Consider this an RFC. These patches add kernel support for triple-DES and AES encryption to the Kerberos gss code.
These are currently built on 2.6.25-rc1, but I think they should apply to the latest code as well. The first patch adds a crypto cts wrapper to do the cts mode req'd by AES. This has been submitted to Herbert Xu. A couple of things remain: - Allocate the blkcipher(s) for "cbc(aes)" during context initialization rather than on-demand. I'll include this in the next version. - Add support for rc4-hmac. - Implement the code necessary to handle possibly rotated data in the version two tokens. I don't expect we'll see rotated data in normal operation, but this should be done for completeness. There are nfs-utils patches required for the new context format from user-land to kernel. I need to finish changes for non-lucid contexts and test those further. K.C. - To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
