OpenVAS Scanner  22.7.9
nasl_crypto2.c
Go to the documentation of this file.
1 /* SPDX-FileCopyrightText: 2023 Greenbone AG
2  * SPDX-FileCopyrightText: 2002-2004 Tenable Network Security
3  *
4  * SPDX-License-Identifier: GPL-2.0-only
5  */
6 
13 #include "nasl_crypto2.h"
14 
15 #include "../misc/strutils.h"
16 #include "nasl_crypto_helper.h"
17 #include "nasl_debug.h"
18 #include "nasl_func.h"
19 #include "nasl_global_ctxt.h"
20 #include "nasl_lex_ctxt.h"
21 #include "nasl_misc_funcs.h"
22 #include "nasl_packet_forgery.h"
23 #include "nasl_tree.h"
24 #include "nasl_var.h"
25 
26 #include <arpa/inet.h>
27 #include <gcrypt.h>
28 #include <gnutls/gnutls.h>
29 #include <gnutls/x509.h>
30 #include <gpg-error.h>
31 #include <gvm/base/logging.h>
32 #include <stddef.h>
33 #include <stdlib.h>
34 
35 #define INTBLOB_LEN 20
36 #define SIGBLOB_LEN (2 * INTBLOB_LEN)
37 #define MAX_CIPHER_ID 32
38 #define NASL_ENCRYPT 0
39 #define NASL_DECRYPT 1
40 #define NASL_AAD 2
41 
42 #undef G_LOG_DOMAIN
43 
46 #define G_LOG_DOMAIN "lib nasl"
47 
51 static GList *cipher_table = NULL;
52 
57 {
58  gcry_cipher_hd_t hd;
59  int id;
60 };
61 
62 /* Type definitions */
64 
70 static void
71 print_tls_error (lex_ctxt *lexic, char *txt, int err)
72 {
73  nasl_perror (lexic, "%s: %s (%d)\n", txt, gnutls_strerror (err), err);
74 }
75 
81 static void
82 print_gcrypt_error (lex_ctxt *lexic, char *function, int err)
83 {
84  nasl_perror (lexic, "%s failed: %s/%s\n", function, gcry_strsource (err),
85  gcry_strerror (err));
86 }
87 
93 static int
94 find_cipher_hd (cipher_table_item_t *cipher_elem, int *id)
95 {
96  if (cipher_elem->id == *id)
97  return 0;
98 
99  return -1;
100 }
101 
107 static int
109 {
110  int cipher_id;
111 
112  for (cipher_id = 0; cipher_id < MAX_CIPHER_ID; cipher_id++)
113  {
114  if (g_list_find_custom (cipher_table, &cipher_id,
115  (GCompareFunc) find_cipher_hd)
116  == NULL)
117  return cipher_id;
118  }
119 
120  return -1;
121 }
122 
129 static gcry_cipher_hd_t
130 verify_cipher_id (lex_ctxt *lexic, int cipher_id)
131 {
133  GList *hd_aux;
134 
135  hd_aux = g_list_find_custom (cipher_table, &cipher_id,
136  (GCompareFunc) find_cipher_hd);
137  if (!hd_aux)
138  {
139  nasl_perror (lexic, "Cipher handle %d not found.\n", cipher_id);
140  return NULL;
141  }
142  hd = (cipher_table_item_t *) hd_aux->data;
143 
144  return hd->hd;
145 }
146 
152 static cipher_table_item_t *
154 {
155  return g_malloc0 (sizeof (cipher_table_item_t));
156 }
157 
164 static void
165 delete_cipher_item (int cipher_id)
166 {
167  GList *hd_item;
169 
170  hd_item = g_list_find_custom (cipher_table, &cipher_id,
171  (GCompareFunc) find_cipher_hd);
172  hd = (cipher_table_item_t *) hd_item->data;
173  gcry_cipher_close ((gcry_cipher_hd_t) hd->hd);
174  cipher_table = g_list_remove (cipher_table, hd_item->data);
175  g_free (hd_item->data);
176 }
177 
190 static int
191 mpi_from_string (lex_ctxt *lexic, gcry_mpi_t *dest, void *data, size_t len,
192  const char *parameter, const char *function)
193 {
194  gcry_error_t err;
195  unsigned char *buffer = data;
196 
197  err = gcry_mpi_scan (dest, GCRYMPI_FMT_USG, buffer, len, NULL);
198  if (err)
199  {
200  nasl_perror (lexic, "%s(): gcry_mpi_scan failed for %s: %s/%s\n",
201  function, parameter, gcry_strsource (err),
202  gcry_strerror (err));
203  return -1;
204  }
205 
206  return 0;
207 }
208 
219 static int
220 mpi_from_named_parameter (lex_ctxt *lexic, gcry_mpi_t *dest,
221  const char *parameter, const char *function)
222 {
223  long size;
224  char *s;
225 
226  s = get_str_var_by_name (lexic, parameter);
227  size = get_var_size_by_name (lexic, parameter);
228 
229  if (!s)
230  return -1;
231 
232  return mpi_from_string (lexic, dest, s, size, parameter, function);
233 }
234 
253 static int
254 set_mpi_retc (tree_cell *retc, gcry_mpi_t mpi)
255 {
256  unsigned char *buffer = NULL;
257  size_t size;
258 
259  gcry_mpi_aprint (GCRYMPI_FMT_USG, &buffer, &size, mpi);
260  if (!buffer)
261  return -1;
262 
263  retc->x.str_val = g_malloc0 (size);
264  memcpy (retc->x.str_val, buffer, size);
265  retc->size = size;
266 
267  gcry_free (buffer);
268 
269  return 0;
270 }
271 
280 tree_cell *
282 {
283  tree_cell *retc = NULL;
284  gcry_mpi_t key1 = NULL, key2 = NULL;
285 
286  retc = g_malloc0 (sizeof (tree_cell));
287  retc->ref_count = 1;
288  retc->type = CONST_INT;
289  retc->x.i_val = 1;
290 
291  if (mpi_from_named_parameter (lexic, &key1, "key1", "nasl_bn_cmp") < 0)
292  goto fail;
293  if (mpi_from_named_parameter (lexic, &key2, "key2", "nasl_bn_cmp") < 0)
294  goto fail;
295 
296  retc->x.i_val = gcry_mpi_cmp (key1, key2);
297 
298  /* make sure the return value is one of -1, 0, +1 */
299  if (retc->x.i_val > 0)
300  retc->x.i_val = 1;
301  if (retc->x.i_val < 0)
302  retc->x.i_val = -1;
303 
304 fail:
305  gcry_mpi_release (key1);
306  gcry_mpi_release (key2);
307  return retc;
308 }
309 
317 tree_cell *
319 {
320  tree_cell *retc = NULL;
321  gcry_mpi_t key = NULL;
322  long need;
323 
324  retc = alloc_typed_cell (CONST_DATA);
325 
326  /* number of random bits */
327  need = get_int_var_by_name (lexic, "need", 0);
328 
329  key = gcry_mpi_new (0);
330  if (!key)
331  goto fail;
332 
333  gcry_mpi_randomize (key, need, GCRY_STRONG_RANDOM);
334 
335  if (set_mpi_retc (retc, key) >= 0)
336  goto ret;
337 
338 fail:
339  retc->size = 0;
340  retc->x.str_val = g_malloc0 (1);
341 ret:
342  gcry_mpi_release (key);
343  return retc;
344 }
345 
356 static gnutls_x509_privkey_t
357 nasl_load_privkey_param (lex_ctxt *lexic, const char *priv_name,
358  const char *passphrase_name)
359 {
360  char *priv = NULL, *passphrase = NULL;
361  long privlen;
362  gnutls_x509_privkey_t privkey = NULL;
363  gnutls_datum_t pem;
364  int err;
365 
366  /* PEM encoded privkey */
367  priv = get_str_var_by_name (lexic, priv_name);
368  privlen = get_var_size_by_name (lexic, priv_name);
369 
370  /* passphrase */
371  passphrase = get_str_var_by_name (lexic, passphrase_name);
372  pem.data = (unsigned char *) priv;
373  pem.size = privlen;
374 
375  err = gnutls_x509_privkey_init (&privkey);
376  if (err)
377  {
378  print_tls_error (lexic, "gnutls_x509_privkey_init", err);
379  goto fail;
380  }
381 
382  if (passphrase && !*passphrase)
383  passphrase = NULL;
384  err =
385  gnutls_x509_privkey_import2 (privkey, &pem, GNUTLS_X509_FMT_PEM, passphrase,
386  passphrase ? 0 : GNUTLS_PKCS_PLAIN);
387  if (err)
388  {
389  print_tls_error (lexic, "gnutls_x509_privkey_import_pkcs8", err);
390  goto fail;
391  }
392  return privkey;
393 
394 fail:
395  gnutls_x509_privkey_deinit (privkey);
396  return NULL;
397 }
398 
402 static tree_cell *
403 nasl_pem_to (lex_ctxt *lexic, int type)
404 {
405  tree_cell *retc = NULL;
406  gnutls_x509_privkey_t privkey = NULL;
407  gcry_mpi_t key = NULL;
408  int err;
409 
410  retc = alloc_typed_cell (CONST_DATA);
411 
412  privkey = nasl_load_privkey_param (lexic, "priv", "passphrase");
413  if (!privkey)
414  goto fail;
415 
416  if (!type)
417  {
418  gnutls_datum_t m, e, d, p, q, u;
419  err =
420  gnutls_x509_privkey_export_rsa_raw (privkey, &m, &e, &d, &p, &q, &u);
421  if (err)
422  {
423  print_tls_error (lexic, "gnutls_x509_privkey_export_rsa_raw", err);
424  goto fail;
425  }
426 
427  err =
428  mpi_from_string (lexic, &key, d.data, d.size, "rsa d", "nasl_pem_to");
429  gnutls_free (m.data);
430  gnutls_free (e.data);
431  gnutls_free (d.data);
432  gnutls_free (p.data);
433  gnutls_free (q.data);
434  gnutls_free (u.data);
435 
436  if (err < 0)
437  goto fail;
438  }
439  else
440  {
441  gnutls_datum_t p, q, g, y, x;
442  err = gnutls_x509_privkey_export_dsa_raw (privkey, &p, &q, &g, &y, &x);
443  if (err)
444  {
445  print_tls_error (lexic, "gnutls_x509_privkey_export_dsa_raw", err);
446  goto fail;
447  }
448 
449  err =
450  mpi_from_string (lexic, &key, x.data, x.size, "dsa x", "nasl_pem_to");
451 
452  gnutls_free (p.data);
453  gnutls_free (q.data);
454  gnutls_free (g.data);
455  gnutls_free (y.data);
456  gnutls_free (x.data);
457 
458  if (err < 0)
459  goto fail;
460  }
461 
462  if (set_mpi_retc (retc, key) >= 0)
463  goto ret;
464 
465 fail:
466  retc->size = 0;
467  retc->x.str_val = g_malloc0 (1);
468 ret:
469  gcry_mpi_release (key);
470  gnutls_x509_privkey_deinit (privkey);
471  return retc;
472 }
473 
484 tree_cell *
486 {
487  return nasl_pem_to (lexic, 0);
488 }
489 
500 tree_cell *
502 {
503  return nasl_pem_to (lexic, 1);
504 }
505 
517 static gcry_mpi_t
518 calc_dh_public (gcry_mpi_t g, gcry_mpi_t prime, gcry_mpi_t priv)
519 {
520  gcry_mpi_t e;
521 
522  e = gcry_mpi_new (gcry_mpi_get_nbits (prime));
523  if (e == NULL)
524  {
525  return NULL;
526  }
527 
528  gcry_mpi_powm (e, g, priv, prime);
529 
530  return e;
531 }
532 
544 static gcry_mpi_t
545 calc_dh_key (gcry_mpi_t pub, gcry_mpi_t prime, gcry_mpi_t priv)
546 {
547  gcry_mpi_t e;
548 
549  e = gcry_mpi_new (gcry_mpi_get_nbits (prime));
550  if (e == NULL)
551  {
552  return NULL;
553  }
554 
555  gcry_mpi_powm (e, pub, priv, prime);
556 
557  return e;
558 }
559 
569 tree_cell *
571 {
572  tree_cell *retc = NULL;
573  gcry_mpi_t p = NULL, g = NULL, priv = NULL, pub_mpi = NULL;
574 
575  retc = alloc_typed_cell (CONST_DATA);
576 
577  if (mpi_from_named_parameter (lexic, &p, "p", "nasl_dh_generate_key") < 0)
578  goto fail;
579  if (mpi_from_named_parameter (lexic, &g, "g", "nasl_dh_generate_key") < 0)
580  goto fail;
581  if (mpi_from_named_parameter (lexic, &priv, "priv", "nasl_dh_generate_key")
582  < 0)
583  goto fail;
584 
585  pub_mpi = calc_dh_public (g, p, priv);
586  if (pub_mpi == NULL)
587  goto fail;
588 
589  if (set_mpi_retc (retc, pub_mpi) >= 0)
590  goto ret;
591 
592 fail:
593  retc->x.str_val = g_malloc0 (1);
594  retc->size = 0;
595 ret:
596  gcry_mpi_release (p);
597  gcry_mpi_release (g);
598  gcry_mpi_release (priv);
599  gcry_mpi_release (pub_mpi);
600  return retc;
601 }
602 
614 tree_cell *
616 {
617  tree_cell *retc = NULL;
618  gcry_mpi_t p = NULL, g = NULL, dh_server_pub = NULL;
619  gcry_mpi_t pub_key = NULL, priv_key = NULL;
620  gcry_mpi_t shared = NULL;
621 
622  retc = alloc_typed_cell (CONST_DATA);
623 
624  if (mpi_from_named_parameter (lexic, &p, "p", "nasl_dh_compute_key") < 0)
625  goto fail;
626  if (mpi_from_named_parameter (lexic, &g, "g", "nasl_dh_compute_key") < 0)
627  goto fail;
628  if (mpi_from_named_parameter (lexic, &dh_server_pub, "dh_server_pub",
629  "nasl_dh_compute_key")
630  < 0)
631  goto fail;
632  if (mpi_from_named_parameter (lexic, &pub_key, "pub_key",
633  "nasl_dh_compute_key")
634  < 0)
635  goto fail;
636  if (mpi_from_named_parameter (lexic, &priv_key, "priv_key",
637  "nasl_dh_compute_key")
638  < 0)
639  goto fail;
640 
641  shared = calc_dh_key (dh_server_pub, p, priv_key);
642 
643  if (set_mpi_retc (retc, shared) >= 0)
644  goto ret;
645 
646 fail:
647  retc->size = 0;
648  retc->x.str_val = g_malloc0 (1);
649 ret:
650  gcry_mpi_release (p);
651  gcry_mpi_release (g);
652  gcry_mpi_release (dh_server_pub);
653  gcry_mpi_release (priv_key);
654  gcry_mpi_release (pub_key);
655  gcry_mpi_release (shared);
656  return retc;
657 }
658 
667 static gcry_mpi_t
668 extract_mpi_from_sexp (gcry_sexp_t sexp, const char *token)
669 {
670  gcry_sexp_t child = NULL;
671  gcry_mpi_t mpi = NULL;
672 
673  child = gcry_sexp_find_token (sexp, token, strlen (token));
674  if (!child)
675  {
676  g_message ("set_retc_from_sexp: no subexpression with token <%s>", token);
677  }
678  else
679  {
680  mpi = gcry_sexp_nth_mpi (child, 1, GCRYMPI_FMT_USG);
681  }
682 
683  gcry_sexp_release (child);
684 
685  return mpi;
686 }
687 
697 static int
698 set_retc_from_sexp (tree_cell *retc, gcry_sexp_t sexp, const char *token)
699 {
700  int ret = 0;
701  gcry_mpi_t mpi = extract_mpi_from_sexp (sexp, token);
702  if (mpi)
703  {
704  ret = set_mpi_retc (retc, mpi);
705 
706  gcry_mpi_release (mpi);
707  }
708 
709  return ret;
710 }
711 
715 static int
717 {
718  char *p;
719 
720  if (retc->x.str_val == NULL || retc->size < 1)
721  return -1;
722 
723  /* Find type of padding. PKCS#1 padding normally starts with a 0 byte.
724  * However, due to the way the value in retc has been created, any
725  * leading zeros have already been stripped. So the byte that
726  * describes the type of padding is the first byte in str_val. Also,
727  * the only padding types we can actually find are 1 and 2. padding
728  * type 0 means that the padding is done with zeros and those will
729  * have been already stripped too. */
730  p = retc->x.str_val;
731  if (p[0] == 1 || p[0] == 2)
732  {
733  /* for padding type 1 and 2 we simply have to strip all non-zero
734  * bytes at the beginning of the value */
735  int i = 0;
736  char *temp;
737  while (i < retc->size && p[i])
738  i++;
739  /* skip the zero byte */
740  i++;
741  if (i <= retc->size)
742  {
743  int rest = retc->size - i;
744  temp = g_malloc0 (rest);
745  memcpy (temp, p + i, rest);
746  g_free (retc->x.str_val);
747  retc->x.str_val = temp;
748  retc->size = rest;
749  }
750  else
751  return -1;
752  }
753 
754  return 0;
755 }
756 
765 tree_cell *
767 {
768  tree_cell *retc = NULL;
769  gcry_mpi_t e = NULL, n = NULL, dt = NULL;
770  gcry_sexp_t key = NULL, data = NULL, encrypted = NULL;
771  gcry_error_t err;
772  int type = get_var_type_by_name (lexic, "pad");
773  int pad = 0;
774 
775  if (type == VAR2_INT)
776  pad = get_int_var_by_name (lexic, "pad", 0);
778  else if (type == VAR2_STRING)
779  {
780  if (!strcmp (get_str_var_by_name (lexic, "pad"), "TRUE"))
781  pad = 1;
782  }
783  else
784  {
785  nasl_perror (lexic, "Syntax : rsa_public_encrypt(data:<d>,"
786  "n:<n>, e:<e>, pad:<TRUE:FALSE>)");
787  return NULL;
788  }
789 
790  retc = alloc_typed_cell (CONST_DATA);
791 
792  if (mpi_from_named_parameter (lexic, &dt, "data", "nasl_rsa_public_encrypt")
793  < 0)
794  goto fail;
795  if (mpi_from_named_parameter (lexic, &e, "e", "nasl_rsa_public_encrypt") < 0)
796  goto fail;
797  if (mpi_from_named_parameter (lexic, &n, "n", "nasl_rsa_public_encrypt") < 0)
798  goto fail;
799 
800  err = gcry_sexp_build (&key, NULL, "(public-key (rsa (n %m) (e %m)))", n, e);
801  if (err)
802  {
803  print_gcrypt_error (lexic, "gcry_sexp_build pubkey", err);
804  goto fail;
805  }
806 
807  if (pad == 1)
808  err = gcry_sexp_build (&data, NULL, "(data (flags pkcs1) (value %m))", dt);
809  else
810  err = gcry_sexp_build (&data, NULL, "(data (flags raw) (value %m))", dt);
811  if (err)
812  {
813  print_gcrypt_error (lexic, "gcry_sexp_build data", err);
814  goto fail;
815  }
816 
817  err = gcry_pk_encrypt (&encrypted, data, key);
818  if (err)
819  {
820  print_gcrypt_error (lexic, "gcry_pk_encrypt", err);
821  goto fail;
822  }
823 
824  if (pad == 1)
825  {
826  if (set_retc_from_sexp (retc, encrypted, "a") >= 0
827  && strip_pkcs1_padding (retc) >= 0)
828  goto ret;
829  }
830  else
831  {
832  if (set_retc_from_sexp (retc, encrypted, "a") >= 0)
833  goto ret;
834  }
835 
836 fail:
837  retc->size = 0;
838  retc->x.str_val = g_malloc0 (1);
839 ret:
840  gcry_sexp_release (encrypted);
841  gcry_sexp_release (key);
842  gcry_sexp_release (data);
843  gcry_mpi_release (dt);
844  gcry_mpi_release (e);
845  gcry_mpi_release (n);
846  return retc;
847 }
848 
857 tree_cell *
859 {
860  tree_cell *retc = NULL;
861  gcry_mpi_t e = NULL, n = NULL, d = NULL, dt = NULL;
862  gcry_sexp_t key = NULL, data = NULL, decrypted = NULL;
863  gcry_error_t err;
864  int type = get_var_type_by_name (lexic, "pad");
865  int pad = 0;
866 
867  if (type == VAR2_INT)
868  pad = get_int_var_by_name (lexic, "pad", 0);
870  else if (type == VAR2_STRING)
871  {
872  if (!strcmp (get_str_var_by_name (lexic, "pad"), "TRUE"))
873  pad = 1;
874  }
875  else
876  {
877  nasl_perror (lexic, "Syntax : rsa_public_encrypt(data:<d>,"
878  "n:<n>, e:<e>, pad:<TRUE:FALSE>)");
879  return NULL;
880  }
881 
882  retc = alloc_typed_cell (CONST_DATA);
883 
884  if (mpi_from_named_parameter (lexic, &dt, "data", "nasl_rsa_private_decrypt")
885  < 0)
886  goto fail;
887  if (mpi_from_named_parameter (lexic, &e, "e", "nasl_rsa_private_decrypt") < 0)
888  goto fail;
889  if (mpi_from_named_parameter (lexic, &n, "n", "nasl_rsa_private_decrypt") < 0)
890  goto fail;
891  if (mpi_from_named_parameter (lexic, &d, "d", "nasl_rsa_private_decrypt") < 0)
892  goto fail;
893 
894  err = gcry_sexp_build (&key, NULL, "(private-key (rsa (n %m) (e %m) (d %m)))",
895  n, e, d);
896  if (err)
897  {
898  print_gcrypt_error (lexic, "gcry_sexp_build privkey", err);
899  goto fail;
900  }
901 
902  if (pad == 1)
903  err =
904  gcry_sexp_build (&data, NULL, "(enc-val (flags pkcs1) (rsa (a %m)))", dt);
905  else
906  err =
907  gcry_sexp_build (&data, NULL, "(enc-val (flags raw) (rsa (a %m)))", dt);
908  if (err)
909  {
910  print_gcrypt_error (lexic, "gcry_sexp_build data", err);
911  goto fail;
912  }
913 
914  err = gcry_pk_decrypt (&decrypted, data, key);
915  if (err)
916  {
917  print_gcrypt_error (lexic, "gcry_pk_decrypt", err);
918  goto fail;
919  }
920 
921  if (pad == 1)
922  {
923  if (set_retc_from_sexp (retc, decrypted, "value") >= 0
924  && strip_pkcs1_padding (retc) >= 0)
925  goto ret;
926  }
927  else
928  {
929  if (set_retc_from_sexp (retc, decrypted, "value") >= 0)
930  goto ret;
931  }
932 
933 fail:
934  retc->size = 0;
935  retc->x.str_val = g_malloc0 (1);
936 ret:
937  gcry_sexp_release (decrypted);
938  gcry_sexp_release (key);
939  gcry_sexp_release (data);
940  gcry_mpi_release (dt);
941  gcry_mpi_release (e);
942  gcry_mpi_release (n);
943  gcry_mpi_release (d);
944  return retc;
945 }
946 
956 tree_cell *
958 {
959  tree_cell *retc = NULL;
960  gcry_mpi_t e = NULL, n = NULL, s = NULL;
961  gcry_sexp_t key = NULL, sig = NULL, decrypted = NULL;
962  gcry_error_t err;
963 
964  retc = alloc_typed_cell (CONST_DATA);
965 
966  if (mpi_from_named_parameter (lexic, &s, "sig", "nasl_rsa_public_decrypt")
967  < 0)
968  goto fail;
969  if (mpi_from_named_parameter (lexic, &e, "e", "nasl_rsa_public_decrypt") < 0)
970  goto fail;
971  if (mpi_from_named_parameter (lexic, &n, "n", "nasl_rsa_public_decrypt") < 0)
972  goto fail;
973 
974  err = gcry_sexp_build (&key, NULL, "(public-key (rsa (n %m) (e %m)))", n, e);
975  if (err)
976  {
977  print_gcrypt_error (lexic, "gcry_sexp_build pubkey", err);
978  goto fail;
979  }
980  err = gcry_sexp_build (&sig, NULL, "(data (flags raw) (value %m))", s);
981  if (err)
982  {
983  print_gcrypt_error (lexic, "gcry_sexp_build sig", err);
984  goto fail;
985  }
986 
987  /* gcry_pk_encrypt is equivalent to the public key decryption at least
988  * for RSA keys. */
989  err = gcry_pk_encrypt (&decrypted, sig, key);
990  if (err)
991  {
992  print_gcrypt_error (lexic, "gcry_pk_encrypt", err);
993  goto fail;
994  }
995 
996  if (set_retc_from_sexp (retc, decrypted, "a") >= 0
997  && strip_pkcs1_padding (retc) >= 0)
998  goto ret;
999 
1000 fail:
1001  retc->size = 0;
1002  retc->x.str_val = g_malloc0 (1);
1003 ret:
1004  gcry_sexp_release (decrypted);
1005  gcry_sexp_release (key);
1006  gcry_sexp_release (sig);
1007  gcry_mpi_release (s);
1008  gcry_mpi_release (e);
1009  gcry_mpi_release (n);
1010  return retc;
1011 }
1012 
1016 #define NUM_RSA_PARAMS 6
1017 static gcry_sexp_t
1018 nasl_sexp_from_privkey (lex_ctxt *lexic, gnutls_x509_privkey_t privkey)
1019 {
1020  gnutls_datum_t datums[NUM_RSA_PARAMS]; /* m/n, e, d, p, q, u */
1021  gcry_mpi_t mpis[NUM_RSA_PARAMS]; /* m/n, e, d, p, q, u */
1022  gcry_sexp_t key = NULL;
1023  int err;
1024  gcry_error_t gerr;
1025  int i;
1026 
1027  for (i = 0; i < NUM_RSA_PARAMS; i++)
1028  {
1029  datums[i].data = NULL;
1030  mpis[i] = NULL;
1031  }
1032 
1033  err = gnutls_x509_privkey_export_rsa_raw (privkey, datums + 0, datums + 1,
1034  datums + 2, datums + 3, datums + 4,
1035  datums + 5);
1036  if (err)
1037  {
1038  print_tls_error (lexic, "gnutls_x509_privkey_export_rsa_raw", err);
1039  goto fail;
1040  }
1041 
1042  for (i = 0; i < NUM_RSA_PARAMS; i++)
1043  {
1044  err = mpi_from_string (lexic, mpis + i, datums[i].data, datums[i].size,
1045  "rsa parameter", "nasl_sexp_from_privkey");
1046  if (err < 0)
1047  goto fail;
1048  }
1049 
1050  /* make sure that p < q. libgcrypt requires this. */
1051  if (gcry_mpi_cmp (mpis[3], mpis[4]) > 0)
1052  {
1053  gcry_mpi_swap (mpis[3], mpis[4]);
1054  gcry_mpi_invm (mpis[5], mpis[3], mpis[4]);
1055  }
1056 
1057  gerr = gcry_sexp_build (&key, NULL,
1058  "(private-key (rsa (n %m) (e %m) (d %m)"
1059  " (p %m) (q %m) (u %m)))",
1060  mpis[0], mpis[1], mpis[2], mpis[3], mpis[4], mpis[5]);
1061  if (gerr)
1062  {
1063  print_gcrypt_error (lexic, "gcry_sexp_build", gerr);
1064  goto fail;
1065  }
1066 
1067 fail:
1068  for (i = 0; i < NUM_RSA_PARAMS; i++)
1069  {
1070  gnutls_free (datums[i].data);
1071  gcry_mpi_release (mpis[i]);
1072  }
1073 
1074  return key;
1075 }
1076 
1093 tree_cell *
1095 {
1096  tree_cell *retc = NULL;
1097  char *data;
1098  int data_size;
1099  gcry_sexp_t ssig = NULL, sdata = NULL, skey = NULL;
1100  gnutls_x509_privkey_t priv_key = NULL;
1101  gcry_error_t err;
1102 
1103  retc = alloc_typed_cell (CONST_DATA);
1104 
1105  data = get_str_var_by_name (lexic, "data");
1106  data_size = get_var_size_by_name (lexic, "data");
1107  if (!data)
1108  goto fail;
1109 
1110  priv_key = nasl_load_privkey_param (lexic, "priv", "passphrase");
1111  if (!priv_key)
1112  goto fail;
1113 
1114  err = gcry_sexp_build (&sdata, NULL, "(data (flags pkcs1) (hash sha1 %b))",
1115  data_size, data);
1116  if (err)
1117  {
1118  print_gcrypt_error (lexic, "gcry_sexp_build for data", err);
1119  goto fail;
1120  }
1121 
1122  skey = nasl_sexp_from_privkey (lexic, priv_key);
1123  if (!skey)
1124  goto fail;
1125 
1126  err = gcry_pk_sign (&ssig, sdata, skey);
1127  if (err)
1128  {
1129  print_gcrypt_error (lexic, "gcry_pk_sign", err);
1130  goto fail;
1131  }
1132 
1133  if (set_retc_from_sexp (retc, ssig, "s") >= 0)
1134  goto ret;
1135 
1136 fail:
1137  retc->size = 0;
1138  retc->x.str_val = g_malloc0 (1);
1139 ret:
1140  gcry_sexp_release (ssig);
1141  gcry_sexp_release (sdata);
1142  gcry_sexp_release (skey);
1143  gnutls_x509_privkey_deinit (priv_key);
1144  return retc;
1145 }
1146 
1157 tree_cell *
1159 {
1160  tree_cell *retc = NULL;
1161  gcry_mpi_t p = NULL, g = NULL, q = NULL, pub = NULL, data = NULL;
1162  gcry_mpi_t r = NULL, s = NULL;
1163  gcry_sexp_t ssig = NULL, skey = NULL, sdata = NULL;
1164  gcry_error_t err;
1165 
1166  retc = g_malloc0 (sizeof (tree_cell));
1167  retc->ref_count = 1;
1168  retc->type = CONST_INT;
1169  retc->x.i_val = 0;
1170 
1171  if (mpi_from_named_parameter (lexic, &p, "p", "nasl_dsa_do_sign") < 0)
1172  goto fail;
1173  if (mpi_from_named_parameter (lexic, &g, "g", "nasl_dsa_do_sign") < 0)
1174  goto fail;
1175  if (mpi_from_named_parameter (lexic, &q, "q", "nasl_dsa_do_sign") < 0)
1176  goto fail;
1177  if (mpi_from_named_parameter (lexic, &pub, "pub", "nasl_dsa_do_sign") < 0)
1178  goto fail;
1179  if (mpi_from_named_parameter (lexic, &r, "r", "nasl_dsa_do_sign") < 0)
1180  goto fail;
1181  if (mpi_from_named_parameter (lexic, &s, "s", "nasl_dsa_do_sign") < 0)
1182  goto fail;
1183  if (mpi_from_named_parameter (lexic, &data, "data", "nasl_dsa_do_sign") < 0)
1184  goto fail;
1185 
1186  err = gcry_sexp_build (&sdata, NULL, "(data (flags raw) (value %m))", data);
1187  if (err)
1188  {
1189  print_gcrypt_error (lexic, "gcry_sexp_build for data", err);
1190  goto fail;
1191  }
1192 
1193  err = gcry_sexp_build (&skey, NULL,
1194  "(public-key (dsa (p %m) (q %m) (g %m) (y %m)))", p, q,
1195  g, pub);
1196  if (err)
1197  {
1198  print_gcrypt_error (lexic, "gcry_sexp_build for private key", err);
1199  goto fail;
1200  }
1201 
1202  err = gcry_sexp_build (&ssig, NULL, "(sig-val (dsa (r %m) (s %m)))", r, s);
1203  if (err)
1204  {
1205  print_gcrypt_error (lexic, "gcry_sexp_build for signature", err);
1206  goto fail;
1207  }
1208 
1209  err = gcry_pk_verify (ssig, sdata, skey);
1210  if (err == 0)
1211  retc->x.i_val = 1;
1212  else if (gcry_err_code (err) == GPG_ERR_BAD_SIGNATURE)
1213  retc->x.i_val = 0;
1214  else
1215  {
1216  print_gcrypt_error (lexic, "gcry_pk_sign", err);
1217  goto fail;
1218  }
1219 
1220 fail:
1221  gcry_mpi_release (p);
1222  gcry_mpi_release (g);
1223  gcry_mpi_release (q);
1224  gcry_mpi_release (pub);
1225  gcry_mpi_release (r);
1226  gcry_mpi_release (s);
1227  gcry_mpi_release (data);
1228  gcry_sexp_release (ssig);
1229  gcry_sexp_release (skey);
1230  gcry_sexp_release (sdata);
1231 
1232  return retc;
1233 }
1234 
1246 tree_cell *
1248 {
1249  tree_cell *retc = NULL;
1250  gcry_mpi_t p = NULL, g = NULL, q = NULL, pub = NULL, priv = NULL, data = NULL;
1251  gcry_mpi_t r = NULL, s = NULL;
1252  gcry_sexp_t ssig = NULL, skey = NULL, sdata = NULL;
1253  long rlen, slen;
1254  unsigned char *sigblob = NULL;
1255  gcry_error_t err;
1256 
1257  retc = g_malloc0 (sizeof (tree_cell));
1258  retc->ref_count = 1;
1259  retc->type = CONST_DATA;
1260  retc->x.i_val = 0;
1261 
1262  if (mpi_from_named_parameter (lexic, &p, "p", "nasl_dsa_do_sign") < 0)
1263  goto fail;
1264  if (mpi_from_named_parameter (lexic, &g, "g", "nasl_dsa_do_sign") < 0)
1265  goto fail;
1266  if (mpi_from_named_parameter (lexic, &q, "q", "nasl_dsa_do_sign") < 0)
1267  goto fail;
1268  if (mpi_from_named_parameter (lexic, &pub, "pub", "nasl_dsa_do_sign") < 0)
1269  goto fail;
1270  if (mpi_from_named_parameter (lexic, &priv, "priv", "nasl_dsa_do_sign") < 0)
1271  goto fail;
1272  if (mpi_from_named_parameter (lexic, &data, "data", "nasl_dsa_do_sign") < 0)
1273  goto fail;
1274 
1275  err = gcry_sexp_build (&sdata, NULL, "(data (flags raw) (value %m))", data);
1276  if (err)
1277  {
1278  print_gcrypt_error (lexic, "gcry_sexp_build for data", err);
1279  goto fail;
1280  }
1281 
1282  err = gcry_sexp_build (
1283  &skey, NULL, "(private-key (dsa (p %m) (q %m) (g %m) (y %m) (x %m)))", p, q,
1284  g, pub, priv);
1285  if (err)
1286  {
1287  print_gcrypt_error (lexic, "gcry_sexp_build for private-key", err);
1288  goto fail;
1289  }
1290 
1291  err = gcry_pk_sign (&ssig, sdata, skey);
1292  if (err)
1293  {
1294  print_gcrypt_error (lexic, "gcry_pk_sign", err);
1295  goto fail;
1296  }
1297 
1298  r = extract_mpi_from_sexp (ssig, "r");
1299  s = extract_mpi_from_sexp (ssig, "s");
1300  if (!r || !s)
1301  goto fail;
1302 
1303  rlen = (gcry_mpi_get_nbits (r) + 7) / 8;
1304  slen = (gcry_mpi_get_nbits (s) + 7) / 8;
1305  if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN)
1306  {
1307  nasl_perror (lexic, "rlen (%d) or slen (%d) > INTBLOB_LEN (%d)\n", rlen,
1308  slen, INTBLOB_LEN);
1309  goto fail;
1310  }
1311 
1312  sigblob = g_malloc0 (SIGBLOB_LEN);
1313  memset (sigblob, 0, SIGBLOB_LEN);
1314 
1315  err = gcry_mpi_print (
1316  GCRYMPI_FMT_USG,
1317  (unsigned char *) (sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen), rlen, NULL,
1318  r);
1319  if (err)
1320  {
1321  print_gcrypt_error (lexic, "gcry_mpi_print(r)", err);
1322  goto fail;
1323  }
1324  err = gcry_mpi_print (GCRYMPI_FMT_USG,
1325  (unsigned char *) (sigblob + SIGBLOB_LEN - slen), rlen,
1326  NULL, s);
1327  if (err)
1328  {
1329  print_gcrypt_error (lexic, "gcry_mpi_print(s)", err);
1330  goto fail;
1331  }
1332 
1333  retc->x.str_val = (char *) sigblob;
1334  sigblob = NULL;
1335  retc->size = SIGBLOB_LEN;
1336 
1337 fail:
1338  gcry_mpi_release (p);
1339  gcry_mpi_release (g);
1340  gcry_mpi_release (q);
1341  gcry_mpi_release (pub);
1342  gcry_mpi_release (priv);
1343  gcry_mpi_release (data);
1344  gcry_mpi_release (r);
1345  gcry_mpi_release (s);
1346  gcry_sexp_release (ssig);
1347  gcry_sexp_release (skey);
1348  gcry_sexp_release (sdata);
1349  g_free (sigblob);
1350 
1351  return retc;
1352 }
1353 
1357 static tree_cell *
1358 nasl_bf_cbc (lex_ctxt *lexic, int enc)
1359 {
1360  tree_cell *retc = NULL;
1361  char *enckey = NULL, *iv = NULL, *data = NULL, *out = NULL;
1362  long enckeylen, ivlen, datalen;
1363  gcry_cipher_hd_t hd = NULL;
1364  anon_nasl_var v;
1365  nasl_array *a;
1366  gcry_error_t err;
1367 
1368  retc = alloc_typed_cell (CONST_DATA);
1369 
1370  /* key */
1371  enckey = get_str_var_by_name (lexic, "key");
1372  enckeylen = get_var_size_by_name (lexic, "key");
1373 
1374  /* initialization vector */
1375  iv = get_str_var_by_name (lexic, "iv");
1376  ivlen = get_var_size_by_name (lexic, "iv");
1377 
1378  /* data to decrypt/encrypt */
1379  data = get_str_var_by_name (lexic, "data");
1380  datalen = get_var_size_by_name (lexic, "data");
1381 
1382  if (enckey == NULL || data == NULL || iv == NULL)
1383  goto fail;
1384  if (enckeylen < 16)
1385  {
1386  /* key length must be at least 16 for compatibility with libnasl
1387  * code from before the OpenSSL -> GnuTLS migration */
1388  nasl_perror (lexic,
1389  "nasl_bf_cbc: unexpected enckeylen = %d; must be >= 16\n",
1390  enckeylen);
1391  goto fail;
1392  }
1393  if (ivlen < 8)
1394  {
1395  nasl_perror (lexic, "nasl_bf_cbc: unexpected ivlen = %d; must >= 8\n",
1396  ivlen);
1397  goto fail;
1398  }
1399  if (datalen < 8)
1400  {
1401  nasl_perror (lexic, "nasl_bf_cbc: unexpected datalen = %d; must >= 8\n",
1402  datalen);
1403  goto fail;
1404  }
1405 
1406  err = gcry_cipher_open (&hd, GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_CBC, 0);
1407  if (err)
1408  {
1409  print_gcrypt_error (lexic, "gcry_cipher_open", err);
1410  goto fail;
1411  }
1412 
1413  /* Always pass 16 as the length of enckey. The old OpenSSL based code
1414  * did this explicitly. The length cannot be < 16 at this point
1415  * because we checked for this case above. */
1416  err = gcry_cipher_setkey (hd, enckey, 16);
1417  if (err)
1418  {
1419  print_gcrypt_error (lexic, "gcry_cipher_setkey", err);
1420  goto fail;
1421  }
1422  /* Always pass 8 as the length of iv. The old OpenSSL based code did
1423  * this implicitly. The length cannot be < 8 at this point because we
1424  * checked for this case above. */
1425  err = gcry_cipher_setiv (hd, iv, 8);
1426  if (err)
1427  {
1428  print_gcrypt_error (lexic, "gcry_cipher_setiv", err);
1429  goto fail;
1430  }
1431 
1432  out = g_malloc0 (datalen);
1433  if (!out)
1434  goto fail;
1435 
1436  if (enc)
1437  err = gcry_cipher_encrypt (hd, out, datalen, data, datalen);
1438  else
1439  err = gcry_cipher_decrypt (hd, out, datalen, data, datalen);
1440  if (err)
1441  {
1442  print_gcrypt_error (lexic, "gcry_cipher_encrypt", err);
1443  goto fail;
1444  }
1445 
1446  retc->type = DYN_ARRAY;
1447  retc->x.ref_val = a = g_malloc0 (sizeof (nasl_array));
1448 
1449  /* first encrypted */
1450  v.var_type = VAR2_DATA;
1451  v.v.v_str.s_siz = datalen;
1452  v.v.v_str.s_val = (unsigned char *) out;
1453  (void) add_var_to_list (a, 0, &v);
1454 
1455  /* second iv */
1456  /* the iv to use to for the next part of the data is always the last
1457  * eight bytes of the cipher text. When encrypting the cipher text is
1458  * in out when decrypting it's in data.
1459  */
1460  v.var_type = VAR2_DATA;
1461  v.v.v_str.s_siz = 8;
1462  v.v.v_str.s_val = (unsigned char *) ((enc ? out : data) + datalen - 8);
1463  (void) add_var_to_list (a, 1, &v);
1464 
1465  goto ret;
1466 
1467 fail:
1468  retc->type = CONST_DATA;
1469  retc->x.str_val = g_malloc0 (1);
1470  retc->size = 0;
1471 
1472 ret:
1473  g_free (out);
1474  gcry_cipher_close (hd);
1475 
1476  return retc;
1477 }
1478 
1493 tree_cell *
1495 {
1496  return nasl_bf_cbc (lexic, 1);
1497 }
1498 
1513 tree_cell *
1515 {
1516  return nasl_bf_cbc (lexic, 0);
1517 }
1518 
1530 static tree_cell *
1531 nasl_open_stream_cipher (lex_ctxt *lexic, int cipher, int mode,
1532  const char *caller_func)
1533 {
1534  gcry_cipher_hd_t hd;
1535  gcry_error_t error;
1536  void *key, *iv;
1537  size_t keylen, ivlen;
1538  tree_cell *retc;
1539  cipher_table_item_t *hd_item;
1540  int cipher_id;
1541 
1542  key = get_str_var_by_name (lexic, "key");
1543  keylen = get_var_size_by_name (lexic, "key");
1544  iv = get_str_var_by_name (lexic, "iv");
1545  ivlen = get_var_size_by_name (lexic, "iv");
1546 
1547  if (!key || keylen <= 0)
1548  {
1549  nasl_perror (lexic,
1550  "Syntax: open_stream_cipher (called from "
1551  "%s): Missing key argument",
1552  caller_func);
1553  return NULL;
1554  }
1555 
1556  if ((error = gcry_cipher_open (&hd, cipher, mode, 0)))
1557  {
1558  nasl_perror (lexic, "gcry_cipher_open: %s", gcry_strerror (error));
1559  gcry_cipher_close (hd);
1560  return NULL;
1561  }
1562  if ((error = gcry_cipher_setkey (hd, key, keylen)))
1563  {
1564  nasl_perror (lexic, "gcry_cipher_setkey: %s", gcry_strerror (error));
1565  gcry_cipher_close (hd);
1566  return NULL;
1567  }
1568 
1569  if (iv && ivlen)
1570  {
1571  if ((error = gcry_cipher_setiv (hd, iv, ivlen)))
1572  {
1573  nasl_perror (lexic, "gcry_cipher_setiv: %s", gcry_strerror (error));
1574  gcry_cipher_close (hd);
1575  return NULL;
1576  }
1577  }
1578 
1579  cipher_id = get_new_cipher_id ();
1580  if (cipher_id == -1)
1581  {
1582  nasl_perror (lexic, "%s: No available slot for a new cipher.", __func__);
1583  gcry_cipher_close (hd);
1584  return NULL;
1585  }
1586 
1587  hd_item = cipher_table_item_new ();
1588  hd_item->hd = hd;
1589  hd_item->id = cipher_id;
1590  cipher_table = g_list_append (cipher_table, hd_item);
1591 
1592  retc = alloc_typed_cell (CONST_INT);
1593  retc->x.i_val = hd_item->id;
1594  return retc;
1595 }
1596 
1608 static tree_cell *
1609 encrypt_stream_data (lex_ctxt *lexic, int cipher, const char *caller_func)
1610 {
1611  gcry_cipher_hd_t hd;
1612  gcry_error_t error;
1613  void *result, *data, *tmp;
1614  size_t resultlen, datalen, tmplen;
1615  tree_cell *retc;
1616  int cipher_id;
1617 
1618  cipher_id = get_int_var_by_name (lexic, "hd", -1);
1619  data = get_str_var_by_name (lexic, "data");
1620  datalen = get_var_size_by_name (lexic, "data");
1621 
1622  if (!data || datalen <= 0)
1623  {
1624  nasl_perror (lexic,
1625  "Syntax: %s (called from "
1626  "%s): Missing data argument",
1627  __func__, caller_func);
1628  return NULL;
1629  }
1630 
1631  hd = verify_cipher_id (lexic, cipher_id);
1632  if (hd == NULL)
1633  return NULL;
1634 
1635  if (cipher == GCRY_CIPHER_ARCFOUR)
1636  {
1637  resultlen = datalen;
1638  tmp = g_malloc0 (datalen);
1639  memcpy (tmp, data, datalen);
1640  tmplen = datalen;
1641  }
1642  else
1643  {
1644  nasl_perror (lexic,
1645  "Syntax: %s (called from "
1646  "%s): invalid cipher",
1647  __func__, caller_func);
1648  return NULL;
1649  }
1650  result = g_malloc0 (resultlen);
1651  if ((error = gcry_cipher_encrypt (hd, result, resultlen, tmp, tmplen)))
1652  {
1653  g_message ("gcry_cipher_encrypt: %s", gcry_strerror (error));
1654  delete_cipher_item (cipher_id);
1655  g_free (result);
1656  g_free (tmp);
1657  return NULL;
1658  }
1659 
1660  g_free (tmp);
1661  retc = alloc_typed_cell (CONST_DATA);
1662  retc->x.str_val = result;
1663  retc->size = resultlen;
1664  return retc;
1665 }
1666 
1674 tree_cell *
1676 {
1677  tree_cell *retc;
1678  int cipher_id;
1679  gcry_cipher_hd_t hd;
1680 
1681  cipher_id = get_int_var_by_name (lexic, "hd", 0);
1682 
1683  hd = verify_cipher_id (lexic, cipher_id);
1684  if (hd == NULL)
1685  return NULL;
1686 
1687  delete_cipher_item (cipher_id);
1688  retc = alloc_typed_cell (CONST_INT);
1689  retc->x.i_val = 0;
1690  return retc;
1691 }
1692 
1693 static tree_cell *
1694 nasl_mac (lex_ctxt *lexic, int algo, int flags)
1695 {
1696  gcry_error_t error;
1697 
1698  char *data, *key, *iv;
1699  char *result = NULL;
1700  size_t datalen, keylen, ivlen, resultlen;
1701  tree_cell *retc = NULL;
1702 
1703  data = get_str_var_by_name (lexic, "data");
1704  datalen = get_var_size_by_name (lexic, "data");
1705  key = get_str_var_by_name (lexic, "key");
1706  keylen = get_var_size_by_name (lexic, "key");
1707  iv = get_str_var_by_name (lexic, "iv");
1708  ivlen = get_var_size_by_name (lexic, "iv");
1709 
1710  switch ((error = mac (key, keylen, data, datalen, iv, ivlen, algo, flags,
1711  &result, &resultlen)))
1712  {
1713  case GPG_ERR_NO_ERROR:
1714  retc = alloc_typed_cell (CONST_DATA);
1715  retc->x.str_val = result;
1716  retc->size = resultlen;
1717  break;
1718  case GPG_ERR_MISSING_KEY:
1719  case GPG_ERR_MISSING_VALUE:
1720  nasl_perror (lexic, "Syntax: nasl_mac: Missing key, or data argument");
1721  break;
1722  default:
1723  nasl_perror (lexic, "Internal: %s.", gcry_strerror (error));
1724  }
1725 
1726  return retc;
1727 }
1728 
1729 tree_cell *
1731 {
1732  return nasl_mac (lexic, GCRY_MAC_CMAC_AES, GCRY_MAC_FLAG_SECURE);
1733 }
1734 
1735 tree_cell *
1737 {
1738  return nasl_mac (lexic, GCRY_MAC_GMAC_AES, GCRY_MAC_FLAG_SECURE);
1739 }
1740 
1741 static tree_cell *
1742 crypt_data (lex_ctxt *lexic, int cipher, int mode, int flags)
1743 {
1744  gcry_cipher_hd_t hd;
1745  gcry_error_t error;
1746  void *data, *key, *iv, *aad;
1747  unsigned char *result = NULL, *auth = NULL;
1748  size_t resultlen, datalen, keylen, ivlen, aadlen, authlen, len;
1749  tree_cell *retc;
1750 
1751  data = get_str_var_by_name (lexic, "data");
1752  datalen = get_var_size_by_name (lexic, "data");
1753  key = get_str_var_by_name (lexic, "key");
1754  keylen = get_var_size_by_name (lexic, "key");
1755  iv = get_str_var_by_name (lexic, "iv");
1756  ivlen = get_var_size_by_name (lexic, "iv");
1757  aad = get_str_var_by_name (lexic, "aad");
1758  aadlen = get_var_size_by_name (lexic, "aad");
1759  len = get_int_var_by_name (lexic, "len", 0);
1760 
1761  if (!data || datalen == 0 || !key || keylen == 0)
1762  {
1763  nasl_perror (lexic, "Syntax: crypt_data: Missing data or key argument");
1764  return NULL;
1765  }
1766 
1767  if (flags & NASL_DECRYPT && len <= 0)
1768  {
1769  nasl_perror (lexic,
1770  "Syntax: crypt_data: Missing or invalid len argument");
1771  return NULL;
1772  }
1773 
1774  if ((error = gcry_cipher_open (&hd, cipher, mode, 0)))
1775  {
1776  nasl_perror (lexic, "gcry_cipher_open: %s", gcry_strerror (error));
1777  gcry_cipher_close (hd);
1778  return NULL;
1779  }
1780 
1781  if ((error = gcry_cipher_setkey (hd, key, keylen)))
1782  {
1783  nasl_perror (lexic, "gcry_cipher_setkey: %s", gcry_strerror (error));
1784  gcry_cipher_close (hd);
1785  return NULL;
1786  }
1787 
1788  if (iv && ivlen)
1789  {
1790  if ((error = gcry_cipher_setiv (hd, iv, ivlen)))
1791  {
1792  nasl_perror (lexic, "gcry_cipher_setiv: %s", gcry_strerror (error));
1793  gcry_cipher_close (hd);
1794  return NULL;
1795  }
1796  }
1797 
1798  if (flags & NASL_DECRYPT)
1799  {
1800  resultlen = len;
1801  }
1802  else
1803  {
1804  if (cipher == GCRY_CIPHER_ARCFOUR || mode == GCRY_CIPHER_MODE_CCM)
1805  resultlen = datalen;
1806  else if (cipher == GCRY_CIPHER_3DES)
1807  resultlen = ((datalen / 8) + 1) * 8;
1808  else if (cipher == GCRY_CIPHER_AES128)
1809  resultlen = datalen;
1810  else if (cipher == GCRY_CIPHER_AES256)
1811  resultlen = datalen;
1812  else
1813  {
1814  nasl_perror (lexic, "encrypt_data: Unknown cipher %d", cipher);
1815  gcry_cipher_close (hd);
1816  return NULL;
1817  }
1818  }
1819 
1820  if (mode == GCRY_CIPHER_MODE_CCM)
1821  {
1822  u_int64_t params[3];
1823  params[0] = datalen;
1824  params[1] = aadlen;
1825  params[2] = 16;
1826  if ((error = gcry_cipher_ctl (hd, GCRYCTL_SET_CCM_LENGTHS, params,
1827  sizeof (params))))
1828  {
1829  nasl_perror (lexic, "gcry_cipher_ctl: %s", gcry_strerror (error));
1830  gcry_cipher_close (hd);
1831  return NULL;
1832  }
1833  }
1834  if (flags & NASL_AAD)
1835  {
1836  if (!aad || aadlen == 0)
1837  {
1838  nasl_perror (
1839  lexic, "Syntax: crypt_data: Missing or invalid aad value required");
1840  gcry_cipher_close (hd);
1841  return NULL;
1842  }
1843 
1844  if ((error = gcry_cipher_authenticate (hd, aad, aadlen)))
1845  {
1846  nasl_perror (lexic, "gcry_cipher_authenticate: %s",
1847  gcry_strerror (error));
1848  gcry_cipher_close (hd);
1849  return NULL;
1850  }
1851  }
1852 
1853  result = g_malloc0 (resultlen);
1854  if (flags & NASL_DECRYPT)
1855  {
1856  if ((error =
1857  gcry_cipher_decrypt (hd, result, resultlen, data, resultlen)))
1858  {
1859  g_message ("gcry_cipher_decrypt: %s", gcry_strerror (error));
1860  gcry_cipher_close (hd);
1861  g_free (result);
1862  return NULL;
1863  }
1864  }
1865  else
1866  {
1867  if ((error =
1868  gcry_cipher_encrypt (hd, result, resultlen, data, resultlen)))
1869  {
1870  g_message ("gcry_cipher_encrypt: %s", gcry_strerror (error));
1871  gcry_cipher_close (hd);
1872  g_free (result);
1873  return NULL;
1874  }
1875  }
1876 
1877  if (flags & NASL_AAD)
1878  {
1879  authlen = 16;
1880  auth = g_malloc0 (authlen);
1881 
1882  if ((error = gcry_cipher_gettag (hd, auth, authlen)))
1883  {
1884  g_message ("gcry_cipher_gettag: %s", gcry_strerror (error));
1885  gcry_cipher_close (hd);
1886  g_free (result);
1887  g_free (auth);
1888  return NULL;
1889  }
1890  gcry_cipher_close (hd);
1891 
1892  anon_nasl_var v;
1893  retc = alloc_typed_cell (DYN_ARRAY);
1894  retc->x.ref_val = g_malloc0 (sizeof (nasl_array));
1895  memset (&v, 0, sizeof (v));
1896  v.var_type = VAR2_DATA;
1897  v.v.v_str.s_val = result;
1898  v.v.v_str.s_siz = resultlen;
1899  add_var_to_list (retc->x.ref_val, 0, &v);
1900 
1901  memset (&v, 0, sizeof (v));
1902  v.var_type = VAR2_DATA;
1903  v.v.v_str.s_val = auth;
1904  v.v.v_str.s_siz = authlen;
1905  add_var_to_list (retc->x.ref_val, 1, &v);
1906  return retc;
1907  }
1908 
1909  gcry_cipher_close (hd);
1910  retc = alloc_typed_cell (CONST_DATA);
1911  retc->x.str_val = (char *) result;
1912  retc->size = resultlen;
1913  return retc;
1914 }
1915 
1927 tree_cell *
1929 {
1930  int cipher_id;
1931  gcry_cipher_hd_t hd;
1932  cipher_id = get_int_var_by_name (lexic, "hd", -1);
1933 
1934  if (cipher_id >= 0)
1935  {
1936  hd = verify_cipher_id (lexic, cipher_id);
1937  if (hd == NULL)
1938  return NULL;
1939  return encrypt_stream_data (lexic, GCRY_CIPHER_ARCFOUR, "rc4_encrypt");
1940  }
1941 
1942  return crypt_data (lexic, GCRY_CIPHER_ARCFOUR, GCRY_CIPHER_MODE_STREAM,
1943  NASL_ENCRYPT);
1944 }
1945 
1954 tree_cell *
1956 {
1957  return nasl_open_stream_cipher (lexic, GCRY_CIPHER_ARCFOUR,
1958  GCRY_CIPHER_MODE_STREAM, "open_rc4_cipher");
1959 }
1960 
1961 tree_cell *
1963 {
1964  return crypt_data (lexic, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CBC,
1965  NASL_ENCRYPT);
1966 }
1967 
1968 tree_cell *
1970 {
1971  return crypt_data (lexic, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC,
1972  NASL_ENCRYPT);
1973 }
1974 
1975 tree_cell *
1977 {
1978  return crypt_data (lexic, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR,
1979  NASL_ENCRYPT);
1980 }
1981 
1982 tree_cell *
1984 {
1985  return crypt_data (lexic, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CTR,
1986  NASL_ENCRYPT);
1987 }
1988 
1989 tree_cell *
1991 {
1992  return crypt_data (lexic, GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC,
1993  NASL_ENCRYPT);
1994 }
1995 
1996 tree_cell *
1998 {
1999  return crypt_data (lexic, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_GCM,
2000  NASL_ENCRYPT);
2001 }
2002 
2003 tree_cell *
2005 {
2006  return crypt_data (lexic, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_GCM, NASL_AAD);
2007 }
2008 
2009 tree_cell *
2011 {
2012  return crypt_data (lexic, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_GCM,
2013  NASL_DECRYPT);
2014 }
2015 
2016 tree_cell *
2018 {
2019  return crypt_data (lexic, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_GCM,
2021 }
2022 
2023 tree_cell *
2025 {
2026  return crypt_data (lexic, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_GCM,
2027  NASL_ENCRYPT);
2028 }
2029 
2030 tree_cell *
2032 {
2033  return crypt_data (lexic, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_GCM, NASL_AAD);
2034 }
2035 
2036 tree_cell *
2038 {
2039  return crypt_data (lexic, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_GCM,
2040  NASL_DECRYPT);
2041 }
2042 
2043 tree_cell *
2045 {
2046  return crypt_data (lexic, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_GCM,
2048 }
2049 
2050 tree_cell *
2052 {
2053  return crypt_data (lexic, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CCM,
2054  NASL_ENCRYPT);
2055 }
2056 
2057 tree_cell *
2059 {
2060  return crypt_data (lexic, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CCM, NASL_AAD);
2061 }
2062 
2063 tree_cell *
2065 {
2066  return crypt_data (lexic, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CCM,
2067  NASL_DECRYPT);
2068 }
2069 
2070 tree_cell *
2072 {
2073  return crypt_data (lexic, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CCM,
2075 }
2076 
2077 tree_cell *
2079 {
2080  return crypt_data (lexic, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CCM,
2081  NASL_ENCRYPT);
2082 }
2083 
2084 tree_cell *
2086 {
2087  return crypt_data (lexic, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CCM, NASL_AAD);
2088 }
2089 
2090 tree_cell *
2092 {
2093  return crypt_data (lexic, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CCM,
2094  NASL_DECRYPT);
2095 }
2096 
2097 tree_cell *
2099 {
2100  return crypt_data (lexic, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CCM,
2102 }
2103 
2110 tree_cell *
2112 {
2113  gcry_mac_hd_t hd;
2114  gcry_error_t error;
2115  void *result, *key, *label, *context, *buf;
2116  u_char *tmp;
2117  size_t resultlen, keylen, labellen, contextlen, buflen, r = 4;
2118  long lvalue;
2119  int i = 1;
2120  tree_cell *retc;
2121 
2122  key = get_str_var_by_name (lexic, "key");
2123  keylen = get_var_size_by_name (lexic, "key");
2124  label = get_str_var_by_name (lexic, "label");
2125  labellen = get_var_size_by_name (lexic, "label");
2126  context = get_str_var_by_name (lexic, "ctx");
2127  contextlen = get_var_size_by_name (lexic, "ctx");
2128  lvalue = get_int_var_by_name (lexic, "lvalue", 0);
2129 
2130  if (!key || keylen <= 0 || !label || labellen <= 0 || !context
2131  || contextlen <= 0)
2132  {
2133  nasl_perror (
2134  lexic, "Syntax: nasl_smb3kdf: Missing key, label or context argument");
2135  return NULL;
2136  }
2137 
2138  if (lvalue != 128 && lvalue != 256)
2139  {
2140  nasl_perror (lexic,
2141  "nasl_smb3kdf: lvalue must have a value of 128 or 256");
2142  return NULL;
2143  }
2144 
2145  if ((error = gcry_mac_open (&hd, GCRY_MAC_HMAC_SHA256, 0, NULL)))
2146  {
2147  nasl_perror (lexic, "gcry_mac_open: %s", gcry_strerror (error));
2148  gcry_mac_close (hd);
2149  return NULL;
2150  }
2151 
2152  if ((error = gcry_mac_setkey (hd, key, keylen)))
2153  {
2154  nasl_perror (lexic, "gcry_mac_setkey: %s", gcry_strerror (error));
2155  gcry_mac_close (hd);
2156  return NULL;
2157  }
2158 
2159  resultlen = lvalue / 8;
2160 
2161  // Prepare buffer as in [SP800-108] section 5.1
2162  // [i]2 || Label || 0x00 || Context || [L]2
2163  // [i]2 is the binary presentation of the iteration. Allways 1
2164  // Label is given by caller
2165  // 0x00 is a byte set to 0
2166  // Context is given by caller
2167  // L is a integer set to 128 or 256 for smb3kdf
2168  buflen = r + labellen + 1 + contextlen + 4;
2169  buf = g_malloc0 (buflen);
2170  tmp = buf;
2171 
2172  // We need bytes in big endian, but they are currently stored as little endian
2173  i = htonl (i);
2174  memcpy (tmp, &i, r);
2175  tmp = tmp + r;
2176 
2177  memcpy (tmp, label, labellen);
2178  tmp = tmp + labellen;
2179  *tmp = 0;
2180  tmp = tmp + 1;
2181  memcpy (tmp, context, contextlen);
2182  tmp = tmp + contextlen;
2183 
2184  // We need bytes in big endian, but they are currently stored as little endian
2185  lvalue = htonl (lvalue);
2186  memcpy (tmp, &lvalue, 4);
2187 
2188  if ((error = gcry_mac_write (hd, buf, buflen)))
2189  {
2190  g_message ("gcry_mac_write: %s", gcry_strerror (error));
2191  gcry_mac_close (hd);
2192  g_free (buf);
2193  return NULL;
2194  }
2195 
2196  result = g_malloc0 (resultlen);
2197  if ((error = gcry_mac_read (hd, result, &resultlen)))
2198  {
2199  g_message ("gcry_mac_read: %s", gcry_strerror (error));
2200  gcry_mac_close (hd);
2201  g_free (buf);
2202  g_free (result);
2203  return NULL;
2204  }
2205 
2206  g_free (buf);
2207  gcry_mac_close (hd);
2208  retc = alloc_typed_cell (CONST_DATA);
2209  retc->x.str_val = result;
2210  retc->size = resultlen;
2211  return retc;
2212 }
nasl_crypto_helper.h
nasl_aes_mac_gcm
tree_cell * nasl_aes_mac_gcm(lex_ctxt *lexic)
Definition: nasl_crypto2.c:1736
st_a_nasl_var
Definition: nasl_var.h:40
nasl_misc_funcs.h
set_mpi_retc
static int set_mpi_retc(tree_cell *retc, gcry_mpi_t mpi)
Sets the return value in retc from the MPI mpi.
Definition: nasl_crypto2.c:254
nasl_aes128_gcm_decrypt
tree_cell * nasl_aes128_gcm_decrypt(lex_ctxt *lexic)
Definition: nasl_crypto2.c:2010
nasl_sexp_from_privkey
static gcry_sexp_t nasl_sexp_from_privkey(lex_ctxt *lexic, gnutls_x509_privkey_t privkey)
Definition: nasl_crypto2.c:1018
MAX_CIPHER_ID
#define MAX_CIPHER_ID
Definition: nasl_crypto2.c:37
nasl_bf_cbc_decrypt
tree_cell * nasl_bf_cbc_decrypt(lex_ctxt *lexic)
Definition: nasl_crypto2.c:1514
nasl_rc4_encrypt
tree_cell * nasl_rc4_encrypt(lex_ctxt *lexic)
Nasl function to encrypt data with a RC4 cipher. If an hd param exist in the lexix context,...
Definition: nasl_crypto2.c:1928
CONST_DATA
@ CONST_DATA
Definition: nasl_tree.h:82
nasl_close_stream_cipher
tree_cell * nasl_close_stream_cipher(lex_ctxt *lexic)
Nasl function to delete a cipher item from the cipher table.
Definition: nasl_crypto2.c:1675
nasl_aes256_gcm_decrypt
tree_cell * nasl_aes256_gcm_decrypt(lex_ctxt *lexic)
Definition: nasl_crypto2.c:2037
get_var_size_by_name
int get_var_size_by_name(lex_ctxt *, const char *)
Definition: nasl_var.c:1138
nasl_aes256_gcm_decrypt_auth
tree_cell * nasl_aes256_gcm_decrypt_auth(lex_ctxt *lexic)
Definition: nasl_crypto2.c:2044
nasl_aes128_gcm_decrypt_auth
tree_cell * nasl_aes128_gcm_decrypt_auth(lex_ctxt *lexic)
Definition: nasl_crypto2.c:2017
set_retc_from_sexp
static int set_retc_from_sexp(tree_cell *retc, gcry_sexp_t sexp, const char *token)
Sets the return value in retc from an sexpression.
Definition: nasl_crypto2.c:698
nasl_aes128_gcm_encrypt_auth
tree_cell * nasl_aes128_gcm_encrypt_auth(lex_ctxt *lexic)
Definition: nasl_crypto2.c:2004
print_tls_error
static void print_tls_error(lex_ctxt *lexic, char *txt, int err)
Prints a GnuTLS error.
Definition: nasl_crypto2.c:71
TC::str_val
char * str_val
Definition: nasl_tree.h:103
nasl_aes128_ccm_decrypt
tree_cell * nasl_aes128_ccm_decrypt(lex_ctxt *lexic)
Definition: nasl_crypto2.c:2064
nasl_aes256_ctr_encrypt
tree_cell * nasl_aes256_ctr_encrypt(lex_ctxt *lexic)
Definition: nasl_crypto2.c:1983
print_gcrypt_error
static void print_gcrypt_error(lex_ctxt *lexic, char *function, int err)
Prints a libgcrypt error.
Definition: nasl_crypto2.c:82
nasl_rsa_public_encrypt
tree_cell * nasl_rsa_public_encrypt(lex_ctxt *lexic)
Definition: nasl_crypto2.c:766
TC::x
union TC::@5 x
DYN_ARRAY
@ DYN_ARRAY
Definition: nasl_tree.h:90
nasl_dsa_do_sign
tree_cell * nasl_dsa_do_sign(lex_ctxt *lexic)
Definition: nasl_crypto2.c:1247
nasl_rsa_sign
tree_cell * nasl_rsa_sign(lex_ctxt *lexic)
Definition: nasl_crypto2.c:1094
nasl_open_stream_cipher
static tree_cell * nasl_open_stream_cipher(lex_ctxt *lexic, int cipher, int mode, const char *caller_func)
Open a stream cipher. This function creates a context handle and stores it in a cipher table....
Definition: nasl_crypto2.c:1531
nasl_aes256_gcm_encrypt
tree_cell * nasl_aes256_gcm_encrypt(lex_ctxt *lexic)
Definition: nasl_crypto2.c:2024
st_a_nasl_var::v
union st_a_nasl_var::@7 v
get_str_var_by_name
char * get_str_var_by_name(lex_ctxt *, const char *)
Definition: nasl_var.c:1118
st_a_nasl_var::v_str
nasl_string_t v_str
Definition: nasl_var.h:47
mpi_from_named_parameter
static int mpi_from_named_parameter(lex_ctxt *lexic, gcry_mpi_t *dest, const char *parameter, const char *function)
Converts a named nasl parameter to a gcry_mpi_t.
Definition: nasl_crypto2.c:220
VAR2_STRING
@ VAR2_STRING
Definition: nasl_var.h:17
st_nasl_string::s_siz
int s_siz
Definition: nasl_var.h:27
nasl_aes_mac_cbc
tree_cell * nasl_aes_mac_cbc(lex_ctxt *lexic)
Definition: nasl_crypto2.c:1730
VAR2_DATA
@ VAR2_DATA
Definition: nasl_var.h:18
st_nasl_array
Definition: nasl_var.h:33
cipher_table_item::hd
gcry_cipher_hd_t hd
Definition: nasl_crypto2.c:58
encrypt_stream_data
static tree_cell * encrypt_stream_data(lex_ctxt *lexic, int cipher, const char *caller_func)
Encrypt data using an existent cipher handle. As the handler is not close, the key is updated to encr...
Definition: nasl_crypto2.c:1609
NASL_ENCRYPT
#define NASL_ENCRYPT
Definition: nasl_crypto2.c:38
nasl_des_ede_cbc_encrypt
tree_cell * nasl_des_ede_cbc_encrypt(lex_ctxt *lexic)
Definition: nasl_crypto2.c:1990
VAR2_INT
@ VAR2_INT
Definition: nasl_var.h:16
nasl_aes256_ccm_encrypt
tree_cell * nasl_aes256_ccm_encrypt(lex_ctxt *lexic)
Definition: nasl_crypto2.c:2078
nasl_rsa_public_decrypt
tree_cell * nasl_rsa_public_decrypt(lex_ctxt *lexic)
Definition: nasl_crypto2.c:957
nasl_dh_generate_key
tree_cell * nasl_dh_generate_key(lex_ctxt *lexic)
Definition: nasl_crypto2.c:570
nasl_open_rc4_cipher
tree_cell * nasl_open_rc4_cipher(lex_ctxt *lexic)
Nasl function to open RC4 cipher to encrypt a stream of data. The handler can be used to encrypt stre...
Definition: nasl_crypto2.c:1955
cipher_table_item::id
int id
Definition: nasl_crypto2.c:59
nasl_debug.h
nasl_aes256_ccm_decrypt
tree_cell * nasl_aes256_ccm_decrypt(lex_ctxt *lexic)
Definition: nasl_crypto2.c:2091
nasl_pem_to_dsa
tree_cell * nasl_pem_to_dsa(lex_ctxt *lexic)
Definition: nasl_crypto2.c:501
nasl_perror
void nasl_perror(lex_ctxt *lexic, char *msg,...)
Definition: nasl_debug.c:111
get_var_type_by_name
int get_var_type_by_name(lex_ctxt *, const char *)
Definition: nasl_var.c:1162
TC::size
int size
Definition: nasl_tree.h:99
NUM_RSA_PARAMS
#define NUM_RSA_PARAMS
Creates a libgcryt s-expression from a GnuTLS private RSA key.
Definition: nasl_crypto2.c:1016
nasl_lex_ctxt.h
len
uint8_t len
Definition: nasl_packet_forgery.c:1
nasl_crypto2.h
nasl_pem_to_rsa
tree_cell * nasl_pem_to_rsa(lex_ctxt *lexic)
Definition: nasl_crypto2.c:485
SIGBLOB_LEN
#define SIGBLOB_LEN
Definition: nasl_crypto2.c:36
get_new_cipher_id
static int get_new_cipher_id(void)
Helper function to get a free id for a new cipher.
Definition: nasl_crypto2.c:108
get_int_var_by_name
long int get_int_var_by_name(lex_ctxt *, const char *, int)
Definition: nasl_var.c:1104
nasl_aes128_ctr_encrypt
tree_cell * nasl_aes128_ctr_encrypt(lex_ctxt *lexic)
Definition: nasl_crypto2.c:1976
calc_dh_public
static gcry_mpi_t calc_dh_public(gcry_mpi_t g, gcry_mpi_t prime, gcry_mpi_t priv)
compute the diffie hellman public key.
Definition: nasl_crypto2.c:518
crypt_data
static tree_cell * crypt_data(lex_ctxt *lexic, int cipher, int mode, int flags)
Definition: nasl_crypto2.c:1742
nasl_dsa_do_verify
tree_cell * nasl_dsa_do_verify(lex_ctxt *lexic)
Definition: nasl_crypto2.c:1158
nasl_func.h
TC::ref_val
void * ref_val
Definition: nasl_tree.h:105
TC::ref_count
short ref_count
Definition: nasl_tree.h:98
st_a_nasl_var::var_type
int var_type
Definition: nasl_var.h:41
cipher_table_item_new
static cipher_table_item_t * cipher_table_item_new(void)
Create a new cipher handler item parameter.
Definition: nasl_crypto2.c:153
nasl_pem_to
static tree_cell * nasl_pem_to(lex_ctxt *lexic, int type)
Implements the nasl functions pem_to_rsa and pem_to_dsa.
Definition: nasl_crypto2.c:403
mac
gpg_err_code_t mac(const char *key, const size_t key_len, const char *data, const size_t data_len, const char *iv, const size_t iv_len, int algo, int flags, char **out, size_t *out_len)
Definition: nasl_crypt_helper.c:97
nasl_mac
static tree_cell * nasl_mac(lex_ctxt *lexic, int algo, int flags)
Definition: nasl_crypto2.c:1694
TC
Definition: nasl_tree.h:94
struct_lex_ctxt
Definition: nasl_lex_ctxt.h:23
TC::type
short type
Definition: nasl_tree.h:95
nasl_bf_cbc
static tree_cell * nasl_bf_cbc(lex_ctxt *lexic, int enc)
Implements the nasl functions bf_cbc_encrypt and bf_cbc_decrypt.
Definition: nasl_crypto2.c:1358
nasl_var.h
nasl_packet_forgery.h
delete_cipher_item
static void delete_cipher_item(int cipher_id)
Free and remove a cipher handler from the cipher table.
Definition: nasl_crypto2.c:165
nasl_dh_compute_key
tree_cell * nasl_dh_compute_key(lex_ctxt *lexic)
Definition: nasl_crypto2.c:615
nasl_bf_cbc_encrypt
tree_cell * nasl_bf_cbc_encrypt(lex_ctxt *lexic)
Definition: nasl_crypto2.c:1494
NASL_AAD
#define NASL_AAD
Definition: nasl_crypto2.c:40
nasl_aes128_cbc_encrypt
tree_cell * nasl_aes128_cbc_encrypt(lex_ctxt *lexic)
Definition: nasl_crypto2.c:1962
nasl_global_ctxt.h
CONST_INT
@ CONST_INT
Definition: nasl_tree.h:79
nasl_load_privkey_param
static gnutls_x509_privkey_t nasl_load_privkey_param(lex_ctxt *lexic, const char *priv_name, const char *passphrase_name)
Loads a private key from a string.
Definition: nasl_crypto2.c:357
nasl_aes256_ccm_encrypt_auth
tree_cell * nasl_aes256_ccm_encrypt_auth(lex_ctxt *lexic)
Definition: nasl_crypto2.c:2085
mpi_from_string
static int mpi_from_string(lex_ctxt *lexic, gcry_mpi_t *dest, void *data, size_t len, const char *parameter, const char *function)
Converts a string to a gcry_mpi_t.
Definition: nasl_crypto2.c:191
nasl_aes128_ccm_encrypt
tree_cell * nasl_aes128_ccm_encrypt(lex_ctxt *lexic)
Definition: nasl_crypto2.c:2051
add_var_to_list
int add_var_to_list(nasl_array *a, int i, const anon_nasl_var *v)
Definition: nasl_var.c:1245
find_cipher_hd
static int find_cipher_hd(cipher_table_item_t *cipher_elem, int *id)
Helper function to find cipher id in the table.
Definition: nasl_crypto2.c:94
nasl_bn_random
tree_cell * nasl_bn_random(lex_ctxt *lexic)
Definition: nasl_crypto2.c:318
nasl_smb3kdf
tree_cell * nasl_smb3kdf(lex_ctxt *lexic)
Add the SMB3KDF as specified in [SP800-108] section 5.1.
Definition: nasl_crypto2.c:2111
nasl_aes128_ccm_decrypt_auth
tree_cell * nasl_aes128_ccm_decrypt_auth(lex_ctxt *lexic)
Definition: nasl_crypto2.c:2071
nasl_aes128_ccm_encrypt_auth
tree_cell * nasl_aes128_ccm_encrypt_auth(lex_ctxt *lexic)
Definition: nasl_crypto2.c:2058
cipher_table
static GList * cipher_table
List of open cipher handler.
Definition: nasl_crypto2.c:51
nasl_rsa_private_decrypt
tree_cell * nasl_rsa_private_decrypt(lex_ctxt *lexic)
Definition: nasl_crypto2.c:858
alloc_typed_cell
tree_cell * alloc_typed_cell(int typ)
Definition: nasl_tree.c:28
NASL_DECRYPT
#define NASL_DECRYPT
Definition: nasl_crypto2.c:39
strip_pkcs1_padding
static int strip_pkcs1_padding(tree_cell *retc)
Strips PKCS#1 padding from the string in retc.
Definition: nasl_crypto2.c:716
nasl_aes256_cbc_encrypt
tree_cell * nasl_aes256_cbc_encrypt(lex_ctxt *lexic)
Definition: nasl_crypto2.c:1969
nasl_bn_cmp
tree_cell * nasl_bn_cmp(lex_ctxt *lexic)
Definition: nasl_crypto2.c:281
nasl_tree.h
verify_cipher_id
static gcry_cipher_hd_t verify_cipher_id(lex_ctxt *lexic, int cipher_id)
Helper function to validate the cipher id.
Definition: nasl_crypto2.c:130
nasl_aes256_gcm_encrypt_auth
tree_cell * nasl_aes256_gcm_encrypt_auth(lex_ctxt *lexic)
Definition: nasl_crypto2.c:2031
nasl_aes128_gcm_encrypt
tree_cell * nasl_aes128_gcm_encrypt(lex_ctxt *lexic)
Definition: nasl_crypto2.c:1997
st_nasl_string::s_val
unsigned char * s_val
Definition: nasl_var.h:26
nasl_aes256_ccm_decrypt_auth
tree_cell * nasl_aes256_ccm_decrypt_auth(lex_ctxt *lexic)
Definition: nasl_crypto2.c:2098
cipher_table_item
Struct holding a cipher handler.
Definition: nasl_crypto2.c:57
INTBLOB_LEN
#define INTBLOB_LEN
Definition: nasl_crypto2.c:35
calc_dh_key
static gcry_mpi_t calc_dh_key(gcry_mpi_t pub, gcry_mpi_t prime, gcry_mpi_t priv)
Compute the diffie hellman shared secret key.
Definition: nasl_crypto2.c:545
TC::i_val
long int i_val
Definition: nasl_tree.h:104
extract_mpi_from_sexp
static gcry_mpi_t extract_mpi_from_sexp(gcry_sexp_t sexp, const char *token)
Extracts an MPI value from a libgcryt s-expression.
Definition: nasl_crypto2.c:668