vg_context_t *
vg_prefix_context_new(int addrtype, int privtype, int caseinsensitive)
{
vg_prefix_context_t *vcpp;
vcpp = (vg_prefix_context_t *) malloc(sizeof(*vcpp));
if (vcpp) {
memset(vcpp, 0, sizeof(*vcpp));
vcpp->base.vc_addrtype = addrtype;
vcpp->base.vc_privtype = privtype;
vcpp->base.vc_npatterns = 0;
vcpp->base.vc_npatterns_start = 0;
vcpp->base.vc_found = 0;
vcpp->base.vc_chance = 0.0;
vcpp->base.vc_free = vg_prefix_context_free;
vcpp->base.vc_add_patterns = vg_prefix_context_add_patterns;
vcpp->base.vc_clear_all_patterns =
vg_prefix_context_clear_all_patterns;
vcpp->base.vc_test = vg_prefix_test;
vcpp->base.vc_hash160_sort = vg_prefix_hash160_sort;
avl_root_init(&vcpp->vcp_avlroot);
BN_init(&vcpp->vcp_difficulty);
vcpp->vcp_caseinsensitive = caseinsensitive;
}
return &vcpp->base;
}
static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
{
BN_CTX *ctx;
BIGNUM k,*kinv=NULL,*r=NULL;
int ret=0;
if (ctx_in == NULL)
{
if ((ctx=BN_CTX_new()) == NULL) goto err;
}
else
ctx=ctx_in;
BN_init(&k);
if ((r=BN_new()) == NULL) goto err;
kinv=NULL;
/* Get random k */
for (;;)
{
if (!BN_rand(&k, BN_num_bits(dsa->q), 1, 0)) goto err;
if (BN_cmp(&k,dsa->q) >= 0)
BN_sub(&k,&k,dsa->q);
if (!BN_is_zero(&k)) break;
}
if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
{
if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
dsa->p,ctx)) goto err;
}
/* Compute r = (g^k mod p) mod q */
if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
(BN_MONT_CTX *)dsa->method_mont_p)) goto err;
if (!BN_mod(r,r,dsa->q,ctx)) goto err;
/* Compute part of 's = inv(k) (m + xr) mod q' */
if ((kinv=BN_mod_inverse(NULL,&k,dsa->q,ctx)) == NULL) goto err;
if (*kinvp != NULL) BN_clear_free(*kinvp);
*kinvp=kinv;
kinv=NULL;
if (*rp != NULL) BN_clear_free(*rp);
*rp=r;
ret=1;
err:
if (!ret)
{
DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB);
if (kinv != NULL) BN_clear_free(kinv);
if (r != NULL) BN_clear_free(r);
}
if (ctx_in == NULL) BN_CTX_free(ctx);
if (kinv != NULL) BN_clear_free(kinv);
BN_clear_free(&k);
return(ret);
}
qint32 CryptoUtils::checkDHParams (BIGNUM *p, qint32 g) {
if (g < 2 || g > 7) { return -1; }
BIGNUM t;
BN_init (&t);
BIGNUM dh_g;
BN_init (&dh_g);
Utils::ensure (BN_set_word (&dh_g, 4 * g));
Utils::ensure (BN_mod (&t, p, &dh_g, BN_ctx));
qint32 x = BN_get_word (&t);
Q_ASSERT(x >= 0 && x < 4 * g);
BN_free (&dh_g);
switch (g) {
case 2:
if (x != 7) { return -1; }
break;
case 3:
if (x % 3 != 2 ) { return -1; }
break;
case 4:
break;
case 5:
if (x % 5 != 1 && x % 5 != 4) { return -1; }
break;
case 6:
if (x != 19 && x != 23) { return -1; }
break;
case 7:
if (x % 7 != 3 && x % 7 != 5 && x % 7 != 6) { return -1; }
break;
}
if (!checkPrime (p)) { return -1; }
BIGNUM b;
BN_init (&b);
Utils::ensure (BN_set_word (&b, 2));
Utils::ensure (BN_div (&t, 0, p, &b, BN_ctx));
if (!checkPrime (&t)) { return -1; }
BN_free (&b);
BN_free (&t);
return 0;
}
/* signing */
static int RSA_eay_private_encrypt(FIPS_RSA_SIZE_T flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
BIGNUM f,ret;
int i,j,k,num=0,r= -1;
unsigned char *buf=NULL;
BN_CTX *ctx=NULL;
int local_blinding = 0;
BN_BLINDING *blinding = NULL;
BN_init(&f);
BN_init(&ret);
if ((ctx=BN_CTX_new()) == NULL) goto err;
num=BN_num_bytes(rsa->n);
if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL)
{
RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE);
goto err;
}
switch (padding)
{
case RSA_PKCS1_PADDING:
i=RSA_padding_add_PKCS1_type_1(buf,num,from,flen);
break;
case RSA_NO_PADDING:
i=RSA_padding_add_none(buf,num,from,flen);
break;
case RSA_SSLV23_PADDING:
default:
RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
goto err;
}
if (i <= 0) goto err;
if (BN_bin2bn(buf,num,&f) == NULL) goto err;
if (BN_ucmp(&f, rsa->n) >= 0)
{
/* usually the padding functions would catch this */
RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
goto err;
}
BLINDING_HELPER(rsa, ctx, goto err;);
void CECKey::SetSecretBytes(const unsigned char vch[32])
{
BIGNUM bn;
BN_init(&bn);
assert(BN_bin2bn(vch, 32, &bn));
assert(EC_KEY_regenerate_key(pkey, &bn));
BN_clear_free(&bn);
}
static int crypto_rsa_common(const BYTE* input, int length, UINT32 key_length, const BYTE* modulus, const BYTE* exponent, int exponent_size, BYTE* output)
{
BN_CTX* ctx;
int output_length;
BYTE* input_reverse;
BYTE* modulus_reverse;
BYTE* exponent_reverse;
BIGNUM mod, exp, x, y;
input_reverse = (BYTE*) malloc(2 * key_length + exponent_size);
modulus_reverse = input_reverse + key_length;
exponent_reverse = modulus_reverse + key_length;
memcpy(modulus_reverse, modulus, key_length);
crypto_reverse(modulus_reverse, key_length);
memcpy(exponent_reverse, exponent, exponent_size);
crypto_reverse(exponent_reverse, exponent_size);
memcpy(input_reverse, input, length);
crypto_reverse(input_reverse, length);
ctx = BN_CTX_new();
BN_init(&mod);
BN_init(&exp);
BN_init(&x);
BN_init(&y);
BN_bin2bn(modulus_reverse, key_length, &mod);
BN_bin2bn(exponent_reverse, exponent_size, &exp);
BN_bin2bn(input_reverse, length, &x);
BN_mod_exp(&y, &x, &exp, &mod, ctx);
output_length = BN_bn2bin(&y, output);
crypto_reverse(output, output_length);
if (output_length < (int) key_length)
memset(output + output_length, 0, key_length - output_length);
BN_free(&y);
BN_clear_free(&x);
BN_free(&exp);
BN_free(&mod);
BN_CTX_free(ctx);
free(input_reverse);
return output_length;
}
EC_GROUP *EC_GROUP_new(const EC_METHOD *meth)
{
EC_GROUP *ret;
if (meth == NULL)
{
ECerr(EC_F_EC_GROUP_NEW, EC_R_SLOT_FULL);
return NULL;
}
if (meth->group_init == 0)
{
ECerr(EC_F_EC_GROUP_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return NULL;
}
ret = clBnAlloc( "EC_GROUP_new",sizeof *ret); /* pcg */
if (ret == NULL)
{
ECerr(EC_F_EC_GROUP_NEW, ERR_R_MALLOC_FAILURE);
return NULL;
}
memset( ret, 0, sizeof( EC_GROUP ) ); /* pcg */
ret->meth = meth;
ret->extra_data = NULL;
ret->generator = NULL;
BN_init(&ret->order);
BN_init(&ret->cofactor);
ret->curve_name = 0;
ret->asn1_flag = 0;
ret->asn1_form = POINT_CONVERSION_UNCOMPRESSED;
ret->seed = NULL;
ret->seed_len = 0;
if (!meth->group_init(ret))
{
OPENSSL_free(ret);
return NULL;
}
return ret;
}
/**
* Create shares depending on the provided parameters
*
* @param s Secret value to share
* @param t Threshold needed to reconstruct the secret
* @param n Total number of shares
* @param prime Prime for finite field arithmetic
* @param shares Pointer for storage of calculated shares (must be big enough to hold n shares)
*/
static int createShares(const BIGNUM *s, const unsigned char t, const unsigned char n, const BIGNUM prime, secret_share_t *shares) {
// Array representing the polynomial a(x) = s + a_1 * x + ... + a_n-1 * x^n-1 mod p
BIGNUM **polynomial = malloc(n * sizeof(BIGNUM *));
BIGNUM **pp;
unsigned long i;
secret_share_t *sp;
// Set the secret value as the constant part of the polynomial
pp = polynomial;
*pp = BN_new();
BN_init(*pp);
BN_copy(*pp, s);
pp++;
// Initialize and generate some random values for coefficients a_x in the remaining polynomial
for (i = 1; i < t; i++) {
*pp = BN_new();
BN_init(*pp);
BN_rand_range(*pp, &prime);
pp++;
}
sp = shares;
// Now calculate n secret shares
for (i = 1; i <= n; i++) {
BN_init(&(sp->x));
BN_init(&(sp->y));
BN_set_word(&(sp->x), i);
calculatePolynomialValue(sp->x, polynomial, t, prime, &(sp->y));
sp++;
}
// Deallocate the resource of the polynomial
pp = polynomial;
for (i = 0; i < t; i++) {
BN_clear_free(*pp);
pp++;
}
free(polynomial);
return 0;
}
/**
* Helper method to calculate the y-value
* for a given x-value and a polynomial
*
* @param x X-value
* @param polynomial The underlying polynomial
* @param t Threshold (determines the degree of the polynomial)
* @param prime Prime for finite field arithmetic
* @param y Pointer for storage of calculated y-value
*/
static void calculatePolynomialValue(const BIGNUM x, BIGNUM **polynomial, const unsigned char t, const BIGNUM prime, BIGNUM *y) {
BIGNUM **pp;
BIGNUM temp;
BIGNUM exponent;
unsigned long exp;
BN_CTX *ctx;
// Create context for temporary variables of OpenSSL engine
ctx = BN_CTX_new();
BN_CTX_init(ctx);
BN_init(&temp);
BN_init(&exponent);
// Set y to ZERO
BN_zero(y);
/* Initialize the result using the secret value at position 0 of the polynomial */
pp = polynomial;
BN_copy(y, *pp);
pp++;
for (exp = 1; exp < t; exp++) {
BN_copy(&temp, &x);
BN_set_word(&exponent, exp);
// temp = x^exponent mod prime
BN_mod_exp(&temp, &x, &exponent, &prime, ctx);
// exponent = temp * a = a * x^exponent mod prime
BN_mod_mul(&exponent, &temp, *pp, &prime, ctx);
// add the temp value from exponent to y
BN_copy(&temp, y);
BN_mod_add(y, &temp, &exponent, &prime, ctx);
pp++;
}
BN_clear_free(&temp);
BN_clear_free(&exponent);
BN_CTX_free(ctx);
}
int VN_BN_lcm( BIGNUM * zr,const BIGNUM * za,const BIGNUM * zb,BN_CTX * ctx )
{
BIGNUM gcd, n;
BN_init( &gcd );
BN_init( &n );
BN_mul( &n, za, zb, ctx );
BN_gcd( &gcd, za, zb, ctx );
BN_div( zr, NULL, &n, &gcd, ctx );
BN_free( &gcd );
BN_free( &n );
return 0;
}
void crypto_rsa_encrypt(uint8* input, int length, uint32 key_length, uint8* modulus, uint8* exponent, uint8* output)
{
BN_CTX* ctx;
int output_length;
uint8* input_reverse;
uint8* modulus_reverse;
uint8* exponent_reverse;
BIGNUM mod, exp, x, y;
input_reverse = (uint8*) xmalloc(2 * MODULUS_MAX_SIZE + EXPONENT_MAX_SIZE);
modulus_reverse = input_reverse + MODULUS_MAX_SIZE;
exponent_reverse = modulus_reverse + MODULUS_MAX_SIZE;
memcpy(modulus_reverse, modulus, key_length);
crypto_reverse(modulus_reverse, key_length);
memcpy(exponent_reverse, exponent, EXPONENT_MAX_SIZE);
crypto_reverse(exponent_reverse, EXPONENT_MAX_SIZE);
memcpy(input_reverse, input, length);
crypto_reverse(input_reverse, length);
ctx = BN_CTX_new();
BN_init(&mod);
BN_init(&exp);
BN_init(&x);
BN_init(&y);
BN_bin2bn(modulus_reverse, key_length, &mod);
BN_bin2bn(exponent_reverse, EXPONENT_MAX_SIZE, &exp);
BN_bin2bn(input_reverse, length, &x);
BN_mod_exp(&y, &x, &exp, &mod, ctx);
output_length = BN_bn2bin(&y, output);
crypto_reverse(output, output_length);
if (output_length < (int) key_length)
memset(output + output_length, 0, key_length - output_length);
BN_free(&y);
BN_clear_free(&x);
BN_free(&exp);
BN_free(&mod);
BN_CTX_free(ctx);
xfree(input_reverse);
}
void VN_BN_gcdext( const BIGNUM * za, const BIGNUM * zb,
BIGNUM * zx, BIGNUM * zy, BIGNUM * gcd, BN_CTX * ctx )
{
BIGNUM zs, old_s, zt, old_t, zr, old_r, quot, tmp;
BN_init( &zs );
BN_init( &old_s );
BN_init( &zt );
BN_init( &old_t );
BN_init( &zr );
BN_init( &old_r );
BN_init( " );
BN_init( &tmp );
BN_set_word( &zs, 0 );
BN_set_word( &old_s, 1 );
BN_set_word( &zt, 1 );
BN_set_word( &old_t, 0 );
BN_copy( &zr, zb );
BN_copy( &old_r, za );
while( ! BN_is_zero( &zr ) )
{
BN_div( ", &tmp, &old_r, &zr, ctx );
BN_mul( &tmp, ", &zr, ctx );
BN_sub( &tmp, &old_r, &tmp );
BN_copy( &old_r, &zr );
BN_copy( &zr, &tmp );
BN_mul( &tmp, ", &zs, ctx );
BN_sub( &tmp, &old_s, &tmp );
BN_copy( &old_s, &zs );
BN_copy( &zs, &tmp );
BN_mul( &tmp, ", &zt, ctx );
BN_sub( &tmp, &old_t, &tmp );
BN_copy( &old_t, &zt );
BN_copy( &zt, &tmp );
}
BN_copy( zx, &old_s );
BN_copy( zy, &old_t );
BN_copy( gcd, &old_r );
BN_free( &zs );
BN_free( &old_s );
BN_free( &zt );
BN_free( &old_t );
BN_free( &zr );
BN_free( &old_r );
BN_free( " );
BN_free( &tmp );
}
bool key_from_base58(secp256k1_context *secpctx,
const char *base58, size_t base58_len,
bool *test_net, struct privkey *priv, struct pubkey *key)
{
u8 keybuf[1 + 32 + 1 + 4];
u8 csum[4];
BIGNUM bn;
bool compressed;
size_t keylen;
BN_init(&bn);
if (!raw_decode_base58(&bn, base58, base58_len))
return false;
keylen = BN_num_bytes(&bn);
if (keylen == 1 + 32 + 4)
compressed = false;
else if (keylen == 1 + 32 + 1 + 4)
compressed = true;
else
goto fail_free_bn;
BN_bn2bin(&bn, keybuf);
base58_get_checksum(csum, keybuf, keylen - sizeof(csum));
if (memcmp(csum, keybuf + keylen - sizeof(csum), sizeof(csum)) != 0)
goto fail_free_bn;
/* Byte after key should be 1 to represent a compressed key. */
if (compressed && keybuf[1 + 32] != 1)
goto fail_free_bn;
if (keybuf[0] == 128)
*test_net = false;
else if (keybuf[0] == 239)
*test_net = true;
else
goto fail_free_bn;
/* Copy out secret. */
memcpy(priv->secret, keybuf + 1, sizeof(priv->secret));
if (!secp256k1_ec_seckey_verify(secpctx, priv->secret))
goto fail_free_bn;
/* Get public key, too, since we know if it's compressed. */
if (!pubkey_from_privkey(secpctx, priv, key,
compressed ? SECP256K1_EC_COMPRESSED : 0))
goto fail_free_bn;
BN_free(&bn);
return true;
fail_free_bn:
BN_free(&bn);
return false;
}
void CECKey::SetSecretBytes(const unsigned char vch[32]) {
bool ret;
BIGNUM bn;
BN_init(&bn);
ret = BN_bin2bn(vch, 32, &bn) != NULL;
assert(ret);
ret = EC_KEY_regenerate_key(pkey, &bn) != 0;
assert(ret);
BN_clear_free(&bn);
}
static bool bp_block_valid_target(struct bp_block *block)
{
BIGNUM target, sha256;
BN_init(&target);
BN_init(&sha256);
u256_from_compact(&target, block->nBits);
bu256_bn(&sha256, &block->sha256);
int cmp = BN_cmp(&sha256, &target);
BN_clear_free(&target);
BN_clear_free(&sha256);
if (cmp > 0) /* sha256 > target */
return false;
return true;
}
int test_add(BIO *bp)
{
BIGNUM a,b,c;
int i;
BN_init(&a);
BN_init(&b);
BN_init(&c);
BN_bntest_rand(&a,512,0,0);
for (i=0; i<num0; i++)
{
BN_bntest_rand(&b,450+i,0,0);
a.neg=rand_neg();
b.neg=rand_neg();
BN_add(&c,&a,&b);
if (bp != NULL)
{
if (!results)
{
BN_print(bp,&a);
BIO_puts(bp," + ");
BN_print(bp,&b);
BIO_puts(bp," - ");
}
BN_print(bp,&c);
BIO_puts(bp,"\n");
}
a.neg=!a.neg;
b.neg=!b.neg;
BN_add(&c,&c,&b);
BN_add(&c,&c,&a);
if(!BN_is_zero(&c))
{
fprintf(stderr,"Add test failed!\n");
return 0;
}
}
BN_free(&a);
BN_free(&b);
BN_free(&c);
return(1);
}
/*
* Compute rmp=mp1+mp2.
*/
static void
_madd(const char *msg, const MINT *mp1, const MINT *mp2, MINT *rmp)
{
BIGNUM b;
BN_init(&b);
BN_ERRCHECK(msg, BN_add(&b, mp1->bn, mp2->bn));
_moveb(msg, &b, rmp);
BN_free(&b);
}
void BN_CTX_init(BN_CTX *ctx)
{
int i;
ctx->tos = 0;
ctx->flags = 0;
ctx->depth = 0;
ctx->too_many = 0;
for (i = 0; i < BN_CTX_NUM; i++)
BN_init(&(ctx->bn[i]));
}
int BN_cmp_word(const BIGNUM *a, BN_ULONG b) {
BIGNUM b_bn;
BN_init(&b_bn);
b_bn.d = &b;
b_bn.width = b > 0;
b_bn.dmax = 1;
b_bn.flags = BN_FLG_STATIC_DATA;
return BN_cmp(a, &b_bn);
}
static int
dsa_builtin_keygen(DSA *dsa)
{
int ok = 0;
BN_CTX *ctx = NULL;
BIGNUM *pub_key = NULL, *priv_key = NULL;
if ((ctx = BN_CTX_new()) == NULL)
goto err;
if (dsa->priv_key == NULL) {
if ((priv_key = BN_new()) == NULL)
goto err;
} else
priv_key=dsa->priv_key;
do {
if (!BN_rand_range(priv_key, dsa->q))
goto err;
} while (BN_is_zero(priv_key));
if (dsa->pub_key == NULL) {
if ((pub_key = BN_new()) == NULL)
goto err;
} else
pub_key=dsa->pub_key;
{
BIGNUM local_prk;
BIGNUM *prk;
if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
BN_init(&local_prk);
prk = &local_prk;
BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
} else
prk = priv_key;
if (!BN_mod_exp(pub_key, dsa->g, prk, dsa->p, ctx))
goto err;
}
dsa->priv_key = priv_key;
dsa->pub_key = pub_key;
ok = 1;
err:
if (pub_key != NULL && dsa->pub_key == NULL)
BN_free(pub_key);
if (priv_key != NULL && dsa->priv_key == NULL)
BN_free(priv_key);
if (ctx != NULL)
BN_CTX_free(ctx);
return ok;
}
int main(int argc, char ** argv) {
/* Generate 2 big random numbers (512 bits) */
primitive_p = initialize("1011011");
initialize_rand(SEED);
BIGNUM *p = get_long_prime_number(RSA_KEY_LENGTH);
printf("p=%s\n", BN_bn2hex(p));
BIGNUM *q = get_long_prime_number(RSA_KEY_LENGTH);
printf("q=%s\n", BN_bn2hex(q));
/* Compute phi = (p-1)*(q-1) and n = p*q */
BIGNUM *phi, *n;
BN_CTX *tmp;
tmp = BN_CTX_new();
n = BN_new();
phi = BN_new();
BN_copy(n, p);
BN_mul(n, n, q, tmp);
printf("n=%s\n", BN_bn2dec(n));
BN_sub_word(p, 1);
printf("p-1=%s\n", BN_bn2dec(p));
BN_sub_word(q, 1);
printf("q-1=%s\n", BN_bn2dec(q));
phi = BN_new();
BN_init(tmp);
BN_mul(phi, p, q, tmp);
printf("(p-1)(q-1)=%s\n", BN_bn2dec(phi));
/* Find the smallest integer coprime with phi */
BIGNUM * e = BN_new();
BIGNUM *gcd = BN_new();
BN_add_word(e, 3);
for ( ; ; BN_add_word(e, 2)) {
tmp = BN_CTX_new();
BN_gcd(gcd, e, phi, tmp);
if (BN_is_one(gcd))
break;
}
printf("e=%s\n", BN_bn2dec(e));
/* Find d, the inverse of e in Z_phi */
BIGNUM * d = BN_new();
BIGNUM * i = BN_new();
BIGNUM * rem = BN_new();
BIGNUM * prod = BN_new();
BN_add_word(i, 1);
for ( ; ; BN_add_word(i, 1)) {
BN_copy(prod, phi);
tmp = BN_CTX_new();
BN_mul(prod, prod, i, tmp);
BN_add_word(prod, 1);
BN_div(d, rem, prod, e, tmp);
if (BN_is_zero(rem)) {
break;
}
}
printf("d=%s\n", BN_bn2dec(d));
return 0;
}
void
crypto_rsa_encrypt(int len, uint8 * in, uint8 * out, uint32 modulus_size, uint8 * modulus, uint8 * exponent)
{
#ifdef CRYPTO_OPENSSL
BN_CTX *ctx;
BIGNUM mod, exp, x, y;
uint8 inr[SEC_MAX_MODULUS_SIZE];
int outlen;
reverse(modulus, modulus_size);
reverse(exponent, SEC_EXPONENT_SIZE);
memcpy(inr, in, len);
reverse(inr, len);
ctx = BN_CTX_new();
BN_init(&mod);
BN_init(&exp);
BN_init(&x);
BN_init(&y);
BN_bin2bn(modulus, modulus_size, &mod);
BN_bin2bn(exponent, SEC_EXPONENT_SIZE, &exp);
BN_bin2bn(inr, len, &x);
BN_mod_exp(&y, &x, &exp, &mod, ctx);
outlen = BN_bn2bin(&y, out);
reverse(out, outlen);
if (outlen < (int) modulus_size)
memset(out + outlen, 0, modulus_size - outlen);
BN_free(&y);
BN_clear_free(&x);
BN_free(&exp);
BN_free(&mod);
BN_CTX_free(ctx);
#else /* built-in crypto */
ssl_rsa_encrypt(out, in, len, modulus_size, modulus, exponent);
#endif
}
static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len,
DSA_SIG *sig, DSA *dsa)
{
int v_len, d_len;
int to_return = 0;
int fd;
BIGNUM v, *pv = &v;
BN_init(&v);
if(!bn_wexpand(pv, dsa->p->top)) {
UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY, UBSEC_R_BN_EXPAND_FAIL);
goto err;
}
v_len = BN_num_bits(dsa->p);
d_len = p_UBSEC_ubsec_bytes_to_bits((unsigned char *)dgst, dgst_len);
if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
const DSA_METHOD *meth;
fd = 0;
UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY, UBSEC_R_UNIT_FAILURE);
meth = DSA_OpenSSL();
to_return = meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
goto err;
}
if (p_UBSEC_dsa_verify_ioctl(fd, 0, /* compute hash before signing */
(unsigned char *)dgst, d_len,
(unsigned char *)dsa->p->d, BN_num_bits(dsa->p),
(unsigned char *)dsa->q->d, BN_num_bits(dsa->q),
(unsigned char *)dsa->g->d, BN_num_bits(dsa->g),
(unsigned char *)dsa->pub_key->d, BN_num_bits(dsa->pub_key),
(unsigned char *)sig->r->d, BN_num_bits(sig->r),
(unsigned char *)sig->s->d, BN_num_bits(sig->s),
(unsigned char *)v.d, &v_len) != 0) {
const DSA_METHOD *meth;
UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY, UBSEC_R_REQUEST_FAILED);
p_UBSEC_ubsec_close(fd);
meth = DSA_OpenSSL();
to_return = meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
goto err;
}
p_UBSEC_ubsec_close(fd);
to_return = 1;
err:
BN_clear_free(&v);
return to_return;
}
int test_sqr(BIO *bp, BN_CTX *ctx)
{
BIGNUM a,c,d,e;
int i;
BN_init(&a);
BN_init(&c);
BN_init(&d);
BN_init(&e);
for (i=0; i<num0; i++)
{
BN_bntest_rand(&a,40+i*10,0,0);
a.neg=rand_neg();
BN_sqr(&c,&a,ctx);
if (bp != NULL)
{
if (!results)
{
BN_print(bp,&a);
BIO_puts(bp," * ");
BN_print(bp,&a);
BIO_puts(bp," - ");
}
BN_print(bp,&c);
BIO_puts(bp,"\n");
}
BN_div(&d,&e,&c,&a,ctx);
BN_sub(&d,&d,&a);
if(!BN_is_zero(&d) || !BN_is_zero(&e))
{
fprintf(stderr,"Square test failed!\n");
return 0;
}
}
BN_free(&a);
BN_free(&c);
BN_free(&d);
BN_free(&e);
return(1);
}
int main()
{
BIGNUM *x, *y, *exp, *m;
BIGNUM t;
COMPLEX a, b, r;
BN_init( &t );
x = BN_new();
y = BN_new();
exp = BN_new();
m = BN_new();
COMP_init( &a );
COMP_init( &b );
COMP_init( &r );
if ( Context == NULL )
Context = BN_CTX_new();
if(!BN_set_word(m, 43l))
goto err;
BN_set_word(x, 38l);
BN_set_word(y, 13l);
BN_set_word(exp, 168l);
BN_copy( &t ,m );
if (!COMP_set(&a, x, y, m))
goto err;
if (!COMP_pow(&r, &a, exp, m))
goto err;
BN_free( &t );
BN_free( x );
BN_free( y );
BN_free( exp );
BN_free( m );
COMP_free( &a );
COMP_free( &b );
COMP_free( &r );
return 0;
err:
BN_free( &t );
BN_free( x );
BN_free( y );
BN_free( exp );
BN_free( m );
COMP_free( &a );
COMP_free( &b );
COMP_free( &r );
return 0;
}
void VN_BN_bin2hex( const unsigned char * bin, int length, struct vn_iovec * hex )
{
BIGNUM tmp;
BN_init( &tmp );
BN_bin2bn( bin, length, &tmp );
VN_BN_dump_hex( &tmp, hex );
BN_free( &tmp );
}
EC_POINT *GFp_suite_b_make_point(const EC_GROUP *group,
const uint8_t *peer_public_key_x,
size_t peer_public_key_x_len,
const uint8_t *peer_public_key_y,
size_t peer_public_key_y_len) {
BIGNUM x;
BN_init(&x);
BIGNUM y;
BN_init(&y);
int ok = 0;
EC_POINT *result = EC_POINT_new(group);
if (result == NULL) {
goto err;
}
/* |ec_GFp_simple_point_set_affine_coordinates| verifies that (x, y) is on
* the curve and that each coordinate is a valid field element (i.e.
* non-negative and less than `q`). The point cannot be the point at infinity
* because it was given as affine coordinates. */
if (BN_bin2bn(peer_public_key_x, peer_public_key_x_len, &x) == NULL ||
BN_bin2bn(peer_public_key_y, peer_public_key_y_len, &y) == NULL ||
!ec_GFp_simple_point_set_affine_coordinates(group, result, &x, &y,
NULL)) {
goto err;
}
ok = 1;
err:
BN_free(&x);
BN_free(&y);
if (!ok) {
EC_POINT_free(result);
result = NULL;
}
return result;
}
/* signing */
static int RSA_eay_private_encrypt(int flen, unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
const RSA_METHOD *meth;
BIGNUM f,ret;
int i,j,k,num=0,r= -1;
unsigned char *buf=NULL;
BN_CTX *ctx=NULL;
int local_blinding = 0;
BN_BLINDING *blinding = NULL;
meth = rsa->meth;
BN_init(&f);
BN_init(&ret);
if ((ctx=BN_CTX_new()) == NULL) goto err;
num=BN_num_bytes(rsa->n);
if ((buf=(unsigned char *)rtlglue_malloc(num)) == NULL)
goto err;
switch (padding)
{
case RSA_PKCS1_PADDING:
i=RSA_padding_add_PKCS1_type_1(buf,num,from,flen);
break;
case RSA_NO_PADDING:
i=RSA_padding_add_none(buf,num,from,flen);
break;
case RSA_SSLV23_PADDING:
default:
goto err;
}
if (i <= 0) goto err;
if (BN_bin2bn(buf,num,&f) == NULL) goto err;
if (BN_ucmp(&f, rsa->n) >= 0)
goto err;
BLINDING_HELPER(rsa, ctx, goto err;);
double
vg_prefix_get_difficulty(int addrtype, const char *pattern)
{
BN_CTX *bnctx;
BIGNUM result, bntmp;
BIGNUM *ranges[4];
char *dbuf;
int ret;
double diffret = 0.0;
bnctx = BN_CTX_new();
BN_init(&result);
BN_init(&bntmp);
ret = get_prefix_ranges(addrtype,
pattern, ranges, bnctx);
if (ret == 0) {
BN_sub(&bntmp, ranges[1], ranges[0]);
BN_add(&result, &result, &bntmp);
if (ranges[2]) {
BN_sub(&bntmp, ranges[3], ranges[2]);
BN_add(&result, &result, &bntmp);
}
free_ranges(ranges);
BN_clear(&bntmp);
BN_set_bit(&bntmp, 192);
BN_div(&result, NULL, &bntmp, &result, bnctx);
dbuf = BN_bn2dec(&result);
diffret = strtod(dbuf, NULL);
OPENSSL_free(dbuf);
}
BN_clear_free(&result);
BN_clear_free(&bntmp);
BN_CTX_free(bnctx);
return diffret;
}
int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
{
BIGNUM Ri,*R;
BN_init(&Ri);
R= &(mont->RR); /* grab RR as a temp */
BN_copy(&(mont->N),mod); /* Set N */
{
BIGNUM tmod;
BN_ULONG buf[2];
mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;
if (!(BN_zero(R))) goto err;
if (!(BN_set_bit(R,BN_BITS2))) goto err; /* R */
buf[0]=mod->d[0]; /* tmod = N mod word size */
buf[1]=0;
tmod.d=buf;
tmod.top=1;
tmod.dmax=2;
tmod.neg=mod->neg;
/* Ri = R^-1 mod N*/
if ((BN_mod_inverse(&Ri,R,&tmod,ctx)) == NULL)
goto err;
/* R*Ri */
if (!(BN_lshift(&Ri,&Ri,BN_BITS2))) goto err;
if (!BN_is_zero(&Ri))
{
if (!BN_sub_word(&Ri,1)) goto err;
}
else /* if N mod word size == 1 */
/* Ri-- (mod word size) */
{
if (!BN_set_word(&Ri,BN_MASK2)) goto err;
}
/* Ni = (R*Ri-1)/N, keep only least significant word: */
if (!(BN_div(&Ri,NULL,&Ri,&tmod,ctx))) goto err;
mont->n0=Ri.d[0];
BN_free(&Ri);
}
/* setup RR for conversions */
if (!(BN_zero(&(mont->RR)))) goto err;
if (!(BN_set_bit(&(mont->RR),mont->ri*2))) goto err;
if (!(BN_mod(&(mont->RR),&(mont->RR),&(mont->N),ctx))) goto err;
return(1);
err:
return(0);
}
