public void ShouldVerifyRandomlyGeneratedSignatures(ModeValues mode, DigestSizes digest, Curve curveEnum)
{
var nonces = new List <BigInteger>();
var hashFunction = new HashFunction(mode, digest);
var shaFactory = new NativeShaFactory();
var sha = shaFactory.GetShaInstance(hashFunction);
var hmacFactory = new HmacFactory(shaFactory);
var hmac = hmacFactory.GetHmacInstance(hashFunction);
var subject = new EccDsa(sha, new DeterministicNonceProvider(hmac), EntropyProviderTypes.Random);
var curveFactory = new EccCurveFactory();
var curve = curveFactory.GetCurve(curveEnum);
var domainParams = new EccDomainParameters(curve);
var key = subject.GenerateKeyPair(domainParams).KeyPair;
var rand = new Random800_90();
for (var i = 0; i < 100; i++)
{
var message = rand.GetRandomBitString(1024);
var signature = subject.Sign(domainParams, key, message).Signature;
var verify = subject.Verify(domainParams, key, message, signature);
nonces.Add(signature.R);
Assert.IsTrue(verify.Success, verify.ErrorMessage);
}
// Check nonces for uniqueness
Assert.AreEqual(nonces.Count, nonces.Distinct().Count(), "Repeated nonce detected");
}
public void ShouldReturnSelectedLength(int length)
{
var subject = new Random800_90();
var result = subject.GetRandomBitString(length);
Assert.That(result != null);
Assert.AreEqual(length, result.BitLength);
}
public void ShouldReturnZeroLengthBitStringForZeroOrLessLengths(int length)
{
var subject = new Random800_90();
var result = subject.GetRandomBitString(length);
Assert.IsNotNull(result);
Assert.AreEqual(0, result.BitLength);
}
public void ShouldEncryptDecrypt(int ptLen, int aadLen, int keyLen)
{
var rand = new Random800_90();
var plaintext = rand.GetRandomBitString(ptLen);
var aad = rand.GetRandomBitString(aadLen);
var key = rand.GetRandomBitString(keyLen);
var iv = rand.GetRandomBitString(96);
var param = new AeadModeBlockCipherParameters(BlockCipherDirections.Encrypt, iv, key, plaintext, aad, 0);
var result = _subject.ProcessPayload(param);
Assert.IsTrue(result.Success);
var param2 = new AeadModeBlockCipherParameters(BlockCipherDirections.Decrypt, iv, key, result.Result, aad, new BitString(0));
var result2 = _subject.ProcessPayload(param2);
Assert.IsTrue(result.Success);
}
/// <summary>
/// Generates a random key based on the key option
/// Keying option 1: key1, key2, key3
/// Keying option 2: key1, key2, key1
/// </summary>
/// <param name="keyingOption">The keying option to get the number of keys for</param>
/// <returns></returns>
public static BitString GenerateTdesKey(int keyingOption)
{
if (keyingOption == 1)
{
var key1 = random800_90.GetRandomBitString(64);
var key2 = random800_90.GetRandomBitString(64);
var key3 = random800_90.GetRandomBitString(64);
return(key1.ConcatenateBits(key2).ConcatenateBits(key3).ToOddParityBitString());
}
else if (keyingOption == 2)
{
var key1 = random800_90.GetRandomBitString(64);
var key2 = random800_90.GetRandomBitString(64);
return(key1.ConcatenateBits(key2).ConcatenateBits(key1).ToOddParityBitString());
}
else
{
throw new ArgumentException($"Invalid {nameof(keyingOption)} provided.");
}
}
/// <summary>
/// B.1.1 from FIPS 186-4. This is equivalent to B.1.2, the other KeyGeneration method.
/// </summary>
/// <param name="domainParameters"></param>
/// <returns></returns>
public FfcKeyPairGenerateResult GenerateKeyPair(FfcDomainParameters domainParameters)
{
var L = new BitString(domainParameters.P).BitLength;
var N = new BitString(domainParameters.Q).BitLength;
// Shouldn't really be necessary but just in case
if (!DSAHelper.VerifyLenPair(L, N))
{
return(new FfcKeyPairGenerateResult("Invalid L, N pair"));
}
var rand = new Random800_90();
var c = rand.GetRandomBitString(N + 64).ToPositiveBigInteger();
var x = (c % (domainParameters.Q - 1)) + 1;
var y = BigInteger.ModPow(domainParameters.G, x, domainParameters.P);
return(new FfcKeyPairGenerateResult(new FfcKeyPair(x, y)));
}
