public KeyAgreement()
{
_curve = new FpCurve(
new BigInteger("BDB6F4FE3E8B1D9E0DA8C0D46F4C318CEFE4AFE3B6B8551F", 16), // q
new BigInteger("BB8E5E8FBC115E139FE6A814FE48AAA6F0ADA1AA5DF91985", 16), // a
new BigInteger("1854BEBDC31B21B7AEFC80AB0ECD10D5B1B3308E6DBF11C1", 16) // b
);
_ecSpec = new ECDomainParameters(
_curve,
new FpPoint(_curve,
new FpFieldElement(
_curve.Q,
new BigInteger("4AD5F7048DE709AD51236DE65E4D4B482C836DC6E4106640", 16)
),
new FpFieldElement(
_curve.Q,
new BigInteger("02BB3A02D4AAADACAE24817A4CA3A1B014B5270432DB27D2", 16))
), // G
new BigInteger("BDB6F4FE3E8B1D9E0DA8C0D40FC962195DFAE76F56564677", 16), // n
BigInteger.One// h
);
_keyGen = GeneratorUtilities.GetKeyPairGenerator("ECDH");
_keyGen.Init(new ECKeyGenerationParameters(_ecSpec, new SecureRandom()));
}
public ECKeyGenerationParameters(
ECDomainParameters domainParameters,
SecureRandom random)
: base(random, domainParameters.N.BitLength)
{
this.domainParams = domainParameters;
}
public override void PerformTest()
{
IAsymmetricCipherKeyPairGenerator g = GeneratorUtilities.GetKeyPairGenerator("ECIES");
ECCurve curve = new FpCurve(
new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"), // q
new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16), // a
new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16)); // b
ECDomainParameters ecSpec = new ECDomainParameters(
curve,
curve.DecodePoint(Hex.Decode("020ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf")), // G
new BigInteger("883423532389192164791648750360308884807550341691627752275345424702807307")); // n
g.Init(
new ECKeyGenerationParameters(
ecSpec,
new SecureRandom()));
IBufferedCipher c1 = CipherUtilities.GetCipher("ECIES");
IBufferedCipher c2 = CipherUtilities.GetCipher("ECIES");
doTest(g, c1, c2);
g = GeneratorUtilities.GetKeyPairGenerator("ECIES");
g.Init(new KeyGenerationParameters(new SecureRandom(), 192));
doTest(g, c1, c2);
g = GeneratorUtilities.GetKeyPairGenerator("ECIES");
g.Init(new KeyGenerationParameters(new SecureRandom(), 239));
doTest(g, c1, c2);
g = GeneratorUtilities.GetKeyPairGenerator("ECIES");
g.Init(new KeyGenerationParameters(new SecureRandom(), 256));
doTest(g, c1, c2);
doDefTest(g, c1, c2);
c1 = CipherUtilities.GetCipher("IES");
c2 = CipherUtilities.GetCipher("IES");
g = GeneratorUtilities.GetKeyPairGenerator("DH");
// DHParameterSpec dhParams = new DHParameterSpec(p512, g512);
// g.initialize(dhParams);
g.Init(
new DHKeyGenerationParameters(
new SecureRandom(),
new DHParameters(p512, g512)));
doTest(g, c1, c2);
doDefTest(g, c1, c2);
}
public void TestECNR239bitPrime()
{
BigInteger r = new BigInteger("308636143175167811492623515537541734843573549327605293463169625072911693");
BigInteger s = new BigInteger("852401710738814635664888632022555967400445256405412579597015412971797143");
byte[] kData = new BigInteger("700000017569056646655505781757157107570501575775705779575555657156756655").ToByteArrayUnsigned();
SecureRandom k = FixedSecureRandom.From(kData);
ECCurve curve = new FpCurve(
new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"), // q
new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16), // a
new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16)); // b
ECDomainParameters spec = new ECDomainParameters(
curve,
curve.DecodePoint(Hex.Decode("020ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf")), // G
new BigInteger("883423532389192164791648750360308884807550341691627752275345424702807307")); // n
ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
new BigInteger("876300101507107567501066130761671078357010671067781776716671676178726717"), // d
spec);
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
curve.DecodePoint(Hex.Decode("025b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c70")), // Q
spec);
ISigner sgr = SignerUtilities.GetSigner("SHA1withECNR");
byte[] message = new byte[] { (byte)'a', (byte)'b', (byte)'c' };
checkSignature(239, priKey, pubKey, sgr, k, message, r, s);
}
public void TestECNR192bitPrime()
{
IBigInteger r = new BigInteger("2474388605162950674935076940284692598330235697454145648371");
IBigInteger s = new BigInteger("2997192822503471356158280167065034437828486078932532073836");
byte[] kData = new BigInteger("dcc5d1f1020906df2782360d36b2de7a17ece37d503784af", 16).ToByteArrayUnsigned();
SecureRandom k = FixedSecureRandom.From(kData);
FPCurve curve = new FPCurve(
new BigInteger("6277101735386680763835789423207666416083908700390324961279"), // q (or p)
new BigInteger("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", 16), // a
new BigInteger("64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1", 16)); // b
ECDomainParameters spec = new ECDomainParameters(
curve,
curve.DecodePoint(Hex.Decode("03188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012")), // G
new BigInteger("6277101735386680763835789423176059013767194773182842284081")); // n
ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
new BigInteger("651056770906015076056810763456358567190100156695615665659"), // d
spec);
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
curve.DecodePoint(Hex.Decode("0262B12D60690CDCF330BABAB6E69763B471F994DD702D16A5")), // Q
spec);
ISigner sgr = SignerUtilities.GetSigner("SHA1withECNR");
byte[] message = new byte[] { (byte)'a', (byte)'b', (byte)'c' };
checkSignature(192, priKey, pubKey, sgr, k, message, r, s);
}
// The ECMQV Primitive as described in SEC-1, 3.4
private static ECPoint CalculateMqvAgreement(
ECDomainParameters parameters,
ECPrivateKeyParameters d1U,
ECPrivateKeyParameters d2U,
ECPublicKeyParameters q2U,
ECPublicKeyParameters q1V,
ECPublicKeyParameters q2V)
{
var n = parameters.N;
var e = (n.BitLength + 1) / 2;
var powE = BigInteger.One.ShiftLeft(e);
// The Q2U public key is optional
var q = q2U == null ? parameters.G.Multiply(d2U.D) : q2U.Q;
var x = q.X.ToBigInteger();
var xBar = x.Mod(powE);
var q2UBar = xBar.SetBit(e);
var s = d1U.D.Multiply(q2UBar).Mod(n).Add(d2U.D).Mod(n);
var xPrime = q2V.Q.X.ToBigInteger();
var xPrimeBar = xPrime.Mod(powE);
var q2VBar = xPrimeBar.SetBit(e);
var hs = parameters.H.Multiply(s).Mod(n);
//ECPoint p = Q1V.Q.Multiply(Q2VBar).Add(Q2V.Q).Multiply(hs);
var p = ECAlgorithms.SumOfTwoMultiplies(
q1V.Q, q2VBar.Multiply(hs).Mod(n), q2V.Q, hs);
if (p.IsInfinity)
throw new InvalidOperationException("Infinity is not a valid agreement value for MQV");
return p;
}
public ECDiffieHellmanBc(Int32 keySize)
{
Org.BouncyCastle.Asn1.X9.X9ECParameters ecParams;
switch (keySize) {
case 256:
ecParams = Org.BouncyCastle.Asn1.Sec.SecNamedCurves.GetByName("secp256r1");
break;
case 384:
ecParams = Org.BouncyCastle.Asn1.Sec.SecNamedCurves.GetByName("secp384r1");
break;
case 521:
ecParams = Org.BouncyCastle.Asn1.Sec.SecNamedCurves.GetByName("secp521r1");
break;
default:
throw new ArgumentException("ECDiffieHellman key size " + keySize + " not supported");
}
_keySize = keySize;
_domainParameters = new ECDomainParameters(ecParams.Curve, ecParams.G, ecParams.N, ecParams.H, ecParams.GetSeed());
// Initialize key generation parameters with new SecureRandom
Org.BouncyCastle.Security.SecureRandom secureRandom = new Org.BouncyCastle.Security.SecureRandom();
ECKeyGenerationParameters keyGenParams = new ECKeyGenerationParameters(_domainParameters, secureRandom);
// Generate key pair from domain parameters
Org.BouncyCastle.Crypto.Generators.ECKeyPairGenerator generator = new Org.BouncyCastle.Crypto.Generators.ECKeyPairGenerator();
generator.Init(keyGenParams);
Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keyPair = generator.GenerateKeyPair();
// Save the private and public key parameters
_privateKeyParameters = (ECPrivateKeyParameters) keyPair.Private;
_publicKeyParameters = (ECPublicKeyParameters) keyPair.Public;
_kdf = ECDiffieHellmanKeyDerivationFunction.Hash;
_hashAlgorithm = CngAlgorithm.Sha256;
}
public static ECPublicKeyParameters ParsePublicKey(byte[] keyBytes)
{
var curve = SecNamedCurves.GetByName("secp256r1");
var point = curve.Curve.DecodePoint(keyBytes);
var parameters = new ECDomainParameters(curve.Curve, curve.G, curve.N, curve.H);
return new ECPublicKeyParameters(point, parameters);
}
static EcKey()
{
// All clients must agree on the curve to use by agreement. BitCoin uses secp256k1.
var @params = SecNamedCurves.GetByName("secp256k1");
_ecParams = new ECDomainParameters(@params.Curve, @params.G, @params.N, @params.H);
_secureRandom = new SecureRandom();
}
/// <summary>
/// Initializes a new instance of the <see cref="ECDHPublicKeyParameters" /> class.
/// </summary>
/// <param name="q">The q.</param>
/// <param name="parameters">The parameters.</param>
/// <param name="hashAlgorithm">The hash algorithm.</param>
/// <param name="symmetricKeyAlgorithm">The symmetric key algorithm.</param>
public ECDHPublicKeyParameters(ECPoint q, ECDomainParameters parameters, HashAlgorithmTag hashAlgorithm,
SymmetricKeyAlgorithmTag symmetricKeyAlgorithm)
: base("ECDH", q, parameters)
{
this.HashAlgorithm = hashAlgorithm;
this.SymmetricKeyAlgorithm = symmetricKeyAlgorithm;
}
/// <summary>
/// Initializes a new instance of the <see cref="ECKeyGenerationParameters"/> class.
/// </summary>
/// <param name="domainParameters">The domain parameters.</param>
/// <param name="random">The random.</param>
/// <param name="hashAlgorithm">The hash algorithm.</param>
/// <param name="symmetricKeyAlgorithm">The symmetric key algorithm.</param>
public ECKeyGenerationParameters(ECDomainParameters domainParameters, ISecureRandom random, HashAlgorithmTag hashAlgorithm, SymmetricKeyAlgorithmTag symmetricKeyAlgorithm)
: base(random, domainParameters.N.BitLength)
{
_domainParams = domainParameters;
_hashAlgorithm = hashAlgorithm;
_symmetricKeyAlgorithm = symmetricKeyAlgorithm;
}
public void TestECNR192bitPrime()
{
BigInteger r = new BigInteger("2474388605162950674935076940284692598330235697454145648371");
BigInteger s = new BigInteger("2997192822503471356158280167065034437828486078932532073836");
byte[] kData = new BigInteger("dcc5d1f1020906df2782360d36b2de7a17ece37d503784af", 16).ToByteArrayUnsigned();
SecureRandom k = FixedSecureRandom.From(kData);
X9ECParameters p = X962NamedCurves.GetByOid(X9ObjectIdentifiers.Prime192v1);
ECDomainParameters spec = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
ECCurve curve = spec.Curve;
ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
new BigInteger("651056770906015076056810763456358567190100156695615665659"), // d
spec);
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
curve.DecodePoint(Hex.Decode("0262B12D60690CDCF330BABAB6E69763B471F994DD702D16A5")), // Q
spec);
ISigner sgr = SignerUtilities.GetSigner("SHA1withECNR");
byte[] message = new byte[] { (byte)'a', (byte)'b', (byte)'c' };
checkSignature(192, priKey, pubKey, sgr, k, message, r, s);
}
public void TestECNR239bitPrime()
{
BigInteger r = new BigInteger("308636143175167811492623515537541734843573549327605293463169625072911693");
BigInteger s = new BigInteger("852401710738814635664888632022555967400445256405412579597015412971797143");
byte[] kData = new BigInteger("700000017569056646655505781757157107570501575775705779575555657156756655").ToByteArrayUnsigned();
SecureRandom k = FixedSecureRandom.From(kData);
X9ECParameters p = X962NamedCurves.GetByOid(X9ObjectIdentifiers.Prime239v1);
ECDomainParameters spec = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
ECCurve curve = spec.Curve;
ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
new BigInteger("876300101507107567501066130761671078357010671067781776716671676178726717"), // d
spec);
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
curve.DecodePoint(Hex.Decode("025b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c70")), // Q
spec);
ISigner sgr = SignerUtilities.GetSigner("SHA1withECNR");
byte[] message = new byte[] { (byte)'a', (byte)'b', (byte)'c' };
checkSignature(239, priKey, pubKey, sgr, k, message, r, s);
}
public void TestECDsa192bitPrime()
{
BigInteger r = new BigInteger("3342403536405981729393488334694600415596881826869351677613");
BigInteger s = new BigInteger("5735822328888155254683894997897571951568553642892029982342");
byte[] kData = BigIntegers.AsUnsignedByteArray(new BigInteger("6140507067065001063065065565667405560006161556565665656654"));
SecureRandom k = FixedSecureRandom.From(kData);
FpCurve curve = new FpCurve(
new BigInteger("6277101735386680763835789423207666416083908700390324961279"), // q
new BigInteger("fffffffffffffffffffffffffffffffefffffffffffffffc", 16), // a
new BigInteger("64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1", 16)); // b
ECDomainParameters parameters = new ECDomainParameters(
curve,
curve.DecodePoint(Hex.Decode("03188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012")), // G
new BigInteger("6277101735386680763835789423176059013767194773182842284081")); // n
ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
"ECDSA",
new BigInteger("651056770906015076056810763456358567190100156695615665659"), // d
parameters);
ParametersWithRandom param = new ParametersWithRandom(priKey, k);
ECDsaSigner ecdsa = new ECDsaSigner();
ecdsa.Init(true, param);
byte[] message = new BigInteger("968236873715988614170569073515315707566766479517").ToByteArray();
BigInteger[] sig = ecdsa.GenerateSignature(message);
if (!r.Equals(sig[0]))
{
Fail("r component wrong." + SimpleTest.NewLine
+ " expecting: " + r + SimpleTest.NewLine
+ " got : " + sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail("s component wrong." + SimpleTest.NewLine
+ " expecting: " + s + SimpleTest.NewLine
+ " got : " + sig[1]);
}
// Verify the signature
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
"ECDSA",
curve.DecodePoint(Hex.Decode("0262b12d60690cdcf330babab6e69763b471f994dd702d16a5")), // Q
parameters);
ecdsa.Init(false, pubKey);
if (!ecdsa.VerifySignature(message, sig[0], sig[1]))
{
Fail("verification fails");
}
}
public ECPrivateKeyParameters(string algorithm, IBigInteger d, ECDomainParameters parameters)
: base(algorithm, true, parameters)
{
if (d == null)
throw new ArgumentNullException("d");
_d = d;
}
public ECPublicKeyParameters(string algorithm, ECPoint q, ECDomainParameters parameters)
: base(algorithm, false, parameters)
{
if (q == null)
throw new ArgumentNullException("q");
_q = q;
}
protected ECKeyParameters(string algorithm, bool isPrivate, ECDomainParameters parameters)
: base(isPrivate)
{
if (algorithm == null)
throw new ArgumentNullException("algorithm");
if (parameters == null)
throw new ArgumentNullException("parameters");
_algorithm = VerifyAlgorithmName(algorithm);
_parameters = parameters;
}
public void Init(
KeyGenerationParameters parameters)
{
if (parameters is ECKeyGenerationParameters)
{
ECKeyGenerationParameters ecP = (ECKeyGenerationParameters) parameters;
this.publicKeyParamSet = ecP.PublicKeyParamSet;
this.parameters = ecP.DomainParameters;
}
else
{
DerObjectIdentifier oid;
switch (parameters.Strength)
{
case 192:
oid = X9ObjectIdentifiers.Prime192v1;
break;
case 224:
oid = SecObjectIdentifiers.SecP224r1;
break;
case 239:
oid = X9ObjectIdentifiers.Prime239v1;
break;
case 256:
oid = X9ObjectIdentifiers.Prime256v1;
break;
case 384:
oid = SecObjectIdentifiers.SecP384r1;
break;
case 521:
oid = SecObjectIdentifiers.SecP521r1;
break;
default:
throw new InvalidParameterException("unknown key size.");
}
// Set this to make the SubjectPublicKeyInfo contain a named curve
// Without it, the SPKI contains explicit curve parameters
publicKeyParamSet = oid;
X9ECParameters ecps = FindECCurveByOid(oid);
this.parameters = new ECDomainParameters(
ecps.Curve, ecps.G, ecps.N, ecps.H, ecps.GetSeed());
}
this.random = parameters.Random;
if (this.random == null)
{
this.random = new SecureRandom();
}
}
public Account()
{
var namedCurve = NistNamedCurves.GetByName("P-256");
var ecdomp = new ECDomainParameters(namedCurve.Curve, namedCurve.G, namedCurve.N);
var srnd = new SecureRandom();
var eckeygenparams = new ECKeyGenerationParameters(ecdomp, srnd);
var g = new ECKeyPairGenerator("ECDSA");
g.Init(eckeygenparams);
keyPair = g.GenerateKeyPair();
address = generateAddress(keyPair.Public);
this.Label = "(no label)";
}
protected ECKeyParameters(string algorithm, bool isPrivate, DerObjectIdentifier publicKeyParamSet)
: base(isPrivate)
{
if (algorithm == null)
throw new ArgumentNullException("algorithm");
if (publicKeyParamSet == null)
throw new ArgumentNullException("publicKeyParamSet");
_algorithm = VerifyAlgorithmName(algorithm);
_parameters = LookupParameters(publicKeyParamSet);
_publicKeyParamSet = publicKeyParamSet;
}
public void Init(
KeyGenerationParameters parameters)
{
if (parameters is ECKeyGenerationParameters)
{
ECKeyGenerationParameters ecP = (ECKeyGenerationParameters) parameters;
if (ecP.PublicKeyParamSet != null)
{
if (algorithm != "ECGOST3410")
throw new ArgumentException("parameters invalid for algorithm: " + algorithm, "parameters");
this.publicKeyParamSet = ecP.PublicKeyParamSet;
}
this.parameters = ecP.DomainParameters;
}
else
{
DerObjectIdentifier oid;
switch (parameters.Strength)
{
case 192:
oid = X9ObjectIdentifiers.Prime192v1;
break;
case 224:
oid = SecObjectIdentifiers.SecP224r1;
break;
case 239:
oid = X9ObjectIdentifiers.Prime239v1;
break;
case 256:
oid = X9ObjectIdentifiers.Prime256v1;
break;
case 384:
oid = SecObjectIdentifiers.SecP384r1;
break;
case 521:
oid = SecObjectIdentifiers.SecP521r1;
break;
default:
throw new InvalidParameterException("unknown key size.");
}
X9ECParameters ecps = X962NamedCurves.GetByOid(oid);
this.parameters = new ECDomainParameters(
ecps.Curve, ecps.G, ecps.N, ecps.H, ecps.GetSeed());
}
this.random = parameters.Random;
}
/// <summary>
/// This generates an elliptic curve key pair. Uses BouncyCastle library for generation.
/// Hijacked by the BES Random Generator.
/// </summary>
/// <param name="keyGen"></param>
/// <param name="keySize"></param>
/// <returns></returns>
public static AsymmetricCipherKeyPair GenerateKeyPair(IBasylKeyGenerator keyGen, string curveName)
{
var ecGenerator = new ECKeyPairGenerator("ECDH");
var ecp = GetCurveFromName(curveName);
ECDomainParameters ecSpec = new ECDomainParameters(ecp.Curve, ecp.G, ecp.N, ecp.H, ecp.GetSeed());
ECKeyGenerationParameters ecgp = new ECKeyGenerationParameters(ecSpec, new BasylSecureRandom(keyGen));
ecGenerator.Init(ecgp);
AsymmetricCipherKeyPair keys = ecGenerator.GenerateKeyPair();
return keys;
}
private void ecNR239bitPrime()
{
BigInteger n = new BigInteger("883423532389192164791648750360308884807550341691627752275345424702807307");
FpCurve curve = new FpCurve(
new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"), // q
new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16), // a
new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16), // b
n, BigInteger.One);
ECDomainParameters parameters = new ECDomainParameters(
curve,
curve.DecodePoint(Hex.Decode("020ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf")), // G
n);
ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
new BigInteger("876300101507107567501066130761671078357010671067781776716671676178726717"), // d
parameters);
ECNRSigner ecnr = new ECNRSigner();
ParametersWithRandom param = new ParametersWithRandom(priKey, k);
ecnr.Init(true, param);
byte[] message = new BigInteger("968236873715988614170569073515315707566766479517").ToByteArray();
BigInteger[] sig = ecnr.GenerateSignature(message);
if (!r.Equals(sig[0]))
{
Fail("r component wrong.", r, sig[0]);
}
if (!s.Equals(sig[1]))
{
Fail("s component wrong.", s, sig[1]);
}
// Verify the signature
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
curve.DecodePoint(Hex.Decode("025b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c70")), // Q
parameters);
ecnr.Init(false, pubKey);
if (!ecnr.VerifySignature(message, sig[0], sig[1]))
{
Fail("signature fails");
}
}
public static ECKeyPair Generate (X9ECParameters curve, bool compressed = true)
{
ECKeyPairGenerator generator = new ECKeyPairGenerator ();
ECDomainParameters newDomain = new ECDomainParameters(curve.Curve, curve.G, curve.N);
ECKeyGenerationParameters keygenParams = new ECKeyGenerationParameters (newDomain, secureRandom);
generator.Init (keygenParams);
var keyPair = generator.GenerateKeyPair ();
ECPrivateKeyParameters privParams = (ECPrivateKeyParameters) keyPair.Private;
ECPublicKeyParameters pubParams = (ECPublicKeyParameters) keyPair.Public;
ECKeyPair k = new ECKeyPair ();
k.Domain = newDomain;
k.Curve = curve;
k.priv = privParams.D;
k.pub = pubParams.Q.GetEncoded (compressed);
return k;
}
public void Init(
KeyGenerationParameters parameters)
{
if (parameters is ECKeyGenerationParameters)
{
ECKeyGenerationParameters ecP = (ECKeyGenerationParameters) parameters;
this.publicKeyParamSet = ecP.PublicKeyParamSet;
this.parameters = ecP.DomainParameters;
}
else
{
DerObjectIdentifier oid;
switch (parameters.Strength)
{
case 192:
oid = X9ObjectIdentifiers.Prime192v1;
break;
case 224:
oid = SecObjectIdentifiers.SecP224r1;
break;
case 239:
oid = X9ObjectIdentifiers.Prime239v1;
break;
case 256:
oid = X9ObjectIdentifiers.Prime256v1;
break;
case 384:
oid = SecObjectIdentifiers.SecP384r1;
break;
case 521:
oid = SecObjectIdentifiers.SecP521r1;
break;
default:
throw new InvalidParameterException("unknown key size.");
}
X9ECParameters ecps = FindECCurveByOid(oid);
this.parameters = new ECDomainParameters(
ecps.Curve, ecps.G, ecps.N, ecps.H, ecps.GetSeed());
}
this.random = parameters.Random;
}
public Tuple<ECPrivateKeyParameters, ECPublicKeyParameters> CreateKeyPair()
{
var curve = SecNamedCurves.GetByName("secp256k1");
var domainParameters = new ECDomainParameters(curve.Curve, curve.G, curve.N, curve.H, curve.GetSeed());
var generator = new ECKeyPairGenerator();
generator.Init(new ECKeyGenerationParameters(domainParameters, new SecureRandom()));
var keyPair = new MethodTimer(false).Time("GenerateKeyPair", () => generator.GenerateKeyPair());
var privateKey = (ECPrivateKeyParameters)keyPair.Private;
var publicKey = (ECPublicKeyParameters)keyPair.Public;
//Debug.WriteLine("Private: {0}".Format2(privateKey.D.ToHexNumberStringUnsigned()));
//Debug.WriteLine("Public X: {0}".Format2(publicKey.Q.X.ToBigInteger().ToHexNumberStringUnsigned()));
//Debug.WriteLine("Public Y: {0}".Format2(publicKey.Q.Y.ToBigInteger().ToHexNumberStringUnsigned()));
return Tuple.Create(privateKey, publicKey);
}
public ICipherParameters DecodePublicKey(byte[] encodedPublicKey)
{
try
{
X9ECParameters curve = SecNamedCurves.GetByOid(_curve);
ECPoint point = curve.Curve.DecodePoint(encodedPublicKey);
ECDomainParameters ecP = new ECDomainParameters(curve.Curve, curve.G, curve.N, curve.H);
return new ECPublicKeyParameters(point, ecP);
}
catch (InvalidKeySpecException e)
{
throw new U2fException(ErrorDecodingPublicKey, e);
}
catch (Exception e)
{
throw new U2fException("Could not parse user public key", e);
}
}
public static string GeneratePrivateKey()
{
ECKeyPairGenerator gen = new ECKeyPairGenerator();
var secureRandom = new SecureRandom(new byte[] { 1, 2, 3, 4, 6 });
var ps = Org.BouncyCastle.Asn1.Sec.SecNamedCurves.GetByName("secp256k1");
var ecParams = new ECDomainParameters(ps.Curve, ps.G, ps.N, ps.H);
var keyGenParam = new ECKeyGenerationParameters(ecParams, secureRandom);
gen.Init(keyGenParam);
AsymmetricCipherKeyPair kp = gen.GenerateKeyPair();
ECPrivateKeyParameters priv = (ECPrivateKeyParameters)kp.Private;
byte[] hexpriv = priv.D.ToByteArrayUnsigned();
var privateKey = ByteArrayToString(hexpriv);
return privateKey;
}
public void TestEC()
{
BigInteger ECParraGX = new BigInteger(Base64.Decode("D/qWPNyogWzMM7hkK+35BcPTWFc9Pyf7vTs8uaqv"));
BigInteger ECParraGY = new BigInteger(Base64.Decode("AhQXGxb1olGRv6s1LPRfuatMF+cx3ZTGgzSE/Q5R"));
BigInteger ECParraH = new BigInteger(Base64.Decode("AQ=="));
BigInteger ECParraN = new BigInteger(Base64.Decode("f///////////////f///nl6an12QcfvRUiaIkJ0L"));
BigInteger ECPubQX = new BigInteger(Base64.Decode("HWWi17Yb+Bm3PYr/DMjLOYNFhyOwX1QY7ZvqqM+l"));
BigInteger ECPubQY = new BigInteger(Base64.Decode("JrlJfxu3WGhqwtL/55BOs/wsUeiDFsvXcGhB8DGx"));
BigInteger ECPrivD = new BigInteger(Base64.Decode("GYQmd/NF1B+He1iMkWt3by2Az6Eu07t0ynJ4YCAo"));
FpCurve curve = new FpCurve(
new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"), // q
new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16), // a
new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16)); // b
ECDomainParameters ecDomain =
new ECDomainParameters(
curve,
new FpPoint(curve,
curve.FromBigInteger(ECParraGX),
curve.FromBigInteger(ECParraGY)),
ECParraN);
ECPublicKeyParameters ecPub = new ECPublicKeyParameters(
new FpPoint(
curve,
curve.FromBigInteger(ECPubQX),
curve.FromBigInteger(ECPubQY)),
ecDomain);
ECPrivateKeyParameters ecPriv = new ECPrivateKeyParameters(ECPrivD, ecDomain);
SubjectPublicKeyInfo subinfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(ecPub);
PrivateKeyInfo privInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(ecPriv);
ECPublicKeyParameters tecPub = (ECPublicKeyParameters)PublicKeyFactory.CreateKey(subinfo);
ECPrivateKeyParameters tecPriv = (ECPrivateKeyParameters)PrivateKeyFactory.CreateKey(privInfo);
Assert.IsTrue(tecPub.Equals(ecPub), "EC: public key to info back to public key");
Assert.IsTrue(tecPriv.Equals(ecPriv), "EC: private key to info back to private key");
}
// The ECMQV Primitive as described in SEC-1, 3.4
private static ECPoint CalculateMqvAgreement(
ECDomainParameters parameters,
ECPrivateKeyParameters d1U,
ECPrivateKeyParameters d2U,
ECPublicKeyParameters Q2U,
ECPublicKeyParameters Q1V,
ECPublicKeyParameters Q2V)
{
BigInteger n = parameters.N;
int e = (n.BitLength + 1) / 2;
BigInteger powE = BigInteger.One.ShiftLeft(e);
ECCurve curve = parameters.Curve;
ECPoint[] points = new ECPoint[]{
// The Q2U public key is optional - but will be calculated for us if it wasn't present
ECAlgorithms.ImportPoint(curve, Q2U.Q),
ECAlgorithms.ImportPoint(curve, Q1V.Q),
ECAlgorithms.ImportPoint(curve, Q2V.Q)
};
curve.NormalizeAll(points);
ECPoint q2u = points[0], q1v = points[1], q2v = points[2];
BigInteger x = q2u.AffineXCoord.ToBigInteger();
BigInteger xBar = x.Mod(powE);
BigInteger Q2UBar = xBar.SetBit(e);
BigInteger s = d1U.D.Multiply(Q2UBar).Add(d2U.D).Mod(n);
BigInteger xPrime = q2v.AffineXCoord.ToBigInteger();
BigInteger xPrimeBar = xPrime.Mod(powE);
BigInteger Q2VBar = xPrimeBar.SetBit(e);
BigInteger hs = parameters.H.Multiply(s).Mod(n);
return ECAlgorithms.SumOfTwoMultiplies(
q1v, Q2VBar.Multiply(hs).Mod(n), q2v, hs);
}
public ECPrivateKeyParameters(
BigInteger d,
ECDomainParameters parameters)
: this("EC", d, parameters)
{
}
public ECPublicKeyParameters(
ECPoint q,
ECDomainParameters parameters)
: this("EC", q, parameters)
{
}
