public static ECKeyPair Generate()
{
ECKeyGenerationParameters keygenParams
= new ECKeyGenerationParameters(Parameters.DomainParams, Parameters.SecureRandom);
ECKeyPairGenerator generator = new ECKeyPairGenerator();
generator.Init(keygenParams);
AsymmetricCipherKeyPair keypair = generator.GenerateKeyPair();
ECPrivateKeyParameters privParams = (ECPrivateKeyParameters)keypair.Private;
ECPublicKeyParameters pubParams = (ECPublicKeyParameters)keypair.Public;
ECKeyPair k = new ECKeyPair(privParams, pubParams);
return(k);
}
public static byte[] GenerateAESKey(ECPublicKeyParameters bobPublicKey,
AsymmetricKeyParameter alicePrivateKey)
{
IBasicAgreement aKeyAgree = AgreementUtilities.GetBasicAgreement("ECDH");
aKeyAgree.Init(alicePrivateKey);
BigInteger sharedSecret = aKeyAgree.CalculateAgreement(bobPublicKey);
byte[] sharedSecretBytes = sharedSecret.ToByteArray();
IDigest digest = new Sha256Digest();
byte[] symmetricKey = new byte[digest.GetDigestSize()];
digest.BlockUpdate(sharedSecretBytes, 0, sharedSecretBytes.Length);
digest.DoFinal(symmetricKey, 0);
return(symmetricKey);
}
/// <summary>
/// Creates a random key pair from given curve name
/// </summary>
/// <param name="curveName"></param>
/// <returns></returns>
public List <byte[]> CreateRandomKeyPair(string curveName)
{
var keyPair = new List <byte[]>();
var ecp = TeleTrusTNamedCurves.GetByName(curveName);
if (ecp == null)
{
ecp = NistNamedCurves.GetByName(curveName);
}
AsymmetricCipherKeyPair kp = null;
ECPublicKeyParameters publicKey = null;
bool success = false;
while (!success)
{
IAsymmetricCipherKeyPairGenerator kpg = GeneratorUtilities.GetKeyPairGenerator("ECDSA");
var parameters = new ECDomainParameters(ecp.Curve, ecp.G, ecp.N, ecp.H, ecp.GetSeed());
var ecP = new ECKeyGenerationParameters(parameters, new SecureRandom());
kpg.Init(ecP);
kp = kpg.GenerateKeyPair();
publicKey = (ECPublicKeyParameters)kp.Public;
publicKey = SetPublicUncompressed(publicKey);
byte[] x = publicKey.Q.AffineXCoord.ToBigInteger().ToByteArrayUnsigned();
byte[] y = publicKey.Q.AffineYCoord.ToBigInteger().ToByteArrayUnsigned();
if (x.Length == y.Length)
{
success = true;
}
}
ECPrivateKeyParameters privateKey = (ECPrivateKeyParameters)kp.Private;
if (KeysVerified(privateKey, publicKey, curveName))
{
var privateBytes = privateKey.D.ToByteArrayUnsigned();
var pubKeyBytes = publicKey.Q.GetEncoded();
keyPair.Add(privateBytes);
keyPair.Add(pubKeyBytes);
}
return(keyPair);
}
public static KeyPairEC SecP256r1KeyPairGen()
{
string curve = "secp256r1";
X9ECParameters ecParams = Org.BouncyCastle.Asn1.Sec.SecNamedCurves.GetByName(curve);
ECDomainParameters domainParameters = new ECDomainParameters(ecParams.Curve,
ecParams.G, ecParams.N, ecParams.H,
ecParams.GetSeed());
ECKeyGenerationParameters keyGenParams =
new ECKeyGenerationParameters(domainParameters, new SecureRandom());
AsymmetricCipherKeyPair keyPair;
ECKeyPairGenerator generator = new ECKeyPairGenerator();
generator.Init(keyGenParams);
keyPair = generator.GenerateKeyPair();
ECPrivateKeyParameters privateKey = (ECPrivateKeyParameters)keyPair.Private;
ECPublicKeyParameters publicKey = (ECPublicKeyParameters)keyPair.Public;
var privKeyBytes = privateKey.D.ToByteArrayUnsigned();
var pubKeyBytes = publicKey.Q.GetEncoded();
string privKey = ToSolidHex(privKeyBytes);
string pubKey = ToSolidHex(pubKeyBytes);
Console.WriteLine($"Curve: {curve}");
Console.WriteLine($"Generated private key ({privKeyBytes.Length} bytes):");
Console.WriteLine($"{ToHex(privKeyBytes)}");
Console.WriteLine($"Generated public key ({pubKeyBytes.Length} bytes):");
Console.WriteLine($"{ToHex(pubKeyBytes)}");
Console.WriteLine("=====================================");
Console.WriteLine($"priv:");
Console.WriteLine($"{privKey}");
Console.WriteLine($"pub:");
Console.WriteLine($"{pubKey}");
return(new KeyPairEC()
{
PrivKey = privKeyBytes,
PubKey = pubKeyBytes,
PrivKeyByteHexStr = privKey,
PubKeyByteHexStr = pubKey
});
}
/// <summary>
/// Load the KeyPair from the file, or generate a new one.
/// </summary>
public async Task Load()
{
var res = await _folder.CheckExistsAsync(_location);
switch (res)
{
case ExistenceCheckResult.FileExists:
var file = await _folder.GetFileAsync(_location);
var reader = new StreamReader(await file.OpenAsync(FileAccess.Read));
var data = reader.ReadLine();
if (data != null)
{
var split = data.Split(' ');
if (split.Length != 2)
{
throw new FormatException("Keys file doesn't contain proper data.");
}
var ecp = GetParams();
var q = Convert.FromBase64String(split[1]);
var point = ecp.Curve.DecodePoint(q);
var pubParams = new ECPublicKeyParameters(point, ecp);
var d = new BigInteger(Convert.FromBase64String(split[0]));
var privParams = new ECPrivateKeyParameters(d, ecp);
BcKeyPair = new AsymmetricCipherKeyPair(pubParams, privParams);
}
break;
case ExistenceCheckResult.NotFound:
var key = Generate();
await Save(key);
BcKeyPair = key;
break;
default:
throw new IOException("Unknown error occurred while trying to load/save crypto keypair.");
}
}
private static (KeyAlgorithm, AsymmetricCipherKeyPair) ParseKey(AsymmetricKeyParameter keyParam)
{
if (keyParam is RsaPrivateCrtKeyParameters)
{
var privateKey = (RsaPrivateCrtKeyParameters)keyParam;
var publicKey = new RsaKeyParameters(false, privateKey.Modulus, privateKey.PublicExponent);
return(KeyAlgorithm.RS256, new AsymmetricCipherKeyPair(publicKey, keyParam));
}
else if (keyParam is ECPrivateKeyParameters privateKey)
{
var domain = privateKey.Parameters;
var q = domain.G.Multiply(privateKey.D);
DerObjectIdentifier curveId;
KeyAlgorithm algo;
switch (domain.Curve.FieldSize)
{
case 256:
curveId = SecObjectIdentifiers.SecP256r1;
algo = KeyAlgorithm.ES256;
break;
case 384:
curveId = SecObjectIdentifiers.SecP384r1;
algo = KeyAlgorithm.ES384;
break;
case 521:
curveId = SecObjectIdentifiers.SecP521r1;
algo = KeyAlgorithm.ES512;
break;
default:
throw new NotSupportedException();
}
var publicKey = new ECPublicKeyParameters("EC", q, curveId);
return(algo, new AsymmetricCipherKeyPair(publicKey, keyParam));
}
else
{
throw new NotSupportedException();
}
}
public static bool WriteKeyPair(string filePath, string privateKey, string publicKey, string password)
{
var skParams = new ECPrivateKeyParameters(new BigInteger(privateKey, 16), ECParameters.DomainParams);
var pkPoint = ECParameters.Curve.Curve.DecodePoint(FromHexString(publicKey));
var pkParams = new ECPublicKeyParameters(pkPoint, ECParameters.DomainParams);
var akp = new AsymmetricCipherKeyPair(pkParams, skParams);
using (var writer = File.CreateText(filePath))
{
var pw = new PemWriter(writer);
pw.WriteObject(akp, Algo, password.ToCharArray(), Random);
pw.Writer.Close();
}
Console.WriteLine($@"Account info has been saved to ""{filePath}""");
return(true);
}
private void GenerateKeys(string curveName)
{
X9ECParameters ecParams = SecNamedCurves.GetByName(curveName);
_domainParameters = new ECDomainParameters(ecParams.Curve,
ecParams.G, ecParams.N, ecParams.H,
ecParams.GetSeed());
ECKeyGenerationParameters keyGenParams =
new ECKeyGenerationParameters(_domainParameters, new SecureRandom());
AsymmetricCipherKeyPair keyPair;
ECKeyPairGenerator generator = new ECKeyPairGenerator();
generator.Init(keyGenParams);
keyPair = generator.GenerateKeyPair();
_privateKey = (ECPrivateKeyParameters)keyPair.Private;
_publicKey = (ECPublicKeyParameters)keyPair.Public;
}
public static bool IsSignatureValid(PendingTransaction transaction)
{
ECPoint publicKeyPoint = GetECPublicKeyPoint(transaction.SenderPublicKey);
ECDomainParameters ecSpec = new ECDomainParameters(curve.Curve, curve.G, curve.N, curve.H);
ECPublicKeyParameters publicKeyParameters = new ECPublicKeyParameters(publicKeyPoint, ecSpec);
IDsaKCalculator kCalculator = new HMacDsaKCalculator(new Sha256Digest());
ECDsaSigner signer = new ECDsaSigner(kCalculator);
signer.Init(false, publicKeyParameters);
byte[] tranHashWithoutSignature = CalculateSHA256(transaction.AsJsonWithoutSignatureAndHash());
BigInteger signatureR = new BigInteger(transaction.SenderSignature[0], 16);
BigInteger signatureS = new BigInteger(transaction.SenderSignature[1], 16);
bool isValid = signer.VerifySignature(tranHashWithoutSignature, signatureR, signatureS);
return(isValid);
}
public static bool VerifySignature(string message, string publicKey, string signature)
{
var curve = SecNamedCurves.GetByName("secp256k1");
var domain = new ECDomainParameters(curve.Curve, curve.G, curve.N, curve.H);
var publicKeyBytes = Base58Encoding.Decode(publicKey);
var q = curve.Curve.DecodePoint(publicKeyBytes);
var keyParameters = new ECPublicKeyParameters(q,
domain);
var signer = SignerUtilities.GetSigner("SHA-256withECDSA");
signer.Init(false, keyParameters);
signer.BlockUpdate(Encoding.ASCII.GetBytes(message), 0, message.Length);
var signatureBytes = Base58Encoding.Decode(signature);
return(signer.VerifySignature(signatureBytes));
}
/// <summary>
/// load public key
/// </summary>
/// <param name="pkInfo">public key or public key file path</param>
/// <returns>public key</returns>
public static ECPublicKeyParameters LoadPubkey(string pkInfo)
{
string pub;
if (!pkInfo.Contains("CERTIFICATE") && !pkInfo.Contains("PUBLIC KEY"))
{
pub = ReadPK(pkInfo);
}
else
{
pub = pkInfo;
}
TextReader ptr = new StringReader(pub);
Org.BouncyCastle.OpenSsl.PemReader pem = new Org.BouncyCastle.OpenSsl.PemReader(ptr);
ECPublicKeyParameters sm2PublicKey = (ECPublicKeyParameters)pem.ReadObject();
return(sm2PublicKey);
}
/// <summary>
/// Called by client to get his ephemaral ECC keys
/// TODO: get information about which ECC curve should be used
/// </summary>
/// <param name="version"></param>
/// <param name="data"></param>
/// <returns></returns>
public override byte[] ProcessServerKeys(ProtocolVersion version, byte[] data, X509Certificate serverCertificate)
{
if (data == null)
{
throw new ArgumentNullException(nameof(data));
}
if (data.Length < 4)
{
throw new ArgumentException(nameof(data));
}
//if (data[0] != 3 || data[1] != 0 || data[2] != 23)
if (data[0] != 3 || data[1] != 0)
{
throw new ArgumentException(nameof(data));
}
//if (data[3] != 65 || data[4] > data.Length - 4)
if (data[4] > data.Length - 4)
{
throw new ArgumentException(nameof(data));
}
// Extract the public key from the data
byte[] ecPointData = new byte[data[3]];
Buffer.BlockCopy(data, 4, ecPointData, 0, ecPointData.Length);
ushort curveNameId = (ushort)(data[1] << 8 | data[2]);
var ecPoint = this.ObtainCurveNameAndPoint(curveNameId, ecPointData);
var theirPublicKey = new ECPublicKeyParameters(ecPoint, this.domainParameters);
// Calculate the actual agreement
var agreement = new ECDHBasicAgreement();
agreement.Init(this.privateKey);
this.preMasterSecret = BigIntegerToByteArray(agreement.CalculateAgreement(theirPublicKey), ecPoint.Curve.FieldSize / 8);
var signature = new byte[data.Length - 4 - data[3]];
Buffer.BlockCopy(data, 4 + data[3], signature, 0, signature.Length);
return(signature);
}
static byte[] GenerateAESKey(ECPublicKeyParameters bobPublicKey,
AsymmetricKeyParameter alicePrivateKey)
{
ECDHBasicAgreement aKeyAgree = new ECDHBasicAgreement();
aKeyAgree.Init(alicePrivateKey);
byte[] sharedSecret = aKeyAgree.CalculateAgreement(bobPublicKey).ToByteArray();
// make sure each part has the correct and same size
ResizeRight(ref sharedSecret, 66); // 66 is the desired key size
Sha256Digest digest = new Sha256Digest();
byte[] symmetricKey = new byte[digest.GetDigestSize()];
digest.BlockUpdate(sharedSecret, 0, sharedSecret.Length);
digest.DoFinal(symmetricKey, 0);
return(symmetricKey);
}
// generate private, public key pair
public static Tuple <string, string> GenerateKeyPair()
{
ECKeyPairGenerator gen = new ECKeyPairGenerator(algorithm);
ECKeyGenerationParameters keyGenParam = new ECKeyGenerationParameters(domainParameters, new SecureRandom());
gen.Init(keyGenParam);
AsymmetricCipherKeyPair keys = gen.GenerateKeyPair();
ECPrivateKeyParameters privateKey = (ECPrivateKeyParameters)(keys.Private);
ECPublicKeyParameters publicKey = (ECPublicKeyParameters)(keys.Public);
//Console.WriteLine(ToHexString(publicKey.Q.GetEncoded()));
//Console.WriteLine(GetPublicKeyFromPrivateKey(ToHexString(privateKey.D.ToByteArray())));
//Console.WriteLine(ToHexString(privateKey.D.ToByteArray()));
//Console.WriteLine(privateKey.D.ToString(16));
return(new Tuple <string, string>(ToHexString(privateKey.D.ToByteArray()), ToHexString(publicKey.Q.GetEncoded())));
}
public override void ProcessServerCertificate(Certificate serverCertificate)
{
if (base.mKeyExchange == 20)
{
throw new TlsFatalAlert(10);
}
if (serverCertificate.IsEmpty)
{
throw new TlsFatalAlert(0x2a);
}
X509CertificateStructure certificateAt = serverCertificate.GetCertificateAt(0);
SubjectPublicKeyInfo subjectPublicKeyInfo = certificateAt.SubjectPublicKeyInfo;
try
{
this.mServerPublicKey = PublicKeyFactory.CreateKey(subjectPublicKeyInfo);
}
catch (Exception exception)
{
throw new TlsFatalAlert(0x2b, exception);
}
if (this.mTlsSigner == null)
{
try
{
this.mECAgreePublicKey = TlsEccUtilities.ValidateECPublicKey((ECPublicKeyParameters)this.mServerPublicKey);
}
catch (InvalidCastException exception2)
{
throw new TlsFatalAlert(0x2e, exception2);
}
TlsUtilities.ValidateKeyUsage(certificateAt, 8);
}
else
{
if (!this.mTlsSigner.IsValidPublicKey(this.mServerPublicKey))
{
throw new TlsFatalAlert(0x2e);
}
TlsUtilities.ValidateKeyUsage(certificateAt, 0x80);
}
base.ProcessServerCertificate(serverCertificate);
}
public override void ProcessServerKeyExchange(Stream input)
{
this.mPskIdentityHint = TlsUtilities.ReadOpaque16(input);
if (this.mKeyExchange == KeyExchangeAlgorithm.DHE_PSK)
{
this.mDHParameters = TlsDHUtilities.ReceiveDHParameters(mDHVerifier, input);
this.mDHAgreePublicKey = new DHPublicKeyParameters(TlsDHUtilities.ReadDHParameter(input), mDHParameters);
}
else if (this.mKeyExchange == KeyExchangeAlgorithm.ECDHE_PSK)
{
ECDomainParameters ecParams = TlsEccUtilities.ReadECParameters(mNamedCurves, mClientECPointFormats, input);
byte[] point = TlsUtilities.ReadOpaque8(input);
this.mECAgreePublicKey = TlsEccUtilities.ValidateECPublicKey(TlsEccUtilities.DeserializeECPublicKey(
mClientECPointFormats, ecParams, point));
}
}
public override void ProcessClientKeyExchange(Stream input)
{
byte[] psk_identity = TlsUtilities.ReadOpaque16(input);
this.mPsk = mPskIdentityManager.GetPsk(psk_identity);
if (mPsk == null)
{
throw new TlsFatalAlert(AlertDescription.unknown_psk_identity);
}
mContext.SecurityParameters.pskIdentity = psk_identity;
if (this.mKeyExchange == KeyExchangeAlgorithm.DHE_PSK)
{
BigInteger Yc = TlsDHUtilities.ReadDHParameter(input);
this.mDHAgreePublicKey = TlsDHUtilities.ValidateDHPublicKey(new DHPublicKeyParameters(Yc, mDHParameters));
}
else if (this.mKeyExchange == KeyExchangeAlgorithm.ECDHE_PSK)
{
byte[] point = TlsUtilities.ReadOpaque8(input);
ECDomainParameters curve_params = this.mECAgreePrivateKey.Parameters;
this.mECAgreePublicKey = TlsEccUtilities.ValidateECPublicKey(TlsEccUtilities.DeserializeECPublicKey(
mServerECPointFormats, curve_params, point));
}
else if (this.mKeyExchange == KeyExchangeAlgorithm.RSA_PSK)
{
byte[] encryptedPreMasterSecret;
if (TlsUtilities.IsSsl(mContext))
{
// TODO Do any SSLv3 clients actually include the length?
encryptedPreMasterSecret = Streams.ReadAll(input);
}
else
{
encryptedPreMasterSecret = TlsUtilities.ReadOpaque16(input);
}
this.mPremasterSecret = mServerCredentials.DecryptPreMasterSecret(encryptedPreMasterSecret);
}
}
private void checkSignature(
int size,
ECPrivateKeyParameters sKey,
ECPublicKeyParameters vKey,
ISigner sgr,
SecureRandom k,
byte[] message,
BigInteger r,
BigInteger s)
{
sgr.Init(true, new ParametersWithRandom(sKey, k));
sgr.BlockUpdate(message, 0, message.Length);
byte[] sigBytes = sgr.GenerateSignature();
sgr.Init(false, vKey);
sgr.BlockUpdate(message, 0, message.Length);
if (!sgr.VerifySignature(sigBytes))
{
Fail(size + " bit EC verification failed");
}
BigInteger[] sig = derDecode(sigBytes);
if (!r.Equals(sig[0]))
{
Fail(size + "bit"
+ ": r component wrong." + SimpleTest.NewLine
+ " expecting: " + r + SimpleTest.NewLine
+ " got : " + sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail(size + "bit"
+ ": s component wrong." + SimpleTest.NewLine
+ " expecting: " + s + SimpleTest.NewLine
+ " got : " + sig[1]);
}
}
public bool VerifySignature(byte[] data, byte[] publicKey, byte[] signature)
{
try
{
var q = ecParams.Curve.DecodePoint(publicKey);
var keyParameters = new ECPublicKeyParameters(q, domain);
var signer = SignerUtilities.GetSigner("SHA-256withECDSA");
signer.Init(false, keyParameters);
signer.BlockUpdate(data, 0, data.Length);
return(signer.VerifySignature(signature));
}
catch
{
return(false);
}
}
public virtual BigInteger CalculateAgreement(
ICipherParameters pubKey)
{
ECPublicKeyParameters pub = (ECPublicKeyParameters)pubKey;
if (!pub.Parameters.Equals(privKey.Parameters))
{
throw new InvalidOperationException("ECDH public key has wrong domain parameters");
}
ECPoint P = pub.Q.Multiply(privKey.D).Normalize();
if (P.IsInfinity)
{
throw new InvalidOperationException("Infinity is not a valid agreement value for ECDH");
}
return(P.AffineXCoord.ToBigInteger());
}
public static byte[] GenerateSharedSecret(ECPublicKeyParameters publicKey, ECPrivateKeyParameters privateKey)
{
var agreement = new ECDHBasicAgreement();
agreement.Init(privateKey);
var z = agreement.CalculateAgreement(publicKey);
var sharedSecret = new byte[32];
var zArr = z.ToByteArrayUnsigned();
// zero the output array
for (var i = 0; i < sharedSecret.Length; i++)
{
sharedSecret[i] = 0;
}
Array.Copy(zArr, 0, sharedSecret, 32 - zArr.Length, zArr.Length);
return(sharedSecret);
}
public override (byte[], byte[]) GetChildPublicKey(Curve curve, byte[] pubKey, byte[] chainCode, uint index)
{
if (curve.Kind == ECKind.Ed25519)
{
throw new NotSupportedException("Ed25519 public key derivation not supported by slip-10");
}
if (pubKey.Length != 33)
{
throw new NotSupportedException("Invalid public key size (expected 33 bytes)");
}
if ((index & 0x80000000) != 0)
{
throw new InvalidOperationException("Can't derive a hardened child key from a public key");
}
var c = curve.Kind switch
{
ECKind.Secp256k1 => SecNamedCurves.GetByName("secp256k1"),
ECKind.NistP256 => SecNamedCurves.GetByName("secp256r1"),
_ => throw new InvalidEnumArgumentException()
};
var dp = new ECDomainParameters(c.Curve, c.G, c.N, c.H, c.GetSeed());
var kp = new ECPublicKeyParameters("EC", c.Curve.DecodePoint(pubKey), dp);
var l = Bip32Hash(chainCode, index, pubKey);
while (true)
{
var ll = l.GetBytes(0, 32);
var lr = l.GetBytes(32, 32);
var parse256LL = new BigInteger(1, ll);
var q = kp.Parameters.G.Multiply(parse256LL).Add(kp.Q);
if (parse256LL.CompareTo(c.N) >= 0 || q.IsInfinity)
{
l = Bip32Hash(chainCode, index, 1, lr);
continue;
}
return(q.Normalize().GetEncoded(true), lr);
}
}
/// <summary>
/// Initializes the algorithm from public key.
/// </summary>
/// <remarks>
/// byte[] X
/// byte[] Y
/// </remarks>
public void FromPublicKey(byte[] publicKey)
{
if (publicKey == null)
{
throw new ArgumentNullException("publicKey");
}
if (publicKey.Length == 0)
{
throw new InvalidOperationException("Invalid EC key.");
}
if (publicKey[0] != 4)
{
throw new InvalidOperationException("EC point compression not supported.");
}
if ((publicKey.Length & 1) != 1)
{
throw new InvalidOperationException("Unsupported EC key.");
}
int keySize = publicKey.Length / 2;
if ((BitLength + 7) / 8 != keySize)
{
throw new InvalidOperationException("Unexpected EC key bit length.");
}
byte[] X = new byte[keySize];
byte[] Y = new byte[keySize];
Array.Copy(publicKey, 1, X, 0, keySize);
Array.Copy(publicKey, 1 + keySize, Y, 0, keySize);
var curve = _info.Parameters.Curve;
ECFieldElement x = curve.FromBigInteger(new BigInteger(1, X));
ECFieldElement y = curve.FromBigInteger(new BigInteger(1, Y));
ECPoint q2 = new FpPoint(curve, x, y);
PublicKey = new ECPublicKeyParameters(_info.AlgorithmName, q2, _info.Parameters);
PrivateKey = null;
}
public void TestMethod1()
{
string b64InputKey = "MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEVQxN/wFsMiYihwv1psUgKRIhgX02OPBQl0aKYNtKXoCk67hE/lsR8UC77Fqm1HPuMALWG8RcihSHoZwx2HfOz11QkwvlKEf8UuMrbp0yt/mQNJx6QQm6CiZ7e63sYqdV";
ECPublicKeyParameters asyKey = (ECPublicKeyParameters)
PublicKeyFactory.CreateKey(b64InputKey.DecodeBase64Url());
ECParameters param = new ECParameters();
param.Curve = ECCurve.NamedCurves.nistP384;
param.Q.X = asyKey.Q.AffineXCoord.GetEncoded();
param.Q.Y = asyKey.Q.AffineYCoord.GetEncoded();
var ecPublicKey = ECDiffieHellman.Create(param).PublicKey;
var effi = ECDiffieHellman.Create(ECCurve.NamedCurves.nistP384);
ECParameters privateKey = effi.ExportParameters(true);
var secretPrepend = Encoding.UTF8.GetBytes("RANDOM SECRET");
byte[] secret = effi.DeriveKeyFromHash(ecPublicKey, HashAlgorithmName.SHA256, secretPrepend, new byte[0]);
IBufferedCipher decryptor = CipherUtilities.GetCipher("AES/CFB8/NoPadding");
IBufferedCipher encryptor = CipherUtilities.GetCipher("AES/CFB8/NoPadding");
decryptor.Init(false, new ParametersWithIV(new KeyParameter(secret), secret.Take(16).ToArray()));
encryptor.Init(true, new ParametersWithIV(new KeyParameter(secret), secret.Take(16).ToArray()));
string b64PublicKey = effi.PublicKey.ToDerEncoded().EncodeBase64();
var handshakeJson = new HandshakeData()
{
salt = secretPrepend.EncodeBase64()
};
var signKey = ECDsa.Create(privateKey);
string val = JWT.Encode(handshakeJson, signKey, JwsAlgorithm.ES384, new Dictionary <string, object> {
{ "x5u", b64PublicKey }
});
//Log.Warn($"Headers: {string.Join(";", JWT.Headers(val))}");
//Log.Warn($"Return salt:\n{JWT.Payload(val)}");
}
private static ECDsa ConvertToSingKeyFormat(AsymmetricCipherKeyPair key)
{
ECPublicKeyParameters pubAsyKey = (ECPublicKeyParameters)key.Public;
ECPrivateKeyParameters privAsyKey = (ECPrivateKeyParameters)key.Private;
var signParam = new ECParameters
{
Curve = ECCurve.NamedCurves.nistP384,
Q =
{
X = pubAsyKey.Q.AffineXCoord.GetEncoded(),
Y = pubAsyKey.Q.AffineYCoord.GetEncoded()
}
};
signParam.D = CryptoUtils.FixDSize(privAsyKey.D.ToByteArrayUnsigned(), signParam.Q.X.Length);
signParam.Validate();
return(ECDsa.Create(signParam));
}
public virtual ECPoint Init_enc(SM2 sm2, ECPoint userKey)
{
BigInteger k = null;
ECPoint c1 = null;
AsymmetricCipherKeyPair key = sm2.ecc_key_pair_generator.GenerateKeyPair();
ECPrivateKeyParameters ecpriv = (ECPrivateKeyParameters)key.Private;
ECPublicKeyParameters ecpub = (ECPublicKeyParameters)key.Public;
k = ecpriv.D;
c1 = ecpub.Q;
p2 = userKey.Multiply(k);
Reset();
return(c1);
}
/// <summary>
/// Used to load keypair from string provided from Save function.
/// </summary>
/// <param name="keyContents">Data from Save function</param>
public void LoadFrom(string keyContents)
{
var split = keyContents.Split(' ');
if (split.Length != 2)
{
throw new FormatException("Keys file doesn't contain proper data.");
}
var ecp = GetParams();
var q = Convert.FromBase64String(split[1]);
var point = ecp.Curve.DecodePoint(q);
var pubParams = new ECPublicKeyParameters(point, ecp);
var d = new BigInteger(Convert.FromBase64String(split[0]));
var privateKeyParameters = new ECPrivateKeyParameters(d, ecp);
_bcKeyPair = new AsymmetricCipherKeyPair(pubParams, privateKeyParameters);
}
/// <summary>
/// SM2加密
/// </summary>
/// <param name="publicKey">公钥</param>
/// <param name="data">明文</param>
/// <returns>密文</returns>
public static string Encrypt(string publicKey, string data)
{
// 获取一条SM2曲线参数
X9ECParameters sm2EcParameters = GMNamedCurves.GetByName("sm2p256v1");
// 构造domain参数
ECDomainParameters domainParameters = new ECDomainParameters(sm2EcParameters.Curve, sm2EcParameters.G, sm2EcParameters.N);
//提取公钥点
ECPoint pukPoint = sm2EcParameters.Curve.DecodePoint(Hex.Decode(publicKey));
// 公钥前面的02或者03表示是压缩公钥,04表示未压缩公钥, 04的时候,可以去掉前面的04
ECPublicKeyParameters publicKeyParameters = new ECPublicKeyParameters(pukPoint, domainParameters);
SM2Engine sm2Engine = new SM2Engine();
sm2Engine.Init(true, new ParametersWithRandom(publicKeyParameters, new SecureRandom()));
byte[] input = Encoding.UTF8.GetBytes(data);
byte[] arrayOfBytes = sm2Engine.ProcessBlock(input, 0, input.Length);
return(Hex.ToHexString(arrayOfBytes));
}
public virtual byte[] Unwrap(byte[] encryptedCek, object privateKey, int cekSizeBits, IDictionary <string, object> header)
{
Ensure.Contains(header, new[] { "epk" }, "EcdhKeyManagement algorithm expects 'epk' key param in JWT header, but was not found");
Ensure.Contains(header, new[] { BCRYPT_ALG_ID_HEADER },
"EcdhKeyManagement algorithm expects 'enc' header to be present in JWT header, but was not found");
var epk = (IDictionary <string, object>)header["epk"];
Ensure.Contains(epk, new[] { "x", "y", "crv" },
"EcdhKeyManagement algorithm expects 'epk' key to contain 'x','y' and 'crv' fields.");
var x = new BigInteger(Base64Url.Decode(epk["x"].ToString()));
var y = new BigInteger(Base64Url.Decode(epk["y"].ToString()));
var externalPubKeyPoint = _brainpoolP256R1.Curve.CreatePoint(x, y);
var domainParams = new ECDomainParameters(_brainpoolP256R1.Curve, _brainpoolP256R1.G, _brainpoolP256R1.N, _brainpoolP256R1.H);
var externalPubKey = new ECPublicKeyParameters(externalPubKeyPoint, domainParams);
return(DeriveKey(header, cekSizeBits, externalPubKey, privateKey as ECPrivateKeyParameters));
}
private bool VerifyGost(byte[] buffer, int length, byte[] signature)
{
ECDomainParameters dParams = ECGost3410NamedCurves.GetByOid(CryptoProObjectIdentifiers.GostR3410x2001CryptoProA);
byte[] reversedPublicKey = PublicKey.Reverse().ToArray();
ECPoint q = dParams.Curve.CreatePoint(new BigInteger(1, reversedPublicKey, 32, 32), new BigInteger(1, reversedPublicKey, 0, 32), false);
ECPublicKeyParameters parameters = new ECPublicKeyParameters(q, dParams);
var signer = new ECGost3410Signer();
signer.Init(false, parameters);
var digest = new Gost3411Digest();
digest.BlockUpdate(buffer, 0, length);
byte[] hash = new byte[digest.GetDigestSize()];
digest.DoFinal(hash, 0);
return(signer.VerifySignature(hash, new BigInteger(1, signature, 32, 32), new BigInteger(1, signature, 0, 32)));
}
