Clean up PBKDF2 interface. Add s2k-params to string-to-key interface, except

no new decl in krb5.h yet; rename changed s2k functions to use krb5int_ prefix.
Add AES to etype table.  Delete some unused declarations.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15229 dc483132-0cff-0310-8789-dd5450dbe970

16 files changed, 114 insertions, 76 deletions

diff --git a/src/lib/crypto/ChangeLog b/src/lib/crypto/ChangeLog
index b5448c8677..fae236d265 100644
--- a/src/lib/crypto/ChangeLog
+++ b/src/lib/crypto/ChangeLog
@@ -1,3 +1,21 @@
+2003-03-04  Ken Raeburn  <raeburn@mit.edu>
+
+	* etypes.c: Include aes_s2k.h.
+	(krb5_enctypes): Add AES enctypes.  Update s2k function names.
+	* pbkdf2.c (krb5int_pbkdf2): Now static.  Output data descriptor
+	is const.
+	(krb5int_pbkdf2_hmac_sha1_128, krb5int_pbkdf2_hmac_sha1_256):
+	Deleted.
+	* string_to_key.c (krb5_c_string_to_key_with_params): Renamed from
+	krb5_c_string_to_key, takes new params argument and passes it
+	through.
+	(krb5_c_string_to_key): New function, passes null params.
+	* t_pkcs5.c (test_pbkdf2_rfc3211): Update calls to
+	krb5int_pbkdf2_hmac_sha1 for new API.
+	* vectors.c (test_mit_des_s2k): Update krb5_des_string_to_key call
+	for new API.
+	* Makefile.in: Update dependencies.
+
 2003-03-03  Ken Raeburn  <raeburn@mit.edu>
 
 	* pbkdf2.c (F): Now takes krb5_data for password and salt.
diff --git a/src/lib/crypto/Makefile.in b/src/lib/crypto/Makefile.in
index 1f6ede7c75..ccb26af440 100644
--- a/src/lib/crypto/Makefile.in
+++ b/src/lib/crypto/Makefile.in
@@ -412,7 +412,8 @@ etypes.so etypes.po $(OUTPRE)etypes.$(OBJEXT): etypes.c $(SRCTOP)/include/k5-int
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
   $(BUILDTOP)/include/profile.h $(srcdir)/enc_provider/enc_provider.h \
   $(srcdir)/hash_provider/hash_provider.h etypes.h $(srcdir)/old/old.h \
-  $(srcdir)/raw/raw.h $(srcdir)/dk/dk.h $(srcdir)/arcfour/arcfour.h
+  $(srcdir)/raw/raw.h $(srcdir)/dk/dk.h $(srcdir)/arcfour/arcfour.h \
+  $(srcdir)/aes/aes_s2k.h
 hmac.so hmac.po $(OUTPRE)hmac.$(OBJEXT): hmac.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
   $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
diff --git a/src/lib/crypto/arcfour/ChangeLog b/src/lib/crypto/arcfour/ChangeLog
index 7442af5f83..5727d1986a 100644
--- a/src/lib/crypto/arcfour/ChangeLog
+++ b/src/lib/crypto/arcfour/ChangeLog
@@ -1,3 +1,9 @@
+2003-03-04  Ken Raeburn  <raeburn@mit.edu>
+
+	* arcfour.c (krb5int_arcfour_string_to_key): Renamed from
+	krb5_... and added new s2k-params argument, which must be null.
+	* arcfour.h: Updated.
+
 2003-02-03  Sam Hartman  <hartmans@mit.edu>
 
 	* arcfour.c (krb5_arcfour_encrypt_length): l40, the 40-bit
diff --git a/src/lib/crypto/arcfour/arcfour.h b/src/lib/crypto/arcfour/arcfour.h
index 39bf8240a7..c6e4353348 100644
--- a/src/lib/crypto/arcfour/arcfour.h
+++ b/src/lib/crypto/arcfour/arcfour.h
@@ -25,10 +25,11 @@ krb5_error_code krb5_arcfour_decrypt(const struct krb5_enc_provider *,
 			const krb5_data *,
 			krb5_data *);
 
-extern krb5_error_code krb5_arcfour_string_to_key(
+extern krb5_error_code krb5int_arcfour_string_to_key(
      const struct krb5_enc_provider *,
      const krb5_data *,
      const krb5_data *,
+     const krb5_data *,
      krb5_keyblock *);
 
 extern const struct krb5_enc_provider krb5int_enc_arcfour;
diff --git a/src/lib/crypto/arcfour/string_to_key.c b/src/lib/crypto/arcfour/string_to_key.c
index 1fecd4df0f..2212d715fd 100644
--- a/src/lib/crypto/arcfour/string_to_key.c
+++ b/src/lib/crypto/arcfour/string_to_key.c
@@ -12,15 +12,16 @@ static void asctouni(unsigned char *unicode, unsigned char *ascii, size_t len)
 }
 
 krb5_error_code
-krb5_arcfour_string_to_key(enc, string, salt, key)
-	const struct krb5_enc_provider *enc;
-	const krb5_data *string;
-	const krb5_data *salt;
-	krb5_keyblock *key;
+krb5int_arcfour_string_to_key(const struct krb5_enc_provider *enc,
+			      const krb5_data *string, const krb5_data *salt,
+			      const krb5_data *params, krb5_keyblock *key)
 {
   size_t len,slen;
   unsigned char *copystr;
   krb5_MD4_CTX md4_context;
+
+  if (params != NULL)
+      return KRB5_ERR_BAD_S2K_PARAMS;
   
   if (key->length != 16)
     return (KRB5_BAD_MSIZE);
diff --git a/src/lib/crypto/dk/ChangeLog b/src/lib/crypto/dk/ChangeLog
index df04069a95..9ed3a8de9e 100644
--- a/src/lib/crypto/dk/ChangeLog
+++ b/src/lib/crypto/dk/ChangeLog
@@ -1,3 +1,9 @@
+2003-03-04  Ken Raeburn  <raeburn@mit.edu>
+
+	* stringtokey.c (krb5int_dk_string_to_key): Renamed from
+	krb5_... and added s2k-params argument.
+	* dk.h: Updated.
+
 2003-01-10  Ken Raeburn  <raeburn@mit.edu>
 
 	* Makefile.in: Add AC_SUBST_FILE marker for libobj_frag.
diff --git a/src/lib/crypto/dk/dk.h b/src/lib/crypto/dk/dk.h
index 8d4c497879..0171016171 100644
--- a/src/lib/crypto/dk/dk.h
+++ b/src/lib/crypto/dk/dk.h
@@ -45,10 +45,10 @@ krb5_error_code krb5_dk_decrypt
 		const krb5_data *ivec, const krb5_data *input,
 		krb5_data *arg_output);
 
-krb5_error_code krb5_dk_string_to_key
+krb5_error_code krb5int_dk_string_to_key
 (const struct krb5_enc_provider *enc, 
 		const krb5_data *string, const krb5_data *salt,
-		krb5_keyblock *key);
+		const krb5_data *params, krb5_keyblock *key);
 
 krb5_error_code krb5_derive_key
 (const struct krb5_enc_provider *enc,
diff --git a/src/lib/crypto/dk/stringtokey.c b/src/lib/crypto/dk/stringtokey.c
index a0bd3441f4..be13ca4a1e 100644
--- a/src/lib/crypto/dk/stringtokey.c
+++ b/src/lib/crypto/dk/stringtokey.c
@@ -30,11 +30,9 @@ static const unsigned char kerberos[] = "kerberos";
 #define kerberos_len (sizeof(kerberos)-1)
 
 krb5_error_code
-krb5_dk_string_to_key(enc, string, salt, key)
-     const struct krb5_enc_provider *enc;
-     const krb5_data *string;
-     const krb5_data *salt;
-     krb5_keyblock *key;
+krb5int_dk_string_to_key(const struct krb5_enc_provider *enc,
+			 const krb5_data *string, const krb5_data *salt,
+			 const krb5_data *parms, krb5_keyblock *key)
 {
     krb5_error_code ret;
     size_t keybytes, keylength, concatlen;
diff --git a/src/lib/crypto/etypes.c b/src/lib/crypto/etypes.c
index 6d8f50b4e9..1cc570cd8f 100644
--- a/src/lib/crypto/etypes.c
+++ b/src/lib/crypto/etypes.c
@@ -32,6 +32,7 @@
 #include "raw.h"
 #include "dk.h"
 #include "arcfour.h"
+#include "aes_s2k.h"
 
 /* these will be linear searched.  if they ever get big, a binary
    search or hash table would be better, which means these would need
@@ -44,82 +45,93 @@ const struct krb5_keytypes krb5_enctypes_list[] = {
       "des-cbc-crc", "DES cbc mode with CRC-32",
       &krb5int_enc_des, &krb5int_hash_crc32,
       krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt,
-      krb5_des_string_to_key },
+      krb5int_des_string_to_key },
     { ENCTYPE_DES_CBC_MD4,
       "des-cbc-md4", "DES cbc mode with RSA-MD4",
       &krb5int_enc_des, &krb5int_hash_md4,
       krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt,
-      krb5_des_string_to_key },
+      krb5int_des_string_to_key },
     { ENCTYPE_DES_CBC_MD5,
       "des-cbc-md5", "DES cbc mode with RSA-MD5",
       &krb5int_enc_des, &krb5int_hash_md5,
       krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt,
-      krb5_des_string_to_key },
+      krb5int_des_string_to_key },
     { ENCTYPE_DES_CBC_MD5,
       "des", "DES cbc mode with RSA-MD5", /* alias */
       &krb5int_enc_des, &krb5int_hash_md5,
       krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt,
-      krb5_des_string_to_key },
+      krb5int_des_string_to_key },
 
     { ENCTYPE_DES_CBC_RAW,
       "des-cbc-raw", "DES cbc mode raw",
       &krb5int_enc_des, NULL,
       krb5_raw_encrypt_length, krb5_raw_encrypt, krb5_raw_decrypt,
-      krb5_des_string_to_key },
+      krb5int_des_string_to_key },
     { ENCTYPE_DES3_CBC_RAW,
       "des3-cbc-raw", "Triple DES cbc mode raw",
       &krb5int_enc_des3, NULL,
       krb5_raw_encrypt_length, krb5_raw_encrypt, krb5_raw_decrypt,
-      krb5_dk_string_to_key },
+      krb5int_dk_string_to_key },
 
     { ENCTYPE_DES3_CBC_SHA1,
       "des3-cbc-sha1", "Triple DES cbc mode with HMAC/sha1",
       &krb5int_enc_des3, &krb5int_hash_sha1,
       krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
-      krb5_dk_string_to_key },
+      krb5int_dk_string_to_key },
     { ENCTYPE_DES3_CBC_SHA1,	/* alias */
       "des3-hmac-sha1", "Triple DES cbc mode with HMAC/sha1",
       &krb5int_enc_des3, &krb5int_hash_sha1,
       krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
-      krb5_dk_string_to_key },
+      krb5int_dk_string_to_key },
     { ENCTYPE_DES3_CBC_SHA1,	/* alias */
       "des3-cbc-sha1-kd", "Triple DES cbc mode with HMAC/sha1",
       &krb5int_enc_des3, &krb5int_hash_sha1,
       krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
-      krb5_dk_string_to_key },
+      krb5int_dk_string_to_key },
 
     { ENCTYPE_DES_HMAC_SHA1,
       "des-hmac-sha1", "DES with HMAC/sha1",
       &krb5int_enc_des, &krb5int_hash_sha1,
       krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
-      krb5_dk_string_to_key },
+      krb5int_dk_string_to_key },
     { ENCTYPE_ARCFOUR_HMAC, 
       "arcfour-hmac","ArcFour with HMAC/md5", &krb5int_enc_arcfour,
       &krb5int_hash_md5, krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
-      krb5_arcfour_decrypt, krb5_arcfour_string_to_key },
+      krb5_arcfour_decrypt, krb5int_arcfour_string_to_key },
     { ENCTYPE_ARCFOUR_HMAC,  /* alias */
       "rc4-hmac", "ArcFour with HMAC/md5", &krb5int_enc_arcfour,
       &krb5int_hash_md5, krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
-      krb5_arcfour_decrypt, krb5_arcfour_string_to_key },
+      krb5_arcfour_decrypt, krb5int_arcfour_string_to_key },
     { ENCTYPE_ARCFOUR_HMAC,  /* alias */
       "arcfour-hmac-md5", "ArcFour with HMAC/md5", &krb5int_enc_arcfour,
       &krb5int_hash_md5, krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
-      krb5_arcfour_decrypt, krb5_arcfour_string_to_key },
+      krb5_arcfour_decrypt, krb5int_arcfour_string_to_key },
     { ENCTYPE_ARCFOUR_HMAC_EXP, 
       "arcfour-hmac-exp", "Exportable ArcFour with HMAC/md5",
       &krb5int_enc_arcfour,
       &krb5int_hash_md5, krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
-      krb5_arcfour_decrypt, krb5_arcfour_string_to_key },
+      krb5_arcfour_decrypt, krb5int_arcfour_string_to_key },
     { ENCTYPE_ARCFOUR_HMAC_EXP, /* alias */
       "rc4-hmac-exp", "Exportable ArcFour with HMAC/md5",
       &krb5int_enc_arcfour,
       &krb5int_hash_md5, krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
-      krb5_arcfour_decrypt, krb5_arcfour_string_to_key },
+      krb5_arcfour_decrypt, krb5int_arcfour_string_to_key },
     { ENCTYPE_ARCFOUR_HMAC_EXP, /* alias */
       "arcfour-hmac-md5-exp", "Exportable ArcFour with HMAC/md5",
       &krb5int_enc_arcfour,
       &krb5int_hash_md5, krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
-      krb5_arcfour_decrypt, krb5_arcfour_string_to_key },
+      krb5_arcfour_decrypt, krb5int_arcfour_string_to_key },
+
+    { ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+      "aes128-cts-hmac-sha1-96", "AES-128 CTS mode with 96-bit SHA-1 HMAC",
+      &krb5int_enc_aes128, &krb5int_hash_sha1,
+      krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
+      krb5int_aes_string_to_key },
+    { ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+      "aes256-cts-hmac-sha1-96", "AES-256 CTS mode with 96-bit SHA-1 HMAC",
+      &krb5int_enc_aes256, &krb5int_hash_sha1,
+      krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
+      krb5int_aes_string_to_key },
 
 #ifdef ATHENA_DES3_KLUDGE
     /*
@@ -131,7 +143,7 @@ const struct krb5_keytypes krb5_enctypes_list[] = {
       "Triple DES with HMAC/sha1 and 32-bit length code",
       &krb5int_enc_des3, &krb5int_hash_sha1,
       krb5_marc_dk_encrypt_length, krb5_marc_dk_encrypt, krb5_marc_dk_decrypt,
-      krb5_dk_string_to_key },
+      krb5int_dk_string_to_key },
 #endif
 };
 
diff --git a/src/lib/crypto/old/ChangeLog b/src/lib/crypto/old/ChangeLog
index 0cdd659318..c23b403716 100644
--- a/src/lib/crypto/old/ChangeLog
+++ b/src/lib/crypto/old/ChangeLog
@@ -1,3 +1,9 @@
+2003-03-04  Ken Raeburn  <raeburn@mit.edu>
+
+	* des_stringtokey.c (krb5int_des_string_to_key): Renamed from
+	krb5_... and added s2k-params argument which must be null.
+	* old.h: Updated.
+
 2003-01-10  Ken Raeburn  <raeburn@mit.edu>
 
 	* Makefile.in: Add AC_SUBST_FILE marker for libobj_frag.
diff --git a/src/lib/crypto/old/des_stringtokey.c b/src/lib/crypto/old/des_stringtokey.c
index ee3e1d065d..fd3440bda0 100644
--- a/src/lib/crypto/old/des_stringtokey.c
+++ b/src/lib/crypto/old/des_stringtokey.c
@@ -34,11 +34,14 @@ extern krb5_error_code mit_des_string_to_key_int
 		 const krb5_data * salt);
 
 krb5_error_code
-krb5_des_string_to_key(enc, string, salt, key)
+krb5int_des_string_to_key(enc, string, salt, parm, key)
      const struct krb5_enc_provider *enc;
      const krb5_data *string;
      const krb5_data *salt;
+     const krb5_data *parm;
      krb5_keyblock *key;
 {
+    if (parm != NULL)
+	return KRB5_ERR_BAD_S2K_PARAMS;
     return(mit_des_string_to_key_int(key, string, salt));
 }
diff --git a/src/lib/crypto/old/old.h b/src/lib/crypto/old/old.h
index b22b1684de..94ee6421e8 100644
--- a/src/lib/crypto/old/old.h
+++ b/src/lib/crypto/old/old.h
@@ -45,7 +45,8 @@ krb5_error_code krb5_old_decrypt
 		const krb5_data *ivec, const krb5_data *input,
 		krb5_data *arg_output);
 
-krb5_error_code krb5_des_string_to_key
+krb5_error_code krb5int_des_string_to_key
 (const struct krb5_enc_provider *enc,
-		const krb5_data *string, const krb5_data *salt, 
+		const krb5_data *string, const krb5_data *salt,
+		const krb5_data *params,
 		krb5_keyblock *key);
diff --git a/src/lib/crypto/pbkdf2.c b/src/lib/crypto/pbkdf2.c
index d93b5b893c..d8a3f8b589 100644
--- a/src/lib/crypto/pbkdf2.c
+++ b/src/lib/crypto/pbkdf2.c
@@ -32,24 +32,12 @@
 #include "k5-int.h"
 #include "hash_provider.h"
 
-/* for k5-int.h */
-extern krb5_error_code
+/* Not exported, for now.  */
+static krb5_error_code
 krb5int_pbkdf2 (krb5_error_code (*prf)(krb5_keyblock *, krb5_data *,
 				       krb5_data *),
 		size_t hlen, const krb5_data *pass, const krb5_data *salt,
-		unsigned long count, krb5_data *output);
-extern krb5_error_code
-krb5int_pbkdf2_hmac_sha1 (const krb5_data *out, unsigned long count,
-			  const krb5_data *pass, const krb5_data *salt);
-extern krb5_error_code
-krb5int_pbkdf2_hmac_sha1_128 (char *out, unsigned long count,
-			      const krb5_data *pass, const krb5_data *salt);
-extern krb5_error_code
-krb5int_pbkdf2_hmac_sha1_256 (char *out, unsigned long count,
-			      const krb5_data *pass, const krb5_data *salt);
-
-
-
+		unsigned long count, const krb5_data *output);
 
 static int debug_hmac = 0;
 
@@ -161,12 +149,12 @@ F(char *output, char *u_tmp1, char *u_tmp2,
     return 0;
 }
 
-krb5_error_code
+static krb5_error_code
 krb5int_pbkdf2 (krb5_error_code (*prf)(krb5_keyblock *, krb5_data *,
 				       krb5_data *),
 		size_t hlen,
 		const krb5_data *pass, const krb5_data *salt,
-		unsigned long count, krb5_data *output)
+		unsigned long count, const krb5_data *output)
 {
     int l, r, i;
     char *utmp1, *utmp2;
@@ -258,23 +246,3 @@ krb5int_pbkdf2_hmac_sha1 (const krb5_data *out, unsigned long count,
 {
     return krb5int_pbkdf2 (foo, 20, pass, salt, count, out);
 }
-
-krb5_error_code
-krb5int_pbkdf2_hmac_sha1_128 (char *out, unsigned long count,
-			      const krb5_data *pass, const krb5_data *salt)
-{
-    krb5_data out_d;
-    out_d.data = out;
-    out_d.length = 16;
-    return krb5int_pbkdf2 (foo, 20, pass, salt, count, &out_d);
-}
-
-krb5_error_code
-krb5int_pbkdf2_hmac_sha1_256 (char *out, unsigned long count,
-			      const krb5_data *pass, const krb5_data *salt)
-{
-    krb5_data out_d;
-    out_d.data = out;
-    out_d.length = 32;
-    return krb5int_pbkdf2 (foo, 20, pass, salt, count, &out_d);
-}
diff --git a/src/lib/crypto/string_to_key.c b/src/lib/crypto/string_to_key.c
index f6ddf9d690..cccfd1c1a3 100644
--- a/src/lib/crypto/string_to_key.c
+++ b/src/lib/crypto/string_to_key.c
@@ -35,6 +35,19 @@ krb5_c_string_to_key(context, enctype, string, salt, key)
      const krb5_data *salt;
      krb5_keyblock *key;
 {
+    return krb5_c_string_to_key_with_params(context, enctype, string, salt,
+					    NULL, key);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_string_to_key_with_params(context, enctype, string, salt, params, key)
+     krb5_context context;
+     krb5_enctype enctype;
+     const krb5_data *string;
+     const krb5_data *salt;
+     const krb5_data *params;
+     krb5_keyblock *key;
+{
     int i;
     krb5_error_code ret;
     const struct krb5_enc_provider *enc;
@@ -59,7 +72,8 @@ krb5_c_string_to_key(context, enctype, string, salt, key)
     key->enctype = enctype;
     key->length = keylength;
 
-    if ((ret = ((*(krb5_enctypes_list[i].str2key))(enc, string, salt, key)))) {
+    ret = (*krb5_enctypes_list[i].str2key)(enc, string, salt, params, key);
+    if (ret) {
 	memset(key->contents, 0, keylength);
 	free(key->contents);
     }
diff --git a/src/lib/crypto/t_pkcs5.c b/src/lib/crypto/t_pkcs5.c
index 30e857441f..db255280a5 100644
--- a/src/lib/crypto/t_pkcs5.c
+++ b/src/lib/crypto/t_pkcs5.c
@@ -49,7 +49,7 @@ static void test_pbkdf2_rfc3211()
 {
     char x[100];
     krb5_error_code err;
-    krb5_data d;
+    krb5_data d, pass, salt;
     int i;
 
     /* RFC 3211 test cases.  */
@@ -80,8 +80,11 @@ static void test_pbkdf2_rfc3211()
 	       t[i].count, t[i].len * 8, t[i].len, t[i].pass);
 
 	d.length = t[i].len;
-	err = krb5int_pbkdf2_hmac_sha1 (x, d.length, t[i].count,
-					t[i].pass, t[i].salt);
+	pass.data = t[i].pass;
+	pass.length = strlen(pass.data);
+	salt.data = t[i].salt;
+	salt.length = strlen(salt.data);
+	err = krb5int_pbkdf2_hmac_sha1 (&d, t[i].count, &pass, &salt);
 	if (err) {
 	    printf("error in computing pbkdf2: %s\n", error_message(err));
 	    exit(1);
diff --git a/src/lib/crypto/vectors.c b/src/lib/crypto/vectors.c
index b5ca63e8c2..20c5d7cc7b 100644
--- a/src/lib/crypto/vectors.c
+++ b/src/lib/crypto/vectors.c
@@ -136,7 +136,7 @@ test_mit_des_s2k ()
 	printf ("\npassword: %-25s", buf);
 	printhex (strlen(p), p);
 	printf ("\n");
-	r = krb5_des_string_to_key (0, &pd, &sd, &key);
+	r = krb5int_des_string_to_key (0, &pd, &sd, 0, &key);
 	printf (  "DES key:  %-25s", "");
 	printhex (key.length, key.contents);
 	printf ("\n\n");