Home | History | Annotate | Download | only in openssh 
      1 /* $OpenBSD: bufbn.c,v 1.6 2007/06/02 09:04:58 djm Exp $*/
      2 /*
      3  * Author: Tatu Ylonen <ylo (at) cs.hut.fi>
      4  * Copyright (c) 1995 Tatu Ylonen <ylo (at) cs.hut.fi>, Espoo, Finland
      5  *                    All rights reserved
      6  * Auxiliary functions for storing and retrieving various data types to/from
      7  * Buffers.
      8  *
      9  * As far as I am concerned, the code I have written for this software
     10  * can be used freely for any purpose.  Any derived versions of this
     11  * software must be clearly marked as such, and if the derived work is
     12  * incompatible with the protocol description in the RFC file, it must be
     13  * called by a name other than "ssh" or "Secure Shell".
     14  *
     15  *
     16  * SSH2 packet format added by Markus Friedl
     17  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
     18  *
     19  * Redistribution and use in source and binary forms, with or without
     20  * modification, are permitted provided that the following conditions
     21  * are met:
     22  * 1. Redistributions of source code must retain the above copyright
     23  *    notice, this list of conditions and the following disclaimer.
     24  * 2. Redistributions in binary form must reproduce the above copyright
     25  *    notice, this list of conditions and the following disclaimer in the
     26  *    documentation and/or other materials provided with the distribution.
     27  *
     28  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
     29  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
     30  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
     31  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
     32  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
     33  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
     34  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
     35  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
     36  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
     37  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     38  */
     39 
     40 #include "includes.h"
     41 
     42 #include <sys/types.h>
     43 
     44 #include <openssl/bn.h>
     45 
     46 #include <string.h>
     47 #include <stdarg.h>
     48 
     49 #include "xmalloc.h"
     50 #include "buffer.h"
     51 #include "log.h"
     52 #include "misc.h"
     53 
     54 /*
     55  * Stores an BIGNUM in the buffer with a 2-byte msb first bit count, followed
     56  * by (bits+7)/8 bytes of binary data, msb first.
     57  */
     58 int
     59 buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value)
     60 {
     61 	int bits = BN_num_bits(value);
     62 	int bin_size = (bits + 7) / 8;
     63 	u_char *buf = xmalloc(bin_size);
     64 	int oi;
     65 	char msg[2];
     66 
     67 	/* Get the value of in binary */
     68 	oi = BN_bn2bin(value, buf);
     69 	if (oi != bin_size) {
     70 		error("buffer_put_bignum_ret: BN_bn2bin() failed: oi %d != bin_size %d",
     71 		    oi, bin_size);
     72 		xfree(buf);
     73 		return (-1);
     74 	}
     75 
     76 	/* Store the number of bits in the buffer in two bytes, msb first. */
     77 	put_u16(msg, bits);
     78 	buffer_append(buffer, msg, 2);
     79 	/* Store the binary data. */
     80 	buffer_append(buffer, buf, oi);
     81 
     82 	memset(buf, 0, bin_size);
     83 	xfree(buf);
     84 
     85 	return (0);
     86 }
     87 
     88 void
     89 buffer_put_bignum(Buffer *buffer, const BIGNUM *value)
     90 {
     91 	if (buffer_put_bignum_ret(buffer, value) == -1)
     92 		fatal("buffer_put_bignum: buffer error");
     93 }
     94 
     95 /*
     96  * Retrieves a BIGNUM from the buffer.
     97  */
     98 int
     99 buffer_get_bignum_ret(Buffer *buffer, BIGNUM *value)
    100 {
    101 	u_int bits, bytes;
    102 	u_char buf[2], *bin;
    103 
    104 	/* Get the number of bits. */
    105 	if (buffer_get_ret(buffer, (char *) buf, 2) == -1) {
    106 		error("buffer_get_bignum_ret: invalid length");
    107 		return (-1);
    108 	}
    109 	bits = get_u16(buf);
    110 	/* Compute the number of binary bytes that follow. */
    111 	bytes = (bits + 7) / 8;
    112 	if (bytes > 8 * 1024) {
    113 		error("buffer_get_bignum_ret: cannot handle BN of size %d", bytes);
    114 		return (-1);
    115 	}
    116 	if (buffer_len(buffer) < bytes) {
    117 		error("buffer_get_bignum_ret: input buffer too small");
    118 		return (-1);
    119 	}
    120 	bin = buffer_ptr(buffer);
    121 	if (BN_bin2bn(bin, bytes, value) == NULL) {
    122 		error("buffer_get_bignum_ret: BN_bin2bn failed");
    123 		return (-1);
    124 	}
    125 	if (buffer_consume_ret(buffer, bytes) == -1) {
    126 		error("buffer_get_bignum_ret: buffer_consume failed");
    127 		return (-1);
    128 	}
    129 	return (0);
    130 }
    131 
    132 void
    133 buffer_get_bignum(Buffer *buffer, BIGNUM *value)
    134 {
    135 	if (buffer_get_bignum_ret(buffer, value) == -1)
    136 		fatal("buffer_get_bignum: buffer error");
    137 }
    138 
    139 /*
    140  * Stores a BIGNUM in the buffer in SSH2 format.
    141  */
    142 int
    143 buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value)
    144 {
    145 	u_int bytes;
    146 	u_char *buf;
    147 	int oi;
    148 	u_int hasnohigh = 0;
    149 
    150 	if (BN_is_zero(value)) {
    151 		buffer_put_int(buffer, 0);
    152 		return 0;
    153 	}
    154 	if (value->neg) {
    155 		error("buffer_put_bignum2_ret: negative numbers not supported");
    156 		return (-1);
    157 	}
    158 	bytes = BN_num_bytes(value) + 1; /* extra padding byte */
    159 	if (bytes < 2) {
    160 		error("buffer_put_bignum2_ret: BN too small");
    161 		return (-1);
    162 	}
    163 	buf = xmalloc(bytes);
    164 	buf[0] = 0x00;
    165 	/* Get the value of in binary */
    166 	oi = BN_bn2bin(value, buf+1);
    167 	if (oi < 0 || (u_int)oi != bytes - 1) {
    168 		error("buffer_put_bignum2_ret: BN_bn2bin() failed: "
    169 		    "oi %d != bin_size %d", oi, bytes);
    170 		xfree(buf);
    171 		return (-1);
    172 	}
    173 	hasnohigh = (buf[1] & 0x80) ? 0 : 1;
    174 	buffer_put_string(buffer, buf+hasnohigh, bytes-hasnohigh);
    175 	memset(buf, 0, bytes);
    176 	xfree(buf);
    177 	return (0);
    178 }
    179 
    180 void
    181 buffer_put_bignum2(Buffer *buffer, const BIGNUM *value)
    182 {
    183 	if (buffer_put_bignum2_ret(buffer, value) == -1)
    184 		fatal("buffer_put_bignum2: buffer error");
    185 }
    186 
    187 int
    188 buffer_get_bignum2_ret(Buffer *buffer, BIGNUM *value)
    189 {
    190 	u_int len;
    191 	u_char *bin;
    192 
    193 	if ((bin = buffer_get_string_ret(buffer, &len)) == NULL) {
    194 		error("buffer_get_bignum2_ret: invalid bignum");
    195 		return (-1);
    196 	}
    197 
    198 	if (len > 0 && (bin[0] & 0x80)) {
    199 		error("buffer_get_bignum2_ret: negative numbers not supported");
    200 		xfree(bin);
    201 		return (-1);
    202 	}
    203 	if (len > 8 * 1024) {
    204 		error("buffer_get_bignum2_ret: cannot handle BN of size %d",
    205 		    len);
    206 		xfree(bin);
    207 		return (-1);
    208 	}
    209 	if (BN_bin2bn(bin, len, value) == NULL) {
    210 		error("buffer_get_bignum2_ret: BN_bin2bn failed");
    211 		xfree(bin);
    212 		return (-1);
    213 	}
    214 	xfree(bin);
    215 	return (0);
    216 }
    217 
    218 void
    219 buffer_get_bignum2(Buffer *buffer, BIGNUM *value)
    220 {
    221 	if (buffer_get_bignum2_ret(buffer, value) == -1)
    222 		fatal("buffer_get_bignum2: buffer error");
    223 }
    224