Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
asn1.c
Go to the documentation of this file.
1 /*
2  * The ASB.1/BER parsing code is derived from ip_nat_snmp_basic.c which was in
3  * turn derived from the gxsnmp package by Gregory McLean & Jochen Friedrich
4  *
5  * Copyright (c) 2000 RP Internet (www.rpi.net.au).
6  *
7  * This program is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License as published by
9  * the Free Software Foundation; either version 2 of the License, or
10  * (at your option) any later version.
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14  * GNU General Public License for more details.
15  * You should have received a copy of the GNU General Public License
16  * along with this program; if not, write to the Free Software
17  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18  */
19 
20 #include <linux/module.h>
21 #include <linux/types.h>
22 #include <linux/kernel.h>
23 #include <linux/mm.h>
24 #include <linux/slab.h>
25 #include "cifspdu.h"
26 #include "cifsglob.h"
27 #include "cifs_debug.h"
28 #include "cifsproto.h"
29 
30 /*****************************************************************************
31  *
32  * Basic ASN.1 decoding routines (gxsnmp author Dirk Wisse)
33  *
34  *****************************************************************************/
35 
36 /* Class */
37 #define ASN1_UNI 0 /* Universal */
38 #define ASN1_APL 1 /* Application */
39 #define ASN1_CTX 2 /* Context */
40 #define ASN1_PRV 3 /* Private */
41 
42 /* Tag */
43 #define ASN1_EOC 0 /* End Of Contents or N/A */
44 #define ASN1_BOL 1 /* Boolean */
45 #define ASN1_INT 2 /* Integer */
46 #define ASN1_BTS 3 /* Bit String */
47 #define ASN1_OTS 4 /* Octet String */
48 #define ASN1_NUL 5 /* Null */
49 #define ASN1_OJI 6 /* Object Identifier */
50 #define ASN1_OJD 7 /* Object Description */
51 #define ASN1_EXT 8 /* External */
52 #define ASN1_ENUM 10 /* Enumerated */
53 #define ASN1_SEQ 16 /* Sequence */
54 #define ASN1_SET 17 /* Set */
55 #define ASN1_NUMSTR 18 /* Numerical String */
56 #define ASN1_PRNSTR 19 /* Printable String */
57 #define ASN1_TEXSTR 20 /* Teletext String */
58 #define ASN1_VIDSTR 21 /* Video String */
59 #define ASN1_IA5STR 22 /* IA5 String */
60 #define ASN1_UNITIM 23 /* Universal Time */
61 #define ASN1_GENTIM 24 /* General Time */
62 #define ASN1_GRASTR 25 /* Graphical String */
63 #define ASN1_VISSTR 26 /* Visible String */
64 #define ASN1_GENSTR 27 /* General String */
65 
66 /* Primitive / Constructed methods*/
67 #define ASN1_PRI 0 /* Primitive */
68 #define ASN1_CON 1 /* Constructed */
69 
70 /*
71  * Error codes.
72  */
73 #define ASN1_ERR_NOERROR 0
74 #define ASN1_ERR_DEC_EMPTY 2
75 #define ASN1_ERR_DEC_EOC_MISMATCH 3
76 #define ASN1_ERR_DEC_LENGTH_MISMATCH 4
77 #define ASN1_ERR_DEC_BADVALUE 5
78 
79 #define SPNEGO_OID_LEN 7
80 #define NTLMSSP_OID_LEN 10
81 #define KRB5_OID_LEN 7
82 #define KRB5U2U_OID_LEN 8
83 #define MSKRB5_OID_LEN 7
84 static unsigned long SPNEGO_OID[7] = { 1, 3, 6, 1, 5, 5, 2 };
85 static unsigned long NTLMSSP_OID[10] = { 1, 3, 6, 1, 4, 1, 311, 2, 2, 10 };
86 static unsigned long KRB5_OID[7] = { 1, 2, 840, 113554, 1, 2, 2 };
87 static unsigned long KRB5U2U_OID[8] = { 1, 2, 840, 113554, 1, 2, 2, 3 };
88 static unsigned long MSKRB5_OID[7] = { 1, 2, 840, 48018, 1, 2, 2 };
89 
90 /*
91  * ASN.1 context.
92  */
93 struct asn1_ctx {
94  int error; /* Error condition */
95  unsigned char *pointer; /* Octet just to be decoded */
96  unsigned char *begin; /* First octet */
97  unsigned char *end; /* Octet after last octet */
98 };
99 
100 /*
101  * Octet string (not null terminated)
102  */
103 struct asn1_octstr {
104  unsigned char *data;
105  unsigned int len;
106 };
107 
108 static void
109 asn1_open(struct asn1_ctx *ctx, unsigned char *buf, unsigned int len)
110 {
111  ctx->begin = buf;
112  ctx->end = buf + len;
113  ctx->pointer = buf;
114  ctx->error = ASN1_ERR_NOERROR;
115 }
116 
117 static unsigned char
118 asn1_octet_decode(struct asn1_ctx *ctx, unsigned char *ch)
119 {
120  if (ctx->pointer >= ctx->end) {
121  ctx->error = ASN1_ERR_DEC_EMPTY;
122  return 0;
123  }
124  *ch = *(ctx->pointer)++;
125  return 1;
126 }
127 
128 #if 0 /* will be needed later by spnego decoding/encoding of ntlmssp */
129 static unsigned char
130 asn1_enum_decode(struct asn1_ctx *ctx, __le32 *val)
131 {
132  unsigned char ch;
133 
134  if (ctx->pointer >= ctx->end) {
135  ctx->error = ASN1_ERR_DEC_EMPTY;
136  return 0;
137  }
138 
139  ch = *(ctx->pointer)++; /* ch has 0xa, ptr points to length octet */
140  if ((ch) == ASN1_ENUM) /* if ch value is ENUM, 0xa */
141  *val = *(++(ctx->pointer)); /* value has enum value */
142  else
143  return 0;
144 
145  ctx->pointer++;
146  return 1;
147 }
148 #endif
149 
150 static unsigned char
151 asn1_tag_decode(struct asn1_ctx *ctx, unsigned int *tag)
152 {
153  unsigned char ch;
154 
155  *tag = 0;
156 
157  do {
158  if (!asn1_octet_decode(ctx, &ch))
159  return 0;
160  *tag <<= 7;
161  *tag |= ch & 0x7F;
162  } while ((ch & 0x80) == 0x80);
163  return 1;
164 }
165 
166 static unsigned char
167 asn1_id_decode(struct asn1_ctx *ctx,
168  unsigned int *cls, unsigned int *con, unsigned int *tag)
169 {
170  unsigned char ch;
171 
172  if (!asn1_octet_decode(ctx, &ch))
173  return 0;
174 
175  *cls = (ch & 0xC0) >> 6;
176  *con = (ch & 0x20) >> 5;
177  *tag = (ch & 0x1F);
178 
179  if (*tag == 0x1F) {
180  if (!asn1_tag_decode(ctx, tag))
181  return 0;
182  }
183  return 1;
184 }
185 
186 static unsigned char
187 asn1_length_decode(struct asn1_ctx *ctx, unsigned int *def, unsigned int *len)
188 {
189  unsigned char ch, cnt;
190 
191  if (!asn1_octet_decode(ctx, &ch))
192  return 0;
193 
194  if (ch == 0x80)
195  *def = 0;
196  else {
197  *def = 1;
198 
199  if (ch < 0x80)
200  *len = ch;
201  else {
202  cnt = (unsigned char) (ch & 0x7F);
203  *len = 0;
204 
205  while (cnt > 0) {
206  if (!asn1_octet_decode(ctx, &ch))
207  return 0;
208  *len <<= 8;
209  *len |= ch;
210  cnt--;
211  }
212  }
213  }
214 
215  /* don't trust len bigger than ctx buffer */
216  if (*len > ctx->end - ctx->pointer)
217  return 0;
218 
219  return 1;
220 }
221 
222 static unsigned char
223 asn1_header_decode(struct asn1_ctx *ctx,
224  unsigned char **eoc,
225  unsigned int *cls, unsigned int *con, unsigned int *tag)
226 {
227  unsigned int def = 0;
228  unsigned int len = 0;
229 
230  if (!asn1_id_decode(ctx, cls, con, tag))
231  return 0;
232 
233  if (!asn1_length_decode(ctx, &def, &len))
234  return 0;
235 
236  /* primitive shall be definite, indefinite shall be constructed */
237  if (*con == ASN1_PRI && !def)
238  return 0;
239 
240  if (def)
241  *eoc = ctx->pointer + len;
242  else
243  *eoc = NULL;
244  return 1;
245 }
246 
247 static unsigned char
248 asn1_eoc_decode(struct asn1_ctx *ctx, unsigned char *eoc)
249 {
250  unsigned char ch;
251 
252  if (eoc == NULL) {
253  if (!asn1_octet_decode(ctx, &ch))
254  return 0;
255 
256  if (ch != 0x00) {
257  ctx->error = ASN1_ERR_DEC_EOC_MISMATCH;
258  return 0;
259  }
260 
261  if (!asn1_octet_decode(ctx, &ch))
262  return 0;
263 
264  if (ch != 0x00) {
265  ctx->error = ASN1_ERR_DEC_EOC_MISMATCH;
266  return 0;
267  }
268  return 1;
269  } else {
270  if (ctx->pointer != eoc) {
271  ctx->error = ASN1_ERR_DEC_LENGTH_MISMATCH;
272  return 0;
273  }
274  return 1;
275  }
276 }
277 
278 /* static unsigned char asn1_null_decode(struct asn1_ctx *ctx,
279  unsigned char *eoc)
280 {
281  ctx->pointer = eoc;
282  return 1;
283 }
284 
285 static unsigned char asn1_long_decode(struct asn1_ctx *ctx,
286  unsigned char *eoc, long *integer)
287 {
288  unsigned char ch;
289  unsigned int len;
290 
291  if (!asn1_octet_decode(ctx, &ch))
292  return 0;
293 
294  *integer = (signed char) ch;
295  len = 1;
296 
297  while (ctx->pointer < eoc) {
298  if (++len > sizeof(long)) {
299  ctx->error = ASN1_ERR_DEC_BADVALUE;
300  return 0;
301  }
302 
303  if (!asn1_octet_decode(ctx, &ch))
304  return 0;
305 
306  *integer <<= 8;
307  *integer |= ch;
308  }
309  return 1;
310 }
311 
312 static unsigned char asn1_uint_decode(struct asn1_ctx *ctx,
313  unsigned char *eoc,
314  unsigned int *integer)
315 {
316  unsigned char ch;
317  unsigned int len;
318 
319  if (!asn1_octet_decode(ctx, &ch))
320  return 0;
321 
322  *integer = ch;
323  if (ch == 0)
324  len = 0;
325  else
326  len = 1;
327 
328  while (ctx->pointer < eoc) {
329  if (++len > sizeof(unsigned int)) {
330  ctx->error = ASN1_ERR_DEC_BADVALUE;
331  return 0;
332  }
333 
334  if (!asn1_octet_decode(ctx, &ch))
335  return 0;
336 
337  *integer <<= 8;
338  *integer |= ch;
339  }
340  return 1;
341 }
342 
343 static unsigned char asn1_ulong_decode(struct asn1_ctx *ctx,
344  unsigned char *eoc,
345  unsigned long *integer)
346 {
347  unsigned char ch;
348  unsigned int len;
349 
350  if (!asn1_octet_decode(ctx, &ch))
351  return 0;
352 
353  *integer = ch;
354  if (ch == 0)
355  len = 0;
356  else
357  len = 1;
358 
359  while (ctx->pointer < eoc) {
360  if (++len > sizeof(unsigned long)) {
361  ctx->error = ASN1_ERR_DEC_BADVALUE;
362  return 0;
363  }
364 
365  if (!asn1_octet_decode(ctx, &ch))
366  return 0;
367 
368  *integer <<= 8;
369  *integer |= ch;
370  }
371  return 1;
372 }
373 
374 static unsigned char
375 asn1_octets_decode(struct asn1_ctx *ctx,
376  unsigned char *eoc,
377  unsigned char **octets, unsigned int *len)
378 {
379  unsigned char *ptr;
380 
381  *len = 0;
382 
383  *octets = kmalloc(eoc - ctx->pointer, GFP_ATOMIC);
384  if (*octets == NULL) {
385  return 0;
386  }
387 
388  ptr = *octets;
389  while (ctx->pointer < eoc) {
390  if (!asn1_octet_decode(ctx, (unsigned char *) ptr++)) {
391  kfree(*octets);
392  *octets = NULL;
393  return 0;
394  }
395  (*len)++;
396  }
397  return 1;
398 } */
399 
400 static unsigned char
401 asn1_subid_decode(struct asn1_ctx *ctx, unsigned long *subid)
402 {
403  unsigned char ch;
404 
405  *subid = 0;
406 
407  do {
408  if (!asn1_octet_decode(ctx, &ch))
409  return 0;
410 
411  *subid <<= 7;
412  *subid |= ch & 0x7F;
413  } while ((ch & 0x80) == 0x80);
414  return 1;
415 }
416 
417 static int
418 asn1_oid_decode(struct asn1_ctx *ctx,
419  unsigned char *eoc, unsigned long **oid, unsigned int *len)
420 {
421  unsigned long subid;
422  unsigned int size;
423  unsigned long *optr;
424 
425  size = eoc - ctx->pointer + 1;
426 
427  /* first subid actually encodes first two subids */
428  if (size < 2 || size > UINT_MAX/sizeof(unsigned long))
429  return 0;
430 
431  *oid = kmalloc(size * sizeof(unsigned long), GFP_ATOMIC);
432  if (*oid == NULL)
433  return 0;
434 
435  optr = *oid;
436 
437  if (!asn1_subid_decode(ctx, &subid)) {
438  kfree(*oid);
439  *oid = NULL;
440  return 0;
441  }
442 
443  if (subid < 40) {
444  optr[0] = 0;
445  optr[1] = subid;
446  } else if (subid < 80) {
447  optr[0] = 1;
448  optr[1] = subid - 40;
449  } else {
450  optr[0] = 2;
451  optr[1] = subid - 80;
452  }
453 
454  *len = 2;
455  optr += 2;
456 
457  while (ctx->pointer < eoc) {
458  if (++(*len) > size) {
459  ctx->error = ASN1_ERR_DEC_BADVALUE;
460  kfree(*oid);
461  *oid = NULL;
462  return 0;
463  }
464 
465  if (!asn1_subid_decode(ctx, optr++)) {
466  kfree(*oid);
467  *oid = NULL;
468  return 0;
469  }
470  }
471  return 1;
472 }
473 
474 static int
475 compare_oid(unsigned long *oid1, unsigned int oid1len,
476  unsigned long *oid2, unsigned int oid2len)
477 {
478  unsigned int i;
479 
480  if (oid1len != oid2len)
481  return 0;
482  else {
483  for (i = 0; i < oid1len; i++) {
484  if (oid1[i] != oid2[i])
485  return 0;
486  }
487  return 1;
488  }
489 }
490 
491  /* BB check for endian conversion issues here */
492 
493 int
494 decode_negTokenInit(unsigned char *security_blob, int length,
495  struct TCP_Server_Info *server)
496 {
497  struct asn1_ctx ctx;
498  unsigned char *end;
499  unsigned char *sequence_end;
500  unsigned long *oid = NULL;
501  unsigned int cls, con, tag, oidlen, rc;
502 
503  /* cifs_dump_mem(" Received SecBlob ", security_blob, length); */
504 
505  asn1_open(&ctx, security_blob, length);
506 
507  /* GSSAPI header */
508  if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) {
509  cFYI(1, "Error decoding negTokenInit header");
510  return 0;
511  } else if ((cls != ASN1_APL) || (con != ASN1_CON)
512  || (tag != ASN1_EOC)) {
513  cFYI(1, "cls = %d con = %d tag = %d", cls, con, tag);
514  return 0;
515  }
516 
517  /* Check for SPNEGO OID -- remember to free obj->oid */
518  rc = asn1_header_decode(&ctx, &end, &cls, &con, &tag);
519  if (rc) {
520  if ((tag == ASN1_OJI) && (con == ASN1_PRI) &&
521  (cls == ASN1_UNI)) {
522  rc = asn1_oid_decode(&ctx, end, &oid, &oidlen);
523  if (rc) {
524  rc = compare_oid(oid, oidlen, SPNEGO_OID,
525  SPNEGO_OID_LEN);
526  kfree(oid);
527  }
528  } else
529  rc = 0;
530  }
531 
532  /* SPNEGO OID not present or garbled -- bail out */
533  if (!rc) {
534  cFYI(1, "Error decoding negTokenInit header");
535  return 0;
536  }
537 
538  /* SPNEGO */
539  if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) {
540  cFYI(1, "Error decoding negTokenInit");
541  return 0;
542  } else if ((cls != ASN1_CTX) || (con != ASN1_CON)
543  || (tag != ASN1_EOC)) {
544  cFYI(1, "cls = %d con = %d tag = %d end = %p (%d) exit 0",
545  cls, con, tag, end, *end);
546  return 0;
547  }
548 
549  /* negTokenInit */
550  if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) {
551  cFYI(1, "Error decoding negTokenInit");
552  return 0;
553  } else if ((cls != ASN1_UNI) || (con != ASN1_CON)
554  || (tag != ASN1_SEQ)) {
555  cFYI(1, "cls = %d con = %d tag = %d end = %p (%d) exit 1",
556  cls, con, tag, end, *end);
557  return 0;
558  }
559 
560  /* sequence */
561  if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) {
562  cFYI(1, "Error decoding 2nd part of negTokenInit");
563  return 0;
564  } else if ((cls != ASN1_CTX) || (con != ASN1_CON)
565  || (tag != ASN1_EOC)) {
566  cFYI(1, "cls = %d con = %d tag = %d end = %p (%d) exit 0",
567  cls, con, tag, end, *end);
568  return 0;
569  }
570 
571  /* sequence of */
572  if (asn1_header_decode
573  (&ctx, &sequence_end, &cls, &con, &tag) == 0) {
574  cFYI(1, "Error decoding 2nd part of negTokenInit");
575  return 0;
576  } else if ((cls != ASN1_UNI) || (con != ASN1_CON)
577  || (tag != ASN1_SEQ)) {
578  cFYI(1, "cls = %d con = %d tag = %d end = %p (%d) exit 1",
579  cls, con, tag, end, *end);
580  return 0;
581  }
582 
583  /* list of security mechanisms */
584  while (!asn1_eoc_decode(&ctx, sequence_end)) {
585  rc = asn1_header_decode(&ctx, &end, &cls, &con, &tag);
586  if (!rc) {
587  cFYI(1, "Error decoding negTokenInit hdr exit2");
588  return 0;
589  }
590  if ((tag == ASN1_OJI) && (con == ASN1_PRI)) {
591  if (asn1_oid_decode(&ctx, end, &oid, &oidlen)) {
592 
593  cFYI(1, "OID len = %d oid = 0x%lx 0x%lx "
594  "0x%lx 0x%lx", oidlen, *oid,
595  *(oid + 1), *(oid + 2), *(oid + 3));
596 
597  if (compare_oid(oid, oidlen, MSKRB5_OID,
598  MSKRB5_OID_LEN))
599  server->sec_mskerberos = true;
600  else if (compare_oid(oid, oidlen, KRB5U2U_OID,
601  KRB5U2U_OID_LEN))
602  server->sec_kerberosu2u = true;
603  else if (compare_oid(oid, oidlen, KRB5_OID,
604  KRB5_OID_LEN))
605  server->sec_kerberos = true;
606  else if (compare_oid(oid, oidlen, NTLMSSP_OID,
607  NTLMSSP_OID_LEN))
608  server->sec_ntlmssp = true;
609 
610  kfree(oid);
611  }
612  } else {
613  cFYI(1, "Should be an oid what is going on?");
614  }
615  }
616 
617  /* mechlistMIC */
618  if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) {
619  /* Check if we have reached the end of the blob, but with
620  no mechListMic (e.g. NTLMSSP instead of KRB5) */
621  if (ctx.error == ASN1_ERR_DEC_EMPTY)
622  goto decode_negtoken_exit;
623  cFYI(1, "Error decoding last part negTokenInit exit3");
624  return 0;
625  } else if ((cls != ASN1_CTX) || (con != ASN1_CON)) {
626  /* tag = 3 indicating mechListMIC */
627  cFYI(1, "Exit 4 cls = %d con = %d tag = %d end = %p (%d)",
628  cls, con, tag, end, *end);
629  return 0;
630  }
631 
632  /* sequence */
633  if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) {
634  cFYI(1, "Error decoding last part negTokenInit exit5");
635  return 0;
636  } else if ((cls != ASN1_UNI) || (con != ASN1_CON)
637  || (tag != ASN1_SEQ)) {
638  cFYI(1, "cls = %d con = %d tag = %d end = %p (%d)",
639  cls, con, tag, end, *end);
640  }
641 
642  /* sequence of */
643  if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) {
644  cFYI(1, "Error decoding last part negTokenInit exit 7");
645  return 0;
646  } else if ((cls != ASN1_CTX) || (con != ASN1_CON)) {
647  cFYI(1, "Exit 8 cls = %d con = %d tag = %d end = %p (%d)",
648  cls, con, tag, end, *end);
649  return 0;
650  }
651 
652  /* general string */
653  if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) {
654  cFYI(1, "Error decoding last part negTokenInit exit9");
655  return 0;
656  } else if ((cls != ASN1_UNI) || (con != ASN1_PRI)
657  || (tag != ASN1_GENSTR)) {
658  cFYI(1, "Exit10 cls = %d con = %d tag = %d end = %p (%d)",
659  cls, con, tag, end, *end);
660  return 0;
661  }
662  cFYI(1, "Need to call asn1_octets_decode() function for %s",
663  ctx.pointer); /* is this UTF-8 or ASCII? */
664 decode_negtoken_exit:
665  return 1;
666 }
Generated on Thu Jan 10 2013 14:45:53 for Linux Kernel by   doxygen 1.8.2