xref: /titanic_41/usr/src/cmd/ssh/libssh/common/bufaux.c (revision 88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98)
1 /*
2  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  */
5 /*
6  * Author: Tatu Ylonen <ylo@cs.hut.fi>
7  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
8  *                    All rights reserved
9  * Auxiliary functions for storing and retrieving various data types to/from
10  * Buffers.
11  *
12  * As far as I am concerned, the code I have written for this software
13  * can be used freely for any purpose.  Any derived versions of this
14  * software must be clearly marked as such, and if the derived work is
15  * incompatible with the protocol description in the RFC file, it must be
16  * called by a name other than "ssh" or "Secure Shell".
17  *
18  *
19  * SSH2 packet format added by Markus Friedl
20  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
21  *
22  * Redistribution and use in source and binary forms, with or without
23  * modification, are permitted provided that the following conditions
24  * are met:
25  * 1. Redistributions of source code must retain the above copyright
26  *    notice, this list of conditions and the following disclaimer.
27  * 2. Redistributions in binary form must reproduce the above copyright
28  *    notice, this list of conditions and the following disclaimer in the
29  *    documentation and/or other materials provided with the distribution.
30  *
31  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
32  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
33  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
34  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
35  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
36  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
37  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
38  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
39  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
40  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
41  */
42 
43 #include "includes.h"
44 RCSID("$OpenBSD: bufaux.c,v 1.27 2002/06/26 08:53:12 markus Exp $");
45 
46 #pragma ident	"%Z%%M%	%I%	%E% SMI"
47 
48 #include <langinfo.h>
49 #include <openssl/bn.h>
50 #include "bufaux.h"
51 #include "xmalloc.h"
52 #include "getput.h"
53 #include "log.h"
54 #include "g11n.h"
55 
56 /*
57  * Stores an BIGNUM in the buffer with a 2-byte msb first bit count, followed
58  * by (bits+7)/8 bytes of binary data, msb first.
59  */
60 void
61 buffer_put_bignum(Buffer *buffer, BIGNUM *value)
62 {
63 	int bits = BN_num_bits(value);
64 	int bin_size = (bits + 7) / 8;
65 	u_char *buf = xmalloc(bin_size);
66 	int oi;
67 	char msg[2];
68 
69 	/* Get the value of in binary */
70 	oi = BN_bn2bin(value, buf);
71 	if (oi != bin_size)
72 		fatal("buffer_put_bignum: BN_bn2bin() failed: oi %d != bin_size %d",
73 		    oi, bin_size);
74 
75 	/* Store the number of bits in the buffer in two bytes, msb first. */
76 	PUT_16BIT(msg, bits);
77 	buffer_append(buffer, msg, 2);
78 	/* Store the binary data. */
79 	buffer_append(buffer, (char *)buf, oi);
80 
81 	memset(buf, 0, bin_size);
82 	xfree(buf);
83 }
84 
85 /*
86  * Retrieves an BIGNUM from the buffer.
87  */
88 void
89 buffer_get_bignum(Buffer *buffer, BIGNUM *value)
90 {
91 	int bits, bytes;
92 	u_char buf[2], *bin;
93 
94 	/* Get the number for bits. */
95 	buffer_get(buffer, (char *) buf, 2);
96 	bits = GET_16BIT(buf);
97 	/* Compute the number of binary bytes that follow. */
98 	bytes = (bits + 7) / 8;
99 	if (bytes > 8 * 1024)
100 		fatal("buffer_get_bignum: cannot handle BN of size %d", bytes);
101 	if (buffer_len(buffer) < bytes)
102 		fatal("buffer_get_bignum: input buffer too small");
103 	bin = buffer_ptr(buffer);
104 	BN_bin2bn(bin, bytes, value);
105 	buffer_consume(buffer, bytes);
106 }
107 
108 /*
109  * Stores an BIGNUM in the buffer in SSH2 format.
110  */
111 void
112 buffer_put_bignum2(Buffer *buffer, BIGNUM *value)
113 {
114 	int bytes = BN_num_bytes(value) + 1;
115 	u_char *buf = xmalloc(bytes);
116 	int oi;
117 	int hasnohigh = 0;
118 
119 	buf[0] = '\0';
120 	/* Get the value of in binary */
121 	oi = BN_bn2bin(value, buf+1);
122 	if (oi != bytes-1)
123 		fatal("buffer_put_bignum: BN_bn2bin() failed: oi %d != bin_size %d",
124 		    oi, bytes);
125 	hasnohigh = (buf[1] & 0x80) ? 0 : 1;
126 	if (value->neg) {
127 		/**XXX should be two's-complement */
128 		int i, carry;
129 		u_char *uc = buf;
130 		log("negativ!");
131 		for (i = bytes-1, carry = 1; i>=0; i--) {
132 			uc[i] ^= 0xff;
133 			if (carry)
134 				carry = !++uc[i];
135 		}
136 	}
137 	buffer_put_string(buffer, buf+hasnohigh, bytes-hasnohigh);
138 	memset(buf, 0, bytes);
139 	xfree(buf);
140 }
141 
142 /* XXX does not handle negative BNs */
143 void
144 buffer_get_bignum2(Buffer *buffer, BIGNUM *value)
145 {
146 	u_int len;
147 	u_char *bin = buffer_get_string(buffer, &len);
148 
149 	if (len > 8 * 1024)
150 		fatal("buffer_get_bignum2: cannot handle BN of size %d", len);
151 	BN_bin2bn(bin, len, value);
152 	xfree(bin);
153 }
154 /*
155  * Returns integers from the buffer (msb first).
156  */
157 
158 u_short
159 buffer_get_short(Buffer *buffer)
160 {
161 	u_char buf[2];
162 
163 	buffer_get(buffer, (char *) buf, 2);
164 	return GET_16BIT(buf);
165 }
166 
167 u_int
168 buffer_get_int(Buffer *buffer)
169 {
170 	u_char buf[4];
171 
172 	buffer_get(buffer, (char *) buf, 4);
173 	return GET_32BIT(buf);
174 }
175 
176 #ifdef HAVE_U_INT64_T
177 u_int64_t
178 buffer_get_int64(Buffer *buffer)
179 {
180 	u_char buf[8];
181 
182 	buffer_get(buffer, (char *) buf, 8);
183 	return GET_64BIT(buf);
184 }
185 #endif
186 
187 /*
188  * Stores integers in the buffer, msb first.
189  */
190 void
191 buffer_put_short(Buffer *buffer, u_short value)
192 {
193 	char buf[2];
194 
195 	PUT_16BIT(buf, value);
196 	buffer_append(buffer, buf, 2);
197 }
198 
199 void
200 buffer_put_int(Buffer *buffer, u_int value)
201 {
202 	char buf[4];
203 
204 	PUT_32BIT(buf, value);
205 	buffer_append(buffer, buf, 4);
206 }
207 
208 #ifdef HAVE_U_INT64_T
209 void
210 buffer_put_int64(Buffer *buffer, u_int64_t value)
211 {
212 	char buf[8];
213 
214 	PUT_64BIT(buf, value);
215 	buffer_append(buffer, buf, 8);
216 }
217 #endif
218 
219 /*
220  * Returns an arbitrary binary string from the buffer.  The string cannot
221  * be longer than 256k.  The returned value points to memory allocated
222  * with xmalloc; it is the responsibility of the calling function to free
223  * the data.  If length_ptr is non-NULL, the length of the returned data
224  * will be stored there.  A null character will be automatically appended
225  * to the returned string, and is not counted in length.
226  */
227 void *
228 buffer_get_string(Buffer *buffer, u_int *length_ptr)
229 {
230 	u_char *value;
231 	u_int len;
232 
233 	/* Get the length. */
234 	len = buffer_get_int(buffer);
235 	if (len > 256 * 1024)
236 		fatal("buffer_get_string: bad string length %d", len);
237 	/* Allocate space for the string.  Add one byte for a null character. */
238 	value = xmalloc(len + 1);
239 	/* Get the string. */
240 	buffer_get(buffer, value, len);
241 	/* Append a null character to make processing easier. */
242 	value[len] = 0;
243 	/* Optionally return the length of the string. */
244 	if (length_ptr)
245 		*length_ptr = len;
246 	return value;
247 }
248 char *
249 buffer_get_ascii_cstring(Buffer *buffer)
250 {
251 	char *value;
252 	u_char *p;
253 	u_int len;
254 	value = buffer_get_string(buffer, &len);
255 
256 	/* Look for NULL or high-bit set bytes */
257 	for (p = (u_char *) value ;
258 	     p && *p && (!(*p & 0x80)) && (p - (u_char *) value) < len ;
259 	     p++) ;
260 
261 	/* If there were any, bomb */
262 	if ((p - (u_char *) value) != len) {
263 	    xfree(value);
264 	    errno = EILSEQ;
265 	    return NULL;
266 	}
267 	return value;
268 }
269 u_char *
270 buffer_get_utf8_cstring(Buffer *buffer)
271 {
272 	u_char	*value, *converted, *estr;
273 	u_int	len;
274 	int	err;
275 
276 	if ((value = buffer_get_string(buffer, &len)) == NULL) {
277 		return value;
278 	}
279 
280 	converted = g11n_convert_from_utf8(value, &err, &estr);
281 
282 	if (converted != value) xfree(value);
283 
284 	if (err)
285 	    fatal("invalid UTF-8 sequence; %s", estr);
286 
287 	return converted;
288 }
289 
290 /*
291  * Stores and arbitrary binary string in the buffer.
292  */
293 void
294 buffer_put_string(Buffer *buffer, const void *buf, u_int len)
295 {
296 	buffer_put_int(buffer, len);
297 	buffer_append(buffer, buf, len);
298 }
299 void
300 buffer_put_cstring(Buffer *buffer, const char *s)
301 {
302 	if (s == NULL)
303 		fatal("buffer_put_cstring: s == NULL");
304 	buffer_put_string(buffer, s, strlen(s));
305 }
306 
307 /*
308  * ASCII versions of the above
309  */
310 #if 0
311 void
312 buffer_put_ascii_string(Buffer *buffer, const void *buf, u_int len)
313 {
314 	u_char *p;
315 	for (p = (u_char *) buf ;
316 	     p && ((p - (u_char *) buf) < len) && *p && (!(*p & 0x80)) ;
317 	     p++) ;
318 
319 	if ((p - (u_char *) buf) != len)
320 		verbose("buffer_put_ascii_string: storing a non-ASCII string");
321 	buffer_put_int(buffer, len);
322 	buffer_append(buffer, buf, len);
323 }
324 #endif
325 void
326 buffer_put_ascii_cstring(Buffer *buffer, const char *s)
327 {
328 	u_char *estr;
329 	if (s == NULL)
330 		fatal("buffer_put_cstring: s == NULL");
331 
332 	if (!g11n_validate_ascii(s, strlen(s), &estr))
333 	    verbose("buffer_put_ascii_cstring: non-ASCII string; %s", estr);
334 
335 	buffer_put_cstring(buffer, s);
336 }
337 
338 /*
339  * UTF-8 versions of the above.
340  */
341 
342 #if 0
343 void
344 buffer_put_utf8_string(Buffer *buffer, const void *buf, u_int len)
345 {
346 	char *converted *estr;
347 
348 	converted = g11n_convert_to_utf8(buf, &err, &estr);
349 
350 	if (!converted && err)
351 		fatal("buffer_put_utf8_string: input not a valid UTF-8 encoding; %s", estr);
352 
353 	if (err)
354 		verbose("buffer_put_utf8_string: input not a valid UTF-8 encoding; %s", estr);
355 
356 	buffer_put_string(buffer, converted, strlen(converted));
357 
358 	if (converted != bug) xfree(converted);
359 
360 	return;
361 }
362 #endif
363 void
364 buffer_put_utf8_cstring(Buffer *buffer, const u_char *s)
365 {
366 	u_char *converted, *estr;
367 	int err;
368 
369 	if (s == NULL)
370 		fatal("buffer_put_cstring: s == NULL");
371 
372 	converted = g11n_convert_to_utf8(s, &err, &estr);
373 
374 	if (!converted && err)
375 		fatal("buffer_put_utf8_string: input not a valid UTF-8 encoding; %s", estr);
376 
377 	if (err)
378 		verbose("buffer_put_utf8_string: input not a valid UTF-8 encoding; %s", estr);
379 
380 	buffer_put_cstring(buffer, (const char *) converted);
381 
382 	if (converted != s) xfree(converted);
383 
384 	return;
385 }
386 
387 
388 /*
389  * Returns a character from the buffer (0 - 255).
390  */
391 int
392 buffer_get_char(Buffer *buffer)
393 {
394 	char ch;
395 
396 	buffer_get(buffer, &ch, 1);
397 	return (u_char) ch;
398 }
399 
400 /*
401  * Stores a character in the buffer.
402  */
403 void
404 buffer_put_char(Buffer *buffer, int value)
405 {
406 	char ch = value;
407 
408 	buffer_append(buffer, &ch, 1);
409 }
410