自学教程：C++ EC_GROUP_new_by_curve_name函数代码示例

static int generate_ec_keypair(EVP_PKEY* pkey, const keymaster_ec_keygen_params_t* ec_params) {    Unique_EC_GROUP group;    switch (ec_params->field_size) {    case 224:        group.reset(EC_GROUP_new_by_curve_name(NID_secp224r1));        break;    case 256:        group.reset(EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));        break;    case 384:        group.reset(EC_GROUP_new_by_curve_name(NID_secp384r1));        break;    case 521:        group.reset(EC_GROUP_new_by_curve_name(NID_secp521r1));        break;    default:        break;    }    if (group.get() == NULL) {        logOpenSSLError("generate_ec_keypair");        return -1;    }#if !defined(OPENSSL_IS_BORINGSSL)    EC_GROUP_set_point_conversion_form(group.get(), POINT_CONVERSION_UNCOMPRESSED);    EC_GROUP_set_asn1_flag(group.get(), OPENSSL_EC_NAMED_CURVE);#endif    /* initialize EC key */    Unique_EC_KEY eckey(EC_KEY_new());    if (eckey.get() == NULL) {        logOpenSSLError("generate_ec_keypair");        return -1;    }    if (EC_KEY_set_group(eckey.get(), group.get()) != 1) {        logOpenSSLError("generate_ec_keypair");        return -1;    }    if (EC_KEY_generate_key(eckey.get()) != 1 || EC_KEY_check_key(eckey.get()) < 0) {        logOpenSSLError("generate_ec_keypair");        return -1;    }    if (EVP_PKEY_assign_EC_KEY(pkey, eckey.get()) == 0) {        logOpenSSLError("generate_ec_keypair");        return -1;    }    release_because_ownership_transferred(eckey);    return 0;}

void openssl_ec_crypt(){	BIO *berr;	EC_KEY *key1, *key2;	unsigned int sig_len;	int clen, len1, len2;	EC_builtin_curve *curves;	EC_GROUP *group1, *group2;	const EC_KEY *key3, *key4;	const EC_GROUP *group3, *group4;	const EC_POINT *pubkey1, *pubkey2;	unsigned char shareKey1[COMM_LEN], shareKey2[COMM_LEN];	unsigned char *signature, cont[COMM_LEN] = "123456";	key1 = EC_KEY_new();	key2 = EC_KEY_new();	clen = EC_get_builtin_curves(NULL, 0);	curves = (EC_builtin_curve *) malloc(sizeof(EC_builtin_curve) * clen);	EC_get_builtin_curves(curves, clen);	group1 = EC_GROUP_new_by_curve_name(curves[25].nid);	group2 = EC_GROUP_new_by_curve_name(curves[25].nid);	group3 = group1;	group4 = group2;	EC_KEY_set_group(key1, group3);	EC_KEY_set_group(key2, group4);	EC_KEY_generate_key(key1);	EC_KEY_generate_key(key2);	EC_KEY_check_key(key1);	key3 = key1;	key4 = key2;	printf("/nECDSA_size: %d/n", ECDSA_size(key3));	signature = (unsigned char *)malloc(ECDSA_size(key3));	ERR_load_crypto_strings();	berr = BIO_new(BIO_s_file());	BIO_set_fp(berr, stdout, BIO_NOCLOSE);	ECDSA_sign(0, cont, 8, signature, &sig_len, key1);	ECDSA_verify(0, cont, 8, signature, sig_len, key1);	pubkey1 = EC_KEY_get0_public_key(key1);	pubkey2 = EC_KEY_get0_public_key(key2);	len1 = ECDH_compute_key(shareKey1, COMM_LEN, pubkey2, key1, NULL);	len2 = ECDH_compute_key(shareKey2, COMM_LEN, pubkey1, key1, NULL);	if (len1 != len2 || memcmp(shareKey1, shareKey2, len1) != 0) {		printf("ECDH_compute_key err!/n");		return;	}	BIO_free(berr);	EC_KEY_free(key1);	EC_KEY_free(key2);	free(signature);	free(curves);}

secret_parameter deterministic_wallet::generate_secret(    size_t n, bool for_change) const{    if (seed_.empty())        return null_hash;    ssl_bignum z;    hash_digest sequence = get_sequence(n, for_change);    BN_bin2bn(sequence.data(), sequence.size(), z);    ec_group group(EC_GROUP_new_by_curve_name(NID_secp256k1));    ssl_bignum order;    bn_ctx ctx(BN_CTX_new());    EC_GROUP_get_order(group, order, ctx);    // secexp = (stretched_seed + z) % order    ssl_bignum secexp;    BN_bin2bn(stretched_seed_.data(), stretched_seed_.size(), secexp);    BN_add(secexp, secexp, z);    BN_mod(secexp, secexp, order, ctx);    secret_parameter secret;    int secexp_bytes_size = BN_num_bytes(secexp);    BITCOIN_ASSERT(secexp_bytes_size >= 0 &&        static_cast<size_t>(BN_num_bytes(secexp)) <= secret.size());    // If bignum value begins with 0x00, then    // SSL will skip to the first significant digit.    size_t copy_offset = secret.size() - BN_num_bytes(secexp);    BN_bn2bin(secexp, secret.data() + copy_offset);    // Zero out beginning 0x00 bytes (if they exist).    std::fill(secret.begin(), secret.begin() + copy_offset, 0x00);    return secret;}

	void crypt_ec_helper::save_key_pair(std::string path, EC_KEY *keypair)	{		BIO *out;		int i;		FILE* outfile;		EVP_PKEY          *pkey = NULL;		ERR_load_BIO_strings();		ERR_load_crypto_strings();		pkey = EVP_PKEY_new();		EVP_PKEY_assign_EC_KEY(pkey, keypair);		EC_GROUP *ecgroup = EC_GROUP_new_by_curve_name(NID_secp256k1);		outfile = fopen(path.c_str(), "w");		out = BIO_new(BIO_s_file());		out = BIO_new_fp(outfile, BIO_NOCLOSE);		EC_KEY_set_asn1_flag(keypair, OPENSSL_EC_NAMED_CURVE);		i = PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, 0, NULL);		fclose(outfile);		EC_GROUP_free(ecgroup);		EVP_PKEY_free(pkey);		BIO_free_all(out);	}

blob WSService::pubkey_from_cert(X509* x509) {	std::runtime_error e("Certificate error");	EC_GROUP* ec_group = EC_GROUP_new_by_curve_name(OBJ_sn2nid("prime256v1"));	BN_CTX* bn_ctx = BN_CTX_new();	std::vector<uint8_t> raw_public(33);	try {		if(ec_group == NULL || bn_ctx == NULL) throw e;		EVP_PKEY* remote_pkey = X509_get_pubkey(x509);	if(remote_pkey == NULL) throw e;		EC_KEY* remote_eckey = EVP_PKEY_get1_EC_KEY(remote_pkey);	if(remote_eckey == NULL) throw e;		const EC_POINT* remote_pubkey = EC_KEY_get0_public_key(remote_eckey);	if(remote_pubkey == NULL) throw e;		EC_POINT_point2oct(ec_group, remote_pubkey, POINT_CONVERSION_COMPRESSED, raw_public.data(), raw_public.size(), bn_ctx);	}catch(...){		BN_CTX_free(bn_ctx); EC_GROUP_free(ec_group);		bn_ctx = NULL; ec_group = NULL;		throw;	}	BN_CTX_free(bn_ctx); EC_GROUP_free(ec_group);	return raw_public;}

bool CECKey::TweakSecret(unsigned char vchSecretOut[32], const unsigned char vchSecretIn[32], const unsigned char vchTweak[32]){    bool ret = true;    BN_CTX *ctx = BN_CTX_new();    BN_CTX_start(ctx);    BIGNUM *bnSecret = BN_CTX_get(ctx);    BIGNUM *bnTweak = BN_CTX_get(ctx);    BIGNUM *bnOrder = BN_CTX_get(ctx);    EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_secp256k1);    EC_GROUP_get_order(group, bnOrder, ctx); // what a grossly inefficient way to get the (constant) group order...    BN_bin2bn(vchTweak, 32, bnTweak);    if (BN_cmp(bnTweak, bnOrder) >= 0)        ret = false; // extremely unlikely    BN_bin2bn(vchSecretIn, 32, bnSecret);    BN_add(bnSecret, bnSecret, bnTweak);    BN_nnmod(bnSecret, bnSecret, bnOrder, ctx);    if (BN_is_zero(bnSecret))        ret = false; // ridiculously unlikely    int nBits = BN_num_bits(bnSecret);    memset(vchSecretOut, 0, 32);    BN_bn2bin(bnSecret, &vchSecretOut[32-(nBits+7)/8]);    EC_GROUP_free(group);    BN_CTX_end(ctx);    BN_CTX_free(ctx);    return ret;}

int HDW_public_data_from_private_data(uint8_t *key_data, size_t key_data_len, BIGNUM *public_compressed_key) {    int res = 1;    EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_secp256k1);    BIGNUM *priv = BN_new();    EC_POINT *ec_point = EC_POINT_new(group);    FCHK_SET(BN_bin2bn(key_data, (int) key_data_len, priv), ==0, res, fail, 0);    // Generate public key.    FCHK(EC_POINT_mul(group, ec_point, priv, NULL, NULL, NULL), ==0, res, fail);    FCHK_SET(EC_POINT_point2bn(group, ec_point, POINT_CONVERSION_COMPRESSED, public_compressed_key, NULL), ==0, res,             fail, 0);    FCHK_SET(BN_num_bytes(public_compressed_key), !=33, res, fail, 0);    fail:    if (res == 0) {        BN_zero(public_compressed_key);    }    EC_POINT_free(ec_point);    BN_free(priv);    EC_GROUP_free(group);    return res;}

int verify_x962_octets_are_on_p256(const unsigned char* octets, size_t len) {  assert(octets);  assert(len);  EC_GROUP* p256group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);  if (!p256group) {    fprintf(stderr, "error: EC_GROUP_new_by_curve_name() failed./n");    return 4;  }  EC_POINT* point = EC_POINT_new(p256group);  if (!point) {    fprintf(stderr, "error: EC_POINT_new() failed./n");    EC_GROUP_free(p256group);    return 4;  }  if (0 == EC_POINT_oct2point(p256group, point, octets, len, NULL)) {    fprintf(stderr, "error: EC_POINT_oct2point() failed./n");    EC_POINT_free(point);    EC_GROUP_free(p256group);    return 4;  }  if (0 == EC_POINT_is_on_curve(p256group, point, NULL)) {    fprintf(stderr, "error: Public key point isn't on P-256 curve./n");    EC_POINT_free(point);    EC_GROUP_free(p256group);    return 4;  }  EC_POINT_free(point);  EC_GROUP_free(p256group);  return 0;}

EC_KEY *EC_KEY_new_by_curve_name_NID_secp256k1(void){	static EC_GROUP *group = NULL;	EC_KEY *ret = NULL;	if (group == NULL) {#ifdef HAVE_NID_secp256k1		group = EC_GROUP_new_by_curve_name(NID_secp256k1);#else		group = ec_group_new_from_data(&EC_SECG_PRIME_256K1.h);#endif		if (group == NULL) {			return NULL;		}	}	ret = EC_KEY_new();	if (ret == NULL) {		return NULL;	}	EC_KEY_set_group(ret, group);	return ret;}

secret_parameter deterministic_wallet::generate_secret(    size_t n, bool for_change){    if (seed_.empty())        return null_hash;    ssl_bignum z;    hash_digest sequence = get_sequence(n, for_change);    BN_bin2bn(sequence.data(), sequence.size(), z);    ec_group group(EC_GROUP_new_by_curve_name(NID_secp256k1));    ssl_bignum order;    bn_ctx ctx(BN_CTX_new());    EC_GROUP_get_order(group, order, ctx);    // secexp = (stretched_seed + z) % order    ssl_bignum secexp;    BN_bin2bn(stretched_seed_.data(), stretched_seed_.size(), secexp);    BN_add(secexp, secexp, z);    BN_mod(secexp, secexp, order, ctx);    secret_parameter secret;    BITCOIN_ASSERT(BN_num_bytes(secexp) == secret.size());    BN_bn2bin(secexp, secret.data());    return secret;}

int main(void) {    int i;    secp256k1_pubkey pubkey;    secp256k1_ecdsa_signature sig;    benchmark_verify_t data;    data.ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY);    for (i = 0; i < 32; i++) {        data.msg[i] = 1 + i;    }    for (i = 0; i < 32; i++) {        data.key[i] = 33 + i;    }    data.siglen = 72;    CHECK(secp256k1_ecdsa_sign(data.ctx, &sig, data.msg, data.key, NULL, NULL));    CHECK(secp256k1_ecdsa_signature_serialize_der(data.ctx, data.sig, &data.siglen, &sig));    CHECK(secp256k1_ec_pubkey_create(data.ctx, &pubkey, data.key));    data.pubkeylen = 33;    CHECK(secp256k1_ec_pubkey_serialize(data.ctx, data.pubkey, &data.pubkeylen, &pubkey, SECP256K1_EC_COMPRESSED) == 1);    run_benchmark("ecdsa_verify", benchmark_verify, NULL, NULL, &data, 10, 20000);#ifdef ENABLE_OPENSSL_TESTS    data.ec_group = EC_GROUP_new_by_curve_name(NID_secp256k1);    run_benchmark("ecdsa_verify_openssl", benchmark_verify_openssl, NULL, NULL, &data, 10, 20000);    EC_GROUP_free(data.ec_group);#endif    secp256k1_context_destroy(data.ctx);    return 0;}

int verification(    const unsigned char m[SHORTHASH_BYTES],const unsigned long long mlen,    const unsigned char sm[SIGNATURE_BYTES],const unsigned long long smlen,    const unsigned char pk[PUBLICKEY_BYTES],const unsigned long long pklen    ){  unsigned char h[20];  EC_GROUP *group;  EC_KEY *k;  EC_POINT *kxy;  BIGNUM *kx;  BIGNUM *ky;  ECDSA_SIG *rs;  int len;  if (smlen != SIGNATURE_BYTES) return -1;  if (mlen > SHORTHASH_BYTES) return -1;  SHA1(m,mlen,h);  group = EC_GROUP_new_by_curve_name(NID);  if (!group) return -1;  kx = BN_new(); if (!kx) return -1;  ky = BN_new(); if (!ky) { BN_free(kx); return -1; }  kxy = EC_POINT_new(group); if (!kxy) { BN_free(ky); BN_free(kx); return -1; }  k = EC_KEY_new(); if (!k) { EC_POINT_free(kxy); BN_free(ky); BN_free(kx); return -1; }  rs = ECDSA_SIG_new(); if (!rs) { EC_KEY_free(k); EC_POINT_free(kxy); BN_free(ky); BN_free(kx); return -1; }  if (!EC_KEY_set_group(k,group)) goto error;  if (!BN_bin2bn(pk,PRIME_BYTES,kx)) goto error; pk += PRIME_BYTES;  if (!BN_bin2bn(pk,PRIME_BYTES,ky)) goto error;#ifdef PRIME_FIELD  if (!EC_POINT_set_affine_coordinates_GFp(group,kxy,kx,ky,0)) goto error;#else  if (!EC_POINT_set_affine_coordinates_GF2m(group,kxy,kx,ky,0)) goto error;#endif  if (!EC_KEY_set_public_key(k,kxy)) goto error;  if (!BN_bin2bn(sm,PRIME_BYTES,rs->r)) goto error; sm += PRIME_BYTES;  if (!BN_bin2bn(sm,PRIME_BYTES,rs->s)) goto error;  len = ECDSA_do_verify(h,20,rs,k);  ECDSA_SIG_free(rs);  EC_KEY_free(k);  EC_POINT_free(kxy);  BN_free(ky);  BN_free(kx);  if (len == 1) return 0;  if (len == 0) return -100;  return -1;  error:  ECDSA_SIG_free(rs);  EC_KEY_free(k);  EC_POINT_free(kxy);  BN_free(ky);  BN_free(kx);  return -1;}

static intecdsa_private_key_import(hx509_context context,                         const AlgorithmIdentifier *keyai,                         const void *data,                         size_t len,                         hx509_key_format_t format,                         hx509_private_key private_key){    const unsigned char *p = data;    EC_KEY **pkey = NULL;    EC_KEY *key;    if (keyai->parameters) {        EC_GROUP *group;        int groupnid;        int ret;        ret = parse_ECParameters(context, keyai->parameters, &groupnid);        if (ret)            return ret;        key = EC_KEY_new();        if (key == NULL)            return ENOMEM;        group = EC_GROUP_new_by_curve_name(groupnid);        if (group == NULL) {            EC_KEY_free(key);            return ENOMEM;        }        EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);        if (EC_KEY_set_group(key, group) == 0) {            EC_KEY_free(key);            EC_GROUP_free(group);            return ENOMEM;        }        EC_GROUP_free(group);        pkey = &key;    }    switch (format) {    case HX509_KEY_FORMAT_DER:        private_key->private_key.ecdsa = d2i_ECPrivateKey(pkey, &p, len);        if (private_key->private_key.ecdsa == NULL) {            hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,                                   "Failed to parse EC private key");            return HX509_PARSING_KEY_FAILED;        }        private_key->signature_alg = ASN1_OID_ID_ECDSA_WITH_SHA256;        break;    default:        return HX509_CRYPTO_KEY_FORMAT_UNSUPPORTED;    }    return 0;}

	const EC_POINT* crypt_ec_helper::from_base58(std::string base58)	{		const char* psz = base58.c_str();		std::vector<unsigned char> vch;		// Skip leading spaces.		while (*psz && isspace(*psz))			psz++;		// Skip and count leading '1's.		int zeroes = 0;		while (*psz == '1') {			zeroes++;			psz++;		}		// Allocate enough space in big-endian base256 representation.		std::vector<unsigned char> b256(strlen(psz) * 733 / 1000 + 1); // log(58) / log(256), rounded up.		// Process the characters.		while (*psz && !isspace(*psz)) {			// Decode base58 character			const char* ch = strchr(pszBase58, *psz);			if (ch == NULL)					return NULL;			// Apply "b256 = b256 * 58 + ch".			int carry = ch - pszBase58;			for (std::vector<unsigned char>::reverse_iterator it = b256.rbegin(); it != b256.rend(); it++) {				carry += 58 * (*it);				*it = carry % 256;				carry /= 256;			}			assert(carry == 0);			psz++;		}		// Skip trailing spaces.		while (isspace(*psz))			psz++;		if (*psz != 0)			return NULL;		// Skip leading zeroes in b256.		std::vector<unsigned char>::iterator it = b256.begin();		while (it != b256.end() && *it == 0)			it++;		// Copy result into output vector.		vch.reserve(zeroes + (b256.end() - it));		vch.assign(zeroes, 0x00);		while (it != b256.end())			vch.push_back(*(it++));		EC_GROUP *ecgrp = EC_GROUP_new_by_curve_name(NID_secp256k1);		pub = EC_POINT_new(ecgrp);		size_t len = EC_POINT_oct2point(ecgrp, pub, vch.data(), vch.size(), NULL);		EC_GROUP_free(ecgrp);		return pub;	}

	EC_KEY* crypt_ec_helper::generate_key_pair()	{		eckey = EC_KEY_new();		EC_GROUP *ecgroup = EC_GROUP_new_by_curve_name(NID_secp256k1);		EC_KEY_set_group(eckey, ecgroup);		EC_KEY_generate_key(eckey);		EC_GROUP_free(ecgroup);		return eckey;	}

void internal_curve_test(void)	{	EC_builtin_curve *curves = NULL;	size_t crv_len = 0, n = 0;	int    ok = 1;	crv_len = EC_get_builtin_curves(NULL, 0);	curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len);	if (curves == NULL)		return;	if (!EC_get_builtin_curves(curves, crv_len))		{		OPENSSL_free(curves);		return;		}	fprintf(stdout, "testing internal curves: ");			for (n = 0; n < crv_len; n++)		{		EC_GROUP *group = NULL;		int nid = curves[n].nid;		if ((group = EC_GROUP_new_by_curve_name(nid)) == NULL)			{			ok = 0;			fprintf(stdout, "/nEC_GROUP_new_curve_name() failed with"				" curve %s/n", OBJ_nid2sn(nid));			/* try next curve */			continue;			}		if (!EC_GROUP_check(group, NULL))			{			ok = 0;			fprintf(stdout, "/nEC_GROUP_check() failed with"				" curve %s/n", OBJ_nid2sn(nid));			EC_GROUP_free(group);			/* try the next curve */			continue;			}		fprintf(stdout, ".");		fflush(stdout);		EC_GROUP_free(group);		}	if (ok)		fprintf(stdout, " ok/n");	else		fprintf(stdout, " failed/n");	OPENSSL_free(curves);	return;	}

void CBKeyGetPublicKey(uint8_t * privKey, uint8_t * pubKey){	BIGNUM * privBn = BN_bin2bn(privKey, 32, NULL);	EC_GROUP * group = EC_GROUP_new_by_curve_name(NID_secp256k1);	EC_POINT * point = EC_POINT_new(group);	BN_CTX * ctx = BN_CTX_new();	EC_POINT_mul(group, point, privBn, NULL, NULL, ctx);	EC_POINT_point2oct(group, point, POINT_CONVERSION_COMPRESSED, pubKey, 33, ctx);	BN_CTX_free(ctx);	EC_POINT_free(point);	EC_GROUP_free(group);	BN_free(privBn);}

static intparam_decode_gost01(EVP_PKEY *pkey, const unsigned char **pder, int derlen){	ASN1_OBJECT *obj = NULL;	int nid;	GOST_KEY *ec;	EC_GROUP *group;	int ret;	/* New format */	if ((V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED) == **pder)		return decode_gost01_algor_params(pkey, pder, derlen);	/* Compatibility */	if (d2i_ASN1_OBJECT(&obj, pder, derlen) == NULL) {		GOSTerr(GOST_F_PARAM_DECODE_GOST01, ERR_R_MALLOC_FAILURE);		return 0;	}	nid = OBJ_obj2nid(obj);	ASN1_OBJECT_free(obj);	ec = GOST_KEY_new();	if (ec == NULL) {		GOSTerr(GOST_F_PARAM_DECODE_GOST01, ERR_R_MALLOC_FAILURE);		return 0;	}	group = EC_GROUP_new_by_curve_name(nid);	if (group == NULL) {		GOSTerr(GOST_F_PARAM_DECODE_GOST01,		    EC_R_EC_GROUP_NEW_BY_NAME_FAILURE);		GOST_KEY_free(ec);		return 0;	}	EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);	if (GOST_KEY_set_group(ec, group) == 0) {		GOSTerr(GOST_F_PARAM_DECODE_GOST01, ERR_R_EC_LIB);		EC_GROUP_free(group);		GOST_KEY_free(ec);		return 0;	}	EC_GROUP_free(group);	if (GOST_KEY_set_digest(ec,	    NID_id_GostR3411_94_CryptoProParamSet) == 0) {		GOSTerr(GOST_F_PARAM_DECODE_GOST01, GOST_R_INVALID_DIGEST_TYPE);		GOST_KEY_free(ec);		return 0;	}	ret = EVP_PKEY_assign_GOST(pkey, ec);	if (ret == 0)		GOST_KEY_free(ec);	return ret;}

EC_KEY *EC_KEY_new_by_curve_name(int nid){    EC_KEY *ret = EC_KEY_new();    if (ret == NULL)        return NULL;    ret->group = EC_GROUP_new_by_curve_name(nid);    if (ret->group == NULL) {        EC_KEY_free(ret);        return NULL;    }    return ret;}

/** *  eccx08_eckey_convert() * * /brief Converts raw 64 bytes of public key (ATECC508 format) to the *  openssl EC_KEY structure. It allocates EC_KEY structure and *  does not free it (must be a caller to free) * * /param[out] p_eckey Pointer to EC_KEY with Public Key on success * /param[in] raw_pubkey Raw public key, 64 bytes length 32-byte X following with 32-byte Y * /param[in] serial_number 9 bytes of ATECCX08 serial number * /param[in] serial_len Size of the ATECCX08 serial number buffer * /return 1 on success, 0 on error */int eccx08_eckey_convert(EC_KEY **p_eckey, uint8_t *raw_pubkey, uint8_t *serial_number, int serial_len){    int rc = 0;    int ret = 0;    EC_GROUP *ecgroup = NULL, *ecgroup_old = NULL;    EC_KEY *eckey = *p_eckey;    EC_POINT *ecpoint = NULL;    BN_CTX *bnctx = NULL;    int asn1_flag = OPENSSL_EC_NAMED_CURVE;    point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;    char tmp_buf[MEM_BLOCK_SIZE * 2 + 1];    /* Openssl raw key has a leading byte with conversion form id */    tmp_buf[0] = POINT_CONVERSION_UNCOMPRESSED;    memcpy(&tmp_buf[1], raw_pubkey, MEM_BLOCK_SIZE * 2);    if (!eckey) {        eckey = EC_KEY_new();        if (!eckey) goto done;    }    ecgroup = eckey->group;    if (!ecgroup) {        ecgroup = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);        if (!ecgroup) goto done;        EC_GROUP_set_point_conversion_form(ecgroup, form);        EC_GROUP_set_asn1_flag(ecgroup, asn1_flag);    }    if (!eckey->group) {        ret = EC_KEY_set_group(eckey, ecgroup);        if (!ret) goto done;    }    ret = eccx08_generate_key(eckey, serial_number, serial_len);    if (!ret) goto done;    ecgroup = eckey->group;    ecpoint = eckey->pub_key;    if (!ecpoint) {        ecpoint = EC_POINT_new(ecgroup);        if (!ecpoint) goto done;    }    ret = EC_POINT_oct2point(ecgroup, ecpoint, tmp_buf, MEM_BLOCK_SIZE * 2 + 1, NULL);    if (!ret) goto done;    *p_eckey = eckey;    rc = 1;done:    return (rc);}

	std::string crypt_ec_helper::to_base58(const EC_POINT* public_key)	{		unsigned char *ret = new unsigned char[2048];		EC_GROUP *ecgrp = EC_GROUP_new_by_curve_name(NID_secp256k1);		size_t len = EC_POINT_point2oct(ecgrp, public_key, POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL);		EC_POINT_point2oct(ecgrp, public_key, POINT_CONVERSION_UNCOMPRESSED, ret, len, NULL);		unsigned char* pbegin = ret;		unsigned char* pend = ret + len;		// Skip & count leading zeroes.		int zeroes = 0;		int length = 0;		while (pbegin != pend && *pbegin == 0) {			pbegin++;			zeroes++;		}		// Allocate enough space in big-endian base58 representation.		int size = (pend - pbegin) * 138 / 100 + 1; // log(256) / log(58), rounded up.		std::vector<unsigned char> b58(size);		// Process the bytes.		while (pbegin != pend) {			int carry = *pbegin;			int i = 0;			// Apply "b58 = b58 * 256 + ch".			for (std::vector<unsigned char>::reverse_iterator it = b58.rbegin(); (carry != 0 || i < length) && (it != b58.rend()); it++, i++) {				carry += 256 * (*it);				*it = carry % 58;				carry /= 58;			}			assert(carry == 0);			length = i;			pbegin++;		}		// Skip leading zeroes in base58 result.		std::vector<unsigned char>::iterator it = b58.begin() + (size - length);		while (it != b58.end() && *it == 0)			it++;		// Translate the result into a string.		std::string str;		str.reserve(zeroes + (b58.end() - it));		str.assign(zeroes, '1');		while (it != b58.end())			str += pszBase58[*(it++)];		free(ret);		EC_GROUP_free(ecgrp);		return str;	}

u2fs_rc decode_user_key(const unsigned char *data, u2fs_EC_KEY_t ** key){  if (key == NULL)    return U2FS_MEMORY_ERROR;  EC_GROUP *ecg = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);  *key = (u2fs_EC_KEY_t *) EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);  EC_POINT *point = EC_POINT_new(ecg);  point_conversion_form_t pcf = POINT_CONVERSION_UNCOMPRESSED;  EC_GROUP_set_point_conversion_form(ecg, pcf);  if (EC_POINT_oct2point(ecg, point, data, U2FS_PUBLIC_KEY_LEN, NULL) == 0) {    if (debug) {      unsigned long err = 0;      err = ERR_get_error();      fprintf(stderr, "Error: %s, %s, %s/n",              ERR_lib_error_string(err),              ERR_func_error_string(err), ERR_reason_error_string(err));    }    *key = NULL;    EC_GROUP_free(ecg);    ecg = NULL;    EC_POINT_free(point);    point = NULL;    return U2FS_CRYPTO_ERROR;  }  EC_GROUP_free(ecg);  ecg = NULL;  if (EC_KEY_set_public_key((EC_KEY *) * key, point) == 0) {    if (debug) {      unsigned long err = 0;      err = ERR_get_error();      fprintf(stderr, "Error: %s, %s, %s/n",              ERR_lib_error_string(err),              ERR_func_error_string(err), ERR_reason_error_string(err));    }    *key = NULL;    EC_POINT_free(point);    point = NULL;    return U2FS_CRYPTO_ERROR;  }  EC_POINT_free(point);  point = NULL;  return U2FS_OK;}

int SecretToPublicKey(const ec_secret& secret, ec_point& out){    // -- public key = private * G    int rv = 0;        EC_GROUP* ecgrp = EC_GROUP_new_by_curve_name(NID_secp256k1);        if (!ecgrp)    {        LogPrintf("SecretToPublicKey(): EC_GROUP_new_by_curve_name failed./n");        return 1;    };    BIGNUM* bnIn = BN_bin2bn(&secret.e[0], ec_secret_size, BN_new());    if (!bnIn)    {        EC_GROUP_free(ecgrp);        LogPrintf("SecretToPublicKey(): BN_bin2bn failed/n");        return 1;    };        EC_POINT* pub = EC_POINT_new(ecgrp);            EC_POINT_mul(ecgrp, pub, bnIn, NULL, NULL, NULL);        BIGNUM* bnOut = EC_POINT_point2bn(ecgrp, pub, POINT_CONVERSION_COMPRESSED, BN_new(), NULL);    if (!bnOut)    {        LogPrintf("SecretToPublicKey(): point2bn failed/n");        rv = 1;    } else    {        out.resize(ec_compressed_size);        if (BN_num_bytes(bnOut) != (int) ec_compressed_size            || BN_bn2bin(bnOut, &out[0]) != (int) ec_compressed_size)        {            LogPrintf("SecretToPublicKey(): bnOut incorrect length./n");            rv = 1;        };                BN_free(bnOut);    };            EC_POINT_free(pub);    BN_free(bnIn);    EC_GROUP_free(ecgrp);        return rv;};

int priv_to_pub (unsigned char * const result, const size_t m, const unsigned char * const priv, const size_t n) {  int ret = 0;  int i = 0;  BIGNUM * privbn = 0;  BN_dec2bn(&privbn,"0");  BIGNUM * pow256 = 0;  BN_dec2bn(&pow256,"1");  BIGNUM * one256 = 0;  BN_dec2bn(&one256,"256");  const unsigned char * input_it = priv + n - 1;  for (i=0; i<n; i++) {    BIGNUM * input_bn = 0;    char * input_str = malloc(4);    sprintf(input_str,"%d",*input_it);    BN_dec2bn(&input_bn,input_str);    BN_CTX * ctx = BN_CTX_new();    BN_mul(input_bn, pow256, input_bn, ctx);    BN_add(privbn,privbn,input_bn);    BN_mul(pow256, pow256, one256, ctx);    BN_free(input_bn);    if (input_str != 0) {      free(input_str);    }    BN_CTX_free(ctx);    input_it--;  }  EC_GROUP * group = EC_GROUP_new_by_curve_name(NID_secp256k1);  EC_POINT * pub_key = EC_POINT_new(group);  BN_CTX * ctx = BN_CTX_new();  EC_POINT_mul(group, pub_key, privbn, 0, 0, ctx);  if (m == 65) {    EC_POINT_point2oct(group,pub_key,POINT_CONVERSION_UNCOMPRESSED,result,m,ctx);  }  else {    EC_POINT_point2oct(group,pub_key,POINT_CONVERSION_COMPRESSED,result,m,ctx);  }  EC_GROUP_free(group);  EC_POINT_free(pub_key);  BN_CTX_free(ctx);  BN_free(privbn);  BN_free(pow256);  BN_free(one256);  return(0);}

static EC_KEY *eckey_type2param(int ptype, void *pval)	{	EC_KEY *eckey = NULL;	if (ptype == V_ASN1_SEQUENCE)		{		ASN1_STRING *pstr = pval;		const unsigned char *pm = NULL;		int pmlen;		pm = pstr->data;		pmlen = pstr->length;		if (!(eckey = d2i_ECParameters(NULL, &pm, pmlen)))			{			ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR);			goto ecerr;			}		}	else if (ptype == V_ASN1_OBJECT)		{		ASN1_OBJECT *poid = pval;		EC_GROUP *group;		/* type == V_ASN1_OBJECT => the parameters are given		 * by an asn1 OID		 */		if ((eckey = EC_KEY_new()) == NULL)			{			ECerr(EC_F_ECKEY_TYPE2PARAM, ERR_R_MALLOC_FAILURE);			goto ecerr;			}		group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(poid));		if (group == NULL)			goto ecerr;		EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);		if (EC_KEY_set_group(eckey, group) == 0)			goto ecerr;		EC_GROUP_free(group);		}	else		{		ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR);		goto ecerr;		}	return eckey;	ecerr:	if (eckey)		EC_KEY_free(eckey);	return NULL;	}

void pki_evp::generate(int bits, int type, QProgressBar *progress, int curve_nid){	RSA *rsakey;	DSA *dsakey;	EC_KEY *eckey;	progress->setMinimum(0);	progress->setMaximum(100);	progress->setValue(50);	switch (type) {	case EVP_PKEY_RSA:		rsakey = RSA_generate_key(bits, 0x10001, inc_progress_bar,			progress);		if (rsakey)			EVP_PKEY_assign_RSA(key, rsakey);		break;	case EVP_PKEY_DSA:		progress->setMaximum(500);		dsakey = DSA_generate_parameters(bits, NULL, 0, NULL, NULL,				inc_progress_bar, progress);		DSA_generate_key(dsakey);		if (dsakey)			EVP_PKEY_assign_DSA(key, dsakey);		break;	case EVP_PKEY_EC:		EC_GROUP *group = EC_GROUP_new_by_curve_name(curve_nid);		if (!group)			break;		eckey = EC_KEY_new();		if (eckey == NULL) {			EC_GROUP_free(group);			break;		}		EC_GROUP_set_asn1_flag(group, 1);		if (EC_KEY_set_group(eckey, group)) {			if (EC_KEY_generate_key(eckey)) {				EVP_PKEY_assign_EC_KEY(key, eckey);				EC_GROUP_free(group);				break;			}		}		EC_KEY_free(eckey);		EC_GROUP_free(group);		break;	}	pki_openssl_error();	encryptKey();}

static int ssl_ec_point_offer(SSL_ECDH_CTX *ctx, CBB *out) {  assert(ctx->data == NULL);  BIGNUM *private_key = BN_new();  if (private_key == NULL) {    return 0;  }  ctx->data = private_key;  /* Set up a shared |BN_CTX| for all operations. */  BN_CTX *bn_ctx = BN_CTX_new();  if (bn_ctx == NULL) {    return 0;  }  BN_CTX_start(bn_ctx);  int ret = 0;  EC_POINT *public_key = NULL;  EC_GROUP *group = EC_GROUP_new_by_curve_name(ctx->method->nid);  if (group == NULL) {    goto err;  }  /* Generate a private key. */  const BIGNUM *order = EC_GROUP_get0_order(group);  do {    if (!BN_rand_range(private_key, order)) {      goto err;    }  } while (BN_is_zero(private_key));  /* Compute the corresponding public key and serialize it. */  public_key = EC_POINT_new(group);  if (public_key == NULL ||      !EC_POINT_mul(group, public_key, private_key, NULL, NULL, bn_ctx) ||      !EC_POINT_point2cbb(out, group, public_key, POINT_CONVERSION_UNCOMPRESSED,                          bn_ctx)) {    goto err;  }  ret = 1;err:  EC_GROUP_free(group);  EC_POINT_free(public_key);  BN_CTX_end(bn_ctx);  BN_CTX_free(bn_ctx);  return ret;}