aes256-cts-hmac-sha384-192.go 4.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132
  1. package crypto
  2. import (
  3. "crypto/aes"
  4. "crypto/hmac"
  5. "crypto/sha512"
  6. "hash"
  7. "github.com/jcmturner/gokrb5/v8/crypto/common"
  8. "github.com/jcmturner/gokrb5/v8/crypto/rfc8009"
  9. "github.com/jcmturner/gokrb5/v8/iana/chksumtype"
  10. "github.com/jcmturner/gokrb5/v8/iana/etypeID"
  11. )
  12. // RFC https://tools.ietf.org/html/rfc8009
  13. // Aes256CtsHmacSha384192 implements Kerberos encryption type aes256-cts-hmac-sha384-192
  14. type Aes256CtsHmacSha384192 struct {
  15. }
  16. // GetETypeID returns the EType ID number.
  17. func (e Aes256CtsHmacSha384192) GetETypeID() int32 {
  18. return etypeID.AES256_CTS_HMAC_SHA384_192
  19. }
  20. // GetHashID returns the checksum type ID number.
  21. func (e Aes256CtsHmacSha384192) GetHashID() int32 {
  22. return chksumtype.HMAC_SHA384_192_AES256
  23. }
  24. // GetKeyByteSize returns the number of bytes for key of this etype.
  25. func (e Aes256CtsHmacSha384192) GetKeyByteSize() int {
  26. return 192 / 8
  27. }
  28. // GetKeySeedBitLength returns the number of bits for the seed for key generation.
  29. func (e Aes256CtsHmacSha384192) GetKeySeedBitLength() int {
  30. return e.GetKeyByteSize() * 8
  31. }
  32. // GetHashFunc returns the hash function for this etype.
  33. func (e Aes256CtsHmacSha384192) GetHashFunc() func() hash.Hash {
  34. return sha512.New384
  35. }
  36. // GetMessageBlockByteSize returns the block size for the etype's messages.
  37. func (e Aes256CtsHmacSha384192) GetMessageBlockByteSize() int {
  38. return 1
  39. }
  40. // GetDefaultStringToKeyParams returns the default key derivation parameters in string form.
  41. func (e Aes256CtsHmacSha384192) GetDefaultStringToKeyParams() string {
  42. return "00008000"
  43. }
  44. // GetConfounderByteSize returns the byte count for confounder to be used during cryptographic operations.
  45. func (e Aes256CtsHmacSha384192) GetConfounderByteSize() int {
  46. return aes.BlockSize
  47. }
  48. // GetHMACBitLength returns the bit count size of the integrity hash.
  49. func (e Aes256CtsHmacSha384192) GetHMACBitLength() int {
  50. return 192
  51. }
  52. // GetCypherBlockBitLength returns the bit count size of the cypher block.
  53. func (e Aes256CtsHmacSha384192) GetCypherBlockBitLength() int {
  54. return aes.BlockSize * 8
  55. }
  56. // StringToKey returns a key derived from the string provided.
  57. func (e Aes256CtsHmacSha384192) StringToKey(secret string, salt string, s2kparams string) ([]byte, error) {
  58. saltp := rfc8009.GetSaltP(salt, "aes256-cts-hmac-sha384-192")
  59. return rfc8009.StringToKey(secret, saltp, s2kparams, e)
  60. }
  61. // RandomToKey returns a key from the bytes provided.
  62. func (e Aes256CtsHmacSha384192) RandomToKey(b []byte) []byte {
  63. return rfc8009.RandomToKey(b)
  64. }
  65. // EncryptData encrypts the data provided.
  66. func (e Aes256CtsHmacSha384192) EncryptData(key, data []byte) ([]byte, []byte, error) {
  67. return rfc8009.EncryptData(key, data, e)
  68. }
  69. // EncryptMessage encrypts the message provided and concatenates it with the integrity hash to create an encrypted message.
  70. func (e Aes256CtsHmacSha384192) EncryptMessage(key, message []byte, usage uint32) ([]byte, []byte, error) {
  71. return rfc8009.EncryptMessage(key, message, usage, e)
  72. }
  73. // DecryptData decrypts the data provided.
  74. func (e Aes256CtsHmacSha384192) DecryptData(key, data []byte) ([]byte, error) {
  75. return rfc8009.DecryptData(key, data, e)
  76. }
  77. // DecryptMessage decrypts the message provided and verifies the integrity of the message.
  78. func (e Aes256CtsHmacSha384192) DecryptMessage(key, ciphertext []byte, usage uint32) ([]byte, error) {
  79. return rfc8009.DecryptMessage(key, ciphertext, usage, e)
  80. }
  81. // DeriveKey derives a key from the protocol key based on the usage value.
  82. func (e Aes256CtsHmacSha384192) DeriveKey(protocolKey, usage []byte) ([]byte, error) {
  83. return rfc8009.DeriveKey(protocolKey, usage, e), nil
  84. }
  85. // DeriveRandom generates data needed for key generation.
  86. func (e Aes256CtsHmacSha384192) DeriveRandom(protocolKey, usage []byte) ([]byte, error) {
  87. return rfc8009.DeriveRandom(protocolKey, usage, e)
  88. }
  89. // VerifyIntegrity checks the integrity of the ciphertext message.
  90. // As the hash is calculated over the iv concatenated with the AES cipher output not the plaintext the pt value to this
  91. // interface method is not use. Pass any []byte.
  92. func (e Aes256CtsHmacSha384192) VerifyIntegrity(protocolKey, ct, pt []byte, usage uint32) bool {
  93. // We don't need ib just there for the interface
  94. return rfc8009.VerifyIntegrity(protocolKey, ct, usage, e)
  95. }
  96. // GetChecksumHash returns a keyed checksum hash of the bytes provided.
  97. func (e Aes256CtsHmacSha384192) GetChecksumHash(protocolKey, data []byte, usage uint32) ([]byte, error) {
  98. return common.GetHash(data, protocolKey, common.GetUsageKc(usage), e)
  99. }
  100. // VerifyChecksum compares the checksum of the message bytes is the same as the checksum provided.
  101. func (e Aes256CtsHmacSha384192) VerifyChecksum(protocolKey, data, chksum []byte, usage uint32) bool {
  102. c, err := e.GetChecksumHash(protocolKey, data, usage)
  103. if err != nil {
  104. return false
  105. }
  106. return hmac.Equal(chksum, c)
  107. }