static void Test(string p, string a, string b, string Gx, string Gy, string n, int h, ECDomainParameters domain) { IFiniteField ff = domain.Group.FiniteField; AreEqual(p, domain.P, "p"); AreEqual(a, ff.ToNormal(domain.A), "a"); AreEqual(b, ff.ToNormal(domain.B), "b"); AreEqual(Gx, ff.ToNormal(domain.G.X), "Gx"); AreEqual(Gy, ff.ToNormal(domain.G.Y), "Gy"); AreEqual(n, domain.N, "n"); Assert.AreEqual(h, domain.H, "h"); }
/// <summary>バイト配列より点を作成する (SEC1, 2.3.4)</summary> public ECPoint(ECGroup group, byte[] data) { _group = group; _field = group.FiniteField; switch (data[0]) { case 0: { // 無限遠点 ECPoint tmp = _field.GetInfinityPoint(_group); _x = tmp._x; _y = tmp._y; _z = tmp._z; return; } case 2: case 3: { // 点圧縮済みデータ int keyBits = group.P.BitCount(); int keyBytes = (keyBits >> 3) + ((keyBits & 7) == 0 ? 0 : 1); if (data.Length != keyBytes + 1) { throw new ArgumentException(); } Number x = _field.ToElement(new Number(data, 1, keyBytes, false)); Number y2 = _field.Add(_field.Multiply(_field.Add(_field.Multiply(x, x), _group.A), x), _group.B); // (x^2 + a)*x + b Number y = _field.Sqrt(y2); if (_field.ToNormal(y).GetBit(0) != data[0] - 2) { y = _field.Modulus - y; } _x = x; _y = y; _z = _field.ToElement(Number.One); return; } case 4: { // 非圧縮データ int keyBits = group.P.BitCount(); int keyBytes = (keyBits >> 3) + ((keyBits & 7) == 0 ? 0 : 1); _x = _field.ToElement(new Number(data, 1, keyBytes, false)); _y = _field.ToElement(new Number(data, 1 + keyBytes, keyBytes, false)); _z = _field.ToElement(Number.One); return; } default: throw new ArgumentException(); } }
/// <summary>バイト配列より点を作成する (SEC1, 2.3.4)</summary> public ECPoint (ECGroup group, byte[] data) { _group = group; _field = group.FiniteField; switch (data[0]) { case 0: { // 無限遠点 ECPoint tmp = _field.GetInfinityPoint (_group); _x = tmp._x; _y = tmp._y; _z = tmp._z; return; } case 2: case 3: { // 点圧縮済みデータ int keyBits = group.P.BitCount (); int keyBytes = (keyBits >> 3) + ((keyBits & 7) == 0 ? 0 : 1); if (data.Length != keyBytes + 1) throw new ArgumentException (); Number x = _field.ToElement (new Number (data, 1, keyBytes, false)); Number y2 = _field.Add (_field.Multiply (_field.Add (_field.Multiply (x, x), _group.A), x), _group.B); // (x^2 + a)*x + b Number y = _field.Sqrt (y2); if (_field.ToNormal (y).GetBit (0) != data[0] - 2) y = _field.Modulus - y; _x = x; _y = y; _z = _field.ToElement (Number.One); return; } case 4: { // 非圧縮データ int keyBits = group.P.BitCount (); int keyBytes = (keyBits >> 3) + ((keyBits & 7) == 0 ? 0 : 1); _x = _field.ToElement (new Number (data, 1, keyBytes, false)); _y = _field.ToElement (new Number (data, 1 + keyBytes, keyBytes, false)); _z = _field.ToElement (Number.One); return; } default: throw new ArgumentException (); } }
internal byte[] SignHash(byte[] hash, byte[] randomK) #endif { if (hash == null) { throw new ArgumentNullException(); } if (hash.Length == 0) { throw new ArgumentException(); } if (_params.D == null && _params.Q == null) { _params.CreateNewPrivateKey(); } if (_params.D == null) { throw new CryptographicException(); } Number r, s, k; IFiniteField field = _params.Domain.FieldN; int keyBytes = (int)((_params.Domain.Bits >> 3) + ((_params.Domain.Bits & 7) == 0 ? 0U : 1U)); byte[] raw = new byte[keyBytes << 1]; Number e = HashToNumber(hash); do { do { // Step.1 #if TEST k = randomK == null ? k = Number.CreateRandomElement(_params.Domain.N) : new Number(randomK, false); #else k = Number.CreateRandomElement(_params.Domain.N); #endif // Step.2 ECPoint tmp = _params.Domain.G.Multiply(k).Export(); // Step.3 r = tmp.X % _params.Domain.N; if (!r.IsZero()) { r.CopyToBigEndian(raw, 0, keyBytes); break; } } while (true); // Step.4 k = field.Invert(field.ToElement(k)); // Step.6 r = field.ToElement(r); e = field.ToElement(e); s = field.Multiply(k, field.Add(e, field.Multiply(r, field.ToElement(_params.D)))); if (!s.IsZero()) { s = field.ToNormal(s); s.CopyToBigEndian(raw, raw.Length >> 1, keyBytes); break; } } while (true); return(raw); }
public bool VerifyHash(byte[] hash, byte[] sig) { if (sig.Length != (_params.Domain.Bits >> 2) + ((_params.Domain.Bits & 7) == 0 ? 0 : 2)) { throw new ArgumentException(); } if (hash.Length == 0) { throw new ArgumentException(); } if (_params.Q == null && _params.D != null) { _params.CreatePublicKeyFromPrivateKey(); } if (_params.Q == null) { throw new CryptographicException(); } int halfLen = sig.Length >> 1; Number r = new Number(sig, 0, halfLen, false); Number s = new Number(sig, halfLen, halfLen, false); Number e = HashToNumber(hash); IFiniteField field = _params.Domain.FieldN; if (r >= _params.Domain.N || s >= _params.Domain.N) { return(false); } // Step.1 e = field.ToElement(e); s = field.ToElement(s); Number r2 = field.ToElement(r); // Step.2 Number w = field.Invert(s); // Step.3 Number u1 = field.ToNormal(field.Multiply(e, w)); Number u2 = field.ToNormal(field.Multiply(r2, w)); // Step.4 //ECPoint X = _params.Domain.G.Multiply (u1).Add (_params.Q.Multiply (u2)); ECPoint X; if (u1.IsZero()) { X = _params.Domain.FieldN.GetInfinityPoint(_params.Domain.Group).Add(_params.Q.Multiply(u2)); } else { X = ECPoint.MultiplyAndAdd(_params.Domain.G, u1, _params.Q, u2); } // Step.5 if (X.IsInifinity()) { return(false); } X = X.Export(); // Step.6 Number v = X.X % _params.Domain.N; return(r.CompareTo(v) == 0); }