本文整理汇总了C++中EC_GROUP_get_curve_GFp函数的典型用法代码示例。如果您正苦于以下问题:C++ EC_GROUP_get_curve_GFp函数的具体用法?C++ EC_GROUP_get_curve_GFp怎么用?C++ EC_GROUP_get_curve_GFp使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了EC_GROUP_get_curve_GFp函数的13个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: openssl_ec_group_parse
static int openssl_ec_group_parse(lua_State*L)
{
const EC_GROUP* group = CHECK_OBJECT(1, EC_GROUP, "openssl.ec_group");
const EC_POINT *generator = EC_GROUP_get0_generator(group);
BN_CTX* ctx = BN_CTX_new();
BIGNUM *a, *b, *p, *order, *cofactor;
lua_newtable(L);
if (generator)
{
generator = EC_POINT_dup(generator, group);
AUXILIAR_SETOBJECT(L, generator, "openssl.ec_point", -1, "generator");
}
order = BN_new();
EC_GROUP_get_order(group, order, ctx);
AUXILIAR_SETOBJECT(L, order, "openssl.bn", -1, "order");
cofactor = BN_new();
EC_GROUP_get_cofactor(group, cofactor, ctx);
AUXILIAR_SETOBJECT(L, cofactor, "openssl.bn", -1, "cofactor");
AUXILIAR_SET(L, -1, "asn1_flag", EC_GROUP_get_asn1_flag(group), integer);
AUXILIAR_SET(L, -1, "degree", EC_GROUP_get_degree(group), integer);
AUXILIAR_SET(L, -1, "curve_name", EC_GROUP_get_curve_name(group), integer);
AUXILIAR_SET(L, -1, "conversion_form", EC_GROUP_get_point_conversion_form(group), integer);
AUXILIAR_SETLSTR(L, -1, "seed", EC_GROUP_get0_seed(group), EC_GROUP_get_seed_len(group));
a = BN_new();
b = BN_new();
p = BN_new();
EC_GROUP_get_curve_GFp(group, p, a, b, ctx);
lua_newtable(L);
{
AUXILIAR_SETOBJECT(L, p, "openssl.bn", -1, "p");
AUXILIAR_SETOBJECT(L, a, "openssl.bn", -1, "a");
AUXILIAR_SETOBJECT(L, b, "openssl.bn", -1, "b");
}
lua_setfield(L, -2, "curve");
BN_CTX_free(ctx);
return 1;
}
示例2: ECDSA_SIG_recover_key_GFp
// Perform ECDSA key recovery (see SEC1 4.1.6) for curves over (mod p)-fields
// recid selects which key is recovered
// if check is nonzero, additional checks are performed
int ECDSA_SIG_recover_key_GFp(EC_KEY *eckey, ECDSA_SIG *ecsig, const unsigned char *msg, int msglen, int recid, int check)
{
if (!eckey) return 0;
int ret = 0;
BN_CTX *ctx = NULL;
BIGNUM *x = NULL;
BIGNUM *e = NULL;
BIGNUM *order = NULL;
BIGNUM *sor = NULL;
BIGNUM *eor = NULL;
BIGNUM *field = NULL;
EC_POINT *R = NULL;
EC_POINT *O = NULL;
EC_POINT *Q = NULL;
BIGNUM *rr = NULL;
BIGNUM *zero = NULL;
int n = 0;
int i = recid / 2;
const EC_GROUP *group = EC_KEY_get0_group(eckey);
if ((ctx = BN_CTX_new()) == NULL) { ret = -1; goto err; }
BN_CTX_start(ctx);
order = BN_CTX_get(ctx);
if (!EC_GROUP_get_order(group, order, ctx)) { ret = -2; goto err; }
x = BN_CTX_get(ctx);
if (!BN_copy(x, order)) { ret=-1; goto err; }
if (!BN_mul_word(x, i)) { ret=-1; goto err; }
if (!BN_add(x, x, ecsig->r)) { ret=-1; goto err; }
field = BN_CTX_get(ctx);
if (!EC_GROUP_get_curve_GFp(group, field, NULL, NULL, ctx)) { ret=-2; goto err; }
if (BN_cmp(x, field) >= 0) { ret=0; goto err; }
if ((R = EC_POINT_new(group)) == NULL) { ret = -2; goto err; }
if (!EC_POINT_set_compressed_coordinates_GFp(group, R, x, recid % 2, ctx)) { ret=0; goto err; }
if (check)
{
if ((O = EC_POINT_new(group)) == NULL) { ret = -2; goto err; }
if (!EC_POINT_mul(group, O, NULL, R, order, ctx)) { ret=-2; goto err; }
if (!EC_POINT_is_at_infinity(group, O)) { ret = 0; goto err; }
}
if ((Q = EC_POINT_new(group)) == NULL) { ret = -2; goto err; }
n = EC_GROUP_get_degree(group);
e = BN_CTX_get(ctx);
if (!BN_bin2bn(msg, msglen, e)) { ret=-1; goto err; }
if (8*msglen > n) BN_rshift(e, e, 8-(n & 7));
zero = BN_CTX_get(ctx);
if (!BN_zero(zero)) { ret=-1; goto err; }
if (!BN_mod_sub(e, zero, e, order, ctx)) { ret=-1; goto err; }
rr = BN_CTX_get(ctx);
if (!BN_mod_inverse(rr, ecsig->r, order, ctx)) { ret=-1; goto err; }
sor = BN_CTX_get(ctx);
if (!BN_mod_mul(sor, ecsig->s, rr, order, ctx)) { ret=-1; goto err; }
eor = BN_CTX_get(ctx);
if (!BN_mod_mul(eor, e, rr, order, ctx)) { ret=-1; goto err; }
if (!EC_POINT_mul(group, Q, eor, R, sor, ctx)) { ret=-2; goto err; }
if (!EC_KEY_set_public_key(eckey, Q)) { ret=-2; goto err; }
ret = 1;
err:
if (ctx) {
BN_CTX_end(ctx);
BN_CTX_free(ctx);
}
if (R != NULL) EC_POINT_free(R);
if (O != NULL) EC_POINT_free(O);
if (Q != NULL) EC_POINT_free(Q);
return ret;
}
示例3: compute_password_element
int
compute_password_element (pwd_session_t *sess, uint16_t grp_num,
char *password, int password_len,
char *id_server, int id_server_len,
char *id_peer, int id_peer_len,
uint32_t *token)
{
BIGNUM *x_candidate = NULL, *rnd = NULL, *cofactor = NULL;
HMAC_CTX ctx;
uint8_t pwe_digest[SHA256_DIGEST_LENGTH], *prfbuf = NULL, ctr;
int nid, is_odd, primebitlen, primebytelen, ret = 0;
switch (grp_num) { /* from IANA registry for IKE D-H groups */
case 19:
nid = NID_X9_62_prime256v1;
break;
case 20:
nid = NID_secp384r1;
break;
case 21:
nid = NID_secp521r1;
break;
case 25:
nid = NID_X9_62_prime192v1;
break;
case 26:
nid = NID_secp224r1;
break;
default:
DEBUG("unknown group %d", grp_num);
goto fail;
}
sess->pwe = NULL;
sess->order = NULL;
sess->prime = NULL;
if ((sess->group = EC_GROUP_new_by_curve_name(nid)) == NULL) {
DEBUG("unable to create EC_GROUP");
goto fail;
}
if (((rnd = BN_new()) == NULL) ||
((cofactor = BN_new()) == NULL) ||
((sess->pwe = EC_POINT_new(sess->group)) == NULL) ||
((sess->order = BN_new()) == NULL) ||
((sess->prime = BN_new()) == NULL) ||
((x_candidate = BN_new()) == NULL)) {
DEBUG("unable to create bignums");
goto fail;
}
if (!EC_GROUP_get_curve_GFp(sess->group, sess->prime, NULL, NULL, NULL))
{
DEBUG("unable to get prime for GFp curve");
goto fail;
}
if (!EC_GROUP_get_order(sess->group, sess->order, NULL)) {
DEBUG("unable to get order for curve");
goto fail;
}
if (!EC_GROUP_get_cofactor(sess->group, cofactor, NULL)) {
DEBUG("unable to get cofactor for curve");
goto fail;
}
primebitlen = BN_num_bits(sess->prime);
primebytelen = BN_num_bytes(sess->prime);
if ((prfbuf = talloc_zero_array(sess, uint8_t, primebytelen)) == NULL) {
DEBUG("unable to alloc space for prf buffer");
goto fail;
}
ctr = 0;
while (1) {
if (ctr > 10) {
DEBUG("unable to find random point on curve for group %d, something's fishy", grp_num);
goto fail;
}
ctr++;
/*
* compute counter-mode password value and stretch to prime
* pwd-seed = H(token | peer-id | server-id | password |
* counter)
*/
H_Init(&ctx);
H_Update(&ctx, (uint8_t *)token, sizeof(*token));
H_Update(&ctx, (uint8_t *)id_peer, id_peer_len);
H_Update(&ctx, (uint8_t *)id_server, id_server_len);
H_Update(&ctx, (uint8_t *)password, password_len);
H_Update(&ctx, (uint8_t *)&ctr, sizeof(ctr));
H_Final(&ctx, pwe_digest);
BN_bin2bn(pwe_digest, SHA256_DIGEST_LENGTH, rnd);
eap_pwd_kdf(pwe_digest, SHA256_DIGEST_LENGTH,
"EAP-pwd Hunting And Pecking",
strlen("EAP-pwd Hunting And Pecking"),
prfbuf, primebitlen);
BN_bin2bn(prfbuf, primebytelen, x_candidate);
/*
//.........这里部分代码省略.........
示例4: ecparam_main
//.........这里部分代码省略.........
}
if (text) {
if (!ECPKParameters_print(out, group, 0))
goto end;
}
if (check) {
if (group == NULL)
BIO_printf(bio_err, "no elliptic curve parameters\n");
BIO_printf(bio_err, "checking elliptic curve parameters: ");
if (!EC_GROUP_check(group, NULL)) {
BIO_printf(bio_err, "failed\n");
ERR_print_errors(bio_err);
} else
BIO_printf(bio_err, "ok\n");
}
if (C) {
size_t buf_len = 0, tmp_len = 0;
const EC_POINT *point;
int is_prime, len = 0;
const EC_METHOD *meth = EC_GROUP_method_of(group);
if ((ec_p = BN_new()) == NULL || (ec_a = BN_new()) == NULL ||
(ec_b = BN_new()) == NULL || (ec_gen = BN_new()) == NULL ||
(ec_order = BN_new()) == NULL ||
(ec_cofactor = BN_new()) == NULL) {
perror("malloc");
goto end;
}
is_prime = (EC_METHOD_get_field_type(meth) ==
NID_X9_62_prime_field);
if (is_prime) {
if (!EC_GROUP_get_curve_GFp(group, ec_p, ec_a,
ec_b, NULL))
goto end;
} else {
/* TODO */
goto end;
}
if ((point = EC_GROUP_get0_generator(group)) == NULL)
goto end;
if (!EC_POINT_point2bn(group, point,
EC_GROUP_get_point_conversion_form(group), ec_gen,
NULL))
goto end;
if (!EC_GROUP_get_order(group, ec_order, NULL))
goto end;
if (!EC_GROUP_get_cofactor(group, ec_cofactor, NULL))
goto end;
if (!ec_p || !ec_a || !ec_b || !ec_gen ||
!ec_order || !ec_cofactor)
goto end;
len = BN_num_bits(ec_order);
if ((tmp_len = (size_t) BN_num_bytes(ec_p)) > buf_len)
buf_len = tmp_len;
if ((tmp_len = (size_t) BN_num_bytes(ec_a)) > buf_len)
buf_len = tmp_len;
if ((tmp_len = (size_t) BN_num_bytes(ec_b)) > buf_len)
buf_len = tmp_len;
if ((tmp_len = (size_t) BN_num_bytes(ec_gen)) > buf_len)
buf_len = tmp_len;
示例5: ECPKParameters_print
int
ECPKParameters_print(BIO * bp, const EC_GROUP * x, int off)
{
unsigned char *buffer = NULL;
size_t buf_len = 0, i;
int ret = 0, reason = ERR_R_BIO_LIB;
BN_CTX *ctx = NULL;
const EC_POINT *point = NULL;
BIGNUM *p = NULL, *a = NULL, *b = NULL, *gen = NULL, *order = NULL,
*cofactor = NULL;
const unsigned char *seed;
size_t seed_len = 0;
const char *nname;
static const char *gen_compressed = "Generator (compressed):";
static const char *gen_uncompressed = "Generator (uncompressed):";
static const char *gen_hybrid = "Generator (hybrid):";
if (!x) {
reason = ERR_R_PASSED_NULL_PARAMETER;
goto err;
}
ctx = BN_CTX_new();
if (ctx == NULL) {
reason = ERR_R_MALLOC_FAILURE;
goto err;
}
if (EC_GROUP_get_asn1_flag(x)) {
/* the curve parameter are given by an asn1 OID */
int nid;
if (!BIO_indent(bp, off, 128))
goto err;
nid = EC_GROUP_get_curve_name(x);
if (nid == 0)
goto err;
if (BIO_printf(bp, "ASN1 OID: %s", OBJ_nid2sn(nid)) <= 0)
goto err;
if (BIO_printf(bp, "\n") <= 0)
goto err;
nname = EC_curve_nid2nist(nid);
if (nname) {
if (!BIO_indent(bp, off, 128))
goto err;
if (BIO_printf(bp, "NIST CURVE: %s\n", nname) <= 0)
goto err;
}
} else {
/* explicit parameters */
int is_char_two = 0;
point_conversion_form_t form;
int tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(x));
if (tmp_nid == NID_X9_62_characteristic_two_field)
is_char_two = 1;
if ((p = BN_new()) == NULL || (a = BN_new()) == NULL ||
(b = BN_new()) == NULL || (order = BN_new()) == NULL ||
(cofactor = BN_new()) == NULL) {
reason = ERR_R_MALLOC_FAILURE;
goto err;
}
#ifndef OPENSSL_NO_EC2M
if (is_char_two) {
if (!EC_GROUP_get_curve_GF2m(x, p, a, b, ctx)) {
reason = ERR_R_EC_LIB;
goto err;
}
} else /* prime field */
#endif
{
if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx)) {
reason = ERR_R_EC_LIB;
goto err;
}
}
if ((point = EC_GROUP_get0_generator(x)) == NULL) {
reason = ERR_R_EC_LIB;
goto err;
}
if (!EC_GROUP_get_order(x, order, NULL) ||
!EC_GROUP_get_cofactor(x, cofactor, NULL)) {
reason = ERR_R_EC_LIB;
goto err;
}
form = EC_GROUP_get_point_conversion_form(x);
if ((gen = EC_POINT_point2bn(x, point,
form, NULL, ctx)) == NULL) {
reason = ERR_R_EC_LIB;
goto err;
}
buf_len = (size_t) BN_num_bytes(p);
if (buf_len < (i = (size_t) BN_num_bytes(a)))
buf_len = i;
if (buf_len < (i = (size_t) BN_num_bytes(b)))
//.........这里部分代码省略.........
示例6: BFIBE_setup
int BFIBE_setup(const EC_GROUP *group, const EVP_MD *md,
BFPublicParameters **pmpk, BFMasterSecret **pmsk)
{
int ret = 0;
BFPublicParameters *mpk = NULL;
BFMasterSecret *msk = NULL;
BN_CTX *bn_ctx = NULL;
EC_POINT *point = NULL;
BIGNUM *a;
BIGNUM *b;
if (!group || !pmpk || !pmsk) {
BFIBEerr(BFIBE_F_BFIBE_SETUP, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (!(bn_ctx = BN_CTX_new())) {
BFIBEerr(BFIBE_F_BFIBE_SETUP, ERR_R_MALLOC_FAILURE);
goto end;
}
BN_CTX_start(bn_ctx);
a = BN_CTX_get(bn_ctx);
b = BN_CTX_get(bn_ctx);
if (!b) {
BFIBEerr(BFIBE_F_BFIBE_SETUP, ERR_R_MALLOC_FAILURE);
goto end;
}
mpk = BFPublicParameters_new();
msk = BFMasterSecret_new();
point = EC_POINT_new(group);
if (!mpk || !msk || !point) {
BFIBEerr(BFIBE_F_BFIBE_SETUP, ERR_R_MALLOC_FAILURE);
goto end;
}
/*
* set mpk->version
* set mpk->curve
*/
mpk->version = BFIBE_VERSION;
OPENSSL_assert(mpk->curve);
ASN1_OBJECT_free(mpk->curve);
if (!(mpk->curve = OBJ_nid2obj(NID_type1curve))) {
BFIBEerr(BFIBE_F_BFIBE_SETUP, BFIBE_R_NOT_NAMED_CURVE);
goto end;
}
/* mpk->p = group->p */
if (!EC_GROUP_get_curve_GFp(group, mpk->p, a, b, bn_ctx)) {
BFIBEerr(BFIBE_F_BFIBE_SETUP, ERR_R_EC_LIB);
goto end;
}
if (!BN_is_zero(a) || !BN_is_one(b)) {
BFIBEerr(BFIBE_F_BFIBE_SETUP, BFIBE_R_INVALID_TYPE1CURVE);
goto end;
}
/* mpk->q = group->order */
if (!EC_GROUP_get_order(group, mpk->q, bn_ctx)) {
BFIBEerr(BFIBE_F_BFIBE_SETUP, BFIBE_R_INVALID_TYPE1CURVE);
goto end;
}
/* mpk->pointP = group->generator */
if (!EC_POINT_get_affine_coordinates_GFp(group, EC_GROUP_get0_generator(group),
mpk->pointP->x, mpk->pointP->y, bn_ctx)) {
BFIBEerr(BFIBE_F_BFIBE_SETUP, ERR_R_EC_LIB);
goto end;
}
/* set mpk->hashfcn from F_p^2 element bits */
OPENSSL_assert(mpk->hashfcn);
ASN1_OBJECT_free(mpk->hashfcn);
if (!(mpk->hashfcn = OBJ_nid2obj(EVP_MD_type(md)))) {
BFIBEerr(BFIBE_F_BFIBE_SETUP, BFIBE_R_PARSE_PAIRING);
goto end;
}
/*
* set msk->version
* random msk->masterSecret in [2, q - 1]
*/
msk->version = BFIBE_VERSION;
do {
if (!BN_rand_range(msk->masterSecret, mpk->q)) {
BFIBEerr(BFIBE_F_BFIBE_SETUP, ERR_R_BN_LIB);
goto end;
}
} while (BN_is_zero(msk->masterSecret) || BN_is_one(msk->masterSecret));
/* mpk->pointPpub = msk->masterSecret * mpk->pointP */
if (!EC_POINT_mul(group, point, msk->masterSecret, NULL, NULL, bn_ctx)) {
//.........这里部分代码省略.........
示例7: compute_password_element
/*
* compute a "random" secret point on an elliptic curve based
* on the password and identities.
*/
int compute_password_element(EAP_PWD_group *grp, u16 num,
u8 *password, int password_len,
u8 *id_server, int id_server_len,
u8 *id_peer, int id_peer_len, u8 *token)
{
BIGNUM *x_candidate = NULL, *rnd = NULL, *cofactor = NULL;
struct crypto_hash *hash;
unsigned char pwe_digest[SHA256_MAC_LEN], *prfbuf = NULL, ctr;
int nid, is_odd, ret = 0;
size_t primebytelen, primebitlen;
switch (num) { /* from IANA registry for IKE D-H groups */
case 19:
nid = NID_X9_62_prime256v1;
break;
case 20:
nid = NID_secp384r1;
break;
case 21:
nid = NID_secp521r1;
break;
case 25:
nid = NID_X9_62_prime192v1;
break;
case 26:
nid = NID_secp224r1;
break;
default:
wpa_printf(MSG_INFO, "EAP-pwd: unsupported group %d", num);
return -1;
}
grp->pwe = NULL;
grp->order = NULL;
grp->prime = NULL;
if ((grp->group = EC_GROUP_new_by_curve_name(nid)) == NULL) {
wpa_printf(MSG_INFO, "EAP-pwd: unable to create EC_GROUP");
goto fail;
}
if (((rnd = BN_new()) == NULL) ||
((cofactor = BN_new()) == NULL) ||
((grp->pwe = EC_POINT_new(grp->group)) == NULL) ||
((grp->order = BN_new()) == NULL) ||
((grp->prime = BN_new()) == NULL) ||
((x_candidate = BN_new()) == NULL)) {
wpa_printf(MSG_INFO, "EAP-pwd: unable to create bignums");
goto fail;
}
if (!EC_GROUP_get_curve_GFp(grp->group, grp->prime, NULL, NULL, NULL))
{
wpa_printf(MSG_INFO, "EAP-pwd: unable to get prime for GFp "
"curve");
goto fail;
}
if (!EC_GROUP_get_order(grp->group, grp->order, NULL)) {
wpa_printf(MSG_INFO, "EAP-pwd: unable to get order for curve");
goto fail;
}
if (!EC_GROUP_get_cofactor(grp->group, cofactor, NULL)) {
wpa_printf(MSG_INFO, "EAP-pwd: unable to get cofactor for "
"curve");
goto fail;
}
primebitlen = BN_num_bits(grp->prime);
primebytelen = BN_num_bytes(grp->prime);
if ((prfbuf = os_malloc(primebytelen)) == NULL) {
wpa_printf(MSG_INFO, "EAP-pwd: unable to malloc space for prf "
"buffer");
goto fail;
}
os_memset(prfbuf, 0, primebytelen);
ctr = 0;
while (1) {
if (ctr > 30) {
wpa_printf(MSG_INFO, "EAP-pwd: unable to find random "
"point on curve for group %d, something's "
"fishy", num);
goto fail;
}
ctr++;
/*
* compute counter-mode password value and stretch to prime
* pwd-seed = H(token | peer-id | server-id | password |
* counter)
*/
hash = eap_pwd_h_init();
if (hash == NULL)
goto fail;
eap_pwd_h_update(hash, token, sizeof(u32));
eap_pwd_h_update(hash, id_peer, id_peer_len);
eap_pwd_h_update(hash, id_server, id_server_len);
eap_pwd_h_update(hash, password, password_len);
//.........这里部分代码省略.........
示例8: ecparam_main
//.........这里部分代码省略.........
if (group == NULL)
BIO_printf(bio_err, "no elliptic curve parameters\n");
BIO_printf(bio_err, "checking elliptic curve parameters: ");
if (!EC_GROUP_check(group, NULL)) {
BIO_printf(bio_err, "failed\n");
ERR_print_errors(bio_err);
} else
BIO_printf(bio_err, "ok\n");
}
if (C) {
size_t buf_len = 0, tmp_len = 0;
const EC_POINT *point;
int is_prime, len = 0;
const EC_METHOD *meth = EC_GROUP_method_of(group);
if ((ec_p = BN_new()) == NULL
|| (ec_a = BN_new()) == NULL
|| (ec_b = BN_new()) == NULL
|| (ec_gen = BN_new()) == NULL
|| (ec_order = BN_new()) == NULL
|| (ec_cofactor = BN_new()) == NULL) {
perror("Can't allocate BN");
goto end;
}
is_prime = (EC_METHOD_get_field_type(meth) == NID_X9_62_prime_field);
if (!is_prime) {
BIO_printf(bio_err, "Can only handle X9.62 prime fields\n");
goto end;
}
if (!EC_GROUP_get_curve_GFp(group, ec_p, ec_a, ec_b, NULL))
goto end;
if ((point = EC_GROUP_get0_generator(group)) == NULL)
goto end;
if (!EC_POINT_point2bn(group, point,
EC_GROUP_get_point_conversion_form(group),
ec_gen, NULL))
goto end;
if (!EC_GROUP_get_order(group, ec_order, NULL))
goto end;
if (!EC_GROUP_get_cofactor(group, ec_cofactor, NULL))
goto end;
if (!ec_p || !ec_a || !ec_b || !ec_gen || !ec_order || !ec_cofactor)
goto end;
len = BN_num_bits(ec_order);
if ((tmp_len = (size_t)BN_num_bytes(ec_p)) > buf_len)
buf_len = tmp_len;
if ((tmp_len = (size_t)BN_num_bytes(ec_a)) > buf_len)
buf_len = tmp_len;
if ((tmp_len = (size_t)BN_num_bytes(ec_b)) > buf_len)
buf_len = tmp_len;
if ((tmp_len = (size_t)BN_num_bytes(ec_gen)) > buf_len)
buf_len = tmp_len;
if ((tmp_len = (size_t)BN_num_bytes(ec_order)) > buf_len)
buf_len = tmp_len;
if ((tmp_len = (size_t)BN_num_bytes(ec_cofactor)) > buf_len)
buf_len = tmp_len;
buffer = app_malloc(buf_len, "BN buffer");
示例9: prime_field_tests
void prime_field_tests()
{
BN_CTX *ctx = NULL;
BIGNUM *p, *a, *b;
EC_GROUP *group;
EC_GROUP *P_160 = NULL, *P_192 = NULL, *P_224 = NULL, *P_256 = NULL, *P_384 = NULL, *P_521 = NULL;
EC_POINT *P, *Q, *R;
BIGNUM *x, *y, *z;
unsigned char buf[100];
size_t i, len;
int k;
#if 1 /* optional */
ctx = BN_CTX_new();
if (!ctx) ABORT;
#endif
p = BN_new();
a = BN_new();
b = BN_new();
if (!p || !a || !b) ABORT;
if (!BN_hex2bn(&p, "17")) ABORT;
if (!BN_hex2bn(&a, "1")) ABORT;
if (!BN_hex2bn(&b, "1")) ABORT;
group = EC_GROUP_new(EC_GFp_mont_method()); /* applications should use EC_GROUP_new_curve_GFp
* so that the library gets to choose the EC_METHOD */
if (!group) ABORT;
if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
{
EC_GROUP *tmp;
tmp = EC_GROUP_new(EC_GROUP_method_of(group));
if (!tmp) ABORT;
if (!EC_GROUP_copy(tmp, group)) ABORT;
EC_GROUP_free(group);
group = tmp;
}
if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) ABORT;
fprintf(stdout, "Curve defined by Weierstrass equation\n y^2 = x^3 + a*x + b (mod 0x");
BN_print_fp(stdout, p);
fprintf(stdout, ")\n a = 0x");
BN_print_fp(stdout, a);
fprintf(stdout, "\n b = 0x");
BN_print_fp(stdout, b);
fprintf(stdout, "\n");
P = EC_POINT_new(group);
Q = EC_POINT_new(group);
R = EC_POINT_new(group);
if (!P || !Q || !R) ABORT;
if (!EC_POINT_set_to_infinity(group, P)) ABORT;
if (!EC_POINT_is_at_infinity(group, P)) ABORT;
buf[0] = 0;
if (!EC_POINT_oct2point(group, Q, buf, 1, ctx)) ABORT;
if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT;
if (!EC_POINT_is_at_infinity(group, P)) ABORT;
x = BN_new();
y = BN_new();
z = BN_new();
if (!x || !y || !z) ABORT;
if (!BN_hex2bn(&x, "D")) ABORT;
if (!EC_POINT_set_compressed_coordinates_GFp(group, Q, x, 1, ctx)) ABORT;
if (!EC_POINT_is_on_curve(group, Q, ctx))
{
if (!EC_POINT_get_affine_coordinates_GFp(group, Q, x, y, ctx)) ABORT;
fprintf(stderr, "Point is not on curve: x = 0x");
BN_print_fp(stderr, x);
fprintf(stderr, ", y = 0x");
BN_print_fp(stderr, y);
fprintf(stderr, "\n");
ABORT;
}
fprintf(stdout, "A cyclic subgroup:\n");
k = 100;
do
{
if (k-- == 0) ABORT;
if (EC_POINT_is_at_infinity(group, P))
fprintf(stdout, " point at infinity\n");
else
{
if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
fprintf(stdout, " x = 0x");
BN_print_fp(stdout, x);
fprintf(stdout, ", y = 0x");
BN_print_fp(stdout, y);
fprintf(stdout, "\n");
//.........这里部分代码省略.........
示例10: ecdh_im_compute_key
int
ecdh_im_compute_key(PACE_CTX * ctx, const BUF_MEM * s, const BUF_MEM * in,
BN_CTX *bn_ctx)
{
int ret = 0;
BUF_MEM * x_mem = NULL;
BIGNUM * a = NULL, *b = NULL, *p = NULL;
BIGNUM * x = NULL, *y = NULL, *v = NULL, *u = NULL;
BIGNUM * tmp = NULL, *tmp2 = NULL, *bn_inv = NULL;
BIGNUM * two = NULL, *three = NULL, *four = NULL, *six = NULL;
BIGNUM * twentyseven = NULL;
EC_KEY *static_key = NULL, *ephemeral_key = NULL;
EC_POINT *g = NULL;
BN_CTX_start(bn_ctx);
check((ctx && ctx->static_key && s && ctx->ka_ctx), "Invalid arguments");
static_key = EVP_PKEY_get1_EC_KEY(ctx->static_key);
if (!static_key)
goto err;
/* Setup all the variables*/
a = BN_CTX_get(bn_ctx);
b = BN_CTX_get(bn_ctx);
p = BN_CTX_get(bn_ctx);
x = BN_CTX_get(bn_ctx);
y = BN_CTX_get(bn_ctx);
v = BN_CTX_get(bn_ctx);
two = BN_CTX_get(bn_ctx);
three = BN_CTX_get(bn_ctx);
four = BN_CTX_get(bn_ctx);
six = BN_CTX_get(bn_ctx);
twentyseven = BN_CTX_get(bn_ctx);
tmp = BN_CTX_get(bn_ctx);
tmp2 = BN_CTX_get(bn_ctx);
bn_inv = BN_CTX_get(bn_ctx);
if (!bn_inv)
goto err;
/* Encrypt the Nonce using the symmetric key in */
x_mem = cipher_no_pad(ctx->ka_ctx, NULL, in, s, 1);
if (!x_mem)
goto err;
/* Fetch the curve parameters */
if (!EC_GROUP_get_curve_GFp(EC_KEY_get0_group(static_key), p, a, b, bn_ctx))
goto err;
/* Assign constants */
if ( !BN_set_word(two,2)||
!BN_set_word(three,3)||
!BN_set_word(four,4)||
!BN_set_word(six,6)||
!BN_set_word(twentyseven,27)
) goto err;
/* Check prerequisites for curve parameters */
check(
/* p > 3;*/
(BN_cmp(p, three) == 1) &&
/* p mod 3 = 2; (p has the form p=q^n, q prime) */
BN_nnmod(tmp, p, three, bn_ctx) &&
(BN_cmp(tmp, two) == 0),
"Unsuited curve");
/* Convert encrypted nonce to BIGNUM */
u = BN_bin2bn((unsigned char *) x_mem->data, x_mem->length, u);
if (!u)
goto err;
if ( /* v = (3a - u^4) / 6u mod p */
!BN_mod_mul(tmp, three, a, p, bn_ctx) ||
!BN_mod_exp(tmp2, u, four, p, bn_ctx) ||
!BN_mod_sub(v, tmp, tmp2, p, bn_ctx) ||
!BN_mod_mul(tmp, u, six, p, bn_ctx) ||
/* For division within a galois field we need to compute
* the multiplicative inverse of a number */
!BN_mod_inverse(bn_inv, tmp, p, bn_ctx) ||
!BN_mod_mul(v, v, bn_inv, p, bn_ctx) ||
/* x = (v^2 - b - ((u^6)/27)) */
!BN_mod_sqr(tmp, v, p, bn_ctx) ||
!BN_mod_sub(tmp2, tmp, b, p, bn_ctx) ||
!BN_mod_exp(tmp, u, six, p, bn_ctx) ||
!BN_mod_inverse(bn_inv, twentyseven, p, bn_ctx) ||
!BN_mod_mul(tmp, tmp, bn_inv, p, bn_ctx) ||
!BN_mod_sub(x, tmp2, tmp, p, bn_ctx) ||
/* x -> x^(1/3) = x^((2p^n -1)/3) */
!BN_mul(tmp, two, p, bn_ctx) ||
!BN_sub(tmp, tmp, BN_value_one()) ||
/* Division is defined, because p^n = 2 mod 3 */
!BN_div(tmp, y, tmp, three, bn_ctx) ||
!BN_mod_exp(tmp2, x, tmp, p, bn_ctx) ||
!BN_copy(x, tmp2) ||
/* x += (u^2)/3 */
!BN_mod_sqr(tmp, u, p, bn_ctx) ||
//.........这里部分代码省略.........
示例11: main
int main(int argc, const char *argv[])
{
int r;
int ok = 0;
char *prog = "ecc";
// libpopt var
poptContext popt_ctx;
const char **rest;
int command = 0;
char *curve_name = "secp192k1";
int point_compressed = 0;
point_conversion_form_t point_form;
struct poptOption options[] = {
{"curve-name", 'c', POPT_ARG_STRING, &curve_name, 0, "elliptic curve name", "NAME"},
{"point-compressed", 'z', POPT_ARG_NONE, &point_compressed, 0, "point format, compress or uncompress", NULL},
{"print-curve", 'p', POPT_ARG_VAL, &command, ECC_PRINT, "print elliptic curve parameters", NULL},
{"random-private-key", 0, POPT_ARG_VAL, &command, ECC_RAND_SKEY, "random generate a private key\n", NULL},
{"random-keypair", 0, POPT_ARG_VAL, &command, ECC_RAND_KEYPAIR, "generate a random key pair\n", NULL},
{"check-point", 'e', POPT_ARG_VAL, &command, ECC_CHECK_POINT, "check if point is valid\n", NULL},
{"point-add", 'a', POPT_ARG_VAL, &command, ECC_ADD, "elliptic curve point addition", NULL},
{"point-double", 'b', POPT_ARG_VAL, &command, ECC_DOUBLE, "elliptic curve point double", NULL},
{"point-mul", 'x', POPT_ARG_VAL, &command, ECC_MUL, "k*G", NULL},
{"point-mul-generator", 'X', POPT_ARG_VAL, &command, ECC_MUL_G, "elliptic curve point scalar multiply", NULL},
{"point-invert", 'i', POPT_ARG_VAL, &command, ECC_INVERT, "elliptic curve point inverse", NULL},
{"ecdsa-sign", 's', POPT_ARG_VAL, &command, ECC_SIGN, "ecdsa sign", NULL},
{"ecdsa-verify", 'v', POPT_ARG_VAL, &command, ECC_VERIFY, "ecdsa verify", NULL},
POPT_AUTOHELP
POPT_TABLEEND
};
// openssl var
EC_GROUP *ec_group = NULL;
EC_POINT *P = NULL;
EC_POINT *Q = NULL;
EC_POINT *R = NULL;
BIGNUM *k = BN_new();
BN_CTX *bn_ctx = BN_CTX_new();
// argument parsing
popt_ctx = poptGetContext(argv[0], argc, argv, options, 0);
if ((r = poptGetNextOpt(popt_ctx)) < -1) {
fprintf(stderr, "%s: bad argument %s: %s\n", argv[0],
poptBadOption(popt_ctx, POPT_BADOPTION_NOALIAS),
poptStrerror(r));
goto exit;
}
rest = poptGetArgs(popt_ctx);
// check arguments
ec_group = EC_GROUP_new_by_curve_name(OBJ_txt2nid(curve_name));
if (ec_group == NULL) {
fprintf(stderr, "%s: unknown curve name\n", prog);
goto exit;
}
P = EC_POINT_new(ec_group);
Q = EC_POINT_new(ec_group);
R = EC_POINT_new(ec_group);
point_form = point_compressed ? POINT_CONVERSION_COMPRESSED : POINT_CONVERSION_UNCOMPRESSED;
switch (command) {
case ECC_PRINT:
{
BIGNUM *p = BN_new();
BIGNUM *a = BN_new();
BIGNUM *b = BN_new();
char *generator;
BIGNUM *order = BN_new();
BIGNUM *cofactor = BN_new();
EC_GROUP_get_curve_GFp(ec_group, p, a, b, bn_ctx);
generator = EC_POINT_point2hex(ec_group, EC_GROUP_get0_generator(ec_group), point_form, bn_ctx);
EC_GROUP_get_order(ec_group, order, bn_ctx);
EC_GROUP_get_cofactor(ec_group, cofactor, bn_ctx);
fprintf(stdout, "Name : %s\n", OBJ_nid2sn(EC_GROUP_get_curve_name(ec_group)));
fprintf(stdout, "FieldType : %s\n", "PrimeField");
fprintf(stdout, "Prime : %s\n", BN_bn2hex(p));
fprintf(stdout, "A : %s\n", BN_bn2hex(a));
fprintf(stdout, "B : %s\n", BN_bn2hex(b));
fprintf(stdout, "Generator : %s\n", generator);
fprintf(stdout, "Order : %s\n", BN_bn2hex(order));
fprintf(stdout, "Cofactor : %s\n", BN_bn2hex(cofactor));
BN_free(p);
BN_free(a);
BN_free(b);
BN_free(order);
BN_free(cofactor);
break;
}
case ECC_CHECK_POINT:
{
//.........这里部分代码省略.........
示例12: timings
static void timings(EC_GROUP *group, int multi, BN_CTX *ctx)
{
clock_t clck;
int i, j;
BIGNUM *s, *s0;
EC_POINT *P;
s = BN_new();
s0 = BN_new();
if (s == NULL || s0 == NULL) ABORT;
if (!EC_GROUP_get_curve_GFp(group, s, NULL, NULL, ctx)) ABORT;
fprintf(stdout, "Timings for %d bit prime, ", (int)BN_num_bits(s));
if (!EC_GROUP_get_order(group, s, ctx)) ABORT;
fprintf(stdout, "%d bit scalars ", (int)BN_num_bits(s));
fflush(stdout);
P = EC_POINT_new(group);
if (P == NULL) ABORT;
EC_POINT_copy(P, EC_GROUP_get0_generator(group));
clck = clock();
for (i = 0; i < 10; i++)
{
if (!BN_pseudo_rand(s, BN_num_bits(s), 0, 0)) ABORT;
if (multi)
{
if (!BN_pseudo_rand(s0, BN_num_bits(s), 0, 0)) ABORT;
}
for (j = 0; j < 10; j++)
{
if (!EC_POINT_mul(group, P, s, multi ? P : NULL, multi ? s0 : NULL, ctx)) ABORT;
}
fprintf(stdout, ".");
fflush(stdout);
}
fprintf(stdout, "\n");
clck = clock() - clck;
#ifdef CLOCKS_PER_SEC
/* "To determine the time in seconds, the value returned
* by the clock function should be divided by the value
* of the macro CLOCKS_PER_SEC."
* -- ISO/IEC 9899 */
# define UNIT "s"
#else
/* "`CLOCKS_PER_SEC' undeclared (first use this function)"
* -- cc on NeXTstep/OpenStep */
# define UNIT "units"
# define CLOCKS_PER_SEC 1
#endif
fprintf(stdout, "%i %s in %.2f " UNIT "\n", i*j,
multi ? "s*P+t*Q operations" : "point multiplications",
(double)clck/CLOCKS_PER_SEC);
fprintf(stdout, "average: %.4f " UNIT "\n", (double)clck/(CLOCKS_PER_SEC*i*j));
EC_POINT_free(P);
BN_free(s);
BN_free(s0);
}
示例13: Z_Gen
void Z_Gen(unsigned char *z, unsigned int klen, unsigned char *ID, unsigned char *x, unsigned char *y)
{
// Tsp 需要
// ZA=H256(ENTLA || IDA || a || b || xG || yG || xA || yA)。
BN_CTX *ctx = NULL;
ctx = BN_CTX_new();
EC_KEY *ec_key = EC_KEY_new_by_curve_name(NID_sm2p256v1);
const EC_GROUP *ec_group = EC_KEY_get0_group(ec_key);
BIGNUM *p = NULL, *a = NULL, *b = NULL, *gen = NULL,
*order = NULL, *cofactor = NULL;
if ((p = BN_new()) == NULL || (a = BN_new()) == NULL ||
(b = BN_new()) == NULL || (order = BN_new()) == NULL ||
(cofactor = BN_new()) == NULL) {
goto err;
}
int is_char_two = 0;
int tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(ec_group));
if (tmp_nid == NID_X9_62_characteristic_two_field)
is_char_two = 1;
#ifndef OPENSSL_NO_EC2M
if (is_char_two) {
if (!EC_GROUP_get_curve_GF2m(ec_group, p, a, b, ctx)) {
goto err;
}
} else /* prime field */
#endif
{
if (!EC_GROUP_get_curve_GFp(ec_group, p, a, b, ctx)) {
goto err;
}
}
const EC_POINT *generator = EC_GROUP_get0_generator(ec_group);
unsigned char g[65];
EC_POINT_point2oct(ec_group, generator, POINT_CONVERSION_UNCOMPRESSED, g, ECDH_SIZE, NULL);
sm3_ctx_t ctx2;
sm3_init(&ctx2);
unsigned char entla[2];
entla[0] = (klen / 32);
entla[1] = (klen * 8);
sm3_update(&ctx2, entla, sizeof(entla));
sm3_update(&ctx2, ID, klen);
unsigned char buffer[32];
BN_bn2bin(a, buffer);
sm3_update(&ctx2, buffer, 32);
BN_bn2bin(b, buffer);
sm3_update(&ctx2, buffer, 32);
sm3_update(&ctx2, g + 1, 64);
sm3_update(&ctx2, x, 32);
sm3_update(&ctx2, y, 32);
sm3_final(&ctx2, z);
err:
return;
}