1 files changed, 154 insertions, 0 deletions
diff --git a/Crypto/src/crypto/signers/ECGOST3410Signer.cs b/Crypto/src/crypto/signers/ECGOST3410Signer.cs
new file mode 100644
index 000000000..d68b83f67
--- /dev/null
+++ b/Crypto/src/crypto/signers/ECGOST3410Signer.cs
@@ -0,0 +1,154 @@
+using System;
+
+using Org.BouncyCastle.Crypto;
+using Org.BouncyCastle.Crypto.Parameters;
+using Org.BouncyCastle.Math;
+using Org.BouncyCastle.Math.EC;
+using Org.BouncyCastle.Security;
+
+namespace Org.BouncyCastle.Crypto.Signers
+{
+	/**
+	 * GOST R 34.10-2001 Signature Algorithm
+	 */
+	public class ECGost3410Signer
+		: IDsa
+	{
+		private ECKeyParameters key;
+		private SecureRandom random;
+
+		public string AlgorithmName
+		{
+			get { return "ECGOST3410"; }
+		}
+
+		public void Init(
+			bool				forSigning,
+			ICipherParameters	parameters)
+		{
+			if (forSigning)
+			{
+				if (parameters is ParametersWithRandom)
+				{
+					ParametersWithRandom rParam = (ParametersWithRandom)parameters;
+
+					this.random = rParam.Random;
+					parameters = rParam.Parameters;
+				}
+				else
+				{
+					this.random = new SecureRandom();
+				}
+
+				if (!(parameters is ECPrivateKeyParameters))
+					throw new InvalidKeyException("EC private key required for signing");
+
+				this.key = (ECPrivateKeyParameters) parameters;
+			}
+			else
+			{
+				if (!(parameters is ECPublicKeyParameters))
+					throw new InvalidKeyException("EC public key required for verification");
+
+				this.key = (ECPublicKeyParameters)parameters;
+			}
+		}
+
+		/**
+		 * generate a signature for the given message using the key we were
+		 * initialised with. For conventional GOST3410 the message should be a GOST3411
+		 * hash of the message of interest.
+		 *
+		 * @param message the message that will be verified later.
+		 */
+		public BigInteger[] GenerateSignature(
+			byte[] message)
+		{
+			byte[] mRev = new byte[message.Length]; // conversion is little-endian
+			for (int i = 0; i != mRev.Length; i++)
+			{
+				mRev[i] = message[mRev.Length - 1 - i];
+			}
+
+			BigInteger e = new BigInteger(1, mRev);
+			BigInteger n = key.Parameters.N;
+
+			BigInteger r = null;
+			BigInteger s = null;
+
+			do // generate s
+			{
+				BigInteger k = null;
+
+				do // generate r
+				{
+					do
+					{
+						k = new BigInteger(n.BitLength, random);
+					}
+					while (k.SignValue == 0);
+
+					ECPoint p = key.Parameters.G.Multiply(k);
+
+					BigInteger x = p.X.ToBigInteger();
+
+					r = x.Mod(n);
+				}
+				while (r.SignValue == 0);
+
+				BigInteger d = ((ECPrivateKeyParameters)key).D;
+
+				s = (k.Multiply(e)).Add(d.Multiply(r)).Mod(n);
+			}
+			while (s.SignValue == 0);
+
+			return new BigInteger[]{ r, s };
+		}
+
+		/**
+		 * return true if the value r and s represent a GOST3410 signature for
+		 * the passed in message (for standard GOST3410 the message should be
+		 * a GOST3411 hash of the real message to be verified).
+		 */
+		public bool VerifySignature(
+			byte[]		message,
+			BigInteger	r,
+			BigInteger	s)
+		{
+			byte[] mRev = new byte[message.Length]; // conversion is little-endian
+			for (int i = 0; i != mRev.Length; i++)
+			{
+				mRev[i] = message[mRev.Length - 1 - i];
+			}
+
+			BigInteger e = new BigInteger(1, mRev);
+			BigInteger n = key.Parameters.N;
+
+			// r in the range [1,n-1]
+			if (r.CompareTo(BigInteger.One) < 0 || r.CompareTo(n) >= 0)
+			{
+				return false;
+			}
+
+			// s in the range [1,n-1]
+			if (s.CompareTo(BigInteger.One) < 0 || s.CompareTo(n) >= 0)
+			{
+				return false;
+			}
+
+			BigInteger v = e.ModInverse(n);
+
+			BigInteger z1 = s.Multiply(v).Mod(n);
+			BigInteger z2 = (n.Subtract(r)).Multiply(v).Mod(n);
+
+			ECPoint G = key.Parameters.G; // P
+			ECPoint Q = ((ECPublicKeyParameters)key).Q;
+
+			ECPoint point = ECAlgorithms.SumOfTwoMultiplies(G, z1, Q, z2);
+
+			BigInteger R = point.X.ToBigInteger().Mod(n);
+
+			return R.Equals(r);
+		}
+	}
+}