Blame - vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc8009/encryption.go - voltha-go

blob: 86aae098896b24749cd858f7c8cbcecfd0548c42 [file] [log] [blame]

Scott Baker	8461e15	2019-10-01 14:44:30 -0700	[diff] [blame]	1	// Package rfc8009 provides encryption and checksum methods as specified in RFC 8009
				2	package rfc8009
				3
				4	import (
				5	"crypto/aes"
				6	"crypto/hmac"
				7	"crypto/rand"
				8	"errors"
				9	"fmt"
				10
				11	"gopkg.in/jcmturner/aescts.v1"
				12	"gopkg.in/jcmturner/gokrb5.v7/crypto/common"
				13	"gopkg.in/jcmturner/gokrb5.v7/crypto/etype"
				14	"gopkg.in/jcmturner/gokrb5.v7/iana/etypeID"
				15	)
				16
				17	// EncryptData encrypts the data provided using methods specific to the etype provided as defined in RFC 8009.
				18	func EncryptData(key, data []byte, e etype.EType) ([]byte, []byte, error) {
				19	kl := e.GetKeyByteSize()
				20	if e.GetETypeID() == etypeID.AES256_CTS_HMAC_SHA384_192 {
				21	kl = 32
				22	}
				23	if len(key) != kl {
				24	return []byte{}, []byte{}, fmt.Errorf("incorrect keysize: expected: %v actual: %v", e.GetKeyByteSize(), len(key))
				25	}
				26	ivz := make([]byte, aes.BlockSize)
				27	return aescts.Encrypt(key, ivz, data)
				28	}
				29
				30	// EncryptMessage encrypts the message provided using the methods specific to the etype provided as defined in RFC 8009.
				31	// The encrypted data is concatenated with its integrity hash to create an encrypted message.
				32	func EncryptMessage(key, message []byte, usage uint32, e etype.EType) ([]byte, []byte, error) {
				33	kl := e.GetKeyByteSize()
				34	if e.GetETypeID() == etypeID.AES256_CTS_HMAC_SHA384_192 {
				35	kl = 32
				36	}
				37	if len(key) != kl {
				38	return []byte{}, []byte{}, fmt.Errorf("incorrect keysize: expected: %v actual: %v", kl, len(key))
				39	}
				40	if len(key) != e.GetKeyByteSize() {
				41	}
				42	//confounder
				43	c := make([]byte, e.GetConfounderByteSize())
				44	_, err := rand.Read(c)
				45	if err != nil {
				46	return []byte{}, []byte{}, fmt.Errorf("could not generate random confounder: %v", err)
				47	}
				48	plainBytes := append(c, message...)
				49
				50	// Derive key for encryption from usage
				51	var k []byte
				52	if usage != 0 {
				53	k, err = e.DeriveKey(key, common.GetUsageKe(usage))
				54	if err != nil {
				55	return []byte{}, []byte{}, fmt.Errorf("error deriving key for encryption: %v", err)
				56	}
				57	}
				58
				59	// Encrypt the data
				60	iv, b, err := e.EncryptData(k, plainBytes)
				61	if err != nil {
				62	return iv, b, fmt.Errorf("error encrypting data: %v", err)
				63	}
				64
				65	ivz := make([]byte, e.GetConfounderByteSize())
				66	ih, err := GetIntegityHash(ivz, b, key, usage, e)
				67	if err != nil {
				68	return iv, b, fmt.Errorf("error encrypting data: %v", err)
				69	}
				70	b = append(b, ih...)
				71	return iv, b, nil
				72	}
				73
				74	// DecryptData decrypts the data provided using the methods specific to the etype provided as defined in RFC 8009.
				75	func DecryptData(key, data []byte, e etype.EType) ([]byte, error) {
				76	kl := e.GetKeyByteSize()
				77	if e.GetETypeID() == etypeID.AES256_CTS_HMAC_SHA384_192 {
				78	kl = 32
				79	}
				80	if len(key) != kl {
				81	return []byte{}, fmt.Errorf("incorrect keysize: expected: %v actual: %v", kl, len(key))
				82	}
				83	ivz := make([]byte, aes.BlockSize)
				84	return aescts.Decrypt(key, ivz, data)
				85	}
				86
				87	// DecryptMessage decrypts the message provided using the methods specific to the etype provided as defined in RFC 8009.
				88	// The integrity of the message is also verified.
				89	func DecryptMessage(key, ciphertext []byte, usage uint32, e etype.EType) ([]byte, error) {
				90	//Derive the key
				91	k, err := e.DeriveKey(key, common.GetUsageKe(usage))
				92	if err != nil {
				93	return nil, fmt.Errorf("error deriving key: %v", err)
				94	}
				95	// Strip off the checksum from the end
				96	b, err := e.DecryptData(k, ciphertext[:len(ciphertext)-e.GetHMACBitLength()/8])
				97	if err != nil {
				98	return nil, err
				99	}
				100	//Verify checksum
				101	if !e.VerifyIntegrity(key, ciphertext, b, usage) {
				102	return nil, errors.New("integrity verification failed")
				103	}
				104	//Remove the confounder bytes
				105	return b[e.GetConfounderByteSize():], nil
				106	}
				107
				108	// GetIntegityHash returns a keyed integrity hash of the bytes provided as defined in RFC 8009
				109	func GetIntegityHash(iv, c, key []byte, usage uint32, e etype.EType) ([]byte, error) {
				110	// Generate and append integrity hash
				111	// The HMAC is calculated over the cipher state concatenated with the
				112	// AES output, instead of being calculated over the confounder and
				113	// plaintext. This allows the message receiver to verify the
				114	// integrity of the message before decrypting the message.
				115	// H = HMAC(Ki, IV \| C)
				116	ib := append(iv, c...)
				117	return common.GetIntegrityHash(ib, key, usage, e)
				118	}
				119
				120	// VerifyIntegrity verifies the integrity of cipertext bytes ct.
				121	func VerifyIntegrity(key, ct []byte, usage uint32, etype etype.EType) bool {
				122	h := make([]byte, etype.GetHMACBitLength()/8)
				123	copy(h, ct[len(ct)-etype.GetHMACBitLength()/8:])
				124	ivz := make([]byte, etype.GetConfounderByteSize())
				125	ib := append(ivz, ct[:len(ct)-(etype.GetHMACBitLength()/8)]...)
				126	expectedMAC, _ := common.GetIntegrityHash(ib, key, usage, etype)
				127	return hmac.Equal(h, expectedMAC)
				128	}