crypto/openssh/sshbuf.h

   1 /*      $OpenBSD: sshbuf.h,v 1.28 2022/12/02 04:40:27 djm Exp $ */
   2 /*
   3  * Copyright (c) 2011 Damien Miller
   4  *
   5  * Permission to use, copy, modify, and distribute this software for any
   6  * purpose with or without fee is hereby granted, provided that the above
   7  * copyright notice and this permission notice appear in all copies.
   8  *
   9  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  10  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  11  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
  12  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  13  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  14  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  15  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  16  */
  17
  18 #ifndef _SSHBUF_H
  19 #define _SSHBUF_H
  20
  21 #include <sys/types.h>
  22 #include <stdarg.h>
  23 #include <stdio.h>
  24 #ifdef WITH_OPENSSL
  25 # include <openssl/bn.h>
  26 # ifdef OPENSSL_HAS_ECC
  27 #  include <openssl/ec.h>
  28 # endif /* OPENSSL_HAS_ECC */
  29 #endif /* WITH_OPENSSL */
  30
  31 #define SSHBUF_SIZE_MAX         0x8000000       /* Hard maximum size */
  32 #define SSHBUF_REFS_MAX         0x100000        /* Max child buffers */
  33 #define SSHBUF_MAX_BIGNUM       (16384 / 8)     /* Max bignum *bytes* */
  34 #define SSHBUF_MAX_ECPOINT      ((528 * 2 / 8) + 1) /* Max EC point *bytes* */
  35
  36 struct sshbuf;
  37
  38 /*
  39  * Create a new sshbuf buffer.
  40  * Returns pointer to buffer on success, or NULL on allocation failure.
  41  */
  42 struct sshbuf *sshbuf_new(void);
  43
  44 /*
  45  * Create a new, read-only sshbuf buffer from existing data.
  46  * Returns pointer to buffer on success, or NULL on allocation failure.
  47  */
  48 struct sshbuf *sshbuf_from(const void *blob, size_t len);
  49
  50 /*
  51  * Create a new, read-only sshbuf buffer from the contents of an existing
  52  * buffer. The contents of "buf" must not change in the lifetime of the
  53  * resultant buffer.
  54  * Returns pointer to buffer on success, or NULL on allocation failure.
  55  */
  56 struct sshbuf *sshbuf_fromb(struct sshbuf *buf);
  57
  58 /*
  59  * Create a new, read-only sshbuf buffer from the contents of a string in
  60  * an existing buffer (the string is consumed in the process).
  61  * The contents of "buf" must not change in the lifetime of the resultant
  62  * buffer.
  63  * Returns pointer to buffer on success, or NULL on allocation failure.
  64  */
  65 int     sshbuf_froms(struct sshbuf *buf, struct sshbuf **bufp);
  66
  67 /*
  68  * Clear and free buf
  69  */
  70 void    sshbuf_free(struct sshbuf *buf);
  71
  72 /*
  73  * Reset buf, clearing its contents. NB. max_size is preserved.
  74  */
  75 void    sshbuf_reset(struct sshbuf *buf);
  76
  77 /*
  78  * Return the maximum size of buf
  79  */
  80 size_t  sshbuf_max_size(const struct sshbuf *buf);
  81
  82 /*
  83  * Set the maximum size of buf
  84  * Returns 0 on success, or a negative SSH_ERR_* error code on failure.
  85  */
  86 int     sshbuf_set_max_size(struct sshbuf *buf, size_t max_size);
  87
  88 /*
  89  * Returns the length of data in buf
  90  */
  91 size_t  sshbuf_len(const struct sshbuf *buf);
  92
  93 /*
  94  * Returns number of bytes left in buffer before hitting max_size.
  95  */
  96 size_t  sshbuf_avail(const struct sshbuf *buf);
  97
  98 /*
  99  * Returns a read-only pointer to the start of the data in buf
 100  */
 101 const u_char *sshbuf_ptr(const struct sshbuf *buf);
 102
 103 /*
 104  * Returns a mutable pointer to the start of the data in buf, or
 105  * NULL if the buffer is read-only.
 106  */
 107 u_char *sshbuf_mutable_ptr(const struct sshbuf *buf);
 108
 109 /*
 110  * Check whether a reservation of size len will succeed in buf
 111  * Safer to use than direct comparisons again sshbuf_avail as it copes
 112  * with unsigned overflows correctly.
 113  * Returns 0 on success, or a negative SSH_ERR_* error code on failure.
 114  */
 115 int     sshbuf_check_reserve(const struct sshbuf *buf, size_t len);
 116
 117 /*
 118  * Preallocates len additional bytes in buf.
 119  * Useful for cases where the caller knows how many bytes will ultimately be
 120  * required to avoid realloc in the buffer code.
 121  * Returns 0 on success, or a negative SSH_ERR_* error code on failure.
 122  */
 123 int     sshbuf_allocate(struct sshbuf *buf, size_t len);
 124
 125 /*
 126  * Reserve len bytes in buf.
 127  * Returns 0 on success and a pointer to the first reserved byte via the
 128  * optional dpp parameter or a negative SSH_ERR_* error code on failure.
 129  */
 130 int     sshbuf_reserve(struct sshbuf *buf, size_t len, u_char **dpp);
 131
 132 /*
 133  * Consume len bytes from the start of buf
 134  * Returns 0 on success, or a negative SSH_ERR_* error code on failure.
 135  */
 136 int     sshbuf_consume(struct sshbuf *buf, size_t len);
 137
 138 /*
 139  * Consume len bytes from the end of buf
 140  * Returns 0 on success, or a negative SSH_ERR_* error code on failure.
 141  */
 142 int     sshbuf_consume_end(struct sshbuf *buf, size_t len);
 143
 144 /* Extract or deposit some bytes */
 145 int     sshbuf_get(struct sshbuf *buf, void *v, size_t len);
 146 int     sshbuf_put(struct sshbuf *buf, const void *v, size_t len);
 147 int     sshbuf_putb(struct sshbuf *buf, const struct sshbuf *v);
 148
 149 /* Append using a printf(3) format */
 150 int     sshbuf_putf(struct sshbuf *buf, const char *fmt, ...)
 151             __attribute__((format(printf, 2, 3)));
 152 int     sshbuf_putfv(struct sshbuf *buf, const char *fmt, va_list ap);
 153
 154 /* Functions to extract or store big-endian words of various sizes */
 155 int     sshbuf_get_u64(struct sshbuf *buf, u_int64_t *valp);
 156 int     sshbuf_get_u32(struct sshbuf *buf, u_int32_t *valp);
 157 int     sshbuf_get_u16(struct sshbuf *buf, u_int16_t *valp);
 158 int     sshbuf_get_u8(struct sshbuf *buf, u_char *valp);
 159 int     sshbuf_put_u64(struct sshbuf *buf, u_int64_t val);
 160 int     sshbuf_put_u32(struct sshbuf *buf, u_int32_t val);
 161 int     sshbuf_put_u16(struct sshbuf *buf, u_int16_t val);
 162 int     sshbuf_put_u8(struct sshbuf *buf, u_char val);
 163
 164 /* Functions to peek at the contents of a buffer without modifying it. */
 165 int     sshbuf_peek_u64(const struct sshbuf *buf, size_t offset,
 166     u_int64_t *valp);
 167 int     sshbuf_peek_u32(const struct sshbuf *buf, size_t offset,
 168     u_int32_t *valp);
 169 int     sshbuf_peek_u16(const struct sshbuf *buf, size_t offset,
 170     u_int16_t *valp);
 171 int     sshbuf_peek_u8(const struct sshbuf *buf, size_t offset,
 172     u_char *valp);
 173
 174 /*
 175  * Functions to poke values into an existing buffer (e.g. a length header
 176  * to a packet). The destination bytes must already exist in the buffer.
 177  */
 178 int sshbuf_poke_u64(struct sshbuf *buf, size_t offset, u_int64_t val);
 179 int sshbuf_poke_u32(struct sshbuf *buf, size_t offset, u_int32_t val);
 180 int sshbuf_poke_u16(struct sshbuf *buf, size_t offset, u_int16_t val);
 181 int sshbuf_poke_u8(struct sshbuf *buf, size_t offset, u_char val);
 182 int sshbuf_poke(struct sshbuf *buf, size_t offset, void *v, size_t len);
 183
 184 /*
 185  * Functions to extract or store SSH wire encoded strings (u32 len || data)
 186  * The "cstring" variants admit no \0 characters in the string contents.
 187  * Caller must free *valp.
 188  */
 189 int     sshbuf_get_string(struct sshbuf *buf, u_char **valp, size_t *lenp);
 190 int     sshbuf_get_cstring(struct sshbuf *buf, char **valp, size_t *lenp);
 191 int     sshbuf_get_stringb(struct sshbuf *buf, struct sshbuf *v);
 192 int     sshbuf_put_string(struct sshbuf *buf, const void *v, size_t len);
 193 int     sshbuf_put_cstring(struct sshbuf *buf, const char *v);
 194 int     sshbuf_put_stringb(struct sshbuf *buf, const struct sshbuf *v);
 195
 196 /*
 197  * "Direct" variant of sshbuf_get_string, returns pointer into the sshbuf to
 198  * avoid an malloc+memcpy. The pointer is guaranteed to be valid until the
 199  * next sshbuf-modifying function call. Caller does not free.
 200  */
 201 int     sshbuf_get_string_direct(struct sshbuf *buf, const u_char **valp,
 202             size_t *lenp);
 203
 204 /* Skip past a string */
 205 #define sshbuf_skip_string(buf) sshbuf_get_string_direct(buf, NULL, NULL)
 206
 207 /* Another variant: "peeks" into the buffer without modifying it */
 208 int     sshbuf_peek_string_direct(const struct sshbuf *buf, const u_char **valp,
 209             size_t *lenp);
 210
 211 /*
 212  * Functions to extract or store SSH wire encoded bignums and elliptic
 213  * curve points.
 214  */
 215 int     sshbuf_put_bignum2_bytes(struct sshbuf *buf, const void *v, size_t len);
 216 int     sshbuf_get_bignum2_bytes_direct(struct sshbuf *buf,
 217             const u_char **valp, size_t *lenp);
 218 #ifdef WITH_OPENSSL
 219 int     sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM **valp);
 220 int     sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v);
 221 # ifdef OPENSSL_HAS_ECC
 222 int     sshbuf_get_ec(struct sshbuf *buf, EC_POINT *v, const EC_GROUP *g);
 223 int     sshbuf_get_eckey(struct sshbuf *buf, EC_KEY *v);
 224 int     sshbuf_put_ec(struct sshbuf *buf, const EC_POINT *v, const EC_GROUP *g);
 225 int     sshbuf_put_eckey(struct sshbuf *buf, const EC_KEY *v);
 226 # endif /* OPENSSL_HAS_ECC */
 227 #endif /* WITH_OPENSSL */
 228
 229 /* Dump the contents of the buffer in a human-readable format */
 230 void    sshbuf_dump(const struct sshbuf *buf, FILE *f);
 231
 232 /* Dump specified memory in a human-readable format */
 233 void    sshbuf_dump_data(const void *s, size_t len, FILE *f);
 234
 235 /* Return the hexadecimal representation of the contents of the buffer */
 236 char    *sshbuf_dtob16(struct sshbuf *buf);
 237
 238 /* Encode the contents of the buffer as base64 */
 239 char    *sshbuf_dtob64_string(const struct sshbuf *buf, int wrap);
 240 int     sshbuf_dtob64(const struct sshbuf *d, struct sshbuf *b64, int wrap);
 241 /* RFC4648 "base64url" encoding variant */
 242 int     sshbuf_dtourlb64(const struct sshbuf *d, struct sshbuf *b64, int wrap);
 243
 244 /* Decode base64 data and append it to the buffer */
 245 int     sshbuf_b64tod(struct sshbuf *buf, const char *b64);
 246
 247 /*
 248  * Tests whether the buffer contains the specified byte sequence at the
 249  * specified offset. Returns 0 on successful match, or a ssherr.h code
 250  * otherwise. SSH_ERR_INVALID_FORMAT indicates sufficient bytes were
 251  * present but the buffer contents did not match those supplied. Zero-
 252  * length comparisons are not allowed.
 253  *
 254  * If sufficient data is present to make a comparison, then it is
 255  * performed with timing independent of the value of the data. If
 256  * insufficient data is present then the comparison is not attempted at
 257  * all.
 258  */
 259 int     sshbuf_cmp(const struct sshbuf *b, size_t offset,
 260     const void *s, size_t len);
 261
 262 /*
 263  * Searches the buffer for the specified string. Returns 0 on success
 264  * and updates *offsetp with the offset of the first match, relative to
 265  * the start of the buffer. Otherwise sshbuf_find will return a ssherr.h
 266  * error code. SSH_ERR_INVALID_FORMAT indicates sufficient bytes were
 267  * present in the buffer for a match to be possible but none was found.
 268  * Searches for zero-length data are not allowed.
 269  */
 270 int
 271 sshbuf_find(const struct sshbuf *b, size_t start_offset,
 272     const void *s, size_t len, size_t *offsetp);
 273
 274 /*
 275  * Duplicate the contents of a buffer to a string (caller to free).
 276  * Returns NULL on buffer error, or if the buffer contains a premature
 277  * nul character.
 278  */
 279 char *sshbuf_dup_string(struct sshbuf *buf);
 280
 281 /*
 282  * Fill a buffer from a file descriptor or filename. Both allocate the
 283  * buffer for the caller.
 284  */
 285 int sshbuf_load_fd(int, struct sshbuf **)
 286     __attribute__((__nonnull__ (2)));
 287 int sshbuf_load_file(const char *, struct sshbuf **)
 288     __attribute__((__nonnull__ (2)));
 289
 290 /*
 291  * Write a buffer to a path, creating/truncating as needed (mode 0644,
 292  * subject to umask). The buffer contents are not modified.
 293  */
 294 int sshbuf_write_file(const char *path, struct sshbuf *buf)
 295     __attribute__((__nonnull__ (2)));
 296
 297 /* Read up to maxlen bytes from a fd directly to a buffer */
 298 int sshbuf_read(int, struct sshbuf *, size_t, size_t *)
 299     __attribute__((__nonnull__ (2)));
 300
 301 /* Macros for decoding/encoding integers */
 302 #define PEEK_U64(p) \
 303         (((u_int64_t)(((const u_char *)(p))[0]) << 56) | \
 304          ((u_int64_t)(((const u_char *)(p))[1]) << 48) | \
 305          ((u_int64_t)(((const u_char *)(p))[2]) << 40) | \
 306          ((u_int64_t)(((const u_char *)(p))[3]) << 32) | \
 307          ((u_int64_t)(((const u_char *)(p))[4]) << 24) | \
 308          ((u_int64_t)(((const u_char *)(p))[5]) << 16) | \
 309          ((u_int64_t)(((const u_char *)(p))[6]) << 8) | \
 310           (u_int64_t)(((const u_char *)(p))[7]))
 311 #define PEEK_U32(p) \
 312         (((u_int32_t)(((const u_char *)(p))[0]) << 24) | \
 313          ((u_int32_t)(((const u_char *)(p))[1]) << 16) | \
 314          ((u_int32_t)(((const u_char *)(p))[2]) << 8) | \
 315           (u_int32_t)(((const u_char *)(p))[3]))
 316 #define PEEK_U16(p) \
 317         (((u_int16_t)(((const u_char *)(p))[0]) << 8) | \
 318           (u_int16_t)(((const u_char *)(p))[1]))
 319
 320 #define POKE_U64(p, v) \
 321         do { \
 322                 const u_int64_t __v = (v); \
 323                 ((u_char *)(p))[0] = (__v >> 56) & 0xff; \
 324                 ((u_char *)(p))[1] = (__v >> 48) & 0xff; \
 325                 ((u_char *)(p))[2] = (__v >> 40) & 0xff; \
 326                 ((u_char *)(p))[3] = (__v >> 32) & 0xff; \
 327                 ((u_char *)(p))[4] = (__v >> 24) & 0xff; \
 328                 ((u_char *)(p))[5] = (__v >> 16) & 0xff; \
 329                 ((u_char *)(p))[6] = (__v >> 8) & 0xff; \
 330                 ((u_char *)(p))[7] = __v & 0xff; \
 331         } while (0)
 332 #define POKE_U32(p, v) \
 333         do { \
 334                 const u_int32_t __v = (v); \
 335                 ((u_char *)(p))[0] = (__v >> 24) & 0xff; \
 336                 ((u_char *)(p))[1] = (__v >> 16) & 0xff; \
 337                 ((u_char *)(p))[2] = (__v >> 8) & 0xff; \
 338                 ((u_char *)(p))[3] = __v & 0xff; \
 339         } while (0)
 340 #define POKE_U16(p, v) \
 341         do { \
 342                 const u_int16_t __v = (v); \
 343                 ((u_char *)(p))[0] = (__v >> 8) & 0xff; \
 344                 ((u_char *)(p))[1] = __v & 0xff; \
 345         } while (0)
 346
 347 /* Internal definitions follow. Exposed for regress tests */
 348 #ifdef SSHBUF_INTERNAL
 349
 350 /*
 351  * Return the allocation size of buf
 352  */
 353 size_t  sshbuf_alloc(const struct sshbuf *buf);
 354
 355 /*
 356  * Increment the reference count of buf.
 357  */
 358 int     sshbuf_set_parent(struct sshbuf *child, struct sshbuf *parent);
 359
 360 /*
 361  * Return the parent buffer of buf, or NULL if it has no parent.
 362  */
 363 const struct sshbuf *sshbuf_parent(const struct sshbuf *buf);
 364
 365 /*
 366  * Return the reference count of buf
 367  */
 368 u_int   sshbuf_refcount(const struct sshbuf *buf);
 369
 370 # define SSHBUF_SIZE_INIT       256             /* Initial allocation */
 371 # define SSHBUF_SIZE_INC        256             /* Preferred increment length */
 372 # define SSHBUF_PACK_MIN        8192            /* Minimum packable offset */
 373
 374 /* # define SSHBUF_ABORT abort */
 375 /* # define SSHBUF_DEBUG */
 376
 377 # ifndef SSHBUF_ABORT
 378 #  define SSHBUF_ABORT()
 379 # endif
 380
 381 # ifdef SSHBUF_DEBUG
 382 #  define SSHBUF_DBG(x) do { \
 383                 printf("%s:%d %s: ", __FILE__, __LINE__, __func__); \
 384                 printf x; \
 385                 printf("\n"); \
 386                 fflush(stdout); \
 387         } while (0)
 388 # else
 389 #  define SSHBUF_DBG(x)
 390 # endif
 391 #endif /* SSHBUF_INTERNAL */
 392
 393 #endif /* _SSHBUF_H */