Skip to content

Commit

Permalink
Merge pull request #21 from dufkan/master
Browse files Browse the repository at this point in the history 
ECPoint improvements, SecP256k1 definition
  • Loading branch information
@petrs
petrs authored Jul 5, 2021
2 parents febdb4d + 4427d1a commit 615978a
Show file tree
Hide file tree
Showing 3 changed files with 160 additions and 18 deletions.
66 changes: 63 additions & 3 deletions JCMathLib/src/opencrypto/jcmathlib/ECPoint.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -175,6 +175,8 @@ public void makeDouble() {
public void add(ECPoint other) {
PM.check(PM.TRAP_ECPOINT_ADD_1);

boolean samePoint = this == other || isEqual(other);

ech.lock(ech.uncompressed_point_arr1);
this.thePoint.getW(ech.uncompressed_point_arr1, (short) 0);
ech.fnc_add_x_p.lock();
Expand All @@ -194,7 +196,7 @@ public void add(ECPoint other) {
// P+Q=R
ech.fnc_add_nominator.lock();
ech.fnc_add_denominator.lock();
if (this == other) {
if (samePoint) {
//lambda = (3(x_p^2)+a)/(2y_p)
//(3(x_p^2)+a)
ech.fnc_add_nominator.clone(ech.fnc_add_x_p);
Expand Down Expand Up @@ -245,7 +247,7 @@ public void add(ECPoint other) {

//x_r=lambda^2-x_p-x_q
ech.fnc_add_x_r.lock();
if (this == other) {
if (samePoint) {
short len = this.multiplication_x(Bignat_Helper.TWO, ech.fnc_add_x_r.as_byte_array(), (short) 0);
ech.fnc_add_x_r.set_size(len);
} else {
Expand Down Expand Up @@ -422,7 +424,65 @@ public void negate() {
ech.unlock(ech.uncompressed_point_arr1);
PM.check(PM.TRAP_ECPOINT_NEGATE_5);
}


/**
* Restore point from X coordinate. Stores one of the two results into this point.
*
* @param xCoord byte array containing the X coordinate
* @param xOffset offset in the byte array
* @param xLen length of the X coordinate
*/
public void from_x(byte[] xCoord, short xOffset, short xLen) {
ech.fnc_from_x_x.lock();
ech.fnc_from_x_x.set_size(xLen);
ech.fnc_from_x_x.from_byte_array(xLen, (short) 0, xCoord, xOffset);
from_x(ech.fnc_from_x_x);
ech.fnc_from_x_x.unlock();
}

/**
* Restore point from X coordinate. Stores one of the two results into this point.
*
* @param x the x coordinate
*/
private void from_x(Bignat x) {
//Y^2 = X^3 + XA + B = x(x^2+A)+B
ech.fnc_from_x_y_sq.lock();
ech.fnc_from_x_y_sq.clone(x);
ech.fnc_from_x_y_sq.mod_exp(Bignat_Helper.TWO, this.theCurve.pBN);
ech.fnc_from_x_y_sq.mod_add(this.theCurve.aBN, this.theCurve.pBN);
ech.fnc_from_x_y_sq.mod_mult(ech.fnc_from_x_y_sq, x, this.theCurve.pBN);
ech.fnc_from_x_y_sq.mod_add(this.theCurve.bBN, this.theCurve.pBN);
ech.fnc_from_x_y.lock();
ech.fnc_from_x_y.clone(ech.fnc_from_x_y_sq);
ech.fnc_from_x_y_sq.unlock();
ech.fnc_from_x_y.sqrt_FP(this.theCurve.pBN);

// Construct public key with <x, y_1>
ech.lock(ech.uncompressed_point_arr1);
ech.uncompressed_point_arr1[0] = 0x04;
x.prepend_zeros(this.theCurve.COORD_SIZE, ech.uncompressed_point_arr1, (short) 1);
ech.fnc_from_x_y.prepend_zeros(this.theCurve.COORD_SIZE, ech.uncompressed_point_arr1, (short) (1 + theCurve.COORD_SIZE));
ech.fnc_from_x_y.unlock();
this.setW(ech.uncompressed_point_arr1, (short) 0, theCurve.POINT_SIZE);
ech.unlock(ech.uncompressed_point_arr1);
}

/**
* Returns true if Y coordinate is even; false otherwise.
*
* @return true if Y coordinate is even; false otherwise
*/
public boolean is_y_even() {
ech.fnc_is_y.lock();
ech.lock(ech.uncompressed_point_arr1);
thePoint.getW(ech.uncompressed_point_arr1, (short) 0);
boolean result = ech.uncompressed_point_arr1[(short)(theCurve.POINT_SIZE - 1)] % 2 == 0;
ech.unlock(ech.uncompressed_point_arr1);
ech.fnc_is_y.unlock();
return result;
}

/**
* Compares this and provided point for equality. The comparison is made using hash of both values to prevent leak of position of mismatching byte.
* @param other second point for comparison
Expand Down
40 changes: 25 additions & 15 deletions JCMathLib/src/opencrypto/jcmathlib/ECPoint_Helper.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@

/**
*
* @author Petr Svenda
* @author Petr Svenda
*/
public class ECPoint_Helper extends Base_Helper {
// Selected constants missing from older JC API specs
Expand All @@ -15,15 +15,15 @@ public class ECPoint_Helper extends Base_Helper {
public static final byte Signature_ALG_ECDSA_SHA_256 = (byte) 33;

/**
* I true, fast multiplication of ECPoints via KeyAgreement can be used Is
* If true, fast multiplication of ECPoints via KeyAgreement can be used. Is
* set automatically after successful allocation of required engines
*/
public boolean FLAG_FAST_EC_MULT_VIA_KA = false;

byte[] uncompressed_point_arr1;
byte[] fnc_isEqual_hashArray;
byte[] fnc_multiplication_resultArray;

// These Bignats are just pointing to some helperEC_BN_? so reasonable naming is preserved yet no need to actually allocated whole Bignat object
Bignat fnc_add_x_r; // frequent write
Bignat fnc_add_y_r; // frequent write
Expand All @@ -33,21 +33,27 @@ public class ECPoint_Helper extends Base_Helper {
Bignat fnc_add_lambda; // write mod_mul (but only final result)
Bignat fnc_add_nominator; // frequent write
Bignat fnc_add_denominator; // frequent write

Bignat fnc_multiplication_x; // result write
Bignat fnc_multiplication_y_sq; // frequent write
Bignat fnc_multiplication_scalar; // write once, read
Bignat fnc_multiplication_y1; // mostly just read, write inside sqrt_FP
Bignat fnc_multiplication_y2; // mostly just read, result write
Bignat fnc_negate_yBN; // mostly just read, result write


Bignat fnc_from_x_x;
Bignat fnc_from_x_y_sq;
Bignat fnc_from_x_y;

Bignat fnc_is_y;

KeyAgreement fnc_multiplication_x_keyAgreement;
Signature fnc_SignVerifyECDSA_signEngine;
MessageDigest fnc_isEqual_hashEngine;

public ECPoint_Helper(ResourceManager rm) {
super(rm);

FLAG_FAST_EC_MULT_VIA_KA = false; // set true only if succesfully allocated and tested below
try {
//fnc_multiplication_x_keyAgreement = KeyAgreement.getInstance(KeyAgreement.ALG_EC_SVDP_DHC, false);
Expand All @@ -57,9 +63,9 @@ public ECPoint_Helper(ResourceManager rm) {
fnc_SignVerifyECDSA_signEngine = Signature.getInstance(Signature_ALG_ECDSA_SHA_256, false);
FLAG_FAST_EC_MULT_VIA_KA = true;
} catch (Exception ignored) {
} // Discard any exception
} // Discard any exception
}

void initialize() {
// Important: assignment of helper BNs is made according to two criteria:
// 1. Correctness: same BN must not be assigned to overlapping operations (guarded by lock/unlock)
Expand All @@ -74,21 +80,25 @@ void initialize() {
fnc_add_nominator = rm.helperEC_BN_B;
fnc_add_denominator = rm.helperEC_BN_C;
fnc_add_lambda = rm.helperEC_BN_A;

fnc_multiplication_scalar = rm.helperEC_BN_F;
fnc_multiplication_x = rm.helperEC_BN_B;
fnc_multiplication_y_sq = rm.helperEC_BN_C;
fnc_multiplication_y1 = rm.helperEC_BN_D;
fnc_multiplication_y2 = rm.helperEC_BN_B;
fnc_multiplication_resultArray = rm.helper_BN_array1;

fnc_negate_yBN = rm.helperEC_BN_C;


Bignat fnc_from_x_x;
Bignat fnc_from_x_y_sq;
Bignat fnc_from_x_y;

fnc_is_y = rm.helperEC_BN_C;

fnc_isEqual_hashArray = rm.helper_hashArray;
fnc_isEqual_hashEngine = rm.hashEngine;

uncompressed_point_arr1 = rm.helper_uncompressed_point_arr1;

}

}
72 changes: 72 additions & 0 deletions JCMathLib/src/opencrypto/jcmathlib/SecP256k1.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
package opencrypto.jcmathlib;

public class SecP256k1 {

public final static short KEY_LENGTH = 256; // Bits
public final static short POINT_SIZE = 65; // Bytes
public final static short COORD_SIZE = 32; // Bytes

public final static byte[] p = {
(byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff,
(byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff,
(byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff,
(byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff,
(byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff,
(byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff,
(byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xfe,
(byte) 0xff, (byte) 0xff, (byte) 0xfc, (byte) 0x2f
};

public final static byte[] a = {
(byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
(byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
(byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
(byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
(byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
(byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
(byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
(byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00
};

public final static byte[] b = {
(byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
(byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
(byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
(byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
(byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
(byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
(byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
(byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x07
};

public final static byte[] G = {
(byte) 0x04,
(byte) 0x79, (byte) 0xbe, (byte) 0x66, (byte) 0x7e,
(byte) 0xf9, (byte) 0xdc, (byte) 0xbb, (byte) 0xac,
(byte) 0x55, (byte) 0xa0, (byte) 0x62, (byte) 0x95,
(byte) 0xce, (byte) 0x87, (byte) 0x0b, (byte) 0x07,
(byte) 0x02, (byte) 0x9b, (byte) 0xfc, (byte) 0xdb,
(byte) 0x2d, (byte) 0xce, (byte) 0x28, (byte) 0xd9,
(byte) 0x59, (byte) 0xf2, (byte) 0x81, (byte) 0x5b,
(byte) 0x16, (byte) 0xf8, (byte) 0x17, (byte) 0x98,
(byte) 0x48, (byte) 0x3a, (byte) 0xda, (byte) 0x77,
(byte) 0x26, (byte) 0xa3, (byte) 0xc4, (byte) 0x65,
(byte) 0x5d, (byte) 0xa4, (byte) 0xfb, (byte) 0xfc,
(byte) 0x0e, (byte) 0x11, (byte) 0x08, (byte) 0xa8,
(byte) 0xfd, (byte) 0x17, (byte) 0xb4, (byte) 0x48,
(byte) 0xa6, (byte) 0x85, (byte) 0x54, (byte) 0x19,
(byte) 0x9c, (byte) 0x47, (byte) 0xd0, (byte) 0x8f,
(byte) 0xfb, (byte) 0x10, (byte) 0xd4, (byte) 0xb8
};

public final static byte[] r = {
(byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff,
(byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff,
(byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff,
(byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xfe,
(byte) 0xba, (byte) 0xae, (byte) 0xdc, (byte) 0xe6,
(byte) 0xaf, (byte) 0x48, (byte) 0xa0, (byte) 0x3b,
(byte) 0xbf, (byte) 0xd2, (byte) 0x5e, (byte) 0x8c,
(byte) 0xd0, (byte) 0x36, (byte) 0x41, (byte) 0x41,
};
}

0 comments on commit 615978a

Please sign in to comment.