自学教程：C++ EC_GROUP_get_curve_GFp函数代码示例

static int openssl_ec_group_parse(lua_State*L){  const EC_GROUP* group = CHECK_OBJECT(1, EC_GROUP, "openssl.ec_group");  const EC_POINT *generator = EC_GROUP_get0_generator(group);  BN_CTX* ctx = BN_CTX_new();  BIGNUM *a, *b, *p, *order, *cofactor;  lua_newtable(L);  if (generator)  {    generator = EC_POINT_dup(generator, group);    AUXILIAR_SETOBJECT(L, generator, "openssl.ec_point", -1, "generator");  }  order = BN_new();  EC_GROUP_get_order(group, order, ctx);  AUXILIAR_SETOBJECT(L, order, "openssl.bn", -1, "order");  cofactor = BN_new();  EC_GROUP_get_cofactor(group, cofactor, ctx);  AUXILIAR_SETOBJECT(L, cofactor, "openssl.bn", -1, "cofactor");  AUXILIAR_SET(L, -1, "asn1_flag", EC_GROUP_get_asn1_flag(group), integer);  AUXILIAR_SET(L, -1, "degree", EC_GROUP_get_degree(group), integer);  AUXILIAR_SET(L, -1, "curve_name", EC_GROUP_get_curve_name(group), integer);  AUXILIAR_SET(L, -1, "conversion_form", EC_GROUP_get_point_conversion_form(group), integer);  AUXILIAR_SETLSTR(L, -1, "seed", EC_GROUP_get0_seed(group), EC_GROUP_get_seed_len(group));  a = BN_new();  b = BN_new();  p = BN_new();  EC_GROUP_get_curve_GFp(group, p, a, b, ctx);  lua_newtable(L);  {    AUXILIAR_SETOBJECT(L, p, "openssl.bn", -1, "p");    AUXILIAR_SETOBJECT(L, a, "openssl.bn", -1, "a");    AUXILIAR_SETOBJECT(L, b, "openssl.bn", -1, "b");  }  lua_setfield(L, -2, "curve");  BN_CTX_free(ctx);  return 1;}

// Perform ECDSA key recovery (see SEC1 4.1.6) for curves over (mod p)-fields// recid selects which key is recovered// if check is nonzero, additional checks are performedint ECDSA_SIG_recover_key_GFp(EC_KEY *eckey, ECDSA_SIG *ecsig, const unsigned char *msg, int msglen, int recid, int check){    if (!eckey) return 0;    int ret = 0;    BN_CTX *ctx = NULL;    BIGNUM *x = NULL;    BIGNUM *e = NULL;    BIGNUM *order = NULL;    BIGNUM *sor = NULL;    BIGNUM *eor = NULL;    BIGNUM *field = NULL;    EC_POINT *R = NULL;    EC_POINT *O = NULL;    EC_POINT *Q = NULL;    BIGNUM *rr = NULL;    BIGNUM *zero = NULL;    int n = 0;    int i = recid / 2;    const EC_GROUP *group = EC_KEY_get0_group(eckey);    if ((ctx = BN_CTX_new()) == NULL) { ret = -1; goto err; }    BN_CTX_start(ctx);    order = BN_CTX_get(ctx);    if (!EC_GROUP_get_order(group, order, ctx)) { ret = -2; goto err; }    x = BN_CTX_get(ctx);    if (!BN_copy(x, order)) { ret=-1; goto err; }    if (!BN_mul_word(x, i)) { ret=-1; goto err; }    if (!BN_add(x, x, ecsig->r)) { ret=-1; goto err; }    field = BN_CTX_get(ctx);    if (!EC_GROUP_get_curve_GFp(group, field, NULL, NULL, ctx)) { ret=-2; goto err; }    if (BN_cmp(x, field) >= 0) { ret=0; goto err; }    if ((R = EC_POINT_new(group)) == NULL) { ret = -2; goto err; }    if (!EC_POINT_set_compressed_coordinates_GFp(group, R, x, recid % 2, ctx)) { ret=0; goto err; }    if (check)    {        if ((O = EC_POINT_new(group)) == NULL) { ret = -2; goto err; }        if (!EC_POINT_mul(group, O, NULL, R, order, ctx)) { ret=-2; goto err; }        if (!EC_POINT_is_at_infinity(group, O)) { ret = 0; goto err; }    }    if ((Q = EC_POINT_new(group)) == NULL) { ret = -2; goto err; }    n = EC_GROUP_get_degree(group);    e = BN_CTX_get(ctx);    if (!BN_bin2bn(msg, msglen, e)) { ret=-1; goto err; }    if (8*msglen > n) BN_rshift(e, e, 8-(n & 7));    zero = BN_CTX_get(ctx);    if (!BN_zero(zero)) { ret=-1; goto err; }    if (!BN_mod_sub(e, zero, e, order, ctx)) { ret=-1; goto err; }    rr = BN_CTX_get(ctx);    if (!BN_mod_inverse(rr, ecsig->r, order, ctx)) { ret=-1; goto err; }    sor = BN_CTX_get(ctx);    if (!BN_mod_mul(sor, ecsig->s, rr, order, ctx)) { ret=-1; goto err; }    eor = BN_CTX_get(ctx);    if (!BN_mod_mul(eor, e, rr, order, ctx)) { ret=-1; goto err; }    if (!EC_POINT_mul(group, Q, eor, R, sor, ctx)) { ret=-2; goto err; }    if (!EC_KEY_set_public_key(eckey, Q)) { ret=-2; goto err; }    ret = 1;err:    if (ctx) {        BN_CTX_end(ctx);        BN_CTX_free(ctx);    }    if (R != NULL) EC_POINT_free(R);    if (O != NULL) EC_POINT_free(O);    if (Q != NULL) EC_POINT_free(Q);    return ret;}

intcompute_password_element (pwd_session_t *sess, uint16_t grp_num,			  char *password, int password_len,			  char *id_server, int id_server_len,			  char *id_peer, int id_peer_len,			  uint32_t *token){    BIGNUM *x_candidate = NULL, *rnd = NULL, *cofactor = NULL;    HMAC_CTX ctx;    uint8_t pwe_digest[SHA256_DIGEST_LENGTH], *prfbuf = NULL, ctr;    int nid, is_odd, primebitlen, primebytelen, ret = 0;    switch (grp_num) { /* from IANA registry for IKE D-H groups */	case 19:	    nid = NID_X9_62_prime256v1;	    break;	case 20:	    nid = NID_secp384r1;	    break;	case 21:	    nid = NID_secp521r1;	    break;	case 25:	    nid = NID_X9_62_prime192v1;	    break;	case 26:	    nid = NID_secp224r1;	    break;	default:	    DEBUG("unknown group %d", grp_num);	    goto fail;    }    sess->pwe = NULL;    sess->order = NULL;    sess->prime = NULL;    if ((sess->group = EC_GROUP_new_by_curve_name(nid)) == NULL) {	DEBUG("unable to create EC_GROUP");	goto fail;    }    if (((rnd = BN_new()) == NULL) ||	((cofactor = BN_new()) == NULL) ||	((sess->pwe = EC_POINT_new(sess->group)) == NULL) ||	((sess->order = BN_new()) == NULL) ||	((sess->prime = BN_new()) == NULL) ||	((x_candidate = BN_new()) == NULL)) {	DEBUG("unable to create bignums");	goto fail;    }    if (!EC_GROUP_get_curve_GFp(sess->group, sess->prime, NULL, NULL, NULL))    {	DEBUG("unable to get prime for GFp curve");	goto fail;    }    if (!EC_GROUP_get_order(sess->group, sess->order, NULL)) {	DEBUG("unable to get order for curve");	goto fail;    }    if (!EC_GROUP_get_cofactor(sess->group, cofactor, NULL)) {	DEBUG("unable to get cofactor for curve");	goto fail;    }    primebitlen = BN_num_bits(sess->prime);    primebytelen = BN_num_bytes(sess->prime);    if ((prfbuf = talloc_zero_array(sess, uint8_t, primebytelen)) == NULL) {	DEBUG("unable to alloc space for prf buffer");	goto fail;    }    ctr = 0;    while (1) {	if (ctr > 10) {	    DEBUG("unable to find random point on curve for group %d, something's fishy", grp_num);	    goto fail;	}	ctr++;	/*	 * compute counter-mode password value and stretch to prime	 *    pwd-seed = H(token | peer-id | server-id | password |	 *		   counter)	 */	H_Init(&ctx);	H_Update(&ctx, (uint8_t *)token, sizeof(*token));	H_Update(&ctx, (uint8_t *)id_peer, id_peer_len);	H_Update(&ctx, (uint8_t *)id_server, id_server_len);	H_Update(&ctx, (uint8_t *)password, password_len);	H_Update(&ctx, (uint8_t *)&ctr, sizeof(ctr));	H_Final(&ctx, pwe_digest);	BN_bin2bn(pwe_digest, SHA256_DIGEST_LENGTH, rnd);	eap_pwd_kdf(pwe_digest, SHA256_DIGEST_LENGTH,		    "EAP-pwd Hunting And Pecking",		    strlen("EAP-pwd Hunting And Pecking"),		    prfbuf, primebitlen);	BN_bin2bn(prfbuf, primebytelen, x_candidate);	/*//.........这里部分代码省略.........

//.........这里部分代码省略.........	}	if (text) {		if (!ECPKParameters_print(out, group, 0))			goto end;	}	if (check) {		if (group == NULL)			BIO_printf(bio_err, "no elliptic curve parameters/n");		BIO_printf(bio_err, "checking elliptic curve parameters: ");		if (!EC_GROUP_check(group, NULL)) {			BIO_printf(bio_err, "failed/n");			ERR_print_errors(bio_err);		} else			BIO_printf(bio_err, "ok/n");	}	if (C) {		size_t buf_len = 0, tmp_len = 0;		const EC_POINT *point;		int is_prime, len = 0;		const EC_METHOD *meth = EC_GROUP_method_of(group);		if ((ec_p = BN_new()) == NULL || (ec_a = BN_new()) == NULL ||		    (ec_b = BN_new()) == NULL || (ec_gen = BN_new()) == NULL ||		    (ec_order = BN_new()) == NULL ||		    (ec_cofactor = BN_new()) == NULL) {			perror("malloc");			goto end;		}		is_prime = (EC_METHOD_get_field_type(meth) ==		    NID_X9_62_prime_field);		if (is_prime) {			if (!EC_GROUP_get_curve_GFp(group, ec_p, ec_a,				ec_b, NULL))				goto end;		} else {			/* TODO */			goto end;		}		if ((point = EC_GROUP_get0_generator(group)) == NULL)			goto end;		if (!EC_POINT_point2bn(group, point,			EC_GROUP_get_point_conversion_form(group), ec_gen,			NULL))			goto end;		if (!EC_GROUP_get_order(group, ec_order, NULL))			goto end;		if (!EC_GROUP_get_cofactor(group, ec_cofactor, NULL))			goto end;		if (!ec_p || !ec_a || !ec_b || !ec_gen ||		    !ec_order || !ec_cofactor)			goto end;		len = BN_num_bits(ec_order);		if ((tmp_len = (size_t) BN_num_bytes(ec_p)) > buf_len)			buf_len = tmp_len;		if ((tmp_len = (size_t) BN_num_bytes(ec_a)) > buf_len)			buf_len = tmp_len;		if ((tmp_len = (size_t) BN_num_bytes(ec_b)) > buf_len)			buf_len = tmp_len;		if ((tmp_len = (size_t) BN_num_bytes(ec_gen)) > buf_len)			buf_len = tmp_len;

int ECPKParameters_print(BIO * bp, const EC_GROUP * x, int off){	unsigned char *buffer = NULL;	size_t buf_len = 0, i;	int ret = 0, reason = ERR_R_BIO_LIB;	BN_CTX *ctx = NULL;	const EC_POINT *point = NULL;	BIGNUM *p = NULL, *a = NULL, *b = NULL, *gen = NULL, *order = NULL,	*cofactor = NULL;	const unsigned char *seed;	size_t seed_len = 0;	const char *nname;	static const char *gen_compressed = "Generator (compressed):";	static const char *gen_uncompressed = "Generator (uncompressed):";	static const char *gen_hybrid = "Generator (hybrid):";	if (!x) {		reason = ERR_R_PASSED_NULL_PARAMETER;		goto err;	}	ctx = BN_CTX_new();	if (ctx == NULL) {		reason = ERR_R_MALLOC_FAILURE;		goto err;	}	if (EC_GROUP_get_asn1_flag(x)) {		/* the curve parameter are given by an asn1 OID */		int nid;		if (!BIO_indent(bp, off, 128))			goto err;		nid = EC_GROUP_get_curve_name(x);		if (nid == 0)			goto err;		if (BIO_printf(bp, "ASN1 OID: %s", OBJ_nid2sn(nid)) <= 0)			goto err;		if (BIO_printf(bp, "/n") <= 0)			goto err;		nname = EC_curve_nid2nist(nid);		if (nname) {			if (!BIO_indent(bp, off, 128))				goto err;			if (BIO_printf(bp, "NIST CURVE: %s/n", nname) <= 0)				goto err;		}	} else {		/* explicit parameters */		int is_char_two = 0;		point_conversion_form_t form;		int tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(x));		if (tmp_nid == NID_X9_62_characteristic_two_field)			is_char_two = 1;		if ((p = BN_new()) == NULL || (a = BN_new()) == NULL ||		    (b = BN_new()) == NULL || (order = BN_new()) == NULL ||		    (cofactor = BN_new()) == NULL) {			reason = ERR_R_MALLOC_FAILURE;			goto err;		}#ifndef OPENSSL_NO_EC2M		if (is_char_two) {			if (!EC_GROUP_get_curve_GF2m(x, p, a, b, ctx)) {				reason = ERR_R_EC_LIB;				goto err;			}		} else		/* prime field */#endif		{			if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx)) {				reason = ERR_R_EC_LIB;				goto err;			}		}		if ((point = EC_GROUP_get0_generator(x)) == NULL) {			reason = ERR_R_EC_LIB;			goto err;		}		if (!EC_GROUP_get_order(x, order, NULL) ||		    !EC_GROUP_get_cofactor(x, cofactor, NULL)) {			reason = ERR_R_EC_LIB;			goto err;		}		form = EC_GROUP_get_point_conversion_form(x);		if ((gen = EC_POINT_point2bn(x, point,			    form, NULL, ctx)) == NULL) {			reason = ERR_R_EC_LIB;			goto err;		}		buf_len = (size_t) BN_num_bytes(p);		if (buf_len < (i = (size_t) BN_num_bytes(a)))			buf_len = i;		if (buf_len < (i = (size_t) BN_num_bytes(b)))//.........这里部分代码省略.........

int BFIBE_setup(const EC_GROUP *group, const EVP_MD *md,	BFPublicParameters **pmpk, BFMasterSecret **pmsk){	int ret = 0;	BFPublicParameters *mpk = NULL;	BFMasterSecret *msk = NULL;	BN_CTX *bn_ctx = NULL;	EC_POINT *point = NULL;	BIGNUM *a;	BIGNUM *b;	if (!group || !pmpk || !pmsk) {		BFIBEerr(BFIBE_F_BFIBE_SETUP, ERR_R_PASSED_NULL_PARAMETER);		return 0;	}	if (!(bn_ctx = BN_CTX_new())) {		BFIBEerr(BFIBE_F_BFIBE_SETUP, ERR_R_MALLOC_FAILURE);		goto end;	}	BN_CTX_start(bn_ctx);	a = BN_CTX_get(bn_ctx);	b = BN_CTX_get(bn_ctx);	if (!b) {		BFIBEerr(BFIBE_F_BFIBE_SETUP, ERR_R_MALLOC_FAILURE);		goto end;	}	mpk = BFPublicParameters_new();	msk = BFMasterSecret_new();	point = EC_POINT_new(group);	if (!mpk || !msk || !point) {		BFIBEerr(BFIBE_F_BFIBE_SETUP, ERR_R_MALLOC_FAILURE);		goto end;	}	/*	 * set mpk->version	 * set mpk->curve	 */	mpk->version = BFIBE_VERSION;	OPENSSL_assert(mpk->curve);	ASN1_OBJECT_free(mpk->curve);	if (!(mpk->curve = OBJ_nid2obj(NID_type1curve))) {		BFIBEerr(BFIBE_F_BFIBE_SETUP, BFIBE_R_NOT_NAMED_CURVE);		goto end;	}	/* mpk->p = group->p */	if (!EC_GROUP_get_curve_GFp(group, mpk->p, a, b, bn_ctx)) {		BFIBEerr(BFIBE_F_BFIBE_SETUP, ERR_R_EC_LIB);		goto end;	}	if (!BN_is_zero(a) || !BN_is_one(b)) {		BFIBEerr(BFIBE_F_BFIBE_SETUP, BFIBE_R_INVALID_TYPE1CURVE);		goto end;	}	/* mpk->q = group->order */	if (!EC_GROUP_get_order(group, mpk->q, bn_ctx)) {		BFIBEerr(BFIBE_F_BFIBE_SETUP, BFIBE_R_INVALID_TYPE1CURVE);		goto end;	}	/* mpk->pointP = group->generator */	if (!EC_POINT_get_affine_coordinates_GFp(group, EC_GROUP_get0_generator(group),		mpk->pointP->x, mpk->pointP->y, bn_ctx)) {		BFIBEerr(BFIBE_F_BFIBE_SETUP, ERR_R_EC_LIB);		goto end;	}	/* set mpk->hashfcn from F_p^2 element bits */	OPENSSL_assert(mpk->hashfcn);	ASN1_OBJECT_free(mpk->hashfcn);	if (!(mpk->hashfcn = OBJ_nid2obj(EVP_MD_type(md)))) {		BFIBEerr(BFIBE_F_BFIBE_SETUP, BFIBE_R_PARSE_PAIRING);		goto end;	}	/*	 * set msk->version	 * random msk->masterSecret in [2, q - 1]	 */	msk->version = BFIBE_VERSION;	do {		if (!BN_rand_range(msk->masterSecret, mpk->q)) {			BFIBEerr(BFIBE_F_BFIBE_SETUP, ERR_R_BN_LIB);			goto end;		}	} while (BN_is_zero(msk->masterSecret) || BN_is_one(msk->masterSecret));	/* mpk->pointPpub = msk->masterSecret * mpk->pointP */	if (!EC_POINT_mul(group, point, msk->masterSecret, NULL, NULL, bn_ctx)) {//.........这里部分代码省略.........

/* * compute a "random" secret point on an elliptic curve based * on the password and identities. */int compute_password_element(EAP_PWD_group *grp, u16 num,			     u8 *password, int password_len,			     u8 *id_server, int id_server_len,			     u8 *id_peer, int id_peer_len, u8 *token){	BIGNUM *x_candidate = NULL, *rnd = NULL, *cofactor = NULL;	struct crypto_hash *hash;	unsigned char pwe_digest[SHA256_MAC_LEN], *prfbuf = NULL, ctr;	int nid, is_odd, ret = 0;	size_t primebytelen, primebitlen;	switch (num) { /* from IANA registry for IKE D-H groups */        case 19:		nid = NID_X9_62_prime256v1;		break;        case 20:		nid = NID_secp384r1;		break;        case 21:		nid = NID_secp521r1;		break;        case 25:		nid = NID_X9_62_prime192v1;		break;        case 26:		nid = NID_secp224r1;		break;        default:		wpa_printf(MSG_INFO, "EAP-pwd: unsupported group %d", num);		return -1;	}	grp->pwe = NULL;	grp->order = NULL;	grp->prime = NULL;	if ((grp->group = EC_GROUP_new_by_curve_name(nid)) == NULL) {		wpa_printf(MSG_INFO, "EAP-pwd: unable to create EC_GROUP");		goto fail;	}	if (((rnd = BN_new()) == NULL) ||	    ((cofactor = BN_new()) == NULL) ||	    ((grp->pwe = EC_POINT_new(grp->group)) == NULL) ||	    ((grp->order = BN_new()) == NULL) ||	    ((grp->prime = BN_new()) == NULL) ||	    ((x_candidate = BN_new()) == NULL)) {		wpa_printf(MSG_INFO, "EAP-pwd: unable to create bignums");		goto fail;	}	if (!EC_GROUP_get_curve_GFp(grp->group, grp->prime, NULL, NULL, NULL))	{		wpa_printf(MSG_INFO, "EAP-pwd: unable to get prime for GFp "			   "curve");		goto fail;	}	if (!EC_GROUP_get_order(grp->group, grp->order, NULL)) {		wpa_printf(MSG_INFO, "EAP-pwd: unable to get order for curve");		goto fail;	}	if (!EC_GROUP_get_cofactor(grp->group, cofactor, NULL)) {		wpa_printf(MSG_INFO, "EAP-pwd: unable to get cofactor for "			   "curve");		goto fail;	}	primebitlen = BN_num_bits(grp->prime);	primebytelen = BN_num_bytes(grp->prime);	if ((prfbuf = os_malloc(primebytelen)) == NULL) {		wpa_printf(MSG_INFO, "EAP-pwd: unable to malloc space for prf "			   "buffer");		goto fail;	}	os_memset(prfbuf, 0, primebytelen);	ctr = 0;	while (1) {		if (ctr > 30) {			wpa_printf(MSG_INFO, "EAP-pwd: unable to find random "				   "point on curve for group %d, something's "				   "fishy", num);			goto fail;		}		ctr++;		/*		 * compute counter-mode password value and stretch to prime		 *    pwd-seed = H(token | peer-id | server-id | password |		 *		   counter)		 */		hash = eap_pwd_h_init();		if (hash == NULL)			goto fail;		eap_pwd_h_update(hash, token, sizeof(u32));		eap_pwd_h_update(hash, id_peer, id_peer_len);		eap_pwd_h_update(hash, id_server, id_server_len);		eap_pwd_h_update(hash, password, password_len);//.........这里部分代码省略.........

//.........这里部分代码省略.........        if (group == NULL)            BIO_printf(bio_err, "no elliptic curve parameters/n");        BIO_printf(bio_err, "checking elliptic curve parameters: ");        if (!EC_GROUP_check(group, NULL)) {            BIO_printf(bio_err, "failed/n");            ERR_print_errors(bio_err);        } else            BIO_printf(bio_err, "ok/n");    }    if (C) {        size_t buf_len = 0, tmp_len = 0;        const EC_POINT *point;        int is_prime, len = 0;        const EC_METHOD *meth = EC_GROUP_method_of(group);        if ((ec_p = BN_new()) == NULL                || (ec_a = BN_new()) == NULL                || (ec_b = BN_new()) == NULL                || (ec_gen = BN_new()) == NULL                || (ec_order = BN_new()) == NULL                || (ec_cofactor = BN_new()) == NULL) {            perror("Can't allocate BN");            goto end;        }        is_prime = (EC_METHOD_get_field_type(meth) == NID_X9_62_prime_field);        if (!is_prime) {            BIO_printf(bio_err, "Can only handle X9.62 prime fields/n");            goto end;        }        if (!EC_GROUP_get_curve_GFp(group, ec_p, ec_a, ec_b, NULL))            goto end;        if ((point = EC_GROUP_get0_generator(group)) == NULL)            goto end;        if (!EC_POINT_point2bn(group, point,                               EC_GROUP_get_point_conversion_form(group),                               ec_gen, NULL))            goto end;        if (!EC_GROUP_get_order(group, ec_order, NULL))            goto end;        if (!EC_GROUP_get_cofactor(group, ec_cofactor, NULL))            goto end;        if (!ec_p || !ec_a || !ec_b || !ec_gen || !ec_order || !ec_cofactor)            goto end;        len = BN_num_bits(ec_order);        if ((tmp_len = (size_t)BN_num_bytes(ec_p)) > buf_len)            buf_len = tmp_len;        if ((tmp_len = (size_t)BN_num_bytes(ec_a)) > buf_len)            buf_len = tmp_len;        if ((tmp_len = (size_t)BN_num_bytes(ec_b)) > buf_len)            buf_len = tmp_len;        if ((tmp_len = (size_t)BN_num_bytes(ec_gen)) > buf_len)            buf_len = tmp_len;        if ((tmp_len = (size_t)BN_num_bytes(ec_order)) > buf_len)            buf_len = tmp_len;        if ((tmp_len = (size_t)BN_num_bytes(ec_cofactor)) > buf_len)            buf_len = tmp_len;        buffer = app_malloc(buf_len, "BN buffer");

void prime_field_tests()	{		BN_CTX *ctx = NULL;	BIGNUM *p, *a, *b;	EC_GROUP *group;	EC_GROUP *P_160 = NULL, *P_192 = NULL, *P_224 = NULL, *P_256 = NULL, *P_384 = NULL, *P_521 = NULL;	EC_POINT *P, *Q, *R;	BIGNUM *x, *y, *z;	unsigned char buf[100];	size_t i, len;	int k;	#if 1 /* optional */	ctx = BN_CTX_new();	if (!ctx) ABORT;#endif	p = BN_new();	a = BN_new();	b = BN_new();	if (!p || !a || !b) ABORT;	if (!BN_hex2bn(&p, "17")) ABORT;	if (!BN_hex2bn(&a, "1")) ABORT;	if (!BN_hex2bn(&b, "1")) ABORT;		group = EC_GROUP_new(EC_GFp_mont_method()); /* applications should use EC_GROUP_new_curve_GFp	                                             * so that the library gets to choose the EC_METHOD */	if (!group) ABORT;	if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;	{		EC_GROUP *tmp;		tmp = EC_GROUP_new(EC_GROUP_method_of(group));		if (!tmp) ABORT;		if (!EC_GROUP_copy(tmp, group)) ABORT;		EC_GROUP_free(group);		group = tmp;	}		if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) ABORT;	fprintf(stdout, "Curve defined by Weierstrass equation/n     y^2 = x^3 + a*x + b  (mod 0x");	BN_print_fp(stdout, p);	fprintf(stdout, ")/n     a = 0x");	BN_print_fp(stdout, a);	fprintf(stdout, "/n     b = 0x");	BN_print_fp(stdout, b);	fprintf(stdout, "/n");	P = EC_POINT_new(group);	Q = EC_POINT_new(group);	R = EC_POINT_new(group);	if (!P || !Q || !R) ABORT;		if (!EC_POINT_set_to_infinity(group, P)) ABORT;	if (!EC_POINT_is_at_infinity(group, P)) ABORT;	buf[0] = 0;	if (!EC_POINT_oct2point(group, Q, buf, 1, ctx)) ABORT;	if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT;	if (!EC_POINT_is_at_infinity(group, P)) ABORT;	x = BN_new();	y = BN_new();	z = BN_new();	if (!x || !y || !z) ABORT;	if (!BN_hex2bn(&x, "D")) ABORT;	if (!EC_POINT_set_compressed_coordinates_GFp(group, Q, x, 1, ctx)) ABORT;	if (!EC_POINT_is_on_curve(group, Q, ctx))		{		if (!EC_POINT_get_affine_coordinates_GFp(group, Q, x, y, ctx)) ABORT;		fprintf(stderr, "Point is not on curve: x = 0x");		BN_print_fp(stderr, x);		fprintf(stderr, ", y = 0x");		BN_print_fp(stderr, y);		fprintf(stderr, "/n");		ABORT;		}	fprintf(stdout, "A cyclic subgroup:/n");	k = 100;	do		{		if (k-- == 0) ABORT;		if (EC_POINT_is_at_infinity(group, P))			fprintf(stdout, "     point at infinity/n");		else			{			if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;			fprintf(stdout, "     x = 0x");			BN_print_fp(stdout, x);			fprintf(stdout, ", y = 0x");			BN_print_fp(stdout, y);			fprintf(stdout, "/n");//.........这里部分代码省略.........

intecdh_im_compute_key(PACE_CTX * ctx, const BUF_MEM * s, const BUF_MEM * in,        BN_CTX *bn_ctx){    int ret = 0;    BUF_MEM * x_mem = NULL;    BIGNUM * a = NULL, *b = NULL, *p = NULL;    BIGNUM * x = NULL, *y = NULL, *v = NULL, *u = NULL;    BIGNUM * tmp = NULL, *tmp2 = NULL, *bn_inv = NULL;    BIGNUM * two = NULL, *three = NULL, *four = NULL, *six = NULL;    BIGNUM * twentyseven = NULL;    EC_KEY *static_key = NULL, *ephemeral_key = NULL;    EC_POINT *g = NULL;    BN_CTX_start(bn_ctx);    check((ctx && ctx->static_key && s && ctx->ka_ctx), "Invalid arguments");     static_key = EVP_PKEY_get1_EC_KEY(ctx->static_key);    if (!static_key)        goto err;    /* Setup all the variables*/    a = BN_CTX_get(bn_ctx);    b = BN_CTX_get(bn_ctx);    p = BN_CTX_get(bn_ctx);    x = BN_CTX_get(bn_ctx);    y = BN_CTX_get(bn_ctx);    v = BN_CTX_get(bn_ctx);    two = BN_CTX_get(bn_ctx);    three = BN_CTX_get(bn_ctx);    four = BN_CTX_get(bn_ctx);    six = BN_CTX_get(bn_ctx);    twentyseven = BN_CTX_get(bn_ctx);    tmp = BN_CTX_get(bn_ctx);    tmp2 = BN_CTX_get(bn_ctx);    bn_inv = BN_CTX_get(bn_ctx);    if (!bn_inv)        goto err;    /* Encrypt the Nonce using the symmetric key in */    x_mem = cipher_no_pad(ctx->ka_ctx, NULL, in, s, 1);    if (!x_mem)        goto err;    /* Fetch the curve parameters */    if (!EC_GROUP_get_curve_GFp(EC_KEY_get0_group(static_key), p, a, b, bn_ctx))        goto err;    /* Assign constants */    if (    !BN_set_word(two,2)||            !BN_set_word(three,3)||            !BN_set_word(four,4)||            !BN_set_word(six,6)||            !BN_set_word(twentyseven,27)            ) goto err;    /* Check prerequisites for curve parameters */    check(            /* p > 3;*/           (BN_cmp(p, three) == 1) &&           /* p mod 3 = 2; (p has the form p=q^n, q prime) */           BN_nnmod(tmp, p, three, bn_ctx) &&           (BN_cmp(tmp, two) == 0),        "Unsuited curve");    /* Convert encrypted nonce to BIGNUM */    u = BN_bin2bn((unsigned char *) x_mem->data, x_mem->length, u);    if (!u)        goto err;    if ( /* v = (3a - u^4) / 6u mod p */            !BN_mod_mul(tmp, three, a, p, bn_ctx) ||            !BN_mod_exp(tmp2, u, four, p, bn_ctx) ||            !BN_mod_sub(v, tmp, tmp2, p, bn_ctx) ||            !BN_mod_mul(tmp, u, six, p, bn_ctx) ||            /* For division within a galois field we need to compute             * the multiplicative inverse of a number */            !BN_mod_inverse(bn_inv, tmp, p, bn_ctx) ||            !BN_mod_mul(v, v, bn_inv, p, bn_ctx) ||            /* x = (v^2 - b - ((u^6)/27)) */            !BN_mod_sqr(tmp, v, p, bn_ctx) ||            !BN_mod_sub(tmp2, tmp, b, p, bn_ctx) ||            !BN_mod_exp(tmp, u, six, p, bn_ctx) ||            !BN_mod_inverse(bn_inv, twentyseven, p, bn_ctx) ||            !BN_mod_mul(tmp, tmp, bn_inv, p, bn_ctx) ||            !BN_mod_sub(x, tmp2, tmp, p, bn_ctx) ||            /* x -> x^(1/3) = x^((2p^n -1)/3) */            !BN_mul(tmp, two, p, bn_ctx) ||            !BN_sub(tmp, tmp, BN_value_one()) ||            /* Division is defined, because p^n = 2 mod 3 */            !BN_div(tmp, y, tmp, three, bn_ctx) ||            !BN_mod_exp(tmp2, x, tmp, p, bn_ctx) ||            !BN_copy(x, tmp2) ||            /* x += (u^2)/3 */            !BN_mod_sqr(tmp, u, p, bn_ctx) ||//.........这里部分代码省略.........

int main(int argc, const char *argv[]){	int r;	int ok = 0;	char *prog = "ecc";		// libpopt var	poptContext popt_ctx;	const char **rest;	int command = 0;	char *curve_name = "secp192k1";	int point_compressed = 0;	point_conversion_form_t point_form;	struct poptOption options[] = {		{"curve-name",		'c', POPT_ARG_STRING, &curve_name, 0,		"elliptic curve name", "NAME"},		{"point-compressed",	'z', POPT_ARG_NONE, &point_compressed, 0,	"point format, compress or uncompress", NULL},		{"print-curve",		'p', POPT_ARG_VAL, &command, ECC_PRINT,		"print elliptic curve parameters", NULL},		{"random-private-key",	 0,  POPT_ARG_VAL, &command, ECC_RAND_SKEY,	"random generate a private key/n", NULL},		{"random-keypair",	 0,  POPT_ARG_VAL, &command, ECC_RAND_KEYPAIR,	"generate a random key pair/n", NULL},		{"check-point",		'e', POPT_ARG_VAL, &command, ECC_CHECK_POINT,	"check if point is valid/n", NULL},		{"point-add",		'a', POPT_ARG_VAL, &command, ECC_ADD,		"elliptic curve point addition", NULL},		{"point-double",	'b', POPT_ARG_VAL, &command, ECC_DOUBLE,	"elliptic curve point double", NULL},		{"point-mul",		'x', POPT_ARG_VAL, &command, ECC_MUL,		"k*G", NULL},		{"point-mul-generator",	'X', POPT_ARG_VAL, &command, ECC_MUL_G,		"elliptic curve point scalar multiply", NULL},		{"point-invert",	'i', POPT_ARG_VAL, &command, ECC_INVERT,	"elliptic curve point inverse", NULL},		{"ecdsa-sign",		's', POPT_ARG_VAL, &command, ECC_SIGN,		"ecdsa sign", NULL},		{"ecdsa-verify",	'v', POPT_ARG_VAL, &command, ECC_VERIFY,	"ecdsa verify", NULL},		POPT_AUTOHELP		POPT_TABLEEND	};	// openssl var	EC_GROUP *ec_group = NULL;	EC_POINT *P = NULL;	EC_POINT *Q = NULL;	EC_POINT *R = NULL;	BIGNUM *k = BN_new();	BN_CTX *bn_ctx = BN_CTX_new();	// argument parsing	popt_ctx = poptGetContext(argv[0], argc, argv, options, 0);	if ((r = poptGetNextOpt(popt_ctx)) < -1) {		fprintf(stderr, "%s: bad argument %s: %s/n", argv[0], 			poptBadOption(popt_ctx, POPT_BADOPTION_NOALIAS), 			poptStrerror(r));		goto exit;	}	rest = poptGetArgs(popt_ctx);	// check arguments	ec_group = EC_GROUP_new_by_curve_name(OBJ_txt2nid(curve_name));	if (ec_group == NULL) {		fprintf(stderr, "%s: unknown curve name/n", prog);		goto exit;	}	P = EC_POINT_new(ec_group);	Q = EC_POINT_new(ec_group);	R = EC_POINT_new(ec_group);	point_form = point_compressed ? POINT_CONVERSION_COMPRESSED : POINT_CONVERSION_UNCOMPRESSED;	switch (command) {	case ECC_PRINT:		{		BIGNUM *p = BN_new();		BIGNUM *a = BN_new();		BIGNUM *b = BN_new();		char *generator;		BIGNUM *order = BN_new();		BIGNUM *cofactor = BN_new();		EC_GROUP_get_curve_GFp(ec_group, p, a, b, bn_ctx);		generator = EC_POINT_point2hex(ec_group, EC_GROUP_get0_generator(ec_group), point_form, bn_ctx);		EC_GROUP_get_order(ec_group, order, bn_ctx);		EC_GROUP_get_cofactor(ec_group, cofactor, bn_ctx);				fprintf(stdout, "Name      : %s/n", OBJ_nid2sn(EC_GROUP_get_curve_name(ec_group)));		fprintf(stdout, "FieldType : %s/n", "PrimeField");		fprintf(stdout, "Prime     : %s/n", BN_bn2hex(p));		fprintf(stdout, "A         : %s/n", BN_bn2hex(a));		fprintf(stdout, "B         : %s/n", BN_bn2hex(b));		fprintf(stdout, "Generator : %s/n", generator);		fprintf(stdout, "Order     : %s/n", BN_bn2hex(order));		fprintf(stdout, "Cofactor  : %s/n", BN_bn2hex(cofactor));		BN_free(p);		BN_free(a);		BN_free(b);		BN_free(order);		BN_free(cofactor);		break;		}	case ECC_CHECK_POINT:		{//.........这里部分代码省略.........

static void timings(EC_GROUP *group, int multi, BN_CTX *ctx)	{	clock_t clck;	int i, j;	BIGNUM *s, *s0;	EC_POINT *P;			s = BN_new();	s0 = BN_new();	if (s == NULL || s0 == NULL) ABORT;	if (!EC_GROUP_get_curve_GFp(group, s, NULL, NULL, ctx)) ABORT;	fprintf(stdout, "Timings for %d bit prime, ", (int)BN_num_bits(s));	if (!EC_GROUP_get_order(group, s, ctx)) ABORT;	fprintf(stdout, "%d bit scalars ", (int)BN_num_bits(s));	fflush(stdout);	P = EC_POINT_new(group);	if (P == NULL) ABORT;	EC_POINT_copy(P, EC_GROUP_get0_generator(group));	clck = clock();	for (i = 0; i < 10; i++)		{		if (!BN_pseudo_rand(s, BN_num_bits(s), 0, 0)) ABORT;		if (multi)			{			if (!BN_pseudo_rand(s0, BN_num_bits(s), 0, 0)) ABORT;			}		for (j = 0; j < 10; j++)			{			if (!EC_POINT_mul(group, P, s, multi ? P : NULL, multi ? s0 : NULL, ctx)) ABORT;			}		fprintf(stdout, ".");		fflush(stdout);		}	fprintf(stdout, "/n");		clck = clock() - clck;#ifdef CLOCKS_PER_SEC	/* "To determine the time in seconds, the value returned	 * by the clock function should be divided by the value	 * of the macro CLOCKS_PER_SEC."	 *                                       -- ISO/IEC 9899 */#	define UNIT "s"#else	/* "`CLOCKS_PER_SEC' undeclared (first use this function)"	 *                            -- cc on NeXTstep/OpenStep */#	define UNIT "units"#	define CLOCKS_PER_SEC 1#endif	fprintf(stdout, "%i %s in %.2f " UNIT "/n", i*j,		multi ? "s*P+t*Q operations" : "point multiplications",		(double)clck/CLOCKS_PER_SEC);	fprintf(stdout, "average: %.4f " UNIT "/n", (double)clck/(CLOCKS_PER_SEC*i*j));	EC_POINT_free(P);	BN_free(s);	BN_free(s0);	}

void Z_Gen(unsigned char *z, unsigned int klen, unsigned char *ID, unsigned char *x, unsigned char *y){	// Tsp 需要	// ZA=H256(ENTLA || IDA || a || b || xG || yG || xA || yA)。	BN_CTX *ctx = NULL;	ctx = BN_CTX_new();	EC_KEY *ec_key = EC_KEY_new_by_curve_name(NID_sm2p256v1);	const EC_GROUP *ec_group = EC_KEY_get0_group(ec_key);	BIGNUM *p = NULL, *a = NULL, *b = NULL, *gen = NULL,		*order = NULL, *cofactor = NULL;	if ((p = BN_new()) == NULL || (a = BN_new()) == NULL ||		(b = BN_new()) == NULL || (order = BN_new()) == NULL ||		(cofactor = BN_new()) == NULL) {			goto err;	}	int is_char_two = 0;	int tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(ec_group));	if (tmp_nid == NID_X9_62_characteristic_two_field)		is_char_two = 1;#ifndef OPENSSL_NO_EC2M	if (is_char_two) {		if (!EC_GROUP_get_curve_GF2m(ec_group, p, a, b, ctx)) {			goto err;		}	} else  /* prime field */#endif	{		if (!EC_GROUP_get_curve_GFp(ec_group, p, a, b, ctx)) {			goto err;		}	}	const EC_POINT *generator = EC_GROUP_get0_generator(ec_group);	unsigned char g[65];	EC_POINT_point2oct(ec_group, generator, POINT_CONVERSION_UNCOMPRESSED, g, ECDH_SIZE, NULL);	sm3_ctx_t ctx2;	sm3_init(&ctx2);	unsigned char entla[2];	entla[0] = (klen / 32);	entla[1] = (klen * 8);	sm3_update(&ctx2, entla, sizeof(entla));	sm3_update(&ctx2, ID, klen);	unsigned char buffer[32];	BN_bn2bin(a, buffer);	sm3_update(&ctx2, buffer, 32);	BN_bn2bin(b, buffer);	sm3_update(&ctx2, buffer, 32);	sm3_update(&ctx2, g + 1, 64);	sm3_update(&ctx2, x, 32);	sm3_update(&ctx2, y, 32);	sm3_final(&ctx2, z);err:	return;}