use of com.github.zhenwei.core.crypto.params.ECDomainParameters in project LinLong-Java by zhenwei1108.
the class ECFixedTransform method transform.
/**
* Transform an existing cipher text pair using the ElGamal algorithm. Note: it is assumed this
* transform has been initialised with the same public key that was used to create the original
* cipher text.
*
* @param cipherText the EC point to process.
* @return returns a new ECPair representing the result of the process.
*/
public ECPair transform(ECPair cipherText) {
if (key == null) {
throw new IllegalStateException("ECFixedTransform not initialised");
}
ECDomainParameters ec = key.getParameters();
BigInteger n = ec.getN();
ECMultiplier basePointMultiplier = createBasePointMultiplier();
BigInteger k = this.k.mod(n);
ECPoint[] gamma_phi = new ECPoint[] { basePointMultiplier.multiply(ec.getG(), k).add(ECAlgorithms.cleanPoint(ec.getCurve(), cipherText.getX())), key.getQ().multiply(k).add(ECAlgorithms.cleanPoint(ec.getCurve(), cipherText.getY())) };
ec.getCurve().normalizeAll(gamma_phi);
return new ECPair(gamma_phi[0], gamma_phi[1]);
}
use of com.github.zhenwei.core.crypto.params.ECDomainParameters in project LinLong-Java by zhenwei1108.
the class ECNewRandomnessTransform method transform.
/**
* Transform an existing cipher test pair using the ElGamal algorithm. Note: it is assumed this
* transform has been initialised with the same public key that was used to create the original
* cipher text.
*
* @param cipherText the EC point to process.
* @return returns a new ECPair representing the result of the process.
*/
public ECPair transform(ECPair cipherText) {
if (key == null) {
throw new IllegalStateException("ECNewRandomnessTransform not initialised");
}
ECDomainParameters ec = key.getParameters();
BigInteger n = ec.getN();
ECMultiplier basePointMultiplier = createBasePointMultiplier();
BigInteger k = ECUtil.generateK(n, random);
ECPoint[] gamma_phi = new ECPoint[] { basePointMultiplier.multiply(ec.getG(), k).add(ECAlgorithms.cleanPoint(ec.getCurve(), cipherText.getX())), key.getQ().multiply(k).add(ECAlgorithms.cleanPoint(ec.getCurve(), cipherText.getY())) };
ec.getCurve().normalizeAll(gamma_phi);
lastK = k;
return new ECPair(gamma_phi[0], gamma_phi[1]);
}
use of com.github.zhenwei.core.crypto.params.ECDomainParameters in project LinLong-Java by zhenwei1108.
the class ECDSASigner method verifySignature.
// 5.4 pg 29
/**
* return true if the value r and s represent a DSA signature for the passed in message (for
* standard DSA the message should be a SHA-1 hash of the real message to be verified).
*/
public boolean verifySignature(byte[] message, BigInteger r, BigInteger s) {
ECDomainParameters ec = key.getParameters();
BigInteger n = ec.getN();
BigInteger e = calculateE(n, message);
// r in the range [1,n-1]
if (r.compareTo(ONE) < 0 || r.compareTo(n) >= 0) {
return false;
}
// s in the range [1,n-1]
if (s.compareTo(ONE) < 0 || s.compareTo(n) >= 0) {
return false;
}
BigInteger c = BigIntegers.modOddInverseVar(n, s);
BigInteger u1 = e.multiply(c).mod(n);
BigInteger u2 = r.multiply(c).mod(n);
ECPoint G = ec.getG();
ECPoint Q = ((ECPublicKeyParameters) key).getQ();
ECPoint point = ECAlgorithms.sumOfTwoMultiplies(G, u1, Q, u2);
// components must be bogus.
if (point.isInfinity()) {
return false;
}
/*
* If possible, avoid normalizing the point (to save a modular inversion in the curve field).
*
* There are ~cofactor elements of the curve field that reduce (modulo the group order) to 'r'.
* If the cofactor is known and small, we generate those possible field values and project each
* of them to the same "denominator" (depending on the particular projective coordinates in use)
* as the calculated point.X. If any of the projected values matches point.X, then we have:
* (point.X / Denominator mod p) mod n == r
* as required, and verification succeeds.
*
* Based on an original idea by Gregory Maxwell (https://github.com/gmaxwell), as implemented in
* the libsecp256k1 project (https://github.com/bitcoin/secp256k1).
*/
ECCurve curve = point.getCurve();
if (curve != null) {
BigInteger cofactor = curve.getCofactor();
if (cofactor != null && cofactor.compareTo(EIGHT) <= 0) {
ECFieldElement D = getDenominator(curve.getCoordinateSystem(), point);
if (D != null && !D.isZero()) {
ECFieldElement X = point.getXCoord();
while (curve.isValidFieldElement(r)) {
ECFieldElement R = curve.fromBigInteger(r).multiply(D);
if (R.equals(X)) {
return true;
}
r = r.add(n);
}
return false;
}
}
}
BigInteger v = point.normalize().getAffineXCoord().toBigInteger().mod(n);
return v.equals(r);
}
use of com.github.zhenwei.core.crypto.params.ECDomainParameters in project LinLong-Java by zhenwei1108.
the class ECGOST3410_2012Signer method generateSignature.
/**
* generate a signature for the given message using the key we were initialised with. For
* conventional GOST3410 2012 the message should be a GOST3411 2012 hash of the message of
* interest.
*
* @param message the message that will be verified later.
*/
public BigInteger[] generateSignature(byte[] message) {
// conversion is little-endian
byte[] mRev = Arrays.reverse(message);
BigInteger e = new BigInteger(1, mRev);
ECDomainParameters ec = key.getParameters();
BigInteger n = ec.getN();
BigInteger d = ((ECPrivateKeyParameters) key).getD();
BigInteger r, s;
ECMultiplier basePointMultiplier = createBasePointMultiplier();
do // generate s
{
BigInteger k;
do // generate r
{
do {
k = BigIntegers.createRandomBigInteger(n.bitLength(), random);
} while (k.equals(ECConstants.ZERO));
ECPoint p = basePointMultiplier.multiply(ec.getG(), k).normalize();
r = p.getAffineXCoord().toBigInteger().mod(n);
} while (r.equals(ECConstants.ZERO));
s = (k.multiply(e)).add(d.multiply(r)).mod(n);
} while (s.equals(ECConstants.ZERO));
return new BigInteger[] { r, s };
}
use of com.github.zhenwei.core.crypto.params.ECDomainParameters in project LinLong-Java by zhenwei1108.
the class PrivateKeyInfoFactory method createPrivateKeyInfo.
/**
* Create a PrivateKeyInfo representation of a private key with attributes.
*
* @param privateKey the key to be encoded into the info object.
* @param attributes the set of attributes to be included.
* @return the appropriate PrivateKeyInfo
* @throws IOException on an error encoding the key
*/
public static PrivateKeyInfo createPrivateKeyInfo(AsymmetricKeyParameter privateKey, ASN1Set attributes) throws IOException {
if (privateKey instanceof RSAKeyParameters) {
RSAPrivateCrtKeyParameters priv = (RSAPrivateCrtKeyParameters) privateKey;
return new PrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new RSAPrivateKey(priv.getModulus(), priv.getPublicExponent(), priv.getExponent(), priv.getP(), priv.getQ(), priv.getDP(), priv.getDQ(), priv.getQInv()), attributes);
} else if (privateKey instanceof DSAPrivateKeyParameters) {
DSAPrivateKeyParameters priv = (DSAPrivateKeyParameters) privateKey;
DSAParameters params = priv.getParameters();
return new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa, new DSAParameter(params.getP(), params.getQ(), params.getG())), new ASN1Integer(priv.getX()), attributes);
} else if (privateKey instanceof ECPrivateKeyParameters) {
ECPrivateKeyParameters priv = (ECPrivateKeyParameters) privateKey;
ECDomainParameters domainParams = priv.getParameters();
ASN1Encodable params;
int orderBitLength;
if (domainParams == null) {
// Implicitly CA
params = new X962Parameters(DERNull.INSTANCE);
orderBitLength = priv.getD().bitLength();
} else if (domainParams instanceof ECGOST3410Parameters) {
GOST3410PublicKeyAlgParameters gostParams = new GOST3410PublicKeyAlgParameters(((ECGOST3410Parameters) domainParams).getPublicKeyParamSet(), ((ECGOST3410Parameters) domainParams).getDigestParamSet(), ((ECGOST3410Parameters) domainParams).getEncryptionParamSet());
int size;
ASN1ObjectIdentifier identifier;
if (cryptoProOids.contains(gostParams.getPublicKeyParamSet())) {
size = 32;
identifier = CryptoProObjectIdentifiers.gostR3410_2001;
} else {
boolean is512 = priv.getD().bitLength() > 256;
identifier = (is512) ? RosstandartObjectIdentifiers.id_tc26_gost_3410_12_512 : RosstandartObjectIdentifiers.id_tc26_gost_3410_12_256;
size = (is512) ? 64 : 32;
}
byte[] encKey = new byte[size];
extractBytes(encKey, size, 0, priv.getD());
return new PrivateKeyInfo(new AlgorithmIdentifier(identifier, gostParams), new DEROctetString(encKey));
} else if (domainParams instanceof ECNamedDomainParameters) {
params = new X962Parameters(((ECNamedDomainParameters) domainParams).getName());
orderBitLength = domainParams.getN().bitLength();
} else {
X9ECParameters ecP = new X9ECParameters(domainParams.getCurve(), new X9ECPoint(domainParams.getG(), false), domainParams.getN(), domainParams.getH(), domainParams.getSeed());
params = new X962Parameters(ecP);
orderBitLength = domainParams.getN().bitLength();
}
ECPoint q = new FixedPointCombMultiplier().multiply(domainParams.getG(), priv.getD());
// TODO Support point compression
DERBitString publicKey = new DERBitString(q.getEncoded(false));
return new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params), new ECPrivateKey(orderBitLength, priv.getD(), publicKey, params), attributes);
} else if (privateKey instanceof X448PrivateKeyParameters) {
X448PrivateKeyParameters key = (X448PrivateKeyParameters) privateKey;
return new PrivateKeyInfo(new AlgorithmIdentifier(EdECObjectIdentifiers.id_X448), new DEROctetString(key.getEncoded()), attributes, key.generatePublicKey().getEncoded());
} else if (privateKey instanceof X25519PrivateKeyParameters) {
X25519PrivateKeyParameters key = (X25519PrivateKeyParameters) privateKey;
return new PrivateKeyInfo(new AlgorithmIdentifier(EdECObjectIdentifiers.id_X25519), new DEROctetString(key.getEncoded()), attributes, key.generatePublicKey().getEncoded());
} else if (privateKey instanceof Ed448PrivateKeyParameters) {
Ed448PrivateKeyParameters key = (Ed448PrivateKeyParameters) privateKey;
return new PrivateKeyInfo(new AlgorithmIdentifier(EdECObjectIdentifiers.id_Ed448), new DEROctetString(key.getEncoded()), attributes, key.generatePublicKey().getEncoded());
} else if (privateKey instanceof Ed25519PrivateKeyParameters) {
Ed25519PrivateKeyParameters key = (Ed25519PrivateKeyParameters) privateKey;
return new PrivateKeyInfo(new AlgorithmIdentifier(EdECObjectIdentifiers.id_Ed25519), new DEROctetString(key.getEncoded()), attributes, key.generatePublicKey().getEncoded());
} else {
throw new IOException("key parameters not recognized");
}
}
Aggregations