本文整理匯總了C++中EC_POINT_set_affine_coordinates_GFp函數的典型用法代碼示例。如果您正苦於以下問題:C++ EC_POINT_set_affine_coordinates_GFp函數的具體用法?C++ EC_POINT_set_affine_coordinates_GFp怎麽用?C++ EC_POINT_set_affine_coordinates_GFp使用的例子?那麽, 這裏精選的函數代碼示例或許可以為您提供幫助。
在下文中一共展示了EC_POINT_set_affine_coordinates_GFp函數的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的C++代碼示例。
示例1: BN_CTX_new
EC_GROUP * ECDSAKeyPair::createGroup(const EllipticCurve& curve) {
BN_CTX *ctx;
EC_GROUP *group;
EC_POINT *generator;
/* Set up the BN_CTX */
ctx = BN_CTX_new();
if (ctx == NULL){
throw AsymmetricKeyException(AsymmetricKeyException::INTERNAL_ERROR,
"Failed to create BN_CTX", "ECDSAKeyPair::createGroup");
}
/* Create the curve */
group = EC_GROUP_new_curve_GFp(curve.BN_p(), curve.BN_a(), curve.BN_b(), ctx);
if (group == NULL) {
BN_CTX_free(ctx);
throw AsymmetricKeyException(AsymmetricKeyException::INTERNAL_ERROR,
"Failed to create group", "ECDSAKeyPair::createGroup");
}
/* Create the generator */
generator = EC_POINT_new(group);
if (generator == NULL) {
BN_CTX_free(ctx);
EC_GROUP_free(group);
throw AsymmetricKeyException(AsymmetricKeyException::INTERNAL_ERROR,
"Failed to create generator", "ECDSAKeyPair::createGroup");
}
if (1 != EC_POINT_set_affine_coordinates_GFp(group, generator, curve.BN_x(), curve.BN_y(), ctx)) {
BN_CTX_free(ctx);
EC_GROUP_free(group);
throw AsymmetricKeyException(AsymmetricKeyException::INTERNAL_ERROR,
"Failed to set the affine coordinates of a EC_POINT over GFp",
"ECDSAKeyPair::createGroup");
}
/* Set the generator and the order */
if (1 != EC_GROUP_set_generator(group, generator, curve.BN_order(), curve.BN_cofactor())) {
BN_CTX_free(ctx);
EC_GROUP_free(group);
EC_POINT_free(generator);
throw AsymmetricKeyException(AsymmetricKeyException::INTERNAL_ERROR,
"Failed to set generator and order", "ECDSAKeyPair::createGroup");
}
EC_POINT_free(generator);
BN_CTX_free(ctx);
return group;
}
示例2: GOST_KEY_set_public_key_affine_coordinates
int GOST_KEY_set_public_key_affine_coordinates(GOST_KEY *key, BIGNUM *x, BIGNUM *y)
{
BN_CTX *ctx = NULL;
BIGNUM *tx, *ty;
EC_POINT *point = NULL;
int ok = 0;
if (key == NULL || key->group == NULL || x == NULL || y == NULL) {
GOSTerr(GOST_F_GOST_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
ctx = BN_CTX_new();
if (ctx == NULL)
goto err;
point = EC_POINT_new(key->group);
if (point == NULL)
goto err;
if ((tx = BN_CTX_get(ctx)) == NULL)
goto err;
if ((ty = BN_CTX_get(ctx)) == NULL)
goto err;
if (EC_POINT_set_affine_coordinates_GFp(key->group, point, x, y, ctx) == 0)
goto err;
if (EC_POINT_get_affine_coordinates_GFp(key->group, point, tx, ty, ctx) == 0)
goto err;
/*
* Check if retrieved coordinates match originals: if not values are
* out of range.
*/
if (BN_cmp(x, tx) != 0 || BN_cmp(y, ty) != 0) {
GOSTerr(GOST_F_GOST_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
EC_R_COORDINATES_OUT_OF_RANGE);
goto err;
}
if (GOST_KEY_set_public_key(key, point) != 0)
goto err;
if (GOST_KEY_check_key(key) == 0)
goto err;
ok = 1;
err:
BN_CTX_free(ctx);
EC_POINT_free(point);
return ok;
}
示例3: ec_GFp_simple_make_affine
int ec_GFp_simple_make_affine (const EC_GROUP * group, EC_POINT * point, BN_CTX * ctx)
{
BN_CTX *new_ctx = NULL;
BIGNUM *x, *y;
int ret = 0;
if (point->Z_is_one || EC_POINT_is_at_infinity (group, point))
return 1;
if (ctx == NULL)
{
ctx = new_ctx = BN_CTX_new ();
if (ctx == NULL)
return 0;
}
BN_CTX_start (ctx);
x = BN_CTX_get (ctx);
y = BN_CTX_get (ctx);
if (y == NULL)
goto err;
if (!EC_POINT_get_affine_coordinates_GFp (group, point, x, y, ctx))
goto err;
if (!EC_POINT_set_affine_coordinates_GFp (group, point, x, y, ctx))
goto err;
if (!point->Z_is_one)
{
ECerr (EC_F_EC_GFP_SIMPLE_MAKE_AFFINE, ERR_R_INTERNAL_ERROR);
goto err;
}
ret = 1;
err:
BN_CTX_end (ctx);
if (new_ctx != NULL)
BN_CTX_free (new_ctx);
return ret;
}
示例4: ec_GFp_simple_make_affine
int ec_GFp_simple_make_affine(const EC_GROUP *group, EC_POINT *point,
BN_CTX *ctx) {
BN_CTX *new_ctx = NULL;
BIGNUM *x, *y;
int ret = 0;
if (point->Z_is_one || EC_POINT_is_at_infinity(group, point)) {
return 1;
}
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
if (ctx == NULL) {
return 0;
}
}
BN_CTX_start(ctx);
x = BN_CTX_get(ctx);
y = BN_CTX_get(ctx);
if (y == NULL) {
goto err;
}
if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx) ||
!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) {
goto err;
}
if (!point->Z_is_one) {
OPENSSL_PUT_ERROR(EC, ec_GFp_simple_make_affine, ERR_R_INTERNAL_ERROR);
goto err;
}
ret = 1;
err:
BN_CTX_end(ctx);
if (new_ctx != NULL) {
BN_CTX_free(new_ctx);
}
return ret;
}
示例5: BN_new
// Get the AlphaCrypt default PEER public Key
EC_POINT * CAlphaCrypt::GetAlphaCryptPublicKey() {
EC_KEY * lpPublicCurve = NULL; // Curve that contains the public key
EC_POINT * pubKey = NULL; // Public key generated from the 2 coordinates
const LPSTR XCoordHex = "46668077A4449322CA896BD64901DE333156B6FEAE75ABE5D4922A039B3CD013";
const LPSTR YCoordHex = "304AB8B3F15F498094F14058A1D1EBE823BEF512D44210CC50BBD94128D2CD05";
BIGNUM * pBnX = NULL, * pBnY = NULL;
int iRet = 0;
// Allocate the 2 points structures
pBnX = BN_new(); pBnY = BN_new();
// Get X and Y Coordinate
BN_hex2bn(&pBnX, XCoordHex);
BN_hex2bn(&pBnY, YCoordHex);
// Create the curve that contains the public key
lpPublicCurve = EC_KEY_new_by_curve_name(NID_secp256k1);
// Create the generator
pubKey = EC_POINT_new(lpPublicCurve->group);
// Generate the Public key and verify it
EC_POINT_set_affine_coordinates_GFp(lpPublicCurve->group, pubKey, pBnX, pBnY, NULL);
EC_KEY_set_public_key(lpPublicCurve, pubKey);
iRet = EC_KEY_check_key(lpPublicCurve);
// Cleanup
EC_KEY_free(lpPublicCurve);
BN_free(pBnX); BN_free(pBnY);
if (iRet)
return pubKey;
else
EC_POINT_free(pubKey);
return NULL;
}
示例6: BFIBE_do_decrypt
int BFIBE_do_decrypt(BFPublicParameters *mpk,
const BFCiphertextBlock *in, unsigned char *out, size_t *outlen,
BFPrivateKeyBlock *sk)
{
int ret = 0;
BN_CTX *bn_ctx = NULL;
EC_GROUP *group = NULL;
EC_POINT *point = NULL;
EC_POINT *point1 = NULL;
BN_GFP2 *theta = NULL;
BIGNUM *k;
const EVP_MD *md;
KDF_FUNC hash_bytes;
unsigned char rho[EVP_MAX_MD_SIZE * 2];
size_t size;
unsigned int len;
int i;
if (!mpk || !in || !outlen || !sk) {
BFIBEerr(BFIBE_F_BFIBE_DO_DECRYPT, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (!out) {
*outlen = in->w->length;
return 1;
}
if (*outlen < in->w->length) {
BFIBEerr(BFIBE_F_BFIBE_DO_DECRYPT,
BFIBE_R_BUFFER_TOO_SMALL);
return 0;
}
/* BN_CTX */
if (!(bn_ctx = BN_CTX_new())) {
BFIBEerr(BFIBE_F_BFIBE_DO_DECRYPT, ERR_R_MALLOC_FAILURE);
goto end;
}
BN_CTX_start(bn_ctx);
/* EC_GROUP */
if (!(group = EC_GROUP_new_type1curve(mpk->p, mpk->pointP->x,
mpk->pointP->y, mpk->q, bn_ctx))) {
BFIBEerr(BFIBE_F_BFIBE_DO_DECRYPT,
BFIBE_R_INVALID_TYPE1CURVE);
goto end;
}
point = EC_POINT_new(group);
point1 = EC_POINT_new(group);
theta = BN_GFP2_new();
k = BN_CTX_get(bn_ctx);
if (!point || !point1 || !theta || !k) {
BFIBEerr(BFIBE_F_BFIBE_DO_DECRYPT, ERR_R_MALLOC_FAILURE);
goto end;
}
/* theta = e(ciphertext->u, sk->privateKey) */
if (!EC_POINT_set_affine_coordinates_GFp(group, point,
in->u->x, in->u->y, bn_ctx)) {
BFIBEerr(BFIBE_F_BFIBE_DO_DECRYPT, ERR_R_EC_LIB);
goto end;
}
if (!EC_POINT_set_affine_coordinates_GFp(group, point1,
sk->privateKey->x, sk->privateKey->y, bn_ctx)) {
BFIBEerr(BFIBE_F_BFIBE_DO_DECRYPT, ERR_R_EC_LIB);
goto end;
}
if (!EC_type1curve_tate(group, theta, point, point1, bn_ctx)) {
BFIBEerr(BFIBE_F_BFIBE_DO_DECRYPT, ERR_R_EC_LIB);
goto end;
}
/* md = mpk->hashfcn */
if (!(md = EVP_get_digestbyobj(mpk->hashfcn))) {
BFIBEerr(BFIBE_F_BFIBE_DO_DECRYPT, BFIBE_R_INVALID_BFIBE_HASHFUNC);
goto end;
}
/* rho = Hash(Canoncial(theta)) xor ciphertext->v */
size = sizeof(rho);
if (!BN_GFP2_canonical(theta, rho, &size, 0, mpk->p, bn_ctx)) {
BFIBEerr(BFIBE_F_BFIBE_DO_DECRYPT, ERR_R_EC_LIB);
goto end;
}
len = size;
if (!EVP_Digest(rho, size, rho, &len, md, NULL)) {
BFIBEerr(BFIBE_F_BFIBE_DO_DECRYPT, ERR_R_EVP_LIB);
goto end;
}
for (i = 0; i < EVP_MD_size(md); i++) {
rho[i] ^= in->v->data[i];
}
/* function hash_bytes() = kdf(md) */
if (!(hash_bytes = KDF_get_ibcs(md))) {
BFIBEerr(BFIBE_F_BFIBE_DO_DECRYPT,
BFIBE_R_INVALID_BFIBE_HASHFUNC);
goto end;
//.........這裏部分代碼省略.........
示例7: ECerr
static EC_GROUP *ec_group_new_from_data(const ec_list_element curve)
{
EC_GROUP *group=NULL;
EC_POINT *P=NULL;
BN_CTX *ctx=NULL;
BIGNUM *p=NULL, *a=NULL, *b=NULL, *x=NULL, *y=NULL, *order=NULL;
int ok=0;
int seed_len,param_len;
const EC_METHOD *meth;
const EC_CURVE_DATA *data;
const unsigned char *params;
if ((ctx = BN_CTX_new()) == NULL)
{
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE);
goto err;
}
data = curve.data;
seed_len = data->seed_len;
param_len = data->param_len;
params = (const unsigned char *)(data+1); /* skip header */
params += seed_len; /* skip seed */
if (!(p = BN_bin2bn(params+0*param_len, param_len, NULL))
|| !(a = BN_bin2bn(params+1*param_len, param_len, NULL))
|| !(b = BN_bin2bn(params+2*param_len, param_len, NULL)))
{
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
goto err;
}
if (curve.meth != 0)
{
meth = curve.meth();
if (((group = EC_GROUP_new(meth)) == NULL) ||
(!(group->meth->group_set_curve(group, p, a, b, ctx))))
{
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
goto err;
}
}
else if (data->field_type == NID_X9_62_prime_field)
{
if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL)
{
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
goto err;
}
}
#ifndef OPENSSL_NO_EC2M
else /* field_type == NID_X9_62_characteristic_two_field */
{
if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL)
{
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
goto err;
}
}
#endif
if ((P = EC_POINT_new(group)) == NULL)
{
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
goto err;
}
if (!(x = BN_bin2bn(params+3*param_len, param_len, NULL))
|| !(y = BN_bin2bn(params+4*param_len, param_len, NULL)))
{
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
goto err;
}
if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx))
{
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
goto err;
}
if (!(order = BN_bin2bn(params+5*param_len, param_len, NULL))
|| !BN_set_word(x, (BN_ULONG)data->cofactor))
{
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
goto err;
}
if (!EC_GROUP_set_generator(group, P, order, x))
{
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
goto err;
}
if (seed_len)
{
if (!EC_GROUP_set_seed(group, params-seed_len, seed_len))
{
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
goto err;
}
}
ok=1;
err:
if (!ok)
//.........這裏部分代碼省略.........
示例8: prime_field_tests
//.........這裏部分代碼省略.........
for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf, ctx);
if (len == 0) ABORT;
if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;
if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;
fprintf(stdout, "\nGenerator as octect string, hybrid form:\n ");
for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
if (!EC_POINT_get_Jprojective_coordinates_GFp(group, R, x, y, z, ctx)) ABORT;
fprintf(stdout, "\nA representation of the inverse of that generator in\nJacobian projective coordinates:\n X = 0x");
BN_print_fp(stdout, x);
fprintf(stdout, ", Y = 0x");
BN_print_fp(stdout, y);
fprintf(stdout, ", Z = 0x");
BN_print_fp(stdout, z);
fprintf(stdout, "\n");
if (!EC_POINT_invert(group, P, ctx)) ABORT;
if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT;
/* Curve secp160r1 (Certicom Research SEC 2 Version 1.0, section 2.4.2, 2000)
* -- not a NIST curve, but commonly used */
if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF")) ABORT;
if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC")) ABORT;
if (!BN_hex2bn(&b, "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45")) ABORT;
if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
if (!BN_hex2bn(&x, "4A96B5688EF573284664698968C38BB913CBFC82")) ABORT;
if (!BN_hex2bn(&y, "23a628553168947d59dcc912042351377ac5fb32")) ABORT;
if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
if (!BN_hex2bn(&z, "0100000000000000000001F4C8F927AED3CA752257")) ABORT;
if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
fprintf(stdout, "\nSEC2 curve secp160r1 -- Generator:\n x = 0x");
BN_print_fp(stdout, x);
fprintf(stdout, "\n y = 0x");
BN_print_fp(stdout, y);
fprintf(stdout, "\n");
/* G_y value taken from the standard: */
if (!BN_hex2bn(&z, "23a628553168947d59dcc912042351377ac5fb32")) ABORT;
if (0 != BN_cmp(y, z)) ABORT;
fprintf(stdout, "verify degree ...");
if (EC_GROUP_get_degree(group) != 160) ABORT;
fprintf(stdout, " ok\n");
fprintf(stdout, "verify group order ...");
fflush(stdout);
if (!EC_GROUP_get_order(group, z, ctx)) ABORT;
if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
fprintf(stdout, ".");
fflush(stdout);
if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
fprintf(stdout, " ok\n");
if (!(P_160 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
if (!EC_GROUP_copy(P_160, group)) ABORT;
示例9: BFIBEerr
//.........這裏部分代碼省略.........
/* ret->version */
ret->version = BFIBE_VERSION;
/* rho = Rand(hashlen) */
if (!RAND_bytes(rho, EVP_MD_size(md))) {
BFIBEerr(BFIBE_F_BFIBE_DO_ENCRYPT, BFIBE_R_RAND_FAILURE);
goto end;
}
/* k = HashToRange(rho||Hash(in), q) in [0, q - 1] */
len = EVP_MD_size(md);
if (!EVP_Digest(in, inlen, rho + EVP_MD_size(md), &len, md, NULL)) {
BFIBEerr(BFIBE_F_BFIBE_DO_ENCRYPT, ERR_R_EVP_LIB);
goto end;
}
if (!BN_hash_to_range(md, &k, rho, EVP_MD_size(md) * 2, mpk->q, bn_ctx)) {
BFIBEerr(BFIBE_F_BFIBE_DO_ENCRYPT, ERR_R_BN_LIB);
goto end;
}
/* ret->u = mpk->pointP * k in E/F_p, mpk->pointP is the generator */
if (!EC_POINT_mul(group, point, k, NULL, NULL, bn_ctx)) {
BFIBEerr(BFIBE_F_BFIBE_DO_ENCRYPT, ERR_R_EC_LIB);
goto end;
}
if (!EC_POINT_get_affine_coordinates_GFp(group, point,
ret->u->x, ret->u->y, bn_ctx)) {
BFIBEerr(BFIBE_F_BFIBE_DO_ENCRYPT, ERR_R_EC_LIB);
goto end;
}
/* theta = e(mpk->pointPpub, HashToPoint(ID)) */
if (!EC_POINT_set_affine_coordinates_GFp(group, Ppub,
mpk->pointPpub->x, mpk->pointPpub->y, bn_ctx)) {
BFIBEerr(BFIBE_F_BFIBE_DO_ENCRYPT, ERR_R_EC_LIB);
goto end;
}
if (!EC_POINT_hash2point(group, md, id, idlen, point, bn_ctx)) {
BFIBEerr(BFIBE_F_BFIBE_DO_ENCRYPT, ERR_R_EC_LIB);
goto end;
}
if (!EC_type1curve_tate(group, theta, Ppub, point, bn_ctx)) {
BFIBEerr(BFIBE_F_BFIBE_DO_ENCRYPT, ERR_R_EC_LIB);
goto end;
}
/* theta = theta^k */
if (!BN_GFP2_exp(theta, theta, k, mpk->p, bn_ctx)) {
BFIBEerr(BFIBE_F_BFIBE_DO_ENCRYPT, ERR_R_EC_LIB);
goto end;
}
/* ret->v = Hash(theta) xor rho */
size = sizeof(buf);
if (!BN_GFP2_canonical(theta, buf, &size, 0, mpk->p, bn_ctx)) {
BFIBEerr(BFIBE_F_BFIBE_DO_ENCRYPT, ERR_R_BN_LIB);
goto end;
}
len = sizeof(buf);
if (!EVP_Digest(buf, size, buf, &len, md, NULL)) {
BFIBEerr(BFIBE_F_BFIBE_DO_ENCRYPT, ERR_R_EVP_LIB);
goto end;
}
for (i = 0; i < EVP_MD_size(md); i++) {
buf[i] ^= rho[i];
示例10: ec_GFp_simple_oct2point
static int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
const uint8_t *buf, size_t len,
BN_CTX *ctx) {
point_conversion_form_t form;
int y_bit;
BN_CTX *new_ctx = NULL;
BIGNUM *x, *y;
size_t field_len, enc_len;
int ret = 0;
if (len == 0) {
OPENSSL_PUT_ERROR(EC, ec_GFp_simple_oct2point, EC_R_BUFFER_TOO_SMALL);
return 0;
}
form = buf[0];
y_bit = form & 1;
form = form & ~1U;
if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED) &&
(form != POINT_CONVERSION_UNCOMPRESSED) &&
(form != POINT_CONVERSION_HYBRID)) {
OPENSSL_PUT_ERROR(EC, ec_GFp_simple_oct2point, EC_R_INVALID_ENCODING);
return 0;
}
if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit) {
OPENSSL_PUT_ERROR(EC, ec_GFp_simple_oct2point, EC_R_INVALID_ENCODING);
return 0;
}
if (form == 0) {
if (len != 1) {
OPENSSL_PUT_ERROR(EC, ec_GFp_simple_oct2point, EC_R_INVALID_ENCODING);
return 0;
}
return EC_POINT_set_to_infinity(group, point);
}
field_len = BN_num_bytes(&group->field);
enc_len =
(form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len;
if (len != enc_len) {
OPENSSL_PUT_ERROR(EC, ec_GFp_simple_oct2point, EC_R_INVALID_ENCODING);
return 0;
}
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
if (ctx == NULL)
return 0;
}
BN_CTX_start(ctx);
x = BN_CTX_get(ctx);
y = BN_CTX_get(ctx);
if (y == NULL)
goto err;
if (!BN_bin2bn(buf + 1, field_len, x))
goto err;
if (BN_ucmp(x, &group->field) >= 0) {
OPENSSL_PUT_ERROR(EC, ec_GFp_simple_oct2point, EC_R_INVALID_ENCODING);
goto err;
}
if (form == POINT_CONVERSION_COMPRESSED) {
if (!EC_POINT_set_compressed_coordinates_GFp(group, point, x, y_bit, ctx))
goto err;
} else {
if (!BN_bin2bn(buf + 1 + field_len, field_len, y))
goto err;
if (BN_ucmp(y, &group->field) >= 0) {
OPENSSL_PUT_ERROR(EC, ec_GFp_simple_oct2point, EC_R_INVALID_ENCODING);
goto err;
}
if (form == POINT_CONVERSION_HYBRID) {
if (y_bit != BN_is_odd(y)) {
OPENSSL_PUT_ERROR(EC, ec_GFp_simple_oct2point, EC_R_INVALID_ENCODING);
goto err;
}
}
if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx))
goto err;
}
if (!EC_POINT_is_on_curve(group, point, ctx)) /* test required by X9.62 */
{
OPENSSL_PUT_ERROR(EC, ec_GFp_simple_oct2point, EC_R_POINT_IS_NOT_ON_CURVE);
goto err;
}
ret = 1;
err:
BN_CTX_end(ctx);
if (new_ctx != NULL)
BN_CTX_free(new_ctx);
return ret;
}
示例11: ecdh_im_compute_key
//.........這裏部分代碼省略.........
/* Fetch the curve parameters */
if (!EC_GROUP_get_curve_GFp(EC_KEY_get0_group(static_key), p, a, b, bn_ctx))
goto err;
/* Assign constants */
if ( !BN_set_word(two,2)||
!BN_set_word(three,3)||
!BN_set_word(four,4)||
!BN_set_word(six,6)||
!BN_set_word(twentyseven,27)
) goto err;
/* Check prerequisites for curve parameters */
check(
/* p > 3;*/
(BN_cmp(p, three) == 1) &&
/* p mod 3 = 2; (p has the form p=q^n, q prime) */
BN_nnmod(tmp, p, three, bn_ctx) &&
(BN_cmp(tmp, two) == 0),
"Unsuited curve");
/* Convert encrypted nonce to BIGNUM */
u = BN_bin2bn((unsigned char *) x_mem->data, x_mem->length, u);
if (!u)
goto err;
if ( /* v = (3a - u^4) / 6u mod p */
!BN_mod_mul(tmp, three, a, p, bn_ctx) ||
!BN_mod_exp(tmp2, u, four, p, bn_ctx) ||
!BN_mod_sub(v, tmp, tmp2, p, bn_ctx) ||
!BN_mod_mul(tmp, u, six, p, bn_ctx) ||
/* For division within a galois field we need to compute
* the multiplicative inverse of a number */
!BN_mod_inverse(bn_inv, tmp, p, bn_ctx) ||
!BN_mod_mul(v, v, bn_inv, p, bn_ctx) ||
/* x = (v^2 - b - ((u^6)/27)) */
!BN_mod_sqr(tmp, v, p, bn_ctx) ||
!BN_mod_sub(tmp2, tmp, b, p, bn_ctx) ||
!BN_mod_exp(tmp, u, six, p, bn_ctx) ||
!BN_mod_inverse(bn_inv, twentyseven, p, bn_ctx) ||
!BN_mod_mul(tmp, tmp, bn_inv, p, bn_ctx) ||
!BN_mod_sub(x, tmp2, tmp, p, bn_ctx) ||
/* x -> x^(1/3) = x^((2p^n -1)/3) */
!BN_mul(tmp, two, p, bn_ctx) ||
!BN_sub(tmp, tmp, BN_value_one()) ||
/* Division is defined, because p^n = 2 mod 3 */
!BN_div(tmp, y, tmp, three, bn_ctx) ||
!BN_mod_exp(tmp2, x, tmp, p, bn_ctx) ||
!BN_copy(x, tmp2) ||
/* x += (u^2)/3 */
!BN_mod_sqr(tmp, u, p, bn_ctx) ||
!BN_mod_inverse(bn_inv, three, p, bn_ctx) ||
!BN_mod_mul(tmp2, tmp, bn_inv, p, bn_ctx) ||
!BN_mod_add(tmp, x, tmp2, p, bn_ctx) ||
!BN_copy(x, tmp) ||
/* y = ux + v */
!BN_mod_mul(y, u, x, p, bn_ctx) ||
!BN_mod_add(tmp, y, v, p, bn_ctx) ||
!BN_copy(y, tmp)
)
goto err;
/* Initialize ephemeral parameters with parameters from the static key */
ephemeral_key = EC_KEY_dup(static_key);
if (!ephemeral_key)
goto err;
EVP_PKEY_set1_EC_KEY(ctx->ka_ctx->key, ephemeral_key);
/* configure the new EC_KEY */
g = EC_POINT_new(EC_KEY_get0_group(ephemeral_key));
if (!g)
goto err;
if (!EC_POINT_set_affine_coordinates_GFp(EC_KEY_get0_group(ephemeral_key), g,
x, y, bn_ctx))
goto err;
ret = 1;
err:
if (x_mem)
BUF_MEM_free(x_mem);
if (u)
BN_free(u);
BN_CTX_end(bn_ctx);
if (g)
EC_POINT_clear_free(g);
/* Decrement reference count, keys are still available via PACE_CTX */
if (static_key)
EC_KEY_free(static_key);
if (ephemeral_key)
EC_KEY_free(ephemeral_key);
return ret;
}
示例12: BN_CTX_new
static EC_GROUP *ec_group_new_from_data(const EC_CURVE_DATA *data)
{
EC_GROUP *group = NULL;
EC_POINT *P = NULL;
BN_CTX *ctx = NULL;
BIGNUM *p = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL, *order = NULL;
int ok = 0;
int seed_len = 0;
int param_len = 0;
const unsigned char *params = NULL;
ctx = BN_CTX_new();
if (ctx == NULL) {
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE);
goto err;
}
seed_len = data->seed_len;
param_len = data->param_len;
params = (const unsigned char *)(data+1); /* skip header */
params += seed_len; /* skip seed */
if (
!(p = BN_bin2bn(params+0*param_len, param_len, NULL))
|| !(a = BN_bin2bn(params+1*param_len, param_len, NULL))
|| !(b = BN_bin2bn(params+2*param_len, param_len, NULL))
) {
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
goto err;
}
if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) {
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
goto err;
}
if ((P = EC_POINT_new(group)) == NULL) {
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
goto err;
}
if (
!(x = BN_bin2bn(params+3*param_len, param_len, NULL))
|| !(y = BN_bin2bn(params+4*param_len, param_len, NULL))
) {
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
goto err;
}
if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) {
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
goto err;
}
if (
!(order = BN_bin2bn(params+5*param_len, param_len, NULL))
|| !BN_set_word(x, (BN_ULONG)data->cofactor)
) {
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
goto err;
}
if (!EC_GROUP_set_generator(group, P, order, x)) {
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
goto err;
}
if (seed_len) {
if (!EC_GROUP_set_seed(group, params-seed_len, seed_len)) {
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
goto err;
}
}
ok = 1;
err:
if (!ok) {
EC_GROUP_free(group);
group = NULL;
}
if (P) { EC_POINT_free(P); }
if (ctx) { BN_CTX_free(ctx); }
if (p) { BN_free(p); }
if (a) { BN_free(a); }
if (b) { BN_free(b); }
if (order) { BN_free(order);}
if (x) { BN_free(x); }
if (y) { BN_free(y); }
return group;
}
示例13: process_peer_commit
int process_peer_commit(REQUEST *request, pwd_session_t *session, uint8_t *in, size_t in_len, BN_CTX *bn_ctx)
{
uint8_t *ptr;
size_t data_len;
BIGNUM *x = NULL, *y = NULL, *cofactor = NULL;
EC_POINT *K = NULL, *point = NULL;
int ret = 1;
MEM(session->peer_scalar = BN_new());
MEM(session->k = BN_new());
MEM(session->peer_element = EC_POINT_new(session->group));
MEM(point = EC_POINT_new(session->group));
MEM(K = EC_POINT_new(session->group));
MEM(cofactor = BN_new());
MEM(x = BN_new());
MEM(y = BN_new());
if (!EC_GROUP_get_cofactor(session->group, cofactor, NULL)) {
REDEBUG("Unable to get group co-factor");
goto finish;
}
/* element, x then y, followed by scalar */
ptr = (uint8_t *)in;
data_len = BN_num_bytes(session->prime);
/*
* Did the peer send enough data?
*/
if (in_len < (2 * data_len + BN_num_bytes(session->order))) {
REDEBUG("Invalid commit packet");
goto finish;
}
BN_bin2bn(ptr, data_len, x);
ptr += data_len;
BN_bin2bn(ptr, data_len, y);
ptr += data_len;
data_len = BN_num_bytes(session->order);
BN_bin2bn(ptr, data_len, session->peer_scalar);
/* validate received scalar */
if (BN_is_zero(session->peer_scalar) ||
BN_is_one(session->peer_scalar) ||
BN_cmp(session->peer_scalar, session->order) >= 0) {
REDEBUG("Peer's scalar is not within the allowed range");
goto finish;
}
if (!EC_POINT_set_affine_coordinates_GFp(session->group, session->peer_element, x, y, bn_ctx)) {
REDEBUG("Unable to get coordinates of peer's element");
goto finish;
}
/* validate received element */
if (!EC_POINT_is_on_curve(session->group, session->peer_element, bn_ctx) ||
EC_POINT_is_at_infinity(session->group, session->peer_element)) {
REDEBUG("Peer's element is not a point on the elliptic curve");
goto finish;
}
/* check to ensure peer's element is not in a small sub-group */
if (BN_cmp(cofactor, BN_value_one())) {
if (!EC_POINT_mul(session->group, point, NULL, session->peer_element, cofactor, NULL)) {
REDEBUG("Unable to multiply element by co-factor");
goto finish;
}
if (EC_POINT_is_at_infinity(session->group, point)) {
REDEBUG("Peer's element is in small sub-group");
goto finish;
}
}
/* detect reflection attacks */
if (BN_cmp(session->peer_scalar, session->my_scalar) == 0 ||
EC_POINT_cmp(session->group, session->peer_element, session->my_element, bn_ctx) == 0) {
REDEBUG("Reflection attack detected");
goto finish;
}
/* compute the shared key, k */
if ((!EC_POINT_mul(session->group, K, NULL, session->pwe, session->peer_scalar, bn_ctx)) ||
(!EC_POINT_add(session->group, K, K, session->peer_element, bn_ctx)) ||
(!EC_POINT_mul(session->group, K, NULL, K, session->private_value, bn_ctx))) {
REDEBUG("Unable to compute shared key, k");
goto finish;
}
/* ensure that the shared key isn't in a small sub-group */
if (BN_cmp(cofactor, BN_value_one())) {
if (!EC_POINT_mul(session->group, K, NULL, K, cofactor, NULL)) {
REDEBUG("Unable to multiply k by co-factor");
goto finish;
}
}
/*
//.........這裏部分代碼省略.........
示例14: ecdh_cavs_kat
/*
* NIST SP800-56A co-factor ECDH tests.
* KATs taken from NIST documents with parameters:
*
* - (QCAVSx,QCAVSy) is the public key for CAVS.
* - dIUT is the private key for IUT.
* - (QIUTx,QIUTy) is the public key for IUT.
* - ZIUT is the shared secret KAT.
*
* CAVS: Cryptographic Algorithm Validation System
* IUT: Implementation Under Test
*
* This function tests two things:
*
* 1. dIUT * G = (QIUTx,QIUTy)
* i.e. public key for IUT computes correctly.
* 2. x-coord of cofactor * dIUT * (QCAVSx,QCAVSy) = ZIUT
* i.e. co-factor ECDH key computes correctly.
*
* returns zero on failure or unsupported curve. One otherwise.
*/
static int ecdh_cavs_kat(BIO *out, const ecdh_cavs_kat_t *kat)
{
int rv = 0, is_char_two = 0;
EC_KEY *key1 = NULL;
EC_POINT *pub = NULL;
const EC_GROUP *group = NULL;
BIGNUM *bnz = NULL, *x = NULL, *y = NULL;
unsigned char *Ztmp = NULL, *Z = NULL;
size_t Ztmplen, Zlen;
BIO_puts(out, "Testing ECC CDH Primitive SP800-56A with ");
BIO_puts(out, OBJ_nid2sn(kat->nid));
/* dIUT is IUT's private key */
if ((key1 = mk_eckey(kat->nid, kat->dIUT)) == NULL)
goto err;
/* these are cofactor ECDH KATs */
EC_KEY_set_flags(key1, EC_FLAG_COFACTOR_ECDH);
if ((group = EC_KEY_get0_group(key1)) == NULL)
goto err;
if ((pub = EC_POINT_new(group)) == NULL)
goto err;
if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field)
is_char_two = 1;
/* (QIUTx, QIUTy) is IUT's public key */
if(!BN_hex2bn(&x, kat->QIUTx))
goto err;
if(!BN_hex2bn(&y, kat->QIUTy))
goto err;
if (is_char_two) {
#ifdef OPENSSL_NO_EC2M
goto err;
#else
if (!EC_POINT_set_affine_coordinates_GF2m(group, pub, x, y, NULL))
goto err;
#endif
}
else {
if (!EC_POINT_set_affine_coordinates_GFp(group, pub, x, y, NULL))
goto err;
}
/* dIUT * G = (QIUTx, QIUTy) should hold */
if (EC_POINT_cmp(group, EC_KEY_get0_public_key(key1), pub, NULL))
goto err;
/* (QCAVSx, QCAVSy) is CAVS's public key */
if(!BN_hex2bn(&x, kat->QCAVSx))
goto err;
if(!BN_hex2bn(&y, kat->QCAVSy))
goto err;
if (is_char_two) {
#ifdef OPENSSL_NO_EC2M
goto err;
#else
if (!EC_POINT_set_affine_coordinates_GF2m(group, pub, x, y, NULL))
goto err;
#endif
}
else {
if (!EC_POINT_set_affine_coordinates_GFp(group, pub, x, y, NULL))
goto err;
}
/* ZIUT is the shared secret */
if(!BN_hex2bn(&bnz, kat->ZIUT))
goto err;
Ztmplen = (EC_GROUP_get_degree(EC_KEY_get0_group(key1)) + 7) / 8;
Zlen = BN_num_bytes(bnz);
if (Zlen > Ztmplen)
goto err;
if((Ztmp = OPENSSL_zalloc(Ztmplen)) == NULL)
goto err;
if((Z = OPENSSL_zalloc(Ztmplen)) == NULL)
goto err;
if(!BN_bn2binpad(bnz, Z, Ztmplen))
goto err;
if (!ECDH_compute_key(Ztmp, Ztmplen, pub, key1, 0))
//.........這裏部分代碼省略.........
示例15: gostr3410_verify_data
static CK_RV gostr3410_verify_data(const unsigned char *pubkey, int pubkey_len,
const unsigned char *params, int params_len,
unsigned char *data, int data_len,
unsigned char *signat, int signat_len)
{
EVP_PKEY *pkey;
EVP_PKEY_CTX *pkey_ctx;
EC_POINT *P;
BIGNUM *X, *Y;
ASN1_OCTET_STRING *octet;
const EC_GROUP *group = NULL;
char paramset[2] = "A";
int r = -1, ret_vrf = 0;
pkey = EVP_PKEY_new();
if (!pkey)
return CKR_HOST_MEMORY;
r = EVP_PKEY_set_type(pkey, NID_id_GostR3410_2001);
if (r == 1) {
pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL);
if (!pkey_ctx) {
EVP_PKEY_free(pkey);
return CKR_HOST_MEMORY;
}
/* FIXME: fully check params[] */
if (params_len > 0 && params[params_len - 1] >= 1 &&
params[params_len - 1] <= 3) {
paramset[0] += params[params_len - 1] - 1;
r = EVP_PKEY_CTX_ctrl_str(pkey_ctx, "paramset", paramset);
}
else
r = -1;
if (r == 1)
r = EVP_PKEY_paramgen_init(pkey_ctx);
if (r == 1)
r = EVP_PKEY_paramgen(pkey_ctx, &pkey);
if (r == 1 && EVP_PKEY_get0(pkey) != NULL)
group = EC_KEY_get0_group(EVP_PKEY_get0(pkey));
r = -1;
if (group)
octet = d2i_ASN1_OCTET_STRING(NULL, &pubkey, (long)pubkey_len);
if (group && octet) {
reverse(octet->data, octet->length);
Y = BN_bin2bn(octet->data, octet->length / 2, NULL);
X = BN_bin2bn((const unsigned char*)octet->data +
octet->length / 2, octet->length / 2, NULL);
ASN1_OCTET_STRING_free(octet);
P = EC_POINT_new(group);
if (P && X && Y)
r = EC_POINT_set_affine_coordinates_GFp(group,
P, X, Y, NULL);
BN_free(X);
BN_free(Y);
if (r == 1 && EVP_PKEY_get0(pkey) && P)
r = EC_KEY_set_public_key(EVP_PKEY_get0(pkey), P);
EC_POINT_free(P);
}
if (r == 1) {
r = EVP_PKEY_verify_init(pkey_ctx);
reverse(data, data_len);
if (r == 1)
ret_vrf = EVP_PKEY_verify(pkey_ctx, signat, signat_len,
data, data_len);
}
}
EVP_PKEY_CTX_free(pkey_ctx);
EVP_PKEY_free(pkey);
if (r != 1)
return CKR_GENERAL_ERROR;
return ret_vrf == 1 ? CKR_OK : CKR_SIGNATURE_INVALID;
}