2 * Copyright (c) 2011, JANET(UK)
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of JANET(UK) nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * Portions Copyright 1993 by OpenVision Technologies, Inc.
35 * Permission to use, copy, modify, distribute, and sell this software
36 * and its documentation for any purpose is hereby granted without fee,
37 * provided that the above copyright notice appears in all copies and
38 * that both that copyright notice and this permission notice appear in
39 * supporting documentation, and that the name of OpenVision not be used
40 * in advertising or publicity pertaining to distribution of the software
41 * without specific, written prior permission. OpenVision makes no
42 * representations about the suitability of this software for any
43 * purpose. It is provided "as is" without express or implied warranty.
45 * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
46 * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
47 * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
48 * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
49 * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
50 * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
51 * PERFORMANCE OF THIS SOFTWARE.
55 * Utility routines for GSS tokens.
58 #include "gssapiP_eap.h"
61 gssEapEncodeInnerTokens(OM_uint32 *minor,
62 struct gss_eap_token_buffer_set *tokens,
65 OM_uint32 major, tmpMinor;
66 size_t required = 0, i;
72 for (i = 0; i < tokens->buffers.count; i++) {
73 required += 8 + tokens->buffers.elements[i].length;
77 * We must always return a non-NULL token otherwise the calling state
78 * machine assumes we are finished. Hence care in case malloc(0) does
81 buffer->value = GSSEAP_MALLOC(required ? required : 1);
82 if (buffer->value == NULL) {
83 major = GSS_S_FAILURE;
88 buffer->length = required;
89 p = (unsigned char *)buffer->value;
91 for (i = 0; i < tokens->buffers.count; i++) {
92 gss_buffer_t tokenBuffer = &tokens->buffers.elements[i];
94 assert((tokens->types[i] & ITOK_FLAG_VERIFIED) == 0); /* private flag */
97 * Extensions are encoded as type-length-value, where the upper
98 * bit of the type indicates criticality.
100 store_uint32_be(tokens->types[i], &p[0]);
101 store_uint32_be(tokenBuffer->length, &p[4]);
102 memcpy(&p[8], tokenBuffer->value, tokenBuffer->length);
104 p += 8 + tokenBuffer->length;
107 assert(p == (unsigned char *)buffer->value + required);
108 assert(buffer->value != NULL);
110 major = GSS_S_COMPLETE;
114 if (GSS_ERROR(major)) {
115 gss_release_buffer(&tmpMinor, buffer);
122 gssEapDecodeInnerTokens(OM_uint32 *minor,
123 const gss_buffer_t buffer,
124 struct gss_eap_token_buffer_set *tokens)
126 OM_uint32 major, tmpMinor;
131 tokens->buffers.count = 0;
132 tokens->buffers.elements = NULL;
133 tokens->types = NULL;
135 if (buffer->length == 0) {
136 major = GSS_S_COMPLETE;
140 p = (unsigned char *)buffer->value;
141 remain = buffer->length;
145 gss_buffer_desc tokenBuffer, *newTokenBuffers;
148 major = GSS_S_DEFECTIVE_TOKEN;
149 *minor = GSSEAP_TOK_TRUNC;
153 if (tokens->buffers.count <= count) {
159 ntypes = GSSEAP_MALLOC(count * sizeof(OM_uint32));
160 if (ntypes == NULL) {
161 major = GSS_S_FAILURE;
165 if (tokens->types != NULL) {
166 memcpy(ntypes, tokens->types, tokens->buffers.count * sizeof(OM_uint32));
167 GSSEAP_FREE(tokens->types);
169 tokens->types = ntypes;
171 newTokenBuffers = GSSEAP_MALLOC(count * sizeof(gss_buffer_desc));
172 if (newTokenBuffers == NULL) {
173 major = GSS_S_FAILURE;
177 if (tokens->buffers.elements != NULL) {
178 memcpy(newTokenBuffers, tokens->buffers.elements,
179 tokens->buffers.count * sizeof(gss_buffer_desc));
180 GSSEAP_FREE(tokens->buffers.elements);
182 tokens->buffers.elements = newTokenBuffers;
185 tokens->types[tokens->buffers.count] = load_uint32_be(&p[0]);
186 tokenBuffer.length = load_uint32_be(&p[4]);
188 if (remain < 8 + tokenBuffer.length) {
189 major = GSS_S_DEFECTIVE_TOKEN;
190 *minor = GSSEAP_TOK_TRUNC;
193 tokenBuffer.value = &p[8];
195 tokens->buffers.elements[tokens->buffers.count] = tokenBuffer;
196 tokens->buffers.count++;
198 p += 8 + tokenBuffer.length;
199 remain -= 8 + tokenBuffer.length;
200 } while (remain != 0);
202 major = GSS_S_COMPLETE;
206 if (GSS_ERROR(major))
207 gssEapReleaseInnerTokens(&tmpMinor, tokens, 0);
213 * $Id: util_token.c 23457 2009-12-08 00:04:48Z tlyu $
216 /* XXXX this code currently makes the assumption that a mech oid will
217 never be longer than 127 bytes. This assumption is not inherent in
218 the interfaces, so the code can be fixed if the OSI namespace
219 balloons unexpectedly. */
222 * Each token looks like this:
223 * 0x60 tag for APPLICATION 0, SEQUENCE
224 * (constructed, definite-length)
225 * <length> possible multiple bytes, need to parse/generate
226 * 0x06 tag for OBJECT IDENTIFIER
227 * <moid_length> compile-time constant string (assume 1 byte)
228 * <moid_bytes> compile-time constant string
229 * <inner_bytes> the ANY containing the application token
230 * bytes 0,1 are the token type
231 * bytes 2,n are the token data
233 * Note that the token type field is a feature of RFC 1964 mechanisms and
234 * is not used by other GSSAPI mechanisms. As such, a token type of -1
235 * is interpreted to mean that no token type should be expected or
238 * For the purposes of this abstraction, the token "header" consists of
239 * the sequence tag and length octets, the mech OID DER encoding, and the
240 * first two inner bytes, which indicate the token type. The token
241 * "body" consists of everything else.
245 der_length_size(size_t length)
249 else if (length < (1<<8))
251 #if INT_MAX == 0x7fff
255 else if (length < (1<<16))
257 else if (length < (1<<24))
265 der_write_length(unsigned char **buf, size_t length)
267 if (length < (1<<7)) {
268 *(*buf)++ = (unsigned char)length;
270 *(*buf)++ = (unsigned char)(der_length_size(length)+127);
272 if (length >= (1<<24))
273 *(*buf)++ = (unsigned char)(length>>24);
274 if (length >= (1<<16))
275 *(*buf)++ = (unsigned char)((length>>16)&0xff);
277 if (length >= (1<<8))
278 *(*buf)++ = (unsigned char)((length>>8)&0xff);
279 *(*buf)++ = (unsigned char)(length&0xff);
283 /* returns decoded length, or < 0 on failure. Advances buf and
284 decrements bufsize */
287 der_read_length(unsigned char **buf, ssize_t *bufsize)
298 if ((sf &= 0x7f) > ((*bufsize)-1))
300 if (sf > sizeof(int))
304 ret = (ret<<8) + (*(*buf)++);
314 /* returns the length of a token, given the mech oid and the body size */
317 tokenSize(const gss_OID_desc *mech, size_t body_size)
319 assert(mech != GSS_C_NO_OID);
321 /* set body_size to sequence contents size */
322 body_size += 4 + (size_t) mech->length; /* NEED overflow check */
323 return 1 + der_length_size(body_size) + body_size;
326 /* fills in a buffer with the token header. The buffer is assumed to
327 be the right size. buf is advanced past the token header */
331 const gss_OID_desc *mech,
334 enum gss_eap_token_type tok_type)
337 der_write_length(buf, (tok_type == -1) ?2:4 + mech->length + body_size);
339 *(*buf)++ = (unsigned char)mech->length;
340 memcpy(*buf, mech->elements, mech->length);
341 *buf += mech->length;
342 assert(tok_type != TOK_TYPE_NONE);
343 *(*buf)++ = (unsigned char)((tok_type>>8) & 0xff);
344 *(*buf)++ = (unsigned char)(tok_type & 0xff);
348 * Given a buffer containing a token, reads and verifies the token,
349 * leaving buf advanced past the token header, and setting body_size
350 * to the number of remaining bytes. Returns 0 on success,
351 * G_BAD_TOK_HEADER for a variety of errors, and G_WRONG_MECH if the
352 * mechanism in the token does not match the mech argument. buf and
353 * *body_size are left unmodified on error.
357 verifyTokenHeader(OM_uint32 *minor,
360 unsigned char **buf_in,
362 enum gss_eap_token_type *ret_tok_type)
364 unsigned char *buf = *buf_in;
367 ssize_t toksize = (ssize_t)toksize_in;
369 *minor = GSSEAP_BAD_TOK_HEADER;
371 if (ret_tok_type != NULL)
372 *ret_tok_type = TOK_TYPE_NONE;
374 if ((toksize -= 1) < 0)
375 return GSS_S_DEFECTIVE_TOKEN;
378 return GSS_S_DEFECTIVE_TOKEN;
380 seqsize = der_read_length(&buf, &toksize);
382 return GSS_S_DEFECTIVE_TOKEN;
384 if (seqsize != toksize)
385 return GSS_S_DEFECTIVE_TOKEN;
387 if ((toksize -= 1) < 0)
388 return GSS_S_DEFECTIVE_TOKEN;
391 return GSS_S_DEFECTIVE_TOKEN;
393 if ((toksize -= 1) < 0)
394 return GSS_S_DEFECTIVE_TOKEN;
396 toid.length = *buf++;
398 if ((toksize -= toid.length) < 0)
399 return GSS_S_DEFECTIVE_TOKEN;
404 if (mech->elements == NULL) {
406 if (toid.length == 0)
407 return GSS_S_BAD_MECH;
408 } else if (!oidEqual(&toid, mech)) {
409 *minor = GSSEAP_WRONG_MECH;
410 return GSS_S_BAD_MECH;
413 if (ret_tok_type != NULL) {
414 if ((toksize -= 2) < 0)
415 return GSS_S_DEFECTIVE_TOKEN;
417 *ret_tok_type = load_uint16_be(buf);
422 *body_size = toksize;
425 return GSS_S_COMPLETE;
429 gssEapAllocInnerTokens(OM_uint32 *minor,
431 struct gss_eap_token_buffer_set *tokens)
435 tokens->buffers.count = 0;
436 tokens->buffers.elements = (gss_buffer_desc *)GSSEAP_CALLOC(count, sizeof(gss_buffer_desc));
437 if (tokens->buffers.elements == NULL) {
438 major = GSS_S_FAILURE;
443 tokens->types = (OM_uint32 *)GSSEAP_CALLOC(count, sizeof(OM_uint32));
444 if (tokens->types == NULL) {
445 major = GSS_S_FAILURE;
450 major = GSS_S_COMPLETE;
454 if (GSS_ERROR(major)) {
455 if (tokens->buffers.elements != NULL) {
456 GSSEAP_FREE(tokens->buffers.elements);
457 tokens->buffers.elements = NULL;
459 if (tokens->types != NULL) {
460 GSSEAP_FREE(tokens->types);
461 tokens->types = NULL;
469 gssEapReleaseInnerTokens(OM_uint32 *minor,
470 struct gss_eap_token_buffer_set *tokens,
476 if (tokens->buffers.elements != NULL) {
478 for (i = 0; i < tokens->buffers.count; i++)
479 gss_release_buffer(&tmpMinor, &tokens->buffers.elements[i]);
481 GSSEAP_FREE(tokens->buffers.elements);
482 tokens->buffers.elements = NULL;
484 tokens->buffers.count = 0;
486 if (tokens->types != NULL) {
487 GSSEAP_FREE(tokens->types);
488 tokens->types = NULL;
492 return GSS_S_COMPLETE;