vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc8009/encryption.go - voltha-go - Gitiles

 // Package rfc8009 provides encryption and checksum methods as specified in RFC 8009
 package rfc8009

 import (
 	"crypto/aes"
 	"crypto/hmac"
 	"crypto/rand"
 	"errors"
 	"fmt"

 	"gopkg.in/jcmturner/aescts.v1"
 	"gopkg.in/jcmturner/gokrb5.v7/crypto/common"
 	"gopkg.in/jcmturner/gokrb5.v7/crypto/etype"
 	"gopkg.in/jcmturner/gokrb5.v7/iana/etypeID"
 )

 // EncryptData encrypts the data provided using methods specific to the etype provided as defined in RFC 8009.
 func EncryptData(key, data []byte, e etype.EType) ([]byte, []byte, error) {
 	kl := e.GetKeyByteSize()
 	if e.GetETypeID() == etypeID.AES256_CTS_HMAC_SHA384_192 {
 		kl = 32
 	}
 	if len(key) != kl {
 		return []byte{}, []byte{}, fmt.Errorf("incorrect keysize: expected: %v actual: %v", e.GetKeyByteSize(), len(key))
 	}
 	ivz := make([]byte, aes.BlockSize)
 	return aescts.Encrypt(key, ivz, data)
 }

 // EncryptMessage encrypts the message provided using the methods specific to the etype provided as defined in RFC 8009.
 // The encrypted data is concatenated with its integrity hash to create an encrypted message.
 func EncryptMessage(key, message []byte, usage uint32, e etype.EType) ([]byte, []byte, error) {
 	kl := e.GetKeyByteSize()
 	if e.GetETypeID() == etypeID.AES256_CTS_HMAC_SHA384_192 {
 		kl = 32
 	}
 	if len(key) != kl {
 		return []byte{}, []byte{}, fmt.Errorf("incorrect keysize: expected: %v actual: %v", kl, len(key))
 	}
 	if len(key) != e.GetKeyByteSize() {
 	}
 	//confounder
 	c := make([]byte, e.GetConfounderByteSize())
 	_, err := rand.Read(c)
 	if err != nil {
 		return []byte{}, []byte{}, fmt.Errorf("could not generate random confounder: %v", err)
 	}
 	plainBytes := append(c, message...)

 	// Derive key for encryption from usage
 	var k []byte
 	if usage != 0 {
 		k, err = e.DeriveKey(key, common.GetUsageKe(usage))
 		if err != nil {
 			return []byte{}, []byte{}, fmt.Errorf("error deriving key for encryption: %v", err)
 		}
 	}

 	// Encrypt the data
 	iv, b, err := e.EncryptData(k, plainBytes)
 	if err != nil {
 		return iv, b, fmt.Errorf("error encrypting data: %v", err)
 	}

 	ivz := make([]byte, e.GetConfounderByteSize())
 	ih, err := GetIntegityHash(ivz, b, key, usage, e)
 	if err != nil {
 		return iv, b, fmt.Errorf("error encrypting data: %v", err)
 	}
 	b = append(b, ih...)
 	return iv, b, nil
 }

 // DecryptData decrypts the data provided using the methods specific to the etype provided as defined in RFC 8009.
 func DecryptData(key, data []byte, e etype.EType) ([]byte, error) {
 	kl := e.GetKeyByteSize()
 	if e.GetETypeID() == etypeID.AES256_CTS_HMAC_SHA384_192 {
 		kl = 32
 	}
 	if len(key) != kl {
 		return []byte{}, fmt.Errorf("incorrect keysize: expected: %v actual: %v", kl, len(key))
 	}
 	ivz := make([]byte, aes.BlockSize)
 	return aescts.Decrypt(key, ivz, data)
 }

 // DecryptMessage decrypts the message provided using the methods specific to the etype provided as defined in RFC 8009.
 // The integrity of the message is also verified.
 func DecryptMessage(key, ciphertext []byte, usage uint32, e etype.EType) ([]byte, error) {
 	//Derive the key
 	k, err := e.DeriveKey(key, common.GetUsageKe(usage))
 	if err != nil {
 		return nil, fmt.Errorf("error deriving key: %v", err)
 	}
 	// Strip off the checksum from the end
 	b, err := e.DecryptData(k, ciphertext[:len(ciphertext)-e.GetHMACBitLength()/8])
 	if err != nil {
 		return nil, err
 	}
 	//Verify checksum
 	if !e.VerifyIntegrity(key, ciphertext, b, usage) {
 		return nil, errors.New("integrity verification failed")
 	}
 	//Remove the confounder bytes
 	return b[e.GetConfounderByteSize():], nil
 }

 // GetIntegityHash returns a keyed integrity hash of the bytes provided as defined in RFC 8009
 func GetIntegityHash(iv, c, key []byte, usage uint32, e etype.EType) ([]byte, error) {
 	// Generate and append integrity hash
 	// The HMAC is calculated over the cipher state concatenated with the
 	// AES output, instead of being calculated over the confounder and
 	// plaintext.  This allows the message receiver to verify the
 	// integrity of the message before decrypting the message.
 	// H = HMAC(Ki, IV | C)
 	ib := append(iv, c...)
 	return common.GetIntegrityHash(ib, key, usage, e)
 }

 // VerifyIntegrity verifies the integrity of cipertext bytes ct.
 func VerifyIntegrity(key, ct []byte, usage uint32, etype etype.EType) bool {
 	h := make([]byte, etype.GetHMACBitLength()/8)
 	copy(h, ct[len(ct)-etype.GetHMACBitLength()/8:])
 	ivz := make([]byte, etype.GetConfounderByteSize())
 	ib := append(ivz, ct[:len(ct)-(etype.GetHMACBitLength()/8)]...)
 	expectedMAC, _ := common.GetIntegrityHash(ib, key, usage, etype)
 	return hmac.Equal(h, expectedMAC)
 }
	// Package rfc8009 provides encryption and checksum methods as specified in RFC 8009
	package rfc8009

	import (
	"crypto/aes"
	"crypto/hmac"
	"crypto/rand"
	"errors"
	"fmt"

	"gopkg.in/jcmturner/aescts.v1"
	"gopkg.in/jcmturner/gokrb5.v7/crypto/common"
	"gopkg.in/jcmturner/gokrb5.v7/crypto/etype"
	"gopkg.in/jcmturner/gokrb5.v7/iana/etypeID"
	)

	// EncryptData encrypts the data provided using methods specific to the etype provided as defined in RFC 8009.
	func EncryptData(key, data []byte, e etype.EType) ([]byte, []byte, error) {
	kl := e.GetKeyByteSize()
	if e.GetETypeID() == etypeID.AES256_CTS_HMAC_SHA384_192 {
	kl = 32
	}
	if len(key) != kl {
	return []byte{}, []byte{}, fmt.Errorf("incorrect keysize: expected: %v actual: %v", e.GetKeyByteSize(), len(key))
	}
	ivz := make([]byte, aes.BlockSize)
	return aescts.Encrypt(key, ivz, data)
	}

	// EncryptMessage encrypts the message provided using the methods specific to the etype provided as defined in RFC 8009.
	// The encrypted data is concatenated with its integrity hash to create an encrypted message.
	func EncryptMessage(key, message []byte, usage uint32, e etype.EType) ([]byte, []byte, error) {
	kl := e.GetKeyByteSize()
	if e.GetETypeID() == etypeID.AES256_CTS_HMAC_SHA384_192 {
	kl = 32
	}
	if len(key) != kl {
	return []byte{}, []byte{}, fmt.Errorf("incorrect keysize: expected: %v actual: %v", kl, len(key))
	}
	if len(key) != e.GetKeyByteSize() {
	}
	//confounder
	c := make([]byte, e.GetConfounderByteSize())
	_, err := rand.Read(c)
	if err != nil {
	return []byte{}, []byte{}, fmt.Errorf("could not generate random confounder: %v", err)
	}
	plainBytes := append(c, message...)

	// Derive key for encryption from usage
	var k []byte
	if usage != 0 {
	k, err = e.DeriveKey(key, common.GetUsageKe(usage))
	if err != nil {
	return []byte{}, []byte{}, fmt.Errorf("error deriving key for encryption: %v", err)
	}
	}

	// Encrypt the data
	iv, b, err := e.EncryptData(k, plainBytes)
	if err != nil {
	return iv, b, fmt.Errorf("error encrypting data: %v", err)
	}

	ivz := make([]byte, e.GetConfounderByteSize())
	ih, err := GetIntegityHash(ivz, b, key, usage, e)
	if err != nil {
	return iv, b, fmt.Errorf("error encrypting data: %v", err)
	}
	b = append(b, ih...)
	return iv, b, nil
	}

	// DecryptData decrypts the data provided using the methods specific to the etype provided as defined in RFC 8009.
	func DecryptData(key, data []byte, e etype.EType) ([]byte, error) {
	kl := e.GetKeyByteSize()
	if e.GetETypeID() == etypeID.AES256_CTS_HMAC_SHA384_192 {
	kl = 32
	}
	if len(key) != kl {
	return []byte{}, fmt.Errorf("incorrect keysize: expected: %v actual: %v", kl, len(key))
	}
	ivz := make([]byte, aes.BlockSize)
	return aescts.Decrypt(key, ivz, data)
	}

	// DecryptMessage decrypts the message provided using the methods specific to the etype provided as defined in RFC 8009.
	// The integrity of the message is also verified.
	func DecryptMessage(key, ciphertext []byte, usage uint32, e etype.EType) ([]byte, error) {
	//Derive the key
	k, err := e.DeriveKey(key, common.GetUsageKe(usage))
	if err != nil {
	return nil, fmt.Errorf("error deriving key: %v", err)
	}
	// Strip off the checksum from the end
	b, err := e.DecryptData(k, ciphertext[:len(ciphertext)-e.GetHMACBitLength()/8])
	if err != nil {
	return nil, err
	}
	//Verify checksum
	if !e.VerifyIntegrity(key, ciphertext, b, usage) {
	return nil, errors.New("integrity verification failed")
	}
	//Remove the confounder bytes
	return b[e.GetConfounderByteSize():], nil
	}

	// GetIntegityHash returns a keyed integrity hash of the bytes provided as defined in RFC 8009
	func GetIntegityHash(iv, c, key []byte, usage uint32, e etype.EType) ([]byte, error) {
	// Generate and append integrity hash
	// The HMAC is calculated over the cipher state concatenated with the
	// AES output, instead of being calculated over the confounder and
	// plaintext. This allows the message receiver to verify the
	// integrity of the message before decrypting the message.
	// H = HMAC(Ki, IV \| C)
	ib := append(iv, c...)
	return common.GetIntegrityHash(ib, key, usage, e)
	}

	// VerifyIntegrity verifies the integrity of cipertext bytes ct.
	func VerifyIntegrity(key, ct []byte, usage uint32, etype etype.EType) bool {
	h := make([]byte, etype.GetHMACBitLength()/8)
	copy(h, ct[len(ct)-etype.GetHMACBitLength()/8:])
	ivz := make([]byte, etype.GetConfounderByteSize())
	ib := append(ivz, ct[:len(ct)-(etype.GetHMACBitLength()/8)]...)
	expectedMAC, _ := common.GetIntegrityHash(ib, key, usage, etype)
	return hmac.Equal(h, expectedMAC)
	}