| blob | fa2c74ff85bb1a93b623812a005b6fc67167ae71 |
1 /* RTMPDump - Diffie-Hellmann Key Exchange
2 * Copyright (C) 2009 Andrej Stepanchuk
3 * Copyright (C) 2009-2010 Howard Chu
4 *
5 * This file is part of librtmp.
6 *
7 * librtmp is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU Lesser General Public License as
9 * published by the Free Software Foundation; either version 2.1,
10 * or (at your option) any later version.
11 *
12 * librtmp is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public License
18 * along with librtmp see the file COPYING. If not, write to
19 * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
20 * Boston, MA 02110-1301, USA.
21 * http://www.gnu.org/copyleft/lgpl.html
22 */
24 #include <stdint.h>
25 #include <stdlib.h>
26 #include <string.h>
27 #include <assert.h>
28 #include <limits.h>
30 #ifdef USE_POLARSSL
31 #include <polarssl/dhm.h>
33 #define MP_new(m) m = malloc(sizeof(mpi)); mpi_init(m)
34 #define MP_set_w(mpi, w) mpi_lset(mpi, w)
35 #define MP_cmp(u, v) mpi_cmp_mpi(u, v)
36 #define MP_set(u, v) mpi_copy(u, v)
37 #define MP_sub_w(mpi, w) mpi_sub_int(mpi, mpi, w)
38 #define MP_cmp_1(mpi) mpi_cmp_int(mpi, 1)
39 #define MP_modexp(r, y, q, p) mpi_exp_mod(r, y, q, p, NULL)
40 #define MP_free(mpi) mpi_free(mpi); free(mpi)
41 #define MP_gethex(u, hex, res) MP_new(u); res = mpi_read_string(u, 16, hex) == 0
42 #define MP_bytes(u) mpi_size(u)
43 #define MP_setbin(u,buf,len) mpi_write_binary(u,buf,len)
44 #define MP_getbin(u,buf,len) MP_new(u); mpi_read_binary(u,buf,len)
45 #define MP_setpg(dh, p, g) dh->p = p; dh->g = g
46 #define MP_setlength(dh, l) dh->length = l
47 #define MP_getp(dh) dh->p
48 #define MP_getpubkey(dh) dh->pub_key
51 MP_t p;
52 MP_t g;
53 MP_t pub_key;
54 MP_t priv_key;
56 dhm_context ctx;
59 #define MDH_new() calloc(1,sizeof(MDH))
60 #define MDH_free(vp) {MDH *_dh = vp; dhm_free(&_dh->ctx); MP_free(_dh->p); MP_free(_dh->g); MP_free(_dh->pub_key); MP_free(_dh->priv_key); free(_dh);}
63 {
74 }
77 {
81 }
83 #elif defined(USE_GNUTLS)
84 #include <gmp.h>
85 #include <nettle/bignum.h>
86 #include <gnutls/crypto.h>
88 #define MP_new(m) m = malloc(sizeof(*m)); mpz_init2(m, 1)
89 #define MP_set_w(mpi, w) mpz_set_ui(mpi, w)
90 #define MP_cmp(u, v) mpz_cmp(u, v)
91 #define MP_set(u, v) mpz_set(u, v)
92 #define MP_sub_w(mpi, w) mpz_sub_ui(mpi, mpi, w)
93 #define MP_cmp_1(mpi) mpz_cmp_ui(mpi, 1)
94 #define MP_modexp(r, y, q, p) mpz_powm(r, y, q, p)
95 #define MP_free(mpi) mpz_clear(mpi); free(mpi)
96 #define MP_gethex(u, hex, res) u = malloc(sizeof(*u)); mpz_init2(u, 1); res = (mpz_set_str(u, hex, 16) == 0)
97 #define MP_bytes(u) (mpz_sizeinbase(u, 2) + 7) / 8
98 #define MP_setbin(u,buf,len) nettle_mpz_get_str_256(len,buf,u)
99 #define MP_getbin(u,buf,len) u = malloc(sizeof(*u)); mpz_init2(u, 1); nettle_mpz_set_str_256_u(u,len,buf)
100 #define MP_setpg(dh, p, g) dh->p = p; dh->g = g
101 #define MP_setlength(dh, l) dh->length = l
102 #define MP_getp(dh) dh->p
103 #define MP_getpubkey(dh) dh->pub_key
106 MP_t p;
107 MP_t g;
108 MP_t pub_key;
109 MP_t priv_key;
113 #define MDH_new() calloc(1,sizeof(MDH))
114 #define MDH_free(dh) do {MP_free(((MDH*)(dh))->p); MP_free(((MDH*)(dh))->g); MP_free(((MDH*)(dh))->pub_key); MP_free(((MDH*)(dh))->priv_key); free(dh);} while(0)
117 {
120 gmp_randstate_t rs;
144 }
149 }
152 {
153 mpz_ptr k;
170 /* return the length of the shared secret key like DH_compute_key */
172 }
175 #include <openssl/bn.h>
176 #include <openssl/dh.h>
179 #define MP_new(m) m = BN_new()
180 #define MP_set_w(mpi, w) BN_set_word(mpi, w)
181 #define MP_cmp(u, v) BN_cmp(u, v)
182 #define MP_set(u, v) BN_copy(u, v)
183 #define MP_sub_w(mpi, w) BN_sub_word(mpi, w)
184 #define MP_cmp_1(mpi) BN_cmp(mpi, BN_value_one())
185 #define MP_modexp(r, y, q, p) do {BN_CTX *ctx = BN_CTX_new(); BN_mod_exp(r, y, q, p, ctx); BN_CTX_free(ctx);} while(0)
186 #define MP_free(mpi) BN_free(mpi)
187 #define MP_gethex(u, hex, res) res = BN_hex2bn(&u, hex)
188 #define MP_bytes(u) BN_num_bytes(u)
189 #define MP_setbin(u,buf,len) BN_bn2bin(u,buf)
190 #define MP_getbin(u,buf,len) u = BN_bin2bn(buf,len,0)
192 #define MDH DH
193 #define MDH_new() DH_new()
194 #define MDH_free(dh) DH_free(dh)
195 #define MDH_generate_key(dh) DH_generate_key(dh)
196 #define MDH_compute_key(secret, seclen, pub, dh) DH_compute_key(secret, pub, dh)
198 #if OPENSSL_VERSION_NUMBER >= 0x10100000
199 #define MP_setpg(dh, p, g) DH_set0_pqg(dh, p, NULL, g)
200 #define MP_setlength(dh, l) DH_set_length(dh, l)
201 #define MP_getp(dh) DH_get0_p(dh)
202 #define MP_getpubkey(dh) DH_get0_pub_key(dh)
203 #else
204 #define MP_setpg(dh, p, g) dh->p = p; dh->g = g
205 #define MP_setlength(dh, l) dh->length = l
206 #define MP_getp(dh) dh->p
207 #define MP_getpubkey(dh) dh->pub_key
208 #endif
209 #endif
214 /* RFC 2631, Section 2.1.5, http://www.ietf.org/rfc/rfc2631.txt */
215 static int
217 {
219 MP_t bn;
225 /* y must lie in [2,p-1] */
228 {
232 }
234 /* bn = p-2 */
238 {
242 }
244 /* Verify with Sophie-Germain prime
245 *
246 * This is a nice test to make sure the public key position is calculated
247 * correctly. This test will fail in about 50% of the cases if applied to
248 * random data.
249 */
251 {
252 /* y must fulfill y^q mod p = 1 */
256 {
258 }
259 }
261 failed:
264 }
268 {
283 {
285 }
293 failed:
298 }
300 static int
302 {
303 MP_t q1;
311 do
312 {
314 {
318 }
319 else
320 {
321 #if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000
325 #endif
328 }
332 }
334 /* fill pubkey with the public key in BIG ENDIAN order
335 * 00 00 00 00 00 x1 x2 x3 .....
336 */
338 static int
340 {
342 MP_t pub_key;
353 }
356 static int
358 {
369 }
370 #endif
372 /* computes the shared secret key from the private MDH value and the
373 * other party's public key (pubkey)
374 */
375 static int
378 {
395 else
402 }