1 /* $OpenBSD: sshbuf-getput-crypto.c,v 1.10 2022/05/25 06:03:44 djm Exp $ */
3 * Copyright (c) 2011 Damien Miller
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 #define SSHBUF_INTERNAL
21 #include <sys/types.h>
27 #include <openssl/bn.h>
28 #ifdef OPENSSL_HAS_ECC
29 # include <openssl/ec.h>
30 #endif /* OPENSSL_HAS_ECC */
36 sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM **valp)
45 if ((r = sshbuf_get_bignum2_bytes_direct(buf, &d, &len)) != 0)
48 if ((v = BN_new()) == NULL ||
49 BN_bin2bn(d, len, v) == NULL) {
51 return SSH_ERR_ALLOC_FAIL;
58 #ifdef OPENSSL_HAS_ECC
60 get_ec(const u_char *d, size_t len, EC_POINT *v, const EC_GROUP *g)
62 /* Refuse overlong bignums */
63 if (len == 0 || len > SSHBUF_MAX_ECPOINT)
64 return SSH_ERR_ECPOINT_TOO_LARGE;
65 /* Only handle uncompressed points */
66 if (*d != POINT_CONVERSION_UNCOMPRESSED)
67 return SSH_ERR_INVALID_FORMAT;
68 if (v != NULL && EC_POINT_oct2point(g, v, d, len, NULL) != 1)
69 return SSH_ERR_INVALID_FORMAT; /* XXX assumption */
74 sshbuf_get_ec(struct sshbuf *buf, EC_POINT *v, const EC_GROUP *g)
80 if ((r = sshbuf_peek_string_direct(buf, &d, &len)) < 0)
82 if ((r = get_ec(d, len, v, g)) != 0)
85 if (sshbuf_get_string_direct(buf, NULL, NULL) != 0) {
86 /* Shouldn't happen */
87 SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR"));
89 return SSH_ERR_INTERNAL_ERROR;
95 sshbuf_get_eckey(struct sshbuf *buf, EC_KEY *v)
97 EC_POINT *pt = EC_POINT_new(EC_KEY_get0_group(v));
103 SSHBUF_DBG(("SSH_ERR_ALLOC_FAIL"));
104 return SSH_ERR_ALLOC_FAIL;
106 if ((r = sshbuf_peek_string_direct(buf, &d, &len)) < 0) {
110 if ((r = get_ec(d, len, pt, EC_KEY_get0_group(v))) != 0) {
114 if (EC_KEY_set_public_key(v, pt) != 1) {
116 return SSH_ERR_ALLOC_FAIL; /* XXX assumption */
120 if (sshbuf_get_string_direct(buf, NULL, NULL) != 0) {
121 /* Shouldn't happen */
122 SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR"));
124 return SSH_ERR_INTERNAL_ERROR;
128 #endif /* OPENSSL_HAS_ECC */
131 sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v)
133 u_char d[SSHBUF_MAX_BIGNUM + 1];
134 int len = BN_num_bytes(v), prepend = 0, r;
136 if (len < 0 || len > SSHBUF_MAX_BIGNUM)
137 return SSH_ERR_INVALID_ARGUMENT;
139 if (BN_bn2bin(v, d + 1) != len)
140 return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */
141 /* If MSB is set, prepend a \0 */
142 if (len > 0 && (d[1] & 0x80) != 0)
144 if ((r = sshbuf_put_string(buf, d + 1 - prepend, len + prepend)) < 0) {
145 explicit_bzero(d, sizeof(d));
148 explicit_bzero(d, sizeof(d));
152 #ifdef OPENSSL_HAS_ECC
154 sshbuf_put_ec(struct sshbuf *buf, const EC_POINT *v, const EC_GROUP *g)
156 u_char d[SSHBUF_MAX_ECPOINT];
160 if ((len = EC_POINT_point2oct(g, v, POINT_CONVERSION_UNCOMPRESSED,
161 NULL, 0, NULL)) > SSHBUF_MAX_ECPOINT) {
162 return SSH_ERR_INVALID_ARGUMENT;
164 if (EC_POINT_point2oct(g, v, POINT_CONVERSION_UNCOMPRESSED,
165 d, len, NULL) != len) {
166 return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */
168 ret = sshbuf_put_string(buf, d, len);
169 explicit_bzero(d, len);
174 sshbuf_put_eckey(struct sshbuf *buf, const EC_KEY *v)
176 return sshbuf_put_ec(buf, EC_KEY_get0_public_key(v),
177 EC_KEY_get0_group(v));
179 #endif /* OPENSSL_HAS_ECC */
180 #endif /* WITH_OPENSSL */