1 Subject: Twofish encryption for loop device for old S.u.S.E. crypto partitions
4 See $subject, used up to 9.2 on new installs.
7 drivers/block/Kconfig | 6
8 drivers/block/Makefile | 1
9 drivers/block/loop_fish2.c | 625 +++++++++++++++++++++++++++++++++++++++++++++
10 3 files changed, 632 insertions(+)
12 --- a/drivers/block/Kconfig
13 +++ b/drivers/block/Kconfig
14 @@ -409,6 +409,12 @@ config SUNVDC
15 Support for virtual disk devices as a client under Sun
18 +config CIPHER_TWOFISH
19 + tristate "Twofish encryption for loop device for old S.u.S.E. crypto partitions"
20 + depends on BLK_DEV_LOOP
22 + Say Y here if you want to support old S.u.S.E. crypto partitions.
24 source "drivers/s390/block/Kconfig"
27 --- a/drivers/block/Makefile
28 +++ b/drivers/block/Makefile
29 @@ -32,3 +32,4 @@ obj-$(CONFIG_BLK_DEV_UB) += ub.o
30 obj-$(CONFIG_BLK_DEV_HD) += hd.o
32 obj-$(CONFIG_XEN_BLKDEV_FRONTEND) += xen-blkfront.o
33 +obj-$(CONFIG_CIPHER_TWOFISH) += loop_fish2.o
35 +++ b/drivers/block/loop_fish2.c
37 +#include <linux/module.h>
38 +#include <linux/errno.h>
39 +#include <linux/init.h>
40 +#include <linux/fs.h>
41 +#include <linux/string.h>
42 +#include <linux/mm.h>
43 +#include <linux/slab.h>
44 +#include <asm/byteorder.h>
45 +#include <linux/loop.h>
47 +#define ROL(x,c) (((x) << (c)) | ((x) >> (32-(c))))
48 +#define ROR(x,c) (((x) >> (c)) | ((x) << (32-(c))))
49 +#define Bswap(x) __le32_to_cpu(x)
52 +#define BYTE unsigned char
54 +typedef struct fish2_key
55 +{ int keyLen; /* Key Length in Bit */
59 + DWORD sbox_full[1024]; /* This have to be 1024 DWORDs */
63 +/* Mul_5B[i] is 0x5B * i in GF(256), whatever that means... */
65 +static unsigned char Mul_5B[256] = {
66 + 0x00,0x5B,0xB6,0xED,0x05,0x5E,0xB3,0xE8,
67 + 0x0A,0x51,0xBC,0xE7,0x0F,0x54,0xB9,0xE2,
68 + 0x14,0x4F,0xA2,0xF9,0x11,0x4A,0xA7,0xFC,
69 + 0x1E,0x45,0xA8,0xF3,0x1B,0x40,0xAD,0xF6,
70 + 0x28,0x73,0x9E,0xC5,0x2D,0x76,0x9B,0xC0,
71 + 0x22,0x79,0x94,0xCF,0x27,0x7C,0x91,0xCA,
72 + 0x3C,0x67,0x8A,0xD1,0x39,0x62,0x8F,0xD4,
73 + 0x36,0x6D,0x80,0xDB,0x33,0x68,0x85,0xDE,
74 + 0x50,0x0B,0xE6,0xBD,0x55,0x0E,0xE3,0xB8,
75 + 0x5A,0x01,0xEC,0xB7,0x5F,0x04,0xE9,0xB2,
76 + 0x44,0x1F,0xF2,0xA9,0x41,0x1A,0xF7,0xAC,
77 + 0x4E,0x15,0xF8,0xA3,0x4B,0x10,0xFD,0xA6,
78 + 0x78,0x23,0xCE,0x95,0x7D,0x26,0xCB,0x90,
79 + 0x72,0x29,0xC4,0x9F,0x77,0x2C,0xC1,0x9A,
80 + 0x6C,0x37,0xDA,0x81,0x69,0x32,0xDF,0x84,
81 + 0x66,0x3D,0xD0,0x8B,0x63,0x38,0xD5,0x8E,
82 + 0xA0,0xFB,0x16,0x4D,0xA5,0xFE,0x13,0x48,
83 + 0xAA,0xF1,0x1C,0x47,0xAF,0xF4,0x19,0x42,
84 + 0xB4,0xEF,0x02,0x59,0xB1,0xEA,0x07,0x5C,
85 + 0xBE,0xE5,0x08,0x53,0xBB,0xE0,0x0D,0x56,
86 + 0x88,0xD3,0x3E,0x65,0x8D,0xD6,0x3B,0x60,
87 + 0x82,0xD9,0x34,0x6F,0x87,0xDC,0x31,0x6A,
88 + 0x9C,0xC7,0x2A,0x71,0x99,0xC2,0x2F,0x74,
89 + 0x96,0xCD,0x20,0x7B,0x93,0xC8,0x25,0x7E,
90 + 0xF0,0xAB,0x46,0x1D,0xF5,0xAE,0x43,0x18,
91 + 0xFA,0xA1,0x4C,0x17,0xFF,0xA4,0x49,0x12,
92 + 0xE4,0xBF,0x52,0x09,0xE1,0xBA,0x57,0x0C,
93 + 0xEE,0xB5,0x58,0x03,0xEB,0xB0,0x5D,0x06,
94 + 0xD8,0x83,0x6E,0x35,0xDD,0x86,0x6B,0x30,
95 + 0xD2,0x89,0x64,0x3F,0xD7,0x8C,0x61,0x3A,
96 + 0xCC,0x97,0x7A,0x21,0xC9,0x92,0x7F,0x24,
97 + 0xC6,0x9D,0x70,0x2B,0xC3,0x98,0x75,0x2E };
100 +/* Mul_EF[i] is 0xEF * i in GF(256), whatever that means... */
102 +static unsigned char Mul_EF[256] = {
103 + 0x00,0xEF,0xB7,0x58,0x07,0xE8,0xB0,0x5F,
104 + 0x0E,0xE1,0xB9,0x56,0x09,0xE6,0xBE,0x51,
105 + 0x1C,0xF3,0xAB,0x44,0x1B,0xF4,0xAC,0x43,
106 + 0x12,0xFD,0xA5,0x4A,0x15,0xFA,0xA2,0x4D,
107 + 0x38,0xD7,0x8F,0x60,0x3F,0xD0,0x88,0x67,
108 + 0x36,0xD9,0x81,0x6E,0x31,0xDE,0x86,0x69,
109 + 0x24,0xCB,0x93,0x7C,0x23,0xCC,0x94,0x7B,
110 + 0x2A,0xC5,0x9D,0x72,0x2D,0xC2,0x9A,0x75,
111 + 0x70,0x9F,0xC7,0x28,0x77,0x98,0xC0,0x2F,
112 + 0x7E,0x91,0xC9,0x26,0x79,0x96,0xCE,0x21,
113 + 0x6C,0x83,0xDB,0x34,0x6B,0x84,0xDC,0x33,
114 + 0x62,0x8D,0xD5,0x3A,0x65,0x8A,0xD2,0x3D,
115 + 0x48,0xA7,0xFF,0x10,0x4F,0xA0,0xF8,0x17,
116 + 0x46,0xA9,0xF1,0x1E,0x41,0xAE,0xF6,0x19,
117 + 0x54,0xBB,0xE3,0x0C,0x53,0xBC,0xE4,0x0B,
118 + 0x5A,0xB5,0xED,0x02,0x5D,0xB2,0xEA,0x05,
119 + 0xE0,0x0F,0x57,0xB8,0xE7,0x08,0x50,0xBF,
120 + 0xEE,0x01,0x59,0xB6,0xE9,0x06,0x5E,0xB1,
121 + 0xFC,0x13,0x4B,0xA4,0xFB,0x14,0x4C,0xA3,
122 + 0xF2,0x1D,0x45,0xAA,0xF5,0x1A,0x42,0xAD,
123 + 0xD8,0x37,0x6F,0x80,0xDF,0x30,0x68,0x87,
124 + 0xD6,0x39,0x61,0x8E,0xD1,0x3E,0x66,0x89,
125 + 0xC4,0x2B,0x73,0x9C,0xC3,0x2C,0x74,0x9B,
126 + 0xCA,0x25,0x7D,0x92,0xCD,0x22,0x7A,0x95,
127 + 0x90,0x7F,0x27,0xC8,0x97,0x78,0x20,0xCF,
128 + 0x9E,0x71,0x29,0xC6,0x99,0x76,0x2E,0xC1,
129 + 0x8C,0x63,0x3B,0xD4,0x8B,0x64,0x3C,0xD3,
130 + 0x82,0x6D,0x35,0xDA,0x85,0x6A,0x32,0xDD,
131 + 0xA8,0x47,0x1F,0xF0,0xAF,0x40,0x18,0xF7,
132 + 0xA6,0x49,0x11,0xFE,0xA1,0x4E,0x16,0xF9,
133 + 0xB4,0x5B,0x03,0xEC,0xB3,0x5C,0x04,0xEB,
134 + 0xBA,0x55,0x0D,0xE2,0xBD,0x52,0x0A,0xE5 };
136 +static inline DWORD mds_mul(BYTE *y)
139 + z=Mul_EF[y[0]] ^ y[1] ^ Mul_EF[y[2]] ^ Mul_5B[y[3]];
141 + z|=Mul_EF[y[0]] ^ Mul_5B[y[1]] ^ y[2] ^ Mul_EF[y[3]];
143 + z|=Mul_5B[y[0]] ^ Mul_EF[y[1]] ^ Mul_EF[y[2]] ^ y[3];
145 + z|=y[0] ^ Mul_EF[y[1]] ^ Mul_5B[y[2]] ^ Mul_5B[y[3]];
150 +/* q0 and q1 are the lookup substitutions done in twofish */
152 +static unsigned char q0[256] =
153 +{ 0xA9, 0x67, 0xB3, 0xE8, 0x04, 0xFD, 0xA3, 0x76,
154 + 0x9A, 0x92, 0x80, 0x78, 0xE4, 0xDD, 0xD1, 0x38,
155 + 0x0D, 0xC6, 0x35, 0x98, 0x18, 0xF7, 0xEC, 0x6C,
156 + 0x43, 0x75, 0x37, 0x26, 0xFA, 0x13, 0x94, 0x48,
157 + 0xF2, 0xD0, 0x8B, 0x30, 0x84, 0x54, 0xDF, 0x23,
158 + 0x19, 0x5B, 0x3D, 0x59, 0xF3, 0xAE, 0xA2, 0x82,
159 + 0x63, 0x01, 0x83, 0x2E, 0xD9, 0x51, 0x9B, 0x7C,
160 + 0xA6, 0xEB, 0xA5, 0xBE, 0x16, 0x0C, 0xE3, 0x61,
161 + 0xC0, 0x8C, 0x3A, 0xF5, 0x73, 0x2C, 0x25, 0x0B,
162 + 0xBB, 0x4E, 0x89, 0x6B, 0x53, 0x6A, 0xB4, 0xF1,
163 + 0xE1, 0xE6, 0xBD, 0x45, 0xE2, 0xF4, 0xB6, 0x66,
164 + 0xCC, 0x95, 0x03, 0x56, 0xD4, 0x1C, 0x1E, 0xD7,
165 + 0xFB, 0xC3, 0x8E, 0xB5, 0xE9, 0xCF, 0xBF, 0xBA,
166 + 0xEA, 0x77, 0x39, 0xAF, 0x33, 0xC9, 0x62, 0x71,
167 + 0x81, 0x79, 0x09, 0xAD, 0x24, 0xCD, 0xF9, 0xD8,
168 + 0xE5, 0xC5, 0xB9, 0x4D, 0x44, 0x08, 0x86, 0xE7,
169 + 0xA1, 0x1D, 0xAA, 0xED, 0x06, 0x70, 0xB2, 0xD2,
170 + 0x41, 0x7B, 0xA0, 0x11, 0x31, 0xC2, 0x27, 0x90,
171 + 0x20, 0xF6, 0x60, 0xFF, 0x96, 0x5C, 0xB1, 0xAB,
172 + 0x9E, 0x9C, 0x52, 0x1B, 0x5F, 0x93, 0x0A, 0xEF,
173 + 0x91, 0x85, 0x49, 0xEE, 0x2D, 0x4F, 0x8F, 0x3B,
174 + 0x47, 0x87, 0x6D, 0x46, 0xD6, 0x3E, 0x69, 0x64,
175 + 0x2A, 0xCE, 0xCB, 0x2F, 0xFC, 0x97, 0x05, 0x7A,
176 + 0xAC, 0x7F, 0xD5, 0x1A, 0x4B, 0x0E, 0xA7, 0x5A,
177 + 0x28, 0x14, 0x3F, 0x29, 0x88, 0x3C, 0x4C, 0x02,
178 + 0xB8, 0xDA, 0xB0, 0x17, 0x55, 0x1F, 0x8A, 0x7D,
179 + 0x57, 0xC7, 0x8D, 0x74, 0xB7, 0xC4, 0x9F, 0x72,
180 + 0x7E, 0x15, 0x22, 0x12, 0x58, 0x07, 0x99, 0x34,
181 + 0x6E, 0x50, 0xDE, 0x68, 0x65, 0xBC, 0xDB, 0xF8,
182 + 0xC8, 0xA8, 0x2B, 0x40, 0xDC, 0xFE, 0x32, 0xA4,
183 + 0xCA, 0x10, 0x21, 0xF0, 0xD3, 0x5D, 0x0F, 0x00,
184 + 0x6F, 0x9D, 0x36, 0x42, 0x4A, 0x5E, 0xC1, 0xE0};
186 +static unsigned char q1[256] =
187 +{ 0x75, 0xF3, 0xC6, 0xF4, 0xDB, 0x7B, 0xFB, 0xC8,
188 + 0x4A, 0xD3, 0xE6, 0x6B, 0x45, 0x7D, 0xE8, 0x4B,
189 + 0xD6, 0x32, 0xD8, 0xFD, 0x37, 0x71, 0xF1, 0xE1,
190 + 0x30, 0x0F, 0xF8, 0x1B, 0x87, 0xFA, 0x06, 0x3F,
191 + 0x5E, 0xBA, 0xAE, 0x5B, 0x8A, 0x00, 0xBC, 0x9D,
192 + 0x6D, 0xC1, 0xB1, 0x0E, 0x80, 0x5D, 0xD2, 0xD5,
193 + 0xA0, 0x84, 0x07, 0x14, 0xB5, 0x90, 0x2C, 0xA3,
194 + 0xB2, 0x73, 0x4C, 0x54, 0x92, 0x74, 0x36, 0x51,
195 + 0x38, 0xB0, 0xBD, 0x5A, 0xFC, 0x60, 0x62, 0x96,
196 + 0x6C, 0x42, 0xF7, 0x10, 0x7C, 0x28, 0x27, 0x8C,
197 + 0x13, 0x95, 0x9C, 0xC7, 0x24, 0x46, 0x3B, 0x70,
198 + 0xCA, 0xE3, 0x85, 0xCB, 0x11, 0xD0, 0x93, 0xB8,
199 + 0xA6, 0x83, 0x20, 0xFF, 0x9F, 0x77, 0xC3, 0xCC,
200 + 0x03, 0x6F, 0x08, 0xBF, 0x40, 0xE7, 0x2B, 0xE2,
201 + 0x79, 0x0C, 0xAA, 0x82, 0x41, 0x3A, 0xEA, 0xB9,
202 + 0xE4, 0x9A, 0xA4, 0x97, 0x7E, 0xDA, 0x7A, 0x17,
203 + 0x66, 0x94, 0xA1, 0x1D, 0x3D, 0xF0, 0xDE, 0xB3,
204 + 0x0B, 0x72, 0xA7, 0x1C, 0xEF, 0xD1, 0x53, 0x3E,
205 + 0x8F, 0x33, 0x26, 0x5F, 0xEC, 0x76, 0x2A, 0x49,
206 + 0x81, 0x88, 0xEE, 0x21, 0xC4, 0x1A, 0xEB, 0xD9,
207 + 0xC5, 0x39, 0x99, 0xCD, 0xAD, 0x31, 0x8B, 0x01,
208 + 0x18, 0x23, 0xDD, 0x1F, 0x4E, 0x2D, 0xF9, 0x48,
209 + 0x4F, 0xF2, 0x65, 0x8E, 0x78, 0x5C, 0x58, 0x19,
210 + 0x8D, 0xE5, 0x98, 0x57, 0x67, 0x7F, 0x05, 0x64,
211 + 0xAF, 0x63, 0xB6, 0xFE, 0xF5, 0xB7, 0x3C, 0xA5,
212 + 0xCE, 0xE9, 0x68, 0x44, 0xE0, 0x4D, 0x43, 0x69,
213 + 0x29, 0x2E, 0xAC, 0x15, 0x59, 0xA8, 0x0A, 0x9E,
214 + 0x6E, 0x47, 0xDF, 0x34, 0x35, 0x6A, 0xCF, 0xDC,
215 + 0x22, 0xC9, 0xC0, 0x9B, 0x89, 0xD4, 0xED, 0xAB,
216 + 0x12, 0xA2, 0x0D, 0x52, 0xBB, 0x02, 0x2F, 0xA9,
217 + 0xD7, 0x61, 0x1E, 0xB4, 0x50, 0x04, 0xF6, 0xC2,
218 + 0x16, 0x25, 0x86, 0x56, 0x55, 0x09, 0xBE, 0x91
222 +static DWORD f32(DWORD x, const DWORD * k32, int keyLen)
226 + /* Run each byte thru 8x8 S-boxes, xoring with key byte at each stage. */
227 + /* Note that each byte goes through a different combination of S-boxes. */
229 + *((DWORD *) b) = Bswap(x); /* make b[0] = LSB, b[3] = MSB */
231 + switch (((keyLen + 63) / 64) & 3)
233 + case 0: /* 256 bits of key */
239 + *((DWORD *) b) ^= k32[3];
241 + /* fall thru, having pre-processed b[0]..b[3] with k32[3] */
242 + case 3: /* 192 bits of key */
248 + *((DWORD *) b) ^= k32[2];
250 + /* fall thru, having pre-processed b[0]..b[3] with k32[2] */
251 + case 2: /* 128 bits of key */
257 + *((DWORD *) b) ^= k32[1];
264 + *((DWORD *) b) ^= k32[0];
273 + /* Now perform the MDS matrix multiply inline. */
278 +static void init_sbox(fish2_key *key)
279 +{ DWORD x,*sbox,z,*k32;
284 + keyLen=key->keyLen;
285 + sbox=key->sbox_full;
288 + for (i=0;i<256;i++,x+=0x01010101)
290 + *((DWORD *) b) = Bswap(x); /* make b[0] = LSB, b[3] = MSB */
292 + switch (((keyLen + 63) / 64) & 3)
294 + case 0: /* 256 bits of key */
300 + *((DWORD *) b) ^= k32[3];
302 + /* fall thru, having pre-processed b[0]..b[3] with k32[3] */
303 + case 3: /* 192 bits of key */
309 + *((DWORD *) b) ^= k32[2];
311 + /* fall thru, having pre-processed b[0]..b[3] with k32[2] */
312 + case 2: /* 128 bits of key */
318 + *((DWORD *) b) ^= k32[1];
325 + *((DWORD *) b) ^= k32[0];
376 +/* Reed-Solomon code parameters: (12,8) reversible code
377 + g(x) = x**4 + (a + 1/a) x**3 + a x**2 + (a + 1/a) x + 1
378 + where a = primitive root of field generator 0x14D */
379 +#define RS_GF_FDBK 0x14D /* field generator */
381 + { BYTE b = x >> 24; \
382 + DWORD g2 = ((b << 1) ^ ((b & 0x80) ? RS_GF_FDBK : 0 )) & 0xFF; \
383 + DWORD g3 = ((b >> 1) & 0x7F) ^ ((b & 1) ? RS_GF_FDBK >> 1 : 0 ) ^ g2 ; \
384 + x = (x << 8) ^ (g3 << 24) ^ (g2 << 16) ^ (g3 << 8) ^ b; \
387 +static DWORD rs_mds(DWORD k0, DWORD k1)
392 + for (i = r = 0; i < 2; i++)
394 + r ^= (i) ? k0 : k1; /* merge in 32 more key bits */
395 + for (j = 0; j < 4; j++) /* shift one byte at a time */
402 +#define INPUT_WHITEN 0 /* subkey array indices */
403 +#define OUTPUT_WHITEN 4
404 +#define ROUND_SUBKEYS 8 /* use 2 * (# rounds) */
405 +#define TOTAL_SUBKEYS 40
407 +static void init_key(fish2_key * key)
410 + int keyLen = key->keyLen;
411 + int subkeyCnt = TOTAL_SUBKEYS;
413 + DWORD k32e[4], k32o[4]; /* even/odd key dwords */
415 + k64Cnt = (keyLen + 63) / 64; /* round up to next multiple of 64 bits */
416 + for (i = 0; i < k64Cnt; i++)
417 + { /* split into even/odd key dwords */
418 + k32e[i] = ((DWORD *)key->key)[2 * i];
419 + k32o[i] = ((DWORD *)key->key)[2 * i + 1];
420 + /* compute S-box keys using (12,8) Reed-Solomon code over GF(256) */
421 + /* store in reverse order */
422 + key->sboxKeys[k64Cnt - 1 - i] =
423 + Bswap(rs_mds(Bswap(k32e[i]), Bswap(k32o[i])));
427 + for (i = 0; i < subkeyCnt / 2; i++) /* compute round subkeys for PHT */
429 + A = f32(i * 0x02020202, k32e, keyLen); /* A uses even key dwords */
430 + B = f32(i * 0x02020202 + 0x01010101, k32o, keyLen); /* B uses odd key
433 + key->subKeys[2 * i] = A + B; /* combine with a PHT */
434 + key->subKeys[2 * i + 1] = ROL(A + 2 * B, 9);
441 +static inline DWORD f32_sbox(DWORD x,DWORD *sbox)
443 + /* Run each byte thru 8x8 S-boxes, xoring with key byte at each stage. */
444 + /* Note that each byte goes through a different combination of S-boxes. */
446 + return (sbox[ (x) &0xff]^
447 + sbox[256 + (((x)>> 8)&0xff)]^
448 + sbox[512 + (((x)>>16)&0xff)]^
449 + sbox[768 + (((x)>>24)&0xff)]);
452 +#define roundE_m(x0,x1,x2,x3,rnd) \
453 + t0 = f32_sbox( x0, key->sbox_full ) ; \
454 + t1 = f32_sbox( ROL(x1,8), key->sbox_full ); \
455 + x2 ^= t0 + t1 + key->subKeys[2*rnd+8]; \
457 + x3 ^= t0 + 2*t1 + key->subKeys[2*rnd+9]; \
461 +static int blockEncrypt_CBC(fish2_key *key,BYTE *src,BYTE *dst,int len)
462 +{ DWORD xx0,xx1,xx2,xx3,t0,t1,iv0,iv1,iv2,iv3;
464 + if (len & 0xF) return -1;
470 + for (;len>=16;len-=16)
473 + if ( ( len & 0x1FF) == 0)
480 + xx0=Bswap(((DWORD *)src)[0]) ^ key->subKeys[0] ^ iv0;
481 + xx1=Bswap(((DWORD *)src)[1]) ^ key->subKeys[1] ^ iv1;
482 + xx2=Bswap(((DWORD *)src)[2]) ^ key->subKeys[2] ^ iv2;
483 + xx3=Bswap(((DWORD *)src)[3]) ^ key->subKeys[3] ^ iv3;
487 + roundE_m(xx0,xx1,xx2,xx3,0);
488 + roundE_m(xx2,xx3,xx0,xx1,1);
489 + roundE_m(xx0,xx1,xx2,xx3,2);
490 + roundE_m(xx2,xx3,xx0,xx1,3);
491 + roundE_m(xx0,xx1,xx2,xx3,4);
492 + roundE_m(xx2,xx3,xx0,xx1,5);
493 + roundE_m(xx0,xx1,xx2,xx3,6);
494 + roundE_m(xx2,xx3,xx0,xx1,7);
495 + roundE_m(xx0,xx1,xx2,xx3,8);
496 + roundE_m(xx2,xx3,xx0,xx1,9);
497 + roundE_m(xx0,xx1,xx2,xx3,10);
498 + roundE_m(xx2,xx3,xx0,xx1,11);
499 + roundE_m(xx0,xx1,xx2,xx3,12);
500 + roundE_m(xx2,xx3,xx0,xx1,13);
501 + roundE_m(xx0,xx1,xx2,xx3,14);
502 + roundE_m(xx2,xx3,xx0,xx1,15);
504 + iv0=xx2 ^ key->subKeys[4];
505 + iv1=xx3 ^ key->subKeys[5];
506 + iv2=xx0 ^ key->subKeys[6];
507 + iv3=xx1 ^ key->subKeys[7];
509 + ((DWORD *)dst)[0] = Bswap(iv0);
510 + ((DWORD *)dst)[1] = Bswap(iv1);
511 + ((DWORD *)dst)[2] = Bswap(iv2);
512 + ((DWORD *)dst)[3] = Bswap(iv3);
518 +#define roundD_m(x0,x1,x2,x3,rnd) \
519 + t0 = f32_sbox( x0, key->sbox_full); \
520 + t1 = f32_sbox( ROL(x1,8),key->sbox_full); \
522 + x3 ^= t0 + 2*t1 + key->subKeys[rnd*2+9]; \
524 + x2 ^= t0 + t1 + key->subKeys[rnd*2+8];
527 +static int blockDecrypt_CBC(fish2_key *key,BYTE *src,BYTE *dst,int len)
528 +{ DWORD xx0,xx1,xx2,xx3,t0,t1,lx0,lx1,lx2,lx3,iv0,iv1,iv2,iv3;
530 + if (len & 0xF) return -1;
537 + for (;len>=16;len-=16)
539 + if ( ( len & 0x1FF) == 0)
546 + lx0=iv0;iv0=Bswap(((DWORD *)src)[0]);xx0=iv0 ^ key->subKeys[4];
547 + lx1=iv1;iv1=Bswap(((DWORD *)src)[1]);xx1=iv1 ^ key->subKeys[5];
548 + lx2=iv2;iv2=Bswap(((DWORD *)src)[2]);xx2=iv2 ^ key->subKeys[6];
549 + lx3=iv3;iv3=Bswap(((DWORD *)src)[3]);xx3=iv3 ^ key->subKeys[7];
552 + roundD_m(xx0,xx1,xx2,xx3,15);
553 + roundD_m(xx2,xx3,xx0,xx1,14);
554 + roundD_m(xx0,xx1,xx2,xx3,13);
555 + roundD_m(xx2,xx3,xx0,xx1,12);
556 + roundD_m(xx0,xx1,xx2,xx3,11);
557 + roundD_m(xx2,xx3,xx0,xx1,10);
558 + roundD_m(xx0,xx1,xx2,xx3,9);
559 + roundD_m(xx2,xx3,xx0,xx1,8);
560 + roundD_m(xx0,xx1,xx2,xx3,7);
561 + roundD_m(xx2,xx3,xx0,xx1,6);
562 + roundD_m(xx0,xx1,xx2,xx3,5);
563 + roundD_m(xx2,xx3,xx0,xx1,4);
564 + roundD_m(xx0,xx1,xx2,xx3,3);
565 + roundD_m(xx2,xx3,xx0,xx1,2);
566 + roundD_m(xx0,xx1,xx2,xx3,1);
567 + roundD_m(xx2,xx3,xx0,xx1,0);
569 + ((DWORD *)dst)[0] = Bswap(xx2 ^ key->subKeys[0] ^ lx0);
570 + ((DWORD *)dst)[1] = Bswap(xx3 ^ key->subKeys[1] ^ lx1);
571 + ((DWORD *)dst)[2] = Bswap(xx0 ^ key->subKeys[2] ^ lx2);
572 + ((DWORD *)dst)[3] = Bswap(xx1 ^ key->subKeys[3] ^ lx3);
579 +int transfer_fish2(struct loop_device *lo, int cmd,
580 + struct page *raw_page, unsigned raw_off,
581 + struct page *loop_page, unsigned loop_off,
582 + int size, sector_t IV)
584 + char *raw_buf = kmap_atomic(raw_page, KM_USER0) + raw_off;
585 + char *loop_buf = kmap_atomic(loop_page, KM_USER1) + loop_off;
588 + blockDecrypt_CBC((fish2_key *)lo->key_data,raw_buf,loop_buf,size);
590 + blockEncrypt_CBC((fish2_key *)lo->key_data,loop_buf,raw_buf,size);
592 + kunmap_atomic(raw_buf, KM_USER0);
593 + kunmap_atomic(loop_buf, KM_USER1);
599 +int fish2_init(struct loop_device *lo,const struct loop_info64 *info)
602 + if (info->lo_encrypt_key_size<16 || info->lo_encrypt_key_size>32)
605 + key=(fish2_key *)kmalloc(sizeof(fish2_key),GFP_KERNEL);
612 + memset(key->key,0,32);
614 + key->keyLen=info->lo_encrypt_key_size << 3;
615 + memcpy(key->key,info->lo_encrypt_key,info->lo_encrypt_key_size);
622 +static int fish2_release(struct loop_device *lo)
623 +{ if (lo->key_data!=NULL)
625 + kfree(lo->key_data);
631 +static struct loop_func_table fish2_funcs =
632 +{ .number = LO_CRYPT_FISH2,
633 + .transfer = transfer_fish2,
634 + .init = fish2_init,
635 + .release = fish2_release,
636 + .owner = THIS_MODULE
639 +int __init loop_fish2_init(void)
643 + if ((err=loop_register_transfer(&fish2_funcs)))
645 + printk(KERN_WARNING "Couldn't register Twofish encryption\n");
648 + printk(KERN_INFO "loop: registered Twofish encryption \n");
652 +void __exit loop_fish2_exit(void)
654 + if (loop_unregister_transfer(LO_CRYPT_FISH2))
655 + printk(KERN_WARNING "Couldn't unregister Twofish encryption\n");
656 + printk(KERN_INFO "loop: unregistered Twofish encryption \n");
659 +module_init(loop_fish2_init);
660 +module_exit(loop_fish2_exit);
661 +MODULE_LICENSE("GPL");