public void TestECDsaP256Sha256WithGeneratedKey()
{
var secureRandom = new SecureRandom();
X9ECParameters p = NistNamedCurves.GetByName("P-256");
var parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
var ecParams = new ECKeyGenerationParameters(parameters, secureRandom);
var ecGen = new ECKeyPairGenerator("ECDSA");
ecGen.Init(ecParams);
var pairKey = ecGen.GenerateKeyPair();
var priKey = pairKey.Private as ECPrivateKeyParameters;
byte[] m = Hex.Decode("1BD4ED430B0F384B4E8D458EFF1A8A553286D7AC21CB2F6806172EF5F94A06AD");
var dsa = new ECDsaSigner();
dsa.Init(true, new ParametersWithRandom(priKey, secureRandom));
IBigInteger[] sig = dsa.GenerateSignature(m);
// Verify the signature
var pubKey = pairKey.Public as ECPublicKeyParameters;
dsa.Init(false, pubKey);
if (!dsa.VerifySignature(m, sig[0], sig[1]))
{
Fail("signature fails");
}
}
public void TestECDsa239bitBinary()
{
BigInteger r = new BigInteger("21596333210419611985018340039034612628818151486841789642455876922391552");
BigInteger s = new BigInteger("197030374000731686738334997654997227052849804072198819102649413465737174");
byte[] kData = BigIntegers.AsUnsignedByteArray(new BigInteger("171278725565216523967285789236956265265265235675811949404040041670216363"));
SecureRandom k = FixedSecureRandom.From(kData);
F2mCurve curve = new F2mCurve(
239, // m
36, //k
new BigInteger("32010857077C5431123A46B808906756F543423E8D27877578125778AC76", 16), // a
new BigInteger("790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16", 16)); // b
ECDomainParameters parameters = new ECDomainParameters(
curve,
curve.DecodePoint(Hex.Decode("0457927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305")), // G
new BigInteger("220855883097298041197912187592864814557886993776713230936715041207411783"), // n
BigInteger.ValueOf(4)); // h
ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
"ECDSA",
new BigInteger("145642755521911534651321230007534120304391871461646461466464667494947990"), // d
parameters);
ECDsaSigner ecdsa = new ECDsaSigner();
ParametersWithRandom param = new ParametersWithRandom(priKey, k);
ecdsa.Init(true, param);
byte[] message = new BigInteger("968236873715988614170569073515315707566766479517").ToByteArray();
BigInteger[] sig = ecdsa.GenerateSignature(message);
if (!r.Equals(sig[0]))
{
Fail("r component wrong." + SimpleTest.NewLine
+ " expecting: " + r + SimpleTest.NewLine
+ " got : " + sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail("s component wrong." + SimpleTest.NewLine
+ " expecting: " + s + SimpleTest.NewLine
+ " got : " + sig[1]);
}
// Verify the signature
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
"ECDSA",
curve.DecodePoint(Hex.Decode("045894609CCECF9A92533F630DE713A958E96C97CCB8F5ABB5A688A238DEED6DC2D9D0C94EBFB7D526BA6A61764175B99CB6011E2047F9F067293F57F5")), // Q
parameters);
ecdsa.Init(false, pubKey);
if (!ecdsa.VerifySignature(message, sig[0], sig[1]))
{
Fail("signature fails");
}
}
public void TestECDsa191bitBinary()
{
BigInteger r = new BigInteger("87194383164871543355722284926904419997237591535066528048");
BigInteger s = new BigInteger("308992691965804947361541664549085895292153777025772063598");
byte[] kData = BigIntegers.AsUnsignedByteArray(new BigInteger("1542725565216523985789236956265265265235675811949404040041"));
SecureRandom k = FixedSecureRandom.From(kData);
F2mCurve curve = new F2mCurve(
191, // m
9, //k
new BigInteger("2866537B676752636A68F56554E12640276B649EF7526267", 16), // a
new BigInteger("2E45EF571F00786F67B0081B9495A3D95462F5DE0AA185EC", 16)); // b
ECDomainParameters parameters = new ECDomainParameters(
curve,
curve.DecodePoint(Hex.Decode("0436B3DAF8A23206F9C4F299D7B21A9C369137F2C84AE1AA0D765BE73433B3F95E332932E70EA245CA2418EA0EF98018FB")), // G
new BigInteger("1569275433846670190958947355803350458831205595451630533029"), // n
BigInteger.Two); // h
ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
"ECDSA",
new BigInteger("1275552191113212300012030439187146164646146646466749494799"), // d
parameters);
ECDsaSigner ecdsa = new ECDsaSigner();
ParametersWithRandom param = new ParametersWithRandom(priKey, k);
ecdsa.Init(true, param);
byte[] message = new BigInteger("968236873715988614170569073515315707566766479517").ToByteArray();
BigInteger[] sig = ecdsa.GenerateSignature(message);
if (!r.Equals(sig[0]))
{
Fail("r component wrong." + SimpleTest.NewLine
+ " expecting: " + r + SimpleTest.NewLine
+ " got : " + sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail("s component wrong." + SimpleTest.NewLine
+ " expecting: " + s + SimpleTest.NewLine
+ " got : " + sig[1]);
}
// Verify the signature
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
"ECDSA",
curve.DecodePoint(Hex.Decode("045DE37E756BD55D72E3768CB396FFEB962614DEA4CE28A2E755C0E0E02F5FB132CAF416EF85B229BBB8E1352003125BA1")), // Q
parameters);
ecdsa.Init(false, pubKey);
if (!ecdsa.VerifySignature(message, sig[0], sig[1]))
{
Fail("signature fails");
}
}
public void TestECDsa239BitPrime()
{
IBigInteger r = new BigInteger("308636143175167811492622547300668018854959378758531778147462058306432176");
IBigInteger s = new BigInteger("323813553209797357708078776831250505931891051755007842781978505179448783");
byte[] kData =
BigIntegers.AsUnsignedByteArray(
new BigInteger("700000017569056646655505781757157107570501575775705779575555657156756655"));
SecureRandom k = FixedSecureRandom.From(kData);
var curve = new FPCurve(
new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"), // q
new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16), // a
new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16)); // b
var parameters = new ECDomainParameters(
curve,
curve.DecodePoint(Hex.Decode("020ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf")), // G
new BigInteger("883423532389192164791648750360308884807550341691627752275345424702807307")); // n
var priKey = new ECPrivateKeyParameters(
"ECDSA",
new BigInteger("876300101507107567501066130761671078357010671067781776716671676178726717"), // d
parameters);
var ecdsa = new ECDsaSigner();
var param = new ParametersWithRandom(priKey, k);
ecdsa.Init(true, param);
byte[] message = new BigInteger("968236873715988614170569073515315707566766479517").ToByteArray();
IBigInteger[] sig = ecdsa.GenerateSignature(message);
if (!r.Equals(sig[0]))
{
Fail("r component wrong." + NewLine
+ " expecting: " + r + NewLine
+ " got : " + sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail("s component wrong." + NewLine
+ " expecting: " + s + NewLine
+ " got : " + sig[1]);
}
// Verify the signature
var pubKey = new ECPublicKeyParameters(
"ECDSA",
curve.DecodePoint(Hex.Decode("025b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c70")), // Q
parameters);
ecdsa.Init(false, pubKey);
if (!ecdsa.VerifySignature(message, sig[0], sig[1]))
{
Fail("signature fails");
}
}
public void TestECDsaP521Sha512()
{
X9ECParameters p = NistNamedCurves.GetByName("P-521");
var parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
var priKey = new ECPrivateKeyParameters(
new BigInteger(
"617573726813476282316253885608633222275541026607493641741273231656161177732180358888434629562647985511298272498852936680947729040673640492310550142822667389"),
// d
parameters);
SecureRandom k =
FixedSecureRandom.From(
BigIntegers.AsUnsignedByteArray(
new BigInteger(
"6806532878215503520845109818432174847616958675335397773700324097584974639728725689481598054743894544060040710846048585856076812050552869216017728862957612913")));
byte[] m =
Hex.Decode(
"6893B64BD3A9615C39C3E62DDD269C2BAAF1D85915526083183CE14C2E883B48B193607C1ED871852C9DF9C3147B574DC1526C55DE1FE263A676346A20028A66");
var dsa = new ECDsaSigner();
dsa.Init(true, new ParametersWithRandom(priKey, k));
IBigInteger[] sig = dsa.GenerateSignature(m);
IBigInteger r =
new BigInteger(
"1368926195812127407956140744722257403535864168182534321188553460365652865686040549247096155740756318290773648848859639978618869784291633651685766829574104630");
IBigInteger s =
new BigInteger(
"1624754720348883715608122151214003032398685415003935734485445999065609979304811509538477657407457976246218976767156629169821116579317401249024208611945405790");
if (!r.Equals(sig[0]))
{
Fail("r component wrong." + NewLine
+ " expecting: " + r + NewLine
+ " got : " + sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail("s component wrong." + NewLine
+ " expecting: " + s + NewLine
+ " got : " + sig[1]);
}
// Verify the signature
var pubKey = new ECPublicKeyParameters(
parameters.Curve.DecodePoint(
Hex.Decode(
"020145E221AB9F71C5FE740D8D2B94939A09E2816E2167A7D058125A06A80C014F553E8D6764B048FB6F2B687CEC72F39738F223D4CE6AFCBFF2E34774AA5D3C342CB3")),
// Q
parameters);
dsa.Init(false, pubKey);
if (!dsa.VerifySignature(m, sig[0], sig[1]))
{
Fail("signature fails");
}
}
public void TestECDsa192bitPrime()
{
BigInteger r = new BigInteger("3342403536405981729393488334694600415596881826869351677613");
BigInteger s = new BigInteger("5735822328888155254683894997897571951568553642892029982342");
byte[] kData = BigIntegers.AsUnsignedByteArray(new BigInteger("6140507067065001063065065565667405560006161556565665656654"));
SecureRandom k = FixedSecureRandom.From(kData);
FpCurve curve = new FpCurve(
new BigInteger("6277101735386680763835789423207666416083908700390324961279"), // q
new BigInteger("fffffffffffffffffffffffffffffffefffffffffffffffc", 16), // a
new BigInteger("64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1", 16)); // b
ECDomainParameters parameters = new ECDomainParameters(
curve,
curve.DecodePoint(Hex.Decode("03188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012")), // G
new BigInteger("6277101735386680763835789423176059013767194773182842284081")); // n
ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
"ECDSA",
new BigInteger("651056770906015076056810763456358567190100156695615665659"), // d
parameters);
ParametersWithRandom param = new ParametersWithRandom(priKey, k);
ECDsaSigner ecdsa = new ECDsaSigner();
ecdsa.Init(true, param);
byte[] message = new BigInteger("968236873715988614170569073515315707566766479517").ToByteArray();
BigInteger[] sig = ecdsa.GenerateSignature(message);
if (!r.Equals(sig[0]))
{
Fail("r component wrong." + SimpleTest.NewLine
+ " expecting: " + r + SimpleTest.NewLine
+ " got : " + sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail("s component wrong." + SimpleTest.NewLine
+ " expecting: " + s + SimpleTest.NewLine
+ " got : " + sig[1]);
}
// Verify the signature
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
"ECDSA",
curve.DecodePoint(Hex.Decode("0262b12d60690cdcf330babab6e69763b471f994dd702d16a5")), // Q
parameters);
ecdsa.Init(false, pubKey);
if (!ecdsa.VerifySignature(message, sig[0], sig[1]))
{
Fail("verification fails");
}
}
/// <summary>
/// Verifies a public and private key by creating and verifiying a signature
/// </summary>
/// <param name="privateKey"></param>
/// <param name="publicKey"></param>
/// <param name="curveName"></param>
/// <returns></returns>
private bool KeysVerified(ECPrivateKeyParameters privateKey, ECPublicKeyParameters publicKey, string curveName)
{
byte[] M = Hex.Decode("1BD4ED430B0F384B4E8D458EFF1A8A553286D7AC21CB2F6806172EF5F94A06AD");
ECDsaSigner dsa = new ECDsaSigner();
dsa.Init(true, privateKey);
var signature = dsa.GenerateSignature(M);
dsa.Init(false, publicKey);
return(dsa.VerifySignature(M, signature[0], signature[1]));
}
public void TestECDsaP256Sha256()
{
X9ECParameters p = NistNamedCurves.GetByName("P-256");
var parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
var priKey = new ECPrivateKeyParameters(
new BigInteger("20186677036482506117540275567393538695075300175221296989956723148347484984008"), // d
parameters);
SecureRandom k =
FixedSecureRandom.From(
BigIntegers.AsUnsignedByteArray(
new BigInteger("72546832179840998877302529996971396893172522460793442785601695562409154906335")));
byte[] m = Hex.Decode("1BD4ED430B0F384B4E8D458EFF1A8A553286D7AC21CB2F6806172EF5F94A06AD");
var dsa = new ECDsaSigner();
dsa.Init(true, new ParametersWithRandom(priKey, k));
IBigInteger[] sig = dsa.GenerateSignature(m);
IBigInteger r =
new BigInteger("97354732615802252173078420023658453040116611318111190383344590814578738210384");
IBigInteger s =
new BigInteger("98506158880355671805367324764306888225238061309262649376965428126566081727535");
if (!r.Equals(sig[0]))
{
Fail("r component wrong." + NewLine
+ " expecting: " + r + NewLine
+ " got : " + sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail("s component wrong." + NewLine
+ " expecting: " + s + NewLine
+ " got : " + sig[1]);
}
// Verify the signature
var pubKey = new ECPublicKeyParameters(
parameters.Curve.DecodePoint(
Hex.Decode("03596375E6CE57E0F20294FC46BDFCFD19A39F8161B58695B3EC5B3D16427C274D")), // Q
parameters);
dsa.Init(false, pubKey);
if (!dsa.VerifySignature(m, sig[0], sig[1]))
{
Fail("signature fails");
}
}
public bool HasTestPassed(AsymmetricCipherKeyPair kp)
{
ECDsaSigner signer = new ECDsaSigner();
signer.Init(true, new ParametersWithRandom(kp.Private, Utils.testRandom));
byte[] message = Hex.Decode("0102030405060708090a1112131415161718191a"); // size of a SHA-1 hash
BigInteger[] rs = signer.GenerateSignature(message);
signer.Init(false, kp.Public);
return(signer.VerifySignature(FipsKats.Values[FipsKats.Vec.ECKeyPairConsistencyVec], rs[0], rs[1]));
}
public void TestECDsaP224Sha224()
{
X9ECParameters p = NistNamedCurves.GetByName("P-224");
var parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
var priKey = new ECPrivateKeyParameters(
new BigInteger("6081831502424510080126737029209236539191290354021104541805484120491"), // d
parameters);
SecureRandom k =
FixedSecureRandom.From(
BigIntegers.AsUnsignedByteArray(
new BigInteger("15456715103636396133226117016818339719732885723579037388121116732601")));
byte[] m = Hex.Decode("8797A3C693CC292441039A4E6BAB7387F3B4F2A63D00ED384B378C79");
var dsa = new ECDsaSigner();
dsa.Init(true, new ParametersWithRandom(priKey, k));
IBigInteger[] sig = dsa.GenerateSignature(m);
IBigInteger r = new BigInteger("26477406756127720855365980332052585411804331993436302005017227573742");
IBigInteger s = new BigInteger("17694958233103667059888193972742186995283044672015112738919822429978");
if (!r.Equals(sig[0]))
{
Fail("r component wrong." + NewLine
+ " expecting: " + r + NewLine
+ " got : " + sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail("s component wrong." + NewLine
+ " expecting: " + s + NewLine
+ " got : " + sig[1]);
}
// Verify the signature
var pubKey = new ECPublicKeyParameters(
parameters.Curve.DecodePoint(Hex.Decode("03FD44EC11F9D43D9D23B1E1D1C9ED6519B40ECF0C79F48CF476CC43F1")),
// Q
parameters);
dsa.Init(false, pubKey);
if (!dsa.VerifySignature(m, sig[0], sig[1]))
{
Fail("signature fails");
}
}
public void TestECDsaSecP224K1Sha256()
{
X9ECParameters p = SecNamedCurves.GetByName("secp224k1");
var parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
var priKey = new ECPrivateKeyParameters(
new BigInteger("BE6F6E91FE96840A6518B56F3FE21689903A64FA729057AB872A9F51", 16), // d
parameters);
SecureRandom k =
FixedSecureRandom.From(Hex.Decode("00c39beac93db21c3266084429eb9b846b787c094f23a4de66447efbb3"));
byte[] m = Hex.Decode("E5D5A7ADF73C5476FAEE93A2C76CE94DC0557DB04CDC189504779117920B896D");
var dsa = new ECDsaSigner();
dsa.Init(true, new ParametersWithRandom(priKey, k));
IBigInteger[] sig = dsa.GenerateSignature(m);
IBigInteger r = new BigInteger("8163E5941BED41DA441B33E653C632A55A110893133351E20CE7CB75", 16);
IBigInteger s = new BigInteger("D12C3FC289DDD5F6890DCE26B65792C8C50E68BF551D617D47DF15A8", 16);
if (!r.Equals(sig[0]))
{
Fail("r component wrong." + NewLine
+ " expecting: " + r + NewLine
+ " got : " + sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail("s component wrong." + NewLine
+ " expecting: " + s + NewLine
+ " got : " + sig[1]);
}
// Verify the signature
var pubKey = new ECPublicKeyParameters(
parameters.Curve.DecodePoint(
Hex.Decode(
"04C5C9B38D3603FCCD6994CBB9594E152B658721E483669BB42728520F484B537647EC816E58A8284D3B89DFEDB173AFDC214ECA95A836FA7C")),
// Q
parameters);
dsa.Init(false, pubKey);
if (!dsa.VerifySignature(m, sig[0], sig[1]))
{
Fail("signature fails");
}
}
public static Boolean VerifyHashed(byte[][] signature, byte[] publicKey, byte[] message)
{
var list = new List <byte[]>();
var arr = signature.ToArray();
foreach (var sigVal in arr)
{
list.Add(sigVal);
}
var sigR = list[0]; //r
var sigS = list[1]; //s
try
{
X9ECParameters spec = ECNamedCurveTable.GetByName("secp256k1");
ECDomainParameters domain = new ECDomainParameters(spec.Curve, spec.G, spec.N);
ECPublicKeyParameters publicKeyParams =
new ECPublicKeyParameters(spec.Curve.DecodePoint(publicKey), domain);
ECDsaSigner signer = new ECDsaSigner();
signer.Init(false, publicKeyParams);
return(signer.VerifySignature(message, new BigInteger(1, sigR), new BigInteger(1, sigS)));
}
catch
{
return(false);
}
}
//public static string SignData(string msg, AsymmetricKeyParameter privKey)
//public static byte[][] SignTransaction(byte[] data, byte[] privateKey)
//{
// try
// {
// //byte[] msgBytes = Encoding.UTF8.GetBytes(msg);
// //ISigner signer = SignerUtilities.GetSigner("SHA384withECDSA");
// //signer.Init(true, privKey);
// //signer.BlockUpdate(msgBytes, 0, msgBytes.Length);
// //byte[] sigBytes = signer.GenerateSignature();
// //return Convert.ToBase64String(sigBytes);
// X9ECParameters spec = ECNamedCurveTable.GetByName("secp256k1");
// ECDsaSigner ecdsaSigner = new ECDsaSigner();
// ECDomainParameters domain = new ECDomainParameters(spec.Curve, spec.G, spec.N);
// ECPrivateKeyParameters privateKeyParms =
// new ECPrivateKeyParameters(new BigInteger(1, privateKey), domain);
// ParametersWithRandom paramxs = new ParametersWithRandom(privateKeyParms);
// ecdsaSigner.Init(true, paramxs);
// BigInteger[] sig = ecdsaSigner.GenerateSignature(data);
// LinkedList<byte[]> sigData = new LinkedList<byte[]>();
// byte[] publicKey = GetPublicKey(privateKey);
// byte recoveryId = GetRecoveryId(sig[0].ToByteArray(), sig[1].ToByteArray(), data, publicKey);
// foreach (var sigChunk in sig)
// {
// sigData.AddLast(sigChunk.ToByteArray());
// }
// sigData.AddLast(new byte[] {recoveryId});
// return sigData.ToArray();
// }
// catch (Exception exc)
// {
// Console.WriteLine("Signing Failed: " + exc);
// return null;
// }
//}
public static (byte[] r, byte[] s, byte[] v) SignTransaction(byte[] data, byte[] privateKey)
{
try
{
X9ECParameters spec = ECNamedCurveTable.GetByName("secp256k1");
ECDsaSigner ecdsaSigner = new ECDsaSigner();
ECDomainParameters domain = new ECDomainParameters(spec.Curve, spec.G, spec.N);
ECPrivateKeyParameters privateKeyParms =
new ECPrivateKeyParameters(new BigInteger(1, privateKey), domain);
ParametersWithRandom paramxs = new ParametersWithRandom(privateKeyParms);
ecdsaSigner.Init(true, paramxs);
BigInteger[] sig = ecdsaSigner.GenerateSignature(data);
LinkedList <byte[]> sigData = new LinkedList <byte[]>();
byte[] publicKey = GetPublicKey(privateKey);
byte recoveryId = GetRecoveryId(sig[0].ToByteArray(), sig[1].ToByteArray(), data, publicKey);
foreach (var sigChunk in sig)
{
sigData.AddLast(sigChunk.ToByteArray());
}
sigData.AddLast(new byte[] { recoveryId });
return(sigData.ElementAt(0), sigData.ElementAt(1), sigData.ElementAt(2));
}
catch (Exception exc)
{
Console.WriteLine("Signing Failed: " + exc);
return(null, null, null);
}
}
private bool VerifyEcDsa(IDigest digest, X9ECParameters curveParameter, byte[] buffer, int length, byte[] signature)
{
int digestSize = digest.GetDigestSize();
ECDomainParameters dParams = new ECDomainParameters(
curveParameter.Curve,
curveParameter.G,
curveParameter.N,
curveParameter.H,
curveParameter.GetSeed());
ECPoint q = dParams.Curve.CreatePoint(new BigInteger(1, PublicKey, 0, digestSize), new BigInteger(1, PublicKey, digestSize, digestSize), false);
ECPublicKeyParameters parameters = new ECPublicKeyParameters(q, dParams);
var signer = new ECDsaSigner();
signer.Init(false, parameters);
digest.BlockUpdate(buffer, 0, length);
byte[] hash = new byte[digest.GetDigestSize()];
digest.DoFinal(hash, 0);
return(signer.VerifySignature(hash, new BigInteger(1, signature, 0, digestSize), new BigInteger(1, signature, digestSize, digestSize)));
}
public byte[] Sign(HashDigest <T> messageHash, PrivateKey privateKey)
{
var h = new Sha256Digest();
var kCalculator = new HMacDsaKCalculator(h);
var signer = new ECDsaSigner(kCalculator);
signer.Init(true, privateKey.KeyParam);
BigInteger[] rs = signer.GenerateSignature(messageHash.ToByteArray());
var r = rs[0];
var s = rs[1];
BigInteger otherS = privateKey.KeyParam.Parameters.N.Subtract(s);
if (s.CompareTo(otherS) == 1)
{
s = otherS;
}
var bos = new MemoryStream(72);
var seq = new DerSequenceGenerator(bos);
seq.AddObject(new DerInteger(r));
seq.AddObject(new DerInteger(s));
seq.Close();
return(bos.ToArray());
}
public static byte[] Sign(byte[] bytes, byte[] privateKey)
{
var x9EcParameters = SecNamedCurves.GetByName("secp256k1");
var ecParams = new ECDomainParameters(x9EcParameters.Curve, x9EcParameters.G, x9EcParameters.N, x9EcParameters.H);
var privateKeyBigInteger = new BigInteger((new byte[] { 0x00 }).Concat(privateKey).ToArray());
var signer = new ECDsaSigner();
var privateKeyParameters = new ECPrivateKeyParameters(privateKeyBigInteger, ecParams);
signer.Init(true, privateKeyParameters);
var signature = signer.GenerateSignature(bytes);
var memoryStream = new MemoryStream();
var sequenceGenerator = new DerSequenceGenerator(memoryStream);
sequenceGenerator.AddObject(new DerInteger(signature[0]));
sequenceGenerator.AddObject(new DerInteger(signature[1]));
sequenceGenerator.Close();
var signingResult = memoryStream.ToArray();
return(signingResult);
}
/// <summary>
/// Calculates an ECDSA signature in DER format for the given input hash. Note that the input is expected to be
/// 32 bytes long.
/// </summary>
public byte[] Sign(byte[] input, Org.BouncyCastle.Math.BigInteger privateKey)
{
const string BITCOIN_CURVE = "secp256k1";
ECDsaSigner signer = new ECDsaSigner();
Org.BouncyCastle.Asn1.X9.X9ECParameters ecp = SecNamedCurves.GetByName(BITCOIN_CURVE);
ECDomainParameters EcParameters = new ECDomainParameters(ecp.Curve, ecp.G, ecp.N, ecp.H);
var privateKeyParameters = new ECPrivateKeyParameters(privateKey, EcParameters);
signer.Init(true, privateKeyParameters);
var signatures = signer.GenerateSignature(input);
// What we get back from the signer are the two components of a signature, r and s. To get a flat byte stream
// of the type used by BitCoin we have to encode them using DER encoding, which is just a way to pack the two
// components into a structure.
using (var byteOutputStream = new MemoryStream())
{
var derSequenceGenerator = new DerSequenceGenerator(byteOutputStream);
derSequenceGenerator.AddObject(new DerInteger(signatures[0]));
derSequenceGenerator.AddObject(new DerInteger(signatures[1]));
derSequenceGenerator.Close();
return(byteOutputStream.ToArray());
}
}
public bool Verify(byte[] hash, ECDSASignature signatrue)
{
var signer = new ECDsaSigner();
signer.Init(false, PublicKeyParameter);
return signer.VerifySignature(hash, signatrue.R, signatrue.S);
}
public bool Verify(byte[] hash, ECDSASignature sig)
{
var signer = new ECDsaSigner();
signer.Init(false, _pubKey);
return(signer.VerifySignature(hash, sig.R, sig.S));
}
public bool Verify(byte[] hash, ECDSASignature sig)
{
var signer = new ECDsaSigner();
signer.Init(false, GetPublicKeyParameters());
return(signer.VerifySignature(hash, sig.R, sig.S));
}
/// <summary>
/// Signs given data and returns the r and s components of the ECDSA signature, along with a recovery ID to recover the public key given the original signed message and the returned components.
/// </summary>
/// <param name="hash">The hash to be signed.</param>
/// <returns>Returns r and s components of an ECDSA signature, along with a recovery ID to recover the signers public key given the original signed message and r, s.</returns>
public override (byte RecoveryID, BigInteger r, BigInteger s) SignData(Span <byte> hash)
{
// Verify we have a private key.
if (KeyType != EthereumEcdsaKeyType.Private)
{
throw _notPrivateKeyException;
}
// Initialize our crypto provider.
ECDsaSigner signer = new ECDsaSigner();
signer.Init(true, PrivateKey);
// Obtain our signature, rs[0] ("r") and rs[1] ("s")
Org.BouncyCastle.Math.BigInteger[] rs = signer.GenerateSignature(hash.ToArray());
// We want to make sure we enforce a low S value
rs[1] = Secp256k1Curve.EnforceLowS(rs[1]);
// We need to return a valid recovery ID for this signature. We do this by trying all of our 4 possible recovery IDs to make sure the public key hash recovered is the same as ours.
// We start by obtaining our current public key hash
byte[] actualPublicKeyHash = GetPublicKeyHash();
// Next we try of our potential recovery IDs until we can obtain the matching public key from the signature.
// 2, 3 are usually not used and 0, 1 denote odd or even Y, which can be figured out.
for (byte recoveryID = 0; recoveryID < 4; recoveryID++)
{
// We wrap this in a try in case, as we know one of these IDs will work.
try
{
EthereumEcdsa possibleMatch = Recover(hash, recoveryID, rs[0].ToNumericsBigInteger(), rs[1].ToNumericsBigInteger());
if (actualPublicKeyHash.ValuesEqual(possibleMatch.GetPublicKeyHash()))
{
return(recoveryID, rs[0].ToNumericsBigInteger(), rs[1].ToNumericsBigInteger());
/// <inheritdoc />
public override byte[] Sign(byte[] message, byte[] prikey)
{
ECPrivateKeyParameters priv = new ECPrivateKeyParameters("ECDSA", (new BigInteger(1, prikey)), _domain);
var signer = new ECDsaSigner();
var fullsign = new byte[64];
message = Sha256(message);
signer.Init(true, priv);
var signature = signer.GenerateSignature(message);
var r = signature[0].ToByteArray();
var s = signature[1].ToByteArray();
var rLen = r.Length;
var sLen = s.Length;
// Buid Signature ensuring Neo expected format. 32byte r + 32byte s.
if (rLen < 32)
{
Array.Copy(r, 0, fullsign, 32 - rLen, rLen);
}
else
{
Array.Copy(r, rLen - 32, fullsign, 0, 32);
}
if (sLen < 32)
{
Array.Copy(s, 0, fullsign, 64 - sLen, sLen);
}
else
{
Array.Copy(s, sLen - 32, fullsign, 32, 32);
}
return(fullsign);
}
public static List <Dictionary <string, object> > Signature(int count, Dictionary <ECPublicKeyParameters, ECPrivateKeyParameters> keyPairs)
{
var signatures = new List <Dictionary <string, object> >();
for (var i = 0; i < count; i++)
{
var keyPair = keyPairs.ElementAt(RandomInstance.Next(0, keyPairs.Count));
var ecdsaSigner = new ECDsaSigner();
ecdsaSigner.Init(true, new ParametersWithRandom(keyPair.Value, SecureRandom));
var randomString = StringUtils.RandomString(20);
var messageBytes = Encoding.UTF8.GetBytes(randomString);
var signature = ecdsaSigner.GenerateSignature(messageBytes);
signatures.Add(new Dictionary <string, object>
{
{ "signature", signature },
{ "messageHash", messageBytes },
{ "publicKey", keyPair.Key },
{ "privateKey", keyPair.Value }
});
}
return(signatures);
}
internal bool Verify(uint256 hash, ECDSASignature sig)
{
var signer = new ECDsaSigner();
signer.Init(false, GetPublicKeyParameters());
return(signer.VerifySignature(hash.ToBytes(), sig.R, sig.S));
}
/// <summary>
/// Creates a signature from the given <paramref name="message"/>.
/// <para>
/// A created signature can be verified by the corresponding
/// <see cref="PublicKey"/>.
/// </para>
/// <para>
/// Signatures can be created by only the <see cref="PrivateKey"/>
/// which corresponds a <see cref="PublicKey"/> to verify these
/// signatures.
/// </para>
/// <para>
/// To sum up, a signature is used to guarantee:
/// </para>
/// <list type="bullet">
/// <item><description>that the <paramref name="message"/> was created
/// by someone possessing the corresponding <see cref="PrivateKey"/>,
/// </description></item>
/// <item><description>that the possessor cannot deny having sent the
/// <paramref name="message"/>, and</description></item>
/// <item><description>that the <paramref name="message"/> was not
/// forged in the middle of transit.</description></item>
/// </list>
/// </summary>
/// <param name="message">A message to sign in <see cref="byte"/> array
/// representation.</param>
/// <returns>A signature that verifies the <paramref name="message"/>.
/// It can be verified using
/// <see cref="Libplanet.Crypto.PublicKey.Verify(byte[], byte[])"/>
/// method.</returns>
/// <seealso cref="Libplanet.Crypto.PublicKey.Verify(byte[], byte[])"/>
public byte[] Sign(byte[] message)
{
var h = new Sha256Digest();
var hashed = new byte[h.GetDigestSize()];
h.BlockUpdate(message, 0, message.Length);
h.DoFinal(hashed, 0);
h.Reset();
var kCalculator = new HMacDsaKCalculator(h);
var signer = new ECDsaSigner(kCalculator);
signer.Init(true, keyParam);
BigInteger[] rs = signer.GenerateSignature(hashed);
var r = rs[0];
var s = rs[1];
BigInteger otherS = keyParam.Parameters.N.Subtract(s);
if (s.CompareTo(otherS) == 1)
{
s = otherS;
}
var bos = new MemoryStream(72);
var seq = new DerSequenceGenerator(bos);
seq.AddObject(new DerInteger(r));
seq.AddObject(new DerInteger(s));
seq.Close();
return(bos.ToArray());
}
public bool IsValid(Transaction transaction)
{
ECDomainParameters ecSpec = new ECDomainParameters(CryptoUtil.Curve.Curve, CryptoUtil.Curve.G, CryptoUtil.Curve.N, CryptoUtil.Curve.H);
IDsaKCalculator kCalculator = new HMacDsaKCalculator(new Sha256Digest());
var point = DecodeECPointPublicKey(transaction.SenderPublicKey);
ECPublicKeyParameters keyParameters = new ECPublicKeyParameters(point, ecSpec);
ECDsaSigner signer = new ECDsaSigner(kCalculator);
signer.Init(false, keyParameters);
var pubKey1 = new BigInteger(transaction.Signature[0], 16);
var pubKey2 = new BigInteger(transaction.Signature[1], 16);
TransactionRaw transactionRaw = new TransactionRaw()
{
FromAddress = transaction.FromAddress,
ToAddress = transaction.ToAddress,
Amount = transaction.Amount,
DateCreated = transaction.DateCreated
};
string tranJson = JsonConvert.SerializeObject(transactionRaw);
byte[] tranHash = CryptoUtil.CalcSHA256(tranJson);
return(signer.VerifySignature(tranHash, pubKey1, pubKey2));
}
private static void Sign(UnsignedTransaction unsignedTransaction, string privateKey, bool isHex, bool addPubKey,
bool forceCompressed = false)
{
bool compressed = false;
var bytes = isHex ? privateKey.FromHexString() : GetBytesFromBase58Key(privateKey);
if (bytes.Length == 33 && bytes[32] == 1)
{
compressed = true;
bytes = bytes.Take(32).ToArray();
}
var privKeyB = new BigInteger(1, bytes);
var parms = SecNamedCurves.GetByName("secp256k1");
var curve = new ECDomainParameters(parms.Curve, parms.G, parms.N, parms.H);
var halfCurveOrder = parms.N.ShiftRight(1);
var point = curve.G.Multiply(privKeyB);
if (compressed || forceCompressed)
{
point = new FpPoint(curve.Curve, point.X, point.Y, true);
}
var publicKey = point.GetEncoded();
var signer = new ECDsaSigner();
var privKey = new ECPrivateKeyParameters(privKeyB, curve);
signer.Init(true, privKey);
foreach (string toSign in unsignedTransaction.ToSign)
{
if (addPubKey)
{
unsignedTransaction.PubKeys.Add(publicKey.ToHexString());
}
var components = signer.GenerateSignature(toSign.FromHexString());
var r = components[0];
var s = components[1];
if (s.CompareTo(halfCurveOrder) > 0)
{
s = curve.N.Subtract(s);
}
using (var ms = new MemoryStream())
using (var asn = new Asn1OutputStream(ms)) {
var seq = new DerSequenceGenerator(asn);
seq.AddObject(new DerInteger(r));
seq.AddObject(new DerInteger(s));
seq.Close();
string signedString = ms.ToArray().ToHexString();
unsignedTransaction.Signatures.Add(signedString);
}
}
}
/// <summary>
/// Generate a signature
/// Using https://github.com/Zaliro/Switcheo.Net/blob/master/Switcheo.Net/SwitcheoAuthenticationProvider.cs
/// </summary>
/// <param name="message">Message to sign</param>
/// <param name="wallet">Wallet for signature</param>
/// <returns>Message signature</returns>
private string GenerateSignature(byte[] message, NeoWallet wallet)
{
var privateKey = wallet.privateKey;
var curve = SecNamedCurves.GetByName("secp256r1");
var domain = new ECDomainParameters(curve.Curve, curve.G, curve.N, curve.H);
var priv = new ECPrivateKeyParameters("ECDSA", (new BigInteger(1, privateKey)), domain);
var signer = new ECDsaSigner();
var fullsign = new byte[64];
var hash = new Sha256Digest();
hash.BlockUpdate(message, 0, message.Length);
var result = new byte[32];
hash.DoFinal(result, 0);
message = result;
signer.Init(true, priv);
var signature = signer.GenerateSignature(message);
var signedResult = ProcessSignature(signature);
var signedMessage = BitConverter.ToString(signedResult);
return(signedMessage.Replace("-", "").ToLower());
}
/// <summary>
/// Generates a Jws Signature.
/// </summary>
/// <param name="header"></param>
/// <param name="payload"></param>
/// <returns></returns>
public string GenerateSignature(Dictionary <string, object> header, Dictionary <string, object> payload)
{
var securedInput = SecureInput(header, payload);
var message = Encoding.UTF8.GetBytes(securedInput);
byte[] hashedMessage;
using (var sha256Hasher = SHA256.Create())
{
hashedMessage = sha256Hasher.ComputeHash(message);
}
var signer = new ECDsaSigner();
signer.Init(true, _privateKey);
var results = signer.GenerateSignature(hashedMessage);
// Concated to create signature
var a = results[0].ToByteArrayUnsigned();
var b = results[1].ToByteArrayUnsigned();
// a,b are required to be exactly the same length of bytes
if (a.Length != b.Length)
{
var largestLength = Math.Max(a.Length, b.Length);
a = ByteArrayPadLeft(a, largestLength);
b = ByteArrayPadLeft(b, largestLength);
}
var signature = UrlBase64.Encode(a.Concat(b).ToArray());
return(string.Format("{0}.{1}", securedInput, signature));
}
public bool Verify(
HashDigest <T> messageHash,
byte[] signature,
PublicKey publicKey)
{
try
{
Asn1Sequence asn1Sequence = (Asn1Sequence)Asn1Object.FromByteArray(signature);
var rs = new[]
{
((DerInteger)asn1Sequence[0]).Value,
((DerInteger)asn1Sequence[1]).Value,
};
var verifier = new ECDsaSigner();
verifier.Init(false, publicKey.KeyParam);
return(verifier.VerifySignature(messageHash.ToByteArray(), rs[0], rs[1]));
}
catch (IOException)
{
return(false);
}
catch (Asn1ParsingException)
{
return(false);
}
}