kdc: Add krb5_is_enctype_old() to determine whether an enctype is older

AES256 and AES128 are newer enctypes because they are officially specified in RFC4120 and RFC8009, while enctypes not officially specified since RFC4120 are considered older. This function differs from older_enctype() in that it does not report unknown or non-existent enctypes as being 'newer'. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2021-10-08 15:59:42 +13:00
parent 87348cf27a
commit 91e86460cd
9 changed files with 44 additions and 43 deletions
--- a/lib/krb5/crypto.c
+++ b/lib/krb5/crypto.c
@@ -2847,6 +2847,26 @@ krb5_is_enctype_weak(krb5_context context, krb5_enctype enctype)
    return FALSE;
 }

+/**
+ * Returns whether the encryption type is new or old
+ *
+ * @param context Kerberos 5 context
+ * @param enctype encryption type to probe
+ *
+ * @return Returns true if encryption type is old or is not supported.
+ *
+ * @ingroup krb5_crypto
+ */
+
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
+krb5_is_enctype_old(krb5_context context, krb5_enctype enctype)
+{
+    struct _krb5_encryption_type *et = _krb5_find_enctype(enctype);
+    if (!et  || (et->flags & F_OLD))
+	return TRUE;
+    return FALSE;
+}
+
 /**
 * Returns whether the encryption type should use randomly generated salts
 *