protected override X9ECParameters CreateParameters()
{
BigInteger n = new BigInteger("0101D556572AABAC800101D556572AABAC8001022D5C91DD173F8FB561DA6899164443051D", 16);
BigInteger h = BigInteger.ValueOf(0xFE2E);
ECCurve c2m304w1 = new F2mCurve(
304,
1, 2, 11,
new BigInteger("00FD0D693149A118F651E6DCE6802085377E5F882D1B510B44160074C1288078365A0396C8E681", 16),
new BigInteger("00BDDB97E555A50A908E43B01C798EA5DAA6788F1EA2794EFCF57166B8C14039601E55827340BE", 16),
n, h);
return(new X9ECParameters(
c2m304w1,
new X9ECPoint(c2m304w1,
Hex.Decode("02197B07845E9BE2D96ADB0F5F3C7F2CFFBD7A3EB8B6FEC35C7FD67F26DDF6285A644F740A2614")),
n, h,
null));
}
protected override X9ECParameters CreateParameters()
{
BigInteger n = new BigInteger("0CCCCCCCCCCCCCCCCCCCCCCCCCCCCCAC4912D2D9DF903EF9888B8A0E4CFF", 16);
BigInteger h = BigInteger.ValueOf(10);
ECCurve c2m239v3 = new F2mCurve(
239,
36,
new BigInteger("01238774666A67766D6676F778E676B66999176666E687666D8766C66A9F", 16),
new BigInteger("6A941977BA9F6A435199ACFC51067ED587F519C5ECB541B8E44111DE1D40", 16),
n, h);
return(new X9ECParameters(
c2m239v3,
new X9ECPoint(c2m239v3,
Hex.Decode("0370F6E9D04D289C4E89913CE3530BFDE903977D42B146D539BF1BDE4E9C92")),
n, h,
null));
}
protected override X9ECParameters CreateParameters()
{
BigInteger n = new BigInteger("0100FAF51354E0E39E4892DF6E319C72C8161603FA45AA7B998A167B8F1E629521", 16);
BigInteger h = BigInteger.ValueOf(0xFF06);
ECCurve c2m272w1 = new F2mCurve(
272,
1, 3, 56,
new BigInteger("0091A091F03B5FBA4AB2CCF49C4EDD220FB028712D42BE752B2C40094DBACDB586FB20", 16),
new BigInteger("7167EFC92BB2E3CE7C8AAAFF34E12A9C557003D7C73A6FAF003F99F6CC8482E540F7", 16),
n, h);
return(new X9ECParameters(
c2m272w1,
new X9ECPoint(c2m272w1,
Hex.Decode("026108BABB2CEEBCF787058A056CBE0CFE622D7723A289E08A07AE13EF0D10D171DD8D")),
n, h,
null));
}
protected override X9ECParameters CreateParameters()
{
BigInteger n = new BigInteger("2000000000000000000000000000000F4D42FFE1492A4993F1CAD666E447", 16);
BigInteger h = BigInteger.ValueOf(4);
ECCurve c2m239v1 = new F2mCurve(
239,
36,
new BigInteger("32010857077C5431123A46B808906756F543423E8D27877578125778AC76", 16),
new BigInteger("790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16", 16),
n, h);
return(new X9ECParameters(
c2m239v1,
new X9ECPoint(c2m239v1,
Hex.Decode("0257927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D")),
n, h,
null));
}
protected override X9ECParameters CreateParameters()
{
BigInteger n = new BigInteger("1555555555555555555555555555553C6F2885259C31E3FCDF154624522D", 16);
BigInteger h = BigInteger.ValueOf(6);
ECCurve c2m239v2 = new F2mCurve(
239,
36,
new BigInteger("4230017757A767FAE42398569B746325D45313AF0766266479B75654E65F", 16),
new BigInteger("5037EA654196CFF0CD82B2C14A2FCF2E3FF8775285B545722F03EACDB74B", 16),
n, h);
return(new X9ECParameters(
c2m239v2,
new X9ECPoint(c2m239v2,
Hex.Decode("0228F9D04E900069C8DC47A08534FE76D2B900B7D7EF31F5709F200C4CA205")),
n, h,
null));
}
protected override X9ECParameters CreateParameters()
{
BigInteger n = new BigInteger("155555555555555555555555610C0B196812BFB6288A3EA3", 16);
BigInteger h = BigInteger.ValueOf(6);
ECCurve c2m191v3 = new F2mCurve(
191,
9,
new BigInteger("6C01074756099122221056911C77D77E77A777E7E7E77FCB", 16),
new BigInteger("71FE1AF926CF847989EFEF8DB459F66394D90F32AD3F15E8", 16),
n, h);
return(new X9ECParameters(
c2m191v3,
new X9ECPoint(c2m191v3,
Hex.Decode("03375D4CE24FDE434489DE8746E71786015009E66E38A926DD")),
n, h,
null));
}
protected override X9ECParameters CreateParameters()
{
BigInteger n = new BigInteger("0101BAF95C9723C57B6C21DA2EFF2D5ED588BDD5717E212F9D", 16);
BigInteger h = BigInteger.ValueOf(0xFE48);
ECCurve c2m208w1 = new F2mCurve(
208,
1, 2, 83,
new BigInteger("0", 16),
new BigInteger("00C8619ED45A62E6212E1160349E2BFA844439FAFC2A3FD1638F9E", 16),
n, h);
return(new X9ECParameters(
c2m208w1,
new X9ECPoint(c2m208w1,
Hex.Decode("0289FDFBE4ABE193DF9559ECF07AC0CE78554E2784EB8C1ED1A57A")),
n, h,
null));
}
protected override X9ECParameters CreateParameters()
{
BigInteger n = new BigInteger("40000000000000000000000004A20E90C39067C893BBB9A5", 16);
BigInteger h = BigInteger.Two;
ECCurve c2m191v1 = new F2mCurve(
191,
9,
new BigInteger("2866537B676752636A68F56554E12640276B649EF7526267", 16),
new BigInteger("2E45EF571F00786F67B0081B9495A3D95462F5DE0AA185EC", 16),
n, h);
return(new X9ECParameters(
c2m191v1,
new X9ECPoint(c2m191v1,
Hex.Decode("0236B3DAF8A23206F9C4F299D7B21A9C369137F2C84AE1AA0D")),
n, h,
Hex.Decode("4E13CA542744D696E67687561517552F279A8C84")));
}
protected override X9ECParameters CreateParameters()
{
BigInteger n = new BigInteger("20000000000000000000000050508CB89F652824E06B8173", 16);
BigInteger h = BigInteger.ValueOf(4);
ECCurve c2m191v2 = new F2mCurve(
191,
9,
new BigInteger("401028774D7777C7B7666D1366EA432071274F89FF01E718", 16),
new BigInteger("0620048D28BCBD03B6249C99182B7C8CD19700C362C46A01", 16),
n, h);
return(new X9ECParameters(
c2m191v2,
new X9ECPoint(c2m191v2,
Hex.Decode("023809B2B7CC1B28CC5A87926AAD83FD28789E81E2C9E3BF10")),
n, h,
null));
}
protected override X9ECParameters CreateParameters()
{
BigInteger n = new BigInteger("03FFFFFFFFFFFFFFFFFFFDF64DE1151ADBB78F10A7", 16);
BigInteger h = BigInteger.Two;
ECCurve c2m163v2 = new F2mCurve(
163,
1, 2, 8,
new BigInteger("0108B39E77C4B108BED981ED0E890E117C511CF072", 16),
new BigInteger("0667ACEB38AF4E488C407433FFAE4F1C811638DF20", 16),
n, h);
return(new X9ECParameters(
c2m163v2,
new X9ECPoint(c2m163v2,
Hex.Decode("030024266E4EB5106D0A964D92C4860E2671DB9B6CC5")),
n, h,
null));
}
protected override X9ECParameters CreateParameters()
{
BigInteger n = new BigInteger("010092537397ECA4F6145799D62B0A19CE06FE26AD", 16);
BigInteger h = BigInteger.ValueOf(0xFF6E);
ECCurve c2m176w1 = new F2mCurve(
176,
1, 2, 43,
new BigInteger("00E4E6DB2995065C407D9D39B8D0967B96704BA8E9C90B", 16),
new BigInteger("005DDA470ABE6414DE8EC133AE28E9BBD7FCEC0AE0FFF2", 16),
n, h);
return(new X9ECParameters(
c2m176w1,
new X9ECPoint(c2m176w1,
Hex.Decode("038D16C2866798B600F9F08BB4A8E860F3298CE04A5798")),
n, h,
null));
}
protected override X9ECParameters CreateParameters()
{
BigInteger n = new BigInteger("0400000000000000000001E60FC8821CC74DAEAFC1", 16);
BigInteger h = BigInteger.Two;
ECCurve c2m163v1 = new F2mCurve(
163,
1, 2, 8,
new BigInteger("072546B5435234A422E0789675F432C89435DE5242", 16),
new BigInteger("00C9517D06D5240D3CFF38C74B20B6CD4D6F9DD4D9", 16),
n, h);
return(new X9ECParameters(
c2m163v1,
new X9ECPoint(c2m163v1,
Hex.Decode("0307AF69989546103D79329FCC3D74880F33BBE803CB")),
n, h,
Hex.Decode("D2C0FB15760860DEF1EEF4D696E6768756151754")));
}
/* *
* Multiplies a {@link org.bouncycastle.math.ec.F2mPoint F2mPoint}
* by <code>k</code> using the reduced <code>τ</code>-adic NAF (RTNAF)
* method.
* @param p The F2mPoint to multiply.
* @param k The integer by which to multiply <code>k</code>.
* @return <code>p</code> multiplied by <code>k</code>.
*/
protected override ECPoint MultiplyPositive(ECPoint point, BigInteger k)
{
if (!(point is F2mPoint))
{
throw new ArgumentException("Only F2mPoint can be used in WTauNafMultiplier");
}
F2mPoint p = (F2mPoint)point;
F2mCurve curve = (F2mCurve)p.Curve;
int m = curve.M;
sbyte a = (sbyte)curve.A.ToBigInteger().IntValue;
sbyte mu = curve.GetMu();
BigInteger[] s = curve.GetSi();
ZTauElement rho = Tnaf.PartModReduction(k, m, a, s, mu, (sbyte)10);
return(MultiplyWTnaf(p, rho, curve.GetPreCompInfo(p, PRECOMP_NAME), a, mu));
}
protected override X9ECParameters CreateParameters()
{
BigInteger n = new BigInteger("0340340340340340340340340340340340340340340340340340340323C313FAB50589703B5EC68D3587FEC60D161CC149C1AD4A91", 16);
BigInteger h = BigInteger.ValueOf(0x2760);
ECCurve c2m431r1 = new F2mCurve(
431,
120,
new BigInteger("1A827EF00DD6FC0E234CAF046C6A5D8A85395B236CC4AD2CF32A0CADBDC9DDF620B0EB9906D0957F6C6FEACD615468DF104DE296CD8F", 16),
new BigInteger("10D9B4A3D9047D8B154359ABFB1B7F5485B04CEB868237DDC9DEDA982A679A5A919B626D4E50A8DD731B107A9962381FB5D807BF2618", 16),
n, h);
return(new X9ECParameters(
c2m431r1,
new X9ECPoint(c2m431r1,
Hex.Decode("02120FC05D3C67A99DE161D2F4092622FECA701BE4F50F4758714E8A87BBF2A658EF8C21E7C5EFE965361F6C2999C0C247B0DBD70CE6B7")),
n, h,
null));
}
protected override X9ECParameters CreateParameters()
{
BigInteger n = new BigInteger("010090512DA9AF72B08349D98A5DD4C7B0532ECA51CE03E2D10F3B7AC579BD87E909AE40A6F131E9CFCE5BD967", 16);
BigInteger h = BigInteger.ValueOf(0xFF70);
ECCurve c2m368w1 = new F2mCurve(
368,
1, 2, 85,
new BigInteger("00E0D2EE25095206F5E2A4F9ED229F1F256E79A0E2B455970D8D0D865BD94778C576D62F0AB7519CCD2A1A906AE30D", 16),
new BigInteger("00FC1217D4320A90452C760A58EDCD30C8DD069B3C34453837A34ED50CB54917E1C2112D84D164F444F8F74786046A", 16),
n, h);
return(new X9ECParameters(
c2m368w1,
new X9ECPoint(c2m368w1,
Hex.Decode("021085E2755381DCCCE3C1557AFA10C2F0C0C2825646C5B34A394CBCFA8BC16B22E7E789E927BE216F02E1FB136A5F")),
n, h,
null));
}
protected override X9ECParameters CreateParameters()
{
BigInteger n = new BigInteger("01AF286BCA1AF286BCA1AF286BCA1AF286BCA1AF286BC9FB8F6B85C556892C20A7EB964FE7719E74F490758D3B", 16);
BigInteger h = BigInteger.ValueOf(0x4C);
ECCurve c2m359v1 = new F2mCurve(
359,
68,
new BigInteger("5667676A654B20754F356EA92017D946567C46675556F19556A04616B567D223A5E05656FB549016A96656A557", 16),
new BigInteger("2472E2D0197C49363F1FE7F5B6DB075D52B6947D135D8CA445805D39BC345626089687742B6329E70680231988", 16),
n, h);
return(new X9ECParameters(
c2m359v1,
new X9ECPoint(c2m359v1,
Hex.Decode("033C258EF3047767E7EDE0F1FDAA79DAEE3841366A132E163ACED4ED2401DF9C6BDCDE98E8E707C07A2239B1B097")),
n, h,
null));
}
/**
* Multiplies a {@link org.bouncycastle.math.ec.F2mPoint F2mPoint}
* by an element <code>λ</code> of <code><b>Z</b>[τ]</code>
* using the <code>τ</code>-adic NAF (TNAF) method, given the TNAF
* of <code>λ</code>.
* @param p The F2mPoint to Multiply.
* @param u The the TNAF of <code>λ</code>..
* @return <code>λ * p</code>
*/
public static F2mPoint MultiplyFromTnaf(F2mPoint p, sbyte[] u)
{
F2mCurve curve = (F2mCurve)p.Curve;
F2mPoint q = (F2mPoint)curve.Infinity;
for (int i = u.Length - 1; i >= 0; i--)
{
q = Tau(q);
if (u[i] == 1)
{
q = (F2mPoint)q.AddSimple(p);
}
else if (u[i] == -1)
{
q = (F2mPoint)q.SubtractSimple(p);
}
}
return(q);
}
/**
* Multiplies a {@link org.bouncycastle.math.ec.F2mPoint F2mPoint}
* by an element <code>λ</code> of <code><b>Z</b>[τ]</code>
* using the window <code>τ</code>-adic NAF (TNAF) method, given the
* WTNAF of <code>λ</code>.
* @param p The F2mPoint to multiply.
* @param u The the WTNAF of <code>λ</code>..
* @return <code>λ * p</code>
*/
private static F2mPoint MultiplyFromWTnaf(F2mPoint p, sbyte[] u, PreCompInfo preCompInfo)
{
F2mCurve curve = (F2mCurve)p.Curve;
sbyte a = (sbyte)curve.A.ToBigInteger().IntValue;
F2mPoint[] pu;
if ((preCompInfo == null) || !(preCompInfo is WTauNafPreCompInfo))
{
pu = Tnaf.GetPreComp(p, a);
WTauNafPreCompInfo pre = new WTauNafPreCompInfo();
pre.PreComp = pu;
curve.SetPreCompInfo(p, PRECOMP_NAME, pre);
}
else
{
pu = ((WTauNafPreCompInfo)preCompInfo).PreComp;
}
// q = infinity
F2mPoint q = (F2mPoint)curve.Infinity;
for (int i = u.Length - 1; i >= 0; i--)
{
q = Tnaf.Tau(q);
sbyte ui = u[i];
if (ui != 0)
{
if (ui > 0)
{
q = q.AddSimple(pu[ui]);
}
else
{
// u[i] < 0
q = q.SubtractSimple(pu[-ui]);
}
}
}
return(q);
}
/**
* Returns the parameter <code>μ</code> of the elliptic curve.
* @param curve The elliptic curve from which to obtain <code>μ</code>.
* The curve must be a Koblitz curve, i.e. <code>a</code> Equals
* <code>0</code> or <code>1</code> and <code>b</code> Equals
* <code>1</code>.
* @return <code>μ</code> of the elliptic curve.
* @throws ArgumentException if the given ECCurve is not a Koblitz
* curve.
*/
public static sbyte GetMu(F2mCurve curve)
{
BigInteger a = curve.A.ToBigInteger();
sbyte mu;
if (a.SignValue == 0)
{
mu = -1;
}
else if (a.Equals(BigInteger.One))
{
mu = 1;
}
else
{
throw new ArgumentException("No Koblitz curve (ABC), TNAF multiplication not possible");
}
return(mu);
}
/**
* Multiplies a {@link Al.Security.math.ec.F2mPoint F2mPoint}
* by <code>k</code> using the reduced <code>τ</code>-adic NAF (RTNAF)
* method.
* @param p The F2mPoint to multiply.
* @param k The integer by which to multiply <code>k</code>.
* @return <code>p</code> multiplied by <code>k</code>.
*/
public ECPoint Multiply(ECPoint point, BigInteger k, PreCompInfo preCompInfo)
{
if (!(point is F2mPoint))
{
throw new ArgumentException("Only F2mPoint can be used in WTauNafMultiplier");
}
F2mPoint p = (F2mPoint)point;
F2mCurve curve = (F2mCurve)p.Curve;
int m = curve.M;
sbyte a = (sbyte)curve.A.ToBigInteger().IntValue;
sbyte mu = curve.GetMu();
BigInteger[] s = curve.GetSi();
ZTauElement rho = Tnaf.PartModReduction(k, m, a, s, mu, (sbyte)10);
return(MultiplyWTnaf(p, rho, preCompInfo, a, mu));
}
// 7.3 Вычисление базовой точки эллиптической кривой
static F2mPoint computeBasePoint(F2mCurve curve)
{
while (true)
{
// 1. Вычисляем случайную точку кривой согласно 6.8.
var p = computeRandomPoint(curve);
// 2. Вычисляем точку r = n * P;
var n = curve.N;
var r = p.Multiply(n);
if (r.X != null || r.Y != null)
{
continue;
}
return(p);
}
}
private void DoVerifyBoundsCheck()
{
BigInteger SM2_ECC_A = new BigInteger("00", 16);
BigInteger SM2_ECC_B = new BigInteger("E78BCD09746C202378A7E72B12BCE00266B9627ECB0B5A25367AD1AD4CC6242B", 16);
BigInteger SM2_ECC_N = new BigInteger("7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFBC972CF7E6B6F900945B3C6A0CF6161D", 16);
BigInteger SM2_ECC_GX = new BigInteger("00CDB9CA7F1E6B0441F658343F4B10297C0EF9B6491082400A62E7A7485735FADD", 16);
BigInteger SM2_ECC_GY = new BigInteger("013DE74DA65951C4D76DC89220D5F7777A611B1C38BAE260B175951DC8060C2B3E", 16);
ECCurve curve = new F2mCurve(257, 12, SM2_ECC_A, SM2_ECC_B);
ECPoint g = curve.CreatePoint(SM2_ECC_GX, SM2_ECC_GY);
ECDomainParameters domainParams = new ECDomainParameters(curve, g, SM2_ECC_N);
ECKeyGenerationParameters keyGenerationParams = new ECKeyGenerationParameters(domainParams, new TestRandomBigInteger("771EF3DBFF5F1CDC32B9C572930476191998B2BF7CB981D7F5B39202645F0931", 16));
ECKeyPairGenerator keyPairGenerator = new ECKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParams);
AsymmetricCipherKeyPair kp = keyPairGenerator.GenerateKeyPair();
ECPublicKeyParameters ecPub = (ECPublicKeyParameters)kp.Public;
SM2Signer signer = new SM2Signer();
signer.Init(false, ecPub);
signer.BlockUpdate(new byte[20], 0, 20);
IsTrue(!signer.VerifySignature(Encode(BigInteger.Zero, BigInteger.ValueOf(8))));
signer.BlockUpdate(new byte[20], 0, 20);
IsTrue(!signer.VerifySignature(Encode(BigInteger.ValueOf(8), BigInteger.Zero)));
signer.BlockUpdate(new byte[20], 0, 20);
IsTrue(!signer.VerifySignature(Encode(SM2_ECC_N, BigInteger.ValueOf(8))));
signer.BlockUpdate(new byte[20], 0, 20);
IsTrue(!signer.VerifySignature(Encode(BigInteger.ValueOf(8), SM2_ECC_N)));
}
public X9ECParameters(
ECCurve curve,
ECPoint g,
BigInteger n,
BigInteger h,
byte[] seed)
{
this.curve = curve;
this.g = g;
this.n = n;
this.h = h;
this.seed = seed;
if (curve is FpCurve)
{
this.fieldID = new X9FieldID(((FpCurve)curve).Q);
}
else if (curve is F2mCurve)
{
F2mCurve curveF2m = (F2mCurve)curve;
this.fieldID = new X9FieldID(curveF2m.M, curveF2m.K1,
curveF2m.K2, curveF2m.K3);
}
}
// 6.8. Вычисление случайной точки эллиптической кривой
static F2mPoint computeRandomPoint(F2mCurve curve)
{
// 1. Вычислим случайный элемент основного поля
BigInteger u = RNG.GetRandomInteger(curve.M);
var u__element = new F2mFieldElement(curve.M, curve.K1, curve.K2, curve.K3, u);
var a__element = new F2mFieldElement(curve.M, curve.K1, curve.K2, curve.K3, curve.A.ToBigInteger());
var b__element = new F2mFieldElement(curve.M, curve.K1, curve.K2, curve.K3, curve.B.ToBigInteger());
var au__element = u__element.Multiply(u__element).Multiply(a__element);
// 2. Вычисляем элемент основного поля w = u ^ 3 + A u ^ 2 + B
var w__element = u__element.Multiply(u__element).Multiply(u__element).Add(au__element).Add(b__element);
// 3. Решаем квадратное уравнение z^2 + uz = w
var z__element = quadraticEquation(curve, u__element.ToBigInteger(), w__element.ToBigInteger());
// 5. Принимают x = u, y = z
var point = new F2mPoint(curve, u__element, z__element);
return(point);
}
public void TestECDsa239bitBinaryAndLargeDigest()
{
BigInteger r = new BigInteger("21596333210419611985018340039034612628818151486841789642455876922391552");
BigInteger s = new BigInteger("144940322424411242416373536877786566515839911620497068645600824084578597");
byte[] kData = BigIntegers.AsUnsignedByteArray(
new BigInteger("171278725565216523967285789236956265265265235675811949404040041670216363"));
SecureRandom k = FixedSecureRandom.From(kData);
F2mCurve curve = new F2mCurve(
239, // m
36, //k
new BigInteger("32010857077C5431123A46B808906756F543423E8D27877578125778AC76", 16), // a
new BigInteger("790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16", 16)); // b
ECDomainParameters parameters = new ECDomainParameters(
curve,
curve.DecodePoint(
Hex.Decode("0457927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305")), // G
new BigInteger("220855883097298041197912187592864814557886993776713230936715041207411783"), // n
BigInteger.ValueOf(4)); // h
ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
"ECDSA",
new BigInteger("145642755521911534651321230007534120304391871461646461466464667494947990"), // d
parameters);
ECDsaSigner ecdsa = new ECDsaSigner();
ParametersWithRandom param = new ParametersWithRandom(priKey, k);
ecdsa.Init(true, param);
byte[] message = new BigInteger("968236873715988614170569073515315707566766479517968236873715988614170569073515315707566766479517968236873715988614170569073515315707566766479517").ToByteArray();
BigInteger[] sig = ecdsa.GenerateSignature(message);
if (!r.Equals(sig[0]))
{
Fail("r component wrong." + SimpleTest.NewLine
+ " expecting: " + r + SimpleTest.NewLine
+ " got : " + sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail("s component wrong." + SimpleTest.NewLine
+ " expecting: " + s + SimpleTest.NewLine
+ " got : " + sig[1]);
}
// Verify the signature
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
"ECDSA",
curve.DecodePoint(
Hex.Decode("045894609CCECF9A92533F630DE713A958E96C97CCB8F5ABB5A688A238DEED6DC2D9D0C94EBFB7D526BA6A61764175B99CB6011E2047F9F067293F57F5")), // Q
parameters);
ecdsa.Init(false, pubKey);
if (!ecdsa.VerifySignature(message, sig[0], sig[1]))
{
Fail("signature fails");
}
}
public void TestECDsa239BitBinary()
{
BigInteger r = new BigInteger("21596333210419611985018340039034612628818151486841789642455876922391552");
BigInteger s = new BigInteger("197030374000731686738334997654997227052849804072198819102649413465737174");
byte[] kData = new BigInteger("171278725565216523967285789236956265265265235675811949404040041670216363").ToByteArrayUnsigned();
SecureRandom k = FixedSecureRandom.From(kData);
// EllipticCurve curve = new EllipticCurve(
// new ECFieldF2m(239, // m
// new int[] { 36 }), // k
// new BigInteger("32010857077C5431123A46B808906756F543423E8D27877578125778AC76", 16), // a
// new BigInteger("790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16", 16)); // b
ECCurve curve = new F2mCurve(
239, // m
36, // k
new BigInteger("32010857077C5431123A46B808906756F543423E8D27877578125778AC76", 16), // a
new BigInteger("790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16", 16)); // b
ECDomainParameters parameters = new ECDomainParameters(
curve,
// ECPointUtil.DecodePoint(curve, Hex.Decode("0457927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305")), // G
curve.DecodePoint(Hex.Decode("0457927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305")), // G
new BigInteger("220855883097298041197912187592864814557886993776713230936715041207411783"), // n
BigInteger.ValueOf(4)); //4); // h
ECPrivateKeyParameters sKey = new ECPrivateKeyParameters(
"ECDSA",
new BigInteger("145642755521911534651321230007534120304391871461646461466464667494947990"), // d
parameters);
ECPublicKeyParameters vKey = new ECPublicKeyParameters(
"ECDSA",
// ECPointUtil.DecodePoint(curve, Hex.Decode("045894609CCECF9A92533F630DE713A958E96C97CCB8F5ABB5A688A238DEED6DC2D9D0C94EBFB7D526BA6A61764175B99CB6011E2047F9F067293F57F5")), // Q
curve.DecodePoint(Hex.Decode("045894609CCECF9A92533F630DE713A958E96C97CCB8F5ABB5A688A238DEED6DC2D9D0C94EBFB7D526BA6A61764175B99CB6011E2047F9F067293F57F5")), // Q
parameters);
ISigner sgr = SignerUtilities.GetSigner("ECDSA");
// KeyFactory f = KeyFactory.getInstance("ECDSA");
// AsymmetricKeyParameter sKey = f.generatePrivate(priKeySpec);
// AsymmetricKeyParameter vKey = f.generatePublic(pubKeySpec);
byte[] message = new byte[] { (byte)'a', (byte)'b', (byte)'c' };
sgr.Init(true, new ParametersWithRandom(sKey, k));
sgr.BlockUpdate(message, 0, message.Length);
byte[] sigBytes = sgr.GenerateSignature();
sgr.Init(false, vKey);
sgr.BlockUpdate(message, 0, message.Length);
if (!sgr.VerifySignature(sigBytes))
{
Fail("239 Bit EC verification failed");
}
BigInteger[] sig = derDecode(sigBytes);
if (!r.Equals(sig[0]))
{
Fail("r component wrong." + SimpleTest.NewLine
+ " expecting: " + r + SimpleTest.NewLine
+ " got : " + sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail("s component wrong." + SimpleTest.NewLine
+ " expecting: " + s + SimpleTest.NewLine
+ " got : " + sig[1]);
}
}
private void DoKeyExchangeTestF2m()
{
BigInteger SM2_ECC_A = new BigInteger("00", 16);
BigInteger SM2_ECC_B = new BigInteger("E78BCD09746C202378A7E72B12BCE00266B9627ECB0B5A25367AD1AD4CC6242B", 16);
BigInteger SM2_ECC_N = new BigInteger("7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFBC972CF7E6B6F900945B3C6A0CF6161D", 16);
BigInteger SM2_ECC_GX = new BigInteger("00CDB9CA7F1E6B0441F658343F4B10297C0EF9B6491082400A62E7A7485735FADD", 16);
BigInteger SM2_ECC_GY = new BigInteger("013DE74DA65951C4D76DC89220D5F7777A611B1C38BAE260B175951DC8060C2B3E", 16);
BigInteger SM2_ECC_H = BigInteger.ValueOf(4);
ECCurve curve = new F2mCurve(257, 12, SM2_ECC_A, SM2_ECC_B);
ECPoint g = curve.CreatePoint(SM2_ECC_GX, SM2_ECC_GY);
ECDomainParameters domainParams = new ECDomainParameters(curve, g, SM2_ECC_N, SM2_ECC_H);
ECKeyPairGenerator keyPairGenerator = new ECKeyPairGenerator();
ECKeyGenerationParameters aKeyGenParams = new ECKeyGenerationParameters(domainParams, new TestRandomBigInteger("4813903D254F2C20A94BC5704238496954BB5279F861952EF2C5298E84D2CEAA", 16));
keyPairGenerator.Init(aKeyGenParams);
AsymmetricCipherKeyPair aKp = keyPairGenerator.GenerateKeyPair();
ECPublicKeyParameters aPub = (ECPublicKeyParameters)aKp.Public;
ECPrivateKeyParameters aPriv = (ECPrivateKeyParameters)aKp.Private;
ECKeyGenerationParameters aeKeyGenParams = new ECKeyGenerationParameters(domainParams, new TestRandomBigInteger("54A3D6673FF3A6BD6B02EBB164C2A3AF6D4A4906229D9BFCE68CC366A2E64BA4", 16));
keyPairGenerator.Init(aeKeyGenParams);
AsymmetricCipherKeyPair aeKp = keyPairGenerator.GenerateKeyPair();
ECPublicKeyParameters aePub = (ECPublicKeyParameters)aeKp.Public;
ECPrivateKeyParameters aePriv = (ECPrivateKeyParameters)aeKp.Private;
ECKeyGenerationParameters bKeyGenParams = new ECKeyGenerationParameters(domainParams, new TestRandomBigInteger("08F41BAE0922F47C212803FE681AD52B9BF28A35E1CD0EC273A2CF813E8FD1DC", 16));
keyPairGenerator.Init(bKeyGenParams);
AsymmetricCipherKeyPair bKp = keyPairGenerator.GenerateKeyPair();
ECPublicKeyParameters bPub = (ECPublicKeyParameters)bKp.Public;
ECPrivateKeyParameters bPriv = (ECPrivateKeyParameters)bKp.Private;
ECKeyGenerationParameters beKeyGenParams = new ECKeyGenerationParameters(domainParams, new TestRandomBigInteger("1F21933387BEF781D0A8F7FD708C5AE0A56EE3F423DBC2FE5BDF6F068C53F7AD", 16));
keyPairGenerator.Init(beKeyGenParams);
AsymmetricCipherKeyPair beKp = keyPairGenerator.GenerateKeyPair();
ECPublicKeyParameters bePub = (ECPublicKeyParameters)beKp.Public;
ECPrivateKeyParameters bePriv = (ECPrivateKeyParameters)beKp.Private;
SM2KeyExchange exch = new SM2KeyExchange();
exch.Init(new ParametersWithID(new SM2KeyExchangePrivateParameters(true, aPriv, aePriv), Strings.ToByteArray("*****@*****.**")));
byte[] k1 = exch.CalculateKey(128, new ParametersWithID(new SM2KeyExchangePublicParameters(bPub, bePub), Strings.ToByteArray("*****@*****.**")));
// there appears to be typo for ZA in the draft
//IsTrue("F2m key 1 wrong", Arrays.AreEqual(Hex.Decode("4E587E5C66634F22D973A7D98BF8BE23"), k1));
IsTrue("F2m key 1 wrong", Arrays.AreEqual(Hex.Decode("8c2b03289aa7126555dc660cfc29fd74"), k1));
exch = new SM2KeyExchange();
exch.Init(new ParametersWithID(new SM2KeyExchangePrivateParameters(false, bPriv, bePriv), Strings.ToByteArray("*****@*****.**")));
byte[] k2 = exch.CalculateKey(128, new ParametersWithID(new SM2KeyExchangePublicParameters(aPub, aePub), Strings.ToByteArray("*****@*****.**")));
//IsTrue("F2m key 2 wrong", Arrays.AreEqual(Hex.Decode("4E587E5C66634F22D973A7D98BF8BE23"), k2));
IsTrue("F2m key 2 wrong", Arrays.AreEqual(Hex.Decode("8c2b03289aa7126555dc660cfc29fd74"), k2));
// with key confirmation
exch = new SM2KeyExchange();
exch.Init(new ParametersWithID(new SM2KeyExchangePrivateParameters(false, bPriv, bePriv), Strings.ToByteArray("*****@*****.**")));
byte[][] vals2 = exch.CalculateKeyWithConfirmation(128, null, new ParametersWithID(new SM2KeyExchangePublicParameters(aPub, aePub), Strings.ToByteArray("*****@*****.**")));
IsTrue("key 2 wrong", Arrays.AreEqual(Hex.Decode("8c2b03289aa7126555dc660cfc29fd74"), k2));
IsTrue("conf a tag 2 wrong", Arrays.AreEqual(Hex.Decode("d8294c4c0f0ac180feac95e8a0d786638c9e915b9a684b2348809af03a0de2a5"), vals2[1]));
IsTrue("conf b tag 2 wrong", Arrays.AreEqual(Hex.Decode("52089e706911b58fd5e7c7b2ab5cf32bb61e481ef1e114a1e33d99eec84b5a4f"), vals2[2]));
exch = new SM2KeyExchange();
exch.Init(new ParametersWithID(new SM2KeyExchangePrivateParameters(true, aPriv, aePriv), Strings.ToByteArray("*****@*****.**")));
byte[][] vals1 = exch.CalculateKeyWithConfirmation(128, vals2[1], new ParametersWithID(new SM2KeyExchangePublicParameters(bPub, bePub), Strings.ToByteArray("*****@*****.**")));
IsTrue("conf key 1 wrong", Arrays.AreEqual(Hex.Decode("8c2b03289aa7126555dc660cfc29fd74"), vals1[0]));
IsTrue("conf tag 1 wrong", Arrays.AreEqual(Hex.Decode("52089e706911b58fd5e7c7b2ab5cf32bb61e481ef1e114a1e33d99eec84b5a4f"), vals1[1]));
}
/**
* Computes the auxiliary values <code>s<sub>0</sub></code> and
* <code>s<sub>1</sub></code> used for partial modular reduction.
* @param curve The elliptic curve for which to compute
* <code>s<sub>0</sub></code> and <code>s<sub>1</sub></code>.
* @throws ArgumentException if <code>curve</code> is not a
* Koblitz curve (Anomalous Binary Curve, ABC).
*/
public static BigInteger[] GetSi(F2mCurve curve)
{
if (!curve.IsKoblitz)
throw new ArgumentException("si is defined for Koblitz curves only");
int m = curve.M;
int a = curve.A.ToBigInteger().IntValue;
sbyte mu = curve.GetMu();
int h = curve.H.IntValue;
int index = m + 3 - a;
BigInteger[] ui = GetLucas(mu, index, false);
BigInteger dividend0;
BigInteger dividend1;
if (mu == 1)
{
dividend0 = BigInteger.One.Subtract(ui[1]);
dividend1 = BigInteger.One.Subtract(ui[0]);
}
else if (mu == -1)
{
dividend0 = BigInteger.One.Add(ui[1]);
dividend1 = BigInteger.One.Add(ui[0]);
}
else
{
throw new ArgumentException("mu must be 1 or -1");
}
BigInteger[] si = new BigInteger[2];
if (h == 2)
{
si[0] = dividend0.ShiftRight(1);
si[1] = dividend1.ShiftRight(1).Negate();
}
else if (h == 4)
{
si[0] = dividend0.ShiftRight(2);
si[1] = dividend1.ShiftRight(2).Negate();
}
else
{
throw new ArgumentException("h (Cofactor) must be 2 or 4");
}
return si;
}
/**
* Returns the parameter <code>μ</code> of the elliptic curve.
* @param curve The elliptic curve from which to obtain <code>μ</code>.
* The curve must be a Koblitz curve, i.e. <code>a</code> Equals
* <code>0</code> or <code>1</code> and <code>b</code> Equals
* <code>1</code>.
* @return <code>μ</code> of the elliptic curve.
* @throws ArgumentException if the given ECCurve is not a Koblitz
* curve.
*/
public static sbyte GetMu(F2mCurve curve)
{
BigInteger a = curve.A.ToBigInteger();
sbyte mu;
if (a.Sign == 0)
{
mu = -1;
}
else if (a.Equals(BigInteger.One))
{
mu = 1;
}
else
{
throw new ArgumentException("No Koblitz curve (ABC), TNAF multiplication not possible");
}
return mu;
}
public static AsymmetricKeyParameter CreateKey(
SubjectPublicKeyInfo keyInfo)
{
AlgorithmIdentifier algID = keyInfo.AlgorithmID;
if (algID.ObjectID.Equals(PkcsObjectIdentifiers.RsaEncryption) ||
algID.ObjectID.Equals(X509ObjectIdentifiers.IdEARsa))
{
RsaPublicKeyStructure pubKey = RsaPublicKeyStructure.GetInstance(keyInfo.GetPublicKey());
return(new RsaKeyParameters(false, pubKey.Modulus, pubKey.PublicExponent));
}
else if (algID.ObjectID.Equals(PkcsObjectIdentifiers.DhKeyAgreement) ||
algID.ObjectID.Equals(X9ObjectIdentifiers.DHPublicNumber))
{
DHParameter para = new DHParameter((Asn1Sequence)keyInfo.AlgorithmID.Parameters);
DerInteger derY = (DerInteger)keyInfo.GetPublicKey();
return(new DHPublicKeyParameters(derY.Value, new DHParameters(para.P, para.G)));
}
else if (algID.ObjectID.Equals(OiwObjectIdentifiers.ElGamalAlgorithm))
{
ElGamalParameter para = new ElGamalParameter((Asn1Sequence)keyInfo.AlgorithmID.Parameters);
DerInteger derY = (DerInteger)keyInfo.GetPublicKey();
return(new ElGamalPublicKeyParameters(derY.Value, new ElGamalParameters(para.P, para.G)));
}
else if (algID.ObjectID.Equals(X9ObjectIdentifiers.IdDsa) ||
algID.ObjectID.Equals(OiwObjectIdentifiers.DsaWithSha1))
{
DsaParameter para = DsaParameter.GetInstance(keyInfo.AlgorithmID.Parameters);
DerInteger derY = (DerInteger)keyInfo.GetPublicKey();
return(new DsaPublicKeyParameters(derY.Value, new DsaParameters(para.P, para.Q, para.G)));
}
else if (algID.ObjectID.Equals(X9ObjectIdentifiers.IdECPublicKey))
{
X962Parameters para = new X962Parameters((Asn1Object)keyInfo.AlgorithmID.Parameters);
ECDomainParameters dParams = null;
if (para.IsNamedCurve)
{
DerObjectIdentifier oid = (DerObjectIdentifier)para.Parameters;
X9ECParameters ecP = X962NamedCurves.GetByOid(oid);
if (ecP == null)
{
ecP = SecNamedCurves.GetByOid(oid);
if (ecP == null)
{
ecP = NistNamedCurves.GetByOid(oid);
}
}
dParams = new ECDomainParameters(
ecP.Curve,
ecP.G,
ecP.N,
ecP.H,
ecP.GetSeed());
}
else
{
X9ECParameters ecP = new X9ECParameters((Asn1Sequence)para.Parameters.ToAsn1Object());
dParams = new ECDomainParameters(
ecP.Curve,
ecP.G,
ecP.N,
ecP.H,
ecP.GetSeed());
}
DerBitString bits = keyInfo.PublicKeyData;
byte[] data = bits.GetBytes();
Asn1OctetString key = new DerOctetString(data);
X9ECPoint derQ = new X9ECPoint(dParams.Curve, key);
return(new ECPublicKeyParameters(derQ.Point, dParams));
}
else if (algID.ObjectID.Equals(CryptoProObjectIdentifiers.GostR3410x2001))
{
Gost3410PublicKeyAlgParameters gostParams = new Gost3410PublicKeyAlgParameters(
(Asn1Sequence)algID.Parameters);
Asn1OctetString key;
try
{
key = (Asn1OctetString)keyInfo.GetPublicKey();
}
catch (IOException)
{
throw new ArgumentException("invalid info structure in GOST3410 public key");
}
byte[] keyEnc = key.GetOctets();
byte[] x = new byte[32];
byte[] y = new byte[32];
for (int i = 0; i != y.Length; i++)
{
x[i] = keyEnc[32 - 1 - i];
}
for (int i = 0; i != x.Length; i++)
{
y[i] = keyEnc[64 - 1 - i];
}
ECDomainParameters ecP = ECGost3410NamedCurves.GetByOid(gostParams.PublicKeyParamSet);
if (ecP == null)
{
return(null);
}
ECCurve curve = ecP.Curve;
ECPoint q;
if (curve is FpCurve)
{
FpCurve curveFp = (FpCurve)curve;
q = new FpPoint(
curveFp,
new FpFieldElement(curveFp.Q, new BigInteger(1, x)),
new FpFieldElement(curveFp.Q, new BigInteger(1, y)));
}
else
{
F2mCurve curveF2m = (F2mCurve)curve;
q = new F2mPoint(
curveF2m,
new F2mFieldElement(curveF2m.M, curveF2m.K1, curveF2m.K2, curveF2m.K3, new BigInteger(1, x)),
new F2mFieldElement(curveF2m.M, curveF2m.K1, curveF2m.K2, curveF2m.K3, new BigInteger(1, y)),
false);
}
return(new ECPublicKeyParameters(q, gostParams.PublicKeyParamSet));
}
else if (algID.ObjectID.Equals(CryptoProObjectIdentifiers.GostR3410x94))
{
Gost3410PublicKeyAlgParameters algParams = new Gost3410PublicKeyAlgParameters(
(Asn1Sequence)algID.Parameters);
DerOctetString derY;
try
{
derY = (DerOctetString)keyInfo.GetPublicKey();
}
catch (IOException)
{
throw new ArgumentException("invalid info structure in GOST3410 public key");
}
byte[] keyEnc = derY.GetOctets();
byte[] keyBytes = new byte[keyEnc.Length];
for (int i = 0; i != keyEnc.Length; i++)
{
keyBytes[i] = keyEnc[keyEnc.Length - 1 - i]; // was little endian
}
BigInteger y = new BigInteger(1, keyBytes);
return(new Gost3410PublicKeyParameters(y, algParams.PublicKeyParamSet));
}
else
{
throw new SecurityUtilityException("algorithm identifier in key not recognised: " + algID.ObjectID);
}
}
public void TestGeneration()
{
ISigner s = SignerUtilities.GetSigner("DSA");
byte[] data = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 0 };
SecureRandom rand = new SecureRandom();
// KeyPairGenerator g = KeyPairGenerator.GetInstance("DSA");
IAsymmetricCipherKeyPairGenerator g = GeneratorUtilities.GetKeyPairGenerator("DSA");
// test exception
//
doTestBadStrength(513);
doTestBadStrength(510);
doTestBadStrength(1025);
//g.initialize(512, rand);
{
DsaParametersGenerator pGen = new DsaParametersGenerator();
pGen.Init(512, 80, rand);
g.Init(new DsaKeyGenerationParameters(rand, pGen.GenerateParameters()));
}
AsymmetricCipherKeyPair p = g.GenerateKeyPair();
AsymmetricKeyParameter sKey = p.Private;
AsymmetricKeyParameter vKey = p.Public;
s.Init(true, sKey);
s.BlockUpdate(data, 0, data.Length);
byte[] sigBytes = s.GenerateSignature();
s = SignerUtilities.GetSigner("DSA");
s.Init(false, vKey);
s.BlockUpdate(data, 0, data.Length);
if (!s.VerifySignature(sigBytes))
{
Fail("DSA verification failed");
}
//
// ECDSA Fp generation test
//
s = SignerUtilities.GetSigner("ECDSA");
ECCurve curve = new FpCurve(
new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"), // q
new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16), // a
new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16)); // b
ECDomainParameters ecSpec = new ECDomainParameters(
curve,
curve.DecodePoint(Hex.Decode("020ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf")), // G
new BigInteger("883423532389192164791648750360308884807550341691627752275345424702807307")); // n
g = GeneratorUtilities.GetKeyPairGenerator("ECDSA");
g.Init(new ECKeyGenerationParameters(ecSpec, rand));
p = g.GenerateKeyPair();
sKey = p.Private;
vKey = p.Public;
s.Init(true, sKey);
s.BlockUpdate(data, 0, data.Length);
sigBytes = s.GenerateSignature();
s = SignerUtilities.GetSigner("ECDSA");
s.Init(false, vKey);
s.BlockUpdate(data, 0, data.Length);
if (!s.VerifySignature(sigBytes))
{
Fail("ECDSA verification failed");
}
//
// ECDSA F2m generation test
//
s = SignerUtilities.GetSigner("ECDSA");
curve = new F2mCurve(
239, // m
36, // k
new BigInteger("32010857077C5431123A46B808906756F543423E8D27877578125778AC76", 16), // a
new BigInteger("790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16", 16)); // b
ecSpec = new ECDomainParameters(
curve,
curve.DecodePoint(Hex.Decode("0457927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305")), // G
new BigInteger("220855883097298041197912187592864814557886993776713230936715041207411783"), // n
BigInteger.ValueOf(4)); // h
g = GeneratorUtilities.GetKeyPairGenerator("ECDSA");
g.Init(new ECKeyGenerationParameters(ecSpec, rand));
p = g.GenerateKeyPair();
sKey = p.Private;
vKey = p.Public;
s.Init(true, sKey);
s.BlockUpdate(data, 0, data.Length);
sigBytes = s.GenerateSignature();
s = SignerUtilities.GetSigner("ECDSA");
s.Init(false, vKey);
s.BlockUpdate(data, 0, data.Length);
if (!s.VerifySignature(sigBytes))
{
Fail("ECDSA verification failed");
}
}
public Key(F2mCurve curve, F2mPoint basePoint, F2mPoint publicKey)
{
PublicKey = publicKey;
BasePoint = basePoint;
Curve = curve;
}
