Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add: more cryptography nasl function #1738

Merged
merged 2 commits into from
Nov 11, 2024
Merged

Add: more cryptography nasl function #1738

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
cf58e1f
Add: cryptography for Blowfish CBC
jjnicola Oct 18, 2024
eecf1aa
Add: cryptography for RC4
jjnicola Oct 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 21 additions & 6 deletions rust/Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 2 additions & 0 deletions rust/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,8 @@ libssh-rs = {version = "~0.2", features = ["vendored-openssl", "vendored"], opti
nasl-function-proc-macro = { path = "crates/nasl-function-proc-macro" }
nasl-c-lib = { path = "crates/nasl-c-lib", optional = true }
openssl = { version = "0.10.66", features = ["vendored"] }
blowfish = "0.9.1"
rc4 = "0.1.0"

[workspace]
resolver = "2"
Expand Down
107 changes: 107 additions & 0 deletions rust/src/nasl/builtin/cryptographic/bf_cbc.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,107 @@
// SPDX-FileCopyrightText: 2023 Greenbone AG
//
// SPDX-License-Identifier: GPL-2.0-or-later WITH x11vnc-openssl-exception

use blowfish::{
cipher::{
block_padding::{NoPadding, ZeroPadding},
BlockCipher, BlockDecrypt, BlockDecryptMut, BlockEncrypt, BlockEncryptMut, KeyInit,
KeyIvInit,
},
Blowfish,
};
use cbc::{Decryptor, Encryptor};

use crate::function_set;
use crate::nasl::syntax::NaslValue;
use crate::nasl::utils::error::FunctionErrorKind;
use crate::nasl::utils::{Context, Register};

use super::{get_data, get_iv, get_key, get_len, Crypt};

/// Base function for en- and decrypting Cipher Block Chaining (CBC) mode
fn cbc<D>(register: &Register, crypt: Crypt) -> Result<NaslValue, FunctionErrorKind>
where
D: BlockCipher + BlockEncrypt + BlockDecrypt + KeyInit,
{
// Get Arguments
let key = get_key(register)?;
let data = get_data(register)?;
let iv = get_iv(register)?;

// Mode Encrypt or Decrypt
match crypt {
Crypt::Encrypt => {
let res = Encryptor::<D>::new_from_slices(key, iv);
match res {
Ok(encryptor) => Ok(encryptor.encrypt_padded_vec_mut::<ZeroPadding>(data).into()),
Err(e) => Err(FunctionErrorKind::WrongArgument(e.to_string())),
}
}
Crypt::Decrypt => {
// length for encrypted data
let len = match get_len(register)? {
Some(x) => x,
None => data.len(),
};

// len should not be more than the length of the data
if len > data.len() {
return Err(FunctionErrorKind::wrong_argument(
"len",
format!("<={:?}", data.len()).as_str(),
len.to_string().as_str(),
));
}
let res = Decryptor::<D>::new_from_slices(key, iv);
match res {
Ok(decryptor) => Ok(decryptor
.decrypt_padded_vec_mut::<NoPadding>(data)
.map_err(|e| FunctionErrorKind::WrongArgument(e.to_string()))?[..len]
.to_vec()
.into()),
Err(e) => Err(FunctionErrorKind::WrongArgument(e.to_string())),
}
}
}
}

/// NASL function to encrypt data with blowfish cbc.
///
/// Encrypt the plaintext data using the blowfish algorithm in CBC mode
/// with the key key and the initialization vector iv. The key must be
/// 16 bytes long. The iv must be at least 8 bytes long. Data must be a
/// multiple of 8 bytes long.
///
/// The return value is an array a with a[0] being the encrypted data and
/// a[1] the new initialization vector to use for the next part of the
/// data.

fn bf_cbc_encrypt(register: &Register, _: &Context) -> Result<NaslValue, FunctionErrorKind> {
cbc::<Blowfish>(register, Crypt::Encrypt)
}

/// NASL function to decrypt data with blowfish cbc.
///
/// Decrypt the cipher text data using the blowfish algorithm in CBC mode
/// with the key key and the initialization vector iv. The key must be
/// 16 bytes long. The iv must be at least 8 bytes long. data must be a
/// multiple of 8 bytes long.
///
/// The return value is an array a with a[0] being the plaintext data
/// and a[1] the new initialization vector to use for the next part of
/// the data.
fn bf_cbc_decrypt(register: &Register, _: &Context) -> Result<NaslValue, FunctionErrorKind> {
cbc::<Blowfish>(register, Crypt::Decrypt)
}

pub struct BfCbc;

function_set! {
BfCbc,
sync_stateless,
(
bf_cbc_encrypt,
bf_cbc_decrypt,
)
}
3 changes: 3 additions & 0 deletions rust/src/nasl/builtin/cryptographic/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,11 @@ pub mod aes_cmac;
pub mod aes_ctr;
pub mod aes_gcm;
pub mod aes_gmac;
pub mod bf_cbc;
pub mod des;
pub mod hash;
pub mod hmac;
pub mod rc4;
pub mod rsa;

#[cfg(test)]
Expand Down Expand Up @@ -120,6 +122,7 @@ impl IntoFunctionSet for Cryptographic {
set.add_set(hash::Hash);
set.add_set(des::Des);
set.add_set(rsa::Rsa);
set.add_set(bf_cbc::BfCbc);
set
}
}
Loading
Loading