github.com/jcmturner/gokrb5/v8@v8.4.4/pac/signature_data.go

github.com/jcmturner/gokrb5/v8@v8.4.4/pac/signature_data.go (about)

     1  package pac
     2  
     3  import (
     4  	"bytes"
     5  
     6  	"github.com/jcmturner/gokrb5/v8/iana/chksumtype"
     7  	"github.com/jcmturner/rpc/v2/mstypes"
     8  )
     9  
    10  /*
    11  https://msdn.microsoft.com/en-us/library/cc237955.aspx
    12  
    13  The Key Usage Value MUST be KERB_NON_KERB_CKSUM_SALT (17) [MS-KILE] (section 3.1.5.9).
    14  
    15  Server Signature (SignatureType = 0x00000006)
    16  https://msdn.microsoft.com/en-us/library/cc237957.aspx
    17  
    18  KDC Signature (SignatureType = 0x00000007)
    19  https://msdn.microsoft.com/en-us/library/dd357117.aspx
    20  */
    21  
    22  // SignatureData implements https://msdn.microsoft.com/en-us/library/cc237955.aspx
    23  type SignatureData struct {
    24  	SignatureType  uint32 // A 32-bit unsigned integer value in little-endian format that defines the cryptographic system used to calculate the checksum. This MUST be one of the following checksum types: KERB_CHECKSUM_HMAC_MD5 (signature size = 16), HMAC_SHA1_96_AES128 (signature size = 12), HMAC_SHA1_96_AES256 (signature size = 12).
    25  	Signature      []byte // Size depends on the type. See comment above.
    26  	RODCIdentifier uint16 // A 16-bit unsigned integer value in little-endian format that contains the first 16 bits of the key version number ([MS-KILE] section 3.1.5.8) when the KDC is an RODC. When the KDC is not an RODC, this field does not exist.
    27  }
    28  
    29  // Unmarshal bytes into the SignatureData struct
    30  func (k *SignatureData) Unmarshal(b []byte) (rb []byte, err error) {
    31  	r := mstypes.NewReader(bytes.NewReader(b))
    32  
    33  	k.SignatureType, err = r.Uint32()
    34  	if err != nil {
    35  		return
    36  	}
    37  
    38  	var c int
    39  	switch k.SignatureType {
    40  	case chksumtype.KERB_CHECKSUM_HMAC_MD5_UNSIGNED:
    41  		c = 16
    42  	case uint32(chksumtype.HMAC_SHA1_96_AES128):
    43  		c = 12
    44  	case uint32(chksumtype.HMAC_SHA1_96_AES256):
    45  		c = 12
    46  	}
    47  	k.Signature, err = r.ReadBytes(c)
    48  	if err != nil {
    49  		return
    50  	}
    51  
    52  	// When the KDC is not an Read Only Domain Controller (RODC), this field does not exist.
    53  	if len(b) >= 4+c+2 {
    54  		k.RODCIdentifier, err = r.Uint16()
    55  		if err != nil {
    56  			return
    57  		}
    58  	}
    59  
    60  	// Create bytes with zeroed signature needed for checksum verification
    61  	rb = make([]byte, len(b), len(b))
    62  	copy(rb, b)
    63  	z := make([]byte, len(b), len(b))
    64  	copy(rb[4:4+c], z)
    65  
    66  	return
    67  }