[PATCH 17/28] gss_krb5: import functionality to derive keys into the kernel
J. Bruce Fields
bfields at fieldses.org
Mon Mar 31 12:26:02 EDT 2008
On Mon, Mar 31, 2008 at 12:21:03PM -0400, Chuck Lever wrote:
> On Mar 31, 2008, at 11:59 AM, J. Bruce Fields wrote:
>> On Mon, Mar 31, 2008 at 11:54:53AM -0400, Chuck Lever wrote:
>>> On Mar 31, 2008, at 10:32 AM, Kevin Coffman wrote:
>>>> +/*
>>>> + * Constants used for key derivation
>>>> + */
>>>> +/* for 3DES */
>>>> +#define KG_USAGE_SEAL 22
>>>> +#define KG_USAGE_SIGN 23
>>>> +#define KG_USAGE_SEQ 24
>>>> +
>>>> +/* from rfc3961 */
>>>> +#define KEY_USAGE_SEED_CHECKSUM 0x99
>>>> +#define KEY_USAGE_SEED_ENCRYPTION 0xAA
>>>> +#define KEY_USAGE_SEED_INTEGRITY 0x55
>>>> +
>>>> +/* from rfc4121 */
>>>> +#define KG_USAGE_ACCEPTOR_SEAL 22
>>>> +#define KG_USAGE_ACCEPTOR_SIGN 23
>>>> +#define KG_USAGE_INITIATOR_SEAL 24
>>>> +#define KG_USAGE_INITIATOR_SIGN 25
>>>> +
>>>
>>> I like adding parentheses around integers as a defensive coding
>>> tactic.
>>
>> What does it defend against?
>
> The C compiler's macro interpreter is dumb. Without the parentheses,
> unanticipated combinations can result from nesting, concatenation, or
> multiple evaluation. The parentheses make token boundaries precisely
> clear.
Sorry, I don't know the preprocessor as well as I should. Could you
give a concrete example?
I understand why they'd be needed for more complex expressions.
--b.
More information about the NFSv4
mailing list