diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-09-23 18:05:05 +0400 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-09-23 18:05:05 +0400 |
| commit | 272398d61616ab54dfcbc7ecc6409bd565f3076b (patch) | |
| tree | 9d9f0aa602d467f7774a16ceb196870437e8852a | |
| parent | c8f6229673823b664f2c244966b7087b0f15cca1 (diff) | |
Update various EC algorithms and tests to use normalize and
getAffine[XY]Coord when working with curves that might now be using
non-affine coordinates internally
15 files changed, 68 insertions, 59 deletions
diff --git a/core/src/main/java/org/bouncycastle/asn1/ua/DSTU4145PointEncoder.java b/core/src/main/java/org/bouncycastle/asn1/ua/DSTU4145PointEncoder.java index 41b50d04..a68563fc 100644 --- a/core/src/main/java/org/bouncycastle/asn1/ua/DSTU4145PointEncoder.java +++ b/core/src/main/java/org/bouncycastle/asn1/ua/DSTU4145PointEncoder.java @@ -88,12 +88,15 @@ public abstract class DSTU4145PointEncoder return Arrays.copyOfRange(bytes, 1, bytes.length);*/ - int byteCount = converter.getByteLength(Q.getX()); - byte[] bytes = converter.integerToBytes(Q.getX().toBigInteger(), byteCount); + Q = Q.normalize(); + ECFieldElement x = Q.getAffineXCoord(); - if (!Q.getX().isZero()) + int byteCount = converter.getByteLength(x); + byte[] bytes = converter.integerToBytes(x.toBigInteger(), byteCount); + + if (!x.isZero()) { - ECFieldElement y = Q.getY().multiply(Q.getX().invert()); + ECFieldElement y = Q.getAffineYCoord().multiply(x.invert()); if (trace(y).equals(ECConstants.ONE)) { bytes[bytes.length - 1] |= 0x01; diff --git a/core/src/main/java/org/bouncycastle/crypto/agreement/ECDHBasicAgreement.java b/core/src/main/java/org/bouncycastle/crypto/agreement/ECDHBasicAgreement.java index 59944e07..2b9a9582 100644 --- a/core/src/main/java/org/bouncycastle/crypto/agreement/ECDHBasicAgreement.java +++ b/core/src/main/java/org/bouncycastle/crypto/agreement/ECDHBasicAgreement.java @@ -42,10 +42,10 @@ public class ECDHBasicAgreement CipherParameters pubKey) { ECPublicKeyParameters pub = (ECPublicKeyParameters)pubKey; - ECPoint P = pub.getQ().multiply(key.getD()); + ECPoint P = pub.getQ().multiply(key.getD()).normalize(); // if (p.isInfinity()) throw new RuntimeException("d*Q == infinity"); - return P.getX().toBigInteger(); + return P.getAffineXCoord().toBigInteger(); } } diff --git a/core/src/main/java/org/bouncycastle/crypto/agreement/ECDHCBasicAgreement.java b/core/src/main/java/org/bouncycastle/crypto/agreement/ECDHCBasicAgreement.java index 12b84052..2ded6631 100644 --- a/core/src/main/java/org/bouncycastle/crypto/agreement/ECDHCBasicAgreement.java +++ b/core/src/main/java/org/bouncycastle/crypto/agreement/ECDHCBasicAgreement.java @@ -49,10 +49,10 @@ public class ECDHCBasicAgreement { ECPublicKeyParameters pub = (ECPublicKeyParameters)pubKey; ECDomainParameters params = pub.getParameters(); - ECPoint P = pub.getQ().multiply(params.getH().multiply(key.getD())); + ECPoint P = pub.getQ().multiply(params.getH().multiply(key.getD())).normalize(); // if (p.isInfinity()) throw new RuntimeException("Invalid public key"); - return P.getX().toBigInteger(); + return P.getAffineXCoord().toBigInteger(); } } diff --git a/core/src/main/java/org/bouncycastle/crypto/agreement/ECMQVBasicAgreement.java b/core/src/main/java/org/bouncycastle/crypto/agreement/ECMQVBasicAgreement.java index da88b4ac..cdadcee1 100644 --- a/core/src/main/java/org/bouncycastle/crypto/agreement/ECMQVBasicAgreement.java +++ b/core/src/main/java/org/bouncycastle/crypto/agreement/ECMQVBasicAgreement.java @@ -37,9 +37,9 @@ public class ECMQVBasicAgreement ECPoint agreement = calculateMqvAgreement(staticPrivateKey.getParameters(), staticPrivateKey, privParams.getEphemeralPrivateKey(), privParams.getEphemeralPublicKey(), - pubParams.getStaticPublicKey(), pubParams.getEphemeralPublicKey()); + pubParams.getStaticPublicKey(), pubParams.getEphemeralPublicKey()).normalize(); - return agreement.getX().toBigInteger(); + return agreement.getAffineXCoord().toBigInteger(); } // The ECMQV Primitive as described in SEC-1, 3.4 @@ -56,22 +56,26 @@ public class ECMQVBasicAgreement BigInteger powE = ECConstants.ONE.shiftLeft(e); // The Q2U public key is optional - ECPoint q; + ECPoint qU; if (Q2U == null) { - q = parameters.getG().multiply(d2U.getD()); + qU = parameters.getG().multiply(d2U.getD()); } else { - q = Q2U.getQ(); + qU = Q2U.getQ(); } - BigInteger x = q.getX().toBigInteger(); + qU = qU.normalize(); + + BigInteger x = qU.getAffineXCoord().toBigInteger(); BigInteger xBar = x.mod(powE); BigInteger Q2UBar = xBar.setBit(e); BigInteger s = d1U.getD().multiply(Q2UBar).mod(n).add(d2U.getD()).mod(n); - BigInteger xPrime = Q2V.getQ().getX().toBigInteger(); + ECPoint qV = Q2V.getQ().normalize(); + + BigInteger xPrime = qV.getAffineXCoord().toBigInteger(); BigInteger xPrimeBar = xPrime.mod(powE); BigInteger Q2VBar = xPrimeBar.setBit(e); @@ -79,7 +83,7 @@ public class ECMQVBasicAgreement // ECPoint p = Q1V.getQ().multiply(Q2VBar).add(Q2V.getQ()).multiply(hs); ECPoint p = ECAlgorithms.sumOfTwoMultiplies( - Q1V.getQ(), Q2VBar.multiply(hs).mod(n), Q2V.getQ(), hs); + Q1V.getQ(), Q2VBar.multiply(hs).mod(n), Q2V.getQ(), hs).normalize(); if (p.isInfinity()) { diff --git a/core/src/main/java/org/bouncycastle/crypto/kems/ECIESKeyEncapsulation.java b/core/src/main/java/org/bouncycastle/crypto/kems/ECIESKeyEncapsulation.java index f4dfc6ed..b5a145ac 100755 --- a/core/src/main/java/org/bouncycastle/crypto/kems/ECIESKeyEncapsulation.java +++ b/core/src/main/java/org/bouncycastle/crypto/kems/ECIESKeyEncapsulation.java @@ -128,11 +128,11 @@ public class ECIESKeyEncapsulation rPrime = r; } - ECPoint hTilde = ((ECPublicKeyParameters)key).getQ().multiply(rPrime); + ECPoint hTilde = ((ECPublicKeyParameters)key).getQ().multiply(rPrime).normalize(); // Encode the shared secret value int PEHlen = (key.getParameters().getCurve().getFieldSize() + 7) / 8; - byte[] PEH = BigIntegers.asUnsignedByteArray(PEHlen, hTilde.getX().toBigInteger()); + byte[] PEH = BigIntegers.asUnsignedByteArray(PEHlen, hTilde.getAffineXCoord().toBigInteger()); // Initialise the KDF byte[] kdfInput; @@ -215,11 +215,11 @@ public class ECIESKeyEncapsulation xHat = ((ECPrivateKeyParameters)key).getD(); } - ECPoint hTilde = gHat.multiply(xHat); + ECPoint hTilde = gHat.multiply(xHat).normalize(); // Encode the shared secret value int PEHlen = (key.getParameters().getCurve().getFieldSize() + 7) / 8; - byte[] PEH = BigIntegers.asUnsignedByteArray(PEHlen, hTilde.getX().toBigInteger()); + byte[] PEH = BigIntegers.asUnsignedByteArray(PEHlen, hTilde.getAffineXCoord().toBigInteger()); // Initialise the KDF byte[] kdfInput; diff --git a/core/src/main/java/org/bouncycastle/crypto/prng/drbg/DualECSP800DRBG.java b/core/src/main/java/org/bouncycastle/crypto/prng/drbg/DualECSP800DRBG.java index 3c02b4a9..031a0444 100644 --- a/core/src/main/java/org/bouncycastle/crypto/prng/drbg/DualECSP800DRBG.java +++ b/core/src/main/java/org/bouncycastle/crypto/prng/drbg/DualECSP800DRBG.java @@ -171,11 +171,11 @@ public class DualECSP800DRBG { BigInteger t = new BigInteger(1, xor(_s, additionalInput)); - _s = _P.multiply(t).getX().toBigInteger().toByteArray(); + _s = _P.multiply(t).normalize().getAffineXCoord().toBigInteger().toByteArray(); //System.err.println("S: " + new String(Hex.encode(_s))); - byte[] r = _Q.multiply(new BigInteger(1, _s)).getX().toBigInteger().toByteArray(); + byte[] r = _Q.multiply(new BigInteger(1, _s)).normalize().getAffineXCoord().toBigInteger().toByteArray(); if (r.length > _outlen) { @@ -196,9 +196,9 @@ public class DualECSP800DRBG { BigInteger t = new BigInteger(1, xor(_s, additionalInput)); - _s = _P.multiply(t).getX().toBigInteger().toByteArray(); + _s = _P.multiply(t).normalize().getAffineXCoord().toBigInteger().toByteArray(); - byte[] r = _Q.multiply(new BigInteger(1, _s)).getX().toBigInteger().toByteArray(); + byte[] r = _Q.multiply(new BigInteger(1, _s)).normalize().getAffineXCoord().toBigInteger().toByteArray(); int required = output.length - (m * _outlen); @@ -213,7 +213,7 @@ public class DualECSP800DRBG } // Need to preserve length of S as unsigned int. - _s = BigIntegers.asUnsignedByteArray(_sLength, _P.multiply(new BigInteger(1, _s)).getX().toBigInteger()); + _s = BigIntegers.asUnsignedByteArray(_sLength, _P.multiply(new BigInteger(1, _s)).normalize().getAffineXCoord().toBigInteger()); return numberOfBits; } diff --git a/core/src/main/java/org/bouncycastle/crypto/signers/DSTU4145Signer.java b/core/src/main/java/org/bouncycastle/crypto/signers/DSTU4145Signer.java index a12e4012..ee3cf34d 100644 --- a/core/src/main/java/org/bouncycastle/crypto/signers/DSTU4145Signer.java +++ b/core/src/main/java/org/bouncycastle/crypto/signers/DSTU4145Signer.java @@ -72,7 +72,7 @@ public class DSTU4145Signer do { e = generateRandomInteger(key.getParameters().getN(), random); - Fe = key.getParameters().getG().multiply(e).getX(); + Fe = key.getParameters().getG().multiply(e).normalize().getAffineXCoord(); } while (Fe.isZero()); @@ -105,7 +105,7 @@ public class DSTU4145Signer h = key.getParameters().getCurve().fromBigInteger(ONE); } - ECPoint R = ECAlgorithms.sumOfTwoMultiplies(key.getParameters().getG(), s, ((ECPublicKeyParameters)key).getQ(), r); + ECPoint R = ECAlgorithms.sumOfTwoMultiplies(key.getParameters().getG(), s, ((ECPublicKeyParameters)key).getQ(), r).normalize(); // components must be bogus. if (R.isInfinity()) @@ -113,7 +113,7 @@ public class DSTU4145Signer return false; } - ECFieldElement y = h.multiply(R.getX()); + ECFieldElement y = h.multiply(R.getAffineXCoord()); return fieldElement2Integer(key.getParameters().getN(), y).compareTo(r) == 0; } diff --git a/core/src/main/java/org/bouncycastle/crypto/signers/ECDSASigner.java b/core/src/main/java/org/bouncycastle/crypto/signers/ECDSASigner.java index 7dd3bf97..9156de40 100644 --- a/core/src/main/java/org/bouncycastle/crypto/signers/ECDSASigner.java +++ b/core/src/main/java/org/bouncycastle/crypto/signers/ECDSASigner.java @@ -78,10 +78,10 @@ public class ECDSASigner } while (k.equals(ZERO) || k.compareTo(n) >= 0); - ECPoint p = key.getParameters().getG().multiply(k); + ECPoint p = key.getParameters().getG().multiply(k).normalize(); // 5.3.3 - BigInteger x = p.getX().toBigInteger(); + BigInteger x = p.getAffineXCoord().toBigInteger(); r = x.mod(n); } @@ -135,7 +135,7 @@ public class ECDSASigner ECPoint G = key.getParameters().getG(); ECPoint Q = ((ECPublicKeyParameters)key).getQ(); - ECPoint point = ECAlgorithms.sumOfTwoMultiplies(G, u1, Q, u2); + ECPoint point = ECAlgorithms.sumOfTwoMultiplies(G, u1, Q, u2).normalize(); // components must be bogus. if (point.isInfinity()) @@ -143,7 +143,7 @@ public class ECDSASigner return false; } - BigInteger v = point.getX().toBigInteger().mod(n); + BigInteger v = point.getAffineXCoord().toBigInteger().mod(n); return v.equals(r); } diff --git a/core/src/main/java/org/bouncycastle/crypto/signers/ECGOST3410Signer.java b/core/src/main/java/org/bouncycastle/crypto/signers/ECGOST3410Signer.java index 7256d353..f6d7f4fa 100644 --- a/core/src/main/java/org/bouncycastle/crypto/signers/ECGOST3410Signer.java +++ b/core/src/main/java/org/bouncycastle/crypto/signers/ECGOST3410Signer.java @@ -82,9 +82,9 @@ public class ECGOST3410Signer } while (k.equals(ECConstants.ZERO)); - ECPoint p = key.getParameters().getG().multiply(k); + ECPoint p = key.getParameters().getG().multiply(k).normalize(); - BigInteger x = p.getX().toBigInteger(); + BigInteger x = p.getAffineXCoord().toBigInteger(); r = x.mod(n); } @@ -143,7 +143,7 @@ public class ECGOST3410Signer ECPoint G = key.getParameters().getG(); // P ECPoint Q = ((ECPublicKeyParameters)key).getQ(); - ECPoint point = ECAlgorithms.sumOfTwoMultiplies(G, z1, Q, z2); + ECPoint point = ECAlgorithms.sumOfTwoMultiplies(G, z1, Q, z2).normalize(); // components must be bogus. if (point.isInfinity()) @@ -151,7 +151,7 @@ public class ECGOST3410Signer return false; } - BigInteger R = point.getX().toBigInteger().mod(n); + BigInteger R = point.getAffineXCoord().toBigInteger().mod(n); return R.equals(r); } diff --git a/core/src/main/java/org/bouncycastle/crypto/signers/ECNRSigner.java b/core/src/main/java/org/bouncycastle/crypto/signers/ECNRSigner.java index 07e8ca7b..72bbbcb4 100644 --- a/core/src/main/java/org/bouncycastle/crypto/signers/ECNRSigner.java +++ b/core/src/main/java/org/bouncycastle/crypto/signers/ECNRSigner.java @@ -101,8 +101,8 @@ public class ECNRSigner // BigInteger Vx = tempPair.getPublic().getW().getAffineX(); ECPublicKeyParameters V = (ECPublicKeyParameters)tempPair.getPublic(); // get temp's public key - BigInteger Vx = V.getQ().getX().toBigInteger(); // get the point's x coordinate - + BigInteger Vx = V.getQ().normalize().getAffineXCoord().toBigInteger(); // get the point's x coordinate + r = Vx.add(e).mod(n); } while (r.equals(ECConstants.ZERO)); @@ -172,7 +172,7 @@ public class ECNRSigner ECPoint G = pubKey.getParameters().getG(); ECPoint W = pubKey.getQ(); // calculate P using Bouncy math - ECPoint P = ECAlgorithms.sumOfTwoMultiplies(G, s, W, r); + ECPoint P = ECAlgorithms.sumOfTwoMultiplies(G, s, W, r).normalize(); // components must be bogus. if (P.isInfinity()) @@ -180,7 +180,7 @@ public class ECNRSigner return false; } - BigInteger x = P.getX().toBigInteger(); + BigInteger x = P.getAffineXCoord().toBigInteger(); BigInteger t = r.subtract(x).mod(n); return t.equals(e); diff --git a/core/src/main/java/org/bouncycastle/math/ec/Tnaf.java b/core/src/main/java/org/bouncycastle/math/ec/Tnaf.java index 03fc4da0..1acdc31b 100644 --- a/core/src/main/java/org/bouncycastle/math/ec/Tnaf.java +++ b/core/src/main/java/org/bouncycastle/math/ec/Tnaf.java @@ -397,8 +397,9 @@ class Tnaf return p; } - ECFieldElement x = p.getX(); - ECFieldElement y = p.getY(); + ECPoint pn = p.normalize(); + ECFieldElement x = pn.getAffineXCoord(); + ECFieldElement y = pn.getAffineYCoord(); return new ECPoint.F2m(p.getCurve(), x.square(), y.square(), p.isCompressed()); } diff --git a/core/src/test/java/org/bouncycastle/crypto/test/ECTest.java b/core/src/test/java/org/bouncycastle/crypto/test/ECTest.java index cbe9ba20..2c02517f 100644 --- a/core/src/test/java/org/bouncycastle/crypto/test/ECTest.java +++ b/core/src/test/java/org/bouncycastle/crypto/test/ECTest.java @@ -103,20 +103,20 @@ public class ECTest new BigInteger("fffffffffffffffffffffffffffffffefffffffffffffffc", 16), // a new BigInteger("64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1", 16)); // b - ECPoint p = curve.decodePoint(Hex.decode("03188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012")); - - if (!p.getX().toBigInteger().equals(new BigInteger("188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012", 16))) + ECPoint p = curve.decodePoint(Hex.decode("03188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012")).normalize(); + + if (!p.getAffineXCoord().toBigInteger().equals(new BigInteger("188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012", 16))) { fail("x uncompressed incorrectly"); } - - if (!p.getY().toBigInteger().equals(new BigInteger("7192b95ffc8da78631011ed6b24cdd573f977a11e794811", 16))) + + if (!p.getAffineYCoord().toBigInteger().equals(new BigInteger("7192b95ffc8da78631011ed6b24cdd573f977a11e794811", 16))) { fail("y uncompressed incorrectly"); } - + byte[] encoding = p.getEncoded(); - + if (!areEqual(encoding, Hex.decode("03188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012"))) { fail("point compressed incorrectly"); diff --git a/core/src/test/java/org/bouncycastle/math/ec/test/ECPointPerformanceTest.java b/core/src/test/java/org/bouncycastle/math/ec/test/ECPointPerformanceTest.java index dae039b3..facfbd6c 100644 --- a/core/src/test/java/org/bouncycastle/math/ec/test/ECPointPerformanceTest.java +++ b/core/src/test/java/org/bouncycastle/math/ec/test/ECPointPerformanceTest.java @@ -36,7 +36,8 @@ public class ECPointPerformanceTest extends TestCase .setMultiplier(new WNafMultiplier()) .create(); - g = c.createPoint(g.getX().toBigInteger(), g.getY().toBigInteger()); + g = g.normalize(); + g = c.createPoint(g.getAffineXCoord().toBigInteger(), g.getAffineYCoord().toBigInteger()); } final SecureRandom random = SecureRandom.getInstance("SHA1PRNG", "SUN"); diff --git a/core/src/test/java/org/bouncycastle/math/ec/test/ECPointTest.java b/core/src/test/java/org/bouncycastle/math/ec/test/ECPointTest.java index 8a409d75..04c0ec48 100644 --- a/core/src/test/java/org/bouncycastle/math/ec/test/ECPointTest.java +++ b/core/src/test/java/org/bouncycastle/math/ec/test/ECPointTest.java @@ -396,10 +396,10 @@ public class ECPointTest extends TestCase private void implTestEncoding(ECPoint p) { // Not Point Compression - ECPoint unCompP = p.getCurve().createPoint(p.getX().toBigInteger(), p.getY().toBigInteger(), false); + ECPoint unCompP = p.getCurve().createPoint(p.getAffineXCoord().toBigInteger(), p.getAffineYCoord().toBigInteger(), false); // Point compression - ECPoint compP = p.getCurve().createPoint(p.getX().toBigInteger(), p.getY().toBigInteger(), true); + ECPoint compP = p.getCurve().createPoint(p.getAffineXCoord().toBigInteger(), p.getAffineYCoord().toBigInteger(), true); byte[] unCompBarr = unCompP.getEncoded(); ECPoint decUnComp = p.getCurve().decodePoint(unCompBarr); @@ -428,7 +428,7 @@ public class ECPointTest extends TestCase // The generator is multiplied by random b to get random q BigInteger b = new BigInteger(n.bitLength(), secRand); ECPoint g = x9ECParameters.getG(); - ECPoint q = g.multiply(b); + ECPoint q = g.multiply(b).normalize(); // Get point at infinity on the curve ECPoint infinity = x9ECParameters.getCurve().getInfinity(); diff --git a/core/src/test/java/org/bouncycastle/math/ec/test/F2mProofer.java b/core/src/test/java/org/bouncycastle/math/ec/test/F2mProofer.java index f30b4023..f113482e 100644 --- a/core/src/test/java/org/bouncycastle/math/ec/test/F2mProofer.java +++ b/core/src/test/java/org/bouncycastle/math/ec/test/F2mProofer.java @@ -33,8 +33,8 @@ public class F2mProofer private String pointToString(ECPoint.F2m p) { - ECFieldElement.F2m x = (ECFieldElement.F2m) p.getX(); - ECFieldElement.F2m y = (ECFieldElement.F2m) p.getY(); + ECFieldElement.F2m x = (ECFieldElement.F2m) p.getAffineXCoord(); + ECFieldElement.F2m y = (ECFieldElement.F2m) p.getAffineYCoord(); int m = x.getM(); int len = m / 2 + 5; @@ -53,7 +53,7 @@ public class F2mProofer throws NoSuchAlgorithmException, IOException { ECPoint.F2m g = (ECPoint.F2m) x9ECParameters.getG(); - int m = ((ECFieldElement.F2m) (g.getX())).getM(); + int m = ((ECFieldElement.F2m) (g.getAffineXCoord())).getM(); SecureRandom secRand = SecureRandom.getInstance("SHA1PRNG"); Properties inputProps = new Properties(); @@ -72,7 +72,7 @@ public class F2mProofer String classPrefix) throws IOException { ECPoint.F2m g = (ECPoint.F2m) x9ECParameters.getG(); - int m = ((ECFieldElement.F2m) (g.getX())).getM(); + int m = ((ECFieldElement.F2m) (g.getAffineXCoord())).getM(); String inputFileName = PATH + INPUT_FILE_NAME_PREFIX + m + ".properties"; @@ -85,7 +85,7 @@ public class F2mProofer { BigInteger rand = new BigInteger(inputProps.getProperty(Integer .toString(i)), 16); - ECPoint.F2m result = (ECPoint.F2m) g.multiply(rand); + ECPoint.F2m result = (ECPoint.F2m) g.multiply(rand).normalize(); String resultStr = pointToString(result); outputProps.setProperty(Integer.toString(i), resultStr); } @@ -111,7 +111,7 @@ public class F2mProofer String classPrefix1, String classPrefix2) throws IOException { ECPoint.F2m g = (ECPoint.F2m) x9ECParameters.getG(); - int m = ((ECFieldElement.F2m) (g.getX())).getM(); + int m = ((ECFieldElement.F2m) (g.getAffineXCoord())).getM(); Properties res1 = loadResults(classPrefix1, m); Properties res2 = loadResults(classPrefix2, m); |