/* * Create a new instance with the provided elements. The * constructor verifies that the provided point is part of * the curve. */ public ECPublicKey(ECCurve curve, byte[] Pub) { this.curve = curve; this.pub = Pub; iPub = curve.Decode(Pub); if (iPub.IsInfinity) { throw new CryptoException( "Public key point is infinity"); } hashCode = curve.GetHashCode() ^ (int)BigInt.HashInt(iPub.X) ^ (int)BigInt.HashInt(iPub.Y); }
/* * Create a new instance with the provided element (unsigned, * big-endian). This constructor checks the following rules: * * the modulus size must be at least 512 bits * the modulus must be odd * the exponent must be odd and greater than 1 */ public RSAPublicKey(byte[] modulus, byte[] exponent) { mod = BigInt.NormalizeBE(modulus, false); e = BigInt.NormalizeBE(exponent, false); if (mod.Length < 64 || (mod.Length == 64 && mod[0] < 0x80)) { throw new CryptoException( "Invalid RSA public key (less than 512 bits)"); } if ((mod[mod.Length - 1] & 0x01) == 0) { throw new CryptoException( "Invalid RSA public key (even modulus)"); } if (BigInt.IsZero(e)) { throw new CryptoException( "Invalid RSA public key (exponent is zero)"); } if (BigInt.IsOne(e)) { throw new CryptoException( "Invalid RSA public key (exponent is one)"); } if ((e[e.Length - 1] & 0x01) == 0) { throw new CryptoException( "Invalid RSA public key (even exponent)"); } /* * A simple hash code that will work well because RSA * keys are in practice quite randomish. */ hashCode = (int)(BigInt.HashInt(modulus) ^ BigInt.HashInt(exponent)); }
/* * Checks enforced by the constructor: * -- modulus is odd and at least 80-bit long * -- subgroup order is odd and at least 30-bit long * -- parameters a[] and b[] are lower than modulus * -- coordinates gx and gy are lower than modulus * -- coordinates gx and gy match curve equation */ internal ECCurvePrime(string name, byte[] mod, byte[] a, byte[] b, byte[] gx, byte[] gy, byte[] subgroupOrder, byte[] cofactor) : base(subgroupOrder, cofactor) { this.mod = mod = BigInt.NormalizeBE(mod); int modLen = BigInt.BitLength(mod); if (modLen < 80) { throw new CryptoException( "Invalid curve: modulus is too small"); } if ((mod[mod.Length - 1] & 0x01) == 0) { throw new CryptoException( "Invalid curve: modulus is even"); } int sgLen = BigInt.BitLength(subgroupOrder); if (sgLen < 30) { throw new CryptoException( "Invalid curve: subgroup is too small"); } if ((subgroupOrder[subgroupOrder.Length - 1] & 0x01) == 0) { throw new CryptoException( "Invalid curve: subgroup order is even"); } mp = new ModInt(mod); flen = (modLen + 7) >> 3; pMod4 = mod[mod.Length - 1] & 3; this.a = a = BigInt.NormalizeBE(a); this.b = b = BigInt.NormalizeBE(b); if (BigInt.CompareCT(a, mod) >= 0 || BigInt.CompareCT(b, mod) >= 0) { throw new CryptoException( "Invalid curve: out-of-range parameter"); } ma = mp.Dup(); ma.Decode(a); ma.Add(3); aIsM3 = ma.IsZero; ma.Sub(3); mb = mp.Dup(); mb.Decode(b); this.gx = gx = BigInt.NormalizeBE(gx); this.gy = gy = BigInt.NormalizeBE(gy); if (BigInt.CompareCT(gx, mod) >= 0 || BigInt.CompareCT(gy, mod) >= 0) { throw new CryptoException( "Invalid curve: out-of-range coordinates"); } MutableECPointPrime G = new MutableECPointPrime(this); G.Set(gx, gy, true); hashCode = (int)(BigInt.HashInt(mod) ^ BigInt.HashInt(a) ^ BigInt.HashInt(b) ^ BigInt.HashInt(gx) ^ BigInt.HashInt(gy)); if (name == null) { name = string.Format("generic prime {0}/{1}", modLen, sgLen); } this.name = name; }