private static ulong AsUInt64(BigInteger num)
{
int bits = num.BitCount();
if (bits >= 64)
throw new ArgumentException("too large BigInteger value");
byte[] data = num.GetBytes();
ulong val = 0;
foreach (byte b in data) {
val = (val << 8) | b;
}
return val;
}
/// <summary>
/// Extract an message from the encoded message (EM) described in PKCS#1
/// </summary>
/// <param name="input">encoded message bits</param>
/// <param name="type">type number (1 or 2)</param>
/// <returns>message bits</returns>
public static BigInteger StripPKCS1Pad(BigInteger input, int type)
{
byte[] strip = input.GetBytes();
int stripLen = strip.Length;
int i = 0;
while (true) {
if (i >= stripLen) {
throw new ArgumentException("Invalid EM format");
}
if (strip[i] != 0) {
break;
}
i++;
}
if (strip[i] != type) {
throw new ArgumentException(String.Format("Invalid PKCS1 padding {0}", type));
}
i++;
int padLen = 0;
while (true) {
if (i >= stripLen) {
throw new ArgumentException("Invalid EM format");
}
byte b = strip[i];
if (b == 0) {
break;
}
if (type == 1 && b != 0xff) {
throw new ArgumentException("Invalid PKCS1 padding");
}
padLen++;
i++;
}
if (padLen < 8) {
throw new ArgumentException("Invalid PKCS1 padding");
}
i++; // skip 0x00
if (i >= stripLen) {
throw new ArgumentException("Invalid PKCS1 padding, corrupt data");
}
byte[] val = new byte[stripLen - i];
Buffer.BlockCopy(strip, i, val, 0, val.Length);
return new BigInteger(val);
}
public byte[] SignWithSHA1(byte[] data)
{
byte[] hash = new SHA1CryptoServiceProvider().ComputeHash(data);
byte[] buf = new byte[hash.Length + PKIUtil.SHA1_ASN_ID.Length];
Array.Copy(PKIUtil.SHA1_ASN_ID, 0, buf, 0, PKIUtil.SHA1_ASN_ID.Length);
Array.Copy(hash, 0, buf, PKIUtil.SHA1_ASN_ID.Length, hash.Length);
BigInteger x = new BigInteger(buf);
//Debug.WriteLine(x.ToString(16));
int padLen = (_publickey._n.BitCount() + 7) / 8;
BigInteger xx = RSAUtil.PKCS1PadType1(x.GetBytes(), padLen);
byte[] result = Sign(xx.GetBytes());
return result;
}
/// <summary>
/// Point multiplication over the curve
/// </summary>
private bool PointMul(
BigInteger.ModulusRing ring,
ECPoint p1,
BigInteger k,
out ECPoint p2) {
//
// Windowed method
//
const int W = 4;
const uint TPW = 1u << W; // 2^W
// precompute point multiplication : {1 .. 2^W-1}P.
// array is allocated for {0 .. 2^W-1}P, and index 0 is never used.
ECPoint[] precomp = new ECPoint[TPW];
{
ECPoint t = p1;
precomp[1] = t;
if (!PointDouble(ring, t, out t)) {
goto Failure;
}
precomp[2] = t;
for (uint i = 3; i < TPW; ++i) {
if (!PointAdd(ring, t, p1, out t)) {
goto Failure;
}
precomp[i] = t;
}
}
byte[] bits = k.GetBytes();
ECPoint p = null;
foreach (byte b in bits) {
for (int f = 0; f < 2; ++f) {
if (p != null) {
for (int i = 0; i < 4; ++i) {
if (!PointDouble(ring, p, out p)) {
goto Failure;
}
}
}
int precompIndex = (f == 0) ? (b >> 4) : (b & 0xf);
if (precompIndex != 0) {
if (p != null) {
if (!PointAdd(ring, p, precomp[precompIndex], out p)) {
goto Failure;
}
}
else {
p = precomp[precompIndex];
}
}
}
}
if (p == null) {
// case of k = 0
goto Failure;
}
// succeeded
p2 = p;
return true;
Failure:
p2 = null;
return false;
}
/// <summary>
/// Point multiplication over the curve
/// </summary>
private bool PointMul(
BigInteger.ModulusRing ring,
ECPoint p1,
BigInteger k,
out ECPoint p2) {
//
// Uses Width-w NAF method
//
if (p1 is ECPointAtInfinity) {
p2 = p1;
return true;
}
const int W = 6;
const uint TPW = 1u << W; // 2^W
const uint TPWD = 1u << (W - 1); // 2^(W-1)
// precompute point multiplication : {1 .. 2^(W-1)-1}P.
// array is allocated for {0 .. 2^(W-1)-1}P, and only elements at the odd index are used.
ECPoint[] precomp = new ECPoint[TPWD];
ECPoint[] precompNeg = new ECPoint[TPWD]; // -{1 .. 2^(W-1)-1}P; points are set on demand.
{
ECPoint t = p1;
ECPoint t2;
if (!PointDouble(ring, t, out t2)) {
goto Failure;
}
for (uint i = 1; i < TPWD; i += 2) {
if (i != 1) {
if (!PointAdd(ring, t, t2, out t)) {
goto Failure;
}
}
precomp[i] = t;
}
}
Stack<sbyte> precompIndex;
{
byte[] d = k.GetBytes();
int bitCount = k.BitCount();
int bitIndex = 0;
int byteOffset = d.Length - 1;
bool noMoreBits = false;
uint bitBuffer = 0;
const uint WMASK = (1u << W) - 1;
precompIndex = new Stack<sbyte>(bitCount + 1);
if (bitIndex < bitCount) {
bitBuffer = (uint)(d[byteOffset] & WMASK);
bitIndex += W;
}
else {
noMoreBits = true;
}
while (!noMoreBits || bitBuffer != 0) {
if ((bitBuffer & 1) != 0) { // bits % 2 == 1
uint m = bitBuffer & WMASK; // m = bits % TPW;
if ((m & TPWD) != 0) { // test m >= 2^(W-1)
// m is odd; thus
// (2^(W-1) + 1) <= m <= (2^W - 1)
sbyte index = (sbyte)((int)m - (int)TPW); // -2^(W-1)+1 .. -1
precompIndex.Push(index);
bitBuffer = (bitBuffer & ~WMASK) + TPW; // bits -= m - 2^W
// a carried bit by adding 2^W is retained in the bit buffer
}
else {
// 1 <= m <= (2^(W-1) - 1)
sbyte index = (sbyte)m; // odd index
precompIndex.Push(index);
bitBuffer = (bitBuffer & ~WMASK); // bits -= m
}
}
else {
precompIndex.Push(0);
}
// shift bits
if (bitIndex < bitCount) {
// load next bit into the bit buffer (add to the carried bits in the bit buffer)
bitBuffer += (uint)((d[byteOffset - bitIndex / 8] >> (bitIndex % 8)) & 1) << W;
++bitIndex;
}
else {
noMoreBits = true;
}
bitBuffer >>= 1;
}
}
{
ECPoint p = null;
while (precompIndex.Count > 0) {
if (p != null) {
if (!PointDouble(ring, p, out p)) {
goto Failure;
}
}
ECPoint pre;
int index = precompIndex.Pop();
if (index > 0) {
pre = precomp[index];
}
else if (index < 0) {
pre = precompNeg[-index];
if (pre == null) {
// on EC over Fp, P={x, y} and -P={x, -y}
pre = precomp[-index];
if (!(pre is ECPointAtInfinity)) {
pre = new ECPoint(pre.X, ring.Difference(0, pre.Y));
}
precompNeg[-index] = pre;
}
}
else {
continue;
}
if (p != null) {
if (!PointAdd(ring, p, pre, out p)) {
goto Failure;
}
}
else {
p = pre;
}
}
if (p == null) {
// case of k = 0
goto Failure;
}
// succeeded
p2 = p;
return true;
}
Failure:
p2 = null;
return false;
}
/// <summary>
/// Point multiplication
/// </summary>
/// <param name="k">scalar value</param>
/// <param name="p">point</param>
/// <returns>result</returns>
private Ed25519Point PointMul(BigInteger k, Ed25519Point p)
{
Ed25519Point mp = p;
Ed25519Point q = new Ed25519Point(0, 1, 1, 0); // Neutral element
int kBitCount = k.BitCount();
byte[] kBytes = k.GetBytes();
int kOffset = kBytes.Length - 1;
for (int i = 0; i < kBitCount; ++i) {
if (i > 0) {
mp = PointAdd(mp, mp);
}
if ((kBytes[kOffset - i / 8] & (byte)(1 << (i % 8))) != 0) {
q = PointAdd(q, mp);
}
}
return q;
}
