public DHParameters(
IBigInteger p,
IBigInteger g,
IBigInteger q,
int m,
int l,
IBigInteger j,
DHValidationParameters validation)
{
if (p == null)
{
throw new ArgumentNullException("p");
}
if (g == null)
{
throw new ArgumentNullException("g");
}
if (!p.TestBit(0))
{
throw new ArgumentException(@"field must be an odd prime", "p");
}
if (g.CompareTo(BigInteger.Two) < 0 ||
g.CompareTo(p.Subtract(BigInteger.Two)) > 0)
{
throw new ArgumentException(@"generator must in the range [2, p - 2]", "g");
}
if (q != null && q.BitLength >= p.BitLength)
{
throw new ArgumentException(@"q too big to be a factor of (p-1)", "q");
}
if (m >= p.BitLength)
{
throw new ArgumentException(@"m value must be < bitlength of p", "m");
}
if (l != 0)
{
if (l >= p.BitLength)
{
throw new ArgumentException(@"when l value specified, it must be less than bitlength(p)", "l");
}
if (l < m)
{
throw new ArgumentException(@"when l value specified, it may not be less than m value", "l");
}
}
if (j != null && j.CompareTo(BigInteger.Two) < 0)
{
throw new ArgumentException(@"subgroup factor must be >= 2", "j");
}
// TODO If q, j both provided, validate p = jq + 1 ?
this.p = p;
this.g = g;
this.q = q;
this.m = m;
this.l = l;
this.j = j;
this.validation = validation;
}
// Section 7.2.6 ECVP-NR, pg 35
/**
* return true if the value r and s represent a signature for the
* message passed in. Generally, the order of the curve should be at
* least as long as the hash of the message of interest, and with
* ECNR, it *must* be at least as long. But just in case the signer
* applied mod(n) to the longer digest, this implementation will
* apply mod(n) during verification.
*
* @param digest the digest to be verified.
* @param r the r value of the signature.
* @param s the s value of the signature.
* @exception DataLengthException if the digest is longer than the key allows
*/
public bool VerifySignature(
byte[] message,
IBigInteger r,
IBigInteger s)
{
if (this._forSigning)
{
// not properly initilaized... deal with it
throw new InvalidOperationException("not initialised for verifying");
}
ECPublicKeyParameters pubKey = (ECPublicKeyParameters)_key;
IBigInteger n = pubKey.Parameters.N;
int nBitLength = n.BitLength;
IBigInteger e = new BigInteger(1, message);
int eBitLength = e.BitLength;
if (eBitLength > nBitLength)
{
throw new DataLengthException("input too large for ECNR key.");
}
// r in the range [1,n-1]
if (r.CompareTo(BigInteger.One) < 0 || r.CompareTo(n) >= 0)
{
return(false);
}
// TODO So why is this different from the spec?
// s in the range [0,n-1] NB: ECNR spec says 0
if (s.CompareTo(BigInteger.Zero) < 0 || s.CompareTo(n) >= 0)
{
return(false);
}
// compute P = sG + rW
ECPoint G = pubKey.Parameters.G;
ECPoint W = pubKey.Q;
// calculate P using Bouncy math
ECPoint P = ECAlgorithms.SumOfTwoMultiplies(G, s, W, r);
IBigInteger x = P.X.ToBigInteger();
IBigInteger t = r.Subtract(x).Mod(n);
return(t.Equals(e));
}
// 5.4 pg 29
/**
* return true if the value r and s represent a DSA signature for
* the passed in message (for standard DSA the message should be
* a SHA-1 hash of the real message to be verified).
*/
public bool VerifySignature(byte[] message, IBigInteger r, IBigInteger s)
{
var n = _key.Parameters.N;
// r and s should both in the range [1,n-1]
if (r.SignValue < 1 || s.SignValue < 1 || r.CompareTo(n) >= 0 || s.CompareTo(n) >= 0)
{
return(false);
}
var e = CalculateE(n, message);
var c = s.ModInverse(n);
var u1 = e.Multiply(c).Mod(n);
var u2 = r.Multiply(c).Mod(n);
var g = _key.Parameters.G;
var q = ((ECPublicKeyParameters)_key).Q;
var point = ECAlgorithms.SumOfTwoMultiplies(g, u1, q, u2);
var v = point.X.ToBigInteger().Mod(n);
return(v.Equals(r));
}
/**
* Return a random IBigInteger not less than 'min' and not greater than 'max'
*
* @param min the least value that may be generated
* @param max the greatest value that may be generated
* @param random the source of randomness
* @return a random IBigInteger value in the range [min,max]
*/
public static IBigInteger CreateRandomInRange(
IBigInteger min,
IBigInteger max,
// TODO Should have been just Random class
ISecureRandom random)
{
int cmp = min.CompareTo(max);
if (cmp >= 0)
{
if (cmp > 0)
throw new ArgumentException("'min' may not be greater than 'max'");
return min;
}
if (min.BitLength > max.BitLength / 2)
{
return CreateRandomInRange(BigInteger.Zero, max.Subtract(min), random).Add(min);
}
for (int i = 0; i < MaxIterations; ++i)
{
IBigInteger x = new BigInteger(max.BitLength, random);
if (x.CompareTo(min) >= 0 && x.CompareTo(max) <= 0)
{
return x;
}
}
// fall back to a faster (restricted) method
return new BigInteger(max.Subtract(min).BitLength - 1, random).Add(min);
}
private static IBigInteger CalculateGenerator_FIPS186_3_Verifiable(IDigest d, IBigInteger p, IBigInteger q,
byte[] seed, int index)
{
// A.2.3 Verifiable Canonical Generation of the Generator g
IBigInteger e = p.Subtract(BigInteger.One).Divide(q);
byte[] ggen = Hex.Decode("6767656E");
// 7. U = domain_parameter_seed || "ggen" || index || count.
byte[] U = new byte[seed.Length + ggen.Length + 1 + 2];
Array.Copy(seed, 0, U, 0, seed.Length);
Array.Copy(ggen, 0, U, seed.Length, ggen.Length);
U[U.Length - 3] = (byte)index;
byte[] w = new byte[d.GetDigestSize()];
for (int count = 1; count < (1 << 16); ++count)
{
Inc(U);
Hash(d, U, w);
IBigInteger W = new BigInteger(1, w);
IBigInteger g = W.ModPow(e, p);
if (g.CompareTo(BigInteger.Two) >= 0)
{
return(g);
}
}
return(null);
}
/**
* Return a random IBigInteger not less than 'min' and not greater than 'max'
*
* @param min the least value that may be generated
* @param max the greatest value that may be generated
* @param random the source of randomness
* @return a random IBigInteger value in the range [min,max]
*/
public static IBigInteger CreateRandomInRange(
IBigInteger min,
IBigInteger max,
// TODO Should have been just Random class
ISecureRandom random)
{
int cmp = min.CompareTo(max);
if (cmp >= 0)
{
if (cmp > 0)
{
throw new ArgumentException("'min' may not be greater than 'max'");
}
return(min);
}
if (min.BitLength > max.BitLength / 2)
{
return(CreateRandomInRange(BigInteger.Zero, max.Subtract(min), random).Add(min));
}
for (int i = 0; i < MaxIterations; ++i)
{
IBigInteger x = new BigInteger(max.BitLength, random);
if (x.CompareTo(min) >= 0 && x.CompareTo(max) <= 0)
{
return(x);
}
}
// fall back to a faster (restricted) method
return(new BigInteger(max.Subtract(min).BitLength - 1, random).Add(min));
}
public RsaSecretBcpgKey(IBigInteger d, IBigInteger p, IBigInteger q)
{
// PGP requires (p < q)
var cmp = p.CompareTo(q);
if (cmp >= 0)
{
if (cmp == 0)
{
throw new ArgumentException("p and q cannot be equal");
}
var tmp = p;
p = q;
q = tmp;
}
_d = new MPInteger(d);
_p = new MPInteger(p);
_q = new MPInteger(q);
_u = new MPInteger(p.ModInverse(q));
_expP = d.Remainder(p.Subtract(BigInteger.One));
_expQ = d.Remainder(q.Subtract(BigInteger.One));
_crt = q.ModInverse(p);
}
/// <summary>
/// Initializes a new instance of the <see cref="FPFieldElement"/> class.
/// </summary>
/// <param name="q">The q.</param>
/// <param name="x">The x.</param>
/// <exception cref="System.ArgumentException">x value too large in field element</exception>
public FPFieldElement(IBigInteger q, IBigInteger x)
{
if (x.CompareTo(q) >= 0)
throw new ArgumentException("x value too large in field element");
_q = q;
_x = x;
}
public Gost3410PublicKeyParameters(
IBigInteger y,
DerObjectIdentifier publicKeyParamSet)
: base(false, publicKeyParamSet)
{
if (y.SignValue < 1 || y.CompareTo(Parameters.P) >= 0)
throw new ArgumentException(@"Invalid y for GOST3410 public key", "y");
this.y = y;
}
public Gost3410PrivateKeyParameters(
IBigInteger x,
DerObjectIdentifier publicKeyParamSet)
: base(true, publicKeyParamSet)
{
if (x.SignValue < 1 || x.BitLength > 256 || x.CompareTo(Parameters.Q) >= 0)
throw new ArgumentException(@"Invalid x for GOST3410 private key", "x");
this.x = x;
}
/// <summary>
/// Initializes a new instance of the <see cref="FPFieldElement"/> class.
/// </summary>
/// <param name="q">The q.</param>
/// <param name="x">The x.</param>
/// <exception cref="System.ArgumentException">x value too large in field element</exception>
public FPFieldElement(IBigInteger q, IBigInteger x)
{
if (x.CompareTo(q) >= 0)
{
throw new ArgumentException("x value too large in field element");
}
_q = q;
_x = x;
}
public DHParameters(
IBigInteger p,
IBigInteger g,
IBigInteger q,
int m,
int l,
IBigInteger j,
DHValidationParameters validation)
{
if (p == null)
throw new ArgumentNullException("p");
if (g == null)
throw new ArgumentNullException("g");
if (!p.TestBit(0))
throw new ArgumentException(@"field must be an odd prime", "p");
if (g.CompareTo(BigInteger.Two) < 0
|| g.CompareTo(p.Subtract(BigInteger.Two)) > 0)
throw new ArgumentException(@"generator must in the range [2, p - 2]", "g");
if (q != null && q.BitLength >= p.BitLength)
throw new ArgumentException(@"q too big to be a factor of (p-1)", "q");
if (m >= p.BitLength)
throw new ArgumentException(@"m value must be < bitlength of p", "m");
if (l != 0)
{
if (l >= p.BitLength)
throw new ArgumentException(@"when l value specified, it must be less than bitlength(p)", "l");
if (l < m)
throw new ArgumentException(@"when l value specified, it may not be less than m value", "l");
}
if (j != null && j.CompareTo(BigInteger.Two) < 0)
throw new ArgumentException(@"subgroup factor must be >= 2", "j");
// TODO If q, j both provided, validate p = jq + 1 ?
this.p = p;
this.g = g;
this.q = q;
this.m = m;
this.l = l;
this.j = j;
this.validation = validation;
}
public Gost3410PublicKeyParameters(
IBigInteger y,
DerObjectIdentifier publicKeyParamSet)
: base(false, publicKeyParamSet)
{
if (y.SignValue < 1 || y.CompareTo(Parameters.P) >= 0)
{
throw new ArgumentException(@"Invalid y for GOST3410 public key", "y");
}
this.y = y;
}
public Gost3410PrivateKeyParameters(
IBigInteger x,
DerObjectIdentifier publicKeyParamSet)
: base(true, publicKeyParamSet)
{
if (x.SignValue < 1 || x.BitLength > 256 || x.CompareTo(Parameters.Q) >= 0)
{
throw new ArgumentException(@"Invalid x for GOST3410 private key", "x");
}
this.x = x;
}
/**
* return true if the value r and s represent a GOST3410 signature for
* the passed in message (for standard GOST3410 the message should be
* a GOST3411 hash of the real message to be verified).
*/
public bool VerifySignature(
byte[] message,
IBigInteger r,
IBigInteger s)
{
byte[] mRev = new byte[message.Length]; // conversion is little-endian
for (int i = 0; i != mRev.Length; i++)
{
mRev[i] = message[mRev.Length - 1 - i];
}
IBigInteger e = new BigInteger(1, mRev);
IBigInteger n = key.Parameters.N;
// r in the range [1,n-1]
if (r.CompareTo(BigInteger.One) < 0 || r.CompareTo(n) >= 0)
{
return(false);
}
// s in the range [1,n-1]
if (s.CompareTo(BigInteger.One) < 0 || s.CompareTo(n) >= 0)
{
return(false);
}
IBigInteger v = e.ModInverse(n);
IBigInteger z1 = s.Multiply(v).Mod(n);
IBigInteger z2 = (n.Subtract(r)).Multiply(v).Mod(n);
ECPoint G = key.Parameters.G; // P
ECPoint Q = ((ECPublicKeyParameters)key).Q;
ECPoint point = ECAlgorithms.SumOfTwoMultiplies(G, z1, Q, z2);
IBigInteger R = point.X.ToBigInteger().Mod(n);
return(R.Equals(r));
}
protected virtual DHPublicKeyParameters ValidateDHPublicKey(DHPublicKeyParameters key)
{
IBigInteger Y = key.Y;
DHParameters parameters = key.Parameters;
IBigInteger p = parameters.P;
IBigInteger g = parameters.G;
if (!p.IsProbablePrime(2))
{
throw new TlsFatalAlert(AlertDescription.illegal_parameter);
}
if (g.CompareTo(BigInteger.Two) < 0 || g.CompareTo(p.Subtract(BigInteger.Two)) > 0)
{
throw new TlsFatalAlert(AlertDescription.illegal_parameter);
}
if (Y.CompareTo(BigInteger.Two) < 0 || Y.CompareTo(p.Subtract(BigInteger.One)) > 0)
{
throw new TlsFatalAlert(AlertDescription.illegal_parameter);
}
// TODO See RFC 2631 for more discussion of Diffie-Hellman validation
return(key);
}
public void TestNextProbablePrime()
{
IBigInteger firstPrime = BigInteger.ProbablePrime(32, _random);
IBigInteger nextPrime = firstPrime.NextProbablePrime();
Assert.IsTrue(firstPrime.IsProbablePrime(10));
Assert.IsTrue(nextPrime.IsProbablePrime(10));
IBigInteger check = firstPrime.Add(one);
while (check.CompareTo(nextPrime) < 0)
{
Assert.IsFalse(check.IsProbablePrime(10));
check = check.Add(one);
}
}
/**
* Procedure C
* procedure generates the a value from the given p,q,
* returning the a value.
*/
private IBigInteger procedure_C(IBigInteger p, IBigInteger q)
{
IBigInteger pSub1 = p.Subtract(BigInteger.One);
IBigInteger pSub1Divq = pSub1.Divide(q);
for (;;)
{
IBigInteger d = new BigInteger(p.BitLength, init_random);
// 1 < d < p-1
if (d.CompareTo(BigInteger.One) > 0 && d.CompareTo(pSub1) < 0)
{
IBigInteger a = d.ModPow(pSub1Divq, p);
if (a.CompareTo(BigInteger.One) != 0)
{
return(a);
}
}
}
}
public RsaSecretBcpgKey(IBigInteger d, IBigInteger p, IBigInteger q)
{
// PGP requires (p < q)
var cmp = p.CompareTo(q);
if (cmp >= 0)
{
if (cmp == 0)
throw new ArgumentException("p and q cannot be equal");
var tmp = p;
p = q;
q = tmp;
}
_d = new MPInteger(d);
_p = new MPInteger(p);
_q = new MPInteger(q);
_u = new MPInteger(p.ModInverse(q));
_expP = d.Remainder(p.Subtract(BigInteger.One));
_expQ = d.Remainder(q.Subtract(BigInteger.One));
_crt = q.ModInverse(p);
}
/**
* return true if the value r and s represent a GOST3410 signature for
* the passed in message (for standard GOST3410 the message should be
* a GOST3411 hash of the real message to be verified).
*/
public bool VerifySignature(
byte[] message,
IBigInteger r,
IBigInteger s)
{
byte[] mRev = new byte[message.Length]; // conversion is little-endian
for (int i = 0; i != mRev.Length; i++)
{
mRev[i] = message[mRev.Length - 1 - i];
}
IBigInteger e = new BigInteger(1, mRev);
IBigInteger n = key.Parameters.N;
// r in the range [1,n-1]
if (r.CompareTo(BigInteger.One) < 0 || r.CompareTo(n) >= 0)
{
return false;
}
// s in the range [1,n-1]
if (s.CompareTo(BigInteger.One) < 0 || s.CompareTo(n) >= 0)
{
return false;
}
IBigInteger v = e.ModInverse(n);
IBigInteger z1 = s.Multiply(v).Mod(n);
IBigInteger z2 = (n.Subtract(r)).Multiply(v).Mod(n);
ECPoint G = key.Parameters.G; // P
ECPoint Q = ((ECPublicKeyParameters)key).Q;
ECPoint point = ECAlgorithms.SumOfTwoMultiplies(G, z1, Q, z2);
IBigInteger R = point.X.ToBigInteger().Mod(n);
return R.Equals(r);
}
/**
* Computes the <code>[τ]</code>-adic window NAF of an element
* <code>λ</code> of <code><b>Z</b>[τ]</code>.
* @param mu The parameter μ of the elliptic curve.
* @param lambda The element <code>λ</code> of
* <code><b>Z</b>[τ]</code> of which to compute the
* <code>[τ]</code>-adic NAF.
* @param width The window width of the resulting WNAF.
* @param pow2w 2<sup>width</sup>.
* @param tw The auxiliary value <code>t<sub>w</sub></code>.
* @param alpha The <code>α<sub>u</sub></code>'s for the window width.
* @return The <code>[τ]</code>-adic window NAF of
* <code>λ</code>.
*/
public static sbyte[] TauAdicWNaf(sbyte mu, ZTauElement lambda,
sbyte width, IBigInteger pow2w, IBigInteger tw, ZTauElement[] alpha)
{
if (!((mu == 1) || (mu == -1)))
{
throw new ArgumentException("mu must be 1 or -1");
}
IBigInteger norm = Norm(mu, lambda);
// Ceiling of log2 of the norm
int log2Norm = norm.BitLength;
// If length(TNAF) > 30, then length(TNAF) < log2Norm + 3.52
int maxLength = log2Norm > 30 ? log2Norm + 4 + width : 34 + width;
// The array holding the TNAF
sbyte[] u = new sbyte[maxLength];
// 2^(width - 1)
IBigInteger pow2wMin1 = pow2w.ShiftRight(1);
// Split lambda into two BigIntegers to simplify calculations
IBigInteger r0 = lambda.u;
IBigInteger r1 = lambda.v;
int i = 0;
// while lambda <> (0, 0)
while (!((r0.Equals(BigInteger.Zero)) && (r1.Equals(BigInteger.Zero))))
{
// if r0 is odd
if (r0.TestBit(0))
{
// uUnMod = r0 + r1*tw Mod 2^width
IBigInteger uUnMod
= r0.Add(r1.Multiply(tw)).Mod(pow2w);
sbyte uLocal;
// if uUnMod >= 2^(width - 1)
if (uUnMod.CompareTo(pow2wMin1) >= 0)
{
uLocal = (sbyte)uUnMod.Subtract(pow2w).IntValue;
}
else
{
uLocal = (sbyte)uUnMod.IntValue;
}
// uLocal is now in [-2^(width-1), 2^(width-1)-1]
u[i] = uLocal;
bool s = true;
if (uLocal < 0)
{
s = false;
uLocal = (sbyte)-uLocal;
}
// uLocal is now >= 0
if (s)
{
r0 = r0.Subtract(alpha[uLocal].u);
r1 = r1.Subtract(alpha[uLocal].v);
}
else
{
r0 = r0.Add(alpha[uLocal].u);
r1 = r1.Add(alpha[uLocal].v);
}
}
else
{
u[i] = 0;
}
IBigInteger t = r0;
if (mu == 1)
{
r0 = r1.Add(r0.ShiftRight(1));
}
else
{
// mu == -1
r0 = r1.Subtract(r0.ShiftRight(1));
}
r1 = t.ShiftRight(1).Negate();
i++;
}
return(u);
}
public virtual bool Match(
object obj)
{
X509Crl c = obj as X509Crl;
if (c == null)
{
return(false);
}
if (dateAndTime != null)
{
DateTime dt = dateAndTime.Value;
DateTime tu = c.ThisUpdate;
DateTimeObject nu = c.NextUpdate;
if (dt.CompareTo(tu) < 0 || nu == null || dt.CompareTo(nu.Value) >= 0)
{
return(false);
}
}
if (issuers != null)
{
X509Name i = c.IssuerDN;
bool found = false;
foreach (X509Name issuer in issuers)
{
if (issuer.Equivalent(i, true))
{
found = true;
break;
}
}
if (!found)
{
return(false);
}
}
if (maxCrlNumber != null || minCrlNumber != null)
{
Asn1OctetString extVal = c.GetExtensionValue(X509Extensions.CrlNumber);
if (extVal == null)
{
return(false);
}
IBigInteger cn = CrlNumber.GetInstance(
X509ExtensionUtilities.FromExtensionValue(extVal)).PositiveValue;
if (maxCrlNumber != null && cn.CompareTo(maxCrlNumber) > 0)
{
return(false);
}
if (minCrlNumber != null && cn.CompareTo(minCrlNumber) < 0)
{
return(false);
}
}
DerInteger dci = null;
try
{
Asn1OctetString bytes = c.GetExtensionValue(X509Extensions.DeltaCrlIndicator);
if (bytes != null)
{
dci = DerInteger.GetInstance(X509ExtensionUtilities.FromExtensionValue(bytes));
}
}
catch (Exception)
{
return(false);
}
if (dci == null)
{
if (DeltaCrlIndicatorEnabled)
{
return(false);
}
}
else
{
if (CompleteCrlEnabled)
{
return(false);
}
if (maxBaseCrlNumber != null && dci.PositiveValue.CompareTo(maxBaseCrlNumber) > 0)
{
return(false);
}
}
if (issuingDistributionPointEnabled)
{
Asn1OctetString idp = c.GetExtensionValue(X509Extensions.IssuingDistributionPoint);
if (issuingDistributionPoint == null)
{
if (idp != null)
{
return(false);
}
}
else
{
if (!Arrays.AreEqual(idp.GetOctets(), issuingDistributionPoint))
{
return(false);
}
}
}
return(true);
}
// 5.4 pg 29
/**
* return true if the value r and s represent a DSA signature for
* the passed in message (for standard DSA the message should be
* a SHA-1 hash of the real message to be verified).
*/
public bool VerifySignature(byte[] message, IBigInteger r, IBigInteger s)
{
var n = _key.Parameters.N;
// r and s should both in the range [1,n-1]
if (r.SignValue < 1 || s.SignValue < 1 || r.CompareTo(n) >= 0 || s.CompareTo(n) >= 0)
{
return false;
}
var e = CalculateE(n, message);
var c = s.ModInverse(n);
var u1 = e.Multiply(c).Mod(n);
var u2 = r.Multiply(c).Mod(n);
var g = _key.Parameters.G;
var q = ((ECPublicKeyParameters)_key).Q;
var point = ECAlgorithms.SumOfTwoMultiplies(g, u1, q, u2);
var v = point.X.ToBigInteger().Mod(n);
return v.Equals(r);
}
// Section 7.2.6 ECVP-NR, pg 35
/**
* return true if the value r and s represent a signature for the
* message passed in. Generally, the order of the curve should be at
* least as long as the hash of the message of interest, and with
* ECNR, it *must* be at least as long. But just in case the signer
* applied mod(n) to the longer digest, this implementation will
* apply mod(n) during verification.
*
* @param digest the digest to be verified.
* @param r the r value of the signature.
* @param s the s value of the signature.
* @exception DataLengthException if the digest is longer than the key allows
*/
public bool VerifySignature(
byte[] message,
IBigInteger r,
IBigInteger s)
{
if (this._forSigning)
{
// not properly initilaized... deal with it
throw new InvalidOperationException("not initialised for verifying");
}
ECPublicKeyParameters pubKey = (ECPublicKeyParameters)_key;
IBigInteger n = pubKey.Parameters.N;
int nBitLength = n.BitLength;
IBigInteger e = new BigInteger(1, message);
int eBitLength = e.BitLength;
if (eBitLength > nBitLength)
{
throw new DataLengthException("input too large for ECNR key.");
}
// r in the range [1,n-1]
if (r.CompareTo(BigInteger.One) < 0 || r.CompareTo(n) >= 0)
{
return false;
}
// TODO So why is this different from the spec?
// s in the range [0,n-1] NB: ECNR spec says 0
if (s.CompareTo(BigInteger.Zero) < 0 || s.CompareTo(n) >= 0)
{
return false;
}
// compute P = sG + rW
ECPoint G = pubKey.Parameters.G;
ECPoint W = pubKey.Q;
// calculate P using Bouncy math
ECPoint P = ECAlgorithms.SumOfTwoMultiplies(G, s, W, r);
IBigInteger x = P.X.ToBigInteger();
IBigInteger t = r.Subtract(x).Mod(n);
return t.Equals(e);
}
public int CompareTo(SimpleBigDecimal val)
{
CheckScale(val);
return(bigInt.CompareTo(val.bigInt));
}
