下面列出了java.security.spec.EllipticCurve#getField() 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
public static Optional<ECOperations> forParameters(ECParameterSpec params) {
EllipticCurve curve = params.getCurve();
if (!(curve.getField() instanceof ECFieldFp)) {
return Optional.empty();
}
ECFieldFp primeField = (ECFieldFp) curve.getField();
BigInteger three = BigInteger.valueOf(3);
if (!primeField.getP().subtract(curve.getA()).equals(three)) {
return Optional.empty();
}
IntegerFieldModuloP field = fields.get(primeField.getP());
if (field == null) {
return Optional.empty();
}
IntegerFieldModuloP orderField = orderFields.get(params.getOrder());
if (orderField == null) {
return Optional.empty();
}
ImmutableIntegerModuloP b = field.getElement(curve.getB());
ECOperations ecOps = new ECOperations(b, orderField);
return Optional.of(ecOps);
}
public static Optional<ECOperations> forParameters(ECParameterSpec params) {
EllipticCurve curve = params.getCurve();
if (!(curve.getField() instanceof ECFieldFp)) {
return Optional.empty();
}
ECFieldFp primeField = (ECFieldFp) curve.getField();
BigInteger three = BigInteger.valueOf(3);
if (!primeField.getP().subtract(curve.getA()).equals(three)) {
return Optional.empty();
}
IntegerFieldModuloP field = fields.get(primeField.getP());
if (field == null) {
return Optional.empty();
}
IntegerFieldModuloP orderField = orderFields.get(params.getOrder());
if (orderField == null) {
return Optional.empty();
}
ImmutableIntegerModuloP b = field.getElement(curve.getB());
ECOperations ecOps = new ECOperations(b, orderField);
return Optional.of(ecOps);
}
public static Optional<ECOperations> forParameters(ECParameterSpec params) {
EllipticCurve curve = params.getCurve();
if (!(curve.getField() instanceof ECFieldFp)) {
return Optional.empty();
}
ECFieldFp primeField = (ECFieldFp) curve.getField();
BigInteger three = BigInteger.valueOf(3);
if (!primeField.getP().subtract(curve.getA()).equals(three)) {
return Optional.empty();
}
IntegerFieldModuloP field = fields.get(primeField.getP());
if (field == null) {
return Optional.empty();
}
IntegerFieldModuloP orderField = orderFields.get(params.getOrder());
if (orderField == null) {
return Optional.empty();
}
ImmutableIntegerModuloP b = field.getElement(curve.getB());
ECOperations ecOps = new ECOperations(b, orderField);
return Optional.of(ecOps);
}
public static void printParameters(ECParameterSpec spec) {
System.out.println("cofactor:" + spec.getCofactor());
EllipticCurve curve = spec.getCurve();
System.out.println("A:" + curve.getA());
System.out.println("B:" + curve.getB());
ECField field = curve.getField();
System.out.println("field size:" + field.getFieldSize());
if (field instanceof ECFieldFp) {
ECFieldFp fp = (ECFieldFp) field;
System.out.println("P:" + fp.getP());
}
ECPoint generator = spec.getGenerator();
System.out.println("Gx:" + generator.getAffineX());
System.out.println("Gy:" + generator.getAffineY());
System.out.println("order:" + spec.getOrder());
}
/**
* Decompress a point
*
* @param x The x-coordinate of the point
* @param bit0 true if the least significant bit of y is set.
* @param ecParams contains the curve of the point. This must be over a prime order field.
*/
public static ECPoint getPoint(BigInteger x, boolean bit0, ECParameterSpec ecParams)
throws GeneralSecurityException {
EllipticCurve ec = ecParams.getCurve();
ECField field = ec.getField();
if (!(field instanceof ECFieldFp)) {
throw new GeneralSecurityException("Only curves over prime order fields are supported");
}
BigInteger p = ((java.security.spec.ECFieldFp) field).getP();
if (x.compareTo(BigInteger.ZERO) == -1 || x.compareTo(p) != -1) {
throw new GeneralSecurityException("x is out of range");
}
// Compute rhs == x^3 + a x + b (mod p)
BigInteger rhs = x.multiply(x).add(ec.getA()).multiply(x).add(ec.getB()).mod(p);
BigInteger y = modSqrt(rhs, p);
if (bit0 != y.testBit(0)) {
y = p.subtract(y).mod(p);
}
return new ECPoint(x, y);
}
public static Optional<ECOperations> forParameters(ECParameterSpec params) {
EllipticCurve curve = params.getCurve();
if (!(curve.getField() instanceof ECFieldFp)) {
return Optional.empty();
}
ECFieldFp primeField = (ECFieldFp) curve.getField();
BigInteger three = BigInteger.valueOf(3);
if (!primeField.getP().subtract(curve.getA()).equals(three)) {
return Optional.empty();
}
IntegerFieldModuloP field = fields.get(primeField.getP());
if (field == null) {
return Optional.empty();
}
IntegerFieldModuloP orderField = orderFields.get(params.getOrder());
if (orderField == null) {
return Optional.empty();
}
ImmutableIntegerModuloP b = field.getElement(curve.getB());
ECOperations ecOps = new ECOperations(b, orderField);
return Optional.of(ecOps);
}
public static ECCurve convertCurve(
EllipticCurve ec)
{
ECField field = ec.getField();
BigInteger a = ec.getA();
BigInteger b = ec.getB();
if (field instanceof ECFieldFp)
{
ECCurve.Fp curve = new ECCurve.Fp(((ECFieldFp)field).getP(), a, b);
if (customCurves.containsKey(curve))
{
return (ECCurve)customCurves.get(curve);
}
return curve;
}
else
{
ECFieldF2m fieldF2m = (ECFieldF2m)field;
int m = fieldF2m.getM();
int ks[] = ECUtil.convertMidTerms(fieldF2m.getMidTermsOfReductionPolynomial());
return new ECCurve.F2m(m, ks[0], ks[1], ks[2], a, b);
}
}
public static ECCurve convertCurve(
EllipticCurve ec)
{
ECField field = ec.getField();
BigInteger a = ec.getA();
BigInteger b = ec.getB();
if (field instanceof ECFieldFp)
{
ECCurve.Fp curve = new ECCurve.Fp(((ECFieldFp)field).getP(), a, b);
if (customCurves.containsKey(curve))
{
return (ECCurve)customCurves.get(curve);
}
return curve;
}
else
{
ECFieldF2m fieldF2m = (ECFieldF2m)field;
int m = fieldF2m.getM();
int ks[] = ECUtil.convertMidTerms(fieldF2m.getMidTermsOfReductionPolynomial());
return new ECCurve.F2m(m, ks[0], ks[1], ks[2], a, b);
}
}
/**
* Returns the modulus of the field used by the curve specified in ecParams.
*
* @param curve must be a prime order elliptic curve
* @return the order of the finite field over which curve is defined.
*/
public static BigInteger getModulus(EllipticCurve curve) throws GeneralSecurityException {
java.security.spec.ECField field = curve.getField();
if (field instanceof java.security.spec.ECFieldFp) {
return ((java.security.spec.ECFieldFp) field).getP();
} else {
throw new GeneralSecurityException("Only curves over prime order fields are supported");
}
}
/**
* Decompress a point on an elliptic curve.
*
* @param bytes The compressed point. Its representation is z || x where z is 2+lsb(y) and x is
* using a unsigned fixed length big-endian representation.
* @param ecParams the specification of the curve. Only Weierstrass curves over prime order fields
* are implemented.
*/
public static ECPoint decompressPoint(byte[] bytes, ECParameterSpec ecParams)
throws GeneralSecurityException {
EllipticCurve ec = ecParams.getCurve();
ECField field = ec.getField();
if (!(field instanceof ECFieldFp)) {
throw new GeneralSecurityException("Only curves over prime order fields are supported");
}
BigInteger p = ((java.security.spec.ECFieldFp) field).getP();
int expectedLength = 1 + (p.bitLength() + 7) / 8;
if (bytes.length != expectedLength) {
throw new GeneralSecurityException("compressed point has wrong length");
}
boolean lsb;
switch (bytes[0]) {
case 2:
lsb = false;
break;
case 3:
lsb = true;
break;
default:
throw new GeneralSecurityException("Invalid format");
}
BigInteger x = new BigInteger(1, Arrays.copyOfRange(bytes, 1, bytes.length));
if (x.compareTo(BigInteger.ZERO) == -1 || x.compareTo(p) != -1) {
throw new GeneralSecurityException("x is out of range");
}
// Compute rhs == x^3 + a x + b (mod p)
BigInteger rhs = x.multiply(x).add(ec.getA()).multiply(x).add(ec.getB()).mod(p);
BigInteger y = modSqrt(rhs, p);
if (lsb != y.testBit(0)) {
y = p.subtract(y).mod(p);
}
return new ECPoint(x, y);
}
/**
* Returns a weak public key of order 3 such that the public key point is on the curve specified
* in ecParams. This method is used to check ECC implementations for missing step in the
* verification of the public key. E.g. implementations of ECDH must verify that the public key
* contains a point on the curve as well as public and secret key are using the same curve.
*
* @param ecParams the parameters of the key to attack. This must be a curve in Weierstrass form
* over a prime order field.
* @return a weak EC group with a genrator of order 3.
*/
public static ECPublicKeySpec getWeakPublicKey(ECParameterSpec ecParams)
throws GeneralSecurityException {
EllipticCurve curve = ecParams.getCurve();
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC");
keyGen.initialize(ecParams);
BigInteger p = getModulus(curve);
BigInteger three = new BigInteger("3");
while (true) {
// Generate a point on the original curve
KeyPair keyPair = keyGen.generateKeyPair();
ECPublicKey pub = (ECPublicKey) keyPair.getPublic();
ECPoint w = pub.getW();
BigInteger x = w.getAffineX();
BigInteger y = w.getAffineY();
// Find the curve parameters a,b such that 3*w = infinity.
// This is the case if the following equations are satisfied:
// 3x == l^2 (mod p)
// l == (3x^2 + a) / 2*y (mod p)
// y^2 == x^3 + ax + b (mod p)
BigInteger l;
try {
l = modSqrt(x.multiply(three), p);
} catch (GeneralSecurityException ex) {
continue;
}
BigInteger xSqr = x.multiply(x).mod(p);
BigInteger a = l.multiply(y.add(y)).subtract(xSqr.multiply(three)).mod(p);
BigInteger b = y.multiply(y).subtract(x.multiply(xSqr.add(a))).mod(p);
EllipticCurve newCurve = new EllipticCurve(curve.getField(), a, b);
// Just a sanity check.
checkPointOnCurve(w, newCurve);
// Cofactor and order are of course wrong.
ECParameterSpec spec = new ECParameterSpec(newCurve, w, p, 1);
return new ECPublicKeySpec(w, spec);
}
}
/**
* Decode a point on this curve which has been encoded using point
* compression (X9.62 s 4.2.1 and 4.2.2) or regular encoding.
*
* @param curve
* The elliptic curve.
* @param encoded
* The encoded point.
* @return the decoded point.
*/
public static ECPoint decodePoint(
EllipticCurve curve,
byte[] encoded)
{
ECCurve c = null;
if (curve.getField() instanceof ECFieldFp)
{
c = new ECCurve.Fp(
((ECFieldFp)curve.getField()).getP(), curve.getA(), curve.getB());
}
else
{
int k[] = ((ECFieldF2m)curve.getField()).getMidTermsOfReductionPolynomial();
if (k.length == 3)
{
c = new ECCurve.F2m(
((ECFieldF2m)curve.getField()).getM(), k[2], k[1], k[0], curve.getA(), curve.getB());
}
else
{
c = new ECCurve.F2m(
((ECFieldF2m)curve.getField()).getM(), k[0], curve.getA(), curve.getB());
}
}
org.ripple.bouncycastle.math.ec.ECPoint p = c.decodePoint(encoded);
return new ECPoint(p.getAffineXCoord().toBigInteger(), p.getAffineYCoord().toBigInteger());
}
/**
* Decode a point on this curve which has been encoded using point
* compression (X9.62 s 4.2.1 and 4.2.2) or regular encoding.
*
* @param curve
* The elliptic curve.
* @param encoded
* The encoded point.
* @return the decoded point.
*/
public static ECPoint decodePoint(
EllipticCurve curve,
byte[] encoded)
{
ECCurve c = null;
if (curve.getField() instanceof ECFieldFp)
{
c = new ECCurve.Fp(
((ECFieldFp)curve.getField()).getP(), curve.getA(), curve.getB());
}
else
{
int k[] = ((ECFieldF2m)curve.getField()).getMidTermsOfReductionPolynomial();
if (k.length == 3)
{
c = new ECCurve.F2m(
((ECFieldF2m)curve.getField()).getM(), k[2], k[1], k[0], curve.getA(), curve.getB());
}
else
{
c = new ECCurve.F2m(
((ECFieldF2m)curve.getField()).getM(), k[0], curve.getA(), curve.getB());
}
}
org.ripple.bouncycastle.math.ec.ECPoint p = c.decodePoint(encoded);
return new ECPoint(p.getAffineXCoord().toBigInteger(), p.getAffineYCoord().toBigInteger());
}