Examples with ECPublicKeyParameters com.github.zhenwei.core.crypto.params.ECPublicKeyParameters used on opensource projects

Example 1 with ECPublicKeyParameters

use of com.github.zhenwei.core.crypto.params.ECPublicKeyParameters in project LinLong-Java by zhenwei1108.

the class ECNewRandomnessTransform method init.

/**
 * initialise the underlying EC ElGamal engine.
 *
 * @param param the necessary EC key parameters.
 */
public void init(CipherParameters param) {
    if (param instanceof ParametersWithRandom) {
        ParametersWithRandom p = (ParametersWithRandom) param;
        if (!(p.getParameters() instanceof ECPublicKeyParameters)) {
            throw new IllegalArgumentException("ECPublicKeyParameters are required for new randomness transform.");
        }
        this.key = (ECPublicKeyParameters) p.getParameters();
        this.random = p.getRandom();
    } else {
        if (!(param instanceof ECPublicKeyParameters)) {
            throw new IllegalArgumentException("ECPublicKeyParameters are required for new randomness transform.");
        }
        this.key = (ECPublicKeyParameters) param;
        this.random = CryptoServicesRegistrar.getSecureRandom();
    }
}

Example 2 with ECPublicKeyParameters

use of com.github.zhenwei.core.crypto.params.ECPublicKeyParameters in project LinLong-Java by zhenwei1108.

the class ECDSASigner method verifySignature.

// 5.4 pg 29
/**
 * return true if the value r and s represent a DSA signature for the passed in message (for
 * standard DSA the message should be a SHA-1 hash of the real message to be verified).
 */
public boolean verifySignature(byte[] message, BigInteger r, BigInteger s) {
    ECDomainParameters ec = key.getParameters();
    BigInteger n = ec.getN();
    BigInteger e = calculateE(n, message);
    // r in the range [1,n-1]
    if (r.compareTo(ONE) < 0 || r.compareTo(n) >= 0) {
        return false;
    }
    // s in the range [1,n-1]
    if (s.compareTo(ONE) < 0 || s.compareTo(n) >= 0) {
        return false;
    }
    BigInteger c = BigIntegers.modOddInverseVar(n, s);
    BigInteger u1 = e.multiply(c).mod(n);
    BigInteger u2 = r.multiply(c).mod(n);
    ECPoint G = ec.getG();
    ECPoint Q = ((ECPublicKeyParameters) key).getQ();
    ECPoint point = ECAlgorithms.sumOfTwoMultiplies(G, u1, Q, u2);
    // components must be bogus.
    if (point.isInfinity()) {
        return false;
    }
    /*
     * If possible, avoid normalizing the point (to save a modular inversion in the curve field).
     *
     * There are ~cofactor elements of the curve field that reduce (modulo the group order) to 'r'.
     * If the cofactor is known and small, we generate those possible field values and project each
     * of them to the same "denominator" (depending on the particular projective coordinates in use)
     * as the calculated point.X. If any of the projected values matches point.X, then we have:
     *     (point.X / Denominator mod p) mod n == r
     * as required, and verification succeeds.
     *
     * Based on an original idea by Gregory Maxwell (https://github.com/gmaxwell), as implemented in
     * the libsecp256k1 project (https://github.com/bitcoin/secp256k1).
     */
    ECCurve curve = point.getCurve();
    if (curve != null) {
        BigInteger cofactor = curve.getCofactor();
        if (cofactor != null && cofactor.compareTo(EIGHT) <= 0) {
            ECFieldElement D = getDenominator(curve.getCoordinateSystem(), point);
            if (D != null && !D.isZero()) {
                ECFieldElement X = point.getXCoord();
                while (curve.isValidFieldElement(r)) {
                    ECFieldElement R = curve.fromBigInteger(r).multiply(D);
                    if (R.equals(X)) {
                        return true;
                    }
                    r = r.add(n);
                }
                return false;
            }
        }
    }
    BigInteger v = point.normalize().getAffineXCoord().toBigInteger().mod(n);
    return v.equals(r);
}

Example 3 with ECPublicKeyParameters

use of com.github.zhenwei.core.crypto.params.ECPublicKeyParameters in project LinLong-Java by zhenwei1108.

the class ECGOST3410Signer method verifySignature.

/**
 * return true if the value r and s represent a GOST3410 signature for the passed in message (for
 * standard GOST3410 the message should be a GOST3411 hash of the real message to be verified).
 */
public boolean verifySignature(byte[] message, BigInteger r, BigInteger s) {
    // conversion is little-endian
    byte[] mRev = Arrays.reverse(message);
    BigInteger e = new BigInteger(1, mRev);
    BigInteger n = key.getParameters().getN();
    // r in the range [1,n-1]
    if (r.compareTo(ECConstants.ONE) < 0 || r.compareTo(n) >= 0) {
        return false;
    }
    // s in the range [1,n-1]
    if (s.compareTo(ECConstants.ONE) < 0 || s.compareTo(n) >= 0) {
        return false;
    }
    BigInteger v = BigIntegers.modOddInverseVar(n, e);
    BigInteger z1 = s.multiply(v).mod(n);
    BigInteger z2 = (n.subtract(r)).multiply(v).mod(n);
    // P
    ECPoint G = key.getParameters().getG();
    ECPoint Q = ((ECPublicKeyParameters) key).getQ();
    ECPoint point = ECAlgorithms.sumOfTwoMultiplies(G, z1, Q, z2).normalize();
    // components must be bogus.
    if (point.isInfinity()) {
        return false;
    }
    BigInteger R = point.getAffineXCoord().toBigInteger().mod(n);
    return R.equals(r);
}

Example 4 with ECPublicKeyParameters

use of com.github.zhenwei.core.crypto.params.ECPublicKeyParameters in project LinLong-Java by zhenwei1108.

the class OpenSSHPublicKeyUtil method parsePublicKey.

/**
 * Parse a public key from an SSHBuffer instance.
 *
 * @param buffer containing the SSH public key.
 * @return A CipherParameters instance.
 */
public static AsymmetricKeyParameter parsePublicKey(SSHBuffer buffer) {
    AsymmetricKeyParameter result = null;
    String magic = buffer.readString();
    if (RSA.equals(magic)) {
        BigInteger e = buffer.readBigNumPositive();
        BigInteger n = buffer.readBigNumPositive();
        result = new RSAKeyParameters(false, n, e);
    } else if (DSS.equals(magic)) {
        BigInteger p = buffer.readBigNumPositive();
        BigInteger q = buffer.readBigNumPositive();
        BigInteger g = buffer.readBigNumPositive();
        BigInteger pubKey = buffer.readBigNumPositive();
        result = new DSAPublicKeyParameters(pubKey, new DSAParameters(p, q, g));
    } else if (magic.startsWith(ECDSA)) {
        String curveName = buffer.readString();
        ASN1ObjectIdentifier oid = SSHNamedCurves.getByName(curveName);
        X9ECParameters x9ECParameters = SSHNamedCurves.getParameters(oid);
        if (x9ECParameters == null) {
            throw new IllegalStateException("unable to find curve for " + magic + " using curve name " + curveName);
        }
        ECCurve curve = x9ECParameters.getCurve();
        byte[] pointRaw = buffer.readBlock();
        result = new ECPublicKeyParameters(curve.decodePoint(pointRaw), new ECNamedDomainParameters(oid, x9ECParameters));
    } else if (ED_25519.equals(magic)) {
        byte[] pubKeyBytes = buffer.readBlock();
        if (pubKeyBytes.length != Ed25519PublicKeyParameters.KEY_SIZE) {
            throw new IllegalStateException("public key value of wrong length");
        }
        result = new Ed25519PublicKeyParameters(pubKeyBytes, 0);
    }
    if (result == null) {
        throw new IllegalArgumentException("unable to parse key");
    }
    if (buffer.hasRemaining()) {
        throw new IllegalArgumentException("decoded key has trailing data");
    }
    return result;
}

Example 5 with ECPublicKeyParameters

use of com.github.zhenwei.core.crypto.params.ECPublicKeyParameters in project LinLong-Java by zhenwei1108.

the class ECNRSigner method generateSignature.

// Section 7.2.5 ECSP-NR, pg 34
/**
 * generate a signature for the given message using the key we were initialised with.  Generally,
 * the order of the curve should be at least as long as the hash of the message of interest, and
 * with ECNR it *must* be at least as long.
 *
 * @param digest the digest to be signed.
 * @throws DataLengthException if the digest is longer than the key allows
 */
public BigInteger[] generateSignature(byte[] digest) {
    if (!this.forSigning) {
        throw new IllegalStateException("not initialised for signing");
    }
    BigInteger n = getOrder();
    BigInteger e = new BigInteger(1, digest);
    ECPrivateKeyParameters privKey = (ECPrivateKeyParameters) key;
    if (e.compareTo(n) >= 0) {
        throw new DataLengthException("input too large for ECNR key");
    }
    BigInteger r = null;
    BigInteger s = null;
    AsymmetricCipherKeyPair tempPair;
    do // generate r
    {
        // generate another, but very temporary, key pair using
        // the same EC parameters
        ECKeyPairGenerator keyGen = new ECKeyPairGenerator();
        keyGen.init(new ECKeyGenerationParameters(privKey.getParameters(), this.random));
        tempPair = keyGen.generateKeyPair();
        // BigInteger Vx = tempPair.getPublic().getW().getAffineX();
        // get temp's public key
        ECPublicKeyParameters V = (ECPublicKeyParameters) tempPair.getPublic();
        BigInteger Vx = V.getQ().getAffineXCoord().toBigInteger();
        r = Vx.add(e).mod(n);
    } while (r.equals(ECConstants.ZERO));
    // generate s
    // private key value
    BigInteger x = privKey.getD();
    // temp's private key value
    BigInteger u = ((ECPrivateKeyParameters) tempPair.getPrivate()).getD();
    s = u.subtract(r.multiply(x)).mod(n);
    BigInteger[] res = new BigInteger[2];
    res[0] = r;
    res[1] = s;
    return res;
}