/*
// Copyright (C) 2002 Microsoft Corporation
// All rights reserved.
//
// THIS CODE AND INFORMATION IS PROVIDED "AS IS"
// WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
// OR IMPLIED, INCLUDING BUT NOT LIMITED
// TO THE IMPLIED WARRANTIES OF MERCHANTIBILITY
// AND/OR FITNESS FOR A PARTICULAR PURPOSE.
//
// Date    - 10/08/2002
// Author  - Sanj Surati


/////////////////////////////////////////////////////////////
//
// DERPARSE.C
//
// SPNEGO Token Handler Source File
//
// Contains implementation of ASN.1 DER read/write functions
// as defined in DERPARSE.H.
//
/////////////////////////////////////////////////////////////

*/

#pragma ident	"%Z%%M%	%I%	%E% SMI"

#include <stdlib.h>
#include <stdio.h>
#include <memory.h>
#include <sys/byteorder.h>
#include "spnego.h"
#include "derparse.h"

/*
//
// The GSS Mechanism OID enumeration values (SPNEGO_MECH_OID) control which offset in
// the array below, that a mechanism can be found.
//
*/
#pragma error_messages (off,E_INITIALIZATION_TYPE_MISMATCH)
MECH_OID g_stcMechOIDList [] =
{
	{"\x06\x09\x2a\x86\x48\x82\xf7\x12\x01\x02\x02",	11,  9,
	 spnego_mech_oid_Kerberos_V5_Legacy	},	// 1.2.840.48018.1.2.2 
	{"\x06\x09\x2a\x86\x48\x86\xf7\x12\x01\x02\x02",	11,  9,
	 spnego_mech_oid_Kerberos_V5		}, // 1.2.840.113554.1.2.2
	{"\x06\x06\x2b\x06\x01\x05\x05\x02",			 8,  6,
	 spnego_mech_oid_Spnego			}, // 1.3.6.1.5.5.2
	{"\x06\x0a\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a",	12, 10,
	 spnego_mech_oid_NTLMSSP		}, // 1.3.6.1.4.1.311.2.2.10
	{"", 0,  0, spnego_mech_oid_NotUsed	}  // Placeholder
};
#pragma error_messages (default,E_INITIALIZATION_TYPE_MISMATCH)

/*
/////////////////////////////////////////////////////////////////////////////
//
// Function:
//    ASNDerGetLength
//
// Parameters:
//    [in]  pbLengthData      -  DER Length Data
//    [in]  nBoundaryLength   -  Length that value must not exceed.
//    [out] pnLength          -  Filled out with length value
//    [out] pnNumLengthBytes  -  Filled out with number of bytes
//                               consumed by DER length.
//
// Returns:
//    int   Success - SPNEGO_E_SUCCESS
//          Failure - SPNEGO API Error code
//
// Comments :
//    Interprets the data at pbLengthData as a DER length.  The length must
//    fit within the bounds of nBoundary length.  We do not currently
//    process lengths that take more than 4 bytes.
//
////////////////////////////////////////////////////////////////////////////
*/

int ASNDerGetLength( unsigned char* pbLengthData, long nBoundaryLength, long* pnLength,
                     long* pnNumLengthBytes )
{
   int   nReturn = SPNEGO_E_INVALID_LENGTH;
   int   nNumLengthBytes = 0;

   // First check if the extended length bit is set

   if ( *pbLengthData & LEN_XTND )
   {
      // Lower 7 bits contain the number of trailing bytes that describe the length
      nNumLengthBytes = *pbLengthData & LEN_MASK;

      // Check that the number of bytes we are about to read is within our boundary
      // constraints

      if ( nNumLengthBytes <= nBoundaryLength - 1 )
      {

         // For now, our handler won't deal with lengths greater than 4 bytes
         if ( nNumLengthBytes >= 1 && nNumLengthBytes <= 4 )
         {
            // 0 out the initial length
            *pnLength = 0L;

            // Bump by 1 byte
            pbLengthData++;

   #ifdef _LITTLE_ENDIAN

            // There may be a cleaner way to do this, but for now, this seems to be
            // an easy way to do the transformation
            switch ( nNumLengthBytes )
            {
               case 1:
               {
                  *( ( (unsigned char*) pnLength ) ) = *pbLengthData;
                  break;
               }

               case 2:
               {
                  *( ( (unsigned char*) pnLength ) ) = *(pbLengthData + 1);
                  *( ( (unsigned char*) pnLength ) + 1 ) = *(pbLengthData);

                  break;
               }

               case 3:
               {
                  *( ( (unsigned char*) pnLength ) ) = *(pbLengthData + 2);
                  *( ( (unsigned char*) pnLength ) + 2 ) = *(pbLengthData + 1);
                  *( ( (unsigned char*) pnLength ) + 3 ) = *(pbLengthData);
                  break;
               }

               case 4:
               {
                  *( ( (unsigned char*) pnLength ) ) = *(pbLengthData + 3);
                  *( ( (unsigned char*) pnLength ) + 1 ) = *(pbLengthData + 2);
                  *( ( (unsigned char*) pnLength ) + 2 ) = *(pbLengthData + 1);
                  *( ( (unsigned char*) pnLength ) + 3 ) = *(pbLengthData);
                  break;
               }

            }  // SWITCH ( nNumLengthBytes )

   #else
            // We are Big-Endian, so the length can be copied in from the source
            // as is.  Ensure that we adjust for the number of bytes we actually
            // copy.

            memcpy( ( (unsigned char *) pnLength ) + ( 4 - nNumLengthBytes ),
                     pbLengthData, nNumLengthBytes );
   #endif

            // Account for the initial length byte
            *pnNumLengthBytes = nNumLengthBytes + 1;
            nReturn = SPNEGO_E_SUCCESS;

         }  // IF Valid Length

      }  // IF num bytes to read is within the boundary length

   }  // IF xtended length
   else
   {

      // Extended bit is not set, so the length is in the value and the one
      // byte describes the length
      *pnLength = *pbLengthData & LEN_MASK;
      *pnNumLengthBytes = 1;
      nReturn = SPNEGO_E_SUCCESS;

   }

   return nReturn;
}


/*
/////////////////////////////////////////////////////////////////////////////
//
// Function:
//    ASNDerCheckToken
//
// Parameters:
//    [in]  pbTokenData       -  Token Data
//    [in]  nToken            -  Token identifier to check for
//    [in]  nLengthWithToken  -  Expected token length (with data)
//    [in]  nBoundaryLength   -  Length that value must not exceed.
//    [out] pnLength          -  Filled out with data length
//    [out] pnTokenLength     -  Filled out with number of bytes 
//                               consumed by token identifier and length.
//
// Returns:
//    int   Success - SPNEGO_E_SUCCESS
//          Failure - SPNEGO API Error code
//
// Comments :
//    Checks the data pointed to by pbTokenData for the specified token
//    identifier and the length that immediately follows.  If
//    nLengthWithToken is > 0, the calculated length must match.  The
//    length must also not exceed the specified boundary length .
//
////////////////////////////////////////////////////////////////////////////
*/

int ASNDerCheckToken( unsigned char* pbTokenData, unsigned char nToken,
                        long nLengthWithToken, long nBoundaryLength,
                        long* pnLength, long* pnTokenLength )
{

   int   nReturn = SPNEGO_E_INVALID_LENGTH;
   long  nNumLengthBytes = 0L;

   // Make sure that we've at least got 2 bytes of room to work with

   if ( nBoundaryLength >= 2 )
   {
      // The first byte of the token data MUST match the specified token
      if ( *pbTokenData == nToken )
      {
         // Next byte indicates the length
         pbTokenData++;

         // Get the length described by the token
         if ( ( nReturn = ASNDerGetLength( pbTokenData, nBoundaryLength, pnLength,
                                             &nNumLengthBytes )  ) == SPNEGO_E_SUCCESS )
         {
            // Verify that the length is LESS THAN the boundary length
            // (this should prevent us walking out of our buffer)
            if ( ( nBoundaryLength - ( nNumLengthBytes + 1 ) < *pnLength ) )
            {

               nReturn = SPNEGO_E_INVALID_LENGTH;

            }

            // If we were passed a length to check, do so now
            if ( nLengthWithToken > 0L )
            {

               // Check that the expected length matches
               if ( ( nLengthWithToken - ( nNumLengthBytes + 1 ) ) != *pnLength )
               {

                  nReturn = SPNEGO_E_INVALID_LENGTH;

               }

            }  // IF need to validate length

            if ( SPNEGO_E_SUCCESS == nReturn )
            {
               *pnTokenLength = nNumLengthBytes + 1;
            }

         }  // IF ASNDerGetLength

      }  // IF token matches
      else
      {
         nReturn = SPNEGO_E_TOKEN_NOT_FOUND;
      }

   }  // IF Boundary Length is at least 2 bytes 

   return nReturn;
}

/*
/////////////////////////////////////////////////////////////////////////////
//
// Function:
//    ASNDerCheckOID
//
// Parameters:
//    [in]  pbTokenData       -  Token Data
//    [in]  nMechOID          -  OID we are looking for
//    [in]  nBoundaryLength   -  Length that value must not exceed.
//    [out] pnTokenLength     -  Filled out with number of bytes
//                               consumed by token and data.
//
// Returns:
//    int   Success - SPNEGO_E_SUCCESS
//          Failure - SPNEGO API Error code
//
// Comments :
//    Checks the data pointed to by pbTokenData for the specified OID.
//
////////////////////////////////////////////////////////////////////////////
*/

int ASNDerCheckOID( unsigned char* pbTokenData, SPNEGO_MECH_OID nMechOID, long nBoundaryLength,
                     long* pnTokenLength )
{
   int   nReturn = 0L;
   long  nLength = 0L;

   // Verify that we have an OID token
   if ( ( nReturn = ASNDerCheckToken( pbTokenData, OID, 0L, nBoundaryLength, 
                                       &nLength, pnTokenLength ) ) == SPNEGO_E_SUCCESS )
   {
      // Add the data length to the Token Length
      *pnTokenLength += nLength;

      // Token Lengths plus the actual length must match the length in our OID list element.
      // If it doesn't, we're done
      if ( *pnTokenLength == g_stcMechOIDList[nMechOID].iLen )
      {
         // Memcompare the token and the expected field
         if ( memcmp( pbTokenData, g_stcMechOIDList[nMechOID].ucOid, *pnTokenLength ) != 0 )
         {
            nReturn = SPNEGO_E_UNEXPECTED_OID;
         }
      }
      else
      {
         nReturn = SPNEGO_E_UNEXPECTED_OID;
      }

   }  // IF OID Token CHecks

   return nReturn;
}

/*
/////////////////////////////////////////////////////////////////////////////
//
// Function:
//    ASNDerCalcNumLengthBytes
//
// Parameters:
//    [in]  nLength           -  Length to calculate length bytes for.
//
// Returns:
//    int   Number of bytes necessary to represent length
//
// Comments :
//    Helper function to calculate the number of length bytes necessary to
//    represent a length value.  For our purposes, a 32-bit value should be
//    enough to describea length.
//
////////////////////////////////////////////////////////////////////////////
*/

int ASNDerCalcNumLengthBytes( long nLength )
{
      if ( nLength <= 0x7F )
      {
         // A single byte will be sufficient for describing this length.
         // The byte will simply contain the length
         return 1;
      }
      else if ( nLength <= 0xFF )
      {
         // Two bytes are necessary, one to say how many following bytes
         // describe the length, and one to give the length
         return 2;
      }
      else if ( nLength <= 0xFFFF )
      {
         // Three bytes are necessary, one to say how many following bytes
         // describe the length, and two to give the length
         return 3;
      }
      else if ( nLength <= 0xFFFFFF )
      {
         // Four bytes are necessary, one to say how many following bytes
         // describe the length, and three to give the length
         return 4;
      }
      else
      {
         // Five bytes are necessary, one to say how many following bytes
         // describe the length, and four to give the length
         return 5;
      }
}


/////////////////////////////////////////////////////////////////////////////
//
// Function:
//    ASNDerCalcTokenLength
//
// Parameters:
//    [in]  nLength           -  Length to calculate length bytes for.
//    [in]  nDataLength       -  Actual Data length value.
//
// Returns:
//    long  Number of bytes necessary to represent a token, length and data
//
// Comments :
//    Helper function to calculate a token and value size, based on a
//    supplied length value, and any binary data that will need to be
//    written out.
//
////////////////////////////////////////////////////////////////////////////

long ASNDerCalcTokenLength( long nLength, long nDataLength )
{
   // Add a byte to the length size to account for a single byte to
   // hold the token type.
   long  nTotalLength = ASNDerCalcNumLengthBytes( nLength ) + 1;

   return nTotalLength + nDataLength;
}


/////////////////////////////////////////////////////////////////////////////
//
// Function:
//    ASNDerCalcElementLength
//
// Parameters:
//    [in]  nDataLength       -  Length of data.
//    [out] pnInternalLength  -  Filled out with length of element
//                               without sequence info.
//
// Returns:
//    long  Number of bytes necessary to represent an element
//
// Comments :
//    Helper function to calculate an element length.  An element consists
//    of a sequence token, a type token and then the data.
//
////////////////////////////////////////////////////////////////////////////

long ASNDerCalcElementLength( long nDataLength, long* pnInternalLength )
{
   // First the type token and the actual data
   long  nTotalLength = ASNDerCalcTokenLength( nDataLength, nDataLength );

   // Internal length is the length without the element sequence token
   if ( NULL != pnInternalLength )
   {
      *pnInternalLength = nTotalLength;
   }

   // Next add in the element's sequence token (remember that its
   // length is the total length of the type token and data)
   nTotalLength += ASNDerCalcTokenLength( nTotalLength, 0L );

   return nTotalLength;
}

/////////////////////////////////////////////////////////////////////////////
//
// Function:
//    ASNDerCalcMechListLength
//
// Parameters:
//    [in]  mechoid           -  Mech OID to put in list.
//    [out] pnInternalLength  -  Filled out with length of element
//                               without the primary sequence token.
//
// Returns:
//    long  Number of bytes necessary to represent a mechList
//
// Comments :
//    Helper function to calculate a MechList length.  A mechlist consists
//    of a NegTokenInit sequence token, a sequence token for the MechList
//    and finally a list of OIDs.  In our case, we only really have one
//    OID.
//
////////////////////////////////////////////////////////////////////////////

long ASNDerCalcMechListLength( SPNEGO_MECH_OID mechoid, long* pnInternalLength )
{
   // First the OID
   long  nTotalLength = g_stcMechOIDList[mechoid].iLen;

   // Next add in a sequence token
   nTotalLength += ASNDerCalcTokenLength( nTotalLength, 0L );

   // Internal length is the length without the element sequence token
   if ( NULL != pnInternalLength )
   {
      *pnInternalLength = nTotalLength;
   }

   // Finally add in the element's sequence token
   nTotalLength += ASNDerCalcTokenLength( nTotalLength, 0L );

   return nTotalLength;
}


/////////////////////////////////////////////////////////////////////////////
//
// Function:
//    ASNDerWriteLength
//
// Parameters:
//    [out] pbData            -  Buffer to write into.
//    [in]  nLength           -  Length to write out.
//
// Returns:
//    int   Number of bytes written out
//
// Comments :
//    Helper function to write out a length value following DER rules .
//
////////////////////////////////////////////////////////////////////////////

int ASNDerWriteLength( unsigned char* pbData, long nLength )
{
   int   nNumBytesRequired = ASNDerCalcNumLengthBytes( nLength );
   int   nNumLengthBytes = nNumBytesRequired - 1;


   if ( nNumBytesRequired > 1 )
   {

      // Write out the number of bytes following which will be used
      *pbData = (unsigned char ) ( LEN_XTND | nNumLengthBytes );

      // Point to where we'll actually write the length
      pbData++;

#ifdef  _LITTLE_ENDIAN

      // There may be a cleaner way to do this, but for now, this seems to be
      // an easy way to do the transformation
      switch ( nNumLengthBytes )
      {
         case 1:
         {
            // Cast the length to a single byte, since we know that it
            // is 0x7F or less (or we wouldn't only need a single byte).
      
            *pbData = (unsigned char) nLength;
            break;
         }

         case 2:
         {
            *pbData = *( ( (unsigned char*) &nLength ) + 1 );
            *( pbData + 1) = *( ( (unsigned char*) &nLength ) );
            break;
         }

         case 3:
         {
            *pbData = *( ( (unsigned char*) &nLength ) + 3 );
            *( pbData + 1) = *( ( (unsigned char*) &nLength ) + 2 );
            *( pbData + 2) = *( ( (unsigned char*) &nLength ) );
            break;
         }

         case 4:
         {
            *pbData = *( ( (unsigned char*) &nLength ) + 3 );
            *( pbData + 1) = *( ( (unsigned char*) &nLength ) + 2 );
            *( pbData + 2) = *( ( (unsigned char*) &nLength ) + 1 );
            *( pbData + 3) = *( ( (unsigned char*) &nLength ) );
            break;
         }

      }  // SWITCH ( nNumLengthBytes )

#else
      // We are Big-Endian, so the length can be copied in from the source
      // as is.  Ensure that we adjust for the number of bytes we actually
      // copy.

      memcpy( pbData,
               ( (unsigned char *) &nLength ) + ( 4 - nNumLengthBytes ), nNumLengthBytes );
#endif

   }  // IF > 1 byte for length
   else
   {
      // Cast the length to a single byte, since we know that it
      // is 0x7F or less (or we wouldn't only need a single byte).
      
      *pbData = (unsigned char) nLength;
   }

   return nNumBytesRequired;
}

/////////////////////////////////////////////////////////////////////////////
//
// Function:
//    ASNDerWriteToken
//
// Parameters:
//    [out] pbData            -  Buffer to write into.
//    [in]  ucType            -  Token Type
//    [in]  pbTokenValue      -  Actual Value
//    [in]  nLength           -  Length of Data.
//
// Returns:
//    int   Number of bytes written out
//
// Comments :
//    Helper function to write out a token and any associated data.  If
//    pbTokenValue is non-NULL, then it is written out in addition to the
//    token identifier and the length bytes.
//
////////////////////////////////////////////////////////////////////////////

int ASNDerWriteToken( unsigned char* pbData, unsigned char ucType,
                     unsigned char* pbTokenValue, long nLength )
{
   int   nTotalBytesWrittenOut = 0L;
   int   nNumLengthBytesWritten = 0L;

   // Write out the type
   *pbData = ucType;

   // Wrote 1 byte, and move data pointer
   nTotalBytesWrittenOut++;
   pbData++;

   // Now write out the length and adjust the number of bytes written out
   nNumLengthBytesWritten = ASNDerWriteLength( pbData, nLength );

   nTotalBytesWrittenOut += nNumLengthBytesWritten;
   pbData += nNumLengthBytesWritten;

   // Write out the token value if we got one.  The assumption is that the
   // nLength value indicates how many bytes are in pbTokenValue.

   if ( NULL != pbTokenValue )
   {
      memcpy( pbData, pbTokenValue, nLength );
      nTotalBytesWrittenOut += nLength;
   }

   return nTotalBytesWrittenOut;
}


/////////////////////////////////////////////////////////////////////////////
//
// Function:
//    ASNDerWriteOID
//
// Parameters:
//    [out] pbData            -  Buffer to write into.
//    [in]  eMechOID          -  OID to write out.
//
// Returns:
//    int   Number of bytes written out
//
// Comments :
//    Helper function to write out an OID.  For these we have the raw bytes
//    listed in a global structure.  The caller simply indicates which OID
//    should be written and we will splat out the data.
//
////////////////////////////////////////////////////////////////////////////

int ASNDerWriteOID( unsigned char* pbData, SPNEGO_MECH_OID eMechOID )
{

   memcpy( pbData, g_stcMechOIDList[eMechOID].ucOid, g_stcMechOIDList[eMechOID].iLen );

   return g_stcMechOIDList[eMechOID].iLen;
}


/////////////////////////////////////////////////////////////////////////////
//
// Function:
//    ASNDerWriteMechList
//
// Parameters:
//    [out] pbData            -  Buffer to write into.
//    [in]  eMechOID          -  OID to put in MechList.
//
// Returns:
//    int   Number of bytes written out
//
// Comments :
//    Helper function to write out a MechList.  A MechList consists of the
//    Init Token Sequence, a sequence token and then the list of OIDs.  In
//    our case the OID is from a global array of known OIDs.
//
////////////////////////////////////////////////////////////////////////////

long ASNDerWriteMechList( unsigned char* pbData, SPNEGO_MECH_OID mechoid )
{
   // First get the length
   long  nInternalLength = 0L;
   long  nMechListLength = ASNDerCalcMechListLength( mechoid, &nInternalLength );
   long  nTempLength = 0L;

   nTempLength = ASNDerWriteToken( pbData, SPNEGO_NEGINIT_ELEMENT_MECHTYPES,
                                    NULL, nInternalLength );

   // Adjust the data pointer
   pbData += nTempLength;

   // Now write the Sequence token and the OID (the OID is a BLOB in the global
   // structure.

   nTempLength = ASNDerWriteToken( pbData, SPNEGO_CONSTRUCTED_SEQUENCE,
                                    g_stcMechOIDList[mechoid].ucOid,
                                    g_stcMechOIDList[mechoid].iLen );

   return nMechListLength;
}


/////////////////////////////////////////////////////////////////////////////
//
// Function:
//    ASNDerWriteElement
//
// Parameters:
//    [out] pbData            -  Buffer to write into.
//    [in]  ucElementSequence -  Sequence Token
//    [in]  ucType            -  Token Type
//    [in]  pbTokenValue      -  Actual Value
//    [in]  nLength           -  Length of Data.
//
// Returns:
//    int   Number of bytes written out
//
// Comments :
//    Helper function to write out a SPNEGO Token element.  An element
//    consists of a sequence token, a type token and the associated data.
//
////////////////////////////////////////////////////////////////////////////

int ASNDerWriteElement( unsigned char* pbData, unsigned char ucElementSequence,
                        unsigned char ucType, unsigned char* pbTokenValue, long nLength )
{
   // First get the length
   long  nInternalLength = 0L;
   long  nElementLength = ASNDerCalcElementLength( nLength, &nInternalLength );
   long  nTempLength = 0L;

   // Write out the sequence byte and the length of the type and data
   nTempLength = ASNDerWriteToken( pbData, ucElementSequence, NULL, nInternalLength );

   // Adjust the data pointer
   pbData += nTempLength;

   // Now write the type and the data.
   nTempLength = ASNDerWriteToken( pbData, ucType, pbTokenValue, nLength );

   return nElementLength;
}