Examples with ECDomainParameters com.github.zhenwei.core.crypto.params.ECDomainParameters used on opensource projects

Example 1 with ECDomainParameters

use of com.github.zhenwei.core.crypto.params.ECDomainParameters in project LinLong-Java by zhenwei1108.

the class ECFixedTransform method transform.

/**
 * Transform an existing cipher text pair using the ElGamal algorithm. Note: it is assumed this
 * transform has been initialised with the same public key that was used to create the original
 * cipher text.
 *
 * @param cipherText the EC point to process.
 * @return returns a new ECPair representing the result of the process.
 */
public ECPair transform(ECPair cipherText) {
    if (key == null) {
        throw new IllegalStateException("ECFixedTransform not initialised");
    }
    ECDomainParameters ec = key.getParameters();
    BigInteger n = ec.getN();
    ECMultiplier basePointMultiplier = createBasePointMultiplier();
    BigInteger k = this.k.mod(n);
    ECPoint[] gamma_phi = new ECPoint[] { basePointMultiplier.multiply(ec.getG(), k).add(ECAlgorithms.cleanPoint(ec.getCurve(), cipherText.getX())), key.getQ().multiply(k).add(ECAlgorithms.cleanPoint(ec.getCurve(), cipherText.getY())) };
    ec.getCurve().normalizeAll(gamma_phi);
    return new ECPair(gamma_phi[0], gamma_phi[1]);
}

Example 2 with ECDomainParameters

use of com.github.zhenwei.core.crypto.params.ECDomainParameters in project LinLong-Java by zhenwei1108.

the class ECNewRandomnessTransform method transform.

/**
 * Transform an existing cipher test pair using the ElGamal algorithm. Note: it is assumed this
 * transform has been initialised with the same public key that was used to create the original
 * cipher text.
 *
 * @param cipherText the EC point to process.
 * @return returns a new ECPair representing the result of the process.
 */
public ECPair transform(ECPair cipherText) {
    if (key == null) {
        throw new IllegalStateException("ECNewRandomnessTransform not initialised");
    }
    ECDomainParameters ec = key.getParameters();
    BigInteger n = ec.getN();
    ECMultiplier basePointMultiplier = createBasePointMultiplier();
    BigInteger k = ECUtil.generateK(n, random);
    ECPoint[] gamma_phi = new ECPoint[] { basePointMultiplier.multiply(ec.getG(), k).add(ECAlgorithms.cleanPoint(ec.getCurve(), cipherText.getX())), key.getQ().multiply(k).add(ECAlgorithms.cleanPoint(ec.getCurve(), cipherText.getY())) };
    ec.getCurve().normalizeAll(gamma_phi);
    lastK = k;
    return new ECPair(gamma_phi[0], gamma_phi[1]);
}

Example 3 with ECDomainParameters

use of com.github.zhenwei.core.crypto.params.ECDomainParameters in project LinLong-Java by zhenwei1108.

the class ECDSASigner method verifySignature.

// 5.4 pg 29
/**
 * return true if the value r and s represent a DSA signature for the passed in message (for
 * standard DSA the message should be a SHA-1 hash of the real message to be verified).
 */
public boolean verifySignature(byte[] message, BigInteger r, BigInteger s) {
    ECDomainParameters ec = key.getParameters();
    BigInteger n = ec.getN();
    BigInteger e = calculateE(n, message);
    // r in the range [1,n-1]
    if (r.compareTo(ONE) < 0 || r.compareTo(n) >= 0) {
        return false;
    }
    // s in the range [1,n-1]
    if (s.compareTo(ONE) < 0 || s.compareTo(n) >= 0) {
        return false;
    }
    BigInteger c = BigIntegers.modOddInverseVar(n, s);
    BigInteger u1 = e.multiply(c).mod(n);
    BigInteger u2 = r.multiply(c).mod(n);
    ECPoint G = ec.getG();
    ECPoint Q = ((ECPublicKeyParameters) key).getQ();
    ECPoint point = ECAlgorithms.sumOfTwoMultiplies(G, u1, Q, u2);
    // components must be bogus.
    if (point.isInfinity()) {
        return false;
    }
    /*
     * If possible, avoid normalizing the point (to save a modular inversion in the curve field).
     *
     * There are ~cofactor elements of the curve field that reduce (modulo the group order) to 'r'.
     * If the cofactor is known and small, we generate those possible field values and project each
     * of them to the same "denominator" (depending on the particular projective coordinates in use)
     * as the calculated point.X. If any of the projected values matches point.X, then we have:
     *     (point.X / Denominator mod p) mod n == r
     * as required, and verification succeeds.
     *
     * Based on an original idea by Gregory Maxwell (https://github.com/gmaxwell), as implemented in
     * the libsecp256k1 project (https://github.com/bitcoin/secp256k1).
     */
    ECCurve curve = point.getCurve();
    if (curve != null) {
        BigInteger cofactor = curve.getCofactor();
        if (cofactor != null && cofactor.compareTo(EIGHT) <= 0) {
            ECFieldElement D = getDenominator(curve.getCoordinateSystem(), point);
            if (D != null && !D.isZero()) {
                ECFieldElement X = point.getXCoord();
                while (curve.isValidFieldElement(r)) {
                    ECFieldElement R = curve.fromBigInteger(r).multiply(D);
                    if (R.equals(X)) {
                        return true;
                    }
                    r = r.add(n);
                }
                return false;
            }
        }
    }
    BigInteger v = point.normalize().getAffineXCoord().toBigInteger().mod(n);
    return v.equals(r);
}

Example 4 with ECDomainParameters

use of com.github.zhenwei.core.crypto.params.ECDomainParameters in project LinLong-Java by zhenwei1108.

the class ECGOST3410_2012Signer method generateSignature.

/**
 * generate a signature for the given message using the key we were initialised with. For
 * conventional GOST3410 2012 the message should be a GOST3411 2012 hash of the message of
 * interest.
 *
 * @param message the message that will be verified later.
 */
public BigInteger[] generateSignature(byte[] message) {
    // conversion is little-endian
    byte[] mRev = Arrays.reverse(message);
    BigInteger e = new BigInteger(1, mRev);
    ECDomainParameters ec = key.getParameters();
    BigInteger n = ec.getN();
    BigInteger d = ((ECPrivateKeyParameters) key).getD();
    BigInteger r, s;
    ECMultiplier basePointMultiplier = createBasePointMultiplier();
    do // generate s
    {
        BigInteger k;
        do // generate r
        {
            do {
                k = BigIntegers.createRandomBigInteger(n.bitLength(), random);
            } while (k.equals(ECConstants.ZERO));
            ECPoint p = basePointMultiplier.multiply(ec.getG(), k).normalize();
            r = p.getAffineXCoord().toBigInteger().mod(n);
        } while (r.equals(ECConstants.ZERO));
        s = (k.multiply(e)).add(d.multiply(r)).mod(n);
    } while (s.equals(ECConstants.ZERO));
    return new BigInteger[] { r, s };
}

Example 5 with ECDomainParameters

use of com.github.zhenwei.core.crypto.params.ECDomainParameters in project LinLong-Java by zhenwei1108.

the class PrivateKeyInfoFactory method createPrivateKeyInfo.

/**
 * Create a PrivateKeyInfo representation of a private key with attributes.
 *
 * @param privateKey the key to be encoded into the info object.
 * @param attributes the set of attributes to be included.
 * @return the appropriate PrivateKeyInfo
 * @throws IOException on an error encoding the key
 */
public static PrivateKeyInfo createPrivateKeyInfo(AsymmetricKeyParameter privateKey, ASN1Set attributes) throws IOException {
    if (privateKey instanceof RSAKeyParameters) {
        RSAPrivateCrtKeyParameters priv = (RSAPrivateCrtKeyParameters) privateKey;
        return new PrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new RSAPrivateKey(priv.getModulus(), priv.getPublicExponent(), priv.getExponent(), priv.getP(), priv.getQ(), priv.getDP(), priv.getDQ(), priv.getQInv()), attributes);
    } else if (privateKey instanceof DSAPrivateKeyParameters) {
        DSAPrivateKeyParameters priv = (DSAPrivateKeyParameters) privateKey;
        DSAParameters params = priv.getParameters();
        return new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa, new DSAParameter(params.getP(), params.getQ(), params.getG())), new ASN1Integer(priv.getX()), attributes);
    } else if (privateKey instanceof ECPrivateKeyParameters) {
        ECPrivateKeyParameters priv = (ECPrivateKeyParameters) privateKey;
        ECDomainParameters domainParams = priv.getParameters();
        ASN1Encodable params;
        int orderBitLength;
        if (domainParams == null) {
            // Implicitly CA
            params = new X962Parameters(DERNull.INSTANCE);
            orderBitLength = priv.getD().bitLength();
        } else if (domainParams instanceof ECGOST3410Parameters) {
            GOST3410PublicKeyAlgParameters gostParams = new GOST3410PublicKeyAlgParameters(((ECGOST3410Parameters) domainParams).getPublicKeyParamSet(), ((ECGOST3410Parameters) domainParams).getDigestParamSet(), ((ECGOST3410Parameters) domainParams).getEncryptionParamSet());
            int size;
            ASN1ObjectIdentifier identifier;
            if (cryptoProOids.contains(gostParams.getPublicKeyParamSet())) {
                size = 32;
                identifier = CryptoProObjectIdentifiers.gostR3410_2001;
            } else {
                boolean is512 = priv.getD().bitLength() > 256;
                identifier = (is512) ? RosstandartObjectIdentifiers.id_tc26_gost_3410_12_512 : RosstandartObjectIdentifiers.id_tc26_gost_3410_12_256;
                size = (is512) ? 64 : 32;
            }
            byte[] encKey = new byte[size];
            extractBytes(encKey, size, 0, priv.getD());
            return new PrivateKeyInfo(new AlgorithmIdentifier(identifier, gostParams), new DEROctetString(encKey));
        } else if (domainParams instanceof ECNamedDomainParameters) {
            params = new X962Parameters(((ECNamedDomainParameters) domainParams).getName());
            orderBitLength = domainParams.getN().bitLength();
        } else {
            X9ECParameters ecP = new X9ECParameters(domainParams.getCurve(), new X9ECPoint(domainParams.getG(), false), domainParams.getN(), domainParams.getH(), domainParams.getSeed());
            params = new X962Parameters(ecP);
            orderBitLength = domainParams.getN().bitLength();
        }
        ECPoint q = new FixedPointCombMultiplier().multiply(domainParams.getG(), priv.getD());
        // TODO Support point compression
        DERBitString publicKey = new DERBitString(q.getEncoded(false));
        return new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params), new ECPrivateKey(orderBitLength, priv.getD(), publicKey, params), attributes);
    } else if (privateKey instanceof X448PrivateKeyParameters) {
        X448PrivateKeyParameters key = (X448PrivateKeyParameters) privateKey;
        return new PrivateKeyInfo(new AlgorithmIdentifier(EdECObjectIdentifiers.id_X448), new DEROctetString(key.getEncoded()), attributes, key.generatePublicKey().getEncoded());
    } else if (privateKey instanceof X25519PrivateKeyParameters) {
        X25519PrivateKeyParameters key = (X25519PrivateKeyParameters) privateKey;
        return new PrivateKeyInfo(new AlgorithmIdentifier(EdECObjectIdentifiers.id_X25519), new DEROctetString(key.getEncoded()), attributes, key.generatePublicKey().getEncoded());
    } else if (privateKey instanceof Ed448PrivateKeyParameters) {
        Ed448PrivateKeyParameters key = (Ed448PrivateKeyParameters) privateKey;
        return new PrivateKeyInfo(new AlgorithmIdentifier(EdECObjectIdentifiers.id_Ed448), new DEROctetString(key.getEncoded()), attributes, key.generatePublicKey().getEncoded());
    } else if (privateKey instanceof Ed25519PrivateKeyParameters) {
        Ed25519PrivateKeyParameters key = (Ed25519PrivateKeyParameters) privateKey;
        return new PrivateKeyInfo(new AlgorithmIdentifier(EdECObjectIdentifiers.id_Ed25519), new DEROctetString(key.getEncoded()), attributes, key.generatePublicKey().getEncoded());
    } else {
        throw new IOException("key parameters not recognized");
    }
}