mirror of https://github.com/aria2/aria2
176 lines
4.9 KiB
C++
176 lines
4.9 KiB
C++
/* <!-- copyright */
|
|
/*
|
|
* aria2 - The high speed download utility
|
|
*
|
|
* Copyright (C) 2006 Tatsuhiro Tsujikawa
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
|
*
|
|
* In addition, as a special exception, the copyright holders give
|
|
* permission to link the code of portions of this program with the
|
|
* OpenSSL library under certain conditions as described in each
|
|
* individual source file, and distribute linked combinations
|
|
* including the two.
|
|
* You must obey the GNU General Public License in all respects
|
|
* for all of the code used other than OpenSSL. If you modify
|
|
* file(s) with this exception, you may extend this exception to your
|
|
* version of the file(s), but you are not obligated to do so. If you
|
|
* do not wish to do so, delete this exception statement from your
|
|
* version. If you delete this exception statement from all source
|
|
* files in the program, then also delete it here.
|
|
*/
|
|
/* copyright --> */
|
|
#ifndef _D_LIBGCRYPT_DH_KEY_EXCHANGE_H_
|
|
#define _D_LIBGCRYPT_DH_KEY_EXCHANGE_H_
|
|
|
|
#include "common.h"
|
|
#include "DlAbortEx.h"
|
|
#include "StringFormat.h"
|
|
#include <gcrypt.h>
|
|
|
|
namespace aria2 {
|
|
|
|
class DHKeyExchange {
|
|
private:
|
|
size_t _keyLength;
|
|
|
|
gcry_mpi_t _prime;
|
|
|
|
gcry_mpi_t _generator;
|
|
|
|
gcry_mpi_t _privateKey;
|
|
|
|
gcry_mpi_t _publicKey;
|
|
|
|
void handleError(gcry_error_t err) const
|
|
{
|
|
throw DlAbortEx
|
|
(StringFormat("Exception in libgcrypt routine(DHKeyExchange class): %s",
|
|
gcry_strerror(err)).str());
|
|
}
|
|
public:
|
|
DHKeyExchange():
|
|
_keyLength(0),
|
|
_prime(0),
|
|
_generator(0),
|
|
_privateKey(0),
|
|
_publicKey(0) {}
|
|
|
|
~DHKeyExchange()
|
|
{
|
|
gcry_mpi_release(_prime);
|
|
gcry_mpi_release(_generator);
|
|
gcry_mpi_release(_privateKey);
|
|
gcry_mpi_release(_publicKey);
|
|
}
|
|
|
|
void init(const unsigned char* prime, size_t primeBits,
|
|
const unsigned char* generator,
|
|
size_t privateKeyBits)
|
|
{
|
|
gcry_mpi_release(_prime);
|
|
gcry_mpi_release(_generator);
|
|
gcry_mpi_release(_privateKey);
|
|
{
|
|
gcry_error_t r = gcry_mpi_scan(&_prime, GCRYMPI_FMT_HEX,
|
|
prime, 0, 0);
|
|
if(r) {
|
|
handleError(r);
|
|
}
|
|
}
|
|
{
|
|
gcry_error_t r = gcry_mpi_scan(&_generator, GCRYMPI_FMT_HEX,
|
|
generator, 0, 0);
|
|
if(r) {
|
|
handleError(r);
|
|
}
|
|
}
|
|
_privateKey = gcry_mpi_new(0);
|
|
gcry_mpi_randomize(_privateKey, privateKeyBits, GCRY_STRONG_RANDOM);
|
|
_keyLength = (primeBits+7)/8;
|
|
}
|
|
|
|
void generatePublicKey()
|
|
{
|
|
gcry_mpi_release(_publicKey);
|
|
_publicKey = gcry_mpi_new(0);
|
|
gcry_mpi_powm(_publicKey, _generator, _privateKey, _prime);
|
|
}
|
|
|
|
size_t getPublicKey(unsigned char* out, size_t outLength) const
|
|
{
|
|
if(outLength < _keyLength) {
|
|
throw DlAbortEx
|
|
(StringFormat("Insufficient buffer for public key. expect:%u, actual:%u",
|
|
_keyLength, outLength).str());
|
|
}
|
|
memset(out, 0, outLength);
|
|
size_t publicKeyBytes = (gcry_mpi_get_nbits(_publicKey)+7)/8;
|
|
size_t offset = _keyLength-publicKeyBytes;
|
|
size_t nwritten;
|
|
gcry_error_t r = gcry_mpi_print(GCRYMPI_FMT_USG, out+offset,
|
|
outLength-offset, &nwritten, _publicKey);
|
|
if(r) {
|
|
handleError(r);
|
|
}
|
|
return nwritten;
|
|
}
|
|
|
|
void generateNonce(unsigned char* out, size_t outLength) const
|
|
{
|
|
gcry_create_nonce(out, outLength);
|
|
}
|
|
|
|
size_t computeSecret(unsigned char* out, size_t outLength,
|
|
const unsigned char* peerPublicKeyData,
|
|
size_t peerPublicKeyLength) const
|
|
{
|
|
if(outLength < _keyLength) {
|
|
throw DlAbortEx
|
|
(StringFormat("Insufficient buffer for secret. expect:%u, actual:%u",
|
|
_keyLength, outLength).str());
|
|
}
|
|
gcry_mpi_t peerPublicKey;
|
|
{
|
|
gcry_error_t r = gcry_mpi_scan(&peerPublicKey, GCRYMPI_FMT_USG, peerPublicKeyData,
|
|
peerPublicKeyLength, 0);
|
|
if(r) {
|
|
handleError(r);
|
|
}
|
|
}
|
|
gcry_mpi_t secret = gcry_mpi_new(0);
|
|
gcry_mpi_powm(secret, peerPublicKey, _privateKey, _prime);
|
|
gcry_mpi_release(peerPublicKey);
|
|
|
|
memset(out, 0, outLength);
|
|
size_t secretBytes = (gcry_mpi_get_nbits(secret)+7)/8;
|
|
size_t offset = _keyLength-secretBytes;
|
|
size_t nwritten;
|
|
{
|
|
gcry_error_t r = gcry_mpi_print(GCRYMPI_FMT_USG, out+offset,
|
|
outLength-offset, &nwritten, secret);
|
|
gcry_mpi_release(secret);
|
|
if(r) {
|
|
handleError(r);
|
|
}
|
|
}
|
|
return nwritten;
|
|
}
|
|
};
|
|
|
|
} // namespace aria2
|
|
|
|
#endif // _D_LIBGCRYPT_DH_KEY_EXCHANGE_H_
|