A byte-oriented AES-256 implementation
Nov 11, 2007 by Ilya Levin
As you may know, I do cryptographic perversions occasionally.
Recently I've been asked for a compact implementation of AES-256. Code size must be small, speed is not important and (here is the catch) no assembler. The requesters have tried various public available implementations before and none were fit.
So I did mine.
It is a straightforward and rather naïve byte-oriented portable C implementation, where all the lookup tables replaced with on-the-fly calculations. Certainly it is slower and more subjective to side-channel attacks by nature. But this implementation is exactly what was wanted and it made everybody happy.
So, if you want it then here is the source code:
Note it is AES-256, not AES-128. This implementation is fully compatible with FIPS-197. The included demo code validates with the test vector as defined in Appendix C.3 there.
You may also be interested in the AES-256 module for Python made by Roberto Ostinelli, or in the version for Arduino made by Chris van Marle, or in the version for CUDA made by Joel Rodriguez-Ramirez.
Updated on May 5, 2009
I have updated the source code, thanks to Hal Finney for his valuable input. The decryption routine is faster, so this implementation is better for generic use. Now you may also choose between using dynamic or pre-computed tables when compile.