All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.nimbusds.jose.crypto.utils.ECChecks Maven / Gradle / Ivy

Go to download

Java library for Javascript Object Signing and Encryption (JOSE) and JSON Web Tokens (JWT)

There is a newer version: 10.0.1
Show newest version
/*
 * nimbus-jose-jwt
 *
 * Copyright 2012-2016, Connect2id Ltd and contributors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use
 * this file except in compliance with the License. You may obtain a copy of the
 * License at
 *
 *    http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software distributed
 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 * CONDITIONS OF ANY KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations under the License.
 */

package com.nimbusds.jose.crypto.utils;


import java.math.BigInteger;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECFieldFp;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.EllipticCurve;


/**
 * Elliptic curve checks.
 *
 * @author Vladimir Dzhuvinov
 * @version 2017-04-13
 */
public class ECChecks {
	
	
	/**
	 * Checks if the specified (ephemeral) public key is on the curve of
	 * the private key. Intended to prevent an "Invalid Curve Attack",
	 * independent from any JCA provider checks (the SUN provider in Java
	 * 1.8.0_51+ and BouncyCastle have them, other / older provider do
	 * not).
	 *
	 * 

See https://www.cs.bris.ac.uk/Research/CryptographySecurity/RWC/2017/nguyen.quan.pdf * * @param publicKey The public EC key. Must not be {@code null}. * @param privateKey The private EC key. Must not be {@code null}. * * @return {@code true} if public key passed the curve check. */ public static boolean isPointOnCurve(final ECPublicKey publicKey, final ECPrivateKey privateKey) { return isPointOnCurve(publicKey, privateKey.getParams()); } /** * Checks if the specified (ephemeral) public key is on the given * curve. Intended to prevent an "Invalid Curve Attack", independent * from any JCA provider checks (the SUN provider in Java 1.8.0_51+ and * BouncyCastle have them, other / older provider do not). * *

See https://www.cs.bris.ac.uk/Research/CryptographySecurity/RWC/2017/nguyen.quan.pdf * * @param publicKey The public EC key. Must not be {@code null}. * @param ecParameterSpec The EC spec. Must not be {@code null}. * * @return {@code true} if public key passed the curve check. */ public static boolean isPointOnCurve(final ECPublicKey publicKey, final ECParameterSpec ecParameterSpec) { ECPoint point = publicKey.getW(); return isPointOnCurve(point.getAffineX(), point.getAffineY(), ecParameterSpec); } /** * Checks if the specified (ephemeral) public key is on the given * curve. Intended to prevent an "Invalid Curve Attack", independent * from any JCA provider checks (the SUN provider in Java 1.8.0_51+ and * BouncyCastle have them, other / older provider do not). * *

See https://www.cs.bris.ac.uk/Research/CryptographySecurity/RWC/2017/nguyen.quan.pdf * * @param x The public EC x coordinate. Must not be * {@code null}. * @param y The public EC y coordinate. Must not be * {@code null}. * @param ecParameterSpec The EC spec. Must not be {@code null}. * * @return {@code true} if public key passed the curve check. */ public static boolean isPointOnCurve(final BigInteger x, final BigInteger y, final ECParameterSpec ecParameterSpec) { // Ensure the following condition is met: // (y^2) mod p = (x^3 + ax + b) mod p EllipticCurve curve = ecParameterSpec.getCurve(); BigInteger a = curve.getA(); BigInteger b = curve.getB(); BigInteger p = ((ECFieldFp) curve.getField()).getP(); BigInteger leftSide = (y.pow(2)).mod(p); BigInteger rightSide = (x.pow(3).add(a.multiply(x)).add(b)).mod(p); return leftSide.equals(rightSide); } /** * Prevents public instantiation. */ private ECChecks() {} }





© 2015 - 2025 Weber Informatics LLC | Privacy Policy