David K. Bainbridge | bd6b288 | 2021-08-26 13:31:02 +0000 | [diff] [blame] | 1 | package types |
| 2 | |
| 3 | import ( |
| 4 | "crypto/rand" |
| 5 | |
| 6 | "github.com/jcmturner/gofork/encoding/asn1" |
| 7 | "github.com/jcmturner/gokrb5/v8/crypto/etype" |
| 8 | ) |
| 9 | |
| 10 | // Reference: https://www.ietf.org/rfc/rfc4120.txt |
| 11 | // Section: 5.2.9 |
| 12 | |
| 13 | // EncryptedData implements RFC 4120 type: https://tools.ietf.org/html/rfc4120#section-5.2.9 |
| 14 | type EncryptedData struct { |
| 15 | EType int32 `asn1:"explicit,tag:0"` |
| 16 | KVNO int `asn1:"explicit,optional,tag:1"` |
| 17 | Cipher []byte `asn1:"explicit,tag:2"` |
| 18 | } |
| 19 | |
| 20 | // EncryptionKey implements RFC 4120 type: https://tools.ietf.org/html/rfc4120#section-5.2.9 |
| 21 | // AKA KeyBlock |
| 22 | type EncryptionKey struct { |
| 23 | KeyType int32 `asn1:"explicit,tag:0"` |
| 24 | KeyValue []byte `asn1:"explicit,tag:1" json:"-"` |
| 25 | } |
| 26 | |
| 27 | // Checksum implements RFC 4120 type: https://tools.ietf.org/html/rfc4120#section-5.2.9 |
| 28 | type Checksum struct { |
| 29 | CksumType int32 `asn1:"explicit,tag:0"` |
| 30 | Checksum []byte `asn1:"explicit,tag:1"` |
| 31 | } |
| 32 | |
| 33 | // Unmarshal bytes into the EncryptedData. |
| 34 | func (a *EncryptedData) Unmarshal(b []byte) error { |
| 35 | _, err := asn1.Unmarshal(b, a) |
| 36 | return err |
| 37 | } |
| 38 | |
| 39 | // Marshal the EncryptedData. |
| 40 | func (a *EncryptedData) Marshal() ([]byte, error) { |
| 41 | edb, err := asn1.Marshal(*a) |
| 42 | if err != nil { |
| 43 | return edb, err |
| 44 | } |
| 45 | return edb, nil |
| 46 | } |
| 47 | |
| 48 | // Unmarshal bytes into the EncryptionKey. |
| 49 | func (a *EncryptionKey) Unmarshal(b []byte) error { |
| 50 | _, err := asn1.Unmarshal(b, a) |
| 51 | return err |
| 52 | } |
| 53 | |
| 54 | // Unmarshal bytes into the Checksum. |
| 55 | func (a *Checksum) Unmarshal(b []byte) error { |
| 56 | _, err := asn1.Unmarshal(b, a) |
| 57 | return err |
| 58 | } |
| 59 | |
| 60 | // GenerateEncryptionKey creates a new EncryptionKey with a random key value. |
| 61 | func GenerateEncryptionKey(etype etype.EType) (EncryptionKey, error) { |
| 62 | k := EncryptionKey{ |
| 63 | KeyType: etype.GetETypeID(), |
| 64 | } |
| 65 | b := make([]byte, etype.GetKeyByteSize(), etype.GetKeyByteSize()) |
| 66 | _, err := rand.Read(b) |
| 67 | if err != nil { |
| 68 | return k, err |
| 69 | } |
| 70 | k.KeyValue = b |
| 71 | return k, nil |
| 72 | } |