1/* $OpenBSD: sshbuf.h,v 1.28 2022/12/02 04:40:27 djm Exp $ */ 2/* 3 * Copyright (c) 2011 Damien Miller 4 * 5 * Permission to use, copy, modify, and distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 */ 17 18#ifndef _SSHBUF_H 19#define _SSHBUF_H 20 21#include <sys/types.h> 22#include <stdarg.h> 23#include <stdio.h> 24#ifdef WITH_OPENSSL 25# include <openssl/bn.h> 26# ifdef OPENSSL_HAS_ECC 27# include <openssl/ec.h> 28# endif /* OPENSSL_HAS_ECC */ 29#endif /* WITH_OPENSSL */ 30 31#define SSHBUF_SIZE_MAX 0x8000000 /* Hard maximum size */ 32#define SSHBUF_REFS_MAX 0x100000 /* Max child buffers */ 33#define SSHBUF_MAX_BIGNUM (16384 / 8) /* Max bignum *bytes* */ 34#define SSHBUF_MAX_ECPOINT ((528 * 2 / 8) + 1) /* Max EC point *bytes* */ 35 36struct sshbuf; 37 38/* 39 * Create a new sshbuf buffer. 40 * Returns pointer to buffer on success, or NULL on allocation failure. 41 */ 42struct sshbuf *sshbuf_new(void); 43 44/* 45 * Create a new, read-only sshbuf buffer from existing data. 46 * Returns pointer to buffer on success, or NULL on allocation failure. 47 */ 48struct sshbuf *sshbuf_from(const void *blob, size_t len); 49 50/* 51 * Create a new, read-only sshbuf buffer from the contents of an existing 52 * buffer. The contents of "buf" must not change in the lifetime of the 53 * resultant buffer. 54 * Returns pointer to buffer on success, or NULL on allocation failure. 55 */ 56struct sshbuf *sshbuf_fromb(struct sshbuf *buf); 57 58/* 59 * Create a new, read-only sshbuf buffer from the contents of a string in 60 * an existing buffer (the string is consumed in the process). 61 * The contents of "buf" must not change in the lifetime of the resultant 62 * buffer. 63 * Returns pointer to buffer on success, or NULL on allocation failure. 64 */ 65int sshbuf_froms(struct sshbuf *buf, struct sshbuf **bufp); 66 67/* 68 * Clear and free buf 69 */ 70void sshbuf_free(struct sshbuf *buf); 71 72/* 73 * Reset buf, clearing its contents. NB. max_size is preserved. 74 */ 75void sshbuf_reset(struct sshbuf *buf); 76 77/* 78 * Return the maximum size of buf 79 */ 80size_t sshbuf_max_size(const struct sshbuf *buf); 81 82/* 83 * Set the maximum size of buf 84 * Returns 0 on success, or a negative SSH_ERR_* error code on failure. 85 */ 86int sshbuf_set_max_size(struct sshbuf *buf, size_t max_size); 87 88/* 89 * Returns the length of data in buf 90 */ 91size_t sshbuf_len(const struct sshbuf *buf); 92 93/* 94 * Returns number of bytes left in buffer before hitting max_size. 95 */ 96size_t sshbuf_avail(const struct sshbuf *buf); 97 98/* 99 * Returns a read-only pointer to the start of the data in buf 100 */ 101const u_char *sshbuf_ptr(const struct sshbuf *buf); 102 103/* 104 * Returns a mutable pointer to the start of the data in buf, or 105 * NULL if the buffer is read-only. 106 */ 107u_char *sshbuf_mutable_ptr(const struct sshbuf *buf); 108 109/* 110 * Check whether a reservation of size len will succeed in buf 111 * Safer to use than direct comparisons again sshbuf_avail as it copes 112 * with unsigned overflows correctly. 113 * Returns 0 on success, or a negative SSH_ERR_* error code on failure. 114 */ 115int sshbuf_check_reserve(const struct sshbuf *buf, size_t len); 116 117/* 118 * Preallocates len additional bytes in buf. 119 * Useful for cases where the caller knows how many bytes will ultimately be 120 * required to avoid realloc in the buffer code. 121 * Returns 0 on success, or a negative SSH_ERR_* error code on failure. 122 */ 123int sshbuf_allocate(struct sshbuf *buf, size_t len); 124 125/* 126 * Reserve len bytes in buf. 127 * Returns 0 on success and a pointer to the first reserved byte via the 128 * optional dpp parameter or a negative SSH_ERR_* error code on failure. 129 */ 130int sshbuf_reserve(struct sshbuf *buf, size_t len, u_char **dpp); 131 132/* 133 * Consume len bytes from the start of buf 134 * Returns 0 on success, or a negative SSH_ERR_* error code on failure. 135 */ 136int sshbuf_consume(struct sshbuf *buf, size_t len); 137 138/* 139 * Consume len bytes from the end of buf 140 * Returns 0 on success, or a negative SSH_ERR_* error code on failure. 141 */ 142int sshbuf_consume_end(struct sshbuf *buf, size_t len); 143 144/* Extract or deposit some bytes */ 145int sshbuf_get(struct sshbuf *buf, void *v, size_t len); 146int sshbuf_put(struct sshbuf *buf, const void *v, size_t len); 147int sshbuf_putb(struct sshbuf *buf, const struct sshbuf *v); 148 149/* Append using a printf(3) format */ 150int sshbuf_putf(struct sshbuf *buf, const char *fmt, ...) 151 __attribute__((format(printf, 2, 3))); 152int sshbuf_putfv(struct sshbuf *buf, const char *fmt, va_list ap); 153 154/* Functions to extract or store big-endian words of various sizes */ 155int sshbuf_get_u64(struct sshbuf *buf, u_int64_t *valp); 156int sshbuf_get_u32(struct sshbuf *buf, u_int32_t *valp); 157int sshbuf_get_u16(struct sshbuf *buf, u_int16_t *valp); 158int sshbuf_get_u8(struct sshbuf *buf, u_char *valp); 159int sshbuf_put_u64(struct sshbuf *buf, u_int64_t val); 160int sshbuf_put_u32(struct sshbuf *buf, u_int32_t val); 161int sshbuf_put_u16(struct sshbuf *buf, u_int16_t val); 162int sshbuf_put_u8(struct sshbuf *buf, u_char val); 163 164/* Functions to peek at the contents of a buffer without modifying it. */ 165int sshbuf_peek_u64(const struct sshbuf *buf, size_t offset, 166 u_int64_t *valp); 167int sshbuf_peek_u32(const struct sshbuf *buf, size_t offset, 168 u_int32_t *valp); 169int sshbuf_peek_u16(const struct sshbuf *buf, size_t offset, 170 u_int16_t *valp); 171int sshbuf_peek_u8(const struct sshbuf *buf, size_t offset, 172 u_char *valp); 173 174/* 175 * Functions to poke values into an existing buffer (e.g. a length header 176 * to a packet). The destination bytes must already exist in the buffer. 177 */ 178int sshbuf_poke_u64(struct sshbuf *buf, size_t offset, u_int64_t val); 179int sshbuf_poke_u32(struct sshbuf *buf, size_t offset, u_int32_t val); 180int sshbuf_poke_u16(struct sshbuf *buf, size_t offset, u_int16_t val); 181int sshbuf_poke_u8(struct sshbuf *buf, size_t offset, u_char val); 182int sshbuf_poke(struct sshbuf *buf, size_t offset, void *v, size_t len); 183 184/* 185 * Functions to extract or store SSH wire encoded strings (u32 len || data) 186 * The "cstring" variants admit no \0 characters in the string contents. 187 * Caller must free *valp. 188 */ 189int sshbuf_get_string(struct sshbuf *buf, u_char **valp, size_t *lenp); 190int sshbuf_get_cstring(struct sshbuf *buf, char **valp, size_t *lenp); 191int sshbuf_get_stringb(struct sshbuf *buf, struct sshbuf *v); 192int sshbuf_put_string(struct sshbuf *buf, const void *v, size_t len); 193int sshbuf_put_cstring(struct sshbuf *buf, const char *v); 194int sshbuf_put_stringb(struct sshbuf *buf, const struct sshbuf *v); 195 196/* 197 * "Direct" variant of sshbuf_get_string, returns pointer into the sshbuf to 198 * avoid an malloc+memcpy. The pointer is guaranteed to be valid until the 199 * next sshbuf-modifying function call. Caller does not free. 200 */ 201int sshbuf_get_string_direct(struct sshbuf *buf, const u_char **valp, 202 size_t *lenp); 203 204/* Skip past a string */ 205#define sshbuf_skip_string(buf) sshbuf_get_string_direct(buf, NULL, NULL) 206 207/* Another variant: "peeks" into the buffer without modifying it */ 208int sshbuf_peek_string_direct(const struct sshbuf *buf, const u_char **valp, 209 size_t *lenp); 210 211/* 212 * Functions to extract or store SSH wire encoded bignums and elliptic 213 * curve points. 214 */ 215int sshbuf_put_bignum2_bytes(struct sshbuf *buf, const void *v, size_t len); 216int sshbuf_get_bignum2_bytes_direct(struct sshbuf *buf, 217 const u_char **valp, size_t *lenp); 218#ifdef WITH_OPENSSL 219int sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM **valp); 220int sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v); 221# ifdef OPENSSL_HAS_ECC 222int sshbuf_get_ec(struct sshbuf *buf, EC_POINT *v, const EC_GROUP *g); 223int sshbuf_get_eckey(struct sshbuf *buf, EC_KEY *v); 224int sshbuf_put_ec(struct sshbuf *buf, const EC_POINT *v, const EC_GROUP *g); 225int sshbuf_put_eckey(struct sshbuf *buf, const EC_KEY *v); 226# endif /* OPENSSL_HAS_ECC */ 227#endif /* WITH_OPENSSL */ 228 229/* Dump the contents of the buffer in a human-readable format */ 230void sshbuf_dump(const struct sshbuf *buf, FILE *f); 231 232/* Dump specified memory in a human-readable format */ 233void sshbuf_dump_data(const void *s, size_t len, FILE *f); 234 235/* Return the hexadecimal representation of the contents of the buffer */ 236char *sshbuf_dtob16(struct sshbuf *buf); 237 238/* Encode the contents of the buffer as base64 */ 239char *sshbuf_dtob64_string(const struct sshbuf *buf, int wrap); 240int sshbuf_dtob64(const struct sshbuf *d, struct sshbuf *b64, int wrap); 241/* RFC4648 "base64url" encoding variant */ 242int sshbuf_dtourlb64(const struct sshbuf *d, struct sshbuf *b64, int wrap); 243 244/* Decode base64 data and append it to the buffer */ 245int sshbuf_b64tod(struct sshbuf *buf, const char *b64); 246 247/* 248 * Tests whether the buffer contains the specified byte sequence at the 249 * specified offset. Returns 0 on successful match, or a ssherr.h code 250 * otherwise. SSH_ERR_INVALID_FORMAT indicates sufficient bytes were 251 * present but the buffer contents did not match those supplied. Zero- 252 * length comparisons are not allowed. 253 * 254 * If sufficient data is present to make a comparison, then it is 255 * performed with timing independent of the value of the data. If 256 * insufficient data is present then the comparison is not attempted at 257 * all. 258 */ 259int sshbuf_cmp(const struct sshbuf *b, size_t offset, 260 const void *s, size_t len); 261 262/* 263 * Searches the buffer for the specified string. Returns 0 on success 264 * and updates *offsetp with the offset of the first match, relative to 265 * the start of the buffer. Otherwise sshbuf_find will return a ssherr.h 266 * error code. SSH_ERR_INVALID_FORMAT indicates sufficient bytes were 267 * present in the buffer for a match to be possible but none was found. 268 * Searches for zero-length data are not allowed. 269 */ 270int 271sshbuf_find(const struct sshbuf *b, size_t start_offset, 272 const void *s, size_t len, size_t *offsetp); 273 274/* 275 * Duplicate the contents of a buffer to a string (caller to free). 276 * Returns NULL on buffer error, or if the buffer contains a premature 277 * nul character. 278 */ 279char *sshbuf_dup_string(struct sshbuf *buf); 280 281/* 282 * Fill a buffer from a file descriptor or filename. Both allocate the 283 * buffer for the caller. 284 */ 285int sshbuf_load_fd(int, struct sshbuf **) 286 __attribute__((__nonnull__ (2))); 287int sshbuf_load_file(const char *, struct sshbuf **) 288 __attribute__((__nonnull__ (2))); 289 290/* 291 * Write a buffer to a path, creating/truncating as needed (mode 0644, 292 * subject to umask). The buffer contents are not modified. 293 */ 294int sshbuf_write_file(const char *path, struct sshbuf *buf) 295 __attribute__((__nonnull__ (2))); 296 297/* Read up to maxlen bytes from a fd directly to a buffer */ 298int sshbuf_read(int, struct sshbuf *, size_t, size_t *) 299 __attribute__((__nonnull__ (2))); 300 301/* Macros for decoding/encoding integers */ 302#define PEEK_U64(p) \ 303 (((u_int64_t)(((const u_char *)(p))[0]) << 56) | \ 304 ((u_int64_t)(((const u_char *)(p))[1]) << 48) | \ 305 ((u_int64_t)(((const u_char *)(p))[2]) << 40) | \ 306 ((u_int64_t)(((const u_char *)(p))[3]) << 32) | \ 307 ((u_int64_t)(((const u_char *)(p))[4]) << 24) | \ 308 ((u_int64_t)(((const u_char *)(p))[5]) << 16) | \ 309 ((u_int64_t)(((const u_char *)(p))[6]) << 8) | \ 310 (u_int64_t)(((const u_char *)(p))[7])) 311#define PEEK_U32(p) \ 312 (((u_int32_t)(((const u_char *)(p))[0]) << 24) | \ 313 ((u_int32_t)(((const u_char *)(p))[1]) << 16) | \ 314 ((u_int32_t)(((const u_char *)(p))[2]) << 8) | \ 315 (u_int32_t)(((const u_char *)(p))[3])) 316#define PEEK_U16(p) \ 317 (((u_int16_t)(((const u_char *)(p))[0]) << 8) | \ 318 (u_int16_t)(((const u_char *)(p))[1])) 319 320#define POKE_U64(p, v) \ 321 do { \ 322 const u_int64_t __v = (v); \ 323 ((u_char *)(p))[0] = (__v >> 56) & 0xff; \ 324 ((u_char *)(p))[1] = (__v >> 48) & 0xff; \ 325 ((u_char *)(p))[2] = (__v >> 40) & 0xff; \ 326 ((u_char *)(p))[3] = (__v >> 32) & 0xff; \ 327 ((u_char *)(p))[4] = (__v >> 24) & 0xff; \ 328 ((u_char *)(p))[5] = (__v >> 16) & 0xff; \ 329 ((u_char *)(p))[6] = (__v >> 8) & 0xff; \ 330 ((u_char *)(p))[7] = __v & 0xff; \ 331 } while (0) 332#define POKE_U32(p, v) \ 333 do { \ 334 const u_int32_t __v = (v); \ 335 ((u_char *)(p))[0] = (__v >> 24) & 0xff; \ 336 ((u_char *)(p))[1] = (__v >> 16) & 0xff; \ 337 ((u_char *)(p))[2] = (__v >> 8) & 0xff; \ 338 ((u_char *)(p))[3] = __v & 0xff; \ 339 } while (0) 340#define POKE_U16(p, v) \ 341 do { \ 342 const u_int16_t __v = (v); \ 343 ((u_char *)(p))[0] = (__v >> 8) & 0xff; \ 344 ((u_char *)(p))[1] = __v & 0xff; \ 345 } while (0) 346 347/* Internal definitions follow. Exposed for regress tests */ 348#ifdef SSHBUF_INTERNAL 349 350/* 351 * Return the allocation size of buf 352 */ 353size_t sshbuf_alloc(const struct sshbuf *buf); 354 355/* 356 * Increment the reference count of buf. 357 */ 358int sshbuf_set_parent(struct sshbuf *child, struct sshbuf *parent); 359 360/* 361 * Return the parent buffer of buf, or NULL if it has no parent. 362 */ 363const struct sshbuf *sshbuf_parent(const struct sshbuf *buf); 364 365/* 366 * Return the reference count of buf 367 */ 368u_int sshbuf_refcount(const struct sshbuf *buf); 369 370# define SSHBUF_SIZE_INIT 256 /* Initial allocation */ 371# define SSHBUF_SIZE_INC 256 /* Preferred increment length */ 372# define SSHBUF_PACK_MIN 8192 /* Minimum packable offset */ 373 374/* # define SSHBUF_ABORT abort */ 375/* # define SSHBUF_DEBUG */ 376 377# ifndef SSHBUF_ABORT 378# define SSHBUF_ABORT() 379# endif 380 381# ifdef SSHBUF_DEBUG 382# define SSHBUF_DBG(x) do { \ 383 printf("%s:%d %s: ", __FILE__, __LINE__, __func__); \ 384 printf x; \ 385 printf("\n"); \ 386 fflush(stdout); \ 387 } while (0) 388# else 389# define SSHBUF_DBG(x) 390# endif 391#endif /* SSHBUF_INTERNAL */ 392 393#endif /* _SSHBUF_H */ 394