/[pkg-loop-aes]/upstream/loop-aes/current/kernel-2.4.36.diff
ViewVC logotype

Contents of /upstream/loop-aes/current/kernel-2.4.36.diff

Parent Directory Parent Directory | Revision Log Revision Log

Revision 343 - (hide annotations) (download)
Thu Jul 22 02:08:29 2004 UTC (8 years, 10 months ago) by max
Original Path: loop-aes-source/vendor/current/kernel-2.4.26.diff
File size: 158550 byte(s) 
import history
<
1 max 278 Before this patch can be applied to kernel, drivers/block/loop.c and
2     include/linux/loop.h source files must be removed:
3    
4     rm -f drivers/block/loop.c include/linux/loop.h
5    
6     diff -urN linux-2.4.26-noloop/Documentation/Configure.help linux-2.4.26-AES/Documentation/Configure.help
7     --- linux-2.4.26-noloop/Documentation/Configure.help Thu Apr 15 15:55:49 2004
8     +++ linux-2.4.26-AES/Documentation/Configure.help Sat May 1 19:46:45 2004
9 max 254 @@ -607,6 +607,11 @@
10 max 21
11     If unsure, say N.
12    
13     +AES encrypted loop device support
14     +CONFIG_BLK_DEV_LOOP_AES
15     + If you want to use AES encryption algorithm to encrypt loop devices,
16     + say Y here. If you don't know what to do here, say N.
17     +
18     ATA/IDE/MFM/RLL support
19     CONFIG_IDE
20     If you say Y here, your kernel will be able to manage low cost mass
21 max 278 diff -urN linux-2.4.26-noloop/drivers/block/Config.in linux-2.4.26-AES/drivers/block/Config.in
22     --- linux-2.4.26-noloop/drivers/block/Config.in Sat Nov 29 10:54:08 2003
23     +++ linux-2.4.26-AES/drivers/block/Config.in Sat May 1 19:46:45 2004
24 max 21 @@ -41,6 +41,9 @@
25     dep_tristate 'Micro Memory MM5415 Battery Backed RAM support (EXPERIMENTAL)' CONFIG_BLK_DEV_UMEM $CONFIG_PCI $CONFIG_EXPERIMENTAL
26    
27     tristate 'Loopback device support' CONFIG_BLK_DEV_LOOP
28     +if [ "$CONFIG_BLK_DEV_LOOP" != "n" ]; then
29     + bool ' AES encrypted loop device support' CONFIG_BLK_DEV_LOOP_AES
30     +fi
31     dep_tristate 'Network block device support' CONFIG_BLK_DEV_NBD $CONFIG_NET
32    
33     tristate 'RAM disk support' CONFIG_BLK_DEV_RAM
34 max 278 diff -urN linux-2.4.26-noloop/drivers/block/loop.c linux-2.4.26-AES/drivers/block/loop.c
35     --- linux-2.4.26-noloop/drivers/block/loop.c Thu Jan 1 02:00:00 1970
36     +++ linux-2.4.26-AES/drivers/block/loop.c Sat May 1 19:56:17 2004
37     @@ -0,0 +1,1834 @@
38     +/*
39     + * linux/drivers/block/loop.c
40 max 254 + *
41 max 278 + * Written by Theodore Ts'o, 3/29/93
42     + *
43     + * Copyright 1993 by Theodore Ts'o. Redistribution of this file is
44     + * permitted under the GNU General Public License.
45     + *
46     + * DES encryption plus some minor changes by Werner Almesberger, 30-MAY-1993
47     + * more DES encryption plus IDEA encryption by Nicholas J. Leon, June 20, 1996
48     + *
49     + * Modularized and updated for 1.1.16 kernel - Mitch Dsouza 28th May 1994
50     + * Adapted for 1.3.59 kernel - Andries Brouwer, 1 Feb 1996
51     + *
52     + * Fixed do_loop_request() re-entrancy - Vincent.Renardias@waw.com Mar 20, 1997
53     + *
54     + * Added devfs support - Richard Gooch <rgooch@atnf.csiro.au> 16-Jan-1998
55     + *
56     + * Handle sparse backing files correctly - Kenn Humborg, Jun 28, 1998
57     + *
58     + * Loadable modules and other fixes by AK, 1998
59     + *
60     + * Make real block number available to downstream transfer functions, enables
61 max 254 + * CBC (and relatives) mode encryption requiring unique IVs per data block.
62 max 278 + * Reed H. Petty, rhp@draper.net
63 max 254 + *
64 max 278 + * Maximum number of loop devices now dynamic via max_loop module parameter.
65     + * Russell Kroll <rkroll@exploits.org> 19990701
66     + *
67     + * Maximum number of loop devices when compiled-in now selectable by passing
68     + * max_loop=<1-255> to the kernel on boot.
69     + * Erik I. Bolsø, <eriki@himolde.no>, Oct 31, 1999
70     + *
71     + * Completely rewrite request handling to be make_request_fn style and
72     + * non blocking, pushing work to a helper thread. Lots of fixes from
73     + * Al Viro too.
74     + * Jens Axboe <axboe@suse.de>, Nov 2000
75     + *
76     + * Support up to 256 loop devices
77     + * Heinz Mauelshagen <mge@sistina.com>, Feb 2002
78     + *
79 max 21 + * AES transfer added. IV is now passed as (512 byte) sector number.
80     + * Jari Ruusu, May 18 2001
81     + *
82     + * External encryption module locking bug fixed.
83     + * Ingo Rohloff <rohloff@in.tum.de>, June 21 2001
84     + *
85     + * Make device backed loop work with swap (pre-allocated buffers + queue rewrite).
86     + * Jari Ruusu, September 2 2001
87 max 278 + *
88 max 21 + * File backed code now uses file->f_op->read/write. Based on Andrew Morton's idea.
89     + * Jari Ruusu, May 23 2002
90     + *
91     + * Backported struct loop_info64 ioctls from 2.6 kernels (64 bit offsets and
92     + * 64 bit sizelimits). Added support for removing offset from IV computations.
93     + * Jari Ruusu, September 21 2003
94     + *
95     + * Added support for MD5 IV computation and multi-key operation.
96     + * Jari Ruusu, October 8 2003
97     + *
98     + *
99 max 254 + * Still To Fix:
100     + * - Advisory locking is ignored here.
101     + * - Should use an own CAP_* category instead of CAP_SYS_ADMIN
102     + */
103 max 278 +
104     +#include <linux/config.h>
105     +#include <linux/module.h>
106     +
107     +#include <linux/sched.h>
108     +#include <linux/fs.h>
109     +#include <linux/file.h>
110     +#include <linux/stat.h>
111     +#include <linux/errno.h>
112     +#include <linux/major.h>
113     +#include <linux/wait.h>
114     +#include <linux/blk.h>
115     +#include <linux/blkpg.h>
116     +#include <linux/init.h>
117     +#include <linux/devfs_fs_kernel.h>
118     +#include <linux/smp_lock.h>
119     +#include <linux/swap.h>
120     +#include <linux/slab.h>
121     +
122     +#include <asm/uaccess.h>
123 max 21 +#include <asm/byteorder.h>
124 max 278 +
125     +#include <linux/loop.h>
126 max 21 +#include "../misc/aes.h"
127     +#include "../misc/md5.h"
128 max 278 +
129     +#define MAJOR_NR LOOP_MAJOR
130     +
131     +static int max_loop = 8;
132     +static struct loop_device *loop_dev;
133     +static int *loop_sizes;
134     +static int *loop_blksizes;
135 max 21 +static int *loop_hardsizes;
136 max 278 +static devfs_handle_t devfs_handle; /* For the directory */
137     +
138     +#if defined(__x86_64__) && defined(CONFIG_IA32_EMULATION)
139     +# include <asm/ioctl32.h>
140     +# define IOCTL32_COMPATIBLE_PTR ((void*)sys_ioctl)
141     +#endif
142     +
143     +/*
144     + * Transfer functions
145     + */
146     +static int transfer_none(struct loop_device *lo, int cmd, char *raw_buf,
147     + char *loop_buf, int size, int real_block)
148     +{
149 max 21 + /* this code is only called from file backed loop */
150     + /* and that code expects this function to be no-op */
151 max 278 +
152 max 21 + if (current->need_resched)
153     + {set_current_state(TASK_RUNNING);schedule();}
154 max 278 + return 0;
155     +}
156     +
157     +static int transfer_xor(struct loop_device *lo, int cmd, char *raw_buf,
158     + char *loop_buf, int size, int real_block)
159     +{
160     + char *in, *out, *key;
161     + int i, keysize;
162     +
163     + if (cmd == READ) {
164     + in = raw_buf;
165     + out = loop_buf;
166     + } else {
167     + in = loop_buf;
168     + out = raw_buf;
169     + }
170     +
171     + key = lo->lo_encrypt_key;
172     + keysize = lo->lo_encrypt_key_size;
173     + for (i = 0; i < size; i++)
174     + *out++ = *in++ ^ key[(i & 511) % keysize];
175 max 21 + if (current->need_resched)
176     + {set_current_state(TASK_RUNNING);schedule();}
177 max 278 + return 0;
178     +}
179     +
180     +static int none_status(struct loop_device *lo, struct loop_info *info)
181     +{
182     + return 0;
183     +}
184     +
185     +static int xor_status(struct loop_device *lo, struct loop_info *info)
186     +{
187     + if (info->lo_encrypt_key_size <= 0)
188     + return -EINVAL;
189     + return 0;
190     +}
191     +
192 max 254 +struct loop_func_table none_funcs = {
193 max 278 + number: LO_CRYPT_NONE,
194     + transfer: transfer_none,
195     + init: none_status,
196     +};
197     +
198 max 254 +struct loop_func_table xor_funcs = {
199 max 278 + number: LO_CRYPT_XOR,
200     + transfer: transfer_xor,
201 max 254 + init: xor_status,
202 max 278 +};
203     +
204 max 21 +#if CONFIG_BLK_DEV_LOOP_AES
205     +typedef struct {
206     + aes_context *keyPtr[64];
207     + unsigned keyMask;
208     +} AESmultiKey;
209     +
210     +static AESmultiKey *allocMultiKey(void)
211     +{
212     + AESmultiKey *m;
213     + aes_context *a;
214     + int x, n;
215     +
216     + m = (AESmultiKey *) kmalloc(sizeof(AESmultiKey), GFP_KERNEL);
217     + if(!m) return 0;
218     + memset(m, 0, sizeof(AESmultiKey));
219     +
220     + n = PAGE_SIZE / sizeof(aes_context);
221     + if(!n) n = 1;
222     +
223     + a = (aes_context *) kmalloc(sizeof(aes_context) * n, GFP_KERNEL);
224     + if(!a) {
225     + kfree(m);
226 max 254 + return 0;
227 max 21 + }
228     +
229     + x = 0;
230     + while((x < 64) && n) {
231     + m->keyPtr[x] = a;
232     + a++;
233     + x++;
234     + n--;
235     + }
236     + return m;
237     +}
238     +
239     +static void clearAndFreeMultiKey(AESmultiKey *m)
240     +{
241     + aes_context *a;
242     + int x, n;
243     +
244     + n = PAGE_SIZE / sizeof(aes_context);
245     + if(!n) n = 1;
246     +
247     + x = 0;
248     + while(x < 64) {
249     + a = m->keyPtr[x];
250     + if(!a) break;
251     + memset(a, 0, sizeof(aes_context) * n);
252     + kfree(a);
253     + x += n;
254     + }
255     +
256     + kfree(m);
257     +}
258     +
259     +static int multiKeySetup(struct loop_device *lo, unsigned char *k)
260     +{
261     + AESmultiKey *m;
262     + aes_context *a;
263     + int x, y, n;
264 max 278 + union {
265     + u_int32_t w[8]; /* needed for 4 byte alignment for b[] */
266     + unsigned char b[32];
267     + } un;
268 max 21 +
269     + if(lo->lo_key_owner != current->uid && !capable(CAP_SYS_ADMIN))
270     + return -EPERM;
271     +
272     + m = (AESmultiKey *)lo->key_data;
273     + if(!m) return -ENXIO;
274     +
275     + n = PAGE_SIZE / sizeof(aes_context);
276     + if(!n) n = 1;
277     +
278     + x = 0;
279     + while(x < 64) {
280     + if(!m->keyPtr[x]) {
281     + a = (aes_context *) kmalloc(sizeof(aes_context) * n, GFP_KERNEL);
282     + if(!a) return -ENOMEM;
283     + y = x;
284     + while((y < (x + n)) && (y < 64)) {
285     + m->keyPtr[y] = a;
286     + a++;
287     + y++;
288     + }
289     + }
290 max 278 + if(copy_from_user(&un.b[0], k, 32)) return -EFAULT;
291     + aes_set_key(m->keyPtr[x], &un.b[0], lo->lo_encrypt_key_size, 0);
292 max 21 + k += 32;
293     + x++;
294     + }
295     + m->keyMask = 0x3F; /* range 0...63 */
296     + lo->lo_flags |= 0x100000; /* multi-key (info exported to user space) */
297 max 278 + memset(&un.b[0], 0, 32);
298 max 21 + return 0;
299     +}
300     +
301     +void loop_compute_sector_iv(int devSect, u_int32_t *ivout)
302     +{
303     + ivout[0] = cpu_to_le32(devSect);
304     + ivout[3] = ivout[2] = ivout[1] = 0;
305     +}
306     +
307     +void loop_compute_md5_iv(int devSect, u_int32_t *ivout, u_int32_t *data)
308     +{
309 max 172 + int x;
310     +#if defined(__BIG_ENDIAN)
311     + int y, e;
312     +#endif
313 max 21 + u_int32_t buf[16];
314     +
315     + ivout[0] = 0x67452301;
316     + ivout[1] = 0xefcdab89;
317     + ivout[2] = 0x98badcfe;
318     + ivout[3] = 0x10325476;
319     +
320 max 172 +#if defined(__BIG_ENDIAN)
321 max 21 + y = 7;
322     + e = 16;
323     + do {
324 max 172 + if (!y) {
325 max 21 + e = 12;
326     + /* md5_transform_CPUbyteorder wants data in CPU byte order */
327     + /* devSect is already in CPU byte order -- no need to convert */
328     + /* 32 bits of sector number + 24 zero bits */
329     + buf[12] = devSect;
330     + buf[13] = 0x80000000;
331     + /* 4024 bits == 31 * 128 bit plaintext blocks + 56 bits of sector number */
332     + buf[14] = 4024;
333     + buf[15] = 0;
334     + }
335 max 172 + x = 0;
336     + do {
337     + buf[x ] = cpu_to_le32(data[0]);
338     + buf[x + 1] = cpu_to_le32(data[1]);
339     + buf[x + 2] = cpu_to_le32(data[2]);
340     + buf[x + 3] = cpu_to_le32(data[3]);
341     + x += 4;
342     + data += 4;
343     + } while (x < e);
344 max 21 + md5_transform_CPUbyteorder(&ivout[0], &buf[0]);
345     + } while (--y >= 0);
346     + ivout[0] = cpu_to_le32(ivout[0]);
347     + ivout[1] = cpu_to_le32(ivout[1]);
348     + ivout[2] = cpu_to_le32(ivout[2]);
349     + ivout[3] = cpu_to_le32(ivout[3]);
350 max 172 +#else
351     + x = 6;
352     + do {
353     + md5_transform_CPUbyteorder(&ivout[0], data);
354     + data += 16;
355     + } while (--x >= 0);
356     + memcpy(buf, data, 48);
357     + /* md5_transform_CPUbyteorder wants data in CPU byte order */
358     + /* devSect is already in CPU byte order -- no need to convert */
359     + /* 32 bits of sector number + 24 zero bits */
360     + buf[12] = devSect;
361     + buf[13] = 0x80000000;
362     + /* 4024 bits == 31 * 128 bit plaintext blocks + 56 bits of sector number */
363     + buf[14] = 4024;
364     + buf[15] = 0;
365     + md5_transform_CPUbyteorder(&ivout[0], &buf[0]);
366 max 21 +#endif
367     +}
368     +
369     +static int transfer_aes(struct loop_device *lo, int cmd, char *raw_buf,
370     + char *loop_buf, int size, int devSect)
371     +{
372     + aes_context *a;
373     + AESmultiKey *m;
374     + int x;
375     + unsigned y;
376     + u_int32_t iv[8];
377     +
378     + if(!size || (size & 511)) {
379     + return -EINVAL;
380     + }
381     + m = (AESmultiKey *)lo->key_data;
382     + y = m->keyMask;
383     + if(cmd == READ) {
384     + while(size) {
385     + a = m->keyPtr[((unsigned)devSect) & y];
386     + if(y) {
387     + memcpy(&iv[0], raw_buf, 16);
388     + raw_buf += 16;
389     + loop_buf += 16;
390     + } else {
391     + loop_compute_sector_iv(devSect, &iv[0]);
392     + }
393     + x = 15;
394     + do {
395     + memcpy(&iv[4], raw_buf, 16);
396     + aes_decrypt(a, raw_buf, loop_buf);
397     + *((u_int32_t *)(&loop_buf[ 0])) ^= iv[0];
398     + *((u_int32_t *)(&loop_buf[ 4])) ^= iv[1];
399     + *((u_int32_t *)(&loop_buf[ 8])) ^= iv[2];
400     + *((u_int32_t *)(&loop_buf[12])) ^= iv[3];
401     + if(y && !x) {
402     + raw_buf -= 496;
403     + loop_buf -= 496;
404     + loop_compute_md5_iv(devSect, &iv[4], (u_int32_t *)(&loop_buf[16]));
405     + } else {
406     + raw_buf += 16;
407     + loop_buf += 16;
408     + memcpy(&iv[0], raw_buf, 16);
409     + }
410     + aes_decrypt(a, raw_buf, loop_buf);
411     + *((u_int32_t *)(&loop_buf[ 0])) ^= iv[4];
412     + *((u_int32_t *)(&loop_buf[ 4])) ^= iv[5];
413     + *((u_int32_t *)(&loop_buf[ 8])) ^= iv[6];
414     + *((u_int32_t *)(&loop_buf[12])) ^= iv[7];
415     + if(y && !x) {
416     + raw_buf += 512;
417     + loop_buf += 512;
418     + } else {
419     + raw_buf += 16;
420     + loop_buf += 16;
421     + }
422     + } while(--x >= 0);
423     + if(current->need_resched) {set_current_state(TASK_RUNNING);schedule();}
424     + size -= 512;
425     + devSect++;
426     + }
427     + } else {
428     + while(size) {
429     + a = m->keyPtr[((unsigned)devSect) & y];
430     + if(y) {
431 max 74 + memcpy(raw_buf, loop_buf, 512);
432     + loop_compute_md5_iv(devSect, &iv[0], (u_int32_t *)(&raw_buf[16]));
433     + x = 15;
434     + do {
435     + iv[0] ^= *((u_int32_t *)(&raw_buf[ 0]));
436     + iv[1] ^= *((u_int32_t *)(&raw_buf[ 4]));
437     + iv[2] ^= *((u_int32_t *)(&raw_buf[ 8]));
438     + iv[3] ^= *((u_int32_t *)(&raw_buf[12]));
439     + aes_encrypt(a, (unsigned char *)(&iv[0]), raw_buf);
440     + memcpy(&iv[0], raw_buf, 16);
441     + raw_buf += 16;
442     + iv[0] ^= *((u_int32_t *)(&raw_buf[ 0]));
443     + iv[1] ^= *((u_int32_t *)(&raw_buf[ 4]));
444     + iv[2] ^= *((u_int32_t *)(&raw_buf[ 8]));
445     + iv[3] ^= *((u_int32_t *)(&raw_buf[12]));
446     + aes_encrypt(a, (unsigned char *)(&iv[0]), raw_buf);
447     + memcpy(&iv[0], raw_buf, 16);
448     + raw_buf += 16;
449     + } while(--x >= 0);
450     + loop_buf += 512;
451 max 21 + } else {
452     + loop_compute_sector_iv(devSect, &iv[0]);
453 max 74 + x = 15;
454     + do {
455     + iv[0] ^= *((u_int32_t *)(&loop_buf[ 0]));
456     + iv[1] ^= *((u_int32_t *)(&loop_buf[ 4]));
457     + iv[2] ^= *((u_int32_t *)(&loop_buf[ 8]));
458     + iv[3] ^= *((u_int32_t *)(&loop_buf[12]));
459     + aes_encrypt(a, (unsigned char *)(&iv[0]), raw_buf);
460     + memcpy(&iv[0], raw_buf, 16);
461     + loop_buf += 16;
462     + raw_buf += 16;
463     + iv[0] ^= *((u_int32_t *)(&loop_buf[ 0]));
464     + iv[1] ^= *((u_int32_t *)(&loop_buf[ 4]));
465     + iv[2] ^= *((u_int32_t *)(&loop_buf[ 8]));
466     + iv[3] ^= *((u_int32_t *)(&loop_buf[12]));
467     + aes_encrypt(a, (unsigned char *)(&iv[0]), raw_buf);
468     + memcpy(&iv[0], raw_buf, 16);
469     + loop_buf += 16;
470     + raw_buf += 16;
471     + } while(--x >= 0);
472 max 21 + }
473     + if(current->need_resched) {set_current_state(TASK_RUNNING);schedule();}
474     + size -= 512;
475     + devSect++;
476     + }
477     + }
478     + return(0);
479     +}
480     +
481     +static int keySetup_aes(struct loop_device *lo, struct loop_info *info)
482     +{
483     + AESmultiKey *m;
484 max 278 + union {
485     + u_int32_t w[8]; /* needed for 4 byte alignment for b[] */
486     + unsigned char b[32];
487     + } un;
488 max 21 +
489     + lo->key_data = m = allocMultiKey();
490     + if(!m) return(-ENOMEM);
491 max 278 + memcpy(&un.b[0], &info->lo_encrypt_key[0], 32);
492     + aes_set_key(m->keyPtr[0], &un.b[0], info->lo_encrypt_key_size, 0);
493 max 21 + memset(&info->lo_encrypt_key[0], 0, sizeof(info->lo_encrypt_key));
494 max 278 + memset(&un.b[0], 0, 32);
495 max 21 + return(0);
496     +}
497     +
498     +static int keyClean_aes(struct loop_device *lo)
499     +{
500     + if(lo->key_data) {
501     + clearAndFreeMultiKey((AESmultiKey *)lo->key_data);
502     + lo->key_data = 0;
503     + }
504     + return(0);
505     +}
506     +
507     +static int handleIoctl_aes(struct loop_device *lo, int cmd, unsigned long arg)
508     +{
509     + int err;
510     +
511     + switch (cmd) {
512     + case LOOP_MULTI_KEY_SETUP:
513     + err = multiKeySetup(lo, (unsigned char *)arg);
514     + break;
515     + default:
516     + err = -EINVAL;
517     + }
518     + return err;
519     +}
520     +
521 max 254 +static struct loop_func_table funcs_aes = {
522 max 21 + number: 16, /* 16 == AES */
523     + transfer: transfer_aes,
524     + init: keySetup_aes,
525     + release: keyClean_aes,
526     + ioctl: handleIoctl_aes
527     +};
528     +
529     +EXPORT_SYMBOL(loop_compute_sector_iv);
530     +EXPORT_SYMBOL(loop_compute_md5_iv);
531     +#endif /* CONFIG_BLK_DEV_LOOP_AES */
532     +
533 max 254 +/* xfer_funcs[0] is special - its release function is never called */
534 max 278 +struct loop_func_table *xfer_funcs[MAX_LO_CRYPT] = {
535     + &none_funcs,
536 max 21 + &xor_funcs,
537     +#if CONFIG_BLK_DEV_LOOP_AES
538     + [LO_CRYPT_AES] = &funcs_aes,
539     +#endif
540 max 278 +};
541     +
542 max 21 +/*
543     + * First number of 'lo_prealloc' is the default number of RAM pages
544     + * to pre-allocate for each device backed loop. Every (configured)
545     + * device backed loop pre-allocates this amount of RAM pages unless
546     + * later 'lo_prealloc' numbers provide an override. 'lo_prealloc'
547     + * overrides are defined in pairs: loop_index,number_of_pages
548     + */
549     +static int lo_prealloc[9] = { 125, 999, 0, 999, 0, 999, 0, 999, 0 };
550     +#define LO_PREALLOC_MIN 4 /* minimum user defined pre-allocated RAM pages */
551     +#define LO_PREALLOC_MAX 512 /* maximum user defined pre-allocated RAM pages */
552     +
553     +#ifdef MODULE
554     +MODULE_PARM(lo_prealloc, "1-9i");
555     +MODULE_PARM_DESC(lo_prealloc, "Number of pre-allocated pages [,index,pages]...");
556     +#else
557     +static int __init lo_prealloc_setup(char *str)
558     +{
559     + int x, y, z;
560     +
561     + for (x = 0; x < (sizeof(lo_prealloc) / sizeof(int)); x++) {
562     + z = get_option(&str, &y);
563     + if (z > 0)
564     + lo_prealloc[x] = y;
565     + if (z < 2)
566     + break;
567     + }
568     + return 1;
569 max 278 +}
570 max 21 +__setup("lo_prealloc=", lo_prealloc_setup);
571     +#endif
572 max 278 +
573 max 21 +/*
574     + * This is loop helper thread nice value in range
575     + * from 0 (low priority) to -20 (high priority).
576     + */
577     +#if defined(DEF_NICE) && defined(DEF_COUNTER)
578     +static int lo_nice = -20; /* old scheduler default */
579     +#else
580     +static int lo_nice = -1; /* O(1) scheduler default */
581     +#endif
582     +
583     +#ifdef MODULE
584     +MODULE_PARM(lo_nice, "1i");
585     +MODULE_PARM_DESC(lo_nice, "Loop thread scheduler nice (0 ... -20)");
586     +#else
587     +static int __init lo_nice_setup(char *str)
588     +{
589     + int y;
590     +
591     + if (get_option(&str, &y) == 1)
592     + lo_nice = y;
593     + return 1;
594     +}
595     +__setup("lo_nice=", lo_nice_setup);
596     +#endif
597     +
598     +typedef struct {
599     + struct buffer_head **q0;
600     + struct buffer_head **q1;
601     + struct buffer_head **q2;
602     + int x0;
603     + int x1;
604     + int x2;
605     +} que_look_up_table;
606 max 278 +
607 max 21 +static void loop_prealloc_cleanup(struct loop_device *lo)
608 max 278 +{
609 max 21 + struct buffer_head *bh;
610 max 278 +
611 max 21 + while ((bh = lo->lo_bh_free)) {
612     + __free_page(bh->b_page);
613     + lo->lo_bh_free = bh->b_reqnext;
614     + bh->b_reqnext = NULL;
615     + kmem_cache_free(bh_cachep, bh);
616 max 278 + }
617     +}
618     +
619 max 21 +static int loop_prealloc_init(struct loop_device *lo, int y)
620 max 278 +{
621 max 21 + struct buffer_head *bh;
622     + int x;
623 max 278 +
624 max 21 + if(!y) {
625     + y = lo_prealloc[0];
626     + for (x = 1; x < (sizeof(lo_prealloc) / sizeof(int)); x += 2) {
627     + if (lo_prealloc[x + 1] && (lo->lo_number == lo_prealloc[x])) {
628     + y = lo_prealloc[x + 1];
629     + break;
630     + }
631     + }
632     + }
633     + lo->lo_bh_flsh = (y * 3) / 4;
634 max 278 +
635 max 21 + for (x = 0; x < y; x++) {
636     + bh = kmem_cache_alloc(bh_cachep, SLAB_KERNEL);
637     + if (!bh) {
638     + loop_prealloc_cleanup(lo);
639     + return 1;
640     + }
641     + bh->b_page = alloc_page(GFP_KERNEL);
642     + if (!bh->b_page) {
643     + bh->b_reqnext = NULL;
644     + kmem_cache_free(bh_cachep, bh);
645     + loop_prealloc_cleanup(lo);
646     + return 1;
647     + }
648     + bh->b_reqnext = lo->lo_bh_free;
649     + lo->lo_bh_free = bh;
650 max 278 + }
651 max 21 + return 0;
652 max 278 +}
653     +
654 max 21 +static void loop_add_queue_last(struct loop_device *lo, struct buffer_head *bh, struct buffer_head **q)
655 max 278 +{
656 max 21 + unsigned long flags;
657 max 278 +
658 max 21 + spin_lock_irqsave(&lo->lo_lock, flags);
659     + if (*q) {
660     + bh->b_reqnext = (*q)->b_reqnext;
661     + (*q)->b_reqnext = bh;
662     + } else {
663     + bh->b_reqnext = bh;
664     + }
665     + *q = bh;
666     + spin_unlock_irqrestore(&lo->lo_lock, flags);
667 max 278 +
668 max 21 + if (waitqueue_active(&lo->lo_bh_wait))
669     + wake_up_interruptible(&lo->lo_bh_wait);
670 max 278 +}
671     +
672 max 21 +static void loop_add_queue_first(struct loop_device *lo, struct buffer_head *bh, struct buffer_head **q)
673 max 278 +{
674 max 21 + spin_lock_irq(&lo->lo_lock);
675     + if (*q) {
676     + bh->b_reqnext = (*q)->b_reqnext;
677     + (*q)->b_reqnext = bh;
678     + } else {
679     + bh->b_reqnext = bh;
680     + *q = bh;
681     + }
682     + spin_unlock_irq(&lo->lo_lock);
683 max 278 +}
684     +
685 max 21 +static struct buffer_head *loop_get_bh(struct loop_device *lo, int *list_nr,
686     + que_look_up_table *qt)
687 max 278 +{
688 max 21 + struct buffer_head *bh = NULL, *last;
689 max 278 +
690 max 21 + spin_lock_irq(&lo->lo_lock);
691     + if ((last = *qt->q0)) {
692     + bh = last->b_reqnext;
693     + if (bh == last)
694     + *qt->q0 = NULL;
695     + else
696     + last->b_reqnext = bh->b_reqnext;
697     + bh->b_reqnext = NULL;
698     + *list_nr = qt->x0;
699     + } else if ((last = *qt->q1)) {
700     + bh = last->b_reqnext;
701     + if (bh == last)
702     + *qt->q1 = NULL;
703     + else
704     + last->b_reqnext = bh->b_reqnext;
705     + bh->b_reqnext = NULL;
706     + *list_nr = qt->x1;
707     + } else if ((last = *qt->q2)) {
708     + bh = last->b_reqnext;
709     + if (bh == last)
710     + *qt->q2 = NULL;
711     + else
712     + last->b_reqnext = bh->b_reqnext;
713     + bh->b_reqnext = NULL;
714     + *list_nr = qt->x2;
715 max 278 + }
716 max 21 + spin_unlock_irq(&lo->lo_lock);
717     + return bh;
718 max 278 +}
719     +
720 max 21 +static void loop_put_buffer(struct loop_device *lo, struct buffer_head *b)
721 max 278 +{
722     + unsigned long flags;
723 max 21 + int wk;
724 max 278 +
725     + spin_lock_irqsave(&lo->lo_lock, flags);
726 max 21 + b->b_reqnext = lo->lo_bh_free;
727     + lo->lo_bh_free = b;
728     + wk = lo->lo_bh_need;
729 max 278 + spin_unlock_irqrestore(&lo->lo_lock, flags);
730     +
731 max 21 + if (wk && waitqueue_active(&lo->lo_bh_wait))
732     + wake_up_interruptible(&lo->lo_bh_wait);
733 max 278 +}
734     +
735 max 21 +static void loop_end_io_transfer_wr(struct buffer_head *bh, int uptodate)
736 max 278 +{
737 max 21 + struct loop_device *lo = &loop_dev[MINOR(bh->b_dev)];
738     + struct buffer_head *rbh = bh->b_private;
739 max 278 +
740 max 21 + rbh->b_reqnext = NULL;
741     + rbh->b_end_io(rbh, uptodate);
742     + loop_put_buffer(lo, bh);
743     + if (atomic_dec_and_test(&lo->lo_pending))
744     + wake_up_interruptible(&lo->lo_bh_wait);
745 max 278 +}
746     +
747 max 21 +static void loop_end_io_transfer_rd(struct buffer_head *bh, int uptodate)
748 max 278 +{
749     + struct loop_device *lo = &loop_dev[MINOR(bh->b_dev)];
750     +
751 max 21 + if (!uptodate)
752     + loop_end_io_transfer_wr(bh, uptodate);
753     + else
754     + loop_add_queue_last(lo, bh, &lo->lo_bh_que0);
755 max 278 +}
756     +
757     +static struct buffer_head *loop_get_buffer(struct loop_device *lo,
758 max 21 + struct buffer_head *rbh, int from_thread, int rw)
759 max 278 +{
760     + struct buffer_head *bh;
761 max 21 + struct page *p;
762     + unsigned long flags;
763 max 278 +
764 max 21 + spin_lock_irqsave(&lo->lo_lock, flags);
765     + bh = lo->lo_bh_free;
766     + if (bh) {
767     + lo->lo_bh_free = bh->b_reqnext;
768     + if (from_thread)
769     + lo->lo_bh_need = 0;
770     + } else {
771     + if (from_thread)
772     + lo->lo_bh_need = 1;
773 max 278 + }
774 max 21 + spin_unlock_irqrestore(&lo->lo_lock, flags);
775     + if (!bh)
776     + return (struct buffer_head *)0;
777 max 278 +
778 max 21 + p = bh->b_page;
779     + memset(bh, 0, sizeof(struct buffer_head));
780     + bh->b_page = p;
781 max 278 +
782 max 21 + bh->b_private = rbh;
783 max 278 + bh->b_size = rbh->b_size;
784     + bh->b_dev = rbh->b_rdev;
785 max 21 + bh->b_rdev = lo->lo_device;
786 max 278 + bh->b_state = (1 << BH_Req) | (1 << BH_Mapped) | (1 << BH_Lock);
787 max 21 + bh->b_data = page_address(bh->b_page);
788     + bh->b_end_io = (rw == WRITE) ? loop_end_io_transfer_wr : loop_end_io_transfer_rd;
789     + bh->b_rsector = rbh->b_rsector + lo->lo_offs_sec;
790     + init_waitqueue_head(&bh->b_wait);
791     +
792     + return bh;
793     +}
794     +
795     +static int figure_loop_size(struct loop_device *lo)
796     +{
797     + loff_t size, offs;
798     + unsigned int x;
799     + int err = 0;
800     + kdev_t lodev = lo->lo_device;
801     +
802     + offs = lo->lo_offset;
803     + if (S_ISREG(lo->lo_backing_file->f_dentry->d_inode->i_mode)) {
804     + size = lo->lo_backing_file->f_dentry->d_inode->i_size;
805     + } else {
806     + offs &= ~((loff_t)511);
807     + if (blk_size[MAJOR(lodev)])
808     + size = (loff_t)(blk_size[MAJOR(lodev)][MINOR(lodev)]) << BLOCK_SIZE_BITS;
809     + else
810     + size = 1024*1024*1024; /* unknown size */
811     + }
812     + if ((offs > 0) && (offs < size)) {
813     + size -= offs;
814     + } else {
815     + if (offs)
816     + err = -EINVAL;
817     + lo->lo_offset = 0;
818     + lo->lo_offs_sec = lo->lo_iv_remove = 0;
819     + }
820     + if ((lo->lo_sizelimit > 0) && (lo->lo_sizelimit <= size)) {
821     + size = lo->lo_sizelimit;
822     + } else {
823     + if (lo->lo_sizelimit)
824     + err = -EINVAL;
825     + lo->lo_sizelimit = 0;
826     + }
827     + size >>= BLOCK_SIZE_BITS;
828 max 278 +
829     + /*
830 max 21 + * Unfortunately, if we want to do I/O on the device,
831     + * the number of 1024-byte blocks has to fit into unsigned int
832 max 278 + */
833 max 21 + x = (unsigned int)size;
834     + if ((loff_t)x != size) {
835     + err = -EFBIG;
836     + size = 0;
837     + }
838 max 278 +
839 max 21 + loop_sizes[lo->lo_number] = size;
840     + return err;
841     +}
842 max 278 +
843 max 21 +static int loop_file_io(struct file *file, char *buf, int size, loff_t *ppos, int w)
844     +{
845     + mm_segment_t fs;
846     + int x, y, z;
847 max 278 +
848 max 21 + y = 0;
849     + do {
850     + z = size - y;
851 max 254 + fs = get_fs();
852 max 21 + set_fs(get_ds());
853     + if (w) {
854     + x = file->f_op->write(file, buf + y, z, ppos);
855     + set_fs(fs);
856     + } else {
857     + x = file->f_op->read(file, buf + y, z, ppos);
858     + set_fs(fs);
859     + if (!x)
860     + return 1;
861     + }
862     + if (x < 0) {
863     + if ((x == -EAGAIN) || (x == -ENOMEM) || (x == -ERESTART) || (x == -EINTR)) {
864     + run_task_queue(&tq_disk);
865     + set_current_state(TASK_INTERRUPTIBLE);
866     + schedule_timeout(HZ / 2);
867     + continue;
868     + }
869     + return 1;
870     + }
871     + y += x;
872     + } while (y < size);
873     + return 0;
874     +}
875 max 278 +
876 max 21 +static int do_bh_filebacked(struct loop_device *lo, struct buffer_head *bh, int rw)
877     +{
878     + loff_t pos;
879     + struct file *file = lo->lo_backing_file;
880     + char *data, *buf;
881     + unsigned int size, len;
882     + unsigned long IV;
883     +
884     + pos = ((loff_t) bh->b_rsector << 9) + lo->lo_offset;
885     + buf = page_address(lo->lo_bh_free->b_page);
886     + len = bh->b_size;
887     + data = bh_kmap(bh);
888     + IV = bh->b_rsector;
889     + if (!lo->lo_iv_remove)
890     + IV += lo->lo_offs_sec;
891     + while (len > 0) {
892     + if (lo->lo_encrypt_type == LO_CRYPT_NONE) {
893     + /* this code relies that NONE transfer is a no-op */
894     + buf = data;
895     + }
896     + size = PAGE_SIZE;
897     + if (size > len)
898     + size = len;
899     + if (rw == WRITE) {
900     + if (lo_do_transfer(lo, WRITE, buf, data, size, IV)) {
901     + printk(KERN_ERR "loop%d: write transfer error, sector %lu\n", lo->lo_number, IV);
902     + goto kunmap_and_out;
903     + }
904     + if (loop_file_io(file, buf, size, &pos, 1)) {
905     + printk(KERN_ERR "loop%d: write i/o error, sector %lu\n", lo->lo_number, IV);
906     + goto kunmap_and_out;
907     + }
908     + } else {
909     + if (loop_file_io(file, buf, size, &pos, 0)) {
910     + printk(KERN_ERR "loop%d: read i/o error, sector %lu\n", lo->lo_number, IV);
911     + goto kunmap_and_out;
912     + }
913     + if (lo_do_transfer(lo, READ, buf, data, size, IV)) {
914     + printk(KERN_ERR "loop%d: read transfer error, sector %lu\n", lo->lo_number, IV);
915     + goto kunmap_and_out;
916     + }
917     + }
918     + data += size;
919     + len -= size;
920     + IV += size >> 9;
921     + }
922     + bh_kunmap(bh);
923     + return 0;
924     +
925     +kunmap_and_out:
926     + bh_kunmap(bh);
927     + return 1;
928 max 278 +}
929     +
930     +static int loop_make_request(request_queue_t *q, int rw, struct buffer_head *rbh)
931     +{
932 max 21 + struct buffer_head *bh;
933 max 278 + struct loop_device *lo;
934 max 21 + char *md;
935 max 278 +
936 max 21 + set_current_state(TASK_RUNNING);
937 max 278 + if (!buffer_locked(rbh))
938     + BUG();
939     +
940     + if (MINOR(rbh->b_rdev) >= max_loop)
941     + goto out;
942     +
943     + lo = &loop_dev[MINOR(rbh->b_rdev)];
944     + spin_lock_irq(&lo->lo_lock);
945     + if (lo->lo_state != Lo_bound)
946     + goto inactive;
947     + atomic_inc(&lo->lo_pending);
948     + spin_unlock_irq(&lo->lo_lock);
949     +
950     + if (rw == WRITE) {
951     + if (lo->lo_flags & LO_FLAGS_READ_ONLY)
952     + goto err;
953     + } else if (rw == READA) {
954     + rw = READ;
955     + } else if (rw != READ) {
956 max 21 + printk(KERN_ERR "loop%d: unknown command (%d)\n", lo->lo_number, rw);
957 max 278 + goto err;
958     + }
959     +
960     + /*
961     + * file backed, queue for loop_thread to handle
962     + */
963     + if (lo->lo_flags & LO_FLAGS_DO_BMAP) {
964 max 21 + loop_add_queue_last(lo, rbh, (rw == WRITE) ? &lo->lo_bh_que1 : &lo->lo_bh_que0);
965 max 254 + return 0;
966     + }
967     +
968     + /*
969     + * device backed, just remap rdev & rsector for NONE transfer
970     + */
971     + if (lo->lo_encrypt_type == LO_CRYPT_NONE) {
972     + rbh->b_rsector += lo->lo_offs_sec;
973     + rbh->b_rdev = lo->lo_device;
974     + generic_make_request(rw, rbh);
975     + if (atomic_dec_and_test(&lo->lo_pending))
976     + wake_up_interruptible(&lo->lo_bh_wait);
977 max 278 + return 0;
978     + }
979     +
980     + /*
981 max 254 + * device backed, start reads and writes now if buffer available
982 max 278 + */
983 max 21 + bh = loop_get_buffer(lo, rbh, 0, rw);
984     + if (!bh) {
985     + /* just queue request and let thread handle alloc later */
986     + loop_add_queue_last(lo, rbh, (rw == WRITE) ? &lo->lo_bh_que1 : &lo->lo_bh_que2);
987     + return 0;
988     + }
989 max 278 + if (rw == WRITE) {
990 max 21 + int trv;
991     + md = bh_kmap(rbh);
992     + trv = lo_do_transfer(lo, WRITE, bh->b_data, md, bh->b_size, bh->b_rsector - lo->lo_iv_remove);
993     + bh_kunmap(rbh);
994     + if (trv) {
995     + loop_put_buffer(lo, bh);
996 max 278 + goto err;
997 max 21 + }
998 max 278 + }
999     + generic_make_request(rw, bh);
1000     + return 0;
1001     +
1002     +err:
1003     + if (atomic_dec_and_test(&lo->lo_pending))
1004 max 21 + wake_up_interruptible(&lo->lo_bh_wait);
1005 max 278 +out:
1006     + buffer_IO_error(rbh);
1007     + return 0;
1008     +inactive:
1009     + spin_unlock_irq(&lo->lo_lock);
1010     + goto out;
1011     +}
1012     +
1013     +/*
1014     + * worker thread that handles reads/writes to file backed loop devices,
1015     + * to avoid blocking in our make_request_fn. it also does loop decrypting
1016     + * on reads for block backed loop, as that is too heavy to do from
1017     + * b_end_io context where irqs may be disabled.
1018     + */
1019     +static int loop_thread(void *data)
1020     +{
1021     + struct loop_device *lo = data;
1022 max 21 + struct buffer_head *bh, *xbh;
1023     + int x, rw, qi = 0, flushcnt = 0;
1024     + wait_queue_t waitq;
1025     + que_look_up_table qt[4] = {
1026     + { &lo->lo_bh_que0, &lo->lo_bh_que1, &lo->lo_bh_que2, 0, 1, 2 },
1027     + { &lo->lo_bh_que2, &lo->lo_bh_que0, &lo->lo_bh_que1, 2, 0, 1 },
1028     + { &lo->lo_bh_que0, &lo->lo_bh_que2, &lo->lo_bh_que1, 0, 2, 1 },
1029     + { &lo->lo_bh_que1, &lo->lo_bh_que0, &lo->lo_bh_que2, 1, 0, 2 }
1030     + };
1031     + char *md;
1032     + static const struct rlimit loop_rlim_defaults[RLIM_NLIMITS] = INIT_RLIMITS;
1033 max 278 +
1034 max 21 + init_waitqueue_entry(&waitq, current);
1035     + memcpy(&current->rlim[0], &loop_rlim_defaults[0], sizeof(current->rlim));
1036 max 278 + daemonize();
1037     + exit_files(current);
1038     + reparent_to_init();
1039     +
1040     + sprintf(current->comm, "loop%d", lo->lo_number);
1041     +
1042     + spin_lock_irq(&current->sigmask_lock);
1043     + sigfillset(&current->blocked);
1044     + flush_signals(current);
1045     + spin_unlock_irq(&current->sigmask_lock);
1046     +
1047 max 21 + if (lo_nice > 0)
1048     + lo_nice = 0;
1049     + if (lo_nice < -20)
1050     + lo_nice = -20;
1051     +#if defined(DEF_NICE) && defined(DEF_COUNTER)
1052     + /* old scheduler syntax */
1053     + current->policy = SCHED_OTHER;
1054     + current->nice = lo_nice;
1055     +#else
1056     + /* O(1) scheduler syntax */
1057     + set_user_nice(current, lo_nice);
1058     +#endif
1059     +
1060 max 278 + spin_lock_irq(&lo->lo_lock);
1061     + lo->lo_state = Lo_bound;
1062     + atomic_inc(&lo->lo_pending);
1063     + spin_unlock_irq(&lo->lo_lock);
1064     +
1065     + current->flags |= PF_NOIO;
1066 max 254 +#if defined(PF_NOFREEZE)
1067     + current->flags |= PF_NOFREEZE;
1068     +#elif defined(PF_IOTHREAD)
1069     + current->flags |= PF_IOTHREAD;
1070     +#endif
1071 max 278 +
1072     + /*
1073     + * up sem, we are running
1074     + */
1075     + up(&lo->lo_sem);
1076     +
1077     + for (;;) {
1078 max 21 + add_wait_queue(&lo->lo_bh_wait, &waitq);
1079     + for (;;) {
1080     + set_current_state(TASK_INTERRUPTIBLE);
1081     + if (!atomic_read(&lo->lo_pending))
1082     + break;
1083     +
1084     + x = 0;
1085     + spin_lock_irq(&lo->lo_lock);
1086     + if (lo->lo_bh_que0) {
1087     + x = 1;
1088     + } else if (lo->lo_bh_que1 || lo->lo_bh_que2) {
1089     + /* file backed works too because lo->lo_bh_need == 0 */
1090     + if (lo->lo_bh_free || !lo->lo_bh_need)
1091     + x = 1;
1092     + }
1093     + spin_unlock_irq(&lo->lo_lock);
1094     + if (x)
1095     + break;
1096     +
1097     + schedule();
1098     + }
1099     + set_current_state(TASK_RUNNING);
1100     + remove_wait_queue(&lo->lo_bh_wait, &waitq);
1101     +
1102 max 278 + /*
1103 max 21 + * could be woken because of tear-down, not because of
1104 max 278 + * pending work
1105     + */
1106     + if (!atomic_read(&lo->lo_pending))
1107     + break;
1108     +
1109 max 21 + /*
1110     + * read queues using alternating order to prevent starvation
1111     + */
1112     + bh = loop_get_bh(lo, &x, &qt[++qi & 3]);
1113     + if (!bh)
1114     + continue;
1115     +
1116     + /*
1117     + * x list tag usage(buffer-allocated)
1118     + * --- -------------- -----------------------
1119     + * 0 lo->lo_bh_que0 dev-read(y) / file-read
1120     + * 1 lo->lo_bh_que1 dev-write(n) / file-write
1121     + * 2 lo->lo_bh_que2 dev-read(n)
1122     + */
1123     + rw = (x == 1) ? WRITE : READ;
1124     + if ((x >= 1) && !(lo->lo_flags & LO_FLAGS_DO_BMAP)) {
1125     + /* loop_make_request didn't allocate a buffer, do that now */
1126     + xbh = loop_get_buffer(lo, bh, 1, rw);
1127     + if (!xbh) {
1128     + run_task_queue(&tq_disk);
1129     + flushcnt = 0;
1130     + loop_add_queue_first(lo, bh, (rw == WRITE) ? &lo->lo_bh_que1 : &lo->lo_bh_que2);
1131     + /* lo->lo_bh_need should be 1 now, go back to sleep */
1132     + continue;
1133     + }
1134     + if (rw == WRITE) {
1135     + int trv;
1136     + md = bh_kmap(bh);
1137     + trv = lo_do_transfer(lo, WRITE, xbh->b_data, md, xbh->b_size, xbh->b_rsector - lo->lo_iv_remove);
1138     + bh_kunmap(bh);
1139     + if (trv) {
1140     + loop_put_buffer(lo, xbh);
1141     + buffer_IO_error(bh);
1142     + atomic_dec(&lo->lo_pending);
1143     + continue;
1144     + }
1145     + }
1146     + generic_make_request(rw, xbh);
1147     +
1148     + /* start I/O if there are no more requests lacking buffers */
1149     + x = 0;
1150     + spin_lock_irq(&lo->lo_lock);
1151     + if (!lo->lo_bh_que1 && !lo->lo_bh_que2)
1152     + x = 1;
1153     + spin_unlock_irq(&lo->lo_lock);
1154     + if (x || (++flushcnt >= lo->lo_bh_flsh)) {
1155     + run_task_queue(&tq_disk);
1156     + flushcnt = 0;
1157     + }
1158     +
1159     + /* request not completely processed yet */
1160 max 278 + continue;
1161     + }
1162 max 21 + if (lo->lo_flags & LO_FLAGS_DO_BMAP) {
1163     + /* request is for file backed device */
1164     + x = do_bh_filebacked(lo, bh, rw);
1165     + bh->b_reqnext = NULL;
1166     + bh->b_end_io(bh, !x);
1167     + } else {
1168     + /* device backed read has completed, do decrypt now */
1169     + xbh = bh->b_private;
1170     + /* must not use bh->b_rsector as IV, as it may be modified by LVM at this point */
1171     + /* instead, recompute IV from original request */
1172     + md = bh_kmap(xbh);
1173     + x = lo_do_transfer(lo, READ, bh->b_data, md, bh->b_size, xbh->b_rsector + lo->lo_offs_sec - lo->lo_iv_remove);
1174     + bh_kunmap(xbh);
1175     + xbh->b_reqnext = NULL;
1176     + xbh->b_end_io(xbh, !x);
1177     + loop_put_buffer(lo, bh);
1178     + }
1179 max 278 +
1180     + /*
1181 max 21 + * woken both for pending work and tear-down, lo_pending
1182 max 278 + * will hit zero then
1183     + */
1184     + if (atomic_dec_and_test(&lo->lo_pending))
1185     + break;
1186     + }
1187     +
1188     + up(&lo->lo_sem);
1189     + return 0;
1190     +}
1191     +
1192 max 21 +static void loop_set_softblksz(struct loop_device *lo, kdev_t dev)
1193     +{
1194     + int bs = 0, x;
1195     +
1196     + if (blksize_size[MAJOR(lo->lo_device)])
1197     + bs = blksize_size[MAJOR(lo->lo_device)][MINOR(lo->lo_device)];
1198     + if (!bs)
1199     + bs = BLOCK_SIZE;
1200     + if (lo->lo_flags & LO_FLAGS_DO_BMAP) {
1201     + x = loop_sizes[lo->lo_number];
1202     + if ((bs == 8192) && (x & 7))
1203     + bs = 4096;
1204     + if ((bs == 4096) && (x & 3))
1205     + bs = 2048;
1206     + if ((bs == 2048) && (x & 1))
1207     + bs = 1024;
1208     + }
1209     + set_blocksize(dev, bs);
1210     +}
1211     +
1212 max 278 +static int loop_set_fd(struct loop_device *lo, struct file *lo_file, kdev_t dev,
1213     + unsigned int arg)
1214     +{
1215     + struct file *file;
1216     + struct inode *inode;
1217     + kdev_t lo_device;
1218 max 21 + int lo_flags = 0, hardsz = 512;
1219 max 278 + int error;
1220     +
1221     + MOD_INC_USE_COUNT;
1222     +
1223     + error = -EBUSY;
1224     + if (lo->lo_state != Lo_unbound)
1225     + goto out;
1226     +
1227     + error = -EBADF;
1228     + file = fget(arg);
1229     + if (!file)
1230     + goto out;
1231     +
1232     + error = -EINVAL;
1233     + inode = file->f_dentry->d_inode;
1234     +
1235     + if (!(file->f_mode & FMODE_WRITE))
1236     + lo_flags |= LO_FLAGS_READ_ONLY;
1237     +
1238 max 21 + lo->lo_offset = lo->lo_sizelimit = 0;
1239     + lo->lo_offs_sec = lo->lo_iv_remove = 0;
1240     + lo->lo_bh_free = lo->lo_bh_que2 = lo->lo_bh_que1 = lo->lo_bh_que0 = NULL;
1241     + lo->lo_bh_need = lo->lo_bh_flsh = 0;
1242     + init_waitqueue_head(&lo->lo_bh_wait);
1243 max 278 + if (S_ISBLK(inode->i_mode)) {
1244     + lo_device = inode->i_rdev;
1245     + if (lo_device == dev) {
1246     + error = -EBUSY;
1247     + goto out_putf;
1248     + }
1249 max 21 + if (loop_prealloc_init(lo, 0)) {
1250     + error = -ENOMEM;
1251     + goto out_putf;
1252     + }
1253     + hardsz = get_hardsect_size(lo_device);
1254 max 278 + } else if (S_ISREG(inode->i_mode)) {
1255     + /*
1256     + * If we can't read - sorry. If we only can't write - well,
1257     + * it's going to be read-only.
1258     + */
1259 max 21 + if (!file->f_op || !file->f_op->read)
1260 max 278 + goto out_putf;
1261     +
1262 max 21 + if (!file->f_op->write)
1263 max 278 + lo_flags |= LO_FLAGS_READ_ONLY;
1264     +
1265     + lo_device = inode->i_dev;
1266     + lo_flags |= LO_FLAGS_DO_BMAP;
1267 max 21 + if (loop_prealloc_init(lo, 1)) {
1268     + error = -ENOMEM;
1269     + goto out_putf;
1270     + }
1271 max 278 + error = 0;
1272     + } else
1273     + goto out_putf;
1274     +
1275     + get_file(file);
1276     +
1277 max 21 + if ((S_ISREG(inode->i_mode) && IS_RDONLY(inode)) || is_read_only(lo_device)
1278 max 278 + || !(lo_file->f_mode & FMODE_WRITE))
1279     + lo_flags |= LO_FLAGS_READ_ONLY;
1280     +
1281     + set_device_ro(dev, (lo_flags & LO_FLAGS_READ_ONLY) != 0);
1282     +
1283     + lo->lo_device = lo_device;
1284     + lo->lo_flags = lo_flags;
1285 max 21 + if(lo_flags & LO_FLAGS_READ_ONLY)
1286     + lo->lo_flags |= 0x200000; /* export to user space */
1287 max 278 + lo->lo_backing_file = file;
1288     + lo->transfer = NULL;
1289     + lo->ioctl = NULL;
1290 max 21 + if (figure_loop_size(lo)) {
1291     + error = -EFBIG;
1292     + goto out_cleanup;
1293     + }
1294 max 278 +
1295 max 21 + if (lo_flags & LO_FLAGS_DO_BMAP) {
1296     + lo->old_gfp_mask = inode->i_mapping->gfp_mask;
1297     + inode->i_mapping->gfp_mask &= ~(__GFP_IO|__GFP_FS);
1298     + inode->i_mapping->gfp_mask |= __GFP_HIGH;
1299     + } else {
1300     + lo->old_gfp_mask = -1;
1301     + }
1302 max 278 +
1303 max 21 + loop_hardsizes[MINOR(dev)] = hardsz;
1304     + loop_set_softblksz(lo, dev);
1305 max 278 +
1306 max 21 + error = kernel_thread(loop_thread, lo, CLONE_FS | CLONE_FILES | CLONE_SIGHAND);
1307     + if(error < 0)
1308     + goto out_mapping;
1309     + down(&lo->lo_sem);
1310 max 278 + fput(file);
1311     + return 0;
1312     +
1313 max 21 + out_mapping:
1314     + if(lo->old_gfp_mask != -1)
1315     + inode->i_mapping->gfp_mask = lo->old_gfp_mask;
1316     + out_cleanup:
1317     + loop_prealloc_cleanup(lo);
1318     + fput(file);
1319 max 278 + out_putf:
1320     + fput(file);
1321     + out:
1322     + MOD_DEC_USE_COUNT;
1323     + return error;
1324     +}
1325     +
1326     +static int loop_release_xfer(struct loop_device *lo)
1327     +{
1328 max 254 + int err = 0;
1329 max 278 + if (lo->lo_encrypt_type) {
1330 max 254 + struct loop_func_table *xfer= xfer_funcs[lo->lo_encrypt_type];
1331 max 21 + lo->transfer = NULL;
1332 max 278 + if (xfer && xfer->release)
1333 max 254 + err = xfer->release(lo);
1334 max 278 + if (xfer && xfer->unlock)
1335 max 254 + xfer->unlock(lo);
1336 max 278 + lo->lo_encrypt_type = 0;
1337     + }
1338     + return err;
1339     +}
1340     +
1341     +static int loop_init_xfer(struct loop_device *lo, int type,struct loop_info *i)
1342     +{
1343 max 254 + int err = 0;
1344 max 278 + if (type) {
1345 max 254 + struct loop_func_table *xfer = xfer_funcs[type];
1346 max 278 + if (xfer->init)
1347     + err = xfer->init(lo, i);
1348 max 254 + if (!err) {
1349 max 278 + lo->lo_encrypt_type = type;
1350     + if (xfer->lock)
1351     + xfer->lock(lo);
1352     + }
1353     + }
1354     + return err;
1355 max 254 +}
1356 max 278 +
1357     +static int loop_clr_fd(struct loop_device *lo, struct block_device *bdev)
1358     +{
1359     + struct file *filp = lo->lo_backing_file;
1360     + int gfp = lo->old_gfp_mask;
1361     +
1362     + if (lo->lo_state != Lo_bound)
1363     + return -ENXIO;
1364     + if (lo->lo_refcnt > 1) /* we needed one fd for the ioctl */
1365     + return -EBUSY;
1366     + if (filp==NULL)
1367     + return -EINVAL;
1368     +
1369     + spin_lock_irq(&lo->lo_lock);
1370     + lo->lo_state = Lo_rundown;
1371     + if (atomic_dec_and_test(&lo->lo_pending))
1372 max 21 + wake_up_interruptible(&lo->lo_bh_wait);
1373 max 278 + spin_unlock_irq(&lo->lo_lock);
1374     +
1375     + down(&lo->lo_sem);
1376     +
1377 max 21 + loop_prealloc_cleanup(lo);
1378 max 278 + lo->lo_backing_file = NULL;
1379     +
1380     + loop_release_xfer(lo);
1381     + lo->transfer = NULL;
1382     + lo->ioctl = NULL;
1383     + lo->lo_device = 0;
1384     + lo->lo_encrypt_type = 0;
1385 max 21 + lo->lo_offset = lo->lo_sizelimit = 0;
1386     + lo->lo_offs_sec = lo->lo_iv_remove = 0;
1387 max 278 + lo->lo_encrypt_key_size = 0;
1388     + lo->lo_flags = 0;
1389     + memset(lo->lo_encrypt_key, 0, LO_KEY_SIZE);
1390     + memset(lo->lo_name, 0, LO_NAME_SIZE);
1391 max 21 + memset(lo->lo_crypt_name, 0, LO_NAME_SIZE);
1392 max 278 + loop_sizes[lo->lo_number] = 0;
1393     + invalidate_bdev(bdev, 0);
1394 max 21 + if (gfp != -1)
1395     + filp->f_dentry->d_inode->i_mapping->gfp_mask = gfp;
1396 max 278 + lo->lo_state = Lo_unbound;
1397     + fput(filp);
1398     + MOD_DEC_USE_COUNT;
1399     + return 0;
1400     +}
1401     +
1402 max 21 +static void
1403     +loop_info64_from_old(const struct loop_info *info, struct loop_info64 *info64)
1404     +{
1405     + memset(info64, 0, sizeof(*info64));
1406     + info64->lo_number = info->lo_number;
1407     + info64->lo_device = info->lo_device;
1408     + info64->lo_inode = info->lo_inode;
1409     + info64->lo_rdevice = info->lo_rdevice;
1410     + info64->lo_offset = info->lo_offset;
1411     + info64->lo_encrypt_type = info->lo_encrypt_type;
1412     + info64->lo_encrypt_key_size = info->lo_encrypt_key_size;
1413     + info64->lo_flags = info->lo_flags;
1414     + info64->lo_init[0] = info->lo_init[0];
1415     + info64->lo_init[1] = info->lo_init[1];
1416     + if (info->lo_encrypt_type == 18) /* LO_CRYPT_CRYPTOAPI */
1417     + memcpy(info64->lo_crypt_name, info->lo_name, LO_NAME_SIZE);
1418     + else
1419     + memcpy(info64->lo_file_name, info->lo_name, LO_NAME_SIZE);
1420     + memcpy(info64->lo_encrypt_key, info->lo_encrypt_key, LO_KEY_SIZE);
1421     +}
1422     +
1423     +static int
1424     +loop_info64_to_old(struct loop_info64 *info64, struct loop_info *info)
1425     +{
1426     + memset(info, 0, sizeof(*info));
1427     + info->lo_number = info64->lo_number;
1428     + info->lo_device = info64->lo_device;
1429     + info->lo_inode = info64->lo_inode;
1430     + info->lo_rdevice = info64->lo_rdevice;
1431     + info->lo_offset = info64->lo_offset;
1432     + info->lo_encrypt_type = info64->lo_encrypt_type;
1433     + info->lo_encrypt_key_size = info64->lo_encrypt_key_size;
1434     + info->lo_flags = info64->lo_flags;
1435     + info->lo_init[0] = info64->lo_init[0];
1436     + info->lo_init[1] = info64->lo_init[1];
1437     + if (info->lo_encrypt_type == 18) /* LO_CRYPT_CRYPTOAPI */
1438     + memcpy(info->lo_name, info64->lo_crypt_name, LO_NAME_SIZE);
1439     + else
1440     + memcpy(info->lo_name, info64->lo_file_name, LO_NAME_SIZE);
1441     + memcpy(info->lo_encrypt_key, info64->lo_encrypt_key, LO_KEY_SIZE);
1442     +
1443     + /* error in case values were truncated */
1444     + if (info->lo_device != info64->lo_device ||
1445     + info->lo_rdevice != info64->lo_rdevice ||
1446     + info->lo_inode != info64->lo_inode ||
1447     + info->lo_offset != info64->lo_offset ||
1448     + info64->lo_sizelimit)
1449     + return -EOVERFLOW;
1450     +
1451     + return 0;
1452     +}
1453     +
1454     +static int loop_set_status(struct loop_device *lo, kdev_t dev, struct loop_info64 *info, struct loop_info *oldinfo)
1455 max 278 +{
1456     + int err;
1457     + unsigned int type;
1458     +
1459 max 254 + if (lo->lo_encrypt_key_size && lo->lo_key_owner != current->uid &&
1460 max 278 + !capable(CAP_SYS_ADMIN))
1461     + return -EPERM;
1462     + if (lo->lo_state != Lo_bound)
1463     + return -ENXIO;
1464 max 21 + if ((unsigned int) info->lo_encrypt_key_size > LO_KEY_SIZE)
1465 max 278 + return -EINVAL;
1466 max 254 + type = info->lo_encrypt_type;
1467 max 278 + if (type >= MAX_LO_CRYPT || xfer_funcs[type] == NULL)
1468     + return -EINVAL;
1469 max 21 + if (type == LO_CRYPT_XOR && info->lo_encrypt_key_size == 0)
1470 max 278 + return -EINVAL;
1471     + err = loop_release_xfer(lo);
1472     + if (err)
1473     + return err;
1474     +
1475 max 21 + if ((loff_t)info->lo_offset < 0) {
1476     + /* negative offset == remove offset from IV computations */
1477     + lo->lo_offset = -(info->lo_offset);
1478     + lo->lo_iv_remove = lo->lo_offset >> 9;
1479     + } else {
1480     + /* positive offset == include offset in IV computations */
1481     + lo->lo_offset = info->lo_offset;
1482     + lo->lo_iv_remove = 0;
1483     + }
1484     + lo->lo_offs_sec = lo->lo_offset >> 9;
1485     + lo->lo_sizelimit = info->lo_sizelimit;
1486     + err = figure_loop_size(lo);
1487     + if (err)
1488     + return err;
1489     + loop_set_softblksz(lo, dev);
1490 max 278 +
1491 max 21 + /* transfer init function for 2.4 kernels takes old style struct */
1492     + err = loop_init_xfer(lo, type, oldinfo);
1493     + /* copy key -- just in case transfer init func modified it */
1494     + memcpy(info->lo_encrypt_key, oldinfo->lo_encrypt_key, sizeof(info->lo_encrypt_key));
1495 max 254 + if (err)
1496 max 21 + return err;
1497 max 254 +
1498 max 21 + strncpy(lo->lo_name, info->lo_file_name, LO_NAME_SIZE);
1499     + strncpy(lo->lo_crypt_name, info->lo_crypt_name, LO_NAME_SIZE);
1500 max 278 + lo->transfer = xfer_funcs[type]->transfer;
1501     + lo->ioctl = xfer_funcs[type]->ioctl;
1502 max 21 + lo->lo_encrypt_key_size = info->lo_encrypt_key_size;
1503     + lo->lo_init[0] = info->lo_init[0];
1504     + lo->lo_init[1] = info->lo_init[1];
1505     + if (info->lo_encrypt_key_size) {
1506 max 254 + memcpy(lo->lo_encrypt_key, info->lo_encrypt_key,
1507 max 21 + info->lo_encrypt_key_size);
1508 max 254 + lo->lo_key_owner = current->uid;
1509 max 21 + }
1510     +
1511 max 278 + return 0;
1512     +}
1513     +
1514 max 21 +static int loop_get_status(struct loop_device *lo, struct loop_info64 *info)
1515 max 278 +{
1516     + struct file *file = lo->lo_backing_file;
1517     +
1518     + if (lo->lo_state != Lo_bound)
1519     + return -ENXIO;
1520 max 21 + memset(info, 0, sizeof(*info));
1521     + info->lo_number = lo->lo_number;
1522     + info->lo_device = kdev_t_to_nr(file->f_dentry->d_inode->i_dev);
1523     + info->lo_inode = file->f_dentry->d_inode->i_ino;
1524     + info->lo_rdevice = kdev_t_to_nr(lo->lo_device);
1525     + info->lo_offset = lo->lo_iv_remove ? -(lo->lo_offset) : lo->lo_offset;
1526     + info->lo_sizelimit = lo->lo_sizelimit;
1527     + info->lo_flags = lo->lo_flags;
1528     + strncpy(info->lo_file_name, lo->lo_name, LO_NAME_SIZE);
1529     + strncpy(info->lo_crypt_name, lo->lo_crypt_name, LO_NAME_SIZE);
1530     + info->lo_encrypt_type = lo->lo_encrypt_type;
1531 max 278 + if (lo->lo_encrypt_key_size && capable(CAP_SYS_ADMIN)) {
1532 max 21 + info->lo_encrypt_key_size = lo->lo_encrypt_key_size;
1533     + memcpy(info->lo_encrypt_key, lo->lo_encrypt_key,
1534 max 278 + lo->lo_encrypt_key_size);
1535 max 21 + info->lo_init[0] = lo->lo_init[0];
1536     + info->lo_init[1] = lo->lo_init[1];
1537 max 278 + }
1538 max 21 + return 0;
1539     +}
1540     +
1541     +static int
1542     +loop_set_status_n(struct loop_device *lo, kdev_t dev, void *arg, int n)
1543     +{
1544     + struct loop_info info;
1545     + struct loop_info64 info64;
1546     + int err;
1547     +
1548     + if (n) {
1549     + if (copy_from_user(&info64, arg, sizeof (struct loop_info64)))
1550     + return -EFAULT;
1551     + /* truncation errors can be ignored here as transfer init func only wants key bits */
1552     + loop_info64_to_old(&info64, &info);
1553     + } else {
1554     + if (copy_from_user(&info, arg, sizeof (struct loop_info)))
1555     + return -EFAULT;
1556     + loop_info64_from_old(&info, &info64);
1557     + }
1558     + err = loop_set_status(lo, dev, &info64, &info);
1559     + memset(&info.lo_encrypt_key[0], 0, sizeof(info.lo_encrypt_key));
1560     + memset(&info64.lo_encrypt_key[0], 0, sizeof(info64.lo_encrypt_key));
1561     + return err;
1562     +}
1563     +
1564     +static int
1565     +loop_get_status_old(struct loop_device *lo, struct loop_info *arg) {
1566     + struct loop_info info;
1567     + struct loop_info64 info64;
1568     + int err = 0;
1569     +
1570     + if (!arg)
1571     + err = -EINVAL;
1572     + if (!err)
1573     + err = loop_get_status(lo, &info64);
1574     + if (!err)
1575     + err = loop_info64_to_old(&info64, &info);
1576     + if (!err && copy_to_user(arg, &info, sizeof(info)))
1577     + err = -EFAULT;
1578     +
1579     + return err;
1580     +}
1581     +
1582     +static int
1583     +loop_get_status64(struct loop_device *lo, struct loop_info64 *arg) {
1584     + struct loop_info64 info64;
1585     + int err = 0;
1586     +
1587     + if (!arg)
1588     + err = -EINVAL;
1589     + if (!err)
1590     + err = loop_get_status(lo, &info64);
1591     + if (!err && copy_to_user(arg, &info64, sizeof(info64)))
1592     + err = -EFAULT;
1593     +
1594     + return err;
1595 max 278 +}
1596     +
1597     +static int lo_ioctl(struct inode * inode, struct file * file,
1598     + unsigned int cmd, unsigned long arg)
1599     +{
1600     + struct loop_device *lo;
1601     + int dev, err;
1602     +
1603     + if (!inode)
1604     + return -EINVAL;
1605     + if (MAJOR(inode->i_rdev) != MAJOR_NR) {
1606     + printk(KERN_WARNING "lo_ioctl: pseudo-major != %d\n",
1607     + MAJOR_NR);
1608     + return -ENODEV;
1609     + }
1610     + dev = MINOR(inode->i_rdev);
1611     + if (dev >= max_loop)
1612     + return -ENODEV;
1613     + lo = &loop_dev[dev];
1614     + down(&lo->lo_ctl_mutex);
1615     + switch (cmd) {
1616     + case LOOP_SET_FD:
1617     + err = loop_set_fd(lo, file, inode->i_rdev, arg);
1618     + break;
1619     + case LOOP_CLR_FD:
1620     + err = loop_clr_fd(lo, inode->i_bdev);
1621     + break;
1622     + case LOOP_SET_STATUS:
1623 max 21 + err = loop_set_status_n(lo, inode->i_rdev, (void *) arg, 0);
1624 max 278 + break;
1625     + case LOOP_GET_STATUS:
1626 max 21 + err = loop_get_status_old(lo, (struct loop_info *) arg);
1627     + break;
1628     + case LOOP_SET_STATUS64:
1629     + err = loop_set_status_n(lo, inode->i_rdev, (void *) arg, 1);
1630     + break;
1631     + case LOOP_GET_STATUS64:
1632     + err = loop_get_status64(lo, (struct loop_info64 *) arg);
1633 max 278 + break;
1634     + case BLKGETSIZE:
1635     + if (lo->lo_state != Lo_bound) {
1636     + err = -ENXIO;
1637     + break;
1638     + }
1639     + err = put_user((unsigned long)loop_sizes[lo->lo_number] << 1, (unsigned long *) arg);
1640     + break;
1641     + case BLKGETSIZE64:
1642     + if (lo->lo_state != Lo_bound) {
1643     + err = -ENXIO;
1644     + break;
1645     + }
1646     + err = put_user((u64)loop_sizes[lo->lo_number] << 10, (u64*)arg);
1647     + break;
1648     + case BLKBSZGET:
1649     + case BLKBSZSET:
1650     + case BLKSSZGET:
1651 max 21 + case BLKROGET:
1652     + case BLKROSET:
1653 max 278 + err = blk_ioctl(inode->i_rdev, cmd, arg);
1654     + break;
1655     + default:
1656     + err = lo->ioctl ? lo->ioctl(lo, cmd, arg) : -EINVAL;
1657     + }
1658     + up(&lo->lo_ctl_mutex);
1659     + return err;
1660     +}
1661     +
1662     +static int lo_open(struct inode *inode, struct file *file)
1663     +{
1664     + struct loop_device *lo;
1665 max 21 + int dev;
1666 max 278 +
1667     + if (!inode)
1668     + return -EINVAL;
1669     + if (MAJOR(inode->i_rdev) != MAJOR_NR) {
1670     + printk(KERN_WARNING "lo_open: pseudo-major != %d\n", MAJOR_NR);
1671     + return -ENODEV;
1672     + }
1673     + dev = MINOR(inode->i_rdev);
1674     + if (dev >= max_loop)
1675     + return -ENODEV;
1676     +
1677     + lo = &loop_dev[dev];
1678     + MOD_INC_USE_COUNT;
1679     + down(&lo->lo_ctl_mutex);
1680     + lo->lo_refcnt++;
1681     + up(&lo->lo_ctl_mutex);
1682     + return 0;
1683     +}
1684     +
1685     +static int lo_release(struct inode *inode, struct file *file)
1686     +{
1687     + struct loop_device *lo;
1688 max 21 + int dev;
1689 max 278 +
1690     + if (!inode)
1691     + return 0;
1692     + if (MAJOR(inode->i_rdev) != MAJOR_NR) {
1693     + printk(KERN_WARNING "lo_release: pseudo-major != %d\n",
1694     + MAJOR_NR);
1695     + return 0;
1696     + }
1697     + dev = MINOR(inode->i_rdev);
1698     + if (dev >= max_loop)
1699     + return 0;
1700     +
1701     + lo = &loop_dev[dev];
1702     + down(&lo->lo_ctl_mutex);
1703     + --lo->lo_refcnt;
1704     + up(&lo->lo_ctl_mutex);
1705     + MOD_DEC_USE_COUNT;
1706     + return 0;
1707     +}
1708     +
1709     +static struct block_device_operations lo_fops = {
1710     + owner: THIS_MODULE,
1711     + open: lo_open,
1712     + release: lo_release,
1713     + ioctl: lo_ioctl,
1714     +};
1715     +
1716     +/*
1717     + * And now the modules code and kernel interface.
1718     + */
1719     +MODULE_PARM(max_loop, "i");
1720     +MODULE_PARM_DESC(max_loop, "Maximum number of loop devices (1-256)");
1721     +MODULE_LICENSE("GPL");
1722     +
1723     +int loop_register_transfer(struct loop_func_table *funcs)
1724     +{
1725 max 21 + if ((unsigned)funcs->number >= MAX_LO_CRYPT || xfer_funcs[funcs->number])
1726 max 278 + return -EINVAL;
1727     + xfer_funcs[funcs->number] = funcs;
1728 max 254 + return 0;
1729 max 278 +}
1730     +
1731     +int loop_unregister_transfer(int number)
1732     +{
1733 max 254 + struct loop_device *lo;
1734 max 278 +
1735     + if ((unsigned)number >= MAX_LO_CRYPT)
1736 max 254 + return -EINVAL;
1737     + for (lo = &loop_dev[0]; lo < &loop_dev[max_loop]; lo++) {
1738 max 278 + int type = lo->lo_encrypt_type;
1739 max 254 + if (type == number) {
1740 max 21 + loop_release_xfer(lo);
1741 max 278 + }
1742     + }
1743 max 254 + xfer_funcs[number] = NULL;
1744     + return 0;
1745 max 278 +}
1746     +
1747     +EXPORT_SYMBOL(loop_register_transfer);
1748     +EXPORT_SYMBOL(loop_unregister_transfer);
1749     +
1750 max 254 +int __init loop_init(void)
1751 max 278 +{
1752     + int i;
1753     +
1754     + if ((max_loop < 1) || (max_loop > 256)) {
1755     + printk(KERN_WARNING "loop: invalid max_loop (must be between"
1756     + " 1 and 256), using default (8)\n");
1757     + max_loop = 8;
1758     + }
1759     +
1760     + if (devfs_register_blkdev(MAJOR_NR, "loop", &lo_fops)) {
1761     + printk(KERN_WARNING "Unable to get major number %d for loop"
1762     + " device\n", MAJOR_NR);
1763     + return -EIO;
1764     + }
1765     +
1766     + loop_dev = kmalloc(max_loop * sizeof(struct loop_device), GFP_KERNEL);
1767     + if (!loop_dev)
1768 max 21 + goto out_dev;
1769 max 278 +
1770     + loop_sizes = kmalloc(max_loop * sizeof(int), GFP_KERNEL);
1771     + if (!loop_sizes)
1772     + goto out_sizes;
1773     +
1774     + loop_blksizes = kmalloc(max_loop * sizeof(int), GFP_KERNEL);
1775     + if (!loop_blksizes)
1776     + goto out_blksizes;
1777     +
1778 max 21 + loop_hardsizes = kmalloc(max_loop * sizeof(int), GFP_KERNEL);
1779     + if (!loop_hardsizes)
1780     + goto out_hardsizes;
1781     +
1782 max 278 + blk_queue_make_request(BLK_DEFAULT_QUEUE(MAJOR_NR), loop_make_request);
1783     +
1784     + for (i = 0; i < max_loop; i++) {
1785     + struct loop_device *lo = &loop_dev[i];
1786     + memset(lo, 0, sizeof(struct loop_device));
1787     + init_MUTEX(&lo->lo_ctl_mutex);
1788     + init_MUTEX_LOCKED(&lo->lo_sem);
1789     + lo->lo_number = i;
1790     + spin_lock_init(&lo->lo_lock);
1791     + }
1792     +
1793     + memset(loop_sizes, 0, max_loop * sizeof(int));
1794     + memset(loop_blksizes, 0, max_loop * sizeof(int));
1795 max 21 + memset(loop_hardsizes, 0, max_loop * sizeof(int));
1796 max 278 + blk_size[MAJOR_NR] = loop_sizes;
1797     + blksize_size[MAJOR_NR] = loop_blksizes;
1798 max 21 + hardsect_size[MAJOR_NR] = loop_hardsizes;
1799 max 278 + for (i = 0; i < max_loop; i++)
1800     + register_disk(NULL, MKDEV(MAJOR_NR, i), 1, &lo_fops, 0);
1801     +
1802 max 21 + for (i = 0; i < (sizeof(lo_prealloc) / sizeof(int)); i += 2) {
1803     + if (!lo_prealloc[i])
1804     + continue;
1805     + if (lo_prealloc[i] < LO_PREALLOC_MIN)
1806     + lo_prealloc[i] = LO_PREALLOC_MIN;
1807     + if (lo_prealloc[i] > LO_PREALLOC_MAX)
1808     + lo_prealloc[i] = LO_PREALLOC_MAX;
1809     + }
1810     +
1811 max 278 +#if defined(IOCTL32_COMPATIBLE_PTR)
1812     + register_ioctl32_conversion(LOOP_SET_STATUS64, IOCTL32_COMPATIBLE_PTR);
1813     + register_ioctl32_conversion(LOOP_GET_STATUS64, IOCTL32_COMPATIBLE_PTR);
1814     + register_ioctl32_conversion(LOOP_MULTI_KEY_SETUP, IOCTL32_COMPATIBLE_PTR);
1815     +#endif
1816     +
1817     + devfs_handle = devfs_mk_dir(NULL, "loop", NULL);
1818     + devfs_register_series(devfs_handle, "%u", max_loop, DEVFS_FL_DEFAULT,
1819     + MAJOR_NR, 0,
1820     + S_IFBLK | S_IRUSR | S_IWUSR | S_IRGRP,
1821     + &lo_fops, NULL);
1822     +
1823     + printk(KERN_INFO "loop: loaded (max %d devices)\n", max_loop);
1824     + return 0;
1825     +
1826 max 21 +out_hardsizes:
1827     + kfree(loop_blksizes);
1828 max 278 +out_blksizes:
1829     + kfree(loop_sizes);
1830     +out_sizes:
1831     + kfree(loop_dev);
1832 max 21 +out_dev:
1833 max 278 + if (devfs_unregister_blkdev(MAJOR_NR, "loop"))
1834     + printk(KERN_WARNING "loop: cannot unregister blkdev\n");
1835     + printk(KERN_ERR "loop: ran out of memory\n");
1836     + return -ENOMEM;
1837     +}
1838     +
1839 max 254 +void loop_exit(void)
1840 max 278 +{
1841     + devfs_unregister(devfs_handle);
1842     + if (devfs_unregister_blkdev(MAJOR_NR, "loop"))
1843     + printk(KERN_WARNING "loop: cannot unregister blkdev\n");
1844 max 21 +
1845     + blk_size[MAJOR_NR] = 0;
1846     + blksize_size[MAJOR_NR] = 0;
1847     + hardsect_size[MAJOR_NR] = 0;
1848 max 278 + kfree(loop_dev);
1849     + kfree(loop_sizes);
1850     + kfree(loop_blksizes);
1851 max 21 + kfree(loop_hardsizes);
1852 max 278 +
1853     +#if defined(IOCTL32_COMPATIBLE_PTR)
1854     + unregister_ioctl32_conversion(LOOP_SET_STATUS64);
1855     + unregister_ioctl32_conversion(LOOP_GET_STATUS64);
1856     + unregister_ioctl32_conversion(LOOP_MULTI_KEY_SETUP);
1857     +#endif
1858     +}
1859     +
1860     +module_init(loop_init);
1861     +module_exit(loop_exit);
1862     +
1863     +#ifndef MODULE
1864     +static int __init max_loop_setup(char *str)
1865     +{
1866     + max_loop = simple_strtol(str, NULL, 0);
1867     + return 1;
1868     +}
1869     +
1870     +__setup("max_loop=", max_loop_setup);
1871     +#endif
1872     diff -urN linux-2.4.26-noloop/drivers/misc/Makefile linux-2.4.26-AES/drivers/misc/Makefile
1873     --- linux-2.4.26-noloop/drivers/misc/Makefile Sat Dec 30 00:07:22 2000
1874     +++ linux-2.4.26-AES/drivers/misc/Makefile Sat May 1 19:46:45 2004
1875     @@ -9,7 +9,32 @@
1876 max 21 # parent makes..
1877     #
1878    
1879     +.S.o:
1880 max 278 + $(CC) $(AFLAGS) $(AFLAGS_$@) -c $< -o $*.o
1881 max 21 +
1882     O_TARGET := misc.o
1883     +
1884     +ifeq ($(CONFIG_BLK_DEV_LOOP_AES),y)
1885     +AES_PENTIUM_ASM=n
1886     +ifeq ($(CONFIG_X86),y)
1887     +ifneq ($(CONFIG_X86_64),y)
1888     +ifneq ($(CONFIG_M386),y)
1889     +ifneq ($(CONFIG_M486),y)
1890     + AES_PENTIUM_ASM=y
1891     +endif
1892     +endif
1893     +endif
1894     +endif
1895     +ifeq ($(AES_PENTIUM_ASM),y)
1896 max 254 + export-objs += crypto-ksym.o
1897     + obj-y += aes-i586.o md5-i586.o crypto-ksym.o
1898 max 278 + AFLAGS_aes-i586.o := -DUSE_UNDERLINE=1
1899 max 21 +else
1900 max 254 + export-objs += crypto-ksym.o
1901     + obj-y += aes.o md5.o crypto-ksym.o
1902 max 278 + CFLAGS_aes.o := -DDATA_ALWAYS_ALIGNED=1
1903 max 21 +endif
1904     +endif
1905    
1906     include $(TOPDIR)/Rules.make
1907    
1908 max 278 diff -urN linux-2.4.26-noloop/drivers/misc/aes-i586.S linux-2.4.26-AES/drivers/misc/aes-i586.S
1909     --- linux-2.4.26-noloop/drivers/misc/aes-i586.S Thu Jan 1 02:00:00 1970
1910     +++ linux-2.4.26-AES/drivers/misc/aes-i586.S Sat May 1 19:46:45 2004
1911     @@ -0,0 +1,922 @@
1912 max 21 +//
1913     +// Copyright (c) 2001, Dr Brian Gladman <brg@gladman.uk.net>, Worcester, UK.
1914     +// All rights reserved.
1915     +//
1916     +// TERMS
1917     +//
1918     +// Redistribution and use in source and binary forms, with or without
1919     +// modification, are permitted subject to the following conditions:
1920     +//
1921     +// 1. Redistributions of source code must retain the above copyright
1922     +// notice, this list of conditions and the following disclaimer.
1923     +//
1924     +// 2. Redistributions in binary form must reproduce the above copyright
1925     +// notice, this list of conditions and the following disclaimer in the
1926     +// documentation and/or other materials provided with the distribution.
1927     +//
1928     +// 3. The copyright holder's name must not be used to endorse or promote
1929     +// any products derived from this software without his specific prior
1930     +// written permission.
1931     +//
1932     +// This software is provided 'as is' with no express or implied warranties
1933     +// of correctness or fitness for purpose.
1934     +
1935     +// Modified by Jari Ruusu, December 24 2001
1936     +// - Converted syntax to GNU CPP/assembler syntax
1937     +// - C programming interface converted back to "old" API
1938     +// - Minor portability cleanups and speed optimizations
1939     +
1940     +// Modified by Jari Ruusu, April 11 2002
1941     +// - Added above copyright and terms to resulting object code so that
1942     +// binary distributions can avoid legal trouble
1943     +
1944     +// An AES (Rijndael) implementation for the Pentium. This version only
1945     +// implements the standard AES block length (128 bits, 16 bytes). This code
1946     +// does not preserve the eax, ecx or edx registers or the artihmetic status
1947     +// flags. However, the ebx, esi, edi, and ebp registers are preserved across
1948     +// calls.
1949     +
1950     +// void aes_set_key(aes_context *cx, const unsigned char key[], const int key_len, const int f)
1951     +// void aes_encrypt(const aes_context *cx, const unsigned char in_blk[], unsigned char out_blk[])
1952     +// void aes_decrypt(const aes_context *cx, const unsigned char in_blk[], unsigned char out_blk[])
1953     +
1954     +#if defined(USE_UNDERLINE)
1955     +# define aes_set_key _aes_set_key
1956     +# define aes_encrypt _aes_encrypt
1957     +# define aes_decrypt _aes_decrypt
1958     +#endif
1959     +#if !defined(ALIGN32BYTES)
1960     +# define ALIGN32BYTES 32
1961     +#endif
1962     +
1963     + .file "aes-i586.S"
1964     + .globl aes_set_key
1965     + .globl aes_encrypt
1966     + .globl aes_decrypt
1967     +
1968     + .text
1969     +copyright:
1970     + .ascii " \000"
1971     + .ascii "Copyright (c) 2001, Dr Brian Gladman <brg@gladman.uk.net>, Worcester, UK.\000"
1972     + .ascii "All rights reserved.\000"
1973     + .ascii " \000"
1974     + .ascii "TERMS\000"
1975     + .ascii " \000"
1976     + .ascii " Redistribution and use in source and binary forms, with or without\000"
1977     + .ascii " modification, are permitted subject to the following conditions:\000"
1978     + .ascii " \000"
1979     + .ascii " 1. Redistributions of source code must retain the above copyright\000"
1980     + .ascii " notice, this list of conditions and the following disclaimer.\000"
1981     + .ascii " \000"
1982     + .ascii " 2. Redistributions in binary form must reproduce the above copyright\000"
1983     + .ascii " notice, this list of conditions and the following disclaimer in the\000"
1984     + .ascii " documentation and/or other materials provided with the distribution.\000"
1985     + .ascii " \000"
1986     + .ascii " 3. The copyright holder's name must not be used to endorse or promote\000"
1987     + .ascii " any products derived from this software without his specific prior\000"
1988     + .ascii " written permission.\000"
1989     + .ascii " \000"
1990     + .ascii " This software is provided 'as is' with no express or implied warranties\000"
1991     + .ascii " of correctness or fitness for purpose.\000"
1992     + .ascii " \000"
1993     +
1994     +#define tlen 1024 // length of each of 4 'xor' arrays (256 32-bit words)
1995     +
1996     +// offsets to parameters with one register pushed onto stack
1997     +
1998     +#define ctx 8 // AES context structure
1999     +#define in_blk 12 // input byte array address parameter
2000     +#define out_blk 16 // output byte array address parameter
2001     +
2002     +// offsets in context structure
2003     +
2004     +#define nkey 0 // key length, size 4
2005     +#define nrnd 4 // number of rounds, size 4
2006     +#define ekey 8 // encryption key schedule base address, size 256
2007     +#define dkey 264 // decryption key schedule base address, size 256
2008     +
2009     +// This macro performs a forward encryption cycle. It is entered with
2010     +// the first previous round column values in %eax, %ebx, %esi and %edi and
2011     +// exits with the final values in the same registers.
2012     +
2013     +#define fwd_rnd(p1,p2) \
2014     + mov %ebx,(%esp) ;\
2015     + movzbl %al,%edx ;\
2016     + mov %eax,%ecx ;\
2017     + mov p2(%ebp),%eax ;\
2018     + mov %edi,4(%esp) ;\
2019     + mov p2+12(%ebp),%edi ;\
2020     + xor p1(,%edx,4),%eax ;\
2021     + movzbl %ch,%edx ;\
2022     + shr $16,%ecx ;\
2023     + mov p2+4(%ebp),%ebx ;\
2024     + xor p1+tlen(,%edx,4),%edi ;\
2025     + movzbl %cl,%edx ;\
2026     + movzbl %ch,%ecx ;\
2027     + xor p1+3*tlen(,%ecx,4),%ebx ;\
2028     + mov %esi,%ecx ;\
2029     + mov p1+2*tlen(,%edx,4),%esi ;\
2030     + movzbl %cl,%edx ;\
2031     + xor p1(,%edx,4),%esi ;\
2032     + movzbl %ch,%edx ;\
2033     + shr $16,%ecx ;\
2034     + xor p1+tlen(,%edx,4),%ebx ;\
2035     + movzbl %cl,%edx ;\
2036     + movzbl %ch,%ecx ;\
2037     + xor p1+2*tlen(,%edx,4),%eax ;\
2038     + mov (%esp),%edx ;\
2039     + xor p1+3*tlen(,%ecx,4),%edi ;\
2040     + movzbl %dl,%ecx ;\
2041     + xor p2+8(%ebp),%esi ;\
2042     + xor p1(,%ecx,4),%ebx ;\
2043     + movzbl %dh,%ecx ;\
2044     + shr $16,%edx ;\
2045     + xor p1+tlen(,%ecx,4),%eax ;\
2046     + movzbl %dl,%ecx ;\
2047     + movzbl %dh,%edx ;\
2048     + xor p1+2*tlen(,%ecx,4),%edi ;\
2049     + mov 4(%esp),%ecx ;\
2050     + xor p1+3*tlen(,%edx,4),%esi ;\
2051     + movzbl %cl,%edx ;\
2052     + xor p1(,%edx,4),%edi ;\
2053     + movzbl %ch,%edx ;\
2054     + shr $16,%ecx ;\
2055     + xor p1+tlen(,%edx,4),%esi ;\
2056     + movzbl %cl,%edx ;\
2057     + movzbl %ch,%ecx ;\
2058     + xor p1+2*tlen(,%edx,4),%ebx ;\
2059     + xor p1+3*tlen(,%ecx,4),%eax
2060     +
2061     +// This macro performs an inverse encryption cycle. It is entered with
2062     +// the first previous round column values in %eax, %ebx, %esi and %edi and
2063     +// exits with the final values in the same registers.
2064     +
2065     +#define inv_rnd(p1,p2) \
2066     + movzbl %al,%edx ;\
2067     + mov %ebx,(%esp) ;\
2068     + mov %eax,%ecx ;\
2069     + mov p2(%ebp),%eax ;\
2070     + mov %edi,4(%esp) ;\
2071     + mov p2+4(%ebp),%ebx ;\
2072     + xor p1(,%edx,4),%eax ;\
2073     + movzbl %ch,%edx ;\
2074     + shr $16,%ecx ;\
2075     + mov p2+12(%ebp),%edi ;\
2076     + xor p1+tlen(,%edx,4),%ebx ;\
2077     + movzbl %cl,%edx ;\
2078     + movzbl %ch,%ecx ;\
2079     + xor p1+3*tlen(,%ecx,4),%edi ;\
2080     + mov %esi,%ecx ;\
2081     + mov p1+2*tlen(,%edx,4),%esi ;\
2082     + movzbl %cl,%edx ;\
2083     + xor p1(,%edx,4),%esi ;\
2084     + movzbl %ch,%edx ;\
2085     + shr $16,%ecx ;\
2086     + xor p1+tlen(,%edx,4),%edi ;\
2087     + movzbl %cl,%edx ;\
2088     + movzbl %ch,%ecx ;\
2089     + xor p1+2*tlen(,%edx,4),%eax ;\
2090     + mov (%esp),%edx ;\
2091     + xor p1+3*tlen(,%ecx,4),%ebx ;\
2092     + movzbl %dl,%ecx ;\
2093     + xor p2+8(%ebp),%esi ;\
2094     + xor p1(,%ecx,4),%ebx ;\
2095     + movzbl %dh,%ecx ;\
2096     + shr $16,%edx ;\
2097     + xor p1+tlen(,%ecx,4),%esi ;\
2098     + movzbl %dl,%ecx ;\
2099     + movzbl %dh,%edx ;\
2100     + xor p1+2*tlen(,%ecx,4),%edi ;\
2101     + mov 4(%esp),%ecx ;\
2102     + xor p1+3*tlen(,%edx,4),%eax ;\
2103     + movzbl %cl,%edx ;\
2104     + xor p1(,%edx,4),%edi ;\
2105     + movzbl %ch,%edx ;\
2106     + shr $16,%ecx ;\
2107     + xor p1+tlen(,%edx,4),%eax ;\
2108     + movzbl %cl,%edx ;\
2109     + movzbl %ch,%ecx ;\
2110     + xor p1+2*tlen(,%edx,4),%ebx ;\
2111     + xor p1+3*tlen(,%ecx,4),%esi
2112     +
2113     +// AES (Rijndael) Encryption Subroutine
2114     +
2115     + .text
2116     + .align ALIGN32BYTES
2117     +aes_encrypt:
2118     + push %ebp
2119     + mov ctx(%esp),%ebp // pointer to context
2120     + mov in_blk(%esp),%ecx
2121     + push %ebx
2122     + push %esi
2123     + push %edi
2124     + mov nrnd(%ebp),%edx // number of rounds
2125     + lea ekey+16(%ebp),%ebp // key pointer
2126     +
2127     +// input four columns and xor in first round key
2128     +
2129     + mov (%ecx),%eax
2130     + mov 4(%ecx),%ebx
2131     + mov 8(%ecx),%esi
2132     + mov 12(%ecx),%edi
2133     + xor -16(%ebp),%eax
2134     + xor -12(%ebp),%ebx
2135     + xor -8(%ebp),%esi
2136     + xor -4(%ebp),%edi
2137     +
2138     + sub $8,%esp // space for register saves on stack
2139     +
2140     + sub $10,%edx
2141     + je aes_15
2142     + add $32,%ebp
2143     + sub $2,%edx
2144     + je aes_13
2145     + add $32,%ebp
2146     +
2147     + fwd_rnd(aes_ft_tab,-64) // 14 rounds for 256-bit key
2148     + fwd_rnd(aes_ft_tab,-48)
2149     +aes_13: fwd_rnd(aes_ft_tab,-32) // 12 rounds for 192-bit key
2150     + fwd_rnd(aes_ft_tab,-16)
2151     +aes_15: fwd_rnd(aes_ft_tab,0) // 10 rounds for 128-bit key
2152     + fwd_rnd(aes_ft_tab,16)
2153     + fwd_rnd(aes_ft_tab,32)
2154     + fwd_rnd(aes_ft_tab,48)
2155     + fwd_rnd(aes_ft_tab,64)
2156     + fwd_rnd(aes_ft_tab,80)
2157     + fwd_rnd(aes_ft_tab,96)
2158     + fwd_rnd(aes_ft_tab,112)
2159     + fwd_rnd(aes_ft_tab,128)
2160     + fwd_rnd(aes_fl_tab,144) // last round uses a different table
2161     +
2162     +// move final values to the output array.
2163     +
2164     + mov out_blk+20(%esp),%ebp
2165     + add $8,%esp
2166     + mov %eax,(%ebp)
2167     + mov %ebx,4(%ebp)
2168     + mov %esi,8(%ebp)
2169     + mov %edi,12(%ebp)
2170     + pop %edi
2171     + pop %esi
2172     + pop %ebx
2173     + pop %ebp
2174     + ret
2175     +
2176     +
2177     +// AES (Rijndael) Decryption Subroutine
2178     +
2179     + .align ALIGN32BYTES
2180     +aes_decrypt:
2181     + push %ebp
2182     + mov ctx(%esp),%ebp // pointer to context
2183     + mov in_blk(%esp),%ecx
2184     + push %ebx
2185     + push %esi
2186     + push %edi
2187     + mov nrnd(%ebp),%edx // number of rounds
2188     + lea dkey+16(%ebp),%ebp // key pointer
2189     +
2190     +// input four columns and xor in first round key
2191     +
2192     + mov (%ecx),%eax
2193     + mov 4(%ecx),%ebx
2194     + mov 8(%ecx),%esi
2195     + mov 12(%ecx),%edi
2196     + xor -16(%ebp),%eax
2197     + xor -12(%ebp),%ebx
2198     + xor -8(%ebp),%esi
2199     + xor -4(%ebp),%edi
2200     +
2201     + sub $8,%esp // space for register saves on stack
2202     +
2203     + sub $10,%edx
2204     + je aes_25
2205     + add $32,%ebp
2206     + sub $2,%edx
2207     + je aes_23
2208     + add $32,%ebp
2209     +
2210     + inv_rnd(aes_it_tab,-64) // 14 rounds for 256-bit key
2211     + inv_rnd(aes_it_tab,-48)
2212     +aes_23: inv_rnd(aes_it_tab,-32) // 12 rounds for 192-bit key
2213     + inv_rnd(aes_it_tab,-16)
2214     +aes_25: inv_rnd(aes_it_tab,0) // 10 rounds for 128-bit key
2215     + inv_rnd(aes_it_tab,16)
2216     + inv_rnd(aes_it_tab,32)
2217     + inv_rnd(aes_it_tab,48)
2218     + inv_rnd(aes_it_tab,64)
2219     + inv_rnd(aes_it_tab,80)
2220     + inv_rnd(aes_it_tab,96)
2221     + inv_rnd(aes_it_tab,112)
2222     + inv_rnd(aes_it_tab,128)
2223     + inv_rnd(aes_il_tab,144) // last round uses a different table
2224     +
2225     +// move final values to the output array.
2226     +
2227     + mov out_blk+20(%esp),%ebp
2228     + add $8,%esp
2229     + mov %eax,(%ebp)
2230     + mov %ebx,4(%ebp)
2231     + mov %esi,8(%ebp)
2232     + mov %edi,12(%ebp)
2233     + pop %edi
2234     + pop %esi
2235     + pop %ebx
2236     + pop %ebp
2237     + ret
2238     +
2239     +// AES (Rijndael) Key Schedule Subroutine
2240     +
2241     +// input/output parameters
2242     +
2243     +#define aes_cx 12 // AES context
2244     +#define in_key 16 // key input array address
2245     +#define key_ln 20 // key length, bytes (16,24,32) or bits (128,192,256)
2246     +#define ed_flg 24 // 0=create both encr/decr keys, 1=create encr key only
2247     +
2248     +// offsets for locals
2249     +
2250     +#define cnt -4
2251     +#define kpf -8
2252     +#define slen 8
2253     +
2254     +// This macro performs a column mixing operation on an input 32-bit
2255     +// word to give a 32-bit result. It uses each of the 4 bytes in the
2256     +// the input column to index 4 different tables of 256 32-bit words
2257     +// that are xored together to form the output value.
2258     +
2259     +#define mix_col(p1) \
2260     + movzbl %bl,%ecx ;\
2261     + mov p1(,%ecx,4),%eax ;\
2262     + movzbl %bh,%ecx ;\
2263     + ror $16,%ebx ;\
2264     + xor p1+tlen(,%ecx,4),%eax ;\
2265     + movzbl %bl,%ecx ;\
2266     + xor p1+2*tlen(,%ecx,4),%eax ;\
2267     + movzbl %bh,%ecx ;\
2268     + xor p1+3*tlen(,%ecx,4),%eax
2269     +
2270     +// Key Schedule Macros
2271     +
2272     +#define ksc4(p1) \
2273     + rol $24,%ebx ;\
2274     + mix_col(aes_fl_tab) ;\
2275     + ror $8,%ebx ;\
2276     + xor 4*p1+aes_rcon_tab,%eax ;\
2277     + xor %eax,%esi ;\
2278     + xor %esi,%ebp ;\
2279     + mov %esi,16*p1(%edi) ;\
2280     + mov %ebp,16*p1+4(%edi) ;\
2281     + xor %ebp,%edx ;\
2282     + xor %edx,%ebx ;\
2283     + mov %edx,16*p1+8(%edi) ;\
2284     + mov %ebx,16*p1+12(%edi)
2285     +
2286     +#define ksc6(p1) \
2287     + rol $24,%ebx ;\
2288     + mix_col(aes_fl_tab) ;\
2289     + ror $8,%ebx ;\
2290     + xor 4*p1+aes_rcon_tab,%eax ;\
2291     + xor 24*p1-24(%edi),%eax ;\
2292     + mov %eax,24*p1(%edi) ;\
2293     + xor 24*p1-20(%edi),%eax ;\
2294     + mov %eax,24*p1+4(%edi) ;\
2295     + xor %eax,%esi ;\
2296     + xor %esi,%ebp ;\
2297     + mov %esi,24*p1+8(%edi) ;\
2298     + mov %ebp,24*p1+12(%edi) ;\
2299     + xor %ebp,%edx ;\
2300     + xor %edx,%ebx ;\
2301     + mov %edx,24*p1+16(%edi) ;\
2302     + mov %ebx,24*p1+20(%edi)
2303     +
2304     +#define ksc8(p1) \
2305     + rol $24,%ebx ;\
2306     + mix_col(aes_fl_tab) ;\
2307     + ror $8,%ebx ;\
2308     + xor 4*p1+aes_rcon_tab,%eax ;\
2309     + xor 32*p1-32(%edi),%eax ;\
2310     + mov %eax,32*p1(%edi) ;\
2311     + xor 32*p1-28(%edi),%eax ;\
2312     + mov %eax,32*p1+4(%edi) ;\
2313     + xor 32*p1-24(%edi),%eax ;\
2314     + mov %eax,32*p1+8(%edi) ;\
2315     + xor 32*p1-20(%edi),%eax ;\
2316     + mov %eax,32*p1+12(%edi) ;\
2317     + push %ebx ;\
2318     + mov %eax,%ebx ;\
2319     + mix_col(aes_fl_tab) ;\
2320     + pop %ebx ;\
2321     + xor %eax,%esi ;\
2322     + xor %esi,%ebp ;\
2323     + mov %esi,32*p1+16(%edi) ;\
2324     + mov %ebp,32*p1+20(%edi) ;\
2325     + xor %ebp,%edx ;\
2326     + xor %edx,%ebx ;\
2327     + mov %edx,32*p1+24(%edi) ;\
2328     + mov %ebx,32*p1+28(%edi)
2329     +
2330     + .align ALIGN32BYTES
2331     +aes_set_key:
2332     + pushfl
2333     + push %ebp
2334     + mov %esp,%ebp
2335     + sub $slen,%esp
2336     + push %ebx
2337     + push %esi
2338     + push %edi
2339     +
2340     + mov aes_cx(%ebp),%edx // edx -> AES context
2341     +
2342     + mov key_ln(%ebp),%ecx // key length
2343     + cmpl $128,%ecx
2344     + jb aes_30
2345     + shr $3,%ecx
2346     +aes_30: cmpl $32,%ecx
2347     + je aes_32
2348     + cmpl $24,%ecx
2349     + je aes_32
2350     + mov $16,%ecx
2351     +aes_32: shr $2,%ecx
2352     + mov %ecx,nkey(%edx)
2353     +
2354     + lea 6(%ecx),%eax // 10/12/14 for 4/6/8 32-bit key length
2355     + mov %eax,nrnd(%edx)
2356     +
2357     + mov in_key(%ebp),%esi // key input array
2358     + lea ekey(%edx),%edi // key position in AES context
2359     + cld
2360     + push %ebp
2361     + mov %ecx,%eax // save key length in eax
2362     + rep ; movsl // words in the key schedule
2363     + mov -4(%esi),%ebx // put some values in registers
2364     + mov -8(%esi),%edx // to allow faster code
2365     + mov -12(%esi),%ebp
2366     + mov -16(%esi),%esi
2367     +
2368     + cmpl $4,%eax // jump on key size
2369     + je aes_36
2370     + cmpl $6,%eax
2371     + je aes_35
2372     +
2373     + ksc8(0)
2374     + ksc8(1)
2375     + ksc8(2)
2376     + ksc8(3)
2377     + ksc8(4)
2378     + ksc8(5)
2379     + ksc8(6)
2380     + jmp aes_37
2381     +aes_35: ksc6(0)
2382     + ksc6(1)
2383     + ksc6(2)
2384     + ksc6(3)
2385     + ksc6(4)
2386     + ksc6(5)
2387     + ksc6(6)
2388     + ksc6(7)
2389     + jmp aes_37
2390     +aes_36: ksc4(0)
2391     + ksc4(1)
2392     + ksc4(2)
2393     + ksc4(3)
2394     + ksc4(4)
2395     + ksc4(5)
2396     + ksc4(6)
2397     + ksc4(7)
2398     + ksc4(8)
2399     + ksc4(9)
2400     +aes_37: pop %ebp
2401     + mov aes_cx(%ebp),%edx // edx -> AES context
2402     + cmpl $0,ed_flg(%ebp)
2403     + jne aes_39
2404     +
2405     +// compile decryption key schedule from encryption schedule - reverse
2406     +// order and do mix_column operation on round keys except first and last
2407     +
2408     + mov nrnd(%edx),%eax // kt = cx->d_key + nc * cx->Nrnd
2409     + shl $2,%eax
2410     + lea dkey(%edx,%eax,4),%edi
2411     + lea ekey(%edx),%esi // kf = cx->e_key
2412     +
2413     + movsl // copy first round key (unmodified)
2414     + movsl
2415     + movsl
2416     + movsl
2417     + sub $32,%edi
2418     + movl $1,cnt(%ebp)
2419     +aes_38: // do mix column on each column of
2420     + lodsl // each round key
2421     + mov %eax,%ebx
2422     + mix_col(aes_im_tab)
2423     + stosl
2424     + lodsl
2425     + mov %eax,%ebx
2426     + mix_col(aes_im_tab)
2427     + stosl
2428     + lodsl
2429     + mov %eax,%ebx
2430     + mix_col(aes_im_tab)
2431     + stosl
2432     + lodsl
2433     + mov %eax,%ebx
2434     + mix_col(aes_im_tab)
2435     + stosl
2436     + sub $32,%edi
2437     +
2438     + incl cnt(%ebp)
2439     + mov cnt(%ebp),%eax
2440     + cmp nrnd(%edx),%eax
2441     + jb aes_38
2442     +
2443     + movsl // copy last round key (unmodified)
2444     + movsl
2445     + movsl
2446     + movsl
2447     +aes_39: pop %edi
2448     + pop %esi
2449     + pop %ebx
2450     + mov %ebp,%esp
2451     + pop %ebp
2452     + popfl
2453     + ret
2454     +
2455     +
2456     +// finite field multiplies by {02}, {04} and {08}
2457     +
2458     +#define f2(x) ((x<<1)^(((x>>7)&1)*0x11b))
2459     +#define f4(x) ((x<<2)^(((x>>6)&1)*0x11b)^(((x>>6)&2)*0x11b))
2460     +#define f8(x) ((x<<3)^(((x>>5)&1)*0x11b)^(((x>>5)&2)*0x11b)^(((x>>5)&4)*0x11b))
2461     +
2462     +// finite field multiplies required in table generation
2463     +
2464     +#define f3(x) (f2(x) ^ x)
2465     +#define f9(x) (f8(x) ^ x)
2466     +#define fb(x) (f8(x) ^ f2(x) ^ x)
2467     +#define fd(x) (f8(x) ^ f4(x) ^ x)
2468     +#define fe(x) (f8(x) ^ f4(x) ^ f2(x))
2469     +
2470     +// These defines generate the forward table entries
2471     +
2472     +#define u0(x) ((f3(x) << 24) | (x << 16) | (x << 8) | f2(x))
2473     +#define u1(x) ((x << 24) | (x << 16) | (f2(x) << 8) | f3(x))
2474     +#define u2(x) ((x << 24) | (f2(x) << 16) | (f3(x) << 8) | x)
2475     +#define u3(x) ((f2(x) << 24) | (f3(x) << 16) | (x << 8) | x)
2476     +
2477     +// These defines generate the inverse table entries
2478     +
2479     +#define v0(x) ((fb(x) << 24) | (fd(x) << 16) | (f9(x) << 8) | fe(x))
2480     +#define v1(x) ((fd(x) << 24) | (f9(x) << 16) | (fe(x) << 8) | fb(x))
2481     +#define v2(x) ((f9(x) << 24) | (fe(x) << 16) | (fb(x) << 8) | fd(x))
2482     +#define v3(x) ((fe(x) << 24) | (fb(x) << 16) | (fd(x) << 8) | f9(x))
2483     +
2484     +// These defines generate entries for the last round tables
2485     +
2486     +#define w0(x) (x)
2487     +#define w1(x) (x << 8)
2488     +#define w2(x) (x << 16)
2489     +#define w3(x) (x << 24)
2490     +
2491     +// macro to generate inverse mix column tables (needed for the key schedule)
2492     +
2493     +#define im_data0(p1) \
2494     + .long p1(0x00),p1(0x01),p1(0x02),p1(0x03),p1(0x04),p1(0x05),p1(0x06),p1(0x07) ;\
2495     + .long p1(0x08),p1(0x09),p1(0x0a),p1(0x0b),p1(0x0c),p1(0x0d),p1(0x0e),p1(0x0f) ;\
2496     + .long p1(0x10),p1(0x11),p1(0x12),p1(0x13),p1(0x14),p1(0x15),p1(0x16),p1(0x17) ;\
2497     + .long p1(0x18),p1(0x19),p1(0x1a),p1(0x1b),p1(0x1c),p1(0x1d),p1(0x1e),p1(0x1f)
2498     +#define im_data1(p1) \
2499     + .long p1(0x20),p1(0x21),p1(0x22),p1(0x23),p1(0x24),p1(0x25),p1(0x26),p1(0x27) ;\
2500     + .long p1(0x28),p1(0x29),p1(0x2a),p1(0x2b),p1(0x2c),p1(0x2d),p1(0x2e),p1(0x2f) ;\
2501     + .long p1(0x30),p1(0x31),p1(0x32),p1(0x33),p1(0x34),p1(0x35),p1(0x36),p1(0x37) ;\
2502     + .long p1(0x38),p1(0x39),p1(0x3a),p1(0x3b),p1(0x3c),p1(0x3d),p1(0x3e),p1(0x3f)
2503     +#define im_data2(p1) \
2504     + .long p1(0x40),p1(0x41),p1(0x42),p1(0x43),p1(0x44),p1(0x45),p1(0x46),p1(0x47) ;\
2505     + .long p1(0x48),p1(0x49),p1(0x4a),p1(0x4b),p1(0x4c),p1(0x4d),p1(0x4e),p1(0x4f) ;\
2506     + .long p1(0x50),p1(0x51),p1(0x52),p1(0x53),p1(0x54),p1(0x55),p1(0x56),p1(0x57) ;\
2507     + .long p1(0x58),p1(0x59),p1(0x5a),p1(0x5b),p1(0x5c),p1(0x5d),p1(0x5e),p1(0x5f)
2508     +#define im_data3(p1) \
2509     + .long p1(0x60),p1(0x61),p1(0x62),p1(0x63),p1(0x64),p1(0x65),p1(0x66),p1(0x67) ;\
2510     + .long p1(0x68),p1(0x69),p1(0x6a),p1(0x6b),p1(0x6c),p1(0x6d),p1(0x6e),p1(0x6f) ;\
2511     + .long p1(0x70),p1(0x71),p1(0x72),p1(0x73),p1(0x74),p1(0x75),p1(0x76),p1(0x77) ;\
2512     + .long p1(0x78),p1(0x79),p1(0x7a),p1(0x7b),p1(0x7c),p1(0x7d),p1(0x7e),p1(0x7f)
2513     +#define im_data4(p1) \
2514     + .long p1(0x80),p1(0x81),p1(0x82),p1(0x83),p1(0x84),p1(0x85),p1(0x86),p1(0x87) ;\
2515     + .long p1(0x88),p1(0x89),p1(0x8a),p1(0x8b),p1(0x8c),p1(0x8d),p1(0x8e),p1(0x8f) ;\
2516     + .long p1(0x90),p1(0x91),p1(0x92),p1(0x93),p1(0x94),p1(0x95),p1(0x96),p1(0x97) ;\
2517     + .long p1(0x98),p1(0x99),p1(0x9a),p1(0x9b),p1(0x9c),p1(0x9d),p1(0x9e),p1(0x9f)
2518     +#define im_data5(p1) \
2519     + .long p1(0xa0),p1(0xa1),p1(0xa2),p1(0xa3),p1(0xa4),p1(0xa5),p1(0xa6),p1(0xa7) ;\
2520     + .long p1(0xa8),p1(0xa9),p1(0xaa),p1(0xab),p1(0xac),p1(0xad),p1(0xae),p1(0xaf) ;\
2521     + .long p1(0xb0),p1(0xb1),p1(0xb2),p1(0xb3),p1(0xb4),p1(0xb5),p1(0xb6),p1(0xb7) ;\
2522     + .long p1(0xb8),p1(0xb9),p1(0xba),p1(0xbb),p1(0xbc),p1(0xbd),p1(0xbe),p1(0xbf)
2523     +#define im_data6(p1) \
2524     + .long p1(0xc0),p1(0xc1),p1(0xc2),p1(0xc3),p1(0xc4),p1(0xc5),p1(0xc6),p1(0xc7) ;\
2525     + .long p1(0xc8),p1(0xc9),p1(0xca),p1(0xcb),p1(0xcc),p1(0xcd),p1(0xce),p1(0xcf) ;\
2526     + .long p1(0xd0),p1(0xd1),p1(0xd2),p1(0xd3),p1(0xd4),p1(0xd5),p1(0xd6),p1(0xd7) ;\
2527     + .long p1(0xd8),p1(0xd9),p1(0xda),p1(0xdb),p1(0xdc),p1(0xdd),p1(0xde),p1(0xdf)
2528     +#define im_data7(p1) \
2529     + .long p1(0xe0),p1(0xe1),p1(0xe2),p1(0xe3),p1(0xe4),p1(0xe5),p1(0xe6),p1(0xe7) ;\
2530     + .long p1(0xe8),p1(0xe9),p1(0xea),p1(0xeb),p1(0xec),p1(0xed),p1(0xee),p1(0xef) ;\
2531     + .long p1(0xf0),p1(0xf1),p1(0xf2),p1(0xf3),p1(0xf4),p1(0xf5),p1(0xf6),p1(0xf7) ;\
2532     + .long p1(0xf8),p1(0xf9),p1(0xfa),p1(0xfb),p1(0xfc),p1(0xfd),p1(0xfe),p1(0xff)
2533     +
2534     +// S-box data - 256 entries
2535     +
2536     +#define sb_data0(p1) \
2537     + .long p1(0x63),p1(0x7c),p1(0x77),p1(0x7b),p1(0xf2),p1(0x6b),p1(0x6f),p1(0xc5) ;\
2538     + .long p1(0x30),p1(0x01),p1(0x67),p1(0x2b),p1(0xfe),p1(0xd7),p1(0xab),p1(0x76) ;\
2539     + .long p1(0xca),p1(0x82),p1(0xc9),p1(0x7d),p1(0xfa),p1(0x59),p1(0x47),p1(0xf0) ;\
2540     + .long p1(0xad),p1(0xd4),p1(0xa2),p1(0xaf),p1(0x9c),p1(0xa4),p1(0x72),p1(0xc0)
2541     +#define sb_data1(p1) \
2542     + .long p1(0xb7),p1(0xfd),p1(0x93),p1(0x26),p1(0x36),p1(0x3f),p1(0xf7),p1(0xcc) ;\
2543     + .long p1(0x34),p1(0xa5),p1(0xe5),p1(0xf1),p1(0x71),p1(0xd8),p1(0x31),p1(0x15) ;\
2544     + .long p1(0x04),p1(0xc7),p1(0x23),p1(0xc3),p1(0x18),p1(0x96),p1(0x05),p1(0x9a) ;\
2545     + .long p1(0x07),p1(0x12),p1(0x80),p1(0xe2),p1(0xeb),p1(0x27),p1(0xb2),p1(0x75)
2546     +#define sb_data2(p1) \
2547     + .long p1(0x09),p1(0x83),p1(0x2c),p1(0x1a),p1(0x1b),p1(0x6e),p1(0x5a),p1(0xa0) ;\
2548     + .long p1(0x52),p1(0x3b),p1(0xd6),p1(0xb3),p1(0x29),p1(0xe3),p1(0x2f),p1(0x84) ;\
2549     + .long p1(0x53),p1(0xd1),p1(0x00),p1(0xed),p1(0x20),p1(0xfc),p1(0xb1),p1(0x5b) ;\
2550     + .long p1(0x6a),p1(0xcb),p1(0xbe),p1(0x39),p1(0x4a),p1(0x4c),p1(0x58),p1(0xcf)
2551     +#define sb_data3(p1) \
2552     + .long p1(0xd0),p1(0xef),p1(0xaa),p1(0xfb),p1(0x43),p1(0x4d),p1(0x33),p1(0x85) ;\
2553     + .long p1(0x45),p1(0xf9),p1(0x02),p1(0x7f),p1(0x50),p1(0x3c),p1(0x9f),p1(0xa8) ;\
2554     + .long p1(0x51),p1(0xa3),p1(0x40),p1(0x8f),p1(0x92),p1(0x9d),p1(0x38),p1(0xf5) ;\
2555     + .long p1(0xbc),p1(0xb6),p1(0xda),p1(0x21),p1(0x10),p1(0xff),p1(0xf3),p1(0xd2)
2556     +#define sb_data4(p1) \
2557     + .long p1(0xcd),p1(0x0c),p1(0x13),p1(0xec),p1(0x5f),p1(0x97),p1(0x44),p1(0x17) ;\
2558     + .long p1(0xc4),p1(0xa7),p1(0x7e),p1(0x3d),p1(0x64),p1(0x5d),p1(0x19),p1(0x73) ;\
2559     + .long p1(0x60),p1(0x81),p1(0x4f),p1(0xdc),p1(0x22),p1(0x2a),p1(0x90),p1(0x88) ;\
2560     + .long p1(0x46),p1(0xee),p1(0xb8),p1(0x14),p1(0xde),p1(0x5e),p1(0x0b),p1(0xdb)
2561     +#define sb_data5(p1) \
2562     + .long p1(0xe0),p1(0x32),p1(0x3a),p1(0x0a),p1(0x49),p1(0x06),p1(0x24),p1(0x5c) ;\
2563     + .long p1(0xc2),p1(0xd3),p1(0xac),p1(0x62),p1(0x91),p1(0x95),p1(0xe4),p1(0x79) ;\
2564     + .long p1(0xe7),p1(0xc8),p1(0x37),p1(0x6d),p1(0x8d),p1(0xd5),p1(0x4e),p1(0xa9) ;\
2565     + .long p1(0x6c),p1(0x56),p1(0xf4),p1(0xea),p1(0x65),p1(0x7a),p1(0xae),p1(0x08)
2566     +#define sb_data6(p1) \
2567     + .long p1(0xba),p1(0x78),p1(0x25),p1(0x2e),p1(0x1c),p1(0xa6),p1(0xb4),p1(0xc6) ;\
2568     + .long p1(0xe8),p1(0xdd),p1(0x74),p1(0x1f),p1(0x4b),p1(0xbd),p1(0x8b),p1(0x8a) ;\
2569     + .long p1(0x70),p1(0x3e),p1(0xb5),p1(0x66),p1(0x48),p1(0x03),p1(0xf6),p1(0x0e) ;\
2570     + .long p1(0x61),p1(0x35),p1(0x57),p1(0xb9),p1(0x86),p1(0xc1),p1(0x1d),p1(0x9e)
2571     +#define sb_data7(p1) \
2572     + .long p1(0xe1),p1(0xf8),p1(0x98),p1(0x11),p1(0x69),p1(0xd9),p1(0x8e),p1(0x94) ;\
2573     + .long p1(0x9b),p1(0x1e),p1(0x87),p1(0xe9),p1(0xce),p1(0x55),p1(0x28),p1(0xdf) ;\
2574     + .long p1(0x8c),p1(0xa1),p1(0x89),p1(0x0d),p1(0xbf),p1(0xe6),p1(0x42),p1(0x68) ;\
2575     + .long p1(0x41),p1(0x99),p1(0x2d),p1(0x0f),p1(0xb0),p1(0x54),p1(0xbb),p1(0x16)
2576     +
2577     +// Inverse S-box data - 256 entries
2578     +
2579     +#define ib_data0(p1) \
2580     + .long p1(0x52),p1(0x09),p1(0x6a),p1(0xd5),p1(0x30),p1(0x36),p1(0xa5),p1(0x38) ;\
2581     + .long p1(0xbf),p1(0x40),p1(0xa3),p1(0x9e),p1(0x81),p1(0xf3),p1(0xd7),p1(0xfb) ;\
2582     + .long p1(0x7c),p1(0xe3),p1(0x39),p1(0x82),p1(0x9b),p1(0x2f),p1(0xff),p1(0x87) ;\
2583     + .long p1(0x34),p1(0x8e),p1(0x43),p1(0x44),p1(0xc4),p1(0xde),p1(0xe9),p1(0xcb)
2584     +#define ib_data1(p1) \
2585     + .long p1(0x54),p1(0x7b),p1(0x94),p1(0x32),p1(0xa6),p1(0xc2),p1(0x23),p1(0x3d) ;\
2586     + .long p1(0xee),p1(0x4c),p1(0x95),p1(0x0b),p1(0x42),p1(0xfa),p1(0xc3),p1(0x4e) ;\
2587     + .long p1(0x08),p1(0x2e),p1(0xa1),p1(0x66),p1(0x28),p1(0xd9),p1(0x24),p1(0xb2) ;\
2588     + .long p1(0x76),p1(0x5b),p1(0xa2),p1(0x49),p1(0x6d),p1(0x8b),p1(0xd1),p1(0x25)
2589     +#define ib_data2(p1) \
2590     + .long p1(0x72),p1(0xf8),p1(0xf6),p1(0x64),p1(0x86),p1(0x68),p1(0x98),p1(0x16) ;\
2591     + .long p1(0xd4),p1(0xa4),p1(0x5c),p1(0xcc),p1(0x5d),p1(0x65),p1(0xb6),p1(0x92) ;\
2592     + .long p1(0x6c),p1(0x70),p1(0x48),p1(0x50),p1(0xfd),p1(0xed),p1(0xb9),p1(0xda) ;\
2593     + .long p1(0x5e),p1(0x15),p1(0x46),p1(0x57),p1(0xa7),p1(0x8d),p1(0x9d),p1(0x84)
2594     +#define ib_data3(p1) \
2595     + .long p1(0x90),p1(0xd8),p1(0xab),p1(0x00),p1(0x8c),p1(0xbc),p1(0xd3),p1(0x0a) ;\
2596     + .long p1(0xf7),p1(0xe4),p1(0x58),p1(0x05),p1(0xb8),p1(0xb3),p1(0x45),p1(0x06) ;\
2597     + .long p1(0xd0),p1(0x2c),p1(0x1e),p1(0x8f),p1(0xca),p1(0x3f),p1(0x0f),p1(0x02) ;\
2598     + .long p1(0xc1),p1(0xaf),p1(0xbd),p1(0x03),p1(0x01),p1(0x13),p1(0x8a),p1(0x6b)
2599     +#define ib_data4(p1) \
2600     + .long p1(0x3a),p1(0x91),p1(0x11),p1(0x41),p1(0x4f),p1(0x67),p1(0xdc),p1(0xea) ;\
2601     + .long p1(0x97),p1(0xf2),p1(0xcf),p1(0xce),p1(0xf0),p1(0xb4),p1(0xe6),p1(0x73) ;\
2602     + .long p1(0x96),p1(0xac),p1(0x74),p1(0x22),p1(0xe7),p1(0xad),p1(0x35),p1(0x85) ;\
2603     + .long p1(0xe2),p1(0xf9),p1(0x37),p1(0xe8),p1(0x1c),p1(0x75),p1(0xdf),p1(0x6e)
2604     +#define ib_data5(p1) \
2605     + .long p1(0x47),p1(0xf1),p1(0x1a),p1(0x71),p1(0x1d),p1(0x29),p1(0xc5),p1(0x89) ;\
2606     + .long p1(0x6f),p1(0xb7),p1(0x62),p1(0x0e),p1(0xaa),p1(0x18),p1(0xbe),p1(0x1b) ;\
2607     + .long p1(0xfc),p1(0x56),p1(0x3e),p1(0x4b),p1(0xc6),p1(0xd2),p1(0x79),p1(0x20) ;\
2608     + .long p1(0x9a),p1(0xdb),p1(0xc0),p1(0xfe),p1(0x78),p1(0xcd),p1(0x5a),p1(0xf4)
2609     +#define ib_data6(p1) \
2610     + .long p1(0x1f),p1(0xdd),p1(0xa8),p1(0x33),p1(0x88),p1(0x07),p1(0xc7),p1(0x31) ;\
2611     + .long p1(0xb1),p1(0x12),p1(0x10),p1(0x59),p1(0x27),p1(0x80),p1(0xec),p1(0x5f) ;\
2612     + .long p1(0x60),p1(0x51),p1(0x7f),p1(0xa9),p1(0x19),p1(0xb5),p1(0x4a),p1(0x0d) ;\
2613     + .long p1(0x2d),p1(0xe5),p1(0x7a),p1(0x9f),p1(0x93),p1(0xc9),p1(0x9c),p1(0xef)
2614     +#define ib_data7(p1) \
2615     + .long p1(0xa0),p1(0xe0),p1(0x3b),p1(0x4d),p1(0xae),p1(0x2a),p1(0xf5),p1(0xb0) ;\
2616     + .long p1(0xc8),p1(0xeb),p1(0xbb),p1(0x3c),p1(0x83),p1(0x53),p1(0x99),p1(0x61) ;\
2617     + .long p1(0x17),p1(0x2b),p1(0x04),p1(0x7e),p1(0xba),p1(0x77),p1(0xd6),p1(0x26) ;\
2618     + .long p1(0xe1),p1(0x69),p1(0x14),p1(0x63),p1(0x55),p1(0x21),p1(0x0c),p1(0x7d)
2619     +
2620     +// The rcon_table (needed for the key schedule)
2621     +//
2622     +// Here is original Dr Brian Gladman's source code:
2623     +// _rcon_tab:
2624     +// %assign x 1
2625     +// %rep 29
2626     +// dd x
2627     +// %assign x f2(x)
2628     +// %endrep
2629     +//
2630     +// Here is precomputed output (it's more portable this way):
2631     +
2632     + .align ALIGN32BYTES
2633     +aes_rcon_tab:
2634     + .long 0x01,0x02,0x04,0x08,0x10,0x20,0x40,0x80
2635     + .long 0x1b,0x36,0x6c,0xd8,0xab,0x4d,0x9a,0x2f
2636     + .long 0x5e,0xbc,0x63,0xc6,0x97,0x35,0x6a,0xd4
2637     + .long 0xb3,0x7d,0xfa,0xef,0xc5
2638     +
2639     +// The forward xor tables
2640     +
2641     + .align ALIGN32BYTES
2642     +aes_ft_tab:
2643     + sb_data0(u0)
2644     + sb_data1(u0)
2645     + sb_data2(u0)
2646     + sb_data3(u0)
2647     + sb_data4(u0)
2648     + sb_data5(u0)
2649     + sb_data6(u0)
2650     + sb_data7(u0)
2651     +
2652     + sb_data0(u1)
2653     + sb_data1(u1)
2654     + sb_data2(u1)
2655     + sb_data3(u1)
2656     + sb_data4(u1)
2657     + sb_data5(u1)
2658     + sb_data6(u1)
2659     + sb_data7(u1)
2660     +
2661     + sb_data0(u2)
2662     + sb_data1(u2)
2663     + sb_data2(u2)
2664     + sb_data3(u2)
2665     + sb_data4(u2)
2666     + sb_data5(u2)
2667     + sb_data6(u2)
2668     + sb_data7(u2)
2669     +
2670     + sb_data0(u3)
2671     + sb_data1(u3)
2672     + sb_data2(u3)
2673     + sb_data3(u3)
2674     + sb_data4(u3)
2675     + sb_data5(u3)
2676     + sb_data6(u3)
2677     + sb_data7(u3)
2678     +
2679     + .align ALIGN32BYTES
2680     +aes_fl_tab:
2681     + sb_data0(w0)
2682     + sb_data1(w0)
2683     + sb_data2(w0)
2684     + sb_data3(w0)
2685     + sb_data4(w0)
2686     + sb_data5(w0)
2687     + sb_data6(w0)
2688     + sb_data7(w0)
2689     +
2690     + sb_data0(w1)
2691     + sb_data1(w1)
2692     + sb_data2(w1)
2693     + sb_data3(w1)
2694     + sb_data4(w1)
2695     + sb_data5(w1)
2696     + sb_data6(w1)
2697     + sb_data7(w1)
2698     +
2699     + sb_data0(w2)
2700     + sb_data1(w2)
2701     + sb_data2(w2)
2702     + sb_data3(w2)
2703     + sb_data4(w2)
2704     + sb_data5(w2)
2705     + sb_data6(w2)
2706     + sb_data7(w2)
2707     +
2708     + sb_data0(w3)
2709     + sb_data1(w3)
2710     + sb_data2(w3)
2711     + sb_data3(w3)
2712     + sb_data4(w3)
2713     + sb_data5(w3)
2714     + sb_data6(w3)
2715     + sb_data7(w3)
2716     +
2717     +// The inverse xor tables
2718     +
2719     + .align ALIGN32BYTES
2720     +aes_it_tab:
2721     + ib_data0(v0)
2722     + ib_data1(v0)
2723     + ib_data2(v0)
2724     + ib_data3(v0)
2725     + ib_data4(v0)
2726     + ib_data5(v0)
2727     + ib_data6(v0)
2728     + ib_data7(v0)
2729     +
2730     + ib_data0(v1)
2731     + ib_data1(v1)
2732     + ib_data2(v1)
2733     + ib_data3(v1)
2734     + ib_data4(v1)
2735     + ib_data5(v1)
2736     + ib_data6(v1)
2737     + ib_data7(v1)
2738     +
2739     + ib_data0(v2)
2740     + ib_data1(v2)
2741     + ib_data2(v2)
2742     + ib_data3(v2)
2743     + ib_data4(v2)
2744     + ib_data5(v2)
2745     + ib_data6(v2)
2746     + ib_data7(v2)
2747     +
2748     + ib_data0(v3)
2749     + ib_data1(v3)
2750     + ib_data2(v3)
2751     + ib_data3(v3)
2752     + ib_data4(v3)
2753     + ib_data5(v3)
2754     + ib_data6(v3)
2755     + ib_data7(v3)
2756     +
2757     + .align ALIGN32BYTES
2758     +aes_il_tab:
2759     + ib_data0(w0)
2760     + ib_data1(w0)
2761     + ib_data2(w0)
2762     + ib_data3(w0)
2763     + ib_data4(w0)
2764     + ib_data5(w0)
2765     + ib_data6(w0)
2766     + ib_data7(w0)
2767     +
2768     + ib_data0(w1)
2769     + ib_data1(w1)
2770     + ib_data2(w1)
2771     + ib_data3(w1)
2772     + ib_data4(w1)
2773     + ib_data5(w1)
2774     + ib_data6(w1)
2775     + ib_data7(w1)
2776     +
2777     + ib_data0(w2)
2778     + ib_data1(w2)
2779     + ib_data2(w2)
2780     + ib_data3(w2)
2781     + ib_data4(w2)
2782     + ib_data5(w2)
2783     + ib_data6(w2)
2784     + ib_data7(w2)
2785     +
2786     + ib_data0(w3)
2787     + ib_data1(w3)
2788     + ib_data2(w3)
2789     + ib_data3(w3)
2790     + ib_data4(w3)
2791     + ib_data5(w3)
2792     + ib_data6(w3)
2793     + ib_data7(w3)
2794     +
2795     +// The inverse mix column tables
2796     +
2797     + .align ALIGN32BYTES
2798     +aes_im_tab:
2799     + im_data0(v0)
2800     + im_data1(v0)
2801     + im_data2(v0)
2802     + im_data3(v0)
2803     + im_data4(v0)
2804     + im_data5(v0)
2805     + im_data6(v0)
2806     + im_data7(v0)
2807     +
2808     + im_data0(v1)
2809     + im_data1(v1)
2810     + im_data2(v1)
2811     + im_data3(v1)
2812     + im_data4(v1)
2813     + im_data5(v1)
2814     + im_data6(v1)
2815     + im_data7(v1)
2816     +
2817     + im_data0(v2)
2818     + im_data1(v2)
2819     + im_data2(v2)
2820     + im_data3(v2)
2821     + im_data4(v2)
2822     + im_data5(v2)
2823     + im_data6(v2)
2824     + im_data7(v2)
2825     +
2826     + im_data0(v3)
2827     + im_data1(v3)
2828     + im_data2(v3)
2829     + im_data3(v3)
2830     + im_data4(v3)
2831     + im_data5(v3)
2832     + im_data6(v3)
2833     + im_data7(v3)
2834 max 278 diff -urN linux-2.4.26-noloop/drivers/misc/aes.c linux-2.4.26-AES/drivers/misc/aes.c
2835     --- linux-2.4.26-noloop/drivers/misc/aes.c Thu Jan 1 02:00:00 1970
2836     +++ linux-2.4.26-AES/drivers/misc/aes.c Sat May 1 19:46:45 2004
2837     @@ -0,0 +1,1479 @@
2838 max 21 +// I retain copyright in this code but I encourage its free use provided
2839     +// that I don't carry any responsibility for the results. I am especially
2840     +// happy to see it used in free and open source software. If you do use
2841     +// it I would appreciate an acknowledgement of its origin in the code or
2842     +// the product that results and I would also appreciate knowing a little
2843     +// about the use to which it is being put. I am grateful to Frank Yellin
2844     +// for some ideas that are used in this implementation.
2845     +//
2846     +// Dr B. R. Gladman <brg@gladman.uk.net> 6th April 2001.
2847     +//
2848     +// This is an implementation of the AES encryption algorithm (Rijndael)
2849     +// designed by Joan Daemen and Vincent Rijmen. This version is designed
2850     +// to provide both fixed and dynamic block and key lengths and can also
2851     +// run with either big or little endian internal byte order (see aes.h).
2852     +// It inputs block and key lengths in bytes with the legal values being
2853     +// 16, 24 and 32.
2854     +
2855     +/*
2856     + * Modified by Jari Ruusu, May 1 2001
2857     + * - Fixed some compile warnings, code was ok but gcc warned anyway.
2858     + * - Changed basic types: byte -> unsigned char, word -> u_int32_t
2859     + * - Major name space cleanup: Names visible to outside now begin
2860     + * with "aes_" or "AES_". A lot of stuff moved from aes.h to aes.c
2861     + * - Removed C++ and DLL support as part of name space cleanup.
2862     + * - Eliminated unnecessary recomputation of tables. (actual bug fix)
2863     + * - Merged precomputed constant tables to aes.c file.
2864     + * - Removed data alignment restrictions for portability reasons.
2865     + * - Made block and key lengths accept bit count (128/192/256)
2866     + * as well byte count (16/24/32).
2867     + * - Removed all error checks. This change also eliminated the need
2868     + * to preinitialize the context struct to zero.
2869     + * - Removed some totally unused constants.
2870     + */
2871 max 278 +/*
2872     + * Modified by Jari Ruusu, April 21 2004
2873     + * - Added back code that avoids byte swaps on big endian boxes.
2874     + */
2875 max 21 +
2876     +#include "aes.h"
2877     +
2878     +// CONFIGURATION OPTIONS (see also aes.h)
2879     +//
2880     +// 1. Define UNROLL for full loop unrolling in encryption and decryption.
2881     +// 2. Define PARTIAL_UNROLL to unroll two loops in encryption and decryption.
2882     +// 3. Define FIXED_TABLES for compiled rather than dynamic tables.
2883     +// 4. Define FF_TABLES to use tables for field multiplies and inverses.
2884     +// Do not enable this without understanding stack space requirements.
2885     +// 5. Define ARRAYS to use arrays to hold the local state block. If this
2886     +// is not defined, individually declared 32-bit words are used.
2887     +// 6. Define FAST_VARIABLE if a high speed variable block implementation
2888     +// is needed (essentially three separate fixed block size code sequences)
2889     +// 7. Define either ONE_TABLE or FOUR_TABLES for a fast table driven
2890     +// version using 1 table (2 kbytes of table space) or 4 tables (8
2891     +// kbytes of table space) for higher speed.
2892     +// 8. Define either ONE_LR_TABLE or FOUR_LR_TABLES for a further speed
2893     +// increase by using tables for the last rounds but with more table
2894     +// space (2 or 8 kbytes extra).
2895     +// 9. If neither ONE_TABLE nor FOUR_TABLES is defined, a compact but
2896     +// slower version is provided.
2897     +// 10. If fast decryption key scheduling is needed define ONE_IM_TABLE
2898     +// or FOUR_IM_TABLES for higher speed (2 or 8 kbytes extra).
2899     +
2900     +#define UNROLL
2901     +//#define PARTIAL_UNROLL
2902     +
2903     +#define FIXED_TABLES
2904     +//#define FF_TABLES
2905     +//#define ARRAYS
2906     +#define FAST_VARIABLE
2907     +
2908     +//#define ONE_TABLE
2909     +#define FOUR_TABLES
2910     +
2911     +//#define ONE_LR_TABLE
2912     +#define FOUR_LR_TABLES
2913     +
2914     +//#define ONE_IM_TABLE
2915     +#define FOUR_IM_TABLES
2916     +
2917     +#if defined(UNROLL) && defined (PARTIAL_UNROLL)
2918     +#error both UNROLL and PARTIAL_UNROLL are defined
2919     +#endif
2920     +
2921     +#if defined(ONE_TABLE) && defined (FOUR_TABLES)
2922     +#error both ONE_TABLE and FOUR_TABLES are defined
2923     +#endif
2924     +
2925     +#if defined(ONE_LR_TABLE) && defined (FOUR_LR_TABLES)
2926     +#error both ONE_LR_TABLE and FOUR_LR_TABLES are defined
2927     +#endif
2928     +
2929     +#if defined(ONE_IM_TABLE) && defined (FOUR_IM_TABLES)
2930     +#error both ONE_IM_TABLE and FOUR_IM_TABLES are defined
2931     +#endif
2932     +
2933     +#if defined(AES_BLOCK_SIZE) && AES_BLOCK_SIZE != 16 && AES_BLOCK_SIZE != 24 && AES_BLOCK_SIZE != 32
2934     +#error an illegal block size has been specified
2935     +#endif
2936     +
2937 max 278 +/* INTERNAL_BYTE_ORDER: 0=unknown, 1=little endian, 2=big endian */
2938     +#if defined(INTERNAL_BYTE_ORDER)
2939     +#elif defined(__i386__)||defined(__i386)||defined(__x86_64__)||defined(__x86_64)||defined(__amd64__)||defined(__amd64)||defined(__AMD64__)||defined(__AMD64)
2940     +# define INTERNAL_BYTE_ORDER 1
2941     +# undef DATA_ALWAYS_ALIGNED
2942     +# define DATA_ALWAYS_ALIGNED 1 /* unaligned access is always ok */
2943     +#elif defined(__ppc__)||defined(__ppc)||defined(__PPC__)||defined(__PPC)||defined(__powerpc__)||defined(__powerpc)||defined(__POWERPC__)||defined(__POWERPC)||defined(__PowerPC__)||defined(__PowerPC)||defined(__ppc64__)||defined(__ppc64)||defined(__PPC64__)||defined(__PPC64)||defined(__powerpc64__)||defined(__powerpc64)||defined(__s390__)||defined(__s390)
2944     +# define INTERNAL_BYTE_ORDER 2
2945     +# undef DATA_ALWAYS_ALIGNED
2946     +# define DATA_ALWAYS_ALIGNED 1 /* unaligned access is always ok */
2947     +#elif defined(__alpha__)||defined(__alpha)||defined(__ia64__)||defined(__ia64)
2948     +# define INTERNAL_BYTE_ORDER 1
2949     +#elif defined(__hppa__)||defined(__hppa)||defined(__HPPA__)||defined(__HPPA)||defined(__parisc__)||defined(__parisc)||defined(__sparc__)||defined(__sparc)||defined(__sparc_v9__)||defined(__sparc_v9)||defined(__sparc64__)||defined(__sparc64)||defined(__mc68000__)||defined(__mc68000)
2950     +# define INTERNAL_BYTE_ORDER 2
2951     +#elif defined(CONFIGURE_DETECTS_BYTE_ORDER)
2952     +# if defined(WORDS_BIGENDIAN)
2953     +# define INTERNAL_BYTE_ORDER 2
2954     +# else
2955     +# define INTERNAL_BYTE_ORDER 1
2956     +# endif
2957     +#elif defined(__linux__) && defined(__KERNEL__)
2958     +# include <asm/byteorder.h>
2959     +# if defined(__BIG_ENDIAN)
2960     +# define INTERNAL_BYTE_ORDER 2
2961     +# else
2962     +# define INTERNAL_BYTE_ORDER 1
2963     +# endif
2964     +#else
2965     +# include <sys/param.h>
2966     +# if (defined(BYTE_ORDER) && defined(LITTLE_ENDIAN) && (BYTE_ORDER == LITTLE_ENDIAN)) || (defined(__BYTE_ORDER) && defined(__LITTLE_ENDIAN) && (__BYTE_ORDER == __LITTLE_ENDIAN))
2967     +# define INTERNAL_BYTE_ORDER 1
2968     +# elif defined(WORDS_BIGENDIAN) || defined(__BIG_ENDIAN__) || (defined(BYTE_ORDER) && defined(BIG_ENDIAN) && (BYTE_ORDER == BIG_ENDIAN)) || (defined(__BYTE_ORDER) && defined(__BIG_ENDIAN) && (__BYTE_ORDER == __BIG_ENDIAN))
2969     +# define INTERNAL_BYTE_ORDER 2
2970     +# else
2971     +# define INTERNAL_BYTE_ORDER 0
2972     +# endif
2973     +#endif
2974     +
2975     +#if defined(DATA_ALWAYS_ALIGNED) && (INTERNAL_BYTE_ORDER > 0)
2976     +# define word_in(x) *(u_int32_t*)(x)
2977     +# define word_out(x,v) *(u_int32_t*)(x) = (v)
2978     +#elif defined(__linux__) && defined(__KERNEL__)
2979     +# include <asm/unaligned.h>
2980     +# define word_in(x) get_unaligned((u_int32_t*)(x))
2981     +# define word_out(x,v) put_unaligned((v),(u_int32_t*)(x))
2982     +#else
2983     +/* unknown endianness and/or unable to handle unaligned data */
2984     +# undef INTERNAL_BYTE_ORDER
2985     +# define INTERNAL_BYTE_ORDER 1
2986     +# define word_in(x) ((u_int32_t)(((unsigned char *)(x))[0])|((u_int32_t)(((unsigned char *)(x))[1])<<8)|((u_int32_t)(((unsigned char *)(x))[2])<<16)|((u_int32_t)(((unsigned char *)(x))[3])<<24))
2987     +# define word_out(x,v) ((unsigned char *)(x))[0]=(v),((unsigned char *)(x))[1]=((v)>>8),((unsigned char *)(x))[2]=((v)>>16),((unsigned char *)(x))[3]=((v)>>24)
2988     +#endif
2989     +
2990 max 21 +// upr(x,n): rotates bytes within words by n positions, moving bytes
2991     +// to higher index positions with wrap around into low positions
2992     +// ups(x,n): moves bytes by n positions to higher index positions in
2993     +// words but without wrap around
2994     +// bval(x,n): extracts a byte from a word
2995     +
2996 max 278 +#if (INTERNAL_BYTE_ORDER < 2)
2997     +/* little endian */
2998 max 21 +#define upr(x,n) (((x) << 8 * (n)) | ((x) >> (32 - 8 * (n))))
2999     +#define ups(x,n) ((x) << 8 * (n))
3000     +#define bval(x,n) ((unsigned char)((x) >> 8 * (n)))
3001     +#define bytes2word(b0, b1, b2, b3) \
3002     + ((u_int32_t)(b3) << 24 | (u_int32_t)(b2) << 16 | (u_int32_t)(b1) << 8 | (b0))
3003     +#else
3004 max 278 +/* big endian */
3005     +#define upr(x,n) (((x) >> 8 * (n)) | ((x) << (32 - 8 * (n))))
3006     +#define ups(x,n) ((x) >> 8 * (n)))
3007     +#define bval(x,n) ((unsigned char)((x) >> (24 - 8 * (n))))
3008     +#define bytes2word(b0, b1, b2, b3) \
3009     + ((u_int32_t)(b0) << 24 | (u_int32_t)(b1) << 16 | (u_int32_t)(b2) << 8 | (b3))
3010 max 21 +#endif
3011     +
3012     +// Disable at least some poor combinations of options
3013     +
3014     +#if !defined(ONE_TABLE) && !defined(FOUR_TABLES)
3015     +#define FIXED_TABLES
3016     +#undef UNROLL
3017     +#undef ONE_LR_TABLE
3018     +#undef FOUR_LR_TABLES
3019     +#undef ONE_IM_TABLE
3020     +#undef FOUR_IM_TABLES
3021     +#elif !defined(FOUR_TABLES)
3022     +#ifdef FOUR_LR_TABLES
3023     +#undef FOUR_LR_TABLES
3024     +#define ONE_LR_TABLE
3025     +#endif
3026     +#ifdef FOUR_IM_TABLES
3027     +#undef FOUR_IM_TABLES
3028     +#define ONE_IM_TABLE
3029     +#endif
3030     +#elif !defined(AES_BLOCK_SIZE)
3031     +#if defined(UNROLL)
3032     +#define PARTIAL_UNROLL
3033     +#undef UNROLL
3034     +#endif
3035     +#endif
3036     +
3037     +// the finite field modular polynomial and elements
3038     +
3039     +#define ff_poly 0x011b
3040     +#define ff_hi 0x80
3041     +
3042     +// multiply four bytes in GF(2^8) by 'x' {02} in parallel
3043     +
3044     +#define m1 0x80808080
3045     +#define m2 0x7f7f7f7f
3046     +#define m3 0x0000001b
3047     +#define FFmulX(x) ((((x) & m2) << 1) ^ ((((x) & m1) >> 7) * m3))
3048     +
3049     +// The following defines provide alternative definitions of FFmulX that might
3050     +// give improved performance if a fast 32-bit multiply is not available. Note
3051     +// that a temporary variable u needs to be defined where FFmulX is used.
3052     +
3053     +// #define FFmulX(x) (u = (x) & m1, u |= (u >> 1), ((x) & m2) << 1) ^ ((u >> 3) | (u >> 6))
3054     +// #define m4 0x1b1b1b1b
3055     +// #define FFmulX(x) (u = (x) & m1, ((x) & m2) << 1) ^ ((u - (u >> 7)) & m4)
3056     +
3057     +// perform column mix operation on four bytes in parallel
3058     +
3059     +#define fwd_mcol(x) (f2 = FFmulX(x), f2 ^ upr(x ^ f2,3) ^ upr(x,2) ^ upr(x,1))
3060     +
3061     +#if defined(FIXED_TABLES)
3062     +
3063     +// the S-Box table
3064     +
3065     +static const unsigned char s_box[256] =
3066     +{
3067     + 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
3068     + 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
3069     + 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
3070     + 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
3071     + 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc,
3072     + 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
3073     + 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a,
3074     + 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
3075     + 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
3076     + 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
3077     + 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b,
3078     + 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
3079     + 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85,
3080     + 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
3081     + 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
3082     + 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
3083     + 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17,
3084     + 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
3085     + 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88,
3086     + 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
3087     + 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
3088     + 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
3089     + 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9,
3090     + 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
3091     + 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6,
3092     + 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
3093     + 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
3094     + 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
3095     + 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94,
3096     + 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
3097     + 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68,
3098     + 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
3099     +};
3100     +
3101     +// the inverse S-Box table
3102     +
3103     +static const unsigned char inv_s_box[256] =
3104     +{
3105     + 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38,
3106     + 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb,
3107     + 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87,
3108     + 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb,
3109     + 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d,
3110     + 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e,
3111     + 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2,
3112     + 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25,
3113     + 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16,
3114     + 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92,
3115     + 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda,
3116     + 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84,
3117     + 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a,
3118     + 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06,
3119     + 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02,
3120     + 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b,
3121     + 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea,
3122     + 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73,
3123     + 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85,
3124     + 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e,
3125     + 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89,
3126     + 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b,
3127     + 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20,
3128     + 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4,
3129     + 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31,
3130     + 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f,
3131     + 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d,
3132     + 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef,
3133     + 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0,
3134     + 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61,
3135     + 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26,
3136     + 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
3137     +};
3138     +
3139 max 278 +// used to ensure table is generated in the right format
3140     +// depending on the internal byte order required
3141     +
3142     +#if (INTERNAL_BYTE_ORDER < 2)
3143     +/* little endian */
3144 max 21 +#define w0(p) 0x000000##p
3145 max 278 +#else
3146     +/* big endian */
3147     +#define w0(p) 0x##p##000000
3148     +#endif
3149 max 21 +
3150     +// Number of elements required in this table for different
3151     +// block and key lengths is:
3152     +//
3153     +// Nk = 4 6 8
3154     +// ----------
3155     +// Nb = 4 | 10 8 7
3156     +// 6 | 19 12 11
3157     +// 8 | 29 19 14
3158     +//
3159     +// this table can be a table of bytes if the key schedule
3160     +// code is adjusted accordingly
3161     +
3162     +static const u_int32_t rcon_tab[29] =
3163     +{
3164     + w0(01), w0(02), w0(04), w0(08),
3165     + w0(10), w0(20), w0(40), w0(80),
3166     + w0(1b), w0(36), w0(6c), w0(d8),
3167     + w0(ab), w0(4d), w0(9a), w0(2f),
3168     + w0(5e), w0(bc), w0(63), w0(c6),
3169     + w0(97), w0(35), w0(6a), w0(d4),
3170     + w0(b3), w0(7d), w0(fa), w0(ef),
3171     + w0(c5)
3172     +};
3173     +
3174     +#undef w0
3175     +
3176 max 278 +// used to ensure table is generated in the right format
3177     +// depending on the internal byte order required
3178     +
3179     +#if (INTERNAL_BYTE_ORDER < 2)
3180     +/* little endian */
3181 max 21 +#define r0(p,q,r,s) 0x##p##q##r##s
3182     +#define r1(p,q,r,s) 0x##q##r##s##p
3183     +#define r2(p,q,r,s) 0x##r##s##p##q
3184     +#define r3(p,q,r,s) 0x##s##p##q##r
3185     +#define w0(p) 0x000000##p
3186     +#define w1(p) 0x0000##p##00
3187     +#define w2(p) 0x00##p##0000
3188     +#define w3(p) 0x##p##000000
3189 max 278 +#else
3190     +/* big endian */
3191     +#define r0(p,q,r,s) 0x##s##r##q##p
3192     +#define r1(p,q,r,s) 0x##p##s##r##q
3193     +#define r2(p,q,r,s) 0x##q##p##s##r
3194     +#define r3(p,q,r,s) 0x##r##q##p##s
3195     +#define w0(p) 0x##p##000000
3196     +#define w1(p) 0x00##p##0000
3197     +#define w2(p) 0x0000##p##00
3198     +#define w3(p) 0x000000##p
3199     +#endif
3200 max 21 +
3201     +#if defined(FIXED_TABLES) && (defined(ONE_TABLE) || defined(FOUR_TABLES))
3202     +
3203     +// data for forward tables (other than last round)
3204     +
3205     +#define f_table \
3206     + r(a5,63,63,c6), r(84,7c,7c,f8), r(99,77,77,ee), r(8d,7b,7b,f6),\
3207     + r(0d,f2,f2,ff), r(bd,6b,6b,d6), r(b1,6f,6f,de), r(54,c5,c5,91),\
3208     + r(50,30,30,60), r(03,01,01,02), r(a9,67,67,ce), r(7d,2b,2b,56),\
3209     + r(19,fe,fe,e7), r(62,d7,d7,b5), r(e6,ab,ab,4d), r(9a,76,76,ec),\
3210     + r(45,ca,ca,8f), r(9d,82,82,1f), r(40,c9,c9,89), r(87,7d,7d,fa),\
3211     + r(15,fa,fa,ef), r(eb,59,59,b2), r(c9,47,47,8e), r(0b,f0,f0,fb),\
3212     + r(ec,ad,ad,41), r(67,d4,d4,b3), r(fd,a2,a2,5f), r(ea,af,af,45),\
3213     + r(bf,9c,9c,23), r(f7,a4,a4,53), r(96,72,72,e4), r(5b,c0,c0,9b),\
3214     + r(c2,b7,b7,75), r(1c,fd,fd,e1), r(ae,93,93,3d), r(6a,26,26,4c),\
3215     + r(5a,36,36,6c), r(41,3f,3f,7e), r(02,f7,f7,f5), r(4f,cc,cc,83),\
3216     + r(5c,34,34,68), r(f4,a5,a5,51), r(34,e5,e5,d1), r(08,f1,f1,f9),\
3217     + r(93,71,71,e2), r(73,d8,d8,ab), r(53,31,31,62), r(3f,15,15,2a),\
3218     + r(0c,04,04,08), r(52,c7,c7,95), r(65,23,23,46), r(5e,c3,c3,9d),\
3219     + r(28,18,18,30), r(a1,96,96,37), r(0f,05,05,0a), r(b5,9a,9a,2f),\
3220     + r(09,07,07,0e), r(36,12,12,24), r(9b,80,80,1b), r(3d,e2,e2,df),\
3221     + r(26,eb,eb,cd), r(69,27,27,4e), r(cd,b2,b2,7f), r(9f,75,75,ea),\
3222     + r(1b,09,09,12), r(9e,83,83,1d), r(74,2c,2c,58), r(2e,1a,1a,34),\
3223     + r(2d,1b,1b,36), r(b2,6e,6e,dc), r(ee,5a,5a,b4), r(fb,a0,a0,5b),\
3224     + r(f6,52,52,a4), r(4d,3b,3b,76), r(61,d6,d6,b7), r(ce,b3,b3,7d),\
3225     + r(7b,29,29,52), r(3e,e3,e3,dd), r(71,2f,2f,5e), r(97,84,84,13),\
3226     + r(f5,53,53,a6), r(68,d1,d1,b9), r(00,00,00,00), r(2c,ed,ed,c1),\
3227     + r(60,20,20,40), r(1f,fc,fc,e3), r(c8,b1,b1,79), r(ed,5b,5b,b6),\
3228     + r(be,6a,6a,d4), r(46,cb,cb,8d), r(d9,be,be,67), r(4b,39,39,72),\
3229     + r(de,4a,4a,94), r(d4,4c,4c,98), r(e8,58,58,b0), r(4a,cf,cf,85),\
3230     + r(6b,d0,d0,bb), r(2a,ef,ef,c5), r(e5,aa,aa,4f), r(16,fb,fb,ed),\
3231     + r(c5,43,43,86), r(d7,4d,4d,9a), r(55,33,33,66), r(94,85,85,11),\
3232     + r(cf,45,45,8a), r(10,f9,f9,e9), r(06,02,02,04), r(81,7f,7f,fe),\
3233     + r(f0,50,50,a0), r(44,3c,3c,78), r(ba,9f,9f,25), r(e3,a8,a8,4b),\
3234     + r(f3,51,51,a2), r(fe,a3,a3,5d), r(c0,40,40,80), r(8a,8f,8f,05),\
3235     + r(ad,92,92,3f), r(bc,9d,9d,21), r(48,38,38,70), r(04,f5,f5,f1),\
3236     + r(df,bc,bc,63), r(c1,b6,b6,77), r(75,da,da,af), r(63,21,21,42),\
3237     + r(30,10,10,20), r(1a,ff,ff,e5), r(0e,f3,f3,fd), r(6d,d2,d2,bf),\
3238     + r(4c,cd,cd,81), r(14,0c,0c,18), r(35,13,13,26), r(2f,ec,ec,c3),\
3239     + r(e1,5f,5f,be), r(a2,97,97,35), r(cc,44,44,88), r(39,17,17,2e),\
3240     + r(57,c4,c4,93), r(f2,a7,a7,55), r(82,7e,7e,fc), r(47,3d,3d,7a),\
3241     + r(ac,64,64,c8), r(e7,5d,5d,ba), r(2b,19,19,32), r(95,73,73,e6),\
3242     + r(a0,60,60,c0), r(98,81,81,19), r(d1,4f,4f,9e), r(7f,dc,dc,a3),\
3243     + r(66,22,22,44), r(7e,2a,2a,54), r(ab,90,90,3b), r(83,88,88,0b),\
3244     + r(ca,46,46,8c), r(29,ee,ee,c7), r(d3,b8,b8,6b), r(3c,14,14,28),\
3245     + r(79,de,de,a7), r(e2,5e,5e,bc), r(1d,0b,0b,16), r(76,db,db,ad),\
3246     + r(3b,e0,e0,db), r(56,32,32,64), r(4e,3a,3a,74), r(1e,0a,0a,14),\
3247     + r(db,49,49,92), r(0a,06,06,0c), r(6c,24,24,48), r(e4,5c,5c,b8),\
3248     + r(5d,c2,c2,9f), r(6e,d3,d3,bd), r(ef,ac,ac,43), r(a6,62,62,c4),\
3249     + r(a8,91,91,39), r(a4,95,95,31), r(37,e4,e4,d3), r(8b,79,79,f2),\
3250     + r(32,e7,e7,d5), r(43,c8,c8,8b), r(59,37,37,6e), r(b7,6d,6d,da),\
3251     + r(8c,8d,8d,01), r(64,d5,d5,b1), r(d2,4e,4e,9c), r(e0,a9,a9,49),\
3252     + r(b4,6c,6c,d8), r(fa,56,56,ac), r(07,f4,f4,f3), r(25,ea,ea,cf),\
3253     + r(af,65,65,ca), r(8e,7a,7a,f4), r(e9,ae,ae,47), r(18,08,08,10),\
3254     + r(d5,ba,ba,6f), r(88,78,78,f0), r(6f,25,25,4a), r(72,2e,2e,5c),\
3255     + r(24,1c,1c,38), r(f1,a6,a6,57), r(c7,b4,b4,73), r(51,c6,c6,97),\
3256     + r(23,e8,e8,cb), r(7c,dd,dd,a1), r(9c,74,74,e8), r(21,1f,1f,3e),\
3257     + r(dd,4b,4b,96), r(dc,bd,bd,61), r(86,8b,8b,0d), r(85,8a,8a,0f),\
3258     + r(90,70,70,e0), r(42,3e,3e,7c), r(c4,b5,b5,71), r(aa,66,66,cc),\
3259     + r(d8,48,48,90), r(05,03,03,06), r(01,f6,f6,f7), r(12,0e,0e,1c),\
3260     + r(a3,61,61,c2), r(5f,35,35,6a), r(f9,57,57,ae), r(d0,b9,b9,69),\
3261     + r(91,86,86,17), r(58,c1,c1,99), r(27,1d,1d,3a), r(b9,9e,9e,27),\
3262     + r(38,e1,e1,d9), r(13,f8,f8,eb), r(b3,98,98,2b), r(33,11,11,22),\
3263     + r(bb,69,69,d2), r(70,d9,d9,a9), r(89,8e,8e,07), r(a7,94,94,33),\
3264     + r(b6,9b,9b,2d), r(22,1e,1e,3c), r(92,87,87,15), r(20,e9,e9,c9),\
3265     + r(49,ce,ce,87), r(ff,55,55,aa), r(78,28,28,50), r(7a,df,df,a5),\
3266     + r(8f,8c,8c,03), r(f8,a1,a1,59), r(80,89,89,09), r(17,0d,0d,1a),\
3267     + r(da,bf,bf,65), r(31,e6,e6,d7), r(c6,42,42,84), r(b8,68,68,d0),\
3268     + r(c3,41,41,82), r(b0,99,99,29), r(77,2d,2d,5a), r(11,0f,0f,1e),\
3269     + r(cb,b0,b0,7b), r(fc,54,54,a8), r(d6,bb,bb,6d), r(3a,16,16,2c)
3270     +
3271     +// data for inverse tables (other than last round)
3272     +
3273     +#define i_table \
3274     + r(50,a7,f4,51), r(53,65,41,7e), r(c3,a4,17,1a), r(96,5e,27,3a),\
3275     + r(cb,6b,ab,3b), r(f1,45,9d,1f), r(ab,58,fa,ac), r(93,03,e3,4b),\
3276     + r(55,fa,30,20), r(f6,6d,76,ad), r(91,76,cc,88), r(25,4c,02,f5),\
3277     + r(fc,d7,e5,4f), r(d7,cb,2a,c5), r(80,44,35,26), r(8f,a3,62,b5),\
3278     + r(49,5a,b1,de), r(67,1b,ba,25), r(98,0e,ea,45), r(e1,c0,fe,5d),\
3279     + r(02,75,2f,c3), r(12,f0,4c,81), r(a3,97,46,8d), r(c6,f9,d3,6b),\
3280     + r(e7,5f,8f,03), r(95,9c,92,15), r(eb,7a,6d,bf), r(da,59,52,95),\
3281     + r(2d,83,be,d4), r(d3,21,74,58), r(29,69,e0,49), r(44,c8,c9,8e),\
3282     + r(6a,89,c2,75), r(78,79,8e,f4), r(6b,3e,58,99), r(dd,71,b9,27),\
3283     + r(b6,4f,e1,be), r(17,ad,88,f0), r(66,ac,20,c9), r(b4,3a,ce,7d),\
3284     + r(18,4a,df,63), r(82,31,1a,e5), r(60,33,51,97), r(45,7f,53,62),\
3285     + r(e0,77,64,b1), r(84,ae,6b,bb), r(1c,a0,81,fe), r(94,2b,08,f9),\
3286     + r(58,68,48,70), r(19,fd,45,8f), r(87,6c,de,94), r(b7,f8,7b,52),\
3287     + r(23,d3,73,ab), r(e2,02,4b,72), r(57,8f,1f,e3), r(2a,ab,55,66),\
3288     + r(07,28,eb,b2), r(03,c2,b5,2f), r(9a,7b,c5,86), r(a5,08,37,d3),\
3289     + r(f2,87,28,30), r(b2,a5,bf,23), r(ba,6a,03,02), r(5c,82,16,ed),\
3290     + r(2b,1c,cf,8a), r(92,b4,79,a7), r(f0,f2,07,f3), r(a1,e2,69,4e),\
3291     + r(cd,f4,da,65), r(d5,be,05,06), r(1f,62,34,d1), r(8a,fe,a6,c4),\
3292     + r(9d,53,2e,34), r(a0,55,f3,a2), r(32,e1,8a,05), r(75,eb,f6,a4),\
3293     + r(39,ec,83,0b), r(aa,ef,60,40), r(06,9f,71,5e), r(51,10,6e,bd),\
3294     + r(f9,8a,21,3e), r(3d,06,dd,96), r(ae,05,3e,dd), r(46,bd,e6,4d),\
3295     + r(b5,8d,54,91), r(05,5d,c4,71), r(6f,d4,06,04), r(ff,15,50,60),\
3296     + r(24,fb,98,19), r(97,e9,bd,d6), r(cc,43,40,89), r(77,9e,d9,67),\
3297     + r(bd,42,e8,b0), r(88,8b,89,07), r(38,5b,19,e7), r(db,ee,c8,79),\
3298     + r(47,0a,7c,a1), r(e9,0f,42,7c), r(c9,1e,84,f8), r(00,00,00,00),\
3299     + r(83,86,80,09), r(48,ed,2b,32), r(ac,70,11,1e), r(4e,72,5a,6c),\
3300     + r(fb,ff,0e,fd), r(56,38,85,0f), r(1e,d5,ae,3d), r(27,39,2d,36),\
3301     + r(64,d9,0f,0a), r(21,a6,5c,68), r(d1,54,5b,9b), r(3a,2e,36,24),\
3302     + r(b1,67,0a,0c), r(0f,e7,57,93), r(d2,96,ee,b4), r(9e,91,9b,1b),\
3303     + r(4f,c5,c0,80), r(a2,20,dc,61), r(69,4b,77,5a), r(16,1a,12,1c),\
3304     + r(0a,ba,93,e2), r(e5,2a,a0,c0), r(43,e0,22,3c), r(1d,17,1b,12),\
3305     + r(0b,0d,09,0e), r(ad,c7,8b,f2), r(b9,a8,b6,2d), r(c8,a9,1e,14),\
3306     + r(85,19,f1,57), r(4c,07,75,af), r(bb,dd,99,ee), r(fd,60,7f,a3),\
3307     + r(9f,26,01,f7), r(bc,f5,72,5c), r(c5,3b,66,44), r(34,7e,fb,5b),\
3308     + r(76,29,43,8b), r(dc,c6,23,cb), r(68,fc,ed,b6), r(63,f1,e4,b8),\
3309     + r(ca,dc,31,d7), r(10,85,63,42), r(40,22,97,13), r(20,11,c6,84),\
3310     + r(7d,24,4a,85), r(f8,3d,bb,d2), r(11,32,f9,ae), r(6d,a1,29,c7),\
3311     + r(4b,2f,9e,1d), r(f3,30,b2,dc), r(ec,52,86,0d), r(d0,e3,c1,77),\
3312     + r(6c,16,b3,2b), r(99,b9,70,a9), r(fa,48,94,11), r(22,64,e9,47),\
3313     + r(c4,8c,fc,a8), r(1a,3f,f0,a0), r(d8,2c,7d,56), r(ef,90,33,22),\
3314     + r(c7,4e,49,87), r(c1,d1,38,d9), r(fe,a2,ca,8c), r(36,0b,d4,98),\
3315     + r(cf,81,f5,a6), r(28,de,7a,a5), r(26,8e,b7,da), r(a4,bf,ad,3f),\
3316     + r(e4,9d,3a,2c), r(0d,92,78,50), r(9b,cc,5f,6a), r(62,46,7e,54),\
3317     + r(c2,13,8d,f6), r(e8,b8,d8,90), r(5e,f7,39,2e), r(f5,af,c3,82),\
3318     + r(be,80,5d,9f), r(7c,93,d0,69), r(a9,2d,d5,6f), r(b3,12,25,cf),\
3319     + r(3b,99,ac,c8), r(a7,7d,18,10), r(6e,63,9c,e8), r(7b,bb,3b,db),\
3320     + r(09,78,26,cd), r(f4,18,59,6e), r(01,b7,9a,ec), r(a8,9a,4f,83),\
3321     + r(65,6e,95,e6), r(7e,e6,ff,aa), r(08,cf,bc,21), r(e6,e8,15,ef),\
3322     + r(d9,9b,e7,ba), r(ce,36,6f,4a), r(d4,09,9f,ea), r(d6,7c,b0,29),\
3323     + r(af,b2,a4,31), r(31,23,3f,2a), r(30,94,a5,c6), r(c0,66,a2,35),\
3324     + r(37,bc,4e,74), r(a6,ca,82,fc), r(b0,d0,90,e0), r(15,d8,a7,33),\
3325     + r(4a,98,04,f1), r(f7,da,ec,41), r(0e,50,cd,7f), r(2f,f6,91,17),\
3326     + r(8d,d6,4d,76), r(4d,b0,ef,43), r(54,4d,aa,cc), r(df,04,96,e4),\
3327     + r(e3,b5,d1,9e), r(1b,88,6a,4c), r(b8,1f,2c,c1), r(7f,51,65,46),\
3328     + r(04,ea,5e,9d), r(5d,35,8c,01), r(73,74,87,fa), r(2e,41,0b,fb),\
3329     + r(5a,1d,67,b3), r(52,d2,db,92), r(33,56,10,e9), r(13,47,d6,6d),\
3330     + r(8c,61,d7,9a), r(7a,0c,a1,37), r(8e,14,f8,59), r(89,3c,13,eb),\
3331     + r(ee,27,a9,ce), r(35,c9,61,b7), r(ed,e5,1c,e1), r(3c,b1,47,7a),\
3332     + r(59,df,d2,9c), r(3f,73,f2,55), r(79,ce,14,18), r(bf,37,c7,73),\
3333     + r(ea,cd,f7,53), r(5b,aa,fd,5f), r(14,6f,3d,df), r(86,db,44,78),\
3334     + r(81,f3,af,ca), r(3e,c4,68,b9), r(2c,34,24,38), r(5f,40,a3,c2),\
3335     + r(72,c3,1d,16), r(0c,25,e2,bc), r(8b,49,3c,28), r(41,95,0d,ff),\
3336     + r(71,01,a8,39), r(de,b3,0c,08), r(9c,e4,b4,d8), r(90,c1,56,64),\
3337     + r(61,84,cb,7b), r(70,b6,32,d5), r(74,5c,6c,48), r(42,57,b8,d0)
3338     +
3339     +// generate the required tables in the desired endian format
3340     +
3341     +#undef r
3342     +#define r r0
3343     +
3344     +#if defined(ONE_TABLE)
3345     +static const u_int32_t ft_tab[256] =
3346     + { f_table };
3347     +#elif defined(FOUR_TABLES)
3348     +static const u_int32_t ft_tab[4][256] =
3349     +{ { f_table },
3350     +#undef r
3351     +#define r r1
3352     + { f_table },
3353     +#undef r
3354     +#define r r2
3355     + { f_table },
3356     +#undef r
3357     +#define r r3
3358     + { f_table }
3359     +};
3360     +#endif
3361     +
3362     +#undef r
3363     +#define r r0
3364     +#if defined(ONE_TABLE)
3365     +static const u_int32_t it_tab[256] =
3366     + { i_table };
3367     +#elif defined(FOUR_TABLES)
3368     +static const u_int32_t it_tab[4][256] =
3369     +{ { i_table },
3370     +#undef r
3371     +#define r r1
3372     + { i_table },
3373     +#undef r
3374     +#define r r2
3375     + { i_table },
3376     +#undef r
3377     +#define r r3
3378     + { i_table }
3379     +};
3380     +#endif
3381     +
3382     +#endif
3383     +
3384     +#if defined(FIXED_TABLES) && (defined(ONE_LR_TABLE) || defined(FOUR_LR_TABLES))
3385     +
3386     +// data for inverse tables (last round)
3387     +
3388     +#define li_table \
3389     + w(52), w(09), w(6a), w(d5), w(30), w(36), w(a5), w(38),\
3390     + w(bf), w(40), w(a3), w(9e), w(81), w(f3), w(d7), w(fb),\
3391     + w(7c), w(e3), w(39), w(82), w(9b), w(2f), w(ff), w(87),\
3392     + w(34), w(8e), w(43), w(44), w(c4), w(de), w(e9), w(cb),\
3393     + w(54), w(7b), w(94), w(32), w(a6), w(c2), w(23), w(3d),\
3394     + w(ee), w(4c), w(95), w(0b), w(42), w(fa), w(c3), w(4e),\
3395     + w(08), w(2e), w(a1), w(66), w(28), w(d9), w(24), w(b2),\
3396     + w(76), w(5b), w(a2), w(49), w(6d), w(8b), w(d1), w(25),\
3397     + w(72), w(f8), w(f6), w(64), w(86), w(68), w(98), w(16),\
3398     + w(d4), w(a4), w(5c), w(cc), w(5d), w(65), w(b6), w(92),\
3399     + w(6c), w(70), w(48), w(50), w(fd), w(ed), w(b9), w(da),\
3400     + w(5e), w(15), w(46), w(57), w(a7), w(8d), w(9d), w(84),\
3401     + w(90), w(d8), w(ab), w(00), w(8c), w(bc), w(d3), w(0a),\
3402     + w(f7), w(e4), w(58), w(05), w(b8), w(b3), w(45), w(06),\
3403     + w(d0), w(2c), w(1e), w(8f), w(ca), w(3f), w(0f), w(02),\
3404     + w(c1), w(af), w(bd), w(03), w(01), w(13), w(8a), w(6b),\
3405     + w(3a), w(91), w(11), w(41), w(4f), w(67), w(dc), w(ea),\
3406     + w(97), w(f2), w(cf), w(ce), w(f0), w(b4), w(e6), w(73),\
3407     + w(96), w(ac), w(74), w(22), w(e7), w(ad), w(35), w(85),\
3408     + w(e2), w(f9), w(37), w(e8), w(1c), w(75), w(df), w(6e),\
3409     + w(47), w(f1), w(1a), w(71), w(1d), w(29), w(c5), w(89),\
3410     + w(6f), w(b7), w(62), w(0e), w(aa), w(18), w(be), w(1b),\
3411     + w(fc), w(56), w(3e), w(4b), w(c6), w(d2), w(79), w(20),\
3412     + w(9a), w(db), w(c0), w(fe), w(78), w(cd), w(5a), w(f4),\
3413     + w(1f), w(dd), w(a8), w(33), w(88), w(07), w(c7), w(31),\
3414     + w(b1), w(12), w(10), w(59), w(27), w(80), w(ec), w(5f),\
3415     + w(60), w(51), w(7f), w(a9), w(19), w(b5), w(4a), w(0d),\
3416     + w(2d), w(e5), w(7a), w(9f), w(93), w(c9), w(9c), w(ef),\
3417     + w(a0), w(e0), w(3b), w(4d), w(ae), w(2a), w(f5), w(b0),\
3418     + w(c8), w(eb), w(bb), w(3c), w(83), w(53), w(99), w(61),\
3419     + w(17), w(2b), w(04), w(7e), w(ba), w(77), w(d6), w(26),\
3420     + w(e1), w(69), w(14), w(63), w(55), w(21), w(0c), w(7d),
3421     +
3422     +// generate the required tables in the desired endian format
3423     +
3424     +#undef r
3425     +#define r(p,q,r,s) w0(q)
3426     +#if defined(ONE_LR_TABLE)
3427     +static const u_int32_t fl_tab[256] =
3428     + { f_table };
3429     +#elif defined(FOUR_LR_TABLES)
3430     +static const u_int32_t fl_tab[4][256] =
3431     +{ { f_table },
3432     +#undef r
3433     +#define r(p,q,r,s) w1(q)
3434     + { f_table },
3435     +#undef r
3436     +#define r(p,q,r,s) w2(q)
3437     + { f_table },
3438     +#undef r
3439     +#define r(p,q,r,s) w3(q)
3440     + { f_table }
3441     +};
3442     +#endif
3443     +
3444     +#undef w
3445     +#define w w0
3446     +#if defined(ONE_LR_TABLE)
3447     +static const u_int32_t il_tab[256] =
3448     + { li_table };
3449     +#elif defined(FOUR_LR_TABLES)
3450     +static const u_int32_t il_tab[4][256] =
3451     +{ { li_table },
3452     +#undef w
3453     +#define w w1
3454     + { li_table },
3455     +#undef w
3456     +#define w w2
3457     + { li_table },
3458     +#undef w
3459     +#define w w3
3460     + { li_table }
3461     +};
3462     +#endif
3463     +
3464     +#endif
3465     +
3466     +#if defined(FIXED_TABLES) && (defined(ONE_IM_TABLE) || defined(FOUR_IM_TABLES))
3467     +
3468     +#define m_table \
3469     + r(00,00,00,00), r(0b,0d,09,0e), r(16,1a,12,1c), r(1d,17,1b,12),\
3470     + r(2c,34,24,38), r(27,39,2d,36), r(3a,2e,36,24), r(31,23,3f,2a),\
3471     + r(58,68,48,70), r(53,65,41,7e), r(4e,72,5a,6c), r(45,7f,53,62),\
3472     + r(74,5c,6c,48), r(7f,51,65,46), r(62,46,7e,54), r(69,4b,77,5a),\
3473     + r(b0,d0,90,e0), r(bb,dd,99,ee), r(a6,ca,82,fc), r(ad,c7,8b,f2),\
3474     + r(9c,e4,b4,d8), r(97,e9,bd,d6), r(8a,fe,a6,c4), r(81,f3,af,ca),\
3475     + r(e8,b8,d8,90), r(e3,b5,d1,9e), r(fe,a2,ca,8c), r(f5,af,c3,82),\
3476     + r(c4,8c,fc,a8), r(cf,81,f5,a6), r(d2,96,ee,b4), r(d9,9b,e7,ba),\
3477     + r(7b,bb,3b,db), r(70,b6,32,d5), r(6d,a1,29,c7), r(66,ac,20,c9),\
3478     + r(57,8f,1f,e3), r(5c,82,16,ed), r(41,95,0d,ff), r(4a,98,04,f1),\
3479     + r(23,d3,73,ab), r(28,de,7a,a5), r(35,c9,61,b7), r(3e,c4,68,b9),\
3480     + r(0f,e7,57,93), r(04,ea,5e,9d), r(19,fd,45,8f), r(12,f0,4c,81),\
3481     + r(cb,6b,ab,3b), r(c0,66,a2,35), r(dd,71,b9,27), r(d6,7c,b0,29),\
3482     + r(e7,5f,8f,03), r(ec,52,86,0d), r(f1,45,9d,1f), r(fa,48,94,11),\
3483     + r(93,03,e3,4b), r(98,0e,ea,45), r(85,19,f1,57), r(8e,14,f8,59),\
3484     + r(bf,37,c7,73), r(b4,3a,ce,7d), r(a9,2d,d5,6f), r(a2,20,dc,61),\
3485     + r(f6,6d,76,ad), r(fd,60,7f,a3), r(e0,77,64,b1), r(eb,7a,6d,bf),\
3486     + r(da,59,52,95), r(d1,54,5b,9b), r(cc,43,40,89), r(c7,4e,49,87),\
3487     + r(ae,05,3e,dd), r(a5,08,37,d3), r(b8,1f,2c,c1), r(b3,12,25,cf),\
3488     + r(82,31,1a,e5), r(89,3c,13,eb), r(94,2b,08,f9), r(9f,26,01,f7),\
3489     + r(46,bd,e6,4d), r(4d,b0,ef,43), r(50,a7,f4,51), r(5b,aa,fd,5f),\
3490     + r(6a,89,c2,75), r(61,84,cb,7b), r(7c,93,d0,69), r(77,9e,d9,67),\
3491     + r(1e,d5,ae,3d), r(15,d8,a7,33), r(08,cf,bc,21), r(03,c2,b5,2f),\
3492     + r(32,e1,8a,05), r(39,ec,83,0b), r(24,fb,98,19), r(2f,f6,91,17),\
3493     + r(8d,d6,4d,76), r(86,db,44,78), r(9b,cc,5f,6a), r(90,c1,56,64),\
3494     + r(a1,e2,69,4e), r(aa,ef,60,40), r(b7,f8,7b,52), r(bc,f5,72,5c),\
3495     + r(d5,be,05,06), r(de,b3,0c,08), r(c3,a4,17,1a), r(c8,a9,1e,14),\
3496     + r(f9,8a,21,3e), r(f2,87,28,30), r(ef,90,33,22), r(e4,9d,3a,2c),\
3497     + r(3d,06,dd,96), r(36,0b,d4,98), r(2b,1c,cf,8a), r(20,11,c6,84),\
3498     + r(11,32,f9,ae), r(1a,3f,f0,a0), r(07,28,eb,b2), r(0c,25,e2,bc),\
3499     + r(65,6e,95,e6), r(6e,63,9c,e8), r(73,74,87,fa), r(78,79,8e,f4),\
3500     + r(49,5a,b1,de), r(42,57,b8,d0), r(5f,40,a3,c2), r(54,4d,aa,cc),\
3501     + r(f7,da,ec,41), r(fc,d7,e5,4f), r(e1,c0,fe,5d), r(ea,cd,f7,53),\
3502     + r(db,ee,c8,79), r(d0,e3,c1,77), r(cd,f4,da,65), r(c6,f9,d3,6b),\
3503     + r(af,b2,a4,31), r(a4,bf,ad,3f), r(b9,a8,b6,2d), r(b2,a5,bf,23),\
3504     + r(83,86,80,09), r(88,8b,89,07), r(95,9c,92,15), r(9e,91,9b,1b),\
3505     + r(47,0a,7c,a1), r(4c,07,75,af), r(51,10,6e,bd), r(5a,1d,67,b3),\
3506     + r(6b,3e,58,99), r(60,33,51,97), r(7d,24,4a,85), r(76,29,43,8b),\
3507     + r(1f,62,34,d1), r(14,6f,3d,df), r(09,78,26,cd), r(02,75,2f,c3),\
3508     + r(33,56,10,e9), r(38,5b,19,e7), r(25,4c,02,f5), r(2e,41,0b,fb),\
3509     + r(8c,61,d7,9a), r(87,6c,de,94), r(9a,7b,c5,86), r(91,76,cc,88),\
3510     + r(a0,55,f3,a2), r(ab,58,fa,ac), r(b6,4f,e1,be), r(bd,42,e8,b0),\
3511     + r(d4,09,9f,ea), r(df,04,96,e4), r(c2,13,8d,f6), r(c9,1e,84,f8),\
3512     + r(f8,3d,bb,d2), r(f3,30,b2,dc), r(ee,27,a9,ce), r(e5,2a,a0,c0),\
3513     + r(3c,b1,47,7a), r(37,bc,4e,74), r(2a,ab,55,66), r(21,a6,5c,68),\
3514     + r(10,85,63,42), r(1b,88,6a,4c), r(06,9f,71,5e), r(0d,92,78,50),\
3515     + r(64,d9,0f,0a), r(6f,d4,06,04), r(72,c3,1d,16), r(79,ce,14,18),\
3516     + r(48,ed,2b,32), r(43,e0,22,3c), r(5e,f7,39,2e), r(55,fa,30,20),\
3517     + r(01,b7,9a,ec), r(0a,ba,93,e2), r(17,ad,88,f0), r(1c,a0,81,fe),\
3518     + r(2d,83,be,d4), r(26,8e,b7,da), r(3b,99,ac,c8), r(30,94,a5,c6),\
3519     + r(59,df,d2,9c), r(52,d2,db,92), r(4f,c5,c0,80), r(44,c8,c9,8e),\
3520     + r(75,eb,f6,a4), r(7e,e6,ff,aa), r(63,f1,e4,b8), r(68,fc,ed,b6),\
3521     + r(b1,67,0a,0c), r(ba,6a,03,02), r(a7,7d,18,10), r(ac,70,11,1e),\
3522     + r(9d,53,2e,34), r(96,5e,27,3a), r(8b,49,3c,28), r(80,44,35,26),\
3523     + r(e9,0f,42,7c), r(e2,02,4b,72), r(ff,15,50,60), r(f4,18,59,6e),\
3524     + r(c5,3b,66,44), r(ce,36,6f,4a), r(d3,21,74,58), r(d8,2c,7d,56),\
3525     + r(7a,0c,a1,37), r(71,01,a8,39), r(6c,16,b3,2b), r(67,1b,ba,25),\
3526     + r(56,38,85,0f), r(5d,35,8c,01), r(40,22,97,13), r(4b,2f,9e,1d),\
3527     + r(22,64,e9,47), r(29,69,e0,49), r(34,7e,fb,5b), r(3f,73,f2,55),\
3528     + r(0e,50,cd,7f), r(05,5d,c4,71), r(18,4a,df,63), r(13,47,d6,6d),\
3529     + r(ca,dc,31,d7), r(c1,d1,38,d9), r(dc,c6,23,cb), r(d7,cb,2a,c5),\
3530     + r(e6,e8,15,ef), r(ed,e5,1c,e1), r(f0,f2,07,f3), r(fb,ff,0e,fd),\
3531     + r(92,b4,79,a7), r(99,b9,70,a9), r(84,ae,6b,bb), r(8f,a3,62,b5),\
3532     + r(be,80,5d,9f), r(b5,8d,54,91), r(a8,9a,4f,83), r(a3,97,46,8d)
3533     +
3534     +#undef r
3535     +#define r r0
3536     +
3537     +#if defined(ONE_IM_TABLE)
3538     +static const u_int32_t im_tab[256] =
3539     + { m_table };
3540     +#elif defined(FOUR_IM_TABLES)
3541     +static const u_int32_t im_tab[4][256] =
3542     +{ { m_table },
3543     +#undef r
3544     +#define r r1
3545     + { m_table },
3546     +#undef r
3547     +#define r r2
3548     + { m_table },
3549     +#undef r
3550     +#define r r3
3551     + { m_table }
3552     +};
3553     +#endif
3554     +
3555     +#endif
3556     +
3557     +#else
3558     +
3559     +static int tab_gen = 0;
3560     +
3561     +static unsigned char s_box[256]; // the S box
3562     +static unsigned char inv_s_box[256]; // the inverse S box
3563     +static u_int32_t rcon_tab[AES_RC_LENGTH]; // table of round constants
3564     +
3565     +#if defined(ONE_TABLE)
3566     +static u_int32_t ft_tab[256];
3567     +static u_int32_t it_tab[256];
3568     +#elif defined(FOUR_TABLES)
3569     +static u_int32_t ft_tab[4][256];
3570     +static u_int32_t it_tab[4][256];
3571     +#endif
3572     +
3573     +#if defined(ONE_LR_TABLE)
3574     +static u_int32_t fl_tab[256];
3575     +static u_int32_t il_tab[256];
3576     +#elif defined(FOUR_LR_TABLES)
3577     +static u_int32_t fl_tab[4][256];
3578     +static u_int32_t il_tab[4][256];
3579     +#endif
3580     +
3581     +#if defined(ONE_IM_TABLE)
3582     +static u_int32_t im_tab[256];
3583     +#elif defined(FOUR_IM_TABLES)
3584     +static u_int32_t im_tab[4][256];
3585     +#endif
3586     +
3587     +// Generate the tables for the dynamic table option
3588     +
3589     +#if !defined(FF_TABLES)
3590     +
3591     +// It will generally be sensible to use tables to compute finite
3592     +// field multiplies and inverses but where memory is scarse this
3593     +// code might sometimes be better.
3594     +
3595     +// return 2 ^ (n - 1) where n is the bit number of the highest bit
3596     +// set in x with x in the range 1 < x < 0x00000200. This form is
3597     +// used so that locals within FFinv can be bytes rather than words
3598     +
3599     +static unsigned char hibit(const u_int32_t x)
3600     +{ unsigned char r = (unsigned char)((x >> 1) | (x >> 2));
3601     +
3602     + r |= (r >> 2);
3603     + r |= (r >> 4);
3604     + return (r + 1) >> 1;
3605     +}
3606     +
3607     +// return the inverse of the finite field element x
3608     +
3609     +static unsigned char FFinv(const unsigned char x)
3610     +{ unsigned char p1 = x, p2 = 0x1b, n1 = hibit(x), n2 = 0x80, v1 = 1, v2 = 0;
3611     +
3612     + if(x < 2) return x;
3613     +
3614     + for(;;)
3615     + {
3616     + if(!n1) return v1;
3617     +
3618     + while(n2 >= n1)
3619     + {
3620     + n2 /= n1; p2 ^= p1 * n2; v2 ^= v1 * n2; n2 = hibit(p2);
3621     + }
3622     +
3623     + if(!n2) return v2;
3624     +
3625