blob: 033feb072dce758693c42faa9f9cce161be688c0 [file] [log] [blame]
djm@openbsd.org49fa0652019-07-30 05:04:49 +00001/* $OpenBSD: sshbuf.h,v 1.17 2019/07/30 05:04:49 djm Exp $ */
Damien Miller05e82c32014-05-15 14:33:43 +10002/*
3 * Copyright (c) 2011 Damien Miller
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#ifndef _SSHBUF_H
19#define _SSHBUF_H
20
21#include <sys/types.h>
22#include <stdarg.h>
23#include <stdio.h>
Damien Miller88137902014-08-19 11:28:11 +100024#ifdef WITH_OPENSSL
25# include <openssl/bn.h>
26# ifdef OPENSSL_HAS_ECC
27# include <openssl/ec.h>
28# endif /* OPENSSL_HAS_ECC */
29#endif /* WITH_OPENSSL */
Damien Miller05e82c32014-05-15 14:33:43 +100030
31#define SSHBUF_SIZE_MAX 0x8000000 /* Hard maximum size */
32#define SSHBUF_REFS_MAX 0x100000 /* Max child buffers */
33#define SSHBUF_MAX_BIGNUM (16384 / 8) /* Max bignum *bytes* */
34#define SSHBUF_MAX_ECPOINT ((528 * 2 / 8) + 1) /* Max EC point *bytes* */
35
36/*
37 * NB. do not depend on the internals of this. It will be made opaque
38 * one day.
39 */
40struct sshbuf {
41 u_char *d; /* Data */
42 const u_char *cd; /* Const data */
43 size_t off; /* First available byte is buf->d + buf->off */
44 size_t size; /* Last byte is buf->d + buf->size - 1 */
45 size_t max_size; /* Maximum size of buffer */
46 size_t alloc; /* Total bytes allocated to buf->d */
47 int readonly; /* Refers to external, const data */
48 int dont_free; /* Kludge to support sshbuf_init */
49 u_int refcount; /* Tracks self and number of child buffers */
50 struct sshbuf *parent; /* If child, pointer to parent */
51};
52
Damien Miller05e82c32014-05-15 14:33:43 +100053/*
54 * Create a new sshbuf buffer.
55 * Returns pointer to buffer on success, or NULL on allocation failure.
56 */
57struct sshbuf *sshbuf_new(void);
58
59/*
60 * Create a new, read-only sshbuf buffer from existing data.
61 * Returns pointer to buffer on success, or NULL on allocation failure.
62 */
63struct sshbuf *sshbuf_from(const void *blob, size_t len);
64
65/*
66 * Create a new, read-only sshbuf buffer from the contents of an existing
67 * buffer. The contents of "buf" must not change in the lifetime of the
68 * resultant buffer.
69 * Returns pointer to buffer on success, or NULL on allocation failure.
70 */
71struct sshbuf *sshbuf_fromb(struct sshbuf *buf);
72
73/*
74 * Create a new, read-only sshbuf buffer from the contents of a string in
75 * an existing buffer (the string is consumed in the process).
76 * The contents of "buf" must not change in the lifetime of the resultant
77 * buffer.
78 * Returns pointer to buffer on success, or NULL on allocation failure.
79 */
80int sshbuf_froms(struct sshbuf *buf, struct sshbuf **bufp);
81
82/*
83 * Clear and free buf
84 */
85void sshbuf_free(struct sshbuf *buf);
86
87/*
88 * Reset buf, clearing its contents. NB. max_size is preserved.
89 */
90void sshbuf_reset(struct sshbuf *buf);
91
92/*
93 * Return the maximum size of buf
94 */
95size_t sshbuf_max_size(const struct sshbuf *buf);
96
97/*
98 * Set the maximum size of buf
99 * Returns 0 on success, or a negative SSH_ERR_* error code on failure.
100 */
101int sshbuf_set_max_size(struct sshbuf *buf, size_t max_size);
102
103/*
104 * Returns the length of data in buf
105 */
106size_t sshbuf_len(const struct sshbuf *buf);
107
108/*
109 * Returns number of bytes left in buffer before hitting max_size.
110 */
111size_t sshbuf_avail(const struct sshbuf *buf);
112
113/*
mmcc@openbsd.org8e56dd42015-12-10 07:01:35 +0000114 * Returns a read-only pointer to the start of the data in buf
Damien Miller05e82c32014-05-15 14:33:43 +1000115 */
116const u_char *sshbuf_ptr(const struct sshbuf *buf);
117
118/*
mmcc@openbsd.org8e56dd42015-12-10 07:01:35 +0000119 * Returns a mutable pointer to the start of the data in buf, or
Damien Miller05e82c32014-05-15 14:33:43 +1000120 * NULL if the buffer is read-only.
121 */
122u_char *sshbuf_mutable_ptr(const struct sshbuf *buf);
123
124/*
125 * Check whether a reservation of size len will succeed in buf
126 * Safer to use than direct comparisons again sshbuf_avail as it copes
127 * with unsigned overflows correctly.
128 * Returns 0 on success, or a negative SSH_ERR_* error code on failure.
129 */
130int sshbuf_check_reserve(const struct sshbuf *buf, size_t len);
131
132/*
djm@openbsd.orga9c74602016-11-25 23:22:04 +0000133 * Preallocates len additional bytes in buf.
134 * Useful for cases where the caller knows how many bytes will ultimately be
135 * required to avoid realloc in the buffer code.
136 * Returns 0 on success, or a negative SSH_ERR_* error code on failure.
137 */
138int sshbuf_allocate(struct sshbuf *buf, size_t len);
139
140/*
Damien Miller05e82c32014-05-15 14:33:43 +1000141 * Reserve len bytes in buf.
142 * Returns 0 on success and a pointer to the first reserved byte via the
143 * optional dpp parameter or a negative * SSH_ERR_* error code on failure.
144 */
145int sshbuf_reserve(struct sshbuf *buf, size_t len, u_char **dpp);
146
147/*
148 * Consume len bytes from the start of buf
149 * Returns 0 on success, or a negative SSH_ERR_* error code on failure.
150 */
151int sshbuf_consume(struct sshbuf *buf, size_t len);
152
153/*
154 * Consume len bytes from the end of buf
155 * Returns 0 on success, or a negative SSH_ERR_* error code on failure.
156 */
157int sshbuf_consume_end(struct sshbuf *buf, size_t len);
158
159/* Extract or deposit some bytes */
160int sshbuf_get(struct sshbuf *buf, void *v, size_t len);
161int sshbuf_put(struct sshbuf *buf, const void *v, size_t len);
162int sshbuf_putb(struct sshbuf *buf, const struct sshbuf *v);
163
164/* Append using a printf(3) format */
165int sshbuf_putf(struct sshbuf *buf, const char *fmt, ...)
166 __attribute__((format(printf, 2, 3)));
167int sshbuf_putfv(struct sshbuf *buf, const char *fmt, va_list ap);
168
169/* Functions to extract or store big-endian words of various sizes */
170int sshbuf_get_u64(struct sshbuf *buf, u_int64_t *valp);
171int sshbuf_get_u32(struct sshbuf *buf, u_int32_t *valp);
172int sshbuf_get_u16(struct sshbuf *buf, u_int16_t *valp);
173int sshbuf_get_u8(struct sshbuf *buf, u_char *valp);
174int sshbuf_put_u64(struct sshbuf *buf, u_int64_t val);
175int sshbuf_put_u32(struct sshbuf *buf, u_int32_t val);
176int sshbuf_put_u16(struct sshbuf *buf, u_int16_t val);
177int sshbuf_put_u8(struct sshbuf *buf, u_char val);
178
djm@openbsd.org101d1642019-07-14 23:32:27 +0000179/* Functions to peek at the contents of a buffer without modifying it. */
180int sshbuf_peek_u64(const struct sshbuf *buf, size_t offset,
181 u_int64_t *valp);
182int sshbuf_peek_u32(const struct sshbuf *buf, size_t offset,
183 u_int32_t *valp);
184int sshbuf_peek_u16(const struct sshbuf *buf, size_t offset,
185 u_int16_t *valp);
186int sshbuf_peek_u8(const struct sshbuf *buf, size_t offset,
187 u_char *valp);
188
189/*
190 * Functions to poke values into an exisiting buffer (e.g. a length header
191 * to a packet). The destination bytes must already exist in the buffer.
192 */
193int sshbuf_poke_u64(struct sshbuf *buf, size_t offset, u_int64_t val);
194int sshbuf_poke_u32(struct sshbuf *buf, size_t offset, u_int32_t val);
195int sshbuf_poke_u16(struct sshbuf *buf, size_t offset, u_int16_t val);
196int sshbuf_poke_u8(struct sshbuf *buf, size_t offset, u_char val);
197int sshbuf_poke(struct sshbuf *buf, size_t offset, void *v, size_t len);
198
Damien Miller05e82c32014-05-15 14:33:43 +1000199/*
200 * Functions to extract or store SSH wire encoded strings (u32 len || data)
201 * The "cstring" variants admit no \0 characters in the string contents.
202 * Caller must free *valp.
203 */
204int sshbuf_get_string(struct sshbuf *buf, u_char **valp, size_t *lenp);
205int sshbuf_get_cstring(struct sshbuf *buf, char **valp, size_t *lenp);
206int sshbuf_get_stringb(struct sshbuf *buf, struct sshbuf *v);
207int sshbuf_put_string(struct sshbuf *buf, const void *v, size_t len);
208int sshbuf_put_cstring(struct sshbuf *buf, const char *v);
209int sshbuf_put_stringb(struct sshbuf *buf, const struct sshbuf *v);
210
211/*
212 * "Direct" variant of sshbuf_get_string, returns pointer into the sshbuf to
213 * avoid an malloc+memcpy. The pointer is guaranteed to be valid until the
214 * next sshbuf-modifying function call. Caller does not free.
215 */
216int sshbuf_get_string_direct(struct sshbuf *buf, const u_char **valp,
217 size_t *lenp);
218
219/* Skip past a string */
220#define sshbuf_skip_string(buf) sshbuf_get_string_direct(buf, NULL, NULL)
221
222/* Another variant: "peeks" into the buffer without modifying it */
223int sshbuf_peek_string_direct(const struct sshbuf *buf, const u_char **valp,
224 size_t *lenp);
225
226/*
227 * Functions to extract or store SSH wire encoded bignums and elliptic
228 * curve points.
229 */
Damien Miller88137902014-08-19 11:28:11 +1000230int sshbuf_put_bignum2_bytes(struct sshbuf *buf, const void *v, size_t len);
Damien Millerb03ebe22015-01-15 03:08:58 +1100231int sshbuf_get_bignum2_bytes_direct(struct sshbuf *buf,
232 const u_char **valp, size_t *lenp);
Damien Miller88137902014-08-19 11:28:11 +1000233#ifdef WITH_OPENSSL
djm@openbsd.org7be85722019-01-21 09:54:11 +0000234int sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM **valp);
Damien Miller05e82c32014-05-15 14:33:43 +1000235int sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v);
Damien Miller88137902014-08-19 11:28:11 +1000236# ifdef OPENSSL_HAS_ECC
Darren Tuckera54a0402014-06-11 07:58:35 +1000237int sshbuf_get_ec(struct sshbuf *buf, EC_POINT *v, const EC_GROUP *g);
238int sshbuf_get_eckey(struct sshbuf *buf, EC_KEY *v);
Damien Miller05e82c32014-05-15 14:33:43 +1000239int sshbuf_put_ec(struct sshbuf *buf, const EC_POINT *v, const EC_GROUP *g);
240int sshbuf_put_eckey(struct sshbuf *buf, const EC_KEY *v);
Damien Miller88137902014-08-19 11:28:11 +1000241# endif /* OPENSSL_HAS_ECC */
242#endif /* WITH_OPENSSL */
Damien Miller05e82c32014-05-15 14:33:43 +1000243
Damien Miller86687062014-07-02 15:28:02 +1000244/* Dump the contents of the buffer in a human-readable format */
Damien Miller05e82c32014-05-15 14:33:43 +1000245void sshbuf_dump(struct sshbuf *buf, FILE *f);
246
Damien Miller86687062014-07-02 15:28:02 +1000247/* Dump specified memory in a human-readable format */
248void sshbuf_dump_data(const void *s, size_t len, FILE *f);
249
Damien Miller05e82c32014-05-15 14:33:43 +1000250/* Return the hexadecimal representation of the contents of the buffer */
251char *sshbuf_dtob16(struct sshbuf *buf);
252
253/* Encode the contents of the buffer as base64 */
djm@openbsd.org16dd8b22019-07-16 13:18:39 +0000254char *sshbuf_dtob64_string(const struct sshbuf *buf, int wrap);
255int sshbuf_dtob64(const struct sshbuf *d, struct sshbuf *b64, int wrap);
Damien Miller05e82c32014-05-15 14:33:43 +1000256
257/* Decode base64 data and append it to the buffer */
258int sshbuf_b64tod(struct sshbuf *buf, const char *b64);
259
djm@openbsd.org1a31d022016-05-02 08:49:03 +0000260/*
djm@openbsd.orge18a27e2019-07-15 13:11:38 +0000261 * Tests whether the buffer contains the specified byte sequence at the
262 * specified offset. Returns 0 on successful match, or a ssherr.h code
263 * otherwise. SSH_ERR_INVALID_FORMAT indicates sufficient bytes were
264 * present but the buffer contents did not match those supplied. Zero-
265 * length comparisons are not allowed.
266 *
267 * If sufficient data is present to make a comparison, then it is
268 * performed with timing independent of the value of the data. If
269 * insufficient data is present then the comparison is not attempted at
270 * all.
271 */
272int sshbuf_cmp(const struct sshbuf *b, size_t offset,
djm@openbsd.org49fa0652019-07-30 05:04:49 +0000273 const void *s, size_t len);
djm@openbsd.orge18a27e2019-07-15 13:11:38 +0000274
275/*
276 * Searches the buffer for the specified string. Returns 0 on success
277 * and updates *offsetp with the offset of the first match, relative to
278 * the start of the buffer. Otherwise sshbuf_find will return a ssherr.h
279 * error code. SSH_ERR_INVALID_FORMAT indicates sufficient bytes were
280 * present in the buffer for a match to be possible but none was found.
281 * Searches for zero-length data are not allowed.
282 */
283int
284sshbuf_find(const struct sshbuf *b, size_t start_offset,
djm@openbsd.org49fa0652019-07-30 05:04:49 +0000285 const void *s, size_t len, size_t *offsetp);
djm@openbsd.orge18a27e2019-07-15 13:11:38 +0000286
287/*
djm@openbsd.org1a31d022016-05-02 08:49:03 +0000288 * Duplicate the contents of a buffer to a string (caller to free).
289 * Returns NULL on buffer error, or if the buffer contains a premature
290 * nul character.
291 */
292char *sshbuf_dup_string(struct sshbuf *buf);
293
Damien Miller05e82c32014-05-15 14:33:43 +1000294/* Macros for decoding/encoding integers */
295#define PEEK_U64(p) \
djm@openbsd.orga7994b32015-11-11 04:56:39 +0000296 (((u_int64_t)(((const u_char *)(p))[0]) << 56) | \
297 ((u_int64_t)(((const u_char *)(p))[1]) << 48) | \
298 ((u_int64_t)(((const u_char *)(p))[2]) << 40) | \
299 ((u_int64_t)(((const u_char *)(p))[3]) << 32) | \
300 ((u_int64_t)(((const u_char *)(p))[4]) << 24) | \
301 ((u_int64_t)(((const u_char *)(p))[5]) << 16) | \
302 ((u_int64_t)(((const u_char *)(p))[6]) << 8) | \
303 (u_int64_t)(((const u_char *)(p))[7]))
Damien Miller05e82c32014-05-15 14:33:43 +1000304#define PEEK_U32(p) \
djm@openbsd.orga7994b32015-11-11 04:56:39 +0000305 (((u_int32_t)(((const u_char *)(p))[0]) << 24) | \
306 ((u_int32_t)(((const u_char *)(p))[1]) << 16) | \
307 ((u_int32_t)(((const u_char *)(p))[2]) << 8) | \
308 (u_int32_t)(((const u_char *)(p))[3]))
Damien Miller05e82c32014-05-15 14:33:43 +1000309#define PEEK_U16(p) \
djm@openbsd.orga7994b32015-11-11 04:56:39 +0000310 (((u_int16_t)(((const u_char *)(p))[0]) << 8) | \
311 (u_int16_t)(((const u_char *)(p))[1]))
Damien Miller05e82c32014-05-15 14:33:43 +1000312
313#define POKE_U64(p, v) \
314 do { \
djm@openbsd.orga7994b32015-11-11 04:56:39 +0000315 const u_int64_t __v = (v); \
316 ((u_char *)(p))[0] = (__v >> 56) & 0xff; \
317 ((u_char *)(p))[1] = (__v >> 48) & 0xff; \
318 ((u_char *)(p))[2] = (__v >> 40) & 0xff; \
319 ((u_char *)(p))[3] = (__v >> 32) & 0xff; \
320 ((u_char *)(p))[4] = (__v >> 24) & 0xff; \
321 ((u_char *)(p))[5] = (__v >> 16) & 0xff; \
322 ((u_char *)(p))[6] = (__v >> 8) & 0xff; \
323 ((u_char *)(p))[7] = __v & 0xff; \
Damien Miller05e82c32014-05-15 14:33:43 +1000324 } while (0)
325#define POKE_U32(p, v) \
326 do { \
djm@openbsd.orga7994b32015-11-11 04:56:39 +0000327 const u_int32_t __v = (v); \
328 ((u_char *)(p))[0] = (__v >> 24) & 0xff; \
329 ((u_char *)(p))[1] = (__v >> 16) & 0xff; \
330 ((u_char *)(p))[2] = (__v >> 8) & 0xff; \
331 ((u_char *)(p))[3] = __v & 0xff; \
Damien Miller05e82c32014-05-15 14:33:43 +1000332 } while (0)
333#define POKE_U16(p, v) \
334 do { \
djm@openbsd.orga7994b32015-11-11 04:56:39 +0000335 const u_int16_t __v = (v); \
336 ((u_char *)(p))[0] = (__v >> 8) & 0xff; \
337 ((u_char *)(p))[1] = __v & 0xff; \
Damien Miller05e82c32014-05-15 14:33:43 +1000338 } while (0)
339
340/* Internal definitions follow. Exposed for regress tests */
341#ifdef SSHBUF_INTERNAL
342
343/*
344 * Return the allocation size of buf
345 */
346size_t sshbuf_alloc(const struct sshbuf *buf);
347
348/*
349 * Increment the reference count of buf.
350 */
351int sshbuf_set_parent(struct sshbuf *child, struct sshbuf *parent);
352
353/*
354 * Return the parent buffer of buf, or NULL if it has no parent.
355 */
356const struct sshbuf *sshbuf_parent(const struct sshbuf *buf);
357
358/*
359 * Return the reference count of buf
360 */
361u_int sshbuf_refcount(const struct sshbuf *buf);
362
363# define SSHBUF_SIZE_INIT 256 /* Initial allocation */
364# define SSHBUF_SIZE_INC 256 /* Preferred increment length */
365# define SSHBUF_PACK_MIN 8192 /* Minimim packable offset */
366
367/* # define SSHBUF_ABORT abort */
368/* # define SSHBUF_DEBUG */
369
370# ifndef SSHBUF_ABORT
371# define SSHBUF_ABORT()
372# endif
373
374# ifdef SSHBUF_DEBUG
375# define SSHBUF_TELL(what) do { \
376 printf("%s:%d %s: %s size %zu alloc %zu off %zu max %zu\n", \
377 __FILE__, __LINE__, __func__, what, \
378 buf->size, buf->alloc, buf->off, buf->max_size); \
379 fflush(stdout); \
380 } while (0)
381# define SSHBUF_DBG(x) do { \
382 printf("%s:%d %s: ", __FILE__, __LINE__, __func__); \
383 printf x; \
384 printf("\n"); \
385 fflush(stdout); \
386 } while (0)
387# else
388# define SSHBUF_TELL(what)
389# define SSHBUF_DBG(x)
390# endif
391#endif /* SSHBUF_INTERNAL */
392
393#endif /* _SSHBUF_H */