static FixedSecureRandom()
{
M.BigInteger check1 = new M.BigInteger(128, new RandomChecker());
M.BigInteger check2 = new M.BigInteger(120, new RandomChecker());
isAndroidStyle = check1.Equals(ANDROID);
isRegularStyle = check1.Equals(REGULAR);
isClasspathStyle = check2.Equals(CLASSPATH);
}
public void TestECDsa192bitPrime()
{
BigInteger r = new BigInteger("3342403536405981729393488334694600415596881826869351677613");
BigInteger s = new BigInteger("5735822328888155254683894997897571951568553642892029982342");
byte[] kData = BigIntegers.AsUnsignedByteArray(new BigInteger("6140507067065001063065065565667405560006161556565665656654"));
SecureRandom k = FixedSecureRandom.From(kData);
FpCurve curve = new FpCurve(
new BigInteger("6277101735386680763835789423207666416083908700390324961279"), // q
new BigInteger("fffffffffffffffffffffffffffffffefffffffffffffffc", 16), // a
new BigInteger("64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1", 16)); // b
ECDomainParameters parameters = new ECDomainParameters(
curve,
curve.DecodePoint(Hex.Decode("03188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012")), // G
new BigInteger("6277101735386680763835789423176059013767194773182842284081")); // n
ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
"ECDSA",
new BigInteger("651056770906015076056810763456358567190100156695615665659"), // d
parameters);
ParametersWithRandom param = new ParametersWithRandom(priKey, k);
ECDsaSigner ecdsa = new ECDsaSigner();
ecdsa.Init(true, param);
byte[] message = new BigInteger("968236873715988614170569073515315707566766479517").ToByteArray();
BigInteger[] sig = ecdsa.GenerateSignature(message);
if (!r.Equals(sig[0]))
{
Fail("r component wrong." + SimpleTest.NewLine
+ " expecting: " + r + SimpleTest.NewLine
+ " got : " + sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail("s component wrong." + SimpleTest.NewLine
+ " expecting: " + s + SimpleTest.NewLine
+ " got : " + sig[1]);
}
// Verify the signature
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
"ECDSA",
curve.DecodePoint(Hex.Decode("0262b12d60690cdcf330babab6e69763b471f994dd702d16a5")), // Q
parameters);
ecdsa.Init(false, pubKey);
if (!ecdsa.VerifySignature(message, sig[0], sig[1]))
{
Fail("verification fails");
}
}
public static BigInteger ValidatePublicValue(BigInteger N, BigInteger val)
{
val = val.Mod(N);
// Check that val % N != 0
if (val.Equals(BigInteger.Zero))
throw new CryptoException("Invalid public value: 0");
return val;
}
protected void checkOptionalField(string name, BigInteger expected, BigInteger present)
{
if (expected != null)
{
if (!expected.Equals(present))
{
Fail(name + " field doesn't match.");
}
}
else if (present != null)
{
Fail(name + " field found when none expected.");
}
}
/// <summary>
/// MPI encoded numbers are produced by the OpenSSL BN_bn2mpi function.
/// They consist of a 4 byte big endian length field, followed by the stated number of bytes representing the number in big endian format (with a sign bit).
/// </summary>
/// <param name="value"></param>
/// <param name="includeLength">Indicates whether the 4 byte length field should be included</param>
/// <returns></returns>
public static byte[] Encode(BigInteger value,bool includeLength=true)
{
if(value.Equals(BigInteger.Zero))
{
if(!includeLength)
{ return new byte[0]; }
return new byte[] { 0x00,0x00,0x00,0x00 };
}
bool isNegative=value.CompareTo(BigInteger.Zero)<0;
if(isNegative)
{ value=value.Negate(); }
byte[] array=value.ToByteArray();
int length=array.Length;
if((array[0] & 0x80)==0x80)
{ length++; }
if(includeLength)
{
byte[] result=new byte[length+4];
Array.Copy(array,0,result,length-array.Length+3,array.Length);
((uint)length).ToByteArrayBe(result);
if(isNegative)
{ result[4]|=0x80; }
return result;
}
else
{
byte[] result;
if(length!=array.Length)
{
result=new byte[length];
Array.Copy(array,0,result,1,array.Length);
}
else
{ result=array; }
if(isNegative)
{ result[0]|=0x80; }
return result;
}
}
/**
* Generate a suitable blind factor for the public key the generator was initialised with.
*
* @return a random blind factor
*/
public BigInteger GenerateBlindingFactor()
{
if (key == null)
throw new InvalidOperationException("generator not initialised");
BigInteger m = key.Modulus;
int length = m.BitLength - 1; // must be less than m.BitLength
BigInteger factor;
BigInteger gcd;
do
{
factor = new BigInteger(length, random);
gcd = factor.Gcd(m);
}
while (factor.SignValue == 0 || factor.Equals(BigInteger.One) || !gcd.Equals(BigInteger.One));
return factor;
}
public ITestResult Perform()
{
BigInteger r = new BigInteger("90892707282f433398488f19d31ac48523a8e2ded68944e0da91c6895ee7045e",16);
BigInteger s = new BigInteger("3be4620ee88f1ee8f9dd63c7d145b7e554839feeca125049118262ea4651e9de",16);
Gost3410ParametersGenerator pGen = new Gost3410ParametersGenerator();
pGen.Init(1024, 2, init_random);
Gost3410Parameters parameters = pGen.GenerateParameters();
if (!pValue.Equals(parameters.P) || !qValue.Equals(parameters.Q))
{
return new SimpleTestResult(false, Name + ": p or q wrong");
}
Gost3410KeyPairGenerator Gost3410KeyGen = new Gost3410KeyPairGenerator();
Gost3410KeyGenerationParameters genParam = new Gost3410KeyGenerationParameters(keyRandom, parameters);
Gost3410KeyGen.Init(genParam);
AsymmetricCipherKeyPair pair = Gost3410KeyGen.GenerateKeyPair();
ParametersWithRandom param = new ParametersWithRandom(pair.Private, random);
Gost3410Signer Gost3410 = new Gost3410Signer();
Gost3410.Init(true, param);
BigInteger[] sig = Gost3410.GenerateSignature(hashmessage);
if (!r.Equals(sig[0]))
{
return new SimpleTestResult(false, Name
+ ": r component wrong." + SimpleTest.NewLine
+ " expecting: " + r.ToString(16) + SimpleTest.NewLine
+ " got : " + sig[0].ToString(16));
}
if (!s.Equals(sig[1]))
{
return new SimpleTestResult(false, Name
+ ": s component wrong." + SimpleTest.NewLine
+ " expecting: " + s.ToString(16) + SimpleTest.NewLine
+ " got : " + sig[1].ToString(16));
}
Gost3410.Init(false, pair.Public);
if (Gost3410.VerifySignature(hashmessage, sig[0], sig[1]))
{
return new SimpleTestResult(true, Name + ": Okay");
}
else
{
return new SimpleTestResult(false, Name + ": verification fails");
}
}
public ITestResult Perform()
{
BigInteger r = new BigInteger("8f79a582513df84dc247bcb624340cc0e5a34c4324a20ce7fe3ab8ff38a9db71",16);
BigInteger s = new BigInteger("7508d22fd6cbb45efd438cb875e43f137247088d0f54b29a7c91f68a65b5fa85",16);
Gost3410ParametersGenerator pGen = new Gost3410ParametersGenerator();
pGen.Init(1024, 2, init_random);
Gost3410Parameters parameters = pGen.GenerateParameters();
if (!pValue.Equals(parameters.P) || !qValue.Equals(parameters.Q))
{
return new SimpleTestResult(false, Name + ": p or q wrong");
}
Gost3410KeyPairGenerator Gost3410KeyGen = new Gost3410KeyPairGenerator();
Gost3410KeyGenerationParameters genParam = new Gost3410KeyGenerationParameters(keyRandom, parameters);
Gost3410KeyGen.Init(genParam);
AsymmetricCipherKeyPair pair = Gost3410KeyGen.GenerateKeyPair();
ParametersWithRandom param = new ParametersWithRandom(pair.Private, random);
Gost3410Signer Gost3410 = new Gost3410Signer();
Gost3410.Init(true, param);
BigInteger[] sig = Gost3410.GenerateSignature(hashmessage);
if (!r.Equals(sig[0]))
{
return new SimpleTestResult(false, Name
+ ": r component wrong." + SimpleTest.NewLine
+ " expecting: " + r.ToString(16) + SimpleTest.NewLine
+ " got : " + sig[0].ToString(16));
}
if (!s.Equals(sig[1]))
{
return new SimpleTestResult(false, Name
+ ": s component wrong." + SimpleTest.NewLine
+ " expecting: " + s.ToString(16) + SimpleTest.NewLine
+ " got : " + sig[1].ToString(16));
}
Gost3410.Init(false, pair.Public);
if (Gost3410.VerifySignature(hashmessage, sig[0], sig[1]))
{
return new SimpleTestResult(true, Name + ": Okay");
}
else
{
return new SimpleTestResult(false, Name + ": verification fails");
}
}
public override void PerformTest()
{
byte[] k1 = Hex.Decode("d5014e4b60ef2ba8b6211b4062ba3224e0427dd3");
byte[] k2 = Hex.Decode("345e8d05c075c3a508df729a1685690e68fcfb8c8117847e89063bca1f85d968fd281540b6e13bd1af989a1fbf17e06462bf511f9d0b140fb48ac1b1baa5bded");
SecureRandom random = FixedSecureRandom.From(k1, k2);
byte[] keyData = Hex.Decode("b5014e4b60ef2ba8b6211b4062ba3224e0427dd3");
SecureRandom keyRandom = FixedSecureRandom.From(keyData, keyData);
IBigInteger r = new BigInteger("68076202252361894315274692543577577550894681403");
IBigInteger s = new BigInteger("1089214853334067536215539335472893651470583479365");
DsaParametersGenerator pGen = new DsaParametersGenerator();
pGen.Init(512, 80, random);
DsaParameters parameters = pGen.GenerateParameters();
DsaValidationParameters pValid = parameters.ValidationParameters;
if (pValid.Counter != 105)
{
Fail("Counter wrong");
}
if (!pValue.Equals(parameters.P) || !qValue.Equals(parameters.Q))
{
Fail("p or q wrong");
}
DsaKeyPairGenerator dsaKeyGen = new DsaKeyPairGenerator();
DsaKeyGenerationParameters genParam = new DsaKeyGenerationParameters(keyRandom, parameters);
dsaKeyGen.Init(genParam);
IAsymmetricCipherKeyPair pair = dsaKeyGen.GenerateKeyPair();
ParametersWithRandom param = new ParametersWithRandom(pair.Private, keyRandom);
DsaSigner dsa = new DsaSigner();
dsa.Init(true, param);
byte[] message = new BigInteger("968236873715988614170569073515315707566766479517").ToByteArrayUnsigned();
IBigInteger[] sig = dsa.GenerateSignature(message);
if (!r.Equals(sig[0]))
{
Fail("r component wrong." + SimpleTest.NewLine
+ " expecting: " + r + SimpleTest.NewLine
+ " got : " + sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail("s component wrong." + SimpleTest.NewLine
+ " expecting: " + s + SimpleTest.NewLine
+ " got : " + sig[1]);
}
dsa.Init(false, pair.Public);
if (!dsa.VerifySignature(message, sig[0], sig[1]))
{
Fail("verification fails");
}
}
public void TestECDsa239bitPrime()
{
BigInteger r = new BigInteger("308636143175167811492622547300668018854959378758531778147462058306432176");
BigInteger s = new BigInteger("323813553209797357708078776831250505931891051755007842781978505179448783");
byte[] kData = BigIntegers.AsUnsignedByteArray(new BigInteger("700000017569056646655505781757157107570501575775705779575555657156756655"));
SecureRandom k = FixedSecureRandom.From(kData);
FpCurve curve = new FpCurve(
new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"), // q
new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16), // a
new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16)); // b
ECDomainParameters parameters = new ECDomainParameters(
curve,
curve.DecodePoint(Hex.Decode("020ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf")), // G
new BigInteger("883423532389192164791648750360308884807550341691627752275345424702807307")); // n
ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
"ECDSA",
new BigInteger("876300101507107567501066130761671078357010671067781776716671676178726717"), // d
parameters);
ECDsaSigner ecdsa = new ECDsaSigner();
ParametersWithRandom param = new ParametersWithRandom(priKey, k);
ecdsa.Init(true, param);
byte[] message = new BigInteger("968236873715988614170569073515315707566766479517").ToByteArray();
BigInteger[] sig = ecdsa.GenerateSignature(message);
if (!r.Equals(sig[0]))
{
Fail("r component wrong." + SimpleTest.NewLine
+ " expecting: " + r + SimpleTest.NewLine
+ " got : " + sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail("s component wrong." + SimpleTest.NewLine
+ " expecting: " + s + SimpleTest.NewLine
+ " got : " + sig[1]);
}
// Verify the signature
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
"ECDSA",
curve.DecodePoint(Hex.Decode("025b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c70")), // Q
parameters);
ecdsa.Init(false, pubKey);
if (!ecdsa.VerifySignature(message, sig[0], sig[1]))
{
Fail("signature fails");
}
}
public ITestResult Perform()
{
BigInteger r = new BigInteger("81d69a192e9c7ac21fc07da41bd07e230ba6a94eb9f3c1fd104c7bd976733ca5",16);
BigInteger s = new BigInteger("315c879c8414f35feb4deb15e7cc0278c48e6ca1596325d6959338d860b0c47a",16);
Gost3410ParametersGenerator pGen = new Gost3410ParametersGenerator();
pGen.Init(1024, 2, init_random);
Gost3410Parameters parameters = pGen.GenerateParameters();
if (!pValue.Equals(parameters.P) || !qValue.Equals(parameters.Q))
{
return new SimpleTestResult(false, Name + ": p or q wrong");
}
Gost3410KeyPairGenerator Gost3410KeyGen = new Gost3410KeyPairGenerator();
Gost3410KeyGenerationParameters genParam = new Gost3410KeyGenerationParameters(keyRandom, parameters);
Gost3410KeyGen.Init(genParam);
AsymmetricCipherKeyPair pair = Gost3410KeyGen.GenerateKeyPair();
ParametersWithRandom param = new ParametersWithRandom(pair.Private, random);
Gost3410Signer Gost3410 = new Gost3410Signer();
Gost3410.Init(true, param);
BigInteger[] sig = Gost3410.GenerateSignature(hashmessage);
if (!r.Equals(sig[0]))
{
return new SimpleTestResult(false, Name
+ ": r component wrong." + SimpleTest.NewLine
+ " expecting: " + r.ToString(16) + SimpleTest.NewLine
+ " got : " + sig[0].ToString(16));
}
if (!s.Equals(sig[1]))
{
return new SimpleTestResult(false, Name
+ ": s component wrong." + SimpleTest.NewLine
+ " expecting: " + s.ToString(16) + SimpleTest.NewLine
+ " got : " + sig[1].ToString(16));
}
Gost3410.Init(false, pair.Public);
if (Gost3410.VerifySignature(hashmessage, sig[0], sig[1]))
{
return new SimpleTestResult(true, Name + ": Okay");
}
else
{
return new SimpleTestResult(false, Name + ": verification fails");
}
}
public ITestResult Perform()
{
BigInteger r = new BigInteger("860d82c60e9502cd00c0e9e1f6563feafec304801974d745c5e02079946f729e",16);
BigInteger s = new BigInteger("7ef49264ef022801aaa03033cd97915235fbab4c823ed936b0f360c22114688a",16);
Gost3410ParametersGenerator pGen = new Gost3410ParametersGenerator();
pGen.Init(1024, 2, init_random);
Gost3410Parameters parameters = pGen.GenerateParameters();
if (!pValue.Equals(parameters.P) || !qValue.Equals(parameters.Q))
{
return new SimpleTestResult(false, Name + ": p or q wrong");
}
Gost3410KeyPairGenerator Gost3410KeyGen = new Gost3410KeyPairGenerator();
Gost3410KeyGenerationParameters genParam = new Gost3410KeyGenerationParameters(keyRandom, parameters);
Gost3410KeyGen.Init(genParam);
AsymmetricCipherKeyPair pair = Gost3410KeyGen.GenerateKeyPair();
ParametersWithRandom param = new ParametersWithRandom(pair.Private, random);
Gost3410Signer Gost3410 = new Gost3410Signer();
Gost3410.Init(true, param);
BigInteger[] sig = Gost3410.GenerateSignature(hashmessage);
if (!r.Equals(sig[0]))
{
return new SimpleTestResult(false, Name
+ ": r component wrong." + SimpleTest.NewLine
+ " expecting: " + r.ToString(16) + SimpleTest.NewLine
+ " got : " + sig[0].ToString(16));
}
if (!s.Equals(sig[1]))
{
return new SimpleTestResult(false, Name
+ ": s component wrong." + SimpleTest.NewLine
+ " expecting: " + s.ToString(16) + SimpleTest.NewLine
+ " got : " + sig[1].ToString(16));
}
Gost3410.Init(false, pair.Public);
if (Gost3410.VerifySignature(hashmessage, sig[0], sig[1]))
{
return new SimpleTestResult(true, Name + ": Okay");
}
else
{
return new SimpleTestResult(false, Name + ": verification fails");
}
}
public void TestECDsa239BitBinary()
{
IBigInteger r = new BigInteger("21596333210419611985018340039034612628818151486841789642455876922391552");
IBigInteger s = new BigInteger("197030374000731686738334997654997227052849804072198819102649413465737174");
byte[] kData = BigIntegers.AsUnsignedByteArray(
new BigInteger("171278725565216523967285789236956265265265235675811949404040041670216363"));
SecureRandom k = FixedSecureRandom.From(kData);
ECCurve curve = new F2MCurve(
239, // m
36, // k
new BigInteger("32010857077C5431123A46B808906756F543423E8D27877578125778AC76", 16), // a
new BigInteger("790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16", 16)); // b
ECDomainParameters parameters = new ECDomainParameters(
curve,
curve.DecodePoint(Hex.Decode("0457927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305")), // G
new BigInteger("220855883097298041197912187592864814557886993776713230936715041207411783"), // n
BigInteger.ValueOf(4)); // h
ECPrivateKeyParameters sKey = new ECPrivateKeyParameters(
"ECDSA",
new BigInteger("145642755521911534651321230007534120304391871461646461466464667494947990"), // d
parameters);
ECPublicKeyParameters vKey = new ECPublicKeyParameters(
"ECDSA",
curve.DecodePoint(Hex.Decode("045894609CCECF9A92533F630DE713A958E96C97CCB8F5ABB5A688A238DEED6DC2D9D0C94EBFB7D526BA6A61764175B99CB6011E2047F9F067293F57F5")), // Q
parameters);
ISigner sgr = SignerUtilities.GetSigner("ECDSA");
byte[] message = Encoding.ASCII.GetBytes("abc");
sgr.Init(true, new ParametersWithRandom(sKey, k));
sgr.BlockUpdate(message, 0, message.Length);
byte[] sigBytes = sgr.GenerateSignature();
sgr.Init(false, vKey);
sgr.BlockUpdate(message, 0, message.Length);
if (!sgr.VerifySignature(sigBytes))
{
Fail("239 Bit EC verification failed");
}
IBigInteger[] sig = DerDecode(sigBytes);
if (!r.Equals(sig[0]))
{
Fail("r component wrong." + SimpleTest.NewLine
+ " expecting: " + r + SimpleTest.NewLine
+ " got : " + sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail("s component wrong." + SimpleTest.NewLine
+ " expecting: " + s + SimpleTest.NewLine
+ " got : " + sig[1]);
}
}
public ITestResult Perform()
{
BigInteger r = new BigInteger("a8790aabbd5a998ff524bad048ac69cd1faff2dab048265c8d60d1471c44a9ee",16);
BigInteger s = new BigInteger("30df5ba32ac77170b9632559bef7d37620017756dff3fea1088b4267db0944b8",16);
Gost3410ParametersGenerator pGen = new Gost3410ParametersGenerator();
pGen.Init(1024, 1, init_random);
Gost3410Parameters parameters = pGen.GenerateParameters();
if (!pValue.Equals(parameters.P) || !qValue.Equals(parameters.Q))
{
return new SimpleTestResult(false, Name + ": p or q wrong");
}
Gost3410KeyPairGenerator Gost3410KeyGen = new Gost3410KeyPairGenerator();
Gost3410KeyGenerationParameters genParam = new Gost3410KeyGenerationParameters(keyRandom, parameters);
Gost3410KeyGen.Init(genParam);
AsymmetricCipherKeyPair pair = Gost3410KeyGen.GenerateKeyPair();
ParametersWithRandom param = new ParametersWithRandom(pair.Private, random);
Gost3410Signer Gost3410 = new Gost3410Signer();
Gost3410.Init(true, param);
BigInteger[] sig = Gost3410.GenerateSignature(hashmessage);
if (!r.Equals(sig[0]))
{
return new SimpleTestResult(false, Name
+ ": r component wrong." + SimpleTest.NewLine
+ " expecting: " + r.ToString(16) + SimpleTest.NewLine
+ " got : " + sig[0].ToString(16));
}
if (!s.Equals(sig[1]))
{
return new SimpleTestResult(false, Name
+ ": s component wrong." + SimpleTest.NewLine
+ " expecting: " + s.ToString(16) + SimpleTest.NewLine
+ " got : " + sig[1].ToString(16));
}
Gost3410.Init(false, pair.Public);
if (Gost3410.VerifySignature(hashmessage, sig[0], sig[1]))
{
return new SimpleTestResult(true, Name + ": Okay");
}
else
{
return new SimpleTestResult(false, Name + ": verification fails");
}
}
public void TestECDsaSecP224k1Sha256()
{
X9ECParameters p = SecNamedCurves.GetByName("secp224k1");
ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
new BigInteger("BE6F6E91FE96840A6518B56F3FE21689903A64FA729057AB872A9F51", 16), // d
parameters);
SecureRandom k = FixedSecureRandom.From(Hex.Decode("00c39beac93db21c3266084429eb9b846b787c094f23a4de66447efbb3"));
byte[] M = Hex.Decode("E5D5A7ADF73C5476FAEE93A2C76CE94DC0557DB04CDC189504779117920B896D");
ECDsaSigner dsa = new ECDsaSigner();
dsa.Init(true, new ParametersWithRandom(priKey, k));
BigInteger[] sig = dsa.GenerateSignature(M);
BigInteger r = new BigInteger("8163E5941BED41DA441B33E653C632A55A110893133351E20CE7CB75", 16);
BigInteger s = new BigInteger("D12C3FC289DDD5F6890DCE26B65792C8C50E68BF551D617D47DF15A8", 16);
if (!r.Equals(sig[0]))
{
Fail("r component wrong." + SimpleTest.NewLine
+ " expecting: " + r + SimpleTest.NewLine
+ " got : " + sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail("s component wrong." + SimpleTest.NewLine
+ " expecting: " + s + SimpleTest.NewLine
+ " got : " + sig[1]);
}
// Verify the signature
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
parameters.Curve.DecodePoint(Hex.Decode("04C5C9B38D3603FCCD6994CBB9594E152B658721E483669BB42728520F484B537647EC816E58A8284D3B89DFEDB173AFDC214ECA95A836FA7C")), // Q
parameters);
dsa.Init(false, pubKey);
if (!dsa.VerifySignature(M, sig[0], sig[1]))
{
Fail("signature fails");
}
}
public void TestECDsa239BitPrime()
{
IBigInteger r = new BigInteger("308636143175167811492622547300668018854959378758531778147462058306432176");
IBigInteger s = new BigInteger("323813553209797357708078776831250505931891051755007842781978505179448783");
byte[] kData = BigIntegers.AsUnsignedByteArray(
new BigInteger("700000017569056646655505781757157107570501575775705779575555657156756655"));
SecureRandom k = FixedSecureRandom.From(kData);
ECCurve curve = new FPCurve(
new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"), // q
new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16), // a
new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16)); // b
ECDomainParameters spec = new ECDomainParameters(
curve,
curve.DecodePoint(Hex.Decode("020ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf")), // G
new BigInteger("883423532389192164791648750360308884807550341691627752275345424702807307")); // n
ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
"ECDSA",
new BigInteger("876300101507107567501066130761671078357010671067781776716671676178726717"), // d
spec);
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
"ECDSA",
curve.DecodePoint(Hex.Decode("025b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c70")), // Q
spec);
ISigner sgr = SignerUtilities.GetSigner("ECDSA");
// KeyFactory f = KeyFactory.GetInstance("ECDSA");
// PrivateKey sKey = f.generatePrivate(priKey);
// PublicKey vKey = f.generatePublic(pubKey);
IAsymmetricKeyParameter sKey = priKey;
IAsymmetricKeyParameter vKey = pubKey;
sgr.Init(true, new ParametersWithRandom(sKey, k));
byte[] message = Encoding.ASCII.GetBytes("abc");
sgr.BlockUpdate(message, 0, message.Length);
byte[] sigBytes = sgr.GenerateSignature();
sgr.Init(false, vKey);
sgr.BlockUpdate(message, 0, message.Length);
if (!sgr.VerifySignature(sigBytes))
{
Fail("239 Bit EC verification failed");
}
IBigInteger[] sig = DerDecode(sigBytes);
if (!r.Equals(sig[0]))
{
Fail("r component wrong." + SimpleTest.NewLine
+ " expecting: " + r + SimpleTest.NewLine
+ " got : " + sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail("s component wrong." + SimpleTest.NewLine
+ " expecting: " + s + SimpleTest.NewLine
+ " got : " + sig[1]);
}
}
public void TestECDsaP521Sha512()
{
X9ECParameters p = NistNamedCurves.GetByName("P-521");
ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
new BigInteger("617573726813476282316253885608633222275541026607493641741273231656161177732180358888434629562647985511298272498852936680947729040673640492310550142822667389"), // d
parameters);
SecureRandom k = FixedSecureRandom.From(BigIntegers.AsUnsignedByteArray(new BigInteger("6806532878215503520845109818432174847616958675335397773700324097584974639728725689481598054743894544060040710846048585856076812050552869216017728862957612913")));
byte[] M = Hex.Decode("6893B64BD3A9615C39C3E62DDD269C2BAAF1D85915526083183CE14C2E883B48B193607C1ED871852C9DF9C3147B574DC1526C55DE1FE263A676346A20028A66");
ECDsaSigner dsa = new ECDsaSigner();
dsa.Init(true, new ParametersWithRandom(priKey, k));
BigInteger[] sig = dsa.GenerateSignature(M);
BigInteger r = new BigInteger("1368926195812127407956140744722257403535864168182534321188553460365652865686040549247096155740756318290773648848859639978618869784291633651685766829574104630");
BigInteger s = new BigInteger("1624754720348883715608122151214003032398685415003935734485445999065609979304811509538477657407457976246218976767156629169821116579317401249024208611945405790");
if (!r.Equals(sig[0]))
{
Fail("r component wrong." + SimpleTest.NewLine
+ " expecting: " + r + SimpleTest.NewLine
+ " got : " + sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail("s component wrong." + SimpleTest.NewLine
+ " expecting: " + s + SimpleTest.NewLine
+ " got : " + sig[1]);
}
// Verify the signature
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
parameters.Curve.DecodePoint(Hex.Decode("020145E221AB9F71C5FE740D8D2B94939A09E2816E2167A7D058125A06A80C014F553E8D6764B048FB6F2B687CEC72F39738F223D4CE6AFCBFF2E34774AA5D3C342CB3")), // Q
parameters);
dsa.Init(false, pubKey);
if (!dsa.VerifySignature(M, sig[0], sig[1]))
{
Fail("signature fails");
}
}
public void TestECDsaP256Sha256()
{
X9ECParameters p = NistNamedCurves.GetByName("P-256");
ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
new BigInteger("20186677036482506117540275567393538695075300175221296989956723148347484984008"), // d
parameters);
SecureRandom k = FixedSecureRandom.From(BigIntegers.AsUnsignedByteArray(new BigInteger("72546832179840998877302529996971396893172522460793442785601695562409154906335")));
byte[] M = Hex.Decode("1BD4ED430B0F384B4E8D458EFF1A8A553286D7AC21CB2F6806172EF5F94A06AD");
ECDsaSigner dsa = new ECDsaSigner();
dsa.Init(true, new ParametersWithRandom(priKey, k));
BigInteger[] sig = dsa.GenerateSignature(M);
BigInteger r = new BigInteger("97354732615802252173078420023658453040116611318111190383344590814578738210384");
BigInteger s = new BigInteger("98506158880355671805367324764306888225238061309262649376965428126566081727535");
if (!r.Equals(sig[0]))
{
Fail("r component wrong." + SimpleTest.NewLine
+ " expecting: " + r + SimpleTest.NewLine
+ " got : " + sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail("s component wrong." + SimpleTest.NewLine
+ " expecting: " + s + SimpleTest.NewLine
+ " got : " + sig[1]);
}
// Verify the signature
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
parameters.Curve.DecodePoint(Hex.Decode("03596375E6CE57E0F20294FC46BDFCFD19A39F8161B58695B3EC5B3D16427C274D")), // Q
parameters);
dsa.Init(false, pubKey);
if (!dsa.VerifySignature(M, sig[0], sig[1]))
{
Fail("signature fails");
}
}
public void TestECDsaP224Sha224()
{
X9ECParameters p = NistNamedCurves.GetByName("P-224");
ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
new BigInteger("6081831502424510080126737029209236539191290354021104541805484120491"), // d
parameters);
SecureRandom k = FixedSecureRandom.From(BigIntegers.AsUnsignedByteArray(new BigInteger("15456715103636396133226117016818339719732885723579037388121116732601")));
byte[] M = Hex.Decode("8797A3C693CC292441039A4E6BAB7387F3B4F2A63D00ED384B378C79");
ECDsaSigner dsa = new ECDsaSigner();
dsa.Init(true, new ParametersWithRandom(priKey, k));
BigInteger[] sig = dsa.GenerateSignature(M);
BigInteger r = new BigInteger("26477406756127720855365980332052585411804331993436302005017227573742");
BigInteger s = new BigInteger("17694958233103667059888193972742186995283044672015112738919822429978");
if (!r.Equals(sig[0]))
{
Fail("r component wrong." + SimpleTest.NewLine
+ " expecting: " + r + SimpleTest.NewLine
+ " got : " + sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail("s component wrong." + SimpleTest.NewLine
+ " expecting: " + s + SimpleTest.NewLine
+ " got : " + sig[1]);
}
// Verify the signature
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
parameters.Curve.DecodePoint(Hex.Decode("03FD44EC11F9D43D9D23B1E1D1C9ED6519B40ECF0C79F48CF476CC43F1")), // Q
parameters);
dsa.Init(false, pubKey);
if (!dsa.VerifySignature(M, sig[0], sig[1]))
{
Fail("signature fails");
}
}
public ITestResult Perform()
{
BigInteger r = new BigInteger("7c07c8cf035c2a1cb2b7fae5807ac7cd623dfca7a1a68f6d858317822f1ea00d",16);
BigInteger s = new BigInteger("7e9e036a6ff87dbf9b004818252b1f6fc310bdd4d17cb8c37d9c36c7884de60c",16);
Gost3410ParametersGenerator pGen = new Gost3410ParametersGenerator();
pGen.Init(512, 2, init_random);
Gost3410Parameters parameters = pGen.GenerateParameters();
if (!init_random.IsExhausted)
{
return new SimpleTestResult(false, Name
+ ": unexpected number of bytes used from 'init_random'.");
}
if (parameters.ValidationParameters == null)
{
return new SimpleTestResult(false, Name + ": validation parameters wrong");
}
if (parameters.ValidationParameters.CL != 13
|| parameters.ValidationParameters.X0L != 1039943409)
{
return new SimpleTestResult(false, Name + ": validation parameters values wrong");
}
if (!pValue.Equals(parameters.P) || !qValue.Equals(parameters.Q))
{
return new SimpleTestResult(false, Name + ": p or q wrong");
}
Gost3410KeyPairGenerator Gost3410KeyGen = new Gost3410KeyPairGenerator();
Gost3410KeyGenerationParameters genParam = new Gost3410KeyGenerationParameters(keyRandom, parameters);
Gost3410KeyGen.Init(genParam);
AsymmetricCipherKeyPair pair = Gost3410KeyGen.GenerateKeyPair();
if (!keyRandom.IsExhausted)
{
return new SimpleTestResult(false, Name
+ ": unexpected number of bytes used from 'keyRandom'.");
}
ParametersWithRandom param = new ParametersWithRandom(pair.Private, random);
Gost3410Signer Gost3410 = new Gost3410Signer();
Gost3410.Init(true, param);
BigInteger[] sig = Gost3410.GenerateSignature(hashmessage);
if (!random.IsExhausted)
{
return new SimpleTestResult(false, Name
+ ": unexpected number of bytes used from 'random'.");
}
if (!r.Equals(sig[0]))
{
return new SimpleTestResult(false, Name
+ ": r component wrong." + SimpleTest.NewLine
+ " expecting: " + r.ToString(16) + SimpleTest.NewLine
+ " got : " + sig[0].ToString(16));
}
if (!s.Equals(sig[1]))
{
return new SimpleTestResult(false, Name
+ ": s component wrong." + SimpleTest.NewLine
+ " expecting: " + s.ToString(16) + SimpleTest.NewLine
+ " got : " + sig[1].ToString(16));
}
Gost3410.Init(false, pair.Public);
if (!Gost3410.VerifySignature(hashmessage, sig[0], sig[1]))
{
return new SimpleTestResult(false, Name + ": verification fails");
}
return new SimpleTestResult(true, Name + ": Okay");
}
public virtual X509CrlEntry GetRevokedCertificate(
BigInteger serialNumber)
{
IEnumerable certs = c.GetRevokedCertificateEnumeration();
X509Name previousCertificateIssuer = IssuerDN;
foreach (CrlEntry entry in certs)
{
X509CrlEntry crlEntry = new X509CrlEntry(entry, isIndirect, previousCertificateIssuer);
if (serialNumber.Equals(entry.UserCertificate.Value))
{
return crlEntry;
}
previousCertificateIssuer = crlEntry.GetCertificateIssuer();
}
return null;
}
public ITestResult Perform()
{
BigInteger r = new BigInteger("169fdb2dc09f690b71332432bfec806042e258fa9a21dafe73c6abfbc71407d9",16);
BigInteger s = new BigInteger("9002551808ae40d19f6f31fb67e4563101243cf07cffd5f2f8ff4c537b0c9866",16);
Gost3410ParametersGenerator pGen = new Gost3410ParametersGenerator();
pGen.Init(1024, 2, init_random);
Gost3410Parameters parameters = pGen.GenerateParameters();
if (!pValue.Equals(parameters.P) || !qValue.Equals(parameters.Q))
{
return new SimpleTestResult(false, Name + ": p or q wrong");
}
Gost3410KeyPairGenerator Gost3410KeyGen = new Gost3410KeyPairGenerator();
Gost3410KeyGenerationParameters genParam = new Gost3410KeyGenerationParameters(keyRandom, parameters);
Gost3410KeyGen.Init(genParam);
AsymmetricCipherKeyPair pair = Gost3410KeyGen.GenerateKeyPair();
ParametersWithRandom param = new ParametersWithRandom(pair.Private, random);
Gost3410Signer Gost3410 = new Gost3410Signer();
Gost3410.Init(true, param);
BigInteger[] sig = Gost3410.GenerateSignature(hashmessage);
if (!r.Equals(sig[0]))
{
return new SimpleTestResult(false, Name
+ ": r component wrong." + SimpleTest.NewLine
+ " expecting: " + r.ToString(16) + SimpleTest.NewLine
+ " got : " + sig[0].ToString(16));
}
if (!s.Equals(sig[1]))
{
return new SimpleTestResult(false, Name
+ ": s component wrong." + SimpleTest.NewLine
+ " expecting: " + s.ToString(16) + SimpleTest.NewLine
+ " got : " + sig[1].ToString(16));
}
Gost3410.Init(false, pair.Public);
if (Gost3410.VerifySignature(hashmessage, sig[0], sig[1]))
{
return new SimpleTestResult(true, Name + ": Okay");
}
else
{
return new SimpleTestResult(false, Name + ": verification fails");
}
}
public void TestECDsa191bitBinary()
{
BigInteger r = new BigInteger("87194383164871543355722284926904419997237591535066528048");
BigInteger s = new BigInteger("308992691965804947361541664549085895292153777025772063598");
byte[] kData = BigIntegers.AsUnsignedByteArray(new BigInteger("1542725565216523985789236956265265265235675811949404040041"));
SecureRandom k = FixedSecureRandom.From(kData);
F2mCurve curve = new F2mCurve(
191, // m
9, //k
new BigInteger("2866537B676752636A68F56554E12640276B649EF7526267", 16), // a
new BigInteger("2E45EF571F00786F67B0081B9495A3D95462F5DE0AA185EC", 16)); // b
ECDomainParameters parameters = new ECDomainParameters(
curve,
curve.DecodePoint(Hex.Decode("0436B3DAF8A23206F9C4F299D7B21A9C369137F2C84AE1AA0D765BE73433B3F95E332932E70EA245CA2418EA0EF98018FB")), // G
new BigInteger("1569275433846670190958947355803350458831205595451630533029"), // n
BigInteger.Two); // h
ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
"ECDSA",
new BigInteger("1275552191113212300012030439187146164646146646466749494799"), // d
parameters);
ECDsaSigner ecdsa = new ECDsaSigner();
ParametersWithRandom param = new ParametersWithRandom(priKey, k);
ecdsa.Init(true, param);
byte[] message = new BigInteger("968236873715988614170569073515315707566766479517").ToByteArray();
BigInteger[] sig = ecdsa.GenerateSignature(message);
if (!r.Equals(sig[0]))
{
Fail("r component wrong." + SimpleTest.NewLine
+ " expecting: " + r + SimpleTest.NewLine
+ " got : " + sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail("s component wrong." + SimpleTest.NewLine
+ " expecting: " + s + SimpleTest.NewLine
+ " got : " + sig[1]);
}
// Verify the signature
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
"ECDSA",
curve.DecodePoint(Hex.Decode("045DE37E756BD55D72E3768CB396FFEB962614DEA4CE28A2E755C0E0E02F5FB132CAF416EF85B229BBB8E1352003125BA1")), // Q
parameters);
ecdsa.Init(false, pubKey);
if (!ecdsa.VerifySignature(message, sig[0], sig[1]))
{
Fail("signature fails");
}
}
public ITestResult Perform()
{
BigInteger r = new BigInteger("3e5f895e276d81d2d52c0763270a458157b784c57abdbd807bc44fd43a32ac06",16);
BigInteger s = new BigInteger("3f0dd5d4400d47c08e4ce505ff7434b6dbf729592e37c74856dab85115a60955",16);
Gost3410ParametersGenerator pGen = new Gost3410ParametersGenerator();
pGen.Init(512, 1, init_random);
Gost3410Parameters parameters = pGen.GenerateParameters();
if (parameters.ValidationParameters == null)
{
return new SimpleTestResult(false, Name + "validation parameters wrong");
}
if (parameters.ValidationParameters.C != 29505
|| parameters.ValidationParameters.X0 != 24265)
{
return new SimpleTestResult(false, Name + "validation parameters values wrong");
}
if (!init_random.IsExhausted)
{
return new SimpleTestResult(false, Name
+ ": unexpected number of bytes used from 'init_random'.");
}
if (!pValue.Equals(parameters.P) || !qValue.Equals(parameters.Q))
{
return new SimpleTestResult(false, Name + ": p or q wrong");
}
Gost3410KeyPairGenerator Gost3410KeyGen = new Gost3410KeyPairGenerator();
Gost3410KeyGenerationParameters genParam = new Gost3410KeyGenerationParameters(keyRandom, parameters);
Gost3410KeyGen.Init(genParam);
AsymmetricCipherKeyPair pair = Gost3410KeyGen.GenerateKeyPair();
if (!keyRandom.IsExhausted)
{
return new SimpleTestResult(false, Name
+ ": unexpected number of bytes used from 'keyRandom'.");
}
ParametersWithRandom param = new ParametersWithRandom(pair.Private, random);
Gost3410Signer gost3410 = new Gost3410Signer();
gost3410.Init(true, param);
BigInteger[] sig = gost3410.GenerateSignature(hashmessage);
if (!random.IsExhausted)
{
return new SimpleTestResult(false, Name
+ ": unexpected number of bytes used from 'random'.");
}
if (!r.Equals(sig[0]))
{
return new SimpleTestResult(false, Name
+ ": r component wrong." + SimpleTest.NewLine
+ " expecting: " + r.ToString(16) + SimpleTest.NewLine
+ " got : " + sig[0].ToString(16));
}
if (!s.Equals(sig[1]))
{
return new SimpleTestResult(false, Name
+ ": s component wrong." + SimpleTest.NewLine
+ " expecting: " + s.ToString(16) + SimpleTest.NewLine
+ " got : " + sig[1].ToString(16));
}
gost3410.Init(false, pair.Public);
if (gost3410.VerifySignature(hashmessage, sig[0], sig[1]))
{
return new SimpleTestResult(true, Name + ": Okay");
}
else
{
return new SimpleTestResult(false, Name + ": verification fails");
}
}
private void checkSignature(
int size,
ECPrivateKeyParameters sKey,
ECPublicKeyParameters vKey,
ISigner sgr,
SecureRandom k,
byte[] message,
BigInteger r,
BigInteger s)
{
sgr.Init(true, new ParametersWithRandom(sKey, k));
sgr.BlockUpdate(message, 0, message.Length);
byte[] sigBytes = sgr.GenerateSignature();
sgr.Init(false, vKey);
sgr.BlockUpdate(message, 0, message.Length);
if (!sgr.VerifySignature(sigBytes))
{
Fail(size + " bit EC verification failed");
}
BigInteger[] sig = derDecode(sigBytes);
if (!r.Equals(sig[0]))
{
Fail(size + "bit"
+ ": r component wrong." + SimpleTest.NewLine
+ " expecting: " + r + SimpleTest.NewLine
+ " got : " + sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail(size + "bit"
+ ": s component wrong." + SimpleTest.NewLine
+ " expecting: " + s + SimpleTest.NewLine
+ " got : " + sig[1]);
}
}
public ITestResult Perform()
{
BigInteger r = new BigInteger("64a8856628e5669d85f62cd763dd4a99bc56d33dc0e1859122855d141e9e4774",16);
BigInteger s = new BigInteger("319ebac97092b288d469a4b988248794f60c865bc97858d9a3135c6d1a1bf2dd",16);
Gost3410ParametersGenerator pGen = new Gost3410ParametersGenerator();
pGen.Init(1024, 2, init_random);
Gost3410Parameters parameters = pGen.GenerateParameters();
if (!pValue.Equals(parameters.P) || !qValue.Equals(parameters.Q))
{
return new SimpleTestResult(false, Name + ": p or q wrong");
}
Gost3410KeyPairGenerator Gost3410KeyGen = new Gost3410KeyPairGenerator();
Gost3410KeyGenerationParameters genParam = new Gost3410KeyGenerationParameters(keyRandom, parameters);
Gost3410KeyGen.Init(genParam);
AsymmetricCipherKeyPair pair = Gost3410KeyGen.GenerateKeyPair();
ParametersWithRandom param = new ParametersWithRandom(pair.Private, random);
Gost3410Signer Gost3410 = new Gost3410Signer();
Gost3410.Init(true, param);
BigInteger[] sig = Gost3410.GenerateSignature(hashmessage);
if (!r.Equals(sig[0]))
{
return new SimpleTestResult(false, Name
+ ": r component wrong." + SimpleTest.NewLine
+ " expecting: " + r.ToString(16) + SimpleTest.NewLine
+ " got : " + sig[0].ToString(16));
}
if (!s.Equals(sig[1]))
{
return new SimpleTestResult(false, Name
+ ": s component wrong." + SimpleTest.NewLine
+ " expecting: " + s.ToString(16) + SimpleTest.NewLine
+ " got : " + sig[1].ToString(16));
}
Gost3410.Init(false, pair.Public);
if (Gost3410.VerifySignature(hashmessage, sig[0], sig[1]))
{
return new SimpleTestResult(true, Name + ": Okay");
}
else
{
return new SimpleTestResult(false, Name + ": verification fails");
}
}
public BigInteger ModPow(BigInteger e, BigInteger m)
{
if (m.sign < 1)
throw new ArithmeticException("Modulus must be positive");
if (m.Equals(One))
return Zero;
if (e.sign == 0)
return One;
if (sign == 0)
return Zero;
bool negExp = e.sign < 0;
if (negExp)
e = e.Negate();
BigInteger result = this.Mod(m);
if (!e.Equals(One))
{
if ((m.magnitude[m.magnitude.Length - 1] & 1) == 0)
{
result = ModPowBarrett(result, e, m);
}
else
{
result = ModPowMonty(result, e, m, true);
}
}
if (negExp)
result = result.ModInverse(m);
return result;
}
public ITestResult Perform()
{
BigInteger r = new BigInteger("4deb95a0b35e7ed7edebe9bef5a0f93739e16b7ff27fe794d989d0c13159cfbc",16);
BigInteger s = new BigInteger("e1d0d30345c24cfeb33efde3deee5fbbda78ddc822b719d860cd0ba1fb6bd43b",16);
Gost3410ParametersGenerator pGen = new Gost3410ParametersGenerator();
pGen.Init(1024, 2, init_random);
Gost3410Parameters parameters = pGen.GenerateParameters();
if (!pValue.Equals(parameters.P) || !qValue.Equals(parameters.Q))
{
return new SimpleTestResult(false, Name + ": p or q wrong");
}
Gost3410KeyPairGenerator Gost3410KeyGen = new Gost3410KeyPairGenerator();
Gost3410KeyGenerationParameters genParam = new Gost3410KeyGenerationParameters(keyRandom, parameters);
Gost3410KeyGen.Init(genParam);
AsymmetricCipherKeyPair pair = Gost3410KeyGen.GenerateKeyPair();
ParametersWithRandom param = new ParametersWithRandom(pair.Private, random);
Gost3410Signer Gost3410 = new Gost3410Signer();
Gost3410.Init(true, param);
BigInteger[] sig = Gost3410.GenerateSignature(hashmessage);
if (!r.Equals(sig[0]))
{
return new SimpleTestResult(false, Name
+ ": r component wrong." + SimpleTest.NewLine
+ " expecting: " + r.ToString(16) + SimpleTest.NewLine
+ " got : " + sig[0].ToString(16));
}
if (!s.Equals(sig[1]))
{
return new SimpleTestResult(false, Name
+ ": s component wrong." + SimpleTest.NewLine
+ " expecting: " + s.ToString(16) + SimpleTest.NewLine
+ " got : " + sig[1].ToString(16));
}
Gost3410.Init(false, pair.Public);
if (Gost3410.VerifySignature(hashmessage, sig[0], sig[1]))
{
return new SimpleTestResult(true, Name + ": Okay");
}
else
{
return new SimpleTestResult(false, Name + ": verification fails");
}
}
public ITestResult Perform()
{
BigInteger r = new BigInteger("712592d285b792e33b8a9a11e8e6c4f512ddf0042972bbfd1abb0a93e8fc6f54",16);
BigInteger s = new BigInteger("2cf26758321258b130d5612111339f09ceb8668241f3482e38baa56529963f07",16);
Gost3410ParametersGenerator pGen = new Gost3410ParametersGenerator();
pGen.Init(1024, 2, init_random);
Gost3410Parameters parameters = pGen.GenerateParameters();
if (!pValue.Equals(parameters.P) || !qValue.Equals(parameters.Q))
{
return new SimpleTestResult(false, Name + ": p or q wrong");
}
Gost3410KeyPairGenerator Gost3410KeyGen = new Gost3410KeyPairGenerator();
Gost3410KeyGenerationParameters genParam = new Gost3410KeyGenerationParameters(keyRandom, parameters);
Gost3410KeyGen.Init(genParam);
AsymmetricCipherKeyPair pair = Gost3410KeyGen.GenerateKeyPair();
ParametersWithRandom param = new ParametersWithRandom(pair.Private, random);
Gost3410Signer Gost3410 = new Gost3410Signer();
Gost3410.Init(true, param);
BigInteger[] sig = Gost3410.GenerateSignature(hashmessage);
if (!r.Equals(sig[0]))
{
return new SimpleTestResult(false, Name
+ ": r component wrong." + SimpleTest.NewLine
+ " expecting: " + r.ToString(16) + SimpleTest.NewLine
+ " got : " + sig[0].ToString(16));
}
if (!s.Equals(sig[1]))
{
return new SimpleTestResult(false, Name
+ ": s component wrong." + SimpleTest.NewLine
+ " expecting: " + s.ToString(16) + SimpleTest.NewLine
+ " got : " + sig[1].ToString(16));
}
Gost3410.Init(false, pair.Public);
if (Gost3410.VerifySignature(hashmessage, sig[0], sig[1]))
{
return new SimpleTestResult(true, Name + ": Okay");
}
else
{
return new SimpleTestResult(false, Name + ": verification fails");
}
}
public BigInteger ModPow(
BigInteger exponent,
BigInteger m)
{
if (m.sign < 1)
throw new ArithmeticException("Modulus must be positive");
if (m.Equals(One))
return Zero;
if (exponent.sign == 0)
return One;
if (sign == 0)
return Zero;
int[] zVal = null;
int[] yAccum = null;
int[] yVal;
// Montgomery exponentiation is only possible if the modulus is odd,
// but AFAIK, this is always the case for crypto algo's
bool useMonty = ((m.magnitude[m.magnitude.Length - 1] & 1) == 1);
long mQ = 0;
if (useMonty)
{
mQ = m.GetMQuote();
// tmp = this * R mod m
BigInteger tmp = ShiftLeft(32 * m.magnitude.Length).Mod(m);
zVal = tmp.magnitude;
useMonty = (zVal.Length <= m.magnitude.Length);
if (useMonty)
{
yAccum = new int[m.magnitude.Length + 1];
if (zVal.Length < m.magnitude.Length)
{
int[] longZ = new int[m.magnitude.Length];
zVal.CopyTo(longZ, longZ.Length - zVal.Length);
zVal = longZ;
}
}
}
if (!useMonty)
{
if (magnitude.Length <= m.magnitude.Length)
{
//zAccum = new int[m.magnitude.Length * 2];
zVal = new int[m.magnitude.Length];
magnitude.CopyTo(zVal, zVal.Length - magnitude.Length);
}
else
{
//
// in normal practice we'll never see this...
//
BigInteger tmp = Remainder(m);
//zAccum = new int[m.magnitude.Length * 2];
zVal = new int[m.magnitude.Length];
tmp.magnitude.CopyTo(zVal, zVal.Length - tmp.magnitude.Length);
}
yAccum = new int[m.magnitude.Length * 2];
}
yVal = new int[m.magnitude.Length];
//
// from LSW to MSW
//
for (int i = 0; i < exponent.magnitude.Length; i++)
{
int v = exponent.magnitude[i];
int bits = 0;
if (i == 0)
{
while (v > 0)
{
v <<= 1;
bits++;
}
//
// first time in initialise y
//
zVal.CopyTo(yVal, 0);
v <<= 1;
bits++;
}
while (v != 0)
{
if (useMonty)
{
// Montgomery square algo doesn't exist, and a normal
// square followed by a Montgomery reduction proved to
// be almost as heavy as a Montgomery mulitply.
MultiplyMonty(yAccum, yVal, yVal, m.magnitude, mQ);
}
else
{
Square(yAccum, yVal);
Remainder(yAccum, m.magnitude);
Array.Copy(yAccum, yAccum.Length - yVal.Length, yVal, 0, yVal.Length);
ZeroOut(yAccum);
}
bits++;
if (v < 0)
{
if (useMonty)
{
MultiplyMonty(yAccum, yVal, zVal, m.magnitude, mQ);
}
else
{
Multiply(yAccum, yVal, zVal);
Remainder(yAccum, m.magnitude);
Array.Copy(yAccum, yAccum.Length - yVal.Length, yVal, 0,
yVal.Length);
ZeroOut(yAccum);
}
}
v <<= 1;
}
while (bits < 32)
{
if (useMonty)
{
MultiplyMonty(yAccum, yVal, yVal, m.magnitude, mQ);
}
else
{
Square(yAccum, yVal);
Remainder(yAccum, m.magnitude);
Array.Copy(yAccum, yAccum.Length - yVal.Length, yVal, 0, yVal.Length);
ZeroOut(yAccum);
}
bits++;
}
}
if (useMonty)
{
// Return y * R^(-1) mod m by doing y * 1 * R^(-1) mod m
ZeroOut(zVal);
zVal[zVal.Length - 1] = 1;
MultiplyMonty(yAccum, yVal, zVal, m.magnitude, mQ);
}
BigInteger result = new BigInteger(1, yVal, true);
return exponent.sign > 0
? result
: result.ModInverse(m);
}
public void TestECDsa239bitBinaryAndLargeDigest()
{
BigInteger r = new BigInteger("21596333210419611985018340039034612628818151486841789642455876922391552");
BigInteger s = new BigInteger("144940322424411242416373536877786566515839911620497068645600824084578597");
byte[] kData = BigIntegers.AsUnsignedByteArray(
new BigInteger("171278725565216523967285789236956265265265235675811949404040041670216363"));
SecureRandom k = FixedSecureRandom.From(kData);
F2mCurve curve = new F2mCurve(
239, // m
36, //k
new BigInteger("32010857077C5431123A46B808906756F543423E8D27877578125778AC76", 16), // a
new BigInteger("790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16", 16)); // b
ECDomainParameters parameters = new ECDomainParameters(
curve,
curve.DecodePoint(
Hex.Decode("0457927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305")), // G
new BigInteger("220855883097298041197912187592864814557886993776713230936715041207411783"), // n
BigInteger.ValueOf(4)); // h
ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
"ECDSA",
new BigInteger("145642755521911534651321230007534120304391871461646461466464667494947990"), // d
parameters);
ECDsaSigner ecdsa = new ECDsaSigner();
ParametersWithRandom param = new ParametersWithRandom(priKey, k);
ecdsa.Init(true, param);
byte[] message = new BigInteger("968236873715988614170569073515315707566766479517968236873715988614170569073515315707566766479517968236873715988614170569073515315707566766479517").ToByteArray();
BigInteger[] sig = ecdsa.GenerateSignature(message);
if (!r.Equals(sig[0]))
{
Fail("r component wrong." + SimpleTest.NewLine
+ " expecting: " + r + SimpleTest.NewLine
+ " got : " + sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail("s component wrong." + SimpleTest.NewLine
+ " expecting: " + s + SimpleTest.NewLine
+ " got : " + sig[1]);
}
// Verify the signature
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
"ECDSA",
curve.DecodePoint(
Hex.Decode("045894609CCECF9A92533F630DE713A958E96C97CCB8F5ABB5A688A238DEED6DC2D9D0C94EBFB7D526BA6A61764175B99CB6011E2047F9F067293F57F5")), // Q
parameters);
ecdsa.Init(false, pubKey);
if (!ecdsa.VerifySignature(message, sig[0], sig[1]))
{
Fail("signature fails");
}
}
