Polynomial::Polynomial(BIGNUM *constant,BIGNUM *p,int len) { this->p = BN_new(); coefficients = new vector<BIGNUM *>(); BIGNUM *conCopy = BN_new(); BN_copy(this->p,p); BN_copy(conCopy,constant); coefficients->push_back(conCopy); for(int i=1;i<len;i++) { BIGNUM * rn = BN_new(); BN_pseudo_rand_range(rn,p); coefficients->push_back(rn); } while(BN_is_zero(*(coefficients->end()-1))) { coefficients->pop_back(); BIGNUM * rn = BN_new(); BN_pseudo_rand_range(rn,p); coefficients->push_back(rn); } }
static BN_BLINDING *setup_blinding(RSA *rsa, BN_CTX *ctx) { const RSA_METHOD *meth; BIGNUM *A, *Ai; BN_BLINDING *ret = NULL; /* added in OpenSSL 0.9.6j and 0.9.7b */ /* NB: similar code appears in RSA_blinding_on (rsa_lib.c); * this should be placed in a new function of its own, but for reasons * of binary compatibility can't */ meth = rsa->meth; BN_CTX_start(ctx); A = BN_CTX_get(ctx); if (rsa->d != NULL && rsa->d->d != NULL) { /* if PRNG is not properly seeded, resort to secret exponent as unpredictable seed */ if (!BN_pseudo_rand_range(A,rsa->n)) goto err; } else { if (!BN_rand_range(A,rsa->n)) goto err; } if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err; if (!meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n)) goto err; ret = BN_BLINDING_new(A,Ai,rsa->n); BN_free(Ai); err: BN_CTX_end(ctx); return ret; }
ERL_NIF_TERM rand_uniform_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]) {/* (Lo,Hi) */ BIGNUM *bn_from = NULL, *bn_to, *bn_rand; unsigned char* data; unsigned dlen; ERL_NIF_TERM ret; if (!get_bn_from_mpint(env, argv[0], &bn_from) || !get_bn_from_mpint(env, argv[1], &bn_rand)) { if (bn_from) BN_free(bn_from); return enif_make_badarg(env); } bn_to = BN_new(); BN_sub(bn_to, bn_rand, bn_from); BN_pseudo_rand_range(bn_rand, bn_to); BN_add(bn_rand, bn_rand, bn_from); dlen = BN_num_bytes(bn_rand); data = enif_make_new_binary(env, dlen+4, &ret); put_int32(data, dlen); BN_bn2bin(bn_rand, data+4); ERL_VALGRIND_MAKE_MEM_DEFINED(data+4, dlen); BN_free(bn_rand); BN_free(bn_from); BN_free(bn_to); return ret; }
int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx) { BIGNUM *A,*Ai = NULL; BN_CTX *ctx; int ret=0; if (p_ctx == NULL) { if ((ctx=BN_CTX_new()) == NULL) goto err; } else ctx=p_ctx; /* XXXXX: Shouldn't this be RSA_blinding_off(rsa)? */ if (rsa->blinding != NULL) { BN_BLINDING_free(rsa->blinding); rsa->blinding = NULL; } /* NB: similar code appears in setup_blinding (rsa_eay.c); * this should be placed in a new function of its own, but for reasons * of binary compatibility can't */ BN_CTX_start(ctx); A = BN_CTX_get(ctx); if (rsa->d != NULL && rsa->d->d != NULL) { if (!BN_pseudo_rand_range(A,rsa->n)) goto err; } else { if (!BN_rand_range(A,rsa->n)) goto err; } if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err; if (!rsa->meth->bn_mod_exp(A,A, rsa->e,rsa->n,ctx,rsa->_method_mod_n)) goto err; if ((rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n)) == NULL) goto err; /* to make things thread-safe without excessive locking, * rsa->blinding will be used just by the current thread: */ rsa->flags |= RSA_FLAG_BLINDING; rsa->flags &= ~RSA_FLAG_NO_BLINDING; ret=1; err: if (Ai != NULL) BN_free(Ai); BN_CTX_end(ctx); if (ctx != p_ctx) BN_CTX_free(ctx); return(ret); }
int BN_is_prime_fasttest(const BIGNUM *a, int checks, void (*callback)(int,int,void *), BN_CTX *ctx_passed, void *cb_arg, int do_trial_division) { int i, j, ret = -1; int k; BN_CTX *ctx = NULL; BIGNUM *A1, *A1_odd, *check; /* taken from ctx */ BN_MONT_CTX *mont = NULL; const BIGNUM *A = NULL; if (BN_cmp(a, BN_value_one()) <= 0) return 0; if (checks == BN_prime_checks) checks = BN_prime_checks_for_size(BN_num_bits(a)); /* first look for small factors */ if (!BN_is_odd(a)) return 0; if (do_trial_division) { for (i = 1; i < NUMPRIMES; i++) if (BN_mod_word(a, primes[i]) == 0) return 0; if (callback != NULL) callback(1, -1, cb_arg); } if (ctx_passed != NULL) ctx = ctx_passed; else if ((ctx=BN_CTX_new()) == NULL) goto err; BN_CTX_start(ctx); /* A := abs(a) */ if (a->neg) { BIGNUM *t; if ((t = BN_CTX_get(ctx)) == NULL) goto err; BN_copy(t, a); t->neg = 0; A = t; } else A = a; A1 = BN_CTX_get(ctx); A1_odd = BN_CTX_get(ctx); check = BN_CTX_get(ctx); if (check == NULL) goto err; /* compute A1 := A - 1 */ if (!BN_copy(A1, A)) goto err; if (!BN_sub_word(A1, 1)) goto err; if (BN_is_zero(A1)) { ret = 0; goto err; } /* write A1 as A1_odd * 2^k */ k = 1; while (!BN_is_bit_set(A1, k)) k++; if (!BN_rshift(A1_odd, A1, k)) goto err; /* Montgomery setup for computations mod A */ mont = BN_MONT_CTX_new(); if (mont == NULL) goto err; if (!BN_MONT_CTX_set(mont, A, ctx)) goto err; for (i = 0; i < checks; i++) { if (!BN_pseudo_rand_range(check, A1)) goto err; if (!BN_add_word(check, 1)) goto err; /* now 1 <= check < A */ j = witness(check, A, A1, A1_odd, k, ctx, mont); if (j == -1) goto err; if (j) { ret=0; goto err; } if (callback != NULL) callback(1,i,cb_arg); } ret=1; err: if (ctx != NULL) { BN_CTX_end(ctx); if (ctx_passed == NULL) BN_CTX_free(ctx); } if (mont != NULL) BN_MONT_CTX_free(mont); return(ret); }
int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, int do_trial_division, BN_GENCB *cb) { int i, j, ret = -1; int k; BN_CTX *ctx = NULL; BIGNUM *A1, *A1_odd, *check; /* taken from ctx */ BN_MONT_CTX *mont = NULL; const BIGNUM *A = NULL; if (BN_cmp(a, BN_value_one()) <= 0) { return 0; } if (checks == BN_prime_checks) { checks = BN_prime_checks_for_size(BN_num_bits(a)); } /* first look for small factors */ if (!BN_is_odd(a)) { /* a is even => a is prime if and only if a == 2 */ return BN_is_word(a, 2); } if (do_trial_division) { for (i = 1; i < NUMPRIMES; i++) { if (BN_mod_word(a, primes[i]) == 0) { return 0; } } if (!BN_GENCB_call(cb, 1, -1)) { goto err; } } if (ctx_passed != NULL) { ctx = ctx_passed; } else if ((ctx = BN_CTX_new()) == NULL) { goto err; } BN_CTX_start(ctx); /* A := abs(a) */ if (a->neg) { BIGNUM *t = BN_CTX_get(ctx); if (t == NULL || !BN_copy(t, a)) { goto err; } t->neg = 0; A = t; } else { A = a; } A1 = BN_CTX_get(ctx); A1_odd = BN_CTX_get(ctx); check = BN_CTX_get(ctx); if (check == NULL) { goto err; } /* compute A1 := A - 1 */ if (!BN_copy(A1, A)) { goto err; } if (!BN_sub_word(A1, 1)) { goto err; } if (BN_is_zero(A1)) { ret = 0; goto err; } /* write A1 as A1_odd * 2^k */ k = 1; while (!BN_is_bit_set(A1, k)) { k++; } if (!BN_rshift(A1_odd, A1, k)) { goto err; } /* Montgomery setup for computations mod A */ mont = BN_MONT_CTX_new(); if (mont == NULL) { goto err; } if (!BN_MONT_CTX_set(mont, A, ctx)) { goto err; } for (i = 0; i < checks; i++) { if (!BN_pseudo_rand_range(check, A1)) { goto err; } if (!BN_add_word(check, 1)) { goto err; } /* now 1 <= check < A */ j = witness(check, A, A1, A1_odd, k, ctx, mont); if (j == -1) { goto err; } if (j) { ret = 0; goto err; } if (!BN_GENCB_call(cb, 1, i)) { goto err; } } ret = 1; err: if (ctx != NULL) { BN_CTX_end(ctx); if (ctx_passed == NULL) { BN_CTX_free(ctx); } } if (mont != NULL) { BN_MONT_CTX_free(mont); } return ret; }
int main(int argc, char *argv[]) { int bitlens[] = { 8, 16, 32, 64, 128, 256, 512, 1024, 2048 }; BIGNUM *r_hw = BN_new(); BIGNUM *r_sw = BN_new(); BIGNUM *a = BN_new(); BIGNUM *b = BN_new(); BIGNUM *n = BN_new(); BigNumber *bn_r; BigNumber *bn_a; BigNumber *bn_b; BigNumber *bn_n; int i = 0; int j = 0; int fail = 0; int total = 0; BN_CTX *ctx = BN_CTX_new(); //bn_r = cop_bn_new_sz(256); for (j = 0; j < (sizeof(bitlens) / sizeof(int)); j++) { for (i = 0; i < NUM_TESTS; i++) { //printf("test %d-%d\n", i, j); // Generate random parameters BN_pseudo_rand(n, bitlens[j], 0, 1); BN_pseudo_rand(b, bitlens[j], 0, 0); BN_pseudo_rand_range(a, n); // Setup bignumbers size_t a_sz = BN_num_bytes(a); if (a_sz) { bn_a = cop_bn_new_sz(BN_num_bytes(a)); BN_bn2bin(a, bn_a->number); } else { bn_a = cop_bn_new_int(0); } bn_b = cop_bn_new_sz(BN_num_bytes(b)); bn_n = cop_bn_new_sz(BN_num_bytes(n)); BN_bn2bin(b, bn_b->number); BN_bn2bin(n, bn_n->number); // Perform tests TEST_CASE_ASYM(mod_add, madd); TEST_CASE_ASYM(mod_sub, msub); TEST_CASE_ASYM(mod_mul, mmul); TEST_CASE_ASYM(mod_exp, mex); // Free memory cop_bn_free(bn_a); cop_bn_free(bn_b); cop_bn_free(bn_n); } } cop_bn_free(bn_r); BN_free(r_hw); BN_free(r_sw); BN_free(a); BN_free(b); BN_free(n); BN_CTX_free(ctx); printf("=== %s: %d/%d failures ===\n", argv[0], fail, total); return fail; }