Home Verkennen Help
Inloggen
trn
/
j-hpn-ssh
spiegel van git://github.com/johnsonjh/j-hpn-ssh
Volgen 1
Ster 1
Vork 0
Bestanden
Aftakking: master
Aftakkingen Labels
j-hpn-ssh
/
sshbuf-getput-crypto.c

sshbuf-getput-crypto.c 4.4 KB
Permalink Geschiedenis Ruwe

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181 
  1. /*	$OpenBSD: sshbuf-getput-crypto.c,v 1.8 2019/11/15 06:00:20 djm Exp $	*/
    2. 

  2. /*
    3. 

  3.  * Copyright (c) 2011 Damien Miller
    4. 

  4.  *
    5. 

  5.  * Permission to use, copy, modify, and distribute this software for any
    6. 

  6.  * purpose with or without fee is hereby granted, provided that the above
    7. 

  7.  * copyright notice and this permission notice appear in all copies.
    8. 

  8.  *
    9. 

  9.  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
    10. 

  10.  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
    11. 

  11.  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
    12. 

  12.  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
    13. 

  13.  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
    14. 

  14.  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
    15. 

  15.  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
    16. 

  16.  */
    17. 

  17. 

  18. #define SSHBUF_INTERNAL
    19. 

  19. #include "includes.h"
    20. 

  20. 

  21. #include <sys/types.h>
    22. 

  22. #include <stdlib.h>
    23. 

  23. #include <stdio.h>
    24. 

  24. #include <string.h>
    25. 

  25. 

  26. #ifdef WITH_OPENSSL
    27. 

  27. #include <openssl/bn.h>
    28. 

  28. #ifdef OPENSSL_HAS_ECC
    29. 

  29. # include <openssl/ec.h>
    30. 

  30. #endif /* OPENSSL_HAS_ECC */
    31. 

  31. 

  32. #include "ssherr.h"
    33. 

  33. #include "sshbuf.h"
    34. 

  34. 

  35. int
    36. 

  36. sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM **valp)
    37. 

  37. {
    38. 

  38. 	BIGNUM *v;
    39. 

  39. 	const u_char *d;
    40. 

  40. 	size_t len;
    41. 

  41. 	int r;
    42. 

  42. 

  43. 	if (valp != NULL)
    44. 

  44. 		*valp = NULL;
    45. 

  45. 	if ((r = sshbuf_get_bignum2_bytes_direct(buf, &d, &len)) != 0)
    46. 

  46. 		return r;
    47. 

  47. 	if (valp != NULL) {
    48. 

  48. 		if ((v = BN_new()) == NULL ||
    49. 

  49. 		    BN_bin2bn(d, len, v) == NULL) {
    50. 

  50. 			BN_clear_free(v);
    51. 

  51. 			return SSH_ERR_ALLOC_FAIL;
    52. 

  52. 		}
    53. 

  53. 		*valp = v;
    54. 

  54. 	}
    55. 

  55. 	return 0;
    56. 

  56. }
    57. 

  57. 

  58. #ifdef OPENSSL_HAS_ECC
    59. 

  59. static int
    60. 

  60. get_ec(const u_char *d, size_t len, EC_POINT *v, const EC_GROUP *g)
    61. 

  61. {
    62. 

  62. 	/* Refuse overlong bignums */
    63. 

  63. 	if (len == 0 || len > SSHBUF_MAX_ECPOINT)
    64. 

  64. 		return SSH_ERR_ECPOINT_TOO_LARGE;
    65. 

  65. 	/* Only handle uncompressed points */
    66. 

  66. 	if (*d != POINT_CONVERSION_UNCOMPRESSED)
    67. 

  67. 		return SSH_ERR_INVALID_FORMAT;
    68. 

  68. 	if (v != NULL && EC_POINT_oct2point(g, v, d, len, NULL) != 1)
    69. 

  69. 		return SSH_ERR_INVALID_FORMAT; /* XXX assumption */
    70. 

  70. 	return 0;
    71. 

  71. }
    72. 

  72. 

  73. int
    74. 

  74. sshbuf_get_ec(struct sshbuf *buf, EC_POINT *v, const EC_GROUP *g)
    75. 

  75. {
    76. 

  76. 	const u_char *d;
    77. 

  77. 	size_t len;
    78. 

  78. 	int r;
    79. 

  79. 

  80. 	if ((r = sshbuf_peek_string_direct(buf, &d, &len)) < 0)
    81. 

  81. 		return r;
    82. 

  82. 	if ((r = get_ec(d, len, v, g)) != 0)
    83. 

  83. 		return r;
    84. 

  84. 	/* Skip string */
    85. 

  85. 	if (sshbuf_get_string_direct(buf, NULL, NULL) != 0) {
    86. 

  86. 		/* Shouldn't happen */
    87. 

  87. 		SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR"));
    88. 

  88. 		SSHBUF_ABORT();
    89. 

  89. 		return SSH_ERR_INTERNAL_ERROR;
    90. 

  90. 	}
    91. 

  91. 	return 0;
    92. 

  92. }
    93. 

  93. 

  94. int
    95. 

  95. sshbuf_get_eckey(struct sshbuf *buf, EC_KEY *v)
    96. 

  96. {
    97. 

  97. 	EC_POINT *pt = EC_POINT_new(EC_KEY_get0_group(v));
    98. 

  98. 	int r;
    99. 

  99. 	const u_char *d;
    100. 

  100. 	size_t len;
    101. 

  101. 

  102. 	if (pt == NULL) {
    103. 

  103. 		SSHBUF_DBG(("SSH_ERR_ALLOC_FAIL"));
    104. 

  104. 		return SSH_ERR_ALLOC_FAIL;
    105. 

  105. 	}
    106. 

  106. 	if ((r = sshbuf_peek_string_direct(buf, &d, &len)) < 0) {
    107. 

  107. 		EC_POINT_free(pt);
    108. 

  108. 		return r;
    109. 

  109. 	}
    110. 

  110. 	if ((r = get_ec(d, len, pt, EC_KEY_get0_group(v))) != 0) {
    111. 

  111. 		EC_POINT_free(pt);
    112. 

  112. 		return r;
    113. 

  113. 	}
    114. 

  114. 	if (EC_KEY_set_public_key(v, pt) != 1) {
    115. 

  115. 		EC_POINT_free(pt);
    116. 

  116. 		return SSH_ERR_ALLOC_FAIL; /* XXX assumption */
    117. 

  117. 	}
    118. 

  118. 	EC_POINT_free(pt);
    119. 

  119. 	/* Skip string */
    120. 

  120. 	if (sshbuf_get_string_direct(buf, NULL, NULL) != 0) {
    121. 

  121. 		/* Shouldn't happen */
    122. 

  122. 		SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR"));
    123. 

  123. 		SSHBUF_ABORT();
    124. 

  124. 		return SSH_ERR_INTERNAL_ERROR;
    125. 

  125. 	}
    126. 

  126. 	return 0;	
    127. 

  127. }
    128. 

  128. #endif /* OPENSSL_HAS_ECC */
    129. 

  129. 

  130. int
    131. 

  131. sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v)
    132. 

  132. {
    133. 

  133. 	u_char d[SSHBUF_MAX_BIGNUM + 1];
    134. 

  134. 	int len = BN_num_bytes(v), prepend = 0, r;
    135. 

  135. 

  136. 	if (len < 0 || len > SSHBUF_MAX_BIGNUM)
    137. 

  137. 		return SSH_ERR_INVALID_ARGUMENT;
    138. 

  138. 	*d = '\0';
    139. 

  139. 	if (BN_bn2bin(v, d + 1) != len)
    140. 

  140. 		return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */
    141. 

  141. 	/* If MSB is set, prepend a \0 */
    142. 

  142. 	if (len > 0 && (d[1] & 0x80) != 0)
    143. 

  143. 		prepend = 1;
    144. 

  144. 	if ((r = sshbuf_put_string(buf, d + 1 - prepend, len + prepend)) < 0) {
    145. 

  145. 		explicit_bzero(d, sizeof(d));
    146. 

  146. 		return r;
    147. 

  147. 	}
    148. 

  148. 	explicit_bzero(d, sizeof(d));
    149. 

  149. 	return 0;
    150. 

  150. }
    151. 

  151. 

  152. #ifdef OPENSSL_HAS_ECC
    153. 

  153. int
    154. 

  154. sshbuf_put_ec(struct sshbuf *buf, const EC_POINT *v, const EC_GROUP *g)
    155. 

  155. {
    156. 

  156. 	u_char d[SSHBUF_MAX_ECPOINT];
    157. 

  157. 	size_t len;
    158. 

  158. 	int ret;
    159. 

  159. 

  160. 	if ((len = EC_POINT_point2oct(g, v, POINT_CONVERSION_UNCOMPRESSED,
    161. 

  161. 	    NULL, 0, NULL)) > SSHBUF_MAX_ECPOINT) {
    162. 

  162. 		return SSH_ERR_INVALID_ARGUMENT;
    163. 

  163. 	}
    164. 

  164. 	if (EC_POINT_point2oct(g, v, POINT_CONVERSION_UNCOMPRESSED,
    165. 

  165. 	    d, len, NULL) != len) {
    166. 

  166. 		return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */
    167. 

  167. 	}
    168. 

  168. 	ret = sshbuf_put_string(buf, d, len);
    169. 

  169. 	explicit_bzero(d, len);
    170. 

  170. 	return ret;
    171. 

  171. }
    172. 

  172. 

  173. int
    174. 

  174. sshbuf_put_eckey(struct sshbuf *buf, const EC_KEY *v)
    175. 

  175. {
    176. 

  176. 	return sshbuf_put_ec(buf, EC_KEY_get0_public_key(v),
    177. 

  177. 	    EC_KEY_get0_group(v));
    178. 

  178. }
    179. 

  179. #endif /* OPENSSL_HAS_ECC */
    180. 

  180. #endif /* WITH_OPENSSL */
    181. 

  181.