/// <summary>
/// Constructor which attempts to redeem a completed set of three codes, and calculate the private key.
/// </summary>
public EscrowCodeSet(string code1, string code2, string code3)
{
if (code1 == null || code2 == null || code3 == null || code1 == "" || code2 == "" || code3 == "") {
throw new ArgumentException("Three codes are required to use this function.");
}
string codea = null, codeb=null, codep = null;
if (code1.StartsWith("einva")) codea = code1;
if (code2.StartsWith("einva")) codea = code2;
if (code3.StartsWith("einva")) codea = code3;
if (code1.StartsWith("einvb")) codeb = code1;
if (code2.StartsWith("einvb")) codeb = code2;
if (code3.StartsWith("einvb")) codeb = code3;
if (code1.StartsWith("einvp")) codep = code1;
if (code2.StartsWith("einvp")) codep = code2;
if (code3.StartsWith("einvp")) codep = code3;
if (codea==null || codeb == null || codep == null) {
throw new ArgumentException("In order to use this function, one code MUST be an Escrow Invitation A (starting " +
"with \"einva\"), one must be an Escrow Invitation B (starting with \"einvb\") and the last " +
"code MUST be a Payment Invitation (starting with \"einvp\").");
}
byte[] pubparta, privparta;
int identifier30a;
string failreason = parseEscrowCode(codea, out pubparta, out privparta, out identifier30a);
if (failreason != null) throw new ArgumentException("Escrow Invitation Code A: " + failreason);
byte[] pubpartb, privpartb;
int identifier30b;
failreason = parseEscrowCode(codeb, out pubpartb, out privpartb, out identifier30b);
if (failreason != null) throw new ArgumentException("Escrow Invitation Code B: " + failreason);
if (identifier30a != identifier30b) {
throw new ArgumentException("The two Escrow Invitations are not mates and cannot unlock the private key.");
}
string notvalid = "Not a valid Payment Invitation Code";
string notvalid2 = "Code is not a valid Payment Invitation Code or may have a typo or other error.";
string notvalid3 = "The Payment Invitation does not belong to the provided Escrow Invitation.";
long headp;
byte[] invbytesp;
string failReason = parseEitherCode(codep, notvalid, notvalid2, out invbytesp, out headp);
if (headp < headbaseP) throw new ArgumentException(notvalid);
long identifier30L = headp - headbaseP;
if (identifier30L < 0 || identifier30L > 0x3FFFFFFFL) throw new ArgumentException(notvalid);
if (identifier30L != (long)identifier30a) {
throw new ArgumentException("The Payment Invitation was not generated from either of the provided Escrow Invitation codes and cannot be unlocked by them.");
}
byte[] privpartz = new byte[32];
Array.Copy(invbytesp, 8 + 1 + 1, privpartz, 0, 32);
byte networkByte = invbytesp[8];
bool compressedFlag = (invbytesp[8 + 1 + 1 + 32 + 20] & 0x1) == 1;
// get private key
BigInteger xyz = new BigInteger(1, privparta).Multiply(new BigInteger(1, privpartb)).Multiply(new BigInteger(1, privpartz));
var ps = Org.BouncyCastle.Asn1.Sec.SecNamedCurves.GetByName("secp256k1");
xyz = xyz.Mod(ps.N);
KeyPair kp = new KeyPair(xyz, compressedFlag, networkByte);
// provide everything
this.EscrowInvitationCodeA = codea;
this.EscrowInvitationCodeB = codeb;
this.PaymentInvitationCode = codep;
this.BitcoinAddress = kp.AddressBase58;
this.PrivateKey = kp.PrivateKey;
}
/// <summary>Choose a random prime value for use with RSA</summary>
/// <param name="bitlength">the bit-length of the returned prime</param>
/// <param name="e">the RSA public exponent</param>
/// <returns>a prime p, with (p-1) relatively prime to e</returns>
protected virtual BigInteger ChooseRandomPrime(int bitlength, BigInteger e)
{
for (;;)
{
BigInteger p = new BigInteger(bitlength, 1, param.Random);
if (p.Mod(e).Equals(BigInteger.One))
continue;
if (!p.IsProbablePrime(param.Certainty))
continue;
if (!e.Gcd(p.Subtract(BigInteger.One)).Equals(BigInteger.One))
continue;
return p;
}
}
public AsymmetricCipherKeyPair GenerateKeyPair()
{
BigInteger p, q, n, d, e, pSub1, qSub1, phi;
//
// p and q values should have a length of half the strength in bits
//
int strength = param.Strength;
int pbitlength = (strength + 1) / 2;
int qbitlength = (strength - pbitlength);
int mindiffbits = strength / 3;
e = param.PublicExponent;
// TODO Consider generating safe primes for p, q (see DHParametersHelper.generateSafePrimes)
// (then p-1 and q-1 will not consist of only small factors - see "Pollard's algorithm")
//
// Generate p, prime and (p-1) relatively prime to e
//
for (;;)
{
p = new BigInteger(pbitlength, 1, param.Random);
if (p.Mod(e).Equals(BigInteger.One))
continue;
if (!p.IsProbablePrime(param.Certainty))
continue;
if (e.Gcd(p.Subtract(BigInteger.One)).Equals(BigInteger.One))
break;
}
//
// Generate a modulus of the required length
//
for (;;)
{
// Generate q, prime and (q-1) relatively prime to e,
// and not equal to p
//
for (;;)
{
q = new BigInteger(qbitlength, 1, param.Random);
if (q.Subtract(p).Abs().BitLength < mindiffbits)
continue;
if (q.Mod(e).Equals(BigInteger.One))
continue;
if (!q.IsProbablePrime(param.Certainty))
continue;
if (e.Gcd(q.Subtract(BigInteger.One)).Equals(BigInteger.One))
break;
}
//
// calculate the modulus
//
n = p.Multiply(q);
if (n.BitLength == param.Strength)
break;
//
// if we Get here our primes aren't big enough, make the largest
// of the two p and try again
//
p = p.Max(q);
}
if (p.CompareTo(q) < 0)
{
phi = p;
p = q;
q = phi;
}
pSub1 = p.Subtract(BigInteger.One);
qSub1 = q.Subtract(BigInteger.One);
phi = pSub1.Multiply(qSub1);
//
// calculate the private exponent
//
d = e.ModInverse(phi);
//
// calculate the CRT factors
//
BigInteger dP, dQ, qInv;
dP = d.Remainder(pSub1);
dQ = d.Remainder(qSub1);
qInv = q.ModInverse(p);
return new AsymmetricCipherKeyPair(
new RsaKeyParameters(false, n, e),
new RsaPrivateCrtKeyParameters(n, e, d, p, q, dP, dQ, qInv));
}
public static string ByteArrayToBase58(byte[] ba)
{
Org.BouncyCastle.Math.BigInteger addrremain = new Org.BouncyCastle.Math.BigInteger(1, ba);
Org.BouncyCastle.Math.BigInteger big0 = new Org.BouncyCastle.Math.BigInteger("0");
Org.BouncyCastle.Math.BigInteger big58 = new Org.BouncyCastle.Math.BigInteger("58");
string b58 = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
string rv = "";
while (addrremain.CompareTo(big0) > 0)
{
int d = Convert.ToInt32(addrremain.Mod(big58).ToString());
addrremain = addrremain.Divide(big58);
rv = b58.Substring(d, 1) + rv;
}
// handle leading zeroes
foreach (byte b in ba)
{
if (b != 0)
{
break;
}
rv = "1" + rv;
}
return(rv);
}
public static BigInteger ValidatePublicValue(BigInteger N, BigInteger val)
{
val = val.Mod(N);
// Check that val % N != 0
if (val.Equals(BigInteger.Zero))
throw new CryptoException("Invalid public value: 0");
return val;
}
public String decipher(List <Org.BouncyCastle.Math.BigInteger> cipher, MHPrivateKey key)
{
String decrypted = "";
Org.BouncyCastle.Math.BigInteger temp = Org.BouncyCastle.Math.BigInteger.ValueOf(0);
int tmp = 0;
Org.BouncyCastle.Math.BigInteger bits = Org.BouncyCastle.Math.BigInteger.ValueOf(0);
for (int i = 0; i < cipher.Count; i++)
{
temp = cipher.ElementAt(i);
int bitlen = temp.BitLength;
int ff = 0;
while (bitlen < (int)Math.Pow(2, ff))
{
ff++;
}
if (ff > bitlen)
{
bitlen = ff;
}
for (int j = 0; j < bitlen; j++)
{
if (temp.Mod(Org.BouncyCastle.Math.BigInteger.ValueOf(2)).CompareTo(Org.BouncyCastle.Math.BigInteger.ValueOf(1)) == 0)
{
bits = bits.Add(key.w1.Multiply(Org.BouncyCastle.Math.BigInteger.ValueOf((long)Math.Pow(2, j))));
}
temp = temp.ShiftRight(1);
}
bits = bits.Mod(key.n);
List <Org.BouncyCastle.Math.BigInteger> list = key.a;
Org.BouncyCastle.Math.BigInteger temper;
int k = key.a.Count - 1;
while (k >= 0)
{
temper = list.ElementAt(k);
if (bits.CompareTo(temper) > -1)
{
tmp += (int)Math.Pow(2, k);
bits = bits.Subtract(temper);
}
k--;
}
decrypted += (binaryToChar(Convert.ToString(tmp, 2))).ToString();
bits = Org.BouncyCastle.Math.BigInteger.ValueOf(0);
tmp = 0;
}
return(decrypted);
}
public Org.BouncyCastle.Math.BigInteger getGCD(Org.BouncyCastle.Math.BigInteger bd1, Org.BouncyCastle.Math.BigInteger bd2)
{
Org.BouncyCastle.Math.BigInteger bigger = (bd1.CompareTo(bd2) > 0) ? bd1 : bd2;
Org.BouncyCastle.Math.BigInteger smaller = (bd1.CompareTo(bd2) < 0) ? bd1 : bd2;
Org.BouncyCastle.Math.BigInteger gcd = smaller;
while (!Org.BouncyCastle.Math.BigInteger.Zero.Equals(smaller))
{
gcd = smaller;
smaller = bigger.Mod(smaller);
bigger = gcd;
}
return(gcd);
}
internal static BigInteger Pair(FpPoint Q, FpPoint P, BigInteger m, BigInteger p)
{
// TODO: napravi jebeno uparivanje!!!! - nešto zeza
BigInteger pq = Miller(P, Q, m, p);
BigInteger qp = Miller(Q, P, m, p);
int parity = m.Mod(new BigInteger("2", 10)).IntValue;
BigInteger rez = new BigInteger(Math.Pow(-1, parity).ToString(), 10).Multiply(pq.Divide(qp)).Mod(p);
return rez;
}
/**
* Generate a signature for the given message using the key we were
* initialised with. For conventional DSA the message should be a SHA-1
* hash of the message of interest.
*
* @param message the message that will be verified later.
*/
public IBigInteger[] GenerateSignature(byte[] message)
{
var parameters = _key.Parameters;
var q = parameters.Q;
var m = CalculateE(q, message);
IBigInteger k;
do
{
k = new BigInteger(q.BitLength, _random);
}
while (k.CompareTo(q) >= 0);
var r = parameters.G.ModPow(k, parameters.P).Mod(q);
k = k.ModInverse(q).Multiply(m.Add(((DsaPrivateKeyParameters)_key).X.Multiply(r)));
var s = k.Mod(q);
return new[] { r, s };
}
public static string Encode(byte[] input)
{
var bi = new BigInteger(1, input);
var s = new StringBuilder();
while (bi.CompareTo(Base) >= 0)
{
var mod = bi.Mod(Base);
s.Insert(0, new[] {Alphabet[mod.IntValue]});
bi = bi.Subtract(mod).Divide(Base);
}
s.Insert(0, new[] {Alphabet[bi.IntValue]});
// Convert leading zeros too.
foreach (var anInput in input)
{
if (anInput == 0)
s.Insert(0, new[] {Alphabet[0]});
else
break;
}
return s.ToString();
}
/// <summary>
/// Encode a byte sequence as a base58-encoded string
/// </summary>
/// <param name="bytes">Byte sequence</param>
/// <returns>Encoding result</returns>
public static string Base58Encode(byte[] input)
{
// TODO: This could be a lot more efficient.
var bi = new BigInteger(1, input);
var s = new StringBuilder();
while (bi.CompareTo(_base) >= 0)
{
var mod = bi.Mod(_base);
s.Insert(0, new[] { strDigits[mod.IntValue] });
bi = bi.Subtract(mod).Divide(_base);
}
s.Insert(0, new[] { strDigits[bi.IntValue] });
// Convert leading zeros too.
foreach (var anInput in input)
{
if (anInput == 0)
s.Insert(0, new[] { strDigits[0] });
else
break;
}
return s.ToString();
}
/**
* which Generates the p and g values from the given parameters,
* returning the DsaParameters object.
* <p>
* Note: can take a while...</p>
*/
public DsaParameters GenerateParameters()
{
byte[] seed = new byte[20];
byte[] part1 = new byte[20];
byte[] part2 = new byte[20];
byte[] u = new byte[20];
Sha1Digest sha1 = new Sha1Digest();
int n = (size - 1) / 160;
byte[] w = new byte[size / 8];
BigInteger q = null, p = null, g = null;
int counter = 0;
bool primesFound = false;
while (!primesFound)
{
do
{
random.NextBytes(seed);
sha1.BlockUpdate(seed, 0, seed.Length);
sha1.DoFinal(part1, 0);
Array.Copy(seed, 0, part2, 0, seed.Length);
Add(part2, seed, 1);
sha1.BlockUpdate(part2, 0, part2.Length);
sha1.DoFinal(part2, 0);
for (int i = 0; i != u.Length; i++)
{
u[i] = (byte)(part1[i] ^ part2[i]);
}
u[0] |= (byte)0x80;
u[19] |= (byte)0x01;
q = new BigInteger(1, u);
}
while (!q.IsProbablePrime(certainty));
counter = 0;
int offset = 2;
while (counter < 4096)
{
for (int k = 0; k < n; k++)
{
Add(part1, seed, offset + k);
sha1.BlockUpdate(part1, 0, part1.Length);
sha1.DoFinal(part1, 0);
Array.Copy(part1, 0, w, w.Length - (k + 1) * part1.Length, part1.Length);
}
Add(part1, seed, offset + n);
sha1.BlockUpdate(part1, 0, part1.Length);
sha1.DoFinal(part1, 0);
Array.Copy(part1, part1.Length - ((w.Length - (n) * part1.Length)), w, 0, w.Length - n * part1.Length);
w[0] |= (byte)0x80;
BigInteger x = new BigInteger(1, w);
BigInteger c = x.Mod(q.ShiftLeft(1));
p = x.Subtract(c.Subtract(BigInteger.One));
if (p.TestBit(size - 1))
{
if (p.IsProbablePrime(certainty))
{
primesFound = true;
break;
}
}
counter += 1;
offset += n + 1;
}
}
//
// calculate the generator g
//
BigInteger pMinusOneOverQ = p.Subtract(BigInteger.One).Divide(q);
for (;;)
{
BigInteger h = new BigInteger(size, random);
if (h.CompareTo(BigInteger.One) <= 0 || h.CompareTo(p.Subtract(BigInteger.One)) >= 0)
{
continue;
}
g = h.ModPow(pMinusOneOverQ, p);
if (g.CompareTo(BigInteger.One) <= 0)
{
continue;
}
break;
}
return new DsaParameters(p, q, g, new DsaValidationParameters(seed, counter));
}
private DsaParameters GenerateParameters_FIPS186_2()
{
byte[] seed = new byte[20];
byte[] part1 = new byte[20];
byte[] part2 = new byte[20];
byte[] u = new byte[20];
Sha1Digest sha1 = new Sha1Digest();
int n = (L - 1) / 160;
byte[] w = new byte[L / 8];
for (;;)
{
random.NextBytes(seed);
Hash(sha1, seed, part1);
Array.Copy(seed, 0, part2, 0, seed.Length);
Inc(part2);
Hash(sha1, part2, part2);
for (int i = 0; i != u.Length; i++)
{
u[i] = (byte)(part1[i] ^ part2[i]);
}
u[0] |= (byte)0x80;
u[19] |= (byte)0x01;
BigInteger q = new BigInteger(1, u);
if (!q.IsProbablePrime(certainty))
continue;
byte[] offset = Arrays.Clone(seed);
Inc(offset);
for (int counter = 0; counter < 4096; ++counter)
{
for (int k = 0; k < n; k++)
{
Inc(offset);
Hash(sha1, offset, part1);
Array.Copy(part1, 0, w, w.Length - (k + 1) * part1.Length, part1.Length);
}
Inc(offset);
Hash(sha1, offset, part1);
Array.Copy(part1, part1.Length - ((w.Length - (n) * part1.Length)), w, 0, w.Length - n * part1.Length);
w[0] |= (byte)0x80;
BigInteger x = new BigInteger(1, w);
BigInteger c = x.Mod(q.ShiftLeft(1));
BigInteger p = x.Subtract(c.Subtract(BigInteger.One));
if (p.BitLength != L)
continue;
if (p.IsProbablePrime(certainty))
{
BigInteger g = CalculateGenerator_FIPS186_2(p, q, random);
return new DsaParameters(p, q, g, new DsaValidationParameters(seed, counter));
}
}
}
}
/**
* generate suitable parameters for DSA, in line with
* <i>FIPS 186-3 A.1 Generation of the FFC Primes p and q</i>.
*/
private DsaParameters GenerateParameters_FIPS186_3()
{
// A.1.1.2 Generation of the Probable Primes p and q Using an Approved Hash Function
// FIXME This should be configurable (digest size in bits must be >= N)
IDigest d = new Sha256Digest();
int outlen = d.GetDigestSize() * 8;
// 1. Check that the (L, N) pair is in the list of acceptable (L, N pairs) (see Section 4.2). If
// the pair is not in the list, then return INVALID.
// Note: checked at initialisation
// 2. If (seedlen < N), then return INVALID.
// FIXME This should be configurable (must be >= N)
int seedlen = N;
byte[] seed = new byte[seedlen / 8];
// 3. n = ceiling(L ⁄ outlen) – 1.
int n = (L - 1) / outlen;
// 4. b = L – 1 – (n ∗ outlen).
int b = (L - 1) % outlen;
byte[] output = new byte[d.GetDigestSize()];
for (;;)
{
// 5. Get an arbitrary sequence of seedlen bits as the domain_parameter_seed.
random.NextBytes(seed);
// 6. U = Hash (domain_parameter_seed) mod 2^(N–1).
Hash(d, seed, output);
BigInteger U = new BigInteger(1, output).Mod(BigInteger.One.ShiftLeft(N - 1));
// 7. q = 2^(N–1) + U + 1 – ( U mod 2).
BigInteger q = BigInteger.One.ShiftLeft(N - 1).Add(U).Add(BigInteger.One).Subtract(
U.Mod(BigInteger.Two));
// 8. Test whether or not q is prime as specified in Appendix C.3.
// TODO Review C.3 for primality checking
if (!q.IsProbablePrime(certainty))
{
// 9. If q is not a prime, then go to step 5.
continue;
}
// 10. offset = 1.
// Note: 'offset' value managed incrementally
byte[] offset = Arrays.Clone(seed);
// 11. For counter = 0 to (4L – 1) do
int counterLimit = 4 * L;
for (int counter = 0; counter < counterLimit; ++counter)
{
// 11.1 For j = 0 to n do
// Vj = Hash ((domain_parameter_seed + offset + j) mod 2^seedlen).
// 11.2 W = V0 + (V1 ∗ 2^outlen) + ... + (V^(n–1) ∗ 2^((n–1) ∗ outlen)) + ((Vn mod 2^b) ∗ 2^(n ∗ outlen)).
// TODO Assemble w as a byte array
BigInteger W = BigInteger.Zero;
for (int j = 0, exp = 0; j <= n; ++j, exp += outlen)
{
Inc(offset);
Hash(d, offset, output);
BigInteger Vj = new BigInteger(1, output);
if (j == n)
{
Vj = Vj.Mod(BigInteger.One.ShiftLeft(b));
}
W = W.Add(Vj.ShiftLeft(exp));
}
// 11.3 X = W + 2^(L–1). Comment: 0 ≤ W < 2L–1; hence, 2L–1 ≤ X < 2L.
BigInteger X = W.Add(BigInteger.One.ShiftLeft(L - 1));
// 11.4 c = X mod 2q.
BigInteger c = X.Mod(q.ShiftLeft(1));
// 11.5 p = X - (c - 1). Comment: p ≡ 1 (mod 2q).
BigInteger p = X.Subtract(c.Subtract(BigInteger.One));
// 11.6 If (p < 2^(L - 1)), then go to step 11.9
if (p.BitLength != L)
continue;
// 11.7 Test whether or not p is prime as specified in Appendix C.3.
// TODO Review C.3 for primality checking
if (p.IsProbablePrime(certainty))
{
// 11.8 If p is determined to be prime, then return VALID and the values of p, q and
// (optionally) the values of domain_parameter_seed and counter.
// TODO Make configurable (8-bit unsigned)?
// int index = 1;
// BigInteger g = CalculateGenerator_FIPS186_3_Verifiable(d, p, q, seed, index);
// if (g != null)
// {
// // TODO Should 'index' be a part of the validation parameters?
// return new DsaParameters(p, q, g, new DsaValidationParameters(seed, counter));
// }
BigInteger g = CalculateGenerator_FIPS186_3_Unverifiable(p, q, random);
return new DsaParameters(p, q, g, new DsaValidationParameters(seed, counter));
}
// 11.9 offset = offset + n + 1. Comment: Increment offset; then, as part of
// the loop in step 11, increment counter; if
// counter < 4L, repeat steps 11.1 through 11.8.
// Note: 'offset' value already incremented in inner loop
}
// 12. Go to step 5.
}
}
/**
* @exception InvalidCipherTextException if the decrypted block is not a valid ISO 9796 bit string
*/
private byte[] DecodeBlock(
byte[] input,
int inOff,
int inLen)
{
byte[] block = engine.ProcessBlock(input, inOff, inLen);
int r = 1;
int t = (bitSize + 13) / 16;
BigInteger iS = new BigInteger(1, block);
BigInteger iR;
if (iS.Mod(Sixteen).Equals(Six))
{
iR = iS;
}
else
{
iR = modulus.Subtract(iS);
if (!iR.Mod(Sixteen).Equals(Six))
throw new InvalidCipherTextException("resulting integer iS or (modulus - iS) is not congruent to 6 mod 16");
}
block = iR.ToByteArrayUnsigned();
if ((block[block.Length - 1] & 0x0f) != 0x6)
throw new InvalidCipherTextException("invalid forcing byte in block");
block[block.Length - 1] =
(byte)(((ushort)(block[block.Length - 1] & 0xff) >> 4)
| ((inverse[(block[block.Length - 2] & 0xff) >> 4]) << 4));
block[0] = (byte)((shadows[(uint) (block[1] & 0xff) >> 4] << 4)
| shadows[block[1] & 0x0f]);
bool boundaryFound = false;
int boundary = 0;
for (int i = block.Length - 1; i >= block.Length - 2 * t; i -= 2)
{
int val = ((shadows[(uint) (block[i] & 0xff) >> 4] << 4)
| shadows[block[i] & 0x0f]);
if (((block[i - 1] ^ val) & 0xff) != 0)
{
if (!boundaryFound)
{
boundaryFound = true;
r = (block[i - 1] ^ val) & 0xff;
boundary = i - 1;
}
else
{
throw new InvalidCipherTextException("invalid tsums in block");
}
}
}
block[boundary] = 0;
byte[] nblock = new byte[(block.Length - boundary) / 2];
for (int i = 0; i < nblock.Length; i++)
{
nblock[i] = block[2 * i + boundary + 1];
}
padBits = r - 1;
return nblock;
}
public static string Encode(byte[] input)
{
// TODO: This could be a lot more efficient.
var bigInteger = new BigInteger(1, input);
var stringBuilder = new StringBuilder();
while (bigInteger.CompareTo(Base) >= 0)
{
var mod = bigInteger.Mod(Base);
stringBuilder.Insert(0, new[] {Alphabet[mod.IntValue]});
bigInteger = bigInteger.Subtract(mod).Divide(Base);
}
stringBuilder.Insert(0, new[] {Alphabet[bigInteger.IntValue]});
// Convert leading zeros too.
foreach (var anInput in input)
{
if (anInput == 0)
stringBuilder.Insert(0, new[] {Alphabet[0]});
else
break;
}
return stringBuilder.ToString();
}
private static bool ImplHasAnySmallFactors(BigInteger x)
{
/*
* Bundle trial divisors into ~32-bit moduli then use fast tests on the ~32-bit remainders.
*/
int m = 2 * 3 * 5 * 7 * 11 * 13 * 17 * 19 * 23;
int r = x.Mod(BigInteger.ValueOf(m)).IntValue;
if ((r % 2) == 0 || (r % 3) == 0 || (r % 5) == 0 || (r % 7) == 0 || (r % 11) == 0 || (r % 13) == 0
|| (r % 17) == 0 || (r % 19) == 0 || (r % 23) == 0)
{
return true;
}
m = 29 * 31 * 37 * 41 * 43;
r = x.Mod(BigInteger.ValueOf(m)).IntValue;
if ((r % 29) == 0 || (r % 31) == 0 || (r % 37) == 0 || (r % 41) == 0 || (r % 43) == 0)
{
return true;
}
m = 47 * 53 * 59 * 61 * 67;
r = x.Mod(BigInteger.ValueOf(m)).IntValue;
if ((r % 47) == 0 || (r % 53) == 0 || (r % 59) == 0 || (r % 61) == 0 || (r % 67) == 0)
{
return true;
}
m = 71 * 73 * 79 * 83;
r = x.Mod(BigInteger.ValueOf(m)).IntValue;
if ((r % 71) == 0 || (r % 73) == 0 || (r % 79) == 0 || (r % 83) == 0)
{
return true;
}
m = 89 * 97 * 101 * 103;
r = x.Mod(BigInteger.ValueOf(m)).IntValue;
if ((r % 89) == 0 || (r % 97) == 0 || (r % 101) == 0 || (r % 103) == 0)
{
return true;
}
m = 107 * 109 * 113 * 127;
r = x.Mod(BigInteger.ValueOf(m)).IntValue;
if ((r % 107) == 0 || (r % 109) == 0 || (r % 113) == 0 || (r % 127) == 0)
{
return true;
}
m = 131 * 137 * 139 * 149;
r = x.Mod(BigInteger.ValueOf(m)).IntValue;
if ((r % 131) == 0 || (r % 137) == 0 || (r % 139) == 0 || (r % 149) == 0)
{
return true;
}
m = 151 * 157 * 163 * 167;
r = x.Mod(BigInteger.ValueOf(m)).IntValue;
if ((r % 151) == 0 || (r % 157) == 0 || (r % 163) == 0 || (r % 167) == 0)
{
return true;
}
m = 173 * 179 * 181 * 191;
r = x.Mod(BigInteger.ValueOf(m)).IntValue;
if ((r % 173) == 0 || (r % 179) == 0 || (r % 181) == 0 || (r % 191) == 0)
{
return true;
}
m = 193 * 197 * 199 * 211;
r = x.Mod(BigInteger.ValueOf(m)).IntValue;
if ((r % 193) == 0 || (r % 197) == 0 || (r % 199) == 0 || (r % 211) == 0)
{
return true;
}
/*
* NOTE: Unit tests depend on SMALL_FACTOR_LIMIT matching the
* highest small factor tested here.
*/
return false;
}
private static bool MightBePrime(BigInteger x)
{
/*
* Bundle trial divisors into ~32-bit moduli then use fast tests on the ~32-bit remainders.
*/
int m = 2 * 3 * 5 * 7 * 11 * 13 * 17 * 19 * 23;
int r = x.Mod(BigInteger.ValueOf(m)).IntValue;
if ((r & 1) != 0 && (r % 3) != 0 && (r % 5) != 0 && (r % 7) != 0 && (r % 11) != 0
&& (r % 13) != 0 && (r % 17) != 0 && (r % 19) != 0 && (r % 23) != 0)
{
m = 29 * 31 * 37 * 41 * 43;
r = x.Mod(BigInteger.ValueOf(m)).IntValue;
if ((r % 29) != 0 && (r % 31) != 0 && (r % 37) != 0 && (r % 41) != 0 && (r % 43) != 0)
{
m = 47 * 53 * 59 * 61 * 67;
r = x.Mod(BigInteger.ValueOf(m)).IntValue;
if ((r % 47) != 0 && (r % 53) != 0 && (r % 59) != 0 && (r % 61) != 0 && (r % 67) != 0)
{
m = 71 * 73 * 79 * 83;
r = x.Mod(BigInteger.ValueOf(m)).IntValue;
if ((r % 71) != 0 && (r % 73) != 0 && (r % 79) != 0 && (r % 83) != 0)
{
m = 89 * 97 * 101 * 103;
r = x.Mod(BigInteger.ValueOf(m)).IntValue;
if ((r % 89) != 0 && (r % 97) != 0 && (r % 101) != 0 && (r % 103) != 0)
{
m = 107 * 109 * 113 * 127;
r = x.Mod(BigInteger.ValueOf(m)).IntValue;
if ((r % 107) != 0 && (r % 109) != 0 && (r % 113) != 0 && (r % 127) != 0)
{
return true;
}
}
}
}
}
}
return false;
}
public string ToString(
int radix)
{
// TODO Make this method work for other radices (ideally 2 <= radix <= 16)
switch (radix)
{
case 2:
case 10:
case 16:
break;
default:
throw new FormatException("Only base 10 or 16 are allowed");
}
// NB: Can only happen to internally managed instances
if (magnitude == null)
return "null";
if (sign == 0)
return "0";
Debug.Assert(magnitude.Length > 0);
StringBuilder sb = new StringBuilder();
if (radix == 16)
{
sb.Append(magnitude[0].ToString("x"));
for (int i = 1; i < magnitude.Length; i++)
{
sb.Append(magnitude[i].ToString("x8"));
}
}
else if (radix == 2)
{
for (int i = BitLength - 1; i >= 0; --i)
{
sb.Append(TestBit(i) ? '1' : '0');
}
}
else
{
// This is algorithm 1a from chapter 4.4 in Seminumerical Algorithms, slow but it works
Stack S = new Stack();
BigInteger bs = ValueOf(radix);
// The sign is handled separatly.
// Notice however that for this to work, radix 16 _MUST_ be a special case,
// unless we want to enter a recursion well. In their infinite wisdom, why did not
// the Sun engineers made a c'tor for BigIntegers taking a BigInteger as parameter?
// (Answer: Becuase Sun's BigIntger is clonable, something bouncycastle's isn't.)
BigInteger u = new BigInteger(Abs().ToString(16), 16);
BigInteger b;
while (u.sign != 0)
{
b = u.Mod(bs);
if (b.sign == 0)
{
S.Push("0");
}
else
{
// see how to interact with different bases
S.Push(b.magnitude[0].ToString("d"));
}
u = u.Divide(bs);
}
// Then pop the stack
while (S.Count != 0)
{
sb.Append((string) S.Pop());
}
}
string s = sb.ToString();
Debug.Assert(s.Length > 0);
// Strip leading zeros. (We know this number is not all zeroes though)
if (s[0] == '0')
{
int nonZeroPos = 0;
while (s[++nonZeroPos] == '0') {}
s = s.Substring(nonZeroPos);
}
if (sign == -1)
{
s = "-" + s;
}
return s;
}
public void GenerateSignature(byte[] data_to_sign_byte_array, ref byte[] r_byte_array, ref byte[] s_byte_array)
{
if (data_to_sign_byte_array == null || data_to_sign_byte_array.Length < 1)
throw new ArgumentException("GenerateSignature: The data byte array to sign cannot be null/empty");
if (_private_key_param == null)
throw new ArgumentException("GenerateSignature: The DSA private key cannot be null");
if (_secure_random == null)
_secure_random = new SecureRandom();
BigInteger _data_to_sign = null;
DsaParameters _parameters = null;
BigInteger _k;
BigInteger _r;
BigInteger _s;
int _q_bit_length;
bool _do_again = false;
int _failure_count = 0;
_parameters = _private_key_param.Parameters;
_data_to_sign = new BigInteger(1, data_to_sign_byte_array);
_q_bit_length = _parameters.Q.BitLength;
/* */
// if (IsValidPQLength(_parameters.P.BitLength, _parameters.Q.BitLength) == false)
//throw new InvalidDataException("GenerateSignature: The Length of the DSA key P parameter does not correspond to that of the Q parameter");
do
{
try
{
do
{
_k = new BigInteger(1, _secure_random);
}
while (_k.CompareTo(_parameters.Q) >= 0);
_r = _parameters.G.ModPow(_k, _parameters.P).Mod(_parameters.Q);
_k = _k.ModInverse(_parameters.Q).Multiply(_data_to_sign.Add((_private_key_param).X.Multiply(_r)));
_s = _k.Mod(_parameters.Q);
r_byte_array = _r.ToByteArray();
s_byte_array = _s.ToByteArray();
_do_again = false;
}
catch (Exception)
{
if (MAX_FAILURE_COUNT == _failure_count)
throw new InvalidDataException("GenerateSignature: Failed sign data after " + MAX_FAILURE_COUNT.ToString() + " tries.");
_do_again = true;
_failure_count++;
}
}
while (_do_again == true);
Utility.SetAsMinimalLengthBE(ref r_byte_array);
Utility.SetAsMinimalLengthBE(ref s_byte_array);
/*
Console.WriteLine("Q Length {0} \n", _parameters.Q.BitLength/8);
Console.WriteLine("R Length {0} \n", r_byte_array.Length);
Console.WriteLine("S Length {0} \n", s_byte_array.Length);//*/
}
/// <summary>Choose a random prime value for use with RSA</summary>
/// <param name="bitlength">the bit-length of the returned prime</param>
/// <param name="e">the RSA public exponent</param>
/// <returns>a prime p, with (p-1) relatively prime to e</returns>
protected virtual BigInteger ChooseRandomPrime(int bitlength, BigInteger e)
{
bool eIsKnownOddPrime = (e.BitLength <= SPECIAL_E_BITS) && Arrays.Contains(SPECIAL_E_VALUES, e.IntValue);
for (;;)
{
BigInteger p = new BigInteger(bitlength, 1, parameters.Random);
if (p.Mod(e).Equals(One))
continue;
if (!p.IsProbablePrime(parameters.Certainty, true))
continue;
if (!eIsKnownOddPrime && !e.Gcd(p.Subtract(One)).Equals(One))
continue;
return p;
}
}
public void TestMod()
{
// TODO Basic tests
for (int rep = 0; rep < 100; ++rep)
{
int diff = random.Next(25);
BigInteger a = new BigInteger(100 - diff, 0, random);
BigInteger b = new BigInteger(100 + diff, 0, random);
BigInteger c = new BigInteger(10 + diff, 0, random);
BigInteger d = a.Multiply(b).Add(c);
BigInteger e = d.Mod(a);
Assert.AreEqual(c, e);
BigInteger pow2 = one.ShiftLeft(random.Next(128));
Assert.AreEqual(b.And(pow2.Subtract(one)), b.Mod(pow2));
}
}
