krb5_mk_priv — Format a KRB_PRIV message
» Table of Contents |  | | » Glossary | | | » Index | | |
| | |
| ||
| ||
|
|
|
| context (input/output) | The context structure. | |
| auth_context (input/output) | Authentication context. The flags from auth_context select whether sequence numbers or timestamps should be used to identify the message. Valid values are: KRB5_AUTH_CONTEXT_DO_TIME — Use timestamps and replay cache. KRB5_AUTH_CONTEXT_RET_TIME — Copy timestamp to *outdata. KRB5_AUTH_CONTEXT_DO_SEQUENCE — Use sequence numbers in replay cache. KRB5_AUTH_CONTEXT_RET_SEQUENCE — Use sequence numbers in replay cache and output data. | |
| userdata (input) | The user data in the message. | |
| outbuf (output) | The formatted KRB_PRIV buffer. | |
| outdata (input/output) | Contains the sequence numbers if KRB5_AUTH_CONTEXT_RET_SEQUENCE was specified in auth_context. |
This routine formats a KRB_PRIV message into outbuf. Behaves similarly to krb5_mk_safe, but the message is encrypted and integrity protected rather than just integrity-protected.
The inbuf, auth_context, outdata and outbuf arguments function as in krb5_mk_safe.
As in krb5_mk_safe, the remote_addr and remote_port part of the auth_context is optional; if the receiver's address is not known, it may be replaced by NULL. The local_addr, however, is mandatory.
The encryption type is taken from the auth_context keyblock portion. If the i_vector portion of the auth_context is nonNULL, it is used as an initialization vector for the encryption (if the chosen encryption type supports initialization vectors), and its contents are replaced with the last block of encrypted data upon return.