// 5.4 pg 29
/**
* return true if the value r and s represent a DSA signature for
* the passed in message (for standard DSA the message should be
* a SHA-1 hash of the real message to be verified).
*/
public bool VerifySignature(byte[] message, IBigInteger r, IBigInteger s)
{
var n = _key.Parameters.N;
// r and s should both in the range [1,n-1]
if (r.SignValue < 1 || s.SignValue < 1 || r.CompareTo(n) >= 0 || s.CompareTo(n) >= 0)
{
return(false);
}
var e = CalculateE(n, message);
var c = s.ModInverse(n);
var u1 = e.Multiply(c).Mod(n);
var u2 = r.Multiply(c).Mod(n);
var g = _key.Parameters.G;
var q = ((ECPublicKeyParameters)_key).Q;
var point = ECAlgorithms.SumOfTwoMultiplies(g, u1, q, u2);
var v = point.X.ToBigInteger().Mod(n);
return(v.Equals(r));
}
public RsaSecretBcpgKey(IBigInteger d, IBigInteger p, IBigInteger q)
{
// PGP requires (p < q)
var cmp = p.CompareTo(q);
if (cmp >= 0)
{
if (cmp == 0)
{
throw new ArgumentException("p and q cannot be equal");
}
var tmp = p;
p = q;
q = tmp;
}
_d = new MPInteger(d);
_p = new MPInteger(p);
_q = new MPInteger(q);
_u = new MPInteger(p.ModInverse(q));
_expP = d.Remainder(p.Subtract(BigInteger.One));
_expQ = d.Remainder(q.Subtract(BigInteger.One));
_crt = q.ModInverse(p);
}
/**
* return true if the value r and s represent a DSA signature for
* the passed in message for standard DSA the message should be a
* SHA-1 hash of the real message to be verified.
*/
public bool VerifySignature(byte[] message, IBigInteger r, IBigInteger s)
{
var parameters = _key.Parameters;
var q = parameters.Q;
var m = CalculateE(q, message);
if (r.SignValue <= 0 || q.CompareTo(r) <= 0)
{
return(false);
}
if (s.SignValue <= 0 || q.CompareTo(s) <= 0)
{
return(false);
}
var w = s.ModInverse(q);
var u1 = m.Multiply(w).Mod(q);
var u2 = r.Multiply(w).Mod(q);
var p = parameters.P;
u1 = parameters.G.ModPow(u1, p);
u2 = ((DsaPublicKeyParameters)_key).Y.ModPow(u2, p);
var v = u1.Multiply(u2).Mod(p).Mod(q);
return(v.Equals(r));
}
/*
* Unblind the message blinded with the blind factor.
*/
private IBigInteger UnblindMessage(
IBigInteger blindedMsg)
{
IBigInteger m = key.Modulus;
IBigInteger msg = blindedMsg;
IBigInteger blindFactorInverse = blindingFactor.ModInverse(m);
msg = msg.Multiply(blindFactorInverse);
msg = msg.Mod(m);
return(msg);
}
public void TestModInverse()
{
for (int i = 0; i < 10; ++i)
{
IBigInteger p = BigInteger.ProbablePrime(64, _random);
IBigInteger q = new BigInteger(63, _random).Add(one);
IBigInteger inv = q.ModInverse(p);
IBigInteger inv2 = inv.ModInverse(p);
Assert.AreEqual(q, inv2);
Assert.AreEqual(one, q.Multiply(inv).Mod(p));
}
}
/**
* Process a single block using the basic RSA algorithm.
*
* @param inBuf the input array.
* @param inOff the offset into the input buffer where the data starts.
* @param inLen the length of the data to be processed.
* @return the result of the RSA process.
* @exception DataLengthException the input block is too large.
*/
public byte[] ProcessBlock(
byte[] inBuf,
int inOff,
int inLen)
{
if (key == null)
{
throw new InvalidOperationException("RSA engine not initialised");
}
IBigInteger input = core.ConvertInput(inBuf, inOff, inLen);
IBigInteger result;
if (key is RsaPrivateCrtKeyParameters)
{
RsaPrivateCrtKeyParameters k = (RsaPrivateCrtKeyParameters)key;
IBigInteger e = k.PublicExponent;
if (e != null) // can't do blinding without a public exponent
{
IBigInteger m = k.Modulus;
IBigInteger r = BigIntegers.CreateRandomInRange(
BigInteger.One, m.Subtract(BigInteger.One), random);
IBigInteger blindedInput = r.ModPow(e, m).Multiply(input).Mod(m);
IBigInteger blindedResult = core.ProcessBlock(blindedInput);
IBigInteger rInv = r.ModInverse(m);
result = blindedResult.Multiply(rInv).Mod(m);
}
else
{
result = core.ProcessBlock(input);
}
}
else
{
result = core.ProcessBlock(input);
}
return(core.ConvertOutput(result));
}
/**
* Computes the integer x that is expressed through the given primes and the
* congruences with the chinese remainder theorem (CRT).
*
* @param congruences
* the congruences c_i
* @param primes
* the primes p_i
* @return an integer x for that x % p_i == c_i
*/
private static IBigInteger chineseRemainder(IList congruences, IList primes)
{
IBigInteger retval = BigInteger.Zero;
IBigInteger all = BigInteger.One;
for (int i = 0; i < primes.Count; i++)
{
all = all.Multiply((BigInteger)primes[i]);
}
for (int i = 0; i < primes.Count; i++)
{
IBigInteger a = (BigInteger)primes[i];
IBigInteger b = all.Divide(a);
IBigInteger b2 = b.ModInverse(a);
IBigInteger tmp = b.Multiply(b2);
tmp = tmp.Multiply((BigInteger)congruences[i]);
retval = retval.Add(tmp);
}
return(retval.Mod(all));
}
public RsaSecretBcpgKey(IBigInteger d, IBigInteger p, IBigInteger q)
{
// PGP requires (p < q)
var cmp = p.CompareTo(q);
if (cmp >= 0)
{
if (cmp == 0)
throw new ArgumentException("p and q cannot be equal");
var tmp = p;
p = q;
q = tmp;
}
_d = new MPInteger(d);
_p = new MPInteger(p);
_q = new MPInteger(q);
_u = new MPInteger(p.ModInverse(q));
_expP = d.Remainder(p.Subtract(BigInteger.One));
_expQ = d.Remainder(q.Subtract(BigInteger.One));
_crt = q.ModInverse(p);
}
// 5.4 pg 29
/**
* return true if the value r and s represent a DSA signature for
* the passed in message (for standard DSA the message should be
* a SHA-1 hash of the real message to be verified).
*/
public bool VerifySignature(byte[] message, IBigInteger r, IBigInteger s)
{
var n = _key.Parameters.N;
// r and s should both in the range [1,n-1]
if (r.SignValue < 1 || s.SignValue < 1 || r.CompareTo(n) >= 0 || s.CompareTo(n) >= 0)
{
return false;
}
var e = CalculateE(n, message);
var c = s.ModInverse(n);
var u1 = e.Multiply(c).Mod(n);
var u2 = r.Multiply(c).Mod(n);
var g = _key.Parameters.G;
var q = ((ECPublicKeyParameters)_key).Q;
var point = ECAlgorithms.SumOfTwoMultiplies(g, u1, q, u2);
var v = point.X.ToBigInteger().Mod(n);
return v.Equals(r);
}
/**
* return true if the value r and s represent a DSA signature for
* the passed in message for standard DSA the message should be a
* SHA-1 hash of the real message to be verified.
*/
public bool VerifySignature(byte[] message, IBigInteger r, IBigInteger s)
{
var parameters = _key.Parameters;
var q = parameters.Q;
var m = CalculateE(q, message);
if (r.SignValue <= 0 || q.CompareTo(r) <= 0)
{
return false;
}
if (s.SignValue <= 0 || q.CompareTo(s) <= 0)
{
return false;
}
var w = s.ModInverse(q);
var u1 = m.Multiply(w).Mod(q);
var u2 = r.Multiply(w).Mod(q);
var p = parameters.P;
u1 = parameters.G.ModPow(u1, p);
u2 = ((DsaPublicKeyParameters)_key).Y.ModPow(u2, p);
var v = u1.Multiply(u2).Mod(p).Mod(q);
return v.Equals(r);
}
