asn1.c 14 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623
  1. /*
  2. * The ASB.1/BER parsing code is derived from ip_nat_snmp_basic.c which was in
  3. * turn derived from the gxsnmp package by Gregory McLean & Jochen Friedrich
  4. *
  5. * Copyright (c) 2000 RP Internet (www.rpi.net.au).
  6. *
  7. * This program is free software; you can redistribute it and/or modify
  8. * it under the terms of the GNU General Public License as published by
  9. * the Free Software Foundation; either version 2 of the License, or
  10. * (at your option) any later version.
  11. * This program is distributed in the hope that it will be useful,
  12. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14. * GNU General Public License for more details.
  15. * You should have received a copy of the GNU General Public License
  16. * along with this program; if not, write to the Free Software
  17. * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
  18. */
  19. #include <linux/module.h>
  20. #include <linux/types.h>
  21. #include <linux/kernel.h>
  22. #include <linux/mm.h>
  23. #include <linux/slab.h>
  24. #include "cifspdu.h"
  25. #include "cifsglob.h"
  26. #include "cifs_debug.h"
  27. #include "cifsproto.h"
  28. /*****************************************************************************
  29. *
  30. * Basic ASN.1 decoding routines (gxsnmp author Dirk Wisse)
  31. *
  32. *****************************************************************************/
  33. /* Class */
  34. #define ASN1_UNI 0 /* Universal */
  35. #define ASN1_APL 1 /* Application */
  36. #define ASN1_CTX 2 /* Context */
  37. #define ASN1_PRV 3 /* Private */
  38. /* Tag */
  39. #define ASN1_EOC 0 /* End Of Contents or N/A */
  40. #define ASN1_BOL 1 /* Boolean */
  41. #define ASN1_INT 2 /* Integer */
  42. #define ASN1_BTS 3 /* Bit String */
  43. #define ASN1_OTS 4 /* Octet String */
  44. #define ASN1_NUL 5 /* Null */
  45. #define ASN1_OJI 6 /* Object Identifier */
  46. #define ASN1_OJD 7 /* Object Description */
  47. #define ASN1_EXT 8 /* External */
  48. #define ASN1_ENUM 10 /* Enumerated */
  49. #define ASN1_SEQ 16 /* Sequence */
  50. #define ASN1_SET 17 /* Set */
  51. #define ASN1_NUMSTR 18 /* Numerical String */
  52. #define ASN1_PRNSTR 19 /* Printable String */
  53. #define ASN1_TEXSTR 20 /* Teletext String */
  54. #define ASN1_VIDSTR 21 /* Video String */
  55. #define ASN1_IA5STR 22 /* IA5 String */
  56. #define ASN1_UNITIM 23 /* Universal Time */
  57. #define ASN1_GENTIM 24 /* General Time */
  58. #define ASN1_GRASTR 25 /* Graphical String */
  59. #define ASN1_VISSTR 26 /* Visible String */
  60. #define ASN1_GENSTR 27 /* General String */
  61. /* Primitive / Constructed methods*/
  62. #define ASN1_PRI 0 /* Primitive */
  63. #define ASN1_CON 1 /* Constructed */
  64. /*
  65. * Error codes.
  66. */
  67. #define ASN1_ERR_NOERROR 0
  68. #define ASN1_ERR_DEC_EMPTY 2
  69. #define ASN1_ERR_DEC_EOC_MISMATCH 3
  70. #define ASN1_ERR_DEC_LENGTH_MISMATCH 4
  71. #define ASN1_ERR_DEC_BADVALUE 5
  72. #define SPNEGO_OID_LEN 7
  73. #define NTLMSSP_OID_LEN 10
  74. #define KRB5_OID_LEN 7
  75. #define KRB5U2U_OID_LEN 8
  76. #define MSKRB5_OID_LEN 7
  77. static unsigned long SPNEGO_OID[7] = { 1, 3, 6, 1, 5, 5, 2 };
  78. static unsigned long NTLMSSP_OID[10] = { 1, 3, 6, 1, 4, 1, 311, 2, 2, 10 };
  79. static unsigned long KRB5_OID[7] = { 1, 2, 840, 113554, 1, 2, 2 };
  80. static unsigned long KRB5U2U_OID[8] = { 1, 2, 840, 113554, 1, 2, 2, 3 };
  81. static unsigned long MSKRB5_OID[7] = { 1, 2, 840, 48018, 1, 2, 2 };
  82. /*
  83. * ASN.1 context.
  84. */
  85. struct asn1_ctx {
  86. int error; /* Error condition */
  87. unsigned char *pointer; /* Octet just to be decoded */
  88. unsigned char *begin; /* First octet */
  89. unsigned char *end; /* Octet after last octet */
  90. };
  91. /*
  92. * Octet string (not null terminated)
  93. */
  94. struct asn1_octstr {
  95. unsigned char *data;
  96. unsigned int len;
  97. };
  98. static void
  99. asn1_open(struct asn1_ctx *ctx, unsigned char *buf, unsigned int len)
  100. {
  101. ctx->begin = buf;
  102. ctx->end = buf + len;
  103. ctx->pointer = buf;
  104. ctx->error = ASN1_ERR_NOERROR;
  105. }
  106. static unsigned char
  107. asn1_octet_decode(struct asn1_ctx *ctx, unsigned char *ch)
  108. {
  109. if (ctx->pointer >= ctx->end) {
  110. ctx->error = ASN1_ERR_DEC_EMPTY;
  111. return 0;
  112. }
  113. *ch = *(ctx->pointer)++;
  114. return 1;
  115. }
  116. #if 0 /* will be needed later by spnego decoding/encoding of ntlmssp */
  117. static unsigned char
  118. asn1_enum_decode(struct asn1_ctx *ctx, __le32 *val)
  119. {
  120. unsigned char ch;
  121. if (ctx->pointer >= ctx->end) {
  122. ctx->error = ASN1_ERR_DEC_EMPTY;
  123. return 0;
  124. }
  125. ch = *(ctx->pointer)++; /* ch has 0xa, ptr points to length octet */
  126. if ((ch) == ASN1_ENUM) /* if ch value is ENUM, 0xa */
  127. *val = *(++(ctx->pointer)); /* value has enum value */
  128. else
  129. return 0;
  130. ctx->pointer++;
  131. return 1;
  132. }
  133. #endif
  134. static unsigned char
  135. asn1_tag_decode(struct asn1_ctx *ctx, unsigned int *tag)
  136. {
  137. unsigned char ch;
  138. *tag = 0;
  139. do {
  140. if (!asn1_octet_decode(ctx, &ch))
  141. return 0;
  142. *tag <<= 7;
  143. *tag |= ch & 0x7F;
  144. } while ((ch & 0x80) == 0x80);
  145. return 1;
  146. }
  147. static unsigned char
  148. asn1_id_decode(struct asn1_ctx *ctx,
  149. unsigned int *cls, unsigned int *con, unsigned int *tag)
  150. {
  151. unsigned char ch;
  152. if (!asn1_octet_decode(ctx, &ch))
  153. return 0;
  154. *cls = (ch & 0xC0) >> 6;
  155. *con = (ch & 0x20) >> 5;
  156. *tag = (ch & 0x1F);
  157. if (*tag == 0x1F) {
  158. if (!asn1_tag_decode(ctx, tag))
  159. return 0;
  160. }
  161. return 1;
  162. }
  163. static unsigned char
  164. asn1_length_decode(struct asn1_ctx *ctx, unsigned int *def, unsigned int *len)
  165. {
  166. unsigned char ch, cnt;
  167. if (!asn1_octet_decode(ctx, &ch))
  168. return 0;
  169. if (ch == 0x80)
  170. *def = 0;
  171. else {
  172. *def = 1;
  173. if (ch < 0x80)
  174. *len = ch;
  175. else {
  176. cnt = (unsigned char) (ch & 0x7F);
  177. *len = 0;
  178. while (cnt > 0) {
  179. if (!asn1_octet_decode(ctx, &ch))
  180. return 0;
  181. *len <<= 8;
  182. *len |= ch;
  183. cnt--;
  184. }
  185. }
  186. }
  187. /* don't trust len bigger than ctx buffer */
  188. if (*len > ctx->end - ctx->pointer)
  189. return 0;
  190. return 1;
  191. }
  192. static unsigned char
  193. asn1_header_decode(struct asn1_ctx *ctx,
  194. unsigned char **eoc,
  195. unsigned int *cls, unsigned int *con, unsigned int *tag)
  196. {
  197. unsigned int def = 0;
  198. unsigned int len = 0;
  199. if (!asn1_id_decode(ctx, cls, con, tag))
  200. return 0;
  201. if (!asn1_length_decode(ctx, &def, &len))
  202. return 0;
  203. /* primitive shall be definite, indefinite shall be constructed */
  204. if (*con == ASN1_PRI && !def)
  205. return 0;
  206. if (def)
  207. *eoc = ctx->pointer + len;
  208. else
  209. *eoc = NULL;
  210. return 1;
  211. }
  212. static unsigned char
  213. asn1_eoc_decode(struct asn1_ctx *ctx, unsigned char *eoc)
  214. {
  215. unsigned char ch;
  216. if (eoc == NULL) {
  217. if (!asn1_octet_decode(ctx, &ch))
  218. return 0;
  219. if (ch != 0x00) {
  220. ctx->error = ASN1_ERR_DEC_EOC_MISMATCH;
  221. return 0;
  222. }
  223. if (!asn1_octet_decode(ctx, &ch))
  224. return 0;
  225. if (ch != 0x00) {
  226. ctx->error = ASN1_ERR_DEC_EOC_MISMATCH;
  227. return 0;
  228. }
  229. return 1;
  230. } else {
  231. if (ctx->pointer != eoc) {
  232. ctx->error = ASN1_ERR_DEC_LENGTH_MISMATCH;
  233. return 0;
  234. }
  235. return 1;
  236. }
  237. }
  238. /* static unsigned char asn1_null_decode(struct asn1_ctx *ctx,
  239. unsigned char *eoc)
  240. {
  241. ctx->pointer = eoc;
  242. return 1;
  243. }
  244. static unsigned char asn1_long_decode(struct asn1_ctx *ctx,
  245. unsigned char *eoc, long *integer)
  246. {
  247. unsigned char ch;
  248. unsigned int len;
  249. if (!asn1_octet_decode(ctx, &ch))
  250. return 0;
  251. *integer = (signed char) ch;
  252. len = 1;
  253. while (ctx->pointer < eoc) {
  254. if (++len > sizeof(long)) {
  255. ctx->error = ASN1_ERR_DEC_BADVALUE;
  256. return 0;
  257. }
  258. if (!asn1_octet_decode(ctx, &ch))
  259. return 0;
  260. *integer <<= 8;
  261. *integer |= ch;
  262. }
  263. return 1;
  264. }
  265. static unsigned char asn1_uint_decode(struct asn1_ctx *ctx,
  266. unsigned char *eoc,
  267. unsigned int *integer)
  268. {
  269. unsigned char ch;
  270. unsigned int len;
  271. if (!asn1_octet_decode(ctx, &ch))
  272. return 0;
  273. *integer = ch;
  274. if (ch == 0)
  275. len = 0;
  276. else
  277. len = 1;
  278. while (ctx->pointer < eoc) {
  279. if (++len > sizeof(unsigned int)) {
  280. ctx->error = ASN1_ERR_DEC_BADVALUE;
  281. return 0;
  282. }
  283. if (!asn1_octet_decode(ctx, &ch))
  284. return 0;
  285. *integer <<= 8;
  286. *integer |= ch;
  287. }
  288. return 1;
  289. }
  290. static unsigned char asn1_ulong_decode(struct asn1_ctx *ctx,
  291. unsigned char *eoc,
  292. unsigned long *integer)
  293. {
  294. unsigned char ch;
  295. unsigned int len;
  296. if (!asn1_octet_decode(ctx, &ch))
  297. return 0;
  298. *integer = ch;
  299. if (ch == 0)
  300. len = 0;
  301. else
  302. len = 1;
  303. while (ctx->pointer < eoc) {
  304. if (++len > sizeof(unsigned long)) {
  305. ctx->error = ASN1_ERR_DEC_BADVALUE;
  306. return 0;
  307. }
  308. if (!asn1_octet_decode(ctx, &ch))
  309. return 0;
  310. *integer <<= 8;
  311. *integer |= ch;
  312. }
  313. return 1;
  314. }
  315. static unsigned char
  316. asn1_octets_decode(struct asn1_ctx *ctx,
  317. unsigned char *eoc,
  318. unsigned char **octets, unsigned int *len)
  319. {
  320. unsigned char *ptr;
  321. *len = 0;
  322. *octets = kmalloc(eoc - ctx->pointer, GFP_ATOMIC);
  323. if (*octets == NULL) {
  324. return 0;
  325. }
  326. ptr = *octets;
  327. while (ctx->pointer < eoc) {
  328. if (!asn1_octet_decode(ctx, (unsigned char *) ptr++)) {
  329. kfree(*octets);
  330. *octets = NULL;
  331. return 0;
  332. }
  333. (*len)++;
  334. }
  335. return 1;
  336. } */
  337. static unsigned char
  338. asn1_subid_decode(struct asn1_ctx *ctx, unsigned long *subid)
  339. {
  340. unsigned char ch;
  341. *subid = 0;
  342. do {
  343. if (!asn1_octet_decode(ctx, &ch))
  344. return 0;
  345. *subid <<= 7;
  346. *subid |= ch & 0x7F;
  347. } while ((ch & 0x80) == 0x80);
  348. return 1;
  349. }
  350. static int
  351. asn1_oid_decode(struct asn1_ctx *ctx,
  352. unsigned char *eoc, unsigned long **oid, unsigned int *len)
  353. {
  354. unsigned long subid;
  355. unsigned int size;
  356. unsigned long *optr;
  357. size = eoc - ctx->pointer + 1;
  358. /* first subid actually encodes first two subids */
  359. if (size < 2 || size > UINT_MAX/sizeof(unsigned long))
  360. return 0;
  361. *oid = kmalloc(size * sizeof(unsigned long), GFP_ATOMIC);
  362. if (*oid == NULL)
  363. return 0;
  364. optr = *oid;
  365. if (!asn1_subid_decode(ctx, &subid)) {
  366. kfree(*oid);
  367. *oid = NULL;
  368. return 0;
  369. }
  370. if (subid < 40) {
  371. optr[0] = 0;
  372. optr[1] = subid;
  373. } else if (subid < 80) {
  374. optr[0] = 1;
  375. optr[1] = subid - 40;
  376. } else {
  377. optr[0] = 2;
  378. optr[1] = subid - 80;
  379. }
  380. *len = 2;
  381. optr += 2;
  382. while (ctx->pointer < eoc) {
  383. if (++(*len) > size) {
  384. ctx->error = ASN1_ERR_DEC_BADVALUE;
  385. kfree(*oid);
  386. *oid = NULL;
  387. return 0;
  388. }
  389. if (!asn1_subid_decode(ctx, optr++)) {
  390. kfree(*oid);
  391. *oid = NULL;
  392. return 0;
  393. }
  394. }
  395. return 1;
  396. }
  397. static int
  398. compare_oid(unsigned long *oid1, unsigned int oid1len,
  399. unsigned long *oid2, unsigned int oid2len)
  400. {
  401. unsigned int i;
  402. if (oid1len != oid2len)
  403. return 0;
  404. else {
  405. for (i = 0; i < oid1len; i++) {
  406. if (oid1[i] != oid2[i])
  407. return 0;
  408. }
  409. return 1;
  410. }
  411. }
  412. /* BB check for endian conversion issues here */
  413. int
  414. decode_negTokenInit(unsigned char *security_blob, int length,
  415. struct TCP_Server_Info *server)
  416. {
  417. struct asn1_ctx ctx;
  418. unsigned char *end;
  419. unsigned char *sequence_end;
  420. unsigned long *oid = NULL;
  421. unsigned int cls, con, tag, oidlen, rc;
  422. /* cifs_dump_mem(" Received SecBlob ", security_blob, length); */
  423. asn1_open(&ctx, security_blob, length);
  424. /* GSSAPI header */
  425. if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) {
  426. cifs_dbg(FYI, "Error decoding negTokenInit header\n");
  427. return 0;
  428. } else if ((cls != ASN1_APL) || (con != ASN1_CON)
  429. || (tag != ASN1_EOC)) {
  430. cifs_dbg(FYI, "cls = %d con = %d tag = %d\n", cls, con, tag);
  431. return 0;
  432. }
  433. /* Check for SPNEGO OID -- remember to free obj->oid */
  434. rc = asn1_header_decode(&ctx, &end, &cls, &con, &tag);
  435. if (rc) {
  436. if ((tag == ASN1_OJI) && (con == ASN1_PRI) &&
  437. (cls == ASN1_UNI)) {
  438. rc = asn1_oid_decode(&ctx, end, &oid, &oidlen);
  439. if (rc) {
  440. rc = compare_oid(oid, oidlen, SPNEGO_OID,
  441. SPNEGO_OID_LEN);
  442. kfree(oid);
  443. }
  444. } else
  445. rc = 0;
  446. }
  447. /* SPNEGO OID not present or garbled -- bail out */
  448. if (!rc) {
  449. cifs_dbg(FYI, "Error decoding negTokenInit header\n");
  450. return 0;
  451. }
  452. /* SPNEGO */
  453. if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) {
  454. cifs_dbg(FYI, "Error decoding negTokenInit\n");
  455. return 0;
  456. } else if ((cls != ASN1_CTX) || (con != ASN1_CON)
  457. || (tag != ASN1_EOC)) {
  458. cifs_dbg(FYI, "cls = %d con = %d tag = %d end = %p (%d) exit 0\n",
  459. cls, con, tag, end, *end);
  460. return 0;
  461. }
  462. /* negTokenInit */
  463. if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) {
  464. cifs_dbg(FYI, "Error decoding negTokenInit\n");
  465. return 0;
  466. } else if ((cls != ASN1_UNI) || (con != ASN1_CON)
  467. || (tag != ASN1_SEQ)) {
  468. cifs_dbg(FYI, "cls = %d con = %d tag = %d end = %p (%d) exit 1\n",
  469. cls, con, tag, end, *end);
  470. return 0;
  471. }
  472. /* sequence */
  473. if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) {
  474. cifs_dbg(FYI, "Error decoding 2nd part of negTokenInit\n");
  475. return 0;
  476. } else if ((cls != ASN1_CTX) || (con != ASN1_CON)
  477. || (tag != ASN1_EOC)) {
  478. cifs_dbg(FYI, "cls = %d con = %d tag = %d end = %p (%d) exit 0\n",
  479. cls, con, tag, end, *end);
  480. return 0;
  481. }
  482. /* sequence of */
  483. if (asn1_header_decode
  484. (&ctx, &sequence_end, &cls, &con, &tag) == 0) {
  485. cifs_dbg(FYI, "Error decoding 2nd part of negTokenInit\n");
  486. return 0;
  487. } else if ((cls != ASN1_UNI) || (con != ASN1_CON)
  488. || (tag != ASN1_SEQ)) {
  489. cifs_dbg(FYI, "cls = %d con = %d tag = %d end = %p (%d) exit 1\n",
  490. cls, con, tag, end, *end);
  491. return 0;
  492. }
  493. /* list of security mechanisms */
  494. while (!asn1_eoc_decode(&ctx, sequence_end)) {
  495. rc = asn1_header_decode(&ctx, &end, &cls, &con, &tag);
  496. if (!rc) {
  497. cifs_dbg(FYI, "Error decoding negTokenInit hdr exit2\n");
  498. return 0;
  499. }
  500. if ((tag == ASN1_OJI) && (con == ASN1_PRI)) {
  501. if (asn1_oid_decode(&ctx, end, &oid, &oidlen)) {
  502. cifs_dbg(FYI, "OID len = %d oid = 0x%lx 0x%lx 0x%lx 0x%lx\n",
  503. oidlen, *oid, *(oid + 1), *(oid + 2),
  504. *(oid + 3));
  505. if (compare_oid(oid, oidlen, MSKRB5_OID,
  506. MSKRB5_OID_LEN))
  507. server->sec_mskerberos = true;
  508. else if (compare_oid(oid, oidlen, KRB5U2U_OID,
  509. KRB5U2U_OID_LEN))
  510. server->sec_kerberosu2u = true;
  511. else if (compare_oid(oid, oidlen, KRB5_OID,
  512. KRB5_OID_LEN))
  513. server->sec_kerberos = true;
  514. else if (compare_oid(oid, oidlen, NTLMSSP_OID,
  515. NTLMSSP_OID_LEN))
  516. server->sec_ntlmssp = true;
  517. kfree(oid);
  518. }
  519. } else {
  520. cifs_dbg(FYI, "Should be an oid what is going on?\n");
  521. }
  522. }
  523. /*
  524. * We currently ignore anything at the end of the SPNEGO blob after
  525. * the mechTypes have been parsed, since none of that info is
  526. * used at the moment.
  527. */
  528. return 1;
  529. }