Example 11 with ECPoint
use of org.bouncycastle.math.ec.ECPoint in project Skein3Fish by wernerd.
the class ECDHBasicAgreement method calculateAgreement.
public BigInteger calculateAgreement(CipherParameters pubKey) {
ECPublicKeyParameters pub = (ECPublicKeyParameters) pubKey;
ECPoint P = pub.getQ().multiply(key.getD());
return P.getX().toBigInteger();
}
Also used :
ECPoint(org.bouncycastle.math.ec.ECPoint)
ECPublicKeyParameters(org.bouncycastle.crypto.params.ECPublicKeyParameters)
Example 12 with ECPoint
use of org.bouncycastle.math.ec.ECPoint in project oxAuth by GluuFederation.
the class SHA256withECDSASignatureVerification method decodePublicKey.
@Override
public PublicKey decodePublicKey(byte[] encodedPublicKey) throws SignatureException {
X9ECParameters curve = SECNamedCurves.getByName("secp256r1");
ECPoint point = curve.getCurve().decodePoint(encodedPublicKey);
try {
return KeyFactory.getInstance("ECDSA").generatePublic(new ECPublicKeySpec(point, new ECParameterSpec(curve.getCurve(), curve.getG(), curve.getN(), curve.getH())));
} catch (GeneralSecurityException ex) {
throw new SignatureException(ex);
}
}
Also used :
X9ECParameters(org.bouncycastle.asn1.x9.X9ECParameters)
ECParameterSpec(org.bouncycastle.jce.spec.ECParameterSpec)
GeneralSecurityException(java.security.GeneralSecurityException)
SignatureException(org.xdi.oxauth.model.exception.SignatureException)
ECPoint(org.bouncycastle.math.ec.ECPoint)
ECPublicKeySpec(org.bouncycastle.jce.spec.ECPublicKeySpec)
Example 13 with ECPoint
use of org.bouncycastle.math.ec.ECPoint in project oxAuth by GluuFederation.
the class ECDSASigner method validateSignature.
@Override
public boolean validateSignature(String signingInput, String signature) throws SignatureException {
if (getSignatureAlgorithm() == null) {
throw new SignatureException("The signature algorithm is null");
}
if (ecdsaPublicKey == null) {
throw new SignatureException("The ECDSA public key is null");
}
if (signingInput == null) {
throw new SignatureException("The signing input is null");
}
String algorithm;
String curve;
switch(getSignatureAlgorithm()) {
case ES256:
algorithm = "SHA256WITHECDSA";
curve = "P-256";
break;
case ES384:
algorithm = "SHA384WITHECDSA";
curve = "P-384";
break;
case ES512:
algorithm = "SHA512WITHECDSA";
curve = "P-521";
break;
default:
throw new SignatureException("Unsupported signature algorithm");
}
try {
byte[] sigBytes = Base64Util.base64urldecode(signature);
byte[] sigInBytes = signingInput.getBytes(Util.UTF8_STRING_ENCODING);
ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec(curve);
BigInteger q = ((ECCurve.AbstractFp) ecSpec.getCurve()).getField().getCharacteristic();
ECFieldElement xFieldElement = new ECFieldElement.Fp(q, ecdsaPublicKey.getX());
ECFieldElement yFieldElement = new ECFieldElement.Fp(q, ecdsaPublicKey.getY());
ECPoint pointQ = new ECPoint.Fp(ecSpec.getCurve(), xFieldElement, yFieldElement);
ECPublicKeySpec publicKeySpec = new ECPublicKeySpec(pointQ, ecSpec);
KeyFactory keyFactory = KeyFactory.getInstance("ECDSA", "BC");
PublicKey publicKey = keyFactory.generatePublic(publicKeySpec);
Signature sig = Signature.getInstance(algorithm, "BC");
sig.initVerify(publicKey);
sig.update(sigInBytes);
return sig.verify(sigBytes);
} catch (InvalidKeySpecException e) {
throw new SignatureException(e);
} catch (InvalidKeyException e) {
throw new SignatureException(e);
} catch (NoSuchAlgorithmException e) {
throw new SignatureException(e);
} catch (NoSuchProviderException e) {
throw new SignatureException(e);
} catch (UnsupportedEncodingException e) {
throw new SignatureException(e);
} catch (Exception e) {
throw new SignatureException(e);
}
}
Also used :
ECDSAPublicKey(org.xdi.oxauth.model.crypto.signature.ECDSAPublicKey)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
ECPoint(org.bouncycastle.math.ec.ECPoint)
ECPublicKeySpec(org.bouncycastle.jce.spec.ECPublicKeySpec)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
ECParameterSpec(org.bouncycastle.jce.spec.ECParameterSpec)
ECCurve(org.bouncycastle.math.ec.ECCurve)
BigInteger(java.math.BigInteger)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
ECFieldElement(org.bouncycastle.math.ec.ECFieldElement)
Example 14 with ECPoint
use of org.bouncycastle.math.ec.ECPoint in project web3sdk by FISCO-BCOS.
the class Sign method publicKeyFromPrivate.
/**
* Returns public key from the given private key.
*
* @param privKey the private key to derive the public key from
* @return BigInteger encoded public key
*/
public static BigInteger publicKeyFromPrivate(BigInteger privKey) {
ECPoint point = publicPointFromPrivate(privKey);
byte[] encoded = point.getEncoded(false);
// remove prefix
return new BigInteger(1, Arrays.copyOfRange(encoded, 1, encoded.length));
}
Also used :
BigInteger(java.math.BigInteger)
ECPoint(org.bouncycastle.math.ec.ECPoint)
Example 15 with ECPoint
use of org.bouncycastle.math.ec.ECPoint in project web3sdk by FISCO-BCOS.
the class Sign method recoverFromSignature.
/**
* <p>Given the components of a signature and a selector value, recover and return the public
* key that generated the signature according to the algorithm in SEC1v2 section 4.1.6.</p>
*
* <p>The recId is an index from 0 to 3 which indicates which of the 4 possible keys is the
* correct one. Because the key recovery operation yields multiple potential keys, the correct
* key must either be stored alongside the
* signature, or you must be willing to try each recId in turn until you find one that outputs
* the key you are expecting.</p>
*
* <p>If this method returns null it means recovery was not possible and recId should be
* iterated.</p>
*
* <p>Given the above two points, a correct usage of this method is inside a for loop from
* 0 to 3, and if the output is null OR a key that is not the one you expect, you try again
* with the next recId.</p>
*
* @param recId Which possible key to recover.
* @param sig the R and S components of the signature, wrapped.
* @param message Hash of the data that was signed.
* @return An ECKey containing only the public part, or null if recovery wasn't possible.
*/
private static BigInteger recoverFromSignature(int recId, ECDSASignature sig, byte[] message) {
verifyPrecondition(recId >= 0, "recId must be positive");
verifyPrecondition(sig.r.signum() >= 0, "r must be positive");
verifyPrecondition(sig.s.signum() >= 0, "s must be positive");
verifyPrecondition(message != null, "message cannot be null");
// 1.0 For j from 0 to h (h == recId here and the loop is outside this function)
// 1.1 Let x = r + jn
// Curve order.
BigInteger n = CURVE.getN();
BigInteger i = BigInteger.valueOf((long) recId / 2);
BigInteger x = sig.r.add(i.multiply(n));
// 1.2. Convert the integer x to an octet string X of length mlen using the conversion
// routine specified in Section 2.3.7, where mlen = ⌈(log2 p)/8⌉ or mlen = ⌈m/8⌉.
// 1.3. Convert the octet string (16 set binary digits)||X to an elliptic curve point R
// using the conversion routine specified in Section 2.3.4. If this conversion
// routine outputs “invalid”, then do another iteration of Step 1.
//
// More concisely, what these points mean is to use X as a compressed public key.
BigInteger prime = SecP256K1Curve.q;
if (x.compareTo(prime) >= 0) {
// Cannot have point co-ordinates larger than this as everything takes place modulo Q.
return null;
}
// Compressed keys require you to know an extra bit of data about the y-coord as there are
// two possibilities. So it's encoded in the recId.
ECPoint R = decompressKey(x, (recId & 1) == 1);
// responsibility).
if (!R.multiply(n).isInfinity()) {
return null;
}
// 1.5. Compute e from M using Steps 2 and 3 of ECDSA signature verification.
BigInteger e = new BigInteger(1, message);
// 1.6. For k from 1 to 2 do the following. (loop is outside this function via
// iterating recId)
// 1.6.1. Compute a candidate public key as:
// Q = mi(r) * (sR - eG)
//
// Where mi(x) is the modular multiplicative inverse. We transform this into the following:
// Q = (mi(r) * s ** R) + (mi(r) * -e ** G)
// Where -e is the modular additive inverse of e, that is z such that z + e = 0 (mod n).
// In the above equation ** is point multiplication and + is point addition (the EC group
// operator).
//
// We can find the additive inverse by subtracting e from zero then taking the mod. For
// example the additive inverse of 3 modulo 11 is 8 because 3 + 8 mod 11 = 0, and
// -3 mod 11 = 8.
BigInteger eInv = BigInteger.ZERO.subtract(e).mod(n);
BigInteger rInv = sig.r.modInverse(n);
BigInteger srInv = rInv.multiply(sig.s).mod(n);
BigInteger eInvrInv = rInv.multiply(eInv).mod(n);
ECPoint q = ECAlgorithms.sumOfTwoMultiplies(CURVE.getG(), eInvrInv, R, srInv);
byte[] qBytes = q.getEncoded(false);
// We remove the prefix
return new BigInteger(1, Arrays.copyOfRange(qBytes, 1, qBytes.length));
}
Also used :
BigInteger(java.math.BigInteger)
ECPoint(org.bouncycastle.math.ec.ECPoint)
Aggregations
ECPoint (org.bouncycastle.math.ec.ECPoint)16
BigInteger (java.math.BigInteger)11
ECPublicKeyParameters (org.bouncycastle.crypto.params.ECPublicKeyParameters)8
ECPrivateKeyParameters (org.bouncycastle.crypto.params.ECPrivateKeyParameters)5
ECParameterSpec (org.bouncycastle.jce.spec.ECParameterSpec)4
ECPublicKeySpec (org.bouncycastle.jce.spec.ECPublicKeySpec)4
InvalidKeySpecException (java.security.spec.InvalidKeySpecException)3
AsymmetricCipherKeyPair (org.bouncycastle.crypto.AsymmetricCipherKeyPair)3
UnsupportedEncodingException (java.io.UnsupportedEncodingException)2
ECFieldElement (org.bouncycastle.math.ec.ECFieldElement)2
GeneralSecurityException (java.security.GeneralSecurityException)1
KeyFactory (java.security.KeyFactory)1
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
NoSuchProviderException (java.security.NoSuchProviderException)1
PublicKey (java.security.PublicKey)1
RSAPrivateCrtKey (java.security.interfaces.RSAPrivateCrtKey)1
RSAPublicKeySpec (java.security.spec.RSAPublicKeySpec)1
DERIA5String (org.bouncycastle.asn1.DERIA5String)1
DEROctetString (org.bouncycastle.asn1.DEROctetString)1
X9ECParameters (org.bouncycastle.asn1.x9.X9ECParameters)1
