protected override X9ECParameters CreateParameters() { BigInteger n = new BigInteger("0101D556572AABAC800101D556572AABAC8001022D5C91DD173F8FB561DA6899164443051D", 16); BigInteger h = BigInteger.ValueOf(0xFE2E); ECCurve c2m304w1 = new F2mCurve( 304, 1, 2, 11, new BigInteger("00FD0D693149A118F651E6DCE6802085377E5F882D1B510B44160074C1288078365A0396C8E681", 16), new BigInteger("00BDDB97E555A50A908E43B01C798EA5DAA6788F1EA2794EFCF57166B8C14039601E55827340BE", 16), n, h); return(new X9ECParameters( c2m304w1, new X9ECPoint(c2m304w1, Hex.Decode("02197B07845E9BE2D96ADB0F5F3C7F2CFFBD7A3EB8B6FEC35C7FD67F26DDF6285A644F740A2614")), n, h, null)); }
protected override X9ECParameters CreateParameters() { BigInteger n = new BigInteger("0CCCCCCCCCCCCCCCCCCCCCCCCCCCCCAC4912D2D9DF903EF9888B8A0E4CFF", 16); BigInteger h = BigInteger.ValueOf(10); ECCurve c2m239v3 = new F2mCurve( 239, 36, new BigInteger("01238774666A67766D6676F778E676B66999176666E687666D8766C66A9F", 16), new BigInteger("6A941977BA9F6A435199ACFC51067ED587F519C5ECB541B8E44111DE1D40", 16), n, h); return(new X9ECParameters( c2m239v3, new X9ECPoint(c2m239v3, Hex.Decode("0370F6E9D04D289C4E89913CE3530BFDE903977D42B146D539BF1BDE4E9C92")), n, h, null)); }
protected override X9ECParameters CreateParameters() { BigInteger n = new BigInteger("0100FAF51354E0E39E4892DF6E319C72C8161603FA45AA7B998A167B8F1E629521", 16); BigInteger h = BigInteger.ValueOf(0xFF06); ECCurve c2m272w1 = new F2mCurve( 272, 1, 3, 56, new BigInteger("0091A091F03B5FBA4AB2CCF49C4EDD220FB028712D42BE752B2C40094DBACDB586FB20", 16), new BigInteger("7167EFC92BB2E3CE7C8AAAFF34E12A9C557003D7C73A6FAF003F99F6CC8482E540F7", 16), n, h); return(new X9ECParameters( c2m272w1, new X9ECPoint(c2m272w1, Hex.Decode("026108BABB2CEEBCF787058A056CBE0CFE622D7723A289E08A07AE13EF0D10D171DD8D")), n, h, null)); }
protected override X9ECParameters CreateParameters() { BigInteger n = new BigInteger("2000000000000000000000000000000F4D42FFE1492A4993F1CAD666E447", 16); BigInteger h = BigInteger.ValueOf(4); ECCurve c2m239v1 = new F2mCurve( 239, 36, new BigInteger("32010857077C5431123A46B808906756F543423E8D27877578125778AC76", 16), new BigInteger("790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16", 16), n, h); return(new X9ECParameters( c2m239v1, new X9ECPoint(c2m239v1, Hex.Decode("0257927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D")), n, h, null)); }
protected override X9ECParameters CreateParameters() { BigInteger n = new BigInteger("1555555555555555555555555555553C6F2885259C31E3FCDF154624522D", 16); BigInteger h = BigInteger.ValueOf(6); ECCurve c2m239v2 = new F2mCurve( 239, 36, new BigInteger("4230017757A767FAE42398569B746325D45313AF0766266479B75654E65F", 16), new BigInteger("5037EA654196CFF0CD82B2C14A2FCF2E3FF8775285B545722F03EACDB74B", 16), n, h); return(new X9ECParameters( c2m239v2, new X9ECPoint(c2m239v2, Hex.Decode("0228F9D04E900069C8DC47A08534FE76D2B900B7D7EF31F5709F200C4CA205")), n, h, null)); }
protected override X9ECParameters CreateParameters() { BigInteger n = new BigInteger("155555555555555555555555610C0B196812BFB6288A3EA3", 16); BigInteger h = BigInteger.ValueOf(6); ECCurve c2m191v3 = new F2mCurve( 191, 9, new BigInteger("6C01074756099122221056911C77D77E77A777E7E7E77FCB", 16), new BigInteger("71FE1AF926CF847989EFEF8DB459F66394D90F32AD3F15E8", 16), n, h); return(new X9ECParameters( c2m191v3, new X9ECPoint(c2m191v3, Hex.Decode("03375D4CE24FDE434489DE8746E71786015009E66E38A926DD")), n, h, null)); }
protected override X9ECParameters CreateParameters() { BigInteger n = new BigInteger("0101BAF95C9723C57B6C21DA2EFF2D5ED588BDD5717E212F9D", 16); BigInteger h = BigInteger.ValueOf(0xFE48); ECCurve c2m208w1 = new F2mCurve( 208, 1, 2, 83, new BigInteger("0", 16), new BigInteger("00C8619ED45A62E6212E1160349E2BFA844439FAFC2A3FD1638F9E", 16), n, h); return(new X9ECParameters( c2m208w1, new X9ECPoint(c2m208w1, Hex.Decode("0289FDFBE4ABE193DF9559ECF07AC0CE78554E2784EB8C1ED1A57A")), n, h, null)); }
protected override X9ECParameters CreateParameters() { BigInteger n = new BigInteger("40000000000000000000000004A20E90C39067C893BBB9A5", 16); BigInteger h = BigInteger.Two; ECCurve c2m191v1 = new F2mCurve( 191, 9, new BigInteger("2866537B676752636A68F56554E12640276B649EF7526267", 16), new BigInteger("2E45EF571F00786F67B0081B9495A3D95462F5DE0AA185EC", 16), n, h); return(new X9ECParameters( c2m191v1, new X9ECPoint(c2m191v1, Hex.Decode("0236B3DAF8A23206F9C4F299D7B21A9C369137F2C84AE1AA0D")), n, h, Hex.Decode("4E13CA542744D696E67687561517552F279A8C84"))); }
protected override X9ECParameters CreateParameters() { BigInteger n = new BigInteger("20000000000000000000000050508CB89F652824E06B8173", 16); BigInteger h = BigInteger.ValueOf(4); ECCurve c2m191v2 = new F2mCurve( 191, 9, new BigInteger("401028774D7777C7B7666D1366EA432071274F89FF01E718", 16), new BigInteger("0620048D28BCBD03B6249C99182B7C8CD19700C362C46A01", 16), n, h); return(new X9ECParameters( c2m191v2, new X9ECPoint(c2m191v2, Hex.Decode("023809B2B7CC1B28CC5A87926AAD83FD28789E81E2C9E3BF10")), n, h, null)); }
protected override X9ECParameters CreateParameters() { BigInteger n = new BigInteger("03FFFFFFFFFFFFFFFFFFFDF64DE1151ADBB78F10A7", 16); BigInteger h = BigInteger.Two; ECCurve c2m163v2 = new F2mCurve( 163, 1, 2, 8, new BigInteger("0108B39E77C4B108BED981ED0E890E117C511CF072", 16), new BigInteger("0667ACEB38AF4E488C407433FFAE4F1C811638DF20", 16), n, h); return(new X9ECParameters( c2m163v2, new X9ECPoint(c2m163v2, Hex.Decode("030024266E4EB5106D0A964D92C4860E2671DB9B6CC5")), n, h, null)); }
protected override X9ECParameters CreateParameters() { BigInteger n = new BigInteger("010092537397ECA4F6145799D62B0A19CE06FE26AD", 16); BigInteger h = BigInteger.ValueOf(0xFF6E); ECCurve c2m176w1 = new F2mCurve( 176, 1, 2, 43, new BigInteger("00E4E6DB2995065C407D9D39B8D0967B96704BA8E9C90B", 16), new BigInteger("005DDA470ABE6414DE8EC133AE28E9BBD7FCEC0AE0FFF2", 16), n, h); return(new X9ECParameters( c2m176w1, new X9ECPoint(c2m176w1, Hex.Decode("038D16C2866798B600F9F08BB4A8E860F3298CE04A5798")), n, h, null)); }
protected override X9ECParameters CreateParameters() { BigInteger n = new BigInteger("0400000000000000000001E60FC8821CC74DAEAFC1", 16); BigInteger h = BigInteger.Two; ECCurve c2m163v1 = new F2mCurve( 163, 1, 2, 8, new BigInteger("072546B5435234A422E0789675F432C89435DE5242", 16), new BigInteger("00C9517D06D5240D3CFF38C74B20B6CD4D6F9DD4D9", 16), n, h); return(new X9ECParameters( c2m163v1, new X9ECPoint(c2m163v1, Hex.Decode("0307AF69989546103D79329FCC3D74880F33BBE803CB")), n, h, Hex.Decode("D2C0FB15760860DEF1EEF4D696E6768756151754"))); }
/* * * Multiplies a {@link org.bouncycastle.math.ec.F2mPoint F2mPoint} * by <code>k</code> using the reduced <code>τ</code>-adic NAF (RTNAF) * method. * @param p The F2mPoint to multiply. * @param k The integer by which to multiply <code>k</code>. * @return <code>p</code> multiplied by <code>k</code>. */ protected override ECPoint MultiplyPositive(ECPoint point, BigInteger k) { if (!(point is F2mPoint)) { throw new ArgumentException("Only F2mPoint can be used in WTauNafMultiplier"); } F2mPoint p = (F2mPoint)point; F2mCurve curve = (F2mCurve)p.Curve; int m = curve.M; sbyte a = (sbyte)curve.A.ToBigInteger().IntValue; sbyte mu = curve.GetMu(); BigInteger[] s = curve.GetSi(); ZTauElement rho = Tnaf.PartModReduction(k, m, a, s, mu, (sbyte)10); return(MultiplyWTnaf(p, rho, curve.GetPreCompInfo(p, PRECOMP_NAME), a, mu)); }
protected override X9ECParameters CreateParameters() { BigInteger n = new BigInteger("0340340340340340340340340340340340340340340340340340340323C313FAB50589703B5EC68D3587FEC60D161CC149C1AD4A91", 16); BigInteger h = BigInteger.ValueOf(0x2760); ECCurve c2m431r1 = new F2mCurve( 431, 120, new BigInteger("1A827EF00DD6FC0E234CAF046C6A5D8A85395B236CC4AD2CF32A0CADBDC9DDF620B0EB9906D0957F6C6FEACD615468DF104DE296CD8F", 16), new BigInteger("10D9B4A3D9047D8B154359ABFB1B7F5485B04CEB868237DDC9DEDA982A679A5A919B626D4E50A8DD731B107A9962381FB5D807BF2618", 16), n, h); return(new X9ECParameters( c2m431r1, new X9ECPoint(c2m431r1, Hex.Decode("02120FC05D3C67A99DE161D2F4092622FECA701BE4F50F4758714E8A87BBF2A658EF8C21E7C5EFE965361F6C2999C0C247B0DBD70CE6B7")), n, h, null)); }
protected override X9ECParameters CreateParameters() { BigInteger n = new BigInteger("010090512DA9AF72B08349D98A5DD4C7B0532ECA51CE03E2D10F3B7AC579BD87E909AE40A6F131E9CFCE5BD967", 16); BigInteger h = BigInteger.ValueOf(0xFF70); ECCurve c2m368w1 = new F2mCurve( 368, 1, 2, 85, new BigInteger("00E0D2EE25095206F5E2A4F9ED229F1F256E79A0E2B455970D8D0D865BD94778C576D62F0AB7519CCD2A1A906AE30D", 16), new BigInteger("00FC1217D4320A90452C760A58EDCD30C8DD069B3C34453837A34ED50CB54917E1C2112D84D164F444F8F74786046A", 16), n, h); return(new X9ECParameters( c2m368w1, new X9ECPoint(c2m368w1, Hex.Decode("021085E2755381DCCCE3C1557AFA10C2F0C0C2825646C5B34A394CBCFA8BC16B22E7E789E927BE216F02E1FB136A5F")), n, h, null)); }
protected override X9ECParameters CreateParameters() { BigInteger n = new BigInteger("01AF286BCA1AF286BCA1AF286BCA1AF286BCA1AF286BC9FB8F6B85C556892C20A7EB964FE7719E74F490758D3B", 16); BigInteger h = BigInteger.ValueOf(0x4C); ECCurve c2m359v1 = new F2mCurve( 359, 68, new BigInteger("5667676A654B20754F356EA92017D946567C46675556F19556A04616B567D223A5E05656FB549016A96656A557", 16), new BigInteger("2472E2D0197C49363F1FE7F5B6DB075D52B6947D135D8CA445805D39BC345626089687742B6329E70680231988", 16), n, h); return(new X9ECParameters( c2m359v1, new X9ECPoint(c2m359v1, Hex.Decode("033C258EF3047767E7EDE0F1FDAA79DAEE3841366A132E163ACED4ED2401DF9C6BDCDE98E8E707C07A2239B1B097")), n, h, null)); }
/** * Multiplies a {@link org.bouncycastle.math.ec.F2mPoint F2mPoint} * by an element <code>λ</code> of <code><b>Z</b>[τ]</code> * using the <code>τ</code>-adic NAF (TNAF) method, given the TNAF * of <code>λ</code>. * @param p The F2mPoint to Multiply. * @param u The the TNAF of <code>λ</code>.. * @return <code>λ * p</code> */ public static F2mPoint MultiplyFromTnaf(F2mPoint p, sbyte[] u) { F2mCurve curve = (F2mCurve)p.Curve; F2mPoint q = (F2mPoint)curve.Infinity; for (int i = u.Length - 1; i >= 0; i--) { q = Tau(q); if (u[i] == 1) { q = (F2mPoint)q.AddSimple(p); } else if (u[i] == -1) { q = (F2mPoint)q.SubtractSimple(p); } } return(q); }
/** * Multiplies a {@link org.bouncycastle.math.ec.F2mPoint F2mPoint} * by an element <code>λ</code> of <code><b>Z</b>[τ]</code> * using the window <code>τ</code>-adic NAF (TNAF) method, given the * WTNAF of <code>λ</code>. * @param p The F2mPoint to multiply. * @param u The the WTNAF of <code>λ</code>.. * @return <code>λ * p</code> */ private static F2mPoint MultiplyFromWTnaf(F2mPoint p, sbyte[] u, PreCompInfo preCompInfo) { F2mCurve curve = (F2mCurve)p.Curve; sbyte a = (sbyte)curve.A.ToBigInteger().IntValue; F2mPoint[] pu; if ((preCompInfo == null) || !(preCompInfo is WTauNafPreCompInfo)) { pu = Tnaf.GetPreComp(p, a); WTauNafPreCompInfo pre = new WTauNafPreCompInfo(); pre.PreComp = pu; curve.SetPreCompInfo(p, PRECOMP_NAME, pre); } else { pu = ((WTauNafPreCompInfo)preCompInfo).PreComp; } // q = infinity F2mPoint q = (F2mPoint)curve.Infinity; for (int i = u.Length - 1; i >= 0; i--) { q = Tnaf.Tau(q); sbyte ui = u[i]; if (ui != 0) { if (ui > 0) { q = q.AddSimple(pu[ui]); } else { // u[i] < 0 q = q.SubtractSimple(pu[-ui]); } } } return(q); }
/** * Returns the parameter <code>μ</code> of the elliptic curve. * @param curve The elliptic curve from which to obtain <code>μ</code>. * The curve must be a Koblitz curve, i.e. <code>a</code> Equals * <code>0</code> or <code>1</code> and <code>b</code> Equals * <code>1</code>. * @return <code>μ</code> of the elliptic curve. * @throws ArgumentException if the given ECCurve is not a Koblitz * curve. */ public static sbyte GetMu(F2mCurve curve) { BigInteger a = curve.A.ToBigInteger(); sbyte mu; if (a.SignValue == 0) { mu = -1; } else if (a.Equals(BigInteger.One)) { mu = 1; } else { throw new ArgumentException("No Koblitz curve (ABC), TNAF multiplication not possible"); } return(mu); }
/** * Multiplies a {@link Al.Security.math.ec.F2mPoint F2mPoint} * by <code>k</code> using the reduced <code>τ</code>-adic NAF (RTNAF) * method. * @param p The F2mPoint to multiply. * @param k The integer by which to multiply <code>k</code>. * @return <code>p</code> multiplied by <code>k</code>. */ public ECPoint Multiply(ECPoint point, BigInteger k, PreCompInfo preCompInfo) { if (!(point is F2mPoint)) { throw new ArgumentException("Only F2mPoint can be used in WTauNafMultiplier"); } F2mPoint p = (F2mPoint)point; F2mCurve curve = (F2mCurve)p.Curve; int m = curve.M; sbyte a = (sbyte)curve.A.ToBigInteger().IntValue; sbyte mu = curve.GetMu(); BigInteger[] s = curve.GetSi(); ZTauElement rho = Tnaf.PartModReduction(k, m, a, s, mu, (sbyte)10); return(MultiplyWTnaf(p, rho, preCompInfo, a, mu)); }
// 7.3 Вычисление базовой точки эллиптической кривой static F2mPoint computeBasePoint(F2mCurve curve) { while (true) { // 1. Вычисляем случайную точку кривой согласно 6.8. var p = computeRandomPoint(curve); // 2. Вычисляем точку r = n * P; var n = curve.N; var r = p.Multiply(n); if (r.X != null || r.Y != null) { continue; } return(p); } }
private void DoVerifyBoundsCheck() { BigInteger SM2_ECC_A = new BigInteger("00", 16); BigInteger SM2_ECC_B = new BigInteger("E78BCD09746C202378A7E72B12BCE00266B9627ECB0B5A25367AD1AD4CC6242B", 16); BigInteger SM2_ECC_N = new BigInteger("7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFBC972CF7E6B6F900945B3C6A0CF6161D", 16); BigInteger SM2_ECC_GX = new BigInteger("00CDB9CA7F1E6B0441F658343F4B10297C0EF9B6491082400A62E7A7485735FADD", 16); BigInteger SM2_ECC_GY = new BigInteger("013DE74DA65951C4D76DC89220D5F7777A611B1C38BAE260B175951DC8060C2B3E", 16); ECCurve curve = new F2mCurve(257, 12, SM2_ECC_A, SM2_ECC_B); ECPoint g = curve.CreatePoint(SM2_ECC_GX, SM2_ECC_GY); ECDomainParameters domainParams = new ECDomainParameters(curve, g, SM2_ECC_N); ECKeyGenerationParameters keyGenerationParams = new ECKeyGenerationParameters(domainParams, new TestRandomBigInteger("771EF3DBFF5F1CDC32B9C572930476191998B2BF7CB981D7F5B39202645F0931", 16)); ECKeyPairGenerator keyPairGenerator = new ECKeyPairGenerator(); keyPairGenerator.Init(keyGenerationParams); AsymmetricCipherKeyPair kp = keyPairGenerator.GenerateKeyPair(); ECPublicKeyParameters ecPub = (ECPublicKeyParameters)kp.Public; SM2Signer signer = new SM2Signer(); signer.Init(false, ecPub); signer.BlockUpdate(new byte[20], 0, 20); IsTrue(!signer.VerifySignature(Encode(BigInteger.Zero, BigInteger.ValueOf(8)))); signer.BlockUpdate(new byte[20], 0, 20); IsTrue(!signer.VerifySignature(Encode(BigInteger.ValueOf(8), BigInteger.Zero))); signer.BlockUpdate(new byte[20], 0, 20); IsTrue(!signer.VerifySignature(Encode(SM2_ECC_N, BigInteger.ValueOf(8)))); signer.BlockUpdate(new byte[20], 0, 20); IsTrue(!signer.VerifySignature(Encode(BigInteger.ValueOf(8), SM2_ECC_N))); }
public X9ECParameters( ECCurve curve, ECPoint g, BigInteger n, BigInteger h, byte[] seed) { this.curve = curve; this.g = g; this.n = n; this.h = h; this.seed = seed; if (curve is FpCurve) { this.fieldID = new X9FieldID(((FpCurve)curve).Q); } else if (curve is F2mCurve) { F2mCurve curveF2m = (F2mCurve)curve; this.fieldID = new X9FieldID(curveF2m.M, curveF2m.K1, curveF2m.K2, curveF2m.K3); } }
// 6.8. Вычисление случайной точки эллиптической кривой static F2mPoint computeRandomPoint(F2mCurve curve) { // 1. Вычислим случайный элемент основного поля BigInteger u = RNG.GetRandomInteger(curve.M); var u__element = new F2mFieldElement(curve.M, curve.K1, curve.K2, curve.K3, u); var a__element = new F2mFieldElement(curve.M, curve.K1, curve.K2, curve.K3, curve.A.ToBigInteger()); var b__element = new F2mFieldElement(curve.M, curve.K1, curve.K2, curve.K3, curve.B.ToBigInteger()); var au__element = u__element.Multiply(u__element).Multiply(a__element); // 2. Вычисляем элемент основного поля w = u ^ 3 + A u ^ 2 + B var w__element = u__element.Multiply(u__element).Multiply(u__element).Add(au__element).Add(b__element); // 3. Решаем квадратное уравнение z^2 + uz = w var z__element = quadraticEquation(curve, u__element.ToBigInteger(), w__element.ToBigInteger()); // 5. Принимают x = u, y = z var point = new F2mPoint(curve, u__element, z__element); return(point); }
public void TestECDsa239bitBinaryAndLargeDigest() { BigInteger r = new BigInteger("21596333210419611985018340039034612628818151486841789642455876922391552"); BigInteger s = new BigInteger("144940322424411242416373536877786566515839911620497068645600824084578597"); byte[] kData = BigIntegers.AsUnsignedByteArray( new BigInteger("171278725565216523967285789236956265265265235675811949404040041670216363")); SecureRandom k = FixedSecureRandom.From(kData); F2mCurve curve = new F2mCurve( 239, // m 36, //k new BigInteger("32010857077C5431123A46B808906756F543423E8D27877578125778AC76", 16), // a new BigInteger("790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16", 16)); // b ECDomainParameters parameters = new ECDomainParameters( curve, curve.DecodePoint( Hex.Decode("0457927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305")), // G new BigInteger("220855883097298041197912187592864814557886993776713230936715041207411783"), // n BigInteger.ValueOf(4)); // h ECPrivateKeyParameters priKey = new ECPrivateKeyParameters( "ECDSA", new BigInteger("145642755521911534651321230007534120304391871461646461466464667494947990"), // d parameters); ECDsaSigner ecdsa = new ECDsaSigner(); ParametersWithRandom param = new ParametersWithRandom(priKey, k); ecdsa.Init(true, param); byte[] message = new BigInteger("968236873715988614170569073515315707566766479517968236873715988614170569073515315707566766479517968236873715988614170569073515315707566766479517").ToByteArray(); BigInteger[] sig = ecdsa.GenerateSignature(message); if (!r.Equals(sig[0])) { Fail("r component wrong." + SimpleTest.NewLine + " expecting: " + r + SimpleTest.NewLine + " got : " + sig[0]); } if (!s.Equals(sig[1])) { Fail("s component wrong." + SimpleTest.NewLine + " expecting: " + s + SimpleTest.NewLine + " got : " + sig[1]); } // Verify the signature ECPublicKeyParameters pubKey = new ECPublicKeyParameters( "ECDSA", curve.DecodePoint( Hex.Decode("045894609CCECF9A92533F630DE713A958E96C97CCB8F5ABB5A688A238DEED6DC2D9D0C94EBFB7D526BA6A61764175B99CB6011E2047F9F067293F57F5")), // Q parameters); ecdsa.Init(false, pubKey); if (!ecdsa.VerifySignature(message, sig[0], sig[1])) { Fail("signature fails"); } }
public void TestECDsa239BitBinary() { BigInteger r = new BigInteger("21596333210419611985018340039034612628818151486841789642455876922391552"); BigInteger s = new BigInteger("197030374000731686738334997654997227052849804072198819102649413465737174"); byte[] kData = new BigInteger("171278725565216523967285789236956265265265235675811949404040041670216363").ToByteArrayUnsigned(); SecureRandom k = FixedSecureRandom.From(kData); // EllipticCurve curve = new EllipticCurve( // new ECFieldF2m(239, // m // new int[] { 36 }), // k // new BigInteger("32010857077C5431123A46B808906756F543423E8D27877578125778AC76", 16), // a // new BigInteger("790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16", 16)); // b ECCurve curve = new F2mCurve( 239, // m 36, // k new BigInteger("32010857077C5431123A46B808906756F543423E8D27877578125778AC76", 16), // a new BigInteger("790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16", 16)); // b ECDomainParameters parameters = new ECDomainParameters( curve, // ECPointUtil.DecodePoint(curve, Hex.Decode("0457927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305")), // G curve.DecodePoint(Hex.Decode("0457927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305")), // G new BigInteger("220855883097298041197912187592864814557886993776713230936715041207411783"), // n BigInteger.ValueOf(4)); //4); // h ECPrivateKeyParameters sKey = new ECPrivateKeyParameters( "ECDSA", new BigInteger("145642755521911534651321230007534120304391871461646461466464667494947990"), // d parameters); ECPublicKeyParameters vKey = new ECPublicKeyParameters( "ECDSA", // ECPointUtil.DecodePoint(curve, Hex.Decode("045894609CCECF9A92533F630DE713A958E96C97CCB8F5ABB5A688A238DEED6DC2D9D0C94EBFB7D526BA6A61764175B99CB6011E2047F9F067293F57F5")), // Q curve.DecodePoint(Hex.Decode("045894609CCECF9A92533F630DE713A958E96C97CCB8F5ABB5A688A238DEED6DC2D9D0C94EBFB7D526BA6A61764175B99CB6011E2047F9F067293F57F5")), // Q parameters); ISigner sgr = SignerUtilities.GetSigner("ECDSA"); // KeyFactory f = KeyFactory.getInstance("ECDSA"); // AsymmetricKeyParameter sKey = f.generatePrivate(priKeySpec); // AsymmetricKeyParameter vKey = f.generatePublic(pubKeySpec); byte[] message = new byte[] { (byte)'a', (byte)'b', (byte)'c' }; sgr.Init(true, new ParametersWithRandom(sKey, k)); sgr.BlockUpdate(message, 0, message.Length); byte[] sigBytes = sgr.GenerateSignature(); sgr.Init(false, vKey); sgr.BlockUpdate(message, 0, message.Length); if (!sgr.VerifySignature(sigBytes)) { Fail("239 Bit EC verification failed"); } BigInteger[] sig = derDecode(sigBytes); if (!r.Equals(sig[0])) { Fail("r component wrong." + SimpleTest.NewLine + " expecting: " + r + SimpleTest.NewLine + " got : " + sig[0]); } if (!s.Equals(sig[1])) { Fail("s component wrong." + SimpleTest.NewLine + " expecting: " + s + SimpleTest.NewLine + " got : " + sig[1]); } }
private void DoKeyExchangeTestF2m() { BigInteger SM2_ECC_A = new BigInteger("00", 16); BigInteger SM2_ECC_B = new BigInteger("E78BCD09746C202378A7E72B12BCE00266B9627ECB0B5A25367AD1AD4CC6242B", 16); BigInteger SM2_ECC_N = new BigInteger("7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFBC972CF7E6B6F900945B3C6A0CF6161D", 16); BigInteger SM2_ECC_GX = new BigInteger("00CDB9CA7F1E6B0441F658343F4B10297C0EF9B6491082400A62E7A7485735FADD", 16); BigInteger SM2_ECC_GY = new BigInteger("013DE74DA65951C4D76DC89220D5F7777A611B1C38BAE260B175951DC8060C2B3E", 16); BigInteger SM2_ECC_H = BigInteger.ValueOf(4); ECCurve curve = new F2mCurve(257, 12, SM2_ECC_A, SM2_ECC_B); ECPoint g = curve.CreatePoint(SM2_ECC_GX, SM2_ECC_GY); ECDomainParameters domainParams = new ECDomainParameters(curve, g, SM2_ECC_N, SM2_ECC_H); ECKeyPairGenerator keyPairGenerator = new ECKeyPairGenerator(); ECKeyGenerationParameters aKeyGenParams = new ECKeyGenerationParameters(domainParams, new TestRandomBigInteger("4813903D254F2C20A94BC5704238496954BB5279F861952EF2C5298E84D2CEAA", 16)); keyPairGenerator.Init(aKeyGenParams); AsymmetricCipherKeyPair aKp = keyPairGenerator.GenerateKeyPair(); ECPublicKeyParameters aPub = (ECPublicKeyParameters)aKp.Public; ECPrivateKeyParameters aPriv = (ECPrivateKeyParameters)aKp.Private; ECKeyGenerationParameters aeKeyGenParams = new ECKeyGenerationParameters(domainParams, new TestRandomBigInteger("54A3D6673FF3A6BD6B02EBB164C2A3AF6D4A4906229D9BFCE68CC366A2E64BA4", 16)); keyPairGenerator.Init(aeKeyGenParams); AsymmetricCipherKeyPair aeKp = keyPairGenerator.GenerateKeyPair(); ECPublicKeyParameters aePub = (ECPublicKeyParameters)aeKp.Public; ECPrivateKeyParameters aePriv = (ECPrivateKeyParameters)aeKp.Private; ECKeyGenerationParameters bKeyGenParams = new ECKeyGenerationParameters(domainParams, new TestRandomBigInteger("08F41BAE0922F47C212803FE681AD52B9BF28A35E1CD0EC273A2CF813E8FD1DC", 16)); keyPairGenerator.Init(bKeyGenParams); AsymmetricCipherKeyPair bKp = keyPairGenerator.GenerateKeyPair(); ECPublicKeyParameters bPub = (ECPublicKeyParameters)bKp.Public; ECPrivateKeyParameters bPriv = (ECPrivateKeyParameters)bKp.Private; ECKeyGenerationParameters beKeyGenParams = new ECKeyGenerationParameters(domainParams, new TestRandomBigInteger("1F21933387BEF781D0A8F7FD708C5AE0A56EE3F423DBC2FE5BDF6F068C53F7AD", 16)); keyPairGenerator.Init(beKeyGenParams); AsymmetricCipherKeyPair beKp = keyPairGenerator.GenerateKeyPair(); ECPublicKeyParameters bePub = (ECPublicKeyParameters)beKp.Public; ECPrivateKeyParameters bePriv = (ECPrivateKeyParameters)beKp.Private; SM2KeyExchange exch = new SM2KeyExchange(); exch.Init(new ParametersWithID(new SM2KeyExchangePrivateParameters(true, aPriv, aePriv), Strings.ToByteArray("*****@*****.**"))); byte[] k1 = exch.CalculateKey(128, new ParametersWithID(new SM2KeyExchangePublicParameters(bPub, bePub), Strings.ToByteArray("*****@*****.**"))); // there appears to be typo for ZA in the draft //IsTrue("F2m key 1 wrong", Arrays.AreEqual(Hex.Decode("4E587E5C66634F22D973A7D98BF8BE23"), k1)); IsTrue("F2m key 1 wrong", Arrays.AreEqual(Hex.Decode("8c2b03289aa7126555dc660cfc29fd74"), k1)); exch = new SM2KeyExchange(); exch.Init(new ParametersWithID(new SM2KeyExchangePrivateParameters(false, bPriv, bePriv), Strings.ToByteArray("*****@*****.**"))); byte[] k2 = exch.CalculateKey(128, new ParametersWithID(new SM2KeyExchangePublicParameters(aPub, aePub), Strings.ToByteArray("*****@*****.**"))); //IsTrue("F2m key 2 wrong", Arrays.AreEqual(Hex.Decode("4E587E5C66634F22D973A7D98BF8BE23"), k2)); IsTrue("F2m key 2 wrong", Arrays.AreEqual(Hex.Decode("8c2b03289aa7126555dc660cfc29fd74"), k2)); // with key confirmation exch = new SM2KeyExchange(); exch.Init(new ParametersWithID(new SM2KeyExchangePrivateParameters(false, bPriv, bePriv), Strings.ToByteArray("*****@*****.**"))); byte[][] vals2 = exch.CalculateKeyWithConfirmation(128, null, new ParametersWithID(new SM2KeyExchangePublicParameters(aPub, aePub), Strings.ToByteArray("*****@*****.**"))); IsTrue("key 2 wrong", Arrays.AreEqual(Hex.Decode("8c2b03289aa7126555dc660cfc29fd74"), k2)); IsTrue("conf a tag 2 wrong", Arrays.AreEqual(Hex.Decode("d8294c4c0f0ac180feac95e8a0d786638c9e915b9a684b2348809af03a0de2a5"), vals2[1])); IsTrue("conf b tag 2 wrong", Arrays.AreEqual(Hex.Decode("52089e706911b58fd5e7c7b2ab5cf32bb61e481ef1e114a1e33d99eec84b5a4f"), vals2[2])); exch = new SM2KeyExchange(); exch.Init(new ParametersWithID(new SM2KeyExchangePrivateParameters(true, aPriv, aePriv), Strings.ToByteArray("*****@*****.**"))); byte[][] vals1 = exch.CalculateKeyWithConfirmation(128, vals2[1], new ParametersWithID(new SM2KeyExchangePublicParameters(bPub, bePub), Strings.ToByteArray("*****@*****.**"))); IsTrue("conf key 1 wrong", Arrays.AreEqual(Hex.Decode("8c2b03289aa7126555dc660cfc29fd74"), vals1[0])); IsTrue("conf tag 1 wrong", Arrays.AreEqual(Hex.Decode("52089e706911b58fd5e7c7b2ab5cf32bb61e481ef1e114a1e33d99eec84b5a4f"), vals1[1])); }
/** * Computes the auxiliary values <code>s<sub>0</sub></code> and * <code>s<sub>1</sub></code> used for partial modular reduction. * @param curve The elliptic curve for which to compute * <code>s<sub>0</sub></code> and <code>s<sub>1</sub></code>. * @throws ArgumentException if <code>curve</code> is not a * Koblitz curve (Anomalous Binary Curve, ABC). */ public static BigInteger[] GetSi(F2mCurve curve) { if (!curve.IsKoblitz) throw new ArgumentException("si is defined for Koblitz curves only"); int m = curve.M; int a = curve.A.ToBigInteger().IntValue; sbyte mu = curve.GetMu(); int h = curve.H.IntValue; int index = m + 3 - a; BigInteger[] ui = GetLucas(mu, index, false); BigInteger dividend0; BigInteger dividend1; if (mu == 1) { dividend0 = BigInteger.One.Subtract(ui[1]); dividend1 = BigInteger.One.Subtract(ui[0]); } else if (mu == -1) { dividend0 = BigInteger.One.Add(ui[1]); dividend1 = BigInteger.One.Add(ui[0]); } else { throw new ArgumentException("mu must be 1 or -1"); } BigInteger[] si = new BigInteger[2]; if (h == 2) { si[0] = dividend0.ShiftRight(1); si[1] = dividend1.ShiftRight(1).Negate(); } else if (h == 4) { si[0] = dividend0.ShiftRight(2); si[1] = dividend1.ShiftRight(2).Negate(); } else { throw new ArgumentException("h (Cofactor) must be 2 or 4"); } return si; }
/** * Returns the parameter <code>μ</code> of the elliptic curve. * @param curve The elliptic curve from which to obtain <code>μ</code>. * The curve must be a Koblitz curve, i.e. <code>a</code> Equals * <code>0</code> or <code>1</code> and <code>b</code> Equals * <code>1</code>. * @return <code>μ</code> of the elliptic curve. * @throws ArgumentException if the given ECCurve is not a Koblitz * curve. */ public static sbyte GetMu(F2mCurve curve) { BigInteger a = curve.A.ToBigInteger(); sbyte mu; if (a.Sign == 0) { mu = -1; } else if (a.Equals(BigInteger.One)) { mu = 1; } else { throw new ArgumentException("No Koblitz curve (ABC), TNAF multiplication not possible"); } return mu; }
public static AsymmetricKeyParameter CreateKey( SubjectPublicKeyInfo keyInfo) { AlgorithmIdentifier algID = keyInfo.AlgorithmID; if (algID.ObjectID.Equals(PkcsObjectIdentifiers.RsaEncryption) || algID.ObjectID.Equals(X509ObjectIdentifiers.IdEARsa)) { RsaPublicKeyStructure pubKey = RsaPublicKeyStructure.GetInstance(keyInfo.GetPublicKey()); return(new RsaKeyParameters(false, pubKey.Modulus, pubKey.PublicExponent)); } else if (algID.ObjectID.Equals(PkcsObjectIdentifiers.DhKeyAgreement) || algID.ObjectID.Equals(X9ObjectIdentifiers.DHPublicNumber)) { DHParameter para = new DHParameter((Asn1Sequence)keyInfo.AlgorithmID.Parameters); DerInteger derY = (DerInteger)keyInfo.GetPublicKey(); return(new DHPublicKeyParameters(derY.Value, new DHParameters(para.P, para.G))); } else if (algID.ObjectID.Equals(OiwObjectIdentifiers.ElGamalAlgorithm)) { ElGamalParameter para = new ElGamalParameter((Asn1Sequence)keyInfo.AlgorithmID.Parameters); DerInteger derY = (DerInteger)keyInfo.GetPublicKey(); return(new ElGamalPublicKeyParameters(derY.Value, new ElGamalParameters(para.P, para.G))); } else if (algID.ObjectID.Equals(X9ObjectIdentifiers.IdDsa) || algID.ObjectID.Equals(OiwObjectIdentifiers.DsaWithSha1)) { DsaParameter para = DsaParameter.GetInstance(keyInfo.AlgorithmID.Parameters); DerInteger derY = (DerInteger)keyInfo.GetPublicKey(); return(new DsaPublicKeyParameters(derY.Value, new DsaParameters(para.P, para.Q, para.G))); } else if (algID.ObjectID.Equals(X9ObjectIdentifiers.IdECPublicKey)) { X962Parameters para = new X962Parameters((Asn1Object)keyInfo.AlgorithmID.Parameters); ECDomainParameters dParams = null; if (para.IsNamedCurve) { DerObjectIdentifier oid = (DerObjectIdentifier)para.Parameters; X9ECParameters ecP = X962NamedCurves.GetByOid(oid); if (ecP == null) { ecP = SecNamedCurves.GetByOid(oid); if (ecP == null) { ecP = NistNamedCurves.GetByOid(oid); } } dParams = new ECDomainParameters( ecP.Curve, ecP.G, ecP.N, ecP.H, ecP.GetSeed()); } else { X9ECParameters ecP = new X9ECParameters((Asn1Sequence)para.Parameters.ToAsn1Object()); dParams = new ECDomainParameters( ecP.Curve, ecP.G, ecP.N, ecP.H, ecP.GetSeed()); } DerBitString bits = keyInfo.PublicKeyData; byte[] data = bits.GetBytes(); Asn1OctetString key = new DerOctetString(data); X9ECPoint derQ = new X9ECPoint(dParams.Curve, key); return(new ECPublicKeyParameters(derQ.Point, dParams)); } else if (algID.ObjectID.Equals(CryptoProObjectIdentifiers.GostR3410x2001)) { Gost3410PublicKeyAlgParameters gostParams = new Gost3410PublicKeyAlgParameters( (Asn1Sequence)algID.Parameters); Asn1OctetString key; try { key = (Asn1OctetString)keyInfo.GetPublicKey(); } catch (IOException) { throw new ArgumentException("invalid info structure in GOST3410 public key"); } byte[] keyEnc = key.GetOctets(); byte[] x = new byte[32]; byte[] y = new byte[32]; for (int i = 0; i != y.Length; i++) { x[i] = keyEnc[32 - 1 - i]; } for (int i = 0; i != x.Length; i++) { y[i] = keyEnc[64 - 1 - i]; } ECDomainParameters ecP = ECGost3410NamedCurves.GetByOid(gostParams.PublicKeyParamSet); if (ecP == null) { return(null); } ECCurve curve = ecP.Curve; ECPoint q; if (curve is FpCurve) { FpCurve curveFp = (FpCurve)curve; q = new FpPoint( curveFp, new FpFieldElement(curveFp.Q, new BigInteger(1, x)), new FpFieldElement(curveFp.Q, new BigInteger(1, y))); } else { F2mCurve curveF2m = (F2mCurve)curve; q = new F2mPoint( curveF2m, new F2mFieldElement(curveF2m.M, curveF2m.K1, curveF2m.K2, curveF2m.K3, new BigInteger(1, x)), new F2mFieldElement(curveF2m.M, curveF2m.K1, curveF2m.K2, curveF2m.K3, new BigInteger(1, y)), false); } return(new ECPublicKeyParameters(q, gostParams.PublicKeyParamSet)); } else if (algID.ObjectID.Equals(CryptoProObjectIdentifiers.GostR3410x94)) { Gost3410PublicKeyAlgParameters algParams = new Gost3410PublicKeyAlgParameters( (Asn1Sequence)algID.Parameters); DerOctetString derY; try { derY = (DerOctetString)keyInfo.GetPublicKey(); } catch (IOException) { throw new ArgumentException("invalid info structure in GOST3410 public key"); } byte[] keyEnc = derY.GetOctets(); byte[] keyBytes = new byte[keyEnc.Length]; for (int i = 0; i != keyEnc.Length; i++) { keyBytes[i] = keyEnc[keyEnc.Length - 1 - i]; // was little endian } BigInteger y = new BigInteger(1, keyBytes); return(new Gost3410PublicKeyParameters(y, algParams.PublicKeyParamSet)); } else { throw new SecurityUtilityException("algorithm identifier in key not recognised: " + algID.ObjectID); } }
public void TestGeneration() { ISigner s = SignerUtilities.GetSigner("DSA"); byte[] data = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 0 }; SecureRandom rand = new SecureRandom(); // KeyPairGenerator g = KeyPairGenerator.GetInstance("DSA"); IAsymmetricCipherKeyPairGenerator g = GeneratorUtilities.GetKeyPairGenerator("DSA"); // test exception // doTestBadStrength(513); doTestBadStrength(510); doTestBadStrength(1025); //g.initialize(512, rand); { DsaParametersGenerator pGen = new DsaParametersGenerator(); pGen.Init(512, 80, rand); g.Init(new DsaKeyGenerationParameters(rand, pGen.GenerateParameters())); } AsymmetricCipherKeyPair p = g.GenerateKeyPair(); AsymmetricKeyParameter sKey = p.Private; AsymmetricKeyParameter vKey = p.Public; s.Init(true, sKey); s.BlockUpdate(data, 0, data.Length); byte[] sigBytes = s.GenerateSignature(); s = SignerUtilities.GetSigner("DSA"); s.Init(false, vKey); s.BlockUpdate(data, 0, data.Length); if (!s.VerifySignature(sigBytes)) { Fail("DSA verification failed"); } // // ECDSA Fp generation test // s = SignerUtilities.GetSigner("ECDSA"); ECCurve curve = new FpCurve( new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"), // q new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16), // a new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16)); // b ECDomainParameters ecSpec = new ECDomainParameters( curve, curve.DecodePoint(Hex.Decode("020ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf")), // G new BigInteger("883423532389192164791648750360308884807550341691627752275345424702807307")); // n g = GeneratorUtilities.GetKeyPairGenerator("ECDSA"); g.Init(new ECKeyGenerationParameters(ecSpec, rand)); p = g.GenerateKeyPair(); sKey = p.Private; vKey = p.Public; s.Init(true, sKey); s.BlockUpdate(data, 0, data.Length); sigBytes = s.GenerateSignature(); s = SignerUtilities.GetSigner("ECDSA"); s.Init(false, vKey); s.BlockUpdate(data, 0, data.Length); if (!s.VerifySignature(sigBytes)) { Fail("ECDSA verification failed"); } // // ECDSA F2m generation test // s = SignerUtilities.GetSigner("ECDSA"); curve = new F2mCurve( 239, // m 36, // k new BigInteger("32010857077C5431123A46B808906756F543423E8D27877578125778AC76", 16), // a new BigInteger("790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16", 16)); // b ecSpec = new ECDomainParameters( curve, curve.DecodePoint(Hex.Decode("0457927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305")), // G new BigInteger("220855883097298041197912187592864814557886993776713230936715041207411783"), // n BigInteger.ValueOf(4)); // h g = GeneratorUtilities.GetKeyPairGenerator("ECDSA"); g.Init(new ECKeyGenerationParameters(ecSpec, rand)); p = g.GenerateKeyPair(); sKey = p.Private; vKey = p.Public; s.Init(true, sKey); s.BlockUpdate(data, 0, data.Length); sigBytes = s.GenerateSignature(); s = SignerUtilities.GetSigner("ECDSA"); s.Init(false, vKey); s.BlockUpdate(data, 0, data.Length); if (!s.VerifySignature(sigBytes)) { Fail("ECDSA verification failed"); } }
public Key(F2mCurve curve, F2mPoint basePoint, F2mPoint publicKey) { PublicKey = publicKey; BasePoint = basePoint; Curve = curve; }