自学教程：C++ EC_KEY_get0_public_key函数代码示例

static void CheckPublicKey(X509 *x509, struct tm tm_after){	EVP_PKEY *pkey = X509_get_pubkey(x509);	if (pkey == NULL)	{		SetError(ERR_UNKNOWN_PUBLIC_KEY_TYPE);	}	else if (EVP_PKEY_base_id(pkey) == EVP_PKEY_RSA)	{		RSA *rsa = EVP_PKEY_get1_RSA(pkey);		if (rsa == NULL)		{			SetError(ERR_INVALID);			RSA_free(rsa);			return;		}		const BIGNUM *n, *e;		RSA_get0_key(rsa, &n, &e, NULL);		if (n == NULL || e == NULL)		{			SetError(ERR_INVALID);			RSA_free(rsa);			return;		}		if (!GetBit(errors, ERR_INVALID_TIME_FORMAT))		{			if (tm_after.tm_year >= 114 && BN_num_bits(n) < 2048)			{				SetError(ERR_RSA_SIZE_2048);			}		}		if (BN_is_odd(e) == 0)		{			SetError(ERR_RSA_EXP_NOT_ODD);		}		BIGNUM *i = BN_new();		BN_set_word(i, 3);		if (BN_cmp(e, i) < 0)		{			SetError(ERR_RSA_EXP_3);		}		else		{			BN_set_word(i, 0x10001);			if (BN_cmp(e, i) < 0)			{				SetWarning(WARN_RSA_EXP_RANGE);			}			BN_hex2bn(&i, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF");			if (BN_cmp(e, i) > 0)			{				SetWarning(WARN_RSA_EXP_RANGE);			}		}		BN_CTX *ctx = BN_CTX_new();		if (BN_gcd(i, n, bn_factors, ctx) == 0 || !BN_is_one(i))		{			SetError(ERR_RSA_SMALL_FACTOR);		}		BN_free(i);		BN_CTX_free(ctx);		RSA_free(rsa);	}	else if (EVP_PKEY_base_id(pkey) == EVP_PKEY_EC)	{		EC_KEY *ec_key = EVP_PKEY_get1_EC_KEY(pkey);		const EC_GROUP *group = EC_KEY_get0_group(ec_key);		const EC_POINT *point = EC_KEY_get0_public_key(ec_key);		BN_CTX *ctx = BN_CTX_new();		BIGNUM *order = BN_new();		EC_GROUP_get_order(group, order, ctx);		if (EC_POINT_is_at_infinity(group, point))		{			SetError(ERR_EC_AT_INFINITY);		}		if (EC_POINT_is_on_curve(group, point, ctx) != 1)		{			SetError(ERR_EC_POINT_NOT_ON_CURVE);		}		EC_POINT *result = EC_POINT_new(group);		if (BN_is_zero(order))		{			SetError(ERR_EC_INVALID_GROUP_ORDER);		}		EC_POINT_mul(group, result, NULL, point, order, ctx);		if (!EC_POINT_is_at_infinity(group, result))		{			SetError(ERR_EC_INCORRECT_ORDER);		}		int nid = EC_GROUP_get_curve_name(group);		if (nid != NID_X9_62_prime256v1 && nid != NID_secp384r1 && nid != NID_secp521r1)		{			SetError(ERR_EC_NON_ALLOWED_CURVE);		}		EC_POINT_free(result);		BN_free(order);		BN_CTX_free(ctx);		EC_KEY_free(ec_key);//.........这里部分代码省略.........

intncrackssh_input_kex_ecdh_reply(ncrack_ssh_state *nstate){	//struct ssh *ssh = ctxt;	struct kex *kex = nstate->kex;	const EC_GROUP *group;	EC_POINT *server_public = NULL;	EC_KEY *client_key;	BIGNUM *shared_secret = NULL;	struct sshkey *server_host_key = NULL;	u_char *server_host_key_blob = NULL, *signature = NULL;	u_char *kbuf = NULL;	u_char hash[SSH_DIGEST_MAX_LENGTH];	size_t slen, sbloblen;	size_t klen = 0, hashlen;	int r;  //printf("KEX ECDH REPLY/n");	if (kex->verify_host_key == NULL) {		r = SSH_ERR_INVALID_ARGUMENT;		goto out;	}	group = kex->ec_group;	client_key = kex->ec_client_key;	/* hostkey */	if ((r = sshpkt_get_string(nstate, &server_host_key_blob,	    &sbloblen)) != 0 ||	    (r = sshkey_from_blob(server_host_key_blob, sbloblen,	    &server_host_key)) != 0)		goto out;	if (server_host_key->type != kex->hostkey_type ||	    (kex->hostkey_type == KEY_ECDSA &&	    server_host_key->ecdsa_nid != kex->hostkey_nid)) {		r = SSH_ERR_KEY_TYPE_MISMATCH;		goto out;	}	if (kex->verify_host_key(server_host_key, nstate) == -1) {		r = SSH_ERR_SIGNATURE_INVALID;		goto out;	}  //printf("before EC_POINT NEW/n");	/* Q_S, server public key */	/* signed H */	if ((server_public = EC_POINT_new(group)) == NULL) {		r = SSH_ERR_ALLOC_FAIL;		goto out;	}	if ((r = sshpkt_get_ec(nstate, server_public, group)) != 0 ||	    (r = sshpkt_get_string(nstate, &signature, &slen)) != 0 ||	    (r = sshpkt_get_end(nstate)) != 0)		goto out;#ifdef DEBUG_KEXECDH	fputs("server public key:/n", stderr);	sshkey_dump_ec_point(group, server_public);#endif	if (sshkey_ec_validate_public(group, server_public) != 0) {		sshpkt_disconnect(nstate, "invalid server public key");		r = SSH_ERR_MESSAGE_INCOMPLETE;		goto out;	}	klen = (EC_GROUP_get_degree(group) + 7) / 8;	if ((kbuf = malloc(klen)) == NULL ||	    (shared_secret = BN_new()) == NULL) {		r = SSH_ERR_ALLOC_FAIL;		goto out;	}	if (ECDH_compute_key(kbuf, klen, server_public, client_key, NULL) != (int)klen) {    r = SSH_ERR_LIBCRYPTO_ERROR;		goto out;  }  if (BN_bin2bn(kbuf, klen, shared_secret) == NULL) {		r = SSH_ERR_LIBCRYPTO_ERROR;		goto out;	}#ifdef DEBUG_KEXECDH	dump_digest("shared secret", kbuf, klen);#endif	/* calc and verify H */	hashlen = sizeof(hash);	if ((r = kex_ecdh_hash(	    kex->hash_alg,	    group,	    kex->client_version_string,	    kex->server_version_string,	    sshbuf_ptr(kex->my), sshbuf_len(kex->my),	    sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),	    server_host_key_blob, sbloblen,	    EC_KEY_get0_public_key(client_key),	    server_public,//.........这里部分代码省略.........

intsshbuf_put_eckey(struct sshbuf *buf, const EC_KEY *v){	return sshbuf_put_ec(buf, EC_KEY_get0_public_key(v),	    EC_KEY_get0_group(v));}

static krb5_error_codegenerate_dh_keyblock(krb5_context context,		     pk_client_params *client_params,                     krb5_enctype enctype){    unsigned char *dh_gen_key = NULL;    krb5_keyblock key;    krb5_error_code ret;    size_t dh_gen_keylen, size;    memset(&key, 0, sizeof(key));    if (client_params->keyex == USE_DH) {	if (client_params->u.dh.public_key == NULL) {	    ret = KRB5KRB_ERR_GENERIC;	    krb5_set_error_message(context, ret, "public_key");	    goto out;	}	if (!DH_generate_key(client_params->u.dh.key)) {	    ret = KRB5KRB_ERR_GENERIC;	    krb5_set_error_message(context, ret,				   "Can't generate Diffie-Hellman keys");	    goto out;	}	size = DH_size(client_params->u.dh.key);	dh_gen_key = malloc(size);	if (dh_gen_key == NULL) {	    ret = ENOMEM;	    krb5_set_error_message(context, ret, "malloc: out of memory");	    goto out;	}	dh_gen_keylen = DH_compute_key(dh_gen_key,client_params->u.dh.public_key, client_params->u.dh.key);	if (dh_gen_keylen == (size_t)-1) {	    ret = KRB5KRB_ERR_GENERIC;	    krb5_set_error_message(context, ret,				   "Can't compute Diffie-Hellman key");	    goto out;	}	if (dh_gen_keylen < size) {	    size -= dh_gen_keylen;	    memmove(dh_gen_key + size, dh_gen_key, dh_gen_keylen);	    memset(dh_gen_key, 0, size);	}	ret = 0;#ifdef HAVE_OPENSSL    } else if (client_params->keyex == USE_ECDH) {	if (client_params->u.ecdh.public_key == NULL) {	    ret = KRB5KRB_ERR_GENERIC;	    krb5_set_error_message(context, ret, "public_key");	    goto out;	}	client_params->u.ecdh.key = EC_KEY_new();	if (client_params->u.ecdh.key == NULL) {	    ret = ENOMEM;	    goto out;	}	EC_KEY_set_group(client_params->u.ecdh.key,			 EC_KEY_get0_group(client_params->u.ecdh.public_key));	if (EC_KEY_generate_key(client_params->u.ecdh.key) != 1) {	    ret = ENOMEM;	    goto out;	}	size = (EC_GROUP_get_degree(EC_KEY_get0_group(client_params->u.ecdh.key)) + 7) / 8;	dh_gen_key = malloc(size);	if (dh_gen_key == NULL) {	    ret = ENOMEM;	    krb5_set_error_message(context, ret,				   N_("malloc: out of memory", ""));	    goto out;	}	dh_gen_keylen = ECDH_compute_key(dh_gen_key, size,					 EC_KEY_get0_public_key(client_params->u.ecdh.public_key),					 client_params->u.ecdh.key, NULL);#endif /* HAVE_OPENSSL */    } else {	ret = KRB5KRB_ERR_GENERIC;	krb5_set_error_message(context, ret,			       "Diffie-Hellman not selected keys");	goto out;    }    ret = _krb5_pk_octetstring2key(context,				   enctype,				   dh_gen_key, dh_gen_keylen,				   NULL, NULL,				   &client_params->reply_key); out://.........这里部分代码省略.........

int ssh_server_ecdh_init(ssh_session session, ssh_buffer packet){    /* ECDH keys */    ssh_string q_c_string;    ssh_string q_s_string;    EC_KEY *ecdh_key;    const EC_GROUP *group;    const EC_POINT *ecdh_pubkey;    bignum_CTX ctx;    /* SSH host keys (rsa,dsa,ecdsa) */    ssh_key privkey;    ssh_string sig_blob = NULL;    int len;    int rc;    /* Extract the client pubkey from the init packet */    q_c_string = ssh_buffer_get_ssh_string(packet);    if (q_c_string == NULL) {        ssh_set_error(session,SSH_FATAL, "No Q_C ECC point in packet");        return SSH_ERROR;    }    session->next_crypto->ecdh_client_pubkey = q_c_string;    /* Build server's keypair */    ctx = BN_CTX_new();    ecdh_key = EC_KEY_new_by_curve_name(NISTP256);    if (ecdh_key == NULL) {        ssh_set_error_oom(session);        BN_CTX_free(ctx);        return SSH_ERROR;    }    group = EC_KEY_get0_group(ecdh_key);    EC_KEY_generate_key(ecdh_key);    ecdh_pubkey = EC_KEY_get0_public_key(ecdh_key);    len = EC_POINT_point2oct(group,                             ecdh_pubkey,                             POINT_CONVERSION_UNCOMPRESSED,                             NULL,                             0,                             ctx);    q_s_string = ssh_string_new(len);    if (q_s_string == NULL) {        EC_KEY_free(ecdh_key);        BN_CTX_free(ctx);        return SSH_ERROR;    }    EC_POINT_point2oct(group,                       ecdh_pubkey,                       POINT_CONVERSION_UNCOMPRESSED,                       ssh_string_data(q_s_string),                       len,                       ctx);    BN_CTX_free(ctx);    session->next_crypto->ecdh_privkey = ecdh_key;    session->next_crypto->ecdh_server_pubkey = q_s_string;    /* build k and session_id */    rc = ecdh_build_k(session);    if (rc < 0) {        ssh_set_error(session, SSH_FATAL, "Cannot build k number");        return SSH_ERROR;    }    /* privkey is not allocated */    rc = ssh_get_key_params(session, &privkey);    if (rc == SSH_ERROR) {        return SSH_ERROR;    }    rc = ssh_make_sessionid(session);    if (rc != SSH_OK) {        ssh_set_error(session, SSH_FATAL, "Could not create a session id");        return SSH_ERROR;    }    sig_blob = ssh_srv_pki_do_sign_sessionid(session, privkey);    if (sig_blob == NULL) {        ssh_set_error(session, SSH_FATAL, "Could not sign the session id");        return SSH_ERROR;    }    rc = ssh_buffer_pack(session->out_buffer,                         "bSSS",                         SSH2_MSG_KEXDH_REPLY,                         session->next_crypto->server_pubkey, /* host's pubkey */                         q_s_string, /* ecdh public key */                         sig_blob); /* signature blob */    ssh_string_free(sig_blob);    if (rc != SSH_OK) {        ssh_set_error_oom(session);        return SSH_ERROR;    }//.........这里部分代码省略.........

static int do_EC_KEY_print(BIO *bp, const EC_KEY *x, int off, int ktype){    unsigned char *buffer = NULL;    const char *ecstr;    size_t buf_len = 0, i;    int ret = 0, reason = ERR_R_BIO_LIB;    BIGNUM *pub_key = NULL, *order = NULL;    BN_CTX *ctx = NULL;    const EC_GROUP *group;    const EC_POINT *public_key;    const BIGNUM *priv_key;    if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL) {        reason = ERR_R_PASSED_NULL_PARAMETER;        goto err;    }    ctx = BN_CTX_new();    if (ctx == NULL) {        reason = ERR_R_MALLOC_FAILURE;        goto err;    }    if (ktype > 0) {        public_key = EC_KEY_get0_public_key(x);        if (public_key != NULL) {            if ((pub_key = EC_POINT_point2bn(group, public_key,                                             EC_KEY_get_conv_form(x), NULL,                                             ctx)) == NULL) {                reason = ERR_R_EC_LIB;                goto err;            }            buf_len = (size_t)BN_num_bytes(pub_key);        }    }    if (ktype == 2) {        priv_key = EC_KEY_get0_private_key(x);        if (priv_key && (i = (size_t)BN_num_bytes(priv_key)) > buf_len)            buf_len = i;    } else        priv_key = NULL;    if (ktype > 0) {        buf_len += 10;        if ((buffer = OPENSSL_malloc(buf_len)) == NULL) {            reason = ERR_R_MALLOC_FAILURE;            goto err;        }    }    if (ktype == 2)        ecstr = "Private-Key";    else if (ktype == 1)        ecstr = "Public-Key";    else        ecstr = "ECDSA-Parameters";    if (!BIO_indent(bp, off, 128))        goto err;    if ((order = BN_new()) == NULL)        goto err;    if (!EC_GROUP_get_order(group, order, NULL))        goto err;    if (BIO_printf(bp, "%s: (%d bit)/n", ecstr, BN_num_bits(order)) <= 0)        goto err;    if ((priv_key != NULL) && !ASN1_bn_print(bp, "priv:", priv_key,                                             buffer, off))        goto err;    if ((pub_key != NULL) && !ASN1_bn_print(bp, "pub: ", pub_key,                                            buffer, off))        goto err;    if (!ECPKParameters_print(bp, group, off))        goto err;    ret = 1; err:    if (!ret)        ECerr(EC_F_DO_EC_KEY_PRINT, reason);    BN_free(pub_key);    BN_free(order);    BN_CTX_free(ctx);    OPENSSL_free(buffer);    return (ret);}

static bool _EC_public_fields(        const cjose_jwk_t *jwk, json_t *json, cjose_err *err){    ec_keydata      *keydata = (ec_keydata *)jwk->keydata;    const EC_GROUP  *params = NULL;    const EC_POINT  *pub = NULL;    BIGNUM          *bnX = NULL,                    *bnY = NULL;    uint8_t         *buffer = NULL;    char            *b64u = NULL;    size_t          len = 0,                    offset = 0;    json_t          *field = NULL;    bool            result = false;    // track expected binary data size    uint8_t     numsize = _ec_size_for_curve(keydata->crv, err);    // output the curve    field = json_string(_ec_name_for_curve(keydata->crv, err));    if (!field)    {        CJOSE_ERROR(err, CJOSE_ERR_NO_MEMORY);        goto _ec_to_string_cleanup;    }    json_object_set(json, "crv", field);    json_decref(field);    field = NULL;    // obtain the public key    pub = EC_KEY_get0_public_key(keydata->key);    params = EC_KEY_get0_group(keydata->key);    if (!pub || !params)    {        CJOSE_ERROR(err, CJOSE_ERR_INVALID_ARG);        goto _ec_to_string_cleanup;    }    buffer = cjose_get_alloc()(numsize);    bnX = BN_new();    bnY = BN_new();    if (!buffer || !bnX || !bnY)    {        CJOSE_ERROR(err, CJOSE_ERR_NO_MEMORY);        goto _ec_to_string_cleanup;    }    if (1 != EC_POINT_get_affine_coordinates_GFp(params, pub, bnX, bnY, NULL))    {        CJOSE_ERROR(err, CJOSE_ERR_NO_MEMORY);        goto _ec_to_string_cleanup;    }    // output the x coordinate    offset = numsize - BN_num_bytes(bnX);    memset(buffer, 0, numsize);    BN_bn2bin(bnX, (buffer + offset));    if (!cjose_base64url_encode(buffer, numsize, &b64u, &len, err))    {        goto _ec_to_string_cleanup;    }    field = json_stringn(b64u, len);    if (!field)    {        CJOSE_ERROR(err, CJOSE_ERR_NO_MEMORY);        goto _ec_to_string_cleanup;    }    json_object_set(json, "x", field);    json_decref(field);    field = NULL;    cjose_get_dealloc()(b64u);    b64u = NULL;    // output the y coordinate    offset = numsize - BN_num_bytes(bnY);    memset(buffer, 0, numsize);    BN_bn2bin(bnY, (buffer + offset));    if (!cjose_base64url_encode(buffer, numsize, &b64u, &len, err))    {        goto _ec_to_string_cleanup;    }    field = json_stringn(b64u, len);    if (!field)    {        CJOSE_ERROR(err, CJOSE_ERR_NO_MEMORY);        goto _ec_to_string_cleanup;    }    json_object_set(json, "y", field);    json_decref(field);    field = NULL;    cjose_get_dealloc()(b64u);    b64u = NULL;    result = true;    _ec_to_string_cleanup:    if (field)    {        json_decref(field);    }    if (bnX)//.........这里部分代码省略.........

std::vector<unsigned char> decrypt_bip38_ec(const std::vector<unsigned char> key,  const std::string& passwd){    int i;    uint8_t passfactor[PASSFACTOR_SIZE];    memset(passfactor,0,PASSFACTOR_SIZE);    const unsigned char * s_key = reinterpret_cast<const unsigned char*>(key.data());    crypto_scrypt((const uint8_t *)passwd.c_str(), passwd.length(),                   &s_key[3 + ADDRESSHASH_SIZE], OWNERSALT_SIZE,                   16384, 8, 8, passfactor, PASSFACTOR_SIZE );    // compute EC point (passpoint) using passfactor    struct bp_key ec_point;    if(!bp_key_init(&ec_point)) {        fprintf(stderr,"%s","cannot init EC point key");        exit(3);    }    if(!bp_key_secret_set(&ec_point,passfactor,PASSFACTOR_SIZE)) {        fprintf(stderr,"%s","cannot set EC point from passfactor");        exit(3);    }    // get the passpoint as bytes    unsigned char * passpoint;    size_t passpoint_len;    if(!bp_pubkey_get(&ec_point,(unsigned char **)&passpoint,&passpoint_len)) {        fprintf(stderr,"%s","cannot get pubkey for EC point");        exit(4);    }    // now we need to decrypt seedb    uint8_t encryptedpart2[16];    memset(encryptedpart2,0,16);    memcpy(encryptedpart2, &s_key[3 + ADDRESSHASH_SIZE + OWNERSALT_SIZE + 8], 16);    uint8_t encryptedpart1[16];    memset(encryptedpart1,0,16);    memcpy(encryptedpart1, &s_key[3 + ADDRESSHASH_SIZE + OWNERSALT_SIZE], 8);    unsigned char derived[DERIVED_SIZE];    // get the encryption key for seedb using scrypt    // with passpoint as the key, salt is addresshash+ownersalt    unsigned char derived_scrypt_salt[ADDRESSHASH_SIZE + OWNERSALT_SIZE];    memcpy(derived_scrypt_salt, &s_key[3], ADDRESSHASH_SIZE); // copy the addresshash    memcpy(derived_scrypt_salt+ADDRESSHASH_SIZE, &s_key[3+ADDRESSHASH_SIZE], OWNERSALT_SIZE); // copy the ownersalt    crypto_scrypt( passpoint, passpoint_len,                   derived_scrypt_salt, ADDRESSHASH_SIZE+OWNERSALT_SIZE,                   1024, 1, 1, derived, DERIVED_SIZE );    //get decryption key    unsigned char derivedhalf2[DERIVED_SIZE/2];    memcpy(derivedhalf2, derived+(DERIVED_SIZE/2), DERIVED_SIZE/2);    unsigned char iv[32];    memset(iv,0,32);    EVP_CIPHER_CTX d;    EVP_CIPHER_CTX_init(&d);    EVP_DecryptInit_ex(&d, EVP_aes_256_ecb(), NULL, derivedhalf2, iv);    unsigned char unencryptedpart2[32];    int decrypt_len;    EVP_DecryptUpdate(&d, unencryptedpart2, &decrypt_len, encryptedpart2, 16);    EVP_DecryptUpdate(&d, unencryptedpart2, &decrypt_len, encryptedpart2, 16);    for(i=0; i<16; i++) {        unencryptedpart2[i] ^= derived[i + 16];    }    unsigned char unencryptedpart1[32];    memcpy(encryptedpart1+8, unencryptedpart2, 8);    EVP_DecryptUpdate(&d, unencryptedpart1, &decrypt_len, encryptedpart1, 16);    EVP_DecryptUpdate(&d, unencryptedpart1, &decrypt_len, encryptedpart1, 16);    for(i=0; i<16; i++) {        unencryptedpart1[i] ^= derived[i];    }    // recoved seedb    unsigned char seedb[24];    memcpy(seedb, unencryptedpart1, 16);    memcpy(&(seedb[16]), &(unencryptedpart2[8]), 8);    // turn seedb into factorb (factorb = SHA256(SHA256(seedb)))    unsigned char factorb[32];    bu_Hash(factorb, seedb, 24);    // multiply by passfactor (ec_point_pub)    const EC_GROUP * ec_group = EC_KEY_get0_group(ec_point.k);    const EC_POINT * ec_point_pub = EC_KEY_get0_public_key(ec_point.k);    BIGNUM * bn_passfactor = BN_bin2bn(passfactor,32,BN_new());    BIGNUM * bn_factorb = BN_bin2bn(factorb,32,BN_new());    BIGNUM * bn_res = BN_new();    BIGNUM * bn_final = BN_new();    BIGNUM * bn_n = BN_new();    BN_CTX * ctx = BN_CTX_new();    EC_GROUP_get_order(ec_group, bn_n, ctx);    BN_mul(bn_res, bn_passfactor, bn_factorb, ctx);    BN_mod(bn_final, bn_res, bn_n, ctx);//.........这里部分代码省略.........

static int do_EC_KEY_print(BIO *bp, const EC_KEY *x, int off, int ktype) {  uint8_t *buffer = NULL;  const char *ecstr;  size_t buf_len = 0, i;  int ret = 0, reason = ERR_R_BIO_LIB;  BN_CTX *ctx = NULL;  const EC_GROUP *group;  const EC_POINT *public_key;  const BIGNUM *priv_key;  uint8_t *pub_key_bytes = NULL;  size_t pub_key_bytes_len = 0;  if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL) {    reason = ERR_R_PASSED_NULL_PARAMETER;    goto err;  }  ctx = BN_CTX_new();  if (ctx == NULL) {    reason = ERR_R_MALLOC_FAILURE;    goto err;  }  if (ktype > 0) {    public_key = EC_KEY_get0_public_key(x);    if (public_key != NULL) {      pub_key_bytes_len = EC_POINT_point2oct(          group, public_key, EC_KEY_get_conv_form(x), NULL, 0, ctx);      if (pub_key_bytes_len == 0) {        reason = ERR_R_MALLOC_FAILURE;        goto err;      }      pub_key_bytes = OPENSSL_malloc(pub_key_bytes_len);      if (pub_key_bytes == NULL) {        reason = ERR_R_MALLOC_FAILURE;        goto err;      }      pub_key_bytes_len =          EC_POINT_point2oct(group, public_key, EC_KEY_get_conv_form(x),                             pub_key_bytes, pub_key_bytes_len, ctx);      if (pub_key_bytes_len == 0) {        reason = ERR_R_MALLOC_FAILURE;        goto err;      }      buf_len = pub_key_bytes_len;    }  }  if (ktype == 2) {    priv_key = EC_KEY_get0_private_key(x);    if (priv_key && (i = (size_t)BN_num_bytes(priv_key)) > buf_len) {      buf_len = i;    }  } else {    priv_key = NULL;  }  if (ktype > 0) {    buf_len += 10;    if ((buffer = OPENSSL_malloc(buf_len)) == NULL) {      reason = ERR_R_MALLOC_FAILURE;      goto err;    }  }  if (ktype == 2) {    ecstr = "Private-Key";  } else if (ktype == 1) {    ecstr = "Public-Key";  } else {    ecstr = "ECDSA-Parameters";  }  if (!BIO_indent(bp, off, 128)) {    goto err;  }  const BIGNUM *order = EC_GROUP_get0_order(group);  if (BIO_printf(bp, "%s: (%d bit)/n", ecstr, BN_num_bits(order)) <= 0) {    goto err;  }  if ((priv_key != NULL) &&      !ASN1_bn_print(bp, "priv:", priv_key, buffer, off)) {    goto err;  }  if (pub_key_bytes != NULL) {    BIO_hexdump(bp, pub_key_bytes, pub_key_bytes_len, off);  }  /* TODO(fork): implement */  /*  if (!ECPKParameters_print(bp, group, off))    goto err; */  ret = 1;err:  if (!ret) {    OPENSSL_PUT_ERROR(EVP, reason);  }  OPENSSL_free(pub_key_bytes);  BN_CTX_free(ctx);  OPENSSL_free(buffer);//.........这里部分代码省略.........

/* * Verifies gost 2001 signature * */ int gost2001_do_verify(const unsigned char *dgst,int dgst_len,	DSA_SIG *sig, EC_KEY *ec)	{	BN_CTX *ctx=BN_CTX_new();	const EC_GROUP *group = EC_KEY_get0_group(ec);	BIGNUM *order;	BIGNUM *md = NULL,*e=NULL,*R=NULL,*v=NULL,*z1=NULL,*z2=NULL;	BIGNUM *X=NULL,*tmp=NULL;	EC_POINT *C = NULL;	const EC_POINT *pub_key=NULL;	int ok=0;	BN_CTX_start(ctx);	order = BN_CTX_get(ctx);	e = BN_CTX_get(ctx);	z1 = BN_CTX_get(ctx);	z2 = BN_CTX_get(ctx);	tmp = BN_CTX_get(ctx);	X= BN_CTX_get(ctx);		R=BN_CTX_get(ctx);	v=BN_CTX_get(ctx);		EC_GROUP_get_order(group,order,ctx);	pub_key = EC_KEY_get0_public_key(ec);	if (BN_is_zero(sig->s) || BN_is_zero(sig->r) ||		(BN_cmp(sig->s,order)>=1) || (BN_cmp(sig->r,order)>=1)) 		{		GOSTerr(GOST_F_GOST2001_DO_VERIFY,GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q);		goto err;		}	md = hashsum2bn(dgst);	BN_mod(e,md,order,ctx);#ifdef DEBUG_SIGN	fprintf(stderr,"digest as bignum: ");	BN_print_fp(stderr,md);	fprintf(stderr,"/ndigest mod q: ");	BN_print_fp(stderr,e);#endif		if (BN_is_zero(e)) BN_one(e);	v=BN_mod_inverse(v,e,order,ctx);	BN_mod_mul(z1,sig->s,v,order,ctx);	BN_sub(tmp,order,sig->r);	BN_mod_mul(z2,tmp,v,order,ctx);#ifdef DEBUG_SIGN	fprintf(stderr,"/nInverted digest value: ");	BN_print_fp(stderr,v);	fprintf(stderr,"/nz1: ");	BN_print_fp(stderr,z1);	fprintf(stderr,"/nz2: ");	BN_print_fp(stderr,z2);#endif		C = EC_POINT_new(group);	if (!EC_POINT_mul(group,C,z1,pub_key,z2,ctx)) 		{			GOSTerr(GOST_F_GOST2001_DO_VERIFY,ERR_R_EC_LIB);		goto err;		}		if (!EC_POINT_get_affine_coordinates_GFp(group,C,X,NULL,ctx)) 		{		GOSTerr(GOST_F_GOST2001_DO_VERIFY,ERR_R_EC_LIB);		goto err;		}	BN_mod(R,X,order,ctx);#ifdef DEBUG_SIGN	fprintf(stderr,"/nX=");	BN_print_fp(stderr,X);	fprintf(stderr,"/nX mod q=");	BN_print_fp(stderr,R);	fprintf(stderr,"/n");#endif		if (BN_cmp(R,sig->r)!=0)		{		GOSTerr(GOST_F_GOST2001_DO_VERIFY,GOST_R_SIGNATURE_MISMATCH);		}	else		{		ok = 1;		}	err:	EC_POINT_free(C);	BN_CTX_end(ctx);	BN_CTX_free(ctx);	BN_free(md);	return ok;	}

/* * Verifies gost ec signature * */int gost_ec_verify(const unsigned char *dgst, int dgst_len,                   DSA_SIG *sig, EC_KEY *ec){    BN_CTX *ctx;    const EC_GROUP *group = (ec) ? EC_KEY_get0_group(ec) : NULL;    BIGNUM *order;    BIGNUM *md = NULL, *e = NULL, *R = NULL, *v = NULL,        *z1 = NULL, *z2 = NULL;    BIGNUM *X = NULL, *tmp = NULL;    EC_POINT *C = NULL;    const EC_POINT *pub_key = NULL;    int ok = 0;    OPENSSL_assert(dgst != NULL && sig != NULL && group != NULL);    if (!(ctx = BN_CTX_new())) {        GOSTerr(GOST_F_GOST_EC_VERIFY, ERR_R_MALLOC_FAILURE);        return 0;    }    BN_CTX_start(ctx);    order = BN_CTX_get(ctx);    e = BN_CTX_get(ctx);    z1 = BN_CTX_get(ctx);    z2 = BN_CTX_get(ctx);    tmp = BN_CTX_get(ctx);    X = BN_CTX_get(ctx);    R = BN_CTX_get(ctx);    v = BN_CTX_get(ctx);    if (!order || !e || !z1 || !z2 || !tmp || !X || !R || !v) {        GOSTerr(GOST_F_GOST_EC_VERIFY, ERR_R_MALLOC_FAILURE);        goto err;    }    pub_key = EC_KEY_get0_public_key(ec);    if (!pub_key || !EC_GROUP_get_order(group, order, ctx)) {        GOSTerr(GOST_F_GOST_EC_VERIFY, ERR_R_INTERNAL_ERROR);        goto err;    }    if (BN_is_zero(sig->s) || BN_is_zero(sig->r) ||        (BN_cmp(sig->s, order) >= 1) || (BN_cmp(sig->r, order) >= 1)) {        GOSTerr(GOST_F_GOST_EC_VERIFY, GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q);        goto err;    }    OPENSSL_assert(dgst_len == 32 || dgst_len == 64);    md = hashsum2bn(dgst, dgst_len);    if (!md || !BN_mod(e, md, order, ctx)) {        GOSTerr(GOST_F_GOST_EC_VERIFY, ERR_R_INTERNAL_ERROR);        goto err;    }#ifdef DEBUG_SIGN    fprintf(stderr, "digest as bignum: ");    BN_print_fp(stderr, md);    fprintf(stderr, "/ndigest mod q: ");    BN_print_fp(stderr, e);#endif    if (BN_is_zero(e) && !BN_one(e)) {        GOSTerr(GOST_F_GOST_EC_VERIFY, ERR_R_INTERNAL_ERROR);        goto err;    }    v = BN_mod_inverse(v, e, order, ctx);    if (!v || !BN_mod_mul(z1, sig->s, v, order, ctx)        || !BN_sub(tmp, order, sig->r)        || !BN_mod_mul(z2, tmp, v, order, ctx)) {        GOSTerr(GOST_F_GOST_EC_VERIFY, ERR_R_INTERNAL_ERROR);        goto err;    }#ifdef DEBUG_SIGN    fprintf(stderr, "/nInverted digest value: ");    BN_print_fp(stderr, v);    fprintf(stderr, "/nz1: ");    BN_print_fp(stderr, z1);    fprintf(stderr, "/nz2: ");    BN_print_fp(stderr, z2);#endif    C = EC_POINT_new(group);    if (!C) {        GOSTerr(GOST_F_GOST_EC_VERIFY, ERR_R_MALLOC_FAILURE);        goto err;    }    if (!EC_POINT_mul(group, C, z1, pub_key, z2, ctx)) {        GOSTerr(GOST_F_GOST_EC_VERIFY, ERR_R_EC_LIB);        goto err;    }    if (!EC_POINT_get_affine_coordinates_GFp(group, C, X, NULL, ctx)) {        GOSTerr(GOST_F_GOST_EC_VERIFY, ERR_R_EC_LIB);        goto err;    }    if (!BN_mod(R, X, order, ctx)) {        GOSTerr(GOST_F_GOST_EC_VERIFY, ERR_R_INTERNAL_ERROR);        goto err;    }#ifdef DEBUG_SIGN//.........这里部分代码省略.........

int ssh_server_ecdh_init(ssh_session session, ssh_buffer packet){    /* ECDH keys */    ssh_string q_c_string = NULL;    ssh_string q_s_string = NULL;    EC_KEY *ecdh_key=NULL;    const EC_GROUP *group;    const EC_POINT *ecdh_pubkey;    bignum_CTX ctx;    /* SSH host keys (rsa,dsa,ecdsa) */    ssh_key privkey;    ssh_string sig_blob = NULL;    int len;    int rc;    enter_function();    /* Extract the client pubkey from the init packet */    q_c_string = buffer_get_ssh_string(packet);    if (q_c_string == NULL) {      ssh_set_error(session,SSH_FATAL, "No Q_C ECC point in packet");      goto error;    }    session->next_crypto->ecdh_client_pubkey = q_c_string;    /* Build server's keypair */    ctx = BN_CTX_new();    ecdh_key = EC_KEY_new_by_curve_name(NISTP256);    group = EC_KEY_get0_group(ecdh_key);    EC_KEY_generate_key(ecdh_key);    ecdh_pubkey=EC_KEY_get0_public_key(ecdh_key);    len = EC_POINT_point2oct(group,ecdh_pubkey,POINT_CONVERSION_UNCOMPRESSED,        NULL,0,ctx);    q_s_string=ssh_string_new(len);    EC_POINT_point2oct(group,ecdh_pubkey,POINT_CONVERSION_UNCOMPRESSED,        ssh_string_data(q_s_string),len,ctx);    BN_CTX_free(ctx);    session->next_crypto->ecdh_privkey = ecdh_key;    session->next_crypto->ecdh_server_pubkey = q_s_string;    buffer_add_u8(session->out_buffer, SSH2_MSG_KEXDH_REPLY);    /* build k and session_id */    if (ecdh_build_k(session) < 0) {      ssh_set_error(session, SSH_FATAL, "Cannot build k number");      goto error;    }    if (ssh_get_key_params(session, &privkey) == SSH_ERROR)        goto error;    if (make_sessionid(session) != SSH_OK) {      ssh_set_error(session, SSH_FATAL, "Could not create a session id");      goto error;    }    /* add host's public key */    buffer_add_ssh_string(session->out_buffer, session->next_crypto->server_pubkey);    /* add ecdh public key */    buffer_add_ssh_string(session->out_buffer,q_s_string);    /* add signature blob */    sig_blob = ssh_srv_pki_do_sign_sessionid(session, privkey);    if (sig_blob == NULL) {        ssh_set_error(session, SSH_FATAL, "Could not sign the session id");        goto error;    }    buffer_add_ssh_string(session->out_buffer, sig_blob);    ssh_string_free(sig_blob);    /* Free private keys as they should not be readable after this point */    if (session->srv.rsa_key) {        ssh_key_free(session->srv.rsa_key);        session->srv.rsa_key = NULL;    }    if (session->srv.dsa_key) {        ssh_key_free(session->srv.dsa_key);        session->srv.dsa_key = NULL;    }    ssh_log(session,SSH_LOG_PROTOCOL, "SSH_MSG_KEXDH_REPLY sent");    rc = packet_send(session);    if (rc == SSH_ERROR)        goto error;    /* Send the MSG_NEWKEYS */    if (buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS) < 0) {      goto error;    }    session->dh_handshake_state=DH_STATE_NEWKEYS_SENT;    rc=packet_send(session);    ssh_log(session, SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent");    return rc;  error:    return SSH_ERROR;}

//.........这里部分代码省略.........	TEST_START("sshbuf_get_bignum2 bn2");	MKBN(hexbn2, bn);	p1 = sshbuf_new();	ASSERT_PTR_NE(p1, NULL);	ASSERT_INT_EQ(sshbuf_put_u32(p1, BN_num_bytes(bn) + 1), 0); /* MSB */	ASSERT_INT_EQ(sshbuf_put_u8(p1, 0x00), 0);	ASSERT_INT_EQ(sshbuf_put(p1, expbn2, sizeof(expbn2)), 0);	ASSERT_SIZE_T_EQ(sshbuf_len(p1), 4 + 1 + sizeof(expbn2));	ASSERT_INT_EQ(sshbuf_put_u16(p1, 0xd00f), 0);	bn2 = BN_new();	ASSERT_INT_EQ(sshbuf_get_bignum2(p1, bn2), 0);	ASSERT_BIGNUM_EQ(bn, bn2);	ASSERT_SIZE_T_EQ(sshbuf_len(p1), 2);	BN_free(bn);	BN_free(bn2);	sshbuf_free(p1);	TEST_DONE();	TEST_START("sshbuf_get_bignum2 bn2 truncated");	MKBN(hexbn2, bn);	p1 = sshbuf_new();	ASSERT_PTR_NE(p1, NULL);	ASSERT_INT_EQ(sshbuf_put_u32(p1, BN_num_bytes(bn) + 1), 0);	ASSERT_INT_EQ(sshbuf_put_u8(p1, 0x00), 0);	ASSERT_INT_EQ(sshbuf_put(p1, expbn2, sizeof(expbn2) - 1), 0);	bn2 = BN_new();	r = sshbuf_get_bignum2(p1, bn2);	ASSERT_INT_EQ(r, SSH_ERR_MESSAGE_INCOMPLETE);	ASSERT_SIZE_T_EQ(sshbuf_len(p1), sizeof(expbn2) + 1 + 4 - 1);	BN_free(bn);	BN_free(bn2);	sshbuf_free(p1);	TEST_DONE();	TEST_START("sshbuf_get_bignum2 bn2 negative");	MKBN(hexbn2, bn);	p1 = sshbuf_new();	ASSERT_PTR_NE(p1, NULL);	ASSERT_INT_EQ(sshbuf_put_u32(p1, BN_num_bytes(bn)), 0);	ASSERT_INT_EQ(sshbuf_put(p1, expbn2, sizeof(expbn2)), 0);	bn2 = BN_new();	r = sshbuf_get_bignum2(p1, bn2);	ASSERT_INT_EQ(r, SSH_ERR_BIGNUM_IS_NEGATIVE);	ASSERT_SIZE_T_EQ(sshbuf_len(p1), sizeof(expbn2) + 4);	BN_free(bn);	BN_free(bn2);	sshbuf_free(p1);	TEST_DONE();	TEST_START("sshbuf_put_ec");	eck = EC_KEY_new_by_curve_name(ec256_nid);	ASSERT_PTR_NE(eck, NULL);	ecp = EC_POINT_new(EC_KEY_get0_group(eck));	ASSERT_PTR_NE(ecp, NULL);	MKBN(ec256_x, bn_x);	MKBN(ec256_y, bn_y);	ASSERT_INT_EQ(EC_POINT_set_affine_coordinates_GFp(	    EC_KEY_get0_group(eck), ecp, bn_x, bn_y, NULL), 1);	ASSERT_INT_EQ(EC_KEY_set_public_key(eck, ecp), 1);	EC_POINT_free(ecp);	p1 = sshbuf_new();	ASSERT_PTR_NE(p1, NULL);	ASSERT_INT_EQ(sshbuf_put_eckey(p1, eck), 0);	ASSERT_INT_EQ(sshbuf_get_string_direct(p1, &d, &s), 0);	ASSERT_SIZE_T_EQ(s, sizeof(expec256));	ASSERT_MEM_EQ(d, expec256, sizeof(expec256));	sshbuf_free(p1);	EC_KEY_free(eck);	TEST_DONE();	TEST_START("sshbuf_get_ec");	eck = EC_KEY_new_by_curve_name(ec256_nid);	ASSERT_PTR_NE(eck, NULL);	p1 = sshbuf_new();	ASSERT_PTR_NE(p1, NULL);	ASSERT_INT_EQ(sshbuf_put_string(p1, expec256, sizeof(expec256)), 0);	ASSERT_SIZE_T_EQ(sshbuf_len(p1), sizeof(expec256) + 4);	ASSERT_INT_EQ(sshbuf_put_u8(p1, 0x00), 0);	ASSERT_INT_EQ(sshbuf_get_eckey(p1, eck), 0);	bn_x = BN_new();	bn_y = BN_new();	ASSERT_PTR_NE(bn_x, NULL);	ASSERT_PTR_NE(bn_y, NULL);	ASSERT_INT_EQ(EC_POINT_get_affine_coordinates_GFp(	    EC_KEY_get0_group(eck), EC_KEY_get0_public_key(eck),	    bn_x, bn_y, NULL), 1);	MKBN(ec256_x, bn);	MKBN(ec256_y, bn2);	ASSERT_INT_EQ(BN_cmp(bn_x, bn), 0);	ASSERT_INT_EQ(BN_cmp(bn_y, bn2), 0);	ASSERT_SIZE_T_EQ(sshbuf_len(p1), 1);	sshbuf_free(p1);	EC_KEY_free(eck);	BN_free(bn_x);	BN_free(bn_y);	BN_free(bn);	BN_free(bn2);	TEST_DONE();}

static intinput_kex_ecdh_init(int type, u_int32_t seq, void *ctxt){	struct ssh *ssh = ctxt;	struct kex *kex = ssh->kex;	EC_POINT *client_public;	EC_KEY *server_key = NULL;	const EC_GROUP *group;	const EC_POINT *public_key;	BIGNUM *shared_secret = NULL;	struct sshbn *xxx_shared_secret = NULL;	struct sshkey *server_host_private, *server_host_public;	u_char *server_host_key_blob = NULL, *signature = NULL;	u_char *kbuf = NULL;	u_char hash[SSH_DIGEST_MAX_LENGTH];	size_t slen, sbloblen;	size_t klen = 0, hashlen;	int r;	if ((server_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL) {		r = SSH_ERR_ALLOC_FAIL;		goto out;	}	if (EC_KEY_generate_key(server_key) != 1) {		r = SSH_ERR_LIBCRYPTO_ERROR;		goto out;	}	group = EC_KEY_get0_group(server_key);#ifdef DEBUG_KEXECDH	fputs("server private key:/n", stderr);	sshkey_dump_ec_key(server_key);#endif	if (kex->load_host_public_key == NULL ||		kex->load_host_private_key == NULL) {		r = SSH_ERR_INVALID_ARGUMENT;		goto out;	}	server_host_public = kex->load_host_public_key(kex->hostkey_type,		kex->hostkey_nid, ssh);	server_host_private = kex->load_host_private_key(kex->hostkey_type,		kex->hostkey_nid, ssh);	if (server_host_public == NULL) {		r = SSH_ERR_NO_HOSTKEY_LOADED;		goto out;	}	if ((client_public = EC_POINT_new(group)) == NULL) {		r = SSH_ERR_ALLOC_FAIL;		goto out;	}	if ((r = sshpkt_get_ec(ssh, client_public, group)) != 0 ||		(r = sshpkt_get_end(ssh)) != 0)		goto out;#ifdef DEBUG_KEXECDH	fputs("client public key:/n", stderr);	sshkey_dump_ec_point(group, client_public);#endif	if (sshkey_ec_validate_public(group, client_public) != 0) {		sshpkt_disconnect(ssh, "invalid client public key");		r = SSH_ERR_MESSAGE_INCOMPLETE;		goto out;	}	/* Calculate shared_secret */	klen = (EC_GROUP_get_degree(group) + 7) / 8;	if ((kbuf = malloc(klen)) == NULL ||		(shared_secret = BN_new()) == NULL) {		r = SSH_ERR_ALLOC_FAIL;		goto out;	}	if (ECDH_compute_key(kbuf, klen, client_public,		server_key, NULL) != (int)klen ||		BN_bin2bn(kbuf, klen, shared_secret) == NULL) {		r = SSH_ERR_LIBCRYPTO_ERROR;		goto out;	}#ifdef DEBUG_KEXECDH	dump_digest("shared secret", kbuf, klen);#endif	/* calc H */	if ((r = sshkey_to_blob(server_host_public, &server_host_key_blob,		&sbloblen)) != 0)		goto out;	hashlen = sizeof(hash);	if ((r = kex_ecdh_hash(		kex->hash_alg,		group,		kex->client_version_string,		kex->server_version_string,		sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),		sshbuf_ptr(kex->my), sshbuf_len(kex->my),		server_host_key_blob, sbloblen,		client_public,		EC_KEY_get0_public_key(server_key),		shared_secret,		hash, &hashlen)) != 0)		goto out;//.........这里部分代码省略.........

/* * EVP_PKEY_METHOD callback decrypt * Implementation of GOST2001 key transport, cryptopo variation */int pkey_GOST01cp_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key,                          size_t *key_len, const unsigned char *in,                          size_t in_len){    const unsigned char *p = in;    EVP_PKEY *priv = EVP_PKEY_CTX_get0_pkey(pctx);    GOST_KEY_TRANSPORT *gkt = NULL;    int ret = 0;    unsigned char wrappedKey[44];    unsigned char sharedKey[32];    gost_ctx ctx;    const struct gost_cipher_info *param = NULL;    EVP_PKEY *eph_key = NULL, *peerkey = NULL;    if (!key) {        *key_len = 32;        return 1;    }    gkt = d2i_GOST_KEY_TRANSPORT(NULL, (const unsigned char **)&p, in_len);    if (!gkt) {        GOSTerr(GOST_F_PKEY_GOST01CP_DECRYPT,                GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO);        return -1;    }    /* If key transport structure contains public key, use it */    eph_key = X509_PUBKEY_get(gkt->key_agreement_info->ephem_key);    if (eph_key) {        if (EVP_PKEY_derive_set_peer(pctx, eph_key) <= 0) {            GOSTerr(GOST_F_PKEY_GOST01CP_DECRYPT,                    GOST_R_INCOMPATIBLE_PEER_KEY);            goto err;        }    } else {        /* Set control "public key from client certificate used" */        if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL)            <= 0) {            GOSTerr(GOST_F_PKEY_GOST01CP_DECRYPT, GOST_R_CTRL_CALL_FAILED);            goto err;        }    }    peerkey = EVP_PKEY_CTX_get0_peerkey(pctx);    if (!peerkey) {        GOSTerr(GOST_F_PKEY_GOST01CP_DECRYPT, GOST_R_NO_PEER_KEY);        goto err;    }    param = get_encryption_params(gkt->key_agreement_info->cipher);    if (!param) {        goto err;    }    gost_init(&ctx, param->sblock);    OPENSSL_assert(gkt->key_agreement_info->eph_iv->length == 8);    memcpy(wrappedKey, gkt->key_agreement_info->eph_iv->data, 8);    OPENSSL_assert(gkt->key_info->encrypted_key->length == 32);    memcpy(wrappedKey + 8, gkt->key_info->encrypted_key->data, 32);    OPENSSL_assert(gkt->key_info->imit->length == 4);    memcpy(wrappedKey + 40, gkt->key_info->imit->data, 4);    VKO_compute_key(sharedKey, 32,                    EC_KEY_get0_public_key(EVP_PKEY_get0(peerkey)),                    EVP_PKEY_get0(priv), wrappedKey);    if (!keyUnwrapCryptoPro(&ctx, sharedKey, wrappedKey, key)) {        GOSTerr(GOST_F_PKEY_GOST01CP_DECRYPT,                GOST_R_ERROR_COMPUTING_SHARED_KEY);        goto err;    }    ret = 1; err:    EVP_PKEY_free(eph_key);    GOST_KEY_TRANSPORT_free(gkt);    return ret;}

int main() {	srand((unsigned)time(NULL));	int i;	EC_KEY* key;	//key = EC_KEY_new_by_curve_name(415);	key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);	const EC_GROUP *group = EC_KEY_get0_group(key);	if (EC_KEY_generate_key(key)==0) {		printf("Error generate key/n");		return -1;	}	unsigned char pk_b[33];	const EC_POINT *pub = EC_KEY_get0_public_key(key);	if (EC_POINT_point2oct(group, pub, POINT_CONVERSION_COMPRESSED, pk_b, 33, 0)!=33) {		printf("Error 2/n");		return -1;	}	unsigned char h1[16],h2[16];	printf("/x02");	for (i=0;i<16;i++) {		h1[i]=rand()%256;		printf("%c",h1[i]);	}	for (i=0;i<33;i++)		printf("%c",pk_b[i]);	fflush(stdout);	//get h2	for (i=0;i<16;i++) 		h2[i]=rand()%256;	for (i=0;i<16;i++)		scanf("%c",&h2[i]);			//get peerpk_b	unsigned char peerpk_b[33]={2 , 30 , 25 , 50 , 17 , 242 , 232 , 55 , 157 , 18 , 106 , 115 , 214 , 193 , 192 , 39 , 207 , 226 , 184 , 216 , 244 , 147 , 111 , 188 , 125 , 230 , 38 , 125 , 231 , 50 , 56 , 152 , 148 };	for (i=0;i<33;i++)		scanf("%c",&peerpk_b[i]);		EC_POINT *peerpk = EC_POINT_new(group);	if (EC_POINT_oct2point(group, peerpk, peerpk_b, 33, 0)==0) {		printf("Error 3/n");		return -1;	}	unsigned char skey[33];	if (ECDH_compute_key(skey, 32,  peerpk, key, NULL)==0) {		printf("Error 4/n");		return -1;	}	SHA512_CTX shactx;		unsigned char hash[SHA512_DIGEST_LENGTH];	SHA512_Init(&shactx);	SHA512_Update(&shactx, h2, 16);	SHA512_Update(&shactx, skey, 32);	SHA512_Update(&shactx, h1, 16);	SHA512_Final(hash, &shactx);	for (i=0;i<64;i++)		printf("%02x",hash[i]);		fflush(stdout);	struct cipher c;	c.recvfd=0;	c.sendfd=1;	for (i=0;i<16;i++)		c.sendkey[i]=hash[i];	for (i=0;i<4;i++)		c.sendiv[i]=hash[32+i];	for (i=0;i<16;i++)		c.recvkey[i]=hash[16+i];	for (i=0;i<4;i++)		c.recviv[i]=hash[36+i];	c.sendcnt=0;	c.recvcnt=0;	unsigned char d[1000];	unsigned char oiv[8];	int op;	char dlen;	while (true) {		scanf("%d",&op);		scanf("%c",&dlen);		scanf("%c",&dlen);		for (i=0;i<dlen;i++)			scanf("%c",&d[i]);		if (op==1) {			for (i=0;i<8;i++)				oiv[i]=rand()%256;			encrypt(c,d,dlen,oiv);			c.recvcnt+=1;		} else if (op==2) {			for (i=0;i<8;i++)				scanf("%c",&oiv[i]);			decrypt(c,d,dlen,oiv, NULL);			c.sendcnt+=1;		}		fflush(stdout);	}//.........这里部分代码省略.........

static int eckey_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8){    const unsigned char *p = NULL;    void *pval;    int ptype, pklen;    EC_KEY *eckey = NULL;    X509_ALGOR *palg;    if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))        return 0;    X509_ALGOR_get0(NULL, &ptype, &pval, palg);    eckey = eckey_type2param(ptype, pval);    if (!eckey)        goto ecliberr;    /* We have parameters now set private key */    if (!d2i_ECPrivateKey(&eckey, &p, pklen)) {        ECerr(EC_F_ECKEY_PRIV_DECODE, EC_R_DECODE_ERROR);        goto ecerr;    }    /* calculate public key (if necessary) */    if (EC_KEY_get0_public_key(eckey) == NULL) {        const BIGNUM *priv_key;        const EC_GROUP *group;        EC_POINT *pub_key;        /*         * the public key was not included in the SEC1 private key =>         * calculate the public key         */        group = EC_KEY_get0_group(eckey);        pub_key = EC_POINT_new(group);        if (pub_key == NULL) {            ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);            goto ecliberr;        }        if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group))) {            EC_POINT_free(pub_key);            ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);            goto ecliberr;        }        priv_key = EC_KEY_get0_private_key(eckey);        if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, NULL)) {            EC_POINT_free(pub_key);            ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);            goto ecliberr;        }        if (EC_KEY_set_public_key(eckey, pub_key) == 0) {            EC_POINT_free(pub_key);            ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);            goto ecliberr;        }        EC_POINT_free(pub_key);    }    EVP_PKEY_assign_EC_KEY(pkey, eckey);    return 1; ecliberr:    ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB); ecerr:    EC_KEY_free(eckey);    return 0;}

    private_key private_key::generate()    {       private_key self;       EC_KEY* k = EC_KEY_new_by_curve_name( NID_X9_62_prime256v1 );       if( !k ) FC_THROW_EXCEPTION( exception, "Unable to generate EC key" );       self.my->_key = k;       if( !EC_KEY_generate_key( self.my->_key ) )       {          FC_THROW_EXCEPTION( exception, "ecc key generation error" );       }#if 0          = bigint( EC_KEY_get0_private_key( k );       EC_POINT* pub   = EC_KEY_get0_public_key( k );       EC_GROUP* group = EC_KEY_get0_group( k );       EC_POINT_get_affine_coordinates_GFp( group, pub, self.my->_pub_x.get(), self.my->_pub_y.get(), nullptr/*ctx*/ );       EC_KEY_free(k);#endif       return self;    }    signature private_key::sign( const fc::sha256& digest )const    {        unsigned int buf_len = ECDSA_size(my->_key);//        fprintf( stderr, "%d  %d/n", buf_len, sizeof(sha256) );        signature sig;

static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,		const ECDSA_SIG *sig, EC_KEY *eckey){	int ret = -1, i;	BN_CTX   *ctx;	BIGNUM   *order, *u1, *u2, *m, *X;	EC_POINT *point = NULL;	const EC_GROUP *group;	const EC_POINT *pub_key;	/* check input values */	if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||	    (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL)	{		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS);		return -1;	}	ctx = BN_CTX_new();	if (!ctx)	{		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);		return -1;	}	BN_CTX_start(ctx);	order = BN_CTX_get(ctx);		u1    = BN_CTX_get(ctx);	u2    = BN_CTX_get(ctx);	m     = BN_CTX_get(ctx);	X     = BN_CTX_get(ctx);	if (!X)	{		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);		goto err;	}		if (!EC_GROUP_get_order(group, order, ctx))	{		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);		goto err;	}	if (BN_is_zero(sig->r)          || BN_is_negative(sig->r) || 	    BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s)  ||	    BN_is_negative(sig->s)      || BN_ucmp(sig->s, order) >= 0)	{		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_BAD_SIGNATURE);		ret = 0;	/* signature is invalid */		goto err;	}	/* calculate tmp1 = inv(S) mod order */	if (!BN_mod_inverse(u2, sig->s, order, ctx))	{		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);		goto err;	}	/* digest -> m */	i = BN_num_bits(order);	/* Need to truncate digest if it is too long: first truncate whole	 * bytes.	 */	if (8 * dgst_len > i)		dgst_len = (i + 7)/8;	if (!BN_bin2bn(dgst, dgst_len, m))	{		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);		goto err;	}	/* If still too long truncate remaining bits with a shift */	if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7)))	{		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);		goto err;	}	/* u1 = m * tmp mod order */	if (!BN_mod_mul(u1, m, u2, order, ctx))	{		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);		goto err;	}	/* u2 = r * w mod q */	if (!BN_mod_mul(u2, sig->r, u2, order, ctx))	{		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);		goto err;	}	if ((point = EC_POINT_new(group)) == NULL)	{		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);		goto err;	}	if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx))	{		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);		goto err;	}	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field)	{		if (!EC_POINT_get_affine_coordinates_GFp(group,//.........这里部分代码省略.........

//.........这里部分代码省略.........	TEST_START("parse DSA from private w/ passphrase");	buf = load_file("dsa_1_pw");	ASSERT_INT_EQ(sshkey_parse_private(buf, sshbuf_ptr(pw), "dsa_1_pw",	    &k2, NULL), 0);	sshbuf_free(buf);	ASSERT_PTR_NE(k2, NULL);	ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);	sshkey_free(k2);	TEST_DONE();	TEST_START("load DSA from public");	ASSERT_INT_EQ(sshkey_load_public(test_data_file("dsa_1.pub"), &k2,	    NULL), 0);	ASSERT_PTR_NE(k2, NULL);	ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);	sshkey_free(k2);	TEST_DONE();	TEST_START("DSA key hex fingerprint");	buf = load_text_file("dsa_1.fp");	cp = sshkey_fingerprint(k1, SSH_FP_MD5, SSH_FP_HEX);	ASSERT_PTR_NE(cp, NULL);	ASSERT_STRING_EQ(cp, sshbuf_ptr(buf));	sshbuf_free(buf);	free(cp);	TEST_DONE();	TEST_START("DSA key bubblebabble fingerprint");	buf = load_text_file("dsa_1.fp.bb");	cp = sshkey_fingerprint(k1, SSH_FP_SHA1, SSH_FP_BUBBLEBABBLE);	ASSERT_PTR_NE(cp, NULL);	ASSERT_STRING_EQ(cp, sshbuf_ptr(buf));	sshbuf_free(buf);	free(cp);	TEST_DONE();	sshkey_free(k1);	TEST_START("parse ECDSA from private");	buf = load_file("ecdsa_1");	ASSERT_INT_EQ(sshkey_parse_private(buf, "", "ecdsa_1", &k1, NULL), 0);	sshbuf_free(buf);	ASSERT_PTR_NE(k1, NULL);	buf = load_text_file("ecdsa_1.param.curve");	ASSERT_STRING_EQ(sshbuf_ptr(buf), OBJ_nid2sn(k1->ecdsa_nid));	sshbuf_free(buf);	a = load_bignum("ecdsa_1.param.priv");	b = load_bignum("ecdsa_1.param.pub");	c = EC_POINT_point2bn(EC_KEY_get0_group(k1->ecdsa),	    EC_KEY_get0_public_key(k1->ecdsa), POINT_CONVERSION_UNCOMPRESSED,	    NULL, NULL);	ASSERT_PTR_NE(c, NULL);	ASSERT_BIGNUM_EQ(EC_KEY_get0_private_key(k1->ecdsa), a);	ASSERT_BIGNUM_EQ(b, c);	BN_free(a);	BN_free(b);	BN_free(c);	TEST_DONE();	TEST_START("parse ECDSA from private w/ passphrase");	buf = load_file("ecdsa_1_pw");	ASSERT_INT_EQ(sshkey_parse_private(buf, sshbuf_ptr(pw), "ecdsa_1_pw",	    &k2, NULL), 0);	sshbuf_free(buf);	ASSERT_PTR_NE(k2, NULL);	ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);	sshkey_free(k2);	TEST_DONE();	TEST_START("load ECDSA from public");	ASSERT_INT_EQ(sshkey_load_public(test_data_file("ecdsa_1.pub"), &k2,	    NULL), 0);	ASSERT_PTR_NE(k2, NULL);	ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);	sshkey_free(k2);	TEST_DONE();	TEST_START("ECDSA key hex fingerprint");	buf = load_text_file("ecdsa_1.fp");	cp = sshkey_fingerprint(k1, SSH_FP_MD5, SSH_FP_HEX);	ASSERT_PTR_NE(cp, NULL);	ASSERT_STRING_EQ(cp, sshbuf_ptr(buf));	sshbuf_free(buf);	free(cp);	TEST_DONE();	TEST_START("ECDSA key bubblebabble fingerprint");	buf = load_text_file("ecdsa_1.fp.bb");	cp = sshkey_fingerprint(k1, SSH_FP_SHA1, SSH_FP_BUBBLEBABBLE);	ASSERT_PTR_NE(cp, NULL);	ASSERT_STRING_EQ(cp, sshbuf_ptr(buf));	sshbuf_free(buf);	free(cp);	TEST_DONE();	sshkey_free(k1);	sshbuf_free(pw);}

	void Families::LoadCertificate (const std::string& filename)	{		SSL_CTX * ctx = SSL_CTX_new (TLS_method ());		int ret = SSL_CTX_use_certificate_file (ctx, filename.c_str (), SSL_FILETYPE_PEM);		if (ret)		{			SSL * ssl = SSL_new (ctx);			X509 * cert = SSL_get_certificate (ssl);			if (cert)			{				std::shared_ptr<i2p::crypto::Verifier> verifier;				// extract issuer name				char name[100];				X509_NAME_oneline (X509_get_issuer_name(cert), name, 100);				char * cn = strstr (name, "CN=");				if (cn)				{					cn += 3;					char * family = strstr (cn, ".family");					if (family) family[0] = 0;				}				auto pkey = X509_get_pubkey (cert);				int keyType = EVP_PKEY_base_id (pkey);				switch (keyType)				{					case EVP_PKEY_DSA:						// TODO:					break;					case EVP_PKEY_EC:					{						EC_KEY * ecKey = EVP_PKEY_get1_EC_KEY (pkey);						if (ecKey)						{							auto group = EC_KEY_get0_group (ecKey);							if (group)							{								int curve = EC_GROUP_get_curve_name (group);								if (curve == NID_X9_62_prime256v1)								{									uint8_t signingKey[64];									BIGNUM * x = BN_new(), * y = BN_new();									EC_POINT_get_affine_coordinates_GFp (group,										EC_KEY_get0_public_key (ecKey), x, y, NULL);									i2p::crypto::bn2buf (x, signingKey, 32);									i2p::crypto::bn2buf (y, signingKey + 32, 32);									BN_free (x); BN_free (y);									verifier = std::make_shared<i2p::crypto::ECDSAP256Verifier>();									verifier->SetPublicKey (signingKey);								}								else									LogPrint (eLogWarning, "Family: elliptic curve ", curve, " is not supported");							}							EC_KEY_free (ecKey);						}						break;					}					default:						LogPrint (eLogWarning, "Family: Certificate key type ", keyType, " is not supported");				}				EVP_PKEY_free (pkey);				if (verifier && cn)					m_SigningKeys[cn] = verifier;			}			SSL_free (ssl);		}		else			LogPrint (eLogError, "Family: Can't open certificate file ", filename);		SSL_CTX_free (ctx);	}

int ECDSA_do_verify(const uint8_t *digest, size_t digest_len,                    const ECDSA_SIG *sig, const EC_KEY *eckey) {  int ret = 0;  BN_CTX *ctx;  BIGNUM *u1, *u2, *m, *X;  EC_POINT *point = NULL;  const EC_GROUP *group;  const EC_POINT *pub_key;  // check input values  if ((group = EC_KEY_get0_group(eckey)) == NULL ||      (pub_key = EC_KEY_get0_public_key(eckey)) == NULL ||      sig == NULL) {    OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_MISSING_PARAMETERS);    return 0;  }  ctx = BN_CTX_new();  if (!ctx) {    OPENSSL_PUT_ERROR(ECDSA, ERR_R_MALLOC_FAILURE);    return 0;  }  BN_CTX_start(ctx);  u1 = BN_CTX_get(ctx);  u2 = BN_CTX_get(ctx);  m = BN_CTX_get(ctx);  X = BN_CTX_get(ctx);  if (u1 == NULL || u2 == NULL || m == NULL || X == NULL) {    OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB);    goto err;  }  const BIGNUM *order = EC_GROUP_get0_order(group);  if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||      BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) ||      BN_is_negative(sig->s) || BN_ucmp(sig->s, order) >= 0) {    OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_BAD_SIGNATURE);    goto err;  }  // calculate tmp1 = inv(S) mod order  int no_inverse;  if (!BN_mod_inverse_odd(u2, &no_inverse, sig->s, order, ctx)) {    OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB);    goto err;  }  if (!digest_to_bn(m, digest, digest_len, order)) {    goto err;  }  // u1 = m * tmp mod order  if (!BN_mod_mul(u1, m, u2, order, ctx)) {    OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB);    goto err;  }  // u2 = r * w mod q  if (!BN_mod_mul(u2, sig->r, u2, order, ctx)) {    OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB);    goto err;  }  point = EC_POINT_new(group);  if (point == NULL) {    OPENSSL_PUT_ERROR(ECDSA, ERR_R_MALLOC_FAILURE);    goto err;  }  if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx)) {    OPENSSL_PUT_ERROR(ECDSA, ERR_R_EC_LIB);    goto err;  }  if (!EC_POINT_get_affine_coordinates_GFp(group, point, X, NULL, ctx)) {    OPENSSL_PUT_ERROR(ECDSA, ERR_R_EC_LIB);    goto err;  }  if (!BN_nnmod(u1, X, order, ctx)) {    OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB);    goto err;  }  // if the signature is correct u1 is equal to sig->r  if (BN_ucmp(u1, sig->r) != 0) {    OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_BAD_SIGNATURE);    goto err;  }  ret = 1;err:  BN_CTX_end(ctx);  BN_CTX_free(ctx);  EC_POINT_free(point);  return ret;}

void//vg_output_match_console(vg_context_t *vcp, EC_KEY *pkey, const char *pattern)vg_output_match_console(vg_context_t *vcp, vg_exec_context_t *vxcp, const char *pattern){	unsigned char key_buf[512], *pend;	char addr_buf[64], addr2_buf[64];	char privkey_buf[VG_PROTKEY_MAX_B58];	const char *keytype = "Privkey";	int len;	int isscript = (vcp->vc_format == VCF_SCRIPT);	EC_KEY *pkey = vxcp->vxc_key;	EC_POINT *ppnt;	int free_ppnt = 0;	if (vcp->vc_pubkey_base) {		ppnt = EC_POINT_new(EC_KEY_get0_group(pkey));		EC_POINT_copy(ppnt, EC_KEY_get0_public_key(pkey));		EC_POINT_add(EC_KEY_get0_group(pkey),			     ppnt,			     ppnt,			     vcp->vc_pubkey_base,			     NULL);		free_ppnt = 1;		keytype = "PrivkeyPart";	} else {		ppnt = (EC_POINT *) EC_KEY_get0_public_key(pkey);	}	assert(EC_KEY_check_key(pkey));//	if (vcp->vc_combined_compressed)	if (vxcp->vc_combined_compressed)		vg_encode_address_compressed(ppnt,				  EC_KEY_get0_group(pkey),				  vcp->vc_pubkeytype, addr_buf);	else		vg_encode_address(ppnt,				  EC_KEY_get0_group(pkey),				  vcp->vc_pubkeytype, addr_buf);	if (isscript)		vg_encode_script_address(ppnt,					 EC_KEY_get0_group(pkey),					 vcp->vc_addrtype, addr2_buf);	if (vcp->vc_key_protect_pass) {		len = vg_protect_encode_privkey(privkey_buf,						pkey, vcp->vc_privtype,						VG_PROTKEY_DEFAULT,						vcp->vc_key_protect_pass);		if (len) {			keytype = "Protkey";		} else {			fprintf(stderr,				"ERROR: could not password-protect key/n");			vcp->vc_key_protect_pass = NULL;		}	}	if (!vcp->vc_key_protect_pass) {//		if (vcp->vc_combined_compressed)		if (vxcp->vc_combined_compressed)			vg_encode_privkey_compressed(pkey, vcp->vc_privtype, privkey_buf);		else			vg_encode_privkey(pkey, vcp->vc_privtype, privkey_buf);	}	if (!vcp->vc_result_file || (vcp->vc_verbose > 0)) {		printf("/r%79s/rPattern: %s/n", "", pattern);	}	if (vcp->vc_verbose > 0) {		if (vcp->vc_verbose > 1) {			pend = key_buf;			len = i2o_ECPublicKey(pkey, &pend);			printf("Pubkey (hex): ");			dumphex(key_buf, len);			printf("Privkey (hex): ");			dumpbn(EC_KEY_get0_private_key(pkey));			pend = key_buf;			len = i2d_ECPrivateKey(pkey, &pend);			printf("Privkey (ASN1): ");			dumphex(key_buf, len);		}	}	if (!vcp->vc_result_file || (vcp->vc_verbose > 0)) {		if (isscript)			printf("P2SHAddress: %s/n", addr2_buf);		printf("Address: %s/n"		       "%s: %s/n",		       addr_buf, keytype, privkey_buf);	}	if (vcp->vc_result_file) {		FILE *fp = fopen(vcp->vc_result_file, "a");		if (!fp) {			fprintf(stderr,				"ERROR: could not open result file: %s/n",				strerror(errno));		} else {			fprintf(fp,				"Pattern: %s/n"//.........这里部分代码省略.........

void *vg_thread_loop(void *arg){	unsigned char hash_buf[128];	unsigned char *eckey_buf;	unsigned char hash1[32];	int i, c, len, output_interval;	int hash_len;	const BN_ULONG rekey_max = 10000000;	BN_ULONG npoints, rekey_at, nbatch;	vg_context_t *vcp = (vg_context_t *) arg;	EC_KEY *pkey = NULL;	const EC_GROUP *pgroup;	const EC_POINT *pgen;	const int ptarraysize = 256;	EC_POINT *ppnt[ptarraysize];	EC_POINT *pbatchinc;	vg_test_func_t test_func = vcp->vc_test;	vg_exec_context_t ctx;	vg_exec_context_t *vxcp;	struct timeval tvstart;	memset(&ctx, 0, sizeof(ctx));	vxcp = &ctx;	vg_exec_context_init(vcp, &ctx);	pkey = vxcp->vxc_key;	pgroup = EC_KEY_get0_group(pkey);	pgen = EC_GROUP_get0_generator(pgroup);	for (i = 0; i < ptarraysize; i++) {		ppnt[i] = EC_POINT_new(pgroup);		if (!ppnt[i]) {			fprintf(stderr, "ERROR: out of memory?/n");			exit(1);		}	}	pbatchinc = EC_POINT_new(pgroup);	if (!pbatchinc) {		fprintf(stderr, "ERROR: out of memory?/n");		exit(1);	}	BN_set_word(&vxcp->vxc_bntmp, ptarraysize);	EC_POINT_mul(pgroup, pbatchinc, &vxcp->vxc_bntmp, NULL, NULL,		     vxcp->vxc_bnctx);	EC_POINT_make_affine(pgroup, pbatchinc, vxcp->vxc_bnctx);	npoints = 0;	rekey_at = 0;	nbatch = 0;	vxcp->vxc_key = pkey;	vxcp->vxc_binres[0] = vcp->vc_addrtype;	c = 0;	output_interval = 1000;	gettimeofday(&tvstart, NULL);	if (vcp->vc_format == VCF_SCRIPT) {		hash_buf[ 0] = 0x51;  // OP_1		hash_buf[ 1] = 0x41;  // pubkey length		// gap for pubkey		hash_buf[67] = 0x51;  // OP_1		hash_buf[68] = 0xae;  // OP_CHECKMULTISIG		eckey_buf = hash_buf + 2;		hash_len = 69;	} else {		eckey_buf = hash_buf;		hash_len = 65;	}	while (!vcp->vc_halt) {		if (++npoints >= rekey_at) {			vg_exec_context_upgrade_lock(vxcp);			/* Generate a new random private key */			EC_KEY_generate_key(pkey);			npoints = 0;			/* Determine rekey interval */			EC_GROUP_get_order(pgroup, &vxcp->vxc_bntmp,					   vxcp->vxc_bnctx);			BN_sub(&vxcp->vxc_bntmp2,			       &vxcp->vxc_bntmp,			       EC_KEY_get0_private_key(pkey));			rekey_at = BN_get_word(&vxcp->vxc_bntmp2);			if ((rekey_at == BN_MASK2) || (rekey_at > rekey_max))				rekey_at = rekey_max;			assert(rekey_at > 0);			EC_POINT_copy(ppnt[0], EC_KEY_get0_public_key(pkey));			vg_exec_context_downgrade_lock(vxcp);			npoints++;//.........这里部分代码省略.........

static int pub_encode_gost_ec(X509_PUBKEY *pub, const EVP_PKEY *pk){    ASN1_OBJECT *algobj = NULL;    ASN1_OCTET_STRING *octet = NULL;    void *pval = NULL;    unsigned char *buf = NULL, *databuf = NULL, *sptr;    int i, j, data_len, ret = -1;    const EC_POINT *pub_key;    BIGNUM *X = NULL, *Y = NULL, *order = NULL;    const EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pk);    int ptype = V_ASN1_UNDEF;    algobj = OBJ_nid2obj(EVP_PKEY_base_id(pk));    if (pk->save_parameters) {        ASN1_STRING *params = encode_gost_algor_params(pk);        pval = params;        ptype = V_ASN1_SEQUENCE;    }    order = BN_new();    if (!order) {        GOSTerr(GOST_F_PUB_ENCODE_GOST_EC, ERR_R_MALLOC_FAILURE);        goto err;    }    EC_GROUP_get_order(EC_KEY_get0_group(ec), order, NULL);    pub_key = EC_KEY_get0_public_key(ec);    if (!pub_key) {        GOSTerr(GOST_F_PUB_ENCODE_GOST_EC, GOST_R_PUBLIC_KEY_UNDEFINED);        goto err;    }    X = BN_new();    Y = BN_new();    if (!X || !Y) {        GOSTerr(GOST_F_PUB_ENCODE_GOST_EC, ERR_R_MALLOC_FAILURE);        goto err;    }    if (!EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(ec),                                             pub_key, X, Y, NULL)) {        GOSTerr(GOST_F_PUB_ENCODE_GOST_EC, ERR_R_INTERNAL_ERROR);        goto err;    }    data_len = 2 * BN_num_bytes(order);    databuf = OPENSSL_malloc(data_len);    if (databuf == NULL) {        GOSTerr(GOST_F_PUB_ENCODE_GOST_EC, ERR_R_MALLOC_FAILURE);        goto err;    }    memset(databuf, 0, data_len);    store_bignum(X, databuf + data_len / 2, data_len / 2);    store_bignum(Y, databuf, data_len / 2);    octet = ASN1_OCTET_STRING_new();    if (octet == NULL) {        GOSTerr(GOST_F_PUB_ENCODE_GOST_EC, ERR_R_MALLOC_FAILURE);        goto err;    }    ASN1_STRING_set(octet, NULL, data_len);    sptr = ASN1_STRING_data(octet);    for (i = 0, j = data_len - 1; i < data_len; i++, j--) {        sptr[i] = databuf[j];    }    ret = i2d_ASN1_OCTET_STRING(octet, &buf);    ASN1_BIT_STRING_free(octet); err:    if (X)        BN_free(X);    if (Y)        BN_free(Y);    if (order)        BN_free(order);    if (databuf)        OPENSSL_free(databuf);    if (ret < 0)        return 0;    return X509_PUBKEY_set0_param(pub, algobj, ptype, pval, buf, ret);}

size_t EC_KEY_public_key_to_oct(const EC_KEY *key, uint8_t *out, size_t out_len) {  return EC_POINT_point2oct(EC_KEY_get0_group(key), EC_KEY_get0_public_key(key),                            out, out_len, NULL);}

voidkexecdh_client(Kex *kex){	EC_KEY *client_key;	EC_POINT *server_public;	const EC_GROUP *group;	BIGNUM *shared_secret;	Key *server_host_key;	u_char *server_host_key_blob = NULL, *signature = NULL;	u_char *kbuf, *hash;	u_int klen, slen, sbloblen, hashlen;	if ((client_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL)		fatal("%s: EC_KEY_new_by_curve_name failed", __func__);	if (EC_KEY_generate_key(client_key) != 1)		fatal("%s: EC_KEY_generate_key failed", __func__);	group = EC_KEY_get0_group(client_key);	packet_start(SSH2_MSG_KEX_ECDH_INIT);	packet_put_ecpoint(group, EC_KEY_get0_public_key(client_key));	packet_send();	debug("sending SSH2_MSG_KEX_ECDH_INIT");#ifdef DEBUG_KEXECDH	fputs("client private key:/n", stderr);	key_dump_ec_key(client_key);#endif	debug("expecting SSH2_MSG_KEX_ECDH_REPLY");	packet_read_expect(SSH2_MSG_KEX_ECDH_REPLY);	/* hostkey */	server_host_key_blob = packet_get_string(&sbloblen);	server_host_key = key_from_blob(server_host_key_blob, sbloblen);	if (server_host_key == NULL)		fatal("cannot decode server_host_key_blob");	if (server_host_key->type != kex->hostkey_type)		fatal("type mismatch for decoded server_host_key_blob");	if (kex->verify_host_key == NULL)		fatal("cannot verify server_host_key");	if (kex->verify_host_key(server_host_key) == -1)		fatal("server_host_key verification failed");	/* Q_S, server public key */	if ((server_public = EC_POINT_new(group)) == NULL)		fatal("%s: EC_POINT_new failed", __func__);	packet_get_ecpoint(group, server_public);	if (key_ec_validate_public(group, server_public) != 0)		fatal("%s: invalid server public key", __func__);#ifdef DEBUG_KEXECDH	fputs("server public key:/n", stderr);	key_dump_ec_point(group, server_public);#endif	/* signed H */	signature = packet_get_string(&slen);	packet_check_eom();	klen = (EC_GROUP_get_degree(group) + 7) / 8;	kbuf = xmalloc(klen);	if (ECDH_compute_key(kbuf, klen, server_public,	    client_key, NULL) != (int)klen)		fatal("%s: ECDH_compute_key failed", __func__);#ifdef DEBUG_KEXECDH	dump_digest("shared secret", kbuf, klen);#endif	if ((shared_secret = BN_new()) == NULL)		fatal("%s: BN_new failed", __func__);	if (BN_bin2bn(kbuf, klen, shared_secret) == NULL)		fatal("%s: BN_bin2bn failed", __func__);	memset(kbuf, 0, klen);	free(kbuf);	/* calc and verify H */	kex_ecdh_hash(	    kex->evp_md,	    group,	    kex->client_version_string,	    kex->server_version_string,	    buffer_ptr(&kex->my), buffer_len(&kex->my),	    buffer_ptr(&kex->peer), buffer_len(&kex->peer),	    server_host_key_blob, sbloblen,	    EC_KEY_get0_public_key(client_key),	    server_public,	    shared_secret,	    &hash, &hashlen	);	free(server_host_key_blob);	EC_POINT_clear_free(server_public);	EC_KEY_free(client_key);	if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1)		fatal("key_verify failed for server_host_key");	key_free(server_host_key);	free(signature);	/* save session id *///.........这里部分代码省略.........

int pkey_GOST01cp_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out,                          size_t *out_len, const unsigned char *key,                          size_t key_len){    GOST_KEY_TRANSPORT *gkt = NULL;    EVP_PKEY *pubk = EVP_PKEY_CTX_get0_pkey(pctx);    struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(pctx);    const struct gost_cipher_info *param = get_encryption_params(NULL);    unsigned char ukm[8], shared_key[32], crypted_key[44];    int ret = 0;    int key_is_ephemeral = 1;    gost_ctx cctx;    EVP_PKEY *sec_key = EVP_PKEY_CTX_get0_peerkey(pctx);    if (data->shared_ukm) {        memcpy(ukm, data->shared_ukm, 8);    } else if (out) {        if (RAND_bytes(ukm, 8) <= 0) {            GOSTerr(GOST_F_PKEY_GOST01CP_ENCRYPT,                    GOST_R_RANDOM_GENERATOR_FAILURE);            return 0;        }    }    /* Check for private key in the peer_key of context */    if (sec_key) {        key_is_ephemeral = 0;        if (!gost_get0_priv_key(sec_key)) {            GOSTerr(GOST_F_PKEY_GOST01CP_ENCRYPT,                    GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR);            goto err;        }    } else {        key_is_ephemeral = 1;        if (out) {            sec_key = EVP_PKEY_new();            EVP_PKEY_assign(sec_key, EVP_PKEY_base_id(pubk), EC_KEY_new());            EVP_PKEY_copy_parameters(sec_key, pubk);            if (!gost2001_keygen(EVP_PKEY_get0(sec_key))) {                goto err;            }        }    }    if (!get_gost_engine_param(GOST_PARAM_CRYPT_PARAMS)        && param == gost_cipher_list) {        param = gost_cipher_list + 1;    }    if (out) {        VKO_compute_key(shared_key, 32,                        EC_KEY_get0_public_key(EVP_PKEY_get0(pubk)),                        EVP_PKEY_get0(sec_key), ukm);        gost_init(&cctx, param->sblock);        keyWrapCryptoPro(&cctx, shared_key, ukm, key, crypted_key);    }    gkt = GOST_KEY_TRANSPORT_new();    if (!gkt) {        goto err;    }    if (!ASN1_OCTET_STRING_set(gkt->key_agreement_info->eph_iv, ukm, 8)) {        goto err;    }    if (!ASN1_OCTET_STRING_set(gkt->key_info->imit, crypted_key + 40, 4)) {        goto err;    }    if (!ASN1_OCTET_STRING_set        (gkt->key_info->encrypted_key, crypted_key + 8, 32)) {        goto err;    }    if (key_is_ephemeral) {        if (!X509_PUBKEY_set            (&gkt->key_agreement_info->ephem_key, out ? sec_key : pubk)) {            GOSTerr(GOST_F_PKEY_GOST01CP_ENCRYPT,                    GOST_R_CANNOT_PACK_EPHEMERAL_KEY);            goto err;        }    }    ASN1_OBJECT_free(gkt->key_agreement_info->cipher);    gkt->key_agreement_info->cipher = OBJ_nid2obj(param->nid);    if (key_is_ephemeral)        EVP_PKEY_free(sec_key);    if (!key_is_ephemeral) {        /* Set control "public key from client certificate used" */        if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL)            <= 0) {            GOSTerr(GOST_F_PKEY_GOST01CP_ENCRYPT, GOST_R_CTRL_CALL_FAILED);            goto err;        }    }    if ((*out_len = i2d_GOST_KEY_TRANSPORT(gkt, out ? &out : NULL)) > 0)        ret = 1;    GOST_KEY_TRANSPORT_free(gkt);    return ret; err:    if (key_is_ephemeral)        EVP_PKEY_free(sec_key);    GOST_KEY_TRANSPORT_free(gkt);    return -1;}

static int test_ecdh_curve(int nid, const char *text, BN_CTX *ctx, BIO *out)	{	EC_KEY *a=NULL;	EC_KEY *b=NULL;	BIGNUM *x_a=NULL, *y_a=NULL,	       *x_b=NULL, *y_b=NULL;	char buf[12];	unsigned char *abuf=NULL,*bbuf=NULL;	int i,alen,blen,aout,bout,ret=0;	const EC_GROUP *group;	a = EC_KEY_new_by_curve_name(nid);	b = EC_KEY_new_by_curve_name(nid);	if (a == NULL || b == NULL)		goto err;	group = EC_KEY_get0_group(a);	if ((x_a=BN_new()) == NULL) goto err;	if ((y_a=BN_new()) == NULL) goto err;	if ((x_b=BN_new()) == NULL) goto err;	if ((y_b=BN_new()) == NULL) goto err;	BIO_puts(out,"Testing key generation with ");	BIO_puts(out,text);#ifdef NOISY	BIO_puts(out,"/n");#else	BIO_flush(out);#endif	if (!EC_KEY_generate_key(a)) goto err;		if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) 		{		if (!EC_POINT_get_affine_coordinates_GFp(group,			EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err;		}	else		{		if (!EC_POINT_get_affine_coordinates_GF2m(group,			EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err;		}#ifdef NOISY	BIO_puts(out,"  pri 1=");	BN_print(out,a->priv_key);	BIO_puts(out,"/n  pub 1=");	BN_print(out,x_a);	BIO_puts(out,",");	BN_print(out,y_a);	BIO_puts(out,"/n");#else	BIO_printf(out," .");	BIO_flush(out);#endif	if (!EC_KEY_generate_key(b)) goto err;	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) 		{		if (!EC_POINT_get_affine_coordinates_GFp(group, 			EC_KEY_get0_public_key(b), x_b, y_b, ctx)) goto err;		}	else		{		if (!EC_POINT_get_affine_coordinates_GF2m(group, 			EC_KEY_get0_public_key(b), x_b, y_b, ctx)) goto err;		}#ifdef NOISY	BIO_puts(out,"  pri 2=");	BN_print(out,b->priv_key);	BIO_puts(out,"/n  pub 2=");	BN_print(out,x_b);	BIO_puts(out,",");	BN_print(out,y_b);	BIO_puts(out,"/n");#else	BIO_printf(out,".");	BIO_flush(out);#endif	alen=KDF1_SHA1_len;	abuf=(unsigned char *)OPENSSL_malloc(alen);	aout=ECDH_compute_key(abuf,alen,EC_KEY_get0_public_key(b),a,KDF1_SHA1);#ifdef NOISY	BIO_puts(out,"  key1 =");	for (i=0; i<aout; i++)		{		sprintf(buf,"%02X",abuf[i]);		BIO_puts(out,buf);		}	BIO_puts(out,"/n");#else	BIO_printf(out,".");	BIO_flush(out);#endif	blen=KDF1_SHA1_len;//.........这里部分代码省略.........

//.........这里部分代码省略.........                        valLen = BN_bn2bin(pRealKey->pkey.rsa->q, (UINT8*)pTemplate[i].pValue);                    }                        break;                                case CKA_PRIVATE_EXPONENT:                    if(pKey->type == CKK_DSA)                    {                        EVP_PKEY* pRealKey = (EVP_PKEY*)pKey->key;                        valLen = BN_bn2bin(pRealKey->pkey.dsa->priv_key, (UINT8*)pTemplate[i].pValue);                    }                    else if(pKey->type == CKK_RSA)                    {                        EVP_PKEY* pRealKey = (EVP_PKEY*)pKey->key;                        valLen = BN_bn2bin(pRealKey->pkey.rsa->d, (UINT8*)pTemplate[i].pValue);                    }                    break;                case CKA_PUBLIC_EXPONENT:                    if(pKey->type == CKK_DSA)                    {                        EVP_PKEY* pRealKey = (EVP_PKEY*)pKey->key;                                        valLen = BN_bn2bin(pRealKey->pkey.dsa->pub_key, (UINT8*)pTemplate[i].pValue);                    }                    else if(pKey->type == CKK_EC)                    {                        UINT8 pTmp[66*2+1];                                            EC_KEY* pEC = ((EVP_PKEY*)pKey->key)->pkey.ec;                                                const EC_POINT* point = EC_KEY_get0_public_key(pEC);                        valLen = EC_POINT_point2oct(EC_KEY_get0_group(pEC), point, POINT_CONVERSION_UNCOMPRESSED, (UINT8*)pTmp, ARRAYSIZE(pTmp), NULL);                                            if(valLen == 0) return CKR_FUNCTION_FAILED;                                                    memmove(pTemplate[i].pValue, &pTmp[1], valLen-1); // remove POINT_CONVERSION_UNCOMPRESSED header byte                    }                    else if(pKey->type == CKK_RSA)                    {                        EVP_PKEY* pRealKey = (EVP_PKEY*)pKey->key;                        valLen = BN_bn2bin(pRealKey->pkey.rsa->e, (UINT8*)pTemplate[i].pValue);                    }                                        break;                case CKA_PRIME:                    if(pKey->type == CKK_DSA)                    {                        EVP_PKEY* pRealKey = (EVP_PKEY*)pKey->key;                        valLen = BN_bn2bin(pRealKey->pkey.dsa->p, (UINT8*)pTemplate[i].pValue);                    }                    break;                case CKA_SUBPRIME:                    if(pKey->type == CKK_DSA)                    {                        EVP_PKEY* pRealKey = (EVP_PKEY*)pKey->key;                        valLen = BN_bn2bin(pRealKey->pkey.dsa->q, (UINT8*)pTemplate[i].pValue);                    }                    break;