Example #1
0
        // Verify a DSA signature.
        public override bool VerifySignature(byte[] rgbHash, byte[] rgbSignature)
        {
            // Validate the parameters.
            if (rgbHash == null)
            {
                throw new ArgumentNullException("rgbHash");
            }
            if (rgbSignature == null)
            {
                throw new ArgumentNullException("rgbSignature");
            }

            // Make sure that we have sufficient parameters to verify.
            if (dsaParams.G == null)
            {
                throw new CryptographicException
                          (_("Crypto_DSAParamsNotSet"));
            }

            // Unpack the signature blob to get R and S.
            ASN1Parser parser;

            parser = (new ASN1Parser(rgbSignature)).GetSequence();
            byte[] R = parser.GetBigInt();
            byte[] S = parser.GetBigInt();
            parser.AtEnd();

            // Compute W = (S^-1 mod Q)
            byte[] W = CryptoMethods.NumInv(S, dsaParams.Q);

            // Compute U1 = ((hash * W) mod Q)
            byte[] U1 = CryptoMethods.NumMul(rgbHash, W, dsaParams.Q);

            // Compute U2 = ((R * W) mod Q)
            byte[] U2 = CryptoMethods.NumMul(R, W, dsaParams.Q);

            // Compute V = (((G^U1 * Y^U2) mod P) mod Q)
            byte[] temp1 = CryptoMethods.NumPow
                               (dsaParams.G, U1, dsaParams.P);
            byte[] temp2 = CryptoMethods.NumPow
                               (dsaParams.Y, U2, dsaParams.P);
            byte[] temp3 = CryptoMethods.NumMul(temp1, temp2, dsaParams.P);
            byte[] V     = CryptoMethods.NumMod(temp3, dsaParams.Q);

            // Determine if we have a signature match.
            bool result = CryptoMethods.NumEq(V, R);

            // Clear sensitive values.
            Array.Clear(R, 0, R.Length);
            Array.Clear(S, 0, S.Length);
            Array.Clear(W, 0, W.Length);
            Array.Clear(U1, 0, U1.Length);
            Array.Clear(U2, 0, U2.Length);
            Array.Clear(temp1, 0, temp1.Length);
            Array.Clear(temp2, 0, temp2.Length);
            Array.Clear(temp3, 0, temp3.Length);
            Array.Clear(V, 0, V.Length);

            // Done.
            return(result);
        }
Example #2
0
        // Create a DSA signature for the specified data.
        public override byte[] CreateSignature(byte[] rgbHash)
        {
            // Validate the parameter.
            if (rgbHash == null)
            {
                throw new ArgumentNullException("rgbHash");
            }

            // Check that we have sufficient DSA parameters to sign.
            if (dsaParams.G == null)
            {
                throw new CryptographicException
                          (_("Crypto_DSAParamsNotSet"));
            }
            else if (dsaParams.X == null)
            {
                throw new CryptographicException
                          (_("Crypto_CannotSignWithPublic"));
            }

            // Generate a random K less than Q to use in
            // signature generation.  We guarantee less than
            // by setting the high byte of K to at least one
            // less than the high byte of Q.
            int len = dsaParams.Q.Length;

            byte[] K = new byte [len];
            CryptoMethods.GenerateRandom(K, 1, K.Length - 1);
            int index = 0;

            while (index < len && K[index] >= dsaParams.Q[index])
            {
                if (dsaParams.Q[index] == 0)
                {
                    K[index] = (byte)0;
                    ++index;
                }
                else
                {
                    K[index] = (byte)(dsaParams.Q[index] - 1);
                    break;
                }
            }

            // Compute R = ((G^K mod P) mod Q)
            byte[] temp1 = CryptoMethods.NumPow
                               (dsaParams.G, K, dsaParams.P);
            byte[] R = CryptoMethods.NumMod(temp1, dsaParams.Q);
            Array.Clear(temp1, 0, temp1.Length);

            // Compute S = ((K^-1 * (hash + X * R)) mod Q)
            temp1 = CryptoMethods.NumInv(K, dsaParams.Q);
            byte[] temp2 = CryptoMethods.NumMul
                               (dsaParams.X, R, dsaParams.Q);
            byte[] temp3 = CryptoMethods.NumAdd
                               (rgbHash, temp2, dsaParams.Q);
            byte[] S = CryptoMethods.NumMul(temp1, temp3, dsaParams.Q);
            Array.Clear(temp1, 0, temp1.Length);
            Array.Clear(temp2, 0, temp2.Length);
            Array.Clear(temp3, 0, temp3.Length);
            Array.Clear(K, 0, K.Length);

            // Pack R and S into a signature blob and return it.
            ASN1Builder builder = new ASN1Builder();

            builder.AddBigInt(R);
            builder.AddBigInt(S);
            byte[] sig = builder.ToByteArray();
            Array.Clear(R, 0, R.Length);
            Array.Clear(S, 0, S.Length);
            return(sig);
        }