public FfcVerificationResult Verify(FfcDomainParameters domainParameters, FfcKeyPair keyPair, BitString message, FfcSignature signature, bool skipHash = false) { // 1 if (signature.R < 0 || signature.R > domainParameters.Q) { return(new FfcVerificationResult("Invalid r provided")); } if (signature.S < 0 || signature.S > domainParameters.Q) { return(new FfcVerificationResult("Invalid s provided")); } // 2 var w = signature.S.ModularInverse(domainParameters.Q); var zLen = System.Math.Min(Sha.HashFunction.OutputLen, new BitString(domainParameters.Q).BitLength); var z = BitString.MSBSubstring(Sha.HashMessage(message).Digest, 0, zLen).ToPositiveBigInteger(); var u1 = (z * w) % domainParameters.Q; var u2 = (signature.R * w) % domainParameters.Q; // (g^u1 * y^u2) mod p == [(g^u1 mod p) * (y^u2 mod p)] mod p var v = ((BigInteger.ModPow(domainParameters.G, u1, domainParameters.P) * BigInteger.ModPow(keyPair.PublicKeyY, u2, domainParameters.P)) % domainParameters.P) % domainParameters.Q; // 3 if (v != signature.R) { return(new FfcVerificationResult("Invalid v, does not match provided r")); } return(new FfcVerificationResult()); }
public FfcSignatureResult(FfcSignature signature) { Signature = signature; }