自学教程：C++ BN_rshift1函数代码示例

static BIGNUM *euclid(BIGNUM *a, BIGNUM *b)	{	BIGNUM *t;	int shifts=0;	bn_check_top(a);	bn_check_top(b);	/* 0 <= b <= a */	while (!BN_is_zero(b))		{		/* 0 < b <= a */		if (BN_is_odd(a))			{			if (BN_is_odd(b))				{				if (!BN_sub(a,a,b)) goto err;				if (!BN_rshift1(a,a)) goto err;				if (BN_cmp(a,b) < 0)					{ t=a; a=b; b=t; }				}			else		/* a odd - b even */				{				if (!BN_rshift1(b,b)) goto err;				if (BN_cmp(a,b) < 0)					{ t=a; a=b; b=t; }				}			}		else			/* a is even */			{			if (BN_is_odd(b))				{				if (!BN_rshift1(a,a)) goto err;				if (BN_cmp(a,b) < 0)					{ t=a; a=b; b=t; }				}			else		/* a even - b even */				{				if (!BN_rshift1(a,a)) goto err;				if (!BN_rshift1(b,b)) goto err;				shifts++;				}			}		/* 0 <= b <= a */		}	if (shifts)		{		if (!BN_lshift(a,a,shifts)) goto err;		}	bn_check_top(a);	return(a);err:	return(NULL);	}

static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd,	const BIGNUM *rem, BN_CTX *ctx)	{	int i,ret=0;	BIGNUM *t1,*qadd,*q;	bits--;	BN_CTX_start(ctx);	t1 = BN_CTX_get(ctx);	q = BN_CTX_get(ctx);	qadd = BN_CTX_get(ctx);	if (qadd == NULL) goto err;	if (!BN_rshift1(qadd,padd)) goto err;			if (!BN_rand(q,bits,0,1)) goto err;	/* we need ((rnd-rem) % add) == 0 */	if (!BN_mod(t1,q,qadd,ctx)) goto err;	if (!BN_sub(q,q,t1)) goto err;	if (rem == NULL)		{ if (!BN_add_word(q,1)) goto err; }	else		{		if (!BN_rshift1(t1,rem)) goto err;		if (!BN_add(q,q,t1)) goto err;		}	/* we now have a random number 'rand' to test. */	if (!BN_lshift1(p,q)) goto err;	if (!BN_add_word(p,1)) goto err;loop:	for (i=1; i<NUMPRIMES; i++)		{		/* check that p and q are prime */		/* check that for p and q		 * gcd(p-1,primes) == 1 (except for 2) */		if ((BN_mod_word(p,(BN_ULONG)primes[i]) == 0) ||			(BN_mod_word(q,(BN_ULONG)primes[i]) == 0))			{			if (!BN_add(p,p,padd)) goto err;			if (!BN_add(q,q,qadd)) goto err;			goto loop;			}		}	ret=1;err:	BN_CTX_end(ctx);	bn_check_top(p);	return(ret);	}

// http://stackoverflow.com/questions/356090/how-to-compute-the-nth-root-of-a-very-big-integerstatic BIGNUM *nearest_cuberoot(BIGNUM *in){    BN_CTX *ctx = BN_CTX_new();    BN_CTX_start(ctx);    BIGNUM *three = BN_CTX_get(ctx);    BIGNUM *high = BN_CTX_get(ctx);    BIGNUM *mid = BN_CTX_get(ctx);    BIGNUM *low = BN_CTX_get(ctx);    BIGNUM *tmp = BN_CTX_get(ctx);    BN_set_word(three, 3);                                         // Create the constant 3    BN_set_word(high, 1);                                          // high = 1    do    {        BN_lshift1(high, high);                                    // high = high << 1 (high * 2)        BN_exp(tmp, high, three, ctx);                             // tmp = high^3    } while (BN_ucmp(tmp, in) <= -1);                              // while (tmp < in)    BN_rshift1(low, high);                                         // low = high >> 1 (high / 2)    while (BN_ucmp(low, high) <= -1)                               // while (low < high)    {        BN_add(tmp, low, high);                                    // tmp = low + high        BN_rshift1(mid, tmp);                                      // mid = tmp >> 1 (tmp / 2)        BN_exp(tmp, mid, three, ctx);                              // tmp = mid^3        if (BN_ucmp(low, mid) <= -1 && BN_ucmp(tmp, in) <= -1)     // if (low < mid && tmp < in)            BN_copy(low, mid);                                     // low = mid        else if (BN_ucmp(high, mid) >= 1 && BN_ucmp(tmp, in) >= 1) // else if (high > mid && tmp > in)            BN_copy(high, mid);                                    // high = mid        else        {            // subtract 1 from mid because 1 will be added after the loop            BN_sub_word(mid, 1);                                   // mid -= 1            break;        }    }    BN_add_word(mid, 1);                                           // mid += 1    BIGNUM *result = BN_dup(mid);    BN_CTX_end(ctx);    BN_CTX_free(ctx);    return result;}

bool CKey::Sign(uint256 hash, std::vector<unsigned char>& vchSig){    vchSig.clear();    ECDSA_SIG *sig = ECDSA_do_sign((unsigned char*)&hash, sizeof(hash), pkey);    if (sig == NULL)        return false;    BN_CTX *ctx = BN_CTX_new();    BN_CTX_start(ctx);    const EC_GROUP *group = EC_KEY_get0_group(pkey);    BIGNUM *order = BN_CTX_get(ctx);    BIGNUM *halforder = BN_CTX_get(ctx);    EC_GROUP_get_order(group, order, ctx);    BN_rshift1(halforder, order);    if (BN_cmp(sig->s, halforder) > 0) {        // enforce low S values, by negating the value (modulo the order) if above order/2.        BN_sub(sig->s, order, sig->s);    }    BN_CTX_end(ctx);    BN_CTX_free(ctx);    unsigned int nSize = ECDSA_size(pkey);    vchSig.resize(nSize); // Make sure it is big enough    unsigned char *pos = &vchSig[0];    nSize = i2d_ECDSA_SIG(sig, &pos);    ECDSA_SIG_free(sig);    vchSig.resize(nSize); // Shrink to fit actual size    return true;}

int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,	   BN_CTX *ctx)	{	int i,nm,nd;	int ret = 0;	BIGNUM *D;	bn_check_top(m);	bn_check_top(d);	if (BN_is_zero(d))		{		BNerr(BN_F_BN_DIV,BN_R_DIV_BY_ZERO);		return(0);		}	if (BN_ucmp(m,d) < 0)		{		if (rem != NULL)			{ if (BN_copy(rem,m) == NULL) return(0); }		if (dv != NULL) BN_zero(dv);		return(1);		}	BN_CTX_start(ctx);	D = BN_CTX_get(ctx);	if (dv == NULL) dv = BN_CTX_get(ctx);	if (rem == NULL) rem = BN_CTX_get(ctx);	if (D == NULL || dv == NULL || rem == NULL)		goto end;	nd=BN_num_bits(d);	nm=BN_num_bits(m);	if (BN_copy(D,d) == NULL) goto end;	if (BN_copy(rem,m) == NULL) goto end;	/* The next 2 are needed so we can do a dv->d[0]|=1 later	 * since BN_lshift1 will only work once there is a value :-) */	BN_zero(dv);	if(bn_wexpand(dv,1) == NULL) goto end;	dv->top=1;	if (!BN_lshift(D,D,nm-nd)) goto end;	for (i=nm-nd; i>=0; i--)		{		if (!BN_lshift1(dv,dv)) goto end;		if (BN_ucmp(rem,D) >= 0)			{			dv->d[0]|=1;			if (!BN_usub(rem,rem,D)) goto end;			}/* CAN IMPROVE (and have now :=) */		if (!BN_rshift1(D,D)) goto end;		}	rem->neg=BN_is_zero(rem)?0:m->neg;	dv->neg=m->neg^d->neg;	ret = 1; end:	BN_CTX_end(ctx);	return(ret);	}

bool CKey::Sign(uint256 hash, std::vector<unsigned char>& vchSig){    vchSig.clear();    ECDSA_SIG *sig = ECDSA_do_sign((unsigned char*)&hash, sizeof(hash), pkey);    if (sig==NULL)        return false;    const EC_GROUP *group = EC_KEY_get0_group(pkey);    CBigNum order, halforder;    EC_GROUP_get_order(group, &order, NULL);    BN_rshift1(&halforder, &order);    // enforce low S values, by negating the value (modulo the order) if above order/2.    if (BN_cmp(sig->s, &halforder) > 0) {        BN_sub(sig->s, &order, sig->s);    }    unsigned int nSize = ECDSA_size(pkey);    vchSig.resize(nSize); // Make sure it is big enough    unsigned char *pos = &vchSig[0];    nSize = i2d_ECDSA_SIG(sig, &pos);    ECDSA_SIG_free(sig);    vchSig.resize(nSize); // Shrink to fit actual size    // Testing our new signature    if (ECDSA_verify(0, (unsigned char*)&hash, sizeof(hash), &vchSig[0], vchSig.size(), pkey) != 1) {        vchSig.clear();        return false;    }    return true;}

/* The secret integers s0 and s1 must be in the range 0 < s < n for   some n, and must be relatively prime to that n.  We know a priori   that n is of the form 2**k * p for some small integer k and prime   p.  Therefore, it suffices to choose a random integer in the range   [0, n/2), multiply by two and add one (enforcing oddness), and then   reject values which are divisible by p.  */static BIGNUM *random_s(const BIGNUM *n, const BIGNUM *p, BN_CTX *c){  BIGNUM h, m, *r;  BN_init(&h);  BN_init(&m);  FAILZ(r = BN_new());  FAILZ(BN_copy(&h, n));  FAILZ(BN_rshift1(&h, &h));  do {    FAILZ(BN_rand_range(r, &h));    FAILZ(BN_lshift1(r, r));    FAILZ(BN_add(r, r, BN_value_one()));    FAILZ(BN_nnmod(&m, r, p, c));  } while (BN_is_zero(&m));  BN_clear(&h);  BN_clear(&m);  return r; fail:  BN_clear(&h);  BN_clear(&m);  if (r) BN_clear_free(r);  return 0;}

/* rem != m */int BN_mod(BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx){#if 0 /* The old slow way */	int i, nm, nd;	BIGNUM *dv;	if(BN_ucmp(m, d) < 0)		{ return ((BN_copy(rem, m) == NULL) ? 0 : 1); }	BN_CTX_start(ctx);	dv = BN_CTX_get(ctx);	if(!BN_copy(rem, m)) { goto err; }	nm = BN_num_bits(rem);	nd = BN_num_bits(d);	if(!BN_lshift(dv, d, nm - nd)) { goto err; }	for(i = nm - nd; i >= 0; i--)	{		if(BN_cmp(rem, dv) >= 0)		{			if(!BN_sub(rem, rem, dv)) { goto err; }		}		if(!BN_rshift1(dv, dv)) { goto err; }	}	BN_CTX_end(ctx);	return (1);err:	BN_CTX_end(ctx);	return (0);#else	return (BN_div(NULL, rem, m, d, ctx));#endif}

int DH_check(const DH *dh, int *ret){    int ok = 0;    BN_CTX *ctx = NULL;    BN_ULONG l;    BIGNUM *q = NULL;    *ret = 0;    ctx = BN_CTX_new();    if (ctx == NULL)        goto err;    q = BN_new();    if (q == NULL)        goto err;    if (BN_is_word(dh->g, DH_GENERATOR_2)) {        l = BN_mod_word(dh->p, 24);        if (l != 11)            *ret |= DH_NOT_SUITABLE_GENERATOR;    }# if 0    else if (BN_is_word(dh->g, DH_GENERATOR_3)) {        l = BN_mod_word(dh->p, 12);        if (l != 5)            *ret |= DH_NOT_SUITABLE_GENERATOR;    }# endif    else if (BN_is_word(dh->g, DH_GENERATOR_5)) {        l = BN_mod_word(dh->p, 10);        if ((l != 3) && (l != 7))            *ret |= DH_NOT_SUITABLE_GENERATOR;    } else        *ret |= DH_UNABLE_TO_CHECK_GENERATOR;    if (!BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL))        *ret |= DH_CHECK_P_NOT_PRIME;    else {        if (!BN_rshift1(q, dh->p))            goto err;        if (!BN_is_prime_ex(q, BN_prime_checks, ctx, NULL))            *ret |= DH_CHECK_P_NOT_SAFE_PRIME;    }    ok = 1; err:    if (ctx != NULL)        BN_CTX_free(ctx);    if (q != NULL)        BN_free(q);    return (ok);}

static voidbsqrt(void){	struct number	*n;	struct number	*r;	BIGNUM		*x, *y;	u_int		scale, onecount;	BN_CTX		*ctx;	onecount = 0;	n = pop_number();	if (n == NULL) {		return;	}	if (BN_is_zero(n->number)) {		r = new_number();		push_number(r);	} else if (BN_is_negative(n->number))		warnx("square root of negative number");	else {		scale = max(bmachine.scale, n->scale);		normalize(n, 2*scale);		x = BN_dup(n->number);		bn_checkp(x);		bn_check(BN_rshift(x, x, BN_num_bits(x)/2));		y = BN_new();		bn_checkp(y);		ctx = BN_CTX_new();		bn_checkp(ctx);		for (;;) {			bn_checkp(BN_copy(y, x));			bn_check(BN_div(x, NULL, n->number, x, ctx));			bn_check(BN_add(x, x, y));			bn_check(BN_rshift1(x, x));			if (bsqrt_stop(x, y, &onecount))				break;		}		r = bmalloc(sizeof(*r));		r->scale = scale;		r->number = y;		BN_free(x);		BN_CTX_free(ctx);		push_number(r);	}	free_number(n);}

/* * Construct a MODP group from hex strings p (which must be a safe * prime) and g, automatically calculating subgroup q as (p / 2) */struct modp_group *modp_group_from_g_and_safe_p(const char *grp_g, const char *grp_p){	struct modp_group *ret;	ret = xcalloc(1, sizeof(*ret));	ret->p = ret->q = ret->g = NULL;	if (BN_hex2bn(&ret->p, grp_p) == 0 ||	    BN_hex2bn(&ret->g, grp_g) == 0)		fatal("%s: BN_hex2bn", __func__);	/* Subgroup order is p/2 (p is a safe prime) */	if ((ret->q = BN_new()) == NULL)		fatal("%s: BN_new", __func__);	if (BN_rshift1(ret->q, ret->p) != 1)		fatal("%s: BN_rshift1", __func__);	return ret;}

struct jpake_group *jpake_default_group(void){	struct jpake_group *ret;	ret = xmalloc(sizeof(*ret));	ret->p = ret->q = ret->g = NULL;	if (BN_hex2bn(&ret->p, JPAKE_GROUP_P) == 0 ||	    BN_hex2bn(&ret->g, JPAKE_GROUP_G) == 0)		fatal("%s: BN_hex2bn", __func__);	/* Subgroup order is p/2 (p is a safe prime) */	if ((ret->q = BN_new()) == NULL)		fatal("%s: BN_new", __func__);	if (BN_rshift1(ret->q, ret->p) != 1)		fatal("%s: BN_rshift1", __func__);	return ret;}

void setup(){    mod = BN_bin2bn( mod_buffer, /*len*/192, NULL );        // modOrder = ( mod - 1 ) / 2    BIGNUM* postSubtract = BN_new();    BIGNUM* oneBN = BN_new();    int ret = BN_one( oneBN );    if ( ret != 1 )    {        printf( "setup: BN_one failed: %d", ret );    }    ret = BN_sub( postSubtract, mod, oneBN );  // r = a - b    if ( ret != 1 )    {        printf( "setup: BN_sub failed: %d", ret );    }    BN_clear_free( oneBN );        modOrder = BN_new();    ret = BN_rshift1( modOrder, postSubtract ); // r = a 
C++ BN_set_word函数代码示例
C++ BN_rshift函数代码示例