public void Init(
KeyGenerationParameters parameters)
{
if (parameters is ECKeyGenerationParameters)
{
ECKeyGenerationParameters ecP = (ECKeyGenerationParameters)parameters;
this.publicKeyParamSet = ecP.PublicKeyParamSet;
this.parameters = ecP.DomainParameters;
}
else
{
DerObjectIdentifier oid;
switch (parameters.Strength)
{
case 192:
oid = X9ObjectIdentifiers.Prime192v1;
break;
case 224:
oid = SecObjectIdentifiers.SecP224r1;
break;
case 239:
oid = X9ObjectIdentifiers.Prime239v1;
break;
case 256:
oid = X9ObjectIdentifiers.Prime256v1;
break;
case 384:
oid = SecObjectIdentifiers.SecP384r1;
break;
case 521:
oid = SecObjectIdentifiers.SecP521r1;
break;
default:
throw new ArgumentException("unknown key size.");
}
X9ECParameters ecps = FindECCurveByOid(oid);
this.publicKeyParamSet = oid;
this.parameters = new EcDomainParameters(
ecps.Curve, ecps.G, ecps.N, ecps.H, ecps.GetSeed());
}
this.random = parameters.Random;
if (this.random == null)
{
this.random = CryptoServicesRegistrar.GetSecureRandom();
}
}
internal static ECPublicKeyParameters GetCorrespondingPublicKey(
ECPrivateKeyParameters privKey)
{
EcDomainParameters ec = privKey.Parameters;
ECPoint q = new FixedPointCombMultiplier().Multiply(ec.G, privKey.D);
if (privKey.PublicKeyParamSet != null)
{
return(new ECPublicKeyParameters(privKey.AlgorithmName, q, privKey.PublicKeyParamSet));
}
return(new ECPublicKeyParameters(privKey.AlgorithmName, q, ec));
}
private static AsymmetricCipherKeyPair getKATKeyPair()
{
X9ECParameters p = NistNamedCurves.GetByName("P-256");
EcDomainParameters parameters = new EcDomainParameters(p.Curve, p.G, p.N, p.H);
ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
new BigInteger("20186677036482506117540275567393538695075300175221296989956723148347484984008"), // d
parameters);
// Verify the signature
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
parameters.Curve.DecodePoint(Hex.Decode("03596375E6CE57E0F20294FC46BDFCFD19A39F8161B58695B3EC5B3D16427C274D")), // Q
parameters);
return(new AsymmetricCipherKeyPair(pubKey, priKey));
}
private static AsymmetricCipherKeyPair getTestKeyPair(AsymmetricCipherKeyPair kp)
{
ECPrivateKeyParameters privKey = (ECPrivateKeyParameters)kp.Private;
EcDomainParameters ecDomainParameters = privKey.Parameters;
BigInteger testD = privKey.D.Add(TEST_D_OFFSET).Mod(ecDomainParameters.N);
if (testD.CompareTo(BigInteger.Two) < 0)
{
testD = testD.Add(TEST_D_OFFSET);
}
ECPrivateKeyParameters testPriv = new ECPrivateKeyParameters(testD, ecDomainParameters);
ECPublicKeyParameters testPub = new ECPublicKeyParameters(ecDomainParameters.G.Multiply(testD), ecDomainParameters);
return(new AsymmetricCipherKeyPair(testPub, testPriv));
}
public virtual BigInteger CalculateAgreement(
ICipherParameters pubKey)
{
ECPublicKeyParameters pub = (ECPublicKeyParameters)pubKey;
if (!pub.Parameters.Equals(key.Parameters))
{
throw new IllegalKeyException("ECCDH public key has wrong domain parameters");
}
EcDomainParameters parameters = pub.Parameters;
BigInteger hd = parameters.H.Multiply(key.D).Mod(parameters.N);
ECPoint P = pub.Q.Multiply(hd).Normalize();
if (P.IsInfinity)
{
throw new InvalidOperationException("Infinity is not a valid agreement value for ECDHC");
}
return(P.AffineXCoord.ToBigInteger());
}
// 5.3 pg 28
/**
* Generate a signature for the given message using the key we were
* initialised with. For conventional DSA the message should be a SHA-1
* hash of the message of interest.
*
* @param message the message that will be verified later.
*/
public virtual BigInteger[] GenerateSignature(byte[] message)
{
EcDomainParameters ec = key.Parameters;
BigInteger n = ec.N;
BigInteger e = CalculateE(n, message);
BigInteger d = ((ECPrivateKeyParameters)key).D;
if (kCalculator.IsDeterministic)
{
kCalculator.Init(n, d, message);
}
else
{
kCalculator.Init(n, random);
}
BigInteger r, s;
ECMultiplier basePointMultiplier = CreateBasePointMultiplier();
// 5.3.2
do // Generate s
{
BigInteger k;
do // Generate r
{
k = kCalculator.NextK();
ECPoint p = basePointMultiplier.Multiply(ec.G, k).Normalize();
// 5.3.3
r = p.AffineXCoord.ToBigInteger().Mod(n);
}while (r.SignValue == 0);
s = k.ModInverse(n).Multiply(e.Add(d.Multiply(r))).Mod(n);
}while (s.SignValue == 0);
return(new BigInteger[] { r, s });
}
static ECGost3410NamedCurves()
{
BigInteger mod_p = new BigInteger("115792089237316195423570985008687907853269984665640564039457584007913129639319");
BigInteger mod_q = new BigInteger("115792089237316195423570985008687907853073762908499243225378155805079068850323");
FpCurve curve = new FpCurve(
mod_p, // p
new BigInteger("115792089237316195423570985008687907853269984665640564039457584007913129639316"), // a
new BigInteger("166"), // b
mod_q,
BigInteger.One);
EcDomainParameters ecParams = new EcDomainParameters(
curve,
curve.CreatePoint(
new BigInteger("1"), // x
new BigInteger("64033881142927202683649881450433473985931760268884941288852745803908878638612")), // y
mod_q);
parameters[CryptoProObjectIdentifiers.GostR3410x2001CryptoProA] = ecParams;
mod_p = new BigInteger("115792089237316195423570985008687907853269984665640564039457584007913129639319");
mod_q = new BigInteger("115792089237316195423570985008687907853073762908499243225378155805079068850323");
curve = new FpCurve(
mod_p, // p
new BigInteger("115792089237316195423570985008687907853269984665640564039457584007913129639316"),
new BigInteger("166"),
mod_q,
BigInteger.One);
ecParams = new EcDomainParameters(
curve,
curve.CreatePoint(
new BigInteger("1"), // x
new BigInteger("64033881142927202683649881450433473985931760268884941288852745803908878638612")), // y
mod_q);
parameters[CryptoProObjectIdentifiers.GostR3410x2001CryptoProXchA] = ecParams;
mod_p = new BigInteger("57896044618658097711785492504343953926634992332820282019728792003956564823193"); //p
mod_q = new BigInteger("57896044618658097711785492504343953927102133160255826820068844496087732066703"); //q
curve = new FpCurve(
mod_p, // p
new BigInteger("57896044618658097711785492504343953926634992332820282019728792003956564823190"), // a
new BigInteger("28091019353058090096996979000309560759124368558014865957655842872397301267595"), // b
mod_q,
BigInteger.One);
ecParams = new EcDomainParameters(
curve,
curve.CreatePoint(
new BigInteger("1"), // x
new BigInteger("28792665814854611296992347458380284135028636778229113005756334730996303888124")), // y
mod_q); // q
parameters[CryptoProObjectIdentifiers.GostR3410x2001CryptoProB] = ecParams;
mod_p = new BigInteger("70390085352083305199547718019018437841079516630045180471284346843705633502619");
mod_q = new BigInteger("70390085352083305199547718019018437840920882647164081035322601458352298396601");
curve = new FpCurve(
mod_p, // p
new BigInteger("70390085352083305199547718019018437841079516630045180471284346843705633502616"),
new BigInteger("32858"),
mod_q,
BigInteger.One);
ecParams = new EcDomainParameters(
curve,
curve.CreatePoint(
new BigInteger("0"),
new BigInteger("29818893917731240733471273240314769927240550812383695689146495261604565990247")),
mod_q);
parameters[CryptoProObjectIdentifiers.GostR3410x2001CryptoProXchB] = ecParams;
mod_p = new BigInteger("70390085352083305199547718019018437841079516630045180471284346843705633502619"); //p
mod_q = new BigInteger("70390085352083305199547718019018437840920882647164081035322601458352298396601"); //q
curve = new FpCurve(
mod_p, // p
new BigInteger("70390085352083305199547718019018437841079516630045180471284346843705633502616"), // a
new BigInteger("32858"), // b
mod_q,
BigInteger.One);
ecParams = new EcDomainParameters(
curve,
curve.CreatePoint(
new BigInteger("0"), // x
new BigInteger("29818893917731240733471273240314769927240550812383695689146495261604565990247")), // y
mod_q); // q
parameters[CryptoProObjectIdentifiers.GostR3410x2001CryptoProC] = ecParams;
objIds["GostR3410-2001-CryptoPro-A"] = CryptoProObjectIdentifiers.GostR3410x2001CryptoProA;
objIds["GostR3410-2001-CryptoPro-B"] = CryptoProObjectIdentifiers.GostR3410x2001CryptoProB;
objIds["GostR3410-2001-CryptoPro-C"] = CryptoProObjectIdentifiers.GostR3410x2001CryptoProC;
objIds["GostR3410-2001-CryptoPro-XchA"] = CryptoProObjectIdentifiers.GostR3410x2001CryptoProXchA;
objIds["GostR3410-2001-CryptoPro-XchB"] = CryptoProObjectIdentifiers.GostR3410x2001CryptoProXchB;
names[CryptoProObjectIdentifiers.GostR3410x2001CryptoProA] = "GostR3410-2001-CryptoPro-A";
names[CryptoProObjectIdentifiers.GostR3410x2001CryptoProB] = "GostR3410-2001-CryptoPro-B";
names[CryptoProObjectIdentifiers.GostR3410x2001CryptoProC] = "GostR3410-2001-CryptoPro-C";
names[CryptoProObjectIdentifiers.GostR3410x2001CryptoProXchA] = "GostR3410-2001-CryptoPro-XchA";
names[CryptoProObjectIdentifiers.GostR3410x2001CryptoProXchB] = "GostR3410-2001-CryptoPro-XchB";
}
