public DHParameters( IBigInteger p, IBigInteger g, IBigInteger q, int m, int l, IBigInteger j, DHValidationParameters validation) { if (p == null) { throw new ArgumentNullException("p"); } if (g == null) { throw new ArgumentNullException("g"); } if (!p.TestBit(0)) { throw new ArgumentException(@"field must be an odd prime", "p"); } if (g.CompareTo(BigInteger.Two) < 0 || g.CompareTo(p.Subtract(BigInteger.Two)) > 0) { throw new ArgumentException(@"generator must in the range [2, p - 2]", "g"); } if (q != null && q.BitLength >= p.BitLength) { throw new ArgumentException(@"q too big to be a factor of (p-1)", "q"); } if (m >= p.BitLength) { throw new ArgumentException(@"m value must be < bitlength of p", "m"); } if (l != 0) { if (l >= p.BitLength) { throw new ArgumentException(@"when l value specified, it must be less than bitlength(p)", "l"); } if (l < m) { throw new ArgumentException(@"when l value specified, it may not be less than m value", "l"); } } if (j != null && j.CompareTo(BigInteger.Two) < 0) { throw new ArgumentException(@"subgroup factor must be >= 2", "j"); } // TODO If q, j both provided, validate p = jq + 1 ? this.p = p; this.g = g; this.q = q; this.m = m; this.l = l; this.j = j; this.validation = validation; }
// Section 7.2.6 ECVP-NR, pg 35 /** * return true if the value r and s represent a signature for the * message passed in. Generally, the order of the curve should be at * least as long as the hash of the message of interest, and with * ECNR, it *must* be at least as long. But just in case the signer * applied mod(n) to the longer digest, this implementation will * apply mod(n) during verification. * * @param digest the digest to be verified. * @param r the r value of the signature. * @param s the s value of the signature. * @exception DataLengthException if the digest is longer than the key allows */ public bool VerifySignature( byte[] message, IBigInteger r, IBigInteger s) { if (this._forSigning) { // not properly initilaized... deal with it throw new InvalidOperationException("not initialised for verifying"); } ECPublicKeyParameters pubKey = (ECPublicKeyParameters)_key; IBigInteger n = pubKey.Parameters.N; int nBitLength = n.BitLength; IBigInteger e = new BigInteger(1, message); int eBitLength = e.BitLength; if (eBitLength > nBitLength) { throw new DataLengthException("input too large for ECNR key."); } // r in the range [1,n-1] if (r.CompareTo(BigInteger.One) < 0 || r.CompareTo(n) >= 0) { return(false); } // TODO So why is this different from the spec? // s in the range [0,n-1] NB: ECNR spec says 0 if (s.CompareTo(BigInteger.Zero) < 0 || s.CompareTo(n) >= 0) { return(false); } // compute P = sG + rW ECPoint G = pubKey.Parameters.G; ECPoint W = pubKey.Q; // calculate P using Bouncy math ECPoint P = ECAlgorithms.SumOfTwoMultiplies(G, s, W, r); IBigInteger x = P.X.ToBigInteger(); IBigInteger t = r.Subtract(x).Mod(n); return(t.Equals(e)); }
// 5.4 pg 29 /** * return true if the value r and s represent a DSA signature for * the passed in message (for standard DSA the message should be * a SHA-1 hash of the real message to be verified). */ public bool VerifySignature(byte[] message, IBigInteger r, IBigInteger s) { var n = _key.Parameters.N; // r and s should both in the range [1,n-1] if (r.SignValue < 1 || s.SignValue < 1 || r.CompareTo(n) >= 0 || s.CompareTo(n) >= 0) { return(false); } var e = CalculateE(n, message); var c = s.ModInverse(n); var u1 = e.Multiply(c).Mod(n); var u2 = r.Multiply(c).Mod(n); var g = _key.Parameters.G; var q = ((ECPublicKeyParameters)_key).Q; var point = ECAlgorithms.SumOfTwoMultiplies(g, u1, q, u2); var v = point.X.ToBigInteger().Mod(n); return(v.Equals(r)); }
/** * Return a random IBigInteger not less than 'min' and not greater than 'max' * * @param min the least value that may be generated * @param max the greatest value that may be generated * @param random the source of randomness * @return a random IBigInteger value in the range [min,max] */ public static IBigInteger CreateRandomInRange( IBigInteger min, IBigInteger max, // TODO Should have been just Random class ISecureRandom random) { int cmp = min.CompareTo(max); if (cmp >= 0) { if (cmp > 0) throw new ArgumentException("'min' may not be greater than 'max'"); return min; } if (min.BitLength > max.BitLength / 2) { return CreateRandomInRange(BigInteger.Zero, max.Subtract(min), random).Add(min); } for (int i = 0; i < MaxIterations; ++i) { IBigInteger x = new BigInteger(max.BitLength, random); if (x.CompareTo(min) >= 0 && x.CompareTo(max) <= 0) { return x; } } // fall back to a faster (restricted) method return new BigInteger(max.Subtract(min).BitLength - 1, random).Add(min); }
private static IBigInteger CalculateGenerator_FIPS186_3_Verifiable(IDigest d, IBigInteger p, IBigInteger q, byte[] seed, int index) { // A.2.3 Verifiable Canonical Generation of the Generator g IBigInteger e = p.Subtract(BigInteger.One).Divide(q); byte[] ggen = Hex.Decode("6767656E"); // 7. U = domain_parameter_seed || "ggen" || index || count. byte[] U = new byte[seed.Length + ggen.Length + 1 + 2]; Array.Copy(seed, 0, U, 0, seed.Length); Array.Copy(ggen, 0, U, seed.Length, ggen.Length); U[U.Length - 3] = (byte)index; byte[] w = new byte[d.GetDigestSize()]; for (int count = 1; count < (1 << 16); ++count) { Inc(U); Hash(d, U, w); IBigInteger W = new BigInteger(1, w); IBigInteger g = W.ModPow(e, p); if (g.CompareTo(BigInteger.Two) >= 0) { return(g); } } return(null); }
/** * Return a random IBigInteger not less than 'min' and not greater than 'max' * * @param min the least value that may be generated * @param max the greatest value that may be generated * @param random the source of randomness * @return a random IBigInteger value in the range [min,max] */ public static IBigInteger CreateRandomInRange( IBigInteger min, IBigInteger max, // TODO Should have been just Random class ISecureRandom random) { int cmp = min.CompareTo(max); if (cmp >= 0) { if (cmp > 0) { throw new ArgumentException("'min' may not be greater than 'max'"); } return(min); } if (min.BitLength > max.BitLength / 2) { return(CreateRandomInRange(BigInteger.Zero, max.Subtract(min), random).Add(min)); } for (int i = 0; i < MaxIterations; ++i) { IBigInteger x = new BigInteger(max.BitLength, random); if (x.CompareTo(min) >= 0 && x.CompareTo(max) <= 0) { return(x); } } // fall back to a faster (restricted) method return(new BigInteger(max.Subtract(min).BitLength - 1, random).Add(min)); }
public RsaSecretBcpgKey(IBigInteger d, IBigInteger p, IBigInteger q) { // PGP requires (p < q) var cmp = p.CompareTo(q); if (cmp >= 0) { if (cmp == 0) { throw new ArgumentException("p and q cannot be equal"); } var tmp = p; p = q; q = tmp; } _d = new MPInteger(d); _p = new MPInteger(p); _q = new MPInteger(q); _u = new MPInteger(p.ModInverse(q)); _expP = d.Remainder(p.Subtract(BigInteger.One)); _expQ = d.Remainder(q.Subtract(BigInteger.One)); _crt = q.ModInverse(p); }
/// <summary> /// Initializes a new instance of the <see cref="FPFieldElement"/> class. /// </summary> /// <param name="q">The q.</param> /// <param name="x">The x.</param> /// <exception cref="System.ArgumentException">x value too large in field element</exception> public FPFieldElement(IBigInteger q, IBigInteger x) { if (x.CompareTo(q) >= 0) throw new ArgumentException("x value too large in field element"); _q = q; _x = x; }
public Gost3410PublicKeyParameters( IBigInteger y, DerObjectIdentifier publicKeyParamSet) : base(false, publicKeyParamSet) { if (y.SignValue < 1 || y.CompareTo(Parameters.P) >= 0) throw new ArgumentException(@"Invalid y for GOST3410 public key", "y"); this.y = y; }
public Gost3410PrivateKeyParameters( IBigInteger x, DerObjectIdentifier publicKeyParamSet) : base(true, publicKeyParamSet) { if (x.SignValue < 1 || x.BitLength > 256 || x.CompareTo(Parameters.Q) >= 0) throw new ArgumentException(@"Invalid x for GOST3410 private key", "x"); this.x = x; }
/// <summary> /// Initializes a new instance of the <see cref="FPFieldElement"/> class. /// </summary> /// <param name="q">The q.</param> /// <param name="x">The x.</param> /// <exception cref="System.ArgumentException">x value too large in field element</exception> public FPFieldElement(IBigInteger q, IBigInteger x) { if (x.CompareTo(q) >= 0) { throw new ArgumentException("x value too large in field element"); } _q = q; _x = x; }
public DHParameters( IBigInteger p, IBigInteger g, IBigInteger q, int m, int l, IBigInteger j, DHValidationParameters validation) { if (p == null) throw new ArgumentNullException("p"); if (g == null) throw new ArgumentNullException("g"); if (!p.TestBit(0)) throw new ArgumentException(@"field must be an odd prime", "p"); if (g.CompareTo(BigInteger.Two) < 0 || g.CompareTo(p.Subtract(BigInteger.Two)) > 0) throw new ArgumentException(@"generator must in the range [2, p - 2]", "g"); if (q != null && q.BitLength >= p.BitLength) throw new ArgumentException(@"q too big to be a factor of (p-1)", "q"); if (m >= p.BitLength) throw new ArgumentException(@"m value must be < bitlength of p", "m"); if (l != 0) { if (l >= p.BitLength) throw new ArgumentException(@"when l value specified, it must be less than bitlength(p)", "l"); if (l < m) throw new ArgumentException(@"when l value specified, it may not be less than m value", "l"); } if (j != null && j.CompareTo(BigInteger.Two) < 0) throw new ArgumentException(@"subgroup factor must be >= 2", "j"); // TODO If q, j both provided, validate p = jq + 1 ? this.p = p; this.g = g; this.q = q; this.m = m; this.l = l; this.j = j; this.validation = validation; }
public Gost3410PublicKeyParameters( IBigInteger y, DerObjectIdentifier publicKeyParamSet) : base(false, publicKeyParamSet) { if (y.SignValue < 1 || y.CompareTo(Parameters.P) >= 0) { throw new ArgumentException(@"Invalid y for GOST3410 public key", "y"); } this.y = y; }
public Gost3410PrivateKeyParameters( IBigInteger x, DerObjectIdentifier publicKeyParamSet) : base(true, publicKeyParamSet) { if (x.SignValue < 1 || x.BitLength > 256 || x.CompareTo(Parameters.Q) >= 0) { throw new ArgumentException(@"Invalid x for GOST3410 private key", "x"); } this.x = x; }
/** * return true if the value r and s represent a GOST3410 signature for * the passed in message (for standard GOST3410 the message should be * a GOST3411 hash of the real message to be verified). */ public bool VerifySignature( byte[] message, IBigInteger r, IBigInteger s) { byte[] mRev = new byte[message.Length]; // conversion is little-endian for (int i = 0; i != mRev.Length; i++) { mRev[i] = message[mRev.Length - 1 - i]; } IBigInteger e = new BigInteger(1, mRev); IBigInteger n = key.Parameters.N; // r in the range [1,n-1] if (r.CompareTo(BigInteger.One) < 0 || r.CompareTo(n) >= 0) { return(false); } // s in the range [1,n-1] if (s.CompareTo(BigInteger.One) < 0 || s.CompareTo(n) >= 0) { return(false); } IBigInteger v = e.ModInverse(n); IBigInteger z1 = s.Multiply(v).Mod(n); IBigInteger z2 = (n.Subtract(r)).Multiply(v).Mod(n); ECPoint G = key.Parameters.G; // P ECPoint Q = ((ECPublicKeyParameters)key).Q; ECPoint point = ECAlgorithms.SumOfTwoMultiplies(G, z1, Q, z2); IBigInteger R = point.X.ToBigInteger().Mod(n); return(R.Equals(r)); }
protected virtual DHPublicKeyParameters ValidateDHPublicKey(DHPublicKeyParameters key) { IBigInteger Y = key.Y; DHParameters parameters = key.Parameters; IBigInteger p = parameters.P; IBigInteger g = parameters.G; if (!p.IsProbablePrime(2)) { throw new TlsFatalAlert(AlertDescription.illegal_parameter); } if (g.CompareTo(BigInteger.Two) < 0 || g.CompareTo(p.Subtract(BigInteger.Two)) > 0) { throw new TlsFatalAlert(AlertDescription.illegal_parameter); } if (Y.CompareTo(BigInteger.Two) < 0 || Y.CompareTo(p.Subtract(BigInteger.One)) > 0) { throw new TlsFatalAlert(AlertDescription.illegal_parameter); } // TODO See RFC 2631 for more discussion of Diffie-Hellman validation return(key); }
public void TestNextProbablePrime() { IBigInteger firstPrime = BigInteger.ProbablePrime(32, _random); IBigInteger nextPrime = firstPrime.NextProbablePrime(); Assert.IsTrue(firstPrime.IsProbablePrime(10)); Assert.IsTrue(nextPrime.IsProbablePrime(10)); IBigInteger check = firstPrime.Add(one); while (check.CompareTo(nextPrime) < 0) { Assert.IsFalse(check.IsProbablePrime(10)); check = check.Add(one); } }
/** * Procedure C * procedure generates the a value from the given p,q, * returning the a value. */ private IBigInteger procedure_C(IBigInteger p, IBigInteger q) { IBigInteger pSub1 = p.Subtract(BigInteger.One); IBigInteger pSub1Divq = pSub1.Divide(q); for (;;) { IBigInteger d = new BigInteger(p.BitLength, init_random); // 1 < d < p-1 if (d.CompareTo(BigInteger.One) > 0 && d.CompareTo(pSub1) < 0) { IBigInteger a = d.ModPow(pSub1Divq, p); if (a.CompareTo(BigInteger.One) != 0) { return(a); } } } }
public RsaSecretBcpgKey(IBigInteger d, IBigInteger p, IBigInteger q) { // PGP requires (p < q) var cmp = p.CompareTo(q); if (cmp >= 0) { if (cmp == 0) throw new ArgumentException("p and q cannot be equal"); var tmp = p; p = q; q = tmp; } _d = new MPInteger(d); _p = new MPInteger(p); _q = new MPInteger(q); _u = new MPInteger(p.ModInverse(q)); _expP = d.Remainder(p.Subtract(BigInteger.One)); _expQ = d.Remainder(q.Subtract(BigInteger.One)); _crt = q.ModInverse(p); }
/** * return true if the value r and s represent a GOST3410 signature for * the passed in message (for standard GOST3410 the message should be * a GOST3411 hash of the real message to be verified). */ public bool VerifySignature( byte[] message, IBigInteger r, IBigInteger s) { byte[] mRev = new byte[message.Length]; // conversion is little-endian for (int i = 0; i != mRev.Length; i++) { mRev[i] = message[mRev.Length - 1 - i]; } IBigInteger e = new BigInteger(1, mRev); IBigInteger n = key.Parameters.N; // r in the range [1,n-1] if (r.CompareTo(BigInteger.One) < 0 || r.CompareTo(n) >= 0) { return false; } // s in the range [1,n-1] if (s.CompareTo(BigInteger.One) < 0 || s.CompareTo(n) >= 0) { return false; } IBigInteger v = e.ModInverse(n); IBigInteger z1 = s.Multiply(v).Mod(n); IBigInteger z2 = (n.Subtract(r)).Multiply(v).Mod(n); ECPoint G = key.Parameters.G; // P ECPoint Q = ((ECPublicKeyParameters)key).Q; ECPoint point = ECAlgorithms.SumOfTwoMultiplies(G, z1, Q, z2); IBigInteger R = point.X.ToBigInteger().Mod(n); return R.Equals(r); }
/** * Computes the <code>[τ]</code>-adic window NAF of an element * <code>λ</code> of <code><b>Z</b>[τ]</code>. * @param mu The parameter μ of the elliptic curve. * @param lambda The element <code>λ</code> of * <code><b>Z</b>[τ]</code> of which to compute the * <code>[τ]</code>-adic NAF. * @param width The window width of the resulting WNAF. * @param pow2w 2<sup>width</sup>. * @param tw The auxiliary value <code>t<sub>w</sub></code>. * @param alpha The <code>α<sub>u</sub></code>'s for the window width. * @return The <code>[τ]</code>-adic window NAF of * <code>λ</code>. */ public static sbyte[] TauAdicWNaf(sbyte mu, ZTauElement lambda, sbyte width, IBigInteger pow2w, IBigInteger tw, ZTauElement[] alpha) { if (!((mu == 1) || (mu == -1))) { throw new ArgumentException("mu must be 1 or -1"); } IBigInteger norm = Norm(mu, lambda); // Ceiling of log2 of the norm int log2Norm = norm.BitLength; // If length(TNAF) > 30, then length(TNAF) < log2Norm + 3.52 int maxLength = log2Norm > 30 ? log2Norm + 4 + width : 34 + width; // The array holding the TNAF sbyte[] u = new sbyte[maxLength]; // 2^(width - 1) IBigInteger pow2wMin1 = pow2w.ShiftRight(1); // Split lambda into two BigIntegers to simplify calculations IBigInteger r0 = lambda.u; IBigInteger r1 = lambda.v; int i = 0; // while lambda <> (0, 0) while (!((r0.Equals(BigInteger.Zero)) && (r1.Equals(BigInteger.Zero)))) { // if r0 is odd if (r0.TestBit(0)) { // uUnMod = r0 + r1*tw Mod 2^width IBigInteger uUnMod = r0.Add(r1.Multiply(tw)).Mod(pow2w); sbyte uLocal; // if uUnMod >= 2^(width - 1) if (uUnMod.CompareTo(pow2wMin1) >= 0) { uLocal = (sbyte)uUnMod.Subtract(pow2w).IntValue; } else { uLocal = (sbyte)uUnMod.IntValue; } // uLocal is now in [-2^(width-1), 2^(width-1)-1] u[i] = uLocal; bool s = true; if (uLocal < 0) { s = false; uLocal = (sbyte)-uLocal; } // uLocal is now >= 0 if (s) { r0 = r0.Subtract(alpha[uLocal].u); r1 = r1.Subtract(alpha[uLocal].v); } else { r0 = r0.Add(alpha[uLocal].u); r1 = r1.Add(alpha[uLocal].v); } } else { u[i] = 0; } IBigInteger t = r0; if (mu == 1) { r0 = r1.Add(r0.ShiftRight(1)); } else { // mu == -1 r0 = r1.Subtract(r0.ShiftRight(1)); } r1 = t.ShiftRight(1).Negate(); i++; } return(u); }
public virtual bool Match( object obj) { X509Crl c = obj as X509Crl; if (c == null) { return(false); } if (dateAndTime != null) { DateTime dt = dateAndTime.Value; DateTime tu = c.ThisUpdate; DateTimeObject nu = c.NextUpdate; if (dt.CompareTo(tu) < 0 || nu == null || dt.CompareTo(nu.Value) >= 0) { return(false); } } if (issuers != null) { X509Name i = c.IssuerDN; bool found = false; foreach (X509Name issuer in issuers) { if (issuer.Equivalent(i, true)) { found = true; break; } } if (!found) { return(false); } } if (maxCrlNumber != null || minCrlNumber != null) { Asn1OctetString extVal = c.GetExtensionValue(X509Extensions.CrlNumber); if (extVal == null) { return(false); } IBigInteger cn = CrlNumber.GetInstance( X509ExtensionUtilities.FromExtensionValue(extVal)).PositiveValue; if (maxCrlNumber != null && cn.CompareTo(maxCrlNumber) > 0) { return(false); } if (minCrlNumber != null && cn.CompareTo(minCrlNumber) < 0) { return(false); } } DerInteger dci = null; try { Asn1OctetString bytes = c.GetExtensionValue(X509Extensions.DeltaCrlIndicator); if (bytes != null) { dci = DerInteger.GetInstance(X509ExtensionUtilities.FromExtensionValue(bytes)); } } catch (Exception) { return(false); } if (dci == null) { if (DeltaCrlIndicatorEnabled) { return(false); } } else { if (CompleteCrlEnabled) { return(false); } if (maxBaseCrlNumber != null && dci.PositiveValue.CompareTo(maxBaseCrlNumber) > 0) { return(false); } } if (issuingDistributionPointEnabled) { Asn1OctetString idp = c.GetExtensionValue(X509Extensions.IssuingDistributionPoint); if (issuingDistributionPoint == null) { if (idp != null) { return(false); } } else { if (!Arrays.AreEqual(idp.GetOctets(), issuingDistributionPoint)) { return(false); } } } return(true); }
// 5.4 pg 29 /** * return true if the value r and s represent a DSA signature for * the passed in message (for standard DSA the message should be * a SHA-1 hash of the real message to be verified). */ public bool VerifySignature(byte[] message, IBigInteger r, IBigInteger s) { var n = _key.Parameters.N; // r and s should both in the range [1,n-1] if (r.SignValue < 1 || s.SignValue < 1 || r.CompareTo(n) >= 0 || s.CompareTo(n) >= 0) { return false; } var e = CalculateE(n, message); var c = s.ModInverse(n); var u1 = e.Multiply(c).Mod(n); var u2 = r.Multiply(c).Mod(n); var g = _key.Parameters.G; var q = ((ECPublicKeyParameters)_key).Q; var point = ECAlgorithms.SumOfTwoMultiplies(g, u1, q, u2); var v = point.X.ToBigInteger().Mod(n); return v.Equals(r); }
// Section 7.2.6 ECVP-NR, pg 35 /** * return true if the value r and s represent a signature for the * message passed in. Generally, the order of the curve should be at * least as long as the hash of the message of interest, and with * ECNR, it *must* be at least as long. But just in case the signer * applied mod(n) to the longer digest, this implementation will * apply mod(n) during verification. * * @param digest the digest to be verified. * @param r the r value of the signature. * @param s the s value of the signature. * @exception DataLengthException if the digest is longer than the key allows */ public bool VerifySignature( byte[] message, IBigInteger r, IBigInteger s) { if (this._forSigning) { // not properly initilaized... deal with it throw new InvalidOperationException("not initialised for verifying"); } ECPublicKeyParameters pubKey = (ECPublicKeyParameters)_key; IBigInteger n = pubKey.Parameters.N; int nBitLength = n.BitLength; IBigInteger e = new BigInteger(1, message); int eBitLength = e.BitLength; if (eBitLength > nBitLength) { throw new DataLengthException("input too large for ECNR key."); } // r in the range [1,n-1] if (r.CompareTo(BigInteger.One) < 0 || r.CompareTo(n) >= 0) { return false; } // TODO So why is this different from the spec? // s in the range [0,n-1] NB: ECNR spec says 0 if (s.CompareTo(BigInteger.Zero) < 0 || s.CompareTo(n) >= 0) { return false; } // compute P = sG + rW ECPoint G = pubKey.Parameters.G; ECPoint W = pubKey.Q; // calculate P using Bouncy math ECPoint P = ECAlgorithms.SumOfTwoMultiplies(G, s, W, r); IBigInteger x = P.X.ToBigInteger(); IBigInteger t = r.Subtract(x).Mod(n); return t.Equals(e); }
public int CompareTo(SimpleBigDecimal val) { CheckScale(val); return(bigInt.CompareTo(val.bigInt)); }