private void doTestPointCompression()
{
ECCurve curve = new F2MCurve(m, k1, k2, k3, a, b);
curve.DecodePoint(enc);
int[] ks = new int[3];
ks[0] = k3;
ks[1] = k2;
ks[2] = k1;
}
/**
* Multiplies a {@link org.bouncycastle.math.ec.F2mPoint F2mPoint}
* by an element <code>λ</code> of <code><b>Z</b>[τ]</code>
* using the <code>τ</code>-adic NAF (TNAF) method.
* @param p The F2mPoint to Multiply.
* @param lambda The element <code>λ</code> of
* <code><b>Z</b>[τ]</code>.
* @return <code>λ * p</code>
*/
public static F2MPoint MultiplyTnaf(F2MPoint p, ZTauElement lambda)
{
F2MCurve curve = (F2MCurve)p.Curve;
sbyte mu = curve.GetMu();
sbyte[] u = TauAdicNaf(mu, lambda);
F2MPoint q = MultiplyFromTnaf(p, u);
return(q);
}
private void DoTestECDsa239BitBinary(
string algorithm,
DerObjectIdentifier oid)
{
IBigInteger r = new BigInteger("21596333210419611985018340039034612628818151486841789642455876922391552");
IBigInteger s = new BigInteger("197030374000731686738334997654997227052849804072198819102649413465737174");
byte[] kData = BigIntegers.AsUnsignedByteArray(
new BigInteger("171278725565216523967285789236956265265265235675811949404040041670216363"));
SecureRandom k = FixedSecureRandom.From(kData);
ECCurve curve = new F2MCurve(
239, // m
36, // k
new BigInteger("32010857077C5431123A46B808906756F543423E8D27877578125778AC76", 16), // a
new BigInteger("790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16", 16)); // b
ECDomainParameters parameters = new ECDomainParameters(
curve,
curve.DecodePoint(Hex.Decode("0457927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305")), // G
new BigInteger("220855883097298041197912187592864814557886993776713230936715041207411783"), // n
BigInteger.ValueOf(4)); // h
ECPrivateKeyParameters sKey = new ECPrivateKeyParameters(
new BigInteger("145642755521911534651321230007534120304391871461646461466464667494947990"), // d
parameters);
ECPublicKeyParameters vKey = new ECPublicKeyParameters(
curve.DecodePoint(Hex.Decode("045894609CCECF9A92533F630DE713A958E96C97CCB8F5ABB5A688A238DEED6DC2D9D0C94EBFB7D526BA6A61764175B99CB6011E2047F9F067293F57F5")), // Q
parameters);
ISigner sgr = SignerUtilities.GetSigner(algorithm);
byte[] message = Encoding.ASCII.GetBytes("abc");
sgr.Init(true, new ParametersWithRandom(sKey, k));
sgr.BlockUpdate(message, 0, message.Length);
byte[] sigBytes = sgr.GenerateSignature();
sgr = SignerUtilities.GetSigner(oid.Id);
sgr.Init(false, vKey);
sgr.BlockUpdate(message, 0, message.Length);
if (!sgr.VerifySignature(sigBytes))
{
Fail("239 Bit EC RIPEMD160 verification failed");
}
}
/**
* Multiplies a {@link org.bouncycastle.math.ec.F2mPoint F2mPoint}
* by a <code>BigInteger</code> using the reduced <code>τ</code>-adic
* NAF (RTNAF) method.
* @param p The F2mPoint to Multiply.
* @param k The <code>BigInteger</code> by which to Multiply <code>p</code>.
* @return <code>k * p</code>
*/
public static F2MPoint MultiplyRTnaf(F2MPoint p, IBigInteger k)
{
F2MCurve curve = (F2MCurve)p.Curve;
int m = curve.M;
sbyte a = (sbyte)curve.A.ToBigInteger().IntValue;
sbyte mu = curve.GetMu();
IBigInteger[] s = curve.GetSi();
ZTauElement rho = PartModReduction(k, m, a, s, mu, (sbyte)10);
return(MultiplyTnaf(p, rho));
}
/**
* Computes the auxiliary values <code>s<sub>0</sub></code> and
* <code>s<sub>1</sub></code> used for partial modular reduction.
* @param curve The elliptic curve for which to compute
* <code>s<sub>0</sub></code> and <code>s<sub>1</sub></code>.
* @throws ArgumentException if <code>curve</code> is not a
* Koblitz curve (Anomalous Binary Curve, ABC).
*/
public static IBigInteger[] GetSi(F2MCurve curve)
{
if (!curve.IsKoblitz)
{
throw new ArgumentException("si is defined for Koblitz curves only");
}
int m = curve.M;
int a = curve.A.ToBigInteger().IntValue;
sbyte mu = curve.GetMu();
int h = curve.H.IntValue;
int index = m + 3 - a;
IBigInteger[] ui = GetLucas(mu, index, false);
IBigInteger dividend0;
IBigInteger dividend1;
if (mu == 1)
{
dividend0 = BigInteger.One.Subtract(ui[1]);
dividend1 = BigInteger.One.Subtract(ui[0]);
}
else if (mu == -1)
{
dividend0 = BigInteger.One.Add(ui[1]);
dividend1 = BigInteger.One.Add(ui[0]);
}
else
{
throw new ArgumentException("mu must be 1 or -1");
}
IBigInteger[] si = new IBigInteger[2];
if (h == 2)
{
si[0] = dividend0.ShiftRight(1);
si[1] = dividend1.ShiftRight(1).Negate();
}
else if (h == 4)
{
si[0] = dividend0.ShiftRight(2);
si[1] = dividend1.ShiftRight(2).Negate();
}
else
{
throw new ArgumentException("h (Cofactor) must be 2 or 4");
}
return(si);
}
protected override X9ECParameters CreateParameters()
{
IBigInteger n = new BigInteger("03FFFFFFFFFFFFFFFFFFFE1AEE140F110AFF961309", 16);
IBigInteger h = BigInteger.ValueOf(2);
ECCurve c2m163v3 = new F2MCurve(
163,
1, 2, 8,
new BigInteger("07A526C63D3E25A256A007699F5447E32AE456B50E", 16),
new BigInteger("03F7061798EB99E238FD6F1BF95B48FEEB4854252B", 16),
n, h);
return(new X9ECParameters(
c2m163v3,
c2m163v3.DecodePoint(Hex.Decode("0202F9F87B7C574D0BDECF8A22E6524775F98CDEBDCB")),
n, h,
null));
}
protected override X9ECParameters CreateParameters()
{
IBigInteger n = new BigInteger("03FFFFFFFFFFFFFFFFFFFDF64DE1151ADBB78F10A7", 16);
IBigInteger h = BigInteger.ValueOf(2);
ECCurve c2m163v2 = new F2MCurve(
163,
1, 2, 8,
new BigInteger("0108B39E77C4B108BED981ED0E890E117C511CF072", 16),
new BigInteger("0667ACEB38AF4E488C407433FFAE4F1C811638DF20", 16),
n, h);
return(new X9ECParameters(
c2m163v2,
c2m163v2.DecodePoint(
Hex.Decode("030024266E4EB5106D0A964D92C4860E2671DB9B6CC5")),
n, h,
null));
}
protected override X9ECParameters CreateParameters()
{
IBigInteger n = new BigInteger("0340340340340340340340340340340340340340340340340340340323C313FAB50589703B5EC68D3587FEC60D161CC149C1AD4A91", 16);
IBigInteger h = BigInteger.ValueOf(0x2760);
ECCurve c2m431r1 = new F2MCurve(
431,
120,
new BigInteger("1A827EF00DD6FC0E234CAF046C6A5D8A85395B236CC4AD2CF32A0CADBDC9DDF620B0EB9906D0957F6C6FEACD615468DF104DE296CD8F", 16),
new BigInteger("10D9B4A3D9047D8B154359ABFB1B7F5485B04CEB868237DDC9DEDA982A679A5A919B626D4E50A8DD731B107A9962381FB5D807BF2618", 16),
n, h);
return(new X9ECParameters(
c2m431r1,
c2m431r1.DecodePoint(
Hex.Decode("02120FC05D3C67A99DE161D2F4092622FECA701BE4F50F4758714E8A87BBF2A658EF8C21E7C5EFE965361F6C2999C0C247B0DBD70CE6B7")),
n, h,
null));
}
protected override X9ECParameters CreateParameters()
{
IBigInteger n = new BigInteger("010090512DA9AF72B08349D98A5DD4C7B0532ECA51CE03E2D10F3B7AC579BD87E909AE40A6F131E9CFCE5BD967", 16);
IBigInteger h = BigInteger.ValueOf(0xFF70);
ECCurve c2m368w1 = new F2MCurve(
368,
1, 2, 85,
new BigInteger("00E0D2EE25095206F5E2A4F9ED229F1F256E79A0E2B455970D8D0D865BD94778C576D62F0AB7519CCD2A1A906AE30D", 16),
new BigInteger("00FC1217D4320A90452C760A58EDCD30C8DD069B3C34453837A34ED50CB54917E1C2112D84D164F444F8F74786046A", 16),
n, h);
return(new X9ECParameters(
c2m368w1,
c2m368w1.DecodePoint(
Hex.Decode("021085E2755381DCCCE3C1557AFA10C2F0C0C2825646C5B34A394CBCFA8BC16B22E7E789E927BE216F02E1FB136A5F")),
n, h,
null));
}
protected override X9ECParameters CreateParameters()
{
IBigInteger n = new BigInteger("01AF286BCA1AF286BCA1AF286BCA1AF286BCA1AF286BC9FB8F6B85C556892C20A7EB964FE7719E74F490758D3B", 16);
IBigInteger h = BigInteger.ValueOf(0x4C);
ECCurve c2m359v1 = new F2MCurve(
359,
68,
new BigInteger("5667676A654B20754F356EA92017D946567C46675556F19556A04616B567D223A5E05656FB549016A96656A557", 16),
new BigInteger("2472E2D0197C49363F1FE7F5B6DB075D52B6947D135D8CA445805D39BC345626089687742B6329E70680231988", 16),
n, h);
return(new X9ECParameters(
c2m359v1,
c2m359v1.DecodePoint(
Hex.Decode("033C258EF3047767E7EDE0F1FDAA79DAEE3841366A132E163ACED4ED2401DF9C6BDCDE98E8E707C07A2239B1B097")),
n, h,
null));
}
protected override X9ECParameters CreateParameters()
{
IBigInteger n = new BigInteger("0101D556572AABAC800101D556572AABAC8001022D5C91DD173F8FB561DA6899164443051D", 16);
IBigInteger h = BigInteger.ValueOf(0xFE2E);
ECCurve c2m304w1 = new F2MCurve(
304,
1, 2, 11,
new BigInteger("00FD0D693149A118F651E6DCE6802085377E5F882D1B510B44160074C1288078365A0396C8E681", 16),
new BigInteger("00BDDB97E555A50A908E43B01C798EA5DAA6788F1EA2794EFCF57166B8C14039601E55827340BE", 16),
n, h);
return(new X9ECParameters(
c2m304w1,
c2m304w1.DecodePoint(
Hex.Decode("02197B07845E9BE2D96ADB0F5F3C7F2CFFBD7A3EB8B6FEC35C7FD67F26DDF6285A644F740A2614")),
n, h,
null));
}
protected override X9ECParameters CreateParameters()
{
IBigInteger n = new BigInteger("40000000000000000000000004A20E90C39067C893BBB9A5", 16);
IBigInteger h = BigInteger.ValueOf(2);
ECCurve c2m191v1 = new F2MCurve(
191,
9,
new BigInteger("2866537B676752636A68F56554E12640276B649EF7526267", 16),
new BigInteger("2E45EF571F00786F67B0081B9495A3D95462F5DE0AA185EC", 16),
n, h);
return(new X9ECParameters(
c2m191v1,
c2m191v1.DecodePoint(
Hex.Decode("0236B3DAF8A23206F9C4F299D7B21A9C369137F2C84AE1AA0D")),
n, h,
Hex.Decode("4E13CA542744D696E67687561517552F279A8C84")));
}
/**
* Multiplies a {@link org.bouncycastle.math.ec.F2mPoint F2mPoint}
* by an element <code>λ</code> of <code><b>Z</b>[τ]</code>
* using the <code>τ</code>-adic NAF (TNAF) method, given the TNAF
* of <code>λ</code>.
* @param p The F2mPoint to Multiply.
* @param u The the TNAF of <code>λ</code>..
* @return <code>λ * p</code>
*/
public static F2MPoint MultiplyFromTnaf(F2MPoint p, sbyte[] u)
{
F2MCurve curve = (F2MCurve)p.Curve;
F2MPoint q = (F2MPoint)curve.Infinity;
for (int i = u.Length - 1; i >= 0; i--)
{
q = Tau(q);
if (u[i] == 1)
{
q = (F2MPoint)q.AddSimple(p);
}
else if (u[i] == -1)
{
q = (F2MPoint)q.SubtractSimple(p);
}
}
return(q);
}
protected override X9ECParameters CreateParameters()
{
IBigInteger n = new BigInteger("1555555555555555555555555555553C6F2885259C31E3FCDF154624522D", 16);
IBigInteger h = BigInteger.ValueOf(6);
ECCurve c2m239v2 = new F2MCurve(
239,
36,
new BigInteger("4230017757A767FAE42398569B746325D45313AF0766266479B75654E65F", 16),
new BigInteger("5037EA654196CFF0CD82B2C14A2FCF2E3FF8775285B545722F03EACDB74B", 16),
n, h);
return(new X9ECParameters(
c2m239v2,
c2m239v2.DecodePoint(
Hex.Decode("0228F9D04E900069C8DC47A08534FE76D2B900B7D7EF31F5709F200C4CA205")),
n, h,
null));
}
protected override X9ECParameters CreateParameters()
{
IBigInteger n = new BigInteger("2000000000000000000000000000000F4D42FFE1492A4993F1CAD666E447", 16);
IBigInteger h = BigInteger.ValueOf(4);
ECCurve c2m239v1 = new F2MCurve(
239,
36,
new BigInteger("32010857077C5431123A46B808906756F543423E8D27877578125778AC76", 16),
new BigInteger("790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16", 16),
n, h);
return(new X9ECParameters(
c2m239v1,
c2m239v1.DecodePoint(
Hex.Decode("0257927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D")),
n, h,
null));
}
protected override X9ECParameters CreateParameters()
{
IBigInteger n = new BigInteger("0101BAF95C9723C57B6C21DA2EFF2D5ED588BDD5717E212F9D", 16);
IBigInteger h = BigInteger.ValueOf(0xFE48);
ECCurve c2m208w1 = new F2MCurve(
208,
1, 2, 83,
new BigInteger("0", 16),
new BigInteger("00C8619ED45A62E6212E1160349E2BFA844439FAFC2A3FD1638F9E", 16),
n, h);
return(new X9ECParameters(
c2m208w1,
c2m208w1.DecodePoint(
Hex.Decode("0289FDFBE4ABE193DF9559ECF07AC0CE78554E2784EB8C1ED1A57A")),
n, h,
null));
}
protected override X9ECParameters CreateParameters()
{
IBigInteger n = new BigInteger("155555555555555555555555610C0B196812BFB6288A3EA3", 16);
IBigInteger h = BigInteger.ValueOf(6);
ECCurve c2m191v3 = new F2MCurve(
191,
9,
new BigInteger("6C01074756099122221056911C77D77E77A777E7E7E77FCB", 16),
new BigInteger("71FE1AF926CF847989EFEF8DB459F66394D90F32AD3F15E8", 16),
n, h);
return(new X9ECParameters(
c2m191v3,
c2m191v3.DecodePoint(
Hex.Decode("03375D4CE24FDE434489DE8746E71786015009E66E38A926DD")),
n, h,
null));
}
protected override X9ECParameters CreateParameters()
{
IBigInteger n = new BigInteger("20000000000000000000000050508CB89F652824E06B8173", 16);
IBigInteger h = BigInteger.ValueOf(4);
ECCurve c2m191v2 = new F2MCurve(
191,
9,
new BigInteger("401028774D7777C7B7666D1366EA432071274F89FF01E718", 16),
new BigInteger("0620048D28BCBD03B6249C99182B7C8CD19700C362C46A01", 16),
n, h);
return(new X9ECParameters(
c2m191v2,
c2m191v2.DecodePoint(
Hex.Decode("023809B2B7CC1B28CC5A87926AAD83FD28789E81E2C9E3BF10")),
n, h,
null));
}
protected override X9ECParameters CreateParameters()
{
IBigInteger n = new BigInteger("0CCCCCCCCCCCCCCCCCCCCCCCCCCCCCAC4912D2D9DF903EF9888B8A0E4CFF", 16);
IBigInteger h = BigInteger.ValueOf(10);
ECCurve c2m239v3 = new F2MCurve(
239,
36,
new BigInteger("01238774666A67766D6676F778E676B66999176666E687666D8766C66A9F", 16),
new BigInteger("6A941977BA9F6A435199ACFC51067ED587F519C5ECB541B8E44111DE1D40", 16),
n, h);
return(new X9ECParameters(
c2m239v3,
c2m239v3.DecodePoint(
Hex.Decode("0370F6E9D04D289C4E89913CE3530BFDE903977D42B146D539BF1BDE4E9C92")),
n, h,
null));
}
protected override X9ECParameters CreateParameters()
{
IBigInteger n = new BigInteger("010092537397ECA4F6145799D62B0A19CE06FE26AD", 16);
IBigInteger h = BigInteger.ValueOf(0xFF6E);
ECCurve c2m176w1 = new F2MCurve(
176,
1, 2, 43,
new BigInteger("00E4E6DB2995065C407D9D39B8D0967B96704BA8E9C90B", 16),
new BigInteger("005DDA470ABE6414DE8EC133AE28E9BBD7FCEC0AE0FFF2", 16),
n, h);
return(new X9ECParameters(
c2m176w1,
c2m176w1.DecodePoint(
Hex.Decode("038D16C2866798B600F9F08BB4A8E860F3298CE04A5798")),
n, h,
null));
}
protected override X9ECParameters CreateParameters()
{
IBigInteger n = new BigInteger("0100FAF51354E0E39E4892DF6E319C72C8161603FA45AA7B998A167B8F1E629521", 16);
IBigInteger h = BigInteger.ValueOf(0xFF06);
ECCurve c2m272w1 = new F2MCurve(
272,
1, 3, 56,
new BigInteger("0091A091F03B5FBA4AB2CCF49C4EDD220FB028712D42BE752B2C40094DBACDB586FB20", 16),
new BigInteger("7167EFC92BB2E3CE7C8AAAFF34E12A9C557003D7C73A6FAF003F99F6CC8482E540F7", 16),
n, h);
return(new X9ECParameters(
c2m272w1,
c2m272w1.DecodePoint(
Hex.Decode("026108BABB2CEEBCF787058A056CBE0CFE622D7723A289E08A07AE13EF0D10D171DD8D")),
n, h,
null));
}
protected override X9ECParameters CreateParameters()
{
IBigInteger n = new BigInteger("0400000000000000000001E60FC8821CC74DAEAFC1", 16);
IBigInteger h = BigInteger.ValueOf(2);
ECCurve c2m163v1 = new F2MCurve(
163,
1, 2, 8,
new BigInteger("072546B5435234A422E0789675F432C89435DE5242", 16),
new BigInteger("00C9517D06D5240D3CFF38C74B20B6CD4D6F9DD4D9", 16),
n, h);
return(new X9ECParameters(
c2m163v1,
c2m163v1.DecodePoint(
Hex.Decode("0307AF69989546103D79329FCC3D74880F33BBE803CB")),
n, h,
Hex.Decode("D2COFB15760860DEF1EEF4D696E6768756151754")));
}
/**
* Returns the parameter <code>μ</code> of the elliptic curve.
* @param curve The elliptic curve from which to obtain <code>μ</code>.
* The curve must be a Koblitz curve, i.e. <code>a</code> Equals
* <code>0</code> or <code>1</code> and <code>b</code> Equals
* <code>1</code>.
* @return <code>μ</code> of the elliptic curve.
* @throws ArgumentException if the given ECCurve is not a Koblitz
* curve.
*/
public static sbyte GetMu(F2MCurve curve)
{
IBigInteger a = curve.A.ToBigInteger();
sbyte mu;
if (a.SignValue == 0)
{
mu = -1;
}
else if (a.Equals(BigInteger.One))
{
mu = 1;
}
else
{
throw new ArgumentException("No Koblitz curve (ABC), TNAF multiplication not possible");
}
return(mu);
}
/**
* Multiplies a {@link org.bouncycastle.math.ec.F2mPoint F2mPoint}
* by <code>k</code> using the reduced <code>τ</code>-adic NAF (RTNAF)
* method.
* @param p The F2mPoint to multiply.
* @param k The integer by which to multiply <code>k</code>.
* @return <code>p</code> multiplied by <code>k</code>.
*/
public ECPoint Multiply(ECPoint point, IBigInteger k, IPreCompInfo preCompInfo)
{
if (!(point is F2MPoint))
{
throw new ArgumentException("Only F2mPoint can be used in WTauNafMultiplier");
}
F2MPoint p = (F2MPoint)point;
F2MCurve curve = (F2MCurve)p.Curve;
int m = curve.M;
sbyte a = (sbyte)curve.A.ToBigInteger().IntValue;
sbyte mu = curve.GetMu();
IBigInteger[] s = curve.GetSi();
ZTauElement rho = Tnaf.PartModReduction(k, m, a, s, mu, (sbyte)10);
return(MultiplyWTnaf(p, rho, preCompInfo, a, mu));
}
/**
* Multiplies a {@link org.bouncycastle.math.ec.F2mPoint F2mPoint}
* by an element <code>λ</code> of <code><b>Z</b>[τ]</code>
* using the window <code>τ</code>-adic NAF (TNAF) method, given the
* WTNAF of <code>λ</code>.
* @param p The F2mPoint to multiply.
* @param u The the WTNAF of <code>λ</code>..
* @return <code>λ * p</code>
*/
private static F2MPoint MultiplyFromWTnaf(F2MPoint p, sbyte[] u,
IPreCompInfo preCompInfo)
{
F2MCurve curve = (F2MCurve)p.Curve;
sbyte a = (sbyte)curve.A.ToBigInteger().IntValue;
F2MPoint[] pu;
if ((preCompInfo == null) || !(preCompInfo is WTauNafPreCompInfo))
{
pu = Tnaf.GetPreComp(p, a);
p.PreCompInfo = new WTauNafPreCompInfo(pu);
}
else
{
pu = ((WTauNafPreCompInfo)preCompInfo).GetPreComp();
}
// q = infinity
F2MPoint q = (F2MPoint)p.Curve.Infinity;
for (int i = u.Length - 1; i >= 0; i--)
{
q = Tnaf.Tau(q);
if (u[i] != 0)
{
if (u[i] > 0)
{
q = q.AddSimple(pu[u[i]]);
}
else
{
// u[i] < 0
q = q.SubtractSimple(pu[-u[i]]);
}
}
}
return(q);
}
public X9ECParameters(
ECCurve curve,
ECPoint g,
IBigInteger n,
IBigInteger h,
byte[] seed)
{
this.curve = curve;
this.g = g;
this.n = n;
this.h = h;
this.seed = seed;
if (curve is FPCurve)
{
this.fieldID = new X9FieldID(((FPCurve)curve).Q);
}
else if (curve is F2MCurve)
{
F2MCurve curveF2m = (F2MCurve)curve;
this.fieldID = new X9FieldID(curveF2m.M, curveF2m.K1,
curveF2m.K2, curveF2m.K3);
}
}
/**
* Computes the auxiliary values <code>s<sub>0</sub></code> and
* <code>s<sub>1</sub></code> used for partial modular reduction.
* @param curve The elliptic curve for which to compute
* <code>s<sub>0</sub></code> and <code>s<sub>1</sub></code>.
* @throws ArgumentException if <code>curve</code> is not a
* Koblitz curve (Anomalous Binary Curve, ABC).
*/
public static IBigInteger[] GetSi(F2MCurve curve)
{
if (!curve.IsKoblitz)
throw new ArgumentException("si is defined for Koblitz curves only");
int m = curve.M;
int a = curve.A.ToBigInteger().IntValue;
sbyte mu = curve.GetMu();
int h = curve.H.IntValue;
int index = m + 3 - a;
IBigInteger[] ui = GetLucas(mu, index, false);
IBigInteger dividend0;
IBigInteger dividend1;
if (mu == 1)
{
dividend0 = BigInteger.One.Subtract(ui[1]);
dividend1 = BigInteger.One.Subtract(ui[0]);
}
else if (mu == -1)
{
dividend0 = BigInteger.One.Add(ui[1]);
dividend1 = BigInteger.One.Add(ui[0]);
}
else
{
throw new ArgumentException("mu must be 1 or -1");
}
IBigInteger[] si = new IBigInteger[2];
if (h == 2)
{
si[0] = dividend0.ShiftRight(1);
si[1] = dividend1.ShiftRight(1).Negate();
}
else if (h == 4)
{
si[0] = dividend0.ShiftRight(2);
si[1] = dividend1.ShiftRight(2).Negate();
}
else
{
throw new ArgumentException("h (Cofactor) must be 2 or 4");
}
return si;
}
/**
* Returns the parameter <code>μ</code> of the elliptic curve.
* @param curve The elliptic curve from which to obtain <code>μ</code>.
* The curve must be a Koblitz curve, i.e. <code>a</code> Equals
* <code>0</code> or <code>1</code> and <code>b</code> Equals
* <code>1</code>.
* @return <code>μ</code> of the elliptic curve.
* @throws ArgumentException if the given ECCurve is not a Koblitz
* curve.
*/
public static sbyte GetMu(F2MCurve curve)
{
IBigInteger a = curve.A.ToBigInteger();
sbyte mu;
if (a.SignValue == 0)
{
mu = -1;
}
else if (a.Equals(BigInteger.One))
{
mu = 1;
}
else
{
throw new ArgumentException("No Koblitz curve (ABC), TNAF multiplication not possible");
}
return mu;
}
public void TestECDsa239BitBinaryAndLargeDigest()
{
IBigInteger r = new BigInteger("21596333210419611985018340039034612628818151486841789642455876922391552");
IBigInteger s = new BigInteger("144940322424411242416373536877786566515839911620497068645600824084578597");
byte[] kData = BigIntegers.AsUnsignedByteArray(
new BigInteger("171278725565216523967285789236956265265265235675811949404040041670216363"));
SecureRandom k = FixedSecureRandom.From(kData);
var curve = new F2MCurve(
239, // m
36, //k
new BigInteger("32010857077C5431123A46B808906756F543423E8D27877578125778AC76", 16), // a
new BigInteger("790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16", 16)); // b
var parameters = new ECDomainParameters(
curve,
curve.DecodePoint(
Hex.Decode(
"0457927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305")),
// G
new BigInteger("220855883097298041197912187592864814557886993776713230936715041207411783"), // n
BigInteger.ValueOf(4)); // h
var priKey = new ECPrivateKeyParameters(
"ECDSA",
new BigInteger("145642755521911534651321230007534120304391871461646461466464667494947990"), // d
parameters);
var ecdsa = new ECDsaSigner();
var param = new ParametersWithRandom(priKey, k);
ecdsa.Init(true, param);
byte[] message =
new BigInteger(
"968236873715988614170569073515315707566766479517968236873715988614170569073515315707566766479517968236873715988614170569073515315707566766479517")
.ToByteArray();
IBigInteger[] sig = ecdsa.GenerateSignature(message);
if (!r.Equals(sig[0]))
{
Fail("r component wrong." + NewLine
+ " expecting: " + r + NewLine
+ " got : " + sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail("s component wrong." + NewLine
+ " expecting: " + s + NewLine
+ " got : " + sig[1]);
}
// Verify the signature
var pubKey = new ECPublicKeyParameters(
"ECDSA",
curve.DecodePoint(
Hex.Decode(
"045894609CCECF9A92533F630DE713A958E96C97CCB8F5ABB5A688A238DEED6DC2D9D0C94EBFB7D526BA6A61764175B99CB6011E2047F9F067293F57F5")),
// Q
parameters);
ecdsa.Init(false, pubKey);
if (!ecdsa.VerifySignature(message, sig[0], sig[1]))
{
Fail("signature fails");
}
}
public void TestECDsa191BitBinary()
{
IBigInteger r = new BigInteger("87194383164871543355722284926904419997237591535066528048");
IBigInteger s = new BigInteger("308992691965804947361541664549085895292153777025772063598");
byte[] kData =
BigIntegers.AsUnsignedByteArray(
new BigInteger("1542725565216523985789236956265265265235675811949404040041"));
SecureRandom k = FixedSecureRandom.From(kData);
var curve = new F2MCurve(
191, // m
9, //k
new BigInteger("2866537B676752636A68F56554E12640276B649EF7526267", 16), // a
new BigInteger("2E45EF571F00786F67B0081B9495A3D95462F5DE0AA185EC", 16)); // b
var parameters = new ECDomainParameters(
curve,
curve.DecodePoint(
Hex.Decode(
"0436B3DAF8A23206F9C4F299D7B21A9C369137F2C84AE1AA0D765BE73433B3F95E332932E70EA245CA2418EA0EF98018FB")),
// G
new BigInteger("1569275433846670190958947355803350458831205595451630533029"), // n
BigInteger.Two); // h
var priKey = new ECPrivateKeyParameters(
"ECDSA",
new BigInteger("1275552191113212300012030439187146164646146646466749494799"), // d
parameters);
var ecdsa = new ECDsaSigner();
var param = new ParametersWithRandom(priKey, k);
ecdsa.Init(true, param);
byte[] message = new BigInteger("968236873715988614170569073515315707566766479517").ToByteArray();
IBigInteger[] sig = ecdsa.GenerateSignature(message);
if (!r.Equals(sig[0]))
{
Fail("r component wrong." + NewLine
+ " expecting: " + r + NewLine
+ " got : " + sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail("s component wrong." + NewLine
+ " expecting: " + s + NewLine
+ " got : " + sig[1]);
}
// Verify the signature
var pubKey = new ECPublicKeyParameters(
"ECDSA",
curve.DecodePoint(
Hex.Decode(
"045DE37E756BD55D72E3768CB396FFEB962614DEA4CE28A2E755C0E0E02F5FB132CAF416EF85B229BBB8E1352003125BA1")),
// Q
parameters);
ecdsa.Init(false, pubKey);
if (!ecdsa.VerifySignature(message, sig[0], sig[1]))
{
Fail("signature fails");
}
}
public void TestGeneration()
{
ISigner s = SignerUtilities.GetSigner("DSA");
byte[] data = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 0 };
SecureRandom rand = new SecureRandom();
// KeyPairGenerator g = KeyPairGenerator.GetInstance("DSA");
IAsymmetricCipherKeyPairGenerator g = GeneratorUtilities.GetKeyPairGenerator("DSA");
// test exception
//
doTestBadStrength(513);
doTestBadStrength(510);
doTestBadStrength(1025);
//g.initialize(512, rand);
{
DsaParametersGenerator pGen = new DsaParametersGenerator();
pGen.Init(512, 80, rand);
g.Init(new DsaKeyGenerationParameters(rand, pGen.GenerateParameters()));
}
IAsymmetricCipherKeyPair p = g.GenerateKeyPair();
IAsymmetricKeyParameter sKey = p.Private;
IAsymmetricKeyParameter vKey = p.Public;
s.Init(true, sKey);
s.BlockUpdate(data, 0, data.Length);
byte[] sigBytes = s.GenerateSignature();
s = SignerUtilities.GetSigner("DSA");
s.Init(false, vKey);
s.BlockUpdate(data, 0, data.Length);
if (!s.VerifySignature(sigBytes))
{
Fail("DSA verification failed");
}
//
// ECDSA Fp generation test
//
s = SignerUtilities.GetSigner("ECDSA");
ECCurve curve = new FPCurve(
new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"), // q
new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16), // a
new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16)); // b
ECDomainParameters ecSpec = new ECDomainParameters(
curve,
curve.DecodePoint(Hex.Decode("020ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf")), // G
new BigInteger("883423532389192164791648750360308884807550341691627752275345424702807307")); // n
g = GeneratorUtilities.GetKeyPairGenerator("ECDSA");
g.Init(new ECKeyGenerationParameters(ecSpec, rand));
p = g.GenerateKeyPair();
sKey = p.Private;
vKey = p.Public;
s.Init(true, sKey);
s.BlockUpdate(data, 0, data.Length);
sigBytes = s.GenerateSignature();
s = SignerUtilities.GetSigner("ECDSA");
s.Init(false, vKey);
s.BlockUpdate(data, 0, data.Length);
if (!s.VerifySignature(sigBytes))
{
Fail("ECDSA verification failed");
}
//
// ECDSA F2m generation test
//
s = SignerUtilities.GetSigner("ECDSA");
curve = new F2MCurve(
239, // m
36, // k
new BigInteger("32010857077C5431123A46B808906756F543423E8D27877578125778AC76", 16), // a
new BigInteger("790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16", 16)); // b
ecSpec = new ECDomainParameters(
curve,
curve.DecodePoint(Hex.Decode("0457927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305")), // G
new BigInteger("220855883097298041197912187592864814557886993776713230936715041207411783"), // n
BigInteger.ValueOf(4)); // h
g = GeneratorUtilities.GetKeyPairGenerator("ECDSA");
g.Init(new ECKeyGenerationParameters(ecSpec, rand));
p = g.GenerateKeyPair();
sKey = p.Private;
vKey = p.Public;
s.Init(true, sKey);
s.BlockUpdate(data, 0, data.Length);
sigBytes = s.GenerateSignature();
s = SignerUtilities.GetSigner("ECDSA");
s.Init(false, vKey);
s.BlockUpdate(data, 0, data.Length);
if (!s.VerifySignature(sigBytes))
{
Fail("ECDSA verification failed");
}
}
public void TestECDsa239BitBinary()
{
IBigInteger r = new BigInteger("21596333210419611985018340039034612628818151486841789642455876922391552");
IBigInteger s = new BigInteger("197030374000731686738334997654997227052849804072198819102649413465737174");
byte[] kData = new BigInteger("171278725565216523967285789236956265265265235675811949404040041670216363").ToByteArrayUnsigned();
SecureRandom k = FixedSecureRandom.From(kData);
// EllipticCurve curve = new EllipticCurve(
// new ECFieldF2m(239, // m
// new int[] { 36 }), // k
// new BigInteger("32010857077C5431123A46B808906756F543423E8D27877578125778AC76", 16), // a
// new BigInteger("790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16", 16)); // b
ECCurve curve = new F2MCurve(
239, // m
36, // k
new BigInteger("32010857077C5431123A46B808906756F543423E8D27877578125778AC76", 16), // a
new BigInteger("790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16", 16)); // b
ECDomainParameters parameters = new ECDomainParameters(
curve,
// ECPointUtil.DecodePoint(curve, Hex.Decode("0457927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305")), // G
curve.DecodePoint(Hex.Decode("0457927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305")), // G
new BigInteger("220855883097298041197912187592864814557886993776713230936715041207411783"), // n
BigInteger.ValueOf(4)); //4); // h
ECPrivateKeyParameters sKey = new ECPrivateKeyParameters(
"ECDSA",
new BigInteger("145642755521911534651321230007534120304391871461646461466464667494947990"), // d
parameters);
ECPublicKeyParameters vKey = new ECPublicKeyParameters(
"ECDSA",
// ECPointUtil.DecodePoint(curve, Hex.Decode("045894609CCECF9A92533F630DE713A958E96C97CCB8F5ABB5A688A238DEED6DC2D9D0C94EBFB7D526BA6A61764175B99CB6011E2047F9F067293F57F5")), // Q
curve.DecodePoint(Hex.Decode("045894609CCECF9A92533F630DE713A958E96C97CCB8F5ABB5A688A238DEED6DC2D9D0C94EBFB7D526BA6A61764175B99CB6011E2047F9F067293F57F5")), // Q
parameters);
ISigner sgr = SignerUtilities.GetSigner("ECDSA");
// KeyFactory f = KeyFactory.getInstance("ECDSA");
// IAsymmetricKeyParameter sKey = f.generatePrivate(priKeySpec);
// IAsymmetricKeyParameter vKey = f.generatePublic(pubKeySpec);
byte[] message = new byte[] { (byte)'a', (byte)'b', (byte)'c' };
sgr.Init(true, new ParametersWithRandom(sKey, k));
sgr.BlockUpdate(message, 0, message.Length);
byte[] sigBytes = sgr.GenerateSignature();
sgr.Init(false, vKey);
sgr.BlockUpdate(message, 0, message.Length);
if (!sgr.VerifySignature(sigBytes))
{
Fail("239 Bit EC verification failed");
}
IBigInteger[] sig = derDecode(sigBytes);
if (!r.Equals(sig[0]))
{
Fail("r component wrong." + SimpleTest.NewLine
+ " expecting: " + r + SimpleTest.NewLine
+ " got : " + sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail("s component wrong." + SimpleTest.NewLine
+ " expecting: " + s + SimpleTest.NewLine
+ " got : " + sig[1]);
}
}
