} else if (param instanceof ECParameterSpec) { final ECParameterSpec ecSpec = (ECParameterSpec) param; return ecSpec.getCofactor() * 31 + Objects.hash(ecSpec.getCurve(), ecSpec.getGenerator(), ecSpec.getOrder()); } else if (param instanceof DHParameterSpec) { final DHParameterSpec dhSpec = (DHParameterSpec) param;
BigInteger p = new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"); ECFieldFp ecFieldFp = new ECFieldFp(p); BigInteger a = new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16); BigInteger b = new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16); EllipticCurve ellipticCurve = new EllipticCurve(ecFieldFp, a, b); BigInteger x = new BigInteger("110282003749548856476348533541186204577905061504881242240149511594420911"); BigInteger y = new BigInteger("869078407435509378747351873793058868500210384946040694651368759217025454"); ECPoint g = new ECPoint(x, y); BigInteger n = new BigInteger("883423532389192164791648750360308884807550341691627752275345424702807307"); ECParameterSpec ecParameterSpec = new ECParameterSpec(ellipticCurve, g, n, 1);
public ECParameterSpec getECParameterSpec() { final String curveName = NativeCrypto.EC_GROUP_get_curve_name(groupCtx); final byte[][] curveParams = NativeCrypto.EC_GROUP_get_curve(groupCtx); final BigInteger p = new BigInteger(curveParams[0]); final BigInteger a = new BigInteger(curveParams[1]); final BigInteger b = new BigInteger(curveParams[2]); final ECField field; final int type = NativeCrypto.get_EC_GROUP_type(groupCtx); if (type == NativeCrypto.EC_CURVE_GFP) { field = new ECFieldFp(p); } else if (type == NativeCrypto.EC_CURVE_GF2M) { field = new ECFieldF2m(p.bitLength() - 1, p); } else { throw new RuntimeException("unknown curve type " + type); } final EllipticCurve curve = new EllipticCurve(field, a, b); final OpenSSLECPointContext generatorCtx = new OpenSSLECPointContext(this, NativeCrypto.EC_GROUP_get_generator(groupCtx)); final ECPoint generator = generatorCtx.getECPoint(); final BigInteger order = new BigInteger(NativeCrypto.EC_GROUP_get_order(groupCtx)); final BigInteger cofactor = new BigInteger(NativeCrypto.EC_GROUP_get_cofactor(groupCtx)); return new ECParameterSpec(curve, generator, order, cofactor.intValue(), curveName); } }
public boolean validate(byte[] r, byte[] s) throws Exception { BigInteger x = new BigInteger(1, r); BigInteger y = new BigInteger(1, s); ECPoint w = new ECPoint(x, y); if (w.equals(ECPoint.POINT_INFINITY)) { return false; } ECParameterSpec params = publicKey.getParams(); EllipticCurve curve = params.getCurve(); BigInteger p = ((ECFieldFp) curve.getField()).getP(); BigInteger p_sub1 = p.subtract(BigInteger.ONE); if (!(x.compareTo(p_sub1) <= 0 && y.compareTo(p_sub1) <= 0)) { return false; } BigInteger tmp = x.multiply(curve.getA()). add(curve.getB()). add(x.modPow(three, p)). mod(p); BigInteger y_2 = y.modPow(two, p); return y_2.equals(tmp); }
protected void assertsEcdsaKey(ECPublicKey pubKey) { final String x = "48439561293906451759052585252797914202762949526041747995844080717082404635286"; final String y = "36134250956749795798585127919587881956611106672985015071877198253568414405109"; Assert.assertEquals(new BigInteger(x), pubKey.getParams().getGenerator().getAffineX()); Assert.assertEquals(new BigInteger(y), pubKey.getParams().getGenerator().getAffineY()); }
@Override public void computeK(byte[] f) throws GeneralSecurityException { KeyFactory keyFactory = SecurityUtils.getKeyFactory("EC"); ECPublicKeySpec keySpec = new ECPublicKeySpec(getDecoded(f, ecParameterSpec.getCurve()), ecParameterSpec); PublicKey yourPubKey = keyFactory.generatePublic(keySpec); agreement.doPhase(yourPubKey, true); setK(new BigInteger(1, agreement.generateSecret())); }
ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve()); EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression), ecSpec.getOrder(), BigInteger.valueOf(ecSpec.getCofactor()), ecSpec.getCurve().getSeed()); BigInteger bX = this.ecPublicKey.getQ().getAffineXCoord().toBigInteger(); BigInteger bY = this.ecPublicKey.getQ().getAffineYCoord().toBigInteger(); byte[] encKey = new byte[64];
private void checkPointIsOnCurve(ECPublicKey ephemeralPublicKey, ECPrivateKey privateKey) throws JoseException { // to prevent 'Invalid Curve Attack': for NIST curves, check whether public key is on the private key's curve. // from https://www.cs.bris.ac.uk/Research/CryptographySecurity/RWC/2017/nguyen.quan.pdf // there appear to be similar checks in the JVM starting with 1.8.0_51 but // doing it here explicitly seems prudent // (y^2) mod p = (x^3 + ax + b) mod p // thanks to Antonio Sanso for guidance on how to do this check ECParameterSpec ecParameterSpec = privateKey.getParams(); EllipticCurve curve = ecParameterSpec.getCurve(); ECPoint point = ephemeralPublicKey.getW(); BigInteger x = point.getAffineX(); BigInteger y = point.getAffineY(); BigInteger a = curve.getA(); BigInteger b = curve.getB(); BigInteger p = ((ECFieldFp) curve.getField()).getP(); BigInteger leftSide = (y.pow(2)).mod(p); BigInteger rightSide = (x.pow(3).add(a.multiply(x)).add(b)).mod(p); boolean onCurve = leftSide.equals(rightSide); if (!onCurve) { throw new JoseException(HeaderParameterNames.EPHEMERAL_PUBLIC_KEY + " is invalid for " + EllipticCurves.getName(curve)); } }
private ECParameterSpec createSpec(EllipticCurve ellipticCurve, ECDomainParameters dp) { return new ECParameterSpec( ellipticCurve, new ECPoint( dp.getG().getX().toBigInteger(), dp.getG().getY().toBigInteger()), dp.getN(), dp.getH().intValue()); }
public static OpenSSLECGroupContext getInstance(ECParameterSpec params) throws InvalidAlgorithmParameterException { final String curveName = params.getCurveName(); if (curveName != null) { return OpenSSLECGroupContext.getCurveByName(curveName); } final EllipticCurve curve = params.getCurve(); final ECField field = curve.getField(); final int type; final BigInteger p; if (field instanceof ECFieldFp) { type = NativeCrypto.EC_CURVE_GFP; p = ((ECFieldFp) field).getP(); } else if (field instanceof ECFieldF2m) { type = NativeCrypto.EC_CURVE_GF2M; p = ((ECFieldF2m) field).getReductionPolynomial(); } else { throw new InvalidParameterException("unhandled field class " + field.getClass().getName()); } final ECPoint generator = params.getGenerator(); return OpenSSLECGroupContext.getInstance(type, p, curve.getA(), curve.getB(), generator.getAffineX(), generator.getAffineY(), params.getOrder(), BigInteger.valueOf(params.getCofactor())); }
long startTime = System.currentTimeMillis(); org.bouncycastle.jce.spec.ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec(CURVE_NAME); ECField field = new ECFieldFp(ecSpec.getCurve().getField().getCharacteristic()); EllipticCurve curve = new EllipticCurve(field, ecSpec.getCurve().getA().toBigInteger(), ecSpec.getCurve().getB().toBigInteger()); ECPoint pointG = new ECPoint(ecSpec.getG().getXCoord().toBigInteger(), ecSpec.getG().getYCoord().toBigInteger()); ECParameterSpec spec = new ECParameterSpec(curve, pointG, ecSpec.getN(), ecSpec.getH().intValue()); KeyPairGenerator g = KeyPairGenerator.getInstance(KEY_PAIR_GENERATOR_TYPE); g.initialize(spec, new SecureRandom()); BigInteger serialNumber = BigInteger.valueOf(randomNumber >= 0 ? randomNumber : randomNumber * -1); Date notBefore = new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30); Date notAfter = new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365 * 10));
ellipticCurve = EC5Util.convertCurve(curve, ecP.getSeed()); new ECPoint( ecP.getG().getAffineXCoord().toBigInteger(), ecP.getG().getAffineYCoord().toBigInteger()), ecP.getN(), ecP.getH()); if (ecP.getH() != null) ecSpec = new ECParameterSpec( ellipticCurve, new ECPoint( ecP.getG().getAffineXCoord().toBigInteger(), ecP.getG().getAffineYCoord().toBigInteger()), ecP.getN(), ecP.getH().intValue()); ecSpec = new ECParameterSpec( ellipticCurve, new ECPoint(
static JsonObject getJwk(PublicKey publicKey, String algHeader) { if (publicKey instanceof RSAPublicKey) { RSAPublicKey rsaPublicKey = (RSAPublicKey) publicKey; return Json.createObjectBuilder() .add(EXPONENT, base64UrlEncode(rsaPublicKey.getPublicExponent().toByteArray())) .add(KEY_TYPE, "RSA") .add(MODULUS, base64UrlEncode(modulusToByteArray(rsaPublicKey.getModulus()))) .build(); } else if (publicKey instanceof ECPublicKey) { ECPublicKey ecPublicKey = (ECPublicKey) publicKey; int fieldSize = ecPublicKey.getParams().getCurve().getField().getFieldSize(); return Json.createObjectBuilder() .add(CURVE, getCurveParameterFromAlgHeader(algHeader)) .add(KEY_TYPE, "EC") .add(X_COORDINATE, base64UrlEncode(coordinateToByteArray(fieldSize, ecPublicKey.getW().getAffineX()))) .add(Y_COORDINATE, base64UrlEncode(coordinateToByteArray(fieldSize, ecPublicKey.getW().getAffineY()))) .build(); } else { throw acme.unsupportedAcmeAccountPublicKeyType(publicKey.getAlgorithm()); } }
private static boolean isP256(ECParameterSpec params) { ECNamedCurveParameterSpec p256 = ECNamedCurveTable.getParameterSpec("P-256"); return (Objects.equals(p256.getN(), params.getOrder()) && Objects.equals(p256.getG().getAffineXCoord().toBigInteger(), params.getGenerator().getAffineX()) && Objects.equals(p256.getG().getAffineYCoord().toBigInteger(), params.getGenerator().getAffineY()) && Objects.equals(p256.getH(), BigInteger.valueOf(params.getCofactor())) ); }
/** Checks that the public key's params spec is the same as the private key's params spec. */ static void validatePublicKeySpec(ECPublicKey publicKey, ECPrivateKey privateKey) throws GeneralSecurityException { try { ECParameterSpec publicKeySpec = publicKey.getParams(); ECParameterSpec privateKeySpec = privateKey.getParams(); if (!publicKeySpec.getCurve().equals(privateKeySpec.getCurve()) || !publicKeySpec.getGenerator().equals(privateKeySpec.getGenerator()) || !publicKeySpec.getOrder().equals(privateKeySpec.getOrder()) || publicKeySpec.getCofactor() != privateKeySpec.getCofactor()) { throw new GeneralSecurityException("invalid public key spec"); } } catch (IllegalArgumentException | NullPointerException ex) { // The Java security providers on Android K and Android L might throw these unchecked // exceptions, converting them to a checked one to not crash the JVM. throw new GeneralSecurityException(ex.toString()); } }
public ECParameterSpec genSpec() { BigInteger pb = new NativeBigInteger(ps); BigInteger nb = new NativeBigInteger(ns); BigInteger sb = new NativeBigInteger(ss.replace(" ", ""), 16); BigInteger bb = new NativeBigInteger(bs.replace(" ", ""), 16); BigInteger gxb = new NativeBigInteger(gxs.replace(" ", ""), 16); BigInteger gyb = new NativeBigInteger(gys.replace(" ", ""), 16); BigInteger ab = new NativeBigInteger(A.mod(pb)); ECField field = new ECFieldFp(pb); EllipticCurve curve = new EllipticCurve(field, ab, bb, sb.toByteArray()); ECPoint g = new ECPoint(gxb, gyb); return new ECParameterSpec(curve, g, nb, H); } }
private static boolean matchCurve(ECParameterSpec params, Curve curve) { int fieldSize = params.getCurve().getField().getFieldSize(); if (curve.getCurve().getField().getFieldSize() == fieldSize && curve.getCurve().equals(params.getCurve()) && curve.getGenerator().equals(params.getGenerator()) && curve.getOrder().equals(params.getOrder()) && curve.getCofactor() == params.getCofactor()) { return true; } else { return false; } }
/** @return EC domain parameters. */ public ECParameterSpec getParams() { final ECDomainParameters params = delegate.getParameters(); return new ECParameterSpec( EC5Util.convertCurve(params.getCurve(), params.getSeed()), new ECPoint( params.getG().normalize().getXCoord().toBigInteger(), params.getG().normalize().getYCoord().toBigInteger()), params.getN(), params.getH().intValue()); }
public static ECParameterSpec convertToSpec( X9ECParameters domainParameters) { return new ECParameterSpec( convertCurve(domainParameters.getCurve(), null), // JDK 1.5 has trouble with this if it's not null... new ECPoint( domainParameters.getG().getAffineXCoord().toBigInteger(), domainParameters.getG().getAffineYCoord().toBigInteger()), domainParameters.getN(), domainParameters.getH().intValue()); }