public FfcVerificationResult Verify(FfcDomainParameters domainParameters, FfcKeyPair keyPair, BitString message, FfcSignature signature, bool skipHash = false) { // 1 if (signature.R < 0 || signature.R > domainParameters.Q) { return(new FfcVerificationResult("Invalid r provided")); } if (signature.S < 0 || signature.S > domainParameters.Q) { return(new FfcVerificationResult("Invalid s provided")); } // 2 var w = signature.S.ModularInverse(domainParameters.Q); var zLen = System.Math.Min(Sha.HashFunction.OutputLen, new BitString(domainParameters.Q).BitLength); var z = BitString.MSBSubstring(Sha.HashMessage(message).Digest, 0, zLen).ToPositiveBigInteger(); var u1 = (z * w) % domainParameters.Q; var u2 = (signature.R * w) % domainParameters.Q; // (g^u1 * y^u2) mod p == [(g^u1 mod p) * (y^u2 mod p)] mod p var v = ((BigInteger.ModPow(domainParameters.G, u1, domainParameters.P) * BigInteger.ModPow(keyPair.PublicKeyY, u2, domainParameters.P)) % domainParameters.P) % domainParameters.Q; // 3 if (v != signature.R) { return(new FfcVerificationResult("Invalid v, does not match provided r")); } return(new FfcVerificationResult()); }
public FfcSignatureResult Sign(FfcDomainParameters domainParameters, FfcKeyPair keyPair, BitString message, bool skipHash = false) { BigInteger r, s; do { var k = _entropyProvider.GetEntropy(1, domainParameters.Q - 1); var kInv = k.ModularInverse(domainParameters.Q); r = BigInteger.ModPow(domainParameters.G, k, domainParameters.P) % domainParameters.Q; var zLen = System.Math.Min(Sha.HashFunction.OutputLen, new BitString(domainParameters.Q).BitLength); var z = BitString.MSBSubstring(Sha.HashMessage(message).Digest, 0, zLen).ToPositiveBigInteger(); s = (kInv * (z + keyPair.PrivateKeyX * r)) % domainParameters.Q; } while (r == 0 || s == 0); return(new FfcSignatureResult(new FfcSignature(r, s))); }
/// <inheritdoc /> protected override BitString GetEphemeralKeyOrNonce(FfcKeyPair ephemeralPublicKey, BitString ephemeralNonce, BitString dkmNonce) { if (ephemeralPublicKey != null && ephemeralPublicKey?.PublicKeyY != 0) { var ephemKey = new BitString(ephemeralPublicKey.PublicKeyY); // Ensure mod 32 if (ephemKey.BitLength % 32 != 0) { ephemKey = BitString.ConcatenateBits(BitString.Zeroes(32 - ephemKey.BitLength % 32), ephemKey); } return(ephemKey); } if (ephemeralNonce != null && ephemeralNonce?.BitLength != 0) { return(ephemeralNonce); } return(dkmNonce); }
public FfcKeyPairValidateResult ValidateKeyPair(FfcDomainParameters domainParameters, FfcKeyPair keyPair) { if (keyPair.PrivateKeyX <= 0 || keyPair.PrivateKeyX >= domainParameters.Q) { return(new FfcKeyPairValidateResult("Invalid key pair, x must satisfy 0 < x < q")); } if (keyPair.PublicKeyY == BigInteger.ModPow(domainParameters.G, keyPair.PrivateKeyX, domainParameters.P)) { return(new FfcKeyPairValidateResult()); } else { return(new FfcKeyPairValidateResult("Invalid key pair, y != g^x mod p")); } }
/// <summary> /// No errors /// </summary> public FfcKeyPairGenerateResult(FfcKeyPair keyPair) { KeyPair = keyPair; }