public bool VerifySignature(byte[] message, byte[] signature, byte[] pubkey)
{
if (pubkey.Length == 33 && (pubkey[0] == 0x02 || pubkey[0] == 0x03))
{
try
{
pubkey = ECPoint.DecodePoint(pubkey, ECCurve.Secp256r1).EncodePoint(false).Skip(1).ToArray();
}
catch
{
return false;
}
}
else if (pubkey.Length == 65 && pubkey[0] == 0x04)
{
pubkey = pubkey.Skip(1).ToArray();
}
else if (pubkey.Length != 64)
{
throw new ArgumentException();
}
BigInteger x = new BigInteger(1, pubkey.Take(32).ToArray());
BigInteger y = new BigInteger(1, pubkey.Skip(32).ToArray());
X9ECParameters ecParams = NistNamedCurves.GetByName("P-256");
ECDomainParameters domainParameters = new ECDomainParameters(ecParams.Curve, ecParams.G, ecParams.N,
ecParams.H, ecParams.GetSeed());
var G = ecParams.G;
Org.BouncyCastle.Math.EC.ECCurve curve = ecParams.Curve;
Org.BouncyCastle.Math.EC.ECPoint q = curve.CreatePoint(x, y);
ECPublicKeyParameters pubkeyParam = new ECPublicKeyParameters(q, domainParameters);
var verifier = SignerUtilities.GetSigner("SHA-256withECDSA");
verifier.Init(false, pubkeyParam);
verifier.BlockUpdate(message, 0, message.Length);
// expected format is SEQUENCE {INTEGER r, INTEGER s}
var derSignature = new DerSequence(
// first 32 bytes is "r" number
new DerInteger(new BigInteger(1, signature.Take(32).ToArray())),
// last 32 bytes is "s" number
new DerInteger(new BigInteger(1, signature.Skip(32).ToArray())))
.GetDerEncoded();
///old verify method
///
/*
const int ECDSA_PUBLIC_P256_MAGIC = 0x31534345;
pubkey = BitConverter.GetBytes(ECDSA_PUBLIC_P256_MAGIC).Concat(BitConverter.GetBytes(32)).Concat(pubkey).ToArray();
using (CngKey key = CngKey.Import(pubkey, CngKeyBlobFormat.EccPublicBlob))
using (ECDsaCng ecdsa = new ECDsaCng(key))
{
var result = ecdsa.VerifyData(message, signature, HashAlgorithmName.SHA256);
}
*/
///////////////////
return verifier.VerifySignature(derSignature);
}
public void Init(
KeyGenerationParameters parameters)
{
if (parameters is ECKeyGenerationParameters)
{
ECKeyGenerationParameters ecP = (ECKeyGenerationParameters)parameters;
if (ecP.PublicKeyParamSet != null)
{
if (algorithm != "ECGOST3410")
{
throw new ArgumentException("parameters invalid for algorithm: " + algorithm, "parameters");
}
this.publicKeyParamSet = ecP.PublicKeyParamSet;
}
this.parameters = ecP.DomainParameters;
}
else
{
DerObjectIdentifier oid;
switch (parameters.Strength)
{
case 192:
oid = X9ObjectIdentifiers.Prime192v1;
break;
case 224:
oid = SecObjectIdentifiers.SecP224r1;
break;
case 239:
oid = X9ObjectIdentifiers.Prime239v1;
break;
case 256:
oid = X9ObjectIdentifiers.Prime256v1;
break;
case 384:
oid = SecObjectIdentifiers.SecP384r1;
break;
case 521:
oid = SecObjectIdentifiers.SecP521r1;
break;
default:
throw new InvalidParameterException("unknown key size.");
}
X9ECParameters ecps = X962NamedCurves.GetByOid(oid);
this.parameters = new ECDomainParameters(
ecps.Curve, ecps.G, ecps.N, ecps.H, ecps.GetSeed());
}
this.random = parameters.Random;
}
// private static readonly Hashtable CurveNames = new Hashtable();
// private static readonly Hashtable CurveAliases = new Hashtable();
//
// static NamedCurveTest()
// {
// CurveNames.Add("prime192v1", "prime192v1"); // X9.62
// CurveNames.Add("sect571r1", "sect571r1"); // sec
// CurveNames.Add("secp224r1", "secp224r1");
// CurveNames.Add("B-409", SecNamedCurves.GetName(NistNamedCurves.GetOid("B-409"))); // nist
// CurveNames.Add("P-521", SecNamedCurves.GetName(NistNamedCurves.GetOid("P-521")));
// CurveNames.Add("brainpoolp160r1", "brainpoolp160r1"); // TeleTrusT
//
// CurveAliases.Add("secp192r1", "prime192v1");
// CurveAliases.Add("secp256r1", "prime256v1");
// }
private static ECDomainParameters GetCurveParameters(
string name)
{
ECDomainParameters ecdp = ECGost3410NamedCurves.GetByName(name);
if (ecdp != null)
{
return(ecdp);
}
X9ECParameters ecP = X962NamedCurves.GetByName(name);
if (ecP == null)
{
ecP = SecNamedCurves.GetByName(name);
if (ecP == null)
{
ecP = NistNamedCurves.GetByName(name);
if (ecP == null)
{
ecP = TeleTrusTNamedCurves.GetByName(name);
if (ecP == null)
{
throw new Exception("unknown curve name: " + name);
}
}
}
}
return(new ECDomainParameters(ecP.Curve, ecP.G, ecP.N, ecP.H, ecP.GetSeed()));
}
public static ECDomainParameters GetParametersForNamedCurve(int namedCurve)
{
string curveName = GetNameOfNamedCurve(namedCurve);
if (curveName == null)
{
return(null);
}
// Parameters are lazily created the first time a particular curve is accessed
X9ECParameters ecP = CustomNamedCurves.GetByName(curveName);
if (ecP == null)
{
ecP = ECNamedCurveTable.GetByName(curveName);
if (ecP == null)
{
return(null);
}
}
// It's a bit inefficient to do this conversion every time
return(new ECDomainParameters(ecP.Curve, ecP.G, ecP.N, ecP.H, ecP.GetSeed()));
}
//Method to generate RSA Key Pair
#region RSA KeyPair Generation Method
public static AsymmetricCipherKeyPair GetKeyPair(string type)
{
//bouncy Castle librray Method to generate RSA Key Pair
if (type == "RSA")
{
SecureRandom secureRandom = new SecureRandom();
var keyGenerationParameters = new KeyGenerationParameters(secureRandom, RsaKeySize);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
//returning keys
AsymmetricCipherKeyPair keypair = keyPairGenerator.GenerateKeyPair();
return(keypair);
}
else
{
SecureRandom secureRandom = new SecureRandom();
ECKeyPairGenerator gen = new ECKeyPairGenerator("ECDSA");
//selecting the Secp256k1 curve
DerObjectIdentifier oid = SecObjectIdentifiers.SecP256k1;
X9ECParameters ecPs = CustomNamedCurves.GetByOid(oid);
ECDomainParameters ec = new ECDomainParameters(
ecPs.Curve, ecPs.G, ecPs.N, ecPs.H, ecPs.GetSeed());
ECKeyGenerationParameters ecP = new ECKeyGenerationParameters(ec, secureRandom);
gen.Init(ecP);
return(gen.GenerateKeyPair());
}
}
private bool VerifyEcDsa(IDigest digest, X9ECParameters curveParameter, byte[] buffer, int length, byte[] signature)
{
int digestSize = digest.GetDigestSize();
ECDomainParameters dParams = new ECDomainParameters(
curveParameter.Curve,
curveParameter.G,
curveParameter.N,
curveParameter.H,
curveParameter.GetSeed());
ECPoint q = dParams.Curve.CreatePoint(new BigInteger(1, PublicKey, 0, digestSize), new BigInteger(1, PublicKey, digestSize, digestSize), false);
ECPublicKeyParameters parameters = new ECPublicKeyParameters(q, dParams);
var signer = new ECDsaSigner();
signer.Init(false, parameters);
digest.BlockUpdate(buffer, 0, length);
byte[] hash = new byte[digest.GetDigestSize()];
digest.DoFinal(hash, 0);
return(signer.VerifySignature(hash, new BigInteger(1, signature, 0, digestSize), new BigInteger(1, signature, digestSize, digestSize)));
}
internal static ECDomainParameters LookupParameters(
DerObjectIdentifier publicKeyParamSet)
{
if (publicKeyParamSet == null)
{
throw new ArgumentNullException("publicKeyParamSet");
}
#if !LITE
ECDomainParameters p = ECGost3410NamedCurves.GetByOid(publicKeyParamSet);
if (p == null)
#else
ECDomainParameters p;
#endif
{
X9ECParameters x9 = ECKeyPairGenerator.FindECCurveByOid(publicKeyParamSet);
if (x9 == null)
{
throw new ArgumentException("OID is not a valid public key parameter set", "publicKeyParamSet");
}
p = new ECDomainParameters(x9.Curve, x9.G, x9.N, x9.H, x9.GetSeed());
}
return(p);
}
public void Init(
KeyGenerationParameters parameters)
{
if (parameters is ECKeyGenerationParameters)
{
ECKeyGenerationParameters ecP = (ECKeyGenerationParameters)parameters;
this.publicKeyParamSet = ecP.PublicKeyParamSet;
this.parameters = ecP.DomainParameters;
}
else
{
DerObjectIdentifier oid;
switch (parameters.Strength)
{
case 192:
oid = X9ObjectIdentifiers.Prime192v1;
break;
case 224:
oid = SecObjectIdentifiers.SecP224r1;
break;
case 239:
oid = X9ObjectIdentifiers.Prime239v1;
break;
case 256:
oid = X9ObjectIdentifiers.Prime256v1;
break;
case 384:
oid = SecObjectIdentifiers.SecP384r1;
break;
case 521:
oid = SecObjectIdentifiers.SecP521r1;
break;
default:
throw new InvalidParameterException("unknown key size.");
}
X9ECParameters ecps = FindECCurveByOid(oid);
this.publicKeyParamSet = oid;
this.parameters = new ECDomainParameters(
ecps.Curve, ecps.G, ecps.N, ecps.H, ecps.GetSeed());
}
this.random = parameters.Random;
if (this.random == null)
{
this.random = new SecureRandom();
}
}
public override bool VerifyData(ProtocolVersion version, byte[] data, HashAlgorithm hashAlgorithm, CertificatePublicKey publicKey, byte[] signature)
{
if (!CertificateKeyAlgorithm.Equals(publicKey.Oid))
{
throw new Exception("ECDSA signature verification requires ECDSA public key");
}
// Decode the public key parameters
string curveOid = DER2OID(publicKey.Parameters);
if (curveOid == null)
{
throw new Exception("Unsupported ECDSA public key parameters");
}
// Get parameters from the curve OID
X9ECParameters ecParams = SecNamedCurves.GetByOid(new DerObjectIdentifier(curveOid));
if (ecParams == null)
{
throw new Exception("Unsupported ECC curve type OID: " + curveOid);
}
// Construct domain parameters
ECDomainParameters domainParameters = new ECDomainParameters(ecParams.Curve,
ecParams.G, ecParams.N, ecParams.H,
ecParams.GetSeed());
// Decode the public key data
byte[] ecPointData = publicKey.KeyValue;
if (ecPointData[0] != 0x04)
{
throw new Exception("Only uncompressed ECDSA keys supported, format: " + ecPointData[0]);
}
ECPoint ecPoint = domainParameters.Curve.DecodePoint(ecPointData);
ECPublicKeyParameters theirPublicKey = new ECPublicKeyParameters(ecPoint, domainParameters);
// Hash input data buffer
byte[] dataHash;
if (hashAlgorithm == null)
{
dataHash = TLSv1HashData(data);
}
else
{
dataHash = hashAlgorithm.ComputeHash(data);
}
// Actually verify the signature
BigInteger[] sig = DERDecodeSignature(signature);
ECDsaSigner signer = new ECDsaSigner();
signer.Init(false, theirPublicKey);
return(signer.VerifySignature(dataHash, sig[0], sig[1]));
}
private ECPrivateKeyParameters RecreatePrivateKeyFromByteArray
(KeyType keyType, byte[] rawPrivateKey)
{
X9ECParameters lCurve = GetCurveFromKeyType(keyType);
ECDomainParameters domain = new ECDomainParameters(lCurve.Curve, lCurve.G, lCurve.N,
lCurve.H, lCurve.GetSeed());
BigInteger privD = new BigInteger(1, rawPrivateKey);
return(new ECPrivateKeyParameters("ECDSA", privD, domain));
}
public static byte[] KeyExchange(Uri url)
{
X9ECParameters x9EC = SecNamedCurves.GetByName("secp521r1");
AsymmetricCipherKeyPair aliceKeyPair = GenerateKeyPair(
new ECDomainParameters(x9EC.Curve,
x9EC.G, x9EC.N, x9EC.H, x9EC.GetSeed()));
ECPublicKeyParameters alicePublicKey = (ECPublicKeyParameters)aliceKeyPair.Public;
ECPublicKeyParameters bobPublicKey = GetBobPublicKey(url, x9EC, alicePublicKey);
return(GenerateAESKey(bobPublicKey, aliceKeyPair.Private));
}
// private static readonly Hashtable CurveNames = new Hashtable();
// private static readonly Hashtable CurveAliases = new Hashtable();
//
// static NamedCurveTest()
// {
// CurveNames.Add("prime192v1", "prime192v1"); // X9.62
// CurveNames.Add("sect571r1", "sect571r1"); // sec
// CurveNames.Add("secp224r1", "secp224r1");
// CurveNames.Add("B-409", SecNamedCurves.GetName(NistNamedCurves.GetOid("B-409"))); // nist
// CurveNames.Add("P-521", SecNamedCurves.GetName(NistNamedCurves.GetOid("P-521")));
// CurveNames.Add("brainpoolp160r1", "brainpoolp160r1"); // TeleTrusT
//
// CurveAliases.Add("secp192r1", "prime192v1");
// CurveAliases.Add("secp256r1", "prime256v1");
// }
private static ECDomainParameters GetCurveParameters(
string name)
{
X9ECParameters ecP = ECNamedCurveTable.GetByName(name);
if (ecP == null)
{
throw new Exception("unknown curve name: " + name);
}
return(new ECDomainParameters(ecP.Curve, ecP.G, ecP.N, ecP.H, ecP.GetSeed()));
}
private ECPublicKeyParameters GetNonStandardCurve(byte[] q, string curve)
{
X9ECParameters curveParameters = ECNamedCurveTable.GetByName(curve) ?? CustomNamedCurves.GetByName(curve);
var ecDomainParameters = new ECDomainParameters(curveParameters.Curve,
curveParameters.G,
curveParameters.N,
curveParameters.H,
curveParameters.GetSeed());
ECPoint qPoint = ecDomainParameters.Curve.DecodePoint(q);
return(new ECPublicKeyParameters(qPoint, ecDomainParameters));
}
public static bool VerifySignature(byte[] pubkey, byte[] hash, byte[] sigBytes)
{
X9ECParameters ecParams = Org.BouncyCastle.Asn1.Sec.SecNamedCurves.GetByName("secp256k1");
ECDomainParameters domainParameters = new ECDomainParameters(ecParams.Curve,
ecParams.G, ecParams.N, ecParams.H,
ecParams.GetSeed());
BigInteger r = new BigInteger(1, sigBytes, 0, 32);
BigInteger s = new BigInteger(1, sigBytes, 32, 32);
ECPublicKeyParameters publicKey = new ECPublicKeyParameters(ecParams.Curve.DecodePoint(pubkey), domainParameters);
ECDsaSigner signer = new ECDsaSigner();
signer.Init(false, publicKey);
return(signer.VerifySignature(hash, r, s));
}
private ECPublicKeyParameters RecreatePublicKeyFromAffineXandAffineYCoord
(KeyType keyType, byte[] rawAffineX, byte[] rawAffineY)
{
X9ECParameters lCurve = GetCurveFromKeyType(keyType);
ECDomainParameters domain = new ECDomainParameters(lCurve.Curve, lCurve.G, lCurve.N,
lCurve.H, lCurve.GetSeed());
BigInteger bigXCoord = new BigInteger(1, rawAffineX);
BigInteger bigYCoord = new BigInteger(1, rawAffineY);
ECPoint point = lCurve.Curve.CreatePoint(bigXCoord, bigYCoord);
return(new ECPublicKeyParameters("ECDSA", point, domain));
}
/// <summary>
/// Create a public key from the IPFS ephermal encoding.
/// </summary>
/// <param name="curveName">
/// The name of the curve, for example "P-256".
/// </param>
/// <param name="bytes">
/// The IPFS encoded ephermal key.
/// </param>
public static EphermalKey CreatePublicKeyFromIpfs(string curveName, byte[] bytes)
{
X9ECParameters ecP = ECNamedCurveTable.GetByName(curveName);
if (ecP == null)
{
throw new KeyNotFoundException($"Unknown curve name '{curveName}'.");
}
var domain = new ECDomainParameters(ecP.Curve, ecP.G, ecP.N, ecP.H, ecP.GetSeed());
var q = ecP.Curve.DecodePoint(bytes);
return(new EphermalKey
{
publicKey = new ECPublicKeyParameters(q, domain)
});
}
public void ShouldSetQ(string curve)
{
SetupForCurve(curve);
X9ECParameters curveParameters = ECNamedCurveTable.GetByName(curve) ?? CustomNamedCurves.GetByName(curve);
var ecDomainParameters = new ECDomainParameters(curveParameters.Curve,
curveParameters.G,
curveParameters.N,
curveParameters.H,
curveParameters.GetSeed());
ECPoint qPoint = ecDomainParameters.Curve.DecodePoint(rawQ);
var expected = (ECPublicKeyParameters)PublicKeyFactory.CreateKey(publicKey.Content);
Assert.AreEqual(expected.Q, qPoint);
}
/// <inheritdoc />
public async Task <IKey> CreateAsync(string name, string keyType, int size, CancellationToken cancel = default(CancellationToken))
{
// Apply defaults.
if (string.IsNullOrWhiteSpace(keyType))
{
keyType = Options.DefaultKeyType;
}
if (size < 1)
{
size = Options.DefaultKeySize;
}
keyType = keyType.ToLowerInvariant();
// Create the key pair.
log.DebugFormat("Creating {0} key named '{1}'", keyType, name);
IAsymmetricCipherKeyPairGenerator g;
switch (keyType)
{
case "rsa":
g = GeneratorUtilities.GetKeyPairGenerator("RSA");
g.Init(new RsaKeyGenerationParameters(
BigInteger.ValueOf(0x10001), new SecureRandom(), size, 25));
break;
case "secp256k1":
X9ECParameters ecP = ECNamedCurveTable.GetByName(keyType);
if (ecP == null)
{
throw new Exception("unknown curve name: " + keyType);
}
var domain = new ECDomainParameters(ecP.Curve, ecP.G, ecP.N, ecP.H, ecP.GetSeed());
g = GeneratorUtilities.GetKeyPairGenerator("EC");
g.Init(new ECKeyGenerationParameters(domain, new SecureRandom()));
break;
default:
throw new Exception($"Invalid key type '{keyType}'.");
}
var keyPair = g.GenerateKeyPair();
log.Debug("Created key");
return(await AddPrivateKeyAsync(name, keyPair, cancel));
}
public void TestAddSubtractMultiplyTwiceEncoding()
{
ArrayList names = new ArrayList();
CollectionUtilities.AddRange(names, ECNamedCurveTable.Names);
CollectionUtilities.AddRange(names, CustomNamedCurves.Names);
ISet uniqNames = new HashSet(names);
foreach (string name in uniqNames)
{
X9ECParameters x9A = ECNamedCurveTable.GetByName(name);
X9ECParameters x9B = CustomNamedCurves.GetByName(name);
if (x9A != null && x9B != null)
{
Assert.AreEqual(x9A.Curve.Field, x9B.Curve.Field);
Assert.AreEqual(x9A.Curve.A.ToBigInteger(), x9B.Curve.A.ToBigInteger());
Assert.AreEqual(x9A.Curve.B.ToBigInteger(), x9B.Curve.B.ToBigInteger());
AssertOptionalValuesAgree(x9A.Curve.Cofactor, x9B.Curve.Cofactor);
AssertOptionalValuesAgree(x9A.Curve.Order, x9B.Curve.Order);
AssertPointsEqual("Custom curve base-point inconsistency", x9A.G, x9B.G);
Assert.AreEqual(x9A.H, x9B.H);
Assert.AreEqual(x9A.N, x9B.N);
AssertOptionalValuesAgree(x9A.GetSeed(), x9B.GetSeed());
BigInteger k = new BigInteger(x9A.N.BitLength, secRand);
ECPoint pA = x9A.G.Multiply(k);
ECPoint pB = x9B.G.Multiply(k);
AssertPointsEqual("Custom curve multiplication inconsistency", pA, pB);
}
if (x9A != null)
{
ImplAddSubtractMultiplyTwiceEncodingTestAllCoords(x9A);
}
if (x9B != null)
{
ImplAddSubtractMultiplyTwiceEncodingTestAllCoords(x9B);
}
}
}
public static KeyPairEC SecP256r1KeyPairGen()
{
string curve = "secp256r1";
X9ECParameters ecParams = Org.BouncyCastle.Asn1.Sec.SecNamedCurves.GetByName(curve);
ECDomainParameters domainParameters = new ECDomainParameters(ecParams.Curve,
ecParams.G, ecParams.N, ecParams.H,
ecParams.GetSeed());
ECKeyGenerationParameters keyGenParams =
new ECKeyGenerationParameters(domainParameters, new SecureRandom());
AsymmetricCipherKeyPair keyPair;
ECKeyPairGenerator generator = new ECKeyPairGenerator();
generator.Init(keyGenParams);
keyPair = generator.GenerateKeyPair();
ECPrivateKeyParameters privateKey = (ECPrivateKeyParameters)keyPair.Private;
ECPublicKeyParameters publicKey = (ECPublicKeyParameters)keyPair.Public;
var privKeyBytes = privateKey.D.ToByteArrayUnsigned();
var pubKeyBytes = publicKey.Q.GetEncoded();
string privKey = ToSolidHex(privKeyBytes);
string pubKey = ToSolidHex(pubKeyBytes);
Console.WriteLine($"Curve: {curve}");
Console.WriteLine($"Generated private key ({privKeyBytes.Length} bytes):");
Console.WriteLine($"{ToHex(privKeyBytes)}");
Console.WriteLine($"Generated public key ({pubKeyBytes.Length} bytes):");
Console.WriteLine($"{ToHex(pubKeyBytes)}");
Console.WriteLine("=====================================");
Console.WriteLine($"priv:");
Console.WriteLine($"{privKey}");
Console.WriteLine($"pub:");
Console.WriteLine($"{pubKey}");
return(new KeyPairEC()
{
PrivKey = privKeyBytes,
PubKey = pubKeyBytes,
PrivKeyByteHexStr = privKey,
PubKeyByteHexStr = pubKey
});
}
private void GenerateKeys(string curveName)
{
X9ECParameters ecParams = SecNamedCurves.GetByName(curveName);
_domainParameters = new ECDomainParameters(ecParams.Curve,
ecParams.G, ecParams.N, ecParams.H,
ecParams.GetSeed());
ECKeyGenerationParameters keyGenParams =
new ECKeyGenerationParameters(_domainParameters, new SecureRandom());
AsymmetricCipherKeyPair keyPair;
ECKeyPairGenerator generator = new ECKeyPairGenerator();
generator.Init(keyGenParams);
keyPair = generator.GenerateKeyPair();
_privateKey = (ECPrivateKeyParameters)keyPair.Private;
_publicKey = (ECPublicKeyParameters)keyPair.Public;
}
public static Ecdsa Generate()
{
X9ECParameters ecParams = Org.BouncyCastle.Asn1.Sec.SecNamedCurves.GetByName("secp256k1");
ECDomainParameters domainParameters = new ECDomainParameters(ecParams.Curve,
ecParams.G, ecParams.N, ecParams.H,
ecParams.GetSeed());
ECKeyGenerationParameters keyGenParams =
new ECKeyGenerationParameters(domainParameters, new SecureRandom());
AsymmetricCipherKeyPair keyPair;
ECKeyPairGenerator generator = new ECKeyPairGenerator();
generator.Init(keyGenParams);
keyPair = generator.GenerateKeyPair();
ECPrivateKeyParameters privateKey = (ECPrivateKeyParameters)keyPair.Private;
ECPublicKeyParameters publicKey = (ECPublicKeyParameters)keyPair.Public;
return(new Ecdsa(publicKey.Q.GetEncoded(), privateKey.D.ToByteArrayUnsigned()));
}
public static ECDomainParameters GetParametersForNamedCurve(int namedCurve)
{
string nameOfNamedCurve = GetNameOfNamedCurve(namedCurve);
if (nameOfNamedCurve == null)
{
return(null);
}
X9ECParameters byName = CustomNamedCurves.GetByName(nameOfNamedCurve);
if (byName == null)
{
byName = ECNamedCurveTable.GetByName(nameOfNamedCurve);
if (byName == null)
{
return(null);
}
}
return(new ECDomainParameters(byName.Curve, byName.G, byName.N, byName.H, byName.GetSeed()));
}
internal static ECDomainParameters GetECParameters(NamedCurve namedCurve)
{
if (!Enum.IsDefined(typeof(NamedCurve), namedCurve))
{
return(null);
}
string curveName = namedCurve.ToString();
// Lazily created the first time a particular curve is accessed
X9ECParameters ecP = SecNamedCurves.GetByName(curveName);
if (ecP == null)
{
return(null);
}
// It's a bit inefficient to do this conversion every time
return(new ECDomainParameters(ecP.Curve, ecP.G, ecP.N, ecP.H, ecP.GetSeed()));
}
/// <summary>
/// Create a new ephermal key on the curve.
/// </summary>
/// <param name="curveName">
/// The name of the curve, for example "P-256".
/// </param>
/// <returns>
/// The new created emphermal key.
/// </returns>
public static EphermalKey Generate(string curveName)
{
X9ECParameters ecP = ECNamedCurveTable.GetByName(curveName);
if (ecP == null)
{
throw new Exception($"Unknown curve name '{curveName}'.");
}
var domain = new ECDomainParameters(ecP.Curve, ecP.G, ecP.N, ecP.H, ecP.GetSeed());
var g = GeneratorUtilities.GetKeyPairGenerator("EC");
g.Init(new ECKeyGenerationParameters(domain, new SecureRandom()));
var keyPair = g.GenerateKeyPair();
return(new EphermalKey
{
privateKey = (ECPrivateKeyParameters)keyPair.Private,
publicKey = (ECPublicKeyParameters)keyPair.Public
});
}
public static Byte[] getSharedSecret(Byte[] PrivateKeyIn, Byte[] PublicKeyIn)
{
ECDHCBasicAgreement agreement = new ECDHCBasicAgreement();
X9ECParameters curve = null;
ECDomainParameters ecParam = null;
ECPrivateKeyParameters privKey = null;
ECPublicKeyParameters pubKey = null;
ECPoint point = null;
curve = NistNamedCurves.GetByName("P-256");
ecParam = new ECDomainParameters(curve.Curve, curve.G, curve.N, curve.H, curve.GetSeed());
privKey = new ECPrivateKeyParameters(new BigInteger(PrivateKeyIn), ecParam);
point = ecParam.Curve.DecodePoint(PublicKeyIn);
pubKey = new ECPublicKeyParameters(point, ecParam);
agreement.Init(privKey);
BigInteger secret = agreement.CalculateAgreement(pubKey);
return(secret.ToByteArrayUnsigned());
}
private void GenerateKeys(string curveName)
{
this.logger?.Debug($"ECDHE: Creating ephemeral ecc domain parameters and keys for curve {curveName}...");
X9ECParameters ecParams = SecNamedCurves.GetByName(curveName);
this.domainParameters = new ECDomainParameters(
ecParams.Curve,
ecParams.G,
ecParams.N,
ecParams.H,
ecParams.GetSeed());
var keyGenParams = new ECKeyGenerationParameters(this.domainParameters, new SecureRandom());
var generator = new ECKeyPairGenerator();
generator.Init(keyGenParams);
var keyPair = generator.GenerateKeyPair();
this.privateKey = (ECPrivateKeyParameters)keyPair.Private;
this.publicKey = (ECPublicKeyParameters)keyPair.Public;
}
public void TestECMqvTestVector1()
{
// Test Vector from GEC-2
X9ECParameters x9 = SecNamedCurves.GetByName("secp160r1");
ECDomainParameters p = new ECDomainParameters(
x9.Curve, x9.G, x9.N, x9.H, x9.GetSeed());
AsymmetricCipherKeyPair U1 = new AsymmetricCipherKeyPair(
new ECPublicKeyParameters(
p.Curve.DecodePoint(Hex.Decode("0251B4496FECC406ED0E75A24A3C03206251419DC0")), p),
new ECPrivateKeyParameters(
new BigInteger("AA374FFC3CE144E6B073307972CB6D57B2A4E982", 16), p));
AsymmetricCipherKeyPair U2 = new AsymmetricCipherKeyPair(
new ECPublicKeyParameters(
p.Curve.DecodePoint(Hex.Decode("03D99CE4D8BF52FA20BD21A962C6556B0F71F4CA1F")), p),
new ECPrivateKeyParameters(
new BigInteger("149EC7EA3A220A887619B3F9E5B4CA51C7D1779C", 16), p));
AsymmetricCipherKeyPair V1 = new AsymmetricCipherKeyPair(
new ECPublicKeyParameters(
p.Curve.DecodePoint(Hex.Decode("0349B41E0E9C0369C2328739D90F63D56707C6E5BC")), p),
new ECPrivateKeyParameters(
new BigInteger("45FB58A92A17AD4B15101C66E74F277E2B460866", 16), p));
AsymmetricCipherKeyPair V2 = new AsymmetricCipherKeyPair(
new ECPublicKeyParameters(
p.Curve.DecodePoint(Hex.Decode("02706E5D6E1F640C6E9C804E75DBC14521B1E5F3B5")), p),
new ECPrivateKeyParameters(
new BigInteger("18C13FCED9EADF884F7C595C8CB565DEFD0CB41E", 16), p));
BigInteger x = calculateAgreement(U1, U2, V1, V2);
if (x == null ||
!x.Equals(new BigInteger("5A6955CEFDB4E43255FB7FCF718611E4DF8E05AC", 16)))
{
Fail("MQV Test Vector #1 agreement failed");
}
}
public void TestECMqvTestVector2()
{
// Test Vector from GEC-2
X9ECParameters x9 = SecNamedCurves.GetByName("sect163k1");
ECDomainParameters p = new ECDomainParameters(
x9.Curve, x9.G, x9.N, x9.H, x9.GetSeed());
AsymmetricCipherKeyPair U1 = new AsymmetricCipherKeyPair(
new ECPublicKeyParameters(
p.Curve.DecodePoint(Hex.Decode("03037D529FA37E42195F10111127FFB2BB38644806BC")), p),
new ECPrivateKeyParameters(
new BigInteger("03A41434AA99C2EF40C8495B2ED9739CB2155A1E0D", 16), p));
AsymmetricCipherKeyPair U2 = new AsymmetricCipherKeyPair(
new ECPublicKeyParameters(
p.Curve.DecodePoint(Hex.Decode("02015198E74BC2F1E5C9A62B80248DF0D62B9ADF8429")), p),
new ECPrivateKeyParameters(
new BigInteger("032FC4C61A8211E6A7C4B8B0C03CF35F7CF20DBD52", 16), p));
AsymmetricCipherKeyPair V1 = new AsymmetricCipherKeyPair(
new ECPublicKeyParameters(
p.Curve.DecodePoint(Hex.Decode("03072783FAAB9549002B4F13140B88132D1C75B3886C")), p),
new ECPrivateKeyParameters(
new BigInteger("57E8A78E842BF4ACD5C315AA0569DB1703541D96", 16), p));
AsymmetricCipherKeyPair V2 = new AsymmetricCipherKeyPair(
new ECPublicKeyParameters(
p.Curve.DecodePoint(Hex.Decode("03067E3AEA3510D69E8EDD19CB2A703DDC6CF5E56E32")), p),
new ECPrivateKeyParameters(
new BigInteger("02BD198B83A667A8D908EA1E6F90FD5C6D695DE94F", 16), p));
BigInteger x = calculateAgreement(U1, U2, V1, V2);
if (x == null ||
!x.Equals(new BigInteger("038359FFD30C0D5FC1E6154F483B73D43E5CF2B503", 16)))
{
Fail("MQV Test Vector #2 agreement failed");
}
}
public byte[] Sign(byte[] message, byte[] prikey, byte[] pubkey)
{
X9ECParameters ecParams = NistNamedCurves.GetByName("P-256");
ECDomainParameters domainParameters = new ECDomainParameters(ecParams.Curve, ecParams.G, ecParams.N,
ecParams.H, ecParams.GetSeed());
ECPrivateKeyParameters privKeyParam = new ECPrivateKeyParameters(
new BigInteger(1, prikey), // d
domainParameters);
ISigner signer = SignerUtilities.GetSigner("SHA-256withECDSA");
signer.Init(true, privKeyParam);
signer.BlockUpdate(message, 0, message.Length);
//https://crypto.stackexchange.com/questions/1795/how-can-i-convert-a-der-ecdsa-signature-to-asn-1
var signature = signer.GenerateSignature();
var resSignature = new byte[64];
int i = signature[3] == 33 ? 5 : 4;
Array.Copy(signature, i, resSignature, 0, 32);
i += 32 + 1;
i = signature[i] == 33 ? i + 2 : i + 1;
Array.Copy(signature, i, resSignature, 32, 32);
return resSignature;
}
