Document use of key fields in GSS context

The addition of etype negotiation has made the meanings of the various keys in the GSS-API context structure more complicated. Document them to aid in code understanding. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22353 dc483132-0cff-0310-8789-dd5450dbe970
author: Sam Hartman <hartmans@mit.edu> 2009-05-18 19:08:29 +0000
committer: Sam Hartman <hartmans@mit.edu> 2009-05-18 19:08:29 +0000
commit: a042adb8a4398cbfdd1e98871097bd0e0b583bf2 (patch)
tree: 2ac62d2899fe51b370e409765eceb95e6b56ea68 /src/lib/gssapi
parent: 48f6c541c2b8084edf10aae4104025aef6717dce (diff)
download: krb5-a042adb8a4398cbfdd1e98871097bd0e0b583bf2.tar.gz
krb5-a042adb8a4398cbfdd1e98871097bd0e0b583bf2.tar.xz
krb5-a042adb8a4398cbfdd1e98871097bd0e0b583bf2.zip
1 files changed, 11 insertions, 6 deletions
diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h
index 3c4f7e038..a1073f344 100644
--- a/src/lib/gssapi/krb5/gssapiP_krb5.h
+++ b/src/lib/gssapi/krb5/gssapiP_krb5.h
@@ -185,12 +185,15 @@ typedef struct _krb5_gss_ctx_id_rec {
     unsigned char seed[16];
     krb5_principal here;
     krb5_principal there;
-    krb5_keyblock *subkey;
+    krb5_keyblock *subkey; /*One of two potential keys to use with RFC
+                            * 4121 packets; this key must always be set.*/
     int signalg;
     size_t cksum_size;
     int sealalg;
-    krb5_keyblock *enc;
-    krb5_keyblock *seq;
+    krb5_keyblock *enc; /*RFC 1964 encryption key;seq xored with a
+                         *                           constant for DES,
+                         * seq for other RFC 1964 enctypes  */ 
+  krb5_keyblock *seq; /*RFC 1964 sequencing key*/
     krb5_ticket_times krb_times;
     krb5_flags krb_flags;
     /* XXX these used to be signed.  the old spec is inspecific, and
@@ -202,10 +205,12 @@ typedef struct _krb5_gss_ctx_id_rec {
     krb5_context k5_context;
     krb5_auth_context auth_context;
     gss_OID_desc *mech_used;
-    /* Protocol spec revision
+    /* Protocol spec revision for sending packets
        0 => RFC 1964 with 3DES and RC4 enhancements
-       1 => draft-ietf-krb-wg-gssapi-cfx-01
-       No others defined so far.  */
+       1 => RFC 4121
+       No others defined so far.  It is always permitted to receive
+       tokens in RFC 4121 format.  If enc is non-null, receiving RFC
+       1964 tokens is permitted.*/
     int proto;
     krb5_cksumtype cksumtype;    /* for "main" subkey */
     krb5_keyblock *acceptor_subkey; /* CFX only */
author	Sam Hartman <hartmans@mit.edu>	2009-05-18 19:08:29 +0000
committer	Sam Hartman <hartmans@mit.edu>	2009-05-18 19:08:29 +0000
commit	a042adb8a4398cbfdd1e98871097bd0e0b583bf2 (patch)
tree	2ac62d2899fe51b370e409765eceb95e6b56ea68 /src/lib/gssapi
parent	48f6c541c2b8084edf10aae4104025aef6717dce (diff)
download	krb5-a042adb8a4398cbfdd1e98871097bd0e0b583bf2.tar.gz krb5-a042adb8a4398cbfdd1e98871097bd0e0b583bf2.tar.xz krb5-a042adb8a4398cbfdd1e98871097bd0e0b583bf2.zip