OpenVAS Libraries  9.0.3
nasl_crypto2.h File Reference
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

tree_cellnasl_bn_random (lex_ctxt *)
 
tree_cellnasl_dh_generate_key (lex_ctxt *)
 
tree_cellnasl_bn_cmp (lex_ctxt *)
 
tree_cellnasl_dh_compute_key (lex_ctxt *)
 
tree_cellnasl_rsa_public_encrypt (lex_ctxt *)
 
tree_cellnasl_rsa_private_decrypt (lex_ctxt *)
 
tree_cellnasl_rsa_public_decrypt (lex_ctxt *)
 
tree_cellnasl_bf_cbc_encrypt (lex_ctxt *)
 
tree_cellnasl_bf_cbc_decrypt (lex_ctxt *)
 
tree_cellnasl_dsa_do_verify (lex_ctxt *lexic)
 
tree_cellnasl_pem_to_rsa (lex_ctxt *lexic)
 
tree_cellnasl_pem_to_dsa (lex_ctxt *lexic)
 
tree_cellnasl_rsa_sign (lex_ctxt *lexic)
 
tree_cellnasl_dsa_do_sign (lex_ctxt *lexic)
 
tree_cellnasl_rc4_encrypt (lex_ctxt *lexic)
 
tree_cellnasl_aes128_cbc_encrypt (lex_ctxt *lexic)
 
tree_cellnasl_aes256_cbc_encrypt (lex_ctxt *lexic)
 
tree_cellnasl_aes128_ctr_encrypt (lex_ctxt *lexic)
 
tree_cellnasl_aes256_ctr_encrypt (lex_ctxt *lexic)
 
tree_cellnasl_des_ede_cbc_encrypt (lex_ctxt *lexic)
 
tree_cellnasl_aes128_gcm_encrypt (lex_ctxt *lexic)
 
tree_cellnasl_aes256_gcm_encrypt (lex_ctxt *lexic)
 
int generate_script_signature (char *)
 

Function Documentation

◆ generate_script_signature()

int generate_script_signature ( char *  )

◆ nasl_aes128_cbc_encrypt()

tree_cell* nasl_aes128_cbc_encrypt ( lex_ctxt lexic)

Definition at line 1540 of file nasl_crypto2.c.

1541 {
1542  return encrypt_data (lexic, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CBC);
1543 }

◆ nasl_aes128_ctr_encrypt()

tree_cell* nasl_aes128_ctr_encrypt ( lex_ctxt lexic)

Definition at line 1552 of file nasl_crypto2.c.

1553 {
1554  return encrypt_data (lexic, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR);
1555 }

◆ nasl_aes128_gcm_encrypt()

tree_cell* nasl_aes128_gcm_encrypt ( lex_ctxt lexic)

Definition at line 1570 of file nasl_crypto2.c.

1571 {
1572  return encrypt_data (lexic, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_GCM);
1573 }

◆ nasl_aes256_cbc_encrypt()

tree_cell* nasl_aes256_cbc_encrypt ( lex_ctxt lexic)

Definition at line 1546 of file nasl_crypto2.c.

1547 {
1548  return encrypt_data (lexic, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC);
1549 }

◆ nasl_aes256_ctr_encrypt()

tree_cell* nasl_aes256_ctr_encrypt ( lex_ctxt lexic)

Definition at line 1558 of file nasl_crypto2.c.

1559 {
1560  return encrypt_data (lexic, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CTR);
1561 }

◆ nasl_aes256_gcm_encrypt()

tree_cell* nasl_aes256_gcm_encrypt ( lex_ctxt lexic)

Definition at line 1576 of file nasl_crypto2.c.

1577 {
1578  return encrypt_data (lexic, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_GCM);
1579 }

◆ nasl_bf_cbc_decrypt()

tree_cell* nasl_bf_cbc_decrypt ( lex_ctxt lexic)

nasl function

bf_cbc_decrypt(key:key, iv:iv, data:data)

Decrypt the cipher text data using the blowfish algorithm in CBC mode with the key key and the initialization vector iv. The key must be 16 bytes long. The iv must be at least 8 bytes long. data must be a multiple of 8 bytes long.

The return value is an array a with a[0] being the plain text data and a[1] the new initialization vector to use for the next part of the data.

Definition at line 1422 of file nasl_crypto2.c.

1423 {
1424  return nasl_bf_cbc (lexic, 0);
1425 }
tree_cell * nasl_bf_cbc(lex_ctxt *lexic, int enc)
Implements the nasl functions bf_cbc_encrypt and bf_cbc_decrypt.

References nasl_bf_cbc().

Here is the call graph for this function:

◆ nasl_bf_cbc_encrypt()

tree_cell* nasl_bf_cbc_encrypt ( lex_ctxt lexic)

nasl function

bf_cbc_encrypt(key:key, iv:iv, data:data)

Encrypt the plain text data using the blowfish algorithm in CBC mode with the key key and the initialization vector iv. The key must be 16 bytes long. The iv must be at least 8 bytes long. data must be a multiple of 8 bytes long.

The return value is an array a with a[0] being the encrypted data and a[1] the new initialization vector to use for the next part of the data.

Definition at line 1401 of file nasl_crypto2.c.

1402 {
1403  return nasl_bf_cbc (lexic, 1);
1404 }
tree_cell * nasl_bf_cbc(lex_ctxt *lexic, int enc)
Implements the nasl functions bf_cbc_encrypt and bf_cbc_decrypt.

References nasl_bf_cbc().

Here is the call graph for this function:

◆ nasl_bn_cmp()

tree_cell* nasl_bn_cmp ( lex_ctxt lexic)

nasl function

bn_cmp(key1:MPI1, key2:MPI2)

Compares the MPIs key1 and key2 (given as binary strings). Returns -1 if key1 < key2, 0 if key1 == key2 and +1 if key1 > key2.

Definition at line 173 of file nasl_crypto2.c.

174 {
175  tree_cell *retc = NULL;
176  gcry_mpi_t key1 = NULL, key2 = NULL;
177 
178  retc = g_malloc0 (sizeof (tree_cell));
179  retc->ref_count = 1;
180  retc->type = CONST_INT;
181  retc->x.i_val = 1;
182 
183  if (mpi_from_named_parameter (lexic, &key1, "key1", "nasl_bn_cmp") < 0)
184  goto fail;
185  if (mpi_from_named_parameter (lexic, &key2, "key2", "nasl_bn_cmp") < 0)
186  goto fail;
187 
188  retc->x.i_val = gcry_mpi_cmp (key1, key2);
189 
190  /* make sure the return value is one of -1, 0, +1 */
191  if (retc->x.i_val > 0)
192  retc->x.i_val = 1;
193  if (retc->x.i_val < 0)
194  retc->x.i_val = -1;
195 
196 fail:
197  gcry_mpi_release (key1);
198  gcry_mpi_release (key2);
199  return retc;
200 }
short type
Definition: nasl_tree.h:107
short ref_count
Definition: nasl_tree.h:109
union TC::@7 x
Definition: nasl_tree.h:105
long int i_val
Definition: nasl_tree.h:114

References CONST_INT, TC::i_val, TC::ref_count, TC::type, and TC::x.

◆ nasl_bn_random()

tree_cell* nasl_bn_random ( lex_ctxt lexic)

nasl function

bn_random(need:numBits)

Returns
An MPI as a string with need bits of random data.

Definition at line 210 of file nasl_crypto2.c.

211 {
212  tree_cell *retc = NULL;
213  gcry_mpi_t key = NULL;
214  long need;
215 
216  retc = alloc_tree_cell (0, NULL);
217  retc->type = CONST_DATA;
218 
219  /* number of random bits */
220  need = get_int_local_var_by_name (lexic, "need", 0);
221 
222  key = gcry_mpi_new (0);
223  if (!key)
224  goto fail;
225 
226  gcry_mpi_randomize (key, need, GCRY_STRONG_RANDOM);
227 
228  if (set_mpi_retc (retc, key) >= 0)
229  goto ret;
230 
231 fail:
232  retc->size = 0;
233  retc->x.str_val = g_malloc0 (1);
234 ret:
235  gcry_mpi_release (key);
236  return retc;
237 }
short type
Definition: nasl_tree.h:107
char * str_val
Definition: nasl_tree.h:113
long int get_int_local_var_by_name(lex_ctxt *, const char *, int)
Definition: nasl_var.c:1240
union TC::@7 x
Definition: nasl_tree.h:105
tree_cell * alloc_tree_cell(int lnb, char *s)
Definition: nasl_tree.c:37
int size
Definition: nasl_tree.h:110

References alloc_tree_cell(), CONST_DATA, get_int_local_var_by_name(), and TC::type.

Here is the call graph for this function:

◆ nasl_des_ede_cbc_encrypt()

tree_cell* nasl_des_ede_cbc_encrypt ( lex_ctxt lexic)

Definition at line 1564 of file nasl_crypto2.c.

1565 {
1566  return encrypt_data (lexic, GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC);
1567 }

◆ nasl_dh_compute_key()

tree_cell* nasl_dh_compute_key ( lex_ctxt lexic)

nasl function

DH_compute_key(p:mpi_p, g:mpi_g, dh_server_pub:mpi_server_pub, pub_key:mpi_client_pub, priv_key:mpi_client_priv)

Computes the Diffie-Hellman shared secret key from the shared parameters p and g, the server's public key dh_server_pub and the client's public and private keys pub_key an priv_key. The return value is the shared secret key as an MPI.

Definition at line 513 of file nasl_crypto2.c.

514 {
515  tree_cell *retc = NULL;
516  gcry_mpi_t p = NULL, g = NULL, dh_server_pub = NULL;
517  gcry_mpi_t pub_key = NULL, priv_key = NULL;
518  gcry_mpi_t shared = NULL;
519 
520  retc = alloc_tree_cell (0, NULL);
521  retc->type = CONST_DATA;
522 
523  if (mpi_from_named_parameter (lexic, &p, "p", "nasl_dh_compute_key") < 0)
524  goto fail;
525  if (mpi_from_named_parameter (lexic, &g, "g", "nasl_dh_compute_key") < 0)
526  goto fail;
527  if (mpi_from_named_parameter
528  (lexic, &dh_server_pub, "dh_server_pub", "nasl_dh_compute_key") < 0)
529  goto fail;
530  if (mpi_from_named_parameter
531  (lexic, &pub_key, "pub_key", "nasl_dh_compute_key") < 0)
532  goto fail;
533  if (mpi_from_named_parameter
534  (lexic, &priv_key, "priv_key", "nasl_dh_compute_key") < 0)
535  goto fail;
536 
537  shared = calc_dh_key (dh_server_pub, p, priv_key);
538 
539  if (set_mpi_retc (retc, shared) >= 0)
540  goto ret;
541 
542 fail:
543  retc->size = 0;
544  retc->x.str_val = g_malloc0 (1);
545 ret:
546  gcry_mpi_release (p);
547  gcry_mpi_release (g);
548  gcry_mpi_release (dh_server_pub);
549  gcry_mpi_release (priv_key);
550  gcry_mpi_release (pub_key);
551  gcry_mpi_release (shared);
552  return retc;
553 }
short type
Definition: nasl_tree.h:107
char * str_val
Definition: nasl_tree.h:113
union TC::@7 x
Definition: nasl_tree.h:105
tree_cell * alloc_tree_cell(int lnb, char *s)
Definition: nasl_tree.c:37
int size
Definition: nasl_tree.h:110

References alloc_tree_cell(), CONST_DATA, and TC::type.

Here is the call graph for this function:

◆ nasl_dh_generate_key()

tree_cell* nasl_dh_generate_key ( lex_ctxt lexic)

nasl function

dh_generate_key(p:mpi_p, g:mpi_g, priv:mpi_priv)

Generates a Diffie-Hellman public key from the shared parameters p and g and the private parameter priv. The return value is the public key as an MPI.

Definition at line 467 of file nasl_crypto2.c.

468 {
469  tree_cell *retc = NULL;
470  gcry_mpi_t p = NULL, g = NULL, priv = NULL, pub_mpi = NULL;
471 
472  retc = alloc_tree_cell (0, NULL);
473  retc->type = CONST_DATA;
474 
475  if (mpi_from_named_parameter (lexic, &p, "p", "nasl_dh_generate_key") < 0)
476  goto fail;
477  if (mpi_from_named_parameter (lexic, &g, "g", "nasl_dh_generate_key") < 0)
478  goto fail;
479  if (mpi_from_named_parameter (lexic, &priv, "priv", "nasl_dh_generate_key") <
480  0)
481  goto fail;
482 
483  pub_mpi = calc_dh_public (g, p, priv);
484  if (pub_mpi == NULL)
485  goto fail;
486 
487  if (set_mpi_retc (retc, pub_mpi) >= 0)
488  goto ret;
489 
490 fail:
491  retc->x.str_val = g_malloc0 (1);
492  retc->size = 0;
493 ret:
494  gcry_mpi_release (p);
495  gcry_mpi_release (g);
496  gcry_mpi_release (priv);
497  gcry_mpi_release (pub_mpi);
498  return retc;
499 }
short type
Definition: nasl_tree.h:107
char * str_val
Definition: nasl_tree.h:113
union TC::@7 x
Definition: nasl_tree.h:105
tree_cell * alloc_tree_cell(int lnb, char *s)
Definition: nasl_tree.c:37
int size
Definition: nasl_tree.h:110

References alloc_tree_cell(), CONST_DATA, and TC::type.

Here is the call graph for this function:

◆ nasl_dsa_do_sign()

tree_cell* nasl_dsa_do_sign ( lex_ctxt lexic)

nasl function

dsa_do_sign(p:mpi_p, g:mpi_g, q:mpi_q, pub:mpi_pub, priv:mpi_priv, data:hash)

Computes the DSA signature of the hash in data using the private DSA key given by p, g, q, pub and priv. The return value is a 40 byte string encoding the two MPIs r and s of the DSA signature. The first 20 bytes are the value of r and the last 20 bytes are the value of s.

Definition at line 1138 of file nasl_crypto2.c.

1139 {
1140  tree_cell *retc = NULL;
1141  gcry_mpi_t p = NULL, g = NULL, q = NULL, pub = NULL, priv = NULL, data = NULL;
1142  gcry_mpi_t r = NULL, s = NULL;
1143  gcry_sexp_t ssig = NULL, skey = NULL, sdata = NULL;
1144  long rlen, slen;
1145  unsigned char *sigblob = NULL;
1146  gcry_error_t err;
1147 
1148  retc = g_malloc0 (sizeof (tree_cell));
1149  retc->ref_count = 1;
1150  retc->type = CONST_DATA;
1151  retc->x.i_val = 0;
1152 
1153  if (mpi_from_named_parameter (lexic, &p, "p", "nasl_dsa_do_sign") < 0)
1154  goto fail;
1155  if (mpi_from_named_parameter (lexic, &g, "g", "nasl_dsa_do_sign") < 0)
1156  goto fail;
1157  if (mpi_from_named_parameter (lexic, &q, "q", "nasl_dsa_do_sign") < 0)
1158  goto fail;
1159  if (mpi_from_named_parameter (lexic, &pub, "pub", "nasl_dsa_do_sign") < 0)
1160  goto fail;
1161  if (mpi_from_named_parameter (lexic, &priv, "priv", "nasl_dsa_do_sign") < 0)
1162  goto fail;
1163  if (mpi_from_named_parameter (lexic, &data, "data", "nasl_dsa_do_sign") < 0)
1164  goto fail;
1165 
1166  err = gcry_sexp_build (&sdata, NULL, "(data (flags raw) (value %m))", data);
1167  if (err)
1168  {
1169  print_gcrypt_error (lexic, "gcry_sexp_build for data", err);
1170  goto fail;
1171  }
1172 
1173  err =
1174  gcry_sexp_build (&skey, NULL,
1175  "(private-key (dsa (p %m) (q %m) (g %m) (y %m) (x %m)))",
1176  p, q, g, pub, priv);
1177  if (err)
1178  {
1179  print_gcrypt_error (lexic, "gcry_sexp_build for private-key", err);
1180  goto fail;
1181  }
1182 
1183  err = gcry_pk_sign (&ssig, sdata, skey);
1184  if (err)
1185  {
1186  print_gcrypt_error (lexic, "gcry_pk_sign", err);
1187  goto fail;
1188  }
1189 
1190  r = extract_mpi_from_sexp (ssig, "r");
1191  s = extract_mpi_from_sexp (ssig, "s");
1192  if (!r || !s)
1193  goto fail;
1194 
1195  rlen = (gcry_mpi_get_nbits (r) + 7) / 8;
1196  slen = (gcry_mpi_get_nbits (s) + 7) / 8;
1197  if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN)
1198  {
1199  nasl_perror (lexic, "rlen (%d) or slen (%d) > INTBLOB_LEN (%d)\n", rlen,
1200  slen, INTBLOB_LEN);
1201  goto fail;
1202  }
1203 
1204  sigblob = g_malloc0 (SIGBLOB_LEN);
1205  memset (sigblob, 0, SIGBLOB_LEN);
1206 
1207  err =
1208  gcry_mpi_print (GCRYMPI_FMT_USG,
1209  (unsigned char *) (sigblob + SIGBLOB_LEN - INTBLOB_LEN -
1210  rlen), rlen, NULL, r);
1211  if (err)
1212  {
1213  print_gcrypt_error (lexic, "gcry_mpi_print(r)", err);
1214  goto fail;
1215  }
1216  err =
1217  gcry_mpi_print (GCRYMPI_FMT_USG,
1218  (unsigned char *) (sigblob + SIGBLOB_LEN - slen), rlen,
1219  NULL, s);
1220  if (err)
1221  {
1222  print_gcrypt_error (lexic, "gcry_mpi_print(s)", err);
1223  goto fail;
1224  }
1225 
1226  retc->x.str_val = (char *) sigblob;
1227  sigblob = NULL;
1228  retc->size = SIGBLOB_LEN;
1229 
1230 fail:
1231  gcry_mpi_release (p);
1232  gcry_mpi_release (g);
1233  gcry_mpi_release (q);
1234  gcry_mpi_release (pub);
1235  gcry_mpi_release (priv);
1236  gcry_mpi_release (data);
1237  gcry_mpi_release (r);
1238  gcry_mpi_release (s);
1239  gcry_sexp_release (ssig);
1240  gcry_sexp_release (skey);
1241  gcry_sexp_release (sdata);
1242  g_free (sigblob);
1243 
1244  return retc;
1245 }
#define err(x)
short type
Definition: nasl_tree.h:107
char * str_val
Definition: nasl_tree.h:113
short ref_count
Definition: nasl_tree.h:109
union TC::@7 x
void print_gcrypt_error(lex_ctxt *lexic, char *function, int err)
Prints a libgcrypt error.
Definition: nasl_crypto2.c:64
Definition: nasl_tree.h:105
void nasl_perror(lex_ctxt *lexic, char *msg,...)
Definition: nasl_debug.c:94
long int i_val
Definition: nasl_tree.h:114
#define SIGBLOB_LEN
Definition: nasl_crypto2.c:45
#define INTBLOB_LEN
Definition: nasl_crypto2.c:44
int size
Definition: nasl_tree.h:110

References CONST_DATA, err, TC::i_val, TC::ref_count, TC::type, and TC::x.

◆ nasl_dsa_do_verify()

tree_cell* nasl_dsa_do_verify ( lex_ctxt lexic)

nasl function

dsa_do_verify(p:mpi_p, g:mpi_g, q:mpi_q, pub:mpi_pub, r:mpi_r, s:mpi_s, data:hash)

Verify that the DSA signature given by r and s matches the hash given in data using the public DSA key given by p, g, q and pub. Returns 1 if the signature is valid and 0 if it's invalid.

Definition at line 1048 of file nasl_crypto2.c.

1049 {
1050  tree_cell *retc = NULL;
1051  gcry_mpi_t p = NULL, g = NULL, q = NULL, pub = NULL, data = NULL;
1052  gcry_mpi_t r = NULL, s = NULL;
1053  gcry_sexp_t ssig = NULL, skey = NULL, sdata = NULL;
1054  gcry_error_t err;
1055 
1056  retc = g_malloc0 (sizeof (tree_cell));
1057  retc->ref_count = 1;
1058  retc->type = CONST_INT;
1059  retc->x.i_val = 0;
1060 
1061  if (mpi_from_named_parameter (lexic, &p, "p", "nasl_dsa_do_sign") < 0)
1062  goto fail;
1063  if (mpi_from_named_parameter (lexic, &g, "g", "nasl_dsa_do_sign") < 0)
1064  goto fail;
1065  if (mpi_from_named_parameter (lexic, &q, "q", "nasl_dsa_do_sign") < 0)
1066  goto fail;
1067  if (mpi_from_named_parameter (lexic, &pub, "pub", "nasl_dsa_do_sign") < 0)
1068  goto fail;
1069  if (mpi_from_named_parameter (lexic, &r, "r", "nasl_dsa_do_sign") < 0)
1070  goto fail;
1071  if (mpi_from_named_parameter (lexic, &s, "s", "nasl_dsa_do_sign") < 0)
1072  goto fail;
1073  if (mpi_from_named_parameter (lexic, &data, "data", "nasl_dsa_do_sign") < 0)
1074  goto fail;
1075 
1076  err = gcry_sexp_build (&sdata, NULL, "(data (flags raw) (value %m))", data);
1077  if (err)
1078  {
1079  print_gcrypt_error (lexic, "gcry_sexp_build for data", err);
1080  goto fail;
1081  }
1082 
1083  err =
1084  gcry_sexp_build (&skey, NULL,
1085  "(public-key (dsa (p %m) (q %m) (g %m) (y %m)))", p, q, g,
1086  pub);
1087  if (err)
1088  {
1089  print_gcrypt_error (lexic, "gcry_sexp_build for private key", err);
1090  goto fail;
1091  }
1092 
1093  err = gcry_sexp_build (&ssig, NULL, "(sig-val (dsa (r %m) (s %m)))", r, s);
1094  if (err)
1095  {
1096  print_gcrypt_error (lexic, "gcry_sexp_build for signature", err);
1097  goto fail;
1098  }
1099 
1100  err = gcry_pk_verify (ssig, sdata, skey);
1101  if (err == 0)
1102  retc->x.i_val = 1;
1103  else if (gcry_err_code (err) == GPG_ERR_BAD_SIGNATURE)
1104  retc->x.i_val = 0;
1105  else
1106  {
1107  print_gcrypt_error (lexic, "gcry_pk_sign", err);
1108  goto fail;
1109  }
1110 
1111 fail:
1112  gcry_mpi_release (p);
1113  gcry_mpi_release (g);
1114  gcry_mpi_release (q);
1115  gcry_mpi_release (pub);
1116  gcry_mpi_release (r);
1117  gcry_mpi_release (s);
1118  gcry_mpi_release (data);
1119  gcry_sexp_release (ssig);
1120  gcry_sexp_release (skey);
1121  gcry_sexp_release (sdata);
1122 
1123  return retc;
1124 }
#define err(x)
short type
Definition: nasl_tree.h:107
short ref_count
Definition: nasl_tree.h:109
union TC::@7 x
void print_gcrypt_error(lex_ctxt *lexic, char *function, int err)
Prints a libgcrypt error.
Definition: nasl_crypto2.c:64
Definition: nasl_tree.h:105
long int i_val
Definition: nasl_tree.h:114

References CONST_INT, err, TC::i_val, TC::ref_count, TC::type, and TC::x.

◆ nasl_pem_to_dsa()

tree_cell* nasl_pem_to_dsa ( lex_ctxt lexic)

nasl function

pem_to_dsa(priv:PEM, passphrase:PASSPHRASE)

Reads the private key from the string priv which contains a private DSA key in PEM format. Passphrase is the passphrase needed to decrypt the private key. The function returns the parameter "x" of the DSA key as an MPI.

Definition at line 397 of file nasl_crypto2.c.

398 {
399  return nasl_pem_to (lexic, 1);
400 }
tree_cell * nasl_pem_to(lex_ctxt *lexic, int type)
Implements the nasl functions pem_to_rsa and pem_to_dsa.
Definition: nasl_crypto2.c:296

References nasl_pem_to().

Here is the call graph for this function:

◆ nasl_pem_to_rsa()

tree_cell* nasl_pem_to_rsa ( lex_ctxt lexic)

nasl function

pem_to_rsa(priv:PEM, passphrase:PASSPHRASE)

Reads the private key from the string priv which contains a private RSA key in PEM format. Passphrase is the passphrase needed to decrypt the private key. The function returns the parameter "d" of the RSA key as an MPI.

Definition at line 380 of file nasl_crypto2.c.

381 {
382  return nasl_pem_to (lexic, 0);
383 }
tree_cell * nasl_pem_to(lex_ctxt *lexic, int type)
Implements the nasl functions pem_to_rsa and pem_to_dsa.
Definition: nasl_crypto2.c:296

References nasl_pem_to().

Here is the call graph for this function:

◆ nasl_rc4_encrypt()

tree_cell* nasl_rc4_encrypt ( lex_ctxt lexic)

Definition at line 1534 of file nasl_crypto2.c.

1535 {
1536  return encrypt_data (lexic, GCRY_CIPHER_ARCFOUR, GCRY_CIPHER_MODE_STREAM);
1537 }

◆ nasl_rsa_private_decrypt()

tree_cell* nasl_rsa_private_decrypt ( lex_ctxt lexic)

nasl function

rsa_private_decrypt(data:data, d:mpi_d, e:mpi_e, n:mpi_n, padd:<TRUE:FALSE>)

Decrypt the provided data with the private RSA key given by its parameters d, e and n. The return value is the decrypted data in plantext format.

Definition at line 747 of file nasl_crypto2.c.

748 {
749  tree_cell *retc = NULL;
750  gcry_mpi_t e = NULL, n = NULL, d = NULL, dt = NULL;
751  gcry_sexp_t key = NULL, data = NULL, decrypted = NULL;
752  gcry_error_t err;
753  char *pad = (char *) get_str_var_by_name (lexic, "pad");
754 
755  if (pad == NULL)
756  {
757  nasl_perror (lexic,
758  "Syntax : rsa_public_encrypt(data:<d>,"
759  "n:<n>, d:<d>, e:<e>, pad:<pad>)");
760  return NULL;
761  }
762  retc = alloc_tree_cell (0, NULL);
763  retc->type = CONST_DATA;
764 
765  if (mpi_from_named_parameter (lexic, &dt, "data",
766  "nasl_rsa_private_decrypt") < 0)
767  goto fail;
768  if (mpi_from_named_parameter (lexic, &e, "e", "nasl_rsa_private_decrypt") < 0)
769  goto fail;
770  if (mpi_from_named_parameter (lexic, &n, "n", "nasl_rsa_private_decrypt") < 0)
771  goto fail;
772  if (mpi_from_named_parameter (lexic, &d, "d", "nasl_rsa_private_decrypt") < 0)
773  goto fail;
774 
775  err = gcry_sexp_build (&key, NULL, "(private-key (rsa (n %m) (e %m) (d %m)))",
776  n, e, d);
777  if (err)
778  {
779  print_gcrypt_error (lexic, "gcry_sexp_build privkey", err);
780  goto fail;
781  }
782 
783  if (strcmp (pad,"TRUE") == 0)
784  err = gcry_sexp_build (&data, NULL, "(enc-val (flags pkcs1) (rsa (a %m)))",
785  dt);
786  else
787  err = gcry_sexp_build (&data, NULL, "(enc-val (flags raw) (rsa (a %m)))",
788  dt);
789  if (err)
790  {
791  print_gcrypt_error (lexic, "gcry_sexp_build data", err);
792  goto fail;
793  }
794 
795  err = gcry_pk_decrypt (&decrypted, data, key);
796  if (err)
797  {
798  print_gcrypt_error (lexic, "gcry_pk_decrypt", err);
799  goto fail;
800  }
801 
802  if (strcmp (pad,"TRUE") == 0)
803  {
804  if (set_retc_from_sexp (retc, decrypted, "value") >= 0 &&
805  strip_pkcs1_padding (retc) >= 0)
806  goto ret;
807  }
808  else
809  {
810  if (set_retc_from_sexp (retc, decrypted, "value") >= 0)
811  goto ret;
812  }
813 
814 fail:
815  retc->size = 0;
816  retc->x.str_val = g_malloc0 (1);
817 ret:
818  gcry_sexp_release (decrypted);
819  gcry_sexp_release (key);
820  gcry_sexp_release (data);
821  gcry_mpi_release (dt);
822  gcry_mpi_release (e);
823  gcry_mpi_release (n);
824  gcry_mpi_release (d);
825  return retc;
826 }
#define err(x)
short type
Definition: nasl_tree.h:107
char * str_val
Definition: nasl_tree.h:113
union TC::@7 x
char * get_str_var_by_name(lex_ctxt *, const char *)
Definition: nasl_var.c:1255
void print_gcrypt_error(lex_ctxt *lexic, char *function, int err)
Prints a libgcrypt error.
Definition: nasl_crypto2.c:64
Definition: nasl_tree.h:105
void nasl_perror(lex_ctxt *lexic, char *msg,...)
Definition: nasl_debug.c:94
tree_cell * alloc_tree_cell(int lnb, char *s)
Definition: nasl_tree.c:37
int size
Definition: nasl_tree.h:110

References alloc_tree_cell(), CONST_DATA, err, get_str_var_by_name(), nasl_perror(), and TC::type.

Here is the call graph for this function:

◆ nasl_rsa_public_decrypt()

tree_cell* nasl_rsa_public_decrypt ( lex_ctxt lexic)

nasl function

rsa_public_decrypt(sig:signature, e:mpi_e, n:mpi_n)

Decrypt the data in signature (usually an rsa-encrypted hash) with the public RSA key given by its parameters e and n. The return value is the decrypted data.

Definition at line 838 of file nasl_crypto2.c.

839 {
840  tree_cell *retc = NULL;
841  gcry_mpi_t e = NULL, n = NULL, s = NULL;
842  gcry_sexp_t key = NULL, sig = NULL, decrypted = NULL;
843  gcry_error_t err;
844 
845  retc = alloc_tree_cell (0, NULL);
846  retc->type = CONST_DATA;
847 
848  if (mpi_from_named_parameter (lexic, &s, "sig", "nasl_rsa_public_decrypt") <
849  0)
850  goto fail;
851  if (mpi_from_named_parameter (lexic, &e, "e", "nasl_rsa_public_decrypt") < 0)
852  goto fail;
853  if (mpi_from_named_parameter (lexic, &n, "n", "nasl_rsa_public_decrypt") < 0)
854  goto fail;
855 
856  err = gcry_sexp_build (&key, NULL, "(public-key (rsa (n %m) (e %m)))", n, e);
857  if (err)
858  {
859  print_gcrypt_error (lexic, "gcry_sexp_build pubkey", err);
860  goto fail;
861  }
862  err = gcry_sexp_build (&sig, NULL, "(data (flags raw) (value %m))", s);
863  if (err)
864  {
865  print_gcrypt_error (lexic, "gcry_sexp_build sig", err);
866  goto fail;
867  }
868 
869  /* gcry_pk_encrypt is equivalent to the public key decryption at least
870  * for RSA keys. */
871  err = gcry_pk_encrypt (&decrypted, sig, key);
872  if (err)
873  {
874  print_gcrypt_error (lexic, "gcry_pk_encrypt", err);
875  goto fail;
876  }
877 
878  if (set_retc_from_sexp (retc, decrypted, "a") >= 0
879  && strip_pkcs1_padding (retc) >= 0)
880  goto ret;
881 
882 fail:
883  retc->size = 0;
884  retc->x.str_val = g_malloc0 (1);
885 ret:
886  gcry_sexp_release (decrypted);
887  gcry_sexp_release (key);
888  gcry_sexp_release (sig);
889  gcry_mpi_release (s);
890  gcry_mpi_release (e);
891  gcry_mpi_release (n);
892  return retc;
893 }
#define err(x)
short type
Definition: nasl_tree.h:107
char * str_val
Definition: nasl_tree.h:113
union TC::@7 x
void print_gcrypt_error(lex_ctxt *lexic, char *function, int err)
Prints a libgcrypt error.
Definition: nasl_crypto2.c:64
Definition: nasl_tree.h:105
tree_cell * alloc_tree_cell(int lnb, char *s)
Definition: nasl_tree.c:37
int size
Definition: nasl_tree.h:110

References alloc_tree_cell(), CONST_DATA, err, and TC::type.

Here is the call graph for this function:

◆ nasl_rsa_public_encrypt()

tree_cell* nasl_rsa_public_encrypt ( lex_ctxt lexic)

nasl function

rsa_public_encrypt(data:data, e:mpi_e, n:mpi_n, padd:<TRUE:FALSE>)

Encrypt the provided data with the public RSA key given by its parameters e and n. The return value is the encrypted data.

Definition at line 663 of file nasl_crypto2.c.

664 {
665  tree_cell *retc = NULL;
666  gcry_mpi_t e = NULL, n = NULL, dt = NULL;
667  gcry_sexp_t key = NULL, data = NULL, encrypted = NULL;
668  gcry_error_t err;
669  char *pad = (char *) get_str_var_by_name (lexic, "pad");
670 
671  if (pad == NULL)
672  {
673  nasl_perror (lexic,
674  "Syntax : rsa_public_encrypt(data:<d>,"
675  "n:<n>, e:<e>, pad:<pad>)");
676  return NULL;
677  }
678  retc = alloc_tree_cell (0, NULL);
679  retc->type = CONST_DATA;
680 
681  if (mpi_from_named_parameter (lexic, &dt, "data", "nasl_rsa_public_encrypt") <
682  0)
683  goto fail;
684  if (mpi_from_named_parameter (lexic, &e, "e", "nasl_rsa_public_encrypt") < 0)
685  goto fail;
686  if (mpi_from_named_parameter (lexic, &n, "n", "nasl_rsa_public_encrypt") < 0)
687  goto fail;
688 
689  err = gcry_sexp_build (&key, NULL, "(public-key (rsa (n %m) (e %m)))", n, e);
690  if (err)
691  {
692  print_gcrypt_error (lexic, "gcry_sexp_build pubkey", err);
693  goto fail;
694  }
695 
696  if (strcmp (pad,"TRUE") == 0)
697  err = gcry_sexp_build (&data, NULL, "(data (flags pkcs1) (value %m))", dt);
698  else
699  err = gcry_sexp_build (&data, NULL, "(data (flags raw) (value %m))", dt);
700  if (err)
701  {
702  print_gcrypt_error (lexic, "gcry_sexp_build data", err);
703  goto fail;
704  }
705 
706  err = gcry_pk_encrypt (&encrypted, data, key);
707  if (err)
708  {
709  print_gcrypt_error (lexic, "gcry_pk_encrypt", err);
710  goto fail;
711  }
712 
713  if (strcmp (pad,"TRUE") == 0)
714  {
715  if (set_retc_from_sexp (retc, encrypted, "a") >= 0 &&
716  strip_pkcs1_padding (retc) >= 0)
717  goto ret;
718  }
719  else
720  {
721  if (set_retc_from_sexp (retc, encrypted, "a") >= 0)
722  goto ret;
723  }
724 
725 fail:
726  retc->size = 0;
727  retc->x.str_val = g_malloc0 (1);
728 ret:
729  gcry_sexp_release (encrypted);
730  gcry_sexp_release (key);
731  gcry_sexp_release (data);
732  gcry_mpi_release (dt);
733  gcry_mpi_release (e);
734  gcry_mpi_release (n);
735  return retc;
736 }
#define err(x)
short type
Definition: nasl_tree.h:107
char * str_val
Definition: nasl_tree.h:113
union TC::@7 x
char * get_str_var_by_name(lex_ctxt *, const char *)
Definition: nasl_var.c:1255
void print_gcrypt_error(lex_ctxt *lexic, char *function, int err)
Prints a libgcrypt error.
Definition: nasl_crypto2.c:64
Definition: nasl_tree.h:105
void nasl_perror(lex_ctxt *lexic, char *msg,...)
Definition: nasl_debug.c:94
tree_cell * alloc_tree_cell(int lnb, char *s)
Definition: nasl_tree.c:37
int size
Definition: nasl_tree.h:110

References alloc_tree_cell(), CONST_DATA, err, get_str_var_by_name(), nasl_perror(), and TC::type.

Here is the call graph for this function:

◆ nasl_rsa_sign()

tree_cell* nasl_rsa_sign ( lex_ctxt lexic)

nasl function

rsa_sign(data:hash, priv:pem, passphrase:passphrase)

Signs the data with the private RSA key priv given in PEM format. The passphrase is the passphrase needed to decrypt the private key. Returns the signed data.

In the OpenSSL based nasl, the key was not given in PEM form and with a passphrase. Instead it was given as the RSA parameters e, n and d. libgcrypt always requires all the parameters (including p, g, and u), so this function was changed to simply accept the full private key in PEM form. The one place where it was called had that the key available in that form.

Definition at line 980 of file nasl_crypto2.c.

981 {
982  tree_cell *retc = NULL;
983  char *data;
984  int data_size;
985  gcry_sexp_t ssig = NULL, sdata = NULL, skey = NULL;
986  gnutls_x509_privkey_t priv_key = NULL;
987  gcry_error_t err;
988 
989  retc = alloc_tree_cell (0, NULL);
990  retc->type = CONST_DATA;
991 
992  data = get_str_local_var_by_name (lexic, "data");
993  data_size = get_var_size_by_name (lexic, "data");
994  if (!data)
995  goto fail;
996 
997  priv_key = nasl_load_privkey_param (lexic, "priv", "passphrase");
998  if (!priv_key)
999  goto fail;
1000 
1001  err =
1002  gcry_sexp_build (&sdata, NULL, "(data (flags pkcs1) (hash sha1 %b))",
1003  data_size, data);
1004  if (err)
1005  {
1006  print_gcrypt_error (lexic, "gcry_sexp_build for data", err);
1007  goto fail;
1008  }
1009 
1010  skey = nasl_sexp_from_privkey (lexic, priv_key);
1011  if (!skey)
1012  goto fail;
1013 
1014 
1015  err = gcry_pk_sign (&ssig, sdata, skey);
1016  if (err)
1017  {
1018  print_gcrypt_error (lexic, "gcry_pk_sign", err);
1019  goto fail;
1020  }
1021 
1022  if (set_retc_from_sexp (retc, ssig, "s") >= 0)
1023  goto ret;
1024 
1025 fail:
1026  retc->size = 0;
1027  retc->x.str_val = g_malloc0 (1);
1028 ret:
1029  gcry_sexp_release (ssig);
1030  gcry_sexp_release (sdata);
1031  gcry_sexp_release (skey);
1032  gnutls_x509_privkey_deinit (priv_key);
1033  return retc;
1034 }
#define err(x)
short type
Definition: nasl_tree.h:107
char * str_val
Definition: nasl_tree.h:113
char * get_str_local_var_by_name(lex_ctxt *, const char *)
Definition: nasl_var.c:1262
union TC::@7 x
void print_gcrypt_error(lex_ctxt *lexic, char *function, int err)
Prints a libgcrypt error.
Definition: nasl_crypto2.c:64
Definition: nasl_tree.h:105
tree_cell * alloc_tree_cell(int lnb, char *s)
Definition: nasl_tree.c:37
int get_var_size_by_name(lex_ctxt *, const char *)
Definition: nasl_var.c:1291
int size
Definition: nasl_tree.h:110

References alloc_tree_cell(), CONST_DATA, err, get_str_local_var_by_name(), get_var_size_by_name(), and TC::type.

Here is the call graph for this function: