/************* * This method will create the ECDSA public and private key which is returned in a Byte array of Byte arrays, index 0 is the private key and * index 1 of the array will return the ECDSA public key * * -Wisdom: This guy didn't check whether the returned Private Key would be more than 32. * @return */ private byte[][] ECDSAgeneratePublicAndPrivateKey(){ int length = 0; byte[][] keys; do{ ECKeyPairGenerator gen = new ECKeyPairGenerator(); SecureRandom secureRandom = new SecureRandom(); X9ECParameters secnamecurves = SECNamedCurves.getByName("secp256k1"); ECDomainParameters ecParams = new ECDomainParameters(secnamecurves.getCurve(), secnamecurves.getG(), secnamecurves.getN(), secnamecurves.getH()); ECKeyGenerationParameters keyGenParam = new ECKeyGenerationParameters(ecParams, secureRandom); gen.init(keyGenParam); AsymmetricCipherKeyPair kp = gen.generateKeyPair(); ECPrivateKeyParameters privatekey = (ECPrivateKeyParameters)kp.getPrivate(); ECPoint dd = secnamecurves.getG().multiply(privatekey.getD()); byte[] publickey=new byte[65]; System.arraycopy(dd.getY().toBigInteger().toByteArray(), 0, publickey, 64-dd.getY().toBigInteger().toByteArray().length+1, dd.getY().toBigInteger().toByteArray().length); System.arraycopy(dd.getX().toBigInteger().toByteArray(), 0, publickey, 32-dd.getX().toBigInteger().toByteArray().length+1, dd.getX().toBigInteger().toByteArray().length); publickey[0]=4; length = privatekey.getD().toByteArray().length; keys = new byte[][]{privatekey.getD().toByteArray(),publickey}; }while(length != 32); return keys; }
@Test public void curveTest() { final X9ECParameters curve = NISTNamedCurves.getByName("P-384"); final ECDomainParameters domainParameters = new ECDomainParameters( curve.getCurve(), curve.getG(), curve.getN()); final SecureRandom random = new SecureRandom(); final ECKeyPairGenerator gen = new ECKeyPairGenerator(); gen.init(new ECKeyGenerationParameters(domainParameters, random)); final AsymmetricCipherKeyPair senderPair = gen.generateKeyPair(); final AsymmetricCipherKeyPair receiverPair = gen.generateKeyPair(); final ECDHBasicAgreement senderAgreement = new ECDHBasicAgreement(); senderAgreement.init(senderPair.getPrivate()); final BigInteger senderResult = senderAgreement.calculateAgreement( receiverPair.getPublic()); final ECDHBasicAgreement receiverAgreement = new ECDHBasicAgreement(); receiverAgreement.init(receiverPair.getPrivate()); final BigInteger receiverResult = receiverAgreement.calculateAgreement( senderPair.getPublic()); assertEquals(senderResult, receiverResult); //System.out.println(receiverResult); }
@Test public void curveTest() { final X9ECParameters curve = NISTNamedCurves.getByName("P-384"); final ECDomainParameters domainParameters = new ECDomainParameters( curve.getCurve(), curve.getG(), curve.getN()); final SecureRandom random = new SecureRandom(); final ECKeyPairGenerator gen = new ECKeyPairGenerator(); gen.init(new ECKeyGenerationParameters(domainParameters, random)); final AsymmetricCipherKeyPair senderPair = gen.generateKeyPair(); final ECDSASigner signer = new ECDSASigner(); signer.init(true, senderPair.getPrivate()); final byte[] message = "The magic words are squeamish ossifrage".getBytes( Constants.ASCII); final SHA384Digest digester = new SHA384Digest(); digester.update(message, 0, message.length); final byte[] digest = new byte[digester.getDigestSize()]; digester.doFinal(digest, 0); final BigInteger[] signature = signer.generateSignature(digest); final ECDSASigner verifier = new ECDSASigner(); verifier.init(false, senderPair.getPublic()); assertTrue(verifier.verifySignature(digest, signature[0], signature[1])); }
private void doTestOnPeers(int numberOfPeers) { X9ECParameters params = SECNamedCurves.getByName("secp256r1"); ECKeyPairGenerator kpGen = new ECKeyPairGenerator(); ECDomainParameters domainParams = new ECDomainParameters(params.getCurve(), params.getG(), params.getN(), params.getH(), params.getSeed()); kpGen.init(new ECKeyGenerationParameters(domainParams, new SecureRandom())); AsymmetricCipherKeyPair[] kps = new AsymmetricCipherKeyPair[numberOfPeers]; // Generate Private Keys - normally this would be done by each // individual server. For this example we will just create them in an // array. for (int i = 0; i < kps.length; i++) { kps[i] = kpGen.generateKeyPair(); } doTest(domainParams, kps, numberOfPeers - 1, true, 1); doTest(domainParams, kps, numberOfPeers - 2, true, 1); doTest(domainParams, kps, numberOfPeers - 2, true, 1, 3); doTest(domainParams, kps, numberOfPeers - 1, false, 1, 3); }
public static AsymmetricCipherKeyPair generateECKeyPair(SecureRandom random, ECDomainParameters ecParams) { ECKeyPairGenerator keyPairGenerator = new ECKeyPairGenerator(); ECKeyGenerationParameters keyGenerationParameters = new ECKeyGenerationParameters(ecParams, random); keyPairGenerator.init(keyGenerationParameters); return keyPairGenerator.generateKeyPair(); }
/** * Create a new PrivateKey using the platform provided secure random source. * * @param compressed set to false if you relly want legacy format * @return new PrivateKey */ public static PrivateKey createNew(boolean compressed) { ECKeyPairGenerator generator = new ECKeyPairGenerator(); ECKeyGenerationParameters keygenParams = new ECKeyGenerationParameters(domain, secureRandom); generator.init(keygenParams); AsymmetricCipherKeyPair keypair = generator.generateKeyPair(); ECPrivateKeyParameters privParams = (ECPrivateKeyParameters) keypair.getPrivate(); ECPublicKeyParameters pubParams = (ECPublicKeyParameters) keypair.getPublic(); return new PrivateKey(privParams.getD(), compressed, pubParams.getQ().getEncoded(compressed)); }
public static AsymmetricCipherKeyPair generateECPublicKey() { // Should we also generate random curves? X9ECParameters ecp = SECNamedCurves.getByName(getRandomCurveName()); ECKeyPairGenerator keygen = new ECKeyPairGenerator(); ECDomainParameters domainParams = new ECDomainParameters(ecp.getCurve(), ecp.getG(), ecp.getN(), ecp.getH(), ecp.getSeed()); keygen.init(new ECKeyGenerationParameters(domainParams, RandomHelper.getBadSecureRandom())); return keygen.generateKeyPair(); }
private void testECMQVRandom() { SecureRandom random = new SecureRandom(); BigInteger n = new BigInteger("883423532389192164791648750360308884807550341691627752275345424702807307"); ECCurve.Fp curve = new ECCurve.Fp( new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"), // q new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16), // a new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16), // b n, ECConstants.ONE); ECDomainParameters parameters = new ECDomainParameters( curve, curve.decodePoint(Hex.decode("020ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf")), // G n); ECKeyPairGenerator pGen = new ECKeyPairGenerator(); pGen.init(new ECKeyGenerationParameters(parameters, random)); // Pre-established key pairs AsymmetricCipherKeyPair U1 = pGen.generateKeyPair(); AsymmetricCipherKeyPair V1 = pGen.generateKeyPair(); // Ephemeral key pairs AsymmetricCipherKeyPair U2 = pGen.generateKeyPair(); AsymmetricCipherKeyPair V2 = pGen.generateKeyPair(); BigInteger x = calculateAgreement(U1, U2, V1, V2); if (x == null) { fail("MQV Test Vector (random) agreement failed"); } }
public void performTest() throws Exception { doStaticTest(null); doStaticTest(TWOFISH_IV); doShortTest(null); BigInteger n = new BigInteger("6277101735386680763835789423176059013767194773182842284081"); ECCurve.Fp curve = new ECCurve.Fp( new BigInteger("6277101735386680763835789423207666416083908700390324961279"), // q new BigInteger("fffffffffffffffffffffffffffffffefffffffffffffffc", 16), // a new BigInteger("64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1", 16), // b n, ECConstants.ONE); ECDomainParameters params = new ECDomainParameters( curve, curve.decodePoint(Hex.decode("03188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012")), // G n); ECKeyPairGenerator eGen = new ECKeyPairGenerator(); KeyGenerationParameters gParam = new ECKeyGenerationParameters(params, new SecureRandom()); eGen.init(gParam); AsymmetricCipherKeyPair p1 = eGen.generateKeyPair(); AsymmetricCipherKeyPair p2 = eGen.generateKeyPair(); doTest(p1, p2); doEphemeralTest(null, false); doEphemeralTest(null, true); doEphemeralTest(TWOFISH_IV, false); doEphemeralTest(TWOFISH_IV, true); }
@Override public byte[] createNewPrivateKey() { ECKeyPairGenerator generator = new ECKeyPairGenerator(); ECKeyGenerationParameters keygenParams = new ECKeyGenerationParameters(domain, secureRandom); generator.init(keygenParams); AsymmetricCipherKeyPair keypair = generator.generateKeyPair(); ECPrivateKeyParameters privParams = (ECPrivateKeyParameters) keypair.getPrivate(); return privParams.getD().toByteArray(); }
private void ECDH_GenerateEphemeral() throws CoseException { X9ECParameters p = privateKey.GetCurve(); ECDomainParameters parameters = new ECDomainParameters(p.getCurve(), p.getG(), p.getN(), p.getH()); ECKeyPairGenerator pGen = new ECKeyPairGenerator(); ECKeyGenerationParameters genParam = new ECKeyGenerationParameters(parameters, null); pGen.init(genParam); AsymmetricCipherKeyPair p1 = pGen.generateKeyPair(); CBORObject epk = CBORObject.NewMap(); epk.Add(KeyKeys.KeyType.AsCBOR(), KeyKeys.KeyType_EC2); epk.Add(KeyKeys.EC2_Curve.AsCBOR(), privateKey.get(KeyKeys.EC2_Curve.AsCBOR())); ECPublicKeyParameters priv = (ECPublicKeyParameters) p1.getPublic(); byte[] rgbEncoded = priv.getQ().normalize().getEncoded(true); byte[] X = new byte[rgbEncoded.length - 1]; System.arraycopy(rgbEncoded, 1, X, 0, X.length); epk.Add(KeyKeys.EC2_X.AsCBOR(), CBORObject.FromObject(X)); epk.Add(KeyKeys.EC2_Y.AsCBOR(), CBORObject.FromObject((rgbEncoded[0] & 1) == 1)); addAttribute(HeaderKeys.ECDH_EPK, epk, Attribute.UNPROTECTED); OneKey secretKey = new OneKey(); secretKey.add(KeyKeys.KeyType, KeyKeys.KeyType_EC2); secretKey.add(KeyKeys.EC2_Curve, privateKey.get(KeyKeys.EC2_Curve.AsCBOR())); secretKey.add(KeyKeys.EC2_X, CBORObject.FromObject(X)); secretKey.add(KeyKeys.EC2_Y, CBORObject.FromObject((rgbEncoded[0] & 1) == 1)); ECPrivateKeyParameters priv1 = (ECPrivateKeyParameters) p1.getPrivate(); secretKey.add(KeyKeys.EC2_D, CBORObject.FromObject(BigIntegers.asUnsignedByteArray( priv1.getD()))); senderKey = secretKey; }
static private OneKey generateECDSAKey(String curveName, CBORObject curve) { X9ECParameters p = NISTNamedCurves.getByName(curveName); ECDomainParameters parameters = new ECDomainParameters(p.getCurve(), p.getG(), p.getN(), p.getH()); ECKeyPairGenerator pGen = new ECKeyPairGenerator(); ECKeyGenerationParameters genParam = new ECKeyGenerationParameters(parameters, null); pGen.init(genParam); AsymmetricCipherKeyPair p1 = pGen.generateKeyPair(); ECPublicKeyParameters keyPublic = (ECPublicKeyParameters) p1.getPublic(); ECPrivateKeyParameters keyPrivate = (ECPrivateKeyParameters) p1.getPrivate(); byte[] rgbX = keyPublic.getQ().normalize().getXCoord().getEncoded(); byte[] rgbY = keyPublic.getQ().normalize().getYCoord().getEncoded(); boolean signY = true; byte[] rgbD = keyPrivate.getD().toByteArray(); OneKey key = new OneKey(); key.add(KeyKeys.KeyType, KeyKeys.KeyType_EC2); key.add(KeyKeys.EC2_Curve, curve); key.add(KeyKeys.EC2_X, CBORObject.FromObject(rgbX)); key.add(KeyKeys.EC2_Y, CBORObject.FromObject(rgbY)); key.add(KeyKeys.EC2_D, CBORObject.FromObject(rgbD)); return key; }
@BeforeClass public static void setUpClass() throws CoseException { X9ECParameters p = NISTNamedCurves.getByName("P-256"); ECDomainParameters parameters = new ECDomainParameters(p.getCurve(), p.getG(), p.getN(), p.getH()); ECKeyPairGenerator pGen = new ECKeyPairGenerator(); ECKeyGenerationParameters genParam = new ECKeyGenerationParameters(parameters, null); pGen.init(genParam); AsymmetricCipherKeyPair p1 = pGen.generateKeyPair(); keyPublic = (ECPublicKeyParameters) p1.getPublic(); keyPrivate = (ECPrivateKeyParameters) p1.getPrivate(); byte[] rgbX = keyPublic.getQ().normalize().getXCoord().getEncoded(); byte[] rgbY = keyPublic.getQ().normalize().getYCoord().getEncoded(); boolean signY = true; byte[] rgbD = keyPrivate.getD().toByteArray(); CBORObject key = CBORObject.NewMap(); key.Add(KeyKeys.KeyType.AsCBOR(), KeyKeys.KeyType_EC2); key.Add(KeyKeys.EC2_Curve.AsCBOR(), KeyKeys.EC2_P256); key.Add(KeyKeys.EC2_X.AsCBOR(), rgbX); key.Add(KeyKeys.EC2_Y.AsCBOR(), rgbY); cnKeyPublic = new OneKey(key); key = CBORObject.NewMap(); key.Add(KeyKeys.KeyType.AsCBOR(), KeyKeys.KeyType_EC2); key.Add(KeyKeys.EC2_Curve.AsCBOR(), KeyKeys.EC2_P256); key.Add(KeyKeys.EC2_X.AsCBOR(), rgbX); key.Add(KeyKeys.EC2_Y.AsCBOR(), rgbY); cnKeyPublicCompressed = new OneKey(key); key = CBORObject.NewMap(); key.Add(KeyKeys.KeyType.AsCBOR(), KeyKeys.KeyType_EC2); key.Add(KeyKeys.EC2_Curve.AsCBOR(), KeyKeys.EC2_P256); key.Add(KeyKeys.EC2_D.AsCBOR(), rgbD); cnKeyPrivate = new OneKey(key); }
@Override public KeyPair generateKeyPair() { final ECKeyPairGenerator generator = new ECKeyPairGenerator(); final ECKeyGenerationParameters keyGenParams = new ECKeyGenerationParameters(SecP256K1Curve.secp256k1().getParams(), RANDOM); generator.init(keyGenParams); final AsymmetricCipherKeyPair keyPair = generator.generateKeyPair(); final ECPrivateKeyParameters privateKeyParams = (ECPrivateKeyParameters)keyPair.getPrivate(); final PrivateKey privateKey = new PrivateKey(privateKeyParams.getD()); return new KeyPair(privateKey, CryptoEngines.secp256k1Engine()); }
/** * Creates an ECKey with a new public/private key pair. Point compression is used * so the resulting public key will be 33 bytes (32 bytes for the x-coordinate and * 1 byte to represent the y-coordinate sign) */ public ECKey() { ECKeyPairGenerator keyGenerator = new ECKeyPairGenerator(); ECKeyGenerationParameters keyGenParams = new ECKeyGenerationParameters(ecParams, secureRandom); keyGenerator.init(keyGenParams); AsymmetricCipherKeyPair keyPair = keyGenerator.generateKeyPair(); ECPrivateKeyParameters privKeyParams = (ECPrivateKeyParameters)keyPair.getPrivate(); ECPublicKeyParameters pubKeyParams = (ECPublicKeyParameters)keyPair.getPublic(); privKey = privKeyParams.getD(); pubKey = pubKeyParams.getQ().getEncoded(true); creationTime = System.currentTimeMillis()/1000; isCompressed = true; }
public static ECKeyPair createNew (boolean compressed) { ECKeyPairGenerator generator = new ECKeyPairGenerator (); ECKeyGenerationParameters keygenParams = new ECKeyGenerationParameters (domain, secureRandom); generator.init (keygenParams); AsymmetricCipherKeyPair keypair = generator.generateKeyPair (); ECPrivateKeyParameters privParams = (ECPrivateKeyParameters) keypair.getPrivate (); ECPublicKeyParameters pubParams = (ECPublicKeyParameters) keypair.getPublic (); ECKeyPair k = new ECKeyPair (); k.priv = privParams.getD (); k.compressed = compressed; k.pub = pubParams.getQ ().getEncoded (compressed); return k; }
public synchronized AsymmetricCipherKeyPair generateKeyPair(String keyID, Algorithm algorithm, int numberOfPeers, ECDomainParameters domainParameters, ECPoint h) { if (!paramsMap.containsKey(keyID)) { ECKeyPairGenerator kpGen = new ECKeyPairGenerator(); kpGen.init(new ECKeyGenerationParameters(domainParameters, new SecureRandom())); AsymmetricCipherKeyPair kp = kpGen.generateKeyPair(); sharedPrivateKeyMap.init(keyID, numberOfPeers); sharedPublicKeyMap.init(keyID, numberOfPeers); if (algorithm.equals(Algorithm.ECDSA)) { signingKeys.add(keyID); } hMap.put(keyID, h); paramsMap.put(keyID, ((ECPublicKeyParameters)kp.getPublic()).getParameters()); return kp; } else { throw new IllegalStateException("Key " + keyID + " already exists."); } }
/** * key generation test */ private void testECDSAKeyGenTest() { SecureRandom random = new SecureRandom(); ECCurve.Fp curve = new ECCurve.Fp( new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"), // q new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16), // a new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16)); // b ECDomainParameters params = new ECDomainParameters( curve, curve.decodePoint(Hex.decode("020ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf")), // G new BigInteger("883423532389192164791648750360308884807550341691627752275345424702807307")); // n ECKeyPairGenerator pGen = new ECKeyPairGenerator(); ECKeyGenerationParameters genParam = new ECKeyGenerationParameters( params, random); pGen.init(genParam); AsymmetricCipherKeyPair pair = pGen.generateKeyPair(); ParametersWithRandom param = new ParametersWithRandom(pair.getPrivate(), random); ECDSASigner ecdsa = new ECDSASigner(); ecdsa.init(true, param); byte[] message = new BigInteger("968236873715988614170569073515315707566766479517").toByteArray(); BigInteger[] sig = ecdsa.generateSignature(message); ecdsa.init(false, pair.getPublic()); if (!ecdsa.verifySignature(message, sig[0], sig[1])) { fail("signature fails"); } }
private void testECMQVRandom() { SecureRandom random = new SecureRandom(); ECCurve.Fp curve = new ECCurve.Fp( new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"), // q new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16), // a new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16)); // b ECDomainParameters parameters = new ECDomainParameters( curve, curve.decodePoint(Hex.decode("020ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf")), // G new BigInteger("883423532389192164791648750360308884807550341691627752275345424702807307")); // n ECKeyPairGenerator pGen = new ECKeyPairGenerator(); pGen.init(new ECKeyGenerationParameters(parameters, random)); // Pre-established key pairs AsymmetricCipherKeyPair U1 = pGen.generateKeyPair(); AsymmetricCipherKeyPair V1 = pGen.generateKeyPair(); // Ephemeral key pairs AsymmetricCipherKeyPair U2 = pGen.generateKeyPair(); AsymmetricCipherKeyPair V2 = pGen.generateKeyPair(); BigInteger x = calculateAgreement(U1, U2, V1, V2); if (x == null) { fail("MQV Test Vector (random) agreement failed"); } }
public void performTest() throws Exception { staticTest(); ECCurve.Fp curve = new ECCurve.Fp( new BigInteger("6277101735386680763835789423207666416083908700390324961279"), // q new BigInteger("fffffffffffffffffffffffffffffffefffffffffffffffc", 16), // a new BigInteger("64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1", 16)); // b ECDomainParameters params = new ECDomainParameters( curve, curve.decodePoint(Hex.decode("03188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012")), // G new BigInteger("6277101735386680763835789423176059013767194773182842284081")); // n ECKeyPairGenerator eGen = new ECKeyPairGenerator(); KeyGenerationParameters gParam = new ECKeyGenerationParameters(params, new SecureRandom()); eGen.init(gParam); AsymmetricCipherKeyPair p1 = eGen.generateKeyPair(); AsymmetricCipherKeyPair p2 = eGen.generateKeyPair(); doTest(p1, p2); doEphemeralTest(); }
/** * generate a signature for the given message using the key we were * initialised with. Generally, the order of the curve should be at * least as long as the hash of the message of interest, and with * ECNR it *must* be at least as long. * * @param digest the digest to be signed. * @exception DataLengthException if the digest is longer than the key allows */ public BigInteger[] generateSignature( byte[] digest) { if (! this.forSigning) { throw new IllegalStateException("not initialised for signing"); } BigInteger n = ((ECPrivateKeyParameters)this.key).getParameters().getN(); int nBitLength = n.bitLength(); BigInteger e = new BigInteger(1, digest); int eBitLength = e.bitLength(); ECPrivateKeyParameters privKey = (ECPrivateKeyParameters)key; if (eBitLength > nBitLength) { throw new DataLengthException("input too large for ECNR key."); } BigInteger r = null; BigInteger s = null; AsymmetricCipherKeyPair tempPair; do // generate r { // generate another, but very temporary, key pair using // the same EC parameters ECKeyPairGenerator keyGen = new ECKeyPairGenerator(); keyGen.init(new ECKeyGenerationParameters(privKey.getParameters(), this.random)); tempPair = keyGen.generateKeyPair(); // BigInteger Vx = tempPair.getPublic().getW().getAffineX(); ECPublicKeyParameters V = (ECPublicKeyParameters)tempPair.getPublic(); // get temp's public key BigInteger Vx = V.getQ().getX().toBigInteger(); // get the point's x coordinate r = Vx.add(e).mod(n); } while (r.equals(ECConstants.ZERO)); // generate s BigInteger x = privKey.getD(); // private key value BigInteger u = ((ECPrivateKeyParameters)tempPair.getPrivate()).getD(); // temp's private key value s = u.subtract(r.multiply(x)).mod(n); BigInteger[] res = new BigInteger[2]; res[0] = r; res[1] = s; return res; }
public static AsymmetricCipherKeyPair generateECKeyPair(SecureRandom random, ECDomainParameters ecParams) { ECKeyPairGenerator keyPairGenerator = new ECKeyPairGenerator(); keyPairGenerator.init(new ECKeyGenerationParameters(ecParams, random)); return keyPairGenerator.generateKeyPair(); }
/** * generate a signature for the given message using the key we were * initialised with. Generally, the order of the curve should be at * least as long as the hash of the message of interest, and with * ECNR it *must* be at least as long. * * @param digest the digest to be signed. * @exception DataLengthException if the digest is longer than the key allows */ public BigInteger[] generateSignature( byte[] digest) { if (! this.forSigning) { throw new IllegalStateException("not initialised for signing"); } BigInteger n = ((ECPrivateKeyParameters)this.key).getParameters().getN(); int nBitLength = n.bitLength(); BigInteger e = new BigInteger(1, digest); int eBitLength = e.bitLength(); ECPrivateKeyParameters privKey = (ECPrivateKeyParameters)key; if (eBitLength > nBitLength) { throw new DataLengthException("input too large for ECNR key."); } BigInteger r = null; BigInteger s = null; AsymmetricCipherKeyPair tempPair; do // generate r { // generate another, but very temporary, key pair using // the same EC parameters ECKeyPairGenerator keyGen = new ECKeyPairGenerator(); keyGen.init(new ECKeyGenerationParameters(privKey.getParameters(), this.random)); tempPair = keyGen.generateKeyPair(); // BigInteger Vx = tempPair.getPublic().getW().getAffineX(); ECPublicKeyParameters V = (ECPublicKeyParameters)tempPair.getPublic(); // get temp's public key BigInteger Vx = V.getQ().getAffineXCoord().toBigInteger(); // get the point's x coordinate r = Vx.add(e).mod(n); } while (r.equals(ECConstants.ZERO)); // generate s BigInteger x = privKey.getD(); // private key value BigInteger u = ((ECPrivateKeyParameters)tempPair.getPrivate()).getD(); // temp's private key value s = u.subtract(r.multiply(x)).mod(n); BigInteger[] res = new BigInteger[2]; res[0] = r; res[1] = s; return res; }
/** * key generation test */ private void testECDSAKeyGenTest() { SecureRandom random = new SecureRandom(); BigInteger n = new BigInteger("883423532389192164791648750360308884807550341691627752275345424702807307"); ECCurve.Fp curve = new ECCurve.Fp( new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"), // q new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16), // a new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16), // b n, ECConstants.ONE); ECDomainParameters params = new ECDomainParameters( curve, curve.decodePoint(Hex.decode("020ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf")), // G n); ECKeyPairGenerator pGen = new ECKeyPairGenerator(); ECKeyGenerationParameters genParam = new ECKeyGenerationParameters( params, random); pGen.init(genParam); AsymmetricCipherKeyPair pair = pGen.generateKeyPair(); ParametersWithRandom param = new ParametersWithRandom(pair.getPrivate(), random); ECDSASigner ecdsa = new ECDSASigner(); ecdsa.init(true, param); byte[] message = new BigInteger("968236873715988614170569073515315707566766479517").toByteArray(); BigInteger[] sig = ecdsa.generateSignature(message); ecdsa.init(false, pair.getPublic()); if (!ecdsa.verifySignature(message, sig[0], sig[1])) { fail("signature fails"); } }
/** * Test Sign & Verify with test parameters * see: http://www.ietf.org/internet-drafts/draft-popov-cryptopro-cpalgs-01.txt * gostR3410-2001-TestParamSet P.46 */ private void ecGOST3410_TestParam() { SecureRandom random = new SecureRandom(); BigInteger mod_p = new BigInteger("57896044618658097711785492504343953926634992332820282019728792003956564821041"); //p BigInteger mod_q = new BigInteger("57896044618658097711785492504343953927082934583725450622380973592137631069619"); ECCurve.Fp curve = new ECCurve.Fp( mod_p, // p new BigInteger("7"), // a new BigInteger("43308876546767276905765904595650931995942111794451039583252968842033849580414"), // b mod_q, ECConstants.ONE); ECDomainParameters params = new ECDomainParameters( curve, curve.createPoint( new BigInteger("2"), // x new BigInteger("4018974056539037503335449422937059775635739389905545080690979365213431566280")), // y mod_q); ECKeyPairGenerator pGen = new ECKeyPairGenerator(); ECKeyGenerationParameters genParam = new ECKeyGenerationParameters( params, random); pGen.init(genParam); AsymmetricCipherKeyPair pair = pGen.generateKeyPair(); ParametersWithRandom param = new ParametersWithRandom(pair.getPrivate(), random); ECGOST3410Signer ecgost3410 = new ECGOST3410Signer(); ecgost3410.init(true, param); //get hash message using the digest GOST3411. byte[] message = "Message for sign".getBytes(); GOST3411Digest gost3411 = new GOST3411Digest(); gost3411.update(message, 0, message.length); byte[] hashmessage = new byte[gost3411.getDigestSize()]; gost3411.doFinal(hashmessage, 0); BigInteger[] sig = ecgost3410.generateSignature(hashmessage); ecgost3410.init(false, pair.getPublic()); if (!ecgost3410.verifySignature(hashmessage, sig[0], sig[1])) { fail("signature fails"); } }
/** * Test Sign & Verify with A parameters * see: http://www.ietf.org/internet-drafts/draft-popov-cryptopro-cpalgs-01.txt * gostR3410-2001-CryptoPro-A-ParamSet P.47 */ public void ecGOST3410_AParam() { SecureRandom random = new SecureRandom(); BigInteger mod_p = new BigInteger("115792089237316195423570985008687907853269984665640564039457584007913129639319"); //p BigInteger mod_q = new BigInteger("115792089237316195423570985008687907853073762908499243225378155805079068850323"); ECCurve.Fp curve = new ECCurve.Fp( mod_p, // p new BigInteger("115792089237316195423570985008687907853269984665640564039457584007913129639316"), // a new BigInteger("166"), // b mod_q, ECConstants.ONE); ECDomainParameters params = new ECDomainParameters( curve, curve.createPoint( new BigInteger("1"), // x new BigInteger("64033881142927202683649881450433473985931760268884941288852745803908878638612")), // y mod_q); ECKeyPairGenerator pGen = new ECKeyPairGenerator(); ECKeyGenerationParameters genParam = new ECKeyGenerationParameters( params, random); pGen.init(genParam); AsymmetricCipherKeyPair pair = pGen.generateKeyPair(); ParametersWithRandom param = new ParametersWithRandom(pair.getPrivate(), random); ECGOST3410Signer ecgost3410 = new ECGOST3410Signer(); ecgost3410.init(true, param); BigInteger[] sig = ecgost3410.generateSignature(hashmessage); ecgost3410.init(false, pair.getPublic()); if (!ecgost3410.verifySignature(hashmessage, sig[0], sig[1])) { fail("signature fails"); } }
/** * Test Sign & Verify with B parameters * see: http://www.ietf.org/internet-drafts/draft-popov-cryptopro-cpalgs-01.txt * gostR3410-2001-CryptoPro-B-ParamSet P.47-48 */ private void ecGOST3410_BParam() { SecureRandom random = new SecureRandom(); BigInteger mod_p = new BigInteger("57896044618658097711785492504343953926634992332820282019728792003956564823193"); //p BigInteger mod_q = new BigInteger("57896044618658097711785492504343953927102133160255826820068844496087732066703"); ECCurve.Fp curve = new ECCurve.Fp( mod_p, // p new BigInteger("57896044618658097711785492504343953926634992332820282019728792003956564823190"), // a new BigInteger("28091019353058090096996979000309560759124368558014865957655842872397301267595"), // b mod_q, ECConstants.ONE); ECDomainParameters params = new ECDomainParameters( curve, curve.createPoint( new BigInteger("1"), // x new BigInteger("28792665814854611296992347458380284135028636778229113005756334730996303888124")), // y mod_q); ECKeyPairGenerator pGen = new ECKeyPairGenerator(); ECKeyGenerationParameters genParam = new ECKeyGenerationParameters( params, random); pGen.init(genParam); AsymmetricCipherKeyPair pair = pGen.generateKeyPair(); ParametersWithRandom param = new ParametersWithRandom(pair.getPrivate(), random); ECGOST3410Signer ecgost3410 = new ECGOST3410Signer(); ecgost3410.init(true, param); BigInteger[] sig = ecgost3410.generateSignature(hashmessage); ecgost3410.init(false, pair.getPublic()); if (!ecgost3410.verifySignature(hashmessage, sig[0], sig[1])) { fail("signature fails"); } }
/** * Test Sign & Verify with C parameters * see: http://www.ietf.org/internet-drafts/draft-popov-cryptopro-cpalgs-01.txt * gostR3410-2001-CryptoPro-C-ParamSet P.48 */ private void ecGOST3410_CParam() { SecureRandom random = new SecureRandom(); BigInteger mod_p = new BigInteger("70390085352083305199547718019018437841079516630045180471284346843705633502619"); //p BigInteger mod_q = new BigInteger("70390085352083305199547718019018437840920882647164081035322601458352298396601"); ECCurve.Fp curve = new ECCurve.Fp( mod_p, // p new BigInteger("70390085352083305199547718019018437841079516630045180471284346843705633502616"), // a new BigInteger("32858"), // b mod_q, ECConstants.ONE); ECDomainParameters params = new ECDomainParameters( curve, curve.createPoint( new BigInteger("0"), // x new BigInteger("29818893917731240733471273240314769927240550812383695689146495261604565990247")), // y mod_q); ECKeyPairGenerator pGen = new ECKeyPairGenerator(); ECKeyGenerationParameters genParam = new ECKeyGenerationParameters( params, random); pGen.init(genParam); AsymmetricCipherKeyPair pair = pGen.generateKeyPair(); ParametersWithRandom param = new ParametersWithRandom(pair.getPrivate(), random); ECGOST3410Signer ecgost3410 = new ECGOST3410Signer(); ecgost3410.init(true, param); BigInteger[] sig = ecgost3410.generateSignature(hashmessage); ecgost3410.init(false, pair.getPublic()); if (!ecgost3410.verifySignature(hashmessage, sig[0], sig[1])) { fail("signature fails"); } }
/** * generate a signature for the given message using the key we were * initialised with. Generally, the order of the curve should be at * least as long as the hash of the message of interest, and with * ECNR it *must* be at least as long. * * @param digest the digest to be signed. * @exception DataLengthException if the digest is longer than the key allows */ public BigInteger[] generateSignature( byte[] digest) { if (! this.forSigning) { throw new IllegalStateException("not initialised for signing"); } BigInteger n = ((ECPrivateKeyParameters)this.key).getParameters().getN(); int nBitLength = n.bitLength(); BigInteger e = new BigInteger(1, digest); int eBitLength = e.bitLength(); ECPrivateKeyParameters privKey = (ECPrivateKeyParameters)key; if (eBitLength > nBitLength) { throw new DataLengthException("input too large for ECNR key."); } BigInteger r = null; BigInteger s = null; AsymmetricCipherKeyPair tempPair; do // generate r { // generate another, but very temporary, key pair using // the same EC parameters ECKeyPairGenerator keyGen = new ECKeyPairGenerator(); keyGen.init(new ECKeyGenerationParameters(privKey.getParameters(), this.random)); tempPair = keyGen.generateKeyPair(); // BigInteger Vx = tempPair.getPublic().getW().getAffineX(); ECPublicKeyParameters V = (ECPublicKeyParameters)tempPair.getPublic(); // get temp's public key BigInteger Vx = V.getQ().normalize().getAffineXCoord().toBigInteger(); // get the point's x coordinate r = Vx.add(e).mod(n); } while (r.equals(ECConstants.ZERO)); // generate s BigInteger x = privKey.getD(); // private key value BigInteger u = ((ECPrivateKeyParameters)tempPair.getPrivate()).getD(); // temp's private key value s = u.subtract(r.multiply(x)).mod(n); BigInteger[] res = new BigInteger[2]; res[0] = r; res[1] = s; return res; }