public DHPrivateKeyParameters(
            BigInteger		x,
            DHParameters	parameters)
			: base(true, parameters)
        {
            this.x = x;
        }
示例#2
0
文件: ECKey.cs 项目: vebin/NBitcoin
		static ECKey()
		{
			_Secp256k1 = NBitcoin.BouncyCastle.Asn1.Sec.SecNamedCurves.GetByName("secp256k1");
			CURVE = new ECDomainParameters(_Secp256k1.Curve, _Secp256k1.G, _Secp256k1.N, _Secp256k1.H);
			HALF_CURVE_ORDER = _Secp256k1.N.ShiftRight(1);
			CURVE_ORDER = _Secp256k1.N;
		}
示例#3
0
 public ECDomainParameters(
     ECCurve     curve,
     ECPoint     g,
     BigInteger  n)
     : this(curve, g, n, BigInteger.One)
 {
 }
示例#4
0
		static ECKey()
		{
			X9ECParameters @params = CreateCurve();
			CURVE = new ECDomainParameters(@params.Curve, @params.G, @params.N, @params.H);
			HALF_CURVE_ORDER = @params.N.ShiftRight(1);
			CURVE_ORDER = @params.N;
		}
示例#5
0
 static ECKey()
 {
     _Secp256k1 = CustomNamedCurves.Secp256k1;
     CURVE = new ECDomainParameters(_Secp256k1.Curve, _Secp256k1.G, _Secp256k1.N, _Secp256k1.H);
     HALF_CURVE_ORDER = _Secp256k1.N.ShiftRight(1);
     CURVE_ORDER = _Secp256k1.N;
 }
示例#6
0
		public ElGamalParameter(
            BigInteger	p,
            BigInteger	g)
        {
            this.p = new DerInteger(p);
            this.g = new DerInteger(g);
        }
示例#7
0
		/**
        * Return a random BigInteger not less than 'min' and not greater than 'max'
        * 
        * @param min the least value that may be generated
        * @param max the greatest value that may be generated
        * @param random the source of randomness
        * @return a random BigInteger value in the range [min,max]
        */
		public static BigInteger CreateRandomInRange(
			BigInteger min,
			BigInteger max,
			// TODO Should have been just Random class
			SecureRandom random)
		{
			int cmp = min.CompareTo(max);
			if(cmp >= 0)
			{
				if(cmp > 0)
					throw new ArgumentException("'min' may not be greater than 'max'");

				return min;
			}

			if(min.BitLength > max.BitLength / 2)
			{
				return CreateRandomInRange(BigInteger.Zero, max.Subtract(min), random).Add(min);
			}

			for(int i = 0; i < MaxIterations; ++i)
			{
				BigInteger x = new BigInteger(max.BitLength, random);
				if(x.CompareTo(min) >= 0 && x.CompareTo(max) <= 0)
				{
					return x;
				}
			}

			// fall back to a faster (restricted) method
			return new BigInteger(max.Subtract(min).BitLength - 1, random).Add(min);
		}
示例#8
0
		/**
		 * generate a signature for the given message using the key we were
		 * initialised with. For conventional Gost3410 the message should be a Gost3411
		 * hash of the message of interest.
		 *
		 * @param message the message that will be verified later.
		 */
		public BigInteger[] GenerateSignature(
			byte[] message)
		{
			byte[] mRev = new byte[message.Length]; // conversion is little-endian
			for (int i = 0; i != mRev.Length; i++)
			{
				mRev[i] = message[mRev.Length - 1 - i];
			}

			BigInteger m = new BigInteger(1, mRev);
			Gost3410Parameters parameters = key.Parameters;
			BigInteger k;

			do
			{
				k = new BigInteger(parameters.Q.BitLength, random);
			}
			while (k.CompareTo(parameters.Q) >= 0);

			BigInteger r = parameters.A.ModPow(k, parameters.P).Mod(parameters.Q);

			BigInteger s = k.Multiply(m).
				Add(((Gost3410PrivateKeyParameters)key).X.Multiply(r)).
				Mod(parameters.Q);

			return new BigInteger[]{ r, s };
		}
 public IssuerAndSerialNumber(
     X509Name	name,
     BigInteger	serialNumber)
 {
     this.name = name;
     this.serialNumber = new DerInteger(serialNumber);
 }
示例#10
0
		public DsaParameters(
            BigInteger	p,
            BigInteger	q,
            BigInteger	g)
			: this(p, q, g, null)
        {
        }
示例#11
0
 public X9ECParameters(
     ECCurve		curve,
     ECPoint		g,
     BigInteger	n)
     : this(curve, g, n, BigInteger.One, null)
 {
 }
示例#12
0
		public Gost3410Parameters(
			BigInteger	p,
			BigInteger	q,
			BigInteger	a)
			: this(p, q, a, null)
		{
		}
示例#13
0
文件: ECKey.cs 项目: crowar/NBitcoin
		static ECKey()
		{
			_Secp256k1 = NBitcoin.BouncyCastle.Crypto.EC.CustomNamedCurves.Secp256k1;
			CURVE = new ECDomainParameters(_Secp256k1.Curve, _Secp256k1.G, _Secp256k1.N, _Secp256k1.H);
			HALF_CURVE_ORDER = _Secp256k1.N.ShiftRight(1);
			CURVE_ORDER = _Secp256k1.N;
		}
		public RsaPrivateCrtKeyParameters(
            BigInteger	modulus,
            BigInteger	publicExponent,
            BigInteger	privateExponent,
            BigInteger	p,
            BigInteger	q,
            BigInteger	dP,
            BigInteger	dQ,
            BigInteger	qInv)
			: base(true, modulus, privateExponent)
        {
			ValidateValue(publicExponent, "publicExponent", "exponent");
			ValidateValue(p, "p", "P value");
			ValidateValue(q, "q", "Q value");
			ValidateValue(dP, "dP", "DP value");
			ValidateValue(dQ, "dQ", "DQ value");
			ValidateValue(qInv, "qInv", "InverseQ value");

			this.e = publicExponent;
            this.p = p;
            this.q = q;
            this.dP = dP;
            this.dQ = dQ;
            this.qInv = qInv;
        }
示例#15
0
		public DHParameters(
			BigInteger	p,
			BigInteger	g,
			BigInteger	q)
			: this(p, g, q, 0)
		{
		}
		/**
		 * @param privateKey
		 */
		public NaccacheSternKeyParameters(bool privateKey, BigInteger g, BigInteger n, int lowerSigmaBound)
			: base(privateKey)
		{
			this.g = g;
			this.n = n;
			this.lowerSigmaBound = lowerSigmaBound;
		}
示例#17
0
 public ECDomainParameters(
     ECCurve     curve,
     ECPoint     g,
     BigInteger  n,
     BigInteger  h)
     : this(curve, g, n, h, null)
 {
 }
示例#18
0
		public DHParameters(
			BigInteger	p,
			BigInteger	g,
			BigInteger	q,
			int			l)
			: this(p, g, q, GetDefaultMParam(l), l, null, null)
		{
		}
示例#19
0
		public X9ECParameters(
			ECCurve curve,
			X9ECPoint g,
			BigInteger n,
			BigInteger h)
			: this(curve, g, n, h, null)
		{
		}
示例#20
0
		public DerInteger(
            BigInteger value)
        {
            if (value == null)
                throw new ArgumentNullException("value");

			bytes = value.ToByteArray();
        }
示例#21
0
        private static ECPoint DecompressKey(NBitcoin.BouncyCastle.Math.BigInteger xBN, bool yBit)
        {
            var curve = ECKey.Secp256k1.Curve;

            byte[] compEnc = X9IntegerConverter.IntegerToBytes(xBN, 1 + X9IntegerConverter.GetByteLength(curve));
            compEnc[0] = (byte)(yBit ? 0x03 : 0x02);
            return(curve.DecodePoint(compEnc));
        }
		public DHPrivateKeyParameters(
            BigInteger			x,
            DHParameters		parameters,
		    DerObjectIdentifier	algorithmOid)
			: base(true, parameters, algorithmOid)
        {
            this.x = x;
        }
示例#23
0
		public X9ECParameters(
			ECCurve curve,
			ECPoint g,
			BigInteger n,
			BigInteger h,
			byte[] seed)
			: this(curve, new X9ECPoint(g), n, h, seed)
		{
		}
示例#24
0
 private static BigInteger[] ConstructBigPrimeProducts(int[] primeProducts)
 {
     BigInteger[] bpp = new BigInteger[primeProducts.Length];
     for (int i = 0; i < bpp.Length; ++i)
     {
         bpp[i] = BigInteger.ValueOf(primeProducts[i]);
     }
     return bpp;
 }
示例#25
0
		public DsaParameter(
            BigInteger	p,
            BigInteger	q,
            BigInteger	g)
        {
            this.p = new DerInteger(p);
            this.q = new DerInteger(q);
            this.g = new DerInteger(g);
        }
示例#26
0
		public MacData(
            DigestInfo	digInfo,
            byte[]		salt,
            int			iterationCount)
        {
            this.digInfo = digInfo;
            this.salt = (byte[]) salt.Clone();
            this.iterationCount = BigInteger.ValueOf(iterationCount);
        }
示例#27
0
		public DHParameters(
			BigInteger				p,
			BigInteger				g,
			BigInteger				q,
			BigInteger				j,
			DHValidationParameters	validation)
			: this(p, g, q,  DefaultMinimumLength, 0, j, validation)
		{
		}
示例#28
0
		public DHParameters(
			BigInteger  p,
			BigInteger  g,
			BigInteger  q,
			int         m,
			int         l)
			: this(p, g, q, m, l, null, null)
		{
		}
		public ElGamalPublicKeyParameters(
            BigInteger			y,
            ElGamalParameters	parameters)
			: base(false, parameters)
        {
			if (y == null)
				throw new ArgumentNullException("y");

			this.y = y;
        }
		public ElGamalPrivateKeyParameters(
            BigInteger			x,
            ElGamalParameters	parameters)
			: base(true, parameters)
        {
			if (x == null)
				throw new ArgumentNullException("x");

			this.x = x;
        }
示例#31
0
		/**
		 * calculate our initial message.
		 */
		public BigInteger CalculateMessage()
		{
			DHKeyPairGenerator dhGen = new DHKeyPairGenerator();
			dhGen.Init(new DHKeyGenerationParameters(random, dhParams));
			AsymmetricCipherKeyPair dhPair = dhGen.GenerateKeyPair();

			this.privateValue = ((DHPrivateKeyParameters)dhPair.Private).X;

			return ((DHPublicKeyParameters)dhPair.Public).Y;
		}
示例#32
0
        internal static Array BigIntegerToBytes(NBitcoin.BouncyCastle.Math.BigInteger b, int numBytes)
        {
            if (b == null)
            {
                return(null);
            }
            byte[] bytes   = new byte[numBytes];
            byte[] biBytes = b.ToByteArray();
            int    start   = (biBytes.Length == numBytes + 1) ? 1 : 0;
            int    length  = Math.Min(biBytes.Length, numBytes);

            Array.Copy(biBytes, start, bytes, numBytes - length, length);
            return(bytes);
        }
示例#33
0
        public static ECKey RecoverFromSignature(int recId, ECDSASignature sig, uint256 message, bool compressed)
        {
            if (recId < 0)
            {
                throw new ArgumentException("recId should be positive");
            }
#pragma warning disable 618
            if (sig.R.SignValue < 0)
            {
                throw new ArgumentException("r should be positive");
            }
            if (sig.S.SignValue < 0)
            {
                throw new ArgumentException("s should be positive");
            }
#pragma warning restore 618
            if (message == null)
            {
                throw new ArgumentNullException(nameof(message));
            }


            var curve = ECKey.Secp256k1;

            // 1.0 For j from 0 to h   (h == recId here and the loop is outside this function)
            //   1.1 Let x = r + jn

            var n = curve.N;
            var i = NBitcoin.BouncyCastle.Math.BigInteger.ValueOf((long)recId / 2);
#pragma warning disable 618
            var x = sig.R.Add(i.Multiply(n));
#pragma warning restore 618

            //   1.2. Convert the integer x to an octet string X of length mlen using the conversion routine
            //        specified in Section 2.3.7, where mlen = ⌈(log2 p)/8⌉ or mlen = ⌈m/8⌉.
            //   1.3. Convert the octet string (16 set binary digits)||X to an elliptic curve point R using the
            //        conversion routine specified in Section 2.3.4. If this conversion routine outputs “invalid”, then
            //        do another iteration of Step 1.
            //
            // More concisely, what these points mean is to use X as a compressed public key.
            var prime = ((SecP256K1Curve)curve.Curve).QQ;
            if (x.CompareTo(prime) >= 0)
            {
                return(null);
            }

            // Compressed keys require you to know an extra bit of data about the y-coord as there are two possibilities.
            // So it's encoded in the recId.
            ECPoint R = DecompressKey(x, (recId & 1) == 1);
            //   1.4. If nR != point at infinity, then do another iteration of Step 1 (callers responsibility).

            if (!R.Multiply(n).IsInfinity)
            {
                return(null);
            }

            //   1.5. Compute e from M using Steps 2 and 3 of ECDSA signature verification.
            var e = new NBitcoin.BouncyCastle.Math.BigInteger(1, message.ToBytes());
            //   1.6. For k from 1 to 2 do the following.   (loop is outside this function via iterating recId)
            //   1.6.1. Compute a candidate public key as:
            //               Q = mi(r) * (sR - eG)
            //
            // Where mi(x) is the modular multiplicative inverse. We transform this into the following:
            //               Q = (mi(r) * s ** R) + (mi(r) * -e ** G)
            // Where -e is the modular additive inverse of e, that is z such that z + e = 0 (mod n). In the above equation
            // ** is point multiplication and + is point addition (the EC group operator).
            //
            // We can find the additive inverse by subtracting e from zero then taking the mod. For example the additive
            // inverse of 3 modulo 11 is 8 because 3 + 8 mod 11 = 0, and -3 mod 11 = 8.

            var eInv = NBitcoin.BouncyCastle.Math.BigInteger.Zero.Subtract(e).Mod(n);
#pragma warning disable 618
            var rInv  = sig.R.ModInverse(n);
            var srInv = rInv.Multiply(sig.S).Mod(n);
#pragma warning restore 618
            var     eInvrInv = rInv.Multiply(eInv).Mod(n);
            ECPoint q        = ECAlgorithms.SumOfTwoMultiplies(curve.G, eInvrInv, R, srInv);
            q = q.Normalize();
            if (compressed)
            {
                q = new SecP256K1Point(curve.Curve, q.XCoord, q.YCoord, true);
            }
            return(new ECKey(q.GetEncoded(), false));
        }