fixed rc4-hmac checksum method

client/client_integration_test.go

@@ -109,7 +109,7 @@ func TestClient_SuccessfulLogin_ETYPE_AES256_CTS_HMAC_SHA384_192(t *testing.T) {
 func TestClient_SuccessfulLogin_RC4HMAC(t *testing.T) {
 	b, err := hex.DecodeString(testdata.TESTUSER1_KEYTAB)
 	kt, _ := keytab.Parse(b)
-	c, _ := config.NewConfigFromString(testdata.TEST_KRB5CONF)
+	c, _ := config.NewConfigFromString(testdata.TEST_KRB5CONF_AD)
 	c.LibDefaults.DefaultTktEnctypes = []string{"rc4-hmac"}
 	c.LibDefaults.DefaultTktEnctypeIDs = []int{etypeID.RC4_HMAC}
 	c.LibDefaults.DefaultTGSEnctypes = []string{"rc4-hmac"}
@@ -136,6 +136,28 @@ func TestClient_SuccessfulLogin_AD(t *testing.T) {
 	}
 }
 
+func TestClient_TGSExchange_AD(t *testing.T) {
+	b, err := hex.DecodeString(testdata.TESTUSER1_KEYTAB)
+	kt, _ := keytab.Parse(b)
+	c, _ := config.NewConfigFromString(testdata.TEST_KRB5CONF_AD)
+	c.LibDefaults.DefaultTktEnctypes = []string{"rc4-hmac"}
+	c.LibDefaults.DefaultTktEnctypeIDs = []int{etypeID.RC4_HMAC}
+	c.LibDefaults.DefaultTGSEnctypes = []string{"rc4-hmac"}
+	c.LibDefaults.DefaultTGSEnctypeIDs = []int{etypeID.RC4_HMAC}
+	cl := NewClientWithKeytab("testuser1", "TEST.GOKRB5", kt)
+	cl.WithConfig(c)
+
+	err = cl.Login()
+	if err != nil {
+		t.Fatalf("Error on login: %v\n", err)
+	}
+	_, _, err = cl.GetServiceTicket("HTTP/host.test.gokrb5")
+	if err != nil {
+		t.Fatalf("Error in TGS exchange: %v", err)
+	}
+
+}
+
 func TestClient_FailedLogin(t *testing.T) {
 	b, err := hex.DecodeString(testdata.TESTUSER1_WRONGPASSWD)
 	kt, _ := keytab.Parse(b)

crypto/rc4-hmac.go

@@ -3,7 +3,6 @@ package crypto
 import (
 	"bytes"
 	"crypto/md5"
-	"github.com/jcmturner/gokrb5/crypto/common"
 	"github.com/jcmturner/gokrb5/crypto/rfc3961"
 	"github.com/jcmturner/gokrb5/crypto/rfc4757"
 	"github.com/jcmturner/gokrb5/iana/chksumtype"
@@ -121,7 +120,7 @@ func (e RC4HMAC) VerifyIntegrity(protocolKey, ct, pt []byte, usage uint32) bool
 
 // GetChecksumHash returns a keyed checksum hash of the bytes provided.
 func (e RC4HMAC) GetChecksumHash(protocolKey, data []byte, usage uint32) ([]byte, error) {
-	return common.GetHash(data, protocolKey, common.GetUsageKc(usage), e)
+	return rfc4757.Checksum(protocolKey, usage, data)
 }
 
 // VerifyChecksum compares the checksum of the message bytes is the same as the checksum provided.

crypto/rfc4757/checksum.go

@@ -7,7 +7,7 @@ import (
 	"io"
 )
 
-func Checksum(key []byte, T uint32, data []byte) ([]byte, error) {
+func Checksum(key []byte, usage uint32, data []byte) ([]byte, error) {
 	// Create hashing key
 	s := append([]byte(`signaturekey`), byte(0x00)) //includes zero octet at end
 	mac := hmac.New(md5.New, key)
@@ -15,7 +15,7 @@ func Checksum(key []byte, T uint32, data []byte) ([]byte, error) {
 	Ksign := mac.Sum(nil)
 
 	// Format data
-	tb := MessageTypeBytes(T)
+	tb := MessageTypeBytes(usage)
 	p := append(tb, data...)
 	h := md5.New()
 	rb := bytes.NewReader(p)