public void TestECDsa191bitBinary()
{
BigInteger r = new BigInteger("87194383164871543355722284926904419997237591535066528048");
BigInteger s = new BigInteger("308992691965804947361541664549085895292153777025772063598");
byte[] kData = BigIntegers.AsUnsignedByteArray(new BigInteger("1542725565216523985789236956265265265235675811949404040041"));
SecureRandom k = FixedSecureRandom.From(kData);
F2mCurve curve = new F2mCurve(
191, // m
9, //k
new BigInteger("2866537B676752636A68F56554E12640276B649EF7526267", 16), // a
new BigInteger("2E45EF571F00786F67B0081B9495A3D95462F5DE0AA185EC", 16)); // b
ECDomainParameters parameters = new ECDomainParameters(
curve,
curve.DecodePoint(Hex.Decode("0436B3DAF8A23206F9C4F299D7B21A9C369137F2C84AE1AA0D765BE73433B3F95E332932E70EA245CA2418EA0EF98018FB")), // G
new BigInteger("1569275433846670190958947355803350458831205595451630533029"), // n
BigInteger.Two); // h
ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
"ECDSA",
new BigInteger("1275552191113212300012030439187146164646146646466749494799"), // d
parameters);
ECDsaSigner ecdsa = new ECDsaSigner();
ParametersWithRandom param = new ParametersWithRandom(priKey, k);
ecdsa.Init(true, param);
byte[] message = new BigInteger("968236873715988614170569073515315707566766479517").ToByteArray();
BigInteger[] sig = ecdsa.GenerateSignature(message);
if (!r.Equals(sig[0]))
{
Fail("r component wrong." + SimpleTest.NewLine
+ " expecting: " + r + SimpleTest.NewLine
+ " got : " + sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail("s component wrong." + SimpleTest.NewLine
+ " expecting: " + s + SimpleTest.NewLine
+ " got : " + sig[1]);
}
// Verify the signature
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
"ECDSA",
curve.DecodePoint(Hex.Decode("045DE37E756BD55D72E3768CB396FFEB962614DEA4CE28A2E755C0E0E02F5FB132CAF416EF85B229BBB8E1352003125BA1")), // Q
parameters);
ecdsa.Init(false, pubKey);
if (!ecdsa.VerifySignature(message, sig[0], sig[1]))
{
Fail("signature fails");
}
}
public void TestECNR521bitPrime()
{
BigInteger r = new BigInteger("1820641608112320695747745915744708800944302281118541146383656165330049339564439316345159057453301092391897040509935100825960342573871340486684575368150970954");
BigInteger s = new BigInteger("6358277176448326821136601602749690343031826490505780896013143436153111780706227024847359990383467115737705919410755190867632280059161174165591324242446800763");
byte[] kData = new BigInteger("cdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef", 16).ToByteArrayUnsigned();
SecureRandom k = FixedSecureRandom.From(kData);
X9ECParameters p = SecNamedCurves.GetByOid(SecObjectIdentifiers.SecP521r1);
ECDomainParameters spec = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
ECCurve curve = spec.Curve;
ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
new BigInteger("5769183828869504557786041598510887460263120754767955773309066354712783118202294874205844512909370791582896372147797293913785865682804434049019366394746072023"), // d
spec);
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
curve.DecodePoint(Hex.Decode("02006BFDD2C9278B63C92D6624F151C9D7A822CC75BD983B17D25D74C26740380022D3D8FAF304781E416175EADF4ED6E2B47142D2454A7AC7801DD803CF44A4D1F0AC")), // Q
spec);
ISigner sgr = SignerUtilities.GetSigner("SHA512withECNR");
byte[] message = new byte[] { (byte)'a', (byte)'b', (byte)'c' };
checkSignature(521, priKey, pubKey, sgr, k, message, r, s);
}
public void TestECNR192bitPrime()
{
BigInteger r = new BigInteger("2474388605162950674935076940284692598330235697454145648371");
BigInteger s = new BigInteger("2997192822503471356158280167065034437828486078932532073836");
byte[] kData = new BigInteger("dcc5d1f1020906df2782360d36b2de7a17ece37d503784af", 16).ToByteArrayUnsigned();
SecureRandom k = FixedSecureRandom.From(kData);
X9ECParameters p = X962NamedCurves.GetByOid(X9ObjectIdentifiers.Prime192v1);
ECDomainParameters spec = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
ECCurve curve = spec.Curve;
ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
new BigInteger("651056770906015076056810763456358567190100156695615665659"), // d
spec);
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
curve.DecodePoint(Hex.Decode("0262B12D60690CDCF330BABAB6E69763B471F994DD702D16A5")), // Q
spec);
ISigner sgr = SignerUtilities.GetSigner("SHA1withECNR");
byte[] message = new byte[] { (byte)'a', (byte)'b', (byte)'c' };
checkSignature(192, priKey, pubKey, sgr, k, message, r, s);
}
public void TestECDsaP521Sha512()
{
X9ECParameters p = NistNamedCurves.GetByName("P-521");
var parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
var priKey = new ECPrivateKeyParameters(
new BigInteger(
"617573726813476282316253885608633222275541026607493641741273231656161177732180358888434629562647985511298272498852936680947729040673640492310550142822667389"),
// d
parameters);
SecureRandom k =
FixedSecureRandom.From(
BigIntegers.AsUnsignedByteArray(
new BigInteger(
"6806532878215503520845109818432174847616958675335397773700324097584974639728725689481598054743894544060040710846048585856076812050552869216017728862957612913")));
byte[] m =
Hex.Decode(
"6893B64BD3A9615C39C3E62DDD269C2BAAF1D85915526083183CE14C2E883B48B193607C1ED871852C9DF9C3147B574DC1526C55DE1FE263A676346A20028A66");
var dsa = new ECDsaSigner();
dsa.Init(true, new ParametersWithRandom(priKey, k));
IBigInteger[] sig = dsa.GenerateSignature(m);
IBigInteger r =
new BigInteger(
"1368926195812127407956140744722257403535864168182534321188553460365652865686040549247096155740756318290773648848859639978618869784291633651685766829574104630");
IBigInteger s =
new BigInteger(
"1624754720348883715608122151214003032398685415003935734485445999065609979304811509538477657407457976246218976767156629169821116579317401249024208611945405790");
if (!r.Equals(sig[0]))
{
Fail("r component wrong." + NewLine
+ " expecting: " + r + NewLine
+ " got : " + sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail("s component wrong." + NewLine
+ " expecting: " + s + NewLine
+ " got : " + sig[1]);
}
// Verify the signature
var pubKey = new ECPublicKeyParameters(
parameters.Curve.DecodePoint(
Hex.Decode(
"020145E221AB9F71C5FE740D8D2B94939A09E2816E2167A7D058125A06A80C014F553E8D6764B048FB6F2B687CEC72F39738F223D4CE6AFCBFF2E34774AA5D3C342CB3")),
// Q
parameters);
dsa.Init(false, pubKey);
if (!dsa.VerifySignature(m, sig[0], sig[1]))
{
Fail("signature fails");
}
}
public void TestECDsa239BitPrime()
{
IBigInteger r = new BigInteger("308636143175167811492622547300668018854959378758531778147462058306432176");
IBigInteger s = new BigInteger("323813553209797357708078776831250505931891051755007842781978505179448783");
byte[] kData =
BigIntegers.AsUnsignedByteArray(
new BigInteger("700000017569056646655505781757157107570501575775705779575555657156756655"));
SecureRandom k = FixedSecureRandom.From(kData);
var curve = new FPCurve(
new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"), // q
new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16), // a
new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16)); // b
var parameters = new ECDomainParameters(
curve,
curve.DecodePoint(Hex.Decode("020ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf")), // G
new BigInteger("883423532389192164791648750360308884807550341691627752275345424702807307")); // n
var priKey = new ECPrivateKeyParameters(
"ECDSA",
new BigInteger("876300101507107567501066130761671078357010671067781776716671676178726717"), // d
parameters);
var ecdsa = new ECDsaSigner();
var param = new ParametersWithRandom(priKey, k);
ecdsa.Init(true, param);
byte[] message = new BigInteger("968236873715988614170569073515315707566766479517").ToByteArray();
IBigInteger[] sig = ecdsa.GenerateSignature(message);
if (!r.Equals(sig[0]))
{
Fail("r component wrong." + NewLine
+ " expecting: " + r + NewLine
+ " got : " + sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail("s component wrong." + NewLine
+ " expecting: " + s + NewLine
+ " got : " + sig[1]);
}
// Verify the signature
var pubKey = new ECPublicKeyParameters(
"ECDSA",
curve.DecodePoint(Hex.Decode("025b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c70")), // Q
parameters);
ecdsa.Init(false, pubKey);
if (!ecdsa.VerifySignature(message, sig[0], sig[1]))
{
Fail("signature fails");
}
}
public void TestECNR192bitPrime()
{
IBigInteger r = new BigInteger("2474388605162950674935076940284692598330235697454145648371");
IBigInteger s = new BigInteger("2997192822503471356158280167065034437828486078932532073836");
byte[] kData = new BigInteger("dcc5d1f1020906df2782360d36b2de7a17ece37d503784af", 16).ToByteArrayUnsigned();
SecureRandom k = FixedSecureRandom.From(kData);
FPCurve curve = new FPCurve(
new BigInteger("6277101735386680763835789423207666416083908700390324961279"), // q (or p)
new BigInteger("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", 16), // a
new BigInteger("64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1", 16)); // b
ECDomainParameters spec = new ECDomainParameters(
curve,
curve.DecodePoint(Hex.Decode("03188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012")), // G
new BigInteger("6277101735386680763835789423176059013767194773182842284081")); // n
ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
new BigInteger("651056770906015076056810763456358567190100156695615665659"), // d
spec);
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
curve.DecodePoint(Hex.Decode("0262B12D60690CDCF330BABAB6E69763B471F994DD702D16A5")), // Q
spec);
ISigner sgr = SignerUtilities.GetSigner("SHA1withECNR");
byte[] message = new byte[] { (byte)'a', (byte)'b', (byte)'c' };
checkSignature(192, priKey, pubKey, sgr, k, message, r, s);
}
public void TestECNR239bitPrime()
{
IBigInteger r = new BigInteger("308636143175167811492623515537541734843573549327605293463169625072911693");
IBigInteger s = new BigInteger("852401710738814635664888632022555967400445256405412579597015412971797143");
byte[] kData = new BigInteger("700000017569056646655505781757157107570501575775705779575555657156756655").ToByteArrayUnsigned();
SecureRandom k = FixedSecureRandom.From(kData);
ECCurve curve = new FPCurve(
new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"), // q
new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16), // a
new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16)); // b
ECDomainParameters spec = new ECDomainParameters(
curve,
curve.DecodePoint(Hex.Decode("020ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf")), // G
new BigInteger("883423532389192164791648750360308884807550341691627752275345424702807307")); // n
ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
new BigInteger("876300101507107567501066130761671078357010671067781776716671676178726717"), // d
spec);
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
curve.DecodePoint(Hex.Decode("025b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c70")), // Q
spec);
ISigner sgr = SignerUtilities.GetSigner("SHA1withECNR");
byte[] message = new byte[] { (byte)'a', (byte)'b', (byte)'c' };
checkSignature(239, priKey, pubKey, sgr, k, message, r, s);
}
public void TestECNR521bitPrime()
{
IBigInteger r = new BigInteger("1820641608112320695747745915744708800944302281118541146383656165330049339564439316345159057453301092391897040509935100825960342573871340486684575368150970954");
IBigInteger s = new BigInteger("6358277176448326821136601602749690343031826490505780896013143436153111780706227024847359990383467115737705919410755190867632280059161174165591324242446800763");
byte[] kData = new BigInteger("cdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef", 16).ToByteArrayUnsigned();
SecureRandom k = FixedSecureRandom.From(kData);
FPCurve curve = new FPCurve(
new BigInteger("6864797660130609714981900799081393217269435300143305409394463459185543183397656052122559640661454554977296311391480858037121987999716643812574028291115057151"), // q (or p)
new BigInteger("01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC", 16), // a
new BigInteger("0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00", 16)); // b
ECDomainParameters spec = new ECDomainParameters(
curve,
//curve.DecodePoint(Hex.Decode("02C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66")), // G
curve.DecodePoint(Hex.Decode("0200C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66")), // G
new BigInteger("01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409", 16)); // n
ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
new BigInteger("5769183828869504557786041598510887460263120754767955773309066354712783118202294874205844512909370791582896372147797293913785865682804434049019366394746072023"), // d
spec);
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
//curve.DecodePoint(Hex.Decode("026BFDD2C9278B63C92D6624F151C9D7A822CC75BD983B17D25D74C26740380022D3D8FAF304781E416175EADF4ED6E2B47142D2454A7AC7801DD803CF44A4D1F0AC")), // Q
curve.DecodePoint(Hex.Decode("02006BFDD2C9278B63C92D6624F151C9D7A822CC75BD983B17D25D74C26740380022D3D8FAF304781E416175EADF4ED6E2B47142D2454A7AC7801DD803CF44A4D1F0AC")), // Q
spec);
ISigner sgr = SignerUtilities.GetSigner("SHA512withECNR");
byte[] message = new byte[] { (byte)'a', (byte)'b', (byte)'c' };
checkSignature(521, priKey, pubKey, sgr, k, message, r, s);
}
public void TestECDsa239bitBinary()
{
BigInteger r = new BigInteger("21596333210419611985018340039034612628818151486841789642455876922391552");
BigInteger s = new BigInteger("197030374000731686738334997654997227052849804072198819102649413465737174");
byte[] kData = BigIntegers.AsUnsignedByteArray(new BigInteger("171278725565216523967285789236956265265265235675811949404040041670216363"));
SecureRandom k = FixedSecureRandom.From(kData);
F2mCurve curve = new F2mCurve(
239, // m
36, //k
new BigInteger("32010857077C5431123A46B808906756F543423E8D27877578125778AC76", 16), // a
new BigInteger("790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16", 16)); // b
ECDomainParameters parameters = new ECDomainParameters(
curve,
curve.DecodePoint(Hex.Decode("0457927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305")), // G
new BigInteger("220855883097298041197912187592864814557886993776713230936715041207411783"), // n
BigInteger.ValueOf(4)); // h
ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
"ECDSA",
new BigInteger("145642755521911534651321230007534120304391871461646461466464667494947990"), // d
parameters);
ECDsaSigner ecdsa = new ECDsaSigner();
ParametersWithRandom param = new ParametersWithRandom(priKey, k);
ecdsa.Init(true, param);
byte[] message = new BigInteger("968236873715988614170569073515315707566766479517").ToByteArray();
BigInteger[] sig = ecdsa.GenerateSignature(message);
if (!r.Equals(sig[0]))
{
Fail("r component wrong." + SimpleTest.NewLine
+ " expecting: " + r + SimpleTest.NewLine
+ " got : " + sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail("s component wrong." + SimpleTest.NewLine
+ " expecting: " + s + SimpleTest.NewLine
+ " got : " + sig[1]);
}
// Verify the signature
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
"ECDSA",
curve.DecodePoint(Hex.Decode("045894609CCECF9A92533F630DE713A958E96C97CCB8F5ABB5A688A238DEED6DC2D9D0C94EBFB7D526BA6A61764175B99CB6011E2047F9F067293F57F5")), // Q
parameters);
ecdsa.Init(false, pubKey);
if (!ecdsa.VerifySignature(message, sig[0], sig[1]))
{
Fail("signature fails");
}
}
public void TestECNR239bitPrime()
{
BigInteger r = new BigInteger("308636143175167811492623515537541734843573549327605293463169625072911693");
BigInteger s = new BigInteger("852401710738814635664888632022555967400445256405412579597015412971797143");
byte[] kData = new BigInteger("700000017569056646655505781757157107570501575775705779575555657156756655").ToByteArrayUnsigned();
SecureRandom k = FixedSecureRandom.From(kData);
X9ECParameters p = X962NamedCurves.GetByOid(X9ObjectIdentifiers.Prime239v1);
ECDomainParameters spec = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
ECCurve curve = spec.Curve;
ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
new BigInteger("876300101507107567501066130761671078357010671067781776716671676178726717"), // d
spec);
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
curve.DecodePoint(Hex.Decode("025b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c70")), // Q
spec);
ISigner sgr = SignerUtilities.GetSigner("SHA1withECNR");
byte[] message = new byte[] { (byte)'a', (byte)'b', (byte)'c' };
checkSignature(239, priKey, pubKey, sgr, k, message, r, s);
}
public void TestECDsa239BitBinary()
{
BigInteger r = new BigInteger("21596333210419611985018340039034612628818151486841789642455876922391552");
BigInteger s = new BigInteger("197030374000731686738334997654997227052849804072198819102649413465737174");
byte[] kData = BigIntegers.AsUnsignedByteArray(
new BigInteger("171278725565216523967285789236956265265265235675811949404040041670216363"));
SecureRandom k = FixedSecureRandom.From(kData);
X9ECParameters x9 = ECNamedCurveTable.GetByName("c2tnb239v1");
ECCurve curve = x9.Curve;
ECDomainParameters parameters = new ECDomainParameters(curve, x9.G, x9.N, x9.H);
ECPrivateKeyParameters sKey = new ECPrivateKeyParameters(
"ECDSA",
new BigInteger("145642755521911534651321230007534120304391871461646461466464667494947990"), // d
parameters);
ECPublicKeyParameters vKey = new ECPublicKeyParameters(
"ECDSA",
curve.DecodePoint(Hex.Decode("045894609CCECF9A92533F630DE713A958E96C97CCB8F5ABB5A688A238DEED6DC2D9D0C94EBFB7D526BA6A61764175B99CB6011E2047F9F067293F57F5")), // Q
parameters);
ISigner sgr = SignerUtilities.GetSigner("ECDSA");
byte[] message = Encoding.ASCII.GetBytes("abc");
sgr.Init(true, new ParametersWithRandom(sKey, k));
sgr.BlockUpdate(message, 0, message.Length);
byte[] sigBytes = sgr.GenerateSignature();
sgr.Init(false, vKey);
sgr.BlockUpdate(message, 0, message.Length);
if (!sgr.VerifySignature(sigBytes))
{
Fail("239 Bit EC verification failed");
}
BigInteger[] sig = DerDecode(sigBytes);
if (!r.Equals(sig[0]))
{
Fail("r component wrong." + SimpleTest.NewLine
+ " expecting: " + r + SimpleTest.NewLine
+ " got : " + sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail("s component wrong." + SimpleTest.NewLine
+ " expecting: " + s + SimpleTest.NewLine
+ " got : " + sig[1]);
}
}
public void TestECDsa192bitPrime()
{
BigInteger r = new BigInteger("3342403536405981729393488334694600415596881826869351677613");
BigInteger s = new BigInteger("5735822328888155254683894997897571951568553642892029982342");
byte[] kData = BigIntegers.AsUnsignedByteArray(new BigInteger("6140507067065001063065065565667405560006161556565665656654"));
SecureRandom k = FixedSecureRandom.From(kData);
FpCurve curve = new FpCurve(
new BigInteger("6277101735386680763835789423207666416083908700390324961279"), // q
new BigInteger("fffffffffffffffffffffffffffffffefffffffffffffffc", 16), // a
new BigInteger("64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1", 16)); // b
ECDomainParameters parameters = new ECDomainParameters(
curve,
curve.DecodePoint(Hex.Decode("03188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012")), // G
new BigInteger("6277101735386680763835789423176059013767194773182842284081")); // n
ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
"ECDSA",
new BigInteger("651056770906015076056810763456358567190100156695615665659"), // d
parameters);
ParametersWithRandom param = new ParametersWithRandom(priKey, k);
ECDsaSigner ecdsa = new ECDsaSigner();
ecdsa.Init(true, param);
byte[] message = new BigInteger("968236873715988614170569073515315707566766479517").ToByteArray();
BigInteger[] sig = ecdsa.GenerateSignature(message);
if (!r.Equals(sig[0]))
{
Fail("r component wrong." + SimpleTest.NewLine
+ " expecting: " + r + SimpleTest.NewLine
+ " got : " + sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail("s component wrong." + SimpleTest.NewLine
+ " expecting: " + s + SimpleTest.NewLine
+ " got : " + sig[1]);
}
// Verify the signature
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
"ECDSA",
curve.DecodePoint(Hex.Decode("0262b12d60690cdcf330babab6e69763b471f994dd702d16a5")), // Q
parameters);
ecdsa.Init(false, pubKey);
if (!ecdsa.VerifySignature(message, sig[0], sig[1]))
{
Fail("verification fails");
}
}
private void DoTestECDsa239BitBinary(
string algorithm,
DerObjectIdentifier oid)
{
BigInteger r = new BigInteger("21596333210419611985018340039034612628818151486841789642455876922391552");
BigInteger s = new BigInteger("197030374000731686738334997654997227052849804072198819102649413465737174");
byte[] kData = BigIntegers.AsUnsignedByteArray(
new BigInteger("171278725565216523967285789236956265265265235675811949404040041670216363"));
SecureRandom k = FixedSecureRandom.From(kData);
ECCurve curve = new F2mCurve(
239, // m
36, // k
new BigInteger("32010857077C5431123A46B808906756F543423E8D27877578125778AC76", 16), // a
new BigInteger("790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16", 16)); // b
ECDomainParameters parameters = new ECDomainParameters(
curve,
curve.DecodePoint(Hex.Decode("0457927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305")), // G
new BigInteger("220855883097298041197912187592864814557886993776713230936715041207411783"), // n
BigInteger.ValueOf(4)); // h
ECPrivateKeyParameters sKey = new ECPrivateKeyParameters(
new BigInteger("145642755521911534651321230007534120304391871461646461466464667494947990"), // d
parameters);
ECPublicKeyParameters vKey = new ECPublicKeyParameters(
curve.DecodePoint(Hex.Decode("045894609CCECF9A92533F630DE713A958E96C97CCB8F5ABB5A688A238DEED6DC2D9D0C94EBFB7D526BA6A61764175B99CB6011E2047F9F067293F57F5")), // Q
parameters);
ISigner sgr = SignerUtilities.GetSigner(algorithm);
byte[] message = Encoding.ASCII.GetBytes("abc");
sgr.Init(true, new ParametersWithRandom(sKey, k));
sgr.BlockUpdate(message, 0, message.Length);
byte[] sigBytes = sgr.GenerateSignature();
sgr = SignerUtilities.GetSigner(oid.Id);
sgr.Init(false, vKey);
sgr.BlockUpdate(message, 0, message.Length);
if (!sgr.VerifySignature(sigBytes))
{
Fail("239 Bit EC RIPEMD160 verification failed");
}
}
public void TestECDsaP256Sha256()
{
X9ECParameters p = NistNamedCurves.GetByName("P-256");
var parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
var priKey = new ECPrivateKeyParameters(
new BigInteger("20186677036482506117540275567393538695075300175221296989956723148347484984008"), // d
parameters);
SecureRandom k =
FixedSecureRandom.From(
BigIntegers.AsUnsignedByteArray(
new BigInteger("72546832179840998877302529996971396893172522460793442785601695562409154906335")));
byte[] m = Hex.Decode("1BD4ED430B0F384B4E8D458EFF1A8A553286D7AC21CB2F6806172EF5F94A06AD");
var dsa = new ECDsaSigner();
dsa.Init(true, new ParametersWithRandom(priKey, k));
IBigInteger[] sig = dsa.GenerateSignature(m);
IBigInteger r =
new BigInteger("97354732615802252173078420023658453040116611318111190383344590814578738210384");
IBigInteger s =
new BigInteger("98506158880355671805367324764306888225238061309262649376965428126566081727535");
if (!r.Equals(sig[0]))
{
Fail("r component wrong." + NewLine
+ " expecting: " + r + NewLine
+ " got : " + sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail("s component wrong." + NewLine
+ " expecting: " + s + NewLine
+ " got : " + sig[1]);
}
// Verify the signature
var pubKey = new ECPublicKeyParameters(
parameters.Curve.DecodePoint(
Hex.Decode("03596375E6CE57E0F20294FC46BDFCFD19A39F8161B58695B3EC5B3D16427C274D")), // Q
parameters);
dsa.Init(false, pubKey);
if (!dsa.VerifySignature(m, sig[0], sig[1]))
{
Fail("signature fails");
}
}
public void TestECDsaSecP224K1Sha256()
{
X9ECParameters p = SecNamedCurves.GetByName("secp224k1");
var parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
var priKey = new ECPrivateKeyParameters(
new BigInteger("BE6F6E91FE96840A6518B56F3FE21689903A64FA729057AB872A9F51", 16), // d
parameters);
SecureRandom k =
FixedSecureRandom.From(Hex.Decode("00c39beac93db21c3266084429eb9b846b787c094f23a4de66447efbb3"));
byte[] m = Hex.Decode("E5D5A7ADF73C5476FAEE93A2C76CE94DC0557DB04CDC189504779117920B896D");
var dsa = new ECDsaSigner();
dsa.Init(true, new ParametersWithRandom(priKey, k));
IBigInteger[] sig = dsa.GenerateSignature(m);
IBigInteger r = new BigInteger("8163E5941BED41DA441B33E653C632A55A110893133351E20CE7CB75", 16);
IBigInteger s = new BigInteger("D12C3FC289DDD5F6890DCE26B65792C8C50E68BF551D617D47DF15A8", 16);
if (!r.Equals(sig[0]))
{
Fail("r component wrong." + NewLine
+ " expecting: " + r + NewLine
+ " got : " + sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail("s component wrong." + NewLine
+ " expecting: " + s + NewLine
+ " got : " + sig[1]);
}
// Verify the signature
var pubKey = new ECPublicKeyParameters(
parameters.Curve.DecodePoint(
Hex.Decode(
"04C5C9B38D3603FCCD6994CBB9594E152B658721E483669BB42728520F484B537647EC816E58A8284D3B89DFEDB173AFDC214ECA95A836FA7C")),
// Q
parameters);
dsa.Init(false, pubKey);
if (!dsa.VerifySignature(m, sig[0], sig[1]))
{
Fail("signature fails");
}
}
public void TestECDsaP224Sha224()
{
X9ECParameters p = NistNamedCurves.GetByName("P-224");
var parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
var priKey = new ECPrivateKeyParameters(
new BigInteger("6081831502424510080126737029209236539191290354021104541805484120491"), // d
parameters);
SecureRandom k =
FixedSecureRandom.From(
BigIntegers.AsUnsignedByteArray(
new BigInteger("15456715103636396133226117016818339719732885723579037388121116732601")));
byte[] m = Hex.Decode("8797A3C693CC292441039A4E6BAB7387F3B4F2A63D00ED384B378C79");
var dsa = new ECDsaSigner();
dsa.Init(true, new ParametersWithRandom(priKey, k));
IBigInteger[] sig = dsa.GenerateSignature(m);
IBigInteger r = new BigInteger("26477406756127720855365980332052585411804331993436302005017227573742");
IBigInteger s = new BigInteger("17694958233103667059888193972742186995283044672015112738919822429978");
if (!r.Equals(sig[0]))
{
Fail("r component wrong." + NewLine
+ " expecting: " + r + NewLine
+ " got : " + sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail("s component wrong." + NewLine
+ " expecting: " + s + NewLine
+ " got : " + sig[1]);
}
// Verify the signature
var pubKey = new ECPublicKeyParameters(
parameters.Curve.DecodePoint(Hex.Decode("03FD44EC11F9D43D9D23B1E1D1C9ED6519B40ECF0C79F48CF476CC43F1")),
// Q
parameters);
dsa.Init(false, pubKey);
if (!dsa.VerifySignature(m, sig[0], sig[1]))
{
Fail("signature fails");
}
}
private void rawModeTest(string sigName, DerObjectIdentifier digestOID,
IAsymmetricKeyParameter privKey, IAsymmetricKeyParameter pubKey, SecureRandom random)
{
byte[] sampleMessage = new byte[1000 + random.Next() % 100];
random.NextBytes(sampleMessage);
ISigner normalSig = SignerUtilities.GetSigner(sigName);
// FIXME
// PSSParameterSpec spec = (PSSParameterSpec)normalSig.getParameters().getParameterSpec(PSSParameterSpec.class);
// Make sure we generate the same 'random' salt for both normal and raw signers
// FIXME
// int saltLen = spec.getSaltLength();
// byte[] fixedRandomBytes = new byte[saltLen];
byte[] fixedRandomBytes = new byte[128];
random.NextBytes(fixedRandomBytes);
normalSig.Init(true, new ParametersWithRandom(privKey, FixedSecureRandom.From(fixedRandomBytes)));
normalSig.BlockUpdate(sampleMessage, 0, sampleMessage.Length);
byte[] normalResult = normalSig.GenerateSignature();
byte[] hash = DigestUtilities.CalculateDigest(digestOID.Id, sampleMessage);
ISigner rawSig = SignerUtilities.GetSigner("RAWRSASSA-PSS");
// Need to init the params explicitly to avoid having a 'raw' variety of every PSS algorithm
// FIXME
// rawSig.setParameter(spec);
rawSig.Init(true, new ParametersWithRandom(privKey, FixedSecureRandom.From(fixedRandomBytes)));
rawSig.BlockUpdate(hash, 0, hash.Length);
byte[] rawResult = rawSig.GenerateSignature();
if (!Arrays.AreEqual(normalResult, rawResult))
{
Fail("raw mode signature differs from normal one");
}
rawSig.Init(false, pubKey);
rawSig.BlockUpdate(hash, 0, hash.Length);
if (!rawSig.VerifySignature(rawResult))
{
Fail("raw mode signature verification failed");
}
}
private SimpleTestResult Test431()
{
SecureRandom random = FixedSecureRandom.From(Hex.Decode("0000C4224DBBD800988DBAA39DE838294C345CDA5F5929D1174AA8D9340A5E79D10ACADE6B53CF873E7301A3871C2073AD75AB530457"));
byte[] hash = Hex.Decode("0137187EA862117EF1484289470ECAC802C5A651FDA8");
Array.Reverse(hash);
BigInteger r = new BigInteger("1911fefb1f494bebcf8dffdf5276946ff9c9f662192ee18c718db47310a439c784fe07577b16e1edbe16179876e0792a634f1c9c3a2e", 16);
BigInteger s = new BigInteger("3852170ee801c2083c52f1ea77b987a5432acecd9c654f064e87bf179e0a397151edbca430082e43bd38a67b55424b5bbc7f2713f620", 16);
F2mCurve curve = new F2mCurve(431, 1, 3, 5, BigInteger.One, new BigInteger("3CE10490F6A708FC26DFE8C3D27C4F94E690134D5BFF988D8D28AAEAEDE975936C66BAC536B18AE2DC312CA493117DAA469C640CAF3", 16));
ECPoint P = curve.CreatePoint(new BigInteger("9548BCDF314CEEEAF099C780FFEFBF93F9FE5B5F55547603C9C8FC1A2774170882B3BE35E892C6D4296B8DEA282EC30FB344272791", 16), new BigInteger("4C6CBD7C62A8EEEFDE17A8B5E196E49A22CE6DE128ABD9FBD81FA4411AD5A38E2A810BEDE09A7C6226BCDCB4A4A5DA37B4725E00AA74", 16));
BigInteger n = new BigInteger("3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFBA3175458009A8C0A724F02F81AA8A1FCBAF80D90C7A95110504CF", 16);
BigInteger d = new BigInteger("D0F97354E314191FD773E2404F478C8AEE0FF5109F39E6F37D1FEEC8B2ED1691D84C9882CC729E716A71CC013F66CAC60E29E22C", 16);
ECPoint Q = P.Multiply(d).Negate();
ECDomainParameters domain = new ECDomainParameters(curve, P, n);
ICipherParameters privKey = new ParametersWithRandom(new ECPrivateKeyParameters(d, domain), random);
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(Q, domain);
Dstu4145Signer dstuSigner = new Dstu4145Signer();
dstuSigner.Init(true, privKey);
BigInteger[] rs = dstuSigner.GenerateSignature(hash);
if (rs[0].CompareTo(r) != 0)
{
return(new SimpleTestResult(false, Name + " test 431: expected r: " + r.ToString(16) + " got r:" + rs[0].ToString(16)));
}
if (rs[1].CompareTo(s) != 0)
{
return(new SimpleTestResult(false, Name + " test 431: expected s: " + s.ToString(16) + " got s:" + rs[1].ToString(16)));
}
dstuSigner.Init(false, pubKey);
if (!dstuSigner.VerifySignature(hash, r, s))
{
return(new SimpleTestResult(false, Name + " test 431: verification failed"));
}
return(new SimpleTestResult(true, Name + ": Okay"));
}
private SimpleTestResult Test283()
{
SecureRandom random = FixedSecureRandom.From(Hex.Decode("00000000245383CB3AD41BF30F5F7E8FBA858509B2D5558C92D539A6D994BFA98BC6940E"));
byte[] hash = Hex.Decode("0137187EA862117EF1484289470ECAC802C5A651FDA8");
Array.Reverse(hash);
BigInteger r = new BigInteger("12a5edcc38d92208ff23036d75b000c7e4bc0f9af2d40b35f15d6fd15e01234e67781a8", 16);
BigInteger s = new BigInteger("2de0775577f75b643cf5afc80d4fe10b21100690f17e2cab7bdc9b50ec87c5727aeb515", 16);
F2mCurve curve = new F2mCurve(283, 5, 7, 12, BigInteger.One, new BigInteger("27B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5", 16));
ECPoint P = curve.CreatePoint(new BigInteger("4D95820ACE761110824CE425C8089129487389B7F0E0A9D043DDC0BB0A4CC9EB25", 16), new BigInteger("954C9C4029B2C62DE35C2B9C2A164984BF1101951E3A68ED03DF234DDE5BB2013152F2", 16));
BigInteger n = new BigInteger("3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307", 16);
BigInteger d = new BigInteger("B844EEAF15213E4BAD4FB84796D68F2448DB8EB7B4621EC0D51929874892C43E", 16);
ECPoint Q = P.Multiply(d).Negate();
ECDomainParameters domain = new ECDomainParameters(curve, P, n);
ICipherParameters privKey = new ParametersWithRandom(new ECPrivateKeyParameters(d, domain), random);
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(Q, domain);
Dstu4145Signer dstuSigner = new Dstu4145Signer();
dstuSigner.Init(true, privKey);
BigInteger[] rs = dstuSigner.GenerateSignature(hash);
if (rs[0].CompareTo(r) != 0)
{
return(new SimpleTestResult(false, Name + " test 283: expected r: " + r.ToString(16) + " got r:" + rs[0].ToString(16)));
}
if (rs[1].CompareTo(s) != 0)
{
return(new SimpleTestResult(false, Name + " test 283: expected s: " + s.ToString(16) + " got s:" + rs[1].ToString(16)));
}
dstuSigner.Init(false, pubKey);
if (!dstuSigner.VerifySignature(hash, r, s))
{
return(new SimpleTestResult(false, Name + " test 283: verification failed"));
}
return(new SimpleTestResult(true, Name + ": Okay"));
}
private SimpleTestResult Test163()
{
SecureRandom random = FixedSecureRandom.From(Hex.Decode("01025e40bd97db012b7a1d79de8e12932d247f61c6"));
byte[] hash = Hex.Decode("09c9c44277910c9aaee486883a2eb95b7180166ddf73532eeb76edaef52247ff");
Array.Reverse(hash);
BigInteger r = new BigInteger("274ea2c0caa014a0d80a424f59ade7a93068d08a7", 16);
BigInteger s = new BigInteger("2100d86957331832b8e8c230f5bd6a332b3615aca", 16);
F2mCurve curve = new F2mCurve(163, 3, 6, 7, BigInteger.One, new BigInteger("5FF6108462A2DC8210AB403925E638A19C1455D21", 16));
ECPoint P = curve.CreatePoint(new BigInteger("72d867f93a93ac27df9ff01affe74885c8c540420", 16), new BigInteger("0224a9c3947852b97c5599d5f4ab81122adc3fd9b", 16));
BigInteger n = new BigInteger("400000000000000000002BEC12BE2262D39BCF14D", 16);
BigInteger d = new BigInteger("183f60fdf7951ff47d67193f8d073790c1c9b5a3e", 16);
ECPoint Q = P.Multiply(d).Negate();
ECDomainParameters domain = new ECDomainParameters(curve, P, n);
ICipherParameters privKey = new ParametersWithRandom(new ECPrivateKeyParameters(d, domain), random);
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(Q, domain);
Dstu4145Signer dstuSigner = new Dstu4145Signer();
dstuSigner.Init(true, privKey);
BigInteger[] rs = dstuSigner.GenerateSignature(hash);
if (rs[0].CompareTo(r) != 0)
{
return(new SimpleTestResult(false, Name + " test 163: expected r: " + r.ToString(16) + " got r:" + rs[0].ToString(16)));
}
if (rs[1].CompareTo(s) != 0)
{
return(new SimpleTestResult(false, Name + " test 163: expected s: " + s.ToString(16) + " got s:" + rs[1].ToString(16)));
}
dstuSigner.Init(false, pubKey);
if (!dstuSigner.VerifySignature(hash, r, s))
{
return(new SimpleTestResult(false, Name + " test 163: verification failed"));
}
return(new SimpleTestResult(true, Name + ": Okay"));
}
private SimpleTestResult Test173()
{
SecureRandom random = FixedSecureRandom.From(Hex.Decode("0000137449348C1249971759D99C252FFE1E14D8B31F"));
byte[] hash = Hex.Decode("0137187EA862117EF1484289470ECAC802C5A651FDA8");
Array.Reverse(hash);
BigInteger r = new BigInteger("13ae89746386709cdbd237cc5ec20ca30004a82ead8", 16);
BigInteger s = new BigInteger("3597912cdd093b3e711ccb74a79d3c4ab4c7cccdc60", 16);
F2mCurve curve = new F2mCurve(173, 1, 2, 10, BigInteger.Zero, new BigInteger("108576C80499DB2FC16EDDF6853BBB278F6B6FB437D9", 16));
ECPoint P = curve.CreatePoint(new BigInteger("BE6628EC3E67A91A4E470894FBA72B52C515F8AEE9", 16), new BigInteger("D9DEEDF655CF5412313C11CA566CDC71F4DA57DB45C", 16));
BigInteger n = new BigInteger("800000000000000000000189B4E67606E3825BB2831", 16);
BigInteger d = new BigInteger("955CD7E344303D1034E66933DC21C8044D42ADB8", 16);
ECPoint Q = P.Multiply(d).Negate();
ECDomainParameters domain = new ECDomainParameters(curve, P, n);
ICipherParameters privKey = new ParametersWithRandom(new ECPrivateKeyParameters(d, domain), random);
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(Q, domain);
Dstu4145Signer dstuSigner = new Dstu4145Signer();
dstuSigner.Init(true, privKey);
BigInteger[] rs = dstuSigner.GenerateSignature(hash);
if (rs[0].CompareTo(r) != 0)
{
return(new SimpleTestResult(false, Name + " test 173: expected r: " + r.ToString(16) + " got r:" + rs[0].ToString(16)));
}
if (rs[1].CompareTo(s) != 0)
{
return(new SimpleTestResult(false, Name + " test 173: expected s: " + s.ToString(16) + " got s:" + rs[1].ToString(16)));
}
dstuSigner.Init(false, pubKey);
if (!dstuSigner.VerifySignature(hash, r, s))
{
return(new SimpleTestResult(false, Name + " test 173: verification failed"));
}
return(new SimpleTestResult(true, Name + ": Okay"));
}
private SimpleTestResult TestTruncation()
{
SecureRandom random = FixedSecureRandom.From(Hex.Decode("0000C4224DBBD800988DBAA39DE838294C345CDA5F5929D1174AA8D9340A5E79D10ACADE6B53CF873E7301A3871C2073AD75AB530457"));
// use extra long "hash" with set bits ...
byte[] hash = Hex.Decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF");
BigInteger r = new BigInteger("6bb5c0cb82e5067485458ebfe81025f03b687c63a27", 16);
BigInteger s = new BigInteger("34d6b1868969b86ecf934167c8fe352c63d1074bd", 16);
F2mCurve curve = new F2mCurve(173, 1, 2, 10, BigInteger.Zero, new BigInteger("108576C80499DB2FC16EDDF6853BBB278F6B6FB437D9", 16));
ECPoint P = curve.CreatePoint(new BigInteger("BE6628EC3E67A91A4E470894FBA72B52C515F8AEE9", 16), new BigInteger("D9DEEDF655CF5412313C11CA566CDC71F4DA57DB45C", 16));
BigInteger n = new BigInteger("800000000000000000000189B4E67606E3825BB2831", 16);
BigInteger d = new BigInteger("955CD7E344303D1034E66933DC21C8044D42ADB8", 16);
ECPoint Q = P.Multiply(d).Negate();
ECDomainParameters domain = new ECDomainParameters(curve, P, n);
ICipherParameters privKey = new ParametersWithRandom(new ECPrivateKeyParameters(d, domain), random);
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(Q, domain);
Dstu4145Signer dstuSigner = new Dstu4145Signer();
dstuSigner.Init(true, privKey);
BigInteger[] rs = dstuSigner.GenerateSignature(hash);
if (rs[0].CompareTo(r) != 0)
{
return(new SimpleTestResult(false, Name + " test truncation: expected r: " + r.ToString(16) + " got r:" + rs[0].ToString(16)));
}
if (rs[1].CompareTo(s) != 0)
{
return(new SimpleTestResult(false, Name + " test truncation: expected s: " + s.ToString(16) + " got s:" + rs[1].ToString(16)));
}
dstuSigner.Init(false, pubKey);
if (!dstuSigner.VerifySignature(hash, r, s))
{
return(new SimpleTestResult(false, Name + " test truncation: verification failed"));
}
return(new SimpleTestResult(true, Name + ": Okay"));
}
private void doTest(
string algorithm,
byte[] input,
byte[] output)
{
KeyParameter key = null;
CipherKeyGenerator keyGen;
SecureRandom rand;
IBufferedCipher inCipher = null, outCipher = null;
byte[] iv = null;
CipherStream cIn, cOut;
MemoryStream bIn, bOut;
rand = new FixedSecureRandom();
string[] parts = algorithm.ToUpper(CultureInfo.InvariantCulture).Split('/');
string baseAlgorithm = parts[0];
string mode = parts.Length > 1 ? parts[1] : null;
#if !INCLUDE_IDEA
if (baseAlgorithm.Equals("IDEA"))
{
return;
}
#endif
try
{
keyGen = GeneratorUtilities.GetKeyGenerator(baseAlgorithm);
// TODO Add Algorithm property to CipherKeyGenerator?
// if (!keyGen.getAlgorithm().Equals(baseAlgorithm))
// {
// Fail("wrong key generator returned!");
// }
// TODO Add new Init method to CipherKeyGenerator?
// keyGen.Init(rand);
keyGen.Init(new KeyGenerationParameters(rand, keyGen.DefaultStrength));
byte[] keyBytes = keyGen.GenerateKey();
if (algorithm.StartsWith("RC5"))
{
key = new RC5Parameters(keyBytes, rc5Rounds);
}
else
{
key = ParameterUtilities.CreateKeyParameter(baseAlgorithm, keyBytes);
}
inCipher = CipherUtilities.GetCipher(algorithm);
outCipher = CipherUtilities.GetCipher(algorithm);
if (!inCipher.AlgorithmName.ToUpper(CultureInfo.InvariantCulture).StartsWith(baseAlgorithm))
{
Fail("wrong cipher returned!");
}
ICipherParameters parameters = key;
int ivLength = GetIVLength(algorithm);
if (ivLength > 0)
{
if (baseAlgorithm == "RC2")
{
iv = rc2IV;
}
else if (baseAlgorithm == "RC5")
{
iv = rc5IV;
}
else if (baseAlgorithm == "RC5-64")
{
iv = rc564IV;
}
else
{
// NB: rand always generates same values each test run
iv = rand.GenerateSeed(ivLength);
}
parameters = new ParametersWithIV(key, iv);
}
// NB: 'rand' still needed e.g. for some paddings
parameters = new ParametersWithRandom(parameters, rand);
outCipher.Init(true, parameters);
}
catch (Exception e)
{
Fail("" + algorithm + " failed initialisation - " + e.ToString(), e);
}
//
// grab the iv if there is one
//
try
{
// The Java version set this implicitly, but we set it explicity
//byte[] iv = outCipher.getIV();
if (iv != null)
{
// TODO Examine short IV handling for these FIPS-compliant modes in Java build
if (mode.StartsWith("CFB") ||
mode.StartsWith("GOFB") ||
mode.StartsWith("OFB") ||
mode.StartsWith("OPENPGPCFB"))
{
// These modes automatically pad out the IV if it is short
}
else
{
try
{
byte[] nIv = new byte[iv.Length - 1];
inCipher.Init(false, new ParametersWithIV(key, nIv));
Fail("failed to pick up short IV");
}
//catch (InvalidAlgorithmParameterException e)
catch (ArgumentException)
{
// ignore - this is what we want...
}
}
//IvParameterSpec spec = new IvParameterSpec(iv);
inCipher.Init(false, new ParametersWithIV(key, iv));
}
else
{
inCipher.Init(false, key);
}
}
catch (Exception e)
{
Fail("" + algorithm + " failed initialisation - " + e.ToString());
}
//
// encryption pass
//
bOut = new MemoryStream();
cOut = new CipherStream(bOut, null, outCipher);
try
{
for (int i = 0; i != input.Length / 2; i++)
{
cOut.WriteByte(input[i]);
}
cOut.Write(input, input.Length / 2, input.Length - input.Length / 2);
cOut.Close();
}
catch (IOException e)
{
Fail("" + algorithm + " failed encryption - " + e.ToString());
}
byte[] bytes = bOut.ToArray();
if (!AreEqual(bytes, output))
{
Fail("" + algorithm + " failed encryption - expected "
+ Hex.ToHexString(output) + " got "
+ Hex.ToHexString(bytes));
}
//
// decryption pass
//
bIn = new MemoryStream(bytes, false);
cIn = new CipherStream(bIn, inCipher, null);
try
{
BinaryReader dIn = new BinaryReader(cIn);
bytes = new byte[input.Length];
for (int i = 0; i != input.Length / 2; i++)
{
bytes[i] = dIn.ReadByte();
}
int remaining = bytes.Length - input.Length / 2;
byte[] extra = dIn.ReadBytes(remaining);
if (extra.Length < remaining)
{
throw new EndOfStreamException();
}
extra.CopyTo(bytes, input.Length / 2);
}
catch (Exception e)
{
Fail("" + algorithm + " failed decryption - " + e.ToString());
}
if (!AreEqual(bytes, input))
{
Fail("" + algorithm + " failed decryption - expected "
+ Hex.ToHexString(input) + " got "
+ Hex.ToHexString(bytes));
}
}
private void Dsa2Test2()
{
byte[] seed = Hex.Decode("5AFCC1EFFC079A9CCA6ECA86D6E3CC3B18642D9BE1CC6207C84002A9");
DsaParametersGenerator pGen = new DsaParametersGenerator(new Sha224Digest());
pGen.Init(new DsaParameterGenerationParameters(2048, 224, 80, new DsaTestSecureRandom(seed)));
DsaParameters parameters = pGen.GenerateParameters();
DsaValidationParameters pv = parameters.ValidationParameters;
if (pv.Counter != 21)
{
Fail("counter incorrect");
}
if (!AreEqual(seed, pv.GetSeed()))
{
Fail("seed incorrect");
}
if (!parameters.Q.Equals(new BigInteger("90EAF4D1AF0708B1B612FF35E0A2997EB9E9D263C9CE659528945C0D", 16)))
{
Fail("Q incorrect");
}
if (!parameters.P.Equals(new BigInteger(
"C196BA05AC29E1F9C3C72D56DFFC6154" +
"A033F1477AC88EC37F09BE6C5BB95F51C296DD20D1A28A06" +
"7CCC4D4316A4BD1DCA55ED1066D438C35AEBAABF57E7DAE4" +
"28782A95ECA1C143DB701FD48533A3C18F0FE23557EA7AE6" +
"19ECACC7E0B51652A8776D02A425567DED36EABD90CA33A1" +
"E8D988F0BBB92D02D1D20290113BB562CE1FC856EEB7CDD9" +
"2D33EEA6F410859B179E7E789A8F75F645FAE2E136D252BF" +
"FAFF89528945C1ABE705A38DBC2D364AADE99BE0D0AAD82E" +
"5320121496DC65B3930E38047294FF877831A16D5228418D" +
"E8AB275D7D75651CEFED65F78AFC3EA7FE4D79B35F62A040" +
"2A1117599ADAC7B269A59F353CF450E6982D3B1702D9CA83", 16)))
{
Fail("P incorrect");
}
if (!parameters.G.Equals(new BigInteger(
"A59A749A11242C58C894E9E5A91804E8" +
"FA0AC64B56288F8D47D51B1EDC4D65444FECA0111D78F35F" +
"C9FDD4CB1F1B79A3BA9CBEE83A3F811012503C8117F98E50" +
"48B089E387AF6949BF8784EBD9EF45876F2E6A5A495BE64B" +
"6E770409494B7FEE1DBB1E4B2BC2A53D4F893D418B715959" +
"2E4FFFDF6969E91D770DAEBD0B5CB14C00AD68EC7DC1E574" +
"5EA55C706C4A1C5C88964E34D09DEB753AD418C1AD0F4FDF" +
"D049A955E5D78491C0B7A2F1575A008CCD727AB376DB6E69" +
"5515B05BD412F5B8C2F4C77EE10DA48ABD53F5DD498927EE" +
"7B692BBBCDA2FB23A516C5B4533D73980B2A3B60E384ED20" +
"0AE21B40D273651AD6060C13D97FD69AA13C5611A51B9085", 16)))
{
Fail("G incorrect");
}
DsaKeyPairGenerator kpGen = new DsaKeyPairGenerator();
kpGen.Init(new DsaKeyGenerationParameters(
FixedSecureRandom.From(Hex.Decode("00D0F09ED3E2568F6CADF9224117DA2AEC5A4300E009DE1366023E17")), parameters));
AsymmetricCipherKeyPair kp = kpGen.GenerateKeyPair();
DsaPublicKeyParameters pub = (DsaPublicKeyParameters)kp.Public;
DsaPrivateKeyParameters priv = (DsaPrivateKeyParameters)kp.Private;
if (!pub.Y.Equals(new BigInteger(
"70035C9A3B225B258F16741F3941FBF0" +
"6F3D056CD7BD864604CBB5EE9DD85304EE8E8E4ABD5E9032" +
"11DDF25CE149075510ACE166970AFDC7DF552B7244F342FA" +
"02F7A621405B754909D757F97290E1FE5036E904CF593446" +
"0C046D95659821E1597ED9F2B1F0E20863A6BBD0CE74DACB" +
"A5D8C68A90B29C2157CDEDB82EC12B81EE3068F9BF5F7F34" +
"6ECA41ED174CCCD7D154FA4F42F80FFE1BF46AE9D8125DEB" +
"5B4BA08A72BDD86596DBEDDC9550FDD650C58F5AE5133509" +
"A702F79A31ECB490F7A3C5581631F7C5BE4FF7F9E9F27FA3" +
"90E47347AD1183509FED6FCF198BA9A71AB3335B4F38BE8D" +
"15496A00B6DC2263E20A5F6B662320A3A1EC033AA61E3B68", 16)))
{
Fail("Y value incorrect");
}
if (!priv.X.Equals(
new BigInteger("00D0F09ED3E2568F6CADF9224117DA2AEC5A4300E009DE1366023E17", 16)))
{
Fail("X value incorrect");
}
DsaSigner signer = new DsaSigner();
signer.Init(true, new ParametersWithRandom(kp.Private,
FixedSecureRandom.From(Hex.Decode("735959CC4463B8B440E407EECA8A473BF6A6D1FE657546F67D401F05"))));
byte[] msg = Hex.Decode("23097D223405D8228642A477BDA255B32AADBCE4BDA0B3F7E36C9DA7");
BigInteger[] sig = signer.GenerateSignature(msg);
if (!sig[0].Equals(new BigInteger("4400138D05F9639CAF54A583CAAF25D2B76D0C3EAD752CE17DBC85FE", 16)))
{
Fail("R value incorrect");
}
if (!sig[1].Equals(new BigInteger("874D4F12CB13B61732D398445698CFA9D92381D938AA57EE2C9327B3", 16)))
{
Fail("S value incorrect");
}
signer.Init(false, kp.Public);
if (!signer.VerifySignature(msg, sig[0], sig[1]))
{
Fail("signature not verified");
}
}
public ECGost3410Test()
{
k = FixedSecureRandom.From(kData);
}
public override void PerformTest()
{
byte[] k1 = Hex.Decode("d5014e4b60ef2ba8b6211b4062ba3224e0427dd3");
byte[] k2 = Hex.Decode("345e8d05c075c3a508df729a1685690e68fcfb8c8117847e89063bca1f85d968fd281540b6e13bd1af989a1fbf17e06462bf511f9d0b140fb48ac1b1baa5bded");
SecureRandom random = FixedSecureRandom.From(k1, k2);
byte[] keyData = Hex.Decode("b5014e4b60ef2ba8b6211b4062ba3224e0427dd3");
SecureRandom keyRandom = FixedSecureRandom.From(keyData, keyData);
BigInteger r = new BigInteger("68076202252361894315274692543577577550894681403");
BigInteger s = new BigInteger("1089214853334067536215539335472893651470583479365");
DsaParametersGenerator pGen = new DsaParametersGenerator();
pGen.Init(512, 80, random);
DsaParameters parameters = pGen.GenerateParameters();
DsaValidationParameters pValid = parameters.ValidationParameters;
if (pValid.Counter != 105)
{
Fail("Counter wrong");
}
if (!pValue.Equals(parameters.P) || !qValue.Equals(parameters.Q))
{
Fail("p or q wrong");
}
DsaKeyPairGenerator dsaKeyGen = new DsaKeyPairGenerator();
DsaKeyGenerationParameters genParam = new DsaKeyGenerationParameters(keyRandom, parameters);
dsaKeyGen.Init(genParam);
AsymmetricCipherKeyPair pair = dsaKeyGen.GenerateKeyPair();
ParametersWithRandom param = new ParametersWithRandom(pair.Private, keyRandom);
DsaSigner dsa = new DsaSigner();
dsa.Init(true, param);
byte[] message = new BigInteger("968236873715988614170569073515315707566766479517").ToByteArrayUnsigned();
BigInteger[] sig = dsa.GenerateSignature(message);
if (!r.Equals(sig[0]))
{
Fail("r component wrong." + SimpleTest.NewLine
+ " expecting: " + r + SimpleTest.NewLine
+ " got : " + sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail("s component wrong." + SimpleTest.NewLine
+ " expecting: " + s + SimpleTest.NewLine
+ " got : " + sig[1]);
}
dsa.Init(false, pair.Public);
if (!dsa.VerifySignature(message, sig[0], sig[1]))
{
Fail("verification fails");
}
Dsa2Test1();
Dsa2Test2();
Dsa2Test3();
Dsa2Test4();
}
private void Dsa2Test3()
{
byte[] seed = Hex.Decode("4783081972865EA95D43318AB2EAF9C61A2FC7BBF1B772A09017BDF5A58F4FF0");
DsaParametersGenerator pGen = new DsaParametersGenerator(new Sha256Digest());
pGen.Init(new DsaParameterGenerationParameters(2048, 256, 80, new DsaTestSecureRandom(seed)));
DsaParameters parameters = pGen.GenerateParameters();
DsaValidationParameters pv = parameters.ValidationParameters;
if (pv.Counter != 12)
{
Fail("counter incorrect");
}
if (!AreEqual(seed, pv.GetSeed()))
{
Fail("seed incorrect");
}
if (!parameters.Q.Equals(new BigInteger("C24ED361870B61E0D367F008F99F8A1F75525889C89DB1B673C45AF5867CB467", 16)))
{
Fail("Q incorrect");
}
if (!parameters.P.Equals(new BigInteger(
"F56C2A7D366E3EBDEAA1891FD2A0D099" +
"436438A673FED4D75F594959CFFEBCA7BE0FC72E4FE67D91" +
"D801CBA0693AC4ED9E411B41D19E2FD1699C4390AD27D94C" +
"69C0B143F1DC88932CFE2310C886412047BD9B1C7A67F8A2" +
"5909132627F51A0C866877E672E555342BDF9355347DBD43" +
"B47156B2C20BAD9D2B071BC2FDCF9757F75C168C5D9FC431" +
"31BE162A0756D1BDEC2CA0EB0E3B018A8B38D3EF2487782A" +
"EB9FBF99D8B30499C55E4F61E5C7DCEE2A2BB55BD7F75FCD" +
"F00E48F2E8356BDB59D86114028F67B8E07B127744778AFF" +
"1CF1399A4D679D92FDE7D941C5C85C5D7BFF91BA69F9489D" +
"531D1EBFA727CFDA651390F8021719FA9F7216CEB177BD75", 16)))
{
Fail("P incorrect");
}
if (!parameters.G.Equals(new BigInteger(
"8DC6CC814CAE4A1C05A3E186A6FE27EA" +
"BA8CDB133FDCE14A963A92E809790CBA096EAA26140550C1" +
"29FA2B98C16E84236AA33BF919CD6F587E048C52666576DB" +
"6E925C6CBE9B9EC5C16020F9A44C9F1C8F7A8E611C1F6EC2" +
"513EA6AA0B8D0F72FED73CA37DF240DB57BBB27431D61869" +
"7B9E771B0B301D5DF05955425061A30DC6D33BB6D2A32BD0" +
"A75A0A71D2184F506372ABF84A56AEEEA8EB693BF29A6403" +
"45FA1298A16E85421B2208D00068A5A42915F82CF0B858C8" +
"FA39D43D704B6927E0B2F916304E86FB6A1B487F07D8139E" +
"428BB096C6D67A76EC0B8D4EF274B8A2CF556D279AD267CC" +
"EF5AF477AFED029F485B5597739F5D0240F67C2D948A6279", 16)))
{
Fail("G incorrect");
}
DsaKeyPairGenerator kpGen = new DsaKeyPairGenerator();
kpGen.Init(new DsaKeyGenerationParameters(
FixedSecureRandom.From(Hex.Decode("0CAF2EF547EC49C4F3A6FE6DF4223A174D01F2C115D49A6F73437C29A2A8458C")), parameters));
AsymmetricCipherKeyPair kp = kpGen.GenerateKeyPair();
DsaPublicKeyParameters pub = (DsaPublicKeyParameters)kp.Public;
DsaPrivateKeyParameters priv = (DsaPrivateKeyParameters)kp.Private;
if (!pub.Y.Equals(new BigInteger(
"2828003D7C747199143C370FDD07A286" +
"1524514ACC57F63F80C38C2087C6B795B62DE1C224BF8D1D" +
"1424E60CE3F5AE3F76C754A2464AF292286D873A7A30B7EA" +
"CBBC75AAFDE7191D9157598CDB0B60E0C5AA3F6EBE425500" +
"C611957DBF5ED35490714A42811FDCDEB19AF2AB30BEADFF" +
"2907931CEE7F3B55532CFFAEB371F84F01347630EB227A41" +
"9B1F3F558BC8A509D64A765D8987D493B007C4412C297CAF" +
"41566E26FAEE475137EC781A0DC088A26C8804A98C23140E" +
"7C936281864B99571EE95C416AA38CEEBB41FDBFF1EB1D1D" +
"C97B63CE1355257627C8B0FD840DDB20ED35BE92F08C49AE" +
"A5613957D7E5C7A6D5A5834B4CB069E0831753ECF65BA02B", 16)))
{
Fail("Y value incorrect");
}
if (!priv.X.Equals(
new BigInteger("0CAF2EF547EC49C4F3A6FE6DF4223A174D01F2C115D49A6F73437C29A2A8458C", 16)))
{
Fail("X value incorrect");
}
DsaSigner signer = new DsaSigner();
signer.Init(true, new ParametersWithRandom(kp.Private,
FixedSecureRandom.From(Hex.Decode("0CAF2EF547EC49C4F3A6FE6DF4223A174D01F2C115D49A6F73437C29A2A8458C"))));
byte[] msg = Hex.Decode("BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD");
BigInteger[] sig = signer.GenerateSignature(msg);
if (!sig[0].Equals(new BigInteger("315C875DCD4850E948B8AC42824E9483A32D5BA5ABE0681B9B9448D444F2BE3C", 16)))
{
Fail("R value incorrect");
}
if (!sig[1].Equals(new BigInteger("89718D12E54A8D9ED066E4A55F7ED5A2229CD23B9A3CEE78F83ED6AA61F6BCB9", 16)))
{
Fail("S value incorrect");
}
signer.Init(false, kp.Public);
if (!signer.VerifySignature(msg, sig[0], sig[1]))
{
Fail("signature not verified");
}
}
public void TestDsa2Parameters()
{
byte[] seed = Hex.Decode("4783081972865EA95D43318AB2EAF9C61A2FC7BBF1B772A09017BDF5A58F4FF0");
//AlgorithmParameterGenerator a = AlgorithmParameterGenerator.getInstance("DSA", "BC");
//a.init(2048, new DSATestSecureRandom(seed));
DsaParametersGenerator a = new DsaParametersGenerator(new Sha256Digest());
a.Init(new DsaParameterGenerationParameters(2048, 256, 80, new DsaTestSecureRandom(seed)));
//AlgorithmParameters parameters = a.generateParameters();
//DSAParameterSpec dsaP = (DSAParameterSpec)parameters.getParameterSpec(DSAParameterSpec.class);
DsaParameters dsaP = a.GenerateParameters();
if (!dsaP.Q.Equals(new BigInteger("C24ED361870B61E0D367F008F99F8A1F75525889C89DB1B673C45AF5867CB467", 16)))
{
Fail("Q incorrect");
}
if (!dsaP.P.Equals(new BigInteger(
"F56C2A7D366E3EBDEAA1891FD2A0D099" +
"436438A673FED4D75F594959CFFEBCA7BE0FC72E4FE67D91" +
"D801CBA0693AC4ED9E411B41D19E2FD1699C4390AD27D94C" +
"69C0B143F1DC88932CFE2310C886412047BD9B1C7A67F8A2" +
"5909132627F51A0C866877E672E555342BDF9355347DBD43" +
"B47156B2C20BAD9D2B071BC2FDCF9757F75C168C5D9FC431" +
"31BE162A0756D1BDEC2CA0EB0E3B018A8B38D3EF2487782A" +
"EB9FBF99D8B30499C55E4F61E5C7DCEE2A2BB55BD7F75FCD" +
"F00E48F2E8356BDB59D86114028F67B8E07B127744778AFF" +
"1CF1399A4D679D92FDE7D941C5C85C5D7BFF91BA69F9489D" +
"531D1EBFA727CFDA651390F8021719FA9F7216CEB177BD75", 16)))
{
Fail("P incorrect");
}
if (!dsaP.G.Equals(new BigInteger(
"8DC6CC814CAE4A1C05A3E186A6FE27EA" +
"BA8CDB133FDCE14A963A92E809790CBA096EAA26140550C1" +
"29FA2B98C16E84236AA33BF919CD6F587E048C52666576DB" +
"6E925C6CBE9B9EC5C16020F9A44C9F1C8F7A8E611C1F6EC2" +
"513EA6AA0B8D0F72FED73CA37DF240DB57BBB27431D61869" +
"7B9E771B0B301D5DF05955425061A30DC6D33BB6D2A32BD0" +
"A75A0A71D2184F506372ABF84A56AEEEA8EB693BF29A6403" +
"45FA1298A16E85421B2208D00068A5A42915F82CF0B858C8" +
"FA39D43D704B6927E0B2F916304E86FB6A1B487F07D8139E" +
"428BB096C6D67A76EC0B8D4EF274B8A2CF556D279AD267CC" +
"EF5AF477AFED029F485B5597739F5D0240F67C2D948A6279", 16)))
{
Fail("G incorrect");
}
//KeyPairGenerator g = KeyPairGenerator.getInstance("DSA", "BC");
IAsymmetricCipherKeyPairGenerator g = GeneratorUtilities.GetKeyPairGenerator("DSA");
//g.initialize(dsaP, FixedSecureRandom.From(Hex.Decode("0CAF2EF547EC49C4F3A6FE6DF4223A174D01F2C115D49A6F73437C29A2A8458C")));
g.Init(new DsaKeyGenerationParameters(FixedSecureRandom.From(Hex.Decode("0CAF2EF547EC49C4F3A6FE6DF4223A174D01F2C115D49A6F73437C29A2A8458C")), dsaP));
//KeyPair p = g.generateKeyPair();
AsymmetricCipherKeyPair p = g.GenerateKeyPair();
//DSAPrivateKey sKey = (DSAPrivateKey)p.getPrivate();
//DSAPublicKey vKey = (DSAPublicKey)p.getPublic();
DsaPrivateKeyParameters sKey = (DsaPrivateKeyParameters)p.Private;
DsaPublicKeyParameters vKey = (DsaPublicKeyParameters)p.Public;
if (!vKey.Y.Equals(new BigInteger(
"2828003D7C747199143C370FDD07A286" +
"1524514ACC57F63F80C38C2087C6B795B62DE1C224BF8D1D" +
"1424E60CE3F5AE3F76C754A2464AF292286D873A7A30B7EA" +
"CBBC75AAFDE7191D9157598CDB0B60E0C5AA3F6EBE425500" +
"C611957DBF5ED35490714A42811FDCDEB19AF2AB30BEADFF" +
"2907931CEE7F3B55532CFFAEB371F84F01347630EB227A41" +
"9B1F3F558BC8A509D64A765D8987D493B007C4412C297CAF" +
"41566E26FAEE475137EC781A0DC088A26C8804A98C23140E" +
"7C936281864B99571EE95C416AA38CEEBB41FDBFF1EB1D1D" +
"C97B63CE1355257627C8B0FD840DDB20ED35BE92F08C49AE" +
"A5613957D7E5C7A6D5A5834B4CB069E0831753ECF65BA02B", 16)))
{
Fail("Y value incorrect");
}
if (!sKey.X.Equals(
new BigInteger("0CAF2EF547EC49C4F3A6FE6DF4223A174D01F2C115D49A6F73437C29A2A8458C", 16)))
{
Fail("X value incorrect");
}
//byte[] encodeParams = parameters.getEncoded();
byte[] encodeParams = new DsaParameter(dsaP.P, dsaP.Q, dsaP.G).GetDerEncoded();
//AlgorithmParameters a2 = AlgorithmParameters.getInstance("DSA", "BC");
//a2.init(encodeParams);
DsaParameter dsaP2 = DsaParameter.GetInstance(Asn1Object.FromByteArray(encodeParams));
DsaParameters p2 = new DsaParameters(dsaP.P, dsaP.Q, dsaP.G);
// a and a2 should be equivalent!
//byte[] encodeParams_2 = a2.GetEncoded();
byte[] encodeParams_2 = new DsaParameter(p2.P, p2.Q, p2.G).GetDerEncoded();
if (!AreEqual(encodeParams, encodeParams_2))
{
Fail("encode/decode parameters failed");
}
ISigner s = SignerUtilities.GetSigner("DSA");
byte[] data = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 0 };
s.Init(true, sKey);
s.BlockUpdate(data, 0, data.Length);
byte[] sigBytes = s.GenerateSignature();
s = SignerUtilities.GetSigner("DSA");
s.Init(false, vKey);
s.BlockUpdate(data, 0, data.Length);
if (!s.VerifySignature(sigBytes))
{
Fail("DSA verification failed");
}
}
private void Dsa2Test4()
{
byte[] seed = Hex.Decode("193AFCA7C1E77B3C1ECC618C81322E47B8B8B997C9C83515C59CC446C2D9BD47");
DsaParametersGenerator pGen = new DsaParametersGenerator(new Sha256Digest());
pGen.Init(new DsaParameterGenerationParameters(3072, 256, 80, new DsaTestSecureRandom(seed)));
DsaParameters parameters = pGen.GenerateParameters();
DsaValidationParameters pv = parameters.ValidationParameters;
if (pv.Counter != 20)
{
Fail("counter incorrect");
}
if (!AreEqual(seed, pv.GetSeed()))
{
Fail("seed incorrect");
}
if (!parameters.Q.Equals(new BigInteger("CFA0478A54717B08CE64805B76E5B14249A77A4838469DF7F7DC987EFCCFB11D", 16)))
{
Fail("Q incorrect");
}
if (!parameters.P.Equals(new BigInteger(
"90066455B5CFC38F9CAA4A48B4281F292C260FEEF01FD610" +
"37E56258A7795A1C7AD46076982CE6BB956936C6AB4DCFE0" +
"5E6784586940CA544B9B2140E1EB523F009D20A7E7880E4E" +
"5BFA690F1B9004A27811CD9904AF70420EEFD6EA11EF7DA1" +
"29F58835FF56B89FAA637BC9AC2EFAAB903402229F491D8D" +
"3485261CD068699B6BA58A1DDBBEF6DB51E8FE34E8A78E54" +
"2D7BA351C21EA8D8F1D29F5D5D15939487E27F4416B0CA63" +
"2C59EFD1B1EB66511A5A0FBF615B766C5862D0BD8A3FE7A0" +
"E0DA0FB2FE1FCB19E8F9996A8EA0FCCDE538175238FC8B0E" +
"E6F29AF7F642773EBE8CD5402415A01451A840476B2FCEB0" +
"E388D30D4B376C37FE401C2A2C2F941DAD179C540C1C8CE0" +
"30D460C4D983BE9AB0B20F69144C1AE13F9383EA1C08504F" +
"B0BF321503EFE43488310DD8DC77EC5B8349B8BFE97C2C56" +
"0EA878DE87C11E3D597F1FEA742D73EEC7F37BE43949EF1A" +
"0D15C3F3E3FC0A8335617055AC91328EC22B50FC15B941D3" +
"D1624CD88BC25F3E941FDDC6200689581BFEC416B4B2CB73", 16)))
{
Fail("P incorrect");
}
if (!parameters.G.Equals(new BigInteger(
"5E5CBA992E0A680D885EB903AEA78E4A45A469103D448EDE" +
"3B7ACCC54D521E37F84A4BDD5B06B0970CC2D2BBB715F7B8" +
"2846F9A0C393914C792E6A923E2117AB805276A975AADB52" +
"61D91673EA9AAFFEECBFA6183DFCB5D3B7332AA19275AFA1" +
"F8EC0B60FB6F66CC23AE4870791D5982AAD1AA9485FD8F4A" +
"60126FEB2CF05DB8A7F0F09B3397F3937F2E90B9E5B9C9B6" +
"EFEF642BC48351C46FB171B9BFA9EF17A961CE96C7E7A7CC" +
"3D3D03DFAD1078BA21DA425198F07D2481622BCE45969D9C" +
"4D6063D72AB7A0F08B2F49A7CC6AF335E08C4720E31476B6" +
"7299E231F8BD90B39AC3AE3BE0C6B6CACEF8289A2E2873D5" +
"8E51E029CAFBD55E6841489AB66B5B4B9BA6E2F784660896" +
"AFF387D92844CCB8B69475496DE19DA2E58259B090489AC8" +
"E62363CDF82CFD8EF2A427ABCD65750B506F56DDE3B98856" +
"7A88126B914D7828E2B63A6D7ED0747EC59E0E0A23CE7D8A" +
"74C1D2C2A7AFB6A29799620F00E11C33787F7DED3B30E1A2" +
"2D09F1FBDA1ABBBFBF25CAE05A13F812E34563F99410E73B", 16)))
{
Fail("G incorrect");
}
DsaKeyPairGenerator kpGen = new DsaKeyPairGenerator();
kpGen.Init(new DsaKeyGenerationParameters(
FixedSecureRandom.From(Hex.Decode("3ABC1587297CE7B9EA1AD6651CF2BC4D7F92ED25CABC8553F567D1B40EBB8764")), parameters));
AsymmetricCipherKeyPair kp = kpGen.GenerateKeyPair();
DsaPublicKeyParameters pub = (DsaPublicKeyParameters)kp.Public;
DsaPrivateKeyParameters priv = (DsaPrivateKeyParameters)kp.Private;
if (!pub.Y.Equals(new BigInteger(
"8B891C8692D3DE875879390F2698B26FBECCA6B075535DCE" +
"6B0C862577F9FA0DEF6074E7A7624121224A595896ABD4CD" +
"A56B2CEFB942E025D2A4282FFAA98A48CDB47E1A6FCB5CFB" +
"393EF35AF9DF913102BB303C2B5C36C3F8FC04ED7B8B69FE" +
"FE0CF3E1FC05CFA713B3435B2656E913BA8874AEA9F93600" +
"6AEB448BCD005D18EC3562A33D04CF25C8D3D69844343442" +
"FA3DB7DE618C5E2DA064573E61E6D5581BFB694A23AC87FD" +
"5B52D62E954E1376DB8DDB524FFC0D469DF978792EE44173" +
"8E5DB05A7DC43E94C11A2E7A4FBE383071FA36D2A7EC8A93" +
"88FE1C4F79888A99D3B6105697C2556B79BB4D7E781CEBB3" +
"D4866AD825A5E830846072289FDBC941FA679CA82F5F78B7" +
"461B2404DB883D215F4E0676CF5493950AC5591697BFEA8D" +
"1EE6EC016B89BA51CAFB5F9C84C989FA117375E94578F28B" +
"E0B34CE0545DA46266FD77F62D8F2CEE92AB77012AFEBC11" +
"008985A821CD2D978C7E6FE7499D1AAF8DE632C21BB48CA5" +
"CBF9F31098FD3FD3854C49A65D9201744AACE540354974F9", 16)))
{
Fail("Y value incorrect");
}
if (!priv.X.Equals(
new BigInteger("3ABC1587297CE7B9EA1AD6651CF2BC4D7F92ED25CABC8553F567D1B40EBB8764", 16)))
{
Fail("X value incorrect");
}
DsaSigner signer = new DsaSigner();
signer.Init(true, new ParametersWithRandom(kp.Private,
FixedSecureRandom.From(Hex.Decode("A6902C1E6E3943C5628061588A8B007BCCEA91DBF12915483F04B24AB0678BEE"))));
byte[] msg = Hex.Decode("BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD");
BigInteger[] sig = signer.GenerateSignature(msg);
if (!sig[0].Equals(new BigInteger("5F184E645A38BE8FB4A6871B6503A9D12924C7ABE04B71410066C2ECA6E3BE3E", 16)))
{
Fail("R value incorrect");
}
if (!sig[1].Equals(new BigInteger("91EB0C7BA3D4B9B60B825C3D9F2CADA8A2C9D7723267B033CBCDCF8803DB9C18", 16)))
{
Fail("S value incorrect");
}
signer.Init(false, kp.Public);
if (!signer.VerifySignature(msg, sig[0], sig[1]))
{
Fail("signature not verified");
}
}
public void TestECDsa239BitPrime()
{
BigInteger r = new BigInteger("308636143175167811492622547300668018854959378758531778147462058306432176");
BigInteger s = new BigInteger("323813553209797357708078776831250505931891051755007842781978505179448783");
byte[] kData = BigIntegers.AsUnsignedByteArray(
new BigInteger("700000017569056646655505781757157107570501575775705779575555657156756655"));
SecureRandom k = FixedSecureRandom.From(kData);
X9ECParameters x9 = ECNamedCurveTable.GetByName("prime239v1");
ECCurve curve = x9.Curve;
ECDomainParameters spec = new ECDomainParameters(curve, x9.G, x9.N, x9.H);
ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
"ECDSA",
new BigInteger("876300101507107567501066130761671078357010671067781776716671676178726717"), // d
spec);
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
"ECDSA",
curve.DecodePoint(Hex.Decode("025b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c70")), // Q
spec);
ISigner sgr = SignerUtilities.GetSigner("ECDSA");
// KeyFactory f = KeyFactory.GetInstance("ECDSA");
// PrivateKey sKey = f.generatePrivate(priKey);
// PublicKey vKey = f.generatePublic(pubKey);
AsymmetricKeyParameter sKey = priKey;
AsymmetricKeyParameter vKey = pubKey;
sgr.Init(true, new ParametersWithRandom(sKey, k));
byte[] message = Encoding.ASCII.GetBytes("abc");
sgr.BlockUpdate(message, 0, message.Length);
byte[] sigBytes = sgr.GenerateSignature();
sgr.Init(false, vKey);
sgr.BlockUpdate(message, 0, message.Length);
if (!sgr.VerifySignature(sigBytes))
{
Fail("239 Bit EC verification failed");
}
BigInteger[] sig = DerDecode(sigBytes);
if (!r.Equals(sig[0]))
{
Fail("r component wrong." + SimpleTest.NewLine
+ " expecting: " + r + SimpleTest.NewLine
+ " got : " + sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail("s component wrong." + SimpleTest.NewLine
+ " expecting: " + s + SimpleTest.NewLine
+ " got : " + sig[1]);
}
}
