slight refactor

lib/krb5/crypto-aes-sha2.c

@@ -158,8 +158,8 @@ AES_SHA2_PRF(krb5_context context,
 	return ret;
     }
 
-    ret = _krb5_SP800_108_KDF(context, &crypto->key.key->keyvalue,
-			      &label, NULL, md, out);
+    ret = _krb5_SP800_108_HMAC_KDF(context, &crypto->key.key->keyvalue,
+				   &label, NULL, md, out);
 
     if (ret)
 	krb5_data_free(out);
@@ -178,7 +178,7 @@ struct _krb5_encryption_type _krb5_enctype_aes128_cts_hmac_sha256_128 = {
     &keytype_aes128_sha2,
     NULL, /* should never be called */
     &_krb5_checksum_hmac_sha256_128_aes128,
-    F_DERIVED | F_SP800_108_KDF | F_ENC_THEN_CKSUM,
+    F_DERIVED | F_ENC_THEN_CKSUM | F_SP800_108_HMAC_KDF,
     _krb5_evp_encrypt_cts,
     16,
     AES_SHA2_PRF
@@ -194,7 +194,7 @@ struct _krb5_encryption_type _krb5_enctype_aes256_cts_hmac_sha384_192 = {
     &keytype_aes256_sha2,
     NULL, /* should never be called */
     &_krb5_checksum_hmac_sha384_192_aes256,
-    F_DERIVED | F_SP800_108_KDF | F_ENC_THEN_CKSUM,
+    F_DERIVED | F_ENC_THEN_CKSUM | F_SP800_108_HMAC_KDF,
     _krb5_evp_encrypt_cts,
     16,
     AES_SHA2_PRF

lib/krb5/crypto.c

@@ -2139,7 +2139,7 @@ _krb5_derive_key(krb5_context context,
     ret = _key_schedule(context, key);
     if(ret)
 	return ret;
-    if(et->flags & F_SP800_108_KDF) {
+    if(et->flags & F_SP800_108_HMAC_KDF) {
 	krb5_data label, K1;
 	const EVP_MD *md = NULL;
 	const unsigned char *c = constant;
@@ -2165,8 +2165,8 @@ _krb5_derive_key(krb5_context context,
 	label.data = (void *)constant;
 	label.length = len;
 
-	ret = _krb5_SP800_108_KDF(context, &key->key->keyvalue, &label,
-				  NULL, md, &K1);
+	ret = _krb5_SP800_108_HMAC_KDF(context, &key->key->keyvalue,
+				       &label, NULL, md, &K1);
 	if (ret)
 	    goto out;
 
@@ -2634,7 +2634,7 @@ _krb5_enctype_requires_random_salt(krb5_context context,
 
     et = _krb5_find_enctype (enctype);
 
-    return et && (et->flags & F_SP800_108_KDF);
+    return et && (et->flags & F_SP800_108_HMAC_KDF);
 }
 
 static size_t

lib/krb5/crypto.h

@@ -52,16 +52,16 @@ struct krb5_crypto_data {
 #define CRYPTO_ETYPE(C) ((C)->et->type)
 
 /* bits for `flags' below */
-#define F_KEYED		    0x0001	/* checksum is keyed */
-#define F_CPROOF	    0x0002	/* checksum is collision proof */
-#define F_DERIVED	    0x0004	/* uses derived keys */
-#define F_VARIANT	    0x0008	/* uses `variant' keys (6.4.3) */
-#define F_PSEUDO	    0x0010	/* not a real protocol type */
-#define F_SPECIAL	    0x0020	/* backwards */
-#define F_DISABLED	    0x0040	/* enctype/checksum disabled */
-#define F_WEAK		    0x0080	/* enctype is considered weak */
-#define F_SP800_108_KDF	    0x0100	/* use SP800-108 KDF */
-#define F_ENC_THEN_CKSUM    0x0200      /* checksum is over encrypted data */
+#define F_KEYED			0x0001	/* checksum is keyed */
+#define F_CPROOF		0x0002	/* checksum is collision proof */
+#define F_DERIVED		0x0004	/* uses derived keys */
+#define F_VARIANT		0x0008	/* uses `variant' keys (6.4.3) */
+#define F_PSEUDO		0x0010	/* not a real protocol type */
+#define F_SPECIAL		0x0020	/* backwards */
+#define F_DISABLED		0x0040	/* enctype/checksum disabled */
+#define F_WEAK			0x0080	/* enctype is considered weak */
+#define F_ENC_THEN_CKSUM	0x0100  /* checksum is over encrypted data */
+#define F_SP800_108_HMAC_KDF	0x0200	/* use SP800-108 HMAC KDF */
 
 struct salt_type {
     krb5_salttype type;

lib/krb5/sp800-108-kdf.c

@@ -36,7 +36,7 @@
  */
 
 /**
- * As described in SP800-108 5.1
+ * As described in SP800-108 5.1 (for HMAC)
  *
  * @param context	Kerberos 5 context
  * @param kdc_K1	Base key material.
@@ -49,12 +49,12 @@
  * @ingroup krb5_crypto
  */
 krb5_error_code
-_krb5_SP800_108_KDF(krb5_context context,
-		    krb5_data *kdf_K1,
-		    krb5_data *kdf_label,
-		    krb5_data *kdf_context,
-		    const EVP_MD *md,
-		    krb5_data *kdf_K0)
+_krb5_SP800_108_HMAC_KDF(krb5_context context,
+			 krb5_data *kdf_K1,
+			 krb5_data *kdf_label,
+			 krb5_data *kdf_context,
+			 const EVP_MD *md,
+			 krb5_data *kdf_K0)
 {
     HMAC_CTX c;
     unsigned char *p = kdf_K0->data;