diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2005-08-20 06:00:50 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:33:35 -0500 |
| commit | 55f5453bc81d9a3a4fe67ff0a6ba528d8d0f7984 (patch) | |
| tree | 19d28e75e07ead51f0096328ddf913726cfbd59e /source4/heimdal/lib/krb5 | |
| parent | b456bfa0155ea70ca60590a83e19232c63ec1ac1 (diff) | |
| download | samba-55f5453bc81d9a3a4fe67ff0a6ba528d8d0f7984.tar.gz samba-55f5453bc81d9a3a4fe67ff0a6ba528d8d0f7984.tar.bz2 samba-55f5453bc81d9a3a4fe67ff0a6ba528d8d0f7984.zip | |
r9413: Bring Samba4 back up to date with lorikeet-heimdal.
Delete test_crypto_wrapping.c, previously included but unbuilt.
Andrew Bartlett
(This used to be commit d5fb30fb0cef330e0947969f0c9afc1f58fc4c7d)
Diffstat (limited to 'source4/heimdal/lib/krb5')
| -rw-r--r-- | source4/heimdal/lib/krb5/crypto.c | 10 | ||||
| -rw-r--r-- | source4/heimdal/lib/krb5/fcache.c | 2 | ||||
| -rw-r--r-- | source4/heimdal/lib/krb5/init_creds_pw.c | 19 | ||||
| -rw-r--r-- | source4/heimdal/lib/krb5/krb5-private.h | 10 | ||||
| -rw-r--r-- | source4/heimdal/lib/krb5/krb5-protos.h | 8 | ||||
| -rwxr-xr-x | source4/heimdal/lib/krb5/pkinit.c | 115 | ||||
| -rw-r--r-- | source4/heimdal/lib/krb5/test_crypto_wrapping.c | 163 | ||||
| -rw-r--r-- | source4/heimdal/lib/krb5/test_pkinit_dh2key.c | 110 |
8 files changed, 128 insertions, 309 deletions
diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c index c8fa556696..1c3e8d2a10 100644 --- a/source4/heimdal/lib/krb5/crypto.c +++ b/source4/heimdal/lib/krb5/crypto.c @@ -2124,8 +2124,7 @@ verify_checksum(krb5_context context, return KRB5_PROG_SUMTYPE_NOSUPP; } if(ct->checksumsize != cksum->checksum.length) { - krb5_set_error_string (context, "checksum length was %d, but should be %d for checksum type %s", - cksum->checksum.length, ct->checksumsize, ct->name); + krb5_clear_error_string (context); return KRB5KRB_AP_ERR_BAD_INTEGRITY; /* XXX */ } keyed_checksum = (ct->flags & F_KEYED) != 0; @@ -2146,11 +2145,8 @@ verify_checksum(krb5_context context, (*ct->checksum)(context, dkey, data, len, usage, &c); - if(c.checksum.length != cksum->checksum.length) { - krb5_set_error_string (context, "(INTERNAL ERROR) our checksum length was %d, but should be %d for checksum type %s", - c.checksum.length, ct->checksumsize, ct->name); - ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; - } else if (memcmp(c.checksum.data, cksum->checksum.data, c.checksum.length)) { + if(c.checksum.length != cksum->checksum.length || + memcmp(c.checksum.data, cksum->checksum.data, c.checksum.length)) { krb5_clear_error_string (context); ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; } else { diff --git a/source4/heimdal/lib/krb5/fcache.c b/source4/heimdal/lib/krb5/fcache.c index 03848abb9a..f8ebe837b7 100644 --- a/source4/heimdal/lib/krb5/fcache.c +++ b/source4/heimdal/lib/krb5/fcache.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: fcache.c,v 1.49 2005/06/16 20:25:20 lha Exp $"); +RCSID("$Id: fcache.c,v 1.51 2005/08/12 13:31:19 lha Exp $"); typedef struct krb5_fcache{ char *filename; diff --git a/source4/heimdal/lib/krb5/init_creds_pw.c b/source4/heimdal/lib/krb5/init_creds_pw.c index 8b3975f418..8fd5c4611f 100644 --- a/source4/heimdal/lib/krb5/init_creds_pw.c +++ b/source4/heimdal/lib/krb5/init_creds_pw.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: init_creds_pw.c,v 1.87 2005/06/17 04:15:20 lha Exp $"); +RCSID("$Id: init_creds_pw.c,v 1.88 2005/08/13 08:25:32 lha Exp $"); typedef struct krb5_get_init_creds_ctx { krb5_kdc_flags flags; @@ -45,6 +45,7 @@ typedef struct krb5_get_init_creds_ctx { unsigned nonce; unsigned pk_nonce; + krb5_data req_buffer; AS_REQ as_req; int pa_counter; @@ -1158,6 +1159,7 @@ process_pa_data_to_key(krb5_context context, ctx->pk_init_ctx, etype, ctx->pk_nonce, + &ctx->req_buffer, pa, key); #else @@ -1218,7 +1220,6 @@ init_cred_loop(krb5_context context, ctx->pa_counter = 0; while (ctx->pa_counter < MAX_PA_COUNTER) { - krb5_data req; ctx->pa_counter++; @@ -1237,17 +1238,20 @@ init_cred_loop(krb5_context context, prompter, prompter_data); if (ret) goto out; - ASN1_MALLOC_ENCODE(AS_REQ, req.data, req.length, + + krb5_data_free(&ctx->req_buffer); + + ASN1_MALLOC_ENCODE(AS_REQ, + ctx->req_buffer.data, ctx->req_buffer.length, &ctx->as_req, &len, ret); if (ret) goto out; - if(len != req.length) + if(len != ctx->req_buffer.length) krb5_abortx(context, "internal error in ASN.1 encoder"); - ret = krb5_sendto_kdc_flags (context, &req, + ret = krb5_sendto_kdc_flags (context, &ctx->req_buffer, &creds->client->realm, &resp, send_to_kdc_flags); - krb5_data_free(&req); if (ret) goto out; @@ -1336,6 +1340,7 @@ init_cred_loop(krb5_context context, krb5_free_keyblock(context, key); } out: + krb5_data_free(&ctx->req_buffer); free_METHOD_DATA(&md); memset(&md, 0, sizeof(md)); diff --git a/source4/heimdal/lib/krb5/krb5-private.h b/source4/heimdal/lib/krb5/krb5-private.h index b877de8cf2..e70527845b 100644 --- a/source4/heimdal/lib/krb5/krb5-private.h +++ b/source4/heimdal/lib/krb5/krb5-private.h @@ -293,6 +293,16 @@ _krb5_pk_mk_padata ( unsigned /*nonce*/, METHOD_DATA */*md*/); +krb5_error_code +_krb5_pk_octetstring2key ( + krb5_context /*context*/, + krb5_enctype /*type*/, + const void */*dhdata*/, + size_t /*dhsize*/, + const heim_octet_string */*c_n*/, + const heim_octet_string */*k_n*/, + krb5_keyblock */*key*/); + krb5_error_code KRB5_LIB_FUNCTION _krb5_pk_rd_pa_reply ( krb5_context /*context*/, diff --git a/source4/heimdal/lib/krb5/krb5-protos.h b/source4/heimdal/lib/krb5/krb5-protos.h index f306bf949f..2750c8b5d2 100644 --- a/source4/heimdal/lib/krb5/krb5-protos.h +++ b/source4/heimdal/lib/krb5/krb5-protos.h @@ -3251,6 +3251,14 @@ krb5_verify_init_creds_opt_set_ap_req_nofail ( krb5_verify_init_creds_opt */*options*/, int /*ap_req_nofail*/); +int KRB5_LIB_FUNCTION +krb5_verify_opt_alloc ( + krb5_context /*context*/, + krb5_verify_opt **/*opt*/); + +void KRB5_LIB_FUNCTION +krb5_verify_opt_free (krb5_verify_opt */*opt*/); + void KRB5_LIB_FUNCTION krb5_verify_opt_init (krb5_verify_opt */*opt*/); diff --git a/source4/heimdal/lib/krb5/pkinit.c b/source4/heimdal/lib/krb5/pkinit.c index 35a751c291..69f72d7b88 100755 --- a/source4/heimdal/lib/krb5/pkinit.c +++ b/source4/heimdal/lib/krb5/pkinit.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: pkinit.c,v 1.58 2005/07/23 10:42:01 lha Exp $"); +RCSID("$Id: pkinit.c,v 1.59 2005/08/12 08:53:00 lha Exp $"); #ifdef PKINIT @@ -58,7 +58,7 @@ RCSID("$Id: pkinit.c,v 1.58 2005/07/23 10:42:01 lha Exp $"); enum { COMPAT_WIN2K = 1, COMPAT_19 = 2, - COMPAT_25 = 3 + COMPAT_27 = 3 }; @@ -716,7 +716,7 @@ pk_mk_padata(krb5_context context, krb5_abortx(context, "internal ASN1 encoder error"); oid = oid_id_pkauthdata(); - } else if (compat == COMPAT_25) { + } else if (compat == COMPAT_27) { AuthPack ap; memset(&ap, 0, sizeof(ap)); @@ -802,7 +802,7 @@ pk_mk_padata(krb5_context context, free_PA_PK_AS_REQ_19(&req_19); - } else if (compat == COMPAT_25) { + } else if (compat == COMPAT_27) { pa_type = KRB5_PADATA_PK_AS_REQ; @@ -871,7 +871,7 @@ _krb5_pk_mk_padata(krb5_context context, if (ret) goto out; - ret = pk_mk_padata(context, COMPAT_25, ctx, req_body, nonce, md); + ret = pk_mk_padata(context, COMPAT_27, ctx, req_body, nonce, md); if (ret) goto out; } @@ -1280,10 +1280,10 @@ _krb5_pk_verify_sign(krb5_context context, } static krb5_error_code -get_reply_key(krb5_context context, - const krb5_data *content, - unsigned nonce, - krb5_keyblock **key) +get_reply_key_19(krb5_context context, + const krb5_data *content, + unsigned nonce, + krb5_keyblock **key) { ReplyKeyPack_19 key_pack; krb5_error_code ret; @@ -1324,6 +1324,69 @@ get_reply_key(krb5_context context, } static krb5_error_code +get_reply_key(krb5_context context, + const krb5_data *content, + const krb5_data *req_buffer, + krb5_keyblock **key) +{ + ReplyKeyPack key_pack; + krb5_error_code ret; + size_t size; + + ret = decode_ReplyKeyPack(content->data, + content->length, + &key_pack, + &size); + if (ret) { + krb5_set_error_string(context, "PKINIT decoding reply key failed"); + free_ReplyKeyPack(&key_pack); + return ret; + } + + { + krb5_crypto crypto; + + /* + * XXX Verify kp.replyKey is a allowed enctype in the + * configuration file + */ + + ret = krb5_crypto_init(context, &key_pack.replyKey, 0, &crypto); + if (ret) { + free_ReplyKeyPack(&key_pack); + return ret; + } + + ret = krb5_verify_checksum(context, crypto, 6, + req_buffer->data, req_buffer->length, + &key_pack.asChecksum); + krb5_crypto_destroy(context, crypto); + if (ret) { + free_ReplyKeyPack(&key_pack); + return ret; + } + } + + *key = malloc (sizeof (**key)); + if (*key == NULL) { + krb5_set_error_string(context, "PKINIT failed allocating reply key"); + free_ReplyKeyPack(&key_pack); + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + + ret = copy_EncryptionKey(&key_pack.replyKey, *key); + free_ReplyKeyPack(&key_pack); + if (ret) { + krb5_set_error_string(context, "PKINIT failed copying reply key"); + free(*key); + } + + return ret; +} + + +static krb5_error_code pk_verify_host(krb5_context context, struct krb5_pk_cert *host) { /* XXX */ @@ -1332,11 +1395,12 @@ pk_verify_host(krb5_context context, struct krb5_pk_cert *host) static krb5_error_code pk_rd_pa_reply_enckey(krb5_context context, - int win2k_compat, + int type, ContentInfo *rep, krb5_pk_init_ctx ctx, krb5_enctype etype, unsigned nonce, + const krb5_data *req_buffer, PA_DATA *pa, krb5_keyblock **key) { @@ -1418,7 +1482,7 @@ pk_rd_pa_reply_enckey(krb5_context context, /* verify content type */ - if (win2k_compat) { + if (type == COMPAT_WIN2K) { if (heim_oid_cmp(&ed.encryptedContentInfo.contentType, oid_id_pkcs7_data())) { ret = KRB5KRB_AP_ERR_MSG_TYPE; goto out; @@ -1481,7 +1545,7 @@ pk_rd_pa_reply_enckey(krb5_context context, length = plain.length; /* win2k uses ContentInfo */ - if (win2k_compat) { + if (type == COMPAT_WIN2K) { ContentInfo ci; ret = decode_ContentInfo(p, length, &ci, &size); @@ -1518,7 +1582,7 @@ pk_rd_pa_reply_enckey(krb5_context context, goto out; } - if (win2k_compat) { + if (type == COMPAT_WIN2K) { if (heim_oid_cmp(&contentType, oid_id_pkcs7_data()) != 0) { krb5_set_error_string(context, "PKINIT: reply key, wrong oid"); ret = KRB5KRB_AP_ERR_MSG_TYPE; @@ -1532,7 +1596,15 @@ pk_rd_pa_reply_enckey(krb5_context context, } } - ret = get_reply_key(context, &content, nonce, key); + switch(type) { + case COMPAT_WIN2K: + case COMPAT_19: + ret = get_reply_key_19(context, &content, nonce, key); + break; + case COMPAT_27: + ret = get_reply_key(context, &content, req_buffer, key); + break; + } if (ret) goto out; @@ -1728,6 +1800,7 @@ _krb5_pk_rd_pa_reply(krb5_context context, void *c, krb5_enctype etype, unsigned nonce, + const krb5_data *req_buffer, PA_DATA *pa, krb5_keyblock **key) { @@ -1736,7 +1809,7 @@ _krb5_pk_rd_pa_reply(krb5_context context, ContentInfo ci; size_t size; - /* Check for PK-INIT -25 */ + /* Check for PK-INIT -27 */ if (pa->padata_type == KRB5_PADATA_PK_AS_REP) { PA_PK_AS_REP rep; @@ -1781,8 +1854,8 @@ _krb5_pk_rd_pa_reply(krb5_context context, "ContentInfo: %d", ret); break; } - ret = pk_rd_pa_reply_enckey(context, 0, &ci, ctx, - etype, nonce, pa, key); + ret = pk_rd_pa_reply_enckey(context, COMPAT_27, &ci, ctx, + etype, nonce, req_buffer, pa, key); free_ContentInfo(&ci); return ret; default: @@ -1811,9 +1884,9 @@ _krb5_pk_rd_pa_reply(krb5_context context, nonce, pa, key); break; case choice_PA_PK_AS_REP_19_encKeyPack: - ret = pk_rd_pa_reply_enckey(context, 0, + ret = pk_rd_pa_reply_enckey(context, COMPAT_19, &rep19.u.encKeyPack, ctx, - etype, nonce, pa, key); + etype, nonce, NULL, pa, key); break; default: krb5_set_error_string(context, "PKINIT: -19 reply invalid " @@ -1857,8 +1930,8 @@ _krb5_pk_rd_pa_reply(krb5_context context, ret); return ret; } - ret = pk_rd_pa_reply_enckey(context, 1, &ci, ctx, - etype, nonce, pa, key); + ret = pk_rd_pa_reply_enckey(context, COMPAT_WIN2K, &ci, ctx, + etype, nonce, NULL, pa, key); free_ContentInfo(&ci); break; default: diff --git a/source4/heimdal/lib/krb5/test_crypto_wrapping.c b/source4/heimdal/lib/krb5/test_crypto_wrapping.c deleted file mode 100644 index 37d9bbacb7..0000000000 --- a/source4/heimdal/lib/krb5/test_crypto_wrapping.c +++ /dev/null @@ -1,163 +0,0 @@ -/* - * Copyright (c) 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of KTH nor the names of its contributors may be - * used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY - * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - -#include "krb5_locl.h" -#include <err.h> -#include <getarg.h> - -RCSID("$Id: test_crypto_wrapping.c,v 1.2 2005/07/09 01:31:43 lha Exp $"); - -static void -test_wrapping(krb5_context context, - size_t min_size, - size_t max_size, - size_t step, - krb5_enctype etype) -{ - krb5_error_code ret; - krb5_keyblock key; - krb5_crypto crypto; - krb5_data data; - char *etype_name; - void *buf; - size_t size; - - ret = krb5_generate_random_keyblock(context, etype, &key); - if (ret) - krb5_err(context, 1, ret, "krb5_generate_random_keyblock"); - - ret = krb5_enctype_to_string(context, etype, &etype_name); - if (ret) - krb5_err(context, 1, ret, "krb5_enctype_to_string"); - - buf = malloc(max_size); - if (buf == NULL) - krb5_errx(context, 1, "out of memory"); - memset(buf, 0, max_size); - - ret = krb5_crypto_init(context, &key, 0, &crypto); - if (ret) - krb5_err(context, 1, ret, "krb5_crypto_init"); - - for (size = min_size; size < max_size; size += step) { - size_t wrapped_size; - - ret = krb5_encrypt(context, crypto, 0, buf, size, &data); - if (ret) - krb5_err(context, 1, ret, "encrypt size %d using %s", - size, etype_name); - - wrapped_size = krb5_get_wrapped_length(context, crypto, size); - - if (wrapped_size != data.length) - krb5_errx(context, 1, "calculated wrapped length %lu != " - "real wrapped length %lu for data length %lu using " - "enctype %s", - (unsigned long)wrapped_size, - (unsigned long)data.length, - (unsigned long)size, - etype_name); - krb5_data_free(&data); - } - - free(buf); - krb5_crypto_destroy(context, crypto); - krb5_free_keyblock_contents(context, &key); -} - - - -static int version_flag = 0; -static int help_flag = 0; - -static struct getargs args[] = { - {"version", 0, arg_flag, &version_flag, - "print version", NULL }, - {"help", 0, arg_flag, &help_flag, - NULL, NULL } -}; - -static void -usage (int ret) -{ - arg_printusage (args, - sizeof(args)/sizeof(*args), - NULL, - ""); - exit (ret); -} - -int -main(int argc, char **argv) -{ - krb5_context context; - krb5_error_code ret; - int i, optidx = 0; - - krb5_enctype enctypes[] = { - ETYPE_DES_CBC_CRC, - ETYPE_DES_CBC_MD4, - ETYPE_DES_CBC_MD5, - ETYPE_DES3_CBC_SHA1, - ETYPE_ARCFOUR_HMAC_MD5, - ETYPE_AES128_CTS_HMAC_SHA1_96, - ETYPE_AES256_CTS_HMAC_SHA1_96 - }; - - setprogname(argv[0]); - - if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) - usage(1); - - if (help_flag) - usage (0); - - if(version_flag){ - print_version(NULL); - exit(0); - } - - argc -= optidx; - argv += optidx; - - ret = krb5_init_context(&context); - if (ret) - errx (1, "krb5_init_context failed: %d", ret); - - for (i = 0; i < sizeof(enctypes)/sizeof(enctypes[0]); i++) { - test_wrapping(context, 0, 1024, 1, enctypes[i]); - test_wrapping(context, 1024, 1024 * 100, 1024, enctypes[i]); - } - krb5_free_context(context); - - return 0; -} diff --git a/source4/heimdal/lib/krb5/test_pkinit_dh2key.c b/source4/heimdal/lib/krb5/test_pkinit_dh2key.c deleted file mode 100644 index a40c218e12..0000000000 --- a/source4/heimdal/lib/krb5/test_pkinit_dh2key.c +++ /dev/null @@ -1,110 +0,0 @@ -/* - * Copyright (c) 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of KTH nor the names of its contributors may be - * used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY - * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - -#include "krb5_locl.h" -#include <err.h> -#include <getarg.h> - -RCSID("$Id: test_pkinit_dh2key.c,v 1.1 2005/07/20 16:27:58 lha Exp $"); - -static void -test_dh2key(krb5_context context, - const heim_octet_string *K, - const heim_octet_string *c_n, - const heim_octet_string *k_n, - krb5_enctype etype) -{ - return; -} - - - -static int version_flag = 0; -static int help_flag = 0; - -static struct getargs args[] = { - {"version", 0, arg_flag, &version_flag, - "print version", NULL }, - {"help", 0, arg_flag, &help_flag, - NULL, NULL } -}; - -static void -usage (int ret) -{ - arg_printusage (args, - sizeof(args)/sizeof(*args), - NULL, - ""); - exit (ret); -} - -int -main(int argc, char **argv) -{ - krb5_context context; - krb5_error_code ret; - int i, optidx = 0; - - krb5_enctype enctypes[] = { - ETYPE_AES128_CTS_HMAC_SHA1_96, - ETYPE_AES256_CTS_HMAC_SHA1_96 - }; - - setprogname(argv[0]); - - if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) - usage(1); - - if (help_flag) - usage (0); - - if(version_flag){ - print_version(NULL); - exit(0); - } - - argc -= optidx; - argv += optidx; - - ret = krb5_init_context(&context); - if (ret) - errx (1, "krb5_init_context failed: %d", ret); - - for (i = 0; i < sizeof(enctypes)/sizeof(enctypes[0]); i++) { - test_dh2key(context, NULL, NULL, NULL, enctypes[i]); - } - - krb5_free_context(context); - - return 0; -} |