krb5: Add a verify mode for the HMAC_SHA1 checksum

Add a verify operation for this checksum. If a verify operation isn't
defined, then the verify_checksum code has to dynamically allocate and
free a block of memory for the computed checksum, which can be a
significant overhead when performing bulk data encryption.

lib/krb5/crypto-aes-sha1.c

@@ -72,7 +72,7 @@ struct _krb5_checksum_type _krb5_checksum_hmac_sha1_aes128 = {
     12,
     F_KEYED | F_CPROOF | F_DERIVED,
     _krb5_SP_HMAC_SHA1_checksum,
-    NULL
+    _krb5_SP_HMAC_SHA1_verify
 };
 
 struct _krb5_checksum_type _krb5_checksum_hmac_sha1_aes256 = {
@@ -82,7 +82,7 @@ struct _krb5_checksum_type _krb5_checksum_hmac_sha1_aes256 = {
     12,
     F_KEYED | F_CPROOF | F_DERIVED,
     _krb5_SP_HMAC_SHA1_checksum,
-    NULL
+    _krb5_SP_HMAC_SHA1_verify
 };
 
 static krb5_error_code

lib/krb5/crypto.c

@@ -339,6 +339,34 @@ _krb5_SP_HMAC_SHA1_checksum(krb5_context context,
     return 0;
 }
 
+krb5_error_code
+_krb5_SP_HMAC_SHA1_verify(krb5_context context,
+                          krb5_crypto crypto,
+                          struct _krb5_key_data *key,
+                          unsigned usage,
+                          const struct krb5_crypto_iov *iov,
+                          int niov,
+                          Checksum *verify)
+{
+    krb5_error_code ret;
+    unsigned char hmac[EVP_MAX_MD_SIZE];
+    unsigned int hmaclen = sizeof(hmac);
+    krb5_data data;
+
+    ret = _krb5_evp_hmac_iov(context, crypto, key, iov, niov, hmac, &hmaclen,
+                             EVP_sha1(), NULL);
+    if (ret)
+        return ret;
+
+    data.data = hmac;
+    data.length = min(hmaclen, verify->checksum.length);
+
+    if(krb5_data_ct_cmp(&data, &verify->checksum) != 0)
+        return KRB5KRB_AP_ERR_BAD_INTEGRITY;
+
+    return 0;
+}
+
 struct _krb5_checksum_type _krb5_checksum_sha1 = {
     CKSUMTYPE_SHA1,
     "sha1",