* x86/aes.asm: Use C for comments, include the tables using

include_src, and commented out the key setup functions. Rev: src/nettle/x86/aes.asm:1.3

* x86/aes.asm: Use C for comments, include the tables using
include_src, and commented out the key setup functions. Rev: src/nettle/x86/aes.asm:1.3
3f7e33fd · Niels Möller · be3e8011 · 3f7e33fd
Commit 3f7e33fd authored May 07, 2002 by Niels Möller
--- a/x86/aes.asm
+++ b/x86/aes.asm
-! nettle, low-level cryptographics library
-! 
-! Copyright (C) 2001, 2002 Rafael R. Sevilla
-!  
-! The nettle library is free software; you can redistribute it and/or modify
-! it under the terms of the GNU Lesser General Public License as published by
-! the Free Software Foundation; either version 2.1 of the License, or (at your
-! option) any later version.
-! 
-! The nettle library is distributed in the hope that it will be useful, but
-! WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-! or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
-! License for more details.
-! 
-! You should have received a copy of the GNU Lesser General Public License
-! along with the nettle library; see the file COPYING.LIB.  If not, write to
-! the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
-! MA 02111-1307, USA.
-
-	.file	"rijndael.s"
+C nettle, low-level cryptographics library
+C 
+C Copyright (C) 2001, 2002 Rafael R. Sevilla
+C  
+C The nettle library is free software; you can redistribute it and/or modify
+C it under the terms of the GNU Lesser General Public License as published by
+C the Free Software Foundation; either version 2.1 of the License, or (at your
+C option) any later version.
+C 
+C The nettle library is distributed in the hope that it will be useful, but
+C WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+C or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+C License for more details.
+C 
+C You should have received a copy of the GNU Lesser General Public License
+C along with the nettle library; see the file COPYING.LIB.  If not, write to
+C the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+C MA 02111-1307, USA.
+
+	.file	"aes.asm"

 	.data

-#include "rijndaeltbls.S"
+include_src(<x86/aes_tables.asm>)

 	.text

 .globl	print_word

-	//// rijndael_encrypt(RIJNDAEL_context *ctx, const UINT8 *plaintext
-	////		    UINT8 *ciphertext)
+	C aes_encrypt(struct aes_context *ctx, 
+	C             unsigned length, uint8_t *dst,
+	C 	      uint8_t *src)
+	C  const UINT8 *plaintext
+	C //		    UINT8 *ciphertext)
 	.align 16
-.globl rijndael_encrypt
-	.type	rijndael_encrypt,@function
-rijndael_encrypt:
-	//// save all registers that need to be saved
-	pushl	%ebx		// 16(%esp)
-	pushl	%ebp		// 12(%esp)
-	pushl	%esi		// 8(%esp)
-	pushl	%edi		// 4(%esp)
-	movl	24(%esp),%esi	// address of plaintext
-	movl	(%esi),%eax	// load plaintext into registers
+.globl aes_encrypt
+	.type	aes_encrypt,@function
+aes_encrypt:
+	C // save all registers that need to be saved
+	pushl	%ebx		C  16(%esp)
+	pushl	%ebp		C  12(%esp)
+	pushl	%esi		C  8(%esp)
+	pushl	%edi		C  4(%esp)
+	movl	24(%esp),%esi	C  address of plaintext
+	movl	(%esi),%eax	C  load plaintext into registers
 	movl	4(%esi),%ebx
 	movl	8(%esi),%ecx
 	movl	12(%esi),%edx
-	movl	20(%esp),%esi	// address of context struct ctx
-	xorl	(%esi),%eax	// add first key to plaintext
+	movl	20(%esp),%esi	C  address of context struct ctx
+	xorl	(%esi),%eax	C  add first key to plaintext
 	xorl	4(%esi),%ebx
 	xorl	8(%esi),%ecx
 	xorl	12(%esi),%edx
-	movl	20(%esp),%ebp	// address of context struct
-	movl	480(%ebp),%ebp	// get number of rounds to do from struct
+	movl	20(%esp),%ebp	C  address of context struct
+	movl	480(%ebp),%ebp	C  get number of rounds to do from struct

 	subl	$1,%ebp
-	addl	$16,%esi	// point to next key
+	addl	$16,%esi	C  point to next key
 .encrypt_loop:
-	pushl	%esi		// save this first: we'll clobber it later
+	pushl	%esi		C  save this first: we'll clobber it later

-	//// First column
-	shll	$2,%esi		// index in dtbl1
+	C // First column
+	shll	$2,%esi		C  index in dtbl1
 	movl	dtbl1(%esi),%edi
 	shrl	$6,%esi
-	andl	$0x000003fc,%esi // clear all but offset bytes
+	andl	$0x000003fc,%esi C  clear all but offset bytes
 	xorl	dtbl2(%esi),%edi
-	movl	%ecx,%esi	// third one
+	movl	%ecx,%esi	C  third one
 	shrl	$14,%esi
 	andl	$0x000003fc,%esi
 	xorl	dtbl3(%esi),%edi
-	movl	%edx,%esi	// fourth one
+	movl	%edx,%esi	C  fourth one
 	shrl	$22,%esi
 	andl	$0x000003fc,%esi
 	xorl	dtbl4(%esi),%edi
-	pushl	%edi		// save first on stack
+	pushl	%edi		C  save first on stack

-	//// Second column
-	movl	%ebx,%esi	// copy first in
-	andl	$0x000000ff,%esi // clear all but offset
-	shll	$2,%esi		// index in dtbl1
+	C // Second column
+	movl	%ebx,%esi	C  copy first in
+	andl	$0x000000ff,%esi C  clear all but offset
+	shll	$2,%esi		C  index in dtbl1
 	movl	dtbl1(%esi),%edi
-	movl	%ecx,%esi	// second one
+	movl	%ecx,%esi	C  second one
 	shrl	$6,%esi
-	andl	$0x000003fc,%esi // clear all but offset bytes
+	andl	$0x000003fc,%esi C  clear all but offset bytes
 	xorl	dtbl2(%esi),%edi
-	movl	%edx,%esi	// third one
+	movl	%edx,%esi	C  third one
 	shrl	$14,%esi
 	andl	$0x000003fc,%esi
 	xorl	dtbl3(%esi),%edi
-	movl	%eax,%esi	// fourth one
+	movl	%eax,%esi	C  fourth one
 	shrl	$22,%esi
 	andl	$0x000003fc,%esi
 	xorl	dtbl4(%esi),%edi
-	pushl	%edi		// save first on stack
+	pushl	%edi		C  save first on stack

-	//// Third column
-	movl	%ecx,%esi	// copy first in
-	andl	$0x000000ff,%esi // clear all but offset
-	shll	$2,%esi		// index in dtbl1
+	C // Third column
+	movl	%ecx,%esi	C  copy first in
+	andl	$0x000000ff,%esi C  clear all but offset
+	shll	$2,%esi		C  index in dtbl1
 	movl	dtbl1(%esi),%edi
-	movl	%edx,%esi	// second one
+	movl	%edx,%esi	C  second one
 	shrl	$6,%esi
-	andl	$0x000003fc,%esi // clear all but offset bytes
+	andl	$0x000003fc,%esi C  clear all but offset bytes
 	xorl	dtbl2(%esi),%edi
-	movl	%eax,%esi	// third one
+	movl	%eax,%esi	C  third one
 	shrl	$14,%esi
 	andl	$0x000003fc,%esi
 	xorl	dtbl3(%esi),%edi
-	movl	%ebx,%esi	// fourth one
+	movl	%ebx,%esi	C  fourth one
 	shrl	$22,%esi
 	andl	$0x000003fc,%esi
 	xorl	dtbl4(%esi),%edi
-	pushl	%edi		// save first on stack
+	pushl	%edi		C  save first on stack

-	//// Fourth column
-	movl	%edx,%esi	// copy first in
-	andl	$0x000000ff,%esi // clear all but offset
-	shll	$2,%esi		// index in dtbl1
+	C // Fourth column
+	movl	%edx,%esi	C  copy first in
+	andl	$0x000000ff,%esi C  clear all but offset
+	shll	$2,%esi		C  index in dtbl1
 	movl	dtbl1(%esi),%edi
-	movl	%eax,%esi	// second one
+	movl	%eax,%esi	C  second one
 	shrl	$6,%esi
-	andl	$0x000003fc,%esi // clear all but offset bytes
+	andl	$0x000003fc,%esi C  clear all but offset bytes
 	xorl	dtbl2(%esi),%edi
-	movl	%ebx,%esi	// third one
+	movl	%ebx,%esi	C  third one
 	shrl	$14,%esi
 	andl	$0x000003fc,%esi
 	xorl	dtbl3(%esi),%edi
-	movl	%ecx,%esi	// fourth one
+	movl	%ecx,%esi	C  fourth one
 	shrl	$22,%esi
 	andl	$0x000003fc,%esi
 	xorl	dtbl4(%esi),%edi
@@ -133,16 +136,16 @@ rijndael_encrypt:
 	popl	%ebx
 	popl	%eax
 	popl	%esi
-	xorl	(%esi),%eax	// add current session key to plaintext
+	xorl	(%esi),%eax	C  add current session key to plaintext
 	xorl	4(%esi),%ebx
 	xorl	8(%esi),%ecx
 	xorl	12(%esi),%edx
-	addl	$16,%esi	// point to next key
+	addl	$16,%esi	C  point to next key
 	decl	%ebp
 	jnz	.encrypt_loop

-	//// last round
-	//// first column
+	C // last round
+	C // first column
 	movl	%eax,%edi
 	andl	$0x000000ff,%edi
 	movl	%ebx,%ebp
@@ -156,7 +159,7 @@ rijndael_encrypt:
 	orl	%ebp,%edi
 	pushl	%edi

-	//// second column
+	C // second column
 	movl	%eax,%edi
 	andl	$0x0000ff00,%edi
 	movl	%ebx,%ebp
@@ -170,7 +173,7 @@ rijndael_encrypt:
 	orl	%ebp,%edi
 	pushl	%edi

-	//// third column
+	C // third column
 	movl	%eax,%edi
 	andl	$0x00ff0000,%edi
 	movl	%ebx,%ebp
@@ -184,7 +187,7 @@ rijndael_encrypt:
 	orl	%ebp,%edi
 	pushl	%edi

-	//// fourth column
+	C // fourth column
 	movl	%eax,%edi
 	andl	$0xff000000,%edi
 	movl	%ebx,%ebp
@@ -202,7 +205,7 @@ rijndael_encrypt:
 	popl	%eax
 	xchgl	%ebx,%edx

-	//// S-box substitution
+	C // S-box substitution
 	mov	$4,%edi
 .sb_sub:
 	movl	%eax,%ebp
@@ -228,12 +231,12 @@ rijndael_encrypt:
 	decl	%edi
 	jnz	.sb_sub

-	xorl	(%esi),%eax	// add last key to plaintext
+	xorl	(%esi),%eax	C  add last key to plaintext
 	xorl	4(%esi),%ebx
 	xorl	8(%esi),%ecx
 	xorl	12(%esi),%edx

-	//// store encrypted data back to caller's buffer
+	C // store encrypted data back to caller's buffer
 	movl	28(%esp),%edi
 	movl	%eax,(%edi)
 	movl	%ebx,4(%edi)
@@ -245,112 +248,112 @@ rijndael_encrypt:
 	popl	%ebx
 	ret
 .eore:
-	.size	rijndael_encrypt,.eore-rijndael_encrypt
+	.size	aes_encrypt,.eore-aes_encrypt


-	//// rijndael_decrypt(RIJNDAEL_context *ctx, const UINT8 *ciphertext
-	////		    UINT8 *plaintext)
+	C // aes_decrypt(AES_context *ctx, const UINT8 *ciphertext
+	C //		    UINT8 *plaintext)
 	.align 16
-.globl rijndael_decrypt
-	.type	rijndael_decrypt,@function
-rijndael_decrypt:
-	//// save all registers that need to be saved
-	pushl	%ebx		// 16(%esp)
-	pushl	%ebp		// 12(%esp)
-	pushl	%esi		// 8(%esp)
-	pushl	%edi		// 4(%esp)
-	movl	24(%esp),%esi	// address of ciphertext
-	movl	(%esi),%eax	// load ciphertext into registers
+.globl aes_decrypt
+	.type	aes_decrypt,@function
+aes_decrypt:
+	C // save all registers that need to be saved
+	pushl	%ebx		C  16(%esp)
+	pushl	%ebp		C  12(%esp)
+	pushl	%esi		C  8(%esp)
+	pushl	%edi		C  4(%esp)
+	movl	24(%esp),%esi	C  address of ciphertext
+	movl	(%esi),%eax	C  load ciphertext into registers
 	movl	4(%esi),%ebx
 	movl	8(%esi),%ecx
 	movl	12(%esi),%edx
-	movl	20(%esp),%esi	// address of context struct ctx
-	movl	480(%esi),%ebp	// get number of rounds to do from struct
+	movl	20(%esp),%esi	C  address of context struct ctx
+	movl	480(%esi),%ebp	C  get number of rounds to do from struct
 	shll	$4,%ebp
 	leal	240(%esi, %ebp),%esi
 	shrl	$4,%ebp
-	xorl	(%esi),%eax	// add last key to ciphertext
+	xorl	(%esi),%eax	C  add last key to ciphertext
 	xorl	4(%esi),%ebx
 	xorl	8(%esi),%ecx
 	xorl	12(%esi),%edx

-	subl	$1,%ebp		// one round is complete
-	subl	$16,%esi	// point to previous key
+	subl	$1,%ebp		C  one round is complete
+	subl	$16,%esi	C  point to previous key
 .decrypt_loop:
-	pushl	%esi		// save this first: we'll clobber it later
+	pushl	%esi		C  save this first: we'll clobber it later
 	xchgl	%ebx,%edx

-	//// First column
-	movl	%eax,%esi	// copy first in
-	andl	$0x000000ff,%esi // clear all but offset
-	shll	$2,%esi		// index in itbl1
+	C // First column
+	movl	%eax,%esi	C  copy first in
+	andl	$0x000000ff,%esi C  clear all but offset
+	shll	$2,%esi		C  index in itbl1
 	movl	itbl1(%esi),%edi
-	movl	%ebx,%esi	// second one
+	movl	%ebx,%esi	C  second one
 	shrl	$6,%esi
-	andl	$0x000003fc,%esi // clear all but offset bytes
+	andl	$0x000003fc,%esi C  clear all but offset bytes
 	xorl	itbl2(%esi),%edi
-	movl	%ecx,%esi	// third one
+	movl	%ecx,%esi	C  third one
 	shrl	$14,%esi
 	andl	$0x000003fc,%esi
 	xorl	itbl3(%esi),%edi
-	movl	%edx,%esi	// fourth one
+	movl	%edx,%esi	C  fourth one
 	shrl	$22,%esi
 	andl	$0x000003fc,%esi
 	xorl	itbl4(%esi),%edi
-	pushl	%edi		// save first on stack
+	pushl	%edi		C  save first on stack

-	//// Second column
-	movl	%edx,%esi	// copy first in
-	andl	$0x000000ff,%esi // clear all but offset
-	shll	$2,%esi		// index in itbl1
+	C // Second column
+	movl	%edx,%esi	C  copy first in
+	andl	$0x000000ff,%esi C  clear all but offset
+	shll	$2,%esi		C  index in itbl1
 	movl	itbl1(%esi),%edi
-	movl	%eax,%esi	// second one
+	movl	%eax,%esi	C  second one
 	shrl	$6,%esi
-	andl	$0x000003fc,%esi // clear all but offset bytes
+	andl	$0x000003fc,%esi C  clear all but offset bytes
 	xorl	itbl2(%esi),%edi
-	movl	%ebx,%esi	// third one
+	movl	%ebx,%esi	C  third one
 	shrl	$14,%esi
 	andl	$0x000003fc,%esi
 	xorl	itbl3(%esi),%edi
-	movl	%ecx,%esi	// fourth one
+	movl	%ecx,%esi	C  fourth one
 	shrl	$22,%esi
 	andl	$0x000003fc,%esi
 	xorl	itbl4(%esi),%edi
 	pushl	%edi

-	//// Third column
-	movl	%ecx,%esi	// copy first in
-	andl	$0x000000ff,%esi // clear all but offset
-	shll	$2,%esi		// index in itbl1
+	C // Third column
+	movl	%ecx,%esi	C  copy first in
+	andl	$0x000000ff,%esi C  clear all but offset
+	shll	$2,%esi		C  index in itbl1
 	movl	itbl1(%esi),%edi
-	movl	%edx,%esi	// second one
+	movl	%edx,%esi	C  second one
 	shrl	$6,%esi
-	andl	$0x000003fc,%esi // clear all but offset bytes
+	andl	$0x000003fc,%esi C  clear all but offset bytes
 	xorl	itbl2(%esi),%edi
-	movl	%eax,%esi	// third one
+	movl	%eax,%esi	C  third one
 	shrl	$14,%esi
 	andl	$0x000003fc,%esi
 	xorl	itbl3(%esi),%edi
-	movl	%ebx,%esi	// fourth one
+	movl	%ebx,%esi	C  fourth one
 	shrl	$22,%esi
 	andl	$0x000003fc,%esi
 	xorl	itbl4(%esi),%edi
-	pushl	%edi		// save first on stack
+	pushl	%edi		C  save first on stack

-	//// Fourth column
-	movl	%ebx,%esi	// copy first in
-	andl	$0x000000ff,%esi // clear all but offset
-	shll	$2,%esi		// index in itbl1
+	C // Fourth column
+	movl	%ebx,%esi	C  copy first in
+	andl	$0x000000ff,%esi C  clear all but offset
+	shll	$2,%esi		C  index in itbl1
 	movl	itbl1(%esi),%edi
-	movl	%ecx,%esi	// second one
+	movl	%ecx,%esi	C  second one
 	shrl	$6,%esi
-	andl	$0x000003fc,%esi // clear all but offset bytes
+	andl	$0x000003fc,%esi C  clear all but offset bytes
 	xorl	itbl2(%esi),%edi
-	movl	%edx,%esi	// third one
+	movl	%edx,%esi	C  third one
 	shrl	$14,%esi
 	andl	$0x000003fc,%esi
 	xorl	itbl3(%esi),%edi
-	movl	%eax,%esi	// fourth one
+	movl	%eax,%esi	C  fourth one
 	shrl	$22,%esi
 	andl	$0x000003fc,%esi
 	xorl	itbl4(%esi),%edi
@@ -359,18 +362,18 @@ rijndael_decrypt:
 	popl	%ebx
 	popl	%eax
 	popl	%esi
-	xorl	(%esi),%eax	// add current session key to plaintext
+	xorl	(%esi),%eax	C  add current session key to plaintext
 	xorl	4(%esi),%ebx
 	xorl	8(%esi),%ecx
 	xorl	12(%esi),%edx
-	subl	$16,%esi	// point to previous key
+	subl	$16,%esi	C  point to previous key
 	decl	%ebp
 	jnz	.decrypt_loop

 	xchgl	%ebx,%edx

-	//// last round
-	//// first column
+	C // last round
+	C // first column
 	movl	%eax,%edi
 	andl	$0x000000ff,%edi
 	movl	%ebx,%ebp
@@ -384,7 +387,7 @@ rijndael_decrypt:
 	orl	%ebp,%edi
 	pushl	%edi

-	//// second column
+	C // second column
 	movl	%eax,%edi
 	andl	$0xff000000,%edi
 	movl	%ebx,%ebp
@@ -398,7 +401,7 @@ rijndael_decrypt:
 	orl	%ebp,%edi
 	pushl	%edi

-	//// third column
+	C // third column
 	movl	%eax,%edi
 	andl	$0x00ff0000,%edi
 	movl	%ebx,%ebp
@@ -412,7 +415,7 @@ rijndael_decrypt:
 	orl	%ebp,%edi
 	pushl	%edi

-	//// second column
+	C // second column
 	movl	%eax,%edi
 	andl	$0x0000ff00,%edi
 	movl	%ebx,%ebp
@@ -430,7 +433,7 @@ rijndael_decrypt:
 	popl	%eax
 	xchgl	%ebx,%edx

-	//// inverse S-box substitution
+	C // inverse S-box substitution
 	mov	$4,%edi
 .isb_sub:
 	movl	%eax,%ebp
@@ -456,12 +459,12 @@ rijndael_decrypt:
 	decl	%edi
 	jnz	.isb_sub

-	xorl	(%esi),%eax	// add first key to plaintext
+	xorl	(%esi),%eax	C  add first key to plaintext
 	xorl	4(%esi),%ebx
 	xorl	8(%esi),%ecx
 	xorl	12(%esi),%edx

-	//// store decrypted data back to caller's buffer
+	C // store decrypted data back to caller's buffer
 	movl	28(%esp),%edi
 	movl	%eax,(%edi)
 	movl	%ebx,4(%edi)
@@ -473,47 +476,47 @@ rijndael_decrypt:
 	popl	%ebx
 	ret
 .eord:
-	.size	rijndael_decrypt,.eord-rijndael_decrypt
-
-	.align 16
-.globl rijndael_setup
-	.type	rijndael_setup,@function
-rijndael_decrypt:
-	//// save all registers that need to be saved
-	pushl	%ebx		// 16(%esp)
-	pushl	%ebp		// 12(%esp)
-	pushl	%esi		// 8(%esp)
-	pushl	%edi		// 4(%esp)
-	movl	20(%esp),%esi	/* context structure */
-	movl	24(%esp),%ecx	/* key size */
-	movl	28(%esp),%edi	/* original key */
-	/* This code assumes that the key length given is greater than
-	   or equal to 4 words (128 bits).  BAD THINGS WILL HAPPEN
-	   OTHERWISE! */
-	shrl	$2,%ecx		/* divide by 4 to get total key length */
-	movl	%ecx,%edx	/* calculate the number of rounds */
-	addl	$6,%edx		/* key length in words + 6 = num. rounds */
-	/* copy the initial key into the context structure */
-	pushl	%ecx
-.key_copy_loop:	
-	movl	(%edi),%eax
-	addl	$4,%edi
-	movl	%eax,(%esi)
-	addl	$4,%esi
-	decl	%ecx
-	jnz	.key_copy_loop
-	popl	%ecx
-	incl	%edx		/* number of rounds + 1 */
-	shll	$2,%edx		/* times rijndael blk size 4words */
-	subl	%ecx,%edx	/* # of other keys to make */
-	movl	%ecx,%ebp
-	decl	%ecx		/* turn ecx into a mask */
-	movl	$1,%ebx		/* round constant */
-.keygen_loop:
-	movl	-4(%esi),%eax	/* previous key */
-	testl	%ecx,%ebp
-	jnz	.testnk
-	/* rotate and substitute */
-	roll	$8,%eax
-	movl	%eax,%edi
-	andl	$0xff,%eax
+	.size	aes_decrypt,.eord-aes_decrypt
+
+C 	.align 16
+C .globl aes_setup
+C 	.type	aes_setup,@function
+C aes_decrypt:
+C 	C // save all registers that need to be saved
+C 	pushl	%ebx		C  16(%esp)
+C 	pushl	%ebp		C  12(%esp)
+C 	pushl	%esi		C  8(%esp)
+C 	pushl	%edi		C  4(%esp)
+C 	movl	20(%esp),%esi	/* context structure */
+C 	movl	24(%esp),%ecx	/* key size */
+C 	movl	28(%esp),%edi	/* original key */
+C 	/* This code assumes that the key length given is greater than
+C 	   or equal to 4 words (128 bits).  BAD THINGS WILL HAPPEN
+C 	   OTHERWISEC */
+C 	shrl	$2,%ecx		/* divide by 4 to get total key length */
+C 	movl	%ecx,%edx	/* calculate the number of rounds */
+C 	addl	$6,%edx		/* key length in words + 6 = num. rounds */
+C 	/* copy the initial key into the context structure */
+C 	pushl	%ecx
+C .key_copy_loop:	
+C 	movl	(%edi),%eax
+C 	addl	$4,%edi
+C 	movl	%eax,(%esi)
+C 	addl	$4,%esi
+C 	decl	%ecx
+C 	jnz	.key_copy_loop
+C 	popl	%ecx
+C 	incl	%edx		/* number of rounds + 1 */
+C 	shll	$2,%edx		/* times aes blk size 4words */
+C 	subl	%ecx,%edx	/* # of other keys to make */
+C 	movl	%ecx,%ebp
+C 	decl	%ecx		/* turn ecx into a mask */
+C 	movl	$1,%ebx		/* round constant */
+C .keygen_loop:
+C 	movl	-4(%esi),%eax	/* previous key */