Imported linux-2.6.27.39 suse/xen patches.

[ipfire-2.x.git] / src / patches / suse-2.6.27.39 / patches.suse / twofish-2.6

Subject: Twofish encryption for loop device for old S.u.S.E. crypto partitions
From: kraxel@suse.de

See $subject, used up to 9.2 on new installs.

---
 drivers/block/Kconfig      |    6 
 drivers/block/Makefile     |    1 
 drivers/block/loop_fish2.c |  625 +++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 632 insertions(+)

--- a/drivers/block/Kconfig
+++ b/drivers/block/Kconfig
@@ -409,6 +409,12 @@ config SUNVDC
          Support for virtual disk devices as a client under Sun
          Logical Domains.
 
+config CIPHER_TWOFISH
+       tristate "Twofish encryption for loop device for old S.u.S.E. crypto partitions"
+       depends on BLK_DEV_LOOP
+       help
+         Say Y here if you want to support old S.u.S.E. crypto partitions.
+
 source "drivers/s390/block/Kconfig"
 
 config XILINX_SYSACE
--- a/drivers/block/Makefile
+++ b/drivers/block/Makefile
@@ -32,3 +32,4 @@ obj-$(CONFIG_BLK_DEV_UB)      += ub.o
 obj-$(CONFIG_BLK_DEV_HD)       += hd.o
 
 obj-$(CONFIG_XEN_BLKDEV_FRONTEND)      += xen-blkfront.o
+obj-$(CONFIG_CIPHER_TWOFISH)   += loop_fish2.o
--- /dev/null
+++ b/drivers/block/loop_fish2.c
@@ -0,0 +1,625 @@
+#include <linux/module.h>
+#include <linux/errno.h>
+#include <linux/init.h>
+#include <linux/fs.h>
+#include <linux/string.h>
+#include <linux/mm.h>
+#include <linux/slab.h>
+#include <asm/byteorder.h>
+#include <linux/loop.h>
+
+#define ROL(x,c) (((x) << (c)) | ((x) >> (32-(c))))
+#define ROR(x,c) (((x) >> (c)) | ((x) << (32-(c))))
+#define Bswap(x) __le32_to_cpu(x)
+
+#define DWORD __u32
+#define BYTE unsigned char
+
+typedef struct fish2_key
+{ int keyLen;       /* Key Length in Bit */
+  DWORD sboxKeys[4];
+  DWORD subKeys[40];
+  BYTE  key[32];
+  DWORD sbox_full[1024];  /* This have to be 1024 DWORDs */
+} fish2_key;
+
+
+/* Mul_5B[i] is  0x5B * i   in GF(256), whatever that means... */
+
+static unsigned char Mul_5B[256] = {
+    0x00,0x5B,0xB6,0xED,0x05,0x5E,0xB3,0xE8,
+    0x0A,0x51,0xBC,0xE7,0x0F,0x54,0xB9,0xE2,
+    0x14,0x4F,0xA2,0xF9,0x11,0x4A,0xA7,0xFC,
+    0x1E,0x45,0xA8,0xF3,0x1B,0x40,0xAD,0xF6,
+    0x28,0x73,0x9E,0xC5,0x2D,0x76,0x9B,0xC0,
+    0x22,0x79,0x94,0xCF,0x27,0x7C,0x91,0xCA,
+    0x3C,0x67,0x8A,0xD1,0x39,0x62,0x8F,0xD4,
+    0x36,0x6D,0x80,0xDB,0x33,0x68,0x85,0xDE,
+    0x50,0x0B,0xE6,0xBD,0x55,0x0E,0xE3,0xB8,
+    0x5A,0x01,0xEC,0xB7,0x5F,0x04,0xE9,0xB2,
+    0x44,0x1F,0xF2,0xA9,0x41,0x1A,0xF7,0xAC,
+    0x4E,0x15,0xF8,0xA3,0x4B,0x10,0xFD,0xA6,
+    0x78,0x23,0xCE,0x95,0x7D,0x26,0xCB,0x90,
+    0x72,0x29,0xC4,0x9F,0x77,0x2C,0xC1,0x9A,
+    0x6C,0x37,0xDA,0x81,0x69,0x32,0xDF,0x84,
+    0x66,0x3D,0xD0,0x8B,0x63,0x38,0xD5,0x8E,
+    0xA0,0xFB,0x16,0x4D,0xA5,0xFE,0x13,0x48,
+    0xAA,0xF1,0x1C,0x47,0xAF,0xF4,0x19,0x42,
+    0xB4,0xEF,0x02,0x59,0xB1,0xEA,0x07,0x5C,
+    0xBE,0xE5,0x08,0x53,0xBB,0xE0,0x0D,0x56,
+    0x88,0xD3,0x3E,0x65,0x8D,0xD6,0x3B,0x60,
+    0x82,0xD9,0x34,0x6F,0x87,0xDC,0x31,0x6A,
+    0x9C,0xC7,0x2A,0x71,0x99,0xC2,0x2F,0x74,
+    0x96,0xCD,0x20,0x7B,0x93,0xC8,0x25,0x7E,
+    0xF0,0xAB,0x46,0x1D,0xF5,0xAE,0x43,0x18,
+    0xFA,0xA1,0x4C,0x17,0xFF,0xA4,0x49,0x12,
+    0xE4,0xBF,0x52,0x09,0xE1,0xBA,0x57,0x0C,
+    0xEE,0xB5,0x58,0x03,0xEB,0xB0,0x5D,0x06,
+    0xD8,0x83,0x6E,0x35,0xDD,0x86,0x6B,0x30,
+    0xD2,0x89,0x64,0x3F,0xD7,0x8C,0x61,0x3A,
+    0xCC,0x97,0x7A,0x21,0xC9,0x92,0x7F,0x24,
+    0xC6,0x9D,0x70,0x2B,0xC3,0x98,0x75,0x2E };
+
+
+/* Mul_EF[i] is  0xEF * i   in GF(256), whatever that means... */
+
+static unsigned char Mul_EF[256] = {
+    0x00,0xEF,0xB7,0x58,0x07,0xE8,0xB0,0x5F,
+    0x0E,0xE1,0xB9,0x56,0x09,0xE6,0xBE,0x51,
+    0x1C,0xF3,0xAB,0x44,0x1B,0xF4,0xAC,0x43,
+    0x12,0xFD,0xA5,0x4A,0x15,0xFA,0xA2,0x4D,
+    0x38,0xD7,0x8F,0x60,0x3F,0xD0,0x88,0x67,
+    0x36,0xD9,0x81,0x6E,0x31,0xDE,0x86,0x69,
+    0x24,0xCB,0x93,0x7C,0x23,0xCC,0x94,0x7B,
+    0x2A,0xC5,0x9D,0x72,0x2D,0xC2,0x9A,0x75,
+    0x70,0x9F,0xC7,0x28,0x77,0x98,0xC0,0x2F,
+    0x7E,0x91,0xC9,0x26,0x79,0x96,0xCE,0x21,
+    0x6C,0x83,0xDB,0x34,0x6B,0x84,0xDC,0x33,
+    0x62,0x8D,0xD5,0x3A,0x65,0x8A,0xD2,0x3D,
+    0x48,0xA7,0xFF,0x10,0x4F,0xA0,0xF8,0x17,
+    0x46,0xA9,0xF1,0x1E,0x41,0xAE,0xF6,0x19,
+    0x54,0xBB,0xE3,0x0C,0x53,0xBC,0xE4,0x0B,
+    0x5A,0xB5,0xED,0x02,0x5D,0xB2,0xEA,0x05,
+    0xE0,0x0F,0x57,0xB8,0xE7,0x08,0x50,0xBF,
+    0xEE,0x01,0x59,0xB6,0xE9,0x06,0x5E,0xB1,
+    0xFC,0x13,0x4B,0xA4,0xFB,0x14,0x4C,0xA3,
+    0xF2,0x1D,0x45,0xAA,0xF5,0x1A,0x42,0xAD,
+    0xD8,0x37,0x6F,0x80,0xDF,0x30,0x68,0x87,
+    0xD6,0x39,0x61,0x8E,0xD1,0x3E,0x66,0x89,
+    0xC4,0x2B,0x73,0x9C,0xC3,0x2C,0x74,0x9B,
+    0xCA,0x25,0x7D,0x92,0xCD,0x22,0x7A,0x95,
+    0x90,0x7F,0x27,0xC8,0x97,0x78,0x20,0xCF,
+    0x9E,0x71,0x29,0xC6,0x99,0x76,0x2E,0xC1,
+    0x8C,0x63,0x3B,0xD4,0x8B,0x64,0x3C,0xD3,
+    0x82,0x6D,0x35,0xDA,0x85,0x6A,0x32,0xDD,
+    0xA8,0x47,0x1F,0xF0,0xAF,0x40,0x18,0xF7,
+    0xA6,0x49,0x11,0xFE,0xA1,0x4E,0x16,0xF9,
+    0xB4,0x5B,0x03,0xEC,0xB3,0x5C,0x04,0xEB,
+    0xBA,0x55,0x0D,0xE2,0xBD,0x52,0x0A,0xE5 };
+
+static inline DWORD mds_mul(BYTE *y)
+{ DWORD z;
+
+  z=Mul_EF[y[0]] ^ y[1] ^ Mul_EF[y[2]] ^ Mul_5B[y[3]];
+  z<<=8;
+  z|=Mul_EF[y[0]] ^ Mul_5B[y[1]] ^ y[2] ^ Mul_EF[y[3]];
+  z<<=8;
+  z|=Mul_5B[y[0]] ^ Mul_EF[y[1]] ^ Mul_EF[y[2]] ^ y[3];
+  z<<=8;
+  z|=y[0] ^ Mul_EF[y[1]] ^ Mul_5B[y[2]] ^ Mul_5B[y[3]];
+
+  return z;
+}
+
+/* q0 and q1 are the lookup substitutions done in twofish */
+
+static unsigned char q0[256] =
+{      0xA9, 0x67, 0xB3, 0xE8, 0x04, 0xFD, 0xA3, 0x76,
+       0x9A, 0x92, 0x80, 0x78, 0xE4, 0xDD, 0xD1, 0x38,
+       0x0D, 0xC6, 0x35, 0x98, 0x18, 0xF7, 0xEC, 0x6C,
+       0x43, 0x75, 0x37, 0x26, 0xFA, 0x13, 0x94, 0x48,
+       0xF2, 0xD0, 0x8B, 0x30, 0x84, 0x54, 0xDF, 0x23,
+       0x19, 0x5B, 0x3D, 0x59, 0xF3, 0xAE, 0xA2, 0x82,
+       0x63, 0x01, 0x83, 0x2E, 0xD9, 0x51, 0x9B, 0x7C,
+       0xA6, 0xEB, 0xA5, 0xBE, 0x16, 0x0C, 0xE3, 0x61,
+       0xC0, 0x8C, 0x3A, 0xF5, 0x73, 0x2C, 0x25, 0x0B,
+       0xBB, 0x4E, 0x89, 0x6B, 0x53, 0x6A, 0xB4, 0xF1,
+       0xE1, 0xE6, 0xBD, 0x45, 0xE2, 0xF4, 0xB6, 0x66,
+       0xCC, 0x95, 0x03, 0x56, 0xD4, 0x1C, 0x1E, 0xD7,
+       0xFB, 0xC3, 0x8E, 0xB5, 0xE9, 0xCF, 0xBF, 0xBA,
+       0xEA, 0x77, 0x39, 0xAF, 0x33, 0xC9, 0x62, 0x71,
+       0x81, 0x79, 0x09, 0xAD, 0x24, 0xCD, 0xF9, 0xD8,
+       0xE5, 0xC5, 0xB9, 0x4D, 0x44, 0x08, 0x86, 0xE7,
+       0xA1, 0x1D, 0xAA, 0xED, 0x06, 0x70, 0xB2, 0xD2,
+       0x41, 0x7B, 0xA0, 0x11, 0x31, 0xC2, 0x27, 0x90,
+       0x20, 0xF6, 0x60, 0xFF, 0x96, 0x5C, 0xB1, 0xAB,
+       0x9E, 0x9C, 0x52, 0x1B, 0x5F, 0x93, 0x0A, 0xEF,
+       0x91, 0x85, 0x49, 0xEE, 0x2D, 0x4F, 0x8F, 0x3B,
+       0x47, 0x87, 0x6D, 0x46, 0xD6, 0x3E, 0x69, 0x64,
+       0x2A, 0xCE, 0xCB, 0x2F, 0xFC, 0x97, 0x05, 0x7A,
+       0xAC, 0x7F, 0xD5, 0x1A, 0x4B, 0x0E, 0xA7, 0x5A,
+       0x28, 0x14, 0x3F, 0x29, 0x88, 0x3C, 0x4C, 0x02,
+       0xB8, 0xDA, 0xB0, 0x17, 0x55, 0x1F, 0x8A, 0x7D,
+       0x57, 0xC7, 0x8D, 0x74, 0xB7, 0xC4, 0x9F, 0x72,
+       0x7E, 0x15, 0x22, 0x12, 0x58, 0x07, 0x99, 0x34,
+       0x6E, 0x50, 0xDE, 0x68, 0x65, 0xBC, 0xDB, 0xF8,
+       0xC8, 0xA8, 0x2B, 0x40, 0xDC, 0xFE, 0x32, 0xA4,
+       0xCA, 0x10, 0x21, 0xF0, 0xD3, 0x5D, 0x0F, 0x00,
+       0x6F, 0x9D, 0x36, 0x42, 0x4A, 0x5E, 0xC1, 0xE0};
+
+static unsigned char q1[256] =
+{      0x75, 0xF3, 0xC6, 0xF4, 0xDB, 0x7B, 0xFB, 0xC8,
+       0x4A, 0xD3, 0xE6, 0x6B, 0x45, 0x7D, 0xE8, 0x4B,
+       0xD6, 0x32, 0xD8, 0xFD, 0x37, 0x71, 0xF1, 0xE1,
+       0x30, 0x0F, 0xF8, 0x1B, 0x87, 0xFA, 0x06, 0x3F,
+       0x5E, 0xBA, 0xAE, 0x5B, 0x8A, 0x00, 0xBC, 0x9D,
+       0x6D, 0xC1, 0xB1, 0x0E, 0x80, 0x5D, 0xD2, 0xD5,
+       0xA0, 0x84, 0x07, 0x14, 0xB5, 0x90, 0x2C, 0xA3,
+       0xB2, 0x73, 0x4C, 0x54, 0x92, 0x74, 0x36, 0x51,
+       0x38, 0xB0, 0xBD, 0x5A, 0xFC, 0x60, 0x62, 0x96,
+       0x6C, 0x42, 0xF7, 0x10, 0x7C, 0x28, 0x27, 0x8C,
+       0x13, 0x95, 0x9C, 0xC7, 0x24, 0x46, 0x3B, 0x70,
+       0xCA, 0xE3, 0x85, 0xCB, 0x11, 0xD0, 0x93, 0xB8,
+       0xA6, 0x83, 0x20, 0xFF, 0x9F, 0x77, 0xC3, 0xCC,
+       0x03, 0x6F, 0x08, 0xBF, 0x40, 0xE7, 0x2B, 0xE2,
+       0x79, 0x0C, 0xAA, 0x82, 0x41, 0x3A, 0xEA, 0xB9,
+       0xE4, 0x9A, 0xA4, 0x97, 0x7E, 0xDA, 0x7A, 0x17,
+       0x66, 0x94, 0xA1, 0x1D, 0x3D, 0xF0, 0xDE, 0xB3,
+       0x0B, 0x72, 0xA7, 0x1C, 0xEF, 0xD1, 0x53, 0x3E,
+       0x8F, 0x33, 0x26, 0x5F, 0xEC, 0x76, 0x2A, 0x49,
+       0x81, 0x88, 0xEE, 0x21, 0xC4, 0x1A, 0xEB, 0xD9,
+       0xC5, 0x39, 0x99, 0xCD, 0xAD, 0x31, 0x8B, 0x01,
+       0x18, 0x23, 0xDD, 0x1F, 0x4E, 0x2D, 0xF9, 0x48,
+       0x4F, 0xF2, 0x65, 0x8E, 0x78, 0x5C, 0x58, 0x19,
+       0x8D, 0xE5, 0x98, 0x57, 0x67, 0x7F, 0x05, 0x64,
+       0xAF, 0x63, 0xB6, 0xFE, 0xF5, 0xB7, 0x3C, 0xA5,
+       0xCE, 0xE9, 0x68, 0x44, 0xE0, 0x4D, 0x43, 0x69,
+       0x29, 0x2E, 0xAC, 0x15, 0x59, 0xA8, 0x0A, 0x9E,
+       0x6E, 0x47, 0xDF, 0x34, 0x35, 0x6A, 0xCF, 0xDC,
+       0x22, 0xC9, 0xC0, 0x9B, 0x89, 0xD4, 0xED, 0xAB,
+       0x12, 0xA2, 0x0D, 0x52, 0xBB, 0x02, 0x2F, 0xA9,
+       0xD7, 0x61, 0x1E, 0xB4, 0x50, 0x04, 0xF6, 0xC2,
+       0x16, 0x25, 0x86, 0x56, 0x55, 0x09, 0xBE, 0x91
+       };
+
+
+static DWORD f32(DWORD x, const DWORD * k32, int keyLen)
+{
+  BYTE b[4];
+
+  /* Run each byte thru 8x8 S-boxes, xoring with key byte at each stage. */
+  /* Note that each byte goes through a different combination of S-boxes. */
+
+  *((DWORD *) b) = Bswap(x);   /* make b[0] = LSB, b[3] = MSB */
+
+  switch (((keyLen + 63) / 64) & 3)
+  {
+  case 0:                      /* 256 bits of key */
+    b[0] = q1[b[0]];
+    b[1] = q0[b[1]];
+    b[2] = q0[b[2]];
+    b[3] = q1[b[3]];
+
+    *((DWORD *) b) ^= k32[3];
+
+    /* fall thru, having pre-processed b[0]..b[3] with k32[3] */
+  case 3:                      /* 192 bits of key */
+    b[0] = q1[b[0]];
+    b[1] = q1[b[1]];
+    b[2] = q0[b[2]];
+    b[3] = q0[b[3]];
+
+    *((DWORD *) b) ^= k32[2];
+
+    /* fall thru, having pre-processed b[0]..b[3] with k32[2] */
+  case 2:                      /* 128 bits of key */
+    b[0] = q0[b[0]];
+    b[1] = q1[b[1]];
+    b[2] = q0[b[2]];
+    b[3] = q1[b[3]];
+
+    *((DWORD *) b) ^= k32[1];
+
+    b[0] = q0[b[0]];
+    b[1] = q0[b[1]];
+    b[2] = q1[b[2]];
+    b[3] = q1[b[3]];
+
+    *((DWORD *) b) ^= k32[0];
+
+    b[0] = q1[b[0]];
+    b[1] = q0[b[1]];
+    b[2] = q1[b[2]];
+    b[3] = q0[b[3]];
+  }
+
+
+  /* Now perform the MDS matrix multiply inline. */
+  return mds_mul(b);
+}
+
+
+static void init_sbox(fish2_key *key)
+{ DWORD x,*sbox,z,*k32;
+  int i,keyLen;
+  BYTE b[4];
+
+  k32=key->sboxKeys;
+  keyLen=key->keyLen;
+  sbox=key->sbox_full;
+
+  x=0;
+  for (i=0;i<256;i++,x+=0x01010101)
+  {
+    *((DWORD *) b) = Bswap(x); /* make b[0] = LSB, b[3] = MSB */
+
+    switch (((keyLen + 63) / 64) & 3)
+    {
+    case 0:                    /* 256 bits of key */
+      b[0] = q1[b[0]];
+      b[1] = q0[b[1]];
+      b[2] = q0[b[2]];
+      b[3] = q1[b[3]];
+
+      *((DWORD *) b) ^= k32[3];
+
+      /* fall thru, having pre-processed b[0]..b[3] with k32[3] */
+    case 3:                    /* 192 bits of key */
+      b[0] = q1[b[0]];
+      b[1] = q1[b[1]];
+      b[2] = q0[b[2]];
+      b[3] = q0[b[3]];
+
+      *((DWORD *) b) ^= k32[2];
+
+      /* fall thru, having pre-processed b[0]..b[3] with k32[2] */
+    case 2:                    /* 128 bits of key */
+      b[0] = q0[b[0]];
+      b[1] = q1[b[1]];
+      b[2] = q0[b[2]];
+      b[3] = q1[b[3]];
+
+      *((DWORD *) b) ^= k32[1];
+
+      b[0] = q0[b[0]];
+      b[1] = q0[b[1]];
+      b[2] = q1[b[2]];
+      b[3] = q1[b[3]];
+
+      *((DWORD *) b) ^= k32[0];
+
+      b[0] = q1[b[0]];
+      b[1] = q0[b[1]];
+      b[2] = q1[b[2]];
+      b[3] = q0[b[3]];
+    }
+
+    z=Mul_EF[b[0]];
+    z<<=8;
+    z|=Mul_EF[b[0]];
+    z<<=8;
+    z|=Mul_5B[b[0]];
+    z<<=8;
+    z|=b[0];
+
+    sbox[i]=z;
+
+    z=b[1];
+    z<<=8;
+    z|=Mul_5B[b[1]];
+    z<<=8;
+    z|=Mul_EF[b[1]];
+    z<<=8;
+    z|=Mul_EF[b[1]];
+
+    sbox[i+256]=z;
+
+    z=Mul_EF[b[2]];
+    z<<=8;
+    z|=b[2];
+    z<<=8;
+    z|=Mul_EF[b[2]];
+    z<<=8;
+    z|=Mul_5B[b[2]];
+
+    sbox[i+512]=z;
+
+    z=Mul_5B[b[3]];
+    z<<=8;
+    z|=Mul_EF[b[3]];
+    z<<=8;
+    z|=b[3];
+    z<<=8;
+    z|=Mul_5B[b[3]];
+
+    sbox[i+768]=z;
+  }
+}
+
+
+/* Reed-Solomon code parameters: (12,8) reversible code
+   g(x) = x**4 + (a + 1/a) x**3 + a x**2 + (a + 1/a) x + 1
+   where a = primitive root of field generator 0x14D */
+#define RS_GF_FDBK      0x14D   /* field generator */
+#define RS_rem(x) \
+    { BYTE  b  =   x >> 24; \
+      DWORD g2 = ((b << 1) ^ ((b & 0x80) ? RS_GF_FDBK : 0 )) & 0xFF; \
+      DWORD g3 = ((b >> 1) & 0x7F) ^ ((b & 1) ? RS_GF_FDBK >> 1 : 0 ) ^ g2 ; \
+      x = (x << 8) ^ (g3 << 24) ^ (g2 << 16) ^ (g3 << 8) ^ b; \
+    }
+
+static DWORD rs_mds(DWORD k0, DWORD k1)
+{
+  int i, j;
+  DWORD r;
+
+  for (i = r = 0; i < 2; i++)
+  {
+    r ^= (i) ? k0 : k1;     /* merge in 32 more key bits */
+    for (j = 0; j < 4; j++) /* shift one byte at a time */
+      RS_rem(r);
+  }
+  return r;
+}
+
+
+#define                INPUT_WHITEN            0       /* subkey array indices */
+#define                OUTPUT_WHITEN           4
+#define                ROUND_SUBKEYS           8       /* use 2 * (# rounds) */
+#define                TOTAL_SUBKEYS           40
+
+static void init_key(fish2_key * key)
+{
+  int i, k64Cnt;
+  int keyLen = key->keyLen;
+  int subkeyCnt = TOTAL_SUBKEYS;
+  DWORD A, B;
+  DWORD k32e[4], k32o[4];      /* even/odd key dwords */
+
+  k64Cnt = (keyLen + 63) / 64; /* round up to next multiple of 64 bits */
+  for (i = 0; i < k64Cnt; i++)
+  {                            /* split into even/odd key dwords */
+    k32e[i] = ((DWORD *)key->key)[2 * i];
+    k32o[i] = ((DWORD *)key->key)[2 * i + 1];
+    /* compute S-box keys using (12,8) Reed-Solomon code over GF(256) */
+    /* store in reverse order */
+    key->sboxKeys[k64Cnt - 1 - i] =
+      Bswap(rs_mds(Bswap(k32e[i]), Bswap(k32o[i])));
+
+  }
+
+  for (i = 0; i < subkeyCnt / 2; i++)  /* compute round subkeys for PHT */
+  {
+    A = f32(i * 0x02020202, k32e, keyLen);             /* A uses even key dwords */
+    B = f32(i * 0x02020202 + 0x01010101, k32o, keyLen);        /* B uses odd  key
+                                                          dwords */
+    B = ROL(B, 8);
+    key->subKeys[2 * i] = A + B;       /* combine with a PHT */
+    key->subKeys[2 * i + 1] = ROL(A + 2 * B, 9);
+  }
+
+  init_sbox(key);
+}
+
+
+static inline DWORD f32_sbox(DWORD x,DWORD *sbox)
+{
+  /* Run each byte thru 8x8 S-boxes, xoring with key byte at each stage. */
+  /* Note that each byte goes through a different combination of S-boxes. */
+
+  return (sbox[        (x)     &0xff]^
+          sbox[256 + (((x)>> 8)&0xff)]^
+          sbox[512 + (((x)>>16)&0xff)]^
+          sbox[768 + (((x)>>24)&0xff)]);
+}
+
+#define roundE_m(x0,x1,x2,x3,rnd) \
+      t0 = f32_sbox( x0, key->sbox_full ) ; \
+      t1 = f32_sbox( ROL(x1,8), key->sbox_full ); \
+      x2 ^= t0 + t1 + key->subKeys[2*rnd+8]; \
+      x3 = ROL(x3,1); \
+      x3 ^= t0 + 2*t1 + key->subKeys[2*rnd+9]; \
+      x2 = ROR(x2,1);
+
+
+static int blockEncrypt_CBC(fish2_key *key,BYTE *src,BYTE *dst,int len)
+{ DWORD xx0,xx1,xx2,xx3,t0,t1,iv0,iv1,iv2,iv3;
+
+  if (len & 0xF) return -1;
+
+  iv0=0;
+  iv1=0;
+  iv2=0;
+  iv3=0;
+  for (;len>=16;len-=16)
+
+  {
+    if ( ( len & 0x1FF) == 0)
+    { iv0=0;
+      iv1=0;
+      iv2=0;
+      iv3=0;
+    }
+
+    xx0=Bswap(((DWORD *)src)[0]) ^ key->subKeys[0] ^ iv0;
+    xx1=Bswap(((DWORD *)src)[1]) ^ key->subKeys[1] ^ iv1;
+    xx2=Bswap(((DWORD *)src)[2]) ^ key->subKeys[2] ^ iv2;
+    xx3=Bswap(((DWORD *)src)[3]) ^ key->subKeys[3] ^ iv3;
+
+    src+=16;
+
+    roundE_m(xx0,xx1,xx2,xx3,0);
+    roundE_m(xx2,xx3,xx0,xx1,1);
+    roundE_m(xx0,xx1,xx2,xx3,2);
+    roundE_m(xx2,xx3,xx0,xx1,3);
+    roundE_m(xx0,xx1,xx2,xx3,4);
+    roundE_m(xx2,xx3,xx0,xx1,5);
+    roundE_m(xx0,xx1,xx2,xx3,6);
+    roundE_m(xx2,xx3,xx0,xx1,7);
+    roundE_m(xx0,xx1,xx2,xx3,8);
+    roundE_m(xx2,xx3,xx0,xx1,9);
+    roundE_m(xx0,xx1,xx2,xx3,10);
+    roundE_m(xx2,xx3,xx0,xx1,11);
+    roundE_m(xx0,xx1,xx2,xx3,12);
+    roundE_m(xx2,xx3,xx0,xx1,13);
+    roundE_m(xx0,xx1,xx2,xx3,14);
+    roundE_m(xx2,xx3,xx0,xx1,15);
+
+    iv0=xx2 ^ key->subKeys[4];
+    iv1=xx3 ^ key->subKeys[5];
+    iv2=xx0 ^ key->subKeys[6];
+    iv3=xx1 ^ key->subKeys[7];
+
+    ((DWORD *)dst)[0] = Bswap(iv0);
+    ((DWORD *)dst)[1] = Bswap(iv1);
+    ((DWORD *)dst)[2] = Bswap(iv2);
+    ((DWORD *)dst)[3] = Bswap(iv3);
+    dst+=16;
+  }
+  return len;
+}
+
+#define roundD_m(x0,x1,x2,x3,rnd) \
+      t0 = f32_sbox( x0, key->sbox_full); \
+      t1 = f32_sbox( ROL(x1,8),key->sbox_full); \
+      x2 = ROL(x2,1); \
+      x3 ^= t0 + 2*t1 + key->subKeys[rnd*2+9]; \
+      x3 = ROR(x3,1); \
+      x2 ^= t0 + t1 + key->subKeys[rnd*2+8];
+
+
+static int blockDecrypt_CBC(fish2_key *key,BYTE *src,BYTE *dst,int len)
+{ DWORD xx0,xx1,xx2,xx3,t0,t1,lx0,lx1,lx2,lx3,iv0,iv1,iv2,iv3;
+
+  if (len & 0xF) return -1;
+
+  iv0=0;
+  iv1=0;
+  iv2=0;
+  iv3=0;
+
+  for (;len>=16;len-=16)
+  {
+    if ( ( len & 0x1FF) == 0)
+    { iv0=0;
+      iv1=0;
+      iv2=0;
+      iv3=0;
+    }
+
+    lx0=iv0;iv0=Bswap(((DWORD *)src)[0]);xx0=iv0 ^ key->subKeys[4];
+    lx1=iv1;iv1=Bswap(((DWORD *)src)[1]);xx1=iv1 ^ key->subKeys[5];
+    lx2=iv2;iv2=Bswap(((DWORD *)src)[2]);xx2=iv2 ^ key->subKeys[6];
+    lx3=iv3;iv3=Bswap(((DWORD *)src)[3]);xx3=iv3 ^ key->subKeys[7];
+    src+=16;
+
+    roundD_m(xx0,xx1,xx2,xx3,15);
+    roundD_m(xx2,xx3,xx0,xx1,14);
+    roundD_m(xx0,xx1,xx2,xx3,13);
+    roundD_m(xx2,xx3,xx0,xx1,12);
+    roundD_m(xx0,xx1,xx2,xx3,11);
+    roundD_m(xx2,xx3,xx0,xx1,10);
+    roundD_m(xx0,xx1,xx2,xx3,9);
+    roundD_m(xx2,xx3,xx0,xx1,8);
+    roundD_m(xx0,xx1,xx2,xx3,7);
+    roundD_m(xx2,xx3,xx0,xx1,6);
+    roundD_m(xx0,xx1,xx2,xx3,5);
+    roundD_m(xx2,xx3,xx0,xx1,4);
+    roundD_m(xx0,xx1,xx2,xx3,3);
+    roundD_m(xx2,xx3,xx0,xx1,2);
+    roundD_m(xx0,xx1,xx2,xx3,1);
+    roundD_m(xx2,xx3,xx0,xx1,0);
+
+    ((DWORD *)dst)[0] = Bswap(xx2 ^ key->subKeys[0] ^ lx0);
+    ((DWORD *)dst)[1] = Bswap(xx3 ^ key->subKeys[1] ^ lx1);
+    ((DWORD *)dst)[2] = Bswap(xx0 ^ key->subKeys[2] ^ lx2);
+    ((DWORD *)dst)[3] = Bswap(xx1 ^ key->subKeys[3] ^ lx3);
+    dst+=16;
+  }
+  return len;
+}
+
+
+int transfer_fish2(struct loop_device *lo, int cmd,
+                   struct page *raw_page, unsigned raw_off,
+                   struct page *loop_page, unsigned loop_off,
+                   int size, sector_t IV)
+{
+  char *raw_buf = kmap_atomic(raw_page, KM_USER0) + raw_off;
+  char *loop_buf = kmap_atomic(loop_page, KM_USER1) + loop_off;
+
+  if (cmd == READ)
+    blockDecrypt_CBC((fish2_key *)lo->key_data,raw_buf,loop_buf,size);
+  else
+    blockEncrypt_CBC((fish2_key *)lo->key_data,loop_buf,raw_buf,size);
+
+  kunmap_atomic(raw_buf, KM_USER0);
+  kunmap_atomic(loop_buf, KM_USER1);
+  cond_resched();
+
+  return 0;
+}
+
+int fish2_init(struct loop_device *lo,const struct loop_info64 *info)
+{ fish2_key *key;
+
+  if (info->lo_encrypt_key_size<16 || info->lo_encrypt_key_size>32)
+    return -EINVAL;
+
+  key=(fish2_key *)kmalloc(sizeof(fish2_key),GFP_KERNEL);
+
+  if (key==NULL)
+    return -ENOMEM;
+
+  lo->key_data=key;
+
+  memset(key->key,0,32);
+
+  key->keyLen=info->lo_encrypt_key_size << 3;
+  memcpy(key->key,info->lo_encrypt_key,info->lo_encrypt_key_size);
+
+  init_key(key);
+
+  return 0;
+}
+
+static int fish2_release(struct loop_device *lo)
+{ if (lo->key_data!=NULL)
+  {
+    kfree(lo->key_data);
+    lo->key_data=NULL;
+  }
+  return(0);
+}
+
+static struct loop_func_table fish2_funcs =
+{ .number = LO_CRYPT_FISH2,
+  .transfer = transfer_fish2,
+  .init = fish2_init,
+  .release = fish2_release,
+  .owner = THIS_MODULE
+};
+
+int __init loop_fish2_init(void)
+{
+  int err;
+
+  if ((err=loop_register_transfer(&fish2_funcs)))
+  {
+    printk(KERN_WARNING "Couldn't register Twofish encryption\n");
+    return err;
+  }
+  printk(KERN_INFO "loop: registered Twofish encryption \n");
+  return 0;
+}
+
+void __exit loop_fish2_exit(void)
+{
+  if (loop_unregister_transfer(LO_CRYPT_FISH2))
+    printk(KERN_WARNING "Couldn't unregister Twofish encryption\n");
+  printk(KERN_INFO "loop: unregistered Twofish encryption \n");
+}
+
+module_init(loop_fish2_init);
+module_exit(loop_fish2_exit);
+MODULE_LICENSE("GPL");