support big.Int for iterations within key derivation

move asn1 workaround to new repo

asn1tools/tools.go

@@ -2,7 +2,7 @@
 package asn1tools
 
 import (
-	"github.com/jcmturner/asn1"
+	"github.com/jcmturner/gofork/encoding/asn1"
 )
 
 // MarshalLengthBytes returns the ASN1 encoded bytes for the length 'l'

config/krb5conf.go

@@ -14,7 +14,7 @@ import (
 	"strings"
 	"time"
 
-	"github.com/jcmturner/asn1"
+	"github.com/jcmturner/gofork/encoding/asn1"
 	"gopkg.in/jcmturner/gokrb5.v2/iana/etypeID"
 )
 

config/krb5conf_test.go

@@ -307,7 +307,7 @@ func TestResolveRealm(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.domainName, func(t *testing.T) {
 			if got := c.ResolveRealm(tt.domainName); got != tt.want {
-				t.Errorf("Config.ResolveRealm() = %v, want %v", got, tt.want)
+				t.Errorf("config.ResolveRealm() = %v, want %v", got, tt.want)
 			}
 		})
 	}

credentials/ccache.go

@@ -4,7 +4,7 @@ import (
 	"bytes"
 	"encoding/binary"
 	"errors"
-	"github.com/jcmturner/asn1"
+	"github.com/jcmturner/gofork/encoding/asn1"
 	"gopkg.in/jcmturner/gokrb5.v2/types"
 	"io/ioutil"
 	"strings"

crypto/aes128-cts-hmac-sha1-96_test.go

@@ -5,6 +5,7 @@ import (
 	"github.com/stretchr/testify/assert"
 	"gopkg.in/jcmturner/gokrb5.v2/crypto/common"
 	"gopkg.in/jcmturner/gokrb5.v2/crypto/rfc3962"
+	"math/big"
 	"testing"
 )
 
@@ -15,7 +16,7 @@ func TestAes128CtsHmacSha196_StringToKey(t *testing.T) {
 	b, _ = hex.DecodeString("f09d849e")
 	s2 := string(b)
 	var tests = []struct {
-		iterations int
+		iterations int64
 		phrase     string
 		salt       string
 		pbkdf2     string
@@ -32,8 +33,8 @@ func TestAes128CtsHmacSha196_StringToKey(t *testing.T) {
 	var e Aes128CtsHmacSha96
 	for i, test := range tests {
 
-		assert.Equal(t, test.pbkdf2, hex.EncodeToString(rfc3962.StringToPBKDF2(test.phrase, test.salt, test.iterations, e)), "PBKDF2 not as expected")
-		k, err := e.StringToKey(test.phrase, test.salt, common.IterationsToS2Kparams(test.iterations))
+		assert.Equal(t, test.pbkdf2, hex.EncodeToString(rfc3962.StringToPBKDF2(test.phrase, test.salt, big.NewInt(test.iterations), e)), "PBKDF2 not as expected")
+		k, err := e.StringToKey(test.phrase, test.salt, common.IterationsToS2Kparams(uint32(test.iterations)))
 		if err != nil {
 			t.Errorf("Error in processing string to key for test %d: %v", i, err)
 		}

crypto/aes128-cts-hmac-sha256-128_test.go

@@ -14,7 +14,7 @@ func TestAes128CtsHmacSha256128_StringToKey(t *testing.T) {
 	r, _ := hex.DecodeString("10DF9DD783E5BC8ACEA1730E74355F61")
 	s := string(r)
 	var tests = []struct {
-		iterations int
+		iterations uint32
 		phrase     string
 		salt       string
 		saltp      string

crypto/aes256-cts-hmac-sha1-96_test.go

@@ -5,6 +5,7 @@ import (
 	"github.com/stretchr/testify/assert"
 	"gopkg.in/jcmturner/gokrb5.v2/crypto/common"
 	"gopkg.in/jcmturner/gokrb5.v2/crypto/rfc3962"
+	"math/big"
 	"testing"
 )
 
@@ -15,7 +16,7 @@ func TestAes256CtsHmacSha196_StringToKey(t *testing.T) {
 	b, _ = hex.DecodeString("f09d849e")
 	s2 := string(b)
 	var tests = []struct {
-		iterations int
+		iterations int64
 		phrase     string
 		salt       string
 		pbkdf2     string
@@ -32,8 +33,8 @@ func TestAes256CtsHmacSha196_StringToKey(t *testing.T) {
 	var e Aes256CtsHmacSha96
 	for i, test := range tests {
 
-		assert.Equal(t, test.pbkdf2, hex.EncodeToString(rfc3962.StringToPBKDF2(test.phrase, test.salt, test.iterations, e)), "PBKDF2 not as expected")
-		k, err := e.StringToKey(test.phrase, test.salt, common.IterationsToS2Kparams(test.iterations))
+		assert.Equal(t, test.pbkdf2, hex.EncodeToString(rfc3962.StringToPBKDF2(test.phrase, test.salt, big.NewInt(test.iterations), e)), "PBKDF2 not as expected")
+		k, err := e.StringToKey(test.phrase, test.salt, common.IterationsToS2Kparams(uint32(test.iterations)))
 		if err != nil {
 			t.Errorf("Error in processing string to key for test %d: %v", i, err)
 		}

crypto/aes256-cts-hmac-sha384-192_test.go

@@ -14,7 +14,7 @@ func TestAes256CtsHmacSha384192_StringToKey(t *testing.T) {
 	r, _ := hex.DecodeString("10DF9DD783E5BC8ACEA1730E74355F61")
 	s := string(r)
 	var tests = []struct {
-		iterations int
+		iterations uint32
 		phrase     string
 		salt       string
 		saltp      string

crypto/common/common.go

@@ -11,10 +11,6 @@ import (
 	"gopkg.in/jcmturner/gokrb5.v2/crypto/etype"
 )
 
-const (
-	s2kParamsZero = 4294967296
-)
-
 // ZeroPad pads bytes with zeros to nearest multiple of message size m.
 func ZeroPad(b []byte, m int) ([]byte, error) {
 	if m <= 0 {
@@ -139,32 +135,8 @@ func getUsage(un uint32, o byte) []byte {
 }
 
 // IterationsToS2Kparams converts the number of iterations as an integer to a string representation.
-func IterationsToS2Kparams(i int) string {
+func IterationsToS2Kparams(i uint32) string {
 	b := make([]byte, 4, 4)
-	binary.BigEndian.PutUint32(b, uint32(i))
+	binary.BigEndian.PutUint32(b, i)
 	return hex.EncodeToString(b)
 }
-
-// S2KparamsToItertions converts the string representation of iterations to an integer
-func S2KparamsToItertions(s2kparams string) (int, error) {
-	//process s2kparams string
-	//The parameter string is four octets indicating an unsigned
-	//number in big-endian order.  This is the number of iterations to be
-	//performed.  If the value is 00 00 00 00, the number of iterations to
-	//be performed is 4,294,967,296 (2**32).
-	var i uint32
-	if len(s2kparams) != 8 {
-		return s2kParamsZero, errors.New("Invalid s2kparams length")
-	}
-	b, err := hex.DecodeString(s2kparams)
-	if err != nil {
-		return s2kParamsZero, errors.New("Invalid s2kparams, cannot decode string to bytes")
-	}
-	i = binary.BigEndian.Uint32(b)
-	//buf := bytes.NewBuffer(b)
-	//err = binary.Read(buf, binary.BigEndian, &i)
-	if err != nil {
-		return s2kParamsZero, errors.New("Invalid s2kparams, cannot convert to big endian int32")
-	}
-	return int(i), nil
-}

crypto/rfc3962/keyDerivation.go

@@ -1,27 +1,62 @@
 package rfc3962
 
 import (
-	"golang.org/x/crypto/pbkdf2"
-	"gopkg.in/jcmturner/gokrb5.v2/crypto/common"
+	"encoding/binary"
+	"encoding/hex"
+	"errors"
+	"github.com/jcmturner/gofork/x/crypto/pbkdf2"
 	"gopkg.in/jcmturner/gokrb5.v2/crypto/etype"
+	"math/big"
+)
+
+const (
+	s2kParamsZero = 4294967296
 )
 
 // StringToKey returns a key derived from the string provided according to the definition in RFC 3961.
 func StringToKey(secret, salt, s2kparams string, e etype.EType) ([]byte, error) {
-	i, err := common.S2KparamsToItertions(s2kparams)
+	i, err := S2KparamsToItertions(s2kparams)
 	if err != nil {
 		return nil, err
 	}
-	return StringToKeyIter(secret, salt, int(i), e)
+	return StringToKeyIter(secret, salt, i, e)
 }
 
 // StringToPBKDF2 generates an encryption key from a pass phrase and salt string using the PBKDF2 function from PKCS #5 v2.0
-func StringToPBKDF2(secret, salt string, iterations int, e etype.EType) []byte {
-	return pbkdf2.Key([]byte(secret), []byte(salt), iterations, e.GetKeyByteSize(), e.GetHashFunc())
+func StringToPBKDF2(secret, salt string, iterations *big.Int, e etype.EType) []byte {
+	return pbkdf2.KeyBigIter([]byte(secret), []byte(salt), iterations, e.GetKeyByteSize(), e.GetHashFunc())
 }
 
 // StringToKeyIter returns a key derived from the string provided according to the definition in RFC 3961.
-func StringToKeyIter(secret, salt string, iterations int, e etype.EType) ([]byte, error) {
+func StringToKeyIter(secret, salt string, iterations *big.Int, e etype.EType) ([]byte, error) {
 	tkey := e.RandomToKey(StringToPBKDF2(secret, salt, iterations, e))
 	return e.DeriveKey(tkey, []byte("kerberos"))
 }
+
+// S2KparamsToItertions converts the string representation of iterations to an integer
+func S2KparamsToItertions(s2kparams string) (*big.Int, error) {
+	//process s2kparams string
+	//The parameter string is four octets indicating an unsigned
+	//number in big-endian order.  This is the number of iterations to be
+	//performed.  If the value is 00 00 00 00, the number of iterations to
+	//be performed is 4,294,967,296 (2**32).
+	var i uint32
+	if len(s2kparams) != 8 {
+		i := big.NewInt(s2kParamsZero)
+		return i, errors.New("invalid s2kparams length")
+	}
+	b, err := hex.DecodeString(s2kparams)
+	if err != nil {
+		i := big.NewInt(s2kParamsZero)
+		return i, errors.New("invalid s2kparams, cannot decode string to bytes")
+	}
+	i = binary.BigEndian.Uint32(b)
+	//buf := bytes.NewBuffer(b)
+	//err = binary.Read(buf, binary.BigEndian, &i)
+	if err != nil {
+		i := big.NewInt(s2kParamsZero)
+		return i, errors.New("invalid s2kparams, cannot convert to big endian int32")
+	}
+	bigi := big.NewInt(int64(i))
+	return bigi, nil
+}

gssapi/ContextFlags.go

@@ -1,6 +1,6 @@
 package gssapi
 
-import "github.com/jcmturner/asn1"
+import "github.com/jcmturner/gofork/encoding/asn1"
 
 /*
 ContextFlags ::= BIT STRING {

gssapi/MechType.go

@@ -1,6 +1,6 @@
 package gssapi
 
-import "github.com/jcmturner/asn1"
+import "github.com/jcmturner/gofork/encoding/asn1"
 
 // MechTypeOIDKRB5 is the MechType OID for Kerberos 5
 var MechTypeOIDKRB5 = asn1.ObjectIdentifier{1, 2, 840, 113554, 1, 2, 2}

gssapi/NegotiationToken.go

@@ -3,7 +3,7 @@ package gssapi
 import (
 	"errors"
 	"fmt"
-	"github.com/jcmturner/asn1"
+	"github.com/jcmturner/gofork/encoding/asn1"
 	"gopkg.in/jcmturner/gokrb5.v2/credentials"
 	"gopkg.in/jcmturner/gokrb5.v2/messages"
 	"gopkg.in/jcmturner/gokrb5.v2/types"

gssapi/NegotiationToken_test.go

@@ -2,7 +2,7 @@ package gssapi
 
 import (
 	"encoding/hex"
-	"github.com/jcmturner/asn1"
+	"github.com/jcmturner/gofork/encoding/asn1"
 	"github.com/stretchr/testify/assert"
 	"testing"
 )

gssapi/gssapi.go

@@ -4,7 +4,7 @@ package gssapi
 import (
 	"errors"
 	"fmt"
-	"github.com/jcmturner/asn1"
+	"github.com/jcmturner/gofork/encoding/asn1"
 	"gopkg.in/jcmturner/gokrb5.v2/asn1tools"
 	"gopkg.in/jcmturner/gokrb5.v2/credentials"
 	"gopkg.in/jcmturner/gokrb5.v2/messages"

gssapi/gssapi_test.go

@@ -2,7 +2,7 @@ package gssapi
 
 import (
 	"encoding/hex"
-	"github.com/jcmturner/asn1"
+	"github.com/jcmturner/gofork/encoding/asn1"
 	"github.com/stretchr/testify/assert"
 	"testing"
 )

gssapi/krb5Token.go

@@ -5,7 +5,7 @@ import (
 	"encoding/hex"
 	"errors"
 	"fmt"
-	"github.com/jcmturner/asn1"
+	"github.com/jcmturner/gofork/encoding/asn1"
 	"gopkg.in/jcmturner/gokrb5.v2/asn1tools"
 	"gopkg.in/jcmturner/gokrb5.v2/credentials"
 	"gopkg.in/jcmturner/gokrb5.v2/crypto"

messages/APRep.go

@@ -2,7 +2,7 @@ package messages
 
 import (
 	"fmt"
-	"github.com/jcmturner/asn1"
+	"github.com/jcmturner/gofork/encoding/asn1"
 	"gopkg.in/jcmturner/gokrb5.v2/iana/asnAppTag"
 	"gopkg.in/jcmturner/gokrb5.v2/iana/msgtype"
 	"gopkg.in/jcmturner/gokrb5.v2/krberror"

messages/APReq.go

@@ -2,7 +2,7 @@ package messages
 
 import (
 	"fmt"
-	"github.com/jcmturner/asn1"
+	"github.com/jcmturner/gofork/encoding/asn1"
 	"gopkg.in/jcmturner/gokrb5.v2/asn1tools"
 	"gopkg.in/jcmturner/gokrb5.v2/crypto"
 	"gopkg.in/jcmturner/gokrb5.v2/iana"

messages/KDCRep.go

@@ -5,7 +5,7 @@ package messages
 
 import (
 	"fmt"
-	"github.com/jcmturner/asn1"
+	"github.com/jcmturner/gofork/encoding/asn1"
 	"gopkg.in/jcmturner/gokrb5.v2/config"
 	"gopkg.in/jcmturner/gokrb5.v2/credentials"
 	"gopkg.in/jcmturner/gokrb5.v2/crypto"

messages/KDCReq.go

@@ -10,7 +10,7 @@ import (
 	"math/big"
 	"time"
 
-	"github.com/jcmturner/asn1"
+	"github.com/jcmturner/gofork/encoding/asn1"
 	"gopkg.in/jcmturner/gokrb5.v2/asn1tools"
 	"gopkg.in/jcmturner/gokrb5.v2/config"
 	"gopkg.in/jcmturner/gokrb5.v2/crypto"

messages/KDCReq_test.go

@@ -3,7 +3,7 @@ package messages
 import (
 	"encoding/hex"
 	"fmt"
-	"github.com/jcmturner/asn1"
+	"github.com/jcmturner/gofork/encoding/asn1"
 	"github.com/stretchr/testify/assert"
 	"gopkg.in/jcmturner/gokrb5.v2/iana/msgtype"
 	"gopkg.in/jcmturner/gokrb5.v2/testdata"

messages/KRBCred.go

@@ -2,7 +2,7 @@ package messages
 
 import (
 	"fmt"
-	"github.com/jcmturner/asn1"
+	"github.com/jcmturner/gofork/encoding/asn1"
 	"gopkg.in/jcmturner/gokrb5.v2/crypto"
 	"gopkg.in/jcmturner/gokrb5.v2/iana/asnAppTag"
 	"gopkg.in/jcmturner/gokrb5.v2/iana/keyusage"

messages/KRBError.go

@@ -3,7 +3,7 @@ package messages
 
 import (
 	"fmt"
-	"github.com/jcmturner/asn1"
+	"github.com/jcmturner/gofork/encoding/asn1"
 	"gopkg.in/jcmturner/gokrb5.v2/iana"
 	"gopkg.in/jcmturner/gokrb5.v2/iana/asnAppTag"
 	"gopkg.in/jcmturner/gokrb5.v2/iana/errorcode"

messages/KRBPriv.go

@@ -2,7 +2,7 @@ package messages
 
 import (
 	"fmt"
-	"github.com/jcmturner/asn1"
+	"github.com/jcmturner/gofork/encoding/asn1"
 	"gopkg.in/jcmturner/gokrb5.v2/iana/asnAppTag"
 	"gopkg.in/jcmturner/gokrb5.v2/iana/msgtype"
 	"gopkg.in/jcmturner/gokrb5.v2/krberror"

messages/KRBSafe.go

@@ -2,7 +2,7 @@ package messages
 
 import (
 	"fmt"
-	"github.com/jcmturner/asn1"
+	"github.com/jcmturner/gofork/encoding/asn1"
 	"gopkg.in/jcmturner/gokrb5.v2/iana/asnAppTag"
 	"gopkg.in/jcmturner/gokrb5.v2/iana/msgtype"
 	"gopkg.in/jcmturner/gokrb5.v2/krberror"

messages/Ticket.go

@@ -3,7 +3,7 @@ package messages
 import (
 	"crypto/rand"
 	"fmt"
-	"github.com/jcmturner/asn1"
+	"github.com/jcmturner/gofork/encoding/asn1"
 	"gopkg.in/jcmturner/gokrb5.v2/asn1tools"
 	"gopkg.in/jcmturner/gokrb5.v2/crypto"
 	"gopkg.in/jcmturner/gokrb5.v2/iana"

types/Authenticator.go

@@ -4,7 +4,7 @@ package types
 import (
 	"crypto/rand"
 	"fmt"
-	"github.com/jcmturner/asn1"
+	"github.com/jcmturner/gofork/encoding/asn1"
 	"gopkg.in/jcmturner/gokrb5.v2/asn1tools"
 	"gopkg.in/jcmturner/gokrb5.v2/iana"
 	"gopkg.in/jcmturner/gokrb5.v2/iana/asnAppTag"

types/AuthorizationData.go

@@ -1,7 +1,7 @@
 package types
 
 import (
-	"github.com/jcmturner/asn1"
+	"github.com/jcmturner/gofork/encoding/asn1"
 )
 
 // Reference: https://www.ietf.org/rfc/rfc4120.txt

types/Cryptosystem.go

@@ -1,7 +1,7 @@
 package types
 
 import (
-	"github.com/jcmturner/asn1"
+	"github.com/jcmturner/gofork/encoding/asn1"
 )
 
 // Reference: https://www.ietf.org/rfc/rfc4120.txt

types/HostAddress.go

@@ -6,7 +6,7 @@ package types
 import (
 	"bytes"
 	"fmt"
-	"github.com/jcmturner/asn1"
+	"github.com/jcmturner/gofork/encoding/asn1"
 	"net"
 )
 

types/KerberosFlags.go

@@ -4,7 +4,7 @@ package types
 // Section: 5.2.8
 
 import (
-	"github.com/jcmturner/asn1"
+	"github.com/jcmturner/gofork/encoding/asn1"
 )
 
 /*

types/KerberosFlags_test.go

@@ -1,7 +1,7 @@
 package types
 
 import (
-	"github.com/jcmturner/asn1"
+	"github.com/jcmturner/gofork/encoding/asn1"
 	"github.com/stretchr/testify/assert"
 	"gopkg.in/jcmturner/gokrb5.v2/iana/flags"
 	"testing"

types/PAData.go

@@ -4,7 +4,7 @@ package types
 // Section: 5.2.7
 import (
 	"fmt"
-	"github.com/jcmturner/asn1"
+	"github.com/jcmturner/gofork/encoding/asn1"
 	"gopkg.in/jcmturner/gokrb5.v2/iana/patype"
 	"time"
 )

types/TypedData.go

@@ -1,6 +1,6 @@
 package types
 
-import "github.com/jcmturner/asn1"
+import "github.com/jcmturner/gofork/encoding/asn1"
 
 // TypedData implements RFC 4120 type: https://tools.ietf.org/html/rfc4120#section-5.9.1
 type TypedData struct {