Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote:
> Interesting. Could you outline how this new interface would work?
I'll write up an API doc for my code as I have it working and post that.
> And have you looked whether the aead interface could fit into your
> model?
Do you mean use the aead API rather than inventing my own? Looking at aead.h,
there aren't enough bits in it as it stands:
struct aead_alg {
int (*setkey)(struct crypto_aead *tfm, const u8 *key,
unsigned int keylen);
int (*setauthsize)(struct crypto_aead *tfm, unsigned int authsize);
int (*encrypt)(struct aead_request *req);
int (*decrypt)(struct aead_request *req);
int (*init)(struct crypto_aead *tfm);
void (*exit)(struct crypto_aead *tfm);
unsigned int ivsize;
unsigned int maxauthsize;
unsigned int chunksize;
struct crypto_alg base;
};
In krb5, for encryption, there are two keys, not one, and no IV to be passed
in. The code I have will insert a confounder and a checksum, which must have
space allowed for it.
David
