Examples with ECPoint org.spongycastle.math.ec.ECPoint used on opensource projects

Example 1 with ECPoint

use of org.spongycastle.math.ec.ECPoint in project rskj by rsksmart.

the class ECIESCoderTest method test2.

// encrypt decrypt round trip
@Test
public void test2() {
    BigInteger privKey = new BigInteger("5e173f6ac3c669587538e7727cf19b782a4f2fda07c1eaa662c593e5e85e3051", 16);
    byte[] payload = Hex.decode("1122334455");
    ECKey ecKey = ECKey.fromPrivate(privKey);
    ECPoint pubKeyPoint = ecKey.getPubKeyPoint();
    byte[] cipher = new byte[0];
    try {
        cipher = ECIESCoder.encrypt(pubKeyPoint, payload);
    } catch (Throwable e) {
        e.printStackTrace();
    }
    System.out.println(Hex.toHexString(cipher));
    byte[] decrypted_payload = new byte[0];
    try {
        decrypted_payload = ECIESCoder.decrypt(privKey, cipher);
    } catch (Throwable e) {
        e.printStackTrace();
    }
    System.out.println(Hex.toHexString(decrypted_payload));
}

Example 2 with ECPoint

use of org.spongycastle.math.ec.ECPoint in project rskj by rsksmart.

the class ECIESTest method testDecryptTestVector.

@Test
public void testDecryptTestVector() throws IOException, InvalidCipherTextException {
    ECPoint pub1 = pub(PRIVATE_KEY1);
    byte[] ciphertext = Hex.decode(CIPHERTEXT1);
    byte[] plaintext = decrypt(PRIVATE_KEY1, ciphertext);
    assertArrayEquals(new byte[] { 1, 1, 1 }, plaintext);
}

Example 3 with ECPoint

use of org.spongycastle.math.ec.ECPoint in project rskj by rsksmart.

the class ECIESTest method encrypt.

public static byte[] encrypt(ECPoint toPub, byte[] plaintext) throws InvalidCipherTextException, IOException {
    ECKeyPairGenerator eGen = new ECKeyPairGenerator();
    SecureRandom random = new SecureRandom();
    KeyGenerationParameters gParam = new ECKeyGenerationParameters(curve, random);
    eGen.init(gParam);
    byte[] IV = new byte[KEY_SIZE / 8];
    new SecureRandom().nextBytes(IV);
    AsymmetricCipherKeyPair ephemPair = eGen.generateKeyPair();
    BigInteger prv = ((ECPrivateKeyParameters) ephemPair.getPrivate()).getD();
    ECPoint pub = ((ECPublicKeyParameters) ephemPair.getPublic()).getQ();
    EthereumIESEngine iesEngine = makeIESEngine(true, toPub, prv, IV);
    ECKeyGenerationParameters keygenParams = new ECKeyGenerationParameters(curve, random);
    ECKeyPairGenerator generator = new ECKeyPairGenerator();
    generator.init(keygenParams);
    ECKeyPairGenerator gen = new ECKeyPairGenerator();
    gen.init(new ECKeyGenerationParameters(ECKey.CURVE, random));
    byte[] cipher = iesEngine.processBlock(plaintext, 0, plaintext.length);
    ByteArrayOutputStream bos = new ByteArrayOutputStream();
    bos.write(pub.getEncoded(false));
    bos.write(IV);
    bos.write(cipher);
    return bos.toByteArray();
}

Example 4 with ECPoint

use of org.spongycastle.math.ec.ECPoint in project rskj by rsksmart.

the class ECIESCoder method decrypt.

public static byte[] decrypt(BigInteger privKey, byte[] cipher, byte[] macData) throws IOException, InvalidCipherTextException {
    byte[] plaintext;
    ByteArrayInputStream is = new ByteArrayInputStream(cipher);
    byte[] ephemBytes = new byte[2 * ((CURVE.getCurve().getFieldSize() + 7) / 8) + 1];
    is.read(ephemBytes);
    ECPoint ephem = CURVE.getCurve().decodePoint(ephemBytes);
    byte[] iv = new byte[KEY_SIZE / 8];
    is.read(iv);
    byte[] cipherBody = new byte[is.available()];
    is.read(cipherBody);
    plaintext = decrypt(ephem, privKey, iv, cipherBody, macData);
    return plaintext;
}

Example 5 with ECPoint

use of org.spongycastle.math.ec.ECPoint in project rskj by rsksmart.

the class ECKey method recoverFromSignature.

/**
 * <p>Given the components of a signature and a selector value, recover and return the public key
 * that generated the signature according to the algorithm in SEC1v2 section 4.1.6.</p>
 *
 * <p>The recId is an index from 0 to 3 which indicates which of the 4 possible keys is the correct one. Because
 * the key recovery operation yields multiple potential keys, the correct key must either be stored alongside the
 * signature, or you must be willing to try each recId in turn until you find one that outputs the key you are
 * expecting.</p>
 *
 * <p>If this method returns null it means recovery was not possible and recId should be iterated.</p>
 *
 * <p>Given the above two points, a correct usage of this method is inside a for loop from 0 to 3, and if the
 * output is null OR a key that is not the one you expect, you try again with the next recId.</p>
 *
 * @param recId Which possible key to recover.
 * @param sig the R and S components of the signature, wrapped.
 * @param messageHash Hash of the data that was signed.
 * @param compressed Whether or not the original pubkey was compressed.
 * @return An ECKey containing only the public part, or null if recovery wasn't possible.
 */
@Nullable
public static ECKey recoverFromSignature(int recId, ECDSASignature sig, byte[] messageHash, boolean compressed) {
    check(recId >= 0, "recId must be positive");
    check(sig.r.signum() >= 0, "r must be positive");
    check(sig.s.signum() >= 0, "s must be positive");
    check(messageHash != null, "messageHash must not be null");
    // 1.0 For j from 0 to h   (h == recId here and the loop is outside this function)
    // 1.1 Let x = r + jn
    // Curve order.
    BigInteger n = CURVE.getN();
    BigInteger i = BigInteger.valueOf((long) recId / 2);
    BigInteger x = sig.r.add(i.multiply(n));
    // 1.2. Convert the integer x to an octet string X of length mlen using the conversion routine
    // specified in Section 2.3.7, where mlen = ⌈(log2 p)/8⌉ or mlen = ⌈m/8⌉.
    // 1.3. Convert the octet string (16 set binary digits)||X to an elliptic curve point R using the
    // conversion routine specified in Section 2.3.4. If this conversion routine outputs “invalid”, then
    // do another iteration of Step 1.
    // 
    // More concisely, what these points mean is to use X as a compressed public key.
    ECCurve.Fp curve = (ECCurve.Fp) CURVE.getCurve();
    // Bouncy Castle is not consistent about the letter it uses for the prime.
    BigInteger prime = curve.getQ();
    if (x.compareTo(prime) >= 0) {
        // Cannot have point co-ordinates larger than this as everything takes place modulo Q.
        return null;
    }
    // Compressed keys require you to know an extra bit of data about the y-coord as there are two possibilities.
    // So it's encoded in the recId.
    ECPoint r = decompressKey(x, (recId & 1) == 1);
    // 1.4. If nR != point at infinity, then do another iteration of Step 1 (callers responsibility).
    if (!r.multiply(n).isInfinity()) {
        return null;
    }
    // 1.5. Compute e from M using Steps 2 and 3 of ECDSA signature verification.
    BigInteger e = new BigInteger(1, messageHash);
    // 1.6. For k from 1 to 2 do the following.   (loop is outside this function via iterating recId)
    // 1.6.1. Compute a candidate public key as:
    // Q = mi(r) * (sR - eG)
    // 
    // Where mi(x) is the modular multiplicative inverse. We transform this into the following:
    // Q = (mi(r) * s ** R) + (mi(r) * -e ** G)
    // Where -e is the modular additive inverse of e, that is z such that z + e = 0 (mod n). In the above equation
    // ** is point multiplication and + is point addition (the EC group operator).
    // 
    // We can find the additive inverse by subtracting e from zero then taking the mod. For example the additive
    // inverse of 3 modulo 11 is 8 because 3 + 8 mod 11 = 0, and -3 mod 11 = 8.
    BigInteger eInv = BigInteger.ZERO.subtract(e).mod(n);
    BigInteger rInv = sig.r.modInverse(n);
    BigInteger srInv = rInv.multiply(sig.s).mod(n);
    BigInteger eInvrInv = rInv.multiply(eInv).mod(n);
    ECPoint.Fp q = (ECPoint.Fp) ECAlgorithms.sumOfTwoMultiplies(CURVE.getG(), eInvrInv, r, srInv);
    return ECKey.fromPublicOnly(q.getEncoded(compressed));
}