crypto/openssh/sshbuf-getput-crypto.c

   1 /*      $OpenBSD: sshbuf-getput-crypto.c,v 1.5 2016/01/12 23:42:54 djm Exp $    */
   2 /*
   3  * Copyright (c) 2011 Damien Miller
   4  *
   5  * Permission to use, copy, modify, and distribute this software for any
   6  * purpose with or without fee is hereby granted, provided that the above
   7  * copyright notice and this permission notice appear in all copies.
   8  *
   9  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  10  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  11  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
  12  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  13  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  14  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  15  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  16  */
  17
  18 #define SSHBUF_INTERNAL
  19 #include "includes.h"
  20
  21 #include <sys/types.h>
  22 #include <stdlib.h>
  23 #include <stdio.h>
  24 #include <string.h>
  25
  26 #include <openssl/bn.h>
  27 #ifdef OPENSSL_HAS_ECC
  28 # include <openssl/ec.h>
  29 #endif /* OPENSSL_HAS_ECC */
  30
  31 #include "ssherr.h"
  32 #include "sshbuf.h"
  33
  34 int
  35 sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM *v)
  36 {
  37         const u_char *d;
  38         size_t len;
  39         int r;
  40
  41         if ((r = sshbuf_get_bignum2_bytes_direct(buf, &d, &len)) != 0)
  42                 return r;
  43         if (v != NULL && BN_bin2bn(d, len, v) == NULL)
  44                 return SSH_ERR_ALLOC_FAIL;
  45         return 0;
  46 }
  47
  48 int
  49 sshbuf_get_bignum1(struct sshbuf *buf, BIGNUM *v)
  50 {
  51         const u_char *d = sshbuf_ptr(buf);
  52         u_int16_t len_bits;
  53         size_t len_bytes;
  54
  55         /* Length in bits */
  56         if (sshbuf_len(buf) < 2)
  57                 return SSH_ERR_MESSAGE_INCOMPLETE;
  58         len_bits = PEEK_U16(d);
  59         len_bytes = (len_bits + 7) >> 3;
  60         if (len_bytes > SSHBUF_MAX_BIGNUM)
  61                 return SSH_ERR_BIGNUM_TOO_LARGE;
  62         if (sshbuf_len(buf) < 2 + len_bytes)
  63                 return SSH_ERR_MESSAGE_INCOMPLETE;
  64         if (v != NULL && BN_bin2bn(d + 2, len_bytes, v) == NULL)
  65                 return SSH_ERR_ALLOC_FAIL;
  66         if (sshbuf_consume(buf, 2 + len_bytes) != 0) {
  67                 SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR"));
  68                 SSHBUF_ABORT();
  69                 return SSH_ERR_INTERNAL_ERROR;
  70         }
  71         return 0;
  72 }
  73
  74 #ifdef OPENSSL_HAS_ECC
  75 static int
  76 get_ec(const u_char *d, size_t len, EC_POINT *v, const EC_GROUP *g)
  77 {
  78         /* Refuse overlong bignums */
  79         if (len == 0 || len > SSHBUF_MAX_ECPOINT)
  80                 return SSH_ERR_ECPOINT_TOO_LARGE;
  81         /* Only handle uncompressed points */
  82         if (*d != POINT_CONVERSION_UNCOMPRESSED)
  83                 return SSH_ERR_INVALID_FORMAT;
  84         if (v != NULL && EC_POINT_oct2point(g, v, d, len, NULL) != 1)
  85                 return SSH_ERR_INVALID_FORMAT; /* XXX assumption */
  86         return 0;
  87 }
  88
  89 int
  90 sshbuf_get_ec(struct sshbuf *buf, EC_POINT *v, const EC_GROUP *g)
  91 {
  92         const u_char *d;
  93         size_t len;
  94         int r;
  95
  96         if ((r = sshbuf_peek_string_direct(buf, &d, &len)) < 0)
  97                 return r;
  98         if ((r = get_ec(d, len, v, g)) != 0)
  99                 return r;
 100         /* Skip string */
 101         if (sshbuf_get_string_direct(buf, NULL, NULL) != 0) {
 102                 /* Shouldn't happen */
 103                 SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR"));
 104                 SSHBUF_ABORT();
 105                 return SSH_ERR_INTERNAL_ERROR;
 106         }
 107         return 0;
 108 }
 109
 110 int
 111 sshbuf_get_eckey(struct sshbuf *buf, EC_KEY *v)
 112 {
 113         EC_POINT *pt = EC_POINT_new(EC_KEY_get0_group(v));
 114         int r;
 115         const u_char *d;
 116         size_t len;
 117
 118         if (pt == NULL) {
 119                 SSHBUF_DBG(("SSH_ERR_ALLOC_FAIL"));
 120                 return SSH_ERR_ALLOC_FAIL;
 121         }
 122         if ((r = sshbuf_peek_string_direct(buf, &d, &len)) < 0) {
 123                 EC_POINT_free(pt);
 124                 return r;
 125         }
 126         if ((r = get_ec(d, len, pt, EC_KEY_get0_group(v))) != 0) {
 127                 EC_POINT_free(pt);
 128                 return r;
 129         }
 130         if (EC_KEY_set_public_key(v, pt) != 1) {
 131                 EC_POINT_free(pt);
 132                 return SSH_ERR_ALLOC_FAIL; /* XXX assumption */
 133         }
 134         EC_POINT_free(pt);
 135         /* Skip string */
 136         if (sshbuf_get_string_direct(buf, NULL, NULL) != 0) {
 137                 /* Shouldn't happen */
 138                 SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR"));
 139                 SSHBUF_ABORT();
 140                 return SSH_ERR_INTERNAL_ERROR;
 141         }
 142         return 0;
 143 }
 144 #endif /* OPENSSL_HAS_ECC */
 145
 146 int
 147 sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v)
 148 {
 149         u_char d[SSHBUF_MAX_BIGNUM + 1];
 150         int len = BN_num_bytes(v), prepend = 0, r;
 151
 152         if (len < 0 || len > SSHBUF_MAX_BIGNUM)
 153                 return SSH_ERR_INVALID_ARGUMENT;
 154         *d = '\0';
 155         if (BN_bn2bin(v, d + 1) != len)
 156                 return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */
 157         /* If MSB is set, prepend a \0 */
 158         if (len > 0 && (d[1] & 0x80) != 0)
 159                 prepend = 1;
 160         if ((r = sshbuf_put_string(buf, d + 1 - prepend, len + prepend)) < 0) {
 161                 explicit_bzero(d, sizeof(d));
 162                 return r;
 163         }
 164         explicit_bzero(d, sizeof(d));
 165         return 0;
 166 }
 167
 168 int
 169 sshbuf_put_bignum1(struct sshbuf *buf, const BIGNUM *v)
 170 {
 171         int r, len_bits = BN_num_bits(v);
 172         size_t len_bytes = (len_bits + 7) / 8;
 173         u_char d[SSHBUF_MAX_BIGNUM], *dp;
 174
 175         if (len_bits < 0 || len_bytes > SSHBUF_MAX_BIGNUM)
 176                 return SSH_ERR_INVALID_ARGUMENT;
 177         if (BN_bn2bin(v, d) != (int)len_bytes)
 178                 return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */
 179         if ((r = sshbuf_reserve(buf, len_bytes + 2, &dp)) < 0) {
 180                 explicit_bzero(d, sizeof(d));
 181                 return r;
 182         }
 183         POKE_U16(dp, len_bits);
 184         if (len_bytes != 0)
 185                 memcpy(dp + 2, d, len_bytes);
 186         explicit_bzero(d, sizeof(d));
 187         return 0;
 188 }
 189
 190 #ifdef OPENSSL_HAS_ECC
 191 int
 192 sshbuf_put_ec(struct sshbuf *buf, const EC_POINT *v, const EC_GROUP *g)
 193 {
 194         u_char d[SSHBUF_MAX_ECPOINT];
 195         BN_CTX *bn_ctx;
 196         size_t len;
 197         int ret;
 198
 199         if ((bn_ctx = BN_CTX_new()) == NULL)
 200                 return SSH_ERR_ALLOC_FAIL;
 201         if ((len = EC_POINT_point2oct(g, v, POINT_CONVERSION_UNCOMPRESSED,
 202             NULL, 0, bn_ctx)) > SSHBUF_MAX_ECPOINT) {
 203                 BN_CTX_free(bn_ctx);
 204                 return SSH_ERR_INVALID_ARGUMENT;
 205         }
 206         if (EC_POINT_point2oct(g, v, POINT_CONVERSION_UNCOMPRESSED,
 207             d, len, bn_ctx) != len) {
 208                 BN_CTX_free(bn_ctx);
 209                 return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */
 210         }
 211         BN_CTX_free(bn_ctx);
 212         ret = sshbuf_put_string(buf, d, len);
 213         explicit_bzero(d, len);
 214         return ret;
 215 }
 216
 217 int
 218 sshbuf_put_eckey(struct sshbuf *buf, const EC_KEY *v)
 219 {
 220         return sshbuf_put_ec(buf, EC_KEY_get0_public_key(v),
 221             EC_KEY_get0_group(v));
 222 }
 223 #endif /* OPENSSL_HAS_ECC */
 224