Java 类java.security.spec.EllipticCurve 实例源码

public static ECParameterSpec encodeECParameterSpec(EllipticCurveParameters params) {

        // Field
        final BigInteger pInt = new BigInteger(1, params.getP());
        final ECField field = new ECFieldFp(pInt);

        final BigInteger aInt = new BigInteger(1, params.getA());
        final BigInteger bInt = new BigInteger(1, params.getB());
        final EllipticCurve curve = new EllipticCurve(field, aInt, bInt);

        // Fixed Point G
        final BigInteger xInt = new BigInteger(1, params.getX());
        final BigInteger yInt = new BigInteger(1, params.getY());
        final ECPoint g = new ECPoint(xInt, yInt);

        // Order N
        final BigInteger nInt = new BigInteger(1, params.getN());

        return new ECParameterSpec(curve, g, nInt, params.getH());
    }

public static ECParameterSpec encodeECParameterSpec(EllipticCurveParameters params) {

        // Field
        final BigInteger pInt = new BigInteger(1, params.getP());
        final ECField field = new ECFieldFp(pInt);

        final BigInteger aInt = new BigInteger(1, params.getA());
        final BigInteger bInt = new BigInteger(1, params.getB());
        final EllipticCurve curve = new EllipticCurve(field, aInt, bInt);

        // Fixed Point G
        final BigInteger xInt = new BigInteger(1, params.getX());
        final BigInteger yInt = new BigInteger(1, params.getY());
        final ECPoint g = new ECPoint(xInt, yInt);

        // Order N
        final BigInteger nInt = new BigInteger(1, params.getN());

        return new ECParameterSpec(curve, g, nInt, params.getH());
    }

public JCEECPrivateKey(
    String              algorithm,
    org.bouncycastle.jce.spec.ECPrivateKeySpec     spec)
{
    this.algorithm = algorithm;
    this.d = spec.getD();

    if (spec.getParams() != null) // can be null if implicitlyCA
    {
        ECCurve curve = spec.getParams().getCurve();
        EllipticCurve ellipticCurve;

        ellipticCurve = EC5Util.convertCurve(curve, spec.getParams().getSeed());

        this.ecSpec = EC5Util.convertSpec(ellipticCurve, spec.getParams());
    }
    else
    {
        this.ecSpec = null;
    }
}

public JCEECPublicKey(
    String              algorithm,
    org.bouncycastle.jce.spec.ECPublicKeySpec     spec)
{
    this.algorithm = algorithm;
    this.q = spec.getQ();

    if (spec.getParams() != null) // can be null if implictlyCa
    {
        ECCurve curve = spec.getParams().getCurve();
        EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getParams().getSeed());

        this.ecSpec = EC5Util.convertSpec(ellipticCurve, spec.getParams());
    }
    else
    {
        if (q.getCurve() == null)
        {
            org.bouncycastle.jce.spec.ECParameterSpec s = BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa();

            q = s.getCurve().createPoint(q.getX().toBigInteger(), q.getY().toBigInteger(), false);
        }               
        this.ecSpec = null;
    }
}

public JCEECPublicKey(
    String                  algorithm,
    ECPublicKeyParameters   params,
    ECParameterSpec         spec)
{
    ECDomainParameters      dp = params.getParameters();

    this.algorithm = algorithm;
    this.q = params.getQ();

    if (spec == null)
    {
        EllipticCurve ellipticCurve = EC5Util.convertCurve(dp.getCurve(), dp.getSeed());

        this.ecSpec = createSpec(ellipticCurve, dp);
    }
    else
    {
        this.ecSpec = spec;
    }
}

private static ECCurve convertCurve(
    EllipticCurve ec)
{
    ECField field = ec.getField();
    BigInteger a = ec.getA();
    BigInteger b = ec.getB();

    if (field instanceof ECFieldFp)
    {
        return new ECCurve.Fp(((ECFieldFp)field).getP(), a, b);
    }
    else
    {
        throw new IllegalStateException("not implemented yet!!!");
    }
}

public BCDSTU4145PrivateKey(
    org.bouncycastle.jce.spec.ECPrivateKeySpec spec)
{
    this.d = spec.getD();

    if (spec.getParams() != null) // can be null if implicitlyCA
    {
        ECCurve curve = spec.getParams().getCurve();
        EllipticCurve ellipticCurve;

        ellipticCurve = EC5Util.convertCurve(curve, spec.getParams().getSeed());

        this.ecSpec = EC5Util.convertSpec(ellipticCurve, spec.getParams());
    }
    else
    {
        this.ecSpec = null;
    }
}

public BCDSTU4145PublicKey(
    org.bouncycastle.jce.spec.ECPublicKeySpec spec)
{
    this.q = spec.getQ();

    if (spec.getParams() != null) // can be null if implictlyCa
    {
        ECCurve curve = spec.getParams().getCurve();
        EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getParams().getSeed());

        this.ecSpec = EC5Util.convertSpec(ellipticCurve, spec.getParams());
    }
    else
    {
        if (q.getCurve() == null)
        {
            org.bouncycastle.jce.spec.ECParameterSpec s = BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa();

            q = s.getCurve().createPoint(q.getX().toBigInteger(), q.getY().toBigInteger(), false);
        }
        this.ecSpec = null;
    }
}

public BCDSTU4145PublicKey(
    String algorithm,
    ECPublicKeyParameters params,
    ECParameterSpec spec)
{
    ECDomainParameters dp = params.getParameters();

    this.algorithm = algorithm;
    this.q = params.getQ();

    if (spec == null)
    {
        EllipticCurve ellipticCurve = EC5Util.convertCurve(dp.getCurve(), dp.getSeed());

        this.ecSpec = createSpec(ellipticCurve, dp);
    }
    else
    {
        this.ecSpec = spec;
    }
}

public BCECPrivateKey(
    String algorithm,
    org.bouncycastle.jce.spec.ECPrivateKeySpec spec,
    ProviderConfiguration configuration)
{
    this.algorithm = algorithm;
    this.d = spec.getD();

    if (spec.getParams() != null) // can be null if implicitlyCA
    {
        ECCurve curve = spec.getParams().getCurve();
        EllipticCurve ellipticCurve;

        ellipticCurve = EC5Util.convertCurve(curve, spec.getParams().getSeed());

        this.ecSpec = EC5Util.convertSpec(ellipticCurve, spec.getParams());
    }
    else
    {
        this.ecSpec = null;
    }

    this.configuration = configuration;
}

public BCECPublicKey(
    String algorithm,
    ECPublicKeyParameters params,
    ECParameterSpec spec,
    ProviderConfiguration configuration)
{
    ECDomainParameters      dp = params.getParameters();

    this.algorithm = algorithm;
    this.q = params.getQ();

    if (spec == null)
    {
        EllipticCurve ellipticCurve = EC5Util.convertCurve(dp.getCurve(), dp.getSeed());

        this.ecSpec = createSpec(ellipticCurve, dp);
    }
    else
    {
        this.ecSpec = spec;
    }

    this.configuration = configuration;
}

public static ECCurve convertCurve(
    EllipticCurve ec)
{
    ECField field = ec.getField();
    BigInteger a = ec.getA();
    BigInteger b = ec.getB();

    if (field instanceof ECFieldFp)
    {
        return new ECCurve.Fp(((ECFieldFp)field).getP(), a, b);
    }
    else
    {
        ECFieldF2m fieldF2m = (ECFieldF2m)field;
        int m = fieldF2m.getM();
        int ks[] = ECUtil.convertMidTerms(fieldF2m.getMidTermsOfReductionPolynomial());
        return new ECCurve.F2m(m, ks[0], ks[1], ks[2], a, b); 
    }
}

public static ECParameterSpec convertSpec(
    EllipticCurve ellipticCurve,
    org.bouncycastle.jce.spec.ECParameterSpec spec)
{
    if (spec instanceof ECNamedCurveParameterSpec)
    {
        return new ECNamedCurveSpec(
            ((ECNamedCurveParameterSpec)spec).getName(),
            ellipticCurve,
            new ECPoint(
                spec.getG().getX().toBigInteger(),
                spec.getG().getY().toBigInteger()),
            spec.getN(),
            spec.getH());
    }
    else
    {
        return new ECParameterSpec(
            ellipticCurve,
            new ECPoint(
                spec.getG().getX().toBigInteger(),
                spec.getG().getY().toBigInteger()),
            spec.getN(),
            spec.getH().intValue());
    }
}

public BCECGOST3410PrivateKey(
    org.bouncycastle.jce.spec.ECPrivateKeySpec spec)
{
    this.d = spec.getD();

    if (spec.getParams() != null) // can be null if implicitlyCA
    {
        ECCurve curve = spec.getParams().getCurve();
        EllipticCurve ellipticCurve;

        ellipticCurve = EC5Util.convertCurve(curve, spec.getParams().getSeed());

        this.ecSpec = EC5Util.convertSpec(ellipticCurve, spec.getParams());
    }
    else
    {
        this.ecSpec = null;
    }
}

public BCECGOST3410PublicKey(
    org.bouncycastle.jce.spec.ECPublicKeySpec spec)
{
    this.q = spec.getQ();

    if (spec.getParams() != null) // can be null if implictlyCa
    {
        ECCurve curve = spec.getParams().getCurve();
        EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getParams().getSeed());

        this.ecSpec = EC5Util.convertSpec(ellipticCurve, spec.getParams());
    }
    else
    {
        if (q.getCurve() == null)
        {
            org.bouncycastle.jce.spec.ECParameterSpec s = BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa();

            q = s.getCurve().createPoint(q.getX().toBigInteger(), q.getY().toBigInteger(), false);
        }               
        this.ecSpec = null;
    }
}

public BCECGOST3410PublicKey(
    String algorithm,
    ECPublicKeyParameters params,
    ECParameterSpec spec)
{
    ECDomainParameters      dp = params.getParameters();

    this.algorithm = algorithm;
    this.q = params.getQ();

    if (spec == null)
    {
        EllipticCurve ellipticCurve = EC5Util.convertCurve(dp.getCurve(), dp.getSeed());

        this.ecSpec = createSpec(ellipticCurve, dp);
    }
    else
    {
        this.ecSpec = spec;
    }
}

public static String getCurveName(ECParameterSpec spec)
    throws InvalidAlgorithmParameterException
{
    int curve_id;

    /* Ecc object doesn't need to be initialied before call */
    if (!(spec.getCurve().getField() instanceof ECFieldFp)) {
        throw new InvalidAlgorithmParameterException(
            "Currently only ECFieldFp fields supported");
    }
    ECFieldFp field = (ECFieldFp)spec.getCurve().getField();
    EllipticCurve curve = spec.getCurve();

    curve_id = wc_ecc_get_curve_id_from_params(
                field.getFieldSize(),
                field.getP().toByteArray(),
                curve.getA().toByteArray(),
                curve.getB().toByteArray(),
                spec.getOrder().toByteArray(),
                spec.getGenerator().getAffineX().toByteArray(),
                spec.getGenerator().getAffineY().toByteArray(),
                spec.getCofactor());

    return wc_ecc_get_curve_name_from_id(curve_id);
}

private static ECPoint decodePoint(byte[] data, EllipticCurve curve)
        throws IOException {
    if ((data.length == 0) || (data[0] != 4)) {
        throw new IOException("Only uncompressed point format " +
                              "supported");
    }
    // Per ANSI X9.62, an encoded point is a 1 byte type followed by
    // ceiling(log base 2 field-size / 8) bytes of x and the same of y.
    int n = (data.length - 1) / 2;
    if (n != ((curve.getField().getFieldSize() + 7) >> 3)) {
        throw new IOException("Point does not match field size");
    }

    byte[] xb = Arrays.copyOfRange(data, 1, 1 + n);
    byte[] yb = Arrays.copyOfRange(data, n + 1, n + 1 + n);

    return new ECPoint(new BigInteger(1, xb), new BigInteger(1, yb));
}

private static ECParameterSpec mapNonceGMWithECDH(final BigInteger nonceS,
                                                  final ECPoint sharedSecretPointH,
                                                  final ECParameterSpec params) {
    // D~ = (p, a, b, G~, n, h) where G~ = [s]G + H
    final ECPoint generator = params.getGenerator();
    final EllipticCurve curve = params.getCurve();
    final BigInteger a = curve.getA();
    final BigInteger b = curve.getB();
    final ECFieldFp field = (ECFieldFp)curve.getField();
    final BigInteger p = field.getP();
    final BigInteger order = params.getOrder();
    final int cofactor = params.getCofactor();
    final ECPoint ephemeralGenerator = add(multiply(nonceS, generator, params), sharedSecretPointH, params);
    if (!toBouncyCastleECPoint(ephemeralGenerator, params).isValid()) {
        LOGGER.warning("Se ha generado un punto invalido"); //$NON-NLS-1$
    }
    return new ECParameterSpec(new EllipticCurve(new ECFieldFp(p), a, b), ephemeralGenerator, order, cofactor);
}

private static ECParameterSpec mapNonceGMWithECDH(final BigInteger nonceS,
                                                  final ECPoint sharedSecretPointH,
                                                  final ECParameterSpec params) {
    // D~ = (p, a, b, G~, n, h) where G~ = [s]G + H
    final ECPoint generator = params.getGenerator();
    final EllipticCurve curve = params.getCurve();
    final BigInteger a = curve.getA();
    final BigInteger b = curve.getB();
    final ECFieldFp field = (ECFieldFp)curve.getField();
    final BigInteger p = field.getP();
    final BigInteger order = params.getOrder();
    final int cofactor = params.getCofactor();
    final ECPoint ephemeralGenerator = add(multiply(nonceS, generator, params), sharedSecretPointH, params);
    if (!toSpongyCastleECPoint(ephemeralGenerator, params).isValid()) {
        LOGGER.warning("Se ha generado un punto invalido"); //$NON-NLS-1$
    }
    return new ECParameterSpec(new EllipticCurve(new ECFieldFp(p), a, b), ephemeralGenerator, order, cofactor);
}

public static ECParameterSpec CfcaCurve() {
    // 素数P
    BigInteger p = new BigInteger("FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFF", 16);

    // 基于素数P的有限域
    ECFieldFp gfp = new ECFieldFp(p);

    // 在有限域上的椭圆曲线y2 = x3 + ax + b
    EllipticCurve ellipticCurve = new EllipticCurve(gfp,
            new BigInteger("FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFC", 16),
            new BigInteger("28E9FA9E9D9F5E344D5A9E4BCF6509A7F39789F515AB8F92DDBCBD414D940E93", 16));

    // 基点G
    ECPoint G = new ECPoint(new BigInteger("32C4AE2C1F1981195F9904466A39C9948FE30BBFF2660BE1715A4589334C74C7", 16),
            new BigInteger("BC3736A2F4F6779C59BDCEE36B692153D0A9877CC62A474002DF32E52139F0A0", 16));

    // G的阶
    BigInteger n = new BigInteger("FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123", 16);

    // 设置基点
    ECParameterSpec ecParameterSpec = new ECParameterSpec(ellipticCurve, G, n, 1);
    return ecParameterSpec;
}

public static ECParameterSpec CfcaCurve() {
    // 素数P
    BigInteger p = new BigInteger("FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFF", 16);

    // 基于素数P的有限域
    ECFieldFp gfp = new ECFieldFp(p);

    // 在有限域上的椭圆曲线y2 = x3 + ax + b
    EllipticCurve ellipticCurve = new EllipticCurve(gfp,
            new BigInteger("FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFC", 16),
            new BigInteger("28E9FA9E9D9F5E344D5A9E4BCF6509A7F39789F515AB8F92DDBCBD414D940E93", 16));

    // 基点G
    ECPoint G = new ECPoint(new BigInteger("32C4AE2C1F1981195F9904466A39C9948FE30BBFF2660BE1715A4589334C74C7", 16),
            new BigInteger("BC3736A2F4F6779C59BDCEE36B692153D0A9877CC62A474002DF32E52139F0A0", 16));

    // G的阶
    BigInteger n = new BigInteger("FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123", 16);

    // 设置基点
    ECParameterSpec ecParameterSpec = new ECParameterSpec(ellipticCurve, G, n, 1);
    return ecParameterSpec;
}

private static ECPoint decodePoint(byte[] data, EllipticCurve curve)
        throws IOException {
    if ((data.length == 0) || (data[0] != 4)) {
        throw new IOException("Only uncompressed point format " +
                              "supported");
    }
    // Per ANSI X9.62, an encoded point is a 1 byte type followed by
    // ceiling(log base 2 field-size / 8) bytes of x and the same of y.
    int n = (data.length - 1) / 2;
    if (n != ((curve.getField().getFieldSize() + 7) >> 3)) {
        throw new IOException("Point does not match field size");
    }

    byte[] xb = Arrays.copyOfRange(data, 1, 1 + n);
    byte[] yb = Arrays.copyOfRange(data, n + 1, n + 1 + n);

    return new ECPoint(new BigInteger(1, xb), new BigInteger(1, yb));
}

ECParameterSpec getECParameterSpec() {
    final String curveName = NativeCrypto.EC_GROUP_get_curve_name(groupCtx);

    final byte[][] curveParams = NativeCrypto.EC_GROUP_get_curve(groupCtx);
    final BigInteger p = new BigInteger(curveParams[0]);
    final BigInteger a = new BigInteger(curveParams[1]);
    final BigInteger b = new BigInteger(curveParams[2]);

    final ECField field = new ECFieldFp(p);

    final EllipticCurve curve = new EllipticCurve(field, a, b);

    final OpenSSLECPointContext generatorCtx = new OpenSSLECPointContext(this,
            new NativeRef.EC_POINT(NativeCrypto.EC_GROUP_get_generator(groupCtx)));
    final ECPoint generator = generatorCtx.getECPoint();

    final BigInteger order = new BigInteger(NativeCrypto.EC_GROUP_get_order(groupCtx));
    final BigInteger cofactor = new BigInteger(NativeCrypto.EC_GROUP_get_cofactor(groupCtx));

    ECParameterSpec spec = new ECParameterSpec(curve, generator, order, cofactor.intValue());
    Platform.setCurveName(spec, curveName);
    return spec;
}

private static ECPoint decodePoint(byte[] data, EllipticCurve curve)
        throws IOException {
    if (data.length == 0 || data[0] != 4) {
        throw new IOException("Only uncompressed point format " +
                              "supported");
    }
    // Per ANSI X9.62, an encoded point is a 1 byte type followed by
    // ceiling(log base 2 field-size / 8) bytes of x and the same of y.
    int n = (data.length - 1) / 2;
    if (n != (curve.getField().getFieldSize() + 7) >> 3) {
        throw new IOException("Point does not match field size");
    }

    byte[] xb = Arrays.copyOfRange(data, 1, 1 + n);
    byte[] yb = Arrays.copyOfRange(data, n + 1, n + 1 + n);

    return new ECPoint(new BigInteger(1, xb), new BigInteger(1, yb));
}

/**
 * Returns this key as ECPublicKeySpec or null if the key cannot be represented as
 * ECPublicKeySpec. The later happens for example if the order of cofactor are not positive.
 */
public ECPublicKeySpec getSpec() {
  try {
    ECFieldFp fp = new ECFieldFp(p);
    EllipticCurve curve = new EllipticCurve(fp, a, b);
    ECPoint g = new ECPoint(gx, gy);
    // ECParameterSpec requires that the cofactor h is specified.
    if (h == null) {
      return null;
    }
    ECParameterSpec params = new ECParameterSpec(curve, g, n, h);
    ECPoint pubPoint = new ECPoint(pubx, puby);
    ECPublicKeySpec pub = new ECPublicKeySpec(pubPoint, params);
    return pub;
  } catch (Exception ex) {
    System.out.println(comment + " throws " + ex.toString());
    return null;
  }
}

public static ECParameterSpec getNistCurveSpec(
    String decimalP, String decimalN, String hexB, String hexGX, String hexGY) {
  final BigInteger p = new BigInteger(decimalP);
  final BigInteger n = new BigInteger(decimalN);
  final BigInteger three = new BigInteger("3");
  final BigInteger a = p.subtract(three);
  final BigInteger b = new BigInteger(hexB, 16);
  final BigInteger gx = new BigInteger(hexGX, 16);
  final BigInteger gy = new BigInteger(hexGY, 16);
  final int h = 1;
  ECFieldFp fp = new ECFieldFp(p);
  java.security.spec.EllipticCurve curveSpec = new java.security.spec.EllipticCurve(fp, a, b);
  ECPoint g = new ECPoint(gx, gy);
  ECParameterSpec ecSpec = new ECParameterSpec(curveSpec, g, n, h);
  return ecSpec;
}

public static ECParameterSpec getBrainpoolP256r1Params() {
  BigInteger p =
      new BigInteger("A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377", 16);
  BigInteger a =
      new BigInteger("7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9", 16);
  BigInteger b =
      new BigInteger("26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6", 16);
  BigInteger x =
      new BigInteger("8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262", 16);
  BigInteger y =
      new BigInteger("547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997", 16);
  BigInteger n =
      new BigInteger("A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7", 16);
  final int h = 1;
  ECFieldFp fp = new ECFieldFp(p);
  EllipticCurve curve = new EllipticCurve(fp, a, b);
  ECPoint g = new ECPoint(x, y);
  return new ECParameterSpec(curve, g, n, h);
}

/**
 * Checks that a point is on a given elliptic curve. This method implements the partial public key
 * validation routine from Section 5.6.2.6 of NIST SP 800-56A
 * http://csrc.nist.gov/publications/nistpubs/800-56A/SP800-56A_Revision1_Mar08-2007.pdf A partial
 * public key validation is sufficient for curves with cofactor 1. See Section B.3 of
 * http://www.nsa.gov/ia/_files/SuiteB_Implementer_G-113808.pdf The point validations above are
 * taken from recommendations for ECDH, because parameter checks in ECDH are much more important
 * than for the case of ECDSA. Performing this test for ECDSA keys is mainly a sanity check.
 *
 * @param point the point that needs verification
 * @param ec the elliptic curve. This must be a curve over a prime order field.
 * @throws GeneralSecurityException if the field is binary or if the point is not on the curve.
 */
public static void checkPointOnCurve(ECPoint point, EllipticCurve ec)
    throws GeneralSecurityException {
  BigInteger p = getModulus(ec);
  BigInteger x = point.getAffineX();
  BigInteger y = point.getAffineY();
  if (x == null || y == null) {
    throw new GeneralSecurityException("point is at infinity");
  }
  // Check 0 <= x < p and 0 <= y < p.
  if (x.signum() == -1 || x.compareTo(p) != -1) {
    throw new GeneralSecurityException("x is out of range");
  }
  if (y.signum() == -1 || y.compareTo(p) != -1) {
    throw new GeneralSecurityException("y is out of range");
  }
  // Check y^2 == x^3 + a x + b (mod p)
  BigInteger lhs = y.multiply(y).mod(p);
  BigInteger rhs = x.multiply(x).add(ec.getA()).multiply(x).add(ec.getB()).mod(p);
  if (!lhs.equals(rhs)) {
    throw new GeneralSecurityException("Point is not on curve");
  }
}

/**
 * Decompress a point
 *
 * @param x The x-coordinate of the point
 * @param bit0 true if the least significant bit of y is set.
 * @param ecParams contains the curve of the point. This must be over a prime order field.
 */
public static ECPoint getPoint(BigInteger x, boolean bit0, ECParameterSpec ecParams)
    throws GeneralSecurityException {
  EllipticCurve ec = ecParams.getCurve();
  ECField field = ec.getField();
  if (!(field instanceof ECFieldFp)) {
    throw new GeneralSecurityException("Only curves over prime order fields are supported");
  }
  BigInteger p = ((java.security.spec.ECFieldFp) field).getP();
  if (x.compareTo(BigInteger.ZERO) == -1 || x.compareTo(p) != -1) {
    throw new GeneralSecurityException("x is out of range");
  }
  // Compute rhs == x^3 + a x + b (mod p)
  BigInteger rhs = x.multiply(x).add(ec.getA()).multiply(x).add(ec.getB()).mod(p);
  BigInteger y = modSqrt(rhs, p);
  if (bit0 != y.testBit(0)) {
    y = p.subtract(y).mod(p);
  }
  return new ECPoint(x, y);
}

/**
 * Returns a weak public key of order 3 such that the public key point is on the curve specified
 * in ecParams. This method is used to check ECC implementations for missing step in the
 * verification of the public key. E.g. implementations of ECDH must verify that the public key
 * contains a point on the curve as well as public and secret key are using the same curve.
 *
 * @param ecParams the parameters of the key to attack. This must be a curve in Weierstrass form
 *     over a prime order field.
 * @return a weak EC group with a genrator of order 3.
 */
public static ECPublicKeySpec getWeakPublicKey(ECParameterSpec ecParams)
    throws GeneralSecurityException {
  EllipticCurve curve = ecParams.getCurve();
  KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC");
  keyGen.initialize(ecParams);
  BigInteger p = getModulus(curve);
  BigInteger three = new BigInteger("3");
  while (true) {
    // Generate a point on the original curve
    KeyPair keyPair = keyGen.generateKeyPair();
    ECPublicKey pub = (ECPublicKey) keyPair.getPublic();
    ECPoint w = pub.getW();
    BigInteger x = w.getAffineX();
    BigInteger y = w.getAffineY();
    // Find the curve parameters a,b such that 3*w = infinity.
    // This is the case if the following equations are satisfied:
    //    3x == l^2 (mod p)
    //    l == (3x^2 + a) / 2*y (mod p)
    //    y^2 == x^3 + ax + b (mod p)
    BigInteger l;
    try {
      l = modSqrt(x.multiply(three), p);
    } catch (GeneralSecurityException ex) {
      continue;
    }
    BigInteger xSqr = x.multiply(x).mod(p);
    BigInteger a = l.multiply(y.add(y)).subtract(xSqr.multiply(three)).mod(p);
    BigInteger b = y.multiply(y).subtract(x.multiply(xSqr.add(a))).mod(p);
    EllipticCurve newCurve = new EllipticCurve(curve.getField(), a, b);
    // Just a sanity check.
    checkPointOnCurve(w, newCurve);
    // Cofactor and order are of course wrong.
    ECParameterSpec spec = new ECParameterSpec(newCurve, w, p, 1);
    return new ECPublicKeySpec(w, spec);
  }
}

/**
 * Encode EllipticCurvePoint to an OctetString
 */
public static byte[] encodeECPoint(ECPoint group, EllipticCurve curve)
{
    // M has len 2 ceil(log_2(q)/8) + 1 ?
    int elementSize = (curve.getField().getFieldSize() + 7) / 8;
    byte[] M = new byte[2 * elementSize + 1];

    // Uncompressed format
    M[0] = 0x04;

    {
        byte[] affineX = removeLeadingZeroes(group.getAffineX().toByteArray());
        System.arraycopy(affineX, 0, M, 1 + elementSize - affineX.length, affineX.length);
    }

    {
        byte[] affineY = removeLeadingZeroes(group.getAffineY().toByteArray());
        System.arraycopy(affineY, 0, M, 1 + elementSize + elementSize - affineY.length,
                         affineY.length);
    }

    return M;
}

public JCEECPrivateKey(
    String              algorithm,
    org.bouncycastle.jce.spec.ECPrivateKeySpec     spec)
{
    this.algorithm = algorithm;
    this.d = spec.getD();

    if (spec.getParams() != null) // can be null if implicitlyCA
    {
        ECCurve curve = spec.getParams().getCurve();
        EllipticCurve ellipticCurve;

        ellipticCurve = EC5Util.convertCurve(curve, spec.getParams().getSeed());

        this.ecSpec = EC5Util.convertSpec(ellipticCurve, spec.getParams());
    }
    else
    {
        this.ecSpec = null;
    }
}

public JCEECPublicKey(
    String              algorithm,
    org.bouncycastle.jce.spec.ECPublicKeySpec     spec)
{
    this.algorithm = algorithm;
    this.q = spec.getQ();

    if (spec.getParams() != null) // can be null if implictlyCa
    {
        ECCurve curve = spec.getParams().getCurve();
        EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getParams().getSeed());

        this.ecSpec = EC5Util.convertSpec(ellipticCurve, spec.getParams());
    }
    else
    {
        if (q.getCurve() == null)
        {
            org.bouncycastle.jce.spec.ECParameterSpec s = BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa();

            q = s.getCurve().createPoint(q.getAffineXCoord().toBigInteger(), q.getAffineYCoord().toBigInteger(), false);
        }               
        this.ecSpec = null;
    }
}

public JCEECPublicKey(
    String                  algorithm,
    ECPublicKeyParameters   params,
    ECParameterSpec         spec)
{
    ECDomainParameters      dp = params.getParameters();

    this.algorithm = algorithm;
    this.q = params.getQ();

    if (spec == null)
    {
        EllipticCurve ellipticCurve = EC5Util.convertCurve(dp.getCurve(), dp.getSeed());

        this.ecSpec = createSpec(ellipticCurve, dp);
    }
    else
    {
        this.ecSpec = spec;
    }
}

private ECParameterSpec getParams(ECDSAPublicKey key)
{
    if (!key.hasParameters())
    {
        throw new IllegalArgumentException("Public key does not contains EC Params");
    }

    BigInteger p = key.getPrimeModulusP();
    ECCurve.Fp curve = new ECCurve.Fp(p, key.getFirstCoefA(), key.getSecondCoefB(), key.getOrderOfBasePointR(), key.getCofactorF());

    ECPoint G = curve.decodePoint(key.getBasePointG());

    BigInteger order = key.getOrderOfBasePointR();
    BigInteger coFactor = key.getCofactorF();

    EllipticCurve jcaCurve = convertCurve(curve);

    return new ECParameterSpec(jcaCurve, new java.security.spec.ECPoint(G.getAffineXCoord().toBigInteger(), G.getAffineYCoord().toBigInteger()), order, coFactor.intValue());
}

private static ECCurve convertCurve(
    EllipticCurve ec, BigInteger order, int coFactor)
{
    ECField field = ec.getField();
    BigInteger a = ec.getA();
    BigInteger b = ec.getB();

    if (field instanceof ECFieldFp)
    {
        return new ECCurve.Fp(((ECFieldFp)field).getP(), a, b, order, BigInteger.valueOf(coFactor));
    }
    else
    {
        throw new IllegalStateException("not implemented yet!!!");
    }
}

public BCDSTU4145PrivateKey(
    org.bouncycastle.jce.spec.ECPrivateKeySpec spec)
{
    this.d = spec.getD();

    if (spec.getParams() != null) // can be null if implicitlyCA
    {
        ECCurve curve = spec.getParams().getCurve();
        EllipticCurve ellipticCurve;

        ellipticCurve = EC5Util.convertCurve(curve, spec.getParams().getSeed());

        this.ecSpec = EC5Util.convertSpec(ellipticCurve, spec.getParams());
    }
    else
    {
        this.ecSpec = null;
    }
}

public BCDSTU4145PublicKey(
    org.bouncycastle.jce.spec.ECPublicKeySpec spec)
{
    this.q = spec.getQ();

    if (spec.getParams() != null) // can be null if implictlyCa
    {
        ECCurve curve = spec.getParams().getCurve();
        EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getParams().getSeed());

        this.ecSpec = EC5Util.convertSpec(ellipticCurve, spec.getParams());
    }
    else
    {
        if (q.getCurve() == null)
        {
            org.bouncycastle.jce.spec.ECParameterSpec s = BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa();

            q = s.getCurve().createPoint(q.getAffineXCoord().toBigInteger(), q.getAffineYCoord().toBigInteger());
        }
        this.ecSpec = null;
    }
}

public BCDSTU4145PublicKey(
    String algorithm,
    ECPublicKeyParameters params,
    ECParameterSpec spec)
{
    ECDomainParameters dp = params.getParameters();

    this.algorithm = algorithm;
    this.q = params.getQ();

    if (spec == null)
    {
        EllipticCurve ellipticCurve = EC5Util.convertCurve(dp.getCurve(), dp.getSeed());

        this.ecSpec = createSpec(ellipticCurve, dp);
    }
    else
    {
        this.ecSpec = spec;
    }
}