xref: /freebsd/crypto/openssh/sshbuf.h (revision a18b956b73cee784e5c422d20fd0e4dabebd7eee)
1 /*	$OpenBSD: sshbuf.h,v 1.28 2022/12/02 04:40:27 djm Exp $	*/
2 /*
3  * Copyright (c) 2011 Damien Miller
4  *
5  * Permission to use, copy, modify, and distribute this software for any
6  * purpose with or without fee is hereby granted, provided that the above
7  * copyright notice and this permission notice appear in all copies.
8  *
9  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16  */
17 
18 #ifndef _SSHBUF_H
19 #define _SSHBUF_H
20 
21 #include <sys/types.h>
22 #include <stdarg.h>
23 #include <stdio.h>
24 #ifdef WITH_OPENSSL
25 # include <openssl/bn.h>
26 # ifdef OPENSSL_HAS_ECC
27 #  include <openssl/ec.h>
28 # endif /* OPENSSL_HAS_ECC */
29 #endif /* WITH_OPENSSL */
30 
31 #define SSHBUF_SIZE_MAX		0x8000000	/* Hard maximum size */
32 #define SSHBUF_REFS_MAX		0x100000	/* Max child buffers */
33 #define SSHBUF_MAX_BIGNUM	(16384 / 8)	/* Max bignum *bytes* */
34 #define SSHBUF_MAX_ECPOINT	((528 * 2 / 8) + 1) /* Max EC point *bytes* */
35 
36 struct sshbuf;
37 
38 /*
39  * Create a new sshbuf buffer.
40  * Returns pointer to buffer on success, or NULL on allocation failure.
41  */
42 struct sshbuf *sshbuf_new(void);
43 
44 /*
45  * Create a new, read-only sshbuf buffer from existing data.
46  * Returns pointer to buffer on success, or NULL on allocation failure.
47  */
48 struct sshbuf *sshbuf_from(const void *blob, size_t len);
49 
50 /*
51  * Create a new, read-only sshbuf buffer from the contents of an existing
52  * buffer. The contents of "buf" must not change in the lifetime of the
53  * resultant buffer.
54  * Returns pointer to buffer on success, or NULL on allocation failure.
55  */
56 struct sshbuf *sshbuf_fromb(struct sshbuf *buf);
57 
58 /*
59  * Create a new, read-only sshbuf buffer from the contents of a string in
60  * an existing buffer (the string is consumed in the process).
61  * The contents of "buf" must not change in the lifetime of the resultant
62  * buffer.
63  * Returns pointer to buffer on success, or NULL on allocation failure.
64  */
65 int	sshbuf_froms(struct sshbuf *buf, struct sshbuf **bufp);
66 
67 /*
68  * Clear and free buf
69  */
70 void	sshbuf_free(struct sshbuf *buf);
71 
72 /*
73  * Reset buf, clearing its contents. NB. max_size is preserved.
74  */
75 void	sshbuf_reset(struct sshbuf *buf);
76 
77 /*
78  * Return the maximum size of buf
79  */
80 size_t	sshbuf_max_size(const struct sshbuf *buf);
81 
82 /*
83  * Set the maximum size of buf
84  * Returns 0 on success, or a negative SSH_ERR_* error code on failure.
85  */
86 int	sshbuf_set_max_size(struct sshbuf *buf, size_t max_size);
87 
88 /*
89  * Returns the length of data in buf
90  */
91 size_t	sshbuf_len(const struct sshbuf *buf);
92 
93 /*
94  * Returns number of bytes left in buffer before hitting max_size.
95  */
96 size_t	sshbuf_avail(const struct sshbuf *buf);
97 
98 /*
99  * Returns a read-only pointer to the start of the data in buf
100  */
101 const u_char *sshbuf_ptr(const struct sshbuf *buf);
102 
103 /*
104  * Returns a mutable pointer to the start of the data in buf, or
105  * NULL if the buffer is read-only.
106  */
107 u_char *sshbuf_mutable_ptr(const struct sshbuf *buf);
108 
109 /*
110  * Check whether a reservation of size len will succeed in buf
111  * Safer to use than direct comparisons again sshbuf_avail as it copes
112  * with unsigned overflows correctly.
113  * Returns 0 on success, or a negative SSH_ERR_* error code on failure.
114  */
115 int	sshbuf_check_reserve(const struct sshbuf *buf, size_t len);
116 
117 /*
118  * Preallocates len additional bytes in buf.
119  * Useful for cases where the caller knows how many bytes will ultimately be
120  * required to avoid realloc in the buffer code.
121  * Returns 0 on success, or a negative SSH_ERR_* error code on failure.
122  */
123 int	sshbuf_allocate(struct sshbuf *buf, size_t len);
124 
125 /*
126  * Reserve len bytes in buf.
127  * Returns 0 on success and a pointer to the first reserved byte via the
128  * optional dpp parameter or a negative SSH_ERR_* error code on failure.
129  */
130 int	sshbuf_reserve(struct sshbuf *buf, size_t len, u_char **dpp);
131 
132 /*
133  * Consume len bytes from the start of buf
134  * Returns 0 on success, or a negative SSH_ERR_* error code on failure.
135  */
136 int	sshbuf_consume(struct sshbuf *buf, size_t len);
137 
138 /*
139  * Consume len bytes from the end of buf
140  * Returns 0 on success, or a negative SSH_ERR_* error code on failure.
141  */
142 int	sshbuf_consume_end(struct sshbuf *buf, size_t len);
143 
144 /* Extract or deposit some bytes */
145 int	sshbuf_get(struct sshbuf *buf, void *v, size_t len);
146 int	sshbuf_put(struct sshbuf *buf, const void *v, size_t len);
147 int	sshbuf_putb(struct sshbuf *buf, const struct sshbuf *v);
148 
149 /* Append using a printf(3) format */
150 int	sshbuf_putf(struct sshbuf *buf, const char *fmt, ...)
151 	    __attribute__((format(printf, 2, 3)));
152 int	sshbuf_putfv(struct sshbuf *buf, const char *fmt, va_list ap);
153 
154 /* Functions to extract or store big-endian words of various sizes */
155 int	sshbuf_get_u64(struct sshbuf *buf, u_int64_t *valp);
156 int	sshbuf_get_u32(struct sshbuf *buf, u_int32_t *valp);
157 int	sshbuf_get_u16(struct sshbuf *buf, u_int16_t *valp);
158 int	sshbuf_get_u8(struct sshbuf *buf, u_char *valp);
159 int	sshbuf_put_u64(struct sshbuf *buf, u_int64_t val);
160 int	sshbuf_put_u32(struct sshbuf *buf, u_int32_t val);
161 int	sshbuf_put_u16(struct sshbuf *buf, u_int16_t val);
162 int	sshbuf_put_u8(struct sshbuf *buf, u_char val);
163 
164 /* Functions to peek at the contents of a buffer without modifying it. */
165 int	sshbuf_peek_u64(const struct sshbuf *buf, size_t offset,
166     u_int64_t *valp);
167 int	sshbuf_peek_u32(const struct sshbuf *buf, size_t offset,
168     u_int32_t *valp);
169 int	sshbuf_peek_u16(const struct sshbuf *buf, size_t offset,
170     u_int16_t *valp);
171 int	sshbuf_peek_u8(const struct sshbuf *buf, size_t offset,
172     u_char *valp);
173 
174 /*
175  * Functions to poke values into an existing buffer (e.g. a length header
176  * to a packet). The destination bytes must already exist in the buffer.
177  */
178 int sshbuf_poke_u64(struct sshbuf *buf, size_t offset, u_int64_t val);
179 int sshbuf_poke_u32(struct sshbuf *buf, size_t offset, u_int32_t val);
180 int sshbuf_poke_u16(struct sshbuf *buf, size_t offset, u_int16_t val);
181 int sshbuf_poke_u8(struct sshbuf *buf, size_t offset, u_char val);
182 int sshbuf_poke(struct sshbuf *buf, size_t offset, void *v, size_t len);
183 
184 /*
185  * Functions to extract or store SSH wire encoded strings (u32 len || data)
186  * The "cstring" variants admit no \0 characters in the string contents.
187  * Caller must free *valp.
188  */
189 int	sshbuf_get_string(struct sshbuf *buf, u_char **valp, size_t *lenp);
190 int	sshbuf_get_cstring(struct sshbuf *buf, char **valp, size_t *lenp);
191 int	sshbuf_get_stringb(struct sshbuf *buf, struct sshbuf *v);
192 int	sshbuf_put_string(struct sshbuf *buf, const void *v, size_t len);
193 int	sshbuf_put_cstring(struct sshbuf *buf, const char *v);
194 int	sshbuf_put_stringb(struct sshbuf *buf, const struct sshbuf *v);
195 
196 /*
197  * "Direct" variant of sshbuf_get_string, returns pointer into the sshbuf to
198  * avoid an malloc+memcpy. The pointer is guaranteed to be valid until the
199  * next sshbuf-modifying function call. Caller does not free.
200  */
201 int	sshbuf_get_string_direct(struct sshbuf *buf, const u_char **valp,
202 	    size_t *lenp);
203 
204 /* Skip past a string */
205 #define sshbuf_skip_string(buf) sshbuf_get_string_direct(buf, NULL, NULL)
206 
207 /* Another variant: "peeks" into the buffer without modifying it */
208 int	sshbuf_peek_string_direct(const struct sshbuf *buf, const u_char **valp,
209 	    size_t *lenp);
210 
211 /*
212  * Functions to extract or store SSH wire encoded bignums and elliptic
213  * curve points.
214  */
215 int	sshbuf_put_bignum2_bytes(struct sshbuf *buf, const void *v, size_t len);
216 int	sshbuf_get_bignum2_bytes_direct(struct sshbuf *buf,
217 	    const u_char **valp, size_t *lenp);
218 #ifdef WITH_OPENSSL
219 int	sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM **valp);
220 int	sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v);
221 # ifdef OPENSSL_HAS_ECC
222 int	sshbuf_get_ec(struct sshbuf *buf, EC_POINT *v, const EC_GROUP *g);
223 int	sshbuf_get_eckey(struct sshbuf *buf, EC_KEY *v);
224 int	sshbuf_put_ec(struct sshbuf *buf, const EC_POINT *v, const EC_GROUP *g);
225 int	sshbuf_put_eckey(struct sshbuf *buf, const EC_KEY *v);
226 # endif /* OPENSSL_HAS_ECC */
227 #endif /* WITH_OPENSSL */
228 
229 /* Dump the contents of the buffer in a human-readable format */
230 void	sshbuf_dump(const struct sshbuf *buf, FILE *f);
231 
232 /* Dump specified memory in a human-readable format */
233 void	sshbuf_dump_data(const void *s, size_t len, FILE *f);
234 
235 /* Return the hexadecimal representation of the contents of the buffer */
236 char	*sshbuf_dtob16(struct sshbuf *buf);
237 
238 /* Encode the contents of the buffer as base64 */
239 char	*sshbuf_dtob64_string(const struct sshbuf *buf, int wrap);
240 int	sshbuf_dtob64(const struct sshbuf *d, struct sshbuf *b64, int wrap);
241 /* RFC4648 "base64url" encoding variant */
242 int	sshbuf_dtourlb64(const struct sshbuf *d, struct sshbuf *b64, int wrap);
243 
244 /* Decode base64 data and append it to the buffer */
245 int	sshbuf_b64tod(struct sshbuf *buf, const char *b64);
246 
247 /*
248  * Tests whether the buffer contains the specified byte sequence at the
249  * specified offset. Returns 0 on successful match, or a ssherr.h code
250  * otherwise. SSH_ERR_INVALID_FORMAT indicates sufficient bytes were
251  * present but the buffer contents did not match those supplied. Zero-
252  * length comparisons are not allowed.
253  *
254  * If sufficient data is present to make a comparison, then it is
255  * performed with timing independent of the value of the data. If
256  * insufficient data is present then the comparison is not attempted at
257  * all.
258  */
259 int	sshbuf_cmp(const struct sshbuf *b, size_t offset,
260     const void *s, size_t len);
261 
262 /*
263  * Searches the buffer for the specified string. Returns 0 on success
264  * and updates *offsetp with the offset of the first match, relative to
265  * the start of the buffer. Otherwise sshbuf_find will return a ssherr.h
266  * error code. SSH_ERR_INVALID_FORMAT indicates sufficient bytes were
267  * present in the buffer for a match to be possible but none was found.
268  * Searches for zero-length data are not allowed.
269  */
270 int
271 sshbuf_find(const struct sshbuf *b, size_t start_offset,
272     const void *s, size_t len, size_t *offsetp);
273 
274 /*
275  * Duplicate the contents of a buffer to a string (caller to free).
276  * Returns NULL on buffer error, or if the buffer contains a premature
277  * nul character.
278  */
279 char *sshbuf_dup_string(struct sshbuf *buf);
280 
281 /*
282  * Fill a buffer from a file descriptor or filename. Both allocate the
283  * buffer for the caller.
284  */
285 int sshbuf_load_fd(int, struct sshbuf **)
286     __attribute__((__nonnull__ (2)));
287 int sshbuf_load_file(const char *, struct sshbuf **)
288     __attribute__((__nonnull__ (2)));
289 
290 /*
291  * Write a buffer to a path, creating/truncating as needed (mode 0644,
292  * subject to umask). The buffer contents are not modified.
293  */
294 int sshbuf_write_file(const char *path, struct sshbuf *buf)
295     __attribute__((__nonnull__ (2)));
296 
297 /* Read up to maxlen bytes from a fd directly to a buffer */
298 int sshbuf_read(int, struct sshbuf *, size_t, size_t *)
299     __attribute__((__nonnull__ (2)));
300 
301 /* Macros for decoding/encoding integers */
302 #define PEEK_U64(p) \
303 	(((u_int64_t)(((const u_char *)(p))[0]) << 56) | \
304 	 ((u_int64_t)(((const u_char *)(p))[1]) << 48) | \
305 	 ((u_int64_t)(((const u_char *)(p))[2]) << 40) | \
306 	 ((u_int64_t)(((const u_char *)(p))[3]) << 32) | \
307 	 ((u_int64_t)(((const u_char *)(p))[4]) << 24) | \
308 	 ((u_int64_t)(((const u_char *)(p))[5]) << 16) | \
309 	 ((u_int64_t)(((const u_char *)(p))[6]) << 8) | \
310 	  (u_int64_t)(((const u_char *)(p))[7]))
311 #define PEEK_U32(p) \
312 	(((u_int32_t)(((const u_char *)(p))[0]) << 24) | \
313 	 ((u_int32_t)(((const u_char *)(p))[1]) << 16) | \
314 	 ((u_int32_t)(((const u_char *)(p))[2]) << 8) | \
315 	  (u_int32_t)(((const u_char *)(p))[3]))
316 #define PEEK_U16(p) \
317 	(((u_int16_t)(((const u_char *)(p))[0]) << 8) | \
318 	  (u_int16_t)(((const u_char *)(p))[1]))
319 
320 #define POKE_U64(p, v) \
321 	do { \
322 		const u_int64_t __v = (v); \
323 		((u_char *)(p))[0] = (__v >> 56) & 0xff; \
324 		((u_char *)(p))[1] = (__v >> 48) & 0xff; \
325 		((u_char *)(p))[2] = (__v >> 40) & 0xff; \
326 		((u_char *)(p))[3] = (__v >> 32) & 0xff; \
327 		((u_char *)(p))[4] = (__v >> 24) & 0xff; \
328 		((u_char *)(p))[5] = (__v >> 16) & 0xff; \
329 		((u_char *)(p))[6] = (__v >> 8) & 0xff; \
330 		((u_char *)(p))[7] = __v & 0xff; \
331 	} while (0)
332 #define POKE_U32(p, v) \
333 	do { \
334 		const u_int32_t __v = (v); \
335 		((u_char *)(p))[0] = (__v >> 24) & 0xff; \
336 		((u_char *)(p))[1] = (__v >> 16) & 0xff; \
337 		((u_char *)(p))[2] = (__v >> 8) & 0xff; \
338 		((u_char *)(p))[3] = __v & 0xff; \
339 	} while (0)
340 #define POKE_U16(p, v) \
341 	do { \
342 		const u_int16_t __v = (v); \
343 		((u_char *)(p))[0] = (__v >> 8) & 0xff; \
344 		((u_char *)(p))[1] = __v & 0xff; \
345 	} while (0)
346 
347 /* Internal definitions follow. Exposed for regress tests */
348 #ifdef SSHBUF_INTERNAL
349 
350 /*
351  * Return the allocation size of buf
352  */
353 size_t	sshbuf_alloc(const struct sshbuf *buf);
354 
355 /*
356  * Increment the reference count of buf.
357  */
358 int	sshbuf_set_parent(struct sshbuf *child, struct sshbuf *parent);
359 
360 /*
361  * Return the parent buffer of buf, or NULL if it has no parent.
362  */
363 const struct sshbuf *sshbuf_parent(const struct sshbuf *buf);
364 
365 /*
366  * Return the reference count of buf
367  */
368 u_int	sshbuf_refcount(const struct sshbuf *buf);
369 
370 # define SSHBUF_SIZE_INIT	256		/* Initial allocation */
371 # define SSHBUF_SIZE_INC	256		/* Preferred increment length */
372 # define SSHBUF_PACK_MIN	8192		/* Minimum packable offset */
373 
374 /* # define SSHBUF_ABORT abort */
375 /* # define SSHBUF_DEBUG */
376 
377 # ifndef SSHBUF_ABORT
378 #  define SSHBUF_ABORT()
379 # endif
380 
381 # ifdef SSHBUF_DEBUG
382 #  define SSHBUF_DBG(x) do { \
383 		printf("%s:%d %s: ", __FILE__, __LINE__, __func__); \
384 		printf x; \
385 		printf("\n"); \
386 		fflush(stdout); \
387 	} while (0)
388 # else
389 #  define SSHBUF_DBG(x)
390 # endif
391 #endif /* SSHBUF_INTERNAL */
392 
393 #endif /* _SSHBUF_H */
394