本文整理汇总了C++中RSA_new函数的典型用法代码示例。如果您正苦于以下问题:C++ RSA_new函数的具体用法?C++ RSA_new怎么用?C++ RSA_new使用的例子?那么, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了RSA_new函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: set_private_key
static int
set_private_key(hx509_context context, hx509_cert cert, SecKeyRef pkey)
{
const SubjectPublicKeyInfo *spi;
const Certificate *c;
struct kc_rsa *kc;
RSAPublicKey pk;
hx509_private_key key;
size_t size;
RSA *rsa;
int ret;
ret = hx509_private_key_init(&key, NULL, NULL);
if (ret)
return ret;
kc = calloc(1, sizeof(*kc));
if (kc == NULL)
_hx509_abort("out of memory");
CFRetain(pkey);
kc->pkey = pkey;
rsa = RSA_new();
if (rsa == NULL)
_hx509_abort("out of memory");
RSA_set_method(rsa, &kc_rsa_pkcs1_method);
ret = RSA_set_app_data(rsa, kc);
if (ret != 1)
_hx509_abort("RSA_set_app_data");
/*
* Set up n and e to please RSA_size()
*/
c = _hx509_get_cert(cert);
spi = &c->tbsCertificate.subjectPublicKeyInfo;
ret = decode_RSAPublicKey(spi->subjectPublicKey.data,
spi->subjectPublicKey.length / 8,
&pk, &size);
if (ret) {
RSA_free(rsa);
return 0;
}
rsa->n = _hx509_int2BN(&pk.modulus);
rsa->e = _hx509_int2BN(&pk.publicExponent);
free_RSAPublicKey(&pk);
kc->keysize = BN_num_bytes(rsa->n);
/*
*
*/
hx509_private_key_assign_rsa(key, rsa);
_hx509_cert_set_key(cert, key);
hx509_private_key_free(&key);
return 0;
}示例2: test_check_crt_components
static int test_check_crt_components(void)
{
const int P = 15;
const int Q = 17;
const int E = 5;
const int N = P*Q;
const int DP = 3;
const int DQ = 13;
const int QINV = 8;
int ret = 0;
RSA *key = NULL;
BN_CTX *ctx = NULL;
BIGNUM *p = NULL, *q = NULL, *e = NULL;
ret = TEST_ptr(key = RSA_new())
&& TEST_ptr(ctx = BN_CTX_new())
&& TEST_ptr(p = BN_new())
&& TEST_ptr(q = BN_new())
&& TEST_ptr(e = BN_new())
&& TEST_true(BN_set_word(p, P))
&& TEST_true(BN_set_word(q, Q))
&& TEST_true(BN_set_word(e, E))
&& TEST_true(RSA_set0_factors(key, p, q));
if (!ret) {
BN_free(p);
BN_free(q);
goto end;
}
ret = TEST_true(rsa_sp800_56b_derive_params_from_pq(key, 8, e, ctx))
&& TEST_BN_eq_word(key->n, N)
&& TEST_BN_eq_word(key->dmp1, DP)
&& TEST_BN_eq_word(key->dmq1, DQ)
&& TEST_BN_eq_word(key->iqmp, QINV)
&& TEST_true(rsa_check_crt_components(key, ctx))
/* (a) 1 < dP < (p – 1). */
&& TEST_true(BN_set_word(key->dmp1, 1))
&& TEST_false(rsa_check_crt_components(key, ctx))
&& TEST_true(BN_set_word(key->dmp1, P-1))
&& TEST_false(rsa_check_crt_components(key, ctx))
&& TEST_true(BN_set_word(key->dmp1, DP))
/* (b) 1 < dQ < (q - 1). */
&& TEST_true(BN_set_word(key->dmq1, 1))
&& TEST_false(rsa_check_crt_components(key, ctx))
&& TEST_true(BN_set_word(key->dmq1, Q-1))
&& TEST_false(rsa_check_crt_components(key, ctx))
&& TEST_true(BN_set_word(key->dmq1, DQ))
/* (c) 1 < qInv < p */
&& TEST_true(BN_set_word(key->iqmp, 1))
&& TEST_false(rsa_check_crt_components(key, ctx))
&& TEST_true(BN_set_word(key->iqmp, P))
&& TEST_false(rsa_check_crt_components(key, ctx))
&& TEST_true(BN_set_word(key->iqmp, QINV))
/* (d) 1 = (dP . e) mod (p - 1)*/
&& TEST_true(BN_set_word(key->dmp1, DP+1))
&& TEST_false(rsa_check_crt_components(key, ctx))
&& TEST_true(BN_set_word(key->dmp1, DP))
/* (e) 1 = (dQ . e) mod (q - 1) */
&& TEST_true(BN_set_word(key->dmq1, DQ-1))
&& TEST_false(rsa_check_crt_components(key, ctx))
&& TEST_true(BN_set_word(key->dmq1, DQ))
/* (f) 1 = (qInv . q) mod p */
&& TEST_true(BN_set_word(key->iqmp, QINV+1))
&& TEST_false(rsa_check_crt_components(key, ctx))
&& TEST_true(BN_set_word(key->iqmp, QINV))
/* check defaults are still valid */
&& TEST_true(rsa_check_crt_components(key, ctx));
end:
BN_free(e);
RSA_free(key);
BN_CTX_free(ctx);
return ret;
}示例3: MS_TRACE
void DtlsTransport::GenerateCertificateAndPrivateKey()
{
MS_TRACE();
int ret = 0;
BIGNUM* bne = nullptr;
RSA* rsa_key = nullptr;
int num_bits = 1024;
X509_NAME* cert_name = nullptr;
// Create a big number object.
bne = BN_new();
if (!bne)
{
LOG_OPENSSL_ERROR("BN_new() failed");
goto error;
}
ret = BN_set_word(bne, RSA_F4); // RSA_F4 == 65537.
if (ret == 0)
{
LOG_OPENSSL_ERROR("BN_set_word() failed");
goto error;
}
// Generate a RSA key.
rsa_key = RSA_new();
if (!rsa_key)
{
LOG_OPENSSL_ERROR("RSA_new() failed");
goto error;
}
// This takes some time.
ret = RSA_generate_key_ex(rsa_key, num_bits, bne, nullptr);
if (ret == 0)
{
LOG_OPENSSL_ERROR("RSA_generate_key_ex() failed");
goto error;
}
// Create a private key object (needed to hold the RSA key).
DtlsTransport::privateKey = EVP_PKEY_new();
if (!DtlsTransport::privateKey)
{
LOG_OPENSSL_ERROR("EVP_PKEY_new() failed");
goto error;
}
ret = EVP_PKEY_assign_RSA(DtlsTransport::privateKey, rsa_key);
if (ret == 0)
{
LOG_OPENSSL_ERROR("EVP_PKEY_assign_RSA() failed");
goto error;
}
// The RSA key now belongs to the private key, so don't clean it up separately.
rsa_key = nullptr;
// Create the X509 certificate.
DtlsTransport::certificate = X509_new();
if (!DtlsTransport::certificate)
{
LOG_OPENSSL_ERROR("X509_new() failed");
goto error;
}
// Set version 3 (note that 0 means version 1).
X509_set_version(DtlsTransport::certificate, 2);
// Set serial number (avoid default 0).
ASN1_INTEGER_set(X509_get_serialNumber(DtlsTransport::certificate), (long)Utils::Crypto::GetRandomUInt(1000000, 9999999));
// Set valid period.
X509_gmtime_adj(X509_get_notBefore(DtlsTransport::certificate), -1*60*60*24*365*10); // - 10 years.
X509_gmtime_adj(X509_get_notAfter(DtlsTransport::certificate), 60*60*24*365*10); // 10 years.
// Set the public key for the certificate using the key.
ret = X509_set_pubkey(DtlsTransport::certificate, DtlsTransport::privateKey);
if (ret == 0)
{
LOG_OPENSSL_ERROR("X509_set_pubkey() failed");
goto error;
}
// Set certificate fields.
cert_name = X509_get_subject_name(DtlsTransport::certificate);
if (!cert_name)
{
LOG_OPENSSL_ERROR("X509_get_subject_name() failed");
goto error;
}
X509_NAME_add_entry_by_txt(cert_name, "O", MBSTRING_ASC, (uint8_t*)MS_APP_NAME, -1, -1, 0);
X509_NAME_add_entry_by_txt(cert_name, "CN", MBSTRING_ASC, (uint8_t*)MS_APP_NAME, -1, -1, 0);
// It is self-signed so set the issuer name to be the same as the subject.
ret = X509_set_issuer_name(DtlsTransport::certificate, cert_name);
if (ret == 0)
{
LOG_OPENSSL_ERROR("X509_set_issuer_name() failed");
goto error;
//.........这里部分代码省略.........
示例4: LUA_FUNCTION
static LUA_FUNCTION(openssl_pkey_new)
{
EVP_PKEY *pkey = NULL;
const char* alg = "rsa";
if (lua_isnoneornil(L, 1) || lua_isstring(L, 1))
{
alg = luaL_optstring(L, 1, alg);
if (strcasecmp(alg, "rsa") == 0)
{
int bits = luaL_optint(L, 2, 1024);
int e = luaL_optint(L, 3, 65537);
RSA* rsa = RSA_new();
BIGNUM *E = BN_new();
BN_set_word(E, e);
if (RSA_generate_key_ex(rsa, bits, E, NULL))
{
pkey = EVP_PKEY_new();
EVP_PKEY_assign_RSA(pkey, rsa);
}
else
RSA_free(rsa);
BN_free(E);
}
else if (strcasecmp(alg, "dsa") == 0)
{
int bits = luaL_optint(L, 2, 1024);
size_t seed_len = 0;
const char* seed = luaL_optlstring(L, 3, NULL, &seed_len);
DSA *dsa = DSA_new();
if (DSA_generate_parameters_ex(dsa, bits, (byte*)seed, seed_len, NULL, NULL, NULL)
&& DSA_generate_key(dsa))
{
pkey = EVP_PKEY_new();
EVP_PKEY_assign_DSA(pkey, dsa);
}
else
DSA_free(dsa);
}
else if (strcasecmp(alg, "dh") == 0)
{
int bits = luaL_optint(L, 2, 512);
int generator = luaL_optint(L, 3, 2);
DH* dh = DH_new();
if (DH_generate_parameters_ex(dh, bits, generator, NULL))
{
if (DH_generate_key(dh))
{
pkey = EVP_PKEY_new();
EVP_PKEY_assign_DH(pkey, dh);
}
else
DH_free(dh);
}
else
DH_free(dh);
}
#ifndef OPENSSL_NO_EC
else if (strcasecmp(alg, "ec") == 0)
{
EC_KEY *ec = NULL;
EC_GROUP *group = openssl_get_ec_group(L, 2, 3, 4);
if (!group)
luaL_error(L, "failed to get ec_group object");
ec = EC_KEY_new();
if (ec)
{
EC_KEY_set_group(ec, group);
EC_GROUP_free(group);
if (EC_KEY_generate_key(ec))
{
pkey = EVP_PKEY_new();
EVP_PKEY_assign_EC_KEY(pkey, ec);
}
else
EC_KEY_free(ec);
}
else
EC_GROUP_free(group);
}
#endif
else
{
luaL_error(L, "not support %s!!!!", alg);
}
}
else if (lua_istable(L, 1))
{
lua_getfield(L, 1, "alg");
alg = luaL_optstring(L, -1, alg);
lua_pop(L, 1);
if (strcasecmp(alg, "rsa") == 0)
{
pkey = EVP_PKEY_new();
if (pkey)
//.........这里部分代码省略.........
示例5: kn_decode_key
//.........这里部分代码省略.........
keynote_errno = ERROR_MEMORY;
return -1;
}
kk = dc->dec_key;
if (keytype == KEYNOTE_PRIVATE_KEY)
{
if (d2i_DSAPrivateKey((DSA **) &kk,(const unsigned char **) &decoded, len) == NULL) {
free(ptr);
DSA_free(kk);
keynote_errno = ERROR_SYNTAX; /* Could be a memory error */
return -1;
}
}
else
{
if (d2i_DSAPublicKey((DSA **) &kk, (const unsigned char **) &decoded, len) == NULL) {
free(ptr);
DSA_free(kk);
keynote_errno = ERROR_SYNTAX; /* Could be a memory error */
return -1;
}
}
free(ptr);
return 0;
}
/* RSA-PKCS1-HEX */
if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_RSA) &&
(internalencoding == INTERNAL_ENC_PKCS1))
{
dc->dec_key = RSA_new();
if (dc->dec_key == NULL) {
keynote_errno = ERROR_MEMORY;
return -1;
}
kk = dc->dec_key;
if (keytype == KEYNOTE_PRIVATE_KEY)
{
if (d2i_RSAPrivateKey((RSA **) &kk, (const unsigned char **) &decoded, len) == NULL) {
free(ptr);
RSA_free(kk);
keynote_errno = ERROR_SYNTAX; /* Could be a memory error */
return -1;
}
if (RSA_blinding_on((RSA *) kk, NULL) != 1) {
free(ptr);
RSA_free(kk);
keynote_errno = ERROR_MEMORY;
return -1;
}
}
else
{
if (d2i_RSAPublicKey((RSA **) &kk, (const unsigned char **) &decoded, len) == NULL) {
free(ptr);
RSA_free(kk);
keynote_errno = ERROR_SYNTAX; /* Could be a memory error */
return -1;
}
}
free(ptr);示例6: MAIN
//.........这里部分代码省略.........
BIO_printf(bio_err, " -3 use 3 for the E value\n");
# ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,
" -engine e use engine e, possibly a hardware device.\n");
# endif
BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
LIST_SEPARATOR_CHAR);
BIO_printf(bio_err,
" load the file (or the files in the directory) into\n");
BIO_printf(bio_err, " the random number generator\n");
goto err;
}
ERR_load_crypto_strings();
if (!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
BIO_printf(bio_err, "Error getting password\n");
goto err;
}
# ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
# endif
if (outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
# ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
# endif
} else {
if (BIO_write_filename(out, outfile) <= 0) {
perror(outfile);
goto err;
}
}
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
&& !RAND_status()) {
BIO_printf(bio_err,
"warning, not much extra random data, consider using the -rand option\n");
}
if (inrand != NULL)
BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
BIO_printf(bio_err, "Generating RSA private key, %d bit long modulus\n",
num);
# ifdef OPENSSL_NO_ENGINE
rsa = RSA_new();
# else
rsa = RSA_new_method(e);
# endif
if (!rsa)
goto err;
if (!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb))
goto err;
app_RAND_write_file(NULL, bio_err);
/*
* We need to do the following for when the base number size is < long,
* esp windows 3.1 :-(.
*/
l = 0L;
for (i = 0; i < rsa->e->top; i++) {
# ifndef SIXTY_FOUR_BIT
l <<= BN_BITS4;
l <<= BN_BITS4;
# endif
l += rsa->e->d[i];
}
BIO_printf(bio_err, "e is %ld (0x%lX)\n", l, l);
{
PW_CB_DATA cb_data;
cb_data.password = passout;
cb_data.prompt_info = outfile;
if (!PEM_write_bio_RSAPrivateKey(out, rsa, enc, NULL, 0,
(pem_password_cb *)password_callback,
&cb_data))
goto err;
}
ret = 0;
err:
if (bn)
BN_free(bn);
if (rsa)
RSA_free(rsa);
if (out)
BIO_free_all(out);
if (passout)
OPENSSL_free(passout);
if (ret != 0)
ERR_print_errors(bio_err);
apps_shutdown();
OPENSSL_EXIT(ret);
}示例7: soter_rsa_priv_key_to_engine_specific
soter_status_t soter_rsa_priv_key_to_engine_specific(const soter_container_hdr_t *key, size_t key_length, soter_engine_specific_rsa_key_t **engine_key)
{
int rsa_mod_size;
RSA *rsa;
EVP_PKEY *pkey = (EVP_PKEY *)(*engine_key);
const uint32_t *pub_exp;
const unsigned char *curr_bn = (const unsigned char *)(key + 1);
if (key_length != ntohl(key->size))
{
return SOTER_INVALID_PARAMETER;
}
/* Validate tag */
if (memcmp(key->tag, RSA_PRIV_KEY_PREF, strlen(RSA_PRIV_KEY_PREF)))
{
return SOTER_INVALID_PARAMETER;
}
if (SOTER_SUCCESS != soter_verify_container_checksum(key))
{
return SOTER_DATA_CORRUPT;
}
switch (key->tag[3])
{
case '1':
rsa_mod_size = 128;
break;
case '2':
rsa_mod_size = 256;
break;
case '4':
rsa_mod_size = 512;
break;
case '8':
rsa_mod_size = 1024;
break;
default:
return SOTER_INVALID_PARAMETER;
}
if (key_length < rsa_priv_key_size(rsa_mod_size))
{
return SOTER_INVALID_PARAMETER;
}
pub_exp = (const uint32_t *)(curr_bn + ((rsa_mod_size * 4) + (rsa_mod_size / 2)));;
switch (ntohl(*pub_exp))
{
case RSA_3:
case RSA_F4:
break;
default:
return SOTER_INVALID_PARAMETER;
}
rsa = RSA_new();
if (!rsa)
{
return SOTER_NO_MEMORY;
}
rsa->e = BN_new();
if (!(rsa->e))
{
RSA_free(rsa);
return SOTER_NO_MEMORY;
}
if (!BN_set_word(rsa->e, ntohl(*pub_exp)))
{
RSA_free(rsa);
return SOTER_FAIL;
}
/* Private exponent */
rsa->d = BN_new();
if (!(rsa->d))
{
RSA_free(rsa);
return SOTER_NO_MEMORY;
}
if (!BN_bin2bn(curr_bn, rsa_mod_size, rsa->d))
{
RSA_free(rsa);
return SOTER_FAIL;
}
curr_bn += rsa_mod_size;
/* p */
rsa->p = BN_new();
if (!(rsa->p))
{
RSA_free(rsa);
return SOTER_NO_MEMORY;
}
if (!BN_bin2bn(curr_bn, rsa_mod_size / 2, rsa->p))
//.........这里部分代码省略.........
示例8: openssl_rsa_crypt
void openssl_rsa_crypt()
{
RSA *r;
BIO *b;
BIGNUM *bne;
unsigned int len;
int size, elen, dlen;
unsigned char inputs[COMM_LEN] = "rsa crypt";
unsigned char tmps[MAX1_LEN], outputs[MAX1_LEN];
memset(tmps, 0, sizeof(tmps));
memset(outputs, 0, sizeof(outputs));
printf("\nRSA generate key:\n");
bne = BN_new();
BN_set_word(bne, RSA_3);
r = RSA_new();
RSA_generate_key_ex(r, MAX1_LEN, bne, NULL);
RSA_print_fp(stdout, r, 11);
b = BIO_new_file("/tmp/rsa.key", "w");
i2d_RSAPrivateKey_bio(b, r);
BIO_free(b);
elen = RSA_private_encrypt(RSA_size(r) - 11,
inputs, outputs, r, RSA_PKCS1_PADDING);
dlen = RSA_public_decrypt(elen, outputs, tmps, r, RSA_PKCS1_PADDING);
if (elen <= 0 || dlen <= 0 || memcmp(inputs, tmps, RSA_size(r) - 11)) {
printf("RSA_private_encrypt error!\n");
RSA_free(r);
return;
}
printf("RSA_private_encrypt(%s) = ", inputs);
for (size = 0; size < elen; size++)
printf("%02x", outputs[size]);
printf("\n");
memset(outputs, 0, sizeof(outputs));
elen = RSA_public_encrypt(RSA_size(r) - 11,
inputs, outputs, r, RSA_PKCS1_PADDING);
dlen = RSA_private_decrypt(elen, outputs, tmps, r, RSA_PKCS1_PADDING);
if (elen <= 0 || dlen <= 0 || memcmp(inputs, tmps, RSA_size(r) - 11)) {
printf("RSA_public_encrypt error!\n");
RSA_free(r);
return;
}
printf("RSA_public_encrypt(%s) = ", inputs);
for (size = 0; size < elen; size++)
printf("%02x", outputs[size]);
printf("\n");
memset(outputs, 0, sizeof(outputs));
RSA_sign(NID_md5_sha1, inputs, 36, outputs, &len, r);
printf("RSA_sign(%s) = ", inputs);
for (size = 0; size < len; size++)
printf("%02x", outputs[size]);
printf("\n");
memset(tmps, 0, sizeof(tmps));
RSA_verify(NID_md5_sha1, inputs, 36, outputs, len, r);
printf("RSA_verify(");
for (size = 0; size < len; size++)
printf("%02x", outputs[size]);
printf(") = %s\n", inputs);
RSA_free(r);
}示例9: AuthenticationDialogue
//.........这里部分代码省略.........
if (iscrypt == 'y')
{
if (RSA_private_decrypt
(crypt_len, recvbuffer + CF_RSA_PROTO_OFFSET, decrypted_nonce, PRIVKEY, RSA_PKCS1_PADDING) <= 0)
{
err = ERR_get_error();
Log(LOG_LEVEL_ERR,
"Private decrypt failed = '%s'. Probably the client has the wrong public key for this server",
ERR_reason_error_string(err));
free(decrypted_nonce);
return false;
}
}
else
{
if (nonce_len > crypt_len)
{
Log(LOG_LEVEL_ERR, "Illegal challenge");
free(decrypted_nonce);
return false;
}
memcpy(decrypted_nonce, recvbuffer + CF_RSA_PROTO_OFFSET, nonce_len);
}
/* Client's ID is now established by key or trusted, reply with digest */
HashString(decrypted_nonce, nonce_len, digest, digestType);
free(decrypted_nonce);
/* Get the public key from the client */
newkey = RSA_new();
/* proposition C2 */
if ((len_n = ReceiveTransaction(conn->conn_info, recvbuffer, NULL)) == -1)
{
Log(LOG_LEVEL_INFO, "Protocol error 1 in RSA authentation from IP %s", conn->hostname);
RSA_free(newkey);
return false;
}
if (len_n == 0)
{
Log(LOG_LEVEL_INFO, "Protocol error 2 in RSA authentation from IP %s", conn->hostname);
RSA_free(newkey);
return false;
}
if ((newkey->n = BN_mpi2bn(recvbuffer, len_n, NULL)) == NULL)
{
err = ERR_get_error();
Log(LOG_LEVEL_ERR, "Private decrypt failed = %s", ERR_reason_error_string(err));
RSA_free(newkey);
return false;
}
/* proposition C3 */
if ((len_e = ReceiveTransaction(conn->conn_info, recvbuffer, NULL)) == -1)
{
Log(LOG_LEVEL_INFO, "Protocol error 3 in RSA authentation from IP %s", conn->hostname);
RSA_free(newkey);
return false;
}示例10: void
RSA *RSA_generate_key(int bits, unsigned long e_value,
void (*callback)(int,int,void *), void *cb_arg)
{
RSA *rsa=NULL;
BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp;
int bitsp,bitsq,ok= -1,n=0;
unsigned i;
BN_CTX *ctx=NULL,*ctx2=NULL;
ctx=BN_CTX_new();
if (ctx == NULL) goto err;
ctx2=BN_CTX_new();
if (ctx2 == NULL) goto err;
BN_CTX_start(ctx);
r0 = BN_CTX_get(ctx);
r1 = BN_CTX_get(ctx);
r2 = BN_CTX_get(ctx);
r3 = BN_CTX_get(ctx);
if (r3 == NULL) goto err;
bitsp=(bits+1)/2;
bitsq=bits-bitsp;
rsa=RSA_new();
if (rsa == NULL) goto err;
/* set e */
rsa->e=BN_new();
if (rsa->e == NULL) goto err;
#if 1
/* The problem is when building with 8, 16, or 32 BN_ULONG,
* unsigned long can be larger */
for (i=0; i<sizeof(unsigned long)*8; i++)
{
if (e_value & (((unsigned long)1)<<i))
BN_set_bit(rsa->e,i);
}
#else
if (!BN_set_word(rsa->e,e_value)) goto err;
#endif
/* generate p and q */
for (;;)
{
rsa->p=BN_generate_prime(NULL,bitsp,0,NULL,NULL,callback,cb_arg);
if (rsa->p == NULL) goto err;
if (!BN_sub(r2,rsa->p,BN_value_one())) goto err;
if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err;
if (BN_is_one(r1)) break;
if (callback != NULL) callback(2,n++,cb_arg);
BN_free(rsa->p);
}
if (callback != NULL) callback(3,0,cb_arg);
for (;;)
{
rsa->q=BN_generate_prime(NULL,bitsq,0,NULL,NULL,callback,cb_arg);
if (rsa->q == NULL) goto err;
if (!BN_sub(r2,rsa->q,BN_value_one())) goto err;
if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err;
if (BN_is_one(r1) && (BN_cmp(rsa->p,rsa->q) != 0))
break;
if (callback != NULL) callback(2,n++,cb_arg);
BN_free(rsa->q);
}
if (callback != NULL) callback(3,1,cb_arg);
if (BN_cmp(rsa->p,rsa->q) < 0)
{
tmp=rsa->p;
rsa->p=rsa->q;
rsa->q=tmp;
}
/* calculate n */
rsa->n=BN_new();
if (rsa->n == NULL) goto err;
if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx)) goto err;
/* calculate d */
if (!BN_sub(r1,rsa->p,BN_value_one())) goto err; /* p-1 */
if (!BN_sub(r2,rsa->q,BN_value_one())) goto err; /* q-1 */
if (!BN_mul(r0,r1,r2,ctx)) goto err; /* (p-1)(q-1) */
/* should not be needed, since gcd(p-1,e) == 1 and gcd(q-1,e) == 1 */
/* for (;;)
{
if (!BN_gcd(r3,r0,rsa->e,ctx)) goto err;
if (BN_is_one(r3)) break;
if (1)
{
if (!BN_add_word(rsa->e,2L)) goto err;
continue;
}
RSAerr(RSA_F_RSA_GENERATE_KEY,RSA_R_BAD_E_VALUE);
goto err;
}
*/
rsa->d=BN_mod_inverse(NULL,rsa->e,r0,ctx2); /* d */
if (rsa->d == NULL) goto err;
//.........这里部分代码省略.........
示例11: openssl_x509_crl
void openssl_x509_crl()
{
RSA *r;
BIO *bp;
int len;
FILE *fp;
BIGNUM *bne;
X509_CRL *crl;
EVP_PKEY *pkey;
X509_NAME *issuer;
ASN1_INTEGER *serial;
X509_REVOKED *revoked;
ASN1_TIME *lastUpdate, *nextUpdate, *rvTime;
unsigned char *buf, *p, tmp[MAX1_LEN] = "crl cert";
printf("\nX509_CRL info:\n");
bne = BN_new();
BN_set_word(bne, RSA_3);
r = RSA_new();
RSA_generate_key_ex(r, MAX1_LEN, bne, NULL);
pkey = EVP_PKEY_new();
EVP_PKEY_assign_RSA(pkey, r);
crl = X509_CRL_new();
X509_CRL_set_version(crl, 3);
issuer = X509_NAME_new();
X509_NAME_add_entry_by_NID(issuer, NID_commonName,
V_ASN1_PRINTABLESTRING, tmp, 10, -1, 0);
X509_CRL_set_issuer_name(crl, issuer);
lastUpdate = ASN1_TIME_new();
ASN1_TIME_set(lastUpdate, time(NULL));
X509_CRL_set_lastUpdate(crl, lastUpdate);
nextUpdate = ASN1_TIME_new();
ASN1_TIME_set(nextUpdate, time(NULL) + 1280);
X509_CRL_set_nextUpdate(crl, nextUpdate);
revoked = X509_REVOKED_new();
serial = ASN1_INTEGER_new();
ASN1_INTEGER_set(serial, 1280);
X509_REVOKED_set_serialNumber(revoked, serial);
rvTime = ASN1_TIME_new();
ASN1_TIME_set(rvTime, time(NULL) + 2000);
X509_CRL_set_nextUpdate(crl, rvTime);
X509_REVOKED_set_revocationDate(revoked, rvTime);
X509_CRL_add0_revoked(crl, revoked);
X509_CRL_sort(crl);
X509_CRL_sign(crl, pkey, EVP_md5());
bp = BIO_new(BIO_s_file());
BIO_set_fp(bp, stdout, BIO_NOCLOSE);
X509_CRL_print(bp, crl);
len = i2d_X509_CRL(crl, NULL);
buf = (unsigned char *)malloc(len + 10);
p = buf;
len = i2d_X509_CRL(crl, &p);
fp = fopen("/tmp/crl.crl", "wb");
fwrite(buf, 1, len, fp);
fclose(fp);
free(buf);
BIO_free(bp);
X509_CRL_free(crl);
}示例12: sldns_key_buf2rsa_raw
RSA *
sldns_key_buf2rsa_raw(unsigned char* key, size_t len)
{
uint16_t offset;
uint16_t exp;
uint16_t int16;
RSA *rsa;
BIGNUM *modulus;
BIGNUM *exponent;
if (len == 0)
return NULL;
if (key[0] == 0) {
if(len < 3)
return NULL;
memmove(&int16, key+1, 2);
exp = ntohs(int16);
offset = 3;
} else {
exp = key[0];
offset = 1;
}
/* key length at least one */
if(len < (size_t)offset + exp + 1)
return NULL;
/* Exponent */
exponent = BN_new();
if(!exponent) return NULL;
(void) BN_bin2bn(key+offset, (int)exp, exponent);
offset += exp;
/* Modulus */
modulus = BN_new();
if(!modulus) {
BN_free(exponent);
return NULL;
}
/* length of the buffer must match the key length! */
(void) BN_bin2bn(key+offset, (int)(len - offset), modulus);
rsa = RSA_new();
if(!rsa) {
BN_free(exponent);
BN_free(modulus);
return NULL;
}
#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
#ifndef S_SPLINT_S
rsa->n = modulus;
rsa->e = exponent;
#endif /* splint */
#else /* OPENSSL_VERSION_NUMBER */
if (!RSA_set0_key(rsa, modulus, exponent, NULL)) {
BN_free(exponent);
BN_free(modulus);
RSA_free(rsa);
return NULL;
}
#endif
return rsa;
}示例13: AuthenticateAgent
//.........这里部分代码省略.........
{
Log(LOG_LEVEL_ERR,
"Private decrypt failed, abandoning. (RSA_private_decrypt: %s)",
CryptoLastErrorString());
RSA_free(server_pubkey);
return false;
}
/* proposition C4 */
if (FIPS_MODE)
{
HashString(decrypted_cchall, nonce_len, digest, CF_DEFAULT_DIGEST);
}
else
{
HashString(decrypted_cchall, nonce_len, digest, HASH_METHOD_MD5);
}
if (FIPS_MODE)
{
SendTransaction(conn->conn_info, digest, CF_DEFAULT_DIGEST_LEN, CF_DONE);
}
else
{
SendTransaction(conn->conn_info, digest, CF_MD5_LEN, CF_DONE);
}
free(decrypted_cchall);
/* If we don't have the server's public key, it will be sent */
if (server_pubkey == NULL)
{
RSA *newkey = RSA_new();
Log(LOG_LEVEL_VERBOSE, "Collecting public key from server!");
/* proposition S4 - conditional */
if ((len = ReceiveTransaction(conn->conn_info, in, NULL)) <= 0)
{
Log(LOG_LEVEL_ERR, "Protocol error in RSA authentation from IP '%s'", conn->this_server);
return false;
}
if ((newkey->n = BN_mpi2bn(in, len, NULL)) == NULL)
{
Log(LOG_LEVEL_ERR,
"Private key decrypt failed. (BN_mpi2bn: %s)",
CryptoLastErrorString());
RSA_free(newkey);
return false;
}
/* proposition S5 - conditional */
if ((len = ReceiveTransaction(conn->conn_info, in, NULL)) <= 0)
{
Log(LOG_LEVEL_INFO, "Protocol error in RSA authentation from IP '%s'",
conn->this_server);
RSA_free(newkey);
return false;
}
if ((newkey->e = BN_mpi2bn(in, len, NULL)) == NULL)
{
Log(LOG_LEVEL_ERR,示例14: keygen
/*
Generate a public/private RSA keypair, and ask for a file to store
them in.
*/
static bool keygen(int bits) {
BIGNUM *e = NULL;
RSA *rsa_key;
FILE *f;
char filename[PATH_MAX];
BN_GENCB *cb;
int result;
fprintf(stderr, "Generating %d bits keys:\n", bits);
cb = BN_GENCB_new();
if(!cb) {
abort();
}
BN_GENCB_set(cb, indicator, NULL);
rsa_key = RSA_new();
if(BN_hex2bn(&e, "10001") == 0) {
abort();
}
if(!rsa_key || !e) {
abort();
}
result = RSA_generate_key_ex(rsa_key, bits, e, cb);
BN_free(e);
BN_GENCB_free(cb);
if(!result) {
fprintf(stderr, "Error during key generation!\n");
RSA_free(rsa_key);
return false;
} else {
fprintf(stderr, "Done.\n");
}
snprintf(filename, sizeof(filename), "%s/rsa_key.priv", confbase);
f = ask_and_open(filename, "private RSA key");
if(!f) {
RSA_free(rsa_key);
return false;
}
#ifdef HAVE_FCHMOD
/* Make it unreadable for others. */
fchmod(fileno(f), 0600);
#endif
fputc('\n', f);
PEM_write_RSAPrivateKey(f, rsa_key, NULL, NULL, 0, NULL, NULL);
fclose(f);
char *name = get_name();
if(name) {
snprintf(filename, sizeof(filename), "%s/hosts/%s", confbase, name);
free(name);
} else {
snprintf(filename, sizeof(filename), "%s/rsa_key.pub", confbase);
}
f = ask_and_open(filename, "public RSA key");
if(!f) {
RSA_free(rsa_key);
return false;
}
fputc('\n', f);
PEM_write_RSAPublicKey(f, rsa_key);
fclose(f);
RSA_free(rsa_key);
return true;
}示例15: tls_ctx_use_external_private_key
int
tls_ctx_use_external_private_key (struct tls_root_ctx *ctx,
const char *cert_file, const char *cert_file_inline)
{
RSA *rsa = NULL;
RSA *pub_rsa;
RSA_METHOD *rsa_meth;
X509 *cert = NULL;
ASSERT (NULL != ctx);
tls_ctx_load_cert_file_and_copy (ctx, cert_file, cert_file_inline, &cert);
ASSERT (NULL != cert);
/* allocate custom RSA method object */
ALLOC_OBJ_CLEAR (rsa_meth, RSA_METHOD);
rsa_meth->name = "OpenVPN external private key RSA Method";
rsa_meth->rsa_pub_enc = rsa_pub_enc;
rsa_meth->rsa_pub_dec = rsa_pub_dec;
rsa_meth->rsa_priv_enc = rsa_priv_enc;
rsa_meth->rsa_priv_dec = rsa_priv_dec;
rsa_meth->init = NULL;
rsa_meth->finish = rsa_finish;
rsa_meth->flags = RSA_METHOD_FLAG_NO_CHECK;
rsa_meth->app_data = NULL;
/* allocate RSA object */
rsa = RSA_new();
if (rsa == NULL)
{
SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE);
goto err;
}
/* get the public key */
ASSERT(cert->cert_info->key->pkey); /* NULL before SSL_CTX_use_certificate() is called */
pub_rsa = cert->cert_info->key->pkey->pkey.rsa;
/* initialize RSA object */
rsa->n = BN_dup(pub_rsa->n);
rsa->flags |= RSA_FLAG_EXT_PKEY;
if (!RSA_set_method(rsa, rsa_meth))
goto err;
/* bind our custom RSA object to ssl_ctx */
if (!SSL_CTX_use_RSAPrivateKey(ctx->ctx, rsa))
goto err;
X509_free(cert);
RSA_free(rsa); /* doesn't necessarily free, just decrements refcount */
return 1;
err:
if (cert)
X509_free(cert);
if (rsa)
RSA_free(rsa);
else
{
if (rsa_meth)
free(rsa_meth);
}
msg (M_SSLERR, "Cannot enable SSL external private key capability");
return 0;
}