]>
Commit | Line | Data |
---|---|---|
2cb7cef9 BS |
1 | Subject: Twofish encryption for loop device for old S.u.S.E. crypto partitions |
2 | From: kraxel@suse.de | |
3 | ||
4 | See $subject, used up to 9.2 on new installs. | |
5 | ||
6 | --- | |
7 | drivers/block/Kconfig | 6 | |
8 | drivers/block/Makefile | 1 | |
9 | drivers/block/loop_fish2.c | 625 +++++++++++++++++++++++++++++++++++++++++++++ | |
10 | 3 files changed, 632 insertions(+) | |
11 | ||
12 | --- a/drivers/block/Kconfig | |
13 | +++ b/drivers/block/Kconfig | |
14 | @@ -409,6 +409,12 @@ config SUNVDC | |
15 | Support for virtual disk devices as a client under Sun | |
16 | Logical Domains. | |
17 | ||
18 | +config CIPHER_TWOFISH | |
19 | + tristate "Twofish encryption for loop device for old S.u.S.E. crypto partitions" | |
20 | + depends on BLK_DEV_LOOP | |
21 | + help | |
22 | + Say Y here if you want to support old S.u.S.E. crypto partitions. | |
23 | + | |
24 | source "drivers/s390/block/Kconfig" | |
25 | ||
26 | config XILINX_SYSACE | |
27 | --- a/drivers/block/Makefile | |
28 | +++ b/drivers/block/Makefile | |
29 | @@ -32,3 +32,4 @@ obj-$(CONFIG_BLK_DEV_UB) += ub.o | |
30 | obj-$(CONFIG_BLK_DEV_HD) += hd.o | |
31 | ||
32 | obj-$(CONFIG_XEN_BLKDEV_FRONTEND) += xen-blkfront.o | |
33 | +obj-$(CONFIG_CIPHER_TWOFISH) += loop_fish2.o | |
34 | --- /dev/null | |
35 | +++ b/drivers/block/loop_fish2.c | |
36 | @@ -0,0 +1,625 @@ | |
37 | +#include <linux/module.h> | |
38 | +#include <linux/errno.h> | |
39 | +#include <linux/init.h> | |
40 | +#include <linux/fs.h> | |
41 | +#include <linux/string.h> | |
42 | +#include <linux/mm.h> | |
43 | +#include <linux/slab.h> | |
44 | +#include <asm/byteorder.h> | |
45 | +#include <linux/loop.h> | |
46 | + | |
47 | +#define ROL(x,c) (((x) << (c)) | ((x) >> (32-(c)))) | |
48 | +#define ROR(x,c) (((x) >> (c)) | ((x) << (32-(c)))) | |
49 | +#define Bswap(x) __le32_to_cpu(x) | |
50 | + | |
51 | +#define DWORD __u32 | |
52 | +#define BYTE unsigned char | |
53 | + | |
54 | +typedef struct fish2_key | |
55 | +{ int keyLen; /* Key Length in Bit */ | |
56 | + DWORD sboxKeys[4]; | |
57 | + DWORD subKeys[40]; | |
58 | + BYTE key[32]; | |
59 | + DWORD sbox_full[1024]; /* This have to be 1024 DWORDs */ | |
60 | +} fish2_key; | |
61 | + | |
62 | + | |
63 | +/* Mul_5B[i] is 0x5B * i in GF(256), whatever that means... */ | |
64 | + | |
65 | +static unsigned char Mul_5B[256] = { | |
66 | + 0x00,0x5B,0xB6,0xED,0x05,0x5E,0xB3,0xE8, | |
67 | + 0x0A,0x51,0xBC,0xE7,0x0F,0x54,0xB9,0xE2, | |
68 | + 0x14,0x4F,0xA2,0xF9,0x11,0x4A,0xA7,0xFC, | |
69 | + 0x1E,0x45,0xA8,0xF3,0x1B,0x40,0xAD,0xF6, | |
70 | + 0x28,0x73,0x9E,0xC5,0x2D,0x76,0x9B,0xC0, | |
71 | + 0x22,0x79,0x94,0xCF,0x27,0x7C,0x91,0xCA, | |
72 | + 0x3C,0x67,0x8A,0xD1,0x39,0x62,0x8F,0xD4, | |
73 | + 0x36,0x6D,0x80,0xDB,0x33,0x68,0x85,0xDE, | |
74 | + 0x50,0x0B,0xE6,0xBD,0x55,0x0E,0xE3,0xB8, | |
75 | + 0x5A,0x01,0xEC,0xB7,0x5F,0x04,0xE9,0xB2, | |
76 | + 0x44,0x1F,0xF2,0xA9,0x41,0x1A,0xF7,0xAC, | |
77 | + 0x4E,0x15,0xF8,0xA3,0x4B,0x10,0xFD,0xA6, | |
78 | + 0x78,0x23,0xCE,0x95,0x7D,0x26,0xCB,0x90, | |
79 | + 0x72,0x29,0xC4,0x9F,0x77,0x2C,0xC1,0x9A, | |
80 | + 0x6C,0x37,0xDA,0x81,0x69,0x32,0xDF,0x84, | |
81 | + 0x66,0x3D,0xD0,0x8B,0x63,0x38,0xD5,0x8E, | |
82 | + 0xA0,0xFB,0x16,0x4D,0xA5,0xFE,0x13,0x48, | |
83 | + 0xAA,0xF1,0x1C,0x47,0xAF,0xF4,0x19,0x42, | |
84 | + 0xB4,0xEF,0x02,0x59,0xB1,0xEA,0x07,0x5C, | |
85 | + 0xBE,0xE5,0x08,0x53,0xBB,0xE0,0x0D,0x56, | |
86 | + 0x88,0xD3,0x3E,0x65,0x8D,0xD6,0x3B,0x60, | |
87 | + 0x82,0xD9,0x34,0x6F,0x87,0xDC,0x31,0x6A, | |
88 | + 0x9C,0xC7,0x2A,0x71,0x99,0xC2,0x2F,0x74, | |
89 | + 0x96,0xCD,0x20,0x7B,0x93,0xC8,0x25,0x7E, | |
90 | + 0xF0,0xAB,0x46,0x1D,0xF5,0xAE,0x43,0x18, | |
91 | + 0xFA,0xA1,0x4C,0x17,0xFF,0xA4,0x49,0x12, | |
92 | + 0xE4,0xBF,0x52,0x09,0xE1,0xBA,0x57,0x0C, | |
93 | + 0xEE,0xB5,0x58,0x03,0xEB,0xB0,0x5D,0x06, | |
94 | + 0xD8,0x83,0x6E,0x35,0xDD,0x86,0x6B,0x30, | |
95 | + 0xD2,0x89,0x64,0x3F,0xD7,0x8C,0x61,0x3A, | |
96 | + 0xCC,0x97,0x7A,0x21,0xC9,0x92,0x7F,0x24, | |
97 | + 0xC6,0x9D,0x70,0x2B,0xC3,0x98,0x75,0x2E }; | |
98 | + | |
99 | + | |
100 | +/* Mul_EF[i] is 0xEF * i in GF(256), whatever that means... */ | |
101 | + | |
102 | +static unsigned char Mul_EF[256] = { | |
103 | + 0x00,0xEF,0xB7,0x58,0x07,0xE8,0xB0,0x5F, | |
104 | + 0x0E,0xE1,0xB9,0x56,0x09,0xE6,0xBE,0x51, | |
105 | + 0x1C,0xF3,0xAB,0x44,0x1B,0xF4,0xAC,0x43, | |
106 | + 0x12,0xFD,0xA5,0x4A,0x15,0xFA,0xA2,0x4D, | |
107 | + 0x38,0xD7,0x8F,0x60,0x3F,0xD0,0x88,0x67, | |
108 | + 0x36,0xD9,0x81,0x6E,0x31,0xDE,0x86,0x69, | |
109 | + 0x24,0xCB,0x93,0x7C,0x23,0xCC,0x94,0x7B, | |
110 | + 0x2A,0xC5,0x9D,0x72,0x2D,0xC2,0x9A,0x75, | |
111 | + 0x70,0x9F,0xC7,0x28,0x77,0x98,0xC0,0x2F, | |
112 | + 0x7E,0x91,0xC9,0x26,0x79,0x96,0xCE,0x21, | |
113 | + 0x6C,0x83,0xDB,0x34,0x6B,0x84,0xDC,0x33, | |
114 | + 0x62,0x8D,0xD5,0x3A,0x65,0x8A,0xD2,0x3D, | |
115 | + 0x48,0xA7,0xFF,0x10,0x4F,0xA0,0xF8,0x17, | |
116 | + 0x46,0xA9,0xF1,0x1E,0x41,0xAE,0xF6,0x19, | |
117 | + 0x54,0xBB,0xE3,0x0C,0x53,0xBC,0xE4,0x0B, | |
118 | + 0x5A,0xB5,0xED,0x02,0x5D,0xB2,0xEA,0x05, | |
119 | + 0xE0,0x0F,0x57,0xB8,0xE7,0x08,0x50,0xBF, | |
120 | + 0xEE,0x01,0x59,0xB6,0xE9,0x06,0x5E,0xB1, | |
121 | + 0xFC,0x13,0x4B,0xA4,0xFB,0x14,0x4C,0xA3, | |
122 | + 0xF2,0x1D,0x45,0xAA,0xF5,0x1A,0x42,0xAD, | |
123 | + 0xD8,0x37,0x6F,0x80,0xDF,0x30,0x68,0x87, | |
124 | + 0xD6,0x39,0x61,0x8E,0xD1,0x3E,0x66,0x89, | |
125 | + 0xC4,0x2B,0x73,0x9C,0xC3,0x2C,0x74,0x9B, | |
126 | + 0xCA,0x25,0x7D,0x92,0xCD,0x22,0x7A,0x95, | |
127 | + 0x90,0x7F,0x27,0xC8,0x97,0x78,0x20,0xCF, | |
128 | + 0x9E,0x71,0x29,0xC6,0x99,0x76,0x2E,0xC1, | |
129 | + 0x8C,0x63,0x3B,0xD4,0x8B,0x64,0x3C,0xD3, | |
130 | + 0x82,0x6D,0x35,0xDA,0x85,0x6A,0x32,0xDD, | |
131 | + 0xA8,0x47,0x1F,0xF0,0xAF,0x40,0x18,0xF7, | |
132 | + 0xA6,0x49,0x11,0xFE,0xA1,0x4E,0x16,0xF9, | |
133 | + 0xB4,0x5B,0x03,0xEC,0xB3,0x5C,0x04,0xEB, | |
134 | + 0xBA,0x55,0x0D,0xE2,0xBD,0x52,0x0A,0xE5 }; | |
135 | + | |
136 | +static inline DWORD mds_mul(BYTE *y) | |
137 | +{ DWORD z; | |
138 | + | |
139 | + z=Mul_EF[y[0]] ^ y[1] ^ Mul_EF[y[2]] ^ Mul_5B[y[3]]; | |
140 | + z<<=8; | |
141 | + z|=Mul_EF[y[0]] ^ Mul_5B[y[1]] ^ y[2] ^ Mul_EF[y[3]]; | |
142 | + z<<=8; | |
143 | + z|=Mul_5B[y[0]] ^ Mul_EF[y[1]] ^ Mul_EF[y[2]] ^ y[3]; | |
144 | + z<<=8; | |
145 | + z|=y[0] ^ Mul_EF[y[1]] ^ Mul_5B[y[2]] ^ Mul_5B[y[3]]; | |
146 | + | |
147 | + return z; | |
148 | +} | |
149 | + | |
150 | +/* q0 and q1 are the lookup substitutions done in twofish */ | |
151 | + | |
152 | +static unsigned char q0[256] = | |
153 | +{ 0xA9, 0x67, 0xB3, 0xE8, 0x04, 0xFD, 0xA3, 0x76, | |
154 | + 0x9A, 0x92, 0x80, 0x78, 0xE4, 0xDD, 0xD1, 0x38, | |
155 | + 0x0D, 0xC6, 0x35, 0x98, 0x18, 0xF7, 0xEC, 0x6C, | |
156 | + 0x43, 0x75, 0x37, 0x26, 0xFA, 0x13, 0x94, 0x48, | |
157 | + 0xF2, 0xD0, 0x8B, 0x30, 0x84, 0x54, 0xDF, 0x23, | |
158 | + 0x19, 0x5B, 0x3D, 0x59, 0xF3, 0xAE, 0xA2, 0x82, | |
159 | + 0x63, 0x01, 0x83, 0x2E, 0xD9, 0x51, 0x9B, 0x7C, | |
160 | + 0xA6, 0xEB, 0xA5, 0xBE, 0x16, 0x0C, 0xE3, 0x61, | |
161 | + 0xC0, 0x8C, 0x3A, 0xF5, 0x73, 0x2C, 0x25, 0x0B, | |
162 | + 0xBB, 0x4E, 0x89, 0x6B, 0x53, 0x6A, 0xB4, 0xF1, | |
163 | + 0xE1, 0xE6, 0xBD, 0x45, 0xE2, 0xF4, 0xB6, 0x66, | |
164 | + 0xCC, 0x95, 0x03, 0x56, 0xD4, 0x1C, 0x1E, 0xD7, | |
165 | + 0xFB, 0xC3, 0x8E, 0xB5, 0xE9, 0xCF, 0xBF, 0xBA, | |
166 | + 0xEA, 0x77, 0x39, 0xAF, 0x33, 0xC9, 0x62, 0x71, | |
167 | + 0x81, 0x79, 0x09, 0xAD, 0x24, 0xCD, 0xF9, 0xD8, | |
168 | + 0xE5, 0xC5, 0xB9, 0x4D, 0x44, 0x08, 0x86, 0xE7, | |
169 | + 0xA1, 0x1D, 0xAA, 0xED, 0x06, 0x70, 0xB2, 0xD2, | |
170 | + 0x41, 0x7B, 0xA0, 0x11, 0x31, 0xC2, 0x27, 0x90, | |
171 | + 0x20, 0xF6, 0x60, 0xFF, 0x96, 0x5C, 0xB1, 0xAB, | |
172 | + 0x9E, 0x9C, 0x52, 0x1B, 0x5F, 0x93, 0x0A, 0xEF, | |
173 | + 0x91, 0x85, 0x49, 0xEE, 0x2D, 0x4F, 0x8F, 0x3B, | |
174 | + 0x47, 0x87, 0x6D, 0x46, 0xD6, 0x3E, 0x69, 0x64, | |
175 | + 0x2A, 0xCE, 0xCB, 0x2F, 0xFC, 0x97, 0x05, 0x7A, | |
176 | + 0xAC, 0x7F, 0xD5, 0x1A, 0x4B, 0x0E, 0xA7, 0x5A, | |
177 | + 0x28, 0x14, 0x3F, 0x29, 0x88, 0x3C, 0x4C, 0x02, | |
178 | + 0xB8, 0xDA, 0xB0, 0x17, 0x55, 0x1F, 0x8A, 0x7D, | |
179 | + 0x57, 0xC7, 0x8D, 0x74, 0xB7, 0xC4, 0x9F, 0x72, | |
180 | + 0x7E, 0x15, 0x22, 0x12, 0x58, 0x07, 0x99, 0x34, | |
181 | + 0x6E, 0x50, 0xDE, 0x68, 0x65, 0xBC, 0xDB, 0xF8, | |
182 | + 0xC8, 0xA8, 0x2B, 0x40, 0xDC, 0xFE, 0x32, 0xA4, | |
183 | + 0xCA, 0x10, 0x21, 0xF0, 0xD3, 0x5D, 0x0F, 0x00, | |
184 | + 0x6F, 0x9D, 0x36, 0x42, 0x4A, 0x5E, 0xC1, 0xE0}; | |
185 | + | |
186 | +static unsigned char q1[256] = | |
187 | +{ 0x75, 0xF3, 0xC6, 0xF4, 0xDB, 0x7B, 0xFB, 0xC8, | |
188 | + 0x4A, 0xD3, 0xE6, 0x6B, 0x45, 0x7D, 0xE8, 0x4B, | |
189 | + 0xD6, 0x32, 0xD8, 0xFD, 0x37, 0x71, 0xF1, 0xE1, | |
190 | + 0x30, 0x0F, 0xF8, 0x1B, 0x87, 0xFA, 0x06, 0x3F, | |
191 | + 0x5E, 0xBA, 0xAE, 0x5B, 0x8A, 0x00, 0xBC, 0x9D, | |
192 | + 0x6D, 0xC1, 0xB1, 0x0E, 0x80, 0x5D, 0xD2, 0xD5, | |
193 | + 0xA0, 0x84, 0x07, 0x14, 0xB5, 0x90, 0x2C, 0xA3, | |
194 | + 0xB2, 0x73, 0x4C, 0x54, 0x92, 0x74, 0x36, 0x51, | |
195 | + 0x38, 0xB0, 0xBD, 0x5A, 0xFC, 0x60, 0x62, 0x96, | |
196 | + 0x6C, 0x42, 0xF7, 0x10, 0x7C, 0x28, 0x27, 0x8C, | |
197 | + 0x13, 0x95, 0x9C, 0xC7, 0x24, 0x46, 0x3B, 0x70, | |
198 | + 0xCA, 0xE3, 0x85, 0xCB, 0x11, 0xD0, 0x93, 0xB8, | |
199 | + 0xA6, 0x83, 0x20, 0xFF, 0x9F, 0x77, 0xC3, 0xCC, | |
200 | + 0x03, 0x6F, 0x08, 0xBF, 0x40, 0xE7, 0x2B, 0xE2, | |
201 | + 0x79, 0x0C, 0xAA, 0x82, 0x41, 0x3A, 0xEA, 0xB9, | |
202 | + 0xE4, 0x9A, 0xA4, 0x97, 0x7E, 0xDA, 0x7A, 0x17, | |
203 | + 0x66, 0x94, 0xA1, 0x1D, 0x3D, 0xF0, 0xDE, 0xB3, | |
204 | + 0x0B, 0x72, 0xA7, 0x1C, 0xEF, 0xD1, 0x53, 0x3E, | |
205 | + 0x8F, 0x33, 0x26, 0x5F, 0xEC, 0x76, 0x2A, 0x49, | |
206 | + 0x81, 0x88, 0xEE, 0x21, 0xC4, 0x1A, 0xEB, 0xD9, | |
207 | + 0xC5, 0x39, 0x99, 0xCD, 0xAD, 0x31, 0x8B, 0x01, | |
208 | + 0x18, 0x23, 0xDD, 0x1F, 0x4E, 0x2D, 0xF9, 0x48, | |
209 | + 0x4F, 0xF2, 0x65, 0x8E, 0x78, 0x5C, 0x58, 0x19, | |
210 | + 0x8D, 0xE5, 0x98, 0x57, 0x67, 0x7F, 0x05, 0x64, | |
211 | + 0xAF, 0x63, 0xB6, 0xFE, 0xF5, 0xB7, 0x3C, 0xA5, | |
212 | + 0xCE, 0xE9, 0x68, 0x44, 0xE0, 0x4D, 0x43, 0x69, | |
213 | + 0x29, 0x2E, 0xAC, 0x15, 0x59, 0xA8, 0x0A, 0x9E, | |
214 | + 0x6E, 0x47, 0xDF, 0x34, 0x35, 0x6A, 0xCF, 0xDC, | |
215 | + 0x22, 0xC9, 0xC0, 0x9B, 0x89, 0xD4, 0xED, 0xAB, | |
216 | + 0x12, 0xA2, 0x0D, 0x52, 0xBB, 0x02, 0x2F, 0xA9, | |
217 | + 0xD7, 0x61, 0x1E, 0xB4, 0x50, 0x04, 0xF6, 0xC2, | |
218 | + 0x16, 0x25, 0x86, 0x56, 0x55, 0x09, 0xBE, 0x91 | |
219 | + }; | |
220 | + | |
221 | + | |
222 | +static DWORD f32(DWORD x, const DWORD * k32, int keyLen) | |
223 | +{ | |
224 | + BYTE b[4]; | |
225 | + | |
226 | + /* Run each byte thru 8x8 S-boxes, xoring with key byte at each stage. */ | |
227 | + /* Note that each byte goes through a different combination of S-boxes. */ | |
228 | + | |
229 | + *((DWORD *) b) = Bswap(x); /* make b[0] = LSB, b[3] = MSB */ | |
230 | + | |
231 | + switch (((keyLen + 63) / 64) & 3) | |
232 | + { | |
233 | + case 0: /* 256 bits of key */ | |
234 | + b[0] = q1[b[0]]; | |
235 | + b[1] = q0[b[1]]; | |
236 | + b[2] = q0[b[2]]; | |
237 | + b[3] = q1[b[3]]; | |
238 | + | |
239 | + *((DWORD *) b) ^= k32[3]; | |
240 | + | |
241 | + /* fall thru, having pre-processed b[0]..b[3] with k32[3] */ | |
242 | + case 3: /* 192 bits of key */ | |
243 | + b[0] = q1[b[0]]; | |
244 | + b[1] = q1[b[1]]; | |
245 | + b[2] = q0[b[2]]; | |
246 | + b[3] = q0[b[3]]; | |
247 | + | |
248 | + *((DWORD *) b) ^= k32[2]; | |
249 | + | |
250 | + /* fall thru, having pre-processed b[0]..b[3] with k32[2] */ | |
251 | + case 2: /* 128 bits of key */ | |
252 | + b[0] = q0[b[0]]; | |
253 | + b[1] = q1[b[1]]; | |
254 | + b[2] = q0[b[2]]; | |
255 | + b[3] = q1[b[3]]; | |
256 | + | |
257 | + *((DWORD *) b) ^= k32[1]; | |
258 | + | |
259 | + b[0] = q0[b[0]]; | |
260 | + b[1] = q0[b[1]]; | |
261 | + b[2] = q1[b[2]]; | |
262 | + b[3] = q1[b[3]]; | |
263 | + | |
264 | + *((DWORD *) b) ^= k32[0]; | |
265 | + | |
266 | + b[0] = q1[b[0]]; | |
267 | + b[1] = q0[b[1]]; | |
268 | + b[2] = q1[b[2]]; | |
269 | + b[3] = q0[b[3]]; | |
270 | + } | |
271 | + | |
272 | + | |
273 | + /* Now perform the MDS matrix multiply inline. */ | |
274 | + return mds_mul(b); | |
275 | +} | |
276 | + | |
277 | + | |
278 | +static void init_sbox(fish2_key *key) | |
279 | +{ DWORD x,*sbox,z,*k32; | |
280 | + int i,keyLen; | |
281 | + BYTE b[4]; | |
282 | + | |
283 | + k32=key->sboxKeys; | |
284 | + keyLen=key->keyLen; | |
285 | + sbox=key->sbox_full; | |
286 | + | |
287 | + x=0; | |
288 | + for (i=0;i<256;i++,x+=0x01010101) | |
289 | + { | |
290 | + *((DWORD *) b) = Bswap(x); /* make b[0] = LSB, b[3] = MSB */ | |
291 | + | |
292 | + switch (((keyLen + 63) / 64) & 3) | |
293 | + { | |
294 | + case 0: /* 256 bits of key */ | |
295 | + b[0] = q1[b[0]]; | |
296 | + b[1] = q0[b[1]]; | |
297 | + b[2] = q0[b[2]]; | |
298 | + b[3] = q1[b[3]]; | |
299 | + | |
300 | + *((DWORD *) b) ^= k32[3]; | |
301 | + | |
302 | + /* fall thru, having pre-processed b[0]..b[3] with k32[3] */ | |
303 | + case 3: /* 192 bits of key */ | |
304 | + b[0] = q1[b[0]]; | |
305 | + b[1] = q1[b[1]]; | |
306 | + b[2] = q0[b[2]]; | |
307 | + b[3] = q0[b[3]]; | |
308 | + | |
309 | + *((DWORD *) b) ^= k32[2]; | |
310 | + | |
311 | + /* fall thru, having pre-processed b[0]..b[3] with k32[2] */ | |
312 | + case 2: /* 128 bits of key */ | |
313 | + b[0] = q0[b[0]]; | |
314 | + b[1] = q1[b[1]]; | |
315 | + b[2] = q0[b[2]]; | |
316 | + b[3] = q1[b[3]]; | |
317 | + | |
318 | + *((DWORD *) b) ^= k32[1]; | |
319 | + | |
320 | + b[0] = q0[b[0]]; | |
321 | + b[1] = q0[b[1]]; | |
322 | + b[2] = q1[b[2]]; | |
323 | + b[3] = q1[b[3]]; | |
324 | + | |
325 | + *((DWORD *) b) ^= k32[0]; | |
326 | + | |
327 | + b[0] = q1[b[0]]; | |
328 | + b[1] = q0[b[1]]; | |
329 | + b[2] = q1[b[2]]; | |
330 | + b[3] = q0[b[3]]; | |
331 | + } | |
332 | + | |
333 | + z=Mul_EF[b[0]]; | |
334 | + z<<=8; | |
335 | + z|=Mul_EF[b[0]]; | |
336 | + z<<=8; | |
337 | + z|=Mul_5B[b[0]]; | |
338 | + z<<=8; | |
339 | + z|=b[0]; | |
340 | + | |
341 | + sbox[i]=z; | |
342 | + | |
343 | + z=b[1]; | |
344 | + z<<=8; | |
345 | + z|=Mul_5B[b[1]]; | |
346 | + z<<=8; | |
347 | + z|=Mul_EF[b[1]]; | |
348 | + z<<=8; | |
349 | + z|=Mul_EF[b[1]]; | |
350 | + | |
351 | + sbox[i+256]=z; | |
352 | + | |
353 | + z=Mul_EF[b[2]]; | |
354 | + z<<=8; | |
355 | + z|=b[2]; | |
356 | + z<<=8; | |
357 | + z|=Mul_EF[b[2]]; | |
358 | + z<<=8; | |
359 | + z|=Mul_5B[b[2]]; | |
360 | + | |
361 | + sbox[i+512]=z; | |
362 | + | |
363 | + z=Mul_5B[b[3]]; | |
364 | + z<<=8; | |
365 | + z|=Mul_EF[b[3]]; | |
366 | + z<<=8; | |
367 | + z|=b[3]; | |
368 | + z<<=8; | |
369 | + z|=Mul_5B[b[3]]; | |
370 | + | |
371 | + sbox[i+768]=z; | |
372 | + } | |
373 | +} | |
374 | + | |
375 | + | |
376 | +/* Reed-Solomon code parameters: (12,8) reversible code | |
377 | + g(x) = x**4 + (a + 1/a) x**3 + a x**2 + (a + 1/a) x + 1 | |
378 | + where a = primitive root of field generator 0x14D */ | |
379 | +#define RS_GF_FDBK 0x14D /* field generator */ | |
380 | +#define RS_rem(x) \ | |
381 | + { BYTE b = x >> 24; \ | |
382 | + DWORD g2 = ((b << 1) ^ ((b & 0x80) ? RS_GF_FDBK : 0 )) & 0xFF; \ | |
383 | + DWORD g3 = ((b >> 1) & 0x7F) ^ ((b & 1) ? RS_GF_FDBK >> 1 : 0 ) ^ g2 ; \ | |
384 | + x = (x << 8) ^ (g3 << 24) ^ (g2 << 16) ^ (g3 << 8) ^ b; \ | |
385 | + } | |
386 | + | |
387 | +static DWORD rs_mds(DWORD k0, DWORD k1) | |
388 | +{ | |
389 | + int i, j; | |
390 | + DWORD r; | |
391 | + | |
392 | + for (i = r = 0; i < 2; i++) | |
393 | + { | |
394 | + r ^= (i) ? k0 : k1; /* merge in 32 more key bits */ | |
395 | + for (j = 0; j < 4; j++) /* shift one byte at a time */ | |
396 | + RS_rem(r); | |
397 | + } | |
398 | + return r; | |
399 | +} | |
400 | + | |
401 | + | |
402 | +#define INPUT_WHITEN 0 /* subkey array indices */ | |
403 | +#define OUTPUT_WHITEN 4 | |
404 | +#define ROUND_SUBKEYS 8 /* use 2 * (# rounds) */ | |
405 | +#define TOTAL_SUBKEYS 40 | |
406 | + | |
407 | +static void init_key(fish2_key * key) | |
408 | +{ | |
409 | + int i, k64Cnt; | |
410 | + int keyLen = key->keyLen; | |
411 | + int subkeyCnt = TOTAL_SUBKEYS; | |
412 | + DWORD A, B; | |
413 | + DWORD k32e[4], k32o[4]; /* even/odd key dwords */ | |
414 | + | |
415 | + k64Cnt = (keyLen + 63) / 64; /* round up to next multiple of 64 bits */ | |
416 | + for (i = 0; i < k64Cnt; i++) | |
417 | + { /* split into even/odd key dwords */ | |
418 | + k32e[i] = ((DWORD *)key->key)[2 * i]; | |
419 | + k32o[i] = ((DWORD *)key->key)[2 * i + 1]; | |
420 | + /* compute S-box keys using (12,8) Reed-Solomon code over GF(256) */ | |
421 | + /* store in reverse order */ | |
422 | + key->sboxKeys[k64Cnt - 1 - i] = | |
423 | + Bswap(rs_mds(Bswap(k32e[i]), Bswap(k32o[i]))); | |
424 | + | |
425 | + } | |
426 | + | |
427 | + for (i = 0; i < subkeyCnt / 2; i++) /* compute round subkeys for PHT */ | |
428 | + { | |
429 | + A = f32(i * 0x02020202, k32e, keyLen); /* A uses even key dwords */ | |
430 | + B = f32(i * 0x02020202 + 0x01010101, k32o, keyLen); /* B uses odd key | |
431 | + dwords */ | |
432 | + B = ROL(B, 8); | |
433 | + key->subKeys[2 * i] = A + B; /* combine with a PHT */ | |
434 | + key->subKeys[2 * i + 1] = ROL(A + 2 * B, 9); | |
435 | + } | |
436 | + | |
437 | + init_sbox(key); | |
438 | +} | |
439 | + | |
440 | + | |
441 | +static inline DWORD f32_sbox(DWORD x,DWORD *sbox) | |
442 | +{ | |
443 | + /* Run each byte thru 8x8 S-boxes, xoring with key byte at each stage. */ | |
444 | + /* Note that each byte goes through a different combination of S-boxes. */ | |
445 | + | |
446 | + return (sbox[ (x) &0xff]^ | |
447 | + sbox[256 + (((x)>> 8)&0xff)]^ | |
448 | + sbox[512 + (((x)>>16)&0xff)]^ | |
449 | + sbox[768 + (((x)>>24)&0xff)]); | |
450 | +} | |
451 | + | |
452 | +#define roundE_m(x0,x1,x2,x3,rnd) \ | |
453 | + t0 = f32_sbox( x0, key->sbox_full ) ; \ | |
454 | + t1 = f32_sbox( ROL(x1,8), key->sbox_full ); \ | |
455 | + x2 ^= t0 + t1 + key->subKeys[2*rnd+8]; \ | |
456 | + x3 = ROL(x3,1); \ | |
457 | + x3 ^= t0 + 2*t1 + key->subKeys[2*rnd+9]; \ | |
458 | + x2 = ROR(x2,1); | |
459 | + | |
460 | + | |
461 | +static int blockEncrypt_CBC(fish2_key *key,BYTE *src,BYTE *dst,int len) | |
462 | +{ DWORD xx0,xx1,xx2,xx3,t0,t1,iv0,iv1,iv2,iv3; | |
463 | + | |
464 | + if (len & 0xF) return -1; | |
465 | + | |
466 | + iv0=0; | |
467 | + iv1=0; | |
468 | + iv2=0; | |
469 | + iv3=0; | |
470 | + for (;len>=16;len-=16) | |
471 | + | |
472 | + { | |
473 | + if ( ( len & 0x1FF) == 0) | |
474 | + { iv0=0; | |
475 | + iv1=0; | |
476 | + iv2=0; | |
477 | + iv3=0; | |
478 | + } | |
479 | + | |
480 | + xx0=Bswap(((DWORD *)src)[0]) ^ key->subKeys[0] ^ iv0; | |
481 | + xx1=Bswap(((DWORD *)src)[1]) ^ key->subKeys[1] ^ iv1; | |
482 | + xx2=Bswap(((DWORD *)src)[2]) ^ key->subKeys[2] ^ iv2; | |
483 | + xx3=Bswap(((DWORD *)src)[3]) ^ key->subKeys[3] ^ iv3; | |
484 | + | |
485 | + src+=16; | |
486 | + | |
487 | + roundE_m(xx0,xx1,xx2,xx3,0); | |
488 | + roundE_m(xx2,xx3,xx0,xx1,1); | |
489 | + roundE_m(xx0,xx1,xx2,xx3,2); | |
490 | + roundE_m(xx2,xx3,xx0,xx1,3); | |
491 | + roundE_m(xx0,xx1,xx2,xx3,4); | |
492 | + roundE_m(xx2,xx3,xx0,xx1,5); | |
493 | + roundE_m(xx0,xx1,xx2,xx3,6); | |
494 | + roundE_m(xx2,xx3,xx0,xx1,7); | |
495 | + roundE_m(xx0,xx1,xx2,xx3,8); | |
496 | + roundE_m(xx2,xx3,xx0,xx1,9); | |
497 | + roundE_m(xx0,xx1,xx2,xx3,10); | |
498 | + roundE_m(xx2,xx3,xx0,xx1,11); | |
499 | + roundE_m(xx0,xx1,xx2,xx3,12); | |
500 | + roundE_m(xx2,xx3,xx0,xx1,13); | |
501 | + roundE_m(xx0,xx1,xx2,xx3,14); | |
502 | + roundE_m(xx2,xx3,xx0,xx1,15); | |
503 | + | |
504 | + iv0=xx2 ^ key->subKeys[4]; | |
505 | + iv1=xx3 ^ key->subKeys[5]; | |
506 | + iv2=xx0 ^ key->subKeys[6]; | |
507 | + iv3=xx1 ^ key->subKeys[7]; | |
508 | + | |
509 | + ((DWORD *)dst)[0] = Bswap(iv0); | |
510 | + ((DWORD *)dst)[1] = Bswap(iv1); | |
511 | + ((DWORD *)dst)[2] = Bswap(iv2); | |
512 | + ((DWORD *)dst)[3] = Bswap(iv3); | |
513 | + dst+=16; | |
514 | + } | |
515 | + return len; | |
516 | +} | |
517 | + | |
518 | +#define roundD_m(x0,x1,x2,x3,rnd) \ | |
519 | + t0 = f32_sbox( x0, key->sbox_full); \ | |
520 | + t1 = f32_sbox( ROL(x1,8),key->sbox_full); \ | |
521 | + x2 = ROL(x2,1); \ | |
522 | + x3 ^= t0 + 2*t1 + key->subKeys[rnd*2+9]; \ | |
523 | + x3 = ROR(x3,1); \ | |
524 | + x2 ^= t0 + t1 + key->subKeys[rnd*2+8]; | |
525 | + | |
526 | + | |
527 | +static int blockDecrypt_CBC(fish2_key *key,BYTE *src,BYTE *dst,int len) | |
528 | +{ DWORD xx0,xx1,xx2,xx3,t0,t1,lx0,lx1,lx2,lx3,iv0,iv1,iv2,iv3; | |
529 | + | |
530 | + if (len & 0xF) return -1; | |
531 | + | |
532 | + iv0=0; | |
533 | + iv1=0; | |
534 | + iv2=0; | |
535 | + iv3=0; | |
536 | + | |
537 | + for (;len>=16;len-=16) | |
538 | + { | |
539 | + if ( ( len & 0x1FF) == 0) | |
540 | + { iv0=0; | |
541 | + iv1=0; | |
542 | + iv2=0; | |
543 | + iv3=0; | |
544 | + } | |
545 | + | |
546 | + lx0=iv0;iv0=Bswap(((DWORD *)src)[0]);xx0=iv0 ^ key->subKeys[4]; | |
547 | + lx1=iv1;iv1=Bswap(((DWORD *)src)[1]);xx1=iv1 ^ key->subKeys[5]; | |
548 | + lx2=iv2;iv2=Bswap(((DWORD *)src)[2]);xx2=iv2 ^ key->subKeys[6]; | |
549 | + lx3=iv3;iv3=Bswap(((DWORD *)src)[3]);xx3=iv3 ^ key->subKeys[7]; | |
550 | + src+=16; | |
551 | + | |
552 | + roundD_m(xx0,xx1,xx2,xx3,15); | |
553 | + roundD_m(xx2,xx3,xx0,xx1,14); | |
554 | + roundD_m(xx0,xx1,xx2,xx3,13); | |
555 | + roundD_m(xx2,xx3,xx0,xx1,12); | |
556 | + roundD_m(xx0,xx1,xx2,xx3,11); | |
557 | + roundD_m(xx2,xx3,xx0,xx1,10); | |
558 | + roundD_m(xx0,xx1,xx2,xx3,9); | |
559 | + roundD_m(xx2,xx3,xx0,xx1,8); | |
560 | + roundD_m(xx0,xx1,xx2,xx3,7); | |
561 | + roundD_m(xx2,xx3,xx0,xx1,6); | |
562 | + roundD_m(xx0,xx1,xx2,xx3,5); | |
563 | + roundD_m(xx2,xx3,xx0,xx1,4); | |
564 | + roundD_m(xx0,xx1,xx2,xx3,3); | |
565 | + roundD_m(xx2,xx3,xx0,xx1,2); | |
566 | + roundD_m(xx0,xx1,xx2,xx3,1); | |
567 | + roundD_m(xx2,xx3,xx0,xx1,0); | |
568 | + | |
569 | + ((DWORD *)dst)[0] = Bswap(xx2 ^ key->subKeys[0] ^ lx0); | |
570 | + ((DWORD *)dst)[1] = Bswap(xx3 ^ key->subKeys[1] ^ lx1); | |
571 | + ((DWORD *)dst)[2] = Bswap(xx0 ^ key->subKeys[2] ^ lx2); | |
572 | + ((DWORD *)dst)[3] = Bswap(xx1 ^ key->subKeys[3] ^ lx3); | |
573 | + dst+=16; | |
574 | + } | |
575 | + return len; | |
576 | +} | |
577 | + | |
578 | + | |
579 | +int transfer_fish2(struct loop_device *lo, int cmd, | |
580 | + struct page *raw_page, unsigned raw_off, | |
581 | + struct page *loop_page, unsigned loop_off, | |
582 | + int size, sector_t IV) | |
583 | +{ | |
584 | + char *raw_buf = kmap_atomic(raw_page, KM_USER0) + raw_off; | |
585 | + char *loop_buf = kmap_atomic(loop_page, KM_USER1) + loop_off; | |
586 | + | |
587 | + if (cmd == READ) | |
588 | + blockDecrypt_CBC((fish2_key *)lo->key_data,raw_buf,loop_buf,size); | |
589 | + else | |
590 | + blockEncrypt_CBC((fish2_key *)lo->key_data,loop_buf,raw_buf,size); | |
591 | + | |
592 | + kunmap_atomic(raw_buf, KM_USER0); | |
593 | + kunmap_atomic(loop_buf, KM_USER1); | |
594 | + cond_resched(); | |
595 | + | |
596 | + return 0; | |
597 | +} | |
598 | + | |
599 | +int fish2_init(struct loop_device *lo,const struct loop_info64 *info) | |
600 | +{ fish2_key *key; | |
601 | + | |
602 | + if (info->lo_encrypt_key_size<16 || info->lo_encrypt_key_size>32) | |
603 | + return -EINVAL; | |
604 | + | |
605 | + key=(fish2_key *)kmalloc(sizeof(fish2_key),GFP_KERNEL); | |
606 | + | |
607 | + if (key==NULL) | |
608 | + return -ENOMEM; | |
609 | + | |
610 | + lo->key_data=key; | |
611 | + | |
612 | + memset(key->key,0,32); | |
613 | + | |
614 | + key->keyLen=info->lo_encrypt_key_size << 3; | |
615 | + memcpy(key->key,info->lo_encrypt_key,info->lo_encrypt_key_size); | |
616 | + | |
617 | + init_key(key); | |
618 | + | |
619 | + return 0; | |
620 | +} | |
621 | + | |
622 | +static int fish2_release(struct loop_device *lo) | |
623 | +{ if (lo->key_data!=NULL) | |
624 | + { | |
625 | + kfree(lo->key_data); | |
626 | + lo->key_data=NULL; | |
627 | + } | |
628 | + return(0); | |
629 | +} | |
630 | + | |
631 | +static struct loop_func_table fish2_funcs = | |
632 | +{ .number = LO_CRYPT_FISH2, | |
633 | + .transfer = transfer_fish2, | |
634 | + .init = fish2_init, | |
635 | + .release = fish2_release, | |
636 | + .owner = THIS_MODULE | |
637 | +}; | |
638 | + | |
639 | +int __init loop_fish2_init(void) | |
640 | +{ | |
641 | + int err; | |
642 | + | |
643 | + if ((err=loop_register_transfer(&fish2_funcs))) | |
644 | + { | |
645 | + printk(KERN_WARNING "Couldn't register Twofish encryption\n"); | |
646 | + return err; | |
647 | + } | |
648 | + printk(KERN_INFO "loop: registered Twofish encryption \n"); | |
649 | + return 0; | |
650 | +} | |
651 | + | |
652 | +void __exit loop_fish2_exit(void) | |
653 | +{ | |
654 | + if (loop_unregister_transfer(LO_CRYPT_FISH2)) | |
655 | + printk(KERN_WARNING "Couldn't unregister Twofish encryption\n"); | |
656 | + printk(KERN_INFO "loop: unregistered Twofish encryption \n"); | |
657 | +} | |
658 | + | |
659 | +module_init(loop_fish2_init); | |
660 | +module_exit(loop_fish2_exit); | |
661 | +MODULE_LICENSE("GPL"); |