projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
[CIFS] remove level of indentation from decode_negTokenInit
[linux-2.6-block.git] / fs / cifs / asn1.c
CommitLineData
50c2f753 1/*
1da177e4
LT		 2 * The ASB.1/BER parsing code is derived from ip_nat_snmp_basic.c which was in
3 * turn derived from the gxsnmp package by Gregory McLean & Jochen Friedrich
50c2f753 4 *
1da177e4
LT		 5 * Copyright (c) 2000 RP Internet (www.rpi.net.au).
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 */
19
1da177e4
LT		 20#include <linux/module.h>
21#include <linux/types.h>
22#include <linux/kernel.h>
23#include <linux/mm.h>
24#include <linux/slab.h>
25#include "cifspdu.h"
26#include "cifsglob.h"
27#include "cifs_debug.h"
28#include "cifsproto.h"
29
30/*****************************************************************************
31 *
32 * Basic ASN.1 decoding routines (gxsnmp author Dirk Wisse)
33 *
34 *****************************************************************************/
35
36/* Class */
37#define ASN1_UNI 0 /* Universal */
38#define ASN1_APL 1 /* Application */
39#define ASN1_CTX 2 /* Context */
40#define ASN1_PRV 3 /* Private */
41
42/* Tag */
43#define ASN1_EOC 0 /* End Of Contents or N/A */
44#define ASN1_BOL 1 /* Boolean */
45#define ASN1_INT 2 /* Integer */
46#define ASN1_BTS 3 /* Bit String */
47#define ASN1_OTS 4 /* Octet String */
48#define ASN1_NUL 5 /* Null */
49#define ASN1_OJI 6 /* Object Identifier */
50#define ASN1_OJD 7 /* Object Description */
51#define ASN1_EXT 8 /* External */
52#define ASN1_SEQ 16 /* Sequence */
53#define ASN1_SET 17 /* Set */
54#define ASN1_NUMSTR 18 /* Numerical String */
55#define ASN1_PRNSTR 19 /* Printable String */
56#define ASN1_TEXSTR 20 /* Teletext String */
57#define ASN1_VIDSTR 21 /* Video String */
58#define ASN1_IA5STR 22 /* IA5 String */
59#define ASN1_UNITIM 23 /* Universal Time */
60#define ASN1_GENTIM 24 /* General Time */
61#define ASN1_GRASTR 25 /* Graphical String */
62#define ASN1_VISSTR 26 /* Visible String */
63#define ASN1_GENSTR 27 /* General String */
64
65/* Primitive / Constructed methods*/
66#define ASN1_PRI 0 /* Primitive */
67#define ASN1_CON 1 /* Constructed */
68
69/*
70 * Error codes.
71 */
72#define ASN1_ERR_NOERROR 0
73#define ASN1_ERR_DEC_EMPTY 2
74#define ASN1_ERR_DEC_EOC_MISMATCH 3
75#define ASN1_ERR_DEC_LENGTH_MISMATCH 4
76#define ASN1_ERR_DEC_BADVALUE 5
77
78#define SPNEGO_OID_LEN 7
79#define NTLMSSP_OID_LEN 10
e545937a
JL		 80#define KRB5_OID_LEN 7
81#define MSKRB5_OID_LEN 7
1da177e4
LT		 82static unsigned long SPNEGO_OID[7] = { 1, 3, 6, 1, 5, 5, 2 };
83static unsigned long NTLMSSP_OID[10] = { 1, 3, 6, 1, 4, 1, 311, 2, 2, 10 };
e545937a
JL		 84static unsigned long KRB5_OID[7] = { 1, 2, 840, 113554, 1, 2, 2 };
85static unsigned long MSKRB5_OID[7] = { 1, 2, 840, 48018, 1, 2, 2 };
1da177e4 86
50c2f753 87/*
1da177e4
LT		 88 * ASN.1 context.
89 */
90struct asn1_ctx {
91 int error; /* Error condition */
92 unsigned char *pointer; /* Octet just to be decoded */
93 unsigned char *begin; /* First octet */
94 unsigned char *end; /* Octet after last octet */
95};
96
97/*
98 * Octet string (not null terminated)
99 */
100struct asn1_octstr {
101 unsigned char *data;
102 unsigned int len;
103};
104
105static void
106asn1_open(struct asn1_ctx *ctx, unsigned char *buf, unsigned int len)
107{
108 ctx->begin = buf;
109 ctx->end = buf + len;
110 ctx->pointer = buf;
111 ctx->error = ASN1_ERR_NOERROR;
112}
113
114static unsigned char
115asn1_octet_decode(struct asn1_ctx *ctx, unsigned char *ch)
116{
117 if (ctx->pointer >= ctx->end) {
118 ctx->error = ASN1_ERR_DEC_EMPTY;
119 return 0;
120 }
121 *ch = *(ctx->pointer)++;
122 return 1;
123}
124
125static unsigned char
126asn1_tag_decode(struct asn1_ctx *ctx, unsigned int *tag)
127{
128 unsigned char ch;
129
130 *tag = 0;
131
132 do {
133 if (!asn1_octet_decode(ctx, &ch))
134 return 0;
135 *tag <<= 7;
136 *tag |= ch & 0x7F;
137 } while ((ch & 0x80) == 0x80);
138 return 1;
139}
140
141static unsigned char
142asn1_id_decode(struct asn1_ctx *ctx,
143 unsigned int *cls, unsigned int *con, unsigned int *tag)
144{
145 unsigned char ch;
146
147 if (!asn1_octet_decode(ctx, &ch))
148 return 0;
149
150 *cls = (ch & 0xC0) >> 6;
151 *con = (ch & 0x20) >> 5;
152 *tag = (ch & 0x1F);
153
154 if (*tag == 0x1F) {
155 if (!asn1_tag_decode(ctx, tag))
156 return 0;
157 }
158 return 1;
159}
160
161static unsigned char
162asn1_length_decode(struct asn1_ctx *ctx, unsigned int *def, unsigned int *len)
163{
164 unsigned char ch, cnt;
165
166 if (!asn1_octet_decode(ctx, &ch))
167 return 0;
168
169 if (ch == 0x80)
170 *def = 0;
171 else {
172 *def = 1;
173
174 if (ch < 0x80)
175 *len = ch;
176 else {
177 cnt = (unsigned char) (ch & 0x7F);
178 *len = 0;
179
180 while (cnt > 0) {
181 if (!asn1_octet_decode(ctx, &ch))
182 return 0;
183 *len <<= 8;
184 *len |= ch;
185 cnt--;
186 }
187 }
188 }
ddb2c435
CW		 189
190 /* don't trust len bigger than ctx buffer */
191 if (*len > ctx->end - ctx->pointer)
192 return 0;
193
1da177e4
LT		 194 return 1;
195}
196
197static unsigned char
198asn1_header_decode(struct asn1_ctx *ctx,
199 unsigned char **eoc,
200 unsigned int *cls, unsigned int *con, unsigned int *tag)
201{
50c2f753 202 unsigned int def = 0;
ab2f218f 203 unsigned int len = 0;
1da177e4
LT		 204
205 if (!asn1_id_decode(ctx, cls, con, tag))
206 return 0;
207
208 if (!asn1_length_decode(ctx, &def, &len))
209 return 0;
210
ddb2c435
CW		 211 /* primitive shall be definite, indefinite shall be constructed */
212 if (*con == ASN1_PRI && !def)
213 return 0;
214
1da177e4
LT		 215 if (def)
216 *eoc = ctx->pointer + len;
217 else
218 *eoc = NULL;
219 return 1;
220}
221
222static unsigned char
223asn1_eoc_decode(struct asn1_ctx *ctx, unsigned char *eoc)
224{
225 unsigned char ch;
226
227 if (eoc == NULL) {
228 if (!asn1_octet_decode(ctx, &ch))
229 return 0;
230
231 if (ch != 0x00) {
232 ctx->error = ASN1_ERR_DEC_EOC_MISMATCH;
233 return 0;
234 }
235
236 if (!asn1_octet_decode(ctx, &ch))
237 return 0;
238
239 if (ch != 0x00) {
240 ctx->error = ASN1_ERR_DEC_EOC_MISMATCH;
241 return 0;
242 }
243 return 1;
244 } else {
245 if (ctx->pointer != eoc) {
246 ctx->error = ASN1_ERR_DEC_LENGTH_MISMATCH;
247 return 0;
248 }
249 return 1;
250 }
251}
252
253/* static unsigned char asn1_null_decode(struct asn1_ctx *ctx,
254 unsigned char *eoc)
255{
256 ctx->pointer = eoc;
257 return 1;
258}
259
260static unsigned char asn1_long_decode(struct asn1_ctx *ctx,
261 unsigned char *eoc, long *integer)
262{
263 unsigned char ch;
264 unsigned int len;
265
266 if (!asn1_octet_decode(ctx, &ch))
267 return 0;
268
269 *integer = (signed char) ch;
270 len = 1;
271
272 while (ctx->pointer < eoc) {
273 if (++len > sizeof(long)) {
274 ctx->error = ASN1_ERR_DEC_BADVALUE;
275 return 0;
276 }
277
278 if (!asn1_octet_decode(ctx, &ch))
279 return 0;
280
281 *integer <<= 8;
282 *integer |= ch;
283 }
284 return 1;
285}
286
287static unsigned char asn1_uint_decode(struct asn1_ctx *ctx,
288 unsigned char *eoc,
289 unsigned int *integer)
290{
291 unsigned char ch;
292 unsigned int len;
293
294 if (!asn1_octet_decode(ctx, &ch))
295 return 0;
296
297 *integer = ch;
298 if (ch == 0)
299 len = 0;
300 else
301 len = 1;
302
303 while (ctx->pointer < eoc) {
304 if (++len > sizeof(unsigned int)) {
305 ctx->error = ASN1_ERR_DEC_BADVALUE;
306 return 0;
307 }
308
309 if (!asn1_octet_decode(ctx, &ch))
310 return 0;
311
312 *integer <<= 8;
313 *integer |= ch;
314 }
315 return 1;
316}
317
318static unsigned char asn1_ulong_decode(struct asn1_ctx *ctx,
319 unsigned char *eoc,
320 unsigned long *integer)
321{
322 unsigned char ch;
323 unsigned int len;
324
325 if (!asn1_octet_decode(ctx, &ch))
326 return 0;
327
328 *integer = ch;
329 if (ch == 0)
330 len = 0;
331 else
332 len = 1;
333
334 while (ctx->pointer < eoc) {
335 if (++len > sizeof(unsigned long)) {
336 ctx->error = ASN1_ERR_DEC_BADVALUE;
337 return 0;
338 }
339
340 if (!asn1_octet_decode(ctx, &ch))
341 return 0;
342
343 *integer <<= 8;
344 *integer |= ch;
345 }
346 return 1;
50c2f753 347}
1da177e4
LT		 348
349static unsigned char
350asn1_octets_decode(struct asn1_ctx *ctx,
351 unsigned char *eoc,
352 unsigned char **octets, unsigned int *len)
353{
354 unsigned char *ptr;
355
356 *len = 0;
357
358 *octets = kmalloc(eoc - ctx->pointer, GFP_ATOMIC);
359 if (*octets == NULL) {
360 return 0;
361 }
362
363 ptr = *octets;
364 while (ctx->pointer < eoc) {
365 if (!asn1_octet_decode(ctx, (unsigned char *) ptr++)) {
366 kfree(*octets);
367 *octets = NULL;
368 return 0;
369 }
370 (*len)++;
371 }
372 return 1;
373} */
374
375static unsigned char
376asn1_subid_decode(struct asn1_ctx *ctx, unsigned long *subid)
377{
378 unsigned char ch;
379
380 *subid = 0;
381
382 do {
383 if (!asn1_octet_decode(ctx, &ch))
384 return 0;
385
386 *subid <<= 7;
387 *subid |= ch & 0x7F;
388 } while ((ch & 0x80) == 0x80);
389 return 1;
390}
391
50c2f753 392static int
1da177e4
LT		 393asn1_oid_decode(struct asn1_ctx *ctx,
394 unsigned char *eoc, unsigned long **oid, unsigned int *len)
395{
396 unsigned long subid;
397 unsigned int size;
398 unsigned long *optr;
399
400 size = eoc - ctx->pointer + 1;
ddb2c435
CW		 401
402 /* first subid actually encodes first two subids */
04e1e0cc 403 if (size < 2 || size > UINT_MAX/sizeof(unsigned long))
ddb2c435
CW		 404 return 0;
405
26f57364
SF		 406 *oid = kmalloc(size * sizeof(unsigned long), GFP_ATOMIC);
407 if (*oid == NULL)
1da177e4 408 return 0;
1da177e4
LT		 409
410 optr = *oid;
411
412 if (!asn1_subid_decode(ctx, &subid)) {
413 kfree(*oid);
414 *oid = NULL;
415 return 0;
416 }
417
418 if (subid < 40) {
419 optr[0] = 0;
420 optr[1] = subid;
421 } else if (subid < 80) {
422 optr[0] = 1;
423 optr[1] = subid - 40;
424 } else {
425 optr[0] = 2;
426 optr[1] = subid - 80;
427 }
428
429 *len = 2;
430 optr += 2;
431
432 while (ctx->pointer < eoc) {
433 if (++(*len) > size) {
434 ctx->error = ASN1_ERR_DEC_BADVALUE;
435 kfree(*oid);
436 *oid = NULL;
437 return 0;
438 }
439
440 if (!asn1_subid_decode(ctx, optr++)) {
441 kfree(*oid);
442 *oid = NULL;
443 return 0;
444 }
445 }
446 return 1;
447}
448
449static int
450compare_oid(unsigned long *oid1, unsigned int oid1len,
451 unsigned long *oid2, unsigned int oid2len)
452{
453 unsigned int i;
454
455 if (oid1len != oid2len)
456 return 0;
457 else {
458 for (i = 0; i < oid1len; i++) {
459 if (oid1[i] != oid2[i])
460 return 0;
461 }
462 return 1;
463 }
464}
465
466 /* BB check for endian conversion issues here */
467
468int
469decode_negTokenInit(unsigned char *security_blob, int length,
470 enum securityEnum *secType)
471{
472 struct asn1_ctx ctx;
473 unsigned char *end;
474 unsigned char *sequence_end;
475 unsigned long *oid = NULL;
476 unsigned int cls, con, tag, oidlen, rc;
4b18f2a9
SF		 477 bool use_ntlmssp = false;
478 bool use_kerberos = false;
1da177e4 479
50c2f753 480 *secType = NTLM; /* BB eventually make Kerberos or NLTMSSP the default*/
1da177e4
LT		 481
482 /* cifs_dump_mem(" Received SecBlob ", security_blob, length); */
483
484 asn1_open(&ctx, security_blob, length);
485
2f0e58ac 486 /* GSSAPI header */
1da177e4 487 if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) {
26a21b98 488 cFYI(1, ("Error decoding negTokenInit header"));
1da177e4
LT		 489 return 0;
490 } else if ((cls != ASN1_APL) || (con != ASN1_CON)
491 || (tag != ASN1_EOC)) {
492 cFYI(1, ("cls = %d con = %d tag = %d", cls, con, tag));
493 return 0;
2f0e58ac 494 }
1da177e4 495
2f0e58ac
JL		 496 /* Check for SPNEGO OID -- remember to free obj->oid */
497 rc = asn1_header_decode(&ctx, &end, &cls, &con, &tag);
498 if (rc) {
499 if ((tag == ASN1_OJI) && (con == ASN1_PRI) &&
500 (cls == ASN1_UNI)) {
501 rc = asn1_oid_decode(&ctx, end, &oid, &oidlen);
502 if (rc) {
503 rc = compare_oid(oid, oidlen, SPNEGO_OID,
504 SPNEGO_OID_LEN);
505 kfree(oid);
506 }
507 } else
508 rc = 0;
509 }
1da177e4 510
2f0e58ac
JL		 511 /* SPNEGO OID not present or garbled -- bail out */
512 if (!rc) {
513 cFYI(1, ("Error decoding negTokenInit header"));
514 return 0;
515 }
1da177e4 516
2f0e58ac
JL		 517 if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) {
518 cFYI(1, ("Error decoding negTokenInit"));
519 return 0;
520 } else if ((cls != ASN1_CTX) || (con != ASN1_CON)
521 || (tag != ASN1_EOC)) {
522 cFYI(1,
523 ("cls = %d con = %d tag = %d end = %p (%d) exit 0",
524 cls, con, tag, end, *end));
525 return 0;
526 }
1da177e4 527
2f0e58ac
JL		 528 if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) {
529 cFYI(1, ("Error decoding negTokenInit"));
530 return 0;
531 } else if ((cls != ASN1_UNI) || (con != ASN1_CON)
532 || (tag != ASN1_SEQ)) {
533 cFYI(1,
534 ("cls = %d con = %d tag = %d end = %p (%d) exit 1",
535 cls, con, tag, end, *end));
536 return 0;
537 }
1da177e4 538
2f0e58ac
JL		 539 if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) {
540 cFYI(1, ("Error decoding 2nd part of negTokenInit"));
541 return 0;
542 } else if ((cls != ASN1_CTX) || (con != ASN1_CON)
543 || (tag != ASN1_EOC)) {
544 cFYI(1,
545 ("cls = %d con = %d tag = %d end = %p (%d) exit 0",
546 cls, con, tag, end, *end));
547 return 0;
548 }
1da177e4 549
2f0e58ac
JL		 550 if (asn1_header_decode
551 (&ctx, &sequence_end, &cls, &con, &tag) == 0) {
552 cFYI(1, ("Error decoding 2nd part of negTokenInit"));
553 return 0;
554 } else if ((cls != ASN1_UNI) || (con != ASN1_CON)
555 || (tag != ASN1_SEQ)) {
556 cFYI(1,
557 ("cls = %d con = %d tag = %d end = %p (%d) exit 1",
558 cls, con, tag, end, *end));
559 return 0;
560 }
1da177e4 561
2f0e58ac
JL		 562 while (!asn1_eoc_decode(&ctx, sequence_end)) {
563 rc = asn1_header_decode(&ctx, &end, &cls, &con, &tag);
564 if (!rc) {
1da177e4 565 cFYI(1,
2f0e58ac 566 ("Error decoding negTokenInit hdr exit2"));
1da177e4
LT		 567 return 0;
568 }
2f0e58ac
JL		 569 if ((tag == ASN1_OJI) && (con == ASN1_PRI)) {
570 if (asn1_oid_decode(&ctx, end, &oid, &oidlen)) {
571
572 cFYI(1, ("OID len = %d oid = 0x%lx 0x%lx "
573 "0x%lx 0x%lx", oidlen, *oid,
574 *(oid + 1), *(oid + 2), *(oid + 3)));
575
576 if (compare_oid(oid, oidlen, MSKRB5_OID,
577 MSKRB5_OID_LEN))
578 use_kerberos = true;
579 else if (compare_oid(oid, oidlen, KRB5_OID,
580 KRB5_OID_LEN))
581 use_kerberos = true;
582 else if (compare_oid(oid, oidlen, NTLMSSP_OID,
583 NTLMSSP_OID_LEN))
584 use_ntlmssp = true;
585
586 kfree(oid);
587 }
588 } else {
589 cFYI(1, ("Should be an oid what is going on?"));
1da177e4 590 }
2f0e58ac 591 }
1da177e4 592
2f0e58ac
JL		 593 if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) {
594 cFYI(1, ("Error decoding last part negTokenInit exit3"));
595 return 0;
596 } else if ((cls != ASN1_CTX) || (con != ASN1_CON)) {
597 /* tag = 3 indicating mechListMIC */
598 cFYI(1, ("Exit 4 cls = %d con = %d tag = %d end = %p (%d)",
599 cls, con, tag, end, *end));
600 return 0;
601 }
602 if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) {
603 cFYI(1, ("Error decoding last part negTokenInit exit5"));
604 return 0;
605 } else if ((cls != ASN1_UNI) || (con != ASN1_CON)
606 || (tag != ASN1_SEQ)) {
607 cFYI(1, ("cls = %d con = %d tag = %d end = %p (%d)",
608 cls, con, tag, end, *end));
609 }
610
611 if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) {
612 cFYI(1, ("Error decoding last part negTokenInit exit 7"));
613 return 0;
614 } else if ((cls != ASN1_CTX) || (con != ASN1_CON)) {
615 cFYI(1, ("Exit 8 cls = %d con = %d tag = %d end = %p (%d)",
616 cls, con, tag, end, *end));
617 return 0;
618 }
619 if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) {
620 cFYI(1, ("Error decoding last part negTokenInit exit9"));
621 return 0;
622 } else if ((cls != ASN1_UNI) || (con != ASN1_PRI)
623 || (tag != ASN1_GENSTR)) {
624 cFYI(1, ("Exit10 cls = %d con = %d tag = %d end = %p (%d)",
625 cls, con, tag, end, *end));
626 return 0;
1da177e4 627 }
2f0e58ac
JL		 628 cFYI(1, ("Need to call asn1_octets_decode() function for %s",
629 ctx.pointer)); /* is this UTF-8 or ASCII? */
1da177e4 630
e545937a
JL		 631 if (use_kerberos)
632 *secType = Kerberos;
633 else if (use_ntlmssp)
1da177e4 634 *secType = NTLMSSP;
1da177e4
LT		 635
636 return 1;
637}
Linux 6.x block layer and io_uring tree(s)