// The ECMQV Primitive as described in SEC-1, 3.4
private static ECPoint CalculateMqvAgreement(
ECDomainParameters parameters,
ECPrivateKeyParameters d1U,
ECPrivateKeyParameters d2U,
ECPublicKeyParameters Q2U,
ECPublicKeyParameters Q1V,
ECPublicKeyParameters Q2V)
{
BigInteger n = parameters.N;
int e = (n.BitLength + 1) / 2;
BigInteger powE = BigInteger.One.ShiftLeft(e);
ECCurve curve = parameters.Curve;
ECPoint q2u = ECAlgorithms.CleanPoint(curve, Q2U.Q);
ECPoint q1v = ECAlgorithms.CleanPoint(curve, Q1V.Q);
ECPoint q2v = ECAlgorithms.CleanPoint(curve, Q2V.Q);
BigInteger x = q2u.AffineXCoord.ToBigInteger();
BigInteger xBar = x.Mod(powE);
BigInteger Q2UBar = xBar.SetBit(e);
BigInteger s = d1U.D.Multiply(Q2UBar).Add(d2U.D).Mod(n);
BigInteger xPrime = q2v.AffineXCoord.ToBigInteger();
BigInteger xPrimeBar = xPrime.Mod(powE);
BigInteger Q2VBar = xPrimeBar.SetBit(e);
BigInteger hs = parameters.H.Multiply(s).Mod(n);
return(ECAlgorithms.SumOfTwoMultiplies(
q1v, Q2VBar.Multiply(hs).Mod(n), q2v, hs));
}
private ECPoint CalculatePoint(ECPublicKeyParameters pubKeyParams)
{
var dp = keyParam.Parameters;
if (!dp.Equals(pubKeyParams.Parameters))
{
throw new InvalidOperationException("ECDH public key has wrong domain parameters");
}
var d = keyParam.D;
ECPoint Q = ECAlgorithms.CleanPoint(dp.Curve, pubKeyParams.Q);
if (Q.IsInfinity)
{
throw new InvalidOperationException("Infinity is not a valid public key for ECDH");
}
BigInteger h = dp.H;
if (!h.Equals(BigInteger.One))
{
d = dp.HInv.Multiply(d).Mod(dp.N);
Q = ECAlgorithms.ReferenceMultiply(Q, h);
}
ECPoint P = Q.Multiply(d).Normalize();
if (P.IsInfinity)
{
throw new InvalidOperationException("Infinity is not a valid agreement value for ECDH");
}
return(P);
}
public virtual BigInteger CalculateAgreement(
ICipherParameters pubKey)
{
ECPublicKeyParameters pub = (ECPublicKeyParameters)pubKey;
ECDomainParameters dp = privKey.Parameters;
if (!dp.Equals(pub.Parameters))
{
throw new InvalidOperationException("ECDHC public key has wrong domain parameters");
}
BigInteger hd = dp.H.Multiply(privKey.D).Mod(dp.N);
// Always perform calculations on the exact curve specified by our private key's parameters
ECPoint pubPoint = ECAlgorithms.CleanPoint(dp.Curve, pub.Q);
if (pubPoint.IsInfinity)
{
throw new InvalidOperationException("Infinity is not a valid public key for ECDHC");
}
ECPoint P = pubPoint.Multiply(hd).Normalize();
if (P.IsInfinity)
{
throw new InvalidOperationException("Infinity is not a valid agreement value for ECDHC");
}
return(P.AffineXCoord.ToBigInteger());
}
protected virtual ECPoint CalculateU(SM2KeyExchangePublicParameters otherPub)
{
ECDomainParameters dp = mStaticKey.Parameters;
ECPoint p1 = ECAlgorithms.CleanPoint(dp.Curve, otherPub.StaticPublicKey.Q);
ECPoint p2 = ECAlgorithms.CleanPoint(dp.Curve, otherPub.EphemeralPublicKey.Q);
BigInteger x1 = Reduce(mEphemeralPubPoint.AffineXCoord.ToBigInteger());
BigInteger x2 = Reduce(p2.AffineXCoord.ToBigInteger());
BigInteger tA = mStaticKey.D.Add(x1.Multiply(mEphemeralKey.D));
BigInteger k1 = mECParams.H.Multiply(tA).Mod(mECParams.N);
BigInteger k2 = k1.Multiply(x2).Mod(mECParams.N);
return(ECAlgorithms.SumOfTwoMultiplies(p1, k1, p2, k2).Normalize());
}
