[net-next-2.6.git] / net / sunrpc / auth_gss / gss_generic_token.c

/*
 *  linux/net/sunrpc/gss_generic_token.c
 *
 *  Adapted from MIT Kerberos 5-1.2.1 lib/gssapi/generic/util_token.c
 *
 *  Copyright (c) 2000 The Regents of the University of Michigan.
 *  All rights reserved.
 *
 *  Andy Adamson   <andros@umich.edu>
 */

/*
 * Copyright 1993 by OpenVision Technologies, Inc.
 *
 * Permission to use, copy, modify, distribute, and sell this software
 * and its documentation for any purpose is hereby granted without fee,
 * provided that the above copyright notice appears in all copies and
 * that both that copyright notice and this permission notice appear in
 * supporting documentation, and that the name of OpenVision not be used
 * in advertising or publicity pertaining to distribution of the software
 * without specific, written prior permission. OpenVision makes no
 * representations about the suitability of this software for any
 * purpose.  It is provided "as is" without express or implied warranty.
 *
 * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
 * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
 * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
 * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
 * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
 * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 * PERFORMANCE OF THIS SOFTWARE.
 */

#include <linux/types.h>
#include <linux/module.h>
#include <linux/string.h>
#include <linux/sunrpc/sched.h>
#include <linux/sunrpc/gss_asn1.h>


#ifdef RPC_DEBUG
# define RPCDBG_FACILITY        RPCDBG_AUTH
#endif


/* TWRITE_STR from gssapiP_generic.h */
#define TWRITE_STR(ptr, str, len) \
	memcpy((ptr), (char *) (str), (len)); \
	(ptr) += (len);

/* XXXX this code currently makes the assumption that a mech oid will
   never be longer than 127 bytes.  This assumption is not inherent in
   the interfaces, so the code can be fixed if the OSI namespace
   balloons unexpectedly. */

/* Each token looks like this:

0x60				tag for APPLICATION 0, SEQUENCE
					(constructed, definite-length)
	<length>		possible multiple bytes, need to parse/generate
	0x06			tag for OBJECT IDENTIFIER
		<moid_length>	compile-time constant string (assume 1 byte)
		<moid_bytes>	compile-time constant string
	<inner_bytes>		the ANY containing the application token
					bytes 0,1 are the token type
					bytes 2,n are the token data

For the purposes of this abstraction, the token "header" consists of
the sequence tag and length octets, the mech OID DER encoding, and the
first two inner bytes, which indicate the token type.  The token
"body" consists of everything else.

*/

static int
der_length_size( int length)
{
	if (length < (1<<7))
		return 1;
	else if (length < (1<<8))
		return 2;
#if (SIZEOF_INT == 2)
	else
		return 3;
#else
	else if (length < (1<<16))
		return 3;
	else if (length < (1<<24))
		return 4;
	else
		return 5;
#endif
}

static void
der_write_length(unsigned char **buf, int length)
{
	if (length < (1<<7)) {
		*(*buf)++ = (unsigned char) length;
	} else {
		*(*buf)++ = (unsigned char) (der_length_size(length)+127);
#if (SIZEOF_INT > 2)
		if (length >= (1<<24))
			*(*buf)++ = (unsigned char) (length>>24);
		if (length >= (1<<16))
			*(*buf)++ = (unsigned char) ((length>>16)&0xff);
#endif
		if (length >= (1<<8))
			*(*buf)++ = (unsigned char) ((length>>8)&0xff);
		*(*buf)++ = (unsigned char) (length&0xff);
	}
}

/* returns decoded length, or < 0 on failure.  Advances buf and
   decrements bufsize */

static int
der_read_length(unsigned char **buf, int *bufsize)
{
	unsigned char sf;
	int ret;

	if (*bufsize < 1)
		return -1;
	sf = *(*buf)++;
	(*bufsize)--;
	if (sf & 0x80) {
		if ((sf &= 0x7f) > ((*bufsize)-1))
			return -1;
		if (sf > SIZEOF_INT)
			return -1;
		ret = 0;
		for (; sf; sf--) {
			ret = (ret<<8) + (*(*buf)++);
			(*bufsize)--;
		}
	} else {
		ret = sf;
	}

	return ret;
}

/* returns the length of a token, given the mech oid and the body size */

int
g_token_size(struct xdr_netobj *mech, unsigned int body_size)
{
	/* set body_size to sequence contents size */
	body_size += 2 + (int) mech->len;         /* NEED overflow check */
	return 1 + der_length_size(body_size) + body_size;
}

EXPORT_SYMBOL_GPL(g_token_size);

/* fills in a buffer with the token header.  The buffer is assumed to
   be the right size.  buf is advanced past the token header */

void
g_make_token_header(struct xdr_netobj *mech, int body_size, unsigned char **buf)
{
	*(*buf)++ = 0x60;
	der_write_length(buf, 2 + mech->len + body_size);
	*(*buf)++ = 0x06;
	*(*buf)++ = (unsigned char) mech->len;
	TWRITE_STR(*buf, mech->data, ((int) mech->len));
}

EXPORT_SYMBOL_GPL(g_make_token_header);

/*
 * Given a buffer containing a token, reads and verifies the token,
 * leaving buf advanced past the token header, and setting body_size
 * to the number of remaining bytes.  Returns 0 on success,
 * G_BAD_TOK_HEADER for a variety of errors, and G_WRONG_MECH if the
 * mechanism in the token does not match the mech argument.  buf and
 * *body_size are left unmodified on error.
 */
u32
g_verify_token_header(struct xdr_netobj *mech, int *body_size,
		      unsigned char **buf_in, int toksize)
{
	unsigned char *buf = *buf_in;
	int seqsize;
	struct xdr_netobj toid;
	int ret = 0;

	if ((toksize-=1) < 0)
		return G_BAD_TOK_HEADER;
	if (*buf++ != 0x60)
		return G_BAD_TOK_HEADER;

	if ((seqsize = der_read_length(&buf, &toksize)) < 0)
		return G_BAD_TOK_HEADER;

	if (seqsize != toksize)
		return G_BAD_TOK_HEADER;

	if ((toksize-=1) < 0)
		return G_BAD_TOK_HEADER;
	if (*buf++ != 0x06)
		return G_BAD_TOK_HEADER;

	if ((toksize-=1) < 0)
		return G_BAD_TOK_HEADER;
	toid.len = *buf++;

	if ((toksize-=toid.len) < 0)
		return G_BAD_TOK_HEADER;
	toid.data = buf;
	buf+=toid.len;

	if (! g_OID_equal(&toid, mech))
		ret = G_WRONG_MECH;

   /* G_WRONG_MECH is not returned immediately because it's more important
      to return G_BAD_TOK_HEADER if the token header is in fact bad */

	if ((toksize-=2) < 0)
		return G_BAD_TOK_HEADER;

	if (ret)
		return ret;

	if (!ret) {
		*buf_in = buf;
		*body_size = toksize;
	}

	return ret;
}

EXPORT_SYMBOL_GPL(g_verify_token_header);
Commit	Line	Data
1da177e4 LT	1	/*
	2	* linux/net/sunrpc/gss_generic_token.c
	3	*
	4	* Adapted from MIT Kerberos 5-1.2.1 lib/gssapi/generic/util_token.c
	5	*
	6	* Copyright (c) 2000 The Regents of the University of Michigan.
	7	* All rights reserved.
	8	*
	9	* Andy Adamson <andros@umich.edu>
	10	*/
	11
	12	/*
	13	* Copyright 1993 by OpenVision Technologies, Inc.
cca5172a	14	*
1da177e4 LT	15	* Permission to use, copy, modify, distribute, and sell this software
	16	* and its documentation for any purpose is hereby granted without fee,
	17	* provided that the above copyright notice appears in all copies and
	18	* that both that copyright notice and this permission notice appear in
	19	* supporting documentation, and that the name of OpenVision not be used
	20	* in advertising or publicity pertaining to distribution of the software
	21	* without specific, written prior permission. OpenVision makes no
	22	* representations about the suitability of this software for any
	23	* purpose. It is provided "as is" without express or implied warranty.
cca5172a	24	*
1da177e4 LT	25	* OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
	26	* INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
	27	* EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
	28	* CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
	29	* USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
	30	* OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
	31	* PERFORMANCE OF THIS SOFTWARE.
	32	*/
	33
	34	#include <linux/types.h>
	35	#include <linux/module.h>
1da177e4 LT	36	#include <linux/string.h>
	37	#include <linux/sunrpc/sched.h>
	38	#include <linux/sunrpc/gss_asn1.h>
	39
	40
	41	#ifdef RPC_DEBUG
	42	# define RPCDBG_FACILITY RPCDBG_AUTH
	43	#endif
	44
	45
	46	/* TWRITE_STR from gssapiP_generic.h */
	47	#define TWRITE_STR(ptr, str, len) \
	48	memcpy((ptr), (char *) (str), (len)); \
	49	(ptr) += (len);
	50
	51	/* XXXX this code currently makes the assumption that a mech oid will
	52	never be longer than 127 bytes. This assumption is not inherent in
	53	the interfaces, so the code can be fixed if the OSI namespace
	54	balloons unexpectedly. */
	55
	56	/* Each token looks like this:
	57
	58	0x60 tag for APPLICATION 0, SEQUENCE
	59	(constructed, definite-length)
	60	<length> possible multiple bytes, need to parse/generate
	61	0x06 tag for OBJECT IDENTIFIER
	62	<moid_length> compile-time constant string (assume 1 byte)
	63	<moid_bytes> compile-time constant string
	64	<inner_bytes> the ANY containing the application token
	65	bytes 0,1 are the token type
	66	bytes 2,n are the token data
	67
	68	For the purposes of this abstraction, the token "header" consists of
	69	the sequence tag and length octets, the mech OID DER encoding, and the
	70	first two inner bytes, which indicate the token type. The token
	71	"body" consists of everything else.
	72
	73	*/
	74
	75	static int
	76	der_length_size( int length)
	77	{
	78	if (length < (1<<7))
a02cec21	79	return 1;
1da177e4	80	else if (length < (1<<8))
a02cec21	81	return 2;
1da177e4 LT	82	#if (SIZEOF_INT == 2)
1da177e4 LT	83	else
a02cec21	84	return 3;
1da177e4 LT	85	#else
1da177e4 LT	86	else if (length < (1<<16))
a02cec21	87	return 3;
1da177e4	88	else if (length < (1<<24))
a02cec21	89	return 4;
1da177e4	90	else
a02cec21	91	return 5;
1da177e4 LT	92	#endif
	93	}
	94
	95	static void
	96	der_write_length(unsigned char **buf, int length)
	97	{
	98	if (length < (1<<7)) {
	99	(buf)++ = (unsigned char) length;
	100	} else {
	101	(buf)++ = (unsigned char) (der_length_size(length)+127);
	102	#if (SIZEOF_INT > 2)
	103	if (length >= (1<<24))
	104	(buf)++ = (unsigned char) (length>>24);
	105	if (length >= (1<<16))
	106	(buf)++ = (unsigned char) ((length>>16)&0xff);
	107	#endif
	108	if (length >= (1<<8))
	109	(buf)++ = (unsigned char) ((length>>8)&0xff);
	110	(buf)++ = (unsigned char) (length&0xff);
	111	}
	112	}
	113
	114	/* returns decoded length, or < 0 on failure. Advances buf and
	115	decrements bufsize */
	116
	117	static int
	118	der_read_length(unsigned char *buf, int bufsize)
	119	{
	120	unsigned char sf;
	121	int ret;
	122
	123	if (*bufsize < 1)
a02cec21	124	return -1;
1da177e4 LT	125	sf = (buf)++;
	126	(*bufsize)--;
	127	if (sf & 0x80) {
	128	if ((sf &= 0x7f) > ((*bufsize)-1))
a02cec21	129	return -1;
1da177e4	130	if (sf > SIZEOF_INT)
a02cec21	131	return -1;
1da177e4 LT	132	ret = 0;
	133	for (; sf; sf--) {
	134	ret = (ret<<8) + ((buf)++);
	135	(*bufsize)--;
	136	}
	137	} else {
	138	ret = sf;
	139	}
	140
a02cec21	141	return ret;
1da177e4 LT	142	}
	143
	144	/* returns the length of a token, given the mech oid and the body size */
	145
	146	int
	147	g_token_size(struct xdr_netobj *mech, unsigned int body_size)
	148	{
	149	/* set body_size to sequence contents size */
4ab4b0be	150	body_size += 2 + (int) mech->len; /* NEED overflow check */
a02cec21	151	return 1 + der_length_size(body_size) + body_size;
1da177e4 LT	152	}
1da177e4 LT	153
7bd88269	154	EXPORT_SYMBOL_GPL(g_token_size);
1da177e4 LT	155
	156	/* fills in a buffer with the token header. The buffer is assumed to
	157	be the right size. buf is advanced past the token header */
	158
	159	void
	160	g_make_token_header(struct xdr_netobj mech, int body_size, unsigned char *buf)
	161	{
	162	(buf)++ = 0x60;
4ab4b0be	163	der_write_length(buf, 2 + mech->len + body_size);
1da177e4 LT	164	(buf)++ = 0x06;
	165	(buf)++ = (unsigned char) mech->len;
	166	TWRITE_STR(*buf, mech->data, ((int) mech->len));
	167	}
	168
7bd88269	169	EXPORT_SYMBOL_GPL(g_make_token_header);
1da177e4 LT	170
	171	/*
	172	* Given a buffer containing a token, reads and verifies the token,
	173	* leaving buf advanced past the token header, and setting body_size
	174	* to the number of remaining bytes. Returns 0 on success,
	175	* G_BAD_TOK_HEADER for a variety of errors, and G_WRONG_MECH if the
	176	* mechanism in the token does not match the mech argument. buf and
	177	* *body_size are left unmodified on error.
	178	*/
	179	u32
	180	g_verify_token_header(struct xdr_netobj mech, int body_size,
	181	unsigned char **buf_in, int toksize)
	182	{
	183	unsigned char buf = buf_in;
	184	int seqsize;
	185	struct xdr_netobj toid;
	186	int ret = 0;
	187
	188	if ((toksize-=1) < 0)
a02cec21	189	return G_BAD_TOK_HEADER;
1da177e4	190	if (*buf++ != 0x60)
a02cec21	191	return G_BAD_TOK_HEADER;
1da177e4 LT	192
1da177e4 LT	193	if ((seqsize = der_read_length(&buf, &toksize)) < 0)
a02cec21	194	return G_BAD_TOK_HEADER;
1da177e4 LT	195
1da177e4 LT	196	if (seqsize != toksize)
a02cec21	197	return G_BAD_TOK_HEADER;
1da177e4 LT	198
1da177e4 LT	199	if ((toksize-=1) < 0)
a02cec21	200	return G_BAD_TOK_HEADER;
1da177e4	201	if (*buf++ != 0x06)
a02cec21	202	return G_BAD_TOK_HEADER;
cca5172a	203
1da177e4	204	if ((toksize-=1) < 0)
a02cec21	205	return G_BAD_TOK_HEADER;
1da177e4 LT	206	toid.len = *buf++;
	207
	208	if ((toksize-=toid.len) < 0)
a02cec21	209	return G_BAD_TOK_HEADER;
1da177e4 LT	210	toid.data = buf;
	211	buf+=toid.len;
	212
cca5172a	213	if (! g_OID_equal(&toid, mech))
1da177e4	214	ret = G_WRONG_MECH;
cca5172a	215
1da177e4 LT	216	/* G_WRONG_MECH is not returned immediately because it's more important
	217	to return G_BAD_TOK_HEADER if the token header is in fact bad */
	218
	219	if ((toksize-=2) < 0)
a02cec21	220	return G_BAD_TOK_HEADER;
1da177e4 LT	221
1da177e4 LT	222	if (ret)
a02cec21	223	return ret;
1da177e4 LT	224
	225	if (!ret) {
	226	*buf_in = buf;
	227	*body_size = toksize;
	228	}
	229
a02cec21	230	return ret;
1da177e4 LT	231	}
1da177e4 LT	232
7bd88269	233	EXPORT_SYMBOL_GPL(g_verify_token_header);
1da177e4	234