sshbuf.h 14 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412
  1. /* $OpenBSD: sshbuf.h,v 1.23 2020/06/22 05:54:10 djm Exp $ */
  2. /*
  3. * Copyright (c) 2011 Damien Miller
  4. *
  5. * Permission to use, copy, modify, and distribute this software for any
  6. * purpose with or without fee is hereby granted, provided that the above
  7. * copyright notice and this permission notice appear in all copies.
  8. *
  9. * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  10. * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  11. * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
  12. * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  13. * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  14. * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  15. * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  16. */
  17. #ifndef _SSHBUF_H
  18. #define _SSHBUF_H
  19. #include <sys/types.h>
  20. #include <stdarg.h>
  21. #include <stdio.h>
  22. #ifdef WITH_OPENSSL
  23. # include <openssl/bn.h>
  24. # ifdef OPENSSL_HAS_ECC
  25. # include <openssl/ec.h>
  26. # endif /* OPENSSL_HAS_ECC */
  27. #endif /* WITH_OPENSSL */
  28. #define SSHBUF_SIZE_MAX 0xF000000 /* Hard maximum size 256MB */
  29. #define SSHBUF_REFS_MAX 0x100000 /* Max child buffers */
  30. #define SSHBUF_MAX_BIGNUM (16384 / 8) /* Max bignum *bytes* */
  31. #define SSHBUF_MAX_ECPOINT ((528 * 2 / 8) + 1) /* Max EC point *bytes* */
  32. /*
  33. * NB. do not depend on the internals of this. It will be made opaque
  34. * one day.
  35. */
  36. struct sshbuf {
  37. u_char *d; /* Data */
  38. const u_char *cd; /* Const data */
  39. size_t off; /* First available byte is buf->d + buf->off */
  40. size_t size; /* Last byte is buf->d + buf->size - 1 */
  41. size_t max_size; /* Maximum size of buffer */
  42. size_t alloc; /* Total bytes allocated to buf->d */
  43. int readonly; /* Refers to external, const data */
  44. int dont_free; /* Kludge to support sshbuf_init */
  45. u_int refcount; /* Tracks self and number of child buffers */
  46. struct sshbuf *parent; /* If child, pointer to parent */
  47. };
  48. /*
  49. * Create a new sshbuf buffer.
  50. * Returns pointer to buffer on success, or NULL on allocation failure.
  51. */
  52. struct sshbuf *sshbuf_new(void);
  53. /*
  54. * Create a new, read-only sshbuf buffer from existing data.
  55. * Returns pointer to buffer on success, or NULL on allocation failure.
  56. */
  57. struct sshbuf *sshbuf_from(const void *blob, size_t len);
  58. /*
  59. * Create a new, read-only sshbuf buffer from the contents of an existing
  60. * buffer. The contents of "buf" must not change in the lifetime of the
  61. * resultant buffer.
  62. * Returns pointer to buffer on success, or NULL on allocation failure.
  63. */
  64. struct sshbuf *sshbuf_fromb(struct sshbuf *buf);
  65. /*
  66. * Create a new, read-only sshbuf buffer from the contents of a string in
  67. * an existing buffer (the string is consumed in the process).
  68. * The contents of "buf" must not change in the lifetime of the resultant
  69. * buffer.
  70. * Returns pointer to buffer on success, or NULL on allocation failure.
  71. */
  72. int sshbuf_froms(struct sshbuf *buf, struct sshbuf **bufp);
  73. /*
  74. * Clear and free buf
  75. */
  76. void sshbuf_free(struct sshbuf *buf);
  77. /*
  78. * Reset buf, clearing its contents. NB. max_size is preserved.
  79. */
  80. void sshbuf_reset(struct sshbuf *buf);
  81. /*
  82. * Return the maximum size of buf
  83. */
  84. size_t sshbuf_max_size(const struct sshbuf *buf);
  85. /*
  86. * Set the maximum size of buf
  87. * Returns 0 on success, or a negative SSH_ERR_* error code on failure.
  88. */
  89. int sshbuf_set_max_size(struct sshbuf *buf, size_t max_size);
  90. /*
  91. * Returns the length of data in buf
  92. */
  93. size_t sshbuf_len(const struct sshbuf *buf);
  94. /*
  95. * Returns number of bytes left in buffer before hitting max_size.
  96. */
  97. size_t sshbuf_avail(const struct sshbuf *buf);
  98. /*
  99. * Returns a read-only pointer to the start of the data in buf
  100. */
  101. const u_char *sshbuf_ptr(const struct sshbuf *buf);
  102. /*
  103. * Returns a mutable pointer to the start of the data in buf, or
  104. * NULL if the buffer is read-only.
  105. */
  106. u_char *sshbuf_mutable_ptr(const struct sshbuf *buf);
  107. /*
  108. * Check whether a reservation of size len will succeed in buf
  109. * Safer to use than direct comparisons again sshbuf_avail as it copes
  110. * with unsigned overflows correctly.
  111. * Returns 0 on success, or a negative SSH_ERR_* error code on failure.
  112. */
  113. int sshbuf_check_reserve(const struct sshbuf *buf, size_t len);
  114. /*
  115. * Preallocates len additional bytes in buf.
  116. * Useful for cases where the caller knows how many bytes will ultimately be
  117. * required to avoid realloc in the buffer code.
  118. * Returns 0 on success, or a negative SSH_ERR_* error code on failure.
  119. */
  120. int sshbuf_allocate(struct sshbuf *buf, size_t len);
  121. /*
  122. * Reserve len bytes in buf.
  123. * Returns 0 on success and a pointer to the first reserved byte via the
  124. * optional dpp parameter or a negative SSH_ERR_* error code on failure.
  125. */
  126. int sshbuf_reserve(struct sshbuf *buf, size_t len, u_char **dpp);
  127. /*
  128. * Consume len bytes from the start of buf
  129. * Returns 0 on success, or a negative SSH_ERR_* error code on failure.
  130. */
  131. int sshbuf_consume(struct sshbuf *buf, size_t len);
  132. /*
  133. * Consume len bytes from the end of buf
  134. * Returns 0 on success, or a negative SSH_ERR_* error code on failure.
  135. */
  136. int sshbuf_consume_end(struct sshbuf *buf, size_t len);
  137. /* Extract or deposit some bytes */
  138. int sshbuf_get(struct sshbuf *buf, void *v, size_t len);
  139. int sshbuf_put(struct sshbuf *buf, const void *v, size_t len);
  140. int sshbuf_putb(struct sshbuf *buf, const struct sshbuf *v);
  141. /* Append using a printf(3) format */
  142. int sshbuf_putf(struct sshbuf *buf, const char *fmt, ...)
  143. __attribute__((format(printf, 2, 3)));
  144. int sshbuf_putfv(struct sshbuf *buf, const char *fmt, va_list ap);
  145. /* Functions to extract or store big-endian words of various sizes */
  146. int sshbuf_get_u64(struct sshbuf *buf, u_int64_t *valp);
  147. int sshbuf_get_u32(struct sshbuf *buf, u_int32_t *valp);
  148. int sshbuf_get_u16(struct sshbuf *buf, u_int16_t *valp);
  149. int sshbuf_get_u8(struct sshbuf *buf, u_char *valp);
  150. int sshbuf_put_u64(struct sshbuf *buf, u_int64_t val);
  151. int sshbuf_put_u32(struct sshbuf *buf, u_int32_t val);
  152. int sshbuf_put_u16(struct sshbuf *buf, u_int16_t val);
  153. int sshbuf_put_u8(struct sshbuf *buf, u_char val);
  154. /* Functions to peek at the contents of a buffer without modifying it. */
  155. int sshbuf_peek_u64(const struct sshbuf *buf, size_t offset,
  156. u_int64_t *valp);
  157. int sshbuf_peek_u32(const struct sshbuf *buf, size_t offset,
  158. u_int32_t *valp);
  159. int sshbuf_peek_u16(const struct sshbuf *buf, size_t offset,
  160. u_int16_t *valp);
  161. int sshbuf_peek_u8(const struct sshbuf *buf, size_t offset,
  162. u_char *valp);
  163. /*
  164. * Functions to poke values into an existing buffer (e.g. a length header
  165. * to a packet). The destination bytes must already exist in the buffer.
  166. */
  167. int sshbuf_poke_u64(struct sshbuf *buf, size_t offset, u_int64_t val);
  168. int sshbuf_poke_u32(struct sshbuf *buf, size_t offset, u_int32_t val);
  169. int sshbuf_poke_u16(struct sshbuf *buf, size_t offset, u_int16_t val);
  170. int sshbuf_poke_u8(struct sshbuf *buf, size_t offset, u_char val);
  171. int sshbuf_poke(struct sshbuf *buf, size_t offset, void *v, size_t len);
  172. /*
  173. * Functions to extract or store SSH wire encoded strings (u32 len || data)
  174. * The "cstring" variants admit no \0 characters in the string contents.
  175. * Caller must free *valp.
  176. */
  177. int sshbuf_get_string(struct sshbuf *buf, u_char **valp, size_t *lenp);
  178. int sshbuf_get_cstring(struct sshbuf *buf, char **valp, size_t *lenp);
  179. int sshbuf_get_stringb(struct sshbuf *buf, struct sshbuf *v);
  180. int sshbuf_put_string(struct sshbuf *buf, const void *v, size_t len);
  181. int sshbuf_put_cstring(struct sshbuf *buf, const char *v);
  182. int sshbuf_put_stringb(struct sshbuf *buf, const struct sshbuf *v);
  183. /*
  184. * "Direct" variant of sshbuf_get_string, returns pointer into the sshbuf to
  185. * avoid an malloc+memcpy. The pointer is guaranteed to be valid until the
  186. * next sshbuf-modifying function call. Caller does not free.
  187. */
  188. int sshbuf_get_string_direct(struct sshbuf *buf, const u_char **valp,
  189. size_t *lenp);
  190. /* Skip past a string */
  191. #define sshbuf_skip_string(buf) sshbuf_get_string_direct(buf, NULL, NULL)
  192. /* Another variant: "peeks" into the buffer without modifying it */
  193. int sshbuf_peek_string_direct(const struct sshbuf *buf, const u_char **valp,
  194. size_t *lenp);
  195. /*
  196. * Functions to extract or store SSH wire encoded bignums and elliptic
  197. * curve points.
  198. */
  199. int sshbuf_put_bignum2_bytes(struct sshbuf *buf, const void *v, size_t len);
  200. int sshbuf_get_bignum2_bytes_direct(struct sshbuf *buf,
  201. const u_char **valp, size_t *lenp);
  202. #ifdef WITH_OPENSSL
  203. int sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM **valp);
  204. int sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v);
  205. # ifdef OPENSSL_HAS_ECC
  206. int sshbuf_get_ec(struct sshbuf *buf, EC_POINT *v, const EC_GROUP *g);
  207. int sshbuf_get_eckey(struct sshbuf *buf, EC_KEY *v);
  208. int sshbuf_put_ec(struct sshbuf *buf, const EC_POINT *v, const EC_GROUP *g);
  209. int sshbuf_put_eckey(struct sshbuf *buf, const EC_KEY *v);
  210. # endif /* OPENSSL_HAS_ECC */
  211. #endif /* WITH_OPENSSL */
  212. /* Dump the contents of the buffer in a human-readable format */
  213. void sshbuf_dump(const struct sshbuf *buf, FILE *f);
  214. /* Dump specified memory in a human-readable format */
  215. void sshbuf_dump_data(const void *s, size_t len, FILE *f);
  216. /* Return the hexadecimal representation of the contents of the buffer */
  217. char *sshbuf_dtob16(struct sshbuf *buf);
  218. /* Encode the contents of the buffer as base64 */
  219. char *sshbuf_dtob64_string(const struct sshbuf *buf, int wrap);
  220. int sshbuf_dtob64(const struct sshbuf *d, struct sshbuf *b64, int wrap);
  221. /* RFC4648 "base64url" encoding variant */
  222. int sshbuf_dtourlb64(const struct sshbuf *d, struct sshbuf *b64, int wrap);
  223. /* Decode base64 data and append it to the buffer */
  224. int sshbuf_b64tod(struct sshbuf *buf, const char *b64);
  225. /*
  226. * Tests whether the buffer contains the specified byte sequence at the
  227. * specified offset. Returns 0 on successful match, or a ssherr.h code
  228. * otherwise. SSH_ERR_INVALID_FORMAT indicates sufficient bytes were
  229. * present but the buffer contents did not match those supplied. Zero-
  230. * length comparisons are not allowed.
  231. *
  232. * If sufficient data is present to make a comparison, then it is
  233. * performed with timing independent of the value of the data. If
  234. * insufficient data is present then the comparison is not attempted at
  235. * all.
  236. */
  237. int sshbuf_cmp(const struct sshbuf *b, size_t offset,
  238. const void *s, size_t len);
  239. /*
  240. * Searches the buffer for the specified string. Returns 0 on success
  241. * and updates *offsetp with the offset of the first match, relative to
  242. * the start of the buffer. Otherwise sshbuf_find will return a ssherr.h
  243. * error code. SSH_ERR_INVALID_FORMAT indicates sufficient bytes were
  244. * present in the buffer for a match to be possible but none was found.
  245. * Searches for zero-length data are not allowed.
  246. */
  247. int
  248. sshbuf_find(const struct sshbuf *b, size_t start_offset,
  249. const void *s, size_t len, size_t *offsetp);
  250. /*
  251. * Duplicate the contents of a buffer to a string (caller to free).
  252. * Returns NULL on buffer error, or if the buffer contains a premature
  253. * nul character.
  254. */
  255. char *sshbuf_dup_string(struct sshbuf *buf);
  256. /*
  257. * Fill a buffer from a file descriptor or filename. Both allocate the
  258. * buffer for the caller.
  259. */
  260. int sshbuf_load_fd(int, struct sshbuf **)
  261. __attribute__((__nonnull__ (2)));
  262. int sshbuf_load_file(const char *, struct sshbuf **)
  263. __attribute__((__nonnull__ (2)));
  264. /*
  265. * Write a buffer to a path, creating/truncating as needed (mode 0644,
  266. * subject to umask). The buffer contents are not modified.
  267. */
  268. int sshbuf_write_file(const char *path, struct sshbuf *buf)
  269. __attribute__((__nonnull__ (2)));
  270. /* Macros for decoding/encoding integers */
  271. #define PEEK_U64(p) \
  272. (((u_int64_t)(((const u_char *)(p))[0]) << 56) | \
  273. ((u_int64_t)(((const u_char *)(p))[1]) << 48) | \
  274. ((u_int64_t)(((const u_char *)(p))[2]) << 40) | \
  275. ((u_int64_t)(((const u_char *)(p))[3]) << 32) | \
  276. ((u_int64_t)(((const u_char *)(p))[4]) << 24) | \
  277. ((u_int64_t)(((const u_char *)(p))[5]) << 16) | \
  278. ((u_int64_t)(((const u_char *)(p))[6]) << 8) | \
  279. (u_int64_t)(((const u_char *)(p))[7]))
  280. #define PEEK_U32(p) \
  281. (((u_int32_t)(((const u_char *)(p))[0]) << 24) | \
  282. ((u_int32_t)(((const u_char *)(p))[1]) << 16) | \
  283. ((u_int32_t)(((const u_char *)(p))[2]) << 8) | \
  284. (u_int32_t)(((const u_char *)(p))[3]))
  285. #define PEEK_U16(p) \
  286. (((u_int16_t)(((const u_char *)(p))[0]) << 8) | \
  287. (u_int16_t)(((const u_char *)(p))[1]))
  288. #define POKE_U64(p, v) \
  289. do { \
  290. const u_int64_t __v = (v); \
  291. ((u_char *)(p))[0] = (__v >> 56) & 0xff; \
  292. ((u_char *)(p))[1] = (__v >> 48) & 0xff; \
  293. ((u_char *)(p))[2] = (__v >> 40) & 0xff; \
  294. ((u_char *)(p))[3] = (__v >> 32) & 0xff; \
  295. ((u_char *)(p))[4] = (__v >> 24) & 0xff; \
  296. ((u_char *)(p))[5] = (__v >> 16) & 0xff; \
  297. ((u_char *)(p))[6] = (__v >> 8) & 0xff; \
  298. ((u_char *)(p))[7] = __v & 0xff; \
  299. } while (0)
  300. #define POKE_U32(p, v) \
  301. do { \
  302. const u_int32_t __v = (v); \
  303. ((u_char *)(p))[0] = (__v >> 24) & 0xff; \
  304. ((u_char *)(p))[1] = (__v >> 16) & 0xff; \
  305. ((u_char *)(p))[2] = (__v >> 8) & 0xff; \
  306. ((u_char *)(p))[3] = __v & 0xff; \
  307. } while (0)
  308. #define POKE_U16(p, v) \
  309. do { \
  310. const u_int16_t __v = (v); \
  311. ((u_char *)(p))[0] = (__v >> 8) & 0xff; \
  312. ((u_char *)(p))[1] = __v & 0xff; \
  313. } while (0)
  314. /* Internal definitions follow. Exposed for regress tests */
  315. #ifdef SSHBUF_INTERNAL
  316. /*
  317. * Return the allocation size of buf
  318. */
  319. size_t sshbuf_alloc(const struct sshbuf *buf);
  320. /*
  321. * Increment the reference count of buf.
  322. */
  323. int sshbuf_set_parent(struct sshbuf *child, struct sshbuf *parent);
  324. /*
  325. * Return the parent buffer of buf, or NULL if it has no parent.
  326. */
  327. const struct sshbuf *sshbuf_parent(const struct sshbuf *buf);
  328. /*
  329. * Return the reference count of buf
  330. */
  331. u_int sshbuf_refcount(const struct sshbuf *buf);
  332. # define SSHBUF_SIZE_INIT 256 /* Initial allocation */
  333. # define SSHBUF_SIZE_INC 256 /* Preferred increment length */
  334. # define SSHBUF_PACK_MIN 8192 /* Minimim packable offset */
  335. /* # define SSHBUF_ABORT abort */
  336. /* # define SSHBUF_DEBUG */
  337. # ifndef SSHBUF_ABORT
  338. # define SSHBUF_ABORT()
  339. # endif
  340. # ifdef SSHBUF_DEBUG
  341. # define SSHBUF_TELL(what) do { \
  342. printf("%s:%d %s: %s size %zu alloc %zu off %zu max %zu\n", \
  343. __FILE__, __LINE__, __func__, what, \
  344. buf->size, buf->alloc, buf->off, buf->max_size); \
  345. fflush(stdout); \
  346. } while (0)
  347. # define SSHBUF_DBG(x) do { \
  348. printf("%s:%d %s: ", __FILE__, __LINE__, __func__); \
  349. printf x; \
  350. printf("\n"); \
  351. fflush(stdout); \
  352. } while (0)
  353. # else
  354. # define SSHBUF_TELL(what)
  355. # define SSHBUF_DBG(x)
  356. # endif
  357. #endif /* SSHBUF_INTERNAL */
  358. #endif /* _SSHBUF_H */