[VOL-4291] Rw-core updates for gRPC migration
Change-Id: I8d5a554409115b29318089671ca4e1ab3fa98810
diff --git a/vendor/github.com/jcmturner/gokrb5/v8/crypto/aes128-cts-hmac-sha1-96.go b/vendor/github.com/jcmturner/gokrb5/v8/crypto/aes128-cts-hmac-sha1-96.go
new file mode 100644
index 0000000..dd8babd
--- /dev/null
+++ b/vendor/github.com/jcmturner/gokrb5/v8/crypto/aes128-cts-hmac-sha1-96.go
@@ -0,0 +1,129 @@
+package crypto
+
+import (
+ "crypto/aes"
+ "crypto/hmac"
+ "crypto/sha1"
+ "hash"
+
+ "github.com/jcmturner/gokrb5/v8/crypto/common"
+ "github.com/jcmturner/gokrb5/v8/crypto/rfc3961"
+ "github.com/jcmturner/gokrb5/v8/crypto/rfc3962"
+ "github.com/jcmturner/gokrb5/v8/iana/chksumtype"
+ "github.com/jcmturner/gokrb5/v8/iana/etypeID"
+)
+
+// RFC 3962
+
+// Aes128CtsHmacSha96 implements Kerberos encryption type aes128-cts-hmac-sha1-96
+type Aes128CtsHmacSha96 struct {
+}
+
+// GetETypeID returns the EType ID number.
+func (e Aes128CtsHmacSha96) GetETypeID() int32 {
+ return etypeID.AES128_CTS_HMAC_SHA1_96
+}
+
+// GetHashID returns the checksum type ID number.
+func (e Aes128CtsHmacSha96) GetHashID() int32 {
+ return chksumtype.HMAC_SHA1_96_AES128
+}
+
+// GetKeyByteSize returns the number of bytes for key of this etype.
+func (e Aes128CtsHmacSha96) GetKeyByteSize() int {
+ return 128 / 8
+}
+
+// GetKeySeedBitLength returns the number of bits for the seed for key generation.
+func (e Aes128CtsHmacSha96) GetKeySeedBitLength() int {
+ return e.GetKeyByteSize() * 8
+}
+
+// GetHashFunc returns the hash function for this etype.
+func (e Aes128CtsHmacSha96) GetHashFunc() func() hash.Hash {
+ return sha1.New
+}
+
+// GetMessageBlockByteSize returns the block size for the etype's messages.
+func (e Aes128CtsHmacSha96) GetMessageBlockByteSize() int {
+ return 1
+}
+
+// GetDefaultStringToKeyParams returns the default key derivation parameters in string form.
+func (e Aes128CtsHmacSha96) GetDefaultStringToKeyParams() string {
+ return "00001000"
+}
+
+// GetConfounderByteSize returns the byte count for confounder to be used during cryptographic operations.
+func (e Aes128CtsHmacSha96) GetConfounderByteSize() int {
+ return aes.BlockSize
+}
+
+// GetHMACBitLength returns the bit count size of the integrity hash.
+func (e Aes128CtsHmacSha96) GetHMACBitLength() int {
+ return 96
+}
+
+// GetCypherBlockBitLength returns the bit count size of the cypher block.
+func (e Aes128CtsHmacSha96) GetCypherBlockBitLength() int {
+ return aes.BlockSize * 8
+}
+
+// StringToKey returns a key derived from the string provided.
+func (e Aes128CtsHmacSha96) StringToKey(secret string, salt string, s2kparams string) ([]byte, error) {
+ return rfc3962.StringToKey(secret, salt, s2kparams, e)
+}
+
+// RandomToKey returns a key from the bytes provided.
+func (e Aes128CtsHmacSha96) RandomToKey(b []byte) []byte {
+ return rfc3961.RandomToKey(b)
+}
+
+// EncryptData encrypts the data provided.
+func (e Aes128CtsHmacSha96) EncryptData(key, data []byte) ([]byte, []byte, error) {
+ return rfc3962.EncryptData(key, data, e)
+}
+
+// EncryptMessage encrypts the message provided and concatenates it with the integrity hash to create an encrypted message.
+func (e Aes128CtsHmacSha96) EncryptMessage(key, message []byte, usage uint32) ([]byte, []byte, error) {
+ return rfc3962.EncryptMessage(key, message, usage, e)
+}
+
+// DecryptData decrypts the data provided.
+func (e Aes128CtsHmacSha96) DecryptData(key, data []byte) ([]byte, error) {
+ return rfc3962.DecryptData(key, data, e)
+}
+
+// DecryptMessage decrypts the message provided and verifies the integrity of the message.
+func (e Aes128CtsHmacSha96) DecryptMessage(key, ciphertext []byte, usage uint32) ([]byte, error) {
+ return rfc3962.DecryptMessage(key, ciphertext, usage, e)
+}
+
+// DeriveKey derives a key from the protocol key based on the usage value.
+func (e Aes128CtsHmacSha96) DeriveKey(protocolKey, usage []byte) ([]byte, error) {
+ return rfc3961.DeriveKey(protocolKey, usage, e)
+}
+
+// DeriveRandom generates data needed for key generation.
+func (e Aes128CtsHmacSha96) DeriveRandom(protocolKey, usage []byte) ([]byte, error) {
+ return rfc3961.DeriveRandom(protocolKey, usage, e)
+}
+
+// VerifyIntegrity checks the integrity of the plaintext message.
+func (e Aes128CtsHmacSha96) VerifyIntegrity(protocolKey, ct, pt []byte, usage uint32) bool {
+ return rfc3961.VerifyIntegrity(protocolKey, ct, pt, usage, e)
+}
+
+// GetChecksumHash returns a keyed checksum hash of the bytes provided.
+func (e Aes128CtsHmacSha96) GetChecksumHash(protocolKey, data []byte, usage uint32) ([]byte, error) {
+ return common.GetHash(data, protocolKey, common.GetUsageKc(usage), e)
+}
+
+// VerifyChecksum compares the checksum of the message bytes is the same as the checksum provided.
+func (e Aes128CtsHmacSha96) VerifyChecksum(protocolKey, data, chksum []byte, usage uint32) bool {
+ c, err := e.GetChecksumHash(protocolKey, data, usage)
+ if err != nil {
+ return false
+ }
+ return hmac.Equal(chksum, c)
+}
diff --git a/vendor/github.com/jcmturner/gokrb5/v8/crypto/aes128-cts-hmac-sha256-128.go b/vendor/github.com/jcmturner/gokrb5/v8/crypto/aes128-cts-hmac-sha256-128.go
new file mode 100644
index 0000000..b05af7d
--- /dev/null
+++ b/vendor/github.com/jcmturner/gokrb5/v8/crypto/aes128-cts-hmac-sha256-128.go
@@ -0,0 +1,132 @@
+package crypto
+
+import (
+ "crypto/aes"
+ "crypto/hmac"
+ "crypto/sha256"
+ "hash"
+
+ "github.com/jcmturner/gokrb5/v8/crypto/common"
+ "github.com/jcmturner/gokrb5/v8/crypto/rfc8009"
+ "github.com/jcmturner/gokrb5/v8/iana/chksumtype"
+ "github.com/jcmturner/gokrb5/v8/iana/etypeID"
+)
+
+// RFC https://tools.ietf.org/html/rfc8009
+
+// Aes128CtsHmacSha256128 implements Kerberos encryption type aes128-cts-hmac-sha256-128
+type Aes128CtsHmacSha256128 struct {
+}
+
+// GetETypeID returns the EType ID number.
+func (e Aes128CtsHmacSha256128) GetETypeID() int32 {
+ return etypeID.AES128_CTS_HMAC_SHA256_128
+}
+
+// GetHashID returns the checksum type ID number.
+func (e Aes128CtsHmacSha256128) GetHashID() int32 {
+ return chksumtype.HMAC_SHA256_128_AES128
+}
+
+// GetKeyByteSize returns the number of bytes for key of this etype.
+func (e Aes128CtsHmacSha256128) GetKeyByteSize() int {
+ return 128 / 8
+}
+
+// GetKeySeedBitLength returns the number of bits for the seed for key generation.
+func (e Aes128CtsHmacSha256128) GetKeySeedBitLength() int {
+ return e.GetKeyByteSize() * 8
+}
+
+// GetHashFunc returns the hash function for this etype.
+func (e Aes128CtsHmacSha256128) GetHashFunc() func() hash.Hash {
+ return sha256.New
+}
+
+// GetMessageBlockByteSize returns the block size for the etype's messages.
+func (e Aes128CtsHmacSha256128) GetMessageBlockByteSize() int {
+ return 1
+}
+
+// GetDefaultStringToKeyParams returns the default key derivation parameters in string form.
+func (e Aes128CtsHmacSha256128) GetDefaultStringToKeyParams() string {
+ return "00008000"
+}
+
+// GetConfounderByteSize returns the byte count for confounder to be used during cryptographic operations.
+func (e Aes128CtsHmacSha256128) GetConfounderByteSize() int {
+ return aes.BlockSize
+}
+
+// GetHMACBitLength returns the bit count size of the integrity hash.
+func (e Aes128CtsHmacSha256128) GetHMACBitLength() int {
+ return 128
+}
+
+// GetCypherBlockBitLength returns the bit count size of the cypher block.
+func (e Aes128CtsHmacSha256128) GetCypherBlockBitLength() int {
+ return aes.BlockSize * 8
+}
+
+// StringToKey returns a key derived from the string provided.
+func (e Aes128CtsHmacSha256128) StringToKey(secret string, salt string, s2kparams string) ([]byte, error) {
+ saltp := rfc8009.GetSaltP(salt, "aes128-cts-hmac-sha256-128")
+ return rfc8009.StringToKey(secret, saltp, s2kparams, e)
+}
+
+// RandomToKey returns a key from the bytes provided.
+func (e Aes128CtsHmacSha256128) RandomToKey(b []byte) []byte {
+ return rfc8009.RandomToKey(b)
+}
+
+// EncryptData encrypts the data provided.
+func (e Aes128CtsHmacSha256128) EncryptData(key, data []byte) ([]byte, []byte, error) {
+ return rfc8009.EncryptData(key, data, e)
+}
+
+// EncryptMessage encrypts the message provided and concatenates it with the integrity hash to create an encrypted message.
+func (e Aes128CtsHmacSha256128) EncryptMessage(key, message []byte, usage uint32) ([]byte, []byte, error) {
+ return rfc8009.EncryptMessage(key, message, usage, e)
+}
+
+// DecryptData decrypts the data provided.
+func (e Aes128CtsHmacSha256128) DecryptData(key, data []byte) ([]byte, error) {
+ return rfc8009.DecryptData(key, data, e)
+}
+
+// DecryptMessage decrypts the message provided and verifies the integrity of the message.
+func (e Aes128CtsHmacSha256128) DecryptMessage(key, ciphertext []byte, usage uint32) ([]byte, error) {
+ return rfc8009.DecryptMessage(key, ciphertext, usage, e)
+}
+
+// DeriveKey derives a key from the protocol key based on the usage value.
+func (e Aes128CtsHmacSha256128) DeriveKey(protocolKey, usage []byte) ([]byte, error) {
+ return rfc8009.DeriveKey(protocolKey, usage, e), nil
+}
+
+// DeriveRandom generates data needed for key generation.
+func (e Aes128CtsHmacSha256128) DeriveRandom(protocolKey, usage []byte) ([]byte, error) {
+ return rfc8009.DeriveRandom(protocolKey, usage, e)
+}
+
+// VerifyIntegrity checks the integrity of the ciphertext message.
+// As the hash is calculated over the iv concatenated with the AES cipher output not the plaintext the pt value to this
+// interface method is not use. Pass any []byte.
+func (e Aes128CtsHmacSha256128) VerifyIntegrity(protocolKey, ct, pt []byte, usage uint32) bool {
+ // We don't need ib just there for the interface
+ return rfc8009.VerifyIntegrity(protocolKey, ct, usage, e)
+}
+
+// GetChecksumHash returns a keyed checksum hash of the bytes provided.
+func (e Aes128CtsHmacSha256128) GetChecksumHash(protocolKey, data []byte, usage uint32) ([]byte, error) {
+ return common.GetHash(data, protocolKey, common.GetUsageKc(usage), e)
+}
+
+// VerifyChecksum compares the checksum of the message bytes is the same as the checksum provided.
+func (e Aes128CtsHmacSha256128) VerifyChecksum(protocolKey, data, chksum []byte, usage uint32) bool {
+ c, err := e.GetChecksumHash(protocolKey, data, usage)
+ if err != nil {
+ return false
+ }
+ return hmac.Equal(chksum, c)
+}
diff --git a/vendor/github.com/jcmturner/gokrb5/v8/crypto/aes256-cts-hmac-sha1-96.go b/vendor/github.com/jcmturner/gokrb5/v8/crypto/aes256-cts-hmac-sha1-96.go
new file mode 100644
index 0000000..45e439a
--- /dev/null
+++ b/vendor/github.com/jcmturner/gokrb5/v8/crypto/aes256-cts-hmac-sha1-96.go
@@ -0,0 +1,129 @@
+package crypto
+
+import (
+ "crypto/aes"
+ "crypto/hmac"
+ "crypto/sha1"
+ "hash"
+
+ "github.com/jcmturner/gokrb5/v8/crypto/common"
+ "github.com/jcmturner/gokrb5/v8/crypto/rfc3961"
+ "github.com/jcmturner/gokrb5/v8/crypto/rfc3962"
+ "github.com/jcmturner/gokrb5/v8/iana/chksumtype"
+ "github.com/jcmturner/gokrb5/v8/iana/etypeID"
+)
+
+// RFC 3962
+
+// Aes256CtsHmacSha96 implements Kerberos encryption type aes256-cts-hmac-sha1-96
+type Aes256CtsHmacSha96 struct {
+}
+
+// GetETypeID returns the EType ID number.
+func (e Aes256CtsHmacSha96) GetETypeID() int32 {
+ return etypeID.AES256_CTS_HMAC_SHA1_96
+}
+
+// GetHashID returns the checksum type ID number.
+func (e Aes256CtsHmacSha96) GetHashID() int32 {
+ return chksumtype.HMAC_SHA1_96_AES256
+}
+
+// GetKeyByteSize returns the number of bytes for key of this etype.
+func (e Aes256CtsHmacSha96) GetKeyByteSize() int {
+ return 256 / 8
+}
+
+// GetKeySeedBitLength returns the number of bits for the seed for key generation.
+func (e Aes256CtsHmacSha96) GetKeySeedBitLength() int {
+ return e.GetKeyByteSize() * 8
+}
+
+// GetHashFunc returns the hash function for this etype.
+func (e Aes256CtsHmacSha96) GetHashFunc() func() hash.Hash {
+ return sha1.New
+}
+
+// GetMessageBlockByteSize returns the block size for the etype's messages.
+func (e Aes256CtsHmacSha96) GetMessageBlockByteSize() int {
+ return 1
+}
+
+// GetDefaultStringToKeyParams returns the default key derivation parameters in string form.
+func (e Aes256CtsHmacSha96) GetDefaultStringToKeyParams() string {
+ return "00001000"
+}
+
+// GetConfounderByteSize returns the byte count for confounder to be used during cryptographic operations.
+func (e Aes256CtsHmacSha96) GetConfounderByteSize() int {
+ return aes.BlockSize
+}
+
+// GetHMACBitLength returns the bit count size of the integrity hash.
+func (e Aes256CtsHmacSha96) GetHMACBitLength() int {
+ return 96
+}
+
+// GetCypherBlockBitLength returns the bit count size of the cypher block.
+func (e Aes256CtsHmacSha96) GetCypherBlockBitLength() int {
+ return aes.BlockSize * 8
+}
+
+// StringToKey returns a key derived from the string provided.
+func (e Aes256CtsHmacSha96) StringToKey(secret string, salt string, s2kparams string) ([]byte, error) {
+ return rfc3962.StringToKey(secret, salt, s2kparams, e)
+}
+
+// RandomToKey returns a key from the bytes provided.
+func (e Aes256CtsHmacSha96) RandomToKey(b []byte) []byte {
+ return rfc3961.RandomToKey(b)
+}
+
+// EncryptData encrypts the data provided.
+func (e Aes256CtsHmacSha96) EncryptData(key, data []byte) ([]byte, []byte, error) {
+ return rfc3962.EncryptData(key, data, e)
+}
+
+// EncryptMessage encrypts the message provided and concatenates it with the integrity hash to create an encrypted message.
+func (e Aes256CtsHmacSha96) EncryptMessage(key, message []byte, usage uint32) ([]byte, []byte, error) {
+ return rfc3962.EncryptMessage(key, message, usage, e)
+}
+
+// DecryptData decrypts the data provided.
+func (e Aes256CtsHmacSha96) DecryptData(key, data []byte) ([]byte, error) {
+ return rfc3962.DecryptData(key, data, e)
+}
+
+// DecryptMessage decrypts the message provided and verifies the integrity of the message.
+func (e Aes256CtsHmacSha96) DecryptMessage(key, ciphertext []byte, usage uint32) ([]byte, error) {
+ return rfc3962.DecryptMessage(key, ciphertext, usage, e)
+}
+
+// DeriveKey derives a key from the protocol key based on the usage value.
+func (e Aes256CtsHmacSha96) DeriveKey(protocolKey, usage []byte) ([]byte, error) {
+ return rfc3961.DeriveKey(protocolKey, usage, e)
+}
+
+// DeriveRandom generates data needed for key generation.
+func (e Aes256CtsHmacSha96) DeriveRandom(protocolKey, usage []byte) ([]byte, error) {
+ return rfc3961.DeriveRandom(protocolKey, usage, e)
+}
+
+// VerifyIntegrity checks the integrity of the plaintext message.
+func (e Aes256CtsHmacSha96) VerifyIntegrity(protocolKey, ct, pt []byte, usage uint32) bool {
+ return rfc3961.VerifyIntegrity(protocolKey, ct, pt, usage, e)
+}
+
+// GetChecksumHash returns a keyed checksum hash of the bytes provided.
+func (e Aes256CtsHmacSha96) GetChecksumHash(protocolKey, data []byte, usage uint32) ([]byte, error) {
+ return common.GetHash(data, protocolKey, common.GetUsageKc(usage), e)
+}
+
+// VerifyChecksum compares the checksum of the message bytes is the same as the checksum provided.
+func (e Aes256CtsHmacSha96) VerifyChecksum(protocolKey, data, chksum []byte, usage uint32) bool {
+ c, err := e.GetChecksumHash(protocolKey, data, usage)
+ if err != nil {
+ return false
+ }
+ return hmac.Equal(chksum, c)
+}
diff --git a/vendor/github.com/jcmturner/gokrb5/v8/crypto/aes256-cts-hmac-sha384-192.go b/vendor/github.com/jcmturner/gokrb5/v8/crypto/aes256-cts-hmac-sha384-192.go
new file mode 100644
index 0000000..6a54475
--- /dev/null
+++ b/vendor/github.com/jcmturner/gokrb5/v8/crypto/aes256-cts-hmac-sha384-192.go
@@ -0,0 +1,132 @@
+package crypto
+
+import (
+ "crypto/aes"
+ "crypto/hmac"
+ "crypto/sha512"
+ "hash"
+
+ "github.com/jcmturner/gokrb5/v8/crypto/common"
+ "github.com/jcmturner/gokrb5/v8/crypto/rfc8009"
+ "github.com/jcmturner/gokrb5/v8/iana/chksumtype"
+ "github.com/jcmturner/gokrb5/v8/iana/etypeID"
+)
+
+// RFC https://tools.ietf.org/html/rfc8009
+
+// Aes256CtsHmacSha384192 implements Kerberos encryption type aes256-cts-hmac-sha384-192
+type Aes256CtsHmacSha384192 struct {
+}
+
+// GetETypeID returns the EType ID number.
+func (e Aes256CtsHmacSha384192) GetETypeID() int32 {
+ return etypeID.AES256_CTS_HMAC_SHA384_192
+}
+
+// GetHashID returns the checksum type ID number.
+func (e Aes256CtsHmacSha384192) GetHashID() int32 {
+ return chksumtype.HMAC_SHA384_192_AES256
+}
+
+// GetKeyByteSize returns the number of bytes for key of this etype.
+func (e Aes256CtsHmacSha384192) GetKeyByteSize() int {
+ return 192 / 8
+}
+
+// GetKeySeedBitLength returns the number of bits for the seed for key generation.
+func (e Aes256CtsHmacSha384192) GetKeySeedBitLength() int {
+ return e.GetKeyByteSize() * 8
+}
+
+// GetHashFunc returns the hash function for this etype.
+func (e Aes256CtsHmacSha384192) GetHashFunc() func() hash.Hash {
+ return sha512.New384
+}
+
+// GetMessageBlockByteSize returns the block size for the etype's messages.
+func (e Aes256CtsHmacSha384192) GetMessageBlockByteSize() int {
+ return 1
+}
+
+// GetDefaultStringToKeyParams returns the default key derivation parameters in string form.
+func (e Aes256CtsHmacSha384192) GetDefaultStringToKeyParams() string {
+ return "00008000"
+}
+
+// GetConfounderByteSize returns the byte count for confounder to be used during cryptographic operations.
+func (e Aes256CtsHmacSha384192) GetConfounderByteSize() int {
+ return aes.BlockSize
+}
+
+// GetHMACBitLength returns the bit count size of the integrity hash.
+func (e Aes256CtsHmacSha384192) GetHMACBitLength() int {
+ return 192
+}
+
+// GetCypherBlockBitLength returns the bit count size of the cypher block.
+func (e Aes256CtsHmacSha384192) GetCypherBlockBitLength() int {
+ return aes.BlockSize * 8
+}
+
+// StringToKey returns a key derived from the string provided.
+func (e Aes256CtsHmacSha384192) StringToKey(secret string, salt string, s2kparams string) ([]byte, error) {
+ saltp := rfc8009.GetSaltP(salt, "aes256-cts-hmac-sha384-192")
+ return rfc8009.StringToKey(secret, saltp, s2kparams, e)
+}
+
+// RandomToKey returns a key from the bytes provided.
+func (e Aes256CtsHmacSha384192) RandomToKey(b []byte) []byte {
+ return rfc8009.RandomToKey(b)
+}
+
+// EncryptData encrypts the data provided.
+func (e Aes256CtsHmacSha384192) EncryptData(key, data []byte) ([]byte, []byte, error) {
+ return rfc8009.EncryptData(key, data, e)
+}
+
+// EncryptMessage encrypts the message provided and concatenates it with the integrity hash to create an encrypted message.
+func (e Aes256CtsHmacSha384192) EncryptMessage(key, message []byte, usage uint32) ([]byte, []byte, error) {
+ return rfc8009.EncryptMessage(key, message, usage, e)
+}
+
+// DecryptData decrypts the data provided.
+func (e Aes256CtsHmacSha384192) DecryptData(key, data []byte) ([]byte, error) {
+ return rfc8009.DecryptData(key, data, e)
+}
+
+// DecryptMessage decrypts the message provided and verifies the integrity of the message.
+func (e Aes256CtsHmacSha384192) DecryptMessage(key, ciphertext []byte, usage uint32) ([]byte, error) {
+ return rfc8009.DecryptMessage(key, ciphertext, usage, e)
+}
+
+// DeriveKey derives a key from the protocol key based on the usage value.
+func (e Aes256CtsHmacSha384192) DeriveKey(protocolKey, usage []byte) ([]byte, error) {
+ return rfc8009.DeriveKey(protocolKey, usage, e), nil
+}
+
+// DeriveRandom generates data needed for key generation.
+func (e Aes256CtsHmacSha384192) DeriveRandom(protocolKey, usage []byte) ([]byte, error) {
+ return rfc8009.DeriveRandom(protocolKey, usage, e)
+}
+
+// VerifyIntegrity checks the integrity of the ciphertext message.
+// As the hash is calculated over the iv concatenated with the AES cipher output not the plaintext the pt value to this
+// interface method is not use. Pass any []byte.
+func (e Aes256CtsHmacSha384192) VerifyIntegrity(protocolKey, ct, pt []byte, usage uint32) bool {
+ // We don't need ib just there for the interface
+ return rfc8009.VerifyIntegrity(protocolKey, ct, usage, e)
+}
+
+// GetChecksumHash returns a keyed checksum hash of the bytes provided.
+func (e Aes256CtsHmacSha384192) GetChecksumHash(protocolKey, data []byte, usage uint32) ([]byte, error) {
+ return common.GetHash(data, protocolKey, common.GetUsageKc(usage), e)
+}
+
+// VerifyChecksum compares the checksum of the message bytes is the same as the checksum provided.
+func (e Aes256CtsHmacSha384192) VerifyChecksum(protocolKey, data, chksum []byte, usage uint32) bool {
+ c, err := e.GetChecksumHash(protocolKey, data, usage)
+ if err != nil {
+ return false
+ }
+ return hmac.Equal(chksum, c)
+}
diff --git a/vendor/github.com/jcmturner/gokrb5/v8/crypto/common/common.go b/vendor/github.com/jcmturner/gokrb5/v8/crypto/common/common.go
new file mode 100644
index 0000000..dab55be
--- /dev/null
+++ b/vendor/github.com/jcmturner/gokrb5/v8/crypto/common/common.go
@@ -0,0 +1,132 @@
+// Package common provides encryption methods common across encryption types
+package common
+
+import (
+ "bytes"
+ "crypto/hmac"
+ "encoding/binary"
+ "encoding/hex"
+ "errors"
+ "fmt"
+
+ "github.com/jcmturner/gokrb5/v8/crypto/etype"
+)
+
+// ZeroPad pads bytes with zeros to nearest multiple of message size m.
+func ZeroPad(b []byte, m int) ([]byte, error) {
+ if m <= 0 {
+ return nil, errors.New("Invalid message block size when padding")
+ }
+ if b == nil || len(b) == 0 {
+ return nil, errors.New("Data not valid to pad: Zero size")
+ }
+ if l := len(b) % m; l != 0 {
+ n := m - l
+ z := make([]byte, n)
+ b = append(b, z...)
+ }
+ return b, nil
+}
+
+// PKCS7Pad pads bytes according to RFC 2315 to nearest multiple of message size m.
+func PKCS7Pad(b []byte, m int) ([]byte, error) {
+ if m <= 0 {
+ return nil, errors.New("Invalid message block size when padding")
+ }
+ if b == nil || len(b) == 0 {
+ return nil, errors.New("Data not valid to pad: Zero size")
+ }
+ n := m - (len(b) % m)
+ pb := make([]byte, len(b)+n)
+ copy(pb, b)
+ copy(pb[len(b):], bytes.Repeat([]byte{byte(n)}, n))
+ return pb, nil
+}
+
+// PKCS7Unpad removes RFC 2315 padding from byes where message size is m.
+func PKCS7Unpad(b []byte, m int) ([]byte, error) {
+ if m <= 0 {
+ return nil, errors.New("invalid message block size when unpadding")
+ }
+ if b == nil || len(b) == 0 {
+ return nil, errors.New("padded data not valid: Zero size")
+ }
+ if len(b)%m != 0 {
+ return nil, errors.New("padded data not valid: Not multiple of message block size")
+ }
+ c := b[len(b)-1]
+ n := int(c)
+ if n == 0 || n > len(b) {
+ return nil, errors.New("padded data not valid: Data may not have been padded")
+ }
+ for i := 0; i < n; i++ {
+ if b[len(b)-n+i] != c {
+ return nil, errors.New("padded data not valid")
+ }
+ }
+ return b[:len(b)-n], nil
+}
+
+// GetHash generates the keyed hash value according to the etype's hash function.
+func GetHash(pt, key []byte, usage []byte, etype etype.EType) ([]byte, error) {
+ k, err := etype.DeriveKey(key, usage)
+ if err != nil {
+ return nil, fmt.Errorf("unable to derive key for checksum: %v", err)
+ }
+ mac := hmac.New(etype.GetHashFunc(), k)
+ p := make([]byte, len(pt))
+ copy(p, pt)
+ mac.Write(p)
+ return mac.Sum(nil)[:etype.GetHMACBitLength()/8], nil
+}
+
+// GetChecksumHash returns a keyed checksum hash of the bytes provided.
+func GetChecksumHash(b, key []byte, usage uint32, etype etype.EType) ([]byte, error) {
+ return GetHash(b, key, GetUsageKc(usage), etype)
+}
+
+// GetIntegrityHash returns a keyed integrity hash of the bytes provided.
+func GetIntegrityHash(b, key []byte, usage uint32, etype etype.EType) ([]byte, error) {
+ return GetHash(b, key, GetUsageKi(usage), etype)
+}
+
+// VerifyChecksum compares the checksum of the msg bytes is the same as the checksum provided.
+func VerifyChecksum(key, chksum, msg []byte, usage uint32, etype etype.EType) bool {
+ //The encrypted message is a concatenation of the encrypted output and the hash HMAC.
+ expectedMAC, _ := GetChecksumHash(msg, key, usage, etype)
+ return hmac.Equal(chksum, expectedMAC)
+}
+
+// GetUsageKc returns the checksum key usage value for the usage number un.
+//
+// See RFC 3961 5.3 key-derivation function definition.
+func GetUsageKc(un uint32) []byte {
+ return getUsage(un, 0x99)
+}
+
+// GetUsageKe returns the encryption key usage value for the usage number un
+//
+// See RFC 3961 5.3 key-derivation function definition.
+func GetUsageKe(un uint32) []byte {
+ return getUsage(un, 0xAA)
+}
+
+// GetUsageKi returns the integrity key usage value for the usage number un
+//
+// See RFC 3961 5.3 key-derivation function definition.
+func GetUsageKi(un uint32) []byte {
+ return getUsage(un, 0x55)
+}
+
+func getUsage(un uint32, o byte) []byte {
+ var buf bytes.Buffer
+ binary.Write(&buf, binary.BigEndian, un)
+ return append(buf.Bytes(), o)
+}
+
+// IterationsToS2Kparams converts the number of iterations as an integer to a string representation.
+func IterationsToS2Kparams(i uint32) string {
+ b := make([]byte, 4, 4)
+ binary.BigEndian.PutUint32(b, i)
+ return hex.EncodeToString(b)
+}
diff --git a/vendor/github.com/jcmturner/gokrb5/v8/crypto/crypto.go b/vendor/github.com/jcmturner/gokrb5/v8/crypto/crypto.go
new file mode 100644
index 0000000..5c96ddf
--- /dev/null
+++ b/vendor/github.com/jcmturner/gokrb5/v8/crypto/crypto.go
@@ -0,0 +1,175 @@
+// Package crypto implements cryptographic functions for Kerberos 5 implementation.
+package crypto
+
+import (
+ "encoding/hex"
+ "fmt"
+
+ "github.com/jcmturner/gokrb5/v8/crypto/etype"
+ "github.com/jcmturner/gokrb5/v8/iana/chksumtype"
+ "github.com/jcmturner/gokrb5/v8/iana/etypeID"
+ "github.com/jcmturner/gokrb5/v8/iana/patype"
+ "github.com/jcmturner/gokrb5/v8/types"
+)
+
+// GetEtype returns an instances of the required etype struct for the etype ID.
+func GetEtype(id int32) (etype.EType, error) {
+ switch id {
+ case etypeID.AES128_CTS_HMAC_SHA1_96:
+ var et Aes128CtsHmacSha96
+ return et, nil
+ case etypeID.AES256_CTS_HMAC_SHA1_96:
+ var et Aes256CtsHmacSha96
+ return et, nil
+ case etypeID.AES128_CTS_HMAC_SHA256_128:
+ var et Aes128CtsHmacSha256128
+ return et, nil
+ case etypeID.AES256_CTS_HMAC_SHA384_192:
+ var et Aes256CtsHmacSha384192
+ return et, nil
+ case etypeID.DES3_CBC_SHA1_KD:
+ var et Des3CbcSha1Kd
+ return et, nil
+ case etypeID.RC4_HMAC:
+ var et RC4HMAC
+ return et, nil
+ default:
+ return nil, fmt.Errorf("unknown or unsupported EType: %d", id)
+ }
+}
+
+// GetChksumEtype returns an instances of the required etype struct for the checksum ID.
+func GetChksumEtype(id int32) (etype.EType, error) {
+ switch id {
+ case chksumtype.HMAC_SHA1_96_AES128:
+ var et Aes128CtsHmacSha96
+ return et, nil
+ case chksumtype.HMAC_SHA1_96_AES256:
+ var et Aes256CtsHmacSha96
+ return et, nil
+ case chksumtype.HMAC_SHA256_128_AES128:
+ var et Aes128CtsHmacSha256128
+ return et, nil
+ case chksumtype.HMAC_SHA384_192_AES256:
+ var et Aes256CtsHmacSha384192
+ return et, nil
+ case chksumtype.HMAC_SHA1_DES3_KD:
+ var et Des3CbcSha1Kd
+ return et, nil
+ case chksumtype.KERB_CHECKSUM_HMAC_MD5:
+ var et RC4HMAC
+ return et, nil
+ //case chksumtype.KERB_CHECKSUM_HMAC_MD5_UNSIGNED:
+ // var et RC4HMAC
+ // return et, nil
+ default:
+ return nil, fmt.Errorf("unknown or unsupported checksum type: %d", id)
+ }
+}
+
+// GetKeyFromPassword generates an encryption key from the principal's password.
+func GetKeyFromPassword(passwd string, cname types.PrincipalName, realm string, etypeID int32, pas types.PADataSequence) (types.EncryptionKey, etype.EType, error) {
+ var key types.EncryptionKey
+ et, err := GetEtype(etypeID)
+ if err != nil {
+ return key, et, fmt.Errorf("error getting encryption type: %v", err)
+ }
+ sk2p := et.GetDefaultStringToKeyParams()
+ var salt string
+ var paID int32
+ for _, pa := range pas {
+ switch pa.PADataType {
+ case patype.PA_PW_SALT:
+ if paID > pa.PADataType {
+ continue
+ }
+ salt = string(pa.PADataValue)
+ case patype.PA_ETYPE_INFO:
+ if paID > pa.PADataType {
+ continue
+ }
+ var eti types.ETypeInfo
+ err := eti.Unmarshal(pa.PADataValue)
+ if err != nil {
+ return key, et, fmt.Errorf("error unmashaling PA Data to PA-ETYPE-INFO2: %v", err)
+ }
+ if etypeID != eti[0].EType {
+ et, err = GetEtype(eti[0].EType)
+ if err != nil {
+ return key, et, fmt.Errorf("error getting encryption type: %v", err)
+ }
+ }
+ salt = string(eti[0].Salt)
+ case patype.PA_ETYPE_INFO2:
+ if paID > pa.PADataType {
+ continue
+ }
+ var et2 types.ETypeInfo2
+ err := et2.Unmarshal(pa.PADataValue)
+ if err != nil {
+ return key, et, fmt.Errorf("error unmashalling PA Data to PA-ETYPE-INFO2: %v", err)
+ }
+ if etypeID != et2[0].EType {
+ et, err = GetEtype(et2[0].EType)
+ if err != nil {
+ return key, et, fmt.Errorf("error getting encryption type: %v", err)
+ }
+ }
+ if len(et2[0].S2KParams) == 4 {
+ sk2p = hex.EncodeToString(et2[0].S2KParams)
+ }
+ salt = et2[0].Salt
+ }
+ }
+ if salt == "" {
+ salt = cname.GetSalt(realm)
+ }
+ k, err := et.StringToKey(passwd, salt, sk2p)
+ if err != nil {
+ return key, et, fmt.Errorf("error deriving key from string: %+v", err)
+ }
+ key = types.EncryptionKey{
+ KeyType: etypeID,
+ KeyValue: k,
+ }
+ return key, et, nil
+}
+
+// GetEncryptedData encrypts the data provided and returns and EncryptedData type.
+// Pass a usage value of zero to use the key provided directly rather than deriving one.
+func GetEncryptedData(plainBytes []byte, key types.EncryptionKey, usage uint32, kvno int) (types.EncryptedData, error) {
+ var ed types.EncryptedData
+ et, err := GetEtype(key.KeyType)
+ if err != nil {
+ return ed, fmt.Errorf("error getting etype: %v", err)
+ }
+ _, b, err := et.EncryptMessage(key.KeyValue, plainBytes, usage)
+ if err != nil {
+ return ed, err
+ }
+
+ ed = types.EncryptedData{
+ EType: key.KeyType,
+ Cipher: b,
+ KVNO: kvno,
+ }
+ return ed, nil
+}
+
+// DecryptEncPart decrypts the EncryptedData.
+func DecryptEncPart(ed types.EncryptedData, key types.EncryptionKey, usage uint32) ([]byte, error) {
+ return DecryptMessage(ed.Cipher, key, usage)
+}
+
+// DecryptMessage decrypts the ciphertext and verifies the integrity.
+func DecryptMessage(ciphertext []byte, key types.EncryptionKey, usage uint32) ([]byte, error) {
+ et, err := GetEtype(key.KeyType)
+ if err != nil {
+ return []byte{}, fmt.Errorf("error decrypting: %v", err)
+ }
+ b, err := et.DecryptMessage(key.KeyValue, ciphertext, usage)
+ if err != nil {
+ return nil, fmt.Errorf("error decrypting: %v", err)
+ }
+ return b, nil
+}
diff --git a/vendor/github.com/jcmturner/gokrb5/v8/crypto/des3-cbc-sha1-kd.go b/vendor/github.com/jcmturner/gokrb5/v8/crypto/des3-cbc-sha1-kd.go
new file mode 100644
index 0000000..6e650eb
--- /dev/null
+++ b/vendor/github.com/jcmturner/gokrb5/v8/crypto/des3-cbc-sha1-kd.go
@@ -0,0 +1,139 @@
+package crypto
+
+import (
+ "crypto/des"
+ "crypto/hmac"
+ "crypto/sha1"
+ "errors"
+ "hash"
+
+ "github.com/jcmturner/gokrb5/v8/crypto/common"
+ "github.com/jcmturner/gokrb5/v8/crypto/rfc3961"
+ "github.com/jcmturner/gokrb5/v8/iana/chksumtype"
+ "github.com/jcmturner/gokrb5/v8/iana/etypeID"
+)
+
+//RFC: 3961 Section 6.3
+
+// Des3CbcSha1Kd implements Kerberos encryption type des3-cbc-hmac-sha1-kd
+type Des3CbcSha1Kd struct {
+}
+
+// GetETypeID returns the EType ID number.
+func (e Des3CbcSha1Kd) GetETypeID() int32 {
+ return etypeID.DES3_CBC_SHA1_KD
+}
+
+// GetHashID returns the checksum type ID number.
+func (e Des3CbcSha1Kd) GetHashID() int32 {
+ return chksumtype.HMAC_SHA1_DES3_KD
+}
+
+// GetKeyByteSize returns the number of bytes for key of this etype.
+func (e Des3CbcSha1Kd) GetKeyByteSize() int {
+ return 24
+}
+
+// GetKeySeedBitLength returns the number of bits for the seed for key generation.
+func (e Des3CbcSha1Kd) GetKeySeedBitLength() int {
+ return 21 * 8
+}
+
+// GetHashFunc returns the hash function for this etype.
+func (e Des3CbcSha1Kd) GetHashFunc() func() hash.Hash {
+ return sha1.New
+}
+
+// GetMessageBlockByteSize returns the block size for the etype's messages.
+func (e Des3CbcSha1Kd) GetMessageBlockByteSize() int {
+ //For traditional CBC mode with padding, it would be the underlying cipher's block size
+ return des.BlockSize
+}
+
+// GetDefaultStringToKeyParams returns the default key derivation parameters in string form.
+func (e Des3CbcSha1Kd) GetDefaultStringToKeyParams() string {
+ var s string
+ return s
+}
+
+// GetConfounderByteSize returns the byte count for confounder to be used during cryptographic operations.
+func (e Des3CbcSha1Kd) GetConfounderByteSize() int {
+ return des.BlockSize
+}
+
+// GetHMACBitLength returns the bit count size of the integrity hash.
+func (e Des3CbcSha1Kd) GetHMACBitLength() int {
+ return e.GetHashFunc()().Size() * 8
+}
+
+// GetCypherBlockBitLength returns the bit count size of the cypher block.
+func (e Des3CbcSha1Kd) GetCypherBlockBitLength() int {
+ return des.BlockSize * 8
+}
+
+// StringToKey returns a key derived from the string provided.
+func (e Des3CbcSha1Kd) StringToKey(secret string, salt string, s2kparams string) ([]byte, error) {
+ if s2kparams != "" {
+ return []byte{}, errors.New("s2kparams must be an empty string")
+ }
+ return rfc3961.DES3StringToKey(secret, salt, e)
+}
+
+// RandomToKey returns a key from the bytes provided.
+func (e Des3CbcSha1Kd) RandomToKey(b []byte) []byte {
+ return rfc3961.DES3RandomToKey(b)
+}
+
+// DeriveRandom generates data needed for key generation.
+func (e Des3CbcSha1Kd) DeriveRandom(protocolKey, usage []byte) ([]byte, error) {
+ r, err := rfc3961.DeriveRandom(protocolKey, usage, e)
+ return r, err
+}
+
+// DeriveKey derives a key from the protocol key based on the usage value.
+func (e Des3CbcSha1Kd) DeriveKey(protocolKey, usage []byte) ([]byte, error) {
+ r, err := e.DeriveRandom(protocolKey, usage)
+ if err != nil {
+ return nil, err
+ }
+ return e.RandomToKey(r), nil
+}
+
+// EncryptData encrypts the data provided.
+func (e Des3CbcSha1Kd) EncryptData(key, data []byte) ([]byte, []byte, error) {
+ return rfc3961.DES3EncryptData(key, data, e)
+}
+
+// EncryptMessage encrypts the message provided and concatenates it with the integrity hash to create an encrypted message.
+func (e Des3CbcSha1Kd) EncryptMessage(key, message []byte, usage uint32) ([]byte, []byte, error) {
+ return rfc3961.DES3EncryptMessage(key, message, usage, e)
+}
+
+// DecryptData decrypts the data provided.
+func (e Des3CbcSha1Kd) DecryptData(key, data []byte) ([]byte, error) {
+ return rfc3961.DES3DecryptData(key, data, e)
+}
+
+// DecryptMessage decrypts the message provided and verifies the integrity of the message.
+func (e Des3CbcSha1Kd) DecryptMessage(key, ciphertext []byte, usage uint32) ([]byte, error) {
+ return rfc3961.DES3DecryptMessage(key, ciphertext, usage, e)
+}
+
+// VerifyIntegrity checks the integrity of the plaintext message.
+func (e Des3CbcSha1Kd) VerifyIntegrity(protocolKey, ct, pt []byte, usage uint32) bool {
+ return rfc3961.VerifyIntegrity(protocolKey, ct, pt, usage, e)
+}
+
+// GetChecksumHash returns a keyed checksum hash of the bytes provided.
+func (e Des3CbcSha1Kd) GetChecksumHash(protocolKey, data []byte, usage uint32) ([]byte, error) {
+ return common.GetHash(data, protocolKey, common.GetUsageKc(usage), e)
+}
+
+// VerifyChecksum compares the checksum of the message bytes is the same as the checksum provided.
+func (e Des3CbcSha1Kd) VerifyChecksum(protocolKey, data, chksum []byte, usage uint32) bool {
+ c, err := e.GetChecksumHash(protocolKey, data, usage)
+ if err != nil {
+ return false
+ }
+ return hmac.Equal(chksum, c)
+}
diff --git a/vendor/github.com/jcmturner/gokrb5/v8/crypto/etype/etype.go b/vendor/github.com/jcmturner/gokrb5/v8/crypto/etype/etype.go
new file mode 100644
index 0000000..ab1496d
--- /dev/null
+++ b/vendor/github.com/jcmturner/gokrb5/v8/crypto/etype/etype.go
@@ -0,0 +1,29 @@
+// Package etype provides the Kerberos Encryption Type interface
+package etype
+
+import "hash"
+
+// EType is the interface defining the Encryption Type.
+type EType interface {
+ GetETypeID() int32
+ GetHashID() int32
+ GetKeyByteSize() int
+ GetKeySeedBitLength() int
+ GetDefaultStringToKeyParams() string
+ StringToKey(string, salt, s2kparams string) ([]byte, error)
+ RandomToKey(b []byte) []byte
+ GetHMACBitLength() int
+ GetMessageBlockByteSize() int
+ EncryptData(key, data []byte) ([]byte, []byte, error)
+ EncryptMessage(key, message []byte, usage uint32) ([]byte, []byte, error)
+ DecryptData(key, data []byte) ([]byte, error)
+ DecryptMessage(key, ciphertext []byte, usage uint32) ([]byte, error)
+ GetCypherBlockBitLength() int
+ GetConfounderByteSize() int
+ DeriveKey(protocolKey, usage []byte) ([]byte, error)
+ DeriveRandom(protocolKey, usage []byte) ([]byte, error)
+ VerifyIntegrity(protocolKey, ct, pt []byte, usage uint32) bool
+ GetChecksumHash(protocolKey, data []byte, usage uint32) ([]byte, error)
+ VerifyChecksum(protocolKey, data, chksum []byte, usage uint32) bool
+ GetHashFunc() func() hash.Hash
+}
diff --git a/vendor/github.com/jcmturner/gokrb5/v8/crypto/rc4-hmac.go b/vendor/github.com/jcmturner/gokrb5/v8/crypto/rc4-hmac.go
new file mode 100644
index 0000000..42f84b8
--- /dev/null
+++ b/vendor/github.com/jcmturner/gokrb5/v8/crypto/rc4-hmac.go
@@ -0,0 +1,133 @@
+package crypto
+
+import (
+ "bytes"
+ "crypto/hmac"
+ "crypto/md5"
+ "hash"
+ "io"
+
+ "github.com/jcmturner/gokrb5/v8/crypto/rfc3961"
+ "github.com/jcmturner/gokrb5/v8/crypto/rfc4757"
+ "github.com/jcmturner/gokrb5/v8/iana/chksumtype"
+ "github.com/jcmturner/gokrb5/v8/iana/etypeID"
+ "golang.org/x/crypto/md4"
+)
+
+// RC4HMAC implements Kerberos encryption type rc4-hmac
+type RC4HMAC struct {
+}
+
+// GetETypeID returns the EType ID number.
+func (e RC4HMAC) GetETypeID() int32 {
+ return etypeID.RC4_HMAC
+}
+
+// GetHashID returns the checksum type ID number.
+func (e RC4HMAC) GetHashID() int32 {
+ return chksumtype.KERB_CHECKSUM_HMAC_MD5
+}
+
+// GetKeyByteSize returns the number of bytes for key of this etype.
+func (e RC4HMAC) GetKeyByteSize() int {
+ return 16
+}
+
+// GetKeySeedBitLength returns the number of bits for the seed for key generation.
+func (e RC4HMAC) GetKeySeedBitLength() int {
+ return e.GetKeyByteSize() * 8
+}
+
+// GetHashFunc returns the hash function for this etype.
+func (e RC4HMAC) GetHashFunc() func() hash.Hash {
+ return md5.New
+}
+
+// GetMessageBlockByteSize returns the block size for the etype's messages.
+func (e RC4HMAC) GetMessageBlockByteSize() int {
+ return 1
+}
+
+// GetDefaultStringToKeyParams returns the default key derivation parameters in string form.
+func (e RC4HMAC) GetDefaultStringToKeyParams() string {
+ return ""
+}
+
+// GetConfounderByteSize returns the byte count for confounder to be used during cryptographic operations.
+func (e RC4HMAC) GetConfounderByteSize() int {
+ return 8
+}
+
+// GetHMACBitLength returns the bit count size of the integrity hash.
+func (e RC4HMAC) GetHMACBitLength() int {
+ return md5.Size * 8
+}
+
+// GetCypherBlockBitLength returns the bit count size of the cypher block.
+func (e RC4HMAC) GetCypherBlockBitLength() int {
+ return 8 // doesn't really apply
+}
+
+// StringToKey returns a key derived from the string provided.
+func (e RC4HMAC) StringToKey(secret string, salt string, s2kparams string) ([]byte, error) {
+ return rfc4757.StringToKey(secret)
+}
+
+// RandomToKey returns a key from the bytes provided.
+func (e RC4HMAC) RandomToKey(b []byte) []byte {
+ r := bytes.NewReader(b)
+ h := md4.New()
+ io.Copy(h, r)
+ return h.Sum(nil)
+}
+
+// EncryptData encrypts the data provided.
+func (e RC4HMAC) EncryptData(key, data []byte) ([]byte, []byte, error) {
+ b, err := rfc4757.EncryptData(key, data, e)
+ return []byte{}, b, err
+}
+
+// EncryptMessage encrypts the message provided and concatenates it with the integrity hash to create an encrypted message.
+func (e RC4HMAC) EncryptMessage(key, message []byte, usage uint32) ([]byte, []byte, error) {
+ b, err := rfc4757.EncryptMessage(key, message, usage, false, e)
+ return []byte{}, b, err
+}
+
+// DecryptData decrypts the data provided.
+func (e RC4HMAC) DecryptData(key, data []byte) ([]byte, error) {
+ return rfc4757.DecryptData(key, data, e)
+}
+
+// DecryptMessage decrypts the message provided and verifies the integrity of the message.
+func (e RC4HMAC) DecryptMessage(key, ciphertext []byte, usage uint32) ([]byte, error) {
+ return rfc4757.DecryptMessage(key, ciphertext, usage, false, e)
+}
+
+// DeriveKey derives a key from the protocol key based on the usage value.
+func (e RC4HMAC) DeriveKey(protocolKey, usage []byte) ([]byte, error) {
+ return rfc4757.HMAC(protocolKey, usage), nil
+}
+
+// DeriveRandom generates data needed for key generation.
+func (e RC4HMAC) DeriveRandom(protocolKey, usage []byte) ([]byte, error) {
+ return rfc3961.DeriveRandom(protocolKey, usage, e)
+}
+
+// VerifyIntegrity checks the integrity of the plaintext message.
+func (e RC4HMAC) VerifyIntegrity(protocolKey, ct, pt []byte, usage uint32) bool {
+ return rfc4757.VerifyIntegrity(protocolKey, pt, ct, e)
+}
+
+// GetChecksumHash returns a keyed checksum hash of the bytes provided.
+func (e RC4HMAC) GetChecksumHash(protocolKey, data []byte, usage uint32) ([]byte, error) {
+ return rfc4757.Checksum(protocolKey, usage, data)
+}
+
+// VerifyChecksum compares the checksum of the message bytes is the same as the checksum provided.
+func (e RC4HMAC) VerifyChecksum(protocolKey, data, chksum []byte, usage uint32) bool {
+ checksum, err := rfc4757.Checksum(protocolKey, usage, data)
+ if err != nil {
+ return false
+ }
+ return hmac.Equal(checksum, chksum)
+}
diff --git a/vendor/github.com/jcmturner/gokrb5/v8/crypto/rfc3961/encryption.go b/vendor/github.com/jcmturner/gokrb5/v8/crypto/rfc3961/encryption.go
new file mode 100644
index 0000000..1383258
--- /dev/null
+++ b/vendor/github.com/jcmturner/gokrb5/v8/crypto/rfc3961/encryption.go
@@ -0,0 +1,119 @@
+// Package rfc3961 provides encryption and checksum methods as specified in RFC 3961
+package rfc3961
+
+import (
+ "crypto/cipher"
+ "crypto/des"
+ "crypto/hmac"
+ "crypto/rand"
+ "errors"
+ "fmt"
+
+ "github.com/jcmturner/gokrb5/v8/crypto/common"
+ "github.com/jcmturner/gokrb5/v8/crypto/etype"
+)
+
+// DES3EncryptData encrypts the data provided using DES3 and methods specific to the etype provided.
+func DES3EncryptData(key, data []byte, e etype.EType) ([]byte, []byte, error) {
+ if len(key) != e.GetKeyByteSize() {
+ return nil, nil, fmt.Errorf("incorrect keysize: expected: %v actual: %v", e.GetKeyByteSize(), len(key))
+ }
+ data, _ = common.ZeroPad(data, e.GetMessageBlockByteSize())
+
+ block, err := des.NewTripleDESCipher(key)
+ if err != nil {
+ return nil, nil, fmt.Errorf("error creating cipher: %v", err)
+ }
+
+ //RFC 3961: initial cipher state All bits zero
+ ivz := make([]byte, des.BlockSize)
+
+ ct := make([]byte, len(data))
+ mode := cipher.NewCBCEncrypter(block, ivz)
+ mode.CryptBlocks(ct, data)
+ return ct[len(ct)-e.GetMessageBlockByteSize():], ct, nil
+}
+
+// DES3EncryptMessage encrypts the message provided using DES3 and methods specific to the etype provided.
+// The encrypted data is concatenated with its integrity hash to create an encrypted message.
+func DES3EncryptMessage(key, message []byte, usage uint32, e etype.EType) ([]byte, []byte, error) {
+ //confounder
+ c := make([]byte, e.GetConfounderByteSize())
+ _, err := rand.Read(c)
+ if err != nil {
+ return []byte{}, []byte{}, fmt.Errorf("could not generate random confounder: %v", err)
+ }
+ plainBytes := append(c, message...)
+ plainBytes, _ = common.ZeroPad(plainBytes, e.GetMessageBlockByteSize())
+
+ // Derive key for encryption from usage
+ var k []byte
+ if usage != 0 {
+ k, err = e.DeriveKey(key, common.GetUsageKe(usage))
+ if err != nil {
+ return []byte{}, []byte{}, fmt.Errorf("error deriving key for encryption: %v", err)
+ }
+ }
+
+ iv, b, err := e.EncryptData(k, plainBytes)
+ if err != nil {
+ return iv, b, fmt.Errorf("error encrypting data: %v", err)
+ }
+
+ // Generate and append integrity hash
+ ih, err := common.GetIntegrityHash(plainBytes, key, usage, e)
+ if err != nil {
+ return iv, b, fmt.Errorf("error encrypting data: %v", err)
+ }
+ b = append(b, ih...)
+ return iv, b, nil
+}
+
+// DES3DecryptData decrypts the data provided using DES3 and methods specific to the etype provided.
+func DES3DecryptData(key, data []byte, e etype.EType) ([]byte, error) {
+ if len(key) != e.GetKeyByteSize() {
+ return []byte{}, fmt.Errorf("incorrect keysize: expected: %v actual: %v", e.GetKeyByteSize(), len(key))
+ }
+
+ if len(data) < des.BlockSize || len(data)%des.BlockSize != 0 {
+ return []byte{}, errors.New("ciphertext is not a multiple of the block size")
+ }
+ block, err := des.NewTripleDESCipher(key)
+ if err != nil {
+ return []byte{}, fmt.Errorf("error creating cipher: %v", err)
+ }
+ pt := make([]byte, len(data))
+ ivz := make([]byte, des.BlockSize)
+ mode := cipher.NewCBCDecrypter(block, ivz)
+ mode.CryptBlocks(pt, data)
+ return pt, nil
+}
+
+// DES3DecryptMessage decrypts the message provided using DES3 and methods specific to the etype provided.
+// The integrity of the message is also verified.
+func DES3DecryptMessage(key, ciphertext []byte, usage uint32, e etype.EType) ([]byte, error) {
+ //Derive the key
+ k, err := e.DeriveKey(key, common.GetUsageKe(usage))
+ if err != nil {
+ return nil, fmt.Errorf("error deriving key: %v", err)
+ }
+ // Strip off the checksum from the end
+ b, err := e.DecryptData(k, ciphertext[:len(ciphertext)-e.GetHMACBitLength()/8])
+ if err != nil {
+ return nil, fmt.Errorf("error decrypting: %v", err)
+ }
+ //Verify checksum
+ if !e.VerifyIntegrity(key, ciphertext, b, usage) {
+ return nil, errors.New("error decrypting: integrity verification failed")
+ }
+ //Remove the confounder bytes
+ return b[e.GetConfounderByteSize():], nil
+}
+
+// VerifyIntegrity verifies the integrity of cipertext bytes ct.
+func VerifyIntegrity(key, ct, pt []byte, usage uint32, etype etype.EType) bool {
+ h := make([]byte, etype.GetHMACBitLength()/8)
+ copy(h, ct[len(ct)-etype.GetHMACBitLength()/8:])
+ expectedMAC, _ := common.GetIntegrityHash(pt, key, usage, etype)
+ return hmac.Equal(h, expectedMAC)
+}
diff --git a/vendor/github.com/jcmturner/gokrb5/v8/crypto/rfc3961/keyDerivation.go b/vendor/github.com/jcmturner/gokrb5/v8/crypto/rfc3961/keyDerivation.go
new file mode 100644
index 0000000..ed9b169
--- /dev/null
+++ b/vendor/github.com/jcmturner/gokrb5/v8/crypto/rfc3961/keyDerivation.go
@@ -0,0 +1,169 @@
+package rfc3961
+
+import (
+ "bytes"
+
+ "github.com/jcmturner/gokrb5/v8/crypto/etype"
+)
+
+const (
+ prfconstant = "prf"
+)
+
+// DeriveRandom implements the RFC 3961 defined function: DR(Key, Constant) = k-truncate(E(Key, Constant, initial-cipher-state)).
+//
+// key: base key or protocol key. Likely to be a key from a keytab file.
+//
+// usage: a constant.
+//
+// n: block size in bits (not bytes) - note if you use something like aes.BlockSize this is in bytes.
+//
+// k: key length / key seed length in bits. Eg. for AES256 this value is 256.
+//
+// e: the encryption etype function to use.
+func DeriveRandom(key, usage []byte, e etype.EType) ([]byte, error) {
+ n := e.GetCypherBlockBitLength()
+ k := e.GetKeySeedBitLength()
+ //Ensure the usage constant is at least the size of the cypher block size. Pass it through the nfold algorithm that will "stretch" it if needs be.
+ nFoldUsage := Nfold(usage, n)
+ //k-truncate implemented by creating a byte array the size of k (k is in bits hence /8)
+ out := make([]byte, k/8)
+ // Keep feeding the output back into the encryption function until it is no longer short than k.
+ _, K, err := e.EncryptData(key, nFoldUsage)
+ if err != nil {
+ return out, err
+ }
+ for i := copy(out, K); i < len(out); {
+ _, K, _ = e.EncryptData(key, K)
+ i = i + copy(out[i:], K)
+ }
+ return out, nil
+}
+
+// DeriveKey derives a key from the protocol key based on the usage and the etype's specific methods.
+func DeriveKey(protocolKey, usage []byte, e etype.EType) ([]byte, error) {
+ r, err := e.DeriveRandom(protocolKey, usage)
+ if err != nil {
+ return nil, err
+ }
+ return e.RandomToKey(r), nil
+}
+
+// RandomToKey returns a key from the bytes provided according to the definition in RFC 3961.
+func RandomToKey(b []byte) []byte {
+ return b
+}
+
+// DES3RandomToKey returns a key from the bytes provided according to the definition in RFC 3961 for DES3 etypes.
+func DES3RandomToKey(b []byte) []byte {
+ r := fixWeakKey(stretch56Bits(b[:7]))
+ r2 := fixWeakKey(stretch56Bits(b[7:14]))
+ r = append(r, r2...)
+ r3 := fixWeakKey(stretch56Bits(b[14:21]))
+ r = append(r, r3...)
+ return r
+}
+
+// DES3StringToKey returns a key derived from the string provided according to the definition in RFC 3961 for DES3 etypes.
+func DES3StringToKey(secret, salt string, e etype.EType) ([]byte, error) {
+ s := secret + salt
+ tkey := e.RandomToKey(Nfold([]byte(s), e.GetKeySeedBitLength()))
+ return e.DeriveKey(tkey, []byte("kerberos"))
+}
+
+// PseudoRandom function as defined in RFC 3961
+func PseudoRandom(key, b []byte, e etype.EType) ([]byte, error) {
+ h := e.GetHashFunc()()
+ h.Write(b)
+ tmp := h.Sum(nil)[:e.GetMessageBlockByteSize()]
+ k, err := e.DeriveKey(key, []byte(prfconstant))
+ if err != nil {
+ return []byte{}, err
+ }
+ _, prf, err := e.EncryptData(k, tmp)
+ if err != nil {
+ return []byte{}, err
+ }
+ return prf, nil
+}
+
+func stretch56Bits(b []byte) []byte {
+ d := make([]byte, len(b), len(b))
+ copy(d, b)
+ var lb byte
+ for i, v := range d {
+ bv, nb := calcEvenParity(v)
+ d[i] = nb
+ if bv != 0 {
+ lb = lb | (1 << uint(i+1))
+ } else {
+ lb = lb &^ (1 << uint(i+1))
+ }
+ }
+ _, lb = calcEvenParity(lb)
+ d = append(d, lb)
+ return d
+}
+
+func calcEvenParity(b byte) (uint8, uint8) {
+ lowestbit := b & 0x01
+ // c counter of 1s in the first 7 bits of the byte
+ var c int
+ // Iterate over the highest 7 bits (hence p starts at 1 not zero) and count the 1s.
+ for p := 1; p < 8; p++ {
+ v := b & (1 << uint(p))
+ if v != 0 {
+ c++
+ }
+ }
+ if c%2 == 0 {
+ //Even number of 1s so set parity to 1
+ b = b | 1
+ } else {
+ //Odd number of 1s so set parity to 0
+ b = b &^ 1
+ }
+ return lowestbit, b
+}
+
+func fixWeakKey(b []byte) []byte {
+ if weak(b) {
+ b[7] ^= 0xF0
+ }
+ return b
+}
+
+func weak(b []byte) bool {
+ // weak keys from https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-67r1.pdf
+ weakKeys := [4][]byte{
+ {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01},
+ {0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE},
+ {0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1},
+ {0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E},
+ }
+ semiWeakKeys := [12][]byte{
+ {0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E},
+ {0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01},
+ {0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1},
+ {0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01},
+ {0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE},
+ {0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01},
+ {0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1},
+ {0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E},
+ {0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE},
+ {0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E},
+ {0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE},
+ {0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1},
+ }
+ for _, k := range weakKeys {
+ if bytes.Equal(b, k) {
+ return true
+ }
+ }
+ for _, k := range semiWeakKeys {
+ if bytes.Equal(b, k) {
+ return true
+ }
+ }
+ return false
+}
diff --git a/vendor/github.com/jcmturner/gokrb5/v8/crypto/rfc3961/nfold.go b/vendor/github.com/jcmturner/gokrb5/v8/crypto/rfc3961/nfold.go
new file mode 100644
index 0000000..9536b1e
--- /dev/null
+++ b/vendor/github.com/jcmturner/gokrb5/v8/crypto/rfc3961/nfold.go
@@ -0,0 +1,107 @@
+package rfc3961
+
+// Implementation of the n-fold algorithm as defined in RFC 3961.
+
+/* Credits
+This golang implementation of nfold used the following project for help with implementation detail.
+Although their source is in java it was helpful as a reference implementation of the RFC.
+You can find the source code of their open source project along with license information below.
+We acknowledge and are grateful to these developers for their contributions to open source
+
+Project: Apache Directory (http://http://directory.apache.org/)
+https://svn.apache.org/repos/asf/directory/apacheds/tags/1.5.1/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/NFold.java
+License: http://www.apache.org/licenses/LICENSE-2.0
+*/
+
+// Nfold expands the key to ensure it is not smaller than one cipher block.
+// Defined in RFC 3961.
+//
+// m input bytes that will be "stretched" to the least common multiple of n bits and the bit length of m.
+func Nfold(m []byte, n int) []byte {
+ k := len(m) * 8
+
+ //Get the lowest common multiple of the two bit sizes
+ lcm := lcm(n, k)
+ relicate := lcm / k
+ var sumBytes []byte
+
+ for i := 0; i < relicate; i++ {
+ rotation := 13 * i
+ sumBytes = append(sumBytes, rotateRight(m, rotation)...)
+ }
+
+ nfold := make([]byte, n/8)
+ sum := make([]byte, n/8)
+ for i := 0; i < lcm/n; i++ {
+ for j := 0; j < n/8; j++ {
+ sum[j] = sumBytes[j+(i*len(sum))]
+ }
+ nfold = onesComplementAddition(nfold, sum)
+ }
+ return nfold
+}
+
+func onesComplementAddition(n1, n2 []byte) []byte {
+ numBits := len(n1) * 8
+ out := make([]byte, numBits/8)
+ carry := 0
+ for i := numBits - 1; i > -1; i-- {
+ n1b := getBit(&n1, i)
+ n2b := getBit(&n2, i)
+ s := n1b + n2b + carry
+
+ if s == 0 || s == 1 {
+ setBit(&out, i, s)
+ carry = 0
+ } else if s == 2 {
+ carry = 1
+ } else if s == 3 {
+ setBit(&out, i, 1)
+ carry = 1
+ }
+ }
+ if carry == 1 {
+ carryArray := make([]byte, len(n1))
+ carryArray[len(carryArray)-1] = 1
+ out = onesComplementAddition(out, carryArray)
+ }
+ return out
+}
+
+func rotateRight(b []byte, step int) []byte {
+ out := make([]byte, len(b))
+ bitLen := len(b) * 8
+ for i := 0; i < bitLen; i++ {
+ v := getBit(&b, i)
+ setBit(&out, (i+step)%bitLen, v)
+ }
+ return out
+}
+
+func lcm(x, y int) int {
+ return (x * y) / gcd(x, y)
+}
+
+func gcd(x, y int) int {
+ for y != 0 {
+ x, y = y, x%y
+ }
+ return x
+}
+
+func getBit(b *[]byte, p int) int {
+ pByte := p / 8
+ pBit := uint(p % 8)
+ vByte := (*b)[pByte]
+ vInt := int(vByte >> (8 - (pBit + 1)) & 0x0001)
+ return vInt
+}
+
+func setBit(b *[]byte, p, v int) {
+ pByte := p / 8
+ pBit := uint(p % 8)
+ oldByte := (*b)[pByte]
+ var newByte byte
+ newByte = byte(v<<(8-(pBit+1))) | oldByte
+ (*b)[pByte] = newByte
+}
diff --git a/vendor/github.com/jcmturner/gokrb5/v8/crypto/rfc3962/encryption.go b/vendor/github.com/jcmturner/gokrb5/v8/crypto/rfc3962/encryption.go
new file mode 100644
index 0000000..5ff89e8
--- /dev/null
+++ b/vendor/github.com/jcmturner/gokrb5/v8/crypto/rfc3962/encryption.go
@@ -0,0 +1,89 @@
+// Package rfc3962 provides encryption and checksum methods as specified in RFC 3962
+package rfc3962
+
+import (
+ "crypto/rand"
+ "errors"
+ "fmt"
+
+ "github.com/jcmturner/aescts/v2"
+ "github.com/jcmturner/gokrb5/v8/crypto/common"
+ "github.com/jcmturner/gokrb5/v8/crypto/etype"
+)
+
+// EncryptData encrypts the data provided using methods specific to the etype provided as defined in RFC 3962.
+func EncryptData(key, data []byte, e etype.EType) ([]byte, []byte, error) {
+ if len(key) != e.GetKeyByteSize() {
+ return []byte{}, []byte{}, fmt.Errorf("incorrect keysize: expected: %v actual: %v", e.GetKeyByteSize(), len(key))
+ }
+ ivz := make([]byte, e.GetCypherBlockBitLength()/8)
+ return aescts.Encrypt(key, ivz, data)
+}
+
+// EncryptMessage encrypts the message provided using the methods specific to the etype provided as defined in RFC 3962.
+// The encrypted data is concatenated with its integrity hash to create an encrypted message.
+func EncryptMessage(key, message []byte, usage uint32, e etype.EType) ([]byte, []byte, error) {
+ if len(key) != e.GetKeyByteSize() {
+ return []byte{}, []byte{}, fmt.Errorf("incorrect keysize: expected: %v actual: %v", e.GetKeyByteSize(), len(key))
+ }
+ //confounder
+ c := make([]byte, e.GetConfounderByteSize())
+ _, err := rand.Read(c)
+ if err != nil {
+ return []byte{}, []byte{}, fmt.Errorf("could not generate random confounder: %v", err)
+ }
+ plainBytes := append(c, message...)
+
+ // Derive key for encryption from usage
+ var k []byte
+ if usage != 0 {
+ k, err = e.DeriveKey(key, common.GetUsageKe(usage))
+ if err != nil {
+ return []byte{}, []byte{}, fmt.Errorf("error deriving key for encryption: %v", err)
+ }
+ }
+
+ // Encrypt the data
+ iv, b, err := e.EncryptData(k, plainBytes)
+ if err != nil {
+ return iv, b, fmt.Errorf("error encrypting data: %v", err)
+ }
+
+ // Generate and append integrity hash
+ ih, err := common.GetIntegrityHash(plainBytes, key, usage, e)
+ if err != nil {
+ return iv, b, fmt.Errorf("error encrypting data: %v", err)
+ }
+ b = append(b, ih...)
+ return iv, b, nil
+}
+
+// DecryptData decrypts the data provided using the methods specific to the etype provided as defined in RFC 3962.
+func DecryptData(key, data []byte, e etype.EType) ([]byte, error) {
+ if len(key) != e.GetKeyByteSize() {
+ return []byte{}, fmt.Errorf("incorrect keysize: expected: %v actual: %v", e.GetKeyByteSize(), len(key))
+ }
+ ivz := make([]byte, e.GetCypherBlockBitLength()/8)
+ return aescts.Decrypt(key, ivz, data)
+}
+
+// DecryptMessage decrypts the message provided using the methods specific to the etype provided as defined in RFC 3962.
+// The integrity of the message is also verified.
+func DecryptMessage(key, ciphertext []byte, usage uint32, e etype.EType) ([]byte, error) {
+ //Derive the key
+ k, err := e.DeriveKey(key, common.GetUsageKe(usage))
+ if err != nil {
+ return nil, fmt.Errorf("error deriving key: %v", err)
+ }
+ // Strip off the checksum from the end
+ b, err := e.DecryptData(k, ciphertext[:len(ciphertext)-e.GetHMACBitLength()/8])
+ if err != nil {
+ return nil, err
+ }
+ //Verify checksum
+ if !e.VerifyIntegrity(key, ciphertext, b, usage) {
+ return nil, errors.New("integrity verification failed")
+ }
+ //Remove the confounder bytes
+ return b[e.GetConfounderByteSize():], nil
+}
diff --git a/vendor/github.com/jcmturner/gokrb5/v8/crypto/rfc3962/keyDerivation.go b/vendor/github.com/jcmturner/gokrb5/v8/crypto/rfc3962/keyDerivation.go
new file mode 100644
index 0000000..fb402d9
--- /dev/null
+++ b/vendor/github.com/jcmturner/gokrb5/v8/crypto/rfc3962/keyDerivation.go
@@ -0,0 +1,51 @@
+package rfc3962
+
+import (
+ "encoding/binary"
+ "encoding/hex"
+ "errors"
+
+ "github.com/jcmturner/gofork/x/crypto/pbkdf2"
+ "github.com/jcmturner/gokrb5/v8/crypto/etype"
+)
+
+const (
+ s2kParamsZero = 4294967296
+)
+
+// StringToKey returns a key derived from the string provided according to the definition in RFC 3961.
+func StringToKey(secret, salt, s2kparams string, e etype.EType) ([]byte, error) {
+ i, err := S2KparamsToItertions(s2kparams)
+ if err != nil {
+ return nil, err
+ }
+ return StringToKeyIter(secret, salt, i, e)
+}
+
+// StringToPBKDF2 generates an encryption key from a pass phrase and salt string using the PBKDF2 function from PKCS #5 v2.0
+func StringToPBKDF2(secret, salt string, iterations int64, e etype.EType) []byte {
+ return pbkdf2.Key64([]byte(secret), []byte(salt), iterations, int64(e.GetKeyByteSize()), e.GetHashFunc())
+}
+
+// StringToKeyIter returns a key derived from the string provided according to the definition in RFC 3961.
+func StringToKeyIter(secret, salt string, iterations int64, e etype.EType) ([]byte, error) {
+ tkey := e.RandomToKey(StringToPBKDF2(secret, salt, iterations, e))
+ return e.DeriveKey(tkey, []byte("kerberos"))
+}
+
+// S2KparamsToItertions converts the string representation of iterations to an integer
+func S2KparamsToItertions(s2kparams string) (int64, error) {
+ //The s2kparams string should be hex string representing 4 bytes
+ //The 4 bytes represent a number in big endian order
+ //If the value is zero then the number of iterations should be 4,294,967,296 (2^32)
+ var i uint32
+ if len(s2kparams) != 8 {
+ return int64(s2kParamsZero), errors.New("invalid s2kparams length")
+ }
+ b, err := hex.DecodeString(s2kparams)
+ if err != nil {
+ return int64(s2kParamsZero), errors.New("invalid s2kparams, cannot decode string to bytes")
+ }
+ i = binary.BigEndian.Uint32(b)
+ return int64(i), nil
+}
diff --git a/vendor/github.com/jcmturner/gokrb5/v8/crypto/rfc4757/checksum.go b/vendor/github.com/jcmturner/gokrb5/v8/crypto/rfc4757/checksum.go
new file mode 100644
index 0000000..45276e9
--- /dev/null
+++ b/vendor/github.com/jcmturner/gokrb5/v8/crypto/rfc4757/checksum.go
@@ -0,0 +1,40 @@
+package rfc4757
+
+import (
+ "bytes"
+ "crypto/hmac"
+ "crypto/md5"
+ "io"
+)
+
+// Checksum returns a hash of the data in accordance with RFC 4757
+func Checksum(key []byte, usage uint32, data []byte) ([]byte, error) {
+ // Create hashing key
+ s := append([]byte(`signaturekey`), byte(0x00)) //includes zero octet at end
+ mac := hmac.New(md5.New, key)
+ mac.Write(s)
+ Ksign := mac.Sum(nil)
+
+ // Format data
+ tb := UsageToMSMsgType(usage)
+ p := append(tb, data...)
+ h := md5.New()
+ rb := bytes.NewReader(p)
+ _, err := io.Copy(h, rb)
+ if err != nil {
+ return []byte{}, err
+ }
+ tmp := h.Sum(nil)
+
+ // Generate HMAC
+ mac = hmac.New(md5.New, Ksign)
+ mac.Write(tmp)
+ return mac.Sum(nil), nil
+}
+
+// HMAC returns a keyed MD5 checksum of the data
+func HMAC(key []byte, data []byte) []byte {
+ mac := hmac.New(md5.New, key)
+ mac.Write(data)
+ return mac.Sum(nil)
+}
diff --git a/vendor/github.com/jcmturner/gokrb5/v8/crypto/rfc4757/encryption.go b/vendor/github.com/jcmturner/gokrb5/v8/crypto/rfc4757/encryption.go
new file mode 100644
index 0000000..fdebe73
--- /dev/null
+++ b/vendor/github.com/jcmturner/gokrb5/v8/crypto/rfc4757/encryption.go
@@ -0,0 +1,80 @@
+// Package rfc4757 provides encryption and checksum methods as specified in RFC 4757
+package rfc4757
+
+import (
+ "crypto/hmac"
+ "crypto/rand"
+ "crypto/rc4"
+ "errors"
+ "fmt"
+
+ "github.com/jcmturner/gokrb5/v8/crypto/etype"
+)
+
+// EncryptData encrypts the data provided using methods specific to the etype provided as defined in RFC 4757.
+func EncryptData(key, data []byte, e etype.EType) ([]byte, error) {
+ if len(key) != e.GetKeyByteSize() {
+ return []byte{}, fmt.Errorf("incorrect keysize: expected: %v actual: %v", e.GetKeyByteSize(), len(key))
+ }
+ rc4Cipher, err := rc4.NewCipher(key)
+ if err != nil {
+ return []byte{}, fmt.Errorf("error creating RC4 cipher: %v", err)
+ }
+ ed := make([]byte, len(data))
+ copy(ed, data)
+ rc4Cipher.XORKeyStream(ed, ed)
+ rc4Cipher.Reset()
+ return ed, nil
+}
+
+// DecryptData decrypts the data provided using the methods specific to the etype provided as defined in RFC 4757.
+func DecryptData(key, data []byte, e etype.EType) ([]byte, error) {
+ return EncryptData(key, data, e)
+}
+
+// EncryptMessage encrypts the message provided using the methods specific to the etype provided as defined in RFC 4757.
+// The encrypted data is concatenated with its RC4 header containing integrity checksum and confounder to create an encrypted message.
+func EncryptMessage(key, data []byte, usage uint32, export bool, e etype.EType) ([]byte, error) {
+ confounder := make([]byte, e.GetConfounderByteSize()) // size = 8
+ _, err := rand.Read(confounder)
+ if err != nil {
+ return []byte{}, fmt.Errorf("error generating confounder: %v", err)
+ }
+ k1 := key
+ k2 := HMAC(k1, UsageToMSMsgType(usage))
+ toenc := append(confounder, data...)
+ chksum := HMAC(k2, toenc)
+ k3 := HMAC(k2, chksum)
+
+ ed, err := EncryptData(k3, toenc, e)
+ if err != nil {
+ return []byte{}, fmt.Errorf("error encrypting data: %v", err)
+ }
+
+ msg := append(chksum, ed...)
+ return msg, nil
+}
+
+// DecryptMessage decrypts the message provided using the methods specific to the etype provided as defined in RFC 4757.
+// The integrity of the message is also verified.
+func DecryptMessage(key, data []byte, usage uint32, export bool, e etype.EType) ([]byte, error) {
+ checksum := data[:e.GetHMACBitLength()/8]
+ ct := data[e.GetHMACBitLength()/8:]
+ _, k2, k3 := deriveKeys(key, checksum, usage, export)
+
+ pt, err := DecryptData(k3, ct, e)
+ if err != nil {
+ return []byte{}, fmt.Errorf("error decrypting data: %v", err)
+ }
+
+ if !VerifyIntegrity(k2, pt, data, e) {
+ return []byte{}, errors.New("integrity checksum incorrect")
+ }
+ return pt[e.GetConfounderByteSize():], nil
+}
+
+// VerifyIntegrity checks the integrity checksum of the data matches that calculated from the decrypted data.
+func VerifyIntegrity(key, pt, data []byte, e etype.EType) bool {
+ chksum := HMAC(key, pt)
+ return hmac.Equal(chksum, data[:e.GetHMACBitLength()/8])
+}
diff --git a/vendor/github.com/jcmturner/gokrb5/v8/crypto/rfc4757/keyDerivation.go b/vendor/github.com/jcmturner/gokrb5/v8/crypto/rfc4757/keyDerivation.go
new file mode 100644
index 0000000..d1f90c0
--- /dev/null
+++ b/vendor/github.com/jcmturner/gokrb5/v8/crypto/rfc4757/keyDerivation.go
@@ -0,0 +1,40 @@
+package rfc4757
+
+import (
+ "bytes"
+ "encoding/hex"
+ "errors"
+ "fmt"
+ "io"
+
+ "golang.org/x/crypto/md4"
+)
+
+// StringToKey returns a key derived from the string provided according to the definition in RFC 4757.
+func StringToKey(secret string) ([]byte, error) {
+ b := make([]byte, len(secret)*2, len(secret)*2)
+ for i, r := range secret {
+ u := fmt.Sprintf("%04x", r)
+ c, err := hex.DecodeString(u)
+ if err != nil {
+ return []byte{}, errors.New("character could not be encoded")
+ }
+ // Swap round the two bytes to make little endian as we put into byte slice
+ b[2*i] = c[1]
+ b[2*i+1] = c[0]
+ }
+ r := bytes.NewReader(b)
+ h := md4.New()
+ _, err := io.Copy(h, r)
+ if err != nil {
+ return []byte{}, err
+ }
+ return h.Sum(nil), nil
+}
+
+func deriveKeys(key, checksum []byte, usage uint32, export bool) (k1, k2, k3 []byte) {
+ k1 = key
+ k2 = HMAC(k1, UsageToMSMsgType(usage))
+ k3 = HMAC(k2, checksum)
+ return
+}
diff --git a/vendor/github.com/jcmturner/gokrb5/v8/crypto/rfc4757/msgtype.go b/vendor/github.com/jcmturner/gokrb5/v8/crypto/rfc4757/msgtype.go
new file mode 100644
index 0000000..068588d
--- /dev/null
+++ b/vendor/github.com/jcmturner/gokrb5/v8/crypto/rfc4757/msgtype.go
@@ -0,0 +1,20 @@
+package rfc4757
+
+import "encoding/binary"
+
+// UsageToMSMsgType converts Kerberos key usage numbers to Microsoft message type encoded as a little-endian four byte slice.
+func UsageToMSMsgType(usage uint32) []byte {
+ // Translate usage numbers to the Microsoft T numbers
+ switch usage {
+ case 3:
+ usage = 8
+ case 9:
+ usage = 8
+ case 23:
+ usage = 13
+ }
+ // Now convert to bytes
+ tb := make([]byte, 4) // We force an int32 input so we can't go over 4 bytes
+ binary.PutUvarint(tb, uint64(usage))
+ return tb
+}
diff --git a/vendor/github.com/jcmturner/gokrb5/v8/crypto/rfc8009/encryption.go b/vendor/github.com/jcmturner/gokrb5/v8/crypto/rfc8009/encryption.go
new file mode 100644
index 0000000..54cff7b
--- /dev/null
+++ b/vendor/github.com/jcmturner/gokrb5/v8/crypto/rfc8009/encryption.go
@@ -0,0 +1,125 @@
+// Package rfc8009 provides encryption and checksum methods as specified in RFC 8009
+package rfc8009
+
+import (
+ "crypto/aes"
+ "crypto/hmac"
+ "crypto/rand"
+ "errors"
+ "fmt"
+
+ "github.com/jcmturner/aescts/v2"
+ "github.com/jcmturner/gokrb5/v8/crypto/common"
+ "github.com/jcmturner/gokrb5/v8/crypto/etype"
+ "github.com/jcmturner/gokrb5/v8/iana/etypeID"
+)
+
+// EncryptData encrypts the data provided using methods specific to the etype provided as defined in RFC 8009.
+func EncryptData(key, data []byte, e etype.EType) ([]byte, []byte, error) {
+ kl := e.GetKeyByteSize()
+ if e.GetETypeID() == etypeID.AES256_CTS_HMAC_SHA384_192 {
+ kl = 32
+ }
+ if len(key) != kl {
+ return []byte{}, []byte{}, fmt.Errorf("incorrect keysize: expected: %v actual: %v", e.GetKeyByteSize(), len(key))
+ }
+ ivz := make([]byte, aes.BlockSize)
+ return aescts.Encrypt(key, ivz, data)
+}
+
+// EncryptMessage encrypts the message provided using the methods specific to the etype provided as defined in RFC 8009.
+// The encrypted data is concatenated with its integrity hash to create an encrypted message.
+func EncryptMessage(key, message []byte, usage uint32, e etype.EType) ([]byte, []byte, error) {
+ kl := e.GetKeyByteSize()
+ if e.GetETypeID() == etypeID.AES256_CTS_HMAC_SHA384_192 {
+ kl = 32
+ }
+ if len(key) != kl {
+ return []byte{}, []byte{}, fmt.Errorf("incorrect keysize: expected: %v actual: %v", kl, len(key))
+ }
+ if len(key) != e.GetKeyByteSize() {
+ }
+ //confounder
+ c := make([]byte, e.GetConfounderByteSize())
+ _, err := rand.Read(c)
+ if err != nil {
+ return []byte{}, []byte{}, fmt.Errorf("could not generate random confounder: %v", err)
+ }
+ plainBytes := append(c, message...)
+
+ // Derive key for encryption from usage
+ var k []byte
+ if usage != 0 {
+ k, err = e.DeriveKey(key, common.GetUsageKe(usage))
+ if err != nil {
+ return []byte{}, []byte{}, fmt.Errorf("error deriving key for encryption: %v", err)
+ }
+ }
+
+ // Encrypt the data
+ iv, b, err := e.EncryptData(k, plainBytes)
+ if err != nil {
+ return iv, b, fmt.Errorf("error encrypting data: %v", err)
+ }
+
+ ivz := make([]byte, e.GetConfounderByteSize())
+ ih, err := GetIntegityHash(ivz, b, key, usage, e)
+ if err != nil {
+ return iv, b, fmt.Errorf("error encrypting data: %v", err)
+ }
+ b = append(b, ih...)
+ return iv, b, nil
+}
+
+// DecryptData decrypts the data provided using the methods specific to the etype provided as defined in RFC 8009.
+func DecryptData(key, data []byte, e etype.EType) ([]byte, error) {
+ kl := e.GetKeyByteSize()
+ if e.GetETypeID() == etypeID.AES256_CTS_HMAC_SHA384_192 {
+ kl = 32
+ }
+ if len(key) != kl {
+ return []byte{}, fmt.Errorf("incorrect keysize: expected: %v actual: %v", kl, len(key))
+ }
+ ivz := make([]byte, aes.BlockSize)
+ return aescts.Decrypt(key, ivz, data)
+}
+
+// DecryptMessage decrypts the message provided using the methods specific to the etype provided as defined in RFC 8009.
+// The integrity of the message is also verified.
+func DecryptMessage(key, ciphertext []byte, usage uint32, e etype.EType) ([]byte, error) {
+ //Derive the key
+ k, err := e.DeriveKey(key, common.GetUsageKe(usage))
+ if err != nil {
+ return nil, fmt.Errorf("error deriving key: %v", err)
+ }
+ // Strip off the checksum from the end
+ b, err := e.DecryptData(k, ciphertext[:len(ciphertext)-e.GetHMACBitLength()/8])
+ if err != nil {
+ return nil, err
+ }
+ //Verify checksum
+ if !e.VerifyIntegrity(key, ciphertext, b, usage) {
+ return nil, errors.New("integrity verification failed")
+ }
+ //Remove the confounder bytes
+ return b[e.GetConfounderByteSize():], nil
+}
+
+// GetIntegityHash returns a keyed integrity hash of the bytes provided as defined in RFC 8009
+func GetIntegityHash(iv, c, key []byte, usage uint32, e etype.EType) ([]byte, error) {
+ // Generate and append integrity hash
+ // Rather than calculating the hash over the confounder and plaintext
+ // it is calculated over the iv concatenated with the AES cipher output.
+ ib := append(iv, c...)
+ return common.GetIntegrityHash(ib, key, usage, e)
+}
+
+// VerifyIntegrity verifies the integrity of cipertext bytes ct.
+func VerifyIntegrity(key, ct []byte, usage uint32, etype etype.EType) bool {
+ h := make([]byte, etype.GetHMACBitLength()/8)
+ copy(h, ct[len(ct)-etype.GetHMACBitLength()/8:])
+ ivz := make([]byte, etype.GetConfounderByteSize())
+ ib := append(ivz, ct[:len(ct)-(etype.GetHMACBitLength()/8)]...)
+ expectedMAC, _ := common.GetIntegrityHash(ib, key, usage, etype)
+ return hmac.Equal(h, expectedMAC)
+}
diff --git a/vendor/github.com/jcmturner/gokrb5/v8/crypto/rfc8009/keyDerivation.go b/vendor/github.com/jcmturner/gokrb5/v8/crypto/rfc8009/keyDerivation.go
new file mode 100644
index 0000000..e947322
--- /dev/null
+++ b/vendor/github.com/jcmturner/gokrb5/v8/crypto/rfc8009/keyDerivation.go
@@ -0,0 +1,135 @@
+package rfc8009
+
+import (
+ "crypto/hmac"
+ "encoding/binary"
+ "encoding/hex"
+ "errors"
+
+ "github.com/jcmturner/gokrb5/v8/crypto/etype"
+ "github.com/jcmturner/gokrb5/v8/iana/etypeID"
+ "golang.org/x/crypto/pbkdf2"
+)
+
+const (
+ s2kParamsZero = 32768
+)
+
+// DeriveRandom for key derivation as defined in RFC 8009
+func DeriveRandom(protocolKey, usage []byte, e etype.EType) ([]byte, error) {
+ h := e.GetHashFunc()()
+ return KDF_HMAC_SHA2(protocolKey, []byte("prf"), usage, h.Size(), e), nil
+}
+
+// DeriveKey derives a key from the protocol key based on the usage and the etype's specific methods.
+//
+// https://tools.ietf.org/html/rfc8009#section-5
+func DeriveKey(protocolKey, label []byte, e etype.EType) []byte {
+ var context []byte
+ var kl int
+ // Key length is longer for aes256-cts-hmac-sha384-192 is it is a Ke or from StringToKey (where label is "kerberos")
+ if e.GetETypeID() == etypeID.AES256_CTS_HMAC_SHA384_192 {
+ Swtch:
+ switch label[len(label)-1] {
+ case 0x73:
+ // 0x73 is "s" so label could be kerberos meaning StringToKey so now check if the label is "kerberos"
+ kerblabel := []byte("kerberos")
+ if len(label) != len(kerblabel) {
+ break
+ }
+ for i, b := range label {
+ if b != kerblabel[i] {
+ kl = e.GetKeySeedBitLength()
+ break Swtch
+ }
+ }
+ if kl == 0 {
+ // This is StringToKey
+ kl = 256
+ }
+ case 0xAA:
+ // This is a Ke
+ kl = 256
+ }
+ }
+ if kl == 0 {
+ kl = e.GetKeySeedBitLength()
+ }
+ return e.RandomToKey(KDF_HMAC_SHA2(protocolKey, label, context, kl, e))
+}
+
+// RandomToKey returns a key from the bytes provided according to the definition in RFC 8009.
+func RandomToKey(b []byte) []byte {
+ return b
+}
+
+// StringToKey returns a key derived from the string provided according to the definition in RFC 8009.
+func StringToKey(secret, salt, s2kparams string, e etype.EType) ([]byte, error) {
+ i, err := S2KparamsToItertions(s2kparams)
+ if err != nil {
+ return nil, err
+ }
+ return StringToKeyIter(secret, salt, i, e)
+}
+
+// StringToKeyIter returns a key derived from the string provided according to the definition in RFC 8009.
+func StringToKeyIter(secret, salt string, iterations int, e etype.EType) ([]byte, error) {
+ tkey := e.RandomToKey(StringToPBKDF2(secret, salt, iterations, e))
+ return e.DeriveKey(tkey, []byte("kerberos"))
+}
+
+// StringToPBKDF2 generates an encryption key from a pass phrase and salt string using the PBKDF2 function from PKCS #5 v2.0
+func StringToPBKDF2(secret, salt string, iterations int, e etype.EType) []byte {
+ kl := e.GetKeyByteSize()
+ if e.GetETypeID() == etypeID.AES256_CTS_HMAC_SHA384_192 {
+ kl = 32
+ }
+ return pbkdf2.Key([]byte(secret), []byte(salt), iterations, kl, e.GetHashFunc())
+}
+
+// KDF_HMAC_SHA2 key derivation: https://tools.ietf.org/html/rfc8009#section-3
+func KDF_HMAC_SHA2(protocolKey, label, context []byte, kl int, e etype.EType) []byte {
+ //k: Length in bits of the key to be outputted, expressed in big-endian binary representation in 4 bytes.
+ k := make([]byte, 4, 4)
+ binary.BigEndian.PutUint32(k, uint32(kl))
+
+ c := make([]byte, 4, 4)
+ binary.BigEndian.PutUint32(c, uint32(1))
+ c = append(c, label...)
+ c = append(c, byte(0))
+ if len(context) > 0 {
+ c = append(c, context...)
+ }
+ c = append(c, k...)
+
+ mac := hmac.New(e.GetHashFunc(), protocolKey)
+ mac.Write(c)
+ return mac.Sum(nil)[:(kl / 8)]
+}
+
+// GetSaltP returns the salt value based on the etype name: https://tools.ietf.org/html/rfc8009#section-4
+func GetSaltP(salt, ename string) string {
+ b := []byte(ename)
+ b = append(b, byte(0))
+ b = append(b, []byte(salt)...)
+ return string(b)
+}
+
+// S2KparamsToItertions converts the string representation of iterations to an integer for RFC 8009.
+func S2KparamsToItertions(s2kparams string) (int, error) {
+ var i uint32
+ if len(s2kparams) != 8 {
+ return s2kParamsZero, errors.New("Invalid s2kparams length")
+ }
+ b, err := hex.DecodeString(s2kparams)
+ if err != nil {
+ return s2kParamsZero, errors.New("Invalid s2kparams, cannot decode string to bytes")
+ }
+ i = binary.BigEndian.Uint32(b)
+ //buf := bytes.NewBuffer(b)
+ //err = binary.Read(buf, binary.BigEndian, &i)
+ if err != nil {
+ return s2kParamsZero, errors.New("Invalid s2kparams, cannot convert to big endian int32")
+ }
+ return int(i), nil
+}