OpenVAS Libraries  8.0.3
Macros | Functions
nasl_crypto2.c File Reference
#include <gcrypt.h>
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
#include "openvas_logging.h"
#include "nasl_tree.h"
#include "nasl_global_ctxt.h"
#include "nasl_func.h"
#include "nasl_var.h"
#include "nasl_lex_ctxt.h"
#include "strutils.h"
#include "nasl_packet_forgery.h"
#include "nasl_debug.h"
#include "nasl_misc_funcs.h"
#include "nasl_crypto2.h"

Macros

#define INTBLOB_LEN   20
 
#define SIGBLOB_LEN   (2*INTBLOB_LEN)
 
#define NUM_RSA_PARAMS   6
 Creates a libgcryt s-expression from a GnuTLS private RSA key. More...
 

Functions

void print_tls_error (lex_ctxt *lexic, char *txt, int err)
 Prints a GnuTLS error. More...
 
void print_gcrypt_error (lex_ctxt *lexic, char *function, int err)
 Prints a libgcrypt error. More...
 
tree_cellnasl_bn_cmp (lex_ctxt *lexic)
 
tree_cellnasl_bn_random (lex_ctxt *lexic)
 
tree_cellnasl_pem_to (lex_ctxt *lexic, int type)
 Implements the nasl functions pem_to_rsa and pem_to_dsa. More...
 
tree_cellnasl_pem_to_rsa (lex_ctxt *lexic)
 
tree_cellnasl_pem_to_dsa (lex_ctxt *lexic)
 
tree_cellnasl_dh_generate_key (lex_ctxt *lexic)
 
tree_cellnasl_dh_compute_key (lex_ctxt *lexic)
 
tree_cellnasl_rsa_public_decrypt (lex_ctxt *lexic)
 
tree_cellnasl_rsa_sign (lex_ctxt *lexic)
 
tree_cellnasl_dsa_do_verify (lex_ctxt *lexic)
 
tree_cellnasl_dsa_do_sign (lex_ctxt *lexic)
 
tree_cellnasl_bf_cbc (lex_ctxt *lexic, int enc)
 Implements the nasl functions bf_cbc_encrypt and bf_cbc_decrypt. More...
 
tree_cellnasl_bf_cbc_encrypt (lex_ctxt *lexic)
 
tree_cellnasl_bf_cbc_decrypt (lex_ctxt *lexic)
 

Detailed Description

This file contains all the crypto functionality needed by the SSH protocol

Macro Definition Documentation

#define INTBLOB_LEN   20
#define NUM_RSA_PARAMS   6

Creates a libgcryt s-expression from a GnuTLS private RSA key.

#define SIGBLOB_LEN   (2*INTBLOB_LEN)

Function Documentation

tree_cell* nasl_bf_cbc ( lex_ctxt lexic,
int  enc 
)

Implements the nasl functions bf_cbc_encrypt and bf_cbc_decrypt.

tree_cell* nasl_bf_cbc_decrypt ( lex_ctxt lexic)

nasl function

bf_cbc_decrypt(key:key, iv:iv, data:data)

Decrypt the cipher text data using the blowfish algorithm in CBC mode with the key key and the initialization vector iv. The key must be 16 bytes long. The iv must be at least 8 bytes long. data must be a multiple of 8 bytes long.

The return value is an array a with a[0] being the plain text data and a[1] the new initialization vector to use for the next part of the data.

tree_cell* nasl_bf_cbc_encrypt ( lex_ctxt lexic)

nasl function

bf_cbc_encrypt(key:key, iv:iv, data:data)

Encrypt the plain text data using the blowfish algorithm in CBC mode with the key key and the initialization vector iv. The key must be 16 bytes long. The iv must be at least 8 bytes long. data must be a multiple of 8 bytes long.

The return value is an array a with a[0] being the encrypted data and a[1] the new initialization vector to use for the next part of the data.

tree_cell* nasl_bn_cmp ( lex_ctxt lexic)

nasl function

bn_cmp(key1:MPI1, key2:MPI2)

Compares the MPIs key1 and key2 (given as binary strings). Returns -1 if key1 < key2, 0 if key1 == key2 and +1 if key1 > key2.

tree_cell* nasl_bn_random ( lex_ctxt lexic)

nasl function

bn_random(need:numBits)

Returns
An MPI as a string with need bits of random data.
tree_cell* nasl_dh_compute_key ( lex_ctxt lexic)

nasl function

DH_compute_key(p:mpi_p, g:mpi_g, dh_server_pub:mpi_server_pub, pub_key:mpi_client_pub, priv_key:mpi_client_priv)

Computes the Diffie-Hellman shared secret key from the shared parameters p and g, the server's public key dh_server_pub and the client's public and private keys pub_key an priv_key. The return value is the shared secret key as an MPI.

tree_cell* nasl_dh_generate_key ( lex_ctxt lexic)

nasl function

dh_generate_key(p:mpi_p, g:mpi_g, priv:mpi_priv)

Generates a Diffie-Hellman public key from the shared parameters p and g and the private parameter priv. The return value is the public key as an MPI.

tree_cell* nasl_dsa_do_sign ( lex_ctxt lexic)

nasl function

dsa_do_sign(p:mpi_p, g:mpi_g, q:mpi_q, pub:mpi_pub, priv:mpi_priv, data:hash)

Computes the DSA signature of the hash in data using the private DSA key given by p, g, q, pub and priv. The return value is a 40 byte string encoding the two MPIs r and s of the DSA signature. The first 20 bytes are the value of r and the last 20 bytes are the value of s.

tree_cell* nasl_dsa_do_verify ( lex_ctxt lexic)

nasl function

dsa_do_verify(p:mpi_p, g:mpi_g, q:mpi_q, pub:mpi_pub, r:mpi_r, s:mpi_s, data:hash)

Verify that the DSA signature given by r and s matches the hash given in data using the public DSA key given by p, g, q and pub. Returns 1 if the signature is valid and 0 if it's invalid.

tree_cell* nasl_pem_to ( lex_ctxt lexic,
int  type 
)

Implements the nasl functions pem_to_rsa and pem_to_dsa.

tree_cell* nasl_pem_to_dsa ( lex_ctxt lexic)

nasl function

pem_to_dsa(priv:PEM, passphrase:PASSPHRASE)

Reads the private key from the string priv which contains a private DSA key in PEM format. Passphrase is the passphrase needed to decrypt the private key. The function returns the parameter "x" of the DSA key as an MPI.

tree_cell* nasl_pem_to_rsa ( lex_ctxt lexic)

nasl function

pem_to_rsa(priv:PEM, passphrase:PASSPHRASE)

Reads the private key from the string priv which contains a private RSA key in PEM format. Passphrase is the passphrase needed to decrypt the private key. The function returns the parameter "d" of the RSA key as an MPI.

tree_cell* nasl_rsa_public_decrypt ( lex_ctxt lexic)

nasl function

rsa_public_decrypt(sig:signature, e:mpi_e, n:mpi_n)

Decrypt the data in signature (usually an rsa-encrypted hash) with the public RSA key given by its parameters e and n. The return value is the decrypted data.

tree_cell* nasl_rsa_sign ( lex_ctxt lexic)

nasl function

rsa_sign(data:hash, priv:pem, passphrase:passphrase)

Signs the data with the private RSA key priv given in PEM format. The passphrase is the passphrase needed to decrypt the private key. Returns the signed data.

In the OpenSSL based nasl, the key was not given in PEM form and with a passphrase. Instead it was given as the RSA parameters e, n and d. libgcrypt always requires all the parameters (including p, g, and u), so this function was changed to simply accept the full private key in PEM form. The one place where it was called had that the key available in that form.

void print_gcrypt_error ( lex_ctxt lexic,
char *  function,
int  err 
)

Prints a libgcrypt error.

The parameter err should be the libgcrypt error code

void print_tls_error ( lex_ctxt lexic,
char *  txt,
int  err 
)

Prints a GnuTLS error.

The parameter err should be the GnuTLS error code