示例#1
0
文件: cpk_lib.c 项目: LiTianjue/GmSSL
static int extract_dsa_params(CPK_MASTER_SECRET *master, CPK_PUBLIC_PARAMS *param)
{
	int ret = 0;
	DSA *dsa = NULL;
	BIGNUM *pri = BN_new();
	BIGNUM *pub = BN_new();
	BN_CTX *ctx = BN_CTX_new();
	int i, pri_size, pub_size, num_factors;
	const unsigned char *pri_ptr;
	unsigned char *pub_ptr;
	
	if (!pri || !pub || !ctx) {
		goto err;
	}
	
	if (!(dsa = (DSA *)X509_ALGOR_get1_DSA(master->pkey_algor))) {
		goto err;
	}
	pri_size = BN_num_bytes(dsa->q);
	pub_size = BN_num_bytes(dsa->p);
	
	if ((num_factors = CPK_MAP_num_factors(master->map_algor)) <= 0) {
		goto err;
	}
	if (M_ASN1_STRING_length(master->secret_factors) != pri_size * num_factors) {
		goto err;
	}
	
	ASN1_STRING_free(param->public_factors);
	if (!ASN1_STRING_set(param->public_factors, NULL, pub_size * num_factors)) {
		goto err;
	}
	
	pri_ptr = M_ASN1_STRING_data(master->secret_factors);
	pub_ptr = M_ASN1_STRING_data(param->public_factors);
	memset(pub_ptr, 0, M_ASN1_STRING_length(param->public_factors));
	
	for (i = 0; i < num_factors; i++) {
	
		if (!BN_bin2bn(pri_ptr, pri_size, pri)) {
			goto err;
		}
		if (BN_is_zero(pri) || BN_cmp(pri, dsa->q) >= 0) {
			goto err;
		}
		
		if (!BN_mod_exp(pub, dsa->g, pri, dsa->p, ctx)) {
			goto err;
		}
		if (!BN_bn2bin(pub, pub_ptr + pub_size - BN_num_bytes(pub))) {
			goto err;
		}
		
		pri_ptr += pri_size;
		pub_ptr += pub_size;
	}
	
	ret = 1;
err:	
	if (dsa) DSA_free(dsa);
	if (pri) BN_free(pri);
	if (pub) BN_free(pub);
	if (ctx) BN_CTX_free(ctx);
	return ret;
}
示例#2
0
static EVP_PKEY* sureware_load_public(ENGINE *e,const char *key_id,char *hptr,unsigned long el,char keytype)
{
	EVP_PKEY *res = NULL;
#ifndef OPENSSL_NO_RSA
	RSA *rsatmp = NULL;
#endif
#ifndef OPENSSL_NO_DSA
	DSA *dsatmp=NULL;
#endif
	char msg[64]="sureware_load_public";
	int ret=0;
	if(!p_surewarehk_Load_Rsa_Pubkey || !p_surewarehk_Load_Dsa_Pubkey)
	{
		SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,ENGINE_R_NOT_INITIALISED);
		goto err;
	}
	switch (keytype)
	{
#ifndef OPENSSL_NO_RSA
	case 1: /*RSA*/
		/* set private external reference */
		rsatmp = RSA_new_method(e);
		RSA_set_ex_data(rsatmp,rsaHndidx,hptr);
		rsatmp->flags |= RSA_FLAG_EXT_PKEY;

		/* set public big nums*/
		rsatmp->e = BN_new();
		rsatmp->n = BN_new();
		bn_expand2(rsatmp->e, el/sizeof(BN_ULONG));
		bn_expand2(rsatmp->n, el/sizeof(BN_ULONG));
		if (!rsatmp->e || rsatmp->e->dmax!=(int)(el/sizeof(BN_ULONG))|| 
			!rsatmp->n || rsatmp->n->dmax!=(int)(el/sizeof(BN_ULONG)))
			goto err;
		ret=p_surewarehk_Load_Rsa_Pubkey(msg,key_id,el,
						 (unsigned long *)rsatmp->n->d,
						 (unsigned long *)rsatmp->e->d);
		surewarehk_error_handling(msg,SUREWARE_F_SUREWARE_LOAD_PUBLIC,ret);
		if (ret!=1)
		{
			SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
			goto err;
		}
		/* normalise pub e and pub n */
		rsatmp->e->top=el/sizeof(BN_ULONG);
		bn_fix_top(rsatmp->e);
		rsatmp->n->top=el/sizeof(BN_ULONG);
		bn_fix_top(rsatmp->n);
		/* create an EVP object: engine + rsa key */
		res = EVP_PKEY_new();
		EVP_PKEY_assign_RSA(res, rsatmp);
		break;
#endif

#ifndef OPENSSL_NO_DSA
	case 2:/*DSA*/
		/* set private/public external reference */
		dsatmp = DSA_new_method(e);
		DSA_set_ex_data(dsatmp,dsaHndidx,hptr);
		/*dsatmp->flags |= DSA_FLAG_EXT_PKEY;*/

		/* set public key*/
		dsatmp->pub_key = BN_new();
		dsatmp->p = BN_new();
		dsatmp->q = BN_new();
		dsatmp->g = BN_new();
		bn_expand2(dsatmp->pub_key, el/sizeof(BN_ULONG));
		bn_expand2(dsatmp->p, el/sizeof(BN_ULONG));
		bn_expand2(dsatmp->q, 20/sizeof(BN_ULONG));
		bn_expand2(dsatmp->g, el/sizeof(BN_ULONG));
		if (!dsatmp->pub_key || dsatmp->pub_key->dmax!=(int)(el/sizeof(BN_ULONG))|| 
			!dsatmp->p || dsatmp->p->dmax!=(int)(el/sizeof(BN_ULONG)) ||
			!dsatmp->q || dsatmp->q->dmax!=20/sizeof(BN_ULONG) ||
			!dsatmp->g || dsatmp->g->dmax!=(int)(el/sizeof(BN_ULONG)))
			goto err;

		ret=p_surewarehk_Load_Dsa_Pubkey(msg,key_id,el,
						 (unsigned long *)dsatmp->pub_key->d, 
						 (unsigned long *)dsatmp->p->d,
						 (unsigned long *)dsatmp->q->d,
						 (unsigned long *)dsatmp->g->d);
		surewarehk_error_handling(msg,SUREWARE_F_SUREWARE_LOAD_PUBLIC,ret);
		if (ret!=1)
		{
			SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
			goto err;
		}
		/* set parameters */
		/* normalise pubkey and parameters in case of */
		dsatmp->pub_key->top=el/sizeof(BN_ULONG);
		bn_fix_top(dsatmp->pub_key);
		dsatmp->p->top=el/sizeof(BN_ULONG);
		bn_fix_top(dsatmp->p);
		dsatmp->q->top=20/sizeof(BN_ULONG);
		bn_fix_top(dsatmp->q);
		dsatmp->g->top=el/sizeof(BN_ULONG);
		bn_fix_top(dsatmp->g);

		/* create an EVP object: engine + rsa key */
		res = EVP_PKEY_new();
		EVP_PKEY_assign_DSA(res, dsatmp);
		break;
#endif

	default:
		SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
		goto err;
	}
	return res;
 err:
#ifndef OPENSSL_NO_RSA
	if (rsatmp)
		RSA_free(rsatmp);
#endif
#ifndef OPENSSL_NO_DSA
	if (dsatmp)
		DSA_free(dsatmp);
#endif
	return NULL;
}
int
__ops_elgamal_public_encrypt(uint8_t *g_to_k, uint8_t *encm,
			const uint8_t *in,
			size_t size,
			const __ops_elgamal_pubkey_t *pubkey)
{
	int	ret = 0;
	int	k_bits;
	BIGNUM	   *m;
	BIGNUM	   *p;
	BIGNUM	   *g;
	BIGNUM	   *y;
	BIGNUM	   *k;
	BIGNUM	   *yk;
	BIGNUM	   *c1;
	BIGNUM	   *c2;
	BN_CTX	   *tmp;

	m = BN_bin2bn(in, (int)size, NULL);
	p = pubkey->p;
	g = pubkey->g;
	y = pubkey->y;
	k = BN_new();
	yk = BN_new();
	c1 = BN_new();
	c2 = BN_new();
	tmp = BN_CTX_new();
	if (!m || !p || !g || !y || !k || !yk || !c1 || !c2 || !tmp) {
		goto done;
	}
	/*
	 * generate k
	 */
	k_bits = decide_k_bits(BN_num_bits(p));
	if (!BN_rand(k, k_bits, 0, 0)) {
		goto done;
	}
	/*
	 * c1 = g^k c2 = m * y^k
	 */
	if (!BN_mod_exp(c1, g, k, p, tmp)) {
		goto done;
	}
	if (!BN_mod_exp(yk, y, k, p, tmp)) {
		goto done;
	}
	if (!BN_mod_mul(c2, m, yk, p, tmp)) {
		goto done;
	}
	/* result */
	BN_bn2bin(c1, g_to_k);
	ret = BN_num_bytes(c1);	/* c1 = g^k */
	BN_bn2bin(c2, encm);
	ret += BN_num_bytes(c2); /* c2 = m * y^k */
done:
	if (tmp) {
		BN_CTX_free(tmp);
	}
	if (c2) {
		BN_clear_free(c2);
	}
	if (c1) {
		BN_clear_free(c1);
	}
	if (yk) {
		BN_clear_free(yk);
	}
	if (k) {
		BN_clear_free(k);
	}
	if (g) {
		BN_clear_free(g);
	}
	return ret;
}
示例#4
0
文件: ecdsa_ossl.c 项目: tcmx/openssl
static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in,
                            BIGNUM **kinvp, BIGNUM **rp,
                            const unsigned char *dgst, int dlen)
{
    BN_CTX *ctx = NULL;
    BIGNUM *k = NULL, *r = NULL, *X = NULL;
    const BIGNUM *order;
    EC_POINT *tmp_point = NULL;
    const EC_GROUP *group;
    int ret = 0;
    int order_bits;

    if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) {
        ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER);
        return 0;
    }

    if (!EC_KEY_can_sign(eckey)) {
        ECerr(EC_F_ECDSA_SIGN_SETUP, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);
        return 0;
    }

    if (ctx_in == NULL) {
        if ((ctx = BN_CTX_new()) == NULL) {
            ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE);
            return 0;
        }
    } else
        ctx = ctx_in;

    k = BN_new();               /* this value is later returned in *kinvp */
    r = BN_new();               /* this value is later returned in *rp */
    X = BN_new();
    if (k == NULL || r == NULL || X == NULL) {
        ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE);
        goto err;
    }
    if ((tmp_point = EC_POINT_new(group)) == NULL) {
        ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
        goto err;
    }
    order = EC_GROUP_get0_order(group);
    if (order == NULL) {
        ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
        goto err;
    }

    /* Preallocate space */
    order_bits = BN_num_bits(order);
    if (!BN_set_bit(k, order_bits)
        || !BN_set_bit(r, order_bits)
        || !BN_set_bit(X, order_bits))
        goto err;

    do {
        /* get random k */
        do
            if (dgst != NULL) {
                if (!BN_generate_dsa_nonce
                    (k, order, EC_KEY_get0_private_key(eckey), dgst, dlen,
                     ctx)) {
                    ECerr(EC_F_ECDSA_SIGN_SETUP,
                             EC_R_RANDOM_NUMBER_GENERATION_FAILED);
                    goto err;
                }
            } else {
                if (!BN_priv_rand_range(k, order)) {
                    ECerr(EC_F_ECDSA_SIGN_SETUP,
                             EC_R_RANDOM_NUMBER_GENERATION_FAILED);
                    goto err;
                }
            }
        while (BN_is_zero(k));

        /* compute r the x-coordinate of generator * k */
        if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) {
            ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
            goto err;
        }
        if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
            NID_X9_62_prime_field) {
            if (!EC_POINT_get_affine_coordinates_GFp
                (group, tmp_point, X, NULL, ctx)) {
                ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
                goto err;
            }
        }
#ifndef OPENSSL_NO_EC2M
        else {                  /* NID_X9_62_characteristic_two_field */

            if (!EC_POINT_get_affine_coordinates_GF2m(group,
                                                      tmp_point, X, NULL,
                                                      ctx)) {
                ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
                goto err;
            }
        }
#endif
        if (!BN_nnmod(r, X, order, ctx)) {
            ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
            goto err;
        }
    }
    while (BN_is_zero(r));

    /* Check if optimized inverse is implemented */
    if (EC_GROUP_do_inverse_ord(group, k, k, ctx) == 0) {
        /* compute the inverse of k */
        if (group->mont_data != NULL) {
            /*
             * We want inverse in constant time, therefore we utilize the fact
             * order must be prime and use Fermats Little Theorem instead.
             */
            if (!BN_set_word(X, 2)) {
                ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
                goto err;
            }
            if (!BN_mod_sub(X, order, X, order, ctx)) {
                ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
                goto err;
            }
            BN_set_flags(X, BN_FLG_CONSTTIME);
            if (!BN_mod_exp_mont_consttime(k, k, X, order, ctx,
                                           group->mont_data)) {
                ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
                goto err;
            }
        } else {
            if (!BN_mod_inverse(k, k, order, ctx)) {
                ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
                goto err;
            }
        }
    }

    /* clear old values if necessary */
    BN_clear_free(*rp);
    BN_clear_free(*kinvp);
    /* save the pre-computed values  */
    *rp = r;
    *kinvp = k;
    ret = 1;
 err:
    if (!ret) {
        BN_clear_free(k);
        BN_clear_free(r);
    }
    if (ctx != ctx_in)
        BN_CTX_free(ctx);
    EC_POINT_free(tmp_point);
    BN_clear_free(X);
    return ret;
}
示例#5
0
文件: bn_gcd.c 项目: 12019/svn.gov.pt
/* solves ax == 1 (mod n) */
BIGNUM *BN_mod_inverse(BIGNUM *in,
	const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
	{
	BIGNUM *A,*B,*X,*Y,*M,*D,*T,*R=NULL;
	BIGNUM *ret=NULL;
	int sign;

	bn_check_top(a);
	bn_check_top(n);

	BN_CTX_start(ctx);
	A = BN_CTX_get(ctx);
	B = BN_CTX_get(ctx);
	X = BN_CTX_get(ctx);
	D = BN_CTX_get(ctx);
	M = BN_CTX_get(ctx);
	Y = BN_CTX_get(ctx);
	T = BN_CTX_get(ctx);
	if (T == NULL) goto err;

	if (in == NULL)
		R=BN_new();
	else
		R=in;
	if (R == NULL) goto err;

	BN_one(X);
	BN_zero(Y);
	if (BN_copy(B,a) == NULL) goto err;
	if (BN_copy(A,n) == NULL) goto err;
	A->neg = 0;
	if (B->neg || (BN_ucmp(B, A) >= 0))
		{
		if (!BN_nnmod(B, B, A, ctx)) goto err;
		}
	sign = -1;
	/* From  B = a mod |n|,  A = |n|  it follows that
	 *
	 *      0 <= B < A,
	 *     -sign*X*a  ==  B   (mod |n|),
	 *      sign*Y*a  ==  A   (mod |n|).
	 */

	if (BN_is_odd(n) && (BN_num_bits(n) <= (BN_BITS <= 32 ? 450 : 2048)))
		{
		/* Binary inversion algorithm; requires odd modulus.
		 * This is faster than the general algorithm if the modulus
		 * is sufficiently small (about 400 .. 500 bits on 32-bit
		 * sytems, but much more on 64-bit systems) */
		int shift;

		while (!BN_is_zero(B))
			{
			/*
			 *      0 < B < |n|,
			 *      0 < A <= |n|,
			 * (1) -sign*X*a  ==  B   (mod |n|),
			 * (2)  sign*Y*a  ==  A   (mod |n|)
			 */

			/* Now divide  B  by the maximum possible power of two in the integers,
			 * and divide  X  by the same value mod |n|.
			 * When we're done, (1) still holds. */
			shift = 0;
			while (!BN_is_bit_set(B, shift)) /* note that 0 < B */
				{
				shift++;

				if (BN_is_odd(X))
					{
					if (!BN_uadd(X, X, n)) goto err;
					}
				/* now X is even, so we can easily divide it by two */
				if (!BN_rshift1(X, X)) goto err;
				}
			if (shift > 0)
				{
				if (!BN_rshift(B, B, shift)) goto err;
				}


			/* Same for  A  and  Y.  Afterwards, (2) still holds. */
			shift = 0;
			while (!BN_is_bit_set(A, shift)) /* note that 0 < A */
				{
				shift++;

				if (BN_is_odd(Y))
					{
					if (!BN_uadd(Y, Y, n)) goto err;
					}
				/* now Y is even */
				if (!BN_rshift1(Y, Y)) goto err;
				}
			if (shift > 0)
				{
				if (!BN_rshift(A, A, shift)) goto err;
				}


			/* We still have (1) and (2).
			 * Both  A  and  B  are odd.
			 * The following computations ensure that
			 *
			 *     0 <= B < |n|,
			 *      0 < A < |n|,
			 * (1) -sign*X*a  ==  B   (mod |n|),
			 * (2)  sign*Y*a  ==  A   (mod |n|),
			 *
			 * and that either  A  or  B  is even in the next iteration.
			 */
			if (BN_ucmp(B, A) >= 0)
				{
				/* -sign*(X + Y)*a == B - A  (mod |n|) */
				if (!BN_uadd(X, X, Y)) goto err;
				/* NB: we could use BN_mod_add_quick(X, X, Y, n), but that
				 * actually makes the algorithm slower */
				if (!BN_usub(B, B, A)) goto err;
				}
			else
				{
				/*  sign*(X + Y)*a == A - B  (mod |n|) */
				if (!BN_uadd(Y, Y, X)) goto err;
				/* as above, BN_mod_add_quick(Y, Y, X, n) would slow things down */
				if (!BN_usub(A, A, B)) goto err;
				}
			}
		}
	else
		{
		/* general inversion algorithm */

		while (!BN_is_zero(B))
			{
			BIGNUM *tmp;

			/*
			 *      0 < B < A,
			 * (*) -sign*X*a  ==  B   (mod |n|),
			 *      sign*Y*a  ==  A   (mod |n|)
			 */

			/* (D, M) := (A/B, A%B) ... */
			if (BN_num_bits(A) == BN_num_bits(B))
				{
				if (!BN_one(D)) goto err;
				if (!BN_sub(M,A,B)) goto err;
				}
			else if (BN_num_bits(A) == BN_num_bits(B) + 1)
				{
				/* A/B is 1, 2, or 3 */
				if (!BN_lshift1(T,B)) goto err;
				if (BN_ucmp(A,T) < 0)
					{
					/* A < 2*B, so D=1 */
					if (!BN_one(D)) goto err;
					if (!BN_sub(M,A,B)) goto err;
					}
				else
					{
					/* A >= 2*B, so D=2 or D=3 */
					if (!BN_sub(M,A,T)) goto err;
					if (!BN_add(D,T,B)) goto err; /* use D (:= 3*B) as temp */
					if (BN_ucmp(A,D) < 0)
						{
						/* A < 3*B, so D=2 */
						if (!BN_set_word(D,2)) goto err;
						/* M (= A - 2*B) already has the correct value */
						}
					else
						{
						/* only D=3 remains */
						if (!BN_set_word(D,3)) goto err;
						/* currently  M = A - 2*B,  but we need  M = A - 3*B */
						if (!BN_sub(M,M,B)) goto err;
						}
					}
				}
			else
				{
				if (!BN_div(D,M,A,B,ctx)) goto err;
				}

			/* Now
			 *      A = D*B + M;
			 * thus we have
			 * (**)  sign*Y*a  ==  D*B + M   (mod |n|).
			 */

			tmp=A; /* keep the BIGNUM object, the value does not matter */

			/* (A, B) := (B, A mod B) ... */
			A=B;
			B=M;
			/* ... so we have  0 <= B < A  again */

			/* Since the former  M  is now  B  and the former  B  is now  A,
			 * (**) translates into
			 *       sign*Y*a  ==  D*A + B    (mod |n|),
			 * i.e.
			 *       sign*Y*a - D*A  ==  B    (mod |n|).
			 * Similarly, (*) translates into
			 *      -sign*X*a  ==  A          (mod |n|).
			 *
			 * Thus,
			 *   sign*Y*a + D*sign*X*a  ==  B  (mod |n|),
			 * i.e.
			 *        sign*(Y + D*X)*a  ==  B  (mod |n|).
			 *
			 * So if we set  (X, Y, sign) := (Y + D*X, X, -sign),  we arrive back at
			 *      -sign*X*a  ==  B   (mod |n|),
			 *       sign*Y*a  ==  A   (mod |n|).
			 * Note that  X  and  Y  stay non-negative all the time.
			 */

			/* most of the time D is very small, so we can optimize tmp := D*X+Y */
			if (BN_is_one(D))
				{
				if (!BN_add(tmp,X,Y)) goto err;
				}
			else
				{
				if (BN_is_word(D,2))
					{
					if (!BN_lshift1(tmp,X)) goto err;
					}
				else if (BN_is_word(D,4))
					{
					if (!BN_lshift(tmp,X,2)) goto err;
					}
				else if (D->top == 1)
					{
					if (!BN_copy(tmp,X)) goto err;
					if (!BN_mul_word(tmp,D->d[0])) goto err;
					}
				else
					{
					if (!BN_mul(tmp,D,X,ctx)) goto err;
					}
				if (!BN_add(tmp,tmp,Y)) goto err;
				}

			M=Y; /* keep the BIGNUM object, the value does not matter */
			Y=X;
			X=tmp;
			sign = -sign;
			}
		}

	/*
	 * The while loop (Euclid's algorithm) ends when
	 *      A == gcd(a,n);
	 * we have
	 *       sign*Y*a  ==  A  (mod |n|),
	 * where  Y  is non-negative.
	 */

	if (sign < 0)
		{
		if (!BN_sub(Y,n,Y)) goto err;
		}
	/* Now  Y*a  ==  A  (mod |n|).  */


	if (BN_is_one(A))
		{
		/* Y*a == 1  (mod |n|) */
		if (!Y->neg && BN_ucmp(Y,n) < 0)
			{
			if (!BN_copy(R,Y)) goto err;
			}
		else
			{
			if (!BN_nnmod(R,Y,n,ctx)) goto err;
			}
		}
	else
		{
		BNerr(BN_F_BN_MOD_INVERSE,BN_R_NO_INVERSE);
		goto err;
		}
	ret=R;
err:
	if ((ret == NULL) && (in == NULL)) BN_free(R);
	BN_CTX_end(ctx);
	return(ret);
	}
示例#6
0
/*
 * compute a "random" secret point on an elliptic curve based
 * on the password and identities.
 */
int compute_password_element(EAP_PWD_group *grp, u16 num,
			     u8 *password, int password_len,
			     u8 *id_server, int id_server_len,
			     u8 *id_peer, int id_peer_len, u8 *token)
{
	BIGNUM *x_candidate = NULL, *rnd = NULL, *cofactor = NULL;
	HMAC_CTX ctx;
	unsigned char pwe_digest[SHA256_DIGEST_LENGTH], *prfbuf = NULL, ctr;
	int nid, is_odd, primebitlen, primebytelen, ret = 0;

	switch (num) { /* from IANA registry for IKE D-H groups */
        case 19:
		nid = NID_X9_62_prime256v1;
		break;
        case 20:
		nid = NID_secp384r1;
		break;
        case 21:
		nid = NID_secp521r1;
		break;
        case 25:
		nid = NID_X9_62_prime192v1;
		break;
        case 26:
		nid = NID_secp224r1;
		break;
        default:
		wpa_printf(MSG_INFO, "EAP-pwd: unsupported group %d", num);
		return -1;
	}

	grp->pwe = NULL;
	grp->order = NULL;
	grp->prime = NULL;

	if ((grp->group = EC_GROUP_new_by_curve_name(nid)) == NULL) {
		wpa_printf(MSG_INFO, "EAP-pwd: unable to create EC_GROUP");
		goto fail;
	}

	if (((rnd = BN_new()) == NULL) ||
	    ((cofactor = BN_new()) == NULL) ||
	    ((grp->pwe = EC_POINT_new(grp->group)) == NULL) ||
	    ((grp->order = BN_new()) == NULL) ||
	    ((grp->prime = BN_new()) == NULL) ||
	    ((x_candidate = BN_new()) == NULL)) {
		wpa_printf(MSG_INFO, "EAP-pwd: unable to create bignums");
		goto fail;
	}

	if (!EC_GROUP_get_curve_GFp(grp->group, grp->prime, NULL, NULL, NULL))
	{
		wpa_printf(MSG_INFO, "EAP-pwd: unable to get prime for GFp "
			   "curve");
		goto fail;
	}
	if (!EC_GROUP_get_order(grp->group, grp->order, NULL)) {
		wpa_printf(MSG_INFO, "EAP-pwd: unable to get order for curve");
		goto fail;
	}
	if (!EC_GROUP_get_cofactor(grp->group, cofactor, NULL)) {
		wpa_printf(MSG_INFO, "EAP-pwd: unable to get cofactor for "
			   "curve");
		goto fail;
	}
	primebitlen = BN_num_bits(grp->prime);
	primebytelen = BN_num_bytes(grp->prime);
	if ((prfbuf = os_malloc(primebytelen)) == NULL) {
		wpa_printf(MSG_INFO, "EAP-pwd: unable to malloc space for prf "
			   "buffer");
		goto fail;
	}
	os_memset(prfbuf, 0, primebytelen);
	ctr = 0;
	while (1) {
		if (ctr > 30) {
			wpa_printf(MSG_INFO, "EAP-pwd: unable to find random "
				   "point on curve for group %d, something's "
				   "fishy", num);
			goto fail;
		}
		ctr++;

		/*
		 * compute counter-mode password value and stretch to prime
		 *    pwd-seed = H(token | peer-id | server-id | password |
		 *		   counter)
		 */
		H_Init(&ctx);
		H_Update(&ctx, token, sizeof(u32));
		H_Update(&ctx, id_peer, id_peer_len);
		H_Update(&ctx, id_server, id_server_len);
		H_Update(&ctx, password, password_len);
		H_Update(&ctx, &ctr, sizeof(ctr));
		H_Final(&ctx, pwe_digest);

		BN_bin2bn(pwe_digest, SHA256_DIGEST_LENGTH, rnd);

		eap_pwd_kdf(pwe_digest, SHA256_DIGEST_LENGTH,
			    (unsigned char *) "EAP-pwd Hunting And Pecking",
			    os_strlen("EAP-pwd Hunting And Pecking"),
			    prfbuf, primebitlen);

		BN_bin2bn(prfbuf, primebytelen, x_candidate);

		/*
		 * eap_pwd_kdf() returns a string of bits 0..primebitlen but
		 * BN_bin2bn will treat that string of bits as a big endian
		 * number. If the primebitlen is not an even multiple of 8
		 * then excessive bits-- those _after_ primebitlen-- so now
		 * we have to shift right the amount we masked off.
		 */
		if (primebitlen % 8)
			BN_rshift(x_candidate, x_candidate,
				  (8 - (primebitlen % 8)));

		if (BN_ucmp(x_candidate, grp->prime) >= 0)
			continue;

		wpa_hexdump(MSG_DEBUG, "EAP-pwd: x_candidate",
			    prfbuf, primebytelen);

		/*
		 * need to unambiguously identify the solution, if there is
		 * one...
		 */
		if (BN_is_odd(rnd))
			is_odd = 1;
		else
			is_odd = 0;

		/*
		 * solve the quadratic equation, if it's not solvable then we
		 * don't have a point
		 */
		if (!EC_POINT_set_compressed_coordinates_GFp(grp->group,
							     grp->pwe,
							     x_candidate,
							     is_odd, NULL))
			continue;
		/*
		 * If there's a solution to the equation then the point must be
		 * on the curve so why check again explicitly? OpenSSL code
		 * says this is required by X9.62. We're not X9.62 but it can't
		 * hurt just to be sure.
		 */
		if (!EC_POINT_is_on_curve(grp->group, grp->pwe, NULL)) {
			wpa_printf(MSG_INFO, "EAP-pwd: point is not on curve");
			continue;
		}

		if (BN_cmp(cofactor, BN_value_one())) {
			/* make sure the point is not in a small sub-group */
			if (!EC_POINT_mul(grp->group, grp->pwe, NULL, grp->pwe,
					  cofactor, NULL)) {
				wpa_printf(MSG_INFO, "EAP-pwd: cannot "
					   "multiply generator by order");
				continue;
			}
			if (EC_POINT_is_at_infinity(grp->group, grp->pwe)) {
				wpa_printf(MSG_INFO, "EAP-pwd: point is at "
					   "infinity");
				continue;
			}
		}
		/* if we got here then we have a new generator. */
		break;
	}
	wpa_printf(MSG_DEBUG, "EAP-pwd: found a PWE in %d tries", ctr);
	grp->group_num = num;
	if (0) {
 fail:
		EC_GROUP_free(grp->group);
		EC_POINT_free(grp->pwe);
		BN_free(grp->order);
		BN_free(grp->prime);
		os_free(grp);
		grp = NULL;
		ret = 1;
	}
	/* cleanliness and order.... */
	BN_free(cofactor);
	BN_free(x_candidate);
	BN_free(rnd);
	os_free(prfbuf);

	return ret;
}
示例#7
0
文件: rsa_chk.c 项目: 0culus/openssl
int RSA_check_key(const RSA *key)
	{
	BIGNUM *i, *j, *k, *l, *m;
	BN_CTX *ctx;
	int r;
	int ret=1;

	if (!key->p || !key->q || !key->n || !key->e || !key->d)
		{
		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_VALUE_MISSING);
		return 0;
		}
	
	i = BN_new();
	j = BN_new();
	k = BN_new();
	l = BN_new();
	m = BN_new();
	ctx = BN_CTX_new();
	if (i == NULL || j == NULL || k == NULL || l == NULL ||
		m == NULL || ctx == NULL)
		{
		ret = -1;
		RSAerr(RSA_F_RSA_CHECK_KEY, ERR_R_MALLOC_FAILURE);
		goto err;
		}
	
	/* p prime? */
	r = BN_is_prime_ex(key->p, BN_prime_checks, NULL, NULL);
	if (r != 1)
		{
		ret = r;
		if (r != 0)
			goto err;
		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_P_NOT_PRIME);
		}
	
	/* q prime? */
	r = BN_is_prime_ex(key->q, BN_prime_checks, NULL, NULL);
	if (r != 1)
		{
		ret = r;
		if (r != 0)
			goto err;
		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_Q_NOT_PRIME);
		}
	
	/* n = p*q? */
	r = BN_mul(i, key->p, key->q, ctx);
	if (!r) { ret = -1; goto err; }
	
	if (BN_cmp(i, key->n) != 0)
		{
		ret = 0;
		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_N_DOES_NOT_EQUAL_P_Q);
		}
	
	/* d*e = 1  mod lcm(p-1,q-1)? */

	r = BN_sub(i, key->p, BN_value_one());
	if (!r) { ret = -1; goto err; }
	r = BN_sub(j, key->q, BN_value_one());
	if (!r) { ret = -1; goto err; }

	/* now compute k = lcm(i,j) */
	r = BN_mul(l, i, j, ctx);
	if (!r) { ret = -1; goto err; }
	r = BN_gcd(m, i, j, ctx);
	if (!r) { ret = -1; goto err; }
	r = BN_div(k, NULL, l, m, ctx); /* remainder is 0 */
	if (!r) { ret = -1; goto err; }

	r = BN_mod_mul(i, key->d, key->e, k, ctx);
	if (!r) { ret = -1; goto err; }

	if (!BN_is_one(i))
		{
		ret = 0;
		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_D_E_NOT_CONGRUENT_TO_1);
		}
	
	if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL)
		{
		/* dmp1 = d mod (p-1)? */
		r = BN_sub(i, key->p, BN_value_one());
		if (!r) { ret = -1; goto err; }

		r = BN_mod(j, key->d, i, ctx);
		if (!r) { ret = -1; goto err; }

		if (BN_cmp(j, key->dmp1) != 0)
			{
			ret = 0;
			RSAerr(RSA_F_RSA_CHECK_KEY,
				RSA_R_DMP1_NOT_CONGRUENT_TO_D);
			}
	
		/* dmq1 = d mod (q-1)? */    
		r = BN_sub(i, key->q, BN_value_one());
		if (!r) { ret = -1; goto err; }
	
		r = BN_mod(j, key->d, i, ctx);
		if (!r) { ret = -1; goto err; }

		if (BN_cmp(j, key->dmq1) != 0)
			{
			ret = 0;
			RSAerr(RSA_F_RSA_CHECK_KEY,
				RSA_R_DMQ1_NOT_CONGRUENT_TO_D);
			}
	
		/* iqmp = q^-1 mod p? */
		if(!BN_mod_inverse(i, key->q, key->p, ctx))
			{
			ret = -1;
			goto err;
			}

		if (BN_cmp(i, key->iqmp) != 0)
			{
			ret = 0;
			RSAerr(RSA_F_RSA_CHECK_KEY,
				RSA_R_IQMP_NOT_INVERSE_OF_Q);
			}
		}

 err:
	if (i != NULL) BN_free(i);
	if (j != NULL) BN_free(j);
	if (k != NULL) BN_free(k);
	if (l != NULL) BN_free(l);
	if (m != NULL) BN_free(m);
	if (ctx != NULL) BN_CTX_free(ctx);
	return (ret);
	}
示例#8
0
RSA* readRSA()
{
  nfc_device *device = NULL;
  MifareTag *tag = NULL;
  MifareDESFireAID aid;
  RSA *rsa = NULL;
  uint8_t key_data_null[8] = { 0,0,0,0,0,0,0,0};
  MifareDESFireKey defaultKey = mifare_desfire_des_key_new_with_version (key_data_null);

  device = getRfidDevice();

  if (!device)
    return NULL;

  tag = freefare_get_tags(device);

  mifare_desfire_connect (tag[0]);

  aid = mifare_desfire_aid_new(AID_NUMBER);

  mifare_desfire_select_application (tag[0], aid);

  if (authApplication(tag[0], defaultKeyNumber) < 0)
  {
    fprintf(stderr,"Falscher Key\n");
    nfc_close(device);
    return NULL;
  }

  if (!rsa)
    rsa = RSA_new();

  if (!rsa->n)
    rsa->n = BN_new();
  if (!rsa->d)
    rsa->d = BN_new();
  if (!rsa->e)
    rsa->e = BN_new();
  if (readBignum(tag[0],aid,rsa->n,0) < 0)
  {
    fprintf(stderr,"readBignum %d failed\n",0);
    nfc_close(device);
    return NULL;
  }

  if (readBignum(tag[0],aid,rsa->d,5) < 0)
  {
    fprintf(stderr,"readBignum %d failed\n",0);
    nfc_close(device);
    return NULL;
  }

  if (readBignum(tag[0],aid,rsa->e,10) < 0)
  {
    fprintf(stderr,"readBignum %d failed\n",0);
    nfc_close(device);
    return NULL;
  }

  nfc_close(device);

  return rsa;
}
示例#9
0
BigNumber::BigNumber()
{
    _bn = BN_new();
    _array = NULL;
}
示例#10
0
文件: cpk_lib.c 项目: LiTianjue/GmSSL
static EC_KEY *extract_ec_priv_key(CPK_MASTER_SECRET *master, const char *id)
{
	int e = 1;
	EC_KEY *ec_key = NULL;
	const EC_GROUP *ec_group;
	EC_POINT *pub_key = NULL;
	BIGNUM *priv_key = BN_new();
	BIGNUM *order = BN_new();
	BIGNUM *bn = BN_new();
	BN_CTX *ctx = BN_CTX_new();
	int *index = NULL;
	int i, num_indexes, bn_size;

	
	if (!priv_key || !bn || !order || !ctx) {
		goto err;
	}
	
	if (!(ec_key = X509_ALGOR_get1_EC_KEY(master->pkey_algor))) {
		goto err;
	}
	ec_group = EC_KEY_get0_group(ec_key);
	if (!(pub_key = EC_POINT_new(ec_group))) {
		goto err;
	}

	if ((num_indexes = CPK_MAP_num_indexes(master->map_algor)) <= 0) {
		goto err;
	}
	if (!(index = OPENSSL_malloc(sizeof(int) * num_indexes))) {
		goto err;
	}		
	if (!CPK_MAP_str2index(master->map_algor, id, index)) {
		goto err;
	}
	
	BN_zero(priv_key);
	if (!(EC_GROUP_get_order(EC_KEY_get0_group(ec_key), order, ctx))) {
		goto err;
	}
	bn_size = BN_num_bytes(order);
	
	for (i = 0; i < num_indexes; i++) {
		const unsigned char *p = 
			M_ASN1_STRING_data(master->secret_factors) + 
			bn_size * index[i];
		
		if (!BN_bin2bn(p, bn_size, bn)) {
			goto err;
		}
		if (BN_is_zero(bn) || BN_cmp(bn, order) >= 0) {
			goto err;
		}		
		if (!BN_mod_add(priv_key, priv_key, bn, order, ctx)) {
			goto err;
		}
	}
	if (!EC_KEY_set_private_key(ec_key, priv_key)) {
		goto err;
	}

	if (!EC_POINT_mul(ec_group, pub_key, priv_key, NULL, NULL, ctx)) {
		goto err;
	}
	if (!EC_KEY_set_public_key(ec_key, pub_key)) {
		goto err;
	}
	e = 0;
	
err:
	if (e && ec_key) {
		EC_KEY_free(ec_key);
		ec_key = NULL;
	}
	if (priv_key) BN_free(priv_key);
	if (pub_key) EC_POINT_free(pub_key);
	if (order) BN_free(order);
	if (bn) BN_free(bn);
	if (ctx) BN_CTX_free(ctx);
	if (index) OPENSSL_free(index);
	return ec_key;
}
示例#11
0
文件: cpk_lib.c 项目: LiTianjue/GmSSL
static EC_KEY *extract_ec_pub_key(CPK_PUBLIC_PARAMS *param, const char *id)
{
	int e = 1;
	EC_KEY *ec_key = NULL;
	const EC_GROUP *ec_group;
	EC_POINT *pub_key = NULL;
	EC_POINT *pt = NULL;
	BIGNUM *order = BN_new();
	BIGNUM *bn = BN_new();
	BN_CTX *ctx = BN_CTX_new();
	int *index = NULL;
	int i, bn_size, pt_size, num_indexes, num_factors;
	
	if (!(ec_key = X509_ALGOR_get1_EC_KEY(param->pkey_algor))) {
		goto err;		
	}
	ec_group = EC_KEY_get0_group(ec_key);
	
	if (!(pub_key = EC_POINT_new(ec_group))) {
		goto err;
	}
	if (!(pt = EC_POINT_new(ec_group))) {
		goto err;
	}
	if (!EC_GROUP_get_order(ec_group, order, ctx)) {
		goto err;
	}
	bn_size = BN_num_bytes(order);
	pt_size = bn_size + 1;
	if ((num_factors = CPK_MAP_num_factors(param->map_algor)) <= 0) {
		goto err;
	}
	if (M_ASN1_STRING_length(param->public_factors) != pt_size * num_factors) {
		goto err;
	}

	if ((num_indexes = CPK_MAP_num_indexes(param->map_algor)) <= 0) {
		goto err;
	}
	if (!(index = OPENSSL_malloc(sizeof(int) * num_indexes))) {
		goto err;
	}		
	if (!CPK_MAP_str2index(param->map_algor, id, index)) {
		goto err;
	}

	if (!EC_POINT_set_to_infinity(ec_group, pub_key)) {
		goto err;
	}
	for (i = 0; i < num_indexes; i++) {
		const unsigned char *p = 
			M_ASN1_STRING_data(param->public_factors) + 
			pt_size * index[i];		

		if (!EC_POINT_oct2point(ec_group, pt, p, pt_size, ctx)) {
			goto err;
		}
		if (!EC_POINT_add(ec_group, pub_key, pub_key, pt, ctx)) {
			goto err;
		}
	}

	if (!EC_KEY_set_public_key(ec_key, pub_key)) {
		goto err;
	}
	e = 0;
err:
	if (e && ec_key) {
		EC_KEY_free(ec_key);
		ec_key = NULL;
	}
	if (pub_key) EC_POINT_free(pub_key);
	if (order) BN_free(order);
	if (bn) BN_free(bn);
	if (ctx) BN_CTX_free(ctx);
	if (index) OPENSSL_free(index);
	return ec_key;
}
示例#12
0
文件: cpk_lib.c 项目: LiTianjue/GmSSL
static int extract_ec_params(CPK_MASTER_SECRET *master, CPK_PUBLIC_PARAMS *param)
{
	int ret = 0;
	EC_KEY *ec_key = NULL;
	const EC_GROUP *ec_group;
	BIGNUM *bn = BN_new();
	BIGNUM *order = BN_new();
	BN_CTX *ctx = BN_CTX_new();
	EC_POINT *pt = NULL;
	int i, bn_size, pt_size, num_factors;
	const unsigned char *bn_ptr;
	unsigned char *pt_ptr;
	
	if (!bn || !order || !ctx) {
		goto err;
	}
	
	if (!(ec_key = X509_ALGOR_get1_EC_KEY(master->pkey_algor))) {
		goto err;
	}
	ec_group = EC_KEY_get0_group(ec_key);
	if (!(EC_GROUP_get_order(ec_group, order, ctx))) {
		goto err;
	}
	bn_size = BN_num_bytes(order);
	pt_size = bn_size + 1;
	
	if ((num_factors = CPK_MAP_num_factors(master->map_algor)) <= 0) {
		goto err;
	}
	if (M_ASN1_STRING_length(master->secret_factors) != bn_size * num_factors) {
		goto err;
	}
	if (!ASN1_STRING_set(param->public_factors, NULL, pt_size * num_factors)) {
		goto err;
	}
	
	bn_ptr = M_ASN1_STRING_data(master->secret_factors);
	pt_ptr = M_ASN1_STRING_data(param->public_factors);
	memset(pt_ptr, 0, M_ASN1_STRING_length(param->public_factors));
	
	if (!(pt = EC_POINT_new(ec_group))) {
		goto err;			
	}
	for (i = 0; i < num_factors; i++) {
		if (!BN_bin2bn(bn_ptr, bn_size, bn)) {
			goto err;
		}
		if (BN_is_zero(bn) || BN_cmp(bn, order) >= 0) {
			goto err;
		}
		if (!EC_POINT_mul(ec_group, pt, bn, NULL, NULL, ctx)) {
			goto err;
		}
		
		if (!EC_POINT_point2oct(ec_group, pt, 
			POINT_CONVERSION_COMPRESSED, pt_ptr, pt_size, ctx)) {
			goto err;
		}
		bn_ptr += bn_size;
		pt_ptr += pt_size;
	}
	
	ret = 1;
err:	
	if (ec_key) EC_KEY_free(ec_key);
	if (bn) BN_free(bn);
	if (order) BN_free(order);
	if (ctx) BN_CTX_free(ctx);
	if (pt) EC_POINT_free(pt);
	return ret;
}
示例#13
0
文件: cpk_lib.c 项目: LiTianjue/GmSSL
CPK_MASTER_SECRET *CPK_MASTER_SECRET_create(const char *domain_id,
	EVP_PKEY *pkey, X509_ALGOR *map_algor)
{
	int e = 1;
	CPK_MASTER_SECRET *master = NULL;
	BIGNUM *bn = NULL, *order = NULL;
	X509_PUBKEY *pubkey = NULL;
	int pkey_type;
	int i, bn_size, num_factors;
	unsigned char *bn_ptr;
	
	if (strlen(domain_id) <= 0 || strlen(domain_id) > CPK_MAX_ID_LENGTH) {
		CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, CPK_R_INVALID_ID_LENGTH);
		goto err;
	}
	
	pkey_type = EVP_PKEY_id(pkey);
	if (pkey_type == EVP_PKEY_DSA) {
		if (!(order = ((DSA *)EVP_PKEY_get0(pkey))->q)) {
			CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, CPK_R_BAD_ARGUMENT);
			goto err;
		}
	} else if (pkey_type == EVP_PKEY_EC) {
		const EC_GROUP *ec_group;
		if (!(order = BN_new())) {
			CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_MALLOC_FAILURE);
			goto err;
		}
		ec_group = EC_KEY_get0_group((EC_KEY *)EVP_PKEY_get0(pkey));
		if (!EC_GROUP_get_order(ec_group, order, NULL)) {
			CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_X509_LIB);
			goto err;
		}
		//FIXME OPENSSL_assert
		assert(EC_KEY_get0_public_key((EC_KEY *)EVP_PKEY_get0(pkey)) != NULL);
	} else {
		CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, CPK_R_INVALID_PKEY_TYPE);
		goto err;		
	}

	if (!(master = CPK_MASTER_SECRET_new())) {
		CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_MALLOC_FAILURE);
		goto err;
	}
	
	master->version = 1;
	if (!X509_NAME_add_entry_by_NID(master->id, NID_organizationName,
		MBSTRING_UTF8, (unsigned char *)domain_id, -1, -1, 0)) {
		CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_X509_LIB);
		goto err;
	}
	
	/* 
	 * convert EVP_PKEY to X509_ALGOR through X509_PUBKEY_set
	 * X509_ALGOR_set0() is another choice but require more code
	 */
	// FIXME: X509_PUBKEY require pkey has a public key
	if (!X509_PUBKEY_set(&pubkey, pkey)) {
		CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_X509_LIB);
		goto err;
	}
	X509_ALGOR_free(master->pkey_algor);
	if (!(master->pkey_algor = X509_ALGOR_dup(pubkey->algor))) {
		CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_X509_LIB);
		goto err;
	}
		
	//FIXME: check the validity of CPK_MAP
	X509_ALGOR_free(master->map_algor);
	if (!(master->map_algor = X509_ALGOR_dup(map_algor))) {
		CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_MALLOC_FAILURE);
		goto err;
	}
	if ((num_factors = CPK_MAP_num_factors(map_algor)) <= 0) {
		CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, CPK_R_INVALID_MAP_ALGOR);
		goto err;
	}
	
	/*
	 * create secret factors, for both DSA and EC,
	 * the private keys are both big integers, 
	 */
	bn_size = BN_num_bytes(order);
	if (!ASN1_STRING_set(master->secret_factors, NULL, bn_size * num_factors)) {
		CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_ASN1_LIB);
		goto err;
	}
	bn_ptr = M_ASN1_STRING_data(master->secret_factors);
	memset(bn_ptr, 0, M_ASN1_STRING_length(master->secret_factors));
	
	if (!(bn = BN_new())) {
		CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_MALLOC_FAILURE);
		goto err;
	}
	for (i = 0; i < num_factors; i++) {
		do {
			if (!BN_rand_range(bn, order)) {
				CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE,
					ERR_R_RAND_LIB);
				goto err;
			}
		} while (BN_is_zero(bn));
		
		if (!BN_bn2bin(bn, bn_ptr + bn_size - BN_num_bytes(bn))) {
			CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_BN_LIB);
			goto err;
		}
		bn_ptr += bn_size;
	}
	
	e = 0;
err:
	if (e && master) {
		CPK_MASTER_SECRET_free(master);
		master = NULL;
	}
	if (pubkey) X509_PUBKEY_free(pubkey);
	if (order && pkey_type == EVP_PKEY_EC) BN_free(order);
	if (bn) BN_free(bn);
	return master;
}
示例#14
0
文件: cpk_lib.c 项目: LiTianjue/GmSSL
static DSA *extract_dsa_priv_key(CPK_MASTER_SECRET *master, const char *id)
{
	int e = 1;
	DSA *dsa = NULL;
	BIGNUM *bn = BN_new();
	BN_CTX *ctx = BN_CTX_new();	
	const unsigned char *p;
	int *index = NULL;
	int i, num_indexes, bn_size;

	
	if (!bn || !ctx) {
		goto err;
	}
	if (!(dsa = X509_ALGOR_get1_DSA(master->pkey_algor))) {
		goto err;
	}
	
	if ((num_indexes = CPK_MAP_num_indexes(master->map_algor)) <= 0) {
		goto err;
	}
	if (!(index = OPENSSL_malloc(sizeof(int) * num_indexes))) {
		goto err;
	}		
	if (!CPK_MAP_str2index(master->map_algor, id, index)) {
		goto err;
	}
	if (!dsa->priv_key) {
		if (!(dsa->priv_key = BN_new())) {
			goto err;
		}
	}
	BN_zero(dsa->priv_key);
	bn_size = BN_num_bytes(dsa->q);
	
	for (i = 0; i < num_indexes; i++) {
		p = M_ASN1_STRING_data(master->secret_factors) + bn_size * index[i];
		if (!BN_bin2bn(p, bn_size, bn)) {
			goto err;
		}
		if (BN_is_zero(bn) || BN_cmp(bn, dsa->q) >= 0) {
			goto err;
		}
		if (!BN_mod_add(dsa->priv_key, dsa->priv_key, bn, dsa->q, ctx)) {
			goto err;
		}
	}
	
	if (!(dsa->pub_key))
		if (!(dsa->pub_key = BN_new())) {
			goto err;
		}
	if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) {
		goto err;
	}
	e = 0;
	
err:
	if (e && dsa) {
		DSA_free(dsa);
		dsa = NULL;
	}
	if (bn) BN_free(bn);
	if (ctx) BN_CTX_free(ctx);
	if (index) OPENSSL_free(index);
	return dsa;
}
示例#15
0
BigNumber::BigNumber()
    : _bn(BN_new())
    , _array(NULL)
{ }
示例#16
0
BigNumber::BigNumber(uint32 val)
{
    _bn = BN_new();
    BN_set_word(_bn, val);
    _array = NULL;
}
示例#17
0
BigNumber::BigNumber(uint32 val)
    : _bn(BN_new())
    , _array(NULL)
{
    BN_set_word(_bn, val);
}
示例#18
0
static void JPAKE_ZKP_init(JPAKE_ZKP *zkp)
    {
    zkp->gr = BN_new();
    zkp->b = BN_new();
    }
static BIGNUM* NativeBN_BN_new(JNIEnv*, jclass) {
    return BN_new();
}
示例#20
0
void JPAKE_STEP_PART_init(JPAKE_STEP_PART *p)
    {
    p->gx = BN_new();
    JPAKE_ZKP_init(&p->zkpx);
    }
示例#21
0
文件: ecdsa_ossl.c 项目: tcmx/openssl
ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
                               const BIGNUM *in_kinv, const BIGNUM *in_r,
                               EC_KEY *eckey)
{
    int ok = 0, i;
    BIGNUM *kinv = NULL, *s, *m = NULL, *tmp = NULL;
    const BIGNUM *order, *ckinv;
    BN_CTX *ctx = NULL;
    const EC_GROUP *group;
    ECDSA_SIG *ret;
    const BIGNUM *priv_key;

    group = EC_KEY_get0_group(eckey);
    priv_key = EC_KEY_get0_private_key(eckey);

    if (group == NULL || priv_key == NULL) {
        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_PASSED_NULL_PARAMETER);
        return NULL;
    }

    if (!EC_KEY_can_sign(eckey)) {
        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);
        return NULL;
    }

    ret = ECDSA_SIG_new();
    if (ret == NULL) {
        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
        return NULL;
    }
    ret->r = BN_new();
    ret->s = BN_new();
    if (ret->r == NULL || ret->s == NULL) {
        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
        goto err;
    }
    s = ret->s;

    if ((ctx = BN_CTX_new()) == NULL ||
        (tmp = BN_new()) == NULL || (m = BN_new()) == NULL) {
        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
        goto err;
    }

    order = EC_GROUP_get0_order(group);
    if (order == NULL) {
        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_EC_LIB);
        goto err;
    }
    i = BN_num_bits(order);
    /*
     * Need to truncate digest if it is too long: first truncate whole bytes.
     */
    if (8 * dgst_len > i)
        dgst_len = (i + 7) / 8;
    if (!BN_bin2bn(dgst, dgst_len, m)) {
        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
        goto err;
    }
    /* If still too long truncate remaining bits with a shift */
    if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
        goto err;
    }
    do {
        if (in_kinv == NULL || in_r == NULL) {
            if (!ecdsa_sign_setup(eckey, ctx, &kinv, &ret->r, dgst, dgst_len)) {
                ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_ECDSA_LIB);
                goto err;
            }
            ckinv = kinv;
        } else {
            ckinv = in_kinv;
            if (BN_copy(ret->r, in_r) == NULL) {
                ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
                goto err;
            }
        }

        if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx)) {
            ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
            goto err;
        }
        if (!BN_mod_add_quick(s, tmp, m, order)) {
            ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
            goto err;
        }
        if (!BN_mod_mul(s, s, ckinv, order, ctx)) {
            ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
            goto err;
        }
        if (BN_is_zero(s)) {
            /*
             * if kinv and r have been supplied by the caller, don't
             * generate new kinv and r values
             */
            if (in_kinv != NULL && in_r != NULL) {
                ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_NEED_NEW_SETUP_VALUES);
                goto err;
            }
        } else
            /* s != 0 => we have a valid signature */
            break;
    }
    while (1);

    ok = 1;
 err:
    if (!ok) {
        ECDSA_SIG_free(ret);
        ret = NULL;
    }
    BN_CTX_free(ctx);
    BN_clear_free(m);
    BN_clear_free(tmp);
    BN_clear_free(kinv);
    return ret;
}
示例#22
0
      extern_socket = -1;
      ret = -1;
      return ret;
    }
    fail = 0;
    return ret;
  }
  return ret;
}

#ifdef LIBOPENSSL
RSA *ssl_temp_rsa_cb(SSL * ssl, int export, int keylength) {
  if (rsa == NULL) {
#ifdef NO_RSA_LEGACY
    RSA *private = RSA_new();
    BIGNUM *f4 = BN_new();

    BN_set_word(f4, RSA_F4);
    RSA_generate_key_ex(rsa, 1024, f4, NULL);
#else
    rsa = RSA_generate_key(1024, RSA_F4, NULL, NULL);
#endif
  }
  return rsa;
}


int internal__hydra_connect_to_ssl(int socket) {
  int err;

  if (ssl_first) {
示例#23
0
static int test_ecdh_curve(int nid, const char *text, BN_CTX *ctx, BIO *out) {

	printf("in ecdh test\n");
	EC_KEY *a = NULL;    //EC_KEY is a structure
	EC_KEY *b = NULL;
	BIGNUM *x_a = NULL, *y_a = NULL, *x_b = NULL, *y_b = NULL;
	char buf[12];
	unsigned char *abuf = NULL, *bbuf = NULL;
	int i, alen, blen, aout, bout, ret = 0;
	const EC_GROUP *group;

	a = EC_KEY_new_by_curve_name(nid);
// creates a new key according to the curve specified
//it fills in the EC_KEY structure // use function called EC_KEY *EC_KEY_new(void)
//also use a function called EC_GROUP_new_by_curve_name() creates a EC_GROUP structure specified by a curve name (in form of a NID) */
// the group returned is set in the EC_KEY structure.

	b = EC_KEY_new_by_curve_name(nid);
	if (a == NULL || b == NULL)
		goto err;

	group = EC_KEY_get0_group(a); //returns the EC_GROUP structure created by the EC_KEY structure
//EC_GROUP structure is present in the EC_KEY structure.

	if ((x_a = BN_new()) == NULL)
		goto err;
	//BN_new returns a pointer to the bignum
	if ((y_a = BN_new()) == NULL)
		goto err;
	if ((x_b = BN_new()) == NULL)
		goto err;
	if ((y_b = BN_new()) == NULL)
		goto err;

	BIO_puts(out, "Testing key generation with ");
	BIO_puts(out, text);

#ifdef NOISY
	printf ("noisy");
	BIO_puts(out,"\n");
	BIO_puts(out,"\n");
	BIO_puts(out,"\n");
#else
	BIO_flush(out);
#endif

//public key number one is created here

	if (!EC_KEY_generate_key(a))
		goto err;
	//pass the filled EC_KEY structure and it will create a public or private ec key.
//it places the key in a->priv_key a->pub_key   /// PUBLIC AND PVT KEYS ARE GENERATED BY THE SCALAR MULTIPLICATION
	printf("\n1 ) generating keys\n");

	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group))
			== NID_X9_62_prime_field) {
		if (!EC_POINT_get_affine_coordinates_GFp(group,
				EC_KEY_get0_public_key(a), x_a, y_a, ctx))
			goto err;
	}
	//returns the public key
	else {
		if (!EC_POINT_get_affine_coordinates_GF2m(group,
				EC_KEY_get0_public_key(a), x_a, y_a, ctx))
			goto err;
	}

	//BN_print_fp(stdout, a->pub_key);
	printf("private key is : ");
	BN_print_fp(stdout, EC_KEY_get0_private_key(a));
	printf("\nAffine cordinates x:");
	BN_print_fp(stdout, x_a);
	printf("\nAffine cordinates y:");
	BN_print_fp(stdout, y_a);

	printf(
			"\n2 ) generated keys , generated affine points x and y , and also determided the primse brinary case\n");

#ifdef NOISY
	printf("no generation");
	BIO_puts(out,"  pri 1=");
	BN_print(out,a->priv_key);
	BIO_puts(out,"\n  pub 1=");
	BN_print(out,x_a);
	BIO_puts(out,",");
	BN_print(out,y_a);
	BIO_puts(out,"\n");
#else
	BIO_printf(out, " .");
	BIO_flush(out);
#endif

//public key number two is created here

	if (!EC_KEY_generate_key(b))
		goto err;

	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group))
			== NID_X9_62_prime_field) {
		if (!EC_POINT_get_affine_coordinates_GFp(group,
				EC_KEY_get0_public_key(b), x_b, y_b, ctx))
			goto err;
		// not well
	} else {
		if (!EC_POINT_get_affine_coordinates_GF2m(group,
				EC_KEY_get0_public_key(b), x_b, y_b, ctx))
			goto err;
	}

	//	printf("public key is : ");
	//	BN_print_fp(stdout, EC_KEY_get0_private_key(b));
	//  for public key they will exchange the whole EC_POINT structure
	printf("private key is : ");
	BN_print_fp(stdout, EC_KEY_get0_private_key(b));
	printf("\nAffine cordinates x");
	BN_print_fp(stdout, x_b);
	printf("\nAffine cordinates y");
	BN_print_fp(stdout, y_b);

#ifdef NOISY
	BIO_puts(out,"  pri 2=");
	BN_print(out,b->priv_key);
	BIO_puts(out,"\n  pub 2=");
	BN_print(out,x_b);
	BIO_puts(out,",");
	BN_print(out,y_b);
	BIO_puts(out,"\n");
#else
	BIO_printf(out, ".");
	BIO_flush(out);
#endif

	alen = KDF1_SHA1_len; ///it is a static constant integer.
	abuf = (unsigned char *) OPENSSL_malloc(alen);
	aout = ECDH_compute_key(abuf, alen, EC_KEY_get0_public_key(b), a,
			KDF1_SHA1); //generating session key
	//      BN_print(out, abuf);
	//BIO_puts(out,"\n");

#ifdef NOISY
	BIO_puts(out,"  key1 =");
	for (i=0; i<aout; i++)
	{
		sprintf(buf,"%02X",abuf[i]);
		BIO_puts(out,buf);
	}
	BIO_puts(out,"\n");
#else
	BIO_printf(out, ".");
	BIO_flush(out);
#endif

	blen = KDF1_SHA1_len;
	bbuf = (unsigned char *) OPENSSL_malloc(blen);
	bout = ECDH_compute_key(bbuf, blen, EC_KEY_get0_public_key(a), b,
			KDF1_SHA1);
//	BN_print(out, bbuf);
//	BIO_puts(out,"\n");
#ifdef NOISY
	BIO_puts(out,"  key2 =");
	for (i=0; i<bout; i++)
	{
		sprintf(buf,"%02X",bbuf[i]);
		BIO_puts(out,buf);
	}
	BIO_puts(out,"\n");
#else
	BIO_printf(out, ".");
	BIO_flush(out);
#endif

	if ((aout < 4) || (bout != aout) || (memcmp(abuf, bbuf, aout) != 0)) {
#ifndef NOISY
		BIO_printf(out, " failed\n\n");
		BIO_printf(out, "key a:\n");
		BIO_printf(out, "private key: ");
		BN_print(out, EC_KEY_get0_private_key(a));
		BIO_printf(out, "\n");
		BIO_printf(out, "public key (x,y): ");
		BN_print(out, x_a);
		BIO_printf(out, ",");
		BN_print(out, y_a);
		BIO_printf(out, "\nkey b:\n");
		BIO_printf(out, "private key: ");
		BN_print(out, EC_KEY_get0_private_key(b));
		BIO_printf(out, "\n");
		BIO_printf(out, "public key (x,y): ");
		BN_print(out, x_b);
		BIO_printf(out, ",");
		BN_print(out, y_b);
		BIO_printf(out, "\n");
		BIO_printf(out, "generated key a: ");
		for (i = 0; i < bout; i++) {
			sprintf(buf, "%02X", bbuf[i]);
			BIO_puts(out, buf);
		}
		BIO_printf(out, "\n");
		BIO_printf(out, "generated key b: ");
		for (i = 0; i < aout; i++) {
			sprintf(buf, "%02X", abuf[i]);
			BIO_puts(out, buf);
		}
		BIO_printf(out, "\n");
#endif
		fprintf(stderr, "Error in ECDH routines\n");
		ret = 0;
	} else {
#ifndef NOISY
		BIO_printf(out, " ok\n");
#endif
		ret = 1;
	}
	err: ERR_print_errors_fp(stderr);

	if (abuf != NULL)
		OPENSSL_free(abuf);
	if (bbuf != NULL)
		OPENSSL_free(bbuf);
	if (x_a)
		BN_free(x_a);
	if (y_a)
		BN_free(y_a);
	if (x_b)
		BN_free(x_b);
	if (y_b)
		BN_free(y_b);
	if (b)
		EC_KEY_free(b);
	if (a)
		EC_KEY_free(a);
	return (ret);
}
int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
	     int saltlen, int id, int iter, int n, unsigned char *out,
	     const EVP_MD *md_type)
{
	unsigned char *B, *D, *I, *p, *Ai;
	int Slen, Plen, Ilen, Ijlen;
	int i, j, u, v;
	BIGNUM *Ij, *Bpl1;	/* These hold Ij and B + 1 */
	EVP_MD_CTX ctx;
#ifdef  DEBUG_KEYGEN
	unsigned char *tmpout = out;
	int tmpn = n;
#endif

#if 0
	if (!pass) {
		PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
#endif

	EVP_MD_CTX_init(&ctx);
#ifdef  DEBUG_KEYGEN
	TINYCLR_SSL_FPRINTF(OPENSSL_TYPE__FILE_STDERR, "KEYGEN DEBUG\n");
	TINYCLR_SSL_FPRINTF(OPENSSL_TYPE__FILE_STDERR, "ID %d, ITER %d\n", id, iter);
	TINYCLR_SSL_FPRINTF(OPENSSL_TYPE__FILE_STDERR, "Password (length %d):\n", passlen);
	h__dump(pass, passlen);
	TINYCLR_SSL_FPRINTF(OPENSSL_TYPE__FILE_STDERR, "Salt (length %d):\n", saltlen);
	h__dump(salt, saltlen);
#endif
	v = EVP_MD_block_size (md_type);
	u = EVP_MD_size (md_type);
	if (u < 0)
	    return 0;
	D = (unsigned char*)OPENSSL_malloc (v);
	Ai = (unsigned char*)OPENSSL_malloc (u);
	B = (unsigned char*)OPENSSL_malloc (v + 1);
	Slen = v * ((saltlen+v-1)/v);
	if(passlen) Plen = v * ((passlen+v-1)/v);
	else Plen = 0;
	Ilen = Slen + Plen;
	I = (unsigned char*)OPENSSL_malloc (Ilen);
	Ij = BN_new();
	Bpl1 = BN_new();
	if (!D || !Ai || !B || !I || !Ij || !Bpl1) {
		PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_MALLOC_FAILURE);
		return 0;
	}
	for (i = 0; i < v; i++) D[i] = id;
	p = I;
	for (i = 0; i < Slen; i++) *p++ = salt[i % saltlen];
	for (i = 0; i < Plen; i++) *p++ = pass[i % passlen];
	for (;;) {
		EVP_DigestInit_ex(&ctx, md_type, NULL);
		EVP_DigestUpdate(&ctx, D, v);
		EVP_DigestUpdate(&ctx, I, Ilen);
		EVP_DigestFinal_ex(&ctx, Ai, NULL);
		for (j = 1; j < iter; j++) {
			EVP_DigestInit_ex(&ctx, md_type, NULL);
			EVP_DigestUpdate(&ctx, Ai, u);
			EVP_DigestFinal_ex(&ctx, Ai, NULL);
		}
		TINYCLR_SSL_MEMCPY (out, Ai, min (n, u));
		if (u >= n) {
			OPENSSL_free (Ai);
			OPENSSL_free (B);
			OPENSSL_free (D);
			OPENSSL_free (I);
			BN_free (Ij);
			BN_free (Bpl1);
			EVP_MD_CTX_cleanup(&ctx);
#ifdef DEBUG_KEYGEN
			TINYCLR_SSL_FPRINTF(OPENSSL_TYPE__FILE_STDERR, "Output KEY (length %d)\n", tmpn);
			h__dump(tmpout, tmpn);
#endif
			return 1;	
		}
		n -= u;
		out += u;
		for (j = 0; j < v; j++) B[j] = Ai[j % u];
		/* Work out B + 1 first then can use B as tmp space */
		BN_bin2bn (B, v, Bpl1);
		BN_add_word (Bpl1, 1);
		for (j = 0; j < Ilen ; j+=v) {
			BN_bin2bn (I + j, v, Ij);
			BN_add (Ij, Ij, Bpl1);
			BN_bn2bin (Ij, B);
			Ijlen = BN_num_bytes (Ij);
			/* If more than 2^(v*8) - 1 cut off MSB */
			if (Ijlen > v) {
				BN_bn2bin (Ij, B);
				TINYCLR_SSL_MEMCPY (I + j, B + 1, v);
#ifndef PKCS12_BROKEN_KEYGEN
			/* If less than v bytes pad with zeroes */
			} else if (Ijlen < v) {
				TINYCLR_SSL_MEMSET(I + j, 0, v - Ijlen);
				BN_bn2bin(Ij, I + j + v - Ijlen); 
#endif
			} else BN_bn2bin (Ij, I + j);
		}
	}
}
示例#25
0
int GOST_KEY_check_key(const GOST_KEY *key)
{
    int ok = 0;
    BN_CTX *ctx = NULL;
    BIGNUM *order = NULL;
    EC_POINT *point = NULL;

    if (!key || !key->group || !key->pub_key) {
        GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER);
        return 0;
    }
    if (EC_POINT_is_at_infinity(key->group, key->pub_key)) {
        GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_POINT_AT_INFINITY);
        goto err;
    }
    if ((ctx = BN_CTX_new()) == NULL)
        goto err;
    if ((point = EC_POINT_new(key->group)) == NULL)
        goto err;

    /* testing whether the pub_key is on the elliptic curve */
    if (EC_POINT_is_on_curve(key->group, key->pub_key, ctx) <= 0) {
        GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE);
        goto err;
    }
    /* testing whether pub_key * order is the point at infinity */
    if ((order = BN_new()) == NULL)
        goto err;
    if (!EC_GROUP_get_order(key->group, order, ctx)) {
        GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_INVALID_GROUP_ORDER);
        goto err;
    }
    if (!EC_POINT_mul(key->group, point, NULL, key->pub_key, order, ctx)) {
        GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, ERR_R_EC_LIB);
        goto err;
    }
    if (!EC_POINT_is_at_infinity(key->group, point)) {
        GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_WRONG_ORDER);
        goto err;
    }
    /*
     * in case the priv_key is present : check if generator * priv_key ==
     * pub_key
     */
    if (key->priv_key) {
        if (BN_cmp(key->priv_key, order) >= 0) {
            GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_WRONG_ORDER);
            goto err;
        }
        if (!EC_POINT_mul(key->group, point, key->priv_key, NULL, NULL, ctx)) {
            GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, ERR_R_EC_LIB);
            goto err;
        }
        if (EC_POINT_cmp(key->group, point, key->pub_key, ctx) != 0) {
            GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_INVALID_PRIVATE_KEY);
            goto err;
        }
    }
    ok = 1;
err:
    BN_free(order);
    BN_CTX_free(ctx);
    EC_POINT_free(point);
    return (ok);
}
示例#26
0
static int do_EC_KEY_print(BIO *bp, const EC_KEY *x, int off, int ktype)
	{
	unsigned char *buffer=NULL;
	const char *ecstr;
	size_t	buf_len=0, i;
	int     ret=0, reason=ERR_R_BIO_LIB;
	BIGNUM  *pub_key=NULL, *order=NULL;
	BN_CTX  *ctx=NULL;
	const EC_GROUP *group;
	const EC_POINT *public_key;
	const BIGNUM *priv_key;
 
	if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL)
		{
		reason = ERR_R_PASSED_NULL_PARAMETER;
		goto err;
		}

	ctx = BN_CTX_new();
	if (ctx == NULL)
		{
		reason = ERR_R_MALLOC_FAILURE;
		goto err;
		}

	if (ktype > 0)
		{
		public_key = EC_KEY_get0_public_key(x);
		if ((pub_key = EC_POINT_point2bn(group, public_key,
			EC_KEY_get_conv_form(x), NULL, ctx)) == NULL)
			{
			reason = ERR_R_EC_LIB;
			goto err;
			}
		if (pub_key)
			buf_len = (size_t)BN_num_bytes(pub_key);
		}

	if (ktype == 2)
		{
		priv_key = EC_KEY_get0_private_key(x);
		if (priv_key && (i = (size_t)BN_num_bytes(priv_key)) > buf_len)
			buf_len = i;
		}
	else
		priv_key = NULL;

	if (ktype > 0)
		{
		buf_len += 10;
		if ((buffer = OPENSSL_malloc(buf_len)) == NULL)
			{
			reason = ERR_R_MALLOC_FAILURE;
			goto err;
			}
		}
	if (ktype == 2)
		ecstr = "Private-Key";
	else if (ktype == 1)
		ecstr = "Public-Key";
	else
		ecstr = "ECDSA-Parameters";

	if (!BIO_indent(bp, off, 128))
		goto err;
	if ((order = BN_new()) == NULL)
		goto err;
	if (!EC_GROUP_get_order(group, order, NULL))
		goto err;
	if (BIO_printf(bp, "%s: (%d bit)\n", ecstr,
		BN_num_bits(order)) <= 0) goto err;
  
	if ((priv_key != NULL) && !ASN1_bn_print(bp, "priv:", priv_key, 
		buffer, off))
		goto err;
	if ((pub_key != NULL) && !ASN1_bn_print(bp, "pub: ", pub_key,
		buffer, off))
		goto err;
	if (!ECPKParameters_print(bp, group, off))
		goto err;
	ret=1;
err:
	if (!ret)
 		ECerr(EC_F_DO_EC_KEY_PRINT, reason);
	if (pub_key) 
		BN_free(pub_key);
	if (order)
		BN_free(order);
	if (ctx)
		BN_CTX_free(ctx);
	if (buffer != NULL)
		OPENSSL_free(buffer);
	return(ret);
	}
示例#27
0
int ssl_test_exp(int argc, char *argv[])
	{
	BN_CTX *ctx;
	BIO *out=NULL;
	int i,ret;
	unsigned char c;
	BIGNUM *r_mont,*r_mont_const,*r_recp,*r_simple,*a,*b,*m;

	RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we don't
	                                       * even check its return value
	                                       * (which we should) */

	ERR_load_BN_strings();

	ctx=BN_CTX_new();
	if (ctx == NULL) return(1);
	r_mont=BN_new();
	r_mont_const=BN_new();
	r_recp=BN_new();
	r_simple=BN_new();
	a=BN_new();
	b=BN_new();
	m=BN_new();
	if (	(r_mont == NULL) || (r_recp == NULL) ||
		(a == NULL) || (b == NULL))
		goto err;

#ifndef OPENSSL_SYS_WINDOWS
	out = BIO_new(BIO_s_mem());
	if (out == NULL) return(1);
	
#else
	out=BIO_new(BIO_s_file());

	if (out == NULL) return(1);
	BIO_set_fp(out,OPENSSL_TYPE__FILE_STDOUT,BIO_NOCLOSE);
#endif

	for (i=0; i<200; i++)
		{
		RAND_bytes(&c,1);
		c=(c%BN_BITS)-BN_BITS2;
		BN_rand(a,NUM_BITS+c,0,0);

		RAND_bytes(&c,1);
		c=(c%BN_BITS)-BN_BITS2;
		BN_rand(b,NUM_BITS+c,0,0);

		RAND_bytes(&c,1);
		c=(c%BN_BITS)-BN_BITS2;
		BN_rand(m,NUM_BITS+c,0,1);

		BN_mod(a,a,m,ctx);
		BN_mod(b,b,m,ctx);

		ret=BN_mod_exp_mont(r_mont,a,b,m,ctx,NULL);
		if (ret <= 0)
			{
			TINYCLR_SSL_PRINTF("BN_mod_exp_mont() problems\n");
			ERR_print_errors(out);
			return(1);
			}

		ret=BN_mod_exp_recp(r_recp,a,b,m,ctx);
		if (ret <= 0)
			{
			TINYCLR_SSL_PRINTF("BN_mod_exp_recp() problems\n");
			ERR_print_errors(out);
			return(1);
			}

		ret=BN_mod_exp_simple(r_simple,a,b,m,ctx);
		if (ret <= 0)
			{
			TINYCLR_SSL_PRINTF("BN_mod_exp_simple() problems\n");
			ERR_print_errors(out);
			return(1);
			}

		ret=BN_mod_exp_mont_consttime(r_mont_const,a,b,m,ctx,NULL);
		if (ret <= 0)
			{
			TINYCLR_SSL_PRINTF("BN_mod_exp_mont_consttime() problems\n");
			ERR_print_errors(out);
			return(1);
			}

		if (BN_cmp(r_simple, r_mont) == 0
		    && BN_cmp(r_simple,r_recp) == 0
			&& BN_cmp(r_simple,r_mont_const) == 0)
			{
			TINYCLR_SSL_PRINTF(".");
			}
		else
		  	{
			if (BN_cmp(r_simple,r_mont) != 0)
				TINYCLR_SSL_PRINTF("\nsimple and mont results differ\n");
			if (BN_cmp(r_simple,r_mont_const) != 0)
				TINYCLR_SSL_PRINTF("\nsimple and mont const time results differ\n");
			if (BN_cmp(r_simple,r_recp) != 0)
				TINYCLR_SSL_PRINTF("\nsimple and recp results differ\n");

			TINYCLR_SSL_PRINTF("a (%3d) = ",BN_num_bits(a));   BN_print(out,a);
			TINYCLR_SSL_PRINTF("\nb (%3d) = ",BN_num_bits(b)); BN_print(out,b);
			TINYCLR_SSL_PRINTF("\nm (%3d) = ",BN_num_bits(m)); BN_print(out,m);
			TINYCLR_SSL_PRINTF("\nsimple   =");	BN_print(out,r_simple);
			TINYCLR_SSL_PRINTF("\nrecp     =");	BN_print(out,r_recp);
			TINYCLR_SSL_PRINTF("\nmont     ="); BN_print(out,r_mont);
			TINYCLR_SSL_PRINTF("\nmont_ct  ="); BN_print(out,r_mont_const);
			TINYCLR_SSL_PRINTF("\n");
			return(1);
			}
		}
	BN_free(r_mont);
	BN_free(r_mont_const);
	BN_free(r_recp);
	BN_free(r_simple);
	BN_free(a);
	BN_free(b);
	BN_free(m);
	BN_CTX_free(ctx);
	ERR_remove_thread_state(NULL);
	CRYPTO_mem_leaks(out);
	BIO_free(out);
	TINYCLR_SSL_PRINTF(" done\n");
	return(0);
err:
	ERR_load_crypto_strings();
	ERR_print_errors(out);
#ifdef OPENSSL_SYS_NETWARE
    TINYCLR_SSL_PRINTF("ERROR\n");
#endif
	return(1);
	}
示例#28
0
void Decode_RSA(unsigned char *encData, int fd ,char *getData)
{
	RSA *r;
	BIGNUM *bne,*bnn,*bnd;
	int bits = 1024, ret, len, flen, padding, i;
	unsigned char *key, *p;
	BIO *b;
	/*unsigned char *encData;*/
	unsigned char *decData,*tmpData;//加密后的数据/解密后的数据/临时指针
       /* Key data */
	unsigned long e = 75011;  

	/* 构建RSA数据结构   */
	bne = BN_new();  
	bnd = BN_new();  
	bnn = BN_new();  
	ret = BN_set_word(bne, e);  
	BN_hex2bn(&bnd, PRIVATE);  
	BN_hex2bn(&bnn, MODULUS);  

	r = RSA_new();  
	r->e=bne;  
	r->d=bnd;  
	r->n=bnn;
	/* output key */
	/*RSA_print_fp(stdout, r, 5);*/

	flen =  RSA_size(r);// - 11;   
	/*encData =  (unsigned char *)malloc(flen);  */
	/*bzero(encData, flen);//memset(encData, 0, flen);   */

	//JCG("Begin RSA_private_decrypt \n");  
	if(ret < 0){
		JCG("Encrypt failed!\n");  
		return;  
	}  

#if 0
	tmpData=encData;
	for  (i=0; i<ret; i++)
	{
		JDG("0x%02x, ", *tmpData);
		if(i%16 == 7)
			JDG("\t");
		else if(i%16 == 15)
			JDG("\n");
		tmpData++;  
	}
	JDG("\n");
#endif


	flen =  RSA_size(r);// - 11;   
	decData =  (unsigned char *)malloc(flen);  
	bzero(decData, flen);//memset(encData, 0, flen);   

	ret =  RSA_public_decrypt(flen, encData, decData, r,  RSA_NO_PADDING);  
	if(ret < 0){  
		JCG("RSA_public_decrypt failed!");  
		return;
	}  

	sprintf(getData,"%s",decData);
	free(decData);  
	RSA_free(r);  

}  
示例#29
0
int
__ops_elgamal_private_decrypt(uint8_t *out,
				const uint8_t *g_to_k,
				const uint8_t *in,
				size_t length,
				const __ops_elgamal_seckey_t *seckey,
				const __ops_elgamal_pubkey_t *pubkey)
{
	BIGNUM	*bndiv;
	BIGNUM	*c1x;
	BN_CTX	*tmp;
	BIGNUM	*c1;
	BIGNUM	*c2;
	BIGNUM	*p;
	BIGNUM	*x;
	BIGNUM	*m;
	int	 ret;

	ret = 0;
	/* c1 and c2 are in g_to_k and in, respectively*/
	c1 = BN_bin2bn(g_to_k, (int)length, NULL);
	c2 = BN_bin2bn(in, (int)length, NULL);
	/* other bits */
	p = pubkey->p;
	x = seckey->x;
	c1x = BN_new();
	bndiv = BN_new();
	m = BN_new();
	tmp = BN_CTX_new();
	if (!c1 || !c2 || !p || !x || !c1x || !bndiv || !m || !tmp) {
		goto done;
	}
	/*
	 * m = c2 / (c1^x)
	 */
	if (!BN_mod_exp(c1x, c1, x, p, tmp)) {
		goto done;
	}
	if (!BN_mod_inverse(bndiv, c1x, p, tmp)) {
		goto done;
	}
	if (!BN_mod_mul(m, c2, bndiv, p, tmp)) {
		goto done;
	}
	/* result */
	ret = BN_bn2bin(m, out);
done:
	if (tmp) {
		BN_CTX_free(tmp);
	}
	if (m) {
		BN_clear_free(m);
	}
	if (bndiv) {
		BN_clear_free(bndiv);
	}
	if (c1x) {
		BN_clear_free(c1x);
	}
	if (x) {
		BN_clear_free(x);
	}
	if (p) {
		BN_clear_free(p);
	}
	if (c1) {
		BN_clear_free(c1);
	}
	if (c2) {
		BN_clear_free(c2);
	}
	return ret;
}
示例#30
0
文件: ssh-dss.c 项目: lbdroid/openssh
int
ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen,
    const u_char *data, u_int datalen)
{
	DSA_SIG *sig;
	const EVP_MD *evp_md = EVP_sha1();
	EVP_MD_CTX md;
	u_char digest[EVP_MAX_MD_SIZE], *sigblob;
	u_int len, dlen;
	int rlen, ret;
	Buffer b;

	if (key == NULL || key->dsa == NULL || (key->type != KEY_DSA &&
	    key->type != KEY_DSA_CERT && key->type != KEY_DSA_CERT_V00)) {
		error("ssh_dss_verify: no DSA key");
		return -1;
	}

	/* fetch signature */
	if (datafellows & SSH_BUG_SIGBLOB) {
		sigblob = xmalloc(signaturelen);
		memcpy(sigblob, signature, signaturelen);
		len = signaturelen;
	} else {
		/* ietf-drafts */
		char *ktype;
		buffer_init(&b);
		buffer_append(&b, signature, signaturelen);
		ktype = buffer_get_cstring(&b, NULL);
		if (strcmp("ssh-dss", ktype) != 0) {
			error("ssh_dss_verify: cannot handle type %s", ktype);
			buffer_free(&b);
			free(ktype);
			return -1;
		}
		free(ktype);
		sigblob = buffer_get_string(&b, &len);
		rlen = buffer_len(&b);
		buffer_free(&b);
		if (rlen != 0) {
			error("ssh_dss_verify: "
			    "remaining bytes in signature %d", rlen);
			free(sigblob);
			return -1;
		}
	}

	if (len != SIGBLOB_LEN) {
		fatal("bad sigbloblen %u != SIGBLOB_LEN", len);
	}

	/* parse signature */
	if ((sig = DSA_SIG_new()) == NULL)
		fatal("ssh_dss_verify: DSA_SIG_new failed");
	if ((sig->r = BN_new()) == NULL)
		fatal("ssh_dss_verify: BN_new failed");
	if ((sig->s = BN_new()) == NULL)
		fatal("ssh_dss_verify: BN_new failed");
	if ((BN_bin2bn(sigblob, INTBLOB_LEN, sig->r) == NULL) ||
	    (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s) == NULL))
		fatal("ssh_dss_verify: BN_bin2bn failed");

	/* clean up */
	memset(sigblob, 0, len);
	free(sigblob);

	/* sha1 the data */
	EVP_DigestInit(&md, evp_md);
	EVP_DigestUpdate(&md, data, datalen);
	EVP_DigestFinal(&md, digest, &dlen);

	ret = DSA_do_verify(digest, dlen, sig, key->dsa);
	memset(digest, 'd', sizeof(digest));

	DSA_SIG_free(sig);

	debug("ssh_dss_verify: signature %s",
	    ret == 1 ? "correct" : ret == 0 ? "incorrect" : "error");
	return ret;
}