[PATCH 17/28] gss_krb5: import functionality to derive keys into the kernel
Chuck Lever
chuck.lever at oracle.com
Mon Mar 31 12:21:03 EDT 2008
On Mar 31, 2008, at 11:59 AM, J. Bruce Fields wrote:
> On Mon, Mar 31, 2008 at 11:54:53AM -0400, Chuck Lever wrote:
>> On Mar 31, 2008, at 10:32 AM, Kevin Coffman wrote:
>>> +/*
>>> + * Constants used for key derivation
>>> + */
>>> +/* for 3DES */
>>> +#define KG_USAGE_SEAL 22
>>> +#define KG_USAGE_SIGN 23
>>> +#define KG_USAGE_SEQ 24
>>> +
>>> +/* from rfc3961 */
>>> +#define KEY_USAGE_SEED_CHECKSUM 0x99
>>> +#define KEY_USAGE_SEED_ENCRYPTION 0xAA
>>> +#define KEY_USAGE_SEED_INTEGRITY 0x55
>>> +
>>> +/* from rfc4121 */
>>> +#define KG_USAGE_ACCEPTOR_SEAL 22
>>> +#define KG_USAGE_ACCEPTOR_SIGN 23
>>> +#define KG_USAGE_INITIATOR_SEAL 24
>>> +#define KG_USAGE_INITIATOR_SIGN 25
>>> +
>>
>> I like adding parentheses around integers as a defensive coding
>> tactic.
>
> What does it defend against?
The C compiler's macro interpreter is dumb. Without the parentheses,
unanticipated combinations can result from nesting, concatenation, or
multiple evaluation. The parentheses make token boundaries precisely
clear.
--
Chuck Lever
chuck[dot]lever[at]oracle[dot]com
More information about the NFSv4
mailing list