コード例 #1
0
int compute_scalar_element (pwd_session_t *sess, BN_CTX *bnctx) {
	BIGNUM *mask = NULL;
	int ret = -1;

	if (((sess->private_value = BN_new()) == NULL) ||
	    ((sess->my_element = EC_POINT_new(sess->group)) == NULL) ||
	    ((sess->my_scalar = BN_new()) == NULL) ||
	    ((mask = BN_new()) == NULL)) {
		DEBUG2("server scalar allocation failed");
		goto fail;
	}

	BN_rand_range(sess->private_value, sess->order);
	BN_rand_range(mask, sess->order);
	BN_add(sess->my_scalar, sess->private_value, mask);
	BN_mod(sess->my_scalar, sess->my_scalar, sess->order, bnctx);

	if (!EC_POINT_mul(sess->group, sess->my_element, NULL, sess->pwe, mask, bnctx)) {
		DEBUG2("server element allocation failed");
		goto fail;
	}

	if (!EC_POINT_invert(sess->group, sess->my_element, bnctx)) {
		DEBUG2("server element inversion failed");
		goto fail;
	}

	ret = 0;

fail:
	BN_free(mask);

	return ret;
}
コード例 #2
0
// Generate each party's random numbers. xa is in [0, q), xb is in [1, q).
static void genrand(JPakeUser * user, const JPakeParameters * params)
{
    BIGNUM *qm1;

    // xa in [0, q)
    user->xa = BN_new();
    BN_rand_range(user->xa, params->q);

    // q-1
    qm1 = BN_new();
    BN_copy(qm1, params->q);
    BN_sub_word(qm1, 1);

    // ... and xb in [0, q-1)
    user->xb = BN_new();
    BN_rand_range(user->xb, qm1);
    // [1, q)
    BN_add_word(user->xb, 1);

    // cleanup
    BN_free(qm1);

    // Show
    printf("x%d", user->p.base);
    showbn("", user->xa);
    printf("x%d", user->p.base + 1);
    showbn("", user->xb);
}
コード例 #3
0
ファイル: dsa_ossl.c プロジェクト: aosm/OpenSSL096
static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
	{
	BN_CTX *ctx;
	BIGNUM k,*kinv=NULL,*r=NULL;
	int ret=0;

	if (!dsa->p || !dsa->q || !dsa->g)
		{
		DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS);
		return 0;
		}
	if (ctx_in == NULL)
		{
		if ((ctx=BN_CTX_new()) == NULL) goto err;
		}
	else
		ctx=ctx_in;

	BN_init(&k);
	if ((r=BN_new()) == NULL) goto err;
	kinv=NULL;

	/* Get random k */
	do
		if (!BN_rand_range(&k, dsa->q)) goto err;
	while (BN_is_zero(&k));

	if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
		{
		if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
			if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
				dsa->p,ctx)) goto err;
		}

	/* Compute r = (g^k mod p) mod q */
	if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
		(BN_MONT_CTX *)dsa->method_mont_p)) goto err;
	if (!BN_mod(r,r,dsa->q,ctx)) goto err;

	/* Compute  part of 's = inv(k) (m + xr) mod q' */
	if ((kinv=BN_mod_inverse(NULL,&k,dsa->q,ctx)) == NULL) goto err;

	if (*kinvp != NULL) BN_clear_free(*kinvp);
	*kinvp=kinv;
	kinv=NULL;
	if (*rp != NULL) BN_clear_free(*rp);
	*rp=r;
	ret=1;
err:
	if (!ret)
		{
		DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB);
		if (kinv != NULL) BN_clear_free(kinv);
		if (r != NULL) BN_clear_free(r);
		}
	if (ctx_in == NULL) BN_CTX_free(ctx);
	if (kinv != NULL) BN_clear_free(kinv);
	BN_clear_free(&k);
	return(ret);
	}
コード例 #4
0
ファイル: gostr341001.c プロジェクト: Heratom/Firefly-project
int
gost2001_keygen(GOST_KEY *ec)
{
	BIGNUM *order = BN_new(), *d = BN_new();
	const EC_GROUP *group = GOST_KEY_get0_group(ec);
	int rc = 0;

	if (order == NULL || d == NULL)
		goto err;
	if (EC_GROUP_get_order(group, order, NULL) == 0)
		goto err;

	do {
		if (BN_rand_range(d, order) == 0) {
			GOSTerr(GOST_F_GOST2001_KEYGEN,
				GOST_R_RANDOM_NUMBER_GENERATOR_FAILED);
			goto err;
		}
	} while (BN_is_zero(d));

	if (GOST_KEY_set_private_key(ec, d) == 0)
		goto err;
	rc = gost2001_compute_public(ec);

err:
	BN_free(d);
	BN_free(order);
	return rc;
}
コード例 #5
0
void PSPAKE_Message_generate(PSPAKE_Message *message, PSPAKE_CTX *ctx)
{
    BIGNUM *t1 = BN_new();
    BIGNUM *t2 = BN_new();

    /* just for debugging */
    static int cnt = 0;
    cnt++;

    /* r belongs to [0, q) */
    BN_rand_range(ctx->r, ctx->q);

    /* t1 = g^r mod q */
    BN_mod_exp(t1, ctx->g, ctx->r, ctx->q, ctx->ctx);

    /* t2 = h^secret mod q */
    BN_mod_exp(t2, ctx->h, ctx->secret, ctx->q, ctx->ctx);

    /* ctx->y = t1 * t2 mod q */
    BN_mod_mul(ctx->y, t1, t2, ctx->q, ctx->ctx);

    /* message->y = ctx->y */
    message->y = BN_dup(ctx->y);

    /* print the random number r generated (just for debugging) */
    if (cnt == 1)
    {
        print_bn("alice's r", ctx->r);
    }
    else
    {
        print_bn("bob's r", ctx->r);
    }
}
コード例 #6
0
ファイル: blinding.c プロジェクト: Wendy1106/Emma
static int bn_blinding_create_param(BN_BLINDING *b, BN_CTX *ctx,
                                    const BN_MONT_CTX *mont_ctx) {
  int retry_counter = 32;

  do {
    if (!BN_rand_range(b->A, b->mod)) {
      OPENSSL_PUT_ERROR(RSA, ERR_R_INTERNAL_ERROR);
      return 0;
    }

    int no_inverse;
    if (BN_mod_inverse_ex(b->Ai, &no_inverse, b->A, b->mod, ctx) == NULL) {
      /* this should almost never happen for good RSA keys */
      if (no_inverse) {
        if (retry_counter-- == 0) {
          OPENSSL_PUT_ERROR(RSA, RSA_R_TOO_MANY_ITERATIONS);
          return 0;
        }
        ERR_clear_error();
      } else {
        OPENSSL_PUT_ERROR(RSA, ERR_R_INTERNAL_ERROR);
        return 0;
      }
    } else {
      break;
    }
  } while (1);

  if (!BN_mod_exp_mont(b->A, b->A, b->e, b->mod, ctx, mont_ctx)) {
    OPENSSL_PUT_ERROR(RSA, ERR_R_INTERNAL_ERROR);
    return 0;
  }

  return 1;
}
コード例 #7
0
ファイル: ec_key.c プロジェクト: Ms2ger/ring
EC_KEY *EC_KEY_generate_key_ex(const EC_GROUP *group) {
  EC_KEY *eckey = ec_key_new_ex(group);
  if (!eckey) {
    return NULL;
  }

  assert(eckey->priv_key == NULL);
  eckey->priv_key = BN_new();
  if (eckey->priv_key == NULL) {
    goto err;
  }

  do {
    if (!BN_rand_range(eckey->priv_key, &eckey->group->order)) {
      goto err;
    }
  } while (BN_is_zero(eckey->priv_key));

  assert(eckey->pub_key == NULL);
  eckey->pub_key = EC_POINT_new(eckey->group);
  if (eckey->pub_key == NULL) {
    goto err;
  }

  if (!eckey->group->meth->mul_private(eckey->group, eckey->pub_key,
                                       eckey->priv_key, NULL, NULL, NULL)) {
    goto err;
  }

  return eckey;

err:
  EC_KEY_free(eckey);
  return NULL;
}
コード例 #8
0
ファイル: mref-o.c プロジェクト: zackw/moeller-ref
/* The secret integers s0 and s1 must be in the range 0 < s < n for
   some n, and must be relatively prime to that n.  We know a priori
   that n is of the form 2**k * p for some small integer k and prime
   p.  Therefore, it suffices to choose a random integer in the range
   [0, n/2), multiply by two and add one (enforcing oddness), and then
   reject values which are divisible by p.  */
static BIGNUM *
random_s(const BIGNUM *n, const BIGNUM *p, BN_CTX *c)
{
  BIGNUM h, m, *r;

  BN_init(&h);
  BN_init(&m);
  FAILZ(r = BN_new());
  FAILZ(BN_copy(&h, n));
  FAILZ(BN_rshift1(&h, &h));

  do {
    FAILZ(BN_rand_range(r, &h));
    FAILZ(BN_lshift1(r, r));
    FAILZ(BN_add(r, r, BN_value_one()));
    FAILZ(BN_nnmod(&m, r, p, c));
  } while (BN_is_zero(&m));

  BN_clear(&h);
  BN_clear(&m);
  return r;

 fail:
  BN_clear(&h);
  BN_clear(&m);
  if (r) BN_clear_free(r);
  return 0;
}
コード例 #9
0
static BN_BLINDING *setup_blinding(RSA *rsa, BN_CTX *ctx)
	{
	const RSA_METHOD *meth;
	BIGNUM *A, *Ai;
	BN_BLINDING *ret = NULL;

	/* added in OpenSSL 0.9.6j and 0.9.7b */

	/* NB: similar code appears in RSA_blinding_on (rsa_lib.c);
	 * this should be placed in a new function of its own, but for reasons
	 * of binary compatibility can't */

	meth = rsa->meth;
	BN_CTX_start(ctx);
	A = BN_CTX_get(ctx);
	if (rsa->d != NULL && rsa->d->d != NULL)
		{
		/* if PRNG is not properly seeded, resort to secret exponent as unpredictable seed */
		if (!BN_pseudo_rand_range(A,rsa->n)) goto err;
		}
	else
		{
		if (!BN_rand_range(A,rsa->n)) goto err;
		}
	if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err;

	if (!meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n))
		goto err;
	ret = BN_BLINDING_new(A,Ai,rsa->n);
	BN_free(Ai);
err:
	BN_CTX_end(ctx);
	return ret;
	}
コード例 #10
0
/*
 * Prove knowledge of x
 * Note that p->gx has already been calculated
 */
static void generate_zkp(JPAKE_STEP_PART *p, const BIGNUM *x,
			 const BIGNUM *zkpg, JPAKE_CTX *ctx)
    {
    BIGNUM *r = BN_new();
    BIGNUM *h = BN_new();
    BIGNUM *t = BN_new();

   /*
    * r in [0,q)
    * XXX: Java chooses r in [0, 2^160) - i.e. distribution not uniform
    */
    BN_rand_range(r, ctx->p.q);
   /* g^r */
    BN_mod_exp(p->zkpx.gr, zkpg, r, ctx->p.p, ctx->ctx);

   /* h=hash... */
    zkp_hash(h, zkpg, p, ctx->p.name);

   /* b = r - x*h */
    BN_mod_mul(t, x, h, ctx->p.q, ctx->ctx);
    BN_mod_sub(p->zkpx.b, r, t, ctx->p.q, ctx->ctx);

   /* cleanup */
    BN_free(t);
    BN_free(h);
    BN_free(r);
    }
コード例 #11
0
ファイル: gost2001.c プロジェクト: 375670450/openssl
/*
 *
 * Generates GOST R 34.10-2001 keypair
 *
 *
 */
int gost2001_keygen(EC_KEY *ec)
{
    BIGNUM *order = BN_new(), *d = BN_new();
    const EC_GROUP *group = EC_KEY_get0_group(ec);

    if (!group || !EC_GROUP_get_order(group, order, NULL)) {
        GOSTerr(GOST_F_GOST2001_KEYGEN, ERR_R_INTERNAL_ERROR);
        BN_free(d);
        BN_free(order);
        return 0;
    }

    do {
        if (!BN_rand_range(d, order)) {
            GOSTerr(GOST_F_GOST2001_KEYGEN,
                    GOST_R_RANDOM_NUMBER_GENERATOR_FAILED);
            BN_free(d);
            BN_free(order);
            return 0;
        }
    }
    while (BN_is_zero(d));

    if (!EC_KEY_set_private_key(ec, d)) {
        GOSTerr(GOST_F_GOST2001_KEYGEN, ERR_R_INTERNAL_ERROR);
        BN_free(d);
        BN_free(order);
        return 0;
    }
    BN_free(d);
    BN_free(order);
    return gost2001_compute_public(ec);
}
コード例 #12
0
ファイル: ec_key.c プロジェクト: GrayKing/Leakfix-on-OpenSSL
int EC_KEY_generate_key(EC_KEY *eckey)
{
    int ok = 0;
    BN_CTX *ctx = NULL;
    BIGNUM *priv_key = NULL, *order = NULL;
    EC_POINT *pub_key = NULL;

    if (!eckey || !eckey->group) {
        ECerr(EC_F_EC_KEY_GENERATE_KEY, ERR_R_PASSED_NULL_PARAMETER);
        return 0;
    }

    if ((order = BN_new()) == NULL)
        goto err;
    if ((ctx = BN_CTX_new()) == NULL)
        goto err;

    if (eckey->priv_key == NULL) {
        priv_key = BN_new();
        if (priv_key == NULL)
            goto err;
    } else
        priv_key = eckey->priv_key;

    if (!EC_GROUP_get_order(eckey->group, order, ctx))
        goto err;

    do
        if (!BN_rand_range(priv_key, order))
            goto err;
    while (BN_is_zero(priv_key)) ;

    if (eckey->pub_key == NULL) {
        pub_key = EC_POINT_new(eckey->group);
        if (pub_key == NULL)
            goto err;
    } else
        pub_key = eckey->pub_key;

    if (!EC_POINT_mul(eckey->group, pub_key, priv_key, NULL, NULL, ctx))
        goto err;

    eckey->priv_key = priv_key;
    eckey->pub_key = pub_key;

    ok = 1;

err:
    if (order)
        BN_free(order);
    if (pub_key != NULL && eckey->pub_key == NULL)
        EC_POINT_free(pub_key);
    if (priv_key != NULL && eckey->priv_key == NULL)
        BN_free(priv_key);
    if (ctx != NULL)
        BN_CTX_free(ctx);
    return (ok);
}
コード例 #13
0
void Person::set_keys() {
  a = BN_new();
  BN_rand_range(a, p);
  A = BN_new();
  BN_CTX *ctx = BN_CTX_new();
  BN_mod_exp(A, g, a, p, ctx);

  if (ctx) BN_CTX_free(ctx);
}
コード例 #14
0
ファイル: dsa_key.c プロジェクト: TheTypoMaster/openssl
static int dsa_builtin_keygen(DSA *dsa)
{
    int ok = 0;
    BN_CTX *ctx = NULL;
    BIGNUM *pub_key = NULL, *priv_key = NULL;

    if ((ctx = BN_CTX_new()) == NULL)
        goto err;

    if (dsa->priv_key == NULL) {
        if ((priv_key = BN_secure_new()) == NULL)
            goto err;
    } else
        priv_key = dsa->priv_key;

    do
        if (!BN_rand_range(priv_key, dsa->q))
            goto err;
    while (BN_is_zero(priv_key)) ;

    if (dsa->pub_key == NULL) {
        if ((pub_key = BN_new()) == NULL)
            goto err;
    } else
        pub_key = dsa->pub_key;

    {
        BIGNUM *local_prk = NULL;
        BIGNUM *prk;

        if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
            local_prk = prk = BN_new();
            if (!local_prk)
                goto err;
            BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
        } else
            prk = priv_key;

        if (!BN_mod_exp(pub_key, dsa->g, prk, dsa->p, ctx)) {
            BN_free(local_prk);
            goto err;
        }
        BN_free(local_prk);
    }

    dsa->priv_key = priv_key;
    dsa->pub_key = pub_key;
    ok = 1;

 err:
    if (pub_key != dsa->pub_key)
        BN_free(pub_key);
    if (priv_key != dsa->priv_key)
        BN_free(priv_key);
    BN_CTX_free(ctx);
    return (ok);
}
コード例 #15
0
ファイル: ecdsa.cpp プロジェクト: a-russo/spreadcoin
CSignerECDSA::CSignerECDSA(const uint8_t PrivData[32], unsigned char Signature[65])
{
    order.setuint256(g_Order);

    EC_KEY* pkey = EC_KEY_new_by_curve_name(NID_secp256k1);
    const EC_GROUP *group = EC_KEY_get0_group(pkey);

    CBigNum privkey;
    BN_bin2bn(PrivData, 32, &privkey);
    EC_KEY_regenerate_key(pkey, &privkey);

    EC_POINT *tmp_point = EC_POINT_new(group);
    EC_POINT *test_point = EC_POINT_new(group);

    CBigNum r, X, Y;
    bool which = false;
    do
    {
        // get random k
        do
            BN_rand_range(&kinv, &order);
        while (!kinv);

        /* We do not want timing information to leak the length of k,
         * so we compute G*k using an equivalent scalar of fixed
         * bit-length. */
        kinv += order;
        if (BN_num_bits(&kinv) <= 256)
            kinv += order;

        // compute r the x-coordinate of generator * k
        EC_POINT_mul(group, tmp_point, &kinv, NULL, NULL, ctx);
        EC_POINT_get_affine_coordinates_GFp(group, tmp_point, &X, &Y, ctx);
        EC_POINT_set_compressed_coordinates_GFp(group, test_point, &X, 0, ctx);
        which = !!EC_POINT_cmp(group, tmp_point, test_point, ctx);
        BN_nnmod(&r, &X, &order, ctx);
    }
    while (!r);

    // compute the inverse of k
    BN_mod_inverse(&kinv, &kinv, &order, ctx);

    BN_mod_mul(&pmr, &privkey, &r, &order, ctx);

    BN_mod_mul(&prk, &pmr, &kinv, &order, ctx);

    memset(Signature, 0, 65);
    int nBitsR = BN_num_bits(&r);
    BN_bn2bin(&r, &Signature[33-(nBitsR+7)/8]);
    Signature[0] = 27 + which;

    EC_POINT_free(tmp_point);
    EC_POINT_free(test_point);
    EC_KEY_free(pkey);
}
コード例 #16
0
/* Generate each party's random numbers. xa is in [0, q), xb is in [1, q). */
static void genrand(JPAKE_CTX *ctx)
    {
    BIGNUM *qm1;

   /* xa in [0, q) */
    BN_rand_range(ctx->xa, ctx->p.q);

   /* q-1 */
    qm1 = BN_new();
    BN_copy(qm1, ctx->p.q);
    BN_sub_word(qm1, 1);

   /* ... and xb in [0, q-1) */
    BN_rand_range(ctx->xb, qm1);
   /* [1, q) */
    BN_add_word(ctx->xb, 1);

   /* cleanup */
    BN_free(qm1);
    }
コード例 #17
0
/**
 *  eccx08_generate_key()
 *
 * \brief Generates a 32-byte private key then replaces it with token
 *  data using the eccx08_eckey_encode_in_privkey() call
 *
 * \param[out] p_eckey Pointer to EC_KEY with Public Key on success
 * \param[in] serial_number 9 bytes of ATECCX08 serial number
 * \param[in] serial_len Size of the ATECCX08 serial number buffer
 * \return 1 on success, 0 on error
 */
int eccx08_generate_key(EC_KEY *eckey, uint8_t *serial_number, int serial_len)
{
    int ok = 0;
    int ret = 0;
    BN_CTX *ctx = NULL;
    BIGNUM *priv_key = NULL, *order = NULL;
    EC_POINT *pub_key = NULL;

    uint8_t slotid = TLS_SLOT_AUTH_PRIV;

    if (!eckey || !eckey->group) {
        ECerr(EC_F_EC_KEY_GENERATE_KEY, ERR_R_PASSED_NULL_PARAMETER);
        return 0;
    }

    if ((order = BN_new()) == NULL) goto err;
    if ((ctx = BN_CTX_new()) == NULL) goto err;

    if (eckey->priv_key == NULL) {
        priv_key = BN_new();
        if (priv_key == NULL) goto err;
    } else {
        priv_key = eckey->priv_key;
    }

    eckey->priv_key = priv_key;

    if (!EC_GROUP_get_order(eckey->group, order, ctx)) goto err;

    do if (!BN_rand_range(priv_key, order)) goto err;
    while (BN_is_zero(priv_key));

    ret = eccx08_eckey_encode_in_privkey(eckey, slotid, serial_number, ATCA_SERIAL_NUM_SIZE);
    if (!ret) goto err;

    if (eckey->pub_key == NULL) {
        pub_key = EC_POINT_new(eckey->group);
        if (pub_key == NULL) goto err;
    } else pub_key = eckey->pub_key;

    if (!EC_POINT_mul(eckey->group, pub_key, priv_key, NULL, NULL, ctx)) goto err;

    eckey->pub_key = pub_key;

    ok = 1;

err:
    if (order) BN_free(order);
    if (pub_key != NULL && eckey->pub_key == NULL) EC_POINT_free(pub_key);
    if (priv_key != NULL && eckey->priv_key == NULL) BN_free(priv_key);
    if (ctx != NULL) BN_CTX_free(ctx);
    return (ok);
}
コード例 #18
0
ファイル: credlib.c プロジェクト: stef/credlib
int CREDLIB_rand_range( BIGNUM* rnd, int Zps, BIGNUM* p ) {
    EXCEPTION;

    if ( !p || !rnd ) { THROW( CREDLIB_NULL_PTR ); }
 again:
    if ( !BN_rand_range( rnd, p ) ) { THROW( CREDLIB_RND_NOT_SEEDED ); }
    if ( Zps && BN_is_zero( rnd ) ) { goto again; } /* Zp* */
    /* Zp* means must not be 0 */
    
 cleanup:
    return ret;
}
コード例 #19
0
ファイル: gost_sign.c プロジェクト: 274914765/C
/*
 * Computes signature and returns it as DSA_SIG structure
 */
DSA_SIG *gost_do_sign (const unsigned char *dgst, int dlen, DSA * dsa)
{
    BIGNUM *k = NULL, *tmp = NULL, *tmp2 = NULL;

    DSA_SIG *newsig = DSA_SIG_new ();

    BIGNUM *md = hashsum2bn (dgst);

    /* check if H(M) mod q is zero */
    BN_CTX *ctx = BN_CTX_new ();

    BN_CTX_start (ctx);
    if (!newsig)
    {
        GOSTerr (GOST_F_GOST_DO_SIGN, GOST_R_NO_MEMORY);
        goto err;
    }
    tmp = BN_CTX_get (ctx);
    k = BN_CTX_get (ctx);
    tmp2 = BN_CTX_get (ctx);
    BN_mod (tmp, md, dsa->q, ctx);
    if (BN_is_zero (tmp))
    {
        BN_one (md);
    }
    do
    {
        do
        {
            /*Generate random number k less than q */
            BN_rand_range (k, dsa->q);
            /* generate r = (a^x mod p) mod q */
            BN_mod_exp (tmp, dsa->g, k, dsa->p, ctx);
            if (!(newsig->r))
                newsig->r = BN_new ();
            BN_mod (newsig->r, tmp, dsa->q, ctx);
        }
        while (BN_is_zero (newsig->r));
        /* generate s = (xr + k(Hm)) mod q */
        BN_mod_mul (tmp, dsa->priv_key, newsig->r, dsa->q, ctx);
        BN_mod_mul (tmp2, k, md, dsa->q, ctx);
        if (!newsig->s)
            newsig->s = BN_new ();
        BN_mod_add (newsig->s, tmp, tmp2, dsa->q, ctx);
    }
    while (BN_is_zero (newsig->s));
  err:
    BN_free (md);
    BN_CTX_end (ctx);
    BN_CTX_free (ctx);
    return newsig;
}
コード例 #20
0
int compute_scalar_element(REQUEST *request, pwd_session_t *session, BN_CTX *bn_ctx)
{
	BIGNUM *mask = NULL;
	int ret = -1;

	MEM(session->private_value = BN_new());
	MEM(session->my_element = EC_POINT_new(session->group));
	MEM(session->my_scalar = BN_new());

	MEM(mask = BN_new());

	if (BN_rand_range(session->private_value, session->order) != 1) {
		REDEBUG("Unable to get randomness for private_value");
		goto error;
	}
	if (BN_rand_range(mask, session->order) != 1) {
		REDEBUG("Unable to get randomness for mask");
		goto error;
	}
	BN_add(session->my_scalar, session->private_value, mask);
	BN_mod(session->my_scalar, session->my_scalar, session->order, bn_ctx);

	if (!EC_POINT_mul(session->group, session->my_element, NULL, session->pwe, mask, bn_ctx)) {
		REDEBUG("Server element allocation failed");
		goto error;
	}

	if (!EC_POINT_invert(session->group, session->my_element, bn_ctx)) {
		REDEBUG("Server element inversion failed");
		goto error;
	}

	ret = 0;

error:
	BN_clear_free(mask);

	return ret;
}
コード例 #21
0
static int generate_key(DH *dh)
	{
	int ok=0;
	BN_CTX ctx;
	BN_MONT_CTX *mont;
	BIGNUM *pub_key=NULL,*priv_key=NULL;

	BN_CTX_init(&ctx);

	if (dh->priv_key == NULL)
		{
		priv_key=BN_new();
		if (priv_key == NULL) goto err;
		do
			if (!BN_rand_range(priv_key, dh->p)) goto err;
		while (BN_is_zero(priv_key));
		}
	else
		priv_key=dh->priv_key;

	if (dh->pub_key == NULL)
		{
		pub_key=BN_new();
		if (pub_key == NULL) goto err;
		}
	else
		pub_key=dh->pub_key;

	if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P))
		{
		if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
			if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p,
				dh->p,&ctx)) goto err;
		}
	mont=(BN_MONT_CTX *)dh->method_mont_p;

	if (!dh->meth->bn_mod_exp(dh, pub_key,dh->g,priv_key,dh->p,&ctx,mont))
								goto err;
		
	dh->pub_key=pub_key;
	dh->priv_key=priv_key;
	ok=1;
err:
	if (ok != 1)
		DHerr(DH_F_DH_GENERATE_KEY,ERR_R_BN_LIB);

	if ((pub_key != NULL)  && (dh->pub_key == NULL))  BN_free(pub_key);
	if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key);
	BN_CTX_free(&ctx);
	return(ok);
	}
コード例 #22
0
ファイル: ec_key.c プロジェクト: AndreV84/openssl
int ossl_ec_key_gen(EC_KEY *eckey)
{
    int ok = 0;
    BN_CTX *ctx = NULL;
    BIGNUM *priv_key = NULL, *order = NULL;
    EC_POINT *pub_key = NULL;

    if ((order = BN_new()) == NULL)
        goto err;
    if ((ctx = BN_CTX_new()) == NULL)
        goto err;

    if (eckey->priv_key == NULL) {
        priv_key = BN_new();
        if (priv_key == NULL)
            goto err;
    } else
        priv_key = eckey->priv_key;

    if (!EC_GROUP_get_order(eckey->group, order, ctx))
        goto err;

    do
        if (!BN_rand_range(priv_key, order))
            goto err;
    while (BN_is_zero(priv_key)) ;

    if (eckey->pub_key == NULL) {
        pub_key = EC_POINT_new(eckey->group);
        if (pub_key == NULL)
            goto err;
    } else
        pub_key = eckey->pub_key;

    if (!EC_POINT_mul(eckey->group, pub_key, priv_key, NULL, NULL, ctx))
        goto err;

    eckey->priv_key = priv_key;
    eckey->pub_key = pub_key;

    ok = 1;

 err:
    BN_free(order);
    if (eckey->pub_key == NULL)
        EC_POINT_free(pub_key);
    if (eckey->priv_key != priv_key)
        BN_free(priv_key);
    BN_CTX_free(ctx);
    return (ok);
}
コード例 #23
0
ファイル: schnorr.c プロジェクト: CTSRD-SOAAP/openssh
static void
schnorr_selftest(void)
{
	BIGNUM *x;
	struct modp_group *grp;
	u_int i;
	char *hh;

	grp = jpake_default_group();
	if ((x = BN_new()) == NULL)
		fatal("%s: BN_new", __func__);
	SCHNORR_DEBUG_BN((grp->p, "%s: grp->p = ", __func__));
	SCHNORR_DEBUG_BN((grp->q, "%s: grp->q = ", __func__));
	SCHNORR_DEBUG_BN((grp->g, "%s: grp->g = ", __func__));

	/* [1, 20) */
	for (i = 1; i < 20; i++) {
		printf("x = %u\n", i);
		fflush(stdout);
		if (BN_set_word(x, i) != 1)
			fatal("%s: set x word", __func__);
		schnorr_selftest_one(grp->p, grp->q, grp->g, x);
	}

	/* 100 x random [0, p) */
	for (i = 0; i < 100; i++) {
		if (BN_rand_range(x, grp->p) != 1)
			fatal("%s: BN_rand_range", __func__);
		hh = BN_bn2hex(x);
		printf("x = (random) 0x%s\n", hh);
		free(hh);
		fflush(stdout);
		schnorr_selftest_one(grp->p, grp->q, grp->g, x);
	}

	/* [q-20, q) */
	if (BN_set_word(x, 20) != 1)
		fatal("%s: BN_set_word (x = 20)", __func__);
	if (BN_sub(x, grp->q, x) != 1)
		fatal("%s: BN_sub (q - x)", __func__);
	for (i = 0; i < 19; i++) {
		hh = BN_bn2hex(x);
		printf("x = (q - %d) 0x%s\n", 20 - i, hh);
		free(hh);
		fflush(stdout);
		schnorr_selftest_one(grp->p, grp->q, grp->g, x);
		if (BN_add(x, x, BN_value_one()) != 1)
			fatal("%s: BN_add (x + 1)", __func__);
	}
	BN_free(x);
}
コード例 #24
0
int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)
	{
	BIGNUM *A,*Ai = NULL;
	BN_CTX *ctx;
	int ret=0;

	if (p_ctx == NULL)
		{
		if ((ctx=BN_CTX_new()) == NULL) goto err;
		}
	else
		ctx=p_ctx;

	/* XXXXX: Shouldn't this be RSA_blinding_off(rsa)? */
	if (rsa->blinding != NULL)
		{
		BN_BLINDING_free(rsa->blinding);
		rsa->blinding = NULL;
		}

	/* NB: similar code appears in setup_blinding (rsa_eay.c);
	 * this should be placed in a new function of its own, but for reasons
	 * of binary compatibility can't */

	BN_CTX_start(ctx);
	A = BN_CTX_get(ctx);
	if (rsa->d != NULL && rsa->d->d != NULL)
		{
		if (!BN_pseudo_rand_range(A,rsa->n)) goto err;
		}
	else
		{
		if (!BN_rand_range(A,rsa->n)) goto err;
		}
	if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err;

	if (!rsa->meth->bn_mod_exp(A,A,
		rsa->e,rsa->n,ctx,rsa->_method_mod_n))
	    goto err;
	if ((rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n)) == NULL) goto err;
	/* to make things thread-safe without excessive locking,
	 * rsa->blinding will be used just by the current thread: */
	rsa->flags |= RSA_FLAG_BLINDING;
	rsa->flags &= ~RSA_FLAG_NO_BLINDING;
	ret=1;
err:
	if (Ai != NULL) BN_free(Ai);
	BN_CTX_end(ctx);
	if (ctx != p_ctx) BN_CTX_free(ctx);
	return(ret);
	}
コード例 #25
0
ファイル: ec_key.c プロジェクト: PeterMosmans/openssl
int ec_key_simple_generate_key(EC_KEY *eckey)
{
    int ok = 0;
    BN_CTX *ctx = NULL;
    BIGNUM *priv_key = NULL;
    const BIGNUM *order = NULL;
    EC_POINT *pub_key = NULL;

    if ((ctx = BN_CTX_new()) == NULL)
        goto err;

    if (eckey->priv_key == NULL) {
        priv_key = BN_new();
        if (priv_key == NULL)
            goto err;
    } else
        priv_key = eckey->priv_key;

    order = EC_GROUP_get0_order(eckey->group);
    if (order == NULL)
        goto err;

    do
        if (!BN_rand_range(priv_key, order))
            goto err;
    while (BN_is_zero(priv_key)) ;

    if (eckey->pub_key == NULL) {
        pub_key = EC_POINT_new(eckey->group);
        if (pub_key == NULL)
            goto err;
    } else
        pub_key = eckey->pub_key;

    if (!EC_POINT_mul(eckey->group, pub_key, priv_key, NULL, NULL, ctx))
        goto err;

    eckey->priv_key = priv_key;
    eckey->pub_key = pub_key;

    ok = 1;

 err:
    if (eckey->pub_key == NULL)
        EC_POINT_free(pub_key);
    if (eckey->priv_key != priv_key)
        BN_free(priv_key);
    BN_CTX_free(ctx);
    return ok;
}
コード例 #26
0
pseudonym *polypseud_randomize(const polypseud_ctx *ctx, pseudonym *pseud) {
    BIGNUM *l = BN_new();
    if(BN_rand_range(l, ctx->p) == 0)
        return NULL;
    EC_POINT *t = EC_POINT_new(ctx->ec_group);
    EC_POINT_mul(ctx->ec_group, t, NULL, ctx->g, l, ctx->bn_ctx);
    EC_POINT_add(ctx->ec_group, pseud->a, pseud->a, t, ctx->bn_ctx);

    EC_POINT_mul(ctx->ec_group, t, NULL, pseud->c, l, ctx->bn_ctx);
    EC_POINT_add(ctx->ec_group, pseud->b, pseud->b, t, ctx->bn_ctx);
    
    EC_POINT_free(t);
    return pseud;
}
コード例 #27
0
ファイル: bn_prime.c プロジェクト: Castaglia/openssl
int bn_probable_prime_dh_coprime(BIGNUM *rnd, int bits, BN_CTX *ctx)
{
    int i;
    BIGNUM *offset_index;
    BIGNUM *offset_count;
    int ret = 0;

    OPENSSL_assert(bits > prime_multiplier_bits);

    BN_CTX_start(ctx);
    if ((offset_index = BN_CTX_get(ctx)) == NULL)
        goto err;
    if ((offset_count = BN_CTX_get(ctx)) == NULL)
        goto err;

    if (!BN_add_word(offset_count, prime_offset_count))
        goto err;

 loop:
    if (!BN_rand(rnd, bits - prime_multiplier_bits,
                 BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD))
        goto err;
    if (BN_is_bit_set(rnd, bits))
        goto loop;
    if (!BN_rand_range(offset_index, offset_count))
        goto err;

    if (!BN_mul_word(rnd, prime_multiplier)
        || !BN_add_word(rnd, prime_offsets[BN_get_word(offset_index)]))
        goto err;

    /* we now have a random number 'rand' to test. */

    /* skip coprimes */
    for (i = first_prime_index; i < NUMPRIMES; i++) {
        /* check that rnd is a prime */
        BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]);
        if (mod == (BN_ULONG)-1)
            goto err;
        if (mod <= 1)
            goto loop;
    }
    ret = 1;

 err:
    BN_CTX_end(ctx);
    bn_check_top(rnd);
    return ret;
}
コード例 #28
0
ファイル: ssl_ecdh.c プロジェクト: chjp2046/boringssl
static int ssl_ec_point_offer(SSL_ECDH_CTX *ctx, CBB *out) {
  assert(ctx->data == NULL);
  BIGNUM *private_key = BN_new();
  if (private_key == NULL) {
    return 0;
  }
  ctx->data = private_key;

  /* Set up a shared |BN_CTX| for all operations. */
  BN_CTX *bn_ctx = BN_CTX_new();
  if (bn_ctx == NULL) {
    return 0;
  }
  BN_CTX_start(bn_ctx);

  int ret = 0;
  EC_POINT *public_key = NULL;
  EC_GROUP *group = EC_GROUP_new_by_curve_name(ctx->method->nid);
  if (group == NULL) {
    goto err;
  }

  /* Generate a private key. */
  const BIGNUM *order = EC_GROUP_get0_order(group);
  do {
    if (!BN_rand_range(private_key, order)) {
      goto err;
    }
  } while (BN_is_zero(private_key));

  /* Compute the corresponding public key and serialize it. */
  public_key = EC_POINT_new(group);
  if (public_key == NULL ||
      !EC_POINT_mul(group, public_key, private_key, NULL, NULL, bn_ctx) ||
      !EC_POINT_point2cbb(out, group, public_key, POINT_CONVERSION_UNCOMPRESSED,
                          bn_ctx)) {
    goto err;
  }

  ret = 1;

err:
  EC_GROUP_free(group);
  EC_POINT_free(public_key);
  BN_CTX_end(bn_ctx);
  BN_CTX_free(bn_ctx);
  return ret;
}
コード例 #29
0
ファイル: mref-o.c プロジェクト: zackw/moeller-ref
int
MKEM_generate_message(const MKEM *kp, uint8_t *secret, uint8_t *message)
{
  BIGNUM u;
  uint8_t pad;
  int rv = -1;
  BN_init(&u);
  if (BN_rand_range(&u, kp->params->maxu) &&
      BN_add(&u, &u, BN_value_one()) &&
      RAND_bytes(&pad, 1) &&
      !MKEM_generate_message_u(kp, &u, pad, secret, message))
    rv = 0;

  BN_clear(&u);
  return rv;
}
コード例 #30
0
ファイル: blinding.c プロジェクト: Ms2ger/ring
static int bn_blinding_create_param(BN_BLINDING *b, const RSA *rsa, BN_CTX *ctx) {
  int retry_counter = 32;

  do {
    if (!BN_rand_range(b->A, rsa->n)) {
      OPENSSL_PUT_ERROR(RSA, ERR_R_INTERNAL_ERROR);
      return 0;
    }

    /* `BN_from_montgomery` + `BN_mod_inverse_no_branch` is equivalent to, but
     * more efficient than, `BN_mod_inverse_no_branch` + `BN_to_montgomery`. */

    if (!BN_from_montgomery(b->Ai, b->A, rsa->mont_n, ctx)) {
      return 0;
    }

    assert(BN_get_flags(b->A, BN_FLG_CONSTTIME));
    int no_inverse;
    if (BN_mod_inverse_no_branch(b->Ai, &no_inverse, b->Ai, rsa->n, ctx) ==
        NULL) {
      /* this should almost never happen for good RSA keys */
      if (no_inverse) {
        if (retry_counter-- == 0) {
          OPENSSL_PUT_ERROR(RSA, RSA_R_TOO_MANY_ITERATIONS);
          return 0;
        }
        ERR_clear_error();
      } else {
        OPENSSL_PUT_ERROR(RSA, ERR_R_INTERNAL_ERROR);
        return 0;
      }
    } else {
      break;
    }
  } while (1);

  if (!BN_mod_exp_mont(b->A, b->A, rsa->e, rsa->n, ctx, rsa->mont_n)) {
    OPENSSL_PUT_ERROR(RSA, ERR_R_INTERNAL_ERROR);
    return 0;
  }

  if (!BN_to_montgomery(b->A, b->A, rsa->mont_n, ctx)) {
    OPENSSL_PUT_ERROR(RSA, ERR_R_INTERNAL_ERROR);
    return 0;
  }
  return 1;
}