#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR) using System; using Org.BouncyCastle.Crypto.Digests; using Org.BouncyCastle.Crypto.Parameters; using Org.BouncyCastle.Math; using Org.BouncyCastle.Security; namespace Org.BouncyCastle.Crypto.Signers { /** * The Digital Signature Algorithm - as described in "Handbook of Applied * Cryptography", pages 452 - 453. */ public class DsaSigner : IDsa { protected readonly IDsaKCalculator kCalculator; protected DsaKeyParameters key = null; protected SecureRandom random = null; /** * Default configuration, random K values. */ public DsaSigner() { this.kCalculator = new RandomDsaKCalculator(); } /** * Configuration with an alternate, possibly deterministic calculator of K. * * @param kCalculator a K value calculator. */ public DsaSigner(IDsaKCalculator kCalculator) { this.kCalculator = kCalculator; } public virtual string AlgorithmName { get { return "DSA"; } } public virtual void Init(bool forSigning, ICipherParameters parameters) { SecureRandom providedRandom = null; if (forSigning) { if (parameters is ParametersWithRandom) { ParametersWithRandom rParam = (ParametersWithRandom)parameters; providedRandom = rParam.Random; parameters = rParam.Parameters; } if (!(parameters is DsaPrivateKeyParameters)) throw new InvalidKeyException("DSA private key required for signing"); this.key = (DsaPrivateKeyParameters)parameters; } else { if (!(parameters is DsaPublicKeyParameters)) throw new InvalidKeyException("DSA public key required for verification"); this.key = (DsaPublicKeyParameters)parameters; } this.random = InitSecureRandom(forSigning && !kCalculator.IsDeterministic, providedRandom); } /** * Generate a signature for the given message using the key we were * initialised with. For conventional DSA the message should be a SHA-1 * hash of the message of interest. * * @param message the message that will be verified later. */ public virtual BigInteger[] GenerateSignature(byte[] message) { DsaParameters parameters = key.Parameters; BigInteger q = parameters.Q; BigInteger m = CalculateE(q, message); BigInteger x = ((DsaPrivateKeyParameters)key).X; if (kCalculator.IsDeterministic) { kCalculator.Init(q, x, message); } else { kCalculator.Init(q, random); } BigInteger k = kCalculator.NextK(); BigInteger r = parameters.G.ModPow(k, parameters.P).Mod(q); k = k.ModInverse(q).Multiply(m.Add(x.Multiply(r))); BigInteger s = k.Mod(q); return new BigInteger[]{ r, s }; } /** * return true if the value r and s represent a DSA signature for * the passed in message for standard DSA the message should be a * SHA-1 hash of the real message to be verified. */ public virtual bool VerifySignature(byte[] message, BigInteger r, BigInteger s) { DsaParameters parameters = key.Parameters; BigInteger q = parameters.Q; BigInteger m = CalculateE(q, message); if (r.SignValue <= 0 || q.CompareTo(r) <= 0) { return false; } if (s.SignValue <= 0 || q.CompareTo(s) <= 0) { return false; } BigInteger w = s.ModInverse(q); BigInteger u1 = m.Multiply(w).Mod(q); BigInteger u2 = r.Multiply(w).Mod(q); BigInteger p = parameters.P; u1 = parameters.G.ModPow(u1, p); u2 = ((DsaPublicKeyParameters)key).Y.ModPow(u2, p); BigInteger v = u1.Multiply(u2).Mod(p).Mod(q); return v.Equals(r); } protected virtual BigInteger CalculateE(BigInteger n, byte[] message) { int length = System.Math.Min(message.Length, n.BitLength / 8); return new BigInteger(1, message, 0, length); } protected virtual SecureRandom InitSecureRandom(bool needed, SecureRandom provided) { return !needed ? null : (provided != null) ? provided : new SecureRandom(); } } } #endif