From a1c8f029b769697a27e1467a3d79df0241e5d182 Mon Sep 17 00:00:00 2001
From: Simon Wilkinson <sxw@auristor.com>
Date: Mon, 14 May 2018 14:26:46 +0100
Subject: [PATCH] krb5: Add a verify mode for the HMAC_SHA1 checksum

Add a verify operation for this checksum. If a verify operation isn't
defined, then the verify_checksum code has to dynamically allocate and
free a block of memory for the computed checksum, which can be a
significant overhead when performing bulk data encryption.
---
 lib/krb5/crypto-aes-sha1.c |  4 ++--
 lib/krb5/crypto.c          | 28 ++++++++++++++++++++++++++++
 2 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/lib/krb5/crypto-aes-sha1.c b/lib/krb5/crypto-aes-sha1.c
index 48f38c5e5..1f3760d18 100644
--- a/lib/krb5/crypto-aes-sha1.c
+++ b/lib/krb5/crypto-aes-sha1.c
@@ -72,7 +72,7 @@ struct _krb5_checksum_type _krb5_checksum_hmac_sha1_aes128 = {
     12,
     F_KEYED | F_CPROOF | F_DERIVED,
     _krb5_SP_HMAC_SHA1_checksum,
-    NULL
+    _krb5_SP_HMAC_SHA1_verify
 };
 
 struct _krb5_checksum_type _krb5_checksum_hmac_sha1_aes256 = {
@@ -82,7 +82,7 @@ struct _krb5_checksum_type _krb5_checksum_hmac_sha1_aes256 = {
     12,
     F_KEYED | F_CPROOF | F_DERIVED,
     _krb5_SP_HMAC_SHA1_checksum,
-    NULL
+    _krb5_SP_HMAC_SHA1_verify
 };
 
 static krb5_error_code
diff --git a/lib/krb5/crypto.c b/lib/krb5/crypto.c
index c84fcf619..70bf421c7 100644
--- a/lib/krb5/crypto.c
+++ b/lib/krb5/crypto.c
@@ -339,6 +339,34 @@ _krb5_SP_HMAC_SHA1_checksum(krb5_context context,
     return 0;
 }
 
+krb5_error_code
+_krb5_SP_HMAC_SHA1_verify(krb5_context context,
+                          krb5_crypto crypto,
+                          struct _krb5_key_data *key,
+                          unsigned usage,
+                          const struct krb5_crypto_iov *iov,
+                          int niov,
+                          Checksum *verify)
+{
+    krb5_error_code ret;
+    unsigned char hmac[EVP_MAX_MD_SIZE];
+    unsigned int hmaclen = sizeof(hmac);
+    krb5_data data;
+
+    ret = _krb5_evp_hmac_iov(context, crypto, key, iov, niov, hmac, &hmaclen,
+                             EVP_sha1(), NULL);
+    if (ret)
+        return ret;
+
+    data.data = hmac;
+    data.length = min(hmaclen, verify->checksum.length);
+
+    if(krb5_data_ct_cmp(&data, &verify->checksum) != 0)
+        return KRB5KRB_AP_ERR_BAD_INTEGRITY;
+
+    return 0;
+}
+
 struct _krb5_checksum_type _krb5_checksum_sha1 = {
     CKSUMTYPE_SHA1,
     "sha1",