public FfcVerificationResult Verify(FfcDomainParameters domainParameters, FfcKeyPair keyPair, BitString message, FfcSignature signature, bool skipHash = false)
{
// 1
if (signature.R < 0 || signature.R > domainParameters.Q)
{
return(new FfcVerificationResult("Invalid r provided"));
}
if (signature.S < 0 || signature.S > domainParameters.Q)
{
return(new FfcVerificationResult("Invalid s provided"));
}
// 2
var w = signature.S.ModularInverse(domainParameters.Q);
var zLen = System.Math.Min(Sha.HashFunction.OutputLen, new BitString(domainParameters.Q).BitLength);
var z = BitString.MSBSubstring(Sha.HashMessage(message).Digest, 0, zLen).ToPositiveBigInteger();
var u1 = (z * w) % domainParameters.Q;
var u2 = (signature.R * w) % domainParameters.Q;
// (g^u1 * y^u2) mod p == [(g^u1 mod p) * (y^u2 mod p)] mod p
var v = ((BigInteger.ModPow(domainParameters.G, u1, domainParameters.P) * BigInteger.ModPow(keyPair.PublicKeyY, u2, domainParameters.P)) % domainParameters.P) % domainParameters.Q;
// 3
if (v != signature.R)
{
return(new FfcVerificationResult("Invalid v, does not match provided r"));
}
return(new FfcVerificationResult());
}
public FfcSignatureResult Sign(FfcDomainParameters domainParameters, FfcKeyPair keyPair, BitString message, bool skipHash = false)
{
BigInteger r, s;
do
{
var k = _entropyProvider.GetEntropy(1, domainParameters.Q - 1);
var kInv = k.ModularInverse(domainParameters.Q);
r = BigInteger.ModPow(domainParameters.G, k, domainParameters.P) % domainParameters.Q;
var zLen = System.Math.Min(Sha.HashFunction.OutputLen, new BitString(domainParameters.Q).BitLength);
var z = BitString.MSBSubstring(Sha.HashMessage(message).Digest, 0, zLen).ToPositiveBigInteger();
s = (kInv * (z + keyPair.PrivateKeyX * r)) % domainParameters.Q;
} while (r == 0 || s == 0);
return(new FfcSignatureResult(new FfcSignature(r, s)));
}
/// <inheritdoc />
protected override BitString GetEphemeralKeyOrNonce(FfcKeyPair ephemeralPublicKey, BitString ephemeralNonce, BitString dkmNonce)
{
if (ephemeralPublicKey != null && ephemeralPublicKey?.PublicKeyY != 0)
{
var ephemKey = new BitString(ephemeralPublicKey.PublicKeyY);
// Ensure mod 32
if (ephemKey.BitLength % 32 != 0)
{
ephemKey = BitString.ConcatenateBits(BitString.Zeroes(32 - ephemKey.BitLength % 32), ephemKey);
}
return(ephemKey);
}
if (ephemeralNonce != null && ephemeralNonce?.BitLength != 0)
{
return(ephemeralNonce);
}
return(dkmNonce);
}
public FfcKeyPairValidateResult ValidateKeyPair(FfcDomainParameters domainParameters, FfcKeyPair keyPair)
{
if (keyPair.PrivateKeyX <= 0 || keyPair.PrivateKeyX >= domainParameters.Q)
{
return(new FfcKeyPairValidateResult("Invalid key pair, x must satisfy 0 < x < q"));
}
if (keyPair.PublicKeyY == BigInteger.ModPow(domainParameters.G, keyPair.PrivateKeyX, domainParameters.P))
{
return(new FfcKeyPairValidateResult());
}
else
{
return(new FfcKeyPairValidateResult("Invalid key pair, y != g^x mod p"));
}
}
/// <summary>
/// No errors
/// </summary>
public FfcKeyPairGenerateResult(FfcKeyPair keyPair)
{
KeyPair = keyPair;
}
