1 /* $OpenBSD: sshbuf-getput-crypto.c,v 1.10 2022/05/25 06:03:44 djm Exp $ */
3 * Copyright (c) 2011 Damien Miller
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 #define SSHBUF_INTERNAL
21 #include <sys/types.h>
27 #include <openssl/bn.h>
28 #ifdef OPENSSL_HAS_ECC
29 # include <openssl/ec.h>
30 #endif /* OPENSSL_HAS_ECC */
36 sshbuf_get_bignum2(struct sshbuf
*buf
, BIGNUM
**valp
)
45 if ((r
= sshbuf_get_bignum2_bytes_direct(buf
, &d
, &len
)) != 0)
48 if ((v
= BN_new()) == NULL
||
49 BN_bin2bn(d
, len
, v
) == NULL
) {
51 return SSH_ERR_ALLOC_FAIL
;
58 #ifdef OPENSSL_HAS_ECC
60 get_ec(const u_char
*d
, size_t len
, EC_POINT
*v
, const EC_GROUP
*g
)
62 /* Refuse overlong bignums */
63 if (len
== 0 || len
> SSHBUF_MAX_ECPOINT
)
64 return SSH_ERR_ECPOINT_TOO_LARGE
;
65 /* Only handle uncompressed points */
66 if (*d
!= POINT_CONVERSION_UNCOMPRESSED
)
67 return SSH_ERR_INVALID_FORMAT
;
68 if (v
!= NULL
&& EC_POINT_oct2point(g
, v
, d
, len
, NULL
) != 1)
69 return SSH_ERR_INVALID_FORMAT
; /* XXX assumption */
74 sshbuf_get_ec(struct sshbuf
*buf
, EC_POINT
*v
, const EC_GROUP
*g
)
80 if ((r
= sshbuf_peek_string_direct(buf
, &d
, &len
)) < 0)
82 if ((r
= get_ec(d
, len
, v
, g
)) != 0)
85 if (sshbuf_get_string_direct(buf
, NULL
, NULL
) != 0) {
86 /* Shouldn't happen */
87 SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR"));
89 return SSH_ERR_INTERNAL_ERROR
;
95 sshbuf_get_eckey(struct sshbuf
*buf
, EC_KEY
*v
)
97 EC_POINT
*pt
= EC_POINT_new(EC_KEY_get0_group(v
));
103 SSHBUF_DBG(("SSH_ERR_ALLOC_FAIL"));
104 return SSH_ERR_ALLOC_FAIL
;
106 if ((r
= sshbuf_peek_string_direct(buf
, &d
, &len
)) < 0) {
110 if ((r
= get_ec(d
, len
, pt
, EC_KEY_get0_group(v
))) != 0) {
114 if (EC_KEY_set_public_key(v
, pt
) != 1) {
116 return SSH_ERR_ALLOC_FAIL
; /* XXX assumption */
120 if (sshbuf_get_string_direct(buf
, NULL
, NULL
) != 0) {
121 /* Shouldn't happen */
122 SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR"));
124 return SSH_ERR_INTERNAL_ERROR
;
128 #endif /* OPENSSL_HAS_ECC */
131 sshbuf_put_bignum2(struct sshbuf
*buf
, const BIGNUM
*v
)
133 u_char d
[SSHBUF_MAX_BIGNUM
+ 1];
134 int len
= BN_num_bytes(v
), prepend
= 0, r
;
136 if (len
< 0 || len
> SSHBUF_MAX_BIGNUM
)
137 return SSH_ERR_INVALID_ARGUMENT
;
139 if (BN_bn2bin(v
, d
+ 1) != len
)
140 return SSH_ERR_INTERNAL_ERROR
; /* Shouldn't happen */
141 /* If MSB is set, prepend a \0 */
142 if (len
> 0 && (d
[1] & 0x80) != 0)
144 if ((r
= sshbuf_put_string(buf
, d
+ 1 - prepend
, len
+ prepend
)) < 0) {
145 explicit_bzero(d
, sizeof(d
));
148 explicit_bzero(d
, sizeof(d
));
152 #ifdef OPENSSL_HAS_ECC
154 sshbuf_put_ec(struct sshbuf
*buf
, const EC_POINT
*v
, const EC_GROUP
*g
)
156 u_char d
[SSHBUF_MAX_ECPOINT
];
160 if ((len
= EC_POINT_point2oct(g
, v
, POINT_CONVERSION_UNCOMPRESSED
,
161 NULL
, 0, NULL
)) > SSHBUF_MAX_ECPOINT
) {
162 return SSH_ERR_INVALID_ARGUMENT
;
164 if (EC_POINT_point2oct(g
, v
, POINT_CONVERSION_UNCOMPRESSED
,
165 d
, len
, NULL
) != len
) {
166 return SSH_ERR_INTERNAL_ERROR
; /* Shouldn't happen */
168 ret
= sshbuf_put_string(buf
, d
, len
);
169 explicit_bzero(d
, len
);
174 sshbuf_put_eckey(struct sshbuf
*buf
, const EC_KEY
*v
)
176 return sshbuf_put_ec(buf
, EC_KEY_get0_public_key(v
),
177 EC_KEY_get0_group(v
));
179 #endif /* OPENSSL_HAS_ECC */
180 #endif /* WITH_OPENSSL */