> On Thu, 4 Oct 2001, William A.(Andy) Adamson wrote: > > > hello > > > > i just joined the list. i'm writing the RPCSEC_GSS code for the linux kernel > > NFS v4 rpc layer. we have based our NFS v4 work on the linux 2.4.4 kernel. > > i've applied the linux 2.4.3.1 patch and smoke tested the sha1 and md5 > > implementations. > > > > i need kernel crypto - each rpcsec_gss packet that arrives at the NFSv4 client > > or server has to calculate a packet verifier (whether privacy or integrity are > > used or not). for kerberos v5 which is the first gss mechanism i'm > > implementing, the default method of constructing and verifying the verifier is > > to first perform an md5 digest on the data, and then encrypt it using des in > > cbc mode. > > > > i note that there is a des-cbc cipher_implementation structure declared in > > cipher-des.c, but i am unable to find the des_cbc_encrypt/decrypt functions > > refered to by the structure. > > > > is because they are not yet implemented? is there any code i could bleed on? i > > plan to pull down the mit_des_cbc_encrypt() function from the mit kerberos 5 > > 1.2.1 source ../lib/crypto/f_cbc.c which wraps des_encrypt in the cbc mode > > just to get something working.... > > > > any info would be helpful > > I have some problems understanding what you try to do. Do you: > > 1) Try to use the cryproapi to do your task. > or > 2) Try to use lowlevel routines directly. i'm using the cryptoapi from the 2.4.3.1 patch - looking up des-cbc using find_cipher_by_name() and following the example code in crypto/testing/speed.c cipher_correct() using cipher_implementation function pointers. in thd des_cbc cipher_implementation struct, the INIT_CIPHER_OPS(des) gives function pointers to des_encrypt(), which i can find in cipher-des.c. INIT_CIPHER_BLOCKOPS(des_cbc) gives function pointers to des_cbc_encrypt() which i couldn't find anywhere. i want to look at the code in order to determine what if any pre-processing needs to be done to match kerberos v5. i now see that the des_cbc_encrypt and associated functions are generated by cpp, i can move forward. > Alternative 2 is not possible with the current code, since the lowlevel > encrytion routines are static. > > Also, you should kow that the DES implementation in kerneli requires > the parity bits of the key to be correctly set. The 3des cipher don't. > It's possible to change the key schedule of DES to fix this problem, > otherwise you myst fix the parity bits yourself. The parity bits makes > no sense in software implementations (and in few HW implementations IMHO) thanks for the info. is cryptoapi-2.4.10.diff (from kernel.org .../people/hvr) the best 2.4 kernel patch to be using? -->Andy Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
