On Fri, Jan 10, 2025 at 01:03:04AM +0000, David Howells wrote: > > + .etype = KRB5_ENCTYPE_AES128_CTS_HMAC_SHA256_128, > + .ctype = KRB5_CKSUMTYPE_HMAC_SHA256_128_AES128, > + .name = "aes128-cts-hmac-sha256-128", > + .encrypt_name = "cts(cbc(aes))", > + .cksum_name = "hmac(sha256)", > + .hash_name = "sha256", > + .key_bytes = 16, > + .key_len = 16, > + .Kc_len = 16, > + .Ke_len = 16, > + .Ki_len = 16, > + .block_len = 16, > + .conf_len = 16, > + .cksum_len = 16, > + .hash_len = 20, > + .prf_len = 32, > + .keyed_cksum = true, > + .random_to_key = NULL, /* Identity */ > + .profile = &rfc8009_crypto_profile, > + > + .aead.setkey = krb5_setkey, > + .aead.setauthsize = NULL, > + .aead.encrypt = rfc8009_aead_encrypt, > + .aead.decrypt = rfc8009_aead_decrypt, rfc8009 is basically the same as authenc. So rather than being an AEAD algorithm it should really be an AEAD template which takes a cipher and and a hash as its parameters. In fact, you could probably use authenc directly. rfc3691 on the other hand is slightly different from authenc in that the integrity is computed on the plain text. Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
