Annotation of src/usr.bin/ssh/sshbuf.h, Revision 1.18
1.18 ! djm 1: /* $OpenBSD: sshbuf.h,v 1.17 2019/07/30 05:04:49 djm Exp $ */
1.1 djm 2: /*
3: * Copyright (c) 2011 Damien Miller
4: *
5: * Permission to use, copy, modify, and distribute this software for any
6: * purpose with or without fee is hereby granted, provided that the above
7: * copyright notice and this permission notice appear in all copies.
8: *
9: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16: */
17:
18: #ifndef _SSHBUF_H
19: #define _SSHBUF_H
20:
21: #include <sys/types.h>
22: #include <stdarg.h>
23: #include <stdio.h>
1.18 ! djm 24:
! 25: #ifdef WITH_OPENSSL
1.1 djm 26: #include <openssl/bn.h>
27: #include <openssl/ec.h>
1.18 ! djm 28: #include <openssl/ecdsa.h>
! 29: #else /* OPENSSL */
! 30: #define BIGNUM void
! 31: #define EC_KEY void
! 32: #define EC_GROUP void
! 33: #define EC_POINT void
! 34: #endif /* WITH_OPENSSL */
1.1 djm 35:
36: #define SSHBUF_SIZE_MAX 0x8000000 /* Hard maximum size */
37: #define SSHBUF_REFS_MAX 0x100000 /* Max child buffers */
38: #define SSHBUF_MAX_BIGNUM (16384 / 8) /* Max bignum *bytes* */
39: #define SSHBUF_MAX_ECPOINT ((528 * 2 / 8) + 1) /* Max EC point *bytes* */
40:
41: /*
42: * NB. do not depend on the internals of this. It will be made opaque
43: * one day.
44: */
45: struct sshbuf {
46: u_char *d; /* Data */
47: const u_char *cd; /* Const data */
48: size_t off; /* First available byte is buf->d + buf->off */
49: size_t size; /* Last byte is buf->d + buf->size - 1 */
50: size_t max_size; /* Maximum size of buffer */
51: size_t alloc; /* Total bytes allocated to buf->d */
52: int readonly; /* Refers to external, const data */
53: int dont_free; /* Kludge to support sshbuf_init */
54: u_int refcount; /* Tracks self and number of child buffers */
55: struct sshbuf *parent; /* If child, pointer to parent */
56: };
57:
58: /*
59: * Create a new sshbuf buffer.
60: * Returns pointer to buffer on success, or NULL on allocation failure.
61: */
62: struct sshbuf *sshbuf_new(void);
63:
64: /*
65: * Create a new, read-only sshbuf buffer from existing data.
66: * Returns pointer to buffer on success, or NULL on allocation failure.
67: */
68: struct sshbuf *sshbuf_from(const void *blob, size_t len);
69:
70: /*
71: * Create a new, read-only sshbuf buffer from the contents of an existing
72: * buffer. The contents of "buf" must not change in the lifetime of the
73: * resultant buffer.
74: * Returns pointer to buffer on success, or NULL on allocation failure.
75: */
76: struct sshbuf *sshbuf_fromb(struct sshbuf *buf);
77:
78: /*
79: * Create a new, read-only sshbuf buffer from the contents of a string in
80: * an existing buffer (the string is consumed in the process).
81: * The contents of "buf" must not change in the lifetime of the resultant
82: * buffer.
83: * Returns pointer to buffer on success, or NULL on allocation failure.
84: */
85: int sshbuf_froms(struct sshbuf *buf, struct sshbuf **bufp);
86:
87: /*
88: * Clear and free buf
89: */
90: void sshbuf_free(struct sshbuf *buf);
91:
92: /*
93: * Reset buf, clearing its contents. NB. max_size is preserved.
94: */
95: void sshbuf_reset(struct sshbuf *buf);
96:
97: /*
98: * Return the maximum size of buf
99: */
100: size_t sshbuf_max_size(const struct sshbuf *buf);
101:
102: /*
103: * Set the maximum size of buf
104: * Returns 0 on success, or a negative SSH_ERR_* error code on failure.
105: */
106: int sshbuf_set_max_size(struct sshbuf *buf, size_t max_size);
107:
108: /*
109: * Returns the length of data in buf
110: */
111: size_t sshbuf_len(const struct sshbuf *buf);
112:
113: /*
114: * Returns number of bytes left in buffer before hitting max_size.
115: */
116: size_t sshbuf_avail(const struct sshbuf *buf);
117:
118: /*
1.6 mmcc 119: * Returns a read-only pointer to the start of the data in buf
1.1 djm 120: */
121: const u_char *sshbuf_ptr(const struct sshbuf *buf);
122:
123: /*
1.6 mmcc 124: * Returns a mutable pointer to the start of the data in buf, or
1.1 djm 125: * NULL if the buffer is read-only.
126: */
127: u_char *sshbuf_mutable_ptr(const struct sshbuf *buf);
128:
129: /*
130: * Check whether a reservation of size len will succeed in buf
131: * Safer to use than direct comparisons again sshbuf_avail as it copes
132: * with unsigned overflows correctly.
133: * Returns 0 on success, or a negative SSH_ERR_* error code on failure.
134: */
135: int sshbuf_check_reserve(const struct sshbuf *buf, size_t len);
1.8 djm 136:
137: /*
138: * Preallocates len additional bytes in buf.
139: * Useful for cases where the caller knows how many bytes will ultimately be
140: * required to avoid realloc in the buffer code.
141: * Returns 0 on success, or a negative SSH_ERR_* error code on failure.
142: */
143: int sshbuf_allocate(struct sshbuf *buf, size_t len);
1.1 djm 144:
145: /*
146: * Reserve len bytes in buf.
147: * Returns 0 on success and a pointer to the first reserved byte via the
148: * optional dpp parameter or a negative * SSH_ERR_* error code on failure.
149: */
150: int sshbuf_reserve(struct sshbuf *buf, size_t len, u_char **dpp);
151:
152: /*
153: * Consume len bytes from the start of buf
154: * Returns 0 on success, or a negative SSH_ERR_* error code on failure.
155: */
156: int sshbuf_consume(struct sshbuf *buf, size_t len);
157:
158: /*
159: * Consume len bytes from the end of buf
160: * Returns 0 on success, or a negative SSH_ERR_* error code on failure.
161: */
162: int sshbuf_consume_end(struct sshbuf *buf, size_t len);
163:
164: /* Extract or deposit some bytes */
165: int sshbuf_get(struct sshbuf *buf, void *v, size_t len);
166: int sshbuf_put(struct sshbuf *buf, const void *v, size_t len);
167: int sshbuf_putb(struct sshbuf *buf, const struct sshbuf *v);
168:
169: /* Append using a printf(3) format */
170: int sshbuf_putf(struct sshbuf *buf, const char *fmt, ...)
171: __attribute__((format(printf, 2, 3)));
172: int sshbuf_putfv(struct sshbuf *buf, const char *fmt, va_list ap);
173:
174: /* Functions to extract or store big-endian words of various sizes */
175: int sshbuf_get_u64(struct sshbuf *buf, u_int64_t *valp);
176: int sshbuf_get_u32(struct sshbuf *buf, u_int32_t *valp);
177: int sshbuf_get_u16(struct sshbuf *buf, u_int16_t *valp);
178: int sshbuf_get_u8(struct sshbuf *buf, u_char *valp);
179: int sshbuf_put_u64(struct sshbuf *buf, u_int64_t val);
180: int sshbuf_put_u32(struct sshbuf *buf, u_int32_t val);
181: int sshbuf_put_u16(struct sshbuf *buf, u_int16_t val);
182: int sshbuf_put_u8(struct sshbuf *buf, u_char val);
183:
1.14 djm 184: /* Functions to peek at the contents of a buffer without modifying it. */
185: int sshbuf_peek_u64(const struct sshbuf *buf, size_t offset,
186: u_int64_t *valp);
187: int sshbuf_peek_u32(const struct sshbuf *buf, size_t offset,
188: u_int32_t *valp);
189: int sshbuf_peek_u16(const struct sshbuf *buf, size_t offset,
190: u_int16_t *valp);
191: int sshbuf_peek_u8(const struct sshbuf *buf, size_t offset,
192: u_char *valp);
193:
194: /*
195: * Functions to poke values into an exisiting buffer (e.g. a length header
196: * to a packet). The destination bytes must already exist in the buffer.
197: */
198: int sshbuf_poke_u64(struct sshbuf *buf, size_t offset, u_int64_t val);
199: int sshbuf_poke_u32(struct sshbuf *buf, size_t offset, u_int32_t val);
200: int sshbuf_poke_u16(struct sshbuf *buf, size_t offset, u_int16_t val);
201: int sshbuf_poke_u8(struct sshbuf *buf, size_t offset, u_char val);
202: int sshbuf_poke(struct sshbuf *buf, size_t offset, void *v, size_t len);
203:
1.1 djm 204: /*
205: * Functions to extract or store SSH wire encoded strings (u32 len || data)
206: * The "cstring" variants admit no \0 characters in the string contents.
207: * Caller must free *valp.
208: */
209: int sshbuf_get_string(struct sshbuf *buf, u_char **valp, size_t *lenp);
210: int sshbuf_get_cstring(struct sshbuf *buf, char **valp, size_t *lenp);
211: int sshbuf_get_stringb(struct sshbuf *buf, struct sshbuf *v);
212: int sshbuf_put_string(struct sshbuf *buf, const void *v, size_t len);
213: int sshbuf_put_cstring(struct sshbuf *buf, const char *v);
214: int sshbuf_put_stringb(struct sshbuf *buf, const struct sshbuf *v);
215:
216: /*
217: * "Direct" variant of sshbuf_get_string, returns pointer into the sshbuf to
218: * avoid an malloc+memcpy. The pointer is guaranteed to be valid until the
219: * next sshbuf-modifying function call. Caller does not free.
220: */
221: int sshbuf_get_string_direct(struct sshbuf *buf, const u_char **valp,
222: size_t *lenp);
223:
224: /* Skip past a string */
225: #define sshbuf_skip_string(buf) sshbuf_get_string_direct(buf, NULL, NULL)
226:
227: /* Another variant: "peeks" into the buffer without modifying it */
228: int sshbuf_peek_string_direct(const struct sshbuf *buf, const u_char **valp,
229: size_t *lenp);
230:
231: /*
232: * Functions to extract or store SSH wire encoded bignums and elliptic
233: * curve points.
234: */
1.13 djm 235: int sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM **valp);
1.4 djm 236: int sshbuf_get_bignum2_bytes_direct(struct sshbuf *buf,
237: const u_char **valp, size_t *lenp);
1.2 dtucker 238: int sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v);
239: int sshbuf_put_bignum2_bytes(struct sshbuf *buf, const void *v, size_t len);
1.1 djm 240: int sshbuf_get_ec(struct sshbuf *buf, EC_POINT *v, const EC_GROUP *g);
241: int sshbuf_get_eckey(struct sshbuf *buf, EC_KEY *v);
242: int sshbuf_put_ec(struct sshbuf *buf, const EC_POINT *v, const EC_GROUP *g);
243: int sshbuf_put_eckey(struct sshbuf *buf, const EC_KEY *v);
244:
1.3 djm 245: /* Dump the contents of the buffer in a human-readable format */
1.1 djm 246: void sshbuf_dump(struct sshbuf *buf, FILE *f);
1.3 djm 247:
248: /* Dump specified memory in a human-readable format */
249: void sshbuf_dump_data(const void *s, size_t len, FILE *f);
1.1 djm 250:
251: /* Return the hexadecimal representation of the contents of the buffer */
252: char *sshbuf_dtob16(struct sshbuf *buf);
253:
254: /* Encode the contents of the buffer as base64 */
1.16 djm 255: char *sshbuf_dtob64_string(const struct sshbuf *buf, int wrap);
256: int sshbuf_dtob64(const struct sshbuf *d, struct sshbuf *b64, int wrap);
1.1 djm 257:
258: /* Decode base64 data and append it to the buffer */
259: int sshbuf_b64tod(struct sshbuf *buf, const char *b64);
1.15 djm 260:
261: /*
262: * Tests whether the buffer contains the specified byte sequence at the
263: * specified offset. Returns 0 on successful match, or a ssherr.h code
264: * otherwise. SSH_ERR_INVALID_FORMAT indicates sufficient bytes were
265: * present but the buffer contents did not match those supplied. Zero-
266: * length comparisons are not allowed.
267: *
268: * If sufficient data is present to make a comparison, then it is
269: * performed with timing independent of the value of the data. If
270: * insufficient data is present then the comparison is not attempted at
271: * all.
272: */
273: int sshbuf_cmp(const struct sshbuf *b, size_t offset,
1.17 djm 274: const void *s, size_t len);
1.15 djm 275:
276: /*
277: * Searches the buffer for the specified string. Returns 0 on success
278: * and updates *offsetp with the offset of the first match, relative to
279: * the start of the buffer. Otherwise sshbuf_find will return a ssherr.h
280: * error code. SSH_ERR_INVALID_FORMAT indicates sufficient bytes were
281: * present in the buffer for a match to be possible but none was found.
282: * Searches for zero-length data are not allowed.
283: */
284: int
285: sshbuf_find(const struct sshbuf *b, size_t start_offset,
1.17 djm 286: const void *s, size_t len, size_t *offsetp);
1.7 djm 287:
288: /*
289: * Duplicate the contents of a buffer to a string (caller to free).
290: * Returns NULL on buffer error, or if the buffer contains a premature
291: * nul character.
292: */
293: char *sshbuf_dup_string(struct sshbuf *buf);
1.1 djm 294:
295: /* Macros for decoding/encoding integers */
296: #define PEEK_U64(p) \
1.5 djm 297: (((u_int64_t)(((const u_char *)(p))[0]) << 56) | \
298: ((u_int64_t)(((const u_char *)(p))[1]) << 48) | \
299: ((u_int64_t)(((const u_char *)(p))[2]) << 40) | \
300: ((u_int64_t)(((const u_char *)(p))[3]) << 32) | \
301: ((u_int64_t)(((const u_char *)(p))[4]) << 24) | \
302: ((u_int64_t)(((const u_char *)(p))[5]) << 16) | \
303: ((u_int64_t)(((const u_char *)(p))[6]) << 8) | \
304: (u_int64_t)(((const u_char *)(p))[7]))
1.1 djm 305: #define PEEK_U32(p) \
1.5 djm 306: (((u_int32_t)(((const u_char *)(p))[0]) << 24) | \
307: ((u_int32_t)(((const u_char *)(p))[1]) << 16) | \
308: ((u_int32_t)(((const u_char *)(p))[2]) << 8) | \
309: (u_int32_t)(((const u_char *)(p))[3]))
1.1 djm 310: #define PEEK_U16(p) \
1.5 djm 311: (((u_int16_t)(((const u_char *)(p))[0]) << 8) | \
312: (u_int16_t)(((const u_char *)(p))[1]))
1.1 djm 313:
314: #define POKE_U64(p, v) \
315: do { \
1.5 djm 316: const u_int64_t __v = (v); \
317: ((u_char *)(p))[0] = (__v >> 56) & 0xff; \
318: ((u_char *)(p))[1] = (__v >> 48) & 0xff; \
319: ((u_char *)(p))[2] = (__v >> 40) & 0xff; \
320: ((u_char *)(p))[3] = (__v >> 32) & 0xff; \
321: ((u_char *)(p))[4] = (__v >> 24) & 0xff; \
322: ((u_char *)(p))[5] = (__v >> 16) & 0xff; \
323: ((u_char *)(p))[6] = (__v >> 8) & 0xff; \
324: ((u_char *)(p))[7] = __v & 0xff; \
1.1 djm 325: } while (0)
326: #define POKE_U32(p, v) \
327: do { \
1.5 djm 328: const u_int32_t __v = (v); \
329: ((u_char *)(p))[0] = (__v >> 24) & 0xff; \
330: ((u_char *)(p))[1] = (__v >> 16) & 0xff; \
331: ((u_char *)(p))[2] = (__v >> 8) & 0xff; \
332: ((u_char *)(p))[3] = __v & 0xff; \
1.1 djm 333: } while (0)
334: #define POKE_U16(p, v) \
335: do { \
1.5 djm 336: const u_int16_t __v = (v); \
337: ((u_char *)(p))[0] = (__v >> 8) & 0xff; \
338: ((u_char *)(p))[1] = __v & 0xff; \
1.1 djm 339: } while (0)
340:
341: /* Internal definitions follow. Exposed for regress tests */
342: #ifdef SSHBUF_INTERNAL
343:
344: /*
345: * Return the allocation size of buf
346: */
347: size_t sshbuf_alloc(const struct sshbuf *buf);
348:
349: /*
350: * Increment the reference count of buf.
351: */
352: int sshbuf_set_parent(struct sshbuf *child, struct sshbuf *parent);
353:
354: /*
355: * Return the parent buffer of buf, or NULL if it has no parent.
356: */
357: const struct sshbuf *sshbuf_parent(const struct sshbuf *buf);
358:
359: /*
360: * Return the reference count of buf
361: */
362: u_int sshbuf_refcount(const struct sshbuf *buf);
363:
364: # define SSHBUF_SIZE_INIT 256 /* Initial allocation */
365: # define SSHBUF_SIZE_INC 256 /* Preferred increment length */
366: # define SSHBUF_PACK_MIN 8192 /* Minimim packable offset */
367:
368: /* # define SSHBUF_ABORT abort */
369: /* # define SSHBUF_DEBUG */
370:
371: # ifndef SSHBUF_ABORT
372: # define SSHBUF_ABORT()
373: # endif
374:
375: # ifdef SSHBUF_DEBUG
376: # define SSHBUF_TELL(what) do { \
377: printf("%s:%d %s: %s size %zu alloc %zu off %zu max %zu\n", \
378: __FILE__, __LINE__, __func__, what, \
379: buf->size, buf->alloc, buf->off, buf->max_size); \
380: fflush(stdout); \
381: } while (0)
382: # define SSHBUF_DBG(x) do { \
383: printf("%s:%d %s: ", __FILE__, __LINE__, __func__); \
384: printf x; \
385: printf("\n"); \
386: fflush(stdout); \
387: } while (0)
388: # else
389: # define SSHBUF_TELL(what)
390: # define SSHBUF_DBG(x)
391: # endif
392: #endif /* SSHBUF_INTERNAL */
393:
394: #endif /* _SSHBUF_H */