diff -Nur linux-2.4.18/Documentation/Configure.help linux-int-2.4.18/Documentation/Configure.help --- linux-2.4.18/Documentation/Configure.help Mon Feb 25 20:37:51 2002 +++ linux-int-2.4.18/Documentation/Configure.help Wed Apr 3 17:33:11 2002 @@ -24382,6 +24382,387 @@ information: http://www.candelatech.com/~greear/vlan.html If unsure, you can safely say 'N'. +Cryptographic API +CONFIG_CRYPTO + If you answer yes to this option, the cryptographic kernel API + framework will be enabled, and you'll be presented with additional + questions about cryptographic algorithms and kernel components + making use of the cryptographic API. + + See also + + The latest version of this component can be found at + + + If you don't need cryptographic extensions, say N. + +Generic cryptogrpahic filter for loop device driver +CONFIG_CRYPTOLOOP + If you answer yes to this option, the loop driver will be able to + use all cryptographic ciphers selected below. + + This loop filter will use the ciphers in CBC-mode which is more + secure than ECB-mode. This module will also initialize the CBC-mode + of the cipher with the block-number of the block being encrypted. + + Make sure you have patched your loop driver otherwise this filter + won't compile. See for + more information. + + *WARNING* Due to the broken IV metric in the 2.4.x kernel series, + this filter is not compatible with the on-disc format of encrypted + volumes encrypted up to version 2.4.3 of the international patch! + You will have to convert your "old" encrypted volumes to the new IV + metric. + +Crypto ciphers +CONFIG_CIPHERS + Ciphers basically help us scramble data so that other people don't + get access to it. Useful applications for this include hiding hard + drive contents or network traffic from unauthorized eyes. Compare a + file encrypted with a cipher with very good safe: The document is in + it, you can carry the document with you (if the safe is not too + heavy), but others can steal it, too. However, they will not be able + to read the document if the safe is any good. + + Mathematically speaking, a cipher is a parameter-dependant function + E(K, ) that takes a fixed-length block M (usually 64 or 128 bits) + and maps it onto another (usually equal-sized) block C=E(K,M) in such + a way that, without knowledge of the "key" K, it is hard to compute + + 1. M, if C and the function E are given, + + 2. C, if M is given and the function E is known. + + M is called the 'plaintext' and C the 'ciphertext'. The above + properties are commonly described as "All the security of the cipher + lies in its key". However, there always exists the inverse function + D(K, ) of E(K, ) such that D(K,E(K,M))=M for any M. The ideal + cipher is one where it is impossible to compute M if you have C, but + not K. In this case, the easiest way to break the cipher is to use + 'brute-force', i.e. try all K in turn until you hit the right + one. With most ciphers in this library, K is a 128-bit number. Here, + brute-force attacks are infeasible since they require testing all + 2^128 possible keys K, which would take far too long on any + conceivable computer (some big multiple of the age of the universe + for example). + + Unfortunately, the ideal cipher has not been found yet, so most + ciphers in this library, or certain 'reduced-round' versions + thereof, can be broken faster than brute-force. A cipher is secure, + if it cannot be broken _much_ faster than brute-force and + brute-force is infeasible. + + If you say 'Y' or 'M' here, you are able to select a variety of + ciphers for the Cipher-API. Ciphers you select below can then be + used by cryptographic kernel modules. If you say 'N' here, those + modules will use their own implementations or even not work at all. + + If unsure, say 'N'. + +Digest algorithms +CONFIG_DIGESTS + A message digest (or 'one-way function' or 'hash') is a function H + that maps an arbitrary-length message M onto a 128-bit or 160-bit + number h=H(M) such that the following conditions are satisfied: + + 1. For a given M, it is easy to compute h=H(M). + + 2. For a given h, it is hard to find M such that h=H(M). + + 3. For a given M, it is hard to find another message M' such that + H(M')=H(M). + + 4. It is hard to find M, M' such that H(M)=H(M'). + + This makes the name 'one-way function' plausible. Hashes are widely + used by cryptographic programs. E.g. the Linux kernel uses a hash to + generate random numbers. + +# Marc Mutz : this will be the help text, once this +# functionality is in place: +# If you say 'Y' here and select the SHA-1 message digest below, +# then the drivers for /dev/random and /dev/urandom will use the +# digest api instead of their own implementation. This will not work +# if you build as modules. +# + If you say 'Y' or 'M' here, cryptographic modules are able to use + the Digest-API if they need a hash function. If you say 'N' here, + they will use their own implementations (which will probably + increase the size of the compiled kernel if there are more than one + such modules). + + If unsure, say 'N'. + +#EOF# David Bryson Wed, Mar 20, 2002 +# Config.help descriptions for CryptoAPI cipher functions + +AES (aka Rijndael) cipher +CONFIG_CIPHER_AES + If you answer yes to this option, the Rijndael cipher will be + compiled into your kernel. Rijndael was submitted to the AES(Advanced + Encryption Standard) cipher competition and won, becoming the AES sta- + ndard. It supports key sizes of 128, 192, and 256 bits which executes + 10, 12, and 14 rounds respectively. + This cipher is freely available for anyone to use. And the CryptoAPI + implementation is under a BSD-style license of unrestricted, free use. + + See also + + This driver is also available as a module ( = code which can be + inserted in and removed from the running kernel whenever you want). + The module will be called cipher-aes.o. If you want to compile it as a + module, say M here and read . + +Twofish cipher +CONFIG_CIPHER_TWOFISH + If you answer yes to this option, the Twofish cipher will be compiled + into your kernel. Twofish was submitted as an AES(Advanced Encryption + Standard) candidate cipher by researchers at CounterPane Systems. It + is a 16 round block cipher supporting key sizes of 128, 192, and 256 + bits. + Twofish is unpatented and is free to use. The CryptoAPI + implementation is release to public domain. + + See also + + This driver is also available as a module ( = code which can be + inserted in and removed from the running kernel whenever you want). + The module will be called cipher-twofish.o. If you want to compile it + as a module, say M here and read . + +MARS cipher +CONFIG_CIPHER_MARS + If you answer yes to this option, the MARS cipher will be compiled + into your kernel. MARS was submitted as an AES(Advanced Encryption + Standard) candidate cipher by researchers at IBM. It is a variable + key size 32 round cipher, although only 128, 192, and 256 bits are + supported. + The MARS algorithm is owned under patent by IBM, but they have a royal- + ty free license for it. The CryptoAPI impelementation is free for use + by all. + + See also + and + + This driver is also available as a module ( = code which can be + inserted in and removed from the running kernel whenever you want). + The module will be called cipher-mars.o. If you want to compile it as + a module, say M here and read . + +# Finish description here, xpdf doesn't render this correctly +RC6 cipher +CONFIG_CIPHER_RC6 + If you answer yes to this option, the RC6(Rivest Cipher 6) cipher will + be compiled into your kernel. RC6 was submitted as an AES(Advanced + Encryption Standard) candidate cipher by researchers at RSA Security. + The RC6 algorithm is owned and patented by RSA Security. +# find accurate licensing info + + See also + + This driver is also available as a module ( = code which can be + inserted in and removed from the running kernel whenever you want). + The module will be called cipher-rc6.o. If you want to compile it as a + module, say M here and read . + +Serpent cipher +CONFIG_CIPHER_SERPENT + If you answer yes to this option, the Serpent cipher will be compiled + into your kernel. Serpent was submitted as an AES(Advanced Encryption + Standard) candidate cipher ranking second to rijndael. It is a 32 rou- + nd cipher with 128, 192, and 256 bit key sizes. + Serpent is released under the public domain for use by anyone. The + CryptoAPI implementation is released under the GPL. + + See also + + This driver is also available as a module ( = code which can be + inserted in and removed from the running kernel whenever you want). + The module will be called cipher-serpent.o. If you want to compile it + as a module, say M here and read . + +DFC cipher +CONFIG_CIPHER_DFC + If you answer yes to this option the DFC(Decorrolated Fast Cipher) + will be compiled into your kernel. DFC was submitted as an AES(Advan- + ced Encryption Standard) candidate cipher with 8 rounds and a key size + of 128, 192, and 256 bits. + DFC is currently owned under patent WO9820643 in the French National + Institute for Industrial Property. The CryptoAPI implementation is + released under the same restrictions as the DFC cipher is. +# find more info about the license, info is hard to find :-( + + See also + + This driver is also available as a module ( = code which can be + inserted in and removed from the running kernel whenever you want). + The module will be called cipher-dfc.o. If you want to compile it as a + module, say M here and read . + +# find documentation finish brief +CAST5 cipher +CONFIG_CIPHER_CAST5 + If you answer yes to this option the CAST5 cipher will be compiled + into your kernel. CAST was designed by Carlisle Adams and Stafford Ta- + vares, CAST5 is a version of the original CAST cipher modified for 128- + bit block size. + CAST5 is availiable royalty free for commercial and non-commercial use. + The CryptoAPI implementation is released under the GPL. + + See also + + This driver is also available as a module ( = code which can be + inserted in and removed from the running kernel whenever you want). + The module will be called cipher-cast5.o. If you want to compile it as + a module, say M here and read . + +DES cipher +CONFIG_CIPHER_DES + If you answer yes to this option the DES(Data Encryption Standard) + cipher will be compiled into your kernel. This cipher was designed + by IBM and the NSA based on the Lucifer cipher designed by IBM. + It supports a 56-bit key size and is a 16 round cipher. + It should be noted that DES has a keylength of only 56 bits, which + is insufficient to provide real security today. + The DES algorithm has no restrictions on its use. The CryptoAPI impl- + ementation of DES is released under the GPL. + + See also + + This driver is also available as a module ( = code which can be + inserted in and removed from the running kernel whenever you want). + The module will be called cipher-des.o. If you want to compile it as a + module, say M here and read . + +# find a good 3des link, or just repeat the DES rfc +3DES cipher +CONFIG_CIPHER_DES_EDE3 + If you answer yes to this option the 3DES cipher will be compiled into + your kernel. This cipher is a modification of the DES algorithm which + increases the effective keysize to 112-bits. Instead of using one 56- + bit key(DES) you can use either 2 or 3 56-bit keys. + If E(K) is the original DES algorithm then 3DES is: + E(K1)->D(K2)->E(K3) + or with 2 keys + E(K1)->D(K2)->E(K1) + Where K1 != K2 != K3 or K1 != K2. 3DES is 3x slower than DES. + If K1 = K2 = K3 this breaks down to normal DES with 3x the runtime. + The CryptoAPI implementation of 3DES is released under the GPL. + + See also + + This driver is also available as a module ( = code which can be + inserted in and removed from the running kernel whenever you want). + The module will be called cipher-des_ede3.o. If you want to compile it + as a module, say M here and read . + +IDEA cipher +CONFIG_CIPHER_IDEA + If you answer yes to this option the IDEA(International Data Encrypt- + ion Algorithm) cipher will be compiled into your kernel. This cipher + is unlike most other symmetric ciphers in that it does not use any + type of S-box for data obscuring. It is an 8 round algorithm support- + ing a 128-bit key size. + IDEA is patented in Switzerland, Europe, and the United States. It is + free for any non-commercial use. + + See also + + This driver is also available as a module ( = code which can be + inserted in and removed from the running kernel whenever you want). + The module will be called cipher-idea.o. If you want to compile it as a + module, say M here and read . + +Blowfish cipher +CONFIG_CIPHER_BLOWFISH + If you answer yes to this option the Blowfish cipher will be compiled + into your kernel. Blowfish was designed by Bruce Schneier as a free + replacement for DES and IDEA. It is a 16 round cipher supporting 128, + 160, 192, 256 key sizes. + The CryptoAPI implementation of Blowfish is released under the GPL. + + See also + + This driver is also available as a module ( = code which can be + inserted in and removed from the running kernel whenever you want). + The module will be called cipher-blowfish.o. If you want to compile it + as a module, say M here and read . + +RC5 cipher +CONFIG_CIPHER_RC5 + If you answer yes to this option the RC5 cipher will be compiled into + your kernel. RC5 was designed Ronald Rivest as a drop in replacement + for DES. It is a 16 round cipher supporting 128, 192, and 256 bit key + sizes. + RC5 is patented and owned by RSA Security. The CryptoAPI implementation + is free for all to use. + + See also + + This driver is also available as a module ( = code which can be + inserted in and removed from the running kernel whenever you want). + The module will be called cipher-rc5.o. If you want to compile it as a + module, say M here and read . + +Old (mutated-endianess) Blowfish cipher +CONFIG_CIPHER_BLOWFISH_OLD + If you answer yes to this option the Blowfish(old) cipher will be comp- + iled into your kernel. This is an older CryptoAPI implementation of + Blowfish that only works on little-endian systems. It is left for bac- + kward compatability and will be removed in the near future. + + This driver is also available as a module ( = code which can be + inserted in and removed from the running kernel whenever you want). + The module will be called cipher-blowfish_old.o. If you want to + compile it as a module, say M here and read + . + +DUMMY cipher +CONFIG_CIPHER_DUMMY + If you answer yes to this option the DUMMY cipher will be compiled into + your kernel. This is a template for a new cipher to be implemented. + It currently does no encryption. + + This driver is also available as a module ( = code which can be + inserted in and removed from the running kernel whenever you want). + The module will be called cipher-dummy.o. If you want to compile it as + a module, say M here and read . +# David Bryson Thu, Mar 21, 2002 +# Config.help descriptions for CryptoAPI digest functions + +MD5 digest +CONFIG_DIGEST_MD5 + If you answer yes to this option, the MD5(Message Digest 5) digest + will be compiled into your kernel. MD5 is an improved version of MD4 + designed by Ron Rivest, it produces a 128-bit "hash value" from an in- + put of arbitrary length. + There are no restrictions on the use of the MD5 algorithm. The Crypto- + API implementation of MD5 is released under the GPL. + + See also + + This driver is also available as a module ( = code which can be + inserted in and removed from the running kernel whenever you want). + The module will be called digest-md5.o. If you want to compile it as a + module, say M here and read . + +SHA1 digest +CONFIG_DIGEST_SHA1 + If you answer yes to this option the SHA1(Secure Hash Algorithm 1) will + be compiled into your kernel. SHA1 was designed with NIST and the NSA + for use with the Digital Signature Standard. It produces a 160-bit + hash value from an input or arbitrary length. + There are no restrictions on the use of the SHA1 algorithm. The + CryptoAPI implementation of SHA1 is released under the GPL. + + See also + + This driver is also available as a module ( = code which can be + inserted in and removed from the running kernel whenever you want). + The module will be called digest-sha1.o. If you want to compile it as a + module, say M here and read . + # # A couple of things I keep forgetting: # capitalize: AppleTalk, Ethernet, DOS, DMA, FAT, FTP, Internet, diff -Nur linux-2.4.18/Documentation/cryptoapi/README linux-int-2.4.18/Documentation/cryptoapi/README --- linux-2.4.18/Documentation/cryptoapi/README Thu Jan 1 01:00:00 1970 +++ linux-int-2.4.18/Documentation/cryptoapi/README Wed Apr 3 17:28:57 2002 @@ -0,0 +1,32 @@ +-*- text -*- + The International Kernel Patch + ============================== + (aka Linux Kernel CryptoAPI) + + + What is the International Kernel Patch? + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + Due to previous regulations on export and use of crypto, especially +in the US, the Linux source distribution has not contained crypto up +to this point. The International Kernel Patch has tried to remedy this +situation by providing the missing functionality in the form of a +unified patch to the Linux kernel source. + + Lately, some US export restrictions have been lifted, and it is +therefore possible that crypto will be part of the linux kernel source +code in the future. However, until that happens, this is where you can +get crypto support in your linux kernel. + + The International Kernel Patch is not endorsed by Linus Torvalds and +should therefore not be considered to be part of the official Linux +kernel source. + + + What is the Linux Kernel CryptoAPI? + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +[...to be written...] + +-- +$Id: README,v 1.1 2002/03/29 16:22:30 hvr Exp $ diff -Nur linux-2.4.18/Documentation/cryptoapi/cryptoapi.txt linux-int-2.4.18/Documentation/cryptoapi/cryptoapi.txt --- linux-2.4.18/Documentation/cryptoapi/cryptoapi.txt Thu Jan 1 01:00:00 1970 +++ linux-int-2.4.18/Documentation/cryptoapi/cryptoapi.txt Wed Apr 3 17:28:57 2002 @@ -0,0 +1,156 @@ +CryptoAPI +========= + +if you are interested in encrypting your data on persistent storage, +you should take a look at + +/* this document is still incomplete */ + +how to make use of the cryptographic API in kernelspace: +(see also the header!) + +Ciphers +~~~~~~~ +example code: + +#include + +struct cipher_context* +setup_cipher (const char *ciphername, const u8 *key, u32 keylen) +{ + int error = 0; + struct cipher_context *cx = NULL; + struct cipher_implementation* ci = NULL; + + ci = find_cipher_by_name (ciphername, 1 /* == atomic - i.e. cipher must not sleep */); + + if (!ci) /* cipher not found */ + return NULL; + + ci->lock (); + + cx = ci->realloc_context (NULL, ci, /* max expected */ keylen); + + if (!cx) /* some error */ + { + ci->unlock (); + return NULL; + } + + if (ci->set_key (cx, key, keylen) < 0) + { /* error while setting key */ + ci->wipe_context(cx); + ci->free_context(cx); + ci->unlock (); + return NULL; + } + + return cx; /* everything ok so far */ +} + +int +test_cipher (struct cipher_context *cx, u8 *data, u32 datalen) +{ + int error = 0; + + /* + * operation when passing IV as argument + */ + + u8 iv[cx->ci->ivsize] = { 0, }; /* IV vector */ + + if ((error = cx->ci->encrypt_iv (cx, data, data, datalen, iv)) < 0) + return error; + + /* *data should contain ciphertext now */ + + if ((error = cx->ci->decrypt_iv ( cx, data, data, datalen, iv)) < 0) + return error; + + /* *data should contain plaintext again */ + + /* + * same stuff done w/ IV stored in context + */ + + memset (cx->iv, 0, cx->ci->ivsize); /* clear IV */ + + if ((error = cx->ci->encrypt (cx, data, data, datalen)) < 0) + return error; + + /* *data should contain ciphertext now */ + + if ((error = cx->ci->decrypt ( cx, data, data, datalen)) < 0) + return error; + + return 0; +} + +free_cipher (struct cipher_context* cx) +{ + /* assert (cx != NULL); */ + struct cipher_implementation* ci == cx->ci; + + ci->wipe_context(cx); + ci->free_context(cx); + ci->unlock(); +} + +Digests +~~~~~~~ +example code: + +#include + +struct cipher_context* +setup_digest (const char *digestname, const u8 *key, u32 keylen) +{ + int error = 0; + struct digest_context *dx = NULL; + struct digest_implementation* di = NULL; + + di = find_digest_by_name(digestname, 1); /* atomic */ + + if (!di) /* unknown digest */ + return NULL; + + di->lock(); + + dx = di->realloc_context(NULL, di); /* allocate a context */ + + if (!dx) { /* error */ + di->unlock(); + return NULL; + } + + return dx; /* return the context, ready for use */ +} + +int +test_digest(struct digest_context *dx, u8 *output, u8 *data, u32 datalen) +{ + int error = 0; + + /* update the digest context with the data */ + if ((error = dx->di->update(dx, data, datalen)) < 0) + return error; + + if ((error = dx->di->digest(dx, output)) < 0) /* output digest */ + return error; + + /* try printing the digest */ + printk("digest: %s\n", output); + + return 0; +} + + +free_digest (struct digest_context* dx) +{ + /* assert (dx != NULL); */ + struct digest_implementation* di = dx->di; + + di->free_context(dx); + di->unlock(); +} + diff -Nur linux-2.4.18/Documentation/cryptoapi/cryptoloop.txt linux-int-2.4.18/Documentation/cryptoapi/cryptoloop.txt --- linux-2.4.18/Documentation/cryptoapi/cryptoloop.txt Thu Jan 1 01:00:00 1970 +++ linux-int-2.4.18/Documentation/cryptoapi/cryptoloop.txt Wed Apr 3 17:28:57 2002 @@ -0,0 +1,103 @@ +cryptoloop - a generic cryptographic loop device filter +======================================================= + +In order to make use of this filter, you'll have to patch your loop +driver in order to fix the IV calculation, which broke in the 2.4.x +kernels. +(loop patches may be found at + or +) + +Quickstart +~~~~~~~~~~ + +(if you have old encrypted volumes, please read the section about +conversion below) + +you need a kernel compiled with + *) loop device driver + *) cryptographic support + *) generic crypto loop filter + *) one or more ciphers you want to use for encryption +either as module or statically (if you build them as module, don't +forget to insmod them!) + +you also need a util-linux patched package (see + for some recent +patches) + +read on at + + +Some words about IV calculation +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +There are some problems with the IV calculation up to recent 2.4.x +linux kernels. It's been calculated more or less by + +IV = rel_sector / (blocksize >> 9) + (lo_offset / blocksize) + +The first problem which arises, is that data transfers are not always +guaranteed to have a size of an integral multiple of the blocksize; +This is a problem, because of CBC mode's property of needing the +complete ciphertext block, i.e. you can't cipher or decipher only the +2nd half of a block if you don't know the first half of it! + +Another problem which may be experienced is, when the soft blocksize +changes, i.e. due to different medias, as CDROM block devices and +alike, or when the filesystem layer sets the blocksize to some other +size. + +But there's hope, as all transfer sizes are usually (except for the +last block on file backed loop devices sometimes...) an integral +multiple of 512 byte units (which is linux' atomic sector size); + +So the solution is to stick to a portable, uniform 512 byte based IV +metric! Alas this can't be accomplished without modifying the loop +driver, as the more granular IV metric can't be calculated from the +current dynamic IV metric. + +This change also renders most previously used encrypted volumes +unreadable, which need to be converted to the new IV metric. + +converting from older IV metrics +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The recommended procedure is as follow, in case you don't want to +backup your old data in a conventional manner, and then restore it to +a freshly created encrypted volume with the new IV-metric. + +The more valuable your data is, the more important it is, that you try +the following procedure with some dummy data, before risking your real +data! Cause if something goes wrong you'll have to keep both pieces... + +1) decrypt from within your old kernel version + + 1.1) setup your encrypted loop device, and mount it (this is also + important for making sure, the filesystem layer sets the soft block + size accordingly!) + + 1.2) unmount the filesystem (but leave the loop device setted up) + + 1.3) dd if=/dev/loop0 of=/dev/ make sure + the process does not get interrupted, otherwise you will have a hard + time, reconstructing your data, since you are decrypting the data + back to the same area where the ciphertext was. + +3) make sure the block/file contains the properly deciphered content!! + +2) boot the new kernel featuring the 512byte based IV + follow the instructions for 'encrypting unencrypted volumes' below + +Encrypting unencrypted volumes +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +just as simple as that (please test this before trying on important data) + + 1) set up a new encrypted loop device over the still unencrypted data + 2) dd if=/dev/ of=/dev/loop0 + + + +[...more to follow...] +-- diff -Nur linux-2.4.18/Makefile linux-int-2.4.18/Makefile --- linux-2.4.18/Makefile Mon Feb 25 20:37:52 2002 +++ linux-int-2.4.18/Makefile Wed Apr 3 17:28:57 2002 @@ -120,9 +120,10 @@ CORE_FILES =kernel/kernel.o mm/mm.o fs/fs.o ipc/ipc.o NETWORKS =net/network.o +CRYPTO =crypto/crypto.o LIBS =$(TOPDIR)/lib/lib.a -SUBDIRS =kernel drivers mm fs net ipc lib +SUBDIRS =kernel drivers mm fs net ipc lib crypto DRIVERS-n := DRIVERS-y := @@ -245,7 +246,7 @@ export CPPFLAGS CFLAGS CFLAGS_KERNEL AFLAGS AFLAGS_KERNEL -export NETWORKS DRIVERS LIBS HEAD LDFLAGS LINKFLAGS MAKEBOOT ASFLAGS +export NETWORKS CRYPTO DRIVERS LIBS HEAD LDFLAGS LINKFLAGS MAKEBOOT ASFLAGS .S.s: $(CPP) $(AFLAGS) $(AFLAGS_KERNEL) -traditional -o $*.s $< @@ -264,6 +265,7 @@ $(CORE_FILES) \ $(DRIVERS) \ $(NETWORKS) \ + $(CRYPTO) \ $(LIBS) \ --end-group \ -o vmlinux diff -Nur linux-2.4.18/arch/alpha/config.in linux-int-2.4.18/arch/alpha/config.in --- linux-2.4.18/arch/alpha/config.in Wed Nov 21 00:49:31 2001 +++ linux-int-2.4.18/arch/alpha/config.in Wed Apr 3 17:28:57 2002 @@ -269,6 +269,8 @@ source drivers/md/Config.in +source crypto/Config.in + if [ "$CONFIG_NET" = "y" ]; then source net/Config.in fi diff -Nur linux-2.4.18/arch/arm/config.in linux-int-2.4.18/arch/arm/config.in --- linux-2.4.18/arch/arm/config.in Fri Nov 9 22:58:02 2001 +++ linux-int-2.4.18/arch/arm/config.in Wed Apr 3 17:28:57 2002 @@ -448,6 +448,7 @@ source drivers/pnp/Config.in source drivers/block/Config.in source drivers/md/Config.in +source crypto/Config.in if [ "$CONFIG_ARCH_ACORN" = "y" ]; then source drivers/acorn/block/Config.in diff -Nur linux-2.4.18/arch/cris/config.in linux-int-2.4.18/arch/cris/config.in --- linux-2.4.18/arch/cris/config.in Mon Feb 25 20:37:52 2002 +++ linux-int-2.4.18/arch/cris/config.in Wed Apr 3 17:28:57 2002 @@ -152,6 +152,8 @@ source drivers/md/Config.in +source crypto/Config.in + if [ "$CONFIG_NET" = "y" ]; then source net/Config.in fi diff -Nur linux-2.4.18/arch/i386/config.in linux-int-2.4.18/arch/i386/config.in --- linux-2.4.18/arch/i386/config.in Mon Feb 25 20:37:52 2002 +++ linux-int-2.4.18/arch/i386/config.in Wed Apr 3 17:28:57 2002 @@ -300,6 +300,8 @@ source drivers/md/Config.in +source crypto/Config.in + if [ "$CONFIG_NET" = "y" ]; then source net/Config.in fi diff -Nur linux-2.4.18/arch/ia64/config.in linux-int-2.4.18/arch/ia64/config.in --- linux-2.4.18/arch/ia64/config.in Fri Nov 9 23:26:17 2001 +++ linux-int-2.4.18/arch/ia64/config.in Wed Apr 3 17:28:58 2002 @@ -137,6 +137,7 @@ source drivers/block/Config.in source drivers/message/i2o/Config.in source drivers/md/Config.in +source crypto/Config.in mainmenu_option next_comment comment 'ATA/IDE/MFM/RLL support' diff -Nur linux-2.4.18/arch/m68k/config.in linux-int-2.4.18/arch/m68k/config.in --- linux-2.4.18/arch/m68k/config.in Tue Jun 12 04:15:27 2001 +++ linux-int-2.4.18/arch/m68k/config.in Wed Apr 3 17:28:58 2002 @@ -161,6 +161,8 @@ source drivers/md/Config.in +source crypto/Config.in + if [ "$CONFIG_NET" = "y" ]; then source net/Config.in fi diff -Nur linux-2.4.18/arch/mips/config.in linux-int-2.4.18/arch/mips/config.in --- linux-2.4.18/arch/mips/config.in Mon Oct 15 22:41:34 2001 +++ linux-int-2.4.18/arch/mips/config.in Wed Apr 3 17:28:58 2002 @@ -342,6 +342,8 @@ source drivers/md/Config.in +source crypto/Config.in + if [ "$CONFIG_NET" = "y" ]; then source net/Config.in fi diff -Nur linux-2.4.18/arch/mips64/config.in linux-int-2.4.18/arch/mips64/config.in --- linux-2.4.18/arch/mips64/config.in Sun Sep 9 19:43:02 2001 +++ linux-int-2.4.18/arch/mips64/config.in Wed Apr 3 17:28:58 2002 @@ -150,6 +150,8 @@ source drivers/md/Config.in +source crypto/Config.in + if [ "$CONFIG_NET" = "y" ]; then source net/Config.in fi diff -Nur linux-2.4.18/arch/ppc/config.in linux-int-2.4.18/arch/ppc/config.in --- linux-2.4.18/arch/ppc/config.in Mon Feb 25 20:37:55 2002 +++ linux-int-2.4.18/arch/ppc/config.in Wed Apr 3 17:28:58 2002 @@ -242,6 +242,7 @@ source drivers/pnp/Config.in source drivers/block/Config.in source drivers/md/Config.in +source crypto/Config.in if [ "$CONFIG_NET" = "y" ]; then source net/Config.in diff -Nur linux-2.4.18/arch/sh/config.in linux-int-2.4.18/arch/sh/config.in --- linux-2.4.18/arch/sh/config.in Mon Feb 25 20:37:56 2002 +++ linux-int-2.4.18/arch/sh/config.in Wed Apr 3 17:28:58 2002 @@ -223,6 +223,8 @@ source drivers/md/Config.in +source crypto/Config.in + if [ "$CONFIG_NET" = "y" ]; then source net/Config.in fi diff -Nur linux-2.4.18/arch/sparc/config.in linux-int-2.4.18/arch/sparc/config.in --- linux-2.4.18/arch/sparc/config.in Tue Jun 12 04:15:27 2001 +++ linux-int-2.4.18/arch/sparc/config.in Wed Apr 3 17:28:58 2002 @@ -102,6 +102,7 @@ #fi source drivers/md/Config.in +source crypto/Config.in tristate 'RAM disk support' CONFIG_BLK_DEV_RAM if [ "$CONFIG_BLK_DEV_RAM" = "y" -o "$CONFIG_BLK_DEV_RAM" = "m" ]; then diff -Nur linux-2.4.18/arch/sparc64/config.in linux-int-2.4.18/arch/sparc64/config.in --- linux-2.4.18/arch/sparc64/config.in Fri Dec 21 18:41:53 2001 +++ linux-int-2.4.18/arch/sparc64/config.in Wed Apr 3 17:28:58 2002 @@ -106,6 +106,7 @@ dep_tristate 'Network block device support' CONFIG_BLK_DEV_NBD $CONFIG_NET source drivers/md/Config.in +source crypto/Config.in tristate 'RAM disk support' CONFIG_BLK_DEV_RAM if [ "$CONFIG_BLK_DEV_RAM" = "y" -o "$CONFIG_BLK_DEV_RAM" = "m" ]; then diff -Nur linux-2.4.18/crypto/Config.help linux-int-2.4.18/crypto/Config.help --- linux-2.4.18/crypto/Config.help Thu Jan 1 01:00:00 1970 +++ linux-int-2.4.18/crypto/Config.help Wed Apr 3 17:28:57 2002 @@ -0,0 +1,113 @@ +Cryptographic API +CONFIG_CRYPTO + If you answer yes to this option, the cryptographic kernel API + framework will be enabled, and you'll be presented with additional + questions about cryptographic algorithms and kernel components + making use of the cryptographic API. + + See also + + The latest version of this component can be found at + + + If you don't need cryptographic extensions, say N. + +Generic cryptogrpahic filter for loop device driver +CONFIG_CRYPTOLOOP + If you answer yes to this option, the loop driver will be able to + use all cryptographic ciphers selected below. + + This loop filter will use the ciphers in CBC-mode which is more + secure than ECB-mode. This module will also initialize the CBC-mode + of the cipher with the block-number of the block being encrypted. + + Make sure you have patched your loop driver otherwise this filter + won't compile. See for + more information. + + *WARNING* Due to the broken IV metric in the 2.4.x kernel series, + this filter is not compatible with the on-disc format of encrypted + volumes encrypted up to version 2.4.3 of the international patch! + You will have to convert your "old" encrypted volumes to the new IV + metric. + +Crypto ciphers +CONFIG_CIPHERS + Ciphers basically help us scramble data so that other people don't + get access to it. Useful applications for this include hiding hard + drive contents or network traffic from unauthorized eyes. Compare a + file encrypted with a cipher with very good safe: The document is in + it, you can carry the document with you (if the safe is not too + heavy), but others can steal it, too. However, they will not be able + to read the document if the safe is any good. + + Mathematically speaking, a cipher is a parameter-dependant function + E(K, ) that takes a fixed-length block M (usually 64 or 128 bits) + and maps it onto another (usually equal-sized) block C=E(K,M) in such + a way that, without knowledge of the "key" K, it is hard to compute + + 1. M, if C and the function E are given, + + 2. C, if M is given and the function E is known. + + M is called the 'plaintext' and C the 'ciphertext'. The above + properties are commonly described as "All the security of the cipher + lies in its key". However, there always exists the inverse function + D(K, ) of E(K, ) such that D(K,E(K,M))=M for any M. The ideal + cipher is one where it is impossible to compute M if you have C, but + not K. In this case, the easiest way to break the cipher is to use + 'brute-force', i.e. try all K in turn until you hit the right + one. With most ciphers in this library, K is a 128-bit number. Here, + brute-force attacks are infeasible since they require testing all + 2^128 possible keys K, which would take far too long on any + conceivable computer (some big multiple of the age of the universe + for example). + + Unfortunately, the ideal cipher has not been found yet, so most + ciphers in this library, or certain 'reduced-round' versions + thereof, can be broken faster than brute-force. A cipher is secure, + if it cannot be broken _much_ faster than brute-force and + brute-force is infeasible. + + If you say 'Y' or 'M' here, you are able to select a variety of + ciphers for the Cipher-API. Ciphers you select below can then be + used by cryptographic kernel modules. If you say 'N' here, those + modules will use their own implementations or even not work at all. + + If unsure, say 'N'. + +Digest algorithms +CONFIG_DIGESTS + A message digest (or 'one-way function' or 'hash') is a function H + that maps an arbitrary-length message M onto a 128-bit or 160-bit + number h=H(M) such that the following conditions are satisfied: + + 1. For a given M, it is easy to compute h=H(M). + + 2. For a given h, it is hard to find M such that h=H(M). + + 3. For a given M, it is hard to find another message M' such that + H(M')=H(M). + + 4. It is hard to find M, M' such that H(M)=H(M'). + + This makes the name 'one-way function' plausible. Hashes are widely + used by cryptographic programs. E.g. the Linux kernel uses a hash to + generate random numbers. + +# Marc Mutz : this will be the help text, once this +# functionality is in place: +# If you say 'Y' here and select the SHA-1 message digest below, +# then the drivers for /dev/random and /dev/urandom will use the +# digest api instead of their own implementation. This will not work +# if you build as modules. +# + If you say 'Y' or 'M' here, cryptographic modules are able to use + the Digest-API if they need a hash function. If you say 'N' here, + they will use their own implementations (which will probably + increase the size of the compiled kernel if there are more than one + such modules). + + If unsure, say 'N'. + +#EOF \ No newline at end of file diff -Nur linux-2.4.18/crypto/Config.in linux-int-2.4.18/crypto/Config.in --- linux-2.4.18/crypto/Config.in Thu Jan 1 01:00:00 1970 +++ linux-int-2.4.18/crypto/Config.in Wed Apr 3 17:28:57 2002 @@ -0,0 +1,18 @@ +# cryptoapi/kernel/crypto/Config.in + +mainmenu_option next_comment +comment 'Cryptography support (CryptoAPI)' + +tristate 'CryptoAPI support' CONFIG_CRYPTO + +dep_tristate 'Crypto Ciphers' CONFIG_CIPHERS $CONFIG_CRYPTO +source crypto/ciphers/Config.in + +dep_tristate 'Digest Algorithms' CONFIG_DIGESTS $CONFIG_CRYPTO +source crypto/digests/Config.in + +dep_tristate 'Crypto Devices' CONFIG_CRYPTODEV $CONFIG_CRYPTO $CONFIG_BLK_DEV_LOOP +source crypto/cryptoloop/Config.in + +endmenu + diff -Nur linux-2.4.18/crypto/Makefile linux-int-2.4.18/crypto/Makefile --- linux-2.4.18/crypto/Makefile Thu Jan 1 01:00:00 1970 +++ linux-int-2.4.18/crypto/Makefile Wed Apr 3 17:28:57 2002 @@ -0,0 +1,19 @@ +# +# Makefile for the Linux kernel crypto library. +# +# 1 Dec 2001, Herbert Valerio Riedel +# + +O_TARGET := crypto.o + +export-objs = cryptoapi.o + +obj-$(CONFIG_CRYPTO) += cryptoapi.o + +subdir-$(CONFIG_CRYPTOLOOP) += cryptoloop +subdir-$(CONFIG_CIPHERS) += ciphers +subdir-$(CONFIG_DIGESTS) += digests + +obj-y += $(join $(subdir-y),$(subdir-y:%=/%.o)) + +include $(TOPDIR)/Rules.make diff -Nur linux-2.4.18/crypto/ciphers/Config.help linux-int-2.4.18/crypto/ciphers/Config.help --- linux-2.4.18/crypto/ciphers/Config.help Thu Jan 1 01:00:00 1970 +++ linux-int-2.4.18/crypto/ciphers/Config.help Wed Apr 3 17:28:57 2002 @@ -0,0 +1,234 @@ +# David Bryson Wed, Mar 20, 2002 +# Config.help descriptions for CryptoAPI cipher functions + +AES (aka Rijndael) cipher +CONFIG_CIPHER_AES + If you answer yes to this option, the Rijndael cipher will be + compiled into your kernel. Rijndael was submitted to the AES(Advanced + Encryption Standard) cipher competition and won, becoming the AES sta- + ndard. It supports key sizes of 128, 192, and 256 bits which executes + 10, 12, and 14 rounds respectively. + This cipher is freely available for anyone to use. And the CryptoAPI + implementation is under a BSD-style license of unrestricted, free use. + + See also + + This driver is also available as a module ( = code which can be + inserted in and removed from the running kernel whenever you want). + The module will be called cipher-aes.o. If you want to compile it as a + module, say M here and read . + +Twofish cipher +CONFIG_CIPHER_TWOFISH + If you answer yes to this option, the Twofish cipher will be compiled + into your kernel. Twofish was submitted as an AES(Advanced Encryption + Standard) candidate cipher by researchers at CounterPane Systems. It + is a 16 round block cipher supporting key sizes of 128, 192, and 256 + bits. + Twofish is unpatented and is free to use. The CryptoAPI + implementation is release to public domain. + + See also + + This driver is also available as a module ( = code which can be + inserted in and removed from the running kernel whenever you want). + The module will be called cipher-twofish.o. If you want to compile it + as a module, say M here and read . + +MARS cipher +CONFIG_CIPHER_MARS + If you answer yes to this option, the MARS cipher will be compiled + into your kernel. MARS was submitted as an AES(Advanced Encryption + Standard) candidate cipher by researchers at IBM. It is a variable + key size 32 round cipher, although only 128, 192, and 256 bits are + supported. + The MARS algorithm is owned under patent by IBM, but they have a royal- + ty free license for it. The CryptoAPI impelementation is free for use + by all. + + See also + and + + This driver is also available as a module ( = code which can be + inserted in and removed from the running kernel whenever you want). + The module will be called cipher-mars.o. If you want to compile it as + a module, say M here and read . + +# Finish description here, xpdf doesn't render this correctly +RC6 cipher +CONFIG_CIPHER_RC6 + If you answer yes to this option, the RC6(Rivest Cipher 6) cipher will + be compiled into your kernel. RC6 was submitted as an AES(Advanced + Encryption Standard) candidate cipher by researchers at RSA Security. + The RC6 algorithm is owned and patented by RSA Security. +# find accurate licensing info + + See also + + This driver is also available as a module ( = code which can be + inserted in and removed from the running kernel whenever you want). + The module will be called cipher-rc6.o. If you want to compile it as a + module, say M here and read . + +Serpent cipher +CONFIG_CIPHER_SERPENT + If you answer yes to this option, the Serpent cipher will be compiled + into your kernel. Serpent was submitted as an AES(Advanced Encryption + Standard) candidate cipher ranking second to rijndael. It is a 32 rou- + nd cipher with 128, 192, and 256 bit key sizes. + Serpent is released under the public domain for use by anyone. The + CryptoAPI implementation is released under the GPL. + + See also + + This driver is also available as a module ( = code which can be + inserted in and removed from the running kernel whenever you want). + The module will be called cipher-serpent.o. If you want to compile it + as a module, say M here and read . + +DFC cipher +CONFIG_CIPHER_DFC + If you answer yes to this option the DFC(Decorrolated Fast Cipher) + will be compiled into your kernel. DFC was submitted as an AES(Advan- + ced Encryption Standard) candidate cipher with 8 rounds and a key size + of 128, 192, and 256 bits. + DFC is currently owned under patent WO9820643 in the French National + Institute for Industrial Property. The CryptoAPI implementation is + released under the same restrictions as the DFC cipher is. +# find more info about the license, info is hard to find :-( + + See also + + This driver is also available as a module ( = code which can be + inserted in and removed from the running kernel whenever you want). + The module will be called cipher-dfc.o. If you want to compile it as a + module, say M here and read . + +# find documentation finish brief +CAST5 cipher +CONFIG_CIPHER_CAST5 + If you answer yes to this option the CAST5 cipher will be compiled + into your kernel. CAST was designed by Carlisle Adams and Stafford Ta- + vares, CAST5 is a version of the original CAST cipher modified for 128- + bit block size. + CAST5 is availiable royalty free for commercial and non-commercial use. + The CryptoAPI implementation is released under the GPL. + + See also + + This driver is also available as a module ( = code which can be + inserted in and removed from the running kernel whenever you want). + The module will be called cipher-cast5.o. If you want to compile it as + a module, say M here and read . + +DES cipher +CONFIG_CIPHER_DES + If you answer yes to this option the DES(Data Encryption Standard) + cipher will be compiled into your kernel. This cipher was designed + by IBM and the NSA based on the Lucifer cipher designed by IBM. + It supports a 56-bit key size and is a 16 round cipher. + It should be noted that DES has a keylength of only 56 bits, which + is insufficient to provide real security today. + The DES algorithm has no restrictions on its use. The CryptoAPI impl- + ementation of DES is released under the GPL. + + See also + + This driver is also available as a module ( = code which can be + inserted in and removed from the running kernel whenever you want). + The module will be called cipher-des.o. If you want to compile it as a + module, say M here and read . + +# find a good 3des link, or just repeat the DES rfc +3DES cipher +CONFIG_CIPHER_DES_EDE3 + If you answer yes to this option the 3DES cipher will be compiled into + your kernel. This cipher is a modification of the DES algorithm which + increases the effective keysize to 112-bits. Instead of using one 56- + bit key(DES) you can use either 2 or 3 56-bit keys. + If E(K) is the original DES algorithm then 3DES is: + E(K1)->D(K2)->E(K3) + or with 2 keys + E(K1)->D(K2)->E(K1) + Where K1 != K2 != K3 or K1 != K2. 3DES is 3x slower than DES. + If K1 = K2 = K3 this breaks down to normal DES with 3x the runtime. + The CryptoAPI implementation of 3DES is released under the GPL. + + See also + + This driver is also available as a module ( = code which can be + inserted in and removed from the running kernel whenever you want). + The module will be called cipher-des_ede3.o. If you want to compile it + as a module, say M here and read . + +IDEA cipher +CONFIG_CIPHER_IDEA + If you answer yes to this option the IDEA(International Data Encrypt- + ion Algorithm) cipher will be compiled into your kernel. This cipher + is unlike most other symmetric ciphers in that it does not use any + type of S-box for data obscuring. It is an 8 round algorithm support- + ing a 128-bit key size. + IDEA is patented in Switzerland, Europe, and the United States. It is + free for any non-commercial use. + + See also + + This driver is also available as a module ( = code which can be + inserted in and removed from the running kernel whenever you want). + The module will be called cipher-idea.o. If you want to compile it as a + module, say M here and read . + +Blowfish cipher +CONFIG_CIPHER_BLOWFISH + If you answer yes to this option the Blowfish cipher will be compiled + into your kernel. Blowfish was designed by Bruce Schneier as a free + replacement for DES and IDEA. It is a 16 round cipher supporting 128, + 160, 192, 256 key sizes. + The CryptoAPI implementation of Blowfish is released under the GPL. + + See also + + This driver is also available as a module ( = code which can be + inserted in and removed from the running kernel whenever you want). + The module will be called cipher-blowfish.o. If you want to compile it + as a module, say M here and read . + +RC5 cipher +CONFIG_CIPHER_RC5 + If you answer yes to this option the RC5 cipher will be compiled into + your kernel. RC5 was designed Ronald Rivest as a drop in replacement + for DES. It is a 16 round cipher supporting 128, 192, and 256 bit key + sizes. + RC5 is patented and owned by RSA Security. The CryptoAPI implementation + is free for all to use. + + See also + + This driver is also available as a module ( = code which can be + inserted in and removed from the running kernel whenever you want). + The module will be called cipher-rc5.o. If you want to compile it as a + module, say M here and read . + +Old (mutated-endianess) Blowfish cipher +CONFIG_CIPHER_BLOWFISH_OLD + If you answer yes to this option the Blowfish(old) cipher will be comp- + iled into your kernel. This is an older CryptoAPI implementation of + Blowfish that only works on little-endian systems. It is left for bac- + kward compatability and will be removed in the near future. + + This driver is also available as a module ( = code which can be + inserted in and removed from the running kernel whenever you want). + The module will be called cipher-blowfish_old.o. If you want to + compile it as a module, say M here and read + . + +DUMMY cipher +CONFIG_CIPHER_DUMMY + If you answer yes to this option the DUMMY cipher will be compiled into + your kernel. This is a template for a new cipher to be implemented. + It currently does no encryption. + + This driver is also available as a module ( = code which can be + inserted in and removed from the running kernel whenever you want). + The module will be called cipher-dummy.o. If you want to compile it as + a module, say M here and read . diff -Nur linux-2.4.18/crypto/ciphers/Config.in linux-int-2.4.18/crypto/ciphers/Config.in --- linux-2.4.18/crypto/ciphers/Config.in Thu Jan 1 01:00:00 1970 +++ linux-int-2.4.18/crypto/ciphers/Config.in Wed Apr 3 17:28:57 2002 @@ -0,0 +1,22 @@ +# cryptoapi/kernel/crypto/ciphers/Config.in + +if [ "$CONFIG_CIPHERS" != "n" ]; then + comment '128 bit blocksize' + dep_tristate ' AES (aka Rijndael) cipher' CONFIG_CIPHER_AES $CONFIG_CIPHERS + dep_tristate ' Twofish cipher' CONFIG_CIPHER_TWOFISH $CONFIG_CIPHERS + dep_tristate ' MARS cipher' CONFIG_CIPHER_MARS $CONFIG_CIPHERS + dep_tristate ' RC6 cipher' CONFIG_CIPHER_RC6 $CONFIG_CIPHERS + dep_tristate ' Serpent cipher' CONFIG_CIPHER_SERPENT $CONFIG_CIPHERS + dep_tristate ' DFC cipher' CONFIG_CIPHER_DFC $CONFIG_CIPHERS + comment '64 bit blocksize' + dep_tristate ' CAST5 cipher' CONFIG_CIPHER_CAST5 $CONFIG_CIPHERS + dep_tristate ' DES cipher' CONFIG_CIPHER_DES $CONFIG_CIPHERS + dep_tristate ' 3DES cipher' CONFIG_CIPHER_DES_EDE3 $CONFIG_CIPHERS + dep_tristate ' IDEA cipher' CONFIG_CIPHER_IDEA $CONFIG_CIPHERS + dep_tristate ' Blowfish cipher' CONFIG_CIPHER_BLOWFISH $CONFIG_CIPHERS + dep_tristate ' RC5 cipher' CONFIG_CIPHER_RC5 $CONFIG_CIPHERS + comment 'Deprecated' + dep_tristate ' Old (mutated-endianess) Blowfish cipher (DEPRECATED)' CONFIG_CIPHER_BLOWFISH_OLD $CONFIG_CIPHERS + dep_tristate ' DUMMY cipher (DEPRECATED)' CONFIG_CIPHER_DUMMY $CONFIG_CIPHERS +fi + diff -Nur linux-2.4.18/crypto/ciphers/Makefile linux-int-2.4.18/crypto/ciphers/Makefile --- linux-2.4.18/crypto/ciphers/Makefile Thu Jan 1 01:00:00 1970 +++ linux-int-2.4.18/crypto/ciphers/Makefile Wed Apr 3 17:28:57 2002 @@ -0,0 +1,18 @@ +O_TARGET := ciphers.o + +obj-$(CONFIG_CIPHER_AES) += cipher-aes.o +obj-$(CONFIG_CIPHER_BLOWFISH) += cipher-blowfish.o +obj-$(CONFIG_CIPHER_BLOWFISH_OLD) += cipher-blowfish_old.o +obj-$(CONFIG_CIPHER_CAST5) += cipher-cast5.o +obj-$(CONFIG_CIPHER_DES) += cipher-des.o +obj-$(CONFIG_CIPHER_DES_EDE3) += cipher-des_ede3.o +obj-$(CONFIG_CIPHER_DUMMY) += cipher-dummy.o +obj-$(CONFIG_CIPHER_DFC) += cipher-dfc.o +obj-$(CONFIG_CIPHER_IDEA) += cipher-idea.o +obj-$(CONFIG_CIPHER_MARS) += cipher-mars.o +obj-$(CONFIG_CIPHER_RC5) += cipher-rc5.o +obj-$(CONFIG_CIPHER_RC6) += cipher-rc6.o +obj-$(CONFIG_CIPHER_SERPENT) += cipher-serpent.o +obj-$(CONFIG_CIPHER_TWOFISH) += cipher-twofish.o + +include $(TOPDIR)/Rules.make diff -Nur linux-2.4.18/crypto/ciphers/cipher-aes.c linux-int-2.4.18/crypto/ciphers/cipher-aes.c --- linux-2.4.18/crypto/ciphers/cipher-aes.c Thu Jan 1 01:00:00 1970 +++ linux-int-2.4.18/crypto/ciphers/cipher-aes.c Wed Apr 3 17:28:57 2002 @@ -0,0 +1,415 @@ +/* NOTE: This implementation has been changed from the original + source. See ChangeLog for more information. + Maintained by Alexander Kjeldaas + */ + +/* + Copyright in this code is held by Dr B.R. Gladman but free direct or + derivative use is permitted subject to acknowledgement of its origin + and subject to any constraints placed on the use of the algorithm by + its designers (if such constraints may exist, this will be indicated + below). + + Dr. B. R. Gladman (brian.gladman@btinternet.com). 25th January 2000. + + This is an implementation of Rijndael, an encryption algorithm designed + by Daemen and Rijmen and submitted as a candidate algorithm for the + Advanced Encryption Standard programme of the US National Institute of + Standards and Technology. + + The designers of Rijndael have not placed any constraints on the use of + this algorithm. +*/ + +/* Some changes from the Gladman version: + s/RIJNDAEL(e_key)/E_KEY/g + s/RIJNDAEL(d_key)/D_KEY/g +*/ + +#include +#include +#include +#include +#include +#include + +#define rotl generic_rotl32 +#define rotr generic_rotr32 + +/* + * #define byte(x, nr) ((unsigned char)((x) >> (nr*8))) + */ +inline static u8 +byte(const u32 x, const unsigned n) +{ + return x >> (n << 3); +} + +#define u32_in(x) le32_to_cpu(*(const u32 *)(x)) +#define u32_out(to, from) (*(u32 *)(to) = cpu_to_le32(from)) + +typedef struct { + u32 E[60]; + u32 D[60]; +} aes_key_t; + +#define E_KEY ctx->E +#define D_KEY ctx->D + +static u8 pow_tab[256]; +static u8 log_tab[256]; +static u8 sbx_tab[256]; +static u8 isb_tab[256]; +static u32 rco_tab[10]; +static u32 ft_tab[4][256]; +static u32 it_tab[4][256]; + +static u32 fl_tab[4][256]; +static u32 il_tab[4][256]; + +static inline u8 +f_mult (u8 a, u8 b) +{ + u8 aa = log_tab[a], cc = aa + log_tab[b]; + + return pow_tab[cc + (cc < aa ? 1 : 0)]; +} + +#define ff_mult(a,b) (a && b ? f_mult(a, b) : 0) + +#define f_rn(bo, bi, n, k) \ + bo[n] = ft_tab[0][byte(bi[n],0)] ^ \ + ft_tab[1][byte(bi[(n + 1) & 3],1)] ^ \ + ft_tab[2][byte(bi[(n + 2) & 3],2)] ^ \ + ft_tab[3][byte(bi[(n + 3) & 3],3)] ^ *(k + n) + +#define i_rn(bo, bi, n, k) \ + bo[n] = it_tab[0][byte(bi[n],0)] ^ \ + it_tab[1][byte(bi[(n + 3) & 3],1)] ^ \ + it_tab[2][byte(bi[(n + 2) & 3],2)] ^ \ + it_tab[3][byte(bi[(n + 1) & 3],3)] ^ *(k + n) + +#define ls_box(x) \ + ( fl_tab[0][byte(x, 0)] ^ \ + fl_tab[1][byte(x, 1)] ^ \ + fl_tab[2][byte(x, 2)] ^ \ + fl_tab[3][byte(x, 3)] ) + +#define f_rl(bo, bi, n, k) \ + bo[n] = fl_tab[0][byte(bi[n],0)] ^ \ + fl_tab[1][byte(bi[(n + 1) & 3],1)] ^ \ + fl_tab[2][byte(bi[(n + 2) & 3],2)] ^ \ + fl_tab[3][byte(bi[(n + 3) & 3],3)] ^ *(k + n) + +#define i_rl(bo, bi, n, k) \ + bo[n] = il_tab[0][byte(bi[n],0)] ^ \ + il_tab[1][byte(bi[(n + 3) & 3],1)] ^ \ + il_tab[2][byte(bi[(n + 2) & 3],2)] ^ \ + il_tab[3][byte(bi[(n + 1) & 3],3)] ^ *(k + n) + +static inline void +gen_tabs (void) +{ + u32 i, t; + u8 p, q; + + /* log and power tables for GF(2**8) finite field with + 0x011b as modular polynomial - the simplest prmitive + root is 0x03, used here to generate the tables */ + + for (i = 0, p = 1; i < 256; ++i) { + pow_tab[i] = (u8) p; + log_tab[p] = (u8) i; + + p ^= (p << 1) ^ (p & 0x80 ? 0x01b : 0); + } + + log_tab[1] = 0; + + for (i = 0, p = 1; i < 10; ++i) { + rco_tab[i] = p; + + p = (p << 1) ^ (p & 0x80 ? 0x01b : 0); + } + + for (i = 0; i < 256; ++i) { + p = (i ? pow_tab[255 - log_tab[i]] : 0); + q = ((p >> 7) | (p << 1)) ^ ((p >> 6) | (p << 2)); + p ^= 0x63 ^ q ^ ((q >> 6) | (q << 2)); + sbx_tab[i] = p; + isb_tab[p] = (u8) i; + } + + for (i = 0; i < 256; ++i) { + p = sbx_tab[i]; + + t = p; + fl_tab[0][i] = t; + fl_tab[1][i] = rotl (t, 8); + fl_tab[2][i] = rotl (t, 16); + fl_tab[3][i] = rotl (t, 24); + + t = ((u32) ff_mult (2, p)) | + ((u32) p << 8) | + ((u32) p << 16) | ((u32) ff_mult (3, p) << 24); + + ft_tab[0][i] = t; + ft_tab[1][i] = rotl (t, 8); + ft_tab[2][i] = rotl (t, 16); + ft_tab[3][i] = rotl (t, 24); + + p = isb_tab[i]; + + t = p; + il_tab[0][i] = t; + il_tab[1][i] = rotl (t, 8); + il_tab[2][i] = rotl (t, 16); + il_tab[3][i] = rotl (t, 24); + + t = ((u32) ff_mult (14, p)) | + ((u32) ff_mult (9, p) << 8) | + ((u32) ff_mult (13, p) << 16) | + ((u32) ff_mult (11, p) << 24); + + it_tab[0][i] = t; + it_tab[1][i] = rotl (t, 8); + it_tab[2][i] = rotl (t, 16); + it_tab[3][i] = rotl (t, 24); + } +} + +#define star_x(x) (((x) & 0x7f7f7f7f) << 1) ^ ((((x) & 0x80808080) >> 7) * 0x1b) + +#define imix_col(y,x) \ + u = star_x(x); \ + v = star_x(u); \ + w = star_x(v); \ + t = w ^ (x); \ + (y) = u ^ v ^ w; \ + (y) ^= rotr(u ^ t, 8) ^ \ + rotr(v ^ t, 16) ^ \ + rotr(t,24) + +/* initialise the key schedule from the user supplied key */ + +#define loop4(i) \ +{ t = rotr(t, 8); t = ls_box(t) ^ rco_tab[i]; \ + t ^= E_KEY[4 * i]; E_KEY[4 * i + 4] = t; \ + t ^= E_KEY[4 * i + 1]; E_KEY[4 * i + 5] = t; \ + t ^= E_KEY[4 * i + 2]; E_KEY[4 * i + 6] = t; \ + t ^= E_KEY[4 * i + 3]; E_KEY[4 * i + 7] = t; \ +} + +#define loop6(i) \ +{ t = rotr(t, 8); t = ls_box(t) ^ rco_tab[i]; \ + t ^= E_KEY[6 * i]; E_KEY[6 * i + 6] = t; \ + t ^= E_KEY[6 * i + 1]; E_KEY[6 * i + 7] = t; \ + t ^= E_KEY[6 * i + 2]; E_KEY[6 * i + 8] = t; \ + t ^= E_KEY[6 * i + 3]; E_KEY[6 * i + 9] = t; \ + t ^= E_KEY[6 * i + 4]; E_KEY[6 * i + 10] = t; \ + t ^= E_KEY[6 * i + 5]; E_KEY[6 * i + 11] = t; \ +} + +#define loop8(i) \ +{ t = rotr(t, 8); ; t = ls_box(t) ^ rco_tab[i]; \ + t ^= E_KEY[8 * i]; E_KEY[8 * i + 8] = t; \ + t ^= E_KEY[8 * i + 1]; E_KEY[8 * i + 9] = t; \ + t ^= E_KEY[8 * i + 2]; E_KEY[8 * i + 10] = t; \ + t ^= E_KEY[8 * i + 3]; E_KEY[8 * i + 11] = t; \ + t = E_KEY[8 * i + 4] ^ ls_box(t); \ + E_KEY[8 * i + 12] = t; \ + t ^= E_KEY[8 * i + 5]; E_KEY[8 * i + 13] = t; \ + t ^= E_KEY[8 * i + 6]; E_KEY[8 * i + 14] = t; \ + t ^= E_KEY[8 * i + 7]; E_KEY[8 * i + 15] = t; \ +} + +static int +aes_set_key (struct cipher_context *cx, const u8 *in_key, + int key_len, int atomic) +{ + aes_key_t *ctx = (aes_key_t *) cx->keyinfo; + u32 i, t, u, v, w; + u32 k_len; + + if (key_len != 16 && key_len != 24 && key_len != 32) + return -EINVAL; /* unsupported key length */ + + k_len = (key_len * 8 + 31) / 32; + cx->key_length = k_len * 4; + + E_KEY[0] = u32_in (in_key); + E_KEY[1] = u32_in (in_key + 4); + E_KEY[2] = u32_in (in_key + 8); + E_KEY[3] = u32_in (in_key + 12); + + switch (k_len) { + case 4: + t = E_KEY[3]; + for (i = 0; i < 10; ++i) + loop4 (i); + break; + + case 6: + E_KEY[4] = u32_in (in_key + 16); + t = E_KEY[5] = u32_in (in_key + 20); + for (i = 0; i < 8; ++i) + loop6 (i); + break; + + case 8: + E_KEY[4] = u32_in (in_key + 16); + E_KEY[5] = u32_in (in_key + 20); + E_KEY[6] = u32_in (in_key + 24); + t = E_KEY[7] = u32_in (in_key + 28); + for (i = 0; i < 7; ++i) + loop8 (i); + break; + } + + D_KEY[0] = E_KEY[0]; + D_KEY[1] = E_KEY[1]; + D_KEY[2] = E_KEY[2]; + D_KEY[3] = E_KEY[3]; + + for (i = 4; i < 4 * k_len + 24; ++i) { + imix_col (D_KEY[i], E_KEY[i]); + } + + return 0; +} + +/* encrypt a block of text */ + +#define f_nround(bo, bi, k) \ + f_rn(bo, bi, 0, k); \ + f_rn(bo, bi, 1, k); \ + f_rn(bo, bi, 2, k); \ + f_rn(bo, bi, 3, k); \ + k += 4 + +#define f_lround(bo, bi, k) \ + f_rl(bo, bi, 0, k); \ + f_rl(bo, bi, 1, k); \ + f_rl(bo, bi, 2, k); \ + f_rl(bo, bi, 3, k) + +static int +aes_encrypt (struct cipher_context *cx, + const u8 *in, u8 *out, int size, int atomic) +{ + const aes_key_t *ctx = (aes_key_t *) cx->keyinfo; + u32 b0[4], b1[4]; + const u32 *kp = E_KEY + 4; + const u32 k_len = cx->key_length >> 2; + + if (size != 16) + return 1; + + b0[0] = u32_in (in) ^ E_KEY[0]; + b0[1] = u32_in (in + 4) ^ E_KEY[1]; + b0[2] = u32_in (in + 8) ^ E_KEY[2]; + b0[3] = u32_in (in + 12) ^ E_KEY[3]; + + if (k_len > 6) { + f_nround (b1, b0, kp); + f_nround (b0, b1, kp); + } + + if (k_len > 4) { + f_nround (b1, b0, kp); + f_nround (b0, b1, kp); + } + + f_nround (b1, b0, kp); + f_nround (b0, b1, kp); + f_nround (b1, b0, kp); + f_nround (b0, b1, kp); + f_nround (b1, b0, kp); + f_nround (b0, b1, kp); + f_nround (b1, b0, kp); + f_nround (b0, b1, kp); + f_nround (b1, b0, kp); + f_lround (b0, b1, kp); + + u32_out (out, b0[0]); + u32_out (out + 4, b0[1]); + u32_out (out + 8, b0[2]); + u32_out (out + 12, b0[3]); + + return 0; +} + +/* decrypt a block of text */ + +#define i_nround(bo, bi, k) \ + i_rn(bo, bi, 0, k); \ + i_rn(bo, bi, 1, k); \ + i_rn(bo, bi, 2, k); \ + i_rn(bo, bi, 3, k); \ + k -= 4 + +#define i_lround(bo, bi, k) \ + i_rl(bo, bi, 0, k); \ + i_rl(bo, bi, 1, k); \ + i_rl(bo, bi, 2, k); \ + i_rl(bo, bi, 3, k) + +static int +aes_decrypt (struct cipher_context *cx, + const u8 *in, u8 *out, int size, int atomic) +{ + const aes_key_t *ctx = (aes_key_t *) cx->keyinfo; + u32 b0[4], b1[4]; + const u32 k_len = cx->key_length >> 2; + const u32 *kp = D_KEY + 4 * (k_len + 5); + + if (size != 16) + return 1; + + b0[0] = u32_in (in) ^ E_KEY[4 * k_len + 24]; + b0[1] = u32_in (in + 4) ^ E_KEY[4 * k_len + 25]; + b0[2] = u32_in (in + 8) ^ E_KEY[4 * k_len + 26]; + b0[3] = u32_in (in + 12) ^ E_KEY[4 * k_len + 27]; + + if (k_len > 6) { + i_nround (b1, b0, kp); + i_nround (b0, b1, kp); + } + + if (k_len > 4) { + i_nround (b1, b0, kp); + i_nround (b0, b1, kp); + } + + i_nround (b1, b0, kp); + i_nround (b0, b1, kp); + i_nround (b1, b0, kp); + i_nround (b0, b1, kp); + i_nround (b1, b0, kp); + i_nround (b0, b1, kp); + i_nround (b1, b0, kp); + i_nround (b0, b1, kp); + i_nround (b1, b0, kp); + i_lround (b0, b1, kp); + + u32_out (out, b0[0]); + u32_out (out + 4, b0[1]); + u32_out (out + 8, b0[2]); + u32_out (out + 12, b0[3]); + + return 0; +} + + +#define CIPHER_ID aes +#define CIPHER_BLOCKSIZE 128 +#define CIPHER_KEY_SIZE_MASK CIPHER_KEYSIZE_128 | CIPHER_KEYSIZE_192 | CIPHER_KEYSIZE_256 +#define CIPHER_KEY_SCHEDULE_SIZE sizeof (aes_key_t) + +#define CIPHER_PRE_INIT_HOOK gen_tabs(); + +#include "gen-cipher.h" + +EXPORT_NO_SYMBOLS; + +/* eof */ diff -Nur linux-2.4.18/crypto/ciphers/cipher-blowfish.c linux-int-2.4.18/crypto/ciphers/cipher-blowfish.c --- linux-2.4.18/crypto/ciphers/cipher-blowfish.c Thu Jan 1 01:00:00 1970 +++ linux-int-2.4.18/crypto/ciphers/cipher-blowfish.c Wed Apr 3 17:28:57 2002 @@ -0,0 +1,484 @@ +/* + * blowfish cipher + */ + +#include +#include +#include +#include +#include + +#ifdef MODULE_LICENSE +MODULE_LICENSE("GPL"); +#endif + +const static u32 bf_pbox[16 + 2] = { + 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, + 0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89, + 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c, + 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, + 0x9216d5d9, 0x8979fb1b, +}; + +const static u32 bf_sbox[256 * 4] = { + 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, + 0xb8e1afed, 0x6a267e96, 0xba7c9045, 0xf12c7f99, + 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16, + 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, + 0x0d95748f, 0x728eb658, 0x718bcd58, 0x82154aee, + 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013, + 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, + 0x8e79dcb0, 0x603a180e, 0x6c9e0e8b, 0xb01e8a3e, + 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60, + 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, + 0x55ca396a, 0x2aab10b6, 0xb4cc5c34, 0x1141e8ce, + 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a, + 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, + 0xafd6ba33, 0x6c24cf5c, 0x7a325381, 0x28958677, + 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193, + 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, + 0xef845d5d, 0xe98575b1, 0xdc262302, 0xeb651b88, + 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239, + 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, + 0x21c66842, 0xf6e96c9a, 0x670c9c61, 0xabd388f0, + 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3, + 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, + 0xa1f1651d, 0x39af0176, 0x66ca593e, 0x82430e88, + 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe, + 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, + 0x4ed3aa62, 0x363f7706, 0x1bfedf72, 0x429b023d, + 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b, + 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, + 0xe3fe501a, 0xb6794c3b, 0x976ce0bd, 0x04c006ba, + 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463, + 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, + 0x6dfc511f, 0x9b30952c, 0xcc814544, 0xaf5ebd09, + 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3, + 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, + 0x5579c0bd, 0x1a60320a, 0xd6a100c6, 0x402c7279, + 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8, + 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, + 0x323db5fa, 0xfd238760, 0x53317b48, 0x3e00df82, + 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db, + 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, + 0x695b27b0, 0xbbca58c8, 0xe1ffa35d, 0xb8f011a0, + 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b, + 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, + 0xe1ddf2da, 0xa4cb7e33, 0x62fb1341, 0xcee4c6e8, + 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4, + 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, + 0xd08ed1d0, 0xafc725e0, 0x8e3c5b2f, 0x8e7594b7, + 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c, + 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, + 0x2f2f2218, 0xbe0e1777, 0xea752dfe, 0x8b021fa1, + 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299, + 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, + 0x165fa266, 0x80957705, 0x93cc7314, 0x211a1477, + 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf, + 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, + 0x00250e2d, 0x2071b35e, 0x226800bb, 0x57b8e0af, + 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa, + 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, + 0x83260376, 0x6295cfa9, 0x11c81968, 0x4e734a41, + 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915, + 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, + 0x08ba6fb5, 0x571be91f, 0xf296ec6b, 0x2a0dd915, + 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664, + 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a, + 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, + 0xad6ea6b0, 0x49a7df7d, 0x9cee60b8, 0x8fedb266, + 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1, + 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, + 0x3f54989a, 0x5b429d65, 0x6b8fe4d6, 0x99f73fd6, + 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1, + 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, + 0x09686b3f, 0x3ebaefc9, 0x3c971814, 0x6b6a70a1, + 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737, + 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, + 0xb03ada37, 0xf0500c0d, 0xf01c1f04, 0x0200b3ff, + 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd, + 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, + 0x3ae5e581, 0x37c2dadc, 0xc8b57634, 0x9af3dda7, + 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41, + 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, + 0x4e548b38, 0x4f6db908, 0x6f420d03, 0xf60a04bf, + 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af, + 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, + 0x5512721f, 0x2e6b7124, 0x501adde6, 0x9f84cd87, + 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c, + 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, + 0xef1c1847, 0x3215d908, 0xdd433b37, 0x24c2ba16, + 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd, + 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, + 0x043556f1, 0xd7a3c76b, 0x3c11183b, 0x5924a509, + 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e, + 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, + 0x771fe71c, 0x4e3d06fa, 0x2965dcb9, 0x99e71d0f, + 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a, + 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, + 0xf2f74ea7, 0x361d2b3d, 0x1939260f, 0x19c27960, + 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66, + 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, + 0xc332ddef, 0xbe6c5aa5, 0x65582185, 0x68ab9802, + 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84, + 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, + 0x13cca830, 0xeb61bd96, 0x0334fe1e, 0xaa0363cf, + 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14, + 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, + 0x648b1eaf, 0x19bdf0ca, 0xa02369b9, 0x655abb50, + 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7, + 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, + 0xf837889a, 0x97e32d77, 0x11ed935f, 0x16681281, + 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99, + 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, + 0xcdb30aeb, 0x532e3054, 0x8fd948e4, 0x6dbc3128, + 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73, + 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, + 0x45eee2b6, 0xa3aaabea, 0xdb6c4f15, 0xfacb4fd0, + 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105, + 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, + 0xcf62a1f2, 0x5b8d2646, 0xfc8883a0, 0xc1c7b6a3, + 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285, + 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, + 0x58428d2a, 0x0c55f5ea, 0x1dadf43e, 0x233f7061, + 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb, + 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, + 0xa6078084, 0x19f8509e, 0xe8efd855, 0x61d99735, + 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc, + 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, + 0xdb73dbd3, 0x105588cd, 0x675fda79, 0xe3674340, + 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20, + 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7, + 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, + 0x411520f7, 0x7602d4f7, 0xbcf46b2e, 0xd4a20068, + 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af, + 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, + 0x4d95fc1d, 0x96b591af, 0x70f4ddd3, 0x66a02f45, + 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504, + 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, + 0x28507825, 0x530429f4, 0x0a2c86da, 0xe9b66dfb, + 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee, + 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, + 0xaace1e7c, 0xd3375fec, 0xce78a399, 0x406b2a42, + 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b, + 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, + 0x3a6efa74, 0xdd5b4332, 0x6841e7f7, 0xca7820fb, + 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527, + 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, + 0x55a867bc, 0xa1159a58, 0xcca92963, 0x99e1db33, + 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c, + 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, + 0x95c11548, 0xe4c66d22, 0x48c1133f, 0xc70f86dc, + 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17, + 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, + 0x257b7834, 0x602a9c60, 0xdff8e8a3, 0x1f636c1b, + 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115, + 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, + 0x85b2a20e, 0xe6ba0d99, 0xde720c8c, 0x2da2f728, + 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0, + 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, + 0x0a476341, 0x992eff74, 0x3a6f6eab, 0xf4f8fd37, + 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d, + 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, + 0xf1290dc7, 0xcc00ffa3, 0xb5390f92, 0x690fed0b, + 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3, + 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, + 0x37392eb3, 0xcc115979, 0x8026e297, 0xf42e312d, + 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c, + 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, + 0x1a6b1018, 0x11caedfa, 0x3d25bdd8, 0xe2e1c3c9, + 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a, + 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, + 0x9dbc8057, 0xf0f7c086, 0x60787bf8, 0x6003604d, + 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc, + 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, + 0x77a057be, 0xbde8ae24, 0x55464299, 0xbf582e61, + 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2, + 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, + 0x7aeb2661, 0x8b1ddf84, 0x846a0e79, 0x915f95e2, + 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c, + 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, + 0xb77f19b6, 0xe0a9dc09, 0x662d09a1, 0xc4324633, + 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10, + 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, + 0xdcb7da83, 0x573906fe, 0xa1e2ce9b, 0x4fcd7f52, + 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027, + 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, + 0xf0177a28, 0xc0f586e0, 0x006058aa, 0x30dc7d62, + 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634, + 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, + 0x6f05e409, 0x4b7c0188, 0x39720a3d, 0x7c927c24, + 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc, + 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, + 0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c, + 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837, + 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0, + 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, + 0x5cb0679e, 0x4fa33742, 0xd3822740, 0x99bc9bbe, + 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b, + 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, + 0x5748ab2f, 0xbc946e79, 0xc6a376d2, 0x6549c2c8, + 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6, + 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, + 0xa1fad5f0, 0x6a2d519a, 0x63ef8ce2, 0x9a86ee22, + 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4, + 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, + 0x2826a2f9, 0xa73a3ae1, 0x4ba99586, 0xef5562e9, + 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59, + 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, + 0xe990fd5a, 0x9e34d797, 0x2cf0b7d9, 0x022b8b51, + 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28, + 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, + 0xe029ac71, 0xe019a5e6, 0x47b0acfd, 0xed93fa9b, + 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28, + 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, + 0x15056dd4, 0x88f46dba, 0x03a16125, 0x0564f0bd, + 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a, + 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, + 0x7533d928, 0xb155fdf5, 0x03563482, 0x8aba3cbb, + 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f, + 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, + 0xea7a90c2, 0xfb3e7bce, 0x5121ce64, 0x774fbe32, + 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680, + 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, + 0xb39a460a, 0x6445c0dd, 0x586cdecf, 0x1c20c8ae, + 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb, + 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, + 0x72eacea8, 0xfa6484bb, 0x8d6612ae, 0xbf3c6f47, + 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370, + 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, + 0x4040cb08, 0x4eb4e2cc, 0x34d2466a, 0x0115af84, + 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048, + 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, + 0x611560b1, 0xe7933fdc, 0xbb3a792b, 0x344525bd, + 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9, + 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, + 0x1a908749, 0xd44fbd9a, 0xd0dadecb, 0xd50ada38, + 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f, + 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, + 0xbf97222c, 0x15e6fc2a, 0x0f91fc71, 0x9b941525, + 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1, + 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, + 0xe0ec6e0e, 0x1698db3b, 0x4c98a0be, 0x3278e964, + 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e, + 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, + 0xdf359f8d, 0x9b992f2e, 0xe60b6f47, 0x0fe3f11d, + 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f, + 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, + 0xf523f357, 0xa6327623, 0x93a83531, 0x56cccd02, + 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc, + 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, + 0xe6c6c7bd, 0x327a140a, 0x45e1d006, 0xc3f27b9a, + 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6, + 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, + 0x53113ec0, 0x1640e3d3, 0x38abbd60, 0x2547adf0, + 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060, + 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, + 0x1948c25c, 0x02fb8a8c, 0x01c36ae4, 0xd6ebe1f9, + 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f, + 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6, +}; + +typedef struct { + u32 P[18]; + u32 S[1024]; +} blowfish_key_t; + +/* + * Round loop unrolling macros, S is a pointer to a S-Box array + * organized in 4 unsigned longs at a row. + */ + +#define GET32_3(x) (((x) & 0xff)) +#define GET32_2(x) (((x) >> (8)) & (0xff)) +#define GET32_1(x) (((x) >> (16)) & (0xff)) +#define GET32_0(x) (((x) >> (24)) & (0xff)) + +#define bf_F(x) (((S[GET32_0(x)] + S[256 + GET32_1(x)]) ^ \ + S[512 + GET32_2(x)]) + S[768 + GET32_3(x)]) + +#define ROUND(a, b, n) b ^= P[n]; a ^= bf_F (b) + +/* + * The blowfish encipher, processes 64-bit blocks. + * NOTE: This function MUSTN'T respect endianess + */ + +inline static void +_blowfish_encrypt_block (const u32 in[2], u32 out[2], const blowfish_key_t *key) +{ + const u32 *P = key->P; + const u32 *S = key->S; + + register u32 yl = in[0]; + register u32 yr = in[1]; + + ROUND (yr, yl, 0); + ROUND (yl, yr, 1); + ROUND (yr, yl, 2); + ROUND (yl, yr, 3); + ROUND (yr, yl, 4); + ROUND (yl, yr, 5); + ROUND (yr, yl, 6); + ROUND (yl, yr, 7); + ROUND (yr, yl, 8); + ROUND (yl, yr, 9); + ROUND (yr, yl, 10); + ROUND (yl, yr, 11); + ROUND (yr, yl, 12); + ROUND (yl, yr, 13); + ROUND (yr, yl, 14); + ROUND (yl, yr, 15); + + /* yl and yr are switched */ + yl ^= P[16]; + yr ^= P[17]; + + out[0] = yr; + out[1] = yl; +} + +static int +blowfish_encrypt (struct cipher_context *cx, + const u8 *in8, u8 *out8, int size, int atomic) +{ + const blowfish_key_t *key = (blowfish_key_t *) cx->keyinfo; + const u32 *in_blk = (const u32 *) in8; + u32 * const out_blk = (u32 *) out8; + u32 _in32[2], _out32[2]; + + if (size != 8) + return 1; + + _in32[0] = be32_to_cpu (in_blk[0]); + _in32[1] = be32_to_cpu (in_blk[1]); + + _blowfish_encrypt_block (_in32, _out32, key); + + out_blk[0] = cpu_to_be32 (_out32[0]); + out_blk[1] = cpu_to_be32 (_out32[1]); + + return 0; +} + +static int +blowfish_decrypt (struct cipher_context *cx, + const u8 *in8, u8 *out8, int size, int atomic) +{ + const blowfish_key_t *key = (blowfish_key_t *) cx->keyinfo; + const u32 *in_blk = (const u32 *) in8; + u32 * const out_blk = (u32 *) out8; + + const u32 *P = key->P; + const u32 *S = key->S; + + if (size != 8) + return 1; + + { + register u32 yl = be32_to_cpu (in_blk[0]); + register u32 yr = be32_to_cpu (in_blk[1]); + + ROUND (yr, yl, 17); + ROUND (yl, yr, 16); + ROUND (yr, yl, 15); + ROUND (yl, yr, 14); + ROUND (yr, yl, 13); + ROUND (yl, yr, 12); + ROUND (yr, yl, 11); + ROUND (yl, yr, 10); + ROUND (yr, yl, 9); + ROUND (yl, yr, 8); + ROUND (yr, yl, 7); + ROUND (yl, yr, 6); + ROUND (yr, yl, 5); + ROUND (yl, yr, 4); + ROUND (yr, yl, 3); + ROUND (yl, yr, 2); + + /* yl and yr are switched */ + yl ^= P[1]; + yr ^= P[0]; + + out_blk[0] = cpu_to_be32 (yr); + out_blk[1] = cpu_to_be32 (yl); + } + return 0; +} + +/* Sets the blowfish S and P boxes for encryption and decryption. */ + +static int +blowfish_set_key (struct cipher_context *cx, + const u8 *key, int key_len, int atomic) +{ + blowfish_key_t *key2 = (blowfish_key_t *) cx->keyinfo; + short i; + short j; + short count; + u32 data[2]; + u32 temp; + u32 *P = key2->P; + u32 *S = key2->S; + + /* Check key length. */ + + if (key_len != 8 + && key_len != 16 && key_len != 20 && key_len != 24 && key_len != 32) + return -EINVAL; /* unsupported key length */ + + /* Copy the initialization s-boxes */ + + for (i = 0, count = 0; i < 256; i++) + for (j = 0; j < 4; j++, count++) + S[count] = bf_sbox[count]; + + /* Set the p-boxes */ + + for (i = 0; i < 16 + 2; i++) + P[i] = bf_pbox[i]; + + /* Actual subkey generation */ + + for (j = 0, i = 0; i < 16 + 2; i++) { + temp = (((u32) key[j] << 24) | + ((u32) key[(j + 1) % key_len] << 16) | + ((u32) key[(j + 2) % key_len] << 8) | + ((u32) key[(j + 3) % key_len])); + + P[i] = P[i] ^ temp; + j = (j + 4) % key_len; + } + + data[0] = 0x00000000; + data[1] = 0x00000000; + + for (i = 0; i < 16 + 2; i += 2) { + _blowfish_encrypt_block (data, data, key2); + + P[i] = data[0]; + P[i + 1] = data[1]; + } + + for (i = 0; i < 4; i++) { + for (j = 0, count = i * 256; j < 256; j += 2, count += 2) { + _blowfish_encrypt_block (data, data, key2); + + S[count] = data[0]; + S[count + 1] = data[1]; + } + } + return 0; +} + +#define CIPHER_ID blowfish +#define CIPHER_BLOCKSIZE 64 +#define CIPHER_KEY_SIZE_MASK CIPHER_KEYSIZE_128 | CIPHER_KEYSIZE_160 | CIPHER_KEYSIZE_192 | CIPHER_KEYSIZE_256 +#define CIPHER_KEY_SCHEDULE_SIZE sizeof (blowfish_key_t) + +#include "gen-cipher.h" + + +EXPORT_NO_SYMBOLS; + +/* eof */ diff -Nur linux-2.4.18/crypto/ciphers/cipher-blowfish_old.c linux-int-2.4.18/crypto/ciphers/cipher-blowfish_old.c --- linux-2.4.18/crypto/ciphers/cipher-blowfish_old.c Thu Jan 1 01:00:00 1970 +++ linux-int-2.4.18/crypto/ciphers/cipher-blowfish_old.c Wed Apr 3 17:28:57 2002 @@ -0,0 +1,522 @@ +#include +#include +#include +#include +#include + +static u32 bf_pbox[16 + 2] = { + 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, + 0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89, + 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c, + 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, + 0x9216d5d9, 0x8979fb1b, +}; + +static u32 bf_sbox[256 * 4] = { + 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, + 0xb8e1afed, 0x6a267e96, 0xba7c9045, 0xf12c7f99, + 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16, + 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, + 0x0d95748f, 0x728eb658, 0x718bcd58, 0x82154aee, + 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013, + 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, + 0x8e79dcb0, 0x603a180e, 0x6c9e0e8b, 0xb01e8a3e, + 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60, + 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, + 0x55ca396a, 0x2aab10b6, 0xb4cc5c34, 0x1141e8ce, + 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a, + 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, + 0xafd6ba33, 0x6c24cf5c, 0x7a325381, 0x28958677, + 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193, + 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, + 0xef845d5d, 0xe98575b1, 0xdc262302, 0xeb651b88, + 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239, + 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, + 0x21c66842, 0xf6e96c9a, 0x670c9c61, 0xabd388f0, + 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3, + 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, + 0xa1f1651d, 0x39af0176, 0x66ca593e, 0x82430e88, + 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe, + 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, + 0x4ed3aa62, 0x363f7706, 0x1bfedf72, 0x429b023d, + 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b, + 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, + 0xe3fe501a, 0xb6794c3b, 0x976ce0bd, 0x04c006ba, + 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463, + 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, + 0x6dfc511f, 0x9b30952c, 0xcc814544, 0xaf5ebd09, + 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3, + 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, + 0x5579c0bd, 0x1a60320a, 0xd6a100c6, 0x402c7279, + 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8, + 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, + 0x323db5fa, 0xfd238760, 0x53317b48, 0x3e00df82, + 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db, + 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, + 0x695b27b0, 0xbbca58c8, 0xe1ffa35d, 0xb8f011a0, + 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b, + 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, + 0xe1ddf2da, 0xa4cb7e33, 0x62fb1341, 0xcee4c6e8, + 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4, + 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, + 0xd08ed1d0, 0xafc725e0, 0x8e3c5b2f, 0x8e7594b7, + 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c, + 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, + 0x2f2f2218, 0xbe0e1777, 0xea752dfe, 0x8b021fa1, + 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299, + 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, + 0x165fa266, 0x80957705, 0x93cc7314, 0x211a1477, + 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf, + 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, + 0x00250e2d, 0x2071b35e, 0x226800bb, 0x57b8e0af, + 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa, + 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, + 0x83260376, 0x6295cfa9, 0x11c81968, 0x4e734a41, + 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915, + 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, + 0x08ba6fb5, 0x571be91f, 0xf296ec6b, 0x2a0dd915, + 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664, + 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a, + 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, + 0xad6ea6b0, 0x49a7df7d, 0x9cee60b8, 0x8fedb266, + 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1, + 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, + 0x3f54989a, 0x5b429d65, 0x6b8fe4d6, 0x99f73fd6, + 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1, + 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, + 0x09686b3f, 0x3ebaefc9, 0x3c971814, 0x6b6a70a1, + 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737, + 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, + 0xb03ada37, 0xf0500c0d, 0xf01c1f04, 0x0200b3ff, + 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd, + 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, + 0x3ae5e581, 0x37c2dadc, 0xc8b57634, 0x9af3dda7, + 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41, + 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, + 0x4e548b38, 0x4f6db908, 0x6f420d03, 0xf60a04bf, + 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af, + 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, + 0x5512721f, 0x2e6b7124, 0x501adde6, 0x9f84cd87, + 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c, + 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, + 0xef1c1847, 0x3215d908, 0xdd433b37, 0x24c2ba16, + 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd, + 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, + 0x043556f1, 0xd7a3c76b, 0x3c11183b, 0x5924a509, + 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e, + 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, + 0x771fe71c, 0x4e3d06fa, 0x2965dcb9, 0x99e71d0f, + 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a, + 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, + 0xf2f74ea7, 0x361d2b3d, 0x1939260f, 0x19c27960, + 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66, + 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, + 0xc332ddef, 0xbe6c5aa5, 0x65582185, 0x68ab9802, + 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84, + 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, + 0x13cca830, 0xeb61bd96, 0x0334fe1e, 0xaa0363cf, + 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14, + 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, + 0x648b1eaf, 0x19bdf0ca, 0xa02369b9, 0x655abb50, + 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7, + 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, + 0xf837889a, 0x97e32d77, 0x11ed935f, 0x16681281, + 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99, + 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, + 0xcdb30aeb, 0x532e3054, 0x8fd948e4, 0x6dbc3128, + 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73, + 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, + 0x45eee2b6, 0xa3aaabea, 0xdb6c4f15, 0xfacb4fd0, + 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105, + 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, + 0xcf62a1f2, 0x5b8d2646, 0xfc8883a0, 0xc1c7b6a3, + 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285, + 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, + 0x58428d2a, 0x0c55f5ea, 0x1dadf43e, 0x233f7061, + 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb, + 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, + 0xa6078084, 0x19f8509e, 0xe8efd855, 0x61d99735, + 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc, + 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, + 0xdb73dbd3, 0x105588cd, 0x675fda79, 0xe3674340, + 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20, + 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7, + 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, + 0x411520f7, 0x7602d4f7, 0xbcf46b2e, 0xd4a20068, + 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af, + 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, + 0x4d95fc1d, 0x96b591af, 0x70f4ddd3, 0x66a02f45, + 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504, + 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, + 0x28507825, 0x530429f4, 0x0a2c86da, 0xe9b66dfb, + 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee, + 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, + 0xaace1e7c, 0xd3375fec, 0xce78a399, 0x406b2a42, + 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b, + 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, + 0x3a6efa74, 0xdd5b4332, 0x6841e7f7, 0xca7820fb, + 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527, + 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, + 0x55a867bc, 0xa1159a58, 0xcca92963, 0x99e1db33, + 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c, + 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, + 0x95c11548, 0xe4c66d22, 0x48c1133f, 0xc70f86dc, + 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17, + 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, + 0x257b7834, 0x602a9c60, 0xdff8e8a3, 0x1f636c1b, + 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115, + 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, + 0x85b2a20e, 0xe6ba0d99, 0xde720c8c, 0x2da2f728, + 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0, + 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, + 0x0a476341, 0x992eff74, 0x3a6f6eab, 0xf4f8fd37, + 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d, + 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, + 0xf1290dc7, 0xcc00ffa3, 0xb5390f92, 0x690fed0b, + 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3, + 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, + 0x37392eb3, 0xcc115979, 0x8026e297, 0xf42e312d, + 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c, + 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, + 0x1a6b1018, 0x11caedfa, 0x3d25bdd8, 0xe2e1c3c9, + 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a, + 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, + 0x9dbc8057, 0xf0f7c086, 0x60787bf8, 0x6003604d, + 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc, + 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, + 0x77a057be, 0xbde8ae24, 0x55464299, 0xbf582e61, + 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2, + 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, + 0x7aeb2661, 0x8b1ddf84, 0x846a0e79, 0x915f95e2, + 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c, + 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, + 0xb77f19b6, 0xe0a9dc09, 0x662d09a1, 0xc4324633, + 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10, + 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, + 0xdcb7da83, 0x573906fe, 0xa1e2ce9b, 0x4fcd7f52, + 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027, + 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, + 0xf0177a28, 0xc0f586e0, 0x006058aa, 0x30dc7d62, + 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634, + 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, + 0x6f05e409, 0x4b7c0188, 0x39720a3d, 0x7c927c24, + 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc, + 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, + 0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c, + 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837, + 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0, + 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, + 0x5cb0679e, 0x4fa33742, 0xd3822740, 0x99bc9bbe, + 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b, + 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, + 0x5748ab2f, 0xbc946e79, 0xc6a376d2, 0x6549c2c8, + 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6, + 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, + 0xa1fad5f0, 0x6a2d519a, 0x63ef8ce2, 0x9a86ee22, + 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4, + 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, + 0x2826a2f9, 0xa73a3ae1, 0x4ba99586, 0xef5562e9, + 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59, + 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, + 0xe990fd5a, 0x9e34d797, 0x2cf0b7d9, 0x022b8b51, + 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28, + 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, + 0xe029ac71, 0xe019a5e6, 0x47b0acfd, 0xed93fa9b, + 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28, + 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, + 0x15056dd4, 0x88f46dba, 0x03a16125, 0x0564f0bd, + 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a, + 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, + 0x7533d928, 0xb155fdf5, 0x03563482, 0x8aba3cbb, + 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f, + 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, + 0xea7a90c2, 0xfb3e7bce, 0x5121ce64, 0x774fbe32, + 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680, + 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, + 0xb39a460a, 0x6445c0dd, 0x586cdecf, 0x1c20c8ae, + 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb, + 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, + 0x72eacea8, 0xfa6484bb, 0x8d6612ae, 0xbf3c6f47, + 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370, + 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, + 0x4040cb08, 0x4eb4e2cc, 0x34d2466a, 0x0115af84, + 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048, + 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, + 0x611560b1, 0xe7933fdc, 0xbb3a792b, 0x344525bd, + 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9, + 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, + 0x1a908749, 0xd44fbd9a, 0xd0dadecb, 0xd50ada38, + 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f, + 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, + 0xbf97222c, 0x15e6fc2a, 0x0f91fc71, 0x9b941525, + 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1, + 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, + 0xe0ec6e0e, 0x1698db3b, 0x4c98a0be, 0x3278e964, + 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e, + 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, + 0xdf359f8d, 0x9b992f2e, 0xe60b6f47, 0x0fe3f11d, + 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f, + 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, + 0xf523f357, 0xa6327623, 0x93a83531, 0x56cccd02, + 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc, + 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, + 0xe6c6c7bd, 0x327a140a, 0x45e1d006, 0xc3f27b9a, + 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6, + 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, + 0x53113ec0, 0x1640e3d3, 0x38abbd60, 0x2547adf0, + 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060, + 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, + 0x1948c25c, 0x02fb8a8c, 0x01c36ae4, 0xd6ebe1f9, + 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f, + 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6, +}; + +typedef struct blow_key { + u32 P[18]; + u32 S[1024]; +} blow_key; + +/* + * Round loop unrolling macros, S is a pointer to a S-Box array + * organized in 4 unsigned longs at a row. + */ + +#define GET32_3(x) (((x) & 0xff)) +#define GET32_2(x) (((x) >> (8)) & (0xff)) +#define GET32_1(x) (((x) >> (16)) & (0xff)) +#define GET32_0(x) (((x) >> (24)) & (0xff)) + +#define bf_F(x) (((S[GET32_0(x)] + S[256 + GET32_1(x)]) ^ \ + S[512 + GET32_2(x)]) + S[768 + GET32_3(x)]) + +#define ROUND(a, b, n) b^=P[n];a ^= bf_F(b) + +/* + * The blowfish encipher, processes 64-bit blocks. + * NOTE: This function MUSTN'T respect endianess + */ + +int +blowfish_old_encrypt (struct cipher_context *cx, + const u8 * in8, u8 * out8, int size, int atomic) +{ + blow_key *key = (blow_key *) cx->keyinfo; + u32 *in_blk = (u32 *) in8; + u32 *out_blk = (u32 *) out8; + + u32 yl, yr; + + u32 *P = key->P; + u32 *S = key->S; + + for (; size >= 8; size -= 8) { + yl = *(in_blk++); + yr = *(in_blk++); + + ROUND (yr, yl, 0); + ROUND (yl, yr, 1); + ROUND (yr, yl, 2); + ROUND (yl, yr, 3); + ROUND (yr, yl, 4); + ROUND (yl, yr, 5); + ROUND (yr, yl, 6); + ROUND (yl, yr, 7); + ROUND (yr, yl, 8); + ROUND (yl, yr, 9); + ROUND (yr, yl, 10); + ROUND (yl, yr, 11); + ROUND (yr, yl, 12); + ROUND (yl, yr, 13); + ROUND (yr, yl, 14); + ROUND (yl, yr, 15); + + /* yl and yr are switched */ + yl ^= P[16]; + yr ^= P[17]; + + *(out_blk++) = yr; + *(out_blk++) = yl; + } + return 0; +} + +int +blowfish_old_decrypt (struct cipher_context *cx, + const u8 * in8, u8 * out8, int size, int atomic) +{ + blow_key *key = (blow_key *) cx->keyinfo; + u32 *in_blk = (u32 *) in8; + u32 *out_blk = (u32 *) out8; + + u32 yl, yr; + + u32 *P = key->P; + u32 *S = key->S; + + for (; size >= 8; size -= 8) { + yl = *(in_blk++); + yr = *(in_blk++); + + ROUND (yr, yl, 17); + ROUND (yl, yr, 16); + ROUND (yr, yl, 15); + ROUND (yl, yr, 14); + ROUND (yr, yl, 13); + ROUND (yl, yr, 12); + ROUND (yr, yl, 11); + ROUND (yl, yr, 10); + ROUND (yr, yl, 9); + ROUND (yl, yr, 8); + ROUND (yr, yl, 7); + ROUND (yl, yr, 6); + ROUND (yr, yl, 5); + ROUND (yl, yr, 4); + ROUND (yr, yl, 3); + ROUND (yl, yr, 2); + + /* yl and yr are switched */ + yl ^= P[1]; + yr ^= P[0]; + + *(out_blk++) = yr; + *(out_blk++) = yl; + } + return 0; +} + +/* Sets the blowfish S and P boxes for encryption and decryption. */ + +int +blowfish_old_set_key (struct cipher_context *cx, + const unsigned char *key, int key_len, int atomic) +{ + blow_key *key2 = (blow_key *) cx->keyinfo; + short i; + short j; + short count; + u32 data[2]; + u32 temp; + u32 *P = key2->P; + u32 *S = key2->S; + + /* Check key length. */ + + if (key_len != 8 && key_len != 16 && key_len != 20 && key_len != 24 && key_len != 32) + return -EINVAL; /* unsupported key length */ + + /* Copy the initialization s-boxes */ + + for (i = 0, count = 0; i < 256; i++) + for (j = 0; j < 4; j++, count++) + S[count] = bf_sbox[count]; + + /* Set the p-boxes */ + + for (i = 0; i < 16 + 2; i++) + P[i] = bf_pbox[i]; + + /* Actual subkey generation */ + + for (j = 0, i = 0; i < 16 + 2; i++) { + temp = (((u32) key[j] << 24) | + ((u32) key[(j + 1) % key_len] << 16) | + ((u32) key[(j + 2) % key_len] << 8) | + ((u32) key[(j + 3) % key_len])); + + P[i] = P[i] ^ temp; + j = (j + 4) % key_len; + } + + data[0] = 0x00000000; + data[1] = 0x00000000; + + for (i = 0; i < 16 + 2; i += 2) { + blowfish_old_encrypt (cx, (u8 *) data, (u8 *) data, 8, atomic); + + P[i] = data[0]; + P[i + 1] = data[1]; + } + + for (i = 0; i < 4; i++) { + for (j = 0, count = i * 256; j < 256; j += 2, count += 2) { + blowfish_old_encrypt (cx, (u8 *) data, (u8 *) data, 8, + atomic); + + S[count] = data[0]; + S[count + 1] = data[1]; + } + } + return 0; +} + +static void +blowfish_old_lock (void) +{ + MOD_INC_USE_COUNT; +} + +static void +blowfish_old_unlock (void) +{ + MOD_DEC_USE_COUNT; +} + +#define CIPHER_BITS_64 +#define CIPHER_NAME(x) blowfish_old##x +#include "gen-cbc.h" +#include "gen-ecb.h" + +#define BLOWFISH_OLD_KEY_SCHEDULE_SIZE ((18+1024)*sizeof(u32)) + +static struct cipher_implementation blowfish_old_ecb = { + {{NULL, NULL}, CIPHER_MODE_ECB, "blowfish_old-ecb"}, + blocksize:8, + ivsize:0, + key_schedule_size:sizeof (blow_key), + key_size_mask:CIPHER_KEYSIZE_128 | CIPHER_KEYSIZE_160 | + CIPHER_KEYSIZE_192 | CIPHER_KEYSIZE_256, + INIT_CIPHER_BLKOPS (blowfish_old_ecb), + INIT_CIPHER_OPS (blowfish_old) +}; + +static struct cipher_implementation blowfish_old_cbc = { + {{NULL, NULL}, CIPHER_MODE_CBC, "blowfish_old-cbc"}, + blocksize:8, + ivsize:8, + key_schedule_size:sizeof (blow_key), + key_size_mask:CIPHER_KEYSIZE_128 | CIPHER_KEYSIZE_160 | + CIPHER_KEYSIZE_192 | CIPHER_KEYSIZE_256, + INIT_CIPHER_BLKOPS (blowfish_old_cbc), + INIT_CIPHER_OPS (blowfish_old) +}; + +static int __init +init_blowfish_old (void) +{ + if (register_cipher (&blowfish_old_ecb)) + printk (KERN_WARNING + "Couldn't register blowfish_old-ecb encryption\n"); + if (register_cipher (&blowfish_old_cbc)) + printk (KERN_WARNING + "Couldn't register blowfish_old-cbc encryption\n"); + + return 0; +} + +static void __exit +cleanup_blowfish_old (void) +{ + if (unregister_cipher (&blowfish_old_ecb)) + printk (KERN_WARNING + "Couldn't unregister blowfish_old-ecb encryption\n"); + if (unregister_cipher (&blowfish_old_cbc)) + printk (KERN_WARNING + "Couldn't unregister blowfish_old-cbc encryption\n"); +} + +module_init (init_blowfish_old); +module_exit (cleanup_blowfish_old); + +EXPORT_NO_SYMBOLS; + +/* eof */ diff -Nur linux-2.4.18/crypto/ciphers/cipher-cast5.c linux-int-2.4.18/crypto/ciphers/cipher-cast5.c --- linux-2.4.18/crypto/ciphers/cipher-cast5.c Thu Jan 1 01:00:00 1970 +++ linux-int-2.4.18/crypto/ciphers/cipher-cast5.c Wed Apr 3 17:28:57 2002 @@ -0,0 +1,784 @@ +/* + * cipher-cast5.c - CAST5 cipher (RFC2144) + * + * Copyright (C) 2002 Kyle McMartin + * Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc. + * + * This cipher is available royalty-free for both commercial and + * non-commercial use worldwide. + * + * This module is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published + * by the Free Software Foundation; either version 2 of the License, or + * at your option any later version. + * + */ + +#include +#include +#include +#include + +#include + +#ifdef MODULE_LICENSE +MODULE_LICENSE("GPL"); +#endif + +#define CAST5_BLOCKSIZE 8 /* blocksize in bytes */ + +typedef struct { + u8 Kr[16]; + u32 Km[16]; +} CAST5_context; + +static const u32 sbox[8][256] = { + { 0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a, + 0x1e213f2f, 0x9c004dd3, 0x6003e540, 0xcf9fc949, + 0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675, + 0x6e63a0e0, 0x15c361d2, 0xc2e7661d, 0x22d4ff8e, + 0x28683b6f, 0xc07fd059, 0xff2379c8, 0x775f50e2, + 0x43c340d3, 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d, + 0xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f, + 0x2abe32e1, 0xaa54166b, 0x22568e3a, 0xa2d341d0, + 0x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de, + 0x97943fac, 0x4a97c1d8, 0x527644b7, 0xb5f437a7, + 0xb82cbaef, 0xd751d159, 0x6ff7f0ed, 0x5a097a1f, + 0x827b68d0, 0x90ecf52e, 0x22b0c054, 0xbc8e5935, + 0x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d, + 0xb7332290, 0xe93b159f, 0xb48ee411, 0x4bff345d, + 0xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165, + 0xd5b1caad, 0xa1ac2dae, 0xa2d4b76d, 0xc19b0c50, + 0x882240f2, 0x0c6e4f38, 0xa4e4bfd7, 0x4f5ba272, + 0x564c1d2f, 0xc59c5319, 0xb949e354, 0xb04669fe, + 0xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d, + 0x57538ad5, 0x6a390493, 0xe63d37e0, 0x2a54f6b3, + 0x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a, + 0x29f9d4d5, 0xf61b1891, 0xbb72275e, 0xaa508167, + 0x38901091, 0xc6b505eb, 0x84c7cb8c, 0x2ad75a0f, + 0x874a1427, 0xa2d1936b, 0x2ad286af, 0xaa56d291, + 0xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9, + 0x6c00b32d, 0x73e2bb14, 0xa0bebc3c, 0x54623779, + 0x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6, + 0x04ee002e, 0x89fe78e6, 0x3fab0950, 0x325ff6c2, + 0x81383f05, 0x6963c5c8, 0x76cb5ad6, 0xd49974c9, + 0xca180dcf, 0x380782d5, 0xc7fa5cf6, 0x8ac31511, + 0x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e, + 0x31366241, 0x051ef495, 0xaa573b04, 0x4a805d8d, + 0x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e, + 0x75c6372b, 0x50afd341, 0xa7c13275, 0x915a0bf5, + 0x6b54bfab, 0x2b0b1426, 0xab4cc9d7, 0x449ccd82, + 0xf7fbf265, 0xab85c5f3, 0x1b55db94, 0xaad4e324, + 0xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac, + 0xeadf55b3, 0xd5bd9e98, 0xe31231b2, 0x2ad5ad6c, + 0x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f, + 0xaa786bf6, 0x22513f1e, 0xaa51a79b, 0x2ad344cc, + 0x7b5a41f0, 0xd37cfbad, 0x1b069505, 0x41ece491, + 0xb4c332e6, 0x032268d4, 0xc9600acc, 0xce387e6d, + 0xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de, + 0xe01063da, 0x4736f464, 0x5ad328d8, 0xb347cc96, + 0x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a, + 0xe11f0abc, 0xbfc5fe4a, 0xa70aec10, 0xac39570a, + 0x3f04442f, 0x6188b153, 0xe0397a2e, 0x5727cb79, + 0x9ceb418f, 0x1cacd68d, 0x2ad37c96, 0x0175cb9d, + 0xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779, + 0x4744ead4, 0xb11c3274, 0xdd24cb9e, 0x7e1c54bd, + 0xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755, + 0xd47c27af, 0x51c85f4d, 0x56907596, 0xa5bb15e6, + 0x580304f0, 0xca042cf1, 0x011a37ea, 0x8dbfaadb, + 0x35ba3e4a, 0x3526ffa0, 0xc37b4d09, 0xbc306ed9, + 0x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0, + 0x7c63b2cf, 0x700b45e1, 0xd5ea50f1, 0x85a92872, + 0xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79, + 0x42e04198, 0x0cd0ede7, 0x26470db8, 0xf881814c, + 0x474d6ad7, 0x7c0c5e5c, 0xd1231959, 0x381b7298, + 0xf5d2f4db, 0xab838653, 0x6e2f1e23, 0x83719c9e, + 0xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571, + 0x962bda1c, 0xe1e696ff, 0xb141ab08, 0x7cca89b9, + 0x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d, + 0x427b169c, 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf }, + + { 0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380, + 0xfe61cf7a, 0xeec5207a, 0x55889c94, 0x72fc0651, + 0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba, + 0x99c430ef, 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3, + 0xa0b52f7b, 0x59e83605, 0xee15b094, 0xe9ffd909, + 0xdc440086, 0xef944459, 0xba83ccb3, 0xe0c3cdfb, + 0xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b, + 0x01420ddb, 0xe4e7ef5b, 0x25a1ff41, 0xe180f806, + 0x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4, + 0x98de8b7f, 0x77e83f4e, 0x79929269, 0x24fa9f7b, + 0xe113c85b, 0xacc40083, 0xd7503525, 0xf7ea615f, + 0x62143154, 0x0d554b63, 0x5d681121, 0xc866c359, + 0x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21, + 0x071f6181, 0x39f7627f, 0x361e3084, 0xe4eb573b, + 0x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d, + 0x2701f50c, 0x99847ab4, 0xa0e3df79, 0xba6cf38c, + 0x10843094, 0x2537a95e, 0xf46f6ffe, 0xa1ff3b1f, + 0x208cfb6a, 0x8f458c74, 0xd9e0a227, 0x4ec73a34, + 0xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d, + 0x8a45388c, 0x1d804366, 0x721d9bfd, 0xa58684bb, + 0xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4, + 0xce280ae1, 0x27e19ba5, 0xd5a6c252, 0xe49754bd, + 0xc5d655dd, 0xeb667064, 0x77840b4d, 0xa1b6a801, + 0x84db26a9, 0xe0b56714, 0x21f043b7, 0xe5d05860, + 0x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755, + 0xb5625dbf, 0x68561be6, 0x83ca6b94, 0x2d6ed23b, + 0xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709, + 0x33b4a34c, 0x397bc8d6, 0x5ee22b95, 0x5f0e5304, + 0x81ed6f61, 0x20e74364, 0xb45e1378, 0xde18639b, + 0x881ca122, 0xb96726d1, 0x8049a7e8, 0x22b7da7b, + 0x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c, + 0x488cb402, 0x1ba4fe5b, 0xa4b09f6b, 0x1ca815cf, + 0xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9, + 0x0beeff53, 0xe3214517, 0xb4542835, 0x9f63293c, + 0xee41e729, 0x6e1d2d7c, 0x50045286, 0x1e6685f3, + 0xf33401c6, 0x30a22c95, 0x31a70850, 0x60930f13, + 0x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9, + 0xcdff33a6, 0xa02b1741, 0x7cbad9a2, 0x2180036f, + 0x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab, + 0x80342676, 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6, + 0xcdf0b680, 0x17844d3b, 0x31eef84d, 0x7e0824e4, + 0x2ccb49eb, 0x846a3bae, 0x8ff77888, 0xee5d60f6, + 0x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43, + 0xb3faec54, 0x157fd7fa, 0xef8579cc, 0xd152de58, + 0xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8, + 0x99319ad5, 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906, + 0xb8da230c, 0x80823028, 0xdcdef3c8, 0xd35fb171, + 0x088a1bc8, 0xbec0c560, 0x61a3c9e8, 0xbca8f54d, + 0xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89, + 0x8b1c34bc, 0x301e16e6, 0x273be979, 0xb0ffeaa6, + 0x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b, + 0x43daf65a, 0xf7e19798, 0x7619b72f, 0x8f1c9ba4, + 0xdc8637a0, 0x16a7d3b1, 0x9fc393b7, 0xa7136eeb, + 0xc6bcc63e, 0x1a513742, 0xef6828bc, 0x520365d6, + 0x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e, + 0xdb92f2fb, 0x5eea29cb, 0x145892f5, 0x91584f7f, + 0x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea, + 0x833860d4, 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249, + 0xb284600c, 0xd835731d, 0xdcb1c647, 0xac4c56ea, + 0x3ebd81b3, 0x230eabb0, 0x6438bc87, 0xf0b5b1fa, + 0x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd, + 0x649da589, 0xa345415e, 0x5c038323, 0x3e5d3bb9, + 0x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef, + 0x7160a539, 0x73bfbe70, 0x83877605, 0x4523ecf1 }, + + { 0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907, + 0x47607fff, 0x369fe44b, 0x8c1fc644, 0xaececa90, + 0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae, + 0x920e8806, 0xf0ad0548, 0xe13c8d83, 0x927010d5, + 0x11107d9f, 0x07647db9, 0xb2e3e4d4, 0x3d4f285e, + 0xb9afa820, 0xfade82e0, 0xa067268b, 0x8272792e, + 0x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc, + 0x21fffcee, 0x825b1bfd, 0x9255c5ed, 0x1257a240, + 0x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e, + 0x3373f7bf, 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5, + 0xa8c01db7, 0x579fc264, 0x67094f31, 0xf2bd3f5f, + 0x40fff7c1, 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b, + 0x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99, + 0xa197c81c, 0x4a012d6e, 0xc5884a28, 0xccc36f71, + 0xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f, + 0x2f7fe850, 0xd7c07f7e, 0x02507fbf, 0x5afb9a04, + 0xa747d2d0, 0x1651192e, 0xaf70bf3e, 0x58c31380, + 0x5f98302e, 0x727cc3c4, 0x0a0fb402, 0x0f7fef82, + 0x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8, + 0x8427f4a0, 0x1eac5790, 0x796fb449, 0x8252dc15, + 0xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504, + 0xfa5d7403, 0xe83ec305, 0x4f91751a, 0x925669c2, + 0x23efe941, 0xa903f12e, 0x60270df2, 0x0276e4b6, + 0x94fd6574, 0x927985b2, 0x8276dbcb, 0x02778176, + 0xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e, + 0x842f7d83, 0x340ce5c8, 0x96bbb682, 0x93b4b148, + 0xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d, + 0x224d1e20, 0x8437aa88, 0x7d29dc96, 0x2756d3dc, + 0x8b907cee, 0xb51fd240, 0xe7c07ce3, 0xe566b4a1, + 0xc3e9615e, 0x3cf8209d, 0x6094d1e3, 0xcd9ca341, + 0x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c, + 0xf76cedd9, 0xbda8229c, 0x127dadaa, 0x438a074e, + 0x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15, + 0x97b03cff, 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51, + 0x68cc7bfb, 0xd90f2788, 0x12490181, 0x5de5ffd4, + 0xdd7ef86a, 0x76a2e214, 0xb9a40368, 0x925d958f, + 0x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b, + 0x6d498623, 0x193cbcfa, 0x27627545, 0x825cf47a, + 0x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392, + 0x10428db7, 0x8272a972, 0x9270c4a8, 0x127de50b, + 0x285ba1c8, 0x3c62f44f, 0x35c0eaa5, 0xe805d231, + 0x428929fb, 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b, + 0x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889, + 0x694bcc11, 0x236a5cae, 0x12deca4d, 0x2c3f8cc5, + 0xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67, + 0x494a488c, 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45, + 0x3a609437, 0xec00c9a9, 0x44715253, 0x0a874b49, + 0xd773bc40, 0x7c34671c, 0x02717ef6, 0x4feb5536, + 0xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d, + 0x07478cd1, 0x006e1888, 0xa2e53f55, 0xb9e6d4bc, + 0xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d, + 0x72f87b33, 0xabcc4f33, 0x7688c55d, 0x7b00a6b0, + 0x947b0001, 0x570075d2, 0xf9bb88f8, 0x8942019e, + 0x4264a5ff, 0x856302e0, 0x72dbd92b, 0xee971b69, + 0x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767, + 0xcf1febd2, 0x61efc8c2, 0xf1ac2571, 0xcc8239c2, + 0x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce, + 0xf90a5c38, 0x0ff0443d, 0x606e6dc6, 0x60543a49, + 0x5727c148, 0x2be98a1d, 0x8ab41738, 0x20e1be24, + 0xaf96da0f, 0x68458425, 0x99833be5, 0x600d457d, + 0x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0, + 0x642b1e31, 0x9c305a00, 0x52bce688, 0x1b03588a, + 0xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5, + 0xdfef4636, 0xa133c501, 0xe9d3531c, 0xee353783 }, + + { 0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298, + 0x4a4f7bdb, 0x64ad8c57, 0x85510443, 0xfa020ed1, + 0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120, + 0xfd059d43, 0x6497b7b1, 0xf3641f63, 0x241e4adf, + 0x28147f5f, 0x4fa2b8cd, 0xc9430040, 0x0cc32220, + 0xfdd30b30, 0xc0a5374f, 0x1d2d00d9, 0x24147b15, + 0xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe, + 0x1a05645f, 0x0c13fefe, 0x081b08ca, 0x05170121, + 0x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701, + 0xd2b8ee5f, 0x06df4261, 0xbb9e9b8a, 0x7293ea25, + 0xce84ffdf, 0xf5718801, 0x3dd64b04, 0xa26f263b, + 0x7ed48400, 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5, + 0x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93, + 0xd3772061, 0x11b638e1, 0x72500e03, 0xf80eb2bb, + 0xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746, + 0xc9335400, 0x6920318f, 0x081dbb99, 0xffc304a5, + 0x4d351805, 0x7f3d5ce3, 0xa6c866c6, 0x5d5bcca9, + 0xdaec6fea, 0x9f926f91, 0x9f46222f, 0x3991467d, + 0xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb, + 0x022083b8, 0x3fb6180c, 0x18f8931e, 0x281658e6, + 0x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c, + 0xf32d0a25, 0x79098b02, 0xe4eabb81, 0x28123b23, + 0x69dead38, 0x1574ca16, 0xdf871b62, 0x211c40b7, + 0xa51a9ef9, 0x0014377b, 0x041e8ac8, 0x09114003, + 0xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340, + 0x557be8de, 0x00eae4a7, 0x0ce5c2ec, 0x4db4bba6, + 0xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327, + 0x99afc8b0, 0x56c8c391, 0x6b65811c, 0x5e146119, + 0x6e85cb75, 0xbe07c002, 0xc2325577, 0x893ff4ec, + 0x5bbfc92d, 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24, + 0x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205, + 0xaac9548a, 0xeca1d7c7, 0x041afa32, 0x1d16625a, + 0x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031, + 0x36cc6fdb, 0xc70b8b46, 0xd9e66a48, 0x56e55a79, + 0x026a4ceb, 0x52437eff, 0x2f8f76b4, 0x0df980a5, + 0x8674cde3, 0xedda04eb, 0x17a9be04, 0x2c18f4df, + 0xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c, + 0x1741a254, 0xe5b6a035, 0x213d42f6, 0x2c1c7c26, + 0x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69, + 0xd8167fa2, 0x0418f2c8, 0x001a96a6, 0x0d1526ab, + 0x63315c21, 0x5e0a72ec, 0x49bafefd, 0x187908d9, + 0x8d0dbd86, 0x311170a7, 0x3e9b640c, 0xcc3e10d7, + 0xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff, + 0x71eae2a1, 0x1f9af36e, 0xcfcbd12f, 0xc1de8417, + 0xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3, + 0xb1c52fca, 0xb4be31cd, 0xd8782806, 0x12a3a4e2, + 0x6f7de532, 0x58fd7eb6, 0xd01ee900, 0x24adffc2, + 0xf4990fc5, 0x9711aac5, 0x001d7b95, 0x82e5e7d2, + 0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff, + 0x29908415, 0x7fbb977f, 0xaf9eb3db, 0x29c9ed2a, + 0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091, + 0xd49e2ce7, 0x0ce454a9, 0xd60acd86, 0x015f1919, + 0x77079103, 0xdea03af6, 0x78a8565e, 0xdee356df, + 0x21f05cbe, 0x8b75e387, 0xb3c50651, 0xb8a5c3ef, + 0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf, + 0xafe67afb, 0xf470c4b2, 0xf3e0eb5b, 0xd6cc9876, + 0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367, + 0xa99144f8, 0x296b299e, 0x492fc295, 0x9266beab, + 0xb5676e69, 0x9bd3ddda, 0xdf7e052f, 0xdb25701c, + 0x1b5e51ee, 0xf65324e6, 0x6afce36c, 0x0316cc04, + 0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43, + 0x41823979, 0x932bcdf6, 0xb657c34d, 0x4edfd282, + 0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e, + 0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2 }, + + { 0x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911, + 0xb86a7fff, 0x1dd358f5, 0x44dd9d44, 0x1731167f, + 0x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00, + 0x2ab722d8, 0x386381cb, 0xacf6243a, 0x69befd7a, + 0xe6a2e77f, 0xf0c720cd, 0xc4494816, 0xccf5c180, + 0x38851640, 0x15b0a848, 0xe68b18cb, 0x4caadeff, + 0x5f480a01, 0x0412b2aa, 0x259814fc, 0x41d0efe2, + 0x4e40b48d, 0x248eb6fb, 0x8dba1cfe, 0x41a99b02, + 0x1a550a04, 0xba8f65cb, 0x7251f4e7, 0x95a51725, + 0xc106ecd7, 0x97a5980a, 0xc539b9aa, 0x4d79fe6a, + 0xf2f3f763, 0x68af8040, 0xed0c9e56, 0x11b4958b, + 0xe1eb5a88, 0x8709e6b0, 0xd7e07156, 0x4e29fea7, + 0x6366e52d, 0x02d1c000, 0xc4ac8e05, 0x9377f571, + 0x0c05372a, 0x578535f2, 0x2261be02, 0xd642a0c9, + 0xdf13a280, 0x74b55bd2, 0x682199c0, 0xd421e5ec, + 0x53fb3ce8, 0xc8adedb3, 0x28a87fc9, 0x3d959981, + 0x5c1ff900, 0xfe38d399, 0x0c4eff0b, 0x062407ea, + 0xaa2f4fb1, 0x4fb96976, 0x90c79505, 0xb0a8a774, + 0xef55a1ff, 0xe59ca2c2, 0xa6b62d27, 0xe66a4263, + 0xdf65001f, 0x0ec50966, 0xdfdd55bc, 0x29de0655, + 0x911e739a, 0x17af8975, 0x32c7911c, 0x89f89468, + 0x0d01e980, 0x524755f4, 0x03b63cc9, 0x0cc844b2, + 0xbcf3f0aa, 0x87ac36e9, 0xe53a7426, 0x01b3d82b, + 0x1a9e7449, 0x64ee2d7e, 0xcddbb1da, 0x01c94910, + 0xb868bf80, 0x0d26f3fd, 0x9342ede7, 0x04a5c284, + 0x636737b6, 0x50f5b616, 0xf24766e3, 0x8eca36c1, + 0x136e05db, 0xfef18391, 0xfb887a37, 0xd6e7f7d4, + 0xc7fb7dc9, 0x3063fcdf, 0xb6f589de, 0xec2941da, + 0x26e46695, 0xb7566419, 0xf654efc5, 0xd08d58b7, + 0x48925401, 0xc1bacb7f, 0xe5ff550f, 0xb6083049, + 0x5bb5d0e8, 0x87d72e5a, 0xab6a6ee1, 0x223a66ce, + 0xc62bf3cd, 0x9e0885f9, 0x68cb3e47, 0x086c010f, + 0xa21de820, 0xd18b69de, 0xf3f65777, 0xfa02c3f6, + 0x407edac3, 0xcbb3d550, 0x1793084d, 0xb0d70eba, + 0x0ab378d5, 0xd951fb0c, 0xded7da56, 0x4124bbe4, + 0x94ca0b56, 0x0f5755d1, 0xe0e1e56e, 0x6184b5be, + 0x580a249f, 0x94f74bc0, 0xe327888e, 0x9f7b5561, + 0xc3dc0280, 0x05687715, 0x646c6bd7, 0x44904db3, + 0x66b4f0a3, 0xc0f1648a, 0x697ed5af, 0x49e92ff6, + 0x309e374f, 0x2cb6356a, 0x85808573, 0x4991f840, + 0x76f0ae02, 0x083be84d, 0x28421c9a, 0x44489406, + 0x736e4cb8, 0xc1092910, 0x8bc95fc6, 0x7d869cf4, + 0x134f616f, 0x2e77118d, 0xb31b2be1, 0xaa90b472, + 0x3ca5d717, 0x7d161bba, 0x9cad9010, 0xaf462ba2, + 0x9fe459d2, 0x45d34559, 0xd9f2da13, 0xdbc65487, + 0xf3e4f94e, 0x176d486f, 0x097c13ea, 0x631da5c7, + 0x445f7382, 0x175683f4, 0xcdc66a97, 0x70be0288, + 0xb3cdcf72, 0x6e5dd2f3, 0x20936079, 0x459b80a5, + 0xbe60e2db, 0xa9c23101, 0xeba5315c, 0x224e42f2, + 0x1c5c1572, 0xf6721b2c, 0x1ad2fff3, 0x8c25404e, + 0x324ed72f, 0x4067b7fd, 0x0523138e, 0x5ca3bc78, + 0xdc0fd66e, 0x75922283, 0x784d6b17, 0x58ebb16e, + 0x44094f85, 0x3f481d87, 0xfcfeae7b, 0x77b5ff76, + 0x8c2302bf, 0xaaf47556, 0x5f46b02a, 0x2b092801, + 0x3d38f5f7, 0x0ca81f36, 0x52af4a8a, 0x66d5e7c0, + 0xdf3b0874, 0x95055110, 0x1b5ad7a8, 0xf61ed5ad, + 0x6cf6e479, 0x20758184, 0xd0cefa65, 0x88f7be58, + 0x4a046826, 0x0ff6f8f3, 0xa09c7f70, 0x5346aba0, + 0x5ce96c28, 0xe176eda3, 0x6bac307f, 0x376829d2, + 0x85360fa9, 0x17e3fe2a, 0x24b79767, 0xf5a96b20, + 0xd6cd2595, 0x68ff1ebf, 0x7555442c, 0xf19f06be, + 0xf9e0659a, 0xeeb9491d, 0x34010718, 0xbb30cab8, + 0xe822fe15, 0x88570983, 0x750e6249, 0xda627e55, + 0x5e76ffa8, 0xb1534546, 0x6d47de08, 0xefe9e7d4 }, + + { 0xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c, + 0x95db08e7, 0x016843b4, 0xeced5cbc, 0x325553ac, + 0xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9, + 0x1ab6a6b8, 0xde5ebe39, 0xf38ff732, 0x8989b138, + 0x33f14961, 0xc01937bd, 0xf506c6da, 0xe4625e7e, + 0xa308ea99, 0x4e23e33c, 0x79cbd7cc, 0x48a14367, + 0xa3149619, 0xfec94bd5, 0xa114174a, 0xeaa01866, + 0xa084db2d, 0x09a8486f, 0xa888614a, 0x2900af98, + 0x01665991, 0xe1992863, 0xc8f30c60, 0x2e78ef3c, + 0xd0d51932, 0xcf0fec14, 0xf7ca07d2, 0xd0a82072, + 0xfd41197e, 0x9305a6b0, 0xe86be3da, 0x74bed3cd, + 0x372da53c, 0x4c7f4448, 0xdab5d440, 0x6dba0ec3, + 0x083919a7, 0x9fbaeed9, 0x49dbcfb0, 0x4e670c53, + 0x5c3d9c01, 0x64bdb941, 0x2c0e636a, 0xba7dd9cd, + 0xea6f7388, 0xe70bc762, 0x35f29adb, 0x5c4cdd8d, + 0xf0d48d8c, 0xb88153e2, 0x08a19866, 0x1ae2eac8, + 0x284caf89, 0xaa928223, 0x9334be53, 0x3b3a21bf, + 0x16434be3, 0x9aea3906, 0xefe8c36e, 0xf890cdd9, + 0x80226dae, 0xc340a4a3, 0xdf7e9c09, 0xa694a807, + 0x5b7c5ecc, 0x221db3a6, 0x9a69a02f, 0x68818a54, + 0xceb2296f, 0x53c0843a, 0xfe893655, 0x25bfe68a, + 0xb4628abc, 0xcf222ebf, 0x25ac6f48, 0xa9a99387, + 0x53bddb65, 0xe76ffbe7, 0xe967fd78, 0x0ba93563, + 0x8e342bc1, 0xe8a11be9, 0x4980740d, 0xc8087dfc, + 0x8de4bf99, 0xa11101a0, 0x7fd37975, 0xda5a26c0, + 0xe81f994f, 0x9528cd89, 0xfd339fed, 0xb87834bf, + 0x5f04456d, 0x22258698, 0xc9c4c83b, 0x2dc156be, + 0x4f628daa, 0x57f55ec5, 0xe2220abe, 0xd2916ebf, + 0x4ec75b95, 0x24f2c3c0, 0x42d15d99, 0xcd0d7fa0, + 0x7b6e27ff, 0xa8dc8af0, 0x7345c106, 0xf41e232f, + 0x35162386, 0xe6ea8926, 0x3333b094, 0x157ec6f2, + 0x372b74af, 0x692573e4, 0xe9a9d848, 0xf3160289, + 0x3a62ef1d, 0xa787e238, 0xf3a5f676, 0x74364853, + 0x20951063, 0x4576698d, 0xb6fad407, 0x592af950, + 0x36f73523, 0x4cfb6e87, 0x7da4cec0, 0x6c152daa, + 0xcb0396a8, 0xc50dfe5d, 0xfcd707ab, 0x0921c42f, + 0x89dff0bb, 0x5fe2be78, 0x448f4f33, 0x754613c9, + 0x2b05d08d, 0x48b9d585, 0xdc049441, 0xc8098f9b, + 0x7dede786, 0xc39a3373, 0x42410005, 0x6a091751, + 0x0ef3c8a6, 0x890072d6, 0x28207682, 0xa9a9f7be, + 0xbf32679d, 0xd45b5b75, 0xb353fd00, 0xcbb0e358, + 0x830f220a, 0x1f8fb214, 0xd372cf08, 0xcc3c4a13, + 0x8cf63166, 0x061c87be, 0x88c98f88, 0x6062e397, + 0x47cf8e7a, 0xb6c85283, 0x3cc2acfb, 0x3fc06976, + 0x4e8f0252, 0x64d8314d, 0xda3870e3, 0x1e665459, + 0xc10908f0, 0x513021a5, 0x6c5b68b7, 0x822f8aa0, + 0x3007cd3e, 0x74719eef, 0xdc872681, 0x073340d4, + 0x7e432fd9, 0x0c5ec241, 0x8809286c, 0xf592d891, + 0x08a930f6, 0x957ef305, 0xb7fbffbd, 0xc266e96f, + 0x6fe4ac98, 0xb173ecc0, 0xbc60b42a, 0x953498da, + 0xfba1ae12, 0x2d4bd736, 0x0f25faab, 0xa4f3fceb, + 0xe2969123, 0x257f0c3d, 0x9348af49, 0x361400bc, + 0xe8816f4a, 0x3814f200, 0xa3f94043, 0x9c7a54c2, + 0xbc704f57, 0xda41e7f9, 0xc25ad33a, 0x54f4a084, + 0xb17f5505, 0x59357cbe, 0xedbd15c8, 0x7f97c5ab, + 0xba5ac7b5, 0xb6f6deaf, 0x3a479c3a, 0x5302da25, + 0x653d7e6a, 0x54268d49, 0x51a477ea, 0x5017d55b, + 0xd7d25d88, 0x44136c76, 0x0404a8c8, 0xb8e5a121, + 0xb81a928a, 0x60ed5869, 0x97c55b96, 0xeaec991b, + 0x29935913, 0x01fdb7f1, 0x088e8dfa, 0x9ab6f6f5, + 0x3b4cbf9f, 0x4a5de3ab, 0xe6051d35, 0xa0e1d855, + 0xd36b4cf1, 0xf544edeb, 0xb0e93524, 0xbebb8fbd, + 0xa2d762cf, 0x49c92f54, 0x38b5f331, 0x7128a454, + 0x48392905, 0xa65b1db8, 0x851c97bd, 0xd675cf2f }, + + { 0x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693, + 0x2a8d7f6f, 0xab9bc912, 0xde6008a1, 0x2028da1f, + 0x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82, + 0x2cb2cb11, 0xb232e75c, 0x4b3695f2, 0xb28707de, + 0xa05fbcf6, 0xcd4181e9, 0xe150210c, 0xe24ef1bd, + 0xb168c381, 0xfde4e789, 0x5c79b0d8, 0x1e8bfd43, + 0x4d495001, 0x38be4341, 0x913cee1d, 0x92a79c3f, + 0x089766be, 0xbaeeadf4, 0x1286becf, 0xb6eacb19, + 0x2660c200, 0x7565bde4, 0x64241f7a, 0x8248dca9, + 0xc3b3ad66, 0x28136086, 0x0bd8dfa8, 0x356d1cf2, + 0x107789be, 0xb3b2e9ce, 0x0502aa8f, 0x0bc0351e, + 0x166bf52a, 0xeb12ff82, 0xe3486911, 0xd34d7516, + 0x4e7b3aff, 0x5f43671b, 0x9cf6e037, 0x4981ac83, + 0x334266ce, 0x8c9341b7, 0xd0d854c0, 0xcb3a6c88, + 0x47bc2829, 0x4725ba37, 0xa66ad22b, 0x7ad61f1e, + 0x0c5cbafa, 0x4437f107, 0xb6e79962, 0x42d2d816, + 0x0a961288, 0xe1a5c06e, 0x13749e67, 0x72fc081a, + 0xb1d139f7, 0xf9583745, 0xcf19df58, 0xbec3f756, + 0xc06eba30, 0x07211b24, 0x45c28829, 0xc95e317f, + 0xbc8ec511, 0x38bc46e9, 0xc6e6fa14, 0xbae8584a, + 0xad4ebc46, 0x468f508b, 0x7829435f, 0xf124183b, + 0x821dba9f, 0xaff60ff4, 0xea2c4e6d, 0x16e39264, + 0x92544a8b, 0x009b4fc3, 0xaba68ced, 0x9ac96f78, + 0x06a5b79a, 0xb2856e6e, 0x1aec3ca9, 0xbe838688, + 0x0e0804e9, 0x55f1be56, 0xe7e5363b, 0xb3a1f25d, + 0xf7debb85, 0x61fe033c, 0x16746233, 0x3c034c28, + 0xda6d0c74, 0x79aac56c, 0x3ce4e1ad, 0x51f0c802, + 0x98f8f35a, 0x1626a49f, 0xeed82b29, 0x1d382fe3, + 0x0c4fb99a, 0xbb325778, 0x3ec6d97b, 0x6e77a6a9, + 0xcb658b5c, 0xd45230c7, 0x2bd1408b, 0x60c03eb7, + 0xb9068d78, 0xa33754f4, 0xf430c87d, 0xc8a71302, + 0xb96d8c32, 0xebd4e7be, 0xbe8b9d2d, 0x7979fb06, + 0xe7225308, 0x8b75cf77, 0x11ef8da4, 0xe083c858, + 0x8d6b786f, 0x5a6317a6, 0xfa5cf7a0, 0x5dda0033, + 0xf28ebfb0, 0xf5b9c310, 0xa0eac280, 0x08b9767a, + 0xa3d9d2b0, 0x79d34217, 0x021a718d, 0x9ac6336a, + 0x2711fd60, 0x438050e3, 0x069908a8, 0x3d7fedc4, + 0x826d2bef, 0x4eeb8476, 0x488dcf25, 0x36c9d566, + 0x28e74e41, 0xc2610aca, 0x3d49a9cf, 0xbae3b9df, + 0xb65f8de6, 0x92aeaf64, 0x3ac7d5e6, 0x9ea80509, + 0xf22b017d, 0xa4173f70, 0xdd1e16c3, 0x15e0d7f9, + 0x50b1b887, 0x2b9f4fd5, 0x625aba82, 0x6a017962, + 0x2ec01b9c, 0x15488aa9, 0xd716e740, 0x40055a2c, + 0x93d29a22, 0xe32dbf9a, 0x058745b9, 0x3453dc1e, + 0xd699296e, 0x496cff6f, 0x1c9f4986, 0xdfe2ed07, + 0xb87242d1, 0x19de7eae, 0x053e561a, 0x15ad6f8c, + 0x66626c1c, 0x7154c24c, 0xea082b2a, 0x93eb2939, + 0x17dcb0f0, 0x58d4f2ae, 0x9ea294fb, 0x52cf564c, + 0x9883fe66, 0x2ec40581, 0x763953c3, 0x01d6692e, + 0xd3a0c108, 0xa1e7160e, 0xe4f2dfa6, 0x693ed285, + 0x74904698, 0x4c2b0edd, 0x4f757656, 0x5d393378, + 0xa132234f, 0x3d321c5d, 0xc3f5e194, 0x4b269301, + 0xc79f022f, 0x3c997e7e, 0x5e4f9504, 0x3ffafbbd, + 0x76f7ad0e, 0x296693f4, 0x3d1fce6f, 0xc61e45be, + 0xd3b5ab34, 0xf72bf9b7, 0x1b0434c0, 0x4e72b567, + 0x5592a33d, 0xb5229301, 0xcfd2a87f, 0x60aeb767, + 0x1814386b, 0x30bcc33d, 0x38a0c07d, 0xfd1606f2, + 0xc363519b, 0x589dd390, 0x5479f8e6, 0x1cb8d647, + 0x97fd61a9, 0xea7759f4, 0x2d57539d, 0x569a58cf, + 0xe84e63ad, 0x462e1b78, 0x6580f87e, 0xf3817914, + 0x91da55f4, 0x40a230f3, 0xd1988f35, 0xb6e318d2, + 0x3ffa50bc, 0x3d40f021, 0xc3c0bdae, 0x4958c24c, + 0x518f36b2, 0x84b1d370, 0x0fedce83, 0x878ddada, + 0xf2a279c7, 0x94e01be8, 0x90716f4b, 0x954b8aa3 }, + + { 0xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095, + 0x7789f8b7, 0xe6c1121b, 0x0e241600, 0x052ce8b5, + 0x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174, + 0x2a42931c, 0x76e38111, 0xb12def3a, 0x37ddddfc, + 0xde9adeb1, 0x0a0cc32c, 0xbe197029, 0x84a00940, + 0xbb243a0f, 0xb4d137cf, 0xb44e79f0, 0x049eedfd, + 0x0b15a15d, 0x480d3168, 0x8bbbde5a, 0x669ded42, + 0xc7ece831, 0x3f8f95e7, 0x72df191b, 0x7580330d, + 0x94074251, 0x5c7dcdfa, 0xabbe6d63, 0xaa402164, + 0xb301d40a, 0x02e7d1ca, 0x53571dae, 0x7a3182a2, + 0x12a8ddec, 0xfdaa335d, 0x176f43e8, 0x71fb46d4, + 0x38129022, 0xce949ad4, 0xb84769ad, 0x965bd862, + 0x82f3d055, 0x66fb9767, 0x15b80b4e, 0x1d5b47a0, + 0x4cfde06f, 0xc28ec4b8, 0x57e8726e, 0x647a78fc, + 0x99865d44, 0x608bd593, 0x6c200e03, 0x39dc5ff6, + 0x5d0b00a3, 0xae63aff2, 0x7e8bd632, 0x70108c0c, + 0xbbd35049, 0x2998df04, 0x980cf42a, 0x9b6df491, + 0x9e7edd53, 0x06918548, 0x58cb7e07, 0x3b74ef2e, + 0x522fffb1, 0xd24708cc, 0x1c7e27cd, 0xa4eb215b, + 0x3cf1d2e2, 0x19b47a38, 0x424f7618, 0x35856039, + 0x9d17dee7, 0x27eb35e6, 0xc9aff67b, 0x36baf5b8, + 0x09c467cd, 0xc18910b1, 0xe11dbf7b, 0x06cd1af8, + 0x7170c608, 0x2d5e3354, 0xd4de495a, 0x64c6d006, + 0xbcc0c62c, 0x3dd00db3, 0x708f8f34, 0x77d51b42, + 0x264f620f, 0x24b8d2bf, 0x15c1b79e, 0x46a52564, + 0xf8d7e54e, 0x3e378160, 0x7895cda5, 0x859c15a5, + 0xe6459788, 0xc37bc75f, 0xdb07ba0c, 0x0676a3ab, + 0x7f229b1e, 0x31842e7b, 0x24259fd7, 0xf8bef472, + 0x835ffcb8, 0x6df4c1f2, 0x96f5b195, 0xfd0af0fc, + 0xb0fe134c, 0xe2506d3d, 0x4f9b12ea, 0xf215f225, + 0xa223736f, 0x9fb4c428, 0x25d04979, 0x34c713f8, + 0xc4618187, 0xea7a6e98, 0x7cd16efc, 0x1436876c, + 0xf1544107, 0xbedeee14, 0x56e9af27, 0xa04aa441, + 0x3cf7c899, 0x92ecbae6, 0xdd67016d, 0x151682eb, + 0xa842eedf, 0xfdba60b4, 0xf1907b75, 0x20e3030f, + 0x24d8c29e, 0xe139673b, 0xefa63fb8, 0x71873054, + 0xb6f2cf3b, 0x9f326442, 0xcb15a4cc, 0xb01a4504, + 0xf1e47d8d, 0x844a1be5, 0xbae7dfdc, 0x42cbda70, + 0xcd7dae0a, 0x57e85b7a, 0xd53f5af6, 0x20cf4d8c, + 0xcea4d428, 0x79d130a4, 0x3486ebfb, 0x33d3cddc, + 0x77853b53, 0x37effcb5, 0xc5068778, 0xe580b3e6, + 0x4e68b8f4, 0xc5c8b37e, 0x0d809ea2, 0x398feb7c, + 0x132a4f94, 0x43b7950e, 0x2fee7d1c, 0x223613bd, + 0xdd06caa2, 0x37df932b, 0xc4248289, 0xacf3ebc3, + 0x5715f6b7, 0xef3478dd, 0xf267616f, 0xc148cbe4, + 0x9052815e, 0x5e410fab, 0xb48a2465, 0x2eda7fa4, + 0xe87b40e4, 0xe98ea084, 0x5889e9e1, 0xefd390fc, + 0xdd07d35b, 0xdb485694, 0x38d7e5b2, 0x57720101, + 0x730edebc, 0x5b643113, 0x94917e4f, 0x503c2fba, + 0x646f1282, 0x7523d24a, 0xe0779695, 0xf9c17a8f, + 0x7a5b2121, 0xd187b896, 0x29263a4d, 0xba510cdf, + 0x81f47c9f, 0xad1163ed, 0xea7b5965, 0x1a00726e, + 0x11403092, 0x00da6d77, 0x4a0cdd61, 0xad1f4603, + 0x605bdfb0, 0x9eedc364, 0x22ebe6a8, 0xcee7d28a, + 0xa0e736a0, 0x5564a6b9, 0x10853209, 0xc7eb8f37, + 0x2de705ca, 0x8951570f, 0xdf09822b, 0xbd691a6c, + 0xaa12e4f2, 0x87451c0f, 0xe0f6a27a, 0x3ada4819, + 0x4cf1764f, 0x0d771c2b, 0x67cdb156, 0x350d8384, + 0x5938fa0f, 0x42399ef3, 0x36997b07, 0x0e84093d, + 0x4aa93e61, 0x8360d87b, 0x1fa98b0c, 0x1149382c, + 0xe97625a5, 0x0614d1b7, 0x0e25244b, 0x0c768347, + 0x589e8d82, 0x0d2059d1, 0xa466bb1e, 0xf8da0a82, + 0x04f19130, 0xba6e4ec0, 0x99265164, 0x1ee7230d, + 0x50b2ad80, 0xeaee6801, 0x8db2a283, 0xea8bf59e }}; + +#define rotl(n,x) ( ((x) << (n)) | ((x) >> (32-(n))) ) + +#define F1(D,m,r) ( (I = ((m) + (D))), (I = rotl((r),I)), \ + (((sbox[0][I >> 24] ^ sbox[1][(I>>16) & 0xff]) - \ + sbox[2][(I >> 8) & 0xff]) + sbox[3][I & 0xff]) ) + +#define F2(D,m,r) ( (I = ((m) ^ (D))), (I = rotl((r),I)), \ + (((sbox[0][I >> 24] - sbox[1][(I>>16) & 0xff]) + \ + sbox[2][(I >> 8) & 0xff]) ^ sbox[3][I & 0xff]) ) + +#define F3(D,m,r) ( (I = ((m) - (D))), (I = rotl((r),I)), \ + (((sbox[0][I >> 24] + sbox[1][(I>>16) & 0xff]) ^ \ + sbox[2][(I >> 8) & 0xff]) - sbox[3][I & 0xff]) ) + +static int cast5_encrypt(struct cipher_context *cx, + const u8 *in, u8 *out, int size, int atomic) +{ + CAST5_context *ctx = (CAST5_context *)cx->keyinfo; + + u8 *Kr; + u32 *Km, I; + u32 l, r, t; + + Km = ctx->Km; + Kr = ctx->Kr; + + /* (L0,R0) <-- (m1...m64) (Split the plaintext into left and + * right 32-bit halves L0 = m1...m32 and R0 = m33...m64.) + */ + l = in[0] << 24 | in[1] << 16 | in[2] << 8 | in[3]; + r = in[4] << 24 | in[5] << 16 | in[6] << 8 | in[7]; + + /* (16 rounds) for i from 1 to 16, compute Li and Ri as follows: + * Li = Ri-1; + * Ri = Li-1 ^ f(Ri-1,Kmi,Kri), where f is defined in Section 2.2 + * Rounds 1, 4, 7, 10, 13, and 16 use f function Type 1. + * Rounds 2, 5, 8, 11, and 14 use f function Type 2. + * Rounds 3, 6, 9, 12, and 15 use f function Type 3. + */ + t = l; l = r; r = t ^ F1(r, Km[ 0], Kr[ 0]); + t = l; l = r; r = t ^ F2(r, Km[ 1], Kr[ 1]); + t = l; l = r; r = t ^ F3(r, Km[ 2], Kr[ 2]); + t = l; l = r; r = t ^ F1(r, Km[ 3], Kr[ 3]); + t = l; l = r; r = t ^ F2(r, Km[ 4], Kr[ 4]); + t = l; l = r; r = t ^ F3(r, Km[ 5], Kr[ 5]); + t = l; l = r; r = t ^ F1(r, Km[ 6], Kr[ 6]); + t = l; l = r; r = t ^ F2(r, Km[ 7], Kr[ 7]); + t = l; l = r; r = t ^ F3(r, Km[ 8], Kr[ 8]); + t = l; l = r; r = t ^ F1(r, Km[ 9], Kr[ 9]); + t = l; l = r; r = t ^ F2(r, Km[10], Kr[10]); + t = l; l = r; r = t ^ F3(r, Km[11], Kr[11]); + if (cx->key_length > 10) { /* 16 rounds if key length > 80 bits */ + t = l; l = r; r = t ^ F1(r, Km[12], Kr[12]); + t = l; l = r; r = t ^ F2(r, Km[13], Kr[13]); + t = l; l = r; r = t ^ F3(r, Km[14], Kr[14]); + t = l; l = r; r = t ^ F1(r, Km[15], Kr[15]); + } + + /* c1...c64 <-- (R16,L16) (Exchange final blocks L16, R16 and + * concatenate to form the ciphertext.) */ + out[0] = (r >> 24) & 0xff; + out[1] = (r >> 16) & 0xff; + out[2] = (r >> 8) & 0xff; + out[3] = r & 0xff; + out[4] = (l >> 24) & 0xff; + out[5] = (l >> 16) & 0xff; + out[6] = (l >> 8) & 0xff; + out[7] = l & 0xff; + + return 0; +} + +static int cast5_decrypt(struct cipher_context *cx, + const u8 *in, u8 *out, int size, int atomic) +{ + CAST5_context *ctx = (CAST5_context *)cx->keyinfo; + + u8 *Kr; + u32 *Km, I; + u32 l, r, t; + + Km = ctx->Km; + Kr = ctx->Kr; + + l = in[0] << 24 | in[1] << 16 | in[2] << 8 | in[3]; + r = in[4] << 24 | in[5] << 16 | in[6] << 8 | in[7]; + + if (cx->key_length > 10) { /* 16 rounds if key length > 80 */ + t = l; l = r; r = t ^ F1(r, Km[15], Kr[15]); + t = l; l = r; r = t ^ F3(r, Km[14], Kr[14]); + t = l; l = r; r = t ^ F2(r, Km[13], Kr[13]); + t = l; l = r; r = t ^ F1(r, Km[12], Kr[12]); + } + t = l; l = r; r = t ^ F3(r, Km[11], Kr[11]); + t = l; l = r; r = t ^ F2(r, Km[10], Kr[10]); + t = l; l = r; r = t ^ F1(r, Km[ 9], Kr[ 9]); + t = l; l = r; r = t ^ F3(r, Km[ 8], Kr[ 8]); + t = l; l = r; r = t ^ F2(r, Km[ 7], Kr[ 7]); + t = l; l = r; r = t ^ F1(r, Km[ 6], Kr[ 6]); + t = l; l = r; r = t ^ F3(r, Km[ 5], Kr[ 5]); + t = l; l = r; r = t ^ F2(r, Km[ 4], Kr[ 4]); + t = l; l = r; r = t ^ F1(r, Km[ 3], Kr[ 3]); + t = l; l = r; r = t ^ F3(r, Km[ 2], Kr[ 2]); + t = l; l = r; r = t ^ F2(r, Km[ 1], Kr[ 1]); + t = l; l = r; r = t ^ F1(r, Km[ 0], Kr[ 0]); + + out[0] = (r >> 24) & 0xff; + out[1] = (r >> 16) & 0xff; + out[2] = (r >> 8) & 0xff; + out[3] = r & 0xff; + out[4] = (l >> 24) & 0xff; + out[5] = (l >> 16) & 0xff; + out[6] = (l >> 8) & 0xff; + out[7] = l & 0xff; + + return 0; +} + +#define xi(i) ( (x[(i)/4] >> (8*(3-((i)%4)))) & 0xff ) +#define zi(i) ( (z[(i)/4] >> (8*(3-((i)%4)))) & 0xff ) +static void cast5_key_schedule( u32 *x, u32 *z, u32 *k ) +{ + z[0] = x[0] ^ sbox[4][xi(13)] ^ sbox[5][xi(15)] ^ \ + sbox[6][xi(12)] ^ sbox[7][xi(14)] ^ sbox[6][xi( 8)]; + z[1] = x[2] ^ sbox[4][zi( 0)] ^ sbox[5][zi( 2)] ^ \ + sbox[6][zi( 1)] ^ sbox[7][zi( 3)] ^ sbox[7][xi(10)]; + z[2] = x[3] ^ sbox[4][zi( 7)] ^ sbox[5][zi( 6)] ^ \ + sbox[6][zi( 5)] ^ sbox[7][zi( 4)] ^ sbox[4][xi( 9)]; + z[3] = x[1] ^ sbox[4][zi(10)] ^ sbox[5][zi( 9)] ^ \ + sbox[6][zi(11)] ^ sbox[7][zi( 8)] ^ sbox[5][xi(11)]; + k[0] = sbox[4][zi( 8)] ^ sbox[5][zi( 9)] ^ sbox[6][zi( 7)] ^ \ + sbox[7][zi( 6)] ^ sbox[4][zi( 2)]; + k[1] = sbox[4][zi(10)] ^ sbox[5][zi(11)] ^ sbox[6][zi( 5)] ^ \ + sbox[7][zi( 4)] ^ sbox[5][zi( 6)]; + k[2] = sbox[4][zi(12)] ^ sbox[5][zi(13)] ^ sbox[6][zi( 3)] ^ \ + sbox[7][zi( 2)] ^ sbox[6][zi( 9)]; + k[3] = sbox[4][zi(14)] ^ sbox[5][zi(15)] ^ sbox[6][zi( 1)] ^ \ + sbox[7][zi( 0)] ^ sbox[7][zi(12)]; + + x[0] = z[2] ^ sbox[4][zi( 5)] ^ sbox[5][zi( 7)] ^ \ + sbox[6][zi( 4)] ^ sbox[7][zi( 6)] ^ sbox[6][zi( 0)]; + x[1] = z[0] ^ sbox[4][xi( 0)] ^ sbox[5][xi( 2)] ^ \ + sbox[6][xi( 1)] ^ sbox[7][xi( 3)] ^ sbox[7][zi( 2)]; + x[2] = z[1] ^ sbox[4][xi( 7)] ^ sbox[5][xi( 6)] ^ \ + sbox[6][xi( 5)] ^ sbox[7][xi( 4)] ^ sbox[4][zi( 1)]; + x[3] = z[3] ^ sbox[4][xi(10)] ^ sbox[5][xi( 9)] ^ \ + sbox[6][xi(11)] ^ sbox[7][xi( 8)] ^ sbox[5][zi( 3)]; + k[4] = sbox[4][xi( 3)] ^ sbox[5][xi( 2)] ^ sbox[6][xi(12)] ^ \ + sbox[7][xi(13)] ^ sbox[4][xi( 8)]; + k[5] = sbox[4][xi( 1)] ^ sbox[5][xi( 0)] ^ sbox[6][xi(14)] ^ \ + sbox[7][xi(15)] ^ sbox[5][xi(13)]; + k[6] = sbox[4][xi( 7)] ^ sbox[5][xi( 6)] ^ sbox[6][xi( 8)] ^ \ + sbox[7][xi( 9)] ^ sbox[6][xi( 3)]; + k[7] = sbox[4][xi( 5)] ^ sbox[5][xi( 4)] ^ sbox[6][xi(10)] ^ \ + sbox[7][xi(11)] ^ sbox[7][xi( 7)]; + + z[0] = x[0] ^ sbox[4][xi(13)] ^ sbox[5][xi(15)] ^ \ + sbox[6][xi(12)] ^ sbox[7][xi(14)] ^ sbox[6][xi( 8)]; + z[1] = x[2] ^ sbox[4][zi( 0)] ^ sbox[5][zi( 2)] ^ \ + sbox[6][zi( 1)] ^ sbox[7][zi( 3)] ^ sbox[7][xi(10)]; + z[2] = x[3] ^ sbox[4][zi( 7)] ^ sbox[5][zi( 6)] ^ \ + sbox[6][zi( 5)] ^ sbox[7][zi( 4)] ^ sbox[4][xi( 9)]; + z[3] = x[1] ^ sbox[4][zi(10)] ^ sbox[5][zi( 9)] ^ \ + sbox[6][zi(11)] ^ sbox[7][zi( 8)] ^ sbox[5][xi(11)]; + k[8] = sbox[4][zi( 3)] ^ sbox[5][zi( 2)] ^ sbox[6][zi(12)] ^ \ + sbox[7][zi(13)] ^ sbox[4][zi( 9)]; + k[9] = sbox[4][zi( 1)] ^ sbox[5][zi( 0)] ^ sbox[6][zi(14)] ^ \ + sbox[7][zi(15)] ^ sbox[5][zi(12)]; + k[10]= sbox[4][zi( 7)] ^ sbox[5][zi( 6)] ^ sbox[6][zi( 8)] ^ \ + sbox[7][zi( 9)] ^ sbox[6][zi( 2)]; + k[11]= sbox[4][zi( 5)] ^ sbox[5][zi( 4)] ^ sbox[6][zi(10)] ^ \ + sbox[7][zi(11)] ^ sbox[7][zi( 6)]; + + x[0] = z[2] ^ sbox[4][zi( 5)] ^ sbox[5][zi( 7)] ^ \ + sbox[6][zi( 4)] ^ sbox[7][zi( 6)] ^ sbox[6][zi( 0)]; + x[1] = z[0] ^ sbox[4][xi( 0)] ^ sbox[5][xi( 2)] ^ \ + sbox[6][xi( 1)] ^ sbox[7][xi( 3)] ^ sbox[7][zi( 2)]; + x[2] = z[1] ^ sbox[4][xi( 7)] ^ sbox[5][xi( 6)] ^ \ + sbox[6][xi( 5)] ^ sbox[7][xi( 4)] ^ sbox[4][zi( 1)]; + x[3] = z[3] ^ sbox[4][xi(10)] ^ sbox[5][xi( 9)] ^ \ + sbox[6][xi(11)] ^ sbox[7][xi( 8)] ^ sbox[5][zi( 3)]; + k[12]= sbox[4][xi( 8)] ^ sbox[5][xi( 9)] ^ sbox[6][xi( 7)] ^ \ + sbox[7][xi( 6)] ^ sbox[4][xi( 3)]; + k[13]= sbox[4][xi(10)] ^ sbox[5][xi(11)] ^ sbox[6][xi( 5)] ^ \ + sbox[7][xi( 4)] ^ sbox[5][xi( 7)]; + k[14]= sbox[4][xi(12)] ^ sbox[5][xi(13)] ^ sbox[6][xi( 3)] ^ \ + sbox[7][xi( 2)] ^ sbox[6][xi( 8)]; + k[15]= sbox[4][xi(14)] ^ sbox[5][xi(15)] ^ sbox[6][xi( 1)] ^ \ + sbox[7][xi( 0)] ^ sbox[7][xi(13)]; +} +#undef xi +#undef zi + +static int cast5_set_key(struct cipher_context *cx, + const u8 *key, int key_len, int atomic) +{ + CAST5_context *ctx = (CAST5_context *)cx->keyinfo; + + u32 i, x[4], z[4], k[16]; + + if((key_len != 16) && (key_len != 10) && (key_len != 5)) + return 1; + + x[0] = key[0] << 24 | key[1] << 16 | key[2] << 8 | key[3]; + x[1] = key[4] << 24 | key[5] << 16 | key[6] << 8 | key[7]; + x[2] = key[8] << 24 | key[9] << 16 | key[10] << 8 | key[11]; + x[3] = key[12] << 24 | key[13] << 16 | key[14] << 8 | key[15]; + + cast5_key_schedule(x, z, k); + for(i = 0; i < 16; i++) + ctx->Km[i] = k[i]; + cast5_key_schedule(x, z, k); + for(i = 0; i < 16; i++) + ctx->Kr[i] = k[i] & 0x1f; + + return 0; +} + +#define CIPHER_ID cast5 +#define CIPHER_BLOCKSIZE 64 +#define CIPHER_KEY_SIZE_MASK CIPHER_KEYSIZE_40 | CIPHER_KEYSIZE_80 | \ + CIPHER_KEYSIZE_64 | CIPHER_KEYSIZE_128 +#define CIPHER_KEY_SCHEDULE_SIZE sizeof(CAST5_context) + +#include "gen-cipher.h" + +EXPORT_NO_SYMBOLS; + +/* eof */ diff -Nur linux-2.4.18/crypto/ciphers/cipher-des.c linux-int-2.4.18/crypto/ciphers/cipher-des.c --- linux-2.4.18/crypto/ciphers/cipher-des.c Thu Jan 1 01:00:00 1970 +++ linux-int-2.4.18/crypto/ciphers/cipher-des.c Wed Apr 3 17:28:57 2002 @@ -0,0 +1,1191 @@ +/* + * Sourcecode created by descore. Descore is under GPL and from + * Dana L. How . + * + * Modified by Raimar Falke for the Linux-Kernel. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Library General Public License + * as published by the Free Software Foundation; either version 2 of + * the License, or (at your option) any later version. + */ + +#include +#include +#include +#include +#include +#include +#include + +#ifdef MODULE_LICENSE +MODULE_LICENSE("GPL"); +#endif + +typedef u8 DesData[8]; +typedef u32 DesKeys[32]; + +const static u32 des_keymap[] = { + 0x02080008, 0x02082000, 0x00002008, 0x00000000, + 0x02002000, 0x00080008, 0x02080000, 0x02082008, + 0x00000008, 0x02000000, 0x00082000, 0x00002008, + 0x00082008, 0x02002008, 0x02000008, 0x02080000, + 0x00002000, 0x00082008, 0x00080008, 0x02002000, + 0x02082008, 0x02000008, 0x00000000, 0x00082000, + 0x02000000, 0x00080000, 0x02002008, 0x02080008, + 0x00080000, 0x00002000, 0x02082000, 0x00000008, + 0x00080000, 0x00002000, 0x02000008, 0x02082008, + 0x00002008, 0x02000000, 0x00000000, 0x00082000, + 0x02080008, 0x02002008, 0x02002000, 0x00080008, + 0x02082000, 0x00000008, 0x00080008, 0x02002000, + 0x02082008, 0x00080000, 0x02080000, 0x02000008, + 0x00082000, 0x00002008, 0x02002008, 0x02080000, + 0x00000008, 0x02082000, 0x00082008, 0x00000000, + 0x02000000, 0x02080008, 0x00002000, 0x00082008, + + 0x08000004, 0x00020004, 0x00000000, 0x08020200, + 0x00020004, 0x00000200, 0x08000204, 0x00020000, + 0x00000204, 0x08020204, 0x00020200, 0x08000000, + 0x08000200, 0x08000004, 0x08020000, 0x00020204, + 0x00020000, 0x08000204, 0x08020004, 0x00000000, + 0x00000200, 0x00000004, 0x08020200, 0x08020004, + 0x08020204, 0x08020000, 0x08000000, 0x00000204, + 0x00000004, 0x00020200, 0x00020204, 0x08000200, + 0x00000204, 0x08000000, 0x08000200, 0x00020204, + 0x08020200, 0x00020004, 0x00000000, 0x08000200, + 0x08000000, 0x00000200, 0x08020004, 0x00020000, + 0x00020004, 0x08020204, 0x00020200, 0x00000004, + 0x08020204, 0x00020200, 0x00020000, 0x08000204, + 0x08000004, 0x08020000, 0x00020204, 0x00000000, + 0x00000200, 0x08000004, 0x08000204, 0x08020200, + 0x08020000, 0x00000204, 0x00000004, 0x08020004, + + 0x80040100, 0x01000100, 0x80000000, 0x81040100, + 0x00000000, 0x01040000, 0x81000100, 0x80040000, + 0x01040100, 0x81000000, 0x01000000, 0x80000100, + 0x81000000, 0x80040100, 0x00040000, 0x01000000, + 0x81040000, 0x00040100, 0x00000100, 0x80000000, + 0x00040100, 0x81000100, 0x01040000, 0x00000100, + 0x80000100, 0x00000000, 0x80040000, 0x01040100, + 0x01000100, 0x81040000, 0x81040100, 0x00040000, + 0x81040000, 0x80000100, 0x00040000, 0x81000000, + 0x00040100, 0x01000100, 0x80000000, 0x01040000, + 0x81000100, 0x00000000, 0x00000100, 0x80040000, + 0x00000000, 0x81040000, 0x01040100, 0x00000100, + 0x01000000, 0x81040100, 0x80040100, 0x00040000, + 0x81040100, 0x80000000, 0x01000100, 0x80040100, + 0x80040000, 0x00040100, 0x01040000, 0x81000100, + 0x80000100, 0x01000000, 0x81000000, 0x01040100, + + 0x04010801, 0x00000000, 0x00010800, 0x04010000, + 0x04000001, 0x00000801, 0x04000800, 0x00010800, + 0x00000800, 0x04010001, 0x00000001, 0x04000800, + 0x00010001, 0x04010800, 0x04010000, 0x00000001, + 0x00010000, 0x04000801, 0x04010001, 0x00000800, + 0x00010801, 0x04000000, 0x00000000, 0x00010001, + 0x04000801, 0x00010801, 0x04010800, 0x04000001, + 0x04000000, 0x00010000, 0x00000801, 0x04010801, + 0x00010001, 0x04010800, 0x04000800, 0x00010801, + 0x04010801, 0x00010001, 0x04000001, 0x00000000, + 0x04000000, 0x00000801, 0x00010000, 0x04010001, + 0x00000800, 0x04000000, 0x00010801, 0x04000801, + 0x04010800, 0x00000800, 0x00000000, 0x04000001, + 0x00000001, 0x04010801, 0x00010800, 0x04010000, + 0x04010001, 0x00010000, 0x00000801, 0x04000800, + 0x04000801, 0x00000001, 0x04010000, 0x00010800, + + 0x00000400, 0x00000020, 0x00100020, 0x40100000, + 0x40100420, 0x40000400, 0x00000420, 0x00000000, + 0x00100000, 0x40100020, 0x40000020, 0x00100400, + 0x40000000, 0x00100420, 0x00100400, 0x40000020, + 0x40100020, 0x00000400, 0x40000400, 0x40100420, + 0x00000000, 0x00100020, 0x40100000, 0x00000420, + 0x40100400, 0x40000420, 0x00100420, 0x40000000, + 0x40000420, 0x40100400, 0x00000020, 0x00100000, + 0x40000420, 0x00100400, 0x40100400, 0x40000020, + 0x00000400, 0x00000020, 0x00100000, 0x40100400, + 0x40100020, 0x40000420, 0x00000420, 0x00000000, + 0x00000020, 0x40100000, 0x40000000, 0x00100020, + 0x00000000, 0x40100020, 0x00100020, 0x00000420, + 0x40000020, 0x00000400, 0x40100420, 0x00100000, + 0x00100420, 0x40000000, 0x40000400, 0x40100420, + 0x40100000, 0x00100420, 0x00100400, 0x40000400, + + 0x00800000, 0x00001000, 0x00000040, 0x00801042, + 0x00801002, 0x00800040, 0x00001042, 0x00801000, + 0x00001000, 0x00000002, 0x00800002, 0x00001040, + 0x00800042, 0x00801002, 0x00801040, 0x00000000, + 0x00001040, 0x00800000, 0x00001002, 0x00000042, + 0x00800040, 0x00001042, 0x00000000, 0x00800002, + 0x00000002, 0x00800042, 0x00801042, 0x00001002, + 0x00801000, 0x00000040, 0x00000042, 0x00801040, + 0x00801040, 0x00800042, 0x00001002, 0x00801000, + 0x00001000, 0x00000002, 0x00800002, 0x00800040, + 0x00800000, 0x00001040, 0x00801042, 0x00000000, + 0x00001042, 0x00800000, 0x00000040, 0x00001002, + 0x00800042, 0x00000040, 0x00000000, 0x00801042, + 0x00801002, 0x00801040, 0x00000042, 0x00001000, + 0x00001040, 0x00801002, 0x00800040, 0x00000042, + 0x00000002, 0x00001042, 0x00801000, 0x00800002, + + 0x10400000, 0x00404010, 0x00000010, 0x10400010, + 0x10004000, 0x00400000, 0x10400010, 0x00004010, + 0x00400010, 0x00004000, 0x00404000, 0x10000000, + 0x10404010, 0x10000010, 0x10000000, 0x10404000, + 0x00000000, 0x10004000, 0x00404010, 0x00000010, + 0x10000010, 0x10404010, 0x00004000, 0x10400000, + 0x10404000, 0x00400010, 0x10004010, 0x00404000, + 0x00004010, 0x00000000, 0x00400000, 0x10004010, + 0x00404010, 0x00000010, 0x10000000, 0x00004000, + 0x10000010, 0x10004000, 0x00404000, 0x10400010, + 0x00000000, 0x00404010, 0x00004010, 0x10404000, + 0x10004000, 0x00400000, 0x10404010, 0x10000000, + 0x10004010, 0x10400000, 0x00400000, 0x10404010, + 0x00004000, 0x00400010, 0x10400010, 0x00004010, + 0x00400010, 0x00000000, 0x10404000, 0x10000010, + 0x10400000, 0x10004010, 0x00000010, 0x00404000, + + 0x00208080, 0x00008000, 0x20200000, 0x20208080, + 0x00200000, 0x20008080, 0x20008000, 0x20200000, + 0x20008080, 0x00208080, 0x00208000, 0x20000080, + 0x20200080, 0x00200000, 0x00000000, 0x20008000, + 0x00008000, 0x20000000, 0x00200080, 0x00008080, + 0x20208080, 0x00208000, 0x20000080, 0x00200080, + 0x20000000, 0x00000080, 0x00008080, 0x20208000, + 0x00000080, 0x20200080, 0x20208000, 0x00000000, + 0x00000000, 0x20208080, 0x00200080, 0x20008000, + 0x00208080, 0x00008000, 0x20000080, 0x00200080, + 0x20208000, 0x00000080, 0x00008080, 0x20200000, + 0x20008080, 0x20000000, 0x20200000, 0x00208000, + 0x20208080, 0x00008080, 0x00208000, 0x20200080, + 0x00200000, 0x20000080, 0x20008000, 0x00000000, + 0x00008000, 0x00200000, 0x20200080, 0x00208080, + 0x20000000, 0x20208000, 0x00000080, 0x20008080, +}; + +const static u8 rotors[] = { + 34, 13, 5, 46, 47, 18, 32, 41, 11, 53, 33, 20, + 14, 36, 30, 24, 49, 2, 15, 37, 42, 50, 0, 21, + 38, 48, 6, 26, 39, 4, 52, 25, 12, 27, 31, 40, + 1, 17, 28, 29, 23, 51, 35, 7, 3, 22, 9, 43, + + 41, 20, 12, 53, 54, 25, 39, 48, 18, 31, 40, 27, + 21, 43, 37, 0, 1, 9, 22, 44, 49, 2, 7, 28, + 45, 55, 13, 33, 46, 11, 6, 32, 19, 34, 38, 47, + 8, 24, 35, 36, 30, 3, 42, 14, 10, 29, 16, 50, + + 55, 34, 26, 38, 11, 39, 53, 5, 32, 45, 54, 41, + 35, 2, 51, 14, 15, 23, 36, 3, 8, 16, 21, 42, + 6, 12, 27, 47, 31, 25, 20, 46, 33, 48, 52, 4, + 22, 7, 49, 50, 44, 17, 1, 28, 24, 43, 30, 9, + + 12, 48, 40, 52, 25, 53, 38, 19, 46, 6, 11, 55, + 49, 16, 10, 28, 29, 37, 50, 17, 22, 30, 35, 1, + 20, 26, 41, 4, 45, 39, 34, 31, 47, 5, 13, 18, + 36, 21, 8, 9, 3, 0, 15, 42, 7, 2, 44, 23, + + 26, 5, 54, 13, 39, 38, 52, 33, 31, 20, 25, 12, + 8, 30, 24, 42, 43, 51, 9, 0, 36, 44, 49, 15, + 34, 40, 55, 18, 6, 53, 48, 45, 4, 19, 27, 32, + 50, 35, 22, 23, 17, 14, 29, 1, 21, 16, 3, 37, + + 40, 19, 11, 27, 53, 52, 13, 47, 45, 34, 39, 26, + 22, 44, 7, 1, 2, 10, 23, 14, 50, 3, 8, 29, + 48, 54, 12, 32, 20, 38, 5, 6, 18, 33, 41, 46, + 9, 49, 36, 37, 0, 28, 43, 15, 35, 30, 17, 51, + + 54, 33, 25, 41, 38, 13, 27, 4, 6, 48, 53, 40, + 36, 3, 21, 15, 16, 24, 37, 28, 9, 17, 22, 43, + 5, 11, 26, 46, 34, 52, 19, 20, 32, 47, 55, 31, + 23, 8, 50, 51, 14, 42, 2, 29, 49, 44, 0, 10, + + 11, 47, 39, 55, 52, 27, 41, 18, 20, 5, 38, 54, + 50, 17, 35, 29, 30, 7, 51, 42, 23, 0, 36, 2, + 19, 25, 40, 31, 48, 13, 33, 34, 46, 4, 12, 45, + 37, 22, 9, 10, 28, 1, 16, 43, 8, 3, 14, 24, + + 18, 54, 46, 5, 6, 34, 48, 25, 27, 12, 45, 4, + 2, 24, 42, 36, 37, 14, 3, 49, 30, 7, 43, 9, + 26, 32, 47, 38, 55, 20, 40, 41, 53, 11, 19, 52, + 44, 29, 16, 17, 35, 8, 23, 50, 15, 10, 21, 0, + + 32, 11, 31, 19, 20, 48, 5, 39, 41, 26, 6, 18, + 16, 7, 1, 50, 51, 28, 17, 8, 44, 21, 2, 23, + 40, 46, 4, 52, 12, 34, 54, 55, 38, 25, 33, 13, + 3, 43, 30, 0, 49, 22, 37, 9, 29, 24, 35, 14, + + 46, 25, 45, 33, 34, 5, 19, 53, 55, 40, 20, 32, + 30, 21, 15, 9, 10, 42, 0, 22, 3, 35, 16, 37, + 54, 31, 18, 13, 26, 48, 11, 12, 52, 39, 47, 27, + 17, 2, 44, 14, 8, 36, 51, 23, 43, 7, 49, 28, + + 31, 39, 6, 47, 48, 19, 33, 38, 12, 54, 34, 46, + 44, 35, 29, 23, 24, 1, 14, 36, 17, 49, 30, 51, + 11, 45, 32, 27, 40, 5, 25, 26, 13, 53, 4, 41, + 0, 16, 3, 28, 22, 50, 10, 37, 2, 21, 8, 42, + + 45, 53, 20, 4, 5, 33, 47, 52, 26, 11, 48, 31, + 3, 49, 43, 37, 7, 15, 28, 50, 0, 8, 44, 10, + 25, 6, 46, 41, 54, 19, 39, 40, 27, 38, 18, 55, + 14, 30, 17, 42, 36, 9, 24, 51, 16, 35, 22, 1, + + 6, 38, 34, 18, 19, 47, 4, 13, 40, 25, 5, 45, + 17, 8, 2, 51, 21, 29, 42, 9, 14, 22, 3, 24, + 39, 20, 31, 55, 11, 33, 53, 54, 41, 52, 32, 12, + 28, 44, 0, 1, 50, 23, 7, 10, 30, 49, 36, 15, + + 20, 52, 48, 32, 33, 4, 18, 27, 54, 39, 19, 6, + 0, 22, 16, 10, 35, 43, 1, 23, 28, 36, 17, 7, + 53, 34, 45, 12, 25, 47, 38, 11, 55, 13, 46, 26, + 42, 3, 14, 15, 9, 37, 21, 24, 44, 8, 50, 29, + + 27, 6, 55, 39, 40, 11, 25, 34, 4, 46, 26, 13, + 7, 29, 23, 17, 42, 50, 8, 30, 35, 43, 24, 14, + 31, 41, 52, 19, 32, 54, 45, 18, 5, 20, 53, 33, + 49, 10, 21, 22, 16, 44, 28, 0, 51, 15, 2, 36, +}; + +const static u8 parity[] = { +8,1,0,8,0,8,8,0,0,8,8,0,8,0,2,8,0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,3, +0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8, +0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8, +8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8,0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0, +0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8, +8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8,0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0, +8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8,0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0, +4,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,8,5,0,8,0,8,8,0,0,8,8,0,8,0,6,8, +}; + +/* set up the method list from the key */ + +static int des_set_key(struct cipher_context *cx, + const u8 *key, int key_len, int atomic) +{ + register u32 n, w; + register u8 *b0, *b1; + u8 bits0[56], bits1[56]; + u32 *method; + + if (key_len != 8) + return -EINVAL; /* unsupported key length */ + + method = (u32 *) cx->keyinfo; + + /* check for bad parity and weak keys */ + n = parity[key[0]]; n <<= 4; + n |= parity[key[1]]; n <<= 4; + n |= parity[key[2]]; n <<= 4; + n |= parity[key[3]]; n <<= 4; + n |= parity[key[4]]; n <<= 4; + n |= parity[key[5]]; n <<= 4; + n |= parity[key[6]]; n <<= 4; + n |= parity[key[7]]; + w = 0X88888888L; + /* report bad parity in key */ + if ( n & w ) + return -1; + /* report a weak or semi-weak key */ + if ( !((n - (w >> 3)) & w) ) { /* 1 in 10^10 keys passes this test */ + if ( n < 0X41415151 ) { + if ( n < 0X31312121 ) { + if ( n < 0X14141515 ) { + /* 01 01 01 01 01 01 01 01 */ + if ( n == 0X11111111 ) return -2; + /* 01 1F 01 1F 01 0E 01 0E */ + if ( n == 0X13131212 ) return -2; + } else { + /* 01 E0 01 E0 01 F1 01 F1 */ + if ( n == 0X14141515 ) return -2; + /* 01 FE 01 FE 01 FE 01 FE */ + if ( n == 0X16161616 ) return -2; + } + } else { + if ( n < 0X34342525 ) { + /* 1F 01 1F 01 0E 01 0E 01 */ + if ( n == 0X31312121 ) return -2; + /* 1F 1F 1F 1F 0E 0E 0E 0E */ /* ? */ + if ( n == 0X33332222 ) return -2; + } else { + /* 1F E0 1F E0 0E F1 0E F1 */ + if ( n == 0X34342525 ) return -2; + /* 1F FE 1F FE 0E FE 0E FE */ + if ( n == 0X36362626 ) return -2; + } + } + } else { + if ( n < 0X61616161 ) { + if ( n < 0X44445555 ) { + /* E0 01 E0 01 F1 01 F1 01 */ + if ( n == 0X41415151 ) return -2; + /* E0 1F E0 1F F1 0E F1 0E */ + if ( n == 0X43435252 ) return -2; + } else { + /* E0 E0 E0 E0 F1 F1 F1 F1 */ /* ? */ + if ( n == 0X44445555 ) return -2; + /* E0 FE E0 FE F1 FE F1 FE */ + if ( n == 0X46465656 ) return -2; + } + } else { + if ( n < 0X64646565 ) { + /* FE 01 FE 01 FE 01 FE 01 */ + if ( n == 0X61616161 ) return -2; + /* FE 1F FE 1F FE 0E FE 0E */ + if ( n == 0X63636262 ) return -2; + } else { + /* FE E0 FE E0 FE F1 FE F1 */ + if ( n == 0X64646565 ) return -2; + /* FE FE FE FE FE FE FE FE */ + if ( n == 0X66666666 ) return -2; + } + } + } + } + + /* explode the bits */ + n = 56; + b0 = bits0; + b1 = bits1; + do { + w = (256 | *key++) << 2; + do { + --n; + b1[n] = 8 & w; + w >>= 1; + b0[n] = 4 & w; + } while ( w >= 16 ); + } while ( n ); + + /* put the bits in the correct places */ + n = 16; + key = rotors; + do { + w = (b1[key[ 0 ]] | b0[key[ 1 ]]) << 4; + w |= (b1[key[ 2 ]] | b0[key[ 3 ]]) << 2; + w |= b1[key[ 4 ]] | b0[key[ 5 ]]; + w <<= 8; + w |= (b1[key[ 6 ]] | b0[key[ 7 ]]) << 4; + w |= (b1[key[ 8 ]] | b0[key[ 9 ]]) << 2; + w |= b1[key[10 ]] | b0[key[11 ]]; + w <<= 8; + w |= (b1[key[12 ]] | b0[key[13 ]]) << 4; + w |= (b1[key[14 ]] | b0[key[15 ]]) << 2; + w |= b1[key[16 ]] | b0[key[17 ]]; + w <<= 8; + w |= (b1[key[18 ]] | b0[key[19 ]]) << 4; + w |= (b1[key[20 ]] | b0[key[21 ]]) << 2; + w |= b1[key[22 ]] | b0[key[23 ]]; + + method[0] = w; + + w = (b1[key[ 0+24]] | b0[key[ 1+24]]) << 4; + w |= (b1[key[ 2+24]] | b0[key[ 3+24]]) << 2; + w |= b1[key[ 4+24]] | b0[key[ 5+24]]; + w <<= 8; + w |= (b1[key[ 6+24]] | b0[key[ 7+24]]) << 4; + w |= (b1[key[ 8+24]] | b0[key[ 9+24]]) << 2; + w |= b1[key[10+24]] | b0[key[11+24]]; + w <<= 8; + w |= (b1[key[12+24]] | b0[key[13+24]]) << 4; + w |= (b1[key[14+24]] | b0[key[15+24]]) << 2; + w |= b1[key[16+24]] | b0[key[17+24]]; + w <<= 8; + w |= (b1[key[18+24]] | b0[key[19+24]]) << 4; + w |= (b1[key[20+24]] | b0[key[21+24]]) << 2; + w |= b1[key[22+24]] | b0[key[23+24]]; + + method[1] = generic_rotr32 (w, 4); /* could be eliminated */ + + key += 48; + method += 2; + } while ( --n ); + return 0; +} + + +static void DesSmallFipsEncrypt (DesData d, DesKeys r, DesData s) +{ + register u32 x, y, z; + + x = s [7]; + x <<= 8; + x |= s [6]; + x <<= 8; + x |= s [5]; + x <<= 8; + x |= s [4]; + y = s [3]; + y <<= 8; + y |= s [2]; + y <<= 8; + y |= s [1]; + y <<= 8; + y |= s [0]; + z = ((x >> 004) ^ y) & 0X0F0F0F0FL; + x ^= z << 004; + y ^= z; + z = ((y >> 020) ^ x) & 0X0000FFFFL; + y ^= z << 020; + x ^= z; + z = ((x >> 002) ^ y) & 0X33333333L; + x ^= z << 002; + y ^= z; + z = ((y >> 010) ^ x) & 0X00FF00FFL; + y ^= z << 010; + x ^= z; + x = x >> 1 | x << 31; + z = (x ^ y) & 0X55555555L; + y ^= z; + x ^= z; + y = y >> 1 | y << 31; + z = r [0]; + z ^= y; + x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [1]; + z ^= y; + z = z << 4 | z >> 28; + x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [2]; + z ^= x; + y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [3]; + z ^= x; + z = z << 4 | z >> 28; + y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [4]; + z ^= y; + x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [5]; + z ^= y; + z = z << 4 | z >> 28; + x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [6]; + z ^= x; + y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [7]; + z ^= x; + z = z << 4 | z >> 28; + y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [8]; + z ^= y; + x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [9]; + z ^= y; + z = z << 4 | z >> 28; + x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [10]; + z ^= x; + y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [11]; + z ^= x; + z = z << 4 | z >> 28; + y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [12]; + z ^= y; + x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [13]; + z ^= y; + z = z << 4 | z >> 28; + x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [14]; + z ^= x; + y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [15]; + z ^= x; + z = z << 4 | z >> 28; + y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [16]; + z ^= y; + x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [17]; + z ^= y; + z = z << 4 | z >> 28; + x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [18]; + z ^= x; + y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [19]; + z ^= x; + z = z << 4 | z >> 28; + y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [20]; + z ^= y; + x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [21]; + z ^= y; + z = z << 4 | z >> 28; + x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [22]; + z ^= x; + y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [23]; + z ^= x; + z = z << 4 | z >> 28; + y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [24]; + z ^= y; + x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [25]; + z ^= y; + z = z << 4 | z >> 28; + x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [26]; + z ^= x; + y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [27]; + z ^= x; + z = z << 4 | z >> 28; + y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [28]; + z ^= y; + x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [29]; + z ^= y; + z = z << 4 | z >> 28; + x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [30]; + z ^= x; + y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [31]; + z ^= x; + z = z << 4 | z >> 28; + y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + x = x << 1 | x >> 31; + z = (x ^ y) & 0X55555555L; + y ^= z; + x ^= z; + y = y << 1 | y >> 31; + z = ((x >> 010) ^ y) & 0X00FF00FFL; + x ^= z << 010; + y ^= z; + z = ((y >> 002) ^ x) & 0X33333333L; + y ^= z << 002; + x ^= z; + z = ((x >> 020) ^ y) & 0X0000FFFFL; + x ^= z << 020; + y ^= z; + z = ((y >> 004) ^ x) & 0X0F0F0F0FL; + y ^= z << 004; + x ^= z; + d [0] = x; + x >>= 8; + d [1] = x; + x >>= 8; + d [2] = x; + x >>= 8; + d [3] = x; + d [4] = y; + y >>= 8; + d [5] = y; + y >>= 8; + d [6] = y; + y >>= 8; + d [7] = y; + return; +} + +static void DesSmallFipsDecrypt (u8 *d, u32 *r, u8 *s) +{ + register u32 x, y, z; + x = s [7]; + x <<= 8; + x |= s [6]; + x <<= 8; + x |= s [5]; + x <<= 8; + x |= s [4]; + y = s [3]; + y <<= 8; + y |= s [2]; + y <<= 8; + y |= s [1]; + y <<= 8; + y |= s [0]; + z = ((x >> 004) ^ y) & 0X0F0F0F0FL; + x ^= z << 004; + y ^= z; + z = ((y >> 020) ^ x) & 0X0000FFFFL; + y ^= z << 020; + x ^= z; + z = ((x >> 002) ^ y) & 0X33333333L; + x ^= z << 002; + y ^= z; + z = ((y >> 010) ^ x) & 0X00FF00FFL; + y ^= z << 010; + x ^= z; + x = x >> 1 | x << 31; + z = (x ^ y) & 0X55555555L; + y ^= z; + x ^= z; + y = y >> 1 | y << 31; + z = r [31]; + z ^= y; + z = z << 4 | z >> 28; + x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [30]; + z ^= y; + x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [29]; + z ^= x; + z = z << 4 | z >> 28; + y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [28]; + z ^= x; + y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [27]; + z ^= y; + z = z << 4 | z >> 28; + x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [26]; + z ^= y; + x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [25]; + z ^= x; + z = z << 4 | z >> 28; + y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [24]; + z ^= x; + y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [23]; + z ^= y; + z = z << 4 | z >> 28; + x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [22]; + z ^= y; + x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [21]; + z ^= x; + z = z << 4 | z >> 28; + y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [20]; + z ^= x; + y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [19]; + z ^= y; + z = z << 4 | z >> 28; + x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [18]; + z ^= y; + x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [17]; + z ^= x; + z = z << 4 | z >> 28; + y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [16]; + z ^= x; + y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [15]; + z ^= y; + z = z << 4 | z >> 28; + x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [14]; + z ^= y; + x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [13]; + z ^= x; + z = z << 4 | z >> 28; + y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [12]; + z ^= x; + y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [11]; + z ^= y; + z = z << 4 | z >> 28; + x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [10]; + z ^= y; + x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [9]; + z ^= x; + z = z << 4 | z >> 28; + y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [8]; + z ^= x; + y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [7]; + z ^= y; + z = z << 4 | z >> 28; + x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [6]; + z ^= y; + x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [5]; + z ^= x; + z = z << 4 | z >> 28; + y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [4]; + z ^= x; + y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [3]; + z ^= y; + z = z << 4 | z >> 28; + x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [2]; + z ^= y; + x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [1]; + z ^= x; + z = z << 4 | z >> 28; + y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [0]; + z ^= x; + y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + x = x << 1 | x >> 31; + z = (x ^ y) & 0X55555555L; + y ^= z; + x ^= z; + y = y << 1 | y >> 31; + z = ((x >> 010) ^ y) & 0X00FF00FFL; + x ^= z << 010; + y ^= z; + z = ((y >> 002) ^ x) & 0X33333333L; + y ^= z << 002; + x ^= z; + z = ((x >> 020) ^ y) & 0X0000FFFFL; + x ^= z << 020; + y ^= z; + z = ((y >> 004) ^ x) & 0X0F0F0F0FL; + y ^= z << 004; + x ^= z; + d [0] = x; + x >>= 8; + d [1] = x; + x >>= 8; + d [2] = x; + x >>= 8; + d [3] = x; + d [4] = y; + y >>= 8; + d [5] = y; + y >>= 8; + d [6] = y; + y >>= 8; + d [7] = y; + return; +} + +static int des_encrypt(struct cipher_context *cx, + const u8 *in, u8 *out, int size, int atomic) +{ + u8 input_buffer[8]; + u8 output_buffer[8]; + + for (; size >= 8; size -= 8) { + memcpy(&input_buffer, in, 8); + in += 8; + DesSmallFipsEncrypt(output_buffer,cx->keyinfo,input_buffer); + memcpy(out, &output_buffer, 8); + out += 8; + } + return 0; +} + +static int des_decrypt(struct cipher_context *cx, + const u8 *in, u8 *out, int size, int atomic) +{ + u8 input_buffer[8]; + u8 output_buffer[8]; + + for (; size >= 8; size -= 8) { + memcpy(&input_buffer, in, 8); + in += 8; + DesSmallFipsDecrypt(output_buffer,cx->keyinfo,input_buffer); + memcpy(out, &output_buffer, 8); + out += 8; + } + return 0; +} + +#define CIPHER_ID des +#define CIPHER_BLOCKSIZE 64 +#define CIPHER_KEY_SIZE_MASK CIPHER_KEYSIZE_64 +#define CIPHER_KEY_SCHEDULE_SIZE (32*sizeof(u32)) + +#include "gen-cipher.h" + +EXPORT_NO_SYMBOLS; + +/* eof */ diff -Nur linux-2.4.18/crypto/ciphers/cipher-des_ede3.c linux-int-2.4.18/crypto/ciphers/cipher-des_ede3.c --- linux-2.4.18/crypto/ciphers/cipher-des_ede3.c Thu Jan 1 01:00:00 1970 +++ linux-int-2.4.18/crypto/ciphers/cipher-des_ede3.c Wed Apr 3 17:28:57 2002 @@ -0,0 +1,1279 @@ + +/* + * triple DES (DES EDE3) created from kerneli DES implementation by + * Gisle Sælensminde . Original DES sourcecode created + * by descore. Descore is under GPL and made by Dana L. How + * , and modified by Raimar Falke + * for the Linux-Kernel. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Library General Public License + * as published by the Free Software Foundation; either version 2 of + * the License, or (at your option) any later version. + * + * This implementation accept 24, 16 or 8 byte keys for 3-key 3DES, + * 2-key 3DES or DES compatibility mode respectivly. Other key lengths + * are rejected. The parity bits, which is the least significant bit + * of each byte are always set to the correct value. + * + * In DES there are four weak and six pairs of semi-weak keys. For 3DES + * none of the keys should be weak, and no pair of semi-weak keys should + * appear among the three DES subkeys. If the key is (pseudo)random, the + * chance of selecting a weak key is negligtable, and the test can safly + * be omited. Such (pseudo)random keys are usually the result of a key + * exchange protocol or the output of a cryptographic hash function. If + * the key is selected by the user, the key can not be expected to be + * random, and it can be desirable to check the keys. Since it's + * possible for a user to directly select the key bits in some + * applications of kerneli crypto API, we do check for weak keys. + * + * More specifically, a key is rejected if any of the DES subkeys are + * weak or semi-weak. This is done because we reuse the check from the + * original kerneli DES implementation. This function reject any key if + * it is weak or semi-weak. As a result we may unnecessarily reject some + * strong keys. In future releases this test should be improved, or + * better; we should not let the user select the exact key bits, and + * remove the need for checking. + * + * A DES_EDE3 key degenerates to DES if any of the DES subkeys K1 and + * K2 or K2 and K3 are equal, even we have 112 key bits. This should be + * avoided, unless we operate in DES compatibility mode. Again such keys + * are unlikely if the key is random. To have K1 = K3 is 2-key 3DES, + * which not have such security problems. An exception from this policy + * is done for DES compatibility mode, where all three keys are equal. + */ + +#include +#include +#include +#include +#include +#include + +#ifdef MODULE_LICENSE +MODULE_LICENSE("GPL"); +#endif + +#define ROR(d,c,o) d = d >> c | d << o + +typedef u8 DesData[8]; +typedef u32 DesKeys[32]; + +static u32 des_keymap[] = { + 0x02080008, 0x02082000, 0x00002008, 0x00000000, + 0x02002000, 0x00080008, 0x02080000, 0x02082008, + 0x00000008, 0x02000000, 0x00082000, 0x00002008, + 0x00082008, 0x02002008, 0x02000008, 0x02080000, + 0x00002000, 0x00082008, 0x00080008, 0x02002000, + 0x02082008, 0x02000008, 0x00000000, 0x00082000, + 0x02000000, 0x00080000, 0x02002008, 0x02080008, + 0x00080000, 0x00002000, 0x02082000, 0x00000008, + 0x00080000, 0x00002000, 0x02000008, 0x02082008, + 0x00002008, 0x02000000, 0x00000000, 0x00082000, + 0x02080008, 0x02002008, 0x02002000, 0x00080008, + 0x02082000, 0x00000008, 0x00080008, 0x02002000, + 0x02082008, 0x00080000, 0x02080000, 0x02000008, + 0x00082000, 0x00002008, 0x02002008, 0x02080000, + 0x00000008, 0x02082000, 0x00082008, 0x00000000, + 0x02000000, 0x02080008, 0x00002000, 0x00082008, + + 0x08000004, 0x00020004, 0x00000000, 0x08020200, + 0x00020004, 0x00000200, 0x08000204, 0x00020000, + 0x00000204, 0x08020204, 0x00020200, 0x08000000, + 0x08000200, 0x08000004, 0x08020000, 0x00020204, + 0x00020000, 0x08000204, 0x08020004, 0x00000000, + 0x00000200, 0x00000004, 0x08020200, 0x08020004, + 0x08020204, 0x08020000, 0x08000000, 0x00000204, + 0x00000004, 0x00020200, 0x00020204, 0x08000200, + 0x00000204, 0x08000000, 0x08000200, 0x00020204, + 0x08020200, 0x00020004, 0x00000000, 0x08000200, + 0x08000000, 0x00000200, 0x08020004, 0x00020000, + 0x00020004, 0x08020204, 0x00020200, 0x00000004, + 0x08020204, 0x00020200, 0x00020000, 0x08000204, + 0x08000004, 0x08020000, 0x00020204, 0x00000000, + 0x00000200, 0x08000004, 0x08000204, 0x08020200, + 0x08020000, 0x00000204, 0x00000004, 0x08020004, + + 0x80040100, 0x01000100, 0x80000000, 0x81040100, + 0x00000000, 0x01040000, 0x81000100, 0x80040000, + 0x01040100, 0x81000000, 0x01000000, 0x80000100, + 0x81000000, 0x80040100, 0x00040000, 0x01000000, + 0x81040000, 0x00040100, 0x00000100, 0x80000000, + 0x00040100, 0x81000100, 0x01040000, 0x00000100, + 0x80000100, 0x00000000, 0x80040000, 0x01040100, + 0x01000100, 0x81040000, 0x81040100, 0x00040000, + 0x81040000, 0x80000100, 0x00040000, 0x81000000, + 0x00040100, 0x01000100, 0x80000000, 0x01040000, + 0x81000100, 0x00000000, 0x00000100, 0x80040000, + 0x00000000, 0x81040000, 0x01040100, 0x00000100, + 0x01000000, 0x81040100, 0x80040100, 0x00040000, + 0x81040100, 0x80000000, 0x01000100, 0x80040100, + 0x80040000, 0x00040100, 0x01040000, 0x81000100, + 0x80000100, 0x01000000, 0x81000000, 0x01040100, + + 0x04010801, 0x00000000, 0x00010800, 0x04010000, + 0x04000001, 0x00000801, 0x04000800, 0x00010800, + 0x00000800, 0x04010001, 0x00000001, 0x04000800, + 0x00010001, 0x04010800, 0x04010000, 0x00000001, + 0x00010000, 0x04000801, 0x04010001, 0x00000800, + 0x00010801, 0x04000000, 0x00000000, 0x00010001, + 0x04000801, 0x00010801, 0x04010800, 0x04000001, + 0x04000000, 0x00010000, 0x00000801, 0x04010801, + 0x00010001, 0x04010800, 0x04000800, 0x00010801, + 0x04010801, 0x00010001, 0x04000001, 0x00000000, + 0x04000000, 0x00000801, 0x00010000, 0x04010001, + 0x00000800, 0x04000000, 0x00010801, 0x04000801, + 0x04010800, 0x00000800, 0x00000000, 0x04000001, + 0x00000001, 0x04010801, 0x00010800, 0x04010000, + 0x04010001, 0x00010000, 0x00000801, 0x04000800, + 0x04000801, 0x00000001, 0x04010000, 0x00010800, + + 0x00000400, 0x00000020, 0x00100020, 0x40100000, + 0x40100420, 0x40000400, 0x00000420, 0x00000000, + 0x00100000, 0x40100020, 0x40000020, 0x00100400, + 0x40000000, 0x00100420, 0x00100400, 0x40000020, + 0x40100020, 0x00000400, 0x40000400, 0x40100420, + 0x00000000, 0x00100020, 0x40100000, 0x00000420, + 0x40100400, 0x40000420, 0x00100420, 0x40000000, + 0x40000420, 0x40100400, 0x00000020, 0x00100000, + 0x40000420, 0x00100400, 0x40100400, 0x40000020, + 0x00000400, 0x00000020, 0x00100000, 0x40100400, + 0x40100020, 0x40000420, 0x00000420, 0x00000000, + 0x00000020, 0x40100000, 0x40000000, 0x00100020, + 0x00000000, 0x40100020, 0x00100020, 0x00000420, + 0x40000020, 0x00000400, 0x40100420, 0x00100000, + 0x00100420, 0x40000000, 0x40000400, 0x40100420, + 0x40100000, 0x00100420, 0x00100400, 0x40000400, + + 0x00800000, 0x00001000, 0x00000040, 0x00801042, + 0x00801002, 0x00800040, 0x00001042, 0x00801000, + 0x00001000, 0x00000002, 0x00800002, 0x00001040, + 0x00800042, 0x00801002, 0x00801040, 0x00000000, + 0x00001040, 0x00800000, 0x00001002, 0x00000042, + 0x00800040, 0x00001042, 0x00000000, 0x00800002, + 0x00000002, 0x00800042, 0x00801042, 0x00001002, + 0x00801000, 0x00000040, 0x00000042, 0x00801040, + 0x00801040, 0x00800042, 0x00001002, 0x00801000, + 0x00001000, 0x00000002, 0x00800002, 0x00800040, + 0x00800000, 0x00001040, 0x00801042, 0x00000000, + 0x00001042, 0x00800000, 0x00000040, 0x00001002, + 0x00800042, 0x00000040, 0x00000000, 0x00801042, + 0x00801002, 0x00801040, 0x00000042, 0x00001000, + 0x00001040, 0x00801002, 0x00800040, 0x00000042, + 0x00000002, 0x00001042, 0x00801000, 0x00800002, + + 0x10400000, 0x00404010, 0x00000010, 0x10400010, + 0x10004000, 0x00400000, 0x10400010, 0x00004010, + 0x00400010, 0x00004000, 0x00404000, 0x10000000, + 0x10404010, 0x10000010, 0x10000000, 0x10404000, + 0x00000000, 0x10004000, 0x00404010, 0x00000010, + 0x10000010, 0x10404010, 0x00004000, 0x10400000, + 0x10404000, 0x00400010, 0x10004010, 0x00404000, + 0x00004010, 0x00000000, 0x00400000, 0x10004010, + 0x00404010, 0x00000010, 0x10000000, 0x00004000, + 0x10000010, 0x10004000, 0x00404000, 0x10400010, + 0x00000000, 0x00404010, 0x00004010, 0x10404000, + 0x10004000, 0x00400000, 0x10404010, 0x10000000, + 0x10004010, 0x10400000, 0x00400000, 0x10404010, + 0x00004000, 0x00400010, 0x10400010, 0x00004010, + 0x00400010, 0x00000000, 0x10404000, 0x10000010, + 0x10400000, 0x10004010, 0x00000010, 0x00404000, + + 0x00208080, 0x00008000, 0x20200000, 0x20208080, + 0x00200000, 0x20008080, 0x20008000, 0x20200000, + 0x20008080, 0x00208080, 0x00208000, 0x20000080, + 0x20200080, 0x00200000, 0x00000000, 0x20008000, + 0x00008000, 0x20000000, 0x00200080, 0x00008080, + 0x20208080, 0x00208000, 0x20000080, 0x00200080, + 0x20000000, 0x00000080, 0x00008080, 0x20208000, + 0x00000080, 0x20200080, 0x20208000, 0x00000000, + 0x00000000, 0x20208080, 0x00200080, 0x20008000, + 0x00208080, 0x00008000, 0x20000080, 0x00200080, + 0x20208000, 0x00000080, 0x00008080, 0x20200000, + 0x20008080, 0x20000000, 0x20200000, 0x00208000, + 0x20208080, 0x00008080, 0x00208000, 0x20200080, + 0x00200000, 0x20000080, 0x20008000, 0x00000000, + 0x00008000, 0x00200000, 0x20200080, 0x00208080, + 0x20000000, 0x20208000, 0x00000080, 0x20008080, +}; + +static u8 rotors[] = { + 34, 13, 5, 46, 47, 18, 32, 41, 11, 53, 33, 20, + 14, 36, 30, 24, 49, 2, 15, 37, 42, 50, 0, 21, + 38, 48, 6, 26, 39, 4, 52, 25, 12, 27, 31, 40, + 1, 17, 28, 29, 23, 51, 35, 7, 3, 22, 9, 43, + + 41, 20, 12, 53, 54, 25, 39, 48, 18, 31, 40, 27, + 21, 43, 37, 0, 1, 9, 22, 44, 49, 2, 7, 28, + 45, 55, 13, 33, 46, 11, 6, 32, 19, 34, 38, 47, + 8, 24, 35, 36, 30, 3, 42, 14, 10, 29, 16, 50, + + 55, 34, 26, 38, 11, 39, 53, 5, 32, 45, 54, 41, + 35, 2, 51, 14, 15, 23, 36, 3, 8, 16, 21, 42, + 6, 12, 27, 47, 31, 25, 20, 46, 33, 48, 52, 4, + 22, 7, 49, 50, 44, 17, 1, 28, 24, 43, 30, 9, + + 12, 48, 40, 52, 25, 53, 38, 19, 46, 6, 11, 55, + 49, 16, 10, 28, 29, 37, 50, 17, 22, 30, 35, 1, + 20, 26, 41, 4, 45, 39, 34, 31, 47, 5, 13, 18, + 36, 21, 8, 9, 3, 0, 15, 42, 7, 2, 44, 23, + + 26, 5, 54, 13, 39, 38, 52, 33, 31, 20, 25, 12, + 8, 30, 24, 42, 43, 51, 9, 0, 36, 44, 49, 15, + 34, 40, 55, 18, 6, 53, 48, 45, 4, 19, 27, 32, + 50, 35, 22, 23, 17, 14, 29, 1, 21, 16, 3, 37, + + 40, 19, 11, 27, 53, 52, 13, 47, 45, 34, 39, 26, + 22, 44, 7, 1, 2, 10, 23, 14, 50, 3, 8, 29, + 48, 54, 12, 32, 20, 38, 5, 6, 18, 33, 41, 46, + 9, 49, 36, 37, 0, 28, 43, 15, 35, 30, 17, 51, + + 54, 33, 25, 41, 38, 13, 27, 4, 6, 48, 53, 40, + 36, 3, 21, 15, 16, 24, 37, 28, 9, 17, 22, 43, + 5, 11, 26, 46, 34, 52, 19, 20, 32, 47, 55, 31, + 23, 8, 50, 51, 14, 42, 2, 29, 49, 44, 0, 10, + + 11, 47, 39, 55, 52, 27, 41, 18, 20, 5, 38, 54, + 50, 17, 35, 29, 30, 7, 51, 42, 23, 0, 36, 2, + 19, 25, 40, 31, 48, 13, 33, 34, 46, 4, 12, 45, + 37, 22, 9, 10, 28, 1, 16, 43, 8, 3, 14, 24, + + 18, 54, 46, 5, 6, 34, 48, 25, 27, 12, 45, 4, + 2, 24, 42, 36, 37, 14, 3, 49, 30, 7, 43, 9, + 26, 32, 47, 38, 55, 20, 40, 41, 53, 11, 19, 52, + 44, 29, 16, 17, 35, 8, 23, 50, 15, 10, 21, 0, + + 32, 11, 31, 19, 20, 48, 5, 39, 41, 26, 6, 18, + 16, 7, 1, 50, 51, 28, 17, 8, 44, 21, 2, 23, + 40, 46, 4, 52, 12, 34, 54, 55, 38, 25, 33, 13, + 3, 43, 30, 0, 49, 22, 37, 9, 29, 24, 35, 14, + + 46, 25, 45, 33, 34, 5, 19, 53, 55, 40, 20, 32, + 30, 21, 15, 9, 10, 42, 0, 22, 3, 35, 16, 37, + 54, 31, 18, 13, 26, 48, 11, 12, 52, 39, 47, 27, + 17, 2, 44, 14, 8, 36, 51, 23, 43, 7, 49, 28, + + 31, 39, 6, 47, 48, 19, 33, 38, 12, 54, 34, 46, + 44, 35, 29, 23, 24, 1, 14, 36, 17, 49, 30, 51, + 11, 45, 32, 27, 40, 5, 25, 26, 13, 53, 4, 41, + 0, 16, 3, 28, 22, 50, 10, 37, 2, 21, 8, 42, + + 45, 53, 20, 4, 5, 33, 47, 52, 26, 11, 48, 31, + 3, 49, 43, 37, 7, 15, 28, 50, 0, 8, 44, 10, + 25, 6, 46, 41, 54, 19, 39, 40, 27, 38, 18, 55, + 14, 30, 17, 42, 36, 9, 24, 51, 16, 35, 22, 1, + + 6, 38, 34, 18, 19, 47, 4, 13, 40, 25, 5, 45, + 17, 8, 2, 51, 21, 29, 42, 9, 14, 22, 3, 24, + 39, 20, 31, 55, 11, 33, 53, 54, 41, 52, 32, 12, + 28, 44, 0, 1, 50, 23, 7, 10, 30, 49, 36, 15, + + 20, 52, 48, 32, 33, 4, 18, 27, 54, 39, 19, 6, + 0, 22, 16, 10, 35, 43, 1, 23, 28, 36, 17, 7, + 53, 34, 45, 12, 25, 47, 38, 11, 55, 13, 46, 26, + 42, 3, 14, 15, 9, 37, 21, 24, 44, 8, 50, 29, + + 27, 6, 55, 39, 40, 11, 25, 34, 4, 46, 26, 13, + 7, 29, 23, 17, 42, 50, 8, 30, 35, 43, 24, 14, + 31, 41, 52, 19, 32, 54, 45, 18, 5, 20, 53, 33, + 49, 10, 21, 22, 16, 44, 28, 0, 51, 15, 2, 36, +}; + +static char parity[] = { +8,1,0,8,0,8,8,0,0,8,8,0,8,0,2,8,0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,3, +0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8, +0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8, +8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8,0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0, +0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8, +8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8,0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0, +8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8,0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0, +4,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,8,5,0,8,0,8,8,0,0,8,8,0,8,0,6,8, +}; + +static int des_part_set_key(u32 *method, const unsigned char *key); + +static int des_ede3_set_key(struct cipher_context *cx, + const unsigned char *key, int keybytes, int atomic) +{ + u32 *method; + int status,i; + unsigned char lkey[24]; + unsigned char n1, n2; + method=(u32 *)cx->keyinfo; + + /* asign keybits based on keylength */ + switch(keybytes) { + case 24: + memcpy(lkey,key,24); + break; + case 16: + memcpy(lkey,key,16); + memcpy(lkey+16,key,8); + break; + case 8: + memcpy(lkey,key,8); + memcpy(lkey+8,key,8); + memcpy(lkey+16,key,8); + break; + default: + return -EINVAL; + } + + /* set the correct parity bit for each byte in the key*/ + for(i=0; i<24; i++){ + n1 = lkey[i] & 0xfe; + n2 = n1 ^ (n1 >> 4); + n2 ^= (n2 >> 2); + n2 ^= (n2 >> 1); + lkey[i] = n1 | (~n2 & 0x01); + } + + /* check for degenerate keys */ + if(keybytes > 8 && + (memcmp(lkey,lkey+8,8)==0 || memcmp(lkey+8,lkey+16,8)==0)) + return -2; + + if((status = des_part_set_key(method, lkey)) != 0) + return status; + if((status = des_part_set_key(method+32, lkey+8)) != 0) + return status; + if((status = des_part_set_key(method+64, lkey+16)) != 0) + return status; + + return 0; +} + +static int des_part_set_key(u32 *method, const unsigned char *key) +{ + register u32 n, w; + register char * b0, * b1; + char bits0[56], bits1[56]; + + /* check for weak keys */ + b0 = parity; + n = b0[key[0]]; n <<= 4; + n |= b0[key[1]]; n <<= 4; + n |= b0[key[2]]; n <<= 4; + n |= b0[key[3]]; n <<= 4; + n |= b0[key[4]]; n <<= 4; + n |= b0[key[5]]; n <<= 4; + n |= b0[key[6]]; n <<= 4; + n |= b0[key[7]]; + w = 0X88888888L; + if ( !((n - (w >> 3)) & w) ) { /* 1 in 10^10 keys passes this test */ + if ( n < 0X41415151 ) { + if ( n < 0X31312121 ) { + if ( n < 0X14141515 ) { + /* 01 01 01 01 01 01 01 01 */ + if ( n == 0X11111111 ) return -2; + /* 01 1F 01 1F 01 0E 01 0E */ + if ( n == 0X13131212 ) return -2; + } else { + /* 01 E0 01 E0 01 F1 01 F1 */ + if ( n == 0X14141515 ) return -2; + /* 01 FE 01 FE 01 FE 01 FE */ + if ( n == 0X16161616 ) return -2; + } + } else { + if ( n < 0X34342525 ) { + /* 1F 01 1F 01 0E 01 0E 01 */ + if ( n == 0X31312121 ) return -2; + /* 1F 1F 1F 1F 0E 0E 0E 0E */ /* ? */ + if ( n == 0X33332222 ) return -2; + } else { + /* 1F E0 1F E0 0E F1 0E F1 */ + if ( n == 0X34342525 ) return -2; + /* 1F FE 1F FE 0E FE 0E FE */ + if ( n == 0X36362626 ) return -2; + } + } + } else { + if ( n < 0X61616161 ) { + if ( n < 0X44445555 ) { + /* E0 01 E0 01 F1 01 F1 01 */ + if ( n == 0X41415151 ) return -2; + /* E0 1F E0 1F F1 0E F1 0E */ + if ( n == 0X43435252 ) return -2; + } else { + /* E0 E0 E0 E0 F1 F1 F1 F1 */ /* ? */ + if ( n == 0X44445555 ) return -2; + /* E0 FE E0 FE F1 FE F1 FE */ + if ( n == 0X46465656 ) return -2; + } + } else { + if ( n < 0X64646565 ) { + /* FE 01 FE 01 FE 01 FE 01 */ + if ( n == 0X61616161 ) return -2; + /* FE 1F FE 1F FE 0E FE 0E */ + if ( n == 0X63636262 ) return -2; + } else { + /* FE E0 FE E0 FE F1 FE F1 */ + if ( n == 0X64646565 ) return -2; + /* FE FE FE FE FE FE FE FE */ + if ( n == 0X66666666 ) return -2; + } + } + } + } + + /* explode the bits */ + n = 56; + b0 = bits0; + b1 = bits1; + do { + w = (256 | *key++) << 2; + do { + --n; + b1[n] = 8 & w; + w >>= 1; + b0[n] = 4 & w; + } while ( w >= 16 ); + } while ( n ); + + /* put the bits in the correct places */ + n = 16; + key = rotors; + do { + w = (b1[key[ 0 ]] | b0[key[ 1 ]]) << 4; + w |= (b1[key[ 2 ]] | b0[key[ 3 ]]) << 2; + w |= b1[key[ 4 ]] | b0[key[ 5 ]]; + w <<= 8; + w |= (b1[key[ 6 ]] | b0[key[ 7 ]]) << 4; + w |= (b1[key[ 8 ]] | b0[key[ 9 ]]) << 2; + w |= b1[key[10 ]] | b0[key[11 ]]; + w <<= 8; + w |= (b1[key[12 ]] | b0[key[13 ]]) << 4; + w |= (b1[key[14 ]] | b0[key[15 ]]) << 2; + w |= b1[key[16 ]] | b0[key[17 ]]; + w <<= 8; + w |= (b1[key[18 ]] | b0[key[19 ]]) << 4; + w |= (b1[key[20 ]] | b0[key[21 ]]) << 2; + w |= b1[key[22 ]] | b0[key[23 ]]; + + method[0] = w; + + w = (b1[key[ 0+24]] | b0[key[ 1+24]]) << 4; + w |= (b1[key[ 2+24]] | b0[key[ 3+24]]) << 2; + w |= b1[key[ 4+24]] | b0[key[ 5+24]]; + w <<= 8; + w |= (b1[key[ 6+24]] | b0[key[ 7+24]]) << 4; + w |= (b1[key[ 8+24]] | b0[key[ 9+24]]) << 2; + w |= b1[key[10+24]] | b0[key[11+24]]; + w <<= 8; + w |= (b1[key[12+24]] | b0[key[13+24]]) << 4; + w |= (b1[key[14+24]] | b0[key[15+24]]) << 2; + w |= b1[key[16+24]] | b0[key[17+24]]; + w <<= 8; + w |= (b1[key[18+24]] | b0[key[19+24]]) << 4; + w |= (b1[key[20+24]] | b0[key[21+24]]) << 2; + w |= b1[key[22+24]] | b0[key[23+24]]; + + ROR(w, 4, 28); /* could be eliminated */ + method[1] = w; + + key += 48; + method += 2; + } while ( --n ); + return 0; +} + +static void DesSmallFipsEncrypt (DesData d, DesKeys r, DesData s) +{ + register u32 x, y, z; + + x = s [7]; + x <<= 8; + x |= s [6]; + x <<= 8; + x |= s [5]; + x <<= 8; + x |= s [4]; + y = s [3]; + y <<= 8; + y |= s [2]; + y <<= 8; + y |= s [1]; + y <<= 8; + y |= s [0]; + z = ((x >> 004) ^ y) & 0X0F0F0F0FL; + x ^= z << 004; + y ^= z; + z = ((y >> 020) ^ x) & 0X0000FFFFL; + y ^= z << 020; + x ^= z; + z = ((x >> 002) ^ y) & 0X33333333L; + x ^= z << 002; + y ^= z; + z = ((y >> 010) ^ x) & 0X00FF00FFL; + y ^= z << 010; + x ^= z; + x = x >> 1 | x << 31; + z = (x ^ y) & 0X55555555L; + y ^= z; + x ^= z; + y = y >> 1 | y << 31; + z = r [0]; + z ^= y; + x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [1]; + z ^= y; + z = z << 4 | z >> 28; + x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [2]; + z ^= x; + y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [3]; + z ^= x; + z = z << 4 | z >> 28; + y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [4]; + z ^= y; + x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [5]; + z ^= y; + z = z << 4 | z >> 28; + x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [6]; + z ^= x; + y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [7]; + z ^= x; + z = z << 4 | z >> 28; + y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [8]; + z ^= y; + x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [9]; + z ^= y; + z = z << 4 | z >> 28; + x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [10]; + z ^= x; + y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [11]; + z ^= x; + z = z << 4 | z >> 28; + y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [12]; + z ^= y; + x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [13]; + z ^= y; + z = z << 4 | z >> 28; + x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [14]; + z ^= x; + y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [15]; + z ^= x; + z = z << 4 | z >> 28; + y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [16]; + z ^= y; + x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [17]; + z ^= y; + z = z << 4 | z >> 28; + x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [18]; + z ^= x; + y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [19]; + z ^= x; + z = z << 4 | z >> 28; + y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [20]; + z ^= y; + x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [21]; + z ^= y; + z = z << 4 | z >> 28; + x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [22]; + z ^= x; + y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [23]; + z ^= x; + z = z << 4 | z >> 28; + y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [24]; + z ^= y; + x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [25]; + z ^= y; + z = z << 4 | z >> 28; + x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [26]; + z ^= x; + y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [27]; + z ^= x; + z = z << 4 | z >> 28; + y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [28]; + z ^= y; + x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [29]; + z ^= y; + z = z << 4 | z >> 28; + x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [30]; + z ^= x; + y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [31]; + z ^= x; + z = z << 4 | z >> 28; + y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + x = x << 1 | x >> 31; + z = (x ^ y) & 0X55555555L; + y ^= z; + x ^= z; + y = y << 1 | y >> 31; + z = ((x >> 010) ^ y) & 0X00FF00FFL; + x ^= z << 010; + y ^= z; + z = ((y >> 002) ^ x) & 0X33333333L; + y ^= z << 002; + x ^= z; + z = ((x >> 020) ^ y) & 0X0000FFFFL; + x ^= z << 020; + y ^= z; + z = ((y >> 004) ^ x) & 0X0F0F0F0FL; + y ^= z << 004; + x ^= z; + d [0] = x; + x >>= 8; + d [1] = x; + x >>= 8; + d [2] = x; + x >>= 8; + d [3] = x; + d [4] = y; + y >>= 8; + d [5] = y; + y >>= 8; + d [6] = y; + y >>= 8; + d [7] = y; + return; +} + +static void DesSmallFipsDecrypt (u8 *d, u32 *r, u8 *s) +{ + register u32 x, y, z; + x = s [7]; + x <<= 8; + x |= s [6]; + x <<= 8; + x |= s [5]; + x <<= 8; + x |= s [4]; + y = s [3]; + y <<= 8; + y |= s [2]; + y <<= 8; + y |= s [1]; + y <<= 8; + y |= s [0]; + z = ((x >> 004) ^ y) & 0X0F0F0F0FL; + x ^= z << 004; + y ^= z; + z = ((y >> 020) ^ x) & 0X0000FFFFL; + y ^= z << 020; + x ^= z; + z = ((x >> 002) ^ y) & 0X33333333L; + x ^= z << 002; + y ^= z; + z = ((y >> 010) ^ x) & 0X00FF00FFL; + y ^= z << 010; + x ^= z; + x = x >> 1 | x << 31; + z = (x ^ y) & 0X55555555L; + y ^= z; + x ^= z; + y = y >> 1 | y << 31; + z = r [31]; + z ^= y; + z = z << 4 | z >> 28; + x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [30]; + z ^= y; + x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [29]; + z ^= x; + z = z << 4 | z >> 28; + y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [28]; + z ^= x; + y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [27]; + z ^= y; + z = z << 4 | z >> 28; + x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [26]; + z ^= y; + x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [25]; + z ^= x; + z = z << 4 | z >> 28; + y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [24]; + z ^= x; + y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [23]; + z ^= y; + z = z << 4 | z >> 28; + x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [22]; + z ^= y; + x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [21]; + z ^= x; + z = z << 4 | z >> 28; + y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [20]; + z ^= x; + y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [19]; + z ^= y; + z = z << 4 | z >> 28; + x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [18]; + z ^= y; + x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [17]; + z ^= x; + z = z << 4 | z >> 28; + y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [16]; + z ^= x; + y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [15]; + z ^= y; + z = z << 4 | z >> 28; + x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [14]; + z ^= y; + x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [13]; + z ^= x; + z = z << 4 | z >> 28; + y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [12]; + z ^= x; + y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [11]; + z ^= y; + z = z << 4 | z >> 28; + x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [10]; + z ^= y; + x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [9]; + z ^= x; + z = z << 4 | z >> 28; + y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [8]; + z ^= x; + y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [7]; + z ^= y; + z = z << 4 | z >> 28; + x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [6]; + z ^= y; + x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [5]; + z ^= x; + z = z << 4 | z >> 28; + y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [4]; + z ^= x; + y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [3]; + z ^= y; + z = z << 4 | z >> 28; + x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [2]; + z ^= y; + x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + x ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + z = r [1]; + z ^= x; + z = z << 4 | z >> 28; + y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0XFC & z)); + z = r [0]; + z ^= x; + y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0XFC & z)); + z >>= 8; + y ^= * (u32 *) ((u8 *) des_keymap + (0XFC & z)); + x = x << 1 | x >> 31; + z = (x ^ y) & 0X55555555L; + y ^= z; + x ^= z; + y = y << 1 | y >> 31; + z = ((x >> 010) ^ y) & 0X00FF00FFL; + x ^= z << 010; + y ^= z; + z = ((y >> 002) ^ x) & 0X33333333L; + y ^= z << 002; + x ^= z; + z = ((x >> 020) ^ y) & 0X0000FFFFL; + x ^= z << 020; + y ^= z; + z = ((y >> 004) ^ x) & 0X0F0F0F0FL; + y ^= z << 004; + x ^= z; + d [0] = x; + x >>= 8; + d [1] = x; + x >>= 8; + d [2] = x; + x >>= 8; + d [3] = x; + d [4] = y; + y >>= 8; + d [5] = y; + y >>= 8; + d [6] = y; + y >>= 8; + d [7] = y; + return; +} + + +static int des_ede3_encrypt(struct cipher_context *cx, + const u8 *in, u8 *out, int size, int atomic) +{ + u8 input_buffer[8], trans_buffer1[8]; + u8 trans_buffer2[8], output_buffer[8]; + + u32 *key_sched; + + key_sched = cx->keyinfo; + + for (; size >= 8; size -= 8) { + memcpy(&input_buffer, in, 8); + in += 8; + DesSmallFipsEncrypt(trans_buffer1,key_sched,input_buffer); + DesSmallFipsDecrypt(trans_buffer2,key_sched+32,trans_buffer1); + DesSmallFipsEncrypt(output_buffer,key_sched+64,trans_buffer2); + memcpy(out, &output_buffer, 8); + out += 8; + } + return 0; +} + +static int des_ede3_decrypt(struct cipher_context *cx, + const u8 *in, u8 *out, int size, int atomic) +{ + u8 input_buffer[8], trans_buffer1[8]; + u8 trans_buffer2[8], output_buffer[8]; + + u32 *key_sched; + + key_sched = cx->keyinfo; + + for (; size >= 8; size -= 8) { + memcpy(&input_buffer, in, 8); + in += 8; + DesSmallFipsDecrypt(trans_buffer1,key_sched+64,input_buffer); + DesSmallFipsEncrypt(trans_buffer2,key_sched+32,trans_buffer1); + DesSmallFipsDecrypt(output_buffer,key_sched,trans_buffer2); + memcpy(out, &output_buffer, 8); + out += 8; + } + return 0; +} + +#define CIPHER_ID des_ede3 +#define CIPHER_BLOCKSIZE 64 +#define CIPHER_KEY_SIZE_MASK CIPHER_KEYSIZE_64 | CIPHER_KEYSIZE_128 | CIPHER_KEYSIZE_192 +#define CIPHER_KEY_SCHEDULE_SIZE (3*32*sizeof(u32)) + +#include "gen-cipher.h" + +EXPORT_NO_SYMBOLS; + +/* eof */ diff -Nur linux-2.4.18/crypto/ciphers/cipher-dfc.c linux-int-2.4.18/crypto/ciphers/cipher-dfc.c --- linux-2.4.18/crypto/ciphers/cipher-dfc.c Thu Jan 1 01:00:00 1970 +++ linux-int-2.4.18/crypto/ciphers/cipher-dfc.c Wed Apr 3 17:28:57 2002 @@ -0,0 +1,429 @@ +/* NOTE: This implementation has been changed from the original + source. See ChangeLog for more information. + Maintained by Alexander Kjeldaas + */ + +/* This is an independent implementation of the DFC encryption */ +/* algorithm designed by a team at CNRS and France Telecom and */ +/* submitted as a candidate in the US NIST Advanced Encryption */ +/* Standard (AES) programme. */ +/* */ +/* Copyright in this implementation is held by Dr B R Gladman but */ +/* I hereby give permission for its free direct or derivative use */ +/* subject to acknowledgment of its origin and compliance with any */ +/* conditions that the originators of DFC place on its use. */ +/* */ +/* My thanks go to Serge Vaudenay of the Ecole Normale Superieure */ +/* for providing test vectors. This implementation has also been */ +/* tested with an independent implementation by Dr Russell Bradford */ +/* (Department of Mathematical Sciences, University of Bath, Bath, */ +/* UK) and checks out. My thanks go to Russell for his help in */ +/* comparing our implementations and finding bugs (and for help in */ +/* resolving 'endian' issues before test vectors became available). */ +/* */ +/* Dr Brian Gladman (gladman@seven77.demon.co.uk) 27th July 1998 */ +/* */ + +/* The EES string is as follows (the abstract contains an error in + the last line of this sequence which changes KC and KD): + + 0xb7e15162, 0x8aed2a6a, 0xbf715880, 0x9cf4f3c7, + 0x62e7160f, 0x38b4da56, 0xa784d904, 0x5190cfef, + 0x324e7738, 0x926cfbe5, 0xf4bf8d8d, 0x8c31d763, + 0xda06c80a, 0xbb1185eb, 0x4f7c7b57, 0x57f59584, + + 0x90cfd47d, 0x7c19bb42, 0x158d9554, 0xf7b46bce, + 0xd55c4d79, 0xfd5f24d6, 0x613c31c3, 0x839a2ddf, + 0x8a9a276b, 0xcfbfa1c8, 0x77c56284, 0xdab79cd4, + 0xc2b3293d, 0x20e9e5ea, 0xf02ac60a, 0xcc93ed87, + + 0x4422a52e, 0xcb238fee, 0xe5ab6add, 0x835fd1a0, + 0x753d0a8f, 0x78e537d2, 0xb95bb79d, 0x8dcaec64, + 0x2c1e9f23, 0xb829b5c2, 0x780bf387, 0x37df8bb3, + 0x00d01334, 0xa0d0bd86, 0x45cbfa73, 0xa6160ffe, + + 0x393c48cb, 0xbbca060f, 0x0ff8ec6d, 0x31beb5cc, + 0xeed7f2f0, 0xbb088017, 0x163bc60d, 0xf45a0ecb, + 0x1bcd289b, 0x06cbbfea, 0x21ad08e1, 0x847f3f73, + 0x78d56ced, 0x94640d6e, 0xf0d3d37b, 0xe67008e1, + + 0x86d1bf27, 0x5b9b241d, 0xeb64749a, 0x47dfdfb9, + + Where: + + EES = RT(0) | RT(1) | ... | RT(63) | KD | KC + + Note that the abstract describing DFC is written + in big endian notation with the most significant + digits of a sequence of digits placed at the low + index positions in arrays. This format is used + here and is only converted to machine format at + the point that maths is done on any numbers in + the round function. + + The key input is thus treated as an array of 32 + bit words numbered from 0..3, 0..5 or 0..7 + depending on key length. The first (leftmost) + bit of this key string as defined in the DFC + abstract is the most significant bit of word 0 + and the rightmost bit of this string is the least + signicant bit of the highest numbered key word. + + The input and output blocks for the cipher are + also treated as arrays of 32 bit words numbered + from 0..3. The most significant bit of word 0 is + the 1st (leftmost) bit of the 128 bit input string + and the least significant bit of word 3 is the + last (rightmost) bit. + + Note that the inputs, the output and the key are + in Intel little endian format when BYTE_SWAP is + defined + +Timing data: + +Algorithm: dfc (dfc2.c) +128 bit key: +Key Setup: 7373 cycles +Encrypt: 1748 cycles = 14.6 mbits/sec +Decrypt: 1755 cycles = 14.6 mbits/sec +Mean: 1752 cycles = 14.6 mbits/sec +192 bit key: +Key Setup: 7359 cycles +Encrypt: 1757 cycles = 14.6 mbits/sec +Decrypt: 1765 cycles = 14.5 mbits/sec +Mean: 1761 cycles = 14.5 mbits/sec +256 bit key: +Key Setup: 7320 cycles +Encrypt: 1750 cycles = 14.6 mbits/sec +Decrypt: 1749 cycles = 14.6 mbits/sec +Mean: 1749 cycles = 14.6 mbits/sec + +*/ + +#include +#include +#include +#include + +#include + +#define bswap(x) __be32_to_cpu(x) +#define io_swap(x) __cpu_to_be32(x) + +#define BYTE_SWAP + +/* The following arrays are all stored in big endian */ +/* format with 32 bit words at lower array positions */ +/* being more significant in multi-word values */ + +static const u32 rt64[64] = +{ + 0xb7e15162, 0x8aed2a6a, 0xbf715880, 0x9cf4f3c7, + 0x62e7160f, 0x38b4da56, 0xa784d904, 0x5190cfef, + 0x324e7738, 0x926cfbe5, 0xf4bf8d8d, 0x8c31d763, + 0xda06c80a, 0xbb1185eb, 0x4f7c7b57, 0x57f59584, + + 0x90cfd47d, 0x7c19bb42, 0x158d9554, 0xf7b46bce, + 0xd55c4d79, 0xfd5f24d6, 0x613c31c3, 0x839a2ddf, + 0x8a9a276b, 0xcfbfa1c8, 0x77c56284, 0xdab79cd4, + 0xc2b3293d, 0x20e9e5ea, 0xf02ac60a, 0xcc93ed87, + + 0x4422a52e, 0xcb238fee, 0xe5ab6add, 0x835fd1a0, + 0x753d0a8f, 0x78e537d2, 0xb95bb79d, 0x8dcaec64, + 0x2c1e9f23, 0xb829b5c2, 0x780bf387, 0x37df8bb3, + 0x00d01334, 0xa0d0bd86, 0x45cbfa73, 0xa6160ffe, + + 0x393c48cb, 0xbbca060f, 0x0ff8ec6d, 0x31beb5cc, + 0xeed7f2f0, 0xbb088017, 0x163bc60d, 0xf45a0ecb, + 0x1bcd289b, 0x06cbbfea, 0x21ad08e1, 0x847f3f73, + 0x78d56ced, 0x94640d6e, 0xf0d3d37b, 0xe67008e1, +}; + +static const u32 kc = 0xeb64749a; + +static const u32 kd2[2] = +{ + 0x86d1bf27, 0x5b9b241d +}; + +static const u32 ka2[6] = +{ + 0xb7e15162, 0x8aed2a6a, + 0xbf715880, 0x9cf4f3c7, + 0x62e7160f, 0x38b4da56, +}; + +static const u32 kb2[6] = +{ + 0xa784d904, 0x5190cfef, + 0x324e7738, 0x926cfbe5, + 0xf4bf8d8d, 0x8c31d763, +}; + +static const u32 ks8[8] = +{ 0xda06c80a, 0xbb1185eb, 0x4f7c7b57, 0x57f59584, + 0x90cfd47d, 0x7c19bb42, 0x158d9554, 0xf7b46bce, +}; + +#define lo(x) ((x) & 0x0000ffff) +#define hi(x) ((x) >> 16) + +static void mult_64(u32 r[4], const u32 x[2], const u32 y[2]) +{ u32 x0, x1, x2, x3, y0, y1, y2, y3, t0, t1, t2, t3, c; + + x0 = lo(x[1]); x1 = hi(x[1]); x2 = lo(x[0]); x3 = hi(x[0]); + y0 = lo(y[1]); y1 = hi(y[1]); y2 = lo(y[0]); y3 = hi(y[0]); + + t0 = x0 * y0; r[0] = lo(t0); c = hi(t0); + + t0 = x0 * y1; t1 = x1 * y0; c += lo(t0) + lo(t1); + r[0] += (c << 16); c = hi(c) + hi(t0) + hi(t1); + + t0 = x0 * y2; t1 = x1 * y1; t2 = x2 * y0; + c += lo(t0) + lo(t1) + lo(t2); r[1] = lo(c); + c = hi(c) + hi(t0) + hi(t1) + hi(t2); + + t0 = x0 * y3; t1 = x1 * y2; t2 = x2 * y1; t3 = x3 * y0; + c += lo(t0) + lo(t1) + lo(t2) + lo(t3); r[1] += (c << 16); + c = hi(c) + hi(t0) + hi(t1) + hi(t2) + hi(t3); + + t0 = x1 * y3; t1 = x2 * y2; t2 = x3 * y1; + c += lo(t0) + lo(t1) + lo(t2); r[2] = lo(c); + c = hi(c) + hi(t0) + hi(t1) + hi(t2); + + t0 = x2 * y3; t1 = x3 * y2; c += lo(t0) + lo(t1); + r[2] += (c << 16); c = hi(c) + hi(t0) + hi(t1); + + r[3] = c + x3 * y3; +}; + +inline static void add_64(u32 r[4], const u32 hi, const u32 lo) +{ + if((r[0] += lo) < lo) + if(!++r[1]) + if(!++r[2]) + ++r[3]; + + if((r[1] += hi) < hi) + if(!++r[2]) + ++r[3]; +}; + +static void mult_13(u32 r[3]) +{ u32 c, d; + + c = 13 * lo(r[0]); + d = hi(r[0]); + r[0] = lo(c); + c = hi(c) + 13 * d; + r[0] += (c << 16); + c = hi(c) + 13 * lo(r[1]); + d = hi(r[1]); + r[1] = lo(c); + c = hi(c) + 13 * d; + r[1] += (c << 16); + r[2] = hi(c); +}; + +/* Where necessary this is where conversion from big endian to */ +/* little endian format is performed. Since all the maths is */ +/* little endian care is needed when 64 bit blocks are being */ +/* used to get them in the right order by reversing the order */ +/* in which these are stored. This applies to the key array */ +/* which gives the two values A and B and to the constant KD. */ +/* Since the input and output blocks are big endian we also */ +/* have to invert the order of the 32 bit words in the 64 bit */ +/* blocks being processed. */ + +static void r_fun(u32 outp[2], const u32 inp[2], const u32 key[4]) +{ u32 acc[5], b, t; + + mult_64(acc, inp, key); add_64(acc, key[2], key[3]); + + /* we need the value in the accumulator mod 2^64 + 13 so if */ + /* the accumulator value is hi * 2^64 + lo we need to find */ + /* a k value such that r = hi * 2^64 + lo - k * (2^64 + 13) */ + /* is 0 <= r < 2^64 + 13. We can see that k will be close */ + /* to hi in value - it may equal hi but will not be greater */ + /* and we can let k = hi - e with e >= 0 so that r is given */ + /* by r = e * (2^64 + 13) + lo - 13 * hi. If we compute the */ + /* lo - 13 * hi value, the overflow into the top 64 bits of */ + /* the accumulator has to be 'zeroed' by the e * (2^64 + 13)*/ + /* term and this sets the e value (in fact such an overlow */ + /* is only removed when the lower word is higher than 12). */ + + mult_13(&acc[2]); /* multiply top of accumulator by 13 */ + + /* calculate lo - 13 * hi in acc[0] and acc[1] with any */ + /* overflow into top 64 bits in b */ + + t = acc[0]; acc[0] -= acc[2]; b = (acc[0] > t ? 1 : 0); + + t = acc[1]; acc[1] -= acc[3] + b; + b = (acc[1] > t ? 1 : (acc[1] == t ? b : 0)); + + b = 13 * (acc[4] + b); /* overflow into top 64 bits of acc */ + + if(((acc[0] += b) < b) && !(++acc[1])) + { + if(acc[0] > 12) + + acc[0] -= 13; + } + + /* do the confusion permutation */ + + t = acc[1] ^ kc; b = acc[0] ^ rt64[acc[1] >> 26]; + + b += kd2[0] + ((t += kd2[1]) < kd2[1] ? 1 : 0); + + outp[0] ^= b; outp[1] ^= t; +}; + +static int dfc_set_key(struct cipher_context *cx, const unsigned char *key, + int key_len, int atomic) +{ u32 *in_key = (u32 *)key; + /* l_key - storage for the key schedule */ + u32 *l_key = cx->keyinfo; + u32 i, lk[32], rk[4]; + + if (key_len != 16 && key_len != 24 && key_len != 32) + return -EINVAL; /* unsupported key length */ + + key_len *= 8; + + for(i = 0; i < key_len / 32; ++i) + lk[i] = io_swap(in_key[i]); + + /* pad the key with the KS array */ + + for(i = 0; i < 8 - key_len / 32; ++i) /* K|KS */ + lk[i + key_len / 32] = ks8[i]; + + /* do the reordering of the key parameters */ + /* the OAP[1]|OBP[1]|OAP[2]... sequence is */ + /* at lk[0]... and the other at lk[16]... */ + + lk[18] = lk[5]; lk[19] = lk[2]; /* EBP */ + lk[16] = lk[1]; lk[17] = lk[6]; /* EAP */ + lk[ 2] = lk[4]; lk[ 3] = lk[3]; /* OBP */ + lk[ 0] = lk[0]; lk[ 1] = lk[7]; /* OAP */ + + /* create other elements using KA and KB */ + + for(i = 0; i < 6; i += 2) + { + lk[i + i + 4] = lk[ 0] ^ ka2[i]; /* OAP[i] ms */ + lk[i + i + 5] = lk[ 1] ^ ka2[i + 1]; /* OAP[i] ls */ + lk[i + i + 6] = lk[ 2] ^ kb2[i]; /* OBP[i] ms */ + lk[i + i + 7] = lk[ 3] ^ kb2[i + 1]; /* OBP[i] ls */ + lk[i + i + 20] = lk[16] ^ ka2[i]; /* EAP[i] ms */ + lk[i + i + 21] = lk[17] ^ ka2[i + 1]; /* EAP[i] ls */ + lk[i + i + 22] = lk[18] ^ kb2[i]; /* EBP[i] ms */ + lk[i + i + 23] = lk[19] ^ kb2[i + 1]; /* EBP[i] ls */ + } + + rk[0] = rk[1] = rk[2] = rk[3] = 0; + + /* do the 4 round key mixing encryption */ + + for(i = 0; i < 32; i += 8) + { + r_fun(rk, rk + 2, lk); /* R2|R1 */ + r_fun(rk + 2, rk, lk + 4); /* R2|R3 */ + r_fun(rk, rk + 2, lk + 8); /* R4|R3 */ + r_fun(rk + 2, rk, lk + 12); /* R4|R5 */ + + /* keep key in big endian format with */ + /* the most significant 32 bit words */ + /* first (lowest) in the key schedule */ + /* - note that the upper and lower 64 */ + /* bit blocks are in inverse order at */ + /* this point in the loop */ + + l_key[i + 0] = rk[2]; l_key[i + 1] = rk[3]; + l_key[i + 2] = rk[0]; l_key[i + 3] = rk[1]; + + r_fun(rk + 2, rk, lk + 16); /* R1|R2 */ + r_fun(rk, rk + 2, lk + 20); /* R3|R2 */ + r_fun(rk + 2, rk, lk + 24); /* R3|R4 */ + r_fun(rk, rk + 2, lk + 28); /* R5|R4 */ + + l_key[i + 4] = rk[0]; l_key[i + 5] = rk[1]; + l_key[i + 6] = rk[2]; l_key[i + 7] = rk[3]; + } + + return 0; +}; + +static int dfc_encrypt(struct cipher_context *cx, const u8 *in, u8 *out, + int size, int atomic) +{ u32 *l_key = cx->keyinfo; + u32 *in_blk = (u32 *)in; + u32 *out_blk = (u32 *)out; + u32 blk[4]; + + /* the input/output format is big endian - */ + /* any reversals needed are performed when */ + /* maths is done in the round function */ + + blk[0] = io_swap(in_blk[0]); blk[1] = io_swap(in_blk[1]); + blk[2] = io_swap(in_blk[2]); blk[3] = io_swap(in_blk[3]); + + r_fun(blk, blk + 2, l_key + 0); /* R2|R1 */ + r_fun(blk + 2, blk, l_key + 4); /* R2|R3 */ + r_fun(blk, blk + 2, l_key + 8); /* R4|R3 */ + r_fun(blk + 2, blk, l_key + 12); /* R4|R5 */ + r_fun(blk, blk + 2, l_key + 16); /* R6|R5 */ + r_fun(blk + 2, blk, l_key + 20); /* R6|R7 */ + r_fun(blk, blk + 2, l_key + 24); /* R8|R7 */ + r_fun(blk + 2, blk, l_key + 28); /* R8|R9 */ + + /* swap order to obtain the result R9|R8 */ + + out_blk[0] = io_swap(blk[2]); out_blk[1] = io_swap(blk[3]); + out_blk[2] = io_swap(blk[0]); out_blk[3] = io_swap(blk[1]); + return 0; +}; + +static int dfc_decrypt(struct cipher_context *cx, const u8 *in, u8 *out, + int size, int atomic) +{ u32 *l_key = cx->keyinfo; + u32 *in_blk = (u32 *)in; + u32 *out_blk = (u32 *)out; + u32 blk[4]; + + /* the input/output format is big endian - */ + /* any reversals needed are performed when */ + /* maths is done in the round function */ + + blk[0] = io_swap(in_blk[0]); blk[1] = io_swap(in_blk[1]); + blk[2] = io_swap(in_blk[2]); blk[3] = io_swap(in_blk[3]); + + r_fun(blk, blk + 2, l_key + 28); /* R7|R8 */ + r_fun(blk + 2, blk, l_key + 24); /* R7|R6 */ + r_fun(blk, blk + 2, l_key + 20); /* R5|R6 */ + r_fun(blk + 2, blk, l_key + 16); /* R5|R4 */ + r_fun(blk, blk + 2, l_key + 12); /* R3|R4 */ + r_fun(blk + 2, blk, l_key + 8); /* R3|R2 */ + r_fun(blk, blk + 2, l_key + 4); /* R1|R2 */ + r_fun(blk + 2, blk, l_key ); /* R1|R0 */ + + /* swap order to obtain the result R1|R0 */ + + out_blk[0] = io_swap(blk[2]); out_blk[1] = io_swap(blk[3]); + out_blk[2] = io_swap(blk[0]); out_blk[3] = io_swap(blk[1]); + return 0; +}; + +#define CIPHER_ID dfc +#define CIPHER_BLOCKSIZE 128 +#define CIPHER_KEY_SIZE_MASK CIPHER_KEYSIZE_128 | CIPHER_KEYSIZE_192 | CIPHER_KEYSIZE_256 +#define CIPHER_KEY_SCHEDULE_SIZE (32 * sizeof(u32)) + +#include "gen-cipher.h" + +EXPORT_NO_SYMBOLS; + +/* eof */ diff -Nur linux-2.4.18/crypto/ciphers/cipher-dummy.c linux-int-2.4.18/crypto/ciphers/cipher-dummy.c --- linux-2.4.18/crypto/ciphers/cipher-dummy.c Thu Jan 1 01:00:00 1970 +++ linux-int-2.4.18/crypto/ciphers/cipher-dummy.c Wed Apr 3 17:28:57 2002 @@ -0,0 +1,128 @@ +/* + * Dummy CIPHER module + * + * this is a dummy cipher module for debugging purposes, it may serve as + * skeleton for new ciphers as well + * + * by hvr@gnu.org + */ + +#include +#include +#include +#include +#include +#include + +#ifdef MODULE_LICENSE +MODULE_LICENSE("GPL"); +#endif + +static int +dummy_encrypt (struct cipher_context *cx, const u8 *in8, u8 *out8, + int size, int atomic) +{ + memmove (out8, in8, size); + return 0; +} + +static int +dummy_decrypt (struct cipher_context *cx, const u8 *in8, u8 *out8, + int size, int atomic) +{ + memmove (out8, in8, size); + return 0; +} + +static int +dummy_set_key (struct cipher_context *cx, const unsigned char *key, int key_len, + int atomic) +{ + printk (KERN_DEBUG "%s: key_len=%d atomic=%d\n", + __PRETTY_FUNCTION__, key_len, atomic); + + if (key_len != 16 && key_len != 20 && key_len != 24 && key_len != 32) + return -EINVAL; /* unsupported key length */ + + return 0; +} + +static void +dummy_lock (void) +{ + printk (KERN_DEBUG "%s\n", __PRETTY_FUNCTION__); + + MOD_INC_USE_COUNT; +} + +static void +dummy_unlock (void) +{ + printk (KERN_DEBUG "%s\n", __PRETTY_FUNCTION__); + + MOD_DEC_USE_COUNT; +} + +#define CIPHER_BITS_64 +#define CIPHER_NAME(x) dummy##x +#include "gen-cbc.h" +#include "gen-ecb.h" + +#define DUMMY_KEY_SCHEDULE_SIZE ((18+1024)*sizeof(u32)) + +static struct cipher_implementation dummy_ecb = { + {{NULL, NULL}, CIPHER_MODE_ECB, "dummy-ecb"}, + blocksize:8, + ivsize:0, + key_schedule_size:0, + key_size_mask:CIPHER_KEYSIZE_128 | CIPHER_KEYSIZE_160 | CIPHER_KEYSIZE_192 | + CIPHER_KEYSIZE_256, + INIT_CIPHER_BLKOPS (dummy_ecb), + INIT_CIPHER_OPS (dummy) +}; + +static struct cipher_implementation dummy_cbc = { + {{NULL, NULL}, CIPHER_MODE_CBC, "dummy-cbc"}, + blocksize:8, + ivsize:8, + key_schedule_size:0, + key_size_mask:CIPHER_KEYSIZE_128 | CIPHER_KEYSIZE_160 | CIPHER_KEYSIZE_192 | + CIPHER_KEYSIZE_256, + INIT_CIPHER_BLKOPS (dummy_cbc), + INIT_CIPHER_OPS (dummy) +}; + +static int __init +init_dummy (void) +{ + printk (KERN_DEBUG "%s\n", __PRETTY_FUNCTION__); + + if (register_cipher (&dummy_ecb)) + printk (KERN_WARNING + "Couldn't register dummy-ecb encryption\n"); + + if (register_cipher (&dummy_cbc)) + printk (KERN_WARNING + "Couldn't register dummy-cbc encryption\n"); + + return 0; +} + +static void __exit +cleanup_dummy (void) +{ + printk (KERN_DEBUG "%s\n", __PRETTY_FUNCTION__); + + if (unregister_cipher (&dummy_ecb)) + printk (KERN_WARNING + "Couldn't unregister dummy-ecb encryption\n"); + + if (unregister_cipher (&dummy_cbc)) + printk (KERN_WARNING + "Couldn't unregister dummy-cbc encryption\n"); +} + +module_init (init_dummy); +module_exit (cleanup_dummy); + +EXPORT_NO_SYMBOLS; diff -Nur linux-2.4.18/crypto/ciphers/cipher-idea.c linux-int-2.4.18/crypto/ciphers/cipher-idea.c --- linux-2.4.18/crypto/ciphers/cipher-idea.c Thu Jan 1 01:00:00 1970 +++ linux-int-2.4.18/crypto/ciphers/cipher-idea.c Wed Apr 3 17:28:57 2002 @@ -0,0 +1,275 @@ +/* + * idea.c - C source code for IDEA block cipher. + * IDEA (International Data Encryption Algorithm), formerly known as + * IPES (Improved Proposed Encryption Standard). + * Algorithm developed by Xuejia Lai and James L. Massey, of ETH Zurich. + * This implementation modified and derived from original C code + * developed by Xuejia Lai. + * Zero-based indexing added, names changed from IPES to IDEA. + * CFB functions added. Random number routines added. + * + * Extensively optimized and restructured by Colin Plumb. + * + * The IDEA(tm) block cipher is covered by patents held by ETH and a + * Swiss company called Ascom-Tech AG. The Swiss patent number is + * PCT/CH91/00117, the European patent number is EP 0 482 154 B1, and + * the U.S. patent number is US005214703. IDEA(tm) is a trademark of + * Ascom-Tech AG. There is no license fee required for noncommercial + * use. Commercial users may obtain licensing details from Dieter + * Profos, Ascom Tech AG, Solothurn Lab, Postfach 151, 4502 Solothurn, + * Switzerland, Tel +41 65 242885, Fax +41 65 235761. + * + * The IDEA block cipher uses a 64-bit block size, and a 128-bit key + * size. It breaks the 64-bit cipher block into four 16-bit words + * because all of the primitive inner operations are done with 16-bit + * arithmetic. It likewise breaks the 128-bit cipher key into eight + * 16-bit words. + * + * For further information on the IDEA cipher, see the book: + * Xuejia Lai, "On the Design and Security of Block Ciphers", + * ETH Series on Information Processing (ed. J.L. Massey) Vol 1, + * Hartung-Gorre Verlag, Konstanz, Switzerland, 1992. ISBN + * 3-89191-573-X. + * + * This code runs on arrays of bytes by taking pairs in big-endian + * order to make the 16-bit words that IDEA uses internally. This + * produces the same result regardless of the byte order of the + * native CPU. + */ + +#include +#include +#include +#include +#include +#include + +#define IDEAKEYSIZE 16 +#define IDEABLOCKSIZE 8 + +#define IDEAROUNDS 8 +#define IDEAKEYLEN (6*IDEAROUNDS+4) + +#define low16(x) ((x) & 0xFFFF) + +typedef struct { + u16 ek[IDEAKEYLEN]; + u16 dk[IDEAKEYLEN]; +} idea_key_t; + +/* + * Compute the multiplicative inverse of x, modulo 65537, using + * Euclid's algorithm. It is unrolled twice to avoid swapping the + * registers each iteration, and some subtracts of t have been changed + * to adds. + */ +static inline u16 +mulInv (u16 x) +{ + u16 t0, t1; + u16 q, y; + + if (x <= 1) + return x; /* 0 and 1 are self-inverse */ + t1 = 0x10001L / x; /* Since x >= 2, this fits into 16 bits */ + y = 0x10001L % x; + if (y == 1) + return low16 (1 - t1); + t0 = 1; + do { + q = x / y; + x %= y; + t0 += q * t1; + if (x == 1) + return t0; + q = y / x; + y %= x; + t1 += q * t0; + } while (y != 1); + return low16 (1 - t1); +} + +/* + * Expand a 128-bit user key to a working encryption key ek + */ +static void +ideaExpandKey (const u8 *userkey, u16 *ek) +{ + int i, j; + + for (j = 0; j < 8; j++) { + ek[j] = (userkey[0] << 8) + userkey[1]; + userkey += 2; + } + for (i = 0; j < IDEAKEYLEN; j++) { + i++; + ek[i + 7] = ek[i & 7] << 9 | ek[(i + 1) & 7] >> 7; + ek += i & 8; + i &= 7; + } +} + +/* + * Compute IDEA decryption key dk from an expanded IDEA encryption key + * ek Note that the input and output may be the same. Thus, the key + * is inverted into an internal buffer, and then copied to the output. + */ +static void +ideaInvertKey (const u16 *ek, u16 dk[IDEAKEYLEN]) +{ + int i; + u16 t1, t2, t3; + u16 temp[IDEAKEYLEN]; + u16 *p = temp + IDEAKEYLEN; + + t1 = mulInv (*ek++); + t2 = -*ek++; + t3 = -*ek++; + *--p = mulInv (*ek++); + *--p = t3; + *--p = t2; + *--p = t1; + + for (i = 0; i < IDEAROUNDS - 1; i++) { + t1 = *ek++; + *--p = *ek++; + *--p = t1; + + t1 = mulInv (*ek++); + t2 = -*ek++; + t3 = -*ek++; + *--p = mulInv (*ek++); + *--p = t2; + *--p = t3; + *--p = t1; + } + t1 = *ek++; + *--p = *ek++; + *--p = t1; + + t1 = mulInv (*ek++); + t2 = -*ek++; + t3 = -*ek++; + *--p = mulInv (*ek++); + *--p = t3; + *--p = t2; + *--p = t1; + /* Copy and destroy temp copy */ + memcpy (dk, temp, sizeof (temp)); + memset (&temp, 0, sizeof (temp)); +} + +/* IDEA encryption/decryption algorithm */ +/* Note that in and out can be the same buffer */ +static void +ideaCipher (const u16 inbuf[4], u16 outbuf[4], const u16 *key) +{ + register u16 x1, x2, x3, x4, s2, s3; + register u16 t16; /* Temporaries needed by MUL macro */ + register u32 t32; + int r = IDEAROUNDS; + + x1 = be16_to_cpu (inbuf[0]); + x2 = be16_to_cpu (inbuf[1]); + x3 = be16_to_cpu (inbuf[2]); + x4 = be16_to_cpu (inbuf[3]); + +#define MUL(x,y) \ + ((t16 = (y)) ? \ + (x=low16(x)) ? \ + t32 = (u32)x*t16, \ + x = low16(t32), \ + t16 = t32>>16, \ + x = (x-t16)+(xkeyinfo; + + if (size != 8) + return 1; + + ideaCipher ((const u16 *) in, (u16 *) out, c->ek); + + return 0; +} + +int +idea_decrypt (struct cipher_context *cx, + const u8 *in, u8 *out, int size, int atomic) +{ + const idea_key_t *c = (idea_key_t *) cx->keyinfo; + + if (size != 8) + return 1; + + ideaCipher ((const u16 *) in, (u16 *) out, c->dk); + + return 0; +} + +int +idea_set_key (struct cipher_context *cx, + const u8 *key, int keybytes, int atomic) +{ + idea_key_t *c = (idea_key_t *) cx->keyinfo; + + if (keybytes != 16) + return -EINVAL; + + ideaExpandKey (key, c->ek); + ideaInvertKey (c->ek, c->dk); + return 0; +} + +#define CIPHER_ID idea +#define CIPHER_BLOCKSIZE 64 +#define CIPHER_KEY_SIZE_MASK CIPHER_KEYSIZE_128 +#define CIPHER_KEY_SCHEDULE_SIZE sizeof (idea_key_t) + +#include "gen-cipher.h" + +EXPORT_NO_SYMBOLS; + +/* eof */ diff -Nur linux-2.4.18/crypto/ciphers/cipher-mars.c linux-int-2.4.18/crypto/ciphers/cipher-mars.c --- linux-2.4.18/crypto/ciphers/cipher-mars.c Thu Jan 1 01:00:00 1970 +++ linux-int-2.4.18/crypto/ciphers/cipher-mars.c Wed Apr 3 17:28:57 2002 @@ -0,0 +1,570 @@ +/* NOTE: This implementation has been changed from the original source */ + +/* Copyright in this code is held by Dr B.R. Gladman but free direct or + * derivative use is permit1ed subject to acknowledgement of its origin + * and subject to any constraints placed on the use of the algorithm by + * its designers (if such constraints may exist, this will be indicated + * below). + * + * Dr. B. R. Gladman (brian.gladman@btinternet.com). 25th January 2000. + * + * This is an implementation of MARS, an encryption algorithm designed by + * a team at IBM and submit1ed as a candidate algorithm for the Advanced + * Encryption Standard programme of the US National Institute of Standards + * and Technology. + * + * The MARS algorithm is covered by a pending patent application owned by + * IBM, who intend to offer a royalty free license under any issued patent + * that results from such application if MARS is selected as the AES + * algorithm. In the interim, you may evaluate the MARS algorithm for + * your personal, lawful, non-profit purposes as an end user. + * + * NOTE: this is the revised second round variant of MARS */ + +/* For an update regarding licensing see + * http://www.tivoli.com/news/press/pressreleases/en/2000/mars.html */ + +/* Use first round variant of MARS */ +/* #define CIPHER_MARS_ROUND_1 */ + +#include +#include +#include +#include +#include + +#if 0 +#define rotl rotl32 +#define rotr rotr32 +#else +#define rotl generic_rotl32 +#define rotr generic_rotr32 +#endif + +const static u32 s_box[] = { + 0x09d0c479, 0x28c8ffe0, 0x84aa6c39, 0x9dad7287, /* 0x000 */ + 0x7dff9be3, 0xd4268361, 0xc96da1d4, 0x7974cc93, + 0x85d0582e, 0x2a4b5705, 0x1ca16a62, 0xc3bd279d, + 0x0f1f25e5, 0x5160372f, 0xc695c1fb, 0x4d7ff1e4, + 0xae5f6bf4, 0x0d72ee46, 0xff23de8a, 0xb1cf8e83, /* 0x010 */ + 0xf14902e2, 0x3e981e42, 0x8bf53eb6, 0x7f4bf8ac, + 0x83631f83, 0x25970205, 0x76afe784, 0x3a7931d4, + 0x4f846450, 0x5c64c3f6, 0x210a5f18, 0xc6986a26, + 0x28f4e826, 0x3a60a81c, 0xd340a664, 0x7ea820c4, /* 0x020 */ + 0x526687c5, 0x7eddd12b, 0x32a11d1d, 0x9c9ef086, + 0x80f6e831, 0xab6f04ad, 0x56fb9b53, 0x8b2e095c, + 0xb68556ae, 0xd2250b0d, 0x294a7721, 0xe21fb253, + 0xae136749, 0xe82aae86, 0x93365104, 0x99404a66, /* 0x030 */ + 0x78a784dc, 0xb69ba84b, 0x04046793, 0x23db5c1e, + 0x46cae1d6, 0x2fe28134, 0x5a223942, 0x1863cd5b, + 0xc190c6e3, 0x07dfb846, 0x6eb88816, 0x2d0dcc4a, + 0xa4ccae59, 0x3798670d, 0xcbfa9493, 0x4f481d45, /* 0x040 */ + 0xeafc8ca8, 0xdb1129d6, 0xb0449e20, 0x0f5407fb, + 0x6167d9a8, 0xd1f45763, 0x4daa96c3, 0x3bec5958, + 0xababa014, 0xb6ccd201, 0x38d6279f, 0x02682215, + 0x8f376cd5, 0x092c237e, 0xbfc56593, 0x32889d2c, /* 0x050 */ + 0x854b3e95, 0x05bb9b43, 0x7dcd5dcd, 0xa02e926c, + 0xfae527e5, 0x36a1c330, 0x3412e1ae, 0xf257f462, + 0x3c4f1d71, 0x30a2e809, 0x68e5f551, 0x9c61ba44, + 0x5ded0ab8, 0x75ce09c8, 0x9654f93e, 0x698c0cca, /* 0x060 */ + 0x243cb3e4, 0x2b062b97, 0x0f3b8d9e, 0x00e050df, + 0xfc5d6166, 0xe35f9288, 0xc079550d, 0x0591aee8, + 0x8e531e74, 0x75fe3578, 0x2f6d829a, 0xf60b21ae, + 0x95e8eb8d, 0x6699486b, 0x901d7d9b, 0xfd6d6e31, /* 0x070 */ + 0x1090acef, 0xe0670dd8, 0xdab2e692, 0xcd6d4365, + 0xe5393514, 0x3af345f0, 0x6241fc4d, 0x460da3a3, + 0x7bcf3729, 0x8bf1d1e0, 0x14aac070, 0x1587ed55, + 0x3afd7d3e, 0xd2f29e01, 0x29a9d1f6, 0xefb10c53, /* 0x080 */ + 0xcf3b870f, 0xb414935c, 0x664465ed, 0x024acac7, + 0x59a744c1, 0x1d2936a7, 0xdc580aa6, 0xcf574ca8, + 0x040a7a10, 0x6cd81807, 0x8a98be4c, 0xaccea063, + 0xc33e92b5, 0xd1e0e03d, 0xb322517e, 0x2092bd13, /* 0x090 */ + 0x386b2c4a, 0x52e8dd58, 0x58656dfb, 0x50820371, + 0x41811896, 0xe337ef7e, 0xd39fb119, 0xc97f0df6, + 0x68fea01b, 0xa150a6e5, 0x55258962, 0xeb6ff41b, + 0xd7c9cd7a, 0xa619cd9e, 0xbcf09576, 0x2672c073, /* 0x0a0 */ + 0xf003fb3c, 0x4ab7a50b, 0x1484126a, 0x487ba9b1, + 0xa64fc9c6, 0xf6957d49, 0x38b06a75, 0xdd805fcd, + 0x63d094cf, 0xf51c999e, 0x1aa4d343, 0xb8495294, + 0xce9f8e99, 0xbffcd770, 0xc7c275cc, 0x378453a7, /* 0x0b0 */ + 0x7b21be33, 0x397f41bd, 0x4e94d131, 0x92cc1f98, + 0x5915ea51, 0x99f861b7, 0xc9980a88, 0x1d74fd5f, + 0xb0a495f8, 0x614deed0, 0xb5778eea, 0x5941792d, + 0xfa90c1f8, 0x33f824b4, 0xc4965372, 0x3ff6d550, /* 0x0c0 */ + 0x4ca5fec0, 0x8630e964, 0x5b3fbbd6, 0x7da26a48, + 0xb203231a, 0x04297514, 0x2d639306, 0x2eb13149, + 0x16a45272, 0x532459a0, 0x8e5f4872, 0xf966c7d9, + 0x07128dc0, 0x0d44db62, 0xafc8d52d, 0x06316131, /* 0x0d0 */ + 0xd838e7ce, 0x1bc41d00, 0x3a2e8c0f, 0xea83837e, + 0xb984737d, 0x13ba4891, 0xc4f8b949, 0xa6d6acb3, + 0xa215cdce, 0x8359838b, 0x6bd1aa31, 0xf579dd52, + 0x21b93f93, 0xf5176781, 0x187dfdde, 0xe94aeb76, /* 0x0e0 */ + 0x2b38fd54, 0x431de1da, 0xab394825, 0x9ad3048f, + 0xdfea32aa, 0x659473e3, 0x623f7863, 0xf3346c59, + 0xab3ab685, 0x3346a90b, 0x6b56443e, 0xc6de01f8, + 0x8d421fc0, 0x9b0ed10c, 0x88f1a1e9, 0x54c1f029, /* 0x0f0 */ + 0x7dead57b, 0x8d7ba426, 0x4cf5178a, 0x551a7cca, + 0x1a9a5f08, 0xfcd651b9, 0x25605182, 0xe11fc6c3, + 0xb6fd9676, 0x337b3027, 0xb7c8eb14, 0x9e5fd030, + + 0x6b57e354, 0xad913cf7, 0x7e16688d, 0x58872a69, /* 0x100 */ + 0x2c2fc7df, 0xe389ccc6, 0x30738df1, 0x0824a734, + 0xe1797a8b, 0xa4a8d57b, 0x5b5d193b, 0xc8a8309b, + 0x73f9a978, 0x73398d32, 0x0f59573e, 0xe9df2b03, + 0xe8a5b6c8, 0x848d0704, 0x98df93c2, 0x720a1dc3, /* 0x110 */ + 0x684f259a, 0x943ba848, 0xa6370152, 0x863b5ea3, + 0xd17b978b, 0x6d9b58ef, 0x0a700dd4, 0xa73d36bf, + 0x8e6a0829, 0x8695bc14, 0xe35b3447, 0x933ac568, + 0x8894b022, 0x2f511c27, 0xddfbcc3c, 0x006662b6, /* 0x120 */ + 0x117c83fe, 0x4e12b414, 0xc2bca766, 0x3a2fec10, + 0xf4562420, 0x55792e2a, 0x46f5d857, 0xceda25ce, + 0xc3601d3b, 0x6c00ab46, 0xefac9c28, 0xb3c35047, + 0x611dfee3, 0x257c3207, 0xfdd58482, 0x3b14d84f, /* 0x130 */ + 0x23becb64, 0xa075f3a3, 0x088f8ead, 0x07adf158, + 0x7796943c, 0xfacabf3d, 0xc09730cd, 0xf7679969, + 0xda44e9ed, 0x2c854c12, 0x35935fa3, 0x2f057d9f, + 0x690624f8, 0x1cb0bafd, 0x7b0dbdc6, 0x810f23bb, /* 0x140 */ + 0xfa929a1a, 0x6d969a17, 0x6742979b, 0x74ac7d05, + 0x010e65c4, 0x86a3d963, 0xf907b5a0, 0xd0042bd3, + 0x158d7d03, 0x287a8255, 0xbba8366f, 0x096edc33, + 0x21916a7b, 0x77b56b86, 0x951622f9, 0xa6c5e650, /* 0x150 */ + 0x8cea17d1, 0xcd8c62bc, 0xa3d63433, 0x358a68fd, + 0x0f9b9d3c, 0xd6aa295b, 0xfe33384a, 0xc000738e, + 0xcd67eb2f, 0xe2eb6dc2, 0x97338b02, 0x06c9f246, + 0x419cf1ad, 0x2b83c045, 0x3723f18a, 0xcb5b3089, /* 0x160 */ + 0x160bead7, 0x5d494656, 0x35f8a74b, 0x1e4e6c9e, + 0x000399bd, 0x67466880, 0xb4174831, 0xacf423b2, + 0xca815ab3, 0x5a6395e7, 0x302a67c5, 0x8bdb446b, + 0x108f8fa4, 0x10223eda, 0x92b8b48b, 0x7f38d0ee, /* 0x170 */ + 0xab2701d4, 0x0262d415, 0xaf224a30, 0xb3d88aba, + 0xf8b2c3af, 0xdaf7ef70, 0xcc97d3b7, 0xe9614b6c, + 0x2baebff4, 0x70f687cf, 0x386c9156, 0xce092ee5, + 0x01e87da6, 0x6ce91e6a, 0xbb7bcc84, 0xc7922c20, /* 0x180 */ + 0x9d3b71fd, 0x060e41c6, 0xd7590f15, 0x4e03bb47, + 0x183c198e, 0x63eeb240, 0x2ddbf49a, 0x6d5cba54, + 0x923750af, 0xf9e14236, 0x7838162b, 0x59726c72, + 0x81b66760, 0xbb2926c1, 0x48a0ce0d, 0xa6c0496d, /* 0x190 */ + 0xad43507b, 0x718d496a, 0x9df057af, 0x44b1bde6, + 0x054356dc, 0xde7ced35, 0xd51a138b, 0x62088cc9, + 0x35830311, 0xc96efca2, 0x686f86ec, 0x8e77cb68, + 0x63e1d6b8, 0xc80f9778, 0x79c491fd, 0x1b4c67f2, /* 0x1a0 */ + 0x72698d7d, 0x5e368c31, 0xf7d95e2e, 0xa1d3493f, + 0xdcd9433e, 0x896f1552, 0x4bc4ca7a, 0xa6d1baf4, + 0xa5a96dcc, 0x0bef8b46, 0xa169fda7, 0x74df40b7, + 0x4e208804, 0x9a756607, 0x038e87c8, 0x20211e44, /* 0x1b0 */ + 0x8b7ad4bf, 0xc6403f35, 0x1848e36d, 0x80bdb038, + 0x1e62891c, 0x643d2107, 0xbf04d6f8, 0x21092c8c, + 0xf644f389, 0x0778404e, 0x7b78adb8, 0xa2c52d53, + 0x42157abe, 0xa2253e2e, 0x7bf3f4ae, 0x80f594f9, /* 0x1c0 */ + 0x953194e7, 0x77eb92ed, 0xb3816930, 0xda8d9336, + 0xbf447469, 0xf26d9483, 0xee6faed5, 0x71371235, + 0xde425f73, 0xb4e59f43, 0x7dbe2d4e, 0x2d37b185, + 0x49dc9a63, 0x98c39d98, 0x1301c9a2, 0x389b1bbf, /* 0x1d0 */ + 0x0c18588d, 0xa421c1ba, 0x7aa3865c, 0x71e08558, + 0x3c5cfcaa, 0x7d239ca4, 0x0297d9dd, 0xd7dc2830, + 0x4b37802b, 0x7428ab54, 0xaeee0347, 0x4b3fbb85, + 0x692f2f08, 0x134e578e, 0x36d9e0bf, 0xae8b5fcf, /* 0x1e0 */ + 0xedb93ecf, 0x2b27248e, 0x170eb1ef, 0x7dc57fd6, + 0x1e760f16, 0xb1136601, 0x864e1b9b, 0xd7ea7319, + 0x3ab871bd, 0xcfa4d76f, 0xe31bd782, 0x0dbeb469, + 0xabb96061, 0x5370f85d, 0xffb07e37, 0xda30d0fb, /* 0x1f0 */ + 0xebc977b6, 0x0b98b40f, 0x3a4d0fe6, 0xdf4fc26b, + 0x159cf22a, 0xc298d6e2, 0x2b78ef6a, 0x61a94ac0, + 0xab561187, 0x14eea0f0, 0xdf0d4164, 0x19af70ee +}; + +const static u32 b_tab[4] = { + 0xa4a8d57b, 0x5b5d193b, 0xc8a8309b, 0x73f9a978 /* s_box[265..268] */ +}; + +#define f_mix(a,b,c,d) \ + r = rotr(a, 8); \ + b ^= s_box[a & 255]; \ + b += s_box[(r & 255) + 256]; \ + r = rotr(a, 16); \ + a = rotr(a, 24); \ + c += s_box[r & 255]; \ + d ^= s_box[(a & 255) + 256] + +#define b_mix(a,b,c,d) \ + r = rotl(a, 8); \ + b ^= s_box[(a & 255) + 256]; \ + c -= s_box[r & 255]; \ + r = rotl(a, 16); \ + a = rotl(a, 24); \ + d -= s_box[(r & 255) + 256]; \ + d ^= s_box[a & 255] + +#define f_ktr(a,b,c,d,i) \ + m = a + l_key[i]; \ + a = rotl(a, 13); \ + r = a * l_key[i + 1]; \ + l = s_box[m & 511]; \ + r = rotl(r, 5); \ + c += rotl(m, r); \ + l ^= r; \ + r = rotl(r, 5); \ + l ^= r; \ + d ^= r; \ + b += rotl(l, r) + +#define r_ktr(a,b,c,d,i) \ + r = a * l_key[i + 1]; \ + a = rotr(a, 13); \ + m = a + l_key[i]; \ + l = s_box[m & 511]; \ + r = rotl(r, 5); \ + l ^= r; \ + c -= rotl(m, r); \ + r = rotl(r, 5); \ + l ^= r; \ + d ^= r; \ + b -= rotl(l, r) + +#if defined(CIPHER_MARS_ROUND_1) +static int +mars_set_key (struct cipher_context *cx, const unsigned char *key, int key_len, + int atomic) +{ + u32 i, j, m, w; + const u32 *in_key = (const u32 *) key; + u32 *l_key = cx->keyinfo; + u32 vk[47] = { + 0x09d0c479, 0x28c8ffe0, 0x84aa6c39, 0x9dad7287, 0x7dff9be3, + 0xd4268361, 0xc96da1d4 /* s_box[0..6] */ + }; + + if (key_len != 16 && key_len != 24 && key_len != 32) + return -EINVAL; /* unsupported key length */ + + m = key_len / 4 - 1; + + for (i = j = 0; i < 39; ++i) { + vk[i + 7] = rotl (vk[i] ^ vk[i + 5], 3) ^ in_key[j] ^ i; + j = (j == m ? 0 : j + 1); + } + + vk[46] = key_len / 4; + + for (j = 0; j < 7; ++j) { + for (i = 1; i < 40; ++i) + vk[i + 7] = + rotl (vk[i + 7] + s_box[vk[i + 6] & 511], 9); + + vk[7] = rotl (vk[7] + s_box[vk[46] & 511], 9); + } + + for (i = j = 0; i < 40; ++i) { + l_key[j] = vk[i + 7]; + j = (j < 33 ? j + 7 : j - 33); + } + + for (i = 5; i < 37; i += 2) { + w = l_key[i] | 3; + m = (~w ^ (w >> 1)) & 0x7fffffff; + m &= (m >> 1) & (m >> 2); + m &= (m >> 3) & (m >> 6); + + if (m) { + m <<= 1; + m |= (m << 1); + m |= (m << 2); + m |= (m << 4); + m |= (m << 1) & ~w & 0x80000000; + m &= 0xfffffffc; + w ^= (rotl (b_tab[l_key[i] & 3], l_key[i + 3] & 31) & + m); + } + + l_key[i] = w; + } + + return 0; +}; +#else /* defined(CIPHER_MARS_ROUND_1) */ +static int +mars_set_key (struct cipher_context *cx, const unsigned char *key, int key_len, + int atomic) +{ + u32 i, j, m, t1, t2, *kp; + const u32 *in_key = (const u32 *) key; + u32 *l_key = cx->keyinfo; + u32 t_key[15]; /* key mixing array */ + + if (key_len != 16 && key_len != 24 && key_len != 32) + return -EINVAL; /* unsupported key length */ + + m = key_len / 4; + + for (i = 0; i < m; ++i) + t_key[i] = le32_to_cpu (in_key[i]); + + t_key[i++] = m; + + for (; i < 15; ++i) + t_key[i] = 0; + + kp = l_key; + +#define tk1(j) t1 = t_key[j] ^= rotl(t1 ^ t_key[(j + 8) % 15], 3) ^ (i + 4 * j) +#define tk2(j) t2 = t_key[j] ^= rotl(t2 ^ t_key[(j + 8) % 15], 3) ^ (i + 4 * j) +#define tk3(j) t_key[j] = t1 = rotl(t_key[j] + s_box[t1 & 511], 9) + + for (i = 0; i < 4; ++i) { + t1 = t_key[13]; + t2 = t_key[14]; + + tk1 (0); + tk2 (1); + tk1 (2); + tk2 (3); + tk1 (4); + tk2 (5); + tk1 (6); + tk2 (7); + tk1 (8); + tk2 (9); + tk1 (10); + tk2 (11); + tk1 (12); + tk2 (13); + tk1 (14); + + tk3 (0); + tk3 (1); + tk3 (2); + tk3 (3); + tk3 (4); + tk3 (5); + tk3 (6); + tk3 (7); + tk3 (8); + tk3 (9); + tk3 (10); + tk3 (11); + tk3 (12); + tk3 (13); + tk3 (14); + + tk3 (0); + tk3 (1); + tk3 (2); + tk3 (3); + tk3 (4); + tk3 (5); + tk3 (6); + tk3 (7); + tk3 (8); + tk3 (9); + tk3 (10); + tk3 (11); + tk3 (12); + tk3 (13); + tk3 (14); + + tk3 (0); + tk3 (1); + tk3 (2); + tk3 (3); + tk3 (4); + tk3 (5); + tk3 (6); + tk3 (7); + tk3 (8); + tk3 (9); + tk3 (10); + tk3 (11); + tk3 (12); + tk3 (13); + tk3 (14); + + tk3 (0); + tk3 (1); + tk3 (2); + tk3 (3); + tk3 (4); + tk3 (5); + tk3 (6); + tk3 (7); + tk3 (8); + tk3 (9); + tk3 (10); + tk3 (11); + tk3 (12); + tk3 (13); + tk3 (14); + + *kp++ = t_key[0]; + *kp++ = t_key[4]; + *kp++ = t_key[8]; + *kp++ = t_key[12]; + *kp++ = t_key[1]; + *kp++ = t_key[5]; + *kp++ = t_key[9]; + *kp++ = t_key[13]; + *kp++ = t_key[2]; + *kp++ = t_key[6]; + } + + for (i = 5; i < 37; i += 2) { + j = l_key[i] | 3; + m = (~j ^ (j >> 1)) & 0x7fffffff; + m &= (m >> 1) & (m >> 2); + m &= (m >> 3) & (m >> 6); + + if (m) { + m <<= 1; + m |= (m << 1); + m |= (m << 2); + m |= (m << 4); + m &= 0xfffffffc; + j ^= (rotl (b_tab[l_key[i] & 3], l_key[i - 1]) & m); + } + + l_key[i] = j; + } + + return 0; +} +#endif /* defined(CIPHER_MARS_ROUND_1) */ + +static int +mars_encrypt (struct cipher_context *cx, const u8 *in, u8 *out, int size, + int atomic) +{ + u32 a, b, c, d, l, m, r; + const u32 *l_key = cx->keyinfo; + const u32 *in_blk = (const u32 *) in; + u32 *out_blk = (u32 *) out; + + a = le32_to_cpu (in_blk[0]) + l_key[0]; + b = le32_to_cpu (in_blk[1]) + l_key[1]; + c = le32_to_cpu (in_blk[2]) + l_key[2]; + d = le32_to_cpu (in_blk[3]) + l_key[3]; + + f_mix (a, b, c, d); + a += d; + f_mix (b, c, d, a); + b += c; + f_mix (c, d, a, b); + f_mix (d, a, b, c); + f_mix (a, b, c, d); + a += d; + f_mix (b, c, d, a); + b += c; + f_mix (c, d, a, b); + f_mix (d, a, b, c); + + f_ktr (a, b, c, d, 4); + f_ktr (b, c, d, a, 6); + f_ktr (c, d, a, b, 8); + f_ktr (d, a, b, c, 10); + f_ktr (a, b, c, d, 12); + f_ktr (b, c, d, a, 14); + f_ktr (c, d, a, b, 16); + f_ktr (d, a, b, c, 18); + f_ktr (a, d, c, b, 20); + f_ktr (b, a, d, c, 22); + f_ktr (c, b, a, d, 24); + f_ktr (d, c, b, a, 26); + f_ktr (a, d, c, b, 28); + f_ktr (b, a, d, c, 30); + f_ktr (c, b, a, d, 32); + f_ktr (d, c, b, a, 34); + + b_mix (a, b, c, d); + b_mix (b, c, d, a); + c -= b; + b_mix (c, d, a, b); + d -= a; + b_mix (d, a, b, c); + b_mix (a, b, c, d); + b_mix (b, c, d, a); + c -= b; + b_mix (c, d, a, b); + d -= a; + b_mix (d, a, b, c); + + out_blk[0] = cpu_to_le32 (a - l_key[36]); + out_blk[1] = cpu_to_le32 (b - l_key[37]); + out_blk[2] = cpu_to_le32 (c - l_key[38]); + out_blk[3] = cpu_to_le32 (d - l_key[39]); + + return 0; +} + +static int +mars_decrypt (struct cipher_context *cx, const u8 *in, u8 *out, int size, + int atomic) +{ + u32 a, b, c, d, l, m, r; + const u32 *l_key = cx->keyinfo; + const u32 *in_blk = (const u32 *) in; + u32 *out_blk = (u32 *) out; + + d = le32_to_cpu (in_blk[0]) + l_key[36]; + c = le32_to_cpu (in_blk[1]) + l_key[37]; + b = le32_to_cpu (in_blk[2]) + l_key[38]; + a = le32_to_cpu (in_blk[3]) + l_key[39]; + + f_mix (a, b, c, d); + a += d; + f_mix (b, c, d, a); + b += c; + f_mix (c, d, a, b); + f_mix (d, a, b, c); + f_mix (a, b, c, d); + a += d; + f_mix (b, c, d, a); + b += c; + f_mix (c, d, a, b); + f_mix (d, a, b, c); + + r_ktr (a, b, c, d, 34); + r_ktr (b, c, d, a, 32); + r_ktr (c, d, a, b, 30); + r_ktr (d, a, b, c, 28); + r_ktr (a, b, c, d, 26); + r_ktr (b, c, d, a, 24); + r_ktr (c, d, a, b, 22); + r_ktr (d, a, b, c, 20); + r_ktr (a, d, c, b, 18); + r_ktr (b, a, d, c, 16); + r_ktr (c, b, a, d, 14); + r_ktr (d, c, b, a, 12); + r_ktr (a, d, c, b, 10); + r_ktr (b, a, d, c, 8); + r_ktr (c, b, a, d, 6); + r_ktr (d, c, b, a, 4); + + b_mix (a, b, c, d); + b_mix (b, c, d, a); + c -= b; + b_mix (c, d, a, b); + d -= a; + b_mix (d, a, b, c); + b_mix (a, b, c, d); + b_mix (b, c, d, a); + c -= b; + b_mix (c, d, a, b); + d -= a; + b_mix (d, a, b, c); + + out_blk[0] = cpu_to_le32 (d - l_key[0]); + out_blk[1] = cpu_to_le32 (c - l_key[1]); + out_blk[2] = cpu_to_le32 (b - l_key[2]); + out_blk[3] = cpu_to_le32 (a - l_key[3]); + + return 0; +} + +#define CIPHER_ID mars +#define CIPHER_BLOCKSIZE 128 +#define CIPHER_KEY_SIZE_MASK CIPHER_KEYSIZE_128 | CIPHER_KEYSIZE_192 | CIPHER_KEYSIZE_256 +#define CIPHER_KEY_SCHEDULE_SIZE (40*sizeof(u32)) + +#include "gen-cipher.h" + +EXPORT_NO_SYMBOLS; + +/* eof */ diff -Nur linux-2.4.18/crypto/ciphers/cipher-rc5.c linux-int-2.4.18/crypto/ciphers/cipher-rc5.c --- linux-2.4.18/crypto/ciphers/cipher-rc5.c Thu Jan 1 01:00:00 1970 +++ linux-int-2.4.18/crypto/ciphers/cipher-rc5.c Wed Apr 3 17:28:57 2002 @@ -0,0 +1,240 @@ +/* + * rc5.c RC5-32/16/b + * + * Copyright (c) 1999 Pekka Riikonen + * + * Permission is hereby granted, free of charge, to any person obtaining a + * copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, dis- + * tribute, sublicense, and/or sell copies of the Software, and to permit + * persons to whom the Software is furnished to do so, subject to the fol- + * lowing conditions: + * + * The above copyright notice and this permission notice shall be included + * in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS + * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABIL- + * ITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT + * SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABIL- + * ITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS + * IN THE SOFTWARE. + * + * Except as contained in this notice, the name of the authors shall + * not be used in advertising or otherwise to promote the sale, use or + * other dealings in this Software without prior written authorization from + * the authors. + * + */ + +/* + * Based on RC5 reference code and on description of Bruce Schneier's + * Applied Cryptography. + * + * This implementation has a word size of 32 bits, a rounds of 16 and + * variable key length from 128 and 192 up to 256 bits. + * + */ + +#include +#include +#include +#include +#include +#include + +/* RC5 definitions */ +#define WSIZE 32 /* word size, in bits */ +#define ROUNDS 16 /* rounds */ +#define MIN_KEY 16 /* minimum key size in bytes */ +#define MAX_C 8 /* same for 128, 192 and 256 bits key */ +#define TABSIZE 34 /* size of table S, t = 2 * (r + 1) */ + +/* RC5 encryption */ +#define RC5E(i, A, B) \ + A = A ^ B; \ + A = rotl(A, B) + S[i]; \ + B = B ^ A; \ + B = rotl(B, A) + S[i + 1]; + +/* RC5 decryption */ +#define RC5D(i, A, B) \ + B = B - S[i + 1]; \ + B = rotr(B, A) ^ A; \ + A = A - S[i]; \ + A = rotr(A, B) ^ B; + +#if 0 +#define rotl rotl32 +#define rotr rotr32 +#else +#define rotl generic_rotl32 +#define rotr generic_rotr32 +#endif + +/* Sets RC5 key */ + +int rc5_set_key(struct cipher_context *cx, const u8 *key, int key_len, + int atomic) +{ + const u32 *in_key = (const u32 *)key; + u32 *out_key = cx->keyinfo; /* S */ + u32 i, j, k, A, B, L[MAX_C], c; + + if (key_len != 16 && key_len != 24 && key_len != 32) + return -EINVAL; /* unsupported key length */ + + printk (KERN_WARNING "cipher-rc5 is broken\n"); + + return -EINVAL; + + key_len *= 8; + c = key_len / WSIZE; + + /* init L */ + for (i = 0; i < key_len / WSIZE; i++) + L[i] = le32_to_cpu (in_key[i]); + + /* init key array (S) */ + out_key[0] = 0xb7e15163; + for (i = 1; i < TABSIZE; i++) + out_key[i] = out_key[i - 1] + 0x9e3779b9; + + /* mix L and key array (S) */ + A = B = 0; + for (k = i = j = 0; k < (3 * TABSIZE); k++) { + A = rotl(out_key[i] + (A + B), 3); + B += A; + B = rotl(L[j] + B, B); + out_key[i] = A; + L[j] = B; + i = (i + 1) % TABSIZE; + j = (j + 1) % c; + } + + return 0; +} + +/* Encrypts *one* block at a time. */ + +int rc5_encrypt(struct cipher_context *cx, + const u8 *in8, u8 *out8, int size, int atomic) +{ + u32 A, B; + const u32 *in = (const u32 *)in8; + u32 *out = (u32 *)out8; + + const u32 *S = cx->keyinfo; + A = le32_to_cpu (in[0]) + S[0]; + B = le32_to_cpu (in[1]) + S[1]; + + RC5E(2, A, B); RC5E(4, A, B); + RC5E(6, A, B); RC5E(8, A, B); + RC5E(10, A, B); RC5E(12, A, B); + RC5E(14, A, B); RC5E(16, A, B); + RC5E(18, A, B); RC5E(20, A, B); + RC5E(22, A, B); RC5E(24, A, B); + RC5E(26, A, B); RC5E(28, A, B); + RC5E(30, A, B); RC5E(32, A, B); + + out[0] = cpu_to_le32 (A); + out[1] = cpu_to_le32 (B); + + return 0; +} + +/* Decrypts *one* block at a time. */ + +int rc5_decrypt(struct cipher_context *cx, + const u8 *in8, u8 *out8, int size, int atomic) +{ + u32 A, B; + const u32 *in = (u32 *)in8; + u32 *out = (u32 *)out8; + + const u32 *S = cx->keyinfo; + A = le32_to_cpu (in[0]); + B = le32_to_cpu (in[1]); + + RC5D(32, A, B); RC5D(30, A, B); + RC5D(28, A, B); RC5D(26, A, B); + RC5D(24, A, B); RC5D(22, A, B); + RC5D(20, A, B); RC5D(18, A, B); + RC5D(16, A, B); RC5D(14, A, B); + RC5D(12, A, B); RC5D(10, A, B); + RC5D(8, A, B); RC5D(6, A, B); + RC5D(4, A, B); RC5D(2, A, B); + + out[0] = cpu_to_le32 (A - S[0]); + out[1] = cpu_to_le32 (B - S[1]); + + return 0; +} + +static void rc5_lock(void) +{ + MOD_INC_USE_COUNT; +} + +static void rc5_unlock(void) +{ + MOD_DEC_USE_COUNT; +} + + +#define CIPHER_BITS_64 +#define CIPHER_NAME(x) rc5##x +#include "gen-cbc.h" +#include "gen-ecb.h" + +#define RC5_KEY_SCHEDULE_SIZE (34*sizeof(u32)) + +static struct cipher_implementation rc5_ecb = { + {{NULL,NULL}, CIPHER_MODE_ECB, "rc5-ecb"}, + blocksize: 8, + ivsize: 0, + key_schedule_size: RC5_KEY_SCHEDULE_SIZE, + key_size_mask: CIPHER_KEYSIZE_128 | CIPHER_KEYSIZE_192 | + CIPHER_KEYSIZE_256, + INIT_CIPHER_BLKOPS(rc5_ecb), + INIT_CIPHER_OPS(rc5) +}; + +static struct cipher_implementation rc5_cbc = { + {{NULL,NULL}, CIPHER_MODE_CBC, "rc5-cbc"}, + blocksize: 8, + ivsize: 8, + key_schedule_size: RC5_KEY_SCHEDULE_SIZE, + key_size_mask: CIPHER_KEYSIZE_128 | CIPHER_KEYSIZE_192 | + CIPHER_KEYSIZE_256, + INIT_CIPHER_BLKOPS(rc5_cbc), + INIT_CIPHER_OPS(rc5) +}; + + +static int __init init_rc5(void) +{ + if (register_cipher(&rc5_ecb)) + printk(KERN_WARNING "Couldn't register RC5-ecb encryption\n"); + if (register_cipher(&rc5_cbc)) + printk(KERN_WARNING "Couldn't register RC5-cbc encryption\n"); + + return 0; +} + +static void __exit cleanup_rc5(void) +{ + if (unregister_cipher(&rc5_ecb)) + printk(KERN_WARNING "Couldn't unregister RC5_ecb encryption\n"); + if (unregister_cipher(&rc5_cbc)) + printk(KERN_WARNING "Couldn't unregister RC5-cbc encryption\n"); +} + +module_init(init_rc5); +module_exit(cleanup_rc5); + +EXPORT_NO_SYMBOLS; + +/* eof */ diff -Nur linux-2.4.18/crypto/ciphers/cipher-rc6.c linux-int-2.4.18/crypto/ciphers/cipher-rc6.c --- linux-2.4.18/crypto/ciphers/cipher-rc6.c Thu Jan 1 01:00:00 1970 +++ linux-int-2.4.18/crypto/ciphers/cipher-rc6.c Wed Apr 3 17:28:57 2002 @@ -0,0 +1,176 @@ +/* NOTE: This implementation has been changed from the original + source. See ChangeLog for more information. + Maintained by Alexander Kjeldaas + */ + +/* This is an independent implementation of the RC6 algorithm that */ +/* Ron Rivest and RSA Labs have submitted as a candidate for the */ +/* NIST AES activity. Refer to RSA Labs and Ron Rivest for any */ +/* copyright, patent or license issues for the RC6 algorithm. */ +/* */ +/* Copyright in this implementation is held by Dr B R Gladman but */ +/* I hereby give permission for its free direct or derivative use */ +/* subject to acknowledgment of its origin and compliance with any */ +/* constraints that are placed on the exploitation of RC6 by its */ +/* designers. */ +/* */ +/* Dr Brian Gladman (gladman@seven77.demon.co.uk) 18th July 1998 */ +/* + Timing data: + +Algorithm: rc6 (rc62.c) +128 bit key: +Key Setup: 1580 cycles +Encrypt: 286 cycles = 89.6 mbits/sec +Decrypt: 236 cycles = 108.6 mbits/sec +Mean: 261 cycles = 98.2 mbits/sec +192 bit key: +Key Setup: 1882 cycles +Encrypt: 286 cycles = 89.5 mbits/sec +Decrypt: 235 cycles = 108.9 mbits/sec +Mean: 261 cycles = 98.3 mbits/sec +256 bit key: +Key Setup: 1774 cycles +Encrypt: 285 cycles = 89.7 mbits/sec +Decrypt: 236 cycles = 108.3 mbits/sec +Mean: 261 cycles = 98.1 mbits/sec + +*/ + +#include +#include +#include +#include +#include + +#if 0 +#define rotl rotl32 +#define rotr rotr32 +#else +#define rotl generic_rotl32 +#define rotr generic_rotr32 +#endif + +#define f_rnd(i,a,b,c,d) \ + u = rotl(d * (d + d + 1), 5); \ + t = rotl(b * (b + b + 1), 5); \ + a = rotl(a ^ t, u) + l_key[i]; \ + c = rotl(c ^ u, t) + l_key[i + 1] + +#define i_rnd(i,a,b,c,d) \ + u = rotl(d * (d + d + 1), 5); \ + t = rotl(b * (b + b + 1), 5); \ + c = rotr(c - l_key[i + 1], t) ^ u; \ + a = rotr(a - l_key[i], u) ^ t + +/* initialise the key schedule from the user supplied key */ + +int rc6_set_key(struct cipher_context *cx, const unsigned char *key, int key_len, + int atomic) +{ const u32 *in_key = (const u32 *)key; + /* l_key - storage for the key schedule */ + u32 *l_key = cx->keyinfo; + u32 i, j, k, a, b, l[8], t; + + if (key_len != 16 && key_len != 24 && key_len != 32) + return -EINVAL; /* unsupported key length */ + + key_len *= 8; + + l_key[0] = 0xb7e15163; + + for(k = 1; k < 44; ++k) + l_key[k] = l_key[k - 1] + 0x9e3779b9; + + for(k = 0; k < key_len / 32; ++k) + l[k] = le32_to_cpu (in_key[k]); + + t = (key_len / 32) - 1; + + a = b = i = j = 0; + + for(k = 0; k < 132; ++k) + { a = rotl(l_key[i] + a + b, 3); b += a; + b = rotl(l[j] + b, b); + l_key[i] = a; l[j] = b; + i = (i == 43 ? 0 : i + 1); + j = (j == t ? 0 : j + 1); + } + + return 0; +}; + +/* encrypt a block of text */ + +int rc6_encrypt(struct cipher_context *cx, + const u8 *in, u8 *out, int size, int atomic) +{ const u32 *l_key = cx->keyinfo; + const u32 *in_blk = (const u32 *)in; + u32 *out_blk = (u32 *)out; + u32 a,b,c,d,t,u; + + a = le32_to_cpu (in_blk[0]); + b = le32_to_cpu (in_blk[1]) + l_key[0]; + c = le32_to_cpu (in_blk[2]); + d = le32_to_cpu (in_blk[3]) + l_key[1]; + + f_rnd( 2,a,b,c,d); f_rnd( 4,b,c,d,a); + f_rnd( 6,c,d,a,b); f_rnd( 8,d,a,b,c); + f_rnd(10,a,b,c,d); f_rnd(12,b,c,d,a); + f_rnd(14,c,d,a,b); f_rnd(16,d,a,b,c); + f_rnd(18,a,b,c,d); f_rnd(20,b,c,d,a); + f_rnd(22,c,d,a,b); f_rnd(24,d,a,b,c); + f_rnd(26,a,b,c,d); f_rnd(28,b,c,d,a); + f_rnd(30,c,d,a,b); f_rnd(32,d,a,b,c); + f_rnd(34,a,b,c,d); f_rnd(36,b,c,d,a); + f_rnd(38,c,d,a,b); f_rnd(40,d,a,b,c); + + out_blk[0] = cpu_to_le32 (a + l_key[42]); + out_blk[1] = cpu_to_le32 (b); + out_blk[2] = cpu_to_le32 (c + l_key[43]); + out_blk[3] = cpu_to_le32 (d); + return 0; +}; + +/* decrypt a block of text */ + +int rc6_decrypt(struct cipher_context *cx, const u8 *in, u8 *out, int size, + int atomic) +{ const u32 *l_key = cx->keyinfo; + const u32 *in_blk = (const u32 *)in; + u32 *out_blk = (u32 *)out; + u32 a,b,c,d,t,u; + + d = le32_to_cpu (in_blk[3]); + c = le32_to_cpu (in_blk[2]) - l_key[43]; + b = le32_to_cpu (in_blk[1]); + a = le32_to_cpu (in_blk[0]) - l_key[42]; + + i_rnd(40,d,a,b,c); i_rnd(38,c,d,a,b); + i_rnd(36,b,c,d,a); i_rnd(34,a,b,c,d); + i_rnd(32,d,a,b,c); i_rnd(30,c,d,a,b); + i_rnd(28,b,c,d,a); i_rnd(26,a,b,c,d); + i_rnd(24,d,a,b,c); i_rnd(22,c,d,a,b); + i_rnd(20,b,c,d,a); i_rnd(18,a,b,c,d); + i_rnd(16,d,a,b,c); i_rnd(14,c,d,a,b); + i_rnd(12,b,c,d,a); i_rnd(10,a,b,c,d); + i_rnd( 8,d,a,b,c); i_rnd( 6,c,d,a,b); + i_rnd( 4,b,c,d,a); i_rnd( 2,a,b,c,d); + + out_blk[3] = cpu_to_le32 (d - l_key[1]); + out_blk[2] = cpu_to_le32 (c); + out_blk[1] = cpu_to_le32 (b - l_key[0]); + out_blk[0] = cpu_to_le32 (a); + return 0; +}; + +#define CIPHER_ID rc6 +#define CIPHER_BLOCKSIZE 128 +#define CIPHER_KEY_SIZE_MASK CIPHER_KEYSIZE_128 | CIPHER_KEYSIZE_192 | CIPHER_KEYSIZE_256 +#define CIPHER_KEY_SCHEDULE_SIZE (44*sizeof(u32)) + +#include "gen-cipher.h" + +EXPORT_NO_SYMBOLS; + +/* eof */ diff -Nur linux-2.4.18/crypto/ciphers/cipher-serpent.c linux-int-2.4.18/crypto/ciphers/cipher-serpent.c --- linux-2.4.18/crypto/ciphers/cipher-serpent.c Thu Jan 1 01:00:00 1970 +++ linux-int-2.4.18/crypto/ciphers/cipher-serpent.c Wed Apr 3 17:28:57 2002 @@ -0,0 +1,1003 @@ + +/* Optimized implementation of the Serpent AES candidate algorithm + * Designed by Anderson, Biham and Knudsen and Implemented by + * Gisle Sælensminde 2000. + * + * The implementation is based on the pentium optimised sboxes of + * Dag Arne Osvik. Even these sboxes are designed to be optimal for x86 + * processors they are efficient on other processors as well, but the speedup + * isn't so impressive compared to other implementations. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Library General Public License + * as published by the Free Software Foundation; either version 2 of + * the License, or (at your option) any later version. + */ + +#include +#include +#include +#include +#include + +#include + +#ifdef MODULE_LICENSE +MODULE_LICENSE("GPL"); +#endif + +#define rotl(reg, val) ((reg << val) | (reg >> (32 - val))) +#define rotr(reg, val) ((reg >> val) | (reg << (32 - val))) + +#define io_swap(x) __cpu_to_be32(x) + +#define BLOCK_SWAP + +/* The sbox functions. The first four parameters is the input bits, and + * the last is a tempoary. These parameters are also used for output, but + * the bit order is permuted. The output bit order from S0 is + * (1 4 2 0 3), where 3 is the (now useless) tempoary. + */ + +#define S0(r0,r1,r2,r3,r4) \ + r3 = r3 ^ r0; \ + r4 = r1; \ + r1 = r1 & r3; \ + r4 = r4 ^ r2; \ + r1 = r1 ^ r0; \ + r0 = r0 | r3; \ + r0 = r0 ^ r4; \ + r4 = r4 ^ r3; \ + r3 = r3 ^ r2; \ + r2 = r2 | r1; \ + r2 = r2 ^ r4; \ + r4 = -1 ^ r4; \ + r4 = r4 | r1; \ + r1 = r1 ^ r3; \ + r1 = r1 ^ r4; \ + r3 = r3 | r0; \ + r1 = r1 ^ r3; \ + r4 = r4 ^ r3; + +#define S1(r0,r1,r2,r3,r4) \ + r1 = -1 ^ r1; \ + r4 = r0; \ + r0 = r0 ^ r1; \ + r4 = r4 | r1; \ + r4 = r4 ^ r3; \ + r3 = r3 & r0; \ + r2 = r2 ^ r4; \ + r3 = r3 ^ r1; \ + r3 = r3 | r2; \ + r0 = r0 ^ r4; \ + r3 = r3 ^ r0; \ + r1 = r1 & r2; \ + r0 = r0 | r1; \ + r1 = r1 ^ r4; \ + r0 = r0 ^ r2; \ + r4 = r4 | r3; \ + r0 = r0 ^ r4; \ + r4 = -1 ^ r4; \ + r1 = r1 ^ r3; \ + r4 = r4 & r2; \ + r1 = -1 ^ r1; \ + r4 = r4 ^ r0; \ + r1 = r1 ^ r4; + +#define S2(r0,r1,r2,r3,r4) \ + r4 = r0; \ + r0 = r0 & r2; \ + r0 = r0 ^ r3; \ + r2 = r2 ^ r1; \ + r2 = r2 ^ r0; \ + r3 = r3 | r4; \ + r3 = r3 ^ r1; \ + r4 = r4 ^ r2; \ + r1 = r3; \ + r3 = r3 | r4; \ + r3 = r3 ^ r0; \ + r0 = r0 & r1; \ + r4 = r4 ^ r0; \ + r1 = r1 ^ r3; \ + r1 = r1 ^ r4; \ + r4 = -1 ^ r4; + +#define S3(r0,r1,r2,r3,r4) \ + r4 = r0 ; \ + r0 = r0 | r3; \ + r3 = r3 ^ r1; \ + r1 = r1 & r4; \ + r4 = r4 ^ r2; \ + r2 = r2 ^ r3; \ + r3 = r3 & r0; \ + r4 = r4 | r1; \ + r3 = r3 ^ r4; \ + r0 = r0 ^ r1; \ + r4 = r4 & r0; \ + r1 = r1 ^ r3; \ + r4 = r4 ^ r2; \ + r1 = r1 | r0; \ + r1 = r1 ^ r2; \ + r0 = r0 ^ r3; \ + r2 = r1; \ + r1 = r1 | r3; \ + r1 = r1 ^ r0; + +#define S4(r0,r1,r2,r3,r4) \ + r1 = r1 ^ r3; \ + r3 = -1 ^ r3; \ + r2 = r2 ^ r3; \ + r3 = r3 ^ r0; \ + r4 = r1; \ + r1 = r1 & r3; \ + r1 = r1 ^ r2; \ + r4 = r4 ^ r3; \ + r0 = r0 ^ r4; \ + r2 = r2 & r4; \ + r2 = r2 ^ r0; \ + r0 = r0 & r1; \ + r3 = r3 ^ r0; \ + r4 = r4 | r1; \ + r4 = r4 ^ r0; \ + r0 = r0 | r3; \ + r0 = r0 ^ r2; \ + r2 = r2 & r3; \ + r0 = -1 ^ r0; \ + r4 = r4 ^ r2; + +#define S5(r0,r1,r2,r3,r4) \ + r0 = r0 ^ r1; \ + r1 = r1 ^ r3; \ + r3 = -1 ^ r3; \ + r4 = r1; \ + r1 = r1 & r0; \ + r2 = r2 ^ r3; \ + r1 = r1 ^ r2; \ + r2 = r2 | r4; \ + r4 = r4 ^ r3; \ + r3 = r3 & r1; \ + r3 = r3 ^ r0; \ + r4 = r4 ^ r1; \ + r4 = r4 ^ r2; \ + r2 = r2 ^ r0; \ + r0 = r0 & r3; \ + r2 = -1 ^ r2; \ + r0 = r0 ^ r4; \ + r4 = r4 | r3; \ + r2 = r2 ^ r4; + +#define S6(r0,r1,r2,r3,r4) \ + r2 = -1 ^ r2; \ + r4 = r3; \ + r3 = r3 & r0; \ + r0 = r0 ^ r4; \ + r3 = r3 ^ r2; \ + r2 = r2 | r4; \ + r1 = r1 ^ r3; \ + r2 = r2 ^ r0; \ + r0 = r0 | r1; \ + r2 = r2 ^ r1; \ + r4 = r4 ^ r0; \ + r0 = r0 | r3; \ + r0 = r0 ^ r2; \ + r4 = r4 ^ r3; \ + r4 = r4 ^ r0; \ + r3 = -1 ^ r3; \ + r2 = r2 & r4; \ + r2 = r2 ^ r3; + +#define S7(r0,r1,r2,r3,r4) \ + r4 = r2; \ + r2 = r2 & r1; \ + r2 = r2 ^ r3; \ + r3 = r3 & r1; \ + r4 = r4 ^ r2; \ + r2 = r2 ^ r1; \ + r1 = r1 ^ r0; \ + r0 = r0 | r4; \ + r0 = r0 ^ r2; \ + r3 = r3 ^ r1; \ + r2 = r2 ^ r3; \ + r3 = r3 & r0; \ + r3 = r3 ^ r4; \ + r4 = r4 ^ r2; \ + r2 = r2 & r0; \ + r4 = -1 ^ r4; \ + r2 = r2 ^ r4; \ + r4 = r4 & r0; \ + r1 = r1 ^ r3; \ + r4 = r4 ^ r1; + +/* The inverse sboxes */ + +#define I0(r0,r1,r2,r3,r4) \ + r2 = r2 ^ -1; \ + r4 = r1; \ + r1 = r1 | r0; \ + r4 = r4 ^ -1; \ + r1 = r1 ^ r2; \ + r2 = r2 | r4; \ + r1 = r1 ^ r3; \ + r0 = r0 ^ r4; \ + r2 = r2 ^ r0; \ + r0 = r0 & r3; \ + r4 = r4 ^ r0; \ + r0 = r0 | r1; \ + r0 = r0 ^ r2; \ + r3 = r3 ^ r4; \ + r2 = r2 ^ r1; \ + r3 = r3 ^ r0; \ + r3 = r3 ^ r1; \ + r2 = r2 & r3; \ + r4 = r4 ^ r2; + +#define I1(r0,r1,r2,r3,r4) \ + r4 = r1; \ + r1 = r1 ^ r3; \ + r3 = r3 & r1; \ + r4 = r4 ^ r2; \ + r3 = r3 ^ r0; \ + r0 = r0 | r1; \ + r2 = r2 ^ r3; \ + r0 = r0 ^ r4; \ + r0 = r0 | r2; \ + r1 = r1 ^ r3; \ + r0 = r0 ^ r1; \ + r1 = r1 | r3; \ + r1 = r1 ^ r0; \ + r4 = r4 ^ -1; \ + r4 = r4 ^ r1; \ + r1 = r1 | r0; \ + r1 = r1 ^ r0; \ + r1 = r1 | r4; \ + r3 = r3 ^ r1; + +#define I2(r0,r1,r2,r3,r4) \ + r2 = r2 ^ r3; \ + r3 = r3 ^ r0; \ + r4 = r3; \ + r3 = r3 & r2; \ + r3 = r3 ^ r1; \ + r1 = r1 | r2; \ + r1 = r1 ^ r4; \ + r4 = r4 & r3; \ + r2 = r2 ^ r3; \ + r4 = r4 & r0; \ + r4 = r4 ^ r2; \ + r2 = r2 & r1; \ + r2 = r2 | r0; \ + r3 = r3 ^ -1; \ + r2 = r2 ^ r3; \ + r0 = r0 ^ r3; \ + r0 = r0 & r1; \ + r3 = r3 ^ r4; \ + r3 = r3 ^ r0; + +#define I3(r0,r1,r2,r3,r4) \ + r4 = r2; \ + r2 = r2 ^ r1; \ + r0 = r0 ^ r2; \ + r4 = r4 & r2; \ + r4 = r4 ^ r0; \ + r0 = r0 & r1; \ + r1 = r1 ^ r3; \ + r3 = r3 | r4; \ + r2 = r2 ^ r3; \ + r0 = r0 ^ r3; \ + r1 = r1 ^ r4; \ + r3 = r3 & r2; \ + r3 = r3 ^ r1; \ + r1 = r1 ^ r0; \ + r1 = r1 | r2; \ + r0 = r0 ^ r3; \ + r1 = r1 ^ r4; \ + r0 = r0 ^ r1; + +#define I4(r0,r1,r2,r3,r4) \ + r4 = r2; \ + r2 = r2 & r3; \ + r2 = r2 ^ r1; \ + r1 = r1 | r3; \ + r1 = r1 & r0; \ + r4 = r4 ^ r2; \ + r4 = r4 ^ r1; \ + r1 = r1 & r2; \ + r0 = r0 ^ -1; \ + r3 = r3 ^ r4; \ + r1 = r1 ^ r3; \ + r3 = r3 & r0; \ + r3 = r3 ^ r2; \ + r0 = r0 ^ r1; \ + r2 = r2 & r0; \ + r3 = r3 ^ r0; \ + r2 = r2 ^ r4; \ + r2 = r2 | r3; \ + r3 = r3 ^ r0; \ + r2 = r2 ^ r1; + +#define I5(r0,r1,r2,r3,r4) \ + r1 = r1 ^ -1; \ + r4 = r3; \ + r2 = r2 ^ r1; \ + r3 = r3 | r0; \ + r3 = r3 ^ r2; \ + r2 = r2 | r1; \ + r2 = r2 & r0; \ + r4 = r4 ^ r3; \ + r2 = r2 ^ r4; \ + r4 = r4 | r0; \ + r4 = r4 ^ r1; \ + r1 = r1 & r2; \ + r1 = r1 ^ r3; \ + r4 = r4 ^ r2; \ + r3 = r3 & r4; \ + r4 = r4 ^ r1; \ + r3 = r3 ^ r0; \ + r3 = r3 ^ r4; \ + r4 = r4 ^ -1; + + +#define I6(r0,r1,r2,r3,r4) \ + r0 = r0 ^ r2; \ + r4 = r2; \ + r2 = r2 & r0; \ + r4 = r4 ^ r3; \ + r2 = r2 ^ -1; \ + r3 = r3 ^ r1; \ + r2 = r2 ^ r3; \ + r4 = r4 | r0; \ + r0 = r0 ^ r2; \ + r3 = r3 ^ r4; \ + r4 = r4 ^ r1; \ + r1 = r1 & r3; \ + r1 = r1 ^ r0; \ + r0 = r0 ^ r3; \ + r0 = r0 | r2; \ + r3 = r3 ^ r1; \ + r4 = r4 ^ r0; + +#define I7(r0,r1,r2,r3,r4) \ + r4 = r2; \ + r2 = r2 ^ r0; \ + r0 = r0 & r3; \ + r4 = r4 | r3; \ + r2 = r2 ^ -1; \ + r3 = r3 ^ r1; \ + r1 = r1 | r0; \ + r0 = r0 ^ r2; \ + r2 = r2 & r4; \ + r3 = r3 & r4; \ + r1 = r1 ^ r2; \ + r2 = r2 ^ r0; \ + r0 = r0 | r2; \ + r4 = r4 ^ r1; \ + r0 = r0 ^ r3; \ + r3 = r3 ^ r4; \ + r4 = r4 | r0; \ + r3 = r3 ^ r2; \ + r4 = r4 ^ r2; + +/* forward and inverse linear transformations */ + +#define LINTRANS(r0,r1,r2,r3,r4) \ + r0 = rotl(r0, 13); \ + r2 = rotl(r2, 3); \ + r3 = r3 ^ r2; \ + r4 = r0 << 3; \ + r1 = r1 ^ r0; \ + r3 = r3 ^ r4; \ + r1 = r1 ^ r2; \ + r3 = rotl(r3, 7); \ + r1 = rotl(r1, 1); \ + r2 = r2 ^ r3; \ + r4 = r1 << 7; \ + r0 = r0 ^ r1; \ + r2 = r2 ^ r4; \ + r0 = r0 ^ r3; \ + r2 = rotl(r2, 22); \ + r0 = rotl(r0, 5); + +#define ILINTRANS(r0,r1,r2,r3,r4) \ + r2 = rotr(r2, 22); \ + r0 = rotr(r0, 5); \ + r2 = r2 ^ r3; \ + r4 = r1 << 7; \ + r0 = r0 ^ r1; \ + r2 = r2 ^ r4; \ + r0 = r0 ^ r3; \ + r3 = rotr(r3, 7); \ + r1 = rotr(r1, 1); \ + r3 = r3 ^ r2; \ + r4 = r0 << 3; \ + r1 = r1 ^ r0; \ + r3 = r3 ^ r4; \ + r1 = r1 ^ r2; \ + r2 = rotr(r2, 3); \ + r0 = rotr(r0, 13); + + +#define KEYMIX(r0,r1,r2,r3,r4,IN) \ + r0 = r0 ^ l_key[IN+8]; \ + r1 = r1 ^ l_key[IN+9]; \ + r2 = r2 ^ l_key[IN+10]; \ + r3 = r3 ^ l_key[IN+11]; + +#define GETKEY(r0, r1, r2, r3, IN) \ + r0 = l_key[IN+8]; \ + r1 = l_key[IN+9]; \ + r2 = l_key[IN+10]; \ + r3 = l_key[IN+11]; + +#define SETKEY(r0, r1, r2, r3, IN) \ + l_key[IN+8] = r0; \ + l_key[IN+9] = r1; \ + l_key[IN+10] = r2; \ + l_key[IN+11] = r3; + +/* initialise the key schedule from the user supplied key */ + +int serpent_set_key(struct cipher_context *cx, const unsigned char *key, int key_len, + int atomic) +{ u32 *in_key = (u32 *)key; + /* l_key - storage for the key schedule */ + u32 *l_key = cx->keyinfo; + u32 i,lk,r0,r1,r2,r3,r4; + + if (key_len != 16 && key_len != 24 && key_len != 32) + return -EINVAL; /* unsupported key length */ + + key_len *= 8; + + i = 0; lk = (key_len + 31) / 32; + + while(i < lk) + { +#ifdef BLOCK_SWAP + l_key[i] = io_swap(in_key[lk - i - 1]); +#else + l_key[i] = in_key[i]; +#endif + i++; + } + + if (key_len < 256) + { + while(i < 8) + + l_key[i++] = 0; + + i = key_len / 32; lk = 1 << key_len % 32; + + l_key[i] &= lk - 1; + l_key[i] |= lk; + } + + for(i = 0; i < 132; ++i) + { + lk = l_key[i] ^ l_key[i + 3] ^ l_key[i + 5] + ^ l_key[i + 7] ^ 0x9e3779b9 ^ i; + + l_key[i + 8] = (lk << 11) | (lk >> 21); + } + + GETKEY(r0, r1, r2, r3, 0); + S3(r0,r1,r2,r3,r4); + SETKEY(r1, r2, r3, r4, 0) + + GETKEY(r0, r1, r2, r3, 4); + S2(r0,r1,r2,r3,r4); + SETKEY(r2, r3, r1, r4, 4) + + GETKEY(r0, r1, r2, r3, 8); + S1(r0,r1,r2,r3,r4); + SETKEY(r3, r1, r2, r0, 8) + + GETKEY(r0, r1, r2, r3, 12); + S0(r0,r1,r2,r3,r4); + SETKEY(r1, r4, r2, r0, 12) + + GETKEY(r0, r1, r2, r3, 16); + S7(r0,r1,r2,r3,r4); + SETKEY(r2, r4, r3, r0, 16) + + GETKEY(r0, r1, r2, r3, 20); + S6(r0,r1,r2,r3,r4) + SETKEY(r0, r1, r4, r2, 20) + + GETKEY(r0, r1, r2, r3, 24); + S5(r0,r1,r2,r3,r4); + SETKEY(r1, r3, r0, r2, 24) + + GETKEY(r0, r1, r2, r3, 28); + S4(r0,r1,r2,r3,r4) + SETKEY(r1, r4, r0, r3, 28) + + GETKEY(r0, r1, r2, r3, 32); + S3(r0,r1,r2,r3,r4); + SETKEY(r1, r2, r3, r4, 32) + + GETKEY(r0, r1, r2, r3, 36); + S2(r0,r1,r2,r3,r4); + SETKEY(r2, r3, r1, r4, 36) + + GETKEY(r0, r1, r2, r3, 40); + S1(r0,r1,r2,r3,r4); + SETKEY(r3, r1, r2, r0, 40) + + GETKEY(r0, r1, r2, r3, 44); + S0(r0,r1,r2,r3,r4); + SETKEY(r1, r4, r2, r0, 44) + + GETKEY(r0, r1, r2, r3, 48); + S7(r0,r1,r2,r3,r4); + SETKEY(r2, r4, r3, r0, 48) + + GETKEY(r0, r1, r2, r3, 52); + S6(r0,r1,r2,r3,r4) + SETKEY(r0, r1, r4, r2, 52) + + GETKEY(r0, r1, r2, r3, 56); + S5(r0,r1,r2,r3,r4); + SETKEY(r1, r3, r0, r2, 56) + + GETKEY(r0, r1, r2, r3, 60); + S4(r0,r1,r2,r3,r4) + SETKEY(r1, r4, r0, r3, 60) + + GETKEY(r0, r1, r2, r3, 64); + S3(r0,r1,r2,r3,r4); + SETKEY(r1, r2, r3, r4, 64) + + GETKEY(r0, r1, r2, r3, 68); + S2(r0,r1,r2,r3,r4); + SETKEY(r2, r3, r1, r4, 68) + + GETKEY(r0, r1, r2, r3, 72); + S1(r0,r1,r2,r3,r4); + SETKEY(r3, r1, r2, r0, 72) + + GETKEY(r0, r1, r2, r3, 76); + S0(r0,r1,r2,r3,r4); + SETKEY(r1, r4, r2, r0, 76) + + GETKEY(r0, r1, r2, r3, 80); + S7(r0,r1,r2,r3,r4); + SETKEY(r2, r4, r3, r0, 80) + + GETKEY(r0, r1, r2, r3, 84); + S6(r0,r1,r2,r3,r4) + SETKEY(r0, r1, r4, r2, 84) + + GETKEY(r0, r1, r2, r3, 88); + S5(r0,r1,r2,r3,r4); + SETKEY(r1, r3, r0, r2, 88) + + GETKEY(r0, r1, r2, r3, 92); + S4(r0,r1,r2,r3,r4) + SETKEY(r1, r4, r0, r3, 92) + + GETKEY(r0, r1, r2, r3, 96); + S3(r0,r1,r2,r3,r4); + SETKEY(r1, r2, r3, r4, 96) + + GETKEY(r0, r1, r2, r3, 100); + S2(r0,r1,r2,r3,r4); + SETKEY(r2, r3, r1, r4, 100) + + GETKEY(r0, r1, r2, r3, 104); + S1(r0,r1,r2,r3,r4); + SETKEY(r3, r1, r2, r0, 104) + + GETKEY(r0, r1, r2, r3, 108); + S0(r0,r1,r2,r3,r4); + SETKEY(r1, r4, r2, r0, 108) + + GETKEY(r0, r1, r2, r3, 112); + S7(r0,r1,r2,r3,r4); + SETKEY(r2, r4, r3, r0, 112) + + GETKEY(r0, r1, r2, r3, 116); + S6(r0,r1,r2,r3,r4) + SETKEY(r0, r1, r4, r2, 116) + + GETKEY(r0, r1, r2, r3, 120); + S5(r0,r1,r2,r3,r4); + SETKEY(r1, r3, r0, r2, 120) + + GETKEY(r0, r1, r2, r3, 124); + S4(r0,r1,r2,r3,r4) + SETKEY(r1, r4, r0, r3, 124) + + GETKEY(r0, r1, r2, r3, 128); + S3(r0,r1,r2,r3,r4); + SETKEY(r1, r2, r3, r4, 128) + + return 0; +}; + +/* Encryption and decryption functions. The rounds are fully inlined. + * The sboxes alters the bit order of the output, and the altered + * bit ordrer is used progressivly. */ + +/* encrypt a block of text */ + +int serpent_encrypt(struct cipher_context *cx, const u8 *in, + u8 *out, int size, int atomic) +{ u32 *l_key = cx->keyinfo; + const u32 *in_blk = (u32 *) in; + u32 *out_blk = (u32 *) out; + u32 r0,r1,r2,r3,r4; + +#ifdef BLOCK_SWAP + r0 = io_swap(in_blk[3]); r1 = io_swap(in_blk[2]); + r2 = io_swap(in_blk[1]); r3 = io_swap(in_blk[0]); +#else + r0 = in_blk[0]; r1 = in_blk[1]; r2 = in_blk[2]; r3 = in_blk[3]; +#endif + + /* round 1 */ + KEYMIX(r0,r1,r2,r3,r4,0); + S0(r0,r1,r2,r3,r4); + LINTRANS(r1,r4,r2,r0,r3); + + /* round 2 */ + KEYMIX(r1,r4,r2,r0,r3,4); + S1(r1,r4,r2,r0,r3); + LINTRANS(r0,r4,r2,r1,r3); + + /* round 3 */ + KEYMIX(r0,r4,r2,r1,r3,8); + S2(r0,r4,r2,r1,r3); + LINTRANS(r2,r1,r4,r3,r0); + + /* round 4 */ + KEYMIX(r2,r1,r4,r3,r0,12); + S3(r2,r1,r4,r3,r0); + LINTRANS(r1,r4,r3,r0,r2); + + /* round 5 */ + KEYMIX(r1,r4,r3,r0,r2,16); + S4(r1,r4,r3,r0,r2) + LINTRANS(r4,r2,r1,r0,r3); + + /* round 6 */ + KEYMIX(r4,r2,r1,r0,r3,20); + S5(r4,r2,r1,r0,r3); + LINTRANS(r2,r0,r4,r1,r3); + + /* round 7 */ + KEYMIX(r2,r0,r4,r1,r3,24); + S6(r2,r0,r4,r1,r3) + LINTRANS(r2,r0,r3,r4,r1); + + /* round 8 */ + KEYMIX(r2,r0,r3,r4,r1,28); + S7(r2,r0,r3,r4,r1); + LINTRANS(r3,r1,r4,r2,r0); + + /* round 9 */ + KEYMIX(r3,r1,r4,r2,r0,32); + S0(r3,r1,r4,r2,r0); + LINTRANS(r1,r0,r4,r3,r2); + + /* round 10 */ + KEYMIX(r1,r0,r4,r3,r2,36); + S1(r1,r0,r4,r3,r2); + LINTRANS(r3,r0,r4,r1,r2); + + /* round 11 */ + KEYMIX(r3,r0,r4,r1,r2,40); + S2(r3,r0,r4,r1,r2); + LINTRANS(r4,r1,r0,r2,r3); + + /* round 12 */ + KEYMIX(r4,r1,r0,r2,r3,44); + S3(r4,r1,r0,r2,r3); + LINTRANS(r1,r0,r2,r3,r4); + + /* round 13 */ + KEYMIX(r1,r0,r2,r3,r4,48); + S4(r1,r0,r2,r3,r4) + LINTRANS(r0,r4,r1,r3,r2); + + /* round 14 */ + KEYMIX(r0,r4,r1,r3,r2,52); + S5(r0,r4,r1,r3,r2); + LINTRANS(r4,r3,r0,r1,r2); + + /* round 15 */ + KEYMIX(r4,r3,r0,r1,r2,56); + S6(r4,r3,r0,r1,r2) + LINTRANS(r4,r3,r2,r0,r1); + + /* round 16 */ + KEYMIX(r4,r3,r2,r0,r1,60); + S7(r4,r3,r2,r0,r1); + LINTRANS(r2,r1,r0,r4,r3); + + /* round 17 */ + KEYMIX(r2,r1,r0,r4,r3,64); + S0(r2,r1,r0,r4,r3); + LINTRANS(r1,r3,r0,r2,r4); + + /* round 18 */ + KEYMIX(r1,r3,r0,r2,r4,68); + S1(r1,r3,r0,r2,r4); + LINTRANS(r2,r3,r0,r1,r4); + + /* round 19 */ + KEYMIX(r2,r3,r0,r1,r4,72); + S2(r2,r3,r0,r1,r4); + LINTRANS(r0,r1,r3,r4,r2); + + /* round 20 */ + KEYMIX(r0,r1,r3,r4,r2,76); + S3(r0,r1,r3,r4,r2); + LINTRANS(r1,r3,r4,r2,r0); + + /* round 21 */ + KEYMIX(r1,r3,r4,r2,r0,80); + S4(r1,r3,r4,r2,r0) + LINTRANS(r3,r0,r1,r2,r4); + + /* round 22 */ + KEYMIX(r3,r0,r1,r2,r4,84); + S5(r3,r0,r1,r2,r4); + LINTRANS(r0,r2,r3,r1,r4); + + /* round 23 */ + KEYMIX(r0,r2,r3,r1,r4,88); + S6(r0,r2,r3,r1,r4) + LINTRANS(r0,r2,r4,r3,r1); + + /* round 24 */ + KEYMIX(r0,r2,r4,r3,r1,92); + S7(r0,r2,r4,r3,r1); + LINTRANS(r4,r1,r3,r0,r2); + + /* round 25 */ + KEYMIX(r4,r1,r3,r0,r2,96); + S0(r4,r1,r3,r0,r2); + LINTRANS(r1,r2,r3,r4,r0); + + /* round 26 */ + KEYMIX(r1,r2,r3,r4,r0,100); + S1(r1,r2,r3,r4,r0); + LINTRANS(r4,r2,r3,r1,r0); + + /* round 27 */ + KEYMIX(r4,r2,r3,r1,r0,104); + S2(r4,r2,r3,r1,r0); + LINTRANS(r3,r1,r2,r0,r4); + + /* round 28 */ + KEYMIX(r3,r1,r2,r0,r4,108); + S3(r3,r1,r2,r0,r4); + LINTRANS(r1,r2,r0,r4,r3); + + /* round 29 */ + KEYMIX(r1,r2,r0,r4,r3,112); + S4(r1,r2,r0,r4,r3) + LINTRANS(r2,r3,r1,r4,r0); + + /* round 30 */ + KEYMIX(r2,r3,r1,r4,r0,116); + S5(r2,r3,r1,r4,r0); + LINTRANS(r3,r4,r2,r1,r0); + + /* round 31 */ + KEYMIX(r3,r4,r2,r1,r0,120); + S6(r3,r4,r2,r1,r0) + LINTRANS(r3,r4,r0,r2,r1); + + /* round 32 */ + KEYMIX(r3,r4,r0,r2,r1,124); + S7(r3,r4,r0,r2,r1); + KEYMIX(r0,r1,r2,r3,r4,128); + + +#ifdef BLOCK_SWAP + out_blk[3] = io_swap(r0); out_blk[2] = io_swap(r1); + out_blk[1] = io_swap(r2); out_blk[0] = io_swap(r3); +#else + out_blk[0] = r0; out_blk[1] = r1; out_blk[2] = r2; out_blk[3] = r3; +#endif + return 0; +}; + +/* decrypt a block of text */ + +int serpent_decrypt(struct cipher_context *cx, const u8 *in, + u8 *out, int size, int atomic) +{ u32 *l_key = cx->keyinfo; + const u32 *in_blk = (const u32 *)in; + u32 *out_blk = (u32 *)out; + u32 r0,r1,r2,r3,r4; + +#ifdef BLOCK_SWAP + r0 = io_swap(in_blk[3]); r1 = io_swap(in_blk[2]); + r2 = io_swap(in_blk[1]); r3 = io_swap(in_blk[0]); +#else + r0 = in_blk[0]; r1 = in_blk[1]; r2 = in_blk[2]; r3 = in_blk[3]; +#endif + + /* round 1 */ + KEYMIX(r0,r1,r2,r3,r4,128); + I7(r0,r1,r2,r3,r4); + KEYMIX(r3,r0,r1,r4,r2,124); + + /* round 2 */ + ILINTRANS(r3,r0,r1,r4,r2); + I6(r3,r0,r1,r4,r2); + KEYMIX(r0,r1,r2,r4,r3,120); + + /* round 3 */ + ILINTRANS(r0,r1,r2,r4,r3); + I5(r0,r1,r2,r4,r3); + KEYMIX(r1,r3,r4,r2,r0,116); + + /* round 4 */ + ILINTRANS(r1,r3,r4,r2,r0); + I4(r1,r3,r4,r2,r0); + KEYMIX(r1,r2,r4,r0,r3,112); + + /* round 5 */ + ILINTRANS(r1,r2,r4,r0,r3); + I3(r1,r2,r4,r0,r3); + KEYMIX(r4,r2,r0,r1,r3,108); + + /* round 6 */ + ILINTRANS(r4,r2,r0,r1,r3); + I2(r4,r2,r0,r1,r3); + KEYMIX(r2,r3,r0,r1,r4,104); + + /* round 7 */ + ILINTRANS(r2,r3,r0,r1,r4); + I1(r2,r3,r0,r1,r4); + KEYMIX(r4,r2,r1,r0,r3,100); + + /* round 8 */ + ILINTRANS(r4,r2,r1,r0,r3); + I0(r4,r2,r1,r0,r3); + KEYMIX(r4,r3,r2,r0,r1,96); + + /* round 9 */ + ILINTRANS(r4,r3,r2,r0,r1); + I7(r4,r3,r2,r0,r1); + KEYMIX(r0,r4,r3,r1,r2,92); + + /* round 10 */ + ILINTRANS(r0,r4,r3,r1,r2); + I6(r0,r4,r3,r1,r2); + KEYMIX(r4,r3,r2,r1,r0,88); + + /* round 11 */ + ILINTRANS(r4,r3,r2,r1,r0); + I5(r4,r3,r2,r1,r0); + KEYMIX(r3,r0,r1,r2,r4,84); + + /* round 12 */ + ILINTRANS(r3,r0,r1,r2,r4); + I4(r3,r0,r1,r2,r4); + KEYMIX(r3,r2,r1,r4,r0,80); + + /* round 13 */ + ILINTRANS(r3,r2,r1,r4,r0); + I3(r3,r2,r1,r4,r0); + KEYMIX(r1,r2,r4,r3,r0,76); + + /* round 14 */ + ILINTRANS(r1,r2,r4,r3,r0); + I2(r1,r2,r4,r3,r0); + KEYMIX(r2,r0,r4,r3,r1,72); + + /* round 15 */ + ILINTRANS(r2,r0,r4,r3,r1); + I1(r2,r0,r4,r3,r1); + KEYMIX(r1,r2,r3,r4,r0,68); + + /* round 16 */ + ILINTRANS(r1,r2,r3,r4,r0); + I0(r1,r2,r3,r4,r0); + KEYMIX(r1,r0,r2,r4,r3,64); + + /* round 17 */ + ILINTRANS(r1,r0,r2,r4,r3); + I7(r1,r0,r2,r4,r3); + KEYMIX(r4,r1,r0,r3,r2,60); + + /* round 18 */ + ILINTRANS(r4,r1,r0,r3,r2); + I6(r4,r1,r0,r3,r2); + KEYMIX(r1,r0,r2,r3,r4,56); + + /* round 19 */ + ILINTRANS(r1,r0,r2,r3,r4); + I5(r1,r0,r2,r3,r4); + KEYMIX(r0,r4,r3,r2,r1,52); + + /* round 20 */ + ILINTRANS(r0,r4,r3,r2,r1); + I4(r0,r4,r3,r2,r1); + KEYMIX(r0,r2,r3,r1,r4,48); + + /* round 21 */ + ILINTRANS(r0,r2,r3,r1,r4); + I3(r0,r2,r3,r1,r4); + KEYMIX(r3,r2,r1,r0,r4,44); + + /* round 22 */ + ILINTRANS(r3,r2,r1,r0,r4); + I2(r3,r2,r1,r0,r4); + KEYMIX(r2,r4,r1,r0,r3,40); + + /* round 23 */ + ILINTRANS(r2,r4,r1,r0,r3); + I1(r2,r4,r1,r0,r3); + KEYMIX(r3,r2,r0,r1,r4,36); + + /* round 24 */ + ILINTRANS(r3,r2,r0,r1,r4); + I0(r3,r2,r0,r1,r4); + KEYMIX(r3,r4,r2,r1,r0,32); + + /* round 25 */ + ILINTRANS(r3,r4,r2,r1,r0); + I7(r3,r4,r2,r1,r0); + KEYMIX(r1,r3,r4,r0,r2,28); + + /* round 26 */ + ILINTRANS(r1,r3,r4,r0,r2); + I6(r1,r3,r4,r0,r2); + KEYMIX(r3,r4,r2,r0,r1,24); + + /* round 27 */ + ILINTRANS(r3,r4,r2,r0,r1); + I5(r3,r4,r2,r0,r1); + KEYMIX(r4,r1,r0,r2,r3,20); + + /* round 28 */ + ILINTRANS(r4,r1,r0,r2,r3); + I4(r4,r1,r0,r2,r3); + KEYMIX(r4,r2,r0,r3,r1,16); + + /* round 29 */ + ILINTRANS(r4,r2,r0,r3,r1); + I3(r4,r2,r0,r3,r1); + KEYMIX(r0,r2,r3,r4,r1,12); + + /* round 30 */ + ILINTRANS(r0,r2,r3,r4,r1); + I2(r0,r2,r3,r4,r1); + KEYMIX(r2,r1,r3,r4,r0,8); + + /* round 31 */ + ILINTRANS(r2,r1,r3,r4,r0); + I1(r2,r1,r3,r4,r0); + KEYMIX(r0,r2,r4,r3,r1,4); + + /* round 32 */ + ILINTRANS(r0,r2,r4,r3,r1); + I0(r0,r2,r4,r3,r1); + KEYMIX(r0,r1,r2,r3,r4,0); + +#ifdef BLOCK_SWAP + out_blk[3] = io_swap(r0); out_blk[2] = io_swap(r1); + out_blk[1] = io_swap(r2); out_blk[0] = io_swap(r3); +#else + out_blk[0] = r0; out_blk[1] = r1; out_blk[2] = r2; out_blk[3] = r3; +#endif + return 0; +}; + + +#define CIPHER_ID serpent +#define CIPHER_BLOCKSIZE 128 +#define CIPHER_KEY_SIZE_MASK CIPHER_KEYSIZE_128 | CIPHER_KEYSIZE_192 | CIPHER_KEYSIZE_256 +#define CIPHER_KEY_SCHEDULE_SIZE (140*sizeof(u32)) + +#include "gen-cipher.h" + +EXPORT_NO_SYMBOLS; + +/* eof */ diff -Nur linux-2.4.18/crypto/ciphers/cipher-twofish.c linux-int-2.4.18/crypto/ciphers/cipher-twofish.c --- linux-2.4.18/crypto/ciphers/cipher-twofish.c Thu Jan 1 01:00:00 1970 +++ linux-int-2.4.18/crypto/ciphers/cipher-twofish.c Wed Apr 3 17:28:57 2002 @@ -0,0 +1,875 @@ +/* NOTE: This implementation has been changed from the original + * source. See ChangeLog for more information. + * Maintained by Marc Mutz + */ + +/* Twofish for GPG + * By Matthew Skala , July 26, 1998 + * 256-bit key length added March 20, 1999 + * Some modifications to reduce the text size by Werner Koch, April, 1998 + * + * The original author has disclaimed all copyright interest in this + * code and thus putting it in the public domain. + * + * This code is a "clean room" implementation, written from the paper + * _Twofish: A 128-Bit Block Cipher_ by Bruce Schneier, John Kelsey, + * Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson, available + * through http://www.counterpane.com/twofish.html + * + * For background information on multiplication in finite fields, used for + * the matrix operations in the key schedule, see the book _Contemporary + * Abstract Algebra_ by Joseph A. Gallian, especially chapter 22 in the + * Third Edition. + * + * Only the 128- and 256-bit key sizes are supported. This code is intended + * for GNU C on a 32-bit system, but it should work almost anywhere. Loops + * are unrolled, precomputation tables are used, etc., for maximum speed at + * some cost in memory consumption. */ + +#include +#include +#include +#include + +#ifdef MODULE_LICENSE +MODULE_LICENSE("GPL"); +#endif + +/* Structure for an expanded Twofish key. s contains the key-dependent + * S-boxes composed with the MDS matrix; w contains the eight "whitening" + * subkeys, K[0] through K[7]. k holds the remaining, "round" subkeys. Note + * that k[i] corresponds to what the Twofish paper calls K[i+8]. */ +typedef struct { + u32 s[4][256], w[8], k[32]; +} twofish_key_t; + +/* The large precomputed tables for the Twofish cipher (twofish.c) + * Taken from the same source as twofish.c + * Marc Mutz + */ + +/* These two tables are the q0 and q1 permutations, exactly as described in + * the Twofish paper. */ + +static const u8 q0[256] = { + 0xA9, 0x67, 0xB3, 0xE8, 0x04, 0xFD, 0xA3, 0x76, 0x9A, 0x92, 0x80, 0x78, + 0xE4, 0xDD, 0xD1, 0x38, 0x0D, 0xC6, 0x35, 0x98, 0x18, 0xF7, 0xEC, 0x6C, + 0x43, 0x75, 0x37, 0x26, 0xFA, 0x13, 0x94, 0x48, 0xF2, 0xD0, 0x8B, 0x30, + 0x84, 0x54, 0xDF, 0x23, 0x19, 0x5B, 0x3D, 0x59, 0xF3, 0xAE, 0xA2, 0x82, + 0x63, 0x01, 0x83, 0x2E, 0xD9, 0x51, 0x9B, 0x7C, 0xA6, 0xEB, 0xA5, 0xBE, + 0x16, 0x0C, 0xE3, 0x61, 0xC0, 0x8C, 0x3A, 0xF5, 0x73, 0x2C, 0x25, 0x0B, + 0xBB, 0x4E, 0x89, 0x6B, 0x53, 0x6A, 0xB4, 0xF1, 0xE1, 0xE6, 0xBD, 0x45, + 0xE2, 0xF4, 0xB6, 0x66, 0xCC, 0x95, 0x03, 0x56, 0xD4, 0x1C, 0x1E, 0xD7, + 0xFB, 0xC3, 0x8E, 0xB5, 0xE9, 0xCF, 0xBF, 0xBA, 0xEA, 0x77, 0x39, 0xAF, + 0x33, 0xC9, 0x62, 0x71, 0x81, 0x79, 0x09, 0xAD, 0x24, 0xCD, 0xF9, 0xD8, + 0xE5, 0xC5, 0xB9, 0x4D, 0x44, 0x08, 0x86, 0xE7, 0xA1, 0x1D, 0xAA, 0xED, + 0x06, 0x70, 0xB2, 0xD2, 0x41, 0x7B, 0xA0, 0x11, 0x31, 0xC2, 0x27, 0x90, + 0x20, 0xF6, 0x60, 0xFF, 0x96, 0x5C, 0xB1, 0xAB, 0x9E, 0x9C, 0x52, 0x1B, + 0x5F, 0x93, 0x0A, 0xEF, 0x91, 0x85, 0x49, 0xEE, 0x2D, 0x4F, 0x8F, 0x3B, + 0x47, 0x87, 0x6D, 0x46, 0xD6, 0x3E, 0x69, 0x64, 0x2A, 0xCE, 0xCB, 0x2F, + 0xFC, 0x97, 0x05, 0x7A, 0xAC, 0x7F, 0xD5, 0x1A, 0x4B, 0x0E, 0xA7, 0x5A, + 0x28, 0x14, 0x3F, 0x29, 0x88, 0x3C, 0x4C, 0x02, 0xB8, 0xDA, 0xB0, 0x17, + 0x55, 0x1F, 0x8A, 0x7D, 0x57, 0xC7, 0x8D, 0x74, 0xB7, 0xC4, 0x9F, 0x72, + 0x7E, 0x15, 0x22, 0x12, 0x58, 0x07, 0x99, 0x34, 0x6E, 0x50, 0xDE, 0x68, + 0x65, 0xBC, 0xDB, 0xF8, 0xC8, 0xA8, 0x2B, 0x40, 0xDC, 0xFE, 0x32, 0xA4, + 0xCA, 0x10, 0x21, 0xF0, 0xD3, 0x5D, 0x0F, 0x00, 0x6F, 0x9D, 0x36, 0x42, + 0x4A, 0x5E, 0xC1, 0xE0 +}; + +static const u8 q1[256] = { + 0x75, 0xF3, 0xC6, 0xF4, 0xDB, 0x7B, 0xFB, 0xC8, 0x4A, 0xD3, 0xE6, 0x6B, + 0x45, 0x7D, 0xE8, 0x4B, 0xD6, 0x32, 0xD8, 0xFD, 0x37, 0x71, 0xF1, 0xE1, + 0x30, 0x0F, 0xF8, 0x1B, 0x87, 0xFA, 0x06, 0x3F, 0x5E, 0xBA, 0xAE, 0x5B, + 0x8A, 0x00, 0xBC, 0x9D, 0x6D, 0xC1, 0xB1, 0x0E, 0x80, 0x5D, 0xD2, 0xD5, + 0xA0, 0x84, 0x07, 0x14, 0xB5, 0x90, 0x2C, 0xA3, 0xB2, 0x73, 0x4C, 0x54, + 0x92, 0x74, 0x36, 0x51, 0x38, 0xB0, 0xBD, 0x5A, 0xFC, 0x60, 0x62, 0x96, + 0x6C, 0x42, 0xF7, 0x10, 0x7C, 0x28, 0x27, 0x8C, 0x13, 0x95, 0x9C, 0xC7, + 0x24, 0x46, 0x3B, 0x70, 0xCA, 0xE3, 0x85, 0xCB, 0x11, 0xD0, 0x93, 0xB8, + 0xA6, 0x83, 0x20, 0xFF, 0x9F, 0x77, 0xC3, 0xCC, 0x03, 0x6F, 0x08, 0xBF, + 0x40, 0xE7, 0x2B, 0xE2, 0x79, 0x0C, 0xAA, 0x82, 0x41, 0x3A, 0xEA, 0xB9, + 0xE4, 0x9A, 0xA4, 0x97, 0x7E, 0xDA, 0x7A, 0x17, 0x66, 0x94, 0xA1, 0x1D, + 0x3D, 0xF0, 0xDE, 0xB3, 0x0B, 0x72, 0xA7, 0x1C, 0xEF, 0xD1, 0x53, 0x3E, + 0x8F, 0x33, 0x26, 0x5F, 0xEC, 0x76, 0x2A, 0x49, 0x81, 0x88, 0xEE, 0x21, + 0xC4, 0x1A, 0xEB, 0xD9, 0xC5, 0x39, 0x99, 0xCD, 0xAD, 0x31, 0x8B, 0x01, + 0x18, 0x23, 0xDD, 0x1F, 0x4E, 0x2D, 0xF9, 0x48, 0x4F, 0xF2, 0x65, 0x8E, + 0x78, 0x5C, 0x58, 0x19, 0x8D, 0xE5, 0x98, 0x57, 0x67, 0x7F, 0x05, 0x64, + 0xAF, 0x63, 0xB6, 0xFE, 0xF5, 0xB7, 0x3C, 0xA5, 0xCE, 0xE9, 0x68, 0x44, + 0xE0, 0x4D, 0x43, 0x69, 0x29, 0x2E, 0xAC, 0x15, 0x59, 0xA8, 0x0A, 0x9E, + 0x6E, 0x47, 0xDF, 0x34, 0x35, 0x6A, 0xCF, 0xDC, 0x22, 0xC9, 0xC0, 0x9B, + 0x89, 0xD4, 0xED, 0xAB, 0x12, 0xA2, 0x0D, 0x52, 0xBB, 0x02, 0x2F, 0xA9, + 0xD7, 0x61, 0x1E, 0xB4, 0x50, 0x04, 0xF6, 0xC2, 0x16, 0x25, 0x86, 0x56, + 0x55, 0x09, 0xBE, 0x91 +}; + +/* These MDS tables are actually tables of MDS composed with q0 and q1, + * because it is only ever used that way and we can save some time by + * precomputing. Of course the main saving comes from precomputing the + * GF(2^8) multiplication involved in the MDS matrix multiply; by looking + * things up in these tables we reduce the matrix multiply to four lookups + * and three XORs. Semi-formally, the definition of these tables is: + * mds[0][i] = MDS (q1[i] 0 0 0)^T mds[1][i] = MDS (0 q0[i] 0 0)^T + * mds[2][i] = MDS (0 0 q1[i] 0)^T mds[3][i] = MDS (0 0 0 q0[i])^T + * where ^T means "transpose", the matrix multiply is performed in GF(2^8) + * represented as GF(2)[x]/v(x) where v(x)=x^8+x^6+x^5+x^3+1 as described + * by Schneier et al, and I'm casually glossing over the byte/word + * conversion issues. */ + +static const u32 mds[4][256] = { + {0xBCBC3275, 0xECEC21F3, 0x202043C6, 0xB3B3C9F4, 0xDADA03DB, 0x02028B7B, + 0xE2E22BFB, 0x9E9EFAC8, 0xC9C9EC4A, 0xD4D409D3, 0x18186BE6, 0x1E1E9F6B, + 0x98980E45, 0xB2B2387D, 0xA6A6D2E8, 0x2626B74B, 0x3C3C57D6, 0x93938A32, + 0x8282EED8, 0x525298FD, 0x7B7BD437, 0xBBBB3771, 0x5B5B97F1, 0x474783E1, + 0x24243C30, 0x5151E20F, 0xBABAC6F8, 0x4A4AF31B, 0xBFBF4887, 0x0D0D70FA, + 0xB0B0B306, 0x7575DE3F, 0xD2D2FD5E, 0x7D7D20BA, 0x666631AE, 0x3A3AA35B, + 0x59591C8A, 0x00000000, 0xCDCD93BC, 0x1A1AE09D, 0xAEAE2C6D, 0x7F7FABC1, + 0x2B2BC7B1, 0xBEBEB90E, 0xE0E0A080, 0x8A8A105D, 0x3B3B52D2, 0x6464BAD5, + 0xD8D888A0, 0xE7E7A584, 0x5F5FE807, 0x1B1B1114, 0x2C2CC2B5, 0xFCFCB490, + 0x3131272C, 0x808065A3, 0x73732AB2, 0x0C0C8173, 0x79795F4C, 0x6B6B4154, + 0x4B4B0292, 0x53536974, 0x94948F36, 0x83831F51, 0x2A2A3638, 0xC4C49CB0, + 0x2222C8BD, 0xD5D5F85A, 0xBDBDC3FC, 0x48487860, 0xFFFFCE62, 0x4C4C0796, + 0x4141776C, 0xC7C7E642, 0xEBEB24F7, 0x1C1C1410, 0x5D5D637C, 0x36362228, + 0x6767C027, 0xE9E9AF8C, 0x4444F913, 0x1414EA95, 0xF5F5BB9C, 0xCFCF18C7, + 0x3F3F2D24, 0xC0C0E346, 0x7272DB3B, 0x54546C70, 0x29294CCA, 0xF0F035E3, + 0x0808FE85, 0xC6C617CB, 0xF3F34F11, 0x8C8CE4D0, 0xA4A45993, 0xCACA96B8, + 0x68683BA6, 0xB8B84D83, 0x38382820, 0xE5E52EFF, 0xADAD569F, 0x0B0B8477, + 0xC8C81DC3, 0x9999FFCC, 0x5858ED03, 0x19199A6F, 0x0E0E0A08, 0x95957EBF, + 0x70705040, 0xF7F730E7, 0x6E6ECF2B, 0x1F1F6EE2, 0xB5B53D79, 0x09090F0C, + 0x616134AA, 0x57571682, 0x9F9F0B41, 0x9D9D803A, 0x111164EA, 0x2525CDB9, + 0xAFAFDDE4, 0x4545089A, 0xDFDF8DA4, 0xA3A35C97, 0xEAEAD57E, 0x353558DA, + 0xEDEDD07A, 0x4343FC17, 0xF8F8CB66, 0xFBFBB194, 0x3737D3A1, 0xFAFA401D, + 0xC2C2683D, 0xB4B4CCF0, 0x32325DDE, 0x9C9C71B3, 0x5656E70B, 0xE3E3DA72, + 0x878760A7, 0x15151B1C, 0xF9F93AEF, 0x6363BFD1, 0x3434A953, 0x9A9A853E, + 0xB1B1428F, 0x7C7CD133, 0x88889B26, 0x3D3DA65F, 0xA1A1D7EC, 0xE4E4DF76, + 0x8181942A, 0x91910149, 0x0F0FFB81, 0xEEEEAA88, 0x161661EE, 0xD7D77321, + 0x9797F5C4, 0xA5A5A81A, 0xFEFE3FEB, 0x6D6DB5D9, 0x7878AEC5, 0xC5C56D39, + 0x1D1DE599, 0x7676A4CD, 0x3E3EDCAD, 0xCBCB6731, 0xB6B6478B, 0xEFEF5B01, + 0x12121E18, 0x6060C523, 0x6A6AB0DD, 0x4D4DF61F, 0xCECEE94E, 0xDEDE7C2D, + 0x55559DF9, 0x7E7E5A48, 0x2121B24F, 0x03037AF2, 0xA0A02665, 0x5E5E198E, + 0x5A5A6678, 0x65654B5C, 0x62624E58, 0xFDFD4519, 0x0606F48D, 0x404086E5, + 0xF2F2BE98, 0x3333AC57, 0x17179067, 0x05058E7F, 0xE8E85E05, 0x4F4F7D64, + 0x89896AAF, 0x10109563, 0x74742FB6, 0x0A0A75FE, 0x5C5C92F5, 0x9B9B74B7, + 0x2D2D333C, 0x3030D6A5, 0x2E2E49CE, 0x494989E9, 0x46467268, 0x77775544, + 0xA8A8D8E0, 0x9696044D, 0x2828BD43, 0xA9A92969, 0xD9D97929, 0x8686912E, + 0xD1D187AC, 0xF4F44A15, 0x8D8D1559, 0xD6D682A8, 0xB9B9BC0A, 0x42420D9E, + 0xF6F6C16E, 0x2F2FB847, 0xDDDD06DF, 0x23233934, 0xCCCC6235, 0xF1F1C46A, + 0xC1C112CF, 0x8585EBDC, 0x8F8F9E22, 0x7171A1C9, 0x9090F0C0, 0xAAAA539B, + 0x0101F189, 0x8B8BE1D4, 0x4E4E8CED, 0x8E8E6FAB, 0xABABA212, 0x6F6F3EA2, + 0xE6E6540D, 0xDBDBF252, 0x92927BBB, 0xB7B7B602, 0x6969CA2F, 0x3939D9A9, + 0xD3D30CD7, 0xA7A72361, 0xA2A2AD1E, 0xC3C399B4, 0x6C6C4450, 0x07070504, + 0x04047FF6, 0x272746C2, 0xACACA716, 0xD0D07625, 0x50501386, 0xDCDCF756, + 0x84841A55, 0xE1E15109, 0x7A7A25BE, 0x1313EF91}, + + {0xA9D93939, 0x67901717, 0xB3719C9C, 0xE8D2A6A6, 0x04050707, 0xFD985252, + 0xA3658080, 0x76DFE4E4, 0x9A084545, 0x92024B4B, 0x80A0E0E0, 0x78665A5A, + 0xE4DDAFAF, 0xDDB06A6A, 0xD1BF6363, 0x38362A2A, 0x0D54E6E6, 0xC6432020, + 0x3562CCCC, 0x98BEF2F2, 0x181E1212, 0xF724EBEB, 0xECD7A1A1, 0x6C774141, + 0x43BD2828, 0x7532BCBC, 0x37D47B7B, 0x269B8888, 0xFA700D0D, 0x13F94444, + 0x94B1FBFB, 0x485A7E7E, 0xF27A0303, 0xD0E48C8C, 0x8B47B6B6, 0x303C2424, + 0x84A5E7E7, 0x54416B6B, 0xDF06DDDD, 0x23C56060, 0x1945FDFD, 0x5BA33A3A, + 0x3D68C2C2, 0x59158D8D, 0xF321ECEC, 0xAE316666, 0xA23E6F6F, 0x82165757, + 0x63951010, 0x015BEFEF, 0x834DB8B8, 0x2E918686, 0xD9B56D6D, 0x511F8383, + 0x9B53AAAA, 0x7C635D5D, 0xA63B6868, 0xEB3FFEFE, 0xA5D63030, 0xBE257A7A, + 0x16A7ACAC, 0x0C0F0909, 0xE335F0F0, 0x6123A7A7, 0xC0F09090, 0x8CAFE9E9, + 0x3A809D9D, 0xF5925C5C, 0x73810C0C, 0x2C273131, 0x2576D0D0, 0x0BE75656, + 0xBB7B9292, 0x4EE9CECE, 0x89F10101, 0x6B9F1E1E, 0x53A93434, 0x6AC4F1F1, + 0xB499C3C3, 0xF1975B5B, 0xE1834747, 0xE66B1818, 0xBDC82222, 0x450E9898, + 0xE26E1F1F, 0xF4C9B3B3, 0xB62F7474, 0x66CBF8F8, 0xCCFF9999, 0x95EA1414, + 0x03ED5858, 0x56F7DCDC, 0xD4E18B8B, 0x1C1B1515, 0x1EADA2A2, 0xD70CD3D3, + 0xFB2BE2E2, 0xC31DC8C8, 0x8E195E5E, 0xB5C22C2C, 0xE9894949, 0xCF12C1C1, + 0xBF7E9595, 0xBA207D7D, 0xEA641111, 0x77840B0B, 0x396DC5C5, 0xAF6A8989, + 0x33D17C7C, 0xC9A17171, 0x62CEFFFF, 0x7137BBBB, 0x81FB0F0F, 0x793DB5B5, + 0x0951E1E1, 0xADDC3E3E, 0x242D3F3F, 0xCDA47676, 0xF99D5555, 0xD8EE8282, + 0xE5864040, 0xC5AE7878, 0xB9CD2525, 0x4D049696, 0x44557777, 0x080A0E0E, + 0x86135050, 0xE730F7F7, 0xA1D33737, 0x1D40FAFA, 0xAA346161, 0xED8C4E4E, + 0x06B3B0B0, 0x706C5454, 0xB22A7373, 0xD2523B3B, 0x410B9F9F, 0x7B8B0202, + 0xA088D8D8, 0x114FF3F3, 0x3167CBCB, 0xC2462727, 0x27C06767, 0x90B4FCFC, + 0x20283838, 0xF67F0404, 0x60784848, 0xFF2EE5E5, 0x96074C4C, 0x5C4B6565, + 0xB1C72B2B, 0xAB6F8E8E, 0x9E0D4242, 0x9CBBF5F5, 0x52F2DBDB, 0x1BF34A4A, + 0x5FA63D3D, 0x9359A4A4, 0x0ABCB9B9, 0xEF3AF9F9, 0x91EF1313, 0x85FE0808, + 0x49019191, 0xEE611616, 0x2D7CDEDE, 0x4FB22121, 0x8F42B1B1, 0x3BDB7272, + 0x47B82F2F, 0x8748BFBF, 0x6D2CAEAE, 0x46E3C0C0, 0xD6573C3C, 0x3E859A9A, + 0x6929A9A9, 0x647D4F4F, 0x2A948181, 0xCE492E2E, 0xCB17C6C6, 0x2FCA6969, + 0xFCC3BDBD, 0x975CA3A3, 0x055EE8E8, 0x7AD0EDED, 0xAC87D1D1, 0x7F8E0505, + 0xD5BA6464, 0x1AA8A5A5, 0x4BB72626, 0x0EB9BEBE, 0xA7608787, 0x5AF8D5D5, + 0x28223636, 0x14111B1B, 0x3FDE7575, 0x2979D9D9, 0x88AAEEEE, 0x3C332D2D, + 0x4C5F7979, 0x02B6B7B7, 0xB896CACA, 0xDA583535, 0xB09CC4C4, 0x17FC4343, + 0x551A8484, 0x1FF64D4D, 0x8A1C5959, 0x7D38B2B2, 0x57AC3333, 0xC718CFCF, + 0x8DF40606, 0x74695353, 0xB7749B9B, 0xC4F59797, 0x9F56ADAD, 0x72DAE3E3, + 0x7ED5EAEA, 0x154AF4F4, 0x229E8F8F, 0x12A2ABAB, 0x584E6262, 0x07E85F5F, + 0x99E51D1D, 0x34392323, 0x6EC1F6F6, 0x50446C6C, 0xDE5D3232, 0x68724646, + 0x6526A0A0, 0xBC93CDCD, 0xDB03DADA, 0xF8C6BABA, 0xC8FA9E9E, 0xA882D6D6, + 0x2BCF6E6E, 0x40507070, 0xDCEB8585, 0xFE750A0A, 0x328A9393, 0xA48DDFDF, + 0xCA4C2929, 0x10141C1C, 0x2173D7D7, 0xF0CCB4B4, 0xD309D4D4, 0x5D108A8A, + 0x0FE25151, 0x00000000, 0x6F9A1919, 0x9DE01A1A, 0x368F9494, 0x42E6C7C7, + 0x4AECC9C9, 0x5EFDD2D2, 0xC1AB7F7F, 0xE0D8A8A8}, + + {0xBC75BC32, 0xECF3EC21, 0x20C62043, 0xB3F4B3C9, 0xDADBDA03, 0x027B028B, + 0xE2FBE22B, 0x9EC89EFA, 0xC94AC9EC, 0xD4D3D409, 0x18E6186B, 0x1E6B1E9F, + 0x9845980E, 0xB27DB238, 0xA6E8A6D2, 0x264B26B7, 0x3CD63C57, 0x9332938A, + 0x82D882EE, 0x52FD5298, 0x7B377BD4, 0xBB71BB37, 0x5BF15B97, 0x47E14783, + 0x2430243C, 0x510F51E2, 0xBAF8BAC6, 0x4A1B4AF3, 0xBF87BF48, 0x0DFA0D70, + 0xB006B0B3, 0x753F75DE, 0xD25ED2FD, 0x7DBA7D20, 0x66AE6631, 0x3A5B3AA3, + 0x598A591C, 0x00000000, 0xCDBCCD93, 0x1A9D1AE0, 0xAE6DAE2C, 0x7FC17FAB, + 0x2BB12BC7, 0xBE0EBEB9, 0xE080E0A0, 0x8A5D8A10, 0x3BD23B52, 0x64D564BA, + 0xD8A0D888, 0xE784E7A5, 0x5F075FE8, 0x1B141B11, 0x2CB52CC2, 0xFC90FCB4, + 0x312C3127, 0x80A38065, 0x73B2732A, 0x0C730C81, 0x794C795F, 0x6B546B41, + 0x4B924B02, 0x53745369, 0x9436948F, 0x8351831F, 0x2A382A36, 0xC4B0C49C, + 0x22BD22C8, 0xD55AD5F8, 0xBDFCBDC3, 0x48604878, 0xFF62FFCE, 0x4C964C07, + 0x416C4177, 0xC742C7E6, 0xEBF7EB24, 0x1C101C14, 0x5D7C5D63, 0x36283622, + 0x672767C0, 0xE98CE9AF, 0x441344F9, 0x149514EA, 0xF59CF5BB, 0xCFC7CF18, + 0x3F243F2D, 0xC046C0E3, 0x723B72DB, 0x5470546C, 0x29CA294C, 0xF0E3F035, + 0x088508FE, 0xC6CBC617, 0xF311F34F, 0x8CD08CE4, 0xA493A459, 0xCAB8CA96, + 0x68A6683B, 0xB883B84D, 0x38203828, 0xE5FFE52E, 0xAD9FAD56, 0x0B770B84, + 0xC8C3C81D, 0x99CC99FF, 0x580358ED, 0x196F199A, 0x0E080E0A, 0x95BF957E, + 0x70407050, 0xF7E7F730, 0x6E2B6ECF, 0x1FE21F6E, 0xB579B53D, 0x090C090F, + 0x61AA6134, 0x57825716, 0x9F419F0B, 0x9D3A9D80, 0x11EA1164, 0x25B925CD, + 0xAFE4AFDD, 0x459A4508, 0xDFA4DF8D, 0xA397A35C, 0xEA7EEAD5, 0x35DA3558, + 0xED7AEDD0, 0x431743FC, 0xF866F8CB, 0xFB94FBB1, 0x37A137D3, 0xFA1DFA40, + 0xC23DC268, 0xB4F0B4CC, 0x32DE325D, 0x9CB39C71, 0x560B56E7, 0xE372E3DA, + 0x87A78760, 0x151C151B, 0xF9EFF93A, 0x63D163BF, 0x345334A9, 0x9A3E9A85, + 0xB18FB142, 0x7C337CD1, 0x8826889B, 0x3D5F3DA6, 0xA1ECA1D7, 0xE476E4DF, + 0x812A8194, 0x91499101, 0x0F810FFB, 0xEE88EEAA, 0x16EE1661, 0xD721D773, + 0x97C497F5, 0xA51AA5A8, 0xFEEBFE3F, 0x6DD96DB5, 0x78C578AE, 0xC539C56D, + 0x1D991DE5, 0x76CD76A4, 0x3EAD3EDC, 0xCB31CB67, 0xB68BB647, 0xEF01EF5B, + 0x1218121E, 0x602360C5, 0x6ADD6AB0, 0x4D1F4DF6, 0xCE4ECEE9, 0xDE2DDE7C, + 0x55F9559D, 0x7E487E5A, 0x214F21B2, 0x03F2037A, 0xA065A026, 0x5E8E5E19, + 0x5A785A66, 0x655C654B, 0x6258624E, 0xFD19FD45, 0x068D06F4, 0x40E54086, + 0xF298F2BE, 0x335733AC, 0x17671790, 0x057F058E, 0xE805E85E, 0x4F644F7D, + 0x89AF896A, 0x10631095, 0x74B6742F, 0x0AFE0A75, 0x5CF55C92, 0x9BB79B74, + 0x2D3C2D33, 0x30A530D6, 0x2ECE2E49, 0x49E94989, 0x46684672, 0x77447755, + 0xA8E0A8D8, 0x964D9604, 0x284328BD, 0xA969A929, 0xD929D979, 0x862E8691, + 0xD1ACD187, 0xF415F44A, 0x8D598D15, 0xD6A8D682, 0xB90AB9BC, 0x429E420D, + 0xF66EF6C1, 0x2F472FB8, 0xDDDFDD06, 0x23342339, 0xCC35CC62, 0xF16AF1C4, + 0xC1CFC112, 0x85DC85EB, 0x8F228F9E, 0x71C971A1, 0x90C090F0, 0xAA9BAA53, + 0x018901F1, 0x8BD48BE1, 0x4EED4E8C, 0x8EAB8E6F, 0xAB12ABA2, 0x6FA26F3E, + 0xE60DE654, 0xDB52DBF2, 0x92BB927B, 0xB702B7B6, 0x692F69CA, 0x39A939D9, + 0xD3D7D30C, 0xA761A723, 0xA21EA2AD, 0xC3B4C399, 0x6C506C44, 0x07040705, + 0x04F6047F, 0x27C22746, 0xAC16ACA7, 0xD025D076, 0x50865013, 0xDC56DCF7, + 0x8455841A, 0xE109E151, 0x7ABE7A25, 0x139113EF}, + + {0xD939A9D9, 0x90176790, 0x719CB371, 0xD2A6E8D2, 0x05070405, 0x9852FD98, + 0x6580A365, 0xDFE476DF, 0x08459A08, 0x024B9202, 0xA0E080A0, 0x665A7866, + 0xDDAFE4DD, 0xB06ADDB0, 0xBF63D1BF, 0x362A3836, 0x54E60D54, 0x4320C643, + 0x62CC3562, 0xBEF298BE, 0x1E12181E, 0x24EBF724, 0xD7A1ECD7, 0x77416C77, + 0xBD2843BD, 0x32BC7532, 0xD47B37D4, 0x9B88269B, 0x700DFA70, 0xF94413F9, + 0xB1FB94B1, 0x5A7E485A, 0x7A03F27A, 0xE48CD0E4, 0x47B68B47, 0x3C24303C, + 0xA5E784A5, 0x416B5441, 0x06DDDF06, 0xC56023C5, 0x45FD1945, 0xA33A5BA3, + 0x68C23D68, 0x158D5915, 0x21ECF321, 0x3166AE31, 0x3E6FA23E, 0x16578216, + 0x95106395, 0x5BEF015B, 0x4DB8834D, 0x91862E91, 0xB56DD9B5, 0x1F83511F, + 0x53AA9B53, 0x635D7C63, 0x3B68A63B, 0x3FFEEB3F, 0xD630A5D6, 0x257ABE25, + 0xA7AC16A7, 0x0F090C0F, 0x35F0E335, 0x23A76123, 0xF090C0F0, 0xAFE98CAF, + 0x809D3A80, 0x925CF592, 0x810C7381, 0x27312C27, 0x76D02576, 0xE7560BE7, + 0x7B92BB7B, 0xE9CE4EE9, 0xF10189F1, 0x9F1E6B9F, 0xA93453A9, 0xC4F16AC4, + 0x99C3B499, 0x975BF197, 0x8347E183, 0x6B18E66B, 0xC822BDC8, 0x0E98450E, + 0x6E1FE26E, 0xC9B3F4C9, 0x2F74B62F, 0xCBF866CB, 0xFF99CCFF, 0xEA1495EA, + 0xED5803ED, 0xF7DC56F7, 0xE18BD4E1, 0x1B151C1B, 0xADA21EAD, 0x0CD3D70C, + 0x2BE2FB2B, 0x1DC8C31D, 0x195E8E19, 0xC22CB5C2, 0x8949E989, 0x12C1CF12, + 0x7E95BF7E, 0x207DBA20, 0x6411EA64, 0x840B7784, 0x6DC5396D, 0x6A89AF6A, + 0xD17C33D1, 0xA171C9A1, 0xCEFF62CE, 0x37BB7137, 0xFB0F81FB, 0x3DB5793D, + 0x51E10951, 0xDC3EADDC, 0x2D3F242D, 0xA476CDA4, 0x9D55F99D, 0xEE82D8EE, + 0x8640E586, 0xAE78C5AE, 0xCD25B9CD, 0x04964D04, 0x55774455, 0x0A0E080A, + 0x13508613, 0x30F7E730, 0xD337A1D3, 0x40FA1D40, 0x3461AA34, 0x8C4EED8C, + 0xB3B006B3, 0x6C54706C, 0x2A73B22A, 0x523BD252, 0x0B9F410B, 0x8B027B8B, + 0x88D8A088, 0x4FF3114F, 0x67CB3167, 0x4627C246, 0xC06727C0, 0xB4FC90B4, + 0x28382028, 0x7F04F67F, 0x78486078, 0x2EE5FF2E, 0x074C9607, 0x4B655C4B, + 0xC72BB1C7, 0x6F8EAB6F, 0x0D429E0D, 0xBBF59CBB, 0xF2DB52F2, 0xF34A1BF3, + 0xA63D5FA6, 0x59A49359, 0xBCB90ABC, 0x3AF9EF3A, 0xEF1391EF, 0xFE0885FE, + 0x01914901, 0x6116EE61, 0x7CDE2D7C, 0xB2214FB2, 0x42B18F42, 0xDB723BDB, + 0xB82F47B8, 0x48BF8748, 0x2CAE6D2C, 0xE3C046E3, 0x573CD657, 0x859A3E85, + 0x29A96929, 0x7D4F647D, 0x94812A94, 0x492ECE49, 0x17C6CB17, 0xCA692FCA, + 0xC3BDFCC3, 0x5CA3975C, 0x5EE8055E, 0xD0ED7AD0, 0x87D1AC87, 0x8E057F8E, + 0xBA64D5BA, 0xA8A51AA8, 0xB7264BB7, 0xB9BE0EB9, 0x6087A760, 0xF8D55AF8, + 0x22362822, 0x111B1411, 0xDE753FDE, 0x79D92979, 0xAAEE88AA, 0x332D3C33, + 0x5F794C5F, 0xB6B702B6, 0x96CAB896, 0x5835DA58, 0x9CC4B09C, 0xFC4317FC, + 0x1A84551A, 0xF64D1FF6, 0x1C598A1C, 0x38B27D38, 0xAC3357AC, 0x18CFC718, + 0xF4068DF4, 0x69537469, 0x749BB774, 0xF597C4F5, 0x56AD9F56, 0xDAE372DA, + 0xD5EA7ED5, 0x4AF4154A, 0x9E8F229E, 0xA2AB12A2, 0x4E62584E, 0xE85F07E8, + 0xE51D99E5, 0x39233439, 0xC1F66EC1, 0x446C5044, 0x5D32DE5D, 0x72466872, + 0x26A06526, 0x93CDBC93, 0x03DADB03, 0xC6BAF8C6, 0xFA9EC8FA, 0x82D6A882, + 0xCF6E2BCF, 0x50704050, 0xEB85DCEB, 0x750AFE75, 0x8A93328A, 0x8DDFA48D, + 0x4C29CA4C, 0x141C1014, 0x73D72173, 0xCCB4F0CC, 0x09D4D309, 0x108A5D10, + 0xE2510FE2, 0x00000000, 0x9A196F9A, 0xE01A9DE0, 0x8F94368F, 0xE6C742E6, + 0xECC94AEC, 0xFDD25EFD, 0xAB7FC1AB, 0xD8A8E0D8} +}; + +/* The exp_to_poly and poly_to_exp tables are used to perform efficient + * operations in GF(2^8) represented as GF(2)[x]/w(x) where + * w(x)=x^8+x^6+x^3+x^2+1. We care about doing that because it's part of the + * definition of the RS matrix in the key schedule. Elements of that field + * are polynomials of degree not greater than 7 and all coefficients 0 or 1, + * which can be represented naturally by bytes (just substitute x=2). In that + * form, GF(2^8) addition is the same as bitwise XOR, but GF(2^8) + * multiplication is inefficient without hardware support. To multiply + * faster, I make use of the fact x is a generator for the nonzero elements, + * so that every element p of GF(2)[x]/w(x) is either 0 or equal to (x)^n for + * some n in 0..254. Note that that caret is exponentiation in GF(2^8), + * *not* polynomial notation. So if I want to compute pq where p and q are + * in GF(2^8), I can just say: + * 1. if p=0 or q=0 then pq=0 + * 2. otherwise, find m and n such that p=x^m and q=x^n + * 3. pq=(x^m)(x^n)=x^(m+n), so add m and n and find pq + * The translations in steps 2 and 3 are looked up in the tables + * poly_to_exp (for step 2) and exp_to_poly (for step 3). To see this + * in action, look at the CALC_S macro. As additional wrinkles, note that + * one of my operands is always a constant, so the poly_to_exp lookup on it + * is done in advance; I included the original values in the comments so + * readers can have some chance of recognizing that this *is* the RS matrix + * from the Twofish paper. I've only included the table entries I actually + * need; I never do a lookup on a variable input of zero and the biggest + * exponents I'll ever see are 254 (variable) and 237 (constant), so they'll + * never sum to more than 491. I'm repeating part of the exp_to_poly table + * so that I don't have to do mod-255 reduction in the exponent arithmetic. + * Since I know my constant operands are never zero, I only have to worry + * about zero values in the variable operand, and I do it with a simple + * conditional branch. I know conditionals are expensive, but I couldn't + * see a non-horrible way of avoiding them, and I did manage to group the + * statements so that each if covers four group multiplications. */ + +static const u8 poly_to_exp[255] = { + 0x00, 0x01, 0x17, 0x02, 0x2E, 0x18, 0x53, 0x03, 0x6A, 0x2F, 0x93, 0x19, + 0x34, 0x54, 0x45, 0x04, 0x5C, 0x6B, 0xB6, 0x30, 0xA6, 0x94, 0x4B, 0x1A, + 0x8C, 0x35, 0x81, 0x55, 0xAA, 0x46, 0x0D, 0x05, 0x24, 0x5D, 0x87, 0x6C, + 0x9B, 0xB7, 0xC1, 0x31, 0x2B, 0xA7, 0xA3, 0x95, 0x98, 0x4C, 0xCA, 0x1B, + 0xE6, 0x8D, 0x73, 0x36, 0xCD, 0x82, 0x12, 0x56, 0x62, 0xAB, 0xF0, 0x47, + 0x4F, 0x0E, 0xBD, 0x06, 0xD4, 0x25, 0xD2, 0x5E, 0x27, 0x88, 0x66, 0x6D, + 0xD6, 0x9C, 0x79, 0xB8, 0x08, 0xC2, 0xDF, 0x32, 0x68, 0x2C, 0xFD, 0xA8, + 0x8A, 0xA4, 0x5A, 0x96, 0x29, 0x99, 0x22, 0x4D, 0x60, 0xCB, 0xE4, 0x1C, + 0x7B, 0xE7, 0x3B, 0x8E, 0x9E, 0x74, 0xF4, 0x37, 0xD8, 0xCE, 0xF9, 0x83, + 0x6F, 0x13, 0xB2, 0x57, 0xE1, 0x63, 0xDC, 0xAC, 0xC4, 0xF1, 0xAF, 0x48, + 0x0A, 0x50, 0x42, 0x0F, 0xBA, 0xBE, 0xC7, 0x07, 0xDE, 0xD5, 0x78, 0x26, + 0x65, 0xD3, 0xD1, 0x5F, 0xE3, 0x28, 0x21, 0x89, 0x59, 0x67, 0xFC, 0x6E, + 0xB1, 0xD7, 0xF8, 0x9D, 0xF3, 0x7A, 0x3A, 0xB9, 0xC6, 0x09, 0x41, 0xC3, + 0xAE, 0xE0, 0xDB, 0x33, 0x44, 0x69, 0x92, 0x2D, 0x52, 0xFE, 0x16, 0xA9, + 0x0C, 0x8B, 0x80, 0xA5, 0x4A, 0x5B, 0xB5, 0x97, 0xC9, 0x2A, 0xA2, 0x9A, + 0xC0, 0x23, 0x86, 0x4E, 0xBC, 0x61, 0xEF, 0xCC, 0x11, 0xE5, 0x72, 0x1D, + 0x3D, 0x7C, 0xEB, 0xE8, 0xE9, 0x3C, 0xEA, 0x8F, 0x7D, 0x9F, 0xEC, 0x75, + 0x1E, 0xF5, 0x3E, 0x38, 0xF6, 0xD9, 0x3F, 0xCF, 0x76, 0xFA, 0x1F, 0x84, + 0xA0, 0x70, 0xED, 0x14, 0x90, 0xB3, 0x7E, 0x58, 0xFB, 0xE2, 0x20, 0x64, + 0xD0, 0xDD, 0x77, 0xAD, 0xDA, 0xC5, 0x40, 0xF2, 0x39, 0xB0, 0xF7, 0x49, + 0xB4, 0x0B, 0x7F, 0x51, 0x15, 0x43, 0x91, 0x10, 0x71, 0xBB, 0xEE, 0xBF, + 0x85, 0xC8, 0xA1 +}; + +static const u8 exp_to_poly[492] = { + 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x4D, 0x9A, 0x79, 0xF2, + 0xA9, 0x1F, 0x3E, 0x7C, 0xF8, 0xBD, 0x37, 0x6E, 0xDC, 0xF5, 0xA7, 0x03, + 0x06, 0x0C, 0x18, 0x30, 0x60, 0xC0, 0xCD, 0xD7, 0xE3, 0x8B, 0x5B, 0xB6, + 0x21, 0x42, 0x84, 0x45, 0x8A, 0x59, 0xB2, 0x29, 0x52, 0xA4, 0x05, 0x0A, + 0x14, 0x28, 0x50, 0xA0, 0x0D, 0x1A, 0x34, 0x68, 0xD0, 0xED, 0x97, 0x63, + 0xC6, 0xC1, 0xCF, 0xD3, 0xEB, 0x9B, 0x7B, 0xF6, 0xA1, 0x0F, 0x1E, 0x3C, + 0x78, 0xF0, 0xAD, 0x17, 0x2E, 0x5C, 0xB8, 0x3D, 0x7A, 0xF4, 0xA5, 0x07, + 0x0E, 0x1C, 0x38, 0x70, 0xE0, 0x8D, 0x57, 0xAE, 0x11, 0x22, 0x44, 0x88, + 0x5D, 0xBA, 0x39, 0x72, 0xE4, 0x85, 0x47, 0x8E, 0x51, 0xA2, 0x09, 0x12, + 0x24, 0x48, 0x90, 0x6D, 0xDA, 0xF9, 0xBF, 0x33, 0x66, 0xCC, 0xD5, 0xE7, + 0x83, 0x4B, 0x96, 0x61, 0xC2, 0xC9, 0xDF, 0xF3, 0xAB, 0x1B, 0x36, 0x6C, + 0xD8, 0xFD, 0xB7, 0x23, 0x46, 0x8C, 0x55, 0xAA, 0x19, 0x32, 0x64, 0xC8, + 0xDD, 0xF7, 0xA3, 0x0B, 0x16, 0x2C, 0x58, 0xB0, 0x2D, 0x5A, 0xB4, 0x25, + 0x4A, 0x94, 0x65, 0xCA, 0xD9, 0xFF, 0xB3, 0x2B, 0x56, 0xAC, 0x15, 0x2A, + 0x54, 0xA8, 0x1D, 0x3A, 0x74, 0xE8, 0x9D, 0x77, 0xEE, 0x91, 0x6F, 0xDE, + 0xF1, 0xAF, 0x13, 0x26, 0x4C, 0x98, 0x7D, 0xFA, 0xB9, 0x3F, 0x7E, 0xFC, + 0xB5, 0x27, 0x4E, 0x9C, 0x75, 0xEA, 0x99, 0x7F, 0xFE, 0xB1, 0x2F, 0x5E, + 0xBC, 0x35, 0x6A, 0xD4, 0xE5, 0x87, 0x43, 0x86, 0x41, 0x82, 0x49, 0x92, + 0x69, 0xD2, 0xE9, 0x9F, 0x73, 0xE6, 0x81, 0x4F, 0x9E, 0x71, 0xE2, 0x89, + 0x5F, 0xBE, 0x31, 0x62, 0xC4, 0xC5, 0xC7, 0xC3, 0xCB, 0xDB, 0xFB, 0xBB, + 0x3B, 0x76, 0xEC, 0x95, 0x67, 0xCE, 0xD1, 0xEF, 0x93, 0x6B, 0xD6, 0xE1, + 0x8F, 0x53, 0xA6, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x4D, + 0x9A, 0x79, 0xF2, 0xA9, 0x1F, 0x3E, 0x7C, 0xF8, 0xBD, 0x37, 0x6E, 0xDC, + 0xF5, 0xA7, 0x03, 0x06, 0x0C, 0x18, 0x30, 0x60, 0xC0, 0xCD, 0xD7, 0xE3, + 0x8B, 0x5B, 0xB6, 0x21, 0x42, 0x84, 0x45, 0x8A, 0x59, 0xB2, 0x29, 0x52, + 0xA4, 0x05, 0x0A, 0x14, 0x28, 0x50, 0xA0, 0x0D, 0x1A, 0x34, 0x68, 0xD0, + 0xED, 0x97, 0x63, 0xC6, 0xC1, 0xCF, 0xD3, 0xEB, 0x9B, 0x7B, 0xF6, 0xA1, + 0x0F, 0x1E, 0x3C, 0x78, 0xF0, 0xAD, 0x17, 0x2E, 0x5C, 0xB8, 0x3D, 0x7A, + 0xF4, 0xA5, 0x07, 0x0E, 0x1C, 0x38, 0x70, 0xE0, 0x8D, 0x57, 0xAE, 0x11, + 0x22, 0x44, 0x88, 0x5D, 0xBA, 0x39, 0x72, 0xE4, 0x85, 0x47, 0x8E, 0x51, + 0xA2, 0x09, 0x12, 0x24, 0x48, 0x90, 0x6D, 0xDA, 0xF9, 0xBF, 0x33, 0x66, + 0xCC, 0xD5, 0xE7, 0x83, 0x4B, 0x96, 0x61, 0xC2, 0xC9, 0xDF, 0xF3, 0xAB, + 0x1B, 0x36, 0x6C, 0xD8, 0xFD, 0xB7, 0x23, 0x46, 0x8C, 0x55, 0xAA, 0x19, + 0x32, 0x64, 0xC8, 0xDD, 0xF7, 0xA3, 0x0B, 0x16, 0x2C, 0x58, 0xB0, 0x2D, + 0x5A, 0xB4, 0x25, 0x4A, 0x94, 0x65, 0xCA, 0xD9, 0xFF, 0xB3, 0x2B, 0x56, + 0xAC, 0x15, 0x2A, 0x54, 0xA8, 0x1D, 0x3A, 0x74, 0xE8, 0x9D, 0x77, 0xEE, + 0x91, 0x6F, 0xDE, 0xF1, 0xAF, 0x13, 0x26, 0x4C, 0x98, 0x7D, 0xFA, 0xB9, + 0x3F, 0x7E, 0xFC, 0xB5, 0x27, 0x4E, 0x9C, 0x75, 0xEA, 0x99, 0x7F, 0xFE, + 0xB1, 0x2F, 0x5E, 0xBC, 0x35, 0x6A, 0xD4, 0xE5, 0x87, 0x43, 0x86, 0x41, + 0x82, 0x49, 0x92, 0x69, 0xD2, 0xE9, 0x9F, 0x73, 0xE6, 0x81, 0x4F, 0x9E, + 0x71, 0xE2, 0x89, 0x5F, 0xBE, 0x31, 0x62, 0xC4, 0xC5, 0xC7, 0xC3, 0xCB +}; + + +/* The table constants are indices of + * S-box entries, preprocessed through q0 and q1. */ +static const u8 calc_sb_tbl[512] = { + 0xA9, 0x75, 0x67, 0xF3, 0xB3, 0xC6, 0xE8, 0xF4, + 0x04, 0xDB, 0xFD, 0x7B, 0xA3, 0xFB, 0x76, 0xC8, + 0x9A, 0x4A, 0x92, 0xD3, 0x80, 0xE6, 0x78, 0x6B, + 0xE4, 0x45, 0xDD, 0x7D, 0xD1, 0xE8, 0x38, 0x4B, + 0x0D, 0xD6, 0xC6, 0x32, 0x35, 0xD8, 0x98, 0xFD, + 0x18, 0x37, 0xF7, 0x71, 0xEC, 0xF1, 0x6C, 0xE1, + 0x43, 0x30, 0x75, 0x0F, 0x37, 0xF8, 0x26, 0x1B, + 0xFA, 0x87, 0x13, 0xFA, 0x94, 0x06, 0x48, 0x3F, + 0xF2, 0x5E, 0xD0, 0xBA, 0x8B, 0xAE, 0x30, 0x5B, + 0x84, 0x8A, 0x54, 0x00, 0xDF, 0xBC, 0x23, 0x9D, + 0x19, 0x6D, 0x5B, 0xC1, 0x3D, 0xB1, 0x59, 0x0E, + 0xF3, 0x80, 0xAE, 0x5D, 0xA2, 0xD2, 0x82, 0xD5, + 0x63, 0xA0, 0x01, 0x84, 0x83, 0x07, 0x2E, 0x14, + 0xD9, 0xB5, 0x51, 0x90, 0x9B, 0x2C, 0x7C, 0xA3, + 0xA6, 0xB2, 0xEB, 0x73, 0xA5, 0x4C, 0xBE, 0x54, + 0x16, 0x92, 0x0C, 0x74, 0xE3, 0x36, 0x61, 0x51, + 0xC0, 0x38, 0x8C, 0xB0, 0x3A, 0xBD, 0xF5, 0x5A, + 0x73, 0xFC, 0x2C, 0x60, 0x25, 0x62, 0x0B, 0x96, + 0xBB, 0x6C, 0x4E, 0x42, 0x89, 0xF7, 0x6B, 0x10, + 0x53, 0x7C, 0x6A, 0x28, 0xB4, 0x27, 0xF1, 0x8C, + 0xE1, 0x13, 0xE6, 0x95, 0xBD, 0x9C, 0x45, 0xC7, + 0xE2, 0x24, 0xF4, 0x46, 0xB6, 0x3B, 0x66, 0x70, + 0xCC, 0xCA, 0x95, 0xE3, 0x03, 0x85, 0x56, 0xCB, + 0xD4, 0x11, 0x1C, 0xD0, 0x1E, 0x93, 0xD7, 0xB8, + 0xFB, 0xA6, 0xC3, 0x83, 0x8E, 0x20, 0xB5, 0xFF, + 0xE9, 0x9F, 0xCF, 0x77, 0xBF, 0xC3, 0xBA, 0xCC, + 0xEA, 0x03, 0x77, 0x6F, 0x39, 0x08, 0xAF, 0xBF, + 0x33, 0x40, 0xC9, 0xE7, 0x62, 0x2B, 0x71, 0xE2, + 0x81, 0x79, 0x79, 0x0C, 0x09, 0xAA, 0xAD, 0x82, + 0x24, 0x41, 0xCD, 0x3A, 0xF9, 0xEA, 0xD8, 0xB9, + 0xE5, 0xE4, 0xC5, 0x9A, 0xB9, 0xA4, 0x4D, 0x97, + 0x44, 0x7E, 0x08, 0xDA, 0x86, 0x7A, 0xE7, 0x17, + 0xA1, 0x66, 0x1D, 0x94, 0xAA, 0xA1, 0xED, 0x1D, + 0x06, 0x3D, 0x70, 0xF0, 0xB2, 0xDE, 0xD2, 0xB3, + 0x41, 0x0B, 0x7B, 0x72, 0xA0, 0xA7, 0x11, 0x1C, + 0x31, 0xEF, 0xC2, 0xD1, 0x27, 0x53, 0x90, 0x3E, + 0x20, 0x8F, 0xF6, 0x33, 0x60, 0x26, 0xFF, 0x5F, + 0x96, 0xEC, 0x5C, 0x76, 0xB1, 0x2A, 0xAB, 0x49, + 0x9E, 0x81, 0x9C, 0x88, 0x52, 0xEE, 0x1B, 0x21, + 0x5F, 0xC4, 0x93, 0x1A, 0x0A, 0xEB, 0xEF, 0xD9, + 0x91, 0xC5, 0x85, 0x39, 0x49, 0x99, 0xEE, 0xCD, + 0x2D, 0xAD, 0x4F, 0x31, 0x8F, 0x8B, 0x3B, 0x01, + 0x47, 0x18, 0x87, 0x23, 0x6D, 0xDD, 0x46, 0x1F, + 0xD6, 0x4E, 0x3E, 0x2D, 0x69, 0xF9, 0x64, 0x48, + 0x2A, 0x4F, 0xCE, 0xF2, 0xCB, 0x65, 0x2F, 0x8E, + 0xFC, 0x78, 0x97, 0x5C, 0x05, 0x58, 0x7A, 0x19, + 0xAC, 0x8D, 0x7F, 0xE5, 0xD5, 0x98, 0x1A, 0x57, + 0x4B, 0x67, 0x0E, 0x7F, 0xA7, 0x05, 0x5A, 0x64, + 0x28, 0xAF, 0x14, 0x63, 0x3F, 0xB6, 0x29, 0xFE, + 0x88, 0xF5, 0x3C, 0xB7, 0x4C, 0x3C, 0x02, 0xA5, + 0xB8, 0xCE, 0xDA, 0xE9, 0xB0, 0x68, 0x17, 0x44, + 0x55, 0xE0, 0x1F, 0x4D, 0x8A, 0x43, 0x7D, 0x69, + 0x57, 0x29, 0xC7, 0x2E, 0x8D, 0xAC, 0x74, 0x15, + 0xB7, 0x59, 0xC4, 0xA8, 0x9F, 0x0A, 0x72, 0x9E, + 0x7E, 0x6E, 0x15, 0x47, 0x22, 0xDF, 0x12, 0x34, + 0x58, 0x35, 0x07, 0x6A, 0x99, 0xCF, 0x34, 0xDC, + 0x6E, 0x22, 0x50, 0xC9, 0xDE, 0xC0, 0x68, 0x9B, + 0x65, 0x89, 0xBC, 0xD4, 0xDB, 0xED, 0xF8, 0xAB, + 0xC8, 0x12, 0xA8, 0xA2, 0x2B, 0x0D, 0x40, 0x52, + 0xDC, 0xBB, 0xFE, 0x02, 0x32, 0x2F, 0xA4, 0xA9, + 0xCA, 0xD7, 0x10, 0x61, 0x21, 0x1E, 0xF0, 0xB4, + 0xD3, 0x50, 0x5D, 0x04, 0x0F, 0xF6, 0x00, 0xC2, + 0x6F, 0x16, 0x9D, 0x25, 0x36, 0x86, 0x42, 0x56, + 0x4A, 0x55, 0x5E, 0x09, 0xC1, 0xBE, 0xE0, 0x91 +}; + +/* Macro to perform one column of the RS matrix multiplication. The + * parameters a, b, c, and d are the four bytes of output; i is the index + * of the key bytes, and w, x, y, and z, are the column of constants from + * the RS matrix, preprocessed through the poly_to_exp table. */ + +#define CALC_S(a, b, c, d, i, w, x, y, z) \ + if (key[i]) { \ + tmp = poly_to_exp[key[i] - 1]; \ + (a) ^= exp_to_poly[tmp + (w)]; \ + (b) ^= exp_to_poly[tmp + (x)]; \ + (c) ^= exp_to_poly[tmp + (y)]; \ + (d) ^= exp_to_poly[tmp + (z)]; \ + } + +/* Macros to calculate the key-dependent S-boxes for a 128-bit key using + * the S vector from CALC_S. CALC_SB_2 computes a single entry in all + * four S-boxes, where i is the index of the entry to compute, and a and b + * are the index numbers preprocessed through the q0 and q1 tables + * respectively. */ + +#define CALC_SB_2(i, a, b) \ + ctx->s[0][i] = mds[0][q0[(a) ^ sa] ^ se]; \ + ctx->s[1][i] = mds[1][q0[(b) ^ sb] ^ sf]; \ + ctx->s[2][i] = mds[2][q1[(a) ^ sc] ^ sg]; \ + ctx->s[3][i] = mds[3][q1[(b) ^ sd] ^ sh] + +/* Macro exactly like CALC_SB_2, but for 192-bit keys. */ + +#define CALC_SB192_2(i, a, b) \ + ctx->s[0][i] = mds[0][q0[q0[(b) ^ sa] ^ se] ^ si]; \ + ctx->s[1][i] = mds[1][q0[q1[(b) ^ sb] ^ sf] ^ sj]; \ + ctx->s[2][i] = mds[2][q1[q0[(a) ^ sc] ^ sg] ^ sk]; \ + ctx->s[3][i] = mds[3][q1[q1[(a) ^ sd] ^ sh] ^ sl]; + +/* Macro exactly like CALC_SB_2, but for 256-bit keys. */ + +#define CALC_SB256_2(i, a, b) \ + ctx->s[0][i] = mds[0][q0[q0[q1[(b) ^ sa] ^ se] ^ si] ^ sm]; \ + ctx->s[1][i] = mds[1][q0[q1[q1[(a) ^ sb] ^ sf] ^ sj] ^ sn]; \ + ctx->s[2][i] = mds[2][q1[q0[q0[(a) ^ sc] ^ sg] ^ sk] ^ so]; \ + ctx->s[3][i] = mds[3][q1[q1[q0[(b) ^ sd] ^ sh] ^ sl] ^ sp]; + +/* Macros to calculate the whitening and round subkeys. CALC_K_2 computes the + * last two stages of the h() function for a given index (either 2i or 2i+1). + * a, b, c, and d are the four bytes going into the last two stages. For + * 128-bit keys, this is the entire h() function and a and c are the index + * preprocessed through q0 and q1 respectively; for longer keys they are the + * output of previous stages. j is the index of the first key byte to use. + * CALC_K computes a pair of subkeys for 128-bit Twofish, by calling CALC_K_2 + * twice, doing the Psuedo-Hadamard Transform, and doing the necessary + * rotations. Its parameters are: a, the array to write the results into, + * j, the index of the first output entry, k and l, the preprocessed indices + * for index 2i, and m and n, the preprocessed indices for index 2i+1. + * CALC_K192_2 expands CALC_K_2 to handle 192-bit keys, by doing an + * additional lookup-and-XOR stage. The parameters a, b, c and d are the + * four bytes going into the last three stages. For 192-bit keys, c = d + * are the index preprocessed through q0, and a = b are the index + * preprocessed through q1; j is the index of the first key byte to use. + * CALC_K192 is identical to CALC_K but for using the CALC_K192_2 macro + * instead of CALC_K_2. + * CALC_K256_2 expands CALC_K192_2 to handle 256-bit keys, by doing an + * additional lookup-and-XOR stage. The parameters a and b are the index + * preprocessed through q0 and q1 respectively; j is the index of the first + * key byte to use. CALC_K256 is identical to CALC_K but for using the + * CALC_K256_2 macro instead of CALC_K_2. */ + +#define CALC_K_2(a, b, c, d, j) \ + mds[0][q0[a ^ key[(j) + 8]] ^ key[j]] \ + ^ mds[1][q0[b ^ key[(j) + 9]] ^ key[(j) + 1]] \ + ^ mds[2][q1[c ^ key[(j) + 10]] ^ key[(j) + 2]] \ + ^ mds[3][q1[d ^ key[(j) + 11]] ^ key[(j) + 3]] + +#define CALC_K(a, j, k, l, m, n) \ + x = CALC_K_2 (k, l, k, l, 0); \ + y = CALC_K_2 (m, n, m, n, 4); \ + y = (y << 8) + (y >> 24); \ + x += y; y += x; ctx->a[j] = x; \ + ctx->a[(j) + 1] = (y << 9) + (y >> 23) + +#define CALC_K192_2(a, b, c, d, j) \ + CALC_K_2 (q0[a ^ key[(j) + 16]], \ + q1[b ^ key[(j) + 17]], \ + q0[c ^ key[(j) + 18]], \ + q1[d ^ key[(j) + 19]], j) + +#define CALC_K192(a, j, k, l, m, n) \ + x = CALC_K192_2 (l, l, k, k, 0); \ + y = CALC_K192_2 (n, n, m, m, 4); \ + y = (y << 8) + (y >> 24); \ + x += y; y += x; ctx->a[j] = x; \ + ctx->a[(j) + 1] = (y << 9) + (y >> 23) + +#define CALC_K256_2(a, b, j) \ + CALC_K192_2 (q1[b ^ key[(j) + 24]], \ + q1[a ^ key[(j) + 25]], \ + q0[a ^ key[(j) + 26]], \ + q0[b ^ key[(j) + 27]], j) + +#define CALC_K256(a, j, k, l, m, n) \ + x = CALC_K256_2 (k, l, 0); \ + y = CALC_K256_2 (m, n, 4); \ + y = (y << 8) + (y >> 24); \ + x += y; y += x; ctx->a[j] = x; \ + ctx->a[(j) + 1] = (y << 9) + (y >> 23) + +/* Perform the key setup. */ + +static int twofish_set_key (struct cipher_context *cx, + const u8 *key, int key_len, int atomic) +{ + twofish_key_t *ctx = (twofish_key_t *) cx->keyinfo; + + int i, j, k; + + /* Temporaries for CALC_K. */ + u32 x, y; + + /* The S vector used to key the S-boxes, split up into individual bytes. + * 128-bit keys use only sa through sh; 256-bit use all of them. */ + u8 sa = 0, sb = 0, sc = 0, sd = 0, se = 0, sf = 0, sg = 0, sh = 0; + u8 si = 0, sj = 0, sk = 0, sl = 0, sm = 0, sn = 0, so = 0, sp = 0; + + /* Temporary for CALC_S. */ + u8 tmp; + + /* Check key length. */ + if (key_len != 16 && key_len != 24 && key_len != 32) + return -EINVAL; /* unsupported key length */ + + /* Compute the first two words of the S vector. The magic numbers are + * the entries of the RS matrix, preprocessed through poly_to_exp. The + * numbers in the comments are the original (polynomial form) matrix + * entries. */ + CALC_S (sa, sb, sc, sd, 0, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */ + CALC_S (sa, sb, sc, sd, 1, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */ + CALC_S (sa, sb, sc, sd, 2, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */ + CALC_S (sa, sb, sc, sd, 3, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */ + CALC_S (sa, sb, sc, sd, 4, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */ + CALC_S (sa, sb, sc, sd, 5, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */ + CALC_S (sa, sb, sc, sd, 6, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */ + CALC_S (sa, sb, sc, sd, 7, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */ + CALC_S (se, sf, sg, sh, 8, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */ + CALC_S (se, sf, sg, sh, 9, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */ + CALC_S (se, sf, sg, sh, 10, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */ + CALC_S (se, sf, sg, sh, 11, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */ + CALC_S (se, sf, sg, sh, 12, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */ + CALC_S (se, sf, sg, sh, 13, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */ + CALC_S (se, sf, sg, sh, 14, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */ + CALC_S (se, sf, sg, sh, 15, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */ + + if (key_len == 24 || key_len == 32) { /* 192- or 256-bit key */ + /* Calculate the third word of the S vector */ + CALC_S (si, sj, sk, sl, 16, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */ + CALC_S (si, sj, sk, sl, 17, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */ + CALC_S (si, sj, sk, sl, 18, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */ + CALC_S (si, sj, sk, sl, 19, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */ + CALC_S (si, sj, sk, sl, 20, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */ + CALC_S (si, sj, sk, sl, 21, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */ + CALC_S (si, sj, sk, sl, 22, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */ + CALC_S (si, sj, sk, sl, 23, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */ + } + + if (key_len == 32) { /* 256-bit key */ + /* Calculate the fourth word of the S vector */ + CALC_S (sm, sn, so, sp, 24, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */ + CALC_S (sm, sn, so, sp, 25, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */ + CALC_S (sm, sn, so, sp, 26, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */ + CALC_S (sm, sn, so, sp, 27, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */ + CALC_S (sm, sn, so, sp, 28, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */ + CALC_S (sm, sn, so, sp, 29, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */ + CALC_S (sm, sn, so, sp, 30, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */ + CALC_S (sm, sn, so, sp, 31, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */ + + /* Compute the S-boxes. */ + for ( i = j = 0, k = 1; i < 256; i++, j += 2, k += 2 ) { + CALC_SB256_2( i, calc_sb_tbl[j], calc_sb_tbl[k] ); + } + + /* Calculate whitening and round subkeys. The constants are + * indices of subkeys, preprocessed through q0 and q1. */ + CALC_K256 (w, 0, 0xA9, 0x75, 0x67, 0xF3); + CALC_K256 (w, 2, 0xB3, 0xC6, 0xE8, 0xF4); + CALC_K256 (w, 4, 0x04, 0xDB, 0xFD, 0x7B); + CALC_K256 (w, 6, 0xA3, 0xFB, 0x76, 0xC8); + CALC_K256 (k, 0, 0x9A, 0x4A, 0x92, 0xD3); + CALC_K256 (k, 2, 0x80, 0xE6, 0x78, 0x6B); + CALC_K256 (k, 4, 0xE4, 0x45, 0xDD, 0x7D); + CALC_K256 (k, 6, 0xD1, 0xE8, 0x38, 0x4B); + CALC_K256 (k, 8, 0x0D, 0xD6, 0xC6, 0x32); + CALC_K256 (k, 10, 0x35, 0xD8, 0x98, 0xFD); + CALC_K256 (k, 12, 0x18, 0x37, 0xF7, 0x71); + CALC_K256 (k, 14, 0xEC, 0xF1, 0x6C, 0xE1); + CALC_K256 (k, 16, 0x43, 0x30, 0x75, 0x0F); + CALC_K256 (k, 18, 0x37, 0xF8, 0x26, 0x1B); + CALC_K256 (k, 20, 0xFA, 0x87, 0x13, 0xFA); + CALC_K256 (k, 22, 0x94, 0x06, 0x48, 0x3F); + CALC_K256 (k, 24, 0xF2, 0x5E, 0xD0, 0xBA); + CALC_K256 (k, 26, 0x8B, 0xAE, 0x30, 0x5B); + CALC_K256 (k, 28, 0x84, 0x8A, 0x54, 0x00); + CALC_K256 (k, 30, 0xDF, 0xBC, 0x23, 0x9D); + } else if (key_len == 24) { /* 192-bit key */ + /* Compute the S-boxes. */ + for ( i = j = 0, k = 1; i < 256; i++, j += 2, k += 2 ) { + CALC_SB192_2( i, calc_sb_tbl[j], calc_sb_tbl[k] ); + } + + /* Calculate whitening and round subkeys. The constants are + * indices of subkeys, preprocessed through q0 and q1. */ + CALC_K192 (w, 0, 0xA9, 0x75, 0x67, 0xF3); + CALC_K192 (w, 2, 0xB3, 0xC6, 0xE8, 0xF4); + CALC_K192 (w, 4, 0x04, 0xDB, 0xFD, 0x7B); + CALC_K192 (w, 6, 0xA3, 0xFB, 0x76, 0xC8); + CALC_K192 (k, 0, 0x9A, 0x4A, 0x92, 0xD3); + CALC_K192 (k, 2, 0x80, 0xE6, 0x78, 0x6B); + CALC_K192 (k, 4, 0xE4, 0x45, 0xDD, 0x7D); + CALC_K192 (k, 6, 0xD1, 0xE8, 0x38, 0x4B); + CALC_K192 (k, 8, 0x0D, 0xD6, 0xC6, 0x32); + CALC_K192 (k, 10, 0x35, 0xD8, 0x98, 0xFD); + CALC_K192 (k, 12, 0x18, 0x37, 0xF7, 0x71); + CALC_K192 (k, 14, 0xEC, 0xF1, 0x6C, 0xE1); + CALC_K192 (k, 16, 0x43, 0x30, 0x75, 0x0F); + CALC_K192 (k, 18, 0x37, 0xF8, 0x26, 0x1B); + CALC_K192 (k, 20, 0xFA, 0x87, 0x13, 0xFA); + CALC_K192 (k, 22, 0x94, 0x06, 0x48, 0x3F); + CALC_K192 (k, 24, 0xF2, 0x5E, 0xD0, 0xBA); + CALC_K192 (k, 26, 0x8B, 0xAE, 0x30, 0x5B); + CALC_K192 (k, 28, 0x84, 0x8A, 0x54, 0x00); + CALC_K192 (k, 30, 0xDF, 0xBC, 0x23, 0x9D); + } else { /* 128-bit key */ + /* Compute the S-boxes. */ + for ( i = j = 0, k = 1; i < 256; i++, j += 2, k += 2 ) { + CALC_SB_2( i, calc_sb_tbl[j], calc_sb_tbl[k] ); + } + + /* Calculate whitening and round subkeys. The constants are + * indices of subkeys, preprocessed through q0 and q1. */ + CALC_K (w, 0, 0xA9, 0x75, 0x67, 0xF3); + CALC_K (w, 2, 0xB3, 0xC6, 0xE8, 0xF4); + CALC_K (w, 4, 0x04, 0xDB, 0xFD, 0x7B); + CALC_K (w, 6, 0xA3, 0xFB, 0x76, 0xC8); + CALC_K (k, 0, 0x9A, 0x4A, 0x92, 0xD3); + CALC_K (k, 2, 0x80, 0xE6, 0x78, 0x6B); + CALC_K (k, 4, 0xE4, 0x45, 0xDD, 0x7D); + CALC_K (k, 6, 0xD1, 0xE8, 0x38, 0x4B); + CALC_K (k, 8, 0x0D, 0xD6, 0xC6, 0x32); + CALC_K (k, 10, 0x35, 0xD8, 0x98, 0xFD); + CALC_K (k, 12, 0x18, 0x37, 0xF7, 0x71); + CALC_K (k, 14, 0xEC, 0xF1, 0x6C, 0xE1); + CALC_K (k, 16, 0x43, 0x30, 0x75, 0x0F); + CALC_K (k, 18, 0x37, 0xF8, 0x26, 0x1B); + CALC_K (k, 20, 0xFA, 0x87, 0x13, 0xFA); + CALC_K (k, 22, 0x94, 0x06, 0x48, 0x3F); + CALC_K (k, 24, 0xF2, 0x5E, 0xD0, 0xBA); + CALC_K (k, 26, 0x8B, 0xAE, 0x30, 0x5B); + CALC_K (k, 28, 0x84, 0x8A, 0x54, 0x00); + CALC_K (k, 30, 0xDF, 0xBC, 0x23, 0x9D); + } + + return 0; +} + +/* Macros to compute the g() function in the encryption and decryption + * rounds. G1 is the straight g() function; G2 includes the 8-bit + * rotation for the high 32-bit word. */ + +#define G1(a) \ + (ctx->s[0][(a) & 0xFF]) ^ (ctx->s[1][((a) >> 8) & 0xFF]) \ + ^ (ctx->s[2][((a) >> 16) & 0xFF]) ^ (ctx->s[3][(a) >> 24]) + +#define G2(b) \ + (ctx->s[1][(b) & 0xFF]) ^ (ctx->s[2][((b) >> 8) & 0xFF]) \ + ^ (ctx->s[3][((b) >> 16) & 0xFF]) ^ (ctx->s[0][(b) >> 24]) + +/* Encryption and decryption Feistel rounds. Each one calls the two g() + * macros, does the PHT, and performs the XOR and the appropriate bit + * rotations. The parameters are the round number (used to select subkeys), + * and the four 32-bit chunks of the text. */ + +#define ENCROUND(n, a, b, c, d) \ + x = G1 (a); y = G2 (b); \ + x += y; y += x + ctx->k[2 * (n) + 1]; \ + (c) ^= x + ctx->k[2 * (n)]; \ + (c) = ((c) >> 1) + ((c) << 31); \ + (d) = (((d) << 1)+((d) >> 31)) ^ y + +#define DECROUND(n, a, b, c, d) \ + x = G1 (a); y = G2 (b); \ + x += y; y += x; \ + (d) ^= y + ctx->k[2 * (n) + 1]; \ + (d) = ((d) >> 1) + ((d) << 31); \ + (c) = (((c) << 1)+((c) >> 31)); \ + (c) ^= (x + ctx->k[2 * (n)]) + +/* Encryption and decryption cycles; each one is simply two Feistel rounds + * with the 32-bit chunks re-ordered to simulate the "swap" */ + +#define ENCCYCLE(n) \ + ENCROUND (2 * (n), a, b, c, d); \ + ENCROUND (2 * (n) + 1, c, d, a, b) + +#define DECCYCLE(n) \ + DECROUND (2 * (n) + 1, c, d, a, b); \ + DECROUND (2 * (n), a, b, c, d) + +/* Macros to convert the input and output bytes into 32-bit words, + * and simultaneously perform the whitening step. INPACK packs word + * number n into the variable named by x, using whitening subkey number m. + * OUTUNPACK unpacks word number n from the variable named by x, using + * whitening subkey number m. */ + +#define INPACK(n, x, m) \ + x = in[4 * (n)] ^ (in[4 * (n) + 1] << 8) \ + ^ (in[4 * (n) + 2] << 16) ^ (in[4 * (n) + 3] << 24) ^ ctx->w[m] + +#define OUTUNPACK(n, x, m) \ + x ^= ctx->w[m]; \ + out[4 * (n)] = x; out[4 * (n) + 1] = x >> 8; \ + out[4 * (n) + 2] = x >> 16; out[4 * (n) + 3] = x >> 24 + +/* Encrypt one block. in and out may be the same. */ + +static int twofish_encrypt (struct cipher_context *cx, + const u8 *in, u8 *out, int size, int atomic) +{ + const twofish_key_t *ctx = (twofish_key_t *) cx->keyinfo; + + /* The four 32-bit chunks of the text. */ + u32 a, b, c, d; + + /* Temporaries used by the round function. */ + u32 x, y; + + if (size != 16) + return 1; + + /* Input whitening and packing. */ + INPACK (0, a, 0); + INPACK (1, b, 1); + INPACK (2, c, 2); + INPACK (3, d, 3); + + /* Encryption Feistel cycles. */ + ENCCYCLE (0); + ENCCYCLE (1); + ENCCYCLE (2); + ENCCYCLE (3); + ENCCYCLE (4); + ENCCYCLE (5); + ENCCYCLE (6); + ENCCYCLE (7); + + /* Output whitening and unpacking. */ + OUTUNPACK (0, c, 4); + OUTUNPACK (1, d, 5); + OUTUNPACK (2, a, 6); + OUTUNPACK (3, b, 7); + + return 0; +} + +/* Decrypt one block. in and out may be the same. */ + +static int twofish_decrypt (struct cipher_context *cx, + const u8 *in, u8 *out, int size, int atomic) +{ + const twofish_key_t *ctx = (twofish_key_t *) cx->keyinfo; + + /* The four 32-bit chunks of the text. */ + u32 a, b, c, d; + + /* Temporaries used by the round function. */ + u32 x, y; + + if (size != 16) + return 1; + + /* Input whitening and packing. */ + INPACK (0, c, 4); + INPACK (1, d, 5); + INPACK (2, a, 6); + INPACK (3, b, 7); + + /* Encryption Feistel cycles. */ + DECCYCLE (7); + DECCYCLE (6); + DECCYCLE (5); + DECCYCLE (4); + DECCYCLE (3); + DECCYCLE (2); + DECCYCLE (1); + DECCYCLE (0); + + /* Output whitening and unpacking. */ + OUTUNPACK (0, a, 0); + OUTUNPACK (1, b, 1); + OUTUNPACK (2, c, 2); + OUTUNPACK (3, d, 3); + + return 0; +} + +#define CIPHER_ID twofish +#define CIPHER_BLOCKSIZE 128 +#define CIPHER_KEY_SIZE_MASK CIPHER_KEYSIZE_128 | CIPHER_KEYSIZE_192 | CIPHER_KEYSIZE_256 +#define CIPHER_KEY_SCHEDULE_SIZE sizeof (twofish_key_t) + +#include "gen-cipher.h" + +EXPORT_NO_SYMBOLS; diff -Nur linux-2.4.18/crypto/ciphers/gen-cbc.h linux-int-2.4.18/crypto/ciphers/gen-cbc.h --- linux-2.4.18/crypto/ciphers/gen-cbc.h Thu Jan 1 01:00:00 1970 +++ linux-int-2.4.18/crypto/ciphers/gen-cbc.h Wed Apr 3 17:28:57 2002 @@ -0,0 +1,109 @@ + +#include +#include + +#if defined(CIPHER_BITS_128) +# define BS 16 +#else +# define BS 8 +#endif + +/* + * These functions only use the XOR operator on the data, so no + * endianness problems should occur. + */ + +static int CIPHER_NAME(_cbc_encrypt)(struct cipher_context *cx, const u8 *in_blk, + u8 *out_blk, int size, int atomic, const u8 *_iv) +{ + const u32 *iv = (const u32 *) _iv; + u8 tmp[BS]; + ((u32 *)tmp)[0] = iv[0]; + ((u32 *)tmp)[1] = iv[1]; +#ifdef CIPHER_BITS_128 + ((u32 *)tmp)[2] = iv[2]; + ((u32 *)tmp)[3] = iv[3]; +#endif + for (size -= BS; size >= 0; size -= BS) { + ((u32 *)tmp)[0] ^= ((u32 *)in_blk)[0]; + ((u32 *)tmp)[1] ^= ((u32 *)in_blk)[1]; +#ifdef CIPHER_BITS_128 + ((u32 *)tmp)[2] ^= ((u32 *)in_blk)[2]; + ((u32 *)tmp)[3] ^= ((u32 *)in_blk)[3]; +#endif + CIPHER_NAME(_encrypt)(cx, tmp, tmp, BS, atomic); + memcpy(out_blk, tmp, sizeof(tmp)); + in_blk += BS; out_blk += BS; + +#if LINUX_VERSION_CODE <= KERNEL_VERSION(2,5,0) + if (!atomic && current->need_resched) + schedule (); +#else + if (!atomic) + cond_resched (); +#endif + + } /* for */ + + if (size != -BS) { + memset(tmp, 0, sizeof(tmp)); + memcpy(tmp, in_blk, size+BS); + ((u32 *)tmp)[0] ^= ((u32 *)out_blk)[0 - BS/4]; + ((u32 *)tmp)[1] ^= ((u32 *)out_blk)[1 - BS/4]; +#ifdef CIPHER_BITS_128 + ((u32 *)tmp)[2] ^= ((u32 *)out_blk)[2 - BS/4]; + ((u32 *)tmp)[3] ^= ((u32 *)out_blk)[3 - BS/4]; +#endif + CIPHER_NAME(_encrypt)(cx, tmp, out_blk, BS, atomic); + } /* if */ + + return 0; +} + +static int CIPHER_NAME(_cbc_decrypt)(struct cipher_context *cx, const u8 *in_blk, + u8 *out_blk, int size, int atomic, const u8 *_iv) +{ + const u32 *iv = (const u32 *) _iv; + u8 tmp[BS], tmp2[BS]; + ((u32 *)tmp)[0] = iv[0]; + ((u32 *)tmp)[1] = iv[1]; +#ifdef CIPHER_BITS_128 + ((u32 *)tmp)[2] = iv[2]; + ((u32 *)tmp)[3] = iv[3]; +#endif + + for (size -= BS; size >= 0; size -= BS) { + CIPHER_NAME(_decrypt)(cx, in_blk, tmp2, BS, atomic); + ((u32 *)tmp2)[0] ^= ((u32 *)tmp)[0]; + ((u32 *)tmp2)[1] ^= ((u32 *)tmp)[1]; +#ifdef CIPHER_BITS_128 + ((u32 *)tmp2)[2] ^= ((u32 *)tmp)[2]; + ((u32 *)tmp2)[3] ^= ((u32 *)tmp)[3]; +#endif + memcpy(tmp, in_blk, sizeof(tmp)); + memcpy(out_blk, tmp2, BS); + in_blk += BS; out_blk += BS; + +#if LINUX_VERSION_CODE <= KERNEL_VERSION(2,5,0) + if (!atomic && current->need_resched) + schedule (); +#else + if (!atomic) + cond_resched (); +#endif + } + + if (size != -BS) { + CIPHER_NAME(_decrypt)(cx, in_blk, tmp2, BS, atomic); + ((u32 *)tmp2)[0] ^= ((u32 *)tmp)[0]; + ((u32 *)tmp2)[1] ^= ((u32 *)tmp)[1]; +#ifdef CIPHER_BITS_128 + ((u32 *)tmp2)[2] ^= ((u32 *)tmp)[2]; + ((u32 *)tmp2)[3] ^= ((u32 *)tmp)[3]; +#endif + memcpy(out_blk, tmp2, size+BS); + } + return 0; +} + +#undef BS diff -Nur linux-2.4.18/crypto/ciphers/gen-cfb.h linux-int-2.4.18/crypto/ciphers/gen-cfb.h --- linux-2.4.18/crypto/ciphers/gen-cfb.h Thu Jan 1 01:00:00 1970 +++ linux-int-2.4.18/crypto/ciphers/gen-cfb.h Wed Apr 3 17:28:57 2002 @@ -0,0 +1,130 @@ +/* + Cipher Feedback Block mode + + Written by David Bryson + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +*/ + +#include +#include + +#if defined(CIPHER_BITS_128) +# define BS 16 +#else +# define BS 8 +#endif + + +/* + * These functions only use the XOR operator on the data, so no + * endianness problems should occur. + */ + +static int CIPHER_NAME(_cfb_encrypt)(struct cipher_context *cx, const u8 *in_blk, + u8 *out_blk, int size, int atomic, const u8 *_iv) +{ + const u32 *iv = (const u32 *) _iv; + u8 tmp[BS]; + ((u32 *)tmp)[0] = iv[0]; + ((u32 *)tmp)[1] = iv[1]; +#ifdef CIPHER_BITS_128 + ((u32 *)tmp)[2] = iv[2]; + ((u32 *)tmp)[3] = iv[3]; +#endif + for (size -= BS; size >= 0; size -= BS) { + CIPHER_NAME(_encrypt)(cx, tmp, tmp, BS, atomic); + ((u32 *)tmp)[0] ^= ((u32 *)in_blk)[0]; + ((u32 *)tmp)[1] ^= ((u32 *)in_blk)[1]; +#ifdef CIPHER_BITS_128 + ((u32 *)tmp)[2] ^= ((u32 *)in_blk)[2]; + ((u32 *)tmp)[3] ^= ((u32 *)in_blk)[3]; +#endif + memcpy(out_blk, tmp, sizeof(tmp)); + in_blk += BS; out_blk += BS; + +#if LINUX_VERSION_CODE <= KERNEL_VERSION(2,5,0) + if (!atomic && current->need_resched) + schedule(); +#else + if (!atomic) + cond_resched(); +#endif + } /* end for */ + + if (size != BS) { + memset(tmp, 0, sizeof(tmp)); + memcpy(tmp, in_blk, size+BS); + CIPHER_NAME(_encrypt)(cx, tmp, tmp, BS, atomic); + + ((u32 *)tmp)[0] ^= ((u32 *)in_blk)[0 - BS/4]; + ((u32 *)tmp)[1] ^= ((u32 *)in_blk)[1 - BS/4]; +#ifdef CIPHER_BITS_128 + ((u32 *)tmp)[2] ^= ((u32 *)in_blk)[2 - BS/4]; + ((u32 *)tmp)[3] ^= ((u32 *)in_blk)[3 - BS/4]; +#endif + } /* end if */ + + return 0; +} + +static int CIPHER_NAME(_cfb_decrypt)(struct cipher_context *cx, const u8 *in_blk, + u8 *out_blk, int size, int atomic, const u8 *_iv) +{ + const u32 *iv = (const u32 *) _iv; + u8 tmp[BS]; + ((u32 *)tmp)[0] = iv[0]; + ((u32 *)tmp)[1] = iv[1]; +#ifdef CIPHER_BITS_128 + ((u32 *)tmp)[2] = iv[2]; + ((u32 *)tmp)[3] = iv[3]; +#endif + for (size -= BS; size >= 0; size -= BS) { + CIPHER_NAME(_encrypt)(cx, tmp, tmp, BS, atomic); + ((u32 *)tmp)[0] ^= ((u32 *)in_blk)[0]; + ((u32 *)tmp)[1] ^= ((u32 *)in_blk)[1]; +#ifdef CIPHER_BITS_128 + ((u32 *)tmp)[2] ^= ((u32 *)in_blk)[2]; + ((u32 *)tmp)[3] ^= ((u32 *)in_blk)[3]; +#endif + memcpy(out_blk, tmp, sizeof(tmp)); + memcpy(tmp, in_blk, sizeof(tmp)); + in_blk += BS; out_blk += BS; + +#if LINUX_VERSION_CODE <= KERNEL_VERSION(2,5,0) + if (!atomic && current->need_resched) + schedule(); +#else + if (!atomic) + cond_resched(); +#endif + } /* end for */ + + if (size != -BS) { + CIPHER_NAME(_encrypt)(cx, tmp, tmp, BS, atomic); + ((u32 *)tmp)[0] ^= ((u32 *)in_blk)[0]; + ((u32 *)tmp)[1] ^= ((u32 *)in_blk)[1]; +#ifdef CIPHER_BITS_128 + ((u32 *)tmp)[2] ^= ((u32 *)in_blk)[2]; + ((u32 *)tmp)[3] ^= ((u32 *)in_blk)[3]; +#endif + memcpy(out_blk, tmp, size+BS); + } /* end if */ + + return 0; +} + +#undef BS diff -Nur linux-2.4.18/crypto/ciphers/gen-cipher.h linux-int-2.4.18/crypto/ciphers/gen-cipher.h --- linux-2.4.18/crypto/ciphers/gen-cipher.h Thu Jan 1 01:00:00 1970 +++ linux-int-2.4.18/crypto/ciphers/gen-cipher.h Wed Apr 3 17:28:57 2002 @@ -0,0 +1,171 @@ +/* + Generic cipher template header + + $Id: gen-cipher.h,v 1.4 2002/03/27 20:35:44 mutex_ Exp $ + + Written by Herbert Valerio Riedel + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +*/ + +#if !defined(CIPHER_KEY_SIZE_MASK) +# error CIPHER_KEY_SIZE_MASK not defined +#endif + +#if !defined(CIPHER_ID) +# error CIPHER_ID not defined +#endif + +#if !defined(CIPHER_BLOCKSIZE) +#error CIPHER_BLOCKSIZE not defined +#endif + +#if !defined(CIPHER_KEY_SCHEDULE_SIZE) +#error CIPHER_KEY_SCHEDULE_SIZE not defined +#endif + +/* some cpp magic */ +#define __STR(x) # x +#define __xSTR(x) __STR(x) + +#define __CAT(x,y) x ## y +#define __xCAT(x,y) __CAT(x,y) + +#define CIPHER_SYMBOL(x) __xCAT(CIPHER_ID,x) + +/* default lock ops */ + +#if !defined(NO_CIPHER_DEFAULT_LOCK_OPS) +static void +CIPHER_SYMBOL(_lock) (void) +{ + MOD_INC_USE_COUNT; +} + +static void +CIPHER_SYMBOL(_unlock) (void) +{ + MOD_DEC_USE_COUNT; +} +#endif /* NO_CIPHER_DEFAULT_LOCK_OPS */ + +/* + * compat #defines for gen-{ecb,cbc}.h + */ + +#define CIPHER_NAME(x) CIPHER_SYMBOL(x) + +#if CIPHER_BLOCKSIZE == 64 +# define CIPHER_BITS_64 +#elif CIPHER_BLOCKSIZE == 128 +# define CIPHER_BITS_128 +#else +# error unsupported cipher blocksize +#endif + + +#define __xINIT_CIPHER_BLKOPS(name) INIT_CIPHER_BLKOPS(name) +#define __xINIT_CIPHER_OPS(name) INIT_CIPHER_OPS(name) + +/* ECB */ + +#include "gen-ecb.h" + +static struct cipher_implementation CIPHER_SYMBOL(_ecb) = { + {{NULL, NULL}, CIPHER_MODE_ECB, __xSTR(CIPHER_ID) "-ecb"}, + blocksize: CIPHER_BLOCKSIZE / 8, + ivsize: 0, + key_schedule_size: CIPHER_KEY_SCHEDULE_SIZE, + key_size_mask: CIPHER_KEY_SIZE_MASK, + __xINIT_CIPHER_BLKOPS (CIPHER_SYMBOL(_ecb)), + __xINIT_CIPHER_OPS (CIPHER_ID) +}; + +/* CBC */ + +#include "gen-cbc.h" + +static struct cipher_implementation CIPHER_SYMBOL(_cbc) = { + {{NULL, NULL}, CIPHER_MODE_CBC, __xSTR(CIPHER_ID) "-cbc"}, + blocksize: CIPHER_BLOCKSIZE / 8, + ivsize: CIPHER_BLOCKSIZE / 8, + key_schedule_size: CIPHER_KEY_SCHEDULE_SIZE, + key_size_mask: CIPHER_KEY_SIZE_MASK, + __xINIT_CIPHER_BLKOPS (CIPHER_SYMBOL(_cbc)), + __xINIT_CIPHER_OPS (CIPHER_ID) +}; + +/* CFB */ + +#include "gen-cfb.h" + +static struct cipher_implementation CIPHER_SYMBOL(_cfb) = { + {{NULL, NULL}, CIPHER_MODE_CFB, __xSTR(CIPHER_ID) "-cfb"}, + blocksize: CIPHER_BLOCKSIZE / 8, + ivsize: CIPHER_BLOCKSIZE / 8, + key_schedule_size: CIPHER_KEY_SCHEDULE_SIZE, + key_size_mask: CIPHER_KEY_SIZE_MASK, + __xINIT_CIPHER_BLKOPS (CIPHER_SYMBOL(_cfb)), + __xINIT_CIPHER_OPS (CIPHER_ID) +}; + +/* default init/cleanup functions */ + +#if !defined(NO_CIPHER_DEFAULT_INIT_CLEANUP_OPS) + +static int __init +CIPHER_SYMBOL (_init) (void) +{ +#if defined(CIPHER_PRE_INIT_HOOK) + CIPHER_PRE_INIT_HOOK +#endif + + if (register_cipher (& CIPHER_SYMBOL(_ecb))) + printk (KERN_WARNING "Couldn't register " __xSTR(CIPHER_ID) "-ecb encryption\n"); + + if (register_cipher (& CIPHER_SYMBOL(_cbc))) + printk (KERN_WARNING "Couldn't register " __xSTR(CIPHER_ID) "-cbc encryption\n"); + + if (register_cipher (& CIPHER_SYMBOL(_cfb))) + printk (KERN_WARNING "Couldn't register " __xSTR(CIPHER_ID) "-cfb encryption\n"); + + return 0; +} + +#define __xmodule_init(s) module_init(s) +__xmodule_init (CIPHER_SYMBOL (_init)); +#undef __xmodule_init + +static void __exit +CIPHER_SYMBOL (_cleanup) (void) +{ + if (unregister_cipher (& CIPHER_SYMBOL(_ecb))) + printk (KERN_WARNING "Couldn't unregister " __xSTR(CIPHER_ID) "-ecb encryption\n"); + + if (unregister_cipher (& CIPHER_SYMBOL(_cbc))) + printk (KERN_WARNING "Couldn't unregister " __xSTR(CIPHER_ID) "-cbc encryption\n"); + + if (unregister_cipher (& CIPHER_SYMBOL(_cfb))) + printk (KERN_WARNING "Couldn't unregister " __xSTR(CIPHER_ID) "-cfb encryption\n"); +} + +#define __xmodule_exit(s) module_exit(s) +__xmodule_exit (CIPHER_SYMBOL (_cleanup)); +#undef __xmodule_exit + +#endif /* NO_CIPHER_DEFAULT_INIT_CLEANUP_OPS */ + +/* EOF */ diff -Nur linux-2.4.18/crypto/ciphers/gen-ecb.h linux-int-2.4.18/crypto/ciphers/gen-ecb.h --- linux-2.4.18/crypto/ciphers/gen-ecb.h Thu Jan 1 01:00:00 1970 +++ linux-int-2.4.18/crypto/ciphers/gen-ecb.h Wed Apr 3 17:28:57 2002 @@ -0,0 +1,61 @@ + +#include +#include + +#if defined(CIPHER_BITS_128) +# define BS 16 +#else +# define BS 8 +#endif + +static int CIPHER_NAME(_ecb_encrypt)(struct cipher_context *cx, const u8 *in_blk, + u8 *out_blk, int size, int atomic, const u8 *_iv) +{ + u8 tmp[BS]; + for (size -= BS; size >= 0; size -= BS) { + CIPHER_NAME(_encrypt)(cx, in_blk, out_blk, BS, atomic); + in_blk += BS; out_blk += BS; +#if LINUX_VERSION_CODE <= KERNEL_VERSION(2,5,0) + if (!atomic && current->need_resched) { + schedule(); + } +#else + if (!atomic) { + cond_resched(); + } +#endif + } + if (size != -BS) { + memset(tmp, 0, sizeof(tmp)); + memcpy(tmp, in_blk, size+BS); + CIPHER_NAME(_encrypt)(cx, tmp, out_blk, BS, atomic); + } + return 0; +} + +static int CIPHER_NAME(_ecb_decrypt)(struct cipher_context *cx, const u8 *in_blk, + u8 *out_blk, int size, int atomic, const u8 *_iv) +{ + u8 tmp[BS]; + for (size -= BS; size >= 0; size -= BS) { + CIPHER_NAME(_decrypt)(cx, in_blk, out_blk, BS, atomic); + in_blk += BS; out_blk += BS; +#if LINUX_VERSION_CODE <= KERNEL_VERSION(2,5,0) + if (!atomic && current->need_resched) { + schedule(); + } +#else + if (!atomic) { + cond_resched(); + } +#endif + } + if (size != -BS) { + CIPHER_NAME(_decrypt)(cx, in_blk, tmp, BS, atomic); + memcpy(out_blk, tmp, size+BS); + } + return 0; +} + + +#undef BS diff -Nur linux-2.4.18/crypto/cryptoapi.c linux-int-2.4.18/crypto/cryptoapi.c --- linux-2.4.18/crypto/cryptoapi.c Thu Jan 1 01:00:00 1970 +++ linux-int-2.4.18/crypto/cryptoapi.c Wed Apr 3 17:28:57 2002 @@ -0,0 +1,660 @@ +/* + * crypto/cryptoapi.c + * + * Written by Alexander Kjeldaas 1998-11-15 + * + * 2000-10-15 Harald Welte + * - ported to Linux 2.4 + * + * Copyright 1998 by Alexander Kjeldaas. + * 2001 by Herbert Valerio Riedel + * + * Redistribution of this file is permitted under the GNU Public License. + */ + +#include +#include + +#include +#include +#include +#include +#include + +#ifdef CONFIG_KMOD +#include +#endif /* CONFIG_KMOD */ + +#ifdef MODULE_LICENSE +MODULE_LICENSE("GPL"); +#endif + +static struct proc_dir_entry *proc_crypto; + +static struct cipher_context * +default_realloc_cipher_context(struct cipher_context *old_cx, + struct cipher_implementation *, + int max_key_len); + +static struct digest_context * +default_realloc_digest_context(struct digest_context *old_cx, + struct digest_implementation *); + +static void default_wipe_context(struct cipher_context *cx); + +static void default_free_cipher_context(struct cipher_context *cx); +static void default_free_digest_context(struct digest_context *cx); + +static void default_lock(void); +static void default_unlock(void); + +static int default_encrypt(struct cipher_context *cx, + const u8 *in, u8 *out, int size); +static int default_encrypt_atomic(struct cipher_context *cx, + const u8 *in, u8 *out, int size); +static int default_encrypt_iv(struct cipher_context *cx, + const u8 *in, u8 *out, int size, + const u8 *iv); +static int default_encrypt_atomic_iv(struct cipher_context *cx, + const u8 *in, u8 *out, int size, + const u8 *iv); + +static int default_decrypt(struct cipher_context *cx, + const u8 *in, u8 *out, int size); +static int default_decrypt_atomic(struct cipher_context *cx, + const u8 *in, u8 *out, int size); + +static int default_decrypt_iv(struct cipher_context *cx, + const u8 *in, u8 *out, int size, const u8 *iv); +static int default_decrypt_atomic_iv(struct cipher_context *cx, + const u8 *in, u8 *out, int size, + const u8 *iv); + +static int default_set_key(struct cipher_context *cx, + const u8 *key, int key_len); +static int default_set_key_atomic(struct cipher_context *cx, + const u8 *key, int key_len); + +/* digests */ + +static int default_open (struct digest_context *cx); +static int default_open_atomic (struct digest_context *cx); + +static int default_update(struct digest_context *cx, const u8 *in, int size); +static int default_update_atomic(struct digest_context *cx, const u8 *in, int size); + +static int default_digest(struct digest_context *cx, u8 *out); +static int default_digest_atomic(struct digest_context *cx, u8 *out); + +static int default_close(struct digest_context *cx, u8 *out); +static int default_close_atomic(struct digest_context *cx, u8 *out); + +static int default_hmac(struct digest_context *cx, u8 *key, int key_len, + u8 *in, int size, u8 *hmac); +static int default_hmac_atomic(struct digest_context *cx, u8 *key, int key_len, + u8 *in, int size, u8 *hmac); +#ifdef CONFIG_PROC_FS +static int cipher_read_proc(char *page, char **start, off_t off, + int count, int *eof, void *data); +static int digest_read_proc(char *page, char **start, off_t off, + int count, int *eof, void *data); +#endif /* CONFIG_PROC_FS */ + +static LIST_HEAD(ciphers); +static LIST_HEAD(digests); + +static struct transform_group transforms[MAX_TRANSFORM] = { + /* digest */ + { TRANSFORM_DIGEST, "digest", RW_LOCK_UNLOCKED, &digests, +#ifdef CONFIG_PROC_FS + NULL, &digest_read_proc +#endif /* CONFIG_PROC_FS */ + }, + /* cipher */ + { TRANSFORM_CIPHER, "cipher", RW_LOCK_UNLOCKED, &ciphers, +#ifdef CONFIG_PROC_FS + NULL, &cipher_read_proc +#endif /* CONFIG_PROC_FS */ + } +}; + +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,3,0) && defined(CONFIG_PROC_FS) +static struct proc_dir_entry * +create_proc_read_entry(const char *name, + mode_t mode, struct proc_dir_entry *base, + read_proc_t *read_proc, void * data) +{ + struct proc_dir_entry *res=create_proc_entry(name,mode,base); + if (res) { + res->read_proc=read_proc; + res->data=data; + } + return res; +} + +#endif /* defined(CONFIG_PROC_FS) */ + + +/** + * find_transform_by_name - Find transform implementation + * @name: The name of the transform. + * @tgroup: The identifier for the transform group the transform belongs to. + * + * Returns a ptr to the transform on success, NULL on failure. + * Valid tgroup values are: + * + * %TRANSFORM_CIPHER - When looking for ciphers + * + * %TRANSFORM_DIGEST - When looking for digests + * + * You might want to use the wrapper-functions + * find_cipher_by_name(const char *name), and + * find_digest_by_name(const char *name) instead of this one. + */ +struct transform_implementation * +find_transform_by_name(const char *name, int tgroup, int atomicapi) +{ + struct list_head *tmp; + struct transform_group *tg; +#ifdef CONFIG_KMOD + char module_name[200]; + char *p; +#endif /* CONFIG_KMOD */ + + if (tgroup >= MAX_TRANSFORM) + return NULL; + tg = &transforms[tgroup]; + +#ifdef CONFIG_KMOD + sprintf(module_name, "%s-%s-", tg->tg_name, name); +retry: +#endif /* CONFIG_KMOD */ + read_lock(&tg->tg_lock); + for (tmp = tg->tg_head->next; tmp != tg->tg_head; tmp = tmp->next) { + struct transform_implementation *t; + t = list_entry(tmp, struct transform_implementation, t_list); + if (strcmp(t->t_name, name) == 0) { + if (!atomicapi || t->t_atomicapi) { + read_unlock(&tg->tg_lock); + return t; + } + } + } + + /* transform not found */ + read_unlock(&tg->tg_lock); + +#ifdef CONFIG_KMOD + /* We try loading more and more general modules in succession. + * For example, if the module_name initially is set to + * "cipher-blowfish-cbc", we first try a module called + * "cipher-blowfish-cbc", then "cipher-blowfish" */ + if ((p = strrchr(module_name, '-')) != NULL) { + *p = 0; + printk(KERN_DEBUG "cryptoapi: trying %s\n", module_name); + request_module(module_name); + goto retry; + } +#endif /* CONFIG_KMOD */ + return NULL; +} + +/** + * register_transform - Register new transform. + * @ti: Initialized transform implementation struct. + * @tgroup: The identifier for the transform group the transform should belong to. + * + * Adds a transform from the crypto API. ti->t_group is set to point + * to the correct transform group according to tgroup, the transform + * is added to the group's transform-list, and a /proc files are + * created if CONFIG_PROC_FS=y Returns 0 on success. Valid tgroup + * values are: + * + * %TRANSFORM_CIPHER - When adding ciphers + * + * %TRANSFORM_DIGEST - When adding digests + * + */ +int +register_transform(struct transform_implementation *ti, int tgroup) +{ + int err = 0; + struct transform_group *tg; + + if (tgroup >= MAX_TRANSFORM) { + return -1; + } + INIT_LIST_HEAD(&ti->t_list); + tg = ti->t_group = &transforms[tgroup]; + write_lock(&ti->t_group->tg_lock); + list_add(&ti->t_list, ti->t_group->tg_head); + write_unlock(&ti->t_group->tg_lock); + if (!err) { + MOD_INC_USE_COUNT; + printk(KERN_INFO "cryptoapi: Registered %s (%d)\n", + ti->t_name, ti->t_flags); +#ifdef CONFIG_PROC_FS + ti->t_proc = create_proc_read_entry(ti->t_name, + S_IFREG|S_IRUGO, + tg->tg_proc_parent_dir, + tg->read_proc, (void *)ti); +#endif /* CONFIG_PROC_FS */ + } + return err; +} + +/** + * unregister_transform - Unregister new transform. + * @ti: Initialized transform implementation struct. + * + * Removes a transform from the crypto API. Returns 0 on success, + * non-zero on failure to remove /proc entry. + * + */ +int +unregister_transform(struct transform_implementation *ti) +{ + int ret = 0; + + if (!list_empty(&ti->t_list)) { + write_lock(&ti->t_group->tg_lock); + list_del(&ti->t_list); + write_unlock(&ti->t_group->tg_lock); + ret = 0; + } + +#ifdef CONFIG_PROC_FS + if (ti->t_proc) { + ti->t_proc = NULL; + remove_proc_entry(ti->t_name, ti->t_group->tg_proc_parent_dir); + } +#endif /* CONFIG_PROC_FS */ + + if (!ret) + MOD_DEC_USE_COUNT; + + return ret; +} + + +int +register_cipher(struct cipher_implementation *ci) +{ + if (!ci->realloc_context) + ci->realloc_context = default_realloc_cipher_context; + + if (!ci->wipe_context) + ci->wipe_context = default_wipe_context; + + if (!ci->free_context) + ci->free_context = default_free_cipher_context; + + if (!ci->lock) + ci->lock = default_lock; + + if (!ci->unlock) + ci->unlock = default_unlock; + + if (ci->_encrypt && ci->_decrypt && ci->_set_key) { + ci->encrypt_iv = default_encrypt_iv; + ci->encrypt_atomic_iv = default_encrypt_atomic_iv; + ci->decrypt_iv = default_decrypt_iv; + ci->decrypt_atomic_iv = default_decrypt_atomic_iv; + + ci->encrypt = default_encrypt; + ci->encrypt_atomic = default_encrypt_atomic; + ci->decrypt = default_decrypt; + ci->decrypt_atomic = default_decrypt_atomic; + ci->set_key = default_set_key; + ci->set_key_atomic = default_set_key_atomic; + ci->trans.t_atomicapi = 1; + } + + if (!ci->encrypt || !ci->decrypt || !ci->set_key) { + return -EINVAL; + } + return register_transform((struct transform_implementation *)ci, + TRANSFORM_CIPHER); +} + +int +register_digest(struct digest_implementation *di) +{ + if (!di->realloc_context) + di->realloc_context = default_realloc_digest_context; + + if (!di->free_context) + di->free_context = default_free_digest_context; + + if (!di->lock) + di->lock = default_lock; + + if (!di->unlock) + di->unlock = default_unlock; + + if (di->_open && di->_update && di->_digest && di->_close && di->_hmac) + { + di->open = default_open; + di->open_atomic = default_open_atomic; + + di->update = default_update; + di->update_atomic = default_update_atomic; + + di->digest = default_digest; + di->digest_atomic = default_digest_atomic; + + di->close = default_close; + di->close_atomic = default_close_atomic; + + di->hmac = default_hmac; + di->hmac_atomic = default_hmac_atomic; + di->trans.t_atomicapi = 1; + } + + if (!di->open || !di->update || !di->digest || !di->close) + return -EINVAL; + + return register_transform((struct transform_implementation *)di, + TRANSFORM_DIGEST); +} + +int +unregister_cipher(struct cipher_implementation *ci) +{ + return unregister_transform((struct transform_implementation *)ci); +} + +int +unregister_digest(struct digest_implementation *ci) +{ + return unregister_transform((struct transform_implementation *)ci); +} + +struct cipher_context * +default_realloc_cipher_context(struct cipher_context *old_cx, + struct cipher_implementation *ci, + int max_key_len) +{ + struct cipher_context *cx; + /* Default ciphers need the same amount of memory for any key + size */ + if (old_cx) { + return old_cx; + } + cx = kmalloc(sizeof(struct cipher_context) + + ci->key_schedule_size, GFP_KERNEL); + if (!cx) { + return NULL; + } + cx->ci = ci; + cx->keyinfo = (void *)((char *)cx)+sizeof(struct cipher_context); + (void) max_key_len; /* Make gcc happy */ + return cx; +} + +struct digest_context * +default_realloc_digest_context(struct digest_context *old_cx, + struct digest_implementation *di) +{ + struct digest_context *cx; + + if (old_cx) + di->free_context (old_cx); + + cx = kmalloc (sizeof (struct digest_context) + di->working_size, GFP_KERNEL); + if (!cx) + return NULL; + + cx->di = di; + + /* let digest_info point behind the context */ + cx->digest_info = (void *)((char *)cx) + sizeof(struct digest_context); + + return cx; +} + +void +default_wipe_context(struct cipher_context *cx) +{ + struct cipher_implementation *ci = cx->ci; + u32 *keyinfo = cx->keyinfo; + memset(cx->keyinfo, 0, ci->key_schedule_size); + memset(cx, 0, sizeof(struct cipher_context)); + cx->ci = ci; + cx->keyinfo = keyinfo; +} + +void +default_free_cipher_context(struct cipher_context *cx) +{ + kfree(cx); +} + +void +default_free_digest_context(struct digest_context *cx) +{ + kfree(cx); +} + +void +default_lock (void) +{ +} + +void +default_unlock (void) +{ +} + +static int +default_encrypt(struct cipher_context *cx, const u8 *in, u8 *out, int size) +{ + return cx->ci->_encrypt(cx, in, out, size, 0, cx->iv); +} + +static int +default_encrypt_atomic(struct cipher_context *cx, const u8 *in, u8 *out, + int size) +{ + return cx->ci->_encrypt(cx, in, out, size, 1, cx->iv); +} + + +static int +default_encrypt_iv(struct cipher_context *cx, const u8 *in, u8 *out, int size, + const u8 *iv) +{ + return cx->ci->_encrypt(cx, in, out, size, 0, iv); +} + +static int +default_encrypt_atomic_iv(struct cipher_context *cx, const u8 *in, u8 *out, + int size, const u8 *iv) +{ + return cx->ci->_encrypt(cx, in, out, size, 1, iv); +} + +static int +default_decrypt(struct cipher_context *cx, const u8 *in, u8 *out, int size) +{ + return cx->ci->_decrypt(cx, in, out, size, 0, cx->iv); +} + +static int +default_decrypt_atomic(struct cipher_context *cx, const u8 *in, u8 *out, + int size) +{ + return cx->ci->_decrypt(cx, in, out, size, 1, cx->iv); +} + +static int +default_decrypt_iv(struct cipher_context *cx, const u8 *in, u8 *out, int size, + const u8 *iv) +{ + return cx->ci->_decrypt(cx, in, out, size, 0, iv); +} + +static int +default_decrypt_atomic_iv(struct cipher_context *cx, const u8 *in, u8 *out, + int size, const u8 *iv) +{ + return cx->ci->_decrypt(cx, in, out, size, 1, iv); +} + + +static int +default_set_key(struct cipher_context *cx, const u8 *key, int key_len) +{ + return cx->ci->_set_key(cx, key, key_len, 0); +} + +static int +default_set_key_atomic(struct cipher_context *cx, const u8 *key, + int key_len) +{ + return cx->ci->_set_key(cx, key, key_len, 1); +} + + +static int +default_open (struct digest_context *cx) +{ + return cx->di->_open (cx, 0); +} + +static int +default_open_atomic (struct digest_context *cx) +{ + return cx->di->_open (cx, 1); +} + +static int default_update(struct digest_context *cx, const u8 *in, int size) +{ + return cx->di->_update (cx, in, size, 0); +} + +static int default_update_atomic(struct digest_context *cx, const u8 *in, int size) +{ + return cx->di->_update (cx, in, size, 1); +} + +static int default_digest(struct digest_context *cx, u8 *out) +{ + return cx->di->_digest (cx, out, 0); +} + +static int default_digest_atomic(struct digest_context *cx, u8 *out) +{ + return cx->di->_digest (cx, out, 1); +} + +static int default_close(struct digest_context *cx, u8 *out) +{ + return cx->di->_close (cx, out, 0); +} + +static int default_close_atomic(struct digest_context *cx, u8 *out) +{ + return cx->di->_close (cx, out, 1); +} + +static int default_hmac(struct digest_context *cx, u8 *key, int key_len, + u8 *in, int size, u8 *hmac) +{ + return cx->di->_hmac(cx, key, key_len, in, size, hmac, 0); +} + +static int default_hmac_atomic(struct digest_context *cx, u8 *key, int key_len, + u8 *in, int size, u8 *hmac) +{ + return cx->di->_hmac(cx, key, key_len, in, size, hmac, 1); +} + +#ifdef CONFIG_PROC_FS +static int cipher_read_proc(char *page, char **start, off_t off, + int count, int *eof, void *data) +{ + struct cipher_implementation *ci; + int len = 0; + + ci = (struct cipher_implementation *)data; + + len = sprintf(page, + "cipher_name: %s\n" + "cipher_flags: %d\n" + "blocksize: %d\n" + "keysize_mask: 0x%08x\n" + "ivsize: %d\n" + "key_schedule_size: %d\n", + ci->trans.t_name, ci->trans.t_flags, + ci->blocksize, ci->key_size_mask, + ci->ivsize, ci->key_schedule_size); + *eof=1; + + return len; +} + +static int digest_read_proc(char *page, char **start, off_t off, + int count, int *eof, void *data) +{ + struct digest_implementation *ci; + int len = 0; + + ci = (struct digest_implementation *)data; + + len = sprintf(page, "digest_name: %s\n" + "digest_flags: %d\n" + "blocksize: %d\n" + "working_size: %d\n", + ci->trans.t_name, ci->trans.t_flags, + ci->blocksize, ci->working_size); + *eof=1; + + return len; +} +#endif /* CONFIG_PROC_FS */ + + +static int __init +init_cryptoapi(void) +{ +#ifdef CONFIG_PROC_FS + int i; + + proc_crypto = proc_mkdir("crypto", NULL); + + for (i = 0; i + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#define CRYPTOLOOP_DEBUG + +/* use atomic crypto functions */ +/* #define CRYPTOLOOP_ATOMIC */ + +#include +#include + +#ifdef CONFIG_KMOD +#include +#endif + +#include +#include +#include +#include +#include +#include +#include + +#ifdef MODULE_LICENSE +MODULE_LICENSE("GPL"); +#endif + +#if !defined(LOOP_IV_SECTOR_SIZE) +# error ****************************************************************** +# error ****************************************************************** +# error ****************************************************************** +# error ****************************************************************** +# error **** **** +# error **** you need to to patch your loop.c driver **** +# error **** **** +# error ****************************************************************** +# error ****************************************************************** +# error ****************************************************************** +# error ****************************************************************** +#endif + +#if !defined(LO_CRYPT_CRYPTOAPI) +# warning LO_CRYPT_CRYPTOAPI not (yet) defined in kernel header +# define LO_CRYPT_CRYPTOAPI 18 +#endif + +/* assert (sizeof (cryptoloop_context) < sizeof (key_reserverd[48])) */ + +struct cryptoloop_context { + int blocksize; + int debug; +}; + +#if defined(CRYPTOLOOP_DEBUG) +static inline int +loop_get_bs (const struct loop_device *lo) +{ + int bs = 0; + +#if LINUX_VERSION_CODE <= KERNEL_VERSION(2,5,0) + if (blksize_size[MAJOR(lo->lo_device)]) + bs = blksize_size[MAJOR(lo->lo_device)][MINOR(lo->lo_device)]; +#else + if (blksize_size[major(lo->lo_device)]) + bs = blksize_size[major(lo->lo_device)][minor(lo->lo_device)]; +#endif + if (!bs) + bs = BLOCK_SIZE; + + return bs; +} +#endif /* CRYPTOLOOP_DEBUG */ + +static int +cryptoloop_init (struct loop_device *lo, struct loop_info *info) +{ + struct cryptoloop_context *lx = (struct cryptoloop_context *) lo->key_reserved; + int err = -EINVAL; + char cipher[LO_NAME_SIZE]; + struct cipher_implementation *ci; + struct cipher_context *cx; + + /* encryption breaks for non sector aligned offsets */ + if (info->lo_offset % LOOP_IV_SECTOR_SIZE) + goto out; + + lx->blocksize = LOOP_IV_SECTOR_SIZE; + lx->debug = 0; + + strncpy(cipher, info->lo_name, LO_NAME_SIZE); + cipher[LO_NAME_SIZE - 1] = 0; + + ci = find_cipher_by_name(cipher, 1); + if (!ci) + goto out; + + ci->lock(); + err = -ENOMEM; + cx = ci->realloc_context(NULL, ci, info->lo_encrypt_key_size); + if (!cx) + goto out_ci; + cx->ci = ci; + ci->wipe_context(cx); + +#if defined(CRYPTOLOOP_ATOMIC) + if (ci->set_key_atomic(cx, info->lo_encrypt_key, + info->lo_encrypt_key_size)) { +#else + if (ci->set_key(cx, info->lo_encrypt_key, + info->lo_encrypt_key_size)) { +#endif + err = -EINVAL; + goto out_key; + } + lo->key_data = cx; + err = 0; + goto out; + + out_key: + ci->wipe_context(cx); + ci->free_context(cx); + out_ci: + ci->unlock(); + out: + if (!err) { + MOD_INC_USE_COUNT; + } + + return err; +} + +static int +cryptoloop_transfer (struct loop_device *lo, int cmd, char *raw_buf, + char *loop_buf, int size, loop_iv_t IV) +{ + const struct cryptoloop_context *lx = (struct cryptoloop_context *) lo->key_reserved; + struct cipher_context * cx = (struct cipher_context *) lo->key_data; + struct cipher_implementation *ci = cx->ci; + cipher_trans_proc_iv encdecfunc; + const int blocksize = lx->blocksize ? lx->blocksize : size; + char const *in; + char *out; + + if (cmd == READ) { +#if defined(CRYPTOLOOP_ATOMIC) + encdecfunc = ci->decrypt_atomic_iv; +#else + encdecfunc = ci->decrypt_iv; +#endif + in = raw_buf; + out = loop_buf; + } else { +#if defined(CRYPTOLOOP_ATOMIC) + encdecfunc = ci->encrypt_atomic_iv; +#else + encdecfunc = ci->encrypt_iv; +#endif + in = loop_buf; + out = raw_buf; + } + + IV /= blocksize / LOOP_IV_SECTOR_SIZE; + +#if defined(CRYPTOLOOP_DEBUG) + if (lx->debug) + printk (KERN_DEBUG "cryptoloop_transfer: cmd=%d size=%d iv=%ld blksize=%d iv_blksize=%d\n", + cmd, size, (unsigned long) IV, loop_get_bs (lo), blocksize); +#endif + + /* split up transfer request into blocksize (default = 512) byte data blocks */ + while (size > 0) { + const int _size = (size > blocksize) ? blocksize : size; + u32 iv[4] = { 0, }; + + if (size < blocksize) + printk (KERN_WARNING "cryptoloop_transfer: block (IV = %ld) smaller than blocksize! (%d < %d)\n", + (unsigned long) IV, size, blocksize); + + iv[0] = cpu_to_le32 (IV & 0xffffffff); + encdecfunc (cx, in, out, _size, (u8 *) iv); + + IV++; + size -= _size; + in += _size; + out += _size; + } + + return 0; +} + + +static int +cryptoloop_ioctl (struct loop_device *lo, int cmd, unsigned long arg) +{ + struct cryptoloop_context *lx = (struct cryptoloop_context *) lo->key_reserved; + int err = -EINVAL; + int arg_int = 0; + + if (get_user(arg_int, (int *) arg)) + return -EFAULT; + + switch (cmd) { + case CRYPTOLOOP_SET_BLKSIZE: + printk (KERN_DEBUG "cryptoloop: switch to blocksize %d requested\n", arg_int); + if (arg_int >= 0 && (arg_int % LOOP_IV_SECTOR_SIZE == 0)) + { + lx->blocksize = arg_int; + err = 0; + } + break; + + case CRYPTOLOOP_SET_DEBUG: + printk (KERN_DEBUG "cryptoloop: set debug = %d requested\n", arg_int); + lx->debug = arg_int; + err = 0; + break; + + default: + err = -EINVAL; + break; + } + + return err; +} + +static int +cryptoloop_release(struct loop_device *lo) +{ + struct cipher_context *cx = (struct cipher_context *) lo->key_data; + + if (cx != NULL) { + cx->ci->wipe_context(cx); + cx->ci->unlock(); + cx->ci->free_context(cx); + lo->key_data=NULL; + MOD_DEC_USE_COUNT; + return 0; + } + + printk (KERN_ERR "cryptoloop_release(): cx == NULL ????\n"); + return -EINVAL; +} + +struct loop_func_table cryptoloop_funcs = { + number: LO_CRYPT_CRYPTOAPI, + init: cryptoloop_init, + ioctl: cryptoloop_ioctl, + transfer: cryptoloop_transfer, + release: cryptoloop_release +}; + +static int __init +init_cryptoloop(void) +{ + int rc; + + if ((rc = loop_register_transfer (&cryptoloop_funcs))) + { + printk(KERN_ERR "cryptoloop: register loop transfer function failed\n"); + return rc; + } + + printk(KERN_INFO "cryptoloop: loaded\n"); + return 0; +} + +static void __exit +cleanup_cryptoloop(void) +{ + if (loop_unregister_transfer (LO_CRYPT_CRYPTOAPI)) + printk(KERN_ERR "cryptoloop: unregistering transfer funcs failed\n"); + + printk(KERN_INFO "cryptoloop: unloaded\n"); +} + +module_init(init_cryptoloop); +module_exit(cleanup_cryptoloop); + +EXPORT_NO_SYMBOLS; diff -Nur linux-2.4.18/crypto/digests/Config.help linux-int-2.4.18/crypto/digests/Config.help --- linux-2.4.18/crypto/digests/Config.help Thu Jan 1 01:00:00 1970 +++ linux-int-2.4.18/crypto/digests/Config.help Wed Apr 3 17:28:57 2002 @@ -0,0 +1,34 @@ +# David Bryson Thu, Mar 21, 2002 +# Config.help descriptions for CryptoAPI digest functions + +MD5 digest +CONFIG_DIGEST_MD5 + If you answer yes to this option, the MD5(Message Digest 5) digest + will be compiled into your kernel. MD5 is an improved version of MD4 + designed by Ron Rivest, it produces a 128-bit "hash value" from an in- + put of arbitrary length. + There are no restrictions on the use of the MD5 algorithm. The Crypto- + API implementation of MD5 is released under the GPL. + + See also + + This driver is also available as a module ( = code which can be + inserted in and removed from the running kernel whenever you want). + The module will be called digest-md5.o. If you want to compile it as a + module, say M here and read . + +SHA1 digest +CONFIG_DIGEST_SHA1 + If you answer yes to this option the SHA1(Secure Hash Algorithm 1) will + be compiled into your kernel. SHA1 was designed with NIST and the NSA + for use with the Digital Signature Standard. It produces a 160-bit + hash value from an input or arbitrary length. + There are no restrictions on the use of the SHA1 algorithm. The + CryptoAPI implementation of SHA1 is released under the GPL. + + See also + + This driver is also available as a module ( = code which can be + inserted in and removed from the running kernel whenever you want). + The module will be called digest-sha1.o. If you want to compile it as a + module, say M here and read . diff -Nur linux-2.4.18/crypto/digests/Config.in linux-int-2.4.18/crypto/digests/Config.in --- linux-2.4.18/crypto/digests/Config.in Thu Jan 1 01:00:00 1970 +++ linux-int-2.4.18/crypto/digests/Config.in Wed Apr 3 17:28:57 2002 @@ -0,0 +1,7 @@ +# cryptoapi/kernel/crypto/digests/Config.in + +if [ "$CONFIG_DIGESTS" != "n" ]; then + dep_tristate ' MD5 digest' CONFIG_DIGEST_MD5 $CONFIG_DIGESTS + dep_tristate ' SHA1 digest' CONFIG_DIGEST_SHA1 $CONFIG_DIGESTS +fi + diff -Nur linux-2.4.18/crypto/digests/Makefile linux-int-2.4.18/crypto/digests/Makefile --- linux-2.4.18/crypto/digests/Makefile Thu Jan 1 01:00:00 1970 +++ linux-int-2.4.18/crypto/digests/Makefile Wed Apr 3 17:28:57 2002 @@ -0,0 +1,6 @@ +O_TARGET := digests.o + +obj-$(CONFIG_DIGEST_MD5) += digest-md5.o +obj-$(CONFIG_DIGEST_SHA1) += digest-sha1.o + +include $(TOPDIR)/Rules.make diff -Nur linux-2.4.18/crypto/digests/digest-md5.c linux-int-2.4.18/crypto/digests/digest-md5.c --- linux-2.4.18/crypto/digests/digest-md5.c Thu Jan 1 01:00:00 1970 +++ linux-int-2.4.18/crypto/digests/digest-md5.c Wed Apr 3 17:28:57 2002 @@ -0,0 +1,106 @@ + +/* + * Source code by Alan Smithee, mailed to maintainer on pulped trees. + * + * Glue that ties the standard MD5 code to the rest of the system. + * Everything below this line is GPL. + * + */ + +#include +#include +#include +#include +#include +#include "md5.h" +#include "md5c.c" + +static int +md5_open (struct digest_context *cx, int atomic) +{ + if (!cx || !cx->digest_info) + return -EINVAL; + + MD5Init ((struct MD5_CTX *) cx->digest_info); + + return 0; +} + +static int +md5_update (struct digest_context *cx, const u8 *in, int size, int atomic) +{ + if (!cx || !in || !cx->digest_info) + return -EINVAL; + + MD5Update ((struct MD5_CTX *) cx->digest_info, in, size); + + return 0; +} + +static int +md5_digest (struct digest_context *cx, u8 *out, int atomic) +{ + struct MD5_CTX tmp; + + if (!cx || !out || !cx->digest_info) + return -EINVAL; + + memcpy (&tmp, (struct MD5_CTX *) cx->digest_info, + sizeof (struct MD5_CTX)); + MD5Final (out, &tmp); + + return 0; +} + +static int +md5_close (struct digest_context *cx, u8 *out, int atomic) +{ + u8 tmp[16]; + + if (!cx || !cx->digest_info) + return -EINVAL; + + if (out == 0) + out = tmp; + + MD5Final (out, (struct MD5_CTX *) cx->digest_info); + + return 0; +} + +static void md5_lock (void) +{ + MOD_INC_USE_COUNT; +} + +static void md5_unlock(void) +{ + MOD_DEC_USE_COUNT; +} + +#define DIGEST_NAME(x) md5##x +#include "gen-hmac.h" + +static struct digest_implementation md5 = { + {{NULL,NULL}, 0, "md5"}, + blocksize: 16, + working_size: sizeof(MD5_CTX), + INIT_DIGEST_OPS(md5) +}; + +static int __init init_md5 (void) +{ + printk ("MD5 Message Digest Algorithm (c) RSA Systems, Inc\n"); + register_digest (&md5); + return 0; +} + +static void __exit cleanup_md5 (void) +{ + unregister_digest (&md5); +} + +module_init(init_md5); +module_exit(cleanup_md5); + +EXPORT_NO_SYMBOLS; diff -Nur linux-2.4.18/crypto/digests/digest-sha1.c linux-int-2.4.18/crypto/digests/digest-sha1.c --- linux-2.4.18/crypto/digests/digest-sha1.c Thu Jan 1 01:00:00 1970 +++ linux-int-2.4.18/crypto/digests/digest-sha1.c Wed Apr 3 17:28:57 2002 @@ -0,0 +1,104 @@ +/* + * Modified by Andrew McDonald from md5glue + * by Alan Smithee, mailed to maintainer on pulped trees. + * + * Glue that ties the standard SHA1 code to the rest of the system. + * Everything below this line is GPL. + * + */ + +#include +#include +#include +#include +#include +#include "sha1c.c" + +static int +sha1_open (struct digest_context *cx, int atomic) +{ + if (!cx || !cx->digest_info) + return -EINVAL; + + SHA1Init ((struct SHA1_CTX *) cx->digest_info); + + return 0; +} + +static int +sha1_update (struct digest_context *cx, const u8 *in, int size, int atomic) +{ + if (!cx || !in || !cx->digest_info) + return -EINVAL; + + SHA1Update ((struct SHA1_CTX *) cx->digest_info, in, size); + + return 0; +} + +static int +sha1_digest (struct digest_context *cx, u8 *out, int atomic) +{ + struct SHA1_CTX tmp; + + if (!cx || !out || !cx->digest_info) + return -EINVAL; + + memcpy (&tmp, (struct SHA1_CTX *) cx->digest_info, + sizeof (struct SHA1_CTX)); + SHA1Final (out, &tmp); + + return 0; +} + +static int +sha1_close (struct digest_context *cx, u8 *out, int atomic) +{ + u8 tmp[16]; + + if (!cx || !cx->digest_info) + return -EINVAL; + + if (out == 0) + out = tmp; + + SHA1Final (out, (struct SHA1_CTX *) cx->digest_info); + + return 0; +} + +static void sha1_lock (void) +{ + MOD_INC_USE_COUNT; +} + +static void sha1_unlock(void) +{ + MOD_DEC_USE_COUNT; +} + +#define DIGEST_NAME(x) sha1##x +#include "gen-hmac.h" + +static struct digest_implementation sha1 = { + {{NULL,NULL}, 0, "sha1"}, + blocksize: 20, + working_size: sizeof(struct SHA1_CTX), + INIT_DIGEST_OPS(sha1) +}; + +static int __init init_sha1 (void) +{ + register_digest (&sha1); + return 0; +} + +static void __exit cleanup_sha1 (void) +{ + unregister_digest (&sha1); +} + +module_init(init_sha1); +module_exit(cleanup_sha1); + +EXPORT_NO_SYMBOLS; diff -Nur linux-2.4.18/crypto/digests/gen-hmac.h linux-int-2.4.18/crypto/digests/gen-hmac.h --- linux-2.4.18/crypto/digests/gen-hmac.h Thu Jan 1 01:00:00 1970 +++ linux-int-2.4.18/crypto/digests/gen-hmac.h Wed Apr 3 17:28:57 2002 @@ -0,0 +1,118 @@ +/* $USAGI: gen-hmac.h,v 1.3 2002/01/22 15:22:00 mk Exp $ */ +/* + * Copyright (C)2002 USAGI/WIDE Project + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#define __NO_VERSION__ +#include +#include +#ifdef MODVERSIONS +#include +#endif +#include +#include +#include + +/* + * Supported(Tested) algorithms are MD5 and SHA1. + * Digest size is 64 bytes. + * (See RFC2401) + * + * This code derived from sample code in RFC2104. + */ +#define HMAC_BLOCK_SIZE 64 + + +int DIGEST_NAME(_hmac)(struct digest_context *cx, __u8 *key, int key_len, __u8 *in, int size, __u8 *hmac, int atomic) +{ + int i = 0; + int error = 0; + int blocksize = 0; + __u8 k_ipad[HMAC_BLOCK_SIZE+1]; /* inner padding - key XORd with ipad */ + __u8 k_opad[HMAC_BLOCK_SIZE+1]; /* outer padding - key XORd with opad */ + __u8 *tk = NULL; + + + if(!(cx && key && in && hmac)) { + printk(KERN_ERR "%s: some parameter is null\n",__FUNCTION__); + error = -EINVAL; + goto err; + } + + blocksize = cx->di->blocksize; + + /* If key is longer than 64 bytes, reset it to key=H(key) */ + if (key_len > HMAC_BLOCK_SIZE) { + + tk = kmalloc(blocksize, GFP_KERNEL); + if (!tk) { + printk(KERN_ERR "%s: tk is not allocated\n", __FUNCTION__); + error = -ENOMEM; + goto err; + } + + memset(tk, 0, blocksize); + + DIGEST_NAME(_open)(cx, atomic); + DIGEST_NAME(_update)(cx, key, key_len, atomic); + DIGEST_NAME(_close)(cx, tk, atomic); + key = tk; + key_len = blocksize; + + kfree(tk); + } + + /* + * the HMAC_MD5 transform looks like: + * + * H(K XOR opad, H(K XOR ipad, text)) + * + * where K is an n byte key + * ipad is the byte 0x36 repeated 64 times + * opad is the byte 0x5c repeated 64 times + * and text is the data being protected + */ + + /* start out by storing key in pads */ + memset(k_ipad,0,sizeof(k_ipad)); + memset(k_opad,0,sizeof(k_opad)); + memcpy(k_ipad,key,key_len); + memcpy(k_opad,key,key_len); + + /* XOR key with ipad and opad values */ + for (i=0; i 1999-09-15 for readability purposes, and for + inclusion into the Linux kernel */ + +/* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm + */ + +/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All +rights reserved. + +License to copy and use this software is granted provided that it +is identified as the "RSA Data Security, Inc. MD5 Message-Digest +Algorithm" in all material mentioning or referencing this software +or this function. + +License is also granted to make and use derivative works provided +that such works are identified as "derived from the RSA Data +Security, Inc. MD5 Message-Digest Algorithm" in all material +mentioning or referencing the derived work. + +RSA Data Security, Inc. makes no representations concerning either +the merchantability of this software or the suitability of this +software for any particular purpose. It is provided "as is" +without express or implied warranty of any kind. + +These notices must be retained in any copies of any part of this +documentation and/or software. + */ + +#include +#include +#include + +#include + +#include "md5.h" + +/* Start of Linux Kernel port */ +typedef u32 UINT4; +typedef u8 *POINTER; +#define PROTO_LIST(x) x +#define MD5_memcpy memcpy +#define MD5_memset memset + +/* Encodes input (UINT4) into output (unsigned char). Assumes len is + a multiple of 4. + */ +#if defined(__LITTLE_ENDIAN) +# define Encode memcpy +# define Decode memcpy +#elif defined(__BIG_ENDIAN) +static void Encode (unsigned char *output, + UINT4 *input, + unsigned int len) +{ + unsigned int i; + UINT4 *out = (UINT4 *)output; + len <<= 2; + + for (i = 0; i < len; i++) { + out[i] = cpu_to_le32(input[i]); + } +} + +/* Decodes input (unsigned char) into output (UINT4). Assumes len is + a multiple of 4. + */ +static void Decode (UINT4 *output, + unsigned char *input, + unsigned int len) +{ + unsigned int i; + UINT4 *in = (UINT4 *)input; + len <<= 2; + + for (i = 0; i < len; i++) { + output[i] = le32_to_cpu(in[i]); + } +} + +#else +# error fix +#endif /* __LITTLE_ENDIAN */ +/* End of Linux Kernel port */ + + +/* Constants for MD5Transform routine. + */ +#define S11 7 +#define S12 12 +#define S13 17 +#define S14 22 +#define S21 5 +#define S22 9 +#define S23 14 +#define S24 20 +#define S31 4 +#define S32 11 +#define S33 16 +#define S34 23 +#define S41 6 +#define S42 10 +#define S43 15 +#define S44 21 + +static void MD5Transform PROTO_LIST ((UINT4 [4], const unsigned char [64])); + +static unsigned char PADDING[64] = { + 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 +}; + +/* F, G, H and I are basic MD5 functions. + */ +#define F(x, y, z) (((x) & (y)) | ((~x) & (z))) +#define G(x, y, z) (((x) & (z)) | ((y) & (~z))) +#define H(x, y, z) ((x) ^ (y) ^ (z)) +#define I(x, y, z) ((y) ^ ((x) | (~z))) + +/* ROTATE_LEFT rotates x left n bits. + */ +#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n)))) + +/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4. +Rotation is separate from addition to prevent recomputation. + */ +#define FF(a, b, c, d, x, s, ac) { \ + (a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); \ + (a) = ROTATE_LEFT ((a), (s)); \ + (a) += (b); \ + } +#define GG(a, b, c, d, x, s, ac) { \ + (a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); \ + (a) = ROTATE_LEFT ((a), (s)); \ + (a) += (b); \ + } +#define HH(a, b, c, d, x, s, ac) { \ + (a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); \ + (a) = ROTATE_LEFT ((a), (s)); \ + (a) += (b); \ + } +#define II(a, b, c, d, x, s, ac) { \ + (a) += I ((b), (c), (d)) + (x) + (UINT4)(ac); \ + (a) = ROTATE_LEFT ((a), (s)); \ + (a) += (b); \ + } + +/* MD5 initialization. Begins an MD5 operation, writing a new context. + */ +static void MD5Init (MD5_CTX *context) /* context */ +{ + context->count[0] = context->count[1] = 0; + /* Load magic initialization constants. +*/ + context->state[0] = 0x67452301; + context->state[1] = 0xefcdab89; + context->state[2] = 0x98badcfe; + context->state[3] = 0x10325476; +} + +/* MD5 block update operation. Continues an MD5 message-digest + operation, processing another message block, and updating the + context. + */ +static void MD5Update (MD5_CTX *context, /* context */ + const unsigned char *input, /* input block */ + unsigned int inputLen) /* length of input block */ +{ + unsigned int i, index, partLen; + + /* Compute number of bytes mod 64 */ + index = (unsigned int)((context->count[0] >> 3) & 0x3F); + + /* Update number of bits */ + if ((context->count[0] += ((UINT4)inputLen << 3)) + < ((UINT4)inputLen << 3)) + context->count[1]++; + context->count[1] += ((UINT4)inputLen >> 29); + + partLen = 64 - index; + + /* Transform as many times as possible. +*/ + if (inputLen >= partLen) { + MD5_memcpy + ((POINTER)&context->buffer[index], (POINTER)input, partLen); + MD5Transform (context->state, context->buffer); + + for (i = partLen; i + 63 < inputLen; i += 64) + MD5Transform (context->state, &input[i]); + + index = 0; + } + else + i = 0; + + /* Buffer remaining input */ + MD5_memcpy + ((POINTER)&context->buffer[index], (POINTER)&input[i], + inputLen-i); +} + +/* MD5 finalization. Ends an MD5 message-digest operation, writing the + the message digest and zeroizing the context. + */ +static void MD5Final (unsigned char digest[16], /* message digest */ + MD5_CTX *context) /* context */ +{ + unsigned char bits[8]; + unsigned int index, padLen; + + /* Save number of bits */ + Encode (bits, context->count, 8); + + /* Pad out to 56 mod 64. +*/ + index = (unsigned int)((context->count[0] >> 3) & 0x3f); + padLen = (index < 56) ? (56 - index) : (120 - index); + MD5Update (context, PADDING, padLen); + + /* Append length (before padding) */ + MD5Update (context, bits, 8); + /* Store state in digest */ + Encode (digest, context->state, 16); + + /* Zeroize sensitive information. +*/ + MD5_memset ((POINTER)context, 0, sizeof (*context)); +} + +/* MD5 basic transformation. Transforms state based on block. + */ +static void MD5Transform (UINT4 state[4], + const unsigned char block[64]) +{ + UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16]; + + Decode (x, block, 64); + + /* Round 1 */ + FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */ + FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */ + FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */ + FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */ + FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */ + FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */ + FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */ + FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */ + FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */ + FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */ + FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */ + FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */ + FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */ + FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */ + FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */ + FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */ + + /* Round 2 */ + GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */ + GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */ + GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */ + GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */ + GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */ + GG (d, a, b, c, x[10], S22, 0x2441453); /* 22 */ + GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */ + GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */ + GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */ + GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */ + GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */ + GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */ + GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */ + GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */ + GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */ + GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */ + + /* Round 3 */ + HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */ + HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */ + HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */ + HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */ + HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */ + HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */ + HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */ + HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */ + HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */ + HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */ + HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */ + HH (b, c, d, a, x[ 6], S34, 0x4881d05); /* 44 */ + HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */ + HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */ + HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */ + HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */ + + /* Round 4 */ + II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */ + II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */ + II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */ + II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */ + II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */ + II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */ + II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */ + II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */ + II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */ + II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */ + II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */ + II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */ + II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */ + II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */ + II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */ + II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */ + + state[0] += a; + state[1] += b; + state[2] += c; + state[3] += d; + + /* Zeroize sensitive information. +*/ + MD5_memset ((POINTER)x, 0, sizeof (x)); +} + + diff -Nur linux-2.4.18/crypto/digests/sha1c.c linux-int-2.4.18/crypto/digests/sha1c.c --- linux-2.4.18/crypto/digests/sha1c.c Thu Jan 1 01:00:00 1970 +++ linux-int-2.4.18/crypto/digests/sha1c.c Wed Apr 3 17:28:57 2002 @@ -0,0 +1,187 @@ +/* +Modified for kerneli by Andrew McDonald +from: + +SHA-1 in C +By Steve Reid +100% Public Domain +Available from: +ftp://ftp.zedz.net/pub/crypto/crypto/HASH/sha/sha1.c + +Test Vectors (from FIPS PUB 180-1) +"abc" + A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D +"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" + 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1 +A million repetitions of "a" + 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F +*/ + +#define SHA1HANDSOFF /* Copies data before messing with it. */ + +#include +#include + +struct SHA1_CTX { + unsigned long state[5]; + unsigned long count[2]; + unsigned char buffer[64]; +}; + +static void SHA1Transform(unsigned long state[5], const unsigned char buffer[64]); +static void SHA1Init(struct SHA1_CTX* context); +static void SHA1Update(struct SHA1_CTX* context, const unsigned char* data, + unsigned int len); +static void SHA1Final(unsigned char digest[20], struct SHA1_CTX* context); + +#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits)))) + +/* blk0() and blk() perform the initial expand. */ +/* I got the idea of expanding during the round function from SSLeay */ +#if defined(__LITTLE_ENDIAN) +# define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \ + |(rol(block->l[i],8)&0x00FF00FF)) +#elif defined (__BIG_ENDIAN) +# define blk0(i) block->l[i] +#else +# error fix +#endif /* _ENDIAN */ + +#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \ + ^block->l[(i+2)&15]^block->l[i&15],1)) + +/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */ +#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30); +#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30); +#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30); +#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30); +#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30); + + +/* Hash a single 512-bit block. This is the core of the algorithm. */ + +void SHA1Transform(unsigned long state[5], const unsigned char buffer[64]) +{ + unsigned long a, b, c, d, e; + typedef union { + unsigned char c[64]; + unsigned long l[16]; + } CHAR64LONG16; + CHAR64LONG16* block; +#ifdef SHA1HANDSOFF + static unsigned char workspace[64]; + block = (CHAR64LONG16*)workspace; + memcpy(block, buffer, 64); +#else + block = (CHAR64LONG16*)buffer; +#endif + /* Copy context->state[] to working vars */ + a = state[0]; + b = state[1]; + c = state[2]; + d = state[3]; + e = state[4]; + /* 4 rounds of 20 operations each. Loop unrolled. */ + R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); + R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); + R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); + R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); + R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); + R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); + R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); + R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); + R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); + R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); + R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); + R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); + R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); + R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); + R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); + R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); + R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); + R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); + R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); + R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); + /* Add the working vars back into context.state[] */ + state[0] += a; + state[1] += b; + state[2] += c; + state[3] += d; + state[4] += e; + /* Wipe variables */ + a = b = c = d = e = 0; +} + + +/* SHA1Init - Initialize new context */ + +void SHA1Init(struct SHA1_CTX* context) +{ + /* SHA1 initialization constants */ + context->state[0] = 0x67452301; + context->state[1] = 0xEFCDAB89; + context->state[2] = 0x98BADCFE; + context->state[3] = 0x10325476; + context->state[4] = 0xC3D2E1F0; + context->count[0] = context->count[1] = 0; +} + + +/* Run your data through this. */ + +void SHA1Update(struct SHA1_CTX* context, const unsigned char* data, unsigned int len) +{ + unsigned int i, j; + + j = (context->count[0] >> 3) & 63; + if ((context->count[0] += len << 3) < (len << 3)) context->count[1]++; + context->count[1] += (len >> 29); + if ((j + len) > 63) { + memcpy(&context->buffer[j], data, (i = 64-j)); + SHA1Transform(context->state, context->buffer); + for ( ; i + 63 < len; i += 64) { + SHA1Transform(context->state, &data[i]); + } + j = 0; + } + else i = 0; + memcpy(&context->buffer[j], &data[i], len - i); +} + + +/* Add padding and return the message digest. */ + +void SHA1Final(unsigned char digest[20], struct SHA1_CTX* context) +{ + unsigned long i, j; + unsigned char finalcount[8]; + + for (i = 0; i < 8; i++) { + finalcount[i] = (unsigned char)((context->count[(i >= 4 ? 0 : 1)] + >> ((3-(i & 3)) * 8) ) & 255); + /* Endian independent */ + } + SHA1Update(context, (unsigned char *)"\200", 1); + while ((context->count[0] & 504) != 448) { + SHA1Update(context, (unsigned char *)"\0", 1); + } + SHA1Update(context, finalcount, 8); /* Should cause a SHA1Transform() */ + for (i = 0; i < 20; i++) { + digest[i] = (unsigned char) + ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255); + } + /* Wipe variables */ + i = j = 0; + memset(context->buffer, 0, 64); + memset(context->state, 0, 20); + memset(context->count, 0, 8); + memset(&finalcount, 0, 8); +#ifdef SHA1HANDSOFF /* make SHA1Transform overwrite it's own static vars */ + SHA1Transform(context->state, context->buffer); +#endif +} + + + + + diff -Nur linux-2.4.18/include/linux/crypto.h linux-int-2.4.18/include/linux/crypto.h --- linux-2.4.18/include/linux/crypto.h Thu Jan 1 01:00:00 1970 +++ linux-int-2.4.18/include/linux/crypto.h Wed Apr 3 17:28:57 2002 @@ -0,0 +1,314 @@ +#ifndef _LINUX_CRYPTO_H_ +#define _LINUX_CRYPTO_H_ + +/* + * include/linux/crypto.h + * + * Written by Alexander Kjeldaas 1998-10-13 + * + * Copyright 1998 by Alexander Kjeldaas. This code is licensed under + * an X11-like license. See LICENSE.crypto for details. + * + */ + +#define TRANSFORM_DIGEST 0 +#define TRANSFORM_CIPHER 1 +#define MAX_TRANSFORM 2 + +#define CIPHER_MODES 0xFFFF0000 /* used to mask the mode *\ + * part of the cipher id */ +#define CIPHER_MODE_ECB 0x00000000 +#define CIPHER_MODE_CBC 0x00010000 +#define CIPHER_MODE_CTR 0x00020000 /* not implemented yet */ +#define CIPHER_MODE_CFB 0x00030000 + +/* Allowed keysizes: This is just a set of commonly found values. If + * you need additional ones, you can place them here. Note that + * CIPHER_KEY_ANY really means _any_ key length (that is a multiple of + * 8 bits, just limited by MAX_KEY_SIZE*32. This is not important now, + * but might become so if we choose to support keylengths greater than + * 256 bits. There are many ciphers that can take keys that are longer + * (e.g. blowfish: 448 bits). If you want to say all key lengths up to + * 256, play safe and use 0xFFFFFFFF-1 as keysize_mask. + * CIPHER_KEYSIZE_NONE means that the cipher does not expect a key. It + * is only used for 'none' encryption. + */ + +#define CIPHER_KEYSIZE_ANY 0xFFFFFFFF +#define CIPHER_KEYSIZE_NONE 0x00000000 + +#define CIPHER_KEYSIZE_40 0x00000010 +#define CIPHER_KEYSIZE_56 0x00000040 +#define CIPHER_KEYSIZE_64 0x00000080 +#define CIPHER_KEYSIZE_80 0x00000200 +#define CIPHER_KEYSIZE_96 0x00000800 +#define CIPHER_KEYSIZE_112 0x00002000 +#define CIPHER_KEYSIZE_128 0x00008000 +#define CIPHER_KEYSIZE_160 0x00080000 +#define CIPHER_KEYSIZE_168 0x00100000 +#define CIPHER_KEYSIZE_192 0x00800000 +#define CIPHER_KEYSIZE_256 0x80000000 + +#define CRYPTOLOOP_SET_DEBUG 0X4CFD +#define CRYPTOLOOP_SET_BLKSIZE 0X4CFC + +#ifdef __KERNEL__ + +#include +#include +#include +#include +#include +#include +#include + +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,3,0) +# ifndef __exit +# define __exit +# endif +#endif + +/* A transform group is a group of transforms that behave in a similar + * fashion */ + +struct transform_group { + int tg_id; + char *tg_name; /* "cipher" or "digest" */ + rwlock_t tg_lock; + struct list_head *tg_head; +#ifdef CONFIG_PROC_FS + struct proc_dir_entry *tg_proc_parent_dir; + int (*read_proc)(char *page, char **start, off_t off, + int count, int *eof, void *data); +#endif +}; + +/* A transform is something that can be found by id or name. Ciphers + and digests are types of transforms. */ + +struct transform_implementation { + struct list_head t_list; + int t_flags; + char *t_name; + int t_atomicapi; + struct transform_group *t_group; +#ifdef CONFIG_PROC_FS + /* keep track of the allocated proc_dir_entry */ + struct proc_dir_entry *t_proc; +#endif +}; + +/* Cipher data structures */ + +struct cipher_context; + +typedef int (*cipher_trans_proc)(struct cipher_context *cx, const u8 *in, u8 *out, + int size); + +typedef int (*cipher_trans_proc_iv)(struct cipher_context *cx, const u8 *in, u8 *out, + int size, const u8 *iv); + +struct cipher_implementation { + struct transform_implementation trans; + int blocksize; /* in bytes */ + int ivsize; /* in bytes */ + int key_schedule_size; /* in bytes. 0 if the schedule size is + variable. */ + u32 key_size_mask; /* bit 0 set = 8 bit, ... , + * bit 31 set = 256 bit */ + + /* + * Encrypt the plaintext pointed to by "in". Write output to + * "out". Size of plaintext is "size". Output buffer must be + * able to hold "size" bytes plus padding necessary to make it + * a multiple of the cipher blocksize. size <= 0 is + * undefined. Returns 0 on success, non-zero on + * failure. + * + * encrypt - Function might sleep. This function will + * always exist. + + * encrypt_atomic - Will never sleep + always SW implementation. + * This function will exist if atomicapi==1 was + * set in find_cipher_by_name where this + * cipher_implementation was returned. + */ + cipher_trans_proc encrypt; + cipher_trans_proc encrypt_atomic; + + cipher_trans_proc_iv encrypt_iv; + cipher_trans_proc_iv encrypt_atomic_iv; + + /* + * Decrypt the ciphertext pointed to by "in". Write output to + * "out". Size of plaintext is "size". Input buffer is "size" + * bytes plus padding necessary to make it a multiple of the + * cipher blocksize. size <= 0 is undefined. Returns 0 on + * success, non-zero on failure. + * + */ + cipher_trans_proc decrypt; + cipher_trans_proc decrypt_atomic; + + cipher_trans_proc_iv decrypt_iv; + cipher_trans_proc_iv decrypt_atomic_iv; + + /* + * + */ + + int (*set_key)(struct cipher_context *cx, + const u8 *key, int key_len); + + int (*set_key_atomic)(struct cipher_context *cx, + const u8 *key, int key_len); + + /* The following functions are optional. Most ciphers will + * not need to specify them, and a default implementation will + * be used. + */ + + /* Realloc a cipher_context that can hold the key schedule for + * a given key. If no cipher_context is given, allocate a new + * cipher_context. + */ + + struct cipher_context * + (*realloc_context)(struct cipher_context *old_cx, + struct cipher_implementation *ci, + int max_key_len); + void (*wipe_context)(struct cipher_context *cx); + void (*free_context)(struct cipher_context *cx); + + /* lock and unlock manage the module use counts */ + void (*lock)(void); + void (*unlock)(void); + + /* The following functions are used by software + * implementations that wish to provide a single function that + * implements atomic and non-atomic versions of encrypt, + * decrypt, and set_key. If these functions are set, + * register_cipher will provide generic implementations of + * encrypt*, decrypt*, and set_key*. However these functions + * should not be called directly by users since they will only + * exist for software-based cipher implementations. */ + + int (*_encrypt) (struct cipher_context *cx, + const u8 *in, u8 *out, int size, int atomic, + const u8 *iv); + int (*_decrypt)(struct cipher_context *cx, + const u8 *in, u8 *out, int size, int atomic, + const u8 *iv); + int (*_set_key)(struct cipher_context *cx, + const u8 *key, int key_len, int atomic); + +}; + +#define MAX_IV_SIZE 32 /* 32 byte - 256 bit */ + +struct cipher_context { + struct cipher_implementation *ci; + int may_sleep; /* cipher implementation (sw) might sleep */ + int keyinfo_size; /* in bytes - usually equal to + * ci->key_schedule_size. */ + u32 *keyinfo; + int key_length; /* in bytes */ + u8 iv[MAX_IV_SIZE]; /* static IV */ +}; + + +/* Digest data structures */ + +struct digest_context; +struct digest_implementation { + struct transform_implementation trans; + int blocksize; /* in bytes */ + int working_size; /* in bytes */ + + int (*open)(struct digest_context *cx); + int (*open_atomic)(struct digest_context *cx); + + int (*update)(struct digest_context *cx, const u8 *in, int size); + int (*update_atomic)(struct digest_context *cx, const u8 *in, int size); + + int (*digest)(struct digest_context *cx, u8 *out); + int (*digest_atomic)(struct digest_context *cx, u8 *out); + + int (*close)(struct digest_context *cx, u8 *out); + int (*close_atomic)(struct digest_context *cx, u8 *out); + + int (*hmac)(struct digest_context *cx, u8 *key, int key_len, u8 *in, int size, u8 *hmac); + int (*hmac_atomic)(struct digest_context *cx, u8 *key, int key_len, u8 *in, int size, u8 *hmac); + + struct digest_context *(*realloc_context)(struct digest_context *old_cx, struct digest_implementation *ci); + void (*free_context)(struct digest_context *cx); + + /* lock and unlock manage the module use counts */ + void (*lock)(void); + void (*unlock)(void); + + /* hook for software implemented digests */ + int (*_open)(struct digest_context *cx, int atomic); + int (*_update)(struct digest_context *cx, const u8 *in, int size, int atomic); + int (*_digest)(struct digest_context *cx, u8 *out, int atomic); + int (*_close)(struct digest_context *cx, u8 *out, int atomic); + int (*_hmac)(struct digest_context *cx, u8 *key, int key_len, u8 *in, int size, u8 *hmac, int atomic); +}; + +struct digest_context { + struct digest_implementation *di; + u32 *digest_info; +}; + + +struct transform_implementation *find_transform_by_name(const char *name, + int tgroup, + int atomicapi); + +static inline struct cipher_implementation * +find_cipher_by_name(const char *name, int atomicapi) +{ + return (struct cipher_implementation *) + find_transform_by_name(name, TRANSFORM_CIPHER, atomicapi); +} + +static inline struct digest_implementation * +find_digest_by_name(const char *name, int atomicapi) +{ + return (struct digest_implementation *) + find_transform_by_name(name, TRANSFORM_DIGEST, atomicapi); +} + +int register_transform(struct transform_implementation *ti, int tgroup); +int register_cipher(struct cipher_implementation *ci); +int register_digest(struct digest_implementation *di); + +int unregister_transform(struct transform_implementation *ti); +int unregister_cipher(struct cipher_implementation *ci); +int unregister_digest(struct digest_implementation *ci); + + +/* Utility macros */ + +#define INIT_CIPHER_BLKOPS(name) \ + _encrypt: name##_encrypt, \ + _decrypt: name##_decrypt + +#define INIT_CIPHER_OPS(name) \ + _set_key: name##_set_key, \ + lock: name##_lock, \ + unlock: name##_unlock + +#define INIT_DIGEST_OPS(name) \ + _open: name##_open, \ + _update: name##_update, \ + _digest: name##_digest, \ + _close: name##_close, \ + _hmac: name##_hmac, \ + lock: name##_lock, \ + unlock: name##_unlock + +#endif /* __KERNEL__ */ +#endif /* _LINUX_CRYPTO_H_ */ + +/* eof */ diff -Nur linux-2.4.18/include/linux/wordops.h linux-int-2.4.18/include/linux/wordops.h --- linux-2.4.18/include/linux/wordops.h Thu Jan 1 01:00:00 1970 +++ linux-int-2.4.18/include/linux/wordops.h Wed Apr 3 17:28:57 2002 @@ -0,0 +1,26 @@ +#ifndef _LINUX_WORDOPS_H_ +#define _LINUX_WORDOPS_H_ + +#include + +static inline +u32 generic_rotr32 (const u32 x, const unsigned bits) +{ + const unsigned n = bits % 32; + return (x >> n) | (x << (32 - n)); +} + +static inline +u32 generic_rotl32 (const u32 x, const unsigned bits) +{ + const unsigned n = bits % 32; + return (x << n) | (x >> (32 - n)); +} + +#if 0 +#define generic_rotr32(x, n) (((x) >> ((int)(n))) | ((x) << (32 - (int)(n)))) +#define generic_rotl32(x, n) (((x) << ((int)(n))) | ((x) >> (32 - (int)(n)))) +#include +#endif + +#endif /* _LINUX_WORDOPS_H_ */