OpenVAS Scanner  6.0.1
Macros | Functions
nasl_crypto2.c File Reference

This file contains all the crypto functionality needed by the SSH protocol. More...

#include "nasl_crypto2.h"
#include "../misc/strutils.h"
#include "nasl_debug.h"
#include "nasl_func.h"
#include "nasl_global_ctxt.h"
#include "nasl_lex_ctxt.h"
#include "nasl_misc_funcs.h"
#include "nasl_packet_forgery.h"
#include "nasl_tree.h"
#include "nasl_var.h"
#include <gcrypt.h>
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
#include <gvm/base/logging.h>

Macros

#define INTBLOB_LEN   20
 
#define SIGBLOB_LEN   (2 * INTBLOB_LEN)
 
#define G_LOG_DOMAIN   "lib nasl"
 GLib logging domain. More...
 
#define NUM_RSA_PARAMS   6
 Creates a libgcryt s-expression from a GnuTLS private RSA key. More...
 

Functions

void print_tls_error (lex_ctxt *lexic, char *txt, int err)
 Prints a GnuTLS error. More...
 
void print_gcrypt_error (lex_ctxt *lexic, char *function, int err)
 Prints a libgcrypt error. More...
 
static int mpi_from_string (lex_ctxt *lexic, gcry_mpi_t *dest, void *data, size_t len, const char *parameter, const char *function)
 Converts a string to a gcry_mpi_t. More...
 
static int mpi_from_named_parameter (lex_ctxt *lexic, gcry_mpi_t *dest, const char *parameter, const char *function)
 Converts a named nasl parameter to a gcry_mpi_t. More...
 
static int set_mpi_retc (tree_cell *retc, gcry_mpi_t mpi)
 Sets the return value in retc from the MPI mpi. More...
 
tree_cellnasl_bn_cmp (lex_ctxt *lexic)
 
tree_cellnasl_bn_random (lex_ctxt *lexic)
 
static gnutls_x509_privkey_t nasl_load_privkey_param (lex_ctxt *lexic, const char *priv_name, const char *passphrase_name)
 Loads a private key from a string. More...
 
tree_cellnasl_pem_to (lex_ctxt *lexic, int type)
 Implements the nasl functions pem_to_rsa and pem_to_dsa. More...
 
tree_cellnasl_pem_to_rsa (lex_ctxt *lexic)
 
tree_cellnasl_pem_to_dsa (lex_ctxt *lexic)
 
static gcry_mpi_t calc_dh_public (gcry_mpi_t g, gcry_mpi_t prime, gcry_mpi_t priv)
 compute the diffie hellman public key. More...
 
static gcry_mpi_t calc_dh_key (gcry_mpi_t pub, gcry_mpi_t prime, gcry_mpi_t priv)
 Compute the diffie hellman shared secret key. More...
 
tree_cellnasl_dh_generate_key (lex_ctxt *lexic)
 
tree_cellnasl_dh_compute_key (lex_ctxt *lexic)
 
static gcry_mpi_t extract_mpi_from_sexp (gcry_sexp_t sexp, const char *token)
 Extracts an MPI value from a libgcryt s-expression. More...
 
static int set_retc_from_sexp (tree_cell *retc, gcry_sexp_t sexp, const char *token)
 Sets the return value in retc from an sexpression. More...
 
static int strip_pkcs1_padding (tree_cell *retc)
 Strips PKCS#1 padding from the string in retc. More...
 
tree_cellnasl_rsa_public_encrypt (lex_ctxt *lexic)
 
tree_cellnasl_rsa_private_decrypt (lex_ctxt *lexic)
 
tree_cellnasl_rsa_public_decrypt (lex_ctxt *lexic)
 
static gcry_sexp_t nasl_sexp_from_privkey (lex_ctxt *lexic, gnutls_x509_privkey_t privkey)
 
tree_cellnasl_rsa_sign (lex_ctxt *lexic)
 
tree_cellnasl_dsa_do_verify (lex_ctxt *lexic)
 
tree_cellnasl_dsa_do_sign (lex_ctxt *lexic)
 
tree_cellnasl_bf_cbc (lex_ctxt *lexic, int enc)
 Implements the nasl functions bf_cbc_encrypt and bf_cbc_decrypt. More...
 
tree_cellnasl_bf_cbc_encrypt (lex_ctxt *lexic)
 
tree_cellnasl_bf_cbc_decrypt (lex_ctxt *lexic)
 
static tree_cellencrypt_data (lex_ctxt *lexic, int cipher, int mode)
 
tree_cellnasl_rc4_encrypt (lex_ctxt *lexic)
 
tree_cellnasl_aes128_cbc_encrypt (lex_ctxt *lexic)
 
tree_cellnasl_aes256_cbc_encrypt (lex_ctxt *lexic)
 
tree_cellnasl_aes128_ctr_encrypt (lex_ctxt *lexic)
 
tree_cellnasl_aes256_ctr_encrypt (lex_ctxt *lexic)
 
tree_cellnasl_des_ede_cbc_encrypt (lex_ctxt *lexic)
 
tree_cellnasl_aes128_gcm_encrypt (lex_ctxt *lexic)
 
tree_cellnasl_aes256_gcm_encrypt (lex_ctxt *lexic)
 

Detailed Description

This file contains all the crypto functionality needed by the SSH protocol.

Macro Definition Documentation

◆ G_LOG_DOMAIN

#define G_LOG_DOMAIN   "lib nasl"

GLib logging domain.

◆ INTBLOB_LEN

#define INTBLOB_LEN   20

◆ NUM_RSA_PARAMS

#define NUM_RSA_PARAMS   6

Creates a libgcryt s-expression from a GnuTLS private RSA key.

◆ SIGBLOB_LEN

#define SIGBLOB_LEN   (2 * INTBLOB_LEN)

Function Documentation

◆ calc_dh_key()

static gcry_mpi_t calc_dh_key ( gcry_mpi_t  pub,
gcry_mpi_t  prime,
gcry_mpi_t  priv 
)
static

Compute the diffie hellman shared secret key.

Neither GnuTLS nor libgcrypt contain a direct counterpart to OpenSSL's DH_compute_key, so we implement it ourselves. This function was copied from from gnutls and adapted to use gcrypt directly and to use a private key given as parameter to the function.

Returns
The key on success and NULL on failure.

◆ calc_dh_public()

static gcry_mpi_t calc_dh_public ( gcry_mpi_t  g,
gcry_mpi_t  prime,
gcry_mpi_t  priv 
)
static

compute the diffie hellman public key.

Neither GnuTLS nor Libgcrypt contain a direct counterpart to OpenSSL's DH_generate_key, so we implement it ourselves. This function was copied from from gnutls and adapted to use gcrypt directly and to use a private key given as parameter to the function.

Returns
The key on success and NULL on failure.

◆ encrypt_data()

static tree_cell* encrypt_data ( lex_ctxt lexic,
int  cipher,
int  mode 
)
static

◆ extract_mpi_from_sexp()

static gcry_mpi_t extract_mpi_from_sexp ( gcry_sexp_t  sexp,
const char *  token 
)
static

Extracts an MPI value from a libgcryt s-expression.

The return value is the cadr of the subexpression whose car is given by token. The function returns NULL if the token doesn't occur in the expression or on other errors.

◆ mpi_from_named_parameter()

static int mpi_from_named_parameter ( lex_ctxt lexic,
gcry_mpi_t *  dest,
const char *  parameter,
const char *  function 
)
static

Converts a named nasl parameter to a gcry_mpi_t.

The new MPI object is stored in dest. The parameter parameter is the name of the parameter to be taken from lexic. The parameter function is used in error messages to indicate the name of the nasl function.

Returns
0 on success and -1 on failure.

◆ mpi_from_string()

static int mpi_from_string ( lex_ctxt lexic,
gcry_mpi_t *  dest,
void *  data,
size_t  len,
const char *  parameter,
const char *  function 
)
static

Converts a string to a gcry_mpi_t.

The string of len bytes at data should contain the MPI as an unsigned int in bigendian form (libgcrypt's GCRYMPI_FMT_USG). The new MPI object is stored in dest. The parameters function and parameter are used in error messages to indicate the nasl function and nasl parameter name of the MPI. The lexic parameter is passed through to the error reporting functions.

The function return 0 on success and -1 on failure.

◆ nasl_aes128_cbc_encrypt()

tree_cell* nasl_aes128_cbc_encrypt ( lex_ctxt lexic)

◆ nasl_aes128_ctr_encrypt()

tree_cell* nasl_aes128_ctr_encrypt ( lex_ctxt lexic)

◆ nasl_aes128_gcm_encrypt()

tree_cell* nasl_aes128_gcm_encrypt ( lex_ctxt lexic)

◆ nasl_aes256_cbc_encrypt()

tree_cell* nasl_aes256_cbc_encrypt ( lex_ctxt lexic)

◆ nasl_aes256_ctr_encrypt()

tree_cell* nasl_aes256_ctr_encrypt ( lex_ctxt lexic)

◆ nasl_aes256_gcm_encrypt()

tree_cell* nasl_aes256_gcm_encrypt ( lex_ctxt lexic)

◆ nasl_bf_cbc()

tree_cell* nasl_bf_cbc ( lex_ctxt lexic,
int  enc 
)

Implements the nasl functions bf_cbc_encrypt and bf_cbc_decrypt.

◆ nasl_bf_cbc_decrypt()

tree_cell* nasl_bf_cbc_decrypt ( lex_ctxt lexic)

nasl function

bf_cbc_decrypt(key:key, iv:iv, data:data)

Decrypt the cipher text data using the blowfish algorithm in CBC mode with the key key and the initialization vector iv. The key must be 16 bytes long. The iv must be at least 8 bytes long. data must be a multiple of 8 bytes long.

The return value is an array a with a[0] being the plaintext data and a[1] the new initialization vector to use for the next part of the data.

◆ nasl_bf_cbc_encrypt()

tree_cell* nasl_bf_cbc_encrypt ( lex_ctxt lexic)

nasl function

bf_cbc_encrypt(key:key, iv:iv, data:data)

Encrypt the plaintext data using the blowfish algorithm in CBC mode with the key key and the initialization vector iv. The key must be 16 bytes long. The iv must be at least 8 bytes long. data must be a multiple of 8 bytes long.

The return value is an array a with a[0] being the encrypted data and a[1] the new initialization vector to use for the next part of the data.

◆ nasl_bn_cmp()

tree_cell* nasl_bn_cmp ( lex_ctxt lexic)

nasl function

bn_cmp(key1:MPI1, key2:MPI2)

Compares the MPIs key1 and key2 (given as binary strings). Returns -1 if key1 < key2, 0 if key1 == key2 and +1 if key1 > key2.

◆ nasl_bn_random()

tree_cell* nasl_bn_random ( lex_ctxt lexic)

nasl function

bn_random(need:numBits)

Returns
An MPI as a string with need bits of random data.

◆ nasl_des_ede_cbc_encrypt()

tree_cell* nasl_des_ede_cbc_encrypt ( lex_ctxt lexic)

◆ nasl_dh_compute_key()

tree_cell* nasl_dh_compute_key ( lex_ctxt lexic)

nasl function

DH_compute_key(p:mpi_p, g:mpi_g, dh_server_pub:mpi_server_pub, pub_key:mpi_client_pub, priv_key:mpi_client_priv)

Computes the Diffie-Hellman shared secret key from the shared parameters p and g, the server's public key dh_server_pub and the client's public and private keys pub_key an priv_key. The return value is the shared secret key as an MPI.

◆ nasl_dh_generate_key()

tree_cell* nasl_dh_generate_key ( lex_ctxt lexic)

nasl function

dh_generate_key(p:mpi_p, g:mpi_g, priv:mpi_priv)

Generates a Diffie-Hellman public key from the shared parameters p and g and the private parameter priv. The return value is the public key as an MPI.

◆ nasl_dsa_do_sign()

tree_cell* nasl_dsa_do_sign ( lex_ctxt lexic)

nasl function

dsa_do_sign(p:mpi_p, g:mpi_g, q:mpi_q, pub:mpi_pub, priv:mpi_priv, data:hash)

Computes the DSA signature of the hash in data using the private DSA key given by p, g, q, pub and priv. The return value is a 40 byte string encoding the two MPIs r and s of the DSA signature. The first 20 bytes are the value of r and the last 20 bytes are the value of s.

◆ nasl_dsa_do_verify()

tree_cell* nasl_dsa_do_verify ( lex_ctxt lexic)

nasl function

dsa_do_verify(p:mpi_p, g:mpi_g, q:mpi_q, pub:mpi_pub, r:mpi_r, s:mpi_s, data:hash)

Verify that the DSA signature given by r and s matches the hash given in data using the public DSA key given by p, g, q and pub. Returns 1 if the signature is valid and 0 if it's invalid.

◆ nasl_load_privkey_param()

static gnutls_x509_privkey_t nasl_load_privkey_param ( lex_ctxt lexic,
const char *  priv_name,
const char *  passphrase_name 
)
static

Loads a private key from a string.

The string is taken from the nasl parameter whose name is given by priv_name. The passphrase_name is the name of the parameter holding the passphrase if any. The string with the key must be in PEM format.

Returns
The GnuTLS private key object on success, NULL on failure.

◆ nasl_pem_to()

tree_cell* nasl_pem_to ( lex_ctxt lexic,
int  type 
)

Implements the nasl functions pem_to_rsa and pem_to_dsa.

◆ nasl_pem_to_dsa()

tree_cell* nasl_pem_to_dsa ( lex_ctxt lexic)

nasl function

pem_to_dsa(priv:PEM, passphrase:PASSPHRASE)

Reads the private key from the string priv which contains a private DSA key in PEM format. Passphrase is the passphrase needed to decrypt the private key. The function returns the parameter "x" of the DSA key as an MPI.

◆ nasl_pem_to_rsa()

tree_cell* nasl_pem_to_rsa ( lex_ctxt lexic)

nasl function

pem_to_rsa(priv:PEM, passphrase:PASSPHRASE)

Reads the private key from the string priv which contains a private RSA key in PEM format. Passphrase is the passphrase needed to decrypt the private key. The function returns the parameter "d" of the RSA key as an MPI.

◆ nasl_rc4_encrypt()

tree_cell* nasl_rc4_encrypt ( lex_ctxt lexic)

◆ nasl_rsa_private_decrypt()

tree_cell* nasl_rsa_private_decrypt ( lex_ctxt lexic)

nasl function

rsa_private_decrypt(data:data, d:mpi_d, e:mpi_e, n:mpi_n, padd:<TRUE:FALSE>)

Decrypt the provided data with the private RSA key given by its parameters d, e and n. The return value is the decrypted data in plaintext format.

TODO: In future releases, string support for padding should be removed

◆ nasl_rsa_public_decrypt()

tree_cell* nasl_rsa_public_decrypt ( lex_ctxt lexic)

nasl function

rsa_public_decrypt(sig:signature, e:mpi_e, n:mpi_n)

Decrypt the data in signature (usually an rsa-encrypted hash) with the public RSA key given by its parameters e and n. The return value is the decrypted data.

◆ nasl_rsa_public_encrypt()

tree_cell* nasl_rsa_public_encrypt ( lex_ctxt lexic)

nasl function

rsa_public_encrypt(data:data, e:mpi_e, n:mpi_n, padd:<TRUE:FALSE>)

Encrypt the provided data with the public RSA key given by its parameters e and n. The return value is the encrypted data.

TODO: In future releases, string support for padding should be removed

◆ nasl_rsa_sign()

tree_cell* nasl_rsa_sign ( lex_ctxt lexic)

nasl function

rsa_sign(data:hash, priv:pem, passphrase:passphrase)

Signs the data with the private RSA key priv given in PEM format. The passphrase is the passphrase needed to decrypt the private key. Returns the signed data.

In the OpenSSL based nasl, the key was not given in PEM form and with a passphrase. Instead it was given as the RSA parameters e, n and d. libgcrypt always requires all the parameters (including p, g, and u), so this function was changed to simply accept the full private key in PEM form. The one place where it was called had that the key available in that form.

◆ nasl_sexp_from_privkey()

static gcry_sexp_t nasl_sexp_from_privkey ( lex_ctxt lexic,
gnutls_x509_privkey_t  privkey 
)
static

◆ print_gcrypt_error()

void print_gcrypt_error ( lex_ctxt lexic,
char *  function,
int  err 
)

Prints a libgcrypt error.

The parameter err should be the libgcrypt error code

◆ print_tls_error()

void print_tls_error ( lex_ctxt lexic,
char *  txt,
int  err 
)

Prints a GnuTLS error.

The parameter err should be the GnuTLS error code

◆ set_mpi_retc()

static int set_mpi_retc ( tree_cell retc,
gcry_mpi_t  mpi 
)
static

Sets the return value in retc from the MPI mpi.

The MPI is converted to a byte string as an unsigned int in bigendian form (libgcrypts GCRYMPI_FMT_USG format).

In an earlier implementation of this function, if first byte in the string had it's most significant bit set, i.e. if it would be considered negative when interpreted as two's-complement representation, a null-byte was prepended to make sure the number is always considered positive.

However, this behavior caused problems during certain SSH operations because the buffer returned by this function would be one byte larger than expected. For now, the str_val of retc will always have the content and size returned by gcry_mpi_aprint ().

Returns
0 on success and -1 on failure.

◆ set_retc_from_sexp()

static int set_retc_from_sexp ( tree_cell retc,
gcry_sexp_t  sexp,
const char *  token 
)
static

Sets the return value in retc from an sexpression.

The function uses extract_mpi_from_sexp to extract an MPI from the sexpression sexp and the subexpression given by token. The function return 1 on success and 0 on failure.

◆ strip_pkcs1_padding()

static int strip_pkcs1_padding ( tree_cell retc)
static

Strips PKCS#1 padding from the string in retc.