diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-09-23 18:05:05 +0400 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-09-23 18:05:05 +0400 |
commit | 272398d61616ab54dfcbc7ecc6409bd565f3076b (patch) | |
tree | 9d9f0aa602d467f7774a16ceb196870437e8852a /core/src/main/java/org/bouncycastle | |
parent | c8f6229673823b664f2c244966b7087b0f15cca1 (diff) |
Update various EC algorithms and tests to use normalize and
getAffine[XY]Coord when working with curves that might now be using
non-affine coordinates internally
Diffstat (limited to 'core/src/main/java/org/bouncycastle')
11 files changed, 50 insertions, 42 deletions
diff --git a/core/src/main/java/org/bouncycastle/asn1/ua/DSTU4145PointEncoder.java b/core/src/main/java/org/bouncycastle/asn1/ua/DSTU4145PointEncoder.java index 41b50d04..a68563fc 100644 --- a/core/src/main/java/org/bouncycastle/asn1/ua/DSTU4145PointEncoder.java +++ b/core/src/main/java/org/bouncycastle/asn1/ua/DSTU4145PointEncoder.java @@ -88,12 +88,15 @@ public abstract class DSTU4145PointEncoder return Arrays.copyOfRange(bytes, 1, bytes.length);*/ - int byteCount = converter.getByteLength(Q.getX()); - byte[] bytes = converter.integerToBytes(Q.getX().toBigInteger(), byteCount); + Q = Q.normalize(); + ECFieldElement x = Q.getAffineXCoord(); - if (!Q.getX().isZero()) + int byteCount = converter.getByteLength(x); + byte[] bytes = converter.integerToBytes(x.toBigInteger(), byteCount); + + if (!x.isZero()) { - ECFieldElement y = Q.getY().multiply(Q.getX().invert()); + ECFieldElement y = Q.getAffineYCoord().multiply(x.invert()); if (trace(y).equals(ECConstants.ONE)) { bytes[bytes.length - 1] |= 0x01; diff --git a/core/src/main/java/org/bouncycastle/crypto/agreement/ECDHBasicAgreement.java b/core/src/main/java/org/bouncycastle/crypto/agreement/ECDHBasicAgreement.java index 59944e07..2b9a9582 100644 --- a/core/src/main/java/org/bouncycastle/crypto/agreement/ECDHBasicAgreement.java +++ b/core/src/main/java/org/bouncycastle/crypto/agreement/ECDHBasicAgreement.java @@ -42,10 +42,10 @@ public class ECDHBasicAgreement CipherParameters pubKey) { ECPublicKeyParameters pub = (ECPublicKeyParameters)pubKey; - ECPoint P = pub.getQ().multiply(key.getD()); + ECPoint P = pub.getQ().multiply(key.getD()).normalize(); // if (p.isInfinity()) throw new RuntimeException("d*Q == infinity"); - return P.getX().toBigInteger(); + return P.getAffineXCoord().toBigInteger(); } } diff --git a/core/src/main/java/org/bouncycastle/crypto/agreement/ECDHCBasicAgreement.java b/core/src/main/java/org/bouncycastle/crypto/agreement/ECDHCBasicAgreement.java index 12b84052..2ded6631 100644 --- a/core/src/main/java/org/bouncycastle/crypto/agreement/ECDHCBasicAgreement.java +++ b/core/src/main/java/org/bouncycastle/crypto/agreement/ECDHCBasicAgreement.java @@ -49,10 +49,10 @@ public class ECDHCBasicAgreement { ECPublicKeyParameters pub = (ECPublicKeyParameters)pubKey; ECDomainParameters params = pub.getParameters(); - ECPoint P = pub.getQ().multiply(params.getH().multiply(key.getD())); + ECPoint P = pub.getQ().multiply(params.getH().multiply(key.getD())).normalize(); // if (p.isInfinity()) throw new RuntimeException("Invalid public key"); - return P.getX().toBigInteger(); + return P.getAffineXCoord().toBigInteger(); } } diff --git a/core/src/main/java/org/bouncycastle/crypto/agreement/ECMQVBasicAgreement.java b/core/src/main/java/org/bouncycastle/crypto/agreement/ECMQVBasicAgreement.java index da88b4ac..cdadcee1 100644 --- a/core/src/main/java/org/bouncycastle/crypto/agreement/ECMQVBasicAgreement.java +++ b/core/src/main/java/org/bouncycastle/crypto/agreement/ECMQVBasicAgreement.java @@ -37,9 +37,9 @@ public class ECMQVBasicAgreement ECPoint agreement = calculateMqvAgreement(staticPrivateKey.getParameters(), staticPrivateKey, privParams.getEphemeralPrivateKey(), privParams.getEphemeralPublicKey(), - pubParams.getStaticPublicKey(), pubParams.getEphemeralPublicKey()); + pubParams.getStaticPublicKey(), pubParams.getEphemeralPublicKey()).normalize(); - return agreement.getX().toBigInteger(); + return agreement.getAffineXCoord().toBigInteger(); } // The ECMQV Primitive as described in SEC-1, 3.4 @@ -56,22 +56,26 @@ public class ECMQVBasicAgreement BigInteger powE = ECConstants.ONE.shiftLeft(e); // The Q2U public key is optional - ECPoint q; + ECPoint qU; if (Q2U == null) { - q = parameters.getG().multiply(d2U.getD()); + qU = parameters.getG().multiply(d2U.getD()); } else { - q = Q2U.getQ(); + qU = Q2U.getQ(); } - BigInteger x = q.getX().toBigInteger(); + qU = qU.normalize(); + + BigInteger x = qU.getAffineXCoord().toBigInteger(); BigInteger xBar = x.mod(powE); BigInteger Q2UBar = xBar.setBit(e); BigInteger s = d1U.getD().multiply(Q2UBar).mod(n).add(d2U.getD()).mod(n); - BigInteger xPrime = Q2V.getQ().getX().toBigInteger(); + ECPoint qV = Q2V.getQ().normalize(); + + BigInteger xPrime = qV.getAffineXCoord().toBigInteger(); BigInteger xPrimeBar = xPrime.mod(powE); BigInteger Q2VBar = xPrimeBar.setBit(e); @@ -79,7 +83,7 @@ public class ECMQVBasicAgreement // ECPoint p = Q1V.getQ().multiply(Q2VBar).add(Q2V.getQ()).multiply(hs); ECPoint p = ECAlgorithms.sumOfTwoMultiplies( - Q1V.getQ(), Q2VBar.multiply(hs).mod(n), Q2V.getQ(), hs); + Q1V.getQ(), Q2VBar.multiply(hs).mod(n), Q2V.getQ(), hs).normalize(); if (p.isInfinity()) { diff --git a/core/src/main/java/org/bouncycastle/crypto/kems/ECIESKeyEncapsulation.java b/core/src/main/java/org/bouncycastle/crypto/kems/ECIESKeyEncapsulation.java index f4dfc6ed..b5a145ac 100755 --- a/core/src/main/java/org/bouncycastle/crypto/kems/ECIESKeyEncapsulation.java +++ b/core/src/main/java/org/bouncycastle/crypto/kems/ECIESKeyEncapsulation.java @@ -128,11 +128,11 @@ public class ECIESKeyEncapsulation rPrime = r; } - ECPoint hTilde = ((ECPublicKeyParameters)key).getQ().multiply(rPrime); + ECPoint hTilde = ((ECPublicKeyParameters)key).getQ().multiply(rPrime).normalize(); // Encode the shared secret value int PEHlen = (key.getParameters().getCurve().getFieldSize() + 7) / 8; - byte[] PEH = BigIntegers.asUnsignedByteArray(PEHlen, hTilde.getX().toBigInteger()); + byte[] PEH = BigIntegers.asUnsignedByteArray(PEHlen, hTilde.getAffineXCoord().toBigInteger()); // Initialise the KDF byte[] kdfInput; @@ -215,11 +215,11 @@ public class ECIESKeyEncapsulation xHat = ((ECPrivateKeyParameters)key).getD(); } - ECPoint hTilde = gHat.multiply(xHat); + ECPoint hTilde = gHat.multiply(xHat).normalize(); // Encode the shared secret value int PEHlen = (key.getParameters().getCurve().getFieldSize() + 7) / 8; - byte[] PEH = BigIntegers.asUnsignedByteArray(PEHlen, hTilde.getX().toBigInteger()); + byte[] PEH = BigIntegers.asUnsignedByteArray(PEHlen, hTilde.getAffineXCoord().toBigInteger()); // Initialise the KDF byte[] kdfInput; diff --git a/core/src/main/java/org/bouncycastle/crypto/prng/drbg/DualECSP800DRBG.java b/core/src/main/java/org/bouncycastle/crypto/prng/drbg/DualECSP800DRBG.java index 3c02b4a9..031a0444 100644 --- a/core/src/main/java/org/bouncycastle/crypto/prng/drbg/DualECSP800DRBG.java +++ b/core/src/main/java/org/bouncycastle/crypto/prng/drbg/DualECSP800DRBG.java @@ -171,11 +171,11 @@ public class DualECSP800DRBG { BigInteger t = new BigInteger(1, xor(_s, additionalInput)); - _s = _P.multiply(t).getX().toBigInteger().toByteArray(); + _s = _P.multiply(t).normalize().getAffineXCoord().toBigInteger().toByteArray(); //System.err.println("S: " + new String(Hex.encode(_s))); - byte[] r = _Q.multiply(new BigInteger(1, _s)).getX().toBigInteger().toByteArray(); + byte[] r = _Q.multiply(new BigInteger(1, _s)).normalize().getAffineXCoord().toBigInteger().toByteArray(); if (r.length > _outlen) { @@ -196,9 +196,9 @@ public class DualECSP800DRBG { BigInteger t = new BigInteger(1, xor(_s, additionalInput)); - _s = _P.multiply(t).getX().toBigInteger().toByteArray(); + _s = _P.multiply(t).normalize().getAffineXCoord().toBigInteger().toByteArray(); - byte[] r = _Q.multiply(new BigInteger(1, _s)).getX().toBigInteger().toByteArray(); + byte[] r = _Q.multiply(new BigInteger(1, _s)).normalize().getAffineXCoord().toBigInteger().toByteArray(); int required = output.length - (m * _outlen); @@ -213,7 +213,7 @@ public class DualECSP800DRBG } // Need to preserve length of S as unsigned int. - _s = BigIntegers.asUnsignedByteArray(_sLength, _P.multiply(new BigInteger(1, _s)).getX().toBigInteger()); + _s = BigIntegers.asUnsignedByteArray(_sLength, _P.multiply(new BigInteger(1, _s)).normalize().getAffineXCoord().toBigInteger()); return numberOfBits; } diff --git a/core/src/main/java/org/bouncycastle/crypto/signers/DSTU4145Signer.java b/core/src/main/java/org/bouncycastle/crypto/signers/DSTU4145Signer.java index a12e4012..ee3cf34d 100644 --- a/core/src/main/java/org/bouncycastle/crypto/signers/DSTU4145Signer.java +++ b/core/src/main/java/org/bouncycastle/crypto/signers/DSTU4145Signer.java @@ -72,7 +72,7 @@ public class DSTU4145Signer do { e = generateRandomInteger(key.getParameters().getN(), random); - Fe = key.getParameters().getG().multiply(e).getX(); + Fe = key.getParameters().getG().multiply(e).normalize().getAffineXCoord(); } while (Fe.isZero()); @@ -105,7 +105,7 @@ public class DSTU4145Signer h = key.getParameters().getCurve().fromBigInteger(ONE); } - ECPoint R = ECAlgorithms.sumOfTwoMultiplies(key.getParameters().getG(), s, ((ECPublicKeyParameters)key).getQ(), r); + ECPoint R = ECAlgorithms.sumOfTwoMultiplies(key.getParameters().getG(), s, ((ECPublicKeyParameters)key).getQ(), r).normalize(); // components must be bogus. if (R.isInfinity()) @@ -113,7 +113,7 @@ public class DSTU4145Signer return false; } - ECFieldElement y = h.multiply(R.getX()); + ECFieldElement y = h.multiply(R.getAffineXCoord()); return fieldElement2Integer(key.getParameters().getN(), y).compareTo(r) == 0; } diff --git a/core/src/main/java/org/bouncycastle/crypto/signers/ECDSASigner.java b/core/src/main/java/org/bouncycastle/crypto/signers/ECDSASigner.java index 7dd3bf97..9156de40 100644 --- a/core/src/main/java/org/bouncycastle/crypto/signers/ECDSASigner.java +++ b/core/src/main/java/org/bouncycastle/crypto/signers/ECDSASigner.java @@ -78,10 +78,10 @@ public class ECDSASigner } while (k.equals(ZERO) || k.compareTo(n) >= 0); - ECPoint p = key.getParameters().getG().multiply(k); + ECPoint p = key.getParameters().getG().multiply(k).normalize(); // 5.3.3 - BigInteger x = p.getX().toBigInteger(); + BigInteger x = p.getAffineXCoord().toBigInteger(); r = x.mod(n); } @@ -135,7 +135,7 @@ public class ECDSASigner ECPoint G = key.getParameters().getG(); ECPoint Q = ((ECPublicKeyParameters)key).getQ(); - ECPoint point = ECAlgorithms.sumOfTwoMultiplies(G, u1, Q, u2); + ECPoint point = ECAlgorithms.sumOfTwoMultiplies(G, u1, Q, u2).normalize(); // components must be bogus. if (point.isInfinity()) @@ -143,7 +143,7 @@ public class ECDSASigner return false; } - BigInteger v = point.getX().toBigInteger().mod(n); + BigInteger v = point.getAffineXCoord().toBigInteger().mod(n); return v.equals(r); } diff --git a/core/src/main/java/org/bouncycastle/crypto/signers/ECGOST3410Signer.java b/core/src/main/java/org/bouncycastle/crypto/signers/ECGOST3410Signer.java index 7256d353..f6d7f4fa 100644 --- a/core/src/main/java/org/bouncycastle/crypto/signers/ECGOST3410Signer.java +++ b/core/src/main/java/org/bouncycastle/crypto/signers/ECGOST3410Signer.java @@ -82,9 +82,9 @@ public class ECGOST3410Signer } while (k.equals(ECConstants.ZERO)); - ECPoint p = key.getParameters().getG().multiply(k); + ECPoint p = key.getParameters().getG().multiply(k).normalize(); - BigInteger x = p.getX().toBigInteger(); + BigInteger x = p.getAffineXCoord().toBigInteger(); r = x.mod(n); } @@ -143,7 +143,7 @@ public class ECGOST3410Signer ECPoint G = key.getParameters().getG(); // P ECPoint Q = ((ECPublicKeyParameters)key).getQ(); - ECPoint point = ECAlgorithms.sumOfTwoMultiplies(G, z1, Q, z2); + ECPoint point = ECAlgorithms.sumOfTwoMultiplies(G, z1, Q, z2).normalize(); // components must be bogus. if (point.isInfinity()) @@ -151,7 +151,7 @@ public class ECGOST3410Signer return false; } - BigInteger R = point.getX().toBigInteger().mod(n); + BigInteger R = point.getAffineXCoord().toBigInteger().mod(n); return R.equals(r); } diff --git a/core/src/main/java/org/bouncycastle/crypto/signers/ECNRSigner.java b/core/src/main/java/org/bouncycastle/crypto/signers/ECNRSigner.java index 07e8ca7b..72bbbcb4 100644 --- a/core/src/main/java/org/bouncycastle/crypto/signers/ECNRSigner.java +++ b/core/src/main/java/org/bouncycastle/crypto/signers/ECNRSigner.java @@ -101,8 +101,8 @@ public class ECNRSigner // BigInteger Vx = tempPair.getPublic().getW().getAffineX(); ECPublicKeyParameters V = (ECPublicKeyParameters)tempPair.getPublic(); // get temp's public key - BigInteger Vx = V.getQ().getX().toBigInteger(); // get the point's x coordinate - + BigInteger Vx = V.getQ().normalize().getAffineXCoord().toBigInteger(); // get the point's x coordinate + r = Vx.add(e).mod(n); } while (r.equals(ECConstants.ZERO)); @@ -172,7 +172,7 @@ public class ECNRSigner ECPoint G = pubKey.getParameters().getG(); ECPoint W = pubKey.getQ(); // calculate P using Bouncy math - ECPoint P = ECAlgorithms.sumOfTwoMultiplies(G, s, W, r); + ECPoint P = ECAlgorithms.sumOfTwoMultiplies(G, s, W, r).normalize(); // components must be bogus. if (P.isInfinity()) @@ -180,7 +180,7 @@ public class ECNRSigner return false; } - BigInteger x = P.getX().toBigInteger(); + BigInteger x = P.getAffineXCoord().toBigInteger(); BigInteger t = r.subtract(x).mod(n); return t.equals(e); diff --git a/core/src/main/java/org/bouncycastle/math/ec/Tnaf.java b/core/src/main/java/org/bouncycastle/math/ec/Tnaf.java index 03fc4da0..1acdc31b 100644 --- a/core/src/main/java/org/bouncycastle/math/ec/Tnaf.java +++ b/core/src/main/java/org/bouncycastle/math/ec/Tnaf.java @@ -397,8 +397,9 @@ class Tnaf return p; } - ECFieldElement x = p.getX(); - ECFieldElement y = p.getY(); + ECPoint pn = p.normalize(); + ECFieldElement x = pn.getAffineXCoord(); + ECFieldElement y = pn.getAffineYCoord(); return new ECPoint.F2m(p.getCurve(), x.square(), y.square(), p.isCompressed()); } |