Greenbone Vulnerability Manager  22.4.0~dev1
Data Structures | Macros | Functions
lsc_crypt.c File Reference

GVM: Utilities for LSC credential encryption. More...

#include <glib.h>
#include <glib/gstdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdarg.h>
#include <stdint.h>
#include <gvm/base/gvm_sentry.h>
#include <gvm/util/gpgmeutils.h>
#include "lsc_crypt.h"

Data Structures

struct  namelist_s
 A linked list to help caching results. More...
 
struct  lsc_crypt_ctx_s
 The context object for encryption operations. More...
 

Macros

#define G_LOG_DOMAIN   "md crypt"
 GLib log domain.
 
#define ENCRYPTION_KEY_UID   "GVM Credential Encryption"
 The name of the encryption key. More...
 
#define MAX_VALUE_LENGTH   (128 * 1024)
 The maximum size of an encrypted value. More...
 
#define GPG_ERR_AMBIGUOUS   GPG_ERR_AMBIGUOUS_NAME
 Replacement for an error code in libgpg-error > 1.10.
 

Functions

static G_GNUC_CONST const char * nonnull (const char *s)
 Return a fixed string instead of NULL. More...
 
static void put32 (GString *buffer, uint32_t value)
 Append a 32 bit unsigned integer to a GString. More...
 
static G_GNUC_PURE uint32_t get32 (const void *buffer)
 Extract a 32 bit unsigned integer from a buffer. More...
 
static int create_the_key (lsc_crypt_ctx_t ctx)
 Create the credential encryption key. More...
 
static gpgme_key_t find_the_key (lsc_crypt_ctx_t ctx, gboolean no_create)
 Locate the encryption key. More...
 
static char * do_encrypt (lsc_crypt_ctx_t ctx, const void *plaintext, size_t plaintextlen)
 Encrypt data using the standard key. More...
 
static char * do_decrypt (lsc_crypt_ctx_t ctx, const char *cipherstring, size_t *r_plaintextlen)
 Decrypt data encrypted to the standard key. More...
 
lsc_crypt_ctx_t lsc_crypt_new ()
 Return a new context for LSC encryption. More...
 
void lsc_crypt_release (lsc_crypt_ctx_t ctx)
 Release an LSC encryption context. More...
 
void lsc_crypt_flush (lsc_crypt_ctx_t ctx)
 Flush an LSC encryption context. More...
 
char * lsc_crypt_encrypt (lsc_crypt_ctx_t ctx, const char *first_name,...)
 Encrypt a list of name/value pairs. More...
 
const char * lsc_crypt_decrypt (lsc_crypt_ctx_t ctx, const char *ciphertext, const char *name)
 Return an encrypted value in the clear. More...
 
const char * lsc_crypt_get_password (lsc_crypt_ctx_t ctx, const char *ciphertext)
 Return an encrypted password in the clear. More...
 
const char * lsc_crypt_get_private_key (lsc_crypt_ctx_t ctx, const char *ciphertext)
 Return an encrypted private key in the clear. More...
 

Detailed Description

GVM: Utilities for LSC credential encryption.

This file provides support for encrypting LSC credentials.

Macro Definition Documentation

◆ ENCRYPTION_KEY_UID

#define ENCRYPTION_KEY_UID   "GVM Credential Encryption"

The name of the encryption key.

Note that the code will use the "=" prefix flag to indicate an exact search. Thus when creating the key it should not have a comment or email address part.

◆ MAX_VALUE_LENGTH

#define MAX_VALUE_LENGTH   (128 * 1024)

The maximum size of an encrypted value.

To avoid excessive memory allocations we put a limit on the size of values stored in a name/value pair.

Function Documentation

◆ create_the_key()

static int create_the_key ( lsc_crypt_ctx_t  ctx)
static

Create the credential encryption key.

This should only be called if the key does not yet exist.

Parameters
ctxThe initialized encryption context
Returns
On success 0 is returned; any other value indicates an error.

◆ do_decrypt()

static char* do_decrypt ( lsc_crypt_ctx_t  ctx,
const char *  cipherstring,
size_t *  r_plaintextlen 
)
static

Decrypt data encrypted to the standard key.

Decrypt the base64 encoded ciphersting. On success store the size of the plaintext at R_PLAINTEXTSIZE and return an allocated buffer with the PLAINTEXT. The caller must release the result. Returns NULL on error.

Parameters
ctxAn initialized encryption context
[in]cipherstringThe base64 encoded input
[out]r_plaintextlenThe address of variable to receive the length in bytes of the decrypted plaintext. On error that value is not defined.
Returns
An allocated buffer it the decrypten result (ie. the plaintext). The caller must release this buffer. NULL is returned on error.

◆ do_encrypt()

static char* do_encrypt ( lsc_crypt_ctx_t  ctx,
const void *  plaintext,
size_t  plaintextlen 
)
static

Encrypt data using the standard key.

Encrypt the given plaintext using the standard credential key and return a base 64 encoded ciphertext.

Parameters
[in]ctxAn initialized encryption context
[in]plaintextThe data to be encrypted
[in]plaintextlenThe length in bytes of plaintext
Returns
A base64 encoded ciphertext to be released by the caller. NULL is returned on error.

◆ find_the_key()

static gpgme_key_t find_the_key ( lsc_crypt_ctx_t  ctx,
gboolean  no_create 
)
static

Locate the encryption key.

This function is used to find and return the standard encryption key.

Parameters
ctxAn initialized encryption context
no_createIf TRUE, do not try to create a missing encryption key.
Returns
A gpgme key object or NULL on error.

◆ get32()

static G_GNUC_PURE uint32_t get32 ( const void *  buffer)
static

Extract a 32 bit unsigned integer from a buffer.

Parameters
bufferPointer to an arbitrary buffer with a length of at least 4 bytes.
Returns
An unsigned 32 bit integer value taken from the first 4 bytes of the buffer which is assumed to be in big-endian encoding.

◆ lsc_crypt_decrypt()

const char* lsc_crypt_decrypt ( lsc_crypt_ctx_t  ctx,
const char *  ciphertext,
const char *  name 
)

Return an encrypted value in the clear.

This function returns the encrypted value in the clear. The clear value may also be NULL , if no value is available. If a decryption has not yet been done, the passed ciphertext value is first decrypted. Thus a changed value of ciphertext may not have an effect. To force a decryption a call to lsc_crypt_flush is required.

Parameters
[in]ctxThe context
[in]ciphertextThe base64 encoded ciphertext.
[in]nameName of the value to get.
Returns
A const pointer to a string object. This pointer is valid as long as the context is valid and lsc_crypt_flush has not been called. If no value is available NULL is returned.

◆ lsc_crypt_encrypt()

char* lsc_crypt_encrypt ( lsc_crypt_ctx_t  ctx,
const char *  first_name,
  ... 
)

Encrypt a list of name/value pairs.

Parameters
[in]ctxThe context
[in]first_nameThe name of the first name/value pair. This must be followed by a string value and optionally followed by more name and value pairs. This list is terminated by a single NULL instead of a name.
Returns
A pointer to a freshly allocated string in base64 encoding. Caller must free. On error NULL is returned.

◆ lsc_crypt_flush()

void lsc_crypt_flush ( lsc_crypt_ctx_t  ctx)

Flush an LSC encryption context.

This function is used to flush the context. The flushing invalidates returned strings and internal caches. Basically this is the same as releasing and creating the context but it is optimized to keep some internal state.

Parameters
[in]ctxThe context or NULL

◆ lsc_crypt_get_password()

const char* lsc_crypt_get_password ( lsc_crypt_ctx_t  ctx,
const char *  ciphertext 
)

Return an encrypted password in the clear.

This function returns the encrypted password in the clear. The clear value may also be NULL , if no password is available. If a decryption has not yet been done, the passed ciphertext value is first decrypted. Thus a changed value of ciphertext may not have an effect. To force a decryption a call to lsc_crypt_flush is required.

Parameters
[in]ctxThe context
[in]ciphertextThe base64 encoded ciphertext.
Returns
A const pointer to a string object. This pointer is valid as long as the context is valid and lsc_crypt_flush has not been called. If no password is available NULL is returned.

◆ lsc_crypt_get_private_key()

const char* lsc_crypt_get_private_key ( lsc_crypt_ctx_t  ctx,
const char *  ciphertext 
)

Return an encrypted private key in the clear.

This function returns the encrypted private key in the clear. The clear value may also be NULL , if no private key is available. If a decryption has not yet been done, the passed ciphertext value is first decrypted. Thus a changed value of ciphertext may not have an effect. To force a decryption a call to lsc_crypt_flush is required.

Parameters
[in]ctxThe context
[in]ciphertextThe base64 encoded ciphertext.
Returns
A const pointer to a string object. This pointer is valid as long as the context is valid and lsc_crypt_flush has not been called. If no private key is available NULL is returned.

◆ lsc_crypt_new()

lsc_crypt_ctx_t lsc_crypt_new ( )

Return a new context for LSC encryption.

Returns
A new context object to be released with lsc_crypt_release.

◆ lsc_crypt_release()

void lsc_crypt_release ( lsc_crypt_ctx_t  ctx)

Release an LSC encryption context.

Parameters
[in]ctxThe context or NULL

◆ nonnull()

static G_GNUC_CONST const char* nonnull ( const char *  s)
static

Return a fixed string instead of NULL.

This is a convenience functions to return a descriptive string for a NULL pointer. Some printf implementations already do that for the "s" format but it is not a standard. Thus we use this little helper.

Parameters
sString.
Returns
"[none]" if s is NULL, else s.

◆ put32()

static void put32 ( GString *  buffer,
uint32_t  value 
)
static

Append a 32 bit unsigned integer to a GString.

This function is used to append a 32 bit unsigned value to a GString in network byte order (big endian).

Parameters
bufferGString as destination
valueThe 32 bit unsigned value