Application Note: AES 128-Bit Implementation with Z8 Encore
Contents
1. Space Base Top SIZE Used Unused RDATA E ZU R FF fed 212 1 ROM c ooog C0932 819 2355 D837 AES128 hex 3DF1 AES128 1aod 3DF1 Build succeeded Build A Debug A Find in Files 1 Find in Files 2 j Messages Figure 24 Build Output Window Showing Space Allocation Replacement Cipher and Decipher Stack Space Observe the following procedure to determine the Cipher and Decipher Stack Space val ues 1 Click the Reset button in the ZDSII toolbar highlighted in Figure 25 followed by the Step Into button to proceed through each individual step one by one to run the function call to the Cipher Decipher routine E z Ex SEL AR Gq nm a oN KA hh PHP o tu wm np nn op nn nn nn nn nn nn Figure 25 The RESET and Step Into Buttons in the ZDSII Toolbar 2 View the stack pointer values and stack RAM area shown in Figure 26 by pressing the ALT 3 keys simultaneously ANO033801 0812 Page 24 of 34 Address K O00 ANO033801 0812 OO DD OO UU OO UU OO DU DU DU DU DU OO DU OO DU DU DU 00 00 OO DU OO DU DU DU OO DU OO DU 00 DU OO DU OO DU OO DU OO DU DU DU OO DU OO UU OO DU DU DU 00 00 DU DU OO DU OO DU UU UU UU UU UU UU UU UU UU UU UU UU UU UU UU UU UU UU UU UU UU UU UU UU UU UU UU UU UU UU UU UU UU t D UU UU DU UU UU UU 00 00 t UU UU UU t D UU DU UU 00 t UU t UU UU UU UU UU UU UU D UU UU D2. ANO033801 0812 Page 29 of 34 AES 128 Bit Implementation with Zilog Microcontrollers Application Note ZILOC An LA YS Compa LI EEN j L3 a in X Space R data l Addrezs RHO UU ha jlEz BH 00 OF DO DB OL 53 2B BB DO UO Ui AD OO BB BB D db oaa GR EZ ing OO gg gg OO OO gg OO gg OO UU OO OO UU OO OO UU ROE BE DL B2 Hs D 5 Ep B BS US B BE Dc BD BE HE ww ne ee AEN IEz u3 De AA 74 FD De AF 72 FA DA AB 78 F1 D amp 6 AB 75 FE ts e FAULO B 92 CF UB 54 3D BD Fl BE 3B CS DU amp 8 30 BS FE d DI RU ZU 3C AA AS ES AY HF SD EB SU F3 AF 5 AD Fb 22 AA z Era E 8 SE 39 OF 7D F7 A6 92 96 A 55 3D Cl OA A3 IF 6B 3 1 I k F090 14 FY ZU 1 ES SF EY 8C 44 O04 DF 4D 4E AY CU 26 D D HN A Ez A U 47 43 B7 35 Ad 1C 65 BY EDU 16 BA F4 AE BF FA D2 GC e z EZz B 54 99 32 D FO 85 5 66 10 93 ED DC BE ZC OF Ab T 2 BE c oos H RAUCH 13 11 1D Zb ES G4 de 17 F3 OF AY BB 4D 2B 30 CS a H 0 R 0D0 op 00 00 op OO 00 D OD OO OD OD OO OO OD DD F 0E0 00 DU OO OO 00 OU OO DU DU DU OO FF FF p04 Ce see H H ntn Ezil D Ul UU UU UU mee UU uu UU m UU UU UU UU UU OO DU R 110 R wn eof wt o dw S ulis KEE lecipher AES Stack Usage 17Bytee F150 00 OO OO OO OO OO OO OO OO OO OO OO OO OO OO UU Pari EL O00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 O0 a eae IE 170 OOF OO OO OO OO OO OO OO OO OO OO OO OO OO DUDU IEXXIEH DD DD BO DD BB Hi Bi BB BB BB BB BH BH B
3. EE ce FT Xv oW E2040 Be Ja LE OG P IE BD Pl BE SB Gs HU SS 3H a BEES 22 248 h EXHSI Be EF 73 E D C2 9 BF BC ae Hh SE H sa HE 21 SR Y 3 8 REIGO Wr E Ey EL Ss 35 SB Hd EY BL Ss BL ED DS ent PD 10245 IRFU SC op 43 BH AS SB SI EB RH EJ AE 57 AD Fh ZZ AB naien E Vue IRz08Q0 SE 39 DF 70 F A 92 96 A 55 3D Cl GA Ag LE 5B 39 1 U E REDS L F3 TU l Ba oP E2 SL 25 U amp DE 4O AE 69 KH 26 E E d im IRISO AV aS Hj 35 At JE 53 B9 EU i BA KA amp h BE 7e DE Ge SS VE soa SS REDBO SA 9 22 IH FO H5 S7 GR 210 95 SI JE BR ZE BTOSE Tames Wie a H EXHCU dG LI DE Zb B2 D e 17 Fa O7 ah BE 4l ZH 380 ES ec NU EX DU te ot Se dy BI GE SR 82 BE dE SO 2 gt ES DE TS Toe Eve P e RUE nag ng gag 00 DD ag ng O0 nagd nn mim itt tan eee oe eee Bee RUF Ue te BB ZR HC D ER HH HS Hd DI Om HM Pee EE osn4Lnsinmnn nas IERZIUL TT or oo oe oe ee oe or a oo ee oe tr oo aaa F 110 00 00 ug DD 00 0o00 00 00 00 00 00 00 00 00 00 gee e mem Du es ey ey er ey ler er IF 120 UO OO OO OO UU UI KAL A0 DU 00 OO OO OO UU Ex14U OO OO OO OO OO UU Ex150 DU ug gg DU OU UU R 160 OO OO OO OO OO UU US eck FE EEE EEE FE EI EK H EK EERE ERED 0 Et GEE VH GERD corr ee ener rs iIRZi8U UO ug gg gg OO OO OO OO OO OO OO OO OO OO DUDU IEZz190 UU DU OS OO DU OO OO OH OO OO OO OO OO OO OO OO LL ree RS UO ug ug ug ug ug ug ug ug ug gg gg gag gag DUDU Figure 30 Memory Window Showing Cipher Routine Stack Usage
4. b3 d5 le 8f ca 3f 0f 02 ci af bd 03 01 13 Ba 11 41 de 67 de ea 97 2 cf ce f bd e6 73 74 22 e7 ad 35 85 e2 9 37 e8 1c 75 ae Hia 7 ta 29 c5 69 6f 7 62 00 aa 18 be ip e 4b 78 ed 5a 4 Fab 33 88 07 oT 31 bi 12 10 59 Z7 80 ec Se 7f a9 19 b5 da 0d 2d e5 7a 5 33 c9 9c ef 3b 4d ae 2a 5 b0 c8 eb bb 3c 83 53 99 61 2b 04 Te ba 77 d 26 ei 69 14 63 55 21 0c 7a Figure 14 Inverse S Box Substitution Values for the XY Byte in Hexadecimal Format 4 5 6 09 d8 ab ao Za ry KE 08 E amp 3 do ER 60 a0 Hardware Implementation This AES 128 application was implemented and tested using a small memory model Essentially any Zilog microcontroller can be used for its implementation We used a Z8F082A MCU in this application to highlight the small memory footprint of its firm ware Using a Z8FO82A Development Kit connected to a desktop PC via the HyperTermi nal emulation program the user can enter a 16 character string HyperTerminal is used to display the plain text the ciphered text and the decrypted text Software Implementation The AES 128 algorithm was implemented in C using ZDSII version 5 0 0 for Z8 Encore Table 1 describes the commands used to perform the FIPS 197 based encryption and decryption processes ANO03
5. However users are cautioned to authenticate the code contained herein x ZILOG DOES NOT GUARANTEE THE VERACITY OF THIS SOFTWARE ANY SOFTWARE CONTAINED HEREIN IS PROVIDED AS IS NO WARRANTIES ARE GIVEN WHETHER EXPRESS IMPLIED OR STATUTORY INCLUDING IMPLIED WARRANTIES OF FITNESS FOR PARTICULAR PURPOSE OR MERCHANTABILITY IN NO EVENT WILL ZILOG BE LIABLE FOR ANY SPECIAL INCIDENTAL OR CONSEQUENTIAL DAMAGES OR ANY LIABILITY IN TORT NEGLIGENCE OR OTHER LIABILITY INCURRED AS A RESULT OF THE USE OF THE SOFTWARE EVEN IF ZILOG HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES ZILOG ALSO DOES NOT WARRANT THAT THE USE OF THE SOFTWARE OR OF ANY INFORMATION CONTAINED THEREIN WILL NOT INFRINGE ANY PATENT COPYRIGHT OR TRADEMARK OF ANY THIRD PERSON OR ENTITY THE SOFTWARE IS NOT FAULT TOLERANT AND IS NOT DESIGNED MANUFACTURED OR INTENDED FOR USE IN CONJUNCTION WITH ON LINE CONTROL EQUIPMENT IN HAZARDOUS ENVIRONMENTS IN APPLICATIONS REQUIRING FAIL SAFE PERFORMANCE OR WHERE THE FAILURE OF THE SOFTWARE COULD LEAD DIRECTLY TO DEATH PERSONAL INJURY OR SEVERE PHYSICAL OR ENVIRONMENTAL DAMAGE ALL OF THE FOREGOING HIGH RISK ACTIVITIES ZILOG SPECIFICALLY DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY TO HIGH RISK ACTIVITIES x Ke ee e e se qe ats te k k k e k ei eso qoe ee k pop epp eos k spool sie cies e k K k k k k k k kk k include lt eZ8 h gt include lt sio h gt include lt stdio h gt includ
6. following operations e Substitute Bytes e Shift Rows e Mix Columns e Add Round Key Both the key and the input data also referred to as the state are structured in a 4x4 matrix of bytes Figure 2 shows how the 128 bit key and the input data are distributed into the byte matrices Figure 2 AES 128 Plain Data Left and Cipher Text Right Encryption The encryption process transforms plain data to encrypted data using a security key While encryption can be performed in different ways most encryption use today is based on the NIST FIPS 197 Standard which involves the Add Round Key Substitute bytes Sub bytes Shift Rows and Mix Column The Add Round Key Operation The Add Round Key operation is simple the corresponding bytes of the input data and the expanded key are XORed as indicated in Figure 3 ANO033801 0812 Page 3 of 34 AES 128 Bit Implementation with Zilog Microcontrollers Application Note i I f f e d Uu j 4 Z t uw 4 s dl AnE XY Figure 3 The XORed Add Round Key Operation Figure 4 offers a more simplified view of the XORed Add Round Key operation high lighting the first byte of the input data matrix and the first byte of the Add Round Key matrix both circled in the figure that will go to the XOR operation the circled plus sign that results in 0x71 41 30 71 Figure 4 The XORed Add Round Key Operation Simplified View Perform the XOR operation for each element
7. in the input and Add Round Key data matri ces through the final byte The resulting matrix is shown in Figure 5 ANO033801 0812 Page 4 of 34 AES 128 Bit Implementation with Zilog Microcontrollers Application Note i 7 I f EM gaz d i j D A d I D s wl m s dl AnE AY Figure 5 The Resulting Matrix After the Add Round Key Operation The Substitute Bytes Operation The Subbytes operation is a nonlinear substitution method that can be implemented in dif ferent ways One of these ways is to implement look up tables consisting of a method known as A Box The Subbytes algorithm substitutes the plain data with the corresponding values found with the S Box method The S Box shown in Figure 6 is displayed in X rows and Y columns The first byte of the matrix shown in Figure 5 is 0x 71h or 71 Converting this number to an XY format essen tially means that the first digit 7 represents the X row value and the second digit 1 rep resents the Y column value The intersection of these two values 0x71h will be substituted by the S Box value 0xa3h as highlighted in Figure 6 and indicated in the first byte value shown in Figure 7 ANO033801 0812 Page 5 of 34 AES 128 Bit Implementation with Zilog Microcontrollers Application Note Zilog An IX YS Company Figure 6 Substituting a Data Value with an S Box Value The result of computing all S Box values is shown in Figure 7 Figure 7 Substituted Element Usin
8. ues as shown in Figure 28 In this example SP 1 FFh and the top of unused RAM is at address EBh in which FFh 14h EBh Figure 29 presents an example of such newly entered values in the area highlighted in red Page 25 of 34 AES 128 Bit Implementation with Zilog Microcontrollers Application Note zilog An EX Y Compa Ir ix Space Edata NF Fi Address RH000 R o00 oO OO 00 00 00 pi Senn 00 00 00 QD 00 D ER EE R 20 00 00 00 00 00 sias MN nena eee R 30 00 op 00 op 00 35461 aiii iiid R 4 00 00 00 QD og D I A o R 050 00 00 00 00 00 D wap IO RHO60 00 00 00 QD O0 Na WEN idee ue R 070 op 00 00 op 00 op c d Senan 00 00 00 00 00 anc eg R 090 00 00 00 00 00 naa MOP ey R OA0 00 op OD op DO DU O get aw EE RHOBO oo 00 oo 00 oo ooo Save To File Pie emmmer RHOCO 00 00 00 00 DO 00 M000 on Gang 00 00 00 00 00 op o Load From Fle ROCK ap MAR PRENNE Ipx130 HH HH HB HH HP HH HB DD HB HH HE HH HEI HH HI H arpaa enm k 140 UO 00 UU OO UU OO OO UH OO OO OO UU OO UH Oo UU Exi1b5 UO OO OO OO OO OO OO OO OO BD OO OO OO OO DUDU ik 1e0 OO OO OO OO OO OO OO OO OO OO OO OO OO OO DUDU Reo H HB EH DI HH DI HR DU H HRS E D E BI EI H E irria Ree Exz1sH UO 00 UU OO UU UH DU OO OO OO OO UU OO UU UU UU mL p DH EMER OH Or OX Or EI i EI 3 EI E OI E OI Oh es cesse R 1A0 00 OO OO OO OO OO OO OO OO OO OO OO OO 00 OO DO nnnes R 1BO OO OO OO OO OO O
9. 3801 0812 Page 12 of 34 AES 128 Bit Implementation with Zilog Microcontrollers Application Note zilog F me aa F An LA YS Compa Table 1 Encryption Decryption Commands Command void Generate Key unsigned char G_Multiply unsigned char value Description Used to generate the key required in 10 rounds of the Add Round Key operation This function is called in the decryption process which performs a Galois multiplication before performing the Mix Column operation void mix_column unsigned char Plain_Data This function is called by void add S Box and shift unsigned char Plain Data unsigned char turn void add S Box and shift unsigned char Plain Data unsigned char turn void inv add S Box and shift unsigned char Plain Data unsigned char turn This function adds XORs the round key to the plain data The output of the XORed plain data and the round key is replaced by a Subbytes S Box value Every column is then mixed by multiplication This function adds XORs the round key to the encrypted data The output of the XORed encrypted data and the round key is replaced by an inverse Subbytes inv S Box value Every column is then mixed by multiplication void cipher AES unsigned char Plain Data Used to cipher 16 character data If there are more than 16 characters it must be subdivided into 16 byte parts void decipher AES unsigned char Plain Data Equipment Used
10. Application Note Z l O AES 128 Bit Implementation with Embedded in Life e creen eet Z8 Encore XP Microcontrollers AN033801 0812 Abstract This application note discusses how AES 128 encryption can be implemented with Zilog s Z8 Encore family of 8 bit microcontrollers The AES 128 standard is an encryp tion solution that has been developed to satisfy many rapidly evolving security concerns that have arisen within the computer and embedded chip industries This standard employs 128 bit block data transfer and a 128 bit key to cipher and decipher plain data The AES algorithm was implemented in compliance with the NIST FIPS 197 that governs how data is transferred via advanced encryption methods Implementing the AES 128 standard with Zilog s Z8 Encore XP MCUs offers high speed performance when undergoing a encryption decryption process resulting in a 1 8909ms cipher rate and a 2 604ms decipher rate The source code consumes a maximum of 2 5KB of MCU memory Zilog s Z8 Encore XP MCU also offers high level of protection from unauthorized attempts to read or write to the embedded code within Flash program memory Users can select option bits for Flash Read Protect Flash Write Protect or both The Flash Read Pro tect option bit disables external user read access to Flash Program Memory the Flash Write Protect bit disables external user access to program this Flash program memory These features allows all encryption and decr
11. DESCRIBED HEREIN OR OTHERWISE The information contained within this document has been verified according to the general principles of electrical and mechanical engineering Z8 Z8 Encore and Z8 Encore XP are trademarks or registered trademarks of Zilog Inc All other product or service names are the property of their respective owners ANO033801 0812 Page 34 of 34
12. H HRH Dees kzi3H OO OO OO OO OO HH DU OO OU OO OO OO DU OO OO Oo IE 140 H 00 00 PN 00 00 00 00 00 00 00 00 00 00 00 D esst Figure 31 Memory Window Showing Decipher Routine Stack Usage Note To properly monitor the number of changed bytes fill the stack space with OxFF starting from the current SP 1 location down to the top of unused RAM ANO033801 0812 Page 30 of 34 AES 128 Bit Implementation with Zilog Microcontrollers Application Note Zilog za An EX Y Compa Appendix C AES Routine Without HyperTerminal The code presented below is an example of how to modify the main c file by comment ing out certain lines of code to properly obtain the AES routine s time usage RAM and ROM and stack usage sf RS Seb sp e ep epe ee de s qe qe qe dee ede ss see ep epo qo ee sp eee qp spe eie d ee Ve qm Ob oS SER SS qe ds el de uS MS ee oh eec spop ep opes e k k kk k k k k File main c Description AES 128 User API KK Copyright 2012 Zilog Inc ALL RIGHTS RESERVED x KKK K K K K KE KE K K K E E E E E E E EKE E KE K E E E K EK KE E E E E E E E E E E KE E E K K K K KE E EK EKE E E E E E E E K E E K EK EK K K K K K KE E E E E E E E K K K K K K K K K K K K K KK KKK KKK The source code in this file was written by an authorized Zilog employee or a licensed consultant The source code has been verified to the fullest extent possible Permission to use this code is granted on a royalty free basis
13. Note Zilog I AnEE EA Y Company Appendix B Calculating Time RAM ROM and Stack Space Usage Cipher decipher times and stack flow can be calculated using Zilog Developer Studio ZDSII Cipher and Decipher Times Observe the following procedure to determine the Cipher and Decipher Time usage val ues be From the File menu in ZDSII select Open Project to open the Open Project dialog box Browse to and select the ANO338 zdsproj project in this dialog and click OK to load it into the ZDSII IDE In the main c file some lines must be commented out to properly obtain the AES routine s time usage RAM and ROM and stack usage Refer to Appendix C AES Routine Without HyperTerminal on page 31 for an exam ple of this commented out code Note As a convenience to the reader a copy of the project containing this commented out code is provided in the AN0338 SCO2 zip file With the AN0338 zd spro j project open navigate via the Project menu in ZDSII and select Settings In the Code Generation pane ensure that the Limit Optimization checkbox is not selected and that Memory Model is set to Small In the left pane click Debugger In the Debug Tool pane select Simulator from the Current drop down menu Click OK A dialog box will appear stating The project settings have changed since the last build Would you like to rebuild the affected files Click Yes to rebuild the project At the left side of the ZDSII window do
14. O OO OO OO OO OO OO OO OO OO BD enn RICH OO OO OO OO OO OO OO OO OO OO OO OO OO OO DUDU Figure 27 Accessing the Fill Memory Pop Up Menu ANO033801 0812 Page 26 of 34 AES 128 Bit Implementation with Zilog Microcontrollers Application Note ZILO Og nEIXYS mpal Space Tp c Address So A X 1 UU Fill value Address harige fe FF TR pf End Address Hex FF tie n Got Figure 28 Entering New Address Values in the Fill Memory Dialog Start Address Hex EB ANO033801 0812 Page 27 of 34 AES 128 Bit Implementation with Zilog Microcontrollers Application Note Zz Ilo F An LA Y Compa x I al Space Edata Address R 000 L EID Figure 29 OxFF Values Highlighted in the Stack Space 4 Once again step through the Cipher Decipher function using the Step Into button in the toolbar 5 View the RAM stack area and count the number of used bytes Figures 30 and 31 highlight examples of stack space usage in green for the cipher and decipher rou tines ANO033801 0812 Page 28 of 34 AES 128 Bit Implementation with Zilog Microcontrollers Application Note He TS EB TO E CNET t6 ZER REDIO OO OO OO OO OO OO OO OO OO OO OO OO OO OO DUDU Regs DD Hl US H3 H4 UF U OF Ho H9 Ge UE UL Mi HE HE ll suse KA Dh amp 74 FD DS AFP 72 b D AB 78 EL DA ab 7
15. U UU t UU D UU UU UU UU UU UU UU UU UU UU UU UU UU UU UU UU AES 128 Bit Implementation with Zilog Microcontrollers UU UU UU UU UU D UU UU UU UU t UU OU 00 t UU UU UU UU UU UU UU UU UU UU UU UU UU UU UU UU UU UU UU D UU UU UU UU UU UU OU UU UU UU UU UU UU UU Dt D UU UU t UU UU UU UU UU UU UU UU UU D UU UU UU UU UU UU UU UU UU UU UU UU UU UU OU D UU UU UU UU UU UU UU Du UU OU UU UU Oo UU 00 00 UD I UU UU UU UU UU UU UU UU UU UU UU UU OU OU UU UU UU UU UU UU UU UU UU UU UU 00 Du UU UU UU UU UU UU UU UU UU UU UU UU UU UU OU UU UU UU UU UU UU UU UU UU UU UU UU 00 Du UD UU UU UU UU UU UU UU UU UU UU UU UU UU OU UU UU UU UU UU UU UU UU UU UU UU UU UU Du UD ut UU UU UU UU UU UU UU OU UU UU Du UU 00 UU UU OU UU UU Figure 26 Memory Window Du A UU Du UU Du UU 00 Du UD ut UU OU UU UU UU UU UD UU Du UU UU UU 00 UU UU UU UU UU Space kdata Application Note zilog Initialize the stack RAM area starting from the current Stack Pointer 1 SP 1 address location down to the top of unused RAM by right clicking in the memory window then selecting Fill Memory from the pop up menu as shown in Figure 27 The Fill Memory dialog box will appear allowing you to enter your new address val
16. Used to decipher 16 character cipher data If the data is more than 16 characters it must be subdivided into 16 byte parts The tools used to develop this AES 128 application are e The most recent version of the ZDSII IDE for Z8 Encore devices e Z8FO82A Development Kit e USB to 9 pin serial cable Testing Procedure To build configure and test the AES 128 algorithm on your own Z8F082A Development Kit observe the following procedure 1 Download the most recent version of ZDSII Z8 Encore and install it on your PC Note Website registration is required to download the ZDSII software If you have already reg istered as a site user on zilog com simply log in to download ZDS II 2 Download the AN0338 SCOI source code from the Zilog website and unzip it to an appropriate project folder on your PC ANO033801 0812 Page 13 of 34 AES 128 Bit Implementation with Zilog Microcontrollers Application Note zilog An EX Y Company 3 Launch ZDSII Z8 Encore 4 Inthe ZDSII menu bar navigate via the File menu to Open Project to display the Open dialog box Browse to the project folder containing the copy of AN0338 SCOI that you downloaded in Step 2 Within the AN0338 SCO1 folder select the zdspro 4 file and click Open 5 From the Configuration drop down menu select Debug In the left panel of the screen click General to open the General window In the Build panel on the center right of the window ensure that t
17. a 0 while 1 data getchar putchar data User_Input i data i if i gt 16 ii JI break TER Te see TS AS SERE HESSE AS 28 IS 8 28 AS 2 PCR AS 28 2S FAS 8 PIS AS 2 k AS 218 AS 28 FES CICER AC 28 FS k k k k k k k K printf r nEncryption in process r n comment this when getting the clock usage ANO033801 0812 Page 32 of 34 AES 128 Bit Implementation with Zilog Microcontrollers Application Note zilog Embedded m Lin An X YS Company cipher AES User Input printf 96s User_Input comment this when getting the clock usage printf r nDecryption in process r n comment this when getting the clock usage decipher AES User Input printf s r n User_Input comment this when getting the clock usage j ANO033801 0812 Page 33 of 34 AES 128 Bit Implementation with Zilog Microcontrollers Application Note lan ZItOog Customer Support To share comments get your technical questions answered or report issues you may be experiencing with our products please visit Zilog s Technical Support page at http support zilog com To learn more about this product find additional documentation or to discover other fac ets about Zilog product offerings please visit the Zilog Knowledge Base at http zilog com kb or consider participating in the Zilog Forum at http zilog com forum This publication is subject to replacement by a later ed
18. e zilog i irad nm AnEE LA YS Company e ROM Usage 2355B e Cipher Stack Space 14B e Decipher Stack Space 17B All operations routines and functions were based on the NIST FIPS 197 standard The AES 128 firmware was tested and produced its intended results The AN0338 SCOI source code is modular and can be implemented easily References ANO033801 0812 The following documents are each associated with the Z8 Encore XP MCU and are avail able free for download from the Zilog website e Zilog Developer Studio II Z8 Encore User Manual UMO0130 e eZ8 CPU Core User Manual UMO0128 For additional understanding consider the following sources e Advanced Encryption Standard AES Federal Information Processing Standards Pub lication 197 November 26 2001 e Rinjdael Cipher 128 Bit Version Data Block and Key Encryption Enrique Zabala Universidad ORT Montevideo Uruguay e How AES Works Eastern Kentucky University Page 20 of 34 AES 128 Bit Implementation with Zilog Microcontrollers Application Note zilog Embedded jin Lih An IXYS Company Appendix A Flowchart Figure 21 illustrates the flow of the AES 128 bit algorithm START ADD ROUND KEY SUBBYTES SHIFTROWS MIX COLUMNS ADD ROUND KEY Round 107 Y SUBBYTES SHIFTROWS ADD ROUND KEY END Figure 21 AES 128 Flow Chart AN033801 0812 Page 21 of 34 AES 128 Bit Implementation with Zilog Microcontrollers Application
19. e AES h volatile unsigned char User_Input 17 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 comment this when getting the clock usage volatile unsigned char User Input 16 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 uncomment this when getting the clock usage define STACK SIZE 20 ANO033801 0812 Page 31 of 34 AES 128 Bit Implementation with Zilog Microcontrollers Application Note zilog AnD X YS Company volatile unsigned char ReservedStackSpace STACK SIZE _ At 0x100 comment this when getting the clock usage volatile unsigned char ReservedStackSpace STACK_SIZE _At 0x100 STACK SIZE uncomment this when getting the clock usage PERE OEE s esie P So S op qe eS A oo se POR AS AS sis oi ele de n sg k ris e PRSE PI seris vs ns eis vs sp bs eebe Description User Application Ass senis sob s neis PRO k PEGRGRORGB e s operis n sp npe sieut eje ris npo opo eebe ni sioe sh void main void xsise comment this when getting the clock usage xeereeeses char120 char data 0 int x 0 A OSCCTL OxE7 funlocked sequence OSCCTL 0x18 OSCCTL 0x42 crystal selected forG 0 1 lt OxFFFF i DIO H init_uart _UARTO DEFFREQ DEFBAUD select port UARTO EIO User Input 16 0 FFP PO ie po k spoon ops qnss ee k k kk k k k k ae k k k while 1 ee COmment this while loop when getting the clock usage printf Enter 16 Character 1 i 0 dat
20. e 23 Break Point Location and Time Usage of cipher AES User Input 8 Click the Go button a second time to calculate the time usage of Decipher AES User Input Note To calculate time usage subtract the previous time from the new time For example the time indicated in Figure 22 must be subtracted from the time indicated in Figure 23 The result of this subtraction is the time usage cipher_AES User_Input RAM and ROM Usage Space Click the Build tab at the bottom of the ZDS II screen to view the data in the Used column which displays RDATA RAM and ROM usage in bytes These values only represent the ROM and RAM usage of the AES routine and do not include the memory load imposed by the HyperTerminal application Figure 24 shows these ROM and RAM values in the Build output window In this figure the amount of ROM used is 2355 bytes the used RAM data is 212 bytes including a reserved stack space of 20 bytes Because the STACK_SIZE is defined in the program as 20 bytes 14h the used RAM data is actually 192 bytes Le 212B 20B 192B ANO033801 0812 Page 23 of 34 AES 128 Bit Implementation with Zilog Microcontrollers Application Note zilog An EX Y Company NOU338 Configuration Release C XDOCUME 1 mnmochoco Desktop AHU0338 72 AH0338 1 A HU0338 l zrc aes c C XBOCIME 1 mochoco Dezktep AHU338 72 A NU338 1 A HU338 1 zrc main c Linking l SPACE ALLOCATION
21. et dialog then click OK a second time to close the Project Settings dialog If an IDE window appears prompting you to rebuild the affected files click Yes to close this dialog and save your project settings 8 On the left side of the ZDSII workspace area click the icon to expand the External Dependencies menu then double click the S10 n file Ensure that _DEFBAUD is set to 57600 If you must change this setting ensure that you change it to 57600u1 9 From the Build menu choose Rebuild All to build the code and load it into the Z8F082A MCU Observe the following instructions to configure HyperTerminal 1 To launch HyperTerminal navigate via the PC s Start menu to All Programs Accessories Communications HyperTerminal Configure HyperTerminal to reflect the settings shown in Figure 16 COMT Properties ax T Fort Settings Bits per second S7600 kd Data bits E s m Parity None ei Stop bits dh x A rsi Flow control None GA e Figure 16 HyperTerminal Properties 2 This AES 128 application was tested using HyperTerminal running on a Windows XP SP3 system ANO033801 0812 Page 15 of 34 AES 128 Bit Implementation with Zilog Microcontrollers Application Note zilog AnEIIXYS Company 2 Click the Reset button in the ZDSII toolbar and wait a moment for the Enter 16 Characters text string to appear in the Hype
22. g S Box Substituting all of the elements of the matrix using the S Box will result in the values shown in Figure 8 ANO033801 0812 Page 6 of 34 AES 128 Bit Implementation with Zilog Microcontrollers Application Note Zilog Embedded m Life An IX YS Company Figure 8 The Resulting Matrix After the Subbytes Operation The Shift Rows Operation The Shift Rows operation processes a data matrix in row by row fashion The first row remain unchanged while the second row of the 4x4 byte input data the user input is shifted one byte position to the left in the matrix Subsequently the third row is shifted two byte positions to the left and the fourth row is shifted three byte positions to the left Figure 9 illustrates how this Shift Rows operation works Figure 9 The Shift Rows Operation In Figure 9 the first row remains unshifted and the second row is shifted to the right by 1 cell All elements in the second row are shifted 1 position to the left to essentially place the first byte of the 2nd row A3 into the 4th byte position indicated in green in Figure ANO033801 0812 Page 7 of 34 AES 128 Bit Implementation with Zilog Microcontrollers Application Note ZIlog AnDEXYS Company 10 This process is repeated twice for all elements in the third row and three times for all elements in the fourth row The result is shown in Figure 10 Figure 10 Shifting the 2nd Row The third row is shifted twice 1 e
23. he Generate Debug Information checkbox is selected Return to the Configuration drop down menu select Release and repeat these same tasks so that the Generate Debug Information checkbox is selected 6 Additionally with the zdsproj project open navigate via the Project menu in ZDSII and select Settings In the Code Generation pane ensure that the Limit Opti mization checkbox is not selected and that Memory Model is set to Small as shown in Figure 15 Project Settings Configuration Release St General 5 h Code Generation et Assembler fill c f Safest mh Code Generation t Small And D ebuagable F Listing Files t Smallest Possible 5 FARE i User Defined amp h Deprecated Se SL iu Linker Limit Optimizations for Easier D ebuaging da Commands Fh Objects and Libraries t Th Address Spaces Memory Model Small Sg Warnings Frames Dynamic sl Ta Output Parameter Passing Register SES Debugger Mate Cancel Help Figure 15 Code Generation Panel Settings ANO033801 0812 Page 14 of 34 AES 128 Bit Implementation with Zilog Microcontrollers Application Note Zilog An X YS Company 7 In the Debugger panel of the Settings window in the Target pane click the Setup button to launch the Configure Target dialog box In this dialog ensure that the Clock Source is set to External and that the Frequency is set to 20 00000 MHz Click OK to close the Configure Targ
24. ition To determine whether a later edition exists please visit the Zilog website at http www zilog com A N Warning DO NOT USE THIS PRODUCT IN LIFE SUPPORT SYSTEMS LIFE SUPPORT POLICY ZILOG S PRODUCTS ARE NOT AUTHORIZED FOR USE AS CRITICAL COMPONENTS IN LIFE SUPPORT DEVICES OR SYSTEMS WITHOUT THE EXPRESS PRIOR WRITTEN APPROVAL OF THE PRESIDENT AND GENERAL COUNSEL OF ZILOG CORPORATION As used herein Life support devices or systems are devices which a are intended for surgical implant into the body or b support or sustain life and whose failure to perform when properly used in accordance with instructions for use provided in the labeling can be reasonably expected to result in a significant injury to the user A critical component is any component in a life support device or system whose failure to perform can be reasonably expected to cause the failure of the life support device or system or to affect its safety or effectiveness Document Disclaimer 2012 Zilog Inc All rights reserved Information in this publication concerning the devices applications or technology described is intended to suggest possible uses and may be superseded ZILOG INC DOES NOT ASSUME LIABILITY FOR OR PROVIDE A REPRESENTATION OF ACCURACY OF THE INFORMATION DEVICES OR TECHNOLOGY DESCRIBED IN THIS DOCUMENT ZILOG ALSO DOES NOT ASSUME LIABILITY FOR INTELLECTUAL PROPERTY INFRINGEMENT RELATED IN ANY MANNER TO USE OF INFORMATION DEVICES OR TECHNOLOGY
25. ke the first byte and save it to a third variable Z then XOR the three X Y and Z variables and place the result into the first byte of the scratch matrix From the data matrix take the XORed result of the second and third bytes multiply this result by 2 and save the result to the Y variable Take the XORed result of the X Y and Z variables and place this result into the second byte of the scratch matrix From the data matrix take the XORed result of the third and fourth bytes of the first row multiply this result by 2 and save the result to the Y variable Take the XORed result of the X Y and Z variables and place the result into the third byte of the scratch matrix From the data matrix take the third byte of the first row and XOR this byte to the Z variable multiply the result by 2 and save the result to the Y variable Take the XORed result of the X Y and Z variables and place the result into the fourth byte of the scratch matrix 10 Repeat Steps through 9 for the second third and fourth rows Figure 13 diagrams the results of this Mix Column implementation ANO033801 0812 Page 10 of 34 AES 128 Bit Implementation with Zilog Microcontrollers Application Note Figure 13 Mix Column with Galois Multiplication Key Expansion Key expansion refers to the process in which the 128 bits of the original key are expanded into eleven 128 bit round keys Each next round key n 1 must be calculated from each rou
26. mpetition for different algorithm propos als that would replace DES the best would become the new AES standard In the final round of the competition the Rijndael algorithm named after its Belgian inventors Joan Daemen and Vincent Rijmen won because of its security ease of implementation and small footprint memory requirements There are currently three different versions of AES all of them have a block length of 128 bits whereas key length is allowed to be 128 192 or 256 bits For the purposes of this application note only a key length of 128 bits is discussed The AES algorithm consists of ten rounds of encryption as indicated in Figure 1 The 128 bit key is first expanded into eleven round keys each of them 128 bits in size Each round includes a transformation that uses a corresponding cipher key to ensure the security of the encryption PLAIN TEXT ROUND KEY CIPHER ADD ROUND KEY KEY Repeat 9 times SUBBYTES Generate 10 Bommel Keys SHIFTROWS MIX COLUMNS SUBBYTES SHIFTROWS ROUND KEY m ADD ROUND KEY ROUND KEY J KEYS ADD ROUND KEY Figure 1 AES Encryption Algorithm CIPHER TEXT ANO033801 0812 Page 2 of 34 AES 128 Bit Implementation with Zilog Microcontrollers Application Note ZILO C DIYS T After an initial round of encryption during which the first round key is XORed to the plain text the Addroundkey operation nine equally structured rounds follow Each round consists of the
27. nd key n Observe the following procedure to compute the new first column of the next round key 1 All of the bytes of the old fourth column must be substituted using the Subbytes oper ation These four bytes are shifted vertically by one byte position and then XORed to the old first column The result of these operations is the new first column 2 Columns 2 to 4 of the new round key are calculated as shown new second column new first column XOR old second column new third column new second column XOR old third column new fourth column new third column XOR old fourth column ANO033801 0812 Page 11 of 34 AES 128 Bit Implementation with Zilog Microcontrollers Application Note Zito ng bierg Decryption Decryption 1s the inverse of the encryption operation and follows the same process dis cussed in the The Substitute Bytes Operation section on page 5 except that it uses an Inverse S Box method instead of the S Box method as indicated in Figure 14 3T213T4T 5T 17 T5T T5 T eT 3T 8T L a as 30 36 a5 38 b 40 a3 3e B1 3 47 tb 35 82 9b 2 87 34 8e 43 44 cA de es 94 32 a6 c2 23 3d ee 4c 955 Ob 42 fa c3 te a1 66 28 a9 24 2 76 5b a2 49 6 8b di 25 6 64 86 68 98 16 dd ad 5c cc 5d 65 b6 92 28 50 fd ed b3 da 5e 15 46 57 a7 B4 S4 84 8e be d3 0a 7 e4 58 05 bB
28. rTerminal screen as shown in Figure 17 SES 28 HyperTerminal DE File Edit iew Call Transfer Help lEnter 16 Characters Connected 0 00 37 Auto detect S600 8 N 1 SERM IC RR SPE EET Figure 17 Initial AES 128 Screen in HyperTerminal ANO033801 0812 Page 16 of 34 AES 128 Bit Implementation with Zilog Microcontrollers Application Note zilog Embodied m Life AnD X YS Company 3 At this prompt enter a 16 character string for example enter abcdefghi jklmnop as indicated in Figure 18 4B AES 128 HyperTerminal File Edit View Call Transfer Help Enter 16 Characters abcdefghijkIl mnop Auto detect SF 600 8 N 1 a NUM Figure 18 Entering a 16 Character String for Encryption Connected 0 00 32 Page 17 of 34 AN033801 0812 AES 128 Bit Implementation with Zilog Microcontrollers Application Note zilog 4 Hyperlerminal will respond with Encryption in process then display the encrypted version of the string that you entered 1 e the ciphered text as shown in Figure 19 8 AES 128 HyperTerminal File Edit wiew all Transfer Help Jog Enter 16 C haracters abcdefghijkIlmnop Encryption in process Sc rl deh H 4 Auto detect Sz 600 DN Connected O 00 73z Figure 19 The 16 Character String Encrypted Note The program will wait for you to enter a total of 16 characters and will not respond
29. rn more about the Galois field please refer to the Finite Field discussion in Wolfram Mathworld In the Mix Column operation a Galois field multiplication of matrix elements is imple mented by shifting each value in a matrix to the left by one If the value is greater than 0x80 the shifted value is returned and XORed from 0x15 While the mathematical details are beyond the scope of this document it is important to know that in a Galois field an addition operation corresponds to an XOR and a multiplication corresponds to a more A field as opposed to a matrix is an algebraic structure in which the operations of addition subtraction multiplication and di vision except by zero can be performed ANO033801 0812 Page 9 of 34 AES 128 Bit Implementation with Zilog Microcontrollers Application Note ZILOQ An EA YS Compa complex equivalent The fact that there are many instances of 01 in the multiplication matrix of the Mix Column operation makes this step easily computable The following procedure shows how to implement a Mix Column operation in which it is assumed we have two 4x4 matrices namely the data matrix and a scratch matrix l From the data matrix take the XORed result of the first row and save this result to the variable X From the data matrix take the XORed result of the first and second bytes of the first row multiply this result by 2 and save this new result to the variable Y From the data matrix ta
30. two cells to the right which results in the matrix shown in Figure 11 Figure 11 Shifting the 3rd Row AN033801 0812 Page 8 of 34 AES 128 Bit Implementation with Zilog Microcontrollers Application Note z ilog An DX YS Company The fourth and final row is shifted three times 1 e three cells to the right which results in the matrix shown in Figure 12 Figure 12 Shifting the 4th Row This process of shifting all four rows is repeated with every round of encryption until all ten rounds are completed The Mix Column Operation Following the Shift Row operation is the Mix Column operation which is the final pro cess of the four encryption operations and the most complex step in the AES 128 imple mentation The Mix Column operation processes a data matrix in column by column fashion In prin ciple only a matrix multiplication operation must be performed To make this operation reversible the usual addition and multiplication operations are not used In an AES imple mentation Galois field operations are used instead The Galois Field A finite field is a field that exhibits a finite field order 1 e a sequence of elements this finite field is also called a Galois field The order of a finite field is always represented by a prime number or the exponent of a prime number as postulated by Birkhoff and Mac Lane 1996 Because a discussion about the Galois field 1s beyond the scope of this docu ment or to lea
31. uble click the main c file if it is not already open Place break points at the beginning of each of the lines containing cipher AES and decipher AES located towards the bottom of the file as indicated in Figure 22 x fe amp gt yi vit clocks 2285 Lex printf r nEncryption in seconds 0 000114 cipher AES Uzer Input printfi xs User Input printf r nDecryption in decipher AES Uzer Input printri zwrn Neer Inp EE EE JE 3E 3E 3E 3E 3E 3E 3E 3E 3E 3E 3E 3E 3E 3E 3E 3E 3E 3E AE ANO033801 0812 Figure 22 Break Points Location and Time Page 22 of 34 AES 128 Bit Implementation with Zilog Microcontrollers Application Note zilog me we d m 5 Build the project by selecting Build from the Build menu then click the Go button in the Debug toolbar 6 When the program stops at the break points you placed navigate via the View menu to Debug Windows Clock 7 Check the clock value at every break point then subtract the old value from the new value to obtain the time usage of each routine as indicated in Figure 23 zx locks 40103 wie printf i rnEncryption in e D cipher AES User Input SECO CS Hs RENE oe printti wm User_Input Eu printfi r nDecrvption in e decipher AES User Input F printf Xsw r n User Inp Y E i SUIECEX C3E 3E JE 3E 3E 3 3E 3 3 3 3 3 3E 3 3 3 3E 3 3E 3E 3E 3E 3E EE Figur
32. until at least 16 characters are entered The Enter key is also considered to be a character theo retically you could press the Enter key 16 times which would cause the program to encrypt decrypt a string of 16 Enter key characters ANO033801 0812 Page 18 of 34 AES 128 Bit Implementation with Zilog Microcontrollers Application Note zilog i irad nm AnD LX Y Company 5 After encryption the decryption process begins and displays Decryption in pro cess followed by the decrypted text as shown in Figure 20 This result which shows the decrypted version of the formerly encrypted original string confirms the veracity of the AES 128 algorithm DRESCH 1 ime Enter 16 Characters abcdefghijkIl mnop Encryption in process Tse rll d h H 4 Decryption in process abcdef ghijkIl mnop Enter 16 Characters Connected 00032 Suto detect E BUD 8 N 1 Figure 20 The 16 Character String Encrypted then Decrypted Results Upon testing this AES 128 bit implementation yields the following specifications See Appendix B Calculating Time RAM ROM and Stack Space Usage on page 22 e Clock Frequency 20MHz e Limit Optimization Unchecked e Memory Model Small e Configuration Debug or Release e Cipher Time 1 89ms e Decipher Time 2 60ms RAM Usage 192B not including the stack ANO033801 0812 Page 19 of 34 Summary AES 128 Bit Implementation with Zilog Microcontrollers Application Not
33. yption code to be fully secured Note There are two source code files associated with this application note AN0338 SCOI zip contains a full representation of the AES routines described herein In AN0338 SCO2 zip some lines of code in the main c file have been commented out to facilitate testing cipher and decipher times and memory usage when a terminal emulation program is not being used All source code has been tested with version 5 0 0 of ZDSII for Z8 Encore XP MCUS both of these zip files are available for download from the Zilog website Subse quent releases of ZDS II may require you to modify the code supplied with this application note Features The application discussed in this document adheres to the following methodologies e Observes the NIST FIPS 197 standard e Employs the AES algorithm suggested by NIST FIPS 197 e Allows the user to cipher and test different character combinations e Fast small footprint implementation that can fit into a 4KB Flash memory space AN033801 0812 Page 1 of 34 AES 128 Bit Implementation with Zilog Microcontrollers Application Note Zilog ami 2d r An EX Y Compal Discussion The Advanced Encryption Standard AES was released by the National Institute of Stan dards and Technology NIST in November 2001 It is the successor to the Data Encryp tion Standard DES which no longer satisfies today s security requirements due to its short key length of 56 bits NIST had hosted a co
Download Pdf Manuals
Related Search