/* */ #include "LibgcryptDHKeyExchange.h" #include "DlAbortEx.h" #include "fmt.h" namespace aria2 { namespace { void handleError(gcry_error_t err) { throw DL_ABORT_EX( fmt("Exception in libgcrypt routine(DHKeyExchange class): %s", gcry_strerror(err))); } } // namespace DHKeyExchange::DHKeyExchange() : keyLength_(0), prime_(nullptr), generator_(nullptr), privateKey_(nullptr), publicKey_(nullptr) { } DHKeyExchange::~DHKeyExchange() { gcry_mpi_release(prime_); gcry_mpi_release(generator_); gcry_mpi_release(privateKey_); gcry_mpi_release(publicKey_); } void DHKeyExchange::init(const unsigned char* prime, size_t primeBits, const unsigned char* generator, size_t privateKeyBits) { gcry_mpi_release(prime_); gcry_mpi_release(generator_); gcry_mpi_release(privateKey_); { gcry_error_t r = gcry_mpi_scan(&prime_, GCRYMPI_FMT_HEX, prime, 0, nullptr); if (r) { handleError(r); } } { gcry_error_t r = gcry_mpi_scan(&generator_, GCRYMPI_FMT_HEX, generator, 0, nullptr); if (r) { handleError(r); } } privateKey_ = gcry_mpi_new(0); gcry_mpi_randomize(privateKey_, privateKeyBits, GCRY_STRONG_RANDOM); keyLength_ = (primeBits + 7) / 8; } void DHKeyExchange::generatePublicKey() { gcry_mpi_release(publicKey_); publicKey_ = gcry_mpi_new(0); gcry_mpi_powm(publicKey_, generator_, privateKey_, prime_); } size_t DHKeyExchange::getPublicKey(unsigned char* out, size_t outLength) const { if (outLength < keyLength_) { throw DL_ABORT_EX( fmt("Insufficient buffer for public key. expect:%lu, actual:%lu", static_cast(keyLength_), static_cast(outLength))); } memset(out, 0, outLength); size_t publicKeyBytes = (gcry_mpi_get_nbits(publicKey_) + 7) / 8; size_t offset = keyLength_ - publicKeyBytes; size_t nwritten; gcry_error_t r = gcry_mpi_print(GCRYMPI_FMT_USG, out + offset, outLength - offset, &nwritten, publicKey_); if (r) { handleError(r); } return nwritten; } void DHKeyExchange::generateNonce(unsigned char* out, size_t outLength) const { gcry_create_nonce(out, outLength); } size_t DHKeyExchange::computeSecret(unsigned char* out, size_t outLength, const unsigned char* peerPublicKeyData, size_t peerPublicKeyLength) const { if (outLength < keyLength_) { throw DL_ABORT_EX( fmt("Insufficient buffer for secret. expect:%lu, actual:%lu", static_cast(keyLength_), static_cast(outLength))); } gcry_mpi_t peerPublicKey; { gcry_error_t r = gcry_mpi_scan(&peerPublicKey, GCRYMPI_FMT_USG, peerPublicKeyData, peerPublicKeyLength, nullptr); if (r) { handleError(r); } } gcry_mpi_t secret = gcry_mpi_new(0); gcry_mpi_powm(secret, peerPublicKey, privateKey_, prime_); gcry_mpi_release(peerPublicKey); memset(out, 0, outLength); size_t secretBytes = (gcry_mpi_get_nbits(secret) + 7) / 8; size_t offset = keyLength_ - secretBytes; size_t nwritten; { gcry_error_t r = gcry_mpi_print(GCRYMPI_FMT_USG, out + offset, outLength - offset, &nwritten, secret); gcry_mpi_release(secret); if (r) { handleError(r); } } return nwritten; } } // namespace aria2