本文整理汇总了C++中EC_POINT_free函数的典型用法代码示例。如果您正苦于以下问题:C++ EC_POINT_free函数的具体用法?C++ EC_POINT_free怎么用?C++ EC_POINT_free使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了EC_POINT_free函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: BN_new
static EC_KEY *extract_ec_pub_key(CPK_PUBLIC_PARAMS *param, const char *id)
{
int e = 1;
EC_KEY *ec_key = NULL;
const EC_GROUP *ec_group;
EC_POINT *pub_key = NULL;
EC_POINT *pt = NULL;
BIGNUM *order = BN_new();
BIGNUM *bn = BN_new();
BN_CTX *ctx = BN_CTX_new();
int *index = NULL;
int i, bn_size, pt_size, num_indexes, num_factors;
if (!(ec_key = X509_ALGOR_get1_EC_KEY(param->pkey_algor))) {
goto err;
}
ec_group = EC_KEY_get0_group(ec_key);
if (!(pub_key = EC_POINT_new(ec_group))) {
goto err;
}
if (!(pt = EC_POINT_new(ec_group))) {
goto err;
}
if (!EC_GROUP_get_order(ec_group, order, ctx)) {
goto err;
}
bn_size = BN_num_bytes(order);
pt_size = bn_size + 1;
if ((num_factors = CPK_MAP_num_factors(param->map_algor)) <= 0) {
goto err;
}
if (M_ASN1_STRING_length(param->public_factors) != pt_size * num_factors) {
goto err;
}
if ((num_indexes = CPK_MAP_num_indexes(param->map_algor)) <= 0) {
goto err;
}
if (!(index = OPENSSL_malloc(sizeof(int) * num_indexes))) {
goto err;
}
if (!CPK_MAP_str2index(param->map_algor, id, index)) {
goto err;
}
if (!EC_POINT_set_to_infinity(ec_group, pub_key)) {
goto err;
}
for (i = 0; i < num_indexes; i++) {
const unsigned char *p =
M_ASN1_STRING_data(param->public_factors) +
pt_size * index[i];
if (!EC_POINT_oct2point(ec_group, pt, p, pt_size, ctx)) {
goto err;
}
if (!EC_POINT_add(ec_group, pub_key, pub_key, pt, ctx)) {
goto err;
}
}
if (!EC_KEY_set_public_key(ec_key, pub_key)) {
goto err;
}
e = 0;
err:
if (e && ec_key) {
EC_KEY_free(ec_key);
ec_key = NULL;
}
if (pub_key) EC_POINT_free(pub_key);
if (order) BN_free(order);
if (bn) BN_free(bn);
if (ctx) BN_CTX_free(ctx);
if (index) OPENSSL_free(index);
return ec_key;
}示例2: vg_thread_loop
//.........这里部分代码省略.........
npoints++;
vxcp->vxc_delta = 0;
if (vcp->vc_pubkey_base)
EC_POINT_add(pgroup,
ppnt[0],
ppnt[0],
vcp->vc_pubkey_base,
vxcp->vxc_bnctx);
for (nbatch = 1;
(nbatch < ptarraysize) && (npoints < rekey_at);
nbatch++, npoints++) {
EC_POINT_add(pgroup,
ppnt[nbatch],
ppnt[nbatch-1],
pgen, vxcp->vxc_bnctx);
}
} else {
/*
* Common case
*
* EC_POINT_add() can skip a few multiplies if
* one or both inputs are affine (Z_is_one).
* This is the case for every point in ppnt, as
* well as pbatchinc.
*/
assert(nbatch == ptarraysize);
for (nbatch = 0;
(nbatch < ptarraysize) && (npoints < rekey_at);
nbatch++, npoints++) {
EC_POINT_add(pgroup,
ppnt[nbatch],
ppnt[nbatch],
pbatchinc,
vxcp->vxc_bnctx);
}
}
/*
* The single most expensive operation performed in this
* loop is modular inversion of ppnt->Z. There is an
* algorithm implemented in OpenSSL to do batched inversion
* that only does one actual BN_mod_inverse(), and saves
* a _lot_ of time.
*
* To take advantage of this, we batch up a few points,
* and feed them to EC_POINTs_make_affine() below.
*/
EC_POINTs_make_affine(pgroup, nbatch, ppnt, vxcp->vxc_bnctx);
for (i = 0; i < nbatch; i++, vxcp->vxc_delta++) {
/* Hash the public key */
len = EC_POINT_point2oct(pgroup, ppnt[i],
POINT_CONVERSION_UNCOMPRESSED,
eckey_buf,
65,
vxcp->vxc_bnctx);
assert(len == 65);
SHA256(hash_buf, hash_len, hash1);
RIPEMD160(hash1, sizeof(hash1), &vxcp->vxc_binres[1]);
switch (test_func(vxcp)) {
case 1:
npoints = 0;
rekey_at = 0;
i = nbatch;
break;
case 2:
goto out;
default:
break;
}
}
c += i;
if (c >= output_interval) {
output_interval = vg_output_timing(vcp, c, &tvstart);
if (output_interval > 250000)
output_interval = 250000;
c = 0;
}
vg_exec_context_yield(vxcp);
}
out:
vg_exec_context_del(&ctx);
vg_context_thread_exit(vcp);
for (i = 0; i < ptarraysize; i++)
if (ppnt[i])
EC_POINT_free(ppnt[i]);
if (pbatchinc)
EC_POINT_free(pbatchinc);
return NULL;
}示例3: ecdsa_do_verify
//.........这里部分代码省略.........
if (!X)
{
ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
goto err;
}
if (!EC_GROUP_get_order(group, order, ctx))
{
ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
goto err;
}
if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) ||
BN_is_negative(sig->s) || BN_ucmp(sig->s, order) >= 0)
{
ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_BAD_SIGNATURE);
ret = 0; /* signature is invalid */
goto err;
}
/* calculate tmp1 = inv(S) mod order */
if (!BN_mod_inverse(u2, sig->s, order, ctx))
{
ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
goto err;
}
/* digest -> m */
i = BN_num_bits(order);
/* Need to truncate digest if it is too long: first truncate whole
* bytes.
*/
if (8 * dgst_len > i)
dgst_len = (i + 7)/8;
if (!BN_bin2bn(dgst, dgst_len, m))
{
ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
goto err;
}
/* If still too long truncate remaining bits with a shift */
if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7)))
{
ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
goto err;
}
/* u1 = m * tmp mod order */
if (!BN_mod_mul(u1, m, u2, order, ctx))
{
ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
goto err;
}
/* u2 = r * w mod q */
if (!BN_mod_mul(u2, sig->r, u2, order, ctx))
{
ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
goto err;
}
if ((point = EC_POINT_new(group)) == NULL)
{
ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
goto err;
}
if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx))
{
ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
goto err;
}
if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field)
{
if (!EC_POINT_get_affine_coordinates_GFp(group,
point, X, NULL, ctx))
{
ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
goto err;
}
}
#ifndef OPENSSL_NO_EC2M
else /* NID_X9_62_characteristic_two_field */
{
if (!EC_POINT_get_affine_coordinates_GF2m(group,
point, X, NULL, ctx))
{
ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
goto err;
}
}
#endif
if (!BN_nnmod(u1, X, order, ctx))
{
ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
goto err;
}
/* if the signature is correct u1 is equal to sig->r */
ret = (BN_ucmp(u1, sig->r) == 0);
err:
BN_CTX_end(ctx);
BN_CTX_free(ctx);
EC_POINT_free(point);
return ret;
}示例4: hashsum2bn
/*
* Computes gost2001 signature as DSA_SIG structure
*
*
*/
DSA_SIG *gost2001_do_sign(const unsigned char *dgst,int dlen, EC_KEY *eckey)
{
DSA_SIG *newsig = NULL;
BIGNUM *md = hashsum2bn(dgst);
BIGNUM *order = NULL;
const EC_GROUP *group;
const BIGNUM *priv_key;
BIGNUM *r=NULL,*s=NULL,*X=NULL,*tmp=NULL,*tmp2=NULL, *k=NULL,*e=NULL;
EC_POINT *C=NULL;
BN_CTX *ctx = BN_CTX_new();
BN_CTX_start(ctx);
OPENSSL_assert(dlen==32);
newsig=DSA_SIG_new();
if (!newsig)
{
GOSTerr(GOST_F_GOST2001_DO_SIGN,GOST_R_NO_MEMORY);
goto err;
}
group = EC_KEY_get0_group(eckey);
order=BN_CTX_get(ctx);
EC_GROUP_get_order(group,order,ctx);
priv_key = EC_KEY_get0_private_key(eckey);
e = BN_CTX_get(ctx);
BN_mod(e,md,order,ctx);
#ifdef DEBUG_SIGN
fprintf(stderr,"digest as bignum=");
BN_print_fp(stderr,md);
fprintf(stderr,"\ndigest mod q=");
BN_print_fp(stderr,e);
fprintf(stderr,"\n");
#endif
if (BN_is_zero(e))
{
BN_one(e);
}
k =BN_CTX_get(ctx);
C=EC_POINT_new(group);
do
{
do
{
if (!BN_rand_range(k,order))
{
GOSTerr(GOST_F_GOST2001_DO_SIGN,GOST_R_RANDOM_NUMBER_GENERATOR_FAILED);
DSA_SIG_free(newsig);
newsig = NULL;
goto err;
}
if (!EC_POINT_mul(group,C,k,NULL,NULL,ctx))
{
GOSTerr(GOST_F_GOST2001_DO_SIGN,ERR_R_EC_LIB);
DSA_SIG_free(newsig);
newsig = NULL;
goto err;
}
if (!X) X=BN_CTX_get(ctx);
if (!EC_POINT_get_affine_coordinates_GFp(group,C,X,NULL,ctx))
{
GOSTerr(GOST_F_GOST2001_DO_SIGN,ERR_R_EC_LIB);
DSA_SIG_free(newsig);
newsig = NULL;
goto err;
}
if (!r) r=BN_CTX_get(ctx);
BN_nnmod(r,X,order,ctx);
}
while (BN_is_zero(r));
/* s = (r*priv_key+k*e) mod order */
if (!tmp) tmp = BN_CTX_get(ctx);
BN_mod_mul(tmp,priv_key,r,order,ctx);
if (!tmp2) tmp2 = BN_CTX_get(ctx);
BN_mod_mul(tmp2,k,e,order,ctx);
if (!s) s=BN_CTX_get(ctx);
BN_mod_add(s,tmp,tmp2,order,ctx);
}
while (BN_is_zero(s));
newsig->s=BN_dup(s);
newsig->r=BN_dup(r);
err:
BN_CTX_end(ctx);
BN_CTX_free(ctx);
EC_POINT_free(C);
BN_free(md);
return newsig;
}示例5: gostr3410_verify_data
static CK_RV gostr3410_verify_data(const unsigned char *pubkey, int pubkey_len,
const unsigned char *params, int params_len,
unsigned char *data, int data_len,
unsigned char *signat, int signat_len)
{
EVP_PKEY *pkey;
EVP_PKEY_CTX *pkey_ctx = NULL;
EC_POINT *P;
BIGNUM *X, *Y;
ASN1_OCTET_STRING *octet;
const EC_GROUP *group = NULL;
char paramset[2] = "A";
int r = -1, ret_vrf = 0;
pkey = EVP_PKEY_new();
if (!pkey)
return CKR_HOST_MEMORY;
r = EVP_PKEY_set_type(pkey, NID_id_GostR3410_2001);
if (r == 1) {
pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL);
if (!pkey_ctx) {
EVP_PKEY_free(pkey);
return CKR_HOST_MEMORY;
}
/* FIXME: fully check params[] */
if (params_len > 0 && params[params_len - 1] >= 1 &&
params[params_len - 1] <= 3) {
paramset[0] += params[params_len - 1] - 1;
r = EVP_PKEY_CTX_ctrl_str(pkey_ctx, "paramset", paramset);
}
else
r = -1;
if (r == 1)
r = EVP_PKEY_paramgen_init(pkey_ctx);
if (r == 1)
r = EVP_PKEY_paramgen(pkey_ctx, &pkey);
if (r == 1 && EVP_PKEY_get0(pkey) != NULL)
group = EC_KEY_get0_group(EVP_PKEY_get0(pkey));
r = -1;
if (group)
octet = d2i_ASN1_OCTET_STRING(NULL, &pubkey, (long)pubkey_len);
if (group && octet) {
reverse(octet->data, octet->length);
Y = BN_bin2bn(octet->data, octet->length / 2, NULL);
X = BN_bin2bn((const unsigned char*)octet->data +
octet->length / 2, octet->length / 2, NULL);
ASN1_OCTET_STRING_free(octet);
P = EC_POINT_new(group);
if (P && X && Y)
r = EC_POINT_set_affine_coordinates_GFp(group,
P, X, Y, NULL);
BN_free(X);
BN_free(Y);
if (r == 1 && EVP_PKEY_get0(pkey) && P)
r = EC_KEY_set_public_key(EVP_PKEY_get0(pkey), P);
EC_POINT_free(P);
}
if (r == 1) {
r = EVP_PKEY_verify_init(pkey_ctx);
reverse(data, data_len);
if (r == 1)
ret_vrf = EVP_PKEY_verify(pkey_ctx, signat, signat_len,
data, data_len);
}
}
EVP_PKEY_CTX_free(pkey_ctx);
EVP_PKEY_free(pkey);
if (r != 1)
return CKR_GENERAL_ERROR;
return ret_vrf == 1 ? CKR_OK : CKR_SIGNATURE_INVALID;
}示例6: ecdsa_sign_setup
//.........这里部分代码省略.........
OPENSSL_PUT_ERROR(ECDSA, ERR_R_MALLOC_FAILURE);
return 0;
}
} else {
ctx = ctx_in;
}
k = BN_new(); /* this value is later returned in *kinvp */
r = BN_new(); /* this value is later returned in *rp */
order = BN_new();
X = BN_new();
if (!k || !r || !order || !X) {
OPENSSL_PUT_ERROR(ECDSA, ERR_R_MALLOC_FAILURE);
goto err;
}
tmp_point = EC_POINT_new(group);
if (tmp_point == NULL) {
OPENSSL_PUT_ERROR(ECDSA, ERR_R_EC_LIB);
goto err;
}
if (!EC_GROUP_get_order(group, order, ctx)) {
OPENSSL_PUT_ERROR(ECDSA, ERR_R_EC_LIB);
goto err;
}
do {
/* If possible, we'll include the private key and message digest in the k
* generation. The |digest| argument is only empty if |ECDSA_sign_setup| is
* being used. */
do {
int ok;
if (digest_len > 0) {
ok = BN_generate_dsa_nonce(k, order, EC_KEY_get0_private_key(eckey),
digest, digest_len, ctx);
} else {
ok = BN_rand_range(k, order);
}
if (!ok) {
OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED);
goto err;
}
} while (BN_is_zero(k));
/* We do not want timing information to leak the length of k,
* so we compute G*k using an equivalent scalar of fixed
* bit-length. */
if (!BN_add(k, k, order)) {
goto err;
}
if (BN_num_bits(k) <= BN_num_bits(order)) {
if (!BN_add(k, k, order)) {
goto err;
}
}
/* compute r the x-coordinate of generator * k */
if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) {
OPENSSL_PUT_ERROR(ECDSA, ERR_R_EC_LIB);
goto err;
}
if (!EC_POINT_get_affine_coordinates_GFp(group, tmp_point, X, NULL, ctx)) {
OPENSSL_PUT_ERROR(ECDSA, ERR_R_EC_LIB);
goto err;
}
if (!BN_nnmod(r, X, order, ctx)) {
OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB);
goto err;
}
} while (BN_is_zero(r));
/* compute the inverse of k */
if (!BN_mod_inverse(k, k, order, ctx)) {
OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB);
goto err;
}
/* clear old values if necessary */
BN_clear_free(*rp);
BN_clear_free(*kinvp);
/* save the pre-computed values */
*rp = r;
*kinvp = k;
ret = 1;
err:
if (!ret) {
BN_clear_free(k);
BN_clear_free(r);
}
if (ctx_in == NULL) {
BN_CTX_free(ctx);
}
BN_free(order);
EC_POINT_free(tmp_point);
BN_clear_free(X);
return ret;
}示例7: STACK_OF
//.........这里部分代码省略.........
plen = param->value.sequence->length;
if (!(eckey = d2i_ECParameters(NULL, &cp, plen)))
{
EVPerr(EVP_F_EVP_PKCS82PKEY,
EVP_R_DECODE_ERROR);
goto ecerr;
}
}
else
{
EC_GROUP *group;
cp = p = param->value.object->data;
plen = param->value.object->length;
/* type == V_ASN1_OBJECT => the parameters are given
* by an asn1 OID
*/
if ((eckey = EC_KEY_new()) == NULL)
{
EVPerr(EVP_F_EVP_PKCS82PKEY,
ERR_R_MALLOC_FAILURE);
goto ecerr;
}
group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object));
if (group == NULL)
goto ecerr;
EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
if (EC_KEY_set_group(eckey, group) == 0)
goto ecerr;
EC_GROUP_free(group);
}
/* We have parameters now set private key */
if (!d2i_ECPrivateKey(&eckey, &p_tmp, pkeylen))
{
EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
goto ecerr;
}
/* calculate public key (if necessary) */
if (EC_KEY_get0_public_key(eckey) == NULL)
{
const BIGNUM *priv_key;
const EC_GROUP *group;
EC_POINT *pub_key;
/* the public key was not included in the SEC1 private
* key => calculate the public key */
group = EC_KEY_get0_group(eckey);
pub_key = EC_POINT_new(group);
if (pub_key == NULL)
{
EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
goto ecerr;
}
if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group)))
{
EC_POINT_free(pub_key);
EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
goto ecerr;
}
priv_key = EC_KEY_get0_private_key(eckey);
if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx))
{
EC_POINT_free(pub_key);
EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
goto ecerr;
}
if (EC_KEY_set_public_key(eckey, pub_key) == 0)
{
EC_POINT_free(pub_key);
EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
goto ecerr;
}
EC_POINT_free(pub_key);
}
EVP_PKEY_assign_EC_KEY(pkey, eckey);
if (ctx)
BN_CTX_free(ctx);
break;
ecerr:
if (ctx)
BN_CTX_free(ctx);
if (eckey)
EC_KEY_free(eckey);
if (pkey)
EVP_PKEY_free(pkey);
return NULL;
#endif
default:
EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm);
ERR_add_error_data(2, "TYPE=", obj_tmp);
EVP_PKEY_free (pkey);
return NULL;
}
return pkey;
}示例8: ECerr
EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src)
{
EC_EXTRA_DATA *d;
if (dest == NULL || src == NULL)
{
ECerr(EC_F_EC_KEY_COPY, ERR_R_PASSED_NULL_PARAMETER);
return NULL;
}
/* copy the parameters */
if (src->group)
{
const EC_METHOD *meth = EC_GROUP_method_of(src->group);
/* clear the old group */
if (dest->group)
EC_GROUP_free(dest->group);
dest->group = EC_GROUP_new(meth);
if (dest->group == NULL)
return NULL;
if (!EC_GROUP_copy(dest->group, src->group))
return NULL;
}
/* copy the public key */
if (src->pub_key && src->group)
{
if (dest->pub_key)
EC_POINT_free(dest->pub_key);
dest->pub_key = EC_POINT_new(src->group);
if (dest->pub_key == NULL)
return NULL;
if (!EC_POINT_copy(dest->pub_key, src->pub_key))
return NULL;
}
/* copy the private key */
if (src->priv_key)
{
if (dest->priv_key == NULL)
{
dest->priv_key = BN_new();
if (dest->priv_key == NULL)
return NULL;
}
if (!BN_copy(dest->priv_key, src->priv_key))
return NULL;
}
/* copy method/extra data */
EC_EX_DATA_free_all_data(&dest->method_data);
for (d = src->method_data; d != NULL; d = d->next)
{
void *t = d->dup_func(d->data);
if (t == NULL)
return 0;
if (!EC_EX_DATA_set_data(&dest->method_data, t, d->dup_func, d->free_func, d->clear_free_func))
return 0;
}
/* copy the rest */
dest->enc_flag = src->enc_flag;
dest->conv_form = src->conv_form;
dest->version = src->version;
return dest;
}示例9: EC_KEY_generate_key
int EC_KEY_generate_key(EC_KEY *eckey)
{
int ok = 0;
BN_CTX *ctx = NULL;
BIGNUM *priv_key = NULL, *order = NULL;
EC_POINT *pub_key = NULL;
if (!eckey || !eckey->group)
{
ECerr(EC_F_EC_KEY_GENERATE_KEY, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if ((order = BN_new()) == NULL) goto err;
if ((ctx = BN_CTX_new()) == NULL) goto err;
if (eckey->priv_key == NULL)
{
priv_key = BN_new();
if (priv_key == NULL)
goto err;
}
else
priv_key = eckey->priv_key;
if (!EC_GROUP_get_order(eckey->group, order, ctx))
goto err;
do
if (!BN_rand_range(priv_key, order))
goto err;
while (BN_is_zero(priv_key));
if (eckey->pub_key == NULL)
{
pub_key = EC_POINT_new(eckey->group);
if (pub_key == NULL)
goto err;
}
else
pub_key = eckey->pub_key;
if (!EC_POINT_mul(eckey->group, pub_key, priv_key, NULL, NULL, ctx))
goto err;
eckey->priv_key = priv_key;
eckey->pub_key = pub_key;
ok=1;
err:
if (order)
BN_free(order);
if (pub_key != NULL && eckey->pub_key == NULL)
EC_POINT_free(pub_key);
if (priv_key != NULL && eckey->priv_key == NULL)
BN_free(priv_key);
if (ctx != NULL)
BN_CTX_free(ctx);
return(ok);
}示例10: GOST_KEY_check_key
int GOST_KEY_check_key(const GOST_KEY *key)
{
int ok = 0;
BN_CTX *ctx = NULL;
BIGNUM *order = NULL;
EC_POINT *point = NULL;
if (!key || !key->group || !key->pub_key) {
GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (EC_POINT_is_at_infinity(key->group, key->pub_key)) {
GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_POINT_AT_INFINITY);
goto err;
}
if ((ctx = BN_CTX_new()) == NULL)
goto err;
if ((point = EC_POINT_new(key->group)) == NULL)
goto err;
/* testing whether the pub_key is on the elliptic curve */
if (EC_POINT_is_on_curve(key->group, key->pub_key, ctx) <= 0) {
GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE);
goto err;
}
/* testing whether pub_key * order is the point at infinity */
if ((order = BN_new()) == NULL)
goto err;
if (!EC_GROUP_get_order(key->group, order, ctx)) {
GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_INVALID_GROUP_ORDER);
goto err;
}
if (!EC_POINT_mul(key->group, point, NULL, key->pub_key, order, ctx)) {
GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, ERR_R_EC_LIB);
goto err;
}
if (!EC_POINT_is_at_infinity(key->group, point)) {
GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_WRONG_ORDER);
goto err;
}
/*
* in case the priv_key is present : check if generator * priv_key ==
* pub_key
*/
if (key->priv_key) {
if (BN_cmp(key->priv_key, order) >= 0) {
GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_WRONG_ORDER);
goto err;
}
if (!EC_POINT_mul(key->group, point, key->priv_key, NULL, NULL, ctx)) {
GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, ERR_R_EC_LIB);
goto err;
}
if (EC_POINT_cmp(key->group, point, key->pub_key, ctx) != 0) {
GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_INVALID_PRIVATE_KEY);
goto err;
}
}
ok = 1;
err:
BN_free(order);
BN_CTX_free(ctx);
EC_POINT_free(point);
return (ok);
}示例11: ssl_ec_point_finish
static int ssl_ec_point_finish(SSL_ECDH_CTX *ctx, uint8_t **out_secret,
size_t *out_secret_len, uint8_t *out_alert,
const uint8_t *peer_key, size_t peer_key_len) {
BIGNUM *private_key = (BIGNUM *)ctx->data;
assert(private_key != NULL);
*out_alert = SSL_AD_INTERNAL_ERROR;
/* Set up a shared |BN_CTX| for all operations. */
BN_CTX *bn_ctx = BN_CTX_new();
if (bn_ctx == NULL) {
return 0;
}
BN_CTX_start(bn_ctx);
int ret = 0;
EC_GROUP *group = EC_GROUP_new_by_curve_name(ctx->method->nid);
EC_POINT *peer_point = NULL, *result = NULL;
uint8_t *secret = NULL;
if (group == NULL) {
goto err;
}
/* Compute the x-coordinate of |peer_key| * |private_key|. */
peer_point = EC_POINT_new(group);
result = EC_POINT_new(group);
if (peer_point == NULL || result == NULL) {
goto err;
}
BIGNUM *x = BN_CTX_get(bn_ctx);
if (x == NULL) {
goto err;
}
if (!EC_POINT_oct2point(group, peer_point, peer_key, peer_key_len, bn_ctx)) {
*out_alert = SSL_AD_DECODE_ERROR;
goto err;
}
if (!EC_POINT_mul(group, result, NULL, peer_point, private_key, bn_ctx) ||
!EC_POINT_get_affine_coordinates_GFp(group, result, x, NULL, bn_ctx)) {
goto err;
}
/* Encode the x-coordinate left-padded with zeros. */
size_t secret_len = (EC_GROUP_get_degree(group) + 7) / 8;
secret = OPENSSL_malloc(secret_len);
if (secret == NULL || !BN_bn2bin_padded(secret, secret_len, x)) {
goto err;
}
*out_secret = secret;
*out_secret_len = secret_len;
secret = NULL;
ret = 1;
err:
EC_GROUP_free(group);
EC_POINT_free(peer_point);
EC_POINT_free(result);
BN_CTX_end(bn_ctx);
BN_CTX_free(bn_ctx);
OPENSSL_free(secret);
return ret;
}示例12: GOST_KEY_set_public_key
int GOST_KEY_set_public_key(GOST_KEY *key, const EC_POINT *pub_key)
{
EC_POINT_free(key->pub_key);
key->pub_key = EC_POINT_dup(pub_key, key->group);
return (key->pub_key == NULL) ? 0 : 1;
}示例13: ecdsa_sign_setup
//.........这里部分代码省略.........
do {
/* get random k */
do
if (dgst != NULL) {
if (!BN_generate_dsa_nonce
(k, order, EC_KEY_get0_private_key(eckey), dgst, dlen,
ctx)) {
ECerr(EC_F_ECDSA_SIGN_SETUP,
EC_R_RANDOM_NUMBER_GENERATION_FAILED);
goto err;
}
} else {
if (!BN_priv_rand_range(k, order)) {
ECerr(EC_F_ECDSA_SIGN_SETUP,
EC_R_RANDOM_NUMBER_GENERATION_FAILED);
goto err;
}
}
while (BN_is_zero(k));
/* compute r the x-coordinate of generator * k */
if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) {
ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
goto err;
}
if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
NID_X9_62_prime_field) {
if (!EC_POINT_get_affine_coordinates_GFp
(group, tmp_point, X, NULL, ctx)) {
ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
goto err;
}
}
#ifndef OPENSSL_NO_EC2M
else { /* NID_X9_62_characteristic_two_field */
if (!EC_POINT_get_affine_coordinates_GF2m(group,
tmp_point, X, NULL,
ctx)) {
ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
goto err;
}
}
#endif
if (!BN_nnmod(r, X, order, ctx)) {
ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
goto err;
}
}
while (BN_is_zero(r));
/* Check if optimized inverse is implemented */
if (EC_GROUP_do_inverse_ord(group, k, k, ctx) == 0) {
/* compute the inverse of k */
if (group->mont_data != NULL) {
/*
* We want inverse in constant time, therefore we utilize the fact
* order must be prime and use Fermats Little Theorem instead.
*/
if (!BN_set_word(X, 2)) {
ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
goto err;
}
if (!BN_mod_sub(X, order, X, order, ctx)) {
ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
goto err;
}
BN_set_flags(X, BN_FLG_CONSTTIME);
if (!BN_mod_exp_mont_consttime(k, k, X, order, ctx,
group->mont_data)) {
ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
goto err;
}
} else {
if (!BN_mod_inverse(k, k, order, ctx)) {
ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
goto err;
}
}
}
/* clear old values if necessary */
BN_clear_free(*rp);
BN_clear_free(*kinvp);
/* save the pre-computed values */
*rp = r;
*kinvp = k;
ret = 1;
err:
if (!ret) {
BN_clear_free(k);
BN_clear_free(r);
}
if (ctx != ctx_in)
BN_CTX_free(ctx);
EC_POINT_free(tmp_point);
BN_clear_free(X);
return ret;
}示例14: StealthSecretSpend
//.........这里部分代码省略.........
printf("StealthSecretSpend(): bnP BN_bin2bn failed\n");
rv = 1;
goto End;
};
if (!(P = EC_POINT_bn2point(ecgrp, bnP, NULL, bnCtx)))
{
printf("StealthSecretSpend(): P EC_POINT_bn2point failed\n");
rv = 1;
goto End;
};
// -- dP
if (!EC_POINT_mul(ecgrp, P, NULL, P, bnScanSecret, bnCtx))
{
printf("StealthSecretSpend(): dP EC_POINT_mul failed\n");
rv = 1;
goto End;
};
if (!(bnOutP = EC_POINT_point2bn(ecgrp, P, POINT_CONVERSION_COMPRESSED, BN_new(), bnCtx)))
{
printf("StealthSecretSpend(): P EC_POINT_bn2point failed\n");
rv = 1;
goto End;
};
vchOutP.resize(ec_compressed_size);
if (BN_num_bytes(bnOutP) != (int) ec_compressed_size
|| BN_bn2bin(bnOutP, &vchOutP[0]) != (int) ec_compressed_size)
{
printf("StealthSecretSpend(): bnOutP incorrect length.\n");
rv = 1;
goto End;
};
uint8_t hash1[32];
SHA256(&vchOutP[0], vchOutP.size(), (uint8_t*)hash1);
if (!(bnc = BN_bin2bn(&hash1[0], 32, BN_new())))
{
printf("StealthSecretSpend(): BN_bin2bn failed\n");
rv = 1;
goto End;
};
if (!(bnOrder = BN_new())
|| !EC_GROUP_get_order(ecgrp, bnOrder, bnCtx))
{
printf("StealthSecretSpend(): EC_GROUP_get_order failed\n");
rv = 1;
goto End;
};
if (!(bnSpend = BN_bin2bn(&spendSecret.e[0], ec_secret_size, BN_new())))
{
printf("StealthSecretSpend(): bnSpend BN_bin2bn failed.\n");
rv = 1;
goto End;
};
//if (!BN_add(r, a, b)) return 0;
//return BN_nnmod(r, r, m, ctx);
if (!BN_mod_add(bnSpend, bnSpend, bnc, bnOrder, bnCtx))
{
printf("StealthSecretSpend(): bnSpend BN_mod_add failed.\n");
rv = 1;
goto End;
};
if (BN_is_zero(bnSpend)) // possible?
{
printf("StealthSecretSpend(): bnSpend is zero.\n");
rv = 1;
goto End;
};
if (BN_num_bytes(bnSpend) != (int) ec_secret_size
|| BN_bn2bin(bnSpend, &secretOut.e[0]) != (int) ec_secret_size)
{
printf("StealthSecretSpend(): bnSpend incorrect length.\n");
rv = 1;
goto End;
};
End:
if (bnSpend) BN_free(bnSpend);
if (bnOrder) BN_free(bnOrder);
if (bnc) BN_free(bnc);
if (bnOutP) BN_free(bnOutP);
if (P) EC_POINT_free(P);
if (bnP) BN_free(bnP);
if (bnScanSecret) BN_free(bnScanSecret);
if (bnCtx) BN_CTX_free(bnCtx);
EC_GROUP_free(ecgrp);
return rv;
};示例15: EC_KEY_check_key
int EC_KEY_check_key(const EC_KEY *eckey)
{
int ok = 0;
BN_CTX *ctx = NULL;
const BIGNUM *order = NULL;
EC_POINT *point = NULL;
if (!eckey || !eckey->group || !eckey->pub_key)
{
ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if ((ctx = BN_CTX_new()) == NULL)
goto err;
if ((point = EC_POINT_new(eckey->group)) == NULL)
goto err;
/* testing whether the pub_key is on the elliptic curve */
if (!EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx))
{
ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE);
goto err;
}
/* testing whether pub_key * order is the point at infinity */
order = &eckey->group->order;
if (BN_is_zero(order))
{
ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_INVALID_GROUP_ORDER);
goto err;
}
if (!EC_POINT_mul(eckey->group, point, NULL, eckey->pub_key, order, ctx))
{
ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB);
goto err;
}
if (!EC_POINT_is_at_infinity(eckey->group, point))
{
ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_WRONG_ORDER);
goto err;
}
/* in case the priv_key is present :
* check if generator * priv_key == pub_key
*/
if (eckey->priv_key)
{
if (BN_cmp(eckey->priv_key, order) >= 0)
{
ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_WRONG_ORDER);
goto err;
}
if (!EC_POINT_mul(eckey->group, point, eckey->priv_key,
NULL, NULL, ctx))
{
ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB);
goto err;
}
if (EC_POINT_cmp(eckey->group, point, eckey->pub_key,
ctx) != 0)
{
ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_INVALID_PRIVATE_KEY);
goto err;
}
}
ok = 1;
err:
if (ctx != NULL)
BN_CTX_free(ctx);
if (point != NULL)
EC_POINT_free(point);
return(ok);
}