gss_krb5: add ability to have a keyed checksum (hmac)

Encryption types besides DES may use a keyed checksum (hmac). Modify the make_checksum() function to allow for a key and take care of enctype-specific processing such as truncating the resulting hash. Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Steve Dickson <steved@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
author: Kevin Coffman <kwc@citi.umich.edu> 2010-03-17 13:02:52 -0400
committer: Trond Myklebust <Trond.Myklebust@netapp.com> 2010-05-14 15:09:16 -0400
commit: e1f6c07b1160ef28e8754d12e6c03288dd9d5ca8 (patch)
tree: 5be1f97a1a51feaed4bed2b4a83a568c94921faf /net/sunrpc/auth_gss/gss_krb5_seal.c
parent: 81d4a4333a1dfd6070f046265d928bb4c79aff88 (diff)
1 files changed, 7 insertions, 6 deletions
diff --git a/net/sunrpc/auth_gss/gss_krb5_seal.c b/net/sunrpc/auth_gss/gss_krb5_seal.c
index 46c6f44e5c3f..cd512719092b 100644
--- a/net/sunrpc/auth_gss/gss_krb5_seal.c
+++ b/net/sunrpc/auth_gss/gss_krb5_seal.c
@@ -101,6 +101,7 @@ gss_get_mic_v1(struct krb5_ctx *ctx, struct xdr_buf *text,
        void                    *ptr;
        s32                     now;
        u32                     seq_send;
+        u8                      *cksumkey;
        dprintk("RPC:       %s\n", __func__);
        BUG_ON(ctx == NULL);
@@ -109,15 +110,15 @@ gss_get_mic_v1(struct krb5_ctx *ctx, struct xdr_buf *text,
        ptr = setup_token(ctx, token);
-        if (make_checksum((char *)ctx->gk5e->cksum_name, ptr, 8,
+        if (ctx->gk5e->keyed_cksum)
-                                                text, 0, &md5cksum))
+                cksumkey = ctx->cksum;
-                return GSS_S_FAILURE;
+        else
+                cksumkey = NULL;
-        if (krb5_encrypt(ctx->seq, NULL, md5cksum.data,
+        if (make_checksum(ctx, ptr, 8, text, 0, cksumkey, &md5cksum))
-                          md5cksum.data, md5cksum.len))
                return GSS_S_FAILURE;
-        memcpy(ptr + GSS_KRB5_TOK_HDR_LEN, md5cksum.data + md5cksum.len - 8, 8);
+        memcpy(ptr + GSS_KRB5_TOK_HDR_LEN, md5cksum.data, md5cksum.len);
        spin_lock(&krb5_seq_lock);
        seq_send = ctx->seq_send++;
author	Kevin Coffman <kwc@citi.umich.edu>	2010-03-17 13:02:52 -0400
committer	Trond Myklebust <Trond.Myklebust@netapp.com>	2010-05-14 15:09:16 -0400
commit	e1f6c07b1160ef28e8754d12e6c03288dd9d5ca8 (patch)
tree	5be1f97a1a51feaed4bed2b4a83a568c94921faf /net/sunrpc/auth_gss/gss_krb5_seal.c
parent	81d4a4333a1dfd6070f046265d928bb4c79aff88 (diff)