41 #include <glib/gstdio.h> 45 #include <gnutls/gnutls.h> 46 #include <gnutls/x509.h> 48 #include "../misc/openvas_logging.h" 60 # define DIM(v) (sizeof(v)/sizeof((v)[0])) 61 # define DIMof(type,member) DIM(((type *)0)->member) 65 #define spacep(p) (*(p) == ' ' || *(p) == '\t') 66 #define digitp(p) (*(p) >= '0' && *(p) <= '9') 67 #define hexdigitp(a) (digitp (a) \ 68 || (*(a) >= 'A' && *(a) <= 'F') \ 69 || (*(a) >= 'a' && *(a) <= 'f')) 72 #define atoi_1(p) (*(p) - '0' ) 73 #define atoi_2(p) ((atoi_1(p) * 10) + atoi_1((p)+1)) 74 #define atoi_4(p) ((atoi_2(p) * 100) + atoi_2((p)+2)) 75 #define xtoi_1(p) (*(p) <= '9'? (*(p)- '0'): \ 76 *(p) <= 'F'? (*(p)-'A'+10):(*(p)-'a'+10)) 77 #define xtoi_2(p) ((xtoi_1((const unsigned char *)(p)) * 16) \ 78 + xtoi_1((const unsigned char *)(p)+1)) 81 #define tohex(n) ((n) < 10 ? ((n) + '0') : (((n) - 10) + 'A')) 114 next_object_id (
void)
139 for (obj = object_list; obj; obj = obj->
next)
182 ksba_reader_t reader;
193 err = ksba_reader_new (&reader);
200 err = ksba_reader_set_mem (reader, data, datalen);
204 ksba_reader_release (reader);
208 err = ksba_cert_new (&cert);
212 ksba_reader_release (reader);
216 err = ksba_cert_read_der (cert, reader);
221 ksba_reader_release (reader);
222 ksba_cert_release (cert);
225 ksba_reader_release (reader);
227 obj = g_try_malloc (
sizeof *obj);
231 ksba_cert_release (cert);
236 obj->
next = object_list;
278 for (prevobj = NULL, obj = object_list; obj; prevobj = obj, obj = obj->
next)
279 if (obj->object_id == object_id)
291 object_list = obj->
next;
293 ksba_cert_release (obj->cert);
302 parse_dn_part_for_CN (
const char *
string,
char **r_value)
312 for (s =
string+1; *s && *s !=
'='; s++)
320 found = (n == 2 &&
string[0] ==
'C' &&
string[1] ==
'N');
333 *r_value = p = g_malloc0 (n + 1);
335 for (s1=
string; n; s1 += 2, n--, p++)
339 *(
unsigned char *)p =
xtoi_2 (s1);
350 for (n=0, s=
string; *s; s++)
355 if (*s ==
',' || *s ==
'=' || *s ==
'+' 356 || *s ==
'<' || *s ==
'>' || *s ==
'#' || *s ==
';' 357 || *s ==
'\\' || *s ==
'\"' || *s ==
' ')
369 else if (*s ==
',' || *s ==
'=' || *s ==
'+' 370 || *s ==
'<' || *s ==
'>' || *s ==
';' )
377 *r_value = p = g_malloc0 (n + 1);
379 for (s=
string; n; s++, n--)
388 *(
unsigned char *)p =
xtoi_2 (s);
415 parse_dn_for_CN (
const char *
string)
419 while (*
string && !value)
421 while (*
string ==
' ')
425 string = parse_dn_part_for_CN (
string, &value);
428 while (*
string ==
' ')
430 if (*
string && *
string !=
',' && *
string !=
';' && *
string !=
'+')
448 build_hostname_list (ksba_cert_t cert)
457 name = ksba_cert_get_subject (cert, 0);
463 retc->
x.
ref_val = a = g_malloc0 (
sizeof *a);
466 value = parse_dn_for_CN (
name);
472 memset (&v, 0,
sizeof v);
481 for (idx=1; (
name = ksba_cert_get_subject (cert, idx)); idx++)
487 && !memcmp (
name+3,
"dns-name", 8))
490 unsigned long n = strtoul (
name+11, &endp, 10);
492 g_assert (*endp ==
':');
494 memset (&v, 0,
sizeof v);
511 make_hexstring (
const void *buffer,
size_t length)
513 const unsigned char *s;
518 retc->
size = length*2;
519 retc->
x.
str_val = p = g_malloc0 (length*2 + 1);
521 for (s = buffer; length; length--, s++)
523 *p++ =
tohex ((*s>>4)&15);
524 *p++ =
tohex (*s&15);
543 get_fingerprint (ksba_cert_t cert,
int algo)
546 const unsigned char *der;
548 unsigned char digest[32];
550 dlen = gcry_md_get_algo_dlen (algo);
551 if (dlen != 20 && dlen != 32)
554 der = ksba_cert_get_image (cert, &derlen);
557 gcry_md_hash_buffer (algo, digest, der, derlen);
559 return make_hexstring (digest, dlen);
570 get_oid_name (
const char *
oid)
573 if (!strcmp (
"1.2.840.10040.4.1",
oid))
575 else if (!strcmp (
"1.2.840.10046.2.1",
oid))
576 return "dhpublicnumber";
577 else if (!strcmp (
"2.16.840.1.101.2.1.1.22",
oid))
578 return "id-keyExchangeAlgorithm";
579 else if (!strcmp (
"1.2.840.10045.2.1",
oid))
580 return "id-ecPublicKey";
581 else if (!strcmp (
"1.3.132.1.12",
oid))
583 else if (!strcmp (
"1.2.840.10045.2.13",
oid))
585 else if (!strcmp (
"1.2.840.113549.1.1.10",
oid))
586 return "id-RSASSA-PSS";
587 else if (!strcmp (
"1.2.840.113549.1.1.11",
oid))
588 return "sha256WithRSAEncryption";
589 else if (!strcmp (
"1.2.840.113549.1.1.12",
oid))
590 return "sha384WithRSAEncryption";
591 else if (!strcmp (
"1.2.840.113549.1.1.13",
oid))
592 return "sha512WithRSAEncryption";
593 else if (!strcmp (
"1.2.840.113549.1.1.14",
oid))
594 return "sha224WithRSAEncryption";
595 else if (!strcmp (
"1.2.840.113549.1.1.8",
oid))
597 else if (!strcmp (
"1.2.840.113549.2.2",
oid))
599 else if (!strcmp (
"1.2.840.113549.2.4",
oid))
601 else if (!strcmp (
"1.2.840.113549.2.5",
oid))
603 else if (!strcmp (
"1.2.840.113549.1.1.1",
oid))
604 return "rsaEncryption";
605 else if (!strcmp (
"1.2.840.113549.1.1.2",
oid))
606 return "md2WithRSAEncryption";
607 else if (!strcmp (
"1.2.840.113549.1.1.3",
oid))
608 return "md4WithRSAEncryption";
609 else if (!strcmp (
"1.2.840.113549.1.1.4",
oid))
610 return "md5WithRSAEncryption";
611 else if (!strcmp (
"1.2.840.113549.1.1.5",
oid))
612 return "sha1WithRSAEncryption";
613 else if (!strcmp (
"1.2.840.113549.1.1.6",
oid))
614 return "rsaOAEPEncryptionSET";
615 else if (!strcmp (
"1.2.840.10045.3.1.1",
oid))
617 else if (!strcmp (
"1.3.132.0.1",
oid))
619 else if (!strcmp (
"1.3.132.0.15",
oid))
621 else if (!strcmp (
"1.3.132.0.33",
oid))
623 else if (!strcmp (
"1.3.132.0.26",
oid))
625 else if (!strcmp (
"1.3.132.0.27",
oid))
627 else if (!strcmp (
"1.2.840.10045.3.1.7",
oid))
629 else if (!strcmp (
"1.3.132.0.16",
oid))
631 else if (!strcmp (
"1.3.132.0.17",
oid))
633 else if (!strcmp (
"1.3.132.0.34",
oid))
635 else if (!strcmp (
"1.3.132.0.36",
oid))
637 else if (!strcmp (
"1.3.132.0.37",
oid))
639 else if (!strcmp (
"1.3.132.0.35",
oid))
641 else if (!strcmp (
"1.3.132.0.38",
oid))
643 else if (!strcmp (
"1.3.132.0.39",
oid))
656 get_name (
const char *
string)
668 len = gcry_sexp_canon_len ((
const unsigned char*)
string, 0, NULL, NULL);
669 if (gcry_sexp_sscan (&sexp, NULL,
string, len))
671 len = gcry_sexp_sprint (sexp, GCRYSEXP_FMT_ADVANCED, NULL, 0);
673 buffer = g_malloc0 (len);
674 len = gcry_sexp_sprint (sexp, GCRYSEXP_FMT_ADVANCED, buffer, len);
676 len = strlen (buffer);
678 if (len && buffer[len-1] ==
'\n')
680 gcry_sexp_release (sexp);
690 retc->
x.
str_val = g_strdup (
string);
772 ksba_isotime_t isotime;
783 for (obj = object_list; obj; obj = obj->
next)
805 if (!strcmp (command,
"serial"))
807 const unsigned char *s;
811 sexp = ksba_cert_get_serial (obj->
cert);
816 n = strtoul ((
const char*)s, &endp, 10);
817 s = (
const unsigned char *)endp;
821 retc = make_hexstring (s, n);
825 else if (!strcmp (command,
"issuer"))
827 result = ksba_cert_get_issuer (obj->
cert, cmdidx);
831 retc = get_name (result);
834 else if (!strcmp (command,
"subject"))
836 result = ksba_cert_get_subject (obj->
cert, cmdidx);
840 retc = get_name (result);
843 else if (!strcmp (command,
"not-before"))
845 ksba_cert_get_validity (obj->
cert, 0, isotime);
847 retc->
x.
str_val = g_strdup (isotime);
848 retc->
size = strlen (isotime);
850 else if (!strcmp (command,
"not-after"))
852 ksba_cert_get_validity (obj->
cert, 1, isotime);
854 retc->
x.
str_val = g_strdup (isotime);
855 retc->
size = strlen (isotime);
857 else if (!strcmp (command,
"fpr-sha-256"))
859 retc = get_fingerprint (obj->
cert, GCRY_MD_SHA256);
861 else if (!strcmp (command,
"fpr-sha-1"))
863 retc = get_fingerprint (obj->
cert, GCRY_MD_SHA1);
865 else if (!strcmp (command,
"all"))
869 else if (!strcmp (command,
"hostnames"))
871 retc = build_hostname_list (obj->
cert);
873 else if (!strcmp (command,
"image"))
875 const unsigned char *der;
878 der = ksba_cert_get_image (obj->
cert, &derlen);
883 retc->
x.
str_val = g_malloc0 (derlen);
884 memcpy (retc->
x.
str_val, der, derlen);
887 else if (!strcmp (command,
"algorithm-name"))
889 const char *digest = ksba_cert_get_digest_algo (obj->
cert);
892 const char *
name = get_oid_name (digest);
900 else if (!strcmp (command,
"modulus"))
902 gnutls_datum_t datum, m, e;
903 gnutls_x509_crt_t cert = NULL;
905 datum.data = (
void *) ksba_cert_get_image (obj->
cert, (
size_t *)
909 if (gnutls_x509_crt_init (&cert) != GNUTLS_E_SUCCESS)
911 if (gnutls_x509_crt_import (cert, &datum, GNUTLS_X509_FMT_DER)
914 if (gnutls_x509_crt_get_pk_rsa_raw (cert, &m, &e) != GNUTLS_E_SUCCESS)
919 retc->
x.
str_val = g_memdup (m.data, m.size);
920 gnutls_free (m.data);
921 gnutls_free (e.data);
922 gnutls_x509_crt_deinit (cert);
924 else if (!strcmp (command,
"exponent"))
926 gnutls_datum_t datum, m, e;
927 gnutls_x509_crt_t cert = NULL;
929 datum.data = (
void *) ksba_cert_get_image (obj->
cert, (
size_t *)
933 if (gnutls_x509_crt_init (&cert) != GNUTLS_E_SUCCESS)
935 if (gnutls_x509_crt_import (cert, &datum, GNUTLS_X509_FMT_DER)
938 if (gnutls_x509_crt_get_pk_rsa_raw (cert, &m, &e) != GNUTLS_E_SUCCESS)
943 retc->
x.
str_val = g_memdup (e.data, e.size);
944 gnutls_free (m.data);
945 gnutls_free (e.data);
946 gnutls_x509_crt_deinit (cert);
948 else if (!strcmp (command,
"key-size"))
950 gnutls_datum_t datum;
951 gnutls_x509_crt_t cert = NULL;
952 unsigned int bits = 0;
954 datum.data = (
void *) ksba_cert_get_image (obj->
cert, (
size_t *)
958 if (gnutls_x509_crt_init (&cert) != GNUTLS_E_SUCCESS)
960 if (gnutls_x509_crt_import (cert, &datum, GNUTLS_X509_FMT_DER)
963 gnutls_x509_crt_get_pk_algorithm (cert, &bits);
964 gnutls_free (datum.data);
965 gnutls_x509_crt_deinit (cert);
Protos and data structures for CERT functions used by NASL scripts.
union st_a_nasl_var::@9 v
void log_legacy_write(const char *format,...)
Legacy function to write a log message.
long int get_int_local_var_by_name(lex_ctxt *, const char *, int)
struct object_desc_s * object_desc_t
int add_var_to_list(nasl_array *a, int i, const anon_nasl_var *v)
tree_cell * nasl_cert_open(lex_ctxt *lexic)
Create a certificate object.
tree_cell * alloc_typed_cell(int typ)
int get_var_size_by_num(lex_ctxt *, int)
long int get_int_var_by_num(lex_ctxt *, int, int)
char * get_str_var_by_num(lex_ctxt *, int)
tree_cell * alloc_tree_cell(int lnb, char *s)
tree_cell * nasl_cert_close(lex_ctxt *lexic)
Release a certificate object.
tree_cell * nasl_cert_query(lex_ctxt *lexic)
Query a certificate object.
int get_var_type_by_num(lex_ctxt *, int)
Returns NASL variable/cell type, VAR2_UNDEF if value is NULL.