/// <summary>
/// Create a new elliptic curve keypair.
/// </summary>
/// <param name="domain">Elliptic curve to use as the basis.</param>
/// <param name="Q">Raw public key component.</param>
/// <param name="d">Raw private key component.</param>
/// <returns>Elliptic curve keypair.</returns>
public static void GenerateECKeypair(ECDomainParameters domain, out ECPoint Q, out BigInteger d)
{
ECPoint g = domain.G;
BigInteger n = domain.N;
int minWeight = n.BitLength >> 2;
for (;;)
{
d = new BigInteger(n.BitLength, StratCom.EntropySupplier);
if (d.CompareTo(BigInteger.Two) < 0 || d.CompareTo(n) >= 0)
{
continue;
}
/*
* Require a minimum weight of the NAF representation, since low-weight primes may be
* weak against a version of the number-field-sieve for the discrete-logarithm-problem.
*
* See "The number field sieve for integers of low weight", Oliver Schirokauer.
*/
if (WNafUtilities.GetNafWeight(d) < minWeight)
{
continue;
}
break;
}
Q = EcBasePointMultiplier.Multiply(g, d);
}
/// <summary>
/// Creates a round 1 (zero-knowledge proof) DTO to send to the partner participant.
/// </summary>
public ECJpakeRound1 CreateRound1ToSend()
{
Contract.Requires(ProtocolState < State.Round1Created, "Round 1 payload already created.");
BigInteger x1 = BigInteger.CreateRandomInRange(BigInteger.One, _domain.N.Subtract(BigInteger.One),
EntropySupply);
_x2 = BigInteger.CreateRandomInRange(BigInteger.One, _domain.N.Subtract(BigInteger.One), EntropySupply);
_gx1 = BasePointMultiplier.Multiply(_domain.G, x1);
_gx2 = BasePointMultiplier.Multiply(_domain.G, _x2);
ECPoint V1, V2;
BigInteger r1, r2;
CreateZeroKnowledgeProof(_domain.G, x1, _gx1, ParticipantId, out V1, out r1);
CreateZeroKnowledgeProof(_domain.G, _x2, _gx2, ParticipantId, out V2, out r2);
var dto = new ECJpakeRound1 {
ParticipantId = ParticipantId,
GX1 = _gx1.GetEncoded(),
X1V = V1.GetEncoded(),
X1R = r1.ToByteArray(),
GX2 = _gx2.GetEncoded(),
X2V = V2.GetEncoded(),
X2R = r2.ToByteArray()
};
ProtocolState = State.Round1Created;
return(dto);
}
private byte[] Encrypt(byte[] input, int inOff, int inLen)
{
byte[] c2 = new byte[inLen];
Array.Copy(input, inOff, c2, 0, c2.Length);
ECMultiplier multiplier = CreateBasePointMultiplier();
byte[] c1;
ECPoint kPB;
do
{
BigInteger k = NextK();
ECPoint c1P = multiplier.Multiply(mECParams.G, k).Normalize();
c1 = c1P.GetEncoded(false);
kPB = ((ECPublicKeyParameters)mECKey).Q.Multiply(k).Normalize();
Kdf(mDigest, kPB, c2);
}while (NotEncrypted(c2, input, inOff));
AddFieldElement(mDigest, kPB.AffineXCoord);
mDigest.BlockUpdate(input, inOff, inLen);
AddFieldElement(mDigest, kPB.AffineYCoord);
byte[] c3 = DigestUtilities.DoFinal(mDigest);
return(Arrays.ConcatenateAll(c1, c2, c3));
}
public virtual BigInteger[] GenerateSignature(byte[] message)
{
BigInteger integer6;
ECDomainParameters parameters = this.key.Parameters;
BigInteger n = parameters.N;
BigInteger integer2 = this.CalculateE(n, message);
BigInteger d = ((ECPrivateKeyParameters)this.key).D;
if (this.kCalculator.IsDeterministic)
{
this.kCalculator.Init(n, d, message);
}
else
{
this.kCalculator.Init(n, this.random);
}
ECMultiplier multiplier = this.CreateBasePointMultiplier();
Label_006A:
integer6 = this.kCalculator.NextK();
BigInteger val = multiplier.Multiply(parameters.G, integer6).Normalize().AffineXCoord.ToBigInteger().Mod(n);
if (val.SignValue == 0)
{
goto Label_006A;
}
BigInteger integer5 = integer6.ModInverse(n).Multiply(integer2.Add(d.Multiply(val))).Mod(n);
if (integer5.SignValue == 0)
{
goto Label_006A;
}
return(new BigInteger[] { val, integer5 });
}
/// <inheritdoc />
public void GenerateSignature(byte[] message, out BigInteger r, out BigInteger s)
{
BigInteger n = _ecDomain.N;
BigInteger e = CalculateE(n, message);
var d = new BigInteger(_privateKey.EncodedKey);
if (_kCalculator.IsDeterministic)
{
_kCalculator.Init(n, d, message);
}
else
{
_kCalculator.Init(n, _random);
}
// 5.3.2
// Generate s
do
{
BigInteger k;
// Generate r
do
{
k = _kCalculator.NextK();
ECPoint p = EcBasePointMultiplier.Multiply(_ecDomain.G, k).Normalize();
// 5.3.3
r = p.AffineXCoord.ToBigInteger().Mod(n);
} while (r.SignValue == 0);
s = k.ModInverse(n).Multiply(e.Add(d.Multiply(r))).Mod(n);
} while (s.SignValue == 0);
}
// 5.3 pg 28
/**
* Generate a signature for the given message using the key we were
* initialised with. For conventional DSA the message should be a SHA-1
* hash of the message of interest.
*
* @param message the message that will be verified later.
*/
public BigInteger[] GenerateSignature(byte[] message)
{
ECDomainParameters ec = key.Parameters;
BigInteger n = ec.N;
BigInteger e = CalculateE(n, message);
BigInteger d = ((ECPrivateKeyParameters)key).D;
BigInteger r, s;
ECMultiplier basePointMultiplier = CreateBasePointMultiplier();
// 5.3.2
do // Generate s
{
BigInteger k;
do // Generate r
{
do
{
k = new BigInteger(n.BitLength, random);
}while (k.SignValue == 0 || k.CompareTo(n) >= 0);
ECPoint p = basePointMultiplier.Multiply(ec.G, k).Normalize();
// 5.3.3
r = p.AffineXCoord.ToBigInteger().Mod(n);
}while (r.SignValue == 0);
s = k.ModInverse(n).Multiply(e.Add(d.Multiply(r))).Mod(n);
}while (s.SignValue == 0);
return(new BigInteger[] { r, s });
}
public virtual BigInteger[] GenerateSignature(byte[] message)
{
BigInteger integer6;
byte[] bytes = new byte[message.Length];
for (int i = 0; i != bytes.Length; i++)
{
bytes[i] = message[(bytes.Length - 1) - i];
}
BigInteger val = new BigInteger(1, bytes);
ECDomainParameters parameters = this.key.Parameters;
BigInteger n = parameters.N;
BigInteger d = ((ECPrivateKeyParameters)this.key).D;
BigInteger integer5 = null;
ECMultiplier multiplier = this.CreateBasePointMultiplier();
Label_0062:
integer6 = new BigInteger(n.BitLength, this.random);
if (integer6.SignValue == 0)
{
goto Label_0062;
}
BigInteger integer4 = multiplier.Multiply(parameters.G, integer6).Normalize().AffineXCoord.ToBigInteger().Mod(n);
if (integer4.SignValue == 0)
{
goto Label_0062;
}
integer5 = integer6.Multiply(val).Add(d.Multiply(integer4)).Mod(n);
if (integer5.SignValue == 0)
{
goto Label_0062;
}
return(new BigInteger[] { integer4, integer5 });
}
public virtual byte[] GenerateSignature()
{
byte[] eHash = DigestUtilities.DoFinal(digest);
BigInteger n = ecParams.N;
BigInteger e = CalculateE(n, eHash);
BigInteger d = ((ECPrivateKeyParameters)ecKey).D;
BigInteger r, s;
ECMultiplier basePointMultiplier = CreateBasePointMultiplier();
// 5.2.1 Draft RFC: SM2 Public Key Algorithms
do // generate s
{
BigInteger k;
do // generate r
{
// A3
k = kCalculator.NextK();
// A4
ECPoint p = basePointMultiplier.Multiply(ecParams.G, k).Normalize();
// A5
r = e.Add(p.AffineXCoord.ToBigInteger()).Mod(n);
}while (r.SignValue == 0 || r.Add(k).Equals(n));
// A6
BigInteger dPlus1ModN = d.Add(BigInteger.One).ModInverse(n);
s = k.Subtract(r.Multiply(d)).Mod(n);
s = dPlus1ModN.Multiply(s).Mod(n);
}while (s.SignValue == 0);
// A7
try
{
return(encoding.Encode(ecParams.N, r, s));
}
catch (Exception ex)
{
throw new CryptoException("unable to encode signature: " + ex.Message, ex);
}
}
/**
* generate a signature for the given message using the key we were
* initialised with. For conventional GOST3410 the message should be a GOST3411
* hash of the message of interest.
*
* @param message the message that will be verified later.
*/
public virtual BigInteger[] GenerateSignature(
byte[] message)
{
if (!forSigning)
{
throw new InvalidOperationException("not initialized for signing");
}
byte[] mRev = new byte[message.Length]; // conversion is little-endian
for (int i = 0; i != mRev.Length; i++)
{
mRev[i] = message[mRev.Length - 1 - i];
}
BigInteger e = new BigInteger(1, mRev);
ECDomainParameters ec = key.Parameters;
BigInteger n = ec.N;
BigInteger d = ((ECPrivateKeyParameters)key).D;
BigInteger r, s = null;
ECMultiplier basePointMultiplier = CreateBasePointMultiplier();
do // generate s
{
BigInteger k;
do // generate r
{
do
{
k = new BigInteger(n.BitLength, random);
}while (k.SignValue == 0);
ECPoint p = basePointMultiplier.Multiply(ec.G, k).Normalize();
r = p.AffineXCoord.ToBigInteger().Mod(n);
}while (r.SignValue == 0);
s = (k.Multiply(e)).Add(d.Multiply(r)).Mod(n);
}while (s.SignValue == 0);
return(new BigInteger[] { r, s });
}
// 5.3 pg 28
/**
* Generate a signature for the given message using the key we were
* initialised with. For conventional DSA the message should be a SHA-1
* hash of the message of interest.
*
* @param message the message that will be verified later.
*/
public virtual BigInteger[] GenerateSignature(byte[] message)
{
ECDomainParameters ec = key.Parameters;
BigInteger n = ec.N;
BigInteger e = CalculateE(n, message);
BigInteger d = ((ECPrivateKeyParameters)key).D;
if (kCalculator.IsDeterministic)
{
kCalculator.Init(n, d, message);
}
else
{
kCalculator.Init(n, random);
}
BigInteger r, s;
ECMultiplier basePointMultiplier = CreateBasePointMultiplier();
// 5.3.2
do // Generate s
{
BigInteger k;
byte[] rBytes = null;
do // Generate r
{
do
{
k = kCalculator.NextK();
ECPoint p = basePointMultiplier.Multiply(ec.G, k).Normalize();
// 5.3.3
r = p.AffineXCoord.ToBigInteger().Mod(n);
}while(r.SignValue == 0);
}while(forceLowR && r.ToByteArrayUnsigned()[0] >= 0x80);
s = k.ModInverse(n).Multiply(e.Add(d.Multiply(r))).Mod(n);
}while(s.SignValue == 0);
return(new BigInteger[] { r, s });
}
public virtual BigInteger[] GenerateSignature(byte[] message)
{
ECDomainParameters parameters = this.key.Parameters;
BigInteger n = parameters.N;
BigInteger bigInteger = this.CalculateE(n, message);
BigInteger d = ((ECPrivateKeyParameters)this.key).D;
if (this.kCalculator.IsDeterministic)
{
this.kCalculator.Init(n, d, message);
}
else
{
this.kCalculator.Init(n, this.random);
}
ECMultiplier eCMultiplier = this.CreateBasePointMultiplier();
BigInteger bigInteger3;
BigInteger bigInteger4;
while (true)
{
BigInteger bigInteger2 = this.kCalculator.NextK();
ECPoint eCPoint = eCMultiplier.Multiply(parameters.G, bigInteger2).Normalize();
bigInteger3 = eCPoint.AffineXCoord.ToBigInteger().Mod(n);
if (bigInteger3.SignValue != 0)
{
bigInteger4 = bigInteger2.ModInverse(n).Multiply(bigInteger.Add(d.Multiply(bigInteger3))).Mod(n);
if (bigInteger4.SignValue != 0)
{
break;
}
}
}
return(new BigInteger[]
{
bigInteger3,
bigInteger4
});
}
public virtual BigInteger[] GenerateSignature(byte[] message)
{
byte[] array = new byte[message.Length];
for (int i = 0; i != array.Length; i++)
{
array[i] = message[array.Length - 1 - i];
}
BigInteger val = new BigInteger(1, array);
ECDomainParameters parameters = key.Parameters;
BigInteger n = parameters.N;
BigInteger d = ((ECPrivateKeyParameters)key).D;
BigInteger bigInteger = null;
ECMultiplier eCMultiplier = CreateBasePointMultiplier();
BigInteger bigInteger3;
while (true)
{
BigInteger bigInteger2 = new BigInteger(n.BitLength, random);
if (bigInteger2.SignValue == 0)
{
continue;
}
ECPoint eCPoint = eCMultiplier.Multiply(parameters.G, bigInteger2).Normalize();
bigInteger3 = eCPoint.AffineXCoord.ToBigInteger().Mod(n);
if (bigInteger3.SignValue != 0)
{
bigInteger = bigInteger2.Multiply(val).Add(d.Multiply(bigInteger3)).Mod(n);
if (bigInteger.SignValue != 0)
{
break;
}
}
}
return(new BigInteger[2]
{
bigInteger3,
bigInteger
});
}
public virtual BigInteger[] GenerateSignature(byte[] message)
{
byte[] array = new byte[message.Length];
for (int num = 0; num != array.Length; num++)
{
array[num] = message[array.Length - 1 - num];
}
BigInteger val = new BigInteger(1, array);
ECDomainParameters parameters = this.key.Parameters;
BigInteger n = parameters.N;
BigInteger d = ((ECPrivateKeyParameters)this.key).D;
ECMultiplier eCMultiplier = this.CreateBasePointMultiplier();
BigInteger bigInteger2;
BigInteger bigInteger3;
while (true)
{
BigInteger bigInteger = new BigInteger(n.BitLength, this.random);
if (bigInteger.SignValue != 0)
{
ECPoint eCPoint = eCMultiplier.Multiply(parameters.G, bigInteger).Normalize();
bigInteger2 = eCPoint.AffineXCoord.ToBigInteger().Mod(n);
if (bigInteger2.SignValue != 0)
{
bigInteger3 = bigInteger.Multiply(val).Add(d.Multiply(bigInteger2)).Mod(n);
if (bigInteger3.SignValue != 0)
{
break;
}
}
}
}
return(new BigInteger[]
{
bigInteger2,
bigInteger3
});
}