//@Override
public override bool Equals(object obj)
{
if (this == obj)
{
return(true);
}
if (obj == null)
{
return(false);
}
//if (getClass() != obj.getClass())
// return false;
SignaturePublicKey other = (SignaturePublicKey)obj;
if (h == null)
{
if (other.h != null)
{
return(false);
}
}
else if (!h.Equals(other.h))
{
return(false);
}
if (q != other.q)
{
return(false);
}
return(true);
}
private bool verifyHash(byte[] msgHash, byte[] sig, SignaturePublicKey pub)
{
MemoryStream sbuf = new MemoryStream(sig);
BinaryReader brr = new BinaryReader(sbuf);
byte[] rawSig = new byte[sig.Length - 4];
rawSig = brr.ReadBytes(rawSig.Length);
IntegerPolynomial s = IntegerPolynomial.FromBinary(rawSig, param.N, param.q);
int r = brr.ReadInt32();
return(verify(createMsgRep(msgHash, r), s, pub.h));
}
/**
* Verifies a signature.<br/>
* This is a "one stop" method and does not require <code>initVerify</code> to be called. Only the message supplied via
* the parameter <code>m</code> is signed, regardless of prior calls to {@link #update(byte[])}.
* @param m the message to sign
* @param sig the signature
* @param pub a public key
* @return whether the signature is valid
* @throws NtruException if the JRE doesn't implement the specified hash algorithm
*/
public bool verify(byte[] m, byte[] sig, SignaturePublicKey pub)
{
try
{
byte[] msgHash = hashAlg.ComputeHash(m);
return(verifyHash(msgHash, sig, pub));
}
catch (Exception e)
{
throw new NtruException(e.Message);
}
}
/**
* Resets the engine for verifying a signature.
* @param pub the public key to use in the {@link #verify(byte[])} step
* @throws NtruException if the JRE doesn't implement the specified hash algorithm
*/
public void initVerify(SignaturePublicKey pub)
{
verificationKey = pub;
try
{
hashAlg = new SHA256();
}
catch (Exception e)
{
throw new NtruException(e.Message);
}
hashAlg.Reset();
}
/**
* Generates a new signature key pair. Uses up to <code>B+1</code> threads
* if multiple processors are available.
* @return a key pair
*/
public SignatureKeyPair generateKeyPair()
{
int processors = Environment.ProcessorCount;
SignaturePrivateKey priv = new SignaturePrivateKey(param);
int B = param.B;
//if (processors == 1)
// generate all B+1 bases in the current thread
for (int k = B; k >= 0; k--)
{
priv.add(generateBoundedBasis());
}
/*else {
* List<Future<Basis>> bases = new ArrayList<Future<Basis>>();
*
* // start up to processors-1 new threads and generate B bases
* int numThreads = Math.min(B, processors-1);
* if (numThreads > 0) {
* ExecutorService executor = Executors.newFixedThreadPool(numThreads);
* for (int k=B-1; k>=0; k--)
* bases.add(executor.submit(new BasisGenerationTask()));
* executor.shutdown();
* }
*
* // generate the remaining basis in the current thread
* Basis basis0 = generateBoundedBasis();
*
* // build the private key
* for (Future<Basis> basis: bases)
* try {
* priv.add(basis.get());
* } catch (Exception e) {
* throw new NtruException(e);
* }
* priv.add(basis0);
* }*/
int q = param.q;
SignaturePublicKey pub = new SignaturePublicKey(priv.getBasis(0).h, q);
priv.getBasis(0).h = null; // remove the public polynomial h from the private key
SignatureKeyPair kp = new SignatureKeyPair(priv, pub);
return(kp);
}
/**
* Generates a new signature key pair. Runs in a single thread.
* @return a key pair
*/
public SignatureKeyPair generateKeyPairSingleThread()
{
SignaturePrivateKey priv = new SignaturePrivateKey(param);
SignaturePublicKey pub = null;
Basis pubBasis = generateBoundedBasis();
pub = new SignaturePublicKey(pubBasis.h, param.q);
pubBasis.h = null; // remove the public polynomial h from the private key
priv.add(pubBasis);
for (int k = param.B; k > 0; k--)
{
Basis basis = generateBoundedBasis();
priv.add(basis);
}
SignatureKeyPair kp = new SignatureKeyPair(priv, pub);
return(kp);
}
private void SignVerify(SignatureParameters param)
{
NtruSign ntru = new NtruSign(param);
SignatureKeyPair kp = ntru.generateKeyPair();
Assert.Equals(param.B + 1, kp.priv.getNumBases());
Random rng = new Random();
byte[] msg = new byte[10 + rng.Next(1000)];
rng.NextBytes(msg);
// sign and verify
byte[] s = ntru.sign(msg, kp);
bool valid = ntru.verify(msg, s, kp.pub);
Assert.True(valid);
// altering the signature should make it invalid
s[rng.Next(param.N)] += 1;
valid = ntru.verify(msg, s, kp.pub);
Assert.False(valid);
// test that a random signature fails
rng.NextBytes(s);
valid = ntru.verify(msg, s, kp.pub);
Assert.False(valid);
// encode, decode keypair, test
SignaturePrivateKey priv = new SignaturePrivateKey(kp.priv.getEncoded());
SignaturePublicKey pub = new SignaturePublicKey(kp.pub.getEncoded());
kp = new SignatureKeyPair(priv, pub);
s = ntru.sign(msg, kp);
valid = ntru.verify(msg, s, kp.pub);
Assert.True(valid);
// altering the signature should make it invalid
s[rng.Next(s.Length)] += 1;
valid = ntru.verify(msg, s, kp.pub);
Assert.False(valid);
// sparse/dense
param.sparse = !param.sparse;
s = ntru.sign(msg, kp);
valid = ntru.verify(msg, s, kp.pub);
Assert.True(valid);
s[rng.Next(s.Length)] += 1;
valid = ntru.verify(msg, s, kp.pub);
Assert.False(valid);
param.sparse = !param.sparse;
// decrease NormBound to force multiple signing attempts
SignatureParameters params2 = param.Clone();
params2.normBoundSq *= (float)4.0 / 9; // works for APR2011_439_PROD but may need to be increased for different params
params2.signFailTolerance = 10000;
ntru = new NtruSign(params2);
s = ntru.sign(msg, kp);
valid = ntru.verify(msg, s, kp.pub);
Assert.True(valid);
// test KeyGenAlg.FLOAT (default=RESULTANT)
params2 = param.Clone();
param.keyGenAlg = KeyGenAlg.FLOAT;
ntru = new NtruSign(param);
kp = ntru.generateKeyPair();
s = ntru.sign(msg, kp);
valid = ntru.verify(msg, s, kp.pub);
Assert.True(valid);
s[rng.Next(s.Length)] += 1;
valid = ntru.verify(msg, s, kp.pub);
Assert.False(valid);
}
/**
* Generates a new signature key pair. Runs in a single thread.
* @return a key pair
*/
public SignatureKeyPair generateKeyPairSingleThread()
{
SignaturePrivateKey priv = new SignaturePrivateKey(param);
SignaturePublicKey pub = null;
Basis pubBasis = generateBoundedBasis();
pub = new SignaturePublicKey(pubBasis.h, param.q);
pubBasis.h = null; // remove the public polynomial h from the private key
priv.add(pubBasis);
for (int k = param.B; k > 0; k--)
{
Basis basis = generateBoundedBasis();
priv.add(basis);
}
SignatureKeyPair kp = new SignatureKeyPair(priv, pub);
return kp;
}
/**
* Generates a new signature key pair. Uses up to <code>B+1</code> threads
* if multiple processors are available.
* @return a key pair
*/
public SignatureKeyPair generateKeyPair()
{
int processors = Environment.ProcessorCount;
SignaturePrivateKey priv = new SignaturePrivateKey(param);
int B = param.B;
//if (processors == 1)
// generate all B+1 bases in the current thread
for (int k = B; k >= 0; k--)
priv.add(generateBoundedBasis());
/*else {
List<Future<Basis>> bases = new ArrayList<Future<Basis>>();
// start up to processors-1 new threads and generate B bases
int numThreads = Math.min(B, processors-1);
if (numThreads > 0) {
ExecutorService executor = Executors.newFixedThreadPool(numThreads);
for (int k=B-1; k>=0; k--)
bases.add(executor.submit(new BasisGenerationTask()));
executor.shutdown();
}
// generate the remaining basis in the current thread
Basis basis0 = generateBoundedBasis();
// build the private key
for (Future<Basis> basis: bases)
try {
priv.add(basis.get());
} catch (Exception e) {
throw new NtruException(e);
}
priv.add(basis0);
}*/
int q = param.q;
SignaturePublicKey pub = new SignaturePublicKey(priv.getBasis(0).h, q);
priv.getBasis(0).h = null; // remove the public polynomial h from the private key
SignatureKeyPair kp = new SignatureKeyPair(priv, pub);
return kp;
}
private bool verifyHash(byte[] msgHash, byte[] sig, SignaturePublicKey pub)
{
MemoryStream sbuf = new MemoryStream(sig);
BinaryReader brr = new BinaryReader(sbuf);
byte[] rawSig = new byte[sig.Length - 4];
rawSig = brr.ReadBytes(rawSig.Length);
IntegerPolynomial s = IntegerPolynomial.FromBinary(rawSig, param.N, param.q);
int r = brr.ReadInt32();
return verify(createMsgRep(msgHash, r), s, pub.h);
}
/**
* Verifies a signature.<br/>
* This is a "one stop" method and does not require <code>initVerify</code> to be called. Only the message supplied via
* the parameter <code>m</code> is signed, regardless of prior calls to {@link #update(byte[])}.
* @param m the message to sign
* @param sig the signature
* @param pub a public key
* @return whether the signature is valid
* @throws NtruException if the JRE doesn't implement the specified hash algorithm
*/
public bool verify(byte[] m, byte[] sig, SignaturePublicKey pub)
{
try
{
byte[] msgHash = hashAlg.ComputeHash(m);
return verifyHash(msgHash, sig, pub);
}
catch (Exception e)
{
throw new NtruException(e.Message);
}
}
/**
* Resets the engine for verifying a signature.
* @param pub the public key to use in the {@link #verify(byte[])} step
* @throws NtruException if the JRE doesn't implement the specified hash algorithm
*/
public void initVerify(SignaturePublicKey pub)
{
verificationKey = pub;
try
{
hashAlg = new SHA256();
}
catch (Exception e)
{
throw new NtruException(e.Message);
}
hashAlg.Reset();
}
/**
* Constructs a new key pair from an input stream
* @param is an input stream
* @throws NtruException if an {@link IOException} occurs
*/
public SignatureKeyPair(MemoryStream ins)
{
pub = new SignaturePublicKey(ins);
priv = new SignaturePrivateKey(ins);
}
/**
* Constructs a new key pair.
* @param priv a private key
* @param pub a public key
*/
public SignatureKeyPair(SignaturePrivateKey priv, SignaturePublicKey pub)
{
this.priv = priv;
this.pub = pub;
}
/**
* Constructs a new key pair from an input stream
* @param is an input stream
* @throws NtruException if an {@link IOException} occurs
*/
public SignatureKeyPair(MemoryStream ins)
{
pub = new SignaturePublicKey(ins);
priv = new SignaturePrivateKey(ins);
}
/**
* Constructs a new key pair.
* @param priv a private key
* @param pub a public key
*/
public SignatureKeyPair(SignaturePrivateKey priv, SignaturePublicKey pub)
{
this.priv = priv;
this.pub = pub;
}
