本文整理汇总了C++中BN_mod_add函数的典型用法代码示例。如果您正苦于以下问题:C++ BN_mod_add函数的具体用法?C++ BN_mod_add怎么用?C++ BN_mod_add使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了BN_mod_add函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: BN_CTX_new
BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v)
{
BIGNUM *kv = NULL, *gb = NULL;
BIGNUM *B = NULL, *k = NULL;
BN_CTX *bn_ctx;
if (b == NULL || N == NULL || g == NULL || v == NULL ||
(bn_ctx = BN_CTX_new()) == NULL)
return NULL;
if ((kv = BN_new()) == NULL ||
(gb = BN_new()) == NULL || (B = BN_new()) == NULL)
goto err;
/* B = g**b + k*v */
if (!BN_mod_exp(gb, g, b, N, bn_ctx)
|| (k = srp_Calc_k(N, g)) == NULL
|| !BN_mod_mul(kv, v, k, N, bn_ctx)
|| !BN_mod_add(B, gb, kv, N, bn_ctx)) {
BN_free(B);
B = NULL;
}
err:
BN_CTX_free(bn_ctx);
BN_clear_free(kv);
BN_clear_free(gb);
BN_free(k);
return B;
}示例2: BN_CTX_new
BIGNUM *ClientSide::Calc_S(BIGNUM *B,BIGNUM *k,BIGNUM *g,BIGNUM *a,BIGNUM *u,BIGNUM *x,BIGNUM *N)
{
//S = (B - kg^x) ^ (a + ux) (computes session key)
BIGNUM *tmp = NULL, *tmp2 = NULL, *tmp3 = NULL, *S = NULL;
BN_CTX *bn_ctx;
if (u == NULL || B == NULL || N == NULL || g == NULL || x == NULL
|| a == NULL || (bn_ctx = BN_CTX_new()) == NULL || k == NULL)
return NULL;
if ((tmp = BN_new()) == NULL ||
(tmp2 = BN_new()) == NULL ||
(tmp3 = BN_new()) == NULL || (S = BN_new()) == NULL)
{
BN_CTX_free(bn_ctx);
BN_clear_free(tmp);
BN_clear_free(tmp2);
BN_clear_free(tmp3);
BN_free(S);
return NULL;
}
if(BN_mod_exp(tmp, g, x, N, bn_ctx))
if(BN_mod_mul(tmp2, tmp, k, N, bn_ctx))
if(BN_mod_sub(tmp, B, tmp2, N, bn_ctx))
if(BN_mod_mul(tmp3, u, x, N, bn_ctx))
if(BN_mod_add(tmp2, a, tmp3, N, bn_ctx))
if(BN_mod_exp(S, tmp, tmp2, N, bn_ctx))
;
BN_CTX_free(bn_ctx);
BN_clear_free(tmp);
BN_clear_free(tmp2);
BN_clear_free(tmp3);
return S;
}示例3: verifystep2
static int verifystep2(const JPakeUser * us, const JPakeUserPublic * them,
const JPakeParameters * params)
{
BIGNUM *t1 = BN_new();
BIGNUM *t2 = BN_new();
int ret = 0;
printf("\n%s verifies %s:\n\n", us->p.name, them->name);
// g' = g^{xc + xa + xb} [from our POV]
// t1 = xa + xb
BN_mod_add(t1, us->xa, us->xb, params->q, params->ctx);
// t2 = g^{t1} = g^{xa+xb}
BN_mod_exp(t2, params->g, t1, params->p, params->ctx);
// t1 = g^{xc} * t2 = g^{xc + xa + xb}
BN_mod_mul(t1, us->p.s1c.gx, t2, params->p, params->ctx);
if (VerifyZKP
(&us->p.s2.zkpxbs, us->p.s2.X, them, t1, params, them->base + 1,
" * s"))
ret = 1;
// cleanup
BN_free(t2);
BN_free(t1);
return ret;
}示例4: Omega_vrfy
int Omega_vrfy(void *inner)
{
assert(inner!=NULL);
OmegaInner *self = (OmegaInner*)inner;
int ret;
BIGNUM *rbn;
/* Derive e0~,e1~ from d0, d1 */
rbn = BN_bin2bn(self->h0, self->bytelen_q, self->v_e0);
assert(rbn!=NULL);
rbn = BN_bin2bn(self->d1, self->bytelen_q, self->v_e1);
assert(rbn!=NULL);
assert(BN_cmp(self->v_e0, self->e0)==0);
assert(BN_cmp(self->v_e1, self->e1)==0);
/* Compute a~=g^z*h^(e0+e1) */
ret = BN_mod_exp(self->gz, self->g, self->z, self->p, self->bnctx);
assert(ret==1);
ret = BN_mod_add(self->e0e1, self->e0, self->e1, self->q, self->bnctx);
assert(ret==1);
ret = BN_mod_exp(self->he0e1, self->h, self->e0e1, self->p, self->bnctx);
assert(ret==1);
ret = BN_mod_mul(self->v_a, self->gz, self->he0e1, self->p, self->bnctx);
assert(ret==1);
assert(BN_cmp(self->v_a, self->a)==0);
/* Convert a~ to a~_bytes */
BN2LenBin(self->v_a, self->v_a_bytes, self->bytelen_p);
{
int i;
for (i=0; i<self->bytelen_p; i++)
assert(self->v_a_bytes[i]==self->a_bytes[i]);
}
/* Compute h0~=H(a~bytes||00) */
self->v_a_bytes[self->bytelen_p] = 0x00;
VHash(self->v_a_bytes, self->bytelen_p+1, self->v_h0, self->bytelen_red);
/* Check h0~==h0 */
int i;
int flag = 0;
for (i=0; i<self->bytelen_red; i++)
flag |= (self->h0[i] != self->v_h0[i]);
assert(flag == 0);
/* Compute h1~=H(a~bytes||01) */
self->v_a_bytes[self->bytelen_p] = 0x01;
VHash(self->v_a_bytes, self->bytelen_p+1, self->v_h1, self->bytelen_rec);
/* Copmute m = h1~ xor d1*/
for (i=0; i<self->bytelen_rec; i++)
self->v_m[i] = self->v_h1[i]^self->d1[i];
return 0;
}示例5: JPAKE_STEP2_process
int JPAKE_STEP2_process(JPAKE_CTX *ctx, const JPAKE_STEP2 *received)
{
BIGNUM *t1 = BN_new();
BIGNUM *t2 = BN_new();
int ret = 0;
/*
* g' = g^{xc + xa + xb} [from our POV]
* t1 = xa + xb
*/
BN_mod_add(t1, ctx->xa, ctx->xb, ctx->p.q, ctx->ctx);
/* t2 = g^{t1} = g^{xa+xb} */
BN_mod_exp(t2, ctx->p.g, t1, ctx->p.p, ctx->ctx);
/* t1 = g^{xc} * t2 = g^{xc + xa + xb} */
BN_mod_mul(t1, ctx->p.gxc, t2, ctx->p.p, ctx->ctx);
if(verify_zkp(received, t1, ctx))
ret = 1;
else
JPAKEerr(JPAKE_F_JPAKE_STEP2_PROCESS, JPAKE_R_VERIFY_B_FAILED);
compute_key(ctx, received->gx);
/* cleanup */
BN_free(t2);
BN_free(t1);
return ret;
}示例6: BN_new
static DSA *extract_dsa_pub_key(CPK_PUBLIC_PARAMS *param, const char *id)
{
int e = 1;
DSA *dsa = NULL;
BIGNUM *bn = BN_new();
BN_CTX *ctx = BN_CTX_new();
const unsigned char *p;
int *index = NULL;
int i, num_indexes, bn_size;
if (!bn || !ctx) {
goto err;
}
if (!(dsa = X509_ALGOR_get1_DSA(param->pkey_algor))) {
goto err;
}
if ((num_indexes = CPK_MAP_num_indexes(param->map_algor)) <= 0) {
goto err;
}
if (!(index = OPENSSL_malloc(sizeof(int) * num_indexes))) {
goto err;
}
if (!CPK_MAP_str2index(param->map_algor, id, index)) {
goto err;
}
if (!dsa->pub_key) {
if (!(dsa->pub_key = BN_new())) {
goto err;
}
}
BN_zero(dsa->pub_key);
bn_size = BN_num_bytes(dsa->p);
for (i = 0; i < num_indexes; i++) {
p = M_ASN1_STRING_data(param->public_factors) + bn_size * index[i];
if (!BN_bin2bn(p, bn_size, bn)) {
goto err;
}
if (BN_is_zero(bn) || BN_cmp(bn, dsa->p) >= 0) {
goto err;
}
if (!BN_mod_add(dsa->pub_key, dsa->pub_key, bn, dsa->p, ctx)) {
goto err;
}
}
e = 0;
err:
if (e && dsa) {
DSA_free(dsa);
dsa = NULL;
}
if (bn) BN_free(bn);
if (ctx) BN_CTX_free(ctx);
if (index) OPENSSL_free(index);
return dsa;
}示例7: BN_bin2bn
// BCPKI
CKey CKey::GetDerivedKey(std::vector<unsigned char> ticket) const
{
BIGNUM *bn = BN_bin2bn(&ticket[0],ticket.size(),BN_new());
BN_CTX *ctx = NULL;
if ((ctx = BN_CTX_new()) == NULL)
throw key_error("CKey::DeriveKey() : BN_CTX_new failed");
CKey key;
if (HasPrivKey())
{ // privkey = privkey + ticket
// snippet from ECDSA_SIG_recover_key_GFp
// TODO check this again
BIGNUM *order = NULL;
if ((order = BN_new()) == NULL)
throw key_error("CKey::DeriveKey() : BN_new failed");
// BN_CTX_start(ctx);
//order = BN_CTX_get(ctx);
if (!EC_GROUP_get_order(EC_KEY_get0_group(pkey), order, ctx))
throw key_error("CKey::DeriveKey() : EC_GROUP_get_order failed");
if (!BN_mod_add(bn, bn, EC_KEY_get0_private_key(pkey), order, ctx))
throw key_error("CKey::DeriveKey() : BN_mod_add failed");
if (!EC_KEY_regenerate_key(key.pkey,bn)) // sets private AND public key
throw key_error("CKey::DeriveKey() : EC_KEY_regenerate_key failed");
// if (!EC_KEY_set_private_key(key.pkey, bn))
// throw key_error("CKey::DeriveKey() : EC_KEY_set_private_key failed");
if (!EC_KEY_check_key(key.pkey))
throw key_error("CKey::DeriveKey() : EC_KEY_check_key failed");
}
else
{ // add to pub key
// begin snippet from EC_KEY_regenerate_key
EC_POINT *pub_key = NULL;
const EC_GROUP *group = EC_KEY_get0_group(pkey);
pub_key = EC_POINT_new(group);
if (pub_key == NULL)
throw key_error("CKey::DeriveKey() : EC_POINT_new failed");
if (!EC_POINT_mul(group, pub_key, bn, NULL, NULL, ctx))
throw key_error("CKey::DeriveKey() : EC_POINT_mul failed");
// end snippet from EC_KEY_regenerate_key
// now pub_key = ticket * basepoint
//const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *);
//int EC_POINT_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
if (!EC_POINT_add(group, pub_key, pub_key, EC_KEY_get0_public_key(pkey), ctx))
throw key_error("CKey::DeriveKey() : EC_POINT_add failed");
//int EC_KEY_set_public_key(EC_KEY *, const EC_POINT *);
if (!EC_KEY_set_public_key(key.pkey, pub_key))
throw key_error("CKey::DeriveKey() : EC_KEY_set_public_key failed");
};
key.fSet = true;
key.SetCompressedPubKey();
return key;
};示例8: DSA_SIG_new
/*
* Computes signature and returns it as DSA_SIG structure
*/
DSA_SIG *gost_do_sign (const unsigned char *dgst, int dlen, DSA * dsa)
{
BIGNUM *k = NULL, *tmp = NULL, *tmp2 = NULL;
DSA_SIG *newsig = DSA_SIG_new ();
BIGNUM *md = hashsum2bn (dgst);
/* check if H(M) mod q is zero */
BN_CTX *ctx = BN_CTX_new ();
BN_CTX_start (ctx);
if (!newsig)
{
GOSTerr (GOST_F_GOST_DO_SIGN, GOST_R_NO_MEMORY);
goto err;
}
tmp = BN_CTX_get (ctx);
k = BN_CTX_get (ctx);
tmp2 = BN_CTX_get (ctx);
BN_mod (tmp, md, dsa->q, ctx);
if (BN_is_zero (tmp))
{
BN_one (md);
}
do
{
do
{
/*Generate random number k less than q */
BN_rand_range (k, dsa->q);
/* generate r = (a^x mod p) mod q */
BN_mod_exp (tmp, dsa->g, k, dsa->p, ctx);
if (!(newsig->r))
newsig->r = BN_new ();
BN_mod (newsig->r, tmp, dsa->q, ctx);
}
while (BN_is_zero (newsig->r));
/* generate s = (xr + k(Hm)) mod q */
BN_mod_mul (tmp, dsa->priv_key, newsig->r, dsa->q, ctx);
BN_mod_mul (tmp2, k, md, dsa->q, ctx);
if (!newsig->s)
newsig->s = BN_new ();
BN_mod_add (newsig->s, tmp, tmp2, dsa->q, ctx);
}
while (BN_is_zero (newsig->s));
err:
BN_free (md);
BN_CTX_end (ctx);
BN_CTX_free (ctx);
return newsig;
}示例9: attacks
/* encrypts (or decrypts) with private key, not sensitive to
timing attacks (blind encryption)
*/
void rsa_encrypt_secure(BIGNUM* m, const BIGNUM* d,
const BIGNUM* e, const BIGNUM* n,
const unsigned char * r_bin, int r_len) {
BN_CTX *ctx;
BIGNUM *tmp = BN_new();
BIGNUM *r = BN_new();
BIGNUM *r_inv = BN_new();
ctx = BN_CTX_new();
BN_bin2bn(r_bin, r_len, r);
BN_mod(r, r, n, ctx); /* r = r % n */
/*
printf(" r input: ");BN_print_fp(stdout, r);
printf(" n: ");BN_print_fp(stdout, n);
printf("\n");
*/
BN_mod(tmp, n, r, ctx);
/*printf("r=");BN_print_fp(stdout, r); printf("; tmp=");BN_print_fp(stdout, tmp);*/
while (BN_is_zero(tmp)) { /* */
BN_mod_add(r, r, BN_value_one(), n, ctx);
BN_mod(tmp, n, r, ctx);
/*printf("r=");BN_print_fp(stdout, r); printf("; tmp=");BN_print_fp(stdout, tmp);*/
}
/*printf("\n");*/
BN_mod_inverse(r_inv, r, n, ctx);
/*
printf(" r = ");BN_print_fp(stdout, r);
printf(" r_inv = ");BN_print_fp(stdout, r_inv);
printf(" n = ");BN_print_fp(stdout, n);
printf("\n");
*/
BN_mod_exp(r, r, e, n, ctx); /* r = r^e % n */
BN_mod_mul(m, m, r, n, ctx); /* m = m * r % n */
rsa_encrypt(m, d, n);
BN_mod_mul(m, m, r_inv, n, ctx);
BN_free(r);
BN_free(r_inv);
BN_free(tmp);
BN_CTX_free(ctx);
}示例10: calculatePolynomialValue
/**
* Helper method to calculate the y-value
* for a given x-value and a polynomial
*
* @param x X-value
* @param polynomial The underlying polynomial
* @param t Threshold (determines the degree of the polynomial)
* @param prime Prime for finite field arithmetic
* @param y Pointer for storage of calculated y-value
*/
static void calculatePolynomialValue(const BIGNUM x, BIGNUM **polynomial, const unsigned char t, const BIGNUM prime, BIGNUM *y) {
BIGNUM **pp;
BIGNUM temp;
BIGNUM exponent;
unsigned long exp;
BN_CTX *ctx;
// Create context for temporary variables of OpenSSL engine
ctx = BN_CTX_new();
BN_CTX_init(ctx);
BN_init(&temp);
BN_init(&exponent);
// Set y to ZERO
BN_zero(y);
/* Initialize the result using the secret value at position 0 of the polynomial */
pp = polynomial;
BN_copy(y, *pp);
pp++;
for (exp = 1; exp < t; exp++) {
BN_copy(&temp, &x);
BN_set_word(&exponent, exp);
// temp = x^exponent mod prime
BN_mod_exp(&temp, &x, &exponent, &prime, ctx);
// exponent = temp * a = a * x^exponent mod prime
BN_mod_mul(&exponent, &temp, *pp, &prime, ctx);
// add the temp value from exponent to y
BN_copy(&temp, y);
BN_mod_add(y, &temp, &exponent, &prime, ctx);
pp++;
}
BN_clear_free(&temp);
BN_clear_free(&exponent);
BN_CTX_free(ctx);
}示例11: BN_CTX_new
BIGNUM * Polynomial::GetFunctionValue(BIGNUM *x)
{
BN_CTX *ctx = BN_CTX_new();
BIGNUM * value = BN_new() ;
BN_copy(value,*(coefficients->begin()));
BIGNUM * tmp = BN_new();
BIGNUM * tmpx = BN_new();
BN_one(tmpx);
vector<BIGNUM *>::iterator iter;
for (iter=coefficients->begin()+1;iter!= coefficients->end();iter++)
{
BN_mod_mul(tmpx,tmpx,x,p,ctx);
BN_mod_mul(tmp,tmpx,*iter,p,ctx);
BN_mod_add(value,tmp,value,p,ctx);
}
BN_free(tmp);
BN_free(tmpx);
BN_CTX_free(ctx);
return value;
} 示例12: eccHashSign
// unsigned char *rgbHashData, 哈希
// unsigned char *rgbKeyDb, 私钥
// unsigned char *rs 签名
void eccHashSign(unsigned char *rgbHashData, unsigned char *rgbKeyDb, unsigned char *rs)
{
int ok = 0;
const EC_GROUP *ec_group;
BIGNUM *priv_key;
const BIGNUM *ck;
BIGNUM *k = NULL;
BN_CTX *ctx = NULL;
BIGNUM *order = NULL;
BIGNUM *e = NULL;
BIGNUM *bn = NULL;
int i;
BIGNUM *r= BN_new(), *s = BN_new();
EC_KEY *ec_key = EC_KEY_new_by_curve_name(NID_sm2p256v1);
ec_group = EC_KEY_get0_group(ec_key);
priv_key = BN_new();
BN_bin2bn(rgbKeyDb, 32, priv_key);
EC_KEY_set_private_key(ec_key, priv_key);
if (!ec_group || !priv_key) {
}
ctx = BN_CTX_new();
order = BN_new();
e = BN_new();
bn = BN_new();
if (!ctx || !order || !e || !bn) {
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
goto err;
}
if (!EC_GROUP_get_order(ec_group, order, ctx)) {
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
goto err;
}
/* convert dgst to e */
i = BN_num_bits(order);
#if 0
if (8 * dgst_len > i) {
dgst_len = (i + 7)/8;
}
#endif
if (!BN_bin2bn(rgbHashData, 32, e)) {
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
goto err;
}
#if 0
if ((8 * dgst_len > i) && !BN_rshift(e, e, 8 - (i & 0x7))) {
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
goto err;
}
#endif
do {
/* use or compute k and (kG).x */
if (!sm2_sign_setup(ec_key, ctx, &k, &r)) {
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN,ERR_R_ECDSA_LIB);
goto err;
}
ck = k;
/* r = e + x (mod n) */
if (!BN_mod_add(r, r, e, order, ctx)) {
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
goto err;
}
if (!BN_mod_add(bn, r, ck, order, ctx)) {
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
goto err;
}
/* check r != 0 && r + k != n */
if (BN_is_zero(r) || BN_is_zero(bn)) {
continue;
}
/* s = ((1 + d)^-1 * (k - rd)) mod n */
if (!BN_one(bn)) {
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
goto err;
}
if (!BN_mod_add(s, priv_key, bn, order, ctx)) {
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
goto err;
}
if (!BN_mod_inverse(s, s, order, ctx)) {
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
goto err;
}
if (!BN_mod_mul(bn, r, priv_key, order, ctx)) {
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
//.........这里部分代码省略.........
示例13: StealthSecretSpend
//.........这里部分代码省略.........
printf("StealthSecretSpend(): bnP BN_bin2bn failed\n");
rv = 1;
goto End;
};
if (!(P = EC_POINT_bn2point(ecgrp, bnP, NULL, bnCtx)))
{
printf("StealthSecretSpend(): P EC_POINT_bn2point failed\n");
rv = 1;
goto End;
};
// -- dP
if (!EC_POINT_mul(ecgrp, P, NULL, P, bnScanSecret, bnCtx))
{
printf("StealthSecretSpend(): dP EC_POINT_mul failed\n");
rv = 1;
goto End;
};
if (!(bnOutP = EC_POINT_point2bn(ecgrp, P, POINT_CONVERSION_COMPRESSED, BN_new(), bnCtx)))
{
printf("StealthSecretSpend(): P EC_POINT_bn2point failed\n");
rv = 1;
goto End;
};
vchOutP.resize(ec_compressed_size);
if (BN_num_bytes(bnOutP) != (int) ec_compressed_size
|| BN_bn2bin(bnOutP, &vchOutP[0]) != (int) ec_compressed_size)
{
printf("StealthSecretSpend(): bnOutP incorrect length.\n");
rv = 1;
goto End;
};
uint8_t hash1[32];
SHA256(&vchOutP[0], vchOutP.size(), (uint8_t*)hash1);
if (!(bnc = BN_bin2bn(&hash1[0], 32, BN_new())))
{
printf("StealthSecretSpend(): BN_bin2bn failed\n");
rv = 1;
goto End;
};
if (!(bnOrder = BN_new())
|| !EC_GROUP_get_order(ecgrp, bnOrder, bnCtx))
{
printf("StealthSecretSpend(): EC_GROUP_get_order failed\n");
rv = 1;
goto End;
};
if (!(bnSpend = BN_bin2bn(&spendSecret.e[0], ec_secret_size, BN_new())))
{
printf("StealthSecretSpend(): bnSpend BN_bin2bn failed.\n");
rv = 1;
goto End;
};
//if (!BN_add(r, a, b)) return 0;
//return BN_nnmod(r, r, m, ctx);
if (!BN_mod_add(bnSpend, bnSpend, bnc, bnOrder, bnCtx))
{
printf("StealthSecretSpend(): bnSpend BN_mod_add failed.\n");
rv = 1;
goto End;
};
if (BN_is_zero(bnSpend)) // possible?
{
printf("StealthSecretSpend(): bnSpend is zero.\n");
rv = 1;
goto End;
};
if (BN_num_bytes(bnSpend) != (int) ec_secret_size
|| BN_bn2bin(bnSpend, &secretOut.e[0]) != (int) ec_secret_size)
{
printf("StealthSecretSpend(): bnSpend incorrect length.\n");
rv = 1;
goto End;
};
End:
if (bnSpend) BN_free(bnSpend);
if (bnOrder) BN_free(bnOrder);
if (bnc) BN_free(bnc);
if (bnOutP) BN_free(bnOutP);
if (P) EC_POINT_free(P);
if (bnP) BN_free(bnP);
if (bnScanSecret) BN_free(bnScanSecret);
if (bnCtx) BN_CTX_free(bnCtx);
EC_GROUP_free(ecgrp);
return rv;
};示例14: StealthSharedToSecretSpend
int StealthSharedToSecretSpend(ec_secret& sharedS, ec_secret& spendSecret, ec_secret& secretOut)
{
int rv = 0;
std::vector<uint8_t> vchOutP;
BN_CTX* bnCtx = NULL;
BIGNUM* bnc = NULL;
BIGNUM* bnOrder = NULL;
BIGNUM* bnSpend = NULL;
EC_GROUP* ecgrp = EC_GROUP_new_by_curve_name(NID_secp256k1);
if (!ecgrp)
{
printf("StealthSecretSpend(): EC_GROUP_new_by_curve_name failed.\n");
return 1;
};
if (!(bnCtx = BN_CTX_new()))
{
printf("StealthSecretSpend(): BN_CTX_new failed.\n");
rv = 1;
goto End;
};
if (!(bnc = BN_bin2bn(&sharedS.e[0], ec_secret_size, BN_new())))
{
printf("StealthSecretSpend(): BN_bin2bn failed\n");
rv = 1;
goto End;
};
if (!(bnOrder = BN_new())
|| !EC_GROUP_get_order(ecgrp, bnOrder, bnCtx))
{
printf("StealthSecretSpend(): EC_GROUP_get_order failed\n");
rv = 1;
goto End;
};
if (!(bnSpend = BN_bin2bn(&spendSecret.e[0], ec_secret_size, BN_new())))
{
printf("StealthSecretSpend(): bnSpend BN_bin2bn failed.\n");
rv = 1;
goto End;
};
//if (!BN_add(r, a, b)) return 0;
//return BN_nnmod(r, r, m, ctx);
if (!BN_mod_add(bnSpend, bnSpend, bnc, bnOrder, bnCtx))
{
printf("StealthSecretSpend(): bnSpend BN_mod_add failed.\n");
rv = 1;
goto End;
};
if (BN_is_zero(bnSpend)) // possible?
{
printf("StealthSecretSpend(): bnSpend is zero.\n");
rv = 1;
goto End;
};
if (BN_num_bytes(bnSpend) != (int) ec_secret_size
|| BN_bn2bin(bnSpend, &secretOut.e[0]) != (int) ec_secret_size)
{
printf("StealthSecretSpend(): bnSpend incorrect length.\n");
rv = 1;
goto End;
};
End:
if (bnSpend) BN_free(bnSpend);
if (bnOrder) BN_free(bnOrder);
if (bnc) BN_free(bnc);
if (bnCtx) BN_CTX_free(bnCtx);
EC_GROUP_free(ecgrp);
return rv;
};示例15: ProductEvidence_New
ProductEvidence ProductEvidence_New(ProductStatement st,
const BIGNUM *a, const BIGNUM *r_a, const BIGNUM *r_b, const BIGNUM *r_c)
{
ProductEvidence ev = safe_malloc(sizeof(*ev));
const BIGNUM* g = IntegerGroup_GetG(st->group);
const BIGNUM* h = IntegerGroup_GetH(st->group);
const BIGNUM* q = IntegerGroup_GetQ(st->group);
BN_CTX* ctx = IntegerGroup_GetCtx(st->group);
// A = g^a h^{r_a}
// B = g^b h^{r_b}
// C = g^{ab} h^{r_c}
// r_prod = r_c - a*r_b
BIGNUM* r_prod;
CHECK_CALL(r_prod = BN_dup(a));
CHECK_CALL(BN_mod_mul(r_prod, r_prod, r_b, q, ctx));
CHECK_CALL(BN_mod_sub(r_prod, r_c, r_prod, q, ctx));
// == Commitment ==
// x, s1, s2 in [0, q)
BIGNUM *x = IntegerGroup_RandomExponent(st->group);
BIGNUM *s1 = IntegerGroup_RandomExponent(st->group);
BIGNUM *s2 = IntegerGroup_RandomExponent(st->group);
CHECK_CALL(x);
CHECK_CALL(s1);
CHECK_CALL(s2);
// m1 = g^x h^s1
BIGNUM* m1 = IntegerGroup_CascadeExponentiate(st->group, g, x, h, s1);
CHECK_CALL(m1);
// m2 = B^x h^s2
BIGNUM* m2 = IntegerGroup_CascadeExponentiate(st->group, st->commit_b, x, h, s2);
CHECK_CALL(m2);
// == Challenge ==
// c = H(g, h, q, p, A, B, C, m1, m2)
ev->c = Commit(st, m1, m2);
// == Response ==
// z = x + ca mod q
ev->z = BN_dup(ev->c);
CHECK_CALL(ev->z);
CHECK_CALL(BN_mod_mul(ev->z, ev->z, a, q, ctx));
CHECK_CALL(BN_mod_add(ev->z, ev->z, x, q, ctx));
// w1 = s1 + (c r_a) mod q
ev->w1 = BN_dup(r_a);
CHECK_CALL(ev->w1);
CHECK_CALL(BN_mod_mul(ev->w1, ev->w1, ev->c, q, ctx));
CHECK_CALL(BN_mod_add(ev->w1, ev->w1, s1, q, ctx));
// w2 = s2 + (c r_prod) mod q
ev->w2 = BN_dup(r_prod);
CHECK_CALL(ev->w2);
CHECK_CALL(BN_mod_mul(ev->w2, ev->w2, ev->c, q, ctx));
CHECK_CALL(BN_mod_add(ev->w2, ev->w2, s2, q, ctx));
// proof is (c, z, w1, w2)
BN_free(m1);
BN_free(m2);
BN_clear_free(x);
BN_clear_free(s1);
BN_clear_free(s2);
BN_clear_free(r_prod);
return ev;
}