From owner-linux-crypto@nl.linux.org Mon Jan 1 15:10:58 2001 Received: by humbolt.nl.linux.org id ; Mon, 1 Jan 2001 15:10:26 +0100 Received: from eik.ii.uib.no ([129.177.16.3]:7101 "EHLO ii.uib.no") by humbolt.nl.linux.org with ESMTP id convert rfc822-to-8bit; Mon, 1 Jan 2001 15:09:55 +0100 Received: from apal-192.ii.uib.no (apal.ii.uib.no) [129.177.192.27] by ii.uib.no with esmtp (Exim 3.03) id 14D5f4-0001U3-00 ; Mon, 01 Jan 2001 15:10:06 +0100 Received: (from gisle@localhost) by apal.ii.uib.no (8.9.3+Sun/8.9.3) id PAA03935; Mon, 1 Jan 2001 15:09:54 +0100 (MET) Date: Mon, 1 Jan 2001 15:09:54 +0100 (MET) From: Gisle S{lensminde To: Jan-Benedict Glaw cc: Subject: Re: Patch for losetup In-Reply-To: <20001231163434.E15712@lug-owl.de> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: 8BIT Sender: owner-linux-crypto@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;linux-crypto-list On Sun, 31 Dec 2000, Jan-Benedict Glaw wrote: > > + { LO_CRYPT_RIJNDAEL, "rijndael", 16}, > > + { LO_CRYPT_AES, "aes", 16}, > > +#define LO_CRYPT_AES 18 > ^^--- You better define this to 16, right? You confuse the keylength with the cipher identifer. The two first definitions define the keylength used by the loopback device, which is 16 bytes or 128 bits. The second is the identifer for AES, which is 18 in the current version of kerneli. The identifer for rijndael is (by coincident) 16, and that mey be confusing. Also, rijndael and AES has different identifers, but is in fact the same thing, and use the same code for encipherment, so inserting 16 would work if you selected "AES available under the rijndael name" when configuring the kernel, and not otherwise. -- Gisle Sælensminde ( gisle@ii.uib.no ) With sufficient thrust, pigs fly just fine. However, this is not necessarily a good idea. It is hard to be sure where they are going to land, and it could be dangerous sitting under them as they fly overhead. (from RFC 1925) Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From owner-linux-crypto@nl.linux.org Tue Jan 2 09:29:10 2001 Received: by humbolt.nl.linux.org id ; Tue, 2 Jan 2001 09:28:41 +0100 Received: from cr536970-a.wlfdle1.on.wave.home.com ([24.156.248.137]:49415 "EHLO nic.ath.cx") by humbolt.nl.linux.org with ESMTP id ; Tue, 2 Jan 2001 09:27:23 +0100 Received: from hal.haln (unknown [207.245.193.119]) by nic.ath.cx (Postfix) with ESMTP id 0E31F1F481F; Tue, 2 Jan 2001 03:27:17 -0500 (EST) Received: by hal.haln (Postfix, from userid 500) id 43A077E00A; Tue, 02 Jan 2001 03:26:25 -0500 (EST) Date: Tue, 2 Jan 2001 03:26:25 -0500 From: Emil Laurentiu To: John Kennedy Cc: Marc Mutz , linux-crypto@nl.linux.org Subject: Re: AES Message-ID: <20010102032625.479002381@hal.haln> Reply-To: emil@la.mine.nu References: <20001104225500.8890010030@hal.haln> <3A067B3E.AB32FB54@Mutz.com> <20001123065524.B14860@north.csuchico.edu> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary=KsGdsel6WgEHnImy In-Reply-To: <20001123065524.B14860@north.csuchico.edu>; from John Kennedy on Thu, Nov 23, 2000 at 06:55:24AM -0800 X-Operating-System: Linux hal 2.2.18 X-Degrees: CLE (Certified Linux Enthusiast) X-URL: http://la.mine.nu/~emil Sender: owner-linux-crypto@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;linux-crypto-list --KsGdsel6WgEHnImy Content-Type: text/plain; charset=us-ascii On 23 November 2000, John Kennedy wrote: > On Mon, Nov 06, 2000 at 10:34:54AM +0100, Marc Mutz wrote: > > Emil wrote: > > > util-linux-2.10o.int.patch still doesn't include the AES encryption > > > Anyone plans to do it ? > > > > You can easily add it to the list of known ciphers in > > util-linux/mount/lomount.c > > Then re-compile both mount and losetup. I have compiled the international patch for the latest util-linux-2.10r It has the AES included and small modifications like zeroing the password and the hash once they are passed to the encryption loop structure. Also note that the sizes of keys for some encryption types have been modified to use the maximum available keysize. (WARNING: This will prevent you from decrypting your partitions/files if the keysize has changed so better decrypt everything before applying this patch!!!) Another change is in the definitions for AES and RIJNDAEL which should be the same since it's the same encryption method with 2 different names. In this case AES = RIJNDAEL = 16. Choosing different numbers will break things. I have intensively tested the AES encryption with loop devices and all worked fine. Other encryption types have been only briefly tested. Attached is the patch that should be applied AFTER the patch-int-2.2.18.3 -- Regards, Emil -- When all the cars are running towards you, means you're on the opposite lane. --KsGdsel6WgEHnImy Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="patch-int-2.2.18.4.diff" diff -urN linux-2.2.18/Documentation/crypto/faq.txt linux-2.2.18-cr/Documentation/crypto/faq.txt --- linux-2.2.18/Documentation/crypto/faq.txt Tue Jan 2 02:49:29 2001 +++ linux-2.2.18-cr/Documentation/crypto/faq.txt Tue Jan 2 02:42:51 2001 @@ -50,11 +50,13 @@ alias loop-xfer-gen-0 loop_gen alias loop-xfer-gen-10 loop_gen alias cipher-2 des +alias cipher-3 twofish alias cipher-4 blowfish alias cipher-6 idea alias cipher-7 serp6f alias cipher-8 mars6 alias cipher-11 rc62 +alias cipher-12 des_ede3 alias cipher-15 dfc2 alias cipher-16 rijndael alias cipher-17 rc5 diff -urN linux-2.2.18/Documentation/crypto/util-linux-2.10r.int.patch linux-2.2.18-cr/Documentation/crypto/util-linux-2.10r.int.patch --- linux-2.2.18/Documentation/crypto/util-linux-2.10r.int.patch Wed Dec 31 19:00:00 1969 +++ linux-2.2.18-cr/Documentation/crypto/util-linux-2.10r.int.patch Tue Jan 2 02:40:13 2001 @@ -0,0 +1,797 @@ +diff -urN util-linux-2.10r/mount/Makefile util-linux-2.10r-cr/mount/Makefile +--- util-linux-2.10r/mount/Makefile Fri Aug 11 17:25:26 2000 ++++ util-linux-2.10r-cr/mount/Makefile Sun Dec 31 02:47:21 2000 +@@ -28,7 +28,7 @@ + GEN_FILES = nfsmount.h nfsmount_xdr.c nfsmount_clnt.c + + # comment these out if you are not compiling in loop support +-LO_OBJS=lomount.o ++LO_OBJS=lomount.o rmd160.o + + all: $(PROGS) + +@@ -59,7 +59,7 @@ + losetup.o: lomount.c + $(COMPILE) -DMAIN lomount.c -o $@ + +-losetup: losetup.o ++losetup: losetup.o rmd160.o + $(LINK) $^ -o $@ + + mount.o umount.o nfsmount.o losetup.o fstab.o realpath.o sundries.o: sundries.h +diff -urN util-linux-2.10r/mount/lomount.c util-linux-2.10r-cr/mount/lomount.c +--- util-linux-2.10r/mount/lomount.c Sat Aug 5 11:52:28 2000 ++++ util-linux-2.10r-cr/mount/lomount.c Tue Jan 2 02:14:06 2001 +@@ -27,6 +27,7 @@ + + #include "loop.h" + #include "lomount.h" ++#include "rmd160.h" + #include "nls.h" + + extern int verbose; +@@ -34,15 +35,30 @@ + extern void error (const char *fmt, ...); /* idem */ + + #ifdef LOOP_SET_FD ++/* maximum key length has been used */ + struct crypt_type_struct { + int id; + char *name; ++ int keylength; + } crypt_type_tbl[] = { +- { LO_CRYPT_NONE, "no" }, +- { LO_CRYPT_NONE, "none" }, +- { LO_CRYPT_XOR, "xor" }, +- { LO_CRYPT_DES, "DES" }, +- { -1, NULL } ++ { LO_CRYPT_NONE, "no", 0 }, ++ { LO_CRYPT_NONE, "none", 0 }, ++ { LO_CRYPT_XOR, "xor", 0 }, ++/* { LO_CRYPT_DES, "DES", 8 }, */ ++ { LO_CRYPT_FISH2, "twofish", 32 }, ++ { LO_CRYPT_BLOW, "blowfish", 32 }, ++ { LO_CRYPT_CAST128, "cast128", 16 }, ++ { LO_CRYPT_IDEA, "idea", 16 }, ++ { LO_CRYPT_SERPENT, "serpent", 16 }, ++ { LO_CRYPT_MARS, "mars", 16 }, ++ { LO_CRYPT_RC6, "rc6", 16 }, ++ { LO_CRYPT_DES_EDE3, "DES_EDE3", 24 }, ++/* { LO_CRYPT_CAST256, "cast256", 32 }, */ ++ { LO_CRYPT_DFC, "dfc", 32 }, ++ { LO_CRYPT_RIJNDAEL, "rijndael", 32 }, ++ { LO_CRYPT_RIJNDAEL, "AES", 32 }, ++ { LO_CRYPT_RC5, "rc5", 32 }, ++ { -1, NULL,0 } + }; + + static int +@@ -167,12 +183,18 @@ + return 0; + } + ++#define HASHLENGTH 20 ++#define PASSWDBUFFLEN 130 /* getpass returns only max. 128 bytes, see man getpass */ ++ + int + set_loop (const char *device, const char *file, int offset, + const char *encryption, int *loopro) { + struct loop_info loopinfo; + int fd, ffd, mode, i; ++ int keylength; + char *pass; ++ char keybits[2*HASHLENGTH]; ++ char passwdbuff[PASSWDBUFFLEN]; + + mode = (*loopro ? O_RDONLY : O_RDWR); + if ((ffd = open (file, mode)) < 0) { +@@ -224,6 +246,7 @@ + loopinfo.lo_encrypt_key_size = strlen(loopinfo.lo_encrypt_key); + break; + case LO_CRYPT_DES: ++ printf(_("WARNING: Use of DES is depreciated.\n")); + pass = getpass (_("Password: ")); + strncpy (loopinfo.lo_encrypt_key, pass, 8); + loopinfo.lo_encrypt_key[8] = 0; +@@ -240,6 +263,39 @@ + return 1; + } + break; ++ case LO_CRYPT_FISH2: ++ case LO_CRYPT_BLOW: ++ case LO_CRYPT_CAST128: ++ case LO_CRYPT_IDEA: ++ case LO_CRYPT_SERPENT: ++ case LO_CRYPT_MARS: ++ case LO_CRYPT_RC6: ++ case LO_CRYPT_DES_EDE3: ++ case LO_CRYPT_CAST256: ++ case LO_CRYPT_DFC: ++ case LO_CRYPT_RIJNDAEL: ++ case LO_CRYPT_RC5: ++ pass = getpass("Password: "); ++ strncpy(passwdbuff+1,pass,PASSWDBUFFLEN-1); ++ passwdbuff[0] = 'A'; ++ /* use the rmd160 function twice to generate a 40 bytes hash */ ++ rmd160_hash_buffer(keybits,pass,strlen(pass)); ++ rmd160_hash_buffer(keybits+HASHLENGTH,passwdbuff,strlen(pass)+1); ++ /* zero unencrypted passwords in memory */ ++ memset( pass, 0, strlen(pass) ); ++ memset( passwdbuff, 0, PASSWDBUFFLEN ); ++ keylength=0; ++ for(i=0; crypt_type_tbl[i].id != -1; i++){ ++ if(loopinfo.lo_encrypt_type == crypt_type_tbl[i].id){ ++ keylength = crypt_type_tbl[i].keylength; ++ break; ++ } ++ } ++ loopinfo.lo_encrypt_key_size=keylength; ++ memcpy((char*)loopinfo.lo_encrypt_key,keybits,keylength); ++ /* zero hash (source) in memory */ ++ memset( keybits, 0, keylength ); ++ break; + default: + fprintf (stderr, + _("Don't know how to get key for encryption system %d\n"), +@@ -324,11 +380,18 @@ + + static void + usage(void) { ++ struct crypt_type_struct *c; + fprintf(stderr, _("usage:\n\ + %s loop_device # give info\n\ + %s -d loop_device # delete\n\ + %s [ -e encryption ] [ -o offset ] loop_device file # setup\n"), + progname, progname, progname); ++ fprintf(stderr, " where encryption is one of:\n"); ++ c = &crypt_type_tbl[0]; ++ while(c->name) { ++ fprintf(stderr, " %s\n", c->name); ++ c++; ++ } + exit(1); + } + +diff -urN util-linux-2.10r/mount/losetup.8 util-linux-2.10r-cr/mount/losetup.8 +--- util-linux-2.10r/mount/losetup.8 Fri Aug 11 07:11:30 2000 ++++ util-linux-2.10r-cr/mount/losetup.8 Tue Jan 2 02:39:38 2001 +@@ -36,11 +36,51 @@ + .PD 0 + .IP \fBXOR\fP + use a simple XOR encryption. +-.IP \fBDES\fP +-use DES encryption. DES encryption is only available if the optional +-DES package has been added to the kernel. DES encryption uses an additional +-start value that is used to protect passwords against dictionary +-attacks. ++.IP \fBBlowfish\fP ++use Blowfish encryption. Blowfish encryption is only available if you ++are using the international kernel and Blowfish encryption has been ++enabled in the Crypto API. ++.IP \fBTwofish\fP ++use Twofish encryption. Twofish encryption is only available if you are ++using the international kernel and Twofish encryption has been enabled ++in the Crypto API. Module loop_fish2 should be used rather than loop_gen. ++.IP \fBCAST128\fP ++use CAST128 encryption. CAST128 encryption is only available if you are ++using the international kernel and CAST128 encryption has been enabled ++in the Crypto API. Module loop_cast should be used rather than loop_gen. ++.IP \fBDES_EDE3\fP ++use DES_EDE3 (triple DES) encryption. DES_EDE3 encryption is only ++available if you are using the international kernel and triple DES ++encryption has been enabled in the Crypto API. ++.IP \fBAES (Rijndael)\fP ++use AES (Rijndael) encryption. The Rijndael encryption is the ++Advanced Encryption Standard winner and is only available if you ++are using the international kernel and AES (Rijndael) has been ++enabled in the Crypto API. ++.IP \fBDFC\fP ++use DFC encryption. DFC encryption is only available if you ++are using the international kernel and DFC encryption has been ++enabled in the Crypto API. ++.IP \fBIDEA\fP ++use IDEA encryption. IDEA encryption is only available if you ++are using the international kernel and IDEA encryption has been ++enabled in the Crypto API. ++.IP \fBMARS\fP ++use MARS encryption. MARS encryption is only available if you ++are using the international kernel and MARS encryption has been ++enabled in the Crypto API. ++.IP \fBRC5\fP ++use RC5 encryption. RC5 encryption is only available if you ++are using the international kernel and RC5 encryption has been ++enabled in the Crypto API. ++.IP \fBRC6\fP ++use RC6 encryption. RC6 encryption is only available if you ++are using the international kernel and RC6 encryption has been ++enabled in the Crypto API. ++.IP \fBSerpent\fP ++use Serpent encryption. Serpent encryption is only available if you ++are using the international kernel and Serpent encryption has been ++enabled in the Crypto API. + .PD + .RE + .IP "\fB\-o \fIoffset\fP" +@@ -58,6 +98,7 @@ + .SH FILES + .nf + /dev/loop0,/dev/loop1,... loop devices (major=7) ++/proc/crypto/cipher/* available ciphers + .fi + .SH EXAMPLE + If you are using the loadable module you must have the module loaded +@@ -69,9 +110,8 @@ + .nf + .IP + dd if=/dev/zero of=/file bs=1k count=100 +-losetup -e des /dev/loop0 /file ++losetup -e blowfish /dev/loop0 /file + Password: +-Init (up to 16 hex digits): + mkfs -t ext2 /dev/loop0 100 + mount -t ext2 /dev/loop0 /mnt + ... +@@ -85,8 +125,12 @@ + # rmmod loop + .LP + .fi +-.SH RESTRICTION +-DES encryption is painfully slow. On the other hand, XOR is terribly weak. ++.SH RESTRICTIONS ++DES encryption is painfully slow. On the other hand, XOR is terribly ++weak. Both are insecure nowadays. Some ciphers require a licence for ++you to be allowed to use them. ++.SH BUGS ++CAST, DES, RC5 and Twofish are currently broken and cannot be used. + .SH AUTHORS + .nf + Original version: Theodore Ts'o +diff -urN util-linux-2.10r/mount/rmd160.c util-linux-2.10r-cr/mount/rmd160.c +--- util-linux-2.10r/mount/rmd160.c Wed Dec 31 19:00:00 1969 ++++ util-linux-2.10r-cr/mount/rmd160.c Sun Dec 31 02:47:21 2000 +@@ -0,0 +1,532 @@ ++/* rmd160.c - RIPE-MD160 ++ * Copyright (C) 1998 Free Software Foundation, Inc. ++ */ ++ ++/* This file was part of GnuPG. Modified for use within the Linux ++ * mount utility by Marc Mutz . None of this code is ++ * by myself. I just removed everything that you don't need when all ++ * you want to do is to use rmd160_hash_buffer(). ++ * My comments are marked with (mm). */ ++ ++/* GnuPG is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation; either version 2 of the License, or ++ * (at your option) any later version. ++ * ++ * GnuPG is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ ++ ++#include /* (mm) for memcpy */ ++#include /* (mm) for BIG_ENDIAN and BYTE_ORDER */ ++#include "rmd160.h" ++ ++/* (mm) these are used by the original GnuPG file. In order to modify ++ * that file not too much, we keep the notations. maybe it would be ++ * better to include linux/types.h and typedef __u32 to u32 and __u8 ++ * to byte? */ ++typedef unsigned int u32; /* taken from e.g. util-linux's minix.h */ ++typedef unsigned char byte; ++ ++typedef struct { ++ u32 h0,h1,h2,h3,h4; ++ u32 nblocks; ++ byte buf[64]; ++ int count; ++} RMD160_CONTEXT; ++ ++/**************** ++ * Rotate a 32 bit integer by n bytes ++ */ ++#if defined(__GNUC__) && defined(__i386__) ++static inline u32 ++rol( u32 x, int n) ++{ ++ __asm__("roll %%cl,%0" ++ :"=r" (x) ++ :"0" (x),"c" (n)); ++ return x; ++} ++#else ++ #define rol(x,n) ( ((x) << (n)) | ((x) >> (32-(n))) ) ++#endif ++ ++/********************************* ++ * RIPEMD-160 is not patented, see (as of 25.10.97) ++ * http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html ++ * Note that the code uses Little Endian byteorder, which is good for ++ * 386 etc, but we must add some conversion when used on a big endian box. ++ * ++ * ++ * Pseudo-code for RIPEMD-160 ++ * ++ * RIPEMD-160 is an iterative hash function that operates on 32-bit words. ++ * The round function takes as input a 5-word chaining variable and a 16-word ++ * message block and maps this to a new chaining variable. All operations are ++ * defined on 32-bit words. Padding is identical to that of MD4. ++ * ++ * ++ * RIPEMD-160: definitions ++ * ++ * ++ * nonlinear functions at bit level: exor, mux, -, mux, - ++ * ++ * f(j, x, y, z) = x XOR y XOR z (0 <= j <= 15) ++ * f(j, x, y, z) = (x AND y) OR (NOT(x) AND z) (16 <= j <= 31) ++ * f(j, x, y, z) = (x OR NOT(y)) XOR z (32 <= j <= 47) ++ * f(j, x, y, z) = (x AND z) OR (y AND NOT(z)) (48 <= j <= 63) ++ * f(j, x, y, z) = x XOR (y OR NOT(z)) (64 <= j <= 79) ++ * ++ * ++ * added constants (hexadecimal) ++ * ++ * K(j) = 0x00000000 (0 <= j <= 15) ++ * K(j) = 0x5A827999 (16 <= j <= 31) int(2**30 x sqrt(2)) ++ * K(j) = 0x6ED9EBA1 (32 <= j <= 47) int(2**30 x sqrt(3)) ++ * K(j) = 0x8F1BBCDC (48 <= j <= 63) int(2**30 x sqrt(5)) ++ * K(j) = 0xA953FD4E (64 <= j <= 79) int(2**30 x sqrt(7)) ++ * K'(j) = 0x50A28BE6 (0 <= j <= 15) int(2**30 x cbrt(2)) ++ * K'(j) = 0x5C4DD124 (16 <= j <= 31) int(2**30 x cbrt(3)) ++ * K'(j) = 0x6D703EF3 (32 <= j <= 47) int(2**30 x cbrt(5)) ++ * K'(j) = 0x7A6D76E9 (48 <= j <= 63) int(2**30 x cbrt(7)) ++ * K'(j) = 0x00000000 (64 <= j <= 79) ++ * ++ * ++ * selection of message word ++ * ++ * r(j) = j (0 <= j <= 15) ++ * r(16..31) = 7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8 ++ * r(32..47) = 3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12 ++ * r(48..63) = 1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2 ++ * r(64..79) = 4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13 ++ * r0(0..15) = 5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12 ++ * r0(16..31)= 6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2 ++ * r0(32..47)= 15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13 ++ * r0(48..63)= 8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14 ++ * r0(64..79)= 12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11 ++ * ++ * ++ * amount for rotate left (rol) ++ * ++ * s(0..15) = 11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8 ++ * s(16..31) = 7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12 ++ * s(32..47) = 11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5 ++ * s(48..63) = 11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12 ++ * s(64..79) = 9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6 ++ * s'(0..15) = 8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6 ++ * s'(16..31)= 9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11 ++ * s'(32..47)= 9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5 ++ * s'(48..63)= 15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8 ++ * s'(64..79)= 8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11 ++ * ++ * ++ * initial value (hexadecimal) ++ * ++ * h0 = 0x67452301; h1 = 0xEFCDAB89; h2 = 0x98BADCFE; h3 = 0x10325476; ++ * h4 = 0xC3D2E1F0; ++ * ++ * ++ * RIPEMD-160: pseudo-code ++ * ++ * It is assumed that the message after padding consists of t 16-word blocks ++ * that will be denoted with X[i][j], with 0 <= i <= t-1 and 0 <= j <= 15. ++ * The symbol [+] denotes addition modulo 2**32 and rol_s denotes cyclic left ++ * shift (rotate) over s positions. ++ * ++ * ++ * for i := 0 to t-1 { ++ * A := h0; B := h1; C := h2; D = h3; E = h4; ++ * A' := h0; B' := h1; C' := h2; D' = h3; E' = h4; ++ * for j := 0 to 79 { ++ * T := rol_s(j)(A [+] f(j, B, C, D) [+] X[i][r(j)] [+] K(j)) [+] E; ++ * A := E; E := D; D := rol_10(C); C := B; B := T; ++ * T := rol_s'(j)(A' [+] f(79-j, B', C', D') [+] X[i][r'(j)] ++ [+] K'(j)) [+] E'; ++ * A' := E'; E' := D'; D' := rol_10(C'); C' := B'; B' := T; ++ * } ++ * T := h1 [+] C [+] D'; h1 := h2 [+] D [+] E'; h2 := h3 [+] E [+] A'; ++ * h3 := h4 [+] A [+] B'; h4 := h0 [+] B [+] C'; h0 := T; ++ * } ++ */ ++ ++/* Some examples: ++ * "" 9c1185a5c5e9fc54612808977ee8f548b2258d31 ++ * "a" 0bdc9d2d256b3ee9daae347be6f4dc835a467ffe ++ * "abc" 8eb208f7e05d987a9b044a8e98c6b087f15a0bfc ++ * "message digest" 5d0689ef49d2fae572b881b123a85ffa21595f36 ++ * "a...z" f71c27109c692c1b56bbdceb5b9d2865b3708dbc ++ * "abcdbcde...nopq" 12a053384a9c0c88e405a06c27dcf49ada62eb2b ++ * "A...Za...z0...9" b0e20b6e3116640286ed3a87a5713079b21f5189 ++ * 8 times "1234567890" 9b752e45573d4b39f4dbd3323cab82bf63326bfb ++ * 1 million times "a" 52783243c1697bdbe16d37f97f68f08325dc1528 ++ */ ++ ++ ++static void ++rmd160_init( RMD160_CONTEXT *hd ) ++{ ++ hd->h0 = 0x67452301; ++ hd->h1 = 0xEFCDAB89; ++ hd->h2 = 0x98BADCFE; ++ hd->h3 = 0x10325476; ++ hd->h4 = 0xC3D2E1F0; ++ hd->nblocks = 0; ++ hd->count = 0; ++} ++ ++ ++ ++/**************** ++ * Transform the message X which consists of 16 32-bit-words ++ */ ++static void ++transform( RMD160_CONTEXT *hd, byte *data ) ++{ ++ u32 a,b,c,d,e,aa,bb,cc,dd,ee,t; ++ #if BYTE_ORDER == BIG_ENDIAN ++ u32 x[16]; ++ { int i; ++ byte *p2, *p1; ++ for(i=0, p1=data, p2=(byte*)x; i < 16; i++, p2 += 4 ) { ++ p2[3] = *p1++; ++ p2[2] = *p1++; ++ p2[1] = *p1++; ++ p2[0] = *p1++; ++ } ++ } ++ #else ++ #if 0 ++ u32 *x =(u32*)data; ++ #else ++ /* this version is better because it is always aligned; ++ * The performance penalty on a 586-100 is about 6% which ++ * is acceptable - because the data is more local it might ++ * also be possible that this is faster on some machines. ++ * This function (when compiled with -02 on gcc 2.7.2) ++ * executes on a 586-100 (39.73 bogomips) at about 1900kb/sec; ++ * [measured with a 4MB data and "gpgm --print-md rmd160"] */ ++ u32 x[16]; ++ memcpy( x, data, 64 ); ++ #endif ++ #endif ++ ++ ++#define K0 0x00000000 ++#define K1 0x5A827999 ++#define K2 0x6ED9EBA1 ++#define K3 0x8F1BBCDC ++#define K4 0xA953FD4E ++#define KK0 0x50A28BE6 ++#define KK1 0x5C4DD124 ++#define KK2 0x6D703EF3 ++#define KK3 0x7A6D76E9 ++#define KK4 0x00000000 ++#define F0(x,y,z) ( (x) ^ (y) ^ (z) ) ++#define F1(x,y,z) ( ((x) & (y)) | (~(x) & (z)) ) ++#define F2(x,y,z) ( ((x) | ~(y)) ^ (z) ) ++#define F3(x,y,z) ( ((x) & (z)) | ((y) & ~(z)) ) ++#define F4(x,y,z) ( (x) ^ ((y) | ~(z)) ) ++#define R(a,b,c,d,e,f,k,r,s) do { t = a + f(b,c,d) + k + x[r]; \ ++ a = rol(t,s) + e; \ ++ c = rol(c,10); \ ++ } while(0) ++ ++ /* left lane */ ++ a = hd->h0; ++ b = hd->h1; ++ c = hd->h2; ++ d = hd->h3; ++ e = hd->h4; ++ R( a, b, c, d, e, F0, K0, 0, 11 ); ++ R( e, a, b, c, d, F0, K0, 1, 14 ); ++ R( d, e, a, b, c, F0, K0, 2, 15 ); ++ R( c, d, e, a, b, F0, K0, 3, 12 ); ++ R( b, c, d, e, a, F0, K0, 4, 5 ); ++ R( a, b, c, d, e, F0, K0, 5, 8 ); ++ R( e, a, b, c, d, F0, K0, 6, 7 ); ++ R( d, e, a, b, c, F0, K0, 7, 9 ); ++ R( c, d, e, a, b, F0, K0, 8, 11 ); ++ R( b, c, d, e, a, F0, K0, 9, 13 ); ++ R( a, b, c, d, e, F0, K0, 10, 14 ); ++ R( e, a, b, c, d, F0, K0, 11, 15 ); ++ R( d, e, a, b, c, F0, K0, 12, 6 ); ++ R( c, d, e, a, b, F0, K0, 13, 7 ); ++ R( b, c, d, e, a, F0, K0, 14, 9 ); ++ R( a, b, c, d, e, F0, K0, 15, 8 ); ++ R( e, a, b, c, d, F1, K1, 7, 7 ); ++ R( d, e, a, b, c, F1, K1, 4, 6 ); ++ R( c, d, e, a, b, F1, K1, 13, 8 ); ++ R( b, c, d, e, a, F1, K1, 1, 13 ); ++ R( a, b, c, d, e, F1, K1, 10, 11 ); ++ R( e, a, b, c, d, F1, K1, 6, 9 ); ++ R( d, e, a, b, c, F1, K1, 15, 7 ); ++ R( c, d, e, a, b, F1, K1, 3, 15 ); ++ R( b, c, d, e, a, F1, K1, 12, 7 ); ++ R( a, b, c, d, e, F1, K1, 0, 12 ); ++ R( e, a, b, c, d, F1, K1, 9, 15 ); ++ R( d, e, a, b, c, F1, K1, 5, 9 ); ++ R( c, d, e, a, b, F1, K1, 2, 11 ); ++ R( b, c, d, e, a, F1, K1, 14, 7 ); ++ R( a, b, c, d, e, F1, K1, 11, 13 ); ++ R( e, a, b, c, d, F1, K1, 8, 12 ); ++ R( d, e, a, b, c, F2, K2, 3, 11 ); ++ R( c, d, e, a, b, F2, K2, 10, 13 ); ++ R( b, c, d, e, a, F2, K2, 14, 6 ); ++ R( a, b, c, d, e, F2, K2, 4, 7 ); ++ R( e, a, b, c, d, F2, K2, 9, 14 ); ++ R( d, e, a, b, c, F2, K2, 15, 9 ); ++ R( c, d, e, a, b, F2, K2, 8, 13 ); ++ R( b, c, d, e, a, F2, K2, 1, 15 ); ++ R( a, b, c, d, e, F2, K2, 2, 14 ); ++ R( e, a, b, c, d, F2, K2, 7, 8 ); ++ R( d, e, a, b, c, F2, K2, 0, 13 ); ++ R( c, d, e, a, b, F2, K2, 6, 6 ); ++ R( b, c, d, e, a, F2, K2, 13, 5 ); ++ R( a, b, c, d, e, F2, K2, 11, 12 ); ++ R( e, a, b, c, d, F2, K2, 5, 7 ); ++ R( d, e, a, b, c, F2, K2, 12, 5 ); ++ R( c, d, e, a, b, F3, K3, 1, 11 ); ++ R( b, c, d, e, a, F3, K3, 9, 12 ); ++ R( a, b, c, d, e, F3, K3, 11, 14 ); ++ R( e, a, b, c, d, F3, K3, 10, 15 ); ++ R( d, e, a, b, c, F3, K3, 0, 14 ); ++ R( c, d, e, a, b, F3, K3, 8, 15 ); ++ R( b, c, d, e, a, F3, K3, 12, 9 ); ++ R( a, b, c, d, e, F3, K3, 4, 8 ); ++ R( e, a, b, c, d, F3, K3, 13, 9 ); ++ R( d, e, a, b, c, F3, K3, 3, 14 ); ++ R( c, d, e, a, b, F3, K3, 7, 5 ); ++ R( b, c, d, e, a, F3, K3, 15, 6 ); ++ R( a, b, c, d, e, F3, K3, 14, 8 ); ++ R( e, a, b, c, d, F3, K3, 5, 6 ); ++ R( d, e, a, b, c, F3, K3, 6, 5 ); ++ R( c, d, e, a, b, F3, K3, 2, 12 ); ++ R( b, c, d, e, a, F4, K4, 4, 9 ); ++ R( a, b, c, d, e, F4, K4, 0, 15 ); ++ R( e, a, b, c, d, F4, K4, 5, 5 ); ++ R( d, e, a, b, c, F4, K4, 9, 11 ); ++ R( c, d, e, a, b, F4, K4, 7, 6 ); ++ R( b, c, d, e, a, F4, K4, 12, 8 ); ++ R( a, b, c, d, e, F4, K4, 2, 13 ); ++ R( e, a, b, c, d, F4, K4, 10, 12 ); ++ R( d, e, a, b, c, F4, K4, 14, 5 ); ++ R( c, d, e, a, b, F4, K4, 1, 12 ); ++ R( b, c, d, e, a, F4, K4, 3, 13 ); ++ R( a, b, c, d, e, F4, K4, 8, 14 ); ++ R( e, a, b, c, d, F4, K4, 11, 11 ); ++ R( d, e, a, b, c, F4, K4, 6, 8 ); ++ R( c, d, e, a, b, F4, K4, 15, 5 ); ++ R( b, c, d, e, a, F4, K4, 13, 6 ); ++ ++ aa = a; bb = b; cc = c; dd = d; ee = e; ++ ++ /* right lane */ ++ a = hd->h0; ++ b = hd->h1; ++ c = hd->h2; ++ d = hd->h3; ++ e = hd->h4; ++ R( a, b, c, d, e, F4, KK0, 5, 8); ++ R( e, a, b, c, d, F4, KK0, 14, 9); ++ R( d, e, a, b, c, F4, KK0, 7, 9); ++ R( c, d, e, a, b, F4, KK0, 0, 11); ++ R( b, c, d, e, a, F4, KK0, 9, 13); ++ R( a, b, c, d, e, F4, KK0, 2, 15); ++ R( e, a, b, c, d, F4, KK0, 11, 15); ++ R( d, e, a, b, c, F4, KK0, 4, 5); ++ R( c, d, e, a, b, F4, KK0, 13, 7); ++ R( b, c, d, e, a, F4, KK0, 6, 7); ++ R( a, b, c, d, e, F4, KK0, 15, 8); ++ R( e, a, b, c, d, F4, KK0, 8, 11); ++ R( d, e, a, b, c, F4, KK0, 1, 14); ++ R( c, d, e, a, b, F4, KK0, 10, 14); ++ R( b, c, d, e, a, F4, KK0, 3, 12); ++ R( a, b, c, d, e, F4, KK0, 12, 6); ++ R( e, a, b, c, d, F3, KK1, 6, 9); ++ R( d, e, a, b, c, F3, KK1, 11, 13); ++ R( c, d, e, a, b, F3, KK1, 3, 15); ++ R( b, c, d, e, a, F3, KK1, 7, 7); ++ R( a, b, c, d, e, F3, KK1, 0, 12); ++ R( e, a, b, c, d, F3, KK1, 13, 8); ++ R( d, e, a, b, c, F3, KK1, 5, 9); ++ R( c, d, e, a, b, F3, KK1, 10, 11); ++ R( b, c, d, e, a, F3, KK1, 14, 7); ++ R( a, b, c, d, e, F3, KK1, 15, 7); ++ R( e, a, b, c, d, F3, KK1, 8, 12); ++ R( d, e, a, b, c, F3, KK1, 12, 7); ++ R( c, d, e, a, b, F3, KK1, 4, 6); ++ R( b, c, d, e, a, F3, KK1, 9, 15); ++ R( a, b, c, d, e, F3, KK1, 1, 13); ++ R( e, a, b, c, d, F3, KK1, 2, 11); ++ R( d, e, a, b, c, F2, KK2, 15, 9); ++ R( c, d, e, a, b, F2, KK2, 5, 7); ++ R( b, c, d, e, a, F2, KK2, 1, 15); ++ R( a, b, c, d, e, F2, KK2, 3, 11); ++ R( e, a, b, c, d, F2, KK2, 7, 8); ++ R( d, e, a, b, c, F2, KK2, 14, 6); ++ R( c, d, e, a, b, F2, KK2, 6, 6); ++ R( b, c, d, e, a, F2, KK2, 9, 14); ++ R( a, b, c, d, e, F2, KK2, 11, 12); ++ R( e, a, b, c, d, F2, KK2, 8, 13); ++ R( d, e, a, b, c, F2, KK2, 12, 5); ++ R( c, d, e, a, b, F2, KK2, 2, 14); ++ R( b, c, d, e, a, F2, KK2, 10, 13); ++ R( a, b, c, d, e, F2, KK2, 0, 13); ++ R( e, a, b, c, d, F2, KK2, 4, 7); ++ R( d, e, a, b, c, F2, KK2, 13, 5); ++ R( c, d, e, a, b, F1, KK3, 8, 15); ++ R( b, c, d, e, a, F1, KK3, 6, 5); ++ R( a, b, c, d, e, F1, KK3, 4, 8); ++ R( e, a, b, c, d, F1, KK3, 1, 11); ++ R( d, e, a, b, c, F1, KK3, 3, 14); ++ R( c, d, e, a, b, F1, KK3, 11, 14); ++ R( b, c, d, e, a, F1, KK3, 15, 6); ++ R( a, b, c, d, e, F1, KK3, 0, 14); ++ R( e, a, b, c, d, F1, KK3, 5, 6); ++ R( d, e, a, b, c, F1, KK3, 12, 9); ++ R( c, d, e, a, b, F1, KK3, 2, 12); ++ R( b, c, d, e, a, F1, KK3, 13, 9); ++ R( a, b, c, d, e, F1, KK3, 9, 12); ++ R( e, a, b, c, d, F1, KK3, 7, 5); ++ R( d, e, a, b, c, F1, KK3, 10, 15); ++ R( c, d, e, a, b, F1, KK3, 14, 8); ++ R( b, c, d, e, a, F0, KK4, 12, 8); ++ R( a, b, c, d, e, F0, KK4, 15, 5); ++ R( e, a, b, c, d, F0, KK4, 10, 12); ++ R( d, e, a, b, c, F0, KK4, 4, 9); ++ R( c, d, e, a, b, F0, KK4, 1, 12); ++ R( b, c, d, e, a, F0, KK4, 5, 5); ++ R( a, b, c, d, e, F0, KK4, 8, 14); ++ R( e, a, b, c, d, F0, KK4, 7, 6); ++ R( d, e, a, b, c, F0, KK4, 6, 8); ++ R( c, d, e, a, b, F0, KK4, 2, 13); ++ R( b, c, d, e, a, F0, KK4, 13, 6); ++ R( a, b, c, d, e, F0, KK4, 14, 5); ++ R( e, a, b, c, d, F0, KK4, 0, 15); ++ R( d, e, a, b, c, F0, KK4, 3, 13); ++ R( c, d, e, a, b, F0, KK4, 9, 11); ++ R( b, c, d, e, a, F0, KK4, 11, 11); ++ ++ ++ t = hd->h1 + d + cc; ++ hd->h1 = hd->h2 + e + dd; ++ hd->h2 = hd->h3 + a + ee; ++ hd->h3 = hd->h4 + b + aa; ++ hd->h4 = hd->h0 + c + bb; ++ hd->h0 = t; ++} ++ ++ ++/* Update the message digest with the contents ++ * of INBUF with length INLEN. ++ */ ++static void ++rmd160_write( RMD160_CONTEXT *hd, byte *inbuf, size_t inlen) ++{ ++ if( hd->count == 64 ) { /* flush the buffer */ ++ transform( hd, hd->buf ); ++ hd->count = 0; ++ hd->nblocks++; ++ } ++ if( !inbuf ) ++ return; ++ if( hd->count ) { ++ for( ; inlen && hd->count < 64; inlen-- ) ++ hd->buf[hd->count++] = *inbuf++; ++ rmd160_write( hd, NULL, 0 ); ++ if( !inlen ) ++ return; ++ } ++ ++ while( inlen >= 64 ) { ++ transform( hd, inbuf ); ++ hd->count = 0; ++ hd->nblocks++; ++ inlen -= 64; ++ inbuf += 64; ++ } ++ for( ; inlen && hd->count < 64; inlen-- ) ++ hd->buf[hd->count++] = *inbuf++; ++} ++ ++/* The routine terminates the computation ++ */ ++ ++static void ++rmd160_final( RMD160_CONTEXT *hd ) ++{ ++ u32 t, msb, lsb; ++ byte *p; ++ ++ rmd160_write(hd, NULL, 0); /* flush */; ++ ++ msb = 0; ++ t = hd->nblocks; ++ if( (lsb = t << 6) < t ) /* multiply by 64 to make a byte count */ ++ msb++; ++ msb += t >> 26; ++ t = lsb; ++ if( (lsb = t + hd->count) < t ) /* add the count */ ++ msb++; ++ t = lsb; ++ if( (lsb = t << 3) < t ) /* multiply by 8 to make a bit count */ ++ msb++; ++ msb += t >> 29; ++ ++ if( hd->count < 56 ) { /* enough room */ ++ hd->buf[hd->count++] = 0x80; /* pad */ ++ while( hd->count < 56 ) ++ hd->buf[hd->count++] = 0; /* pad */ ++ } ++ else { /* need one extra block */ ++ hd->buf[hd->count++] = 0x80; /* pad character */ ++ while( hd->count < 64 ) ++ hd->buf[hd->count++] = 0; ++ rmd160_write(hd, NULL, 0); /* flush */; ++ memset(hd->buf, 0, 56 ); /* fill next block with zeroes */ ++ } ++ /* append the 64 bit count */ ++ hd->buf[56] = lsb ; ++ hd->buf[57] = lsb >> 8; ++ hd->buf[58] = lsb >> 16; ++ hd->buf[59] = lsb >> 24; ++ hd->buf[60] = msb ; ++ hd->buf[61] = msb >> 8; ++ hd->buf[62] = msb >> 16; ++ hd->buf[63] = msb >> 24; ++ transform( hd, hd->buf ); ++ ++ p = hd->buf; ++ #if BYTE_ORDER == BIG_ENDIAN ++ #define X(a) do { *p++ = hd->h##a ; *p++ = hd->h##a >> 8; \ ++ *p++ = hd->h##a >> 16; *p++ = hd->h##a >> 24; } while(0) ++ #else /* little endian */ ++ #define X(a) do { *(u32*)p = hd->h##a ; p += 4; } while(0) ++ #endif ++ X(0); ++ X(1); ++ X(2); ++ X(3); ++ X(4); ++ #undef X ++} ++ ++/**************** ++ * Shortcut functions which puts the hash value of the supplied buffer ++ * into outbuf which must have a size of 20 bytes. ++ */ ++void ++rmd160_hash_buffer( char *outbuf, const char *buffer, size_t length ) ++{ ++ RMD160_CONTEXT hd; ++ ++ rmd160_init( &hd ); ++ rmd160_write( &hd, (byte*)buffer, length ); ++ rmd160_final( &hd ); ++ memcpy( outbuf, hd.buf, 20 ); ++} +diff -urN util-linux-2.10r/mount/rmd160.h util-linux-2.10r-cr/mount/rmd160.h +--- util-linux-2.10r/mount/rmd160.h Wed Dec 31 19:00:00 1969 ++++ util-linux-2.10r-cr/mount/rmd160.h Sun Dec 31 02:47:21 2000 +@@ -0,0 +1,9 @@ ++#ifndef RMD160_H ++#define RMD160_H ++ ++void ++rmd160_hash_buffer( char *outbuf, const char *buffer, size_t length ); ++ ++#endif /*RMD160_H*/ ++ ++ diff -urN linux-2.2.18/include/linux/crypto.h linux-2.2.18-cr/include/linux/crypto.h --- linux-2.2.18/include/linux/crypto.h Tue Jan 2 02:49:29 2001 +++ linux-2.2.18-cr/include/linux/crypto.h Mon Jan 1 17:14:35 2001 @@ -41,8 +41,8 @@ #define CIPHER_CAST256 14 #define CIPHER_DFC 15 #define CIPHER_RIJNDAEL 16 +#define CIPHER_AES 16 #define CIPHER_RC5 17 -#define CIPHER_AES 18 #define MAX_CIPHER 20 #define CIPHER_CBC 0x00010000 diff -urN linux-2.2.18/include/linux/loop.h linux-2.2.18-cr/include/linux/loop.h --- linux-2.2.18/include/linux/loop.h Tue Jan 2 02:49:29 2001 +++ linux-2.2.18-cr/include/linux/loop.h Mon Jan 1 17:21:11 2001 @@ -105,8 +105,9 @@ #define LO_CRYPT_CAST256 14 #define LO_CRYPT_DFC 15 #define LO_CRYPT_RIJNDAEL 16 +#define LO_CRYPT_AES 16 #define LO_CRYPT_RC5 17 -#define MAX_LO_CRYPT 20 +#define MAX_LO_CRYPT 20 #ifdef __KERNEL__ /* Support for loadable transfer modules */ --KsGdsel6WgEHnImy-- Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From owner-linux-crypto@nl.linux.org Wed Jan 3 17:18:20 2001 Received: by humbolt.nl.linux.org id ; Wed, 3 Jan 2001 17:17:34 +0100 Received: from eik.ii.uib.no ([129.177.16.3]:19418 "EHLO ii.uib.no") by humbolt.nl.linux.org with ESMTP id convert rfc822-to-8bit; Wed, 3 Jan 2001 17:16:53 +0100 Received: from apal-192.ii.uib.no (apal.ii.uib.no) [129.177.192.27] by ii.uib.no with esmtp (Exim 3.03) id 14Dqb2-0002sx-00 ; Wed, 03 Jan 2001 17:17:04 +0100 Received: (from gisle@localhost) by apal.ii.uib.no (8.9.3+Sun/8.9.3) id RAA25441; Wed, 3 Jan 2001 17:16:47 +0100 (MET) Date: Wed, 3 Jan 2001 17:16:47 +0100 (MET) From: Gisle S{lensminde To: Emil Laurentiu cc: John Kennedy , Marc Mutz , Subject: Re: AES In-Reply-To: <20010102032625.479002381@hal.haln> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: 8BIT Sender: owner-linux-crypto@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;linux-crypto-list On Tue, 2 Jan 2001, Emil Laurentiu wrote: > On 23 November 2000, John Kennedy wrote: > > On Mon, Nov 06, 2000 at 10:34:54AM +0100, Marc Mutz wrote: > > > Emil wrote: > > > > util-linux-2.10o.int.patch still doesn't include the AES encryption > > > > Anyone plans to do it ? > > > > > > You can easily add it to the list of known ciphers in > > > util-linux/mount/lomount.c > > > Then re-compile both mount and losetup. > > I have compiled the international patch for the latest util-linux-2.10r > It has the AES included and small modifications like zeroing the password > and the hash once they are passed to the encryption loop structure. Cool! > Also note that the sizes of keys for some encryption types have been > modified to use the maximum available keysize. No - many of the algorithms supports longer keysizes, like serpent, rc6 and blowfish, but you miss one point IMHO. Currently we use a passphrase to generate the key, and it's unlikely that the passphrase contains more than 128 bits of entropy. Allowing longer keys will probably only give false impression of security. Then it's a bad thing to break compatibility, like your patch will do for several ciphers. Another thing for Rijndael is that the number of round increase with longer keys, so a 256 bit key needs 14 rounds, while an 128 bit key only need 10 or 12, and as long as a 256 bit key don't increase security, I see no reason to use one. This is a minor point, though. If a better scheme for key management is developed, it's a different matter, but then we must also develop a new way of initialising the loop device, and can then decide which keylength to use. > (WARNING: This will prevent you from decrypting your partitions/files > if the keysize has changed so better decrypt everything before applying > this patch!!!) > > Another change is in the definitions for AES and RIJNDAEL which should be > the same since it's the same encryption method with 2 different names. > In this case AES = RIJNDAEL = 16. Choosing different numbers will break things. I fully agree with here. Could you submit a patch that _only_ does this, and keeps the keysizes for the other ciphers untouched. -- Gisle Sælensminde ( gisle@ii.uib.no ) With sufficient thrust, pigs fly just fine. However, this is not necessarily a good idea. It is hard to be sure where they are going to land, and it could be dangerous sitting under them as they fly overhead. (from RFC 1925) Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From owner-linux-crypto@nl.linux.org Thu Jan 4 09:22:06 2001 Received: by humbolt.nl.linux.org id ; Thu, 4 Jan 2001 09:21:29 +0100 Received: from mel.alcatel.fr ([212.208.74.132]:28181 "EHLO mel.alcatel.fr") by humbolt.nl.linux.org with ESMTP id ; Thu, 4 Jan 2001 09:20:47 +0100 Received: from aifhs2.alcatel.fr (mailhub.alcatel.fr [155.132.180.80]) by mel.alcatel.fr (ALCANET/SMTP) with ESMTP id JAA24323 for ; Thu, 4 Jan 2001 09:17:59 +0100 Received: from mail.bsf.alcatel.fr (mail.dit.sxb.bsf.alcatel.fr [155.132.205.115]) by aifhs2.alcatel.fr (ALCANET/SMTP2) with ESMTP id JAA12840 for ; Thu, 4 Jan 2001 09:16:23 +0100 (MET) Received: from mail (mail-bsf-alcatel-fr.dit.sxb.bsf.alcatel.fr [155.132.205.91]) by mail.bsf.alcatel.fr (8.8.8+Sun/8.9.3) with ESMTP id JAA05559 for ; Thu, 4 Jan 2001 09:19:38 +0100 (MET) Received: from cerbere (cerbere [172.25.48.4]) by mail (8.8.8+Sun/) with ESMTP id JAA05553 for ; Thu, 4 Jan 2001 09:19:38 +0100 (MET) Received: from albatros by cerbere (8.8.8+Sun/ABS1.5) id JAA28233; Thu, 4 Jan 2001 09:19:38 +0100 (MET) Received: from sxb.bsf.alcatel.fr by albatros (8.8.8+Sun/ABS1.5) id JAA19541; Thu, 4 Jan 2001 09:19:36 +0100 (MET) Message-ID: <3A543218.1505D744@sxb.bsf.alcatel.fr> Date: Thu, 04 Jan 2001 09:19:36 +0100 From: Pierre PEIFFER X-Mailer: Mozilla 4.75 [en] (X11; U; SunOS 5.6 sun4u) X-Accept-Language: fr-FR, en MIME-Version: 1.0 To: linux-crypto@nl.linux.org Subject: Problem with DES Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-linux-crypto@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;linux-crypto-list Hello everybody and happy new year ! I have problem with DES, I use kernel patch 2.2.17.10 with kernel 2.2.13 and I have the following problem: losetup return "ioctl: LOOP_SET_STATUS: Invalid argument". Since rijndael encryption works very well and since a message "Use of DES is deprecated", I was worrying if DES is still well supported and maintained ? If yes (as I supposed), let me give you more info. I have everything about loopback file and cryptography set as kernel modules(des, loop_gen, cryptoapi, and loop). And when running losetup, all this modules are well inserted, then I supposed my /etc/conf.module is right. I just have a look in /var/log/message and I have an error "modprobe: Can't locate module loop-xfer-2", but I supposed this is not a real error and has something to do with the cipher number of DES, right ? (And then in /var/log/messages, I have a message such as "Registered des (2)...") Then I have a look in the kernel code in order to trace the problem. And I first see than in loop.c, in function loop_set_status, it is "loop_init_xfer" which return -EINVAL In this function, we go in function in loop_gen_init2 (from loop_gen.c) which call "des_set_key" which return -1. And this is the problem, but I can't say why it returns -1. Has someone any idea ? Because I am a little bit "wedged", since I haven't more idea... Many thank's to everybody who can help me and to all other for having read my mail ! Pierre Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From owner-linux-crypto@nl.linux.org Thu Jan 4 10:24:18 2001 Received: by humbolt.nl.linux.org id ; Thu, 4 Jan 2001 10:23:38 +0100 Received: from mel.alcatel.fr ([212.208.74.132]:11790 "EHLO mel.alcatel.fr") by humbolt.nl.linux.org with ESMTP id ; Thu, 4 Jan 2001 10:23:00 +0100 Received: from aifhs2.alcatel.fr (mailhub.alcatel.fr [155.132.180.80]) by mel.alcatel.fr (ALCANET/SMTP) with ESMTP id KAA18307 for ; Thu, 4 Jan 2001 10:20:12 +0100 Received: from mail.bsf.alcatel.fr (mail.dit.sxb.bsf.alcatel.fr [155.132.205.115]) by aifhs2.alcatel.fr (ALCANET/SMTP2) with ESMTP id KAA05423 for ; Thu, 4 Jan 2001 10:18:37 +0100 (MET) Received: from mail (mail-bsf-alcatel-fr.dit.sxb.bsf.alcatel.fr [155.132.205.91]) by mail.bsf.alcatel.fr (8.8.8+Sun/8.9.3) with ESMTP id KAA17947 for ; Thu, 4 Jan 2001 10:21:52 +0100 (MET) Received: from cerbere (cerbere [172.25.48.4]) by mail (8.8.8+Sun/) with ESMTP id KAA17943 for ; Thu, 4 Jan 2001 10:21:52 +0100 (MET) Received: from albatros by cerbere (8.8.8+Sun/ABS1.5) id KAA08073; Thu, 4 Jan 2001 10:21:52 +0100 (MET) Received: from sxb.bsf.alcatel.fr by albatros (8.8.8+Sun/ABS1.5) id KAA19560; Thu, 4 Jan 2001 10:21:50 +0100 (MET) Message-ID: <3A5440AE.97DEEC13@sxb.bsf.alcatel.fr> Date: Thu, 04 Jan 2001 10:21:50 +0100 From: Pierre PEIFFER X-Mailer: Mozilla 4.75 [en] (X11; U; SunOS 5.6 sun4u) X-Accept-Language: fr-FR, en MIME-Version: 1.0 To: linux-crypto@nl.linux.org Subject: Re: Problem with DES References: <3A543218.1505D744@sxb.bsf.alcatel.fr> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-linux-crypto@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;linux-crypto-list Pierre PEIFFER wrote: > Hello everybody and happy new year ! > > I have problem with DES, I use kernel patch 2.2.17.10 with kernel > 2.2.13 and I have the following problem: > losetup return "ioctl: LOOP_SET_STATUS: Invalid argument". > > Since rijndael encryption works very well and since a message "Use > of DES is deprecated", I was worrying if DES is still well supported and > maintained ? > > If yes (as I supposed), let me give you more info. I have everything > about loopback file and cryptography set as kernel modules(des, > loop_gen, cryptoapi, and loop). And when running losetup, all this > modules are well inserted, then I supposed my /etc/conf.module is right. > > I just have a look in /var/log/message and I have an error > "modprobe: Can't locate module loop-xfer-2", but I supposed this is not > a real error and has something to do with the cipher number of DES, > right ? (And then in /var/log/messages, I have a message such as > "Registered des (2)...") > > Then I have a look in the kernel code in order to trace the problem. > And I first see than in loop.c, in function loop_set_status, it is > "loop_init_xfer" which return -EINVAL > > In this function, we go in function in loop_gen_init2 (from > loop_gen.c) which call "des_set_key" which return -1. And this is the > problem, but I can't say why it returns -1. I have more info, it returns -1 because of a "bad parity in key". What does it mean ? Is there a constraint on the key or the "init" value given to losetup ? Hummm, I'm a little bit lost, I don't understand... > > > Has someone any idea ? Because I am a little bit "wedged", since I > haven't more idea... > > Many thank's to everybody who can help me and to all other for > having read my mail ! > > Pierre > > Linux-crypto: cryptography in and on the Linux system > Archive: http://mail.nl.linux.org/linux-crypto/ Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From owner-linux-crypto@nl.linux.org Thu Jan 4 12:28:18 2001 Received: by humbolt.nl.linux.org id ; Thu, 4 Jan 2001 12:27:15 +0100 Received: from eik.ii.uib.no ([129.177.16.3]:2016 "EHLO ii.uib.no") by humbolt.nl.linux.org with ESMTP id convert rfc822-to-8bit; Thu, 4 Jan 2001 12:26:38 +0100 Received: from apal-192.ii.uib.no (apal.ii.uib.no) [129.177.192.27] by ii.uib.no with esmtp (Exim 3.03) id 14E8Xf-0000Gl-00 ; Thu, 04 Jan 2001 12:26:47 +0100 Received: (from gisle@localhost) by apal.ii.uib.no (8.9.3+Sun/8.9.3) id MAA13022; Thu, 4 Jan 2001 12:26:33 +0100 (MET) Date: Thu, 4 Jan 2001 12:26:33 +0100 (MET) From: Gisle S{lensminde To: Pierre PEIFFER cc: Subject: Re: Problem with DES In-Reply-To: <3A5440AE.97DEEC13@sxb.bsf.alcatel.fr> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: 8BIT Sender: owner-linux-crypto@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;linux-crypto-list On Thu, 4 Jan 2001, Pierre PEIFFER wrote: > Pierre PEIFFER wrote: > > > Hello everybody and happy new year ! > > > > I have problem with DES, I use kernel patch 2.2.17.10 with kernel > > 2.2.13 and I have the following problem: > > losetup return "ioctl: LOOP_SET_STATUS: Invalid argument". > > > > Since rijndael encryption works very well and since a message "Use > > of DES is deprecated", I was worrying if DES is still well supported and > > maintained ? Not really. DES is not considered secure by today's standards, and it's not maintained in kerneli. Unless you have an old DES-encrypted partition, you should not use it, since there's ciphers that is both faster and more secure than DES. Your problems regarding the key indicated that you not have such a partition. :-) Your problem is that you for DES (unlike the other cipher inkl 3DES) must specify the key in hexadecimal, and the key must have the parity bits correctly set. For the other ciphers, it's sufficient to enter a passphrase, which then is hashed into the actual key. To calculate the parity is not that easy, but since DES is deprecated nobody have bothered to fix this problem. I don't even know if DES works, since I never bothered to calculate a key with correct parity manually. For 3DES the parity is calculated automatically. If you have an old DES-encrypted partition somewhere, I can help you. Otherwise I recoment either Rijndael/AES, serpent or blowfish. -- Gisle Sælensminde ( gisle@ii.uib.no ) With sufficient thrust, pigs fly just fine. However, this is not necessarily a good idea. It is hard to be sure where they are going to land, and it could be dangerous sitting under them as they fly overhead. (from RFC 1925) Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From owner-linux-crypto@nl.linux.org Fri Jan 5 11:27:40 2001 Received: by humbolt.nl.linux.org id ; Fri, 5 Jan 2001 11:26:54 +0100 Received: from cr536970-a.wlfdle1.on.wave.home.com ([24.156.248.137]:37385 "EHLO nic.ath.cx") by humbolt.nl.linux.org with ESMTP id ; Fri, 5 Jan 2001 11:25:29 +0100 Received: from hal.haln (max35.direct-internet.net [207.245.193.109]) by nic.ath.cx (Postfix) with ESMTP id 3E6201F481F; Fri, 5 Jan 2001 05:25:17 -0500 (EST) Received: by hal.haln (Postfix, from userid 500) id 1D32C7E00A; Fri, 05 Jan 2001 05:24:52 -0500 (EST) Date: Fri, 5 Jan 2001 05:24:51 -0500 From: Emil Laurentiu To: Gisle S{lensminde Cc: John Kennedy , Marc Mutz , linux-crypto@nl.linux.org Subject: Re: AES Message-ID: <20010105052451.1650012181@hal.haln> Reply-To: emil@la.mine.nu References: <20010102032625.479002381@hal.haln> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary=Q68bSM7Ycu6FN28Q In-Reply-To: ; from Gisle S{lensminde on Wed, Jan 03, 2001 at 05:16:47PM +0100 X-Operating-System: Linux hal 2.2.18 X-Degrees: CLE (Certified Linux Enthusiast) X-URL: http://la.mine.nu/~emil Sender: owner-linux-crypto@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;linux-crypto-list --Q68bSM7Ycu6FN28Q Content-Type: text/plain; charset=us-ascii On 3 January 2001, Gisle S{lensminde wrote: > No - many of the algorithms supports longer keysizes, like serpent, rc6 > and blowfish, but you miss one point IMHO. Currently we use a passphrase > to generate the key, and it's unlikely that the passphrase contains > more than 128 bits of entropy. Allowing longer keys will probably only > give false impression of security. Then it's a bad thing to break > compatibility, like your patch will do for several ciphers. You are right. I haven't thought about this aspect. > I fully agree with here. Could you submit a patch that _only_ does this, > and keeps the keysizes for the other ciphers untouched. You have the patch that doesn't break the compatibly attached. Although we all are going to switch to 2.4.0 aren't we ? ;-) -- Regards, Emil -- Out of my mind - back in 5 minutes. --Q68bSM7Ycu6FN28Q Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="patch-int-2.2.18.4.diff" diff -urN linux-2.2.18/Documentation/crypto/faq.txt linux-2.2.18-cr/Documentation/crypto/faq.txt --- linux-2.2.18/Documentation/crypto/faq.txt Tue Jan 2 02:49:29 2001 +++ linux-2.2.18-cr/Documentation/crypto/faq.txt Tue Jan 2 02:42:51 2001 @@ -50,11 +50,13 @@ alias loop-xfer-gen-0 loop_gen alias loop-xfer-gen-10 loop_gen alias cipher-2 des +alias cipher-3 twofish alias cipher-4 blowfish alias cipher-6 idea alias cipher-7 serp6f alias cipher-8 mars6 alias cipher-11 rc62 +alias cipher-12 des_ede3 alias cipher-15 dfc2 alias cipher-16 rijndael alias cipher-17 rc5 diff -urN linux-2.2.18/Documentation/crypto/util-linux-2.10r.int.patch linux-2.2.18-cr/Documentation/crypto/util-linux-2.10r.int.patch --- linux-2.2.18/Documentation/crypto/util-linux-2.10r.int.patch Wed Dec 31 19:00:00 1969 +++ linux-2.2.18-cr/Documentation/crypto/util-linux-2.10r.int.patch Tue Jan 2 02:40:13 2001 @@ -0,0 +1,797 @@ +diff -urN util-linux-2.10r/mount/Makefile util-linux-2.10r-cr/mount/Makefile +--- util-linux-2.10r/mount/Makefile Fri Aug 11 17:25:26 2000 ++++ util-linux-2.10r-cr/mount/Makefile Sun Dec 31 02:47:21 2000 +@@ -28,7 +28,7 @@ + GEN_FILES = nfsmount.h nfsmount_xdr.c nfsmount_clnt.c + + # comment these out if you are not compiling in loop support +-LO_OBJS=lomount.o ++LO_OBJS=lomount.o rmd160.o + + all: $(PROGS) + +@@ -59,7 +59,7 @@ + losetup.o: lomount.c + $(COMPILE) -DMAIN lomount.c -o $@ + +-losetup: losetup.o ++losetup: losetup.o rmd160.o + $(LINK) $^ -o $@ + + mount.o umount.o nfsmount.o losetup.o fstab.o realpath.o sundries.o: sundries.h +diff -urN util-linux-2.10r/mount/lomount.c util-linux-2.10r-cr/mount/lomount.c +--- util-linux-2.10r/mount/lomount.c Sat Aug 5 11:52:28 2000 ++++ util-linux-2.10r-cr/mount/lomount.c Tue Jan 2 02:14:06 2001 +@@ -27,6 +27,7 @@ + + #include "loop.h" + #include "lomount.h" ++#include "rmd160.h" + #include "nls.h" + + extern int verbose; +@@ -34,15 +35,30 @@ + extern void error (const char *fmt, ...); /* idem */ + + #ifdef LOOP_SET_FD ++/* maximum key length has been used */ + struct crypt_type_struct { + int id; + char *name; ++ int keylength; + } crypt_type_tbl[] = { +- { LO_CRYPT_NONE, "no" }, +- { LO_CRYPT_NONE, "none" }, +- { LO_CRYPT_XOR, "xor" }, +- { LO_CRYPT_DES, "DES" }, +- { -1, NULL } ++ { LO_CRYPT_NONE, "no", 0 }, ++ { LO_CRYPT_NONE, "none", 0 }, ++ { LO_CRYPT_XOR, "xor", 0 }, ++/* { LO_CRYPT_DES, "DES", 8 }, */ ++ { LO_CRYPT_FISH2, "twofish", 20 }, /* max 32 */ ++ { LO_CRYPT_BLOW, "blowfish", 20 }, /* max 32 */ ++ { LO_CRYPT_CAST128, "cast128", 16 }, ++ { LO_CRYPT_IDEA, "idea", 16 }, ++ { LO_CRYPT_SERPENT, "serpent", 16 }, ++ { LO_CRYPT_MARS, "mars", 16 }, ++ { LO_CRYPT_RC6, "rc6", 16 }, ++ { LO_CRYPT_DES_EDE3, "DES_EDE3", 24 }, ++/* { LO_CRYPT_CAST256, "cast256", 32 }, */ ++ { LO_CRYPT_DFC, "dfc", 16 }, /* max 32 */ ++ { LO_CRYPT_RIJNDAEL, "rijndael", 16 }, /* max 32 */ ++ { LO_CRYPT_RIJNDAEL, "AES", 16 }, /* max 32 */ ++ { LO_CRYPT_RC5, "rc5", 32 }, ++ { -1, NULL,0 } + }; + + static int +@@ -167,12 +183,18 @@ + return 0; + } + ++#define HASHLENGTH 20 ++#define PASSWDBUFFLEN 130 /* getpass returns only max. 128 bytes, see man getpass */ ++ + int + set_loop (const char *device, const char *file, int offset, + const char *encryption, int *loopro) { + struct loop_info loopinfo; + int fd, ffd, mode, i; ++ int keylength; + char *pass; ++ char keybits[2*HASHLENGTH]; ++ char passwdbuff[PASSWDBUFFLEN]; + + mode = (*loopro ? O_RDONLY : O_RDWR); + if ((ffd = open (file, mode)) < 0) { +@@ -224,6 +246,7 @@ + loopinfo.lo_encrypt_key_size = strlen(loopinfo.lo_encrypt_key); + break; + case LO_CRYPT_DES: ++ printf(_("WARNING: Use of DES is depreciated.\n")); + pass = getpass (_("Password: ")); + strncpy (loopinfo.lo_encrypt_key, pass, 8); + loopinfo.lo_encrypt_key[8] = 0; +@@ -240,6 +263,39 @@ + return 1; + } + break; ++ case LO_CRYPT_FISH2: ++ case LO_CRYPT_BLOW: ++ case LO_CRYPT_CAST128: ++ case LO_CRYPT_IDEA: ++ case LO_CRYPT_SERPENT: ++ case LO_CRYPT_MARS: ++ case LO_CRYPT_RC6: ++ case LO_CRYPT_DES_EDE3: ++ case LO_CRYPT_CAST256: ++ case LO_CRYPT_DFC: ++ case LO_CRYPT_RIJNDAEL: ++ case LO_CRYPT_RC5: ++ pass = getpass("Password: "); ++ strncpy(passwdbuff+1,pass,PASSWDBUFFLEN-1); ++ passwdbuff[0] = 'A'; ++ /* use the rmd160 function twice to generate a 40 bytes hash */ ++ rmd160_hash_buffer(keybits,pass,strlen(pass)); ++ rmd160_hash_buffer(keybits+HASHLENGTH,passwdbuff,strlen(pass)+1); ++ /* zero unencrypted passwords in memory */ ++ memset( pass, 0, strlen(pass) ); ++ memset( passwdbuff, 0, PASSWDBUFFLEN ); ++ keylength=0; ++ for(i=0; crypt_type_tbl[i].id != -1; i++){ ++ if(loopinfo.lo_encrypt_type == crypt_type_tbl[i].id){ ++ keylength = crypt_type_tbl[i].keylength; ++ break; ++ } ++ } ++ loopinfo.lo_encrypt_key_size=keylength; ++ memcpy((char*)loopinfo.lo_encrypt_key,keybits,keylength); ++ /* zero hash (source) in memory */ ++ memset( keybits, 0, keylength ); ++ break; + default: + fprintf (stderr, + _("Don't know how to get key for encryption system %d\n"), +@@ -324,11 +380,18 @@ + + static void + usage(void) { ++ struct crypt_type_struct *c; + fprintf(stderr, _("usage:\n\ + %s loop_device # give info\n\ + %s -d loop_device # delete\n\ + %s [ -e encryption ] [ -o offset ] loop_device file # setup\n"), + progname, progname, progname); ++ fprintf(stderr, " where encryption is one of:\n"); ++ c = &crypt_type_tbl[0]; ++ while(c->name) { ++ fprintf(stderr, " %s\n", c->name); ++ c++; ++ } + exit(1); + } + +diff -urN util-linux-2.10r/mount/losetup.8 util-linux-2.10r-cr/mount/losetup.8 +--- util-linux-2.10r/mount/losetup.8 Fri Aug 11 07:11:30 2000 ++++ util-linux-2.10r-cr/mount/losetup.8 Tue Jan 2 02:39:38 2001 +@@ -36,11 +36,51 @@ + .PD 0 + .IP \fBXOR\fP + use a simple XOR encryption. +-.IP \fBDES\fP +-use DES encryption. DES encryption is only available if the optional +-DES package has been added to the kernel. DES encryption uses an additional +-start value that is used to protect passwords against dictionary +-attacks. ++.IP \fBBlowfish\fP ++use Blowfish encryption. Blowfish encryption is only available if you ++are using the international kernel and Blowfish encryption has been ++enabled in the Crypto API. ++.IP \fBTwofish\fP ++use Twofish encryption. Twofish encryption is only available if you are ++using the international kernel and Twofish encryption has been enabled ++in the Crypto API. Module loop_fish2 should be used rather than loop_gen. ++.IP \fBCAST128\fP ++use CAST128 encryption. CAST128 encryption is only available if you are ++using the international kernel and CAST128 encryption has been enabled ++in the Crypto API. Module loop_cast should be used rather than loop_gen. ++.IP \fBDES_EDE3\fP ++use DES_EDE3 (triple DES) encryption. DES_EDE3 encryption is only ++available if you are using the international kernel and triple DES ++encryption has been enabled in the Crypto API. ++.IP \fBAES (Rijndael)\fP ++use AES (Rijndael) encryption. The Rijndael encryption is the ++Advanced Encryption Standard winner and is only available if you ++are using the international kernel and AES (Rijndael) has been ++enabled in the Crypto API. ++.IP \fBDFC\fP ++use DFC encryption. DFC encryption is only available if you ++are using the international kernel and DFC encryption has been ++enabled in the Crypto API. ++.IP \fBIDEA\fP ++use IDEA encryption. IDEA encryption is only available if you ++are using the international kernel and IDEA encryption has been ++enabled in the Crypto API. ++.IP \fBMARS\fP ++use MARS encryption. MARS encryption is only available if you ++are using the international kernel and MARS encryption has been ++enabled in the Crypto API. ++.IP \fBRC5\fP ++use RC5 encryption. RC5 encryption is only available if you ++are using the international kernel and RC5 encryption has been ++enabled in the Crypto API. ++.IP \fBRC6\fP ++use RC6 encryption. RC6 encryption is only available if you ++are using the international kernel and RC6 encryption has been ++enabled in the Crypto API. ++.IP \fBSerpent\fP ++use Serpent encryption. Serpent encryption is only available if you ++are using the international kernel and Serpent encryption has been ++enabled in the Crypto API. + .PD + .RE + .IP "\fB\-o \fIoffset\fP" +@@ -58,6 +98,7 @@ + .SH FILES + .nf + /dev/loop0,/dev/loop1,... loop devices (major=7) ++/proc/crypto/cipher/* available ciphers + .fi + .SH EXAMPLE + If you are using the loadable module you must have the module loaded +@@ -69,9 +110,8 @@ + .nf + .IP + dd if=/dev/zero of=/file bs=1k count=100 +-losetup -e des /dev/loop0 /file ++losetup -e blowfish /dev/loop0 /file + Password: +-Init (up to 16 hex digits): + mkfs -t ext2 /dev/loop0 100 + mount -t ext2 /dev/loop0 /mnt + ... +@@ -85,8 +125,12 @@ + # rmmod loop + .LP + .fi +-.SH RESTRICTION +-DES encryption is painfully slow. On the other hand, XOR is terribly weak. ++.SH RESTRICTIONS ++DES encryption is painfully slow. On the other hand, XOR is terribly ++weak. Both are insecure nowadays. Some ciphers require a licence for ++you to be allowed to use them. ++.SH BUGS ++CAST, DES, RC5 and Twofish are currently broken and cannot be used. + .SH AUTHORS + .nf + Original version: Theodore Ts'o +diff -urN util-linux-2.10r/mount/rmd160.c util-linux-2.10r-cr/mount/rmd160.c +--- util-linux-2.10r/mount/rmd160.c Wed Dec 31 19:00:00 1969 ++++ util-linux-2.10r-cr/mount/rmd160.c Sun Dec 31 02:47:21 2000 +@@ -0,0 +1,532 @@ ++/* rmd160.c - RIPE-MD160 ++ * Copyright (C) 1998 Free Software Foundation, Inc. ++ */ ++ ++/* This file was part of GnuPG. Modified for use within the Linux ++ * mount utility by Marc Mutz . None of this code is ++ * by myself. I just removed everything that you don't need when all ++ * you want to do is to use rmd160_hash_buffer(). ++ * My comments are marked with (mm). */ ++ ++/* GnuPG is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation; either version 2 of the License, or ++ * (at your option) any later version. ++ * ++ * GnuPG is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ ++ ++#include /* (mm) for memcpy */ ++#include /* (mm) for BIG_ENDIAN and BYTE_ORDER */ ++#include "rmd160.h" ++ ++/* (mm) these are used by the original GnuPG file. In order to modify ++ * that file not too much, we keep the notations. maybe it would be ++ * better to include linux/types.h and typedef __u32 to u32 and __u8 ++ * to byte? */ ++typedef unsigned int u32; /* taken from e.g. util-linux's minix.h */ ++typedef unsigned char byte; ++ ++typedef struct { ++ u32 h0,h1,h2,h3,h4; ++ u32 nblocks; ++ byte buf[64]; ++ int count; ++} RMD160_CONTEXT; ++ ++/**************** ++ * Rotate a 32 bit integer by n bytes ++ */ ++#if defined(__GNUC__) && defined(__i386__) ++static inline u32 ++rol( u32 x, int n) ++{ ++ __asm__("roll %%cl,%0" ++ :"=r" (x) ++ :"0" (x),"c" (n)); ++ return x; ++} ++#else ++ #define rol(x,n) ( ((x) << (n)) | ((x) >> (32-(n))) ) ++#endif ++ ++/********************************* ++ * RIPEMD-160 is not patented, see (as of 25.10.97) ++ * http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html ++ * Note that the code uses Little Endian byteorder, which is good for ++ * 386 etc, but we must add some conversion when used on a big endian box. ++ * ++ * ++ * Pseudo-code for RIPEMD-160 ++ * ++ * RIPEMD-160 is an iterative hash function that operates on 32-bit words. ++ * The round function takes as input a 5-word chaining variable and a 16-word ++ * message block and maps this to a new chaining variable. All operations are ++ * defined on 32-bit words. Padding is identical to that of MD4. ++ * ++ * ++ * RIPEMD-160: definitions ++ * ++ * ++ * nonlinear functions at bit level: exor, mux, -, mux, - ++ * ++ * f(j, x, y, z) = x XOR y XOR z (0 <= j <= 15) ++ * f(j, x, y, z) = (x AND y) OR (NOT(x) AND z) (16 <= j <= 31) ++ * f(j, x, y, z) = (x OR NOT(y)) XOR z (32 <= j <= 47) ++ * f(j, x, y, z) = (x AND z) OR (y AND NOT(z)) (48 <= j <= 63) ++ * f(j, x, y, z) = x XOR (y OR NOT(z)) (64 <= j <= 79) ++ * ++ * ++ * added constants (hexadecimal) ++ * ++ * K(j) = 0x00000000 (0 <= j <= 15) ++ * K(j) = 0x5A827999 (16 <= j <= 31) int(2**30 x sqrt(2)) ++ * K(j) = 0x6ED9EBA1 (32 <= j <= 47) int(2**30 x sqrt(3)) ++ * K(j) = 0x8F1BBCDC (48 <= j <= 63) int(2**30 x sqrt(5)) ++ * K(j) = 0xA953FD4E (64 <= j <= 79) int(2**30 x sqrt(7)) ++ * K'(j) = 0x50A28BE6 (0 <= j <= 15) int(2**30 x cbrt(2)) ++ * K'(j) = 0x5C4DD124 (16 <= j <= 31) int(2**30 x cbrt(3)) ++ * K'(j) = 0x6D703EF3 (32 <= j <= 47) int(2**30 x cbrt(5)) ++ * K'(j) = 0x7A6D76E9 (48 <= j <= 63) int(2**30 x cbrt(7)) ++ * K'(j) = 0x00000000 (64 <= j <= 79) ++ * ++ * ++ * selection of message word ++ * ++ * r(j) = j (0 <= j <= 15) ++ * r(16..31) = 7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8 ++ * r(32..47) = 3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12 ++ * r(48..63) = 1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2 ++ * r(64..79) = 4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13 ++ * r0(0..15) = 5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12 ++ * r0(16..31)= 6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2 ++ * r0(32..47)= 15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13 ++ * r0(48..63)= 8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14 ++ * r0(64..79)= 12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11 ++ * ++ * ++ * amount for rotate left (rol) ++ * ++ * s(0..15) = 11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8 ++ * s(16..31) = 7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12 ++ * s(32..47) = 11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5 ++ * s(48..63) = 11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12 ++ * s(64..79) = 9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6 ++ * s'(0..15) = 8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6 ++ * s'(16..31)= 9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11 ++ * s'(32..47)= 9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5 ++ * s'(48..63)= 15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8 ++ * s'(64..79)= 8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11 ++ * ++ * ++ * initial value (hexadecimal) ++ * ++ * h0 = 0x67452301; h1 = 0xEFCDAB89; h2 = 0x98BADCFE; h3 = 0x10325476; ++ * h4 = 0xC3D2E1F0; ++ * ++ * ++ * RIPEMD-160: pseudo-code ++ * ++ * It is assumed that the message after padding consists of t 16-word blocks ++ * that will be denoted with X[i][j], with 0 <= i <= t-1 and 0 <= j <= 15. ++ * The symbol [+] denotes addition modulo 2**32 and rol_s denotes cyclic left ++ * shift (rotate) over s positions. ++ * ++ * ++ * for i := 0 to t-1 { ++ * A := h0; B := h1; C := h2; D = h3; E = h4; ++ * A' := h0; B' := h1; C' := h2; D' = h3; E' = h4; ++ * for j := 0 to 79 { ++ * T := rol_s(j)(A [+] f(j, B, C, D) [+] X[i][r(j)] [+] K(j)) [+] E; ++ * A := E; E := D; D := rol_10(C); C := B; B := T; ++ * T := rol_s'(j)(A' [+] f(79-j, B', C', D') [+] X[i][r'(j)] ++ [+] K'(j)) [+] E'; ++ * A' := E'; E' := D'; D' := rol_10(C'); C' := B'; B' := T; ++ * } ++ * T := h1 [+] C [+] D'; h1 := h2 [+] D [+] E'; h2 := h3 [+] E [+] A'; ++ * h3 := h4 [+] A [+] B'; h4 := h0 [+] B [+] C'; h0 := T; ++ * } ++ */ ++ ++/* Some examples: ++ * "" 9c1185a5c5e9fc54612808977ee8f548b2258d31 ++ * "a" 0bdc9d2d256b3ee9daae347be6f4dc835a467ffe ++ * "abc" 8eb208f7e05d987a9b044a8e98c6b087f15a0bfc ++ * "message digest" 5d0689ef49d2fae572b881b123a85ffa21595f36 ++ * "a...z" f71c27109c692c1b56bbdceb5b9d2865b3708dbc ++ * "abcdbcde...nopq" 12a053384a9c0c88e405a06c27dcf49ada62eb2b ++ * "A...Za...z0...9" b0e20b6e3116640286ed3a87a5713079b21f5189 ++ * 8 times "1234567890" 9b752e45573d4b39f4dbd3323cab82bf63326bfb ++ * 1 million times "a" 52783243c1697bdbe16d37f97f68f08325dc1528 ++ */ ++ ++ ++static void ++rmd160_init( RMD160_CONTEXT *hd ) ++{ ++ hd->h0 = 0x67452301; ++ hd->h1 = 0xEFCDAB89; ++ hd->h2 = 0x98BADCFE; ++ hd->h3 = 0x10325476; ++ hd->h4 = 0xC3D2E1F0; ++ hd->nblocks = 0; ++ hd->count = 0; ++} ++ ++ ++ ++/**************** ++ * Transform the message X which consists of 16 32-bit-words ++ */ ++static void ++transform( RMD160_CONTEXT *hd, byte *data ) ++{ ++ u32 a,b,c,d,e,aa,bb,cc,dd,ee,t; ++ #if BYTE_ORDER == BIG_ENDIAN ++ u32 x[16]; ++ { int i; ++ byte *p2, *p1; ++ for(i=0, p1=data, p2=(byte*)x; i < 16; i++, p2 += 4 ) { ++ p2[3] = *p1++; ++ p2[2] = *p1++; ++ p2[1] = *p1++; ++ p2[0] = *p1++; ++ } ++ } ++ #else ++ #if 0 ++ u32 *x =(u32*)data; ++ #else ++ /* this version is better because it is always aligned; ++ * The performance penalty on a 586-100 is about 6% which ++ * is acceptable - because the data is more local it might ++ * also be possible that this is faster on some machines. ++ * This function (when compiled with -02 on gcc 2.7.2) ++ * executes on a 586-100 (39.73 bogomips) at about 1900kb/sec; ++ * [measured with a 4MB data and "gpgm --print-md rmd160"] */ ++ u32 x[16]; ++ memcpy( x, data, 64 ); ++ #endif ++ #endif ++ ++ ++#define K0 0x00000000 ++#define K1 0x5A827999 ++#define K2 0x6ED9EBA1 ++#define K3 0x8F1BBCDC ++#define K4 0xA953FD4E ++#define KK0 0x50A28BE6 ++#define KK1 0x5C4DD124 ++#define KK2 0x6D703EF3 ++#define KK3 0x7A6D76E9 ++#define KK4 0x00000000 ++#define F0(x,y,z) ( (x) ^ (y) ^ (z) ) ++#define F1(x,y,z) ( ((x) & (y)) | (~(x) & (z)) ) ++#define F2(x,y,z) ( ((x) | ~(y)) ^ (z) ) ++#define F3(x,y,z) ( ((x) & (z)) | ((y) & ~(z)) ) ++#define F4(x,y,z) ( (x) ^ ((y) | ~(z)) ) ++#define R(a,b,c,d,e,f,k,r,s) do { t = a + f(b,c,d) + k + x[r]; \ ++ a = rol(t,s) + e; \ ++ c = rol(c,10); \ ++ } while(0) ++ ++ /* left lane */ ++ a = hd->h0; ++ b = hd->h1; ++ c = hd->h2; ++ d = hd->h3; ++ e = hd->h4; ++ R( a, b, c, d, e, F0, K0, 0, 11 ); ++ R( e, a, b, c, d, F0, K0, 1, 14 ); ++ R( d, e, a, b, c, F0, K0, 2, 15 ); ++ R( c, d, e, a, b, F0, K0, 3, 12 ); ++ R( b, c, d, e, a, F0, K0, 4, 5 ); ++ R( a, b, c, d, e, F0, K0, 5, 8 ); ++ R( e, a, b, c, d, F0, K0, 6, 7 ); ++ R( d, e, a, b, c, F0, K0, 7, 9 ); ++ R( c, d, e, a, b, F0, K0, 8, 11 ); ++ R( b, c, d, e, a, F0, K0, 9, 13 ); ++ R( a, b, c, d, e, F0, K0, 10, 14 ); ++ R( e, a, b, c, d, F0, K0, 11, 15 ); ++ R( d, e, a, b, c, F0, K0, 12, 6 ); ++ R( c, d, e, a, b, F0, K0, 13, 7 ); ++ R( b, c, d, e, a, F0, K0, 14, 9 ); ++ R( a, b, c, d, e, F0, K0, 15, 8 ); ++ R( e, a, b, c, d, F1, K1, 7, 7 ); ++ R( d, e, a, b, c, F1, K1, 4, 6 ); ++ R( c, d, e, a, b, F1, K1, 13, 8 ); ++ R( b, c, d, e, a, F1, K1, 1, 13 ); ++ R( a, b, c, d, e, F1, K1, 10, 11 ); ++ R( e, a, b, c, d, F1, K1, 6, 9 ); ++ R( d, e, a, b, c, F1, K1, 15, 7 ); ++ R( c, d, e, a, b, F1, K1, 3, 15 ); ++ R( b, c, d, e, a, F1, K1, 12, 7 ); ++ R( a, b, c, d, e, F1, K1, 0, 12 ); ++ R( e, a, b, c, d, F1, K1, 9, 15 ); ++ R( d, e, a, b, c, F1, K1, 5, 9 ); ++ R( c, d, e, a, b, F1, K1, 2, 11 ); ++ R( b, c, d, e, a, F1, K1, 14, 7 ); ++ R( a, b, c, d, e, F1, K1, 11, 13 ); ++ R( e, a, b, c, d, F1, K1, 8, 12 ); ++ R( d, e, a, b, c, F2, K2, 3, 11 ); ++ R( c, d, e, a, b, F2, K2, 10, 13 ); ++ R( b, c, d, e, a, F2, K2, 14, 6 ); ++ R( a, b, c, d, e, F2, K2, 4, 7 ); ++ R( e, a, b, c, d, F2, K2, 9, 14 ); ++ R( d, e, a, b, c, F2, K2, 15, 9 ); ++ R( c, d, e, a, b, F2, K2, 8, 13 ); ++ R( b, c, d, e, a, F2, K2, 1, 15 ); ++ R( a, b, c, d, e, F2, K2, 2, 14 ); ++ R( e, a, b, c, d, F2, K2, 7, 8 ); ++ R( d, e, a, b, c, F2, K2, 0, 13 ); ++ R( c, d, e, a, b, F2, K2, 6, 6 ); ++ R( b, c, d, e, a, F2, K2, 13, 5 ); ++ R( a, b, c, d, e, F2, K2, 11, 12 ); ++ R( e, a, b, c, d, F2, K2, 5, 7 ); ++ R( d, e, a, b, c, F2, K2, 12, 5 ); ++ R( c, d, e, a, b, F3, K3, 1, 11 ); ++ R( b, c, d, e, a, F3, K3, 9, 12 ); ++ R( a, b, c, d, e, F3, K3, 11, 14 ); ++ R( e, a, b, c, d, F3, K3, 10, 15 ); ++ R( d, e, a, b, c, F3, K3, 0, 14 ); ++ R( c, d, e, a, b, F3, K3, 8, 15 ); ++ R( b, c, d, e, a, F3, K3, 12, 9 ); ++ R( a, b, c, d, e, F3, K3, 4, 8 ); ++ R( e, a, b, c, d, F3, K3, 13, 9 ); ++ R( d, e, a, b, c, F3, K3, 3, 14 ); ++ R( c, d, e, a, b, F3, K3, 7, 5 ); ++ R( b, c, d, e, a, F3, K3, 15, 6 ); ++ R( a, b, c, d, e, F3, K3, 14, 8 ); ++ R( e, a, b, c, d, F3, K3, 5, 6 ); ++ R( d, e, a, b, c, F3, K3, 6, 5 ); ++ R( c, d, e, a, b, F3, K3, 2, 12 ); ++ R( b, c, d, e, a, F4, K4, 4, 9 ); ++ R( a, b, c, d, e, F4, K4, 0, 15 ); ++ R( e, a, b, c, d, F4, K4, 5, 5 ); ++ R( d, e, a, b, c, F4, K4, 9, 11 ); ++ R( c, d, e, a, b, F4, K4, 7, 6 ); ++ R( b, c, d, e, a, F4, K4, 12, 8 ); ++ R( a, b, c, d, e, F4, K4, 2, 13 ); ++ R( e, a, b, c, d, F4, K4, 10, 12 ); ++ R( d, e, a, b, c, F4, K4, 14, 5 ); ++ R( c, d, e, a, b, F4, K4, 1, 12 ); ++ R( b, c, d, e, a, F4, K4, 3, 13 ); ++ R( a, b, c, d, e, F4, K4, 8, 14 ); ++ R( e, a, b, c, d, F4, K4, 11, 11 ); ++ R( d, e, a, b, c, F4, K4, 6, 8 ); ++ R( c, d, e, a, b, F4, K4, 15, 5 ); ++ R( b, c, d, e, a, F4, K4, 13, 6 ); ++ ++ aa = a; bb = b; cc = c; dd = d; ee = e; ++ ++ /* right lane */ ++ a = hd->h0; ++ b = hd->h1; ++ c = hd->h2; ++ d = hd->h3; ++ e = hd->h4; ++ R( a, b, c, d, e, F4, KK0, 5, 8); ++ R( e, a, b, c, d, F4, KK0, 14, 9); ++ R( d, e, a, b, c, F4, KK0, 7, 9); ++ R( c, d, e, a, b, F4, KK0, 0, 11); ++ R( b, c, d, e, a, F4, KK0, 9, 13); ++ R( a, b, c, d, e, F4, KK0, 2, 15); ++ R( e, a, b, c, d, F4, KK0, 11, 15); ++ R( d, e, a, b, c, F4, KK0, 4, 5); ++ R( c, d, e, a, b, F4, KK0, 13, 7); ++ R( b, c, d, e, a, F4, KK0, 6, 7); ++ R( a, b, c, d, e, F4, KK0, 15, 8); ++ R( e, a, b, c, d, F4, KK0, 8, 11); ++ R( d, e, a, b, c, F4, KK0, 1, 14); ++ R( c, d, e, a, b, F4, KK0, 10, 14); ++ R( b, c, d, e, a, F4, KK0, 3, 12); ++ R( a, b, c, d, e, F4, KK0, 12, 6); ++ R( e, a, b, c, d, F3, KK1, 6, 9); ++ R( d, e, a, b, c, F3, KK1, 11, 13); ++ R( c, d, e, a, b, F3, KK1, 3, 15); ++ R( b, c, d, e, a, F3, KK1, 7, 7); ++ R( a, b, c, d, e, F3, KK1, 0, 12); ++ R( e, a, b, c, d, F3, KK1, 13, 8); ++ R( d, e, a, b, c, F3, KK1, 5, 9); ++ R( c, d, e, a, b, F3, KK1, 10, 11); ++ R( b, c, d, e, a, F3, KK1, 14, 7); ++ R( a, b, c, d, e, F3, KK1, 15, 7); ++ R( e, a, b, c, d, F3, KK1, 8, 12); ++ R( d, e, a, b, c, F3, KK1, 12, 7); ++ R( c, d, e, a, b, F3, KK1, 4, 6); ++ R( b, c, d, e, a, F3, KK1, 9, 15); ++ R( a, b, c, d, e, F3, KK1, 1, 13); ++ R( e, a, b, c, d, F3, KK1, 2, 11); ++ R( d, e, a, b, c, F2, KK2, 15, 9); ++ R( c, d, e, a, b, F2, KK2, 5, 7); ++ R( b, c, d, e, a, F2, KK2, 1, 15); ++ R( a, b, c, d, e, F2, KK2, 3, 11); ++ R( e, a, b, c, d, F2, KK2, 7, 8); ++ R( d, e, a, b, c, F2, KK2, 14, 6); ++ R( c, d, e, a, b, F2, KK2, 6, 6); ++ R( b, c, d, e, a, F2, KK2, 9, 14); ++ R( a, b, c, d, e, F2, KK2, 11, 12); ++ R( e, a, b, c, d, F2, KK2, 8, 13); ++ R( d, e, a, b, c, F2, KK2, 12, 5); ++ R( c, d, e, a, b, F2, KK2, 2, 14); ++ R( b, c, d, e, a, F2, KK2, 10, 13); ++ R( a, b, c, d, e, F2, KK2, 0, 13); ++ R( e, a, b, c, d, F2, KK2, 4, 7); ++ R( d, e, a, b, c, F2, KK2, 13, 5); ++ R( c, d, e, a, b, F1, KK3, 8, 15); ++ R( b, c, d, e, a, F1, KK3, 6, 5); ++ R( a, b, c, d, e, F1, KK3, 4, 8); ++ R( e, a, b, c, d, F1, KK3, 1, 11); ++ R( d, e, a, b, c, F1, KK3, 3, 14); ++ R( c, d, e, a, b, F1, KK3, 11, 14); ++ R( b, c, d, e, a, F1, KK3, 15, 6); ++ R( a, b, c, d, e, F1, KK3, 0, 14); ++ R( e, a, b, c, d, F1, KK3, 5, 6); ++ R( d, e, a, b, c, F1, KK3, 12, 9); ++ R( c, d, e, a, b, F1, KK3, 2, 12); ++ R( b, c, d, e, a, F1, KK3, 13, 9); ++ R( a, b, c, d, e, F1, KK3, 9, 12); ++ R( e, a, b, c, d, F1, KK3, 7, 5); ++ R( d, e, a, b, c, F1, KK3, 10, 15); ++ R( c, d, e, a, b, F1, KK3, 14, 8); ++ R( b, c, d, e, a, F0, KK4, 12, 8); ++ R( a, b, c, d, e, F0, KK4, 15, 5); ++ R( e, a, b, c, d, F0, KK4, 10, 12); ++ R( d, e, a, b, c, F0, KK4, 4, 9); ++ R( c, d, e, a, b, F0, KK4, 1, 12); ++ R( b, c, d, e, a, F0, KK4, 5, 5); ++ R( a, b, c, d, e, F0, KK4, 8, 14); ++ R( e, a, b, c, d, F0, KK4, 7, 6); ++ R( d, e, a, b, c, F0, KK4, 6, 8); ++ R( c, d, e, a, b, F0, KK4, 2, 13); ++ R( b, c, d, e, a, F0, KK4, 13, 6); ++ R( a, b, c, d, e, F0, KK4, 14, 5); ++ R( e, a, b, c, d, F0, KK4, 0, 15); ++ R( d, e, a, b, c, F0, KK4, 3, 13); ++ R( c, d, e, a, b, F0, KK4, 9, 11); ++ R( b, c, d, e, a, F0, KK4, 11, 11); ++ ++ ++ t = hd->h1 + d + cc; ++ hd->h1 = hd->h2 + e + dd; ++ hd->h2 = hd->h3 + a + ee; ++ hd->h3 = hd->h4 + b + aa; ++ hd->h4 = hd->h0 + c + bb; ++ hd->h0 = t; ++} ++ ++ ++/* Update the message digest with the contents ++ * of INBUF with length INLEN. ++ */ ++static void ++rmd160_write( RMD160_CONTEXT *hd, byte *inbuf, size_t inlen) ++{ ++ if( hd->count == 64 ) { /* flush the buffer */ ++ transform( hd, hd->buf ); ++ hd->count = 0; ++ hd->nblocks++; ++ } ++ if( !inbuf ) ++ return; ++ if( hd->count ) { ++ for( ; inlen && hd->count < 64; inlen-- ) ++ hd->buf[hd->count++] = *inbuf++; ++ rmd160_write( hd, NULL, 0 ); ++ if( !inlen ) ++ return; ++ } ++ ++ while( inlen >= 64 ) { ++ transform( hd, inbuf ); ++ hd->count = 0; ++ hd->nblocks++; ++ inlen -= 64; ++ inbuf += 64; ++ } ++ for( ; inlen && hd->count < 64; inlen-- ) ++ hd->buf[hd->count++] = *inbuf++; ++} ++ ++/* The routine terminates the computation ++ */ ++ ++static void ++rmd160_final( RMD160_CONTEXT *hd ) ++{ ++ u32 t, msb, lsb; ++ byte *p; ++ ++ rmd160_write(hd, NULL, 0); /* flush */; ++ ++ msb = 0; ++ t = hd->nblocks; ++ if( (lsb = t << 6) < t ) /* multiply by 64 to make a byte count */ ++ msb++; ++ msb += t >> 26; ++ t = lsb; ++ if( (lsb = t + hd->count) < t ) /* add the count */ ++ msb++; ++ t = lsb; ++ if( (lsb = t << 3) < t ) /* multiply by 8 to make a bit count */ ++ msb++; ++ msb += t >> 29; ++ ++ if( hd->count < 56 ) { /* enough room */ ++ hd->buf[hd->count++] = 0x80; /* pad */ ++ while( hd->count < 56 ) ++ hd->buf[hd->count++] = 0; /* pad */ ++ } ++ else { /* need one extra block */ ++ hd->buf[hd->count++] = 0x80; /* pad character */ ++ while( hd->count < 64 ) ++ hd->buf[hd->count++] = 0; ++ rmd160_write(hd, NULL, 0); /* flush */; ++ memset(hd->buf, 0, 56 ); /* fill next block with zeroes */ ++ } ++ /* append the 64 bit count */ ++ hd->buf[56] = lsb ; ++ hd->buf[57] = lsb >> 8; ++ hd->buf[58] = lsb >> 16; ++ hd->buf[59] = lsb >> 24; ++ hd->buf[60] = msb ; ++ hd->buf[61] = msb >> 8; ++ hd->buf[62] = msb >> 16; ++ hd->buf[63] = msb >> 24; ++ transform( hd, hd->buf ); ++ ++ p = hd->buf; ++ #if BYTE_ORDER == BIG_ENDIAN ++ #define X(a) do { *p++ = hd->h##a ; *p++ = hd->h##a >> 8; \ ++ *p++ = hd->h##a >> 16; *p++ = hd->h##a >> 24; } while(0) ++ #else /* little endian */ ++ #define X(a) do { *(u32*)p = hd->h##a ; p += 4; } while(0) ++ #endif ++ X(0); ++ X(1); ++ X(2); ++ X(3); ++ X(4); ++ #undef X ++} ++ ++/**************** ++ * Shortcut functions which puts the hash value of the supplied buffer ++ * into outbuf which must have a size of 20 bytes. ++ */ ++void ++rmd160_hash_buffer( char *outbuf, const char *buffer, size_t length ) ++{ ++ RMD160_CONTEXT hd; ++ ++ rmd160_init( &hd ); ++ rmd160_write( &hd, (byte*)buffer, length ); ++ rmd160_final( &hd ); ++ memcpy( outbuf, hd.buf, 20 ); ++} +diff -urN util-linux-2.10r/mount/rmd160.h util-linux-2.10r-cr/mount/rmd160.h +--- util-linux-2.10r/mount/rmd160.h Wed Dec 31 19:00:00 1969 ++++ util-linux-2.10r-cr/mount/rmd160.h Sun Dec 31 02:47:21 2000 +@@ -0,0 +1,9 @@ ++#ifndef RMD160_H ++#define RMD160_H ++ ++void ++rmd160_hash_buffer( char *outbuf, const char *buffer, size_t length ); ++ ++#endif /*RMD160_H*/ ++ ++ diff -urN linux-2.2.18/include/linux/crypto.h linux-2.2.18-cr/include/linux/crypto.h --- linux-2.2.18/include/linux/crypto.h Tue Jan 2 02:49:29 2001 +++ linux-2.2.18-cr/include/linux/crypto.h Mon Jan 1 17:14:35 2001 @@ -41,8 +41,8 @@ #define CIPHER_CAST256 14 #define CIPHER_DFC 15 #define CIPHER_RIJNDAEL 16 +#define CIPHER_AES 16 #define CIPHER_RC5 17 -#define CIPHER_AES 18 #define MAX_CIPHER 20 #define CIPHER_CBC 0x00010000 diff -urN linux-2.2.18/include/linux/loop.h linux-2.2.18-cr/include/linux/loop.h --- linux-2.2.18/include/linux/loop.h Tue Jan 2 02:49:29 2001 +++ linux-2.2.18-cr/include/linux/loop.h Mon Jan 1 17:21:11 2001 @@ -105,8 +105,9 @@ #define LO_CRYPT_CAST256 14 #define LO_CRYPT_DFC 15 #define LO_CRYPT_RIJNDAEL 16 +#define LO_CRYPT_AES 16 #define LO_CRYPT_RC5 17 #define MAX_LO_CRYPT 20 #ifdef __KERNEL__ /* Support for loadable transfer modules */ --Q68bSM7Ycu6FN28Q-- Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From owner-linux-crypto@nl.linux.org Fri Jan 5 23:09:36 2001 Received: by humbolt.nl.linux.org id ; Fri, 5 Jan 2001 23:08:53 +0100 Received: from midten.fast.no ([213.188.8.11]:64012 "EHLO midten.fast.no") by humbolt.nl.linux.org with ESMTP id ; Fri, 5 Jan 2001 23:07:58 +0100 Received: (from astor@localhost) by midten.fast.no (8.9.3/8.9.3) id XAA30157 for linux-crypto@humbolt.nl.linux.org; Fri, 5 Jan 2001 23:07:56 +0100 (CET) Date: Fri, 5 Jan 2001 23:07:56 +0100 From: Alexander S A Kjeldaas To: linux-crypto@nl.linux.org Subject: New patches out for 2.2 and 2.4. Message-ID: <20010105230756.A29749@midten.fast.no> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i Sender: owner-linux-crypto@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;linux-crypto-list Two new patches are out - 2.2.18.4pre1 and 2.4.0.1, available at: ftp://ftp.kernel.org/pub/linux/kernel/v2.4/ ftp://ftp.kernel.org/pub/linux/kernel/people/astor/v2.2/ This patch includes most of the changes I wanted to have done before switching to 2.4. There are no more cipher or digest IDs in this patch. This means there is no longer any need to have util-linux in synch with the kernel. Names of ciphers are passed as a string from user-land. Also cipher_implementations now have both atomic and non-atomic versions of encrypt/decrypt/set_key as discussed on the list earlier. When calling ci_atomic = find_cipher_by_name("somecipher-cbc", 1); ... ci_atomic->encrypt_atomic(...); there is a second argument that specifies whether you need to use the atomic functions. When set to 1, find_cipher_by_name is required to return a cipher_implementation that supports this (i.e. a software cipher). All the ciphers currently support this. All the ciphers have been renamed since they are now loaded based on their names. So find_cipher_by_name("somecipher-cbc", 0); will look for the following modules until somecipher-cbc is found or all options have been exhausted: cipher-somecipher-cbc cipher-somecipher cipher ..byebye to /etc/modules.conf hell. The util-linux patch probably needs some cleanups still, but I wanted to get this out. Oh, and this patch requires you to recompile util-linux. astor -- Alexander Kjeldaas Mail: astor@fast.no finger astor@master.kernel.org for OpenPGP key. Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From owner-linux-crypto@nl.linux.org Sat Jan 6 04:00:32 2001 Received: by humbolt.nl.linux.org id ; Sat, 6 Jan 2001 03:59:50 +0100 Received: from midten.fast.no ([213.188.8.11]:47368 "EHLO midten.fast.no") by humbolt.nl.linux.org with ESMTP id ; Sat, 6 Jan 2001 03:59:24 +0100 Received: (from astor@localhost) by midten.fast.no (8.9.3/8.9.3) id DAA43181; Sat, 6 Jan 2001 03:59:19 +0100 (CET) Date: Sat, 6 Jan 2001 03:59:19 +0100 From: Alexander S A Kjeldaas To: Alexander S A Kjeldaas Cc: linux-crypto@nl.linux.org Subject: Re: New patches out for 2.2 and 2.4. Message-ID: <20010106035918.B40084@midten.fast.no> References: <20010105230756.A29749@midten.fast.no> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i In-Reply-To: <20010105230756.A29749@midten.fast.no>; from Alexander S A Kjeldaas on Fri, Jan 05, 2001 at 11:07:56PM +0100 Sender: owner-linux-crypto@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;linux-crypto-list On Fri, Jan 05, 2001 at 11:07:56PM +0100, Alexander S A Kjeldaas wrote: > Two new patches are out - 2.2.18.4pre1 and 2.4.0.1, available at: > ftp://ftp.kernel.org/pub/linux/kernel/v2.4/ The above should read ftp://ftp.kernel.org/pub/linux/kernel/crypto/v2.4/ astor -- Alexander Kjeldaas Mail: astor@fast.no finger astor@master.kernel.org for OpenPGP key. Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From owner-linux-crypto@nl.linux.org Sat Jan 6 10:43:02 2001 Received: by humbolt.nl.linux.org id ; Sat, 6 Jan 2001 10:42:34 +0100 Received: from lpzg-d9326950.pool.mediaWays.net ([217.50.105.80]:2820 "EHLO imp.yoghurt.net") by humbolt.nl.linux.org with ESMTP id ; Sat, 6 Jan 2001 10:42:05 +0100 Received: from chh by imp.yoghurt.net with local (Exim 3.12 #1 (Debian)) id 14EeFV-0000nz-00 for ; Fri, 05 Jan 2001 22:18:09 +0100 Date: Fri, 5 Jan 2001 22:18:08 +0100 From: Christoph Hertel To: linux-crypto@nl.linux.org Subject: patches & Linux Encryption HOWTO Message-ID: <20010105221808.A2824@imp.yoghurt.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.12i Sender: owner-linux-crypto@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;linux-crypto-list Hello everyone, I did not find a reference to the archive of this ML in the 'Linux Encryption HOWTO', so if I ask questions asked before consider my first suggestion and add a link/hint in section 1.4 "Mailing List". Now for my beginner's question: I have a Debian system running with the package util-linux 2.10q-1. The changelog.Debian.gz states for version 2.10d-5: * Included patch from "J.H.M. Dassen (Ray)" : - Restored enhanced losetup(8) manpage. - Restored encrypted filesystem support, by applying util-linux-2.9w from patch-int-2.2.13.3.gz as found on ftp.kerneli.org (modified to work with Debian's kernel-patch-int's crypto.h). (closes: #54657) Does this mean that I can skip section 4.2 "Patching the util-linux source" in the HOWTO? If yes, then please add a comment to the HOWTO. What is "Debian's kernel-patch-int's crypto.h"? Is there a special patch for Debian? Next Question: Kernel 2.2.14 is running very smoothly on my machine, I have a slow 33.6 modem and [etc.] -> I don't want to update my kernel to 2.2.18 (or whatever is out there, or even 2.4.0). May I use the 2.2.17.6 crypto patch or do I have to use the 2.2.14.x? Yes, the HOWTO says "It should apply without rejects to all recent 2.2.1x kernels." But I'm afraid of messing things up. That's for now. Nevertheless I found typos: * section 1.3 "Aims of this document": "These efford(t?)s are" "Kjeldaas ( astor@fast.no) in" (space in front of email-address). * section 4.3 "Making an Encrypted Folder" "home dire(c)tory of" "Just make sure it contains no data and replace the filename ~/.config in the following discussion" (is ~/.config meant, or ~/.crypto ?) * section 4.1 "Configuring the Kernel" "The help texts as well as the glossary at the end of this document will help you with that" (the ciphers are not discussed in the glossary) * section 4.4 "Automagically Encrypting the Home Directory with `EHD''" "If you are interested, give my(e?) a call." * section 6.1.1 "How can I encrypt swap?" "See the sections on individual approaches below." (there's nothing below?) Btw, great job with the HOWTO and all! Thanks! I'm not a native speaker and sometimes very confused, so please excuse anything wrong above :-) Christoph p.s. Are there any plans to replace/merge the "Loopback Encrypted Filesystem HOWTO" with the "Linux Encryption HOWTO"? The former was the first HOWTO I found on this topic, but it seems to be outdated and not actively maintained anymore. -- PGP (GnuPG) encrypted mail welcome! (Key 0xBAC8E4D5) Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From owner-linux-crypto@nl.linux.org Sat Jan 6 15:23:10 2001 Received: by humbolt.nl.linux.org id ; Sat, 6 Jan 2001 15:22:31 +0100 Received: from midten.fast.no ([213.188.8.11]:34308 "EHLO midten.fast.no") by humbolt.nl.linux.org with ESMTP id ; Sat, 6 Jan 2001 15:22:00 +0100 Received: (from astor@localhost) by midten.fast.no (8.9.3/8.9.3) id PAA55256; Sat, 6 Jan 2001 15:21:56 +0100 (CET) Date: Sat, 6 Jan 2001 15:21:56 +0100 From: Alexander S A Kjeldaas To: Christoph Hertel Cc: linux-crypto@nl.linux.org Subject: Re: patches & Linux Encryption HOWTO Message-ID: <20010106152155.A54927@midten.fast.no> References: <20010105221808.A2824@imp.yoghurt.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i In-Reply-To: <20010105221808.A2824@imp.yoghurt.net>; from Christoph Hertel on Fri, Jan 05, 2001 at 10:18:08PM +0100 Sender: owner-linux-crypto@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;linux-crypto-list On Fri, Jan 05, 2001 at 10:18:08PM +0100, Christoph Hertel wrote: > Hello everyone, > > I did not find a reference to the archive of this ML in the 'Linux > Encryption HOWTO', so if I ask questions asked before consider my first > suggestion and add a link/hint in section 1.4 "Mailing List". > > Now for my beginner's question: I have a Debian system running with the > package util-linux 2.10q-1. The changelog.Debian.gz states for version > 2.10d-5: > * Included patch from "J.H.M. Dassen (Ray)" : > - Restored enhanced losetup(8) manpage. > - Restored encrypted filesystem support, by applying util-linux-2.9w from > patch-int-2.2.13.3.gz as found on ftp.kerneli.org (modified to work with > Debian's kernel-patch-int's crypto.h). > (closes: #54657) > Does this mean that I can skip section 4.2 "Patching the util-linux > source" in the HOWTO? If yes, then please add a comment to the HOWTO. > What is "Debian's kernel-patch-int's crypto.h"? Is there a special patch > for Debian? > If you plan on using features (esp new ciphers) introduced in a patch later than 2.2.13.3, you'll want to patch util-linux yourself. Also, soon there will be changes in how losetup talks to the kernel that hopefully should end the need to change util-linux whenever a cipher is added to the kernel. > Next Question: Kernel 2.2.14 is running very smoothly on my machine, I > have a slow 33.6 modem and [etc.] -> I don't want to update my kernel to > 2.2.18 (or whatever is out there, or even 2.4.0). May I use the 2.2.17.6 > crypto patch or do I have to use the 2.2.14.x? Yes, the HOWTO says "It > should apply without rejects to all recent 2.2.1x kernels." But I'm > afraid of messing things up. > You should be able to patch 2.2.14 with the 2.2.17.x patches. No guarantees though. astor -- Alexander Kjeldaas Mail: astor@fast.no finger astor@master.kernel.org for OpenPGP key. Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From owner-linux-crypto@nl.linux.org Sat Jan 6 20:02:12 2001 Received: by humbolt.nl.linux.org id ; Sat, 6 Jan 2001 20:01:31 +0100 Received: from ci176196-a.grnvle1.sc.home.com ([24.4.120.228]:39942 "EHLO rhino.thrillseeker.net") by humbolt.nl.linux.org with ESMTP id ; Sat, 6 Jan 2001 20:01:05 +0100 Received: (from weh@localhost) by rhino.thrillseeker.net (8.11.1/8.11.1/Debian 8.11.0-6) id f06J11r04556; Sat, 6 Jan 2001 14:01:01 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <14935.27501.263804.328946@rhino.thrillseeker.net> Date: Sat, 6 Jan 2001 14:01:01 -0500 (EST) From: Billy Harvey To: linux-crypto@nl.linux.org Subject: Re: New patches out for 2.2 and 2.4. In-Reply-To: Saturday, 6 January 2001 03:59:19 +0100 References: <20010105230756.A29749@midten.fast.no> <20010106035918.B40084@midten.fast.no> X-Mailer: VM 6.75 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid Sender: owner-linux-crypto@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;linux-crypto-list > > Two new patches are out - 2.2.18.4pre1 and 2.4.0.1, available at: ... > ftp://ftp.kernel.org/pub/linux/kernel/crypto/v2.4/ > Alexander Alexander, I've successfully installed the 2.4.0.1 patch, and applied and installed the util-linux patch. The loopback encryption appears to work to a point, and then lock the system up. I've been only using AES with 128 bit key so far. This appears to happen under load, but is inconsistent. If I start the encrypted loopback while many other tasks are ongoing, leaving little real memory, it appears to happen quicker. The first occurence was during the "mkfs -t ext2" phase, but that went successfully after rebooting and only starting that process over. The second occured during the copy of several thousand files to the encrypted loop (2GBytes in size). About halfway through the copy process the system locked again. Rebooting and retrying was successful. Creating a new loop and copying the same files back also worked fine. The lock appears to be at the kernel level, as everything freezes solid, including the digital clock I have running. Billy Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From owner-linux-crypto@nl.linux.org Sat Jan 6 20:20:13 2001 Received: by humbolt.nl.linux.org id ; Sat, 6 Jan 2001 20:19:41 +0100 Received: from midten.fast.no ([213.188.8.11]:29704 "EHLO midten.fast.no") by humbolt.nl.linux.org with ESMTP id ; Sat, 6 Jan 2001 20:19:03 +0100 Received: (from astor@localhost) by midten.fast.no (8.9.3/8.9.3) id UAA60628; Sat, 6 Jan 2001 20:18:51 +0100 (CET) Date: Sat, 6 Jan 2001 20:18:51 +0100 From: Alexander S A Kjeldaas To: Billy Harvey Cc: linux-crypto@nl.linux.org Subject: Re: New patches out for 2.2 and 2.4. Message-ID: <20010106201851.B58777@midten.fast.no> References: <20010105230756.A29749@midten.fast.no> <20010106035918.B40084@midten.fast.no> <14935.27501.263804.328946@rhino.thrillseeker.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i In-Reply-To: <14935.27501.263804.328946@rhino.thrillseeker.net>; from Billy Harvey on Sat, Jan 06, 2001 at 02:01:01PM -0500 Sender: owner-linux-crypto@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;linux-crypto-list On Sat, Jan 06, 2001 at 02:01:01PM -0500, Billy Harvey wrote: > > Alexander, > > I've successfully installed the 2.4.0.1 patch, and applied and > installed the util-linux patch. The loopback encryption appears to > work to a point, and then lock the system up. I've been only using > AES with 128 bit key so far. > > This appears to happen under load, but is inconsistent. If I start > the encrypted loopback while many other tasks are ongoing, leaving > little real memory, it appears to happen quicker. The first occurence > was during the "mkfs -t ext2" phase, but that went successfully after > rebooting and only starting that process over. The second occured > during the copy of several thousand files to the encrypted loop > (2GBytes in size). About halfway through the copy process the system > locked again. > > Rebooting and retrying was successful. Creating a new loop and > copying the same files back also worked fine. > > The lock appears to be at the kernel level, as everything freezes > solid, including the digital clock I have running. > Could you try this without using encryption? astor -- Alexander Kjeldaas Mail: astor@fast.no finger astor@master.kernel.org for OpenPGP key. Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From owner-linux-crypto@nl.linux.org Sun Jan 7 00:19:36 2001 Received: by humbolt.nl.linux.org id ; Sun, 7 Jan 2001 00:18:56 +0100 Received: from mail2.uni-bielefeld.de ([129.70.4.90]:6539 "EHLO mail.uni-bielefeld.de") by humbolt.nl.linux.org with ESMTP id ; Sun, 7 Jan 2001 00:18:38 +0100 Received: from Mutz.com (ppp36-331.hrz.uni-bielefeld.de [129.70.37.75]) by mail.uni-bielefeld.de (Sun Internet Mail Server sims.4.0.2000.05.17.04.13.p6) with ESMTP id <0G6R0065SKQZDL@mail.uni-bielefeld.de> for linux-crypto@humbolt.nl.linux.org; Sun, 7 Jan 2001 00:18:36 +0100 (MET) Date: Sat, 06 Jan 2001 21:52:17 +0000 From: Marc Mutz Subject: Re: New patches out for 2.2 and 2.4. To: Billy Harvey Cc: linux-crypto@nl.linux.org Message-id: <3A579391.848D703D@Mutz.com> Organization: University of Bielefeld - Dep. of Mathematics / Dep. of Physics MIME-version: 1.0 X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.2.17 i586) Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT X-Accept-Language: en References: <20010105230756.A29749@midten.fast.no> <20010106035918.B40084@midten.fast.no> <14935.27501.263804.328946@rhino.thrillseeker.net> Sender: owner-linux-crypto@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;linux-crypto-list Billy Harvey wrote: > > I've successfully installed the 2.4.0.1 patch, and applied and > installed the util-linux patch. The loopback encryption appears to > work to a point, and then lock the system up. I've been only using > AES with 128 bit key so far. This is a known bug. It's on Ted's todo list (linux24.sourceforge.net) in section (to do, but no showstopper). This is why it is still there. A fix exists, but isn't merged would probably be the better section, because there is a patch by Jens Axboe that seems to fix the problem. But then agian, they may not be sure _why_ it fixes it: Jens Axboe wrote: > > On Wed, Jan 03 2001, William Stearns wrote: > > Good day, all, > > This is just meant as an informational message, not a complaint. > > Ted, could you note that this still exists on 2.4.0-test13-pre7 in the > > todo page? Many thanks. > > > > [1.] One line summary of the problem: > > Loopback filesystem writes still hang on 2.4.0-test13-pre7. > > Could you try with this patch: > > *.kernel.org/pub/linux/kernel/people/axboe/patches/2.4-prerelease/loop-remap-2 > > it survives 10 runs of your script and dbench abuse etc. If there are still > problems, I'd like to know... Should be faster too :-) > > -- > * Jens Axboe > * SuSE Labs > - > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in > the body of a message to majordomo@vger.kernel.org > Please read the FAQ at http://www.tux.org/lkml/ -- Marc Mutz http://EncryptionHOWTO.sourceforge.net/ University of Bielefeld, Dep. of Mathematics / Dep. of Physics PGP-keyID's: 0xd46ce9ab (RSA), 0x7ae55b9e (DSS/DH) Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From owner-linux-crypto@nl.linux.org Sun Jan 7 11:51:49 2001 Received: by humbolt.nl.linux.org id ; Sun, 7 Jan 2001 11:51:08 +0100 Received: from mibi02.meb.uni-bonn.de ([131.220.21.3]:13585 "EHLO mibi02.meb.uni-bonn.de") by humbolt.nl.linux.org with ESMTP id ; Sun, 7 Jan 2001 11:50:36 +0100 Received: (from ernst@localhost) by mibi02.meb.uni-bonn.de (8.11.0/8.10.0.Beta10) id f07Aqrw08162; Sun, 7 Jan 2001 11:52:53 +0100 Date: Sun, 7 Jan 2001 11:52:53 +0100 Message-Id: <200101071052.f07Aqrw08162@mibi02.meb.uni-bonn.de> From: "Dr. Ernst Molitor" To: Alexander.Kjeldaas@fast.no CC: linux-crypto@nl.linux.org In-reply-to: <20010105230756.A29749@midten.fast.no> (message from Alexander S A Kjeldaas on Fri, 5 Jan 2001 23:07:56 +0100) Subject: Re: New patches out for 2.2 and 2.4. Reply-to: molitor@mibi02.meb.uni-bonn.de References: <20010105230756.A29749@midten.fast.no> Mime-Version: 1.0 (generated by tm-edit 7.106) Content-Type: text/plain; charset=US-ASCII Sender: owner-linux-crypto@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;linux-crypto-list Dear Alexander, thank you very much for your work on kernel-int, which is most valuable. With the 2.4.0.1 patch and the util-linux patch applied to util-linux...[or].tar.gz, I'm able to create and use new encrypted file systems via loop, but I seem unable to access those created under the latest 2.2.17 kernel-int patches. Trying to mount with, e.g., mount -t ext2 -oloop,encryption=blowfish .crypto crypto will lead to a passphrase dialog, then exit with an error message like ioctl: LOOP_SET_STATUS ... Trying one of the cipher names that appear in /proc/crypto/ciphers works fine for newly added ciphers, only, as far as I can see; using the full name (that is, with -cbc or -ecb added), leads to error messages all the time ("cipher not supported"), regardless of how I try to escape the dash from being interpreted as an option lead in by the shell... I'd very much appreciate a hint on what my mistake could be... Best regards, Ernst Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From owner-linux-crypto@nl.linux.org Sun Jan 7 12:25:19 2001 Received: by humbolt.nl.linux.org id ; Sun, 7 Jan 2001 12:24:32 +0100 Received: from r695.hbg.dial.surf-callino.de ([213.21.21.187]:9733 "EHLO imp.yoghurt.net") by humbolt.nl.linux.org with ESMTP id ; Sun, 7 Jan 2001 12:23:52 +0100 Received: from chh by imp.yoghurt.net with local (Exim 3.12 #1 (Debian)) id 14FDra-0000h8-00 for ; Sun, 07 Jan 2001 12:19:50 +0100 Date: Sun, 7 Jan 2001 12:19:50 +0100 From: Christoph Hertel To: linux-crypto@nl.linux.org Subject: Re: patches; problems w/ AES, Twofish + losetup Message-ID: <20010107121950.A1898@imp.yoghurt.net> Mail-Followup-To: linux-crypto@humbolt.nl.linux.org References: <20010105221808.A2824@imp.yoghurt.net> <20010106152155.A54927@midten.fast.no> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.12i In-Reply-To: <20010106152155.A54927@midten.fast.no>; from Alexander.Kjeldaas@fast.no on Sat, Jan 06, 2001 at 03:21:56PM +0100 Sender: owner-linux-crypto@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;linux-crypto-list * Alexander S A Kjeldaas [2001-01-06]: > > Does this mean that I can skip section 4.2 "Patching the util-linux > > source" in the HOWTO? > If you plan on using features (esp new ciphers) introduced in a patch > later than 2.2.13.3, you'll want to patch util-linux yourself. I patched it and the make failed; the HOWTO seems to have the answer: "If the make step fails, check that /usr/include/linux and /usr/include/asm resp. are symlinks to include/linux and include/asm-arch resp. Some distributions (e.g. Debian) only have a copy of the kernel include there. If you change the kernel, they become outdated." What is meant by "include/linux and include/asm-arch"? I chose /usr/src/linux/include/linux/ and /usr/src/linux/include/asm; the latter points to asm-i386 (I have a PPro). The make didn't complain. Is it about right what I did? Or should I change it now back to the original state? > You should be able to patch [linux] 2.2.14 with the [linux-int] > 2.2.17.x patches. No guarantees though. I patched a 2.2.16 kernel with the 2.2.18.3 int_patch and util-linux-2.10q with the util-linux-2.10o.int.patch; configure complained: "You don't have " "You don't have __NR_pivot_root" "Your rpcgen output does not compile" And strange things are happening: /home/chh# losetup -e Twofish /dev/loop0 cryptotest Password : ioctl: LOOP_SET_STATUS: Invalid argument /home/chh# losetup -e AES /dev/loop0 cryptotest Unsupported encryption type AES /home/chh# losetup -e Rijndael /dev/loop0 cryptotest Unsupported encryption type Rijndael /home/chh# losetup -e Blowfish /dev/loop0 cryptotest Password : The last one worked, but I compiled my kernel with AES, Twofish and Blowfish (CONFIG_CIPHER_AES=m, CONFIG_CIPHER_TWOFISH=m, CONFIG_CIPHER_BLOWFISH=m, but "# CONFIG_CIPHER_RIJNDAEL is not set") modprobe complains in my logs: modprobe: modprobe: Can't locate module loop-xfer-3 modprobe: modprobe: Can't locate module cipher-3 kern.log only said: kernel: cryptoapi: Registered blowfish (4) kernel: cryptoapi: Registered blowfish-cbc (65540) in /var/log/ksymoops/20010107112329.modules (the last one): blowfish 8608 0 (autoclean) (unused) loop_gen 1312 1 (autoclean) cryptoapi 1872 2 (autoclean) [blowfish loop_gen] loop 8032 2 (autoclean) [loop_gen] my modules.conf has all the modules: alias loop-xfer-3 loop_fish2 alias cipher-3 fish2 alias cipher-4 blowfish alias cipher-16 rijndael and they are, where they should be in /lib/modules/2.2.16: 10104 Jan 6 15:21 blowfish.o 18148 Jan 6 15:21 rijndael.o 40564 Jan 6 15:21 twofish.o However, all the other things seem to work (mounting, writing to, moving the crypto-file, etc.). Thanks for all your help! Christoph -- PGP (GnuPG) encrypted mail welcome! (Key 0xBAC8E4D5) Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From owner-linux-crypto@nl.linux.org Sun Jan 7 15:33:56 2001 Received: by humbolt.nl.linux.org id ; Sun, 7 Jan 2001 15:33:21 +0100 Received: from midten.fast.no ([213.188.8.11]:43788 "EHLO midten.fast.no") by humbolt.nl.linux.org with ESMTP id ; Sun, 7 Jan 2001 15:32:47 +0100 Received: (from astor@localhost) by midten.fast.no (8.9.3/8.9.3) id PAA82987 for linux-crypto@humbolt.nl.linux.org; Sun, 7 Jan 2001 15:32:45 +0100 (CET) Date: Sun, 7 Jan 2001 15:32:45 +0100 From: Alexander S A Kjeldaas To: linux-crypto@nl.linux.org Subject: Re: patches; problems w/ AES, Twofish + losetup Message-ID: <20010107153244.C72845@midten.fast.no> References: <20010105221808.A2824@imp.yoghurt.net> <20010106152155.A54927@midten.fast.no> <20010107121950.A1898@imp.yoghurt.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i In-Reply-To: <20010107121950.A1898@imp.yoghurt.net>; from Christoph Hertel on Sun, Jan 07, 2001 at 12:19:50PM +0100 Sender: owner-linux-crypto@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;linux-crypto-list On Sun, Jan 07, 2001 at 12:19:50PM +0100, Christoph Hertel wrote: > * Alexander S A Kjeldaas [2001-01-06]: > > > > Does this mean that I can skip section 4.2 "Patching the util-linux > > > source" in the HOWTO? > > If you plan on using features (esp new ciphers) introduced in a patch > > later than 2.2.13.3, you'll want to patch util-linux yourself. > I patched it and the make failed; the HOWTO seems to have the answer: > > "If the make step fails, check that /usr/include/linux and > /usr/include/asm resp. are symlinks to include/linux and > include/asm-arch resp. Some distributions (e.g. Debian) only have a copy > of the kernel include there. If you change the kernel, they > become outdated." > > What is meant by "include/linux and include/asm-arch"? I chose > /usr/src/linux/include/linux/ and /usr/src/linux/include/asm; the latter > points to asm-i386 (I have a PPro). The make didn't complain. Is it > about right what I did? Or should I change it now back to the original > state? > It's up to you. These directories contain kernel header files, and they should generally have kernel headers that represent kernel interfaces that your currently running kernel supports. So just leaving them as you've changed them is probably ok. On the other hand, I think it's possible to patch util-linux into looking for kernel-headers in a specific place instead of /usr/include/linux. So that's an alternative - cleaner IMO. But generally - don't bother about this.. you're fine. > > You should be able to patch [linux] 2.2.14 with the [linux-int] > > 2.2.17.x patches. No guarantees though. > I patched a 2.2.16 kernel with the 2.2.18.3 int_patch and > util-linux-2.10q with the util-linux-2.10o.int.patch; configure > complained: > "You don't have " > "You don't have __NR_pivot_root" > "Your rpcgen output does not compile" > Don't know what these messages mean. > And strange things are happening: > /home/chh# losetup -e Twofish /dev/loop0 cryptotest > Password : > ioctl: LOOP_SET_STATUS: Invalid argument > /home/chh# losetup -e AES /dev/loop0 cryptotest > Unsupported encryption type AES > /home/chh# losetup -e Rijndael /dev/loop0 cryptotest > Unsupported encryption type Rijndael > /home/chh# losetup -e Blowfish /dev/loop0 cryptotest > Password : > The last one worked, but I compiled my kernel with AES, Twofish and > Blowfish (CONFIG_CIPHER_AES=m, CONFIG_CIPHER_TWOFISH=m, > CONFIG_CIPHER_BLOWFISH=m, but "# CONFIG_CIPHER_RIJNDAEL is not set") > I always use lower-case names. From the top of my head I'm not sure that it works with mixed-case (I'll have to fix that I think). > modprobe complains in my logs: > modprobe: modprobe: Can't locate module loop-xfer-3 > modprobe: modprobe: Can't locate module cipher-3 > > kern.log only said: > kernel: cryptoapi: Registered blowfish (4) > kernel: cryptoapi: Registered blowfish-cbc (65540) > > in /var/log/ksymoops/20010107112329.modules (the last one): > blowfish 8608 0 (autoclean) (unused) > loop_gen 1312 1 (autoclean) > cryptoapi 1872 2 (autoclean) [blowfish loop_gen] > loop 8032 2 (autoclean) [loop_gen] > > my modules.conf has all the modules: > alias loop-xfer-3 loop_fish2 > alias cipher-3 fish2 > alias cipher-4 blowfish > alias cipher-16 rijndael > > and they are, where they should be in /lib/modules/2.2.16: > 10104 Jan 6 15:21 blowfish.o > 18148 Jan 6 15:21 rijndael.o > 40564 Jan 6 15:21 twofish.o > You cipher-3 alias is wrong - it should point to twofish, not fish2. > > However, all the other things seem to work (mounting, writing to, moving > the crypto-file, etc.). Thanks for all your help! > That's good to hear. :-) astor -- Alexander Kjeldaas Mail: astor@fast.no finger astor@master.kernel.org for OpenPGP key. Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From owner-linux-crypto@nl.linux.org Sun Jan 7 15:38:56 2001 Received: by humbolt.nl.linux.org id ; Sun, 7 Jan 2001 15:38:12 +0100 Received: from midten.fast.no ([213.188.8.11]:47628 "EHLO midten.fast.no") by humbolt.nl.linux.org with ESMTP id ; Sun, 7 Jan 2001 15:37:16 +0100 Received: (from astor@localhost) by midten.fast.no (8.9.3/8.9.3) id PAA83060; Sun, 7 Jan 2001 15:37:09 +0100 (CET) Date: Sun, 7 Jan 2001 15:37:09 +0100 From: Alexander S A Kjeldaas To: "Dr. Ernst Molitor" Cc: Alexander.Kjeldaas@fast.no, linux-crypto@nl.linux.org Subject: Re: New patches out for 2.2 and 2.4. Message-ID: <20010107153709.D72845@midten.fast.no> References: <20010105230756.A29749@midten.fast.no> <200101071052.f07Aqrw08162@mibi02.meb.uni-bonn.de> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary=uAKRQypu60I7Lcqm X-Mailer: Mutt 0.95.4i In-Reply-To: <200101071052.f07Aqrw08162@mibi02.meb.uni-bonn.de>; from Dr. Ernst Molitor on Sun, Jan 07, 2001 at 11:52:53AM +0100 Sender: owner-linux-crypto@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;linux-crypto-list --uAKRQypu60I7Lcqm Content-Type: text/plain; charset=us-ascii On Sun, Jan 07, 2001 at 11:52:53AM +0100, Dr. Ernst Molitor wrote: > Dear Alexander, > > thank you very much for your work on kernel-int, which is most > valuable. > > With the 2.4.0.1 patch and the util-linux patch applied to > util-linux...[or].tar.gz, I'm able to create and use new encrypted > file systems via loop, but I seem unable to access those created under > the latest 2.2.17 kernel-int patches. Trying to mount with, e.g., > > mount -t ext2 -oloop,encryption=blowfish .crypto crypto > > will lead to a passphrase dialog, then exit with an error message > like > > ioctl: LOOP_SET_STATUS ... > > Trying one of the cipher names that appear in /proc/crypto/ciphers > works fine for newly added ciphers, only, as far as I can see; > using the full name (that is, with -cbc or -ecb added), leads to > error messages all the time ("cipher not supported"), regardless of > how I try to escape the dash from being interpreted as an option > lead in by the shell... > > I'd very much appreciate a hint on what my mistake could be... > It's a bug in the util-linux patch. For "old" ciphers (i.e. twofish, blowfish and others that worked in previous versions of util-linux), it will try to use the LOOP_SET_STATUS ioctl wrongly. The attached patch should hopefully fix that by first trying the new-style ioctl, and then falling back to the old-style ioctl if it didn't work. astor -- Alexander Kjeldaas Mail: astor@fast.no finger astor@master.kernel.org for OpenPGP key. --uAKRQypu60I7Lcqm Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="util-linux.diff" diff -urN util-linux-2.10o.int3/mount/lomount.c util-linux-2.10o.int2/mount/lomount.c --- util-linux-2.10o.int3/mount/lomount.c Sun Jan 7 03:32:14 2001 +++ util-linux-2.10o.int2/mount/lomount.c Sun Jan 7 03:36:30 2001 @@ -44,6 +44,7 @@ extern char *xstrdup (const char *s); /* not: #include "sundries.h" */ extern void error (const char *fmt, ...); /* idem */ + struct cipher_info { const char *name; @@ -53,38 +54,13 @@ int key_schedule_size; }; - -static int get_cipher_info(const char *name, struct cipher_info *res) -{ - char path[PATH_MAX]; - char buf[2000]; - FILE *f; - struct { - int *out; - const char *prefix; - } fields[] = {{&res->blocksize, "blocksize:"}, - {&res->keysize_mask, "keysize_mask:"}, - {&res->ivsize, "ivsize:"}, - {&res->key_schedule_size, "key_schedule_size:"}}; - snprintf(path, sizeof(path), "/proc/crypto/cipher/%s", name); - f = fopen(path, "r"); - while(f && fgets(buf, sizeof(buf), f)) { - int i; - for (i = 0; i < sizeof(fields)/sizeof(fields[0]); i++) { - int len = strlen(fields[i].prefix); - if (strncmp(buf, fields[i].prefix, len) == 0) { - *fields[i].out = strtoul(&buf[len+1], NULL, 0); - break; - } - } - - } - if (!f) - return -1; - return 0; -} - - +static int set_loop_passwd(struct loop_info *_loopinfo, int pfd, int keysz, + const char *encryption, int fd, int ffd); +static int get_cipher_info(const char *name, struct cipher_info *res); +static int name_to_id(const char *name); +#ifdef MAIN +static char *id_to_name(int id); +#endif #ifdef LOOP_SET_FD struct crypt_type_struct { @@ -103,29 +79,7 @@ { -1, NULL,0 } }; -static int -crypt_type (const char *name) { - int i; - - if (name) { - for (i = 0; crypt_type_tbl[i].id != -1; i++) - if (!strcasecmp (name, crypt_type_tbl[i].name)) - return crypt_type_tbl[i].id; - } - return LO_CRYPT_CRYPTOAPI; -} - #ifdef MAIN -static char * -crypt_name (int id) { - int i; - - for (i = 0; crypt_type_tbl[i].id != -1; i++) - if (id == crypt_type_tbl[i].id) - return crypt_type_tbl[i].name; - return "undefined"; -} - static int show_loop (char *device) { struct loop_info loopinfo; @@ -147,7 +101,7 @@ printf (_("%s: [%04x]:%ld (%s) offset %d, %s encryption\n"), device, loopinfo.lo_device, loopinfo.lo_inode, loopinfo.lo_name, loopinfo.lo_offset, - crypt_name (loopinfo.lo_encrypt_type)); + id_to_name(loopinfo.lo_encrypt_type)); close (fd); return 0; @@ -213,12 +167,12 @@ error(_( "mount: Could not find any loop device, and, according to %s,\n" " this kernel does not know about the loop device.\n" - " (If so, then recompile or `insmod loop.o'.)"), + " (If so, then recompile or `modprobe loop'.)"), PROC_DEVICES); else error(_( "mount: Could not find any loop device. Maybe this kernel does not know\n" - " about the loop device (then recompile or `insmod loop.o'), or\n" + " about the loop device (then recompile or `modprobe loop'), or\n" " maybe /dev/loop# has the wrong major number?")); } else error(_("mount: could not find any free loop device")); @@ -270,12 +224,7 @@ set_loop (const char *device, const char *file, int offset, const char *encryption, int pfd, int keysz, int *loopro) { struct loop_info loopinfo; - int fd, ffd, mode, i; - int keylength; - char *pass; - char keybits[2*HASHLENGTH]; - char passwdbuff[PASSWDBUFFLEN]; - struct cipher_info info; + int fd, ffd, mode, tried_old; mode = (*loopro ? O_RDONLY : O_RDWR); if ((ffd = open (file, mode)) < 0) { @@ -293,14 +242,10 @@ *loopro = (mode == O_RDONLY); memset (&loopinfo, 0, sizeof (loopinfo)); - strncpy (loopinfo.lo_name, file, LO_NAME_SIZE); + snprintf(loopinfo.lo_name, sizeof(loopinfo.lo_name), + "%s-cbc", encryption); loopinfo.lo_name[LO_NAME_SIZE - 1] = 0; - if (encryption && (loopinfo.lo_encrypt_type = crypt_type (encryption)) - < 0) { - fprintf (stderr, _("Unsupported encryption type %s\n"), - encryption); - return 1; - } + loopinfo.lo_encrypt_type = LO_CRYPT_CRYPTOAPI; loopinfo.lo_offset = offset; #ifdef MCL_FUTURE @@ -315,29 +260,75 @@ exit(1); } #endif + + if (ioctl (fd, LOOP_SET_FD, ffd) < 0) { + perror ("ioctl: LOOP_SET_FD"); + return 1; + } - switch (loopinfo.lo_encrypt_type) { + tried_old = 0; +again: + set_loop_passwd(&loopinfo, pfd, keysz, encryption, fd, ffd); + + if (ioctl (fd, LOOP_SET_STATUS, &loopinfo) < 0) { + /* Try again with old-style LO_CRYPT_XX if + new-style LO_CRYPT_CRYPTOAPI ioctl didn't work */ + if (tried_old) { + error("The cipher does not exist, or a cipher module " + "needs to be loaded into the kernel"); + perror ("ioctl: LOOP_SET_STATUS"); + goto out_ioctl; + } + strncpy (loopinfo.lo_name, file, LO_NAME_SIZE); + loopinfo.lo_name[LO_NAME_SIZE - 1] = 0; + loopinfo.lo_encrypt_type = name_to_id (encryption); + tried_old = 1; + goto again; + } + close (fd); + close (ffd); + if (verbose > 1) + printf(_("set_loop(%s,%s,%d): success\n"), + device, file, offset); + return 0; +out_ioctl: + (void) ioctl (fd, LOOP_CLR_FD, 0); + return 1; +} + +int +set_loop_passwd(struct loop_info *loopinfo, int pfd, int keysz, + const char *encryption, int fd, int ffd) +{ + int i; + int keylength; + char *pass; + char keybits[2*HASHLENGTH]; + char passwdbuff[PASSWDBUFFLEN]; + struct cipher_info info; + + switch (loopinfo->lo_encrypt_type) { case LO_CRYPT_NONE: - loopinfo.lo_encrypt_key_size = 0; + loopinfo->lo_encrypt_key_size = 0; break; case LO_CRYPT_XOR: /* WARNING: xgetpass() can return massive amounts of data, * not only 128 bytes like the original getpass(3) */ pass = xgetpass (pfd,_("Password: ")); - strncpy (loopinfo.lo_encrypt_key, pass, LO_KEY_SIZE); - loopinfo.lo_encrypt_key[LO_KEY_SIZE - 1] = 0; - loopinfo.lo_encrypt_key_size = strlen(loopinfo.lo_encrypt_key); + strncpy (loopinfo->lo_encrypt_key, pass, LO_KEY_SIZE); + loopinfo->lo_encrypt_key[LO_KEY_SIZE - 1] = 0; + loopinfo->lo_encrypt_key_size = strlen(loopinfo->lo_encrypt_key); break; case LO_CRYPT_DES: printf(_("WARNING: Use of DES is depreciated.\n")); pass = xgetpass (pfd,_("Password: ")); - strncpy (loopinfo.lo_encrypt_key, pass, 8); - loopinfo.lo_encrypt_key[8] = 0; - loopinfo.lo_encrypt_key_size = 8; + strncpy (loopinfo->lo_encrypt_key, pass, 8); + loopinfo->lo_encrypt_key[8] = 0; + loopinfo->lo_encrypt_key_size = 8; pass = getpass (_("Init (up to 16 hex digits): ")); for (i = 0; i < 16 && pass[i]; i++) if (isxdigit (pass[i])) { - loopinfo.lo_init[i >> 3] |= (pass[i] > '9' ? + loopinfo->lo_init[i >> 3] |= (pass[i] > '9' ? (islower (pass[i]) ? toupper (pass[i]) : pass[i])-'A'+10 : pass[i]-'0') << (i&7) * 4; } else { @@ -355,28 +346,21 @@ passwdbuff[0] = 'A'; rmd160_hash_buffer(keybits,pass,strlen(pass)); rmd160_hash_buffer(keybits+HASHLENGTH,passwdbuff,strlen(pass)+1); - memcpy((char*)loopinfo.lo_encrypt_key,keybits,2*HASHLENGTH); + memcpy((char*)loopinfo->lo_encrypt_key,keybits,2*HASHLENGTH); keylength=0; for(i=0; crypt_type_tbl[i].id != -1; i++){ - if(loopinfo.lo_encrypt_type == crypt_type_tbl[i].id){ + if(loopinfo->lo_encrypt_type == crypt_type_tbl[i].id){ keylength = crypt_type_tbl[i].keylength; break; } } - loopinfo.lo_encrypt_key_size=keylength; + loopinfo->lo_encrypt_key_size=keylength; break; case LO_CRYPT_CRYPTOAPI: - snprintf(loopinfo.lo_name, sizeof(loopinfo.lo_name), - "%s-cbc", encryption); - loopinfo.lo_name[LO_NAME_SIZE - 1] = 0; /* Give the kernel an opportunity to load the cipher */ - (void) ioctl (fd, LOOP_SET_FD, ffd); (void) ioctl (fd, LOOP_SET_STATUS, &loopinfo); - (void) ioctl (fd, LOOP_CLR_FD, 0); - if (get_cipher_info(loopinfo.lo_name, &info) < 0) { - error("The cipher does not exist, or a cipher module " - "needs to be loaded into the kernel"); - goto out_ioctl; + if (get_cipher_info(loopinfo->lo_name, &info) < 0) { + return 1; } if (keysz > 0 && !((1 << ((keysz / 8) - 1)) & info.keysize_mask)) { @@ -392,8 +376,7 @@ char keysize[200]; printf("Available keysizes (bits): "); for (; i < 32; i++) { - if (info.keysize_mask & (1 << i) && - 8*(i+1) <= 160) { + if (info.keysize_mask & (1 << i)) { printf("%d ", 8*(i+1)); available = 1; } @@ -411,36 +394,23 @@ passwdbuff[0] = 'A'; rmd160_hash_buffer(keybits,pass,strlen(pass)); rmd160_hash_buffer(keybits+HASHLENGTH,passwdbuff,strlen(pass)+1); - memcpy((char*)loopinfo.lo_encrypt_key,keybits,2*HASHLENGTH); + memcpy((char*)loopinfo->lo_encrypt_key,keybits,2*HASHLENGTH); - loopinfo.lo_encrypt_key_size=keysz/8; + loopinfo->lo_encrypt_key_size=keysz/8; break; default: fprintf (stderr, _("Don't know how to get key for encryption system %d\n"), - loopinfo.lo_encrypt_type); - return 1; - } - if (ioctl (fd, LOOP_SET_FD, ffd) < 0) { - perror ("ioctl: LOOP_SET_FD"); + loopinfo->lo_encrypt_type); return 1; } - if (ioctl (fd, LOOP_SET_STATUS, &loopinfo) < 0) { - perror ("ioctl: LOOP_SET_STATUS"); - goto out_ioctl; - } - close (fd); - close (ffd); - if (verbose > 1) - printf(_("set_loop(%s,%s,%d): success\n"), - device, file, offset); - return 0; -out_ioctl: - (void) ioctl (fd, LOOP_CLR_FD, 0); - return 1; + return 0; } + + + int del_loop (const char *device) { int fd; @@ -638,3 +608,60 @@ } #endif #endif + +static int get_cipher_info(const char *name, struct cipher_info *res) +{ + char path[PATH_MAX]; + char buf[2000]; + FILE *f; + struct { + int *out; + const char *prefix; + } fields[] = {{&res->blocksize, "blocksize:"}, + {&res->keysize_mask, "keysize_mask:"}, + {&res->ivsize, "ivsize:"}, + {&res->key_schedule_size, "key_schedule_size:"}}; + snprintf(path, sizeof(path), "/proc/crypto/cipher/%s", name); + f = fopen(path, "r"); + while(f && fgets(buf, sizeof(buf), f)) { + int i; + for (i = 0; i < sizeof(fields)/sizeof(fields[0]); i++) { + int len = strlen(fields[i].prefix); + if (strncmp(buf, fields[i].prefix, len) == 0) { + *fields[i].out = strtoul(&buf[len+1], NULL, 0); + break; + } + } + + } + if (!f) + return -1; + return 0; +} + + +static int +name_to_id(const char *name) +{ + int i; + + if (name) { + for (i = 0; crypt_type_tbl[i].id != -1; i++) + if (!strcasecmp (name, crypt_type_tbl[i].name)) + return crypt_type_tbl[i].id; + } + return LO_CRYPT_CRYPTOAPI; +} + +#ifdef MAIN +static char * +id_to_name(int id) { + int i; + + for (i = 0; crypt_type_tbl[i].id != -1; i++) + if (id == crypt_type_tbl[i].id) + return crypt_type_tbl[i].name; + return "undefined"; +} +#endif + --uAKRQypu60I7Lcqm-- Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From owner-linux-crypto@nl.linux.org Sun Jan 7 15:53:57 2001 Received: by humbolt.nl.linux.org id ; Sun, 7 Jan 2001 15:53:24 +0100 Received: from midten.fast.no ([213.188.8.11]:63756 "EHLO midten.fast.no") by humbolt.nl.linux.org with ESMTP id ; Sun, 7 Jan 2001 15:52:54 +0100 Received: (from astor@localhost) by midten.fast.no (8.9.3/8.9.3) id PAA83404; Sun, 7 Jan 2001 15:52:47 +0100 (CET) Date: Sun, 7 Jan 2001 15:52:47 +0100 From: Alexander S A Kjeldaas To: Marc Mutz Cc: Billy Harvey , linux-crypto@nl.linux.org Subject: Re: New patches out for 2.2 and 2.4. Message-ID: <20010107155247.A83162@midten.fast.no> References: <20010105230756.A29749@midten.fast.no> <20010106035918.B40084@midten.fast.no> <14935.27501.263804.328946@rhino.thrillseeker.net> <3A579391.848D703D@Mutz.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i In-Reply-To: <3A579391.848D703D@Mutz.com>; from Marc Mutz on Sat, Jan 06, 2001 at 09:52:17PM +0000 Sender: owner-linux-crypto@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;linux-crypto-list On Sat, Jan 06, 2001 at 09:52:17PM +0000, Marc Mutz wrote: > > This is a known bug. It's on Ted's todo list (linux24.sourceforge.net) > in section (to do, but no showstopper). This is why it is still there. A > fix exists, but isn't merged would probably be the better section, > because there is a patch by Jens Axboe that seems to fix the problem. > But then agian, they may not be sure _why_ it fixes it: > Thanks for the pointer. It seemed to work briefly, but then it started oopsing on me during LOOP_SET_FD (inode->i_bdev was NULL for some reason). I'll try some more today. astor -- Alexander Kjeldaas Mail: astor@fast.no finger astor@master.kernel.org for OpenPGP key. Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From owner-linux-crypto@nl.linux.org Sun Jan 7 16:01:16 2001 Received: by humbolt.nl.linux.org id ; Sun, 7 Jan 2001 16:00:41 +0100 Received: from midten.fast.no ([213.188.8.11]:5901 "EHLO midten.fast.no") by humbolt.nl.linux.org with ESMTP id ; Sun, 7 Jan 2001 16:00:09 +0100 Received: (from astor@localhost) by midten.fast.no (8.9.3/8.9.3) id QAA83597; Sun, 7 Jan 2001 16:00:07 +0100 (CET) Date: Sun, 7 Jan 2001 16:00:06 +0100 From: Alexander S A Kjeldaas To: Alexander S A Kjeldaas Cc: "Dr. Ernst Molitor" , linux-crypto@nl.linux.org Subject: Re: New patches out for 2.2 and 2.4. Message-ID: <20010107160006.B83162@midten.fast.no> References: <20010105230756.A29749@midten.fast.no> <200101071052.f07Aqrw08162@mibi02.meb.uni-bonn.de> <20010107153709.D72845@midten.fast.no> Mi