Consider this an RFC.
These patches add kernel support for triple-DES and AES encryption to the
Kerberos gss code.
These are currently built on 2.6.25-rc1, but I think they should apply
to the latest code as well.
The first patch adds a crypto cts wrapper to do the cts mode req'd by
AES. This has been submitted to Herbert Xu.
A couple of things remain:
- Allocate the blkcipher(s) for "cbc(aes)" during context initialization
rather than on-demand. I'll include this in the next version.
- Add support for rc4-hmac.
- Implement the code necessary to handle possibly rotated data in the
version two tokens. I don't expect we'll see rotated data in normal
operation, but this should be done for completeness.
There are nfs-utils patches required for the new context format from
user-land to kernel. I need to finish changes for non-lucid contexts
and test those further.
K.C.