OpenVAS Scanner 23.40.3
nasl_crypto2.h File Reference
#include "nasl_lex_ctxt.h"
Include dependency graph for nasl_crypto2.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

tree_cellnasl_bn_random (lex_ctxt *)
tree_cellnasl_dh_generate_key (lex_ctxt *)
tree_cellnasl_bn_cmp (lex_ctxt *)
tree_cellnasl_dh_compute_key (lex_ctxt *)
tree_cellnasl_rsa_public_encrypt (lex_ctxt *)
tree_cellnasl_rsa_private_decrypt (lex_ctxt *)
tree_cellnasl_open_rc4_cipher (lex_ctxt *)
 Nasl function to open RC4 cipher to encrypt a stream of data. The handler can be used to encrypt stream data. Open cipher must be close with close_stream_cipher() when it is not useful anymore.
tree_cellnasl_close_stream_cipher (lex_ctxt *)
 Nasl function to delete a cipher item from the cipher table.
tree_cellnasl_rsa_public_decrypt (lex_ctxt *)
tree_cellnasl_bf_cbc_encrypt (lex_ctxt *)
tree_cellnasl_bf_cbc_decrypt (lex_ctxt *)
tree_cellnasl_dsa_do_verify (lex_ctxt *lexic)
tree_cellnasl_pem_to_rsa (lex_ctxt *lexic)
tree_cellnasl_pem_to_dsa (lex_ctxt *lexic)
tree_cellnasl_rsa_sign (lex_ctxt *lexic)
tree_cellnasl_dsa_do_sign (lex_ctxt *lexic)
tree_cellnasl_rc4_encrypt (lex_ctxt *lexic)
 Nasl function to encrypt data with a RC4 cipher. If an hd param exist in the lexix context, it will use this handler to encrypt the data as part of a stream data. e.g.: rc4_encrypt(data: data, hd: hd).
tree_cellnasl_aes128_cbc_encrypt (lex_ctxt *lexic)
tree_cellnasl_aes_mac_cbc (lex_ctxt *lexic)
tree_cellnasl_aes_mac_gcm (lex_ctxt *lexic)
tree_cellnasl_aes256_cbc_encrypt (lex_ctxt *lexic)
tree_cellnasl_aes128_ctr_encrypt (lex_ctxt *lexic)
tree_cellnasl_aes256_ctr_encrypt (lex_ctxt *lexic)
tree_cellnasl_des_ede_cbc_encrypt (lex_ctxt *lexic)
tree_cellnasl_aes128_gcm_encrypt (lex_ctxt *lexic)
tree_cellnasl_aes128_gcm_encrypt_auth (lex_ctxt *lexic)
tree_cellnasl_aes128_gcm_decrypt (lex_ctxt *lexic)
tree_cellnasl_aes128_gcm_decrypt_auth (lex_ctxt *lexic)
tree_cellnasl_aes256_gcm_encrypt (lex_ctxt *lexic)
tree_cellnasl_aes256_gcm_encrypt_auth (lex_ctxt *lexic)
tree_cellnasl_aes256_gcm_decrypt (lex_ctxt *lexic)
tree_cellnasl_aes256_gcm_decrypt_auth (lex_ctxt *lexic)
tree_cellnasl_aes128_ccm_encrypt (lex_ctxt *lexic)
tree_cellnasl_aes128_ccm_encrypt_auth (lex_ctxt *lexic)
tree_cellnasl_aes128_ccm_decrypt (lex_ctxt *lexic)
tree_cellnasl_aes128_ccm_decrypt_auth (lex_ctxt *lexic)
tree_cellnasl_aes256_ccm_encrypt (lex_ctxt *lexic)
tree_cellnasl_aes256_ccm_encrypt_auth (lex_ctxt *lexic)
tree_cellnasl_aes256_ccm_decrypt (lex_ctxt *lexic)
tree_cellnasl_aes256_ccm_decrypt_auth (lex_ctxt *lexic)
tree_cellnasl_smb3kdf (lex_ctxt *lexic)
 Add the SMB3KDF as specified in [SP800-108] section 5.1.
int generate_script_signature (char *)

Function Documentation

◆ generate_script_signature()

int generate_script_signature ( char * )

◆ nasl_aes128_cbc_encrypt()

tree_cell * nasl_aes128_cbc_encrypt ( lex_ctxt * lexic)

Definition at line 1962 of file nasl_crypto2.c.

1963{
1964 return crypt_data (lexic, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CBC,
1965 NASL_ENCRYPT);
1966}
NASL_ENCRYPT
#define NASL_ENCRYPT
Definition nasl_crypto2.c:38
crypt_data
static tree_cell * crypt_data(lex_ctxt *lexic, int cipher, int mode, int flags)
Definition nasl_crypto2.c:1742

References crypt_data(), and NASL_ENCRYPT.

Here is the call graph for this function:

◆ nasl_aes128_ccm_decrypt()

tree_cell * nasl_aes128_ccm_decrypt ( lex_ctxt * lexic)

Definition at line 2064 of file nasl_crypto2.c.

2065{
2066 return crypt_data (lexic, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CCM,
2067 NASL_DECRYPT);
2068}
NASL_DECRYPT
#define NASL_DECRYPT
Definition nasl_crypto2.c:39

References crypt_data(), and NASL_DECRYPT.

Here is the call graph for this function:

◆ nasl_aes128_ccm_decrypt_auth()

tree_cell * nasl_aes128_ccm_decrypt_auth ( lex_ctxt * lexic)

Definition at line 2071 of file nasl_crypto2.c.

2072{
2073 return crypt_data (lexic, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CCM,
2074 NASL_AAD | NASL_DECRYPT);
2075}
NASL_AAD
#define NASL_AAD
Definition nasl_crypto2.c:40

References crypt_data(), NASL_AAD, and NASL_DECRYPT.

Here is the call graph for this function:

◆ nasl_aes128_ccm_encrypt()

tree_cell * nasl_aes128_ccm_encrypt ( lex_ctxt * lexic)

Definition at line 2051 of file nasl_crypto2.c.

2052{
2053 return crypt_data (lexic, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CCM,
2054 NASL_ENCRYPT);
2055}

References crypt_data(), and NASL_ENCRYPT.

Here is the call graph for this function:

◆ nasl_aes128_ccm_encrypt_auth()

tree_cell * nasl_aes128_ccm_encrypt_auth ( lex_ctxt * lexic)

Definition at line 2058 of file nasl_crypto2.c.

2059{
2060 return crypt_data (lexic, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CCM, NASL_AAD);
2061}

References crypt_data(), and NASL_AAD.

Here is the call graph for this function:

◆ nasl_aes128_ctr_encrypt()

tree_cell * nasl_aes128_ctr_encrypt ( lex_ctxt * lexic)

Definition at line 1976 of file nasl_crypto2.c.

1977{
1978 return crypt_data (lexic, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR,
1979 NASL_ENCRYPT);
1980}

References crypt_data(), and NASL_ENCRYPT.

Here is the call graph for this function:

◆ nasl_aes128_gcm_decrypt()

tree_cell * nasl_aes128_gcm_decrypt ( lex_ctxt * lexic)

Definition at line 2010 of file nasl_crypto2.c.

2011{
2012 return crypt_data (lexic, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_GCM,
2013 NASL_DECRYPT);
2014}

References crypt_data(), and NASL_DECRYPT.

Here is the call graph for this function:

◆ nasl_aes128_gcm_decrypt_auth()

tree_cell * nasl_aes128_gcm_decrypt_auth ( lex_ctxt * lexic)

Definition at line 2017 of file nasl_crypto2.c.

2018{
2019 return crypt_data (lexic, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_GCM,
2020 NASL_AAD | NASL_DECRYPT);
2021}

References crypt_data(), NASL_AAD, and NASL_DECRYPT.

Here is the call graph for this function:

◆ nasl_aes128_gcm_encrypt()

tree_cell * nasl_aes128_gcm_encrypt ( lex_ctxt * lexic)

Definition at line 1997 of file nasl_crypto2.c.

1998{
1999 return crypt_data (lexic, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_GCM,
2000 NASL_ENCRYPT);
2001}

References crypt_data(), and NASL_ENCRYPT.

Here is the call graph for this function:

◆ nasl_aes128_gcm_encrypt_auth()

tree_cell * nasl_aes128_gcm_encrypt_auth ( lex_ctxt * lexic)

Definition at line 2004 of file nasl_crypto2.c.

2005{
2006 return crypt_data (lexic, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_GCM, NASL_AAD);
2007}

References crypt_data(), and NASL_AAD.

Here is the call graph for this function:

◆ nasl_aes256_cbc_encrypt()

tree_cell * nasl_aes256_cbc_encrypt ( lex_ctxt * lexic)

Definition at line 1969 of file nasl_crypto2.c.

1970{
1971 return crypt_data (lexic, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC,
1972 NASL_ENCRYPT);
1973}

References crypt_data(), and NASL_ENCRYPT.

Here is the call graph for this function:

◆ nasl_aes256_ccm_decrypt()

tree_cell * nasl_aes256_ccm_decrypt ( lex_ctxt * lexic)

Definition at line 2091 of file nasl_crypto2.c.

2092{
2093 return crypt_data (lexic, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CCM,
2094 NASL_DECRYPT);
2095}

References crypt_data(), and NASL_DECRYPT.

Here is the call graph for this function:

◆ nasl_aes256_ccm_decrypt_auth()

tree_cell * nasl_aes256_ccm_decrypt_auth ( lex_ctxt * lexic)

Definition at line 2098 of file nasl_crypto2.c.

2099{
2100 return crypt_data (lexic, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CCM,
2101 NASL_AAD | NASL_DECRYPT);
2102}

References crypt_data(), NASL_AAD, and NASL_DECRYPT.

Here is the call graph for this function:

◆ nasl_aes256_ccm_encrypt()

tree_cell * nasl_aes256_ccm_encrypt ( lex_ctxt * lexic)

Definition at line 2078 of file nasl_crypto2.c.

2079{
2080 return crypt_data (lexic, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CCM,
2081 NASL_ENCRYPT);
2082}

References crypt_data(), and NASL_ENCRYPT.

Here is the call graph for this function:

◆ nasl_aes256_ccm_encrypt_auth()

tree_cell * nasl_aes256_ccm_encrypt_auth ( lex_ctxt * lexic)

Definition at line 2085 of file nasl_crypto2.c.

2086{
2087 return crypt_data (lexic, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CCM, NASL_AAD);
2088}

References crypt_data(), and NASL_AAD.

Here is the call graph for this function:

◆ nasl_aes256_ctr_encrypt()

tree_cell * nasl_aes256_ctr_encrypt ( lex_ctxt * lexic)

Definition at line 1983 of file nasl_crypto2.c.

1984{
1985 return crypt_data (lexic, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CTR,
1986 NASL_ENCRYPT);
1987}

References crypt_data(), and NASL_ENCRYPT.

Here is the call graph for this function:

◆ nasl_aes256_gcm_decrypt()

tree_cell * nasl_aes256_gcm_decrypt ( lex_ctxt * lexic)

Definition at line 2037 of file nasl_crypto2.c.

2038{
2039 return crypt_data (lexic, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_GCM,
2040 NASL_DECRYPT);
2041}

References crypt_data(), and NASL_DECRYPT.

Here is the call graph for this function:

◆ nasl_aes256_gcm_decrypt_auth()

tree_cell * nasl_aes256_gcm_decrypt_auth ( lex_ctxt * lexic)

Definition at line 2044 of file nasl_crypto2.c.

2045{
2046 return crypt_data (lexic, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_GCM,
2047 NASL_AAD | NASL_DECRYPT);
2048}

References crypt_data(), NASL_AAD, and NASL_DECRYPT.

Here is the call graph for this function:

◆ nasl_aes256_gcm_encrypt()

tree_cell * nasl_aes256_gcm_encrypt ( lex_ctxt * lexic)

Definition at line 2024 of file nasl_crypto2.c.

2025{
2026 return crypt_data (lexic, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_GCM,
2027 NASL_ENCRYPT);
2028}

References crypt_data(), and NASL_ENCRYPT.

Here is the call graph for this function:

◆ nasl_aes256_gcm_encrypt_auth()

tree_cell * nasl_aes256_gcm_encrypt_auth ( lex_ctxt * lexic)

Definition at line 2031 of file nasl_crypto2.c.

2032{
2033 return crypt_data (lexic, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_GCM, NASL_AAD);
2034}

References crypt_data(), and NASL_AAD.

Here is the call graph for this function:

◆ nasl_aes_mac_cbc()

tree_cell * nasl_aes_mac_cbc ( lex_ctxt * lexic)

Definition at line 1730 of file nasl_crypto2.c.

1731{
1732 return nasl_mac (lexic, GCRY_MAC_CMAC_AES, GCRY_MAC_FLAG_SECURE);
1733}
nasl_mac
static tree_cell * nasl_mac(lex_ctxt *lexic, int algo, int flags)
Definition nasl_crypto2.c:1694

References nasl_mac().

Here is the call graph for this function:

◆ nasl_aes_mac_gcm()

tree_cell * nasl_aes_mac_gcm ( lex_ctxt * lexic)

Definition at line 1736 of file nasl_crypto2.c.

1737{
1738 return nasl_mac (lexic, GCRY_MAC_GMAC_AES, GCRY_MAC_FLAG_SECURE);
1739}

References nasl_mac().

Here is the call graph for this function:

◆ nasl_bf_cbc_decrypt()

tree_cell * nasl_bf_cbc_decrypt ( lex_ctxt * lexic)

nasl function

bf_cbc_decrypt(key:key, iv:iv, data:data)

Decrypt the cipher text data using the blowfish algorithm in CBC mode with the key key and the initialization vector iv. The key must be 16 bytes long. The iv must be at least 8 bytes long. data must be a multiple of 8 bytes long.

The return value is an array a with a[0] being the plaintext data and a[1] the new initialization vector to use for the next part of the data.

Definition at line 1514 of file nasl_crypto2.c.

1515{
1516 return nasl_bf_cbc (lexic, 0);
1517}
nasl_bf_cbc
static tree_cell * nasl_bf_cbc(lex_ctxt *lexic, int enc)
Implements the nasl functions bf_cbc_encrypt and bf_cbc_decrypt.
Definition nasl_crypto2.c:1358

References nasl_bf_cbc().

Here is the call graph for this function:

◆ nasl_bf_cbc_encrypt()

tree_cell * nasl_bf_cbc_encrypt ( lex_ctxt * lexic)

nasl function

bf_cbc_encrypt(key:key, iv:iv, data:data)

Encrypt the plaintext data using the blowfish algorithm in CBC mode with the key key and the initialization vector iv. The key must be 16 bytes long. The iv must be at least 8 bytes long. data must be a multiple of 8 bytes long.

The return value is an array a with a[0] being the encrypted data and a[1] the new initialization vector to use for the next part of the data.

Definition at line 1494 of file nasl_crypto2.c.

1495{
1496 return nasl_bf_cbc (lexic, 1);
1497}

References nasl_bf_cbc().

Here is the call graph for this function:

◆ nasl_bn_cmp()

tree_cell * nasl_bn_cmp ( lex_ctxt * lexic)

nasl function

bn_cmp(key1:MPI1, key2:MPI2)

Compares the MPIs key1 and key2 (given as binary strings). Returns -1 if key1 < key2, 0 if key1 == key2 and +1 if key1 > key2.

Definition at line 281 of file nasl_crypto2.c.

282{
283 tree_cell *retc = NULL;
284 gcry_mpi_t key1 = NULL, key2 = NULL;
285
286 retc = g_malloc0 (sizeof (tree_cell));
287 retc->ref_count = 1;
288 retc->type = CONST_INT;
289 retc->x.i_val = 1;
290
291 if (mpi_from_named_parameter (lexic, &key1, "key1", "nasl_bn_cmp") < 0)
292 goto fail;
293 if (mpi_from_named_parameter (lexic, &key2, "key2", "nasl_bn_cmp") < 0)
294 goto fail;
295
296 retc->x.i_val = gcry_mpi_cmp (key1, key2);
297
298 /* make sure the return value is one of -1, 0, +1 */
299 if (retc->x.i_val > 0)
300 retc->x.i_val = 1;
301 if (retc->x.i_val < 0)
302 retc->x.i_val = -1;
303
304fail:
305 gcry_mpi_release (key1);
306 gcry_mpi_release (key2);
307 return retc;
308}
mpi_from_named_parameter
static int mpi_from_named_parameter(lex_ctxt *lexic, gcry_mpi_t *dest, const char *parameter, const char *function)
Converts a named nasl parameter to a gcry_mpi_t.
Definition nasl_crypto2.c:220
CONST_INT
@ CONST_INT
Definition nasl_tree.h:79
tree_cell
struct TC tree_cell
TC::ref_count
short ref_count
Definition nasl_tree.h:98
TC::i_val
long int i_val
Definition nasl_tree.h:104
TC::x
union TC::@332262321161220155002104006201360276211317150140 x
TC::type
short type
Definition nasl_tree.h:95

References CONST_INT, TC::i_val, mpi_from_named_parameter(), TC::ref_count, TC::type, and TC::x.

Here is the call graph for this function:

◆ nasl_bn_random()

tree_cell * nasl_bn_random ( lex_ctxt * lexic)

nasl function

bn_random(need:numBits)

Returns
An MPI as a string with need bits of random data.

Definition at line 318 of file nasl_crypto2.c.

319{
320 tree_cell *retc = NULL;
321 gcry_mpi_t key = NULL;
322 long need;
323
324 retc = alloc_typed_cell (CONST_DATA);
325
326 /* number of random bits */
327 need = get_int_var_by_name (lexic, "need", 0);
328
329 key = gcry_mpi_new (0);
330 if (!key)
331 goto fail;
332
333 gcry_mpi_randomize (key, need, GCRY_STRONG_RANDOM);
334
335 if (set_mpi_retc (retc, key) >= 0)
336 goto ret;
337
338fail:
339 retc->size = 0;
340 retc->x.str_val = g_malloc0 (1);
341ret:
342 gcry_mpi_release (key);
343 return retc;
344}
set_mpi_retc
static int set_mpi_retc(tree_cell *retc, gcry_mpi_t mpi)
Sets the return value in retc from the MPI mpi.
Definition nasl_crypto2.c:254
get_int_var_by_name
long int get_int_var_by_name(lex_ctxt *, const char *, int)
Definition nasl_var.c:1101
alloc_typed_cell
tree_cell * alloc_typed_cell(int typ)
Definition nasl_tree.c:25
CONST_DATA
@ CONST_DATA
Definition nasl_tree.h:82
TC::size
long int size
Definition nasl_tree.h:99
TC::str_val
char * str_val
Definition nasl_tree.h:103

References alloc_typed_cell(), CONST_DATA, get_int_var_by_name(), set_mpi_retc(), TC::size, TC::str_val, and TC::x.

Here is the call graph for this function:

◆ nasl_close_stream_cipher()

tree_cell * nasl_close_stream_cipher ( lex_ctxt * lexic)

Nasl function to delete a cipher item from the cipher table.

Parameters
[in]cipher_idThe cipher id to close
Returns
Returns zero on success. Otherwise NULL.

Definition at line 1675 of file nasl_crypto2.c.

1676{
1677 tree_cell *retc;
1678 int cipher_id;
1679 gcry_cipher_hd_t hd;
1680
1681 cipher_id = get_int_var_by_name (lexic, "hd", 0);
1682
1683 hd = verify_cipher_id (lexic, cipher_id);
1684 if (hd == NULL)
1685 return NULL;
1686
1687 delete_cipher_item (cipher_id);
1688 retc = alloc_typed_cell (CONST_INT);
1689 retc->x.i_val = 0;
1690 return retc;
1691}
delete_cipher_item
static void delete_cipher_item(int cipher_id)
Free and remove a cipher handler from the cipher table.
Definition nasl_crypto2.c:165
verify_cipher_id
static gcry_cipher_hd_t verify_cipher_id(lex_ctxt *lexic, int cipher_id)
Helper function to validate the cipher id.
Definition nasl_crypto2.c:130

References alloc_typed_cell(), CONST_INT, delete_cipher_item(), get_int_var_by_name(), cipher_table_item::hd, TC::i_val, verify_cipher_id(), and TC::x.

Here is the call graph for this function:

◆ nasl_des_ede_cbc_encrypt()

tree_cell * nasl_des_ede_cbc_encrypt ( lex_ctxt * lexic)

Definition at line 1990 of file nasl_crypto2.c.

1991{
1992 return crypt_data (lexic, GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC,
1993 NASL_ENCRYPT);
1994}

References crypt_data(), and NASL_ENCRYPT.

Here is the call graph for this function:

◆ nasl_dh_compute_key()

tree_cell * nasl_dh_compute_key ( lex_ctxt * lexic)

nasl function

dh_compute_key(p:mpi_p, g:mpi_g, dh_server_pub:mpi_server_pub, pub_key:mpi_client_pub, priv_key:mpi_client_priv)

Computes the Diffie-Hellman shared secret key from the shared parameters p and g, the server's public key dh_server_pub and the client's public and private keys pub_key an priv_key. The return value is the shared secret key as an MPI.

Definition at line 615 of file nasl_crypto2.c.

616{
617 tree_cell *retc = NULL;
618 gcry_mpi_t p = NULL, g = NULL, dh_server_pub = NULL;
619 gcry_mpi_t pub_key = NULL, priv_key = NULL;
620 gcry_mpi_t shared = NULL;
621
622 retc = alloc_typed_cell (CONST_DATA);
623
624 if (mpi_from_named_parameter (lexic, &p, "p", "nasl_dh_compute_key") < 0)
625 goto fail;
626 if (mpi_from_named_parameter (lexic, &g, "g", "nasl_dh_compute_key") < 0)
627 goto fail;
628 if (mpi_from_named_parameter (lexic, &dh_server_pub, "dh_server_pub",
629 "nasl_dh_compute_key")
630 < 0)
631 goto fail;
632 if (mpi_from_named_parameter (lexic, &pub_key, "pub_key",
633 "nasl_dh_compute_key")
634 < 0)
635 goto fail;
636 if (mpi_from_named_parameter (lexic, &priv_key, "priv_key",
637 "nasl_dh_compute_key")
638 < 0)
639 goto fail;
640
641 shared = calc_dh_key (dh_server_pub, p, priv_key);
642
643 if (set_mpi_retc (retc, shared) >= 0)
644 goto ret;
645
646fail:
647 retc->size = 0;
648 retc->x.str_val = g_malloc0 (1);
649ret:
650 gcry_mpi_release (p);
651 gcry_mpi_release (g);
652 gcry_mpi_release (dh_server_pub);
653 gcry_mpi_release (priv_key);
654 gcry_mpi_release (pub_key);
655 gcry_mpi_release (shared);
656 return retc;
657}
calc_dh_key
static gcry_mpi_t calc_dh_key(gcry_mpi_t pub, gcry_mpi_t prime, gcry_mpi_t priv)
Compute the diffie hellman shared secret key.
Definition nasl_crypto2.c:545

References alloc_typed_cell(), calc_dh_key(), CONST_DATA, mpi_from_named_parameter(), set_mpi_retc(), TC::size, TC::str_val, and TC::x.

Here is the call graph for this function:

◆ nasl_dh_generate_key()

tree_cell * nasl_dh_generate_key ( lex_ctxt * lexic)

nasl function

dh_generate_key(p:mpi_p, g:mpi_g, priv:mpi_priv)

Generates a Diffie-Hellman public key from the shared parameters p and g and the private parameter priv. The return value is the public key as an MPI.

Definition at line 570 of file nasl_crypto2.c.

571{
572 tree_cell *retc = NULL;
573 gcry_mpi_t p = NULL, g = NULL, priv = NULL, pub_mpi = NULL;
574
575 retc = alloc_typed_cell (CONST_DATA);
576
577 if (mpi_from_named_parameter (lexic, &p, "p", "nasl_dh_generate_key") < 0)
578 goto fail;
579 if (mpi_from_named_parameter (lexic, &g, "g", "nasl_dh_generate_key") < 0)
580 goto fail;
581 if (mpi_from_named_parameter (lexic, &priv, "priv", "nasl_dh_generate_key")
582 < 0)
583 goto fail;
584
585 pub_mpi = calc_dh_public (g, p, priv);
586 if (pub_mpi == NULL)
587 goto fail;
588
589 if (set_mpi_retc (retc, pub_mpi) >= 0)
590 goto ret;
591
592fail:
593 retc->x.str_val = g_malloc0 (1);
594 retc->size = 0;
595ret:
596 gcry_mpi_release (p);
597 gcry_mpi_release (g);
598 gcry_mpi_release (priv);
599 gcry_mpi_release (pub_mpi);
600 return retc;
601}
calc_dh_public
static gcry_mpi_t calc_dh_public(gcry_mpi_t g, gcry_mpi_t prime, gcry_mpi_t priv)
compute the diffie hellman public key.
Definition nasl_crypto2.c:518

References alloc_typed_cell(), calc_dh_public(), CONST_DATA, mpi_from_named_parameter(), set_mpi_retc(), TC::size, TC::str_val, and TC::x.

Here is the call graph for this function:

◆ nasl_dsa_do_sign()

tree_cell * nasl_dsa_do_sign ( lex_ctxt * lexic)

nasl function

dsa_do_sign(p:mpi_p, g:mpi_g, q:mpi_q, pub:mpi_pub, priv:mpi_priv, data:hash)

Computes the DSA signature of the hash in data using the private DSA key given by p, g, q, pub and priv. The return value is a 40 byte string encoding the two MPIs r and s of the DSA signature. The first 20 bytes are the value of r and the last 20 bytes are the value of s.

Definition at line 1247 of file nasl_crypto2.c.

1248{
1249 tree_cell *retc = NULL;
1250 gcry_mpi_t p = NULL, g = NULL, q = NULL, pub = NULL, priv = NULL, data = NULL;
1251 gcry_mpi_t r = NULL, s = NULL;
1252 gcry_sexp_t ssig = NULL, skey = NULL, sdata = NULL;
1253 long rlen, slen;
1254 unsigned char *sigblob = NULL;
1255 gcry_error_t err;
1256
1257 retc = g_malloc0 (sizeof (tree_cell));
1258 retc->ref_count = 1;
1259 retc->type = CONST_DATA;
1260 retc->x.i_val = 0;
1261
1262 if (mpi_from_named_parameter (lexic, &p, "p", "nasl_dsa_do_sign") < 0)
1263 goto fail;
1264 if (mpi_from_named_parameter (lexic, &g, "g", "nasl_dsa_do_sign") < 0)
1265 goto fail;
1266 if (mpi_from_named_parameter (lexic, &q, "q", "nasl_dsa_do_sign") < 0)
1267 goto fail;
1268 if (mpi_from_named_parameter (lexic, &pub, "pub", "nasl_dsa_do_sign") < 0)
1269 goto fail;
1270 if (mpi_from_named_parameter (lexic, &priv, "priv", "nasl_dsa_do_sign") < 0)
1271 goto fail;
1272 if (mpi_from_named_parameter (lexic, &data, "data", "nasl_dsa_do_sign") < 0)
1273 goto fail;
1274
1275 err = gcry_sexp_build (&sdata, NULL, "(data (flags raw) (value %m))", data);
1276 if (err)
1277 {
1278 print_gcrypt_error (lexic, "gcry_sexp_build for data", err);
1279 goto fail;
1280 }
1281
1282 err = gcry_sexp_build (
1283 &skey, NULL, "(private-key (dsa (p %m) (q %m) (g %m) (y %m) (x %m)))", p, q,
1284 g, pub, priv);
1285 if (err)
1286 {
1287 print_gcrypt_error (lexic, "gcry_sexp_build for private-key", err);
1288 goto fail;
1289 }
1290
1291 err = gcry_pk_sign (&ssig, sdata, skey);
1292 if (err)
1293 {
1294 print_gcrypt_error (lexic, "gcry_pk_sign", err);
1295 goto fail;
1296 }
1297
1298 r = extract_mpi_from_sexp (ssig, "r");
1299 s = extract_mpi_from_sexp (ssig, "s");
1300 if (!r || !s)
1301 goto fail;
1302
1303 rlen = (gcry_mpi_get_nbits (r) + 7) / 8;
1304 slen = (gcry_mpi_get_nbits (s) + 7) / 8;
1305 if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN)
1306 {
1307 nasl_perror (lexic, "rlen (%d) or slen (%d) > INTBLOB_LEN (%d)\n", rlen,
1308 slen, INTBLOB_LEN);
1309 goto fail;
1310 }
1311
1312 sigblob = g_malloc0 (SIGBLOB_LEN);
1313 memset (sigblob, 0, SIGBLOB_LEN);
1314
1315 err = gcry_mpi_print (
1316 GCRYMPI_FMT_USG,
1317 (unsigned char *) (sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen), rlen, NULL,
1318 r);
1319 if (err)
1320 {
1321 print_gcrypt_error (lexic, "gcry_mpi_print(r)", err);
1322 goto fail;
1323 }
1324 err = gcry_mpi_print (GCRYMPI_FMT_USG,
1325 (unsigned char *) (sigblob + SIGBLOB_LEN - slen), rlen,
1326 NULL, s);
1327 if (err)
1328 {
1329 print_gcrypt_error (lexic, "gcry_mpi_print(s)", err);
1330 goto fail;
1331 }
1332
1333 retc->x.str_val = (char *) sigblob;
1334 sigblob = NULL;
1335 retc->size = SIGBLOB_LEN;
1336
1337fail:
1338 gcry_mpi_release (p);
1339 gcry_mpi_release (g);
1340 gcry_mpi_release (q);
1341 gcry_mpi_release (pub);
1342 gcry_mpi_release (priv);
1343 gcry_mpi_release (data);
1344 gcry_mpi_release (r);
1345 gcry_mpi_release (s);
1346 gcry_sexp_release (ssig);
1347 gcry_sexp_release (skey);
1348 gcry_sexp_release (sdata);
1349 g_free (sigblob);
1350
1351 return retc;
1352}
INTBLOB_LEN
#define INTBLOB_LEN
Definition nasl_crypto2.c:35
SIGBLOB_LEN
#define SIGBLOB_LEN
Definition nasl_crypto2.c:36
extract_mpi_from_sexp
static gcry_mpi_t extract_mpi_from_sexp(gcry_sexp_t sexp, const char *token)
Extracts an MPI value from a libgcryt s-expression.
Definition nasl_crypto2.c:668
print_gcrypt_error
static void print_gcrypt_error(lex_ctxt *lexic, char *function, int err)
Prints a libgcrypt error.
Definition nasl_crypto2.c:82
nasl_perror
void nasl_perror(lex_ctxt *lexic, char *msg,...)
Definition nasl_debug.c:105

References CONST_DATA, extract_mpi_from_sexp(), TC::i_val, INTBLOB_LEN, mpi_from_named_parameter(), nasl_perror(), print_gcrypt_error(), TC::ref_count, SIGBLOB_LEN, TC::size, TC::str_val, TC::type, and TC::x.

Here is the call graph for this function:

◆ nasl_dsa_do_verify()

tree_cell * nasl_dsa_do_verify ( lex_ctxt * lexic)

nasl function

dsa_do_verify(p:mpi_p, g:mpi_g, q:mpi_q, pub:mpi_pub, r:mpi_r, s:mpi_s, data:hash)

Verify that the DSA signature given by r and s matches the hash given in data using the public DSA key given by p, g, q and pub. Returns 1 if the signature is valid and 0 if it's invalid.

Definition at line 1158 of file nasl_crypto2.c.

1159{
1160 tree_cell *retc = NULL;
1161 gcry_mpi_t p = NULL, g = NULL, q = NULL, pub = NULL, data = NULL;
1162 gcry_mpi_t r = NULL, s = NULL;
1163 gcry_sexp_t ssig = NULL, skey = NULL, sdata = NULL;
1164 gcry_error_t err;
1165
1166 retc = g_malloc0 (sizeof (tree_cell));
1167 retc->ref_count = 1;
1168 retc->type = CONST_INT;
1169 retc->x.i_val = 0;
1170
1171 if (mpi_from_named_parameter (lexic, &p, "p", "nasl_dsa_do_sign") < 0)
1172 goto fail;
1173 if (mpi_from_named_parameter (lexic, &g, "g", "nasl_dsa_do_sign") < 0)
1174 goto fail;
1175 if (mpi_from_named_parameter (lexic, &q, "q", "nasl_dsa_do_sign") < 0)
1176 goto fail;
1177 if (mpi_from_named_parameter (lexic, &pub, "pub", "nasl_dsa_do_sign") < 0)
1178 goto fail;
1179 if (mpi_from_named_parameter (lexic, &r, "r", "nasl_dsa_do_sign") < 0)
1180 goto fail;
1181 if (mpi_from_named_parameter (lexic, &s, "s", "nasl_dsa_do_sign") < 0)
1182 goto fail;
1183 if (mpi_from_named_parameter (lexic, &data, "data", "nasl_dsa_do_sign") < 0)
1184 goto fail;
1185
1186 err = gcry_sexp_build (&sdata, NULL, "(data (flags raw) (value %m))", data);
1187 if (err)
1188 {
1189 print_gcrypt_error (lexic, "gcry_sexp_build for data", err);
1190 goto fail;
1191 }
1192
1193 err = gcry_sexp_build (&skey, NULL,
1194 "(public-key (dsa (p %m) (q %m) (g %m) (y %m)))", p, q,
1195 g, pub);
1196 if (err)
1197 {
1198 print_gcrypt_error (lexic, "gcry_sexp_build for private key", err);
1199 goto fail;
1200 }
1201
1202 err = gcry_sexp_build (&ssig, NULL, "(sig-val (dsa (r %m) (s %m)))", r, s);
1203 if (err)
1204 {
1205 print_gcrypt_error (lexic, "gcry_sexp_build for signature", err);
1206 goto fail;
1207 }
1208
1209 err = gcry_pk_verify (ssig, sdata, skey);
1210 if (err == 0)
1211 retc->x.i_val = 1;
1212 else if (gcry_err_code (err) == GPG_ERR_BAD_SIGNATURE)
1213 retc->x.i_val = 0;
1214 else
1215 {
1216 print_gcrypt_error (lexic, "gcry_pk_sign", err);
1217 goto fail;
1218 }
1219
1220fail:
1221 gcry_mpi_release (p);
1222 gcry_mpi_release (g);
1223 gcry_mpi_release (q);
1224 gcry_mpi_release (pub);
1225 gcry_mpi_release (r);
1226 gcry_mpi_release (s);
1227 gcry_mpi_release (data);
1228 gcry_sexp_release (ssig);
1229 gcry_sexp_release (skey);
1230 gcry_sexp_release (sdata);
1231
1232 return retc;
1233}

References CONST_INT, TC::i_val, mpi_from_named_parameter(), print_gcrypt_error(), TC::ref_count, TC::type, and TC::x.

Here is the call graph for this function:

◆ nasl_open_rc4_cipher()

tree_cell * nasl_open_rc4_cipher ( lex_ctxt * lexic)

Nasl function to open RC4 cipher to encrypt a stream of data. The handler can be used to encrypt stream data. Open cipher must be close with close_stream_cipher() when it is not useful anymore.

Returns
Returns the id of the cipher handler encrypted data on success. Otherwise NULL.

Definition at line 1955 of file nasl_crypto2.c.

1956{
1957 return nasl_open_stream_cipher (lexic, GCRY_CIPHER_ARCFOUR,
1958 GCRY_CIPHER_MODE_STREAM, "open_rc4_cipher");
1959}
nasl_open_stream_cipher
static tree_cell * nasl_open_stream_cipher(lex_ctxt *lexic, int cipher, int mode, const char *caller_func)
Open a stream cipher. This function creates a context handle and stores it in a cipher table....
Definition nasl_crypto2.c:1531

References nasl_open_stream_cipher().

Here is the call graph for this function:

◆ nasl_pem_to_dsa()

tree_cell * nasl_pem_to_dsa ( lex_ctxt * lexic)

nasl function

pem_to_dsa(priv:PEM, passphrase:PASSPHRASE)

Reads the private key from the string priv which contains a private DSA key in PEM format. Passphrase is the passphrase needed to decrypt the private key. The function returns the parameter "x" of the DSA key as an MPI.

Definition at line 501 of file nasl_crypto2.c.

502{
503 return nasl_pem_to (lexic, 1);
504}
nasl_pem_to
static tree_cell * nasl_pem_to(lex_ctxt *lexic, int type)
Implements the nasl functions pem_to_rsa and pem_to_dsa.
Definition nasl_crypto2.c:403

References nasl_pem_to().

Here is the call graph for this function:

◆ nasl_pem_to_rsa()

tree_cell * nasl_pem_to_rsa ( lex_ctxt * lexic)

nasl function

pem_to_rsa(priv:PEM, passphrase:PASSPHRASE)

Reads the private key from the string priv which contains a private RSA key in PEM format. Passphrase is the passphrase needed to decrypt the private key. The function returns the parameter "d" of the RSA key as an MPI.

Definition at line 485 of file nasl_crypto2.c.

486{
487 return nasl_pem_to (lexic, 0);
488}

References nasl_pem_to().

Here is the call graph for this function:

◆ nasl_rc4_encrypt()

tree_cell * nasl_rc4_encrypt ( lex_ctxt * lexic)

Nasl function to encrypt data with a RC4 cipher. If an hd param exist in the lexix context, it will use this handler to encrypt the data as part of a stream data. e.g.: rc4_encrypt(data: data, hd: hd).

Otherwise encrypts the data as block and the key is mandatory: e.g.: rc4_encrypt(data: data, key: key)

Returns
Returns the encrypted data on success. Otherwise NULL.

Definition at line 1928 of file nasl_crypto2.c.

1929{
1930 int cipher_id;
1931 gcry_cipher_hd_t hd;
1932 cipher_id = get_int_var_by_name (lexic, "hd", -1);
1933
1934 if (cipher_id >= 0)
1935 {
1936 hd = verify_cipher_id (lexic, cipher_id);
1937 if (hd == NULL)
1938 return NULL;
1939 return encrypt_stream_data (lexic, GCRY_CIPHER_ARCFOUR, "rc4_encrypt");
1940 }
1941
1942 return crypt_data (lexic, GCRY_CIPHER_ARCFOUR, GCRY_CIPHER_MODE_STREAM,
1943 NASL_ENCRYPT);
1944}
encrypt_stream_data
static tree_cell * encrypt_stream_data(lex_ctxt *lexic, int cipher, const char *caller_func)
Encrypt data using an existent cipher handle. As the handler is not close, the key is updated to encr...
Definition nasl_crypto2.c:1609

References crypt_data(), encrypt_stream_data(), get_int_var_by_name(), cipher_table_item::hd, NASL_ENCRYPT, and verify_cipher_id().

Here is the call graph for this function:

◆ nasl_rsa_private_decrypt()

tree_cell * nasl_rsa_private_decrypt ( lex_ctxt * lexic)

nasl function

rsa_private_decrypt(data:data, d:mpi_d, e:mpi_e, n:mpi_n, pad:<TRUE:FALSE>)

Decrypt the provided data with the private RSA key given by its parameters d, e and n. The return value is the decrypted data in plaintext format.

TODO: In future releases, string support for padding should be removed

Definition at line 858 of file nasl_crypto2.c.

859{
860 tree_cell *retc = NULL;
861 gcry_mpi_t e = NULL, n = NULL, d = NULL, dt = NULL;
862 gcry_sexp_t key = NULL, data = NULL, decrypted = NULL;
863 gcry_error_t err;
864 int type = get_var_type_by_name (lexic, "pad");
865 int pad = 0;
866
867 if (type == VAR2_INT)
868 pad = get_int_var_by_name (lexic, "pad", 0);
870 else if (type == VAR2_STRING)
871 {
872 if (!strcmp (get_str_var_by_name (lexic, "pad"), "TRUE"))
873 pad = 1;
874 }
875 else
876 {
877 nasl_perror (lexic, "Syntax : rsa_public_encrypt(data:<d>,"
878 "n:<n>, e:<e>, pad:<TRUE:FALSE>)");
879 return NULL;
880 }
881
882 retc = alloc_typed_cell (CONST_DATA);
883
884 if (mpi_from_named_parameter (lexic, &dt, "data", "nasl_rsa_private_decrypt")
885 < 0)
886 goto fail;
887 if (mpi_from_named_parameter (lexic, &e, "e", "nasl_rsa_private_decrypt") < 0)
888 goto fail;
889 if (mpi_from_named_parameter (lexic, &n, "n", "nasl_rsa_private_decrypt") < 0)
890 goto fail;
891 if (mpi_from_named_parameter (lexic, &d, "d", "nasl_rsa_private_decrypt") < 0)
892 goto fail;
893
894 err = gcry_sexp_build (&key, NULL, "(private-key (rsa (n %m) (e %m) (d %m)))",
895 n, e, d);
896 if (err)
897 {
898 print_gcrypt_error (lexic, "gcry_sexp_build privkey", err);
899 goto fail;
900 }
901
902 if (pad == 1)
903 err =
904 gcry_sexp_build (&data, NULL, "(enc-val (flags pkcs1) (rsa (a %m)))", dt);
905 else
906 err =
907 gcry_sexp_build (&data, NULL, "(enc-val (flags raw) (rsa (a %m)))", dt);
908 if (err)
909 {
910 print_gcrypt_error (lexic, "gcry_sexp_build data", err);
911 goto fail;
912 }
913
914 err = gcry_pk_decrypt (&decrypted, data, key);
915 if (err)
916 {
917 print_gcrypt_error (lexic, "gcry_pk_decrypt", err);
918 goto fail;
919 }
920
921 if (pad == 1)
922 {
923 if (set_retc_from_sexp (retc, decrypted, "value") >= 0
924 && strip_pkcs1_padding (retc) >= 0)
925 goto ret;
926 }
927 else
928 {
929 if (set_retc_from_sexp (retc, decrypted, "value") >= 0)
930 goto ret;
931 }
932
933fail:
934 retc->size = 0;
935 retc->x.str_val = g_malloc0 (1);
936ret:
937 gcry_sexp_release (decrypted);
938 gcry_sexp_release (key);
939 gcry_sexp_release (data);
940 gcry_mpi_release (dt);
941 gcry_mpi_release (e);
942 gcry_mpi_release (n);
943 gcry_mpi_release (d);
944 return retc;
945}
strip_pkcs1_padding
static int strip_pkcs1_padding(tree_cell *retc)
Strips PKCS#1 padding from the string in retc.
Definition nasl_crypto2.c:716
set_retc_from_sexp
static int set_retc_from_sexp(tree_cell *retc, gcry_sexp_t sexp, const char *token)
Sets the return value in retc from an sexpression.
Definition nasl_crypto2.c:698
get_str_var_by_name
char * get_str_var_by_name(lex_ctxt *, const char *)
Definition nasl_var.c:1118
get_var_type_by_name
int get_var_type_by_name(lex_ctxt *, const char *)
Definition nasl_var.c:1162
VAR2_STRING
@ VAR2_STRING
Definition nasl_var.h:17
VAR2_INT
@ VAR2_INT
Definition nasl_var.h:16

References alloc_typed_cell(), CONST_DATA, get_int_var_by_name(), get_str_var_by_name(), get_var_type_by_name(), mpi_from_named_parameter(), nasl_perror(), print_gcrypt_error(), set_retc_from_sexp(), TC::size, TC::str_val, strip_pkcs1_padding(), VAR2_INT, VAR2_STRING, and TC::x.

Here is the call graph for this function:

◆ nasl_rsa_public_decrypt()

tree_cell * nasl_rsa_public_decrypt ( lex_ctxt * lexic)

nasl function

rsa_public_decrypt(sig:signature, e:mpi_e, n:mpi_n)

Decrypt the data in signature (usually an rsa-encrypted hash) with the public RSA key given by its parameters e and n. The return value is the decrypted data.

Definition at line 957 of file nasl_crypto2.c.

958{
959 tree_cell *retc = NULL;
960 gcry_mpi_t e = NULL, n = NULL, s = NULL;
961 gcry_sexp_t key = NULL, sig = NULL, decrypted = NULL;
962 gcry_error_t err;
963
964 retc = alloc_typed_cell (CONST_DATA);
965
966 if (mpi_from_named_parameter (lexic, &s, "sig", "nasl_rsa_public_decrypt")
967 < 0)
968 goto fail;
969 if (mpi_from_named_parameter (lexic, &e, "e", "nasl_rsa_public_decrypt") < 0)
970 goto fail;
971 if (mpi_from_named_parameter (lexic, &n, "n", "nasl_rsa_public_decrypt") < 0)
972 goto fail;
973
974 err = gcry_sexp_build (&key, NULL, "(public-key (rsa (n %m) (e %m)))", n, e);
975 if (err)
976 {
977 print_gcrypt_error (lexic, "gcry_sexp_build pubkey", err);
978 goto fail;
979 }
980 err = gcry_sexp_build (&sig, NULL, "(data (flags raw) (value %m))", s);
981 if (err)
982 {
983 print_gcrypt_error (lexic, "gcry_sexp_build sig", err);
984 goto fail;
985 }
986
987 /* gcry_pk_encrypt is equivalent to the public key decryption at least
988 * for RSA keys. */
989 err = gcry_pk_encrypt (&decrypted, sig, key);
990 if (err)
991 {
992 print_gcrypt_error (lexic, "gcry_pk_encrypt", err);
993 goto fail;
994 }
995
996 if (set_retc_from_sexp (retc, decrypted, "a") >= 0
997 && strip_pkcs1_padding (retc) >= 0)
998 goto ret;
999
1000fail:
1001 retc->size = 0;
1002 retc->x.str_val = g_malloc0 (1);
1003ret:
1004 gcry_sexp_release (decrypted);
1005 gcry_sexp_release (key);
1006 gcry_sexp_release (sig);
1007 gcry_mpi_release (s);
1008 gcry_mpi_release (e);
1009 gcry_mpi_release (n);
1010 return retc;
1011}

References alloc_typed_cell(), CONST_DATA, mpi_from_named_parameter(), print_gcrypt_error(), set_retc_from_sexp(), TC::size, TC::str_val, strip_pkcs1_padding(), and TC::x.

Here is the call graph for this function:

◆ nasl_rsa_public_encrypt()

tree_cell * nasl_rsa_public_encrypt ( lex_ctxt * lexic)

nasl function

rsa_public_encrypt(data:data, e:mpi_e, n:mpi_n, pad:<TRUE:FALSE>)

Encrypt the provided data with the public RSA key given by its parameters e and n. The return value is the encrypted data.

TODO: In future releases, string support for padding should be removed

Definition at line 766 of file nasl_crypto2.c.

767{
768 tree_cell *retc = NULL;
769 gcry_mpi_t e = NULL, n = NULL, dt = NULL;
770 gcry_sexp_t key = NULL, data = NULL, encrypted = NULL;
771 gcry_error_t err;
772 int type = get_var_type_by_name (lexic, "pad");
773 int pad = 0;
774
775 if (type == VAR2_INT)
776 pad = get_int_var_by_name (lexic, "pad", 0);
778 else if (type == VAR2_STRING)
779 {
780 if (!strcmp (get_str_var_by_name (lexic, "pad"), "TRUE"))
781 pad = 1;
782 }
783 else
784 {
785 nasl_perror (lexic, "Syntax : rsa_public_encrypt(data:<d>,"
786 "n:<n>, e:<e>, pad:<TRUE:FALSE>)");
787 return NULL;
788 }
789
790 retc = alloc_typed_cell (CONST_DATA);
791
792 if (mpi_from_named_parameter (lexic, &dt, "data", "nasl_rsa_public_encrypt")
793 < 0)
794 goto fail;
795 if (mpi_from_named_parameter (lexic, &e, "e", "nasl_rsa_public_encrypt") < 0)
796 goto fail;
797 if (mpi_from_named_parameter (lexic, &n, "n", "nasl_rsa_public_encrypt") < 0)
798 goto fail;
799
800 err = gcry_sexp_build (&key, NULL, "(public-key (rsa (n %m) (e %m)))", n, e);
801 if (err)
802 {
803 print_gcrypt_error (lexic, "gcry_sexp_build pubkey", err);
804 goto fail;
805 }
806
807 if (pad == 1)
808 err = gcry_sexp_build (&data, NULL, "(data (flags pkcs1) (value %m))", dt);
809 else
810 err = gcry_sexp_build (&data, NULL, "(data (flags raw) (value %m))", dt);
811 if (err)
812 {
813 print_gcrypt_error (lexic, "gcry_sexp_build data", err);
814 goto fail;
815 }
816
817 err = gcry_pk_encrypt (&encrypted, data, key);
818 if (err)
819 {
820 print_gcrypt_error (lexic, "gcry_pk_encrypt", err);
821 goto fail;
822 }
823
824 if (pad == 1)
825 {
826 if (set_retc_from_sexp (retc, encrypted, "a") >= 0
827 && strip_pkcs1_padding (retc) >= 0)
828 goto ret;
829 }
830 else
831 {
832 if (set_retc_from_sexp (retc, encrypted, "a") >= 0)
833 goto ret;
834 }
835
836fail:
837 retc->size = 0;
838 retc->x.str_val = g_malloc0 (1);
839ret:
840 gcry_sexp_release (encrypted);
841 gcry_sexp_release (key);
842 gcry_sexp_release (data);
843 gcry_mpi_release (dt);
844 gcry_mpi_release (e);
845 gcry_mpi_release (n);
846 return retc;
847}

References alloc_typed_cell(), CONST_DATA, get_int_var_by_name(), get_str_var_by_name(), get_var_type_by_name(), mpi_from_named_parameter(), nasl_perror(), print_gcrypt_error(), set_retc_from_sexp(), TC::size, TC::str_val, strip_pkcs1_padding(), VAR2_INT, VAR2_STRING, and TC::x.

Here is the call graph for this function:

◆ nasl_rsa_sign()

tree_cell * nasl_rsa_sign ( lex_ctxt * lexic)

nasl function

rsa_sign(data:hash, priv:pem, passphrase:passphrase)

Signs the data with the private RSA key priv given in PEM format. The passphrase is the passphrase needed to decrypt the private key. Returns the signed data.

In the OpenSSL based nasl, the key was not given in PEM form and with a passphrase. Instead it was given as the RSA parameters e, n and d. libgcrypt always requires all the parameters (including p, g, and u), so this function was changed to simply accept the full private key in PEM form. The one place where it was called had that the key available in that form.

Definition at line 1094 of file nasl_crypto2.c.

1095{
1096 tree_cell *retc = NULL;
1097 char *data;
1098 size_t data_size;
1099 gcry_sexp_t ssig = NULL, sdata = NULL, skey = NULL;
1100 gnutls_x509_privkey_t priv_key = NULL;
1101 gcry_error_t err;
1102
1103 retc = alloc_typed_cell (CONST_DATA);
1104
1105 data = get_str_var_by_name (lexic, "data");
1106 data_size = get_var_size_by_name (lexic, "data");
1107 if (!data)
1108 goto fail;
1109
1110 priv_key = nasl_load_privkey_param (lexic, "priv", "passphrase");
1111 if (!priv_key)
1112 goto fail;
1113
1114 err = gcry_sexp_build (&sdata, NULL, "(data (flags pkcs1) (hash sha1 %b))",
1115 data_size, data);
1116 if (err)
1117 {
1118 print_gcrypt_error (lexic, "gcry_sexp_build for data", err);
1119 goto fail;
1120 }
1121
1122 skey = nasl_sexp_from_privkey (lexic, priv_key);
1123 if (!skey)
1124 goto fail;
1125
1126 err = gcry_pk_sign (&ssig, sdata, skey);
1127 if (err)
1128 {
1129 print_gcrypt_error (lexic, "gcry_pk_sign", err);
1130 goto fail;
1131 }
1132
1133 if (set_retc_from_sexp (retc, ssig, "s") >= 0)
1134 goto ret;
1135
1136fail:
1137 retc->size = 0;
1138 retc->x.str_val = g_malloc0 (1);
1139ret:
1140 gcry_sexp_release (ssig);
1141 gcry_sexp_release (sdata);
1142 gcry_sexp_release (skey);
1143 gnutls_x509_privkey_deinit (priv_key);
1144 return retc;
1145}
nasl_sexp_from_privkey
static gcry_sexp_t nasl_sexp_from_privkey(lex_ctxt *lexic, gnutls_x509_privkey_t privkey)
Definition nasl_crypto2.c:1018
nasl_load_privkey_param
static gnutls_x509_privkey_t nasl_load_privkey_param(lex_ctxt *lexic, const char *priv_name, const char *passphrase_name)
Loads a private key from a string.
Definition nasl_crypto2.c:357
get_var_size_by_name
long int get_var_size_by_name(lex_ctxt *, const char *)
Definition nasl_var.c:1138

References alloc_typed_cell(), CONST_DATA, get_str_var_by_name(), get_var_size_by_name(), nasl_load_privkey_param(), nasl_sexp_from_privkey(), print_gcrypt_error(), set_retc_from_sexp(), TC::size, TC::str_val, and TC::x.

Here is the call graph for this function:

◆ nasl_smb3kdf()

tree_cell * nasl_smb3kdf ( lex_ctxt * lexic)

Add the SMB3KDF as specified in [SP800-108] section 5.1.

Parameters
lexic
Returns
tree_cell*

Definition at line 2111 of file nasl_crypto2.c.

2112{
2113 gcry_mac_hd_t hd;
2114 gcry_error_t error;
2115 void *result, *key, *label, *context, *buf;
2116 u_char *tmp;
2117 size_t resultlen, keylen, labellen, contextlen, buflen, r = 4;
2118 u_int32_t lvalue;
2119 int i = 1;
2120 tree_cell *retc;
2121
2122 key = get_str_var_by_name (lexic, "key");
2123 keylen = get_var_size_by_name (lexic, "key");
2124 label = get_str_var_by_name (lexic, "label");
2125 labellen = get_var_size_by_name (lexic, "label");
2126 context = get_str_var_by_name (lexic, "ctx");
2127 contextlen = get_var_size_by_name (lexic, "ctx");
2128 lvalue = (u_int32_t) get_int_var_by_name (lexic, "lvalue", 0);
2129
2130 if (!key || keylen <= 0 || !label || labellen <= 0 || !context
2131 || contextlen <= 0)
2132 {
2133 nasl_perror (
2134 lexic, "Syntax: nasl_smb3kdf: Missing key, label or context argument");
2135 return NULL;
2136 }
2137
2138 if (lvalue != 128 && lvalue != 256)
2139 {
2140 nasl_perror (lexic,
2141 "nasl_smb3kdf: lvalue must have a value of 128 or 256");
2142 return NULL;
2143 }
2144
2145 if ((error = gcry_mac_open (&hd, GCRY_MAC_HMAC_SHA256, 0, NULL)))
2146 {
2147 nasl_perror (lexic, "gcry_mac_open: %s", gcry_strerror (error));
2148 gcry_mac_close (hd);
2149 return NULL;
2150 }
2151
2152 if ((error = gcry_mac_setkey (hd, key, keylen)))
2153 {
2154 nasl_perror (lexic, "gcry_mac_setkey: %s", gcry_strerror (error));
2155 gcry_mac_close (hd);
2156 return NULL;
2157 }
2158
2159 resultlen = lvalue / 8;
2160
2161 // Prepare buffer as in [SP800-108] section 5.1
2162 // [i]2 || Label || 0x00 || Context || [L]2
2163 // [i]2 is the binary presentation of the iteration. Allways 1
2164 // Label is given by caller
2165 // 0x00 is a byte set to 0
2166 // Context is given by caller
2167 // L is a integer set to 128 or 256 for smb3kdf
2168 buflen = r + labellen + 1 + contextlen + 4;
2169 buf = g_malloc0 (buflen);
2170 tmp = buf;
2171
2172 // We need bytes in big endian, but they are currently stored as little endian
2173 i = htonl (i);
2174 memcpy (tmp, &i, r);
2175 tmp = tmp + r;
2176
2177 memcpy (tmp, label, labellen);
2178 tmp = tmp + labellen;
2179 *tmp = 0;
2180 tmp = tmp + 1;
2181 memcpy (tmp, context, contextlen);
2182 tmp = tmp + contextlen;
2183
2184 // We need bytes in big endian, but they are currently stored as little endian
2185 lvalue = htonl (lvalue);
2186 memcpy (tmp, &lvalue, 4);
2187
2188 if ((error = gcry_mac_write (hd, buf, buflen)))
2189 {
2190 g_message ("gcry_mac_write: %s", gcry_strerror (error));
2191 gcry_mac_close (hd);
2192 g_free (buf);
2193 return NULL;
2194 }
2195
2196 result = g_malloc0 (resultlen);
2197 if ((error = gcry_mac_read (hd, result, &resultlen)))
2198 {
2199 g_message ("gcry_mac_read: %s", gcry_strerror (error));
2200 gcry_mac_close (hd);
2201 g_free (buf);
2202 g_free (result);
2203 return NULL;
2204 }
2205
2206 g_free (buf);
2207 gcry_mac_close (hd);
2208 retc = alloc_typed_cell (CONST_DATA);
2209 retc->x.str_val = result;
2210 retc->size = resultlen;
2211 return retc;
2212}

References alloc_typed_cell(), CONST_DATA, get_int_var_by_name(), get_str_var_by_name(), get_var_size_by_name(), cipher_table_item::hd, nasl_perror(), TC::size, TC::str_val, and TC::x.

Here is the call graph for this function: