public static byte[] Sign(byte[] bytes, byte[] privateKey)
{
var x9EcParameters = SecNamedCurves.GetByName("secp256k1");
var ecParams = new ECDomainParameters(x9EcParameters.Curve, x9EcParameters.G, x9EcParameters.N, x9EcParameters.H);
var privateKeyBigInteger = new BigInteger((new byte[] { 0x00 }).Concat(privateKey).ToArray());
var signer = new ECDsaSigner();
var privateKeyParameters = new ECPrivateKeyParameters(privateKeyBigInteger, ecParams);
signer.Init(true, privateKeyParameters);
var signature = signer.GenerateSignature(bytes);
var memoryStream = new MemoryStream();
var sequenceGenerator = new DerSequenceGenerator(memoryStream);
sequenceGenerator.AddObject(new DerInteger(signature[0]));
sequenceGenerator.AddObject(new DerInteger(signature[1]));
sequenceGenerator.Close();
var signingResult = memoryStream.ToArray();
return(signingResult);
}
// private static readonly Hashtable CurveNames = new Hashtable();
// private static readonly Hashtable CurveAliases = new Hashtable();
//
// static NamedCurveTest()
// {
// CurveNames.Add("prime192v1", "prime192v1"); // X9.62
// CurveNames.Add("sect571r1", "sect571r1"); // sec
// CurveNames.Add("secp224r1", "secp224r1");
// CurveNames.Add("B-409", SecNamedCurves.GetName(NistNamedCurves.GetOid("B-409"))); // nist
// CurveNames.Add("P-521", SecNamedCurves.GetName(NistNamedCurves.GetOid("P-521")));
// CurveNames.Add("brainpoolp160r1", "brainpoolp160r1"); // TeleTrusT
//
// CurveAliases.Add("secp192r1", "prime192v1");
// CurveAliases.Add("secp256r1", "prime256v1");
// }
private static ECDomainParameters GetCurveParameters(
string name)
{
ECDomainParameters ecdp = ECGost3410NamedCurves.GetByName(name);
if (ecdp != null)
{
return(ecdp);
}
X9ECParameters ecP = X962NamedCurves.GetByName(name);
if (ecP == null)
{
ecP = SecNamedCurves.GetByName(name);
if (ecP == null)
{
ecP = NistNamedCurves.GetByName(name);
if (ecP == null)
{
ecP = TeleTrusTNamedCurves.GetByName(name);
if (ecP == null)
{
throw new Exception("unknown curve name: " + name);
}
}
}
}
return(new ECDomainParameters(ecP.Curve, ecP.G, ecP.N, ecP.H, ecP.GetSeed()));
}
private (byte[] PrivateKey, byte[] PublicKey) ReadPem(string pemFile)
{
using (var reader = File.OpenText(pemFile))
{
var pemReader = new PemReader(reader);
object o;
while ((o = pemReader.ReadObject()) != null)
{
if (o is AsymmetricCipherKeyPair pair)
{
var privateKeyFromPair = ((ECPrivateKeyParameters)pair.Private).D.ToByteArrayUnsigned();
var publicKeyFromPair = ((ECPublicKeyParameters)pair.Public).Q.GetEncoded();
return(PrivateKey : privateKeyFromPair, PublicKey : publicKeyFromPair);
}
if (o is ECPrivateKeyParameters privateKey)
{
var curve = SecNamedCurves.GetByName("secp256r1");
var domain = new ECDomainParameters(curve.Curve, curve.G, curve.N);
var publicKeyParameters = new ECPublicKeyParameters(domain.G.Multiply(new BigInteger(1, privateKey.D.ToByteArrayUnsigned())), domain);
return(PrivateKey : privateKey.D.ToByteArrayUnsigned(), PublicKey : publicKeyParameters.Q.GetEncoded());
}
if (o is ECPublicKeyParameters publicKey)
{
return(PrivateKey : null, PublicKey : publicKey.Q.GetEncoded());
}
}
throw new InvalidOperationException("Key pair was not found in PEM file");
}
}
private static ECDsa LoadPrivateKey(string pem)
{
var reader = new PemReader(new StringReader(pem));
var keyPair = (AsymmetricCipherKeyPair)reader.ReadObject();
var p = (ECPrivateKeyParameters)keyPair.Private;
var privKeyInt = p.D;
var parameters = SecNamedCurves.GetByName("secp256r1");
var ecPoint = parameters.G.Multiply(privKeyInt);
var privKeyX = ecPoint.Normalize().XCoord.ToBigInteger().ToByteArrayUnsigned();
var privKeyY = ecPoint.Normalize().YCoord.ToBigInteger().ToByteArrayUnsigned();
#if NETSTANDARD2_0
return(ECDsa.Create(new ECParameters
{
Curve = ECCurve.NamedCurves.nistP256,
D = privKeyInt.ToByteArrayUnsigned(),
Q = new ECPoint
{
X = privKeyX,
Y = privKeyY
}
}));
#else
var x = EccKey.New(privKeyX, privKeyY, privKeyInt.ToByteArrayUnsigned());
var ecdsa = new ECDsaCng(x);
return(ecdsa);
#endif
}
/// <summary>
/// Calculates an ECDSA signature in DER format for the given input hash. Note that the input is expected to be
/// 32 bytes long.
/// </summary>
public byte[] Sign(byte[] input, Org.BouncyCastle.Math.BigInteger privateKey)
{
const string BITCOIN_CURVE = "secp256k1";
ECDsaSigner signer = new ECDsaSigner();
Org.BouncyCastle.Asn1.X9.X9ECParameters ecp = SecNamedCurves.GetByName(BITCOIN_CURVE);
ECDomainParameters EcParameters = new ECDomainParameters(ecp.Curve, ecp.G, ecp.N, ecp.H);
var privateKeyParameters = new ECPrivateKeyParameters(privateKey, EcParameters);
signer.Init(true, privateKeyParameters);
var signatures = signer.GenerateSignature(input);
// What we get back from the signer are the two components of a signature, r and s. To get a flat byte stream
// of the type used by BitCoin we have to encode them using DER encoding, which is just a way to pack the two
// components into a structure.
using (var byteOutputStream = new MemoryStream())
{
var derSequenceGenerator = new DerSequenceGenerator(byteOutputStream);
derSequenceGenerator.AddObject(new DerInteger(signatures[0]));
derSequenceGenerator.AddObject(new DerInteger(signatures[1]));
derSequenceGenerator.Close();
return(byteOutputStream.ToArray());
}
}
public ECPublicKeyParameters DecodePublicKey(byte[] encodedPublicKey)
{
try
{
X9ECParameters curve = SecNamedCurves.GetByName("secp256r1");
ECPoint point;
try
{
point = curve.Curve.DecodePoint(encodedPublicKey);
}
catch (Exception e)
{
throw new U2fException("Could not parse user public key", e);
}
ECPublicKeyParameters xxpk = new ECPublicKeyParameters("ECDSA", point,
SecObjectIdentifiers.SecP256r1);
return(xxpk);
}
catch (InvalidKeySpecException e)
{
throw new U2fException(ErrorDecodingPublicKey, e);
}
}
public static ECPrivateKeyParameters ParsePrivateKey(string keyBytesHex)
{
var curve = SecNamedCurves.GetByName("secp256r1");
var curveSpec = new ECDomainParameters(curve.Curve, curve.G, curve.N, curve.H);
return(new ECPrivateKeyParameters(new BigInteger(keyBytesHex, 16), curveSpec));
}
static Verifier()
{
// Get secp256k1 params.
X9ECParameters curParams = SecNamedCurves.GetByName("secp256k1");
_ecParams = new ECDomainParameters(curParams.Curve, curParams.G, curParams.N, curParams.H);
}
public static byte[] SignTransaction(byte[] data, byte[] privateKey)
{
ECDsaSigner signer = new ECDsaSigner();
X9ECParameters spec = SecNamedCurves.GetByName("secp256k1");
ECDomainParameters domain = new ECDomainParameters(spec.Curve, spec.G, spec.N);
ECPrivateKeyParameters privateKeyParms =
new ECPrivateKeyParameters(new BigInteger(1, privateKey), domain);
ParametersWithRandom paramxs = new ParametersWithRandom(privateKeyParms);
signer.Init(true, paramxs);
var signature = signer.GenerateSignature(data); //sign and get R and S
//return as DER format
using (MemoryStream outStream = new MemoryStream(80))
{
DerSequenceGenerator seq = new DerSequenceGenerator(outStream);
seq.AddObject(new DerInteger(signature[0])); //r
seq.AddObject(new DerInteger(signature[1])); //s
seq.AddObject(new DerInteger(GetRecoveryId(signature[0].ToByteArray(),
signature[1].ToByteArray(), data, GetPublicKey(privateKey)))); //v
seq.Close();
return(outStream.ToArray());
}
}
public ECKeyPair(string privateKeyHex)
{
AsymmetricCipherKeyPair keyPair;
X9ECParameters Params = SecNamedCurves.GetByName("secp256k1");
ECDomainParameters Curve = new ECDomainParameters(Params.Curve, Params.G, Params.N, Params.H);
BigInteger bigInteger = new BigInteger(privateKeyHex, 16);
ECPrivateKeyParameters ecPrivateKeyParameters = new ECPrivateKeyParameters(bigInteger, Curve);
var q = Curve.G.Multiply(bigInteger);
ECPublicKeyParameters ecPublicKeyParameters = new ECPublicKeyParameters(q, Curve);
ECPublicKey = ecPublicKeyParameters;
ECPrivateKey = ecPrivateKeyParameters;
keyPair = new AsymmetricCipherKeyPair(
(AsymmetricKeyParameter)ecPublicKeyParameters,
(AsymmetricKeyParameter)ecPrivateKeyParameters);
TextWriter writer1 = (TextWriter) new StringWriter();
PemWriter pemWriter1 = new PemWriter(writer1);
pemWriter1.WriteObject((object)keyPair.Private);
pemWriter1.Writer.Flush();
this.PrivateKey = writer1.ToString();
TextWriter writer2 = (TextWriter) new StringWriter();
PemWriter pemWriter2 = new PemWriter(writer2);
pemWriter2.WriteObject((object)keyPair.Public);
pemWriter2.Writer.Flush();
this.PublicKey = writer2.ToString();
}
public static byte[] CreatePublicKeyFromPrivate(byte[] privateKey)
{
privateKey = (new byte[]
{
0x00
}).Concat(privateKey).ToArray();
var secp256K1Algorithm = SecNamedCurves.GetByName("secp256k1");
var privateKeyInteger = new BigInteger(privateKey);
var multiplication = secp256K1Algorithm.G.Multiply(privateKeyInteger).Normalize();
var publicKey = new byte[65];
var y = multiplication.AffineYCoord.ToBigInteger().ToByteArray();
Array.Copy(y, 0, publicKey, 64 - y.Length + 1, y.Length);
var x = multiplication.AffineXCoord.ToBigInteger().ToByteArray();
Array.Copy(x, 0, publicKey, 32 - x.Length + 1, x.Length);
publicKey[0] = 0x04;
return(publicKey);
}
public Packet MessageDecrypt(Packet outer)
{
byte[] remoteKeyData = outer.Body.Take(21).ToArray();
byte[] ivData = outer.Body.Skip(21).Take(4).ToArray();
byte[] innerEncryptedData = outer.Body.Skip(25).Take(outer.Body.Length - 29).ToArray();
// Decode the body
ECKeyPair remoteEphemeralKeys = ECKeyPair.LoadKeys(SecNamedCurves.GetByName("secp160r1"), remoteKeyData, null);
var idAgreement = ECDHAgree(remoteEphemeralKeys.PublicKey, Key.PrivateKey);
var agreedHash = Helpers.SHA256Hash(Helpers.ToByteArray(idAgreement, 20));
var aesKey = Helpers.FoldOnce(agreedHash);
// Pad out the IV
byte[] aesIV = new byte[16];
Array.Clear(aesIV, 0, 16);
Buffer.BlockCopy(ivData, 0, aesIV, 0, 4);
// Decrypt it
var cipher = new BufferedBlockCipher(new SicBlockCipher(new AesFastEngine()));
var parameters = new ParametersWithIV(new KeyParameter(aesKey), aesIV);
cipher.Init(false, parameters);
byte[] decryptedBody = new byte[innerEncryptedData.Length];
var offset = cipher.ProcessBytes(innerEncryptedData, decryptedBody, 0);
cipher.DoFinal(decryptedBody, offset);
Packet outPacket = Packet.DecodePacket(decryptedBody);
return(outPacket);
}
public override (byte[], byte[]) GetChildPrivateKey(Curve curve, byte[] privateKey, byte[] chainCode, uint index)
{
byte[] l;
if ((index & 0x80000000) != 0) // hardened
{
l = Bip32Hash(chainCode, index, 0, privateKey);
}
else
{
if (curve.Kind == ECKind.Ed25519)
{
throw new NotSupportedException("Ed25519 doesn't support non-hardened key derivation");
}
l = Bip32Hash(chainCode, index, curve.GetPublicKey(privateKey));
}
var ll = l.GetBytes(0, 32);
var lr = l.GetBytes(32, 32);
if (curve.Kind == ECKind.Ed25519)
{
l.Flush();
return(ll, lr);
}
while (true)
{
var parse256LL = new BigInteger(1, ll);
var kPar = new BigInteger(1, privateKey);
var N = curve.Kind switch
{
ECKind.Secp256k1 => SecNamedCurves.GetByName("secp256k1").N,
ECKind.NistP256 => SecNamedCurves.GetByName("secp256r1").N,
_ => throw new InvalidEnumArgumentException()
};
var key = parse256LL.Add(kPar).Mod(N);
if (parse256LL.CompareTo(N) >= 0 || key.CompareTo(BigInteger.Zero) == 0)
{
l = Bip32Hash(chainCode, index, 1, lr);
ll = l.GetBytes(0, 32);
lr = l.GetBytes(32, 32);
continue;
}
var keyBytes = key.ToByteArrayUnsigned();
if (keyBytes.Length < 32)
{
var kb = keyBytes;
keyBytes = new byte[32 - kb.Length].Concat(kb);
kb.Flush();
}
l.Flush();
ll.Flush();
return(keyBytes, lr);
}
}
public override (byte[], byte[]) GenerateMasterKey(Curve curve, byte[] seed)
{
using var hmacSha512 = new HMACSHA512(curve.SeedKey);
while (true)
{
var l = hmacSha512.ComputeHash(seed);
var ll = l.GetBytes(0, 32);
var lr = l.GetBytes(32, 32);
if (curve.Kind == ECKind.Ed25519)
{
l.Flush();
return(ll, lr);
}
var parse256LL = new BigInteger(1, ll);
var N = curve.Kind switch
{
ECKind.Secp256k1 => SecNamedCurves.GetByName("secp256k1").N,
ECKind.NistP256 => SecNamedCurves.GetByName("secp256r1").N,
_ => throw new InvalidEnumArgumentException()
};
if (parse256LL.CompareTo(N) < 0 && parse256LL.CompareTo(BigInteger.Zero) != 0)
{
l.Flush();
return(ll, lr);
}
seed = l;
}
}
/// <summary>
/// Generate a signature
/// Using https://github.com/Zaliro/Switcheo.Net/blob/master/Switcheo.Net/SwitcheoAuthenticationProvider.cs
/// </summary>
/// <param name="message">Message to sign</param>
/// <param name="wallet">Wallet for signature</param>
/// <returns>Message signature</returns>
private string GenerateSignature(byte[] message, NeoWallet wallet)
{
var privateKey = wallet.privateKey;
var curve = SecNamedCurves.GetByName("secp256r1");
var domain = new ECDomainParameters(curve.Curve, curve.G, curve.N, curve.H);
var priv = new ECPrivateKeyParameters("ECDSA", (new BigInteger(1, privateKey)), domain);
var signer = new ECDsaSigner();
var fullsign = new byte[64];
var hash = new Sha256Digest();
hash.BlockUpdate(message, 0, message.Length);
var result = new byte[32];
hash.DoFinal(result, 0);
message = result;
signer.Init(true, priv);
var signature = signer.GenerateSignature(message);
var signedResult = ProcessSignature(signature);
var signedMessage = BitConverter.ToString(signedResult);
return(signedMessage.Replace("-", "").ToLower());
}
public static byte[] GeneratePublicKey(byte[] privateKey)
{
Org.BouncyCastle.Math.BigInteger privateKeyInt = new Org.BouncyCastle.Math.BigInteger(+1, privateKey);
var parameters = SecNamedCurves.GetByName("secp256k1");
Org.BouncyCastle.Math.EC.ECPoint point = parameters.G.Multiply(privateKeyInt);
byte[] pubKeyX = point.X.ToBigInteger().ToByteArrayUnsigned();
byte[] pubKeyY = point.Y.ToBigInteger().ToByteArrayUnsigned();
Console.WriteLine("Your X point on the Elliptic Curve is: " + Encoding.Unicode.GetString(pubKeyX));
Console.WriteLine("Your Y point on the Elliptic Curve is: " + Encoding.Unicode.GetString(pubKeyY));
byte[] pubKey = new byte[pubKeyX.Length + 1];
// Copy pub key X over to pubKey
pubKeyX.CopyTo(pubKey, 1);
// Setup the parity byte
if (point.Y.ToBigInteger().Mod(new Org.BouncyCastle.Math.BigInteger("2")) == new Org.BouncyCastle.Math.BigInteger("1"))
{
pubKey[0] = 0x03;
}
else
{
pubKey[0] = 0x02;
}
// Return the public key
//return Tuple.Create(pubKeyX, pubKeyY);
return(pubKey);
}
public ECPublicKeyParameters DecodePublicKey(byte[] encodedPublicKey)
{
try
{
var curve = SecNamedCurves.GetByName("secp256r1");
if (curve == null)
{
throw new U2FException("Named curve 'secp256r1' isn't supported");
}
ECPoint point;
try
{
point = curve.Curve.DecodePoint(encodedPublicKey);
}
catch (Exception e)
{
throw new U2FException("Couldn't parse user public key", e);
}
var parameters = new ECDomainParameters(curve.Curve, curve.G, curve.N, curve.H);
return(new ECPublicKeyParameters(point, parameters));
}
catch (Exception e)
{
throw new U2FException("Error when decoding public key", e);
}
}
/// <summary>
/// Parameters to generate the key for
/// </summary>
/// <returns></returns>
private string GetEcCurve()
{
var ret = "secp384r1"; // Default
try
{
var config = Properties.Settings.Default.ECCurve;
DerObjectIdentifier curveOid = null;
try
{
curveOid = SecNamedCurves.GetOid(config);
}
catch {}
if (curveOid != null)
{
ret = config;
}
else
{
_log.Warning("Unknown curve {ECCurve}", config);
}
}
catch (Exception ex)
{
_log.Warning("Unable to get EC name, error: {@ex}", ex);
}
_log.Debug("ECCurve: {ECCurve}", ret);
return(ret);
}
public static void GenerateKey(
out byte[] privateKey, out byte[] publicKey)
{
var rnd = new SecureRandom();
rnd.SetSeed(DateTime.UtcNow.Ticks);
var curve = SecNamedCurves.GetByName(CurveName);
var n = curve.N;
BigInteger d;
do
{
d = new BigInteger(n.BitLength, rnd).SetBit(n.BitLength - 1);
} while (d.CompareTo(n) >= 0);
privateKey = d.ToByteArrayUnsigned();
var pubPoint = curve.G.Multiply(d).Normalize();
publicKey = ToBytes(new ECPoint
{
X = pubPoint.XCoord.GetEncoded(),
Y = pubPoint.YCoord.GetEncoded(),
});
}
// TODO Add an equivalent class for ECNamedCurveParameterSpec?
//private ECNamedCurveParameterSpec ReadECParameters(
// private X9ECParameters ReadECParameters(PemObject pemObject)
// {
// DerObjectIdentifier oid = (DerObjectIdentifier)Asn1Object.FromByteArray(pemObject.Content);
//
// //return ECNamedCurveTable.getParameterSpec(oid.Id);
// return GetCurveParameters(oid.Id);
// }
//private static ECDomainParameters GetCurveParameters(
private static X9ECParameters GetCurveParameters(
string name)
{
// TODO ECGost3410NamedCurves support (returns ECDomainParameters though)
X9ECParameters ecP = X962NamedCurves.GetByName(name);
if (ecP == null)
{
ecP = SecNamedCurves.GetByName(name);
if (ecP == null)
{
ecP = NistNamedCurves.GetByName(name);
if (ecP == null)
{
ecP = TeleTrusTNamedCurves.GetByName(name);
if (ecP == null)
{
throw new Exception("unknown curve name: " + name);
}
}
}
}
//return new ECDomainParameters(ecP.Curve, ecP.G, ecP.N, ecP.H, ecP.GetSeed());
return(ecP);
}
private static bool VerifySignature(string message, byte[] public_key_bytes, string signature)
{
var curve = SecNamedCurves.GetByName("secp256r1");
var domain = new ECDomainParameters(curve.Curve, curve.G, curve.N, curve.H);
//var publicKeyBytes = Base58Encoding.Decode(publicKey);
//var publicKeyBytes = Base58Encoding.DecodeWithCheckSum(publicKey);
//var publicKeyBytes = Base58Encoding.DecodePublicKey(publicKey);
var q = curve.Curve.DecodePoint(public_key_bytes);
var keyParameters = new
Org.BouncyCastle.Crypto.Parameters.ECPublicKeyParameters(q,
domain);
ISigner signer = SignerUtilities.GetSigner("SHA-256withECDSA");
signer.Init(false, keyParameters);
signer.BlockUpdate(Encoding.UTF8.GetBytes(message), 0, message.Length);
var signatureBytes = Base58Encoding.Decode(signature);
var derSign = SignatureHelper.derSign(signatureBytes);
return(signer.VerifySignature(derSign));
}
/**
* return a X9ECParameters object representing the passed in named
* curve. The routine returns null if the curve is not present.
*
* @param name the name of the curve requested
* @return an X9ECParameters object or null if the curve is not available.
*/
public static X9ECParameters GetByName(string name)
{
X9ECParameters ecP = X962NamedCurves.GetByName(name);
if (ecP == null)
{
ecP = SecNamedCurves.GetByName(name);
}
if (ecP == null)
{
ecP = NistNamedCurves.GetByName(name);
}
if (ecP == null)
{
ecP = TeleTrusTNamedCurves.GetByName(name);
}
if (ecP == null)
{
ecP = AnssiNamedCurves.GetByName(name);
}
return(ecP);
}
/**
* return the object identifier signified by the passed in name. Null
* if there is no object identifier associated with name.
*
* @return the object identifier associated with name, if present.
*/
public static DerObjectIdentifier GetOid(string name)
{
DerObjectIdentifier oid = X962NamedCurves.GetOid(name);
if (oid == null)
{
oid = SecNamedCurves.GetOid(name);
}
if (oid == null)
{
oid = NistNamedCurves.GetOid(name);
}
if (oid == null)
{
oid = TeleTrusTNamedCurves.GetOid(name);
}
if (oid == null)
{
oid = AnssiNamedCurves.GetOid(name);
}
return(oid);
}
public static string GetName(DerObjectIdentifier oid)
{
string name = X962NamedCurves.GetName(oid);
if (name == null)
{
name = SecNamedCurves.GetName(oid);
}
if (name == null)
{
name = NistNamedCurves.GetName(oid);
}
if (name == null)
{
name = TeleTrusTNamedCurves.GetName(oid);
}
if (name == null)
{
name = AnssiNamedCurves.GetName(oid);
}
if (name == null)
{
name = ECGost3410NamedCurves.GetName(oid);
}
if (name == null)
{
name = GMNamedCurves.GetName(oid);
}
return(name);
}
public void TestECNR521bitPrime()
{
BigInteger r = new BigInteger("1820641608112320695747745915744708800944302281118541146383656165330049339564439316345159057453301092391897040509935100825960342573871340486684575368150970954");
BigInteger s = new BigInteger("6358277176448326821136601602749690343031826490505780896013143436153111780706227024847359990383467115737705919410755190867632280059161174165591324242446800763");
byte[] kData = new BigInteger("cdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef", 16).ToByteArrayUnsigned();
SecureRandom k = FixedSecureRandom.From(kData);
X9ECParameters p = SecNamedCurves.GetByOid(SecObjectIdentifiers.SecP521r1);
ECDomainParameters spec = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
ECCurve curve = spec.Curve;
ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
new BigInteger("5769183828869504557786041598510887460263120754767955773309066354712783118202294874205844512909370791582896372147797293913785865682804434049019366394746072023"), // d
spec);
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
curve.DecodePoint(Hex.Decode("02006BFDD2C9278B63C92D6624F151C9D7A822CC75BD983B17D25D74C26740380022D3D8FAF304781E416175EADF4ED6E2B47142D2454A7AC7801DD803CF44A4D1F0AC")), // Q
spec);
ISigner sgr = SignerUtilities.GetSigner("SHA512withECNR");
byte[] message = new byte[] { (byte)'a', (byte)'b', (byte)'c' };
checkSignature(521, priKey, pubKey, sgr, k, message, r, s);
}
/**
* return a X9ECParameters object representing the passed in named
* curve.
*
* @param oid the object id of the curve requested
* @return an X9ECParameters object or null if the curve is not available.
*/
public static X9ECParameters GetByOid(DerObjectIdentifier oid)
{
X9ECParameters ecP = X962NamedCurves.GetByOid(oid);
if (ecP == null)
{
ecP = SecNamedCurves.GetByOid(oid);
}
// NOTE: All the NIST curves are currently from SEC, so no point in redundant OID lookup
if (ecP == null)
{
ecP = TeleTrusTNamedCurves.GetByOid(oid);
}
if (ecP == null)
{
ecP = AnssiNamedCurves.GetByOid(oid);
}
if (ecP == null)
{
ecP = FromDomainParameters(ECGost3410NamedCurves.GetByOid(oid));
}
if (ecP == null)
{
ecP = GMNamedCurves.GetByOid(oid);
}
return(ecP);
}
/// <summary> Gets shared secret. </summary>
///
/// def get_shared_secret(priv, pub) :
/// pub_point = pub.point()
/// priv_point = int(repr(priv),16)
/// res = pub_point * priv_point
/// res_hex = '%032x' % res.x()
/// return res_hex
///
/// <remarks> Paul, 26/10/2015. </remarks>
///
/// <returns> The shared secret. </returns>
static public byte[] GetSharedSecret(KeyPair priv, PublicKey pub)
{
var ps = SecNamedCurves.GetByName("secp256k1");
BigInteger ipriv = new BigInteger(1, priv.PrivateKeyBytes);
ECPoint pubPoint = pub.GetECPoint();
ECPoint shared = pubPoint.Multiply(ipriv);
BigInteger s = shared.X.ToBigInteger();
byte[] data = s.ToByteArray();
int leadingZeros = -1;
while (data[++leadingZeros] == 0)
{
;
}
byte[] result = new byte[data.Length - leadingZeros];
Buffer.BlockCopy(data, leadingZeros, result, 0, result.Length);
return(result);
}
private static void Sign(UnsignedTransaction unsignedTransaction, string privateKey, bool isHex, bool addPubKey,
bool forceCompressed = false)
{
bool compressed = false;
var bytes = isHex ? privateKey.FromHexString() : GetBytesFromBase58Key(privateKey);
if (bytes.Length == 33 && bytes[32] == 1)
{
compressed = true;
bytes = bytes.Take(32).ToArray();
}
var privKeyB = new BigInteger(1, bytes);
var parms = SecNamedCurves.GetByName("secp256k1");
var curve = new ECDomainParameters(parms.Curve, parms.G, parms.N, parms.H);
var halfCurveOrder = parms.N.ShiftRight(1);
var point = curve.G.Multiply(privKeyB);
if (compressed || forceCompressed)
{
point = new FpPoint(curve.Curve, point.X, point.Y, true);
}
var publicKey = point.GetEncoded();
var signer = new ECDsaSigner();
var privKey = new ECPrivateKeyParameters(privKeyB, curve);
signer.Init(true, privKey);
foreach (string toSign in unsignedTransaction.ToSign)
{
if (addPubKey)
{
unsignedTransaction.PubKeys.Add(publicKey.ToHexString());
}
var components = signer.GenerateSignature(toSign.FromHexString());
var r = components[0];
var s = components[1];
if (s.CompareTo(halfCurveOrder) > 0)
{
s = curve.N.Subtract(s);
}
using (var ms = new MemoryStream())
using (var asn = new Asn1OutputStream(ms)) {
var seq = new DerSequenceGenerator(asn);
seq.AddObject(new DerInteger(r));
seq.AddObject(new DerInteger(s));
seq.Close();
string signedString = ms.ToArray().ToHexString();
unsignedTransaction.Signatures.Add(signedString);
}
}
}
private void randMult(string curveName)
{
X9ECParameters spec = SecNamedCurves.GetByName(curveName);
BigInteger n = spec.N;
ECPoint g = (ECPoint)spec.G;
SecureRandom random = new SecureRandom(); //SecureRandom.getInstance("SHA1PRNG", "SUN");
BigInteger k = new BigInteger(n.BitLength - 1, random);
ECPoint qMultiply = null;
long startTime = DateTimeUtilities.CurrentUnixMs();
for (int i = 0; i < NUM_ROUNDS; i++)
{
qMultiply = g.Multiply(k);
}
long endTime = DateTimeUtilities.CurrentUnixMs();
double avgDuration = (double)(endTime - startTime) / NUM_ROUNDS;
Console.WriteLine(curveName);
Console.Write("Millis : ");
Console.WriteLine(avgDuration);
Console.WriteLine();
}
public string SignMessage(string msg, string privKey)
{
//$.checkArgument(text);
string hashMsg = DoubleHashMessageReverse(msg);
// Debugging Only
//Console.WriteLine("Hashed Message: " + hashMsg);
//Console.WriteLine("Hashed Message in Bytes: " + BitConverter.ToString(Encoding.Unicode.GetBytes(hashMsg)));
byte[] bytedPrivKey = ConvertToByteArray(privKey);
// Retrieve the private key in bigint
BigInteger privateKeyInt = new BigInteger(+1, ConvertToByteArray(privKey));
// Reconstruct the curve
X9ECParameters parameters = SecNamedCurves.GetByName("secp256k1");
//Org.BouncyCastle.Math.EC.ECPoint point = parameters.G.Multiply(privateKeyInt);
// Setup the signer
// https://www.programcreek.com/java-api-examples/index.php?api=org.bouncycastle.crypto.signers.ECDSASigner
// Cant new ECDsaSigner(new HMacDsaKCalculator(new Sha256Digest())); Because Btc doesn't use those..
ECDsaSigner signer = new ECDsaSigner();
// Construct the ECDomainParameters
// https://programtalk.com/java-api-usage-examples/org.bouncycastle.crypto.params.ECDomainParameters/ => How to get the parameters
ECDomainParameters ecDomainParams = new ECDomainParameters(parameters.Curve, parameters.G, parameters.N, parameters.H);
ECKeyParameters keyParams = new ECPrivateKeyParameters(privateKeyInt, ecDomainParams);
signer.Init(true, keyParams);
BigInteger[] signature = signer.GenerateSignature(Encoding.Unicode.GetBytes(hashMsg));
// https://stackoverflow.com/questions/37572306/verifying-ecdsa-signature-with-bouncy-castle-in-c-sharp
MemoryStream stream = new MemoryStream();
//DerOutputStream der = new DerOutputStream(stream);
try
{
//Asn1EncodableVector seq = new Asn1EncodableVector();
//seq.Add(new DerInteger(signature[0]));
//seq.Add(new DerInteger(signature[1]));
//der.WriteObject(new DerSequence(seq));
DerSequenceGenerator seq = new DerSequenceGenerator(stream);
seq.AddObject(new DerInteger(signature[0]));
seq.AddObject(new DerInteger(signature[1]));
seq.Close();
byte[] bitResult = stream.ToArray();
PrintByteArray(bitResult);
Console.WriteLine("MemoryStream Output: " + BitConverter.ToString(bitResult).Replace("-", string.Empty));
return(BitConverter.ToString(bitResult).Replace("-", string.Empty));
}
catch (IOException e)
{
return(e.ToString());
}
}
