1 /* $OpenBSD: sshbuf.h,v 1.28 2022/12/02 04:40:27 djm Exp $ */ 2 /* 3 * Copyright (c) 2011 Damien Miller 4 * 5 * Permission to use, copy, modify, and distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 */ 17 18 #ifndef _SSHBUF_H 19 #define _SSHBUF_H 20 21 #include <sys/types.h> 22 #include <stdarg.h> 23 #include <stdio.h> 24 #ifdef WITH_OPENSSL 25 # include <openssl/bn.h> 26 # ifdef OPENSSL_HAS_ECC 27 # include <openssl/ec.h> 28 # endif /* OPENSSL_HAS_ECC */ 29 #endif /* WITH_OPENSSL */ 30 31 #define SSHBUF_SIZE_MAX 0x8000000 /* Hard maximum size */ 32 #define SSHBUF_REFS_MAX 0x100000 /* Max child buffers */ 33 #define SSHBUF_MAX_BIGNUM (16384 / 8) /* Max bignum *bytes* */ 34 #define SSHBUF_MAX_ECPOINT ((528 * 2 / 8) + 1) /* Max EC point *bytes* */ 35 36 struct sshbuf; 37 38 /* 39 * Create a new sshbuf buffer. 40 * Returns pointer to buffer on success, or NULL on allocation failure. 41 */ 42 struct sshbuf *sshbuf_new(void); 43 44 /* 45 * Create a new, read-only sshbuf buffer from existing data. 46 * Returns pointer to buffer on success, or NULL on allocation failure. 47 */ 48 struct sshbuf *sshbuf_from(const void *blob, size_t len); 49 50 /* 51 * Create a new, read-only sshbuf buffer from the contents of an existing 52 * buffer. The contents of "buf" must not change in the lifetime of the 53 * resultant buffer. 54 * Returns pointer to buffer on success, or NULL on allocation failure. 55 */ 56 struct sshbuf *sshbuf_fromb(struct sshbuf *buf); 57 58 /* 59 * Create a new, read-only sshbuf buffer from the contents of a string in 60 * an existing buffer (the string is consumed in the process). 61 * The contents of "buf" must not change in the lifetime of the resultant 62 * buffer. 63 * Returns pointer to buffer on success, or NULL on allocation failure. 64 */ 65 int sshbuf_froms(struct sshbuf *buf, struct sshbuf **bufp); 66 67 /* 68 * Clear and free buf 69 */ 70 void sshbuf_free(struct sshbuf *buf); 71 72 /* 73 * Reset buf, clearing its contents. NB. max_size is preserved. 74 */ 75 void sshbuf_reset(struct sshbuf *buf); 76 77 /* 78 * Return the maximum size of buf 79 */ 80 size_t sshbuf_max_size(const struct sshbuf *buf); 81 82 /* 83 * Set the maximum size of buf 84 * Returns 0 on success, or a negative SSH_ERR_* error code on failure. 85 */ 86 int sshbuf_set_max_size(struct sshbuf *buf, size_t max_size); 87 88 /* 89 * Returns the length of data in buf 90 */ 91 size_t sshbuf_len(const struct sshbuf *buf); 92 93 /* 94 * Returns number of bytes left in buffer before hitting max_size. 95 */ 96 size_t sshbuf_avail(const struct sshbuf *buf); 97 98 /* 99 * Returns a read-only pointer to the start of the data in buf 100 */ 101 const u_char *sshbuf_ptr(const struct sshbuf *buf); 102 103 /* 104 * Returns a mutable pointer to the start of the data in buf, or 105 * NULL if the buffer is read-only. 106 */ 107 u_char *sshbuf_mutable_ptr(const struct sshbuf *buf); 108 109 /* 110 * Check whether a reservation of size len will succeed in buf 111 * Safer to use than direct comparisons again sshbuf_avail as it copes 112 * with unsigned overflows correctly. 113 * Returns 0 on success, or a negative SSH_ERR_* error code on failure. 114 */ 115 int sshbuf_check_reserve(const struct sshbuf *buf, size_t len); 116 117 /* 118 * Preallocates len additional bytes in buf. 119 * Useful for cases where the caller knows how many bytes will ultimately be 120 * required to avoid realloc in the buffer code. 121 * Returns 0 on success, or a negative SSH_ERR_* error code on failure. 122 */ 123 int sshbuf_allocate(struct sshbuf *buf, size_t len); 124 125 /* 126 * Reserve len bytes in buf. 127 * Returns 0 on success and a pointer to the first reserved byte via the 128 * optional dpp parameter or a negative SSH_ERR_* error code on failure. 129 */ 130 int sshbuf_reserve(struct sshbuf *buf, size_t len, u_char **dpp); 131 132 /* 133 * Consume len bytes from the start of buf 134 * Returns 0 on success, or a negative SSH_ERR_* error code on failure. 135 */ 136 int sshbuf_consume(struct sshbuf *buf, size_t len); 137 138 /* 139 * Consume len bytes from the end of buf 140 * Returns 0 on success, or a negative SSH_ERR_* error code on failure. 141 */ 142 int sshbuf_consume_end(struct sshbuf *buf, size_t len); 143 144 /* Extract or deposit some bytes */ 145 int sshbuf_get(struct sshbuf *buf, void *v, size_t len); 146 int sshbuf_put(struct sshbuf *buf, const void *v, size_t len); 147 int sshbuf_putb(struct sshbuf *buf, const struct sshbuf *v); 148 149 /* Append using a printf(3) format */ 150 int sshbuf_putf(struct sshbuf *buf, const char *fmt, ...) 151 __attribute__((format(printf, 2, 3))); 152 int sshbuf_putfv(struct sshbuf *buf, const char *fmt, va_list ap); 153 154 /* Functions to extract or store big-endian words of various sizes */ 155 int sshbuf_get_u64(struct sshbuf *buf, u_int64_t *valp); 156 int sshbuf_get_u32(struct sshbuf *buf, u_int32_t *valp); 157 int sshbuf_get_u16(struct sshbuf *buf, u_int16_t *valp); 158 int sshbuf_get_u8(struct sshbuf *buf, u_char *valp); 159 int sshbuf_put_u64(struct sshbuf *buf, u_int64_t val); 160 int sshbuf_put_u32(struct sshbuf *buf, u_int32_t val); 161 int sshbuf_put_u16(struct sshbuf *buf, u_int16_t val); 162 int sshbuf_put_u8(struct sshbuf *buf, u_char val); 163 164 /* Functions to peek at the contents of a buffer without modifying it. */ 165 int sshbuf_peek_u64(const struct sshbuf *buf, size_t offset, 166 u_int64_t *valp); 167 int sshbuf_peek_u32(const struct sshbuf *buf, size_t offset, 168 u_int32_t *valp); 169 int sshbuf_peek_u16(const struct sshbuf *buf, size_t offset, 170 u_int16_t *valp); 171 int sshbuf_peek_u8(const struct sshbuf *buf, size_t offset, 172 u_char *valp); 173 174 /* 175 * Functions to poke values into an existing buffer (e.g. a length header 176 * to a packet). The destination bytes must already exist in the buffer. 177 */ 178 int sshbuf_poke_u64(struct sshbuf *buf, size_t offset, u_int64_t val); 179 int sshbuf_poke_u32(struct sshbuf *buf, size_t offset, u_int32_t val); 180 int sshbuf_poke_u16(struct sshbuf *buf, size_t offset, u_int16_t val); 181 int sshbuf_poke_u8(struct sshbuf *buf, size_t offset, u_char val); 182 int sshbuf_poke(struct sshbuf *buf, size_t offset, void *v, size_t len); 183 184 /* 185 * Functions to extract or store SSH wire encoded strings (u32 len || data) 186 * The "cstring" variants admit no \0 characters in the string contents. 187 * Caller must free *valp. 188 */ 189 int sshbuf_get_string(struct sshbuf *buf, u_char **valp, size_t *lenp); 190 int sshbuf_get_cstring(struct sshbuf *buf, char **valp, size_t *lenp); 191 int sshbuf_get_stringb(struct sshbuf *buf, struct sshbuf *v); 192 int sshbuf_put_string(struct sshbuf *buf, const void *v, size_t len); 193 int sshbuf_put_cstring(struct sshbuf *buf, const char *v); 194 int sshbuf_put_stringb(struct sshbuf *buf, const struct sshbuf *v); 195 196 /* 197 * "Direct" variant of sshbuf_get_string, returns pointer into the sshbuf to 198 * avoid an malloc+memcpy. The pointer is guaranteed to be valid until the 199 * next sshbuf-modifying function call. Caller does not free. 200 */ 201 int sshbuf_get_string_direct(struct sshbuf *buf, const u_char **valp, 202 size_t *lenp); 203 204 /* Skip past a string */ 205 #define sshbuf_skip_string(buf) sshbuf_get_string_direct(buf, NULL, NULL) 206 207 /* Another variant: "peeks" into the buffer without modifying it */ 208 int sshbuf_peek_string_direct(const struct sshbuf *buf, const u_char **valp, 209 size_t *lenp); 210 211 /* 212 * Functions to extract or store SSH wire encoded bignums and elliptic 213 * curve points. 214 */ 215 int sshbuf_put_bignum2_bytes(struct sshbuf *buf, const void *v, size_t len); 216 int sshbuf_get_bignum2_bytes_direct(struct sshbuf *buf, 217 const u_char **valp, size_t *lenp); 218 #ifdef WITH_OPENSSL 219 int sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM **valp); 220 int sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v); 221 # ifdef OPENSSL_HAS_ECC 222 int sshbuf_get_ec(struct sshbuf *buf, EC_POINT *v, const EC_GROUP *g); 223 int sshbuf_get_eckey(struct sshbuf *buf, EC_KEY *v); 224 int sshbuf_put_ec(struct sshbuf *buf, const EC_POINT *v, const EC_GROUP *g); 225 int sshbuf_put_eckey(struct sshbuf *buf, const EC_KEY *v); 226 # endif /* OPENSSL_HAS_ECC */ 227 #endif /* WITH_OPENSSL */ 228 229 /* Dump the contents of the buffer in a human-readable format */ 230 void sshbuf_dump(const struct sshbuf *buf, FILE *f); 231 232 /* Dump specified memory in a human-readable format */ 233 void sshbuf_dump_data(const void *s, size_t len, FILE *f); 234 235 /* Return the hexadecimal representation of the contents of the buffer */ 236 char *sshbuf_dtob16(struct sshbuf *buf); 237 238 /* Encode the contents of the buffer as base64 */ 239 char *sshbuf_dtob64_string(const struct sshbuf *buf, int wrap); 240 int sshbuf_dtob64(const struct sshbuf *d, struct sshbuf *b64, int wrap); 241 /* RFC4648 "base64url" encoding variant */ 242 int sshbuf_dtourlb64(const struct sshbuf *d, struct sshbuf *b64, int wrap); 243 244 /* Decode base64 data and append it to the buffer */ 245 int sshbuf_b64tod(struct sshbuf *buf, const char *b64); 246 247 /* 248 * Tests whether the buffer contains the specified byte sequence at the 249 * specified offset. Returns 0 on successful match, or a ssherr.h code 250 * otherwise. SSH_ERR_INVALID_FORMAT indicates sufficient bytes were 251 * present but the buffer contents did not match those supplied. Zero- 252 * length comparisons are not allowed. 253 * 254 * If sufficient data is present to make a comparison, then it is 255 * performed with timing independent of the value of the data. If 256 * insufficient data is present then the comparison is not attempted at 257 * all. 258 */ 259 int sshbuf_cmp(const struct sshbuf *b, size_t offset, 260 const void *s, size_t len); 261 262 /* 263 * Searches the buffer for the specified string. Returns 0 on success 264 * and updates *offsetp with the offset of the first match, relative to 265 * the start of the buffer. Otherwise sshbuf_find will return a ssherr.h 266 * error code. SSH_ERR_INVALID_FORMAT indicates sufficient bytes were 267 * present in the buffer for a match to be possible but none was found. 268 * Searches for zero-length data are not allowed. 269 */ 270 int 271 sshbuf_find(const struct sshbuf *b, size_t start_offset, 272 const void *s, size_t len, size_t *offsetp); 273 274 /* 275 * Duplicate the contents of a buffer to a string (caller to free). 276 * Returns NULL on buffer error, or if the buffer contains a premature 277 * nul character. 278 */ 279 char *sshbuf_dup_string(struct sshbuf *buf); 280 281 /* 282 * Fill a buffer from a file descriptor or filename. Both allocate the 283 * buffer for the caller. 284 */ 285 int sshbuf_load_fd(int, struct sshbuf **) 286 __attribute__((__nonnull__ (2))); 287 int sshbuf_load_file(const char *, struct sshbuf **) 288 __attribute__((__nonnull__ (2))); 289 290 /* 291 * Write a buffer to a path, creating/truncating as needed (mode 0644, 292 * subject to umask). The buffer contents are not modified. 293 */ 294 int sshbuf_write_file(const char *path, struct sshbuf *buf) 295 __attribute__((__nonnull__ (2))); 296 297 /* Read up to maxlen bytes from a fd directly to a buffer */ 298 int sshbuf_read(int, struct sshbuf *, size_t, size_t *) 299 __attribute__((__nonnull__ (2))); 300 301 /* Macros for decoding/encoding integers */ 302 #define PEEK_U64(p) \ 303 (((u_int64_t)(((const u_char *)(p))[0]) << 56) | \ 304 ((u_int64_t)(((const u_char *)(p))[1]) << 48) | \ 305 ((u_int64_t)(((const u_char *)(p))[2]) << 40) | \ 306 ((u_int64_t)(((const u_char *)(p))[3]) << 32) | \ 307 ((u_int64_t)(((const u_char *)(p))[4]) << 24) | \ 308 ((u_int64_t)(((const u_char *)(p))[5]) << 16) | \ 309 ((u_int64_t)(((const u_char *)(p))[6]) << 8) | \ 310 (u_int64_t)(((const u_char *)(p))[7])) 311 #define PEEK_U32(p) \ 312 (((u_int32_t)(((const u_char *)(p))[0]) << 24) | \ 313 ((u_int32_t)(((const u_char *)(p))[1]) << 16) | \ 314 ((u_int32_t)(((const u_char *)(p))[2]) << 8) | \ 315 (u_int32_t)(((const u_char *)(p))[3])) 316 #define PEEK_U16(p) \ 317 (((u_int16_t)(((const u_char *)(p))[0]) << 8) | \ 318 (u_int16_t)(((const u_char *)(p))[1])) 319 320 #define POKE_U64(p, v) \ 321 do { \ 322 const u_int64_t __v = (v); \ 323 ((u_char *)(p))[0] = (__v >> 56) & 0xff; \ 324 ((u_char *)(p))[1] = (__v >> 48) & 0xff; \ 325 ((u_char *)(p))[2] = (__v >> 40) & 0xff; \ 326 ((u_char *)(p))[3] = (__v >> 32) & 0xff; \ 327 ((u_char *)(p))[4] = (__v >> 24) & 0xff; \ 328 ((u_char *)(p))[5] = (__v >> 16) & 0xff; \ 329 ((u_char *)(p))[6] = (__v >> 8) & 0xff; \ 330 ((u_char *)(p))[7] = __v & 0xff; \ 331 } while (0) 332 #define POKE_U32(p, v) \ 333 do { \ 334 const u_int32_t __v = (v); \ 335 ((u_char *)(p))[0] = (__v >> 24) & 0xff; \ 336 ((u_char *)(p))[1] = (__v >> 16) & 0xff; \ 337 ((u_char *)(p))[2] = (__v >> 8) & 0xff; \ 338 ((u_char *)(p))[3] = __v & 0xff; \ 339 } while (0) 340 #define POKE_U16(p, v) \ 341 do { \ 342 const u_int16_t __v = (v); \ 343 ((u_char *)(p))[0] = (__v >> 8) & 0xff; \ 344 ((u_char *)(p))[1] = __v & 0xff; \ 345 } while (0) 346 347 /* Internal definitions follow. Exposed for regress tests */ 348 #ifdef SSHBUF_INTERNAL 349 350 /* 351 * Return the allocation size of buf 352 */ 353 size_t sshbuf_alloc(const struct sshbuf *buf); 354 355 /* 356 * Increment the reference count of buf. 357 */ 358 int sshbuf_set_parent(struct sshbuf *child, struct sshbuf *parent); 359 360 /* 361 * Return the parent buffer of buf, or NULL if it has no parent. 362 */ 363 const struct sshbuf *sshbuf_parent(const struct sshbuf *buf); 364 365 /* 366 * Return the reference count of buf 367 */ 368 u_int sshbuf_refcount(const struct sshbuf *buf); 369 370 # define SSHBUF_SIZE_INIT 256 /* Initial allocation */ 371 # define SSHBUF_SIZE_INC 256 /* Preferred increment length */ 372 # define SSHBUF_PACK_MIN 8192 /* Minimum packable offset */ 373 374 /* # define SSHBUF_ABORT abort */ 375 /* # define SSHBUF_DEBUG */ 376 377 # ifndef SSHBUF_ABORT 378 # define SSHBUF_ABORT() 379 # endif 380 381 # ifdef SSHBUF_DEBUG 382 # define SSHBUF_DBG(x) do { \ 383 printf("%s:%d %s: ", __FILE__, __LINE__, __func__); \ 384 printf x; \ 385 printf("\n"); \ 386 fflush(stdout); \ 387 } while (0) 388 # else 389 # define SSHBUF_DBG(x) 390 # endif 391 #endif /* SSHBUF_INTERNAL */ 392 393 #endif /* _SSHBUF_H */ 394