public GlvMultiplier(ECCurve curve, GlvEndomorphism glvEndomorphism)
{
if (curve == null || curve.Order == null)
throw new ArgumentException("Need curve with known group order", "curve");
this.curve = curve;
this.glvEndomorphism = glvEndomorphism;
}
protected virtual ECCurve ConfigureCurve(ECCurve c, int coord)
{
if (c.CoordinateSystem == coord)
return c;
if (!c.SupportsCoordinateSystem(coord))
throw new ArgumentException("Coordinate system " + coord + " not supported by this curve", "coord");
return c.Configure().SetCoordinateSystem(coord).Create();
}
public bool IsCurveTypeEqual(ECCurve.ECCurveType actual)
{
if (CurveType == actual)
return true;
// Montgomery and Weierstrass are interchangable depending on the platform
if (CurveType == ECCurve.ECCurveType.PrimeMontgomery && actual == ECCurve.ECCurveType.PrimeShortWeierstrass ||
CurveType == ECCurve.ECCurveType.PrimeShortWeierstrass && actual == ECCurve.ECCurveType.PrimeMontgomery)
{
return true;
}
return false;
}
public override ECPoint Add(ECPoint b)
{
if (this.IsInfinity)
{
return(b);
}
if (b.IsInfinity)
{
return(this);
}
if (this == b)
{
return(Twice());
}
ECCurve curve = this.Curve;
SecP384R1FieldElement X1 = (SecP384R1FieldElement)this.RawXCoord, Y1 = (SecP384R1FieldElement)this.RawYCoord;
SecP384R1FieldElement X2 = (SecP384R1FieldElement)b.RawXCoord, Y2 = (SecP384R1FieldElement)b.RawYCoord;
SecP384R1FieldElement Z1 = (SecP384R1FieldElement)this.RawZCoords[0];
SecP384R1FieldElement Z2 = (SecP384R1FieldElement)b.RawZCoords[0];
uint c;
uint[] tt1 = Nat.Create(24);
uint[] tt2 = Nat.Create(24);
uint[] t3 = Nat.Create(12);
uint[] t4 = Nat.Create(12);
bool Z1IsOne = Z1.IsOne;
uint[] U2, S2;
if (Z1IsOne)
{
U2 = X2.x;
S2 = Y2.x;
}
else
{
S2 = t3;
SecP384R1Field.Square(Z1.x, S2);
U2 = tt2;
SecP384R1Field.Multiply(S2, X2.x, U2);
SecP384R1Field.Multiply(S2, Z1.x, S2);
SecP384R1Field.Multiply(S2, Y2.x, S2);
}
bool Z2IsOne = Z2.IsOne;
uint[] U1, S1;
if (Z2IsOne)
{
U1 = X1.x;
S1 = Y1.x;
}
else
{
S1 = t4;
SecP384R1Field.Square(Z2.x, S1);
U1 = tt1;
SecP384R1Field.Multiply(S1, X1.x, U1);
SecP384R1Field.Multiply(S1, Z2.x, S1);
SecP384R1Field.Multiply(S1, Y1.x, S1);
}
uint[] H = Nat.Create(12);
SecP384R1Field.Subtract(U1, U2, H);
uint[] R = Nat.Create(12);
SecP384R1Field.Subtract(S1, S2, R);
// Check if b == this or b == -this
if (Nat.IsZero(12, H))
{
if (Nat.IsZero(12, R))
{
// this == b, i.e. this must be doubled
return(this.Twice());
}
// this == -b, i.e. the result is the point at infinity
return(curve.Infinity);
}
uint[] HSquared = t3;
SecP384R1Field.Square(H, HSquared);
uint[] G = Nat.Create(12);
SecP384R1Field.Multiply(HSquared, H, G);
uint[] V = t3;
SecP384R1Field.Multiply(HSquared, U1, V);
SecP384R1Field.Negate(G, G);
Nat384.Mul(S1, G, tt1);
c = Nat.AddBothTo(12, V, V, G);
SecP384R1Field.Reduce32(c, G);
SecP384R1FieldElement X3 = new SecP384R1FieldElement(t4);
SecP384R1Field.Square(R, X3.x);
SecP384R1Field.Subtract(X3.x, G, X3.x);
SecP384R1FieldElement Y3 = new SecP384R1FieldElement(G);
SecP384R1Field.Subtract(V, X3.x, Y3.x);
Nat384.Mul(Y3.x, R, tt2);
SecP384R1Field.AddExt(tt1, tt2, tt1);
SecP384R1Field.Reduce(tt1, Y3.x);
SecP384R1FieldElement Z3 = new SecP384R1FieldElement(H);
if (!Z1IsOne)
{
SecP384R1Field.Multiply(Z3.x, Z1.x, Z3.x);
}
if (!Z2IsOne)
{
SecP384R1Field.Multiply(Z3.x, Z2.x, Z3.x);
}
ECFieldElement[] zs = new ECFieldElement[] { Z3 };
return(new SecP384R1Point(curve, X3, Y3, zs, IsCompressed));
}
public override ECPoint Add(ECPoint b)
{
if (this.IsInfinity)
{
return(b);
}
if (b.IsInfinity)
{
return(this);
}
ECCurve curve = this.Curve;
ECFieldElement X1 = this.RawXCoord;
ECFieldElement X2 = b.RawXCoord;
if (X1.IsZero)
{
if (X2.IsZero)
{
return(curve.Infinity);
}
return(b.Add(this));
}
ECFieldElement L1 = this.RawYCoord, Z1 = this.RawZCoords[0];
ECFieldElement L2 = b.RawYCoord, Z2 = b.RawZCoords[0];
bool Z1IsOne = Z1.IsOne;
ECFieldElement U2 = X2, S2 = L2;
if (!Z1IsOne)
{
U2 = U2.Multiply(Z1);
S2 = S2.Multiply(Z1);
}
bool Z2IsOne = Z2.IsOne;
ECFieldElement U1 = X1, S1 = L1;
if (!Z2IsOne)
{
U1 = U1.Multiply(Z2);
S1 = S1.Multiply(Z2);
}
ECFieldElement A = S1.Add(S2);
ECFieldElement B = U1.Add(U2);
if (B.IsZero)
{
if (A.IsZero)
{
return(Twice());
}
return(curve.Infinity);
}
ECFieldElement X3, L3, Z3;
if (X2.IsZero)
{
// TODO This can probably be optimized quite a bit
ECPoint p = this.Normalize();
X1 = p.XCoord;
ECFieldElement Y1 = p.YCoord;
ECFieldElement Y2 = L2;
ECFieldElement L = Y1.Add(Y2).Divide(X1);
X3 = L.Square().Add(L).Add(X1);
if (X3.IsZero)
{
return(new SecT283K1Point(curve, X3, curve.B, IsCompressed));
}
ECFieldElement Y3 = L.Multiply(X1.Add(X3)).Add(X3).Add(Y1);
L3 = Y3.Divide(X3).Add(X3);
Z3 = curve.FromBigInteger(BigInteger.One);
}
else
{
B = B.Square();
ECFieldElement AU1 = A.Multiply(U1);
ECFieldElement AU2 = A.Multiply(U2);
X3 = AU1.Multiply(AU2);
if (X3.IsZero)
{
return(new SecT283K1Point(curve, X3, curve.B, IsCompressed));
}
ECFieldElement ABZ2 = A.Multiply(B);
if (!Z2IsOne)
{
ABZ2 = ABZ2.Multiply(Z2);
}
L3 = AU2.Add(B).SquarePlusProduct(ABZ2, L1.Add(Z1));
Z3 = ABZ2;
if (!Z1IsOne)
{
Z3 = Z3.Multiply(Z1);
}
}
return(new SecT283K1Point(curve, X3, L3, new ECFieldElement[] { Z3 }, IsCompressed));
}
/**
* Create a point which encodes with point compression.
*
* @param curve
* the curve to use
* @param x
* affine x co-ordinate
* @param y
* affine y co-ordinate
*
* @deprecated Use ECCurve.createPoint to construct points
*/
public SecP384R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y)
: this(curve, x, y, false)
{
}
public static ECDsa Create(ECCurve curve)
{
return s_provider.Create(curve);
}
private static ECCurve ConfigureCurve(ECCurve curve)
{
return(curve);
}
public static WNafPreCompInfo Precompute(ECPoint p, int width, bool includeNegated)
{
ECCurve c = p.Curve;
WNafPreCompInfo wnafPreCompInfo = GetWNafPreCompInfo(c.GetPreCompInfo(p, PRECOMP_NAME));
ECPoint[] preComp = wnafPreCompInfo.PreComp;
if (preComp == null)
{
preComp = new ECPoint[] { p };
}
int preCompLen = preComp.Length;
int reqPreCompLen = 1 << System.Math.Max(0, width - 2);
if (preCompLen < reqPreCompLen)
{
preComp = ResizeTable(preComp, reqPreCompLen);
if (reqPreCompLen == 2)
{
preComp[1] = preComp[0].ThreeTimes();
}
else
{
ECPoint twiceP = wnafPreCompInfo.Twice;
if (twiceP == null)
{
twiceP = preComp[0].Twice();
wnafPreCompInfo.Twice = twiceP;
}
for (int i = preCompLen; i < reqPreCompLen; i++)
{
/*
* Compute the new ECPoints for the precomputation array. The values 1, 3, 5, ...,
* 2^(width-1)-1 times p are computed
*/
preComp[i] = twiceP.Add(preComp[i - 1]);
}
}
/*
* Having oft-used operands in affine form makes operations faster.
*/
c.NormalizeAll(preComp);
}
wnafPreCompInfo.PreComp = preComp;
if (includeNegated)
{
ECPoint[] preCompNeg = wnafPreCompInfo.PreCompNeg;
int pos;
if (preCompNeg == null)
{
pos = 0;
preCompNeg = new ECPoint[reqPreCompLen];
}
else
{
pos = preCompNeg.Length;
if (pos < reqPreCompLen)
{
preCompNeg = ResizeTable(preCompNeg, reqPreCompLen);
}
}
while (pos < reqPreCompLen)
{
preCompNeg[pos] = preComp[pos].Negate();
++pos;
}
wnafPreCompInfo.PreCompNeg = preCompNeg;
}
c.SetPreCompInfo(p, PRECOMP_NAME, wnafPreCompInfo);
return(wnafPreCompInfo);
}
/**
* @deprecated Use ECCurve.createPoint to construct points
*/
public SecT163R2Point(ECCurve curve, ECFieldElement x, ECFieldElement y)
: this(curve, x, y, false)
{
}
public ECDomainParameters(ECCurve curve, ECPoint g, BigInteger n) : this(curve, g, n, BigInteger.One)
{
}
public ECDomainParameters(ECCurve curve, ECPoint g, BigInteger n, BigInteger h) : this(curve, g, n, h, null)
{
}
public void TestECDsa239BitPrime()
{
BigInteger r = new BigInteger("308636143175167811492622547300668018854959378758531778147462058306432176");
BigInteger s = new BigInteger("323813553209797357708078776831250505931891051755007842781978505179448783");
byte[] kData = BigIntegers.AsUnsignedByteArray(
new BigInteger("700000017569056646655505781757157107570501575775705779575555657156756655"));
SecureRandom k = FixedSecureRandom.From(kData);
X9ECParameters x9 = ECNamedCurveTable.GetByName("prime239v1");
ECCurve curve = x9.Curve;
ECDomainParameters spec = new ECDomainParameters(curve, x9.G, x9.N, x9.H);
ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
"ECDSA",
new BigInteger("876300101507107567501066130761671078357010671067781776716671676178726717"), // d
spec);
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
"ECDSA",
curve.DecodePoint(Hex.Decode("025b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c70")), // Q
spec);
ISigner sgr = SignerUtilities.GetSigner("ECDSA");
// KeyFactory f = KeyFactory.GetInstance("ECDSA");
// PrivateKey sKey = f.generatePrivate(priKey);
// PublicKey vKey = f.generatePublic(pubKey);
AsymmetricKeyParameter sKey = priKey;
AsymmetricKeyParameter vKey = pubKey;
sgr.Init(true, new ParametersWithRandom(sKey, k));
byte[] message = Encoding.ASCII.GetBytes("abc");
sgr.BlockUpdate(message, 0, message.Length);
byte[] sigBytes = sgr.GenerateSignature();
sgr.Init(false, vKey);
sgr.BlockUpdate(message, 0, message.Length);
if (!sgr.VerifySignature(sigBytes))
{
Fail("239 Bit EC verification failed");
}
BigInteger[] sig = DerDecode(sigBytes);
if (!r.Equals(sig[0]))
{
Fail("r component wrong." + SimpleTest.NewLine
+ " expecting: " + r + SimpleTest.NewLine
+ " got : " + sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail("s component wrong." + SimpleTest.NewLine
+ " expecting: " + s + SimpleTest.NewLine
+ " got : " + sig[1]);
}
}
public void TestGeneration()
{
ISigner s = SignerUtilities.GetSigner("DSA");
byte[] data = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 0 };
SecureRandom rand = new SecureRandom();
// KeyPairGenerator g = KeyPairGenerator.GetInstance("DSA");
IAsymmetricCipherKeyPairGenerator g = GeneratorUtilities.GetKeyPairGenerator("DSA");
// test exception
//
doTestBadStrength(513);
doTestBadStrength(510);
doTestBadStrength(1025);
//g.initialize(512, rand);
{
DsaParametersGenerator pGen = new DsaParametersGenerator();
pGen.Init(512, 80, rand);
g.Init(new DsaKeyGenerationParameters(rand, pGen.GenerateParameters()));
}
AsymmetricCipherKeyPair p = g.GenerateKeyPair();
AsymmetricKeyParameter sKey = p.Private;
AsymmetricKeyParameter vKey = p.Public;
s.Init(true, sKey);
s.BlockUpdate(data, 0, data.Length);
byte[] sigBytes = s.GenerateSignature();
s = SignerUtilities.GetSigner("DSA");
s.Init(false, vKey);
s.BlockUpdate(data, 0, data.Length);
if (!s.VerifySignature(sigBytes))
{
Fail("DSA verification failed");
}
//
// ECDSA Fp generation test
//
s = SignerUtilities.GetSigner("ECDSA");
X9ECParameters x9 = ECNamedCurveTable.GetByName("prime239v1");
ECCurve curve = x9.Curve;
ECDomainParameters ecSpec = new ECDomainParameters(curve, x9.G, x9.N, x9.H);
g = GeneratorUtilities.GetKeyPairGenerator("ECDSA");
g.Init(new ECKeyGenerationParameters(ecSpec, rand));
p = g.GenerateKeyPair();
sKey = p.Private;
vKey = p.Public;
s.Init(true, sKey);
s.BlockUpdate(data, 0, data.Length);
sigBytes = s.GenerateSignature();
s = SignerUtilities.GetSigner("ECDSA");
s.Init(false, vKey);
s.BlockUpdate(data, 0, data.Length);
if (!s.VerifySignature(sigBytes))
{
Fail("ECDSA verification failed");
}
//
// ECDSA F2m generation test
//
s = SignerUtilities.GetSigner("ECDSA");
x9 = ECNamedCurveTable.GetByName("c2tnb239v1");
curve = x9.Curve;
ecSpec = new ECDomainParameters(curve, x9.G, x9.N, x9.H);
g = GeneratorUtilities.GetKeyPairGenerator("ECDSA");
g.Init(new ECKeyGenerationParameters(ecSpec, rand));
p = g.GenerateKeyPair();
sKey = p.Private;
vKey = p.Public;
s.Init(true, sKey);
s.BlockUpdate(data, 0, data.Length);
sigBytes = s.GenerateSignature();
s = SignerUtilities.GetSigner("ECDSA");
s.Init(false, vKey);
s.BlockUpdate(data, 0, data.Length);
if (!s.VerifySignature(sigBytes))
{
Fail("ECDSA verification failed");
}
}
public static int GetByteLength(ECCurve c)
{
return((c.FieldSize + 7) / 8);
}
public ECNamedDomainParameters(DerObjectIdentifier name, ECCurve curve, ECPoint g, BigInteger n, BigInteger h, byte[] seed)
: base(curve, g, n, h, seed)
{
this.name = name;
}
public ECNamedDomainParameters(DerObjectIdentifier name, ECCurve curve, ECPoint g, BigInteger n)
: base(curve, g, n)
{
this.name = name;
}
private static void Validate(
ECParameters parameters,
ECCurve explicitCurve,
byte[] msg,
byte[] signature,
HashAlgorithmName hashAlgorithm)
{
byte[] tamperedSignature = (byte[])signature.Clone();
tamperedSignature[0] ^= 0xFF;
using (ECDsa ecdsa = ECDsaFactory.Create())
{
ecdsa.ImportParameters(parameters);
Assert.True(
ecdsa.VerifyData(msg, signature, hashAlgorithm),
"named verifies signature");
Assert.False(
ecdsa.VerifyData(msg, tamperedSignature, hashAlgorithm),
"named verifies tampered");
}
if (ECDsaFactory.ExplicitCurvesSupported)
{
using (ECDsa ecdsa = ECDsaFactory.Create())
{
parameters.Curve = explicitCurve;
ecdsa.ImportParameters(parameters);
Assert.True(
ecdsa.VerifyData(msg, signature, hashAlgorithm),
"explicit verifies signature");
Assert.False(
ecdsa.VerifyData(msg, tamperedSignature, hashAlgorithm),
"explicit verifies tampered");
}
}
}
public X9ECPoint(ECCurve c, byte[] encoding)
{
this.c = c;
this.encoding = new DerOctetString(Arrays.Clone(encoding));
}
internal static void CompareCurve(ECCurve c1, ECCurve c2)
{
if (c1.IsNamed)
{
Assert.True(c2.IsNamed);
Assert.Equal(c1.Oid.FriendlyName, c2.Oid.FriendlyName);
}
else if (c1.IsExplicit)
{
Assert.True(c2.IsExplicit);
Assert.Equal(c1.A, c2.A);
Assert.Equal(c1.B, c2.B);
Assert.Equal(c1.CurveType, c2.CurveType);
Assert.Equal(c1.G.X, c2.G.X);
Assert.Equal(c1.G.Y, c2.G.Y);
Assert.Equal(c1.Cofactor, c2.Cofactor);
Assert.Equal(c1.Order, c2.Order);
Assert.Equal(c1.Seed, c2.Seed);
Assert.Equal(c1.Hash, c2.Hash);
if (c1.IsPrime)
{
Assert.True(c2.IsPrime);
Assert.Equal(c1.Prime, c2.Prime);
}
else if (c1.IsCharacteristic2)
{
Assert.True(c2.IsCharacteristic2);
Assert.Equal(c1.Polynomial, c2.Polynomial);
}
}
}
public X9ECPoint(ECCurve c, Asn1OctetString s)
: this(c, s.GetOctets())
{
}
public ECDsa Create(ECCurve curve)
{
return new ECDsaOpenSsl(curve);
}
public override void GenerateKey(ECCurve curve)
{
throw new NotImplementedException();
}
/**
* Create a point that encodes with or without point compresion.
*
* @param curve
* the curve to use
* @param x
* affine x co-ordinate
* @param y
* affine y co-ordinate
* @param withCompression
* if true encode with point compression
*
* @deprecated per-point compression property will be removed, refer
* {@link #getEncoded(bool)}
*/
public SecP192K1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, bool withCompression)
: base(curve, x, y, withCompression)
{
if ((x == null) != (y == null))
throw new ArgumentException("Exactly one of the field elements is null");
}
public ECDsa Create(ECCurve curve)
{
return(ECDsa.Create(curve));
}
public override ECPoint Add(ECPoint b)
{
if (base.IsInfinity)
{
return(b);
}
if (b.IsInfinity)
{
return(this);
}
if (this == b)
{
return(this.Twice());
}
ECCurve curve = this.Curve;
SecP224R1FieldElement secP224R1FieldElement = (SecP224R1FieldElement)base.RawXCoord;
SecP224R1FieldElement secP224R1FieldElement2 = (SecP224R1FieldElement)base.RawYCoord;
SecP224R1FieldElement secP224R1FieldElement3 = (SecP224R1FieldElement)b.RawXCoord;
SecP224R1FieldElement secP224R1FieldElement4 = (SecP224R1FieldElement)b.RawYCoord;
SecP224R1FieldElement secP224R1FieldElement5 = (SecP224R1FieldElement)base.RawZCoords[0];
SecP224R1FieldElement secP224R1FieldElement6 = (SecP224R1FieldElement)b.RawZCoords[0];
uint[] array = Nat224.CreateExt();
uint[] array2 = Nat224.Create();
uint[] array3 = Nat224.Create();
uint[] array4 = Nat224.Create();
bool isOne = secP224R1FieldElement5.IsOne;
uint[] array5;
uint[] array6;
if (isOne)
{
array5 = secP224R1FieldElement3.x;
array6 = secP224R1FieldElement4.x;
}
else
{
array6 = array3;
SecP224R1Field.Square(secP224R1FieldElement5.x, array6);
array5 = array2;
SecP224R1Field.Multiply(array6, secP224R1FieldElement3.x, array5);
SecP224R1Field.Multiply(array6, secP224R1FieldElement5.x, array6);
SecP224R1Field.Multiply(array6, secP224R1FieldElement4.x, array6);
}
bool isOne2 = secP224R1FieldElement6.IsOne;
uint[] array7;
uint[] array8;
if (isOne2)
{
array7 = secP224R1FieldElement.x;
array8 = secP224R1FieldElement2.x;
}
else
{
array8 = array4;
SecP224R1Field.Square(secP224R1FieldElement6.x, array8);
array7 = array;
SecP224R1Field.Multiply(array8, secP224R1FieldElement.x, array7);
SecP224R1Field.Multiply(array8, secP224R1FieldElement6.x, array8);
SecP224R1Field.Multiply(array8, secP224R1FieldElement2.x, array8);
}
uint[] array9 = Nat224.Create();
SecP224R1Field.Subtract(array7, array5, array9);
uint[] array10 = array2;
SecP224R1Field.Subtract(array8, array6, array10);
if (!Nat224.IsZero(array9))
{
uint[] array11 = array3;
SecP224R1Field.Square(array9, array11);
uint[] array12 = Nat224.Create();
SecP224R1Field.Multiply(array11, array9, array12);
uint[] array13 = array3;
SecP224R1Field.Multiply(array11, array7, array13);
SecP224R1Field.Negate(array12, array12);
Nat224.Mul(array8, array12, array);
uint x = Nat224.AddBothTo(array13, array13, array12);
SecP224R1Field.Reduce32(x, array12);
SecP224R1FieldElement secP224R1FieldElement7 = new SecP224R1FieldElement(array4);
SecP224R1Field.Square(array10, secP224R1FieldElement7.x);
SecP224R1Field.Subtract(secP224R1FieldElement7.x, array12, secP224R1FieldElement7.x);
SecP224R1FieldElement secP224R1FieldElement8 = new SecP224R1FieldElement(array12);
SecP224R1Field.Subtract(array13, secP224R1FieldElement7.x, secP224R1FieldElement8.x);
SecP224R1Field.MultiplyAddToExt(secP224R1FieldElement8.x, array10, array);
SecP224R1Field.Reduce(array, secP224R1FieldElement8.x);
SecP224R1FieldElement secP224R1FieldElement9 = new SecP224R1FieldElement(array9);
if (!isOne)
{
SecP224R1Field.Multiply(secP224R1FieldElement9.x, secP224R1FieldElement5.x, secP224R1FieldElement9.x);
}
if (!isOne2)
{
SecP224R1Field.Multiply(secP224R1FieldElement9.x, secP224R1FieldElement6.x, secP224R1FieldElement9.x);
}
ECFieldElement[] zs = new ECFieldElement[]
{
secP224R1FieldElement9
};
return(new SecP224R1Point(curve, secP224R1FieldElement7, secP224R1FieldElement8, zs, base.IsCompressed));
}
if (Nat224.IsZero(array10))
{
return(this.Twice());
}
return(curve.Infinity);
}
public void TestRegenKeyExplicit(CurveDef curveDef)
{
ECParameters param, param2;
ECDsa ec, newEc;
using (ec = ECDsaFactory.Create(curveDef.Curve))
{
param = ec.ExportExplicitParameters(true);
Assert.NotEqual(null, param.D);
using (newEc = ECDsaFactory.Create())
{
newEc.ImportParameters(param);
// The curve name is not flowed on explicit export\import (by design) so this excercises logic
// that regenerates based on current curve values
newEc.GenerateKey(param.Curve);
param2 = newEc.ExportExplicitParameters(true);
// Only curve should match
ComparePrivateKey(param, param2, false);
ComparePublicKey(param.Q, param2.Q, false);
CompareCurve(param.Curve, param2.Curve);
// Specify same curve name
newEc.GenerateKey(curveDef.Curve);
Assert.Equal(curveDef.KeySize, newEc.KeySize);
param2 = newEc.ExportExplicitParameters(true);
// Only curve should match
ComparePrivateKey(param, param2, false);
ComparePublicKey(param.Q, param2.Q, false);
CompareCurve(param.Curve, param2.Curve);
// Specify different curve than current
if (param.Curve.IsPrime)
{
if (curveDef.Curve.Oid.FriendlyName != ECCurve.NamedCurves.nistP256.Oid.FriendlyName)
{
// Specify different curve (nistP256) by explicit value
newEc.GenerateKey(ECCurve.NamedCurves.nistP256);
Assert.Equal(256, newEc.KeySize);
param2 = newEc.ExportExplicitParameters(true);
// Keys should should not match
ComparePrivateKey(param, param2, false);
ComparePublicKey(param.Q, param2.Q, false);
// P,X,Y (and others) should not match
Assert.True(param2.Curve.IsPrime);
Assert.NotEqual(param.Curve.Prime, param2.Curve.Prime);
Assert.NotEqual(param.Curve.G.X, param2.Curve.G.X);
Assert.NotEqual(param.Curve.G.Y, param2.Curve.G.Y);
// Reset back to original
newEc.GenerateKey(param.Curve);
Assert.Equal(curveDef.KeySize, newEc.KeySize);
ECParameters copyOfParam1 = newEc.ExportExplicitParameters(true);
// Only curve should match
ComparePrivateKey(param, copyOfParam1, false);
ComparePublicKey(param.Q, copyOfParam1.Q, false);
CompareCurve(param.Curve, copyOfParam1.Curve);
// Set back to nistP256
newEc.GenerateKey(param2.Curve);
Assert.Equal(256, newEc.KeySize);
param2 = newEc.ExportExplicitParameters(true);
// Keys should should not match
ComparePrivateKey(param, param2, false);
ComparePublicKey(param.Q, param2.Q, false);
// P,X,Y (and others) should not match
Assert.True(param2.Curve.IsPrime);
Assert.NotEqual(param.Curve.Prime, param2.Curve.Prime);
Assert.NotEqual(param.Curve.G.X, param2.Curve.G.X);
Assert.NotEqual(param.Curve.G.Y, param2.Curve.G.Y);
}
}
else if (param.Curve.IsCharacteristic2)
{
if (curveDef.Curve.Oid.Value != ECDSA_Sect193r1_OID_VALUE)
{
if (ECDsaFactory.IsCurveValid(new Oid(ECDSA_Sect193r1_OID_VALUE)))
{
// Specify different curve by name
newEc.GenerateKey(ECCurve.CreateFromValue(ECDSA_Sect193r1_OID_VALUE));
Assert.Equal(193, newEc.KeySize);
param2 = newEc.ExportExplicitParameters(true);
// Keys should should not match
ComparePrivateKey(param, param2, false);
ComparePublicKey(param.Q, param2.Q, false);
// Polynomial,X,Y (and others) should not match
Assert.True(param2.Curve.IsCharacteristic2);
Assert.NotEqual(param.Curve.Polynomial, param2.Curve.Polynomial);
Assert.NotEqual(param.Curve.G.X, param2.Curve.G.X);
Assert.NotEqual(param.Curve.G.Y, param2.Curve.G.Y);
}
}
}
}
}
}
public override ECPoint TwicePlus(ECPoint b)
{
if (this.IsInfinity)
{
return(b);
}
if (b.IsInfinity)
{
return(Twice());
}
ECCurve curve = this.Curve;
ECFieldElement X1 = this.RawXCoord;
if (X1.IsZero)
{
// A point with X == 0 is it's own Additive inverse
return(b);
}
// NOTE: TwicePlus() only optimized for lambda-affine argument
ECFieldElement X2 = b.RawXCoord, Z2 = b.RawZCoords[0];
if (X2.IsZero || !Z2.IsOne)
{
return(Twice().Add(b));
}
ECFieldElement L1 = this.RawYCoord, Z1 = this.RawZCoords[0];
ECFieldElement L2 = b.RawYCoord;
ECFieldElement X1Sq = X1.Square();
ECFieldElement L1Sq = L1.Square();
ECFieldElement Z1Sq = Z1.Square();
ECFieldElement L1Z1 = L1.Multiply(Z1);
ECFieldElement T = L1Sq.Add(L1Z1);
ECFieldElement L2plus1 = L2.AddOne();
ECFieldElement A = L2plus1.Multiply(Z1Sq).Add(L1Sq).MultiplyPlusProduct(T, X1Sq, Z1Sq);
ECFieldElement X2Z1Sq = X2.Multiply(Z1Sq);
ECFieldElement B = X2Z1Sq.Add(T).Square();
if (B.IsZero)
{
if (A.IsZero)
{
return(b.Twice());
}
return(curve.Infinity);
}
if (A.IsZero)
{
return(new SecT283K1Point(curve, A, curve.B, IsCompressed));
}
ECFieldElement X3 = A.Square().Multiply(X2Z1Sq);
ECFieldElement Z3 = A.Multiply(B).Multiply(Z1Sq);
ECFieldElement L3 = A.Add(B).Square().MultiplyPlusProduct(T, L2plus1, Z3);
return(new SecT283K1Point(curve, X3, L3, new ECFieldElement[] { Z3 }, IsCompressed));
}
public X9Curve(
ECCurve curve)
: this(curve, null)
{
}
public override ECPoint Twice()
{
if (this.IsInfinity)
{
return(this);
}
ECCurve curve = this.Curve;
SecP384R1FieldElement Y1 = (SecP384R1FieldElement)this.RawYCoord;
if (Y1.IsZero)
{
return(curve.Infinity);
}
SecP384R1FieldElement X1 = (SecP384R1FieldElement)this.RawXCoord, Z1 = (SecP384R1FieldElement)this.RawZCoords[0];
uint c;
uint[] t1 = Nat.Create(12);
uint[] t2 = Nat.Create(12);
uint[] Y1Squared = Nat.Create(12);
SecP384R1Field.Square(Y1.x, Y1Squared);
uint[] T = Nat.Create(12);
SecP384R1Field.Square(Y1Squared, T);
bool Z1IsOne = Z1.IsOne;
uint[] Z1Squared = Z1.x;
if (!Z1IsOne)
{
Z1Squared = t2;
SecP384R1Field.Square(Z1.x, Z1Squared);
}
SecP384R1Field.Subtract(X1.x, Z1Squared, t1);
uint[] M = t2;
SecP384R1Field.Add(X1.x, Z1Squared, M);
SecP384R1Field.Multiply(M, t1, M);
c = Nat.AddBothTo(12, M, M, M);
SecP384R1Field.Reduce32(c, M);
uint[] S = Y1Squared;
SecP384R1Field.Multiply(Y1Squared, X1.x, S);
c = Nat.ShiftUpBits(12, S, 2, 0);
SecP384R1Field.Reduce32(c, S);
c = Nat.ShiftUpBits(12, T, 3, 0, t1);
SecP384R1Field.Reduce32(c, t1);
SecP384R1FieldElement X3 = new SecP384R1FieldElement(T);
SecP384R1Field.Square(M, X3.x);
SecP384R1Field.Subtract(X3.x, S, X3.x);
SecP384R1Field.Subtract(X3.x, S, X3.x);
SecP384R1FieldElement Y3 = new SecP384R1FieldElement(S);
SecP384R1Field.Subtract(S, X3.x, Y3.x);
SecP384R1Field.Multiply(Y3.x, M, Y3.x);
SecP384R1Field.Subtract(Y3.x, t1, Y3.x);
SecP384R1FieldElement Z3 = new SecP384R1FieldElement(M);
SecP384R1Field.Twice(Y1.x, Z3.x);
if (!Z1IsOne)
{
SecP384R1Field.Multiply(Z3.x, Z1.x, Z3.x);
}
return(new SecP384R1Point(curve, X3, Y3, new ECFieldElement[] { Z3 }, IsCompressed));
}
/// <summary>JoseJwt</summary>
private static void JoseJwt()
{
#region Variables
#region Env
OperatingSystem os = Environment.OSVersion;
// https://github.com/dotnet/corefx/issues/29404#issuecomment-385287947
// *.pfxから証明書を開く場合、X509KeyStorageFlags.Exportableの指定が必要な場合がある。
// Linuxのキーは常にエクスポート可能だが、WindowsやMacOSでは必ずしもそうではない。
X509KeyStorageFlags x509KSF = 0;
if (os.Platform == PlatformID.Win32NT)
{
x509KSF = X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable;
}
else //if (os.Platform == PlatformID.Unix)
{
x509KSF = X509KeyStorageFlags.DefaultKeySet;
}
#endregion
#region Token
string token = "";
IDictionary <string, object> headers = null;
IDictionary <string, object> payload = null;
payload = new Dictionary <string, object>()
{
{ "sub", "*****@*****.**" },
{ "exp", 1300819380 }
};
#endregion
#region Keys
byte[] secretKey = null;
byte[] x = null;
byte[] y = null;
byte[] d = null;
X509Certificate2 publicX509Key = null;
X509Certificate2 privateX509Key = null;
RSA rsa = null;
//DSA dsa = null;
CngKey publicKeyOfCng = null;
CngKey privateKeyOfCng = null;
#endregion
#endregion
#region JWT
#region Unsecured JWT
// Creating Plaintext (unprotected) Tokens
// https://github.com/dvsekhvalnov/jose-jwt#creating-plaintext-unprotected-tokens
token = "";
token = JWT.Encode(payload, null, JwsAlgorithm.none);
MyDebug.OutputDebugAndConsole("JwsAlgorithm.none", token);
#endregion
#region JWS (Creating signed Tokens)
// https://github.com/dvsekhvalnov/jose-jwt#creating-signed-tokens
#region HS-* family
// HS256, HS384, HS512
// https://github.com/dvsekhvalnov/jose-jwt#hs--family
secretKey = new byte[] { 164, 60, 194, 0, 161, 189, 41, 38, 130, 89, 141, 164, 45, 170, 159, 209, 69, 137, 243, 216, 191, 131, 47, 250, 32, 107, 231, 117, 37, 158, 225, 234 };
token = "";
token = JWT.Encode(payload, secretKey, JwsAlgorithm.HS256);
Program.VerifyResult("JwsAlgorithm.HS256", token, secretKey);
#endregion
#region RS-* and PS-* family
// RS256, RS384, RS512 and PS256, PS384, PS512
// https://github.com/dvsekhvalnov/jose-jwt#rs--and-ps--family
// X509Certificate2 x509Certificate2 = new X509Certificate2();
privateX509Key = new X509Certificate2(Program.PrivateRsaX509Path, Program.PfxPassword, x509KSF);
publicX509Key = new X509Certificate2(Program.PublicRsaX509Path, "", x509KSF);
token = "";
#if NETCORE
rsa = (RSA)privateX509Key.PrivateKey;
#else
// .net frameworkでは、何故かコレが必要。
rsa = (RSA)AsymmetricAlgorithmCmnFunc.CreateSameKeySizeSP(privateX509Key.PrivateKey);
#endif
token = JWT.Encode(payload, rsa, JwsAlgorithm.RS256);
Program.VerifyResult("JwsAlgorithm.RS256", token, rsa);
#endregion
#region ES- * family
// ES256, ES384, ES512 ECDSA signatures
// https://github.com/dvsekhvalnov/jose-jwt#es---family
x = new byte[] { 4, 114, 29, 223, 58, 3, 191, 170, 67, 128, 229, 33, 242, 178, 157, 150, 133, 25, 209, 139, 166, 69, 55, 26, 84, 48, 169, 165, 67, 232, 98, 9 };
y = new byte[] { 131, 116, 8, 14, 22, 150, 18, 75, 24, 181, 159, 78, 90, 51, 71, 159, 214, 186, 250, 47, 207, 246, 142, 127, 54, 183, 72, 72, 253, 21, 88, 53 };
d = new byte[] { 42, 148, 231, 48, 225, 196, 166, 201, 23, 190, 229, 199, 20, 39, 226, 70, 209, 148, 29, 70, 125, 14, 174, 66, 9, 198, 80, 251, 95, 107, 98, 206 };
if (os.Platform == PlatformID.Win32NT)
{
// https://github.com/dvsekhvalnov/jose-jwt/blob/master/jose-jwt/Security/Cryptography/EccKey.cs
privateKeyOfCng = EccKey.New(x, y, d);
publicKeyOfCng = EccKey.New(x, y);
token = "";
token = JWT.Encode(payload, privateKeyOfCng, JwsAlgorithm.ES256);
Program.VerifyResult("JwsAlgorithm.ES256", token, publicKeyOfCng);
}
else //if (os.Platform == PlatformID.Unix)
{
#if NETCORE
ECParameters eCParameters = new ECParameters();
// Curve
eCParameters.Curve =
EccPublicKeyConverter.GetECCurveFromCrvString(
EccPublicKeyConverter.GetCrvStringFromXCoordinate(x));
// x, y, d
eCParameters.Q.X = x;
eCParameters.Q.Y = y;
eCParameters.D = d;
ECDsaOpenSsl eCDsaOpenSsl = new ECDsaOpenSsl(eCParameters.Curve);
eCDsaOpenSsl.ImportParameters(eCParameters);
token = "";
token = JWT.Encode(payload, eCDsaOpenSsl, JwsAlgorithm.ES256);
Program.VerifyResult("JwsAlgorithm.ES256", token, eCDsaOpenSsl);
#endif
}
#if NETCORE || NET47
privateX509Key = new X509Certificate2(Program.PrivateECDsaX509Path, Program.PfxPassword);
publicX509Key = new X509Certificate2(Program.PublicECDsaX509Path, "");
try
{
#if NETCORE
if (os.Platform == PlatformID.Win32NT)
{
}
else //if (os.Platform == PlatformID.Unix)
{
// ECCurveを分析してみる。
ECCurve eCCurve = ((ECDsaOpenSsl)privateX509Key.GetECDsaPrivateKey()).ExportExplicitParameters(true).Curve;
MyDebug.OutputDebugAndConsole("Inspect ECCurve", ObjectInspector.Inspect(eCCurve));
}
#endif
token = "";
token = JWT.Encode(payload, privateX509Key.GetECDsaPrivateKey(), JwsAlgorithm.ES256);
Program.VerifyResult("JwsAlgorithm.ES256", token, publicX509Key.GetECDsaPublicKey());
}
catch (Exception ex)
{
MyDebug.OutputDebugAndConsole("JwsAlgorithm.ES256", ex.GetType().ToString() + ", " + ex.Message);
}
#endif
#endregion
#endregion
#region JWE (Creating encrypted Tokens)
// https://github.com/dvsekhvalnov/jose-jwt#creating-encrypted-tokens
#region RSA-* key management family of algorithms
// RSA-OAEP-256, RSA-OAEP and RSA1_5 key
// https://github.com/dvsekhvalnov/jose-jwt#rsa--key-management-family-of-algorithms
privateX509Key = new X509Certificate2(Program.PrivateRsaX509Path, Program.PfxPassword, x509KSF);
publicX509Key = new X509Certificate2(Program.PublicRsaX509Path, "", x509KSF);
// RSAES-PKCS1-v1_5 and AES_128_CBC_HMAC_SHA_256
token = "";
token = JWT.Encode(payload, publicX509Key.PublicKey.Key, JweAlgorithm.RSA1_5, JweEncryption.A128CBC_HS256);
Program.VerifyResult("JweAlgorithm.RSA1_5, JweEncryption.A128CBC_HS256", token, privateX509Key.PrivateKey);
// RSAES-OAEP and AES GCM
try
{
token = "";
token = JWT.Encode(payload, publicX509Key.PublicKey.Key, JweAlgorithm.RSA_OAEP, JweEncryption.A256GCM);
Program.VerifyResult("JweAlgorithm.RSA_OAEP, JweEncryption.A256GCM", token, privateX509Key.PrivateKey);
}
catch (Exception ex)
{
// Unhandled Exception: System.DllNotFoundException: Unable to load DLL 'bcrypt.dll' at ubunntu
MyDebug.OutputDebugAndConsole("JweAlgorithm.RSA_OAEP, JweEncryption.A256GCM", ex.GetType().ToString() + ", " + ex.Message);
}
#endregion
#region Other key management family of algorithms
secretKey = new byte[] { 164, 60, 194, 0, 161, 189, 41, 38, 130, 89, 141, 164, 45, 170, 159, 209, 69, 137, 243, 216, 191, 131, 47, 250, 32, 107, 231, 117, 37, 158, 225, 234 };
#region DIR direct pre-shared symmetric key family of algorithms
// https://github.com/dvsekhvalnov/jose-jwt#dir-direct-pre-shared-symmetric-key-family-of-algorithms
token = "";
token = JWT.Encode(payload, secretKey, JweAlgorithm.DIR, JweEncryption.A128CBC_HS256);
Program.VerifyResult("JweAlgorithm.DIR, JweEncryption.A128CBC_HS256", token, secretKey);
#endregion
#region AES Key Wrap key management family of algorithms
// AES128KW, AES192KW and AES256KW key management
// https://github.com/dvsekhvalnov/jose-jwt#aes-key-wrap-key-management-family-of-algorithms
token = "";
token = JWT.Encode(payload, secretKey, JweAlgorithm.A256KW, JweEncryption.A256CBC_HS512);
Program.VerifyResult("JweAlgorithm.A256KW, JweEncryption.A256CBC_HS512", token, secretKey);
#endregion
#region AES GCM Key Wrap key management family of algorithms
// AES128GCMKW, AES192GCMKW and AES256GCMKW key management
// https://github.com/dvsekhvalnov/jose-jwt#aes-gcm-key-wrap-key-management-family-of-algorithms
try
{
token = "";
token = JWT.Encode(payload, secretKey, JweAlgorithm.A256GCMKW, JweEncryption.A256CBC_HS512);
Program.VerifyResult("JweAlgorithm.A256GCMKW, JweEncryption.A256CBC_HS512", token, secretKey);
}
catch (Exception ex)
{
// Unhandled Exception: System.DllNotFoundException: Unable to load DLL 'bcrypt.dll' at ubunntu
MyDebug.OutputDebugAndConsole("JweAlgorithm.A256GCMKW, JweEncryption.A256CBC_HS512", ex.GetType().ToString() + ", " + ex.Message);
}
#endregion
#region ECDH-ES and ECDH-ES with AES Key Wrap key management family of algorithms
// ECDH-ES and ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW key management
// https://github.com/dvsekhvalnov/jose-jwt#ecdh-es-and-ecdh-es-with-aes-key-wrap-key-management-family-of-algorithms
try
{
x = new byte[] { 4, 114, 29, 223, 58, 3, 191, 170, 67, 128, 229, 33, 242, 178, 157, 150, 133, 25, 209, 139, 166, 69, 55, 26, 84, 48, 169, 165, 67, 232, 98, 9 };
y = new byte[] { 131, 116, 8, 14, 22, 150, 18, 75, 24, 181, 159, 78, 90, 51, 71, 159, 214, 186, 250, 47, 207, 246, 142, 127, 54, 183, 72, 72, 253, 21, 88, 53 };
publicKeyOfCng = EccKey.New(x, y, usage: CngKeyUsages.KeyAgreement);
token = "";
token = JWT.Encode(payload, publicKeyOfCng, JweAlgorithm.ECDH_ES, JweEncryption.A256GCM);
Program.VerifyResult("JweAlgorithm.ECDH_ES, JweEncryption.A256GCM", token, publicKeyOfCng);
}
catch (Exception ex)
{
// System.NotImplementedException: 'not yet'
MyDebug.OutputDebugAndConsole("JweAlgorithm.ECDH_ES, JweEncryption.A256GCM", ex.GetType().ToString() + ", " + ex.Message);
}
#endregion
#region PBES2 using HMAC SHA with AES Key Wrap key management family of algorithms
token = "";
token = JWT.Encode(payload, "top secret", JweAlgorithm.PBES2_HS256_A128KW, JweEncryption.A256CBC_HS512);
Program.VerifyResult("JweAlgorithm.PBES2_HS256_A128KW, JweEncryption.A256CBC_HS512", token, "top secret");
#endregion
#endregion
#endregion
#endregion
#region ELSE
#region Additional utilities
// https://github.com/dvsekhvalnov/jose-jwt#additional-utilities
#region Adding extra headers
// https://github.com/dvsekhvalnov/jose-jwt#adding-extra-headers
headers = new Dictionary <string, object>()
{
{ "typ", "JWT" },
{ "cty", "JWT" },
{ "keyid", "111-222-333" }
};
privateX509Key = new X509Certificate2(Program.PrivateRsaX509Path, Program.PfxPassword, x509KSF);
publicX509Key = new X509Certificate2(Program.PublicRsaX509Path, "", x509KSF);
#if NETCORE
rsa = (RSA)privateX509Key.PrivateKey;
#else
// .net frameworkでは、何故かコレが必要。
rsa = (RSA)AsymmetricAlgorithmCmnFunc.CreateSameKeySizeSP(privateX509Key.PrivateKey);
#endif
token = "";
token = JWT.Encode(payload, rsa, JwsAlgorithm.RS256, extraHeaders: headers);
Program.VerifyResult("Adding extra headers to RS256", token, rsa);
#endregion
#region Strict validation
// https://github.com/dvsekhvalnov/jose-jwt#strict-validation
// 厳密な検証では、Algorithmを指定可能
MyDebug.OutputDebugAndConsole("Strict validation(RS256)", JWT.Decode(token, rsa, JwsAlgorithm.RS256));
#endregion
#region Two-phase validation
// https://github.com/dvsekhvalnov/jose-jwt#two-phase-validation
// ヘッダのkeyidクレームからキーを取り出して復号化する方法。
//headers = JWT.Headers(token);
// ・・・
//string hoge = JWT.Decode(token, "key");
#endregion
#region Working with binary payload
// https://github.com/dvsekhvalnov/jose-jwt#working-with-binary-payload
#endregion
#endregion
#region Settings
// https://github.com/dvsekhvalnov/jose-jwt#settings
// グローバル設定
#region Example of JWTSettings
// https://github.com/dvsekhvalnov/jose-jwt#example-of-jwtsettings
#endregion
#region Customizing json <-> object parsing & mapping
// https://github.com/dvsekhvalnov/jose-jwt#customizing-json---object-parsing--mapping
// マッピング
// https://github.com/dvsekhvalnov/jose-jwt#example-of-newtonsoftjson-mapper
// https://github.com/dvsekhvalnov/jose-jwt#example-of-servicestack-mapper
#endregion
#region Customizing algorithm implementations
// https://github.com/dvsekhvalnov/jose-jwt#customizing-algorithm-implementations
// https://github.com/dvsekhvalnov/jose-jwt#example-of-custom-algorithm-implementation
#endregion
#region Providing aliases
// https://github.com/dvsekhvalnov/jose-jwt#providing-aliases
#endregion
#endregion
#region Dealing with keys
// https://github.com/dvsekhvalnov/jose-jwt#dealing-with-keys
// https://github.com/dvsekhvalnov/jose-jwt#rsacryptoserviceprovider
// - http://stackoverflow.com/questions/7444586/how-can-i-sign-a-file-using-rsa-and-sha256-with-net
// - http://hintdesk.com/c-how-to-fix-invalid-algorithm-specified-when-signing-with-sha256/
// https://github.com/dvsekhvalnov/jose-jwt#if-you-have-only-rsa-private-key
// - http://www.donaldsbaconbytes.com/2016/08/create-jwt-with-a-private-rsa-key/
#endregion
#region Strong-Named assembly
// https://github.com/dvsekhvalnov/jose-jwt#strong-named-assembly
// - https://github.com/dvsekhvalnov/jose-jwt/issues/5
// - https://github.com/brutaldev/StrongNameSigner
#endregion
#region More examples
// https://github.com/dvsekhvalnov/jose-jwt#more-examples
// https://github.com/dvsekhvalnov/jose-jwt/blob/master/UnitTests/TestSuite.cs
#endregion
#endregion
}
internal SecP384R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, bool withCompression)
: base(curve, x, y, zs, withCompression)
{
}
public ECDsaOpenSsl (ECCurve curve)
{
throw new NotImplementedException ();
}
public ECDsa Create(ECCurve curve)
{
return new ECDsaCng(curve);
}
public ECDsa(ECPoint publicKey)
{
this.publicKey = publicKey;
this.curve = publicKey.Curve;
}
/// <summary>
/// Creates an instance of the platform specific implementation of the cref="ECDsa" algorithm.
/// </summary>
/// <param name="curve">
/// The <see cref="ECCurve"/> representing the elliptic curve.
/// </param>
public static ECDsa Create(ECCurve curve)
{
return new ECDsaImplementation.ECDsaOpenSsl(curve);
}
public SecP256K1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, ECFieldElement[] zs,
bool withCompression)
: base(curve, x, y, zs, withCompression)
{
}
/**
* Create a point that encodes with or without point compresion.
*
* @param curve
* the curve to use
* @param x
* affine x co-ordinate
* @param y
* affine y co-ordinate
* @param withCompression
* if true encode with point compression
*
* @deprecated per-point compression property will be removed, refer
* {@link #getEncoded(bool)}
*/
public SecP160K1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, bool withCompression)
: base(curve, x, y, withCompression)
{
if ((x == null) != (y == null))
throw new ArgumentException("Exactly one of the field elements is null");
}
public static int GetCombSize(ECCurve c)
{
BigInteger order = c.Order;
return(order == null ? c.FieldSize + 1 : order.BitLength);
}
public ECDsa(byte[] privateKey, ECCurve curve)
: this(curve.G * privateKey)
{
this.privateKey = privateKey;
}
private static ECCurve ConfigureCurveGlv(ECCurve c, GlvTypeBParameters p)
{
return(c.Configure().SetEndomorphism(new GlvTypeBEndomorphism(c, p)).Create());
}
public static int GetCombSize(ECCurve c)
{
BigInteger order = c.Order;
return order == null ? c.FieldSize + 1 : order.BitLength;
}
// 5.4 pg 29
/**
* return true if the value r and s represent a DSA signature for
* the passed in message (for standard DSA the message should be
* a SHA-1 hash of the real message to be verified).
*/
public virtual bool VerifySignature(byte[] message, BigInteger r, BigInteger s)
{
BigInteger n = key.Parameters.N;
// r and s should both in the range [1,n-1]
if (r.SignValue < 1 || s.SignValue < 1 ||
r.CompareTo(n) >= 0 || s.CompareTo(n) >= 0)
{
return(false);
}
BigInteger e = CalculateE(n, message);
BigInteger c = s.ModInverse(n);
BigInteger u1 = e.Multiply(c).Mod(n);
BigInteger u2 = r.Multiply(c).Mod(n);
ECPoint G = key.Parameters.G;
ECPoint Q = ((ECPublicKeyParameters)key).Q;
ECPoint point = ECAlgorithms.SumOfTwoMultiplies(G, u1, Q, u2);
if (point.IsInfinity)
{
return(false);
}
/*
* If possible, avoid normalizing the point (to save a modular inversion in the curve field).
*
* There are ~cofactor elements of the curve field that reduce (modulo the group order) to 'r'.
* If the cofactor is known and small, we generate those possible field values and project each
* of them to the same "denominator" (depending on the particular projective coordinates in use)
* as the calculated point.X. If any of the projected values matches point.X, then we have:
* (point.X / Denominator mod p) mod n == r
* as required, and verification succeeds.
*
* Based on an original idea by Gregory Maxwell (https://github.com/gmaxwell), as implemented in
* the libsecp256k1 project (https://github.com/bitcoin/secp256k1).
*/
ECCurve curve = point.Curve;
if (curve != null)
{
BigInteger cofactor = curve.Cofactor;
if (cofactor != null && cofactor.CompareTo(Eight) <= 0)
{
ECFieldElement D = GetDenominator(curve.CoordinateSystem, point);
if (D != null && !D.IsZero)
{
ECFieldElement X = point.XCoord;
while (curve.IsValidFieldElement(r))
{
ECFieldElement R = curve.FromBigInteger(r).Multiply(D);
if (R.Equals(X))
{
return(true);
}
r = r.Add(n);
}
return(false);
}
}
}
BigInteger v = point.Normalize().AffineXCoord.ToBigInteger().Mod(n);
return(v.Equals(r));
}
/**
* Create a point which encodes with point compression.
*
* @param curve the curve to use
* @param x affine x co-ordinate
* @param y affine y co-ordinate
*
* @deprecated Use ECCurve.CreatePoint to construct points
*/
public Curve25519Point(ECCurve curve, ECFieldElement x, ECFieldElement y)
: this(curve, x, y, false)
{
}
/**
* @deprecated Use ECCurve.createPoint to construct points
*/
public SecT193R2Point(ECCurve curve, ECFieldElement x, ECFieldElement y)
: this(curve, x, y, false)
{
}
public GlvTypeBEndomorphism(ECCurve curve, GlvTypeBParameters parameters)
{
this.m_curve = curve;
this.m_parameters = parameters;
this.m_pointMap = new ScaleXPointMap(curve.FromBigInteger(parameters.Beta));
}
public ECDsa Create(ECCurve curve)
{
return ECDsa.Create(curve);
}
/**
* Create a point which encodes with point compression.
*
* @param curve
* the curve to use
* @param x
* affine x co-ordinate
* @param y
* affine y co-ordinate
*
* @deprecated Use ECCurve.createPoint to construct points
*/
public SecP192K1Point(ECCurve curve, ECFieldElement x, ECFieldElement y)
: this(curve, x, y, false)
{
}
public static ECDsa Create(ECCurve curve)
{
return(s_provider.Create(curve));
}
internal SecP192K1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, ECFieldElement[] zs,
bool withCompression)
: base(curve, x, y, zs, withCompression)
{
}
public override ECPoint Twice()
{
if (base.IsInfinity)
{
return(this);
}
ECCurve curve = this.Curve;
SecP224R1FieldElement secP224R1FieldElement = (SecP224R1FieldElement)base.RawYCoord;
if (secP224R1FieldElement.IsZero)
{
return(curve.Infinity);
}
SecP224R1FieldElement secP224R1FieldElement2 = (SecP224R1FieldElement)base.RawXCoord;
SecP224R1FieldElement secP224R1FieldElement3 = (SecP224R1FieldElement)base.RawZCoords[0];
uint[] array = Nat224.Create();
uint[] array2 = Nat224.Create();
uint[] array3 = Nat224.Create();
SecP224R1Field.Square(secP224R1FieldElement.x, array3);
uint[] array4 = Nat224.Create();
SecP224R1Field.Square(array3, array4);
bool isOne = secP224R1FieldElement3.IsOne;
uint[] array5 = secP224R1FieldElement3.x;
if (!isOne)
{
array5 = array2;
SecP224R1Field.Square(secP224R1FieldElement3.x, array5);
}
SecP224R1Field.Subtract(secP224R1FieldElement2.x, array5, array);
uint[] array6 = array2;
SecP224R1Field.Add(secP224R1FieldElement2.x, array5, array6);
SecP224R1Field.Multiply(array6, array, array6);
uint x = Nat224.AddBothTo(array6, array6, array6);
SecP224R1Field.Reduce32(x, array6);
uint[] array7 = array3;
SecP224R1Field.Multiply(array3, secP224R1FieldElement2.x, array7);
x = Nat.ShiftUpBits(7, array7, 2, 0u);
SecP224R1Field.Reduce32(x, array7);
x = Nat.ShiftUpBits(7, array4, 3, 0u, array);
SecP224R1Field.Reduce32(x, array);
SecP224R1FieldElement secP224R1FieldElement4 = new SecP224R1FieldElement(array4);
SecP224R1Field.Square(array6, secP224R1FieldElement4.x);
SecP224R1Field.Subtract(secP224R1FieldElement4.x, array7, secP224R1FieldElement4.x);
SecP224R1Field.Subtract(secP224R1FieldElement4.x, array7, secP224R1FieldElement4.x);
SecP224R1FieldElement secP224R1FieldElement5 = new SecP224R1FieldElement(array7);
SecP224R1Field.Subtract(array7, secP224R1FieldElement4.x, secP224R1FieldElement5.x);
SecP224R1Field.Multiply(secP224R1FieldElement5.x, array6, secP224R1FieldElement5.x);
SecP224R1Field.Subtract(secP224R1FieldElement5.x, array, secP224R1FieldElement5.x);
SecP224R1FieldElement secP224R1FieldElement6 = new SecP224R1FieldElement(array6);
SecP224R1Field.Twice(secP224R1FieldElement.x, secP224R1FieldElement6.x);
if (!isOne)
{
SecP224R1Field.Multiply(secP224R1FieldElement6.x, secP224R1FieldElement3.x, secP224R1FieldElement6.x);
}
return(new SecP224R1Point(curve, secP224R1FieldElement4, secP224R1FieldElement5, new ECFieldElement[]
{
secP224R1FieldElement6
}, base.IsCompressed));
}
