1 /* $OpenBSD: sshbuf-getput-crypto.c,v 1.7 2019/01/21 09:54:11 djm Exp $ */
3 * Copyright (c) 2011 Damien Miller
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 #define SSHBUF_INTERNAL
21 #include <sys/types.h>
26 #include <openssl/bn.h>
27 #ifdef OPENSSL_HAS_ECC
28 # include <openssl/ec.h>
29 #endif /* OPENSSL_HAS_ECC */
35 sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM **valp)
44 if ((r = sshbuf_get_bignum2_bytes_direct(buf, &d, &len)) != 0)
47 if ((v = BN_new()) == NULL ||
48 BN_bin2bn(d, len, v) == NULL) {
50 return SSH_ERR_ALLOC_FAIL;
57 #ifdef OPENSSL_HAS_ECC
59 get_ec(const u_char *d, size_t len, EC_POINT *v, const EC_GROUP *g)
61 /* Refuse overlong bignums */
62 if (len == 0 || len > SSHBUF_MAX_ECPOINT)
63 return SSH_ERR_ECPOINT_TOO_LARGE;
64 /* Only handle uncompressed points */
65 if (*d != POINT_CONVERSION_UNCOMPRESSED)
66 return SSH_ERR_INVALID_FORMAT;
67 if (v != NULL && EC_POINT_oct2point(g, v, d, len, NULL) != 1)
68 return SSH_ERR_INVALID_FORMAT; /* XXX assumption */
73 sshbuf_get_ec(struct sshbuf *buf, EC_POINT *v, const EC_GROUP *g)
79 if ((r = sshbuf_peek_string_direct(buf, &d, &len)) < 0)
81 if ((r = get_ec(d, len, v, g)) != 0)
84 if (sshbuf_get_string_direct(buf, NULL, NULL) != 0) {
85 /* Shouldn't happen */
86 SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR"));
88 return SSH_ERR_INTERNAL_ERROR;
94 sshbuf_get_eckey(struct sshbuf *buf, EC_KEY *v)
96 EC_POINT *pt = EC_POINT_new(EC_KEY_get0_group(v));
102 SSHBUF_DBG(("SSH_ERR_ALLOC_FAIL"));
103 return SSH_ERR_ALLOC_FAIL;
105 if ((r = sshbuf_peek_string_direct(buf, &d, &len)) < 0) {
109 if ((r = get_ec(d, len, pt, EC_KEY_get0_group(v))) != 0) {
113 if (EC_KEY_set_public_key(v, pt) != 1) {
115 return SSH_ERR_ALLOC_FAIL; /* XXX assumption */
119 if (sshbuf_get_string_direct(buf, NULL, NULL) != 0) {
120 /* Shouldn't happen */
121 SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR"));
123 return SSH_ERR_INTERNAL_ERROR;
127 #endif /* OPENSSL_HAS_ECC */
130 sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v)
132 u_char d[SSHBUF_MAX_BIGNUM + 1];
133 int len = BN_num_bytes(v), prepend = 0, r;
135 if (len < 0 || len > SSHBUF_MAX_BIGNUM)
136 return SSH_ERR_INVALID_ARGUMENT;
138 if (BN_bn2bin(v, d + 1) != len)
139 return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */
140 /* If MSB is set, prepend a \0 */
141 if (len > 0 && (d[1] & 0x80) != 0)
143 if ((r = sshbuf_put_string(buf, d + 1 - prepend, len + prepend)) < 0) {
144 explicit_bzero(d, sizeof(d));
147 explicit_bzero(d, sizeof(d));
151 #ifdef OPENSSL_HAS_ECC
153 sshbuf_put_ec(struct sshbuf *buf, const EC_POINT *v, const EC_GROUP *g)
155 u_char d[SSHBUF_MAX_ECPOINT];
160 if ((bn_ctx = BN_CTX_new()) == NULL)
161 return SSH_ERR_ALLOC_FAIL;
162 if ((len = EC_POINT_point2oct(g, v, POINT_CONVERSION_UNCOMPRESSED,
163 NULL, 0, bn_ctx)) > SSHBUF_MAX_ECPOINT) {
165 return SSH_ERR_INVALID_ARGUMENT;
167 if (EC_POINT_point2oct(g, v, POINT_CONVERSION_UNCOMPRESSED,
168 d, len, bn_ctx) != len) {
170 return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */
173 ret = sshbuf_put_string(buf, d, len);
174 explicit_bzero(d, len);
179 sshbuf_put_eckey(struct sshbuf *buf, const EC_KEY *v)
181 return sshbuf_put_ec(buf, EC_KEY_get0_public_key(v),
182 EC_KEY_get0_group(v));
184 #endif /* OPENSSL_HAS_ECC */