1 | /* |
2 | * linux/net/sunrpc/gss_generic_token.c |
3 | * |
4 | * Adapted from MIT Kerberos 5-1.2.1 lib/gssapi/generic/util_token.c |
5 | * |
6 | * Copyright (c) 2000 The Regents of the University of Michigan. |
7 | * All rights reserved. |
8 | * |
9 | * Andy Adamson <andros@umich.edu> |
10 | */ |
11 | |
12 | /* |
13 | * Copyright 1993 by OpenVision Technologies, Inc. |
14 | * |
15 | * Permission to use, copy, modify, distribute, and sell this software |
16 | * and its documentation for any purpose is hereby granted without fee, |
17 | * provided that the above copyright notice appears in all copies and |
18 | * that both that copyright notice and this permission notice appear in |
19 | * supporting documentation, and that the name of OpenVision not be used |
20 | * in advertising or publicity pertaining to distribution of the software |
21 | * without specific, written prior permission. OpenVision makes no |
22 | * representations about the suitability of this software for any |
23 | * purpose. It is provided "as is" without express or implied warranty. |
24 | * |
25 | * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, |
26 | * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO |
27 | * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR |
28 | * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF |
29 | * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR |
30 | * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR |
31 | * PERFORMANCE OF THIS SOFTWARE. |
32 | */ |
33 | |
34 | #include <linux/types.h> |
35 | #include <linux/module.h> |
36 | #include <linux/string.h> |
37 | #include <linux/sunrpc/sched.h> |
38 | #include <linux/sunrpc/gss_asn1.h> |
39 | |
40 | |
41 | #if IS_ENABLED(CONFIG_SUNRPC_DEBUG) |
42 | # define RPCDBG_FACILITY RPCDBG_AUTH |
43 | #endif |
44 | |
45 | |
46 | /* TWRITE_STR from gssapiP_generic.h */ |
47 | #define TWRITE_STR(ptr, str, len) \ |
48 | memcpy((ptr), (char *) (str), (len)); \ |
49 | (ptr) += (len); |
50 | |
51 | /* XXXX this code currently makes the assumption that a mech oid will |
52 | never be longer than 127 bytes. This assumption is not inherent in |
53 | the interfaces, so the code can be fixed if the OSI namespace |
54 | balloons unexpectedly. */ |
55 | |
56 | /* Each token looks like this: |
57 | |
58 | 0x60 tag for APPLICATION 0, SEQUENCE |
59 | (constructed, definite-length) |
60 | <length> possible multiple bytes, need to parse/generate |
61 | 0x06 tag for OBJECT IDENTIFIER |
62 | <moid_length> compile-time constant string (assume 1 byte) |
63 | <moid_bytes> compile-time constant string |
64 | <inner_bytes> the ANY containing the application token |
65 | bytes 0,1 are the token type |
66 | bytes 2,n are the token data |
67 | |
68 | For the purposes of this abstraction, the token "header" consists of |
69 | the sequence tag and length octets, the mech OID DER encoding, and the |
70 | first two inner bytes, which indicate the token type. The token |
71 | "body" consists of everything else. |
72 | |
73 | */ |
74 | |
75 | static int |
76 | der_length_size( int length) |
77 | { |
78 | if (length < (1<<7)) |
79 | return 1; |
80 | else if (length < (1<<8)) |
81 | return 2; |
82 | #if (SIZEOF_INT == 2) |
83 | else |
84 | return 3; |
85 | #else |
86 | else if (length < (1<<16)) |
87 | return 3; |
88 | else if (length < (1<<24)) |
89 | return 4; |
90 | else |
91 | return 5; |
92 | #endif |
93 | } |
94 | |
95 | static void |
96 | der_write_length(unsigned char **buf, int length) |
97 | { |
98 | if (length < (1<<7)) { |
99 | *(*buf)++ = (unsigned char) length; |
100 | } else { |
101 | *(*buf)++ = (unsigned char) (der_length_size(length)+127); |
102 | #if (SIZEOF_INT > 2) |
103 | if (length >= (1<<24)) |
104 | *(*buf)++ = (unsigned char) (length>>24); |
105 | if (length >= (1<<16)) |
106 | *(*buf)++ = (unsigned char) ((length>>16)&0xff); |
107 | #endif |
108 | if (length >= (1<<8)) |
109 | *(*buf)++ = (unsigned char) ((length>>8)&0xff); |
110 | *(*buf)++ = (unsigned char) (length&0xff); |
111 | } |
112 | } |
113 | |
114 | /* returns decoded length, or < 0 on failure. Advances buf and |
115 | decrements bufsize */ |
116 | |
117 | static int |
118 | der_read_length(unsigned char **buf, int *bufsize) |
119 | { |
120 | unsigned char sf; |
121 | int ret; |
122 | |
123 | if (*bufsize < 1) |
124 | return -1; |
125 | sf = *(*buf)++; |
126 | (*bufsize)--; |
127 | if (sf & 0x80) { |
128 | if ((sf &= 0x7f) > ((*bufsize)-1)) |
129 | return -1; |
130 | if (sf > SIZEOF_INT) |
131 | return -1; |
132 | ret = 0; |
133 | for (; sf; sf--) { |
134 | ret = (ret<<8) + (*(*buf)++); |
135 | (*bufsize)--; |
136 | } |
137 | } else { |
138 | ret = sf; |
139 | } |
140 | |
141 | return ret; |
142 | } |
143 | |
144 | /* returns the length of a token, given the mech oid and the body size */ |
145 | |
146 | int |
147 | g_token_size(struct xdr_netobj *mech, unsigned int body_size) |
148 | { |
149 | /* set body_size to sequence contents size */ |
150 | body_size += 2 + (int) mech->len; /* NEED overflow check */ |
151 | return 1 + der_length_size(length: body_size) + body_size; |
152 | } |
153 | |
154 | EXPORT_SYMBOL_GPL(g_token_size); |
155 | |
156 | /* fills in a buffer with the token header. The buffer is assumed to |
157 | be the right size. buf is advanced past the token header */ |
158 | |
159 | void |
160 | (struct xdr_netobj *mech, int body_size, unsigned char **buf) |
161 | { |
162 | *(*buf)++ = 0x60; |
163 | der_write_length(buf, length: 2 + mech->len + body_size); |
164 | *(*buf)++ = 0x06; |
165 | *(*buf)++ = (unsigned char) mech->len; |
166 | TWRITE_STR(*buf, mech->data, ((int) mech->len)); |
167 | } |
168 | |
169 | EXPORT_SYMBOL_GPL(g_make_token_header); |
170 | |
171 | /* |
172 | * Given a buffer containing a token, reads and verifies the token, |
173 | * leaving buf advanced past the token header, and setting body_size |
174 | * to the number of remaining bytes. Returns 0 on success, |
175 | * G_BAD_TOK_HEADER for a variety of errors, and G_WRONG_MECH if the |
176 | * mechanism in the token does not match the mech argument. buf and |
177 | * *body_size are left unmodified on error. |
178 | */ |
179 | u32 |
180 | (struct xdr_netobj *mech, int *body_size, |
181 | unsigned char **buf_in, int toksize) |
182 | { |
183 | unsigned char *buf = *buf_in; |
184 | int seqsize; |
185 | struct xdr_netobj toid; |
186 | int ret = 0; |
187 | |
188 | if ((toksize-=1) < 0) |
189 | return G_BAD_TOK_HEADER; |
190 | if (*buf++ != 0x60) |
191 | return G_BAD_TOK_HEADER; |
192 | |
193 | if ((seqsize = der_read_length(buf: &buf, bufsize: &toksize)) < 0) |
194 | return G_BAD_TOK_HEADER; |
195 | |
196 | if (seqsize != toksize) |
197 | return G_BAD_TOK_HEADER; |
198 | |
199 | if ((toksize-=1) < 0) |
200 | return G_BAD_TOK_HEADER; |
201 | if (*buf++ != 0x06) |
202 | return G_BAD_TOK_HEADER; |
203 | |
204 | if ((toksize-=1) < 0) |
205 | return G_BAD_TOK_HEADER; |
206 | toid.len = *buf++; |
207 | |
208 | if ((toksize-=toid.len) < 0) |
209 | return G_BAD_TOK_HEADER; |
210 | toid.data = buf; |
211 | buf+=toid.len; |
212 | |
213 | if (! g_OID_equal(&toid, mech)) |
214 | ret = G_WRONG_MECH; |
215 | |
216 | /* G_WRONG_MECH is not returned immediately because it's more important |
217 | to return G_BAD_TOK_HEADER if the token header is in fact bad */ |
218 | |
219 | if ((toksize-=2) < 0) |
220 | return G_BAD_TOK_HEADER; |
221 | |
222 | if (ret) |
223 | return ret; |
224 | |
225 | *buf_in = buf; |
226 | *body_size = toksize; |
227 | |
228 | return ret; |
229 | } |
230 | |
231 | EXPORT_SYMBOL_GPL(g_verify_token_header); |
232 | |