int find_numbers(uint8_t *data, size_t len, size_t bits, uint8_t align, uint8_t endian_flags) { /* Temporary storage for bignum */ mpz_t n; size_t i; mpz_init(n); for (i = 0; i <= (len-bits/8); i+= align) { /* use mpz_import to convert from raw data : * (mpz_t rop, size_t count, int order, int size, int endian, * size_t nails, const void *op) */ /* Big endian : len bytes, MSB first */ mpz_import(n, bits/8, 1, 1, 1, 0, data+i); number_checks(n, bits, i); /* Little endian : len bytes, MSB first */ mpz_import(n, bits/8, -1, 1, 1, 0, data+i); number_checks(n, bits, i); } mpz_clear(n); return 0; }
/* Binary segmentation, using import/export method for processing p. * Thanks to Dan Bernstein's 2007 Quartic paper. */ void poly_mod_mul(mpz_t* px, mpz_t* py, UV r, mpz_t mod, mpz_t p, mpz_t p2, mpz_t t) { UV i, bytes; char* s; mpz_mul(t, mod, mod); mpz_mul_ui(t, t, r); bytes = mpz_sizeinbase(t, 256); mpz_set_ui(p, 0); mpz_set_ui(p2, 0); /* 1. Create big integers from px and py with padding. */ { Newz(0, s, r*bytes, char); for (i = 0; i < r; i++) mpz_export(s + i*bytes, NULL, -1, 1, 0, 0, px[i]); mpz_import(p, r*bytes, -1, 1, 0, 0, s); Safefree(s); } if (px != py) { Newz(0, s, r*bytes, char); for (i = 0; i < r; i++) mpz_export(s + i*bytes, NULL, -1, 1, 0, 0, py[i]); mpz_import(p2, r*bytes, -1, 1, 0, 0, s); Safefree(s); }
SCM SCM_FROM_TYPE_PROTO (TYPE val) { #if SIZEOF_TYPE != 0 && SIZEOF_TYPE < SIZEOF_SCM_T_BITS return SCM_I_MAKINUM (val); #else if (SCM_FIXABLE (val)) return SCM_I_MAKINUM (val); else if (val >= LONG_MIN && val <= LONG_MAX) return scm_i_long2big (val); else { SCM z = make_bignum (); mpz_init (SCM_I_BIG_MPZ (z)); if (val < 0) { val = -val; mpz_import (SCM_I_BIG_MPZ (z), 1, 1, sizeof (TYPE), 0, 0, &val); mpz_neg (SCM_I_BIG_MPZ (z), SCM_I_BIG_MPZ (z)); } else mpz_import (SCM_I_BIG_MPZ (z), 1, 1, sizeof (TYPE), 0, 0, &val); return z; } #endif }
pubkey_t rsa_parse_key (uchar* mod, int mlen, uchar* pE, int plen) { pubkey_t key; mpz_init(key.modulus); mpz_init(key.pE); mpz_import(key.modulus, mlen, 1, sizeof(uchar), 1, 0, mod); mpz_import(key.pE, plen, 1, sizeof(uchar), 1, 0, pE); key.size = mlen; return key; }
int srp_check_signature(guint32 address, const gchar *signature_raw) { gchar *result_raw; gchar check[32]; mpz_t result; mpz_t modulus; mpz_t signature; size_t size, alloc_size; int cmp_result; /* build the "check" array */ memcpy(check, &address, 4); memset(check + 4, 0xBB, 28); /* initialize the modulus */ mpz_init2(modulus, 1024); mpz_import(modulus, 128, -1, 1, 0, 0, srp_sig_n); /* initialize the server signature */ mpz_init2(signature, 1024); mpz_import(signature, 128, -1, 1, 0, 0, signature_raw); /* initialize the result */ mpz_init2(result, 1024); /* calculate the result */ mpz_powm_ui(result, signature, SRP_SIGNATURE_KEY, modulus); /* clear (free) the intermediates */ mpz_clear(signature); mpz_clear(modulus); /* allocate space for raw signature */ alloc_size = mpz_size(result) * sizeof(mp_limb_t); result_raw = (gchar *) g_malloc(alloc_size); if (!result_raw) { mpz_clear(result); return 0; } /* get a byte array of the signature */ mpz_export(result_raw, &size, -1, 1, 0, 0, result); /* clear (free) the result */ mpz_clear(result); /* check the result */ cmp_result = (memcmp(result_raw, check, 32) == 0); /* free the result_raw buffer */ g_free(result_raw); /* return */ return cmp_result; }
static int ecdsa_verify(unsigned char signature[96], const unsigned char digest[48], const unsigned char pkey[96]){ unsigned char u1buf[48]; unsigned char u2buf[48]; unsigned char point[96]; mpz_t order; mpz_t s; mpz_t r; mpz_t z; mpz_t u1; mpz_t u2; mpz_t w; int ret; mpz_init(order); mpz_init(s); mpz_init(r); mpz_init(z); mpz_init(u1); mpz_init(u2); mpz_init(w); mpz_set_str(order, "39402006196394479212279040100143613805079739270465446667946905279627659399113263569398956308152294913554433653942643", 10); mpz_import(r, 48, -1, 1, 1, 0, signature); mpz_import(s, 48, -1, 1, 1, 0, signature+48); mpz_import(z, 48, -1, 1, 1, 0, digest); mpz_invert(w, s, order); mpz_mul(u2, r, w); mpz_mul(u1, z, w); mpz_mod(u2, u2, order); mpz_mod(u1, u1, order); for(int i=0; i<48; i++){ u1buf[i]=0; u2buf[i]=0; } mpz_export(u1buf, NULL, -1, 1, 1, 0, u1); mpz_export(u2buf, NULL, -1, 1, 1, 0, u2); p384_32_double_scalarmult_base(point, pkey, u1buf, u2buf); mpz_import(u1, 48, 1, 1, 1, 0, point); mpz_sub(s, r, u1); mpz_mod(s, s, order); if(mpz_sgn(s)==0){ ret=1; } else { ret=0; } mpz_clear(order); mpz_clear(s); mpz_clear(r); mpz_clear(z); mpz_clear(u1); mpz_clear(u2); mpz_clear(w); return ret; }
mpz_class silvia_rng::get_random(size_t n) { // If n is a multiple of 8, use the simple way if (n % 8 == 0) { std::vector<unsigned char> rand_val; rand_val.resize(n/8); // FIXME: we should really check the return value of // RAND_bytes as failure indicates a lack of proper // entropy RAND_bytes(&rand_val[0], n / 8); // Now convert it to MPZ mpz_class rand; mpz_import(_Z(rand), n / 8, 1, sizeof(unsigned char), 0, 0, &rand_val[0]); return rand; } else { size_t num_bytes = (n / 8) + 1; // Compute the mask size_t mask_bits = n % 8; unsigned char mask = 0; while (mask_bits--) { mask = mask << 1; mask = mask + 0x01; } std::vector<unsigned char> rand_val; rand_val.resize(num_bytes); // FIXME: we should really check the return value of // RAND_bytes as failure indicates a lack of proper // entropy RAND_bytes(&rand_val[0], num_bytes); rand_val[0] &= mask; // Now convert it to MPZ mpz_class rand; mpz_import(_Z(rand), num_bytes, 1, sizeof(unsigned char), 0, 0, &rand_val[0]); return rand; } }
// Input: MyPrivKey = Your private key // HisPubKey = Someones public key // Output: MyPrivKey has been destroyed for security reasons // HisPubKey = the secret key int DH1080_comp(char *MyPrivKey, char *HisPubKey) { //int i=0; int iRet; unsigned char SHA256digest[35], base64_tmp[160]; mpz_t b_myPrivkey, b_HisPubkey, b_theKey; size_t len; // Verify base64 strings if((strspn(MyPrivKey, B64ABC) != strlen(MyPrivKey)) || (strspn(HisPubKey, B64ABC) != strlen(HisPubKey))) { memset(MyPrivKey, 0x20, strlen(MyPrivKey)); memset(HisPubKey, 0x20, strlen(HisPubKey)); return 0; } mpz_init(b_HisPubkey); mpz_init(b_theKey); len=b64toh(HisPubKey, (char *)base64_tmp); mpz_import(b_HisPubkey, len, 1, 1, 0, 0, base64_tmp); if(DH_verifyPubKey(b_HisPubkey)) { mpz_init(b_myPrivkey); len=b64toh(MyPrivKey, (char *)base64_tmp); mpz_import(b_myPrivkey, len, 1, 1, 0, 0, base64_tmp); memset(MyPrivKey, 0x20, strlen(MyPrivKey)); mpz_powm(b_theKey, b_HisPubkey, b_myPrivkey, b_prime1080); mpz_clear(b_myPrivkey); mpz_export(base64_tmp, &len, 1, 1, 0, 0, b_theKey); SHA256_memory((char *)base64_tmp, len, (char *)SHA256digest); htob64((char *)SHA256digest, HisPubKey, 32); iRet=1; } else iRet=0; ZeroMemory(base64_tmp, sizeof(base64_tmp)); ZeroMemory(SHA256digest, sizeof(SHA256digest)); mpz_clear(b_theKey); mpz_clear(b_HisPubkey); return iRet; }
list_t * entry (char *host, int sock, int flags) { list_t *p = xmalloc (sizeof *p); p->host = xstrdup (host); #if WITH_SSL p->ssl = flags & 1 ? SSL_new (client) : SSL_new (server); SSL_set_fd (p->ssl, sock); #else p->sock = sock; gc_cipher_open (GC_AES256, GC_STREAM, &p->cipher); mpz_t my_num; mpz_init (my_num); char *key = xcalloc (len, sizeof *key); pthread_cleanup_push (free, key); gc_random (key, len); mpz_import (my_num, len, 1, 1, 1, 0, key); mpz_t sent; mpz_init_set (sent, base); mpz_powm (sent, sent, my_num, prime); char *buff = xcalloc (len, sizeof *buff); pthread_cleanup_push (free, buff); mpz_export (buff, NULL, 1, 1, 1, 0, sent); if (send (sock, buff, len, 0) < 0) error (1, errno, "Failed to perform handshake"); if (recv (sock, buff, len, 0) < 0) error (1, errno, "Failed to perform handshake"); mpz_import (sent, len, 1, 1, 1, 0, buff); pthread_cleanup_pop (1); mpz_powm (sent, sent, my_num, prime); mpz_export (key, NULL, 1, 1, 1, 0, sent); gc_cipher_setkey (p->cipher, len, key); pthread_cleanup_pop (1); #endif /* WITH_SSL */ return p; }
void hcrypt_random(mpz_t tmp) { FILE *fp; fp = fopen("/dev/urandom", "rb"); int len = 9; if (fp) { unsigned char *bytes; bytes = (unsigned char *) malloc (len * sizeof(unsigned char)); if (fread(bytes, sizeof(unsigned char), len, fp)) { mpz_import(tmp, len, 1, sizeof(unsigned char), 0, 0, bytes); } else { printf("file read error\n"); } fclose(fp); free(bytes); } else { printf("random number generation error\n"); } }
void SRPGlobalInit() { mpz_init2(N, 256); mpz_import(N, 32, -1, sizeof(modulus[0]), 0, 0, modulus); gmp_randinit_default(gmprand); gmp_randseed_ui(gmprand, RandomGenSecure()); }
int chv_dec_mpz(chv_t * chv, mpz_t a, int little_endian_flag) { int ret = 0; size_t count; chv_dec_sizebe(chv, &count); /* decode size in bytes */ if (count) { const int order = 1; // 1:most sign. word first, -1:least sign. word first const int size = 4; /* word size */ const int endian = 1; // 1:BIG_ENDIAN, -1:LITTLE_ENDIAN, 0:NATIVE_ENDIAN const size_t nails = 0; // number of unused MSBs in each word const size_t len = count * size; if (chv_get_size(chv) >= len) { mpz_import(a, count, order, size, endian, nails, chv_get_buf(chv)); chv_drop(chv, len); /* drop the data */ ret = sizeof(uint64_t) + len; } else { PERR("Need %d bytes, but only have %d byte\n", len, chv_get_size(chv)); ret = -1; } } else { PERR("Empty data\n"); ret = -1; mpz_set_ui(a, 0); /* zero it */ } return ret; }
bool updateBlock(PrimecoinBlockHeader *header, mpz_class &blockHeaderHash, const PrimeSource &primeSource, CPrimalityTestParams &testParams, unsigned nonceIncrement) { uint8_t hash1[32]; uint8_t hashData[32]; while (header->nonce < 0xFFFF0000) { header->nonce += nonceIncrement; sha256(hash1, header, 80); sha256(hashData, hash1, 32); // sha256-hash must be greater than 2^255 if (!(hashData[31] & 0x80)) continue; mpz_import(blockHeaderHash.get_mpz_t(), 32 / sizeof(unsigned long), -1, sizeof(unsigned long), -1, 0, hashData); if (ProbablePrimalityTestWithTrialDivisionFast(blockHeaderHash, 1000, primeSource, testParams)) break; } return header->nonce < 0xFFFF0000; }
void prime_field::init(seclvl sp, uint8_t* seed) { mpz_t rnd_seed; //TODO: change to inits if working correctly mpz_init(p); mpz_init(g); mpz_init(q); mpz_init(rnd_seed); secparam = sp; mpz_import(rnd_seed, secparam.symbits, 1, sizeof((seed)[0]), 0, 0, seed); if (secparam.ifcbits == ST.ifcbits) { mpz_set_str(p, ifcp1024, 16); mpz_set_str(g, ifcg1024, 16); mpz_set_str(q, ifcq1024, 16); } else if (secparam.ifcbits == MT.ifcbits) { mpz_set_str(p, ifcp2048, 16); mpz_set_str(g, ifcg2048, 16); mpz_set_str(q, ifcq2048, 16); } else if (secparam.ifcbits == LT.ifcbits) { mpz_set_str(p, ifcp3072, 10); mpz_set_str(g, ifcg3072, 10); mpz_set_str(q, ifcq3072, 10); } else //Long term security { mpz_set_str(p, ifcp3072, 10); mpz_set_str(g, ifcg3072, 10); mpz_set_str(q, ifcq1024, 10); } gmp_randinit_default(rnd_state); gmp_randseed(rnd_state, rnd_seed); fe_bytelen = ceil_divide(secparam.ifcbits, 8); }
static void srp_get_x(srp_t *srp, mpz_t x_c, const gchar *raw_salt) { gchar *userpass; guint8 hash[SHA1_HASH_SIZE], final_hash[SHA1_HASH_SIZE]; sha1_context ctx; ctx.version = SHA1_TYPE_NORMAL; // build the string Username:Password userpass = (gchar *) g_malloc(srp->username_len + srp->password_len + 2); memcpy(userpass, srp->username_upper, srp->username_len); userpass[srp->username_len] = ':'; memcpy(userpass + srp->username_len + 1, srp->password_upper, srp->password_len); userpass[srp->username_len + srp->password_len + 1] = 0; // null-terminator // get the SHA-1 hash of the string sha1_reset(&ctx); sha1_input(&ctx, (guint8 *) userpass, (srp->username_len + srp->password_len + 1)); sha1_digest(&ctx, hash); g_free(userpass); // get the SHA-1 hash of the salt and user:pass hash sha1_reset(&ctx); sha1_input(&ctx, (guint8 *) raw_salt, 32); sha1_input(&ctx, hash, 20); sha1_digest(&ctx, final_hash); // create an arbitrary-length integer from the hash and return it mpz_init2(x_c, 160); mpz_import(x_c, 20, -1, 1, 0, 0, (gchar *) final_hash); }
static int zp_from_bytes(element_t e, unsigned char *data) { mpz_ptr z = e->data; int n; n = e->field->fixed_length_in_bytes; mpz_import(z, n, 1, 1, 1, 0, data); return n; }
extern "C" PyObject* _PyLong_FromByteArray(const unsigned char* bytes, size_t n, int little_endian, int is_signed) noexcept { if (n == 0) return PyLong_FromLong(0); if (!little_endian) { // TODO: check if the behaviour of mpz_import is right when big endian is specified. Py_FatalError("unimplemented"); return 0; } BoxedLong* rtn = new BoxedLong(); mpz_init(rtn->n); mpz_import(rtn->n, 1, 1, n, little_endian ? -1 : 1, 0, &bytes[0]); RELEASE_ASSERT(little_endian, ""); if (is_signed && bytes[n - 1] >= 0x80) { // todo add big endian support mpz_t t; mpz_init(t); mpz_setbit(t, n * 8); mpz_sub(rtn->n, rtn->n, t); mpz_clear(t); } return rtn; }
void bn254_fp6_from_oct(Element x, const unsigned char *os, const size_t size) { mpz_t quo, rem; if (size < 190) { fprintf(stderr, "error: please set up the enought buffer for element\n"); exit(300); } mpz_init(quo); mpz_init(rem); mpz_import(quo, size, 1, sizeof(*os), 1, 0, os); mpz_tdiv_qr(quo, rem, quo, field(x)->base->base->order); mpz_set(rep(rep0(rep0(x))), rem); mpz_tdiv_qr(quo, rem, quo, field(x)->base->base->order); mpz_set(rep(rep0(rep1(x))), rem); mpz_tdiv_qr(quo, rem, quo, field(x)->base->base->order); mpz_set(rep(rep0(rep2(x))), rem); mpz_tdiv_qr(quo, rem, quo, field(x)->base->base->order); mpz_set(rep(rep1(rep0(x))), rem); mpz_tdiv_qr(quo, rem, quo, field(x)->base->base->order); mpz_set(rep(rep1(rep1(x))), rem); mpz_tdiv_qr(quo, rem, quo, field(x)->base->base->order); mpz_set(rep(rep1(rep2(x))), rem); mpz_clear(quo); mpz_clear(rem); }
bool RSA::encrypt(char* msg, int32_t size, const char* key) { mpz_t plain, c; mpz_init2(plain, 1024); mpz_init2(c, 1024); mpz_t e; mpz_init(e); mpz_set_ui(e,65537); mpz_t mod; mpz_init2(mod, 1024); mpz_set_str(mod, key, 10); mpz_import(plain, 128, 1, 1, 0, 0, msg); mpz_powm(c, plain, e, mod); size_t count = (mpz_sizeinbase(c, 2) + 7)/8; memset(msg, 0, 128 - count); mpz_export(&msg[128 - count], NULL, 1, 1, 0, 0, c); mpz_clear(c); mpz_clear(plain); mpz_clear(e); mpz_clear(mod); return true; }
// Inversion is slower than in a naive Fp implementation because of an extra // multiplication. // Requires nonzero a. static void fp_invert(element_ptr c, element_ptr a) { eptr ad = (eptr)a->data; eptr cd = (eptr)c->data; fptr p = (fptr)a->field->data; #ifdef _MSC_VER // for VC++ compatibility mp_limb_t tmp[MAX_LIMBS]; #else mp_limb_t tmp[p->limbs]; #endif mpz_t z; mpz_init(z); // Copy the limbs into a regular mpz_t so we can invert using the standard // mpz_invert(). mpz_import(z, p->limbs, -1, sizeof(mp_limb_t), 0, 0, ad->d); mpz_invert(z, z, a->field->order); set_limbs(tmp, z, p->limbs); // Normalize. mont_mul(cd->d, tmp, p->R3, p); cd->flag = 2; mpz_clear(z); }
int VNRW_GMP_PubEncrypt( const VNAsymCryptCtx_t * ctx, const unsigned char * plainText, int length, struct vn_iovec * cipherText ) { mpz_t zm; const VNRW_GMP_Ctx_t * gmpCtx = VN_CONTAINER_OF( ctx, VNRW_GMP_Ctx_t, mCtx ); assert( VN_TYPE_VNRWSign_GMP == ctx->mType || VN_TYPE_VNRWEnc_GMP == ctx->mType ); mpz_init( zm ); mpz_import( zm, length, 1, 1, 0, 0, plainText ); if( ( mpz_sizeinbase( gmpCtx->mN, 2 ) - mpz_sizeinbase( zm, 2 ) ) < 4 ) { mpz_clear( zm ); return VN_ERR_PLAINTEXT_TOO_LONG; } VNRW_GMP_E1( ctx, zm ); VNRW_GMP_E2( ctx, zm ); VN_GMP_dump_bin( zm, cipherText ); mpz_clear( zm ); return 0; }
void nls_get_x(nls_t* nls, mpz_t x_c, const char* raw_salt) { char* userpass; uint8_t hash[20], final_hash[20]; SHA1Context shac; // build the string Username:Password userpass = (char*) malloc(nls->username_len + nls->password_len + 2); memcpy(userpass, nls->username, nls->username_len); userpass[nls->username_len] = ':'; memcpy(userpass + nls->username_len + 1, nls->password, nls->password_len); userpass[nls->username_len + nls->password_len + 1] = 0; // null-terminator // get the SHA-1 hash of the string SHA1Reset(&shac); SHA1Input(&shac, (uint8_t*) userpass, (nls->username_len + nls->password_len + 1)); SHA1Result(&shac, hash); free(userpass); // get the SHA-1 hash of the salt and user:pass hash SHA1Reset(&shac); SHA1Input(&shac, (uint8_t*) raw_salt, 32); SHA1Input(&shac, hash, 20); SHA1Result(&shac, final_hash); SHA1Reset(&shac); // create an arbitrary-length integer from the hash and return it mpz_init2(x_c, 160); mpz_import(x_c, 20, -1, 1, 0, 0, (char*) final_hash); }
/* read */ static int unsigned_read(void *a, unsigned char *b, unsigned long len) { LTC_ARGCHK(a != NULL); LTC_ARGCHK(b != NULL); mpz_import(a, len, 1, 1, 1, 0, b); return CRYPT_OK; }
//All our byte arrays are supposed to be little endian. static void ecdsa_sign(unsigned char signature[96], const unsigned char digest[48], const unsigned char keyb[48]){ unsigned char kbuf[96]; unsigned char kexp[48]; unsigned char point[96]; for(int i=0; i<48; i++){ kexp[i]=0; } mpz_t order; mpz_t k; mpz_t kinv; mpz_t x; //x coordinate mpz_t d; //digest mpz_t key; //key mpz_init(order); mpz_init(k); mpz_init(x); mpz_init(d); mpz_init(key); mpz_init(kinv); mpz_set_str(order, "39402006196394479212279040100143613805079739270465446667946905279627659399113263569398956308152294913554433653942643", 10); randombytes(kbuf, 96); mpz_import(k, 96, -1, 1, 1, 0, kbuf); mpz_mod(k, k, order); mpz_export(kexp, NULL, -1, 1, 1, 0, k); p384_32_scalarmult_base(point, kexp); mpz_import(x, 48, 1, 1, 1, 0, point); mpz_mod(x, x, order); mpz_import(d, 48, -1, 1, 1, 0, digest); mpz_import(key, 48, -1, 1, 1, 0, keyb); mpz_invert(kinv, k, order); mpz_addmul(d, x, key); mpz_mod(d, d, order); mpz_mul(d, kinv, d); mpz_mod(d, d, order); for(int i=0; i<96; i++){ signature[i]=0; } mpz_export(signature, NULL, -1, 1, 1, 0, x); mpz_export(signature+48, NULL, -1, 1, 1, 0, d); mpz_clear(order); mpz_clear(k); mpz_clear(kinv); mpz_clear(x); mpz_clear(d); mpz_clear(key); }
int rsa_import_key(rsa_private_key_t *key, int endian, uint8_t *n, size_t n_len, uint8_t *e, size_t e_len, uint8_t *p, uint8_t *q) { mpz_t t1, t2, phi; if (n == NULL || n_len == 0 || (p == NULL && q == NULL)) return -1; /* init key */ key->size = n_len << 3; if (e == NULL || e_len == 0) { mpz_init_set_ui(key->e, 65537); } else { mpz_init2(key->e, (e_len << 3) + GMP_NUMB_BITS); mpz_import(key->e, e_len, endian, 1, 0, 0, e); } mpz_init2(key->n, key->size + GMP_NUMB_BITS); mpz_init2(key->p, key->size / 2 + GMP_NUMB_BITS); mpz_init2(key->q, key->size / 2 + GMP_NUMB_BITS); mpz_init2(key->d, key->size + GMP_NUMB_BITS); mpz_init2(key->u, key->size / 2 + GMP_NUMB_BITS); mpz_init2(t1, key->size / 2 + GMP_NUMB_BITS); mpz_init2(t2, key->size / 2 + GMP_NUMB_BITS); mpz_init2(phi, key->size + GMP_NUMB_BITS); /* import values */ mpz_import(key->n, n_len, endian, 1, 0, 0, n); if (p != NULL) mpz_import(key->p, n_len / 2, endian, 1, 0, 0, p); if (q != NULL) mpz_import(key->q, n_len / 2, endian, 1, 0, 0, q); if (p == NULL) mpz_tdiv_q(key->p, key->n, key->q); if (q == NULL) mpz_tdiv_q(key->q, key->n, key->p); /* p shall be smaller than q */ if (mpz_cmp(key->p, key->q) > 0) mpz_swap(key->p, key->q); /* calculate missing values */ mpz_sub_ui(t1, key->p, 1); mpz_sub_ui(t2, key->q, 1); mpz_mul(phi, t1, t2); mpz_invert(key->d, key->e, phi); mpz_invert(key->u, key->p, key->q); /* release helper variables */ mpz_clear(t1); mpz_clear(t2); mpz_clear(phi); /* test key */ if (rsa_test_key(key) != 0) { rsa_release_private_key(key); return -1; } return 0; }
int BnetSRP3::init( const char* username_, const char* password_, const byte * salt_ ) { if(!srp3_inited) { gmp_randinit_default(rand); gmp_randseed_ui(rand, (unsigned long)time(NULL)); mpz_init2(N, 256); mpz_import(N, 32, -1, 1, 0, 0, SRP3_N); mpz_init_set_ui(g, SRP3_g); srp3_inited = true; } uint i; const char* source; if (!username_) { return -1; } uint len = strlen(username_); username.resize(len); source = username_; for(i = 0; i < len; ++ i) { username[i] = toupper(*(source++)); } if (!((password_ == NULL) ^ (salt_ == NULL))) { return -1; } if (password_!=NULL) { len = strlen(password_); password.resize(len); source = password_; for(i = 0; i < len; ++ i) { password[i] = toupper(*(source++)); } mpz_init2(a, 256); mpz_init(b); mpz_urandomm(a, rand, N); /* generates the private key */ mpz_t s; mpz_init2(s, 256); mpz_urandomb(s, rand, 256); mpz_export(raw_salt, NULL, 1, 4, -1, 0, s); } else { password = ""; mpz_init(a); mpz_init2(b, 256); mpz_urandomm(b, rand, N); setSalt(salt_); } B_inited = false; return 0; }
static void fp_from_hash(element_ptr n, void *data, int len) { mpz_t z; mpz_init(z); mpz_import(z, len, -1, 1, -1, 0, data); fp_set_mpz(n, z); mpz_clear(z); }
void mp2gmp(z *src, mpz_t dest) { mpz_import(dest, (size_t)(abs(src->size)), -1, sizeof(fp_digit), 0, (size_t)0, src->val); if (src->size < 0) mpz_neg(dest, dest); }
int rsa_import_public_key(rsa_public_key_t *key, int endian, uint8_t *n, size_t n_len, uint8_t *e, size_t e_len) { if (n == NULL || n_len == 0) return -1; /* init key */ key->size = n_len << 3; if (e == NULL || e_len == 0) { mpz_init_set_ui(key->e, 65537); } else { mpz_init2(key->e, (e_len << 3) + GMP_NUMB_BITS); mpz_import(key->e, e_len, endian, 1, 0, 0, e); } mpz_init2(key->n, key->size + GMP_NUMB_BITS); /* import values */ mpz_import(key->n, n_len, endian, 1, 0, 0, n); return 0; }
static void get_random_mpz(mpz_t result, mpz_t low, mpz_t high) { // In the comments below, let L be the length of the desired interval, // i.e. |high - low|. // To conserve memory, repurpose |high| to be a temporary. mpz_sub(high, high, low); if (mpz_sgn(high) <= 0) fatal("upper bound must be strictly greater than lower bound"); // If L == 1, there's only one possible result, so return it. mpz_sub_ui(high, high, 1); if (mpz_sgn(high) == 0) { mpz_set(result, low); return; } // The system PRNG provides us with a source of of random *bits*, so we // need to figure out the number of bits required to represent L. size_t num_bits = mpz_sizeinbase(high, 2); size_t num_bytes = 1 + (num_bits - 1) / CHAR_BIT; char *random_bytes = (char*) malloc(num_bytes); if (!random_bytes) fatal("out of memory"); FILE *random_file = fopen(gRandomFileName, "r"); if (!random_file) fatal("could not open %s: %s", gRandomFileName, strerror(errno)); // Turn off buffering to avoid reading (and hence making the system // generate) more random data than we need. setbuf(random_file, NULL); // Read a number R in the interval [0, 2^|num_bits|) from the RNG. // Note that if L is not a power of 2, then L < 2^|num_bits|, so R may be // >= L by *at most* a factor of 2. If this happens, retry until R < L. // // Strictly speaking, there is a chance that no matter how many times we // read, R will be >= L each time, so cap the attempts at some reasonable // value. For a cap of N, the chance that we'll never read a valid number // is at most 1/2^N, which for N=100 is less than one in a nonillion. int reads = 0; while (1) { if (fread(random_bytes, 1, num_bytes, random_file) != num_bytes) fatal("error reading from %s", gRandomFileName); // Chop off unnecessary leading bits. if (num_bits % CHAR_BIT != 0) random_bytes[0] &= (1 << (num_bits % CHAR_BIT)) - 1; mpz_import(result, num_bytes, 1, 1, 0, 0, random_bytes); // At this point, |high| == L - 1, so we need a <= here. if (mpz_cmp(result, high) <= 0) break; if (++reads == kMaxReads) fatal("system did not return a number within the given bounds"); } mpz_add(result, result, low); fclose(random_file); free(random_bytes); }