本文整理汇总了C++中MP_DIGITS函数的典型用法代码示例。如果您正苦于以下问题:C++ MP_DIGITS函数的具体用法?C++ MP_DIGITS怎么用?C++ MP_DIGITS使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了MP_DIGITS函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: gf2m_Madd
/* Compute the x-coordinate x1/z1 for the point (x1/z1)+(x2/x2) in
* Montgomery projective coordinates. Uses algorithm Madd in appendix of
* Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over
* GF(2^m) without precomputation". */
static mp_err
gf2m_Madd(const mp_int *x, mp_int *x1, mp_int *z1, mp_int *x2, mp_int *z2,
const ECGroup *group, int kmflag)
{
mp_err res = MP_OKAY;
mp_int t1, t2;
MP_DIGITS(&t1) = 0;
MP_DIGITS(&t2) = 0;
MP_CHECKOK(mp_init(&t1, kmflag));
MP_CHECKOK(mp_init(&t2, kmflag));
MP_CHECKOK(mp_copy(x, &t1));
MP_CHECKOK(group->meth->field_mul(x1, z2, x1, group->meth));
MP_CHECKOK(group->meth->field_mul(z1, x2, z1, group->meth));
MP_CHECKOK(group->meth->field_mul(x1, z1, &t2, group->meth));
MP_CHECKOK(group->meth->field_add(z1, x1, z1, group->meth));
MP_CHECKOK(group->meth->field_sqr(z1, z1, group->meth));
MP_CHECKOK(group->meth->field_mul(z1, &t1, x1, group->meth));
MP_CHECKOK(group->meth->field_add(x1, &t2, x1, group->meth));
CLEANUP:
mp_clear(&t1);
mp_clear(&t2);
return res;
}示例2: rsa_PrivateKeyOpCRTCheckedPubKey
/*
** An attack against RSA CRT was described by Boneh, DeMillo, and Lipton in:
** "On the Importance of Eliminating Errors in Cryptographic Computations",
** http://theory.stanford.edu/~dabo/papers/faults.ps.gz
**
** As a defense against the attack, carry out the private key operation,
** followed up with a public key operation to invert the result.
** Verify that result against the input.
*/
static SECStatus
rsa_PrivateKeyOpCRTCheckedPubKey(RSAPrivateKey *key, mp_int *m, mp_int *c)
{
mp_int n, e, v;
mp_err err = MP_OKAY;
SECStatus rv = SECSuccess;
MP_DIGITS(&n) = 0;
MP_DIGITS(&e) = 0;
MP_DIGITS(&v) = 0;
CHECK_MPI_OK( mp_init(&n) );
CHECK_MPI_OK( mp_init(&e) );
CHECK_MPI_OK( mp_init(&v) );
CHECK_SEC_OK( rsa_PrivateKeyOpCRTNoCheck(key, m, c) );
SECITEM_TO_MPINT(key->modulus, &n);
SECITEM_TO_MPINT(key->publicExponent, &e);
/* Perform a public key operation v = m ** e mod n */
CHECK_MPI_OK( mp_exptmod(m, &e, &n, &v) );
if (mp_cmp(&v, c) != 0) {
rv = SECFailure;
}
cleanup:
mp_clear(&n);
mp_clear(&e);
mp_clear(&v);
if (err) {
MP_TO_SEC_ERROR(err);
rv = SECFailure;
}
return rv;
}示例3: init_blinding_params
static SECStatus
init_blinding_params(RSABlindingParams *rsabp, RSAPrivateKey *key,
mp_int *n, unsigned int modLen)
{
blindingParams * bp = rsabp->array;
int i = 0;
/* Initialize the list pointer for the element */
PR_INIT_CLIST(&rsabp->link);
for (i = 0; i < RSA_BLINDING_PARAMS_MAX_CACHE_SIZE; ++i, ++bp) {
bp->next = bp + 1;
MP_DIGITS(&bp->f) = 0;
MP_DIGITS(&bp->g) = 0;
bp->counter = 0;
}
/* The last bp->next value was initialized with out
* of rsabp->array pointer and must be set to NULL
*/
rsabp->array[RSA_BLINDING_PARAMS_MAX_CACHE_SIZE - 1].next = NULL;
bp = rsabp->array;
rsabp->bp = NULL;
rsabp->free = bp;
/* List elements are keyed using the modulus */
SECITEM_CopyItem(NULL, &rsabp->modulus, &key->modulus);
return SECSuccess;
}示例4: ECGroup_new
/* Allocate memory for a new ECGroup object. */
ECGroup *
ECGroup_new()
{
mp_err res = MP_OKAY;
ECGroup *group;
group = (ECGroup *) malloc(sizeof(ECGroup));
if (group == NULL)
return NULL;
group->constructed = MP_YES;
group->meth = NULL;
group->text = NULL;
MP_DIGITS(&group->curvea) = 0;
MP_DIGITS(&group->curveb) = 0;
MP_DIGITS(&group->genx) = 0;
MP_DIGITS(&group->geny) = 0;
MP_DIGITS(&group->order) = 0;
group->base_point_mul = NULL;
group->points_mul = NULL;
group->validate_point = NULL;
group->extra1 = NULL;
group->extra2 = NULL;
group->extra_free = NULL;
MP_CHECKOK(mp_init(&group->curvea));
MP_CHECKOK(mp_init(&group->curveb));
MP_CHECKOK(mp_init(&group->genx));
MP_CHECKOK(mp_init(&group->geny));
MP_CHECKOK(mp_init(&group->order));
CLEANUP:
if (res != MP_OKAY) {
ECGroup_free(group);
return NULL;
}
return group;
}示例5: testPreCompute
/* Tests pre computation of Chudnovsky Jacobian points used in wNAF form */
mp_err
testPreCompute(ECGroup *ecgroup)
{
ecfp_chud_pt precomp[16];
ecfp_aff_pt p;
EC_group_fp *group = (EC_group_fp *) ecgroup->extra1;
int i;
mp_err res;
mp_int x, y, ny, x2, y2;
MP_DIGITS(&x) = 0;
MP_DIGITS(&y) = 0;
MP_DIGITS(&ny) = 0;
MP_DIGITS(&x2) = 0;
MP_DIGITS(&y2) = 0;
MP_CHECKOK(mp_init(&x));
MP_CHECKOK(mp_init(&y));
MP_CHECKOK(mp_init(&ny));
MP_CHECKOK(mp_init(&x2));
MP_CHECKOK(mp_init(&y2));
ecfp_i2fp(p.x, &ecgroup->genx, ecgroup);
ecfp_i2fp(p.y, &ecgroup->geny, ecgroup);
ecfp_i2fp(group->curvea, &(ecgroup->curvea), ecgroup);
/* Perform precomputation */
group->precompute_chud(precomp, &p, group);
M_TimeOperation(group->precompute_chud(precomp, &p, group), 10000);
/* Calculate addition to compare against */
MP_CHECKOK(mp_copy(&ecgroup->genx, &x));
MP_CHECKOK(mp_copy(&ecgroup->geny, &y));
MP_CHECKOK(ecgroup->meth->field_neg(&y, &ny, ecgroup->meth));
ec_GFp_pt_dbl_aff(&x, &y, &x2, &y2, ecgroup);
for (i = 0; i < 8; i++) {
MP_CHECKOK(testChudPoint(&precomp[8 + i], &x, &y, ecgroup));
MP_CHECKOK(testChudPoint(&precomp[7 - i], &x, &ny, ecgroup));
ec_GFp_pt_add_aff(&x, &y, &x2, &y2, &x, &y, ecgroup);
MP_CHECKOK(ecgroup->meth->field_neg(&y, &ny, ecgroup->meth));
}
CLEANUP:
if (res == MP_OKAY)
printf(" Test Passed - Precomputation\n");
else
printf("TEST FAILED - Precomputation\n");
mp_clear(&x);
mp_clear(&y);
mp_clear(&ny);
mp_clear(&x2);
mp_clear(&y2);
return res;
}示例6: rsa_PrivateKeyOpCRTNoCheck
/*
** RSA Private key operation using CRT.
*/
static SECStatus
rsa_PrivateKeyOpCRTNoCheck(RSAPrivateKey *key, mp_int *m, mp_int *c)
{
mp_int p, q, d_p, d_q, qInv;
mp_int m1, m2, h, ctmp;
mp_err err = MP_OKAY;
SECStatus rv = SECSuccess;
MP_DIGITS(&p) = 0;
MP_DIGITS(&q) = 0;
MP_DIGITS(&d_p) = 0;
MP_DIGITS(&d_q) = 0;
MP_DIGITS(&qInv) = 0;
MP_DIGITS(&m1) = 0;
MP_DIGITS(&m2) = 0;
MP_DIGITS(&h) = 0;
MP_DIGITS(&ctmp) = 0;
CHECK_MPI_OK( mp_init(&p) );
CHECK_MPI_OK( mp_init(&q) );
CHECK_MPI_OK( mp_init(&d_p) );
CHECK_MPI_OK( mp_init(&d_q) );
CHECK_MPI_OK( mp_init(&qInv) );
CHECK_MPI_OK( mp_init(&m1) );
CHECK_MPI_OK( mp_init(&m2) );
CHECK_MPI_OK( mp_init(&h) );
CHECK_MPI_OK( mp_init(&ctmp) );
/* copy private key parameters into mp integers */
SECITEM_TO_MPINT(key->prime1, &p); /* p */
SECITEM_TO_MPINT(key->prime2, &q); /* q */
SECITEM_TO_MPINT(key->exponent1, &d_p); /* d_p = d mod (p-1) */
SECITEM_TO_MPINT(key->exponent2, &d_q); /* d_q = d mod (q-1) */
SECITEM_TO_MPINT(key->coefficient, &qInv); /* qInv = q**-1 mod p */
/* 1. m1 = c**d_p mod p */
CHECK_MPI_OK( mp_mod(c, &p, &ctmp) );
CHECK_MPI_OK( mp_exptmod(&ctmp, &d_p, &p, &m1) );
/* 2. m2 = c**d_q mod q */
CHECK_MPI_OK( mp_mod(c, &q, &ctmp) );
CHECK_MPI_OK( mp_exptmod(&ctmp, &d_q, &q, &m2) );
/* 3. h = (m1 - m2) * qInv mod p */
CHECK_MPI_OK( mp_submod(&m1, &m2, &p, &h) );
CHECK_MPI_OK( mp_mulmod(&h, &qInv, &p, &h) );
/* 4. m = m2 + h * q */
CHECK_MPI_OK( mp_mul(&h, &q, m) );
CHECK_MPI_OK( mp_add(m, &m2, m) );
cleanup:
mp_clear(&p);
mp_clear(&q);
mp_clear(&d_p);
mp_clear(&d_q);
mp_clear(&qInv);
mp_clear(&m1);
mp_clear(&m2);
mp_clear(&h);
mp_clear(&ctmp);
if (err) {
MP_TO_SEC_ERROR(err);
rv = SECFailure;
}
return rv;
}示例7: testPointAddJacAff
/* Tests point addition of Jacobian + Affine -> Jacobian */
mp_err
testPointAddJacAff(ECGroup *ecgroup)
{
mp_err res;
mp_int pz, rx2, ry2, rz2;
ecfp_jac_pt p, r;
ecfp_aff_pt q;
EC_group_fp *group = (EC_group_fp *) ecgroup->extra1;
/* Init */
MP_DIGITS(&pz) = 0;
MP_DIGITS(&rx2) = 0;
MP_DIGITS(&ry2) = 0;
MP_DIGITS(&rz2) = 0;
MP_CHECKOK(mp_init(&pz));
MP_CHECKOK(mp_init(&rx2));
MP_CHECKOK(mp_init(&ry2));
MP_CHECKOK(mp_init(&rz2));
MP_CHECKOK(mp_set_int(&pz, 5));
/* Set p */
ecfp_i2fp(p.x, &ecgroup->genx, ecgroup);
ecfp_i2fp(p.y, &ecgroup->geny, ecgroup);
ecfp_i2fp(p.z, &pz, ecgroup);
/* Set q */
ecfp_i2fp(q.x, &ecgroup->geny, ecgroup);
ecfp_i2fp(q.y, &ecgroup->genx, ecgroup);
/* Do calculations */
group->pt_add_jac_aff(&p, &q, &r, group);
/* Do calculation in integer to compare against */
MP_CHECKOK(ec_GFp_pt_add_jac_aff
(&ecgroup->genx, &ecgroup->geny, &pz, &ecgroup->geny,
&ecgroup->genx, &rx2, &ry2, &rz2, ecgroup));
/* convert result R to affine coordinates */
ec_GFp_pt_jac2aff(&rx2, &ry2, &rz2, &rx2, &ry2, ecgroup);
MP_CHECKOK(testJacPoint(&r, &rx2, &ry2, ecgroup));
CLEANUP:
if (res == MP_OKAY)
printf(" Test Passed - Point Addition - Jacobian & Affine\n");
else
printf("TEST FAILED - Point Addition - Jacobian & Affine\n");
mp_clear(&pz);
mp_clear(&rx2);
mp_clear(&ry2);
mp_clear(&rz2);
return res;
}示例8: ec_GenerateRandomPrivateKey
/* Generate a random private key using the algorithm A.4.1 of ANSI X9.62,
* modified a la FIPS 186-2 Change Notice 1 to eliminate the bias in the
* random number generator.
*
* Parameters
* - order: a buffer that holds the curve's group order
* - len: the length in octets of the order buffer
* - random: a buffer of 2 * len random bytes
* - randomlen: the length in octets of the random buffer
*
* Return Value
* Returns a buffer of len octets that holds the private key. The caller
* is responsible for freeing the buffer with PORT_ZFree.
*/
static unsigned char *
ec_GenerateRandomPrivateKey(const unsigned char *order, int len,
const unsigned char *random, int randomlen, int kmflag)
{
SECStatus rv = SECSuccess;
mp_err err;
unsigned char *privKeyBytes = NULL;
mp_int privKeyVal, order_1, one;
MP_DIGITS(&privKeyVal) = 0;
MP_DIGITS(&order_1) = 0;
MP_DIGITS(&one) = 0;
CHECK_MPI_OK( mp_init(&privKeyVal, kmflag) );
CHECK_MPI_OK( mp_init(&order_1, kmflag) );
CHECK_MPI_OK( mp_init(&one, kmflag) );
/*
* Reduces the 2*len buffer of random bytes modulo the group order.
*/
if ((privKeyBytes = PORT_Alloc(2*len, kmflag)) == NULL) goto cleanup;
if (randomlen != 2 * len) {
randomlen = 2 * len;
}
/* No need to generate - random bytes are now supplied */
/* CHECK_SEC_OK( RNG_GenerateGlobalRandomBytes(privKeyBytes, 2*len) );*/
memcpy(privKeyBytes, random, randomlen);
CHECK_MPI_OK( mp_read_unsigned_octets(&privKeyVal, privKeyBytes, 2*len) );
CHECK_MPI_OK( mp_read_unsigned_octets(&order_1, order, len) );
CHECK_MPI_OK( mp_set_int(&one, 1) );
CHECK_MPI_OK( mp_sub(&order_1, &one, &order_1) );
CHECK_MPI_OK( mp_mod(&privKeyVal, &order_1, &privKeyVal) );
CHECK_MPI_OK( mp_add(&privKeyVal, &one, &privKeyVal) );
CHECK_MPI_OK( mp_to_fixlen_octets(&privKeyVal, privKeyBytes, len) );
memset(privKeyBytes+len, 0, len);
cleanup:
mp_clear(&privKeyVal);
mp_clear(&order_1);
mp_clear(&one);
if (err < MP_OKAY) {
MP_TO_SEC_ERROR(err);
rv = SECFailure;
}
if (rv != SECSuccess && privKeyBytes) {
#ifdef _KERNEL
kmem_free(privKeyBytes, 2*len);
#else
free(privKeyBytes);
#endif
privKeyBytes = NULL;
}
return privKeyBytes;
}示例9: testPointMulTime
/* Tests the time required for a point multiplication */
mp_err
testPointMulTime(ECGroup *ecgroup)
{
mp_err res = MP_OKAY;
mp_int rx, ry, n;
int size;
MP_DIGITS(&rx) = 0;
MP_DIGITS(&ry) = 0;
MP_DIGITS(&n) = 0;
MP_CHECKOK(mp_init(&rx));
MP_CHECKOK(mp_init(&ry));
MP_CHECKOK(mp_init(&n));
/* compute random scalar */
size = mpl_significant_bits(&ecgroup->meth->irr);
if (size < MP_OKAY) {
res = MP_NO;
goto CLEANUP;
}
MP_CHECKOK(mpp_random_size(&n, (size + ECL_BITS - 1) / ECL_BITS));
MP_CHECKOK(ecgroup->meth->field_mod(&n, &n, ecgroup->meth));
M_TimeOperation(ec_GFp_pt_mul_jac_fp
(&n, &ecgroup->genx, &ecgroup->geny, &rx, &ry,
ecgroup), 1000);
M_TimeOperation(ec_GFp_point_mul_jac_4w_fp
(&n, &ecgroup->genx, &ecgroup->geny, &rx, &ry,
ecgroup), 1000);
M_TimeOperation(ec_GFp_point_mul_wNAF_fp
(&n, &ecgroup->genx, &ecgroup->geny, &rx, &ry,
ecgroup), 1000);
M_TimeOperation(ec_GFp_pt_mul_jac
(&n, &ecgroup->genx, &ecgroup->geny, &rx, &ry,
ecgroup), 100);
CLEANUP:
if (res == MP_OKAY)
printf(" Test Passed - Point Multiplication Timing\n");
else
printf("TEST FAILED - Point Multiplication Timing\n");
mp_clear(&rx);
mp_clear(&ry);
mp_clear(&n);
return res;
}示例10: ec_GFp_mul_mont
/* Field multiplication using Montgomery reduction. */
mp_err
ec_GFp_mul_mont(const mp_int *a, const mp_int *b, mp_int *r,
const GFMethod *meth)
{
mp_err res = MP_OKAY;
#ifdef MP_MONT_USE_MP_MUL
/* if MP_MONT_USE_MP_MUL is defined, then the function s_mp_mul_mont
* is not implemented and we have to use mp_mul and s_mp_redc directly
*/
MP_CHECKOK(mp_mul(a, b, r));
MP_CHECKOK(s_mp_redc(r, (mp_mont_modulus *) meth->extra1));
#else
mp_int s;
MP_DIGITS(&s) = 0;
/* s_mp_mul_mont doesn't allow source and destination to be the same */
if ((a == r) || (b == r)) {
MP_CHECKOK(mp_init(&s));
MP_CHECKOK(s_mp_mul_mont
(a, b, &s, (mp_mont_modulus *) meth->extra1));
MP_CHECKOK(mp_copy(&s, r));
mp_clear(&s);
} else {
return s_mp_mul_mont(a, b, r, (mp_mont_modulus *) meth->extra1);
}
#endif
CLEANUP:
return res;
}示例11: weave_to_mpi
/* Reverse the operation above for one mp_int.
* Reconstruct one mp_int from its column in the weaved array.
* Every read accesses every element of the weaved array, in order to
* avoid timing attacks based on patterns of memory accesses.
*/
mp_err weave_to_mpi(mp_int *a, /* out, result */
const mp_digit *weaved, /* in, byte matrix */
mp_size index, /* which column to read */
mp_size nDigits, /* number of mp_digits in each bignum */
mp_size nBignums) /* width of the matrix */
{
/* these are indices, but need to be the same size as mp_digit
* because of the CONST_TIME operations */
mp_digit i, j;
mp_digit d;
mp_digit *pDest = MP_DIGITS(a);
MP_SIGN(a) = MP_ZPOS;
MP_USED(a) = nDigits;
assert(weaved != NULL);
/* Fetch the proper column in constant time, indexing over the whole array */
for (i = 0; i < nDigits; ++i) {
d = 0;
for (j = 0; j < nBignums; ++j) {
d |= weaved[i * nBignums + j] & CONST_TIME_EQ(j, index);
}
pDest[i] = d;
}
s_mp_clamp(a);
return MP_OKAY;
}示例12: ec_GenerateRandomPrivateKey
/* Generate a random private key using the algorithm A.4.1 of ANSI X9.62,
* modified a la FIPS 186-2 Change Notice 1 to eliminate the bias in the
* random number generator.
*
* Parameters
* - order: a buffer that holds the curve's group order
* - len: the length in octets of the order buffer
*
* Return Value
* Returns a buffer of len octets that holds the private key. The caller
* is responsible for freeing the buffer with PORT_ZFree.
*/
static unsigned char *
ec_GenerateRandomPrivateKey(const unsigned char *order, int len, int kmflag)
{
SECStatus rv = SECSuccess;
mp_err err;
unsigned char *privKeyBytes = NULL;
mp_int privKeyVal, order_1, one;
MP_DIGITS(&privKeyVal) = 0;
MP_DIGITS(&order_1) = 0;
MP_DIGITS(&one) = 0;
CHECK_MPI_OK( mp_init(&privKeyVal) );
CHECK_MPI_OK( mp_init(&order_1) );
CHECK_MPI_OK( mp_init(&one) );
/* Generates 2*len random bytes using the global random bit generator
* (which implements Algorithm 1 of FIPS 186-2 Change Notice 1) then
* reduces modulo the group order.
*/
if ((privKeyBytes = PORT_Alloc(2*len, kmflag)) == NULL) goto cleanup;
CHECK_SEC_OK( RNG_GenerateGlobalRandomBytes(privKeyBytes, 2*len) );
CHECK_MPI_OK( mp_read_unsigned_octets(&privKeyVal, privKeyBytes, 2*len) );
CHECK_MPI_OK( mp_read_unsigned_octets(&order_1, order, len) );
CHECK_MPI_OK( mp_set_int(&one, 1) );
CHECK_MPI_OK( mp_sub(&order_1, &one, &order_1) );
CHECK_MPI_OK( mp_mod(&privKeyVal, &order_1, &privKeyVal) );
CHECK_MPI_OK( mp_add(&privKeyVal, &one, &privKeyVal) );
CHECK_MPI_OK( mp_to_fixlen_octets(&privKeyVal, privKeyBytes, len) );
memset(privKeyBytes+len, 0, len);
cleanup:
mp_clear(&privKeyVal);
mp_clear(&order_1);
mp_clear(&one);
if (err < MP_OKAY) {
MP_TO_SEC_ERROR(err);
rv = SECFailure;
}
if (rv != SECSuccess && privKeyBytes) {
#ifdef _KERNEL
kmem_free(privKeyBytes, 2*len);
#else
free(privKeyBytes);
#endif
privKeyBytes = NULL;
}
return privKeyBytes;
}示例13: testPointDoubleJac
/* Test point doubling in Jacobian coordinates */
mp_err
testPointDoubleJac(ECGroup *ecgroup)
{
mp_err res;
mp_int pz, rx, ry, rz, rx2, ry2, rz2;
ecfp_jac_pt p, p2;
EC_group_fp *group = (EC_group_fp *) ecgroup->extra1;
MP_DIGITS(&pz) = 0;
MP_DIGITS(&rx) = 0;
MP_DIGITS(&ry) = 0;
MP_DIGITS(&rz) = 0;
MP_DIGITS(&rx2) = 0;
MP_DIGITS(&ry2) = 0;
MP_DIGITS(&rz2) = 0;
MP_CHECKOK(mp_init(&pz));
MP_CHECKOK(mp_init(&rx));
MP_CHECKOK(mp_init(&ry));
MP_CHECKOK(mp_init(&rz));
MP_CHECKOK(mp_init(&rx2));
MP_CHECKOK(mp_init(&ry2));
MP_CHECKOK(mp_init(&rz2));
MP_CHECKOK(mp_set_int(&pz, 5));
/* Set p2 = 2P */
ecfp_i2fp(p.x, &ecgroup->genx, ecgroup);
ecfp_i2fp(p.y, &ecgroup->geny, ecgroup);
ecfp_i2fp(p.z, &pz, ecgroup);
ecfp_i2fp(group->curvea, &ecgroup->curvea, ecgroup);
group->pt_dbl_jac(&p, &p2, group);
M_TimeOperation(group->pt_dbl_jac(&p, &p2, group), 100000);
/* Calculate doubling to compare against */
ec_GFp_pt_dbl_jac(&ecgroup->genx, &ecgroup->geny, &pz, &rx2, &ry2,
&rz2, ecgroup);
ec_GFp_pt_jac2aff(&rx2, &ry2, &rz2, &rx2, &ry2, ecgroup);
/* Do comparison */
MP_CHECKOK(testJacPoint(&p2, &rx2, &ry2, ecgroup));
CLEANUP:
if (res == MP_OKAY)
printf(" Test Passed - Point Doubling - Jacobian\n");
else
printf("TEST FAILED - Point Doubling - Jacobian\n");
mp_clear(&pz);
mp_clear(&rx);
mp_clear(&ry);
mp_clear(&rz);
mp_clear(&rx2);
mp_clear(&ry2);
mp_clear(&rz2);
return res;
}示例14: testJacPoint
/* Tests a point p in Jacobian coordinates, comparing against the
* expected affine result (x, y). */
mp_err
testJacPoint(ecfp_jac_pt * p, mp_int *x, mp_int *y, ECGroup *ecgroup)
{
char s[1000];
mp_int rx, ry, rz;
mp_err res = MP_OKAY;
MP_DIGITS(&rx) = 0;
MP_DIGITS(&ry) = 0;
MP_DIGITS(&rz) = 0;
MP_CHECKOK(mp_init(&rx));
MP_CHECKOK(mp_init(&ry));
MP_CHECKOK(mp_init(&rz));
ecfp_fp2i(&rx, p->x, ecgroup);
ecfp_fp2i(&ry, p->y, ecgroup);
ecfp_fp2i(&rz, p->z, ecgroup);
/* convert result R to affine coordinates */
ec_GFp_pt_jac2aff(&rx, &ry, &rz, &rx, &ry, ecgroup);
/* Compare to expected result */
if ((mp_cmp(&rx, x) != 0) || (mp_cmp(&ry, y) != 0)) {
printf(" Error: Jacobian Floating Point Incorrect.\n");
MP_CHECKOK(mp_toradix(&rx, s, 16));
printf("floating point result\nrx %s\n", s);
MP_CHECKOK(mp_toradix(&ry, s, 16));
printf("ry %s\n", s);
MP_CHECKOK(mp_toradix(x, s, 16));
printf("integer result\nx %s\n", s);
MP_CHECKOK(mp_toradix(y, s, 16));
printf("y %s\n", s);
res = MP_NO;
goto CLEANUP;
}
CLEANUP:
mp_clear(&rx);
mp_clear(&ry);
mp_clear(&rz);
return res;
}示例15: generate_blinding_params
static SECStatus
generate_blinding_params(struct RSABlindingParamsStr *rsabp,
RSAPrivateKey *key, mp_int *n, unsigned int modLen)
{
SECStatus rv = SECSuccess;
mp_int e, k;
mp_err err = MP_OKAY;
unsigned char *kb = NULL;
MP_DIGITS(&e) = 0;
MP_DIGITS(&k) = 0;
CHECK_MPI_OK( mp_init(&e) );
CHECK_MPI_OK( mp_init(&k) );
SECITEM_TO_MPINT(key->publicExponent, &e);
/* generate random k < n */
kb = PORT_Alloc(modLen);
if (!kb) {
PORT_SetError(SEC_ERROR_NO_MEMORY);
goto cleanup;
}
CHECK_SEC_OK( RNG_GenerateGlobalRandomBytes(kb, modLen) );
CHECK_MPI_OK( mp_read_unsigned_octets(&k, kb, modLen) );
/* k < n */
CHECK_MPI_OK( mp_mod(&k, n, &k) );
/* f = k**e mod n */
CHECK_MPI_OK( mp_exptmod(&k, &e, n, &rsabp->f) );
/* g = k**-1 mod n */
CHECK_MPI_OK( mp_invmod(&k, n, &rsabp->g) );
/* Initialize the counter for this (f, g) */
rsabp->counter = RSA_BLINDING_PARAMS_MAX_REUSE;
cleanup:
if (kb)
PORT_ZFree(kb, modLen);
mp_clear(&k);
mp_clear(&e);
if (err) {
MP_TO_SEC_ERROR(err);
rv = SECFailure;
}
return rv;
}