VOL-1967 move api-server to separate repository
Change-Id: I21b85be74205805be15f8a85e53a903d16785671
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/aes128-cts-hmac-sha1-96.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/aes128-cts-hmac-sha1-96.go
new file mode 100644
index 0000000..90b5df0
--- /dev/null
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/aes128-cts-hmac-sha1-96.go
@@ -0,0 +1,173 @@
+package crypto
+
+import (
+ "crypto/aes"
+ "crypto/hmac"
+ "crypto/sha1"
+ "hash"
+
+ "gopkg.in/jcmturner/gokrb5.v7/crypto/common"
+ "gopkg.in/jcmturner/gokrb5.v7/crypto/rfc3961"
+ "gopkg.in/jcmturner/gokrb5.v7/crypto/rfc3962"
+ "gopkg.in/jcmturner/gokrb5.v7/iana/chksumtype"
+ "gopkg.in/jcmturner/gokrb5.v7/iana/etypeID"
+)
+
+// RFC 3962
+//+--------------------------------------------------------------------+
+//| protocol key format 128- or 256-bit string |
+//| |
+//| string-to-key function PBKDF2+DK with variable |
+//| iteration count (see |
+//| above) |
+//| |
+//| default string-to-key parameters 00 00 10 00 |
+//| |
+//| key-generation seed length key size |
+//| |
+//| random-to-key function identity function |
+//| |
+//| hash function, H SHA-1 |
+//| |
+//| HMAC output size, h 12 octets (96 bits) |
+//| |
+//| message block size, m 1 octet |
+//| |
+//| encryption/decryption functions, AES in CBC-CTS mode |
+//| E and D (cipher block size 16 |
+//| octets), with next-to- |
+//| last block (last block |
+//| if only one) as CBC-style |
+//| ivec |
+//+--------------------------------------------------------------------+
+//
+//+--------------------------------------------------------------------+
+//| encryption types |
+//+--------------------------------------------------------------------+
+//| type name etype value key size |
+//+--------------------------------------------------------------------+
+//| aes128-cts-hmac-sha1-96 17 128 |
+//| aes256-cts-hmac-sha1-96 18 256 |
+//+--------------------------------------------------------------------+
+//
+//+--------------------------------------------------------------------+
+//| checksum types |
+//+--------------------------------------------------------------------+
+//| type name sumtype value length |
+//+--------------------------------------------------------------------+
+//| hmac-sha1-96-aes128 15 96 |
+//| hmac-sha1-96-aes256 16 96 |
+//+--------------------------------------------------------------------+
+
+// Aes128CtsHmacSha96 implements Kerberos encryption type aes128-cts-hmac-sha1-96
+type Aes128CtsHmacSha96 struct {
+}
+
+// GetETypeID returns the EType ID number.
+func (e Aes128CtsHmacSha96) GetETypeID() int32 {
+ return etypeID.AES128_CTS_HMAC_SHA1_96
+}
+
+// GetHashID returns the checksum type ID number.
+func (e Aes128CtsHmacSha96) GetHashID() int32 {
+ return chksumtype.HMAC_SHA1_96_AES128
+}
+
+// GetKeyByteSize returns the number of bytes for key of this etype.
+func (e Aes128CtsHmacSha96) GetKeyByteSize() int {
+ return 128 / 8
+}
+
+// GetKeySeedBitLength returns the number of bits for the seed for key generation.
+func (e Aes128CtsHmacSha96) GetKeySeedBitLength() int {
+ return e.GetKeyByteSize() * 8
+}
+
+// GetHashFunc returns the hash function for this etype.
+func (e Aes128CtsHmacSha96) GetHashFunc() func() hash.Hash {
+ return sha1.New
+}
+
+// GetMessageBlockByteSize returns the block size for the etype's messages.
+func (e Aes128CtsHmacSha96) GetMessageBlockByteSize() int {
+ return 1
+}
+
+// GetDefaultStringToKeyParams returns the default key derivation parameters in string form.
+func (e Aes128CtsHmacSha96) GetDefaultStringToKeyParams() string {
+ return "00001000"
+}
+
+// GetConfounderByteSize returns the byte count for confounder to be used during cryptographic operations.
+func (e Aes128CtsHmacSha96) GetConfounderByteSize() int {
+ return aes.BlockSize
+}
+
+// GetHMACBitLength returns the bit count size of the integrity hash.
+func (e Aes128CtsHmacSha96) GetHMACBitLength() int {
+ return 96
+}
+
+// GetCypherBlockBitLength returns the bit count size of the cypher block.
+func (e Aes128CtsHmacSha96) GetCypherBlockBitLength() int {
+ return aes.BlockSize * 8
+}
+
+// StringToKey returns a key derived from the string provided.
+func (e Aes128CtsHmacSha96) StringToKey(secret string, salt string, s2kparams string) ([]byte, error) {
+ return rfc3962.StringToKey(secret, salt, s2kparams, e)
+}
+
+// RandomToKey returns a key from the bytes provided.
+func (e Aes128CtsHmacSha96) RandomToKey(b []byte) []byte {
+ return rfc3961.RandomToKey(b)
+}
+
+// EncryptData encrypts the data provided.
+func (e Aes128CtsHmacSha96) EncryptData(key, data []byte) ([]byte, []byte, error) {
+ return rfc3962.EncryptData(key, data, e)
+}
+
+// EncryptMessage encrypts the message provided and concatenates it with the integrity hash to create an encrypted message.
+func (e Aes128CtsHmacSha96) EncryptMessage(key, message []byte, usage uint32) ([]byte, []byte, error) {
+ return rfc3962.EncryptMessage(key, message, usage, e)
+}
+
+// DecryptData decrypts the data provided.
+func (e Aes128CtsHmacSha96) DecryptData(key, data []byte) ([]byte, error) {
+ return rfc3962.DecryptData(key, data, e)
+}
+
+// DecryptMessage decrypts the message provided and verifies the integrity of the message.
+func (e Aes128CtsHmacSha96) DecryptMessage(key, ciphertext []byte, usage uint32) ([]byte, error) {
+ return rfc3962.DecryptMessage(key, ciphertext, usage, e)
+}
+
+// DeriveKey derives a key from the protocol key based on the usage value.
+func (e Aes128CtsHmacSha96) DeriveKey(protocolKey, usage []byte) ([]byte, error) {
+ return rfc3961.DeriveKey(protocolKey, usage, e)
+}
+
+// DeriveRandom generates data needed for key generation.
+func (e Aes128CtsHmacSha96) DeriveRandom(protocolKey, usage []byte) ([]byte, error) {
+ return rfc3961.DeriveRandom(protocolKey, usage, e)
+}
+
+// VerifyIntegrity checks the integrity of the plaintext message.
+func (e Aes128CtsHmacSha96) VerifyIntegrity(protocolKey, ct, pt []byte, usage uint32) bool {
+ return rfc3961.VerifyIntegrity(protocolKey, ct, pt, usage, e)
+}
+
+// GetChecksumHash returns a keyed checksum hash of the bytes provided.
+func (e Aes128CtsHmacSha96) GetChecksumHash(protocolKey, data []byte, usage uint32) ([]byte, error) {
+ return common.GetHash(data, protocolKey, common.GetUsageKc(usage), e)
+}
+
+// VerifyChecksum compares the checksum of the message bytes is the same as the checksum provided.
+func (e Aes128CtsHmacSha96) VerifyChecksum(protocolKey, data, chksum []byte, usage uint32) bool {
+ c, err := e.GetChecksumHash(protocolKey, data, usage)
+ if err != nil {
+ return false
+ }
+ return hmac.Equal(chksum, c)
+}
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/aes128-cts-hmac-sha256-128.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/aes128-cts-hmac-sha256-128.go
new file mode 100644
index 0000000..49a1b07
--- /dev/null
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/aes128-cts-hmac-sha256-128.go
@@ -0,0 +1,135 @@
+package crypto
+
+import (
+ "crypto/aes"
+ "crypto/hmac"
+ "crypto/sha256"
+ "hash"
+
+ "gopkg.in/jcmturner/gokrb5.v7/crypto/common"
+ "gopkg.in/jcmturner/gokrb5.v7/crypto/rfc8009"
+ "gopkg.in/jcmturner/gokrb5.v7/iana/chksumtype"
+ "gopkg.in/jcmturner/gokrb5.v7/iana/etypeID"
+)
+
+// RFC https://tools.ietf.org/html/rfc8009
+
+// Aes128CtsHmacSha256128 implements Kerberos encryption type aes128-cts-hmac-sha256-128
+type Aes128CtsHmacSha256128 struct {
+}
+
+// GetETypeID returns the EType ID number.
+func (e Aes128CtsHmacSha256128) GetETypeID() int32 {
+ return etypeID.AES128_CTS_HMAC_SHA256_128
+}
+
+// GetHashID returns the checksum type ID number.
+func (e Aes128CtsHmacSha256128) GetHashID() int32 {
+ return chksumtype.HMAC_SHA256_128_AES128
+}
+
+// GetKeyByteSize returns the number of bytes for key of this etype.
+func (e Aes128CtsHmacSha256128) GetKeyByteSize() int {
+ return 128 / 8
+}
+
+// GetKeySeedBitLength returns the number of bits for the seed for key generation.
+func (e Aes128CtsHmacSha256128) GetKeySeedBitLength() int {
+ return e.GetKeyByteSize() * 8
+}
+
+// GetHashFunc returns the hash function for this etype.
+func (e Aes128CtsHmacSha256128) GetHashFunc() func() hash.Hash {
+ return sha256.New
+}
+
+// GetMessageBlockByteSize returns the block size for the etype's messages.
+func (e Aes128CtsHmacSha256128) GetMessageBlockByteSize() int {
+ return 1
+}
+
+// GetDefaultStringToKeyParams returns the default key derivation parameters in string form.
+func (e Aes128CtsHmacSha256128) GetDefaultStringToKeyParams() string {
+ return "00008000"
+}
+
+// GetConfounderByteSize returns the byte count for confounder to be used during cryptographic operations.
+func (e Aes128CtsHmacSha256128) GetConfounderByteSize() int {
+ return aes.BlockSize
+}
+
+// GetHMACBitLength returns the bit count size of the integrity hash.
+func (e Aes128CtsHmacSha256128) GetHMACBitLength() int {
+ return 128
+}
+
+// GetCypherBlockBitLength returns the bit count size of the cypher block.
+func (e Aes128CtsHmacSha256128) GetCypherBlockBitLength() int {
+ return aes.BlockSize * 8
+}
+
+// StringToKey returns a key derived from the string provided.
+func (e Aes128CtsHmacSha256128) StringToKey(secret string, salt string, s2kparams string) ([]byte, error) {
+ saltp := rfc8009.GetSaltP(salt, "aes128-cts-hmac-sha256-128")
+ return rfc8009.StringToKey(secret, saltp, s2kparams, e)
+}
+
+// RandomToKey returns a key from the bytes provided.
+func (e Aes128CtsHmacSha256128) RandomToKey(b []byte) []byte {
+ return rfc8009.RandomToKey(b)
+}
+
+// EncryptData encrypts the data provided.
+func (e Aes128CtsHmacSha256128) EncryptData(key, data []byte) ([]byte, []byte, error) {
+ return rfc8009.EncryptData(key, data, e)
+}
+
+// EncryptMessage encrypts the message provided and concatenates it with the integrity hash to create an encrypted message.
+func (e Aes128CtsHmacSha256128) EncryptMessage(key, message []byte, usage uint32) ([]byte, []byte, error) {
+ return rfc8009.EncryptMessage(key, message, usage, e)
+}
+
+// DecryptData decrypts the data provided.
+func (e Aes128CtsHmacSha256128) DecryptData(key, data []byte) ([]byte, error) {
+ return rfc8009.DecryptData(key, data, e)
+}
+
+// DecryptMessage decrypts the message provided and verifies the integrity of the message.
+func (e Aes128CtsHmacSha256128) DecryptMessage(key, ciphertext []byte, usage uint32) ([]byte, error) {
+ return rfc8009.DecryptMessage(key, ciphertext, usage, e)
+}
+
+// DeriveKey derives a key from the protocol key based on the usage value.
+func (e Aes128CtsHmacSha256128) DeriveKey(protocolKey, usage []byte) ([]byte, error) {
+ return rfc8009.DeriveKey(protocolKey, usage, e), nil
+}
+
+// DeriveRandom generates data needed for key generation.
+func (e Aes128CtsHmacSha256128) DeriveRandom(protocolKey, usage []byte) ([]byte, error) {
+ return rfc8009.DeriveRandom(protocolKey, usage, e)
+}
+
+// VerifyIntegrity checks the integrity of the ciphertext message.
+// The HMAC is calculated over the cipher state concatenated with the
+// AES output, instead of being calculated over the confounder and
+// plaintext. This allows the message receiver to verify the
+// integrity of the message before decrypting the message.
+// Therefore the pt value to this interface method is not use. Pass any []byte.
+func (e Aes128CtsHmacSha256128) VerifyIntegrity(protocolKey, ct, pt []byte, usage uint32) bool {
+ // We don't need ib just there for the interface
+ return rfc8009.VerifyIntegrity(protocolKey, ct, usage, e)
+}
+
+// GetChecksumHash returns a keyed checksum hash of the bytes provided.
+func (e Aes128CtsHmacSha256128) GetChecksumHash(protocolKey, data []byte, usage uint32) ([]byte, error) {
+ return common.GetHash(data, protocolKey, common.GetUsageKc(usage), e)
+}
+
+// VerifyChecksum compares the checksum of the message bytes is the same as the checksum provided.
+func (e Aes128CtsHmacSha256128) VerifyChecksum(protocolKey, data, chksum []byte, usage uint32) bool {
+ c, err := e.GetChecksumHash(protocolKey, data, usage)
+ if err != nil {
+ return false
+ }
+ return hmac.Equal(chksum, c)
+}
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/aes256-cts-hmac-sha1-96.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/aes256-cts-hmac-sha1-96.go
new file mode 100644
index 0000000..0cdbb7e
--- /dev/null
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/aes256-cts-hmac-sha1-96.go
@@ -0,0 +1,173 @@
+package crypto
+
+import (
+ "crypto/aes"
+ "crypto/hmac"
+ "crypto/sha1"
+ "hash"
+
+ "gopkg.in/jcmturner/gokrb5.v7/crypto/common"
+ "gopkg.in/jcmturner/gokrb5.v7/crypto/rfc3961"
+ "gopkg.in/jcmturner/gokrb5.v7/crypto/rfc3962"
+ "gopkg.in/jcmturner/gokrb5.v7/iana/chksumtype"
+ "gopkg.in/jcmturner/gokrb5.v7/iana/etypeID"
+)
+
+// RFC 3962
+//+--------------------------------------------------------------------+
+//| protocol key format 128- or 256-bit string |
+//| |
+//| string-to-key function PBKDF2+DK with variable |
+//| iteration count (see |
+//| above) |
+//| |
+//| default string-to-key parameters 00 00 10 00 |
+//| |
+//| key-generation seed length key size |
+//| |
+//| random-to-key function identity function |
+//| |
+//| hash function, H SHA-1 |
+//| |
+//| HMAC output size, h 12 octets (96 bits) |
+//| |
+//| message block size, m 1 octet |
+//| |
+//| encryption/decryption functions, AES in CBC-CTS mode |
+//| E and D (cipher block size 16 |
+//| octets), with next-to- |
+//| last block (last block |
+//| if only one) as CBC-style |
+//| ivec |
+//+--------------------------------------------------------------------+
+//
+//+--------------------------------------------------------------------+
+//| encryption types |
+//+--------------------------------------------------------------------+
+//| type name etype value key size |
+//+--------------------------------------------------------------------+
+//| aes128-cts-hmac-sha1-96 17 128 |
+//| aes256-cts-hmac-sha1-96 18 256 |
+//+--------------------------------------------------------------------+
+//
+//+--------------------------------------------------------------------+
+//| checksum types |
+//+--------------------------------------------------------------------+
+//| type name sumtype value length |
+//+--------------------------------------------------------------------+
+//| hmac-sha1-96-aes128 15 96 |
+//| hmac-sha1-96-aes256 16 96 |
+//+--------------------------------------------------------------------+
+
+// Aes256CtsHmacSha96 implements Kerberos encryption type aes256-cts-hmac-sha1-96
+type Aes256CtsHmacSha96 struct {
+}
+
+// GetETypeID returns the EType ID number.
+func (e Aes256CtsHmacSha96) GetETypeID() int32 {
+ return etypeID.AES256_CTS_HMAC_SHA1_96
+}
+
+// GetHashID returns the checksum type ID number.
+func (e Aes256CtsHmacSha96) GetHashID() int32 {
+ return chksumtype.HMAC_SHA1_96_AES256
+}
+
+// GetKeyByteSize returns the number of bytes for key of this etype.
+func (e Aes256CtsHmacSha96) GetKeyByteSize() int {
+ return 256 / 8
+}
+
+// GetKeySeedBitLength returns the number of bits for the seed for key generation.
+func (e Aes256CtsHmacSha96) GetKeySeedBitLength() int {
+ return e.GetKeyByteSize() * 8
+}
+
+// GetHashFunc returns the hash function for this etype.
+func (e Aes256CtsHmacSha96) GetHashFunc() func() hash.Hash {
+ return sha1.New
+}
+
+// GetMessageBlockByteSize returns the block size for the etype's messages.
+func (e Aes256CtsHmacSha96) GetMessageBlockByteSize() int {
+ return 1
+}
+
+// GetDefaultStringToKeyParams returns the default key derivation parameters in string form.
+func (e Aes256CtsHmacSha96) GetDefaultStringToKeyParams() string {
+ return "00001000"
+}
+
+// GetConfounderByteSize returns the byte count for confounder to be used during cryptographic operations.
+func (e Aes256CtsHmacSha96) GetConfounderByteSize() int {
+ return aes.BlockSize
+}
+
+// GetHMACBitLength returns the bit count size of the integrity hash.
+func (e Aes256CtsHmacSha96) GetHMACBitLength() int {
+ return 96
+}
+
+// GetCypherBlockBitLength returns the bit count size of the cypher block.
+func (e Aes256CtsHmacSha96) GetCypherBlockBitLength() int {
+ return aes.BlockSize * 8
+}
+
+// StringToKey returns a key derived from the string provided.
+func (e Aes256CtsHmacSha96) StringToKey(secret string, salt string, s2kparams string) ([]byte, error) {
+ return rfc3962.StringToKey(secret, salt, s2kparams, e)
+}
+
+// RandomToKey returns a key from the bytes provided.
+func (e Aes256CtsHmacSha96) RandomToKey(b []byte) []byte {
+ return rfc3961.RandomToKey(b)
+}
+
+// EncryptData encrypts the data provided.
+func (e Aes256CtsHmacSha96) EncryptData(key, data []byte) ([]byte, []byte, error) {
+ return rfc3962.EncryptData(key, data, e)
+}
+
+// EncryptMessage encrypts the message provided and concatenates it with the integrity hash to create an encrypted message.
+func (e Aes256CtsHmacSha96) EncryptMessage(key, message []byte, usage uint32) ([]byte, []byte, error) {
+ return rfc3962.EncryptMessage(key, message, usage, e)
+}
+
+// DecryptData decrypts the data provided.
+func (e Aes256CtsHmacSha96) DecryptData(key, data []byte) ([]byte, error) {
+ return rfc3962.DecryptData(key, data, e)
+}
+
+// DecryptMessage decrypts the message provided and verifies the integrity of the message.
+func (e Aes256CtsHmacSha96) DecryptMessage(key, ciphertext []byte, usage uint32) ([]byte, error) {
+ return rfc3962.DecryptMessage(key, ciphertext, usage, e)
+}
+
+// DeriveKey derives a key from the protocol key based on the usage value.
+func (e Aes256CtsHmacSha96) DeriveKey(protocolKey, usage []byte) ([]byte, error) {
+ return rfc3961.DeriveKey(protocolKey, usage, e)
+}
+
+// DeriveRandom generates data needed for key generation.
+func (e Aes256CtsHmacSha96) DeriveRandom(protocolKey, usage []byte) ([]byte, error) {
+ return rfc3961.DeriveRandom(protocolKey, usage, e)
+}
+
+// VerifyIntegrity checks the integrity of the plaintext message.
+func (e Aes256CtsHmacSha96) VerifyIntegrity(protocolKey, ct, pt []byte, usage uint32) bool {
+ return rfc3961.VerifyIntegrity(protocolKey, ct, pt, usage, e)
+}
+
+// GetChecksumHash returns a keyed checksum hash of the bytes provided.
+func (e Aes256CtsHmacSha96) GetChecksumHash(protocolKey, data []byte, usage uint32) ([]byte, error) {
+ return common.GetHash(data, protocolKey, common.GetUsageKc(usage), e)
+}
+
+// VerifyChecksum compares the checksum of the message bytes is the same as the checksum provided.
+func (e Aes256CtsHmacSha96) VerifyChecksum(protocolKey, data, chksum []byte, usage uint32) bool {
+ c, err := e.GetChecksumHash(protocolKey, data, usage)
+ if err != nil {
+ return false
+ }
+ return hmac.Equal(chksum, c)
+}
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/aes256-cts-hmac-sha384-192.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/aes256-cts-hmac-sha384-192.go
new file mode 100644
index 0000000..562b078
--- /dev/null
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/aes256-cts-hmac-sha384-192.go
@@ -0,0 +1,135 @@
+package crypto
+
+import (
+ "crypto/aes"
+ "crypto/hmac"
+ "crypto/sha512"
+ "hash"
+
+ "gopkg.in/jcmturner/gokrb5.v7/crypto/common"
+ "gopkg.in/jcmturner/gokrb5.v7/crypto/rfc8009"
+ "gopkg.in/jcmturner/gokrb5.v7/iana/chksumtype"
+ "gopkg.in/jcmturner/gokrb5.v7/iana/etypeID"
+)
+
+// RFC https://tools.ietf.org/html/rfc8009
+
+// Aes256CtsHmacSha384192 implements Kerberos encryption type aes256-cts-hmac-sha384-192
+type Aes256CtsHmacSha384192 struct {
+}
+
+// GetETypeID returns the EType ID number.
+func (e Aes256CtsHmacSha384192) GetETypeID() int32 {
+ return etypeID.AES256_CTS_HMAC_SHA384_192
+}
+
+// GetHashID returns the checksum type ID number.
+func (e Aes256CtsHmacSha384192) GetHashID() int32 {
+ return chksumtype.HMAC_SHA384_192_AES256
+}
+
+// GetKeyByteSize returns the number of bytes for key of this etype.
+func (e Aes256CtsHmacSha384192) GetKeyByteSize() int {
+ return 192 / 8
+}
+
+// GetKeySeedBitLength returns the number of bits for the seed for key generation.
+func (e Aes256CtsHmacSha384192) GetKeySeedBitLength() int {
+ return e.GetKeyByteSize() * 8
+}
+
+// GetHashFunc returns the hash function for this etype.
+func (e Aes256CtsHmacSha384192) GetHashFunc() func() hash.Hash {
+ return sha512.New384
+}
+
+// GetMessageBlockByteSize returns the block size for the etype's messages.
+func (e Aes256CtsHmacSha384192) GetMessageBlockByteSize() int {
+ return 1
+}
+
+// GetDefaultStringToKeyParams returns the default key derivation parameters in string form.
+func (e Aes256CtsHmacSha384192) GetDefaultStringToKeyParams() string {
+ return "00008000"
+}
+
+// GetConfounderByteSize returns the byte count for confounder to be used during cryptographic operations.
+func (e Aes256CtsHmacSha384192) GetConfounderByteSize() int {
+ return aes.BlockSize
+}
+
+// GetHMACBitLength returns the bit count size of the integrity hash.
+func (e Aes256CtsHmacSha384192) GetHMACBitLength() int {
+ return 192
+}
+
+// GetCypherBlockBitLength returns the bit count size of the cypher block.
+func (e Aes256CtsHmacSha384192) GetCypherBlockBitLength() int {
+ return aes.BlockSize * 8
+}
+
+// StringToKey returns a key derived from the string provided.
+func (e Aes256CtsHmacSha384192) StringToKey(secret string, salt string, s2kparams string) ([]byte, error) {
+ saltp := rfc8009.GetSaltP(salt, "aes256-cts-hmac-sha384-192")
+ return rfc8009.StringToKey(secret, saltp, s2kparams, e)
+}
+
+// RandomToKey returns a key from the bytes provided.
+func (e Aes256CtsHmacSha384192) RandomToKey(b []byte) []byte {
+ return rfc8009.RandomToKey(b)
+}
+
+// EncryptData encrypts the data provided.
+func (e Aes256CtsHmacSha384192) EncryptData(key, data []byte) ([]byte, []byte, error) {
+ return rfc8009.EncryptData(key, data, e)
+}
+
+// EncryptMessage encrypts the message provided and concatenates it with the integrity hash to create an encrypted message.
+func (e Aes256CtsHmacSha384192) EncryptMessage(key, message []byte, usage uint32) ([]byte, []byte, error) {
+ return rfc8009.EncryptMessage(key, message, usage, e)
+}
+
+// DecryptData decrypts the data provided.
+func (e Aes256CtsHmacSha384192) DecryptData(key, data []byte) ([]byte, error) {
+ return rfc8009.DecryptData(key, data, e)
+}
+
+// DecryptMessage decrypts the message provided and verifies the integrity of the message.
+func (e Aes256CtsHmacSha384192) DecryptMessage(key, ciphertext []byte, usage uint32) ([]byte, error) {
+ return rfc8009.DecryptMessage(key, ciphertext, usage, e)
+}
+
+// DeriveKey derives a key from the protocol key based on the usage value.
+func (e Aes256CtsHmacSha384192) DeriveKey(protocolKey, usage []byte) ([]byte, error) {
+ return rfc8009.DeriveKey(protocolKey, usage, e), nil
+}
+
+// DeriveRandom generates data needed for key generation.
+func (e Aes256CtsHmacSha384192) DeriveRandom(protocolKey, usage []byte) ([]byte, error) {
+ return rfc8009.DeriveRandom(protocolKey, usage, e)
+}
+
+// VerifyIntegrity checks the integrity of the ciphertext message.
+// The HMAC is calculated over the cipher state concatenated with the
+// AES output, instead of being calculated over the confounder and
+// plaintext. This allows the message receiver to verify the
+// integrity of the message before decrypting the message.
+// Therefore the pt value to this interface method is not use. Pass any []byte.
+func (e Aes256CtsHmacSha384192) VerifyIntegrity(protocolKey, ct, pt []byte, usage uint32) bool {
+ // We don't need ib just there for the interface
+ return rfc8009.VerifyIntegrity(protocolKey, ct, usage, e)
+}
+
+// GetChecksumHash returns a keyed checksum hash of the bytes provided.
+func (e Aes256CtsHmacSha384192) GetChecksumHash(protocolKey, data []byte, usage uint32) ([]byte, error) {
+ return common.GetHash(data, protocolKey, common.GetUsageKc(usage), e)
+}
+
+// VerifyChecksum compares the checksum of the message bytes is the same as the checksum provided.
+func (e Aes256CtsHmacSha384192) VerifyChecksum(protocolKey, data, chksum []byte, usage uint32) bool {
+ c, err := e.GetChecksumHash(protocolKey, data, usage)
+ if err != nil {
+ return false
+ }
+ return hmac.Equal(chksum, c)
+}
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/common/common.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/common/common.go
new file mode 100644
index 0000000..96ae549
--- /dev/null
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/common/common.go
@@ -0,0 +1,143 @@
+// Package common provides encryption methods common across encryption types
+package common
+
+import (
+ "bytes"
+ "crypto/hmac"
+ "encoding/binary"
+ "encoding/hex"
+ "errors"
+ "fmt"
+
+ "gopkg.in/jcmturner/gokrb5.v7/crypto/etype"
+)
+
+// ZeroPad pads bytes with zeros to nearest multiple of message size m.
+func ZeroPad(b []byte, m int) ([]byte, error) {
+ if m <= 0 {
+ return nil, errors.New("Invalid message block size when padding")
+ }
+ if b == nil || len(b) == 0 {
+ return nil, errors.New("Data not valid to pad: Zero size")
+ }
+ if l := len(b) % m; l != 0 {
+ n := m - l
+ z := make([]byte, n)
+ b = append(b, z...)
+ }
+ return b, nil
+}
+
+// PKCS7Pad pads bytes according to RFC 2315 to nearest multiple of message size m.
+func PKCS7Pad(b []byte, m int) ([]byte, error) {
+ if m <= 0 {
+ return nil, errors.New("Invalid message block size when padding")
+ }
+ if b == nil || len(b) == 0 {
+ return nil, errors.New("Data not valid to pad: Zero size")
+ }
+ n := m - (len(b) % m)
+ pb := make([]byte, len(b)+n)
+ copy(pb, b)
+ copy(pb[len(b):], bytes.Repeat([]byte{byte(n)}, n))
+ return pb, nil
+}
+
+// PKCS7Unpad removes RFC 2315 padding from byes where message size is m.
+func PKCS7Unpad(b []byte, m int) ([]byte, error) {
+ if m <= 0 {
+ return nil, errors.New("invalid message block size when unpadding")
+ }
+ if b == nil || len(b) == 0 {
+ return nil, errors.New("padded data not valid: Zero size")
+ }
+ if len(b)%m != 0 {
+ return nil, errors.New("padded data not valid: Not multiple of message block size")
+ }
+ c := b[len(b)-1]
+ n := int(c)
+ if n == 0 || n > len(b) {
+ return nil, errors.New("padded data not valid: Data may not have been padded")
+ }
+ for i := 0; i < n; i++ {
+ if b[len(b)-n+i] != c {
+ return nil, errors.New("padded data not valid")
+ }
+ }
+ return b[:len(b)-n], nil
+}
+
+// GetHash generates the keyed hash value according to the etype's hash function.
+func GetHash(pt, key []byte, usage []byte, etype etype.EType) ([]byte, error) {
+ k, err := etype.DeriveKey(key, usage)
+ if err != nil {
+ return nil, fmt.Errorf("unable to derive key for checksum: %v", err)
+ }
+ mac := hmac.New(etype.GetHashFunc(), k)
+ p := make([]byte, len(pt))
+ copy(p, pt)
+ mac.Write(p)
+ return mac.Sum(nil)[:etype.GetHMACBitLength()/8], nil
+}
+
+// GetChecksumHash returns a keyed checksum hash of the bytes provided.
+func GetChecksumHash(b, key []byte, usage uint32, etype etype.EType) ([]byte, error) {
+ return GetHash(b, key, GetUsageKc(usage), etype)
+}
+
+// GetIntegrityHash returns a keyed integrity hash of the bytes provided.
+func GetIntegrityHash(b, key []byte, usage uint32, etype etype.EType) ([]byte, error) {
+ return GetHash(b, key, GetUsageKi(usage), etype)
+}
+
+// VerifyChecksum compares the checksum of the msg bytes is the same as the checksum provided.
+func VerifyChecksum(key, chksum, msg []byte, usage uint32, etype etype.EType) bool {
+ //The ciphertext output is the concatenation of the output of the basic
+ //encryption function E and a (possibly truncated) HMAC using the
+ //specified hash function H, both applied to the plaintext with a
+ //random confounder prefix and sufficient padding to bring it to a
+ //multiple of the message block size. When the HMAC is computed, the
+ //key is used in the protocol key form.
+ expectedMAC, _ := GetChecksumHash(msg, key, usage, etype)
+ return hmac.Equal(chksum, expectedMAC)
+}
+
+// GetUsageKc returns the checksum key usage value for the usage number un.
+//
+// RFC 3961: The "well-known constant" used for the DK function is the key usage number, expressed as four octets in big-endian order, followed by one octet indicated below.
+//
+// Kc = DK(base-key, usage | 0x99);
+func GetUsageKc(un uint32) []byte {
+ return getUsage(un, 0x99)
+}
+
+// GetUsageKe returns the encryption key usage value for the usage number un
+//
+// RFC 3961: The "well-known constant" used for the DK function is the key usage number, expressed as four octets in big-endian order, followed by one octet indicated below.
+//
+// Ke = DK(base-key, usage | 0xAA);
+func GetUsageKe(un uint32) []byte {
+ return getUsage(un, 0xAA)
+}
+
+// GetUsageKi returns the integrity key usage value for the usage number un
+//
+// RFC 3961: The "well-known constant" used for the DK function is the key usage number, expressed as four octets in big-endian order, followed by one octet indicated below.
+//
+// Ki = DK(base-key, usage | 0x55);
+func GetUsageKi(un uint32) []byte {
+ return getUsage(un, 0x55)
+}
+
+func getUsage(un uint32, o byte) []byte {
+ var buf bytes.Buffer
+ binary.Write(&buf, binary.BigEndian, un)
+ return append(buf.Bytes(), o)
+}
+
+// IterationsToS2Kparams converts the number of iterations as an integer to a string representation.
+func IterationsToS2Kparams(i uint32) string {
+ b := make([]byte, 4, 4)
+ binary.BigEndian.PutUint32(b, i)
+ return hex.EncodeToString(b)
+}
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/crypto.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/crypto.go
new file mode 100644
index 0000000..e04e968
--- /dev/null
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/crypto.go
@@ -0,0 +1,175 @@
+// Package crypto implements cryptographic functions for Kerberos 5 implementation.
+package crypto
+
+import (
+ "encoding/hex"
+ "fmt"
+
+ "gopkg.in/jcmturner/gokrb5.v7/crypto/etype"
+ "gopkg.in/jcmturner/gokrb5.v7/iana/chksumtype"
+ "gopkg.in/jcmturner/gokrb5.v7/iana/etypeID"
+ "gopkg.in/jcmturner/gokrb5.v7/iana/patype"
+ "gopkg.in/jcmturner/gokrb5.v7/types"
+)
+
+// GetEtype returns an instances of the required etype struct for the etype ID.
+func GetEtype(id int32) (etype.EType, error) {
+ switch id {
+ case etypeID.AES128_CTS_HMAC_SHA1_96:
+ var et Aes128CtsHmacSha96
+ return et, nil
+ case etypeID.AES256_CTS_HMAC_SHA1_96:
+ var et Aes256CtsHmacSha96
+ return et, nil
+ case etypeID.AES128_CTS_HMAC_SHA256_128:
+ var et Aes128CtsHmacSha256128
+ return et, nil
+ case etypeID.AES256_CTS_HMAC_SHA384_192:
+ var et Aes256CtsHmacSha384192
+ return et, nil
+ case etypeID.DES3_CBC_SHA1_KD:
+ var et Des3CbcSha1Kd
+ return et, nil
+ case etypeID.RC4_HMAC:
+ var et RC4HMAC
+ return et, nil
+ default:
+ return nil, fmt.Errorf("unknown or unsupported EType: %d", id)
+ }
+}
+
+// GetChksumEtype returns an instances of the required etype struct for the checksum ID.
+func GetChksumEtype(id int32) (etype.EType, error) {
+ switch id {
+ case chksumtype.HMAC_SHA1_96_AES128:
+ var et Aes128CtsHmacSha96
+ return et, nil
+ case chksumtype.HMAC_SHA1_96_AES256:
+ var et Aes256CtsHmacSha96
+ return et, nil
+ case chksumtype.HMAC_SHA256_128_AES128:
+ var et Aes128CtsHmacSha256128
+ return et, nil
+ case chksumtype.HMAC_SHA384_192_AES256:
+ var et Aes256CtsHmacSha384192
+ return et, nil
+ case chksumtype.HMAC_SHA1_DES3_KD:
+ var et Des3CbcSha1Kd
+ return et, nil
+ case chksumtype.KERB_CHECKSUM_HMAC_MD5:
+ var et RC4HMAC
+ return et, nil
+ //case chksumtype.KERB_CHECKSUM_HMAC_MD5_UNSIGNED:
+ // var et RC4HMAC
+ // return et, nil
+ default:
+ return nil, fmt.Errorf("unknown or unsupported checksum type: %d", id)
+ }
+}
+
+// GetKeyFromPassword generates an encryption key from the principal's password.
+func GetKeyFromPassword(passwd string, cname types.PrincipalName, realm string, etypeID int32, pas types.PADataSequence) (types.EncryptionKey, etype.EType, error) {
+ var key types.EncryptionKey
+ et, err := GetEtype(etypeID)
+ if err != nil {
+ return key, et, fmt.Errorf("error getting encryption type: %v", err)
+ }
+ sk2p := et.GetDefaultStringToKeyParams()
+ var salt string
+ var paID int32
+ for _, pa := range pas {
+ switch pa.PADataType {
+ case patype.PA_PW_SALT:
+ if paID > pa.PADataType {
+ continue
+ }
+ salt = string(pa.PADataValue)
+ case patype.PA_ETYPE_INFO:
+ if paID > pa.PADataType {
+ continue
+ }
+ var eti types.ETypeInfo
+ err := eti.Unmarshal(pa.PADataValue)
+ if err != nil {
+ return key, et, fmt.Errorf("error unmashaling PA Data to PA-ETYPE-INFO2: %v", err)
+ }
+ if etypeID != eti[0].EType {
+ et, err = GetEtype(eti[0].EType)
+ if err != nil {
+ return key, et, fmt.Errorf("error getting encryption type: %v", err)
+ }
+ }
+ salt = string(eti[0].Salt)
+ case patype.PA_ETYPE_INFO2:
+ if paID > pa.PADataType {
+ continue
+ }
+ var et2 types.ETypeInfo2
+ err := et2.Unmarshal(pa.PADataValue)
+ if err != nil {
+ return key, et, fmt.Errorf("error unmashalling PA Data to PA-ETYPE-INFO2: %v", err)
+ }
+ if etypeID != et2[0].EType {
+ et, err = GetEtype(et2[0].EType)
+ if err != nil {
+ return key, et, fmt.Errorf("error getting encryption type: %v", err)
+ }
+ }
+ if len(et2[0].S2KParams) == 4 {
+ sk2p = hex.EncodeToString(et2[0].S2KParams)
+ }
+ salt = et2[0].Salt
+ }
+ }
+ if salt == "" {
+ salt = cname.GetSalt(realm)
+ }
+ k, err := et.StringToKey(passwd, salt, sk2p)
+ if err != nil {
+ return key, et, fmt.Errorf("error deriving key from string: %+v", err)
+ }
+ key = types.EncryptionKey{
+ KeyType: etypeID,
+ KeyValue: k,
+ }
+ return key, et, nil
+}
+
+// GetEncryptedData encrypts the data provided and returns and EncryptedData type.
+// Pass a usage value of zero to use the key provided directly rather than deriving one.
+func GetEncryptedData(plainBytes []byte, key types.EncryptionKey, usage uint32, kvno int) (types.EncryptedData, error) {
+ var ed types.EncryptedData
+ et, err := GetEtype(key.KeyType)
+ if err != nil {
+ return ed, fmt.Errorf("error getting etype: %v", err)
+ }
+ _, b, err := et.EncryptMessage(key.KeyValue, plainBytes, usage)
+ if err != nil {
+ return ed, err
+ }
+
+ ed = types.EncryptedData{
+ EType: key.KeyType,
+ Cipher: b,
+ KVNO: kvno,
+ }
+ return ed, nil
+}
+
+// DecryptEncPart decrypts the EncryptedData.
+func DecryptEncPart(ed types.EncryptedData, key types.EncryptionKey, usage uint32) ([]byte, error) {
+ return DecryptMessage(ed.Cipher, key, usage)
+}
+
+// DecryptMessage decrypts the ciphertext and verifies the integrity.
+func DecryptMessage(ciphertext []byte, key types.EncryptionKey, usage uint32) ([]byte, error) {
+ et, err := GetEtype(key.KeyType)
+ if err != nil {
+ return []byte{}, fmt.Errorf("error decrypting: %v", err)
+ }
+ b, err := et.DecryptMessage(key.KeyValue, ciphertext, usage)
+ if err != nil {
+ return nil, fmt.Errorf("error decrypting: %v", err)
+ }
+ return b, nil
+}
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/des3-cbc-sha1-kd.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/des3-cbc-sha1-kd.go
new file mode 100644
index 0000000..db3a149
--- /dev/null
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/des3-cbc-sha1-kd.go
@@ -0,0 +1,174 @@
+package crypto
+
+import (
+ "crypto/des"
+ "crypto/hmac"
+ "crypto/sha1"
+ "errors"
+ "hash"
+
+ "gopkg.in/jcmturner/gokrb5.v7/crypto/common"
+ "gopkg.in/jcmturner/gokrb5.v7/crypto/rfc3961"
+ "gopkg.in/jcmturner/gokrb5.v7/iana/chksumtype"
+ "gopkg.in/jcmturner/gokrb5.v7/iana/etypeID"
+)
+
+//RFC: 3961 Section 6.3
+
+/*
+ des3-cbc-hmac-sha1-kd, hmac-sha1-des3-kd
+ ------------------------------------------------
+ protocol key format 24 bytes, parity in low
+ bit of each
+
+ key-generation seed 21 bytes
+ length
+
+ hash function SHA-1
+
+ HMAC output size 160 bits
+
+ message block size 8 bytes
+
+ default string-to-key empty string
+ params
+
+ encryption and triple-DES encrypt and
+ decryption functions decrypt, in outer-CBC
+ mode (cipher block size
+ 8 octets)
+
+ key generation functions:
+
+ random-to-key DES3random-to-key (see
+ below)
+
+ string-to-key DES3string-to-key (see
+ below)
+
+ The des3-cbc-hmac-sha1-kd encryption type is assigned the value
+ sixteen (16). The hmac-sha1-des3-kd checksum algorithm is assigned a
+ checksum type number of twelve (12)*/
+
+// Des3CbcSha1Kd implements Kerberos encryption type des3-cbc-hmac-sha1-kd
+type Des3CbcSha1Kd struct {
+}
+
+// GetETypeID returns the EType ID number.
+func (e Des3CbcSha1Kd) GetETypeID() int32 {
+ return etypeID.DES3_CBC_SHA1_KD
+}
+
+// GetHashID returns the checksum type ID number.
+func (e Des3CbcSha1Kd) GetHashID() int32 {
+ return chksumtype.HMAC_SHA1_DES3_KD
+}
+
+// GetKeyByteSize returns the number of bytes for key of this etype.
+func (e Des3CbcSha1Kd) GetKeyByteSize() int {
+ return 24
+}
+
+// GetKeySeedBitLength returns the number of bits for the seed for key generation.
+func (e Des3CbcSha1Kd) GetKeySeedBitLength() int {
+ return 21 * 8
+}
+
+// GetHashFunc returns the hash function for this etype.
+func (e Des3CbcSha1Kd) GetHashFunc() func() hash.Hash {
+ return sha1.New
+}
+
+// GetMessageBlockByteSize returns the block size for the etype's messages.
+func (e Des3CbcSha1Kd) GetMessageBlockByteSize() int {
+ //For traditional CBC mode with padding, it would be the underlying cipher's block size
+ return des.BlockSize
+}
+
+// GetDefaultStringToKeyParams returns the default key derivation parameters in string form.
+func (e Des3CbcSha1Kd) GetDefaultStringToKeyParams() string {
+ var s string
+ return s
+}
+
+// GetConfounderByteSize returns the byte count for confounder to be used during cryptographic operations.
+func (e Des3CbcSha1Kd) GetConfounderByteSize() int {
+ return des.BlockSize
+}
+
+// GetHMACBitLength returns the bit count size of the integrity hash.
+func (e Des3CbcSha1Kd) GetHMACBitLength() int {
+ return e.GetHashFunc()().Size() * 8
+}
+
+// GetCypherBlockBitLength returns the bit count size of the cypher block.
+func (e Des3CbcSha1Kd) GetCypherBlockBitLength() int {
+ return des.BlockSize * 8
+}
+
+// StringToKey returns a key derived from the string provided.
+func (e Des3CbcSha1Kd) StringToKey(secret string, salt string, s2kparams string) ([]byte, error) {
+ if s2kparams != "" {
+ return []byte{}, errors.New("s2kparams must be an empty string")
+ }
+ return rfc3961.DES3StringToKey(secret, salt, e)
+}
+
+// RandomToKey returns a key from the bytes provided.
+func (e Des3CbcSha1Kd) RandomToKey(b []byte) []byte {
+ return rfc3961.DES3RandomToKey(b)
+}
+
+// DeriveRandom generates data needed for key generation.
+func (e Des3CbcSha1Kd) DeriveRandom(protocolKey, usage []byte) ([]byte, error) {
+ r, err := rfc3961.DeriveRandom(protocolKey, usage, e)
+ return r, err
+}
+
+// DeriveKey derives a key from the protocol key based on the usage value.
+func (e Des3CbcSha1Kd) DeriveKey(protocolKey, usage []byte) ([]byte, error) {
+ r, err := e.DeriveRandom(protocolKey, usage)
+ if err != nil {
+ return nil, err
+ }
+ return e.RandomToKey(r), nil
+}
+
+// EncryptData encrypts the data provided.
+func (e Des3CbcSha1Kd) EncryptData(key, data []byte) ([]byte, []byte, error) {
+ return rfc3961.DES3EncryptData(key, data, e)
+}
+
+// EncryptMessage encrypts the message provided and concatenates it with the integrity hash to create an encrypted message.
+func (e Des3CbcSha1Kd) EncryptMessage(key, message []byte, usage uint32) ([]byte, []byte, error) {
+ return rfc3961.DES3EncryptMessage(key, message, usage, e)
+}
+
+// DecryptData decrypts the data provided.
+func (e Des3CbcSha1Kd) DecryptData(key, data []byte) ([]byte, error) {
+ return rfc3961.DES3DecryptData(key, data, e)
+}
+
+// DecryptMessage decrypts the message provided and verifies the integrity of the message.
+func (e Des3CbcSha1Kd) DecryptMessage(key, ciphertext []byte, usage uint32) ([]byte, error) {
+ return rfc3961.DES3DecryptMessage(key, ciphertext, usage, e)
+}
+
+// VerifyIntegrity checks the integrity of the plaintext message.
+func (e Des3CbcSha1Kd) VerifyIntegrity(protocolKey, ct, pt []byte, usage uint32) bool {
+ return rfc3961.VerifyIntegrity(protocolKey, ct, pt, usage, e)
+}
+
+// GetChecksumHash returns a keyed checksum hash of the bytes provided.
+func (e Des3CbcSha1Kd) GetChecksumHash(protocolKey, data []byte, usage uint32) ([]byte, error) {
+ return common.GetHash(data, protocolKey, common.GetUsageKc(usage), e)
+}
+
+// VerifyChecksum compares the checksum of the message bytes is the same as the checksum provided.
+func (e Des3CbcSha1Kd) VerifyChecksum(protocolKey, data, chksum []byte, usage uint32) bool {
+ c, err := e.GetChecksumHash(protocolKey, data, usage)
+ if err != nil {
+ return false
+ }
+ return hmac.Equal(chksum, c)
+}
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/etype/etype.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/etype/etype.go
new file mode 100644
index 0000000..ee7510e
--- /dev/null
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/etype/etype.go
@@ -0,0 +1,29 @@
+// Package etype provides the Kerberos Encryption Type interface
+package etype
+
+import "hash"
+
+// EType is the interface defining the Encryption Type.
+type EType interface {
+ GetETypeID() int32
+ GetHashID() int32
+ GetKeyByteSize() int
+ GetKeySeedBitLength() int // key-generation seed length, k
+ GetDefaultStringToKeyParams() string // default string-to-key parameters (s2kparams)
+ StringToKey(string, salt, s2kparams string) ([]byte, error) // string-to-key (UTF-8 string, UTF-8 string, opaque)->(protocol-key)
+ RandomToKey(b []byte) []byte // random-to-key (bitstring[K])->(protocol-key)
+ GetHMACBitLength() int // HMAC output size, h
+ GetMessageBlockByteSize() int // message block size, m
+ EncryptData(key, data []byte) ([]byte, []byte, error) // E function - encrypt (specific-key, state, octet string)->(state, octet string)
+ EncryptMessage(key, message []byte, usage uint32) ([]byte, []byte, error)
+ DecryptData(key, data []byte) ([]byte, error) // D function
+ DecryptMessage(key, ciphertext []byte, usage uint32) ([]byte, error)
+ GetCypherBlockBitLength() int // cipher block size, c
+ GetConfounderByteSize() int // This is the same as the cipher block size but in bytes.
+ DeriveKey(protocolKey, usage []byte) ([]byte, error) // DK key-derivation (protocol-key, integer)->(specific-key)
+ DeriveRandom(protocolKey, usage []byte) ([]byte, error) // DR pseudo-random (protocol-key, octet-string)->(octet-string)
+ VerifyIntegrity(protocolKey, ct, pt []byte, usage uint32) bool
+ GetChecksumHash(protocolKey, data []byte, usage uint32) ([]byte, error)
+ VerifyChecksum(protocolKey, data, chksum []byte, usage uint32) bool
+ GetHashFunc() func() hash.Hash
+}
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rc4-hmac.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rc4-hmac.go
new file mode 100644
index 0000000..9df55ee
--- /dev/null
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rc4-hmac.go
@@ -0,0 +1,135 @@
+package crypto
+
+import (
+ "bytes"
+ "crypto/hmac"
+ "crypto/md5"
+ "hash"
+ "io"
+
+ "golang.org/x/crypto/md4"
+ "gopkg.in/jcmturner/gokrb5.v7/crypto/rfc3961"
+ "gopkg.in/jcmturner/gokrb5.v7/crypto/rfc4757"
+ "gopkg.in/jcmturner/gokrb5.v7/iana/chksumtype"
+ "gopkg.in/jcmturner/gokrb5.v7/iana/etypeID"
+)
+
+//http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/8u40-b25/sun/security/krb5/internal/crypto/dk/ArcFourCrypto.java#ArcFourCrypto.encrypt%28byte%5B%5D%2Cint%2Cbyte%5B%5D%2Cbyte%5B%5D%2Cbyte%5B%5D%2Cint%2Cint%29
+
+// RC4HMAC implements Kerberos encryption type aes256-cts-hmac-sha1-96
+type RC4HMAC struct {
+}
+
+// GetETypeID returns the EType ID number.
+func (e RC4HMAC) GetETypeID() int32 {
+ return etypeID.RC4_HMAC
+}
+
+// GetHashID returns the checksum type ID number.
+func (e RC4HMAC) GetHashID() int32 {
+ return chksumtype.KERB_CHECKSUM_HMAC_MD5
+}
+
+// GetKeyByteSize returns the number of bytes for key of this etype.
+func (e RC4HMAC) GetKeyByteSize() int {
+ return 16
+}
+
+// GetKeySeedBitLength returns the number of bits for the seed for key generation.
+func (e RC4HMAC) GetKeySeedBitLength() int {
+ return e.GetKeyByteSize() * 8
+}
+
+// GetHashFunc returns the hash function for this etype.
+func (e RC4HMAC) GetHashFunc() func() hash.Hash {
+ return md5.New
+}
+
+// GetMessageBlockByteSize returns the block size for the etype's messages.
+func (e RC4HMAC) GetMessageBlockByteSize() int {
+ return 1
+}
+
+// GetDefaultStringToKeyParams returns the default key derivation parameters in string form.
+func (e RC4HMAC) GetDefaultStringToKeyParams() string {
+ return ""
+}
+
+// GetConfounderByteSize returns the byte count for confounder to be used during cryptographic operations.
+func (e RC4HMAC) GetConfounderByteSize() int {
+ return 8
+}
+
+// GetHMACBitLength returns the bit count size of the integrity hash.
+func (e RC4HMAC) GetHMACBitLength() int {
+ return md5.Size * 8
+}
+
+// GetCypherBlockBitLength returns the bit count size of the cypher block.
+func (e RC4HMAC) GetCypherBlockBitLength() int {
+ return 8 // doesn't really apply
+}
+
+// StringToKey returns a key derived from the string provided.
+func (e RC4HMAC) StringToKey(secret string, salt string, s2kparams string) ([]byte, error) {
+ return rfc4757.StringToKey(secret)
+}
+
+// RandomToKey returns a key from the bytes provided.
+func (e RC4HMAC) RandomToKey(b []byte) []byte {
+ r := bytes.NewReader(b)
+ h := md4.New()
+ io.Copy(h, r)
+ return h.Sum(nil)
+}
+
+// EncryptData encrypts the data provided.
+func (e RC4HMAC) EncryptData(key, data []byte) ([]byte, []byte, error) {
+ b, err := rfc4757.EncryptData(key, data, e)
+ return []byte{}, b, err
+}
+
+// EncryptMessage encrypts the message provided and concatenates it with the integrity hash to create an encrypted message.
+func (e RC4HMAC) EncryptMessage(key, message []byte, usage uint32) ([]byte, []byte, error) {
+ b, err := rfc4757.EncryptMessage(key, message, usage, false, e)
+ return []byte{}, b, err
+}
+
+// DecryptData decrypts the data provided.
+func (e RC4HMAC) DecryptData(key, data []byte) ([]byte, error) {
+ return rfc4757.DecryptData(key, data, e)
+}
+
+// DecryptMessage decrypts the message provided and verifies the integrity of the message.
+func (e RC4HMAC) DecryptMessage(key, ciphertext []byte, usage uint32) ([]byte, error) {
+ return rfc4757.DecryptMessage(key, ciphertext, usage, false, e)
+}
+
+// DeriveKey derives a key from the protocol key based on the usage value.
+func (e RC4HMAC) DeriveKey(protocolKey, usage []byte) ([]byte, error) {
+ return rfc4757.HMAC(protocolKey, usage), nil
+}
+
+// DeriveRandom generates data needed for key generation.
+func (e RC4HMAC) DeriveRandom(protocolKey, usage []byte) ([]byte, error) {
+ return rfc3961.DeriveRandom(protocolKey, usage, e)
+}
+
+// VerifyIntegrity checks the integrity of the plaintext message.
+func (e RC4HMAC) VerifyIntegrity(protocolKey, ct, pt []byte, usage uint32) bool {
+ return rfc4757.VerifyIntegrity(protocolKey, pt, ct, e)
+}
+
+// GetChecksumHash returns a keyed checksum hash of the bytes provided.
+func (e RC4HMAC) GetChecksumHash(protocolKey, data []byte, usage uint32) ([]byte, error) {
+ return rfc4757.Checksum(protocolKey, usage, data)
+}
+
+// VerifyChecksum compares the checksum of the message bytes is the same as the checksum provided.
+func (e RC4HMAC) VerifyChecksum(protocolKey, data, chksum []byte, usage uint32) bool {
+ checksum, err := rfc4757.Checksum(protocolKey, usage, data)
+ if err != nil {
+ return false
+ }
+ return hmac.Equal(checksum, chksum)
+}
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc3961/encryption.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc3961/encryption.go
new file mode 100644
index 0000000..6f550fa
--- /dev/null
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc3961/encryption.go
@@ -0,0 +1,125 @@
+// Package rfc3961 provides encryption and checksum methods as specified in RFC 3961
+package rfc3961
+
+import (
+ "crypto/cipher"
+ "crypto/des"
+ "crypto/hmac"
+ "crypto/rand"
+ "errors"
+ "fmt"
+
+ "gopkg.in/jcmturner/gokrb5.v7/crypto/common"
+ "gopkg.in/jcmturner/gokrb5.v7/crypto/etype"
+)
+
+// DES3EncryptData encrypts the data provided using DES3 and methods specific to the etype provided.
+func DES3EncryptData(key, data []byte, e etype.EType) ([]byte, []byte, error) {
+ if len(key) != e.GetKeyByteSize() {
+ return nil, nil, fmt.Errorf("incorrect keysize: expected: %v actual: %v", e.GetKeyByteSize(), len(key))
+ }
+ data, _ = common.ZeroPad(data, e.GetMessageBlockByteSize())
+
+ block, err := des.NewTripleDESCipher(key)
+ if err != nil {
+ return nil, nil, fmt.Errorf("error creating cipher: %v", err)
+ }
+
+ //RFC 3961: initial cipher state All bits zero
+ ivz := make([]byte, des.BlockSize)
+
+ ct := make([]byte, len(data))
+ mode := cipher.NewCBCEncrypter(block, ivz)
+ mode.CryptBlocks(ct, data)
+ return ct[len(ct)-e.GetMessageBlockByteSize():], ct, nil
+}
+
+// DES3EncryptMessage encrypts the message provided using DES3 and methods specific to the etype provided.
+// The encrypted data is concatenated with its integrity hash to create an encrypted message.
+func DES3EncryptMessage(key, message []byte, usage uint32, e etype.EType) ([]byte, []byte, error) {
+ //confounder
+ c := make([]byte, e.GetConfounderByteSize())
+ _, err := rand.Read(c)
+ if err != nil {
+ return []byte{}, []byte{}, fmt.Errorf("could not generate random confounder: %v", err)
+ }
+ plainBytes := append(c, message...)
+ plainBytes, _ = common.ZeroPad(plainBytes, e.GetMessageBlockByteSize())
+
+ // Derive key for encryption from usage
+ var k []byte
+ if usage != 0 {
+ k, err = e.DeriveKey(key, common.GetUsageKe(usage))
+ if err != nil {
+ return []byte{}, []byte{}, fmt.Errorf("error deriving key for encryption: %v", err)
+ }
+ }
+
+ iv, b, err := e.EncryptData(k, plainBytes)
+ if err != nil {
+ return iv, b, fmt.Errorf("error encrypting data: %v", err)
+ }
+
+ // Generate and append integrity hash
+ ih, err := common.GetIntegrityHash(plainBytes, key, usage, e)
+ if err != nil {
+ return iv, b, fmt.Errorf("error encrypting data: %v", err)
+ }
+ b = append(b, ih...)
+ return iv, b, nil
+}
+
+// DES3DecryptData decrypts the data provided using DES3 and methods specific to the etype provided.
+func DES3DecryptData(key, data []byte, e etype.EType) ([]byte, error) {
+ if len(key) != e.GetKeyByteSize() {
+ return []byte{}, fmt.Errorf("incorrect keysize: expected: %v actual: %v", e.GetKeyByteSize(), len(key))
+ }
+
+ if len(data) < des.BlockSize || len(data)%des.BlockSize != 0 {
+ return []byte{}, errors.New("ciphertext is not a multiple of the block size")
+ }
+ block, err := des.NewTripleDESCipher(key)
+ if err != nil {
+ return []byte{}, fmt.Errorf("error creating cipher: %v", err)
+ }
+ pt := make([]byte, len(data))
+ ivz := make([]byte, des.BlockSize)
+ mode := cipher.NewCBCDecrypter(block, ivz)
+ mode.CryptBlocks(pt, data)
+ return pt, nil
+}
+
+// DES3DecryptMessage decrypts the message provided using DES3 and methods specific to the etype provided.
+// The integrity of the message is also verified.
+func DES3DecryptMessage(key, ciphertext []byte, usage uint32, e etype.EType) ([]byte, error) {
+ //Derive the key
+ k, err := e.DeriveKey(key, common.GetUsageKe(usage))
+ if err != nil {
+ return nil, fmt.Errorf("error deriving key: %v", err)
+ }
+ // Strip off the checksum from the end
+ b, err := e.DecryptData(k, ciphertext[:len(ciphertext)-e.GetHMACBitLength()/8])
+ if err != nil {
+ return nil, fmt.Errorf("error decrypting: %v", err)
+ }
+ //Verify checksum
+ if !e.VerifyIntegrity(key, ciphertext, b, usage) {
+ return nil, errors.New("error decrypting: integrity verification failed")
+ }
+ //Remove the confounder bytes
+ return b[e.GetConfounderByteSize():], nil
+}
+
+// VerifyIntegrity verifies the integrity of cipertext bytes ct.
+func VerifyIntegrity(key, ct, pt []byte, usage uint32, etype etype.EType) bool {
+ //The ciphertext output is the concatenation of the output of the basic
+ //encryption function E and a (possibly truncated) HMAC using the
+ //specified hash function H, both applied to the plaintext with a
+ //random confounder prefix and sufficient padding to bring it to a
+ //multiple of the message block size. When the HMAC is computed, the
+ //key is used in the protocol key form.
+ h := make([]byte, etype.GetHMACBitLength()/8)
+ copy(h, ct[len(ct)-etype.GetHMACBitLength()/8:])
+ expectedMAC, _ := common.GetIntegrityHash(pt, key, usage, etype)
+ return hmac.Equal(h, expectedMAC)
+}
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc3961/keyDerivation.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc3961/keyDerivation.go
new file mode 100644
index 0000000..8c637a2
--- /dev/null
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc3961/keyDerivation.go
@@ -0,0 +1,178 @@
+package rfc3961
+
+import (
+ "bytes"
+
+ "gopkg.in/jcmturner/gokrb5.v7/crypto/etype"
+)
+
+const (
+ prfconstant = "prf"
+)
+
+// DeriveRandom implements the RFC 3961 defined function: DR(Key, Constant) = k-truncate(E(Key, Constant, initial-cipher-state)).
+//
+// key: base key or protocol key. Likely to be a key from a keytab file.
+//
+// usage: a constant.
+//
+// n: block size in bits (not bytes) - note if you use something like aes.BlockSize this is in bytes.
+//
+// k: key length / key seed length in bits. Eg. for AES256 this value is 256.
+//
+// e: the encryption etype function to use.
+func DeriveRandom(key, usage []byte, e etype.EType) ([]byte, error) {
+ n := e.GetCypherBlockBitLength()
+ k := e.GetKeySeedBitLength()
+ //Ensure the usage constant is at least the size of the cypher block size. Pass it through the nfold algorithm that will "stretch" it if needs be.
+ nFoldUsage := Nfold(usage, n)
+ //k-truncate implemented by creating a byte array the size of k (k is in bits hence /8)
+ out := make([]byte, k/8)
+
+ /*If the output of E is shorter than k bits, it is fed back into the encryption as many times as necessary.
+ The construct is as follows (where | indicates concatenation):
+
+ K1 = E(Key, n-fold(Constant), initial-cipher-state)
+ K2 = E(Key, K1, initial-cipher-state)
+ K3 = E(Key, K2, initial-cipher-state)
+ K4 = ...
+
+ DR(Key, Constant) = k-truncate(K1 | K2 | K3 | K4 ...)*/
+ _, K, err := e.EncryptData(key, nFoldUsage)
+ if err != nil {
+ return out, err
+ }
+ for i := copy(out, K); i < len(out); {
+ _, K, _ = e.EncryptData(key, K)
+ i = i + copy(out[i:], K)
+ }
+ return out, nil
+}
+
+// DeriveKey derives a key from the protocol key based on the usage and the etype's specific methods.
+func DeriveKey(protocolKey, usage []byte, e etype.EType) ([]byte, error) {
+ r, err := e.DeriveRandom(protocolKey, usage)
+ if err != nil {
+ return nil, err
+ }
+ return e.RandomToKey(r), nil
+}
+
+// RandomToKey returns a key from the bytes provided according to the definition in RFC 3961.
+func RandomToKey(b []byte) []byte {
+ return b
+}
+
+// DES3RandomToKey returns a key from the bytes provided according to the definition in RFC 3961 for DES3 etypes.
+func DES3RandomToKey(b []byte) []byte {
+ r := fixWeakKey(stretch56Bits(b[:7]))
+ r2 := fixWeakKey(stretch56Bits(b[7:14]))
+ r = append(r, r2...)
+ r3 := fixWeakKey(stretch56Bits(b[14:21]))
+ r = append(r, r3...)
+ return r
+}
+
+// DES3StringToKey returns a key derived from the string provided according to the definition in RFC 3961 for DES3 etypes.
+func DES3StringToKey(secret, salt string, e etype.EType) ([]byte, error) {
+ s := secret + salt
+ tkey := e.RandomToKey(Nfold([]byte(s), e.GetKeySeedBitLength()))
+ return e.DeriveKey(tkey, []byte("kerberos"))
+}
+
+// PseudoRandom function as defined in RFC 3961
+func PseudoRandom(key, b []byte, e etype.EType) ([]byte, error) {
+ h := e.GetHashFunc()()
+ h.Write(b)
+ tmp := h.Sum(nil)[:e.GetMessageBlockByteSize()]
+ k, err := e.DeriveKey(key, []byte(prfconstant))
+ if err != nil {
+ return []byte{}, err
+ }
+ _, prf, err := e.EncryptData(k, tmp)
+ if err != nil {
+ return []byte{}, err
+ }
+ return prf, nil
+}
+
+func stretch56Bits(b []byte) []byte {
+ d := make([]byte, len(b), len(b))
+ copy(d, b)
+ var lb byte
+ for i, v := range d {
+ bv, nb := calcEvenParity(v)
+ d[i] = nb
+ if bv != 0 {
+ lb = lb | (1 << uint(i+1))
+ } else {
+ lb = lb &^ (1 << uint(i+1))
+ }
+ }
+ _, lb = calcEvenParity(lb)
+ d = append(d, lb)
+ return d
+}
+
+func calcEvenParity(b byte) (uint8, uint8) {
+ lowestbit := b & 0x01
+ // c counter of 1s in the first 7 bits of the byte
+ var c int
+ // Iterate over the highest 7 bits (hence p starts at 1 not zero) and count the 1s.
+ for p := 1; p < 8; p++ {
+ v := b & (1 << uint(p))
+ if v != 0 {
+ c++
+ }
+ }
+ if c%2 == 0 {
+ //Even number of 1s so set parity to 1
+ b = b | 1
+ } else {
+ //Odd number of 1s so set parity to 0
+ b = b &^ 1
+ }
+ return lowestbit, b
+}
+
+func fixWeakKey(b []byte) []byte {
+ if weak(b) {
+ b[7] ^= 0xF0
+ }
+ return b
+}
+
+func weak(b []byte) bool {
+ // weak keys from https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-67r1.pdf
+ weakKeys := [4][]byte{
+ {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01},
+ {0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE},
+ {0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1},
+ {0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E},
+ }
+ semiWeakKeys := [12][]byte{
+ {0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E},
+ {0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01},
+ {0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1},
+ {0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01},
+ {0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE},
+ {0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01},
+ {0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1},
+ {0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E},
+ {0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE},
+ {0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E},
+ {0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE},
+ {0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1},
+ }
+ for _, k := range weakKeys {
+ if bytes.Equal(b, k) {
+ return true
+ }
+ }
+ for _, k := range semiWeakKeys {
+ if bytes.Equal(b, k) {
+ return true
+ }
+ }
+ return false
+}
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc3961/nfold.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc3961/nfold.go
new file mode 100644
index 0000000..779d1c6
--- /dev/null
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc3961/nfold.go
@@ -0,0 +1,128 @@
+package rfc3961
+
+/*
+Implementation of the n-fold algorithm as defined in RFC 3961.
+
+n-fold is an algorithm that takes m input bits and "stretches" them
+to form n output bits with equal contribution from each input bit to
+the output, as described in [Blumenthal96]:
+
+We first define a primitive called n-folding, which takes a
+variable-length input block and produces a fixed-length output
+sequence. The intent is to give each input bit approximately
+equal weight in determining the value of each output bit. Note
+that whenever we need to treat a string of octets as a number, the
+assumed representation is Big-Endian -- Most Significant Byte
+first.
+
+To n-fold a number X, replicate the input value to a length that
+is the least common multiple of n and the length of X. Before
+each repetition, the input is rotated to the right by 13 bit
+positions. The successive n-bit chunks are added together using
+1's-complement addition (that is, with end-around carry) to yield
+a n-bit result....
+*/
+
+/* Credits
+This golang implementation of nfold used the following project for help with implementation detail.
+Although their source is in java it was helpful as a reference implementation of the RFC.
+You can find the source code of their open source project along with license information below.
+We acknowledge and are grateful to these developers for their contributions to open source
+
+Project: Apache Directory (http://http://directory.apache.org/)
+https://svn.apache.org/repos/asf/directory/apacheds/tags/1.5.1/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/NFold.java
+License: http://www.apache.org/licenses/LICENSE-2.0
+*/
+
+// Nfold expands the key to ensure it is not smaller than one cipher block.
+// Defined in RFC 3961.
+//
+// m input bytes that will be "stretched" to the least common multiple of n bits and the bit length of m.
+func Nfold(m []byte, n int) []byte {
+ k := len(m) * 8
+
+ //Get the lowest common multiple of the two bit sizes
+ lcm := lcm(n, k)
+ relicate := lcm / k
+ var sumBytes []byte
+
+ for i := 0; i < relicate; i++ {
+ rotation := 13 * i
+ sumBytes = append(sumBytes, rotateRight(m, rotation)...)
+ }
+
+ nfold := make([]byte, n/8)
+ sum := make([]byte, n/8)
+ for i := 0; i < lcm/n; i++ {
+ for j := 0; j < n/8; j++ {
+ sum[j] = sumBytes[j+(i*len(sum))]
+ }
+ nfold = onesComplementAddition(nfold, sum)
+ }
+ return nfold
+}
+
+func onesComplementAddition(n1, n2 []byte) []byte {
+ numBits := len(n1) * 8
+ out := make([]byte, numBits/8)
+ carry := 0
+ for i := numBits - 1; i > -1; i-- {
+ n1b := getBit(&n1, i)
+ n2b := getBit(&n2, i)
+ s := n1b + n2b + carry
+
+ if s == 0 || s == 1 {
+ setBit(&out, i, s)
+ carry = 0
+ } else if s == 2 {
+ carry = 1
+ } else if s == 3 {
+ setBit(&out, i, 1)
+ carry = 1
+ }
+ }
+ if carry == 1 {
+ carryArray := make([]byte, len(n1))
+ carryArray[len(carryArray)-1] = 1
+ out = onesComplementAddition(out, carryArray)
+ }
+ return out
+}
+
+func rotateRight(b []byte, step int) []byte {
+ out := make([]byte, len(b))
+ bitLen := len(b) * 8
+ for i := 0; i < bitLen; i++ {
+ v := getBit(&b, i)
+ setBit(&out, (i+step)%bitLen, v)
+ }
+ return out
+}
+
+func lcm(x, y int) int {
+ return (x * y) / gcd(x, y)
+}
+
+func gcd(x, y int) int {
+ for y != 0 {
+ x, y = y, x%y
+ }
+ return x
+}
+
+func getBit(b *[]byte, p int) int {
+ pByte := p / 8
+ pBit := uint(p % 8)
+ vByte := (*b)[pByte]
+ vInt := int(vByte >> (8 - (pBit + 1)) & 0x0001)
+ return vInt
+}
+
+func setBit(b *[]byte, p, v int) {
+ pByte := p / 8
+ pBit := uint(p % 8)
+ oldByte := (*b)[pByte]
+ var newByte byte
+ newByte = byte(v<<(8-(pBit+1))) | oldByte
+ (*b)[pByte] = newByte
+}
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc3962/encryption.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc3962/encryption.go
new file mode 100644
index 0000000..2be2fde
--- /dev/null
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc3962/encryption.go
@@ -0,0 +1,89 @@
+// Package rfc3962 provides encryption and checksum methods as specified in RFC 3962
+package rfc3962
+
+import (
+ "crypto/rand"
+ "errors"
+ "fmt"
+
+ "gopkg.in/jcmturner/aescts.v1"
+ "gopkg.in/jcmturner/gokrb5.v7/crypto/common"
+ "gopkg.in/jcmturner/gokrb5.v7/crypto/etype"
+)
+
+// EncryptData encrypts the data provided using methods specific to the etype provided as defined in RFC 3962.
+func EncryptData(key, data []byte, e etype.EType) ([]byte, []byte, error) {
+ if len(key) != e.GetKeyByteSize() {
+ return []byte{}, []byte{}, fmt.Errorf("incorrect keysize: expected: %v actual: %v", e.GetKeyByteSize(), len(key))
+ }
+ ivz := make([]byte, e.GetCypherBlockBitLength()/8)
+ return aescts.Encrypt(key, ivz, data)
+}
+
+// EncryptMessage encrypts the message provided using the methods specific to the etype provided as defined in RFC 3962.
+// The encrypted data is concatenated with its integrity hash to create an encrypted message.
+func EncryptMessage(key, message []byte, usage uint32, e etype.EType) ([]byte, []byte, error) {
+ if len(key) != e.GetKeyByteSize() {
+ return []byte{}, []byte{}, fmt.Errorf("incorrect keysize: expected: %v actual: %v", e.GetKeyByteSize(), len(key))
+ }
+ //confounder
+ c := make([]byte, e.GetConfounderByteSize())
+ _, err := rand.Read(c)
+ if err != nil {
+ return []byte{}, []byte{}, fmt.Errorf("could not generate random confounder: %v", err)
+ }
+ plainBytes := append(c, message...)
+
+ // Derive key for encryption from usage
+ var k []byte
+ if usage != 0 {
+ k, err = e.DeriveKey(key, common.GetUsageKe(usage))
+ if err != nil {
+ return []byte{}, []byte{}, fmt.Errorf("error deriving key for encryption: %v", err)
+ }
+ }
+
+ // Encrypt the data
+ iv, b, err := e.EncryptData(k, plainBytes)
+ if err != nil {
+ return iv, b, fmt.Errorf("error encrypting data: %v", err)
+ }
+
+ // Generate and append integrity hash
+ ih, err := common.GetIntegrityHash(plainBytes, key, usage, e)
+ if err != nil {
+ return iv, b, fmt.Errorf("error encrypting data: %v", err)
+ }
+ b = append(b, ih...)
+ return iv, b, nil
+}
+
+// DecryptData decrypts the data provided using the methods specific to the etype provided as defined in RFC 3962.
+func DecryptData(key, data []byte, e etype.EType) ([]byte, error) {
+ if len(key) != e.GetKeyByteSize() {
+ return []byte{}, fmt.Errorf("incorrect keysize: expected: %v actual: %v", e.GetKeyByteSize(), len(key))
+ }
+ ivz := make([]byte, e.GetCypherBlockBitLength()/8)
+ return aescts.Decrypt(key, ivz, data)
+}
+
+// DecryptMessage decrypts the message provided using the methods specific to the etype provided as defined in RFC 3962.
+// The integrity of the message is also verified.
+func DecryptMessage(key, ciphertext []byte, usage uint32, e etype.EType) ([]byte, error) {
+ //Derive the key
+ k, err := e.DeriveKey(key, common.GetUsageKe(usage))
+ if err != nil {
+ return nil, fmt.Errorf("error deriving key: %v", err)
+ }
+ // Strip off the checksum from the end
+ b, err := e.DecryptData(k, ciphertext[:len(ciphertext)-e.GetHMACBitLength()/8])
+ if err != nil {
+ return nil, err
+ }
+ //Verify checksum
+ if !e.VerifyIntegrity(key, ciphertext, b, usage) {
+ return nil, errors.New("integrity verification failed")
+ }
+ //Remove the confounder bytes
+ return b[e.GetConfounderByteSize():], nil
+}
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc3962/keyDerivation.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc3962/keyDerivation.go
new file mode 100644
index 0000000..a5f45c1
--- /dev/null
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc3962/keyDerivation.go
@@ -0,0 +1,58 @@
+package rfc3962
+
+import (
+ "encoding/binary"
+ "encoding/hex"
+ "errors"
+
+ "github.com/jcmturner/gofork/x/crypto/pbkdf2"
+ "gopkg.in/jcmturner/gokrb5.v7/crypto/etype"
+)
+
+const (
+ s2kParamsZero = 4294967296
+)
+
+// StringToKey returns a key derived from the string provided according to the definition in RFC 3961.
+func StringToKey(secret, salt, s2kparams string, e etype.EType) ([]byte, error) {
+ i, err := S2KparamsToItertions(s2kparams)
+ if err != nil {
+ return nil, err
+ }
+ return StringToKeyIter(secret, salt, i, e)
+}
+
+// StringToPBKDF2 generates an encryption key from a pass phrase and salt string using the PBKDF2 function from PKCS #5 v2.0
+func StringToPBKDF2(secret, salt string, iterations int64, e etype.EType) []byte {
+ return pbkdf2.Key64([]byte(secret), []byte(salt), iterations, int64(e.GetKeyByteSize()), e.GetHashFunc())
+}
+
+// StringToKeyIter returns a key derived from the string provided according to the definition in RFC 3961.
+func StringToKeyIter(secret, salt string, iterations int64, e etype.EType) ([]byte, error) {
+ tkey := e.RandomToKey(StringToPBKDF2(secret, salt, iterations, e))
+ return e.DeriveKey(tkey, []byte("kerberos"))
+}
+
+// S2KparamsToItertions converts the string representation of iterations to an integer
+func S2KparamsToItertions(s2kparams string) (int64, error) {
+ //process s2kparams string
+ //The parameter string is four octets indicating an unsigned
+ //number in big-endian order. This is the number of iterations to be
+ //performed. If the value is 00 00 00 00, the number of iterations to
+ //be performed is 4,294,967,296 (2**32).
+ var i uint32
+ if len(s2kparams) != 8 {
+ return int64(s2kParamsZero), errors.New("invalid s2kparams length")
+ }
+ b, err := hex.DecodeString(s2kparams)
+ if err != nil {
+ return int64(s2kParamsZero), errors.New("invalid s2kparams, cannot decode string to bytes")
+ }
+ i = binary.BigEndian.Uint32(b)
+ //buf := bytes.NewBuffer(b)
+ //err = binary.Read(buf, binary.BigEndian, &i)
+ if err != nil {
+ return int64(s2kParamsZero), errors.New("invalid s2kparams, cannot convert to big endian int32")
+ }
+ return int64(i), nil
+}
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc4757/checksum.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc4757/checksum.go
new file mode 100644
index 0000000..45276e9
--- /dev/null
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc4757/checksum.go
@@ -0,0 +1,40 @@
+package rfc4757
+
+import (
+ "bytes"
+ "crypto/hmac"
+ "crypto/md5"
+ "io"
+)
+
+// Checksum returns a hash of the data in accordance with RFC 4757
+func Checksum(key []byte, usage uint32, data []byte) ([]byte, error) {
+ // Create hashing key
+ s := append([]byte(`signaturekey`), byte(0x00)) //includes zero octet at end
+ mac := hmac.New(md5.New, key)
+ mac.Write(s)
+ Ksign := mac.Sum(nil)
+
+ // Format data
+ tb := UsageToMSMsgType(usage)
+ p := append(tb, data...)
+ h := md5.New()
+ rb := bytes.NewReader(p)
+ _, err := io.Copy(h, rb)
+ if err != nil {
+ return []byte{}, err
+ }
+ tmp := h.Sum(nil)
+
+ // Generate HMAC
+ mac = hmac.New(md5.New, Ksign)
+ mac.Write(tmp)
+ return mac.Sum(nil), nil
+}
+
+// HMAC returns a keyed MD5 checksum of the data
+func HMAC(key []byte, data []byte) []byte {
+ mac := hmac.New(md5.New, key)
+ mac.Write(data)
+ return mac.Sum(nil)
+}
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc4757/encryption.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc4757/encryption.go
new file mode 100644
index 0000000..0ec8b99
--- /dev/null
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc4757/encryption.go
@@ -0,0 +1,80 @@
+// Package rfc4757 provides encryption and checksum methods as specified in RFC 4757
+package rfc4757
+
+import (
+ "crypto/hmac"
+ "crypto/rand"
+ "crypto/rc4"
+ "errors"
+ "fmt"
+
+ "gopkg.in/jcmturner/gokrb5.v7/crypto/etype"
+)
+
+// EncryptData encrypts the data provided using methods specific to the etype provided as defined in RFC 4757.
+func EncryptData(key, data []byte, e etype.EType) ([]byte, error) {
+ if len(key) != e.GetKeyByteSize() {
+ return []byte{}, fmt.Errorf("incorrect keysize: expected: %v actual: %v", e.GetKeyByteSize(), len(key))
+ }
+ rc4Cipher, err := rc4.NewCipher(key)
+ if err != nil {
+ return []byte{}, fmt.Errorf("error creating RC4 cipher: %v", err)
+ }
+ ed := make([]byte, len(data))
+ copy(ed, data)
+ rc4Cipher.XORKeyStream(ed, ed)
+ rc4Cipher.Reset()
+ return ed, nil
+}
+
+// DecryptData decrypts the data provided using the methods specific to the etype provided as defined in RFC 4757.
+func DecryptData(key, data []byte, e etype.EType) ([]byte, error) {
+ return EncryptData(key, data, e)
+}
+
+// EncryptMessage encrypts the message provided using the methods specific to the etype provided as defined in RFC 4757.
+// The encrypted data is concatenated with its RC4 header containing integrity checksum and confounder to create an encrypted message.
+func EncryptMessage(key, data []byte, usage uint32, export bool, e etype.EType) ([]byte, error) {
+ confounder := make([]byte, e.GetConfounderByteSize()) // size = 8
+ _, err := rand.Read(confounder)
+ if err != nil {
+ return []byte{}, fmt.Errorf("error generating confounder: %v", err)
+ }
+ k1 := key
+ k2 := HMAC(k1, UsageToMSMsgType(usage))
+ toenc := append(confounder, data...)
+ chksum := HMAC(k2, toenc)
+ k3 := HMAC(k2, chksum)
+
+ ed, err := EncryptData(k3, toenc, e)
+ if err != nil {
+ return []byte{}, fmt.Errorf("error encrypting data: %v", err)
+ }
+
+ msg := append(chksum, ed...)
+ return msg, nil
+}
+
+// DecryptMessage decrypts the message provided using the methods specific to the etype provided as defined in RFC 4757.
+// The integrity of the message is also verified.
+func DecryptMessage(key, data []byte, usage uint32, export bool, e etype.EType) ([]byte, error) {
+ checksum := data[:e.GetHMACBitLength()/8]
+ ct := data[e.GetHMACBitLength()/8:]
+ _, k2, k3 := deriveKeys(key, checksum, usage, export)
+
+ pt, err := DecryptData(k3, ct, e)
+ if err != nil {
+ return []byte{}, fmt.Errorf("error decrypting data: %v", err)
+ }
+
+ if !VerifyIntegrity(k2, pt, data, e) {
+ return []byte{}, errors.New("integrity checksum incorrect")
+ }
+ return pt[e.GetConfounderByteSize():], nil
+}
+
+// VerifyIntegrity checks the integrity checksum of the data matches that calculated from the decrypted data.
+func VerifyIntegrity(key, pt, data []byte, e etype.EType) bool {
+ chksum := HMAC(key, pt)
+ return hmac.Equal(chksum, data[:e.GetHMACBitLength()/8])
+}
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc4757/keyDerivation.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc4757/keyDerivation.go
new file mode 100644
index 0000000..5e7ec48
--- /dev/null
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc4757/keyDerivation.go
@@ -0,0 +1,55 @@
+package rfc4757
+
+import (
+ "bytes"
+ "encoding/hex"
+ "errors"
+ "fmt"
+ "io"
+
+ "golang.org/x/crypto/md4"
+)
+
+// StringToKey returns a key derived from the string provided according to the definition in RFC 4757.
+func StringToKey(secret string) ([]byte, error) {
+ b := make([]byte, len(secret)*2, len(secret)*2)
+ for i, r := range secret {
+ u := fmt.Sprintf("%04x", r)
+ c, err := hex.DecodeString(u)
+ if err != nil {
+ return []byte{}, errors.New("character could not be encoded")
+ }
+ // Swap round the two bytes to make little endian as we put into byte slice
+ b[2*i] = c[1]
+ b[2*i+1] = c[0]
+ }
+ r := bytes.NewReader(b)
+ h := md4.New()
+ _, err := io.Copy(h, r)
+ if err != nil {
+ return []byte{}, err
+ }
+ return h.Sum(nil), nil
+}
+
+func deriveKeys(key, checksum []byte, usage uint32, export bool) (k1, k2, k3 []byte) {
+ //if export {
+ // L40 := make([]byte, 14, 14)
+ // copy(L40, []byte(`fortybits`))
+ // k1 = HMAC(key, L40)
+ //} else {
+ // tb := MessageTypeBytes(usage)
+ // k1 = HMAC(key, tb)
+ //}
+ //k2 = k1[:16]
+ //if export {
+ // mask := []byte{0xAB,0xAB,0xAB,0xAB,0xAB,0xAB,0xAB,0xAB,0xAB}
+ // copy(k1[7:16], mask)
+ //}
+ //k3 = HMAC(k1, checksum)
+ //return
+ k1 = key
+ k2 = HMAC(k1, UsageToMSMsgType(usage))
+ k3 = HMAC(k2, checksum)
+ return
+}
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc4757/msgtype.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc4757/msgtype.go
new file mode 100644
index 0000000..068588d
--- /dev/null
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc4757/msgtype.go
@@ -0,0 +1,20 @@
+package rfc4757
+
+import "encoding/binary"
+
+// UsageToMSMsgType converts Kerberos key usage numbers to Microsoft message type encoded as a little-endian four byte slice.
+func UsageToMSMsgType(usage uint32) []byte {
+ // Translate usage numbers to the Microsoft T numbers
+ switch usage {
+ case 3:
+ usage = 8
+ case 9:
+ usage = 8
+ case 23:
+ usage = 13
+ }
+ // Now convert to bytes
+ tb := make([]byte, 4) // We force an int32 input so we can't go over 4 bytes
+ binary.PutUvarint(tb, uint64(usage))
+ return tb
+}
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc8009/encryption.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc8009/encryption.go
new file mode 100644
index 0000000..86aae09
--- /dev/null
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc8009/encryption.go
@@ -0,0 +1,128 @@
+// Package rfc8009 provides encryption and checksum methods as specified in RFC 8009
+package rfc8009
+
+import (
+ "crypto/aes"
+ "crypto/hmac"
+ "crypto/rand"
+ "errors"
+ "fmt"
+
+ "gopkg.in/jcmturner/aescts.v1"
+ "gopkg.in/jcmturner/gokrb5.v7/crypto/common"
+ "gopkg.in/jcmturner/gokrb5.v7/crypto/etype"
+ "gopkg.in/jcmturner/gokrb5.v7/iana/etypeID"
+)
+
+// EncryptData encrypts the data provided using methods specific to the etype provided as defined in RFC 8009.
+func EncryptData(key, data []byte, e etype.EType) ([]byte, []byte, error) {
+ kl := e.GetKeyByteSize()
+ if e.GetETypeID() == etypeID.AES256_CTS_HMAC_SHA384_192 {
+ kl = 32
+ }
+ if len(key) != kl {
+ return []byte{}, []byte{}, fmt.Errorf("incorrect keysize: expected: %v actual: %v", e.GetKeyByteSize(), len(key))
+ }
+ ivz := make([]byte, aes.BlockSize)
+ return aescts.Encrypt(key, ivz, data)
+}
+
+// EncryptMessage encrypts the message provided using the methods specific to the etype provided as defined in RFC 8009.
+// The encrypted data is concatenated with its integrity hash to create an encrypted message.
+func EncryptMessage(key, message []byte, usage uint32, e etype.EType) ([]byte, []byte, error) {
+ kl := e.GetKeyByteSize()
+ if e.GetETypeID() == etypeID.AES256_CTS_HMAC_SHA384_192 {
+ kl = 32
+ }
+ if len(key) != kl {
+ return []byte{}, []byte{}, fmt.Errorf("incorrect keysize: expected: %v actual: %v", kl, len(key))
+ }
+ if len(key) != e.GetKeyByteSize() {
+ }
+ //confounder
+ c := make([]byte, e.GetConfounderByteSize())
+ _, err := rand.Read(c)
+ if err != nil {
+ return []byte{}, []byte{}, fmt.Errorf("could not generate random confounder: %v", err)
+ }
+ plainBytes := append(c, message...)
+
+ // Derive key for encryption from usage
+ var k []byte
+ if usage != 0 {
+ k, err = e.DeriveKey(key, common.GetUsageKe(usage))
+ if err != nil {
+ return []byte{}, []byte{}, fmt.Errorf("error deriving key for encryption: %v", err)
+ }
+ }
+
+ // Encrypt the data
+ iv, b, err := e.EncryptData(k, plainBytes)
+ if err != nil {
+ return iv, b, fmt.Errorf("error encrypting data: %v", err)
+ }
+
+ ivz := make([]byte, e.GetConfounderByteSize())
+ ih, err := GetIntegityHash(ivz, b, key, usage, e)
+ if err != nil {
+ return iv, b, fmt.Errorf("error encrypting data: %v", err)
+ }
+ b = append(b, ih...)
+ return iv, b, nil
+}
+
+// DecryptData decrypts the data provided using the methods specific to the etype provided as defined in RFC 8009.
+func DecryptData(key, data []byte, e etype.EType) ([]byte, error) {
+ kl := e.GetKeyByteSize()
+ if e.GetETypeID() == etypeID.AES256_CTS_HMAC_SHA384_192 {
+ kl = 32
+ }
+ if len(key) != kl {
+ return []byte{}, fmt.Errorf("incorrect keysize: expected: %v actual: %v", kl, len(key))
+ }
+ ivz := make([]byte, aes.BlockSize)
+ return aescts.Decrypt(key, ivz, data)
+}
+
+// DecryptMessage decrypts the message provided using the methods specific to the etype provided as defined in RFC 8009.
+// The integrity of the message is also verified.
+func DecryptMessage(key, ciphertext []byte, usage uint32, e etype.EType) ([]byte, error) {
+ //Derive the key
+ k, err := e.DeriveKey(key, common.GetUsageKe(usage))
+ if err != nil {
+ return nil, fmt.Errorf("error deriving key: %v", err)
+ }
+ // Strip off the checksum from the end
+ b, err := e.DecryptData(k, ciphertext[:len(ciphertext)-e.GetHMACBitLength()/8])
+ if err != nil {
+ return nil, err
+ }
+ //Verify checksum
+ if !e.VerifyIntegrity(key, ciphertext, b, usage) {
+ return nil, errors.New("integrity verification failed")
+ }
+ //Remove the confounder bytes
+ return b[e.GetConfounderByteSize():], nil
+}
+
+// GetIntegityHash returns a keyed integrity hash of the bytes provided as defined in RFC 8009
+func GetIntegityHash(iv, c, key []byte, usage uint32, e etype.EType) ([]byte, error) {
+ // Generate and append integrity hash
+ // The HMAC is calculated over the cipher state concatenated with the
+ // AES output, instead of being calculated over the confounder and
+ // plaintext. This allows the message receiver to verify the
+ // integrity of the message before decrypting the message.
+ // H = HMAC(Ki, IV | C)
+ ib := append(iv, c...)
+ return common.GetIntegrityHash(ib, key, usage, e)
+}
+
+// VerifyIntegrity verifies the integrity of cipertext bytes ct.
+func VerifyIntegrity(key, ct []byte, usage uint32, etype etype.EType) bool {
+ h := make([]byte, etype.GetHMACBitLength()/8)
+ copy(h, ct[len(ct)-etype.GetHMACBitLength()/8:])
+ ivz := make([]byte, etype.GetConfounderByteSize())
+ ib := append(ivz, ct[:len(ct)-(etype.GetHMACBitLength()/8)]...)
+ expectedMAC, _ := common.GetIntegrityHash(ib, key, usage, etype)
+ return hmac.Equal(h, expectedMAC)
+}
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc8009/keyDerivation.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc8009/keyDerivation.go
new file mode 100644
index 0000000..90ced3b
--- /dev/null
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc8009/keyDerivation.go
@@ -0,0 +1,144 @@
+package rfc8009
+
+import (
+ "crypto/hmac"
+ "encoding/binary"
+ "encoding/hex"
+ "errors"
+
+ "golang.org/x/crypto/pbkdf2"
+ "gopkg.in/jcmturner/gokrb5.v7/crypto/etype"
+ "gopkg.in/jcmturner/gokrb5.v7/iana/etypeID"
+)
+
+const (
+ s2kParamsZero = 32768
+)
+
+// DeriveRandom for key derivation as defined in RFC 8009
+func DeriveRandom(protocolKey, usage []byte, e etype.EType) ([]byte, error) {
+ h := e.GetHashFunc()()
+ return KDF_HMAC_SHA2(protocolKey, []byte("prf"), usage, h.Size(), e), nil
+}
+
+// DeriveKey derives a key from the protocol key based on the usage and the etype's specific methods.
+//
+// https://tools.ietf.org/html/rfc8009#section-5
+//
+// If the enctype is aes128-cts-hmac-sha256-128:
+// Kc = KDF-HMAC-SHA2(base-key, usage | 0x99, 128)
+// Ke = KDF-HMAC-SHA2(base-key, usage | 0xAA, 128)
+// Ki = KDF-HMAC-SHA2(base-key, usage | 0x55, 128)
+//
+// If the enctype is aes256-cts-hmac-sha384-192:
+// Kc = KDF-HMAC-SHA2(base-key, usage | 0x99, 192)
+// Ke = KDF-HMAC-SHA2(base-key, usage | 0xAA, 256)
+// Ki = KDF-HMAC-SHA2(base-key, usage | 0x55, 192)
+func DeriveKey(protocolKey, label []byte, e etype.EType) []byte {
+ var context []byte
+ var kl int
+ // Key length is longer for aes256-cts-hmac-sha384-192 is it is a Ke or from StringToKey (where label is "kerberos")
+ if e.GetETypeID() == etypeID.AES256_CTS_HMAC_SHA384_192 {
+ switch label[len(label)-1] {
+ case 0x73:
+ // 0x73 is "s" so label could be kerberos meaning StringToKey so now check if the label is "kerberos"
+ kerblabel := []byte("kerberos")
+ if len(label) != len(kerblabel) {
+ break
+ }
+ for i, b := range label {
+ if b != kerblabel[i] {
+ kl = e.GetKeySeedBitLength()
+ break
+ }
+ }
+ if kl == 0 {
+ // This is StringToKey
+ kl = 256
+ }
+ case 0xAA:
+ // This is a Ke
+ kl = 256
+ }
+ }
+ if kl == 0 {
+ kl = e.GetKeySeedBitLength()
+ }
+ return e.RandomToKey(KDF_HMAC_SHA2(protocolKey, label, context, kl, e))
+}
+
+// RandomToKey returns a key from the bytes provided according to the definition in RFC 8009.
+func RandomToKey(b []byte) []byte {
+ return b
+}
+
+// StringToKey returns a key derived from the string provided according to the definition in RFC 8009.
+func StringToKey(secret, salt, s2kparams string, e etype.EType) ([]byte, error) {
+ i, err := S2KparamsToItertions(s2kparams)
+ if err != nil {
+ return nil, err
+ }
+ return StringToKeyIter(secret, salt, i, e)
+}
+
+// StringToKeyIter returns a key derived from the string provided according to the definition in RFC 8009.
+func StringToKeyIter(secret, salt string, iterations int, e etype.EType) ([]byte, error) {
+ tkey := e.RandomToKey(StringToPBKDF2(secret, salt, iterations, e))
+ return e.DeriveKey(tkey, []byte("kerberos"))
+}
+
+// StringToPBKDF2 generates an encryption key from a pass phrase and salt string using the PBKDF2 function from PKCS #5 v2.0
+func StringToPBKDF2(secret, salt string, iterations int, e etype.EType) []byte {
+ kl := e.GetKeyByteSize()
+ if e.GetETypeID() == etypeID.AES256_CTS_HMAC_SHA384_192 {
+ kl = 32
+ }
+ return pbkdf2.Key([]byte(secret), []byte(salt), iterations, kl, e.GetHashFunc())
+}
+
+// KDF_HMAC_SHA2 key derivation: https://tools.ietf.org/html/rfc8009#section-3
+func KDF_HMAC_SHA2(protocolKey, label, context []byte, kl int, e etype.EType) []byte {
+ //k: Length in bits of the key to be outputted, expressed in big-endian binary representation in 4 bytes.
+ k := make([]byte, 4, 4)
+ binary.BigEndian.PutUint32(k, uint32(kl))
+
+ c := make([]byte, 4, 4)
+ binary.BigEndian.PutUint32(c, uint32(1))
+ c = append(c, label...)
+ c = append(c, byte(0))
+ if len(context) > 0 {
+ c = append(c, context...)
+ }
+ c = append(c, k...)
+
+ mac := hmac.New(e.GetHashFunc(), protocolKey)
+ mac.Write(c)
+ return mac.Sum(nil)[:(kl / 8)]
+}
+
+// GetSaltP returns the salt value based on the etype name: https://tools.ietf.org/html/rfc8009#section-4
+func GetSaltP(salt, ename string) string {
+ b := []byte(ename)
+ b = append(b, byte(0))
+ b = append(b, []byte(salt)...)
+ return string(b)
+}
+
+// S2KparamsToItertions converts the string representation of iterations to an integer for RFC 8009.
+func S2KparamsToItertions(s2kparams string) (int, error) {
+ var i uint32
+ if len(s2kparams) != 8 {
+ return s2kParamsZero, errors.New("Invalid s2kparams length")
+ }
+ b, err := hex.DecodeString(s2kparams)
+ if err != nil {
+ return s2kParamsZero, errors.New("Invalid s2kparams, cannot decode string to bytes")
+ }
+ i = binary.BigEndian.Uint32(b)
+ //buf := bytes.NewBuffer(b)
+ //err = binary.Read(buf, binary.BigEndian, &i)
+ if err != nil {
+ return s2kParamsZero, errors.New("Invalid s2kparams, cannot convert to big endian int32")
+ }
+ return int(i), nil
+}