extending MIT krb5 string-to-key API
Ken Raeburn
raeburn at MIT.EDU
Wed Mar 5 19:37:18 EST 2003
Our current string-to-key API consists of these two functions:
krb5_error_code KRB5_CALLCONV
krb5_c_string_to_key
(krb5_context context, krb5_enctype enctype,
const krb5_data *string, const krb5_data *salt,
krb5_keyblock *key);
#ifdef KRB5_OLD_CRYPTO
krb5_error_code KRB5_CALLCONV krb5_string_to_key
(krb5_context context,
const krb5_encrypt_block * eblock,
krb5_keyblock * keyblock,
const krb5_data * data,
const krb5_data * salt);
#endif
Neither has a hook for the new "string-to-key parameters" we need to
add to implement AES, unless we want to do ugly things with the
krb5_context.
Unless there are objections or better suggestions, I'll add this new
function to krb5.h and krb5_32.def. (Is the current Mac export list
in the krb5 tree or the kfm tree?) I don't plan to update the
OLD_CRYPTO API.
krb5_error_code KRB5_CALLCONV
krb5_c_string_to_key_with_params(krb5_context context,
krb5_enctype enctype,
const krb5_data *string,
const krb5_data *salt,
const krb5_data *params,
krb5_keyblock *key);
Since we've cast the existing API into stone now, I won't remove or
change krb5_c_string_to_key, but it's now the wrong thing for any code
to call that wants to get the user's real Kerberos key. Comments?
Ken
More information about the krbdev
mailing list