1 files changed, 136 insertions, 0 deletions
diff --git a/Crypto/src/crypto/signers/DsaSigner.cs b/Crypto/src/crypto/signers/DsaSigner.cs
new file mode 100644
index 000000000..419b1972e
--- /dev/null
+++ b/Crypto/src/crypto/signers/DsaSigner.cs
@@ -0,0 +1,136 @@
+using System;
+using Org.BouncyCastle.Math;
+using Org.BouncyCastle.Math.EC;
+using Org.BouncyCastle.Security;
+using Org.BouncyCastle.Crypto;
+using Org.BouncyCastle.Crypto.Digests;
+using Org.BouncyCastle.Crypto.Parameters;
+
+namespace Org.BouncyCastle.Crypto.Signers
+{
+	/**
+	 * The Digital Signature Algorithm - as described in "Handbook of Applied
+	 * Cryptography", pages 452 - 453.
+	 */
+	public class DsaSigner
+		: IDsa
+	{
+		private DsaKeyParameters key;
+		private SecureRandom random;
+
+		public string AlgorithmName
+		{
+			get { return "DSA"; }
+		}
+
+		public void Init(
+			bool				forSigning,
+			ICipherParameters	parameters)
+		{
+			if (forSigning)
+			{
+				if (parameters is ParametersWithRandom)
+				{
+					ParametersWithRandom rParam = (ParametersWithRandom)parameters;
+
+					this.random = rParam.Random;
+					parameters = rParam.Parameters;
+				}
+				else
+				{
+					this.random = new SecureRandom();
+				}
+
+				if (!(parameters is DsaPrivateKeyParameters))
+					throw new InvalidKeyException("DSA private key required for signing");
+
+				this.key = (DsaPrivateKeyParameters) parameters;
+			}
+			else
+			{
+				if (!(parameters is DsaPublicKeyParameters))
+					throw new InvalidKeyException("DSA public key required for verification");
+
+				this.key = (DsaPublicKeyParameters) parameters;
+			}
+		}
+
+		/**
+		 * Generate a signature for the given message using the key we were
+		 * initialised with. For conventional DSA the message should be a SHA-1
+		 * hash of the message of interest.
+		 *
+		 * @param message the message that will be verified later.
+		 */
+		public BigInteger[] GenerateSignature(
+			byte[] message)
+		{
+			DsaParameters parameters = key.Parameters;
+			BigInteger q = parameters.Q;
+			BigInteger m = calculateE(q, message);
+			BigInteger k;
+
+			do
+			{
+				k = new BigInteger(q.BitLength, random);
+			}
+			while (k.CompareTo(q) >= 0);
+
+			BigInteger r = parameters.G.ModPow(k, parameters.P).Mod(q);
+
+			k = k.ModInverse(q).Multiply(
+				m.Add(((DsaPrivateKeyParameters)key).X.Multiply(r)));
+
+			BigInteger s = k.Mod(q);
+
+			return new BigInteger[]{ r, s };
+		}
+
+		/**
+		 * return true if the value r and s represent a DSA signature for
+		 * the passed in message for standard DSA the message should be a
+		 * SHA-1 hash of the real message to be verified.
+		 */
+		public bool VerifySignature(
+			byte[]		message,
+			BigInteger	r,
+			BigInteger	s)
+		{
+			DsaParameters parameters = key.Parameters;
+			BigInteger q = parameters.Q;
+			BigInteger m = calculateE(q, message);
+
+			if (r.SignValue <= 0 || q.CompareTo(r) <= 0)
+			{
+				return false;
+			}
+
+			if (s.SignValue <= 0 || q.CompareTo(s) <= 0)
+			{
+				return false;
+			}
+
+			BigInteger w = s.ModInverse(q);
+
+			BigInteger u1 = m.Multiply(w).Mod(q);
+			BigInteger u2 = r.Multiply(w).Mod(q);
+
+			BigInteger p = parameters.P;
+			u1 = parameters.G.ModPow(u1, p);
+			u2 = ((DsaPublicKeyParameters)key).Y.ModPow(u2, p);
+
+			BigInteger v = u1.Multiply(u2).Mod(p).Mod(q);
+
+			return v.Equals(r);
+		}
+
+		private BigInteger calculateE(
+			BigInteger	n,
+			byte[]		message)
+		{
+			int length = System.Math.Min(message.Length, n.BitLength / 8);
+
+			return new BigInteger(1, message, 0, length);
+		}
+	}
+}