[RFC PATCH 2/8] crypto/krb5: Provide Kerberos 5 crypto through AEAD API
Herbert Xu
herbert at gondor.apana.org.au
Fri Jan 10 01:48:36 PST 2025
On Fri, Jan 10, 2025 at 01:03:04AM +0000, David Howells wrote:
>
> + .etype = KRB5_ENCTYPE_AES128_CTS_HMAC_SHA256_128,
> + .ctype = KRB5_CKSUMTYPE_HMAC_SHA256_128_AES128,
> + .name = "aes128-cts-hmac-sha256-128",
> + .encrypt_name = "cts(cbc(aes))",
> + .cksum_name = "hmac(sha256)",
> + .hash_name = "sha256",
> + .key_bytes = 16,
> + .key_len = 16,
> + .Kc_len = 16,
> + .Ke_len = 16,
> + .Ki_len = 16,
> + .block_len = 16,
> + .conf_len = 16,
> + .cksum_len = 16,
> + .hash_len = 20,
> + .prf_len = 32,
> + .keyed_cksum = true,
> + .random_to_key = NULL, /* Identity */
> + .profile = &rfc8009_crypto_profile,
> +
> + .aead.setkey = krb5_setkey,
> + .aead.setauthsize = NULL,
> + .aead.encrypt = rfc8009_aead_encrypt,
> + .aead.decrypt = rfc8009_aead_decrypt,
rfc8009 is basically the same as authenc. So rather than being an
AEAD algorithm it should really be an AEAD template which takes a
cipher and and a hash as its parameters.
In fact, you could probably use authenc directly.
rfc3691 on the other hand is slightly different from authenc in that
the integrity is computed on the plain text.
Cheers,
--
Email: Herbert Xu <herbert at gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
More information about the linux-afs
mailing list