encpart decrypt and parsing working. needs refinement

messages/KDCRep.go

@@ -11,7 +11,6 @@ import (
 	"github.com/jcmturner/gokrb5/keytab"
 	"github.com/jcmturner/gokrb5/types"
 	"github.com/jcmturner/gokrb5/types/asnAppTag"
-	"os"
 	"time"
 )
 
@@ -65,17 +64,27 @@ func (k *KDCRep) DecryptEncPart(kt keytab.Keytab) error {
 	//Derive the key
 	//Key Usage Number: 3 - "AS-REP encrypted part (includes TGS session key or application session key), encrypted with the client key"
 	key, err := etype.DeriveKey(kt.Entries[0].Key.KeyMaterial, crypto.GetUsageKe(3))
-	b, err := etype.Decrypt(key, k.EncPart.Cipher)
-	//TODO why is this 19???
-	b = b[19:]
-	fmt.Fprintf(os.Stderr, "b: %v", b)
+	// Strip off the checksum from the end
+	//TODO should this check be moved to the Decrypt method?
+	b, err := etype.Decrypt(key, k.EncPart.Cipher[:len(k.EncPart.Cipher)-etype.GetHMACBitLength()/8])
+	//Remove the confounder bytes
+	b = b[etype.GetConfounderByteSize():]
 	if err != nil {
 		return fmt.Errorf("Error decrypting encrypted part: %v", err)
 	}
-	//_, err = asn1.UnmarshalWithParams(b, &k.DecryptedPart, fmt.Sprintf("application,explicit,tag:%v", 25))
-	_, err = asn1.Unmarshal(b, &k.DecryptedPart)
+	_, err = asn1.UnmarshalWithParams(b, &k.DecryptedPart, fmt.Sprintf("application,explicit,tag:%v", asnAppTag.EncASRepPart))
 	if err != nil {
-		return fmt.Errorf("Error unmarshalling encrypted part: %v", err)
+		// Try using tag 26
+		/* Ref: RFC 4120
+		Compatibility note: Some implementations unconditionally send an
+		encrypted EncTGSRepPart (application tag number 26) in this field
+		regardless of whether the reply is a AS-REP or a TGS-REP.  In the
+		interest of compatibility, implementors MAY relax the check on the
+		tag number of the decrypted ENC-PART.*/
+		_, err = asn1.UnmarshalWithParams(b, &k.DecryptedPart, fmt.Sprintf("application,explicit,tag:%v", asnAppTag.EncTGSRepPart))
+		if err != nil {
+			return fmt.Errorf("Error unmarshalling encrypted part: %v", err)
+		}
 	}
 	return nil
 }

messages/KDCRep_test.go

@@ -6,11 +6,14 @@ import (
 	"github.com/jcmturner/gokrb5/types"
 	"github.com/stretchr/testify/assert"
 	"io/ioutil"
+	"os/user"
 	"testing"
 )
 
 func TestUnmarshalASRep(t *testing.T) {
-	asrepData, _ := ioutil.ReadFile("/home/turnerj/IdeaProjects/golang/src/github.com/jcmturner/gokrb5/AS-REP.raw")
+	usr, _ := user.Current()
+	dir := usr.HomeDir
+	asrepData, _ := ioutil.ReadFile(dir + "/IdeaProjects/golang/src/github.com/jcmturner/gokrb5/AS-REP.raw")
 	asRep, err := UnmarshalASRep(asrepData)
 	if err != nil {
 		t.Fatalf("AS REP Unmarshal error: %v\n", err)
@@ -33,7 +36,7 @@ func TestUnmarshalASRep(t *testing.T) {
 	assert.Equal(t, 0, asRep.EncPart.KVNO, "Encrypted part KVNO not as expected")
 	t.Log("Finished testing unecrypted parts of AS REP")
 
-	kt, err := keytab.Load("/home/turnerj/tmp.keytab")
+	kt, err := keytab.Load(dir + "/tmp.keytab")
 	if err != nil {
 		fmt.Printf("keytab parse error: %v\n", err)
 	}