aboutsummaryrefslogtreecommitdiffstats
path: root/libraries/spongycastle/core/src/main/java/org/spongycastle/crypto/kems/ECIESKeyEncapsulation.java
diff options
context:
space:
mode:
Diffstat (limited to 'libraries/spongycastle/core/src/main/java/org/spongycastle/crypto/kems/ECIESKeyEncapsulation.java')
-rwxr-xr-xlibraries/spongycastle/core/src/main/java/org/spongycastle/crypto/kems/ECIESKeyEncapsulation.java255
1 files changed, 0 insertions, 255 deletions
diff --git a/libraries/spongycastle/core/src/main/java/org/spongycastle/crypto/kems/ECIESKeyEncapsulation.java b/libraries/spongycastle/core/src/main/java/org/spongycastle/crypto/kems/ECIESKeyEncapsulation.java
deleted file mode 100755
index bfe8c1077..000000000
--- a/libraries/spongycastle/core/src/main/java/org/spongycastle/crypto/kems/ECIESKeyEncapsulation.java
+++ /dev/null
@@ -1,255 +0,0 @@
-package org.spongycastle.crypto.kems;
-
-import java.math.BigInteger;
-import java.security.SecureRandom;
-
-import org.spongycastle.crypto.CipherParameters;
-import org.spongycastle.crypto.DerivationFunction;
-import org.spongycastle.crypto.KeyEncapsulation;
-import org.spongycastle.crypto.params.ECDomainParameters;
-import org.spongycastle.crypto.params.ECKeyParameters;
-import org.spongycastle.crypto.params.ECPrivateKeyParameters;
-import org.spongycastle.crypto.params.ECPublicKeyParameters;
-import org.spongycastle.crypto.params.KDFParameters;
-import org.spongycastle.crypto.params.KeyParameter;
-import org.spongycastle.math.ec.ECCurve;
-import org.spongycastle.math.ec.ECPoint;
-import org.spongycastle.util.BigIntegers;
-
-/**
- * The ECIES Key Encapsulation Mechanism (ECIES-KEM) from ISO 18033-2.
- */
-public class ECIESKeyEncapsulation
- implements KeyEncapsulation
-{
- private static final BigInteger ONE = BigInteger.valueOf(1);
-
- private DerivationFunction kdf;
- private SecureRandom rnd;
- private ECKeyParameters key;
- private boolean CofactorMode;
- private boolean OldCofactorMode;
- private boolean SingleHashMode;
-
- /**
- * Set up the ECIES-KEM.
- *
- * @param kdf the key derivation function to be used.
- * @param rnd the random source for the session key.
- */
- public ECIESKeyEncapsulation(
- DerivationFunction kdf,
- SecureRandom rnd)
- {
- this.kdf = kdf;
- this.rnd = rnd;
- this.CofactorMode = false;
- this.OldCofactorMode = false;
- this.SingleHashMode = false;
- }
-
- /**
- * Set up the ECIES-KEM.
- *
- * @param kdf the key derivation function to be used.
- * @param rnd the random source for the session key.
- * @param cofactorMode true to use the new cofactor ECDH.
- * @param oldCofactorMode true to use the old cofactor ECDH.
- * @param singleHashMode true to use single hash mode.
- */
- public ECIESKeyEncapsulation(
- DerivationFunction kdf,
- SecureRandom rnd,
- boolean cofactorMode,
- boolean oldCofactorMode,
- boolean singleHashMode)
- {
- this.kdf = kdf;
- this.rnd = rnd;
-
- // If both cofactorMode and oldCofactorMode are set to true
- // then the implementation will use the new cofactor ECDH
- this.CofactorMode = cofactorMode;
- this.OldCofactorMode = oldCofactorMode;
- this.SingleHashMode = singleHashMode;
- }
-
- /**
- * Initialise the ECIES-KEM.
- *
- * @param key the recipient's public (for encryption) or private (for decryption) key.
- */
- public void init(CipherParameters key)
- throws IllegalArgumentException
- {
- if (!(key instanceof ECKeyParameters))
- {
- throw new IllegalArgumentException("EC key required");
- }
- else
- {
- this.key = (ECKeyParameters)key;
- }
- }
-
- /**
- * Generate and encapsulate a random session key.
- *
- * @param out the output buffer for the encapsulated key.
- * @param outOff the offset for the output buffer.
- * @param keyLen the length of the session key.
- * @return the random session key.
- */
- public CipherParameters encrypt(byte[] out, int outOff, int keyLen)
- throws IllegalArgumentException
- {
- if (!(key instanceof ECPublicKeyParameters))
- {
- throw new IllegalArgumentException("Public key required for encryption");
- }
-
- ECPublicKeyParameters ecPubKey = (ECPublicKeyParameters)key;
- ECDomainParameters ecParams = ecPubKey.getParameters();
- ECCurve curve = ecParams.getCurve();
- BigInteger n = ecParams.getN();
- BigInteger h = ecParams.getH();
-
- // Generate the ephemeral key pair
- BigInteger r = BigIntegers.createRandomInRange(ONE, n, rnd);
-
- // Compute the static-ephemeral key agreement
- BigInteger rPrime = CofactorMode ? r.multiply(h).mod(n) : r;
-
- ECPoint[] ghTilde = new ECPoint[]{
- ecParams.getG().multiply(r),
- ecPubKey.getQ().multiply(rPrime)
- };
-
- // NOTE: More efficient than normalizing each individually
- curve.normalizeAll(ghTilde);
-
- ECPoint gTilde = ghTilde[0], hTilde = ghTilde[1];
-
- // Encode the ephemeral public key
- byte[] C = gTilde.getEncoded();
- System.arraycopy(C, 0, out, outOff, C.length);
-
- // Encode the shared secret value
- byte[] PEH = hTilde.getAffineXCoord().getEncoded();
-
- // Initialise the KDF
- byte[] kdfInput;
- if (SingleHashMode)
- {
- kdfInput = new byte[C.length + PEH.length];
- System.arraycopy(C, 0, kdfInput, 0, C.length);
- System.arraycopy(PEH, 0, kdfInput, C.length, PEH.length);
- }
- else
- {
- kdfInput = PEH;
- }
-
- kdf.init(new KDFParameters(kdfInput, null));
-
- // Generate the secret key
- byte[] K = new byte[keyLen];
- kdf.generateBytes(K, 0, K.length);
-
- // Return the ciphertext
- return new KeyParameter(K);
- }
-
- /**
- * Generate and encapsulate a random session key.
- *
- * @param out the output buffer for the encapsulated key.
- * @param keyLen the length of the session key.
- * @return the random session key.
- */
- public CipherParameters encrypt(byte[] out, int keyLen)
- {
- return encrypt(out, 0, keyLen);
- }
-
- /**
- * Decrypt an encapsulated session key.
- *
- * @param in the input buffer for the encapsulated key.
- * @param inOff the offset for the input buffer.
- * @param inLen the length of the encapsulated key.
- * @param keyLen the length of the session key.
- * @return the session key.
- */
- public CipherParameters decrypt(byte[] in, int inOff, int inLen, int keyLen)
- throws IllegalArgumentException
- {
- if (!(key instanceof ECPrivateKeyParameters))
- {
- throw new IllegalArgumentException("Private key required for encryption");
- }
-
- ECPrivateKeyParameters ecPrivKey = (ECPrivateKeyParameters)key;
- ECDomainParameters ecParams = ecPrivKey.getParameters();
- ECCurve curve = ecParams.getCurve();
- BigInteger n = ecParams.getN();
- BigInteger h = ecParams.getH();
-
- // Decode the ephemeral public key
- byte[] C = new byte[inLen];
- System.arraycopy(in, inOff, C, 0, inLen);
-
- // NOTE: Decoded points are already normalized (i.e in affine form)
- ECPoint gTilde = curve.decodePoint(C);
-
- // Compute the static-ephemeral key agreement
- ECPoint gHat = gTilde;
- if ((CofactorMode) || (OldCofactorMode))
- {
- gHat = gHat.multiply(h);
- }
-
- BigInteger xHat = ecPrivKey.getD();
- if (CofactorMode)
- {
- xHat = xHat.multiply(h.modInverse(n)).mod(n);
- }
-
- ECPoint hTilde = gHat.multiply(xHat).normalize();
-
- // Encode the shared secret value
- byte[] PEH = hTilde.getAffineXCoord().getEncoded();
-
- // Initialise the KDF
- byte[] kdfInput;
- if (SingleHashMode)
- {
- kdfInput = new byte[C.length + PEH.length];
- System.arraycopy(C, 0, kdfInput, 0, C.length);
- System.arraycopy(PEH, 0, kdfInput, C.length, PEH.length);
- }
- else
- {
- kdfInput = PEH;
- }
- kdf.init(new KDFParameters(kdfInput, null));
-
- // Generate the secret key
- byte[] K = new byte[keyLen];
- kdf.generateBytes(K, 0, K.length);
-
- return new KeyParameter(K);
- }
-
- /**
- * Decrypt an encapsulated session key.
- *
- * @param in the input buffer for the encapsulated key.
- * @param keyLen the length of the session key.
- * @return the session key.
- */
- public CipherParameters decrypt(byte[] in, int keyLen)
- {
- return decrypt(in, 0, in.length, keyLen);
- }
-}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-10 09:21:12 +0000