bool Cryptography::Initialize() { if (LoadKeyPair()) return true; else return GenerateKeyPair(); }
void PrivateCoin::mintCoinFast(const CoinDenomination denomination) { // Generate a random serial number in the range 0...{q-1} where // "q" is the order of the commitment group. // And where the serial also doubles as a public key CKey key; CBigNum s; bool isValid = false; while (!isValid) { isValid = GenerateKeyPair(this->params->coinCommitmentGroup.groupOrder, uint256(0), key, s); } // Generate a random number "r" in the range 0...{q-1} CBigNum r = CBigNum::randBignum(this->params->coinCommitmentGroup.groupOrder); // Manually compute a Pedersen commitment to the serial number "s" under randomness "r" // C = g^s * h^r mod p CBigNum commitmentValue = this->params->coinCommitmentGroup.g.pow_mod(s, this->params->coinCommitmentGroup.modulus).mul_mod(this->params->coinCommitmentGroup.h.pow_mod(r, this->params->coinCommitmentGroup.modulus), this->params->coinCommitmentGroup.modulus); // Repeat this process up to MAX_COINMINT_ATTEMPTS times until // we obtain a prime number for (uint32_t attempt = 0; attempt < MAX_COINMINT_ATTEMPTS; attempt++) { // First verify that the commitment is a prime number // in the appropriate range. If not, we'll throw this coin // away and generate a new one. if (commitmentValue.isPrime(ZEROCOIN_MINT_PRIME_PARAM) && commitmentValue >= params->accumulatorParams.minCoinValue && commitmentValue <= params->accumulatorParams.maxCoinValue) { // Found a valid coin. Store it. this->serialNumber = s; this->randomness = r; this->publicCoin = PublicCoin(params, commitmentValue, denomination); this->privkey = key.GetPrivKey(); this->version = 2; // Success! We're done. return; } // Generate a new random "r_delta" in 0...{q-1} CBigNum r_delta = CBigNum::randBignum(this->params->coinCommitmentGroup.groupOrder); // The commitment was not prime. Increment "r" and recalculate "C": // r = r + r_delta mod q // C = C * h mod p r = (r + r_delta) % this->params->coinCommitmentGroup.groupOrder; commitmentValue = commitmentValue.mul_mod(this->params->coinCommitmentGroup.h.pow_mod(r_delta, this->params->coinCommitmentGroup.modulus), this->params->coinCommitmentGroup.modulus); } // We only get here if we did not find a coin within // MAX_COINMINT_ATTEMPTS. Throw an exception. throw std::runtime_error("Unable to mint a new Zerocoin (too many attempts)"); }
/************************************************************************** * * G e n e r a t e S e l f S i g n e d O b j e c t S i g n i n g C e r t * *phew*^ * */ static CERTCertificate* GenerateSelfSignedObjectSigningCert(char *nickname, CERTCertDBHandle *db, char *subject, unsigned long serial, int keysize, char *token) { CERTCertificate * cert, *temp_cert; SECItem * derCert; CERTCertificateRequest * req; PK11SlotInfo * slot = NULL; SECKEYPrivateKey * privk = NULL; SECKEYPublicKey * pubk = NULL; if ( token ) { slot = PK11_FindSlotByName(token); } else { slot = PK11_GetInternalKeySlot(); } if (slot == NULL) { PR_fprintf(errorFD, "Can't find PKCS11 slot %s\n", token ? token : ""); errorCount++; exit (ERRX); } if ( GenerateKeyPair(slot, &pubk, &privk, keysize) != SECSuccess) { FatalError("Error generating keypair."); } req = make_cert_request (subject, pubk); temp_cert = make_cert (req, serial, &req->subject); if (set_cert_type(temp_cert, NS_CERT_TYPE_OBJECT_SIGNING | NS_CERT_TYPE_OBJECT_SIGNING_CA) != SECSuccess) { FatalError("Unable to set cert type"); } derCert = sign_cert (temp_cert, privk); cert = install_cert(db, derCert, nickname); if (ChangeTrustAttributes(db, cert, ",,uC") != SECSuccess) { FatalError("Unable to change trust on generated certificate"); } /* !!! Free memory ? !!! */ PK11_FreeSlot(slot); SECKEY_DestroyPrivateKey(privk); SECKEY_DestroyPublicKey(pubk); return cert; }
void PrivateCoin::mintCoin(const CoinDenomination denomination) { // Repeat this process up to MAX_COINMINT_ATTEMPTS times until // we obtain a prime number for(uint32_t attempt = 0; attempt < MAX_COINMINT_ATTEMPTS; attempt++) { // Generate a random serial number in the range 0...{q-1} where // "q" is the order of the commitment group. // And where the serial also doubles as a public key CKey key; CBigNum s; bool isValid = false; while (!isValid) { isValid = GenerateKeyPair(this->params->coinCommitmentGroup.groupOrder, uint256(0), key, s); } // Generate a Pedersen commitment to the serial number "s" Commitment coin(¶ms->coinCommitmentGroup, s); // Now verify that the commitment is a prime number // in the appropriate range. If not, we'll throw this coin // away and generate a new one. if (coin.getCommitmentValue().isPrime(ZEROCOIN_MINT_PRIME_PARAM) && coin.getCommitmentValue() >= params->accumulatorParams.minCoinValue && coin.getCommitmentValue() <= params->accumulatorParams.maxCoinValue) { // Found a valid coin. Store it. this->serialNumber = s; this->randomness = coin.getRandomness(); this->publicCoin = PublicCoin(params,coin.getCommitmentValue(), denomination); this->privkey = key.GetPrivKey(); this->version = 2; // Success! We're done. return; } } // We only get here if we did not find a coin within // MAX_COINMINT_ATTEMPTS. Throw an exception. throw std::runtime_error("Unable to mint a new Zerocoin (too many attempts)"); }
/** * Generates User Certificate File */ void GenerateUserCertificateFile() { uint8_t subjPubKey[PUBLIC_KEY_SIZE] = {0}; uint8_t subjPrivKey[PRIVATE_KEY_SIZE] = {0}; ByteArray pubKeySubj = BYTE_ARRAY_CONSTRUCTOR(subjPubKey); ByteArray privKeySubj = BYTE_ARRAY_CONSTRUCTOR(subjPrivKey); // TODO: Uncomment GenerateKeyPair GenerateKeyPair(&privKeySubj, &pubKeySubj); if (GenerateDERCertificateFile(&privKeySubj, DEFAULT_USER_PRIVATE_KEY_NAME) != PKI_SUCCESS) { printf("Unable to generate user private key file!\n"); exit(0); } else { printf("User private key file generated: %s\n", DEFAULT_USER_PRIVATE_KEY_NAME); }; uint8_t derData[DEFAULT_DER_DATA_SIZE] = {0}; ByteArray certDer = BYTE_ARRAY_CONSTRUCTOR(derData); const uint8_t defaultUserName[] = "Default_USER_Name"; CKMIssueDeviceCertificate(defaultUserName, 0, 0, subjPubKey, &certDer); if (GenerateDERCertificateFile(&certDer, DEFAULT_USER_CRT_NAME) != PKI_SUCCESS) { printf("Unable to generate User Certificate file!\n"); exit(0); } else { printf("User Certificate File generated: %s\n", DEFAULT_USER_CRT_NAME); }; }