[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-brezak-win2k-krb-rc4-hmac-04.txt key usages

I don't think that krb5_create_checksum() should not apply
CHECKSUM_USAGE() for the rc4-hmac checksum types. See
modified implementation below.

static krb5_error_code usage2arcfour (krb5_context context, int *usage);

krb5_create_checksum(krb5_context context,
                     krb5_crypto crypto,
                     krb5_key_usage usage,
                     int type,
                     void *data,
                     size_t len,
                     Checksum *result)
     * According to draft-brezak-win2k-krb-rc4-hmac-04.txt,
     * different key derivation salts need to be used.
    krb5_error_code ret;

    if (type == CKSUMTYPE_HMAC_MD5 ||
        crypto->et->flags & F_SPECIAL) {
        ret = usage2arcfour(context, (int *)&usage);
        if (ret != 0) {
            return ret;
    } else {
        usage = CHECKSUM_USAGE(usage);
    return create_checksum(context, crypto,
                           type, data, len, result);

-- Luke

Luke Howard | PADL Software Pty Ltd | www.padl.com