VOL-2112 move to voltha-lib-go
Change-Id: Ic1af08003c1d2c698c0cce371e64f47b47b8d875
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc4757/checksum.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc4757/checksum.go
new file mode 100644
index 0000000..45276e9
--- /dev/null
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc4757/checksum.go
@@ -0,0 +1,40 @@
+package rfc4757
+
+import (
+ "bytes"
+ "crypto/hmac"
+ "crypto/md5"
+ "io"
+)
+
+// Checksum returns a hash of the data in accordance with RFC 4757
+func Checksum(key []byte, usage uint32, data []byte) ([]byte, error) {
+ // Create hashing key
+ s := append([]byte(`signaturekey`), byte(0x00)) //includes zero octet at end
+ mac := hmac.New(md5.New, key)
+ mac.Write(s)
+ Ksign := mac.Sum(nil)
+
+ // Format data
+ tb := UsageToMSMsgType(usage)
+ p := append(tb, data...)
+ h := md5.New()
+ rb := bytes.NewReader(p)
+ _, err := io.Copy(h, rb)
+ if err != nil {
+ return []byte{}, err
+ }
+ tmp := h.Sum(nil)
+
+ // Generate HMAC
+ mac = hmac.New(md5.New, Ksign)
+ mac.Write(tmp)
+ return mac.Sum(nil), nil
+}
+
+// HMAC returns a keyed MD5 checksum of the data
+func HMAC(key []byte, data []byte) []byte {
+ mac := hmac.New(md5.New, key)
+ mac.Write(data)
+ return mac.Sum(nil)
+}
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc4757/encryption.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc4757/encryption.go
new file mode 100644
index 0000000..0ec8b99
--- /dev/null
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc4757/encryption.go
@@ -0,0 +1,80 @@
+// Package rfc4757 provides encryption and checksum methods as specified in RFC 4757
+package rfc4757
+
+import (
+ "crypto/hmac"
+ "crypto/rand"
+ "crypto/rc4"
+ "errors"
+ "fmt"
+
+ "gopkg.in/jcmturner/gokrb5.v7/crypto/etype"
+)
+
+// EncryptData encrypts the data provided using methods specific to the etype provided as defined in RFC 4757.
+func EncryptData(key, data []byte, e etype.EType) ([]byte, error) {
+ if len(key) != e.GetKeyByteSize() {
+ return []byte{}, fmt.Errorf("incorrect keysize: expected: %v actual: %v", e.GetKeyByteSize(), len(key))
+ }
+ rc4Cipher, err := rc4.NewCipher(key)
+ if err != nil {
+ return []byte{}, fmt.Errorf("error creating RC4 cipher: %v", err)
+ }
+ ed := make([]byte, len(data))
+ copy(ed, data)
+ rc4Cipher.XORKeyStream(ed, ed)
+ rc4Cipher.Reset()
+ return ed, nil
+}
+
+// DecryptData decrypts the data provided using the methods specific to the etype provided as defined in RFC 4757.
+func DecryptData(key, data []byte, e etype.EType) ([]byte, error) {
+ return EncryptData(key, data, e)
+}
+
+// EncryptMessage encrypts the message provided using the methods specific to the etype provided as defined in RFC 4757.
+// The encrypted data is concatenated with its RC4 header containing integrity checksum and confounder to create an encrypted message.
+func EncryptMessage(key, data []byte, usage uint32, export bool, e etype.EType) ([]byte, error) {
+ confounder := make([]byte, e.GetConfounderByteSize()) // size = 8
+ _, err := rand.Read(confounder)
+ if err != nil {
+ return []byte{}, fmt.Errorf("error generating confounder: %v", err)
+ }
+ k1 := key
+ k2 := HMAC(k1, UsageToMSMsgType(usage))
+ toenc := append(confounder, data...)
+ chksum := HMAC(k2, toenc)
+ k3 := HMAC(k2, chksum)
+
+ ed, err := EncryptData(k3, toenc, e)
+ if err != nil {
+ return []byte{}, fmt.Errorf("error encrypting data: %v", err)
+ }
+
+ msg := append(chksum, ed...)
+ return msg, nil
+}
+
+// DecryptMessage decrypts the message provided using the methods specific to the etype provided as defined in RFC 4757.
+// The integrity of the message is also verified.
+func DecryptMessage(key, data []byte, usage uint32, export bool, e etype.EType) ([]byte, error) {
+ checksum := data[:e.GetHMACBitLength()/8]
+ ct := data[e.GetHMACBitLength()/8:]
+ _, k2, k3 := deriveKeys(key, checksum, usage, export)
+
+ pt, err := DecryptData(k3, ct, e)
+ if err != nil {
+ return []byte{}, fmt.Errorf("error decrypting data: %v", err)
+ }
+
+ if !VerifyIntegrity(k2, pt, data, e) {
+ return []byte{}, errors.New("integrity checksum incorrect")
+ }
+ return pt[e.GetConfounderByteSize():], nil
+}
+
+// VerifyIntegrity checks the integrity checksum of the data matches that calculated from the decrypted data.
+func VerifyIntegrity(key, pt, data []byte, e etype.EType) bool {
+ chksum := HMAC(key, pt)
+ return hmac.Equal(chksum, data[:e.GetHMACBitLength()/8])
+}
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc4757/keyDerivation.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc4757/keyDerivation.go
new file mode 100644
index 0000000..5e7ec48
--- /dev/null
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc4757/keyDerivation.go
@@ -0,0 +1,55 @@
+package rfc4757
+
+import (
+ "bytes"
+ "encoding/hex"
+ "errors"
+ "fmt"
+ "io"
+
+ "golang.org/x/crypto/md4"
+)
+
+// StringToKey returns a key derived from the string provided according to the definition in RFC 4757.
+func StringToKey(secret string) ([]byte, error) {
+ b := make([]byte, len(secret)*2, len(secret)*2)
+ for i, r := range secret {
+ u := fmt.Sprintf("%04x", r)
+ c, err := hex.DecodeString(u)
+ if err != nil {
+ return []byte{}, errors.New("character could not be encoded")
+ }
+ // Swap round the two bytes to make little endian as we put into byte slice
+ b[2*i] = c[1]
+ b[2*i+1] = c[0]
+ }
+ r := bytes.NewReader(b)
+ h := md4.New()
+ _, err := io.Copy(h, r)
+ if err != nil {
+ return []byte{}, err
+ }
+ return h.Sum(nil), nil
+}
+
+func deriveKeys(key, checksum []byte, usage uint32, export bool) (k1, k2, k3 []byte) {
+ //if export {
+ // L40 := make([]byte, 14, 14)
+ // copy(L40, []byte(`fortybits`))
+ // k1 = HMAC(key, L40)
+ //} else {
+ // tb := MessageTypeBytes(usage)
+ // k1 = HMAC(key, tb)
+ //}
+ //k2 = k1[:16]
+ //if export {
+ // mask := []byte{0xAB,0xAB,0xAB,0xAB,0xAB,0xAB,0xAB,0xAB,0xAB}
+ // copy(k1[7:16], mask)
+ //}
+ //k3 = HMAC(k1, checksum)
+ //return
+ k1 = key
+ k2 = HMAC(k1, UsageToMSMsgType(usage))
+ k3 = HMAC(k2, checksum)
+ return
+}
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc4757/msgtype.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc4757/msgtype.go
new file mode 100644
index 0000000..068588d
--- /dev/null
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/crypto/rfc4757/msgtype.go
@@ -0,0 +1,20 @@
+package rfc4757
+
+import "encoding/binary"
+
+// UsageToMSMsgType converts Kerberos key usage numbers to Microsoft message type encoded as a little-endian four byte slice.
+func UsageToMSMsgType(usage uint32) []byte {
+ // Translate usage numbers to the Microsoft T numbers
+ switch usage {
+ case 3:
+ usage = 8
+ case 9:
+ usage = 8
+ case 23:
+ usage = 13
+ }
+ // Now convert to bytes
+ tb := make([]byte, 4) // We force an int32 input so we can't go over 4 bytes
+ binary.PutUvarint(tb, uint64(usage))
+ return tb
+}