diff --git a/mgf1/mgf1.c b/mgf1/mgf1.c
new file mode 100644
index 0000000..bdbf1ea
--- /dev/null
+++ b/mgf1/mgf1.c
@@ -0,0 +1,55 @@
+/* mgf1.c */
+/*
+    This file is part of the AVR-Crypto-Lib.
+    Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <stdint.h>
+#include <string.h>
+#include "mgf1.h"
+#include "hfal-basic.h"
+
+/*
+ * MGF1 as defined in PKCS #1 v2.1 B.2.1
+ */
+
+
+void mgf1_short_seed(void* dest, const void* seed, uint8_t seed_len_B, uint16_t out_length_B, const mgf1_parameter_t* p){
+	uint8_t buffer[seed_len_B+4];
+	uint32_t counter=1;
+	uint8_t hv_len = hfal_hash_getHashsize(p->hashfunction)/8;
+	memcpy(buffer, seed, seed_len_B);
+	memset(buffer + seed_len_B, 0, 4);
+	while(out_length_B >= hv_len){
+		hfal_hash_mem(p->hashfunction, dest, buffer, (seed_len_B + 4) * 8);
+		dest = (uint8_t*)dest + hv_len;
+		out_length_B -= hv_len;
+		buffer[seed_len_B + 3] = counter & 0xff;
+		buffer[seed_len_B + 2] = (counter>>8) & 0xff;
+		buffer[seed_len_B + 1] = (counter>>16) & 0xff;
+		buffer[seed_len_B + 0] = (counter>>24) & 0xff;
+		++counter;
+	}
+	if(out_length_B){
+		uint8_t hash_buffer[hv_len];
+		hfal_hash_mem(p->hashfunction, hash_buffer, buffer, (seed_len_B + 4) * 8);
+		memcpy(dest, hash_buffer, out_length_B);
+	}
+}
+
+void mgf1(void* dest, const void* seed, uint16_t seed_len_B, uint16_t out_length_B, const mgf1_parameter_t* p){
+	mgf1_short_seed(dest, seed, seed_len_B, out_length_B, p);
+}
diff --git a/mgf1/mgf1.h b/mgf1/mgf1.h
new file mode 100644
index 0000000..76c3b8d
--- /dev/null
+++ b/mgf1/mgf1.h
@@ -0,0 +1,36 @@
+/* mgf1.h */
+/*
+    This file is part of the AVR-Crypto-Lib.
+    Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef MGF1_H_
+#define MGF1_H_
+
+#include <stdint.h>
+#include "hfal-basic.h"
+
+typedef struct {
+	const hfdesc_t* hashfunction;
+} mgf1_parameter_t;
+
+/*
+ * MGF1 as defined in PKCS #1 v2.1 B.2.1
+ */
+
+void mgf1(void* dest, const void* seed, uint16_t seed_len_B, uint16_t out_length_B, const mgf1_parameter_t* p);
+
+#endif /* MGF1_H_ */