public bool IsValid(Transaction transaction)
{
ECDomainParameters ecSpec = new ECDomainParameters(CryptoUtil.Curve.Curve, CryptoUtil.Curve.G, CryptoUtil.Curve.N, CryptoUtil.Curve.H);
IDsaKCalculator kCalculator = new HMacDsaKCalculator(new Sha256Digest());
var point = DecodeECPointPublicKey(transaction.SenderPublicKey);
ECPublicKeyParameters keyParameters = new ECPublicKeyParameters(point, ecSpec);
ECDsaSigner signer = new ECDsaSigner(kCalculator);
signer.Init(false, keyParameters);
var pubKey1 = new BigInteger(transaction.Signature[0], 16);
var pubKey2 = new BigInteger(transaction.Signature[1], 16);
TransactionRaw transactionRaw = new TransactionRaw()
{
FromAddress = transaction.FromAddress,
ToAddress = transaction.ToAddress,
Amount = transaction.Amount,
DateCreated = transaction.DateCreated
};
string tranJson = JsonConvert.SerializeObject(transactionRaw);
byte[] tranHash = CryptoUtil.CalcSHA256(tranJson);
return(signer.VerifySignature(tranHash, pubKey1, pubKey2));
}
/// <summary>
/// Creates a signature from the given <paramref name="message"/>.
/// <para>
/// A created signature can be verified by the corresponding
/// <see cref="PublicKey"/>.
/// </para>
/// <para>
/// Signatures can be created by only the <see cref="PrivateKey"/>
/// which corresponds a <see cref="PublicKey"/> to verify these
/// signatures.
/// </para>
/// <para>
/// To sum up, a signature is used to guarantee:
/// </para>
/// <list type="bullet">
/// <item><description>that the <paramref name="message"/> was created
/// by someone possessing the corresponding <see cref="PrivateKey"/>,
/// </description></item>
/// <item><description>that the possessor cannot deny having sent the
/// <paramref name="message"/>, and</description></item>
/// <item><description>that the <paramref name="message"/> was not
/// forged in the middle of transit.</description></item>
/// </list>
/// </summary>
/// <param name="message">A message to sign in <see cref="byte"/> array
/// representation.</param>
/// <returns>A signature that verifies the <paramref name="message"/>.
/// It can be verified using
/// <see cref="Libplanet.Crypto.PublicKey.Verify(byte[], byte[])"/>
/// method.</returns>
/// <seealso cref="Libplanet.Crypto.PublicKey.Verify(byte[], byte[])"/>
public byte[] Sign(byte[] message)
{
var h = new Sha256Digest();
var hashed = new byte[h.GetDigestSize()];
h.BlockUpdate(message, 0, message.Length);
h.DoFinal(hashed, 0);
h.Reset();
var kCalculator = new HMacDsaKCalculator(h);
var signer = new ECDsaSigner(kCalculator);
signer.Init(true, keyParam);
BigInteger[] rs = signer.GenerateSignature(hashed);
var r = rs[0];
var s = rs[1];
BigInteger otherS = keyParam.Parameters.N.Subtract(s);
if (s.CompareTo(otherS) == 1)
{
s = otherS;
}
var bos = new MemoryStream(72);
var seq = new DerSequenceGenerator(bos);
seq.AddObject(new DerInteger(r));
seq.AddObject(new DerInteger(s));
seq.Close();
return(bos.ToArray());
}
public byte[] Sign(HashDigest <T> messageHash, PrivateKey privateKey)
{
var h = new Sha256Digest();
var kCalculator = new HMacDsaKCalculator(h);
var signer = new ECDsaSigner(kCalculator);
signer.Init(true, privateKey.KeyParam);
BigInteger[] rs = signer.GenerateSignature(messageHash.ToByteArray());
var r = rs[0];
var s = rs[1];
BigInteger otherS = privateKey.KeyParam.Parameters.N.Subtract(s);
if (s.CompareTo(otherS) == 1)
{
s = otherS;
}
var bos = new MemoryStream(72);
var seq = new DerSequenceGenerator(bos);
seq.AddObject(new DerInteger(r));
seq.AddObject(new DerInteger(s));
seq.Close();
return(bos.ToArray());
}
public static bool VerifySignature(ECPublicKeyParameters keyParameters, BigInteger[] signature, byte[] msg)
{
IDsaKCalculator kCalculator = new HMacDsaKCalculator(new Sha256Digest());
var signer = new ECDsaSigner(kCalculator);
signer.Init(false, keyParameters);
return(signer.VerifySignature(msg, signature[0], signature[1]));
}
public static ECDSASignature Sign(byte[] data, BigInteger privateKey)
{
ECPrivateKeyParameters parameters =
new ECPrivateKeyParameters(privateKey, Secp256k1DomainParameters);
IDsaKCalculator kCalculator = new HMacDsaKCalculator(new Sha256Digest());
IDsa signer = new ECDsaSigner(kCalculator);
signer.Init(true, parameters);
return(new ECDSASignature(signer.GenerateSignature(data)));
}
public static bool VerifySignature(
byte[] hash,
ECDSASignature signature,
ECPublicKeyParameters parameters)
{
IDsaKCalculator kCalculator = new HMacDsaKCalculator(new Sha256Digest());
var signer = new ECDsaSigner(kCalculator);
signer.Init(false, parameters);
return(signer.VerifySignature(hash, signature.R, signature.S));
}
private static BigInteger[] SignTransaction(BigInteger privateKey, byte[] data)
{
ECDomainParameters ecSpec = new ECDomainParameters(curve.Curve, curve.G, curve.N, curve.H);
ECPrivateKeyParameters keyParameters = new ECPrivateKeyParameters(privateKey, ecSpec);
IDsaKCalculator kCalculator = new HMacDsaKCalculator(new Sha256Digest());
ECDsaSigner signer = new ECDsaSigner(kCalculator);
signer.Init(true, keyParameters);
BigInteger[] signature = signer.GenerateSignature(data);
return(signature);
}
/// <summary>
/// Calculates deterministic ECDSA signature (with HMAC-SHA256), based on secp256k1 and RFC-6979.
/// </summary>
public static BigInteger[] SignData(BigInteger privateKey, byte[] data)
{
var keyParameters = new ECPrivateKeyParameters(privateKey, Domain);
IDsaKCalculator kCalculator = new HMacDsaKCalculator(new Sha256Digest());
var signer = new ECDsaSigner(kCalculator);
signer.Init(true, keyParameters);
var signature = signer.GenerateSignature(data);
return(signature);
}
public static bool VerifySignature(
ECPoint publicKey,
BigInteger r,
BigInteger s,
byte[] hash)
{
ECPublicKeyParameters parameters = GetPublicKeyParameters(publicKey);
IDsaKCalculator kCalculator = new HMacDsaKCalculator(new Sha256Digest());
var signer = new ECDsaSigner(kCalculator);
signer.Init(false, parameters);
return(signer.VerifySignature(hash, r, s));
}
private BigInteger[] SignData(BigInteger privateKey, byte[] data)
{
// TODO: put curve name
string curveName = "";
var curve = NistNamedCurves.GetByName(curveName);
ECDomainParameters ecSpec = new ECDomainParameters(curve.Curve, curve.G, curve.N, curve.H);
ECPrivateKeyParameters keyParameters = new ECPrivateKeyParameters(privateKey, ecSpec);
IDsaKCalculator kCalculator = new HMacDsaKCalculator(new Sha256Digest());
ECDsaSigner signer = new ECDsaSigner(kCalculator);
signer.Init(true, keyParameters);
BigInteger[] signature = signer.GenerateSignature(data);
return(signature);
}
public bool Validate(Transaction transaction)
{
ECDomainParameters ecSpec =
new ECDomainParameters(Crypto.Curve.Curve, Crypto.Curve.G, Crypto.Curve.N, Crypto.Curve.H);
IDsaKCalculator kCalculator = new HMacDsaKCalculator(new Sha256Digest());
// var point = Crypto.DecodeECPointFromPublicKey(transaction.SenderPublicKey);
// ECPublicKeyParameters keyParameters = new ECPublicKeyParameters(point, ecSpec);
// ECDsaSigner signer = new ECDsaSigner(kCalculator);
// signer.Init(false, keyParameters);
// var pubKey1 = new BigInteger(transaction.SenderSignature[0], 16);
// var pubKey2 = new BigInteger(transaction.SenderSignature[1], 16);
// byte[] transactionHash = Crypto.CalcSha256(this.GetTransactionPayload(transaction));
// bool isValid = signer.VerifySignature(transactionHash, pubKey1, pubKey2);
return(true);
}
public static bool IsSignatureValid(PendingTransaction transaction)
{
ECPoint publicKeyPoint = GetECPublicKeyPoint(transaction.SenderPublicKey);
ECDomainParameters ecSpec = new ECDomainParameters(curve.Curve, curve.G, curve.N, curve.H);
ECPublicKeyParameters publicKeyParameters = new ECPublicKeyParameters(publicKeyPoint, ecSpec);
IDsaKCalculator kCalculator = new HMacDsaKCalculator(new Sha256Digest());
ECDsaSigner signer = new ECDsaSigner(kCalculator);
signer.Init(false, publicKeyParameters);
byte[] tranHashWithoutSignature = CalculateSHA256(transaction.AsJsonWithoutSignatureAndHash());
BigInteger signatureR = new BigInteger(transaction.SenderSignature[0], 16);
BigInteger signatureS = new BigInteger(transaction.SenderSignature[1], 16);
bool isValid = signer.VerifySignature(tranHashWithoutSignature, signatureR, signatureS);
return(isValid);
}
public virtual ECSignature GetECSignature(ECPrivateKey privateKey, byte[] data, bool beDeterministic = false, bool enforceLowS = true)
{
var curve = SecNamedCurves.GetByName(CURVEALGO);
var domain = new ECDomainParameters(curve.Curve, curve.G, curve.N, curve.H);
IDsaKCalculator kCalculator;
if (beDeterministic)
{
kCalculator = new HMacDsaKCalculator(new Sha256Digest());
}
else
{
kCalculator = new RandomDsaKCalculator();
}
ECDsaSigner signer = new ECDsaSigner(kCalculator);
signer.Init(true, new ECPrivateKeyParameters(new BigInteger(1, privateKey.Base64Array), domain));
BigInteger[] components = signer.GenerateSignature(data);
BigInteger r = components[0];
BigInteger s = components[1];
BigInteger curveOrder = domain.N;
BigInteger halvCurveOrder = curveOrder.ShiftRight(1);
bool sIsLow = s.CompareTo(halvCurveOrder) <= 0;
if (enforceLowS && !sIsLow)
{
s = curveOrder.Subtract(s);
}
return(new ECSignature(r, s));
}
