本文整理汇总了Java中org.spongycastle.math.ec.ECCurve类的典型用法代码示例。如果您正苦于以下问题:Java ECCurve类的具体用法?Java ECCurve怎么用?Java ECCurve使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
ECCurve类属于org.spongycastle.math.ec包,在下文中一共展示了ECCurve类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: byteArrayToECPoint
import org.spongycastle.math.ec.ECCurve; //导入依赖的package包/类
private static ECPoint byteArrayToECPoint(final byte[] value, final ECCurve.Fp curve)
throws IllegalArgumentException {
final byte[] x = new byte[(value.length - 1) / 2];
final byte[] y = new byte[(value.length - 1) / 2];
if (value[0] != (byte) 0x04) {
throw new IllegalArgumentException("No uncompressed Point found!"); //$NON-NLS-1$
}
System.arraycopy(value, 1, x, 0, (value.length - 1) / 2);
System.arraycopy(value, 1 + (value.length - 1) / 2, y, 0,
(value.length - 1) / 2);
final ECFieldElement.Fp xE = (org.spongycastle.math.ec.ECFieldElement.Fp) curve.fromBigInteger(new BigInteger(1, x));
final ECFieldElement.Fp yE = (org.spongycastle.math.ec.ECFieldElement.Fp) curve.fromBigInteger(new BigInteger(1, y));
final ECPoint point = curve.createPoint(xE.toBigInteger(), yE.toBigInteger());
return point;
}
示例2: decompressKey
import org.spongycastle.math.ec.ECCurve; //导入依赖的package包/类
/** Decompress a compressed public key (x co-ord and low-bit of y-coord). */
private static ECPoint decompressKey(BigInteger xBN, boolean yBit) {
// This code is adapted from Bouncy Castle ECCurve.Fp.decodePoint(), but it wasn't easily re-used.
ECCurve.Fp curve = (ECCurve.Fp) ecParams.getCurve();
ECFieldElement x = new ECFieldElement.Fp(curve.getQ(), xBN);
ECFieldElement alpha = x.multiply(x.square().add(curve.getA())).add(curve.getB());
ECFieldElement beta = alpha.sqrt();
// If we can't find a sqrt we haven't got a point on the curve - invalid inputs.
if (beta == null)
throw new IllegalArgumentException("Invalid point compression");
if (beta.toBigInteger().testBit(0) == yBit) {
return new ECPoint.Fp(curve, x, beta, true);
} else {
ECFieldElement.Fp y = new ECFieldElement.Fp(curve.getQ(), curve.getQ().subtract(beta.toBigInteger()));
return new ECPoint.Fp(curve, x, y, true);
}
}
示例3: decompressKey
import org.spongycastle.math.ec.ECCurve; //导入依赖的package包/类
/** Decompress a compressed public key (x co-ord and low-bit of y-coord). */
private static ECPoint decompressKey(BigInteger xBN, boolean yBit) {
// This code is adapted from Bouncy Castle ECCurve.Fp.decodePoint(), but it wasn't easily re-used.
ECCurve.Fp curve = (ECCurve.Fp) CURVE.getCurve();
ECFieldElement x = new ECFieldElement.Fp(curve.getQ(), xBN);
ECFieldElement alpha = x.multiply(x.square().add(curve.getA())).add(curve.getB());
ECFieldElement beta = alpha.sqrt();
// If we can't find a sqrt we haven't got a point on the curve - invalid inputs.
if (beta == null)
throw new IllegalArgumentException("Invalid point compression");
if (beta.toBigInteger().testBit(0) == yBit) {
return new ECPoint.Fp(curve, x, beta, true);
} else {
ECFieldElement.Fp y = new ECFieldElement.Fp(curve.getQ(), curve.getQ().subtract(beta.toBigInteger()));
return new ECPoint.Fp(curve, x, y, true);
}
}
示例4: decompressKey
import org.spongycastle.math.ec.ECCurve; //导入依赖的package包/类
/**
* Decompress a compressed public key (x co-ord and low-bit of y-coord).
*/
private static ECPoint decompressKey(BigInteger xBN, boolean yBit) {
// This code is adapted from Bouncy Castle ECCurve.Fp.decodePoint(), but it wasn't easily re-used.
ECCurve.Fp curve = (ECCurve.Fp) ecParams.getCurve();
ECFieldElement x = new ECFieldElement.Fp(curve.getQ(), xBN);
ECFieldElement alpha = x.multiply(x.square().add(curve.getA())).add(curve.getB());
ECFieldElement beta = alpha.sqrt();
// If we can't find a sqrt we haven't got a point on the curve - invalid inputs.
if (beta == null)
throw new IllegalArgumentException("Invalid point compression");
if (beta.toBigInteger().testBit(0) == yBit) {
return new ECPoint.Fp(curve, x, beta, true);
} else {
ECFieldElement.Fp y = new ECFieldElement.Fp(curve.getQ(), curve.getQ().subtract(beta.toBigInteger()));
return new ECPoint.Fp(curve, x, y, true);
}
}
示例5: Sec1KeyParser
import org.spongycastle.math.ec.ECCurve; //导入依赖的package包/类
Sec1KeyParser(ECDomainParameters params, int keyBits) {
this.params = params;
this.keyBits = keyBits;
modulus = ((ECCurve.Fp) params.getCurve()).getQ();
bytesPerInt = (keyBits + 7) / 8;
publicKeyBytes = 1 + 2 * bytesPerInt;
privateKeyBytes = bytesPerInt;
}
示例6: constantTime
import org.spongycastle.math.ec.ECCurve; //导入依赖的package包/类
private static ECDomainParameters constantTime(ECDomainParameters in) {
ECCurve curve = in.getCurve().configure().setMultiplier(
new MontgomeryLadderMultiplier()).create();
BigInteger x = in.getG().getAffineXCoord().toBigInteger();
BigInteger y = in.getG().getAffineYCoord().toBigInteger();
ECPoint g = curve.createPoint(x, y);
return new ECDomainParameters(curve, g, in.getN(), in.getH());
}
示例7: computeAffineY
import org.spongycastle.math.ec.ECCurve; //导入依赖的package包/类
private static BigInteger computeAffineY(final BigInteger affineX, final ECParameterSpec params) {
final ECCurve bcCurve = toBouncyCastleECCurve(params);
final ECFieldElement a = bcCurve.getA();
final ECFieldElement b = bcCurve.getB();
final ECFieldElement x = bcCurve.fromBigInteger(affineX);
final ECFieldElement y = x.multiply(x).add(a).multiply(x).add(b).sqrt();
return y.toBigInteger();
}
示例8: toBouncyCastleECCurve
import org.spongycastle.math.ec.ECCurve; //导入依赖的package包/类
private static ECCurve toBouncyCastleECCurve(final ECParameterSpec params) {
final EllipticCurve curve = params.getCurve();
final ECField field = curve.getField();
if (!(field instanceof ECFieldFp)) {
throw new IllegalArgumentException(
"Solo se soporta 'ECFieldFp' y se proporciono " + field.getClass().getCanonicalName() //$NON-NLS-1$
);
}
final int coFactor = params.getCofactor();
final BigInteger order = params.getOrder();
final BigInteger a = curve.getA();
final BigInteger b = curve.getB();
final BigInteger p = getPrime(params);
return new ECCurve.Fp(p, a, b, order, BigInteger.valueOf(coFactor));
}
示例9: computeAffineY
import org.spongycastle.math.ec.ECCurve; //导入依赖的package包/类
private static BigInteger computeAffineY(final BigInteger affineX, final ECParameterSpec params) {
final ECCurve bcCurve = toSpongyCastleECCurve(params);
final ECFieldElement a = bcCurve.getA();
final ECFieldElement b = bcCurve.getB();
final ECFieldElement x = bcCurve.fromBigInteger(affineX);
final ECFieldElement y = x.multiply(x).add(a).multiply(x).add(b).sqrt();
return y.toBigInteger();
}
示例10: toSpongyCastleECCurve
import org.spongycastle.math.ec.ECCurve; //导入依赖的package包/类
private static ECCurve toSpongyCastleECCurve(final ECParameterSpec params) {
final EllipticCurve curve = params.getCurve();
final ECField field = curve.getField();
if (!(field instanceof ECFieldFp)) {
throw new IllegalArgumentException(
"Solo se soporta 'ECFieldFp' y se proporciono " + field.getClass().getCanonicalName() //$NON-NLS-1$
);
}
final int coFactor = params.getCofactor();
final BigInteger order = params.getOrder();
final BigInteger a = curve.getA();
final BigInteger b = curve.getB();
final BigInteger p = getPrime(params);
return new ECCurve.Fp(p, a, b, order, BigInteger.valueOf(coFactor));
}
示例11: recoverPubBytesFromSignature
import org.spongycastle.math.ec.ECCurve; //导入依赖的package包/类
/**
* <p>Given the components of a signature and a selector value, recover and return the public key
* that generated the signature according to the algorithm in SEC1v2 section 4.1.6.</p>
*
* <p>The recId is an index from 0 to 3 which indicates which of the 4 possible keys is the correct one. Because
* the key recovery operation yields multiple potential keys, the correct key must either be stored alongside the
* signature, or you must be willing to try each recId in turn until you find one that outputs the key you are
* expecting.</p>
*
* <p>If this method returns null it means recovery was not possible and recId should be iterated.</p>
*
* <p>Given the above two points, a correct usage of this method is inside a for loop from 0 to 3, and if the
* output is null OR a key that is not the one you expect, you try again with the next recId.</p>
*
* @param recId Which possible key to recover.
* @param sig the R and S components of the signature, wrapped.
* @param messageHash Hash of the data that was signed.
* @return 65-byte encoded public key
*/
@Nullable
public static byte[] recoverPubBytesFromSignature(int recId, ECDSASignature sig, byte[] messageHash) {
check(recId >= 0, "recId must be positive");
check(sig.r.signum() >= 0, "r must be positive");
check(sig.s.signum() >= 0, "s must be positive");
check(messageHash != null, "messageHash must not be null");
// 1.0 For j from 0 to h (h == recId here and the loop is outside this function)
// 1.1 Let x = r + jn
BigInteger n = CURVE.getN(); // Curve order.
BigInteger i = BigInteger.valueOf((long) recId / 2);
BigInteger x = sig.r.add(i.multiply(n));
// 1.2. Convert the integer x to an octet string X of length mlen using the conversion routine
// specified in Section 2.3.7, where mlen = ⌈(log2 p)/8⌉ or mlen = ⌈m/8⌉.
// 1.3. Convert the octet string (16 set binary digits)||X to an elliptic curve point R using the
// conversion routine specified in Section 2.3.4. If this conversion routine outputs “invalid”, then
// do another iteration of Step 1.
//
// More concisely, what these points mean is to use X as a compressed public key.
ECCurve.Fp curve = (ECCurve.Fp) CURVE.getCurve();
BigInteger prime = curve.getQ(); // Bouncy Castle is not consistent about the letter it uses for the prime.
if (x.compareTo(prime) >= 0) {
// Cannot have point co-ordinates larger than this as everything takes place modulo Q.
return null;
}
// Compressed keys require you to know an extra bit of data about the y-coord as there are two possibilities.
// So it's encoded in the recId.
ECPoint R = decompressKey(x, (recId & 1) == 1);
// 1.4. If nR != point at infinity, then do another iteration of Step 1 (callers responsibility).
if (!R.multiply(n).isInfinity())
return null;
// 1.5. Compute e from M using Steps 2 and 3 of ECDSA signature verification.
BigInteger e = new BigInteger(1, messageHash);
// 1.6. For k from 1 to 2 do the following. (loop is outside this function via iterating recId)
// 1.6.1. Compute a candidate public key as:
// Q = mi(r) * (sR - eG)
//
// Where mi(x) is the modular multiplicative inverse. We transform this into the following:
// Q = (mi(r) * s ** R) + (mi(r) * -e ** G)
// Where -e is the modular additive inverse of e, that is z such that z + e = 0 (mod n). In the above equation
// ** is point multiplication and + is point addition (the EC group operator).
//
// We can find the additive inverse by subtracting e from zero then taking the mod. For example the additive
// inverse of 3 modulo 11 is 8 because 3 + 8 mod 11 = 0, and -3 mod 11 = 8.
BigInteger eInv = BigInteger.ZERO.subtract(e).mod(n);
BigInteger rInv = sig.r.modInverse(n);
BigInteger srInv = rInv.multiply(sig.s).mod(n);
BigInteger eInvrInv = rInv.multiply(eInv).mod(n);
ECPoint.Fp q = (ECPoint.Fp) ECAlgorithms.sumOfTwoMultiplies(CURVE.getG(), eInvrInv, R, srInv);
return q.getEncoded(/* compressed */ false);
}
示例12: parsePublicKey
import org.spongycastle.math.ec.ECCurve; //导入依赖的package包/类
@Override
public PublicKey parsePublicKey(byte[] encodedKey)
throws GeneralSecurityException {
// The validation procedure comes from SEC 1, section 3.2.2.1. Note
// that SEC 1 parameter names are used below, not RFC 5639 names
long now = System.currentTimeMillis();
if (encodedKey.length != publicKeyBytes)
throw new GeneralSecurityException();
// The first byte must be 0x04
if (encodedKey[0] != 4) throw new GeneralSecurityException();
// The x co-ordinate must be >= 0 and < p
byte[] xBytes = new byte[bytesPerInt];
System.arraycopy(encodedKey, 1, xBytes, 0, bytesPerInt);
BigInteger x = new BigInteger(1, xBytes); // Positive signum
if (x.compareTo(modulus) >= 0) throw new GeneralSecurityException();
// The y co-ordinate must be >= 0 and < p
byte[] yBytes = new byte[bytesPerInt];
System.arraycopy(encodedKey, 1 + bytesPerInt, yBytes, 0, bytesPerInt);
BigInteger y = new BigInteger(1, yBytes); // Positive signum
if (y.compareTo(modulus) >= 0) throw new GeneralSecurityException();
// Verify that y^2 == x^3 + ax + b (mod p)
ECCurve curve = params.getCurve();
BigInteger a = curve.getA().toBigInteger();
BigInteger b = curve.getB().toBigInteger();
BigInteger lhs = y.multiply(y).mod(modulus);
BigInteger rhs = x.multiply(x).add(a).multiply(x).add(b).mod(modulus);
if (!lhs.equals(rhs)) throw new GeneralSecurityException();
// We know the point (x, y) is on the curve, so we can create the point
ECPoint pub = curve.createPoint(x, y).normalize();
// Verify that the point (x, y) is not the point at infinity
if (pub.isInfinity()) throw new GeneralSecurityException();
// Verify that the point (x, y) times n is the point at infinity
if (!pub.multiply(params.getN()).isInfinity())
throw new GeneralSecurityException();
// Construct a public key from the point (x, y) and the params
ECPublicKeyParameters k = new ECPublicKeyParameters(pub, params);
PublicKey p = new Sec1PublicKey(k);
long duration = System.currentTimeMillis() - now;
if (LOG.isLoggable(INFO))
LOG.info("Parsing public key took " + duration + " ms");
return p;
}
示例13: LazyECPoint
import org.spongycastle.math.ec.ECCurve; //导入依赖的package包/类
public LazyECPoint(ECCurve curve, byte[] bits) {
this.curve = curve;
this.bits = bits;
}
示例14: getCurve
import org.spongycastle.math.ec.ECCurve; //导入依赖的package包/类
public ECCurve getCurve() {
return get().getCurve();
}
示例15: recoverPubBytesFromSignature
import org.spongycastle.math.ec.ECCurve; //导入依赖的package包/类
/**
* <p>Given the components of a signature and a selector value, recover and return the public key
* that generated the signature according to the algorithm in SEC1v2 section 4.1.6.</p>
*
* <p>The recId is an index from 0 to 3 which indicates which of the 4 possible keys is the correct one. Because
* the key recovery operation yields multiple potential keys, the correct key must either be stored alongside the
* signature, or you must be willing to try each recId in turn until you find one that outputs the key you are
* expecting.</p>
*
* <p>If this method returns null it means recovery was not possible and recId should be iterated.</p>
*
* <p>Given the above two points, a correct usage of this method is inside a for loop from 0 to 3, and if the
* output is null OR a key that is not the one you expect, you try again with the next recId.</p>
*
* @param recId Which possible key to recover.
* @param sig the R and S components of the signature, wrapped.
* @param messageHash Hash of the data that was signed.
* @return 65-byte encoded public key
*/
@Nullable public static byte[] recoverPubBytesFromSignature(int recId, ECDSASignature sig,
byte[] messageHash) {
check(recId >= 0, "recId must be positive");
check(sig.r.signum() >= 0, "r must be positive");
check(sig.s.signum() >= 0, "s must be positive");
check(messageHash != null, "messageHash must not be null");
// 1.0 For j from 0 to h (h == recId here and the loop is outside this function)
// 1.1 Let x = r + jn
BigInteger n = CURVE.getN(); // Curve order.
BigInteger i = BigInteger.valueOf((long) recId / 2);
BigInteger x = sig.r.add(i.multiply(n));
// 1.2. Convert the integer x to an octet string X of length mlen using the conversion routine
// specified in Section 2.3.7, where mlen = ⌈(log2 p)/8⌉ or mlen = ⌈m/8⌉.
// 1.3. Convert the octet string (16 set binary digits)||X to an elliptic curve point R using the
// conversion routine specified in Section 2.3.4. If this conversion routine outputs “invalid”, then
// do another iteration of Step 1.
//
// More concisely, what these points mean is to use X as a compressed public key.
ECCurve.Fp curve = (ECCurve.Fp) CURVE.getCurve();
BigInteger prime =
curve.getQ(); // Bouncy Castle is not consistent about the letter it uses for the prime.
if (x.compareTo(prime) >= 0) {
// Cannot have point co-ordinates larger than this as everything takes place modulo Q.
return null;
}
// Compressed keys require you to know an extra bit of data about the y-coord as there are two possibilities.
// So it's encoded in the recId.
ECPoint R = decompressKey(x, (recId & 1) == 1);
// 1.4. If nR != point at infinity, then do another iteration of Step 1 (callers responsibility).
if (!R.multiply(n)
.isInfinity()) {
return null;
}
// 1.5. Compute e from M using Steps 2 and 3 of ECDSA signature verification.
BigInteger e = new BigInteger(1, messageHash);
// 1.6. For k from 1 to 2 do the following. (loop is outside this function via iterating recId)
// 1.6.1. Compute a candidate public key as:
// Q = mi(r) * (sR - eG)
//
// Where mi(x) is the modular multiplicative inverse. We transform this into the following:
// Q = (mi(r) * s ** R) + (mi(r) * -e ** G)
// Where -e is the modular additive inverse of e, that is z such that z + e = 0 (mod n). In the above equation
// ** is point multiplication and + is point addition (the EC group operator).
//
// We can find the additive inverse by subtracting e from zero then taking the mod. For example the additive
// inverse of 3 modulo 11 is 8 because 3 + 8 mod 11 = 0, and -3 mod 11 = 8.
BigInteger eInv = BigInteger.ZERO.subtract(e)
.mod(n);
BigInteger rInv = sig.r.modInverse(n);
BigInteger srInv = rInv.multiply(sig.s)
.mod(n);
BigInteger eInvrInv = rInv.multiply(eInv)
.mod(n);
Fp q = (Fp) ECAlgorithms.sumOfTwoMultiplies(CURVE.getG(), eInvrInv, R, srInv);
return q.getEncoded(/* compressed */ false);
}