/*
* Create a new instance with the provided elements. The
* constructor verifies that the provided point is part of
* the curve.
*/
public ECPublicKey(ECCurve curve, byte[] Pub)
{
this.curve = curve;
this.pub = Pub;
iPub = curve.Decode(Pub);
if (iPub.IsInfinity)
{
throw new CryptoException(
"Public key point is infinity");
}
hashCode = curve.GetHashCode()
^ (int)BigInt.HashInt(iPub.X)
^ (int)BigInt.HashInt(iPub.Y);
}
/*
* Create a new instance with the provided element (unsigned,
* big-endian). This constructor checks the following rules:
*
* the modulus size must be at least 512 bits
* the modulus must be odd
* the exponent must be odd and greater than 1
*/
public RSAPublicKey(byte[] modulus, byte[] exponent)
{
mod = BigInt.NormalizeBE(modulus, false);
e = BigInt.NormalizeBE(exponent, false);
if (mod.Length < 64 || (mod.Length == 64 && mod[0] < 0x80))
{
throw new CryptoException(
"Invalid RSA public key (less than 512 bits)");
}
if ((mod[mod.Length - 1] & 0x01) == 0)
{
throw new CryptoException(
"Invalid RSA public key (even modulus)");
}
if (BigInt.IsZero(e))
{
throw new CryptoException(
"Invalid RSA public key (exponent is zero)");
}
if (BigInt.IsOne(e))
{
throw new CryptoException(
"Invalid RSA public key (exponent is one)");
}
if ((e[e.Length - 1] & 0x01) == 0)
{
throw new CryptoException(
"Invalid RSA public key (even exponent)");
}
/*
* A simple hash code that will work well because RSA
* keys are in practice quite randomish.
*/
hashCode = (int)(BigInt.HashInt(modulus)
^ BigInt.HashInt(exponent));
}
/*
* Checks enforced by the constructor:
* -- modulus is odd and at least 80-bit long
* -- subgroup order is odd and at least 30-bit long
* -- parameters a[] and b[] are lower than modulus
* -- coordinates gx and gy are lower than modulus
* -- coordinates gx and gy match curve equation
*/
internal ECCurvePrime(string name, byte[] mod, byte[] a, byte[] b,
byte[] gx, byte[] gy, byte[] subgroupOrder, byte[] cofactor)
: base(subgroupOrder, cofactor)
{
this.mod = mod = BigInt.NormalizeBE(mod);
int modLen = BigInt.BitLength(mod);
if (modLen < 80)
{
throw new CryptoException(
"Invalid curve: modulus is too small");
}
if ((mod[mod.Length - 1] & 0x01) == 0)
{
throw new CryptoException(
"Invalid curve: modulus is even");
}
int sgLen = BigInt.BitLength(subgroupOrder);
if (sgLen < 30)
{
throw new CryptoException(
"Invalid curve: subgroup is too small");
}
if ((subgroupOrder[subgroupOrder.Length - 1] & 0x01) == 0)
{
throw new CryptoException(
"Invalid curve: subgroup order is even");
}
mp = new ModInt(mod);
flen = (modLen + 7) >> 3;
pMod4 = mod[mod.Length - 1] & 3;
this.a = a = BigInt.NormalizeBE(a);
this.b = b = BigInt.NormalizeBE(b);
if (BigInt.CompareCT(a, mod) >= 0 ||
BigInt.CompareCT(b, mod) >= 0)
{
throw new CryptoException(
"Invalid curve: out-of-range parameter");
}
ma = mp.Dup();
ma.Decode(a);
ma.Add(3);
aIsM3 = ma.IsZero;
ma.Sub(3);
mb = mp.Dup();
mb.Decode(b);
this.gx = gx = BigInt.NormalizeBE(gx);
this.gy = gy = BigInt.NormalizeBE(gy);
if (BigInt.CompareCT(gx, mod) >= 0 ||
BigInt.CompareCT(gy, mod) >= 0)
{
throw new CryptoException(
"Invalid curve: out-of-range coordinates");
}
MutableECPointPrime G = new MutableECPointPrime(this);
G.Set(gx, gy, true);
hashCode = (int)(BigInt.HashInt(mod)
^ BigInt.HashInt(a) ^ BigInt.HashInt(b)
^ BigInt.HashInt(gx) ^ BigInt.HashInt(gy));
if (name == null)
{
name = string.Format("generic prime {0}/{1}",
modLen, sgLen);
}
this.name = name;
}
