+2003-05-15 Sam Hartman <hartmans@mit.edu>
+
+ * combine_keys.c (enctype_ok): new function to determine if we support combine_keys for a particular enctype
+
2003-05-13 Ken Raeburn <raeburn@mit.edu>
* etypes.c (krb5_enctypes_list): Add names aes128-cts and
(const struct krb5_enc_provider *enc, const krb5_keyblock *inkey,
unsigned char *outdata, const krb5_data *in_constant);
+/*
+ * We only support this combine_keys algorithm for des and 3des keys.
+ * Everything else should use the PRF defined in the crypto framework.
+ * We don't implement that yet.
+ */
+
+static krb5_boolean enctype_ok (krb5_enctype e)
+{
+ switch (e) {
+ case ENCTYPE_DES_CBC_CRC:
+ case ENCTYPE_DES_CBC_MD4:
+ case ENCTYPE_DES_CBC_MD5:
+ case ENCTYPE_DES3_CBC_SHA1:
+ return 1;
+ default:
+ return 0;
+ }
+}
+
krb5_error_code krb5int_c_combine_keys
(krb5_context context, krb5_keyblock *key1, krb5_keyblock *key2, krb5_keyblock *outkey)
{
krb5_keyblock tkey;
krb5_error_code ret;
int i, myalloc = 0;
+ if (!(enctype_ok(key1->enctype)&&enctype_ok(key2->enctype)))
+ return (KRB5_CRYPTO_INTERNAL);
+
if (key1->length != key2->length || key1->enctype != key2->enctype)
return (KRB5_CRYPTO_INTERNAL);
projects / krb5.git / commitdiff