in src/aes.c [308:365]
int AES_init(amcl_aes* a,int mode,int nk,char *key,const char *iv)
{
/* Key length Nk=16, 24 or 32 bytes */
/* Key Scheduler. Create expanded encryption key */
int i;
int j;
int k;
int N;
int nr;
unsign32 CipherKey[8];
nk/=4;
if (nk!=4 && nk!=6 && nk!=8) return 0;
nr=6+nk;
a->Nk=nk;
a->Nr=nr;
AES_reset(a,mode,iv);
N=NB*(nr+1);
for (i=j=0; i<nk; i++,j+=4)
{
CipherKey[i]=pack((uchar *)&key[j]);
a->fkey[i]=CipherKey[i];
}
for (j=nk,k=0; j<N; j+=nk,k++)
{
a->fkey[j]=a->fkey[j-nk]^SubByte(ROTL24(a->fkey[j-1]))^rco[k];
if (nk<=6)
{
for (i=1; i<nk && (i+j)<N; i++)
a->fkey[i+j]=a->fkey[i+j-nk]^a->fkey[i+j-1];
}
else
{
for (i=1; i<4 && (i+j)<N; i++)
a->fkey[i+j]=a->fkey[i+j-nk]^a->fkey[i+j-1];
if ((j+4)<N) a->fkey[j+4]=a->fkey[j+4-nk]^SubByte(a->fkey[j+3]);
for (i=5; i<nk && (i+j)<N; i++)
a->fkey[i+j]=a->fkey[i+j-nk]^a->fkey[i+j-1];
}
}
/* now for the expanded decrypt key in reverse order */
for (j=0; j<NB; j++) a->rkey[j+N-NB]=a->fkey[j];
for (i=NB; i<N-NB; i+=NB)
{
k=N-NB-i;
for (j=0; j<NB; j++) a->rkey[k+j]=InvMixCol(a->fkey[i+j]);
}
for (j=N-NB; j<N; j++) a->rkey[j-N+NB]=a->fkey[j];
return 1;
}