1 /*	$OpenBSD: sshbuf-getput-crypto.c,v 1.2 2014/06/18 15:42:09 naddy Exp $	*/
2 /*
3  * Copyright (c) 2011 Damien Miller
4  *
5  * Permission to use, copy, modify, and distribute this software for any
6  * purpose with or without fee is hereby granted, provided that the above
7  * copyright notice and this permission notice appear in all copies.
8  *
9  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16  */
17 
18 #define SSHBUF_INTERNAL
19 #include "includes.h"
20 
21 #include <sys/types.h>
22 #include <stdlib.h>
23 #include <stdio.h>
24 #include <string.h>
25 
26 #include <openssl/bn.h>
27 #ifdef OPENSSL_HAS_ECC
28 # include <openssl/ec.h>
29 #endif /* OPENSSL_HAS_ECC */
30 
31 #include "ssherr.h"
32 #include "sshbuf.h"
33 
34 int
35 sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM *v)
36 {
37 	const u_char *d;
38 	size_t len;
39 	int r;
40 
41 	if ((r = sshbuf_peek_string_direct(buf, &d, &len)) < 0)
42 		return r;
43 	/* Refuse negative (MSB set) bignums */
44 	if ((len != 0 && (*d & 0x80) != 0))
45 		return SSH_ERR_BIGNUM_IS_NEGATIVE;
46 	/* Refuse overlong bignums, allow prepended \0 to avoid MSB set */
47 	if (len > SSHBUF_MAX_BIGNUM + 1 ||
48 	    (len == SSHBUF_MAX_BIGNUM + 1 && *d != 0))
49 		return SSH_ERR_BIGNUM_TOO_LARGE;
50 	if (v != NULL && BN_bin2bn(d, len, v) == NULL)
51 		return SSH_ERR_ALLOC_FAIL;
52 	/* Consume the string */
53 	if (sshbuf_get_string_direct(buf, NULL, NULL) != 0) {
54 		/* Shouldn't happen */
55 		SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR"));
56 		SSHBUF_ABORT();
57 		return SSH_ERR_INTERNAL_ERROR;
58 	}
59 	return 0;
60 }
61 
62 int
63 sshbuf_get_bignum1(struct sshbuf *buf, BIGNUM *v)
64 {
65 	const u_char *d = sshbuf_ptr(buf);
66 	u_int16_t len_bits;
67 	size_t len_bytes;
68 
69 	/* Length in bits */
70 	if (sshbuf_len(buf) < 2)
71 		return SSH_ERR_MESSAGE_INCOMPLETE;
72 	len_bits = PEEK_U16(d);
73 	len_bytes = (len_bits + 7) >> 3;
74 	if (len_bytes > SSHBUF_MAX_BIGNUM)
75 		return SSH_ERR_BIGNUM_TOO_LARGE;
76 	if (sshbuf_len(buf) < 2 + len_bytes)
77 		return SSH_ERR_MESSAGE_INCOMPLETE;
78 	if (v != NULL && BN_bin2bn(d + 2, len_bytes, v) == NULL)
79 		return SSH_ERR_ALLOC_FAIL;
80 	if (sshbuf_consume(buf, 2 + len_bytes) != 0) {
81 		SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR"));
82 		SSHBUF_ABORT();
83 		return SSH_ERR_INTERNAL_ERROR;
84 	}
85 	return 0;
86 }
87 
88 #ifdef OPENSSL_HAS_ECC
89 static int
90 get_ec(const u_char *d, size_t len, EC_POINT *v, const EC_GROUP *g)
91 {
92 	/* Refuse overlong bignums */
93 	if (len == 0 || len > SSHBUF_MAX_ECPOINT)
94 		return SSH_ERR_ECPOINT_TOO_LARGE;
95 	/* Only handle uncompressed points */
96 	if (*d != POINT_CONVERSION_UNCOMPRESSED)
97 		return SSH_ERR_INVALID_FORMAT;
98 	if (v != NULL && EC_POINT_oct2point(g, v, d, len, NULL) != 1)
99 		return SSH_ERR_INVALID_FORMAT; /* XXX assumption */
100 	return 0;
101 }
102 
103 int
104 sshbuf_get_ec(struct sshbuf *buf, EC_POINT *v, const EC_GROUP *g)
105 {
106 	const u_char *d;
107 	size_t len;
108 	int r;
109 
110 	if ((r = sshbuf_peek_string_direct(buf, &d, &len)) < 0)
111 		return r;
112 	if ((r = get_ec(d, len, v, g)) != 0)
113 		return r;
114 	/* Skip string */
115 	if (sshbuf_get_string_direct(buf, NULL, NULL) != 0) {
116 		/* Shouldn't happen */
117 		SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR"));
118 		SSHBUF_ABORT();
119 		return SSH_ERR_INTERNAL_ERROR;
120 	}
121 	return 0;
122 }
123 
124 int
125 sshbuf_get_eckey(struct sshbuf *buf, EC_KEY *v)
126 {
127 	EC_POINT *pt = EC_POINT_new(EC_KEY_get0_group(v));
128 	int r;
129 	const u_char *d;
130 	size_t len;
131 
132 	if (pt == NULL) {
133 		SSHBUF_DBG(("SSH_ERR_ALLOC_FAIL"));
134 		return SSH_ERR_ALLOC_FAIL;
135 	}
136 	if ((r = sshbuf_peek_string_direct(buf, &d, &len)) < 0) {
137 		EC_POINT_free(pt);
138 		return r;
139 	}
140 	if ((r = get_ec(d, len, pt, EC_KEY_get0_group(v))) != 0) {
141 		EC_POINT_free(pt);
142 		return r;
143 	}
144 	if (EC_KEY_set_public_key(v, pt) != 1) {
145 		EC_POINT_free(pt);
146 		return SSH_ERR_ALLOC_FAIL; /* XXX assumption */
147 	}
148 	EC_POINT_free(pt);
149 	/* Skip string */
150 	if (sshbuf_get_string_direct(buf, NULL, NULL) != 0) {
151 		/* Shouldn't happen */
152 		SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR"));
153 		SSHBUF_ABORT();
154 		return SSH_ERR_INTERNAL_ERROR;
155 	}
156 	return 0;
157 }
158 #endif /* OPENSSL_HAS_ECC */
159 
160 int
161 sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v)
162 {
163 	u_char d[SSHBUF_MAX_BIGNUM + 1];
164 	int len = BN_num_bytes(v), prepend = 0, r;
165 
166 	if (len < 0 || len > SSHBUF_MAX_BIGNUM)
167 		return SSH_ERR_INVALID_ARGUMENT;
168 	*d = '\0';
169 	if (BN_bn2bin(v, d + 1) != len)
170 		return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */
171 	/* If MSB is set, prepend a \0 */
172 	if (len > 0 && (d[1] & 0x80) != 0)
173 		prepend = 1;
174 	if ((r = sshbuf_put_string(buf, d + 1 - prepend, len + prepend)) < 0) {
175 		bzero(d, sizeof(d));
176 		return r;
177 	}
178 	bzero(d, sizeof(d));
179 	return 0;
180 }
181 
182 int
183 sshbuf_put_bignum1(struct sshbuf *buf, const BIGNUM *v)
184 {
185 	int r, len_bits = BN_num_bits(v);
186 	size_t len_bytes = (len_bits + 7) / 8;
187 	u_char d[SSHBUF_MAX_BIGNUM], *dp;
188 
189 	if (len_bits < 0 || len_bytes > SSHBUF_MAX_BIGNUM)
190 		return SSH_ERR_INVALID_ARGUMENT;
191 	if (BN_bn2bin(v, d) != (int)len_bytes)
192 		return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */
193 	if ((r = sshbuf_reserve(buf, len_bytes + 2, &dp)) < 0) {
194 		bzero(d, sizeof(d));
195 		return r;
196 	}
197 	POKE_U16(dp, len_bits);
198 	memcpy(dp + 2, d, len_bytes);
199 	bzero(d, sizeof(d));
200 	return 0;
201 }
202 
203 #ifdef OPENSSL_HAS_ECC
204 int
205 sshbuf_put_ec(struct sshbuf *buf, const EC_POINT *v, const EC_GROUP *g)
206 {
207 	u_char d[SSHBUF_MAX_ECPOINT];
208 	BN_CTX *bn_ctx;
209 	size_t len;
210 	int ret;
211 
212 	if ((bn_ctx = BN_CTX_new()) == NULL)
213 		return SSH_ERR_ALLOC_FAIL;
214 	if ((len = EC_POINT_point2oct(g, v, POINT_CONVERSION_UNCOMPRESSED,
215 	    NULL, 0, bn_ctx)) > SSHBUF_MAX_ECPOINT) {
216 		BN_CTX_free(bn_ctx);
217 		return SSH_ERR_INVALID_ARGUMENT;
218 	}
219 	if (EC_POINT_point2oct(g, v, POINT_CONVERSION_UNCOMPRESSED,
220 	    d, len, bn_ctx) != len) {
221 		BN_CTX_free(bn_ctx);
222 		return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */
223 	}
224 	BN_CTX_free(bn_ctx);
225 	ret = sshbuf_put_string(buf, d, len);
226 	bzero(d, len);
227 	return ret;
228 }
229 
230 int
231 sshbuf_put_eckey(struct sshbuf *buf, const EC_KEY *v)
232 {
233 	return sshbuf_put_ec(buf, EC_KEY_get0_public_key(v),
234 	    EC_KEY_get0_group(v));
235 }
236 #endif /* OPENSSL_HAS_ECC */
237 
238