ena.4: Add a missing space.
[dragonfly.git] / crypto / openssh / sshbuf-getput-crypto.c
blobd0d791b50a34b69fbd28be134ecf531131b17c42
1 /* $OpenBSD: sshbuf-getput-crypto.c,v 1.5 2016/01/12 23:42:54 djm Exp $ */
2 /*
3 * Copyright (c) 2011 Damien Miller
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 #define SSHBUF_INTERNAL
19 #include "includes.h"
21 #include <sys/types.h>
22 #include <stdlib.h>
23 #include <stdio.h>
24 #include <string.h>
26 #include <openssl/bn.h>
27 #ifdef OPENSSL_HAS_ECC
28 # include <openssl/ec.h>
29 #endif /* OPENSSL_HAS_ECC */
31 #include "ssherr.h"
32 #include "sshbuf.h"
34 int
35 sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM *v)
37 const u_char *d;
38 size_t len;
39 int r;
41 if ((r = sshbuf_get_bignum2_bytes_direct(buf, &d, &len)) != 0)
42 return r;
43 if (v != NULL && BN_bin2bn(d, len, v) == NULL)
44 return SSH_ERR_ALLOC_FAIL;
45 return 0;
48 int
49 sshbuf_get_bignum1(struct sshbuf *buf, BIGNUM *v)
51 const u_char *d = sshbuf_ptr(buf);
52 u_int16_t len_bits;
53 size_t len_bytes;
55 /* Length in bits */
56 if (sshbuf_len(buf) < 2)
57 return SSH_ERR_MESSAGE_INCOMPLETE;
58 len_bits = PEEK_U16(d);
59 len_bytes = (len_bits + 7) >> 3;
60 if (len_bytes > SSHBUF_MAX_BIGNUM)
61 return SSH_ERR_BIGNUM_TOO_LARGE;
62 if (sshbuf_len(buf) < 2 + len_bytes)
63 return SSH_ERR_MESSAGE_INCOMPLETE;
64 if (v != NULL && BN_bin2bn(d + 2, len_bytes, v) == NULL)
65 return SSH_ERR_ALLOC_FAIL;
66 if (sshbuf_consume(buf, 2 + len_bytes) != 0) {
67 SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR"));
68 SSHBUF_ABORT();
69 return SSH_ERR_INTERNAL_ERROR;
71 return 0;
74 #ifdef OPENSSL_HAS_ECC
75 static int
76 get_ec(const u_char *d, size_t len, EC_POINT *v, const EC_GROUP *g)
78 /* Refuse overlong bignums */
79 if (len == 0 || len > SSHBUF_MAX_ECPOINT)
80 return SSH_ERR_ECPOINT_TOO_LARGE;
81 /* Only handle uncompressed points */
82 if (*d != POINT_CONVERSION_UNCOMPRESSED)
83 return SSH_ERR_INVALID_FORMAT;
84 if (v != NULL && EC_POINT_oct2point(g, v, d, len, NULL) != 1)
85 return SSH_ERR_INVALID_FORMAT; /* XXX assumption */
86 return 0;
89 int
90 sshbuf_get_ec(struct sshbuf *buf, EC_POINT *v, const EC_GROUP *g)
92 const u_char *d;
93 size_t len;
94 int r;
96 if ((r = sshbuf_peek_string_direct(buf, &d, &len)) < 0)
97 return r;
98 if ((r = get_ec(d, len, v, g)) != 0)
99 return r;
100 /* Skip string */
101 if (sshbuf_get_string_direct(buf, NULL, NULL) != 0) {
102 /* Shouldn't happen */
103 SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR"));
104 SSHBUF_ABORT();
105 return SSH_ERR_INTERNAL_ERROR;
107 return 0;
111 sshbuf_get_eckey(struct sshbuf *buf, EC_KEY *v)
113 EC_POINT *pt = EC_POINT_new(EC_KEY_get0_group(v));
114 int r;
115 const u_char *d;
116 size_t len;
118 if (pt == NULL) {
119 SSHBUF_DBG(("SSH_ERR_ALLOC_FAIL"));
120 return SSH_ERR_ALLOC_FAIL;
122 if ((r = sshbuf_peek_string_direct(buf, &d, &len)) < 0) {
123 EC_POINT_free(pt);
124 return r;
126 if ((r = get_ec(d, len, pt, EC_KEY_get0_group(v))) != 0) {
127 EC_POINT_free(pt);
128 return r;
130 if (EC_KEY_set_public_key(v, pt) != 1) {
131 EC_POINT_free(pt);
132 return SSH_ERR_ALLOC_FAIL; /* XXX assumption */
134 EC_POINT_free(pt);
135 /* Skip string */
136 if (sshbuf_get_string_direct(buf, NULL, NULL) != 0) {
137 /* Shouldn't happen */
138 SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR"));
139 SSHBUF_ABORT();
140 return SSH_ERR_INTERNAL_ERROR;
142 return 0;
144 #endif /* OPENSSL_HAS_ECC */
147 sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v)
149 u_char d[SSHBUF_MAX_BIGNUM + 1];
150 int len = BN_num_bytes(v), prepend = 0, r;
152 if (len < 0 || len > SSHBUF_MAX_BIGNUM)
153 return SSH_ERR_INVALID_ARGUMENT;
154 *d = '\0';
155 if (BN_bn2bin(v, d + 1) != len)
156 return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */
157 /* If MSB is set, prepend a \0 */
158 if (len > 0 && (d[1] & 0x80) != 0)
159 prepend = 1;
160 if ((r = sshbuf_put_string(buf, d + 1 - prepend, len + prepend)) < 0) {
161 explicit_bzero(d, sizeof(d));
162 return r;
164 explicit_bzero(d, sizeof(d));
165 return 0;
169 sshbuf_put_bignum1(struct sshbuf *buf, const BIGNUM *v)
171 int r, len_bits = BN_num_bits(v);
172 size_t len_bytes = (len_bits + 7) / 8;
173 u_char d[SSHBUF_MAX_BIGNUM], *dp;
175 if (len_bits < 0 || len_bytes > SSHBUF_MAX_BIGNUM)
176 return SSH_ERR_INVALID_ARGUMENT;
177 if (BN_bn2bin(v, d) != (int)len_bytes)
178 return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */
179 if ((r = sshbuf_reserve(buf, len_bytes + 2, &dp)) < 0) {
180 explicit_bzero(d, sizeof(d));
181 return r;
183 POKE_U16(dp, len_bits);
184 if (len_bytes != 0)
185 memcpy(dp + 2, d, len_bytes);
186 explicit_bzero(d, sizeof(d));
187 return 0;
190 #ifdef OPENSSL_HAS_ECC
192 sshbuf_put_ec(struct sshbuf *buf, const EC_POINT *v, const EC_GROUP *g)
194 u_char d[SSHBUF_MAX_ECPOINT];
195 BN_CTX *bn_ctx;
196 size_t len;
197 int ret;
199 if ((bn_ctx = BN_CTX_new()) == NULL)
200 return SSH_ERR_ALLOC_FAIL;
201 if ((len = EC_POINT_point2oct(g, v, POINT_CONVERSION_UNCOMPRESSED,
202 NULL, 0, bn_ctx)) > SSHBUF_MAX_ECPOINT) {
203 BN_CTX_free(bn_ctx);
204 return SSH_ERR_INVALID_ARGUMENT;
206 if (EC_POINT_point2oct(g, v, POINT_CONVERSION_UNCOMPRESSED,
207 d, len, bn_ctx) != len) {
208 BN_CTX_free(bn_ctx);
209 return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */
211 BN_CTX_free(bn_ctx);
212 ret = sshbuf_put_string(buf, d, len);
213 explicit_bzero(d, len);
214 return ret;
218 sshbuf_put_eckey(struct sshbuf *buf, const EC_KEY *v)
220 return sshbuf_put_ec(buf, EC_KEY_get0_public_key(v),
221 EC_KEY_get0_group(v));
223 #endif /* OPENSSL_HAS_ECC */