Beispiel #1
0
static int pkey_rsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
{
    RSA_PKEY_CTX *dctx, *sctx;
    if (!pkey_rsa_init(dst))
        return 0;
    sctx = src->data;
    dctx = dst->data;
    dctx->nbits = sctx->nbits;
    if (sctx->pub_exp) {
        dctx->pub_exp = BN_dup(sctx->pub_exp);
        if (!dctx->pub_exp)
            return 0;
    }
    dctx->pad_mode = sctx->pad_mode;
    dctx->md = sctx->md;
    dctx->mgf1md = sctx->mgf1md;
    if (sctx->oaep_label) {
        if (dctx->oaep_label)
            OPENSSL_free(dctx->oaep_label);
        dctx->oaep_label = BUF_memdup(sctx->oaep_label, sctx->oaep_labellen);
        if (!dctx->oaep_label)
            return 0;
        dctx->oaep_labellen = sctx->oaep_labellen;
    }
    return 1;
}
int dupKeys(paillierKeys *out, const paillierKeys *in)
{
    out->n2 = BN_dup(in->n2);
    out->n = BN_dup(in->n);

    out->pub.g = BN_dup(in->pub.g);
    out->pub.n = out->n;
    out->pub.n2 = out->n2;

    out->priv.lamda = BN_dup(in->priv.lamda);
    out->priv.mu = BN_dup(in->priv.mu);
    out->priv.n = out->n;
    out->priv.n2 = out->n2;

    return 0;
}
void PSPAKE_Message_generate(PSPAKE_Message *message, PSPAKE_CTX *ctx)
{
    BIGNUM *t1 = BN_new();
    BIGNUM *t2 = BN_new();

    /* just for debugging */
    static int cnt = 0;
    cnt++;

    /* r belongs to [0, q) */
    BN_rand_range(ctx->r, ctx->q);

    /* t1 = g^r mod q */
    BN_mod_exp(t1, ctx->g, ctx->r, ctx->q, ctx->ctx);

    /* t2 = h^secret mod q */
    BN_mod_exp(t2, ctx->h, ctx->secret, ctx->q, ctx->ctx);

    /* ctx->y = t1 * t2 mod q */
    BN_mod_mul(ctx->y, t1, t2, ctx->q, ctx->ctx);

    /* message->y = ctx->y */
    message->y = BN_dup(ctx->y);

    /* print the random number r generated (just for debugging) */
    if (cnt == 1)
    {
        print_bn("alice's r", ctx->r);
    }
    else
    {
        print_bn("bob's r", ctx->r);
    }
}
Beispiel #4
0
bool MakePrime(RsaParams params, const BIGNUM* value, BIGNUM** delta_ret, 
    BN_CTX* ctx)
{
  BIGNUM* tmp = BN_dup(value);
  CHECK_CALL(tmp);

  // Find a delta such that 
  //    p = value + delta
  // is prime
  const int delta_max = RsaParams_GetDeltaMax(params);

  bool is_even = !BN_is_odd(tmp);
  if(is_even) {
    CHECK_CALL(BN_add_word(tmp, 1));
  }

  if(!RsaPrime(*delta_ret, tmp, ctx)) return false;
 
  if(is_even) {
    CHECK_CALL(BN_add_word(*delta_ret, 1));
  }

//  printf("%llu %d\n", BN_get_word(*delta_ret), delta_max);
  if(BN_get_word(*delta_ret) > delta_max) return false;

  BN_clear_free(tmp);

  return true;
}
Beispiel #5
0
int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key)
	{
	if (key->priv_key)
		BN_clear_free(key->priv_key);
	key->priv_key = BN_dup(priv_key);
	return (key->priv_key == NULL) ? 0 : 1;
	}
Beispiel #6
0
int 
ec_GFp_mont_group_copy(EC_GROUP * dest, const EC_GROUP * src)
{
	BN_MONT_CTX_free(dest->field_data1);
	dest->field_data1 = NULL;
	BN_clear_free(dest->field_data2);
	dest->field_data2 = NULL;

	if (!ec_GFp_simple_group_copy(dest, src))
		return 0;

	if (src->field_data1 != NULL) {
		dest->field_data1 = BN_MONT_CTX_new();
		if (dest->field_data1 == NULL)
			return 0;
		if (!BN_MONT_CTX_copy(dest->field_data1, src->field_data1))
			goto err;
	}
	if (src->field_data2 != NULL) {
		dest->field_data2 = BN_dup(src->field_data2);
		if (dest->field_data2 == NULL)
			goto err;
	}
	return 1;

 err:
	if (dest->field_data1 != NULL) {
		BN_MONT_CTX_free(dest->field_data1);
		dest->field_data1 = NULL;
	}
	return 0;
}
static void YAK_CTX_init(YAK_CTX *ctx, const char *name,
                         const char *peer_name, const BIGNUM *p,
                         const EC_POINT *g, const BIGNUM *q,
                         const BIGNUM *secret)
{
    ctx->p.name = OPENSSL_strdup(name);
    ctx->p.peer_name = OPENSSL_strdup(peer_name);
    ctx->p.p = BN_dup(p);
    ctx->p.g = BN_dup(g);
    ctx->p.q = BN_dup(q);
    ctx->secret = BN_dup(secret);
    
    ctx->xa = BN_new();
    ctx->key = BN_new();
    ctx->ctx = BN_CTX_new();
}
BIGNUM * OpenSSLCryptoBase64::b642BN(char * b64in, unsigned int len) {

	if (len > 1024)
		return NULL;

	int bufLen;
	unsigned char buf[1024];

	EVP_ENCODE_CTX m_dctx;
	EVP_DecodeInit(&m_dctx);
	int rc = EVP_DecodeUpdate(&m_dctx, 
						  buf, 
						  &bufLen, 
						  (unsigned char *) b64in, 
						  len);

	if (rc < 0) {

		throw XSECCryptoException(XSECCryptoException::Base64Error,
			"OpenSSL:Base64 - Error during Base64 Decode of BIGNUMS");
	}

	int finalLen;
	EVP_DecodeFinal(&m_dctx, &buf[bufLen], &finalLen); 

	bufLen += finalLen;

	// Now translate to a bignum
	return BN_dup(BN_bin2bn(buf, bufLen, NULL));

}
Beispiel #9
0
Datei: dh.c Projekt: KennethL/otp
ERL_NIF_TERM dh_compute_key_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
{/* (OthersPublicKey, MyPrivateKey, DHParams=[P,G]) */
    BIGNUM *other_pub_key = NULL,
        *dh_p = NULL,
        *dh_g = NULL;
    DH *dh_priv = DH_new();

    /* Check the arguments and get
          my private key (dh_priv),
          the peer's public key (other_pub_key),
          the parameters p & q
    */

    {
        BIGNUM *dummy_pub_key = NULL,
               *priv_key = NULL;
        ERL_NIF_TERM head, tail;

        if (!get_bn_from_bin(env, argv[0], &other_pub_key)
            || !get_bn_from_bin(env, argv[1], &priv_key)
            || !enif_get_list_cell(env, argv[2], &head, &tail)
            || !get_bn_from_bin(env, head, &dh_p)
            || !enif_get_list_cell(env, tail, &head, &tail)
            || !get_bn_from_bin(env, head, &dh_g)
            || !enif_is_empty_list(env, tail)

            /* Note: DH_set0_key() does not allow setting only the
             * private key, although DH_compute_key() does not use the
             * public key. Work around this limitation by setting
             * the public key to a copy of the private key.
             */
            || !(dummy_pub_key = BN_dup(priv_key))
            || !DH_set0_key(dh_priv, dummy_pub_key, priv_key)
            || !DH_set0_pqg(dh_priv, dh_p, NULL, dh_g)
            ) {
            if (dh_p) BN_free(dh_p);
            if (dh_g) BN_free(dh_g);
            if (other_pub_key) BN_free(other_pub_key);
            if (dummy_pub_key) BN_free(dummy_pub_key);
            if (priv_key) BN_free(priv_key);
            return enif_make_badarg(env);
        }
    }
    {
        ErlNifBinary ret_bin;
        int size;

        enif_alloc_binary(DH_size(dh_priv), &ret_bin);
        size = DH_compute_key(ret_bin.data, other_pub_key, dh_priv);
        BN_free(other_pub_key);
        DH_free(dh_priv);
        if (size<=0) {
            enif_release_binary(&ret_bin);
            return atom_error;
        }

        if (size != ret_bin.size) enif_realloc_binary(&ret_bin, size);
        return enif_make_binary(env, &ret_bin);
    }
}
int ec_GFp_mont_group_copy(EC_GROUP *dest, const EC_GROUP *src) {
  BN_MONT_CTX_free(dest->mont);
  dest->mont = NULL;
  BN_clear_free(dest->one);
  dest->one = NULL;

  if (!ec_GFp_simple_group_copy(dest, src)) {
    return 0;
  }

  if (src->mont != NULL) {
    dest->mont = BN_MONT_CTX_new();
    if (dest->mont == NULL) {
      return 0;
    }
    if (!BN_MONT_CTX_copy(dest->mont, src->mont)) {
      goto err;
    }
  }
  if (src->one != NULL) {
    dest->one = BN_dup(src->one);
    if (dest->one == NULL) {
      goto err;
    }
  }

  return 1;

err:
  BN_MONT_CTX_free(dest->mont);
  dest->mont = NULL;
  return 0;
}
static int gost_set_priv_key(EVP_PKEY *pkey,BIGNUM *priv) 
	{
	switch (EVP_PKEY_base_id(pkey)) 
		{
		case NID_id_GostR3410_94:
		{
		DSA *dsa = (DSA*)EVP_PKEY_get0(pkey);
		if (!dsa) 
			{
			dsa = DSA_new();
			EVP_PKEY_assign(pkey,EVP_PKEY_base_id(pkey),dsa);
			}	
		dsa->priv_key = BN_dup(priv);
		if (!EVP_PKEY_missing_parameters(pkey)) 
			gost94_compute_public(dsa);
		break;
		}	
		case NID_id_GostR3410_2001:
		{
		EC_KEY *ec = (EC_KEY*)EVP_PKEY_get0(pkey);
		if (!ec) 
			{
			ec = EC_KEY_new();
			EVP_PKEY_assign(pkey,EVP_PKEY_base_id(pkey),ec);
			}	
		if (!EC_KEY_set_private_key(ec,priv)) return 0;
		if (!EVP_PKEY_missing_parameters(pkey)) 
			gost2001_compute_public(ec);
		break;
		}
		}
	return 1;		
	}
Beispiel #12
0
//old
BIGNUM *Egcd(const BIGNUM *n, const BIGNUM *m, BIGNUM *x, BIGNUM *y)
	{
		//print_bn("n", n);
		//print_bn("m", m);
		
	BIGNUM *value = BN_new();
	BIGNUM *temp = BN_new();
	BIGNUM *t1 = BN_new();
	BIGNUM *t2 = BN_new();
	BIGNUM *new_m = BN_new();
	BN_CTX *ctx = BN_CTX_new();
	
	if (BN_is_zero(m))
		{
		BN_set_word(x, 1);
		BN_set_word(y, 0);
		value = BN_dup(n);
		
		//print_bn("x", x);
		//print_bn("y", y);
	
		return value;
		}	
		
	BN_mod(new_m, n, m, ctx);
	//printf("called once\n");
	value = BN_dup(Egcd(m, new_m, x, y));
	
	print_bn("n", n);
	print_bn("m", m);
	print_bn("old_x", x);
	print_bn("old_y", y);
	
	temp = BN_dup(x);
	
	x = BN_dup(y);
	
	/* y = temp - (n/m) * y */
	BN_div(t1, NULL, n, m, ctx);
	BN_mul(t2, t1, y, ctx);
	BN_sub(y, temp, t2);
	
	print_bn("x", x);
	print_bn("y", y);
	
	return value;
	}
Beispiel #13
0
static DH *get_standard_parameters(const struct standard_parameters *params,
                                   const ENGINE *engine) {
  DH *dh = DH_new();
  if (!dh) {
    return NULL;
  }

  dh->p = BN_dup(&params->p);
  dh->q = BN_dup(&params->q);
  dh->g = BN_dup(&params->g);
  if (!dh->p || !dh->q || !dh->g) {
    DH_free(dh);
    return NULL;
  }

  return dh;
}
Beispiel #14
0
static int
dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
{
	BIGNUM *a;

	if ((a = BN_dup(from->pkey.dh->p)) == NULL)
		return 0;
	BN_free(to->pkey.dh->p);
	to->pkey.dh->p = a;

	if ((a = BN_dup(from->pkey.dh->g)) == NULL)
		return 0;
	BN_free(to->pkey.dh->g);
	to->pkey.dh->g = a;

	return 1;
}
Beispiel #15
0
int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
	{
	if (to->type != from->type)
		{
		EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,EVP_R_DIFFERENT_KEY_TYPES);
		goto err;
		}

	if (EVP_PKEY_missing_parameters(from))
		{
		EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,EVP_R_MISSING_PARAMETERS);
		goto err;
		}
#ifndef OPENSSL_NO_DSA
	if (to->type == EVP_PKEY_DSA)
		{
		BIGNUM *a;

		if ((a=BN_dup(from->pkey.dsa->p)) == NULL) goto err;
		if (to->pkey.dsa->p != NULL) BN_free(to->pkey.dsa->p);
		to->pkey.dsa->p=a;

		if ((a=BN_dup(from->pkey.dsa->q)) == NULL) goto err;
		if (to->pkey.dsa->q != NULL) BN_free(to->pkey.dsa->q);
		to->pkey.dsa->q=a;

		if ((a=BN_dup(from->pkey.dsa->g)) == NULL) goto err;
		if (to->pkey.dsa->g != NULL) BN_free(to->pkey.dsa->g);
		to->pkey.dsa->g=a;
		}
#endif
#ifndef OPENSSL_NO_EC
	if (to->type == EVP_PKEY_EC)
		{
		EC_GROUP *group = EC_GROUP_dup(EC_KEY_get0_group(from->pkey.ec));
		if (group == NULL)
			goto err;
		if (EC_KEY_set_group(to->pkey.ec, group) == 0)
			goto err;
		EC_GROUP_free(group);
		}
#endif
	return(1);
err:
	return(0);
	}
Beispiel #16
0
static SRP_user_pwd *srp_user_pwd_dup(SRP_user_pwd *src)
{
    SRP_user_pwd *ret;

    if (src == NULL)
        return NULL;
    if ((ret = SRP_user_pwd_new()) == NULL)
        return NULL;

    SRP_user_pwd_set_gN(ret, src->g, src->N);
    if (!SRP_user_pwd_set_ids(ret, src->id, src->info)
        || !SRP_user_pwd_set_sv_BN(ret, BN_dup(src->s), BN_dup(src->v))) {
            SRP_user_pwd_free(ret);
            return NULL;
    }
    return ret;
}
Beispiel #17
0
int
tls_ctx_use_external_private_key (struct tls_root_ctx *ctx, X509 *cert)
{
  RSA *rsa = NULL;
  RSA *pub_rsa;
  RSA_METHOD *rsa_meth;

  ASSERT (NULL != ctx);
  ASSERT (NULL != cert);

  /* allocate custom RSA method object */
  ALLOC_OBJ_CLEAR (rsa_meth, RSA_METHOD);
  rsa_meth->name = "OpenVPN external private key RSA Method";
  rsa_meth->rsa_pub_enc = rsa_pub_enc;
  rsa_meth->rsa_pub_dec = rsa_pub_dec;
  rsa_meth->rsa_priv_enc = rsa_priv_enc;
  rsa_meth->rsa_priv_dec = rsa_priv_dec;
  rsa_meth->init = NULL;
  rsa_meth->finish = rsa_finish;
  rsa_meth->flags = RSA_METHOD_FLAG_NO_CHECK;
  rsa_meth->app_data = NULL;

  /* allocate RSA object */
  rsa = RSA_new();
  if (rsa == NULL)
    {
      SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE);
      goto err;
    }

  /* get the public key */
  ASSERT(cert->cert_info->key->pkey); /* NULL before SSL_CTX_use_certificate() is called */
  pub_rsa = cert->cert_info->key->pkey->pkey.rsa;

  /* initialize RSA object */
  rsa->n = BN_dup(pub_rsa->n);
  rsa->flags |= RSA_FLAG_EXT_PKEY;
  if (!RSA_set_method(rsa, rsa_meth))
    goto err;

  /* bind our custom RSA object to ssl_ctx */
  if (!SSL_CTX_use_RSAPrivateKey(ctx->ctx, rsa))
    goto err;

  RSA_free(rsa); /* doesn't necessarily free, just decrements refcount */
  return 1;

 err:
  if (rsa)
    RSA_free(rsa);
  else
    {
      if (rsa_meth)
	free(rsa_meth);
    }
  msg (M_SSLERR, "Cannot enable SSL external private key capability");
  return 0;
}
Beispiel #18
0
Result<RSA> RSA::from_pem(Slice pem) {
  init_crypto();

  auto *bio =
      BIO_new_mem_buf(const_cast<void *>(static_cast<const void *>(pem.ubegin())), narrow_cast<int32>(pem.size()));
  if (bio == nullptr) {
    return Status::Error("Cannot create BIO");
  }
  SCOPE_EXIT {
    BIO_free(bio);
  };

  auto *rsa = RSA_new();
  if (rsa == nullptr) {
    return Status::Error("Cannot create RSA");
  }
  SCOPE_EXIT {
    RSA_free(rsa);
  };

  if (!PEM_read_bio_RSAPublicKey(bio, &rsa, nullptr, nullptr)) {
    return Status::Error("Error while reading rsa pubkey");
  }

  if (RSA_size(rsa) != 256) {
    return Status::Error("RSA_size != 256");
  }

  const BIGNUM *n_num;
  const BIGNUM *e_num;
#if OPENSSL_VERSION_NUMBER < 0x10100000L
  n_num = rsa->n;
  e_num = rsa->e;
#else
  RSA_get0_key(rsa, &n_num, &e_num, nullptr);
#endif

  auto n = static_cast<void *>(BN_dup(n_num));
  auto e = static_cast<void *>(BN_dup(e_num));
  if (n == nullptr || e == nullptr) {
    return Status::Error("Cannot dup BIGNUM");
  }

  return RSA(BigNum::from_raw(n), BigNum::from_raw(e));
}
Beispiel #19
0
static void 
test_seckey(const __ops_seckey_t *seckey)
{
	RSA            *test = RSA_new();

	test->n = BN_dup(seckey->pubkey.key.rsa.n);
	test->e = BN_dup(seckey->pubkey.key.rsa.e);

	test->d = BN_dup(seckey->key.rsa.d);
	test->p = BN_dup(seckey->key.rsa.p);
	test->q = BN_dup(seckey->key.rsa.q);

	if (RSA_check_key(test) != 1) {
		(void) fprintf(stderr,
			"test_seckey: RSA_check_key failed\n");
	}
	RSA_free(test);
}
QUADRATIC *QD_dup(QUADRATIC *a) {
	QUADRATIC *b = NULL;
	int code;

	code = LIBLESS_ERROR;

	TRY(b = (QUADRATIC *)malloc(sizeof(QUADRATIC)), return NULL);
	TRY(b->x = BN_dup(a->x), goto end);
	TRY(b->y = BN_dup(a->y), goto end);

	code = LIBLESS_OK;
end:
	if (code != LIBLESS_OK) {
		QD_free(b);
		b = NULL;
	}
	return b;
}
Beispiel #21
0
int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key)
{
    if (key->meth->set_private != NULL
        && key->meth->set_private(key, priv_key) == 0)
        return 0;
    BN_clear_free(key->priv_key);
    key->priv_key = BN_dup(priv_key);
    return (key->priv_key == NULL) ? 0 : 1;
}
Beispiel #22
0
Handle<ScopedEVP_PKEY> JwkEc::To(int &key_type) {
	LOG_FUNC();

	LOG_INFO("Check key_type");
	if (!(key_type == NODESSL_KT_PRIVATE || key_type == NODESSL_KT_PUBLIC)) {
		THROW_ERROR("Wrong value of key_type");
	}

	LOG_INFO("import EC from JWK");
	ScopedEC_KEY ec_key(EC_KEY_new());

	LOG_INFO("set public key");
	ScopedEC_GROUP group(EC_GROUP_new_by_curve_name(this->crv));
	if (group.isEmpty()) {
		THROW_OPENSSL("EC_GROUP_new_by_curve_name");
	}

	EC_KEY_set_group(ec_key.Get(), group.Get());

	ScopedBIGNUM x(BN_dup(this->x.Get()));
	ScopedBIGNUM y(BN_dup(this->y.Get()));

	if (EC_KEY_set_public_key_affine_coordinates(ec_key.Get(), x.Get(), y.Get()) != 1) {
		THROW_OPENSSL("EC_KEY_set_public_key_affine_coordinates");
	}
	x.unref();
	y.unref();
	if (key_type == NODESSL_KT_PRIVATE) {
		LOG_INFO("set private key");

		ScopedBIGNUM d(BN_dup(this->d.Get()));
		if (EC_KEY_set_private_key(ec_key.Get(), d.Get()) != 1) {
			THROW_OPENSSL("EC_KEY_set_private_key");
		}
		d.unref();
	}

	LOG_INFO("set internal key");
	Handle<ScopedEVP_PKEY> new_key(new ScopedEVP_PKEY(EVP_PKEY_new()));
	EVP_PKEY_assign_EC_KEY(new_key->Get(), ec_key.Get());
	ec_key.unref();
	
	return new_key;
}
Beispiel #23
0
DH *tr_create_matching_dh (unsigned char *priv_key,
			   size_t keylen,
			   DH *in_dh) {
  DH *dh = NULL;
  int dh_err = 0;

  if (!in_dh)
    return NULL;

  if (NULL == (dh = DH_new())) {
    tr_crit("tr_create_matching_dh: unable to allocate new DH structure.");
    return NULL;
  }

  if ((NULL == (dh->g = BN_dup(in_dh->g))) ||
      (NULL == (dh->p = BN_dup(in_dh->p)))) {
    DH_free(dh);
    tr_debug("tr_create_matching_dh: Invalid dh parameter values, can't be duped.");
    return NULL;
  }

  /* TBD -- share code with previous function */
  if ((priv_key) && (keylen > 0))
    dh->priv_key = BN_bin2bn(priv_key, keylen, NULL);

  DH_generate_key(dh);		/* generates the public key */
  DH_check(dh, &dh_err);
  if (0 != dh_err) {
    tr_warning("Warning: dh_check failed with %d", dh_err);
    if (dh_err & DH_CHECK_P_NOT_PRIME)
      tr_warning(": p value is not prime");
    else if (dh_err & DH_CHECK_P_NOT_SAFE_PRIME)
      tr_warning(": p value is not a safe prime");
    else if (dh_err & DH_UNABLE_TO_CHECK_GENERATOR)
      tr_warning(": unable to check the generator value");
    else if (dh_err & DH_NOT_SUITABLE_GENERATOR)
      tr_warning(": the g value is not a generator");
    else
      tr_warning("unhandled error %i", dh_err);
  }

  return(dh);
}
Beispiel #24
0
/* OpenSSL sadly wants to ASN1 encode the resulting bignums so we use this
 * function to skip that. Returns > 0 on success */
int HsOpenSSL_dsa_sign(DSA *dsa, const unsigned char *ddata, int dlen,
                       const BIGNUM **r, const BIGNUM **s) {
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
  DSA_SIG *const sig = DSA_do_sign(ddata, dlen, dsa);
  if (!sig) return 0;
  DSA_SIG_get0(sig, r, s);
  *r = BN_dup(*r);
  *s = BN_dup(*s);
  DSA_SIG_free(sig);
  return 1;
#else
  DSA_SIG *const sig = dsa->meth->dsa_do_sign(ddata, dlen, dsa);
  if (!sig) return 0;
  *r = sig->r;
  *s = sig->s;
  free(sig);
  return 1;
#endif
}
Beispiel #25
0
BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) {
  BN_BLINDING *ret = NULL;

  ret = (BN_BLINDING*) OPENSSL_malloc(sizeof(BN_BLINDING));
  if (ret == NULL) {
    OPENSSL_PUT_ERROR(RSA, BN_BLINDING_new, ERR_R_MALLOC_FAILURE);
    return NULL;
  }
  memset(ret, 0, sizeof(BN_BLINDING));
  if (A != NULL) {
    ret->A = BN_dup(A);
    if (ret->A == NULL) {
      goto err;
    }
  }
  if (Ai != NULL) {
    ret->Ai = BN_dup(Ai);
    if (ret->Ai == NULL) {
      goto err;
    }
  }

  /* save a copy of mod in the BN_BLINDING structure */
  ret->mod = BN_dup(mod);
  if (ret->mod == NULL) {
    goto err;
  }
  if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0) {
    BN_set_flags(ret->mod, BN_FLG_CONSTTIME);
  }

  /* Set the counter to the special value -1
   * to indicate that this is never-used fresh blinding
   * that does not need updating before first use. */
  ret->counter = -1;
  return ret;

err:
  if (ret != NULL) {
    BN_BLINDING_free(ret);
  }
  return NULL;
}
Beispiel #26
0
BIGNUM *
DH_get_q(const DH *dh, BN_CTX *ctx)
{
    BIGNUM *q_new = NULL, *bn = NULL;
    int i;
    const BIGNUM *p, *q;

    check(dh, "Invalid arguments");

    DH_get0_pqg(dh, &p, &q, NULL);
    if (!q) {
        q_new = BN_new();
        bn = BN_dup(p);

        /* DH primes should be strong, based on a Sophie Germain prime q
         * p=(2*q)+1 or (p-1)/2=q */
        if (!q_new || !bn ||
                !BN_sub_word(bn, 1) ||
                !BN_rshift1(q_new, bn)) {
            goto err;
        }
    } else {
        q_new = BN_dup(q);
    }

    /* q should always be prime */
    i = BN_is_prime_ex(q_new, BN_prime_checks, ctx, NULL);
    if (i <= 0) {
       if (i == 0)
          log_err("Unable to get Sophie Germain prime");
       goto err;
    }

    return q_new;

err:
    if (bn)
        BN_clear_free(bn);
    if (q_new)
        BN_clear_free(q_new);

    return NULL;
}
Beispiel #27
0
/**
  https://core.telegram.org/api/end-to-end says:
  "Both clients in a secret chat creation are to check that g, g_a and g_b are greater than one and smaller than p-1.
  Recommented checking that g_a and g_b are between 2^{2048-64} and p - 2^{2048-64} as well."
*/
qint32 CryptoUtils::checkCalculatedParams(const BIGNUM *gAOrB, const BIGNUM *g, const BIGNUM *p) {
    ASSERT(gAOrB);
    ASSERT(g);
    ASSERT(p);

    // 1) gAOrB and g greater than one and smaller than p-1
    BIGNUM one;
    BN_init(&one);
    Utils::ensure(BN_one(&one));

    BIGNUM *pMinusOne = BN_dup(p);
    Utils::ensure(BN_sub_word(pMinusOne, 1));

    // check params greater than one
    if (BN_cmp(gAOrB, &one) <= 0) return -1;
    if (BN_cmp(g, &one) <= 0) return -1;

    // check params <= p-1
    if (BN_cmp(gAOrB, pMinusOne) >= 0) return -1;
    if (BN_cmp(g, pMinusOne) >= 0) return -1;

    // 2) gAOrB between 2^{2048-64} and p - 2^{2048-64}
    quint64 expWord = 2048 - 64;
    BIGNUM exp;
    BN_init(&exp);
    Utils::ensure(BN_set_word(&exp, expWord));

    BIGNUM base;
    BN_init(&base);
    Utils::ensure(BN_set_word(&base, 2));

    // lowLimit = base ^ exp
    BIGNUM lowLimit;
    BN_init(&lowLimit);
    Utils::ensure(BN_exp(&lowLimit, &base, &exp, BN_ctx));

    // highLimit = p - lowLimit
    BIGNUM highLimit;
    BN_init(&highLimit);
    BN_sub(&highLimit, p, &lowLimit);

    if (BN_cmp(gAOrB, &lowLimit) < 0) return -1;
    if (BN_cmp(gAOrB, &highLimit) > 0) return -1;

    BN_free(&one);
    BN_free(pMinusOne);
    BN_free(&exp);
    BN_free(&lowLimit);
    BN_free(&highLimit);
    delete g;
    delete gAOrB;
    delete p;

    return 0;
}
Beispiel #28
0
struct number *
dup_number(const struct number *a)
{
	struct number *n;

	n = bmalloc(sizeof(*n));
	n->scale = a->scale;
	n->number = BN_dup(a->number);
	bn_checkp(n->number);
	return n;
}
Beispiel #29
0
/* If the server just has the raw password, make up a verifier entry on the fly */
int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, const char *grp)
	{
	SRP_gN *GN = SRP_get_default_gN(grp);
	if(GN == NULL) return -1;
	s->srp_ctx.N = BN_dup(GN->N);
	s->srp_ctx.g = BN_dup(GN->g);
	if(s->srp_ctx.v != NULL)
		{
		BN_clear_free(s->srp_ctx.v);
		s->srp_ctx.v = NULL;
		}
	if(s->srp_ctx.s != NULL)
		{
		BN_clear_free(s->srp_ctx.s);
		s->srp_ctx.s = NULL;
		}
	if(!SRP_create_verifier_BN(user, pass, &s->srp_ctx.s, &s->srp_ctx.v, GN->N, GN->g)) return -1;

	return 1;
	}
Beispiel #30
0
static int dup_bn_into(BIGNUM **out, BIGNUM *src) {
  BIGNUM *a;

  a = BN_dup(src);
  if (a == NULL) {
    return 0;
  }
  BN_free(*out);
  *out = a;

  return 1;
}