> On Thursday 04 October 2001 16:42, William A.(Andy) Adamson wrote: > <snip> > > i need kernel crypto - each rpcsec_gss packet that arrives at the > > NFSv4 client or server has to calculate a packet verifier (whether > > privacy or integrity are used or not). for kerberos v5 which is the > > first gss mechanism i'm implementing, the default method of > > constructing and verifying the verifier is to first perform an md5 > > digest on the data, and then encrypt it using des in cbc mode. > > Is there really no other cipher option than DES? It's broken, you know. > FreeSWAN is deliberately explcuding it, even though it's part of the > standard. I wouldn't support it in new projects. kerberos v5 still uses des as a default, so it must be implemented. > > i note that there is a des-cbc cipher_implementation structure > > declared in cipher-des.c, but i am unable to find the > > des_cbc_encrypt/decrypt functions refered to by the structure. > > IIRC, they're auto-generated. The cipher module just provides the > "encrypt a single block" function and a cpp-macro implements functions > that can encrypt data using different modes. ok. i'll look for the auto-generated interface. thanks. > > is because they are not yet implemented? is there any code i could > > bleed on? i plan to pull down the mit_des_cbc_encrypt() function from > > the mit kerberos 5 1.2.1 source ../lib/crypto/f_cbc.c which wraps > > des_encrypt in the cbc mode just to get something working.... > <snip> > > I don't know whether the DES implementation in the kderneli patch does > work or not. maybe you should just test it. For loopback-encryption it > doesn't work, but that is due to the way it expects it key, which > losetup doesn't support. > > Marc > > - -- > Eternal vigilance is the price of liberty -- Thomas Jefferson > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.6 (GNU/Linux) > Comment: For info see http://www.gnupg.org > > iD8DBQE7vJ9q3oWD+L2/6DgRAu9+AJ4hZoaVRr1+GkCLvobkOPXdd0x1/QCgsN/X > rb+vXpjHYB3x3SZP1V9C3uU= > =c31u > -----END PGP SIGNATURE----- > > Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
