[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: AES
On 23 November 2000, John Kennedy <jk@csuchico.edu> wrote:
> On Mon, Nov 06, 2000 at 10:34:54AM +0100, Marc Mutz wrote:
> > Emil wrote:
> > > util-linux-2.10o.int.patch still doesn't include the AES encryption
> > > Anyone plans to do it ?
> >
> > You can easily add it to the list of known ciphers in
> > util-linux/mount/lomount.c
> > Then re-compile both mount and losetup.
I have compiled the international patch for the latest util-linux-2.10r
It has the AES included and small modifications like zeroing the password
and the hash once they are passed to the encryption loop structure.
Also note that the sizes of keys for some encryption types have been
modified to use the maximum available keysize.
(WARNING: This will prevent you from decrypting your partitions/files
if the keysize has changed so better decrypt everything before applying
this patch!!!)
Another change is in the definitions for AES and RIJNDAEL which should be
the same since it's the same encryption method with 2 different names.
In this case AES = RIJNDAEL = 16. Choosing different numbers will break things.
I have intensively tested the AES encryption with loop devices and all worked
fine. Other encryption types have been only briefly tested.
Attached is the patch that should be applied AFTER the patch-int-2.2.18.3
--
Regards,
Emil
--
When all the cars are running towards you, means you're on the opposite lane.
diff -urN linux-2.2.18/Documentation/crypto/faq.txt linux-2.2.18-cr/Documentation/crypto/faq.txt
--- linux-2.2.18/Documentation/crypto/faq.txt Tue Jan 2 02:49:29 2001
+++ linux-2.2.18-cr/Documentation/crypto/faq.txt Tue Jan 2 02:42:51 2001
@@ -50,11 +50,13 @@
alias loop-xfer-gen-0 loop_gen
alias loop-xfer-gen-10 loop_gen
alias cipher-2 des
+alias cipher-3 twofish
alias cipher-4 blowfish
alias cipher-6 idea
alias cipher-7 serp6f
alias cipher-8 mars6
alias cipher-11 rc62
+alias cipher-12 des_ede3
alias cipher-15 dfc2
alias cipher-16 rijndael
alias cipher-17 rc5
diff -urN linux-2.2.18/Documentation/crypto/util-linux-2.10r.int.patch linux-2.2.18-cr/Documentation/crypto/util-linux-2.10r.int.patch
--- linux-2.2.18/Documentation/crypto/util-linux-2.10r.int.patch Wed Dec 31 19:00:00 1969
+++ linux-2.2.18-cr/Documentation/crypto/util-linux-2.10r.int.patch Tue Jan 2 02:40:13 2001
@@ -0,0 +1,797 @@
+diff -urN util-linux-2.10r/mount/Makefile util-linux-2.10r-cr/mount/Makefile
+--- util-linux-2.10r/mount/Makefile Fri Aug 11 17:25:26 2000
++++ util-linux-2.10r-cr/mount/Makefile Sun Dec 31 02:47:21 2000
+@@ -28,7 +28,7 @@
+ GEN_FILES = nfsmount.h nfsmount_xdr.c nfsmount_clnt.c
+
+ # comment these out if you are not compiling in loop support
+-LO_OBJS=lomount.o
++LO_OBJS=lomount.o rmd160.o
+
+ all: $(PROGS)
+
+@@ -59,7 +59,7 @@
+ losetup.o: lomount.c
+ $(COMPILE) -DMAIN lomount.c -o $@
+
+-losetup: losetup.o
++losetup: losetup.o rmd160.o
+ $(LINK) $^ -o $@
+
+ mount.o umount.o nfsmount.o losetup.o fstab.o realpath.o sundries.o: sundries.h
+diff -urN util-linux-2.10r/mount/lomount.c util-linux-2.10r-cr/mount/lomount.c
+--- util-linux-2.10r/mount/lomount.c Sat Aug 5 11:52:28 2000
++++ util-linux-2.10r-cr/mount/lomount.c Tue Jan 2 02:14:06 2001
+@@ -27,6 +27,7 @@
+
+ #include "loop.h"
+ #include "lomount.h"
++#include "rmd160.h"
+ #include "nls.h"
+
+ extern int verbose;
+@@ -34,15 +35,30 @@
+ extern void error (const char *fmt, ...); /* idem */
+
+ #ifdef LOOP_SET_FD
++/* maximum key length has been used */
+ struct crypt_type_struct {
+ int id;
+ char *name;
++ int keylength;
+ } crypt_type_tbl[] = {
+- { LO_CRYPT_NONE, "no" },
+- { LO_CRYPT_NONE, "none" },
+- { LO_CRYPT_XOR, "xor" },
+- { LO_CRYPT_DES, "DES" },
+- { -1, NULL }
++ { LO_CRYPT_NONE, "no", 0 },
++ { LO_CRYPT_NONE, "none", 0 },
++ { LO_CRYPT_XOR, "xor", 0 },
++/* { LO_CRYPT_DES, "DES", 8 }, */
++ { LO_CRYPT_FISH2, "twofish", 32 },
++ { LO_CRYPT_BLOW, "blowfish", 32 },
++ { LO_CRYPT_CAST128, "cast128", 16 },
++ { LO_CRYPT_IDEA, "idea", 16 },
++ { LO_CRYPT_SERPENT, "serpent", 16 },
++ { LO_CRYPT_MARS, "mars", 16 },
++ { LO_CRYPT_RC6, "rc6", 16 },
++ { LO_CRYPT_DES_EDE3, "DES_EDE3", 24 },
++/* { LO_CRYPT_CAST256, "cast256", 32 }, */
++ { LO_CRYPT_DFC, "dfc", 32 },
++ { LO_CRYPT_RIJNDAEL, "rijndael", 32 },
++ { LO_CRYPT_RIJNDAEL, "AES", 32 },
++ { LO_CRYPT_RC5, "rc5", 32 },
++ { -1, NULL,0 }
+ };
+
+ static int
+@@ -167,12 +183,18 @@
+ return 0;
+ }
+
++#define HASHLENGTH 20
++#define PASSWDBUFFLEN 130 /* getpass returns only max. 128 bytes, see man getpass */
++
+ int
+ set_loop (const char *device, const char *file, int offset,
+ const char *encryption, int *loopro) {
+ struct loop_info loopinfo;
+ int fd, ffd, mode, i;
++ int keylength;
+ char *pass;
++ char keybits[2*HASHLENGTH];
++ char passwdbuff[PASSWDBUFFLEN];
+
+ mode = (*loopro ? O_RDONLY : O_RDWR);
+ if ((ffd = open (file, mode)) < 0) {
+@@ -224,6 +246,7 @@
+ loopinfo.lo_encrypt_key_size = strlen(loopinfo.lo_encrypt_key);
+ break;
+ case LO_CRYPT_DES:
++ printf(_("WARNING: Use of DES is depreciated.\n"));
+ pass = getpass (_("Password: "));
+ strncpy (loopinfo.lo_encrypt_key, pass, 8);
+ loopinfo.lo_encrypt_key[8] = 0;
+@@ -240,6 +263,39 @@
+ return 1;
+ }
+ break;
++ case LO_CRYPT_FISH2:
++ case LO_CRYPT_BLOW:
++ case LO_CRYPT_CAST128:
++ case LO_CRYPT_IDEA:
++ case LO_CRYPT_SERPENT:
++ case LO_CRYPT_MARS:
++ case LO_CRYPT_RC6:
++ case LO_CRYPT_DES_EDE3:
++ case LO_CRYPT_CAST256:
++ case LO_CRYPT_DFC:
++ case LO_CRYPT_RIJNDAEL:
++ case LO_CRYPT_RC5:
++ pass = getpass("Password: ");
++ strncpy(passwdbuff+1,pass,PASSWDBUFFLEN-1);
++ passwdbuff[0] = 'A';
++ /* use the rmd160 function twice to generate a 40 bytes hash */
++ rmd160_hash_buffer(keybits,pass,strlen(pass));
++ rmd160_hash_buffer(keybits+HASHLENGTH,passwdbuff,strlen(pass)+1);
++ /* zero unencrypted passwords in memory */
++ memset( pass, 0, strlen(pass) );
++ memset( passwdbuff, 0, PASSWDBUFFLEN );
++ keylength=0;
++ for(i=0; crypt_type_tbl[i].id != -1; i++){
++ if(loopinfo.lo_encrypt_type == crypt_type_tbl[i].id){
++ keylength = crypt_type_tbl[i].keylength;
++ break;
++ }
++ }
++ loopinfo.lo_encrypt_key_size=keylength;
++ memcpy((char*)loopinfo.lo_encrypt_key,keybits,keylength);
++ /* zero hash (source) in memory */
++ memset( keybits, 0, keylength );
++ break;
+ default:
+ fprintf (stderr,
+ _("Don't know how to get key for encryption system %d\n"),
+@@ -324,11 +380,18 @@
+
+ static void
+ usage(void) {
++ struct crypt_type_struct *c;
+ fprintf(stderr, _("usage:\n\
+ %s loop_device # give info\n\
+ %s -d loop_device # delete\n\
+ %s [ -e encryption ] [ -o offset ] loop_device file # setup\n"),
+ progname, progname, progname);
++ fprintf(stderr, " where encryption is one of:\n");
++ c = &crypt_type_tbl[0];
++ while(c->name) {
++ fprintf(stderr, " %s\n", c->name);
++ c++;
++ }
+ exit(1);
+ }
+
+diff -urN util-linux-2.10r/mount/losetup.8 util-linux-2.10r-cr/mount/losetup.8
+--- util-linux-2.10r/mount/losetup.8 Fri Aug 11 07:11:30 2000
++++ util-linux-2.10r-cr/mount/losetup.8 Tue Jan 2 02:39:38 2001
+@@ -36,11 +36,51 @@
+ .PD 0
+ .IP \fBXOR\fP
+ use a simple XOR encryption.
+-.IP \fBDES\fP
+-use DES encryption. DES encryption is only available if the optional
+-DES package has been added to the kernel. DES encryption uses an additional
+-start value that is used to protect passwords against dictionary
+-attacks.
++.IP \fBBlowfish\fP
++use Blowfish encryption. Blowfish encryption is only available if you
++are using the international kernel and Blowfish encryption has been
++enabled in the Crypto API.
++.IP \fBTwofish\fP
++use Twofish encryption. Twofish encryption is only available if you are
++using the international kernel and Twofish encryption has been enabled
++in the Crypto API. Module loop_fish2 should be used rather than loop_gen.
++.IP \fBCAST128\fP
++use CAST128 encryption. CAST128 encryption is only available if you are
++using the international kernel and CAST128 encryption has been enabled
++in the Crypto API. Module loop_cast should be used rather than loop_gen.
++.IP \fBDES_EDE3\fP
++use DES_EDE3 (triple DES) encryption. DES_EDE3 encryption is only
++available if you are using the international kernel and triple DES
++encryption has been enabled in the Crypto API.
++.IP \fBAES (Rijndael)\fP
++use AES (Rijndael) encryption. The Rijndael encryption is the
++Advanced Encryption Standard winner and is only available if you
++are using the international kernel and AES (Rijndael) has been
++enabled in the Crypto API.
++.IP \fBDFC\fP
++use DFC encryption. DFC encryption is only available if you
++are using the international kernel and DFC encryption has been
++enabled in the Crypto API.
++.IP \fBIDEA\fP
++use IDEA encryption. IDEA encryption is only available if you
++are using the international kernel and IDEA encryption has been
++enabled in the Crypto API.
++.IP \fBMARS\fP
++use MARS encryption. MARS encryption is only available if you
++are using the international kernel and MARS encryption has been
++enabled in the Crypto API.
++.IP \fBRC5\fP
++use RC5 encryption. RC5 encryption is only available if you
++are using the international kernel and RC5 encryption has been
++enabled in the Crypto API.
++.IP \fBRC6\fP
++use RC6 encryption. RC6 encryption is only available if you
++are using the international kernel and RC6 encryption has been
++enabled in the Crypto API.
++.IP \fBSerpent\fP
++use Serpent encryption. Serpent encryption is only available if you
++are using the international kernel and Serpent encryption has been
++enabled in the Crypto API.
+ .PD
+ .RE
+ .IP "\fB\-o \fIoffset\fP"
+@@ -58,6 +98,7 @@
+ .SH FILES
+ .nf
+ /dev/loop0,/dev/loop1,... loop devices (major=7)
++/proc/crypto/cipher/* available ciphers
+ .fi
+ .SH EXAMPLE
+ If you are using the loadable module you must have the module loaded
+@@ -69,9 +110,8 @@
+ .nf
+ .IP
+ dd if=/dev/zero of=/file bs=1k count=100
+-losetup -e des /dev/loop0 /file
++losetup -e blowfish /dev/loop0 /file
+ Password:
+-Init (up to 16 hex digits):
+ mkfs -t ext2 /dev/loop0 100
+ mount -t ext2 /dev/loop0 /mnt
+ ...
+@@ -85,8 +125,12 @@
+ # rmmod loop
+ .LP
+ .fi
+-.SH RESTRICTION
+-DES encryption is painfully slow. On the other hand, XOR is terribly weak.
++.SH RESTRICTIONS
++DES encryption is painfully slow. On the other hand, XOR is terribly
++weak. Both are insecure nowadays. Some ciphers require a licence for
++you to be allowed to use them.
++.SH BUGS
++CAST, DES, RC5 and Twofish are currently broken and cannot be used.
+ .SH AUTHORS
+ .nf
+ Original version: Theodore Ts'o <tytso@athena.mit.edu>
+diff -urN util-linux-2.10r/mount/rmd160.c util-linux-2.10r-cr/mount/rmd160.c
+--- util-linux-2.10r/mount/rmd160.c Wed Dec 31 19:00:00 1969
++++ util-linux-2.10r-cr/mount/rmd160.c Sun Dec 31 02:47:21 2000
+@@ -0,0 +1,532 @@
++/* rmd160.c - RIPE-MD160
++ * Copyright (C) 1998 Free Software Foundation, Inc.
++ */
++
++/* This file was part of GnuPG. Modified for use within the Linux
++ * mount utility by Marc Mutz <Marc@Mutz.com>. None of this code is
++ * by myself. I just removed everything that you don't need when all
++ * you want to do is to use rmd160_hash_buffer().
++ * My comments are marked with (mm). */
++
++/* GnuPG is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation; either version 2 of the License, or
++ * (at your option) any later version.
++ *
++ * GnuPG is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */
++
++#include <string.h> /* (mm) for memcpy */
++#include <endian.h> /* (mm) for BIG_ENDIAN and BYTE_ORDER */
++#include "rmd160.h"
++
++/* (mm) these are used by the original GnuPG file. In order to modify
++ * that file not too much, we keep the notations. maybe it would be
++ * better to include linux/types.h and typedef __u32 to u32 and __u8
++ * to byte? */
++typedef unsigned int u32; /* taken from e.g. util-linux's minix.h */
++typedef unsigned char byte;
++
++typedef struct {
++ u32 h0,h1,h2,h3,h4;
++ u32 nblocks;
++ byte buf[64];
++ int count;
++} RMD160_CONTEXT;
++
++/****************
++ * Rotate a 32 bit integer by n bytes
++ */
++#if defined(__GNUC__) && defined(__i386__)
++static inline u32
++rol( u32 x, int n)
++{
++ __asm__("roll %%cl,%0"
++ :"=r" (x)
++ :"0" (x),"c" (n));
++ return x;
++}
++#else
++ #define rol(x,n) ( ((x) << (n)) | ((x) >> (32-(n))) )
++#endif
++
++/*********************************
++ * RIPEMD-160 is not patented, see (as of 25.10.97)
++ * http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html
++ * Note that the code uses Little Endian byteorder, which is good for
++ * 386 etc, but we must add some conversion when used on a big endian box.
++ *
++ *
++ * Pseudo-code for RIPEMD-160
++ *
++ * RIPEMD-160 is an iterative hash function that operates on 32-bit words.
++ * The round function takes as input a 5-word chaining variable and a 16-word
++ * message block and maps this to a new chaining variable. All operations are
++ * defined on 32-bit words. Padding is identical to that of MD4.
++ *
++ *
++ * RIPEMD-160: definitions
++ *
++ *
++ * nonlinear functions at bit level: exor, mux, -, mux, -
++ *
++ * f(j, x, y, z) = x XOR y XOR z (0 <= j <= 15)
++ * f(j, x, y, z) = (x AND y) OR (NOT(x) AND z) (16 <= j <= 31)
++ * f(j, x, y, z) = (x OR NOT(y)) XOR z (32 <= j <= 47)
++ * f(j, x, y, z) = (x AND z) OR (y AND NOT(z)) (48 <= j <= 63)
++ * f(j, x, y, z) = x XOR (y OR NOT(z)) (64 <= j <= 79)
++ *
++ *
++ * added constants (hexadecimal)
++ *
++ * K(j) = 0x00000000 (0 <= j <= 15)
++ * K(j) = 0x5A827999 (16 <= j <= 31) int(2**30 x sqrt(2))
++ * K(j) = 0x6ED9EBA1 (32 <= j <= 47) int(2**30 x sqrt(3))
++ * K(j) = 0x8F1BBCDC (48 <= j <= 63) int(2**30 x sqrt(5))
++ * K(j) = 0xA953FD4E (64 <= j <= 79) int(2**30 x sqrt(7))
++ * K'(j) = 0x50A28BE6 (0 <= j <= 15) int(2**30 x cbrt(2))
++ * K'(j) = 0x5C4DD124 (16 <= j <= 31) int(2**30 x cbrt(3))
++ * K'(j) = 0x6D703EF3 (32 <= j <= 47) int(2**30 x cbrt(5))
++ * K'(j) = 0x7A6D76E9 (48 <= j <= 63) int(2**30 x cbrt(7))
++ * K'(j) = 0x00000000 (64 <= j <= 79)
++ *
++ *
++ * selection of message word
++ *
++ * r(j) = j (0 <= j <= 15)
++ * r(16..31) = 7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8
++ * r(32..47) = 3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12
++ * r(48..63) = 1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2
++ * r(64..79) = 4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13
++ * r0(0..15) = 5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12
++ * r0(16..31)= 6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2
++ * r0(32..47)= 15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13
++ * r0(48..63)= 8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14
++ * r0(64..79)= 12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11
++ *
++ *
++ * amount for rotate left (rol)
++ *
++ * s(0..15) = 11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8
++ * s(16..31) = 7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12
++ * s(32..47) = 11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5
++ * s(48..63) = 11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12
++ * s(64..79) = 9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6
++ * s'(0..15) = 8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6
++ * s'(16..31)= 9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11
++ * s'(32..47)= 9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5
++ * s'(48..63)= 15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8
++ * s'(64..79)= 8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11
++ *
++ *
++ * initial value (hexadecimal)
++ *
++ * h0 = 0x67452301; h1 = 0xEFCDAB89; h2 = 0x98BADCFE; h3 = 0x10325476;
++ * h4 = 0xC3D2E1F0;
++ *
++ *
++ * RIPEMD-160: pseudo-code
++ *
++ * It is assumed that the message after padding consists of t 16-word blocks
++ * that will be denoted with X[i][j], with 0 <= i <= t-1 and 0 <= j <= 15.
++ * The symbol [+] denotes addition modulo 2**32 and rol_s denotes cyclic left
++ * shift (rotate) over s positions.
++ *
++ *
++ * for i := 0 to t-1 {
++ * A := h0; B := h1; C := h2; D = h3; E = h4;
++ * A' := h0; B' := h1; C' := h2; D' = h3; E' = h4;
++ * for j := 0 to 79 {
++ * T := rol_s(j)(A [+] f(j, B, C, D) [+] X[i][r(j)] [+] K(j)) [+] E;
++ * A := E; E := D; D := rol_10(C); C := B; B := T;
++ * T := rol_s'(j)(A' [+] f(79-j, B', C', D') [+] X[i][r'(j)]
++ [+] K'(j)) [+] E';
++ * A' := E'; E' := D'; D' := rol_10(C'); C' := B'; B' := T;
++ * }
++ * T := h1 [+] C [+] D'; h1 := h2 [+] D [+] E'; h2 := h3 [+] E [+] A';
++ * h3 := h4 [+] A [+] B'; h4 := h0 [+] B [+] C'; h0 := T;
++ * }
++ */
++
++/* Some examples:
++ * "" 9c1185a5c5e9fc54612808977ee8f548b2258d31
++ * "a" 0bdc9d2d256b3ee9daae347be6f4dc835a467ffe
++ * "abc" 8eb208f7e05d987a9b044a8e98c6b087f15a0bfc
++ * "message digest" 5d0689ef49d2fae572b881b123a85ffa21595f36
++ * "a...z" f71c27109c692c1b56bbdceb5b9d2865b3708dbc
++ * "abcdbcde...nopq" 12a053384a9c0c88e405a06c27dcf49ada62eb2b
++ * "A...Za...z0...9" b0e20b6e3116640286ed3a87a5713079b21f5189
++ * 8 times "1234567890" 9b752e45573d4b39f4dbd3323cab82bf63326bfb
++ * 1 million times "a" 52783243c1697bdbe16d37f97f68f08325dc1528
++ */
++
++
++static void
++rmd160_init( RMD160_CONTEXT *hd )
++{
++ hd->h0 = 0x67452301;
++ hd->h1 = 0xEFCDAB89;
++ hd->h2 = 0x98BADCFE;
++ hd->h3 = 0x10325476;
++ hd->h4 = 0xC3D2E1F0;
++ hd->nblocks = 0;
++ hd->count = 0;
++}
++
++
++
++/****************
++ * Transform the message X which consists of 16 32-bit-words
++ */
++static void
++transform( RMD160_CONTEXT *hd, byte *data )
++{
++ u32 a,b,c,d,e,aa,bb,cc,dd,ee,t;
++ #if BYTE_ORDER == BIG_ENDIAN
++ u32 x[16];
++ { int i;
++ byte *p2, *p1;
++ for(i=0, p1=data, p2=(byte*)x; i < 16; i++, p2 += 4 ) {
++ p2[3] = *p1++;
++ p2[2] = *p1++;
++ p2[1] = *p1++;
++ p2[0] = *p1++;
++ }
++ }
++ #else
++ #if 0
++ u32 *x =(u32*)data;
++ #else
++ /* this version is better because it is always aligned;
++ * The performance penalty on a 586-100 is about 6% which
++ * is acceptable - because the data is more local it might
++ * also be possible that this is faster on some machines.
++ * This function (when compiled with -02 on gcc 2.7.2)
++ * executes on a 586-100 (39.73 bogomips) at about 1900kb/sec;
++ * [measured with a 4MB data and "gpgm --print-md rmd160"] */
++ u32 x[16];
++ memcpy( x, data, 64 );
++ #endif
++ #endif
++
++
++#define K0 0x00000000
++#define K1 0x5A827999
++#define K2 0x6ED9EBA1
++#define K3 0x8F1BBCDC
++#define K4 0xA953FD4E
++#define KK0 0x50A28BE6
++#define KK1 0x5C4DD124
++#define KK2 0x6D703EF3
++#define KK3 0x7A6D76E9
++#define KK4 0x00000000
++#define F0(x,y,z) ( (x) ^ (y) ^ (z) )
++#define F1(x,y,z) ( ((x) & (y)) | (~(x) & (z)) )
++#define F2(x,y,z) ( ((x) | ~(y)) ^ (z) )
++#define F3(x,y,z) ( ((x) & (z)) | ((y) & ~(z)) )
++#define F4(x,y,z) ( (x) ^ ((y) | ~(z)) )
++#define R(a,b,c,d,e,f,k,r,s) do { t = a + f(b,c,d) + k + x[r]; \
++ a = rol(t,s) + e; \
++ c = rol(c,10); \
++ } while(0)
++
++ /* left lane */
++ a = hd->h0;
++ b = hd->h1;
++ c = hd->h2;
++ d = hd->h3;
++ e = hd->h4;
++ R( a, b, c, d, e, F0, K0, 0, 11 );
++ R( e, a, b, c, d, F0, K0, 1, 14 );
++ R( d, e, a, b, c, F0, K0, 2, 15 );
++ R( c, d, e, a, b, F0, K0, 3, 12 );
++ R( b, c, d, e, a, F0, K0, 4, 5 );
++ R( a, b, c, d, e, F0, K0, 5, 8 );
++ R( e, a, b, c, d, F0, K0, 6, 7 );
++ R( d, e, a, b, c, F0, K0, 7, 9 );
++ R( c, d, e, a, b, F0, K0, 8, 11 );
++ R( b, c, d, e, a, F0, K0, 9, 13 );
++ R( a, b, c, d, e, F0, K0, 10, 14 );
++ R( e, a, b, c, d, F0, K0, 11, 15 );
++ R( d, e, a, b, c, F0, K0, 12, 6 );
++ R( c, d, e, a, b, F0, K0, 13, 7 );
++ R( b, c, d, e, a, F0, K0, 14, 9 );
++ R( a, b, c, d, e, F0, K0, 15, 8 );
++ R( e, a, b, c, d, F1, K1, 7, 7 );
++ R( d, e, a, b, c, F1, K1, 4, 6 );
++ R( c, d, e, a, b, F1, K1, 13, 8 );
++ R( b, c, d, e, a, F1, K1, 1, 13 );
++ R( a, b, c, d, e, F1, K1, 10, 11 );
++ R( e, a, b, c, d, F1, K1, 6, 9 );
++ R( d, e, a, b, c, F1, K1, 15, 7 );
++ R( c, d, e, a, b, F1, K1, 3, 15 );
++ R( b, c, d, e, a, F1, K1, 12, 7 );
++ R( a, b, c, d, e, F1, K1, 0, 12 );
++ R( e, a, b, c, d, F1, K1, 9, 15 );
++ R( d, e, a, b, c, F1, K1, 5, 9 );
++ R( c, d, e, a, b, F1, K1, 2, 11 );
++ R( b, c, d, e, a, F1, K1, 14, 7 );
++ R( a, b, c, d, e, F1, K1, 11, 13 );
++ R( e, a, b, c, d, F1, K1, 8, 12 );
++ R( d, e, a, b, c, F2, K2, 3, 11 );
++ R( c, d, e, a, b, F2, K2, 10, 13 );
++ R( b, c, d, e, a, F2, K2, 14, 6 );
++ R( a, b, c, d, e, F2, K2, 4, 7 );
++ R( e, a, b, c, d, F2, K2, 9, 14 );
++ R( d, e, a, b, c, F2, K2, 15, 9 );
++ R( c, d, e, a, b, F2, K2, 8, 13 );
++ R( b, c, d, e, a, F2, K2, 1, 15 );
++ R( a, b, c, d, e, F2, K2, 2, 14 );
++ R( e, a, b, c, d, F2, K2, 7, 8 );
++ R( d, e, a, b, c, F2, K2, 0, 13 );
++ R( c, d, e, a, b, F2, K2, 6, 6 );
++ R( b, c, d, e, a, F2, K2, 13, 5 );
++ R( a, b, c, d, e, F2, K2, 11, 12 );
++ R( e, a, b, c, d, F2, K2, 5, 7 );
++ R( d, e, a, b, c, F2, K2, 12, 5 );
++ R( c, d, e, a, b, F3, K3, 1, 11 );
++ R( b, c, d, e, a, F3, K3, 9, 12 );
++ R( a, b, c, d, e, F3, K3, 11, 14 );
++ R( e, a, b, c, d, F3, K3, 10, 15 );
++ R( d, e, a, b, c, F3, K3, 0, 14 );
++ R( c, d, e, a, b, F3, K3, 8, 15 );
++ R( b, c, d, e, a, F3, K3, 12, 9 );
++ R( a, b, c, d, e, F3, K3, 4, 8 );
++ R( e, a, b, c, d, F3, K3, 13, 9 );
++ R( d, e, a, b, c, F3, K3, 3, 14 );
++ R( c, d, e, a, b, F3, K3, 7, 5 );
++ R( b, c, d, e, a, F3, K3, 15, 6 );
++ R( a, b, c, d, e, F3, K3, 14, 8 );
++ R( e, a, b, c, d, F3, K3, 5, 6 );
++ R( d, e, a, b, c, F3, K3, 6, 5 );
++ R( c, d, e, a, b, F3, K3, 2, 12 );
++ R( b, c, d, e, a, F4, K4, 4, 9 );
++ R( a, b, c, d, e, F4, K4, 0, 15 );
++ R( e, a, b, c, d, F4, K4, 5, 5 );
++ R( d, e, a, b, c, F4, K4, 9, 11 );
++ R( c, d, e, a, b, F4, K4, 7, 6 );
++ R( b, c, d, e, a, F4, K4, 12, 8 );
++ R( a, b, c, d, e, F4, K4, 2, 13 );
++ R( e, a, b, c, d, F4, K4, 10, 12 );
++ R( d, e, a, b, c, F4, K4, 14, 5 );
++ R( c, d, e, a, b, F4, K4, 1, 12 );
++ R( b, c, d, e, a, F4, K4, 3, 13 );
++ R( a, b, c, d, e, F4, K4, 8, 14 );
++ R( e, a, b, c, d, F4, K4, 11, 11 );
++ R( d, e, a, b, c, F4, K4, 6, 8 );
++ R( c, d, e, a, b, F4, K4, 15, 5 );
++ R( b, c, d, e, a, F4, K4, 13, 6 );
++
++ aa = a; bb = b; cc = c; dd = d; ee = e;
++
++ /* right lane */
++ a = hd->h0;
++ b = hd->h1;
++ c = hd->h2;
++ d = hd->h3;
++ e = hd->h4;
++ R( a, b, c, d, e, F4, KK0, 5, 8);
++ R( e, a, b, c, d, F4, KK0, 14, 9);
++ R( d, e, a, b, c, F4, KK0, 7, 9);
++ R( c, d, e, a, b, F4, KK0, 0, 11);
++ R( b, c, d, e, a, F4, KK0, 9, 13);
++ R( a, b, c, d, e, F4, KK0, 2, 15);
++ R( e, a, b, c, d, F4, KK0, 11, 15);
++ R( d, e, a, b, c, F4, KK0, 4, 5);
++ R( c, d, e, a, b, F4, KK0, 13, 7);
++ R( b, c, d, e, a, F4, KK0, 6, 7);
++ R( a, b, c, d, e, F4, KK0, 15, 8);
++ R( e, a, b, c, d, F4, KK0, 8, 11);
++ R( d, e, a, b, c, F4, KK0, 1, 14);
++ R( c, d, e, a, b, F4, KK0, 10, 14);
++ R( b, c, d, e, a, F4, KK0, 3, 12);
++ R( a, b, c, d, e, F4, KK0, 12, 6);
++ R( e, a, b, c, d, F3, KK1, 6, 9);
++ R( d, e, a, b, c, F3, KK1, 11, 13);
++ R( c, d, e, a, b, F3, KK1, 3, 15);
++ R( b, c, d, e, a, F3, KK1, 7, 7);
++ R( a, b, c, d, e, F3, KK1, 0, 12);
++ R( e, a, b, c, d, F3, KK1, 13, 8);
++ R( d, e, a, b, c, F3, KK1, 5, 9);
++ R( c, d, e, a, b, F3, KK1, 10, 11);
++ R( b, c, d, e, a, F3, KK1, 14, 7);
++ R( a, b, c, d, e, F3, KK1, 15, 7);
++ R( e, a, b, c, d, F3, KK1, 8, 12);
++ R( d, e, a, b, c, F3, KK1, 12, 7);
++ R( c, d, e, a, b, F3, KK1, 4, 6);
++ R( b, c, d, e, a, F3, KK1, 9, 15);
++ R( a, b, c, d, e, F3, KK1, 1, 13);
++ R( e, a, b, c, d, F3, KK1, 2, 11);
++ R( d, e, a, b, c, F2, KK2, 15, 9);
++ R( c, d, e, a, b, F2, KK2, 5, 7);
++ R( b, c, d, e, a, F2, KK2, 1, 15);
++ R( a, b, c, d, e, F2, KK2, 3, 11);
++ R( e, a, b, c, d, F2, KK2, 7, 8);
++ R( d, e, a, b, c, F2, KK2, 14, 6);
++ R( c, d, e, a, b, F2, KK2, 6, 6);
++ R( b, c, d, e, a, F2, KK2, 9, 14);
++ R( a, b, c, d, e, F2, KK2, 11, 12);
++ R( e, a, b, c, d, F2, KK2, 8, 13);
++ R( d, e, a, b, c, F2, KK2, 12, 5);
++ R( c, d, e, a, b, F2, KK2, 2, 14);
++ R( b, c, d, e, a, F2, KK2, 10, 13);
++ R( a, b, c, d, e, F2, KK2, 0, 13);
++ R( e, a, b, c, d, F2, KK2, 4, 7);
++ R( d, e, a, b, c, F2, KK2, 13, 5);
++ R( c, d, e, a, b, F1, KK3, 8, 15);
++ R( b, c, d, e, a, F1, KK3, 6, 5);
++ R( a, b, c, d, e, F1, KK3, 4, 8);
++ R( e, a, b, c, d, F1, KK3, 1, 11);
++ R( d, e, a, b, c, F1, KK3, 3, 14);
++ R( c, d, e, a, b, F1, KK3, 11, 14);
++ R( b, c, d, e, a, F1, KK3, 15, 6);
++ R( a, b, c, d, e, F1, KK3, 0, 14);
++ R( e, a, b, c, d, F1, KK3, 5, 6);
++ R( d, e, a, b, c, F1, KK3, 12, 9);
++ R( c, d, e, a, b, F1, KK3, 2, 12);
++ R( b, c, d, e, a, F1, KK3, 13, 9);
++ R( a, b, c, d, e, F1, KK3, 9, 12);
++ R( e, a, b, c, d, F1, KK3, 7, 5);
++ R( d, e, a, b, c, F1, KK3, 10, 15);
++ R( c, d, e, a, b, F1, KK3, 14, 8);
++ R( b, c, d, e, a, F0, KK4, 12, 8);
++ R( a, b, c, d, e, F0, KK4, 15, 5);
++ R( e, a, b, c, d, F0, KK4, 10, 12);
++ R( d, e, a, b, c, F0, KK4, 4, 9);
++ R( c, d, e, a, b, F0, KK4, 1, 12);
++ R( b, c, d, e, a, F0, KK4, 5, 5);
++ R( a, b, c, d, e, F0, KK4, 8, 14);
++ R( e, a, b, c, d, F0, KK4, 7, 6);
++ R( d, e, a, b, c, F0, KK4, 6, 8);
++ R( c, d, e, a, b, F0, KK4, 2, 13);
++ R( b, c, d, e, a, F0, KK4, 13, 6);
++ R( a, b, c, d, e, F0, KK4, 14, 5);
++ R( e, a, b, c, d, F0, KK4, 0, 15);
++ R( d, e, a, b, c, F0, KK4, 3, 13);
++ R( c, d, e, a, b, F0, KK4, 9, 11);
++ R( b, c, d, e, a, F0, KK4, 11, 11);
++
++
++ t = hd->h1 + d + cc;
++ hd->h1 = hd->h2 + e + dd;
++ hd->h2 = hd->h3 + a + ee;
++ hd->h3 = hd->h4 + b + aa;
++ hd->h4 = hd->h0 + c + bb;
++ hd->h0 = t;
++}
++
++
++/* Update the message digest with the contents
++ * of INBUF with length INLEN.
++ */
++static void
++rmd160_write( RMD160_CONTEXT *hd, byte *inbuf, size_t inlen)
++{
++ if( hd->count == 64 ) { /* flush the buffer */
++ transform( hd, hd->buf );
++ hd->count = 0;
++ hd->nblocks++;
++ }
++ if( !inbuf )
++ return;
++ if( hd->count ) {
++ for( ; inlen && hd->count < 64; inlen-- )
++ hd->buf[hd->count++] = *inbuf++;
++ rmd160_write( hd, NULL, 0 );
++ if( !inlen )
++ return;
++ }
++
++ while( inlen >= 64 ) {
++ transform( hd, inbuf );
++ hd->count = 0;
++ hd->nblocks++;
++ inlen -= 64;
++ inbuf += 64;
++ }
++ for( ; inlen && hd->count < 64; inlen-- )
++ hd->buf[hd->count++] = *inbuf++;
++}
++
++/* The routine terminates the computation
++ */
++
++static void
++rmd160_final( RMD160_CONTEXT *hd )
++{
++ u32 t, msb, lsb;
++ byte *p;
++
++ rmd160_write(hd, NULL, 0); /* flush */;
++
++ msb = 0;
++ t = hd->nblocks;
++ if( (lsb = t << 6) < t ) /* multiply by 64 to make a byte count */
++ msb++;
++ msb += t >> 26;
++ t = lsb;
++ if( (lsb = t + hd->count) < t ) /* add the count */
++ msb++;
++ t = lsb;
++ if( (lsb = t << 3) < t ) /* multiply by 8 to make a bit count */
++ msb++;
++ msb += t >> 29;
++
++ if( hd->count < 56 ) { /* enough room */
++ hd->buf[hd->count++] = 0x80; /* pad */
++ while( hd->count < 56 )
++ hd->buf[hd->count++] = 0; /* pad */
++ }
++ else { /* need one extra block */
++ hd->buf[hd->count++] = 0x80; /* pad character */
++ while( hd->count < 64 )
++ hd->buf[hd->count++] = 0;
++ rmd160_write(hd, NULL, 0); /* flush */;
++ memset(hd->buf, 0, 56 ); /* fill next block with zeroes */
++ }
++ /* append the 64 bit count */
++ hd->buf[56] = lsb ;
++ hd->buf[57] = lsb >> 8;
++ hd->buf[58] = lsb >> 16;
++ hd->buf[59] = lsb >> 24;
++ hd->buf[60] = msb ;
++ hd->buf[61] = msb >> 8;
++ hd->buf[62] = msb >> 16;
++ hd->buf[63] = msb >> 24;
++ transform( hd, hd->buf );
++
++ p = hd->buf;
++ #if BYTE_ORDER == BIG_ENDIAN
++ #define X(a) do { *p++ = hd->h##a ; *p++ = hd->h##a >> 8; \
++ *p++ = hd->h##a >> 16; *p++ = hd->h##a >> 24; } while(0)
++ #else /* little endian */
++ #define X(a) do { *(u32*)p = hd->h##a ; p += 4; } while(0)
++ #endif
++ X(0);
++ X(1);
++ X(2);
++ X(3);
++ X(4);
++ #undef X
++}
++
++/****************
++ * Shortcut functions which puts the hash value of the supplied buffer
++ * into outbuf which must have a size of 20 bytes.
++ */
++void
++rmd160_hash_buffer( char *outbuf, const char *buffer, size_t length )
++{
++ RMD160_CONTEXT hd;
++
++ rmd160_init( &hd );
++ rmd160_write( &hd, (byte*)buffer, length );
++ rmd160_final( &hd );
++ memcpy( outbuf, hd.buf, 20 );
++}
+diff -urN util-linux-2.10r/mount/rmd160.h util-linux-2.10r-cr/mount/rmd160.h
+--- util-linux-2.10r/mount/rmd160.h Wed Dec 31 19:00:00 1969
++++ util-linux-2.10r-cr/mount/rmd160.h Sun Dec 31 02:47:21 2000
+@@ -0,0 +1,9 @@
++#ifndef RMD160_H
++#define RMD160_H
++
++void
++rmd160_hash_buffer( char *outbuf, const char *buffer, size_t length );
++
++#endif /*RMD160_H*/
++
++
diff -urN linux-2.2.18/include/linux/crypto.h linux-2.2.18-cr/include/linux/crypto.h
--- linux-2.2.18/include/linux/crypto.h Tue Jan 2 02:49:29 2001
+++ linux-2.2.18-cr/include/linux/crypto.h Mon Jan 1 17:14:35 2001
@@ -41,8 +41,8 @@
#define CIPHER_CAST256 14
#define CIPHER_DFC 15
#define CIPHER_RIJNDAEL 16
+#define CIPHER_AES 16
#define CIPHER_RC5 17
-#define CIPHER_AES 18
#define MAX_CIPHER 20
#define CIPHER_CBC 0x00010000
diff -urN linux-2.2.18/include/linux/loop.h linux-2.2.18-cr/include/linux/loop.h
--- linux-2.2.18/include/linux/loop.h Tue Jan 2 02:49:29 2001
+++ linux-2.2.18-cr/include/linux/loop.h Mon Jan 1 17:21:11 2001
@@ -105,8 +105,9 @@
#define LO_CRYPT_CAST256 14
#define LO_CRYPT_DFC 15
#define LO_CRYPT_RIJNDAEL 16
+#define LO_CRYPT_AES 16
#define LO_CRYPT_RC5 17
-#define MAX_LO_CRYPT 20
+#define MAX_LO_CRYPT 20
#ifdef __KERNEL__
/* Support for loadable transfer modules */
- Follow-Ups:
- Re: AES
- From: Gisle S{lensminde <gisle@ii.uib.no>