public X9Curve(
ECCurve curve,
byte[] seed)
{
if (curve == null)
{
throw new ArgumentNullException("curve");
}
this.curve = curve;
this.seed = Arrays.Clone(seed);
if (ECAlgorithms.IsFpCurve(curve))
{
this.fieldIdentifier = X9ObjectIdentifiers.PrimeField;
}
else if (ECAlgorithms.IsF2mCurve(curve))
{
this.fieldIdentifier = X9ObjectIdentifiers.CharacteristicTwoField;
}
else
{
throw new ArgumentException("This type of ECCurve is not implemented");
}
}
public X9ECParameters(ECCurve curve, X9ECPoint g, BigInteger n, BigInteger h, byte[] seed)
{
this.curve = curve;
this.g = g;
this.n = n;
this.h = h;
this.seed = seed;
if (ECAlgorithms.IsFpCurve(curve))
{
this.fieldID = new X9FieldID(curve.Field.Characteristic);
}
else
{
if (!ECAlgorithms.IsF2mCurve(curve))
{
throw new ArgumentException("'curve' is of an unsupported type");
}
IPolynomialExtensionField field = (IPolynomialExtensionField)curve.Field;
int[] exponentsPresent = field.MinimalPolynomial.GetExponentsPresent();
if (exponentsPresent.Length == 3)
{
this.fieldID = new X9FieldID(exponentsPresent[2], exponentsPresent[1]);
}
else
{
if (exponentsPresent.Length != 5)
{
throw new ArgumentException("Only trinomial and pentomial curves are supported");
}
this.fieldID = new X9FieldID(exponentsPresent[4], exponentsPresent[1], exponentsPresent[2], exponentsPresent[3]);
}
}
}
public DSTU4145ECBinary(ECDomainParameters paramsValue)
{
ECCurve curve = paramsValue.Curve;
if (!ECAlgorithms.IsF2mCurve(curve))
{
throw new ArgumentException("only binary domain is possible");
}
// We always use big-endian in parameter encoding
IPolynomialExtensionField field = (IPolynomialExtensionField)curve.Field;
int[] exponents = field.MinimalPolynomial.GetExponentsPresent();
if (exponents.Length == 3)
{
f = new DSTU4145BinaryField(exponents[2], exponents[1]);
}
else if (exponents.Length == 5)
{
f = new DSTU4145BinaryField(exponents[4], exponents[1], exponents[2], exponents[3]);
}
else
{
throw new ArgumentException("curve must have a trinomial or pentanomial basis");
}
a = new DerInteger(curve.A.ToBigInteger());
b = new DerOctetString(curve.B.GetEncoded());
n = new DerInteger(paramsValue.N);
bp = new DerOctetString(DSTU4145PointEncoder.encodePoint(paramsValue.G));
}
public X9ECParameters(ECCurve curve, X9ECPoint g, BigInteger n, BigInteger h, byte[] seed)
{
//IL_00a5: Unknown result type (might be due to invalid IL or missing references)
//IL_00b0: Unknown result type (might be due to invalid IL or missing references)
this.curve = curve;
this.g = g;
this.n = n;
this.h = h;
this.seed = seed;
if (ECAlgorithms.IsFpCurve(curve))
{
fieldID = new X9FieldID(curve.Field.Characteristic);
return;
}
if (ECAlgorithms.IsF2mCurve(curve))
{
IPolynomialExtensionField polynomialExtensionField = (IPolynomialExtensionField)curve.Field;
int[] exponentsPresent = polynomialExtensionField.MinimalPolynomial.GetExponentsPresent();
if (exponentsPresent.Length == 3)
{
fieldID = new X9FieldID(exponentsPresent[2], exponentsPresent[1]);
return;
}
if (exponentsPresent.Length == 5)
{
fieldID = new X9FieldID(exponentsPresent[4], exponentsPresent[1], exponentsPresent[2], exponentsPresent[3]);
return;
}
throw new ArgumentException("Only trinomial and pentomial curves are supported");
}
throw new ArgumentException("'curve' is of an unsupported type");
}
private void ImplSqrtTest(ECCurve c)
{
if (ECAlgorithms.IsFpCurve(c))
{
BigInteger p = c.Field.Characteristic;
BigInteger pMinusOne = p.Subtract(BigInteger.One);
BigInteger legendreExponent = p.ShiftRight(1);
int count = 0;
while (count < 10)
{
BigInteger nonSquare = BigIntegers.CreateRandomInRange(BigInteger.Two, pMinusOne, Random);
if (!nonSquare.ModPow(legendreExponent, p).Equals(BigInteger.One))
{
ECFieldElement root = c.FromBigInteger(nonSquare).Sqrt();
Assert.IsNull(root);
++count;
}
}
}
else if (ECAlgorithms.IsF2mCurve(c))
{
int m = c.FieldSize;
BigInteger x = new BigInteger(m, Random);
ECFieldElement fe = c.FromBigInteger(x);
for (int i = 0; i < 100; ++i)
{
ECFieldElement sq = fe.Square();
ECFieldElement check = sq.Sqrt();
Assert.AreEqual(fe, check);
fe = sq;
}
}
}
public static void WriteExplicitECParameters(byte[] ecPointFormats, ECDomainParameters ecParameters,
Stream output)
{
ECCurve curve = ecParameters.Curve;
if (ECAlgorithms.IsFpCurve(curve))
{
TlsUtilities.WriteUint8(ECCurveType.explicit_prime, output);
WriteECParameter(curve.Field.Characteristic, output);
}
else if (ECAlgorithms.IsF2mCurve(curve))
{
IPolynomialExtensionField field = (IPolynomialExtensionField)curve.Field;
int[] exponents = field.MinimalPolynomial.GetExponentsPresent();
TlsUtilities.WriteUint8(ECCurveType.explicit_char2, output);
int m = exponents[exponents.Length - 1];
TlsUtilities.CheckUint16(m);
TlsUtilities.WriteUint16(m, output);
if (exponents.Length == 3)
{
TlsUtilities.WriteUint8(ECBasisType.ec_basis_trinomial, output);
WriteECExponent(exponents[1], output);
}
else if (exponents.Length == 5)
{
TlsUtilities.WriteUint8(ECBasisType.ec_basis_pentanomial, output);
WriteECExponent(exponents[1], output);
WriteECExponent(exponents[2], output);
WriteECExponent(exponents[3], output);
}
else
{
throw new ArgumentException("Only trinomial and pentomial curves are supported");
}
}
else
{
throw new ArgumentException("'ecParameters' not a known curve type");
}
WriteECFieldElement(curve.A, output);
WriteECFieldElement(curve.B, output);
TlsUtilities.WriteOpaque8(SerializeECPoint(ecPointFormats, ecParameters.G), output);
WriteECParameter(ecParameters.N, output);
WriteECParameter(ecParameters.H, output);
}
public static ECPoint DeserializeECPoint(byte[] ecPointFormats, ECCurve curve, byte[] encoding)
{
if (encoding == null || encoding.Length < 1)
{
throw new TlsFatalAlert(AlertDescription.illegal_parameter);
}
byte actualFormat;
switch (encoding[0])
{
case 0x02: // compressed
case 0x03: // compressed
{
if (ECAlgorithms.IsF2mCurve(curve))
{
actualFormat = ECPointFormat.ansiX962_compressed_char2;
}
else if (ECAlgorithms.IsFpCurve(curve))
{
actualFormat = ECPointFormat.ansiX962_compressed_prime;
}
else
{
throw new TlsFatalAlert(AlertDescription.illegal_parameter);
}
break;
}
case 0x04: // uncompressed
{
actualFormat = ECPointFormat.uncompressed;
break;
}
case 0x00: // infinity
case 0x06: // hybrid
case 0x07: // hybrid
default:
throw new TlsFatalAlert(AlertDescription.illegal_parameter);
}
if (actualFormat != ECPointFormat.uncompressed &&
(ecPointFormats == null || !Arrays.Contains(ecPointFormats, actualFormat)))
{
throw new TlsFatalAlert(AlertDescription.illegal_parameter);
}
return(curve.DecodePoint(encoding));
}
public static byte[] SerializeECPoint(byte[] ecPointFormats, ECPoint point)
{
ECCurve curve = point.Curve;
bool compressed = false;
if (ECAlgorithms.IsFpCurve(curve))
{
compressed = IsCompressionPreferred(ecPointFormats, 1);
}
else if (ECAlgorithms.IsF2mCurve(curve))
{
compressed = IsCompressionPreferred(ecPointFormats, 2);
}
return(point.GetEncoded(compressed));
}
private void ImplValidityTest(ECCurve c, ECPoint g)
{
Assert.IsTrue(g.IsValid());
BigInteger h = c.Cofactor;
if (h != null && h.CompareTo(BigInteger.One) > 0)
{
if (ECAlgorithms.IsF2mCurve(c))
{
ECPoint order2 = c.CreatePoint(BigInteger.Zero, c.B.Sqrt().ToBigInteger());
ECPoint bad = g.Add(order2);
Assert.IsFalse(bad.IsValid());
}
}
}
public static void WriteExplicitECParameters(byte[] ecPointFormats, ECDomainParameters ecParameters, Stream output)
{
//IL_00b2: Unknown result type (might be due to invalid IL or missing references)
//IL_00bd: Unknown result type (might be due to invalid IL or missing references)
ECCurve curve = ecParameters.Curve;
if (ECAlgorithms.IsFpCurve(curve))
{
TlsUtilities.WriteUint8(1, output);
WriteECParameter(curve.Field.Characteristic, output);
}
else
{
if (!ECAlgorithms.IsF2mCurve(curve))
{
throw new ArgumentException("'ecParameters' not a known curve type");
}
IPolynomialExtensionField polynomialExtensionField = (IPolynomialExtensionField)curve.Field;
int[] exponentsPresent = polynomialExtensionField.MinimalPolynomial.GetExponentsPresent();
TlsUtilities.WriteUint8(2, output);
int i = exponentsPresent[exponentsPresent.Length - 1];
TlsUtilities.CheckUint16(i);
TlsUtilities.WriteUint16(i, output);
if (exponentsPresent.Length == 3)
{
TlsUtilities.WriteUint8(1, output);
WriteECExponent(exponentsPresent[1], output);
}
else
{
if (exponentsPresent.Length != 5)
{
throw new ArgumentException("Only trinomial and pentomial curves are supported");
}
TlsUtilities.WriteUint8(2, output);
WriteECExponent(exponentsPresent[1], output);
WriteECExponent(exponentsPresent[2], output);
WriteECExponent(exponentsPresent[3], output);
}
}
WriteECFieldElement(curve.A, output);
WriteECFieldElement(curve.B, output);
TlsUtilities.WriteOpaque8(SerializeECPoint(ecPointFormats, ecParameters.G), output);
WriteECParameter(ecParameters.N, output);
WriteECParameter(ecParameters.H, output);
}
private void ImplValidityTest(ECCurve c, ECPoint g)
{
Assert.IsTrue(g.IsValid());
if (ECAlgorithms.IsF2mCurve(c))
{
BigInteger h = c.Cofactor;
if (null != h)
{
if (!h.TestBit(0))
{
ECFieldElement sqrtB = c.B.Sqrt();
ECPoint order2 = c.CreatePoint(BigInteger.Zero, sqrtB.ToBigInteger());
Assert.IsTrue(order2.Twice().IsInfinity);
Assert.IsFalse(order2.IsValid());
ECPoint bad2 = g.Add(order2);
Assert.IsFalse(bad2.IsValid());
ECPoint good2 = bad2.Add(order2);
Assert.IsTrue(good2.IsValid());
if (!h.TestBit(1))
{
ECFieldElement L = SolveQuadraticEquation(c, c.A);
Assert.IsNotNull(L);
ECFieldElement T = sqrtB;
ECFieldElement x = T.Sqrt();
ECFieldElement y = T.Add(x.Multiply(L));
ECPoint order4 = c.CreatePoint(x.ToBigInteger(), y.ToBigInteger());
Assert.IsTrue(order4.Twice().Equals(order2));
Assert.IsFalse(order4.IsValid());
ECPoint bad4_1 = g.Add(order4);
Assert.IsFalse(bad4_1.IsValid());
ECPoint bad4_2 = bad4_1.Add(order4);
Assert.IsFalse(bad4_2.IsValid());
ECPoint bad4_3 = bad4_2.Add(order4);
Assert.IsFalse(bad4_3.IsValid());
ECPoint good4 = bad4_3.Add(order4);
Assert.IsTrue(good4.IsValid());
}
}
}
}
}
public static byte[] SerializeECPoint(byte[] ecPointFormats, ECPoint point)
{
ECCurve curve = point.Curve;
/*
* RFC 4492 5.7. ...an elliptic curve point in uncompressed or compressed format. Here, the
* format MUST conform to what the server has requested through a Supported Point Formats
* Extension if this extension was used, and MUST be uncompressed if this extension was not
* used.
*/
bool compressed = false;
if (ECAlgorithms.IsFpCurve(curve))
{
compressed = IsCompressionPreferred(ecPointFormats, ECPointFormat.ansiX962_compressed_prime);
}
else if (ECAlgorithms.IsF2mCurve(curve))
{
compressed = IsCompressionPreferred(ecPointFormats, ECPointFormat.ansiX962_compressed_char2);
}
return(point.GetEncoded(compressed));
}
public static ECPoint DeserializeECPoint(byte[] ecPointFormats, ECCurve curve, byte[] encoding)
{
if (encoding == null || encoding.Length < 1)
{
throw new TlsFatalAlert(47);
}
byte b;
switch (encoding[0])
{
case 2:
case 3:
if (ECAlgorithms.IsF2mCurve(curve))
{
b = 2;
}
else
{
if (!ECAlgorithms.IsFpCurve(curve))
{
throw new TlsFatalAlert(47);
}
b = 1;
}
break;
case 4:
b = 0;
break;
default:
throw new TlsFatalAlert(47);
}
if (b != 0 && (ecPointFormats == null || !Arrays.Contains(ecPointFormats, b)))
{
throw new TlsFatalAlert(47);
}
return(curve.DecodePoint(encoding));
}
public static ECPoint DeserializeECPoint(byte[] ecPointFormats, ECCurve curve, byte[] encoding)
{
byte num;
if ((encoding == null) || (encoding.Length < 1))
{
throw new TlsFatalAlert(0x2f);
}
switch (encoding[0])
{
case 2:
case 3:
if (!ECAlgorithms.IsF2mCurve(curve))
{
if (!ECAlgorithms.IsFpCurve(curve))
{
throw new TlsFatalAlert(0x2f);
}
num = 1;
}
else
{
num = 2;
}
break;
case 4:
num = 0;
break;
default:
throw new TlsFatalAlert(0x2f);
}
if ((num != 0) && ((ecPointFormats == null) || !Arrays.Contains(ecPointFormats, num)))
{
throw new TlsFatalAlert(0x2f);
}
return(curve.DecodePoint(encoding));
}
public X9ECParameters(
ECCurve curve,
X9ECPoint g,
BigInteger n,
BigInteger h,
byte[] seed)
{
this.Curve = curve;
this.BaseEntry = g;
this.N = n;
this.H = h;
this.seed = seed;
if (ECAlgorithms.IsFpCurve(curve))
{
this.FieldIDEntry = new X9FieldID(curve.Field.Characteristic);
}
else if (ECAlgorithms.IsF2mCurve(curve))
{
var field = (IPolynomialExtensionField)curve.Field;
var exponents = field.MinimalPolynomial.GetExponentsPresent();
if (exponents.Length == 3)
{
this.FieldIDEntry = new X9FieldID(exponents[2], exponents[1]);
}
else if (exponents.Length == 5)
{
this.FieldIDEntry = new X9FieldID(exponents[4], exponents[1], exponents[2], exponents[3]);
}
else
{
throw new ArgumentException("Only trinomial and pentomial curves are supported");
}
}
else
{
throw new ArgumentException("'curve' is of an unsupported type");
}
}
public X9Curve(ECCurve curve, byte[] seed)
{
//IL_000e: Unknown result type (might be due to invalid IL or missing references)
//IL_0054: Unknown result type (might be due to invalid IL or missing references)
if (curve == null)
{
throw new ArgumentNullException("curve");
}
this.curve = curve;
this.seed = Arrays.Clone(seed);
if (ECAlgorithms.IsFpCurve(curve))
{
fieldIdentifier = X9ObjectIdentifiers.PrimeField;
return;
}
if (ECAlgorithms.IsF2mCurve(curve))
{
fieldIdentifier = X9ObjectIdentifiers.CharacteristicTwoField;
return;
}
throw new ArgumentException("This type of ECCurve is not implemented");
}