2008-02-21 18:43:49

by Kevin Coffman

[permalink] [raw]
Subject: [PATCH 00/19] RFC add kernel support for newer encrytpion types

Consider this an RFC.

These patches add kernel support for triple-DES and AES encryption to the
Kerberos gss code.

These are currently built on 2.6.25-rc1, but I think they should apply
to the latest code as well.

The first patch adds a crypto cts wrapper to do the cts mode req'd by
AES. This has been submitted to Herbert Xu.

A couple of things remain:

- Allocate the blkcipher(s) for "cbc(aes)" during context initialization
rather than on-demand. I'll include this in the next version.

- Add support for rc4-hmac.

- Implement the code necessary to handle possibly rotated data in the
version two tokens. I don't expect we'll see rotated data in normal
operation, but this should be done for completeness.

There are nfs-utils patches required for the new context format from
user-land to kernel. I need to finish changes for non-lucid contexts
and test those further.