下面列出了java.security.spec.EllipticCurve#getA() 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
public static ECCurve convertCurve(
EllipticCurve ec)
{
ECField field = ec.getField();
BigInteger a = ec.getA();
BigInteger b = ec.getB();
if (field instanceof ECFieldFp)
{
ECCurve.Fp curve = new ECCurve.Fp(((ECFieldFp)field).getP(), a, b);
if (customCurves.containsKey(curve))
{
return (ECCurve)customCurves.get(curve);
}
return curve;
}
else
{
ECFieldF2m fieldF2m = (ECFieldF2m)field;
int m = fieldF2m.getM();
int ks[] = ECUtil.convertMidTerms(fieldF2m.getMidTermsOfReductionPolynomial());
return new ECCurve.F2m(m, ks[0], ks[1], ks[2], a, b);
}
}
public static ECCurve convertCurve(
EllipticCurve ec)
{
ECField field = ec.getField();
BigInteger a = ec.getA();
BigInteger b = ec.getB();
if (field instanceof ECFieldFp)
{
ECCurve.Fp curve = new ECCurve.Fp(((ECFieldFp)field).getP(), a, b);
if (customCurves.containsKey(curve))
{
return (ECCurve)customCurves.get(curve);
}
return curve;
}
else
{
ECFieldF2m fieldF2m = (ECFieldF2m)field;
int m = fieldF2m.getM();
int ks[] = ECUtil.convertMidTerms(fieldF2m.getMidTermsOfReductionPolynomial());
return new ECCurve.F2m(m, ks[0], ks[1], ks[2], a, b);
}
}
/**
* Decode a point on this curve which has been encoded using point
* compression (X9.62 s 4.2.1 and 4.2.2) or regular encoding.
*
* @param curve
* The elliptic curve.
* @param encoded
* The encoded point.
* @return the decoded point.
*/
public static ECPoint decodePoint(
EllipticCurve curve,
byte[] encoded)
{
ECCurve c = null;
if (curve.getField() instanceof ECFieldFp)
{
c = new ECCurve.Fp(
((ECFieldFp)curve.getField()).getP(), curve.getA(), curve.getB());
}
else
{
int k[] = ((ECFieldF2m)curve.getField()).getMidTermsOfReductionPolynomial();
if (k.length == 3)
{
c = new ECCurve.F2m(
((ECFieldF2m)curve.getField()).getM(), k[2], k[1], k[0], curve.getA(), curve.getB());
}
else
{
c = new ECCurve.F2m(
((ECFieldF2m)curve.getField()).getM(), k[0], curve.getA(), curve.getB());
}
}
org.ripple.bouncycastle.math.ec.ECPoint p = c.decodePoint(encoded);
return new ECPoint(p.getAffineXCoord().toBigInteger(), p.getAffineYCoord().toBigInteger());
}
/**
* Decode a point on this curve which has been encoded using point
* compression (X9.62 s 4.2.1 and 4.2.2) or regular encoding.
*
* @param curve
* The elliptic curve.
* @param encoded
* The encoded point.
* @return the decoded point.
*/
public static ECPoint decodePoint(
EllipticCurve curve,
byte[] encoded)
{
ECCurve c = null;
if (curve.getField() instanceof ECFieldFp)
{
c = new ECCurve.Fp(
((ECFieldFp)curve.getField()).getP(), curve.getA(), curve.getB());
}
else
{
int k[] = ((ECFieldF2m)curve.getField()).getMidTermsOfReductionPolynomial();
if (k.length == 3)
{
c = new ECCurve.F2m(
((ECFieldF2m)curve.getField()).getM(), k[2], k[1], k[0], curve.getA(), curve.getB());
}
else
{
c = new ECCurve.F2m(
((ECFieldF2m)curve.getField()).getM(), k[0], curve.getA(), curve.getB());
}
}
org.ripple.bouncycastle.math.ec.ECPoint p = c.decodePoint(encoded);
return new ECPoint(p.getAffineXCoord().toBigInteger(), p.getAffineYCoord().toBigInteger());
}
public static EcDef from(EllipticCurve curve) {
return new EcDef(EcFieldDef.from(curve.getField()), curve.getA(),
curve.getB(), curve.getSeed());
}
public static byte[] getECDHKey(ECPrivateKey privateKey,
ECPublicKey peerPublicKey,
byte[] partyUInfo,
byte[] partyVInfo,
String algoName,
int algoKeyBitLen) {
// Validate the peerPublicKey first
// Credits:
// https://neilmadden.wordpress.com/2017/05/17/so-how-do-you-validate-nist-ecdh-public-keys/
// https://blogs.adobe.com/security/2017/03/critical-vulnerability-uncovered-in-json-encryption.html
// Step 1: Verify public key is not point at infinity.
if (ECPoint.POINT_INFINITY.equals(peerPublicKey.getW())) {
throw new JweException(JweException.Error.KEY_ENCRYPTION_FAILURE);
}
EllipticCurve curve = peerPublicKey.getParams().getCurve();
final BigInteger x = peerPublicKey.getW().getAffineX();
final BigInteger y = peerPublicKey.getW().getAffineY();
final BigInteger p = ((ECFieldFp) curve.getField()).getP();
// Step 2: Verify x and y are in range [0,p-1]
if (x.compareTo(BigInteger.ZERO) < 0 || x.compareTo(p) >= 0
|| y.compareTo(BigInteger.ZERO) < 0 || y.compareTo(p) >= 0) {
throw new JweException(JweException.Error.KEY_ENCRYPTION_FAILURE);
}
final BigInteger a = curve.getA();
final BigInteger b = curve.getB();
// Step 3: Verify that y^2 == x^3 + ax + b (mod p)
final BigInteger ySquared = y.modPow(BigInteger.valueOf(2), p);
final BigInteger xCubedPlusAXPlusB = x.modPow(BigInteger.valueOf(3), p).add(a.multiply(x)).add(b).mod(p);
if (!ySquared.equals(xCubedPlusAXPlusB)) {
throw new JweException(JweException.Error.KEY_ENCRYPTION_FAILURE);
}
// Step 4: Verify that nQ = 0, where n is the order of the curve and Q is the public key.
// As per http://www.secg.org/sec1-v2.pdf section 3.2.2:
// "In Step 4, it may not be necessary to compute the point nQ. For example, if h = 1, then nQ = O is implied
// by the checks in Steps 2 and 3, because this property holds for all points Q ∈ E"
// All the NIST curves used here define h = 1.
if (peerPublicKey.getParams().getCofactor() != 1) {
throw new JweException(JweException.Error.KEY_ENCRYPTION_FAILURE);
}
// Finally calculate the derived key
byte[] keyZ = generateKeyZ(privateKey, peerPublicKey);
return calculateDerivedKey(keyZ, algoName, partyUInfo, partyVInfo, algoKeyBitLen);
}