-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 04 October 2001 16:42, William A.(Andy) Adamson wrote: <snip> > i need kernel crypto - each rpcsec_gss packet that arrives at the > NFSv4 client or server has to calculate a packet verifier (whether > privacy or integrity are used or not). for kerberos v5 which is the > first gss mechanism i'm implementing, the default method of > constructing and verifying the verifier is to first perform an md5 > digest on the data, and then encrypt it using des in cbc mode. Is there really no other cipher option than DES? It's broken, you know. FreeSWAN is deliberately explcuding it, even though it's part of the standard. I wouldn't support it in new projects. > i note that there is a des-cbc cipher_implementation structure > declared in cipher-des.c, but i am unable to find the > des_cbc_encrypt/decrypt functions refered to by the structure. IIRC, they're auto-generated. The cipher module just provides the "encrypt a single block" function and a cpp-macro implements functions that can encrypt data using different modes. > is because they are not yet implemented? is there any code i could > bleed on? i plan to pull down the mit_des_cbc_encrypt() function from > the mit kerberos 5 1.2.1 source ../lib/crypto/f_cbc.c which wraps > des_encrypt in the cbc mode just to get something working.... <snip> I don't know whether the DES implementation in the kderneli patch does work or not. maybe you should just test it. For loopback-encryption it doesn't work, but that is due to the way it expects it key, which losetup doesn't support. Marc - -- Eternal vigilance is the price of liberty -- Thomas Jefferson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7vJ9q3oWD+L2/6DgRAu9+AJ4hZoaVRr1+GkCLvobkOPXdd0x1/QCgsN/X rb+vXpjHYB3x3SZP1V9C3uU= =c31u -----END PGP SIGNATURE----- Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
