WIP [VOL-2811] - Incorporate preliminary onu-adapter-go code into opencord repo
- reason "discovery-mibsync-complete" reached (via full MibUpload only, received data won't be stored yet)
- first review comments of patchset #4 considered
(please have a look into our inline-comments in Gerrit to know more about the current state)
- no refactoring done yet
Change-Id: Iac47817f8ce4bd28dd8132f530b0570d57ae99b8
Signed-off-by: Holger Hildebrandt <holger.hildebrandt@adtran.com>
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc3961/encryption.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc3961/encryption.go
new file mode 100644
index 0000000..6f550fa
--- /dev/null
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc3961/encryption.go
@@ -0,0 +1,125 @@
+// Package rfc3961 provides encryption and checksum methods as specified in RFC 3961
+package rfc3961
+
+import (
+ "crypto/cipher"
+ "crypto/des"
+ "crypto/hmac"
+ "crypto/rand"
+ "errors"
+ "fmt"
+
+ "gopkg.in/jcmturner/gokrb5.v7/crypto/common"
+ "gopkg.in/jcmturner/gokrb5.v7/crypto/etype"
+)
+
+// DES3EncryptData encrypts the data provided using DES3 and methods specific to the etype provided.
+func DES3EncryptData(key, data []byte, e etype.EType) ([]byte, []byte, error) {
+ if len(key) != e.GetKeyByteSize() {
+ return nil, nil, fmt.Errorf("incorrect keysize: expected: %v actual: %v", e.GetKeyByteSize(), len(key))
+ }
+ data, _ = common.ZeroPad(data, e.GetMessageBlockByteSize())
+
+ block, err := des.NewTripleDESCipher(key)
+ if err != nil {
+ return nil, nil, fmt.Errorf("error creating cipher: %v", err)
+ }
+
+ //RFC 3961: initial cipher state All bits zero
+ ivz := make([]byte, des.BlockSize)
+
+ ct := make([]byte, len(data))
+ mode := cipher.NewCBCEncrypter(block, ivz)
+ mode.CryptBlocks(ct, data)
+ return ct[len(ct)-e.GetMessageBlockByteSize():], ct, nil
+}
+
+// DES3EncryptMessage encrypts the message provided using DES3 and methods specific to the etype provided.
+// The encrypted data is concatenated with its integrity hash to create an encrypted message.
+func DES3EncryptMessage(key, message []byte, usage uint32, e etype.EType) ([]byte, []byte, error) {
+ //confounder
+ c := make([]byte, e.GetConfounderByteSize())
+ _, err := rand.Read(c)
+ if err != nil {
+ return []byte{}, []byte{}, fmt.Errorf("could not generate random confounder: %v", err)
+ }
+ plainBytes := append(c, message...)
+ plainBytes, _ = common.ZeroPad(plainBytes, e.GetMessageBlockByteSize())
+
+ // Derive key for encryption from usage
+ var k []byte
+ if usage != 0 {
+ k, err = e.DeriveKey(key, common.GetUsageKe(usage))
+ if err != nil {
+ return []byte{}, []byte{}, fmt.Errorf("error deriving key for encryption: %v", err)
+ }
+ }
+
+ iv, b, err := e.EncryptData(k, plainBytes)
+ if err != nil {
+ return iv, b, fmt.Errorf("error encrypting data: %v", err)
+ }
+
+ // Generate and append integrity hash
+ ih, err := common.GetIntegrityHash(plainBytes, key, usage, e)
+ if err != nil {
+ return iv, b, fmt.Errorf("error encrypting data: %v", err)
+ }
+ b = append(b, ih...)
+ return iv, b, nil
+}
+
+// DES3DecryptData decrypts the data provided using DES3 and methods specific to the etype provided.
+func DES3DecryptData(key, data []byte, e etype.EType) ([]byte, error) {
+ if len(key) != e.GetKeyByteSize() {
+ return []byte{}, fmt.Errorf("incorrect keysize: expected: %v actual: %v", e.GetKeyByteSize(), len(key))
+ }
+
+ if len(data) < des.BlockSize || len(data)%des.BlockSize != 0 {
+ return []byte{}, errors.New("ciphertext is not a multiple of the block size")
+ }
+ block, err := des.NewTripleDESCipher(key)
+ if err != nil {
+ return []byte{}, fmt.Errorf("error creating cipher: %v", err)
+ }
+ pt := make([]byte, len(data))
+ ivz := make([]byte, des.BlockSize)
+ mode := cipher.NewCBCDecrypter(block, ivz)
+ mode.CryptBlocks(pt, data)
+ return pt, nil
+}
+
+// DES3DecryptMessage decrypts the message provided using DES3 and methods specific to the etype provided.
+// The integrity of the message is also verified.
+func DES3DecryptMessage(key, ciphertext []byte, usage uint32, e etype.EType) ([]byte, error) {
+ //Derive the key
+ k, err := e.DeriveKey(key, common.GetUsageKe(usage))
+ if err != nil {
+ return nil, fmt.Errorf("error deriving key: %v", err)
+ }
+ // Strip off the checksum from the end
+ b, err := e.DecryptData(k, ciphertext[:len(ciphertext)-e.GetHMACBitLength()/8])
+ if err != nil {
+ return nil, fmt.Errorf("error decrypting: %v", err)
+ }
+ //Verify checksum
+ if !e.VerifyIntegrity(key, ciphertext, b, usage) {
+ return nil, errors.New("error decrypting: integrity verification failed")
+ }
+ //Remove the confounder bytes
+ return b[e.GetConfounderByteSize():], nil
+}
+
+// VerifyIntegrity verifies the integrity of cipertext bytes ct.
+func VerifyIntegrity(key, ct, pt []byte, usage uint32, etype etype.EType) bool {
+ //The ciphertext output is the concatenation of the output of the basic
+ //encryption function E and a (possibly truncated) HMAC using the
+ //specified hash function H, both applied to the plaintext with a
+ //random confounder prefix and sufficient padding to bring it to a
+ //multiple of the message block size. When the HMAC is computed, the
+ //key is used in the protocol key form.
+ h := make([]byte, etype.GetHMACBitLength()/8)
+ copy(h, ct[len(ct)-etype.GetHMACBitLength()/8:])
+ expectedMAC, _ := common.GetIntegrityHash(pt, key, usage, etype)
+ return hmac.Equal(h, expectedMAC)
+}
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc3961/keyDerivation.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc3961/keyDerivation.go
new file mode 100644
index 0000000..8c637a2
--- /dev/null
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc3961/keyDerivation.go
@@ -0,0 +1,178 @@
+package rfc3961
+
+import (
+ "bytes"
+
+ "gopkg.in/jcmturner/gokrb5.v7/crypto/etype"
+)
+
+const (
+ prfconstant = "prf"
+)
+
+// DeriveRandom implements the RFC 3961 defined function: DR(Key, Constant) = k-truncate(E(Key, Constant, initial-cipher-state)).
+//
+// key: base key or protocol key. Likely to be a key from a keytab file.
+//
+// usage: a constant.
+//
+// n: block size in bits (not bytes) - note if you use something like aes.BlockSize this is in bytes.
+//
+// k: key length / key seed length in bits. Eg. for AES256 this value is 256.
+//
+// e: the encryption etype function to use.
+func DeriveRandom(key, usage []byte, e etype.EType) ([]byte, error) {
+ n := e.GetCypherBlockBitLength()
+ k := e.GetKeySeedBitLength()
+ //Ensure the usage constant is at least the size of the cypher block size. Pass it through the nfold algorithm that will "stretch" it if needs be.
+ nFoldUsage := Nfold(usage, n)
+ //k-truncate implemented by creating a byte array the size of k (k is in bits hence /8)
+ out := make([]byte, k/8)
+
+ /*If the output of E is shorter than k bits, it is fed back into the encryption as many times as necessary.
+ The construct is as follows (where | indicates concatenation):
+
+ K1 = E(Key, n-fold(Constant), initial-cipher-state)
+ K2 = E(Key, K1, initial-cipher-state)
+ K3 = E(Key, K2, initial-cipher-state)
+ K4 = ...
+
+ DR(Key, Constant) = k-truncate(K1 | K2 | K3 | K4 ...)*/
+ _, K, err := e.EncryptData(key, nFoldUsage)
+ if err != nil {
+ return out, err
+ }
+ for i := copy(out, K); i < len(out); {
+ _, K, _ = e.EncryptData(key, K)
+ i = i + copy(out[i:], K)
+ }
+ return out, nil
+}
+
+// DeriveKey derives a key from the protocol key based on the usage and the etype's specific methods.
+func DeriveKey(protocolKey, usage []byte, e etype.EType) ([]byte, error) {
+ r, err := e.DeriveRandom(protocolKey, usage)
+ if err != nil {
+ return nil, err
+ }
+ return e.RandomToKey(r), nil
+}
+
+// RandomToKey returns a key from the bytes provided according to the definition in RFC 3961.
+func RandomToKey(b []byte) []byte {
+ return b
+}
+
+// DES3RandomToKey returns a key from the bytes provided according to the definition in RFC 3961 for DES3 etypes.
+func DES3RandomToKey(b []byte) []byte {
+ r := fixWeakKey(stretch56Bits(b[:7]))
+ r2 := fixWeakKey(stretch56Bits(b[7:14]))
+ r = append(r, r2...)
+ r3 := fixWeakKey(stretch56Bits(b[14:21]))
+ r = append(r, r3...)
+ return r
+}
+
+// DES3StringToKey returns a key derived from the string provided according to the definition in RFC 3961 for DES3 etypes.
+func DES3StringToKey(secret, salt string, e etype.EType) ([]byte, error) {
+ s := secret + salt
+ tkey := e.RandomToKey(Nfold([]byte(s), e.GetKeySeedBitLength()))
+ return e.DeriveKey(tkey, []byte("kerberos"))
+}
+
+// PseudoRandom function as defined in RFC 3961
+func PseudoRandom(key, b []byte, e etype.EType) ([]byte, error) {
+ h := e.GetHashFunc()()
+ h.Write(b)
+ tmp := h.Sum(nil)[:e.GetMessageBlockByteSize()]
+ k, err := e.DeriveKey(key, []byte(prfconstant))
+ if err != nil {
+ return []byte{}, err
+ }
+ _, prf, err := e.EncryptData(k, tmp)
+ if err != nil {
+ return []byte{}, err
+ }
+ return prf, nil
+}
+
+func stretch56Bits(b []byte) []byte {
+ d := make([]byte, len(b), len(b))
+ copy(d, b)
+ var lb byte
+ for i, v := range d {
+ bv, nb := calcEvenParity(v)
+ d[i] = nb
+ if bv != 0 {
+ lb = lb | (1 << uint(i+1))
+ } else {
+ lb = lb &^ (1 << uint(i+1))
+ }
+ }
+ _, lb = calcEvenParity(lb)
+ d = append(d, lb)
+ return d
+}
+
+func calcEvenParity(b byte) (uint8, uint8) {
+ lowestbit := b & 0x01
+ // c counter of 1s in the first 7 bits of the byte
+ var c int
+ // Iterate over the highest 7 bits (hence p starts at 1 not zero) and count the 1s.
+ for p := 1; p < 8; p++ {
+ v := b & (1 << uint(p))
+ if v != 0 {
+ c++
+ }
+ }
+ if c%2 == 0 {
+ //Even number of 1s so set parity to 1
+ b = b | 1
+ } else {
+ //Odd number of 1s so set parity to 0
+ b = b &^ 1
+ }
+ return lowestbit, b
+}
+
+func fixWeakKey(b []byte) []byte {
+ if weak(b) {
+ b[7] ^= 0xF0
+ }
+ return b
+}
+
+func weak(b []byte) bool {
+ // weak keys from https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-67r1.pdf
+ weakKeys := [4][]byte{
+ {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01},
+ {0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE},
+ {0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1},
+ {0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E},
+ }
+ semiWeakKeys := [12][]byte{
+ {0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E},
+ {0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01},
+ {0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1},
+ {0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01},
+ {0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE},
+ {0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01},
+ {0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1},
+ {0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E},
+ {0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE},
+ {0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E},
+ {0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE},
+ {0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1},
+ }
+ for _, k := range weakKeys {
+ if bytes.Equal(b, k) {
+ return true
+ }
+ }
+ for _, k := range semiWeakKeys {
+ if bytes.Equal(b, k) {
+ return true
+ }
+ }
+ return false
+}
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc3961/nfold.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc3961/nfold.go
new file mode 100644
index 0000000..779d1c6
--- /dev/null
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc3961/nfold.go
@@ -0,0 +1,128 @@
+package rfc3961
+
+/*
+Implementation of the n-fold algorithm as defined in RFC 3961.
+
+n-fold is an algorithm that takes m input bits and "stretches" them
+to form n output bits with equal contribution from each input bit to
+the output, as described in [Blumenthal96]:
+
+We first define a primitive called n-folding, which takes a
+variable-length input block and produces a fixed-length output
+sequence. The intent is to give each input bit approximately
+equal weight in determining the value of each output bit. Note
+that whenever we need to treat a string of octets as a number, the
+assumed representation is Big-Endian -- Most Significant Byte
+first.
+
+To n-fold a number X, replicate the input value to a length that
+is the least common multiple of n and the length of X. Before
+each repetition, the input is rotated to the right by 13 bit
+positions. The successive n-bit chunks are added together using
+1's-complement addition (that is, with end-around carry) to yield
+a n-bit result....
+*/
+
+/* Credits
+This golang implementation of nfold used the following project for help with implementation detail.
+Although their source is in java it was helpful as a reference implementation of the RFC.
+You can find the source code of their open source project along with license information below.
+We acknowledge and are grateful to these developers for their contributions to open source
+
+Project: Apache Directory (http://http://directory.apache.org/)
+https://svn.apache.org/repos/asf/directory/apacheds/tags/1.5.1/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/NFold.java
+License: http://www.apache.org/licenses/LICENSE-2.0
+*/
+
+// Nfold expands the key to ensure it is not smaller than one cipher block.
+// Defined in RFC 3961.
+//
+// m input bytes that will be "stretched" to the least common multiple of n bits and the bit length of m.
+func Nfold(m []byte, n int) []byte {
+ k := len(m) * 8
+
+ //Get the lowest common multiple of the two bit sizes
+ lcm := lcm(n, k)
+ relicate := lcm / k
+ var sumBytes []byte
+
+ for i := 0; i < relicate; i++ {
+ rotation := 13 * i
+ sumBytes = append(sumBytes, rotateRight(m, rotation)...)
+ }
+
+ nfold := make([]byte, n/8)
+ sum := make([]byte, n/8)
+ for i := 0; i < lcm/n; i++ {
+ for j := 0; j < n/8; j++ {
+ sum[j] = sumBytes[j+(i*len(sum))]
+ }
+ nfold = onesComplementAddition(nfold, sum)
+ }
+ return nfold
+}
+
+func onesComplementAddition(n1, n2 []byte) []byte {
+ numBits := len(n1) * 8
+ out := make([]byte, numBits/8)
+ carry := 0
+ for i := numBits - 1; i > -1; i-- {
+ n1b := getBit(&n1, i)
+ n2b := getBit(&n2, i)
+ s := n1b + n2b + carry
+
+ if s == 0 || s == 1 {
+ setBit(&out, i, s)
+ carry = 0
+ } else if s == 2 {
+ carry = 1
+ } else if s == 3 {
+ setBit(&out, i, 1)
+ carry = 1
+ }
+ }
+ if carry == 1 {
+ carryArray := make([]byte, len(n1))
+ carryArray[len(carryArray)-1] = 1
+ out = onesComplementAddition(out, carryArray)
+ }
+ return out
+}
+
+func rotateRight(b []byte, step int) []byte {
+ out := make([]byte, len(b))
+ bitLen := len(b) * 8
+ for i := 0; i < bitLen; i++ {
+ v := getBit(&b, i)
+ setBit(&out, (i+step)%bitLen, v)
+ }
+ return out
+}
+
+func lcm(x, y int) int {
+ return (x * y) / gcd(x, y)
+}
+
+func gcd(x, y int) int {
+ for y != 0 {
+ x, y = y, x%y
+ }
+ return x
+}
+
+func getBit(b *[]byte, p int) int {
+ pByte := p / 8
+ pBit := uint(p % 8)
+ vByte := (*b)[pByte]
+ vInt := int(vByte >> (8 - (pBit + 1)) & 0x0001)
+ return vInt
+}
+
+func setBit(b *[]byte, p, v int) {
+ pByte := p / 8
+ pBit := uint(p % 8)
+ oldByte := (*b)[pByte]
+ var newByte byte
+ newByte = byte(v<<(8-(pBit+1))) | oldByte
+ (*b)[pByte] = newByte
+}