ECCurve curve = //... ECFieldElement x = //... ECFieldElement y = //... ECFieldElement a = curve.getA(); ECFieldElement b = curve.getB(); ECFieldElement lhs = y.multiply(y); ECFieldElement rhs = x.multiply(x).multiply(x).add(a.multiply(x)).add(b); boolean pointIsOnCurve = lhs.equals(rhs);
public static boolean isSm2primev2Curve(ECCurve curve) { return curve.getB().toBigInteger().equals(sm2primev2CurveA); }
public int hashCode() { return getField().hashCode() ^ Integers.rotateLeft(getA().toBigInteger().hashCode(), 8) ^ Integers.rotateLeft(getB().toBigInteger().hashCode(), 16); }
public int hashCode() { return getField().hashCode() ^ Integers.rotateLeft(getA().toBigInteger().hashCode(), 8) ^ Integers.rotateLeft(getB().toBigInteger().hashCode(), 16); }
private static EllipticCurve convertCurve( ECCurve curve, byte[] seed) { ECField field = convertField(curve.getField()); BigInteger a = curve.getA().toBigInteger(), b = curve.getB().toBigInteger(); return new EllipticCurve(field, a, b, seed); }
public static EllipticCurve convertCurve( ECCurve curve, byte[] seed) { ECField field = convertField(curve.getField()); BigInteger a = curve.getA().toBigInteger(), b = curve.getB().toBigInteger(); // TODO: the Sun EC implementation doesn't currently handle the seed properly // so at the moment it's set to null. Should probably look at making this configurable return new EllipticCurve(field, a, b, null); }
@Deprecated public static ECPoint decompressFPPoint(ECCurve curve, BigInteger X) { // See Andrey Jivsov https://www.ietf.org/archive/id/draft-jivsov-ecc-compact-05.txt. ECFieldElement x = curve.fromBigInteger(X); ECFieldElement rhs = x.square().add(curve.getA()).multiply(x).add(curve.getB()); // y' = sqrt( C(x) ), where y'>0 ECFieldElement yTilde = rhs.sqrt(); if (yTilde == null) { throw new IllegalArgumentException("invalid point compression"); } // y = min(y',p-y') BigInteger yT = yTilde.toBigInteger(); BigInteger yTn = yTilde.negate().toBigInteger(); BigInteger y = yT.compareTo(yTn) == -1 ? yT : yTn; // Q=(x,y) is the canonical representation of the point ECPoint Q = curve.createPoint(X, y); return Q; }
public static BigInteger y(ECCurve curve, BigInteger x) { // Andrey Jivsov https://www.ietf.org/archive/id/draft-jivsov-ecc-compact-05.txt. ECFieldElement X = curve.fromBigInteger(x); ECFieldElement rhs = X.square().add(curve.getA()).multiply(X).add(curve.getB()); // y' = sqrt( C(x) ), where y'>0 ECFieldElement yTilde = rhs.sqrt(); if (yTilde == null) { throw new IllegalArgumentException("invalid point compression"); } // y = min(y',p-y') BigInteger yT = yTilde.toBigInteger(); BigInteger yTn = yTilde.negate().toBigInteger(); BigInteger y = yT.compareTo(yTn) == -1 ? yT : yTn; return y; }
public static String generateKeyFingerprint(ECPoint publicPoint, org.bouncycastle.jce.spec.ECParameterSpec spec) { ECCurve curve = spec.getCurve(); ECPoint g = spec.getG(); if (curve != null) { return new Fingerprint(Arrays.concatenate(publicPoint.getEncoded(false), curve.getA().getEncoded(), curve.getB().getEncoded(), g.getEncoded(false))).toString(); } return new Fingerprint(publicPoint.getEncoded(false)).toString(); } }
public DSTU4145ECBinary(ECDomainParameters params) { ECCurve curve = params.getCurve(); if (!ECAlgorithms.isF2mCurve(curve)) { throw new IllegalArgumentException("only binary domain is possible"); } // We always use big-endian in parameter encoding PolynomialExtensionField field = (PolynomialExtensionField)curve.getField(); int[] exponents = field.getMinimalPolynomial().getExponentsPresent(); if (exponents.length == 3) { f = new DSTU4145BinaryField(exponents[2], exponents[1]); } else if (exponents.length == 5) { f = new DSTU4145BinaryField(exponents[4], exponents[1], exponents[2], exponents[3]); } a = new ASN1Integer(curve.getA().toBigInteger()); b = new DEROctetString(curve.getB().getEncoded()); n = new ASN1Integer(params.getN()); bp = new DEROctetString(DSTU4145PointEncoder.encodePoint(params.getG())); }
/** * 解码恢复EC压缩公钥,支持Base64和Hex编码,(基于BouncyCastle)<br> * 见:https://www.cnblogs.com/xinzhao/p/8963724.html * * @param encodeByte 压缩公钥 * @param curveName EC曲线名 * @since 4.4.4 */ public static PublicKey decodeECPoint(byte[] encodeByte, String curveName) { final org.bouncycastle.jce.spec.ECNamedCurveParameterSpec namedSpec = org.bouncycastle.jce.ECNamedCurveTable.getParameterSpec(curveName); final ECCurve curve = namedSpec.getCurve(); final EllipticCurve ecCurve = new EllipticCurve(// new ECFieldFp(curve.getField().getCharacteristic()), // curve.getA().toBigInteger(), // curve.getB().toBigInteger()); // 根据X恢复点Y final ECPoint point = org.bouncycastle.jce.ECPointUtil.decodePoint(ecCurve, encodeByte); // 根据曲线恢复公钥格式 java.security.spec.ECParameterSpec ecSpec = new org.bouncycastle.jce.spec.ECNamedCurveSpec(curveName, curve, namedSpec.getG(), namedSpec.getN()); final KeyFactory PubKeyGen = getKeyFactory("EC"); try { return PubKeyGen.generatePublic(new ECPublicKeySpec(point, ecSpec)); } catch (GeneralSecurityException e) { throw new CryptoException(e); } } }
private byte[] getZ(Digest digest, byte[] userID, ECPoint pubPoint) { addUserID(digest, userID); addFieldElement(digest, ecParams.getCurve().getA()); addFieldElement(digest, ecParams.getCurve().getB()); addFieldElement(digest, ecParams.getG().getAffineXCoord()); addFieldElement(digest, ecParams.getG().getAffineYCoord()); addFieldElement(digest, pubPoint.getAffineXCoord()); addFieldElement(digest, pubPoint.getAffineYCoord()); return digestDoFinal(); }
private byte[] getZ(byte[] userID) { digest.reset(); addUserID(digest, userID); addFieldElement(digest, ecParams.getCurve().getA()); addFieldElement(digest, ecParams.getCurve().getB()); addFieldElement(digest, ecParams.getG().getAffineXCoord()); addFieldElement(digest, ecParams.getG().getAffineYCoord()); addFieldElement(digest, pubPoint.getAffineXCoord()); addFieldElement(digest, pubPoint.getAffineYCoord()); byte[] result = new byte[digest.getDigestSize()]; digest.doFinal(result, 0); return result; }
public static byte[] getSM2Z(byte[] userID, ASN1ObjectIdentifier curveOid, BigInteger pubPointX, BigInteger pubPointY) { SM3Digest digest = new SM3Digest(); addUserId(digest, userID); X9ECParameters ecParams = GMNamedCurves.getByOID(curveOid); addFieldElement(digest, ecParams.getCurve().getA()); addFieldElement(digest, ecParams.getCurve().getB()); addFieldElement(digest, ecParams.getG().getAffineXCoord()); addFieldElement(digest, ecParams.getG().getAffineYCoord()); int fieldSize = (ecParams.getCurve().getFieldSize() + 7) / 8; byte[] bytes = BigIntegers.asUnsignedByteArray(fieldSize, pubPointX); digest.update(bytes, 0, fieldSize); bytes = BigIntegers.asUnsignedByteArray(fieldSize, pubPointY); digest.update(bytes, 0, fieldSize); byte[] result = new byte[digest.getDigestSize()]; digest.doFinal(result, 0); return result; }
public ECPoint twice() { if (this.isInfinity()) { return this; } ECCurve curve = this.getCurve(); ECFieldElement X1 = this.x; if (X1.isZero()) { // A point with X == 0 is it's own additive inverse return curve.getInfinity(); } ECFieldElement L1 = this.y, Z1 = this.zs[0]; boolean Z1IsOne = Z1.isOne(); ECFieldElement L1Z1 = Z1IsOne ? L1 : L1.multiply(Z1); ECFieldElement Z1Sq = Z1IsOne ? Z1 : Z1.square(); ECFieldElement T = L1.square().add(L1Z1).add(Z1Sq); if (T.isZero()) { return new SecT233R1Point(curve, T, curve.getB().sqrt(), withCompression); } ECFieldElement X3 = T.square(); ECFieldElement Z3 = Z1IsOne ? T : T.multiply(Z1Sq); ECFieldElement X1Z1 = Z1IsOne ? X1 : X1.multiply(Z1); ECFieldElement L3 = X1Z1.squarePlusProduct(T, L1Z1).add(X3).add(Z3); return new SecT233R1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); }
public ECPoint twice() { if (this.isInfinity()) { return this; } ECCurve curve = this.getCurve(); ECFieldElement X1 = this.x; if (X1.isZero()) { // A point with X == 0 is it's own additive inverse return curve.getInfinity(); } ECFieldElement L1 = this.y, Z1 = this.zs[0]; boolean Z1IsOne = Z1.isOne(); ECFieldElement L1Z1 = Z1IsOne ? L1 : L1.multiply(Z1); ECFieldElement Z1Sq = Z1IsOne ? Z1 : Z1.square(); ECFieldElement T = L1.square().add(L1Z1).add(Z1Sq); if (T.isZero()) { return new SecT163R2Point(curve, T, curve.getB().sqrt(), withCompression); } ECFieldElement X3 = T.square(); ECFieldElement Z3 = Z1IsOne ? T : T.multiply(Z1Sq); ECFieldElement X1Z1 = Z1IsOne ? X1 : X1.multiply(Z1); ECFieldElement L3 = X1Z1.squarePlusProduct(T, L1Z1).add(X3).add(Z3); return new SecT163R2Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); }
public ECPoint twice() { if (this.isInfinity()) { return this; } ECCurve curve = this.getCurve(); ECFieldElement X1 = this.x; if (X1.isZero()) { // A point with X == 0 is it's own additive inverse return curve.getInfinity(); } ECFieldElement L1 = this.y, Z1 = this.zs[0]; boolean Z1IsOne = Z1.isOne(); ECFieldElement L1Z1 = Z1IsOne ? L1 : L1.multiply(Z1); ECFieldElement Z1Sq = Z1IsOne ? Z1 : Z1.square(); ECFieldElement T = L1.square().add(L1Z1).add(Z1Sq); if (T.isZero()) { return new SecT283R1Point(curve, T, curve.getB().sqrt(), withCompression); } ECFieldElement X3 = T.square(); ECFieldElement Z3 = Z1IsOne ? T : T.multiply(Z1Sq); ECFieldElement X1Z1 = Z1IsOne ? X1 : X1.multiply(Z1); ECFieldElement L3 = X1Z1.squarePlusProduct(T, L1Z1).add(X3).add(Z3); return new SecT283R1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); }
public ECPoint twice() { if (this.isInfinity()) { return this; } ECCurve curve = this.getCurve(); ECFieldElement X1 = this.x; if (X1.isZero()) { // A point with X == 0 is it's own additive inverse return curve.getInfinity(); } ECFieldElement L1 = this.y, Z1 = this.zs[0]; boolean Z1IsOne = Z1.isOne(); ECFieldElement L1Z1 = Z1IsOne ? L1 : L1.multiply(Z1); ECFieldElement Z1Sq = Z1IsOne ? Z1 : Z1.square(); ECFieldElement T = L1.square().add(L1Z1).add(Z1Sq); if (T.isZero()) { return new SecT409R1Point(curve, T, curve.getB().sqrt(), withCompression); } ECFieldElement X3 = T.square(); ECFieldElement Z3 = Z1IsOne ? T : T.multiply(Z1Sq); ECFieldElement X1Z1 = Z1IsOne ? X1 : X1.multiply(Z1); ECFieldElement L3 = X1Z1.squarePlusProduct(T, L1Z1).add(X3).add(Z3); return new SecT409R1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); }