public I2PSigningPublicKey(I2PSigningPrivateKey privkey)
: base(privkey.Certificate)
{
switch (Certificate.SignatureType)
{
case SigningKeyTypes.DSA_SHA1:
Key = new BufLen(I2PConstants.DsaG.ModPow(privkey.ToBigInteger(), I2PConstants.DsaP).ToByteArrayUnsigned());
break;
case I2PSigningKey.SigningKeyTypes.ECDSA_SHA256_P256:
{
var param = NistNamedCurves.GetByName("P-256");
var domain = new ECDomainParameters(param.Curve, param.G, param.N, param.H);
var q = domain.G.Multiply(privkey.ToBigInteger());
var publicparam = new ECPublicKeyParameters(q, domain);
Key = new BufLen(publicparam.Q.GetEncoded(), 1);
}
break;
case I2PSigningKey.SigningKeyTypes.ECDSA_SHA384_P384:
{
var param = NistNamedCurves.GetByName("P-384");
var domain = new ECDomainParameters(param.Curve, param.G, param.N, param.H);
var q = domain.G.Multiply(privkey.ToBigInteger());
var publicparam = new ECPublicKeyParameters(q, domain);
Key = new BufLen(publicparam.Q.GetEncoded(), 1);
}
break;
case I2PSigningKey.SigningKeyTypes.ECDSA_SHA512_P521:
{
var param = NistNamedCurves.GetByName("P-521");
var domain = new ECDomainParameters(param.Curve, param.G, param.N, param.H);
var q = domain.G.Multiply(privkey.ToBigInteger());
var publicparam = new ECPublicKeyParameters(q, domain);
Key = new BufLen(publicparam.Q.GetEncoded(), 1);
}
break;
case SigningKeyTypes.EdDSA_SHA512_Ed25519:
Key = new BufLen(Chaos.NaCl.Ed25519.PublicKeyFromSeed(privkey.Key.ToByteArray()));
break;
default:
throw new NotImplementedException();
}
}
public static byte[] DoSignEcDsa(
IEnumerable <BufLen> bufs,
I2PSigningPrivateKey key,
IDigest digest,
X9ECParameters ecparam,
int sigsize)
{
foreach (var buf in bufs)
{
digest.BlockUpdate(buf.BaseArray, buf.BaseArrayOffset, buf.Length);
}
var hash = new byte[digest.GetDigestSize()];
digest.DoFinal(hash, 0);
var param = new ECDomainParameters(ecparam.Curve, ecparam.G, ecparam.N, ecparam.H);
var pk = new ECPrivateKeyParameters(key.ToBigInteger(), param);
var s = new Org.BouncyCastle.Crypto.Signers.ECDsaSigner();
s.Init(true, new ParametersWithRandom(pk));
var sig = s.GenerateSignature(hash);
var result = new byte[sigsize];
var b1 = sig[0].ToByteArrayUnsigned();
var b2 = sig[1].ToByteArrayUnsigned();
// https://geti2p.net/en/docs/spec/common-structures#type_Signature
// When a signature is composed of two elements (for example values R,S),
// it is serialized by padding each element to length/2 with leading zeros if necessary.
// All types are Big Endian, except for EdDSA, which is stored and transmitted in a Little Endian format.
// Pad msb. Big endian.
Array.Copy(b1, 0, result, sigsize / 2 - b1.Length, b1.Length);
Array.Copy(b2, 0, result, sigsize - b2.Length, b2.Length);
DebugUtils.LogDebug("DoSignEcDsa: " + digest.ToString() + ": Used.");
return(result);
}
public static byte[] DoSignDsaSha1(IEnumerable <BufLen> bufs, I2PSigningPrivateKey key)
{
var sha = new Sha1Digest();
foreach (var buf in bufs)
{
sha.BlockUpdate(buf.BaseArray, buf.BaseArrayOffset, buf.Length);
}
var hash = new byte[sha.GetDigestSize()];
sha.DoFinal(hash, 0);
var s = new Org.BouncyCastle.Crypto.Signers.DsaSigner();
var dsaparams = new ParametersWithRandom(
new DsaPrivateKeyParameters(
key.ToBigInteger(),
new DsaParameters(
I2PConstants.DsaP,
I2PConstants.DsaQ,
I2PConstants.DsaG)));
s.Init(true, dsaparams);
var sig = s.GenerateSignature(hash);
var result = new byte[40];
var b1 = sig[0].ToByteArrayUnsigned();
var b2 = sig[1].ToByteArrayUnsigned();
// https://geti2p.net/en/docs/spec/common-structures#type_Signature
// When a signature is composed of two elements (for example values R,S),
// it is serialized by padding each element to length/2 with leading zeros if necessary.
// All types are Big Endian, except for EdDSA, which is stored and transmitted in a Little Endian format.
// Pad msb. Big endian.
Array.Copy(b1, 0, result, 0 + 20 - b1.Length, b1.Length);
Array.Copy(b2, 0, result, 20 + 20 - b2.Length, b2.Length);
return(result);
}
public static byte[] DoSignEcDsaSha256P256_old(IEnumerable <BufLen> bufs, I2PSigningPrivateKey key)
{
var sha = new Sha256Digest();
foreach (var buf in bufs)
{
sha.BlockUpdate(buf.BaseArray, buf.BaseArrayOffset, buf.Length);
}
var hash = new byte[sha.GetDigestSize()];
sha.DoFinal(hash, 0);
var p = Org.BouncyCastle.Asn1.Nist.NistNamedCurves.GetByName("P-256");
var param = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
var pk = new ECPrivateKeyParameters(key.ToBigInteger(), param);
var s = new Org.BouncyCastle.Crypto.Signers.ECDsaSigner();
s.Init(true, new ParametersWithRandom(pk));
var sig = s.GenerateSignature(hash);
var result = new byte[64];
var b1 = sig[0].ToByteArrayUnsigned();
var b2 = sig[1].ToByteArrayUnsigned();
// https://geti2p.net/en/docs/spec/common-structures#type_Signature
// When a signature is composed of two elements (for example values R,S),
// it is serialized by padding each element to length/2 with leading zeros if necessary.
// All types are Big Endian, except for EdDSA, which is stored and transmitted in a Little Endian format.
// Pad msb. Big endian.
Array.Copy(b1, 0, result, 0 + 20 - b1.Length, b1.Length);
Array.Copy(b2, 0, result, 20 + 20 - b2.Length, b2.Length);
DebugUtils.LogDebug("DoSignEcDsaSha256P256: Used.");
return(result);
}