1 /* $OpenBSD: sshbuf-getput-crypto.c,v 1.2 2014/06/18 15:42:09 naddy Exp $ */ 2 /* 3 * Copyright (c) 2011 Damien Miller 4 * 5 * Permission to use, copy, modify, and distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 */ 17 18 #define SSHBUF_INTERNAL 19 #include "includes.h" 20 21 #include <sys/types.h> 22 #include <stdlib.h> 23 #include <stdio.h> 24 #include <string.h> 25 26 #include <openssl/bn.h> 27 #ifdef OPENSSL_HAS_ECC 28 # include <openssl/ec.h> 29 #endif /* OPENSSL_HAS_ECC */ 30 31 #include "ssherr.h" 32 #include "sshbuf.h" 33 34 int 35 sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM *v) 36 { 37 const u_char *d; 38 size_t len; 39 int r; 40 41 if ((r = sshbuf_peek_string_direct(buf, &d, &len)) < 0) 42 return r; 43 /* Refuse negative (MSB set) bignums */ 44 if ((len != 0 && (*d & 0x80) != 0)) 45 return SSH_ERR_BIGNUM_IS_NEGATIVE; 46 /* Refuse overlong bignums, allow prepended \0 to avoid MSB set */ 47 if (len > SSHBUF_MAX_BIGNUM + 1 || 48 (len == SSHBUF_MAX_BIGNUM + 1 && *d != 0)) 49 return SSH_ERR_BIGNUM_TOO_LARGE; 50 if (v != NULL && BN_bin2bn(d, len, v) == NULL) 51 return SSH_ERR_ALLOC_FAIL; 52 /* Consume the string */ 53 if (sshbuf_get_string_direct(buf, NULL, NULL) != 0) { 54 /* Shouldn't happen */ 55 SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR")); 56 SSHBUF_ABORT(); 57 return SSH_ERR_INTERNAL_ERROR; 58 } 59 return 0; 60 } 61 62 int 63 sshbuf_get_bignum1(struct sshbuf *buf, BIGNUM *v) 64 { 65 const u_char *d = sshbuf_ptr(buf); 66 u_int16_t len_bits; 67 size_t len_bytes; 68 69 /* Length in bits */ 70 if (sshbuf_len(buf) < 2) 71 return SSH_ERR_MESSAGE_INCOMPLETE; 72 len_bits = PEEK_U16(d); 73 len_bytes = (len_bits + 7) >> 3; 74 if (len_bytes > SSHBUF_MAX_BIGNUM) 75 return SSH_ERR_BIGNUM_TOO_LARGE; 76 if (sshbuf_len(buf) < 2 + len_bytes) 77 return SSH_ERR_MESSAGE_INCOMPLETE; 78 if (v != NULL && BN_bin2bn(d + 2, len_bytes, v) == NULL) 79 return SSH_ERR_ALLOC_FAIL; 80 if (sshbuf_consume(buf, 2 + len_bytes) != 0) { 81 SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR")); 82 SSHBUF_ABORT(); 83 return SSH_ERR_INTERNAL_ERROR; 84 } 85 return 0; 86 } 87 88 #ifdef OPENSSL_HAS_ECC 89 static int 90 get_ec(const u_char *d, size_t len, EC_POINT *v, const EC_GROUP *g) 91 { 92 /* Refuse overlong bignums */ 93 if (len == 0 || len > SSHBUF_MAX_ECPOINT) 94 return SSH_ERR_ECPOINT_TOO_LARGE; 95 /* Only handle uncompressed points */ 96 if (*d != POINT_CONVERSION_UNCOMPRESSED) 97 return SSH_ERR_INVALID_FORMAT; 98 if (v != NULL && EC_POINT_oct2point(g, v, d, len, NULL) != 1) 99 return SSH_ERR_INVALID_FORMAT; /* XXX assumption */ 100 return 0; 101 } 102 103 int 104 sshbuf_get_ec(struct sshbuf *buf, EC_POINT *v, const EC_GROUP *g) 105 { 106 const u_char *d; 107 size_t len; 108 int r; 109 110 if ((r = sshbuf_peek_string_direct(buf, &d, &len)) < 0) 111 return r; 112 if ((r = get_ec(d, len, v, g)) != 0) 113 return r; 114 /* Skip string */ 115 if (sshbuf_get_string_direct(buf, NULL, NULL) != 0) { 116 /* Shouldn't happen */ 117 SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR")); 118 SSHBUF_ABORT(); 119 return SSH_ERR_INTERNAL_ERROR; 120 } 121 return 0; 122 } 123 124 int 125 sshbuf_get_eckey(struct sshbuf *buf, EC_KEY *v) 126 { 127 EC_POINT *pt = EC_POINT_new(EC_KEY_get0_group(v)); 128 int r; 129 const u_char *d; 130 size_t len; 131 132 if (pt == NULL) { 133 SSHBUF_DBG(("SSH_ERR_ALLOC_FAIL")); 134 return SSH_ERR_ALLOC_FAIL; 135 } 136 if ((r = sshbuf_peek_string_direct(buf, &d, &len)) < 0) { 137 EC_POINT_free(pt); 138 return r; 139 } 140 if ((r = get_ec(d, len, pt, EC_KEY_get0_group(v))) != 0) { 141 EC_POINT_free(pt); 142 return r; 143 } 144 if (EC_KEY_set_public_key(v, pt) != 1) { 145 EC_POINT_free(pt); 146 return SSH_ERR_ALLOC_FAIL; /* XXX assumption */ 147 } 148 EC_POINT_free(pt); 149 /* Skip string */ 150 if (sshbuf_get_string_direct(buf, NULL, NULL) != 0) { 151 /* Shouldn't happen */ 152 SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR")); 153 SSHBUF_ABORT(); 154 return SSH_ERR_INTERNAL_ERROR; 155 } 156 return 0; 157 } 158 #endif /* OPENSSL_HAS_ECC */ 159 160 int 161 sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v) 162 { 163 u_char d[SSHBUF_MAX_BIGNUM + 1]; 164 int len = BN_num_bytes(v), prepend = 0, r; 165 166 if (len < 0 || len > SSHBUF_MAX_BIGNUM) 167 return SSH_ERR_INVALID_ARGUMENT; 168 *d = '\0'; 169 if (BN_bn2bin(v, d + 1) != len) 170 return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */ 171 /* If MSB is set, prepend a \0 */ 172 if (len > 0 && (d[1] & 0x80) != 0) 173 prepend = 1; 174 if ((r = sshbuf_put_string(buf, d + 1 - prepend, len + prepend)) < 0) { 175 bzero(d, sizeof(d)); 176 return r; 177 } 178 bzero(d, sizeof(d)); 179 return 0; 180 } 181 182 int 183 sshbuf_put_bignum1(struct sshbuf *buf, const BIGNUM *v) 184 { 185 int r, len_bits = BN_num_bits(v); 186 size_t len_bytes = (len_bits + 7) / 8; 187 u_char d[SSHBUF_MAX_BIGNUM], *dp; 188 189 if (len_bits < 0 || len_bytes > SSHBUF_MAX_BIGNUM) 190 return SSH_ERR_INVALID_ARGUMENT; 191 if (BN_bn2bin(v, d) != (int)len_bytes) 192 return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */ 193 if ((r = sshbuf_reserve(buf, len_bytes + 2, &dp)) < 0) { 194 bzero(d, sizeof(d)); 195 return r; 196 } 197 POKE_U16(dp, len_bits); 198 memcpy(dp + 2, d, len_bytes); 199 bzero(d, sizeof(d)); 200 return 0; 201 } 202 203 #ifdef OPENSSL_HAS_ECC 204 int 205 sshbuf_put_ec(struct sshbuf *buf, const EC_POINT *v, const EC_GROUP *g) 206 { 207 u_char d[SSHBUF_MAX_ECPOINT]; 208 BN_CTX *bn_ctx; 209 size_t len; 210 int ret; 211 212 if ((bn_ctx = BN_CTX_new()) == NULL) 213 return SSH_ERR_ALLOC_FAIL; 214 if ((len = EC_POINT_point2oct(g, v, POINT_CONVERSION_UNCOMPRESSED, 215 NULL, 0, bn_ctx)) > SSHBUF_MAX_ECPOINT) { 216 BN_CTX_free(bn_ctx); 217 return SSH_ERR_INVALID_ARGUMENT; 218 } 219 if (EC_POINT_point2oct(g, v, POINT_CONVERSION_UNCOMPRESSED, 220 d, len, bn_ctx) != len) { 221 BN_CTX_free(bn_ctx); 222 return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */ 223 } 224 BN_CTX_free(bn_ctx); 225 ret = sshbuf_put_string(buf, d, len); 226 bzero(d, len); 227 return ret; 228 } 229 230 int 231 sshbuf_put_eckey(struct sshbuf *buf, const EC_KEY *v) 232 { 233 return sshbuf_put_ec(buf, EC_KEY_get0_public_key(v), 234 EC_KEY_get0_group(v)); 235 } 236 #endif /* OPENSSL_HAS_ECC */ 237 238