OpenVAS Scanner  22.7.9
nasl_crypto2.c File Reference

This file contains all the crypto functionality needed by the SSH protocol. More...

#include "nasl_crypto2.h"
#include "../misc/strutils.h"
#include "nasl_crypto_helper.h"
#include "nasl_debug.h"
#include "nasl_func.h"
#include "nasl_global_ctxt.h"
#include "nasl_lex_ctxt.h"
#include "nasl_misc_funcs.h"
#include "nasl_packet_forgery.h"
#include "nasl_tree.h"
#include "nasl_var.h"
#include <arpa/inet.h>
#include <gcrypt.h>
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
#include <gpg-error.h>
#include <gvm/base/logging.h>
#include <stddef.h>
#include <stdlib.h>
Include dependency graph for nasl_crypto2.c:

Go to the source code of this file.

Data Structures

struct  cipher_table_item
 Struct holding a cipher handler. More...
 

Macros

#define INTBLOB_LEN   20
 
#define SIGBLOB_LEN   (2 * INTBLOB_LEN)
 
#define MAX_CIPHER_ID   32
 
#define NASL_ENCRYPT   0
 
#define NASL_DECRYPT   1
 
#define NASL_AAD   2
 
#define G_LOG_DOMAIN   "lib nasl"
 GLib logging domain. More...
 
#define NUM_RSA_PARAMS   6
 Creates a libgcryt s-expression from a GnuTLS private RSA key. More...
 

Typedefs

typedef struct cipher_table_item cipher_table_item_t
 

Functions

static void print_tls_error (lex_ctxt *lexic, char *txt, int err)
 Prints a GnuTLS error. More...
 
static void print_gcrypt_error (lex_ctxt *lexic, char *function, int err)
 Prints a libgcrypt error. More...
 
static int find_cipher_hd (cipher_table_item_t *cipher_elem, int *id)
 Helper function to find cipher id in the table. More...
 
static int get_new_cipher_id (void)
 Helper function to get a free id for a new cipher. More...
 
static gcry_cipher_hd_t verify_cipher_id (lex_ctxt *lexic, int cipher_id)
 Helper function to validate the cipher id. More...
 
static cipher_table_item_tcipher_table_item_new (void)
 Create a new cipher handler item parameter. More...
 
static void delete_cipher_item (int cipher_id)
 Free and remove a cipher handler from the cipher table. More...
 
static int mpi_from_string (lex_ctxt *lexic, gcry_mpi_t *dest, void *data, size_t len, const char *parameter, const char *function)
 Converts a string to a gcry_mpi_t. More...
 
static int mpi_from_named_parameter (lex_ctxt *lexic, gcry_mpi_t *dest, const char *parameter, const char *function)
 Converts a named nasl parameter to a gcry_mpi_t. More...
 
static int set_mpi_retc (tree_cell *retc, gcry_mpi_t mpi)
 Sets the return value in retc from the MPI mpi. More...
 
tree_cellnasl_bn_cmp (lex_ctxt *lexic)
 
tree_cellnasl_bn_random (lex_ctxt *lexic)
 
static gnutls_x509_privkey_t nasl_load_privkey_param (lex_ctxt *lexic, const char *priv_name, const char *passphrase_name)
 Loads a private key from a string. More...
 
static tree_cellnasl_pem_to (lex_ctxt *lexic, int type)
 Implements the nasl functions pem_to_rsa and pem_to_dsa. More...
 
tree_cellnasl_pem_to_rsa (lex_ctxt *lexic)
 
tree_cellnasl_pem_to_dsa (lex_ctxt *lexic)
 
static gcry_mpi_t calc_dh_public (gcry_mpi_t g, gcry_mpi_t prime, gcry_mpi_t priv)
 compute the diffie hellman public key. More...
 
static gcry_mpi_t calc_dh_key (gcry_mpi_t pub, gcry_mpi_t prime, gcry_mpi_t priv)
 Compute the diffie hellman shared secret key. More...
 
tree_cellnasl_dh_generate_key (lex_ctxt *lexic)
 
tree_cellnasl_dh_compute_key (lex_ctxt *lexic)
 
static gcry_mpi_t extract_mpi_from_sexp (gcry_sexp_t sexp, const char *token)
 Extracts an MPI value from a libgcryt s-expression. More...
 
static int set_retc_from_sexp (tree_cell *retc, gcry_sexp_t sexp, const char *token)
 Sets the return value in retc from an sexpression. More...
 
static int strip_pkcs1_padding (tree_cell *retc)
 Strips PKCS#1 padding from the string in retc. More...
 
tree_cellnasl_rsa_public_encrypt (lex_ctxt *lexic)
 
tree_cellnasl_rsa_private_decrypt (lex_ctxt *lexic)
 
tree_cellnasl_rsa_public_decrypt (lex_ctxt *lexic)
 
static gcry_sexp_t nasl_sexp_from_privkey (lex_ctxt *lexic, gnutls_x509_privkey_t privkey)
 
tree_cellnasl_rsa_sign (lex_ctxt *lexic)
 
tree_cellnasl_dsa_do_verify (lex_ctxt *lexic)
 
tree_cellnasl_dsa_do_sign (lex_ctxt *lexic)
 
static tree_cellnasl_bf_cbc (lex_ctxt *lexic, int enc)
 Implements the nasl functions bf_cbc_encrypt and bf_cbc_decrypt. More...
 
tree_cellnasl_bf_cbc_encrypt (lex_ctxt *lexic)
 
tree_cellnasl_bf_cbc_decrypt (lex_ctxt *lexic)
 
static tree_cellnasl_open_stream_cipher (lex_ctxt *lexic, int cipher, int mode, const char *caller_func)
 Open a stream cipher. This function creates a context handle and stores it in a cipher table. Open cipher must be deleted with delete_cipher_item() at the end of the stream encryption. More...
 
static tree_cellencrypt_stream_data (lex_ctxt *lexic, int cipher, const char *caller_func)
 Encrypt data using an existent cipher handle. As the handler is not close, the key is updated to encrypt the next block of the stream data. More...
 
tree_cellnasl_close_stream_cipher (lex_ctxt *lexic)
 Nasl function to delete a cipher item from the cipher table. More...
 
static tree_cellnasl_mac (lex_ctxt *lexic, int algo, int flags)
 
tree_cellnasl_aes_mac_cbc (lex_ctxt *lexic)
 
tree_cellnasl_aes_mac_gcm (lex_ctxt *lexic)
 
static tree_cellcrypt_data (lex_ctxt *lexic, int cipher, int mode, int flags)
 
tree_cellnasl_rc4_encrypt (lex_ctxt *lexic)
 Nasl function to encrypt data with a RC4 cipher. If an hd param exist in the lexix context, it will use this handler to encrypt the data as part of a stream data. e.g.: rc4_encrypt(data: data, hd: hd) More...
 
tree_cellnasl_open_rc4_cipher (lex_ctxt *lexic)
 Nasl function to open RC4 cipher to encrypt a stream of data. The handler can be used to encrypt stream data. Open cipher must be close with close_stream_cipher() when it is not useful anymore. More...
 
tree_cellnasl_aes128_cbc_encrypt (lex_ctxt *lexic)
 
tree_cellnasl_aes256_cbc_encrypt (lex_ctxt *lexic)
 
tree_cellnasl_aes128_ctr_encrypt (lex_ctxt *lexic)
 
tree_cellnasl_aes256_ctr_encrypt (lex_ctxt *lexic)
 
tree_cellnasl_des_ede_cbc_encrypt (lex_ctxt *lexic)
 
tree_cellnasl_aes128_gcm_encrypt (lex_ctxt *lexic)
 
tree_cellnasl_aes128_gcm_encrypt_auth (lex_ctxt *lexic)
 
tree_cellnasl_aes128_gcm_decrypt (lex_ctxt *lexic)
 
tree_cellnasl_aes128_gcm_decrypt_auth (lex_ctxt *lexic)
 
tree_cellnasl_aes256_gcm_encrypt (lex_ctxt *lexic)
 
tree_cellnasl_aes256_gcm_encrypt_auth (lex_ctxt *lexic)
 
tree_cellnasl_aes256_gcm_decrypt (lex_ctxt *lexic)
 
tree_cellnasl_aes256_gcm_decrypt_auth (lex_ctxt *lexic)
 
tree_cellnasl_aes128_ccm_encrypt (lex_ctxt *lexic)
 
tree_cellnasl_aes128_ccm_encrypt_auth (lex_ctxt *lexic)
 
tree_cellnasl_aes128_ccm_decrypt (lex_ctxt *lexic)
 
tree_cellnasl_aes128_ccm_decrypt_auth (lex_ctxt *lexic)
 
tree_cellnasl_aes256_ccm_encrypt (lex_ctxt *lexic)
 
tree_cellnasl_aes256_ccm_encrypt_auth (lex_ctxt *lexic)
 
tree_cellnasl_aes256_ccm_decrypt (lex_ctxt *lexic)
 
tree_cellnasl_aes256_ccm_decrypt_auth (lex_ctxt *lexic)
 
tree_cellnasl_smb3kdf (lex_ctxt *lexic)
 Add the SMB3KDF as specified in [SP800-108] section 5.1. More...
 

Variables

static GList * cipher_table = NULL
 List of open cipher handler. More...
 

Detailed Description

This file contains all the crypto functionality needed by the SSH protocol.

Definition in file nasl_crypto2.c.

Macro Definition Documentation

◆ G_LOG_DOMAIN

#define G_LOG_DOMAIN   "lib nasl"

GLib logging domain.

Definition at line 46 of file nasl_crypto2.c.

◆ INTBLOB_LEN

#define INTBLOB_LEN   20

Definition at line 35 of file nasl_crypto2.c.

◆ MAX_CIPHER_ID

#define MAX_CIPHER_ID   32

Definition at line 37 of file nasl_crypto2.c.

◆ NASL_AAD

#define NASL_AAD   2

Definition at line 40 of file nasl_crypto2.c.

◆ NASL_DECRYPT

#define NASL_DECRYPT   1

Definition at line 39 of file nasl_crypto2.c.

◆ NASL_ENCRYPT

#define NASL_ENCRYPT   0

Definition at line 38 of file nasl_crypto2.c.

◆ NUM_RSA_PARAMS

#define NUM_RSA_PARAMS   6

Creates a libgcryt s-expression from a GnuTLS private RSA key.

Definition at line 1016 of file nasl_crypto2.c.

◆ SIGBLOB_LEN

#define SIGBLOB_LEN   (2 * INTBLOB_LEN)

Definition at line 36 of file nasl_crypto2.c.

Typedef Documentation

◆ cipher_table_item_t

Definition at line 51 of file nasl_crypto2.c.

Function Documentation

◆ calc_dh_key()

static gcry_mpi_t calc_dh_key ( gcry_mpi_t  pub,
gcry_mpi_t  prime,
gcry_mpi_t  priv 
)
static

Compute the diffie hellman shared secret key.

Neither GnuTLS nor libgcrypt contain a direct counterpart to OpenSSL's DH_compute_key, so we implement it ourselves. This function was copied from from gnutls and adapted to use gcrypt directly and to use a private key given as parameter to the function.

Returns
The key on success and NULL on failure.

Definition at line 545 of file nasl_crypto2.c.

546 {
547  gcry_mpi_t e;
548 
549  e = gcry_mpi_new (gcry_mpi_get_nbits (prime));
550  if (e == NULL)
551  {
552  return NULL;
553  }
554 
555  gcry_mpi_powm (e, pub, priv, prime);
556 
557  return e;
558 }

Referenced by nasl_dh_compute_key().

Here is the caller graph for this function:

◆ calc_dh_public()

static gcry_mpi_t calc_dh_public ( gcry_mpi_t  g,
gcry_mpi_t  prime,
gcry_mpi_t  priv 
)
static

compute the diffie hellman public key.

Neither GnuTLS nor Libgcrypt contain a direct counterpart to OpenSSL's DH_generate_key, so we implement it ourselves. This function was copied from from gnutls and adapted to use gcrypt directly and to use a private key given as parameter to the function.

Returns
The key on success and NULL on failure.

Definition at line 518 of file nasl_crypto2.c.

519 {
520  gcry_mpi_t e;
521 
522  e = gcry_mpi_new (gcry_mpi_get_nbits (prime));
523  if (e == NULL)
524  {
525  return NULL;
526  }
527 
528  gcry_mpi_powm (e, g, priv, prime);
529 
530  return e;
531 }

Referenced by nasl_dh_generate_key().

Here is the caller graph for this function:

◆ cipher_table_item_new()

static cipher_table_item_t* cipher_table_item_new ( void  )
static

Create a new cipher handler item parameter.

Returns
New cipher handler item.

Definition at line 153 of file nasl_crypto2.c.

154 {
155  return g_malloc0 (sizeof (cipher_table_item_t));
156 }

Referenced by nasl_open_stream_cipher().

Here is the caller graph for this function:

◆ crypt_data()

static tree_cell* crypt_data ( lex_ctxt lexic,
int  cipher,
int  mode,
int  flags 
)
static

Definition at line 1742 of file nasl_crypto2.c.

1743 {
1744  gcry_cipher_hd_t hd;
1745  gcry_error_t error;
1746  void *data, *key, *iv, *aad;
1747  unsigned char *result = NULL, *auth = NULL;
1748  size_t resultlen, datalen, keylen, ivlen, aadlen, authlen, len;
1749  tree_cell *retc;
1750 
1751  data = get_str_var_by_name (lexic, "data");
1752  datalen = get_var_size_by_name (lexic, "data");
1753  key = get_str_var_by_name (lexic, "key");
1754  keylen = get_var_size_by_name (lexic, "key");
1755  iv = get_str_var_by_name (lexic, "iv");
1756  ivlen = get_var_size_by_name (lexic, "iv");
1757  aad = get_str_var_by_name (lexic, "aad");
1758  aadlen = get_var_size_by_name (lexic, "aad");
1759  len = get_int_var_by_name (lexic, "len", 0);
1760 
1761  if (!data || datalen == 0 || !key || keylen == 0)
1762  {
1763  nasl_perror (lexic, "Syntax: crypt_data: Missing data or key argument");
1764  return NULL;
1765  }
1766 
1767  if (flags & NASL_DECRYPT && len <= 0)
1768  {
1769  nasl_perror (lexic,
1770  "Syntax: crypt_data: Missing or invalid len argument");
1771  return NULL;
1772  }
1773 
1774  if ((error = gcry_cipher_open (&hd, cipher, mode, 0)))
1775  {
1776  nasl_perror (lexic, "gcry_cipher_open: %s", gcry_strerror (error));
1777  gcry_cipher_close (hd);
1778  return NULL;
1779  }
1780 
1781  if ((error = gcry_cipher_setkey (hd, key, keylen)))
1782  {
1783  nasl_perror (lexic, "gcry_cipher_setkey: %s", gcry_strerror (error));
1784  gcry_cipher_close (hd);
1785  return NULL;
1786  }
1787 
1788  if (iv && ivlen)
1789  {
1790  if ((error = gcry_cipher_setiv (hd, iv, ivlen)))
1791  {
1792  nasl_perror (lexic, "gcry_cipher_setiv: %s", gcry_strerror (error));
1793  gcry_cipher_close (hd);
1794  return NULL;
1795  }
1796  }
1797 
1798  if (flags & NASL_DECRYPT)
1799  {
1800  resultlen = len;
1801  }
1802  else
1803  {
1804  if (cipher == GCRY_CIPHER_ARCFOUR || mode == GCRY_CIPHER_MODE_CCM)
1805  resultlen = datalen;
1806  else if (cipher == GCRY_CIPHER_3DES)
1807  resultlen = ((datalen / 8) + 1) * 8;
1808  else if (cipher == GCRY_CIPHER_AES128)
1809  resultlen = datalen;
1810  else if (cipher == GCRY_CIPHER_AES256)
1811  resultlen = datalen;
1812  else
1813  {
1814  nasl_perror (lexic, "encrypt_data: Unknown cipher %d", cipher);
1815  gcry_cipher_close (hd);
1816  return NULL;
1817  }
1818  }
1819 
1820  if (mode == GCRY_CIPHER_MODE_CCM)
1821  {
1822  u_int64_t params[3];
1823  params[0] = datalen;
1824  params[1] = aadlen;
1825  params[2] = 16;
1826  if ((error = gcry_cipher_ctl (hd, GCRYCTL_SET_CCM_LENGTHS, params,
1827  sizeof (params))))
1828  {
1829  nasl_perror (lexic, "gcry_cipher_ctl: %s", gcry_strerror (error));
1830  gcry_cipher_close (hd);
1831  return NULL;
1832  }
1833  }
1834  if (flags & NASL_AAD)
1835  {
1836  if (!aad || aadlen == 0)
1837  {
1838  nasl_perror (
1839  lexic, "Syntax: crypt_data: Missing or invalid aad value required");
1840  gcry_cipher_close (hd);
1841  return NULL;
1842  }
1843 
1844  if ((error = gcry_cipher_authenticate (hd, aad, aadlen)))
1845  {
1846  nasl_perror (lexic, "gcry_cipher_authenticate: %s",
1847  gcry_strerror (error));
1848  gcry_cipher_close (hd);
1849  return NULL;
1850  }
1851  }
1852 
1853  result = g_malloc0 (resultlen);
1854  if (flags & NASL_DECRYPT)
1855  {
1856  if ((error =
1857  gcry_cipher_decrypt (hd, result, resultlen, data, resultlen)))
1858  {
1859  g_message ("gcry_cipher_decrypt: %s", gcry_strerror (error));
1860  gcry_cipher_close (hd);
1861  g_free (result);
1862  return NULL;
1863  }
1864  }
1865  else
1866  {
1867  if ((error =
1868  gcry_cipher_encrypt (hd, result, resultlen, data, resultlen)))
1869  {
1870  g_message ("gcry_cipher_encrypt: %s", gcry_strerror (error));
1871  gcry_cipher_close (hd);
1872  g_free (result);
1873  return NULL;
1874  }
1875  }
1876 
1877  if (flags & NASL_AAD)
1878  {
1879  authlen = 16;
1880  auth = g_malloc0 (authlen);
1881 
1882  if ((error = gcry_cipher_gettag (hd, auth, authlen)))
1883  {
1884  g_message ("gcry_cipher_gettag: %s", gcry_strerror (error));
1885  gcry_cipher_close (hd);
1886  g_free (result);
1887  g_free (auth);
1888  return NULL;
1889  }
1890  gcry_cipher_close (hd);
1891 
1892  anon_nasl_var v;
1893  retc = alloc_typed_cell (DYN_ARRAY);
1894  retc->x.ref_val = g_malloc0 (sizeof (nasl_array));
1895  memset (&v, 0, sizeof (v));
1896  v.var_type = VAR2_DATA;
1897  v.v.v_str.s_val = result;
1898  v.v.v_str.s_siz = resultlen;
1899  add_var_to_list (retc->x.ref_val, 0, &v);
1900 
1901  memset (&v, 0, sizeof (v));
1902  v.var_type = VAR2_DATA;
1903  v.v.v_str.s_val = auth;
1904  v.v.v_str.s_siz = authlen;
1905  add_var_to_list (retc->x.ref_val, 1, &v);
1906  return retc;
1907  }
1908 
1909  gcry_cipher_close (hd);
1910  retc = alloc_typed_cell (CONST_DATA);
1911  retc->x.str_val = (char *) result;
1912  retc->size = resultlen;
1913  return retc;
1914 }

References add_var_to_list(), alloc_typed_cell(), CONST_DATA, DYN_ARRAY, get_int_var_by_name(), get_str_var_by_name(), get_var_size_by_name(), cipher_table_item::hd, len, NASL_AAD, NASL_DECRYPT, nasl_perror(), TC::ref_val, st_nasl_string::s_siz, st_nasl_string::s_val, TC::size, TC::str_val, st_a_nasl_var::v, st_a_nasl_var::v_str, VAR2_DATA, st_a_nasl_var::var_type, and TC::x.

Referenced by nasl_aes128_cbc_encrypt(), nasl_aes128_ccm_decrypt(), nasl_aes128_ccm_decrypt_auth(), nasl_aes128_ccm_encrypt(), nasl_aes128_ccm_encrypt_auth(), nasl_aes128_ctr_encrypt(), nasl_aes128_gcm_decrypt(), nasl_aes128_gcm_decrypt_auth(), nasl_aes128_gcm_encrypt(), nasl_aes128_gcm_encrypt_auth(), nasl_aes256_cbc_encrypt(), nasl_aes256_ccm_decrypt(), nasl_aes256_ccm_decrypt_auth(), nasl_aes256_ccm_encrypt(), nasl_aes256_ccm_encrypt_auth(), nasl_aes256_ctr_encrypt(), nasl_aes256_gcm_decrypt(), nasl_aes256_gcm_decrypt_auth(), nasl_aes256_gcm_encrypt(), nasl_aes256_gcm_encrypt_auth(), nasl_des_ede_cbc_encrypt(), and nasl_rc4_encrypt().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ delete_cipher_item()

static void delete_cipher_item ( int  cipher_id)
static

Free and remove a cipher handler from the cipher table.

Parameters
[in]cipher_idID of the cipher handler to free and remove.
Returns
0 on success, -1 on error.

Definition at line 165 of file nasl_crypto2.c.

166 {
167  GList *hd_item;
169 
170  hd_item = g_list_find_custom (cipher_table, &cipher_id,
171  (GCompareFunc) find_cipher_hd);
172  hd = (cipher_table_item_t *) hd_item->data;
173  gcry_cipher_close ((gcry_cipher_hd_t) hd->hd);
174  cipher_table = g_list_remove (cipher_table, hd_item->data);
175  g_free (hd_item->data);
176 }

References cipher_table, find_cipher_hd(), and cipher_table_item::hd.

Referenced by encrypt_stream_data(), and nasl_close_stream_cipher().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ encrypt_stream_data()

static tree_cell* encrypt_stream_data ( lex_ctxt lexic,
int  cipher,
const char *  caller_func 
)
static

Encrypt data using an existent cipher handle. As the handler is not close, the key is updated to encrypt the next block of the stream data.

Parameters
[in]cipherThe cipher algorithm. It must be the same used for the handler. It is used to prepare the data. Only GCRY_CIPHER_ARCFOUR is currently supported.
[in]caller_funcName of the caller function to be logged in case of error.
Returns
Returns the encrypted data on success. Otherwise NULL.

Definition at line 1609 of file nasl_crypto2.c.

1610 {
1611  gcry_cipher_hd_t hd;
1612  gcry_error_t error;
1613  void *result, *data, *tmp;
1614  size_t resultlen, datalen, tmplen;
1615  tree_cell *retc;
1616  int cipher_id;
1617 
1618  cipher_id = get_int_var_by_name (lexic, "hd", -1);
1619  data = get_str_var_by_name (lexic, "data");
1620  datalen = get_var_size_by_name (lexic, "data");
1621 
1622  if (!data || datalen <= 0)
1623  {
1624  nasl_perror (lexic,
1625  "Syntax: %s (called from "
1626  "%s): Missing data argument",
1627  __func__, caller_func);
1628  return NULL;
1629  }
1630 
1631  hd = verify_cipher_id (lexic, cipher_id);
1632  if (hd == NULL)
1633  return NULL;
1634 
1635  if (cipher == GCRY_CIPHER_ARCFOUR)
1636  {
1637  resultlen = datalen;
1638  tmp = g_malloc0 (datalen);
1639  memcpy (tmp, data, datalen);
1640  tmplen = datalen;
1641  }
1642  else
1643  {
1644  nasl_perror (lexic,
1645  "Syntax: %s (called from "
1646  "%s): invalid cipher",
1647  __func__, caller_func);
1648  return NULL;
1649  }
1650  result = g_malloc0 (resultlen);
1651  if ((error = gcry_cipher_encrypt (hd, result, resultlen, tmp, tmplen)))
1652  {
1653  g_message ("gcry_cipher_encrypt: %s", gcry_strerror (error));
1654  delete_cipher_item (cipher_id);
1655  g_free (result);
1656  g_free (tmp);
1657  return NULL;
1658  }
1659 
1660  g_free (tmp);
1661  retc = alloc_typed_cell (CONST_DATA);
1662  retc->x.str_val = result;
1663  retc->size = resultlen;
1664  return retc;
1665 }

References alloc_typed_cell(), CONST_DATA, delete_cipher_item(), get_int_var_by_name(), get_str_var_by_name(), get_var_size_by_name(), cipher_table_item::hd, nasl_perror(), TC::size, TC::str_val, verify_cipher_id(), and TC::x.

Referenced by nasl_rc4_encrypt().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ extract_mpi_from_sexp()

static gcry_mpi_t extract_mpi_from_sexp ( gcry_sexp_t  sexp,
const char *  token 
)
static

Extracts an MPI value from a libgcryt s-expression.

The return value is the cadr of the subexpression whose car is given by token. The function returns NULL if the token doesn't occur in the expression or on other errors.

Definition at line 668 of file nasl_crypto2.c.

669 {
670  gcry_sexp_t child = NULL;
671  gcry_mpi_t mpi = NULL;
672 
673  child = gcry_sexp_find_token (sexp, token, strlen (token));
674  if (!child)
675  {
676  g_message ("set_retc_from_sexp: no subexpression with token <%s>", token);
677  }
678  else
679  {
680  mpi = gcry_sexp_nth_mpi (child, 1, GCRYMPI_FMT_USG);
681  }
682 
683  gcry_sexp_release (child);
684 
685  return mpi;
686 }

Referenced by nasl_dsa_do_sign(), and set_retc_from_sexp().

Here is the caller graph for this function:

◆ find_cipher_hd()

static int find_cipher_hd ( cipher_table_item_t cipher_elem,
int *  id 
)
static

Helper function to find cipher id in the table.

Returns
0 if the cipher id exits/is in used. -1 otherwise.

Definition at line 94 of file nasl_crypto2.c.

95 {
96  if (cipher_elem->id == *id)
97  return 0;
98 
99  return -1;
100 }

References cipher_table_item::id.

Referenced by delete_cipher_item(), get_new_cipher_id(), and verify_cipher_id().

Here is the caller graph for this function:

◆ get_new_cipher_id()

static int get_new_cipher_id ( void  )
static

Helper function to get a free id for a new cipher.

Returns
Id for the new cipher.

Definition at line 108 of file nasl_crypto2.c.

109 {
110  int cipher_id;
111 
112  for (cipher_id = 0; cipher_id < MAX_CIPHER_ID; cipher_id++)
113  {
114  if (g_list_find_custom (cipher_table, &cipher_id,
115  (GCompareFunc) find_cipher_hd)
116  == NULL)
117  return cipher_id;
118  }
119 
120  return -1;
121 }

References cipher_table, find_cipher_hd(), and MAX_CIPHER_ID.

Referenced by nasl_open_stream_cipher().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ mpi_from_named_parameter()

static int mpi_from_named_parameter ( lex_ctxt lexic,
gcry_mpi_t *  dest,
const char *  parameter,
const char *  function 
)
static

Converts a named nasl parameter to a gcry_mpi_t.

The new MPI object is stored in dest. The parameter parameter is the name of the parameter to be taken from lexic. The parameter function is used in error messages to indicate the name of the nasl function.

Returns
0 on success and -1 on failure.

Definition at line 220 of file nasl_crypto2.c.

222 {
223  long size;
224  char *s;
225 
226  s = get_str_var_by_name (lexic, parameter);
227  size = get_var_size_by_name (lexic, parameter);
228 
229  if (!s)
230  return -1;
231 
232  return mpi_from_string (lexic, dest, s, size, parameter, function);
233 }

References get_str_var_by_name(), get_var_size_by_name(), and mpi_from_string().

Referenced by nasl_bn_cmp(), nasl_dh_compute_key(), nasl_dh_generate_key(), nasl_dsa_do_sign(), nasl_dsa_do_verify(), nasl_rsa_private_decrypt(), nasl_rsa_public_decrypt(), and nasl_rsa_public_encrypt().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ mpi_from_string()

static int mpi_from_string ( lex_ctxt lexic,
gcry_mpi_t *  dest,
void *  data,
size_t  len,
const char *  parameter,
const char *  function 
)
static

Converts a string to a gcry_mpi_t.

The string of len bytes at data should contain the MPI as an unsigned int in bigendian form (libgcrypt's GCRYMPI_FMT_USG). The new MPI object is stored in dest. The parameters function and parameter are used in error messages to indicate the nasl function and nasl parameter name of the MPI. The lexic parameter is passed through to the error reporting functions.

The function return 0 on success and -1 on failure.

Definition at line 191 of file nasl_crypto2.c.

193 {
194  gcry_error_t err;
195  unsigned char *buffer = data;
196 
197  err = gcry_mpi_scan (dest, GCRYMPI_FMT_USG, buffer, len, NULL);
198  if (err)
199  {
200  nasl_perror (lexic, "%s(): gcry_mpi_scan failed for %s: %s/%s\n",
201  function, parameter, gcry_strsource (err),
202  gcry_strerror (err));
203  return -1;
204  }
205 
206  return 0;
207 }

References len, and nasl_perror().

Referenced by mpi_from_named_parameter(), nasl_pem_to(), and nasl_sexp_from_privkey().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ nasl_aes128_cbc_encrypt()

tree_cell* nasl_aes128_cbc_encrypt ( lex_ctxt lexic)

Definition at line 1962 of file nasl_crypto2.c.

1963 {
1964  return crypt_data (lexic, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CBC,
1965  NASL_ENCRYPT);
1966 }

References crypt_data(), and NASL_ENCRYPT.

Here is the call graph for this function:

◆ nasl_aes128_ccm_decrypt()

tree_cell* nasl_aes128_ccm_decrypt ( lex_ctxt lexic)

Definition at line 2064 of file nasl_crypto2.c.

2065 {
2066  return crypt_data (lexic, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CCM,
2067  NASL_DECRYPT);
2068 }

References crypt_data(), and NASL_DECRYPT.

Here is the call graph for this function:

◆ nasl_aes128_ccm_decrypt_auth()

tree_cell* nasl_aes128_ccm_decrypt_auth ( lex_ctxt lexic)

Definition at line 2071 of file nasl_crypto2.c.

2072 {
2073  return crypt_data (lexic, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CCM,
2075 }

References crypt_data(), NASL_AAD, and NASL_DECRYPT.

Here is the call graph for this function:

◆ nasl_aes128_ccm_encrypt()

tree_cell* nasl_aes128_ccm_encrypt ( lex_ctxt lexic)

Definition at line 2051 of file nasl_crypto2.c.

2052 {
2053  return crypt_data (lexic, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CCM,
2054  NASL_ENCRYPT);
2055 }

References crypt_data(), and NASL_ENCRYPT.

Here is the call graph for this function:

◆ nasl_aes128_ccm_encrypt_auth()

tree_cell* nasl_aes128_ccm_encrypt_auth ( lex_ctxt lexic)

Definition at line 2058 of file nasl_crypto2.c.

2059 {
2060  return crypt_data (lexic, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CCM, NASL_AAD);
2061 }

References crypt_data(), and NASL_AAD.

Here is the call graph for this function:

◆ nasl_aes128_ctr_encrypt()

tree_cell* nasl_aes128_ctr_encrypt ( lex_ctxt lexic)

Definition at line 1976 of file nasl_crypto2.c.

1977 {
1978  return crypt_data (lexic, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR,
1979  NASL_ENCRYPT);
1980 }

References crypt_data(), and NASL_ENCRYPT.

Here is the call graph for this function:

◆ nasl_aes128_gcm_decrypt()

tree_cell* nasl_aes128_gcm_decrypt ( lex_ctxt lexic)

Definition at line 2010 of file nasl_crypto2.c.

2011 {
2012  return crypt_data (lexic, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_GCM,
2013  NASL_DECRYPT);
2014 }

References crypt_data(), and NASL_DECRYPT.

Here is the call graph for this function:

◆ nasl_aes128_gcm_decrypt_auth()

tree_cell* nasl_aes128_gcm_decrypt_auth ( lex_ctxt lexic)

Definition at line 2017 of file nasl_crypto2.c.

2018 {
2019  return crypt_data (lexic, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_GCM,
2021 }

References crypt_data(), NASL_AAD, and NASL_DECRYPT.

Here is the call graph for this function:

◆ nasl_aes128_gcm_encrypt()

tree_cell* nasl_aes128_gcm_encrypt ( lex_ctxt lexic)

Definition at line 1997 of file nasl_crypto2.c.

1998 {
1999  return crypt_data (lexic, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_GCM,
2000  NASL_ENCRYPT);
2001 }

References crypt_data(), and NASL_ENCRYPT.

Here is the call graph for this function:

◆ nasl_aes128_gcm_encrypt_auth()

tree_cell* nasl_aes128_gcm_encrypt_auth ( lex_ctxt lexic)

Definition at line 2004 of file nasl_crypto2.c.

2005 {
2006  return crypt_data (lexic, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_GCM, NASL_AAD);
2007 }

References crypt_data(), and NASL_AAD.

Here is the call graph for this function:

◆ nasl_aes256_cbc_encrypt()

tree_cell* nasl_aes256_cbc_encrypt ( lex_ctxt lexic)

Definition at line 1969 of file nasl_crypto2.c.

1970 {
1971  return crypt_data (lexic, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC,
1972  NASL_ENCRYPT);
1973 }

References crypt_data(), and NASL_ENCRYPT.

Here is the call graph for this function:

◆ nasl_aes256_ccm_decrypt()

tree_cell* nasl_aes256_ccm_decrypt ( lex_ctxt lexic)

Definition at line 2091 of file nasl_crypto2.c.

2092 {
2093  return crypt_data (lexic, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CCM,
2094  NASL_DECRYPT);
2095 }

References crypt_data(), and NASL_DECRYPT.

Here is the call graph for this function:

◆ nasl_aes256_ccm_decrypt_auth()

tree_cell* nasl_aes256_ccm_decrypt_auth ( lex_ctxt lexic)

Definition at line 2098 of file nasl_crypto2.c.

2099 {
2100  return crypt_data (lexic, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CCM,
2102 }

References crypt_data(), NASL_AAD, and NASL_DECRYPT.

Here is the call graph for this function:

◆ nasl_aes256_ccm_encrypt()

tree_cell* nasl_aes256_ccm_encrypt ( lex_ctxt lexic)

Definition at line 2078 of file nasl_crypto2.c.

2079 {
2080  return crypt_data (lexic, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CCM,
2081  NASL_ENCRYPT);
2082 }

References crypt_data(), and NASL_ENCRYPT.

Here is the call graph for this function:

◆ nasl_aes256_ccm_encrypt_auth()

tree_cell* nasl_aes256_ccm_encrypt_auth ( lex_ctxt lexic)

Definition at line 2085 of file nasl_crypto2.c.

2086 {
2087  return crypt_data (lexic, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CCM, NASL_AAD);
2088 }

References crypt_data(), and NASL_AAD.

Here is the call graph for this function:

◆ nasl_aes256_ctr_encrypt()

tree_cell* nasl_aes256_ctr_encrypt ( lex_ctxt lexic)

Definition at line 1983 of file nasl_crypto2.c.

1984 {
1985  return crypt_data (lexic, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CTR,
1986  NASL_ENCRYPT);
1987 }

References crypt_data(), and NASL_ENCRYPT.

Here is the call graph for this function:

◆ nasl_aes256_gcm_decrypt()

tree_cell* nasl_aes256_gcm_decrypt ( lex_ctxt lexic)

Definition at line 2037 of file nasl_crypto2.c.

2038 {
2039  return crypt_data (lexic, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_GCM,
2040  NASL_DECRYPT);
2041 }

References crypt_data(), and NASL_DECRYPT.

Here is the call graph for this function:

◆ nasl_aes256_gcm_decrypt_auth()

tree_cell* nasl_aes256_gcm_decrypt_auth ( lex_ctxt lexic)

Definition at line 2044 of file nasl_crypto2.c.

2045 {
2046  return crypt_data (lexic, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_GCM,
2048 }

References crypt_data(), NASL_AAD, and NASL_DECRYPT.

Here is the call graph for this function:

◆ nasl_aes256_gcm_encrypt()

tree_cell* nasl_aes256_gcm_encrypt ( lex_ctxt lexic)

Definition at line 2024 of file nasl_crypto2.c.

2025 {
2026  return crypt_data (lexic, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_GCM,
2027  NASL_ENCRYPT);
2028 }

References crypt_data(), and NASL_ENCRYPT.

Here is the call graph for this function:

◆ nasl_aes256_gcm_encrypt_auth()

tree_cell* nasl_aes256_gcm_encrypt_auth ( lex_ctxt lexic)

Definition at line 2031 of file nasl_crypto2.c.

2032 {
2033  return crypt_data (lexic, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_GCM, NASL_AAD);
2034 }

References crypt_data(), and NASL_AAD.

Here is the call graph for this function:

◆ nasl_aes_mac_cbc()

tree_cell* nasl_aes_mac_cbc ( lex_ctxt lexic)

Definition at line 1730 of file nasl_crypto2.c.

1731 {
1732  return nasl_mac (lexic, GCRY_MAC_CMAC_AES, GCRY_MAC_FLAG_SECURE);
1733 }

References nasl_mac().

Here is the call graph for this function:

◆ nasl_aes_mac_gcm()

tree_cell* nasl_aes_mac_gcm ( lex_ctxt lexic)

Definition at line 1736 of file nasl_crypto2.c.

1737 {
1738  return nasl_mac (lexic, GCRY_MAC_GMAC_AES, GCRY_MAC_FLAG_SECURE);
1739 }

References nasl_mac().

Here is the call graph for this function:

◆ nasl_bf_cbc()

static tree_cell* nasl_bf_cbc ( lex_ctxt lexic,
int  enc 
)
static

Implements the nasl functions bf_cbc_encrypt and bf_cbc_decrypt.

Definition at line 1358 of file nasl_crypto2.c.

1359 {
1360  tree_cell *retc = NULL;
1361  char *enckey = NULL, *iv = NULL, *data = NULL, *out = NULL;
1362  long enckeylen, ivlen, datalen;
1363  gcry_cipher_hd_t hd = NULL;
1364  anon_nasl_var v;
1365  nasl_array *a;
1366  gcry_error_t err;
1367 
1368  retc = alloc_typed_cell (CONST_DATA);
1369 
1370  /* key */
1371  enckey = get_str_var_by_name (lexic, "key");
1372  enckeylen = get_var_size_by_name (lexic, "key");
1373 
1374  /* initialization vector */
1375  iv = get_str_var_by_name (lexic, "iv");
1376  ivlen = get_var_size_by_name (lexic, "iv");
1377 
1378  /* data to decrypt/encrypt */
1379  data = get_str_var_by_name (lexic, "data");
1380  datalen = get_var_size_by_name (lexic, "data");
1381 
1382  if (enckey == NULL || data == NULL || iv == NULL)
1383  goto fail;
1384  if (enckeylen < 16)
1385  {
1386  /* key length must be at least 16 for compatibility with libnasl
1387  * code from before the OpenSSL -> GnuTLS migration */
1388  nasl_perror (lexic,
1389  "nasl_bf_cbc: unexpected enckeylen = %d; must be >= 16\n",
1390  enckeylen);
1391  goto fail;
1392  }
1393  if (ivlen < 8)
1394  {
1395  nasl_perror (lexic, "nasl_bf_cbc: unexpected ivlen = %d; must >= 8\n",
1396  ivlen);
1397  goto fail;
1398  }
1399  if (datalen < 8)
1400  {
1401  nasl_perror (lexic, "nasl_bf_cbc: unexpected datalen = %d; must >= 8\n",
1402  datalen);
1403  goto fail;
1404  }
1405 
1406  err = gcry_cipher_open (&hd, GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_CBC, 0);
1407  if (err)
1408  {
1409  print_gcrypt_error (lexic, "gcry_cipher_open", err);
1410  goto fail;
1411  }
1412 
1413  /* Always pass 16 as the length of enckey. The old OpenSSL based code
1414  * did this explicitly. The length cannot be < 16 at this point
1415  * because we checked for this case above. */
1416  err = gcry_cipher_setkey (hd, enckey, 16);
1417  if (err)
1418  {
1419  print_gcrypt_error (lexic, "gcry_cipher_setkey", err);
1420  goto fail;
1421  }
1422  /* Always pass 8 as the length of iv. The old OpenSSL based code did
1423  * this implicitly. The length cannot be < 8 at this point because we
1424  * checked for this case above. */
1425  err = gcry_cipher_setiv (hd, iv, 8);
1426  if (err)
1427  {
1428  print_gcrypt_error (lexic, "gcry_cipher_setiv", err);
1429  goto fail;
1430  }
1431 
1432  out = g_malloc0 (datalen);
1433  if (!out)
1434  goto fail;
1435 
1436  if (enc)
1437  err = gcry_cipher_encrypt (hd, out, datalen, data, datalen);
1438  else
1439  err = gcry_cipher_decrypt (hd, out, datalen, data, datalen);
1440  if (err)
1441  {
1442  print_gcrypt_error (lexic, "gcry_cipher_encrypt", err);
1443  goto fail;
1444  }
1445 
1446  retc->type = DYN_ARRAY;
1447  retc->x.ref_val = a = g_malloc0 (sizeof (nasl_array));
1448 
1449  /* first encrypted */
1450  v.var_type = VAR2_DATA;
1451  v.v.v_str.s_siz = datalen;
1452  v.v.v_str.s_val = (unsigned char *) out;
1453  (void) add_var_to_list (a, 0, &v);
1454 
1455  /* second iv */
1456  /* the iv to use to for the next part of the data is always the last
1457  * eight bytes of the cipher text. When encrypting the cipher text is
1458  * in out when decrypting it's in data.
1459  */
1460  v.var_type = VAR2_DATA;
1461  v.v.v_str.s_siz = 8;
1462  v.v.v_str.s_val = (unsigned char *) ((enc ? out : data) + datalen - 8);
1463  (void) add_var_to_list (a, 1, &v);
1464 
1465  goto ret;
1466 
1467 fail:
1468  retc->type = CONST_DATA;
1469  retc->x.str_val = g_malloc0 (1);
1470  retc->size = 0;
1471 
1472 ret:
1473  g_free (out);
1474  gcry_cipher_close (hd);
1475 
1476  return retc;
1477 }

References add_var_to_list(), alloc_typed_cell(), CONST_DATA, DYN_ARRAY, get_str_var_by_name(), get_var_size_by_name(), cipher_table_item::hd, nasl_perror(), print_gcrypt_error(), TC::ref_val, st_nasl_string::s_siz, st_nasl_string::s_val, TC::size, TC::str_val, TC::type, st_a_nasl_var::v, st_a_nasl_var::v_str, VAR2_DATA, st_a_nasl_var::var_type, and TC::x.

Referenced by nasl_bf_cbc_decrypt(), and nasl_bf_cbc_encrypt().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ nasl_bf_cbc_decrypt()

tree_cell* nasl_bf_cbc_decrypt ( lex_ctxt lexic)

nasl function

bf_cbc_decrypt(key:key, iv:iv, data:data)

Decrypt the cipher text data using the blowfish algorithm in CBC mode with the key key and the initialization vector iv. The key must be 16 bytes long. The iv must be at least 8 bytes long. data must be a multiple of 8 bytes long.

The return value is an array a with a[0] being the plaintext data and a[1] the new initialization vector to use for the next part of the data.

Definition at line 1514 of file nasl_crypto2.c.

1515 {
1516  return nasl_bf_cbc (lexic, 0);
1517 }

References nasl_bf_cbc().

Here is the call graph for this function:

◆ nasl_bf_cbc_encrypt()

tree_cell* nasl_bf_cbc_encrypt ( lex_ctxt lexic)

nasl function

bf_cbc_encrypt(key:key, iv:iv, data:data)

Encrypt the plaintext data using the blowfish algorithm in CBC mode with the key key and the initialization vector iv. The key must be 16 bytes long. The iv must be at least 8 bytes long. data must be a multiple of 8 bytes long.

The return value is an array a with a[0] being the encrypted data and a[1] the new initialization vector to use for the next part of the data.

Definition at line 1494 of file nasl_crypto2.c.

1495 {
1496  return nasl_bf_cbc (lexic, 1);
1497 }

References nasl_bf_cbc().

Here is the call graph for this function:

◆ nasl_bn_cmp()

tree_cell* nasl_bn_cmp ( lex_ctxt lexic)

nasl function

bn_cmp(key1:MPI1, key2:MPI2)

Compares the MPIs key1 and key2 (given as binary strings). Returns -1 if key1 < key2, 0 if key1 == key2 and +1 if key1 > key2.

Definition at line 281 of file nasl_crypto2.c.

282 {
283  tree_cell *retc = NULL;
284  gcry_mpi_t key1 = NULL, key2 = NULL;
285 
286  retc = g_malloc0 (sizeof (tree_cell));
287  retc->ref_count = 1;
288  retc->type = CONST_INT;
289  retc->x.i_val = 1;
290 
291  if (mpi_from_named_parameter (lexic, &key1, "key1", "nasl_bn_cmp") < 0)
292  goto fail;
293  if (mpi_from_named_parameter (lexic, &key2, "key2", "nasl_bn_cmp") < 0)
294  goto fail;
295 
296  retc->x.i_val = gcry_mpi_cmp (key1, key2);
297 
298  /* make sure the return value is one of -1, 0, +1 */
299  if (retc->x.i_val > 0)
300  retc->x.i_val = 1;
301  if (retc->x.i_val < 0)
302  retc->x.i_val = -1;
303 
304 fail:
305  gcry_mpi_release (key1);
306  gcry_mpi_release (key2);
307  return retc;
308 }

References CONST_INT, TC::i_val, mpi_from_named_parameter(), TC::ref_count, TC::type, and TC::x.

Here is the call graph for this function:

◆ nasl_bn_random()

tree_cell* nasl_bn_random ( lex_ctxt lexic)

nasl function

bn_random(need:numBits)

Returns
An MPI as a string with need bits of random data.

Definition at line 318 of file nasl_crypto2.c.

319 {
320  tree_cell *retc = NULL;
321  gcry_mpi_t key = NULL;
322  long need;
323 
324  retc = alloc_typed_cell (CONST_DATA);
325 
326  /* number of random bits */
327  need = get_int_var_by_name (lexic, "need", 0);
328 
329  key = gcry_mpi_new (0);
330  if (!key)
331  goto fail;
332 
333  gcry_mpi_randomize (key, need, GCRY_STRONG_RANDOM);
334 
335  if (set_mpi_retc (retc, key) >= 0)
336  goto ret;
337 
338 fail:
339  retc->size = 0;
340  retc->x.str_val = g_malloc0 (1);
341 ret:
342  gcry_mpi_release (key);
343  return retc;
344 }

References alloc_typed_cell(), CONST_DATA, get_int_var_by_name(), set_mpi_retc(), TC::size, TC::str_val, and TC::x.

Here is the call graph for this function:

◆ nasl_close_stream_cipher()

tree_cell* nasl_close_stream_cipher ( lex_ctxt lexic)

Nasl function to delete a cipher item from the cipher table.

Parameters
[in]cipher_idThe cipher id to close
Returns
Returns zero on success. Otherwise NULL.

Definition at line 1675 of file nasl_crypto2.c.

1676 {
1677  tree_cell *retc;
1678  int cipher_id;
1679  gcry_cipher_hd_t hd;
1680 
1681  cipher_id = get_int_var_by_name (lexic, "hd", 0);
1682 
1683  hd = verify_cipher_id (lexic, cipher_id);
1684  if (hd == NULL)
1685  return NULL;
1686 
1687  delete_cipher_item (cipher_id);
1688  retc = alloc_typed_cell (CONST_INT);
1689  retc->x.i_val = 0;
1690  return retc;
1691 }

References alloc_typed_cell(), CONST_INT, delete_cipher_item(), get_int_var_by_name(), cipher_table_item::hd, TC::i_val, verify_cipher_id(), and TC::x.

Here is the call graph for this function:

◆ nasl_des_ede_cbc_encrypt()

tree_cell* nasl_des_ede_cbc_encrypt ( lex_ctxt lexic)

Definition at line 1990 of file nasl_crypto2.c.

1991 {
1992  return crypt_data (lexic, GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC,
1993  NASL_ENCRYPT);
1994 }

References crypt_data(), and NASL_ENCRYPT.

Here is the call graph for this function:

◆ nasl_dh_compute_key()

tree_cell* nasl_dh_compute_key ( lex_ctxt lexic)

nasl function

dh_compute_key(p:mpi_p, g:mpi_g, dh_server_pub:mpi_server_pub, pub_key:mpi_client_pub, priv_key:mpi_client_priv)

Computes the Diffie-Hellman shared secret key from the shared parameters p and g, the server's public key dh_server_pub and the client's public and private keys pub_key an priv_key. The return value is the shared secret key as an MPI.

Definition at line 615 of file nasl_crypto2.c.

616 {
617  tree_cell *retc = NULL;
618  gcry_mpi_t p = NULL, g = NULL, dh_server_pub = NULL;
619  gcry_mpi_t pub_key = NULL, priv_key = NULL;
620  gcry_mpi_t shared = NULL;
621 
622  retc = alloc_typed_cell (CONST_DATA);
623 
624  if (mpi_from_named_parameter (lexic, &p, "p", "nasl_dh_compute_key") < 0)
625  goto fail;
626  if (mpi_from_named_parameter (lexic, &g, "g", "nasl_dh_compute_key") < 0)
627  goto fail;
628  if (mpi_from_named_parameter (lexic, &dh_server_pub, "dh_server_pub",
629  "nasl_dh_compute_key")
630  < 0)
631  goto fail;
632  if (mpi_from_named_parameter (lexic, &pub_key, "pub_key",
633  "nasl_dh_compute_key")
634  < 0)
635  goto fail;
636  if (mpi_from_named_parameter (lexic, &priv_key, "priv_key",
637  "nasl_dh_compute_key")
638  < 0)
639  goto fail;
640 
641  shared = calc_dh_key (dh_server_pub, p, priv_key);
642 
643  if (set_mpi_retc (retc, shared) >= 0)
644  goto ret;
645 
646 fail:
647  retc->size = 0;
648  retc->x.str_val = g_malloc0 (1);
649 ret:
650  gcry_mpi_release (p);
651  gcry_mpi_release (g);
652  gcry_mpi_release (dh_server_pub);
653  gcry_mpi_release (priv_key);
654  gcry_mpi_release (pub_key);
655  gcry_mpi_release (shared);
656  return retc;
657 }

References alloc_typed_cell(), calc_dh_key(), CONST_DATA, mpi_from_named_parameter(), set_mpi_retc(), TC::size, TC::str_val, and TC::x.

Here is the call graph for this function:

◆ nasl_dh_generate_key()

tree_cell* nasl_dh_generate_key ( lex_ctxt lexic)

nasl function

dh_generate_key(p:mpi_p, g:mpi_g, priv:mpi_priv)

Generates a Diffie-Hellman public key from the shared parameters p and g and the private parameter priv. The return value is the public key as an MPI.

Definition at line 570 of file nasl_crypto2.c.

571 {
572  tree_cell *retc = NULL;
573  gcry_mpi_t p = NULL, g = NULL, priv = NULL, pub_mpi = NULL;
574 
575  retc = alloc_typed_cell (CONST_DATA);
576 
577  if (mpi_from_named_parameter (lexic, &p, "p", "nasl_dh_generate_key") < 0)
578  goto fail;
579  if (mpi_from_named_parameter (lexic, &g, "g", "nasl_dh_generate_key") < 0)
580  goto fail;
581  if (mpi_from_named_parameter (lexic, &priv, "priv", "nasl_dh_generate_key")
582  < 0)
583  goto fail;
584 
585  pub_mpi = calc_dh_public (g, p, priv);
586  if (pub_mpi == NULL)
587  goto fail;
588 
589  if (set_mpi_retc (retc, pub_mpi) >= 0)
590  goto ret;
591 
592 fail:
593  retc->x.str_val = g_malloc0 (1);
594  retc->size = 0;
595 ret:
596  gcry_mpi_release (p);
597  gcry_mpi_release (g);
598  gcry_mpi_release (priv);
599  gcry_mpi_release (pub_mpi);
600  return retc;
601 }

References alloc_typed_cell(), calc_dh_public(), CONST_DATA, mpi_from_named_parameter(), set_mpi_retc(), TC::size, TC::str_val, and TC::x.

Here is the call graph for this function:

◆ nasl_dsa_do_sign()

tree_cell* nasl_dsa_do_sign ( lex_ctxt lexic)

nasl function

dsa_do_sign(p:mpi_p, g:mpi_g, q:mpi_q, pub:mpi_pub, priv:mpi_priv, data:hash)

Computes the DSA signature of the hash in data using the private DSA key given by p, g, q, pub and priv. The return value is a 40 byte string encoding the two MPIs r and s of the DSA signature. The first 20 bytes are the value of r and the last 20 bytes are the value of s.

Definition at line 1247 of file nasl_crypto2.c.

1248 {
1249  tree_cell *retc = NULL;
1250  gcry_mpi_t p = NULL, g = NULL, q = NULL, pub = NULL, priv = NULL, data = NULL;
1251  gcry_mpi_t r = NULL, s = NULL;
1252  gcry_sexp_t ssig = NULL, skey = NULL, sdata = NULL;
1253  long rlen, slen;
1254  unsigned char *sigblob = NULL;
1255  gcry_error_t err;
1256 
1257  retc = g_malloc0 (sizeof (tree_cell));
1258  retc->ref_count = 1;
1259  retc->type = CONST_DATA;
1260  retc->x.i_val = 0;
1261 
1262  if (mpi_from_named_parameter (lexic, &p, "p", "nasl_dsa_do_sign") < 0)
1263  goto fail;
1264  if (mpi_from_named_parameter (lexic, &g, "g", "nasl_dsa_do_sign") < 0)
1265  goto fail;
1266  if (mpi_from_named_parameter (lexic, &q, "q", "nasl_dsa_do_sign") < 0)
1267  goto fail;
1268  if (mpi_from_named_parameter (lexic, &pub, "pub", "nasl_dsa_do_sign") < 0)
1269  goto fail;
1270  if (mpi_from_named_parameter (lexic, &priv, "priv", "nasl_dsa_do_sign") < 0)
1271  goto fail;
1272  if (mpi_from_named_parameter (lexic, &data, "data", "nasl_dsa_do_sign") < 0)
1273  goto fail;
1274 
1275  err = gcry_sexp_build (&sdata, NULL, "(data (flags raw) (value %m))", data);
1276  if (err)
1277  {
1278  print_gcrypt_error (lexic, "gcry_sexp_build for data", err);
1279  goto fail;
1280  }
1281 
1282  err = gcry_sexp_build (
1283  &skey, NULL, "(private-key (dsa (p %m) (q %m) (g %m) (y %m) (x %m)))", p, q,
1284  g, pub, priv);
1285  if (err)
1286  {
1287  print_gcrypt_error (lexic, "gcry_sexp_build for private-key", err);
1288  goto fail;
1289  }
1290 
1291  err = gcry_pk_sign (&ssig, sdata, skey);
1292  if (err)
1293  {
1294  print_gcrypt_error (lexic, "gcry_pk_sign", err);
1295  goto fail;
1296  }
1297 
1298  r = extract_mpi_from_sexp (ssig, "r");
1299  s = extract_mpi_from_sexp (ssig, "s");
1300  if (!r || !s)
1301  goto fail;
1302 
1303  rlen = (gcry_mpi_get_nbits (r) + 7) / 8;
1304  slen = (gcry_mpi_get_nbits (s) + 7) / 8;
1305  if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN)
1306  {
1307  nasl_perror (lexic, "rlen (%d) or slen (%d) > INTBLOB_LEN (%d)\n", rlen,
1308  slen, INTBLOB_LEN);
1309  goto fail;
1310  }
1311 
1312  sigblob = g_malloc0 (SIGBLOB_LEN);
1313  memset (sigblob, 0, SIGBLOB_LEN);
1314 
1315  err = gcry_mpi_print (
1316  GCRYMPI_FMT_USG,
1317  (unsigned char *) (sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen), rlen, NULL,
1318  r);
1319  if (err)
1320  {
1321  print_gcrypt_error (lexic, "gcry_mpi_print(r)", err);
1322  goto fail;
1323  }
1324  err = gcry_mpi_print (GCRYMPI_FMT_USG,
1325  (unsigned char *) (sigblob + SIGBLOB_LEN - slen), rlen,
1326  NULL, s);
1327  if (err)
1328  {
1329  print_gcrypt_error (lexic, "gcry_mpi_print(s)", err);
1330  goto fail;
1331  }
1332 
1333  retc->x.str_val = (char *) sigblob;
1334  sigblob = NULL;
1335  retc->size = SIGBLOB_LEN;
1336 
1337 fail:
1338  gcry_mpi_release (p);
1339  gcry_mpi_release (g);
1340  gcry_mpi_release (q);
1341  gcry_mpi_release (pub);
1342  gcry_mpi_release (priv);
1343  gcry_mpi_release (data);
1344  gcry_mpi_release (r);
1345  gcry_mpi_release (s);
1346  gcry_sexp_release (ssig);
1347  gcry_sexp_release (skey);
1348  gcry_sexp_release (sdata);
1349  g_free (sigblob);
1350 
1351  return retc;
1352 }

References CONST_DATA, extract_mpi_from_sexp(), TC::i_val, INTBLOB_LEN, mpi_from_named_parameter(), nasl_perror(), print_gcrypt_error(), TC::ref_count, SIGBLOB_LEN, TC::size, TC::str_val, TC::type, and TC::x.

Here is the call graph for this function:

◆ nasl_dsa_do_verify()

tree_cell* nasl_dsa_do_verify ( lex_ctxt lexic)

nasl function

dsa_do_verify(p:mpi_p, g:mpi_g, q:mpi_q, pub:mpi_pub, r:mpi_r, s:mpi_s, data:hash)

Verify that the DSA signature given by r and s matches the hash given in data using the public DSA key given by p, g, q and pub. Returns 1 if the signature is valid and 0 if it's invalid.

Definition at line 1158 of file nasl_crypto2.c.

1159 {
1160  tree_cell *retc = NULL;
1161  gcry_mpi_t p = NULL, g = NULL, q = NULL, pub = NULL, data = NULL;
1162  gcry_mpi_t r = NULL, s = NULL;
1163  gcry_sexp_t ssig = NULL, skey = NULL, sdata = NULL;
1164  gcry_error_t err;
1165 
1166  retc = g_malloc0 (sizeof (tree_cell));
1167  retc->ref_count = 1;
1168  retc->type = CONST_INT;
1169  retc->x.i_val = 0;
1170 
1171  if (mpi_from_named_parameter (lexic, &p, "p", "nasl_dsa_do_sign") < 0)
1172  goto fail;
1173  if (mpi_from_named_parameter (lexic, &g, "g", "nasl_dsa_do_sign") < 0)
1174  goto fail;
1175  if (mpi_from_named_parameter (lexic, &q, "q", "nasl_dsa_do_sign") < 0)
1176  goto fail;
1177  if (mpi_from_named_parameter (lexic, &pub, "pub", "nasl_dsa_do_sign") < 0)
1178  goto fail;
1179  if (mpi_from_named_parameter (lexic, &r, "r", "nasl_dsa_do_sign") < 0)
1180  goto fail;
1181  if (mpi_from_named_parameter (lexic, &s, "s", "nasl_dsa_do_sign") < 0)
1182  goto fail;
1183  if (mpi_from_named_parameter (lexic, &data, "data", "nasl_dsa_do_sign") < 0)
1184  goto fail;
1185 
1186  err = gcry_sexp_build (&sdata, NULL, "(data (flags raw) (value %m))", data);
1187  if (err)
1188  {
1189  print_gcrypt_error (lexic, "gcry_sexp_build for data", err);
1190  goto fail;
1191  }
1192 
1193  err = gcry_sexp_build (&skey, NULL,
1194  "(public-key (dsa (p %m) (q %m) (g %m) (y %m)))", p, q,
1195  g, pub);
1196  if (err)
1197  {
1198  print_gcrypt_error (lexic, "gcry_sexp_build for private key", err);
1199  goto fail;
1200  }
1201 
1202  err = gcry_sexp_build (&ssig, NULL, "(sig-val (dsa (r %m) (s %m)))", r, s);
1203  if (err)
1204  {
1205  print_gcrypt_error (lexic, "gcry_sexp_build for signature", err);
1206  goto fail;
1207  }
1208 
1209  err = gcry_pk_verify (ssig, sdata, skey);
1210  if (err == 0)
1211  retc->x.i_val = 1;
1212  else if (gcry_err_code (err) == GPG_ERR_BAD_SIGNATURE)
1213  retc->x.i_val = 0;
1214  else
1215  {
1216  print_gcrypt_error (lexic, "gcry_pk_sign", err);
1217  goto fail;
1218  }
1219 
1220 fail:
1221  gcry_mpi_release (p);
1222  gcry_mpi_release (g);
1223  gcry_mpi_release (q);
1224  gcry_mpi_release (pub);
1225  gcry_mpi_release (r);
1226  gcry_mpi_release (s);
1227  gcry_mpi_release (data);
1228  gcry_sexp_release (ssig);
1229  gcry_sexp_release (skey);
1230  gcry_sexp_release (sdata);
1231 
1232  return retc;
1233 }

References CONST_INT, TC::i_val, mpi_from_named_parameter(), print_gcrypt_error(), TC::ref_count, TC::type, and TC::x.

Here is the call graph for this function:

◆ nasl_load_privkey_param()

static gnutls_x509_privkey_t nasl_load_privkey_param ( lex_ctxt lexic,
const char *  priv_name,
const char *  passphrase_name 
)
static

Loads a private key from a string.

The string is taken from the nasl parameter whose name is given by priv_name. The passphrase_name is the name of the parameter holding the passphrase if any. The string with the key must be in PEM format.

Returns
The GnuTLS private key object on success, NULL on failure.

Definition at line 357 of file nasl_crypto2.c.

359 {
360  char *priv = NULL, *passphrase = NULL;
361  long privlen;
362  gnutls_x509_privkey_t privkey = NULL;
363  gnutls_datum_t pem;
364  int err;
365 
366  /* PEM encoded privkey */
367  priv = get_str_var_by_name (lexic, priv_name);
368  privlen = get_var_size_by_name (lexic, priv_name);
369 
370  /* passphrase */
371  passphrase = get_str_var_by_name (lexic, passphrase_name);
372  pem.data = (unsigned char *) priv;
373  pem.size = privlen;
374 
375  err = gnutls_x509_privkey_init (&privkey);
376  if (err)
377  {
378  print_tls_error (lexic, "gnutls_x509_privkey_init", err);
379  goto fail;
380  }
381 
382  if (passphrase && !*passphrase)
383  passphrase = NULL;
384  err =
385  gnutls_x509_privkey_import2 (privkey, &pem, GNUTLS_X509_FMT_PEM, passphrase,
386  passphrase ? 0 : GNUTLS_PKCS_PLAIN);
387  if (err)
388  {
389  print_tls_error (lexic, "gnutls_x509_privkey_import_pkcs8", err);
390  goto fail;
391  }
392  return privkey;
393 
394 fail:
395  gnutls_x509_privkey_deinit (privkey);
396  return NULL;
397 }

References get_str_var_by_name(), get_var_size_by_name(), and print_tls_error().

Referenced by nasl_pem_to(), and nasl_rsa_sign().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ nasl_mac()

static tree_cell* nasl_mac ( lex_ctxt lexic,
int  algo,
int  flags 
)
static

Definition at line 1694 of file nasl_crypto2.c.

1695 {
1696  gcry_error_t error;
1697 
1698  char *data, *key, *iv;
1699  char *result = NULL;
1700  size_t datalen, keylen, ivlen, resultlen;
1701  tree_cell *retc = NULL;
1702 
1703  data = get_str_var_by_name (lexic, "data");
1704  datalen = get_var_size_by_name (lexic, "data");
1705  key = get_str_var_by_name (lexic, "key");
1706  keylen = get_var_size_by_name (lexic, "key");
1707  iv = get_str_var_by_name (lexic, "iv");
1708  ivlen = get_var_size_by_name (lexic, "iv");
1709 
1710  switch ((error = mac (key, keylen, data, datalen, iv, ivlen, algo, flags,
1711  &result, &resultlen)))
1712  {
1713  case GPG_ERR_NO_ERROR:
1714  retc = alloc_typed_cell (CONST_DATA);
1715  retc->x.str_val = result;
1716  retc->size = resultlen;
1717  break;
1718  case GPG_ERR_MISSING_KEY:
1719  case GPG_ERR_MISSING_VALUE:
1720  nasl_perror (lexic, "Syntax: nasl_mac: Missing key, or data argument");
1721  break;
1722  default:
1723  nasl_perror (lexic, "Internal: %s.", gcry_strerror (error));
1724  }
1725 
1726  return retc;
1727 }

References alloc_typed_cell(), CONST_DATA, get_str_var_by_name(), get_var_size_by_name(), mac(), nasl_perror(), TC::size, TC::str_val, and TC::x.

Referenced by nasl_aes_mac_cbc(), and nasl_aes_mac_gcm().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ nasl_open_rc4_cipher()

tree_cell* nasl_open_rc4_cipher ( lex_ctxt lexic)

Nasl function to open RC4 cipher to encrypt a stream of data. The handler can be used to encrypt stream data. Open cipher must be close with close_stream_cipher() when it is not useful anymore.

Returns
Returns the id of the cipher handler encrypted data on success. Otherwise NULL.

Definition at line 1955 of file nasl_crypto2.c.

1956 {
1957  return nasl_open_stream_cipher (lexic, GCRY_CIPHER_ARCFOUR,
1958  GCRY_CIPHER_MODE_STREAM, "open_rc4_cipher");
1959 }

References nasl_open_stream_cipher().

Here is the call graph for this function:

◆ nasl_open_stream_cipher()

static tree_cell* nasl_open_stream_cipher ( lex_ctxt lexic,
int  cipher,
int  mode,
const char *  caller_func 
)
static

Open a stream cipher. This function creates a context handle and stores it in a cipher table. Open cipher must be deleted with delete_cipher_item() at the end of the stream encryption.

Parameters
[in]cipherThe cipher algorithm.
[in]modeThe cipher mode. Must be compatible with the algorithm.
[in]caller_funcName of the caller function to be logged in case of error.
Returns
Returns the ID of the cipher handler on success. Otherwise NULL.

Definition at line 1531 of file nasl_crypto2.c.

1533 {
1534  gcry_cipher_hd_t hd;
1535  gcry_error_t error;
1536  void *key, *iv;
1537  size_t keylen, ivlen;
1538  tree_cell *retc;
1539  cipher_table_item_t *hd_item;
1540  int cipher_id;
1541 
1542  key = get_str_var_by_name (lexic, "key");
1543  keylen = get_var_size_by_name (lexic, "key");
1544  iv = get_str_var_by_name (lexic, "iv");
1545  ivlen = get_var_size_by_name (lexic, "iv");
1546 
1547  if (!key || keylen <= 0)
1548  {
1549  nasl_perror (lexic,
1550  "Syntax: open_stream_cipher (called from "
1551  "%s): Missing key argument",
1552  caller_func);
1553  return NULL;
1554  }
1555 
1556  if ((error = gcry_cipher_open (&hd, cipher, mode, 0)))
1557  {
1558  nasl_perror (lexic, "gcry_cipher_open: %s", gcry_strerror (error));
1559  gcry_cipher_close (hd);
1560  return NULL;
1561  }
1562  if ((error = gcry_cipher_setkey (hd, key, keylen)))
1563  {
1564  nasl_perror (lexic, "gcry_cipher_setkey: %s", gcry_strerror (error));
1565  gcry_cipher_close (hd);
1566  return NULL;
1567  }
1568 
1569  if (iv && ivlen)
1570  {
1571  if ((error = gcry_cipher_setiv (hd, iv, ivlen)))
1572  {
1573  nasl_perror (lexic, "gcry_cipher_setiv: %s", gcry_strerror (error));
1574  gcry_cipher_close (hd);
1575  return NULL;
1576  }
1577  }
1578 
1579  cipher_id = get_new_cipher_id ();
1580  if (cipher_id == -1)
1581  {
1582  nasl_perror (lexic, "%s: No available slot for a new cipher.", __func__);
1583  gcry_cipher_close (hd);
1584  return NULL;
1585  }
1586 
1587  hd_item = cipher_table_item_new ();
1588  hd_item->hd = hd;
1589  hd_item->id = cipher_id;
1590  cipher_table = g_list_append (cipher_table, hd_item);
1591 
1592  retc = alloc_typed_cell (CONST_INT);
1593  retc->x.i_val = hd_item->id;
1594  return retc;
1595 }

References alloc_typed_cell(), cipher_table, cipher_table_item_new(), CONST_INT, get_new_cipher_id(), get_str_var_by_name(), get_var_size_by_name(), cipher_table_item::hd, TC::i_val, cipher_table_item::id, nasl_perror(), and TC::x.

Referenced by nasl_open_rc4_cipher().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ nasl_pem_to()

static tree_cell* nasl_pem_to ( lex_ctxt lexic,
int  type 
)
static

Implements the nasl functions pem_to_rsa and pem_to_dsa.

Definition at line 403 of file nasl_crypto2.c.

404 {
405  tree_cell *retc = NULL;
406  gnutls_x509_privkey_t privkey = NULL;
407  gcry_mpi_t key = NULL;
408  int err;
409 
410  retc = alloc_typed_cell (CONST_DATA);
411 
412  privkey = nasl_load_privkey_param (lexic, "priv", "passphrase");
413  if (!privkey)
414  goto fail;
415 
416  if (!type)
417  {
418  gnutls_datum_t m, e, d, p, q, u;
419  err =
420  gnutls_x509_privkey_export_rsa_raw (privkey, &m, &e, &d, &p, &q, &u);
421  if (err)
422  {
423  print_tls_error (lexic, "gnutls_x509_privkey_export_rsa_raw", err);
424  goto fail;
425  }
426 
427  err =
428  mpi_from_string (lexic, &key, d.data, d.size, "rsa d", "nasl_pem_to");
429  gnutls_free (m.data);
430  gnutls_free (e.data);
431  gnutls_free (d.data);
432  gnutls_free (p.data);
433  gnutls_free (q.data);
434  gnutls_free (u.data);
435 
436  if (err < 0)
437  goto fail;
438  }
439  else
440  {
441  gnutls_datum_t p, q, g, y, x;
442  err = gnutls_x509_privkey_export_dsa_raw (privkey, &p, &q, &g, &y, &x);
443  if (err)
444  {
445  print_tls_error (lexic, "gnutls_x509_privkey_export_dsa_raw", err);
446  goto fail;
447  }
448 
449  err =
450  mpi_from_string (lexic, &key, x.data, x.size, "dsa x", "nasl_pem_to");
451 
452  gnutls_free (p.data);
453  gnutls_free (q.data);
454  gnutls_free (g.data);
455  gnutls_free (y.data);
456  gnutls_free (x.data);
457 
458  if (err < 0)
459  goto fail;
460  }
461 
462  if (set_mpi_retc (retc, key) >= 0)
463  goto ret;
464 
465 fail:
466  retc->size = 0;
467  retc->x.str_val = g_malloc0 (1);
468 ret:
469  gcry_mpi_release (key);
470  gnutls_x509_privkey_deinit (privkey);
471  return retc;
472 }

References alloc_typed_cell(), CONST_DATA, mpi_from_string(), nasl_load_privkey_param(), print_tls_error(), set_mpi_retc(), TC::size, TC::str_val, and TC::x.

Referenced by nasl_pem_to_dsa(), and nasl_pem_to_rsa().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ nasl_pem_to_dsa()

tree_cell* nasl_pem_to_dsa ( lex_ctxt lexic)

nasl function

pem_to_dsa(priv:PEM, passphrase:PASSPHRASE)

Reads the private key from the string priv which contains a private DSA key in PEM format. Passphrase is the passphrase needed to decrypt the private key. The function returns the parameter "x" of the DSA key as an MPI.

Definition at line 501 of file nasl_crypto2.c.

502 {
503  return nasl_pem_to (lexic, 1);
504 }

References nasl_pem_to().

Here is the call graph for this function:

◆ nasl_pem_to_rsa()

tree_cell* nasl_pem_to_rsa ( lex_ctxt lexic)

nasl function

pem_to_rsa(priv:PEM, passphrase:PASSPHRASE)

Reads the private key from the string priv which contains a private RSA key in PEM format. Passphrase is the passphrase needed to decrypt the private key. The function returns the parameter "d" of the RSA key as an MPI.

Definition at line 485 of file nasl_crypto2.c.

486 {
487  return nasl_pem_to (lexic, 0);
488 }

References nasl_pem_to().

Here is the call graph for this function:

◆ nasl_rc4_encrypt()

tree_cell* nasl_rc4_encrypt ( lex_ctxt lexic)

Nasl function to encrypt data with a RC4 cipher. If an hd param exist in the lexix context, it will use this handler to encrypt the data as part of a stream data. e.g.: rc4_encrypt(data: data, hd: hd)

Otherwise encrypts the data as block and the key is mandatory: e.g.: rc4_encrypt(data: data, key: key)

Returns
Returns the encrypted data on success. Otherwise NULL.

Definition at line 1928 of file nasl_crypto2.c.

1929 {
1930  int cipher_id;
1931  gcry_cipher_hd_t hd;
1932  cipher_id = get_int_var_by_name (lexic, "hd", -1);
1933 
1934  if (cipher_id >= 0)
1935  {
1936  hd = verify_cipher_id (lexic, cipher_id);
1937  if (hd == NULL)
1938  return NULL;
1939  return encrypt_stream_data (lexic, GCRY_CIPHER_ARCFOUR, "rc4_encrypt");
1940  }
1941 
1942  return crypt_data (lexic, GCRY_CIPHER_ARCFOUR, GCRY_CIPHER_MODE_STREAM,
1943  NASL_ENCRYPT);
1944 }

References crypt_data(), encrypt_stream_data(), get_int_var_by_name(), cipher_table_item::hd, NASL_ENCRYPT, and verify_cipher_id().

Here is the call graph for this function:

◆ nasl_rsa_private_decrypt()

tree_cell* nasl_rsa_private_decrypt ( lex_ctxt lexic)

nasl function

rsa_private_decrypt(data:data, d:mpi_d, e:mpi_e, n:mpi_n, pad:<TRUE:FALSE>)

Decrypt the provided data with the private RSA key given by its parameters d, e and n. The return value is the decrypted data in plaintext format.

TODO: In future releases, string support for padding should be removed

Definition at line 858 of file nasl_crypto2.c.

859 {
860  tree_cell *retc = NULL;
861  gcry_mpi_t e = NULL, n = NULL, d = NULL, dt = NULL;
862  gcry_sexp_t key = NULL, data = NULL, decrypted = NULL;
863  gcry_error_t err;
864  int type = get_var_type_by_name (lexic, "pad");
865  int pad = 0;
866 
867  if (type == VAR2_INT)
868  pad = get_int_var_by_name (lexic, "pad", 0);
870  else if (type == VAR2_STRING)
871  {
872  if (!strcmp (get_str_var_by_name (lexic, "pad"), "TRUE"))
873  pad = 1;
874  }
875  else
876  {
877  nasl_perror (lexic, "Syntax : rsa_public_encrypt(data:<d>,"
878  "n:<n>, e:<e>, pad:<TRUE:FALSE>)");
879  return NULL;
880  }
881 
882  retc = alloc_typed_cell (CONST_DATA);
883 
884  if (mpi_from_named_parameter (lexic, &dt, "data", "nasl_rsa_private_decrypt")
885  < 0)
886  goto fail;
887  if (mpi_from_named_parameter (lexic, &e, "e", "nasl_rsa_private_decrypt") < 0)
888  goto fail;
889  if (mpi_from_named_parameter (lexic, &n, "n", "nasl_rsa_private_decrypt") < 0)
890  goto fail;
891  if (mpi_from_named_parameter (lexic, &d, "d", "nasl_rsa_private_decrypt") < 0)
892  goto fail;
893 
894  err = gcry_sexp_build (&key, NULL, "(private-key (rsa (n %m) (e %m) (d %m)))",
895  n, e, d);
896  if (err)
897  {
898  print_gcrypt_error (lexic, "gcry_sexp_build privkey", err);
899  goto fail;
900  }
901 
902  if (pad == 1)
903  err =
904  gcry_sexp_build (&data, NULL, "(enc-val (flags pkcs1) (rsa (a %m)))", dt);
905  else
906  err =
907  gcry_sexp_build (&data, NULL, "(enc-val (flags raw) (rsa (a %m)))", dt);
908  if (err)
909  {
910  print_gcrypt_error (lexic, "gcry_sexp_build data", err);
911  goto fail;
912  }
913 
914  err = gcry_pk_decrypt (&decrypted, data, key);
915  if (err)
916  {
917  print_gcrypt_error (lexic, "gcry_pk_decrypt", err);
918  goto fail;
919  }
920 
921  if (pad == 1)
922  {
923  if (set_retc_from_sexp (retc, decrypted, "value") >= 0
924  && strip_pkcs1_padding (retc) >= 0)
925  goto ret;
926  }
927  else
928  {
929  if (set_retc_from_sexp (retc, decrypted, "value") >= 0)
930  goto ret;
931  }
932 
933 fail:
934  retc->size = 0;
935  retc->x.str_val = g_malloc0 (1);
936 ret:
937  gcry_sexp_release (decrypted);
938  gcry_sexp_release (key);
939  gcry_sexp_release (data);
940  gcry_mpi_release (dt);
941  gcry_mpi_release (e);
942  gcry_mpi_release (n);
943  gcry_mpi_release (d);
944  return retc;
945 }

References alloc_typed_cell(), CONST_DATA, get_int_var_by_name(), get_str_var_by_name(), get_var_type_by_name(), mpi_from_named_parameter(), nasl_perror(), print_gcrypt_error(), set_retc_from_sexp(), TC::size, TC::str_val, strip_pkcs1_padding(), VAR2_INT, VAR2_STRING, and TC::x.

Here is the call graph for this function:

◆ nasl_rsa_public_decrypt()

tree_cell* nasl_rsa_public_decrypt ( lex_ctxt lexic)

nasl function

rsa_public_decrypt(sig:signature, e:mpi_e, n:mpi_n)

Decrypt the data in signature (usually an rsa-encrypted hash) with the public RSA key given by its parameters e and n. The return value is the decrypted data.

Definition at line 957 of file nasl_crypto2.c.

958 {
959  tree_cell *retc = NULL;
960  gcry_mpi_t e = NULL, n = NULL, s = NULL;
961  gcry_sexp_t key = NULL, sig = NULL, decrypted = NULL;
962  gcry_error_t err;
963 
964  retc = alloc_typed_cell (CONST_DATA);
965 
966  if (mpi_from_named_parameter (lexic, &s, "sig", "nasl_rsa_public_decrypt")
967  < 0)
968  goto fail;
969  if (mpi_from_named_parameter (lexic, &e, "e", "nasl_rsa_public_decrypt") < 0)
970  goto fail;
971  if (mpi_from_named_parameter (lexic, &n, "n", "nasl_rsa_public_decrypt") < 0)
972  goto fail;
973 
974  err = gcry_sexp_build (&key, NULL, "(public-key (rsa (n %m) (e %m)))", n, e);
975  if (err)
976  {
977  print_gcrypt_error (lexic, "gcry_sexp_build pubkey", err);
978  goto fail;
979  }
980  err = gcry_sexp_build (&sig, NULL, "(data (flags raw) (value %m))", s);
981  if (err)
982  {
983  print_gcrypt_error (lexic, "gcry_sexp_build sig", err);
984  goto fail;
985  }
986 
987  /* gcry_pk_encrypt is equivalent to the public key decryption at least
988  * for RSA keys. */
989  err = gcry_pk_encrypt (&decrypted, sig, key);
990  if (err)
991  {
992  print_gcrypt_error (lexic, "gcry_pk_encrypt", err);
993  goto fail;
994  }
995 
996  if (set_retc_from_sexp (retc, decrypted, "a") >= 0
997  && strip_pkcs1_padding (retc) >= 0)
998  goto ret;
999 
1000 fail:
1001  retc->size = 0;
1002  retc->x.str_val = g_malloc0 (1);
1003 ret:
1004  gcry_sexp_release (decrypted);
1005  gcry_sexp_release (key);
1006  gcry_sexp_release (sig);
1007  gcry_mpi_release (s);
1008  gcry_mpi_release (e);
1009  gcry_mpi_release (n);
1010  return retc;
1011 }

References alloc_typed_cell(), CONST_DATA, mpi_from_named_parameter(), print_gcrypt_error(), set_retc_from_sexp(), TC::size, TC::str_val, strip_pkcs1_padding(), and TC::x.

Here is the call graph for this function:

◆ nasl_rsa_public_encrypt()

tree_cell* nasl_rsa_public_encrypt ( lex_ctxt lexic)

nasl function

rsa_public_encrypt(data:data, e:mpi_e, n:mpi_n, pad:<TRUE:FALSE>)

Encrypt the provided data with the public RSA key given by its parameters e and n. The return value is the encrypted data.

TODO: In future releases, string support for padding should be removed

Definition at line 766 of file nasl_crypto2.c.

767 {
768  tree_cell *retc = NULL;
769  gcry_mpi_t e = NULL, n = NULL, dt = NULL;
770  gcry_sexp_t key = NULL, data = NULL, encrypted = NULL;
771  gcry_error_t err;
772  int type = get_var_type_by_name (lexic, "pad");
773  int pad = 0;
774 
775  if (type == VAR2_INT)
776  pad = get_int_var_by_name (lexic, "pad", 0);
778  else if (type == VAR2_STRING)
779  {
780  if (!strcmp (get_str_var_by_name (lexic, "pad"), "TRUE"))
781  pad = 1;
782  }
783  else
784  {
785  nasl_perror (lexic, "Syntax : rsa_public_encrypt(data:<d>,"
786  "n:<n>, e:<e>, pad:<TRUE:FALSE>)");
787  return NULL;
788  }
789 
790  retc = alloc_typed_cell (CONST_DATA);
791 
792  if (mpi_from_named_parameter (lexic, &dt, "data", "nasl_rsa_public_encrypt")
793  < 0)
794  goto fail;
795  if (mpi_from_named_parameter (lexic, &e, "e", "nasl_rsa_public_encrypt") < 0)
796  goto fail;
797  if (mpi_from_named_parameter (lexic, &n, "n", "nasl_rsa_public_encrypt") < 0)
798  goto fail;
799 
800  err = gcry_sexp_build (&key, NULL, "(public-key (rsa (n %m) (e %m)))", n, e);
801  if (err)
802  {
803  print_gcrypt_error (lexic, "gcry_sexp_build pubkey", err);
804  goto fail;
805  }
806 
807  if (pad == 1)
808  err = gcry_sexp_build (&data, NULL, "(data (flags pkcs1) (value %m))", dt);
809  else
810  err = gcry_sexp_build (&data, NULL, "(data (flags raw) (value %m))", dt);
811  if (err)
812  {
813  print_gcrypt_error (lexic, "gcry_sexp_build data", err);
814  goto fail;
815  }
816 
817  err = gcry_pk_encrypt (&encrypted, data, key);
818  if (err)
819  {
820  print_gcrypt_error (lexic, "gcry_pk_encrypt", err);
821  goto fail;
822  }
823 
824  if (pad == 1)
825  {
826  if (set_retc_from_sexp (retc, encrypted, "a") >= 0
827  && strip_pkcs1_padding (retc) >= 0)
828  goto ret;
829  }
830  else
831  {
832  if (set_retc_from_sexp (retc, encrypted, "a") >= 0)
833  goto ret;
834  }
835 
836 fail:
837  retc->size = 0;
838  retc->x.str_val = g_malloc0 (1);
839 ret:
840  gcry_sexp_release (encrypted);
841  gcry_sexp_release (key);
842  gcry_sexp_release (data);
843  gcry_mpi_release (dt);
844  gcry_mpi_release (e);
845  gcry_mpi_release (n);
846  return retc;
847 }

References alloc_typed_cell(), CONST_DATA, get_int_var_by_name(), get_str_var_by_name(), get_var_type_by_name(), mpi_from_named_parameter(), nasl_perror(), print_gcrypt_error(), set_retc_from_sexp(), TC::size, TC::str_val, strip_pkcs1_padding(), VAR2_INT, VAR2_STRING, and TC::x.

Here is the call graph for this function:

◆ nasl_rsa_sign()

tree_cell* nasl_rsa_sign ( lex_ctxt lexic)

nasl function

rsa_sign(data:hash, priv:pem, passphrase:passphrase)

Signs the data with the private RSA key priv given in PEM format. The passphrase is the passphrase needed to decrypt the private key. Returns the signed data.

In the OpenSSL based nasl, the key was not given in PEM form and with a passphrase. Instead it was given as the RSA parameters e, n and d. libgcrypt always requires all the parameters (including p, g, and u), so this function was changed to simply accept the full private key in PEM form. The one place where it was called had that the key available in that form.

Definition at line 1094 of file nasl_crypto2.c.

1095 {
1096  tree_cell *retc = NULL;
1097  char *data;
1098  int data_size;
1099  gcry_sexp_t ssig = NULL, sdata = NULL, skey = NULL;
1100  gnutls_x509_privkey_t priv_key = NULL;
1101  gcry_error_t err;
1102 
1103  retc = alloc_typed_cell (CONST_DATA);
1104 
1105  data = get_str_var_by_name (lexic, "data");
1106  data_size = get_var_size_by_name (lexic, "data");
1107  if (!data)
1108  goto fail;
1109 
1110  priv_key = nasl_load_privkey_param (lexic, "priv", "passphrase");
1111  if (!priv_key)
1112  goto fail;
1113 
1114  err = gcry_sexp_build (&sdata, NULL, "(data (flags pkcs1) (hash sha1 %b))",
1115  data_size, data);
1116  if (err)
1117  {
1118  print_gcrypt_error (lexic, "gcry_sexp_build for data", err);
1119  goto fail;
1120  }
1121 
1122  skey = nasl_sexp_from_privkey (lexic, priv_key);
1123  if (!skey)
1124  goto fail;
1125 
1126  err = gcry_pk_sign (&ssig, sdata, skey);
1127  if (err)
1128  {
1129  print_gcrypt_error (lexic, "gcry_pk_sign", err);
1130  goto fail;
1131  }
1132 
1133  if (set_retc_from_sexp (retc, ssig, "s") >= 0)
1134  goto ret;
1135 
1136 fail:
1137  retc->size = 0;
1138  retc->x.str_val = g_malloc0 (1);
1139 ret:
1140  gcry_sexp_release (ssig);
1141  gcry_sexp_release (sdata);
1142  gcry_sexp_release (skey);
1143  gnutls_x509_privkey_deinit (priv_key);
1144  return retc;
1145 }

References alloc_typed_cell(), CONST_DATA, get_str_var_by_name(), get_var_size_by_name(), nasl_load_privkey_param(), nasl_sexp_from_privkey(), print_gcrypt_error(), set_retc_from_sexp(), TC::size, TC::str_val, and TC::x.

Here is the call graph for this function:

◆ nasl_sexp_from_privkey()

static gcry_sexp_t nasl_sexp_from_privkey ( lex_ctxt lexic,
gnutls_x509_privkey_t  privkey 
)
static

Definition at line 1018 of file nasl_crypto2.c.

1019 {
1020  gnutls_datum_t datums[NUM_RSA_PARAMS]; /* m/n, e, d, p, q, u */
1021  gcry_mpi_t mpis[NUM_RSA_PARAMS]; /* m/n, e, d, p, q, u */
1022  gcry_sexp_t key = NULL;
1023  int err;
1024  gcry_error_t gerr;
1025  int i;
1026 
1027  for (i = 0; i < NUM_RSA_PARAMS; i++)
1028  {
1029  datums[i].data = NULL;
1030  mpis[i] = NULL;
1031  }
1032 
1033  err = gnutls_x509_privkey_export_rsa_raw (privkey, datums + 0, datums + 1,
1034  datums + 2, datums + 3, datums + 4,
1035  datums + 5);
1036  if (err)
1037  {
1038  print_tls_error (lexic, "gnutls_x509_privkey_export_rsa_raw", err);
1039  goto fail;
1040  }
1041 
1042  for (i = 0; i < NUM_RSA_PARAMS; i++)
1043  {
1044  err = mpi_from_string (lexic, mpis + i, datums[i].data, datums[i].size,
1045  "rsa parameter", "nasl_sexp_from_privkey");
1046  if (err < 0)
1047  goto fail;
1048  }
1049 
1050  /* make sure that p < q. libgcrypt requires this. */
1051  if (gcry_mpi_cmp (mpis[3], mpis[4]) > 0)
1052  {
1053  gcry_mpi_swap (mpis[3], mpis[4]);
1054  gcry_mpi_invm (mpis[5], mpis[3], mpis[4]);
1055  }
1056 
1057  gerr = gcry_sexp_build (&key, NULL,
1058  "(private-key (rsa (n %m) (e %m) (d %m)"
1059  " (p %m) (q %m) (u %m)))",
1060  mpis[0], mpis[1], mpis[2], mpis[3], mpis[4], mpis[5]);
1061  if (gerr)
1062  {
1063  print_gcrypt_error (lexic, "gcry_sexp_build", gerr);
1064  goto fail;
1065  }
1066 
1067 fail:
1068  for (i = 0; i < NUM_RSA_PARAMS; i++)
1069  {
1070  gnutls_free (datums[i].data);
1071  gcry_mpi_release (mpis[i]);
1072  }
1073 
1074  return key;
1075 }

References mpi_from_string(), NUM_RSA_PARAMS, print_gcrypt_error(), and print_tls_error().

Referenced by nasl_rsa_sign().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ nasl_smb3kdf()

tree_cell* nasl_smb3kdf ( lex_ctxt lexic)

Add the SMB3KDF as specified in [SP800-108] section 5.1.

Parameters
lexic
Returns
tree_cell*

Definition at line 2111 of file nasl_crypto2.c.

2112 {
2113  gcry_mac_hd_t hd;
2114  gcry_error_t error;
2115  void *result, *key, *label, *context, *buf;
2116  u_char *tmp;
2117  size_t resultlen, keylen, labellen, contextlen, buflen, r = 4;
2118  long lvalue;
2119  int i = 1;
2120  tree_cell *retc;
2121 
2122  key = get_str_var_by_name (lexic, "key");
2123  keylen = get_var_size_by_name (lexic, "key");
2124  label = get_str_var_by_name (lexic, "label");
2125  labellen = get_var_size_by_name (lexic, "label");
2126  context = get_str_var_by_name (lexic, "ctx");
2127  contextlen = get_var_size_by_name (lexic, "ctx");
2128  lvalue = get_int_var_by_name (lexic, "lvalue", 0);
2129 
2130  if (!key || keylen <= 0 || !label || labellen <= 0 || !context
2131  || contextlen <= 0)
2132  {
2133  nasl_perror (
2134  lexic, "Syntax: nasl_smb3kdf: Missing key, label or context argument");
2135  return NULL;
2136  }
2137 
2138  if (lvalue != 128 && lvalue != 256)
2139  {
2140  nasl_perror (lexic,
2141  "nasl_smb3kdf: lvalue must have a value of 128 or 256");
2142  return NULL;
2143  }
2144 
2145  if ((error = gcry_mac_open (&hd, GCRY_MAC_HMAC_SHA256, 0, NULL)))
2146  {
2147  nasl_perror (lexic, "gcry_mac_open: %s", gcry_strerror (error));
2148  gcry_mac_close (hd);
2149  return NULL;
2150  }
2151 
2152  if ((error = gcry_mac_setkey (hd, key, keylen)))
2153  {
2154  nasl_perror (lexic, "gcry_mac_setkey: %s", gcry_strerror (error));
2155  gcry_mac_close (hd);
2156  return NULL;
2157  }
2158 
2159  resultlen = lvalue / 8;
2160 
2161  // Prepare buffer as in [SP800-108] section 5.1
2162  // [i]2 || Label || 0x00 || Context || [L]2
2163  // [i]2 is the binary presentation of the iteration. Allways 1
2164  // Label is given by caller
2165  // 0x00 is a byte set to 0
2166  // Context is given by caller
2167  // L is a integer set to 128 or 256 for smb3kdf
2168  buflen = r + labellen + 1 + contextlen + 4;
2169  buf = g_malloc0 (buflen);
2170  tmp = buf;
2171 
2172  // We need bytes in big endian, but they are currently stored as little endian
2173  i = htonl (i);
2174  memcpy (tmp, &i, r);
2175  tmp = tmp + r;
2176 
2177  memcpy (tmp, label, labellen);
2178  tmp = tmp + labellen;
2179  *tmp = 0;
2180  tmp = tmp + 1;
2181  memcpy (tmp, context, contextlen);
2182  tmp = tmp + contextlen;
2183 
2184  // We need bytes in big endian, but they are currently stored as little endian
2185  lvalue = htonl (lvalue);
2186  memcpy (tmp, &lvalue, 4);
2187 
2188  if ((error = gcry_mac_write (hd, buf, buflen)))
2189  {
2190  g_message ("gcry_mac_write: %s", gcry_strerror (error));
2191  gcry_mac_close (hd);
2192  g_free (buf);
2193  return NULL;
2194  }
2195 
2196  result = g_malloc0 (resultlen);
2197  if ((error = gcry_mac_read (hd, result, &resultlen)))
2198  {
2199  g_message ("gcry_mac_read: %s", gcry_strerror (error));
2200  gcry_mac_close (hd);
2201  g_free (buf);
2202  g_free (result);
2203  return NULL;
2204  }
2205 
2206  g_free (buf);
2207  gcry_mac_close (hd);
2208  retc = alloc_typed_cell (CONST_DATA);
2209  retc->x.str_val = result;
2210  retc->size = resultlen;
2211  return retc;
2212 }

References alloc_typed_cell(), CONST_DATA, get_int_var_by_name(), get_str_var_by_name(), get_var_size_by_name(), cipher_table_item::hd, nasl_perror(), TC::size, TC::str_val, and TC::x.

Here is the call graph for this function:

◆ print_gcrypt_error()

static void print_gcrypt_error ( lex_ctxt lexic,
char *  function,
int  err 
)
static

Prints a libgcrypt error.

The parameter err should be the libgcrypt error code

Definition at line 82 of file nasl_crypto2.c.

83 {
84  nasl_perror (lexic, "%s failed: %s/%s\n", function, gcry_strsource (err),
85  gcry_strerror (err));
86 }

References nasl_perror().

Referenced by nasl_bf_cbc(), nasl_dsa_do_sign(), nasl_dsa_do_verify(), nasl_rsa_private_decrypt(), nasl_rsa_public_decrypt(), nasl_rsa_public_encrypt(), nasl_rsa_sign(), and nasl_sexp_from_privkey().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ print_tls_error()

static void print_tls_error ( lex_ctxt lexic,
char *  txt,
int  err 
)
static

Prints a GnuTLS error.

The parameter err should be the GnuTLS error code

Definition at line 71 of file nasl_crypto2.c.

72 {
73  nasl_perror (lexic, "%s: %s (%d)\n", txt, gnutls_strerror (err), err);
74 }

References nasl_perror().

Referenced by nasl_load_privkey_param(), nasl_pem_to(), and nasl_sexp_from_privkey().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ set_mpi_retc()

static int set_mpi_retc ( tree_cell retc,
gcry_mpi_t  mpi 
)
static

Sets the return value in retc from the MPI mpi.

The MPI is converted to a byte string as an unsigned int in bigendian form (libgcrypts GCRYMPI_FMT_USG format).

In an earlier implementation of this function, if first byte in the string had it's most significant bit set, i.e. if it would be considered negative when interpreted as two's-complement representation, a null-byte was prepended to make sure the number is always considered positive.

However, this behavior caused problems during certain SSH operations because the buffer returned by this function would be one byte larger than expected. For now, the str_val of retc will always have the content and size returned by gcry_mpi_aprint ().

Returns
0 on success and -1 on failure.

Definition at line 254 of file nasl_crypto2.c.

255 {
256  unsigned char *buffer = NULL;
257  size_t size;
258 
259  gcry_mpi_aprint (GCRYMPI_FMT_USG, &buffer, &size, mpi);
260  if (!buffer)
261  return -1;
262 
263  retc->x.str_val = g_malloc0 (size);
264  memcpy (retc->x.str_val, buffer, size);
265  retc->size = size;
266 
267  gcry_free (buffer);
268 
269  return 0;
270 }

References TC::size, TC::str_val, and TC::x.

Referenced by nasl_bn_random(), nasl_dh_compute_key(), nasl_dh_generate_key(), nasl_pem_to(), and set_retc_from_sexp().

Here is the caller graph for this function:

◆ set_retc_from_sexp()

static int set_retc_from_sexp ( tree_cell retc,
gcry_sexp_t  sexp,
const char *  token 
)
static

Sets the return value in retc from an sexpression.

The function uses extract_mpi_from_sexp to extract an MPI from the sexpression sexp and the subexpression given by token. The function return 1 on success and 0 on failure.

Definition at line 698 of file nasl_crypto2.c.

699 {
700  int ret = 0;
701  gcry_mpi_t mpi = extract_mpi_from_sexp (sexp, token);
702  if (mpi)
703  {
704  ret = set_mpi_retc (retc, mpi);
705 
706  gcry_mpi_release (mpi);
707  }
708 
709  return ret;
710 }

References extract_mpi_from_sexp(), and set_mpi_retc().

Referenced by nasl_rsa_private_decrypt(), nasl_rsa_public_decrypt(), nasl_rsa_public_encrypt(), and nasl_rsa_sign().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ strip_pkcs1_padding()

static int strip_pkcs1_padding ( tree_cell retc)
static

Strips PKCS#1 padding from the string in retc.

Definition at line 716 of file nasl_crypto2.c.

717 {
718  char *p;
719 
720  if (retc->x.str_val == NULL || retc->size < 1)
721  return -1;
722 
723  /* Find type of padding. PKCS#1 padding normally starts with a 0 byte.
724  * However, due to the way the value in retc has been created, any
725  * leading zeros have already been stripped. So the byte that
726  * describes the type of padding is the first byte in str_val. Also,
727  * the only padding types we can actually find are 1 and 2. padding
728  * type 0 means that the padding is done with zeros and those will
729  * have been already stripped too. */
730  p = retc->x.str_val;
731  if (p[0] == 1 || p[0] == 2)
732  {
733  /* for padding type 1 and 2 we simply have to strip all non-zero
734  * bytes at the beginning of the value */
735  int i = 0;
736  char *temp;
737  while (i < retc->size && p[i])
738  i++;
739  /* skip the zero byte */
740  i++;
741  if (i <= retc->size)
742  {
743  int rest = retc->size - i;
744  temp = g_malloc0 (rest);
745  memcpy (temp, p + i, rest);
746  g_free (retc->x.str_val);
747  retc->x.str_val = temp;
748  retc->size = rest;
749  }
750  else
751  return -1;
752  }
753 
754  return 0;
755 }

References TC::size, TC::str_val, and TC::x.

Referenced by nasl_rsa_private_decrypt(), nasl_rsa_public_decrypt(), and nasl_rsa_public_encrypt().

Here is the caller graph for this function:

◆ verify_cipher_id()

static gcry_cipher_hd_t verify_cipher_id ( lex_ctxt lexic,
int  cipher_id 
)
static

Helper function to validate the cipher id.

Parameters
[in]cipher_idThe cipher ID to validate.
Returns
Handler on success, Null on error.

Definition at line 130 of file nasl_crypto2.c.

131 {
133  GList *hd_aux;
134 
135  hd_aux = g_list_find_custom (cipher_table, &cipher_id,
136  (GCompareFunc) find_cipher_hd);
137  if (!hd_aux)
138  {
139  nasl_perror (lexic, "Cipher handle %d not found.\n", cipher_id);
140  return NULL;
141  }
142  hd = (cipher_table_item_t *) hd_aux->data;
143 
144  return hd->hd;
145 }

References cipher_table, find_cipher_hd(), cipher_table_item::hd, and nasl_perror().

Referenced by encrypt_stream_data(), nasl_close_stream_cipher(), and nasl_rc4_encrypt().

Here is the call graph for this function:
Here is the caller graph for this function:

Variable Documentation

◆ cipher_table

GList* cipher_table = NULL
static

List of open cipher handler.

Definition at line 51 of file nasl_crypto2.c.

Referenced by delete_cipher_item(), get_new_cipher_id(), nasl_open_stream_cipher(), and verify_cipher_id().

st_a_nasl_var
Definition: nasl_var.h:40
set_mpi_retc
static int set_mpi_retc(tree_cell *retc, gcry_mpi_t mpi)
Sets the return value in retc from the MPI mpi.
Definition: nasl_crypto2.c:254
nasl_sexp_from_privkey
static gcry_sexp_t nasl_sexp_from_privkey(lex_ctxt *lexic, gnutls_x509_privkey_t privkey)
Definition: nasl_crypto2.c:1018
MAX_CIPHER_ID
#define MAX_CIPHER_ID
Definition: nasl_crypto2.c:37
CONST_DATA
@ CONST_DATA
Definition: nasl_tree.h:82
get_var_size_by_name
int get_var_size_by_name(lex_ctxt *, const char *)
Definition: nasl_var.c:1138
set_retc_from_sexp
static int set_retc_from_sexp(tree_cell *retc, gcry_sexp_t sexp, const char *token)
Sets the return value in retc from an sexpression.
Definition: nasl_crypto2.c:698
print_tls_error
static void print_tls_error(lex_ctxt *lexic, char *txt, int err)
Prints a GnuTLS error.
Definition: nasl_crypto2.c:71
TC::str_val
char * str_val
Definition: nasl_tree.h:103
print_gcrypt_error
static void print_gcrypt_error(lex_ctxt *lexic, char *function, int err)
Prints a libgcrypt error.
Definition: nasl_crypto2.c:82
TC::x
union TC::@5 x
DYN_ARRAY
@ DYN_ARRAY
Definition: nasl_tree.h:90
nasl_open_stream_cipher
static tree_cell * nasl_open_stream_cipher(lex_ctxt *lexic, int cipher, int mode, const char *caller_func)
Open a stream cipher. This function creates a context handle and stores it in a cipher table....
Definition: nasl_crypto2.c:1531
st_a_nasl_var::v
union st_a_nasl_var::@7 v
get_str_var_by_name
char * get_str_var_by_name(lex_ctxt *, const char *)
Definition: nasl_var.c:1118
st_a_nasl_var::v_str
nasl_string_t v_str
Definition: nasl_var.h:47
mpi_from_named_parameter
static int mpi_from_named_parameter(lex_ctxt *lexic, gcry_mpi_t *dest, const char *parameter, const char *function)
Converts a named nasl parameter to a gcry_mpi_t.
Definition: nasl_crypto2.c:220
VAR2_STRING
@ VAR2_STRING
Definition: nasl_var.h:17
st_nasl_string::s_siz
int s_siz
Definition: nasl_var.h:27
VAR2_DATA
@ VAR2_DATA
Definition: nasl_var.h:18
st_nasl_array
Definition: nasl_var.h:33
cipher_table_item::hd
gcry_cipher_hd_t hd
Definition: nasl_crypto2.c:58
encrypt_stream_data
static tree_cell * encrypt_stream_data(lex_ctxt *lexic, int cipher, const char *caller_func)
Encrypt data using an existent cipher handle. As the handler is not close, the key is updated to encr...
Definition: nasl_crypto2.c:1609
NASL_ENCRYPT
#define NASL_ENCRYPT
Definition: nasl_crypto2.c:38
VAR2_INT
@ VAR2_INT
Definition: nasl_var.h:16
cipher_table_item::id
int id
Definition: nasl_crypto2.c:59
nasl_perror
void nasl_perror(lex_ctxt *lexic, char *msg,...)
Definition: nasl_debug.c:111
get_var_type_by_name
int get_var_type_by_name(lex_ctxt *, const char *)
Definition: nasl_var.c:1162
TC::size
int size
Definition: nasl_tree.h:99
NUM_RSA_PARAMS
#define NUM_RSA_PARAMS
Creates a libgcryt s-expression from a GnuTLS private RSA key.
Definition: nasl_crypto2.c:1016
len
uint8_t len
Definition: nasl_packet_forgery.c:1
SIGBLOB_LEN
#define SIGBLOB_LEN
Definition: nasl_crypto2.c:36
get_new_cipher_id
static int get_new_cipher_id(void)
Helper function to get a free id for a new cipher.
Definition: nasl_crypto2.c:108
get_int_var_by_name
long int get_int_var_by_name(lex_ctxt *, const char *, int)
Definition: nasl_var.c:1104
calc_dh_public
static gcry_mpi_t calc_dh_public(gcry_mpi_t g, gcry_mpi_t prime, gcry_mpi_t priv)
compute the diffie hellman public key.
Definition: nasl_crypto2.c:518
crypt_data
static tree_cell * crypt_data(lex_ctxt *lexic, int cipher, int mode, int flags)
Definition: nasl_crypto2.c:1742
TC::ref_val
void * ref_val
Definition: nasl_tree.h:105
TC::ref_count
short ref_count
Definition: nasl_tree.h:98
st_a_nasl_var::var_type
int var_type
Definition: nasl_var.h:41
cipher_table_item_new
static cipher_table_item_t * cipher_table_item_new(void)
Create a new cipher handler item parameter.
Definition: nasl_crypto2.c:153
nasl_pem_to
static tree_cell * nasl_pem_to(lex_ctxt *lexic, int type)
Implements the nasl functions pem_to_rsa and pem_to_dsa.
Definition: nasl_crypto2.c:403
mac
gpg_err_code_t mac(const char *key, const size_t key_len, const char *data, const size_t data_len, const char *iv, const size_t iv_len, int algo, int flags, char **out, size_t *out_len)
Definition: nasl_crypt_helper.c:97
nasl_mac
static tree_cell * nasl_mac(lex_ctxt *lexic, int algo, int flags)
Definition: nasl_crypto2.c:1694
TC
Definition: nasl_tree.h:94
TC::type
short type
Definition: nasl_tree.h:95
nasl_bf_cbc
static tree_cell * nasl_bf_cbc(lex_ctxt *lexic, int enc)
Implements the nasl functions bf_cbc_encrypt and bf_cbc_decrypt.
Definition: nasl_crypto2.c:1358
delete_cipher_item
static void delete_cipher_item(int cipher_id)
Free and remove a cipher handler from the cipher table.
Definition: nasl_crypto2.c:165
NASL_AAD
#define NASL_AAD
Definition: nasl_crypto2.c:40
CONST_INT
@ CONST_INT
Definition: nasl_tree.h:79
nasl_load_privkey_param
static gnutls_x509_privkey_t nasl_load_privkey_param(lex_ctxt *lexic, const char *priv_name, const char *passphrase_name)
Loads a private key from a string.
Definition: nasl_crypto2.c:357
mpi_from_string
static int mpi_from_string(lex_ctxt *lexic, gcry_mpi_t *dest, void *data, size_t len, const char *parameter, const char *function)
Converts a string to a gcry_mpi_t.
Definition: nasl_crypto2.c:191
add_var_to_list
int add_var_to_list(nasl_array *a, int i, const anon_nasl_var *v)
Definition: nasl_var.c:1245
find_cipher_hd
static int find_cipher_hd(cipher_table_item_t *cipher_elem, int *id)
Helper function to find cipher id in the table.
Definition: nasl_crypto2.c:94
cipher_table
static GList * cipher_table
List of open cipher handler.
Definition: nasl_crypto2.c:51
alloc_typed_cell
tree_cell * alloc_typed_cell(int typ)
Definition: nasl_tree.c:28
NASL_DECRYPT
#define NASL_DECRYPT
Definition: nasl_crypto2.c:39
strip_pkcs1_padding
static int strip_pkcs1_padding(tree_cell *retc)
Strips PKCS#1 padding from the string in retc.
Definition: nasl_crypto2.c:716
verify_cipher_id
static gcry_cipher_hd_t verify_cipher_id(lex_ctxt *lexic, int cipher_id)
Helper function to validate the cipher id.
Definition: nasl_crypto2.c:130
st_nasl_string::s_val
unsigned char * s_val
Definition: nasl_var.h:26
cipher_table_item
Struct holding a cipher handler.
Definition: nasl_crypto2.c:57
INTBLOB_LEN
#define INTBLOB_LEN
Definition: nasl_crypto2.c:35
calc_dh_key
static gcry_mpi_t calc_dh_key(gcry_mpi_t pub, gcry_mpi_t prime, gcry_mpi_t priv)
Compute the diffie hellman shared secret key.
Definition: nasl_crypto2.c:545
TC::i_val
long int i_val
Definition: nasl_tree.h:104
extract_mpi_from_sexp
static gcry_mpi_t extract_mpi_from_sexp(gcry_sexp_t sexp, const char *token)
Extracts an MPI value from a libgcryt s-expression.
Definition: nasl_crypto2.c:668