本文整理汇总了C++中BN_add函数的典型用法代码示例。如果您正苦于以下问题:C++ BN_add函数的具体用法?C++ BN_add怎么用?C++ BN_add使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了BN_add函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: PKCS12_key_gen_uni
int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
int saltlen, int id, int iter, int n,
unsigned char *out, const EVP_MD *md_type)
{
unsigned char *B = NULL, *D = NULL, *I = NULL, *p = NULL, *Ai = NULL;
int Slen, Plen, Ilen, Ijlen;
int i, j, u, v;
int ret = 0;
BIGNUM *Ij = NULL, *Bpl1 = NULL; /* These hold Ij and B + 1 */
EVP_MD_CTX *ctx = NULL;
#ifdef OPENSSL_DEBUG_KEYGEN
unsigned char *tmpout = out;
int tmpn = n;
#endif
ctx = EVP_MD_CTX_new();
if (ctx == NULL)
goto err;
#ifdef OPENSSL_DEBUG_KEYGEN
fprintf(stderr, "KEYGEN DEBUG\n");
fprintf(stderr, "ID %d, ITER %d\n", id, iter);
fprintf(stderr, "Password (length %d):\n", passlen);
h__dump(pass, passlen);
fprintf(stderr, "Salt (length %d):\n", saltlen);
h__dump(salt, saltlen);
#endif
v = EVP_MD_block_size(md_type);
u = EVP_MD_size(md_type);
if (u < 0 || v <= 0)
goto err;
D = OPENSSL_malloc(v);
Ai = OPENSSL_malloc(u);
B = OPENSSL_malloc(v + 1);
Slen = v * ((saltlen + v - 1) / v);
if (passlen)
Plen = v * ((passlen + v - 1) / v);
else
Plen = 0;
Ilen = Slen + Plen;
I = OPENSSL_malloc(Ilen);
Ij = BN_new();
Bpl1 = BN_new();
if (D == NULL || Ai == NULL || B == NULL || I == NULL || Ij == NULL
|| Bpl1 == NULL)
goto err;
for (i = 0; i < v; i++)
D[i] = id;
p = I;
for (i = 0; i < Slen; i++)
*p++ = salt[i % saltlen];
for (i = 0; i < Plen; i++)
*p++ = pass[i % passlen];
for (;;) {
if (!EVP_DigestInit_ex(ctx, md_type, NULL)
|| !EVP_DigestUpdate(ctx, D, v)
|| !EVP_DigestUpdate(ctx, I, Ilen)
|| !EVP_DigestFinal_ex(ctx, Ai, NULL))
goto err;
for (j = 1; j < iter; j++) {
if (!EVP_DigestInit_ex(ctx, md_type, NULL)
|| !EVP_DigestUpdate(ctx, Ai, u)
|| !EVP_DigestFinal_ex(ctx, Ai, NULL))
goto err;
}
memcpy(out, Ai, min(n, u));
if (u >= n) {
#ifdef OPENSSL_DEBUG_KEYGEN
fprintf(stderr, "Output KEY (length %d)\n", tmpn);
h__dump(tmpout, tmpn);
#endif
ret = 1;
goto end;
}
n -= u;
out += u;
for (j = 0; j < v; j++)
B[j] = Ai[j % u];
/* Work out B + 1 first then can use B as tmp space */
if (!BN_bin2bn(B, v, Bpl1))
goto err;
if (!BN_add_word(Bpl1, 1))
goto err;
for (j = 0; j < Ilen; j += v) {
if (!BN_bin2bn(I + j, v, Ij))
goto err;
if (!BN_add(Ij, Ij, Bpl1))
goto err;
if (!BN_bn2bin(Ij, B))
goto err;
Ijlen = BN_num_bytes(Ij);
/* If more than 2^(v*8) - 1 cut off MSB */
if (Ijlen > v) {
if (!BN_bn2bin(Ij, B))
goto err;
memcpy(I + j, B + 1, v);
#ifndef PKCS12_BROKEN_KEYGEN
/* If less than v bytes pad with zeroes */
} else if (Ijlen < v) {
memset(I + j, 0, v - Ijlen);
//.........这里部分代码省略.........
示例2: BN_X931_derive_prime_ex
int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
const BIGNUM *Xp, const BIGNUM *Xp1,
const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx,
BN_GENCB *cb)
{
int ret = 0;
BIGNUM *t, *p1p2, *pm1;
/* Only even e supported */
if (!BN_is_odd(e))
return 0;
BN_CTX_start(ctx);
if (!p1)
p1 = BN_CTX_get(ctx);
if (!p2)
p2 = BN_CTX_get(ctx);
t = BN_CTX_get(ctx);
p1p2 = BN_CTX_get(ctx);
pm1 = BN_CTX_get(ctx);
if (!bn_x931_derive_pi(p1, Xp1, ctx, cb))
goto err;
if (!bn_x931_derive_pi(p2, Xp2, ctx, cb))
goto err;
if (!BN_mul(p1p2, p1, p2, ctx))
goto err;
/* First set p to value of Rp */
if (!BN_mod_inverse(p, p2, p1, ctx))
goto err;
if (!BN_mul(p, p, p2, ctx))
goto err;
if (!BN_mod_inverse(t, p1, p2, ctx))
goto err;
if (!BN_mul(t, t, p1, ctx))
goto err;
if (!BN_sub(p, p, t))
goto err;
if (p->neg && !BN_add(p, p, p1p2))
goto err;
/* p now equals Rp */
if (!BN_mod_sub(p, p, Xp, p1p2, ctx))
goto err;
if (!BN_add(p, p, Xp))
goto err;
/* p now equals Yp0 */
for (;;) {
int i = 1;
BN_GENCB_call(cb, 0, i++);
if (!BN_copy(pm1, p))
goto err;
if (!BN_sub_word(pm1, 1))
goto err;
if (!BN_gcd(t, pm1, e, ctx))
goto err;
if (BN_is_one(t)
/*
* X9.31 specifies 8 MR and 1 Lucas test or any prime test
* offering similar or better guarantees 50 MR is considerably
* better.
*/
&& BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb))
break;
if (!BN_add(p, p, p1p2))
goto err;
}
BN_GENCB_call(cb, 3, 0);
ret = 1;
err:
BN_CTX_end(ctx);
return ret;
}示例3: PKCS12_key_gen_uni
int
PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
int saltlen, int id, int iter, int n, unsigned char *out,
const EVP_MD *md_type)
{
unsigned char *B, *D, *I, *p, *Ai;
int Slen, Plen, Ilen, Ijlen;
int i, j, u, v;
int ret = 0;
BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */
EVP_MD_CTX ctx;
#if 0
if (!pass) {
PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
#endif
EVP_MD_CTX_init(&ctx);
v = EVP_MD_block_size(md_type);
u = EVP_MD_size(md_type);
if (u < 0)
return 0;
D = malloc(v);
Ai = malloc(u);
B = malloc(v + 1);
Slen = v * ((saltlen + v - 1) / v);
if (passlen)
Plen = v * ((passlen + v - 1)/v);
else
Plen = 0;
Ilen = Slen + Plen;
I = malloc(Ilen);
Ij = BN_new();
Bpl1 = BN_new();
if (!D || !Ai || !B || !I || !Ij || !Bpl1)
goto err;
for (i = 0; i < v; i++)
D[i] = id;
p = I;
for (i = 0; i < Slen; i++)
*p++ = salt[i % saltlen];
for (i = 0; i < Plen; i++)
*p++ = pass[i % passlen];
for (;;) {
if (!EVP_DigestInit_ex(&ctx, md_type, NULL) ||
!EVP_DigestUpdate(&ctx, D, v) ||
!EVP_DigestUpdate(&ctx, I, Ilen) ||
!EVP_DigestFinal_ex(&ctx, Ai, NULL))
goto err;
for (j = 1; j < iter; j++) {
if (!EVP_DigestInit_ex(&ctx, md_type, NULL) ||
!EVP_DigestUpdate(&ctx, Ai, u) ||
!EVP_DigestFinal_ex(&ctx, Ai, NULL))
goto err;
}
memcpy (out, Ai, min (n, u));
if (u >= n) {
ret = 1;
goto end;
}
n -= u;
out += u;
for (j = 0; j < v; j++)
B[j] = Ai[j % u];
/* Work out B + 1 first then can use B as tmp space */
if (!BN_bin2bn (B, v, Bpl1))
goto err;
if (!BN_add_word (Bpl1, 1))
goto err;
for (j = 0; j < Ilen; j += v) {
if (!BN_bin2bn(I + j, v, Ij))
goto err;
if (!BN_add(Ij, Ij, Bpl1))
goto err;
if (!BN_bn2bin(Ij, B))
goto err;
Ijlen = BN_num_bytes (Ij);
/* If more than 2^(v*8) - 1 cut off MSB */
if (Ijlen > v) {
if (!BN_bn2bin (Ij, B))
goto err;
memcpy (I + j, B + 1, v);
#ifndef PKCS12_BROKEN_KEYGEN
/* If less than v bytes pad with zeroes */
} else if (Ijlen < v) {
memset(I + j, 0, v - Ijlen);
if (!BN_bn2bin(Ij, I + j + v - Ijlen))
goto err;
#endif
} else if (!BN_bn2bin (Ij, I + j))
goto err;
}
}
err:
PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI, ERR_R_MALLOC_FAILURE);
end:
//.........这里部分代码省略.........
示例4: bn_check_top
/* solves ax == 1 (mod n) */
BIGNUM *BN_mod_inverse(BIGNUM *in, BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
{
BIGNUM *A,*B,*X,*Y,*M,*D,*R=NULL;
BIGNUM *T,*ret=NULL;
int sign;
bn_check_top(a);
bn_check_top(n);
BN_CTX_start(ctx);
A = BN_CTX_get(ctx);
B = BN_CTX_get(ctx);
X = BN_CTX_get(ctx);
D = BN_CTX_get(ctx);
M = BN_CTX_get(ctx);
Y = BN_CTX_get(ctx);
if (Y == NULL) goto err;
if (in == NULL)
R=BN_new();
else
R=in;
if (R == NULL) goto err;
if (!BN_zero(X)) goto err;
if (!BN_one(Y)) goto err;
if (BN_copy(A,a) == NULL) goto err;
if (BN_copy(B,n) == NULL) goto err;
sign=1;
while (!BN_is_zero(B))
{
if (!BN_div(D,M,A,B,ctx)) goto err;
T=A;
A=B;
B=M;
/* T has a struct, M does not */
if (!BN_mul(T,D,X,ctx)) goto err;
if (!BN_add(T,T,Y)) goto err;
M=Y;
Y=X;
X=T;
sign= -sign;
}
if (sign < 0)
{
if (!BN_sub(Y,n,Y)) goto err;
}
if (BN_is_one(A))
{ if (!BN_mod(R,Y,n,ctx)) goto err; }
else
{
BNerr(BN_F_BN_MOD_INVERSE,BN_R_NO_INVERSE);
goto err;
}
ret=R;
err:
if ((ret == NULL) && (in == NULL)) BN_free(R);
BN_CTX_end(ctx);
return(ret);
}示例5: get_prefix_ranges
/*
* Find the bignum ranges that produce a given prefix.
*/
static int
get_prefix_ranges(int addrtype, const char *pfx, BIGNUM **result,
BN_CTX *bnctx)
{
int i, p, c;
int zero_prefix = 0;
int check_upper = 0;
int b58pow, b58ceil, b58top = 0;
int ret = -1;
BIGNUM bntarg, bnceil, bnfloor;
BIGNUM bnbase;
BIGNUM *bnap, *bnbp, *bntp;
BIGNUM *bnhigh = NULL, *bnlow = NULL, *bnhigh2 = NULL, *bnlow2 = NULL;
BIGNUM bntmp, bntmp2;
BN_init(&bntarg);
BN_init(&bnceil);
BN_init(&bnfloor);
BN_init(&bnbase);
BN_init(&bntmp);
BN_init(&bntmp2);
BN_set_word(&bnbase, 58);
p = strlen(pfx);
for (i = 0; i < p; i++) {
c = vg_b58_reverse_map[(int)pfx[i]];
if (c == -1) {
fprintf(stderr,
"Invalid character '%c' in prefix '%s'\n",
pfx[i], pfx);
goto out;
}
if (i == zero_prefix) {
if (c == 0) {
/* Add another zero prefix */
zero_prefix++;
if (zero_prefix > 19) {
fprintf(stderr,
"Prefix '%s' is too long\n",
pfx);
goto out;
}
continue;
}
/* First non-zero character */
b58top = c;
BN_set_word(&bntarg, c);
} else {
BN_set_word(&bntmp2, c);
BN_mul(&bntmp, &bntarg, &bnbase, bnctx);
BN_add(&bntarg, &bntmp, &bntmp2);
}
}
/* Power-of-two ceiling and floor values based on leading 1s */
BN_clear(&bntmp);
BN_set_bit(&bntmp, 200 - (zero_prefix * 8));
BN_sub(&bnceil, &bntmp, BN_value_one());
BN_set_bit(&bnfloor, 192 - (zero_prefix * 8));
bnlow = BN_new();
bnhigh = BN_new();
if (b58top) {
/*
* If a non-zero was given in the prefix, find the
* numeric boundaries of the prefix.
*/
BN_copy(&bntmp, &bnceil);
bnap = &bntmp;
bnbp = &bntmp2;
b58pow = 0;
while (BN_cmp(bnap, &bnbase) > 0) {
b58pow++;
BN_div(bnbp, NULL, bnap, &bnbase, bnctx);
bntp = bnap;
bnap = bnbp;
bnbp = bntp;
}
b58ceil = BN_get_word(bnap);
if ((b58pow - (p - zero_prefix)) < 6) {
/*
* Do not allow the prefix to constrain the
* check value, this is ridiculous.
*/
fprintf(stderr, "Prefix '%s' is too long\n", pfx);
goto out;
}
BN_set_word(&bntmp2, b58pow - (p - zero_prefix));
//.........这里部分代码省略.........
示例6: tmp
bigint& bigint::operator += ( const bigint& a ){
bigint tmp(*this);
BN_add( tmp.n, n, a.n );
std::swap(*this,tmp);
return *this;
}示例7: eap_pwd_build_commit_req
static struct wpabuf *
eap_pwd_build_commit_req(struct eap_sm *sm, struct eap_pwd_data *data, u8 id)
{
struct wpabuf *req = NULL;
BIGNUM *mask = NULL, *x = NULL, *y = NULL;
u8 *scalar = NULL, *element = NULL;
u16 offset;
wpa_printf(MSG_DEBUG, "EAP-pwd: Commit/Request");
if (((data->private_value = BN_new()) == NULL) ||
((data->my_element = EC_POINT_new(data->grp->group)) == NULL) ||
((data->my_scalar = BN_new()) == NULL) ||
((mask = BN_new()) == NULL)) {
wpa_printf(MSG_INFO, "EAP-PWD (server): scalar allocation "
"fail");
goto fin;
}
BN_rand_range(data->private_value, data->grp->order);
BN_rand_range(mask, data->grp->order);
BN_add(data->my_scalar, data->private_value, mask);
BN_mod(data->my_scalar, data->my_scalar, data->grp->order,
data->bnctx);
if (!EC_POINT_mul(data->grp->group, data->my_element, NULL,
data->grp->pwe, mask, data->bnctx)) {
wpa_printf(MSG_INFO, "EAP-PWD (server): element allocation "
"fail");
eap_pwd_state(data, FAILURE);
goto fin;
}
if (!EC_POINT_invert(data->grp->group, data->my_element, data->bnctx))
{
wpa_printf(MSG_INFO, "EAP-PWD (server): element inversion "
"fail");
goto fin;
}
BN_free(mask);
if (((x = BN_new()) == NULL) ||
((y = BN_new()) == NULL)) {
wpa_printf(MSG_INFO, "EAP-PWD (server): point allocation "
"fail");
goto fin;
}
if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group,
data->my_element, x, y,
data->bnctx)) {
wpa_printf(MSG_INFO, "EAP-PWD (server): point assignment "
"fail");
goto fin;
}
if (((scalar = os_malloc(BN_num_bytes(data->grp->order))) == NULL) ||
((element = os_malloc(BN_num_bytes(data->grp->prime) * 2)) ==
NULL)) {
wpa_printf(MSG_INFO, "EAP-PWD (server): data allocation fail");
goto fin;
}
/*
* bignums occupy as little memory as possible so one that is
* sufficiently smaller than the prime or order might need pre-pending
* with zeros.
*/
os_memset(scalar, 0, BN_num_bytes(data->grp->order));
os_memset(element, 0, BN_num_bytes(data->grp->prime) * 2);
offset = BN_num_bytes(data->grp->order) -
BN_num_bytes(data->my_scalar);
BN_bn2bin(data->my_scalar, scalar + offset);
offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(x);
BN_bn2bin(x, element + offset);
offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(y);
BN_bn2bin(y, element + BN_num_bytes(data->grp->prime) + offset);
req = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_PWD,
1 + (2 * BN_num_bytes(data->grp->prime)) +
BN_num_bytes(data->grp->order),
EAP_CODE_REQUEST, id);
if (req == NULL)
goto fin;
wpabuf_put_u8(req, EAP_PWD_OPCODE_COMMIT_EXCH);
/* We send the element as (x,y) followed by the scalar */
wpabuf_put_data(req, element, (2 * BN_num_bytes(data->grp->prime)));
wpabuf_put_data(req, scalar, BN_num_bytes(data->grp->order));
fin:
os_free(scalar);
os_free(element);
BN_free(x);
BN_free(y);
if (req == NULL)
eap_pwd_state(data, FAILURE);
return req;
}示例8: dsa_builtin_paramgen
//.........这里部分代码省略.........
if(!BN_GENCB_call(cb, 2, 0)) goto err;
if(!BN_GENCB_call(cb, 3, 0)) goto err;
/* step 6 */
counter=0;
/* "offset = 2" */
n=(bits-1)/160;
for (;;)
{
if ((counter != 0) && !BN_GENCB_call(cb, 0, counter))
goto err;
/* step 7 */
BN_zero(W);
/* now 'buf' contains "SEED + offset - 1" */
for (k=0; k<=n; k++)
{
/* obtain "SEED + offset + k" by incrementing: */
for (i = qsize-1; i >= 0; i--)
{
buf[i]++;
if (buf[i] != 0)
break;
}
EVP_Digest(buf, qsize, md ,NULL, evpmd, NULL);
/* step 8 */
if (!BN_bin2bn(md, qsize, r0))
goto err;
if (!BN_lshift(r0,r0,(qsize << 3)*k)) goto err;
if (!BN_add(W,W,r0)) goto err;
}
/* more of step 8 */
if (!BN_mask_bits(W,bits-1)) goto err;
if (!BN_copy(X,W)) goto err;
if (!BN_add(X,X,test)) goto err;
/* step 9 */
if (!BN_lshift1(r0,q)) goto err;
if (!BN_mod(c,X,r0,ctx)) goto err;
if (!BN_sub(r0,c,BN_value_one())) goto err;
if (!BN_sub(p,X,r0)) goto err;
/* step 10 */
if (BN_cmp(p,test) >= 0)
{
/* step 11 */
r = BN_is_prime_fasttest_ex(p, DSS_prime_checks,
ctx, 1, cb);
if (r > 0)
goto end; /* found it */
if (r != 0)
goto err;
}
/* step 13 */
counter++;
/* "offset = offset + n + 1" */
/* step 14 */
if (counter >= 4096) break;
}示例9: void
//.........这里部分代码省略.........
if (callback != NULL) callback(2,0,cb_arg);
if (callback != NULL) callback(3,0,cb_arg);
/* step 6 */
counter=0;
/* "offset = 2" */
n=(bits-1)/160;
b=(bits-1)-n*160;
for (;;)
{
if (callback != NULL && counter != 0)
callback(0,counter,cb_arg);
/* step 7 */
if (!BN_zero(W)) goto err;
/* now 'buf' contains "SEED + offset - 1" */
for (k=0; k<=n; k++)
{
/* obtain "SEED + offset + k" by incrementing: */
for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
{
buf[i]++;
if (buf[i] != 0) break;
}
EVP_Digest(buf,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL);
/* step 8 */
if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0))
goto err;
if (!BN_lshift(r0,r0,160*k)) goto err;
if (!BN_add(W,W,r0)) goto err;
}
/* more of step 8 */
if (!BN_mask_bits(W,bits-1)) goto err;
if (!BN_copy(X,W)) goto err;
if (!BN_add(X,X,test)) goto err;
/* step 9 */
if (!BN_lshift1(r0,q)) goto err;
if (!BN_mod(c,X,r0,ctx)) goto err;
if (!BN_sub(r0,c,BN_value_one())) goto err;
if (!BN_sub(p,X,r0)) goto err;
/* step 10 */
if (BN_cmp(p,test) >= 0)
{
/* step 11 */
r = BN_is_prime_fasttest(p, DSS_prime_checks, callback, ctx3, cb_arg, 1);
if (r > 0)
goto end; /* found it */
if (r != 0)
goto err;
}
/* step 13 */
counter++;
/* "offset = offset + n + 1" */
/* step 14 */
if (counter >= 4096) break;
}
}示例10: eap_pwd_perform_commit_exchange
static void
eap_pwd_perform_commit_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
struct eap_method_ret *ret,
const struct wpabuf *reqData,
const u8 *payload, size_t payload_len)
{
EC_POINT *K = NULL, *point = NULL;
BIGNUM *mask = NULL, *x = NULL, *y = NULL, *cofactor = NULL;
u16 offset;
u8 *ptr, *scalar = NULL, *element = NULL;
size_t prime_len, order_len;
if (data->state != PWD_Commit_Req) {
ret->ignore = TRUE;
goto fin;
}
prime_len = BN_num_bytes(data->grp->prime);
order_len = BN_num_bytes(data->grp->order);
if (payload_len != 2 * prime_len + order_len) {
wpa_printf(MSG_INFO,
"EAP-pwd: Unexpected Commit payload length %u (expected %u)",
(unsigned int) payload_len,
(unsigned int) (2 * prime_len + order_len));
goto fin;
}
if (((data->private_value = BN_new()) == NULL) ||
((data->my_element = EC_POINT_new(data->grp->group)) == NULL) ||
((cofactor = BN_new()) == NULL) ||
((data->my_scalar = BN_new()) == NULL) ||
((mask = BN_new()) == NULL)) {
wpa_printf(MSG_INFO, "EAP-PWD (peer): scalar allocation fail");
goto fin;
}
if (!EC_GROUP_get_cofactor(data->grp->group, cofactor, NULL)) {
wpa_printf(MSG_INFO, "EAP-pwd (peer): unable to get cofactor "
"for curve");
goto fin;
}
if (BN_rand_range(data->private_value, data->grp->order) != 1 ||
BN_rand_range(mask, data->grp->order) != 1 ||
BN_add(data->my_scalar, data->private_value, mask) != 1 ||
BN_mod(data->my_scalar, data->my_scalar, data->grp->order,
data->bnctx) != 1) {
wpa_printf(MSG_INFO,
"EAP-pwd (peer): unable to get randomness");
goto fin;
}
if (!EC_POINT_mul(data->grp->group, data->my_element, NULL,
data->grp->pwe, mask, data->bnctx)) {
wpa_printf(MSG_INFO, "EAP-PWD (peer): element allocation "
"fail");
eap_pwd_state(data, FAILURE);
goto fin;
}
if (!EC_POINT_invert(data->grp->group, data->my_element, data->bnctx))
{
wpa_printf(MSG_INFO, "EAP-PWD (peer): element inversion fail");
goto fin;
}
BN_clear_free(mask);
if (((x = BN_new()) == NULL) ||
((y = BN_new()) == NULL)) {
wpa_printf(MSG_INFO, "EAP-PWD (peer): point allocation fail");
goto fin;
}
/* process the request */
if (((data->server_scalar = BN_new()) == NULL) ||
((data->k = BN_new()) == NULL) ||
((K = EC_POINT_new(data->grp->group)) == NULL) ||
((point = EC_POINT_new(data->grp->group)) == NULL) ||
((data->server_element = EC_POINT_new(data->grp->group)) == NULL))
{
wpa_printf(MSG_INFO, "EAP-PWD (peer): peer data allocation "
"fail");
goto fin;
}
/* element, x then y, followed by scalar */
ptr = (u8 *) payload;
BN_bin2bn(ptr, BN_num_bytes(data->grp->prime), x);
ptr += BN_num_bytes(data->grp->prime);
BN_bin2bn(ptr, BN_num_bytes(data->grp->prime), y);
ptr += BN_num_bytes(data->grp->prime);
BN_bin2bn(ptr, BN_num_bytes(data->grp->order), data->server_scalar);
if (!EC_POINT_set_affine_coordinates_GFp(data->grp->group,
data->server_element, x, y,
data->bnctx)) {
wpa_printf(MSG_INFO, "EAP-PWD (peer): setting peer element "
"fail");
goto fin;
}
//.........这里部分代码省略.........
示例11: BN_mod_add
int
BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)
{
if (!BN_add(r, a, b)) return 0;
return BN_nnmod(r, r, m, ctx);
}示例12: probable_prime_dh_safe
static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd,
const BIGNUM *rem, BN_CTX *ctx) {
int i, ret = 0;
BIGNUM *t1, *qadd, *q;
bits--;
BN_CTX_start(ctx);
t1 = BN_CTX_get(ctx);
q = BN_CTX_get(ctx);
qadd = BN_CTX_get(ctx);
if (qadd == NULL) {
goto err;
}
if (!BN_rshift1(qadd, padd)) {
goto err;
}
if (!BN_rand(q, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD)) {
goto err;
}
/* we need ((rnd-rem) % add) == 0 */
if (!BN_mod(t1, q, qadd, ctx)) {
goto err;
}
if (!BN_sub(q, q, t1)) {
goto err;
}
if (rem == NULL) {
if (!BN_add_word(q, 1)) {
goto err;
}
} else {
if (!BN_rshift1(t1, rem)) {
goto err;
}
if (!BN_add(q, q, t1)) {
goto err;
}
}
/* we now have a random number 'rand' to test. */
if (!BN_lshift1(p, q)) {
goto err;
}
if (!BN_add_word(p, 1)) {
goto err;
}
loop:
for (i = 1; i < NUMPRIMES; i++) {
/* check that p and q are prime */
/* check that for p and q
* gcd(p-1,primes) == 1 (except for 2) */
BN_ULONG pmod = BN_mod_word(p, (BN_ULONG)primes[i]);
BN_ULONG qmod = BN_mod_word(q, (BN_ULONG)primes[i]);
if (pmod == (BN_ULONG)-1 || qmod == (BN_ULONG)-1) {
goto err;
}
if (pmod == 0 || qmod == 0) {
if (!BN_add(p, p, padd)) {
goto err;
}
if (!BN_add(q, q, qadd)) {
goto err;
}
goto loop;
}
}
ret = 1;
err:
BN_CTX_end(ctx);
return ret;
}示例13: mod_exp
static int mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) {
assert(ctx != NULL);
assert(rsa->n != NULL);
assert(rsa->e != NULL);
assert(rsa->d != NULL);
assert(rsa->p != NULL);
assert(rsa->q != NULL);
assert(rsa->dmp1 != NULL);
assert(rsa->dmq1 != NULL);
assert(rsa->iqmp != NULL);
BIGNUM *r1, *m1, *vrfy;
BIGNUM local_dmp1, local_dmq1, local_c, local_r1;
BIGNUM *dmp1, *dmq1, *c, *pr1;
int ret = 0;
size_t i, num_additional_primes = 0;
if (rsa->additional_primes != NULL) {
num_additional_primes = sk_RSA_additional_prime_num(rsa->additional_primes);
}
BN_CTX_start(ctx);
r1 = BN_CTX_get(ctx);
m1 = BN_CTX_get(ctx);
vrfy = BN_CTX_get(ctx);
if (r1 == NULL ||
m1 == NULL ||
vrfy == NULL) {
goto err;
}
{
BIGNUM local_p, local_q;
BIGNUM *p = NULL, *q = NULL;
/* Make sure BN_mod_inverse in Montgomery intialization uses the
* BN_FLG_CONSTTIME flag. */
BN_init(&local_p);
p = &local_p;
BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
BN_init(&local_q);
q = &local_q;
BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME);
if (!BN_MONT_CTX_set_locked(&rsa->mont_p, &rsa->lock, p, ctx) ||
!BN_MONT_CTX_set_locked(&rsa->mont_q, &rsa->lock, q, ctx)) {
goto err;
}
}
if (!BN_MONT_CTX_set_locked(&rsa->mont_n, &rsa->lock, rsa->n, ctx)) {
goto err;
}
/* compute I mod q */
c = &local_c;
BN_with_flags(c, I, BN_FLG_CONSTTIME);
if (!BN_mod(r1, c, rsa->q, ctx)) {
goto err;
}
/* compute r1^dmq1 mod q */
dmq1 = &local_dmq1;
BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME);
if (!BN_mod_exp_mont_consttime(m1, r1, dmq1, rsa->q, ctx, rsa->mont_q)) {
goto err;
}
/* compute I mod p */
c = &local_c;
BN_with_flags(c, I, BN_FLG_CONSTTIME);
if (!BN_mod(r1, c, rsa->p, ctx)) {
goto err;
}
/* compute r1^dmp1 mod p */
dmp1 = &local_dmp1;
BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME);
if (!BN_mod_exp_mont_consttime(r0, r1, dmp1, rsa->p, ctx, rsa->mont_p)) {
goto err;
}
if (!BN_sub(r0, r0, m1)) {
goto err;
}
/* This will help stop the size of r0 increasing, which does
* affect the multiply if it optimised for a power of 2 size */
if (BN_is_negative(r0)) {
if (!BN_add(r0, r0, rsa->p)) {
goto err;
}
}
if (!BN_mul(r1, r0, rsa->iqmp, ctx)) {
goto err;
}
/* Turn BN_FLG_CONSTTIME flag on before division operation */
//.........这里部分代码省略.........
示例14: BN_from_montgomery
//.........这里部分代码省略.........
#else
memset(&(r->d[r->top]),0,(max-r->top)*sizeof(BN_ULONG));
#endif
r->top=max;
n0=mont->n0;
#ifdef BN_COUNT
fprintf(stderr,"word BN_from_montgomery %d * %d\n",nl,nl);
#endif
for (i=0; i<nl; i++)
{
#ifdef __TANDEM
{
long long t1;
long long t2;
long long t3;
t1 = rp[0] * (n0 & 0177777);
t2 = 037777600000l;
t2 = n0 & t2;
t3 = rp[0] & 0177777;
t2 = (t3 * t2) & BN_MASK2;
t1 = t1 + t2;
v=bn_mul_add_words(rp,np,nl,(BN_ULONG) t1);
}
#else
v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2);
#endif
nrp++;
rp++;
if (((nrp[-1]+=v)&BN_MASK2) >= v)
continue;
else
{
if (((++nrp[0])&BN_MASK2) != 0) continue;
if (((++nrp[1])&BN_MASK2) != 0) continue;
for (x=2; (((++nrp[x])&BN_MASK2) == 0); x++) ;
}
}
bn_fix_top(r);
/* mont->ri will be a multiple of the word size */
#if 0
BN_rshift(ret,r,mont->ri);
#else
ret->neg = r->neg;
x=ri;
rp=ret->d;
ap= &(r->d[x]);
if (r->top < x)
al=0;
else
al=r->top-x;
ret->top=al;
al-=4;
for (i=0; i<al; i+=4)
{
BN_ULONG t1,t2,t3,t4;
t1=ap[i+0];
t2=ap[i+1];
t3=ap[i+2];
t4=ap[i+3];
rp[i+0]=t1;
rp[i+1]=t2;
rp[i+2]=t3;
rp[i+3]=t4;
}
al+=4;
for (; i<al; i++)
rp[i]=ap[i];
#endif
#else /* !MONT_WORD */
BIGNUM *t1,*t2;
BN_CTX_start(ctx);
t1 = BN_CTX_get(ctx);
t2 = BN_CTX_get(ctx);
if (t1 == NULL || t2 == NULL) goto err;
if (!BN_copy(t1,a)) goto err;
BN_mask_bits(t1,mont->ri);
if (!BN_mul(t2,t1,&mont->Ni,ctx)) goto err;
BN_mask_bits(t2,mont->ri);
if (!BN_mul(t1,t2,&mont->N,ctx)) goto err;
if (!BN_add(t2,a,t1)) goto err;
if (!BN_rshift(ret,t2,mont->ri)) goto err;
#endif /* MONT_WORD */
if (BN_ucmp(ret, &(mont->N)) >= 0)
{
if (!BN_usub(ret,ret,&(mont->N))) goto err;
}
retn=1;
err:
BN_CTX_end(ctx);
return(retn);
}示例15: ecdsa_sign_setup
static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in,
BIGNUM **kinvp, BIGNUM **rp,
const unsigned char *dgst, int dlen)
{
BN_CTX *ctx = NULL;
BIGNUM *k = NULL, *r = NULL, *order = NULL, *X = NULL;
EC_POINT *tmp_point=NULL;
const EC_GROUP *group;
int ret = 0;
if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL)
{
ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (ctx_in == NULL)
{
if ((ctx = BN_CTX_new()) == NULL)
{
ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,ERR_R_MALLOC_FAILURE);
return 0;
}
}
else
ctx = ctx_in;
k = BN_new(); /* this value is later returned in *kinvp */
r = BN_new(); /* this value is later returned in *rp */
order = BN_new();
X = BN_new();
if (!k || !r || !order || !X)
{
ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE);
goto err;
}
if ((tmp_point = EC_POINT_new(group)) == NULL)
{
ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
goto err;
}
if (!EC_GROUP_get_order(group, order, ctx))
{
ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
goto err;
}
do
{
/* get random k */
do
#ifndef OPENSSL_NO_SHA512
if (dgst != NULL)
{
if (!BN_generate_dsa_nonce(k, order, EC_KEY_get0_private_key(eckey),
dgst, dlen, ctx))
{
ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,
ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED);
goto err;
}
}
else
#endif
{
if (!BN_rand_range(k, order))
{
ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,
ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED);
goto err;
}
}
while (BN_is_zero(k));
/* We do not want timing information to leak the length of k,
* so we compute G*k using an equivalent scalar of fixed
* bit-length. */
if (!BN_add(k, k, order)) goto err;
if (BN_num_bits(k) <= BN_num_bits(order))
if (!BN_add(k, k, order)) goto err;
/* compute r the x-coordinate of generator * k */
if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx))
{
ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
goto err;
}
if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field)
{
if (!EC_POINT_get_affine_coordinates_GFp(group,
tmp_point, X, NULL, ctx))
{
ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,ERR_R_EC_LIB);
goto err;
}
}
#ifndef OPENSSL_NO_EC2M
else /* NID_X9_62_characteristic_two_field */
{
//.........这里部分代码省略.........