blob: 42f84b850b97447e598a26adc5cfabd548d29f46 [file] [log] [blame]
khenaidood948f772021-08-11 17:49:24 -04001package crypto
2
3import (
4 "bytes"
5 "crypto/hmac"
6 "crypto/md5"
7 "hash"
8 "io"
9
10 "github.com/jcmturner/gokrb5/v8/crypto/rfc3961"
11 "github.com/jcmturner/gokrb5/v8/crypto/rfc4757"
12 "github.com/jcmturner/gokrb5/v8/iana/chksumtype"
13 "github.com/jcmturner/gokrb5/v8/iana/etypeID"
14 "golang.org/x/crypto/md4"
15)
16
17// RC4HMAC implements Kerberos encryption type rc4-hmac
18type RC4HMAC struct {
19}
20
21// GetETypeID returns the EType ID number.
22func (e RC4HMAC) GetETypeID() int32 {
23 return etypeID.RC4_HMAC
24}
25
26// GetHashID returns the checksum type ID number.
27func (e RC4HMAC) GetHashID() int32 {
28 return chksumtype.KERB_CHECKSUM_HMAC_MD5
29}
30
31// GetKeyByteSize returns the number of bytes for key of this etype.
32func (e RC4HMAC) GetKeyByteSize() int {
33 return 16
34}
35
36// GetKeySeedBitLength returns the number of bits for the seed for key generation.
37func (e RC4HMAC) GetKeySeedBitLength() int {
38 return e.GetKeyByteSize() * 8
39}
40
41// GetHashFunc returns the hash function for this etype.
42func (e RC4HMAC) GetHashFunc() func() hash.Hash {
43 return md5.New
44}
45
46// GetMessageBlockByteSize returns the block size for the etype's messages.
47func (e RC4HMAC) GetMessageBlockByteSize() int {
48 return 1
49}
50
51// GetDefaultStringToKeyParams returns the default key derivation parameters in string form.
52func (e RC4HMAC) GetDefaultStringToKeyParams() string {
53 return ""
54}
55
56// GetConfounderByteSize returns the byte count for confounder to be used during cryptographic operations.
57func (e RC4HMAC) GetConfounderByteSize() int {
58 return 8
59}
60
61// GetHMACBitLength returns the bit count size of the integrity hash.
62func (e RC4HMAC) GetHMACBitLength() int {
63 return md5.Size * 8
64}
65
66// GetCypherBlockBitLength returns the bit count size of the cypher block.
67func (e RC4HMAC) GetCypherBlockBitLength() int {
68 return 8 // doesn't really apply
69}
70
71// StringToKey returns a key derived from the string provided.
72func (e RC4HMAC) StringToKey(secret string, salt string, s2kparams string) ([]byte, error) {
73 return rfc4757.StringToKey(secret)
74}
75
76// RandomToKey returns a key from the bytes provided.
77func (e RC4HMAC) RandomToKey(b []byte) []byte {
78 r := bytes.NewReader(b)
79 h := md4.New()
80 io.Copy(h, r)
81 return h.Sum(nil)
82}
83
84// EncryptData encrypts the data provided.
85func (e RC4HMAC) EncryptData(key, data []byte) ([]byte, []byte, error) {
86 b, err := rfc4757.EncryptData(key, data, e)
87 return []byte{}, b, err
88}
89
90// EncryptMessage encrypts the message provided and concatenates it with the integrity hash to create an encrypted message.
91func (e RC4HMAC) EncryptMessage(key, message []byte, usage uint32) ([]byte, []byte, error) {
92 b, err := rfc4757.EncryptMessage(key, message, usage, false, e)
93 return []byte{}, b, err
94}
95
96// DecryptData decrypts the data provided.
97func (e RC4HMAC) DecryptData(key, data []byte) ([]byte, error) {
98 return rfc4757.DecryptData(key, data, e)
99}
100
101// DecryptMessage decrypts the message provided and verifies the integrity of the message.
102func (e RC4HMAC) DecryptMessage(key, ciphertext []byte, usage uint32) ([]byte, error) {
103 return rfc4757.DecryptMessage(key, ciphertext, usage, false, e)
104}
105
106// DeriveKey derives a key from the protocol key based on the usage value.
107func (e RC4HMAC) DeriveKey(protocolKey, usage []byte) ([]byte, error) {
108 return rfc4757.HMAC(protocolKey, usage), nil
109}
110
111// DeriveRandom generates data needed for key generation.
112func (e RC4HMAC) DeriveRandom(protocolKey, usage []byte) ([]byte, error) {
113 return rfc3961.DeriveRandom(protocolKey, usage, e)
114}
115
116// VerifyIntegrity checks the integrity of the plaintext message.
117func (e RC4HMAC) VerifyIntegrity(protocolKey, ct, pt []byte, usage uint32) bool {
118 return rfc4757.VerifyIntegrity(protocolKey, pt, ct, e)
119}
120
121// GetChecksumHash returns a keyed checksum hash of the bytes provided.
122func (e RC4HMAC) GetChecksumHash(protocolKey, data []byte, usage uint32) ([]byte, error) {
123 return rfc4757.Checksum(protocolKey, usage, data)
124}
125
126// VerifyChecksum compares the checksum of the message bytes is the same as the checksum provided.
127func (e RC4HMAC) VerifyChecksum(protocolKey, data, chksum []byte, usage uint32) bool {
128 checksum, err := rfc4757.Checksum(protocolKey, usage, data)
129 if err != nil {
130 return false
131 }
132 return hmac.Equal(checksum, chksum)
133}