gssd_krb5: arcfour-hmac support

For arcfour-hmac support, the make_checksum function needs a usage
field to correctly calculate the checksum differently for MIC and
WRAP tokens.

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>

1 files changed, 8 insertions, 4 deletions

diff --git a/net/sunrpc/auth_gss/gss_krb5_unseal.c b/net/sunrpc/auth_gss/gss_krb5_unseal.c
index 4ede4cc4391f..ef91366e3dea 100644
--- a/net/sunrpc/auth_gss/gss_krb5_unseal.c
+++ b/net/sunrpc/auth_gss/gss_krb5_unseal.c
@@ -115,7 +115,7 @@ gss_verify_mic_v1(struct krb5_ctx *ctx,
                 cksumkey = NULL;
 
         if (make_checksum(ctx, ptr, 8, message_buffer, 0,
-                          cksumkey, &md5cksum))
+                          cksumkey, KG_USAGE_SIGN, &md5cksum))
                 return GSS_S_FAILURE;
 
         if (memcmp(md5cksum.data, ptr + GSS_KRB5_TOK_HDR_LEN,
@@ -154,6 +154,7 @@ gss_verify_mic_v2(struct krb5_ctx *ctx,
         u8 *cksumkey;
         u8 flags;
         int i;
+        unsigned int cksum_usage;
 
         dprintk("RPC:       %s\n", __func__);
 
@@ -174,13 +175,16 @@ gss_verify_mic_v2(struct krb5_ctx *ctx,
                 if (ptr[i] != 0xff)
                         return GSS_S_DEFECTIVE_TOKEN;
 
-        if (ctx->initiate)
+        if (ctx->initiate) {
                 cksumkey = ctx->acceptor_sign;
-        else
+                cksum_usage = KG_USAGE_ACCEPTOR_SIGN;
+        } else {
                 cksumkey = ctx->initiator_sign;
+                cksum_usage = KG_USAGE_INITIATOR_SIGN;
+        }
 
         if (make_checksum_v2(ctx, ptr, GSS_KRB5_TOK_HDR_LEN, message_buffer, 0,
-                             cksumkey, &cksumobj))
+                             cksumkey, cksum_usage, &cksumobj))
                 return GSS_S_FAILURE;
 
         if (memcmp(cksumobj.data, ptr + GSS_KRB5_TOK_HDR_LEN,