Nmap Development mailing list archives
[NSE][PATCH] OpenSSL bindings for NSE
From: Sven Klemm <sven () c3d2 de>
Date: Sun, 31 Aug 2008 14:33:11 +0200
Hi,I've updated the openssl bindings. The module is now built as a static module. The module is built when OpenSSL is available and Lua is enabled.
The module currently includes all the functions I needed for writing the SSH hostkey script, which are mostly bignum functions. I've also added documentation for the included functions.
Any opinions about integrating this into nmap? Cheers, Sven -- Sven Klemm http://cthulhu.c3d2.de/~sven/
Index: Makefile.in =================================================================== --- Makefile.in (.../nmap) (revision 9880) +++ Makefile.in (.../nmap-exp/sven/nse_openssl) (revision 9880) @@ -63,6 +63,11 @@ NSE_HDRS=nse_main.h nse_nsock.h nse_init.h nse_fs.h nse_nmaplib.h nse_debug.h nse_macros.h nse_pcrelib.h nse_binlib.h nse_hash.h nse_bit.h NSE_OBJS=nse_main.o nse_nsock.o nse_init.o nse_fs.o nse_nmaplib.o nse_debug.o nse_pcrelib.o nse_binlib.o nse_hash.o nse_bit.o NSESTDLIB=nsestdlib +ifneq (@OPENSSL_LIBS@,) +NSE_SRC+=nse_openssl.cc +NSE_HDRS+=nse_openssl.h +NSE_OBJS+=nse_openssl.o +endif endif export SRCS = main.cc nmap.cc targets.cc tcpip.cc nmap_error.cc utils.cc idle_scan.cc osscan.cc osscan2.cc output.cc scan_engine.cc timing.cc charpool.cc services.cc protocols.cc nmap_rpc.cc portlist.cc NmapOps.cc TargetGroup.cc Target.cc FingerPrintResults.cc service_scan.cc NmapOutputTable.cc MACLookup.cc nmap_tty.cc nmap_dns.cc traceroute.cc portreasons.cc $(NSE_SRC) @COMPAT_SRCS@ Index: nse_init.cc =================================================================== --- nse_init.cc (.../nmap) (revision 9880) +++ nse_init.cc (.../nmap-exp/sven/nse_openssl) (revision 9880) @@ -8,6 +8,10 @@ #include "nse_pcrelib.h" #include "nse_bit.h" +#ifdef HAVE_OPENSSL +#include "nse_openssl.h" +#endif + #include "nse_binlib.h" #include "nse_hash.h" @@ -223,6 +227,9 @@ {NSE_BINLIBNAME, luaopen_binlib}, {NSE_HASHLIBNAME, luaopen_hashlib}, {BITLIBNAME, luaopen_bit}, // bit library +#ifdef HAVE_OPENSSL + {OPENSSLLIBNAME, luaopen_openssl}, // openssl bindings +#endif }; luaL_openlibs(L); // opens all standard libraries Index: docs/scripting.xml =================================================================== --- docs/scripting.xml (.../nmap) (revision 9880) +++ docs/scripting.xml (.../nmap-exp/sven/nse_openssl) (revision 9880) @@ -1143,6 +1143,149 @@ <indexterm class="endofrange" startref="nse-pcre-indexterm"/> </sect2> + <sect2 id="nse-openssl"> + <indexterm class="startofrange" id="nse-openssl-indexterm"><primary><varname>openssl</varname> NSE module</primary></indexterm> + <indexterm><primary>OpenSSL</primary><secondary>in NSE</secondary></indexterm> + <title>OpenSSL NSE bindings</title> + + <para> + The <literal>openssl</literal> module provides functions for + dealing with multiprecision integers. The functions reside inside the + <literal>openssl</literal> namespace. + </para> + + <variablelist> + + <varlistentry> + <term><option>openssl.bignum_num_bits( bignum )</option></term> + <listitem> + <para>Returns the size of <literal>bignum</literal> in bits.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>openssl.bignum_num_bytes( bignum )</option></term> + <listitem> + <para>Returns the size of <literal>bignum</literal> in bytes.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>openssl.bignum_set_bit( bignum, position )</option></term> + <listitem> + <para>Sets bit at <literal>position</literal> in <literal>bignum</literal>.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>openssl.bignum_clear_bit( bignum, position )</option></term> + <listitem> + <para>Clears bit at <literal>position</literal> in <literal>bignum</literal>.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>openssl.bignum_is_bit_set( bignum, position )</option></term> + <listitem> + <para>Get bit at <literal>position</literal> in <literal>bignum</literal>.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>openssl.bignum_set_negative( bignum, negative )</option></term> + <listitem> + <para>Set sign of <literal>bignum</literal>. If <literal>negative</literal> is <literal>false</literal> the sign becomes positive otherwise it becomes negative.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>openssl.bignum_is_negative( bignum )</option></term> + <listitem> + <para>Check sign of <literal>bignum</literal>.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>openssl.bignum_bin2bn( string )</option></term> + <listitem> + <para>Converts binary encoded <literal>string</literal> into a <literal>bignum</literal>.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>openssl.bignum_dec2bn( string )</option></term> + <listitem> + <para>Converts decimal encoded <literal>string</literal> into a <literal>bignum</literal>.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>openssl.bignum_hex2bn( string )</option></term> + <listitem> + <para>Converts hex-encoded <literal>string</literal> into a <literal>bignum</literal>.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>openssl.bignum_bn2bin( bignum )</option></term> + <listitem> + <para>Converts <literal>bignum</literal> into a binary encoded string.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>openssl.bignum_bn2dec( bignum )</option></term> + <listitem> + <para>Converts <literal>bignum</literal> into a decimal encoded string.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>openssl.bignum_bn2hex( bignum )</option></term> + <listitem> + <para>Converts <literal>bignum</literal> into a hex-encoded string.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>openssl.bignum_rand( bits )</option></term> + <listitem> + <para>Returns random <literal>bignum</literal> with <literal>bits</literal> bit size.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>openssl.bignum_pseudo_rand( bits )</option></term> + <listitem> + <para>Returns pseudo random <literal>bignum</literal> with <literal>bits</literal> bit size.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>openssl.bignum_mod_exp( a, p, m )</option></term> + <listitem> + <para>Returns bignum which is the result of <literal>a</literal>^<literal>p</literal> mod <literal>m</literal>.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>openssl.rand_bytes( bytes )</option></term> + <listitem> + <para>Returns a string of <literal>bytes</literal> length with random data.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>openssl.rand_pseudo_bytes( bytes )</option></term> + <listitem> + <para>Returns a string of <literal>bytes</literal> length with pseudo random data.</para> + </listitem> + </varlistentry> + + </variablelist> + <indexterm class="endofrange" startref="nse-openssl-indexterm"/> + </sect2> + <sect2 id="nse-lib-ipOps"> <title>IP Operations</title> <indexterm><primary><varname>ipOps</varname> NSE module</primary></indexterm> Index: nse_openssl.h =================================================================== --- nse_openssl.h (.../nmap) (revision 0) +++ nse_openssl.h (.../nmap-exp/sven/nse_openssl) (revision 9880) @@ -0,0 +1,19 @@ +#include "../nmap_config.h" + +#if HAVE_OPENSSL + +#ifndef OPENSSLLIB +#define OPENSSLLIB + +#define OPENSSLLIBNAME "openssl" + +extern "C" { +#include "lua.h" +#include "lauxlib.h" +} + +LUALIB_API int luaopen_openssl(lua_State *L); + +#endif + +#endif Index: nse_openssl.cc =================================================================== --- nse_openssl.cc (.../nmap) (revision 0) +++ nse_openssl.cc (.../nmap-exp/sven/nse_openssl) (revision 9880) @@ -0,0 +1,258 @@ +#include "nmap_config.h" + +/* OpenSSL library for lua + * adapted from lmd5 library (http://www.tecgraf.puc-rio.br/~lhf/ftp/lua/) + * Original code written by Luiz Henrique de Figueiredo <lhf () tecgraf puc-rio br> + * Adapted for NMap by Thomas Buchanan <tbuchanan () thecompassgrp net> + * bignum and rand_bytes functions added by Sven Klemm <sven () c3d2 de> + */ + +#include <openssl/crypto.h> +#include <openssl/bn.h> +#include <openssl/rand.h> + +#include "nse_openssl.h" + +typedef struct bignum_data { + BIGNUM * bn; +} bignum_data_t; + +static int l_bignum_bin2bn( lua_State *L ) /** bignum_bin2bn( string s ) */ +{ + size_t len; + const unsigned char * s = (unsigned char *) luaL_checklstring( L, 1, &len ); + BIGNUM * num = BN_new(); + BN_bin2bn( s, len, num ); + bignum_data_t * data = (bignum_data_t *) lua_newuserdata( L, sizeof(bignum_data_t)); + luaL_getmetatable( L, "BIGNUM" ); + lua_setmetatable( L, -2 ); + data->bn = num; + return 1; +} + +static int l_bignum_dec2bn( lua_State *L ) /** bignum_dec2bn( string s ) */ +{ + const char * s = luaL_checkstring( L, 1 ); + BIGNUM * num = BN_new(); + BN_dec2bn( &num, s ); + bignum_data_t * data = (bignum_data_t *) lua_newuserdata( L, sizeof(bignum_data_t)); + luaL_getmetatable( L, "BIGNUM" ); + lua_setmetatable( L, -2 ); + data->bn = num; + return 1; +} + +static int l_bignum_hex2bn( lua_State *L ) /** bignum_hex2bn( string s ) */ +{ + const char * s = luaL_checkstring( L, 1 ); + BIGNUM * num = BN_new(); + BN_hex2bn( &num, s ); + bignum_data_t * data = (bignum_data_t *) lua_newuserdata( L, sizeof(bignum_data_t)); + luaL_getmetatable( L, "BIGNUM" ); + lua_setmetatable( L, -2 ); + data->bn = num; + return 1; +} + +static int l_bignum_rand( lua_State *L ) /** bignum_rand( number bits ) */ +{ + size_t bits = luaL_checkint( L, 1 ); + BIGNUM * num = BN_new(); + BN_rand( num, bits, -1, 0 ); + bignum_data_t * data = (bignum_data_t *) lua_newuserdata( L, sizeof(bignum_data_t)); + luaL_getmetatable( L, "BIGNUM" ); + lua_setmetatable( L, -2 ); + data->bn = num; + return 1; +} + +static int l_bignum_pseudo_rand( lua_State *L ) /** bignum_pseudo_rand( number bits ) */ +{ + size_t bits = luaL_checkint( L, 1 ); + BIGNUM * num = BN_new(); + BN_pseudo_rand( num, bits, -1, 0 ); + bignum_data_t * data = (bignum_data_t *) lua_newuserdata( L, sizeof(bignum_data_t)); + luaL_getmetatable( L, "BIGNUM" ); + lua_setmetatable( L, -2 ); + data->bn = num; + return 1; +} + +static int l_bignum_mod_exp( lua_State *L ) /** bignum_mod_exp( BIGNUM a, BIGNUM p, BIGNUM m ) */ +{ + bignum_data_t * a = (bignum_data_t *) luaL_checkudata(L, 1, "BIGNUM"); + bignum_data_t * p = (bignum_data_t *) luaL_checkudata(L, 2, "BIGNUM"); + bignum_data_t * m = (bignum_data_t *) luaL_checkudata(L, 3, "BIGNUM"); + BIGNUM * result = BN_new(); + BN_CTX * ctx = BN_CTX_new(); + BN_CTX_init( ctx ); + BN_mod_exp( result, a->bn, p->bn, m->bn, ctx ); + BN_CTX_free( ctx ); + bignum_data_t * data = (bignum_data_t *) lua_newuserdata( L, sizeof(bignum_data_t)); + luaL_getmetatable( L, "BIGNUM" ); + lua_setmetatable( L, -2 ); + data->bn = result; + return 1; +} + +static int l_bignum_num_bits( lua_State *L ) /** bignum_num_bits( BIGNUM bn ) */ +{ + bignum_data_t * userdata = (bignum_data_t *) luaL_checkudata(L, 1, "BIGNUM"); + lua_pushnumber( L, BN_num_bits( userdata->bn) ); + return 1; +} + +static int l_bignum_num_bytes( lua_State *L ) /** bignum_num_bytes( BIGNUM bn ) */ +{ + bignum_data_t * userdata = (bignum_data_t *) luaL_checkudata(L, 1, "BIGNUM"); + lua_pushnumber( L, BN_num_bytes( userdata->bn) ); + return 1; +} + +static int l_bignum_set_bit( lua_State *L ) /** bignum_set_bit( BIGNUM bn, number position ) */ +{ + bignum_data_t * userdata = (bignum_data_t *) luaL_checkudata(L, 1, "BIGNUM"); + int position = luaL_checkint( L, 2 ); + BN_set_bit( userdata->bn, position ); + return 0; +} + +static int l_bignum_clear_bit( lua_State *L ) /** bignum_clear_bit( BIGNUM bn, number position ) */ +{ + bignum_data_t * userdata = (bignum_data_t *) luaL_checkudata(L, 1, "BIGNUM"); + int position = luaL_checkint( L, 2 ); + BN_clear_bit( userdata->bn, position ); + return 0; +} + +static int l_bignum_is_bit_set( lua_State *L ) /** bignum_set_bit( BIGNUM bn, number position ) */ +{ + bignum_data_t * userdata = (bignum_data_t *) luaL_checkudata(L, 1, "BIGNUM"); + int position = luaL_checkint( L, 2 ); + lua_pushboolean( L, BN_is_bit_set( userdata->bn, position ) ); + return 1; +} + +static int l_bignum_set_negative( lua_State *L ) /** bignum_set_negative( BIGNUM bn ) */ +{ + bignum_data_t * userdata = (bignum_data_t *) luaL_checkudata(L, 1, "BIGNUM"); + int value = lua_toboolean(L, 2); + BN_set_negative( userdata->bn, value ); + return 0; +} + +static int l_bignum_is_negative( lua_State *L ) /** bignum_is_negative( BIGNUM bn ) */ +{ + bignum_data_t * userdata = (bignum_data_t *) luaL_checkudata(L, 1, "BIGNUM"); + lua_pushboolean( L, BN_is_negative( userdata->bn) ); + return 1; +} + +static int l_bignum_bn2bin( lua_State *L ) /** bignum_bn2bin( BIGNUM bn ) */ +{ + bignum_data_t * userdata = (bignum_data_t *) luaL_checkudata(L, 1, "BIGNUM"); + unsigned char * result = (unsigned char *) malloc( BN_num_bytes( userdata->bn ) ); + int len = BN_bn2bin( userdata->bn, result ); + lua_pushlstring( L, (char *) result, len ); + free( result ); + return 1; +} + +static int l_bignum_bn2dec( lua_State *L ) /** bignum_bn2dec( BIGNUM bn ) */ +{ + bignum_data_t * userdata = (bignum_data_t *) luaL_checkudata(L, 1, "BIGNUM"); + char * result = BN_bn2dec( userdata->bn ); + lua_pushstring( L, result ); + OPENSSL_free( result ); + return 1; +} + +static int l_bignum_bn2hex( lua_State *L ) /** bignum_bn2hex( BIGNUM bn ) */ +{ + bignum_data_t * userdata = (bignum_data_t *) luaL_checkudata(L, 1, "BIGNUM"); + char * result = BN_bn2hex( userdata->bn ); + lua_pushstring( L, result ); + OPENSSL_free( result ); + return 1; +} + +static int l_bignum_free( lua_State *L ) /** bignum_free( bignum ) */ +{ + bignum_data_t * userdata = (bignum_data_t *) luaL_checkudata(L, 1, "BIGNUM"); + BN_clear_free( userdata->bn ); + return 0; +} + +static int l_rand_bytes( lua_State *L ) /** rand_bytes( number bytes ) */ +{ + size_t len = luaL_checkint( L, 1 ); + unsigned char * result = (unsigned char *) malloc( len ); + RAND_bytes( result, len ); + lua_pushlstring( L, (char *) result, len ); + free( result ); + return 1; +} + +static int l_rand_pseudo_bytes( lua_State *L ) /** rand_pseudo_bytes( number bytes ) */ +{ + size_t len = luaL_checkint( L, 1 ); + unsigned char * result = (unsigned char *) malloc( len ); + RAND_pseudo_bytes( result, len ); + lua_pushlstring( L, (char *) result, len ); + free( result ); + return 1; +} + +static const struct luaL_reg bignum_methods[] = { + { "num_bits", l_bignum_num_bits }, + { "num_bytes", l_bignum_num_bytes }, + { "to_bin", l_bignum_bn2bin }, + { "to_dec", l_bignum_bn2dec }, + { "to_hex", l_bignum_bn2hex }, + { "is_bit_set", l_bignum_is_bit_set }, + { "set_bit", l_bignum_set_bit }, + { "clear_bit", l_bignum_clear_bit }, + { "is_bit_set", l_bignum_is_bit_set }, + { "set_negative", l_bignum_set_negative }, + { "is_negative", l_bignum_is_negative }, + { "__gc", l_bignum_free }, + { NULL, NULL } +}; + +static const struct luaL_reg openssllib[] = { + { "bignum_num_bits", l_bignum_num_bits }, + { "bignum_num_bytes", l_bignum_num_bytes }, + { "bignum_set_bit", l_bignum_set_bit }, + { "bignum_clear_bit", l_bignum_clear_bit }, + { "bignum_is_bit_set", l_bignum_is_bit_set }, + { "bignum_set_negative", l_bignum_set_negative }, + { "bignum_is_negative", l_bignum_is_negative }, + { "bignum_bin2bn", l_bignum_bin2bn }, + { "bignum_dec2bn", l_bignum_dec2bn }, + { "bignum_hex2bn", l_bignum_hex2bn }, + { "bignum_rand", l_bignum_rand }, + { "bignum_pseudo_rand", l_bignum_pseudo_rand }, + { "bignum_bn2bin", l_bignum_bn2bin }, + { "bignum_bn2dec", l_bignum_bn2dec }, + { "bignum_bn2hex", l_bignum_bn2hex }, + { "bignum_mod_exp", l_bignum_mod_exp }, + { "rand_bytes", l_rand_bytes}, + { "rand_pseudo_bytes", l_rand_pseudo_bytes}, + { NULL, NULL } +}; + +LUALIB_API int luaopen_openssl(lua_State *L) { + + luaL_openlib(L, OPENSSLLIBNAME, openssllib, 0); + + // create metatable for bignum + luaL_newmetatable( L, "BIGNUM" ); + // metatable.__index = metatable + lua_pushvalue( L, -1 ); + lua_setfield( L, -2, "__index" ); + // register methods + luaL_register( L, NULL, bignum_methods ); + + return 1; +} +
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE][PATCH] OpenSSL bindings for NSE Sven Klemm (Aug 31)
- Re: [NSE][PATCH] OpenSSL bindings for NSE Fyodor (Sep 01)
- Re: [NSE][PATCH] OpenSSL bindings for NSE Sven Klemm (Sep 02)
- Re: [NSE][PATCH] OpenSSL bindings for NSE Ron (Sep 02)
- Re: [NSE][PATCH] OpenSSL bindings for NSE David Fifield (Sep 03)
- Re: [NSE][PATCH] OpenSSL bindings for NSE Fyodor (Sep 03)
- Re: [NSE][PATCH] OpenSSL bindings for NSE Patrick Donnelly (Sep 03)
- Re: [NSE][PATCH] OpenSSL bindings for NSE Fyodor (Sep 03)
- Re: [NSE][PATCH] OpenSSL bindings for NSE Patrick Donnelly (Sep 04)
- Re: [NSE][PATCH] OpenSSL bindings for NSE David Fifield (Sep 03)
- Re: [NSE][PATCH] OpenSSL bindings for NSE Sven Klemm (Sep 04)
- Re: [NSE][PATCH] OpenSSL bindings for NSE Fyodor (Sep 01)