本文整理汇总了C++中LTC_ARGCHK函数的典型用法代码示例。如果您正苦于以下问题:C++ LTC_ARGCHK函数的具体用法?C++ LTC_ARGCHK怎么用?C++ LTC_ARGCHK使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了LTC_ARGCHK函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: signature
/**
Verify the signature given
@param sig The signature
@param siglen The length of the signature (octets)
@param hash The hash that was signed
@param hashlen The length of the hash (octets)
@param stat [out] Result of signature comparison, 1==valid, 0==invalid
@param key The public DH key that signed the hash
@return CRYPT_OK if succsessful (even if signature is invalid)
*/
int dh_verify_hash(const unsigned char *sig, unsigned long siglen,
const unsigned char *hash, unsigned long hashlen,
int *stat, dh_key *key)
{
mp_int a, b, p, g, m, tmp;
unsigned long x, y;
int err;
LTC_ARGCHK(sig != NULL);
LTC_ARGCHK(hash != NULL);
LTC_ARGCHK(stat != NULL);
LTC_ARGCHK(key != NULL);
/* default to invalid */
*stat = 0;
/* check initial input length */
if (siglen < PACKET_SIZE+4+4) {
return CRYPT_INVALID_PACKET;
}
/* header ok? */
if ((err = packet_valid_header((unsigned char *)sig, PACKET_SECT_DH, PACKET_SUB_SIGNED)) != CRYPT_OK) {
return err;
}
/* get hash out of packet */
y = PACKET_SIZE;
/* init all bignums */
if ((err = mp_init_multi(&a, &p, &b, &g, &m, &tmp, NULL)) != MP_OKAY) {
return mpi_to_ltc_error(err);
}
/* load a and b */
INPUT_BIGNUM(&a, sig, x, y, siglen);
INPUT_BIGNUM(&b, sig, x, y, siglen);
/* load p and g */
if ((err = mp_read_radix(&p, sets[key->idx].prime, 64)) != MP_OKAY) { goto error1; }
if ((err = mp_read_radix(&g, sets[key->idx].base, 64)) != MP_OKAY) { goto error1; }
/* load m */
if ((err = mp_read_unsigned_bin(&m, (unsigned char *)hash, hashlen)) != MP_OKAY) { goto error1; }
/* find g^m mod p */
if ((err = mp_exptmod(&g, &m, &p, &m)) != MP_OKAY) { goto error1; } /* m = g^m mod p */
/* find y^a * a^b */
if ((err = mp_exptmod(&key->y, &a, &p, &tmp)) != MP_OKAY) { goto error1; } /* tmp = y^a mod p */
if ((err = mp_exptmod(&a, &b, &p, &a)) != MP_OKAY) { goto error1; } /* a = a^b mod p */
if ((err = mp_mulmod(&a, &tmp, &p, &a)) != MP_OKAY) { goto error1; } /* a = y^a * a^b mod p */
/* y^a * a^b == g^m ??? */
if (mp_cmp(&a, &m) == 0) {
*stat = 1;
}
/* clean up */
err = CRYPT_OK;
goto done;
error1:
err = mpi_to_ltc_error(err);
error:
done:
mp_clear_multi(&tmp, &m, &g, &p, &b, &a, NULL);
return err;
}示例2: hmac_done
/**
Terminate an HMAC session
@param hmac The HMAC state
@param out [out] The destination of the HMAC authentication tag
@param outlen [in/out] The max size and resulting size of the HMAC authentication tag
@return CRYPT_OK if successful
*/
int hmac_done(hmac_state *hmac, unsigned char *out, unsigned long *outlen)
{
unsigned char *buf, *isha;
unsigned long hashsize, i;
int hash, err;
LTC_ARGCHK(hmac != NULL);
LTC_ARGCHK(out != NULL);
/* test hash */
hash = hmac->hash;
if((err = hash_is_valid(hash)) != CRYPT_OK) {
return err;
}
/* get the hash message digest size */
hashsize = hash_descriptor[hash].hashsize;
/* allocate buffers */
buf = XMALLOC(LTC_HMAC_BLOCKSIZE);
isha = XMALLOC(hashsize);
if (buf == NULL || isha == NULL) {
if (buf != NULL) {
XFREE(buf);
}
if (isha != NULL) {
XFREE(isha);
}
return CRYPT_MEM;
}
/* Get the hash of the first HMAC vector plus the data */
if ((err = hash_descriptor[hash].done(&hmac->md, isha)) != CRYPT_OK) {
goto LBL_ERR;
}
/* Create the second HMAC vector vector for step (3) */
for(i=0; i < LTC_HMAC_BLOCKSIZE; i++) {
buf[i] = hmac->key[i] ^ 0x5C;
}
/* Now calculate the "outer" hash for step (5), (6), and (7) */
if ((err = hash_descriptor[hash].init(&hmac->md)) != CRYPT_OK) {
goto LBL_ERR;
}
if ((err = hash_descriptor[hash].process(&hmac->md, buf, LTC_HMAC_BLOCKSIZE)) != CRYPT_OK) {
goto LBL_ERR;
}
if ((err = hash_descriptor[hash].process(&hmac->md, isha, hashsize)) != CRYPT_OK) {
goto LBL_ERR;
}
if ((err = hash_descriptor[hash].done(&hmac->md, buf)) != CRYPT_OK) {
goto LBL_ERR;
}
/* copy to output */
for (i = 0; i < hashsize && i < *outlen; i++) {
out[i] = buf[i];
}
*outlen = i;
err = CRYPT_OK;
LBL_ERR:
XFREE(hmac->key);
#ifdef LTC_CLEAN_STACK
zeromem(isha, hashsize);
zeromem(buf, hashsize);
zeromem(hmac, sizeof(*hmac));
#endif
XFREE(isha);
XFREE(buf);
return err;
}示例3: montgomery_setup
/**
Add two ECC points
@param P The point to add
@param Q The point to add
@param R [out] The destination of the double
@param modulus The modulus of the field the ECC curve is in
@param mp The "b" value from montgomery_setup()
@return CRYPT_OK on success
*/
int ltc_ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R, void *modulus, void *mp)
{
void *t1, *t2, *x, *y, *z;
int err;
LTC_ARGCHK(P != NULL);
LTC_ARGCHK(Q != NULL);
LTC_ARGCHK(R != NULL);
LTC_ARGCHK(modulus != NULL);
LTC_ARGCHK(mp != NULL);
if ((err = mp_init_multi(&t1, &t2, &x, &y, &z, NULL)) != CRYPT_OK) {
return err;
}
/* should we dbl instead? */
if ((err = mp_sub(modulus, Q->y, t1)) != CRYPT_OK) { goto done; }
if ( (mp_cmp(P->x, Q->x) == LTC_MP_EQ) &&
(Q->z != NULL && mp_cmp(P->z, Q->z) == LTC_MP_EQ) &&
(mp_cmp(P->y, Q->y) == LTC_MP_EQ || mp_cmp(P->y, t1) == LTC_MP_EQ)) {
mp_clear_multi(t1, t2, x, y, z, NULL);
return ltc_ecc_projective_dbl_point(P, R, modulus, mp);
}
if ((err = mp_copy(P->x, x)) != CRYPT_OK) { goto done; }
if ((err = mp_copy(P->y, y)) != CRYPT_OK) { goto done; }
if ((err = mp_copy(P->z, z)) != CRYPT_OK) { goto done; }
/* if Z is one then these are no-operations */
if (Q->z != NULL) {
/* T1 = Z' * Z' */
if ((err = mp_sqr(Q->z, t1)) != CRYPT_OK) { goto done; }
if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; }
/* X = X * T1 */
if ((err = mp_mul(t1, x, x)) != CRYPT_OK) { goto done; }
if ((err = mp_montgomery_reduce(x, modulus, mp)) != CRYPT_OK) { goto done; }
/* T1 = Z' * T1 */
if ((err = mp_mul(Q->z, t1, t1)) != CRYPT_OK) { goto done; }
if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; }
/* Y = Y * T1 */
if ((err = mp_mul(t1, y, y)) != CRYPT_OK) { goto done; }
if ((err = mp_montgomery_reduce(y, modulus, mp)) != CRYPT_OK) { goto done; }
}
/* T1 = Z*Z */
if ((err = mp_sqr(z, t1)) != CRYPT_OK) { goto done; }
if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; }
/* T2 = X' * T1 */
if ((err = mp_mul(Q->x, t1, t2)) != CRYPT_OK) { goto done; }
if ((err = mp_montgomery_reduce(t2, modulus, mp)) != CRYPT_OK) { goto done; }
/* T1 = Z * T1 */
if ((err = mp_mul(z, t1, t1)) != CRYPT_OK) { goto done; }
if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; }
/* T1 = Y' * T1 */
if ((err = mp_mul(Q->y, t1, t1)) != CRYPT_OK) { goto done; }
if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; }
/* Y = Y - T1 */
if ((err = mp_sub(y, t1, y)) != CRYPT_OK) { goto done; }
if (mp_cmp_d(y, 0) == LTC_MP_LT) {
if ((err = mp_add(y, modulus, y)) != CRYPT_OK) { goto done; }
}
/* T1 = 2T1 */
if ((err = mp_add(t1, t1, t1)) != CRYPT_OK) { goto done; }
if (mp_cmp(t1, modulus) != LTC_MP_LT) {
if ((err = mp_sub(t1, modulus, t1)) != CRYPT_OK) { goto done; }
}
/* T1 = Y + T1 */
if ((err = mp_add(t1, y, t1)) != CRYPT_OK) { goto done; }
if (mp_cmp(t1, modulus) != LTC_MP_LT) {
if ((err = mp_sub(t1, modulus, t1)) != CRYPT_OK) { goto done; }
}
/* X = X - T2 */
if ((err = mp_sub(x, t2, x)) != CRYPT_OK) { goto done; }
if (mp_cmp_d(x, 0) == LTC_MP_LT) {
if ((err = mp_add(x, modulus, x)) != CRYPT_OK) { goto done; }
}
/* T2 = 2T2 */
if ((err = mp_add(t2, t2, t2)) != CRYPT_OK) { goto done; }
if (mp_cmp(t2, modulus) != LTC_MP_LT) {
if ((err = mp_sub(t2, modulus, t2)) != CRYPT_OK) { goto done; }
}
/* T2 = X + T2 */
if ((err = mp_add(t2, x, t2)) != CRYPT_OK) { goto done; }
if (mp_cmp(t2, modulus) != LTC_MP_LT) {
if ((err = mp_sub(t2, modulus, t2)) != CRYPT_OK) { goto done; }
}
/* if Z' != 1 */
if (Q->z != NULL) {
//.........这里部分代码省略.........
示例4: length
/**
Process plaintext/ciphertext through GCM
@param gcm The GCM state
@param pt The plaintext
@param ptlen The plaintext length (ciphertext length is the same)
@param ct The ciphertext
@param direction Encrypt or Decrypt mode (GCM_ENCRYPT or GCM_DECRYPT)
@return CRYPT_OK on success
*/
int gcm_process(gcm_state *gcm,
unsigned char *pt, unsigned long ptlen,
unsigned char *ct,
int direction)
{
unsigned long x;
int y, err;
unsigned char b;
LTC_ARGCHK(gcm != NULL);
if (ptlen > 0) {
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
}
if (gcm->buflen > 16 || gcm->buflen < 0) {
return CRYPT_INVALID_ARG;
}
if ((err = cipher_is_valid(gcm->cipher)) != CRYPT_OK) {
return err;
}
/* in AAD mode? */
if (gcm->mode == GCM_MODE_AAD) {
/* let's process the AAD */
if (gcm->buflen) {
gcm->totlen += gcm->buflen * CONST64(8);
gcm_mult_h(gcm, gcm->X);
}
/* increment counter */
for (y = 15; y >= 12; y--) {
if (++gcm->Y[y] & 255) { break; }
}
/* encrypt the counter */
if ((err = cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K)) != CRYPT_OK) {
return err;
}
gcm->buflen = 0;
gcm->mode = GCM_MODE_TEXT;
}
if (gcm->mode != GCM_MODE_TEXT) {
return CRYPT_INVALID_ARG;
}
x = 0;
#ifdef LTC_FAST
if (gcm->buflen == 0) {
if (direction == GCM_ENCRYPT) {
for (x = 0; x < (ptlen & ~15); x += 16) {
/* ctr encrypt */
for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) {
*((LTC_FAST_TYPE*)(&ct[x + y])) = *((LTC_FAST_TYPE*)(&pt[x+y])) ^ *((LTC_FAST_TYPE*)(&gcm->buf[y]));
*((LTC_FAST_TYPE*)(&gcm->X[y])) ^= *((LTC_FAST_TYPE*)(&ct[x+y]));
}
/* GMAC it */
gcm->pttotlen += 128;
gcm_mult_h(gcm, gcm->X);
/* increment counter */
for (y = 15; y >= 12; y--) {
if (++gcm->Y[y] & 255) { break; }
}
if ((err = cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K)) != CRYPT_OK) {
return err;
}
}
} else {
for (x = 0; x < (ptlen & ~15); x += 16) {
/* ctr encrypt */
for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) {
*((LTC_FAST_TYPE*)(&gcm->X[y])) ^= *((LTC_FAST_TYPE*)(&ct[x+y]));
*((LTC_FAST_TYPE*)(&pt[x + y])) = *((LTC_FAST_TYPE*)(&ct[x+y])) ^ *((LTC_FAST_TYPE*)(&gcm->buf[y]));
}
/* GMAC it */
gcm->pttotlen += 128;
gcm_mult_h(gcm, gcm->X);
/* increment counter */
for (y = 15; y >= 12; y--) {
if (++gcm->Y[y] & 255) { break; }
}
if ((err = cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K)) != CRYPT_OK) {
return err;
}
}
}
}
#endif
//.........这里部分代码省略.........
示例5: rc4_done
/**
Terminate the PRNG
@param prng The PRNG to terminate
@return CRYPT_OK if successful
*/
int rc4_done(prng_state *prng)
{
LTC_ARGCHK(prng != NULL);
return CRYPT_OK;
}示例6: ecc_import_ex
/**
Import an ECC key from a binary packet, using user supplied domain params rather than one of the NIST ones
@param in The packet to import
@param inlen The length of the packet
@param key [out] The destination of the import
@param cu pointer to user supplied params; must be the same as the params used when exporting
@return CRYPT_OK if successful, upon error all allocated memory will be freed
*/
int ecc_import_ex(const unsigned char *in, unsigned long inlen, ecc_key *key, const ltc_ecc_curve *cu)
{
unsigned long key_size;
unsigned char flags[1];
int err;
LTC_ARGCHK(in != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(ltc_mp.name != NULL);
/* find out what type of key it is */
err = der_decode_sequence_multi(in, inlen, LTC_ASN1_BIT_STRING, 1UL, flags,
LTC_ASN1_SHORT_INTEGER, 1UL, &key_size,
LTC_ASN1_EOL, 0UL, NULL);
if (err != CRYPT_OK && err != CRYPT_INPUT_TOO_LONG) {
return err;
}
/* allocate & initialize the key */
if (cu == NULL) {
if ((err = ecc_set_curve_by_size(key_size, key)) != CRYPT_OK) { goto done; }
} else {
if ((err = ecc_set_curve(cu, key)) != CRYPT_OK) { goto done; }
}
if (flags[0] == 1) {
/* private key */
key->type = PK_PRIVATE;
if ((err = der_decode_sequence_multi(in, inlen,
LTC_ASN1_BIT_STRING, 1UL, flags,
LTC_ASN1_SHORT_INTEGER, 1UL, &key_size,
LTC_ASN1_INTEGER, 1UL, key->pubkey.x,
LTC_ASN1_INTEGER, 1UL, key->pubkey.y,
LTC_ASN1_INTEGER, 1UL, key->k,
LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
goto done;
}
} else if (flags[0] == 0) {
/* public key */
key->type = PK_PUBLIC;
if ((err = der_decode_sequence_multi(in, inlen,
LTC_ASN1_BIT_STRING, 1UL, flags,
LTC_ASN1_SHORT_INTEGER, 1UL, &key_size,
LTC_ASN1_INTEGER, 1UL, key->pubkey.x,
LTC_ASN1_INTEGER, 1UL, key->pubkey.y,
LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
goto done;
}
}
else {
err = CRYPT_INVALID_PACKET;
goto done;
}
/* set z */
if ((err = mp_set(key->pubkey.z, 1)) != CRYPT_OK) { goto done; }
/* point on the curve + other checks */
if ((err = ltc_ecc_verify_key(key)) != CRYPT_OK) { goto done; }
/* we're good */
return CRYPT_OK;
done:
ecc_free(key);
return err;
}示例7: hkdf_expand
int hkdf_expand(int hash_idx, const unsigned char *info, unsigned long infolen,
const unsigned char *in, unsigned long inlen,
unsigned char *out, unsigned long outlen)
{
unsigned long hashsize;
int err;
unsigned char N;
unsigned long Noutlen, outoff;
unsigned char *T, *dat;
unsigned long Tlen, datlen;
/* make sure hash descriptor is valid */
if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
return err;
}
hashsize = hash_descriptor[hash_idx].hashsize;
/* RFC5869 parameter restrictions */
if (inlen < hashsize || outlen > hashsize * 255)
return CRYPT_INVALID_ARG;
if (info == NULL && infolen != 0)
return CRYPT_INVALID_ARG;
LTC_ARGCHK(out != NULL);
Tlen = hashsize + infolen + 1;
T = XMALLOC(Tlen); /* Replace with static buffer? */
if (T == NULL) {
return CRYPT_MEM;
}
if (info != NULL) {
XMEMCPY(T + hashsize, info, infolen);
}
/* HMAC data T(1) doesn't include a previous hash value */
dat = T + hashsize;
datlen = Tlen - hashsize;
N = 0;
outoff = 0; /* offset in out to write to */
while (1) { /* an exit condition breaks mid-loop */
Noutlen = MIN(hashsize, outlen - outoff);
T[Tlen - 1] = ++N;
if ((err = hmac_memory(hash_idx, in, inlen, dat, datlen,
out + outoff, &Noutlen)) != CRYPT_OK) {
zeromem(T, Tlen);
XFREE(T);
return err;
}
outoff += Noutlen;
if (outoff >= outlen) /* loop exit condition */
break;
/* All subsequent HMAC data T(N) DOES include the previous hash value */
XMEMCPY(T, out + hashsize * (N-1), hashsize);
if (N == 1) {
dat = T;
datlen = Tlen;
}
}
zeromem(T, Tlen);
XFREE(T);
return CRYPT_OK;
}示例8: ecc_make_key_ex
int ecc_make_key_ex(prng_state *prng, int wprng, ecc_key *key, const ltc_ecc_set_type *dp)
{
int err;
ecc_point *base;
void *prime, *order;
unsigned char *buf;
int keysize;
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(ltc_mp.name != NULL);
LTC_ARGCHK(dp != NULL);
/* good prng? */
if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
return err;
}
key->idx = -1;
key->dp = dp;
keysize = dp->size;
/* allocate ram */
base = NULL;
buf = XMALLOC(ECC_MAXSIZE);
if (buf == NULL) {
return CRYPT_MEM;
}
/* make up random string */
if (prng_descriptor[wprng].read(buf, (unsigned long)keysize, prng) != (unsigned long)keysize) {
err = CRYPT_ERROR_READPRNG;
goto ERR_BUF;
}
/* setup the key variables */
if ((err = mp_init_multi(&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k, &prime, &order, NULL)) != CRYPT_OK) {
goto ERR_BUF;
}
base = ltc_ecc_new_point();
if (base == NULL) {
err = CRYPT_MEM;
goto errkey;
}
/* read in the specs for this key */
if ((err = mp_read_radix(prime, (char *)key->dp->prime, 16)) != CRYPT_OK) { goto errkey; }
if ((err = mp_read_radix(order, (char *)key->dp->order, 16)) != CRYPT_OK) { goto errkey; }
if ((err = mp_read_radix(base->x, (char *)key->dp->Gx, 16)) != CRYPT_OK) { goto errkey; }
if ((err = mp_read_radix(base->y, (char *)key->dp->Gy, 16)) != CRYPT_OK) { goto errkey; }
if ((err = mp_set(base->z, 1)) != CRYPT_OK) { goto errkey; }
if ((err = mp_read_unsigned_bin(key->k, (unsigned char *)buf, keysize)) != CRYPT_OK) { goto errkey; }
/* the key should be smaller than the order of base point */
if (mp_cmp(key->k, order) != LTC_MP_LT) {
if((err = mp_mod(key->k, order, key->k)) != CRYPT_OK) { goto errkey; }
}
/* make the public key */
if ((err = ltc_mp.ecc_ptmul(key->k, base, &key->pubkey, prime, 1)) != CRYPT_OK) { goto errkey; }
key->type = PK_PRIVATE;
/* free up ram */
err = CRYPT_OK;
goto cleanup;
errkey:
mp_clear_multi(key->pubkey.x, key->pubkey.y, key->pubkey.z, key->k, NULL);
cleanup:
ltc_ecc_del_point(base);
mp_clear_multi(prime, order, NULL);
ERR_BUF:
#ifdef LTC_CLEAN_STACK
zeromem(buf, ECC_MAXSIZE);
#endif
XFREE(buf);
return err;
}示例9: der_length_boolean
/**
Gets length of DER encoding of a BOOLEAN
@param outlen [out] The length of the DER encoding
@return CRYPT_OK if successful
*/
int der_length_boolean(unsigned long *outlen)
{
LTC_ARGCHK(outlen != NULL);
*outlen = 3;
return CRYPT_OK;
}示例10: encrypt
/**
Encrypt a symmetric key with DSA
@param in The symmetric key you want to encrypt
@param inlen The length of the key to encrypt (octets)
@param out [out] The destination for the ciphertext
@param outlen [in/out] The max size and resulting size of the ciphertext
@param prng An active PRNG state
@param wprng The index of the PRNG you wish to use
@param hash The index of the hash you want to use
@param key The DSA key you want to encrypt to
@return CRYPT_OK if successful
*/
int dsa_encrypt_key(const unsigned char *in, unsigned long inlen,
unsigned char *out, unsigned long *outlen,
prng_state *prng, int wprng, int hash,
dsa_key *key)
{
unsigned char *expt, *skey;
void *g_pub, *g_priv;
unsigned long x, y;
int err;
LTC_ARGCHK(in != NULL);
LTC_ARGCHK(out != NULL);
LTC_ARGCHK(outlen != NULL);
LTC_ARGCHK(key != NULL);
/* check that wprng/cipher/hash are not invalid */
if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
return err;
}
if ((err = hash_is_valid(hash)) != CRYPT_OK) {
return err;
}
if (inlen > hash_descriptor[hash].hashsize) {
return CRYPT_INVALID_HASH;
}
/* make a random key and export the public copy */
if ((err = mp_init_multi(&g_pub, &g_priv, NULL)) != CRYPT_OK) {
return err;
}
expt = XMALLOC(mp_unsigned_bin_size(key->p) + 1);
skey = XMALLOC(MAXBLOCKSIZE);
if (expt == NULL || skey == NULL) {
if (expt != NULL) {
XFREE(expt);
}
if (skey != NULL) {
XFREE(skey);
}
mp_clear_multi(g_pub, g_priv, NULL);
return CRYPT_MEM;
}
/* make a random x, g^x pair */
x = mp_unsigned_bin_size(key->q);
if (prng_descriptor[wprng].read(expt, x, prng) != x) {
err = CRYPT_ERROR_READPRNG;
goto LBL_ERR;
}
/* load x */
if ((err = mp_read_unsigned_bin(g_priv, expt, x)) != CRYPT_OK) {
goto LBL_ERR;
}
/* compute y */
if ((err = mp_exptmod(key->g, g_priv, key->p, g_pub)) != CRYPT_OK) {
goto LBL_ERR;
}
/* make random key */
x = mp_unsigned_bin_size(key->p) + 1;
if ((err = dsa_shared_secret(g_priv, key->y, key, expt, &x)) != CRYPT_OK) {
goto LBL_ERR;
}
y = MAXBLOCKSIZE;
if ((err = hash_memory(hash, expt, x, skey, &y)) != CRYPT_OK) {
goto LBL_ERR;
}
/* Encrypt key */
for (x = 0; x < inlen; x++) {
skey[x] ^= in[x];
}
err = der_encode_sequence_multi(out, outlen,
LTC_ASN1_OBJECT_IDENTIFIER, hash_descriptor[hash].OIDlen, hash_descriptor[hash].OID,
LTC_ASN1_INTEGER, 1UL, g_pub,
LTC_ASN1_OCTET_STRING, inlen, skey,
LTC_ASN1_EOL, 0UL, NULL);
LBL_ERR:
#ifdef LTC_CLEAN_STACK
/* clean up */
//.........这里部分代码省略.........
示例11: signature
/**
Verify an ECC signature
@param sig The signature to verify
@param siglen The length of the signature (octets)
@param hash The hash (message digest) that was signed
@param hashlen The length of the hash (octets)
@param stat Result of signature, 1==valid, 0==invalid
@param key The corresponding public ECC key
@return CRYPT_OK if successful (even if the signature is not valid)
*/
int ecc_verify_hash(const unsigned char *sig, unsigned long siglen,
const unsigned char *hash, unsigned long hashlen,
int *stat, ecc_key *key)
{
ecc_point *mG, *mQ;
void *r, *s, *v, *w, *u1, *u2, *e, *p, *m;
void *mp;
int err;
LTC_ARGCHK(sig != NULL);
LTC_ARGCHK(hash != NULL);
LTC_ARGCHK(stat != NULL);
LTC_ARGCHK(key != NULL);
/* default to invalid signature */
*stat = 0;
mp = NULL;
/* is the IDX valid ? */
if (ltc_ecc_is_valid_idx(key->idx) != 1) {
return CRYPT_PK_INVALID_TYPE;
}
/* allocate ints */
if ((err = mp_init_multi(&r, &s, &v, &w, &u1, &u2, &p, &e, &m, NULL)) != CRYPT_OK) {
return CRYPT_MEM;
}
/* allocate points */
mG = ltc_ecc_new_point();
mQ = ltc_ecc_new_point();
if (mQ == NULL || mG == NULL) {
err = CRYPT_MEM;
goto error;
}
/* parse header */
if ((err = der_decode_sequence_multi(sig, siglen,
LTC_ASN1_INTEGER, 1UL, r,
LTC_ASN1_INTEGER, 1UL, s,
LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
goto error;
}
/* get the order */
if ((err = mp_read_radix(p, (char *)key->dp->order, 16)) != CRYPT_OK) { goto error; }
/* get the modulus */
if ((err = mp_read_radix(m, (char *)key->dp->prime, 16)) != CRYPT_OK) { goto error; }
/* check for zero */
if (mp_iszero(r) || mp_iszero(s) || mp_cmp(r, p) != LTC_MP_LT || mp_cmp(s, p) != LTC_MP_LT) {
err = CRYPT_INVALID_PACKET;
goto error;
}
/* read hash */
if ((err = mp_read_unsigned_bin(e, (unsigned char *)hash, (int)hashlen)) != CRYPT_OK) { goto error; }
/* w = s^-1 mod n */
if ((err = mp_invmod(s, p, w)) != CRYPT_OK) { goto error; }
/* u1 = ew */
if ((err = mp_mulmod(e, w, p, u1)) != CRYPT_OK) { goto error; }
/* u2 = rw */
if ((err = mp_mulmod(r, w, p, u2)) != CRYPT_OK) { goto error; }
/* find mG and mQ */
if ((err = mp_read_radix(mG->x, (char *)key->dp->Gx, 16)) != CRYPT_OK) { goto error; }
if ((err = mp_read_radix(mG->y, (char *)key->dp->Gy, 16)) != CRYPT_OK) { goto error; }
if ((err = mp_set(mG->z, 1)) != CRYPT_OK) { goto error; }
if ((err = mp_copy(key->pubkey.x, mQ->x)) != CRYPT_OK) { goto error; }
if ((err = mp_copy(key->pubkey.y, mQ->y)) != CRYPT_OK) { goto error; }
if ((err = mp_copy(key->pubkey.z, mQ->z)) != CRYPT_OK) { goto error; }
/* compute u1*mG + u2*mQ = mG */
if (ltc_mp.ecc_mul2add == NULL) {
if ((err = ltc_mp.ecc_ptmul(u1, mG, mG, m, 0)) != CRYPT_OK) { goto error; }
if ((err = ltc_mp.ecc_ptmul(u2, mQ, mQ, m, 0)) != CRYPT_OK) { goto error; }
/* find the montgomery mp */
if ((err = mp_montgomery_setup(m, &mp)) != CRYPT_OK) { goto error; }
/* add them */
if ((err = ltc_mp.ecc_ptadd(mQ, mG, mG, m, mp)) != CRYPT_OK) { goto error; }
/* reduce */
if ((err = ltc_mp.ecc_map(mG, m, mp)) != CRYPT_OK) { goto error; }
//.........这里部分代码省略.........
示例12: der_length_sequence
/**
Get the length of a DER sequence
@param list The sequences of items in the SEQUENCE
@param inlen The number of items
@param outlen [out] The length required in octets to store it
@return CRYPT_OK on success
*/
int der_length_sequence(ltc_asn1_list *list, unsigned long inlen,
unsigned long *outlen)
{
int err, type;
unsigned long size, x, y, z, i;
void *data;
LTC_ARGCHK(list != NULL);
LTC_ARGCHK(outlen != NULL);
/* get size of output that will be required */
y = 0;
for (i = 0; i < inlen; i++) {
type = list[i].type;
size = list[i].size;
data = list[i].data;
if (type == LTC_ASN1_EOL) {
break;
}
switch (type) {
case LTC_ASN1_BOOLEAN:
if ((err = der_length_boolean(&x)) != CRYPT_OK) {
goto LBL_ERR;
}
y += x;
break;
case LTC_ASN1_INTEGER:
if ((err = der_length_integer(data, &x)) != CRYPT_OK) {
goto LBL_ERR;
}
y += x;
break;
case LTC_ASN1_SHORT_INTEGER:
if ((err = der_length_short_integer(*((unsigned long *)data), &x)) != CRYPT_OK) {
goto LBL_ERR;
}
y += x;
break;
case LTC_ASN1_BIT_STRING:
if ((err = der_length_bit_string(size, &x)) != CRYPT_OK) {
goto LBL_ERR;
}
y += x;
break;
case LTC_ASN1_OCTET_STRING:
if ((err = der_length_octet_string(size, &x)) != CRYPT_OK) {
goto LBL_ERR;
}
y += x;
break;
case LTC_ASN1_NULL:
y += 2;
break;
case LTC_ASN1_OBJECT_IDENTIFIER:
if ((err = der_length_object_identifier(data, size, &x)) != CRYPT_OK) {
goto LBL_ERR;
}
y += x;
break;
case LTC_ASN1_IA5_STRING:
if ((err = der_length_ia5_string(data, size, &x)) != CRYPT_OK) {
goto LBL_ERR;
}
y += x;
break;
case LTC_ASN1_PRINTABLE_STRING:
if ((err = der_length_printable_string(data, size, &x)) != CRYPT_OK) {
goto LBL_ERR;
}
y += x;
break;
case LTC_ASN1_UTCTIME:
if ((err = der_length_utctime(data, &x)) != CRYPT_OK) {
goto LBL_ERR;
}
y += x;
break;
case LTC_ASN1_UTF8_STRING:
if ((err = der_length_utf8_string(data, size, &x)) != CRYPT_OK) {
goto LBL_ERR;
}
//.........这里部分代码省略.........
示例13: signature
/**
Sign a hash with DSA
@param in The hash to sign
@param inlen The length of the hash to sign
@param r The "r" integer of the signature (caller must initialize with mp_init() first)
@param s The "s" integer of the signature (caller must initialize with mp_init() first)
@param key A private DSA key
@return CRYPT_OK if successful
*/
int dsa_sign_hash_raw(const unsigned char *in, unsigned long inlen,
mp_int_t r, mp_int_t s, dsa_key * key)
{
mp_int k, kinv, tmp;
unsigned char *buf;
int err;
LTC_ARGCHK(in != NULL);
LTC_ARGCHK(r != NULL);
LTC_ARGCHK(s != NULL);
LTC_ARGCHK(key != NULL);
if (key->type != PK_PRIVATE) {
return CRYPT_PK_NOT_PRIVATE;
}
/* check group order size */
if (key->qord >= LTC_MDSA_MAX_GROUP) {
return CRYPT_INVALID_ARG;
}
buf = XMALLOC(LTC_MDSA_MAX_GROUP);
if (buf == NULL) {
return CRYPT_MEM;
}
/* Init our temps */
if ((err = mp_init_multi(&k, &kinv, &tmp, NULL)) != CRYPT_OK) {
goto ERRBUF;
}
retry:
do {
/* gen random k */
get_random_bytes(buf, key->qord);
/* read k */
if ((err =
mp_read_unsigned_bin(&k, buf, key->qord)) != CRYPT_OK) {
goto error;
}
/* k > 1 ? */
if (mp_cmp_d(&k, 1) != LTC_MP_GT) {
goto retry;
}
/* test gcd */
if ((err = mp_gcd(&k, &key->q, &tmp)) != CRYPT_OK) {
goto error;
}
} while (mp_cmp_d(&tmp, 1) != LTC_MP_EQ);
/* now find 1/k mod q */
if ((err = mp_invmod(&k, &key->q, &kinv)) != CRYPT_OK) {
goto error;
}
/* now find r = g^k mod p mod q */
if ((err = mp_exptmod(&key->g, &k, &key->p, r)) != CRYPT_OK) {
goto error;
}
if ((err = mp_mod(r, &key->q, r)) != CRYPT_OK) {
goto error;
}
if (mp_iszero(r) == LTC_MP_YES) {
goto retry;
}
/* now find s = (in + xr)/k mod q */
if ((err =
mp_read_unsigned_bin(&tmp, (unsigned char *)in,
inlen)) != CRYPT_OK) {
goto error;
}
if ((err = mp_mul(&key->x, r, s)) != CRYPT_OK) {
goto error;
}
if ((err = mp_add(s, &tmp, s)) != CRYPT_OK) {
goto error;
}
if ((err = mp_mulmod(s, &kinv, &key->q, s)) != CRYPT_OK) {
goto error;
}
if (mp_iszero(s) == LTC_MP_YES) {
goto retry;
}
//.........这里部分代码省略.........
示例14: input
/**
Shared code to finish an OCB stream
@param ocb The OCB state
@param pt The remaining plaintext [or input]
@param ptlen The length of the input (octets)
@param ct [out] The output buffer
@param tag [out] The destination for the authentication tag
@param taglen [in/out] The max size and resulting size of the authentication tag
@param mode The mode we are terminating, 0==encrypt, 1==decrypt
@return CRYPT_OK if successful
*/
int s_ocb_done(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen,
unsigned char *ct, unsigned char *tag, unsigned long *taglen, int mode)
{
unsigned char *Z, *Y, *X;
int err, x;
LTC_ARGCHK(ocb != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(tag != NULL);
LTC_ARGCHK(taglen != NULL);
if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) {
return err;
}
if (ocb->block_len != cipher_descriptor[ocb->cipher].block_length ||
(int)ptlen > ocb->block_len || (int)ptlen < 0) {
return CRYPT_INVALID_ARG;
}
/* allocate ram */
Z = XMALLOC(MAXBLOCKSIZE);
Y = XMALLOC(MAXBLOCKSIZE);
X = XMALLOC(MAXBLOCKSIZE);
if (X == NULL || Y == NULL || Z == NULL) {
if (X != NULL) {
XFREE(X);
}
if (Y != NULL) {
XFREE(Y);
}
if (Z != NULL) {
XFREE(Z);
}
return CRYPT_MEM;
}
/* compute X[m] = len(pt[m]) XOR Lr XOR Z[m] */
ocb_shift_xor(ocb, X);
XMEMCPY(Z, X, ocb->block_len);
X[ocb->block_len-1] ^= (ptlen*8)&255;
X[ocb->block_len-2] ^= ((ptlen*8)>>8)&255;
for (x = 0; x < ocb->block_len; x++) {
X[x] ^= ocb->Lr[x];
}
/* Y[m] = E(X[m])) */
cipher_descriptor[ocb->cipher].ecb_encrypt(X, Y, &ocb->key);
if (mode == 1) {
/* decrypt mode, so let's xor it first */
/* xor C[m] into checksum */
for (x = 0; x < (int)ptlen; x++) {
ocb->checksum[x] ^= ct[x];
}
}
/* C[m] = P[m] xor Y[m] */
for (x = 0; x < (int)ptlen; x++) {
ct[x] = pt[x] ^ Y[x];
}
if (mode == 0) {
/* encrypt mode */
/* xor C[m] into checksum */
for (x = 0; x < (int)ptlen; x++) {
ocb->checksum[x] ^= ct[x];
}
}
/* xor Y[m] and Z[m] into checksum */
for (x = 0; x < ocb->block_len; x++) {
ocb->checksum[x] ^= Y[x] ^ Z[x];
}
/* encrypt checksum, er... tag!! */
cipher_descriptor[ocb->cipher].ecb_encrypt(ocb->checksum, X, &ocb->key);
cipher_descriptor[ocb->cipher].done(&ocb->key);
/* now store it */
for (x = 0; x < ocb->block_len && x < (int)*taglen; x++) {
tag[x] = X[x];
}
*taglen = x;
#ifdef LTC_CLEAN_STACK
zeromem(X, MAXBLOCKSIZE);
zeromem(Y, MAXBLOCKSIZE);
//.........这里部分代码省略.........
示例15: input
/**
Compute an RSA modular exponentiation
@param in The input data to send into RSA
@param inlen The length of the input (octets)
@param out [out] The destination
@param outlen [in/out] The max size and resulting size of the output
@param which Which exponent to use, e.g. PK_PRIVATE or PK_PUBLIC
@param key The RSA key to use
@return CRYPT_OK if successful
*/
int rsa_exptmod(const unsigned char *in, unsigned long inlen,
unsigned char *out, unsigned long *outlen, int which,
rsa_key *key)
{
void *tmp, *tmpa, *tmpb;
unsigned long x;
int err;
LTC_ARGCHK(in != NULL);
LTC_ARGCHK(out != NULL);
LTC_ARGCHK(outlen != NULL);
LTC_ARGCHK(key != NULL);
/* is the key of the right type for the operation? */
if (which == PK_PRIVATE && (key->type != PK_PRIVATE)) {
return CRYPT_PK_NOT_PRIVATE;
}
/* must be a private or public operation */
if (which != PK_PRIVATE && which != PK_PUBLIC) {
return CRYPT_PK_INVALID_TYPE;
}
/* init and copy into tmp */
if ((err = mp_init_multi(&tmp, &tmpa, &tmpb, NULL)) != CRYPT_OK) { return err; }
if ((err = mp_read_unsigned_bin(tmp, (unsigned char *)in, (int)inlen)) != CRYPT_OK) { goto error; }
/* sanity check on the input */
if (mp_cmp(key->N, tmp) == LTC_MP_LT) {
err = CRYPT_PK_INVALID_SIZE;
goto error;
}
/* are we using the private exponent and is the key optimized? */
if (which == PK_PRIVATE) {
/* tmpa = tmp^dP mod p */
if ((err = mp_exptmod(tmp, key->dP, key->p, tmpa)) != CRYPT_OK) { goto error; }
/* tmpb = tmp^dQ mod q */
if ((err = mp_exptmod(tmp, key->dQ, key->q, tmpb)) != CRYPT_OK) { goto error; }
/* tmp = (tmpa - tmpb) * qInv (mod p) */
if ((err = mp_sub(tmpa, tmpb, tmp)) != CRYPT_OK) { goto error; }
if ((err = mp_mulmod(tmp, key->qP, key->p, tmp)) != CRYPT_OK) { goto error; }
/* tmp = tmpb + q * tmp */
if ((err = mp_mul(tmp, key->q, tmp)) != CRYPT_OK) { goto error; }
if ((err = mp_add(tmp, tmpb, tmp)) != CRYPT_OK) { goto error; }
} else {
/* exptmod it */
if ((err = mp_exptmod(tmp, key->e, key->N, tmp)) != CRYPT_OK) { goto error; }
}
/* read it back */
x = (unsigned long)mp_unsigned_bin_size(key->N);
if (x > *outlen) {
*outlen = x;
err = CRYPT_BUFFER_OVERFLOW;
goto error;
}
/* this should never happen ... */
if (mp_unsigned_bin_size(tmp) > mp_unsigned_bin_size(key->N)) {
err = CRYPT_ERROR;
goto error;
}
*outlen = x;
/* convert it */
zeromem(out, x);
if ((err = mp_to_unsigned_bin(tmp, out+(x-mp_unsigned_bin_size(tmp)))) != CRYPT_OK) { goto error; }
/* clean up and return */
err = CRYPT_OK;
error:
mp_clear_multi(tmp, tmpa, tmpb, NULL);
return err;
}