Grid Community Toolkit  6.2.1653033972 (tag: v6.2.20220524)
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
sshbuf.h
1 /* $OpenBSD: sshbuf.h,v 1.23 2020/06/22 05:54:10 djm Exp $ */
2 /*
3  * Copyright (c) 2011 Damien Miller
4  *
5  * Permission to use, copy, modify, and distribute this software for any
6  * purpose with or without fee is hereby granted, provided that the above
7  * copyright notice and this permission notice appear in all copies.
8  *
9  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16  */
17 
18 #ifndef _SSHBUF_H
19 #define _SSHBUF_H
20 
21 #include <sys/types.h>
22 #include <stdarg.h>
23 #include <stdio.h>
24 #ifdef WITH_OPENSSL
25 # include <openssl/bn.h>
26 # ifdef OPENSSL_HAS_ECC
27 # include <openssl/ec.h>
28 # endif /* OPENSSL_HAS_ECC */
29 #endif /* WITH_OPENSSL */
30 
31 #define SSHBUF_SIZE_MAX 0xF000000 /* Hard maximum size 256MB */
32 #define SSHBUF_REFS_MAX 0x100000 /* Max child buffers */
33 #define SSHBUF_MAX_BIGNUM (16384 / 8) /* Max bignum *bytes* */
34 #define SSHBUF_MAX_ECPOINT ((528 * 2 / 8) + 1) /* Max EC point *bytes* */
35 
36 /*
37  * NB. do not depend on the internals of this. It will be made opaque
38  * one day.
39  */
40 struct sshbuf {
41  u_char *d; /* Data */
42  const u_char *cd; /* Const data */
43  size_t off; /* First available byte is buf->d + buf->off */
44  size_t size; /* Last byte is buf->d + buf->size - 1 */
45  size_t max_size; /* Maximum size of buffer */
46  size_t alloc; /* Total bytes allocated to buf->d */
47  int readonly; /* Refers to external, const data */
48  int dont_free; /* Kludge to support sshbuf_init */
49  u_int refcount; /* Tracks self and number of child buffers */
50  struct sshbuf *parent; /* If child, pointer to parent */
51 };
52 
53 /*
54  * Create a new sshbuf buffer.
55  * Returns pointer to buffer on success, or NULL on allocation failure.
56  */
57 struct sshbuf *sshbuf_new(void);
58 
59 /*
60  * Create a new, read-only sshbuf buffer from existing data.
61  * Returns pointer to buffer on success, or NULL on allocation failure.
62  */
63 struct sshbuf *sshbuf_from(const void *blob, size_t len);
64 
65 /*
66  * Create a new, read-only sshbuf buffer from the contents of an existing
67  * buffer. The contents of "buf" must not change in the lifetime of the
68  * resultant buffer.
69  * Returns pointer to buffer on success, or NULL on allocation failure.
70  */
71 struct sshbuf *sshbuf_fromb(struct sshbuf *buf);
72 
73 /*
74  * Create a new, read-only sshbuf buffer from the contents of a string in
75  * an existing buffer (the string is consumed in the process).
76  * The contents of "buf" must not change in the lifetime of the resultant
77  * buffer.
78  * Returns pointer to buffer on success, or NULL on allocation failure.
79  */
80 int sshbuf_froms(struct sshbuf *buf, struct sshbuf **bufp);
81 
82 /*
83  * Clear and free buf
84  */
85 void sshbuf_free(struct sshbuf *buf);
86 
87 /*
88  * Reset buf, clearing its contents. NB. max_size is preserved.
89  */
90 void sshbuf_reset(struct sshbuf *buf);
91 
92 /*
93  * Return the maximum size of buf
94  */
95 size_t sshbuf_max_size(const struct sshbuf *buf);
96 
97 /*
98  * Set the maximum size of buf
99  * Returns 0 on success, or a negative SSH_ERR_* error code on failure.
100  */
101 int sshbuf_set_max_size(struct sshbuf *buf, size_t max_size);
102 
103 /*
104  * Returns the length of data in buf
105  */
106 size_t sshbuf_len(const struct sshbuf *buf);
107 
108 /*
109  * Returns number of bytes left in buffer before hitting max_size.
110  */
111 size_t sshbuf_avail(const struct sshbuf *buf);
112 
113 /*
114  * Returns a read-only pointer to the start of the data in buf
115  */
116 const u_char *sshbuf_ptr(const struct sshbuf *buf);
117 
118 /*
119  * Returns a mutable pointer to the start of the data in buf, or
120  * NULL if the buffer is read-only.
121  */
122 u_char *sshbuf_mutable_ptr(const struct sshbuf *buf);
123 
124 /*
125  * Check whether a reservation of size len will succeed in buf
126  * Safer to use than direct comparisons again sshbuf_avail as it copes
127  * with unsigned overflows correctly.
128  * Returns 0 on success, or a negative SSH_ERR_* error code on failure.
129  */
130 int sshbuf_check_reserve(const struct sshbuf *buf, size_t len);
131 
132 /*
133  * Preallocates len additional bytes in buf.
134  * Useful for cases where the caller knows how many bytes will ultimately be
135  * required to avoid realloc in the buffer code.
136  * Returns 0 on success, or a negative SSH_ERR_* error code on failure.
137  */
138 int sshbuf_allocate(struct sshbuf *buf, size_t len);
139 
140 /*
141  * Reserve len bytes in buf.
142  * Returns 0 on success and a pointer to the first reserved byte via the
143  * optional dpp parameter or a negative SSH_ERR_* error code on failure.
144  */
145 int sshbuf_reserve(struct sshbuf *buf, size_t len, u_char **dpp);
146 
147 /*
148  * Consume len bytes from the start of buf
149  * Returns 0 on success, or a negative SSH_ERR_* error code on failure.
150  */
151 int sshbuf_consume(struct sshbuf *buf, size_t len);
152 
153 /*
154  * Consume len bytes from the end of buf
155  * Returns 0 on success, or a negative SSH_ERR_* error code on failure.
156  */
157 int sshbuf_consume_end(struct sshbuf *buf, size_t len);
158 
159 /* Extract or deposit some bytes */
160 int sshbuf_get(struct sshbuf *buf, void *v, size_t len);
161 int sshbuf_put(struct sshbuf *buf, const void *v, size_t len);
162 int sshbuf_putb(struct sshbuf *buf, const struct sshbuf *v);
163 
164 /* Append using a printf(3) format */
165 int sshbuf_putf(struct sshbuf *buf, const char *fmt, ...)
166  __attribute__((format(printf, 2, 3)));
167 int sshbuf_putfv(struct sshbuf *buf, const char *fmt, va_list ap);
168 
169 /* Functions to extract or store big-endian words of various sizes */
170 int sshbuf_get_u64(struct sshbuf *buf, u_int64_t *valp);
171 int sshbuf_get_u32(struct sshbuf *buf, u_int32_t *valp);
172 int sshbuf_get_u16(struct sshbuf *buf, u_int16_t *valp);
173 int sshbuf_get_u8(struct sshbuf *buf, u_char *valp);
174 int sshbuf_put_u64(struct sshbuf *buf, u_int64_t val);
175 int sshbuf_put_u32(struct sshbuf *buf, u_int32_t val);
176 int sshbuf_put_u16(struct sshbuf *buf, u_int16_t val);
177 int sshbuf_put_u8(struct sshbuf *buf, u_char val);
178 
179 /* Functions to peek at the contents of a buffer without modifying it. */
180 int sshbuf_peek_u64(const struct sshbuf *buf, size_t offset,
181  u_int64_t *valp);
182 int sshbuf_peek_u32(const struct sshbuf *buf, size_t offset,
183  u_int32_t *valp);
184 int sshbuf_peek_u16(const struct sshbuf *buf, size_t offset,
185  u_int16_t *valp);
186 int sshbuf_peek_u8(const struct sshbuf *buf, size_t offset,
187  u_char *valp);
188 
189 /*
190  * Functions to poke values into an existing buffer (e.g. a length header
191  * to a packet). The destination bytes must already exist in the buffer.
192  */
193 int sshbuf_poke_u64(struct sshbuf *buf, size_t offset, u_int64_t val);
194 int sshbuf_poke_u32(struct sshbuf *buf, size_t offset, u_int32_t val);
195 int sshbuf_poke_u16(struct sshbuf *buf, size_t offset, u_int16_t val);
196 int sshbuf_poke_u8(struct sshbuf *buf, size_t offset, u_char val);
197 int sshbuf_poke(struct sshbuf *buf, size_t offset, void *v, size_t len);
198 
199 /*
200  * Functions to extract or store SSH wire encoded strings (u32 len || data)
201  * The "cstring" variants admit no \0 characters in the string contents.
202  * Caller must free *valp.
203  */
204 int sshbuf_get_string(struct sshbuf *buf, u_char **valp, size_t *lenp);
205 int sshbuf_get_cstring(struct sshbuf *buf, char **valp, size_t *lenp);
206 int sshbuf_get_stringb(struct sshbuf *buf, struct sshbuf *v);
207 int sshbuf_put_string(struct sshbuf *buf, const void *v, size_t len);
208 int sshbuf_put_cstring(struct sshbuf *buf, const char *v);
209 int sshbuf_put_stringb(struct sshbuf *buf, const struct sshbuf *v);
210 
211 /*
212  * "Direct" variant of sshbuf_get_string, returns pointer into the sshbuf to
213  * avoid an malloc+memcpy. The pointer is guaranteed to be valid until the
214  * next sshbuf-modifying function call. Caller does not free.
215  */
216 int sshbuf_get_string_direct(struct sshbuf *buf, const u_char **valp,
217  size_t *lenp);
218 
219 /* Skip past a string */
220 #define sshbuf_skip_string(buf) sshbuf_get_string_direct(buf, NULL, NULL)
221 
222 /* Another variant: "peeks" into the buffer without modifying it */
223 int sshbuf_peek_string_direct(const struct sshbuf *buf, const u_char **valp,
224  size_t *lenp);
225 
226 /*
227  * Functions to extract or store SSH wire encoded bignums and elliptic
228  * curve points.
229  */
230 int sshbuf_put_bignum2_bytes(struct sshbuf *buf, const void *v, size_t len);
231 int sshbuf_get_bignum2_bytes_direct(struct sshbuf *buf,
232  const u_char **valp, size_t *lenp);
233 #ifdef WITH_OPENSSL
234 int sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM **valp);
235 int sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v);
236 # ifdef OPENSSL_HAS_ECC
237 int sshbuf_get_ec(struct sshbuf *buf, EC_POINT *v, const EC_GROUP *g);
238 int sshbuf_get_eckey(struct sshbuf *buf, EC_KEY *v);
239 int sshbuf_put_ec(struct sshbuf *buf, const EC_POINT *v, const EC_GROUP *g);
240 int sshbuf_put_eckey(struct sshbuf *buf, const EC_KEY *v);
241 # endif /* OPENSSL_HAS_ECC */
242 #endif /* WITH_OPENSSL */
243 
244 /* Dump the contents of the buffer in a human-readable format */
245 void sshbuf_dump(const struct sshbuf *buf, FILE *f);
246 
247 /* Dump specified memory in a human-readable format */
248 void sshbuf_dump_data(const void *s, size_t len, FILE *f);
249 
250 /* Return the hexadecimal representation of the contents of the buffer */
251 char *sshbuf_dtob16(struct sshbuf *buf);
252 
253 /* Encode the contents of the buffer as base64 */
254 char *sshbuf_dtob64_string(const struct sshbuf *buf, int wrap);
255 int sshbuf_dtob64(const struct sshbuf *d, struct sshbuf *b64, int wrap);
256 /* RFC4648 "base64url" encoding variant */
257 int sshbuf_dtourlb64(const struct sshbuf *d, struct sshbuf *b64, int wrap);
258 
259 /* Decode base64 data and append it to the buffer */
260 int sshbuf_b64tod(struct sshbuf *buf, const char *b64);
261 
262 /*
263  * Tests whether the buffer contains the specified byte sequence at the
264  * specified offset. Returns 0 on successful match, or a ssherr.h code
265  * otherwise. SSH_ERR_INVALID_FORMAT indicates sufficient bytes were
266  * present but the buffer contents did not match those supplied. Zero-
267  * length comparisons are not allowed.
268  *
269  * If sufficient data is present to make a comparison, then it is
270  * performed with timing independent of the value of the data. If
271  * insufficient data is present then the comparison is not attempted at
272  * all.
273  */
274 int sshbuf_cmp(const struct sshbuf *b, size_t offset,
275  const void *s, size_t len);
276 
277 /*
278  * Searches the buffer for the specified string. Returns 0 on success
279  * and updates *offsetp with the offset of the first match, relative to
280  * the start of the buffer. Otherwise sshbuf_find will return a ssherr.h
281  * error code. SSH_ERR_INVALID_FORMAT indicates sufficient bytes were
282  * present in the buffer for a match to be possible but none was found.
283  * Searches for zero-length data are not allowed.
284  */
285 int
286 sshbuf_find(const struct sshbuf *b, size_t start_offset,
287  const void *s, size_t len, size_t *offsetp);
288 
289 /*
290  * Duplicate the contents of a buffer to a string (caller to free).
291  * Returns NULL on buffer error, or if the buffer contains a premature
292  * nul character.
293  */
294 char *sshbuf_dup_string(struct sshbuf *buf);
295 
296 /*
297  * Fill a buffer from a file descriptor or filename. Both allocate the
298  * buffer for the caller.
299  */
300 int sshbuf_load_fd(int, struct sshbuf **)
301  __attribute__((__nonnull__ (2)));
302 int sshbuf_load_file(const char *, struct sshbuf **)
303  __attribute__((__nonnull__ (2)));
304 
305 /*
306  * Write a buffer to a path, creating/truncating as needed (mode 0644,
307  * subject to umask). The buffer contents are not modified.
308  */
309 int sshbuf_write_file(const char *path, struct sshbuf *buf)
310  __attribute__((__nonnull__ (2)));
311 
312 /* Macros for decoding/encoding integers */
313 #define PEEK_U64(p) \
314  (((u_int64_t)(((const u_char *)(p))[0]) << 56) | \
315  ((u_int64_t)(((const u_char *)(p))[1]) << 48) | \
316  ((u_int64_t)(((const u_char *)(p))[2]) << 40) | \
317  ((u_int64_t)(((const u_char *)(p))[3]) << 32) | \
318  ((u_int64_t)(((const u_char *)(p))[4]) << 24) | \
319  ((u_int64_t)(((const u_char *)(p))[5]) << 16) | \
320  ((u_int64_t)(((const u_char *)(p))[6]) << 8) | \
321  (u_int64_t)(((const u_char *)(p))[7]))
322 #define PEEK_U32(p) \
323  (((u_int32_t)(((const u_char *)(p))[0]) << 24) | \
324  ((u_int32_t)(((const u_char *)(p))[1]) << 16) | \
325  ((u_int32_t)(((const u_char *)(p))[2]) << 8) | \
326  (u_int32_t)(((const u_char *)(p))[3]))
327 #define PEEK_U16(p) \
328  (((u_int16_t)(((const u_char *)(p))[0]) << 8) | \
329  (u_int16_t)(((const u_char *)(p))[1]))
330 
331 #define POKE_U64(p, v) \
332  do { \
333  const u_int64_t __v = (v); \
334  ((u_char *)(p))[0] = (__v >> 56) & 0xff; \
335  ((u_char *)(p))[1] = (__v >> 48) & 0xff; \
336  ((u_char *)(p))[2] = (__v >> 40) & 0xff; \
337  ((u_char *)(p))[3] = (__v >> 32) & 0xff; \
338  ((u_char *)(p))[4] = (__v >> 24) & 0xff; \
339  ((u_char *)(p))[5] = (__v >> 16) & 0xff; \
340  ((u_char *)(p))[6] = (__v >> 8) & 0xff; \
341  ((u_char *)(p))[7] = __v & 0xff; \
342  } while (0)
343 #define POKE_U32(p, v) \
344  do { \
345  const u_int32_t __v = (v); \
346  ((u_char *)(p))[0] = (__v >> 24) & 0xff; \
347  ((u_char *)(p))[1] = (__v >> 16) & 0xff; \
348  ((u_char *)(p))[2] = (__v >> 8) & 0xff; \
349  ((u_char *)(p))[3] = __v & 0xff; \
350  } while (0)
351 #define POKE_U16(p, v) \
352  do { \
353  const u_int16_t __v = (v); \
354  ((u_char *)(p))[0] = (__v >> 8) & 0xff; \
355  ((u_char *)(p))[1] = __v & 0xff; \
356  } while (0)
357 
358 /* Internal definitions follow. Exposed for regress tests */
359 #ifdef SSHBUF_INTERNAL
360 
361 /*
362  * Return the allocation size of buf
363  */
364 size_t sshbuf_alloc(const struct sshbuf *buf);
365 
366 /*
367  * Increment the reference count of buf.
368  */
369 int sshbuf_set_parent(struct sshbuf *child, struct sshbuf *parent);
370 
371 /*
372  * Return the parent buffer of buf, or NULL if it has no parent.
373  */
374 const struct sshbuf *sshbuf_parent(const struct sshbuf *buf);
375 
376 /*
377  * Return the reference count of buf
378  */
379 u_int sshbuf_refcount(const struct sshbuf *buf);
380 
381 # define SSHBUF_SIZE_INIT 256 /* Initial allocation */
382 # define SSHBUF_SIZE_INC 256 /* Preferred increment length */
383 # define SSHBUF_PACK_MIN 8192 /* Minimim packable offset */
384 
385 /* # define SSHBUF_ABORT abort */
386 /* # define SSHBUF_DEBUG */
387 
388 # ifndef SSHBUF_ABORT
389 # define SSHBUF_ABORT()
390 # endif
391 
392 # ifdef SSHBUF_DEBUG
393 # define SSHBUF_TELL(what) do { \
394  printf("%s:%d %s: %s size %zu alloc %zu off %zu max %zu\n", \
395  __FILE__, __LINE__, __func__, what, \
396  buf->size, buf->alloc, buf->off, buf->max_size); \
397  fflush(stdout); \
398  } while (0)
399 # define SSHBUF_DBG(x) do { \
400  printf("%s:%d %s: ", __FILE__, __LINE__, __func__); \
401  printf x; \
402  printf("\n"); \
403  fflush(stdout); \
404  } while (0)
405 # else
406 # define SSHBUF_TELL(what)
407 # define SSHBUF_DBG(x)
408 # endif
409 #endif /* SSHBUF_INTERNAL */
410 
411 #endif /* _SSHBUF_H */