VOL-1967 move api-server to separate repository
Change-Id: I21b85be74205805be15f8a85e53a903d16785671
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/gssapi/MICToken.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/gssapi/MICToken.go
new file mode 100644
index 0000000..856412b
--- /dev/null
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/gssapi/MICToken.go
@@ -0,0 +1,202 @@
+package gssapi
+
+import (
+ "bytes"
+ "crypto/hmac"
+ "encoding/binary"
+ "encoding/hex"
+ "errors"
+ "fmt"
+
+ "gopkg.in/jcmturner/gokrb5.v7/crypto"
+ "gopkg.in/jcmturner/gokrb5.v7/iana/keyusage"
+ "gopkg.in/jcmturner/gokrb5.v7/types"
+)
+
+/*
+From RFC 4121, section 4.2.6.1:
+
+ Use of the GSS_GetMIC() call yields a token (referred as the MIC
+ token in this document), separate from the user data being protected,
+ which can be used to verify the integrity of that data as received.
+ The token has the following format:
+
+ Octet no Name Description
+ --------------------------------------------------------------
+ 0..1 TOK_ID Identification field. Tokens emitted by
+ GSS_GetMIC() contain the hex value 04 04
+ expressed in big-endian order in this
+ field.
+ 2 Flags Attributes field, as described in section
+ 4.2.2.
+ 3..7 Filler Contains five octets of hex value FF.
+ 8..15 SND_SEQ Sequence number field in clear text,
+ expressed in big-endian order.
+ 16..last SGN_CKSUM Checksum of the "to-be-signed" data and
+ octet 0..15, as described in section 4.2.4.
+
+ The Filler field is included in the checksum calculation for
+ simplicity.
+
+*/
+
+const (
+ // MICTokenFlagSentByAcceptor - this flag indicates the sender is the context acceptor. When not set, it indicates the sender is the context initiator
+ MICTokenFlagSentByAcceptor = 1 << iota
+ // MICTokenFlagSealed - this flag indicates confidentiality is provided for. It SHALL NOT be set in MIC tokens
+ MICTokenFlagSealed
+ // MICTokenFlagAcceptorSubkey - a subkey asserted by the context acceptor is used to protect the message
+ MICTokenFlagAcceptorSubkey
+)
+
+const (
+ micHdrLen = 16 // Length of the MIC Token's header
+)
+
+// MICToken represents a GSS API MIC token, as defined in RFC 4121.
+// It contains the header fields, the payload (this is not transmitted) and
+// the checksum, and provides the logic for converting to/from bytes plus
+// computing and verifying checksums
+type MICToken struct {
+ // const GSS Token ID: 0x0404
+ Flags byte // contains three flags: acceptor, sealed, acceptor subkey
+ // const Filler: 0xFF 0xFF 0xFF 0xFF 0xFF
+ SndSeqNum uint64 // sender's sequence number. big-endian
+ Payload []byte // your data! :)
+ Checksum []byte // checksum of { payload | header }
+}
+
+// Return the 2 bytes identifying a GSS API MIC token
+func getGSSMICTokenID() *[2]byte {
+ return &[2]byte{0x04, 0x04}
+}
+
+// Return the filler bytes used in header
+func fillerBytes() *[5]byte {
+ return &[5]byte{0xFF, 0xFF, 0xFF, 0xFF, 0xFF}
+}
+
+// Marshal the MICToken into a byte slice.
+// The payload should have been set and the checksum computed, otherwise an error is returned.
+func (mt *MICToken) Marshal() ([]byte, error) {
+ if mt.Checksum == nil {
+ return nil, errors.New("checksum has not been set")
+ }
+
+ bytes := make([]byte, micHdrLen+len(mt.Checksum))
+ copy(bytes[0:micHdrLen], mt.getMICChecksumHeader()[:])
+ copy(bytes[micHdrLen:], mt.Checksum)
+
+ return bytes, nil
+}
+
+// SetChecksum uses the passed encryption key and key usage to compute the checksum over the payload and
+// the header, and sets the Checksum field of this MICToken.
+// If the payload has not been set or the checksum has already been set, an error is returned.
+func (mt *MICToken) SetChecksum(key types.EncryptionKey, keyUsage uint32) error {
+ if mt.Checksum != nil {
+ return errors.New("checksum has already been computed")
+ }
+ checksum, err := mt.checksum(key, keyUsage)
+ if err != nil {
+ return err
+ }
+ mt.Checksum = checksum
+ return nil
+}
+
+// Compute and return the checksum of this token, computed using the passed key and key usage.
+// Confirms to RFC 4121 in that the checksum will be computed over { body | header }.
+// In the context of Kerberos MIC tokens, mostly keyusage GSSAPI_ACCEPTOR_SIGN (=23)
+// and GSSAPI_INITIATOR_SIGN (=25) will be used.
+// Note: This will NOT update the struct's Checksum field.
+func (mt *MICToken) checksum(key types.EncryptionKey, keyUsage uint32) ([]byte, error) {
+ if mt.Payload == nil {
+ return nil, errors.New("cannot compute checksum with uninitialized payload")
+ }
+ d := make([]byte, micHdrLen+len(mt.Payload))
+ copy(d[0:], mt.Payload)
+ copy(d[len(mt.Payload):], mt.getMICChecksumHeader())
+
+ encType, err := crypto.GetEtype(key.KeyType)
+ if err != nil {
+ return nil, err
+ }
+ return encType.GetChecksumHash(key.KeyValue, d, keyUsage)
+}
+
+// Build a header suitable for a checksum computation
+func (mt *MICToken) getMICChecksumHeader() []byte {
+ header := make([]byte, micHdrLen)
+ copy(header[0:2], getGSSMICTokenID()[:])
+ header[2] = mt.Flags
+ copy(header[3:8], fillerBytes()[:])
+ binary.BigEndian.PutUint64(header[8:16], mt.SndSeqNum)
+ return header
+}
+
+// Verify computes the token's checksum with the provided key and usage,
+// and compares it to the checksum present in the token.
+// In case of any failure, (false, err) is returned, with err an explanatory error.
+func (mt *MICToken) Verify(key types.EncryptionKey, keyUsage uint32) (bool, error) {
+ computed, err := mt.checksum(key, keyUsage)
+ if err != nil {
+ return false, err
+ }
+ if !hmac.Equal(computed, mt.Checksum) {
+ return false, fmt.Errorf(
+ "checksum mismatch. Computed: %s, Contained in token: %s",
+ hex.EncodeToString(computed), hex.EncodeToString(mt.Checksum))
+ }
+ return true, nil
+}
+
+// Unmarshal bytes into the corresponding MICToken.
+// If expectFromAcceptor is true we expect the token to have been emitted by the gss acceptor,
+// and will check the according flag, returning an error if the token does not match the expectation.
+func (mt *MICToken) Unmarshal(b []byte, expectFromAcceptor bool) error {
+ if len(b) < micHdrLen {
+ return errors.New("bytes shorter than header length")
+ }
+ if !bytes.Equal(getGSSMICTokenID()[:], b[0:2]) {
+ return fmt.Errorf("wrong Token ID, Expected %s, was %s",
+ hex.EncodeToString(getGSSMICTokenID()[:]),
+ hex.EncodeToString(b[0:2]))
+ }
+ flags := b[2]
+ isFromAcceptor := flags&MICTokenFlagSentByAcceptor != 0
+ if isFromAcceptor && !expectFromAcceptor {
+ return errors.New("unexpected acceptor flag is set: not expecting a token from the acceptor")
+ }
+ if !isFromAcceptor && expectFromAcceptor {
+ return errors.New("unexpected acceptor flag is not set: expecting a token from the acceptor, not in the initiator")
+ }
+ if !bytes.Equal(b[3:8], fillerBytes()[:]) {
+ return fmt.Errorf("unexpected filler bytes: expecting %s, was %s",
+ hex.EncodeToString(fillerBytes()[:]),
+ hex.EncodeToString(b[3:8]))
+ }
+
+ mt.Flags = flags
+ mt.SndSeqNum = binary.BigEndian.Uint64(b[8:16])
+ mt.Checksum = b[micHdrLen:]
+ return nil
+}
+
+// NewInitiatorMICToken builds a new initiator token (acceptor flag will be set to 0) and computes the authenticated checksum.
+// Other flags are set to 0.
+// Note that in certain circumstances you may need to provide a sequence number that has been defined earlier.
+// This is currently not supported.
+func NewInitiatorMICToken(payload []byte, key types.EncryptionKey) (*MICToken, error) {
+ token := MICToken{
+ Flags: 0x00,
+ SndSeqNum: 0,
+ Payload: payload,
+ }
+
+ if err := token.SetChecksum(key, keyusage.GSSAPI_INITIATOR_SIGN); err != nil {
+ return nil, err
+ }
+
+ return &token, nil
+}