本文整理汇总了C++中EC_POINT_clear_free函数的典型用法代码示例。如果您正苦于以下问题:C++ EC_POINT_clear_free函数的具体用法?C++ EC_POINT_clear_free怎么用?C++ EC_POINT_clear_free使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了EC_POINT_clear_free函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的C++代码示例。
示例1: eap_pwd_reset
static void eap_pwd_reset(struct eap_sm *sm, void *priv)
{
struct eap_pwd_data *data = priv;
BN_clear_free(data->private_value);
BN_clear_free(data->peer_scalar);
BN_clear_free(data->my_scalar);
BN_clear_free(data->k);
BN_CTX_free(data->bnctx);
EC_POINT_clear_free(data->my_element);
EC_POINT_clear_free(data->peer_element);
bin_clear_free(data->id_peer, data->id_peer_len);
bin_clear_free(data->id_server, data->id_server_len);
bin_clear_free(data->password, data->password_len);
if (data->grp) {
EC_GROUP_free(data->grp->group);
EC_POINT_clear_free(data->grp->pwe);
BN_clear_free(data->grp->order);
BN_clear_free(data->grp->prime);
os_free(data->grp);
}
wpabuf_free(data->inbuf);
wpabuf_free(data->outbuf);
bin_clear_free(data, sizeof(*data));
}
开发者ID:earlchew,项目名称:hostap,代码行数:25,代码来源:eap_server_pwd.c
示例2: MKEM_decode_message
int
MKEM_decode_message(const MKEM *kp, uint8_t *secret, const uint8_t *message)
{
int use_curve0 = !(message[0] & kp->params->curve_bit);
const EC_GROUP *ca = use_curve0 ? kp->params->c0 : kp->params->c1;
const BIGNUM *sa = use_curve0 ? kp->s0 : kp->s1;
EC_POINT *q = 0, *r = 0;
uint8_t *unpadded = 0;
BIGNUM x, y;
size_t mlen = kp->params->msgsize;
int rv;
if (!kp->s0 || !kp->s1) /* secret key not available */
return -1;
BN_init(&x);
BN_init(&y);
FAILZ(q = EC_POINT_new(ca));
FAILZ(r = EC_POINT_new(ca));
FAILZ(unpadded = malloc(mlen + 1));
/* Copy the message, erase the padding bits, and put an 0x02 byte on
the front so we can use EC_POINT_oct2point to recover the
y-coordinate. */
unpadded[0] = 0x02;
unpadded[1] = (message[0] & ~(kp->params->pad_mask|kp->params->curve_bit));
memcpy(&unpadded[2], &message[1], mlen - 1);
FAILZ(EC_POINT_oct2point(ca, q, unpadded, mlen + 1,
kp->params->ctx));
FAILZ(EC_POINT_mul(ca, r, 0, q, sa, kp->params->ctx));
FAILZ(EC_POINT_get_affine_coordinates_GF2m(ca, q, &x, &y, kp->params->ctx));
if (bn2bin_padhi(&x, secret, mlen) != mlen)
goto fail;
FAILZ(EC_POINT_get_affine_coordinates_GF2m(ca, r, &x, &y, kp->params->ctx));
if (bn2bin_padhi(&x, secret + mlen, mlen) != mlen)
goto fail;
rv = 0;
done:
if (unpadded) {
memset(unpadded, 0, mlen + 1);
free(unpadded);
}
if (q) EC_POINT_clear_free(q);
if (r) EC_POINT_clear_free(r);
BN_clear(&x);
BN_clear(&y);
return rv;
fail:
rv = -1;
memset(secret, 0, mlen * 2);
goto done;
}
开发者ID:zackw,项目名称:moeller-ref,代码行数:57,代码来源:mref-o.c
示例3: MKEM_teardown
void
MKEM_teardown(MKEM *kp)
{
/* s0 and s1 are secret. p0 and p1 are not secret, but clear them
anyway. */
if (kp->s0) BN_clear_free((BIGNUM *)kp->s0);
if (kp->s1) BN_clear_free((BIGNUM *)kp->s1);
if (kp->p0) EC_POINT_clear_free((EC_POINT *)kp->p0);
if (kp->p1) EC_POINT_clear_free((EC_POINT *)kp->p1);
memset(kp, 0, sizeof(MKEM));
}
开发者ID:zackw,项目名称:moeller-ref,代码行数:13,代码来源:mref-o.c
示例4: _free_pwd_session
static int _free_pwd_session (pwd_session_t *session)
{
BN_clear_free(session->private_value);
BN_clear_free(session->peer_scalar);
BN_clear_free(session->my_scalar);
BN_clear_free(session->k);
EC_POINT_clear_free(session->my_element);
EC_POINT_clear_free(session->peer_element);
EC_GROUP_free(session->group);
EC_POINT_clear_free(session->pwe);
BN_clear_free(session->order);
BN_clear_free(session->prime);
return 0;
}
开发者ID:janetuk,项目名称:freeradius,代码行数:15,代码来源:rlm_eap_pwd.c
示例5: ec_pre_comp_clear_free
static void ec_pre_comp_clear_free(void *pre_)
{
int i;
EC_PRE_COMP *pre = pre_;
if (!pre)
return;
CRYPTO_atomic_add(&pre->references, -1, &i, pre->lock);
if (i > 0)
return;
CRYPTO_thread_cleanup(pre->lock);
if (pre->points) {
EC_POINT **p;
for (p = pre->points; *p != NULL; p++) {
EC_POINT_clear_free(*p);
vigortls_zeroize(p, sizeof *p);
}
free(pre->points);
}
vigortls_zeroize(pre, sizeof *pre);
free(pre);
}
开发者ID:vigortls,项目名称:vigortls,代码行数:25,代码来源:ec_mult.c
示例6: EC_GROUP_clear_free
void EC_GROUP_clear_free(EC_GROUP *group)
{
if (!group) return;
if (group->meth->group_clear_finish != 0)
group->meth->group_clear_finish(group);
else if (group->meth->group_finish != 0)
group->meth->group_finish(group);
EC_EX_DATA_clear_free_all_data(&group->extra_data);
if (group->generator != NULL)
EC_POINT_clear_free(group->generator);
BN_clear_free(&group->order);
BN_clear_free(&group->cofactor);
if (group->seed)
{
OPENSSL_cleanse(group->seed, group->seed_len);
OPENSSL_free(group->seed);
}
OPENSSL_cleanse(group, sizeof *group);
OPENSSL_free(group);
}
开发者ID:LucidOne,项目名称:Rovio,代码行数:25,代码来源:ec_lib.c
示例7: ms_deleteParameterSets
/***************************************************************************//**
* Delete all Mikey Sakke parameter set data.
******************************************************************************/
void ms_deleteParameterSets() {
int c = 0;
for (c = 0; c < MAX_ES_PARAMETER_SETS; c++) {
if (NULL != ms_parameter_sets[c].p) {
BN_clear_free(ms_parameter_sets[c].p);
}
if (NULL != ms_parameter_sets[c].q) {
BN_clear_free(ms_parameter_sets[c].q);
}
if (NULL != ms_parameter_sets[c].Px) {
BN_clear_free(ms_parameter_sets[c].Px);
}
if (NULL != ms_parameter_sets[c].Py) {
BN_clear_free(ms_parameter_sets[c].Py);
}
if (NULL != ms_parameter_sets[c].g) {
BN_clear_free(ms_parameter_sets[c].g);
}
if (NULL != ms_parameter_sets[c].E) {
EC_GROUP_clear_free(ms_parameter_sets[c].E);
}
if (NULL != ms_parameter_sets[c].P) {
EC_POINT_clear_free(ms_parameter_sets[c].P);
}
memset(&ms_parameter_sets[c], 0, sizeof(struct msParameterSet_t));
}
ms_parameter_sets_initialised = ES_FALSE;
} /* ms_deleteParameterSets */
开发者ID:jim-b,项目名称:ECCSI-SAKKE,代码行数:33,代码来源:mikeySakkeParameters.c
示例8: EC_POINT_bn2point
EC_POINT *
EC_POINT_bn2point(const EC_GROUP * group,
const BIGNUM * bn, EC_POINT * point, BN_CTX * ctx)
{
size_t buf_len = 0;
unsigned char *buf;
EC_POINT *ret;
if ((buf_len = BN_num_bytes(bn)) == 0)
return NULL;
buf = malloc(buf_len);
if (buf == NULL)
return NULL;
if (!BN_bn2bin(bn, buf)) {
free(buf);
return NULL;
}
if (point == NULL) {
if ((ret = EC_POINT_new(group)) == NULL) {
free(buf);
return NULL;
}
} else
ret = point;
if (!EC_POINT_oct2point(group, ret, buf, buf_len, ctx)) {
if (point == NULL)
EC_POINT_clear_free(ret);
free(buf);
return NULL;
}
free(buf);
return ret;
}
开发者ID:Basskrapfen,项目名称:openbsd,代码行数:35,代码来源:ec_print.c
示例9: ec_pre_comp_clear_free
static void ec_pre_comp_clear_free(void *pre_)
{
int i;
EC_PRE_COMP *pre = pre_;
if (!pre)
return;
i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP);
if (i > 0)
return;
if (pre->points)
{
EC_POINT **p;
for (p = pre->points; *p != NULL; p++)
{
EC_POINT_clear_free(*p);
OPENSSL_cleanse(p, sizeof *p);
}
OPENSSL_free(pre->points);
}
OPENSSL_cleanse(pre, sizeof *pre);
OPENSSL_free(pre);
}
开发者ID:YesWant,项目名称:HX123S,代码行数:26,代码来源:ec_mult.c
示例10: MKEM_init_pk_vec
int
MKEM_init_pk_vec(MKEM *kp,
const MKEMParams *params,
const uint8_t *p0, size_t p0l,
const uint8_t *p1, size_t p1l)
{
EC_POINT *pp0 = EC_POINT_new(params->c0);
EC_POINT *pp1 = EC_POINT_new(params->c1);
FAILZ(pp0); FAILZ(pp1);
FAILZ(EC_POINT_oct2point(params->c0, pp0, p0, p0l, params->ctx));
FAILZ(EC_POINT_oct2point(params->c1, pp1, p1, p1l, params->ctx));
return MKEM_init_pk_point(kp, params, pp0, pp1);
fail:
if (pp0) EC_POINT_clear_free(pp0);
if (pp1) EC_POINT_clear_free(pp1);
return -1;
}
开发者ID:zackw,项目名称:moeller-ref,代码行数:20,代码来源:mref-o.c
示例11: EC_GROUP_clear_free
void EC_GROUP_clear_free(EC_GROUP *group)
{
if (!group)
return;
if (group->meth->group_clear_finish != 0)
group->meth->group_clear_finish(group);
else if (group->meth->group_finish != 0)
group->meth->group_finish(group);
EC_pre_comp_free(group);
BN_MONT_CTX_free(group->mont_data);
EC_POINT_clear_free(group->generator);
BN_clear_free(group->order);
BN_clear_free(group->cofactor);
OPENSSL_clear_free(group->seed, group->seed_len);
OPENSSL_clear_free(group, sizeof(*group));
}
开发者ID:Castaglia,项目名称:openssl,代码行数:18,代码来源:ec_lib.c
示例12: ec_group_copy
int ec_group_copy(EC_GROUP *dest, const EC_GROUP *src) {
if (dest->meth->group_copy == 0) {
OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
if (dest->meth != src->meth) {
OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
if (dest == src) {
return 1;
}
ec_pre_comp_free(dest->pre_comp);
dest->pre_comp = ec_pre_comp_dup(src->pre_comp);
if (src->generator != NULL) {
if (dest->generator == NULL) {
dest->generator = EC_POINT_new(dest);
if (dest->generator == NULL) {
return 0;
}
}
if (!EC_POINT_copy(dest->generator, src->generator)) {
return 0;
}
} else {
/* src->generator == NULL */
if (dest->generator != NULL) {
EC_POINT_clear_free(dest->generator);
dest->generator = NULL;
}
}
if (!BN_copy(&dest->order, &src->order) ||
!BN_copy(&dest->cofactor, &src->cofactor)) {
return 0;
}
dest->curve_name = src->curve_name;
return dest->meth->group_copy(dest, src);
}
开发者ID:luocn99,项目名称:tgw-boringssl,代码行数:43,代码来源:ec.c
示例13: EC_GROUP_clear_free
void
EC_GROUP_clear_free(EC_GROUP * group)
{
if (!group)
return;
if (group->meth->group_clear_finish != 0)
group->meth->group_clear_finish(group);
else if (group->meth->group_finish != 0)
group->meth->group_finish(group);
EC_EX_DATA_clear_free_all_data(&group->extra_data);
EC_POINT_clear_free(group->generator);
BN_clear_free(&group->order);
BN_clear_free(&group->cofactor);
if (group->seed) {
explicit_bzero(group->seed, group->seed_len);
free(group->seed);
}
explicit_bzero(group, sizeof *group);
free(group);
}
开发者ID:LucaBongiorni,项目名称:nextgen,代码行数:24,代码来源:ec_lib.c
示例14: input_kex_ecdh_reply
//.........这里部分代码省略.........
if (server_host_key->type != kex->hostkey_type ||
(kex->hostkey_type == KEY_ECDSA &&
server_host_key->ecdsa_nid != kex->hostkey_nid)) {
r = SSH_ERR_KEY_TYPE_MISMATCH;
goto out;
}
if (kex->verify_host_key(server_host_key, ssh) == -1) {
r = SSH_ERR_SIGNATURE_INVALID;
goto out;
}
/* Q_S, server public key */
/* signed H */
if ((server_public = EC_POINT_new(group)) == NULL) {
r = SSH_ERR_ALLOC_FAIL;
goto out;
}
if ((r = sshpkt_get_ec(ssh, server_public, group)) != 0 ||
(r = sshpkt_get_string(ssh, &signature, &slen)) != 0 ||
(r = sshpkt_get_end(ssh)) != 0)
goto out;
#ifdef DEBUG_KEXECDH
fputs("server public key:\n", stderr);
sshkey_dump_ec_point(group, server_public);
#endif
if (sshkey_ec_validate_public(group, server_public) != 0) {
sshpkt_disconnect(ssh, "invalid server public key");
r = SSH_ERR_MESSAGE_INCOMPLETE;
goto out;
}
klen = (EC_GROUP_get_degree(group) + 7) / 8;
if ((kbuf = malloc(klen)) == NULL ||
(shared_secret = BN_new()) == NULL) {
r = SSH_ERR_ALLOC_FAIL;
goto out;
}
if (ECDH_compute_key(kbuf, klen, server_public,
client_key, NULL) != (int)klen ||
BN_bin2bn(kbuf, klen, shared_secret) == NULL) {
r = SSH_ERR_LIBCRYPTO_ERROR;
goto out;
}
#ifdef DEBUG_KEXECDH
dump_digest("shared secret", kbuf, klen);
#endif
/* calc and verify H */
hashlen = sizeof(hash);
if ((r = kex_ecdh_hash(
kex->hash_alg,
group,
kex->client_version_string,
kex->server_version_string,
sshbuf_ptr(kex->my), sshbuf_len(kex->my),
sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),
server_host_key_blob, sbloblen,
EC_KEY_get0_public_key(client_key),
server_public,
shared_secret,
hash, &hashlen)) != 0)
goto out;
if ((r = sshkey_verify(server_host_key, signature, slen, hash,
hashlen, ssh->compat)) != 0)
goto out;
/* save session id */
if (kex->session_id == NULL) {
kex->session_id_len = hashlen;
kex->session_id = malloc(kex->session_id_len);
if (kex->session_id == NULL) {
r = SSH_ERR_ALLOC_FAIL;
goto out;
}
memcpy(kex->session_id, hash, kex->session_id_len);
}
if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0)
r = kex_send_newkeys(ssh);
out:
explicit_bzero(hash, sizeof(hash));
if (kex->ec_client_key) {
EC_KEY_free(kex->ec_client_key);
kex->ec_client_key = NULL;
}
if (server_public)
EC_POINT_clear_free(server_public);
if (kbuf) {
explicit_bzero(kbuf, klen);
free(kbuf);
}
if (shared_secret)
BN_clear_free(shared_secret);
sshkey_free(server_host_key);
free(server_host_key_blob);
free(signature);
return r;
}
开发者ID:randombit,项目名称:hacrypto,代码行数:101,代码来源:kexecdhc.c
示例15: kexecdh_client
void
kexecdh_client(Kex *kex)
{
EC_KEY *client_key;
EC_POINT *server_public;
const EC_GROUP *group;
BIGNUM *shared_secret;
Key *server_host_key;
u_char *server_host_key_blob = NULL, *signature = NULL;
u_char *kbuf, *hash;
u_int klen, slen, sbloblen, hashlen;
if ((client_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL)
fatal("%s: EC_KEY_new_by_curve_name failed", __func__);
if (EC_KEY_generate_key(client_key) != 1)
fatal("%s: EC_KEY_generate_key failed", __func__);
group = EC_KEY_get0_group(client_key);
packet_start(SSH2_MSG_KEX_ECDH_INIT);
packet_put_ecpoint(group, EC_KEY_get0_public_key(client_key));
packet_send();
debug("sending SSH2_MSG_KEX_ECDH_INIT");
#ifdef DEBUG_KEXECDH
fputs("client private key:\n", stderr);
key_dump_ec_key(client_key);
#endif
debug("expecting SSH2_MSG_KEX_ECDH_REPLY");
packet_read_expect(SSH2_MSG_KEX_ECDH_REPLY);
/* hostkey */
server_host_key_blob = packet_get_string(&sbloblen);
server_host_key = key_from_blob(server_host_key_blob, sbloblen);
if (server_host_key == NULL)
fatal("cannot decode server_host_key_blob");
if (server_host_key->type != kex->hostkey_type)
fatal("type mismatch for decoded server_host_key_blob");
if (kex->verify_host_key == NULL)
fatal("cannot verify server_host_key");
if (kex->verify_host_key(server_host_key) == -1)
fatal("server_host_key verification failed");
/* Q_S, server public key */
if ((server_public = EC_POINT_new(group)) == NULL)
fatal("%s: EC_POINT_new failed", __func__);
packet_get_ecpoint(group, server_public);
if (key_ec_validate_public(group, server_public) != 0)
fatal("%s: invalid server public key", __func__);
#ifdef DEBUG_KEXECDH
fputs("server public key:\n", stderr);
key_dump_ec_point(group, server_public);
#endif
/* signed H */
signature = packet_get_string(&slen);
packet_check_eom();
klen = (EC_GROUP_get_degree(group) + 7) / 8;
kbuf = xmalloc(klen);
if (ECDH_compute_key(kbuf, klen, server_public,
client_key, NULL) != (int)klen)
fatal("%s: ECDH_compute_key failed", __func__);
#ifdef DEBUG_KEXECDH
dump_digest("shared secret", kbuf, klen);
#endif
if ((shared_secret = BN_new()) == NULL)
fatal("%s: BN_new failed", __func__);
if (BN_bin2bn(kbuf, klen, shared_secret) == NULL)
fatal("%s: BN_bin2bn failed", __func__);
memset(kbuf, 0, klen);
free(kbuf);
/* calc and verify H */
kex_ecdh_hash(
kex->evp_md,
group,
kex->client_version_string,
kex->server_version_string,
buffer_ptr(&kex->my), buffer_len(&kex->my),
buffer_ptr(&kex->peer), buffer_len(&kex->peer),
server_host_key_blob, sbloblen,
EC_KEY_get0_public_key(client_key),
server_public,
shared_secret,
&hash, &hashlen
);
free(server_host_key_blob);
EC_POINT_clear_free(server_public);
EC_KEY_free(client_key);
if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1)
fatal("key_verify failed for server_host_key");
key_free(server_host_key);
free(signature);
/* save session id */
//.........这里部分代码省略.........
开发者ID:ChaosJohn,项目名称:freebsd,代码行数:101,代码来源:kexecdhc.c
示例16: EC_GROUP_copy
int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src)
{
if (dest->meth->group_copy == 0) {
ECerr(EC_F_EC_GROUP_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
if (dest->meth != src->meth) {
ECerr(EC_F_EC_GROUP_COPY, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
if (dest == src)
return 1;
/* Copy precomputed */
dest->pre_comp_type = src->pre_comp_type;
switch (src->pre_comp_type) {
case PCT_none:
dest->pre_comp.ec = NULL;
break;
case PCT_nistz256:
#ifdef ECP_NISTZ256_ASM
dest->pre_comp.nistz256 = EC_nistz256_pre_comp_dup(src->pre_comp.nistz256);
#endif
break;
#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
case PCT_nistp224:
dest->pre_comp.nistp224 = EC_nistp224_pre_comp_dup(src->pre_comp.nistp224);
break;
case PCT_nistp256:
dest->pre_comp.nistp256 = EC_nistp256_pre_comp_dup(src->pre_comp.nistp256);
break;
case PCT_nistp521:
dest->pre_comp.nistp521 = EC_nistp521_pre_comp_dup(src->pre_comp.nistp521);
break;
#else
case PCT_nistp224:
case PCT_nistp256:
case PCT_nistp521:
break;
#endif
case PCT_ec:
dest->pre_comp.ec = EC_ec_pre_comp_dup(src->pre_comp.ec);
break;
}
if (src->mont_data != NULL) {
if (dest->mont_data == NULL) {
dest->mont_data = BN_MONT_CTX_new();
if (dest->mont_data == NULL)
return 0;
}
if (!BN_MONT_CTX_copy(dest->mont_data, src->mont_data))
return 0;
} else {
/* src->generator == NULL */
BN_MONT_CTX_free(dest->mont_data);
dest->mont_data = NULL;
}
if (src->generator != NULL) {
if (dest->generator == NULL) {
dest->generator = EC_POINT_new(dest);
if (dest->generator == NULL)
return 0;
}
if (!EC_POINT_copy(dest->generator, src->generator))
return 0;
} else {
/* src->generator == NULL */
EC_POINT_clear_free(dest->generator);
dest->generator = NULL;
}
if ((src->meth->flags & EC_FLAGS_CUSTOM_CURVE) == 0) {
if (!BN_copy(dest->order, src->order))
return 0;
if (!BN_copy(dest->cofactor, src->cofactor))
return 0;
}
dest->curve_name = src->curve_name;
dest->asn1_flag = src->asn1_flag;
dest->asn1_form = src->asn1_form;
if (src->seed) {
OPENSSL_free(dest->seed);
dest->seed = OPENSSL_malloc(src->seed_len);
if (dest->seed == NULL)
return 0;
if (!memcpy(dest->seed, src->seed, src->seed_len))
return 0;
dest->seed_len = src->seed_len;
} else {
OPENSSL_free(dest->seed);
dest->seed = NULL;
dest->seed_len = 0;
}
return dest->meth->group_copy(dest, src);
}
开发者ID:Castaglia,项目名称:openssl,代码行数:100,代码来源:ec_lib.c
示例17: compute_password_element
//.........这里部分代码省略.........
eap_pwd_h_update(hash, id_server, id_server_len);
eap_pwd_h_update(hash, password, password_len);
eap_pwd_h_update(hash, &ctr, sizeof(ctr));
eap_pwd_h_final(hash, pwe_digest);
BN_bin2bn(pwe_digest, SHA256_MAC_LEN, rnd);
if (eap_pwd_kdf(pwe_digest, SHA256_MAC_LEN,
(u8 *) "EAP-pwd Hunting And Pecking",
os_strlen("EAP-pwd Hunting And Pecking"),
prfbuf, primebitlen) < 0)
goto fail;
BN_bin2bn(prfbuf, primebytelen, x_candidate);
/*
* eap_pwd_kdf() returns a string of bits 0..primebitlen but
* BN_bin2bn will treat that string of bits as a big endian
* number. If the primebitlen is not an even multiple of 8
* then excessive bits-- those _after_ primebitlen-- so now
* we have to shift right the amount we masked off.
*/
if (primebitlen % 8)
BN_rshift(x_candidate, x_candidate,
(8 - (primebitlen % 8)));
if (BN_ucmp(x_candidate, grp->prime) >= 0)
continue;
wpa_hexdump(MSG_DEBUG, "EAP-pwd: x_candidate",
prfbuf, primebytelen);
/*
* need to unambiguously identify the solution, if there is
* one...
*/
if (BN_is_odd(rnd))
is_odd = 1;
else
is_odd = 0;
/*
* solve the quadratic equation, if it's not solvable then we
* don't have a point
*/
if (!EC_POINT_set_compressed_coordinates_GFp(grp->group,
grp->pwe,
x_candidate,
is_odd, NULL))
continue;
/*
* If there's a solution to the equation then the point must be
* on the curve so why check again explicitly? OpenSSL code
* says this is required by X9.62. We're not X9.62 but it can't
* hurt just to be sure.
*/
if (!EC_POINT_is_on_curve(grp->group, grp->pwe, NULL)) {
wpa_printf(MSG_INFO, "EAP-pwd: point is not on curve");
continue;
}
if (BN_cmp(cofactor, BN_value_one())) {
/* make sure the point is not in a small sub-group */
if (!EC_POINT_mul(grp->group, grp->pwe, NULL, grp->pwe,
cofactor, NULL)) {
wpa_printf(MSG_INFO, "EAP-pwd: cannot "
"multiply generator by order");
continue;
}
if (EC_POINT_is_at_infinity(grp->group, grp->pwe)) {
wpa_printf(MSG_INFO, "EAP-pwd: point is at "
"infinity");
continue;
}
}
/* if we got here then we have a new generator. */
break;
}
wpa_printf(MSG_DEBUG, "EAP-pwd: found a PWE in %d tries", ctr);
grp->group_num = num;
if (0) {
fail:
EC_GROUP_free(grp->group);
grp->group = NULL;
EC_POINT_clear_free(grp->pwe);
grp->pwe = NULL;
BN_clear_free(grp->order);
grp->order = NULL;
BN_clear_free(grp->prime);
grp->prime = NULL;
ret = 1;
}
/* cleanliness and order.... */
BN_clear_free(cofactor);
BN_clear_free(x_candidate);
BN_clear_free(rnd);
os_free(prfbuf);
return ret;
}
开发者ID:XianliangJ,项目名称:Mininet-WiFi,代码行数:101,代码来源:eap_pwd_common.c
示例18: process_peer_commit
//.........这里部分代码省略.........
data_len = BN_num_bytes(session->prime);
/*
* Did the peer send enough data?
*/
if (in_len < (2 * data_len + BN_num_bytes(session->order))) {
REDEBUG("Invalid commit packet");
goto finish;
}
BN_bin2bn(ptr, data_len, x);
ptr += data_len;
BN_bin2bn(ptr, data_len, y);
ptr += data_len;
data_len = BN_num_bytes(session->order);
BN_bin2bn(ptr, data_len, session->peer_scalar);
/* validate received scalar */
if (BN_is_zero(session->peer_scalar) ||
BN_is_one(session->peer_scalar) ||
BN_cmp(session->peer_scalar, session->order) >= 0) {
REDEBUG("Peer's scalar is not within the allowed range");
goto finish;
}
if (!EC_POINT_set_affine_coordinates_GFp(session->group, session->peer_element, x, y, bn_ctx)) {
REDEBUG("Unable to get coordinates of peer's element");
goto finish;
}
/* validate received element */
if (!EC_POINT_is_on_curve(session->group, session->peer_element, bn_ctx) ||
EC_POINT_is_at_infinity(session->group, session->peer_element)) {
REDEBUG("Peer's element is not a point on the elliptic curve");
goto finish;
}
/* check to ensure peer's element is not in a small sub-group */
if (BN_cmp(cofactor, BN_value_one())) {
if (!EC_POINT_mul(session->group, point, NULL, session->peer_element, cofactor, NULL)) {
REDEBUG("Unable to multiply element by co-factor");
goto finish;
}
if (EC_POINT_is_at_infinity(session->group, point)) {
REDEBUG("Peer's element is in small sub-group");
goto finish;
}
}
/* detect reflection attacks */
if (BN_cmp(session->peer_scalar, session->my_scalar) == 0 ||
EC_POINT_cmp(session->group, session->peer_element, session->my_element, bn_ctx) == 0) {
REDEBUG("Reflection attack detected");
goto finish;
}
/* compute the shared key, k */
if ((!EC_POINT_mul(session->group, K, NULL, session->pwe, session->peer_scalar, bn_ctx)) ||
(!EC_POINT_add(session->group, K, K, session->peer_element, bn_ctx)) ||
(!EC_POINT_mul(session->group, K, NULL, K, session->private_value, bn_ctx))) {
REDEBUG("Unable to compute shared key, k");
goto finish;
}
/* ensure that the shared key isn't in a small sub-group */
if (BN_cmp(cofactor, BN_value_one())) {
if (!EC_POINT_mul(session->group, K, NULL, K, cofactor, NULL)) {
REDEBUG("Unable to multiply k by co-factor");
goto finish;
}
}
/*
* This check is strictly speaking just for the case above where
* co-factor > 1 but it was suggested that even though this is probably
* never going to happen it is a simple and safe check "just to be
* sure" so let's be safe.
*/
if (EC_POINT_is_at_infinity(session->group, K)) {
REDEBUG("K is point-at-infinity");
goto finish;
}
if (!EC_POINT_get_affine_coordinates_GFp(session->group, K, session->k, NULL, bn_ctx)) {
REDEBUG("Unable to get shared secret from K");
goto finish;
}
ret = 0;
finish:
EC_POINT_clear_free(K);
EC_POINT_clear_free(point);
BN_clear_free(cofactor);
BN_clear_free(x);
BN_clear_free(y);
return ret;
}
开发者ID:FreeRADIUS,项目名称:freeradius-server,代码行数:101,代码来源:eap_pwd.c
示例19: MKEM_generate_message_u
int
MKEM_generate_message_u(const MKEM *kp, const BIGNUM *uraw, uint8_t pad,
uint8_t *secret, uint8_t *message)
{
BIGNUM u, x, y;
int use_curve0 = (BN_cmp(uraw, kp->params->n0) < 0);
const EC_GROUP *ca;
const EC_POINT *ga;
const EC_POINT *pa;
EC_POINT *q = 0, *r = 0;
size_t mlen = kp->params->msgsize;
int rv;
BN_init(&u);
BN_init(&x);
BN_init(&y);
if (use_curve0) {
ca = kp->params->c0;
ga = kp->params->g0;
pa = kp->p0;
FAILZ(BN_copy(&u, uraw));
} else {
ca = kp->params->c1;
ga = kp->params->g1;
pa = kp->p1;
FAILZ(BN_sub(&u, uraw, kp->params->n0));
FAILZ(BN_add(&u, &u, BN_value_one()));
}
FAILZ(q = EC_POINT_new(ca));
FAILZ(r = EC_POINT_new(ca));
FAILZ(EC_POINT_mul(ca, q, 0, ga, &u, kp->params->ctx));
FAILZ(EC_POINT_mul(ca, r, 0, pa, &u, kp->params->ctx));
FAILZ(EC_POINT_get_affine_coordinates_GF2m(ca, q, &x, &y, kp->params->ctx));
if (bn2bin_padhi(&x, message, mlen) != mlen)
goto fail;
if (message[0] & (kp->params->pad_mask|kp->params->curve_bit)) /* see below */
goto fail;
memcpy(secret, message, mlen);
FAILZ(EC_POINT_get_affine_coordinates_GF2m(ca, r, &x, &y, kp->params->ctx));
if (bn2bin_padhi(&x, secret + mlen, mlen) != mlen)
goto fail;
/* K high bits of the message will be zero. Fill in the high K-1
of them with random bits from the pad, and use the lowest bit
to identify the curve in use. That bit will have a bias on the
order of 2^{-d/2} where d is the bit-degree of the curve; 2^{-81}
for the only curve presently implemented. This is acceptably
small since an elliptic curve of d bits gives only about d/2 bits
of security anyway, and is much better than allowing a timing
attack via the recipient having to attempt point decompression
twice for curve 1 but only once for curve 0 (or, alternatively,
doubling the time required for all decryptions). */
pad &= kp->params->pad_mask;
pad |= (use_curve0 ? 0 : kp->params->curve_bit);
message[0] |= pad;
rv = 0;
done:
BN_clear(&u);
BN_clear(&x);
BN_clear(&y);
if (q) EC_POINT_clear_free(q);
if (r) EC_POINT_clear_free(r);
return rv;
fail:
memset(message, 0, mlen);
memset(secret, 0, mlen * 2);
rv = -1;
goto done;
}
开发者ID:zackw,项目名称:moeller-ref,代码行数:76,代码来源:mref-o.c
示例20: eap_pwd_perform_commit_exchange
//.........这里部分代码省略.........
"is at infinity!\n");
goto fin;
}
}
/* compute the shared key, k */
if ((!EC_POINT_mul(data->grp->group, K, NULL, data->grp->pwe,
data->server_scalar, data->bnctx)) ||
(!EC_POINT_add(data->grp->group, K, K, data->server_element,
data->bnctx)) ||
(!EC_POINT_mul(data->grp->group, K, NULL, K, data->private_value,
data->bnctx))) {
wpa_printf(MSG_INFO, "EAP-PWD (peer): computing shared key "
"fail");
goto fin;
}
/* ensure that the shared key isn't in a small sub-group */
if (BN_cmp(cofactor, BN_value_one())) {
if (!EC_POINT_mul(data->grp->group, K, NULL, K, cofactor,
NULL)) {
wpa_printf(MSG_INFO, "EAP-PWD (peer): cannot multiply "
"shared key point by order");
goto fin;
}
}
/*
* This check is strictly speaking just for the case above where
* co-factor > 1 but it was suggested that even though this is probably
* never going to happen it is a simple and safe check "just to be
* sure" so let's be safe.
*/
if (EC_POINT_is_at_infinity(data->grp->group, K)) {
wpa_printf(MSG_INFO, "EAP-PWD (peer): shared key point is at "
"infinity!\n");
goto fin;
}
if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group, K, data->k,
NULL, data->bnctx)) {
wpa_printf(MSG_INFO, "EAP-PWD (peer): unable to extract "
"shared secret from point");
goto fin;
}
/* now do the response */
if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group,
data->my_element, x, y,
data->bnctx)) {
wpa_printf(MSG_INFO, "EAP-PWD (peer): point assignment fail");
goto fin;
}
if (((scalar = os_malloc(BN_num_bytes(data->grp->order))) == NULL) ||
((element = os_malloc(BN_num_bytes(data->grp->prime) * 2)) ==
NULL)) {
wpa_printf(MSG_INFO, "EAP-PWD (peer): data allocation fail");
goto fin;
}
/*
* bignums occupy as little memory as possible so one that is
* sufficiently smaller than the prime or order might need pre-pending
* with zeros.
*/
os_memset(scalar, 0, BN_num_bytes(data->grp->order));
os_memset(element, 0, BN_num_bytes(data->grp->prime) * 2);
offset = BN_num_bytes(data->grp->order) -
BN_num_bytes(data->my_scalar);
BN_bn2bin(data->my_scalar, scalar + offset);
offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(x);
BN_bn2bin(x, element + offset);
offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(y);
BN_bn2bin(y, element + BN_num_bytes(data->grp->prime) + offset);
data->outbuf = wpabuf_alloc(BN_num_bytes(data->grp->order) +
2 * BN_num_bytes(data->grp->prime));
if (data->outbuf == NULL)
goto fin;
/* we send the element as (x,y) follwed by the scalar */
wpabuf_put_data(data->outbuf, element,
2 * BN_num_bytes(data->grp->prime));
wpabuf_put_data(data->outbuf, scalar, BN_num_bytes(data->grp->order));
fin:
os_free(scalar);
os_free(element);
BN_clear_free(x);
BN_clear_free(y);
BN_clear_free(cofactor);
EC_POINT_clear_free(K);
EC_POINT_clear_free(point);
if (data->outbuf == NULL)
eap_pwd_state(data, FAILURE);
else
eap_pwd_state(data, PWD_Confirm_Req);
}
开发者ID:daddy366,项目名称:anarchy-wpa-supplicant-8,代码行数:101,代码来源:eap_pwd.c
注:本文中的EC_POINT_clear_free函数示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
客服电话
APP下载
官方微信
请发表评论