public static byte[] Sign(byte[] input, Org.BouncyCastle.Math.BigInteger privateKey, ECDomainParameters EcParameters) { var signer = new ECDsaSigner(); var privateKeyParameters = new ECPrivateKeyParameters(privateKey, EcParameters); signer.Init(true, privateKeyParameters); var signatures = signer.GenerateSignature(input); // What we get back from the signer are the two components of a signature, r and s. To get a flat byte stream // of the type used by BitCoin we have to encode them using DER encoding, which is just a way to pack the two // components into a structure. using (var byteOutputStream = new MemoryStream()) { var derSequenceGenerator = new DerSequenceGenerator(byteOutputStream); derSequenceGenerator.AddObject(new DerInteger(signatures[0])); derSequenceGenerator.AddObject(new DerInteger(signatures[1])); derSequenceGenerator.Close(); return(byteOutputStream.ToArray()); } }
public Byte[] signData(Byte[] data) { if (privKey == null) { throw new InvalidOperationException(); } ECDsaSigner signer = new ECDsaSigner(); signer.Init(true, new ECPrivateKeyParameters(new BigInteger(1, privKey), ecParams)); BigInteger[] sig = signer.GenerateSignature(data); using (MemoryStream ms = new MemoryStream()) using (Asn1OutputStream asn1stream = new Asn1OutputStream(ms)) { DerSequenceGenerator seq = new DerSequenceGenerator(asn1stream); seq.AddObject(new DerInteger(sig[0])); seq.AddObject(new DerInteger(sig[1])); seq.Close(); return(ms.ToArray()); } }
public static bool VerifyHashed(byte[] signature, byte[] publicKey, byte[] data) { var(sigR, sigS, _) = GetRSV(signature); try { X9ECParameters spec = ECNamedCurveTable.GetByName("secp256k1"); ECDomainParameters domain = new ECDomainParameters(spec.Curve, spec.G, spec.N); ECPublicKeyParameters publicKeyParams = new ECPublicKeyParameters(spec.Curve.DecodePoint(publicKey), domain); ECDsaSigner signer = new ECDsaSigner(); signer.Init(false, publicKeyParams); return(signer.VerifySignature(data, new BigInteger(1, sigR.ToByteArray()), new BigInteger(1, sigS.ToByteArray()))); } catch { return(false); } }
/// <summary> /// Calculates an ECDSA signature in DER format for the given input hash. Note that the input is expected to be /// 32 bytes long. /// </summary> public byte[] Sign(byte[] input) { var signer = new ECDsaSigner(); var privKey = new ECPrivateKeyParameters(_priv, _ecParams); signer.Init(true, privKey); var sigs = signer.GenerateSignature(input); // What we get back from the signer are the two components of a signature, r and s. To get a flat byte stream // of the type used by BitCoin we have to encode them using DER encoding, which is just a way to pack the two // components into a structure. using (var bos = new MemoryStream()) { var seq = new DerSequenceGenerator(bos); seq.AddObject(new DerInteger(sigs[0])); seq.AddObject(new DerInteger(sigs[1])); seq.Close(); return(bos.ToArray()); } }
public virtual void Init(bool forSigning, ICipherParameters parameters) { SecureRandom providedRandom = null; if (forSigning) { if (parameters is ParametersWithRandom rParam) { providedRandom = rParam.Random; parameters = rParam.Parameters; } _privateKey = parameters as PksEcPrivateKey ?? throw new InvalidKeyException("EC private key required for signing"); } else { _verifier = new ECDsaSigner(); _verifier.Init(false, parameters); } }
public Signature Sign(byte[] msg, byte[] prvKey) { var keyedHash = Blake2b.GetDigest(msg); var curve = SecNamedCurves.GetByName("secp256k1"); var parameters = new ECDomainParameters(curve.Curve, curve.G, curve.N, curve.H, curve.GetSeed()); var key = new ECPrivateKeyParameters(new BigInteger(prvKey), parameters); var signer = new ECDsaSigner(new HMacDsaKCalculator(new Blake2bDigest(256))); signer.Init(true, parameters: key); var rs = signer.GenerateSignature(keyedHash); if (rs[1].CompareTo(_MaxS) > 0) { rs[1] = _Order.Subtract(rs[1]); } var r = rs[0].ToByteArrayUnsigned(); var s = rs[1].ToByteArrayUnsigned(); return(new Signature(r.Concat(s), _SignaturePrefix)); }
/// <param name="hash"></param> /// <returns></returns> private byte[] GetSignature(byte[] hash) { ECDsaSigner signer = new ECDsaSigner(); signer.Init(true, GetPrivateKey()); var result = signer.GenerateSignature(hash); // Concated to create signature var a = result[0].ToByteArrayUnsigned(); var b = result[1].ToByteArrayUnsigned(); // a,b are required to be exactly the same length of bytes if (a.Length != b.Length) { var largestLength = Math.Max(a.Length, b.Length); a = ByteArrayPadLeft(a, largestLength); b = ByteArrayPadLeft(b, largestLength); } return(a.Concat(b).ToArray()); }
private byte[] SignEcDsa(IDigest digest, byte[] buffer, int length) { int digestSize = digest.GetDigestSize(); ECDsaSigner signer = new ECDsaSigner(); signer.Init(true, new ParametersWithRandom(PrivateKeyFactory.CreateKey(PrivateKey), _secureRandom)); digest.BlockUpdate(buffer, 0, length); byte[] hash = new byte[digest.GetDigestSize()]; digest.DoFinal(hash, 0); var signature = signer.GenerateSignature(hash); byte[] res = new byte[digestSize * 2]; signature[0].ToByteArrayUnsigned().CopyTo(res, 0); signature[1].ToByteArrayUnsigned().CopyTo(res, digestSize); return(res); }
internal static void Sign(IInvoice invoice, ECPrivateKeyParameters privateKey) { var digest = new KeccakDigest(256); digest.BlockUpdate(invoice.TxBytes.ToArray(), 0, invoice.TxBytes.Length); var hash = new byte[digest.GetByteLength()]; digest.DoFinal(hash, 0); var signer = new ECDsaSigner(new HMacDsaKCalculator(new Sha256Digest())); signer.Init(true, privateKey); var components = signer.GenerateSignature(hash); var encoded = new byte[64]; insert256Int(components[0], 0, encoded); insert256Int(components[1], 32, encoded); var publicKey = domain.G.Multiply(privateKey.D).GetEncoded(true); var prefix = new ReadOnlyMemory <byte>(publicKey, 0, Math.Min(Math.Max(6, invoice.MinimumDesiredPrefixSize), publicKey.Length)); invoice.AddSignature(KeyType.ECDSASecp256K1, prefix, encoded); }
public static byte[] BouncyCastleSign(byte[] hash, byte[] privateKey) { ECDsaSigner signer = new ECDsaSigner(new HMacDsaKCalculator(new Sha256Digest())); signer.Init(true, new ECPrivateKeyParameters(new BigInteger(privateKey), domain)); BigInteger[] signature = signer.GenerateSignature(hash); MemoryStream baos = new MemoryStream(); try { DerSequenceGenerator seq = new DerSequenceGenerator(baos); seq.AddObject(new DerInteger(signature[0])); seq.AddObject(new DerInteger(ToCanonicalS(signature[1]))); seq.Close(); return(baos.ToArray()); } catch (IOException) { return(new byte[0]); } }
public void TestECDsaKeyGenTest() { var random = new SecureRandom(); var curve = new FPCurve( new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"), // q new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16), // a new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16)); // b var parameters = new ECDomainParameters( curve, curve.DecodePoint(Hex.Decode("020ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf")), // G new BigInteger("883423532389192164791648750360308884807550341691627752275345424702807307")); // n var pGen = new ECKeyPairGenerator(); var genParam = new ECKeyGenerationParameters( parameters, random); pGen.Init(genParam); IAsymmetricCipherKeyPair pair = pGen.GenerateKeyPair(); var param = new ParametersWithRandom(pair.Private, random); var ecdsa = new ECDsaSigner(); ecdsa.Init(true, param); byte[] message = new BigInteger("968236873715988614170569073515315707566766479517").ToByteArray(); IBigInteger[] sig = ecdsa.GenerateSignature(message); ecdsa.Init(false, pair.Public); if (!ecdsa.VerifySignature(message, sig[0], sig[1])) { Fail("signature fails"); } }
public Byte[] signData(Byte[] data) { if (privKey == null) { throw new InvalidOperationException(); } ECDsaSigner signer = new ECDsaSigner(); signer.Init(true, new ECPrivateKeyParameters(new BigInteger(1, privKey), ecParams)); BigInteger[] sig = signer.GenerateSignature(data); using (MemoryStream ms = new MemoryStream()) using (Asn1OutputStream asn1stream = new Asn1OutputStream(ms)) { DerSequenceGenerator seq = new DerSequenceGenerator(asn1stream); seq.AddObject(new DerInteger(sig[0])); BigInteger s = sig[1]; string hexUpper = "7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0"; BigInteger upper = new BigInteger(hexUpper, 16); if (s.CompareTo(upper) > 0) { string hexOrder = "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141"; BigInteger order = new BigInteger(hexOrder, 16); s = order.Subtract(sig[1]); Console.WriteLine("Converted to low-s"); Console.WriteLine(sig[1].ToString(16)); Console.WriteLine(s.ToString(16)); } seq.AddObject(new DerInteger(s)); seq.Close(); return(ms.ToArray()); } }
private void DoTestHMacDetECDsa(IHash digest, byte[] data, ECKey privKey, BigInteger r, BigInteger s) { var m = new byte[digest.OutputSize]; digest.BlockUpdate(data, 0, data.Length); digest.DoFinal(m, 0); var signer = new ECDsaSigner(true, privKey, null, new HmacDsaKCalculator(digest)); BigInteger rOut, sOut; signer.GenerateSignature(m, out rOut, out sOut); if (!r.Equals(rOut)) { Assert.Fail("r value wrong"); } if (!s.Equals(sOut)) { Assert.Fail("s value wrong"); } }
private ECDSASignature doSign(byte[] input) { if (input.Length != 32) { throw new ArgumentException( "Expected 32 byte input to " + "ECDSA signature, not " + input.Length); } if (PrivateKey == null) { throw new MissingPrivateKeyException(); } var signer = new ECDsaSigner(new HMacDsaKCalculator(new Sha256Digest())); var privKeyParams = new ECPrivateKeyParameters(PrivateKey.D, CURVE); signer.Init(true, privKeyParams); var components = signer.GenerateSignature(input); return new ECDSASignature(components[0], components[1]).MakeCanonical(); }
public static string GetSignature(string privateKey, string messageBase64) { var curve = SecNamedCurves.GetByName("secp256k1"); var domain = new ECDomainParameters(curve.Curve, curve.G, curve.N, curve.H); var keyParameters = new ECPrivateKeyParameters(new Org.BouncyCastle.Math.BigInteger(privateKey), domain); ECDsaSigner signer = new ECDsaSigner(); signer.Init(true, keyParameters); BigInteger[] sig = signer.GenerateSignature(System.Convert.FromBase64String(messageBase64)); ECDSASignature Signature = new ECDSASignature(sig[0], sig[1]); using (MemoryStream ms = new MemoryStream()) using (Asn1OutputStream asn1stream = new Asn1OutputStream(ms)) { DerSequenceGenerator seq = new DerSequenceGenerator(asn1stream); seq.AddObject(new DerInteger(sig[0])); seq.AddObject(new DerInteger(sig[1])); seq.Close(); return(Convert.ToBase64String(ms.ToArray())); } }
public virtual Task <byte[]> Sign(byte[] data) { return(Task.Run(() => { data = CryptoHelper.Sha256(data); var ecdsa = new ECDsaSigner(); ecdsa.Init(true, PrivateKey); var signature = ecdsa.GenerateSignature(data); var r = signature[0].ToByteArray(); var s = signature[1].ToByteArray(); var buffer = new byte[r.Length + s.Length + 6]; buffer[0] = 0x30; buffer[1] = (byte)(buffer.Length - 2); buffer[2] = 0x02; buffer[3] = (byte)r.Length; Array.Copy(r, 0, buffer, 4, r.Length); buffer[r.Length + 4] = 0x02; buffer[r.Length + 4 + 1] = (byte)s.Length; Array.Copy(s, 0, buffer, r.Length + 4 + 2, s.Length); return buffer; })); }
public virtual ECSignature GetECSignature(ECPrivateKey privateKey, byte[] data, bool beDeterministic = false, bool enforceLowS = true) { var curve = SecNamedCurves.GetByName(CURVEALGO); var domain = new ECDomainParameters(curve.Curve, curve.G, curve.N, curve.H); IDsaKCalculator kCalculator; if (beDeterministic) { kCalculator = new HMacDsaKCalculator(new Sha256Digest()); } else { kCalculator = new RandomDsaKCalculator(); } ECDsaSigner signer = new ECDsaSigner(kCalculator); signer.Init(true, new ECPrivateKeyParameters(new BigInteger(1, privateKey.Base64Array), domain)); BigInteger[] components = signer.GenerateSignature(data); BigInteger r = components[0]; BigInteger s = components[1]; BigInteger curveOrder = domain.N; BigInteger halvCurveOrder = curveOrder.ShiftRight(1); bool sIsLow = s.CompareTo(halvCurveOrder) <= 0; if (enforceLowS && !sIsLow) { s = curveOrder.Subtract(s); } return(new ECSignature(r, s)); }
public static byte[] SignRFC6979(this ECDsa key, byte[] data) { var digest = new Sha256Digest(); var secp256r1 = SecNamedCurves.GetByName("secp256r1"); var ec_parameters = new ECDomainParameters(secp256r1.Curve, secp256r1.G, secp256r1.N); var private_key = new ECPrivateKeyParameters(new BigInteger(1, key.PrivateKey()), ec_parameters); var signer = new ECDsaSigner(new HMacDsaKCalculator(digest)); var hash = new byte[digest.GetDigestSize()]; digest.BlockUpdate(data, 0, data.Length); digest.DoFinal(hash, 0); signer.Init(true, private_key); var rs = signer.GenerateSignature(hash); var signature = new byte[RFC6979SignatureSize]; var rbytes = rs[0].ToByteArrayUnsigned(); var sbytes = rs[1].ToByteArrayUnsigned(); var index = RFC6979SignatureSize / 2 - rbytes.Length; rbytes.CopyTo(signature, index); index = RFC6979SignatureSize - sbytes.Length; sbytes.CopyTo(signature, index); return(signature); }
/// <summary> /// sign data with private key /// </summary> /// <param name="data">data to be signed</param> /// <returns>signed data</returns> public byte[] Sign(byte[] data) { byte[] hashed = Util.Blake2b(data); ECDsaSigner signer = new ECDsaSigner(); var order = SecNamedCurves.GetByName("secp256k1").Curve.Order; signer.Init(true, this.privateKey); var rs = signer.GenerateSignature(hashed); var r = rs[0]; var s = rs[1]; if (s.CompareTo(order.Divide(BigInteger.Two)) > 0) { s = order.Subtract(s); } var ms = new MemoryStream(72); var generate = new DerSequenceGenerator(ms); generate.AddObject(new DerInteger(r)); generate.AddObject(new DerInteger(s)); generate.Close(); return(ms.ToArray()); }
/// <summary> /// Get Switcheo NEO Signature /// </summary> /// <param name="message">Message to sign</param> /// <param name="privateKey">Private key of wallet</param> /// <returns>String of signed message</returns> private string GetSwitcheoNeoSignature(byte[] message, byte[] privateKey) { var curve = SecNamedCurves.GetByName("secp256r1"); var domain = new ECDomainParameters(curve.Curve, curve.G, curve.N, curve.H); var priv = new ECPrivateKeyParameters("ECDSA", (new Org.BouncyCastle.Math.BigInteger(1, privateKey)), domain); var signer = new ECDsaSigner(); var hash = new Sha256Digest(); hash.BlockUpdate(message, 0, message.Length); var result = new byte[32]; hash.DoFinal(result, 0); message = result; signer.Init(true, priv); var signature = signer.GenerateSignature(message); return(ProcessNeoSignature(signature)); }
/// <summary> /// Creates a Signature /// </summary> /// <param name="data"></param> /// <param name="privateKey"></param> /// <param name="curveName"></param> /// <returns></returns> public byte[] CreateSignature(byte[] data, byte[] privateKey, string curveName) { //Get the curve type ec parameters var ecp = TeleTrusTNamedCurves.GetByName(curveName); if (ecp == null) { ecp = NistNamedCurves.GetByName(curveName); } var domainParameters = new ECDomainParameters(ecp.Curve, ecp.G, ecp.N, ecp.H, ecp.GetSeed()); var myPriKey = new ECPrivateKeyParameters(new BigInteger(1, privateKey), domainParameters); //Create the signer and initialize with private key var dsa = new ECDsaSigner(); dsa.Init(true, myPriKey); //The signature halves must be equal in length BigInteger[] signature; do { signature = dsa.GenerateSignature(data); }while (signature[0].ToByteArrayUnsigned().Length != signature[1].ToByteArrayUnsigned().Length); //Save both halves in a list var sign = new List <byte>(); foreach (var bigInt in signature) { foreach (var bite in bigInt.ToByteArrayUnsigned()) { sign.Add(bite); } } return(sign.ToArray()); }
public bool VerifySignature(ImmutableArray <byte> scriptPubKey, Transaction tx, byte[] sig, byte[] pubKey, int inputIndex, out byte hashType, out byte[] txSignature, out byte[] txSignatureHash, out BigIntegerBouncy x, out BigIntegerBouncy y, out BigIntegerBouncy r, out BigIntegerBouncy s) { // get the 1-byte hashType off the end of sig hashType = sig[sig.Length - 1]; // get the DER encoded portion of sig, which is everything except the last byte (the last byte being hashType) var sigDER = sig.Take(sig.Length - 1).ToArray(); // get the simplified/signing version of the transaction txSignature = TxSignature(scriptPubKey, tx, inputIndex, hashType); // get the hash of the simplified/signing version of the transaction txSignatureHash = Crypto.DoubleSHA256(txSignature); // load pubKey ReadPubKey(pubKey, out x, out y); var publicKeyPoint = curve.Curve.CreatePoint(x, y, withCompression: false); var publicKeyParameters = new ECPublicKeyParameters(publicKeyPoint, domainParameters); // load sig ReadSigKey(sigDER, out r, out s); // init signer var signer = new ECDsaSigner(); signer.Init(forSigning: false, parameters: publicKeyParameters); // verify that sig is a valid signature from pubKey for the simplified/signing transaction's hash var txSignatureHash2 = txSignatureHash; var r2 = r; var s2 = s; //TODO var result = BypassVerifySignature || new MethodTimer(false).Time("ECDsa Verify", () => signer.VerifySignature(txSignatureHash2.ToArray(), r2, s2)); return(result); }
/// <summary> /// Verifies the signature /// </summary> /// <param name="data"></param> /// <param name="signature"></param> /// <param name="publicKey"></param> /// <param name="curveName"></param> /// <returns></returns> public bool VerifiySignature(byte[] data, byte[] signature, byte[] publicKey, string curveName) { //Get curve type ec parameters var ecp = TeleTrusTNamedCurves.GetByName(curveName); if (ecp == null) { ecp = NistNamedCurves.GetByName(curveName); } var domainParameters = new ECDomainParameters(ecp.Curve, ecp.G, ecp.N, ecp.H, ecp.GetSeed()); var publicKeyParam = CreatePublicKeyParam(domainParameters, publicKey); //Create the signer and initialize with public key var dsa = new ECDsaSigner(); dsa.Init(false, publicKeyParam); var r = new BigInteger(1, signature.Take(signature.Length / 2).ToArray()); var s = new BigInteger(1, signature.Skip(signature.Length / 2).ToArray()); var verified = dsa.VerifySignature(data, r, s); return(verified); }
public bool Verify( HashDigest <T> messageHash, byte[] signature, PublicKey publicKey) { try { Asn1Sequence asn1Sequence = (Asn1Sequence)Asn1Object.FromByteArray(signature); var rs = new[] { ((DerInteger)asn1Sequence[0]).Value, ((DerInteger)asn1Sequence[1]).Value, }; var verifier = new ECDsaSigner(); verifier.Init(false, publicKey.KeyParam); return(verifier.VerifySignature(messageHash.ToByteArray(), rs[0], rs[1])); } catch (IOException) { return(false); } }
public void TestECDsa239bitBinaryAndLargeDigest() { BigInteger r = new BigInteger("21596333210419611985018340039034612628818151486841789642455876922391552"); BigInteger s = new BigInteger("144940322424411242416373536877786566515839911620497068645600824084578597"); byte[] kData = BigIntegers.AsUnsignedByteArray( new BigInteger("171278725565216523967285789236956265265265235675811949404040041670216363")); SecureRandom k = FixedSecureRandom.From(kData); F2mCurve curve = new F2mCurve( 239, // m 36, //k new BigInteger("32010857077C5431123A46B808906756F543423E8D27877578125778AC76", 16), // a new BigInteger("790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16", 16)); // b ECDomainParameters parameters = new ECDomainParameters( curve, curve.DecodePoint( Hex.Decode("0457927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305")), // G new BigInteger("220855883097298041197912187592864814557886993776713230936715041207411783"), // n BigInteger.ValueOf(4)); // h ECPrivateKeyParameters priKey = new ECPrivateKeyParameters( "ECDSA", new BigInteger("145642755521911534651321230007534120304391871461646461466464667494947990"), // d parameters); ECDsaSigner ecdsa = new ECDsaSigner(); ParametersWithRandom param = new ParametersWithRandom(priKey, k); ecdsa.Init(true, param); byte[] message = new BigInteger("968236873715988614170569073515315707566766479517968236873715988614170569073515315707566766479517968236873715988614170569073515315707566766479517").ToByteArray(); BigInteger[] sig = ecdsa.GenerateSignature(message); if (!r.Equals(sig[0])) { Fail("r component wrong." + SimpleTest.NewLine + " expecting: " + r + SimpleTest.NewLine + " got : " + sig[0]); } if (!s.Equals(sig[1])) { Fail("s component wrong." + SimpleTest.NewLine + " expecting: " + s + SimpleTest.NewLine + " got : " + sig[1]); } // Verify the signature ECPublicKeyParameters pubKey = new ECPublicKeyParameters( "ECDSA", curve.DecodePoint( Hex.Decode("045894609CCECF9A92533F630DE713A958E96C97CCB8F5ABB5A688A238DEED6DC2D9D0C94EBFB7D526BA6A61764175B99CB6011E2047F9F067293F57F5")), // Q parameters); ecdsa.Init(false, pubKey); if (!ecdsa.VerifySignature(message, sig[0], sig[1])) { Fail("signature fails"); } }
public void TestECDsa192bitPrime() { BigInteger r = new BigInteger("3342403536405981729393488334694600415596881826869351677613"); BigInteger s = new BigInteger("5735822328888155254683894997897571951568553642892029982342"); byte[] kData = BigIntegers.AsUnsignedByteArray(new BigInteger("6140507067065001063065065565667405560006161556565665656654")); SecureRandom k = FixedSecureRandom.From(kData); BigInteger n = new BigInteger("6277101735386680763835789423176059013767194773182842284081"); FpCurve curve = new FpCurve( new BigInteger("6277101735386680763835789423207666416083908700390324961279"), // q new BigInteger("fffffffffffffffffffffffffffffffefffffffffffffffc", 16), // a new BigInteger("64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1", 16), // b n, BigInteger.One); ECDomainParameters parameters = new ECDomainParameters( curve, curve.DecodePoint(Hex.Decode("03188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012")), // G n, BigInteger.One); ECPrivateKeyParameters priKey = new ECPrivateKeyParameters( "ECDSA", new BigInteger("651056770906015076056810763456358567190100156695615665659"), // d parameters); ParametersWithRandom param = new ParametersWithRandom(priKey, k); ECDsaSigner ecdsa = new ECDsaSigner(); ecdsa.Init(true, param); byte[] message = new BigInteger("968236873715988614170569073515315707566766479517").ToByteArray(); BigInteger[] sig = ecdsa.GenerateSignature(message); if (!r.Equals(sig[0])) { Fail("r component wrong." + SimpleTest.NewLine + " expecting: " + r + SimpleTest.NewLine + " got : " + sig[0]); } if (!s.Equals(sig[1])) { Fail("s component wrong." + SimpleTest.NewLine + " expecting: " + s + SimpleTest.NewLine + " got : " + sig[1]); } // Verify the signature ECPublicKeyParameters pubKey = new ECPublicKeyParameters( "ECDSA", curve.DecodePoint(Hex.Decode("0262b12d60690cdcf330babab6e69763b471f994dd702d16a5")), // Q parameters); ecdsa.Init(false, pubKey); if (!ecdsa.VerifySignature(message, sig[0], sig[1])) { Fail("verification fails"); } }
public void TestECDsa239bitPrime() { BigInteger r = new BigInteger("308636143175167811492622547300668018854959378758531778147462058306432176"); BigInteger s = new BigInteger("323813553209797357708078776831250505931891051755007842781978505179448783"); byte[] kData = BigIntegers.AsUnsignedByteArray(new BigInteger("700000017569056646655505781757157107570501575775705779575555657156756655")); SecureRandom k = FixedSecureRandom.From(kData); BigInteger n = new BigInteger("883423532389192164791648750360308884807550341691627752275345424702807307"); FpCurve curve = new FpCurve( new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"), // q new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16), // a new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16), // b n, BigInteger.One); ECDomainParameters parameters = new ECDomainParameters( curve, curve.DecodePoint(Hex.Decode("020ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf")), // G n, BigInteger.One); ECPrivateKeyParameters priKey = new ECPrivateKeyParameters( "ECDSA", new BigInteger("876300101507107567501066130761671078357010671067781776716671676178726717"), // d parameters); ECDsaSigner ecdsa = new ECDsaSigner(); ParametersWithRandom param = new ParametersWithRandom(priKey, k); ecdsa.Init(true, param); byte[] message = new BigInteger("968236873715988614170569073515315707566766479517").ToByteArray(); BigInteger[] sig = ecdsa.GenerateSignature(message); if (!r.Equals(sig[0])) { Fail("r component wrong." + SimpleTest.NewLine + " expecting: " + r + SimpleTest.NewLine + " got : " + sig[0]); } if (!s.Equals(sig[1])) { Fail("s component wrong." + SimpleTest.NewLine + " expecting: " + s + SimpleTest.NewLine + " got : " + sig[1]); } // Verify the signature ECPublicKeyParameters pubKey = new ECPublicKeyParameters( "ECDSA", curve.DecodePoint(Hex.Decode("025b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c70")), // Q parameters); ecdsa.Init(false, pubKey); if (!ecdsa.VerifySignature(message, sig[0], sig[1])) { Fail("signature fails"); } }
public void Verify(Key key, SignMessage msg) { string alg = FindAttr("alg", msg).AsString(); IDigest digest; IDigest digest2; switch (alg) { case "RS256": case "ES256": case "PS256": case "HS256": digest = new Sha256Digest(); digest2 = new Sha256Digest(); break; case "RS384": case "ES384": case "PS384": case "HS384": digest = new Sha384Digest(); digest2 = new Sha384Digest(); break; case "RS512": case "ES512": case "PS512": case "HS512": digest = new Sha512Digest(); digest2 = new Sha512Digest(); break; case "EdDSA": digest = null; digest2 = null; break; default: throw new JOSE_Exception("Unknown signature algorithm"); } switch (alg) { case "RS256": case "RS384": case "RS512": { if (key.AsString("kty") != "RSA") { throw new JOSE_Exception("Wrong Key"); } RsaDigestSigner signer = new RsaDigestSigner(digest); RsaKeyParameters pub = new RsaKeyParameters(false, key.AsBigInteger("n"), key.AsBigInteger("e")); signer.Init(false, pub); signer.BlockUpdate(protectedB64, 0, protectedB64.Length); signer.BlockUpdate(rgbDot, 0, 1); signer.BlockUpdate(msg.payloadB64, 0, msg.payloadB64.Length); if (!signer.VerifySignature(signature)) { throw new JOSE_Exception("Message failed to verify"); } } break; case "PS256": case "PS384": case "PS512": { PssSigner signer = new PssSigner(new RsaEngine(), digest, digest2, digest.GetDigestSize()); RsaKeyParameters pub = new RsaKeyParameters(false, key.AsBigInteger("n"), key.AsBigInteger("e")); signer.Init(false, pub); signer.BlockUpdate(protectedB64, 0, protectedB64.Length); signer.BlockUpdate(rgbDot, 0, 1); signer.BlockUpdate(msg.payloadB64, 0, msg.payloadB64.Length); if (!signer.VerifySignature(signature)) { throw new JOSE_Exception("Message failed to verify"); } } break; case "ES256": case "ES384": case "ES512": { if (key.AsString("kty") != "EC") { throw new JOSE_Exception("Wrong Key Type"); } X9ECParameters p = NistNamedCurves.GetByName(key.AsString("crv")); ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H); ECPoint point = p.Curve.CreatePoint(key.AsBigInteger("x" ), key.AsBigInteger("y")); ECPublicKeyParameters pubKey = new ECPublicKeyParameters(point, parameters); ECDsaSigner ecdsa = new ECDsaSigner(); ecdsa.Init(false, pubKey); digest.BlockUpdate(protectedB64, 0, protectedB64.Length); digest.BlockUpdate(rgbDot, 0, rgbDot.Length); digest.BlockUpdate(msg.payloadB64, 0, msg.payloadB64.Length); byte[] o1 = new byte[digest.GetDigestSize()]; digest.DoFinal(o1, 0); BigInteger r = new BigInteger(1, signature, 0, signature.Length / 2); BigInteger s = new BigInteger(1, signature, signature.Length / 2, signature.Length / 2); if (!ecdsa.VerifySignature(o1, r, s)) { throw new JOSE_Exception("Signature did not validate"); } } break; case "HS256": case "HS384": case "HS512": { HMac hmac = new HMac(digest); KeyParameter K = new KeyParameter(Message.base64urldecode(key.AsString("k"))); hmac.Init(K); hmac.BlockUpdate(protectedB64, 0, protectedB64.Length); hmac.BlockUpdate(rgbDot, 0, rgbDot.Length); hmac.BlockUpdate(msg.payloadB64, 0, msg.payloadB64.Length); byte[] resBuf = new byte[hmac.GetMacSize()]; hmac.DoFinal(resBuf, 0); bool fVerify = true; for (int i = 0; i < resBuf.Length; i++) { if (resBuf[i] != signature[i]) { fVerify = false; } } if (!fVerify) { throw new JOSE_Exception("Signature did not validte"); } } break; case "EdDSA": { ISigner eddsa; if (key.AsString("kty") != "OKP") { throw new JOSE_Exception("Wrong Key Type"); } switch (key.AsString("crv")) { case "Ed25519": { Ed25519PublicKeyParameters privKey = new Ed25519PublicKeyParameters(key.AsBytes("X"), 0); eddsa = new Ed25519Signer(); eddsa.Init(false, privKey); byte[] toVerify = new byte[protectedB64.Length + rgbDot.Length + msg.payloadB64.Length]; Array.Copy(protectedB64, 0, toVerify, 0, protectedB64.Length); Array.Copy(rgbDot, 0, toVerify, protectedB64.Length, rgbDot.Length); Array.Copy(msg.payloadB64, 0, toVerify, protectedB64.Length + rgbDot.Length, msg.payloadB64.Length); eddsa.BlockUpdate(toVerify, 0, toVerify.Length); if (!eddsa.VerifySignature(signature)) { throw new JOSE_Exception("Signature did not validate"); } break; } default: throw new JOSE_Exception("Unknown algorithm"); } break; } default: throw new JOSE_Exception("Unknown algorithm"); } }
private byte[] Sign(byte[] bytesToBeSigned) { string alg = null; // Get the set algorithm or infer one try { alg = FindAttribute("alg").AsString(); } catch (Exception) { ; } if (alg == null) { switch (keyToSign.AsString("kty")) { case "RSA": alg = "PS256"; break; case "EC": switch (keyToSign.AsString("crv")) { case "P-256": alg = "ES256"; break; case "P-384": alg = "ES384"; break; case "P-521": alg = "ES512"; break; default: throw new JOSE_Exception("Unknown curve"); } break; default: throw new JOSE_Exception("Unknown or unsupported key type " + keyToSign.AsString("kty")); } objUnprotected.Add("alg", alg); } IDigest digest; IDigest digest2; switch (alg) { case "RS256": case "ES256": case "PS256": case "HS256": digest = new Sha256Digest(); digest2 = new Sha256Digest(); break; case "RS384": case "ES384": case "PS384": case "HS384": digest = new Sha384Digest(); digest2 = new Sha384Digest(); break; case "RS512": case "ES512": case "PS512": case "HS512": digest = new Sha512Digest(); digest2 = new Sha512Digest(); break; case "EdDSA": digest = null; digest2 = null; break; default: throw new JOSE_Exception("Unknown signature algorithm"); } switch (alg) { case "RS256": case "RS384": case "RS512": { RsaDigestSigner signer = new RsaDigestSigner(digest); RsaKeyParameters prv = new RsaPrivateCrtKeyParameters(ConvertBigNum(keyToSign.AsBytes("n")), ConvertBigNum(keyToSign.AsBytes("e")), ConvertBigNum(keyToSign.AsBytes("d")), ConvertBigNum(keyToSign.AsBytes("p")), ConvertBigNum(keyToSign.AsBytes("q")), ConvertBigNum(keyToSign.AsBytes("dp")), ConvertBigNum(keyToSign.AsBytes("dq")), ConvertBigNum(keyToSign.AsBytes("qi"))); signer.Init(true, prv); signer.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length); return(signer.GenerateSignature()); } case "PS256": case "PS384": case "PS512": { PssSigner signer = new PssSigner(new RsaEngine(), digest, digest2, digest.GetDigestSize()); RsaKeyParameters prv = new RsaPrivateCrtKeyParameters(ConvertBigNum(keyToSign.AsBytes("n")), ConvertBigNum(keyToSign.AsBytes("e")), ConvertBigNum(keyToSign.AsBytes("d")), ConvertBigNum(keyToSign.AsBytes("p")), ConvertBigNum(keyToSign.AsBytes("q")), ConvertBigNum(keyToSign.AsBytes("dp")), ConvertBigNum(keyToSign.AsBytes("dq")), ConvertBigNum(keyToSign.AsBytes("qi"))); ParametersWithRandom rnd = new ParametersWithRandom(prv, Message.s_PRNG); signer.Init(true, rnd); signer.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length); return(signer.GenerateSignature()); } case "ES256": case "ES384": case "ES512": { X9ECParameters p = NistNamedCurves.GetByName(keyToSign.AsString("crv")); ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H); ECPrivateKeyParameters privKey = new ECPrivateKeyParameters("ECDSA", ConvertBigNum(keyToSign.AsBytes("d")), parameters); ParametersWithRandom param = new ParametersWithRandom(privKey, Message.s_PRNG); ECDsaSigner ecdsa = new ECDsaSigner(new HMacDsaKCalculator(new Sha256Digest())); ecdsa.Init(true, param); BigInteger[] sig = ecdsa.GenerateSignature(bytesToBeSigned); byte[] r = sig[0].ToByteArrayUnsigned(); byte[] s = sig[1].ToByteArrayUnsigned(); byte[] sigs = new byte[r.Length + s.Length]; Array.Copy(r, sigs, r.Length); Array.Copy(s, 0, sigs, r.Length, s.Length); return(sigs); } case "HS256": case "HS384": case "HS512": { HMac hmac = new HMac(digest); KeyParameter key = new KeyParameter(keyToSign.AsBytes("k")); byte[] resBuf = new byte[hmac.GetMacSize()]; hmac.Init(key); hmac.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length); hmac.DoFinal(resBuf, 0); return(resBuf); } case "EdDSA": switch (keyToSign.AsString("crv")) { case "Ed25519": { ISigner eddsa; Ed25519PrivateKeyParameters privKey = new Ed25519PrivateKeyParameters(keyToSign.AsBytes("d"), 0); eddsa = new Ed25519Signer(); eddsa.Init(true, privKey); eddsa.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length); return(eddsa.GenerateSignature()); } } break; } return(null); }
public bool Validate(byte[] content, byte[] msgAttributes) { CBORObject alg = null; // Get the set algorithm or infer one byte[] bytesToBeSigned = toBeSigned(content, msgAttributes); alg = FindAttribute(HeaderKeys.Algorithm); if (alg == null) { throw new Exception("No Signature algorithm known"); } IDigest digest; IDigest digest2; if (alg.Type == CBORType.TextString) { switch (alg.AsString()) { case "PS384": digest = new Sha384Digest(); digest2 = new Sha384Digest(); break; default: throw new Exception("Unknown signature algorithm"); } } else if (alg.Type == CBORType.Number) { switch ((AlgorithmValuesInt)alg.AsInt32()) { case AlgorithmValuesInt.ECDSA_256: case AlgorithmValuesInt.RSA_PSS_256: digest = new Sha256Digest(); digest2 = new Sha256Digest(); break; case AlgorithmValuesInt.ECDSA_384: case AlgorithmValuesInt.RSA_PSS_384: digest = new Sha384Digest(); digest2 = new Sha384Digest(); break; case AlgorithmValuesInt.ECDSA_512: case AlgorithmValuesInt.RSA_PSS_512: digest = new Sha512Digest(); digest2 = new Sha512Digest(); break; default: throw new CoseException("Unknown signature algorith"); } } else { throw new CoseException("Algorthm incorrectly encoded"); } if (alg.Type == CBORType.TextString) { switch (alg.AsString()) { case "PS384": { PssSigner signer = new PssSigner(new RsaEngine(), digest, digest2, digest.GetByteLength()); RsaKeyParameters prv = new RsaPrivateCrtKeyParameters(keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_n), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_e), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_d), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_p), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_q), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_dP), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_dQ), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_qInv)); ParametersWithRandom param = new ParametersWithRandom(prv, Message.GetPRNG()); signer.Init(true, param); signer.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length); return(signer.VerifySignature(rgbSignature)); } default: throw new CoseException("Unknown Algorithm"); } } else if (alg.Type == CBORType.Number) { switch ((AlgorithmValuesInt)alg.AsInt32()) { case AlgorithmValuesInt.RSA_PSS_256: case AlgorithmValuesInt.RSA_PSS_512: { PssSigner signer = new PssSigner(new RsaEngine(), digest, digest2, digest.GetByteLength()); RsaKeyParameters prv = new RsaPrivateCrtKeyParameters(keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_n), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_e), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_d), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_p), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_q), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_dP), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_dQ), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_qInv)); ParametersWithRandom param = new ParametersWithRandom(prv, Message.GetPRNG()); signer.Init(true, param); signer.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length); return(signer.VerifySignature(rgbSignature)); } case AlgorithmValuesInt.ECDSA_256: case AlgorithmValuesInt.ECDSA_384: case AlgorithmValuesInt.ECDSA_512: { digest.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length); byte[] digestedMessage = new byte[digest.GetDigestSize()]; digest.DoFinal(digestedMessage, 0); X9ECParameters p = keyToSign.GetCurve(); ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H); ECPoint point = keyToSign.GetPoint(); ECPublicKeyParameters param = new ECPublicKeyParameters(point, parameters); ECDsaSigner ecdsa = new ECDsaSigner(); ecdsa.Init(false, param); BigInteger r = new BigInteger(1, rgbSignature, 0, rgbSignature.Length / 2); BigInteger s = new BigInteger(1, rgbSignature, rgbSignature.Length / 2, rgbSignature.Length / 2); return(ecdsa.VerifySignature(digestedMessage, r, s)); } default: throw new CoseException("Unknown Algorithm"); } } else { throw new CoseException("Algorithm incorrectly encoded"); } }