public bool VerifySignature(ECPublicKeyParameters publicKey, byte[] signedBytes, byte[] signature)
{
if (publicKey == null)
{
throw new ArgumentNullException(nameof(publicKey));
}
if (signedBytes == null)
{
throw new ArgumentNullException(nameof(signedBytes));
}
if (signature == null)
{
throw new ArgumentNullException(nameof(signature));
}
try
{
var ecdsaSignature = SignerUtilities.GetSigner("SHA-256withECDSA");
ecdsaSignature.Init(false, publicKey);
ecdsaSignature.BlockUpdate(signedBytes, 0, signedBytes.Length);
return ecdsaSignature.VerifySignature(signature);
}
catch (SecurityUtilityException e)
{
throw new U2FException("Error when verifying signature", e);
}
catch (CryptoException e)
{
throw new U2FException("Error when verifying signature", e);
}
}
public MqvPublicParameters(
ECPublicKeyParameters staticPublicKey,
ECPublicKeyParameters ephemeralPublicKey)
{
this.staticPublicKey = staticPublicKey;
this.ephemeralPublicKey = ephemeralPublicKey;
}
public ECDsaBouncyCastle(byte[] encodedPublicKey)
{
ContractsCommon.NotNull(encodedPublicKey, "encodedPublicKey");
var secp256k1 = SecP256k1;
_publicKey = new ECPublicKeyParameters(secp256k1.Curve.DecodePoint(encodedPublicKey), secp256k1);
}
public virtual void Exchange(byte[] clientEcdhPubkey, byte[] cRandomUnused, byte[] sRandomUnused, object privateParameters)
{
// "TLS1.3 ciphersuite does not include KeyExchange methods"
// just for shared_secret calculation here
var shared_secret = new byte[32];
if (privateParameters is Parameters.X25519PrivateKeyParameters x25519Prv)
{
var clientPub = new Parameters.X25519PublicKeyParameters(clientEcdhPubkey, 0);
x25519Prv.GenerateSecret(clientPub, shared_secret, 0);
}
else if (privateParameters is Parameters.X448PrivateKeyParameters x448Prv)
{
var clientPub = new Parameters.X448PublicKeyParameters(clientEcdhPubkey, 0);
x448Prv.GenerateSecret(clientPub, shared_secret, 0);
}
else if (privateParameters is Parameters.ECPrivateKeyParameters serverPrv)
{
var ecDomainParam = serverPrv.Parameters;
var clientQ = TlsEccUtilities.DeserializeECPoint(new byte[] { 0x04 }, ecDomainParam.Curve, clientEcdhPubkey);
var clientPub = new Parameters.ECPublicKeyParameters(clientQ, ecDomainParam);
shared_secret = TlsEccUtilities.CalculateECDHBasicAgreement(clientPub, serverPrv);
}
else
{
throw new NotSupportedException("Unsupported KeyShare Group");
}
SharedSecret = shared_secret;
}
public static Transaction CreateCoinbaseTransaction(ECPublicKeyParameters publicKey, byte[] coinbase)
{
var tx = new Transaction
(
version: 1,
inputs: ImmutableArray.Create
(
new TxInput
(
previousTxOutputKey: new TxOutputKey
(
txHash: 0,
txOutputIndex: 0
),
scriptSignature: ImmutableArray.Create(coinbase),
sequence: 0
)
),
outputs: ImmutableArray.Create
(
new TxOutput
(
value: 50L * (100 * 1000 * 1000),
scriptPublicKey: ImmutableArray.Create(CreatePublicKeyScript(publicKey))
)
),
lockTime: 0
);
return tx;
}
private static bool VerifySignature(string message, byte[] public_key_bytes, string signature)
{
var curve = SecNamedCurves.GetByName("secp256r1");
var domain = new ECDomainParameters(curve.Curve, curve.G, curve.N, curve.H);
//var publicKeyBytes = Base58Encoding.Decode(publicKey);
//var publicKeyBytes = Base58Encoding.DecodeWithCheckSum(publicKey);
//var publicKeyBytes = Base58Encoding.DecodePublicKey(publicKey);
var q = curve.Curve.DecodePoint(public_key_bytes);
var keyParameters = new
Org.BouncyCastle.Crypto.Parameters.ECPublicKeyParameters(q,
domain);
ISigner signer = SignerUtilities.GetSigner("SHA-256withECDSA");
signer.Init(false, keyParameters);
signer.BlockUpdate(Encoding.UTF8.GetBytes(message), 0, message.Length);
var signatureBytes = Base58Encoding.Decode(signature);
var derSign = SignatureHelper.derSign(signatureBytes);
return(signer.VerifySignature(derSign));
}
// The ECMQV Primitive as described in SEC-1, 3.4
private static ECPoint CalculateMqvAgreement(
ECDomainParameters parameters,
ECPrivateKeyParameters d1U,
ECPrivateKeyParameters d2U,
ECPublicKeyParameters q2U,
ECPublicKeyParameters q1V,
ECPublicKeyParameters q2V)
{
var n = parameters.N;
var e = (n.BitLength + 1) / 2;
var powE = BigInteger.One.ShiftLeft(e);
// The Q2U public key is optional
var q = q2U == null ? parameters.G.Multiply(d2U.D) : q2U.Q;
var x = q.X.ToBigInteger();
var xBar = x.Mod(powE);
var q2UBar = xBar.SetBit(e);
var s = d1U.D.Multiply(q2UBar).Mod(n).Add(d2U.D).Mod(n);
var xPrime = q2V.Q.X.ToBigInteger();
var xPrimeBar = xPrime.Mod(powE);
var q2VBar = xPrimeBar.SetBit(e);
var hs = parameters.H.Multiply(s).Mod(n);
//ECPoint p = Q1V.Q.Multiply(Q2VBar).Add(Q2V.Q).Multiply(hs);
var p = ECAlgorithms.SumOfTwoMultiplies(
q1V.Q, q2VBar.Multiply(hs).Mod(n), q2V.Q, hs);
if (p.IsInfinity)
throw new InvalidOperationException("Infinity is not a valid agreement value for MQV");
return p;
}
public void TestECNR239bitPrime()
{
BigInteger r = new BigInteger("308636143175167811492623515537541734843573549327605293463169625072911693");
BigInteger s = new BigInteger("852401710738814635664888632022555967400445256405412579597015412971797143");
byte[] kData = new BigInteger("700000017569056646655505781757157107570501575775705779575555657156756655").ToByteArrayUnsigned();
SecureRandom k = FixedSecureRandom.From(kData);
ECCurve curve = new FpCurve(
new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"), // q
new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16), // a
new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16)); // b
ECDomainParameters spec = new ECDomainParameters(
curve,
curve.DecodePoint(Hex.Decode("020ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf")), // G
new BigInteger("883423532389192164791648750360308884807550341691627752275345424702807307")); // n
ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
new BigInteger("876300101507107567501066130761671078357010671067781776716671676178726717"), // d
spec);
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
curve.DecodePoint(Hex.Decode("025b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c70")), // Q
spec);
ISigner sgr = SignerUtilities.GetSigner("SHA1withECNR");
byte[] message = new byte[] { (byte)'a', (byte)'b', (byte)'c' };
checkSignature(239, priKey, pubKey, sgr, k, message, r, s);
}
public void TestECNR192bitPrime()
{
IBigInteger r = new BigInteger("2474388605162950674935076940284692598330235697454145648371");
IBigInteger s = new BigInteger("2997192822503471356158280167065034437828486078932532073836");
byte[] kData = new BigInteger("dcc5d1f1020906df2782360d36b2de7a17ece37d503784af", 16).ToByteArrayUnsigned();
SecureRandom k = FixedSecureRandom.From(kData);
FPCurve curve = new FPCurve(
new BigInteger("6277101735386680763835789423207666416083908700390324961279"), // q (or p)
new BigInteger("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", 16), // a
new BigInteger("64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1", 16)); // b
ECDomainParameters spec = new ECDomainParameters(
curve,
curve.DecodePoint(Hex.Decode("03188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012")), // G
new BigInteger("6277101735386680763835789423176059013767194773182842284081")); // n
ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
new BigInteger("651056770906015076056810763456358567190100156695615665659"), // d
spec);
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
curve.DecodePoint(Hex.Decode("0262B12D60690CDCF330BABAB6E69763B471F994DD702D16A5")), // Q
spec);
ISigner sgr = SignerUtilities.GetSigner("SHA1withECNR");
byte[] message = new byte[] { (byte)'a', (byte)'b', (byte)'c' };
checkSignature(192, priKey, pubKey, sgr, k, message, r, s);
}
public void TestECNR239bitPrime()
{
BigInteger r = new BigInteger("308636143175167811492623515537541734843573549327605293463169625072911693");
BigInteger s = new BigInteger("852401710738814635664888632022555967400445256405412579597015412971797143");
byte[] kData = new BigInteger("700000017569056646655505781757157107570501575775705779575555657156756655").ToByteArrayUnsigned();
SecureRandom k = FixedSecureRandom.From(kData);
X9ECParameters p = X962NamedCurves.GetByOid(X9ObjectIdentifiers.Prime239v1);
ECDomainParameters spec = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
ECCurve curve = spec.Curve;
ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
new BigInteger("876300101507107567501066130761671078357010671067781776716671676178726717"), // d
spec);
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
curve.DecodePoint(Hex.Decode("025b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c70")), // Q
spec);
ISigner sgr = SignerUtilities.GetSigner("SHA1withECNR");
byte[] message = new byte[] { (byte)'a', (byte)'b', (byte)'c' };
checkSignature(239, priKey, pubKey, sgr, k, message, r, s);
}
public MemoryBlockchain(Block? genesisBlock = null)
{
this.shutdownToken = new CancellationToken();
this.random = new Random();
// create the key pair that block rewards will be sent to
var keyPair = TransactionManager.CreateKeyPair();
this._coinbasePrivateKey = keyPair.Item1;
this._coinbasePublicKey = keyPair.Item2;
// initialize unit test storage
this._storageContext = new MemoryStorageContext();
this._cacheContext = new CacheContext(this._storageContext);
// initialize unit test rules
this._rules = new UnitTestRules(this._cacheContext);
// initialize blockchain calculator
this._calculator = new BlockchainCalculator(this._rules, this._cacheContext, this.shutdownToken);
// create and mine the genesis block
this._genesisBlock = genesisBlock ?? MineEmptyBlock(0);
// update genesis blockchain and add to storage
this._rules.SetGenesisBlock(this._genesisBlock);
this._currentBlockchain = this._rules.GenesisBlockchain;
this._genesisChainedBlock = AddBlock(this._genesisBlock, null).Item2;
}
protected void SetVerifier(ECPoint pub)
{
Verifier = new ECDsaSigner();
ECPublicKeyParameters parameters = new ECPublicKeyParameters(
pub, Secp256K1.Parameters());
Verifier.Init(false, parameters);
}
public MqvPrivateParameters(
ECPrivateKeyParameters staticPrivateKey,
ECPrivateKeyParameters ephemeralPrivateKey,
ECPublicKeyParameters ephemeralPublicKey)
{
if (staticPrivateKey == null)
throw new ArgumentNullException("staticPrivateKey");
if (ephemeralPrivateKey == null)
throw new ArgumentNullException("ephemeralPrivateKey");
ECDomainParameters parameters = staticPrivateKey.Parameters;
if (!parameters.Equals(ephemeralPrivateKey.Parameters))
throw new ArgumentException("Static and ephemeral private keys have different domain parameters");
if (ephemeralPublicKey == null)
{
ephemeralPublicKey = new ECPublicKeyParameters(
parameters.G.Multiply(ephemeralPrivateKey.D),
parameters);
}
else if (!parameters.Equals(ephemeralPublicKey.Parameters))
{
throw new ArgumentException("Ephemeral public key has different domain parameters");
}
this.staticPrivateKey = staticPrivateKey;
this.ephemeralPrivateKey = ephemeralPrivateKey;
this.ephemeralPublicKey = ephemeralPublicKey;
}
public ECDiffieHellmanBc(Int32 keySize)
{
Org.BouncyCastle.Asn1.X9.X9ECParameters ecParams;
switch (keySize) {
case 256:
ecParams = Org.BouncyCastle.Asn1.Sec.SecNamedCurves.GetByName("secp256r1");
break;
case 384:
ecParams = Org.BouncyCastle.Asn1.Sec.SecNamedCurves.GetByName("secp384r1");
break;
case 521:
ecParams = Org.BouncyCastle.Asn1.Sec.SecNamedCurves.GetByName("secp521r1");
break;
default:
throw new ArgumentException("ECDiffieHellman key size " + keySize + " not supported");
}
_keySize = keySize;
_domainParameters = new ECDomainParameters(ecParams.Curve, ecParams.G, ecParams.N, ecParams.H, ecParams.GetSeed());
// Initialize key generation parameters with new SecureRandom
Org.BouncyCastle.Security.SecureRandom secureRandom = new Org.BouncyCastle.Security.SecureRandom();
ECKeyGenerationParameters keyGenParams = new ECKeyGenerationParameters(_domainParameters, secureRandom);
// Generate key pair from domain parameters
Org.BouncyCastle.Crypto.Generators.ECKeyPairGenerator generator = new Org.BouncyCastle.Crypto.Generators.ECKeyPairGenerator();
generator.Init(keyGenParams);
Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keyPair = generator.GenerateKeyPair();
// Save the private and public key parameters
_privateKeyParameters = (ECPrivateKeyParameters) keyPair.Private;
_publicKeyParameters = (ECPublicKeyParameters) keyPair.Public;
_kdf = ECDiffieHellmanKeyDerivationFunction.Hash;
_hashAlgorithm = CngAlgorithm.Sha256;
}
public void TestECDsa192bitPrime()
{
BigInteger r = new BigInteger("3342403536405981729393488334694600415596881826869351677613");
BigInteger s = new BigInteger("5735822328888155254683894997897571951568553642892029982342");
byte[] kData = BigIntegers.AsUnsignedByteArray(new BigInteger("6140507067065001063065065565667405560006161556565665656654"));
SecureRandom k = FixedSecureRandom.From(kData);
FpCurve curve = new FpCurve(
new BigInteger("6277101735386680763835789423207666416083908700390324961279"), // q
new BigInteger("fffffffffffffffffffffffffffffffefffffffffffffffc", 16), // a
new BigInteger("64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1", 16)); // b
ECDomainParameters parameters = new ECDomainParameters(
curve,
curve.DecodePoint(Hex.Decode("03188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012")), // G
new BigInteger("6277101735386680763835789423176059013767194773182842284081")); // n
ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
"ECDSA",
new BigInteger("651056770906015076056810763456358567190100156695615665659"), // d
parameters);
ParametersWithRandom param = new ParametersWithRandom(priKey, k);
ECDsaSigner ecdsa = new ECDsaSigner();
ecdsa.Init(true, param);
byte[] message = new BigInteger("968236873715988614170569073515315707566766479517").ToByteArray();
BigInteger[] sig = ecdsa.GenerateSignature(message);
if (!r.Equals(sig[0]))
{
Fail("r component wrong." + SimpleTest.NewLine
+ " expecting: " + r + SimpleTest.NewLine
+ " got : " + sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail("s component wrong." + SimpleTest.NewLine
+ " expecting: " + s + SimpleTest.NewLine
+ " got : " + sig[1]);
}
// Verify the signature
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
"ECDSA",
curve.DecodePoint(Hex.Decode("0262b12d60690cdcf330babab6e69763b471f994dd702d16a5")), // Q
parameters);
ecdsa.Init(false, pubKey);
if (!ecdsa.VerifySignature(message, sig[0], sig[1]))
{
Fail("verification fails");
}
}
private static Org.BouncyCastle.Crypto.Parameters.ECPublicKeyParameters getPublicKeyFromPemFile(string pemFilename)
{
StreamReader fileStream = System.IO.File.OpenText(pemFilename);
PemReader pemReader = new PemReader(fileStream);
Org.BouncyCastle.Crypto.Parameters.ECPublicKeyParameters ss = (Org.BouncyCastle.Crypto.Parameters.ECPublicKeyParameters)pemReader.ReadObject();
return(ss);
}
public void GenerateEphemeralKey()
{
EllipticCurveParameters = EllipticCurveFactory.GetEllipticCurveParameters(Curve);
ECKeyPairGenerator keyPairGenerator = new ECKeyPairGenerator();
SecureRandom random = new SecureRandom();
keyPairGenerator.Init(new ECKeyGenerationParameters(EllipticCurveParameters, random));
AsymmetricCipherKeyPair keys = keyPairGenerator.GenerateKeyPair();
PrivateKey = (ECPrivateKeyParameters)keys.Private;
PublicKey = (ECPublicKeyParameters)keys.Public;
}
public byte[] CreatePublicAddress(ECPublicKeyParameters publicKey)
{
var publicAddress =
new byte[] { 0x04 }
.Concat(publicKey.Q.X.ToBigInteger().ToByteArrayUnsigned())
.Concat(publicKey.Q.Y.ToBigInteger().ToByteArrayUnsigned());
//Debug.WriteLine("Public Address: {0}".Format2(publicAddress.ToHexDataString()));
return publicAddress;
}
public TestBlocks(TestBlocks parent)
{
this.random = parent.random;
this.txManager = parent.txManager;
this.coinbasePrivateKey = parent.coinbasePrivateKey;
this.coinbasePublicKey = parent.coinbasePublicKey;
this.miner = parent.miner;
this.rules = parent.rules;
this.blocks = parent.blocks.ToImmutable().ToBuilder();
this.chain = parent.chain.ToImmutable().ToBuilder();
}
public MqvPublicParameters(
ECPublicKeyParameters staticPublicKey,
ECPublicKeyParameters ephemeralPublicKey)
{
if (staticPublicKey == null)
throw new ArgumentNullException("staticPublicKey");
if (ephemeralPublicKey == null)
throw new ArgumentNullException("ephemeralPublicKey");
if (!staticPublicKey.Parameters.Equals(ephemeralPublicKey.Parameters))
throw new ArgumentException("Static and ephemeral public keys have different domain parameters");
this.staticPublicKey = staticPublicKey;
this.ephemeralPublicKey = ephemeralPublicKey;
}
private void ecNR239bitPrime()
{
BigInteger n = new BigInteger("883423532389192164791648750360308884807550341691627752275345424702807307");
FpCurve curve = new FpCurve(
new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"), // q
new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16), // a
new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16), // b
n, BigInteger.One);
ECDomainParameters parameters = new ECDomainParameters(
curve,
curve.DecodePoint(Hex.Decode("020ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf")), // G
n);
ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
new BigInteger("876300101507107567501066130761671078357010671067781776716671676178726717"), // d
parameters);
ECNRSigner ecnr = new ECNRSigner();
ParametersWithRandom param = new ParametersWithRandom(priKey, k);
ecnr.Init(true, param);
byte[] message = new BigInteger("968236873715988614170569073515315707566766479517").ToByteArray();
BigInteger[] sig = ecnr.GenerateSignature(message);
if (!r.Equals(sig[0]))
{
Fail("r component wrong.", r, sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail("s component wrong.", s, sig[1]);
}
// Verify the signature
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
curve.DecodePoint(Hex.Decode("025b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c70")), // Q
parameters);
ecnr.Init(false, pubKey);
if (!ecnr.VerifySignature(message, sig[0], sig[1]))
{
Fail("signature fails");
}
}
public static bool Verify(byte[] data, byte[] sigBytes, BigInteger pub)
{
EcdsaSignature signature = EcdsaSignature.DecodeFromDer(sigBytes);
var signer = new ECDsaSigner();
ECPoint pubPoint = Secp256K1.Curve().DecodePoint(pub.ToByteArray());
var parameters = new ECPublicKeyParameters(pubPoint, Secp256K1.Params());
signer.Init(false, parameters);
try
{
return signer.VerifySignature(data, signature.R, signature.S);
}
catch (Exception)
{
return false;
}
}
public ECDsaBouncyCastle(byte[] encodedKey, bool isPrivateKey)
{
ContractsCommon.NotNull(encodedKey, "encodedKey");
var secp256k1 = SecP256k1;
if (isPrivateKey)
{
var d = new BigInteger(encodedKey);
_publicKey = new ECPublicKeyParameters(secp256k1.G.Multiply(d), secp256k1);
_privateKey = new ECPrivateKeyParameters(d, secp256k1);
}
else
{
_publicKey = new ECPublicKeyParameters(secp256k1.Curve.DecodePoint(encodedKey), secp256k1);
}
}
public virtual void ProcessServerCertificate(Certificate serverCertificate)
{
X509CertificateStructure x509Cert = serverCertificate.GetCertificateAt(0);
SubjectPublicKeyInfo keyInfo = x509Cert.SubjectPublicKeyInfo;
try
{
this.serverPublicKey = PublicKeyFactory.CreateKey(keyInfo);
}
catch (Exception)
{
throw new TlsFatalAlert(AlertDescription.unsupported_certificate);
}
if (tlsSigner == null)
{
try
{
this.ecAgreeServerPublicKey = ValidateECPublicKey((ECPublicKeyParameters)this.serverPublicKey);
}
catch (InvalidCastException)
{
throw new TlsFatalAlert(AlertDescription.certificate_unknown);
}
TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.KeyAgreement);
}
else
{
if (!tlsSigner.IsValidPublicKey(this.serverPublicKey))
{
throw new TlsFatalAlert(AlertDescription.certificate_unknown);
}
TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.DigitalSignature);
}
// TODO
/*
* Perform various checks per RFC2246 7.4.2: "Unless otherwise specified, the
* signing algorithm for the certificate must be the same as the algorithm for the
* certificate key."
*/
}
public byte[] CreatePrivateKeyScript(Transaction tx, int inputIndex, byte hashType, ECPrivateKeyParameters privateKey, ECPublicKeyParameters publicKey)
{
//TODO
var scriptEngine = new ScriptEngine();
var publicAddress = CreatePublicAddress(publicKey);
var publicKeyScript = CreatePublicKeyScript(publicAddress);
var txSignature = scriptEngine.TxSignature(publicKeyScript, tx, inputIndex, hashType);
var txSignatureHash = SHA256Static.ComputeDoubleHash(txSignature);
//Debug.WriteLine("Signing Tx: {0}".Format2(txSignature.ToHexDataString()));
//Debug.WriteLine("Signing Tx Hash: {0}".Format2(txSignatureHash.ToHexDataString()));
var signer = new ECDsaSigner();
signer.Init(forSigning: true, parameters: privateKey);
var signature = signer.GenerateSignature(txSignatureHash);
var r = signature[0];
var s = signature[1];
byte[] sigEncoded;
using (var stream = new MemoryStream())
{
using (var asn1Stream = new Asn1OutputStream(stream))
{
asn1Stream.WriteObject(new DerSequence(new DerInteger(r), new DerInteger(s)));
}
sigEncoded = stream.ToArray().Concat(hashType);
}
//Debug.WriteLine("Sig R: {0}".Format2(r.ToHexNumberStringUnsigned()));
//Debug.WriteLine("Sig S: {0}".Format2(s.ToHexNumberStringUnsigned()));
//Debug.WriteLine("Sig Encoded: {0}".Format2(sigEncoded.ToHexDataString()));
using (var privateKeyScript = new ScriptBuilder())
{
privateKeyScript.WritePushData(sigEncoded);
privateKeyScript.WritePushData(publicAddress);
//Debug.WriteLine("Private Script: {0}".Format2(privateKeyScript.GetScript().ToHexDataString()));
return privateKeyScript.GetScript();
}
}
public string GetPublicKey(byte[] privKey)
{
var privHex = BitConverter.ToString(privKey).Replace("-", "");
privHex = privHex.Substring(104, (privHex.Length - 104));
privKey = StringToByteArray(privHex);
Org.BouncyCastle.Math.BigInteger d = new Org.BouncyCastle.Math.BigInteger(privKey);
this.privateKeyParameters = new Org.BouncyCastle.Crypto.Parameters.ECPrivateKeyParameters(d, domain);
Org.BouncyCastle.Math.EC.ECPoint q = domain.G.Multiply(d);
this.pubKeyParameters = new Org.BouncyCastle.Crypto.Parameters.ECPublicKeyParameters(q, domain);
//strip first byte
var pubBytes = this.pubKeyParameters.Q.GetEncoded();
var pubHex = BitConverter.ToString(pubBytes).Replace("-", "");
var strippedPubBytes = StringToByteArray(pubHex.Substring(2, (pubHex.Length - 2)));
return("MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAE" + Convert.ToBase64String(strippedPubBytes));
}
// Method to verify transaction signature when server receives new blockchain from connected nodes
public static bool VerifySignature(string message, string publicKey, string signature)
{
var curve = SecNamedCurves.GetByName("secp256k1");
var domain = new ECDomainParameters(curve.Curve, curve.G, curve.N, curve.H);
var publicKeyBytes = Base58Encoding.Decode(publicKey);
var q = curve.Curve.DecodePoint(publicKeyBytes);
var keyParameters = new Org.BouncyCastle.Crypto.Parameters.ECPublicKeyParameters(q, domain);
ISigner signer = SignerUtilities.GetSigner("SHA-256withECDSA");
signer.Init(false, keyParameters);
signer.BlockUpdate(Encoding.ASCII.GetBytes(message), 0, message.Length);
var signatureBytes = Base58Encoding.Decode(signature);
return(signer.VerifySignature(signatureBytes));
}
public MqvPublicParameters(
ECPublicKeyParameters staticPublicKey,
ECPublicKeyParameters ephemeralPublicKey)
{
if (staticPublicKey == null)
{
throw new ArgumentNullException("staticPublicKey");
}
if (ephemeralPublicKey == null)
{
throw new ArgumentNullException("ephemeralPublicKey");
}
if (!staticPublicKey.Parameters.Equals(ephemeralPublicKey.Parameters))
{
throw new ArgumentException("Static and ephemeral public keys have different domain parameters");
}
this.staticPublicKey = staticPublicKey;
this.ephemeralPublicKey = ephemeralPublicKey;
}
public ECDsaBouncyCastle()
{
var secp256k1 = SecP256k1;
var privateKey = new byte[secp256k1.N.BitLength];
BigInteger d;
using (var cryptoRng = RandomNumberGenerator.Create())
{
do
{
cryptoRng.GetBytes(privateKey);
d = new BigInteger(1, privateKey);
}
while (d.SignValue == 0 || (d.CompareTo(secp256k1.N) >= 0));
}
_publicKey = new ECPublicKeyParameters(secp256k1.G.Multiply(d), secp256k1);
_privateKey = new ECPrivateKeyParameters(d, secp256k1);
}
public void TestEC()
{
BigInteger ECParraGX = new BigInteger(Base64.Decode("D/qWPNyogWzMM7hkK+35BcPTWFc9Pyf7vTs8uaqv"));
BigInteger ECParraGY = new BigInteger(Base64.Decode("AhQXGxb1olGRv6s1LPRfuatMF+cx3ZTGgzSE/Q5R"));
BigInteger ECParraH = new BigInteger(Base64.Decode("AQ=="));
BigInteger ECParraN = new BigInteger(Base64.Decode("f///////////////f///nl6an12QcfvRUiaIkJ0L"));
BigInteger ECPubQX = new BigInteger(Base64.Decode("HWWi17Yb+Bm3PYr/DMjLOYNFhyOwX1QY7ZvqqM+l"));
BigInteger ECPubQY = new BigInteger(Base64.Decode("JrlJfxu3WGhqwtL/55BOs/wsUeiDFsvXcGhB8DGx"));
BigInteger ECPrivD = new BigInteger(Base64.Decode("GYQmd/NF1B+He1iMkWt3by2Az6Eu07t0ynJ4YCAo"));
FpCurve curve = new FpCurve(
new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"), // q
new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16), // a
new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16)); // b
ECDomainParameters ecDomain =
new ECDomainParameters(
curve,
new FpPoint(curve,
curve.FromBigInteger(ECParraGX),
curve.FromBigInteger(ECParraGY)),
ECParraN);
ECPublicKeyParameters ecPub = new ECPublicKeyParameters(
new FpPoint(
curve,
curve.FromBigInteger(ECPubQX),
curve.FromBigInteger(ECPubQY)),
ecDomain);
ECPrivateKeyParameters ecPriv = new ECPrivateKeyParameters(ECPrivD, ecDomain);
SubjectPublicKeyInfo subinfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(ecPub);
PrivateKeyInfo privInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(ecPriv);
ECPublicKeyParameters tecPub = (ECPublicKeyParameters)PublicKeyFactory.CreateKey(subinfo);
ECPrivateKeyParameters tecPriv = (ECPrivateKeyParameters)PrivateKeyFactory.CreateKey(privInfo);
Assert.IsTrue(tecPub.Equals(ecPub), "EC: public key to info back to public key");
Assert.IsTrue(tecPriv.Equals(ecPriv), "EC: private key to info back to private key");
}
public override void ProcessServerCertificate(Certificate serverCertificate)
{
if (serverCertificate.IsEmpty)
throw new TlsFatalAlert(AlertDescription.bad_certificate);
X509CertificateStructure x509Cert = serverCertificate.GetCertificateAt(0);
SubjectPublicKeyInfo keyInfo = x509Cert.SubjectPublicKeyInfo;
try
{
this.mServerPublicKey = PublicKeyFactory.CreateKey(keyInfo);
}
catch (Exception e)
{
throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e);
}
if (mTlsSigner == null)
{
try
{
this.mECAgreePublicKey = TlsEccUtilities.ValidateECPublicKey((ECPublicKeyParameters) this.mServerPublicKey);
}
catch (InvalidCastException e)
{
throw new TlsFatalAlert(AlertDescription.certificate_unknown, e);
}
TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.KeyAgreement);
}
else
{
if (!mTlsSigner.IsValidPublicKey(this.mServerPublicKey))
throw new TlsFatalAlert(AlertDescription.certificate_unknown);
TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.DigitalSignature);
}
base.ProcessServerCertificate(serverCertificate);
}
// The ECMQV Primitive as described in SEC-1, 3.4
private static ECPoint CalculateMqvAgreement(
ECDomainParameters parameters,
ECPrivateKeyParameters d1U,
ECPrivateKeyParameters d2U,
ECPublicKeyParameters Q2U,
ECPublicKeyParameters Q1V,
ECPublicKeyParameters Q2V)
{
BigInteger n = parameters.N;
int e = (n.BitLength + 1) / 2;
BigInteger powE = BigInteger.One.ShiftLeft(e);
ECCurve curve = parameters.Curve;
ECPoint[] points = new ECPoint[]{
// The Q2U public key is optional - but will be calculated for us if it wasn't present
ECAlgorithms.ImportPoint(curve, Q2U.Q),
ECAlgorithms.ImportPoint(curve, Q1V.Q),
ECAlgorithms.ImportPoint(curve, Q2V.Q)
};
curve.NormalizeAll(points);
ECPoint q2u = points[0], q1v = points[1], q2v = points[2];
BigInteger x = q2u.AffineXCoord.ToBigInteger();
BigInteger xBar = x.Mod(powE);
BigInteger Q2UBar = xBar.SetBit(e);
BigInteger s = d1U.D.Multiply(Q2UBar).Add(d2U.D).Mod(n);
BigInteger xPrime = q2v.AffineXCoord.ToBigInteger();
BigInteger xPrimeBar = xPrime.Mod(powE);
BigInteger Q2VBar = xPrimeBar.SetBit(e);
BigInteger hs = parameters.H.Multiply(s).Mod(n);
return ECAlgorithms.SumOfTwoMultiplies(
q1v, Q2VBar.Multiply(hs).Mod(n), q2v, hs);
}
public TestBlocks(Block genesisBlock = null)
{
// create the key pair that block rewards will be sent to
var keyPair = txManager.CreateKeyPair();
coinbasePrivateKey = keyPair.Item1;
coinbasePublicKey = keyPair.Item2;
// create and mine the genesis block
genesisBlock = genesisBlock ?? MineEmptyBlock(UInt256.Zero);
// initialize unit test rules
rules = new UnitTestRules()
{
// disable execution of rules validation
ValidateTransactionAction = (_, __) => { },
ValidationTransactionScriptAction = (_, __, ___, ____, _____) => { }
};
ChainParams.SetGenesisBlock(genesisBlock);
blocks.Add(genesisBlock);
chain.AddBlock(ChainParams.GenesisChainedHeader);
}
public MqvPrivateParameters(
ECPrivateKeyParameters staticPrivateKey,
ECPrivateKeyParameters ephemeralPrivateKey,
ECPublicKeyParameters ephemeralPublicKey)
{
if (staticPrivateKey == null)
{
throw new ArgumentNullException("staticPrivateKey");
}
if (ephemeralPrivateKey == null)
{
throw new ArgumentNullException("ephemeralPrivateKey");
}
ECDomainParameters parameters = staticPrivateKey.Parameters;
if (!parameters.Equals(ephemeralPrivateKey.Parameters))
{
throw new ArgumentException("Static and ephemeral private keys have different domain parameters");
}
if (ephemeralPublicKey == null)
{
ephemeralPublicKey = new ECPublicKeyParameters(
parameters.G.Multiply(ephemeralPrivateKey.D),
parameters);
}
else if (!parameters.Equals(ephemeralPublicKey.Parameters))
{
throw new ArgumentException("Ephemeral public key has different domain parameters");
}
this.staticPrivateKey = staticPrivateKey;
this.ephemeralPrivateKey = ephemeralPrivateKey;
this.ephemeralPublicKey = ephemeralPublicKey;
}
protected override void GenerateMasterSecret(byte[] clientEcdhPubkey, byte[] clientRandom, byte[] serverRandom, object privateParameters)
{
var pre_master = new byte[32];
if (privateParameters is Parameters.X25519PrivateKeyParameters x25519Prv)
{
var clientPub = new Parameters.X25519PublicKeyParameters(clientEcdhPubkey, 0);
x25519Prv.GenerateSecret(clientPub, pre_master, 0);
}
else if (privateParameters is Parameters.X448PrivateKeyParameters x448Prv)
{
var clientPub = new Parameters.X448PublicKeyParameters(clientEcdhPubkey, 0);
x448Prv.GenerateSecret(clientPub, pre_master, 0);
}
else if (privateParameters is Parameters.ECPrivateKeyParameters serverPrv)
{
var ecDomainParam = serverPrv.Parameters;
var clientQ = TlsEccUtilities.DeserializeECPoint(new byte[] { 0x04 }, ecDomainParam.Curve, clientEcdhPubkey);
var clientPub = new Parameters.ECPublicKeyParameters(clientQ, ecDomainParam);
pre_master = TlsEccUtilities.CalculateECDHBasicAgreement(clientPub, serverPrv);
}
MasterSecret = RandomFunction.PRF.GetBytes_HMACSHA256(pre_master, "master secret", clientRandom.Concat(serverRandom).ToArray(), 48);
}
private ECPublicKeyParameters SetPublicUncompressed(
ECPublicKeyParameters key)
{
ECPoint p = key.Q.Normalize();
return new ECPublicKeyParameters(
key.AlgorithmName,
p.Curve.CreatePoint(p.XCoord.ToBigInteger(), p.YCoord.ToBigInteger()),
key.Parameters);
}
private void StaticTest()
{
FpCurve curve = new FpCurve(
new BigInteger("6277101735386680763835789423207666416083908700390324961279"), // q
new BigInteger("fffffffffffffffffffffffffffffffefffffffffffffffc", 16), // a
new BigInteger("64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1", 16)); // b
ECDomainParameters parameters = new ECDomainParameters(
curve,
curve.DecodePoint(Hex.Decode("03188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012")), // G
new BigInteger("6277101735386680763835789423176059013767194773182842284081")); // n
ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
"ECDH",
new BigInteger("651056770906015076056810763456358567190100156695615665659"), // d
parameters);
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
"ECDH",
curve.DecodePoint(Hex.Decode("0262b12d60690cdcf330babab6e69763b471f994dd702d16a5")), // Q
parameters);
AsymmetricCipherKeyPair p1 = new AsymmetricCipherKeyPair(pubKey, priKey);
AsymmetricCipherKeyPair p2 = new AsymmetricCipherKeyPair(pubKey, priKey);
//
// stream test
//
IesEngine i1 = new IesEngine(
new ECDHBasicAgreement(),
new Kdf2BytesGenerator(new Sha1Digest()),
new HMac(new Sha1Digest()));
IesEngine i2 = new IesEngine(
new ECDHBasicAgreement(),
new Kdf2BytesGenerator(new Sha1Digest()),
new HMac(new Sha1Digest()));
byte[] d = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8 };
byte[] e = new byte[] { 8, 7, 6, 5, 4, 3, 2, 1 };
IesParameters p = new IesParameters(d, e, 64);
i1.Init(true, p1.Private, p2.Public, p);
i2.Init(false, p2.Private, p1.Public, p);
byte[] message = Hex.Decode("1234567890abcdef");
byte[] out1 = i1.ProcessBlock(message, 0, message.Length);
if (!AreEqual(out1, Hex.Decode("468d89877e8238802403ec4cb6b329faeccfa6f3a730f2cdb3c0a8e8")))
{
Fail("stream cipher test failed on enc");
}
byte[] out2 = i2.ProcessBlock(out1, 0, out1.Length);
if (!AreEqual(out2, message))
{
Fail("stream cipher test failed");
}
//
// twofish with CBC
//
BufferedBlockCipher c1 = new PaddedBufferedBlockCipher(
new CbcBlockCipher(new TwofishEngine()));
BufferedBlockCipher c2 = new PaddedBufferedBlockCipher(
new CbcBlockCipher(new TwofishEngine()));
i1 = new IesEngine(
new ECDHBasicAgreement(),
new Kdf2BytesGenerator(new Sha1Digest()),
new HMac(new Sha1Digest()),
c1);
i2 = new IesEngine(
new ECDHBasicAgreement(),
new Kdf2BytesGenerator(new Sha1Digest()),
new HMac(new Sha1Digest()),
c2);
d = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8 };
e = new byte[] { 8, 7, 6, 5, 4, 3, 2, 1 };
p = new IesWithCipherParameters(d, e, 64, 128);
i1.Init(true, p1.Private, p2.Public, p);
i2.Init(false, p2.Private, p1.Public, p);
message = Hex.Decode("1234567890abcdef");
out1 = i1.ProcessBlock(message, 0, message.Length);
if (!AreEqual(out1, Hex.Decode("b8a06ea5c2b9df28b58a0a90a734cde8c9c02903e5c220021fe4417410d1e53a32a71696")))
{
Fail("twofish cipher test failed on enc");
}
out2 = i2.ProcessBlock(out1, 0, out1.Length);
if (!AreEqual(out2, message))
{
Fail("twofish cipher test failed");
}
}
private void button2_Click(object sender, EventArgs ea)
{
ECGost3410Signer signer = new ECGost3410Signer();
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
"ECGOST3410",
new FpPoint(curve,
new FpFieldElement(mod_p, TextBoxToBigInteger16(tbValPublicX)), // x
new FpFieldElement(mod_p, TextBoxToBigInteger16(tbValPublicY))), // y
parameters);
BigInteger H = TextBoxToBigInteger16(tbH);
BigInteger rs = TextBoxToBigInteger16(tbrs);
BigInteger ss = TextBoxToBigInteger16(tbss);
BigInteger q = parameters.N;
//FpPoint G = (FpPoint)parameters.G;
//FpPoint Q = new FpPoint(curve, new FpFieldElement(mod_p, TextBoxToBigInteger16(tbValPublicX)), new FpFieldElement(mod_p, TextBoxToBigInteger16(tbValPublicY)));
BigInteger e = H.Mod(q);
byte[] ee = e.ToByteArray();
byte[] message = H.ToByteArray();
Array.Reverse(message);
signer.Init(false, pubKey);
MessageBox.Show(signer.VerifySignature(message, rs, ss).ToString(), "Проверка подписи");
//FpPoint C = (FpPoint)(G.Multiply(e.ModInverse(q).Multiply(ss).Mod(q)).Subtract(Q.Multiply(e.ModInverse(q).Multiply(rs).Mod(q))));
//BigInteger x = C.X.ToBigInteger();
}
protected bool Equals(ECPublicKeyParameters other)
{
return(this.q.Equals(other.q) && base.Equals(other));
}
public MqvPrivateParameters(ECPrivateKeyParameters staticPrivateKey, ECPrivateKeyParameters ephemeralPrivateKey, ECPublicKeyParameters ephemeralPublicKey)
{
this.staticPrivateKey = staticPrivateKey;
this.ephemeralPrivateKey = ephemeralPrivateKey;
this.ephemeralPublicKey = ephemeralPublicKey;
}
protected bool Equals(ECPublicKeyParameters other) => (this.q.Equals(other.q) && base.Equals((ECKeyParameters)other));
protected bool Equals(ECPublicKeyParameters other)
{
return(q.Equals(other.q) && Equals((ECKeyParameters)other));
}
