本文整理汇总了Java中org.bouncycastle.math.ec.ECAlgorithms.sumOfTwoMultiplies方法的典型用法代码示例。如果您正苦于以下问题:Java ECAlgorithms.sumOfTwoMultiplies方法的具体用法?Java ECAlgorithms.sumOfTwoMultiplies怎么用?Java ECAlgorithms.sumOfTwoMultiplies使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类org.bouncycastle.math.ec.ECAlgorithms的用法示例。
在下文中一共展示了ECAlgorithms.sumOfTwoMultiplies方法的11个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: verifySignature
import org.bouncycastle.math.ec.ECAlgorithms; //导入方法依赖的package包/类
public boolean verifySignature(byte[] message, BigInteger r, BigInteger s)
{
if (r.signum() == 0 || s.signum() == 0)
{
return false;
}
if (r.compareTo(key.getParameters().getN()) >= 0 || s.compareTo(key.getParameters().getN()) >= 0)
{
return false;
}
ECFieldElement h = hash2FieldElement(key.getParameters().getCurve(), message);
if (h.toBigInteger().signum() == 0)
{
h = key.getParameters().getCurve().fromBigInteger(ONE);
}
ECPoint R = ECAlgorithms.sumOfTwoMultiplies(key.getParameters().getG(), s, ((ECPublicKeyParameters)key).getQ(), r);
// components must be bogus.
if (R.isInfinity())
{
return false;
}
ECFieldElement y = h.multiply(R.getX());
return fieldElement2Integer(key.getParameters().getN(), y).compareTo(r) == 0;
}
示例2: calculateMqvAgreement
import org.bouncycastle.math.ec.ECAlgorithms; //导入方法依赖的package包/类
private ECPoint calculateMqvAgreement(
ECDomainParameters parameters,
ECPrivateKeyParameters d1U,
ECPrivateKeyParameters d2U,
ECPublicKeyParameters Q2U,
ECPublicKeyParameters Q1V,
ECPublicKeyParameters Q2V)
{
BigInteger n = parameters.getN();
int e = (n.bitLength() + 1) / 2;
BigInteger powE = ECConstants.ONE.shiftLeft(e);
ECCurve curve = parameters.getCurve();
ECPoint[] points = new ECPoint[]{
// The Q2U public key is optional
ECAlgorithms.importPoint(curve, Q2U == null ? parameters.getG().multiply(d2U.getD()) : Q2U.getQ()),
ECAlgorithms.importPoint(curve, Q1V.getQ()),
ECAlgorithms.importPoint(curve, Q2V.getQ())
};
curve.normalizeAll(points);
ECPoint q2u = points[0], q1v = points[1], q2v = points[2];
BigInteger x = q2u.getAffineXCoord().toBigInteger();
BigInteger xBar = x.mod(powE);
BigInteger Q2UBar = xBar.setBit(e);
BigInteger s = d1U.getD().multiply(Q2UBar).add(d2U.getD()).mod(n);
BigInteger xPrime = q2v.getAffineXCoord().toBigInteger();
BigInteger xPrimeBar = xPrime.mod(powE);
BigInteger Q2VBar = xPrimeBar.setBit(e);
BigInteger hs = parameters.getH().multiply(s).mod(n);
return ECAlgorithms.sumOfTwoMultiplies(
q1v, Q2VBar.multiply(hs).mod(n), q2v, hs);
}
示例3: recoverPublicKey
import org.bouncycastle.math.ec.ECAlgorithms; //导入方法依赖的package包/类
/**
* Recover the public key that corresponds to the private key, which signed this message.
*/
public static byte[] recoverPublicKey(byte[] sigR, byte[] sigS, byte[] sigV, byte[] message) {
ECNamedCurveParameterSpec spec = ECNamedCurveTable.getParameterSpec(SECP256K1);
BigInteger pointN = spec.getN();
try {
BigInteger pointX = new BigInteger(1, sigR);
X9IntegerConverter x9 = new X9IntegerConverter();
byte[] compEnc = x9.integerToBytes(pointX, 1 + x9.getByteLength(spec.getCurve()));
compEnc[0] = (byte) ((sigV[0] & 1) == 1 ? 0x03 : 0x02);
ECPoint pointR = spec.getCurve().decodePoint(compEnc);
if (!pointR.multiply(pointN).isInfinity()) {
return new byte[0];
}
BigInteger pointE = new BigInteger(1, message);
BigInteger pointEInv = BigInteger.ZERO.subtract(pointE).mod(pointN);
BigInteger pointRInv = new BigInteger(1, sigR).modInverse(pointN);
BigInteger srInv = pointRInv.multiply(new BigInteger(1, sigS)).mod(pointN);
BigInteger pointEInvRInv = pointRInv.multiply(pointEInv).mod(pointN);
ECPoint pointQ = ECAlgorithms.sumOfTwoMultiplies(spec.getG(), pointEInvRInv, pointR, srInv);
return pointQ.getEncoded(false);
} catch (Exception e) {
LOGGER.warn("Error recovering public key from message");
}
return new byte[0];
}
示例4: verifySignature
import org.bouncycastle.math.ec.ECAlgorithms; //导入方法依赖的package包/类
public boolean verifySignature(byte[] message, BigInteger r, BigInteger s)
{
if (r.signum() == 0 || s.signum() == 0)
{
return false;
}
if (r.compareTo(key.getParameters().getN()) >= 0 || s.compareTo(key.getParameters().getN()) >= 0)
{
return false;
}
ECFieldElement h = hash2FieldElement(key.getParameters().getCurve(), message);
if (h.isZero())
{
h = key.getParameters().getCurve().fromBigInteger(ONE);
}
ECPoint R = ECAlgorithms.sumOfTwoMultiplies(key.getParameters().getG(), s, ((ECPublicKeyParameters)key).getQ(), r);
// components must be bogus.
if (R.isInfinity())
{
return false;
}
ECFieldElement y = h.multiply(R.getX());
return fieldElement2Integer(key.getParameters().getN(), y).compareTo(r) == 0;
}
示例5: calculateMqvAgreement
import org.bouncycastle.math.ec.ECAlgorithms; //导入方法依赖的package包/类
private ECPoint calculateMqvAgreement(
ECDomainParameters parameters,
ECPrivateKeyParameters d1U,
ECPrivateKeyParameters d2U,
ECPublicKeyParameters Q2U,
ECPublicKeyParameters Q1V,
ECPublicKeyParameters Q2V)
{
BigInteger n = parameters.getN();
int e = (n.bitLength() + 1) / 2;
BigInteger powE = ECConstants.ONE.shiftLeft(e);
// The Q2U public key is optional
ECPoint q;
if (Q2U == null)
{
q = parameters.getG().multiply(d2U.getD());
}
else
{
q = Q2U.getQ();
}
BigInteger x = q.getX().toBigInteger();
BigInteger xBar = x.mod(powE);
BigInteger Q2UBar = xBar.setBit(e);
BigInteger s = d1U.getD().multiply(Q2UBar).mod(n).add(d2U.getD()).mod(n);
BigInteger xPrime = Q2V.getQ().getX().toBigInteger();
BigInteger xPrimeBar = xPrime.mod(powE);
BigInteger Q2VBar = xPrimeBar.setBit(e);
BigInteger hs = parameters.getH().multiply(s).mod(n);
// ECPoint p = Q1V.getQ().multiply(Q2VBar).add(Q2V.getQ()).multiply(hs);
ECPoint p = ECAlgorithms.sumOfTwoMultiplies(
Q1V.getQ(), Q2VBar.multiply(hs).mod(n), Q2V.getQ(), hs);
if (p.isInfinity())
{
throw new IllegalStateException("Infinity is not a valid agreement value for MQV");
}
return p;
}
示例6: verifySignature
import org.bouncycastle.math.ec.ECAlgorithms; //导入方法依赖的package包/类
/**
* return true if the value r and s represent a DSA signature for
* the passed in message (for standard DSA the message should be
* a SHA-1 hash of the real message to be verified).
*/
public boolean verifySignature(
byte[] message,
BigInteger r,
BigInteger s)
{
BigInteger n = key.getParameters().getN();
BigInteger e = calculateE(n, message);
// r in the range [1,n-1]
if (r.compareTo(ONE) < 0 || r.compareTo(n) >= 0)
{
return false;
}
// s in the range [1,n-1]
if (s.compareTo(ONE) < 0 || s.compareTo(n) >= 0)
{
return false;
}
BigInteger c = s.modInverse(n);
BigInteger u1 = e.multiply(c).mod(n);
BigInteger u2 = r.multiply(c).mod(n);
ECPoint G = key.getParameters().getG();
ECPoint Q = ((ECPublicKeyParameters)key).getQ();
ECPoint point = ECAlgorithms.sumOfTwoMultiplies(G, u1, Q, u2);
// components must be bogus.
if (point.isInfinity())
{
return false;
}
BigInteger v = point.getX().toBigInteger().mod(n);
return v.equals(r);
}
示例7: verifySignature
import org.bouncycastle.math.ec.ECAlgorithms; //导入方法依赖的package包/类
/**
* return true if the value r and s represent a signature for the
* message passed in. Generally, the order of the curve should be at
* least as long as the hash of the message of interest, and with
* ECNR, it *must* be at least as long. But just in case the signer
* applied mod(n) to the longer digest, this implementation will
* apply mod(n) during verification.
*
* @param digest the digest to be verified.
* @param r the r value of the signature.
* @param s the s value of the signature.
* @exception DataLengthException if the digest is longer than the key allows
*/
public boolean verifySignature(
byte[] digest,
BigInteger r,
BigInteger s)
{
if (this.forSigning)
{
throw new IllegalStateException("not initialised for verifying");
}
ECPublicKeyParameters pubKey = (ECPublicKeyParameters)key;
BigInteger n = pubKey.getParameters().getN();
int nBitLength = n.bitLength();
BigInteger e = new BigInteger(1, digest);
int eBitLength = e.bitLength();
if (eBitLength > nBitLength)
{
throw new DataLengthException("input too large for ECNR key.");
}
// r in the range [1,n-1]
if (r.compareTo(ECConstants.ONE) < 0 || r.compareTo(n) >= 0)
{
return false;
}
// s in the range [0,n-1] NB: ECNR spec says 0
if (s.compareTo(ECConstants.ZERO) < 0 || s.compareTo(n) >= 0)
{
return false;
}
// compute P = sG + rW
ECPoint G = pubKey.getParameters().getG();
ECPoint W = pubKey.getQ();
// calculate P using Bouncy math
ECPoint P = ECAlgorithms.sumOfTwoMultiplies(G, s, W, r);
// components must be bogus.
if (P.isInfinity())
{
return false;
}
BigInteger x = P.getX().toBigInteger();
BigInteger t = r.subtract(x).mod(n);
return t.equals(e);
}
示例8: verifySignature
import org.bouncycastle.math.ec.ECAlgorithms; //导入方法依赖的package包/类
/**
* return true if the value r and s represent a GOST3410 signature for
* the passed in message (for standard GOST3410 the message should be
* a GOST3411 hash of the real message to be verified).
*/
public boolean verifySignature(
byte[] message,
BigInteger r,
BigInteger s)
{
byte[] mRev = new byte[message.length]; // conversion is little-endian
for (int i = 0; i != mRev.length; i++)
{
mRev[i] = message[mRev.length - 1 - i];
}
BigInteger e = new BigInteger(1, mRev);
BigInteger n = key.getParameters().getN();
// r in the range [1,n-1]
if (r.compareTo(ECConstants.ONE) < 0 || r.compareTo(n) >= 0)
{
return false;
}
// s in the range [1,n-1]
if (s.compareTo(ECConstants.ONE) < 0 || s.compareTo(n) >= 0)
{
return false;
}
BigInteger v = e.modInverse(n);
BigInteger z1 = s.multiply(v).mod(n);
BigInteger z2 = (n.subtract(r)).multiply(v).mod(n);
ECPoint G = key.getParameters().getG(); // P
ECPoint Q = ((ECPublicKeyParameters)key).getQ();
ECPoint point = ECAlgorithms.sumOfTwoMultiplies(G, z1, Q, z2);
// components must be bogus.
if (point.isInfinity())
{
return false;
}
BigInteger R = point.getX().toBigInteger().mod(n);
return R.equals(r);
}
示例9: getSendAddress
import org.bouncycastle.math.ec.ECAlgorithms; //导入方法依赖的package包/类
/**
* Calculates the sent address of an EthereumTransaction. Note this can be a costly operation to calculate. . This requires that you have Bouncy castle as a dependency in your project
*
*
* @param eTrans transaction
* @return sent address as byte array
*/
public static byte[] getSendAddress(EthereumTransaction eTrans) {
// init, maybe we move this out to save time
X9ECParameters params = SECNamedCurves.getByName("secp256k1");
ECDomainParameters CURVE=new ECDomainParameters(params.getCurve(), params.getG(), params.getN(), params.getH()); // needed for getSentAddress
// transaction hash without signature data
byte[] transactionHash = EthereumUtil.getTransactionHashWithoutSignature(eTrans);
// signature to address
BigInteger bR = new BigInteger(1,eTrans.getSig_r());
BigInteger bS = new BigInteger(1,eTrans.getSig_s());
// calculate v for signature
byte v =(byte) (eTrans.getSig_v()[0]);
if (!((v == EthereumUtil.LOWER_REAL_V) || (v== (LOWER_REAL_V+1)))) {
v = EthereumUtil.LOWER_REAL_V;
if (((int)v%2 == 0)) {
v = (byte) (v+0x01);
}
}
boolean compressedKey= false;
// the following lines are inspired from ECKey.java of EthereumJ, but adapted to the hadoopcryptoledger context
if (v < 27 || v > 34) {
throw new RuntimeException("Header out of range");
}
if (v>=31) {
compressedKey = true;
v -=4;
}
int receiverId = v - 27;
BigInteger n = CURVE.getN();
BigInteger i = BigInteger.valueOf((long) receiverId / 2);
BigInteger x = bR.add(i.multiply(n));
ECCurve.Fp curve = (ECCurve.Fp) CURVE.getCurve();
BigInteger prime = curve.getQ();
if (x.compareTo(prime) >= 0) {
return null;
}
// decompress Key
X9IntegerConverter x9 = new X9IntegerConverter();
byte[] compEnc = x9.integerToBytes(x, 1 + x9.getByteLength(CURVE.getCurve()));
boolean yBit=(receiverId & 1) == 1;
compEnc[0] = (byte)(yBit ? 0x03 : 0x02);
ECPoint R = CURVE.getCurve().decodePoint(compEnc);
if (!R.multiply(n).isInfinity()) {
return null;
}
BigInteger e = new BigInteger(1,transactionHash);
BigInteger eInv = BigInteger.ZERO.subtract(e).mod(n);
BigInteger rInv = bR.modInverse(n);
BigInteger srInv = rInv.multiply(bS).mod(n);
BigInteger eInvrInv = rInv.multiply(eInv).mod(n);
ECPoint.Fp q = (ECPoint.Fp) ECAlgorithms.sumOfTwoMultiplies(CURVE.getG(), eInvrInv, R, srInv);
byte[] pubKey=q.getEncoded(false);
// now we need to convert the public key into an ethereum sent address which is the last 20 bytes of 32 byte KECCAK-256 Hash of the key.
Keccak.Digest256 digest256 = new Keccak.Digest256();
digest256.update(pubKey,1,pubKey.length-1);
byte[] kcck = digest256.digest();
return Arrays.copyOfRange(kcck,12,kcck.length);
}
示例10: getRecoveryId
import org.bouncycastle.math.ec.ECAlgorithms; //导入方法依赖的package包/类
/**
* Determine the recovery ID for the given signature and public key.
*
* <p>Any signed message can resolve to one of two public keys due to the nature ECDSA. The
* recovery ID provides information about which one it is, allowing confirmation that the message
* was signed by a specific key.</p>
*/
public static byte getRecoveryId(byte[] sigR, byte[] sigS, byte[] message, byte[] publicKey) {
ECNamedCurveParameterSpec spec = ECNamedCurveTable.getParameterSpec(SECP256K1);
BigInteger pointN = spec.getN();
for (int recoveryId = 0; recoveryId < 2; recoveryId++) {
try {
BigInteger pointX = new BigInteger(1, sigR);
X9IntegerConverter x9 = new X9IntegerConverter();
byte[] compEnc = x9.integerToBytes(pointX, 1 + x9.getByteLength(spec.getCurve()));
compEnc[0] = (byte) ((recoveryId & 1) == 1 ? 0x03 : 0x02);
ECPoint pointR = spec.getCurve().decodePoint(compEnc);
if (!pointR.multiply(pointN).isInfinity()) {
continue;
}
BigInteger pointE = new BigInteger(1, message);
BigInteger pointEInv = BigInteger.ZERO.subtract(pointE).mod(pointN);
BigInteger pointRInv = new BigInteger(1, sigR).modInverse(pointN);
BigInteger srInv = pointRInv.multiply(new BigInteger(1, sigS)).mod(pointN);
BigInteger pointEInvRInv = pointRInv.multiply(pointEInv).mod(pointN);
ECPoint pointQ = ECAlgorithms.sumOfTwoMultiplies(spec.getG(), pointEInvRInv, pointR, srInv);
byte[] pointQBytes = pointQ.getEncoded(false);
boolean matchedKeys = true;
for (int j = 0; j < publicKey.length; j++) {
if (pointQBytes[j] != publicKey[j]) {
matchedKeys = false;
break;
}
}
if (!matchedKeys) {
continue;
}
return (byte) (0xFF & recoveryId);
} catch (Exception e) {
LOGGER.error(null, e);
}
}
return (byte) 0xFF;
}
示例11: recoverFromSignature
import org.bouncycastle.math.ec.ECAlgorithms; //导入方法依赖的package包/类
/**
* <p>Given the components of a signature and a selector value, recover and return the public key
* that generated the signature according to the algorithm in SEC1v2 section 4.1.6.</p>
*
* <p>The recID is an index from 0 to 3 which indicates which of the 4 possible keys is the correct one.
* Because the key recovery operation yields multiple potential keys, the correct key must either be
* stored alongside the signature, or you must be willing to try each recId in turn until you find one
* that outputs the key you are expecting.</p>
*
* <p>If this method returns null, it means recovery was not possible and recID should be iterated.</p>
*
* <p>Given the above two points, a correct usage of this method is inside a for loop from 0 to 3, and if the
* output is null OR a key that is not the one you expect, you try again with the next recID.</p>
*
* @param recID Which possible key to recover.
* @param sig R and S components of the signature
* @param e The double SHA-256 hash of the original message
* @param compressed Whether or not the original public key was compressed
* @return An ECKey containing only the public part, or null if recovery wasn't possible
*/
private static ECKey recoverFromSignature(int recID, ECDSASignature sig, BigInteger e, boolean compressed) {
BigInteger n = ecParams.getN();
BigInteger i = BigInteger.valueOf((long)recID / 2);
BigInteger x = sig.getR().add(i.multiply(n));
//
// Convert the integer x to an octet string X of length mlen using the conversion routine
// specified in Section 2.3.7, where mlen = ⌈(log2 p)/8⌉ or mlen = ⌈m/8⌉.
// Convert the octet string (16 set binary digits)||X to an elliptic curve point R using the
// conversion routine specified in Section 2.3.4. If this conversion routine outputs 'invalid', then
// do another iteration.
//
// More concisely, what these points mean is to use X as a compressed public key.
//
SecP256K1Curve curve = (SecP256K1Curve)ecParams.getCurve();
BigInteger prime = curve.getQ();
if (x.compareTo(prime) >= 0) {
return null;
}
//
// Compressed keys require you to know an extra bit of data about the y-coordinate as
// there are two possibilities. So it's encoded in the recID.
//
ECPoint R = decompressKey(x, (recID & 1) == 1);
if (!R.multiply(n).isInfinity())
return null;
//
// For k from 1 to 2 do the following. (loop is outside this function via iterating recId)
// Compute a candidate public key as:
// Q = mi(r) * (sR - eG)
//
// Where mi(x) is the modular multiplicative inverse. We transform this into the following:
// Q = (mi(r) * s ** R) + (mi(r) * -e ** G)
// Where -e is the modular additive inverse of e, that is z such that z + e = 0 (mod n).
// In the above equation, ** is point multiplication and + is point addition (the EC group operator).
//
// We can find the additive inverse by subtracting e from zero then taking the mod. For example the additive
// inverse of 3 modulo 11 is 8 because 3 + 8 mod 11 = 0, and -3 mod 11 = 8.
//
BigInteger eInv = BigInteger.ZERO.subtract(e).mod(n);
BigInteger rInv = sig.getR().modInverse(n);
BigInteger srInv = rInv.multiply(sig.getS()).mod(n);
BigInteger eInvrInv = rInv.multiply(eInv).mod(n);
ECPoint q = ECAlgorithms.sumOfTwoMultiplies(ecParams.getG(), eInvrInv, R, srInv);
return new ECKey(q.getEncoded(compressed));
}