如何使用.NET Core支持ECC中的安全曲线(例如,Curve25519)

时间:2017-04-30 21:31:51

标签: .net cryptography .net-core elliptic-curve

.NET Core支持在ECC中创建自定义曲线。

我试图定义Curve25519,如下所示:

public class Curves
{
    // TODO: check the key gen rand.
    public static ECCurve Curve25519
    {
        get
        {
            return new ECCurve()
            {
                CurveType = ECCurve.ECCurveType.PrimeMontgomery,
                B = new byte[] { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1},
                A = new byte[] {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,109,6},
                G = new ECPoint()
                {
                    X = new byte[] { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9},
                    Y = new byte[] {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 }},
                Prime = new byte[] { 127, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 237 },
                Order = new byte[] {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8},
                Cofactor = new byte[] { 1 } // fix later
            };
        }
    }

但是,当我尝试定义它时

var ecc2 = ECDsa.Create(Curves.Curve25519);

我得到一个空指针异常。

有没有人看到任何明显的错误,或者仍然没有太多支持.NET Core中的显式曲线?

1 个答案:

答案 0 :(得分:1)

出现错误是因为Curve25519是为ECDH密钥交换计算而设计的,尤其是X25519。用法的详细信息位于this SO question

ECDSA应该在弯曲的Edwards版本的Curve25519(即Ed25519)上使用。该曲线可以在.Net Core中定义和使用,如下所示。

ECCurve ecCurve = new ECCurve() // Ed25519, 32 bytes, 256 bit
{
    CurveType = ECCurve.ECCurveType.PrimeTwistedEdwards,
    A = new byte[] { 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
      0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xec }, // GF(-1)
    B = new byte[] { 0x52, 0x03, 0x6C, 0xEE, 0x2B, 0x6F, 0xFE, 0x73, 0x8C, 0xC7, 0x40, 0x79, 0x77, 0x79, 0xE8, 0x98,
      0x00, 0x70, 0x0A, 0x4D, 0x41, 0x41, 0xD8, 0xAB, 0x75, 0xEB, 0x4D, 0xCA, 0x13, 0x59, 0x78, 0xA3 },
    G = new ECPoint()
    {
      X = new byte[] { 0x21, 0x69, 0x36, 0xD3, 0xCD, 0x6E, 0x53, 0xFE, 0xC0, 0xA4, 0xE2, 0x31, 0xFD, 0xD6, 0xDC, 0x5C,
        0x69, 0x2C, 0xC7, 0x60, 0x95, 0x25, 0xA7, 0xB2, 0xC9, 0x56, 0x2D, 0x60, 0x8F, 0x25, 0xD5, 0x1A },
      Y = new byte[] { 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
        0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x58 }
    },
    Prime = new byte[] { 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
      0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xed },
    Order = new byte[] { 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x14, 0xde, 0xf9, 0xde, 0xa2, 0xf7, 0x9c, 0xd6, 0x58, 0x12, 0x63, 0x1a, 0x5c, 0xf5, 0xd3, 0xed },
    Cofactor = new byte[] { 8 }
};

参数A为-1,在2 ^ 255-19的Galois字段中,以上表示为-1。可以通过评估以下SageMathCell处的代码来计算得出。

gf=GF(2^255-19)
print (hex(gf(-1)))

但是,documentation说,Windows 10和macOS以下版本不支持显式曲线,我的尝试显示它们在Linux上引发异常。因此,如果需要Windows 10以外的平台或跨平台可操作性,则应使用NSeclibsodium-core之类的库。

相关问题
最新问题