diff -urN lin.2.2.17/Documentation/Configure.help int.2.2.17.x/Documentation/Configure.help --- lin.2.2.17/Documentation/Configure.help Thu Sep 14 18:18:20 2000 +++ int.2.2.17.x/Documentation/Configure.help Sat Oct 14 00:48:17 2000 @@ -237,13 +237,13 @@ bits of, say, a sound file). This is also safe if the file resides on a remote file server. If you want to do this, you will first have to acquire and install a kernel patch from - ftp://ftp.replay.com/pub/crypto/linux/all or - ftp://verden.pvv.org/pub/linux/kerneli/v2.1/, and then you need to - say Y to this option. + ftp://ftp.zedz.com/pub/crypto/linux/all or + ftp://ftp.kernel.org/pub/linux/kernel/crypto/v2.2/, and then you need + to say Y to this option. Note that alternative ways to use encrypted filesystems are provided by the cfs package, which can be gotten via FTP (user: anonymous) - from ftp://ftp.replay.com/pub/crypto/disk/, and the newer tcfs + from ftp://ftp.zedz.com/pub/crypto/disk/, and the newer tcfs package, available at http://tcfs.dia.unisa.it/. You do not need to say Y here if you want to use one of these. However, using cfs requires saying Y to "NFS filesystem support" below while using tcfs @@ -263,6 +263,374 @@ called loop.o. Most users will answer N here. + +Use relative block numbers as basis for transfer functions +CONFIG_BLK_DEV_LOOP_USE_REL_BLOCK + [1999-06-25] + If you don't use relative block numbers for the transfer functions, + you will not be able to restore a backup of your loop device without + restoring the file to _exactly_ the same blocks on disk as they used + to be on. This is especially bad when the transfer function is a + cipher since there will be no way to decipher the original + file-system. + +General encryption support (EXPERIMENTAL)' +CONFIG_BLK_DEV_LOOP_GEN + [1998-12-02] + If you answer yes to this option, the loop-driver will support all + crypto algorithms selected in the crypto library (see the 'Crypto' + menu entry in the main menu). + + This loop module will use the ciphers in CBC-mode which is more + secure than ECB-mode. This module will also initialize the CBC-mode + of the cipher with the block-number of the block being encrypted. + +Crypto ciphers +CONFIG_CIPHERS + Ciphers basically help us scramble data so that other people don't + get access to it. Useful applications for this include hiding hard + drive contents or network traffic from unauthorized eyes. Compare a + file encrypted with a cipher with very good safe: The document is in + it, you can carry the document with you (if the safe is not too + heavy), but others can steal it, too. However, they will not be able + to read the document if the safe is any good. + + Mathematically speaking, a cipher is a parameter-dependant function + E(K, ) that takes a fixed-length block M (usually 64 or 128 bits) + and maps it onto another (usually equal-sized) block C=E(K,M) in such + a way that, without knowledge of the "key" K, it is hard to compute + + 1. M, if C and the function E are given, + + 2. C, if M is given and the function E is known. + + M is called the 'plaintext' and C the 'ciphertext'. The above + properties are commonly described as "All the security of the cipher + lies in its key". However, there always exists the inverse function + D(K, ) of E(K, ) such that D(K,E(K,M))=M for any M. The ideal + cipher is one where it is impossible to compute M if you have C, but + not K. In this case, the easiest way to break the cipher is to use + 'brute-force', i.e. try all K in turn until you hit the right + one. With most ciphers in this library, K is a 128-bit number. Here, + brute-force attacks are infeasible since they require testing all + 2^128 possible keys K, which would take far too long on any + conceivable computer (some big multiple of the age of the universe + for example). + + Unfortunately, the ideal cipher has not been found yet, so most + ciphers in this library, or certain 'reduced-round' versions + thereof, can be broken faster than brute-force. A cipher is secure, + if it cannot be broken _much_ faster than brute-force and + brute-force is infeasible. + + If you say 'Y' or 'M' here, you are able to select a variety of + ciphers for the Cipher-API. Ciphers you select below can then be + used by cryptographic kernel modules. If you say 'N' here, those + modules will use their own implementations or even not work at all. + + If unsure, say 'N'. + + +Digest algorithms +CONFIG_DIGEST + A message digest (or 'one-way function' or 'hash') is a function H + that maps an arbitrary-length message M onto a 128-bit or 160-bit + number h=H(M) such that the following conditions are satisfied: + + 1. For a given M, it is easy to compute h=H(M). + + 2. For a given h, it is hard to find M such that h=H(M). + + 3. For a given M, it is hard to find another message M' such that + H(M')=H(M). + + 4. It is hard to find M, M' such that H(M)=H(M'). + + This makes the name 'one-way function' plausible. Hashes are widely + used by cryptographic programs. E.g. the Linux kernel uses a hash to + generate random numbers. + +# Marc Mutz : this will be the help text, once this +# functionality is in place: +# If you say 'Y' here and select the SHA-1 message digest below, +# then the drivers for /dev/random and /dev/urandom will use the +# digest api instead of their own implementation. This will not work +# if you build as modules. +# + If you say 'Y' or 'M' here, cryptographic modules are able to use + the Digest-API if they need a hash function. If you say 'N' here, + they will use their own implementations (which will probably + increase the size of the compiled kernel if there are more than one + such modules). + + If unsure, say 'N'. + +AES cipher (EXPERIMENTAL - Read Help) +CONFIG_CIPHER_AES + [2000-10-04] + DESCRIPTION: + AES (Advanced Encryption Standard) is a proposed Federal Information + Processing Standard (FIPS) of the USA. Nevertheless, it was + conceived by Joan Daemon and Vincent Rijmen, two Belgians, under the + name Rijndael and submitted to the AES selection process in 1997 + (http://www.nist.gov/aes). On Oct 2, 2000 it was announced as being + the selected algorithm for the AES. + + Rijndael is a variable-round iterated block cipher that supports + block and key sizes each ranging from 128 to 256 bits, in steps of + 64. The number of rounds is dependant on the block and key sizes and + varies from 10 for 128/128 to 14 for 256/256 block/key sizes. + + SPPED: N/A + + PATENTS and LICENSING: + Rijndeal/AES is free of patents. As beign AES, NIST will ensure that + this will stay so. + + KNOWN ATTACKS: + None of the following attacks is able to undermine the security of + AES, when used with the round numbers specified by the authors. + + The original Rijndael specification contains a truncated + differential attack on 4,5 resp. 6 round versions ("Square attack") + requiring 2^9, 2^11 resp. 2^32 plaintexts and 2^9, 2^40 resp. 2^72 + work. There is another truncated differential attack that leads to a + collision attack on 7 round 192 and 256 bit keysize Rijndael + requiring 2^32 plaintext encryptions and 2^140 work. Other authors + extend the original Square attack to 7 rounds of 192 and 256 bit + keysize, both with more that 2^184 work. Further improvements of + these techniques result in attacks against 7 and 8 round + variants. But the latter require almost all of the codebook. At + last, there is a related key attack against 9 round, 256 bit keysize + Rijndael that requires 2^77 chosen plaintexts and 2^224 work. + +AES available under the Rijndael name +CONFIG_CIPHER_RIJNDAEL + If you say 'Y' here, AES will be also accessible through its + original name Rijndael. This is mostly for backwards compatibilty. + If you use kernel modules that use Rijndael, but do not know that it + is now called AES, say 'Y' here. + + If unsure, say 'N'. + +DFC encryption (EXPERIMENTAL - Read Help) +CONFIG_CIPHER_DFC + [2000-09-13] + DESCRIPTION: + DFC (The Decorrelated Fast Cipher) from CNRS and France Telecom is a + candidate algorithm for the Advanced Encryption Standard (AES). + It didn't survive the first round of the AES selection, i.e. it is + not one of the five remaining algorithms in AES round two. + + SPEED: N/A + + PATENTS and LICENSING: + It is unknown (to me) whether DFC is covered by patents. + + KNOWN ATTACKS: + I don't know of any attacks, but the problem with this cipher is + that it was thrown out of the AES competition. This may not mean it + is a bad cipher, but it certainly means that therefore it has gotten + _much_ less attention of cryptanalysts. Hence, there may be more + flaws in it than in the AES finalists. + +MARS encryption (EXPERIMENTAL - Read Help) +CONFIG_CIPHER_MARS + [2000-09-13] + DESCRIPTION: + MARS was IBM's candidate algorithm for the Advanded Encryption + Standard (AES). It consists of 16 core rounds and eight pre-mixing + as well as eight post-mixing rounds. + + PATENTS and LICENSING: + Refer to IBM for any copyright, patent or license issues for the + MARS algorithm. (However, if this cipher is elected as AES, it has + to remain/become free for everyone to use) + NOTE: MARS is covered by patents and might be illegal to use in many + cases. + + SPEED: + MARS is a fast algorithm achieving speeds up to 66Mbit on a Pentium + Pro 200. + + KNOWN ATTACKS: + As of the Third AES Candidate Conference (Apr. 2000), the best + attack presented breaks 11 of the 16 core rounds of MARS faster than + brute-force. This does _not_ mean that MARS is insecure, but shows + it has design weaknesses. For more information and pointers see + http://www.counterpane.com/crypto-gram-0004.html#AES-News + + +RC6 encryption (EXPERIMENTAL - Read Help) +CONFIG_CIPHER_RC6 + [2000-09-13] + DESCRIPTION: + RC6 is invented by Ron Rivest and RSA Labs. It was one of the five + candidates in round two for the Advanced Encryption Standard (AES). + + PATENTS and LICENSING: + Refer to RSA Labs and Ron Rivest for any copyright, patent or + license issues for the RC6 algorithm. + NOTE: RC6 is covered by patents and might be illegal to use in many + cases. + + SPEED: + RC6 is a simple and fast algorithm achieving speeds up to 88Mbit on + a Pentium Pro 200. It makes use of multiplication and + data-dependent rotations which reduces the number of rounds + necessary and increases its speed (on processors which have fast + muliplies). + + KNOWN ATTACKS: + As of the Third AES Candidate Conference (Apr. 2000), 15 of the 20 + rounds of RC6 can be broken faster than brute-force. This does _not_ + mean that RC6 is insecure, but shows it has design weaknesses. For + more information and pointers see + http://www.counterpane.com/crypto-gram-0004.html#AES-News + +Serpent encryption +CONFIG_CIPHER_SERPENT + [1998-10-13] + DESCRIPTION: + Serpent is a 128-bit block cipher designed by Ross Anderson, Eli + Biham and Lars Knudsen as a candidate for the Advanced Encryption + Standard (AES, see http://www.nist.gov/aes). It was one of the five + finalists after round two of the AES candidate search. Serpent + provides users with the highest practical level of assurance that no + shortcut attack will be found. To achieve this, the algorithm uses + well understood mechanisms so that its security relies on the wide + experience of block cipher cryptoanalysis. The algorithm uses twice + as many rounds as are necessary to block all currently known + shortcut attacks. The algorithm is designed to have a service life + of 50 years and to continue to protect legacy data for a further 50 + years beyond that. + + SPEED: + Despite these exacting design constraints, Serpent is faster than + DES. Its design supports a very efficient bitslice implementation, + and this implementation runs at almost 25 Mbit/sec on a + 200MHz Pentium (compared with about 15 Mbit/sec for DES). However, + compared to competitors for AES left in round two, it is painfully + slow to implement in software. + + PATENTS and LICENSING: + Serpent is completely in the public domain, and no restrictions are + imposed on its use. + + KNOWN ATTACKS: + As of the Third AES Candidate Conference (Apr. 2000), 9 of the 32 + rounds of Serpent can be broken faster than brute-force. This does + _not_ mean that Serpent is insecure, but shows it has design + weaknesses. For more information and pointers see + http://www.counterpane.com/crypto-gram-0004.html#AES-News + + More information about Serpent: + http://www.cl.cam.ac.uk/~rja14/serpent.html + + More information about the implementation: + http://www.seven77.demon.co.uk/crypto_technology.htm + +CAST 128 encryption +CONFIG_BLK_DEV_LOOP_CAST + This module implements CAST-128. The algorithm + was published in RFC 2144 as a proposed Internet standard, and is + from Entrust (http://www.entrust.com/) a Canadian company. + + This loop module uses the weak ECB-mode which means that it is more + open to certain attacks than CBC-mode ciphers. + +IDEA encryption +CONFIG_CIPHER_IDEA + [2000-09-13] + DESCRIPTION: + IDEA is a 64-bit block cipher designed by Xuejia Lai and James + Massey in 1992. It uses a 128-bit key and eight rounds with a round + function that mixes three---generally incompatible---algebraic + groups: XOR, addition mod 2^16 and multiplication mod 2^16-1. + + SPEED: + IDEA should be quite fast on CPU's that have a fast multiplication + instruction (beware that the Pentium IV processor is quite poorly + equipped in this area w.r.t its predecessors). + + PATENTS and LICENSING: + The IDEA code is mostly from ASCOM (http://www.ascom.com/) and + licensed for non-commercial use. + + This module may contain algorithms which are patented, and/or + require licensing for commerical use. Please read crypto/idea.c for + details. + + KNOWN ATTACKS: + As of 1995, the most successful attack broke two of the eight rounds + of IDEA. Since then, I strongly believe in the existence of better + attacks, but you should search the literature to be sure. + +MD5 digest (EXPERIMENTAL) +CONFIG_DIGEST_MD5 + [2000-09-13] + MD5 once was the most widely used hash function, until it was shown + that MD5 is not collision-resistant, i.e., you can find messages M, + M', such that MD5(M)=MD5(M') faster than brute-force. This is called + a "birthday attack", named after the birthday paradox. Although this + is not a security problem per se, it is still something a + cryptographically strong hash function should not exhibit. + + Don't use MD5 anymore, except to support legacy applications (of + which there should not be too many, since the digest API is + relatively new) and for fingerprinting files, something that was + better done in user space. + +SHA1 digest (EXPERIMENTAL) +CONFIG_DIGEST_SHA1 + [2000-09-13] + SHA-1 is currently the most widely deployed hash function. Although + designed by the NSA it is generally believed to not contain back + doors and be the most secure message digest available today. If you + want to use a cryptographically secure hash function, use SHA-1. + +Twofish encryption (only as module) +CONFIG_BLK_DEV_LOOP_FISH2 + DESCRIPTION: + Twofish is a quite new algorithm invented by Bruce Schneier, Doug + Whiting, John Kelsey, Chris Hall and David Wagner, for more + information see http://www.counterpane.com/twofish.html. It is one of + the remaining five candidates for the Advanced Encryption + Standard (AES). Blowfish is the older algorithm and was also + invented by Bruce Schneier. + + SPEED: N/A + + PATENTS and LICENSING: + Both algorithms are free of licensing charges at the moment. Twofish + must remain so if it is elected as AES winner. + + KNOWN ATTACKS: + to be written + + This module operates twofish in CBC-mode + +Blowfish encryption (EXPERIMENTAL) +CONFIG_CIPHER_BLOWFISH + [2000-09-13] + DESCRIPTION: + Blowfish is an algorithm invented by Bruce Schneier. For more + information about the algorithm see + http://www.counterpane.com/blowfish.html or see Schneier's book + "Applied Cryptography", chapter 13.4. Twofish is the newer algorithm + and was also invented by Bruce Schneier (et al.). + + SPEED: + Blowfish is a very efficient cipher on 32-bit microprocessors. In + fact, I guess it is the fastest available for the Linux Crypto API + as of now. Definitive figures should be added here... + + PATENTS and LICENSEING: + Blowfish is free of patents and licensing charges and Schneier says + it will stay that way. + + KNOWN ATTACKS: + to be written Network Block Device support CONFIG_BLK_DEV_NBD diff -urN lin.2.2.17/Documentation/crypto/00-INDEX int.2.2.17.x/Documentation/crypto/00-INDEX --- lin.2.2.17/Documentation/crypto/00-INDEX Thu Jan 1 01:00:00 1970 +++ int.2.2.17.x/Documentation/crypto/00-INDEX Sat Oct 14 00:48:17 2000 @@ -0,0 +1,24 @@ +This directory contains patches and documentation to code in the kernel that +contains crypto + - Alexander Kjeldaas + +ENskip-patch + - Patch for ENskip-0.67 for Linux 2.1.118 and glibc. + By Bob Tracy . + +I am trying to update some of this.... + - 22.05.2000 - Hauke Johannknecht + +util-linux is at 2.10o now and can be found at: + ftp://ftp.win.tue.nl/pub/linux/utils/util-linux/ + +util-linux-2.10o.int.patch + the main diff seems to be they merged losetup and lomount ... + +util-linux-2.10m.getpass.diff + modifies losetup to accept the key on the command-line via + an added "-k" switch. + This is insecure and pure evil. [tm] + Could someone add the -pass stuff from openssl to losetup ? + + diff -urN lin.2.2.17/Documentation/crypto/ChangeLog int.2.2.17.x/Documentation/crypto/ChangeLog --- lin.2.2.17/Documentation/crypto/ChangeLog Thu Jan 1 01:00:00 1970 +++ int.2.2.17.x/Documentation/crypto/ChangeLog Sat Oct 14 03:38:50 2000 @@ -0,0 +1,648 @@ +2000-10-14 Alexander Kjeldaas + + * International kernel patch 2.2.17.8 released. + + * Configure.help updates with the AES results. Patch from Marc + Mutz + + * Cipher list in config organized according to block-size with AES + at the top. Patch from Marc Mutz + + * The set of allowed key-sizes for a cipher is now exported as a + mask in /proc. Constants for allowd key-sizes are defined in + crypto.h. Patch from Marc Mutz + + * Ability to build cryptoapi.c as a module was missing from + Config.in. Fixed. + + * DEFINE_{DIGEST,CIPHER} et. al. removed and replaced by explicit + struct {digest,cipher}_implementation initializations making the + code more readable. + + * API change. Encryp/Decrypt now accepts any input/output byte + count. + + * gen-cbc.h changed to allow any input-size for encryption, or + output-size for decryption. When encrypting large blocks, + gen-cbc.h will now sleep (you can play music while using an + encrypted file-system). Added gen-ecb.h which implements the same + for ECB mode. All ciphers changed to use gen-ecb.h to implement + their ECB mode. + + * Removed old cruft (crypto/cipherapi.c crypto/digestapi.c) + + * crypto/cryptoapi.c implementation made simpler. + + * Crypto API functions are documented in kernel-doc style. + + * crypto/testing updates. digesttest now compiles. A lot of + duplicated functions are now available in misc.c. None of the + programs include glibc headers any more, all necessary functions + are declared in libcfuncs.h. New program "testapi" for testing + that a cipher deals with the new API. + +2000-10-03 Alexander Kjeldaas + + * International kernel patch 2.2.17.7 released. + + * speed.c cleanups. + + * The crypto API now compiles when proc support has been disabled. + + * AES cipher added. The AES cipher is implemented by the rijndael + module, but with a separate cipher id/name. + + * Updated Rijndael implementation from Brian Gladman merged. + + * ECB testvectors for rijndael from the AES submission added. + +2000-09-28 Alexander Kjeldaas + + * International kernel patch 2.2.17.6 released. + + * Twofish implementation added. Patch from Marc Mutz + . + + * loop_gen.c cleanups + plugged memory leak by Marc Mutz + . + + * Configure.help updates. Patch from Marc Mutz + + * New script crypto/testing/aes-test from Marc Mutz tests ciphers + based on the known-answer test values in NIST format. + + * crypto/testing/speed.c used weak DES-keys for speed-testing. + Fixed by patch from Gisle Sælensminde . + +2000-09-25 Alexander Kjeldaas + + * International kernel patch 2.2.17.5 released. + + * Update ChangeLog :-) + + * International kernel patch 2.2.17.4 released. + + * Configure.help updates from Marc Mutz + + * Changed ripe-md160 implementation in the util-linux patch + because of license worries. Now uses GnuPG implementation. Patch + from Marc Mutz . + + * util-linux patch can now create more than 160 bits of enthropy + for the 3des cipher by first hashing the passphrase, and then + hashing the passphrase prepended by the character "A". Patch from + Gisle Sælensminde . + + * rijndael3.c updates from Marc Mutz should get + this cipher working again. + +2000-09-19 Alexander Kjeldaas + + * International kernel patch 2.2.17.3 released. + + * Some changes were made to crypto/testing/speed.c to make it + compile again after the crypto API changes. + + * des_ede3.c updates from Gisle Sælensminde + containing updated docs on weak/semi-weak keys and how they are + handled, some code updates, and testvectors for 3des. + + * Received Configure.help updates from Marc Mutz + including the AES status of various ciphers and their best known + attacks. + +2000-09-15 Alexander Kjeldaas + + * International kernel patch 2.2.17.2 released. + + * Added 3DES (DES_EDE3) cipher from Gisle Sælensminde + . The implementation is based on the + DES-implementation already in kerneli so at this point it's not + very fast. + +2000-09-14 Alexander Kjeldaas + + * International kernel patch 2.2.17.1 released. + + * New util-linux-2.10m.getpass.diff from Hauke Johannknecht + that some might want to use. Adds a -k option + to losetup. Not for the security-conscious, but some might want + to use it. + +2000-08-04 Alexander Kjeldaas + + * International kernel patch 2.2.16.9 released. + + * Fixed gcc 2.9x compile failure of the loop_cast.c module (patch + by Sverker Wiberg ). + +2000-08-02 Alexander Kjeldaas + + * International kernel patch 2.2.16.8 released. + + * Fixed SMP compile bug. + +2000-07-17 Alexander Kjeldaas + + * International kernel patch 2.2.16.7 released. + + * Merged some bug-fixes from 2.4.0test2.1 patch. + +2000-07-10 Alexander Kjeldaas + + * International kernel patch 2.2.16.6 released. + + * Small annoyance when using "make xconfig" fixed by + Andreas Steinmetz + +2000-07-03 Alexander Kjeldaas + + * International kernel patch 2.2.16.5 released. + + * Removed {un,}lock_cipher, {un,}lock_digest functions. Use + {digest,cipher}_implementation->{un,}lock() directly instead. + + * Stopped using linux/lists.h which is depreciated. + + * Merged crypto/cipherapi.c and crypto/digestapi.c into single + interface cryptoapi.c, saving 4k. Cipher- and digest algorithms + are now subclasses of a "transform". The old interface is still + supported for the most part. + + * Changed encrypt/decrypt interfaces to use byte-pointers instead + of int32-pointers. This means that the ciphers should start being + endian-aware. + +2000-06-27 Alexander Kjeldaas + + * International kernel patch 2.2.16.4 released. + * Fixed build bug that prevented digestapi.c from being built for + kernels with modules disabled. Fix by + Andreas Steinmetz + +2000-06-19 Alexander Kjeldaas + + * International kernel patch 2.2.16.3 released. + * Changed generic_rotl and generic_rotr to be macros instead of + inline functions. Gcc uses an extra register with the inline + functions (noted by Gisle Sælensminde). + * Fixed bug in Makefile for SHA1 digest (noted by Walter Hofmann + ). + +2000-06-19 Gisle Sælensminde + + * Further serpent implementation optimization. + +2000-06-14 Alexander Kjeldaas + + * International kernel patch 2.2.16.2 released. + * Fixed bug in md5c.c:Decode for big-endian machines. Noted by + David Kuestler . + +2000-06-14 Gisle Sælensminde + + * Faster serpent implementation based on optimized pentium-sboxes + made by Dag Arne Osvik. + +2000-06-14 Hauke Johannknecht + + * Documentation updates (replay.com -> zedz.com) + * Added util-linux-2.10m.int.patch + +2000-06-14 Alexander Kjeldaas + + * International kernel patch 2.2.16.1 released. + * International kernel patch 2.2.15.1 released. + +2000-02-18 Alexander Kjeldaas + + * International kernel patch 2.2.14.1 released. + +1999-11-23 Alexander Kjeldaas + + * International kernel patch 2.2.13.3 released. + + * Minor tweak to make sure the FreeSWAN 1.1 release patches cleanly. + +1999-11-23 Andrew McDonald + + * SHA1 implementation for the digest API added (based on the + public domain code by Steve Reid and the md5glue code). + + * Added a digest algorithm test program in linux/crypto/testing/ + + * FIX: The blowfish module claimed to have a 128-bit (16 byte) + blocksize and IV. The correct number is of course 64-bit. + + * FIX: The working size for MD5 was wrong (too little memory was + allocated). + +1999-10-25 Alexander Kjeldaas + + * International kernel patch 2.2.13.2 released. + + * Compile fix for MD5 by Hermann Schichl + +1999-10-20 Alexander Kjeldaas + + * International kernel patch 2.2.13.1 released. + + * New upstream kernel release. + +1999-09-15 Alexander Kjeldaas + + * International kernel patch 2.2.12.2 released. + + * Digest API mirroring the cipher API added. Contributed by Alan + Smithee. + + * MD5 digest algorithm added. + +1999-09-08 Alexander Kjeldaas + + * International kernel patch 2.2.12.1 released. + +1999-09-06 Alexander Kjeldaas + + * Updated util-linux patch in Documentation/crypto and removed + some patches that nobody uses. + +1999-08-12 Alexander Kjeldaas + + * International kernel patch 2.2.11.2 released. + + * CIPE can only be built as a module, the make config indicated + otherwise. + + * Upgraded to CIPE 1.3.0 + + * International kernel patch 2.2.11.1 released. + + * New upstream kernel release. + +1999-06-24 Alexander Kjeldaas + + * International kernel patch 2.2.10.4 released. + + * Added new config option for using relative block numbers instead + of absolute ones when calling the loop block device's transfer + function. This should fix the #1 issue with using loopback crypto + filesystems. + + * Updated Documentation/Configure.help which had erroneous + CONFIG_XX variables listed for various ciphers [Thanks to Andrew + Pam for spotting this]. + + * Added LO_CRYPT_RIJNDAEL and LO_CRYPT_RC5 variables to + include/linux/loop.h. + + * Updated the faq to mention rijndael and rc5, as well as how to + convert from the old absolute block number stuff to the new + relative one. + +1999-06-24 Alexander Kjeldaas + + * International kernel patch 2.2.10.3 released. + +1999-06-24 Andrew Pam + + * Updated util-linux patch to cover 2.9s + +1999-06-23 Alexander Kjeldaas + + * International kernel patch 2.2.10.2 released. + * Stuff in linux/crypto/testing didn't compile. + +1999-06-19 Pekka Riikonen + + * Added RC5 cipher. + +1999-06-18 Alexander Kjeldaas + + * International kernel patch 2.2.10.1 released. + * ENskip support didn't compile. + +1999-05-21 Alexander Kjeldaas + + * International kernel patch 2.2.9.1 released. + +1998-12-18 Patrice Lacroix + + * Updates to the faq (Documentation/crypto/faq.txt) + +1999-04-15 Alexander Kjeldaas + + * International kernel patch 2.2.5.1 released. + * Merged with kernel 2.2.5 + * New documentation for loopback crypto in + Documentation/crypto/faq.txt + +1999-03-25 Alexander Kjeldaas + + * International kernel patch 2.2.4.1 released. + * Merged with kernel 2.2.4 + +1999-01-29 Alexander Kjeldaas + + * International kernel patch 2.2.1.1 released. + +1998-01-29 Patrice Lacroix + + * /proc/crypto support. + +1999-01-27 Alexander Kjeldaas + + * International kernel patch 2.2.0.2 released. + + * missing #endif in net/ipv4/ip_output.c in latest patch + fixed. Missing #include fixed in crypto.h + +1999-01-26 Alexander Kjeldaas + + * International kernel patch 2.2.0.1 released. + + * Merged Frank Bernard's latest ENskip patches. + +1999-01-18 Alexander Kjeldaas + + * International kernel patch 2.2.0-pre7.4 released. + + * Added cbc-mode to cast256 cipher. + + * Removed spam on unload from crypto modules. + + * Added updated ENskip patches from Frank Bernard's web site: + http://www.linux-firewall.de/enskip/ + + * International kernel patch 2.2.0-pre7.3 released. + + * Added missing cleanup_module to DES, Blowfish and IDEA ciphers. + + * International kernel patch 2.2.0-pre7.2 released. + + * Cleanup in drivers/block/Config.in. It was possible to create + an invalid .config file. + + * Minor crypto/api.c cleanup. + +1999-01-17 Alexander Kjeldaas + + * International kernel patch 2.2.0-pre7.1 released. + + * Added testcip.c - a general purpose cipher test program. Added + test-vector scripts for Blowfish, DES, Mars, and Serpent. + + * Naming error left users unable to compile loop_gen unless it was + compiled as a module. + + * Updated Serpent implementation. Sam Simpson has been running a + background task on a cluster of high performance servers. After a + search involving around 1000 machine hours improved sboxes were + found. + + * Updated RC6 implementation. Supposedly faster. + + * Updated MARS implementation. Fixes a bug in mars_set_key. + +1999-01-07 Alexander Kjeldaas + + * International kernel patch 2.2.0-pre5.1 released. + * Merged with vanilla 2.2.0-pre5 + +1999-01-05 Herbert Valerio Riedel + + * APX fixes. + +1999-01-04 Alexander Kjeldaas + + * International kernel patch 2.2.0-pre4.1 released. + + * Removed obsolete loop_idea.c and loop_blow.c since IDEA and + blowfish algorithms have been added to the crypto library. + + * drivers/block/ll_rw_blk.c: Added loop_gen_init. loop_gen only + worked as a module. + +1998-12-30 Alexander Kjeldaas + + * crypto/testing/speed.c: i386-specific timer-code removed. + + * crypto configuration added for all architectures (previously + only i386 was supported). However, 64-bit and endian issues needs + to be ironed out for a lot of platforms (maybe even i386). + +1998-12-29 Alexander Kjeldaas + + * International kernel patch 2.2.0-pre1.1 released. + * International kernel patch 2.1.131.8 released. + * DES/IDEA compile fixes. + +1998-12-29 Raimar Falke + + * DES cipher added. crypto/testing/speed.c fixes. + +1998-12-18 Alexander Kjeldaas + + * International kernel patch 2.1.131.7 released. + +1998-12-18 Raimar Falke + + * include-fixes for IDEA cipher. + +1998-12-18 Alexander Kjeldaas + + * International kernel patch 2.1.131.6 released. + +1998-12-18 Raimar Falke + + * IDEA cipher added. + +1998-12-18 Patrice Lacroix + + * My latest patch for modular loop encryption. I think everything + is in there. Ciphers are only requested on LOOP_SET_STATUS. Module + count is always right (for what I have tested) and unloading now + works. + +1998-12-17 Alexander Kjeldaas + + * International kernel patch 2.1.131.5 released. + +1998-12-17 Raimar Falke + + * Extracted the blowfish code from loop_blow and made a + cipher-module of it. + +1998-12-17 Alexander Kjeldaas + + * Removed loop_serpent, loop_mars, loop_dfc and loop_rc6 since + their funcionality is available through loop_gen. + +1998-12-16 Alexander Kjeldaas + + * Removed loop_idea from the configuration menus. It hasn't been + converted to the new API. + +1998-12-14 Alexander Kjeldaas + + * Fixes to the rijndael cipher. It builds, but isn't working + properly so it it disabled for the moment. The cipher is from + Dr. Brian Gladman AES + reimplementation project. More information on rijndael: + http://www.esat.kuleuven.ac.be/~rijmen/rijndael/ Rijndael is free. + +1998-12-14 Patrice Lacroix + + * More modular ciphers/loop patches. Cipher locking fixes. + Autoloading of ciphers. More loop and loop_gen integration. + +1998-12-14 Alexander Kjeldaas + + * International kernel patch 2.1.131.4 released. + + * Added util-linux-2.9e patch to Documentation/crypto that makes + all the loopback ciphers available to the losetup utility. + +1998-12-12 Alexander Kjeldaas + + * International kernel patch 2.1.131.3 released. + + * Added the popular CIPE (crypto IP encapsulation) made by + Olaf Titz + + * Previous patch wouldn't build. International kernel patch + 2.1.131.2 released. + +1998-12-11 Alexander Kjeldaas + + * International kernel patch 2.1.131.1 released. + + * Clear sensitive memory before kfree in generel loop module. New + upstream kernel. + +1998-12-11 Patrice Lacroix + + * Modular ciphers + +1998-11-30 Alexander Kjeldaas + + * International kernel patch 2.1.130.1 released. + + * loop-devices other than loop_gen updated to use new interface. + However, the block-number isn't used for anything yet. + + * loop_gen.c: Now we use the ciphers in cbc-mode only. Also, the + IV of the cipher is initialized based on block-number. + + * Added general cbc-mode that is simply #included into the + ciphers. cbc-mode thus added to serpent, mars, rc6 and dfc. + + * Added ivsize to struct cipher_implementation. + + * Added for_each_cipher function + + * Added X11-like license for the crypto-directory. The code might + be useable for other projects as well in the future. [And GPL is + arguable the wrong license for crypto]. + +1998-11-25 Alexander Kjeldaas + + * The crypto api is useable from modules. + + * Fixed a bunch of bugs in loop_gen. I think the oopses are gone. + +1998-11-23 Alexander Kjeldaas + + * International kernel patch 2.1.129.4 released. + + * Added crypto/testing/speed.c to test the speed of the different + crypto algorithms. + + * cast256, crypton, rijndael, safer, and twofish added, but they + are not yet completely ported to the crypto-library. + + * Updated implementations of MARS, DFC, RC6 and SERPENT. + +1998-11-22 Alexander Kjeldaas + + * International kernel patch 2.1.129.3 released. + + * "loop_gen" - skeleton of general loop crypto driver added + + * Made loop-modules for DFC, MARS, and RC6 + + * Added DFC, MARS, and RC6 to crypto library + + * International kernel patch 2.1.129.2 released. + + * Updated documentation to show which loopback modules are ECB + and which are CBC. + + * Kernel crypto library on its way. Serpent is the first member. + + * Changed memcpy to memset in loop_blow.c to close a possible + plaintext leak. + +1998-11-20 Alexander Kjeldaas + + * New upstream kernel release 2.1.129 + +1998-11-13 Alexander Kjeldaas + + * New upstream kernel release 2.1.128 + +1998-11-09 Alexander Kjeldaas + + * New upstream kernel release 2.1.127 + +1998-10-12 Alexander Kjeldaas + + * drivers/block/loop_serpent.c: Made wrapper-module for the + serpent cipher. + + * crypto/serpent.c crypto/serpent_f_box.h}: Added serpent + implementation from Dr. B R Gladman + AES reimplementation project. + + * drivers/block/Config.in: Loopback crypto flagged experimental + +1998-10-09 Alexander Kjeldaas + + * International kernel patch 2.1.125.1 released. + + * New upstream kernel release 2.1.125 + +1998-10-08 Alexander Kjeldaas + + * International kernel patch 2.1.124.2 released. + + * Added Andi Kleene's loop fixes. Updated twofish, blowfish and + cast128 modules to use the new lock/unlock interface. + +1998-10-07 Alexander Kjeldaas + + * Ported loop_cast.c to the new loopback API interface. + + * Blowfish and Twofish can be compiled in instead of being + modules. + + * Added cast and idea to the config-system. + + * Wrote Configure.help entries for the loop crypto patches. + +1998-10-05 Alexander Kjeldaas + + * International kernel patch 2.1.124.1 released. + + * Added cast128 and idea loopback modules from Andrew E. Mileski's + loop-13.tar.gz package. + + * Added latest ENskip patches from Bob Tracy + +1998-10-05 Ingo Rohloff + + * Fixed bug in loop.c regarding handling of calls to + loop_release_xfer() + + * Added modules for blowfish and twofish to the loopback + filesystem diff -urN lin.2.2.17/Documentation/crypto/ENskip-patch int.2.2.17.x/Documentation/crypto/ENskip-patch --- lin.2.2.17/Documentation/crypto/ENskip-patch Thu Jan 1 01:00:00 1970 +++ int.2.2.17.x/Documentation/crypto/ENskip-patch Sat Oct 14 00:48:17 2000 @@ -0,0 +1,943 @@ +--- ENskip-0.67/Makefile.orig Sun May 25 11:04:47 1997 ++++ ENskip-0.67/Makefile Thu Apr 9 16:34:17 1998 +@@ -48,7 +48,8 @@ + FLAGS_linux_KERNEL = -fomit-frame-pointer -fno-strength-reduce -O2 -DKERNEL -D__KERNEL__ -DMODULE -Wall -pipe -I`pwd`/../linux -I/usr/src/linux/include + FLAGS_linux_USER = -g -O2 -Wall -pipe -I/usr/include -I`pwd`/../skipd -I`pwd`/../linux -I/usr/src/linux/include + FLAGS_linux_CERT = $(FLAGS_linux_USER) +-LIBS_linux_USER = ++# Add -lg++ for g++-2.8.1: use of libg++ is deprecated. ++LIBS_linux_USER = -lg++ + + #if you are forced to use the SUN compiler + #DIR_solaris = solaris +--- ENskip-0.67/linux/interface.c.orig Wed Feb 5 15:37:14 1997 ++++ ENskip-0.67/linux/interface.c Tue Aug 18 19:32:44 1998 +@@ -22,13 +22,14 @@ + #include "config.h" + #define __NO_VERSION__ + #include +-#include +-#include +-#include +-#include +-#include ++#include ++#include ++#include ++#include ++#include "ip.h" /* __USE_BSD section only */ + #include + #include ++#include + #include + #include + #include +@@ -54,7 +55,7 @@ + + + /* This function copies an skb, growing it to "size" bytes. +- Mostly derived from the Linux 2.0.25 skb_copy function. */ ++ Mostly derived from the Linux 2.1.92 skb_copy function. */ + + static struct sk_buff *skb_expand_copy(struct sk_buff *skb, int size) + { +@@ -63,8 +64,6 @@ + + /* Allocate the copy buffer */ + +- IS_SKB(skb); +- + n = alloc_skb(size, GFP_ATOMIC); + if (n == NULL) + return NULL; +@@ -80,33 +79,25 @@ + + /* Copy the bytes */ + memcpy(n->head, skb->head, skb->end - skb->head); +- n->link3 = NULL; +- n->list = NULL; +- n->sk = NULL; +- n->when = skb->when; +- n->dev = skb->dev; +- n->h.raw = skb->h.raw + offset; +- n->mac.raw = skb->mac.raw + offset; +- n->ip_hdr = (struct iphdr *)(((char *)skb->ip_hdr) + offset); +- n->saddr = skb->saddr; +- n->daddr = skb->daddr; +- n->raddr = skb->raddr; +- n->seq = skb->seq; +- n->end_seq = skb->end_seq; +- n->ack_seq = skb->ack_seq; +- n->acked = skb->acked; +- memcpy(n->proto_priv, skb->proto_priv, sizeof(skb->proto_priv)); +- n->used = skb->used; +- n->free = 1; +- n->arp = skb->arp; +- n->tries = 0; +- n->lock = 0; +- n->users = 0; +- n->pkt_type= skb->pkt_type; +- n->stamp = skb->stamp; ++ n->csum = skb->csum; ++ n->list = NULL; ++ n->sk = NULL; ++ n->dev = skb->dev; ++ n->priority = skb->priority; ++ n->protocol = skb->protocol; ++ n->dst = dst_clone(skb->dst); ++ n->h.raw = skb->h.raw + offset; ++ n->nh.raw = skb->nh.raw + offset; ++ n->mac.raw = skb->mac.raw + offset; ++ memcpy(n->cb, skb->cb, sizeof(skb->cb)); ++ n->used = skb->used; ++ n->is_clone = 0; ++ atomic_set(&n->users, 1); ++ n->pkt_type = skb->pkt_type; ++ n->stamp = skb->stamp; ++ n->destructor = NULL; ++ n->security = skb->security; + +- IS_SKB(n); +- + return n; + } + +@@ -128,9 +119,9 @@ + /* first "segment descriptor" (the one and only we actually use) */ + mb->ms = ms; + /* offset == offset of IP header in data area */ +- mb->offset = (u_char *) skb->ip_hdr - skb->head; ++ mb->offset = (u_char *) skb->nh.iph - skb->head; + /* len == length of IP packet */ +- mb->len = ntohs(skb->ip_hdr->tot_len); ++ mb->len = ntohs(skb->nh.iph->tot_len); + + /* ptr == pointer to the data area in first segment descriptor */ + ms->ptr = skb->head; +@@ -180,7 +171,7 @@ + int input_packet(struct firewall_ops *this, int pf, struct device *dev, + void *phdr, void *arg, struct sk_buff **pskb) + { +- struct iphdr *ipp = (*pskb)->ip_hdr; ++ struct iphdr *ipp = (*pskb)->nh.iph; + int tot_len = ntohs(ipp->tot_len); + struct sk_buff *newm, *qskb; + int result; +@@ -222,8 +213,8 @@ + + } + +- if ((*pskb)->proto_priv[15] & RCV_SEC) +- return FW_SKIP; ++ if ((*pskb)->security & RCV_SEC) ++ return FW_SKIP; /* Already processed this packet. */ + + /* never change transparent UDP ports needed for discovery */ + if ((ipp->protocol == IPPROTO_UDP) && +@@ -247,7 +238,7 @@ + + save_flags(flags); + cli(); +- ++ + /* Clone the input skb. This operation locks the data of the input skb, + so we can queue it. Be careful not to free the skb while it is queued! */ + qskb = newm = skb_clone(*pskb, GFP_ATOMIC); +@@ -259,17 +250,24 @@ + skb2memblk(newm, &oldmb, oldms); + + +- result = skip_process(SKIP_INPUT, NULL, NULL, (void *) &newm, &oldmb, &newmb); ++ result = skip_process(SKIP_INPUT, NULL, NULL, (void **) &newm, &oldmb, &newmb); + + + if (result == SKIP_PROCESSED) { + /* nothing happened */ + +- kfree_skb(newm, FREE_WRITE); + if (newm != qskb) +- kfree_skb(qskb, FREE_WRITE); ++ kfree_skb(qskb); ++ kfree_skb(newm); + +- newm->proto_priv[15] = RCV_SEC; ++ /* ++ * Original code had "newm->security = RCV_SEC;" below. This ++ * was an artifact from the Solaris port where the new mblk_t ++ * gets put on the input queue, and is incorrect in the current ++ * context because newm is freed above: if "nothing happened", ++ * we free qskb and newm regardless of whether newm is different. ++ * Why newm would be different is puzzling. --rct ++ */ + retval = FW_SKIP; + } + else if (result > SKIP_PROCESSED) { +@@ -277,37 +275,40 @@ + + /* fix up the skb pointers */ + newm->data = BLKSTART(&newmb); +- newm->ip_hdr = (struct iphdr *) newm->data; +- newm->len = ntohs(newm->ip_hdr->tot_len); ++ newm->nh.iph = (struct iphdr *) newm->data; ++ newm->len = ntohs(newm->nh.iph->tot_len); + newm->tail = newm->data + newm->len; + newm->protocol = htons(ETH_P_IP); + newm->ip_summed = 0; +- newm->h.iph = newm->ip_hdr; ++ newm->h.ipiph = newm->nh.iph; + + /* and mark the skb as "authenticated"/"decrypted" */ +- newm->proto_priv[15] = ((result & SKIP_P_AUTH) ? RCV_AUTH : 0) +- | ((result & SKIP_P_DECRYPT) ? RCV_CRYPT : 0) +- | ((result & SKIP_P_TUNNEL) ? RCV_TUNNEL : 0) +- | RCV_SEC; ++ /* ++ * The original code statement below ended with "| RCV_SEC" which ++ * reduced the statement to "newm->security = RCV_SEC;". --rct ++ */ ++ newm->security = (((result & SKIP_P_AUTH) ? RCV_AUTH : 0) ++ | ((result & SKIP_P_DECRYPT) ? RCV_CRYPT : 0) ++ | ((result & SKIP_P_TUNNEL) ? RCV_TUNNEL : 0)) ++ & RCV_SEC; + + /* and feed the packet back into the input queue (must not switch + skbs here, because we need the defragmentor) */ + if (newm != qskb) +- kfree_skb(qskb, FREE_WRITE); +- ++ kfree_skb(qskb); + netif_rx(newm); /* frees skb for us */ + } + else if (result == SKIP_QUEUED) { + /* the skb was queued */ + + if (newm != qskb) +- kfree_skb(newm, FREE_WRITE); ++ kfree_skb(newm); + } else { + /* bad packet, policy violation, unsupported protocol, etc. */ + +- kfree_skb(newm, FREE_WRITE); + if (newm != qskb) +- kfree_skb(qskb, FREE_WRITE); ++ kfree_skb(qskb); ++ kfree_skb(newm); + } + + restore_flags(flags); +@@ -327,7 +328,7 @@ + int output_packet(struct firewall_ops *dummy1, int pf, struct device *dev, + void *dummy3, void *arg, struct sk_buff **pskb) + { +- struct iphdr *ipp = (*pskb)->ip_hdr; ++ struct iphdr *ipp = (*pskb)->nh.iph; + int tot_len = ntohs(ipp->tot_len); + struct sk_buff *newm, *qskb; + int result; +@@ -344,7 +345,7 @@ + /* Recursion happens if the datagram has been fragmented: + ip_queue_xmit -> skip -> ip_fragment -> ip_queue_xmit -> SKIP */ + +- if ((*pskb)->proto_priv[15] & SND_SEC) ++ if ((*pskb)->security & SND_SEC) + return FW_ACCEPT; + + /* this happens, too */ +@@ -388,15 +389,15 @@ + skb2memblk(newm, &oldmb, oldms); + + +- result = skip_process(SKIP_OUTPUT, NULL, NULL, (void *) &newm, &oldmb, &newmb); ++ result = skip_process(SKIP_OUTPUT, NULL, NULL, (void **) &newm, &oldmb, &newmb); + + + if (result == SKIP_PROCESSED) { + /* nothing happened - if not enskipped, we just say "OK" */ + +- kfree_skb(newm, FREE_WRITE); ++ kfree_skb(newm); + if (newm != qskb) +- kfree_skb(qskb, FREE_WRITE); ++ kfree_skb(qskb); + + /* check user level policy */ + if (!((*pskb)->sk && +@@ -404,7 +405,7 @@ + (*pskb)->sk->encryption >= IPSEC_LEVEL_USE))) { + + /* Set marker in skb + accept packet */ +- (*pskb)->proto_priv[15] |= SND_SEC; ++ (*pskb)->security |= SND_SEC; + retval = FW_SKIP; + } + } +@@ -418,27 +419,27 @@ + (!(result & SKIP_P_ENCRYPT) && + (*pskb)->sk->encryption >= IPSEC_LEVEL_USE))) { + +- kfree_skb(newm, FREE_WRITE); ++ kfree_skb(newm); + if (newm != qskb) +- kfree_skb(qskb, FREE_WRITE); ++ kfree_skb(qskb); + } + else { + /* fix up skb */ + newm->data = BLKSTART(&newmb); +- newm->ip_hdr = (struct iphdr *) newm->data; +- newm->len = ntohs(newm->ip_hdr->tot_len); ++ newm->nh.iph = (struct iphdr *) newm->data; ++ newm->len = ntohs(newm->nh.iph->tot_len); + newm->tail = newm->data + newm->len; + newm->protocol = htons(ETH_P_IP); + newm->ip_summed = 0; +- newm->h.iph = newm->ip_hdr; ++ newm->h.ipiph = newm->nh.iph; + + newm->dev = dev; + + if (newm != qskb) +- kfree_skb(qskb, FREE_WRITE); ++ kfree_skb(qskb); + + /* Set marker in skb */ +- newm->proto_priv[15] |= SND_SEC; ++ newm->security |= SND_SEC; + + interface_ship_out(newm); + +@@ -449,7 +450,7 @@ + /* queued, will be fed back to us */ + + if (newm != qskb) +- kfree_skb(newm, FREE_WRITE); ++ kfree_skb(newm); + + qskb->dev = dev; + +@@ -458,9 +459,9 @@ + else { + /* bad packet/policy/etc. */ + +- kfree_skb(newm, FREE_WRITE); ++ kfree_skb(newm); + if (newm != qskb) +- kfree_skb(qskb, FREE_WRITE); ++ kfree_skb(qskb); + } + + restore_flags(flags); +@@ -500,7 +501,7 @@ + int packet_accept(struct firewall_ops *this, int pf, struct device *dev, + void *phdr, void *arg, struct sk_buff **pskb) + { +- if ((*pskb)->proto_priv[15] & SND_SEC) ++ if ((*pskb)->security & SND_SEC) + return FW_ACCEPT; + else + return FW_SKIP; +@@ -514,10 +515,32 @@ + + static inline void interface_ship_out(struct sk_buff *skb) + { +- IS_SKB(skb); ++ /* ++ * Not sure how to do this for 2.1.X. ip_forward() will free skb ++ * before returning non-zero, so for the first attempt we'll simply ++ * call ip_forward() and be done with it. N.B.: for 2.0.X, nothing ++ * was done for the case where ip_forward() returned 0. ++ * ++ * New for 2.1.X: ip_forward() cannot be told to leave the TTL alone, ++ * so we'll increment it and recalculate the checksum before calling ++ * ip_forward(). Alan says I can pass stuff out through the routing ++ * code directly, but I'm not savvy enough to see how that might be ++ * done. --rct ++ */ ++ struct iphdr *iph; ++ unsigned short check; ++ ++ /* ++ * Hopefully, this is the inverse of ip_decrease_ttl(). ++ */ ++ iph = skb->nh.iph; ++ check = ntohs(iph->check) - 0x0100; ++ if ((check & 0xff00) == 0xff00) ++ check--; ++ iph->check = htons(check); ++ ++iph->ttl; + +- if (ip_forward(skb, skb->dev, IPFWD_NOTTLDEC, skb->h.iph->daddr)) +- kfree_skb(skb, FREE_WRITE); ++ (void)ip_forward(skb); + } + + +@@ -528,15 +551,12 @@ + unsigned long flags; + */ + +- IS_SKB(skb); +- +- + /* fix the packet for ip_forward (because ip_build_xmit might not have) */ +- skb->h.iph = skb->ip_hdr; ++ skb->h.ipiph = skb->nh.iph; + + /* check it */ +- if (output_packet(NULL, PF_IPSEC, skb->dev, NULL, NULL, &skb) < FW_ACCEPT) +- kfree_skb(skb, FREE_WRITE); ++ if (output_packet(NULL, PF_SECURITY, skb->dev, NULL, NULL, &skb) < FW_ACCEPT) ++ kfree_skb(skb); + else { + /* ...and ship it */ + /* +@@ -670,18 +690,26 @@ + int interface_attach(void *dummy, u_char *ipaddr) + { + struct device *dev; ++ struct in_device *in_dev; ++ struct in_ifaddr *ifa; + int result = -1; + +- for (dev = dev_base; dev != NULL; dev = dev->next) { +- if ((dev->family == AF_INET) && (dev->pa_addr == *((__u32 *) ipaddr)) +- && !dev_skip(dev, "attach")) { +- if (dev->mtu < 68 + maxheadergrowth) +- printk("enskip: %s: interface mtu of %d is too small\n", +- dev->name, dev->mtu); +- else { +- dev->mtu -= maxheadergrowth; +- dev_addlist(dev); +- result = 0; ++ for (dev = dev_base; dev; dev = dev->next) { ++ if ((in_dev = dev->ip_ptr) != NULL) { ++ for (ifa = in_dev->ifa_list; ifa; ifa = ifa->ifa_next) { ++ if (ifa->ifa_local == *((__u32 *) ipaddr) && !dev_skip(dev, "attach")) { ++ if (dev->mtu < 68 + maxheadergrowth) ++ printk("enskip: %s: interface mtu of %d is too small\n", ++ dev->name, dev->mtu); ++ else { ++ if (dev->change_mtu) ++ (void)dev->change_mtu(dev, dev->mtu - maxheadergrowth); ++ else ++ dev->mtu -= maxheadergrowth; ++ dev_addlist(dev); ++ result = 0; ++ } ++ } + } + } + } +@@ -692,14 +720,22 @@ + int interface_detach(void *dummy, u_char *ipaddr) + { + struct device *dev; ++ struct in_device *in_dev; ++ struct in_ifaddr *ifa; + int result = -1; + +- for (dev = dev_base; dev != NULL; dev = dev->next) { +- if ((dev->family == AF_INET) && (dev->pa_addr == *((__u32 *) ipaddr)) +- && dev_skip(dev, "detach")) { +- dev_rmlist(dev); +- dev->mtu += maxheadergrowth; +- result = 0; ++ for (dev = dev_base; dev; dev = dev->next) { ++ if ((in_dev = dev->ip_ptr) != NULL) { ++ for (ifa = in_dev->ifa_list; ifa; ifa = ifa->ifa_next) { ++ if (ifa->ifa_local == *((__u32 *) ipaddr) && dev_skip(dev, "detach")) { ++ dev_rmlist(dev); ++ if (dev->change_mtu) ++ (void)dev->change_mtu(dev, dev->mtu + maxheadergrowth); ++ else ++ dev->mtu += maxheadergrowth; ++ result = 0; ++ } ++ } + } + } + +@@ -715,14 +751,17 @@ + + maxheadergrowth = ipsp_maxheadergrowth(); + +- for (dev = dev_base; dev != NULL; dev = dev->next) { +- if (dev->family == AF_INET) { ++ for (dev = dev_base; dev; dev = dev->next) { ++ if (dev->ip_ptr) { + if (dev->mtu < 68 + maxheadergrowth) + printk("enskip: %s: interface mtu of %d is too small\n", + dev->name, dev->mtu); + else { + if ((dev->flags & IFF_LOOPBACK) == 0) { +- dev->mtu -= maxheadergrowth; ++ if (dev->change_mtu) ++ (void)dev->change_mtu(dev, dev->mtu - maxheadergrowth); ++ else ++ dev->mtu -= maxheadergrowth; + dev_addlist(dev); + } + } +@@ -739,10 +778,13 @@ + { + struct device *dev; + +- for (dev = dev_base; dev != NULL; dev = dev->next) { +- if ((dev->family == AF_INET) && dev_skip(dev, "exit")) { ++ for (dev = dev_base; dev; dev = dev->next) { ++ if (dev->ip_ptr && dev_skip(dev, "exit")) { + dev_rmlist(dev); +- dev->mtu += maxheadergrowth; ++ if (dev->change_mtu) ++ (void)dev->change_mtu(dev, dev->mtu + maxheadergrowth); ++ else ++ dev->mtu += maxheadergrowth; + } + } + +--- ENskip-0.67/linux/queue.c.orig Thu Feb 6 03:38:36 1997 ++++ ENskip-0.67/linux/queue.c Thu Apr 2 13:34:48 1998 +@@ -21,9 +21,18 @@ + + #include "config.h" + #include ++#ifdef KERNEL /* glibc */ ++#include ++#include ++#include ++#include ++#include "ip.h" /* __USE_BSD section only */ ++#define IP_CE IP_RF ++#else + #include + #include + #include ++#endif + #include + #include + #include +@@ -50,9 +59,9 @@ + int retval = 0; + + #ifdef DEBUG_LINUX_QUEUE +- struct iphdr *ip = ((struct sk_buff *) pkt)->ip_hdr; ++ struct iphdr *ip = ((struct sk_buff *) pkt)->nh.iph; + +- printf("queue %p: enqueue_in skb=%p ip_hdr=%p srcip=%08x dstip=%08x\n", ++ printf("queue %p: enqueue_in skb=%p nh.iph=%p srcip=%08x dstip=%08x\n", + q, pkt, ip, ip->saddr, ip->daddr); + #endif + tmp = kmalloc(sizeof (*tmp), GFP_ATOMIC); +@@ -78,7 +87,7 @@ + printf("queue overflow: free skb=%p queue=%p\n", pkt, tmp); + #endif + kfree(tmp); +- kfree_skb((struct sk_buff *) pkt, FREE_WRITE); ++ kfree_skb((struct sk_buff *) pkt); + + retval = -1; + } +@@ -98,9 +107,9 @@ + int retval = 0; + + #ifdef DEBUG_LINUX_QUEUE +- struct iphdr *ip = ((struct sk_buff *) pkt)->ip_hdr; ++ struct iphdr *ip = ((struct sk_buff *) pkt)->nh.iph; + +- printf("queue %p: enqueue_out skb=%p ip_hdr %p srcip=%08x dstip=%08x\n", ++ printf("queue %p: enqueue_out skb=%p nh.iph %p srcip=%08x dstip=%08x\n", + q, pkt, ip, ip->saddr, ip->daddr); + #endif + +@@ -127,7 +136,7 @@ + printf("queue overflow: free skb=%p queue=%p\n", pkt, tmp); + #endif + kfree(tmp); +- kfree_skb((struct sk_buff *) pkt, FREE_WRITE); ++ kfree_skb((struct sk_buff *) pkt); + + retval = -1; + } +@@ -157,7 +166,7 @@ + #ifdef DEBUG_LINUX_QUEUE + printf("queue_free: free skb=%p queue=%p\n", tmp->pskb, tmp); + #endif +- kfree_skb(tmp->pskb, FREE_WRITE); ++ kfree_skb(tmp->pskb); + kfree(tmp); + } + +@@ -171,7 +180,7 @@ + #ifdef DEBUG_LINUX_QUEUE + printf("queue_free: free skb=%p queue=%p\n", tmp->pskb, tmp); + #endif +- kfree_skb(tmp->pskb, FREE_WRITE); ++ kfree_skb(tmp->pskb); + kfree(tmp); + } + +@@ -250,9 +259,9 @@ + else + m = NULL; + +- if (m && m->ip_hdr) { +- *((__u32 *) srcip) = m->ip_hdr->saddr; +- *((__u32 *) dstip) = m->ip_hdr->daddr; ++ if (m && m->nh.iph) { ++ *((__u32 *) srcip) = m->nh.iph->saddr; ++ *((__u32 *) dstip) = m->nh.iph->daddr; + result = 0; + } + else { +--- ENskip-0.67/linux/device.c.orig Wed Jan 29 03:20:23 1997 ++++ ENskip-0.67/linux/device.c Sat Feb 14 22:41:10 1998 +@@ -38,6 +38,7 @@ + #include + #include + #include ++#include + #include "skip_defs.h" + #include "dynamic.h" + #include "memblk.h" +@@ -82,21 +83,21 @@ + if (io == NULL) + return -ENOMEM; + +- memcpy_fromfs(io, (void *) arg, sizeof(struct devioctl)); +- ++ copy_from_user(io, (void *)arg, sizeof(struct devioctl)); ++ + retval = verify_area(VERIFY_WRITE, (void *) io->ic_dp, io->ic_len); + if (retval) { + kfree(io); + return retval; + } +- ++ + req = (u_char *) kmalloc(io->ic_len, GFP_ATOMIC); + if (req == NULL) { + kfree(io); + return -ENOMEM; + } + +- memcpy_fromfs(req, io->ic_dp, io->ic_len); ++ copy_from_user(req, io->ic_dp, io->ic_len); + + #ifdef DEBUG_LINUX_IOCTL + printk("Calling ioctl request handler, request len=%i\n", io->ic_len); +@@ -111,10 +112,10 @@ + kfree(io); + return retval; + } +- memcpy_tofs((void *) io->ic_dp, req, newlen); ++ copy_to_user((void *)io->ic_dp, req, newlen); + } + io->ic_len = newlen; +- memcpy_tofs((void *) arg, io, sizeof(struct devioctl)); ++ copy_to_user((void *)arg, io, sizeof(struct devioctl)); + + kfree(req); + kfree(io); +@@ -133,8 +134,9 @@ + } + + /* close function -- called from device switching table */ +-void close_skip(struct inode *inode, struct file *file) ++int close_skip(struct inode *inode, struct file *file) + { + MOD_DEC_USE_COUNT; ++ return 0; + } + +--- ENskip-0.67/linux/device.h.orig Sun Dec 1 18:56:43 1996 ++++ ENskip-0.67/linux/device.h Wed Jan 28 11:21:10 1998 +@@ -24,7 +24,7 @@ + + extern int ioctl_skip(struct inode *, struct file *, unsigned int, unsigned long); + extern int open_skip(struct inode *, struct file *); +-extern void close_skip(struct inode *, struct file *); ++extern int close_skip(struct inode *, struct file *); + + #endif /* _ENSKIP_LINUX_DEVICE_H */ + +--- ENskip-0.67/linux/skipmod.c.orig Sun Jan 26 08:40:32 1997 ++++ ENskip-0.67/linux/skipmod.c Wed Sep 9 21:44:38 1998 +@@ -103,7 +103,7 @@ + forward_packet, + packet_nop, + output_packet, +- PF_IPSEC, ++ PF_SECURITY, + 2 /* allow other filters to hook before us */ + }; + +@@ -114,10 +114,13 @@ + NULL, /* read */ + NULL, /* write */ + NULL, /* readdir */ +- NULL, /* select */ ++ NULL, /* poll */ + ioctl_skip, /* ioctl */ + NULL, /* mmap */ + open_skip, /* open code */ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,1,118) ++ NULL, /* flush */ ++#endif + close_skip, /* release code */ + NULL /* fsync */ + }; +@@ -132,7 +135,7 @@ + } + + if (register_firewall(PF_INET, &skip_in) || +- register_firewall(PF_IPSEC, &skip_out)) { ++ register_firewall(PF_SECURITY, &skip_out)) { + printk("Unable to register ENskip as packet filter!\n"); + + unregister_chrdev(SKIP_DEV_MAJOR, SKIP_DEV_NAME); +@@ -156,7 +159,7 @@ + + unregister_chrdev(SKIP_DEV_MAJOR, SKIP_DEV_NAME); + +- unregister_firewall(PF_IPSEC, &skip_out); ++ unregister_firewall(PF_SECURITY, &skip_out); + unregister_firewall(PF_INET, &skip_in); + + printk(KERN_INFO "enskip: module unloaded.\n"); +--- ENskip-0.67/linux/ip.h.orig Wed Mar 11 10:21:33 1998 ++++ ENskip-0.67/linux/ip.h Mon Mar 9 13:59:35 1998 +@@ -0,0 +1,87 @@ ++#ifdef __USE_BSD ++/* ++ * Copyright (c) 1982, 1986, 1993 ++ * The Regents of the University of California. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * This product includes software developed by the University of ++ * California, Berkeley and its contributors. ++ * 4. Neither the name of the University nor the names of its contributors ++ * may be used to endorse or promote products derived from this software ++ * without specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * @(#)ip.h 8.1 (Berkeley) 6/10/93 ++ */ ++ ++/* ++ * Definitions for internet protocol version 4. ++ * Per RFC 791, September 1981. ++ */ ++ ++/* ++ * Structure of an internet header, naked of options. ++ */ ++struct ip ++ { ++#if __BYTE_ORDER == __LITTLE_ENDIAN ++ u_int8_t ip_hl:4; /* header length */ ++ u_int8_t ip_v:4; /* version */ ++#endif ++#if __BYTE_ORDER == __BIG_ENDIAN ++ u_int8_t ip_v:4; /* version */ ++ u_int8_t ip_hl:4; /* header length */ ++#endif ++ u_int8_t ip_tos; /* type of service */ ++ u_short ip_len; /* total length */ ++ u_short ip_id; /* identification */ ++ u_short ip_off; /* fragment offset field */ ++#define IP_RF 0x8000 /* reserved fragment flag */ ++#define IP_DF 0x4000 /* dont fragment flag */ ++#define IP_MF 0x2000 /* more fragments flag */ ++#define IP_OFFMASK 0x1fff /* mask for fragmenting bits */ ++ u_int8_t ip_ttl; /* time to live */ ++ u_int8_t ip_p; /* protocol */ ++ u_short ip_sum; /* checksum */ ++ struct in_addr ip_src, ip_dst; /* source and dest address */ ++ }; ++ ++/* ++ * Time stamp option structure. ++ */ ++struct ip_timestamp ++ { ++ u_int8_t ipt_code; /* IPOPT_TS */ ++ u_int8_t ipt_len; /* size of structure (variable) */ ++ u_int8_t ipt_ptr; /* index of current entry */ ++#if __BYTE_ORDER == __LITTLE_ENDIAN ++ u_int8_t ipt_flg:4; /* flags, see below */ ++ u_int8_t ipt_oflw:4; /* overflow counter */ ++#endif ++#if __BYTE_ORDER == __BIG_ENDIAN ++ u_int8_t ipt_oflw:4; /* overflow counter */ ++ u_int8_t ipt_flg:4; /* flags, see below */ ++#endif ++ u_int32_t data[9]; ++ }; ++#endif /* __USE_BSD */ +--- ENskip-0.67/linux/config.h.orig Thu Mar 13 09:35:54 1997 ++++ ENskip-0.67/linux/config.h Mon Mar 9 14:53:03 1998 +@@ -33,9 +33,11 @@ + #define __BSD_SOURCE + + #include ++#ifndef KERNEL /* glibc */ + #include + #include + #include ++#endif + + typedef __s32 int32; + typedef __u32 u_int32; +@@ -65,9 +67,11 @@ + #include + #include + #include ++#ifndef KERNEL /* glibc */ + #include + #include + #include ++#endif + #include + + #define SMALL_KERNEL_STACK +@@ -121,7 +125,7 @@ + #include + #include + #include +-#include ++#include /* glibc */ + #include + + #define KALLOC(size) malloc((size)) +--- ENskip-0.67/lib/ah.c.orig Wed Feb 5 16:37:59 1997 ++++ ENskip-0.67/lib/ah.c Thu Apr 2 13:31:19 1998 +@@ -4,9 +4,18 @@ + */ + #include "config.h" + ++#if defined(KERNEL) && defined(linux) ++#include ++#include ++#include ++#include ++#include "ip.h" /* __USE_BSD section only */ ++#define IP_CE IP_RF ++#else + #include + #include + #include ++#endif + + #include "skip_defs.h" + #include "memblk.h" +--- ENskip-0.67/lib/ipsp.c.orig Wed Feb 5 16:45:52 1997 ++++ ENskip-0.67/lib/ipsp.c Thu Apr 2 13:28:41 1998 +@@ -11,9 +11,18 @@ + #include "config.h" + + #include ++#if defined(KERNEL) && defined(linux) /* glibc */ ++#include ++#include ++#include ++#include ++#include "ip.h" /* __USE_BSD section only */ ++#define IP_CE IP_RF ++#else + #include + #include + #include ++#endif + + #include "skip_defs.h" + #include "id.h" +--- ENskip-0.67/lib/ipsum.c.orig Thu Nov 14 15:46:44 1996 ++++ ENskip-0.67/lib/ipsum.c Thu Apr 2 13:29:43 1998 +@@ -4,10 +4,20 @@ + */ + #include "config.h" + ++#if defined(KERNEL) && defined(linux) /* glibc */ ++#include ++#include ++#include ++#include ++#include ++#include "ip.h" /* __USE_BSD section only */ ++#define IP_CE IP_RF ++#else + #include + #include + #include + #include ++#endif + #include "ipsum.h" + + #ifdef __GNUC__ +--- ENskip-0.67/lib/skip.c.orig Wed Feb 19 02:46:33 1997 ++++ ENskip-0.67/lib/skip.c Thu Apr 2 13:30:45 1998 +@@ -7,10 +7,20 @@ + + #include "config.h" + #include ++#if defined(KERNEL) && defined(linux) /* glibc */ ++#include ++#include ++#include ++#include ++#include "ip.h" /* __USE_BSD section only */ ++#define IP_CE IP_RF ++#include ++#else + #include + #include + #include + #include ++#endif + + #include "skip_defs.h" + #include "memblk.h" +--- ENskip-0.67/lib/id.c.orig Fri May 9 06:20:05 1997 ++++ ENskip-0.67/lib/id.c Mon Mar 9 14:50:25 1998 +@@ -5,7 +5,9 @@ + + #include "config.h" + ++#ifndef KERNEL + #include ++#endif + #include "skip_defs.h" + + #ifndef KERNEL +--- ENskip-0.67/cert/suncert/lib/Bigint.C.orig Thu Mar 13 08:13:23 1997 ++++ ENskip-0.67/cert/suncert/lib/Bigint.C Fri Jun 5 12:31:04 1998 +@@ -46,7 +46,7 @@ + #include "Time.h" + #include "asn1_der.h" + +-#ifndef SOLARIS2 ++#if !defined(SOLARIS2) && !defined(linux) /* glibc */ + extern "C" { + void bzero(void *, int); + }; + diff -urN lin.2.2.17/Documentation/crypto/faq.txt int.2.2.17.x/Documentation/crypto/faq.txt --- lin.2.2.17/Documentation/crypto/faq.txt Thu Jan 1 01:00:00 1970 +++ int.2.2.17.x/Documentation/crypto/faq.txt Sat Oct 14 00:48:17 2000 @@ -0,0 +1,159 @@ +Questions and answers concerning crypto and looppack device +By Patrice Lacroix +Last update: 1999-05-21 + +1) What is the crypto API? + +It allow other parts of the kernel to use crypto in a generic way, +most notably the loopback device driver (loop_gen.c). + + +2) What is loop_gen? + +First, you should already be familiar with basic loopback device. See +losetup(1) for more info. + +Loop_gen is the generic encryption layer for the loopback driver. +It uses the crypto API to do encryption. It works with every ciphers +supported by the crypto API. Not all ciphers in the crypto library +support the API yet. + +Loop_gen (and the crypto api) will eventually replace all other loopback +encryption modules. + +Loop_gen use all supported ciphers in CBC mode. + + +3) What can I do with loop_gen? + +The basic loopback device driver allow you to use a file as a block +device. With loop_gen, data in the file associated with the loopback +block device can be encrypted with strong crypto. + +You can use the result as any other block device. If you create a file +system and mount it, then every file in the file system will be +automaticly encrypted. + + +4) Can I use all this as modules? + +Sure! In make menuconfig (or whatever), under Crypto options, say M to +Crypto ciphers and to the ciphers you want. Under Block Device, say M to +loopback device and to General Encryption Support. Don't select any other +encryption modules unless you can't live without them and they are +no longer suported by the crypto API. + +Build your kernel and modules, make modules_install, reboot, depmod -a + +In /etc/conf.modules, add: + +alias loop-xfer-gen-0 loop_gen +alias loop-xfer-gen-10 loop_gen +alias cipher-2 des +alias cipher-4 blowfish +alias cipher-6 idea +alias cipher-7 serp6f +alias cipher-8 mars6 +alias cipher-11 rc62 +alias cipher-15 dfc2 +alias cipher-16 rijndael +alias cipher-17 rc5 + + +5) Why all those funny numbers? + +In short, the kernel know ciphers only by number. If you really want to know +how it works, you can grep request_module in linux/crypto/api.c and +linux/drivers/block/loop.c. + + +6) I get "Unsupported encryption type" when I use losetup or mount. What's + wrong? + +You need a version of losetup and mount that understand new encryption +types. To get it, you probably have to apply the util-linux patch you can +find in linux/Documentation/crypto and rebuild mount and losetup. + + +7) Can I stack loop devices and encryption? + +Yes! + + +6) I can't access the content of my encrypted file system since I + moved the backing file to a new partition. Why? + +This is because when a block of data is encrypted with loop_gen, +its IV for CBC encryption is set to the real block where the +file is located on the block device underneath it. So when the +encrypted file system is physically moved on a block device, the +IV used for encryption and decryption change, and data can't be +decrypted correctly. + +As of patch-int-2.2.10.4, you should answer 'Y' to the question 'Use +relative block numbers as basis for transfer functions (RECOMMENDED)' +to avoid this problem. + +Another solution is to losetup your file once without using crypto and +then losetup again the first loopback block device to add +encryption. Since the encryption will always be from block 0 (inside +the first loopback device), the IV for CBC encryption will be the same +no matter where the original file is located. + +Ex: + +# losetup /dev/loop0 encfs.loop +# losetup -e blowfish /dev/loop1 /dev/loop0 +Password: (not shown) +# mount /dev/loop1 /mnt + +(here you can access the fs under /mnt...) + +(and to destroy loopback devices...) + +# umount /mnt +# losetup -d /dev/loop1 +# losetup -d /dev/loop0 + +With this solution, you can do backup of your encrypted data +(which is a good thing) but it's more complexe and it's probably +less secure (which is a bad thing). + + +7) Since patch-int-2.2.10.4 I can't access my encrypted device. + +As of patch-int-2.2.10.4, the encrypted files will be incompatible +with older files if you answer 'Y' to the question 'Use relative block +numbers as basis for transfer functions (RECOMMENDED)'. To be able to +back up your encrypted files in the future, you should convert to the +new layout [which uses relative block numbers as IV to the cipher +instead of absolute ones]. This can be accomplished by doing +something like the following: + + +# losetup -e mypreferredcipher /dev/loop0 /myfile + +# dd if=/dev/loop0 of=tmpfile +# losetup -d /dev/loop0 + + +# losetup -e mypreferredcipher /dev/loop0 /myfile + +# dd if=tmpfile of=/dev/loop0 +# dd if=/dev/zero of=tmpfile bs=1k count= +or you could download some of the special software used for wiping +magnetic media such as wipe from +http://gsu.linux.org.tr/wipe/ + +8) I made an encrypted filesystem on my hard-disk and tried to burn it + on a CD. Now I can't get the CD to work properly. + +This is a current limitation in the loop device code. The block size +(the smalles number of bytes that can be read) of a hard-disk is +smaller than the block size of a CD-ROM. This causes problems since +the block size dictates how many bytes are encrypted as a block. + +There is no solution to this problem at this time, but it isn't hard +to fix. Contact me (Alexander Kjeldaas ) if you're +willing to work on this problem. + diff -urN lin.2.2.17/Documentation/crypto/util-linux-2.10m.getpass.diff int.2.2.17.x/Documentation/crypto/util-linux-2.10m.getpass.diff --- lin.2.2.17/Documentation/crypto/util-linux-2.10m.getpass.diff Thu Jan 1 01:00:00 1970 +++ int.2.2.17.x/Documentation/crypto/util-linux-2.10m.getpass.diff Sat Oct 14 00:48:17 2000 @@ -0,0 +1,88 @@ +--- lomount.c.orig Thu Jul 13 19:41:03 2000 ++++ lomount.c Thu Jul 13 19:59:10 2000 +@@ -54,6 +54,8 @@ + { -1, NULL } + }; + ++char * clkey; ++ + static int + crypt_type (const char *name) { + int i; +@@ -170,6 +172,14 @@ + return 0; + } + ++char *getthepass ( const char * prompt ) { ++ if (clkey) { ++ return clkey; ++ } else { ++ return (getpass(prompt)); ++ } ++} ++ + int + set_loop (const char *device, const char *file, int offset, + const char *encryption, int *loopro) { +@@ -221,18 +231,18 @@ + loopinfo.lo_encrypt_key_size = 0; + break; + case LO_CRYPT_XOR: +- pass = getpass (_("Password: ")); ++ pass = getthepass(_("Password: ")); + strncpy (loopinfo.lo_encrypt_key, pass, LO_KEY_SIZE); + loopinfo.lo_encrypt_key[LO_KEY_SIZE - 1] = 0; + loopinfo.lo_encrypt_key_size = strlen(loopinfo.lo_encrypt_key); + break; + case LO_CRYPT_DES: + printf(_("WARNING: Use of DES is depreciated.\n")); +- pass = getpass (_("Password: ")); ++ pass = getthepass (_("Password: ")); + strncpy (loopinfo.lo_encrypt_key, pass, 8); + loopinfo.lo_encrypt_key[8] = 0; + loopinfo.lo_encrypt_key_size = 8; +- pass = getpass (_("Init (up to 16 hex digits): ")); ++ pass = getthepass (_("Init (up to 16 hex digits): ")); + for (i = 0; i < 16 && pass[i]; i++) + if (isxdigit (pass[i])) { + loopinfo.lo_init[i >> 3] |= (pass[i] > '9' ? +@@ -246,7 +256,7 @@ + break; + case LO_CRYPT_FISH2: + case LO_CRYPT_BLOW: +- pass = getpass("Password :"); ++ pass = getthepass("Password :"); + MDcalc((byte *)loopinfo.lo_encrypt_key,pass,strlen(pass)); + loopinfo.lo_encrypt_key_size=20; /* 160 Bit key */ + break; +@@ -256,7 +266,7 @@ + case LO_CRYPT_MARS: + case LO_CRYPT_RC6: + case LO_CRYPT_DFC: +- pass = getpass("Password :"); ++ pass = getthepass("Password :"); + MDcalc((byte *)loopinfo.lo_encrypt_key,pass,strlen(pass)); + loopinfo.lo_encrypt_key_size=16; /* 128 Bit key */ + break; +@@ -398,9 +408,9 @@ + textdomain(PACKAGE); + + delete = off = 0; +- offset = encryption = NULL; ++ offset = encryption = clkey = NULL; + progname = argv[0]; +- while ((c = getopt(argc,argv,"de:o:v")) != EOF) { ++ while ((c = getopt(argc,argv,"de:o:vk:")) != EOF) { + switch (c) { + case 'd': + delete = 1; +@@ -410,6 +420,9 @@ + break; + case 'o': + offset = optarg; ++ break; ++ case 'k': ++ clkey = optarg; + break; + case 'v': + verbose = 1; diff -urN lin.2.2.17/Documentation/crypto/util-linux-2.10o.int.patch int.2.2.17.x/Documentation/crypto/util-linux-2.10o.int.patch --- lin.2.2.17/Documentation/crypto/util-linux-2.10o.int.patch Thu Jan 1 01:00:00 1970 +++ int.2.2.17.x/Documentation/crypto/util-linux-2.10o.int.patch Sat Oct 14 00:48:17 2000 @@ -0,0 +1,785 @@ +diff -urN util-linux-2.10o/MCONFIG util-linux-2.10o.int2/MCONFIG +--- util-linux-2.10o/MCONFIG Fri Aug 11 23:21:53 2000 ++++ util-linux-2.10o.int2/MCONFIG Mon Sep 25 11:44:06 2000 +@@ -16,7 +16,7 @@ + # If HAVE_PAM is set to "yes", then login, chfn, chsh, and newgrp + # will use PAM for authentication. Additionally, passwd will not be + # installed as it is not PAM aware. +-HAVE_PAM=no ++HAVE_PAM=yes + + # If HAVE_SHADOW is set to "yes", then login, chfn, chsh, newgrp, passwd, + # and vipw will not be built or installed from the login-utils +diff -urN util-linux-2.10o/mount/Makefile util-linux-2.10o.int2/mount/Makefile +--- util-linux-2.10o/mount/Makefile Fri Aug 11 20:58:54 2000 ++++ util-linux-2.10o.int2/mount/Makefile Mon Sep 25 11:44:06 2000 +@@ -28,7 +28,7 @@ + GEN_FILES = nfsmount.h nfsmount_xdr.c nfsmount_clnt.c + + # comment these out if you are not compiling in loop support +-LO_OBJS=lomount.o ++LO_OBJS=lomount.o rmd160.o + + all: $(PROGS) + +@@ -59,7 +59,7 @@ + losetup.o: lomount.c + $(COMPILE) -DMAIN lomount.c -o $@ + +-losetup: losetup.o ++losetup: losetup.o rmd160.o + $(LINK) $^ -o $@ + + mount.o umount.o nfsmount.o losetup.o fstab.o realpath.o sundries.o: sundries.h +diff -urN util-linux-2.10o/mount/lomount.c util-linux-2.10o.int2/mount/lomount.c +--- util-linux-2.10o/mount/lomount.c Sat Aug 5 17:52:28 2000 ++++ util-linux-2.10o.int2/mount/lomount.c Mon Sep 25 11:44:34 2000 +@@ -27,6 +27,7 @@ + + #include "loop.h" + #include "lomount.h" ++#include "rmd160.h" + #include "nls.h" + + extern int verbose; +@@ -37,12 +38,22 @@ + struct crypt_type_struct { + int id; + char *name; ++ int keylength; + } crypt_type_tbl[] = { +- { LO_CRYPT_NONE, "no" }, +- { LO_CRYPT_NONE, "none" }, +- { LO_CRYPT_XOR, "xor" }, +- { LO_CRYPT_DES, "DES" }, +- { -1, NULL } ++ { LO_CRYPT_NONE, "no",0 }, ++ { LO_CRYPT_NONE, "none",0 }, ++ { LO_CRYPT_XOR, "xor",0 }, ++ { LO_CRYPT_DES, "DES",8 }, ++ { LO_CRYPT_FISH2, "twofish",20 }, ++ { LO_CRYPT_BLOW, "blowfish",20 }, ++ { LO_CRYPT_CAST128, "cast128", 16}, ++ { LO_CRYPT_SERPENT, "serpent", 16}, ++ { LO_CRYPT_MARS, "mars",16 }, ++ { LO_CRYPT_RC6, "rc6",16 }, ++ { LO_CRYPT_DES_EDE3, "DES_EDE3",24}, ++ { LO_CRYPT_DFC, "dfc",16 }, ++ { LO_CRYPT_IDEA, "idea",16}, ++ { -1, NULL,0 } + }; + + static int +@@ -167,12 +178,18 @@ + return 0; + } + ++#define HASHLENGTH 20 ++#define PASSWDBUFFLEN 130 /* getpass returns only max. 128 bytes, see man getpass */ ++ + int + set_loop (const char *device, const char *file, int offset, + const char *encryption, int *loopro) { + struct loop_info loopinfo; + int fd, ffd, mode, i; ++ int keylength; + char *pass; ++ char keybits[2*HASHLENGTH]; ++ char passwdbuff[PASSWDBUFFLEN]; + + mode = (*loopro ? O_RDONLY : O_RDWR); + if ((ffd = open (file, mode)) < 0) { +@@ -224,6 +241,7 @@ + loopinfo.lo_encrypt_key_size = strlen(loopinfo.lo_encrypt_key); + break; + case LO_CRYPT_DES: ++ printf(_("WARNING: Use of DES is depreciated.\n")); + pass = getpass (_("Password: ")); + strncpy (loopinfo.lo_encrypt_key, pass, 8); + loopinfo.lo_encrypt_key[8] = 0; +@@ -240,6 +258,30 @@ + return 1; + } + break; ++ case LO_CRYPT_FISH2: ++ case LO_CRYPT_BLOW: ++ case LO_CRYPT_IDEA: ++ case LO_CRYPT_CAST128: ++ case LO_CRYPT_SERPENT: ++ case LO_CRYPT_MARS: ++ case LO_CRYPT_RC6: ++ case LO_CRYPT_DES_EDE3: ++ case LO_CRYPT_DFC: ++ pass = getpass("Password :"); ++ strncpy(passwdbuff+1,pass,PASSWDBUFFLEN-1); ++ passwdbuff[0] = 'A'; ++ rmd160_hash_buffer(keybits,pass,strlen(pass)); ++ rmd160_hash_buffer(keybits+HASHLENGTH,passwdbuff,strlen(pass)+1); ++ memcpy((char*)loopinfo.lo_encrypt_key,keybits,2*HASHLENGTH); ++ keylength=0; ++ for(i=0; crypt_type_tbl[i].id != -1; i++){ ++ if(loopinfo.lo_encrypt_type == crypt_type_tbl[i].id){ ++ keylength = crypt_type_tbl[i].keylength; ++ break; ++ } ++ } ++ loopinfo.lo_encrypt_key_size=keylength; ++ break; + default: + fprintf (stderr, + _("Don't know how to get key for encryption system %d\n"), +@@ -324,11 +366,18 @@ + + static void + usage(void) { ++ struct crypt_type_struct *c; + fprintf(stderr, _("usage:\n\ + %s loop_device # give info\n\ + %s -d loop_device # delete\n\ + %s [ -e encryption ] [ -o offset ] loop_device file # setup\n"), + progname, progname, progname); ++ fprintf(stderr, " where encryption is one of:\n"); ++ c = &crypt_type_tbl[0]; ++ while(c->name) { ++ fprintf(stderr, " %s\n", c->name); ++ c++; ++ } + exit(1); + } + +diff -urN util-linux-2.10o/mount/losetup.8 util-linux-2.10o.int2/mount/losetup.8 +--- util-linux-2.10o/mount/losetup.8 Fri Aug 11 13:11:30 2000 ++++ util-linux-2.10o.int2/mount/losetup.8 Mon Sep 25 11:44:06 2000 +@@ -36,11 +36,47 @@ + .PD 0 + .IP \fBXOR\fP + use a simple XOR encryption. ++.IP \fBBlowfish\fP ++use Blowfish encryption. Blowfish encryption is only available if you ++are using the international kernel and Blowfish encryption has been ++enabled in the Crypto API. ++.IP \fBTwofish\fP ++use Twofish encryption. Twofish encryption is only available if you ++are using the international kernel and Twofish encryption has been ++enabled in the Crypto API. ++.IP \fBCAST\fP ++use CAST encryption. CAST encryption is only available if you ++are using the international kernel and CAST encryption has been ++enabled in the Crypto API. + .IP \fBDES\fP + use DES encryption. DES encryption is only available if the optional + DES package has been added to the kernel. DES encryption uses an additional + start value that is used to protect passwords against dictionary +-attacks. ++attacks. Use of DES is deprecated. ++.IP \fBDFC\fP ++use DFC encryption. DFC encryption is only available if you ++are using the international kernel and DFC encryption has been ++enabled in the Crypto API. ++.IP \fBIDEA\fP ++use IDEA encryption. IDEA encryption is only available if you ++are using the international kernel and IDEA encryption has been ++enabled in the Crypto API. ++.IP \fBMARS\fP ++use MARS encryption. MARS encryption is only available if you ++are using the international kernel and MARS encryption has been ++enabled in the Crypto API. ++.IP \fBRC5\fP ++use RC5 encryption. RC5 encryption is only available if you ++are using the international kernel and RC5 encryption has been ++enabled in the Crypto API. ++.IP \fBRC6\fP ++use RC6 encryption. RC6 encryption is only available if you ++are using the international kernel and RC6 encryption has been ++enabled in the Crypto API. ++.IP \fBSerpent\fP ++use Serpent encryption. Serpent encryption is only available if you ++are using the international kernel and Serpent encryption has been ++enabled in the Crypto API. + .PD + .RE + .IP "\fB\-o \fIoffset\fP" +@@ -58,6 +94,7 @@ + .SH FILES + .nf + /dev/loop0,/dev/loop1,... loop devices (major=7) ++/proc/cipher/* available ciphers + .fi + .SH EXAMPLE + If you are using the loadable module you must have the module loaded +@@ -69,9 +106,8 @@ + .nf + .IP + dd if=/dev/zero of=/file bs=1k count=100 +-losetup -e des /dev/loop0 /file +-Password: +-Init (up to 16 hex digits): ++losetup -e blowfish /dev/loop0 /file ++Password : + mkfs -t ext2 /dev/loop0 100 + mount -t ext2 /dev/loop0 /mnt + ... +@@ -85,8 +121,12 @@ + # rmmod loop + .LP + .fi +-.SH RESTRICTION +-DES encryption is painfully slow. On the other hand, XOR is terribly weak. ++.SH RESTRICTIONS ++DES encryption is painfully slow. On the other hand, XOR is terribly ++weak. Both are insecure nowadays. Some ciphers require a licence for ++you to be allowed to use them. ++.SH BUGS ++CAST, DES, RC5 and Twofish are currently broken and cannot be used. + .SH AUTHORS + .nf + Original version: Theodore Ts'o +diff -urN util-linux-2.10o/mount/rmd160.c util-linux-2.10o.int2/mount/rmd160.c +--- util-linux-2.10o/mount/rmd160.c Thu Jan 1 01:00:00 1970 ++++ util-linux-2.10o.int2/mount/rmd160.c Mon Sep 25 11:46:06 2000 +@@ -0,0 +1,532 @@ ++/* rmd160.c - RIPE-MD160 ++ * Copyright (C) 1998 Free Software Foundation, Inc. ++ */ ++ ++/* This file was part of GnuPG. Modified for use within the Linux ++ * mount utility by Marc Mutz . None of this code is ++ * by myself. I just removed everything that you don't need when all ++ * you want to do is to use rmd160_hash_buffer(). ++ * My comments are marked with (mm). */ ++ ++/* GnuPG is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation; either version 2 of the License, or ++ * (at your option) any later version. ++ * ++ * GnuPG is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ ++ ++#include /* (mm) for memcpy */ ++#include /* (mm) for BIG_ENDIAN and BYTE_ORDER */ ++#include "rmd160.h" ++ ++/* (mm) these are used by the original GnuPG file. In order to modify ++ * that file not too much, we keep the notations. maybe it would be ++ * better to include linux/types.h and typedef __u32 to u32 and __u8 ++ * to byte? */ ++typedef unsigned int u32; /* taken from e.g. util-linux's minix.h */ ++typedef unsigned char byte; ++ ++typedef struct { ++ u32 h0,h1,h2,h3,h4; ++ u32 nblocks; ++ byte buf[64]; ++ int count; ++} RMD160_CONTEXT; ++ ++/**************** ++ * Rotate a 32 bit integer by n bytes ++ */ ++#if defined(__GNUC__) && defined(__i386__) ++static inline u32 ++rol( u32 x, int n) ++{ ++ __asm__("roll %%cl,%0" ++ :"=r" (x) ++ :"0" (x),"c" (n)); ++ return x; ++} ++#else ++ #define rol(x,n) ( ((x) << (n)) | ((x) >> (32-(n))) ) ++#endif ++ ++/********************************* ++ * RIPEMD-160 is not patented, see (as of 25.10.97) ++ * http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html ++ * Note that the code uses Little Endian byteorder, which is good for ++ * 386 etc, but we must add some conversion when used on a big endian box. ++ * ++ * ++ * Pseudo-code for RIPEMD-160 ++ * ++ * RIPEMD-160 is an iterative hash function that operates on 32-bit words. ++ * The round function takes as input a 5-word chaining variable and a 16-word ++ * message block and maps this to a new chaining variable. All operations are ++ * defined on 32-bit words. Padding is identical to that of MD4. ++ * ++ * ++ * RIPEMD-160: definitions ++ * ++ * ++ * nonlinear functions at bit level: exor, mux, -, mux, - ++ * ++ * f(j, x, y, z) = x XOR y XOR z (0 <= j <= 15) ++ * f(j, x, y, z) = (x AND y) OR (NOT(x) AND z) (16 <= j <= 31) ++ * f(j, x, y, z) = (x OR NOT(y)) XOR z (32 <= j <= 47) ++ * f(j, x, y, z) = (x AND z) OR (y AND NOT(z)) (48 <= j <= 63) ++ * f(j, x, y, z) = x XOR (y OR NOT(z)) (64 <= j <= 79) ++ * ++ * ++ * added constants (hexadecimal) ++ * ++ * K(j) = 0x00000000 (0 <= j <= 15) ++ * K(j) = 0x5A827999 (16 <= j <= 31) int(2**30 x sqrt(2)) ++ * K(j) = 0x6ED9EBA1 (32 <= j <= 47) int(2**30 x sqrt(3)) ++ * K(j) = 0x8F1BBCDC (48 <= j <= 63) int(2**30 x sqrt(5)) ++ * K(j) = 0xA953FD4E (64 <= j <= 79) int(2**30 x sqrt(7)) ++ * K'(j) = 0x50A28BE6 (0 <= j <= 15) int(2**30 x cbrt(2)) ++ * K'(j) = 0x5C4DD124 (16 <= j <= 31) int(2**30 x cbrt(3)) ++ * K'(j) = 0x6D703EF3 (32 <= j <= 47) int(2**30 x cbrt(5)) ++ * K'(j) = 0x7A6D76E9 (48 <= j <= 63) int(2**30 x cbrt(7)) ++ * K'(j) = 0x00000000 (64 <= j <= 79) ++ * ++ * ++ * selection of message word ++ * ++ * r(j) = j (0 <= j <= 15) ++ * r(16..31) = 7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8 ++ * r(32..47) = 3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12 ++ * r(48..63) = 1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2 ++ * r(64..79) = 4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13 ++ * r0(0..15) = 5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12 ++ * r0(16..31)= 6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2 ++ * r0(32..47)= 15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13 ++ * r0(48..63)= 8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14 ++ * r0(64..79)= 12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11 ++ * ++ * ++ * amount for rotate left (rol) ++ * ++ * s(0..15) = 11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8 ++ * s(16..31) = 7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12 ++ * s(32..47) = 11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5 ++ * s(48..63) = 11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12 ++ * s(64..79) = 9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6 ++ * s'(0..15) = 8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6 ++ * s'(16..31)= 9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11 ++ * s'(32..47)= 9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5 ++ * s'(48..63)= 15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8 ++ * s'(64..79)= 8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11 ++ * ++ * ++ * initial value (hexadecimal) ++ * ++ * h0 = 0x67452301; h1 = 0xEFCDAB89; h2 = 0x98BADCFE; h3 = 0x10325476; ++ * h4 = 0xC3D2E1F0; ++ * ++ * ++ * RIPEMD-160: pseudo-code ++ * ++ * It is assumed that the message after padding consists of t 16-word blocks ++ * that will be denoted with X[i][j], with 0 <= i <= t-1 and 0 <= j <= 15. ++ * The symbol [+] denotes addition modulo 2**32 and rol_s denotes cyclic left ++ * shift (rotate) over s positions. ++ * ++ * ++ * for i := 0 to t-1 { ++ * A := h0; B := h1; C := h2; D = h3; E = h4; ++ * A' := h0; B' := h1; C' := h2; D' = h3; E' = h4; ++ * for j := 0 to 79 { ++ * T := rol_s(j)(A [+] f(j, B, C, D) [+] X[i][r(j)] [+] K(j)) [+] E; ++ * A := E; E := D; D := rol_10(C); C := B; B := T; ++ * T := rol_s'(j)(A' [+] f(79-j, B', C', D') [+] X[i][r'(j)] ++ [+] K'(j)) [+] E'; ++ * A' := E'; E' := D'; D' := rol_10(C'); C' := B'; B' := T; ++ * } ++ * T := h1 [+] C [+] D'; h1 := h2 [+] D [+] E'; h2 := h3 [+] E [+] A'; ++ * h3 := h4 [+] A [+] B'; h4 := h0 [+] B [+] C'; h0 := T; ++ * } ++ */ ++ ++/* Some examples: ++ * "" 9c1185a5c5e9fc54612808977ee8f548b2258d31 ++ * "a" 0bdc9d2d256b3ee9daae347be6f4dc835a467ffe ++ * "abc" 8eb208f7e05d987a9b044a8e98c6b087f15a0bfc ++ * "message digest" 5d0689ef49d2fae572b881b123a85ffa21595f36 ++ * "a...z" f71c27109c692c1b56bbdceb5b9d2865b3708dbc ++ * "abcdbcde...nopq" 12a053384a9c0c88e405a06c27dcf49ada62eb2b ++ * "A...Za...z0...9" b0e20b6e3116640286ed3a87a5713079b21f5189 ++ * 8 times "1234567890" 9b752e45573d4b39f4dbd3323cab82bf63326bfb ++ * 1 million times "a" 52783243c1697bdbe16d37f97f68f08325dc1528 ++ */ ++ ++ ++static void ++rmd160_init( RMD160_CONTEXT *hd ) ++{ ++ hd->h0 = 0x67452301; ++ hd->h1 = 0xEFCDAB89; ++ hd->h2 = 0x98BADCFE; ++ hd->h3 = 0x10325476; ++ hd->h4 = 0xC3D2E1F0; ++ hd->nblocks = 0; ++ hd->count = 0; ++} ++ ++ ++ ++/**************** ++ * Transform the message X which consists of 16 32-bit-words ++ */ ++static void ++transform( RMD160_CONTEXT *hd, byte *data ) ++{ ++ u32 a,b,c,d,e,aa,bb,cc,dd,ee,t; ++ #if BYTE_ORDER == BIG_ENDIAN ++ u32 x[16]; ++ { int i; ++ byte *p2, *p1; ++ for(i=0, p1=data, p2=(byte*)x; i < 16; i++, p2 += 4 ) { ++ p2[3] = *p1++; ++ p2[2] = *p1++; ++ p2[1] = *p1++; ++ p2[0] = *p1++; ++ } ++ } ++ #else ++ #if 0 ++ u32 *x =(u32*)data; ++ #else ++ /* this version is better because it is always aligned; ++ * The performance penalty on a 586-100 is about 6% which ++ * is acceptable - because the data is more local it might ++ * also be possible that this is faster on some machines. ++ * This function (when compiled with -02 on gcc 2.7.2) ++ * executes on a 586-100 (39.73 bogomips) at about 1900kb/sec; ++ * [measured with a 4MB data and "gpgm --print-md rmd160"] */ ++ u32 x[16]; ++ memcpy( x, data, 64 ); ++ #endif ++ #endif ++ ++ ++#define K0 0x00000000 ++#define K1 0x5A827999 ++#define K2 0x6ED9EBA1 ++#define K3 0x8F1BBCDC ++#define K4 0xA953FD4E ++#define KK0 0x50A28BE6 ++#define KK1 0x5C4DD124 ++#define KK2 0x6D703EF3 ++#define KK3 0x7A6D76E9 ++#define KK4 0x00000000 ++#define F0(x,y,z) ( (x) ^ (y) ^ (z) ) ++#define F1(x,y,z) ( ((x) & (y)) | (~(x) & (z)) ) ++#define F2(x,y,z) ( ((x) | ~(y)) ^ (z) ) ++#define F3(x,y,z) ( ((x) & (z)) | ((y) & ~(z)) ) ++#define F4(x,y,z) ( (x) ^ ((y) | ~(z)) ) ++#define R(a,b,c,d,e,f,k,r,s) do { t = a + f(b,c,d) + k + x[r]; \ ++ a = rol(t,s) + e; \ ++ c = rol(c,10); \ ++ } while(0) ++ ++ /* left lane */ ++ a = hd->h0; ++ b = hd->h1; ++ c = hd->h2; ++ d = hd->h3; ++ e = hd->h4; ++ R( a, b, c, d, e, F0, K0, 0, 11 ); ++ R( e, a, b, c, d, F0, K0, 1, 14 ); ++ R( d, e, a, b, c, F0, K0, 2, 15 ); ++ R( c, d, e, a, b, F0, K0, 3, 12 ); ++ R( b, c, d, e, a, F0, K0, 4, 5 ); ++ R( a, b, c, d, e, F0, K0, 5, 8 ); ++ R( e, a, b, c, d, F0, K0, 6, 7 ); ++ R( d, e, a, b, c, F0, K0, 7, 9 ); ++ R( c, d, e, a, b, F0, K0, 8, 11 ); ++ R( b, c, d, e, a, F0, K0, 9, 13 ); ++ R( a, b, c, d, e, F0, K0, 10, 14 ); ++ R( e, a, b, c, d, F0, K0, 11, 15 ); ++ R( d, e, a, b, c, F0, K0, 12, 6 ); ++ R( c, d, e, a, b, F0, K0, 13, 7 ); ++ R( b, c, d, e, a, F0, K0, 14, 9 ); ++ R( a, b, c, d, e, F0, K0, 15, 8 ); ++ R( e, a, b, c, d, F1, K1, 7, 7 ); ++ R( d, e, a, b, c, F1, K1, 4, 6 ); ++ R( c, d, e, a, b, F1, K1, 13, 8 ); ++ R( b, c, d, e, a, F1, K1, 1, 13 ); ++ R( a, b, c, d, e, F1, K1, 10, 11 ); ++ R( e, a, b, c, d, F1, K1, 6, 9 ); ++ R( d, e, a, b, c, F1, K1, 15, 7 ); ++ R( c, d, e, a, b, F1, K1, 3, 15 ); ++ R( b, c, d, e, a, F1, K1, 12, 7 ); ++ R( a, b, c, d, e, F1, K1, 0, 12 ); ++ R( e, a, b, c, d, F1, K1, 9, 15 ); ++ R( d, e, a, b, c, F1, K1, 5, 9 ); ++ R( c, d, e, a, b, F1, K1, 2, 11 ); ++ R( b, c, d, e, a, F1, K1, 14, 7 ); ++ R( a, b, c, d, e, F1, K1, 11, 13 ); ++ R( e, a, b, c, d, F1, K1, 8, 12 ); ++ R( d, e, a, b, c, F2, K2, 3, 11 ); ++ R( c, d, e, a, b, F2, K2, 10, 13 ); ++ R( b, c, d, e, a, F2, K2, 14, 6 ); ++ R( a, b, c, d, e, F2, K2, 4, 7 ); ++ R( e, a, b, c, d, F2, K2, 9, 14 ); ++ R( d, e, a, b, c, F2, K2, 15, 9 ); ++ R( c, d, e, a, b, F2, K2, 8, 13 ); ++ R( b, c, d, e, a, F2, K2, 1, 15 ); ++ R( a, b, c, d, e, F2, K2, 2, 14 ); ++ R( e, a, b, c, d, F2, K2, 7, 8 ); ++ R( d, e, a, b, c, F2, K2, 0, 13 ); ++ R( c, d, e, a, b, F2, K2, 6, 6 ); ++ R( b, c, d, e, a, F2, K2, 13, 5 ); ++ R( a, b, c, d, e, F2, K2, 11, 12 ); ++ R( e, a, b, c, d, F2, K2, 5, 7 ); ++ R( d, e, a, b, c, F2, K2, 12, 5 ); ++ R( c, d, e, a, b, F3, K3, 1, 11 ); ++ R( b, c, d, e, a, F3, K3, 9, 12 ); ++ R( a, b, c, d, e, F3, K3, 11, 14 ); ++ R( e, a, b, c, d, F3, K3, 10, 15 ); ++ R( d, e, a, b, c, F3, K3, 0, 14 ); ++ R( c, d, e, a, b, F3, K3, 8, 15 ); ++ R( b, c, d, e, a, F3, K3, 12, 9 ); ++ R( a, b, c, d, e, F3, K3, 4, 8 ); ++ R( e, a, b, c, d, F3, K3, 13, 9 ); ++ R( d, e, a, b, c, F3, K3, 3, 14 ); ++ R( c, d, e, a, b, F3, K3, 7, 5 ); ++ R( b, c, d, e, a, F3, K3, 15, 6 ); ++ R( a, b, c, d, e, F3, K3, 14, 8 ); ++ R( e, a, b, c, d, F3, K3, 5, 6 ); ++ R* d, e, a, b, c, F3, K3, 6, 5 ); ++ R( c, d, e, a, b, F3, K3, 2, 12 ); ++ R( b, c, d, e, a, F4, K4, 4, 9 ); ++ R( a, b, c, d, e, F4, K4, 0, 15 ); ++ R( e, a, b, c, d, F4, K4, 5, 5 ); ++ R( d, e, a, b, c, F4, K4, 9, 11 ); ++ R( c, d, e, a, b, F4, K4, 7, 6 ); ++ R( b, c, d, e, a, F4, K4, 12, 8 ); ++ R( a, b, c, d, e, F4, K4, 2, 13 ); ++ R( e, a, b, c, d, F4, K4, 10, 12 ); ++ R( d, e, a, b, c, F4, K4, 14, 5 ); ++ R( c, d, e, a, b, F4, K4, 1, 12 ); ++ R( b, c, d, e, a, F4, K4, 3, 13 ); ++ R( a, b, c, d, e, F4, K4, 8, 14 ); ++ R( e, a, b, c, d, F4, K4, 11, 11 ); ++ R( d, e, a, b, c, F4, K4, 6, 8 ); ++ R( c, d, e, a, b, F4, K4, 15, 5 ); ++ R( b, c, d, e, a, F4, K4, 13, 6 ); ++ ++ aa = a; bb = b; cc = c; dd = d; ee = e; ++ ++ /* right lane */ ++ a = hd->h0; ++ b = hd->h1; ++ c = hd->h2; ++ d = hd->h3; ++ e = hd->h4; ++ R( a, b, c, d, e, F4, KK0, 5, 8); ++ R( e, a, b, c, d, F4, KK0, 14, 9); ++ R( d, e, a, b, c, F4, KK0, 7, 9); ++ R( c, d, e, a, b, F4, KK0, 0, 11); ++ R( b, c, d, e, a, F4, KK0, 9, 13); ++ R( a, b, c, d, e, F4, KK0, 2, 15); ++ R( e, a, b, c, d, F4, KK0, 11, 15); ++ R( d, e, a, b, c, F4, KK0, 4, 5); ++ R( c, d, e, a, b, F4, KK0, 13, 7); ++ R( b, c, d, e, a, F4, KK0, 6, 7); ++ R( a, b, c, d, e, F4, KK0, 15, 8); ++ R( e, a, b, c, d, F4, KK0, 8, 11); ++ R( d, e, a, b, c, F4, KK0, 1, 14); ++ R( c, d, e, a, b, F4, KK0, 10, 14); ++ R( b, c, d, e, a, F4, KK0, 3, 12); ++ R( a, b, c, d, e, F4, KK0, 12, 6); ++ R( e, a, b, c, d, F3, KK1, 6, 9); ++ R( d, e, a, b, c, F3, KK1, 11, 13); ++ R( c, d, e, a, b, F3, KK1, 3, 15); ++ R( b, c, d, e, a, F3, KK1, 7, 7); ++ R( a, b, c, d, e, F3, KK1, 0, 12); ++ R( e, a, b, c, d, F3, KK1, 13, 8); ++ R( d, e, a, b, c, F3, KK1, 5, 9); ++ R( c, d, e, a, b, F3, KK1, 10, 11); ++ R( b, c, d, e, a, F3, KK1, 14, 7); ++ R( a, b, c, d, e, F3, KK1, 15, 7); ++ R( e, a, b, c, d, F3, KK1, 8, 12); ++ R( d, e, a, b, c, F3, KK1, 12, 7); ++ R( c, d, e, a, b, F3, KK1, 4, 6); ++ R( b, c, d, e, a, F3, KK1, 9, 15); ++ R( a, b, c, d, e, F3, KK1, 1, 13); ++ R( e, a, b, c, d, F3, KK1, 2, 11); ++ R( d, e, a, b, c, F2, KK2, 15, 9); ++ R( c, d, e, a, b, F2, KK2, 5, 7); ++ R( b, c, d, e, a, F2, KK2, 1, 15); ++ R( a, b, c, d, e, F2, KK2, 3, 11); ++ R( e, a, b, c, d, F2, KK2, 7, 8); ++ R( d, e, a, b, c, F2, KK2, 14, 6); ++ R( c, d, e, a, b, F2, KK2, 6, 6); ++ R( b, c, d, e, a, F2, KK2, 9, 14); ++ R( a, b, c, d, e, F2, KK2, 11, 12); ++ R( e, a, b, c, d, F2, KK2, 8, 13); ++ R( d, e, a, b, c, F2, KK2, 12, 5); ++ R( c, d, e, a, b, F2, KK2, 2, 14); ++ R( b, c, d, e, a, F2, KK2, 10, 13); ++ R( a, b, c, d, e, F2, KK2, 0, 13); ++ R( e, a, b, c, d, F2, KK2, 4, 7); ++ R( d, e, a, b, c, F2, KK2, 13, 5); ++ R( c, d, e, a, b, F1, KK3, 8, 15); ++ R( b, c, d, e, a, F1, KK3, 6, 5); ++ R( a, b, c, d, e, F1, KK3, 4, 8); ++ R( e, a, b, c, d, F1, KK3, 1, 11); ++ R( d, e, a, b, c, F1, KK3, 3, 14); ++ R( c, d, e, a, b, F1, KK3, 11, 14); ++ R( b, c, d, e, a, F1, KK3, 15, 6); ++ R( a, b, c, d, e, F1, KK3, 0, 14); ++ R( e, a, b, c, d, F1, KK3, 5, 6); ++ R( d, e, a, b, c, F1, KK3, 12, 9); ++ R( c, d, e, a, b, F1, KK3, 2, 12); ++ R( b, c, d, e, a, F1, KK3, 13, 9); ++ R( a, b, c, d, e, F1, KK3, 9, 12); ++ R( e, a, b, c, d, F1, KK3, 7, 5); ++ R( d, e, a, b, c, F1, KK3, 10, 15); ++ R( c, d, e, a, b, F1, KK3, 14, 8); ++ R( b, c, d, e, a, F0, KK4, 12, 8); ++ R( a, b, c, d, e, F0, KK4, 15, 5); ++ R( e, a, b, c, d, F0, KK4, 10, 12); ++ R( d, e, a, b, c, F0, KK4, 4, 9); ++ R( c, d, e, a, b, F0, KK4, 1, 12); ++ R( b, c, d, e, a, F0, KK4, 5, 5); ++ R( a, b, c, d, e, F0, KK4, 8, 14); ++ R( e, a, b, c, d, F0, KK4, 7, 6); ++ R( d, e, a, b, c, F0, KK4, 6, 8); ++ R( c, d, e, a, b, F0, KK4, 2, 13); ++ R( b, c, d, e, a, F0, KK4, 13, 6); ++ R( a, b, c, d, e, F0, KK4, 14, 5); ++ R( e, a, b, c, d, F0, KK4, 0, 15); ++ R( d, e, a, b, c, F0, KK4, 3, 13); ++ R( c, d, e, a, b, F0, KK4, 9, 11); ++ R( b, c, d, e, a, F0, KK4, 11, 11); ++ ++ ++ t = hd->h1 + d + cc; ++ hd->h1 = hd->h2 + e + dd; ++ hd->h2 = hd->h3 + a + ee; ++ hd->h3 = hd->h4 + b + aa; ++ hd->h4 = hd->h0 + c + bb; ++ hd->h0 = t; ++} ++ ++ ++/* Update the message digest with the contents ++ * of INBUF with length INLEN. ++ */ ++static void ++rmd160_write( RMD160_CONTEXT *hd, byte *inbuf, size_t inlen) ++{ ++ if( hd->count == 64 ) { /* flush the buffer */ ++ transform( hd, hd->buf ); ++ hd->count = 0; ++ hd->nblocks++; ++ } ++ if( !inbuf ) ++ return; ++ if( hd->count ) { ++ for( ; inlen && hd->count < 64; inlen-- ) ++ hd->buf[hd->count++] = *inbuf++; ++ rmd160_write( hd, NULL, 0 ); ++ if( !inlen ) ++ return; ++ } ++ ++ while( inlen >= 64 ) { ++ transform( hd, inbuf ); ++ hd->count = 0; ++ hd->nblocks++; ++ inlen -= 64; ++ inbuf += 64; ++ } ++ for( ; inlen && hd->count < 64; inlen-- ) ++ hd->buf[hd->count++] = *inbuf++; ++} ++ ++/* The routine terminates the computation ++ */ ++ ++static void ++rmd160_final( RMD160_CONTEXT *hd ) ++{ ++ u32 t, msb, lsb; ++ byte *p; ++ ++ rmd160_write(hd, NULL, 0); /* flush */; ++ ++ msb = 0; ++ t = hd->nblocks; ++ if( (lsb = t << 6) < t ) /* multiply by 64 to make a byte count */ ++ msb++; ++ msb += t >> 26; ++ t = lsb; ++ if( (lsb = t + hd->count) < t ) /* add the count */ ++ msb++; ++ t = lsb; ++ if( (lsb = t << 3) < t ) /* multiply by 8 to make a bit count */ ++ msb++; ++ msb += t >> 29; ++ ++ if( hd->count < 56 ) { /* enough room */ ++ hd->buf[hd->count++] = 0x80; /* pad */ ++ while( hd->count < 56 ) ++ hd->buf[hd->count++] = 0; /* pad */ ++ } ++ else { /* need one extra block */ ++ hd->buf[hd->count++] = 0x80; /* pad character */ ++ while( hd->count < 64 ) ++ hd->buf[hd->count++] = 0; ++ rmd160_write(hd, NULL, 0); /* flush */; ++ memset(hd->buf, 0, 56 ); /* fill next block with zeroes */ ++ } ++ /* append the 64 bit count */ ++ hd->buf[56] = lsb ; ++ hd->buf[57] = lsb >> 8; ++ hd->buf[58] = lsb >> 16; ++ hd->buf[59] = lsb >> 24; ++ hd->buf[60] = msb ; ++ hd->buf[61] = msb >> 8; ++ hd->buf[62] = msb >> 16; ++ hd->buf[63] = msb >> 24; ++ transform( hd, hd->buf ); ++ ++ p = hd->buf; ++ #if BYTE_ORDER == BIG_ENDIAN ++ #define X(a) do { *p++ = hd->h##a ; *p++ = hd->h##a >> 8; \ ++ *p++ = hd->h##a >> 16; *p++ = hd->h##a >> 24; } while(0) ++ #else /* little endian */ ++ #define X(a) do { *(u32*)p = hd->h##a ; p += 4; } while(0) ++ #endif ++ X(0); ++ X(1); ++ X(2); ++ X(3); ++ X(4); ++ #undef X ++} ++ ++/**************** ++ * Shortcut functions which puts the hash value of the supplied buffer ++ * into outbuf which must have a size of 20 bytes. ++ */ ++void ++rmd160_hash_buffer( char *outbuf, const char *buffer, size_t length ) ++{ ++ RMD160_CONTEXT hd; ++ ++ rmd160_init( &hd ); ++ rmd160_write( &hd, (byte*)buffer, length ); ++ rmd160_final( &hd ); ++ memcpy( outbuf, hd.buf, 20 ); ++} +diff -urN util-linux-2.10o/mount/rmd160.h util-linux-2.10o.int2/mount/rmd160.h +--- util-linux-2.10o/mount/rmd160.h Thu Jan 1 01:00:00 1970 ++++ util-linux-2.10o.int2/mount/rmd160.h Mon Sep 25 11:46:18 2000 +@@ -0,0 +1,9 @@ ++#ifndef RMD160_H ++#define RMD160_H ++ ++void ++rmd160_hash_buffer( char *outbuf, const char *buffer, size_t length ); ++ ++#endif /*RMD160_H*/ ++ ++ diff -urN lin.2.2.17/Documentation/crypto/utils/freeswan-import.sh int.2.2.17.x/Documentation/crypto/utils/freeswan-import.sh --- lin.2.2.17/Documentation/crypto/utils/freeswan-import.sh Thu Jan 1 01:00:00 1970 +++ int.2.2.17.x/Documentation/crypto/utils/freeswan-import.sh Sat Oct 14 00:48:17 2000 @@ -0,0 +1,63 @@ +#!/bin/bash +# +# Import updates from the somewhat excentric freeswan distribution. +# +# Freeswan patches the kernel with a "smart" patch script. This +# script cleans up after freeswan's "smart" patching. +# +# import-freeswan.sh +# +# int-kernel-dir is the full path to a directory patched with the international # kernel patch, but without the freeswan patches. freeswan-dir is where the +# freeswan distribution is located. + +INT=$1 +FREESWAN=$2 +# strip trailing slashes +INT=${INT%/} +FREESWAN=${FREESWAN%/} + +if [ ! -e $INT -o ! -e $FREESWAN ]; then + echo "Either $INT or $FREESWAN are missing!" +fi + +mkdir -p $INT.freeswan +(cd $INT.freeswan; lndir ../`basename $INT` .) + +(cd $FREESWAN; make patches KERNELSRC=$INT.freeswan) +find $INT.freeswan \( \( -name '*.ipsecmd5' \) -o \( -name '*.preipsec' \) \ + -o \( -name '*.wipsec' \) -o \( -name '*.mangled' \) \) -print | + while read a; do + echo "Removing $a ..." + rm $a; + done + + +#(cd $FREESWAN; make klink KERNELSRC=$INT.freeswan) +cp -R $FREESWAN/klips/net/ipsec $INT.freeswan/net/ipsec + + +# The kernel part of freeswan is referring to ../../../lib/freeswan.h +# which is something we have to fix. +# Also the Makefile is referring to ../../../lib/libkernel.a and +# ../../../libdes.a +# We have to move the lib directory from the freeswan distribution +# into the kernel distribution and fix the references. +cp -R $FREESWAN/lib $INT.freeswan/net/ipsec/ +find $INT.freeswan/net/ipsec -follow -iname '*.[ch]' -o -name Makefile | + while read a; do + perl -pi -e 's/\.\.\/\.\.\/\.\.\/lib/lib/' $a + done + +# Now the makefile in net/ipsec is extremely flawed. It depends on +# ../../../lib/libdes.a (now lib/libdes.a), but it has no rule to make +# that library. So we patch the Makefile somewhat. +perl -pi -e 'if (m/DESLIB=lib/) { print "$_\n\$(DESLIB):\n\t( cd lib; \$(MAKE) libdes.a )\n\n" }' $INT.freeswan/net/ipsec/Makefile + +# Fix another bug in the freeswan-1.1/lib/Makefile file. Inadequate +# quoting of the $(CC) variable. +perl -pi -e 's/\$\(CC\)/\"\$\(CC\)\"/' $INT.freeswan/net/ipsec/lib/Makefile + + +# references to ../../../lib to point to lib + +diff -urN $INT $INT.freeswan > $INT/../`basename $INT`.freeswan.patch diff -urN lin.2.2.17/MAINTAINERS int.2.2.17.x/MAINTAINERS --- lin.2.2.17/MAINTAINERS Thu Sep 14 18:18:20 2000 +++ int.2.2.17.x/MAINTAINERS Sat Oct 14 00:48:17 2000 @@ -452,6 +452,13 @@ L: linux-kernel@vger.kernel.org S: Maintained +INTERNATIONAL KERNEL PATCH (CRYPTO) +P: Alexander Kjeldaas +M: astor@fast.no +W: http://www.kerneli.org/ +L: linux-kernel@vger.rutgers.edu +S: Maintained + IP FIREWALL P: Paul Russell M: Paul.Russell@rustcorp.com.au diff -urN lin.2.2.17/Makefile int.2.2.17.x/Makefile --- lin.2.2.17/Makefile Thu Sep 14 18:18:20 2000 +++ int.2.2.17.x/Makefile Sat Oct 14 00:48:17 2000 @@ -110,11 +110,12 @@ CORE_FILES =kernel/kernel.o mm/mm.o fs/fs.o ipc/ipc.o FILESYSTEMS =fs/filesystems.a NETWORKS =net/network.a -DRIVERS =drivers/block/block.a \ +DRIVERS =crypto/crypto.a \ + drivers/block/block.a \ drivers/char/char.a \ drivers/misc/misc.a LIBS =$(TOPDIR)/lib/lib.a -SUBDIRS =kernel drivers mm fs net ipc lib +SUBDIRS =kernel drivers mm fs net ipc lib crypto ifdef CONFIG_NUBUS DRIVERS := $(DRIVERS) drivers/nubus/nubus.a diff -urN lin.2.2.17/arch/alpha/config.in int.2.2.17.x/arch/alpha/config.in --- lin.2.2.17/arch/alpha/config.in Thu Sep 14 18:18:20 2000 +++ int.2.2.17.x/arch/alpha/config.in Sat Oct 14 00:48:17 2000 @@ -226,6 +226,8 @@ source net/Config.in fi +source crypto/Config.in + mainmenu_option next_comment comment 'SCSI support' diff -urN lin.2.2.17/arch/arm/config.in int.2.2.17.x/arch/arm/config.in --- lin.2.2.17/arch/arm/config.in Wed Jun 7 23:26:42 2000 +++ int.2.2.17.x/arch/arm/config.in Sat Oct 14 00:48:17 2000 @@ -168,6 +168,8 @@ source net/Config.in fi +source crypto/Config.in + if [ "$CONFIG_NET" = "y" ]; then mainmenu_option next_comment comment 'Network device support' diff -urN lin.2.2.17/arch/i386/config.in int.2.2.17.x/arch/i386/config.in --- lin.2.2.17/arch/i386/config.in Thu Sep 14 18:18:20 2000 +++ int.2.2.17.x/arch/i386/config.in Sat Oct 14 00:48:17 2000 @@ -118,6 +118,8 @@ endmenu +source crypto/Config.in + source drivers/pnp/Config.in source drivers/block/Config.in diff -urN lin.2.2.17/arch/i386/defconfig int.2.2.17.x/arch/i386/defconfig --- lin.2.2.17/arch/i386/defconfig Thu May 4 02:16:30 2000 +++ int.2.2.17.x/arch/i386/defconfig Sat Oct 14 00:48:17 2000 @@ -92,6 +92,8 @@ # Additional Block Devices # # CONFIG_BLK_DEV_LOOP is not set +# CONFIG_BLK_DEV_LOOP_CAST is not set +# CONFIG_BLK_DEV_LOOP_IDEA is not set # CONFIG_BLK_DEV_NBD is not set # CONFIG_BLK_DEV_MD is not set # CONFIG_BLK_DEV_RAM is not set diff -urN lin.2.2.17/arch/m68k/config.in int.2.2.17.x/arch/m68k/config.in --- lin.2.2.17/arch/m68k/config.in Wed Jun 7 23:26:42 2000 +++ int.2.2.17.x/arch/m68k/config.in Sat Oct 14 00:48:17 2000 @@ -129,6 +129,8 @@ source net/Config.in fi +source crypto/Config.in + mainmenu_option next_comment comment 'SCSI support' diff -urN lin.2.2.17/arch/mips/config.in int.2.2.17.x/arch/mips/config.in --- lin.2.2.17/arch/mips/config.in Wed Jun 7 23:26:42 2000 +++ int.2.2.17.x/arch/mips/config.in Sat Oct 14 00:48:17 2000 @@ -130,6 +130,8 @@ source net/Config.in fi +source crypto/Config.in + mainmenu_option next_comment comment 'SCSI support' diff -urN lin.2.2.17/arch/ppc/config.in int.2.2.17.x/arch/ppc/config.in --- lin.2.2.17/arch/ppc/config.in Thu Sep 14 18:18:20 2000 +++ int.2.2.17.x/arch/ppc/config.in Sat Oct 14 00:48:17 2000 @@ -134,6 +134,8 @@ source net/Config.in fi +source crypto/Config.in + mainmenu_option next_comment comment 'SCSI support' tristate 'SCSI support' CONFIG_SCSI diff -urN lin.2.2.17/arch/sparc/config.in int.2.2.17.x/arch/sparc/config.in --- lin.2.2.17/arch/sparc/config.in Wed Jun 7 23:26:42 2000 +++ int.2.2.17.x/arch/sparc/config.in Sat Oct 14 00:48:17 2000 @@ -127,6 +127,8 @@ endmenu fi +source crypto/Config.in + mainmenu_option next_comment comment 'ISDN subsystem' diff -urN lin.2.2.17/arch/sparc64/config.in int.2.2.17.x/arch/sparc64/config.in --- lin.2.2.17/arch/sparc64/config.in Thu Sep 14 18:18:20 2000 +++ int.2.2.17.x/arch/sparc64/config.in Sat Oct 14 00:48:17 2000 @@ -156,6 +156,8 @@ endmenu fi +source crypto/Config.in + mainmenu_option next_comment comment 'SCSI support' diff -urN lin.2.2.17/crypto/2fish_tables.h int.2.2.17.x/crypto/2fish_tables.h --- lin.2.2.17/crypto/2fish_tables.h Thu Jan 1 01:00:00 1970 +++ int.2.2.17.x/crypto/2fish_tables.h Sat Oct 14 00:48:17 2000 @@ -0,0 +1,427 @@ +/* The large precomputed tables for the Twofish cipher (twofish.c) + * Taken from the same source as twofish.c + * Marc Mutz + */ + +/* These two tables are the q0 and q1 permutations, exactly as described in + * the Twofish paper. */ + +#ifndef _2FISH_TABLES_H +#define _2FISH_TABLES_H + +#include + +static const u8 q0[256] = { + 0xA9, 0x67, 0xB3, 0xE8, 0x04, 0xFD, 0xA3, 0x76, 0x9A, 0x92, 0x80, 0x78, + 0xE4, 0xDD, 0xD1, 0x38, 0x0D, 0xC6, 0x35, 0x98, 0x18, 0xF7, 0xEC, 0x6C, + 0x43, 0x75, 0x37, 0x26, 0xFA, 0x13, 0x94, 0x48, 0xF2, 0xD0, 0x8B, 0x30, + 0x84, 0x54, 0xDF, 0x23, 0x19, 0x5B, 0x3D, 0x59, 0xF3, 0xAE, 0xA2, 0x82, + 0x63, 0x01, 0x83, 0x2E, 0xD9, 0x51, 0x9B, 0x7C, 0xA6, 0xEB, 0xA5, 0xBE, + 0x16, 0x0C, 0xE3, 0x61, 0xC0, 0x8C, 0x3A, 0xF5, 0x73, 0x2C, 0x25, 0x0B, + 0xBB, 0x4E, 0x89, 0x6B, 0x53, 0x6A, 0xB4, 0xF1, 0xE1, 0xE6, 0xBD, 0x45, + 0xE2, 0xF4, 0xB6, 0x66, 0xCC, 0x95, 0x03, 0x56, 0xD4, 0x1C, 0x1E, 0xD7, + 0xFB, 0xC3, 0x8E, 0xB5, 0xE9, 0xCF, 0xBF, 0xBA, 0xEA, 0x77, 0x39, 0xAF, + 0x33, 0xC9, 0x62, 0x71, 0x81, 0x79, 0x09, 0xAD, 0x24, 0xCD, 0xF9, 0xD8, + 0xE5, 0xC5, 0xB9, 0x4D, 0x44, 0x08, 0x86, 0xE7, 0xA1, 0x1D, 0xAA, 0xED, + 0x06, 0x70, 0xB2, 0xD2, 0x41, 0x7B, 0xA0, 0x11, 0x31, 0xC2, 0x27, 0x90, + 0x20, 0xF6, 0x60, 0xFF, 0x96, 0x5C, 0xB1, 0xAB, 0x9E, 0x9C, 0x52, 0x1B, + 0x5F, 0x93, 0x0A, 0xEF, 0x91, 0x85, 0x49, 0xEE, 0x2D, 0x4F, 0x8F, 0x3B, + 0x47, 0x87, 0x6D, 0x46, 0xD6, 0x3E, 0x69, 0x64, 0x2A, 0xCE, 0xCB, 0x2F, + 0xFC, 0x97, 0x05, 0x7A, 0xAC, 0x7F, 0xD5, 0x1A, 0x4B, 0x0E, 0xA7, 0x5A, + 0x28, 0x14, 0x3F, 0x29, 0x88, 0x3C, 0x4C, 0x02, 0xB8, 0xDA, 0xB0, 0x17, + 0x55, 0x1F, 0x8A, 0x7D, 0x57, 0xC7, 0x8D, 0x74, 0xB7, 0xC4, 0x9F, 0x72, + 0x7E, 0x15, 0x22, 0x12, 0x58, 0x07, 0x99, 0x34, 0x6E, 0x50, 0xDE, 0x68, + 0x65, 0xBC, 0xDB, 0xF8, 0xC8, 0xA8, 0x2B, 0x40, 0xDC, 0xFE, 0x32, 0xA4, + 0xCA, 0x10, 0x21, 0xF0, 0xD3, 0x5D, 0x0F, 0x00, 0x6F, 0x9D, 0x36, 0x42, + 0x4A, 0x5E, 0xC1, 0xE0 +}; + +static const u8 q1[256] = { + 0x75, 0xF3, 0xC6, 0xF4, 0xDB, 0x7B, 0xFB, 0xC8, 0x4A, 0xD3, 0xE6, 0x6B, + 0x45, 0x7D, 0xE8, 0x4B, 0xD6, 0x32, 0xD8, 0xFD, 0x37, 0x71, 0xF1, 0xE1, + 0x30, 0x0F, 0xF8, 0x1B, 0x87, 0xFA, 0x06, 0x3F, 0x5E, 0xBA, 0xAE, 0x5B, + 0x8A, 0x00, 0xBC, 0x9D, 0x6D, 0xC1, 0xB1, 0x0E, 0x80, 0x5D, 0xD2, 0xD5, + 0xA0, 0x84, 0x07, 0x14, 0xB5, 0x90, 0x2C, 0xA3, 0xB2, 0x73, 0x4C, 0x54, + 0x92, 0x74, 0x36, 0x51, 0x38, 0xB0, 0xBD, 0x5A, 0xFC, 0x60, 0x62, 0x96, + 0x6C, 0x42, 0xF7, 0x10, 0x7C, 0x28, 0x27, 0x8C, 0x13, 0x95, 0x9C, 0xC7, + 0x24, 0x46, 0x3B, 0x70, 0xCA, 0xE3, 0x85, 0xCB, 0x11, 0xD0, 0x93, 0xB8, + 0xA6, 0x83, 0x20, 0xFF, 0x9F, 0x77, 0xC3, 0xCC, 0x03, 0x6F, 0x08, 0xBF, + 0x40, 0xE7, 0x2B, 0xE2, 0x79, 0x0C, 0xAA, 0x82, 0x41, 0x3A, 0xEA, 0xB9, + 0xE4, 0x9A, 0xA4, 0x97, 0x7E, 0xDA, 0x7A, 0x17, 0x66, 0x94, 0xA1, 0x1D, + 0x3D, 0xF0, 0xDE, 0xB3, 0x0B, 0x72, 0xA7, 0x1C, 0xEF, 0xD1, 0x53, 0x3E, + 0x8F, 0x33, 0x26, 0x5F, 0xEC, 0x76, 0x2A, 0x49, 0x81, 0x88, 0xEE, 0x21, + 0xC4, 0x1A, 0xEB, 0xD9, 0xC5, 0x39, 0x99, 0xCD, 0xAD, 0x31, 0x8B, 0x01, + 0x18, 0x23, 0xDD, 0x1F, 0x4E, 0x2D, 0xF9, 0x48, 0x4F, 0xF2, 0x65, 0x8E, + 0x78, 0x5C, 0x58, 0x19, 0x8D, 0xE5, 0x98, 0x57, 0x67, 0x7F, 0x05, 0x64, + 0xAF, 0x63, 0xB6, 0xFE, 0xF5, 0xB7, 0x3C, 0xA5, 0xCE, 0xE9, 0x68, 0x44, + 0xE0, 0x4D, 0x43, 0x69, 0x29, 0x2E, 0xAC, 0x15, 0x59, 0xA8, 0x0A, 0x9E, + 0x6E, 0x47, 0xDF, 0x34, 0x35, 0x6A, 0xCF, 0xDC, 0x22, 0xC9, 0xC0, 0x9B, + 0x89, 0xD4, 0xED, 0xAB, 0x12, 0xA2, 0x0D, 0x52, 0xBB, 0x02, 0x2F, 0xA9, + 0xD7, 0x61, 0x1E, 0xB4, 0x50, 0x04, 0xF6, 0xC2, 0x16, 0x25, 0x86, 0x56, + 0x55, 0x09, 0xBE, 0x91 +}; + +/* These MDS tables are actually tables of MDS composed with q0 and q1, + * because it is only ever used that way and we can save some time by + * precomputing. Of course the main saving comes from precomputing the + * GF(2^8) multiplication involved in the MDS matrix multiply; by looking + * things up in these tables we reduce the matrix multiply to four lookups + * and three XORs. Semi-formally, the definition of these tables is: + * mds[0][i] = MDS (q1[i] 0 0 0)^T mds[1][i] = MDS (0 q0[i] 0 0)^T + * mds[2][i] = MDS (0 0 q1[i] 0)^T mds[3][i] = MDS (0 0 0 q0[i])^T + * where ^T means "transpose", the matrix multiply is performed in GF(2^8) + * represented as GF(2)[x]/v(x) where v(x)=x^8+x^6+x^5+x^3+1 as described + * by Schneier et al, and I'm casually glossing over the byte/word + * conversion issues. */ + +static const u32 mds[4][256] = { + {0xBCBC3275, 0xECEC21F3, 0x202043C6, 0xB3B3C9F4, 0xDADA03DB, 0x02028B7B, + 0xE2E22BFB, 0x9E9EFAC8, 0xC9C9EC4A, 0xD4D409D3, 0x18186BE6, 0x1E1E9F6B, + 0x98980E45, 0xB2B2387D, 0xA6A6D2E8, 0x2626B74B, 0x3C3C57D6, 0x93938A32, + 0x8282EED8, 0x525298FD, 0x7B7BD437, 0xBBBB3771, 0x5B5B97F1, 0x474783E1, + 0x24243C30, 0x5151E20F, 0xBABAC6F8, 0x4A4AF31B, 0xBFBF4887, 0x0D0D70FA, + 0xB0B0B306, 0x7575DE3F, 0xD2D2FD5E, 0x7D7D20BA, 0x666631AE, 0x3A3AA35B, + 0x59591C8A, 0x00000000, 0xCDCD93BC, 0x1A1AE09D, 0xAEAE2C6D, 0x7F7FABC1, + 0x2B2BC7B1, 0xBEBEB90E, 0xE0E0A080, 0x8A8A105D, 0x3B3B52D2, 0x6464BAD5, + 0xD8D888A0, 0xE7E7A584, 0x5F5FE807, 0x1B1B1114, 0x2C2CC2B5, 0xFCFCB490, + 0x3131272C, 0x808065A3, 0x73732AB2, 0x0C0C8173, 0x79795F4C, 0x6B6B4154, + 0x4B4B0292, 0x53536974, 0x94948F36, 0x83831F51, 0x2A2A3638, 0xC4C49CB0, + 0x2222C8BD, 0xD5D5F85A, 0xBDBDC3FC, 0x48487860, 0xFFFFCE62, 0x4C4C0796, + 0x4141776C, 0xC7C7E642, 0xEBEB24F7, 0x1C1C1410, 0x5D5D637C, 0x36362228, + 0x6767C027, 0xE9E9AF8C, 0x4444F913, 0x1414EA95, 0xF5F5BB9C, 0xCFCF18C7, + 0x3F3F2D24, 0xC0C0E346, 0x7272DB3B, 0x54546C70, 0x29294CCA, 0xF0F035E3, + 0x0808FE85, 0xC6C617CB, 0xF3F34F11, 0x8C8CE4D0, 0xA4A45993, 0xCACA96B8, + 0x68683BA6, 0xB8B84D83, 0x38382820, 0xE5E52EFF, 0xADAD569F, 0x0B0B8477, + 0xC8C81DC3, 0x9999FFCC, 0x5858ED03, 0x19199A6F, 0x0E0E0A08, 0x95957EBF, + 0x70705040, 0xF7F730E7, 0x6E6ECF2B, 0x1F1F6EE2, 0xB5B53D79, 0x09090F0C, + 0x616134AA, 0x57571682, 0x9F9F0B41, 0x9D9D803A, 0x111164EA, 0x2525CDB9, + 0xAFAFDDE4, 0x4545089A, 0xDFDF8DA4, 0xA3A35C97, 0xEAEAD57E, 0x353558DA, + 0xEDEDD07A, 0x4343FC17, 0xF8F8CB66, 0xFBFBB194, 0x3737D3A1, 0xFAFA401D, + 0xC2C2683D, 0xB4B4CCF0, 0x32325DDE, 0x9C9C71B3, 0x5656E70B, 0xE3E3DA72, + 0x878760A7, 0x15151B1C, 0xF9F93AEF, 0x6363BFD1, 0x3434A953, 0x9A9A853E, + 0xB1B1428F, 0x7C7CD133, 0x88889B26, 0x3D3DA65F, 0xA1A1D7EC, 0xE4E4DF76, + 0x8181942A, 0x91910149, 0x0F0FFB81, 0xEEEEAA88, 0x161661EE, 0xD7D77321, + 0x9797F5C4, 0xA5A5A81A, 0xFEFE3FEB, 0x6D6DB5D9, 0x7878AEC5, 0xC5C56D39, + 0x1D1DE599, 0x7676A4CD, 0x3E3EDCAD, 0xCBCB6731, 0xB6B6478B, 0xEFEF5B01, + 0x12121E18, 0x6060C523, 0x6A6AB0DD, 0x4D4DF61F, 0xCECEE94E, 0xDEDE7C2D, + 0x55559DF9, 0x7E7E5A48, 0x2121B24F, 0x03037AF2, 0xA0A02665, 0x5E5E198E, + 0x5A5A6678, 0x65654B5C, 0x62624E58, 0xFDFD4519, 0x0606F48D, 0x404086E5, + 0xF2F2BE98, 0x3333AC57, 0x17179067, 0x05058E7F, 0xE8E85E05, 0x4F4F7D64, + 0x89896AAF, 0x10109563, 0x74742FB6, 0x0A0A75FE, 0x5C5C92F5, 0x9B9B74B7, + 0x2D2D333C, 0x3030D6A5, 0x2E2E49CE, 0x494989E9, 0x46467268, 0x77775544, + 0xA8A8D8E0, 0x9696044D, 0x2828BD43, 0xA9A92969, 0xD9D97929, 0x8686912E, + 0xD1D187AC, 0xF4F44A15, 0x8D8D1559, 0xD6D682A8, 0xB9B9BC0A, 0x42420D9E, + 0xF6F6C16E, 0x2F2FB847, 0xDDDD06DF, 0x23233934, 0xCCCC6235, 0xF1F1C46A, + 0xC1C112CF, 0x8585EBDC, 0x8F8F9E22, 0x7171A1C9, 0x9090F0C0, 0xAAAA539B, + 0x0101F189, 0x8B8BE1D4, 0x4E4E8CED, 0x8E8E6FAB, 0xABABA212, 0x6F6F3EA2, + 0xE6E6540D, 0xDBDBF252, 0x92927BBB, 0xB7B7B602, 0x6969CA2F, 0x3939D9A9, + 0xD3D30CD7, 0xA7A72361, 0xA2A2AD1E, 0xC3C399B4, 0x6C6C4450, 0x07070504, + 0x04047FF6, 0x272746C2, 0xACACA716, 0xD0D07625, 0x50501386, 0xDCDCF756, + 0x84841A55, 0xE1E15109, 0x7A7A25BE, 0x1313EF91}, + + {0xA9D93939, 0x67901717, 0xB3719C9C, 0xE8D2A6A6, 0x04050707, 0xFD985252, + 0xA3658080, 0x76DFE4E4, 0x9A084545, 0x92024B4B, 0x80A0E0E0, 0x78665A5A, + 0xE4DDAFAF, 0xDDB06A6A, 0xD1BF6363, 0x38362A2A, 0x0D54E6E6, 0xC6432020, + 0x3562CCCC, 0x98BEF2F2, 0x181E1212, 0xF724EBEB, 0xECD7A1A1, 0x6C774141, + 0x43BD2828, 0x7532BCBC, 0x37D47B7B, 0x269B8888, 0xFA700D0D, 0x13F94444, + 0x94B1FBFB, 0x485A7E7E, 0xF27A0303, 0xD0E48C8C, 0x8B47B6B6, 0x303C2424, + 0x84A5E7E7, 0x54416B6B, 0xDF06DDDD, 0x23C56060, 0x1945FDFD, 0x5BA33A3A, + 0x3D68C2C2, 0x59158D8D, 0xF321ECEC, 0xAE316666, 0xA23E6F6F, 0x82165757, + 0x63951010, 0x015BEFEF, 0x834DB8B8, 0x2E918686, 0xD9B56D6D, 0x511F8383, + 0x9B53AAAA, 0x7C635D5D, 0xA63B6868, 0xEB3FFEFE, 0xA5D63030, 0xBE257A7A, + 0x16A7ACAC, 0x0C0F0909, 0xE335F0F0, 0x6123A7A7, 0xC0F09090, 0x8CAFE9E9, + 0x3A809D9D, 0xF5925C5C, 0x73810C0C, 0x2C273131, 0x2576D0D0, 0x0BE75656, + 0xBB7B9292, 0x4EE9CECE, 0x89F10101, 0x6B9F1E1E, 0x53A93434, 0x6AC4F1F1, + 0xB499C3C3, 0xF1975B5B, 0xE1834747, 0xE66B1818, 0xBDC82222, 0x450E9898, + 0xE26E1F1F, 0xF4C9B3B3, 0xB62F7474, 0x66CBF8F8, 0xCCFF9999, 0x95EA1414, + 0x03ED5858, 0x56F7DCDC, 0xD4E18B8B, 0x1C1B1515, 0x1EADA2A2, 0xD70CD3D3, + 0xFB2BE2E2, 0xC31DC8C8, 0x8E195E5E, 0xB5C22C2C, 0xE9894949, 0xCF12C1C1, + 0xBF7E9595, 0xBA207D7D, 0xEA641111, 0x77840B0B, 0x396DC5C5, 0xAF6A8989, + 0x33D17C7C, 0xC9A17171, 0x62CEFFFF, 0x7137BBBB, 0x81FB0F0F, 0x793DB5B5, + 0x0951E1E1, 0xADDC3E3E, 0x242D3F3F, 0xCDA47676, 0xF99D5555, 0xD8EE8282, + 0xE5864040, 0xC5AE7878, 0xB9CD2525, 0x4D049696, 0x44557777, 0x080A0E0E, + 0x86135050, 0xE730F7F7, 0xA1D33737, 0x1D40FAFA, 0xAA346161, 0xED8C4E4E, + 0x06B3B0B0, 0x706C5454, 0xB22A7373, 0xD2523B3B, 0x410B9F9F, 0x7B8B0202, + 0xA088D8D8, 0x114FF3F3, 0x3167CBCB, 0xC2462727, 0x27C06767, 0x90B4FCFC, + 0x20283838, 0xF67F0404, 0x60784848, 0xFF2EE5E5, 0x96074C4C, 0x5C4B6565, + 0xB1C72B2B, 0xAB6F8E8E, 0x9E0D4242, 0x9CBBF5F5, 0x52F2DBDB, 0x1BF34A4A, + 0x5FA63D3D, 0x9359A4A4, 0x0ABCB9B9, 0xEF3AF9F9, 0x91EF1313, 0x85FE0808, + 0x49019191, 0xEE611616, 0x2D7CDEDE, 0x4FB22121, 0x8F42B1B1, 0x3BDB7272, + 0x47B82F2F, 0x8748BFBF, 0x6D2CAEAE, 0x46E3C0C0, 0xD6573C3C, 0x3E859A9A, + 0x6929A9A9, 0x647D4F4F, 0x2A948181, 0xCE492E2E, 0xCB17C6C6, 0x2FCA6969, + 0xFCC3BDBD, 0x975CA3A3, 0x055EE8E8, 0x7AD0EDED, 0xAC87D1D1, 0x7F8E0505, + 0xD5BA6464, 0x1AA8A5A5, 0x4BB72626, 0x0EB9BEBE, 0xA7608787, 0x5AF8D5D5, + 0x28223636, 0x14111B1B, 0x3FDE7575, 0x2979D9D9, 0x88AAEEEE, 0x3C332D2D, + 0x4C5F7979, 0x02B6B7B7, 0xB896CACA, 0xDA583535, 0xB09CC4C4, 0x17FC4343, + 0x551A8484, 0x1FF64D4D, 0x8A1C5959, 0x7D38B2B2, 0x57AC3333, 0xC718CFCF, + 0x8DF40606, 0x74695353, 0xB7749B9B, 0xC4F59797, 0x9F56ADAD, 0x72DAE3E3, + 0x7ED5EAEA, 0x154AF4F4, 0x229E8F8F, 0x12A2ABAB, 0x584E6262, 0x07E85F5F, + 0x99E51D1D, 0x34392323, 0x6EC1F6F6, 0x50446C6C, 0xDE5D3232, 0x68724646, + 0x6526A0A0, 0xBC93CDCD, 0xDB03DADA, 0xF8C6BABA, 0xC8FA9E9E, 0xA882D6D6, + 0x2BCF6E6E, 0x40507070, 0xDCEB8585, 0xFE750A0A, 0x328A9393, 0xA48DDFDF, + 0xCA4C2929, 0x10141C1C, 0x2173D7D7, 0xF0CCB4B4, 0xD309D4D4, 0x5D108A8A, + 0x0FE25151, 0x00000000, 0x6F9A1919, 0x9DE01A1A, 0x368F9494, 0x42E6C7C7, + 0x4AECC9C9, 0x5EFDD2D2, 0xC1AB7F7F, 0xE0D8A8A8}, + + {0xBC75BC32, 0xECF3EC21, 0x20C62043, 0xB3F4B3C9, 0xDADBDA03, 0x027B028B, + 0xE2FBE22B, 0x9EC89EFA, 0xC94AC9EC, 0xD4D3D409, 0x18E6186B, 0x1E6B1E9F, + 0x9845980E, 0xB27DB238, 0xA6E8A6D2, 0x264B26B7, 0x3CD63C57, 0x9332938A, + 0x82D882EE, 0x52FD5298, 0x7B377BD4, 0xBB71BB37, 0x5BF15B97, 0x47E14783, + 0x2430243C, 0x510F51E2, 0xBAF8BAC6, 0x4A1B4AF3, 0xBF87BF48, 0x0DFA0D70, + 0xB006B0B3, 0x753F75DE, 0xD25ED2FD, 0x7DBA7D20, 0x66AE6631, 0x3A5B3AA3, + 0x598A591C, 0x00000000, 0xCDBCCD93, 0x1A9D1AE0, 0xAE6DAE2C, 0x7FC17FAB, + 0x2BB12BC7, 0xBE0EBEB9, 0xE080E0A0, 0x8A5D8A10, 0x3BD23B52, 0x64D564BA, + 0xD8A0D888, 0xE784E7A5, 0x5F075FE8, 0x1B141B11, 0x2CB52CC2, 0xFC90FCB4, + 0x312C3127, 0x80A38065, 0x73B2732A, 0x0C730C81, 0x794C795F, 0x6B546B41, + 0x4B924B02, 0x53745369, 0x9436948F, 0x8351831F, 0x2A382A36, 0xC4B0C49C, + 0x22BD22C8, 0xD55AD5F8, 0xBDFCBDC3, 0x48604878, 0xFF62FFCE, 0x4C964C07, + 0x416C4177, 0xC742C7E6, 0xEBF7EB24, 0x1C101C14, 0x5D7C5D63, 0x36283622, + 0x672767C0, 0xE98CE9AF, 0x441344F9, 0x149514EA, 0xF59CF5BB, 0xCFC7CF18, + 0x3F243F2D, 0xC046C0E3, 0x723B72DB, 0x5470546C, 0x29CA294C, 0xF0E3F035, + 0x088508FE, 0xC6CBC617, 0xF311F34F, 0x8CD08CE4, 0xA493A459, 0xCAB8CA96, + 0x68A6683B, 0xB883B84D, 0x38203828, 0xE5FFE52E, 0xAD9FAD56, 0x0B770B84, + 0xC8C3C81D, 0x99CC99FF, 0x580358ED, 0x196F199A, 0x0E080E0A, 0x95BF957E, + 0x70407050, 0xF7E7F730, 0x6E2B6ECF, 0x1FE21F6E, 0xB579B53D, 0x090C090F, + 0x61AA6134, 0x57825716, 0x9F419F0B, 0x9D3A9D80, 0x11EA1164, 0x25B925CD, + 0xAFE4AFDD, 0x459A4508, 0xDFA4DF8D, 0xA397A35C, 0xEA7EEAD5, 0x35DA3558, + 0xED7AEDD0, 0x431743FC, 0xF866F8CB, 0xFB94FBB1, 0x37A137D3, 0xFA1DFA40, + 0xC23DC268, 0xB4F0B4CC, 0x32DE325D, 0x9CB39C71, 0x560B56E7, 0xE372E3DA, + 0x87A78760, 0x151C151B, 0xF9EFF93A, 0x63D163BF, 0x345334A9, 0x9A3E9A85, + 0xB18FB142, 0x7C337CD1, 0x8826889B, 0x3D5F3DA6, 0xA1ECA1D7, 0xE476E4DF, + 0x812A8194, 0x91499101, 0x0F810FFB, 0xEE88EEAA, 0x16EE1661, 0xD721D773, + 0x97C497F5, 0xA51AA5A8, 0xFEEBFE3F, 0x6DD96DB5, 0x78C578AE, 0xC539C56D, + 0x1D991DE5, 0x76CD76A4, 0x3EAD3EDC, 0xCB31CB67, 0xB68BB647, 0xEF01EF5B, + 0x1218121E, 0x602360C5, 0x6ADD6AB0, 0x4D1F4DF6, 0xCE4ECEE9, 0xDE2DDE7C, + 0x55F9559D, 0x7E487E5A, 0x214F21B2, 0x03F2037A, 0xA065A026, 0x5E8E5E19, + 0x5A785A66, 0x655C654B, 0x6258624E, 0xFD19FD45, 0x068D06F4, 0x40E54086, + 0xF298F2BE, 0x335733AC, 0x17671790, 0x057F058E, 0xE805E85E, 0x4F644F7D, + 0x89AF896A, 0x10631095, 0x74B6742F, 0x0AFE0A75, 0x5CF55C92, 0x9BB79B74, + 0x2D3C2D33, 0x30A530D6, 0x2ECE2E49, 0x49E94989, 0x46684672, 0x77447755, + 0xA8E0A8D8, 0x964D9604, 0x284328BD, 0xA969A929, 0xD929D979, 0x862E8691, + 0xD1ACD187, 0xF415F44A, 0x8D598D15, 0xD6A8D682, 0xB90AB9BC, 0x429E420D, + 0xF66EF6C1, 0x2F472FB8, 0xDDDFDD06, 0x23342339, 0xCC35CC62, 0xF16AF1C4, + 0xC1CFC112, 0x85DC85EB, 0x8F228F9E, 0x71C971A1, 0x90C090F0, 0xAA9BAA53, + 0x018901F1, 0x8BD48BE1, 0x4EED4E8C, 0x8EAB8E6F, 0xAB12ABA2, 0x6FA26F3E, + 0xE60DE654, 0xDB52DBF2, 0x92BB927B, 0xB702B7B6, 0x692F69CA, 0x39A939D9, + 0xD3D7D30C, 0xA761A723, 0xA21EA2AD, 0xC3B4C399, 0x6C506C44, 0x07040705, + 0x04F6047F, 0x27C22746, 0xAC16ACA7, 0xD025D076, 0x50865013, 0xDC56DCF7, + 0x8455841A, 0xE109E151, 0x7ABE7A25, 0x139113EF}, + + {0xD939A9D9, 0x90176790, 0x719CB371, 0xD2A6E8D2, 0x05070405, 0x9852FD98, + 0x6580A365, 0xDFE476DF, 0x08459A08, 0x024B9202, 0xA0E080A0, 0x665A7866, + 0xDDAFE4DD, 0xB06ADDB0, 0xBF63D1BF, 0x362A3836, 0x54E60D54, 0x4320C643, + 0x62CC3562, 0xBEF298BE, 0x1E12181E, 0x24EBF724, 0xD7A1ECD7, 0x77416C77, + 0xBD2843BD, 0x32BC7532, 0xD47B37D4, 0x9B88269B, 0x700DFA70, 0xF94413F9, + 0xB1FB94B1, 0x5A7E485A, 0x7A03F27A, 0xE48CD0E4, 0x47B68B47, 0x3C24303C, + 0xA5E784A5, 0x416B5441, 0x06DDDF06, 0xC56023C5, 0x45FD1945, 0xA33A5BA3, + 0x68C23D68, 0x158D5915, 0x21ECF321, 0x3166AE31, 0x3E6FA23E, 0x16578216, + 0x95106395, 0x5BEF015B, 0x4DB8834D, 0x91862E91, 0xB56DD9B5, 0x1F83511F, + 0x53AA9B53, 0x635D7C63, 0x3B68A63B, 0x3FFEEB3F, 0xD630A5D6, 0x257ABE25, + 0xA7AC16A7, 0x0F090C0F, 0x35F0E335, 0x23A76123, 0xF090C0F0, 0xAFE98CAF, + 0x809D3A80, 0x925CF592, 0x810C7381, 0x27312C27, 0x76D02576, 0xE7560BE7, + 0x7B92BB7B, 0xE9CE4EE9, 0xF10189F1, 0x9F1E6B9F, 0xA93453A9, 0xC4F16AC4, + 0x99C3B499, 0x975BF197, 0x8347E183, 0x6B18E66B, 0xC822BDC8, 0x0E98450E, + 0x6E1FE26E, 0xC9B3F4C9, 0x2F74B62F, 0xCBF866CB, 0xFF99CCFF, 0xEA1495EA, + 0xED5803ED, 0xF7DC56F7, 0xE18BD4E1, 0x1B151C1B, 0xADA21EAD, 0x0CD3D70C, + 0x2BE2FB2B, 0x1DC8C31D, 0x195E8E19, 0xC22CB5C2, 0x8949E989, 0x12C1CF12, + 0x7E95BF7E, 0x207DBA20, 0x6411EA64, 0x840B7784, 0x6DC5396D, 0x6A89AF6A, + 0xD17C33D1, 0xA171C9A1, 0xCEFF62CE, 0x37BB7137, 0xFB0F81FB, 0x3DB5793D, + 0x51E10951, 0xDC3EADDC, 0x2D3F242D, 0xA476CDA4, 0x9D55F99D, 0xEE82D8EE, + 0x8640E586, 0xAE78C5AE, 0xCD25B9CD, 0x04964D04, 0x55774455, 0x0A0E080A, + 0x13508613, 0x30F7E730, 0xD337A1D3, 0x40FA1D40, 0x3461AA34, 0x8C4EED8C, + 0xB3B006B3, 0x6C54706C, 0x2A73B22A, 0x523BD252, 0x0B9F410B, 0x8B027B8B, + 0x88D8A088, 0x4FF3114F, 0x67CB3167, 0x4627C246, 0xC06727C0, 0xB4FC90B4, + 0x28382028, 0x7F04F67F, 0x78486078, 0x2EE5FF2E, 0x074C9607, 0x4B655C4B, + 0xC72BB1C7, 0x6F8EAB6F, 0x0D429E0D, 0xBBF59CBB, 0xF2DB52F2, 0xF34A1BF3, + 0xA63D5FA6, 0x59A49359, 0xBCB90ABC, 0x3AF9EF3A, 0xEF1391EF, 0xFE0885FE, + 0x01914901, 0x6116EE61, 0x7CDE2D7C, 0xB2214FB2, 0x42B18F42, 0xDB723BDB, + 0xB82F47B8, 0x48BF8748, 0x2CAE6D2C, 0xE3C046E3, 0x573CD657, 0x859A3E85, + 0x29A96929, 0x7D4F647D, 0x94812A94, 0x492ECE49, 0x17C6CB17, 0xCA692FCA, + 0xC3BDFCC3, 0x5CA3975C, 0x5EE8055E, 0xD0ED7AD0, 0x87D1AC87, 0x8E057F8E, + 0xBA64D5BA, 0xA8A51AA8, 0xB7264BB7, 0xB9BE0EB9, 0x6087A760, 0xF8D55AF8, + 0x22362822, 0x111B1411, 0xDE753FDE, 0x79D92979, 0xAAEE88AA, 0x332D3C33, + 0x5F794C5F, 0xB6B702B6, 0x96CAB896, 0x5835DA58, 0x9CC4B09C, 0xFC4317FC, + 0x1A84551A, 0xF64D1FF6, 0x1C598A1C, 0x38B27D38, 0xAC3357AC, 0x18CFC718, + 0xF4068DF4, 0x69537469, 0x749BB774, 0xF597C4F5, 0x56AD9F56, 0xDAE372DA, + 0xD5EA7ED5, 0x4AF4154A, 0x9E8F229E, 0xA2AB12A2, 0x4E62584E, 0xE85F07E8, + 0xE51D99E5, 0x39233439, 0xC1F66EC1, 0x446C5044, 0x5D32DE5D, 0x72466872, + 0x26A06526, 0x93CDBC93, 0x03DADB03, 0xC6BAF8C6, 0xFA9EC8FA, 0x82D6A882, + 0xCF6E2BCF, 0x50704050, 0xEB85DCEB, 0x750AFE75, 0x8A93328A, 0x8DDFA48D, + 0x4C29CA4C, 0x141C1014, 0x73D72173, 0xCCB4F0CC, 0x09D4D309, 0x108A5D10, + 0xE2510FE2, 0x00000000, 0x9A196F9A, 0xE01A9DE0, 0x8F94368F, 0xE6C742E6, + 0xECC94AEC, 0xFDD25EFD, 0xAB7FC1AB, 0xD8A8E0D8} +}; + +/* The exp_to_poly and poly_to_exp tables are used to perform efficient + * operations in GF(2^8) represented as GF(2)[x]/w(x) where + * w(x)=x^8+x^6+x^3+x^2+1. We care about doing that because it's part of the + * definition of the RS matrix in the key schedule. Elements of that field + * are polynomials of degree not greater than 7 and all coefficients 0 or 1, + * which can be represented naturally by bytes (just substitute x=2). In that + * form, GF(2^8) addition is the same as bitwise XOR, but GF(2^8) + * multiplication is inefficient without hardware support. To multiply + * faster, I make use of the fact x is a generator for the nonzero elements, + * so that every element p of GF(2)[x]/w(x) is either 0 or equal to (x)^n for + * some n in 0..254. Note that that caret is exponentiation in GF(2^8), + * *not* polynomial notation. So if I want to compute pq where p and q are + * in GF(2^8), I can just say: + * 1. if p=0 or q=0 then pq=0 + * 2. otherwise, find m and n such that p=x^m and q=x^n + * 3. pq=(x^m)(x^n)=x^(m+n), so add m and n and find pq + * The translations in steps 2 and 3 are looked up in the tables + * poly_to_exp (for step 2) and exp_to_poly (for step 3). To see this + * in action, look at the CALC_S macro. As additional wrinkles, note that + * one of my operands is always a constant, so the poly_to_exp lookup on it + * is done in advance; I included the original values in the comments so + * readers can have some chance of recognizing that this *is* the RS matrix + * from the Twofish paper. I've only included the table entries I actually + * need; I never do a lookup on a variable input of zero and the biggest + * exponents I'll ever see are 254 (variable) and 237 (constant), so they'll + * never sum to more than 491. I'