comments

asn1tools/tools.go

@@ -2,8 +2,11 @@
 package asn1tools
 
 // Get the ASN1 encoded bytes for the length 'l'
+//
 // There are two forms: short (for lengths between 0 and 127), and long definite (for lengths between 0 and 2^1008 -1).
+//
 // Short form: One octet. Bit 8 has value "0" and bits 7-1 give the length.
+//
 // Long form: Two to 127 octets. Bit 8 of first octet has value "1" and bits 7-1 give the number of additional length octets. Second and following octets give the length, base 256, most significant digit first.
 func MarshalLengthBytes(l int) []byte {
 	if l <= 127 {

messages/APRep.go

@@ -24,12 +24,14 @@ EncAPRepPart    ::= [APPLICATION 27] SEQUENCE {
 }
 */
 
+// RFC 4120 KRB_AP_REP: https://tools.ietf.org/html/rfc4120#section-5.5.2.
 type APRep struct {
 	PVNO    int                 `asn1:"explicit,tag:0"`
 	MsgType int                 `asn1:"explicit,tag:1"`
 	EncPart types.EncryptedData `asn1:"explicit,tag:2"`
 }
 
+// Encrypted part of KRB_AP_REP.
 type EncAPRepPart struct {
 	CTime          time.Time           `asn1:"generalized,explicit,tag:0"`
 	Cusec          int                 `asn1:"explicit,tag:1"`
@@ -37,6 +39,7 @@ type EncAPRepPart struct {
 	SequenceNumber int                 `asn1:"optional,explicit,tag:3"`
 }
 
+// Unmarshal bytes b into the APRep struct.
 func (a *APRep) Unmarshal(b []byte) error {
 	_, err := asn1.UnmarshalWithParams(b, a, fmt.Sprintf("application,explicit,tag:%v", asnAppTag.APREP))
 	if err != nil {
@@ -49,6 +52,7 @@ func (a *APRep) Unmarshal(b []byte) error {
 	return nil
 }
 
+// Unmarshal bytes b into the APRep encryoted part struct.
 func (a *EncAPRepPart) Unmarshal(b []byte) error {
 	_, err := asn1.UnmarshalWithParams(b, a, fmt.Sprintf("application,explicit,tag:%v", asnAppTag.EncAPRepPart))
 	if err != nil {

messages/APReq.go

@@ -35,6 +35,7 @@ type marshalAPReq struct {
 	Authenticator types.EncryptedData `asn1:"explicit,tag:4"`
 }
 
+// RFC 4120 KRB_AP_REQ: https://tools.ietf.org/html/rfc4120#section-5.5.1.
 type APReq struct {
 	PVNO          int                 `asn1:"explicit,tag:0"`
 	MsgType       int                 `asn1:"explicit,tag:1"`
@@ -43,6 +44,7 @@ type APReq struct {
 	Authenticator types.EncryptedData `asn1:"explicit,tag:4"`
 }
 
+// Generate a new KRB_AP_REQ struct.
 func NewAPReq(tkt types.Ticket, sessionKey types.EncryptionKey, auth types.Authenticator) (APReq, error) {
 	var a APReq
 	ed, err := encryptAuthenticator(auth, sessionKey)
@@ -59,6 +61,7 @@ func NewAPReq(tkt types.Ticket, sessionKey types.EncryptionKey, auth types.Authe
 	return a, nil
 }
 
+// Encrypt Authenticator
 func encryptAuthenticator(a types.Authenticator, sessionKey types.EncryptionKey) (types.EncryptedData, error) {
 	var ed types.EncryptedData
 	m, err := a.Marshal()
@@ -68,6 +71,7 @@ func encryptAuthenticator(a types.Authenticator, sessionKey types.EncryptionKey)
 	return crypto.GetEncryptedData(m, sessionKey, keyusage.TGS_REQ_PA_TGS_REQ_AP_REQ_AUTHENTICATOR, 0)
 }
 
+// Unmarshal bytes b into the APReq struct.
 func (a *APReq) Unmarshal(b []byte) error {
 	var m marshalAPReq
 	_, err := asn1.UnmarshalWithParams(b, &m, fmt.Sprintf("application,explicit,tag:%v", asnAppTag.APREQ))
@@ -88,6 +92,7 @@ func (a *APReq) Unmarshal(b []byte) error {
 	return nil
 }
 
+// ASN1 marshal APReq struct.
 func (a *APReq) Marshal() ([]byte, error) {
 	m := marshalAPReq{
 		PVNO:          a.PVNO,

messages/KDCRep.go

@@ -29,6 +29,7 @@ type marshalKDCRep struct {
 	EncPart types.EncryptedData `asn1:"explicit,tag:6"`
 }
 
+// KRB_KDC_REP struct fields.
 type KDCRepFields struct {
 	PVNO             int
 	MsgType          int
@@ -40,13 +41,17 @@ type KDCRepFields struct {
 	DecryptedEncPart EncKDCRepPart
 }
 
+// RFC 4120 KRB_AS_REP: https://tools.ietf.org/html/rfc4120#section-5.4.2.
 type ASRep struct {
 	KDCRepFields
 }
+
+// RFC 4120 KRB_TGS_REP: https://tools.ietf.org/html/rfc4120#section-5.4.2.
 type TGSRep struct {
 	KDCRepFields
 }
 
+// Encrypted part of KRB_KDC_REP.
 type EncKDCRepPart struct {
 	Key           types.EncryptionKey  `asn1:"explicit,tag:0"`
 	LastReqs      []LastReq            `asn1:"explicit,tag:1"`
@@ -63,11 +68,13 @@ type EncKDCRepPart struct {
 	EncPAData     types.PADataSequence `asn1:"explicit,optional,tag:12"`
 }
 
+// LastReq part of KRB_KDC_REP.
 type LastReq struct {
 	LRType  int       `asn1:"explicit,tag:0"`
 	LRValue time.Time `asn1:"generalized,explicit,tag:1"`
 }
 
+// Unmarshal bytes b into the ASRep struct.
 func (k *ASRep) Unmarshal(b []byte) error {
 	var m marshalKDCRep
 	_, err := asn1.UnmarshalWithParams(b, &m, fmt.Sprintf("application,explicit,tag:%v", asnAppTag.ASREP))
@@ -94,6 +101,7 @@ func (k *ASRep) Unmarshal(b []byte) error {
 	return nil
 }
 
+// Unmarshal bytes b into the TGSRep struct.
 func (k *TGSRep) Unmarshal(b []byte) error {
 	var m marshalKDCRep
 	_, err := asn1.UnmarshalWithParams(b, &m, fmt.Sprintf("application,explicit,tag:%v", asnAppTag.TGSREP))
@@ -120,6 +128,7 @@ func (k *TGSRep) Unmarshal(b []byte) error {
 	return nil
 }
 
+// Unmarshal bytes b into encrypted part of KRB_KDC_REP.
 func (e *EncKDCRepPart) Unmarshal(b []byte) error {
 	_, err := asn1.UnmarshalWithParams(b, e, fmt.Sprintf("application,explicit,tag:%v", asnAppTag.EncASRepPart))
 	if err != nil {
@@ -136,6 +145,7 @@ func (e *EncKDCRepPart) Unmarshal(b []byte) error {
 	return err
 }
 
+// Decrypt the encrypted part of an AS_REP.
 func (k *ASRep) DecryptEncPart(c *credentials.Credentials) error {
 	var key types.EncryptionKey
 	var err error
@@ -170,6 +180,7 @@ func (k *ASRep) DecryptEncPart(c *credentials.Credentials) error {
 	return nil
 }
 
+// Check validity of AS_REP message.
 func (k *ASRep) IsValid(cfg *config.Config, asReq ASReq) (bool, error) {
 	//Ref RFC 4120 Section 3.1.5
 	if k.CName.NameType != asReq.ReqBody.CName.NameType || k.CName.NameString == nil {
@@ -229,6 +240,7 @@ func (k *ASRep) IsValid(cfg *config.Config, asReq ASReq) (bool, error) {
 	return true, nil
 }
 
+// Decrypt the encrypted part of an TGS_REP.
 func (k *TGSRep) DecryptEncPart(key types.EncryptionKey) error {
 	b, err := crypto.DecryptEncPart(k.EncPart, key, keyusage.TGS_REP_ENCPART_SESSION_KEY)
 	if err != nil {
@@ -243,6 +255,7 @@ func (k *TGSRep) DecryptEncPart(key types.EncryptionKey) error {
 	return nil
 }
 
+// Check validity of TGS_REP message.
 func (k *TGSRep) IsValid(cfg *config.Config, tgsReq TGSReq) (bool, error) {
 	if k.CName.NameType != tgsReq.ReqBody.CName.NameType || k.CName.NameString == nil {
 		return false, fmt.Errorf("CName in response does not match what was requested. Requested: %+v; Reply: %+v", tgsReq.ReqBody.CName, k.CName)

messages/KDCReq.go

@@ -28,6 +28,7 @@ type marshalKDCReq struct {
 	ReqBody asn1.RawValue        `asn1:"explicit,tag:4"`
 }
 
+// KRB_KDC_REQ struct fields.
 type KDCReqFields struct {
 	PVNO    int
 	MsgType int
@@ -36,10 +37,12 @@ type KDCReqFields struct {
 	Renewal bool
 }
 
+// RFC 4120 KRB_AS_REQ: https://tools.ietf.org/html/rfc4120#section-5.4.1.
 type ASReq struct {
 	KDCReqFields
 }
 
+// RFC 4120 KRB_TGS_REQ: https://tools.ietf.org/html/rfc4120#section-5.4.1.
 type TGSReq struct {
 	KDCReqFields
 }
@@ -60,6 +63,7 @@ type marshalKDCReqBody struct {
 	AdditionalTickets asn1.RawValue `asn1:"explicit,optional,tag:11"`
 }
 
+// KRB_KDC_REQ request body.
 type KDCReqBody struct {
 	KDCOptions        asn1.BitString      `asn1:"explicit,tag:0"`
 	CName             types.PrincipalName `asn1:"explicit,optional,tag:1"`
@@ -75,6 +79,7 @@ type KDCReqBody struct {
 	AdditionalTickets []types.Ticket      `asn1:"explicit,optional,tag:11"`
 }
 
+// Generate a new KRB_AS_REQ struct.
 func NewASReq(c *config.Config, username string) ASReq {
 	pas := types.PADataSequence{
 		types.PAData{
@@ -125,6 +130,7 @@ func NewASReq(c *config.Config, username string) ASReq {
 	return a
 }
 
+// Generate a new KRB_TGS_REQ struct.
 func NewTGSReq(username string, c *config.Config, tkt types.Ticket, sessionKey types.EncryptionKey, spn types.PrincipalName, renewal bool) (TGSReq, error) {
 	nonce := int(rand.Int31())
 	t := time.Now()
@@ -191,6 +197,7 @@ func NewTGSReq(username string, c *config.Config, tkt types.Ticket, sessionKey t
 	return a, nil
 }
 
+// Unmarshal bytes b into the ASReq struct.
 func (k *ASReq) Unmarshal(b []byte) error {
 	var m marshalKDCReq
 	_, err := asn1.UnmarshalWithParams(b, &m, fmt.Sprintf("application,explicit,tag:%v", asnAppTag.ASREQ))
@@ -213,6 +220,7 @@ func (k *ASReq) Unmarshal(b []byte) error {
 	return nil
 }
 
+// Unmarshal bytes b into the TGSReq struct.
 func (k *TGSReq) Unmarshal(b []byte) error {
 	var m marshalKDCReq
 	_, err := asn1.UnmarshalWithParams(b, &m, fmt.Sprintf("application,explicit,tag:%v", asnAppTag.TGSREQ))
@@ -235,6 +243,7 @@ func (k *TGSReq) Unmarshal(b []byte) error {
 	return nil
 }
 
+// Unmarshal bytes b into the KRB_KDC_REQ body struct.
 func (k *KDCReqBody) Unmarshal(b []byte) error {
 	var m marshalKDCReqBody
 	_, err := asn1.Unmarshal(b, &m)
@@ -266,6 +275,7 @@ func (k *KDCReqBody) Unmarshal(b []byte) error {
 	return nil
 }
 
+// ASN1 marshal ASReq struct.
 func (k *ASReq) Marshal() ([]byte, error) {
 	m := marshalKDCReq{
 		PVNO:    k.PVNO,
@@ -291,6 +301,7 @@ func (k *ASReq) Marshal() ([]byte, error) {
 	return mk, nil
 }
 
+// ASN1 marshal TGSReq struct.
 func (k *TGSReq) Marshal() ([]byte, error) {
 	m := marshalKDCReq{
 		PVNO:    k.PVNO,
@@ -316,6 +327,7 @@ func (k *TGSReq) Marshal() ([]byte, error) {
 	return mk, nil
 }
 
+// ASN1 marshal KRB_KDC_REQ body struct.
 func (k *KDCReqBody) Marshal() ([]byte, error) {
 	var b []byte
 	m := marshalKDCReqBody{

messages/KRBCred.go

@@ -18,6 +18,7 @@ type marshalKRBCred struct {
 	EncPart types.EncryptedData `asn1:"explicit,tag:3"`
 }
 
+// RFC 4120 KRB_CRED: https://tools.ietf.org/html/rfc4120#section-5.8.1.
 type KRBCred struct {
 	PVNO             int
 	MsgType          int
@@ -26,6 +27,7 @@ type KRBCred struct {
 	DecryptedEncPart EncKrbCredPart
 }
 
+// Encrypted part of KRB_CRED.
 type EncKrbCredPart struct {
 	TicketInfo []KrbCredInfo     `asn1:"explicit,tag:0"`
 	Nouce      int               `asn1:"optional,explicit,tag:1"`
@@ -35,6 +37,7 @@ type EncKrbCredPart struct {
 	RAddress   types.HostAddress `asn1:"optional,explicit,tag:5"`
 }
 
+// KRB_CRED_INFO part of KRB_CRED.
 type KrbCredInfo struct {
 	Key       types.EncryptionKey `asn1:"explicit,tag:0"`
 	PRealm    string              `asn1:"generalstring,optional,explicit,tag:1"`
@@ -49,6 +52,7 @@ type KrbCredInfo struct {
 	CAddr     types.HostAddresses `asn1:"optional,explicit,tag:10"`
 }
 
+// Unmarshal bytes b into the KRBCred struct.
 func (k *KRBCred) Unmarshal(b []byte) error {
 	var m marshalKRBCred
 	_, err := asn1.UnmarshalWithParams(b, &m, fmt.Sprintf("application,explicit,tag:%v", asnAppTag.KRBCred))
@@ -71,6 +75,7 @@ func (k *KRBCred) Unmarshal(b []byte) error {
 	return nil
 }
 
+// Decrypt the encrypted part of a KRB_CRED.
 func (k *KRBCred) DecryptEncPart(key types.EncryptionKey) error {
 	b, err := crypto.DecryptEncPart(k.EncPart, key, keyusage.KRB_CRED_ENCPART)
 	if err != nil {
@@ -85,6 +90,7 @@ func (k *KRBCred) DecryptEncPart(key types.EncryptionKey) error {
 	return nil
 }
 
+// Unmarshal bytes b into the encrypted part of KRB_CRED.
 func (k *EncKrbCredPart) Unmarshal(b []byte) error {
 	_, err := asn1.UnmarshalWithParams(b, k, fmt.Sprintf("application,explicit,tag:%v", asnAppTag.EncKrbCredPart))
 	if err != nil {

messages/KRBError.go

@@ -11,6 +11,7 @@ import (
 	"time"
 )
 
+// RFC 4120 KRB_ERROR: https://tools.ietf.org/html/rfc4120#section-5.9.1.
 type KRBError struct {
 	PVNO      int                 `asn1:"explicit,tag:0"`
 	MsgType   int                 `asn1:"explicit,tag:1"`
@@ -27,6 +28,7 @@ type KRBError struct {
 	EData     []byte              `asn1:"optional,explicit,tag:12"`
 }
 
+// Unmarshal bytes b into the KRBError struct.
 func (k *KRBError) Unmarshal(b []byte) error {
 	_, err := asn1.UnmarshalWithParams(b, k, fmt.Sprintf("application,explicit,tag:%v", asnAppTag.KRBError))
 	if err != nil {
@@ -39,6 +41,7 @@ func (k *KRBError) Unmarshal(b []byte) error {
 	return nil
 }
 
+// Error method implementing error interface on KRBError struct.
 func (k KRBError) Error() string {
 	return fmt.Sprintf("KRB Error: %s - %s", errorcode.ErrorCodeLookup(k.ErrorCode), k.EText)
 }

messages/KRBPriv.go

@@ -9,12 +9,14 @@ import (
 	"time"
 )
 
+// RFC 4120 KRB_PRIV: https://tools.ietf.org/html/rfc4120#section-5.7.1.
 type KRBPriv struct {
 	PVNO    int                 `asn1:"explicit,tag:0"`
 	MsgType int                 `asn1:"explicit,tag:1"`
 	EncPart types.EncryptedData `asn1:"explicit,tag:3"`
 }
 
+// Encrypted part of KRB_PRIV.
 type EncKrbPrivPart struct {
 	UserData       []byte            `asn1:"explicit,tag:0"`
 	Timestamp      time.Time         `asn1:"generalized,optional,explicit,tag:1"`
@@ -24,6 +26,7 @@ type EncKrbPrivPart struct {
 	RAddress       types.HostAddress `asn1:"optional,explicit,tag:5"`
 }
 
+// Unmarshal bytes b into the KRBPriv struct.
 func (k *KRBPriv) Unmarshal(b []byte) error {
 	_, err := asn1.UnmarshalWithParams(b, k, fmt.Sprintf("application,explicit,tag:%v", asnAppTag.KRBPriv))
 	if err != nil {
@@ -36,6 +39,7 @@ func (k *KRBPriv) Unmarshal(b []byte) error {
 	return nil
 }
 
+// Decrypt the encrypted part of a KRB_PRIV.
 func (k *EncKrbPrivPart) Unmarshal(b []byte) error {
 	_, err := asn1.UnmarshalWithParams(b, k, fmt.Sprintf("application,explicit,tag:%v", asnAppTag.EncKrbPrivPart))
 	if err != nil {

messages/KRBSafe.go

@@ -27,6 +27,7 @@ KRB-SAFE-BODY   ::= SEQUENCE {
 }
 */
 
+// RFC 4120 KRB_SAFE: https://tools.ietf.org/html/rfc4120#section-5.6.1.
 type KRBSafe struct {
 	PVNO     int            `asn1:"explicit,tag:0"`
 	MsgType  int            `asn1:"explicit,tag:1"`
@@ -34,6 +35,7 @@ type KRBSafe struct {
 	Cksum    types.Checksum `asn1:"explicit,tag:3"`
 }
 
+// KRB_SAFE_BODY of KRB_SAFE.
 type KRBSafeBody struct {
 	UserData       []byte            `asn1:"explicit,tag:0"`
 	Timestamp      time.Time         `asn1:"generalized,optional,explicit,tag:1"`
@@ -43,6 +45,7 @@ type KRBSafeBody struct {
 	RAddress       types.HostAddress `asn1:"optional,explicit,tag:5"`
 }
 
+// Unmarshal bytes b into the KRBSafe struct.
 func (s *KRBSafe) Unmarshal(b []byte) error {
 	_, err := asn1.UnmarshalWithParams(b, s, fmt.Sprintf("application,explicit,tag:%v", asnAppTag.KRBSafe))
 	if err != nil {