Главная Обзор Помощь
Регистрация Вход
publics
/
gokrb5.v7
0
0
Ответвить 0
Файлы Задачи 0 Запросы на слияние 0 Вики
Дерево: a0db32dbd5
Ветки Метки
gokrb5.v7
/
crypto
/
EncryptionEngine.go

EncryptionEngine.go 6.4 KB
История Исходник

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159 
  1. package crypto
    2. 

  2. 

  3. import (
    4. 

  4. 	"bytes"
    5. 

  5. 	"encoding/binary"
    6. 

  6. 	"errors"
    7. 

  7. )
    8. 

  8. 

  9. type EType interface {
    10. 

  10. 	GetETypeID() int
    11. 

  11. 	GetKeyByteSize() int                                        // See "protocol key format" for defined values
    12. 

  12. 	GetKeySeedBitLength() int                                   // key-generation seed length, k
    13. 

  13. 	GetDefaultStringToKeyParams() string                        // default string-to-key parameters (s2kparams)
    14. 

  14. 	StringToKey(string, salt, s2kparams string) ([]byte, error) // string-to-key (UTF-8 string, UTF-8 string, opaque)->(protocol-key)
    15. 

  15. 	RandomToKey(b []byte) []byte                                // random-to-key (bitstring[K])->(protocol-key)
    16. 

  16. 	GetHMACBitLength() int                                      // HMAC output size, h
    17. 

  17. 	GetMessageBlockByteSize() int                               // message block size, m
    18. 

  18. 	Encrypt(key, message []byte) ([]byte, []byte, error)        // E function - encrypt (specific-key, state, octet string)->(state, octet string)
    19. 

  19. 	Decrypt(key, ciphertext []byte) ([]byte, error)             // D function
    20. 

  20. 	GetCypherBlockBitLength() int                               // cipher block size, c
    21. 

  21. 	GetConfounderByteSize() int                                 // This is the same as the cipher block size but in bytes.
    22. 

  22. 	DeriveKey(protocolKey, usage []byte) ([]byte, error)        // DK key-derivation (protocol-key, integer)->(specific-key)
    23. 

  23. 	DeriveRandom(protocolKey, usage []byte) ([]byte, error)     // DR pseudo-random (protocol-key, octet-string)->(octet-string)
    24. 

  24. }
    25. 

  25. 

  26. // RFC3961: DR(Key, Constant) = k-truncate(E(Key, Constant, initial-cipher-state))
    27. 

  27. // key - base key or protocol key. Likely to be a key from a keytab file
    28. 

  28. // TODO usage - a constant
    29. 

  29. // n - block size in bits (not bytes) - note if you use something like aes.BlockSize this is in bytes.
    30. 

  30. // k - key length / key seed length in bits. Eg. for AES256 this value is 256
    31. 

  31. // encrypt - the encryption function to use
    32. 

  32. func deriveRandom(key, usage []byte, n, k int, e EType) ([]byte, error) {
    33. 

  33. 	//Ensure the usage constant is at least the size of the cypher block size. Pass it through the nfold algorithm that will "stretch" it if needs be.
    34. 

  34. 	nFoldUsage := Nfold(usage, n)
    35. 

  35. 	//k-truncate implemented by creating a byte array the size of k (k is in bits hence /8)
    36. 

  36. 	out := make([]byte, k/8)
    37. 

  37. 

  38. 	/*If the output	of E is shorter than k bits, it is fed back into the encryption as many times as necessary.
    39. 

  39. 	The construct is as follows (where | indicates concatentation):
    40. 

  40. 

  41. 	K1 = E(Key, n-fold(Constant), initial-cipher-state)
    42. 

  42. 	K2 = E(Key, K1, initial-cipher-state)
    43. 

  43. 	K3 = E(Key, K2, initial-cipher-state)
    44. 

  44. 	K4 = ...
    45. 

  45. 

  46. 	DR(Key, Constant) = k-truncate(K1 | K2 | K3 | K4 ...)*/
    47. 

  47. 	_, K, err := e.Encrypt(key, nFoldUsage)
    48. 

  48. 	if err != nil {
    49. 

  49. 		return out, err
    50. 

  50. 	}
    51. 

  51. 	for i := copy(out, K); i < len(out); {
    52. 

  52. 		_, K, _ = e.Encrypt(key, K)
    53. 

  53. 		i = i + copy(out[i:], K)
    54. 

  54. 	}
    55. 

  55. 	return out, nil
    56. 

  56. }
    57. 

  57. 

  58. func zeroPad(b []byte, m int) ([]byte, error) {
    59. 

  59. 	if m <= 0 {
    60. 

  60. 		return nil, errors.New("Invalid message block size when padding")
    61. 

  61. 	}
    62. 

  62. 	if b == nil || len(b) == 0 {
    63. 

  63. 		return nil, errors.New("Data not valid to pad: Zero size")
    64. 

  64. 	}
    65. 

  65. 	if l := len(b) % m; l != 0 {
    66. 

  66. 		n := m - l
    67. 

  67. 		z := make([]byte, n)
    68. 

  68. 		b = append(b, z...)
    69. 

  69. 	}
    70. 

  70. 	return b, nil
    71. 

  71. }
    72. 

  72. 

  73. func pkcs7Pad(b []byte, m int) ([]byte, error) {
    74. 

  74. 	if m <= 0 {
    75. 

  75. 		return nil, errors.New("Invalid message block size when padding")
    76. 

  76. 	}
    77. 

  77. 	if b == nil || len(b) == 0 {
    78. 

  78. 		return nil, errors.New("Data not valid to pad: Zero size")
    79. 

  79. 	}
    80. 

  80. 	n := m - (len(b) % m)
    81. 

  81. 	pb := make([]byte, len(b)+n)
    82. 

  82. 	copy(pb, b)
    83. 

  83. 	copy(pb[len(b):], bytes.Repeat([]byte{byte(n)}, n))
    84. 

  84. 	return pb, nil
    85. 

  85. }
    86. 

  86. 

  87. func pkcs7Unpad(b []byte, m int) ([]byte, error) {
    88. 

  88. 	if m <= 0 {
    89. 

  89. 		return nil, errors.New("Invalid message block size when unpadding")
    90. 

  90. 	}
    91. 

  91. 	if b == nil || len(b) == 0 {
    92. 

  92. 		return nil, errors.New("Padded data not valid: Zero size")
    93. 

  93. 	}
    94. 

  94. 	if len(b)%m != 0 {
    95. 

  95. 		return nil, errors.New("Padded data not valid: Not multiple of message block size")
    96. 

  96. 	}
    97. 

  97. 	c := b[len(b)-1]
    98. 

  98. 	n := int(c)
    99. 

  99. 	if n == 0 || n > len(b) {
    100. 

  100. 		return nil, errors.New("Padded data not valid: Data may not have been padded")
    101. 

  101. 	}
    102. 

  102. 	for i := 0; i < n; i++ {
    103. 

  103. 		if b[len(b)-n+i] != c {
    104. 

  104. 			return nil, errors.New("Padded data not valid")
    105. 

  105. 		}
    106. 

  106. 	}
    107. 

  107. 	return b[:len(b)-n], nil
    108. 

  108. }
    109. 

  109. 

  110. /*
    111. 

  111. Key Usage Numbers
    112. 

  112. 

  113. RFC 3961: The "well-known constant" used for the DK function is the key usage number, expressed as four octets in big-endian order, followed by one octet indicated below.
    114. 

  114. 

  115. Kc = DK(base-key, usage | 0x99);
    116. 

  116. Ke = DK(base-key, usage | 0xAA);
    117. 

  117. Ki = DK(base-key, usage | 0x55);
    118. 

  118. */
    119. 

  119. 

  120. // un - usage number
    121. 

  121. func GetUsageKc(un uint32) []byte {
    122. 

  122. 	return getUsage(un, 0x99)
    123. 

  123. }
    124. 

  124. 

  125. // un - usage number
    126. 

  126. func GetUsageKe(un uint32) []byte {
    127. 

  127. 	return getUsage(un, 0xAA)
    128. 

  128. }
    129. 

  129. 

  130. // un - usage number
    131. 

  131. func GetUsageKi(un uint32) []byte {
    132. 

  132. 	return getUsage(un, 0x55)
    133. 

  133. }
    134. 

  134. 

  135. func getUsage(un uint32, o byte) []byte {
    136. 

  136. 	var buf bytes.Buffer
    137. 

  137. 	binary.Write(&buf, binary.BigEndian, un)
    138. 

  138. 	return append(buf.Bytes(), o)
    139. 

  139. }
    140. 

  140. 

  141. var KeyUsageNumbers map[int]string = map[int]string{
    142. 

  142. 	1:    "AS-REQ PA-ENC-TIMESTAMP padata timestamp, encrypted with the client key",
    143. 

  143. 	2:    "AS-REP Ticket and TGS-REP Ticket (includes TGS session key or application session key), encrypted with the service key",
    144. 

  144. 	3:    "AS-REP encrypted part (includes TGS session key or application session key), encrypted with the client key",
    145. 

  145. 	4:    "TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the TGS session key",
    146. 

  146. 	5:    "TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the TGS authenticator subkey",
    147. 

  147. 	6:    "TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator cksum, keyed with the TGS session key",
    148. 

  148. 	7:    "TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator (includes TGS authenticator subkey), encrypted with the TGS session key",
    149. 

  149. 	8:    "TGS-REP encrypted part (includes application session key), encrypted with the TGS session key",
    150. 

  150. 	9:    "TGS-REP encrypted part (includes application session key), encrypted with the TGS authenticator subkey",
    151. 

  151. 	10:   "AP-REQ Authenticator cksum, keyed with the application session key",
    152. 

  152. 	11:   "AP-REQ Authenticator (includes application authenticator subkey), encrypted with the application session key",
    153. 

  153. 	12:   "AP-REP encrypted part (includes application session subkey), encrypted with the application session key",
    154. 

  154. 	13:   "KRB-PRIV encrypted part, encrypted with a key chosen by the application",
    155. 

  155. 	14:   "KRB-CRED encrypted part, encrypted with a key chosen by the application",
    156. 

  156. 	15:   "KRB-SAFE cksum, keyed with a key chosen by the application",
    157. 

  157. 	19:   "AD-KDC-ISSUED checksum",
    158. 

  158. 	1024: "Encryption for application use in protocols that do not specify key usage values",
    159. 

  159. }
    160.