public int CreateServerKeyExchangeSign(SecurityParameters sparams, byte[] params_buffer, int params_offset, int params_length, byte[] sign_buffer, int sign_offset)
{
byte[] hash;
using (SHA1Managed sha1 = new SHA1Managed()) {
sha1.Initialize();
sha1.TransformBlock(sparams.ClientRandom, 0, sparams.ClientRandom.Length, sparams.ClientRandom, 0);
sha1.TransformBlock(sparams.ServerRandom, 0, sparams.ServerRandom.Length, sparams.ServerRandom, 0);
sha1.TransformBlock(params_buffer, params_offset, params_length, params_buffer, params_offset);
sha1.TransformFinalBlock(Utility.EmptyByteArray, 0, 0);
hash = sha1.Hash;
}
// 署名
byte[] sign = _ecdsa.SignHash(hash);
// DER形式に変換
// TODO: 400bit以上の署名サイズに対応させる
byte der_len = (byte)(sign.Length + 6);
byte int_len = (byte)(sign.Length >> 1);
sign_buffer[sign_offset + 0] = 0x30;
sign_buffer[sign_offset + 1] = (byte)(der_len - 2);
sign_buffer[sign_offset + 2] = 0x02;
sign_buffer[sign_offset + 3] = int_len;
Buffer.BlockCopy(sign, 0, sign_buffer, sign_offset + 4, int_len);
sign_offset += int_len + 4;
sign_buffer[sign_offset + 0] = 0x02;
sign_buffer[sign_offset + 1] = int_len;
Buffer.BlockCopy(sign, int_len, sign_buffer, sign_offset + 2, int_len);
return(der_len);
}
public void PrivateKeyTest()
{
ECDSA ecdsa = new ECDSA(ECDomainNames.secp192r1);
byte[] hash = RNG.GetBytes(ecdsa.KeySize >> 3);
byte[] sign = ecdsa.SignHash(hash);
byte[] publicKey = ecdsa.Parameters.PublicKey;
byte[] privateKey = ecdsa.Parameters.PrivateKey;
ecdsa = new ECDSA(ECDomainNames.secp192r1);
ecdsa.Parameters.PublicKey = publicKey;
Assert.IsTrue(ecdsa.VerifyHash(hash, sign), "Success Test #1");
sign[0]++;
Assert.IsFalse(ecdsa.VerifyHash(hash, sign), "Failure Test #1");
ecdsa = new ECDSA(ECDomainNames.secp192r1);
ecdsa.Parameters.PrivateKey = privateKey;
hash = RNG.GetBytes(ecdsa.KeySize >> 3);
sign = ecdsa.SignHash(hash);
ecdsa = new ECDSA(ECDomainNames.secp192r1);
ecdsa.Parameters.PublicKey = publicKey;
Assert.IsTrue(ecdsa.VerifyHash(hash, sign), "Success Test #2");
sign[0]++;
Assert.IsFalse(ecdsa.VerifyHash(hash, sign), "Failure Test #2");
}
public void PrivateKeyTest ()
{
ECDSA ecdsa = new ECDSA (ECDomainNames.secp192r1);
byte[] hash = RNG.GetBytes (ecdsa.KeySize >> 3);
byte[] sign = ecdsa.SignHash (hash);
byte[] publicKey = ecdsa.Parameters.PublicKey;
byte[] privateKey = ecdsa.Parameters.PrivateKey;
ecdsa = new ECDSA (ECDomainNames.secp192r1);
ecdsa.Parameters.PublicKey = publicKey;
Assert.IsTrue (ecdsa.VerifyHash (hash, sign), "Success Test #1");
sign[0]++;
Assert.IsFalse (ecdsa.VerifyHash (hash, sign), "Failure Test #1");
ecdsa = new ECDSA (ECDomainNames.secp192r1);
ecdsa.Parameters.PrivateKey = privateKey;
hash = RNG.GetBytes (ecdsa.KeySize >> 3);
sign = ecdsa.SignHash (hash);
ecdsa = new ECDSA (ECDomainNames.secp192r1);
ecdsa.Parameters.PublicKey = publicKey;
Assert.IsTrue (ecdsa.VerifyHash (hash, sign), "Success Test #2");
sign[0]++;
Assert.IsFalse (ecdsa.VerifyHash (hash, sign), "Failure Test #2");
}
static void SignVerifyTest(ECDomainNames domainName)
{
int repeat = 5;
for (int i = 0; i < repeat; i++)
{
ECDSA ecdsa = new ECDSA(domainName);
byte[] pubKey = ecdsa.Parameters.PublicKey;
byte[] hash = RNG.GetBytes(ecdsa.KeySize >> 3);
byte[] sign = ecdsa.SignHash(hash);
ecdsa = new ECDSA(domainName);
ecdsa.Parameters.PublicKey = pubKey;
Assert.IsTrue(ecdsa.VerifyHash(hash, sign), "Success Test " + domainName.ToString());
sign[0]++;
Assert.IsFalse(ecdsa.VerifyHash(hash, sign), "Failure Test " + domainName.ToString());
}
}
public void Test_GEC2()
{
ECDSA ecdsa1 = new ECDSA(ECDomainNames.secp160r1);
ECDSA ecdsa2 = new ECDSA(ECDomainNames.secp160r1);
ecdsa1.Parameters.PrivateKey = new byte[] { 0xAA, 0x37, 0x4F, 0xFC, 0x3C, 0xE1, 0x44, 0xE6, 0xB0, 0x73, 0x30, 0x79, 0x72, 0xCB, 0x6D, 0x57, 0xB2, 0xA4, 0xE9, 0x82 };
ecdsa2.Parameters.PublicKey = ecdsa1.Parameters.PublicKey;
byte[] k = openCrypto.FiniteField.Number.Parse("702232148019446860144825009548118511996283736794", 10).ToByteArray(20, false);
byte[] H = new byte[] { 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E, 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D };
byte[] expectedSign = new byte[] {
0xCE, 0x28, 0x73, 0xE5, 0xBE, 0x44, 0x95, 0x63, 0x39, 0x1F, 0xEB, 0x47, 0xDD, 0xCB, 0xA2, 0xDC, 0x16, 0x37, 0x91, 0x91,
0x34, 0x80, 0xEC, 0x13, 0x71, 0xA0, 0x91, 0xA4, 0x64, 0xB3, 0x1C, 0xE4, 0x7D, 0xF0, 0xCB, 0x8A, 0xA2, 0xD9, 0x8B, 0x54,
};
byte[] sign = ecdsa1.SignHash(H, k);
Assert.AreEqual(expectedSign, sign);
Assert.IsTrue(ecdsa2.VerifyHash(H, sign));
}
private void btnStartECDSA_Click (object sender, EventArgs e)
{
byte[] hash = new byte[160 >> 3];
Stopwatch sw = new Stopwatch ();
double ocSignTime, ocVerifyTime, bcSignTime, bcVerifyTime;
{
ECDSA ecdsa = new ECDSA (ECDomainNames.secp192r1);
ecdsa.ToXmlString (false);
sw.Reset ();
sw.Start ();
byte[] ecdsaSign = ecdsa.SignHash (hash);
sw.Stop ();
ocSignTime = sw.Elapsed.TotalSeconds;
sw.Reset ();
sw.Start ();
ecdsa.VerifyHash (hash, ecdsaSign);
sw.Stop ();
ocVerifyTime = sw.Elapsed.TotalSeconds;
}
{
ECDsaSigner ecdsa = new ECDsaSigner ();
X9ECParameters SEC_P192r1 = SecNamedCurves.GetByName ("secp192r1");
BigInteger key = new BigInteger (SEC_P192r1.N.BitCount, new Random ());
ECDomainParameters domain = new ECDomainParameters (SEC_P192r1.Curve, SEC_P192r1.G, SEC_P192r1.N);
ECPrivateKeyParameters privateKey = new ECPrivateKeyParameters (key, domain);
ECPoint publicKeyPoint = SEC_P192r1.G.Multiply (key);
ECPublicKeyParameters publicKey = new ECPublicKeyParameters (publicKeyPoint, domain);
ecdsa.Init (true, privateKey);
sw.Reset ();
sw.Start ();
BigInteger[] sign = ecdsa.GenerateSignature (hash);
sw.Stop ();
bcSignTime = sw.Elapsed.TotalSeconds;
ecdsa.Init (false, publicKey);
sw.Reset ();
sw.Start ();
ecdsa.VerifySignature (hash, sign[0], sign[1]);
sw.Stop ();
bcVerifyTime = sw.Elapsed.TotalSeconds;
}
double scale = 1000;
bcSignTime *= scale;
bcVerifyTime *= scale;
ocSignTime *= scale;
ocVerifyTime *= scale;
lblBCSign.Text = "Sign (" + bcSignTime.ToString ("f2") + "ms)";
lblBCVerify.Text = "Verify (" + bcVerifyTime.ToString ("f2") + "ms)";
lblOCSign.Text = "Sign (" + ocSignTime.ToString ("f2") + "ms)";
lblOCVerify.Text = "Verify (" + ocVerifyTime.ToString ("f2") + "ms)";
double max = Math.Max (ocSignTime, Math.Max (ocVerifyTime, Math.Max (bcSignTime, bcVerifyTime)));
max *= 1.1;
pbEcdsaSignBC.Maximum = pbEcdsaVerifyBC.Maximum = pbEcdsaSignOC.Maximum = pbEcdsaVerifyOC.Maximum = (int)max;
pbEcdsaSignBC.Value = (int)bcSignTime;
pbEcdsaVerifyBC.Value = (int)bcVerifyTime;
pbEcdsaSignOC.Value = (int)ocSignTime;
pbEcdsaVerifyOC.Value = (int)ocVerifyTime;
}
public void Sign(ECKeyPair privateKey)
{
_key = Key.Create (privateKey);
using (ECDSA ecdsa = new ECDSA (privateKey)) {
_sign = ecdsa.SignHash (ComputeHash ());
}
}
private void btnStartECDSA_Click(object sender, EventArgs e)
{
byte[] hash = new byte[160 >> 3];
Stopwatch sw = new Stopwatch();
double ocSignTime, ocVerifyTime, bcSignTime, bcVerifyTime;
{
ECDSA ecdsa = new ECDSA(ECDomainNames.secp192r1);
ecdsa.ToXmlString(false);
sw.Reset();
sw.Start();
byte[] ecdsaSign = ecdsa.SignHash(hash);
sw.Stop();
ocSignTime = sw.Elapsed.TotalSeconds;
sw.Reset();
sw.Start();
ecdsa.VerifyHash(hash, ecdsaSign);
sw.Stop();
ocVerifyTime = sw.Elapsed.TotalSeconds;
}
{
ECDsaSigner ecdsa = new ECDsaSigner();
X9ECParameters SEC_P192r1 = SecNamedCurves.GetByName("secp192r1");
BigInteger key = new BigInteger(SEC_P192r1.N.BitCount, new Random());
ECDomainParameters domain = new ECDomainParameters(SEC_P192r1.Curve, SEC_P192r1.G, SEC_P192r1.N);
ECPrivateKeyParameters privateKey = new ECPrivateKeyParameters(key, domain);
ECPoint publicKeyPoint = SEC_P192r1.G.Multiply(key);
ECPublicKeyParameters publicKey = new ECPublicKeyParameters(publicKeyPoint, domain);
ecdsa.Init(true, privateKey);
sw.Reset();
sw.Start();
BigInteger[] sign = ecdsa.GenerateSignature(hash);
sw.Stop();
bcSignTime = sw.Elapsed.TotalSeconds;
ecdsa.Init(false, publicKey);
sw.Reset();
sw.Start();
ecdsa.VerifySignature(hash, sign[0], sign[1]);
sw.Stop();
bcVerifyTime = sw.Elapsed.TotalSeconds;
}
double scale = 1000;
bcSignTime *= scale;
bcVerifyTime *= scale;
ocSignTime *= scale;
ocVerifyTime *= scale;
lblBCSign.Text = "Sign (" + bcSignTime.ToString("f2") + "ms)";
lblBCVerify.Text = "Verify (" + bcVerifyTime.ToString("f2") + "ms)";
lblOCSign.Text = "Sign (" + ocSignTime.ToString("f2") + "ms)";
lblOCVerify.Text = "Verify (" + ocVerifyTime.ToString("f2") + "ms)";
double max = Math.Max(ocSignTime, Math.Max(ocVerifyTime, Math.Max(bcSignTime, bcVerifyTime)));
max *= 1.1;
pbEcdsaSignBC.Maximum = pbEcdsaVerifyBC.Maximum = pbEcdsaSignOC.Maximum = pbEcdsaVerifyOC.Maximum = (int)max;
pbEcdsaSignBC.Value = (int)bcSignTime;
pbEcdsaVerifyBC.Value = (int)bcVerifyTime;
pbEcdsaSignOC.Value = (int)ocSignTime;
pbEcdsaVerifyOC.Value = (int)ocVerifyTime;
}
public void Test_GEC2 ()
{
ECDSA ecdsa1 = new ECDSA (ECDomainNames.secp160r1);
ECDSA ecdsa2 = new ECDSA (ECDomainNames.secp160r1);
ecdsa1.Parameters.PrivateKey = new byte[] {0xAA, 0x37, 0x4F, 0xFC, 0x3C, 0xE1, 0x44, 0xE6, 0xB0, 0x73, 0x30, 0x79, 0x72, 0xCB, 0x6D, 0x57, 0xB2, 0xA4, 0xE9, 0x82};
ecdsa2.Parameters.PublicKey = ecdsa1.Parameters.PublicKey;
byte[] k = openCrypto.FiniteField.Number.Parse ("702232148019446860144825009548118511996283736794", 10).ToByteArray (20, false);
byte[] H = new byte[] {0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E, 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D};
byte[] expectedSign = new byte[] {
0xCE, 0x28, 0x73, 0xE5, 0xBE, 0x44, 0x95, 0x63, 0x39, 0x1F, 0xEB, 0x47, 0xDD, 0xCB, 0xA2, 0xDC, 0x16, 0x37, 0x91, 0x91,
0x34, 0x80, 0xEC, 0x13, 0x71, 0xA0, 0x91, 0xA4, 0x64, 0xB3, 0x1C, 0xE4, 0x7D, 0xF0, 0xCB, 0x8A, 0xA2, 0xD9, 0x8B, 0x54,
};
byte[] sign = ecdsa1.SignHash (H, k);
Assert.AreEqual (expectedSign, sign);
Assert.IsTrue (ecdsa2.VerifyHash (H, sign));
}
static void SignVerifyTest (ECDomainNames domainName)
{
int repeat = 5;
for (int i = 0; i < repeat; i ++) {
ECDSA ecdsa = new ECDSA (domainName);
byte[] pubKey = ecdsa.Parameters.PublicKey;
byte[] hash = RNG.GetBytes (ecdsa.KeySize >> 3);
byte[] sign = ecdsa.SignHash (hash);
ecdsa = new ECDSA (domainName);
ecdsa.Parameters.PublicKey = pubKey;
Assert.IsTrue (ecdsa.VerifyHash (hash, sign), "Success Test " + domainName.ToString ());
sign[0]++;
Assert.IsFalse (ecdsa.VerifyHash (hash, sign), "Failure Test " + domainName.ToString ());
}
}