Re: des-cbc

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 4 Oct 2001, William A.(Andy) Adamson wrote:

> hello
>
> i just joined the list. i'm writing the RPCSEC_GSS code for the linux kernel
> NFS v4 rpc layer. we have based our NFS v4 work on the linux 2.4.4 kernel.
> i've applied the linux 2.4.3.1 patch and smoke tested the sha1 and md5
> implementations.
>
> i need kernel crypto - each rpcsec_gss packet that arrives at the NFSv4 client
> or server has to calculate a packet verifier (whether privacy or integrity are
> used or not).  for kerberos v5 which is the first gss mechanism i'm
> implementing, the default method of constructing and verifying the verifier is
> to first perform an md5 digest on the data, and then encrypt it using des in
> cbc mode.
>
> i note that there is a des-cbc cipher_implementation structure declared in
> cipher-des.c, but i am unable to find the des_cbc_encrypt/decrypt functions
> refered to by the structure.
>
> is because they are not yet implemented? is there any code i could bleed on? i
> plan to pull down the mit_des_cbc_encrypt() function from the mit kerberos 5
> 1.2.1 source ../lib/crypto/f_cbc.c which wraps des_encrypt in the cbc mode
> just to get something working....
>
> any info would be helpful

I have some problems understanding what you try to do. Do you:

1) Try to use the cryproapi to do your task.
or
2) Try to use lowlevel routines directly.

Alternative 2 is not possible with the current code, since the lowlevel
encrytion routines are static.

Also, you should kow that the DES implementation in kerneli requires
the parity bits of the key to be correctly set. The 3des cipher don't.
It's possible to change the key schedule of DES to fix this problem,
otherwise you myst fix the parity bits yourself. The parity bits makes
no sense in software implementations (and in few HW implementations IMHO)

>
> thanks
>
> -->Andy Adamson
>
> see http://www.citi.umich.edu/projects/nfsv4 for NFSv4 info
> and http://www.citi.umcih.edu/u/andros - my home page.
>
>
> Linux-crypto:  cryptography in and on the Linux system
> Archive:       http://mail.nl.linux.org/linux-crypto/
>

-- 
--
Gisle Sælensminde ( gisle@xxxxxxxxx )

With sufficient thrust, pigs fly just fine. However, this is not
necessarily a good idea. It is hard to be sure where they are going
to land, and it could be dangerous sitting under them as they fly
overhead. (from RFC 1925)


Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/


[Index of Archives]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]
  Powered by Linux