| Message ID | 1541419502-7286-1-git-send-email-gilad@benyossef.com |
|---|---|
| State | Accepted |
| Commit | ecd6d5c9cba5fc6053ba21e3f8a4c536f65ea27a |
| Headers | show |
| Series | crypto: cts: document NIST standard status | expand |
On 5 November 2018 at 13:05, Gilad Ben-Yossef <gilad@benyossef.com> wrote: > cts(cbc(aes)) as used in the kernel has been added to NIST > standard as CBC-CS3. Document it as such. > > Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com> > Suggested-by: Stephan Mueller <smueller@chronox.de> Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> > --- > crypto/Kconfig | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-) > > diff --git a/crypto/Kconfig b/crypto/Kconfig > index f7a235d..9176023 100644 > --- a/crypto/Kconfig > +++ b/crypto/Kconfig > @@ -430,11 +430,14 @@ config CRYPTO_CTS > help > CTS: Cipher Text Stealing > This is the Cipher Text Stealing mode as described by > - Section 8 of rfc2040 and referenced by rfc3962. > - (rfc3962 includes errata information in its Appendix A) > + Section 8 of rfc2040 and referenced by rfc3962 > + (rfc3962 includes errata information in its Appendix A) or > + CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010. > This mode is required for Kerberos gss mechanism support > for AES encryption. > > + See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final > + > config CRYPTO_ECB > tristate "ECB support" > select CRYPTO_BLKCIPHER > -- > 2.7.4 >
On Mon, Nov 05, 2018 at 12:05:01PM +0000, Gilad Ben-Yossef wrote: > cts(cbc(aes)) as used in the kernel has been added to NIST > standard as CBC-CS3. Document it as such. > > Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com> > Suggested-by: Stephan Mueller <smueller@chronox.de> > --- > crypto/Kconfig | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-) Patch applied. Thanks. -- Email: Herbert Xu <herbert@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
diff --git a/crypto/Kconfig b/crypto/Kconfig index f7a235d..9176023 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -430,11 +430,14 @@ config CRYPTO_CTS help CTS: Cipher Text Stealing This is the Cipher Text Stealing mode as described by - Section 8 of rfc2040 and referenced by rfc3962. - (rfc3962 includes errata information in its Appendix A) + Section 8 of rfc2040 and referenced by rfc3962 + (rfc3962 includes errata information in its Appendix A) or + CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010. This mode is required for Kerberos gss mechanism support for AES encryption. + See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final + config CRYPTO_ECB tristate "ECB support" select CRYPTO_BLKCIPHER
cts(cbc(aes)) as used in the kernel has been added to NIST standard as CBC-CS3. Document it as such. Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com> Suggested-by: Stephan Mueller <smueller@chronox.de> --- crypto/Kconfig | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) -- 2.7.4