|
public VerifySignature ( byte message, |
||
| message | byte | |
| r | ||
| s | ||
| return | bool | |
public bool VerifySignature(byte[] hash, byte[] signature)
{
ECDsaSigner signer = new ECDsaSigner();
ECDSASignature parsedSignature = ECDSASignature.FromDER(signature);
signer.Init(false, key);
return signer.VerifySignature(hash, parsedSignature.R, parsedSignature.S);
}
public Boolean verifySignature(Byte[] data, Byte[] sig)
{
ECDsaSigner signer = new ECDsaSigner();
signer.Init(false, new ECPublicKeyParameters(ecParams.Curve.DecodePoint(pubKey), ecParams));
using (Asn1InputStream asn1stream = new Asn1InputStream(sig))
{
Asn1Sequence seq = (Asn1Sequence)asn1stream.ReadObject();
return signer.VerifySignature(data, ((DerInteger)seq[0]).PositiveValue, ((DerInteger)seq[1]).PositiveValue);
}
}
public static bool Verify(byte[] data, byte[] sigBytes, BigInteger pub)
{
EcdsaSignature signature = EcdsaSignature.DecodeFromDer(sigBytes);
var signer = new ECDsaSigner();
ECPoint pubPoint = Secp256K1.Curve().DecodePoint(pub.ToByteArray());
var parameters = new ECPublicKeyParameters(pubPoint, Secp256K1.Params());
signer.Init(false, parameters);
try
{
return signer.VerifySignature(data, signature.R, signature.S);
}
catch (Exception)
{
return false;
}
}
public void TestECDsa192bitPrime()
{
BigInteger r = new BigInteger("3342403536405981729393488334694600415596881826869351677613");
BigInteger s = new BigInteger("5735822328888155254683894997897571951568553642892029982342");
byte[] kData = BigIntegers.AsUnsignedByteArray(new BigInteger("6140507067065001063065065565667405560006161556565665656654"));
SecureRandom k = FixedSecureRandom.From(kData);
FpCurve curve = new FpCurve(
new BigInteger("6277101735386680763835789423207666416083908700390324961279"), // q
new BigInteger("fffffffffffffffffffffffffffffffefffffffffffffffc", 16), // a
new BigInteger("64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1", 16)); // b
ECDomainParameters parameters = new ECDomainParameters(
curve,
curve.DecodePoint(Hex.Decode("03188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012")), // G
new BigInteger("6277101735386680763835789423176059013767194773182842284081")); // n
ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
"ECDSA",
new BigInteger("651056770906015076056810763456358567190100156695615665659"), // d
parameters);
ParametersWithRandom param = new ParametersWithRandom(priKey, k);
ECDsaSigner ecdsa = new ECDsaSigner();
ecdsa.Init(true, param);
byte[] message = new BigInteger("968236873715988614170569073515315707566766479517").ToByteArray();
BigInteger[] sig = ecdsa.GenerateSignature(message);
if (!r.Equals(sig[0]))
{
Fail("r component wrong." + SimpleTest.NewLine
+ " expecting: " + r + SimpleTest.NewLine
+ " got : " + sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail("s component wrong." + SimpleTest.NewLine
+ " expecting: " + s + SimpleTest.NewLine
+ " got : " + sig[1]);
}
// Verify the signature
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
"ECDSA",
curve.DecodePoint(Hex.Decode("0262b12d60690cdcf330babab6e69763b471f994dd702d16a5")), // Q
parameters);
ecdsa.Init(false, pubKey);
if (!ecdsa.VerifySignature(message, sig[0], sig[1]))
{
Fail("verification fails");
}
}
public void TestECDsa191bitBinary()
{
BigInteger r = new BigInteger("87194383164871543355722284926904419997237591535066528048");
BigInteger s = new BigInteger("308992691965804947361541664549085895292153777025772063598");
byte[] kData = BigIntegers.AsUnsignedByteArray(new BigInteger("1542725565216523985789236956265265265235675811949404040041"));
SecureRandom k = FixedSecureRandom.From(kData);
F2mCurve curve = new F2mCurve(
191, // m
9, //k
new BigInteger("2866537B676752636A68F56554E12640276B649EF7526267", 16), // a
new BigInteger("2E45EF571F00786F67B0081B9495A3D95462F5DE0AA185EC", 16)); // b
ECDomainParameters parameters = new ECDomainParameters(
curve,
curve.DecodePoint(Hex.Decode("0436B3DAF8A23206F9C4F299D7B21A9C369137F2C84AE1AA0D765BE73433B3F95E332932E70EA245CA2418EA0EF98018FB")), // G
new BigInteger("1569275433846670190958947355803350458831205595451630533029"), // n
BigInteger.Two); // h
ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
"ECDSA",
new BigInteger("1275552191113212300012030439187146164646146646466749494799"), // d
parameters);
ECDsaSigner ecdsa = new ECDsaSigner();
ParametersWithRandom param = new ParametersWithRandom(priKey, k);
ecdsa.Init(true, param);
byte[] message = new BigInteger("968236873715988614170569073515315707566766479517").ToByteArray();
BigInteger[] sig = ecdsa.GenerateSignature(message);
if (!r.Equals(sig[0]))
{
Fail("r component wrong." + SimpleTest.NewLine
+ " expecting: " + r + SimpleTest.NewLine
+ " got : " + sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail("s component wrong." + SimpleTest.NewLine
+ " expecting: " + s + SimpleTest.NewLine
+ " got : " + sig[1]);
}
// Verify the signature
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
"ECDSA",
curve.DecodePoint(Hex.Decode("045DE37E756BD55D72E3768CB396FFEB962614DEA4CE28A2E755C0E0E02F5FB132CAF416EF85B229BBB8E1352003125BA1")), // Q
parameters);
ecdsa.Init(false, pubKey);
if (!ecdsa.VerifySignature(message, sig[0], sig[1]))
{
Fail("signature fails");
}
}
internal bool Verify(uint256 hash, ECDSASignature sig)
{
var signer = new ECDsaSigner();
signer.Init(false, GetPublicKeyParameters());
return signer.VerifySignature(hash.ToBytes(), sig.R, sig.S);
}
public bool AreBlocksValid()
{
//invalid transactions or incorrect hash value check
foreach (var b in Blocks)
{
if (!b.IsValid())
{
return false;
}
}
//hashchain check
for (int i = 1; i < Blocks.Count; ++i)
{
if (!Enumerable.SequenceEqual(Blocks[i].data.prevHash, Blocks[i].data.prevHash))
{
return false;
}
}
//double-spending checks
List<RegisterRecord> register = new List<RegisterRecord>();
for (int i = 1; i < Blocks.Count; ++i)
{
if (Blocks[i].data.register.Length > register.Count)
{
for (int j = 0; j < register.Count; ++j)
{
if (!Blocks[i].data.register[j].address.Equals(register[i].address))
{
return false;
}
}
for (int j = register.Count; j < Blocks[i].data.register.Length; j++)
{
register.Add(new RegisterRecord() { address = Blocks[i].data.register[j].address, amount = 0});
}
}
for (int j = 0; j < Blocks[i].data.transactionsList.Length; ++j)
{
//validating transactions
if (!register.Exists(it => it.address.Equals(Blocks[i].data.transactionsList[j].t.reciever)))
{
return false;
}
//check existance of pseudonyms in this block's register
var signatureChecker = new ECDsaSigner();
signatureChecker.Init(false, Account.pemDecodeKey(Blocks[i].data.transactionsList[j].senderPublicKey));
if (!signatureChecker.VerifySignature(Blocks[i].data.transactionsList[j].t.getBytes,
new BigInteger(Blocks[i].data.transactionsList[j].r), new BigInteger(Blocks[i].data.transactionsList[j].s)))
{
return false;
}
//check signature
var item = register.Find(it => it.address.Equals(Blocks[i].data.transactionsList[j].t.sender));
item.amount -= Blocks[i].data.transactionsList[j].t.money;
item = register.Find(it => it.address.Equals(Blocks[i].data.transactionsList[j].t.reciever));
item.amount += Blocks[i].data.transactionsList[j].t.money;
//proccess
}
var finder = register.Find(it => it.address.Equals(Blocks[i].data.finderAddress));
finder.amount += 25;
for (int j = 0; j < Blocks[i].data.register.Length; ++j)
{
if (!register[j].address.Equals(Blocks[i].data.register[j].address) && register[j].amount != Blocks[i].data.register[j].amount)
{
Console.WriteLine("calc");
return false;
}
}
//check state of register
}
//admittedly, quite slow
//TODO: make it faster, use Dictionary (map, in a more meaningful language)
return true;
}
public void TestECDsaSecP224k1Sha256()
{
X9ECParameters p = SecNamedCurves.GetByName("secp224k1");
ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
new BigInteger("BE6F6E91FE96840A6518B56F3FE21689903A64FA729057AB872A9F51", 16), // d
parameters);
SecureRandom k = FixedSecureRandom.From(Hex.Decode("00c39beac93db21c3266084429eb9b846b787c094f23a4de66447efbb3"));
byte[] M = Hex.Decode("E5D5A7ADF73C5476FAEE93A2C76CE94DC0557DB04CDC189504779117920B896D");
ECDsaSigner dsa = new ECDsaSigner();
dsa.Init(true, new ParametersWithRandom(priKey, k));
BigInteger[] sig = dsa.GenerateSignature(M);
BigInteger r = new BigInteger("8163E5941BED41DA441B33E653C632A55A110893133351E20CE7CB75", 16);
BigInteger s = new BigInteger("D12C3FC289DDD5F6890DCE26B65792C8C50E68BF551D617D47DF15A8", 16);
if (!r.Equals(sig[0]))
{
Fail("r component wrong." + SimpleTest.NewLine
+ " expecting: " + r + SimpleTest.NewLine
+ " got : " + sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail("s component wrong." + SimpleTest.NewLine
+ " expecting: " + s + SimpleTest.NewLine
+ " got : " + sig[1]);
}
// Verify the signature
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
parameters.Curve.DecodePoint(Hex.Decode("04C5C9B38D3603FCCD6994CBB9594E152B658721E483669BB42728520F484B537647EC816E58A8284D3B89DFEDB173AFDC214ECA95A836FA7C")), // Q
parameters);
dsa.Init(false, pubKey);
if (!dsa.VerifySignature(M, sig[0], sig[1]))
{
Fail("signature fails");
}
}
public void TestECDsaP256Sha256()
{
X9ECParameters p = NistNamedCurves.GetByName("P-256");
ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
new BigInteger("20186677036482506117540275567393538695075300175221296989956723148347484984008"), // d
parameters);
SecureRandom k = FixedSecureRandom.From(BigIntegers.AsUnsignedByteArray(new BigInteger("72546832179840998877302529996971396893172522460793442785601695562409154906335")));
byte[] M = Hex.Decode("1BD4ED430B0F384B4E8D458EFF1A8A553286D7AC21CB2F6806172EF5F94A06AD");
ECDsaSigner dsa = new ECDsaSigner();
dsa.Init(true, new ParametersWithRandom(priKey, k));
BigInteger[] sig = dsa.GenerateSignature(M);
BigInteger r = new BigInteger("97354732615802252173078420023658453040116611318111190383344590814578738210384");
BigInteger s = new BigInteger("98506158880355671805367324764306888225238061309262649376965428126566081727535");
if (!r.Equals(sig[0]))
{
Fail("r component wrong." + SimpleTest.NewLine
+ " expecting: " + r + SimpleTest.NewLine
+ " got : " + sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail("s component wrong." + SimpleTest.NewLine
+ " expecting: " + s + SimpleTest.NewLine
+ " got : " + sig[1]);
}
// Verify the signature
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
parameters.Curve.DecodePoint(Hex.Decode("03596375E6CE57E0F20294FC46BDFCFD19A39F8161B58695B3EC5B3D16427C274D")), // Q
parameters);
dsa.Init(false, pubKey);
if (!dsa.VerifySignature(M, sig[0], sig[1]))
{
Fail("signature fails");
}
}
public void TestECDsaKeyGenTest()
{
SecureRandom random = new SecureRandom();
FpCurve curve = new FpCurve(
new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"), // q
new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16), // a
new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16)); // b
ECDomainParameters parameters = new ECDomainParameters(
curve,
curve.DecodePoint(Hex.Decode("020ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf")), // G
new BigInteger("883423532389192164791648750360308884807550341691627752275345424702807307")); // n
ECKeyPairGenerator pGen = new ECKeyPairGenerator();
ECKeyGenerationParameters genParam = new ECKeyGenerationParameters(
parameters,
random);
pGen.Init(genParam);
AsymmetricCipherKeyPair pair = pGen.GenerateKeyPair();
ParametersWithRandom param = new ParametersWithRandom(pair.Private, random);
ECDsaSigner ecdsa = new ECDsaSigner();
ecdsa.Init(true, param);
byte[] message = new BigInteger("968236873715988614170569073515315707566766479517").ToByteArray();
BigInteger[] sig = ecdsa.GenerateSignature(message);
ecdsa.Init(false, pair.Public);
if (!ecdsa.VerifySignature(message, sig[0], sig[1]))
{
Fail("signature fails");
}
}
public override byte[] SignData(ProtocolVersion version, byte[] data, HashAlgorithm hashAlgorithm, CertificatePrivateKey privateKey)
{
var ms = new MemoryStream(privateKey.KeyValue);
var pemReader = new PemReader(new StreamReader(ms));
var keyParam = pemReader.ReadObject();
var key = keyParam as AsymmetricCipherKeyPair;
var signer = new ECDsaSigner();
signer.Init(true, key.Private);
var hashedData = hashAlgorithm.ComputeHash(data);
Log.Trace("Hashing data (S):" + BitConverter.ToString(data));
Log.Trace("Hashed data (S):" + BitConverter.ToString(hashedData));
var sig = signer.GenerateSignature(hashedData);
// test verify
var _tmpEcPubkey = key.Public as ECPublicKeyParameters;
Log.Debug("Associated PubKey Q: " + BitConverter.ToString(_tmpEcPubkey.Q.GetEncoded()));
var signerTest = new ECDsaSigner();
signerTest.Init(false, key.Public);
var result = signerTest.VerifySignature(hashedData, sig[0], sig[1]);
if (!result)
{
throw new CryptographicUnexpectedOperationException("Invalid!!!");
}
Log.Debug("R value: " + sig[0].SignValue + " " + sig[0].LongValue);
Log.Debug("S value: " + sig[1].SignValue + " " + sig[1].LongValue);
// TODO: check how BigIntegers are encoded before sent over the wire
// Maybe DER encoding of R and S as integer would do it. However for the moment it works with stuffing 0x00 in.
var rl = new List<byte>(sig[0].ToByteArray());
var sl = new List<byte>(sig[1].ToByteArray());
while (rl.Count < 33)
{
rl.Insert(0, 0x00);
}
while (sl.Count < 33)
{
sl.Insert(0, 0x00);
}
var r = rl.ToArray();
var s = sl.ToArray();
var rs = new byte[r.Length + s.Length];
Buffer.BlockCopy(r, 0, rs, 0, r.Length);
Buffer.BlockCopy(s, 0, rs, r.Length, s.Length);
var derSig = DEREncodeSignature(rs);
// Log.Debug("DER Signature (S): " + BitConverter.ToString(derSig));
Log.Trace("Signature R (S)" + BitConverter.ToString(r));
Log.Trace("Signature S (S)" + BitConverter.ToString(s));
return derSig;
}
public override bool VerifyData(ProtocolVersion version, byte[] data, HashAlgorithm hashAlgorithm, CertificatePublicKey publicKey, byte[] signature)
{
if (!CertificateKeyAlgorithm.Equals(publicKey.Oid))
{
throw new Exception("ECDSA signature verification requires ECDSA public key");
}
// Decode the public key parameters
string curveOid = DER2OID(publicKey.Parameters);
if (curveOid == null)
{
throw new Exception("Unsupported ECDSA public key parameters");
}
// Get parameters from the curve OID
X9ECParameters ecParams = SecNamedCurves.GetByOid(new DerObjectIdentifier(curveOid));
if (ecParams == null)
{
throw new Exception("Unsupported ECC curve type OID: " + curveOid);
}
// Construct domain parameters
ECDomainParameters domainParameters = new ECDomainParameters(ecParams.Curve,
ecParams.G, ecParams.N, ecParams.H,
ecParams.GetSeed());
// Decode the public key data
byte[] ecPointData = publicKey.KeyValue;
if (ecPointData[0] != 0x04)
{
throw new Exception("Only uncompressed ECDSA keys supported, format: " + ecPointData[0]);
}
ECPoint ecPoint = domainParameters.Curve.DecodePoint(ecPointData);
ECPublicKeyParameters theirPublicKey = new ECPublicKeyParameters(ecPoint, domainParameters);
// Hash input data buffer
byte[] dataHash;
if (hashAlgorithm == null)
{
dataHash = TLSv1HashData(data);
}
else
{
dataHash = hashAlgorithm.ComputeHash(data);
}
// Actually verify the signature
BigInteger[] sig = DERDecodeSignature(signature);
var r = sig[0];
var s = sig[1];
Log.Trace("Hashed data (V): " + BitConverter.ToString(dataHash));
Log.Trace("Public Key Q (V): " + BitConverter.ToString(theirPublicKey.Q.GetEncoded()));
Log.Trace("Signature R (V): " + BitConverter.ToString(r.ToByteArrayUnsigned()));
Log.Trace("Signature S (V): " + BitConverter.ToString(s.ToByteArrayUnsigned()));
Log.Trace("R value: " + sig[0].SignValue + " " + sig[0].LongValue);
Log.Trace("S value: " + sig[1].SignValue + " " + sig[1].LongValue);
ECDsaSigner signer = new ECDsaSigner();
signer.Init(false, theirPublicKey);
var result = signer.VerifySignature(dataHash, r, s);
Log.Debug("Signature verification status: {0}.", result);
return result;
}
public bool Verify(byte[] message, BigInteger r, BigInteger s)
{
var signer = new ECDsaSigner();
signer.Init(false, this.keyPair.Public);
return signer.VerifySignature(message, r, s);
}
private void btnStartECDSA_Click (object sender, EventArgs e)
{
byte[] hash = new byte[160 >> 3];
Stopwatch sw = new Stopwatch ();
double ocSignTime, ocVerifyTime, bcSignTime, bcVerifyTime;
{
ECDSA ecdsa = new ECDSA (ECDomainNames.secp192r1);
ecdsa.ToXmlString (false);
sw.Reset ();
sw.Start ();
byte[] ecdsaSign = ecdsa.SignHash (hash);
sw.Stop ();
ocSignTime = sw.Elapsed.TotalSeconds;
sw.Reset ();
sw.Start ();
ecdsa.VerifyHash (hash, ecdsaSign);
sw.Stop ();
ocVerifyTime = sw.Elapsed.TotalSeconds;
}
{
ECDsaSigner ecdsa = new ECDsaSigner ();
X9ECParameters SEC_P192r1 = SecNamedCurves.GetByName ("secp192r1");
BigInteger key = new BigInteger (SEC_P192r1.N.BitCount, new Random ());
ECDomainParameters domain = new ECDomainParameters (SEC_P192r1.Curve, SEC_P192r1.G, SEC_P192r1.N);
ECPrivateKeyParameters privateKey = new ECPrivateKeyParameters (key, domain);
ECPoint publicKeyPoint = SEC_P192r1.G.Multiply (key);
ECPublicKeyParameters publicKey = new ECPublicKeyParameters (publicKeyPoint, domain);
ecdsa.Init (true, privateKey);
sw.Reset ();
sw.Start ();
BigInteger[] sign = ecdsa.GenerateSignature (hash);
sw.Stop ();
bcSignTime = sw.Elapsed.TotalSeconds;
ecdsa.Init (false, publicKey);
sw.Reset ();
sw.Start ();
ecdsa.VerifySignature (hash, sign[0], sign[1]);
sw.Stop ();
bcVerifyTime = sw.Elapsed.TotalSeconds;
}
double scale = 1000;
bcSignTime *= scale;
bcVerifyTime *= scale;
ocSignTime *= scale;
ocVerifyTime *= scale;
lblBCSign.Text = "Sign (" + bcSignTime.ToString ("f2") + "ms)";
lblBCVerify.Text = "Verify (" + bcVerifyTime.ToString ("f2") + "ms)";
lblOCSign.Text = "Sign (" + ocSignTime.ToString ("f2") + "ms)";
lblOCVerify.Text = "Verify (" + ocVerifyTime.ToString ("f2") + "ms)";
double max = Math.Max (ocSignTime, Math.Max (ocVerifyTime, Math.Max (bcSignTime, bcVerifyTime)));
max *= 1.1;
pbEcdsaSignBC.Maximum = pbEcdsaVerifyBC.Maximum = pbEcdsaSignOC.Maximum = pbEcdsaVerifyOC.Maximum = (int)max;
pbEcdsaSignBC.Value = (int)bcSignTime;
pbEcdsaVerifyBC.Value = (int)bcVerifyTime;
pbEcdsaSignOC.Value = (int)ocSignTime;
pbEcdsaVerifyOC.Value = (int)ocVerifyTime;
}
private bool VerifyEcDsa(IDigest digest, X9ECParameters curveParameter, byte[] buffer, int length, byte[] signature)
{
int digestSize = digest.GetDigestSize();
ECDomainParameters dParams = new ECDomainParameters(
curveParameter.Curve,
curveParameter.G,
curveParameter.N,
curveParameter.H,
curveParameter.GetSeed());
ECPoint q = dParams.Curve.CreatePoint(new BigInteger(1, PublicKey, 0, digestSize), new BigInteger(1, PublicKey, digestSize, digestSize), false);
ECPublicKeyParameters parameters = new ECPublicKeyParameters(q, dParams);
var signer = new ECDsaSigner();
signer.Init(false, parameters);
digest.BlockUpdate(buffer, 0, length);
byte[] hash = new byte[digest.GetDigestSize()];
digest.DoFinal(hash, 0);
return signer.VerifySignature(hash, new BigInteger(1, signature, 0, digestSize), new BigInteger(1, signature, digestSize, digestSize));
}
public void TestECDsa239bitBinaryAndLargeDigest()
{
BigInteger r = new BigInteger("21596333210419611985018340039034612628818151486841789642455876922391552");
BigInteger s = new BigInteger("144940322424411242416373536877786566515839911620497068645600824084578597");
byte[] kData = BigIntegers.AsUnsignedByteArray(
new BigInteger("171278725565216523967285789236956265265265235675811949404040041670216363"));
SecureRandom k = FixedSecureRandom.From(kData);
F2mCurve curve = new F2mCurve(
239, // m
36, //k
new BigInteger("32010857077C5431123A46B808906756F543423E8D27877578125778AC76", 16), // a
new BigInteger("790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16", 16)); // b
ECDomainParameters parameters = new ECDomainParameters(
curve,
curve.DecodePoint(
Hex.Decode("0457927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305")), // G
new BigInteger("220855883097298041197912187592864814557886993776713230936715041207411783"), // n
BigInteger.ValueOf(4)); // h
ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
"ECDSA",
new BigInteger("145642755521911534651321230007534120304391871461646461466464667494947990"), // d
parameters);
ECDsaSigner ecdsa = new ECDsaSigner();
ParametersWithRandom param = new ParametersWithRandom(priKey, k);
ecdsa.Init(true, param);
byte[] message = new BigInteger("968236873715988614170569073515315707566766479517968236873715988614170569073515315707566766479517968236873715988614170569073515315707566766479517").ToByteArray();
BigInteger[] sig = ecdsa.GenerateSignature(message);
if (!r.Equals(sig[0]))
{
Fail("r component wrong." + SimpleTest.NewLine
+ " expecting: " + r + SimpleTest.NewLine
+ " got : " + sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail("s component wrong." + SimpleTest.NewLine
+ " expecting: " + s + SimpleTest.NewLine
+ " got : " + sig[1]);
}
// Verify the signature
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
"ECDSA",
curve.DecodePoint(
Hex.Decode("045894609CCECF9A92533F630DE713A958E96C97CCB8F5ABB5A688A238DEED6DC2D9D0C94EBFB7D526BA6A61764175B99CB6011E2047F9F067293F57F5")), // Q
parameters);
ecdsa.Init(false, pubKey);
if (!ecdsa.VerifySignature(message, sig[0], sig[1]))
{
Fail("signature fails");
}
}
public void TestECDsa239bitPrime()
{
BigInteger r = new BigInteger("308636143175167811492622547300668018854959378758531778147462058306432176");
BigInteger s = new BigInteger("323813553209797357708078776831250505931891051755007842781978505179448783");
byte[] kData = BigIntegers.AsUnsignedByteArray(new BigInteger("700000017569056646655505781757157107570501575775705779575555657156756655"));
SecureRandom k = FixedSecureRandom.From(kData);
FpCurve curve = new FpCurve(
new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"), // q
new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16), // a
new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16)); // b
ECDomainParameters parameters = new ECDomainParameters(
curve,
curve.DecodePoint(Hex.Decode("020ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf")), // G
new BigInteger("883423532389192164791648750360308884807550341691627752275345424702807307")); // n
ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
"ECDSA",
new BigInteger("876300101507107567501066130761671078357010671067781776716671676178726717"), // d
parameters);
ECDsaSigner ecdsa = new ECDsaSigner();
ParametersWithRandom param = new ParametersWithRandom(priKey, k);
ecdsa.Init(true, param);
byte[] message = new BigInteger("968236873715988614170569073515315707566766479517").ToByteArray();
BigInteger[] sig = ecdsa.GenerateSignature(message);
if (!r.Equals(sig[0]))
{
Fail("r component wrong." + SimpleTest.NewLine
+ " expecting: " + r + SimpleTest.NewLine
+ " got : " + sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail("s component wrong." + SimpleTest.NewLine
+ " expecting: " + s + SimpleTest.NewLine
+ " got : " + sig[1]);
}
// Verify the signature
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
"ECDSA",
curve.DecodePoint(Hex.Decode("025b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c70")), // Q
parameters);
ecdsa.Init(false, pubKey);
if (!ecdsa.VerifySignature(message, sig[0], sig[1]))
{
Fail("signature fails");
}
}
public static bool VerifySignature(byte[] pubkey, byte[] hash, byte[] sigBytes)
{
X9ECParameters ecParams = Org.BouncyCastle.Asn1.Sec.SecNamedCurves.GetByName("secp256k1");
ECDomainParameters domainParameters = new ECDomainParameters(ecParams.Curve,
ecParams.G, ecParams.N, ecParams.H,
ecParams.GetSeed());
BigInteger r = new BigInteger(1, sigBytes, 0, 32);
BigInteger s = new BigInteger(1, sigBytes, 32, 32);
ECPublicKeyParameters publicKey = new ECPublicKeyParameters(ecParams.Curve.DecodePoint(pubkey), domainParameters);
ECDsaSigner signer = new ECDsaSigner();
signer.Init(false, publicKey);
return signer.VerifySignature(hash, r, s);
}
public void TestECDsaP224Sha224()
{
X9ECParameters p = NistNamedCurves.GetByName("P-224");
ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
new BigInteger("6081831502424510080126737029209236539191290354021104541805484120491"), // d
parameters);
SecureRandom k = FixedSecureRandom.From(BigIntegers.AsUnsignedByteArray(new BigInteger("15456715103636396133226117016818339719732885723579037388121116732601")));
byte[] M = Hex.Decode("8797A3C693CC292441039A4E6BAB7387F3B4F2A63D00ED384B378C79");
ECDsaSigner dsa = new ECDsaSigner();
dsa.Init(true, new ParametersWithRandom(priKey, k));
BigInteger[] sig = dsa.GenerateSignature(M);
BigInteger r = new BigInteger("26477406756127720855365980332052585411804331993436302005017227573742");
BigInteger s = new BigInteger("17694958233103667059888193972742186995283044672015112738919822429978");
if (!r.Equals(sig[0]))
{
Fail("r component wrong." + SimpleTest.NewLine
+ " expecting: " + r + SimpleTest.NewLine
+ " got : " + sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail("s component wrong." + SimpleTest.NewLine
+ " expecting: " + s + SimpleTest.NewLine
+ " got : " + sig[1]);
}
// Verify the signature
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
parameters.Curve.DecodePoint(Hex.Decode("03FD44EC11F9D43D9D23B1E1D1C9ED6519B40ECF0C79F48CF476CC43F1")), // Q
parameters);
dsa.Init(false, pubKey);
if (!dsa.VerifySignature(M, sig[0], sig[1]))
{
Fail("signature fails");
}
}
public byte[] Sign(byte[] data)
{
ECDsaSigner signer = new ECDsaSigner();
ECDsaSigner signerverify = new ECDsaSigner();
var ps = Org.BouncyCastle.Asn1.Sec.SecNamedCurves.GetByName("secp256k1");
ECDomainParameters ecParams = new ECDomainParameters(ps.Curve, ps.G, ps.N, ps.H);
ECPrivateKeyParameters privKey = new ECPrivateKeyParameters(m_Priv, ecParams);
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(ecParams.Curve.DecodePoint(m_Pub), ecParams);
signer.Init(true, privKey);
signerverify.Init(false, pubKey);
BigInteger[] sigs = signer.GenerateSignature(data);
//sigs[0].BitLength sigs[1].BitLength
bool bValid = signerverify.VerifySignature(data, sigs[0], sigs[1]);
byte[] sig = new byte[64];
for (int x = 0; x < 64; x++) sig[x] = 0;
byte[] sig1 = sigs[0].ToByteArrayUnsigned();
byte[] sig2 = sigs[1].ToByteArrayUnsigned();
Array.Copy(sig1,0, sig, 0 + (32 - sig1.Length), sig1.Length);
Array.Copy(sig2,0, sig, 32 + (32 - sig2.Length), sig2.Length);
return sig;
/*
MemoryStream ms = new MemoryStream();
DerSequenceGenerator seq = new DerSequenceGenerator(ms);
seq.AddObject(new DerInteger(sigs[0]));
seq.AddObject(new DerInteger(sigs[1]));
seq.Close();
return ms.ToArray();
*/
}
public void TestECDsaP521Sha512()
{
X9ECParameters p = NistNamedCurves.GetByName("P-521");
ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
new BigInteger("617573726813476282316253885608633222275541026607493641741273231656161177732180358888434629562647985511298272498852936680947729040673640492310550142822667389"), // d
parameters);
SecureRandom k = FixedSecureRandom.From(BigIntegers.AsUnsignedByteArray(new BigInteger("6806532878215503520845109818432174847616958675335397773700324097584974639728725689481598054743894544060040710846048585856076812050552869216017728862957612913")));
byte[] M = Hex.Decode("6893B64BD3A9615C39C3E62DDD269C2BAAF1D85915526083183CE14C2E883B48B193607C1ED871852C9DF9C3147B574DC1526C55DE1FE263A676346A20028A66");
ECDsaSigner dsa = new ECDsaSigner();
dsa.Init(true, new ParametersWithRandom(priKey, k));
BigInteger[] sig = dsa.GenerateSignature(M);
BigInteger r = new BigInteger("1368926195812127407956140744722257403535864168182534321188553460365652865686040549247096155740756318290773648848859639978618869784291633651685766829574104630");
BigInteger s = new BigInteger("1624754720348883715608122151214003032398685415003935734485445999065609979304811509538477657407457976246218976767156629169821116579317401249024208611945405790");
if (!r.Equals(sig[0]))
{
Fail("r component wrong." + SimpleTest.NewLine
+ " expecting: " + r + SimpleTest.NewLine
+ " got : " + sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail("s component wrong." + SimpleTest.NewLine
+ " expecting: " + s + SimpleTest.NewLine
+ " got : " + sig[1]);
}
// Verify the signature
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
parameters.Curve.DecodePoint(Hex.Decode("020145E221AB9F71C5FE740D8D2B94939A09E2816E2167A7D058125A06A80C014F553E8D6764B048FB6F2B687CEC72F39738F223D4CE6AFCBFF2E34774AA5D3C342CB3")), // Q
parameters);
dsa.Init(false, pubKey);
if (!dsa.VerifySignature(M, sig[0], sig[1]))
{
Fail("signature fails");
}
}
public void TestECDsaP256Sha256WithGeneratedKey()
{
var secureRandom = new SecureRandom();
X9ECParameters p = NistNamedCurves.GetByName("P-256");
var parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
var ecParams = new ECKeyGenerationParameters(parameters, secureRandom);
var ecGen = new ECKeyPairGenerator("ECDSA");
ecGen.Init(ecParams);
var pairKey = ecGen.GenerateKeyPair();
var priKey = pairKey.Private as ECPrivateKeyParameters;
byte[] m = Hex.Decode("1BD4ED430B0F384B4E8D458EFF1A8A553286D7AC21CB2F6806172EF5F94A06AD");
var dsa = new ECDsaSigner();
dsa.Init(true, new ParametersWithRandom(priKey, secureRandom));
IBigInteger[] sig = dsa.GenerateSignature(m);
// Verify the signature
var pubKey = pairKey.Public as ECPublicKeyParameters;
dsa.Init(false, pubKey);
if (!dsa.VerifySignature(m, sig[0], sig[1]))
{
Fail("signature fails");
}
}
/// <summary>
/// Verifies the given ASN.1 encoded ECDSA signature against a hash using the public key.
/// </summary>
/// <param name="data">Hash of the data to verify.</param>
/// <param name="signature">ASN.1 encoded signature.</param>
/// <param name="pub">The public key bytes to use.</param>
public static bool Verify(byte[] data, byte[] signature, byte[] pub)
{
var signer = new ECDsaSigner();
var @params = new ECPublicKeyParameters(_ecParams.Curve.DecodePoint(pub), _ecParams);
signer.Init(false, @params);
DerInteger r;
DerInteger s;
using (var decoder = new Asn1InputStream(signature))
{
var seq = (DerSequence) decoder.ReadObject();
r = (DerInteger) seq[0];
s = (DerInteger) seq[1];
}
return signer.VerifySignature(data, r.Value, s.Value);
}
public bool VerifySignature(ImmutableArray<byte> scriptPubKey, Transaction tx, byte[] sig, byte[] pubKey, int inputIndex, out byte hashType, out byte[] txSignature, out byte[] txSignatureHash, out BigIntegerBouncy x, out BigIntegerBouncy y, out BigIntegerBouncy r, out BigIntegerBouncy s)
{
// get the 1-byte hashType off the end of sig
hashType = sig[sig.Length - 1];
// get the DER encoded portion of sig, which is everything except the last byte (the last byte being hashType)
var sigDER = sig.Take(sig.Length - 1).ToArray();
// get the simplified/signing version of the transaction
txSignature = TxSignature(scriptPubKey, tx, inputIndex, hashType);
// get the hash of the simplified/signing version of the transaction
txSignatureHash = Crypto.DoubleSHA256(txSignature);
// load pubKey
ReadPubKey(pubKey, out x, out y);
var publicKeyPoint = curve.Curve.CreatePoint(x, y, withCompression: false);
var publicKeyParameters = new ECPublicKeyParameters(publicKeyPoint, domainParameters);
// load sig
ReadSigKey(sigDER, out r, out s);
// init signer
var signer = new ECDsaSigner();
signer.Init(forSigning: false, parameters: publicKeyParameters);
// verify that sig is a valid signature from pubKey for the simplified/signing transaction's hash
var txSignatureHash2 = txSignatureHash;
var r2 = r;
var s2 = s;
//TODO
var result = BypassVerifySignature || new MethodTimer(false).Time("ECDsa Verify", () => signer.VerifySignature(txSignatureHash2.ToArray(), r2, s2));
return result;
}
