Annotation of src/usr.bin/ssh/sshbuf.h, Revision 1.28
1.28 ! djm 1: /* $OpenBSD: sshbuf.h,v 1.27 2022/05/25 06:03:44 djm Exp $ */
1.1 djm 2: /*
3: * Copyright (c) 2011 Damien Miller
4: *
5: * Permission to use, copy, modify, and distribute this software for any
6: * purpose with or without fee is hereby granted, provided that the above
7: * copyright notice and this permission notice appear in all copies.
8: *
9: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16: */
17:
18: #ifndef _SSHBUF_H
19: #define _SSHBUF_H
20:
21: #include <sys/types.h>
22: #include <stdarg.h>
23: #include <stdio.h>
1.18 djm 24:
25: #ifdef WITH_OPENSSL
1.1 djm 26: #include <openssl/bn.h>
27: #include <openssl/ec.h>
1.18 djm 28: #include <openssl/ecdsa.h>
29: #else /* OPENSSL */
30: #define BIGNUM void
31: #define EC_KEY void
32: #define EC_GROUP void
33: #define EC_POINT void
34: #endif /* WITH_OPENSSL */
1.1 djm 35:
36: #define SSHBUF_SIZE_MAX 0x8000000 /* Hard maximum size */
37: #define SSHBUF_REFS_MAX 0x100000 /* Max child buffers */
38: #define SSHBUF_MAX_BIGNUM (16384 / 8) /* Max bignum *bytes* */
39: #define SSHBUF_MAX_ECPOINT ((528 * 2 / 8) + 1) /* Max EC point *bytes* */
40:
1.28 ! djm 41: struct sshbuf;
1.1 djm 42:
43: /*
44: * Create a new sshbuf buffer.
45: * Returns pointer to buffer on success, or NULL on allocation failure.
46: */
47: struct sshbuf *sshbuf_new(void);
48:
49: /*
50: * Create a new, read-only sshbuf buffer from existing data.
51: * Returns pointer to buffer on success, or NULL on allocation failure.
52: */
53: struct sshbuf *sshbuf_from(const void *blob, size_t len);
54:
55: /*
56: * Create a new, read-only sshbuf buffer from the contents of an existing
57: * buffer. The contents of "buf" must not change in the lifetime of the
58: * resultant buffer.
59: * Returns pointer to buffer on success, or NULL on allocation failure.
60: */
61: struct sshbuf *sshbuf_fromb(struct sshbuf *buf);
62:
63: /*
64: * Create a new, read-only sshbuf buffer from the contents of a string in
65: * an existing buffer (the string is consumed in the process).
66: * The contents of "buf" must not change in the lifetime of the resultant
67: * buffer.
68: * Returns pointer to buffer on success, or NULL on allocation failure.
69: */
70: int sshbuf_froms(struct sshbuf *buf, struct sshbuf **bufp);
71:
72: /*
73: * Clear and free buf
74: */
75: void sshbuf_free(struct sshbuf *buf);
76:
77: /*
78: * Reset buf, clearing its contents. NB. max_size is preserved.
79: */
80: void sshbuf_reset(struct sshbuf *buf);
81:
82: /*
83: * Return the maximum size of buf
84: */
85: size_t sshbuf_max_size(const struct sshbuf *buf);
86:
87: /*
88: * Set the maximum size of buf
89: * Returns 0 on success, or a negative SSH_ERR_* error code on failure.
90: */
91: int sshbuf_set_max_size(struct sshbuf *buf, size_t max_size);
92:
93: /*
94: * Returns the length of data in buf
95: */
96: size_t sshbuf_len(const struct sshbuf *buf);
97:
98: /*
99: * Returns number of bytes left in buffer before hitting max_size.
100: */
101: size_t sshbuf_avail(const struct sshbuf *buf);
102:
103: /*
1.6 mmcc 104: * Returns a read-only pointer to the start of the data in buf
1.1 djm 105: */
106: const u_char *sshbuf_ptr(const struct sshbuf *buf);
107:
108: /*
1.6 mmcc 109: * Returns a mutable pointer to the start of the data in buf, or
1.1 djm 110: * NULL if the buffer is read-only.
111: */
112: u_char *sshbuf_mutable_ptr(const struct sshbuf *buf);
113:
114: /*
115: * Check whether a reservation of size len will succeed in buf
116: * Safer to use than direct comparisons again sshbuf_avail as it copes
117: * with unsigned overflows correctly.
118: * Returns 0 on success, or a negative SSH_ERR_* error code on failure.
119: */
120: int sshbuf_check_reserve(const struct sshbuf *buf, size_t len);
1.8 djm 121:
122: /*
123: * Preallocates len additional bytes in buf.
124: * Useful for cases where the caller knows how many bytes will ultimately be
125: * required to avoid realloc in the buffer code.
126: * Returns 0 on success, or a negative SSH_ERR_* error code on failure.
127: */
128: int sshbuf_allocate(struct sshbuf *buf, size_t len);
1.1 djm 129:
130: /*
131: * Reserve len bytes in buf.
132: * Returns 0 on success and a pointer to the first reserved byte via the
1.21 dtucker 133: * optional dpp parameter or a negative SSH_ERR_* error code on failure.
1.1 djm 134: */
135: int sshbuf_reserve(struct sshbuf *buf, size_t len, u_char **dpp);
136:
137: /*
138: * Consume len bytes from the start of buf
139: * Returns 0 on success, or a negative SSH_ERR_* error code on failure.
140: */
141: int sshbuf_consume(struct sshbuf *buf, size_t len);
142:
143: /*
144: * Consume len bytes from the end of buf
145: * Returns 0 on success, or a negative SSH_ERR_* error code on failure.
146: */
147: int sshbuf_consume_end(struct sshbuf *buf, size_t len);
148:
149: /* Extract or deposit some bytes */
150: int sshbuf_get(struct sshbuf *buf, void *v, size_t len);
151: int sshbuf_put(struct sshbuf *buf, const void *v, size_t len);
152: int sshbuf_putb(struct sshbuf *buf, const struct sshbuf *v);
153:
154: /* Append using a printf(3) format */
155: int sshbuf_putf(struct sshbuf *buf, const char *fmt, ...)
156: __attribute__((format(printf, 2, 3)));
157: int sshbuf_putfv(struct sshbuf *buf, const char *fmt, va_list ap);
158:
159: /* Functions to extract or store big-endian words of various sizes */
160: int sshbuf_get_u64(struct sshbuf *buf, u_int64_t *valp);
161: int sshbuf_get_u32(struct sshbuf *buf, u_int32_t *valp);
162: int sshbuf_get_u16(struct sshbuf *buf, u_int16_t *valp);
163: int sshbuf_get_u8(struct sshbuf *buf, u_char *valp);
164: int sshbuf_put_u64(struct sshbuf *buf, u_int64_t val);
165: int sshbuf_put_u32(struct sshbuf *buf, u_int32_t val);
166: int sshbuf_put_u16(struct sshbuf *buf, u_int16_t val);
167: int sshbuf_put_u8(struct sshbuf *buf, u_char val);
168:
1.14 djm 169: /* Functions to peek at the contents of a buffer without modifying it. */
170: int sshbuf_peek_u64(const struct sshbuf *buf, size_t offset,
171: u_int64_t *valp);
172: int sshbuf_peek_u32(const struct sshbuf *buf, size_t offset,
173: u_int32_t *valp);
174: int sshbuf_peek_u16(const struct sshbuf *buf, size_t offset,
175: u_int16_t *valp);
176: int sshbuf_peek_u8(const struct sshbuf *buf, size_t offset,
177: u_char *valp);
178:
179: /*
1.20 djm 180: * Functions to poke values into an existing buffer (e.g. a length header
1.14 djm 181: * to a packet). The destination bytes must already exist in the buffer.
182: */
183: int sshbuf_poke_u64(struct sshbuf *buf, size_t offset, u_int64_t val);
184: int sshbuf_poke_u32(struct sshbuf *buf, size_t offset, u_int32_t val);
185: int sshbuf_poke_u16(struct sshbuf *buf, size_t offset, u_int16_t val);
186: int sshbuf_poke_u8(struct sshbuf *buf, size_t offset, u_char val);
187: int sshbuf_poke(struct sshbuf *buf, size_t offset, void *v, size_t len);
188:
1.1 djm 189: /*
190: * Functions to extract or store SSH wire encoded strings (u32 len || data)
191: * The "cstring" variants admit no \0 characters in the string contents.
192: * Caller must free *valp.
193: */
194: int sshbuf_get_string(struct sshbuf *buf, u_char **valp, size_t *lenp);
195: int sshbuf_get_cstring(struct sshbuf *buf, char **valp, size_t *lenp);
196: int sshbuf_get_stringb(struct sshbuf *buf, struct sshbuf *v);
197: int sshbuf_put_string(struct sshbuf *buf, const void *v, size_t len);
198: int sshbuf_put_cstring(struct sshbuf *buf, const char *v);
199: int sshbuf_put_stringb(struct sshbuf *buf, const struct sshbuf *v);
200:
201: /*
202: * "Direct" variant of sshbuf_get_string, returns pointer into the sshbuf to
203: * avoid an malloc+memcpy. The pointer is guaranteed to be valid until the
204: * next sshbuf-modifying function call. Caller does not free.
205: */
206: int sshbuf_get_string_direct(struct sshbuf *buf, const u_char **valp,
207: size_t *lenp);
208:
209: /* Skip past a string */
210: #define sshbuf_skip_string(buf) sshbuf_get_string_direct(buf, NULL, NULL)
211:
212: /* Another variant: "peeks" into the buffer without modifying it */
213: int sshbuf_peek_string_direct(const struct sshbuf *buf, const u_char **valp,
214: size_t *lenp);
215:
216: /*
217: * Functions to extract or store SSH wire encoded bignums and elliptic
218: * curve points.
219: */
1.13 djm 220: int sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM **valp);
1.4 djm 221: int sshbuf_get_bignum2_bytes_direct(struct sshbuf *buf,
222: const u_char **valp, size_t *lenp);
1.2 dtucker 223: int sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v);
224: int sshbuf_put_bignum2_bytes(struct sshbuf *buf, const void *v, size_t len);
1.1 djm 225: int sshbuf_get_ec(struct sshbuf *buf, EC_POINT *v, const EC_GROUP *g);
226: int sshbuf_get_eckey(struct sshbuf *buf, EC_KEY *v);
227: int sshbuf_put_ec(struct sshbuf *buf, const EC_POINT *v, const EC_GROUP *g);
228: int sshbuf_put_eckey(struct sshbuf *buf, const EC_KEY *v);
229:
1.3 djm 230: /* Dump the contents of the buffer in a human-readable format */
1.22 djm 231: void sshbuf_dump(const struct sshbuf *buf, FILE *f);
1.3 djm 232:
233: /* Dump specified memory in a human-readable format */
234: void sshbuf_dump_data(const void *s, size_t len, FILE *f);
1.1 djm 235:
236: /* Return the hexadecimal representation of the contents of the buffer */
237: char *sshbuf_dtob16(struct sshbuf *buf);
238:
239: /* Encode the contents of the buffer as base64 */
1.16 djm 240: char *sshbuf_dtob64_string(const struct sshbuf *buf, int wrap);
241: int sshbuf_dtob64(const struct sshbuf *d, struct sshbuf *b64, int wrap);
1.23 djm 242: /* RFC4648 "base64url" encoding variant */
243: int sshbuf_dtourlb64(const struct sshbuf *d, struct sshbuf *b64, int wrap);
1.1 djm 244:
245: /* Decode base64 data and append it to the buffer */
246: int sshbuf_b64tod(struct sshbuf *buf, const char *b64);
1.15 djm 247:
248: /*
249: * Tests whether the buffer contains the specified byte sequence at the
250: * specified offset. Returns 0 on successful match, or a ssherr.h code
251: * otherwise. SSH_ERR_INVALID_FORMAT indicates sufficient bytes were
252: * present but the buffer contents did not match those supplied. Zero-
253: * length comparisons are not allowed.
254: *
255: * If sufficient data is present to make a comparison, then it is
256: * performed with timing independent of the value of the data. If
257: * insufficient data is present then the comparison is not attempted at
258: * all.
259: */
260: int sshbuf_cmp(const struct sshbuf *b, size_t offset,
1.17 djm 261: const void *s, size_t len);
1.15 djm 262:
263: /*
264: * Searches the buffer for the specified string. Returns 0 on success
265: * and updates *offsetp with the offset of the first match, relative to
266: * the start of the buffer. Otherwise sshbuf_find will return a ssherr.h
267: * error code. SSH_ERR_INVALID_FORMAT indicates sufficient bytes were
268: * present in the buffer for a match to be possible but none was found.
269: * Searches for zero-length data are not allowed.
270: */
271: int
272: sshbuf_find(const struct sshbuf *b, size_t start_offset,
1.17 djm 273: const void *s, size_t len, size_t *offsetp);
1.7 djm 274:
275: /*
276: * Duplicate the contents of a buffer to a string (caller to free).
277: * Returns NULL on buffer error, or if the buffer contains a premature
278: * nul character.
279: */
280: char *sshbuf_dup_string(struct sshbuf *buf);
1.19 djm 281:
282: /*
283: * Fill a buffer from a file descriptor or filename. Both allocate the
284: * buffer for the caller.
285: */
286: int sshbuf_load_fd(int, struct sshbuf **)
287: __attribute__((__nonnull__ (2)));
288: int sshbuf_load_file(const char *, struct sshbuf **)
289: __attribute__((__nonnull__ (2)));
290:
291: /*
292: * Write a buffer to a path, creating/truncating as needed (mode 0644,
293: * subject to umask). The buffer contents are not modified.
294: */
295: int sshbuf_write_file(const char *path, struct sshbuf *buf)
1.25 djm 296: __attribute__((__nonnull__ (2)));
297:
298: /* Read up to maxlen bytes from a fd directly to a buffer */
299: int sshbuf_read(int, struct sshbuf *, size_t, size_t *)
1.19 djm 300: __attribute__((__nonnull__ (2)));
1.1 djm 301:
302: /* Macros for decoding/encoding integers */
303: #define PEEK_U64(p) \
1.5 djm 304: (((u_int64_t)(((const u_char *)(p))[0]) << 56) | \
305: ((u_int64_t)(((const u_char *)(p))[1]) << 48) | \
306: ((u_int64_t)(((const u_char *)(p))[2]) << 40) | \
307: ((u_int64_t)(((const u_char *)(p))[3]) << 32) | \
308: ((u_int64_t)(((const u_char *)(p))[4]) << 24) | \
309: ((u_int64_t)(((const u_char *)(p))[5]) << 16) | \
310: ((u_int64_t)(((const u_char *)(p))[6]) << 8) | \
311: (u_int64_t)(((const u_char *)(p))[7]))
1.1 djm 312: #define PEEK_U32(p) \
1.5 djm 313: (((u_int32_t)(((const u_char *)(p))[0]) << 24) | \
314: ((u_int32_t)(((const u_char *)(p))[1]) << 16) | \
315: ((u_int32_t)(((const u_char *)(p))[2]) << 8) | \
316: (u_int32_t)(((const u_char *)(p))[3]))
1.1 djm 317: #define PEEK_U16(p) \
1.5 djm 318: (((u_int16_t)(((const u_char *)(p))[0]) << 8) | \
319: (u_int16_t)(((const u_char *)(p))[1]))
1.1 djm 320:
321: #define POKE_U64(p, v) \
322: do { \
1.5 djm 323: const u_int64_t __v = (v); \
324: ((u_char *)(p))[0] = (__v >> 56) & 0xff; \
325: ((u_char *)(p))[1] = (__v >> 48) & 0xff; \
326: ((u_char *)(p))[2] = (__v >> 40) & 0xff; \
327: ((u_char *)(p))[3] = (__v >> 32) & 0xff; \
328: ((u_char *)(p))[4] = (__v >> 24) & 0xff; \
329: ((u_char *)(p))[5] = (__v >> 16) & 0xff; \
330: ((u_char *)(p))[6] = (__v >> 8) & 0xff; \
331: ((u_char *)(p))[7] = __v & 0xff; \
1.1 djm 332: } while (0)
333: #define POKE_U32(p, v) \
334: do { \
1.5 djm 335: const u_int32_t __v = (v); \
336: ((u_char *)(p))[0] = (__v >> 24) & 0xff; \
337: ((u_char *)(p))[1] = (__v >> 16) & 0xff; \
338: ((u_char *)(p))[2] = (__v >> 8) & 0xff; \
339: ((u_char *)(p))[3] = __v & 0xff; \
1.1 djm 340: } while (0)
341: #define POKE_U16(p, v) \
342: do { \
1.5 djm 343: const u_int16_t __v = (v); \
344: ((u_char *)(p))[0] = (__v >> 8) & 0xff; \
345: ((u_char *)(p))[1] = __v & 0xff; \
1.1 djm 346: } while (0)
347:
348: /* Internal definitions follow. Exposed for regress tests */
349: #ifdef SSHBUF_INTERNAL
350:
351: /*
352: * Return the allocation size of buf
353: */
354: size_t sshbuf_alloc(const struct sshbuf *buf);
355:
356: /*
357: * Increment the reference count of buf.
358: */
359: int sshbuf_set_parent(struct sshbuf *child, struct sshbuf *parent);
360:
361: /*
362: * Return the parent buffer of buf, or NULL if it has no parent.
363: */
364: const struct sshbuf *sshbuf_parent(const struct sshbuf *buf);
365:
366: /*
367: * Return the reference count of buf
368: */
369: u_int sshbuf_refcount(const struct sshbuf *buf);
370:
371: # define SSHBUF_SIZE_INIT 256 /* Initial allocation */
372: # define SSHBUF_SIZE_INC 256 /* Preferred increment length */
1.24 jsg 373: # define SSHBUF_PACK_MIN 8192 /* Minimum packable offset */
1.1 djm 374:
375: /* # define SSHBUF_ABORT abort */
376: /* # define SSHBUF_DEBUG */
377:
378: # ifndef SSHBUF_ABORT
379: # define SSHBUF_ABORT()
380: # endif
381:
382: # ifdef SSHBUF_DEBUG
1.27 djm 383: # define SSHBUF_DBG(x) do { \
384: printf("%s:%d %s: ", __FILE__, __LINE__, __func__); \
385: printf x; \
386: printf("\n"); \
387: fflush(stdout); \
1.1 djm 388: } while (0)
389: # else
390: # define SSHBUF_DBG(x)
391: # endif
392: #endif /* SSHBUF_INTERNAL */
393:
394: #endif /* _SSHBUF_H */