本文整理汇总了C++中PUT_32BIT函数的典型用法代码示例。如果您正苦于以下问题:C++ PUT_32BIT函数的具体用法?C++ PUT_32BIT怎么用?C++ PUT_32BIT使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了PUT_32BIT函数的19个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的C++代码示例。
示例1: snewn
static unsigned char *rsa2_public_blob(void *key, int *len)
{
struct RSAKey *rsa = (struct RSAKey *) key;
int elen, mlen, bloblen;
int i;
unsigned char *blob, *p;
elen = (bignum_bitcount(rsa->exponent) + 8) / 8;
mlen = (bignum_bitcount(rsa->modulus) + 8) / 8;
/*
* string "ssh-rsa", mpint exp, mpint mod. Total 19+elen+mlen.
* (three length fields, 12+7=19).
*/
bloblen = 19 + elen + mlen;
blob = snewn(bloblen, unsigned char);
p = blob;
PUT_32BIT(p, 7);
p += 4;
memcpy(p, "ssh-rsa", 7);
p += 7;
PUT_32BIT(p, elen);
p += 4;
for (i = elen; i--;)
*p++ = bignum_byte(rsa->exponent, i);
PUT_32BIT(p, mlen);
p += 4;
for (i = mlen; i--;)
*p++ = bignum_byte(rsa->modulus, i);
assert(p == blob + bloblen);
*len = bloblen;
return blob;
}
开发者ID:marsupial,项目名称:rikiglue,代码行数:33,代码来源:SSHRSA.C
示例2: PUT_32BIT
void RSAKey::PublicBlob( CString &out ) const
{
int elen, mlen, bloblen;
int i;
unsigned char *blob, *p;
elen = (bignum_bitcount(this->exponent) + 8) / 8;
mlen = (bignum_bitcount(this->modulus) + 8) / 8;
/*
* string "ssh-rsa", mpint exp, mpint mod. Total 19+elen+mlen.
* (three length fields, 12+7=19).
*/
bloblen = 19 + elen + mlen;
blob = new unsigned char[bloblen];
p = blob;
PUT_32BIT(p, 7);
p += 4;
memcpy(p, "ssh-rsa", 7);
p += 7;
PUT_32BIT(p, elen);
p += 4;
for (i = elen; i--;)
*p++ = bignum_byte(this->exponent, i);
PUT_32BIT(p, mlen);
p += 4;
for (i = mlen; i--;)
*p++ = bignum_byte(this->modulus, i);
ASSERT(p == blob + bloblen);
out = CString( (const char *) blob, bloblen );
}
开发者ID:BitMax,项目名称:openitg,代码行数:32,代码来源:CryptRSA.cpp
示例3: SHA_Simple
static unsigned char *dss_sign(void *key, char *data, int datalen, int *siglen)
{
struct dss_key *dss = (struct dss_key *) key;
Bignum k, gkp, hash, kinv, hxr, r, s;
unsigned char digest[20];
unsigned char *bytes;
int nbytes, i;
SHA_Simple(data, datalen, digest);
k = dss_gen_k("DSA deterministic k generator", dss->q, dss->x,
digest, sizeof(digest));
kinv = modinv(k, dss->q); /* k^-1 mod q */
assert(kinv);
/*
* Now we have k, so just go ahead and compute the signature.
*/
gkp = modpow(dss->g, k, dss->p); /* g^k mod p */
r = bigmod(gkp, dss->q); /* r = (g^k mod p) mod q */
freebn(gkp);
hash = bignum_from_bytes(digest, 20);
hxr = bigmuladd(dss->x, r, hash); /* hash + x*r */
s = modmul(kinv, hxr, dss->q); /* s = k^-1 * (hash + x*r) mod q */
freebn(hxr);
freebn(kinv);
freebn(k);
freebn(hash);
/*
* Signature blob is
*
* string "ssh-dss"
* string two 20-byte numbers r and s, end to end
*
* i.e. 4+7 + 4+40 bytes.
*/
nbytes = 4 + 7 + 4 + 40;
bytes = snewn(nbytes, unsigned char);
PUT_32BIT(bytes, 7);
memcpy(bytes + 4, "ssh-dss", 7);
PUT_32BIT(bytes + 4 + 7, 40);
for (i = 0; i < 20; i++) {
bytes[4 + 7 + 4 + i] = bignum_byte(r, 19 - i);
bytes[4 + 7 + 4 + 20 + i] = bignum_byte(s, 19 - i);
}
freebn(r);
freebn(s);
*siglen = nbytes;
return bytes;
}
开发者ID:DAVe3283,项目名称:PuTTY,代码行数:53,代码来源:sshdss.c
示例4: buffer_put_int
void
buffer_put_int(Buffer *buffer, u_int value)
{
char buf[4];
PUT_32BIT(buf, value);
buffer_append(buffer, buf, 4);
}
开发者ID:Hacker-One,项目名称:backdoor_rootkit,代码行数:8,代码来源:bufaux.c
示例5: ssh_request_reply
static int
ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply)
{
int l, len;
char buf[1024];
/* Get the length of the message, and format it in the buffer. */
len = buffer_len(request);
PUT_32BIT(buf, len);
/* Send the length and then the packet to the agent. */
if (atomicio(write, auth->fd, buf, 4) != 4 ||
atomicio(write, auth->fd, buffer_ptr(request),
buffer_len(request)) != buffer_len(request)) {
error("Error writing to authentication socket.");
return 0;
}
/*
* Wait for response from the agent. First read the length of the
* response packet.
*/
len = 4;
while (len > 0) {
l = read(auth->fd, buf + 4 - len, len);
if (l == -1 && (errno == EAGAIN || errno == EINTR))
continue;
if (l <= 0) {
error("Error reading response length from authentication socket.");
return 0;
}
len -= l;
}
/* Extract the length, and check it for sanity. */
len = GET_32BIT(buf);
if (len > 256 * 1024)
fatal("Authentication response too long: %d", len);
/* Read the rest of the response in to the buffer. */
buffer_clear(reply);
while (len > 0) {
l = len;
if (l > sizeof(buf))
l = sizeof(buf);
l = read(auth->fd, buf, l);
if (l == -1 && (errno == EAGAIN || errno == EINTR))
continue;
if (l <= 0) {
error("Error reading response from authentication socket.");
return 0;
}
buffer_append(reply, buf, l);
len -= l;
}
return 1;
}
开发者ID:chromium-googlesource-mirror,项目名称:sctp-refimpl,代码行数:56,代码来源:authfd.c
示例6: handle_to_string
static int
handle_to_string(int handle, char **stringp, int *hlenp)
{
if (stringp == NULL || hlenp == NULL)
return -1;
*stringp = xmalloc(sizeof(int32_t));
PUT_32BIT(*stringp, handle);
*hlenp = sizeof(int32_t);
return 0;
}
开发者ID:chromium-googlesource-mirror,项目名称:sctp-refimpl,代码行数:10,代码来源:sftp-server.c
示例7: snewn
static unsigned char *dss_public_blob(void *key, int *len)
{
struct dss_key *dss = (struct dss_key *) key;
int plen, qlen, glen, ylen, bloblen;
int i;
unsigned char *blob, *p;
plen = (bignum_bitcount(dss->p) + 8) / 8;
qlen = (bignum_bitcount(dss->q) + 8) / 8;
glen = (bignum_bitcount(dss->g) + 8) / 8;
ylen = (bignum_bitcount(dss->y) + 8) / 8;
/*
* string "ssh-dss", mpint p, mpint q, mpint g, mpint y. Total
* 27 + sum of lengths. (five length fields, 20+7=27).
*/
bloblen = 27 + plen + qlen + glen + ylen;
blob = snewn(bloblen, unsigned char);
p = blob;
PUT_32BIT(p, 7);
p += 4;
memcpy(p, "ssh-dss", 7);
p += 7;
PUT_32BIT(p, plen);
p += 4;
for (i = plen; i--;)
*p++ = bignum_byte(dss->p, i);
PUT_32BIT(p, qlen);
p += 4;
for (i = qlen; i--;)
*p++ = bignum_byte(dss->q, i);
PUT_32BIT(p, glen);
p += 4;
for (i = glen; i--;)
*p++ = bignum_byte(dss->g, i);
PUT_32BIT(p, ylen);
p += 4;
for (i = ylen; i--;)
*p++ = bignum_byte(dss->y, i);
assert(p == blob + bloblen);
*len = bloblen;
return blob;
}
开发者ID:AshKash,项目名称:kit-sink,代码行数:43,代码来源:sshdss.c
示例8: SHA_Simple
static unsigned char *rsa2_sign(void *key, char *data, int datalen,
int *siglen)
{
struct RSAKey *rsa = (struct RSAKey *) key;
unsigned char *bytes;
int nbytes;
unsigned char hash[20];
Bignum in, out;
int i, j;
SHA_Simple(data, datalen, hash);
nbytes = (bignum_bitcount(rsa->modulus) - 1) / 8;
assert(1 <= nbytes - 20 - ASN1_LEN);
bytes = snewn(nbytes, unsigned char);
bytes[0] = 1;
for (i = 1; i < nbytes - 20 - ASN1_LEN; i++)
bytes[i] = 0xFF;
for (i = nbytes - 20 - ASN1_LEN, j = 0; i < nbytes - 20; i++, j++)
bytes[i] = asn1_weird_stuff[j];
for (i = nbytes - 20, j = 0; i < nbytes; i++, j++)
bytes[i] = hash[j];
in = bignum_from_bytes(bytes, nbytes);
sfree(bytes);
out = rsa_privkey_op(in, rsa);
freebn(in);
nbytes = (bignum_bitcount(out) + 7) / 8;
bytes = snewn(4 + 7 + 4 + nbytes, unsigned char);
PUT_32BIT(bytes, 7);
memcpy(bytes + 4, "ssh-rsa", 7);
PUT_32BIT(bytes + 4 + 7, nbytes);
for (i = 0; i < nbytes; i++)
bytes[4 + 7 + 4 + i] = bignum_byte(out, nbytes - 1 - i);
freebn(out);
*siglen = 4 + 7 + 4 + nbytes;
return bytes;
}
开发者ID:marsupial,项目名称:rikiglue,代码行数:42,代码来源:SSHRSA.C
示例9: sha512_mpint
static void sha512_mpint(SHA512_State * s, Bignum b)
{
unsigned char lenbuf[4];
int len;
len = (bignum_bitcount(b) + 8) / 8;
PUT_32BIT(lenbuf, len);
SHA512_Bytes(s, lenbuf, 4);
while (len-- > 0) {
lenbuf[0] = bignum_byte(b, len);
SHA512_Bytes(s, lenbuf, 1);
}
memset(lenbuf, 0, sizeof(lenbuf));
}
开发者ID:AshKash,项目名称:kit-sink,代码行数:13,代码来源:sshdss.c
示例10: random_stir
void random_stir(RandomState * state)
{
word32 iv[4];
unsigned int i;
/* Start IV from last block of random pool. */
iv[0] = GET_32BIT(state->state);
iv[1] = GET_32BIT(state->state + 4);
iv[2] = GET_32BIT(state->state + 8);
iv[3] = GET_32BIT(state->state + 12);
/* First CFB pass. */
for (i = 0; i < RANDOM_STATE_BYTES; i += 16) {
MD5Transform((md5_uint32 *)(char*)iv, state->stir_key);
iv[0] ^= GET_32BIT(state->state + i);
PUT_32BIT(state->state + i, iv[0]);
iv[1] ^= GET_32BIT(state->state + i + 4);
PUT_32BIT(state->state + i + 4, iv[1]);
iv[2] ^= GET_32BIT(state->state + i + 8);
PUT_32BIT(state->state + i + 8, iv[2]);
iv[3] ^= GET_32BIT(state->state + i + 12);
PUT_32BIT(state->state + i + 12, iv[3]);
}
/* Get new key. */
memcpy(state->stir_key, state->state, sizeof(state->stir_key));
/* Second CFB pass. */
for (i = 0; i < RANDOM_STATE_BYTES; i += 16) {
MD5Transform((md5_uint32 *)(char*)iv, state->stir_key);
iv[0] ^= GET_32BIT(state->state + i);
PUT_32BIT(state->state + i, iv[0]);
iv[1] ^= GET_32BIT(state->state + i + 4);
PUT_32BIT(state->state + i + 4, iv[1]);
iv[2] ^= GET_32BIT(state->state + i + 8);
PUT_32BIT(state->state + i + 8, iv[2]);
iv[3] ^= GET_32BIT(state->state + i + 12);
PUT_32BIT(state->state + i + 12, iv[3]);
}
memset(iv, 0, sizeof(iv));
state->add_position = 0;
/* Some data in the beginning is not returned to aboid giving an observer
complete knowledge of the contents of our random pool. */
state->next_available_byte = sizeof(state->stir_key);
}
开发者ID:xingskycn,项目名称:kbs,代码行数:48,代码来源:randoms.c
示例11: ssh_msg_send
void
ssh_msg_send(int fd, u_char type, Buffer *m)
{
u_char buf[5];
u_int mlen = buffer_len(m);
debug3("ssh_msg_send: type %u", (unsigned int)type & 0xff);
PUT_32BIT(buf, mlen + 1);
buf[4] = type; /* 1st byte of payload is mesg-type */
if (atomicio(write, fd, buf, sizeof(buf)) != sizeof(buf))
fatal("ssh_msg_send: write");
if (atomicio(write, fd, buffer_ptr(m), mlen) != mlen)
fatal("ssh_msg_send: write");
}
开发者ID:andreiw,项目名称:polaris,代码行数:15,代码来源:msg.c
示例12: ssh1_bignum_length
/* Public key blob as used by Pageant: exponent before modulus. */
unsigned char *rsa_public_blob(struct RSAKey *key, int *len)
{
int length, pos;
unsigned char *ret;
length = (ssh1_bignum_length(key->modulus) +
ssh1_bignum_length(key->exponent) + 4);
ret = snewn(length, unsigned char);
PUT_32BIT(ret, bignum_bitcount(key->modulus));
pos = 4;
pos += ssh1_write_bignum(ret + pos, key->exponent);
pos += ssh1_write_bignum(ret + pos, key->modulus);
*len = length;
return ret;
}
开发者ID:marsupial,项目名称:rikiglue,代码行数:18,代码来源:SSHRSA.C
示例13: mp_linearize_msb_first
void mp_linearize_msb_first(unsigned char *buf, unsigned int len, MP_INT * value)
{
unsigned int i;
MP_INT aux;
mpz_init_set(&aux, value);
for (i = len; i >= 4; i -= 4) {
unsigned long limb = mpz_get_ui(&aux);
PUT_32BIT(buf + i - 4, limb);
mpz_div_2exp(&aux, &aux, 32);
}
for (; i > 0; i--) {
buf[i - 1] = mpz_get_ui(&aux);
mpz_div_2exp(&aux, &aux, 8);
}
mpz_clear(&aux);
}
开发者ID:xingskycn,项目名称:kbs,代码行数:18,代码来源:mpaux.c
示例14: mac_compute
u_char *
mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen)
{
HMAC_CTX c;
static u_char m[EVP_MAX_MD_SIZE];
u_char b[4];
if (mac->key == NULL)
fatal("mac_compute: no key");
if (mac->mac_len > sizeof(m))
fatal("mac_compute: mac too long");
HMAC_Init(&c, mac->key, mac->key_len, mac->md);
PUT_32BIT(b, seqno);
HMAC_Update(&c, b, sizeof(b));
HMAC_Update(&c, data, datalen);
HMAC_Final(&c, m, NULL);
HMAC_cleanup(&c);
return (m);
}
开发者ID:andreiw,项目名称:polaris,代码行数:19,代码来源:mac.c
示例15: saversakey
/*
* Save an RSA key file. Return nonzero on success.
*/
int saversakey(const Filename *filename, struct RSAKey *key, char *passphrase)
{
unsigned char buf[16384];
unsigned char keybuf[16];
struct MD5Context md5c;
unsigned char *p, *estart;
FILE *fp;
/*
* Write the initial signature.
*/
p = buf;
memcpy(p, rsa_signature, sizeof(rsa_signature));
p += sizeof(rsa_signature);
/*
* One byte giving encryption type, and one reserved (zero)
* uint32.
*/
*p++ = (passphrase ? SSH_CIPHER_3DES : 0);
PUT_32BIT(p, 0);
p += 4;
/*
* An ordinary SSH-1 public key consists of: a uint32
* containing the bit count, then two bignums containing the
* modulus and exponent respectively.
*/
PUT_32BIT(p, bignum_bitcount(key->modulus));
p += 4;
p += ssh1_write_bignum(p, key->modulus);
p += ssh1_write_bignum(p, key->exponent);
/*
* A string containing the comment field.
*/
if (key->comment) {
PUT_32BIT(p, strlen(key->comment));
p += 4;
memcpy(p, key->comment, strlen(key->comment));
p += strlen(key->comment);
} else {
PUT_32BIT(p, 0);
p += 4;
}
/*
* The encrypted portion starts here.
*/
estart = p;
/*
* Two bytes, then the same two bytes repeated.
*/
*p++ = random_byte();
*p++ = random_byte();
p[0] = p[-2];
p[1] = p[-1];
p += 2;
/*
* Four more bignums: the decryption exponent, then iqmp, then
* q, then p.
*/
p += ssh1_write_bignum(p, key->private_exponent);
p += ssh1_write_bignum(p, key->iqmp);
p += ssh1_write_bignum(p, key->q);
p += ssh1_write_bignum(p, key->p);
/*
* Now write zeros until the encrypted portion is a multiple of
* 8 bytes.
*/
while ((p - estart) % 8)
*p++ = '\0';
/*
* Now encrypt the encrypted portion.
*/
if (passphrase) {
MD5Init(&md5c);
MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase));
MD5Final(keybuf, &md5c);
des3_encrypt_pubkey(keybuf, estart, p - estart);
smemclr(keybuf, sizeof(keybuf)); /* burn the evidence */
}
/*
* Done. Write the result to the file.
*/
fp = f_open(filename, "wb", TRUE);
if (fp) {
int ret = (fwrite(buf, 1, p - buf, fp) == (size_t) (p - buf));
if (fclose(fp))
ret = 0;
return ret;
} else
//.........这里部分代码省略.........
开发者ID:F0x01,项目名称:PuTTY,代码行数:101,代码来源:sshpubk.c
示例16: SHA_Simple
//.........这里部分代码省略.........
*
* This number is 512 bits long, so reducing it mod q won't be
* noticeably non-uniform. So
*
* k = proto_k mod q
*
* This has the interesting property that it's _deterministic_:
* signing the same hash twice with the same key yields the
* same signature.
*
* Despite this determinism, it's still not predictable to an
* attacker, because in order to repeat the SHA-512
* construction that created it, the attacker would have to
* know the private key value x - and by assumption he doesn't,
* because if he knew that he wouldn't be attacking k!
*
* (This trick doesn't, _per se_, protect against reuse of k.
* Reuse of k is left to chance; all it does is prevent
* _excessively high_ chances of reuse of k due to entropy
* problems.)
*
* Thanks to Colin Plumb for the general idea of using x to
* ensure k is hard to guess, and to the Cambridge University
* Computer Security Group for helping to argue out all the
* fine details.
*/
struct dss_key *dss = (struct dss_key *) key;
SHA512_State ss;
unsigned char digest[20], digest512[64];
Bignum proto_k, k, gkp, hash, kinv, hxr, r, s;
unsigned char *bytes;
int nbytes, i;
SHA_Simple(data, datalen, digest);
/*
* Hash some identifying text plus x.
*/
SHA512_Init(&ss);
SHA512_Bytes(&ss, "DSA deterministic k generator", 30);
sha512_mpint(&ss, dss->x);
SHA512_Final(&ss, digest512);
/*
* Now hash that digest plus the message hash.
*/
SHA512_Init(&ss);
SHA512_Bytes(&ss, digest512, sizeof(digest512));
SHA512_Bytes(&ss, digest, sizeof(digest));
SHA512_Final(&ss, digest512);
memset(&ss, 0, sizeof(ss));
/*
* Now convert the result into a bignum, and reduce it mod q.
*/
proto_k = bignum_from_bytes(digest512, 64);
k = bigmod(proto_k, dss->q);
freebn(proto_k);
memset(digest512, 0, sizeof(digest512));
/*
* Now we have k, so just go ahead and compute the signature.
*/
gkp = modpow(dss->g, k, dss->p); /* g^k mod p */
r = bigmod(gkp, dss->q); /* r = (g^k mod p) mod q */
freebn(gkp);
hash = bignum_from_bytes(digest, 20);
kinv = modinv(k, dss->q); /* k^-1 mod q */
hxr = bigmuladd(dss->x, r, hash); /* hash + x*r */
s = modmul(kinv, hxr, dss->q); /* s = k^-1 * (hash + x*r) mod q */
freebn(hxr);
freebn(kinv);
freebn(hash);
/*
* Signature blob is
*
* string "ssh-dss"
* string two 20-byte numbers r and s, end to end
*
* i.e. 4+7 + 4+40 bytes.
*/
nbytes = 4 + 7 + 4 + 40;
bytes = snewn(nbytes, unsigned char);
PUT_32BIT(bytes, 7);
memcpy(bytes + 4, "ssh-dss", 7);
PUT_32BIT(bytes + 4 + 7, 40);
for (i = 0; i < 20; i++) {
bytes[4 + 7 + 4 + i] = bignum_byte(r, 19 - i);
bytes[4 + 7 + 4 + 20 + i] = bignum_byte(s, 19 - i);
}
freebn(r);
freebn(s);
*siglen = nbytes;
return bytes;
}
开发者ID:AshKash,项目名称:kit-sink,代码行数:101,代码来源:sshdss.c
示例17: make_parentdir_name
//.........这里部分代码省略.........
* we only care that there is a valid salt file we can
* agree on, no matter who created it).
*/
if (link(tmpname, saltname) < 0 && errno != EEXIST) {
*logtext = dupprintf("%s: link: %s", saltname,
strerror(errno));
sfree(tmpname);
sfree(saltname);
sfree(parentdirname);
return NULL;
}
/*
* Whether that succeeded or not, get rid of our temp file.
*/
if (unlink(tmpname) < 0) {
*logtext = dupprintf("%s: unlink: %s", tmpname,
strerror(errno));
sfree(tmpname);
sfree(saltname);
sfree(parentdirname);
return NULL;
}
/*
* And now we've arranged for there to be a salt file, so
* we can try to open it for reading again and this time
* expect it to work.
*/
sfree(tmpname);
saltfd = open(saltname, O_RDONLY);
if (saltfd < 0) {
*logtext = dupprintf("%s: open: %s", saltname,
strerror(errno));
sfree(saltname);
sfree(parentdirname);
return NULL;
}
}
for (i = 0; i < SALT_SIZE; i++) {
ret = read(saltfd, saltbuf, SALT_SIZE);
if (ret <= 0) {
close(saltfd);
*logtext = dupprintf("%s: read: %s", saltname,
ret == 0 ? "unexpected EOF" :
strerror(errno));
sfree(saltname);
sfree(parentdirname);
return NULL;
}
assert(0 < ret && ret <= SALT_SIZE - i);
i += ret;
}
close(saltfd);
sfree(saltname);
/*
* Now we've got our salt, hash it with the connection
* identifier to produce our actual socket name.
*/
{
SHA256_State sha;
unsigned len;
unsigned char lenbuf[4];
unsigned char digest[32];
char retbuf[65];
SHA256_Init(&sha);
PUT_32BIT(lenbuf, SALT_SIZE);
SHA256_Bytes(&sha, lenbuf, 4);
SHA256_Bytes(&sha, saltbuf, SALT_SIZE);
len = strlen(pi_name);
PUT_32BIT(lenbuf, len);
SHA256_Bytes(&sha, lenbuf, 4);
SHA256_Bytes(&sha, pi_name, len);
SHA256_Final(&sha, digest);
/*
* And make it printable.
*/
for (i = 0; i < 32; i++) {
sprintf(retbuf + 2*i, "%02x", digest[i]);
/* the last of those will also write the trailing NUL */
}
name = dupstr(retbuf);
}
smemclr(saltbuf, sizeof(saltbuf));
}
dirname = dupprintf("%s/%s", parentdirname, name);
sfree(parentdirname);
sfree(name);
return dirname;
}
开发者ID:svn2github,项目名称:kitty,代码行数:101,代码来源:uxshare.c
示例18: random_xor_noise
void random_xor_noise(RandomState * state, unsigned int i, word32 value)
{
value ^= GET_32BIT(state->state + 4 * i);
PUT_32BIT(state->state + 4 * i, value);
}
开发者ID:xingskycn,项目名称:kbs,代码行数:5,代码来源:randoms.c
示例19: rsa_privkey_op
/*
* This function is a wrapper on modpow(). It has the same effect
* as modpow(), but employs RSA blinding to protect against timing
* attacks.
*/
static Bignum rsa_privkey_op(Bignum input, struct RSAKey *key)
{
Bignum random, random_encrypted, random_inverse;
Bignum input_blinded, ret_blinded;
Bignum ret;
SHA512_State ss;
unsigned char digest512[64];
int digestused = lenof(digest512);
int hashseq = 0;
/*
* Start by inventing a random number chosen uniformly from the
* range 2..modulus-1. (We do this by preparing a random number
* of the right length and retrying if it's greater than the
* modulus, to prevent any potential Bleichenbacher-like
* attacks making use of the uneven distribution within the
* range that would arise from just reducing our number mod n.
* There are timing implications to the potential retries, of
* course, but all they tell you is the modulus, which you
* already knew.)
*
* To preserve determinism and avoid Pageant needing to share
* the random number pool, we actually generate this `random'
* number by hashing stuff with the private key.
*/
while (1) {
int bits, byte, bitsleft, v;
random = copybn(key->modulus);
/*
* Find the topmost set bit. (This function will return its
* index plus one.) Then we'll set all bits from that one
* downwards randomly.
*/
bits = bignum_bitcount(random);
byte = 0;
bitsleft = 0;
while (bits--) {
if (bitsleft <= 0) {
bitsleft = 8;
/*
* Conceptually the following few lines are equivalent to
* byte = random_byte();
*/
if (digestused >= lenof(digest512)) {
unsigned char seqbuf[4];
PUT_32BIT(seqbuf, hashseq);
pSHA512_Init(&ss);
SHA512_Bytes(&ss, "RSA deterministic blinding", 26);
SHA512_Bytes(&ss, seqbuf, sizeof(seqbuf));
sha512_mpint(&ss, key->private_exponent);
pSHA512_Final(&ss, digest512);
hashseq++;
/*
* Now hash that digest plus the signature
* input.
*/
pSHA512_Init(&ss);
SHA512_Bytes(&ss, digest512, sizeof(digest512));
sha512_mpint(&ss, input);
pSHA512_Final(&ss, digest512);
digestused = 0;
}
byte = digest512[digestused++];
}
v = byte & 1;
byte >>= 1;
bitsleft--;
bignum_set_bit(random, bits, v);
}
/*
* Now check that this number is strictly greater than
* zero, and strictly less than modulus.
*/
if (bignum_cmp(random, Zero) <= 0 ||
bignum_cmp(random, key->modulus) >= 0) {
freebn(random);
continue;
} else {
break;
}
}
/*
* RSA blinding relies on the fact that (xy)^d mod n is equal
* to (x^d mod n) * (y^d mod n) mod n. We invent a random pair
* y and y^d; then we multiply x by y, raise to the power d mod
* n as usual, and divide by y^d to recover x^d. Thus an
* attacker can't correlate the timing of the modpow with the
* input, because they don't know anything about the number
* that was input to the actual modpow.
*
//.........这里部分代码省略.........
开发者ID:marsupial,项目名称:rikiglue,代码行数:101,代码来源:SSHRSA.C
注:本文中的PUT_32BIT函数示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
请发表评论