lib/libgssapi/gss_encapsulate_token.c

   1 /*-
   2  * Copyright (c) 2008 Doug Rabson
   3  * All rights reserved.
   4  *
   5  * Redistribution and use in source and binary forms, with or without
   6  * modification, are permitted provided that the following conditions
   7  * are met:
   8  * 1. Redistributions of source code must retain the above copyright
   9  *    notice, this list of conditions and the following disclaimer.
  10  * 2. Redistributions in binary form must reproduce the above copyright
  11  *    notice, this list of conditions and the following disclaimer in the
  12  *    documentation and/or other materials provided with the distribution.
  13  *
  14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
  15  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  16  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  17  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  18  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  19  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  20  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  21  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  22  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  23  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  24  * SUCH DAMAGE.
  25  *
  26  * $FreeBSD$
  27  */
  28
  29 #include <gssapi/gssapi.h>
  30 #include <stdlib.h>
  31 #include <string.h>
  32
  33 #include "utils.h"
  34
  35 OM_uint32
  36 gss_encapsulate_token(const gss_buffer_t input_token, gss_OID oid,
  37     gss_buffer_t output_token)
  38 {
  39         unsigned char *p;
  40         size_t len, inside_len;
  41         size_t a, b;
  42         int i;
  43
  44         _gss_buffer_zero(output_token);
  45
  46         /*
  47          * First time around, we calculate the size, second time, we
  48          * encode the token.
  49          */
  50         p = 0;
  51         for (i = 0; i < 2; i++) {
  52                 len = 0;
  53
  54                 /*
  55                  * Token starts with [APPLICATION 0] SEQUENCE.
  56                  */
  57                 if (p)
  58                         *p++ = 0x60;
  59                 len++;
  60
  61                 /*
  62                  * The length embedded in the token is the space
  63                  * needed for the encapsulated oid plus the length of
  64                  * the inner token.
  65                  */
  66                 if (oid->length > 127)
  67                         return (GSS_S_DEFECTIVE_TOKEN);
  68
  69                 inside_len = 2 + oid->length + input_token->length;
  70
  71                 /*
  72                  * Figure out how to encode the length
  73                  */
  74                 if (inside_len < 128) {
  75                         if (p)
  76                                 *p++ = inside_len;
  77                         len++;
  78                 } else {
  79                         b = 1;
  80                         if (inside_len >= 0x100)
  81                                 b++;
  82                         if (inside_len >= 0x10000)
  83                                 b++;
  84                         if (inside_len >= 0x1000000)
  85                                 b++;
  86                         if (p)
  87                                 *p++ = b | 0x80;
  88                         len++;
  89                         a = inside_len << 8*(4 - b);
  90                         while (b) {
  91                                 if (p)
  92                                         *p++ = (a >> 24);
  93                                 a <<= 8;
  94                                 len++;
  95                                 b--;
  96                         }
  97                 }
  98
  99                 /*
 100                  * Encode the OID for the mechanism. Simplify life by
 101                  * assuming that the OID length is less than 128 bytes.
 102                  */
 103                 if (p)
 104                         *p++ = 0x06;
 105                 len++;
 106                 if (p)
 107                         *p++ = oid->length;
 108                 len++;
 109                 if (p) {
 110                         memcpy(p, oid->elements, oid->length);
 111                         p += oid->length;
 112                 }
 113                 len += oid->length;
 114
 115                 if (p) {
 116                         memcpy(p, input_token->value, input_token->length);
 117                         p += input_token->length;
 118                 }
 119                 len += input_token->length;
 120
 121                 if (i == 0) {
 122                         output_token->length = len;
 123                         output_token->value = malloc(len);
 124                         if (!output_token->value)
 125                                 return (GSS_S_DEFECTIVE_TOKEN);
 126                         p = output_token->value;
 127                 }
 128         }
 129
 130         return (GSS_S_COMPLETE);
 131 }