public void GeneratePublicKeyFromPrivateWithSomeManipulationEnsureNoLongerValidKeyPair()
{
var privateKey = new BitString("4C089A9597865D316B5163A01F85458A0B954CD542B9B2D83E39CB3CBA010441");
var expectedPublic = new BitString("EBB9897DF6C5E4E42999578ECA0F48B0985FF99032E80244C4679032F1132A24");
// Gen public key from private
var subject = new EdDsa(EntropyProviderTypes.Testable);
subject.AddEntropy(privateKey.ToPositiveBigInteger());
var factory = new EdwardsCurveFactory();
var curve = factory.GetCurve(Curve.Ed25519);
var domainParams = new EdDomainParameters(curve, new NativeShaFactory());
var keyPair = subject.GenerateKeyPair(domainParams).KeyPair;
Assert.AreEqual(expectedPublic, keyPair.PublicQ, "expected public key");
// Check x/y, record
var x = new BitString("172B32732D86C9D9D63B11957AAD1364E9D3C1EC258CD13AB012E10648942C4E")
.ToPositiveBigInteger();
var y = new BitString("242A13F1329067C44402E83290F95F98B0480FCA8E579929E4E4C5F67D89B9EB")
.ToPositiveBigInteger();
// encode public key (done by default, and represented in Q
// decode public key
var decoded = domainParams.CurveE.Decode(keyPair.PublicQ);
// check that the decoded x/y match the previous prior to encode/decode
Assert.AreEqual(x, decoded.X, "x decoded matches");
Assert.AreEqual(y, decoded.Y, "y decoded matches");
Assert.IsTrue(subject.ValidateKeyPair(domainParams, keyPair).Success, "original key pair should be valid");
// Modify the public key value until the point is no longer on the curve
var modifiedPublicQ = curve.Decode(keyPair.PublicQ);
var addedX = modifiedPublicQ.X;
var addedY = modifiedPublicQ.Y;
var adds = 0;
do
{
modifiedPublicQ = new EdPoint(modifiedPublicQ.X, modifiedPublicQ.Y + 8);
addedX = modifiedPublicQ.X + 41;
addedY = modifiedPublicQ.Y + 23;
keyPair = new EdKeyPair(curve.Encode(modifiedPublicQ), keyPair.PrivateD.GetDeepCopy());
adds++;
} while (subject.ValidateKeyPair(domainParams, keyPair).Success);
Assert.IsFalse(curve.PointExistsOnCurve(modifiedPublicQ), "check point not on curve prior to encode");
Assert.IsFalse(subject.ValidateKeyPair(domainParams, keyPair).Success, "keypair should not be valid.");
}
public void ShouldValidateKeyPairsCorrectlyWithNewMangleLogic(Curve curveEnum, string dHex, string qHex, bool expectedResult)
{
var d = LoadValue(dHex);
var q = LoadValue(qHex);
var factory = new EdwardsCurveFactory();
var curve = factory.GetCurve(curveEnum);
var domainParams = new EdDomainParameters(curve, new NativeShaFactory());
var keyPair = new EdKeyPair(q, d);
var subject = new EdDsa();
var result = subject.ValidateKeyPair(domainParams, keyPair);
Assert.AreEqual(expectedResult, result.Success);
}
public void ShouldGenerateKeyPairsCorrectly(Curve curveEnum, string dHex, string qHex)
{
var d = LoadValue(dHex);
var q = LoadValue(qHex);
var factory = new EdwardsCurveFactory();
var curve = factory.GetCurve(curveEnum);
var domainParams = new EdDomainParameters(curve, new NativeShaFactory());
var subject = new EdDsa(EntropyProviderTypes.Testable);
subject.AddEntropy(d.ToPositiveBigInteger());
var result = subject.GenerateKeyPair(domainParams);
Assert.IsTrue(result.Success);
Assert.AreEqual(result.KeyPair.PrivateD, d, "d");
Assert.AreEqual(q, result.KeyPair.PublicQ, "q");
}
public void ShouldGenerateSignaturesCorrectly(Curve curveEnum, string dHex, string qHex, string msgHex, string sigHex)
{
var d = LoadValue(dHex);
var q = LoadValue(qHex);
var msg = new BitString(msgHex);
var expectedSig = LoadValue(sigHex);
var factory = new EdwardsCurveFactory();
var curve = factory.GetCurve(curveEnum);
var domainParams = new EdDomainParameters(curve, new NativeShaFactory());
var keyPair = new EdKeyPair(q, d);
var subject = new EdDsa(EntropyProviderTypes.Testable);
var result = subject.Sign(domainParams, keyPair, msg);
Assert.IsTrue(result.Success);
Assert.AreEqual(expectedSig, result.Signature.Sig, "sig");
}
public void ShouldValidateSignaturesCorrectly(Curve curveEnum, string dHex, string qHex, string msgHex, string sigHex, bool expectedResult)
{
var d = LoadValue(dHex);
var q = LoadValue(qHex);
var msg = new BitString(msgHex);
var expectedSig = LoadValue(sigHex);
var factory = new EdwardsCurveFactory();
var curve = factory.GetCurve(curveEnum);
var domainParams = new EdDomainParameters(curve, new NativeShaFactory());
var keyPair = new EdKeyPair(q);
var signature = new EdSignature(expectedSig);
var subject = new EdDsa();
var result = subject.Verify(domainParams, keyPair, msg, signature);
Assert.AreEqual(expectedResult, result.Success);
}
