int find_numbers(uint8_t *data, size_t len, size_t bits, uint8_t align, uint8_t endian_flags)
{
/* Temporary storage for bignum */
mpz_t n;
size_t i;
mpz_init(n);
for (i = 0; i <= (len-bits/8); i+= align) {
/* use mpz_import to convert from raw data :
* (mpz_t rop, size_t count, int order, int size, int endian,
* size_t nails, const void *op)
*/
/* Big endian : len bytes, MSB first */
mpz_import(n, bits/8, 1, 1, 1, 0, data+i);
number_checks(n, bits, i);
/* Little endian : len bytes, MSB first */
mpz_import(n, bits/8, -1, 1, 1, 0, data+i);
number_checks(n, bits, i);
}
mpz_clear(n);
return 0;
}
/* Binary segmentation, using import/export method for processing p.
* Thanks to Dan Bernstein's 2007 Quartic paper.
*/
void poly_mod_mul(mpz_t* px, mpz_t* py, UV r, mpz_t mod, mpz_t p, mpz_t p2, mpz_t t)
{
UV i, bytes;
char* s;
mpz_mul(t, mod, mod);
mpz_mul_ui(t, t, r);
bytes = mpz_sizeinbase(t, 256);
mpz_set_ui(p, 0);
mpz_set_ui(p2, 0);
/* 1. Create big integers from px and py with padding. */
{
Newz(0, s, r*bytes, char);
for (i = 0; i < r; i++)
mpz_export(s + i*bytes, NULL, -1, 1, 0, 0, px[i]);
mpz_import(p, r*bytes, -1, 1, 0, 0, s);
Safefree(s);
}
if (px != py) {
Newz(0, s, r*bytes, char);
for (i = 0; i < r; i++)
mpz_export(s + i*bytes, NULL, -1, 1, 0, 0, py[i]);
mpz_import(p2, r*bytes, -1, 1, 0, 0, s);
Safefree(s);
}
SCM
SCM_FROM_TYPE_PROTO (TYPE val)
{
#if SIZEOF_TYPE != 0 && SIZEOF_TYPE < SIZEOF_SCM_T_BITS
return SCM_I_MAKINUM (val);
#else
if (SCM_FIXABLE (val))
return SCM_I_MAKINUM (val);
else if (val >= LONG_MIN && val <= LONG_MAX)
return scm_i_long2big (val);
else
{
SCM z = make_bignum ();
mpz_init (SCM_I_BIG_MPZ (z));
if (val < 0)
{
val = -val;
mpz_import (SCM_I_BIG_MPZ (z), 1, 1, sizeof (TYPE), 0, 0,
&val);
mpz_neg (SCM_I_BIG_MPZ (z), SCM_I_BIG_MPZ (z));
}
else
mpz_import (SCM_I_BIG_MPZ (z), 1, 1, sizeof (TYPE), 0, 0,
&val);
return z;
}
#endif
}
pubkey_t rsa_parse_key (uchar* mod, int mlen, uchar* pE, int plen) {
pubkey_t key;
mpz_init(key.modulus);
mpz_init(key.pE);
mpz_import(key.modulus, mlen, 1, sizeof(uchar), 1, 0, mod);
mpz_import(key.pE, plen, 1, sizeof(uchar), 1, 0, pE);
key.size = mlen;
return key;
}
int srp_check_signature(guint32 address, const gchar *signature_raw)
{
gchar *result_raw;
gchar check[32];
mpz_t result;
mpz_t modulus;
mpz_t signature;
size_t size, alloc_size;
int cmp_result;
/* build the "check" array */
memcpy(check, &address, 4);
memset(check + 4, 0xBB, 28);
/* initialize the modulus */
mpz_init2(modulus, 1024);
mpz_import(modulus, 128, -1, 1, 0, 0, srp_sig_n);
/* initialize the server signature */
mpz_init2(signature, 1024);
mpz_import(signature, 128, -1, 1, 0, 0, signature_raw);
/* initialize the result */
mpz_init2(result, 1024);
/* calculate the result */
mpz_powm_ui(result, signature, SRP_SIGNATURE_KEY, modulus);
/* clear (free) the intermediates */
mpz_clear(signature);
mpz_clear(modulus);
/* allocate space for raw signature */
alloc_size = mpz_size(result) * sizeof(mp_limb_t);
result_raw = (gchar *) g_malloc(alloc_size);
if (!result_raw) {
mpz_clear(result);
return 0;
}
/* get a byte array of the signature */
mpz_export(result_raw, &size, -1, 1, 0, 0, result);
/* clear (free) the result */
mpz_clear(result);
/* check the result */
cmp_result = (memcmp(result_raw, check, 32) == 0);
/* free the result_raw buffer */
g_free(result_raw);
/* return */
return cmp_result;
}
static int
ecdsa_verify(unsigned char signature[96], const unsigned char digest[48], const unsigned char pkey[96]){
unsigned char u1buf[48];
unsigned char u2buf[48];
unsigned char point[96];
mpz_t order;
mpz_t s;
mpz_t r;
mpz_t z;
mpz_t u1;
mpz_t u2;
mpz_t w;
int ret;
mpz_init(order);
mpz_init(s);
mpz_init(r);
mpz_init(z);
mpz_init(u1);
mpz_init(u2);
mpz_init(w);
mpz_set_str(order, "39402006196394479212279040100143613805079739270465446667946905279627659399113263569398956308152294913554433653942643", 10);
mpz_import(r, 48, -1, 1, 1, 0, signature);
mpz_import(s, 48, -1, 1, 1, 0, signature+48);
mpz_import(z, 48, -1, 1, 1, 0, digest);
mpz_invert(w, s, order);
mpz_mul(u2, r, w);
mpz_mul(u1, z, w);
mpz_mod(u2, u2, order);
mpz_mod(u1, u1, order);
for(int i=0; i<48; i++){
u1buf[i]=0;
u2buf[i]=0;
}
mpz_export(u1buf, NULL, -1, 1, 1, 0, u1);
mpz_export(u2buf, NULL, -1, 1, 1, 0, u2);
p384_32_double_scalarmult_base(point, pkey, u1buf, u2buf);
mpz_import(u1, 48, 1, 1, 1, 0, point);
mpz_sub(s, r, u1);
mpz_mod(s, s, order);
if(mpz_sgn(s)==0){
ret=1;
} else {
ret=0;
}
mpz_clear(order);
mpz_clear(s);
mpz_clear(r);
mpz_clear(z);
mpz_clear(u1);
mpz_clear(u2);
mpz_clear(w);
return ret;
}
mpz_class silvia_rng::get_random(size_t n)
{
// If n is a multiple of 8, use the simple way
if (n % 8 == 0)
{
std::vector<unsigned char> rand_val;
rand_val.resize(n/8);
// FIXME: we should really check the return value of
// RAND_bytes as failure indicates a lack of proper
// entropy
RAND_bytes(&rand_val[0], n / 8);
// Now convert it to MPZ
mpz_class rand;
mpz_import(_Z(rand), n / 8, 1, sizeof(unsigned char), 0, 0, &rand_val[0]);
return rand;
}
else
{
size_t num_bytes = (n / 8) + 1;
// Compute the mask
size_t mask_bits = n % 8;
unsigned char mask = 0;
while (mask_bits--)
{
mask = mask << 1;
mask = mask + 0x01;
}
std::vector<unsigned char> rand_val;
rand_val.resize(num_bytes);
// FIXME: we should really check the return value of
// RAND_bytes as failure indicates a lack of proper
// entropy
RAND_bytes(&rand_val[0], num_bytes);
rand_val[0] &= mask;
// Now convert it to MPZ
mpz_class rand;
mpz_import(_Z(rand), num_bytes, 1, sizeof(unsigned char), 0, 0, &rand_val[0]);
return rand;
}
}
// Input: MyPrivKey = Your private key
// HisPubKey = Someones public key
// Output: MyPrivKey has been destroyed for security reasons
// HisPubKey = the secret key
int DH1080_comp(char *MyPrivKey, char *HisPubKey)
{
//int i=0;
int iRet;
unsigned char SHA256digest[35], base64_tmp[160];
mpz_t b_myPrivkey, b_HisPubkey, b_theKey;
size_t len;
// Verify base64 strings
if((strspn(MyPrivKey, B64ABC) != strlen(MyPrivKey)) || (strspn(HisPubKey, B64ABC) != strlen(HisPubKey)))
{
memset(MyPrivKey, 0x20, strlen(MyPrivKey));
memset(HisPubKey, 0x20, strlen(HisPubKey));
return 0;
}
mpz_init(b_HisPubkey);
mpz_init(b_theKey);
len=b64toh(HisPubKey, (char *)base64_tmp);
mpz_import(b_HisPubkey, len, 1, 1, 0, 0, base64_tmp);
if(DH_verifyPubKey(b_HisPubkey))
{
mpz_init(b_myPrivkey);
len=b64toh(MyPrivKey, (char *)base64_tmp);
mpz_import(b_myPrivkey, len, 1, 1, 0, 0, base64_tmp);
memset(MyPrivKey, 0x20, strlen(MyPrivKey));
mpz_powm(b_theKey, b_HisPubkey, b_myPrivkey, b_prime1080);
mpz_clear(b_myPrivkey);
mpz_export(base64_tmp, &len, 1, 1, 0, 0, b_theKey);
SHA256_memory((char *)base64_tmp, len, (char *)SHA256digest);
htob64((char *)SHA256digest, HisPubKey, 32);
iRet=1;
}
else iRet=0;
ZeroMemory(base64_tmp, sizeof(base64_tmp));
ZeroMemory(SHA256digest, sizeof(SHA256digest));
mpz_clear(b_theKey);
mpz_clear(b_HisPubkey);
return iRet;
}
list_t *
entry (char *host, int sock, int flags)
{
list_t *p = xmalloc (sizeof *p);
p->host = xstrdup (host);
#if WITH_SSL
p->ssl = flags & 1 ? SSL_new (client) : SSL_new (server);
SSL_set_fd (p->ssl, sock);
#else
p->sock = sock;
gc_cipher_open (GC_AES256, GC_STREAM, &p->cipher);
mpz_t my_num;
mpz_init (my_num);
char *key = xcalloc (len, sizeof *key);
pthread_cleanup_push (free, key);
gc_random (key, len);
mpz_import (my_num, len, 1, 1, 1, 0, key);
mpz_t sent;
mpz_init_set (sent, base);
mpz_powm (sent, sent, my_num, prime);
char *buff = xcalloc (len, sizeof *buff);
pthread_cleanup_push (free, buff);
mpz_export (buff, NULL, 1, 1, 1, 0, sent);
if (send (sock, buff, len, 0) < 0)
error (1, errno, "Failed to perform handshake");
if (recv (sock, buff, len, 0) < 0)
error (1, errno, "Failed to perform handshake");
mpz_import (sent, len, 1, 1, 1, 0, buff);
pthread_cleanup_pop (1);
mpz_powm (sent, sent, my_num, prime);
mpz_export (key, NULL, 1, 1, 1, 0, sent);
gc_cipher_setkey (p->cipher, len, key);
pthread_cleanup_pop (1);
#endif /* WITH_SSL */
return p;
}
void hcrypt_random(mpz_t tmp)
{
FILE *fp;
fp = fopen("/dev/urandom", "rb");
int len = 9;
if (fp) {
unsigned char *bytes;
bytes = (unsigned char *) malloc (len * sizeof(unsigned char));
if (fread(bytes, sizeof(unsigned char), len, fp)) {
mpz_import(tmp, len, 1, sizeof(unsigned char), 0, 0, bytes);
}
else {
printf("file read error\n");
}
fclose(fp);
free(bytes);
}
else {
printf("random number generation error\n");
}
}
void SRPGlobalInit() {
mpz_init2(N, 256);
mpz_import(N, 32, -1, sizeof(modulus[0]), 0, 0, modulus);
gmp_randinit_default(gmprand);
gmp_randseed_ui(gmprand, RandomGenSecure());
}
int chv_dec_mpz(chv_t * chv, mpz_t a, int little_endian_flag)
{
int ret = 0;
size_t count;
chv_dec_sizebe(chv, &count); /* decode size in bytes */
if (count) {
const int order = 1; // 1:most sign. word first, -1:least sign. word first
const int size = 4; /* word size */
const int endian = 1; // 1:BIG_ENDIAN, -1:LITTLE_ENDIAN, 0:NATIVE_ENDIAN
const size_t nails = 0; // number of unused MSBs in each word
const size_t len = count * size;
if (chv_get_size(chv) >= len) {
mpz_import(a, count, order, size, endian, nails, chv_get_buf(chv));
chv_drop(chv, len); /* drop the data */
ret = sizeof(uint64_t) + len;
} else {
PERR("Need %d bytes, but only have %d byte\n", len, chv_get_size(chv));
ret = -1;
}
} else {
PERR("Empty data\n");
ret = -1;
mpz_set_ui(a, 0); /* zero it */
}
return ret;
}
bool updateBlock(PrimecoinBlockHeader *header,
mpz_class &blockHeaderHash,
const PrimeSource &primeSource,
CPrimalityTestParams &testParams,
unsigned nonceIncrement)
{
uint8_t hash1[32];
uint8_t hashData[32];
while (header->nonce < 0xFFFF0000) {
header->nonce += nonceIncrement;
sha256(hash1, header, 80);
sha256(hashData, hash1, 32);
// sha256-hash must be greater than 2^255
if (!(hashData[31] & 0x80))
continue;
mpz_import(blockHeaderHash.get_mpz_t(),
32 / sizeof(unsigned long),
-1,
sizeof(unsigned long),
-1,
0,
hashData);
if (ProbablePrimalityTestWithTrialDivisionFast(blockHeaderHash, 1000, primeSource, testParams))
break;
}
return header->nonce < 0xFFFF0000;
}
void prime_field::init(seclvl sp, uint8_t* seed) {
mpz_t rnd_seed;
//TODO: change to inits if working correctly
mpz_init(p);
mpz_init(g);
mpz_init(q);
mpz_init(rnd_seed);
secparam = sp;
mpz_import(rnd_seed, secparam.symbits, 1, sizeof((seed)[0]), 0, 0, seed);
if (secparam.ifcbits == ST.ifcbits) {
mpz_set_str(p, ifcp1024, 16);
mpz_set_str(g, ifcg1024, 16);
mpz_set_str(q, ifcq1024, 16);
} else if (secparam.ifcbits == MT.ifcbits) {
mpz_set_str(p, ifcp2048, 16);
mpz_set_str(g, ifcg2048, 16);
mpz_set_str(q, ifcq2048, 16);
} else if (secparam.ifcbits == LT.ifcbits) {
mpz_set_str(p, ifcp3072, 10);
mpz_set_str(g, ifcg3072, 10);
mpz_set_str(q, ifcq3072, 10);
} else //Long term security
{
mpz_set_str(p, ifcp3072, 10);
mpz_set_str(g, ifcg3072, 10);
mpz_set_str(q, ifcq1024, 10);
}
gmp_randinit_default(rnd_state);
gmp_randseed(rnd_state, rnd_seed);
fe_bytelen = ceil_divide(secparam.ifcbits, 8);
}
static void srp_get_x(srp_t *srp, mpz_t x_c, const gchar *raw_salt)
{
gchar *userpass;
guint8 hash[SHA1_HASH_SIZE], final_hash[SHA1_HASH_SIZE];
sha1_context ctx;
ctx.version = SHA1_TYPE_NORMAL;
// build the string Username:Password
userpass = (gchar *) g_malloc(srp->username_len + srp->password_len + 2);
memcpy(userpass, srp->username_upper, srp->username_len);
userpass[srp->username_len] = ':';
memcpy(userpass + srp->username_len + 1, srp->password_upper, srp->password_len);
userpass[srp->username_len + srp->password_len + 1] = 0; // null-terminator
// get the SHA-1 hash of the string
sha1_reset(&ctx);
sha1_input(&ctx, (guint8 *) userpass,
(srp->username_len + srp->password_len + 1));
sha1_digest(&ctx, hash);
g_free(userpass);
// get the SHA-1 hash of the salt and user:pass hash
sha1_reset(&ctx);
sha1_input(&ctx, (guint8 *) raw_salt, 32);
sha1_input(&ctx, hash, 20);
sha1_digest(&ctx, final_hash);
// create an arbitrary-length integer from the hash and return it
mpz_init2(x_c, 160);
mpz_import(x_c, 20, -1, 1, 0, 0, (gchar *) final_hash);
}
static int zp_from_bytes(element_t e, unsigned char *data) {
mpz_ptr z = e->data;
int n;
n = e->field->fixed_length_in_bytes;
mpz_import(z, n, 1, 1, 1, 0, data);
return n;
}
extern "C" PyObject* _PyLong_FromByteArray(const unsigned char* bytes, size_t n, int little_endian,
int is_signed) noexcept {
if (n == 0)
return PyLong_FromLong(0);
if (!little_endian) {
// TODO: check if the behaviour of mpz_import is right when big endian is specified.
Py_FatalError("unimplemented");
return 0;
}
BoxedLong* rtn = new BoxedLong();
mpz_init(rtn->n);
mpz_import(rtn->n, 1, 1, n, little_endian ? -1 : 1, 0, &bytes[0]);
RELEASE_ASSERT(little_endian, "");
if (is_signed && bytes[n - 1] >= 0x80) { // todo add big endian support
mpz_t t;
mpz_init(t);
mpz_setbit(t, n * 8);
mpz_sub(rtn->n, rtn->n, t);
mpz_clear(t);
}
return rtn;
}
void bn254_fp6_from_oct(Element x, const unsigned char *os, const size_t size)
{
mpz_t quo, rem;
if (size < 190) {
fprintf(stderr, "error: please set up the enought buffer for element\n");
exit(300);
}
mpz_init(quo);
mpz_init(rem);
mpz_import(quo, size, 1, sizeof(*os), 1, 0, os);
mpz_tdiv_qr(quo, rem, quo, field(x)->base->base->order);
mpz_set(rep(rep0(rep0(x))), rem);
mpz_tdiv_qr(quo, rem, quo, field(x)->base->base->order);
mpz_set(rep(rep0(rep1(x))), rem);
mpz_tdiv_qr(quo, rem, quo, field(x)->base->base->order);
mpz_set(rep(rep0(rep2(x))), rem);
mpz_tdiv_qr(quo, rem, quo, field(x)->base->base->order);
mpz_set(rep(rep1(rep0(x))), rem);
mpz_tdiv_qr(quo, rem, quo, field(x)->base->base->order);
mpz_set(rep(rep1(rep1(x))), rem);
mpz_tdiv_qr(quo, rem, quo, field(x)->base->base->order);
mpz_set(rep(rep1(rep2(x))), rem);
mpz_clear(quo);
mpz_clear(rem);
}
bool RSA::encrypt(char* msg, int32_t size, const char* key)
{
mpz_t plain, c;
mpz_init2(plain, 1024);
mpz_init2(c, 1024);
mpz_t e;
mpz_init(e);
mpz_set_ui(e,65537);
mpz_t mod;
mpz_init2(mod, 1024);
mpz_set_str(mod, key, 10);
mpz_import(plain, 128, 1, 1, 0, 0, msg);
mpz_powm(c, plain, e, mod);
size_t count = (mpz_sizeinbase(c, 2) + 7)/8;
memset(msg, 0, 128 - count);
mpz_export(&msg[128 - count], NULL, 1, 1, 0, 0, c);
mpz_clear(c);
mpz_clear(plain);
mpz_clear(e);
mpz_clear(mod);
return true;
}
// Inversion is slower than in a naive Fp implementation because of an extra
// multiplication.
// Requires nonzero a.
static void fp_invert(element_ptr c, element_ptr a) {
eptr ad = (eptr)a->data;
eptr cd = (eptr)c->data;
fptr p = (fptr)a->field->data;
#ifdef _MSC_VER // for VC++ compatibility
mp_limb_t tmp[MAX_LIMBS];
#else
mp_limb_t tmp[p->limbs];
#endif
mpz_t z;
mpz_init(z);
// Copy the limbs into a regular mpz_t so we can invert using the standard
// mpz_invert().
mpz_import(z, p->limbs, -1, sizeof(mp_limb_t), 0, 0, ad->d);
mpz_invert(z, z, a->field->order);
set_limbs(tmp, z, p->limbs);
// Normalize.
mont_mul(cd->d, tmp, p->R3, p);
cd->flag = 2;
mpz_clear(z);
}
int VNRW_GMP_PubEncrypt( const VNAsymCryptCtx_t * ctx,
const unsigned char * plainText, int length,
struct vn_iovec * cipherText )
{
mpz_t zm;
const VNRW_GMP_Ctx_t * gmpCtx = VN_CONTAINER_OF( ctx, VNRW_GMP_Ctx_t, mCtx );
assert( VN_TYPE_VNRWSign_GMP == ctx->mType || VN_TYPE_VNRWEnc_GMP == ctx->mType );
mpz_init( zm );
mpz_import( zm, length, 1, 1, 0, 0, plainText );
if( ( mpz_sizeinbase( gmpCtx->mN, 2 ) - mpz_sizeinbase( zm, 2 ) ) < 4 )
{
mpz_clear( zm );
return VN_ERR_PLAINTEXT_TOO_LONG;
}
VNRW_GMP_E1( ctx, zm );
VNRW_GMP_E2( ctx, zm );
VN_GMP_dump_bin( zm, cipherText );
mpz_clear( zm );
return 0;
}
void nls_get_x(nls_t* nls, mpz_t x_c, const char* raw_salt) {
char* userpass;
uint8_t hash[20], final_hash[20];
SHA1Context shac;
// build the string Username:Password
userpass = (char*) malloc(nls->username_len + nls->password_len + 2);
memcpy(userpass, nls->username, nls->username_len);
userpass[nls->username_len] = ':';
memcpy(userpass + nls->username_len + 1, nls->password, nls->password_len);
userpass[nls->username_len + nls->password_len + 1] = 0; // null-terminator
// get the SHA-1 hash of the string
SHA1Reset(&shac);
SHA1Input(&shac, (uint8_t*) userpass,
(nls->username_len + nls->password_len + 1));
SHA1Result(&shac, hash);
free(userpass);
// get the SHA-1 hash of the salt and user:pass hash
SHA1Reset(&shac);
SHA1Input(&shac, (uint8_t*) raw_salt, 32);
SHA1Input(&shac, hash, 20);
SHA1Result(&shac, final_hash);
SHA1Reset(&shac);
// create an arbitrary-length integer from the hash and return it
mpz_init2(x_c, 160);
mpz_import(x_c, 20, -1, 1, 0, 0, (char*) final_hash);
}
/* read */
static int unsigned_read(void *a, unsigned char *b, unsigned long len)
{
LTC_ARGCHK(a != NULL);
LTC_ARGCHK(b != NULL);
mpz_import(a, len, 1, 1, 1, 0, b);
return CRYPT_OK;
}
//All our byte arrays are supposed to be little endian.
static void
ecdsa_sign(unsigned char signature[96], const unsigned char digest[48], const unsigned char keyb[48]){
unsigned char kbuf[96];
unsigned char kexp[48];
unsigned char point[96];
for(int i=0; i<48; i++){
kexp[i]=0;
}
mpz_t order;
mpz_t k;
mpz_t kinv;
mpz_t x; //x coordinate
mpz_t d; //digest
mpz_t key; //key
mpz_init(order);
mpz_init(k);
mpz_init(x);
mpz_init(d);
mpz_init(key);
mpz_init(kinv);
mpz_set_str(order, "39402006196394479212279040100143613805079739270465446667946905279627659399113263569398956308152294913554433653942643", 10);
randombytes(kbuf, 96);
mpz_import(k, 96, -1, 1, 1, 0, kbuf);
mpz_mod(k, k, order);
mpz_export(kexp, NULL, -1, 1, 1, 0, k);
p384_32_scalarmult_base(point, kexp);
mpz_import(x, 48, 1, 1, 1, 0, point);
mpz_mod(x, x, order);
mpz_import(d, 48, -1, 1, 1, 0, digest);
mpz_import(key, 48, -1, 1, 1, 0, keyb);
mpz_invert(kinv, k, order);
mpz_addmul(d, x, key);
mpz_mod(d, d, order);
mpz_mul(d, kinv, d);
mpz_mod(d, d, order);
for(int i=0; i<96; i++){
signature[i]=0;
}
mpz_export(signature, NULL, -1, 1, 1, 0, x);
mpz_export(signature+48, NULL, -1, 1, 1, 0, d);
mpz_clear(order);
mpz_clear(k);
mpz_clear(kinv);
mpz_clear(x);
mpz_clear(d);
mpz_clear(key);
}
int rsa_import_key(rsa_private_key_t *key, int endian,
uint8_t *n, size_t n_len, uint8_t *e, size_t e_len,
uint8_t *p, uint8_t *q)
{
mpz_t t1, t2, phi;
if (n == NULL || n_len == 0 || (p == NULL && q == NULL)) return -1;
/* init key */
key->size = n_len << 3;
if (e == NULL || e_len == 0) {
mpz_init_set_ui(key->e, 65537);
} else {
mpz_init2(key->e, (e_len << 3) + GMP_NUMB_BITS);
mpz_import(key->e, e_len, endian, 1, 0, 0, e);
}
mpz_init2(key->n, key->size + GMP_NUMB_BITS);
mpz_init2(key->p, key->size / 2 + GMP_NUMB_BITS);
mpz_init2(key->q, key->size / 2 + GMP_NUMB_BITS);
mpz_init2(key->d, key->size + GMP_NUMB_BITS);
mpz_init2(key->u, key->size / 2 + GMP_NUMB_BITS);
mpz_init2(t1, key->size / 2 + GMP_NUMB_BITS);
mpz_init2(t2, key->size / 2 + GMP_NUMB_BITS);
mpz_init2(phi, key->size + GMP_NUMB_BITS);
/* import values */
mpz_import(key->n, n_len, endian, 1, 0, 0, n);
if (p != NULL) mpz_import(key->p, n_len / 2, endian, 1, 0, 0, p);
if (q != NULL) mpz_import(key->q, n_len / 2, endian, 1, 0, 0, q);
if (p == NULL) mpz_tdiv_q(key->p, key->n, key->q);
if (q == NULL) mpz_tdiv_q(key->q, key->n, key->p);
/* p shall be smaller than q */
if (mpz_cmp(key->p, key->q) > 0) mpz_swap(key->p, key->q);
/* calculate missing values */
mpz_sub_ui(t1, key->p, 1);
mpz_sub_ui(t2, key->q, 1);
mpz_mul(phi, t1, t2);
mpz_invert(key->d, key->e, phi);
mpz_invert(key->u, key->p, key->q);
/* release helper variables */
mpz_clear(t1);
mpz_clear(t2);
mpz_clear(phi);
/* test key */
if (rsa_test_key(key) != 0) {
rsa_release_private_key(key);
return -1;
}
return 0;
}
int BnetSRP3::init( const char* username_, const char* password_, const byte * salt_ )
{
if(!srp3_inited)
{
gmp_randinit_default(rand);
gmp_randseed_ui(rand, (unsigned long)time(NULL));
mpz_init2(N, 256);
mpz_import(N, 32, -1, 1, 0, 0, SRP3_N);
mpz_init_set_ui(g, SRP3_g);
srp3_inited = true;
}
uint i;
const char* source;
if (!username_) {
return -1;
}
uint len = strlen(username_);
username.resize(len);
source = username_;
for(i = 0; i < len; ++ i)
{
username[i] = toupper(*(source++));
}
if (!((password_ == NULL) ^ (salt_ == NULL))) {
return -1;
}
if (password_!=NULL) {
len = strlen(password_);
password.resize(len);
source = password_;
for(i = 0; i < len; ++ i)
{
password[i] = toupper(*(source++));
}
mpz_init2(a, 256);
mpz_init(b);
mpz_urandomm(a, rand, N); /* generates the private key */
mpz_t s;
mpz_init2(s, 256);
mpz_urandomb(s, rand, 256);
mpz_export(raw_salt, NULL, 1, 4, -1, 0, s);
} else {
password = "";
mpz_init(a);
mpz_init2(b, 256);
mpz_urandomm(b, rand, N);
setSalt(salt_);
}
B_inited = false;
return 0;
}
static void fp_from_hash(element_ptr n, void *data, int len) {
mpz_t z;
mpz_init(z);
mpz_import(z, len, -1, 1, -1, 0, data);
fp_set_mpz(n, z);
mpz_clear(z);
}
void mp2gmp(z *src, mpz_t dest) {
mpz_import(dest, (size_t)(abs(src->size)), -1, sizeof(fp_digit),
0, (size_t)0, src->val);
if (src->size < 0)
mpz_neg(dest, dest);
}
int rsa_import_public_key(rsa_public_key_t *key, int endian,
uint8_t *n, size_t n_len, uint8_t *e, size_t e_len)
{
if (n == NULL || n_len == 0) return -1;
/* init key */
key->size = n_len << 3;
if (e == NULL || e_len == 0) {
mpz_init_set_ui(key->e, 65537);
} else {
mpz_init2(key->e, (e_len << 3) + GMP_NUMB_BITS);
mpz_import(key->e, e_len, endian, 1, 0, 0, e);
}
mpz_init2(key->n, key->size + GMP_NUMB_BITS);
/* import values */
mpz_import(key->n, n_len, endian, 1, 0, 0, n);
return 0;
}
static void get_random_mpz(mpz_t result, mpz_t low, mpz_t high) {
// In the comments below, let L be the length of the desired interval,
// i.e. |high - low|.
// To conserve memory, repurpose |high| to be a temporary.
mpz_sub(high, high, low);
if (mpz_sgn(high) <= 0)
fatal("upper bound must be strictly greater than lower bound");
// If L == 1, there's only one possible result, so return it.
mpz_sub_ui(high, high, 1);
if (mpz_sgn(high) == 0) {
mpz_set(result, low);
return;
}
// The system PRNG provides us with a source of of random *bits*, so we
// need to figure out the number of bits required to represent L.
size_t num_bits = mpz_sizeinbase(high, 2);
size_t num_bytes = 1 + (num_bits - 1) / CHAR_BIT;
char *random_bytes = (char*) malloc(num_bytes);
if (!random_bytes)
fatal("out of memory");
FILE *random_file = fopen(gRandomFileName, "r");
if (!random_file)
fatal("could not open %s: %s", gRandomFileName, strerror(errno));
// Turn off buffering to avoid reading (and hence making the system
// generate) more random data than we need.
setbuf(random_file, NULL);
// Read a number R in the interval [0, 2^|num_bits|) from the RNG.
// Note that if L is not a power of 2, then L < 2^|num_bits|, so R may be
// >= L by *at most* a factor of 2. If this happens, retry until R < L.
//
// Strictly speaking, there is a chance that no matter how many times we
// read, R will be >= L each time, so cap the attempts at some reasonable
// value. For a cap of N, the chance that we'll never read a valid number
// is at most 1/2^N, which for N=100 is less than one in a nonillion.
int reads = 0;
while (1) {
if (fread(random_bytes, 1, num_bytes, random_file) != num_bytes)
fatal("error reading from %s", gRandomFileName);
// Chop off unnecessary leading bits.
if (num_bits % CHAR_BIT != 0)
random_bytes[0] &= (1 << (num_bits % CHAR_BIT)) - 1;
mpz_import(result, num_bytes, 1, 1, 0, 0, random_bytes);
// At this point, |high| == L - 1, so we need a <= here.
if (mpz_cmp(result, high) <= 0)
break;
if (++reads == kMaxReads)
fatal("system did not return a number within the given bounds");
}
mpz_add(result, result, low);
fclose(random_file);
free(random_bytes);
}
