Damien Miller | 99db840 | 2014-07-02 12:48:04 +1000 | [diff] [blame] | 1 | /* $OpenBSD: sshbuf-getput-crypto.c,v 1.2 2014/06/18 15:42:09 naddy Exp $ */ |
Damien Miller | 05e82c3 | 2014-05-15 14:33:43 +1000 | [diff] [blame] | 2 | /* |
| 3 | * Copyright (c) 2011 Damien Miller |
| 4 | * |
| 5 | * Permission to use, copy, modify, and distribute this software for any |
| 6 | * purpose with or without fee is hereby granted, provided that the above |
| 7 | * copyright notice and this permission notice appear in all copies. |
| 8 | * |
| 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
| 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
| 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR |
| 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
| 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN |
| 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
| 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
| 16 | */ |
| 17 | |
Damien Miller | e5b9f0f | 2014-05-15 14:58:07 +1000 | [diff] [blame] | 18 | #define SSHBUF_INTERNAL |
Damien Miller | 05e82c3 | 2014-05-15 14:33:43 +1000 | [diff] [blame] | 19 | #include "includes.h" |
| 20 | |
| 21 | #include <sys/types.h> |
| 22 | #include <stdlib.h> |
| 23 | #include <stdio.h> |
| 24 | #include <string.h> |
| 25 | |
| 26 | #include <openssl/bn.h> |
| 27 | #include <openssl/ec.h> |
| 28 | |
| 29 | #include "ssherr.h" |
Damien Miller | 05e82c3 | 2014-05-15 14:33:43 +1000 | [diff] [blame] | 30 | #include "sshbuf.h" |
| 31 | |
| 32 | int |
| 33 | sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM *v) |
| 34 | { |
| 35 | const u_char *d; |
| 36 | size_t len; |
| 37 | int r; |
| 38 | |
| 39 | if ((r = sshbuf_peek_string_direct(buf, &d, &len)) < 0) |
| 40 | return r; |
Damien Miller | 99db840 | 2014-07-02 12:48:04 +1000 | [diff] [blame] | 41 | /* Refuse negative (MSB set) bignums */ |
Damien Miller | 05e82c3 | 2014-05-15 14:33:43 +1000 | [diff] [blame] | 42 | if ((len != 0 && (*d & 0x80) != 0)) |
| 43 | return SSH_ERR_BIGNUM_IS_NEGATIVE; |
Damien Miller | 99db840 | 2014-07-02 12:48:04 +1000 | [diff] [blame] | 44 | /* Refuse overlong bignums, allow prepended \0 to avoid MSB set */ |
| 45 | if (len > SSHBUF_MAX_BIGNUM + 1 || |
| 46 | (len == SSHBUF_MAX_BIGNUM + 1 && *d != 0)) |
Damien Miller | 05e82c3 | 2014-05-15 14:33:43 +1000 | [diff] [blame] | 47 | return SSH_ERR_BIGNUM_TOO_LARGE; |
| 48 | if (v != NULL && BN_bin2bn(d, len, v) == NULL) |
| 49 | return SSH_ERR_ALLOC_FAIL; |
| 50 | /* Consume the string */ |
| 51 | if (sshbuf_get_string_direct(buf, NULL, NULL) != 0) { |
| 52 | /* Shouldn't happen */ |
| 53 | SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR")); |
| 54 | SSHBUF_ABORT(); |
| 55 | return SSH_ERR_INTERNAL_ERROR; |
| 56 | } |
| 57 | return 0; |
| 58 | } |
| 59 | |
| 60 | int |
| 61 | sshbuf_get_bignum1(struct sshbuf *buf, BIGNUM *v) |
| 62 | { |
| 63 | const u_char *d = sshbuf_ptr(buf); |
| 64 | u_int16_t len_bits; |
| 65 | size_t len_bytes; |
| 66 | |
| 67 | /* Length in bits */ |
| 68 | if (sshbuf_len(buf) < 2) |
| 69 | return SSH_ERR_MESSAGE_INCOMPLETE; |
| 70 | len_bits = PEEK_U16(d); |
| 71 | len_bytes = (len_bits + 7) >> 3; |
Damien Miller | 99db840 | 2014-07-02 12:48:04 +1000 | [diff] [blame] | 72 | if (len_bytes > SSHBUF_MAX_BIGNUM) |
Damien Miller | 05e82c3 | 2014-05-15 14:33:43 +1000 | [diff] [blame] | 73 | return SSH_ERR_BIGNUM_TOO_LARGE; |
| 74 | if (sshbuf_len(buf) < 2 + len_bytes) |
| 75 | return SSH_ERR_MESSAGE_INCOMPLETE; |
| 76 | if (v != NULL && BN_bin2bn(d + 2, len_bytes, v) == NULL) |
| 77 | return SSH_ERR_ALLOC_FAIL; |
| 78 | if (sshbuf_consume(buf, 2 + len_bytes) != 0) { |
| 79 | SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR")); |
| 80 | SSHBUF_ABORT(); |
| 81 | return SSH_ERR_INTERNAL_ERROR; |
| 82 | } |
| 83 | return 0; |
| 84 | } |
| 85 | |
| 86 | #ifdef OPENSSL_HAS_ECC |
| 87 | static int |
| 88 | get_ec(const u_char *d, size_t len, EC_POINT *v, const EC_GROUP *g) |
| 89 | { |
| 90 | /* Refuse overlong bignums */ |
| 91 | if (len == 0 || len > SSHBUF_MAX_ECPOINT) |
| 92 | return SSH_ERR_ECPOINT_TOO_LARGE; |
| 93 | /* Only handle uncompressed points */ |
| 94 | if (*d != POINT_CONVERSION_UNCOMPRESSED) |
| 95 | return SSH_ERR_INVALID_FORMAT; |
| 96 | if (v != NULL && EC_POINT_oct2point(g, v, d, len, NULL) != 1) |
| 97 | return SSH_ERR_INVALID_FORMAT; /* XXX assumption */ |
| 98 | return 0; |
| 99 | } |
| 100 | |
| 101 | int |
| 102 | sshbuf_get_ec(struct sshbuf *buf, EC_POINT *v, const EC_GROUP *g) |
| 103 | { |
| 104 | const u_char *d; |
| 105 | size_t len; |
| 106 | int r; |
| 107 | |
| 108 | if ((r = sshbuf_peek_string_direct(buf, &d, &len)) < 0) |
| 109 | return r; |
| 110 | if ((r = get_ec(d, len, v, g)) != 0) |
| 111 | return r; |
| 112 | /* Skip string */ |
| 113 | if (sshbuf_get_string_direct(buf, NULL, NULL) != 0) { |
| 114 | /* Shouldn't happen */ |
| 115 | SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR")); |
| 116 | SSHBUF_ABORT(); |
| 117 | return SSH_ERR_INTERNAL_ERROR; |
| 118 | } |
| 119 | return 0; |
| 120 | } |
| 121 | |
| 122 | int |
| 123 | sshbuf_get_eckey(struct sshbuf *buf, EC_KEY *v) |
| 124 | { |
| 125 | EC_POINT *pt = EC_POINT_new(EC_KEY_get0_group(v)); |
| 126 | int r; |
| 127 | const u_char *d; |
| 128 | size_t len; |
| 129 | |
| 130 | if (pt == NULL) { |
| 131 | SSHBUF_DBG(("SSH_ERR_ALLOC_FAIL")); |
| 132 | return SSH_ERR_ALLOC_FAIL; |
| 133 | } |
| 134 | if ((r = sshbuf_peek_string_direct(buf, &d, &len)) < 0) { |
| 135 | EC_POINT_free(pt); |
| 136 | return r; |
| 137 | } |
| 138 | if ((r = get_ec(d, len, pt, EC_KEY_get0_group(v))) != 0) { |
| 139 | EC_POINT_free(pt); |
| 140 | return r; |
| 141 | } |
| 142 | if (EC_KEY_set_public_key(v, pt) != 1) { |
| 143 | EC_POINT_free(pt); |
| 144 | return SSH_ERR_ALLOC_FAIL; /* XXX assumption */ |
| 145 | } |
| 146 | EC_POINT_free(pt); |
| 147 | /* Skip string */ |
| 148 | if (sshbuf_get_string_direct(buf, NULL, NULL) != 0) { |
| 149 | /* Shouldn't happen */ |
| 150 | SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR")); |
| 151 | SSHBUF_ABORT(); |
| 152 | return SSH_ERR_INTERNAL_ERROR; |
| 153 | } |
| 154 | return 0; |
| 155 | } |
| 156 | #endif /* OPENSSL_HAS_ECC */ |
| 157 | |
| 158 | int |
| 159 | sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v) |
| 160 | { |
| 161 | u_char d[SSHBUF_MAX_BIGNUM + 1]; |
| 162 | int len = BN_num_bytes(v), prepend = 0, r; |
| 163 | |
| 164 | if (len < 0 || len > SSHBUF_MAX_BIGNUM) |
| 165 | return SSH_ERR_INVALID_ARGUMENT; |
| 166 | *d = '\0'; |
| 167 | if (BN_bn2bin(v, d + 1) != len) |
| 168 | return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */ |
| 169 | /* If MSB is set, prepend a \0 */ |
| 170 | if (len > 0 && (d[1] & 0x80) != 0) |
| 171 | prepend = 1; |
| 172 | if ((r = sshbuf_put_string(buf, d + 1 - prepend, len + prepend)) < 0) { |
| 173 | bzero(d, sizeof(d)); |
| 174 | return r; |
| 175 | } |
| 176 | bzero(d, sizeof(d)); |
| 177 | return 0; |
| 178 | } |
| 179 | |
| 180 | int |
| 181 | sshbuf_put_bignum1(struct sshbuf *buf, const BIGNUM *v) |
| 182 | { |
| 183 | int r, len_bits = BN_num_bits(v); |
| 184 | size_t len_bytes = (len_bits + 7) / 8; |
| 185 | u_char d[SSHBUF_MAX_BIGNUM], *dp; |
| 186 | |
| 187 | if (len_bits < 0 || len_bytes > SSHBUF_MAX_BIGNUM) |
| 188 | return SSH_ERR_INVALID_ARGUMENT; |
| 189 | if (BN_bn2bin(v, d) != (int)len_bytes) |
| 190 | return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */ |
| 191 | if ((r = sshbuf_reserve(buf, len_bytes + 2, &dp)) < 0) { |
| 192 | bzero(d, sizeof(d)); |
| 193 | return r; |
| 194 | } |
| 195 | POKE_U16(dp, len_bits); |
| 196 | memcpy(dp + 2, d, len_bytes); |
| 197 | bzero(d, sizeof(d)); |
| 198 | return 0; |
| 199 | } |
| 200 | |
| 201 | #ifdef OPENSSL_HAS_ECC |
| 202 | int |
| 203 | sshbuf_put_ec(struct sshbuf *buf, const EC_POINT *v, const EC_GROUP *g) |
| 204 | { |
| 205 | u_char d[SSHBUF_MAX_ECPOINT]; |
| 206 | BN_CTX *bn_ctx; |
| 207 | size_t len; |
| 208 | int ret; |
| 209 | |
| 210 | if ((bn_ctx = BN_CTX_new()) == NULL) |
| 211 | return SSH_ERR_ALLOC_FAIL; |
| 212 | if ((len = EC_POINT_point2oct(g, v, POINT_CONVERSION_UNCOMPRESSED, |
| 213 | NULL, 0, bn_ctx)) > SSHBUF_MAX_ECPOINT) { |
| 214 | BN_CTX_free(bn_ctx); |
| 215 | return SSH_ERR_INVALID_ARGUMENT; |
| 216 | } |
| 217 | if (EC_POINT_point2oct(g, v, POINT_CONVERSION_UNCOMPRESSED, |
| 218 | d, len, bn_ctx) != len) { |
| 219 | BN_CTX_free(bn_ctx); |
| 220 | return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */ |
| 221 | } |
| 222 | BN_CTX_free(bn_ctx); |
| 223 | ret = sshbuf_put_string(buf, d, len); |
| 224 | bzero(d, len); |
| 225 | return ret; |
| 226 | } |
| 227 | |
| 228 | int |
| 229 | sshbuf_put_eckey(struct sshbuf *buf, const EC_KEY *v) |
| 230 | { |
| 231 | return sshbuf_put_ec(buf, EC_KEY_get0_public_key(v), |
| 232 | EC_KEY_get0_group(v)); |
| 233 | } |
| 234 | #endif /* OPENSSL_HAS_ECC */ |
| 235 | |