/// <summary>
/// Generate z_i value as specified in section 3.3.1 of the setup.
/// </summary>
/// <param name="pubKey">Public key used</param>
/// <param name="ps">public string specified in the setup</param>
/// <param name="i">index i</param>
/// <param name="k">Security parameter specified in the setup.</param>
/// <param name="keyLength">The size of the RSA key in bits</param>
/// <returns></returns>
internal static BigInteger SampleFromZnStar(RsaKeyParameters pubKey, byte[] psBytes, int i, int BigK, int keyLength)
{
BigInteger Modulus = pubKey.Modulus;
// Octet Length of i
int iLen = Utils.GetOctetLen(BigK);
// OctetString of i
var EI = Utils.I2OSP(i, iLen);
// ASN.1 encoding of the PublicKey
var keyBytes = pubKey.ToBytes();
// Combine the OctetString
var combined = Utils.Combine(keyBytes, psBytes, EI);
int j = 2;
for (; ;)
{
// OctetLength of j
var jLen = Utils.GetOctetLen(j);
// OctetString of j
var EJ = Utils.I2OSP(j, jLen);
// Combine EJ with the rest of the string
var sub_combined = Utils.Combine(combined, EJ);
// Pass the bytes to H_1
byte[] ER = Utils.MGF1_SHA256(sub_combined, keyLength);
// Convert from OctetString to BigInteger
BigInteger z_i = Utils.OS2IP(ER);
// Check if the output is larger or equal to N OR GCD(z_i, N) != 1
if (z_i.CompareTo(Modulus) >= 0 || !(z_i.Gcd(Modulus).Equals(BigInteger.One)))
{
j++;
continue;
}
return(z_i);
}
}
/// <summary>
/// Calculate the value of w as specified in section 3.3.2 of the setup.
/// </summary>
/// <param name="pubKey">Public key used</param>
/// <param name="ps">public string specified in the setup</param>
/// <param name="xValues"> List of x_i values</param>
/// <param name="k">Security parameter as specified in the setup.</param>
/// <param name="keyLength">The size of the RSA key in bits</param>
internal static void GetW(RsaKeyParameters pubKey, byte[] psBytes, BigInteger[] xValues, int k, int keyLength, out BigInteger w)
{
var BigK = xValues.Length;
// ASN.1 encoding of the PublicKey
var keyBytes = pubKey.ToBytes();
// Computing ExLen
var ExLen = Utils.GetByteLength(keyLength);
// Encoding the x Values
byte[] ExComb = new byte[0]; // Empty Array (Initialization)
for (int i = 0; i < BigK; i++)
{
// Encoding x_i to an OctetString.
var tmp = Utils.I2OSP(xValues[i], ExLen);
ExComb = Utils.Combine(ExComb, tmp);
}
// Concatenating the rest of s
var s = Utils.Combine(keyBytes, psBytes, ExComb);
// Hash the OctetString
var BigW = Utils.SHA256(s);
// Truncate to k-bits
BigW = Utils.TruncateToKbits(BigW, k);
// Convert to an Integer and return
w = Utils.OS2IP(BigW);
}
/// <summary>
/// Calculates the value of w as specified in the setup.
/// </summary>
/// <param name="pubKey">Public key used</param>
/// <param name="ps">public string specified in the setup</param>
/// <param name="xValues"> List of x_i values</param>
/// <param name="k">Security parameter as specified in the setup.</param>
/// <param name="keyLength">The size of the RSA key in bits</param>
internal static void GetW(RsaKeyParameters pubKey, byte[] psBytes, BigInteger[] xValues, int k, int keyLength, out BigInteger w)
{
if (xValues == null)
{
throw new ArgumentNullException(nameof(xValues));
}
var BigK = xValues.Length;
// ASN.1 encoding of the PublicKey
var keyBytes = pubKey.ToBytes();
// Computing ExLen
var ExLen = Utils.GetByteLength(keyLength);
// Encoding the x Values
byte[] ExComb = new byte[0]; // Empty Array (Initialization)
for (int i = 0; i < BigK; i++)
{
var tmp = Utils.I2OSP(xValues[i], ExLen);
ExComb = Utils.Combine(ExComb, tmp);
}
// Concatenating the rest of s
// TODO: Combine now takes multiple lists as input, so no need for the double call
var s = Utils.Combine(keyBytes, Utils.Combine(psBytes, ExComb));
// Hash the OctetString
var BigW = Utils.SHA256(s);
// Truncate to k-bits
BigW = Utils.TruncateToKbits(BigW, k);
// Convert to an Integer and return
w = Utils.OS2IP(BigW);
}
/// <summary>
/// Generates a list of rho values as specified in the setup (2.8.1)
/// </summary>
/// <param name="m2">m2</param>
/// <param name="psBytes">public string specified in the setup</param>
/// <param name="key">Public key used</param>
/// <param name="keyLength">The size of the RSA key in bits</param>
internal static void GetRhos(int m2, byte[] psBytes, RsaKeyParameters key, int keyLength, out byte[][] rhoValues)
{
var m2Len = Utils.GetOctetLen(m2);
rhoValues = new byte[m2][];
BigInteger Modulus = key.Modulus;
// ASN.1 encoding of the PublicKey
var keyBytes = key.ToBytes();
for (int i = 0; i < m2; i++)
{
// Byte representation of i
var EI = Utils.I2OSP(i, m2Len);
int j = 2;
// Combine the octet string
var combined = Utils.Combine(keyBytes, Utils.Combine(psBytes, EI));
while (true)
{
// OctetLength of j
var jLen = Utils.GetOctetLen(j);
// Byte representation of j
var EJ = Utils.I2OSP(j, jLen);
// Combine EJ with the rest of the string
var sub_combined = Utils.Combine(combined, EJ);
// Pass the bytes to H_1
byte[] ER = Utils.MGF1_SHA256(sub_combined, keyLength);
// Convert from Bytes to BigInteger
BigInteger input = Utils.OS2IP(ER);
// Check if the output is bigger or equal than N
if (input.CompareTo(Modulus) >= 0)
{
j++;
continue;
}
rhoValues[i] = ER;
break;
}
}
}