1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * The ASB.1/BER parsing code is derived from ip_nat_snmp_basic.c which was in
4 * turn derived from the gxsnmp package by Gregory McLean & Jochen Friedrich
6 * Copyright (c) 2000 RP Internet (www.rpi.net.au).
9 #include <linux/module.h>
10 #include <linux/types.h>
11 #include <linux/kernel.h>
13 #include <linux/slab.h>
16 #include "cifs_debug.h"
17 #include "cifsproto.h"
19 /*****************************************************************************
21 * Basic ASN.1 decoding routines (gxsnmp author Dirk Wisse)
23 *****************************************************************************/
26 #define ASN1_UNI 0 /* Universal */
27 #define ASN1_APL 1 /* Application */
28 #define ASN1_CTX 2 /* Context */
29 #define ASN1_PRV 3 /* Private */
32 #define ASN1_EOC 0 /* End Of Contents or N/A */
33 #define ASN1_BOL 1 /* Boolean */
34 #define ASN1_INT 2 /* Integer */
35 #define ASN1_BTS 3 /* Bit String */
36 #define ASN1_OTS 4 /* Octet String */
37 #define ASN1_NUL 5 /* Null */
38 #define ASN1_OJI 6 /* Object Identifier */
39 #define ASN1_OJD 7 /* Object Description */
40 #define ASN1_EXT 8 /* External */
41 #define ASN1_ENUM 10 /* Enumerated */
42 #define ASN1_SEQ 16 /* Sequence */
43 #define ASN1_SET 17 /* Set */
44 #define ASN1_NUMSTR 18 /* Numerical String */
45 #define ASN1_PRNSTR 19 /* Printable String */
46 #define ASN1_TEXSTR 20 /* Teletext String */
47 #define ASN1_VIDSTR 21 /* Video String */
48 #define ASN1_IA5STR 22 /* IA5 String */
49 #define ASN1_UNITIM 23 /* Universal Time */
50 #define ASN1_GENTIM 24 /* General Time */
51 #define ASN1_GRASTR 25 /* Graphical String */
52 #define ASN1_VISSTR 26 /* Visible String */
53 #define ASN1_GENSTR 27 /* General String */
55 /* Primitive / Constructed methods*/
56 #define ASN1_PRI 0 /* Primitive */
57 #define ASN1_CON 1 /* Constructed */
62 #define ASN1_ERR_NOERROR 0
63 #define ASN1_ERR_DEC_EMPTY 2
64 #define ASN1_ERR_DEC_EOC_MISMATCH 3
65 #define ASN1_ERR_DEC_LENGTH_MISMATCH 4
66 #define ASN1_ERR_DEC_BADVALUE 5
68 #define SPNEGO_OID_LEN 7
69 #define NTLMSSP_OID_LEN 10
70 #define KRB5_OID_LEN 7
71 #define KRB5U2U_OID_LEN 8
72 #define MSKRB5_OID_LEN 7
73 static unsigned long SPNEGO_OID[7] = { 1, 3, 6, 1, 5, 5, 2 };
74 static unsigned long NTLMSSP_OID[10] = { 1, 3, 6, 1, 4, 1, 311, 2, 2, 10 };
75 static unsigned long KRB5_OID[7] = { 1, 2, 840, 113554, 1, 2, 2 };
76 static unsigned long KRB5U2U_OID[8] = { 1, 2, 840, 113554, 1, 2, 2, 3 };
77 static unsigned long MSKRB5_OID[7] = { 1, 2, 840, 48018, 1, 2, 2 };
83 int error; /* Error condition */
84 unsigned char *pointer; /* Octet just to be decoded */
85 unsigned char *begin; /* First octet */
86 unsigned char *end; /* Octet after last octet */
90 * Octet string (not null terminated)
98 asn1_open(struct asn1_ctx *ctx, unsigned char *buf, unsigned int len)
101 ctx->end = buf + len;
103 ctx->error = ASN1_ERR_NOERROR;
107 asn1_octet_decode(struct asn1_ctx *ctx, unsigned char *ch)
109 if (ctx->pointer >= ctx->end) {
110 ctx->error = ASN1_ERR_DEC_EMPTY;
113 *ch = *(ctx->pointer)++;
117 #if 0 /* will be needed later by spnego decoding/encoding of ntlmssp */
119 asn1_enum_decode(struct asn1_ctx *ctx, __le32 *val)
123 if (ctx->pointer >= ctx->end) {
124 ctx->error = ASN1_ERR_DEC_EMPTY;
128 ch = *(ctx->pointer)++; /* ch has 0xa, ptr points to length octet */
129 if ((ch) == ASN1_ENUM) /* if ch value is ENUM, 0xa */
130 *val = *(++(ctx->pointer)); /* value has enum value */
140 asn1_tag_decode(struct asn1_ctx *ctx, unsigned int *tag)
147 if (!asn1_octet_decode(ctx, &ch))
151 } while ((ch & 0x80) == 0x80);
156 asn1_id_decode(struct asn1_ctx *ctx,
157 unsigned int *cls, unsigned int *con, unsigned int *tag)
161 if (!asn1_octet_decode(ctx, &ch))
164 *cls = (ch & 0xC0) >> 6;
165 *con = (ch & 0x20) >> 5;
169 if (!asn1_tag_decode(ctx, tag))
176 asn1_length_decode(struct asn1_ctx *ctx, unsigned int *def, unsigned int *len)
178 unsigned char ch, cnt;
180 if (!asn1_octet_decode(ctx, &ch))
191 cnt = (unsigned char) (ch & 0x7F);
195 if (!asn1_octet_decode(ctx, &ch))
204 /* don't trust len bigger than ctx buffer */
205 if (*len > ctx->end - ctx->pointer)
212 asn1_header_decode(struct asn1_ctx *ctx,
214 unsigned int *cls, unsigned int *con, unsigned int *tag)
216 unsigned int def = 0;
217 unsigned int len = 0;
219 if (!asn1_id_decode(ctx, cls, con, tag))
222 if (!asn1_length_decode(ctx, &def, &len))
225 /* primitive shall be definite, indefinite shall be constructed */
226 if (*con == ASN1_PRI && !def)
230 *eoc = ctx->pointer + len;
237 asn1_eoc_decode(struct asn1_ctx *ctx, unsigned char *eoc)
242 if (!asn1_octet_decode(ctx, &ch))
246 ctx->error = ASN1_ERR_DEC_EOC_MISMATCH;
250 if (!asn1_octet_decode(ctx, &ch))
254 ctx->error = ASN1_ERR_DEC_EOC_MISMATCH;
259 if (ctx->pointer != eoc) {
260 ctx->error = ASN1_ERR_DEC_LENGTH_MISMATCH;
267 /* static unsigned char asn1_null_decode(struct asn1_ctx *ctx,
274 static unsigned char asn1_long_decode(struct asn1_ctx *ctx,
275 unsigned char *eoc, long *integer)
280 if (!asn1_octet_decode(ctx, &ch))
283 *integer = (signed char) ch;
286 while (ctx->pointer < eoc) {
287 if (++len > sizeof(long)) {
288 ctx->error = ASN1_ERR_DEC_BADVALUE;
292 if (!asn1_octet_decode(ctx, &ch))
301 static unsigned char asn1_uint_decode(struct asn1_ctx *ctx,
303 unsigned int *integer)
308 if (!asn1_octet_decode(ctx, &ch))
317 while (ctx->pointer < eoc) {
318 if (++len > sizeof(unsigned int)) {
319 ctx->error = ASN1_ERR_DEC_BADVALUE;
323 if (!asn1_octet_decode(ctx, &ch))
332 static unsigned char asn1_ulong_decode(struct asn1_ctx *ctx,
334 unsigned long *integer)
339 if (!asn1_octet_decode(ctx, &ch))
348 while (ctx->pointer < eoc) {
349 if (++len > sizeof(unsigned long)) {
350 ctx->error = ASN1_ERR_DEC_BADVALUE;
354 if (!asn1_octet_decode(ctx, &ch))
364 asn1_octets_decode(struct asn1_ctx *ctx,
366 unsigned char **octets, unsigned int *len)
372 *octets = kmalloc(eoc - ctx->pointer, GFP_ATOMIC);
373 if (*octets == NULL) {
378 while (ctx->pointer < eoc) {
379 if (!asn1_octet_decode(ctx, (unsigned char *) ptr++)) {
390 asn1_subid_decode(struct asn1_ctx *ctx, unsigned long *subid)
397 if (!asn1_octet_decode(ctx, &ch))
402 } while ((ch & 0x80) == 0x80);
407 asn1_oid_decode(struct asn1_ctx *ctx,
408 unsigned char *eoc, unsigned long **oid, unsigned int *len)
414 size = eoc - ctx->pointer + 1;
416 /* first subid actually encodes first two subids */
417 if (size < 2 || size > UINT_MAX/sizeof(unsigned long))
420 *oid = kmalloc_array(size, sizeof(unsigned long), GFP_ATOMIC);
426 if (!asn1_subid_decode(ctx, &subid)) {
435 } else if (subid < 80) {
437 optr[1] = subid - 40;
440 optr[1] = subid - 80;
446 while (ctx->pointer < eoc) {
447 if (++(*len) > size) {
448 ctx->error = ASN1_ERR_DEC_BADVALUE;
454 if (!asn1_subid_decode(ctx, optr++)) {
464 compare_oid(unsigned long *oid1, unsigned int oid1len,
465 unsigned long *oid2, unsigned int oid2len)
469 if (oid1len != oid2len)
472 for (i = 0; i < oid1len; i++) {
473 if (oid1[i] != oid2[i])
480 /* BB check for endian conversion issues here */
483 decode_negTokenInit(unsigned char *security_blob, int length,
484 struct TCP_Server_Info *server)
488 unsigned char *sequence_end;
489 unsigned long *oid = NULL;
490 unsigned int cls, con, tag, oidlen, rc;
492 /* cifs_dump_mem(" Received SecBlob ", security_blob, length); */
494 asn1_open(&ctx, security_blob, length);
497 if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) {
498 cifs_dbg(FYI, "Error decoding negTokenInit header\n");
500 } else if ((cls != ASN1_APL) || (con != ASN1_CON)
501 || (tag != ASN1_EOC)) {
502 cifs_dbg(FYI, "cls = %d con = %d tag = %d\n", cls, con, tag);
506 /* Check for SPNEGO OID -- remember to free obj->oid */
507 rc = asn1_header_decode(&ctx, &end, &cls, &con, &tag);
509 if ((tag == ASN1_OJI) && (con == ASN1_PRI) &&
511 rc = asn1_oid_decode(&ctx, end, &oid, &oidlen);
513 rc = compare_oid(oid, oidlen, SPNEGO_OID,
521 /* SPNEGO OID not present or garbled -- bail out */
523 cifs_dbg(FYI, "Error decoding negTokenInit header\n");
528 if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) {
529 cifs_dbg(FYI, "Error decoding negTokenInit\n");
531 } else if ((cls != ASN1_CTX) || (con != ASN1_CON)
532 || (tag != ASN1_EOC)) {
533 cifs_dbg(FYI, "cls = %d con = %d tag = %d end = %p exit 0\n",
539 if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) {
540 cifs_dbg(FYI, "Error decoding negTokenInit\n");
542 } else if ((cls != ASN1_UNI) || (con != ASN1_CON)
543 || (tag != ASN1_SEQ)) {
544 cifs_dbg(FYI, "cls = %d con = %d tag = %d end = %p exit 1\n",
550 if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) {
551 cifs_dbg(FYI, "Error decoding 2nd part of negTokenInit\n");
553 } else if ((cls != ASN1_CTX) || (con != ASN1_CON)
554 || (tag != ASN1_EOC)) {
555 cifs_dbg(FYI, "cls = %d con = %d tag = %d end = %p exit 0\n",
561 if (asn1_header_decode
562 (&ctx, &sequence_end, &cls, &con, &tag) == 0) {
563 cifs_dbg(FYI, "Error decoding 2nd part of negTokenInit\n");
565 } else if ((cls != ASN1_UNI) || (con != ASN1_CON)
566 || (tag != ASN1_SEQ)) {
567 cifs_dbg(FYI, "cls = %d con = %d tag = %d sequence_end = %p exit 1\n",
568 cls, con, tag, sequence_end);
572 /* list of security mechanisms */
573 while (!asn1_eoc_decode(&ctx, sequence_end)) {
574 rc = asn1_header_decode(&ctx, &end, &cls, &con, &tag);
576 cifs_dbg(FYI, "Error decoding negTokenInit hdr exit2\n");
579 if ((tag == ASN1_OJI) && (con == ASN1_PRI)) {
580 if (asn1_oid_decode(&ctx, end, &oid, &oidlen)) {
582 cifs_dbg(FYI, "OID len = %d oid = 0x%lx 0x%lx 0x%lx 0x%lx\n",
583 oidlen, *oid, *(oid + 1), *(oid + 2),
586 if (compare_oid(oid, oidlen, MSKRB5_OID,
588 server->sec_mskerberos = true;
589 else if (compare_oid(oid, oidlen, KRB5U2U_OID,
591 server->sec_kerberosu2u = true;
592 else if (compare_oid(oid, oidlen, KRB5_OID,
594 server->sec_kerberos = true;
595 else if (compare_oid(oid, oidlen, NTLMSSP_OID,
597 server->sec_ntlmssp = true;
602 cifs_dbg(FYI, "Should be an oid what is going on?\n");
607 * We currently ignore anything at the end of the SPNEGO blob after
608 * the mechTypes have been parsed, since none of that info is
609 * used at the moment.