自学教程：C++ BN_one函数代码示例

/* * test_exp_mod_zero tests that x**0 mod 1 == 0. It returns zero on success. */static int test_exp_mod_zero(){    BIGNUM a, p, m;    BIGNUM r;    BN_CTX *ctx = BN_CTX_new();    int ret = 1;    BN_init(&m);    BN_one(&m);    BN_init(&a);    BN_one(&a);    BN_init(&p);    BN_zero(&p);    BN_init(&r);    BN_mod_exp(&r, &a, &p, &m, ctx);    BN_CTX_free(ctx);    if (BN_is_zero(&r))        ret = 0;    else {        printf("1**0 mod 1 = ");        BN_print_fp(stdout, &r);        printf(", should be 0/n");    }    BN_free(&r);    BN_free(&a);    BN_free(&p);    BN_free(&m);    return ret;}

BIGNUM * Polynomial::GetLagIntCoe(vector<int> *allParties,int index){   	BN_CTX *ctx = BN_CTX_new();   	BIGNUM *up = BN_new();   	BN_one(up);   	BIGNUM *down = BN_new();   	BN_one(down);   	vector<int>::iterator iter;     	for (iter=allParties->begin();iter!= allParties->end();iter++)     	{    	if(*iter == index)        	continue;         	BIGNUM *j   = BN_int2bn(-(*iter));     	BIGNUM *i_j = BN_int2bn(index-(*iter));    	BN_mul(up,up,j,ctx);     	BN_mul(down,down,i_j,ctx);   	}   	BIGNUM * result = BN_new();   	BN_mod_inverse(result,down,p,ctx);   	BN_mod_mul(result,result,up,p,ctx);      	BN_free(up);  	BN_free(down);   	BN_CTX_free(ctx);   	return result;}

void compute_y(BIGNUM *bn_y, BIGNUM *bn_a, BIGNUM *bn_r, BIGNUM *bn_n, BN_CTX *bn_ctx){	BIGNUM *bn_i = NULL;	BIGNUM *bn_1 = NULL;	int num_bits = 0;	int i = 0;	BIGNUM **bn_array = NULL;		num_bits = BN_num_bits(bn_r);	bn_array = (BIGNUM **)malloc(sizeof(BIGNUM*) * num_bits);	computeBNArray(bn_array, bn_a, bn_n, bn_ctx, num_bits);		bn_1 = BN_new();	bn_i = BN_new();	BN_one(bn_1);	BN_zero(bn_i);	BN_one(bn_y);		for(i = 0; i < num_bits; i++){		if(BN_is_bit_set(bn_r, i) == 1){			BN_mod_mul(bn_y, bn_y, bn_array[i], bn_n, bn_ctx);		}	}	BN_free(bn_1);	BN_free(bn_i);}

// Extended Euclidean algorithm, Knuth's Algorithm Xint bnem_xgcd (BIGNUM *rx, BIGNUM *ry, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx){	int result = 0;	// default return value is failure	BIGNUM x, y, lastx, lasty, q, r, t1, t2, wa, wb;	BN_init (&x);	BN_init (&y);	BN_init (&lastx);	BN_init (&lasty);	BN_init (&q);	BN_init (&r);	BN_init (&t1);	BN_init (&t2);	BN_init (&wa);	BN_init (&wb);	if ( ! BN_copy (&wa, a)) goto err;	if ( ! BN_copy (&wb, b)) goto err;	/*	x, lastx = 0, 1	y, lasty = 1, 0	while b:		q, r = divmod (a, b)		a, b = b, r		x, lastx = (lastx - q*x), x		y, lasty = (lasty - q*y), y	return lastx, lasty	*/	BN_one (&lastx);	BN_one (&y);	while ( ! BN_is_zero (&wb)) {		if ( ! BN_div (&q, &r, &wa, &wb, ctx)) goto err;		if ( ! BN_copy (&wa, &wb)) goto err;		if ( ! BN_copy (&wb, &r)) goto err;				if ( ! BN_copy (&t1, &x)) goto err;		if ( ! BN_mul (&t2, &q, &x, ctx)) goto err;		if ( ! BN_sub (&x, &lastx, &t2)) goto err;		if ( ! BN_copy (&lastx, &t1)) goto err;				if ( ! BN_copy (&t1, &y)) goto err;		if ( ! BN_mul (&t2, &q, &y, ctx)) goto err;		if ( ! BN_sub (&y, &lasty, &t2)) goto err;		if ( ! BN_copy (&lasty, &t1)) goto err;	}	if (rx) { if ( ! BN_copy (rx, &lastx)) goto err; }	if (ry) { if ( ! BN_copy (ry, &lasty)) goto err; }	result = 1;	// result is successerr:	BN_clear_free (&x);	BN_clear_free (&y);	BN_clear_free (&lastx);	BN_clear_free (&lasty);	BN_clear_free (&q);	BN_clear_free (&r);	BN_clear_free (&t1);	BN_clear_free (&t2);	BN_clear_free (&wa);	BN_clear_free (&wb);	return result;} // bnem_xgcd

int test_exp(BIO *bp, BN_CTX *ctx)	{	BIGNUM *a,*b,*d,*e,*one;	int i;	a=BN_new();	b=BN_new();	d=BN_new();	e=BN_new();	one=BN_new();	BN_one(one);	for (i=0; i<num2; i++)		{		BN_bntest_rand(a,20+i*5,0,0); /**/		BN_bntest_rand(b,2+i,0,0); /**/		if (!BN_exp(d,a,b,ctx))			return(00);		if (bp != NULL)			{			if (!results)				{				BN_print(bp,a);				BIO_puts(bp," ^ ");				BN_print(bp,b);				BIO_puts(bp," - ");				}			BN_print(bp,d);			BIO_puts(bp,"/n");			}		BN_one(e);		for( ; !BN_is_zero(b) ; BN_sub(b,b,one))		    BN_mul(e,e,a,ctx);		BN_sub(e,e,d);		if(!BN_is_zero(e))		    {		    fprintf(stderr,"Exponentiation test failed!/n");		    return 0;		    }		}	BN_free(a);	BN_free(b);	BN_free(d);	BN_free(e);	BN_free(one);	return(1);	}

/* Forces the given EC_POINT to internally use affine coordinates. */int ec_GF2m_simple_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)	{	BN_CTX *new_ctx = NULL;	BIGNUM *x, *y;	int ret = 0;	if (point->Z_is_one || EC_POINT_is_at_infinity(group, point))		return 1;		if (ctx == NULL)		{		ctx = new_ctx = BN_CTX_new();		if (ctx == NULL)			return 0;		}	BN_CTX_start(ctx);	x = BN_CTX_get(ctx);	y = BN_CTX_get(ctx);	if (y == NULL) goto err;		if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err;	if (!BN_copy(&point->X, x)) goto err;	if (!BN_copy(&point->Y, y)) goto err;	if (!BN_one(&point->Z)) goto err;		ret = 1;		  err:	if (ctx) BN_CTX_end(ctx);	if (new_ctx) BN_CTX_free(new_ctx);	return ret;	}

data_chunk deterministic_wallet::generate_public_key(    size_t n, bool for_change) const{    hash_digest sequence = get_sequence(n, for_change);    ssl_bignum x, y, z;    BN_bin2bn(sequence.data(), sequence.size(), z);    BN_bin2bn(master_public_key_.data(), 32, x);    BN_bin2bn(master_public_key_.data() + 32, 32, y);    // Create a point.    ec_group group(EC_GROUP_new_by_curve_name(NID_secp256k1));    ec_point mpk(EC_POINT_new(group));    bn_ctx ctx(BN_CTX_new());    EC_POINT_set_affine_coordinates_GFp(group, mpk, x, y, ctx);    ec_point result(EC_POINT_new(group));    // result pubkey_point = mpk_pubkey_point + z*curve.generator    ssl_bignum one;    BN_one(one);    EC_POINT_mul(group, result, z, mpk, one, ctx);    // Create the actual public key.    EC_POINT_get_affine_coordinates_GFp(group, result, x, y, ctx);    // 04 + x + y    data_chunk raw_pubkey{0x04};    extend_data(raw_pubkey, bignum_data(x));    extend_data(raw_pubkey, bignum_data(y));    return raw_pubkey;}

CHECK_RETVAL_BOOL /static BOOLEAN selfTestGeneralOps1( void )	{	BIGNUM a;	/* Simple tests that don't need the support of higher-level routines 	   like importBignum() */	BN_init( &a );	if( !BN_zero( &a ) )		return( FALSE );	if( !BN_is_zero( &a ) || BN_is_one( &a ) )		return( FALSE );	if( !BN_is_word( &a, 0 ) || BN_is_word( &a, 1 ) )		return( FALSE );	if( BN_is_odd( &a ) )		return( FALSE );	if( BN_get_word( &a ) != 0 )		return( FALSE );	if( !BN_one( &a ) )		return( FALSE );	if( BN_is_zero( &a ) || !BN_is_one( &a ) )		return( FALSE );	if( BN_is_word( &a, 0 ) || !BN_is_word( &a, 1 ) )		return( FALSE );	if( !BN_is_odd( &a ) )		return( FALSE );	if( BN_num_bytes( &a ) != 1 )		return( FALSE );	if( BN_get_word( &a ) != 1 )		return( FALSE );	BN_clear( &a );	return( TRUE );	}

int BN_solinas2bn(const BN_SOLINAS *solinas, BIGNUM *bn){	int ret = 0;	BIGNUM *tmp = NULL;	if (!solinas || !bn) {		BNerr(BN_F_BN_SOLINAS2BN, ERR_R_MALLOC_FAILURE);		return 0;	}	if (solinas->b <= 0 || solinas->a <= solinas->b		|| (solinas->s != 1 && solinas->s != -1)		|| (solinas->c != 1 && solinas->c != -1)) {		BNerr(BN_F_BN_SOLINAS2BN, BN_R_INVALID_SOLINAS_PARAMETERS);		return 0;	}	if (!(tmp = BN_new())) {		BNerr(BN_F_BN_SOLINAS2BN, ERR_R_MALLOC_FAILURE);		goto end;	}	BN_one(tmp);	if (!BN_lshift(bn, tmp, solinas->a)) {		BNerr(BN_F_BN_SOLINAS2BN, ERR_R_BN_LIB);		goto end;	}	if (!BN_lshift(tmp, tmp, solinas->b)) {		BNerr(BN_F_BN_SOLINAS2BN, ERR_R_BN_LIB);		goto end;	}	if (!BN_add_word(tmp, solinas->c)) {		BNerr(BN_F_BN_SOLINAS2BN, ERR_R_BN_LIB);		goto end;	}	if (solinas->s > 0) {		if (!BN_add(bn, bn, tmp)) {			BNerr(BN_F_BN_SOLINAS2BN, ERR_R_BN_LIB);			goto end;		}	} else {		if (!BN_sub(bn, bn, tmp)) {			BNerr(BN_F_BN_SOLINAS2BN, ERR_R_BN_LIB);			goto end;		}	}	/* check if it is a prime */	ret = 1;end:	BN_free(tmp);	return ret;}

/* Compute the x, y affine coordinates from the point (x1, z1) (x2, z2)  * using Montgomery point multiplication algorithm Mxy() in appendix of  *     Lopez, J. and Dahab, R.  "Fast multiplication on elliptic curves over  *     GF(2^m) without precomputation" (CHES '99, LNCS 1717). * Returns: *     0 on error *     1 if return value should be the point at infinity *     2 otherwise */static int gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y, BIGNUM *x1, 	BIGNUM *z1, BIGNUM *x2, BIGNUM *z2, BN_CTX *ctx)	{	BIGNUM *t3, *t4, *t5;	int ret = 0;		if (BN_is_zero(z1))		{		BN_zero(x2);		BN_zero(z2);		return 1;		}		if (BN_is_zero(z2))		{		if (!BN_copy(x2, x)) return 0;		if (!BN_GF2m_add(z2, x, y)) return 0;		return 2;		}			/* Since Mxy is static we can guarantee that ctx != NULL. */	BN_CTX_start(ctx);	t3 = BN_CTX_get(ctx);	t4 = BN_CTX_get(ctx);	t5 = BN_CTX_get(ctx);	if (t5 == NULL) goto err;	if (!BN_one(t5)) goto err;	if (!group->meth->field_mul(group, t3, z1, z2, ctx)) goto err;	if (!group->meth->field_mul(group, z1, z1, x, ctx)) goto err;	if (!BN_GF2m_add(z1, z1, x1)) goto err;	if (!group->meth->field_mul(group, z2, z2, x, ctx)) goto err;	if (!group->meth->field_mul(group, x1, z2, x1, ctx)) goto err;	if (!BN_GF2m_add(z2, z2, x2)) goto err;	if (!group->meth->field_mul(group, z2, z2, z1, ctx)) goto err;	if (!group->meth->field_sqr(group, t4, x, ctx)) goto err;	if (!BN_GF2m_add(t4, t4, y)) goto err;	if (!group->meth->field_mul(group, t4, t4, t3, ctx)) goto err;	if (!BN_GF2m_add(t4, t4, z2)) goto err;	if (!group->meth->field_mul(group, t3, t3, x, ctx)) goto err;	if (!group->meth->field_div(group, t3, t5, t3, ctx)) goto err;	if (!group->meth->field_mul(group, t4, t3, t4, ctx)) goto err;	if (!group->meth->field_mul(group, x2, x1, t3, ctx)) goto err;	if (!BN_GF2m_add(z2, x2, x)) goto err;	if (!group->meth->field_mul(group, z2, z2, t4, ctx)) goto err;	if (!BN_GF2m_add(z2, z2, y)) goto err;	ret = 2; err:	BN_CTX_end(ctx);	return ret;	}

int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_)	{	BIGNUM *a,*b,*c,*d;	int i;	b=BN_new();	c=BN_new();	d=BN_new();	BN_one(c);	if(a_)	    a=a_;	else	    {	    a=BN_new();	    BN_bntest_rand(a,200,0,0); /**/	    a->neg=rand_neg();	    }	for (i=0; i<num0; i++)		{		BN_lshift(b,a,i+1);		BN_add(c,c,c);		if (bp != NULL)			{			if (!results)				{				BN_print(bp,a);				BIO_puts(bp," * ");				BN_print(bp,c);				BIO_puts(bp," - ");				}			BN_print(bp,b);			BIO_puts(bp,"/n");			}		BN_mul(d,a,c,ctx);		BN_sub(d,d,b);		if(!BN_is_zero(d))		    {		    fprintf(stderr,"Left shift test failed!/n");		    fprintf(stderr,"a=");		    BN_print_fp(stderr,a);		    fprintf(stderr,"/nb=");		    BN_print_fp(stderr,b);		    fprintf(stderr,"/nc=");		    BN_print_fp(stderr,c);		    fprintf(stderr,"/nd=");		    BN_print_fp(stderr,d);		    fprintf(stderr,"/n");		    return 0;		    }		}	BN_free(a);	BN_free(b);	BN_free(c);	BN_free(d);	return(1);	}

int gost_do_verify (const unsigned char *dgst, int dgst_len, DSA_SIG * sig, DSA * dsa){    BIGNUM *md, *tmp = NULL;    BIGNUM *q2 = NULL;    BIGNUM *u = NULL, *v = NULL, *z1 = NULL, *z2 = NULL;    BIGNUM *tmp2 = NULL, *tmp3 = NULL;    int ok;    BN_CTX *ctx = BN_CTX_new ();    BN_CTX_start (ctx);    if (BN_cmp (sig->s, dsa->q) >= 1 || BN_cmp (sig->r, dsa->q) >= 1)    {        GOSTerr (GOST_F_GOST_DO_VERIFY, GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q);        return 0;    }    md = hashsum2bn (dgst);    tmp = BN_CTX_get (ctx);    v = BN_CTX_get (ctx);    q2 = BN_CTX_get (ctx);    z1 = BN_CTX_get (ctx);    z2 = BN_CTX_get (ctx);    tmp2 = BN_CTX_get (ctx);    tmp3 = BN_CTX_get (ctx);    u = BN_CTX_get (ctx);    BN_mod (tmp, md, dsa->q, ctx);    if (BN_is_zero (tmp))    {        BN_one (md);    }    BN_copy (q2, dsa->q);    BN_sub_word (q2, 2);    BN_mod_exp (v, md, q2, dsa->q, ctx);    BN_mod_mul (z1, sig->s, v, dsa->q, ctx);    BN_sub (tmp, dsa->q, sig->r);    BN_mod_mul (z2, tmp, v, dsa->p, ctx);    BN_mod_exp (tmp, dsa->g, z1, dsa->p, ctx);    BN_mod_exp (tmp2, dsa->pub_key, z2, dsa->p, ctx);    BN_mod_mul (tmp3, tmp, tmp2, dsa->p, ctx);    BN_mod (u, tmp3, dsa->q, ctx);    ok = BN_cmp (u, sig->r);    BN_free (md);    BN_CTX_end (ctx);    BN_CTX_free (ctx);    if (ok != 0)    {        GOSTerr (GOST_F_GOST_DO_VERIFY, GOST_R_SIGNATURE_MISMATCH);    }    return (ok == 0);}

int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) {  int i, bits, ret = 0;  BIGNUM *v, *rr;  if ((p->flags & BN_FLG_CONSTTIME) != 0) {    /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */    OPENSSL_PUT_ERROR(BN, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);    return 0;  }  BN_CTX_start(ctx);  if (r == a || r == p) {    rr = BN_CTX_get(ctx);  } else {    rr = r;  }  v = BN_CTX_get(ctx);  if (rr == NULL || v == NULL) {    goto err;  }  if (BN_copy(v, a) == NULL) {    goto err;  }  bits = BN_num_bits(p);  if (BN_is_odd(p)) {    if (BN_copy(rr, a) == NULL) {      goto err;    }  } else {    if (!BN_one(rr)) {      goto err;    }  }  for (i = 1; i < bits; i++) {    if (!BN_sqr(v, v, ctx)) {      goto err;    }    if (BN_is_bit_set(p, i)) {      if (!BN_mul(rr, rr, v, ctx)) {        goto err;      }    }  }  if (r != rr && !BN_copy(r, rr)) {    goto err;  }  ret = 1;err:  BN_CTX_end(ctx);  return ret;}

/* * test_exp_mod_zero tests that x**0 mod 1 == 0. It returns zero on success. */static int test_exp_mod_zero(){    BIGNUM *a = NULL, *p = NULL, *m = NULL;    BIGNUM *r = NULL;    BN_CTX *ctx = BN_CTX_new();    int ret = 1;    m = BN_new();    if (!m)        goto err;    BN_one(m);    a = BN_new();    if (!a)        goto err;    BN_one(a);    p = BN_new();    if (!p)        goto err;    BN_zero(p);    r = BN_new();    if (!r)        goto err;    BN_mod_exp(r, a, p, m, ctx);    BN_CTX_free(ctx);    if (BN_is_zero(r))        ret = 0;    else {        printf("1**0 mod 1 = ");        BN_print_fp(stdout, r);        printf(", should be 0/n");    } err:    BN_free(r);    BN_free(a);    BN_free(p);    BN_free(m);    return ret;}

/**  https://core.telegram.org/api/end-to-end says:  "Both clients in a secret chat creation are to check that g, g_a and g_b are greater than one and smaller than p-1.  Recommented checking that g_a and g_b are between 2^{2048-64} and p - 2^{2048-64} as well."*/qint32 CryptoUtils::checkCalculatedParams(const BIGNUM *gAOrB, const BIGNUM *g, const BIGNUM *p) {    ASSERT(gAOrB);    ASSERT(g);    ASSERT(p);    // 1) gAOrB and g greater than one and smaller than p-1    BIGNUM one;    BN_init(&one);    Utils::ensure(BN_one(&one));    BIGNUM *pMinusOne = BN_dup(p);    Utils::ensure(BN_sub_word(pMinusOne, 1));    // check params greater than one    if (BN_cmp(gAOrB, &one) <= 0) return -1;    if (BN_cmp(g, &one) <= 0) return -1;    // check params <= p-1    if (BN_cmp(gAOrB, pMinusOne) >= 0) return -1;    if (BN_cmp(g, pMinusOne) >= 0) return -1;    // 2) gAOrB between 2^{2048-64} and p - 2^{2048-64}    quint64 expWord = 2048 - 64;    BIGNUM exp;    BN_init(&exp);    Utils::ensure(BN_set_word(&exp, expWord));    BIGNUM base;    BN_init(&base);    Utils::ensure(BN_set_word(&base, 2));    // lowLimit = base ^ exp    BIGNUM lowLimit;    BN_init(&lowLimit);    Utils::ensure(BN_exp(&lowLimit, &base, &exp, BN_ctx));    // highLimit = p - lowLimit    BIGNUM highLimit;    BN_init(&highLimit);    BN_sub(&highLimit, p, &lowLimit);    if (BN_cmp(gAOrB, &lowLimit) < 0) return -1;    if (BN_cmp(gAOrB, &highLimit) > 0) return -1;    BN_free(&one);    BN_free(pMinusOne);    BN_free(&exp);    BN_free(&lowLimit);    BN_free(&highLimit);    delete g;    delete gAOrB;    delete p;    return 0;}

static RSA *fermat_question_ask(const RSA *rsa){  BIGNUM    *a = BN_new(),    *b = BN_new(),    *a2 = BN_new(),    *b2 = BN_new();  BIGNUM *n = rsa->n;  BIGNUM    *tmp = BN_new(),    *rem = BN_new(),    *dssdelta = BN_new();  BN_CTX *ctx = BN_CTX_new();  RSA *ret = NULL;  BN_sqrtmod(tmp, rem, n, ctx);  /* Δ = |p - q| = |a + b - a + b| = |2b| > √N  2
C++ BN_print_fp函数代码示例
C++ BN_num_bits函数代码示例