8 files changed, 128 insertions, 309 deletions
diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c
index c8fa556696..1c3e8d2a10 100644
--- a/source4/heimdal/lib/krb5/crypto.c
+++ b/source4/heimdal/lib/krb5/crypto.c
@@ -2124,8 +2124,7 @@ verify_checksum(krb5_context context,
 	return KRB5_PROG_SUMTYPE_NOSUPP;
     }
     if(ct->checksumsize != cksum->checksum.length) {
-	krb5_set_error_string (context, "checksum length was %d, but should be %d for checksum type %s",
-			       cksum->checksum.length, ct->checksumsize, ct->name);
+	krb5_clear_error_string (context);
 	return KRB5KRB_AP_ERR_BAD_INTEGRITY; /* XXX */
     }
     keyed_checksum = (ct->flags & F_KEYED) != 0;
@@ -2146,11 +2145,8 @@ verify_checksum(krb5_context context,
 
     (*ct->checksum)(context, dkey, data, len, usage, &c);
 
-    if(c.checksum.length != cksum->checksum.length) {
- 	krb5_set_error_string (context, "(INTERNAL ERROR) our checksum length was %d, but should be %d for checksum type %s",
-			       c.checksum.length, ct->checksumsize, ct->name);
-	ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-    } else if (memcmp(c.checksum.data, cksum->checksum.data, c.checksum.length)) {
+    if(c.checksum.length != cksum->checksum.length || 
+       memcmp(c.checksum.data, cksum->checksum.data, c.checksum.length)) {
 	krb5_clear_error_string (context);
 	ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
     } else {
diff --git a/source4/heimdal/lib/krb5/fcache.c b/source4/heimdal/lib/krb5/fcache.c
index 03848abb9a..f8ebe837b7 100644
--- a/source4/heimdal/lib/krb5/fcache.c
+++ b/source4/heimdal/lib/krb5/fcache.c
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: fcache.c,v 1.49 2005/06/16 20:25:20 lha Exp $");
+RCSID("$Id: fcache.c,v 1.51 2005/08/12 13:31:19 lha Exp $");
 
 typedef struct krb5_fcache{
     char *filename;
diff --git a/source4/heimdal/lib/krb5/init_creds_pw.c b/source4/heimdal/lib/krb5/init_creds_pw.c
index 8b3975f418..8fd5c4611f 100644
--- a/source4/heimdal/lib/krb5/init_creds_pw.c
+++ b/source4/heimdal/lib/krb5/init_creds_pw.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: init_creds_pw.c,v 1.87 2005/06/17 04:15:20 lha Exp $");
+RCSID("$Id: init_creds_pw.c,v 1.88 2005/08/13 08:25:32 lha Exp $");
 
 typedef struct krb5_get_init_creds_ctx {
     krb5_kdc_flags flags;
@@ -45,6 +45,7 @@ typedef struct krb5_get_init_creds_ctx {
     unsigned nonce;
     unsigned pk_nonce;
 
+    krb5_data req_buffer;
     AS_REQ as_req;
     int pa_counter;
 
@@ -1158,6 +1159,7 @@ process_pa_data_to_key(krb5_context context,
 				   ctx->pk_init_ctx,
 				   etype,
 				   ctx->pk_nonce,
+				   &ctx->req_buffer,
 				   pa,
 				   key);
 #else
@@ -1218,7 +1220,6 @@ init_cred_loop(krb5_context context,
 
     ctx->pa_counter = 0;
     while (ctx->pa_counter < MAX_PA_COUNTER) {
-	krb5_data req;
 
 	ctx->pa_counter++;
 
@@ -1237,17 +1238,20 @@ init_cred_loop(krb5_context context,
 				    prompter, prompter_data);
 	if (ret)
 	    goto out;
-	ASN1_MALLOC_ENCODE(AS_REQ, req.data, req.length, 
+
+	krb5_data_free(&ctx->req_buffer);
+
+	ASN1_MALLOC_ENCODE(AS_REQ, 
+			   ctx->req_buffer.data, ctx->req_buffer.length, 
 			   &ctx->as_req, &len, ret);
 	if (ret)
 	    goto out;
-	if(len != req.length)
+	if(len != ctx->req_buffer.length)
 	    krb5_abortx(context, "internal error in ASN.1 encoder");
 
-	ret = krb5_sendto_kdc_flags (context, &req, 
+	ret = krb5_sendto_kdc_flags (context, &ctx->req_buffer, 
 				     &creds->client->realm, &resp,
 				     send_to_kdc_flags);
-	krb5_data_free(&req);
 	if (ret)
 	    goto out;
 
@@ -1336,6 +1340,7 @@ init_cred_loop(krb5_context context,
 	krb5_free_keyblock(context, key);
     }
 out:
+    krb5_data_free(&ctx->req_buffer);
     free_METHOD_DATA(&md);
     memset(&md, 0, sizeof(md));
 
diff --git a/source4/heimdal/lib/krb5/krb5-private.h b/source4/heimdal/lib/krb5/krb5-private.h
index b877de8cf2..e70527845b 100644
--- a/source4/heimdal/lib/krb5/krb5-private.h
+++ b/source4/heimdal/lib/krb5/krb5-private.h
@@ -293,6 +293,16 @@ _krb5_pk_mk_padata (
 	unsigned /*nonce*/,
 	METHOD_DATA */*md*/);
 
+krb5_error_code
+_krb5_pk_octetstring2key (
+	krb5_context /*context*/,
+	krb5_enctype /*type*/,
+	const void */*dhdata*/,
+	size_t /*dhsize*/,
+	const heim_octet_string */*c_n*/,
+	const heim_octet_string */*k_n*/,
+	krb5_keyblock */*key*/);
+
 krb5_error_code KRB5_LIB_FUNCTION
 _krb5_pk_rd_pa_reply (
 	krb5_context /*context*/,
diff --git a/source4/heimdal/lib/krb5/krb5-protos.h b/source4/heimdal/lib/krb5/krb5-protos.h
index f306bf949f..2750c8b5d2 100644
--- a/source4/heimdal/lib/krb5/krb5-protos.h
+++ b/source4/heimdal/lib/krb5/krb5-protos.h
@@ -3251,6 +3251,14 @@ krb5_verify_init_creds_opt_set_ap_req_nofail (
 	krb5_verify_init_creds_opt */*options*/,
 	int /*ap_req_nofail*/);
 
+int KRB5_LIB_FUNCTION
+krb5_verify_opt_alloc (
+	krb5_context /*context*/,
+	krb5_verify_opt **/*opt*/);
+
+void KRB5_LIB_FUNCTION
+krb5_verify_opt_free (krb5_verify_opt */*opt*/);
+
 void KRB5_LIB_FUNCTION
 krb5_verify_opt_init (krb5_verify_opt */*opt*/);
 
diff --git a/source4/heimdal/lib/krb5/pkinit.c b/source4/heimdal/lib/krb5/pkinit.c
index 35a751c291..69f72d7b88 100755
--- a/source4/heimdal/lib/krb5/pkinit.c
+++ b/source4/heimdal/lib/krb5/pkinit.c
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: pkinit.c,v 1.58 2005/07/23 10:42:01 lha Exp $");
+RCSID("$Id: pkinit.c,v 1.59 2005/08/12 08:53:00 lha Exp $");
 
 #ifdef PKINIT
 
@@ -58,7 +58,7 @@ RCSID("$Id: pkinit.c,v 1.58 2005/07/23 10:42:01 lha Exp $");
 enum {
     COMPAT_WIN2K = 1,
     COMPAT_19 = 2,
-    COMPAT_25 = 3
+    COMPAT_27 = 3
 };
 
 
@@ -716,7 +716,7 @@ pk_mk_padata(krb5_context context,
 	    krb5_abortx(context, "internal ASN1 encoder error");
 
 	oid = oid_id_pkauthdata();
-    } else if (compat == COMPAT_25) {
+    } else if (compat == COMPAT_27) {
 	AuthPack ap;
 	
 	memset(&ap, 0, sizeof(ap));
@@ -802,7 +802,7 @@ pk_mk_padata(krb5_context context,
 
 	free_PA_PK_AS_REQ_19(&req_19);
 
-    } else if (compat == COMPAT_25) {
+    } else if (compat == COMPAT_27) {
 
 	pa_type = KRB5_PADATA_PK_AS_REQ;
 
@@ -871,7 +871,7 @@ _krb5_pk_mk_padata(krb5_context context,
 	if (ret)
 	    goto out;
 
-	ret = pk_mk_padata(context, COMPAT_25, ctx, req_body, nonce, md);
+	ret = pk_mk_padata(context, COMPAT_27, ctx, req_body, nonce, md);
 	if (ret)
 	    goto out;
     }
@@ -1280,10 +1280,10 @@ _krb5_pk_verify_sign(krb5_context context,
 }
 
 static krb5_error_code
-get_reply_key(krb5_context context,
-	      const krb5_data *content,
-	      unsigned nonce,
-	      krb5_keyblock **key)
+get_reply_key_19(krb5_context context,
+		 const krb5_data *content,
+		 unsigned nonce,
+		 krb5_keyblock **key)
 {
     ReplyKeyPack_19 key_pack;
     krb5_error_code ret;
@@ -1324,6 +1324,69 @@ get_reply_key(krb5_context context,
 }
 
 static krb5_error_code
+get_reply_key(krb5_context context,
+	      const krb5_data *content,
+	      const krb5_data *req_buffer,
+	      krb5_keyblock **key)
+{
+    ReplyKeyPack key_pack;
+    krb5_error_code ret;
+    size_t size;
+
+    ret = decode_ReplyKeyPack(content->data,
+			      content->length,
+			      &key_pack,
+			      &size);
+    if (ret) {
+	krb5_set_error_string(context, "PKINIT decoding reply key failed");
+	free_ReplyKeyPack(&key_pack);
+	return ret;
+    }
+    
+    {
+	krb5_crypto crypto;
+
+	/* 
+	 * XXX Verify kp.replyKey is a allowed enctype in the
+	 * configuration file
+	 */
+
+	ret = krb5_crypto_init(context, &key_pack.replyKey, 0, &crypto);
+	if (ret) {
+	    free_ReplyKeyPack(&key_pack);
+	    return ret;
+	}
+
+	ret = krb5_verify_checksum(context, crypto, 6,
+				   req_buffer->data, req_buffer->length,
+				   &key_pack.asChecksum);
+	krb5_crypto_destroy(context, crypto);
+	if (ret) {
+	    free_ReplyKeyPack(&key_pack);
+	    return ret;
+	}
+    }
+
+    *key = malloc (sizeof (**key));
+    if (*key == NULL) {
+	krb5_set_error_string(context, "PKINIT failed allocating reply key");
+	free_ReplyKeyPack(&key_pack);
+	krb5_set_error_string(context, "malloc: out of memory");
+	return ENOMEM;
+    }
+
+    ret = copy_EncryptionKey(&key_pack.replyKey, *key);
+    free_ReplyKeyPack(&key_pack);
+    if (ret) {
+	krb5_set_error_string(context, "PKINIT failed copying reply key");
+	free(*key);
+    }
+
+    return ret;
+}
+
+
+static krb5_error_code
 pk_verify_host(krb5_context context, struct krb5_pk_cert *host)
 {
     /* XXX */
@@ -1332,11 +1395,12 @@ pk_verify_host(krb5_context context, struct krb5_pk_cert *host)
 
 static krb5_error_code
 pk_rd_pa_reply_enckey(krb5_context context,
-		      int win2k_compat,
+		      int type,
                       ContentInfo *rep,
 		      krb5_pk_init_ctx ctx,
 		      krb5_enctype etype,
 	       	      unsigned nonce,
+		      const krb5_data *req_buffer,
 	       	      PA_DATA *pa,
 	       	      krb5_keyblock **key) 
 {
@@ -1418,7 +1482,7 @@ pk_rd_pa_reply_enckey(krb5_context context,
 
   
     /* verify content type */
-    if (win2k_compat) {
+    if (type == COMPAT_WIN2K) {
 	if (heim_oid_cmp(&ed.encryptedContentInfo.contentType, oid_id_pkcs7_data())) {
 	    ret = KRB5KRB_AP_ERR_MSG_TYPE;
 	    goto out;
@@ -1481,7 +1545,7 @@ pk_rd_pa_reply_enckey(krb5_context context,
     length = plain.length;
 
     /* win2k uses ContentInfo */
-    if (win2k_compat) {
+    if (type == COMPAT_WIN2K) {
 	ContentInfo ci;
 
 	ret = decode_ContentInfo(p, length, &ci, &size);
@@ -1518,7 +1582,7 @@ pk_rd_pa_reply_enckey(krb5_context context,
 	goto out;
     }
 
-    if (win2k_compat) {
+    if (type == COMPAT_WIN2K) {
 	if (heim_oid_cmp(&contentType, oid_id_pkcs7_data()) != 0) {
 	    krb5_set_error_string(context, "PKINIT: reply key, wrong oid");
 	    ret = KRB5KRB_AP_ERR_MSG_TYPE;
@@ -1532,7 +1596,15 @@ pk_rd_pa_reply_enckey(krb5_context context,
 	}
     }
 
-    ret = get_reply_key(context, &content, nonce, key);
+    switch(type) {
+    case COMPAT_WIN2K:
+    case COMPAT_19:
+	ret = get_reply_key_19(context, &content, nonce, key);
+	break;
+    case COMPAT_27:
+	ret = get_reply_key(context, &content, req_buffer, key);
+	break;
+    }
     if (ret)
 	goto out;
 
@@ -1728,6 +1800,7 @@ _krb5_pk_rd_pa_reply(krb5_context context,
 		     void *c,
 		     krb5_enctype etype,
 		     unsigned nonce,
+		     const krb5_data *req_buffer,
 		     PA_DATA *pa,
 		     krb5_keyblock **key)
 {
@@ -1736,7 +1809,7 @@ _krb5_pk_rd_pa_reply(krb5_context context,
     ContentInfo ci;
     size_t size;
 
-    /* Check for PK-INIT -25 */
+    /* Check for PK-INIT -27 */
     if (pa->padata_type == KRB5_PADATA_PK_AS_REP) {
 	PA_PK_AS_REP rep;
 
@@ -1781,8 +1854,8 @@ _krb5_pk_rd_pa_reply(krb5_context context,
 				      "ContentInfo: %d", ret);
 		break;
 	    }
-	    ret = pk_rd_pa_reply_enckey(context, 0, &ci, ctx,
-					etype, nonce, pa, key);
+	    ret = pk_rd_pa_reply_enckey(context, COMPAT_27, &ci, ctx,
+					etype, nonce, req_buffer, pa, key);
 	    free_ContentInfo(&ci);
 	    return ret;
 	default:
@@ -1811,9 +1884,9 @@ _krb5_pk_rd_pa_reply(krb5_context context,
 					nonce, pa, key);
 		break;
 	    case choice_PA_PK_AS_REP_19_encKeyPack:
-		ret = pk_rd_pa_reply_enckey(context, 0,
+		ret = pk_rd_pa_reply_enckey(context, COMPAT_19,
 					    &rep19.u.encKeyPack, ctx,
-					    etype, nonce, pa, key);
+					    etype, nonce, NULL, pa, key);
 		break;
 	    default:
 		krb5_set_error_string(context, "PKINIT: -19 reply invalid "
@@ -1857,8 +1930,8 @@ _krb5_pk_rd_pa_reply(krb5_context context,
 				      ret);
 		return ret;
 	    }
-	    ret = pk_rd_pa_reply_enckey(context, 1, &ci, ctx,
-					etype, nonce, pa, key);
+	    ret = pk_rd_pa_reply_enckey(context, COMPAT_WIN2K, &ci, ctx,
+					etype, nonce, NULL, pa, key);
 	    free_ContentInfo(&ci);
 	    break;
 	default:
diff --git a/source4/heimdal/lib/krb5/test_crypto_wrapping.c b/source4/heimdal/lib/krb5/test_crypto_wrapping.c
deleted file mode 100644
index 37d9bbacb7..0000000000
--- a/source4/heimdal/lib/krb5/test_crypto_wrapping.c
+++ /dev/null
@@ -1,163 +0,0 @@
-/*
- * Copyright (c) 2005 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-#include <err.h>
-#include <getarg.h>
-
-RCSID("$Id: test_crypto_wrapping.c,v 1.2 2005/07/09 01:31:43 lha Exp $");
-
-static void
-test_wrapping(krb5_context context,
-	      size_t min_size,
-	      size_t max_size,
-	      size_t step,
-	      krb5_enctype etype)
-{
-    krb5_error_code ret;
-    krb5_keyblock key;
-    krb5_crypto crypto;
-    krb5_data data;
-    char *etype_name;
-    void *buf;
-    size_t size;
-
-    ret = krb5_generate_random_keyblock(context, etype, &key);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_generate_random_keyblock");
-
-    ret = krb5_enctype_to_string(context, etype, &etype_name);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_enctype_to_string");
-
-    buf = malloc(max_size);
-    if (buf == NULL)
-	krb5_errx(context, 1, "out of memory");
-    memset(buf, 0, max_size);
-
-    ret = krb5_crypto_init(context, &key, 0, &crypto);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_crypto_init");
-
-    for (size = min_size; size < max_size; size += step) {
-	size_t wrapped_size;
-
-	ret = krb5_encrypt(context, crypto, 0, buf, size, &data);
-	if (ret)
-	    krb5_err(context, 1, ret, "encrypt size %d using %s",
-		     size, etype_name);
-
-	wrapped_size = krb5_get_wrapped_length(context, crypto, size);
-
-	if (wrapped_size != data.length)
-	    krb5_errx(context, 1, "calculated wrapped length %lu != "
-		      "real wrapped length %lu for data length %lu using "
-		      "enctype %s",
-		      (unsigned long)wrapped_size,
-		      (unsigned long)data.length,
-		      (unsigned long)size,
-		      etype_name);
-	krb5_data_free(&data);
-    }
-
-    free(buf);
-    krb5_crypto_destroy(context, crypto);
-    krb5_free_keyblock_contents(context, &key);
-}
-
-
-
-static int version_flag = 0;
-static int help_flag	= 0;
-
-static struct getargs args[] = {
-    {"version",	0,	arg_flag,	&version_flag,
-     "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,
-     NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    int i, optidx = 0;
-
-    krb5_enctype enctypes[] = { 
-	ETYPE_DES_CBC_CRC,
-	ETYPE_DES_CBC_MD4,
-	ETYPE_DES_CBC_MD5,
-	ETYPE_DES3_CBC_SHA1,
-	ETYPE_ARCFOUR_HMAC_MD5,
-	ETYPE_AES128_CTS_HMAC_SHA1_96,
-	ETYPE_AES256_CTS_HMAC_SHA1_96
-    };
-
-    setprogname(argv[0]);
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    for (i = 0; i < sizeof(enctypes)/sizeof(enctypes[0]); i++) {
-	test_wrapping(context, 0, 1024, 1, enctypes[i]);
-	test_wrapping(context, 1024, 1024 * 100, 1024, enctypes[i]);
-    }
-    krb5_free_context(context);
-
-    return 0;
-}
diff --git a/source4/heimdal/lib/krb5/test_pkinit_dh2key.c b/source4/heimdal/lib/krb5/test_pkinit_dh2key.c
deleted file mode 100644
index a40c218e12..0000000000
--- a/source4/heimdal/lib/krb5/test_pkinit_dh2key.c
+++ /dev/null
@@ -1,110 +0,0 @@
-/*
- * Copyright (c) 2005 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-#include <err.h>
-#include <getarg.h>
-
-RCSID("$Id: test_pkinit_dh2key.c,v 1.1 2005/07/20 16:27:58 lha Exp $");
-
-static void
-test_dh2key(krb5_context context, 
-	    const heim_octet_string *K,
-	    const heim_octet_string *c_n,
-	    const heim_octet_string *k_n,
-	    krb5_enctype etype)
-{
-    return;
-}
-
-
-
-static int version_flag = 0;
-static int help_flag	= 0;
-
-static struct getargs args[] = {
-    {"version",	0,	arg_flag,	&version_flag,
-     "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,
-     NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    int i, optidx = 0;
-
-    krb5_enctype enctypes[] = { 
-	ETYPE_AES128_CTS_HMAC_SHA1_96,
-	ETYPE_AES256_CTS_HMAC_SHA1_96
-    };
-
-    setprogname(argv[0]);
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    for (i = 0; i < sizeof(enctypes)/sizeof(enctypes[0]); i++) {
-	test_dh2key(context, NULL, NULL, NULL, enctypes[i]);
-    }
-
-    krb5_free_context(context);
-
-    return 0;
-}