static void Test(string p, string a, string b, string Gx, string Gy, string n, int h, ECDomainParameters domain)
{
IFiniteField ff = domain.Group.FiniteField;
AreEqual(p, domain.P, "p");
AreEqual(a, ff.ToNormal(domain.A), "a");
AreEqual(b, ff.ToNormal(domain.B), "b");
AreEqual(Gx, ff.ToNormal(domain.G.X), "Gx");
AreEqual(Gy, ff.ToNormal(domain.G.Y), "Gy");
AreEqual(n, domain.N, "n");
Assert.AreEqual(h, domain.H, "h");
}
/// <summary>バイト配列より点を作成する (SEC1, 2.3.4)</summary>
public ECPoint(ECGroup group, byte[] data)
{
_group = group;
_field = group.FiniteField;
switch (data[0])
{
case 0: { // 無限遠点
ECPoint tmp = _field.GetInfinityPoint(_group);
_x = tmp._x;
_y = tmp._y;
_z = tmp._z;
return;
}
case 2:
case 3: { // 点圧縮済みデータ
int keyBits = group.P.BitCount();
int keyBytes = (keyBits >> 3) + ((keyBits & 7) == 0 ? 0 : 1);
if (data.Length != keyBytes + 1)
{
throw new ArgumentException();
}
Number x = _field.ToElement(new Number(data, 1, keyBytes, false));
Number y2 = _field.Add(_field.Multiply(_field.Add(_field.Multiply(x, x), _group.A), x), _group.B); // (x^2 + a)*x + b
Number y = _field.Sqrt(y2);
if (_field.ToNormal(y).GetBit(0) != data[0] - 2)
{
y = _field.Modulus - y;
}
_x = x;
_y = y;
_z = _field.ToElement(Number.One);
return;
}
case 4: { // 非圧縮データ
int keyBits = group.P.BitCount();
int keyBytes = (keyBits >> 3) + ((keyBits & 7) == 0 ? 0 : 1);
_x = _field.ToElement(new Number(data, 1, keyBytes, false));
_y = _field.ToElement(new Number(data, 1 + keyBytes, keyBytes, false));
_z = _field.ToElement(Number.One);
return;
}
default:
throw new ArgumentException();
}
}
/// <summary>バイト配列より点を作成する (SEC1, 2.3.4)</summary>
public ECPoint (ECGroup group, byte[] data)
{
_group = group;
_field = group.FiniteField;
switch (data[0]) {
case 0: { // 無限遠点
ECPoint tmp = _field.GetInfinityPoint (_group);
_x = tmp._x;
_y = tmp._y;
_z = tmp._z;
return;
}
case 2:
case 3: { // 点圧縮済みデータ
int keyBits = group.P.BitCount ();
int keyBytes = (keyBits >> 3) + ((keyBits & 7) == 0 ? 0 : 1);
if (data.Length != keyBytes + 1)
throw new ArgumentException ();
Number x = _field.ToElement (new Number (data, 1, keyBytes, false));
Number y2 = _field.Add (_field.Multiply (_field.Add (_field.Multiply (x, x), _group.A), x), _group.B); // (x^2 + a)*x + b
Number y = _field.Sqrt (y2);
if (_field.ToNormal (y).GetBit (0) != data[0] - 2)
y = _field.Modulus - y;
_x = x;
_y = y;
_z = _field.ToElement (Number.One);
return;
}
case 4: { // 非圧縮データ
int keyBits = group.P.BitCount ();
int keyBytes = (keyBits >> 3) + ((keyBits & 7) == 0 ? 0 : 1);
_x = _field.ToElement (new Number (data, 1, keyBytes, false));
_y = _field.ToElement (new Number (data, 1 + keyBytes, keyBytes, false));
_z = _field.ToElement (Number.One);
return;
}
default:
throw new ArgumentException ();
}
}
internal byte[] SignHash(byte[] hash, byte[] randomK)
#endif
{
if (hash == null)
{
throw new ArgumentNullException();
}
if (hash.Length == 0)
{
throw new ArgumentException();
}
if (_params.D == null && _params.Q == null)
{
_params.CreateNewPrivateKey();
}
if (_params.D == null)
{
throw new CryptographicException();
}
Number r, s, k;
IFiniteField field = _params.Domain.FieldN;
int keyBytes = (int)((_params.Domain.Bits >> 3) + ((_params.Domain.Bits & 7) == 0 ? 0U : 1U));
byte[] raw = new byte[keyBytes << 1];
Number e = HashToNumber(hash);
do
{
do
{
// Step.1
#if TEST
k = randomK == null
? k = Number.CreateRandomElement(_params.Domain.N)
: new Number(randomK, false);
#else
k = Number.CreateRandomElement(_params.Domain.N);
#endif
// Step.2
ECPoint tmp = _params.Domain.G.Multiply(k).Export();
// Step.3
r = tmp.X % _params.Domain.N;
if (!r.IsZero())
{
r.CopyToBigEndian(raw, 0, keyBytes);
break;
}
} while (true);
// Step.4
k = field.Invert(field.ToElement(k));
// Step.6
r = field.ToElement(r);
e = field.ToElement(e);
s = field.Multiply(k, field.Add(e, field.Multiply(r, field.ToElement(_params.D))));
if (!s.IsZero())
{
s = field.ToNormal(s);
s.CopyToBigEndian(raw, raw.Length >> 1, keyBytes);
break;
}
} while (true);
return(raw);
}
public bool VerifyHash(byte[] hash, byte[] sig)
{
if (sig.Length != (_params.Domain.Bits >> 2) + ((_params.Domain.Bits & 7) == 0 ? 0 : 2))
{
throw new ArgumentException();
}
if (hash.Length == 0)
{
throw new ArgumentException();
}
if (_params.Q == null && _params.D != null)
{
_params.CreatePublicKeyFromPrivateKey();
}
if (_params.Q == null)
{
throw new CryptographicException();
}
int halfLen = sig.Length >> 1;
Number r = new Number(sig, 0, halfLen, false);
Number s = new Number(sig, halfLen, halfLen, false);
Number e = HashToNumber(hash);
IFiniteField field = _params.Domain.FieldN;
if (r >= _params.Domain.N || s >= _params.Domain.N)
{
return(false);
}
// Step.1
e = field.ToElement(e);
s = field.ToElement(s);
Number r2 = field.ToElement(r);
// Step.2
Number w = field.Invert(s);
// Step.3
Number u1 = field.ToNormal(field.Multiply(e, w));
Number u2 = field.ToNormal(field.Multiply(r2, w));
// Step.4
//ECPoint X = _params.Domain.G.Multiply (u1).Add (_params.Q.Multiply (u2));
ECPoint X;
if (u1.IsZero())
{
X = _params.Domain.FieldN.GetInfinityPoint(_params.Domain.Group).Add(_params.Q.Multiply(u2));
}
else
{
X = ECPoint.MultiplyAndAdd(_params.Domain.G, u1, _params.Q, u2);
}
// Step.5
if (X.IsInifinity())
{
return(false);
}
X = X.Export();
// Step.6
Number v = X.X % _params.Domain.N;
return(r.CompareTo(v) == 0);
}
