OpenVAS Scanner  22.7.9
nasl_crypto2.h File Reference
#include "nasl_lex_ctxt.h"
Include dependency graph for nasl_crypto2.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

tree_cellnasl_bn_random (lex_ctxt *)
 
tree_cellnasl_dh_generate_key (lex_ctxt *)
 
tree_cellnasl_bn_cmp (lex_ctxt *)
 
tree_cellnasl_dh_compute_key (lex_ctxt *)
 
tree_cellnasl_rsa_public_encrypt (lex_ctxt *)
 
tree_cellnasl_rsa_private_decrypt (lex_ctxt *)
 
tree_cellnasl_open_rc4_cipher (lex_ctxt *)
 Nasl function to open RC4 cipher to encrypt a stream of data. The handler can be used to encrypt stream data. Open cipher must be close with close_stream_cipher() when it is not useful anymore. More...
 
tree_cellnasl_close_stream_cipher (lex_ctxt *)
 Nasl function to delete a cipher item from the cipher table. More...
 
tree_cellnasl_rsa_public_decrypt (lex_ctxt *)
 
tree_cellnasl_bf_cbc_encrypt (lex_ctxt *)
 
tree_cellnasl_bf_cbc_decrypt (lex_ctxt *)
 
tree_cellnasl_dsa_do_verify (lex_ctxt *lexic)
 
tree_cellnasl_pem_to_rsa (lex_ctxt *lexic)
 
tree_cellnasl_pem_to_dsa (lex_ctxt *lexic)
 
tree_cellnasl_rsa_sign (lex_ctxt *lexic)
 
tree_cellnasl_dsa_do_sign (lex_ctxt *lexic)
 
tree_cellnasl_rc4_encrypt (lex_ctxt *lexic)
 Nasl function to encrypt data with a RC4 cipher. If an hd param exist in the lexix context, it will use this handler to encrypt the data as part of a stream data. e.g.: rc4_encrypt(data: data, hd: hd) More...
 
tree_cellnasl_aes128_cbc_encrypt (lex_ctxt *lexic)
 
tree_cellnasl_aes_mac_cbc (lex_ctxt *lexic)
 
tree_cellnasl_aes_mac_gcm (lex_ctxt *lexic)
 
tree_cellnasl_aes256_cbc_encrypt (lex_ctxt *lexic)
 
tree_cellnasl_aes128_ctr_encrypt (lex_ctxt *lexic)
 
tree_cellnasl_aes256_ctr_encrypt (lex_ctxt *lexic)
 
tree_cellnasl_des_ede_cbc_encrypt (lex_ctxt *lexic)
 
tree_cellnasl_aes128_gcm_encrypt (lex_ctxt *lexic)
 
tree_cellnasl_aes128_gcm_encrypt_auth (lex_ctxt *lexic)
 
tree_cellnasl_aes128_gcm_decrypt (lex_ctxt *lexic)
 
tree_cellnasl_aes128_gcm_decrypt_auth (lex_ctxt *lexic)
 
tree_cellnasl_aes256_gcm_encrypt (lex_ctxt *lexic)
 
tree_cellnasl_aes256_gcm_encrypt_auth (lex_ctxt *lexic)
 
tree_cellnasl_aes256_gcm_decrypt (lex_ctxt *lexic)
 
tree_cellnasl_aes256_gcm_decrypt_auth (lex_ctxt *lexic)
 
tree_cellnasl_aes128_ccm_encrypt (lex_ctxt *lexic)
 
tree_cellnasl_aes128_ccm_encrypt_auth (lex_ctxt *lexic)
 
tree_cellnasl_aes128_ccm_decrypt (lex_ctxt *lexic)
 
tree_cellnasl_aes128_ccm_decrypt_auth (lex_ctxt *lexic)
 
tree_cellnasl_aes256_ccm_encrypt (lex_ctxt *lexic)
 
tree_cellnasl_aes256_ccm_encrypt_auth (lex_ctxt *lexic)
 
tree_cellnasl_aes256_ccm_decrypt (lex_ctxt *lexic)
 
tree_cellnasl_aes256_ccm_decrypt_auth (lex_ctxt *lexic)
 
tree_cellnasl_smb3kdf (lex_ctxt *lexic)
 Add the SMB3KDF as specified in [SP800-108] section 5.1. More...
 
int generate_script_signature (char *)
 

Function Documentation

◆ generate_script_signature()

int generate_script_signature ( char *  )

◆ nasl_aes128_cbc_encrypt()

tree_cell* nasl_aes128_cbc_encrypt ( lex_ctxt lexic)

Definition at line 1962 of file nasl_crypto2.c.

1963 {
1964  return crypt_data (lexic, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CBC,
1965  NASL_ENCRYPT);
1966 }

References crypt_data(), and NASL_ENCRYPT.

Here is the call graph for this function:

◆ nasl_aes128_ccm_decrypt()

tree_cell* nasl_aes128_ccm_decrypt ( lex_ctxt lexic)

Definition at line 2064 of file nasl_crypto2.c.

2065 {
2066  return crypt_data (lexic, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CCM,
2067  NASL_DECRYPT);
2068 }

References crypt_data(), and NASL_DECRYPT.

Here is the call graph for this function:

◆ nasl_aes128_ccm_decrypt_auth()

tree_cell* nasl_aes128_ccm_decrypt_auth ( lex_ctxt lexic)

Definition at line 2071 of file nasl_crypto2.c.

2072 {
2073  return crypt_data (lexic, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CCM,
2075 }

References crypt_data(), NASL_AAD, and NASL_DECRYPT.

Here is the call graph for this function:

◆ nasl_aes128_ccm_encrypt()

tree_cell* nasl_aes128_ccm_encrypt ( lex_ctxt lexic)

Definition at line 2051 of file nasl_crypto2.c.

2052 {
2053  return crypt_data (lexic, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CCM,
2054  NASL_ENCRYPT);
2055 }

References crypt_data(), and NASL_ENCRYPT.

Here is the call graph for this function:

◆ nasl_aes128_ccm_encrypt_auth()

tree_cell* nasl_aes128_ccm_encrypt_auth ( lex_ctxt lexic)

Definition at line 2058 of file nasl_crypto2.c.

2059 {
2060  return crypt_data (lexic, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CCM, NASL_AAD);
2061 }

References crypt_data(), and NASL_AAD.

Here is the call graph for this function:

◆ nasl_aes128_ctr_encrypt()

tree_cell* nasl_aes128_ctr_encrypt ( lex_ctxt lexic)

Definition at line 1976 of file nasl_crypto2.c.

1977 {
1978  return crypt_data (lexic, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR,
1979  NASL_ENCRYPT);
1980 }

References crypt_data(), and NASL_ENCRYPT.

Here is the call graph for this function:

◆ nasl_aes128_gcm_decrypt()

tree_cell* nasl_aes128_gcm_decrypt ( lex_ctxt lexic)

Definition at line 2010 of file nasl_crypto2.c.

2011 {
2012  return crypt_data (lexic, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_GCM,
2013  NASL_DECRYPT);
2014 }

References crypt_data(), and NASL_DECRYPT.

Here is the call graph for this function:

◆ nasl_aes128_gcm_decrypt_auth()

tree_cell* nasl_aes128_gcm_decrypt_auth ( lex_ctxt lexic)

Definition at line 2017 of file nasl_crypto2.c.

2018 {
2019  return crypt_data (lexic, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_GCM,
2021 }

References crypt_data(), NASL_AAD, and NASL_DECRYPT.

Here is the call graph for this function:

◆ nasl_aes128_gcm_encrypt()

tree_cell* nasl_aes128_gcm_encrypt ( lex_ctxt lexic)

Definition at line 1997 of file nasl_crypto2.c.

1998 {
1999  return crypt_data (lexic, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_GCM,
2000  NASL_ENCRYPT);
2001 }

References crypt_data(), and NASL_ENCRYPT.

Here is the call graph for this function:

◆ nasl_aes128_gcm_encrypt_auth()

tree_cell* nasl_aes128_gcm_encrypt_auth ( lex_ctxt lexic)

Definition at line 2004 of file nasl_crypto2.c.

2005 {
2006  return crypt_data (lexic, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_GCM, NASL_AAD);
2007 }

References crypt_data(), and NASL_AAD.

Here is the call graph for this function:

◆ nasl_aes256_cbc_encrypt()

tree_cell* nasl_aes256_cbc_encrypt ( lex_ctxt lexic)

Definition at line 1969 of file nasl_crypto2.c.

1970 {
1971  return crypt_data (lexic, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC,
1972  NASL_ENCRYPT);
1973 }

References crypt_data(), and NASL_ENCRYPT.

Here is the call graph for this function:

◆ nasl_aes256_ccm_decrypt()

tree_cell* nasl_aes256_ccm_decrypt ( lex_ctxt lexic)

Definition at line 2091 of file nasl_crypto2.c.

2092 {
2093  return crypt_data (lexic, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CCM,
2094  NASL_DECRYPT);
2095 }

References crypt_data(), and NASL_DECRYPT.

Here is the call graph for this function:

◆ nasl_aes256_ccm_decrypt_auth()

tree_cell* nasl_aes256_ccm_decrypt_auth ( lex_ctxt lexic)

Definition at line 2098 of file nasl_crypto2.c.

2099 {
2100  return crypt_data (lexic, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CCM,
2102 }

References crypt_data(), NASL_AAD, and NASL_DECRYPT.

Here is the call graph for this function:

◆ nasl_aes256_ccm_encrypt()

tree_cell* nasl_aes256_ccm_encrypt ( lex_ctxt lexic)

Definition at line 2078 of file nasl_crypto2.c.

2079 {
2080  return crypt_data (lexic, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CCM,
2081  NASL_ENCRYPT);
2082 }

References crypt_data(), and NASL_ENCRYPT.

Here is the call graph for this function:

◆ nasl_aes256_ccm_encrypt_auth()

tree_cell* nasl_aes256_ccm_encrypt_auth ( lex_ctxt lexic)

Definition at line 2085 of file nasl_crypto2.c.

2086 {
2087  return crypt_data (lexic, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CCM, NASL_AAD);
2088 }

References crypt_data(), and NASL_AAD.

Here is the call graph for this function:

◆ nasl_aes256_ctr_encrypt()

tree_cell* nasl_aes256_ctr_encrypt ( lex_ctxt lexic)

Definition at line 1983 of file nasl_crypto2.c.

1984 {
1985  return crypt_data (lexic, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CTR,
1986  NASL_ENCRYPT);
1987 }

References crypt_data(), and NASL_ENCRYPT.

Here is the call graph for this function:

◆ nasl_aes256_gcm_decrypt()

tree_cell* nasl_aes256_gcm_decrypt ( lex_ctxt lexic)

Definition at line 2037 of file nasl_crypto2.c.

2038 {
2039  return crypt_data (lexic, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_GCM,
2040  NASL_DECRYPT);
2041 }

References crypt_data(), and NASL_DECRYPT.

Here is the call graph for this function:

◆ nasl_aes256_gcm_decrypt_auth()

tree_cell* nasl_aes256_gcm_decrypt_auth ( lex_ctxt lexic)

Definition at line 2044 of file nasl_crypto2.c.

2045 {
2046  return crypt_data (lexic, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_GCM,
2048 }

References crypt_data(), NASL_AAD, and NASL_DECRYPT.

Here is the call graph for this function:

◆ nasl_aes256_gcm_encrypt()

tree_cell* nasl_aes256_gcm_encrypt ( lex_ctxt lexic)

Definition at line 2024 of file nasl_crypto2.c.

2025 {
2026  return crypt_data (lexic, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_GCM,
2027  NASL_ENCRYPT);
2028 }

References crypt_data(), and NASL_ENCRYPT.

Here is the call graph for this function:

◆ nasl_aes256_gcm_encrypt_auth()

tree_cell* nasl_aes256_gcm_encrypt_auth ( lex_ctxt lexic)

Definition at line 2031 of file nasl_crypto2.c.

2032 {
2033  return crypt_data (lexic, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_GCM, NASL_AAD);
2034 }

References crypt_data(), and NASL_AAD.

Here is the call graph for this function:

◆ nasl_aes_mac_cbc()

tree_cell* nasl_aes_mac_cbc ( lex_ctxt lexic)

Definition at line 1730 of file nasl_crypto2.c.

1731 {
1732  return nasl_mac (lexic, GCRY_MAC_CMAC_AES, GCRY_MAC_FLAG_SECURE);
1733 }

References nasl_mac().

Here is the call graph for this function:

◆ nasl_aes_mac_gcm()

tree_cell* nasl_aes_mac_gcm ( lex_ctxt lexic)

Definition at line 1736 of file nasl_crypto2.c.

1737 {
1738  return nasl_mac (lexic, GCRY_MAC_GMAC_AES, GCRY_MAC_FLAG_SECURE);
1739 }

References nasl_mac().

Here is the call graph for this function:

◆ nasl_bf_cbc_decrypt()

tree_cell* nasl_bf_cbc_decrypt ( lex_ctxt lexic)

nasl function

bf_cbc_decrypt(key:key, iv:iv, data:data)

Decrypt the cipher text data using the blowfish algorithm in CBC mode with the key key and the initialization vector iv. The key must be 16 bytes long. The iv must be at least 8 bytes long. data must be a multiple of 8 bytes long.

The return value is an array a with a[0] being the plaintext data and a[1] the new initialization vector to use for the next part of the data.

Definition at line 1514 of file nasl_crypto2.c.

1515 {
1516  return nasl_bf_cbc (lexic, 0);
1517 }

References nasl_bf_cbc().

Here is the call graph for this function:

◆ nasl_bf_cbc_encrypt()

tree_cell* nasl_bf_cbc_encrypt ( lex_ctxt lexic)

nasl function

bf_cbc_encrypt(key:key, iv:iv, data:data)

Encrypt the plaintext data using the blowfish algorithm in CBC mode with the key key and the initialization vector iv. The key must be 16 bytes long. The iv must be at least 8 bytes long. data must be a multiple of 8 bytes long.

The return value is an array a with a[0] being the encrypted data and a[1] the new initialization vector to use for the next part of the data.

Definition at line 1494 of file nasl_crypto2.c.

1495 {
1496  return nasl_bf_cbc (lexic, 1);
1497 }

References nasl_bf_cbc().

Here is the call graph for this function:

◆ nasl_bn_cmp()

tree_cell* nasl_bn_cmp ( lex_ctxt lexic)

nasl function

bn_cmp(key1:MPI1, key2:MPI2)

Compares the MPIs key1 and key2 (given as binary strings). Returns -1 if key1 < key2, 0 if key1 == key2 and +1 if key1 > key2.

Definition at line 281 of file nasl_crypto2.c.

282 {
283  tree_cell *retc = NULL;
284  gcry_mpi_t key1 = NULL, key2 = NULL;
285 
286  retc = g_malloc0 (sizeof (tree_cell));
287  retc->ref_count = 1;
288  retc->type = CONST_INT;
289  retc->x.i_val = 1;
290 
291  if (mpi_from_named_parameter (lexic, &key1, "key1", "nasl_bn_cmp") < 0)
292  goto fail;
293  if (mpi_from_named_parameter (lexic, &key2, "key2", "nasl_bn_cmp") < 0)
294  goto fail;
295 
296  retc->x.i_val = gcry_mpi_cmp (key1, key2);
297 
298  /* make sure the return value is one of -1, 0, +1 */
299  if (retc->x.i_val > 0)
300  retc->x.i_val = 1;
301  if (retc->x.i_val < 0)
302  retc->x.i_val = -1;
303 
304 fail:
305  gcry_mpi_release (key1);
306  gcry_mpi_release (key2);
307  return retc;
308 }

References CONST_INT, TC::i_val, mpi_from_named_parameter(), TC::ref_count, TC::type, and TC::x.

Here is the call graph for this function:

◆ nasl_bn_random()

tree_cell* nasl_bn_random ( lex_ctxt lexic)

nasl function

bn_random(need:numBits)

Returns
An MPI as a string with need bits of random data.

Definition at line 318 of file nasl_crypto2.c.

319 {
320  tree_cell *retc = NULL;
321  gcry_mpi_t key = NULL;
322  long need;
323 
324  retc = alloc_typed_cell (CONST_DATA);
325 
326  /* number of random bits */
327  need = get_int_var_by_name (lexic, "need", 0);
328 
329  key = gcry_mpi_new (0);
330  if (!key)
331  goto fail;
332 
333  gcry_mpi_randomize (key, need, GCRY_STRONG_RANDOM);
334 
335  if (set_mpi_retc (retc, key) >= 0)
336  goto ret;
337 
338 fail:
339  retc->size = 0;
340  retc->x.str_val = g_malloc0 (1);
341 ret:
342  gcry_mpi_release (key);
343  return retc;
344 }

References alloc_typed_cell(), CONST_DATA, get_int_var_by_name(), set_mpi_retc(), TC::size, TC::str_val, and TC::x.

Here is the call graph for this function:

◆ nasl_close_stream_cipher()

tree_cell* nasl_close_stream_cipher ( lex_ctxt lexic)

Nasl function to delete a cipher item from the cipher table.

Parameters
[in]cipher_idThe cipher id to close
Returns
Returns zero on success. Otherwise NULL.

Definition at line 1675 of file nasl_crypto2.c.

1676 {
1677  tree_cell *retc;
1678  int cipher_id;
1679  gcry_cipher_hd_t hd;
1680 
1681  cipher_id = get_int_var_by_name (lexic, "hd", 0);
1682 
1683  hd = verify_cipher_id (lexic, cipher_id);
1684  if (hd == NULL)
1685  return NULL;
1686 
1687  delete_cipher_item (cipher_id);
1688  retc = alloc_typed_cell (CONST_INT);
1689  retc->x.i_val = 0;
1690  return retc;
1691 }

References alloc_typed_cell(), CONST_INT, delete_cipher_item(), get_int_var_by_name(), cipher_table_item::hd, TC::i_val, verify_cipher_id(), and TC::x.

Here is the call graph for this function:

◆ nasl_des_ede_cbc_encrypt()

tree_cell* nasl_des_ede_cbc_encrypt ( lex_ctxt lexic)

Definition at line 1990 of file nasl_crypto2.c.

1991 {
1992  return crypt_data (lexic, GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC,
1993  NASL_ENCRYPT);
1994 }

References crypt_data(), and NASL_ENCRYPT.

Here is the call graph for this function:

◆ nasl_dh_compute_key()

tree_cell* nasl_dh_compute_key ( lex_ctxt lexic)

nasl function

dh_compute_key(p:mpi_p, g:mpi_g, dh_server_pub:mpi_server_pub, pub_key:mpi_client_pub, priv_key:mpi_client_priv)

Computes the Diffie-Hellman shared secret key from the shared parameters p and g, the server's public key dh_server_pub and the client's public and private keys pub_key an priv_key. The return value is the shared secret key as an MPI.

Definition at line 615 of file nasl_crypto2.c.

616 {
617  tree_cell *retc = NULL;
618  gcry_mpi_t p = NULL, g = NULL, dh_server_pub = NULL;
619  gcry_mpi_t pub_key = NULL, priv_key = NULL;
620  gcry_mpi_t shared = NULL;
621 
622  retc = alloc_typed_cell (CONST_DATA);
623 
624  if (mpi_from_named_parameter (lexic, &p, "p", "nasl_dh_compute_key") < 0)
625  goto fail;
626  if (mpi_from_named_parameter (lexic, &g, "g", "nasl_dh_compute_key") < 0)
627  goto fail;
628  if (mpi_from_named_parameter (lexic, &dh_server_pub, "dh_server_pub",
629  "nasl_dh_compute_key")
630  < 0)
631  goto fail;
632  if (mpi_from_named_parameter (lexic, &pub_key, "pub_key",
633  "nasl_dh_compute_key")
634  < 0)
635  goto fail;
636  if (mpi_from_named_parameter (lexic, &priv_key, "priv_key",
637  "nasl_dh_compute_key")
638  < 0)
639  goto fail;
640 
641  shared = calc_dh_key (dh_server_pub, p, priv_key);
642 
643  if (set_mpi_retc (retc, shared) >= 0)
644  goto ret;
645 
646 fail:
647  retc->size = 0;
648  retc->x.str_val = g_malloc0 (1);
649 ret:
650  gcry_mpi_release (p);
651  gcry_mpi_release (g);
652  gcry_mpi_release (dh_server_pub);
653  gcry_mpi_release (priv_key);
654  gcry_mpi_release (pub_key);
655  gcry_mpi_release (shared);
656  return retc;
657 }

References alloc_typed_cell(), calc_dh_key(), CONST_DATA, mpi_from_named_parameter(), set_mpi_retc(), TC::size, TC::str_val, and TC::x.

Here is the call graph for this function:

◆ nasl_dh_generate_key()

tree_cell* nasl_dh_generate_key ( lex_ctxt lexic)

nasl function

dh_generate_key(p:mpi_p, g:mpi_g, priv:mpi_priv)

Generates a Diffie-Hellman public key from the shared parameters p and g and the private parameter priv. The return value is the public key as an MPI.

Definition at line 570 of file nasl_crypto2.c.

571 {
572  tree_cell *retc = NULL;
573  gcry_mpi_t p = NULL, g = NULL, priv = NULL, pub_mpi = NULL;
574 
575  retc = alloc_typed_cell (CONST_DATA);
576 
577  if (mpi_from_named_parameter (lexic, &p, "p", "nasl_dh_generate_key") < 0)
578  goto fail;
579  if (mpi_from_named_parameter (lexic, &g, "g", "nasl_dh_generate_key") < 0)
580  goto fail;
581  if (mpi_from_named_parameter (lexic, &priv, "priv", "nasl_dh_generate_key")
582  < 0)
583  goto fail;
584 
585  pub_mpi = calc_dh_public (g, p, priv);
586  if (pub_mpi == NULL)
587  goto fail;
588 
589  if (set_mpi_retc (retc, pub_mpi) >= 0)
590  goto ret;
591 
592 fail:
593  retc->x.str_val = g_malloc0 (1);
594  retc->size = 0;
595 ret:
596  gcry_mpi_release (p);
597  gcry_mpi_release (g);
598  gcry_mpi_release (priv);
599  gcry_mpi_release (pub_mpi);
600  return retc;
601 }

References alloc_typed_cell(), calc_dh_public(), CONST_DATA, mpi_from_named_parameter(), set_mpi_retc(), TC::size, TC::str_val, and TC::x.

Here is the call graph for this function:

◆ nasl_dsa_do_sign()

tree_cell* nasl_dsa_do_sign ( lex_ctxt lexic)

nasl function

dsa_do_sign(p:mpi_p, g:mpi_g, q:mpi_q, pub:mpi_pub, priv:mpi_priv, data:hash)

Computes the DSA signature of the hash in data using the private DSA key given by p, g, q, pub and priv. The return value is a 40 byte string encoding the two MPIs r and s of the DSA signature. The first 20 bytes are the value of r and the last 20 bytes are the value of s.

Definition at line 1247 of file nasl_crypto2.c.

1248 {
1249  tree_cell *retc = NULL;
1250  gcry_mpi_t p = NULL, g = NULL, q = NULL, pub = NULL, priv = NULL, data = NULL;
1251  gcry_mpi_t r = NULL, s = NULL;
1252  gcry_sexp_t ssig = NULL, skey = NULL, sdata = NULL;
1253  long rlen, slen;
1254  unsigned char *sigblob = NULL;
1255  gcry_error_t err;
1256 
1257  retc = g_malloc0 (sizeof (tree_cell));
1258  retc->ref_count = 1;
1259  retc->type = CONST_DATA;
1260  retc->x.i_val = 0;
1261 
1262  if (mpi_from_named_parameter (lexic, &p, "p", "nasl_dsa_do_sign") < 0)
1263  goto fail;
1264  if (mpi_from_named_parameter (lexic, &g, "g", "nasl_dsa_do_sign") < 0)
1265  goto fail;
1266  if (mpi_from_named_parameter (lexic, &q, "q", "nasl_dsa_do_sign") < 0)
1267  goto fail;
1268  if (mpi_from_named_parameter (lexic, &pub, "pub", "nasl_dsa_do_sign") < 0)
1269  goto fail;
1270  if (mpi_from_named_parameter (lexic, &priv, "priv", "nasl_dsa_do_sign") < 0)
1271  goto fail;
1272  if (mpi_from_named_parameter (lexic, &data, "data", "nasl_dsa_do_sign") < 0)
1273  goto fail;
1274 
1275  err = gcry_sexp_build (&sdata, NULL, "(data (flags raw) (value %m))", data);
1276  if (err)
1277  {
1278  print_gcrypt_error (lexic, "gcry_sexp_build for data", err);
1279  goto fail;
1280  }
1281 
1282  err = gcry_sexp_build (
1283  &skey, NULL, "(private-key (dsa (p %m) (q %m) (g %m) (y %m) (x %m)))", p, q,
1284  g, pub, priv);
1285  if (err)
1286  {
1287  print_gcrypt_error (lexic, "gcry_sexp_build for private-key", err);
1288  goto fail;
1289  }
1290 
1291  err = gcry_pk_sign (&ssig, sdata, skey);
1292  if (err)
1293  {
1294  print_gcrypt_error (lexic, "gcry_pk_sign", err);
1295  goto fail;
1296  }
1297 
1298  r = extract_mpi_from_sexp (ssig, "r");
1299  s = extract_mpi_from_sexp (ssig, "s");
1300  if (!r || !s)
1301  goto fail;
1302 
1303  rlen = (gcry_mpi_get_nbits (r) + 7) / 8;
1304  slen = (gcry_mpi_get_nbits (s) + 7) / 8;
1305  if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN)
1306  {
1307  nasl_perror (lexic, "rlen (%d) or slen (%d) > INTBLOB_LEN (%d)\n", rlen,
1308  slen, INTBLOB_LEN);
1309  goto fail;
1310  }
1311 
1312  sigblob = g_malloc0 (SIGBLOB_LEN);
1313  memset (sigblob, 0, SIGBLOB_LEN);
1314 
1315  err = gcry_mpi_print (
1316  GCRYMPI_FMT_USG,
1317  (unsigned char *) (sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen), rlen, NULL,
1318  r);
1319  if (err)
1320  {
1321  print_gcrypt_error (lexic, "gcry_mpi_print(r)", err);
1322  goto fail;
1323  }
1324  err = gcry_mpi_print (GCRYMPI_FMT_USG,
1325  (unsigned char *) (sigblob + SIGBLOB_LEN - slen), rlen,
1326  NULL, s);
1327  if (err)
1328  {
1329  print_gcrypt_error (lexic, "gcry_mpi_print(s)", err);
1330  goto fail;
1331  }
1332 
1333  retc->x.str_val = (char *) sigblob;
1334  sigblob = NULL;
1335  retc->size = SIGBLOB_LEN;
1336 
1337 fail:
1338  gcry_mpi_release (p);
1339  gcry_mpi_release (g);
1340  gcry_mpi_release (q);
1341  gcry_mpi_release (pub);
1342  gcry_mpi_release (priv);
1343  gcry_mpi_release (data);
1344  gcry_mpi_release (r);
1345  gcry_mpi_release (s);
1346  gcry_sexp_release (ssig);
1347  gcry_sexp_release (skey);
1348  gcry_sexp_release (sdata);
1349  g_free (sigblob);
1350 
1351  return retc;
1352 }

References CONST_DATA, extract_mpi_from_sexp(), TC::i_val, INTBLOB_LEN, mpi_from_named_parameter(), nasl_perror(), print_gcrypt_error(), TC::ref_count, SIGBLOB_LEN, TC::size, TC::str_val, TC::type, and TC::x.

Here is the call graph for this function:

◆ nasl_dsa_do_verify()

tree_cell* nasl_dsa_do_verify ( lex_ctxt lexic)

nasl function

dsa_do_verify(p:mpi_p, g:mpi_g, q:mpi_q, pub:mpi_pub, r:mpi_r, s:mpi_s, data:hash)

Verify that the DSA signature given by r and s matches the hash given in data using the public DSA key given by p, g, q and pub. Returns 1 if the signature is valid and 0 if it's invalid.

Definition at line 1158 of file nasl_crypto2.c.

1159 {
1160  tree_cell *retc = NULL;
1161  gcry_mpi_t p = NULL, g = NULL, q = NULL, pub = NULL, data = NULL;
1162  gcry_mpi_t r = NULL, s = NULL;
1163  gcry_sexp_t ssig = NULL, skey = NULL, sdata = NULL;
1164  gcry_error_t err;
1165 
1166  retc = g_malloc0 (sizeof (tree_cell));
1167  retc->ref_count = 1;
1168  retc->type = CONST_INT;
1169  retc->x.i_val = 0;
1170 
1171  if (mpi_from_named_parameter (lexic, &p, "p", "nasl_dsa_do_sign") < 0)
1172  goto fail;
1173  if (mpi_from_named_parameter (lexic, &g, "g", "nasl_dsa_do_sign") < 0)
1174  goto fail;
1175  if (mpi_from_named_parameter (lexic, &q, "q", "nasl_dsa_do_sign") < 0)
1176  goto fail;
1177  if (mpi_from_named_parameter (lexic, &pub, "pub", "nasl_dsa_do_sign") < 0)
1178  goto fail;
1179  if (mpi_from_named_parameter (lexic, &r, "r", "nasl_dsa_do_sign") < 0)
1180  goto fail;
1181  if (mpi_from_named_parameter (lexic, &s, "s", "nasl_dsa_do_sign") < 0)
1182  goto fail;
1183  if (mpi_from_named_parameter (lexic, &data, "data", "nasl_dsa_do_sign") < 0)
1184  goto fail;
1185 
1186  err = gcry_sexp_build (&sdata, NULL, "(data (flags raw) (value %m))", data);
1187  if (err)
1188  {
1189  print_gcrypt_error (lexic, "gcry_sexp_build for data", err);
1190  goto fail;
1191  }
1192 
1193  err = gcry_sexp_build (&skey, NULL,
1194  "(public-key (dsa (p %m) (q %m) (g %m) (y %m)))", p, q,
1195  g, pub);
1196  if (err)
1197  {
1198  print_gcrypt_error (lexic, "gcry_sexp_build for private key", err);
1199  goto fail;
1200  }
1201 
1202  err = gcry_sexp_build (&ssig, NULL, "(sig-val (dsa (r %m) (s %m)))", r, s);
1203  if (err)
1204  {
1205  print_gcrypt_error (lexic, "gcry_sexp_build for signature", err);
1206  goto fail;
1207  }
1208 
1209  err = gcry_pk_verify (ssig, sdata, skey);
1210  if (err == 0)
1211  retc->x.i_val = 1;
1212  else if (gcry_err_code (err) == GPG_ERR_BAD_SIGNATURE)
1213  retc->x.i_val = 0;
1214  else
1215  {
1216  print_gcrypt_error (lexic, "gcry_pk_sign", err);
1217  goto fail;
1218  }
1219 
1220 fail:
1221  gcry_mpi_release (p);
1222  gcry_mpi_release (g);
1223  gcry_mpi_release (q);
1224  gcry_mpi_release (pub);
1225  gcry_mpi_release (r);
1226  gcry_mpi_release (s);
1227  gcry_mpi_release (data);
1228  gcry_sexp_release (ssig);
1229  gcry_sexp_release (skey);
1230  gcry_sexp_release (sdata);
1231 
1232  return retc;
1233 }

References CONST_INT, TC::i_val, mpi_from_named_parameter(), print_gcrypt_error(), TC::ref_count, TC::type, and TC::x.

Here is the call graph for this function:

◆ nasl_open_rc4_cipher()

tree_cell* nasl_open_rc4_cipher ( lex_ctxt lexic)

Nasl function to open RC4 cipher to encrypt a stream of data. The handler can be used to encrypt stream data. Open cipher must be close with close_stream_cipher() when it is not useful anymore.

Returns
Returns the id of the cipher handler encrypted data on success. Otherwise NULL.

Definition at line 1955 of file nasl_crypto2.c.

1956 {
1957  return nasl_open_stream_cipher (lexic, GCRY_CIPHER_ARCFOUR,
1958  GCRY_CIPHER_MODE_STREAM, "open_rc4_cipher");
1959 }

References nasl_open_stream_cipher().

Here is the call graph for this function:

◆ nasl_pem_to_dsa()

tree_cell* nasl_pem_to_dsa ( lex_ctxt lexic)

nasl function

pem_to_dsa(priv:PEM, passphrase:PASSPHRASE)

Reads the private key from the string priv which contains a private DSA key in PEM format. Passphrase is the passphrase needed to decrypt the private key. The function returns the parameter "x" of the DSA key as an MPI.

Definition at line 501 of file nasl_crypto2.c.

502 {
503  return nasl_pem_to (lexic, 1);
504 }

References nasl_pem_to().

Here is the call graph for this function:

◆ nasl_pem_to_rsa()

tree_cell* nasl_pem_to_rsa ( lex_ctxt lexic)

nasl function

pem_to_rsa(priv:PEM, passphrase:PASSPHRASE)

Reads the private key from the string priv which contains a private RSA key in PEM format. Passphrase is the passphrase needed to decrypt the private key. The function returns the parameter "d" of the RSA key as an MPI.

Definition at line 485 of file nasl_crypto2.c.

486 {
487  return nasl_pem_to (lexic, 0);
488 }

References nasl_pem_to().

Here is the call graph for this function:

◆ nasl_rc4_encrypt()

tree_cell* nasl_rc4_encrypt ( lex_ctxt lexic)

Nasl function to encrypt data with a RC4 cipher. If an hd param exist in the lexix context, it will use this handler to encrypt the data as part of a stream data. e.g.: rc4_encrypt(data: data, hd: hd)

Otherwise encrypts the data as block and the key is mandatory: e.g.: rc4_encrypt(data: data, key: key)

Returns
Returns the encrypted data on success. Otherwise NULL.

Definition at line 1928 of file nasl_crypto2.c.

1929 {
1930  int cipher_id;
1931  gcry_cipher_hd_t hd;
1932  cipher_id = get_int_var_by_name (lexic, "hd", -1);
1933 
1934  if (cipher_id >= 0)
1935  {
1936  hd = verify_cipher_id (lexic, cipher_id);
1937  if (hd == NULL)
1938  return NULL;
1939  return encrypt_stream_data (lexic, GCRY_CIPHER_ARCFOUR, "rc4_encrypt");
1940  }
1941 
1942  return crypt_data (lexic, GCRY_CIPHER_ARCFOUR, GCRY_CIPHER_MODE_STREAM,
1943  NASL_ENCRYPT);
1944 }

References crypt_data(), encrypt_stream_data(), get_int_var_by_name(), cipher_table_item::hd, NASL_ENCRYPT, and verify_cipher_id().

Here is the call graph for this function:

◆ nasl_rsa_private_decrypt()

tree_cell* nasl_rsa_private_decrypt ( lex_ctxt lexic)

nasl function

rsa_private_decrypt(data:data, d:mpi_d, e:mpi_e, n:mpi_n, pad:<TRUE:FALSE>)

Decrypt the provided data with the private RSA key given by its parameters d, e and n. The return value is the decrypted data in plaintext format.

TODO: In future releases, string support for padding should be removed

Definition at line 858 of file nasl_crypto2.c.

859 {
860  tree_cell *retc = NULL;
861  gcry_mpi_t e = NULL, n = NULL, d = NULL, dt = NULL;
862  gcry_sexp_t key = NULL, data = NULL, decrypted = NULL;
863  gcry_error_t err;
864  int type = get_var_type_by_name (lexic, "pad");
865  int pad = 0;
866 
867  if (type == VAR2_INT)
868  pad = get_int_var_by_name (lexic, "pad", 0);
870  else if (type == VAR2_STRING)
871  {
872  if (!strcmp (get_str_var_by_name (lexic, "pad"), "TRUE"))
873  pad = 1;
874  }
875  else
876  {
877  nasl_perror (lexic, "Syntax : rsa_public_encrypt(data:<d>,"
878  "n:<n>, e:<e>, pad:<TRUE:FALSE>)");
879  return NULL;
880  }
881 
882  retc = alloc_typed_cell (CONST_DATA);
883 
884  if (mpi_from_named_parameter (lexic, &dt, "data", "nasl_rsa_private_decrypt")
885  < 0)
886  goto fail;
887  if (mpi_from_named_parameter (lexic, &e, "e", "nasl_rsa_private_decrypt") < 0)
888  goto fail;
889  if (mpi_from_named_parameter (lexic, &n, "n", "nasl_rsa_private_decrypt") < 0)
890  goto fail;
891  if (mpi_from_named_parameter (lexic, &d, "d", "nasl_rsa_private_decrypt") < 0)
892  goto fail;
893 
894  err = gcry_sexp_build (&key, NULL, "(private-key (rsa (n %m) (e %m) (d %m)))",
895  n, e, d);
896  if (err)
897  {
898  print_gcrypt_error (lexic, "gcry_sexp_build privkey", err);
899  goto fail;
900  }
901 
902  if (pad == 1)
903  err =
904  gcry_sexp_build (&data, NULL, "(enc-val (flags pkcs1) (rsa (a %m)))", dt);
905  else
906  err =
907  gcry_sexp_build (&data, NULL, "(enc-val (flags raw) (rsa (a %m)))", dt);
908  if (err)
909  {
910  print_gcrypt_error (lexic, "gcry_sexp_build data", err);
911  goto fail;
912  }
913 
914  err = gcry_pk_decrypt (&decrypted, data, key);
915  if (err)
916  {
917  print_gcrypt_error (lexic, "gcry_pk_decrypt", err);
918  goto fail;
919  }
920 
921  if (pad == 1)
922  {
923  if (set_retc_from_sexp (retc, decrypted, "value") >= 0
924  && strip_pkcs1_padding (retc) >= 0)
925  goto ret;
926  }
927  else
928  {
929  if (set_retc_from_sexp (retc, decrypted, "value") >= 0)
930  goto ret;
931  }
932 
933 fail:
934  retc->size = 0;
935  retc->x.str_val = g_malloc0 (1);
936 ret:
937  gcry_sexp_release (decrypted);
938  gcry_sexp_release (key);
939  gcry_sexp_release (data);
940  gcry_mpi_release (dt);
941  gcry_mpi_release (e);
942  gcry_mpi_release (n);
943  gcry_mpi_release (d);
944  return retc;
945 }

References alloc_typed_cell(), CONST_DATA, get_int_var_by_name(), get_str_var_by_name(), get_var_type_by_name(), mpi_from_named_parameter(), nasl_perror(), print_gcrypt_error(), set_retc_from_sexp(), TC::size, TC::str_val, strip_pkcs1_padding(), VAR2_INT, VAR2_STRING, and TC::x.

Here is the call graph for this function:

◆ nasl_rsa_public_decrypt()

tree_cell* nasl_rsa_public_decrypt ( lex_ctxt lexic)

nasl function

rsa_public_decrypt(sig:signature, e:mpi_e, n:mpi_n)

Decrypt the data in signature (usually an rsa-encrypted hash) with the public RSA key given by its parameters e and n. The return value is the decrypted data.

Definition at line 957 of file nasl_crypto2.c.

958 {
959  tree_cell *retc = NULL;
960  gcry_mpi_t e = NULL, n = NULL, s = NULL;
961  gcry_sexp_t key = NULL, sig = NULL, decrypted = NULL;
962  gcry_error_t err;
963 
964  retc = alloc_typed_cell (CONST_DATA);
965 
966  if (mpi_from_named_parameter (lexic, &s, "sig", "nasl_rsa_public_decrypt")
967  < 0)
968  goto fail;
969  if (mpi_from_named_parameter (lexic, &e, "e", "nasl_rsa_public_decrypt") < 0)
970  goto fail;
971  if (mpi_from_named_parameter (lexic, &n, "n", "nasl_rsa_public_decrypt") < 0)
972  goto fail;
973 
974  err = gcry_sexp_build (&key, NULL, "(public-key (rsa (n %m) (e %m)))", n, e);
975  if (err)
976  {
977  print_gcrypt_error (lexic, "gcry_sexp_build pubkey", err);
978  goto fail;
979  }
980  err = gcry_sexp_build (&sig, NULL, "(data (flags raw) (value %m))", s);
981  if (err)
982  {
983  print_gcrypt_error (lexic, "gcry_sexp_build sig", err);
984  goto fail;
985  }
986 
987  /* gcry_pk_encrypt is equivalent to the public key decryption at least
988  * for RSA keys. */
989  err = gcry_pk_encrypt (&decrypted, sig, key);
990  if (err)
991  {
992  print_gcrypt_error (lexic, "gcry_pk_encrypt", err);
993  goto fail;
994  }
995 
996  if (set_retc_from_sexp (retc, decrypted, "a") >= 0
997  && strip_pkcs1_padding (retc) >= 0)
998  goto ret;
999 
1000 fail:
1001  retc->size = 0;
1002  retc->x.str_val = g_malloc0 (1);
1003 ret:
1004  gcry_sexp_release (decrypted);
1005  gcry_sexp_release (key);
1006  gcry_sexp_release (sig);
1007  gcry_mpi_release (s);
1008  gcry_mpi_release (e);
1009  gcry_mpi_release (n);
1010  return retc;
1011 }

References alloc_typed_cell(), CONST_DATA, mpi_from_named_parameter(), print_gcrypt_error(), set_retc_from_sexp(), TC::size, TC::str_val, strip_pkcs1_padding(), and TC::x.

Here is the call graph for this function:

◆ nasl_rsa_public_encrypt()

tree_cell* nasl_rsa_public_encrypt ( lex_ctxt lexic)

nasl function

rsa_public_encrypt(data:data, e:mpi_e, n:mpi_n, pad:<TRUE:FALSE>)

Encrypt the provided data with the public RSA key given by its parameters e and n. The return value is the encrypted data.

TODO: In future releases, string support for padding should be removed

Definition at line 766 of file nasl_crypto2.c.

767 {
768  tree_cell *retc = NULL;
769  gcry_mpi_t e = NULL, n = NULL, dt = NULL;
770  gcry_sexp_t key = NULL, data = NULL, encrypted = NULL;
771  gcry_error_t err;
772  int type = get_var_type_by_name (lexic, "pad");
773  int pad = 0;
774 
775  if (type == VAR2_INT)
776  pad = get_int_var_by_name (lexic, "pad", 0);
778  else if (type == VAR2_STRING)
779  {
780  if (!strcmp (get_str_var_by_name (lexic, "pad"), "TRUE"))
781  pad = 1;
782  }
783  else
784  {
785  nasl_perror (lexic, "Syntax : rsa_public_encrypt(data:<d>,"
786  "n:<n>, e:<e>, pad:<TRUE:FALSE>)");
787  return NULL;
788  }
789 
790  retc = alloc_typed_cell (CONST_DATA);
791 
792  if (mpi_from_named_parameter (lexic, &dt, "data", "nasl_rsa_public_encrypt")
793  < 0)
794  goto fail;
795  if (mpi_from_named_parameter (lexic, &e, "e", "nasl_rsa_public_encrypt") < 0)
796  goto fail;
797  if (mpi_from_named_parameter (lexic, &n, "n", "nasl_rsa_public_encrypt") < 0)
798  goto fail;
799 
800  err = gcry_sexp_build (&key, NULL, "(public-key (rsa (n %m) (e %m)))", n, e);
801  if (err)
802  {
803  print_gcrypt_error (lexic, "gcry_sexp_build pubkey", err);
804  goto fail;
805  }
806 
807  if (pad == 1)
808  err = gcry_sexp_build (&data, NULL, "(data (flags pkcs1) (value %m))", dt);
809  else
810  err = gcry_sexp_build (&data, NULL, "(data (flags raw) (value %m))", dt);
811  if (err)
812  {
813  print_gcrypt_error (lexic, "gcry_sexp_build data", err);
814  goto fail;
815  }
816 
817  err = gcry_pk_encrypt (&encrypted, data, key);
818  if (err)
819  {
820  print_gcrypt_error (lexic, "gcry_pk_encrypt", err);
821  goto fail;
822  }
823 
824  if (pad == 1)
825  {
826  if (set_retc_from_sexp (retc, encrypted, "a") >= 0
827  && strip_pkcs1_padding (retc) >= 0)
828  goto ret;
829  }
830  else
831  {
832  if (set_retc_from_sexp (retc, encrypted, "a") >= 0)
833  goto ret;
834  }
835 
836 fail:
837  retc->size = 0;
838  retc->x.str_val = g_malloc0 (1);
839 ret:
840  gcry_sexp_release (encrypted);
841  gcry_sexp_release (key);
842  gcry_sexp_release (data);
843  gcry_mpi_release (dt);
844  gcry_mpi_release (e);
845  gcry_mpi_release (n);
846  return retc;
847 }

References alloc_typed_cell(), CONST_DATA, get_int_var_by_name(), get_str_var_by_name(), get_var_type_by_name(), mpi_from_named_parameter(), nasl_perror(), print_gcrypt_error(), set_retc_from_sexp(), TC::size, TC::str_val, strip_pkcs1_padding(), VAR2_INT, VAR2_STRING, and TC::x.

Here is the call graph for this function:

◆ nasl_rsa_sign()

tree_cell* nasl_rsa_sign ( lex_ctxt lexic)

nasl function

rsa_sign(data:hash, priv:pem, passphrase:passphrase)

Signs the data with the private RSA key priv given in PEM format. The passphrase is the passphrase needed to decrypt the private key. Returns the signed data.

In the OpenSSL based nasl, the key was not given in PEM form and with a passphrase. Instead it was given as the RSA parameters e, n and d. libgcrypt always requires all the parameters (including p, g, and u), so this function was changed to simply accept the full private key in PEM form. The one place where it was called had that the key available in that form.

Definition at line 1094 of file nasl_crypto2.c.

1095 {
1096  tree_cell *retc = NULL;
1097  char *data;
1098  int data_size;
1099  gcry_sexp_t ssig = NULL, sdata = NULL, skey = NULL;
1100  gnutls_x509_privkey_t priv_key = NULL;
1101  gcry_error_t err;
1102 
1103  retc = alloc_typed_cell (CONST_DATA);
1104 
1105  data = get_str_var_by_name (lexic, "data");
1106  data_size = get_var_size_by_name (lexic, "data");
1107  if (!data)
1108  goto fail;
1109 
1110  priv_key = nasl_load_privkey_param (lexic, "priv", "passphrase");
1111  if (!priv_key)
1112  goto fail;
1113 
1114  err = gcry_sexp_build (&sdata, NULL, "(data (flags pkcs1) (hash sha1 %b))",
1115  data_size, data);
1116  if (err)
1117  {
1118  print_gcrypt_error (lexic, "gcry_sexp_build for data", err);
1119  goto fail;
1120  }
1121 
1122  skey = nasl_sexp_from_privkey (lexic, priv_key);
1123  if (!skey)
1124  goto fail;
1125 
1126  err = gcry_pk_sign (&ssig, sdata, skey);
1127  if (err)
1128  {
1129  print_gcrypt_error (lexic, "gcry_pk_sign", err);
1130  goto fail;
1131  }
1132 
1133  if (set_retc_from_sexp (retc, ssig, "s") >= 0)
1134  goto ret;
1135 
1136 fail:
1137  retc->size = 0;
1138  retc->x.str_val = g_malloc0 (1);
1139 ret:
1140  gcry_sexp_release (ssig);
1141  gcry_sexp_release (sdata);
1142  gcry_sexp_release (skey);
1143  gnutls_x509_privkey_deinit (priv_key);
1144  return retc;
1145 }

References alloc_typed_cell(), CONST_DATA, get_str_var_by_name(), get_var_size_by_name(), nasl_load_privkey_param(), nasl_sexp_from_privkey(), print_gcrypt_error(), set_retc_from_sexp(), TC::size, TC::str_val, and TC::x.

Here is the call graph for this function:

◆ nasl_smb3kdf()

tree_cell* nasl_smb3kdf ( lex_ctxt lexic)

Add the SMB3KDF as specified in [SP800-108] section 5.1.

Parameters
lexic
Returns
tree_cell*

Definition at line 2111 of file nasl_crypto2.c.

2112 {
2113  gcry_mac_hd_t hd;
2114  gcry_error_t error;
2115  void *result, *key, *label, *context, *buf;
2116  u_char *tmp;
2117  size_t resultlen, keylen, labellen, contextlen, buflen, r = 4;
2118  long lvalue;
2119  int i = 1;
2120  tree_cell *retc;
2121 
2122  key = get_str_var_by_name (lexic, "key");
2123  keylen = get_var_size_by_name (lexic, "key");
2124  label = get_str_var_by_name (lexic, "label");
2125  labellen = get_var_size_by_name (lexic, "label");
2126  context = get_str_var_by_name (lexic, "ctx");
2127  contextlen = get_var_size_by_name (lexic, "ctx");
2128  lvalue = get_int_var_by_name (lexic, "lvalue", 0);
2129 
2130  if (!key || keylen <= 0 || !label || labellen <= 0 || !context
2131  || contextlen <= 0)
2132  {
2133  nasl_perror (
2134  lexic, "Syntax: nasl_smb3kdf: Missing key, label or context argument");
2135  return NULL;
2136  }
2137 
2138  if (lvalue != 128 && lvalue != 256)
2139  {
2140  nasl_perror (lexic,
2141  "nasl_smb3kdf: lvalue must have a value of 128 or 256");
2142  return NULL;
2143  }
2144 
2145  if ((error = gcry_mac_open (&hd, GCRY_MAC_HMAC_SHA256, 0, NULL)))
2146  {
2147  nasl_perror (lexic, "gcry_mac_open: %s", gcry_strerror (error));
2148  gcry_mac_close (hd);
2149  return NULL;
2150  }
2151 
2152  if ((error = gcry_mac_setkey (hd, key, keylen)))
2153  {
2154  nasl_perror (lexic, "gcry_mac_setkey: %s", gcry_strerror (error));
2155  gcry_mac_close (hd);
2156  return NULL;
2157  }
2158 
2159  resultlen = lvalue / 8;
2160 
2161  // Prepare buffer as in [SP800-108] section 5.1
2162  // [i]2 || Label || 0x00 || Context || [L]2
2163  // [i]2 is the binary presentation of the iteration. Allways 1
2164  // Label is given by caller
2165  // 0x00 is a byte set to 0
2166  // Context is given by caller
2167  // L is a integer set to 128 or 256 for smb3kdf
2168  buflen = r + labellen + 1 + contextlen + 4;
2169  buf = g_malloc0 (buflen);
2170  tmp = buf;
2171 
2172  // We need bytes in big endian, but they are currently stored as little endian
2173  i = htonl (i);
2174  memcpy (tmp, &i, r);
2175  tmp = tmp + r;
2176 
2177  memcpy (tmp, label, labellen);
2178  tmp = tmp + labellen;
2179  *tmp = 0;
2180  tmp = tmp + 1;
2181  memcpy (tmp, context, contextlen);
2182  tmp = tmp + contextlen;
2183 
2184  // We need bytes in big endian, but they are currently stored as little endian
2185  lvalue = htonl (lvalue);
2186  memcpy (tmp, &lvalue, 4);
2187 
2188  if ((error = gcry_mac_write (hd, buf, buflen)))
2189  {
2190  g_message ("gcry_mac_write: %s", gcry_strerror (error));
2191  gcry_mac_close (hd);
2192  g_free (buf);
2193  return NULL;
2194  }
2195 
2196  result = g_malloc0 (resultlen);
2197  if ((error = gcry_mac_read (hd, result, &resultlen)))
2198  {
2199  g_message ("gcry_mac_read: %s", gcry_strerror (error));
2200  gcry_mac_close (hd);
2201  g_free (buf);
2202  g_free (result);
2203  return NULL;
2204  }
2205 
2206  g_free (buf);
2207  gcry_mac_close (hd);
2208  retc = alloc_typed_cell (CONST_DATA);
2209  retc->x.str_val = result;
2210  retc->size = resultlen;
2211  return retc;
2212 }

References alloc_typed_cell(), CONST_DATA, get_int_var_by_name(), get_str_var_by_name(), get_var_size_by_name(), cipher_table_item::hd, nasl_perror(), TC::size, TC::str_val, and TC::x.

Here is the call graph for this function:
set_mpi_retc
static int set_mpi_retc(tree_cell *retc, gcry_mpi_t mpi)
Sets the return value in retc from the MPI mpi.
Definition: nasl_crypto2.c:254
nasl_sexp_from_privkey
static gcry_sexp_t nasl_sexp_from_privkey(lex_ctxt *lexic, gnutls_x509_privkey_t privkey)
Definition: nasl_crypto2.c:1018
CONST_DATA
@ CONST_DATA
Definition: nasl_tree.h:82
get_var_size_by_name
int get_var_size_by_name(lex_ctxt *, const char *)
Definition: nasl_var.c:1138
set_retc_from_sexp
static int set_retc_from_sexp(tree_cell *retc, gcry_sexp_t sexp, const char *token)
Sets the return value in retc from an sexpression.
Definition: nasl_crypto2.c:698
TC::str_val
char * str_val
Definition: nasl_tree.h:103
print_gcrypt_error
static void print_gcrypt_error(lex_ctxt *lexic, char *function, int err)
Prints a libgcrypt error.
Definition: nasl_crypto2.c:82
TC::x
union TC::@5 x
nasl_open_stream_cipher
static tree_cell * nasl_open_stream_cipher(lex_ctxt *lexic, int cipher, int mode, const char *caller_func)
Open a stream cipher. This function creates a context handle and stores it in a cipher table....
Definition: nasl_crypto2.c:1531
get_str_var_by_name
char * get_str_var_by_name(lex_ctxt *, const char *)
Definition: nasl_var.c:1118
mpi_from_named_parameter
static int mpi_from_named_parameter(lex_ctxt *lexic, gcry_mpi_t *dest, const char *parameter, const char *function)
Converts a named nasl parameter to a gcry_mpi_t.
Definition: nasl_crypto2.c:220
VAR2_STRING
@ VAR2_STRING
Definition: nasl_var.h:17
encrypt_stream_data
static tree_cell * encrypt_stream_data(lex_ctxt *lexic, int cipher, const char *caller_func)
Encrypt data using an existent cipher handle. As the handler is not close, the key is updated to encr...
Definition: nasl_crypto2.c:1609
NASL_ENCRYPT
#define NASL_ENCRYPT
Definition: nasl_crypto2.c:38
VAR2_INT
@ VAR2_INT
Definition: nasl_var.h:16
nasl_perror
void nasl_perror(lex_ctxt *lexic, char *msg,...)
Definition: nasl_debug.c:111
get_var_type_by_name
int get_var_type_by_name(lex_ctxt *, const char *)
Definition: nasl_var.c:1162
TC::size
int size
Definition: nasl_tree.h:99
SIGBLOB_LEN
#define SIGBLOB_LEN
Definition: nasl_crypto2.c:36
get_int_var_by_name
long int get_int_var_by_name(lex_ctxt *, const char *, int)
Definition: nasl_var.c:1104
calc_dh_public
static gcry_mpi_t calc_dh_public(gcry_mpi_t g, gcry_mpi_t prime, gcry_mpi_t priv)
compute the diffie hellman public key.
Definition: nasl_crypto2.c:518
crypt_data
static tree_cell * crypt_data(lex_ctxt *lexic, int cipher, int mode, int flags)
Definition: nasl_crypto2.c:1742
TC::ref_count
short ref_count
Definition: nasl_tree.h:98
nasl_pem_to
static tree_cell * nasl_pem_to(lex_ctxt *lexic, int type)
Implements the nasl functions pem_to_rsa and pem_to_dsa.
Definition: nasl_crypto2.c:403
nasl_mac
static tree_cell * nasl_mac(lex_ctxt *lexic, int algo, int flags)
Definition: nasl_crypto2.c:1694
TC
Definition: nasl_tree.h:94
TC::type
short type
Definition: nasl_tree.h:95
nasl_bf_cbc
static tree_cell * nasl_bf_cbc(lex_ctxt *lexic, int enc)
Implements the nasl functions bf_cbc_encrypt and bf_cbc_decrypt.
Definition: nasl_crypto2.c:1358
delete_cipher_item
static void delete_cipher_item(int cipher_id)
Free and remove a cipher handler from the cipher table.
Definition: nasl_crypto2.c:165
NASL_AAD
#define NASL_AAD
Definition: nasl_crypto2.c:40
CONST_INT
@ CONST_INT
Definition: nasl_tree.h:79
nasl_load_privkey_param
static gnutls_x509_privkey_t nasl_load_privkey_param(lex_ctxt *lexic, const char *priv_name, const char *passphrase_name)
Loads a private key from a string.
Definition: nasl_crypto2.c:357
alloc_typed_cell
tree_cell * alloc_typed_cell(int typ)
Definition: nasl_tree.c:28
NASL_DECRYPT
#define NASL_DECRYPT
Definition: nasl_crypto2.c:39
strip_pkcs1_padding
static int strip_pkcs1_padding(tree_cell *retc)
Strips PKCS#1 padding from the string in retc.
Definition: nasl_crypto2.c:716
verify_cipher_id
static gcry_cipher_hd_t verify_cipher_id(lex_ctxt *lexic, int cipher_id)
Helper function to validate the cipher id.
Definition: nasl_crypto2.c:130
INTBLOB_LEN
#define INTBLOB_LEN
Definition: nasl_crypto2.c:35
calc_dh_key
static gcry_mpi_t calc_dh_key(gcry_mpi_t pub, gcry_mpi_t prime, gcry_mpi_t priv)
Compute the diffie hellman shared secret key.
Definition: nasl_crypto2.c:545
TC::i_val
long int i_val
Definition: nasl_tree.h:104
extract_mpi_from_sexp
static gcry_mpi_t extract_mpi_from_sexp(gcry_sexp_t sexp, const char *token)
Extracts an MPI value from a libgcryt s-expression.
Definition: nasl_crypto2.c:668