Cryptography Reference
In-Depth Information
The 192-bit key schedule is the same, except that the rotation, substitution
and round-constant XOR is applied every sixth iteration instead of every fourth.
For a 256-bit key, rotation, substitution, and XORing happens every eighth itera-
tion. Because every eight iterations doesn't work out to that many, a 256-bit key
schedule adds one small additional wrinkle — every fourth iteration, substitu-
tion takes place, but rotation and XOR — only take place every eighth iteration.
The net result of all of this is that the key schedule is a non-linear, but repeat-
able, permutation of the input key. The code to compute an AES key schedule
is shown in Listing 2-32.
Listing 2-32:
“aes.c” compute_key_schedule
static void compute_key_schedule( const unsigned char *key,
int key_length,
unsigned char w[ ][ 4 ] )
{
int i;
int key_words = key_length >> 2;
unsigned char rcon = 0x01;
// First, copy the key directly into the key schedule
memcpy( w, key, key_length );
for ( i = key_words; i < 4 * ( key_words + 7 ); i++ )
{
memcpy( w[ i ], w[ i - 1 ], 4 );
if ( !( i % key_words ) )
{
rot_word( w[ i ] );
sub_word( w[ i ] );
if ( !( i % 36 ) )
{
rcon = 0x1b;
}
w[ i ][ 0 ] ^= rcon;
rcon <<= 1;
}
else if ( ( key_words > 6 ) && ( ( i % key_words ) == 4 ) )
{
sub_word( w[ i ] );
}
w[ i ][ 0 ] ^= w[ i - key_words ][ 0 ];
w[ i ][ 1 ] ^= w[ i - key_words ][ 1 ];
w[ i ][ 2 ] ^= w[ i - key_words ][ 2 ];
w[ i ][ 3 ] ^= w[ i - key_words ][ 3 ];
}
}
Here,
key_length
is given in bytes, and
w
is the key schedule array to
fi ll out. First copy
key_length
bytes directly into
w
, and then perform
Search WWH ::
Custom Search