public PrivateKey ReadPrivateKey(X509AlgorithmIdentifier?algorithm, byte[] input)
{
using var ms = new MemoryStream(input);
var asn1 = new DERReader(ms);
return(new RSAPrivateKey(asn1.Read()));
}
public bool Verify(byte[] input, byte[] signature, IDigest hash)
{
if (_publicKey is null || _domain is null || _nField is null)
{
throw new InvalidOperationException("ECDSA not initialised");
}
FieldValue r, s;
using (var buffer = new MemoryStream(signature))
{
var reader = new DERReader(buffer);
var seq = reader.Read() as ASN1Sequence;
SecurityAssert.NotNull(seq);
SecurityAssert.Assert(seq !.Count == 2);
var ri = seq.Elements[0] as ASN1Integer;
SecurityAssert.NotNull(ri);
r = _nField.Value(ri !.Value);
SecurityAssert.Assert(r.Value == ri !.Value);
var si = seq.Elements[1] as ASN1Integer;
SecurityAssert.NotNull(si);
s = _nField.Value(si !.Value);
SecurityAssert.Assert(s.Value == si !.Value);
}
// check QA != O
// check QA is on curve
SecurityAssert.Assert(_domain.Curve.IsPointOnCurve(_publicKey));
// check n*QA = O
// check r and s are in [1, n-1]
// e = HASH(input)
hash.Update(input);
var e = hash.DigestBuffer();
// z = the Ln leftmost bits of e, where Ln is the bit length of the group order n.
var z = ToZ(e, _ln);
// w = 1/s (mod n)
var w = _nField.Divide(_nField.Value(1), s);
// u1 = zw (mod n)
var u1 = _nField.Multiply(w, z);
// u2 = rw (mod n)
var u2 = _nField.Multiply(w, r);
// (x1, y2) = u1 * G + u2 * QA
var point = Point.Add(_domain.Curve,
a: Point.Multiply(_domain.Curve, u1, _domain.Generator),
b: Point.Multiply(_domain.Curve, u2, _publicKey)) !;
// return r == x1 (mod n)
return(r == point.X);
}
// http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf for reading the DER format
// https://www.ietf.org/rfc/rfc5280.txt for fields in certificate
// https://tls.mbed.org/kb/cryptography/asn1-key-structures-in-der-and-pem for fields in private key (PKCS#1)
// https://lapo.it/asn1js javascript parser / visualizer
public X509Certificate ReadCertificate()
{
using (var ms = new MemoryStream(_input))
{
var reader = new DERReader(ms);
var asn1 = reader.Read();
return(ReadFromASN1(asn1));
}
}
public PrivateKey ReadPrivateKey(X509AlgorithmIdentifier algorithm, byte[] input)
{
var parameters = CreateParameters(algorithm);
using (var ms = new MemoryStream(input))
{
var asn1 = new DERReader(ms);
return(new DHPrivateKey(parameters, asn1.Read()));
}
}
