1 /* $OpenBSD: sshbuf.h,v 1.27 2022/05/25 06:03:44 djm Exp $ */ 2 /* 3 * Copyright (c) 2011 Damien Miller 4 * 5 * Permission to use, copy, modify, and distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 */ 17 18 #ifndef _SSHBUF_H 19 #define _SSHBUF_H 20 21 #include <sys/types.h> 22 #include <stdarg.h> 23 #include <stdio.h> 24 #ifdef WITH_OPENSSL 25 # include <openssl/bn.h> 26 # ifdef OPENSSL_HAS_ECC 27 # include <openssl/ec.h> 28 # endif /* OPENSSL_HAS_ECC */ 29 #endif /* WITH_OPENSSL */ 30 31 #define SSHBUF_SIZE_MAX 0x8000000 /* Hard maximum size */ 32 #define SSHBUF_REFS_MAX 0x100000 /* Max child buffers */ 33 #define SSHBUF_MAX_BIGNUM (16384 / 8) /* Max bignum *bytes* */ 34 #define SSHBUF_MAX_ECPOINT ((528 * 2 / 8) + 1) /* Max EC point *bytes* */ 35 36 /* 37 * NB. do not depend on the internals of this. It will be made opaque 38 * one day. 39 */ 40 struct sshbuf { 41 u_char *d; /* Data */ 42 const u_char *cd; /* Const data */ 43 size_t off; /* First available byte is buf->d + buf->off */ 44 size_t size; /* Last byte is buf->d + buf->size - 1 */ 45 size_t max_size; /* Maximum size of buffer */ 46 size_t alloc; /* Total bytes allocated to buf->d */ 47 int readonly; /* Refers to external, const data */ 48 int dont_free; /* Kludge to support sshbuf_init */ 49 u_int refcount; /* Tracks self and number of child buffers */ 50 struct sshbuf *parent; /* If child, pointer to parent */ 51 }; 52 53 /* 54 * Create a new sshbuf buffer. 55 * Returns pointer to buffer on success, or NULL on allocation failure. 56 */ 57 struct sshbuf *sshbuf_new(void); 58 59 /* 60 * Create a new, read-only sshbuf buffer from existing data. 61 * Returns pointer to buffer on success, or NULL on allocation failure. 62 */ 63 struct sshbuf *sshbuf_from(const void *blob, size_t len); 64 65 /* 66 * Create a new, read-only sshbuf buffer from the contents of an existing 67 * buffer. The contents of "buf" must not change in the lifetime of the 68 * resultant buffer. 69 * Returns pointer to buffer on success, or NULL on allocation failure. 70 */ 71 struct sshbuf *sshbuf_fromb(struct sshbuf *buf); 72 73 /* 74 * Create a new, read-only sshbuf buffer from the contents of a string in 75 * an existing buffer (the string is consumed in the process). 76 * The contents of "buf" must not change in the lifetime of the resultant 77 * buffer. 78 * Returns pointer to buffer on success, or NULL on allocation failure. 79 */ 80 int sshbuf_froms(struct sshbuf *buf, struct sshbuf **bufp); 81 82 /* 83 * Clear and free buf 84 */ 85 void sshbuf_free(struct sshbuf *buf); 86 87 /* 88 * Reset buf, clearing its contents. NB. max_size is preserved. 89 */ 90 void sshbuf_reset(struct sshbuf *buf); 91 92 /* 93 * Return the maximum size of buf 94 */ 95 size_t sshbuf_max_size(const struct sshbuf *buf); 96 97 /* 98 * Set the maximum size of buf 99 * Returns 0 on success, or a negative SSH_ERR_* error code on failure. 100 */ 101 int sshbuf_set_max_size(struct sshbuf *buf, size_t max_size); 102 103 /* 104 * Returns the length of data in buf 105 */ 106 size_t sshbuf_len(const struct sshbuf *buf); 107 108 /* 109 * Returns number of bytes left in buffer before hitting max_size. 110 */ 111 size_t sshbuf_avail(const struct sshbuf *buf); 112 113 /* 114 * Returns a read-only pointer to the start of the data in buf 115 */ 116 const u_char *sshbuf_ptr(const struct sshbuf *buf); 117 118 /* 119 * Returns a mutable pointer to the start of the data in buf, or 120 * NULL if the buffer is read-only. 121 */ 122 u_char *sshbuf_mutable_ptr(const struct sshbuf *buf); 123 124 /* 125 * Check whether a reservation of size len will succeed in buf 126 * Safer to use than direct comparisons again sshbuf_avail as it copes 127 * with unsigned overflows correctly. 128 * Returns 0 on success, or a negative SSH_ERR_* error code on failure. 129 */ 130 int sshbuf_check_reserve(const struct sshbuf *buf, size_t len); 131 132 /* 133 * Preallocates len additional bytes in buf. 134 * Useful for cases where the caller knows how many bytes will ultimately be 135 * required to avoid realloc in the buffer code. 136 * Returns 0 on success, or a negative SSH_ERR_* error code on failure. 137 */ 138 int sshbuf_allocate(struct sshbuf *buf, size_t len); 139 140 /* 141 * Reserve len bytes in buf. 142 * Returns 0 on success and a pointer to the first reserved byte via the 143 * optional dpp parameter or a negative SSH_ERR_* error code on failure. 144 */ 145 int sshbuf_reserve(struct sshbuf *buf, size_t len, u_char **dpp); 146 147 /* 148 * Consume len bytes from the start of buf 149 * Returns 0 on success, or a negative SSH_ERR_* error code on failure. 150 */ 151 int sshbuf_consume(struct sshbuf *buf, size_t len); 152 153 /* 154 * Consume len bytes from the end of buf 155 * Returns 0 on success, or a negative SSH_ERR_* error code on failure. 156 */ 157 int sshbuf_consume_end(struct sshbuf *buf, size_t len); 158 159 /* Extract or deposit some bytes */ 160 int sshbuf_get(struct sshbuf *buf, void *v, size_t len); 161 int sshbuf_put(struct sshbuf *buf, const void *v, size_t len); 162 int sshbuf_putb(struct sshbuf *buf, const struct sshbuf *v); 163 164 /* Append using a printf(3) format */ 165 int sshbuf_putf(struct sshbuf *buf, const char *fmt, ...) 166 __attribute__((format(printf, 2, 3))); 167 int sshbuf_putfv(struct sshbuf *buf, const char *fmt, va_list ap); 168 169 /* Functions to extract or store big-endian words of various sizes */ 170 int sshbuf_get_u64(struct sshbuf *buf, u_int64_t *valp); 171 int sshbuf_get_u32(struct sshbuf *buf, u_int32_t *valp); 172 int sshbuf_get_u16(struct sshbuf *buf, u_int16_t *valp); 173 int sshbuf_get_u8(struct sshbuf *buf, u_char *valp); 174 int sshbuf_put_u64(struct sshbuf *buf, u_int64_t val); 175 int sshbuf_put_u32(struct sshbuf *buf, u_int32_t val); 176 int sshbuf_put_u16(struct sshbuf *buf, u_int16_t val); 177 int sshbuf_put_u8(struct sshbuf *buf, u_char val); 178 179 /* Functions to peek at the contents of a buffer without modifying it. */ 180 int sshbuf_peek_u64(const struct sshbuf *buf, size_t offset, 181 u_int64_t *valp); 182 int sshbuf_peek_u32(const struct sshbuf *buf, size_t offset, 183 u_int32_t *valp); 184 int sshbuf_peek_u16(const struct sshbuf *buf, size_t offset, 185 u_int16_t *valp); 186 int sshbuf_peek_u8(const struct sshbuf *buf, size_t offset, 187 u_char *valp); 188 189 /* 190 * Functions to poke values into an existing buffer (e.g. a length header 191 * to a packet). The destination bytes must already exist in the buffer. 192 */ 193 int sshbuf_poke_u64(struct sshbuf *buf, size_t offset, u_int64_t val); 194 int sshbuf_poke_u32(struct sshbuf *buf, size_t offset, u_int32_t val); 195 int sshbuf_poke_u16(struct sshbuf *buf, size_t offset, u_int16_t val); 196 int sshbuf_poke_u8(struct sshbuf *buf, size_t offset, u_char val); 197 int sshbuf_poke(struct sshbuf *buf, size_t offset, void *v, size_t len); 198 199 /* 200 * Functions to extract or store SSH wire encoded strings (u32 len || data) 201 * The "cstring" variants admit no \0 characters in the string contents. 202 * Caller must free *valp. 203 */ 204 int sshbuf_get_string(struct sshbuf *buf, u_char **valp, size_t *lenp); 205 int sshbuf_get_cstring(struct sshbuf *buf, char **valp, size_t *lenp); 206 int sshbuf_get_stringb(struct sshbuf *buf, struct sshbuf *v); 207 int sshbuf_put_string(struct sshbuf *buf, const void *v, size_t len); 208 int sshbuf_put_cstring(struct sshbuf *buf, const char *v); 209 int sshbuf_put_stringb(struct sshbuf *buf, const struct sshbuf *v); 210 211 /* 212 * "Direct" variant of sshbuf_get_string, returns pointer into the sshbuf to 213 * avoid an malloc+memcpy. The pointer is guaranteed to be valid until the 214 * next sshbuf-modifying function call. Caller does not free. 215 */ 216 int sshbuf_get_string_direct(struct sshbuf *buf, const u_char **valp, 217 size_t *lenp); 218 219 /* Skip past a string */ 220 #define sshbuf_skip_string(buf) sshbuf_get_string_direct(buf, NULL, NULL) 221 222 /* Another variant: "peeks" into the buffer without modifying it */ 223 int sshbuf_peek_string_direct(const struct sshbuf *buf, const u_char **valp, 224 size_t *lenp); 225 226 /* 227 * Functions to extract or store SSH wire encoded bignums and elliptic 228 * curve points. 229 */ 230 int sshbuf_put_bignum2_bytes(struct sshbuf *buf, const void *v, size_t len); 231 int sshbuf_get_bignum2_bytes_direct(struct sshbuf *buf, 232 const u_char **valp, size_t *lenp); 233 #ifdef WITH_OPENSSL 234 int sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM **valp); 235 int sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v); 236 # ifdef OPENSSL_HAS_ECC 237 int sshbuf_get_ec(struct sshbuf *buf, EC_POINT *v, const EC_GROUP *g); 238 int sshbuf_get_eckey(struct sshbuf *buf, EC_KEY *v); 239 int sshbuf_put_ec(struct sshbuf *buf, const EC_POINT *v, const EC_GROUP *g); 240 int sshbuf_put_eckey(struct sshbuf *buf, const EC_KEY *v); 241 # endif /* OPENSSL_HAS_ECC */ 242 #endif /* WITH_OPENSSL */ 243 244 /* Dump the contents of the buffer in a human-readable format */ 245 void sshbuf_dump(const struct sshbuf *buf, FILE *f); 246 247 /* Dump specified memory in a human-readable format */ 248 void sshbuf_dump_data(const void *s, size_t len, FILE *f); 249 250 /* Return the hexadecimal representation of the contents of the buffer */ 251 char *sshbuf_dtob16(struct sshbuf *buf); 252 253 /* Encode the contents of the buffer as base64 */ 254 char *sshbuf_dtob64_string(const struct sshbuf *buf, int wrap); 255 int sshbuf_dtob64(const struct sshbuf *d, struct sshbuf *b64, int wrap); 256 /* RFC4648 "base64url" encoding variant */ 257 int sshbuf_dtourlb64(const struct sshbuf *d, struct sshbuf *b64, int wrap); 258 259 /* Decode base64 data and append it to the buffer */ 260 int sshbuf_b64tod(struct sshbuf *buf, const char *b64); 261 262 /* 263 * Tests whether the buffer contains the specified byte sequence at the 264 * specified offset. Returns 0 on successful match, or a ssherr.h code 265 * otherwise. SSH_ERR_INVALID_FORMAT indicates sufficient bytes were 266 * present but the buffer contents did not match those supplied. Zero- 267 * length comparisons are not allowed. 268 * 269 * If sufficient data is present to make a comparison, then it is 270 * performed with timing independent of the value of the data. If 271 * insufficient data is present then the comparison is not attempted at 272 * all. 273 */ 274 int sshbuf_cmp(const struct sshbuf *b, size_t offset, 275 const void *s, size_t len); 276 277 /* 278 * Searches the buffer for the specified string. Returns 0 on success 279 * and updates *offsetp with the offset of the first match, relative to 280 * the start of the buffer. Otherwise sshbuf_find will return a ssherr.h 281 * error code. SSH_ERR_INVALID_FORMAT indicates sufficient bytes were 282 * present in the buffer for a match to be possible but none was found. 283 * Searches for zero-length data are not allowed. 284 */ 285 int 286 sshbuf_find(const struct sshbuf *b, size_t start_offset, 287 const void *s, size_t len, size_t *offsetp); 288 289 /* 290 * Duplicate the contents of a buffer to a string (caller to free). 291 * Returns NULL on buffer error, or if the buffer contains a premature 292 * nul character. 293 */ 294 char *sshbuf_dup_string(struct sshbuf *buf); 295 296 /* 297 * Fill a buffer from a file descriptor or filename. Both allocate the 298 * buffer for the caller. 299 */ 300 int sshbuf_load_fd(int, struct sshbuf **) 301 __attribute__((__nonnull__ (2))); 302 int sshbuf_load_file(const char *, struct sshbuf **) 303 __attribute__((__nonnull__ (2))); 304 305 /* 306 * Write a buffer to a path, creating/truncating as needed (mode 0644, 307 * subject to umask). The buffer contents are not modified. 308 */ 309 int sshbuf_write_file(const char *path, struct sshbuf *buf) 310 __attribute__((__nonnull__ (2))); 311 312 /* Read up to maxlen bytes from a fd directly to a buffer */ 313 int sshbuf_read(int, struct sshbuf *, size_t, size_t *) 314 __attribute__((__nonnull__ (2))); 315 316 /* Macros for decoding/encoding integers */ 317 #define PEEK_U64(p) \ 318 (((u_int64_t)(((const u_char *)(p))[0]) << 56) | \ 319 ((u_int64_t)(((const u_char *)(p))[1]) << 48) | \ 320 ((u_int64_t)(((const u_char *)(p))[2]) << 40) | \ 321 ((u_int64_t)(((const u_char *)(p))[3]) << 32) | \ 322 ((u_int64_t)(((const u_char *)(p))[4]) << 24) | \ 323 ((u_int64_t)(((const u_char *)(p))[5]) << 16) | \ 324 ((u_int64_t)(((const u_char *)(p))[6]) << 8) | \ 325 (u_int64_t)(((const u_char *)(p))[7])) 326 #define PEEK_U32(p) \ 327 (((u_int32_t)(((const u_char *)(p))[0]) << 24) | \ 328 ((u_int32_t)(((const u_char *)(p))[1]) << 16) | \ 329 ((u_int32_t)(((const u_char *)(p))[2]) << 8) | \ 330 (u_int32_t)(((const u_char *)(p))[3])) 331 #define PEEK_U16(p) \ 332 (((u_int16_t)(((const u_char *)(p))[0]) << 8) | \ 333 (u_int16_t)(((const u_char *)(p))[1])) 334 335 #define POKE_U64(p, v) \ 336 do { \ 337 const u_int64_t __v = (v); \ 338 ((u_char *)(p))[0] = (__v >> 56) & 0xff; \ 339 ((u_char *)(p))[1] = (__v >> 48) & 0xff; \ 340 ((u_char *)(p))[2] = (__v >> 40) & 0xff; \ 341 ((u_char *)(p))[3] = (__v >> 32) & 0xff; \ 342 ((u_char *)(p))[4] = (__v >> 24) & 0xff; \ 343 ((u_char *)(p))[5] = (__v >> 16) & 0xff; \ 344 ((u_char *)(p))[6] = (__v >> 8) & 0xff; \ 345 ((u_char *)(p))[7] = __v & 0xff; \ 346 } while (0) 347 #define POKE_U32(p, v) \ 348 do { \ 349 const u_int32_t __v = (v); \ 350 ((u_char *)(p))[0] = (__v >> 24) & 0xff; \ 351 ((u_char *)(p))[1] = (__v >> 16) & 0xff; \ 352 ((u_char *)(p))[2] = (__v >> 8) & 0xff; \ 353 ((u_char *)(p))[3] = __v & 0xff; \ 354 } while (0) 355 #define POKE_U16(p, v) \ 356 do { \ 357 const u_int16_t __v = (v); \ 358 ((u_char *)(p))[0] = (__v >> 8) & 0xff; \ 359 ((u_char *)(p))[1] = __v & 0xff; \ 360 } while (0) 361 362 /* Internal definitions follow. Exposed for regress tests */ 363 #ifdef SSHBUF_INTERNAL 364 365 /* 366 * Return the allocation size of buf 367 */ 368 size_t sshbuf_alloc(const struct sshbuf *buf); 369 370 /* 371 * Increment the reference count of buf. 372 */ 373 int sshbuf_set_parent(struct sshbuf *child, struct sshbuf *parent); 374 375 /* 376 * Return the parent buffer of buf, or NULL if it has no parent. 377 */ 378 const struct sshbuf *sshbuf_parent(const struct sshbuf *buf); 379 380 /* 381 * Return the reference count of buf 382 */ 383 u_int sshbuf_refcount(const struct sshbuf *buf); 384 385 # define SSHBUF_SIZE_INIT 256 /* Initial allocation */ 386 # define SSHBUF_SIZE_INC 256 /* Preferred increment length */ 387 # define SSHBUF_PACK_MIN 8192 /* Minimum packable offset */ 388 389 /* # define SSHBUF_ABORT abort */ 390 /* # define SSHBUF_DEBUG */ 391 392 # ifndef SSHBUF_ABORT 393 # define SSHBUF_ABORT() 394 # endif 395 396 # ifdef SSHBUF_DEBUG 397 # define SSHBUF_TELL(what) do { \ 398 printf("%s:%d %s: %s size %zu alloc %zu off %zu max %zu\n", \ 399 __FILE__, __LINE__, __func__, what, \ 400 buf->size, buf->alloc, buf->off, buf->max_size); \ 401 fflush(stdout); \ 402 } while (0) 403 # define SSHBUF_DBG(x) do { \ 404 printf("%s:%d %s: ", __FILE__, __LINE__, __func__); \ 405 printf x; \ 406 printf("\n"); \ 407 fflush(stdout); \ 408 } while (0) 409 # else 410 # define SSHBUF_TELL(what) 411 # define SSHBUF_DBG(x) 412 # endif 413 #endif /* SSHBUF_INTERNAL */ 414 415 #endif /* _SSHBUF_H */ 416