DsaSigner.cs :  » PDF » iTextSharp » Org » BouncyCastle » Crypto » Signers » C# / CSharp Open Source

using System;
using Org.BouncyCastle.Math;
using Org.BouncyCastle.Math.EC;
using Org.BouncyCastle.Security;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Digests;
using Org.BouncyCastle.Crypto.Parameters;

namespace Org.BouncyCastle.Crypto.Signers{
  /**
   * The Digital Signature Algorithm - as described in "Handbook of Applied
   * Cryptography", pages 452 - 453.
   */
  public class DsaSigner
    : IDsa
  {
    private DsaKeyParameters key;
    private SecureRandom random;

    public string AlgorithmName
    {
      get { return "DSA"; }
    }

    public void Init(
      bool        forSigning,
      ICipherParameters  parameters)
    {
      if (forSigning)
      {
        if (parameters is ParametersWithRandom)
        {
          ParametersWithRandom rParam = (ParametersWithRandom)parameters;

          this.random = rParam.Random;
          parameters = rParam.Parameters;
        }
        else
        {
          this.random = new SecureRandom();
        }

        if (!(parameters is DsaPrivateKeyParameters))
          throw new InvalidKeyException("DSA private key required for signing");

        this.key = (DsaPrivateKeyParameters) parameters;
      }
      else
      {
        if (!(parameters is DsaPublicKeyParameters))
          throw new InvalidKeyException("DSA public key required for verification");

        this.key = (DsaPublicKeyParameters) parameters;
      }
    }

    /**
     * Generate a signature for the given message using the key we were
     * initialised with. For conventional DSA the message should be a SHA-1
     * hash of the message of interest.
     *
     * @param message the message that will be verified later.
     */
    public BigInteger[] GenerateSignature(
      byte[] message)
    {
      DsaParameters parameters = key.Parameters;
      BigInteger q = parameters.Q;
      BigInteger m = calculateE(q, message);
      BigInteger k;

      do
      {
        k = new BigInteger(q.BitLength, random);
      }
      while (k.CompareTo(q) >= 0);

      BigInteger r = parameters.G.ModPow(k, parameters.P).Mod(q);

      k = k.ModInverse(q).Multiply(
        m.Add(((DsaPrivateKeyParameters)key).X.Multiply(r)));

      BigInteger s = k.Mod(q);

      return new BigInteger[]{ r, s };
    }

    /**
     * return true if the value r and s represent a DSA signature for
     * the passed in message for standard DSA the message should be a
     * SHA-1 hash of the real message to be verified.
     */
    public bool VerifySignature(
      byte[]    message,
      BigInteger  r,
      BigInteger  s)
    {
      DsaParameters parameters = key.Parameters;
      BigInteger q = parameters.Q;
      BigInteger m = calculateE(q, message);

      if (r.SignValue <= 0 || q.CompareTo(r) <= 0)
      {
        return false;
      }

      if (s.SignValue <= 0 || q.CompareTo(s) <= 0)
      {
        return false;
      }

      BigInteger w = s.ModInverse(q);

      BigInteger u1 = m.Multiply(w).Mod(q);
      BigInteger u2 = r.Multiply(w).Mod(q);

      BigInteger p = parameters.P;
      u1 = parameters.G.ModPow(u1, p);
      u2 = ((DsaPublicKeyParameters)key).Y.ModPow(u2, p);

      BigInteger v = u1.Multiply(u2).Mod(p).Mod(q);

      return v.Equals(r);
    }

    private BigInteger calculateE(
      BigInteger  n,
      byte[]    message)
    {
      int length = System.Math.Min(message.Length, n.BitLength / 8);

      return new BigInteger(1, message, 0, length);
    }
  }
}