7 b6 22 92 20 49 ff 78 7a'
+	dc h'8f f8 80 17 da 31 c6 b8 c3 b0 77 11 cb fc d6 3a'
+
+;Xtime2	anop
+;	dc h'00 02 04 06 08 0a 0c 0e 10 12 14 16 18 1a 1c 1e'
+;	dc h'20 22 24 26 28 2a 2c 2e 30 32 34 36 38 3a 3c 3e'
+;	dc h'40 42 44 46 48 4a 4c 4e 50 52 54 56 58 5a 5c 5e'
+;	dc h'60 62 64 66 68 6a 6c 6e 70 72 74 76 78 7a 7c 7e'
+;	dc h'80 82 84 86 88 8a 8c 8e 90 92 94 96 98 9a 9c 9e'
+;	dc h'a0 a2 a4 a6 a8 aa ac ae b0 b2 b4 b6 b8 ba bc be'
+;	dc h'c0 c2 c4 c6 c8 ca cc ce d0 d2 d4 d6 d8 da dc de'
+;	dc h'e0 e2 e4 e6 e8 ea ec ee f0 f2 f4 f6 f8 fa fc fe'
+;	dc h'1b 19 1f 1d 13 11 17 15 0b 09 0f 0d 03 01 07 05'
+;	dc h'3b 39 3f 3d 33 31 37 35 2b 29 2f 2d 23 21 27 25'
+;	dc h'5b 59 5f 5d 53 51 57 55 4b 49 4f 4d 43 41 47 45'
+;	dc h'7b 79 7f 7d 73 71 77 75 6b 69 6f 6d 63 61 67 65'
+;	dc h'9b 99 9f 9d 93 91 97 95 8b 89 8f 8d 83 81 87 85'
+;	dc h'bb b9 bf bd b3 b1 b7 b5 ab a9 af ad a3 a1 a7 a5'
+;	dc h'db d9 df dd d3 d1 d7 d5 cb c9 cf cd c3 c1 c7 c5'
+;	dc h'fb f9 ff fd f3 f1 f7 f5 eb e9 ef ed e3 e1 e7 e5'
+
+Xtime9	anop
+	dc h'00 09 12 1b 24 2d 36 3f 48 41 5a 53 6c 65 7e 77'
+	dc h'90 99 82 8b b4 bd a6 af d8 d1 ca c3 fc f5 ee e7'
+	dc h'3b 32 29 20 1f 16 0d 04 73 7a 61 68 57 5e 45 4c'
+	dc h'ab a2 b9 b0 8f 86 9d 94 e3 ea f1 f8 c7 ce d5 dc'
+	dc h'76 7f 64 6d 52 5b 40 49 3e 37 2c 25 1a 13 08 01'
+	dc h'e6 ef f4 fd c2 cb d0 d9 ae a7 bc b5 8a 83 98 91'
+	dc h'4d 44 5f 56 69 60 7b 72 05 0c 17 1e 21 28 33 3a'
+	dc h'dd d4 cf c6 f9 f0 eb e2 95 9c 87 8e b1 b8 a3 aa'
+	dc h'ec e5 fe f7 c8 c1 da d3 a4 ad b6 bf 80 89 92 9b'
+	dc h'7c 75 6e 67 58 51 4a 43 34 3d 26 2f 10 19 02 0b'
+	dc h'd7 de c5 cc f3 fa e1 e8 9f 96 8d 84 bb b2 a9 a0'
+	dc h'47 4e 55 5c 63 6a 71 78 0f 06 1d 14 2b 22 39 30'
+	dc h'9a 93 88 81 be b7 ac a5 d2 db c0 c9 f6 ff e4 ed'
+	dc h'0a 03 18 11 2e 27 3c 35 42 4b 50 59 66 6f 74 7d'
+	dc h'a1 a8 b3 ba 85 8c 97 9e e9 e0 fb f2 cd c4 df d6'
+	dc h'31 38 23 2a 15 1c 07 0e 79 70 6b 62 5d 54 4f 46'
+
+XtimeB	anop
+	dc h'00 0b 16 1d 2c 27 3a 31 58 53 4e 45 74 7f 62 69'
+	dc h'b0 bb a6 ad 9c 97 8a 81 e8 e3 fe f5 c4 cf d2 d9'
+	dc h'7b 70 6d 66 57 5c 41 4a 23 28 35 3e 0f 04 19 12'
+	dc h'cb c0 dd d6 e7 ec f1 fa 93 98 85 8e bf b4 a9 a2'
+	dc h'f6 fd e0 eb da d1 cc c7 ae a5 b8 b3 82 89 94 9f'
+	dc h'46 4d 50 5b 6a 61 7c 77 1e 15 08 03 32 39 24 2f'
+	dc h'8d 86 9b 90 a1 aa b7 bc d5 de c3 c8 f9 f2 ef e4'
+	dc h'3d 36 2b 20 11 1a 07 0c 65 6e 73 78 49 42 5f 54'
+	dc h'f7 fc e1 ea db d0 cd c6 af a4 b9 b2 83 88 95 9e'
+	dc h'47 4c 51 5a 6b 60 7d 76 1f 14 09 02 33 38 25 2e'
+	dc h'8c 87 9a 91 a0 ab b6 bd d4 df c2 c9 f8 f3 ee e5'
+	dc h'3c 37 2a 21 10 1b 06 0d 64 6f 72 79 48 43 5e 55'
+	dc h'01 0a 17 1c 2d 26 3b 30 59 52 4f 44 75 7e 63 68'
+	dc h'b1 ba a7 ac 9d 96 8b 80 e9 e2 ff f4 c5 ce d3 d8'
+	dc h'7a 71 6c 67 56 5d 40 4b 22 29 34 3f 0e 05 18 13'
+	dc h'ca c1 dc d7 e6 ed f0 fb 92 99 84 8f be b5 a8 a3' 
+
+XtimeD	anop
+	dc h'00 0d 1a 17 34 39 2e 23 68 65 72 7f 5c 51 46 4b'
+	dc h'd0 dd ca c7 e4 e9 fe f3 b8 b5 a2 af 8c 81 96 9b'
+	dc h'bb b6 a1 ac 8f 82 95 98 d3 de c9 c4 e7 ea fd f0'
+	dc h'6b 66 71 7c 5f 52 45 48 03 0e 19 14 37 3a 2d 20'
+	dc h'6d 60 77 7a 59 54 43 4e 05 08 1f 12 31 3c 2b 26'
+	dc h'bd b0 a7 aa 89 84 93 9e d5 d8 cf c2 e1 ec fb f6'
+	dc h'd6 db cc c1 e2 ef f8 f5 be b3 a4 a9 8a 87 90 9d'
+	dc h'06 0b 1c 11 32 3f 28 25 6e 63 74 79 5a 57 40 4d'
+	dc h'da d7 c0 cd ee e3 f4 f9 b2 bf a8 a5 86 8b 9c 91'
+	dc h'0a 07 10 1d 3e 33 24 29 62 6f 78 75 56 5b 4c 41'
+	dc h'61 6c 7b 76 55 58 4f 42 09 04 13 1e 3d 30 27 2a'
+	dc h'b1 bc ab a6 85 88 9f 92 d9 d4 c3 ce ed e0 f7 fa'
+	dc h'b7 ba ad a0 83 8e 99 94 df d2 c5 c8 eb e6 f1 fc'
+	dc h'67 6a 7d 70 53 5e 49 44 0f 02 15 18 3b 36 21 2c'
+	dc h'0c 01 16 1b 38 35 22 2f 64 69 7e 73 50 5d 4a 47'
+	dc h'dc d1 c6 cb e8 e5 f2 ff b4 b9 ae a3 80 8d 9a 97' 
+
+XtimeE	anop
+	dc h'00 0e 1c 12 38 36 24 2a 70 7e 6c 62 48 46 54 5a'
+	dc h'e0 ee fc f2 d8 d6 c4 ca 90 9e 8c 82 a8 a6 b4 ba'
+	dc h'db d5 c7 c9 e3 ed ff f1 ab a5 b7 b9 93 9d 8f 81'
+	dc h'3b 35 27 29 03 0d 1f 11 4b 45 57 59 73 7d 6f 61'
+	dc h'ad a3 b1 bf 95 9b 89 87 dd d3 c1 cf e5 eb f9 f7'
+	dc h'4d 43 51 5f 75 7b 69 67 3d 33 21 2f 05 0b 19 17'
+	dc h'76 78 6a 64 4e 40 52 5c 06 08 1a 14 3e 30 22 2c'
+	dc h'96 98 8a 84 ae a0 b2 bc e6 e8 fa f4 de d0 c2 cc'
+	dc h'41 4f 5d 53 79 77 65 6b 31 3f 2d 23 09 07 15 1b'
+	dc h'a1 af bd b3 99 97 85 8b d1 df cd c3 e9 e7 f5 fb'
+	dc h'9a 94 86 88 a2 ac be b0 ea e4 f6 f8 d2 dc ce c0'
+	dc h'7a 74 66 68 42 4c 5e 50 0a 04 16 18 32 3c 2e 20'
+	dc h'ec e2 f0 fe d4 da c8 c6 9c 92 80 8e a4 aa b8 b6'
+	dc h'0c 02 10 1e 34 3a 28 26 7c 72 60 6e 44 4a 58 56'
+	dc h'37 39 2b 25 0f 01 13 1d 47 49 5b 55 7f 71 63 6d'
+	dc h'd7 d9 cb c5 ef e1 f3 fd a7 a9 bb b5 9f 91 83 8d'
+
+Rcon	anop
+	dc h'01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00'
+	dc h'02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00'
+	dc h'04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00'
+	dc h'08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00'
+	dc h'10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00'
+	dc h'20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00'
+	dc h'40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00'
+	dc h'80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00'
+	dc h'1b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00'
+	dc h'36 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00'
+	end
+
+state1	gequ	0
+state2	gequ	16
+keysize	gequ	32
+rk	gequ	33
+
+
+* Callable from C, with state structure pointer on stack.
+aes_expandkey128 start
+	phb
+	plx
+	ply
+	tdc
+	pld
+	plb
+	plb
+	phy
+	phx
+	plb
+	pha
+	jsl	ExpandKey128
+	pld
+	rtl
+	end
+
+
+* Call with DP = AES state structure (with key expanded),
+*           DP = bank containing AES tables.
+ExpandKey128 start
+	using	tables
+
+	ldx	#16
+
+top	anop
+	ShortRegs
+	
+	ldy	rk-3,x
+	lda	Sbox,y
+	eor	Rcon-16,x
+	eor	rk-16,x
+	sta	rk,x
+	
+	ldy	rk-2,x
+	lda	Sbox,y
+	eor	rk+1-16,x
+	sta	rk+1,x
+	
+	ldy	rk-1,x
+	lda	Sbox,y
+	eor	rk+2-16,x
+	sta	rk+2,x
+	
+	ldy	rk-4,x
+	lda	Sbox,y
+	eor	rk+3-16,x
+	sta	rk+3,x
+
+	LongRegs
+
+	lda	rk+0,x
+	eor	rk+0+4-16,x
+	sta	rk+0+4,x
+	lda	rk+2,x
+	eor	rk+2+4-16,x
+	sta	rk+2+4,x
+
+	lda	rk+4,x
+	eor	rk+4+4-16,x
+	sta	rk+4+4,x
+	lda	rk+6,x
+	eor	rk+6+4-16,x
+	sta	rk+6+4,x
+
+	lda	rk+8,x
+	eor	rk+8+4-16,x
+	sta	rk+8+4,x
+	lda	rk+10,x
+	eor	rk+10+4-16,x
+	sta	rk+10+4,x
+
+	txa
+	clc
+	adc	#16
+	tax
+	cmp	#16*12
+	blt	top
+	rtl
+	end
+
+
+* Callable from C, with state structure pointer on stack.
+aes_encrypt start
+	phb
+	plx
+	ply
+	tdc
+	pld
+	plb
+	plb
+	phy
+	phx
+	plb
+	pha
+	jsl	AES_ENCRYPT
+	pld
+	rtl
+	end
+
+
+* Call with DP = AES state structure (with key expanded),
+*           DP = bank containing AES tables.
+AES_ENCRYPT start
+	using	tables
+
+	AddInitialRoundKey
+
+	ShortRegs
+
+	NormalRound 1
+	NormalRound 2
+	NormalRound 3
+	NormalRound 4
+	NormalRound 5
+	NormalRound 6
+	NormalRound 7
+	NormalRound 8
+	NormalRound 9
+
+	FinalRound 10
+	
+	LongRegs
+
+	rtl
+	end
+
+

aes.h

@@ -0,0 +1,12 @@
+enum aes_keysize {aes_keysize_128=0, aes_keysize_192=64, aes_keysize_256=128};
+
+struct aes_state {
+	unsigned char data[16];
+	unsigned char reserved[16];
+	unsigned char keysize;
+	unsigned char key[16*15];
+};
+
+/* state must be in bank 0, preferably page-aligned. */
+void aes_expandkey128(struct aes_state *state);
+void aes_encrypt(struct aes_state *state);

aes.macros

@@ -0,0 +1,132 @@
+	macro
+	AddInitialRoundKey
+	lcla	&i
+.top
+	lda	state1+&i
+	eor	rk+&i
+	sta	state1+&i
+&i	seta	&i+2
+	aif	&i<16,.top
+	mend
+
+
+	macro
+	NormalRound &round
+
+	aif	&round/2*2=&round,.evenround
+	MixColumn 0,0,5,10,15,state1,state2
+	MixColumn 4,4,9,14,3,state1,state2
+	MixColumn 8,8,13,2,7,state1,state2
+	MixColumn 12,12,1,6,11,state1,state2
+	ago	.done
+.evenround
+	MixColumn 0,0,5,10,15,state2,state1
+	MixColumn 4,4,9,14,3,state2,state1
+	MixColumn 8,8,13,2,7,state2,state1
+	MixColumn 12,12,1,6,11,state2,state1	
+.done
+	mend
+
+
+	macro
+	MixColumn &i,&A,&B,&C,&D,&state,&out
+	
+	ldy	&state+&A
+	lda	Xtime2Sbox,Y
+	ldy	&state+&B
+	eor	Xtime3Sbox,Y
+	ldy	&state+&C
+	eor	Sbox,Y
+	ldy	&state+&D
+	eor	Sbox,Y
+	eor	rk+&round*16+&i
+	sta	&out+&i
+	
+	ldy	&state+&A
+	lda	Sbox,Y
+	ldy	&state+&B
+	eor	Xtime2Sbox,Y
+	ldy	&state+&C
+	eor	Xtime3Sbox,Y
+	ldy	&state+&D
+	eor	Sbox,Y
+	eor	rk+&round*16+&i+1
+	sta	&out+&i+1
+	
+	ldy	&state+&A
+	lda	Sbox,Y
+	ldy	&state+&B
+	eor	Sbox,Y
+	ldy	&state+&C
+	eor	Xtime2Sbox,Y
+	ldy	&state+&D
+	eor	Xtime3Sbox,Y
+	eor	rk+&round*16+&i+2
+	sta	&out+&i+2
+	
+	ldy	&state+&A
+	lda	Xtime3Sbox,Y
+	ldy	&state+&B
+	eor	Sbox,Y
+	ldy	&state+&C
+	eor	Sbox,Y
+	ldy	&state+&D
+	eor	Xtime2Sbox,Y
+	eor	rk+&round*16+&i+3
+	sta	&out+&i+3
+	
+	mend
+
+
+	macro
+	FinalRound &round
+	
+	FinalRoundStep 0,0
+	FinalRoundStep 4,4
+	FinalRoundStep 8,8
+	FinalRoundStep 12,12
+	
+	FinalRoundStep 13,1
+	FinalRoundStep 1,5
+	FinalRoundStep 5,9
+	FinalRoundStep 9,13
+	
+	FinalRoundStep 10,2
+	FinalRoundStep 2,10
+	FinalRoundStep 14,6
+	FinalRoundStep 6,14
+	
+	FinalRoundStep 3,15
+	FinalRoundStep 15,11
+	FinalRoundStep 11,7
+	FinalRoundStep 7,3
+	
+	mend
+
+
+	macro
+	FinalRoundStep &to,&from
+
+	ldy	state2+&from
+	lda	Sbox,Y
+	eor	rk+&round*16+&to
+	sta	state1+&to
+
+	mend
+
+
+	macro
+	ShortRegs
+	sep	#$30
+	longa	off
+	longi	off
+	mend
+
+
+	macro
+	LongRegs
+	rep	#$30
+	longa	on
+	longi	on
+	mend
+

aesalign.asm

@@ -0,0 +1,5 @@
+* Dummy segment to be linked first to set the alignment.
+* This needs to be linked before the root file generated by ORCA/C.
+	align 256
+dummy	private
+	end

aestest.c

@@ -0,0 +1,37 @@
+#include <stdio.h>
+
+#include "aes.h"
+
+void print_hexbytes(char *prefix, unsigned char *data, unsigned int n) {
+    int i;
+    
+    printf("%s", prefix);
+    for (i = 0; i < n; i++) {
+        printf("%02x ", data[i]);
+    }
+    printf("\n");
+}
+
+int main(void) {
+    int i;
+    struct aes_state aes_state = {
+        {0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xaa,0xbb,0xcc,0xdd,0xee,0xff},
+        {0},
+        aes_keysize_128,
+        {0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f}
+    };
+    
+    print_hexbytes("Input:        ", aes_state.data, 16);
+    print_hexbytes("Key:          ", aes_state.key, 16);
+    
+    aes_expandkey128(&aes_state);
+    
+    for (i = 1; i <= 10; i++) {
+        printf("Round key %2i: ", i);
+        print_hexbytes("", aes_state.key + i*16, 16);
+    }
+    
+    aes_encrypt(&aes_state);
+    
+    print_hexbytes("Output:       ", aes_state.data, 16);
+}