4. The Key Expansion
We've got all of the functions we need to implement the key scheduler!
Your task is to create a KeyExpansion() function outputing an ExpandedKey value. The ExpandedKey value is a series of columns. These columns are all called words and are essentially 4 bytes. The first 4 columns correspond to the original 16-byte key (which will be the first round key), the next 4 columns correspond to the next round key, and on and on... until enough round keys can be created.
In the following picture, imagine that the key provided to AES was 2b7e151628aed2a6abf7158809cf4f3c (in hexadecimal). This fills exactly four columns and will be the first round key. To obtain the first column of the next round key, here are the steps:
- Take the value of the previous round key's last column and give it to
rotWord() - Then give it to
subWord() - Then XOR it to the first column of the previous round key
- then XOR it to
rcon(round)withroundbeing the round number (starting at 1). We'll see what that round is later, but basically know that in AES, a plaintext goes through several rounds of transformation. Each round has its own round key. AES-128 requires 10 rounds, and will use 10 + 1 = 11 round keys.
To obtain the other (3) columns of a round key, just XOR the previous column with the previous round key's column of the same index.
You should now have enough functions to create the final KeyExpansion() function. Go ahead and do that.
After you're done, feed it the following hexadecimal key:
2b7e151628aed2a6abf7158809cf4f3c
and make sure you get the following subkeys back:
2b7e151628aed2a6abf7158809cf4f3c a0fafe1788542cb123a339392a6c7605 f2c295f27a96b9435935807a7359f67f 3d80477d4716fe3e1e237e446d7a883b ef44a541a8525b7fb671253bdb0bad00 d4d1c6f87c839d87caf2b8bc11f915bc 6d88a37a110b3efddbf98641ca0093fd 4e54f70e5f5fc9f384a64fb24ea6dc4f ead27321b58dbad2312bf5607f8d292f ac7766f319fadc2128d12941575c006e d014f9a8c9ee2589e13f0cc8b6630ca6
If you can't figure out why your function doesn't work, you can use the more detailed test vectors from the appendix A.1 of the AES standard. we also gave some other good resources to understand and test your implementation in the main page of this set.