Add getQ to ECCurve.AbstractFp

peterdettman · peterdettman · commit 761d9644f1e6 · 2025-02-25T15:06:27.000+07:00
diff --git a/core/src/main/j2me/org/bouncycastle/math/ec/ECCurve.java b/core/src/main/j2me/org/bouncycastle/math/ec/ECCurve.java
@@ -593,9 +593,14 @@ protected AbstractFp(BigInteger q)
             super(FiniteFields.getPrimeField(q));
         }
 
+        public BigInteger getQ()
+        {
+            return getField().getCharacteristic();
+        }
+
         public boolean isValidFieldElement(BigInteger x)
         {
-            return x != null && x.signum() >= 0 && x.compareTo(this.getField().getCharacteristic()) < 0;
+            return x != null && x.signum() >= 0 && x.compareTo(this.getQ()) < 0;
         }
 
         public ECFieldElement randomFieldElement(SecureRandom r)
@@ -604,7 +609,7 @@ public ECFieldElement randomFieldElement(SecureRandom r)
              * NOTE: BigInteger comparisons in the rejection sampling are not constant-time, so we
              * use the product of two independent elements to mitigate side-channels.
              */
-            BigInteger p = this.getField().getCharacteristic();
+            BigInteger p = this.getQ();
             ECFieldElement fe1 = this.fromBigInteger(implRandomFieldElement(r, p));
             ECFieldElement fe2 = this.fromBigInteger(implRandomFieldElement(r, p));
             return fe1.multiply(fe2);
@@ -616,7 +621,7 @@ public ECFieldElement randomFieldElementMult(SecureRandom r)
              * NOTE: BigInteger comparisons in the rejection sampling are not constant-time, so we
              * use the product of two independent elements to mitigate side-channels.
              */
-            BigInteger p = this.getField().getCharacteristic();
+            BigInteger p = this.getQ();
             ECFieldElement fe1 = this.fromBigInteger(implRandomFieldElementMult(r, p));
             ECFieldElement fe2 = this.fromBigInteger(implRandomFieldElementMult(r, p));
             return fe1.multiply(fe2);
@@ -699,12 +704,11 @@ public Fp(BigInteger q, BigInteger a, BigInteger b, BigInteger order, BigInteger
 
             if (isInternal)
             {
-                this.q = q;
                 knownQs.add(q);
             }
             else if (knownQs.contains(q) || validatedQs.contains(q))
             {
-                this.q = q;
+                // No need to validate
             }
             else
             {
@@ -724,10 +728,9 @@ else if (knownQs.contains(q) || validatedQs.contains(q))
                 }
 
                 validatedQs.add(q);
-
-                this.q = q;
             }
 
+            this.q = q;
             this.r = ECFieldElement.Fp.calculateResidue(q);
             this.infinity = new ECPoint.Fp(this, null, null);
 
diff --git a/core/src/main/java/org/bouncycastle/crypto/agreement/ecjpake/ECJPAKECurve.java b/core/src/main/java/org/bouncycastle/crypto/agreement/ecjpake/ECJPAKECurve.java
@@ -159,7 +159,7 @@ public BigInteger getH()
 
     public BigInteger getQ()
     {
-        return curve.getField().getCharacteristic();
+        return curve.getQ();
     }
 
     private static BigInteger calculateDeterminant(BigInteger q, BigInteger a, BigInteger b)
diff --git a/core/src/main/java/org/bouncycastle/math/ec/ECCurve.java b/core/src/main/java/org/bouncycastle/math/ec/ECCurve.java
@@ -596,9 +596,14 @@ protected AbstractFp(BigInteger q)
             super(FiniteFields.getPrimeField(q));
         }
 
+        public BigInteger getQ()
+        {
+            return getField().getCharacteristic();
+        }
+
         public boolean isValidFieldElement(BigInteger x)
         {
-            return x != null && x.signum() >= 0 && x.compareTo(this.getField().getCharacteristic()) < 0;
+            return x != null && x.signum() >= 0 && x.compareTo(getQ()) < 0;
         }
 
         public ECFieldElement randomFieldElement(SecureRandom r)
@@ -607,7 +612,7 @@ public ECFieldElement randomFieldElement(SecureRandom r)
              * NOTE: BigInteger comparisons in the rejection sampling are not constant-time, so we
              * use the product of two independent elements to mitigate side-channels.
              */
-            BigInteger p = getField().getCharacteristic();
+            BigInteger p = getQ();
             ECFieldElement fe1 = fromBigInteger(implRandomFieldElement(r, p));
             ECFieldElement fe2 = fromBigInteger(implRandomFieldElement(r, p));
             return fe1.multiply(fe2);
@@ -619,7 +624,7 @@ public ECFieldElement randomFieldElementMult(SecureRandom r)
              * NOTE: BigInteger comparisons in the rejection sampling are not constant-time, so we
              * use the product of two independent elements to mitigate side-channels.
              */
-            BigInteger p = getField().getCharacteristic();
+            BigInteger p = getQ();
             ECFieldElement fe1 = fromBigInteger(implRandomFieldElementMult(r, p));
             ECFieldElement fe2 = fromBigInteger(implRandomFieldElementMult(r, p));
             return fe1.multiply(fe2);
@@ -702,12 +707,11 @@ public Fp(BigInteger q, BigInteger a, BigInteger b, BigInteger order, BigInteger
 
             if (isInternal)
             {
-                this.q = q;
                 knownQs.add(q);
             }
             else if (knownQs.contains(q) || validatedQs.contains(q))
             {
-                this.q = q;
+                // No need to validate
             }
             else
             {
@@ -727,10 +731,9 @@ else if (knownQs.contains(q) || validatedQs.contains(q))
                 }
 
                 validatedQs.add(q);
-
-                this.q = q;
             }
 
+            this.q = q;
             this.r = ECFieldElement.Fp.calculateResidue(q);
             this.infinity = new ECPoint.Fp(this, null, null);
 
diff --git a/core/src/main/jdk1.2/org/bouncycastle/math/ec/ECCurve.java b/core/src/main/jdk1.2/org/bouncycastle/math/ec/ECCurve.java
@@ -596,9 +596,14 @@ protected AbstractFp(BigInteger q)
             super(FiniteFields.getPrimeField(q));
         }
 
+        public BigInteger getQ()
+        {
+            return getField().getCharacteristic();
+        }
+
         public boolean isValidFieldElement(BigInteger x)
         {
-            return x != null && x.signum() >= 0 && x.compareTo(this.getField().getCharacteristic()) < 0;
+            return x != null && x.signum() >= 0 && x.compareTo(this.getQ()) < 0;
         }
 
         public ECFieldElement randomFieldElement(SecureRandom r)
@@ -607,7 +612,7 @@ public ECFieldElement randomFieldElement(SecureRandom r)
              * NOTE: BigInteger comparisons in the rejection sampling are not constant-time, so we
              * use the product of two independent elements to mitigate side-channels.
              */
-            BigInteger p = this.getField().getCharacteristic();
+            BigInteger p = this.getQ();
             ECFieldElement fe1 = this.fromBigInteger(implRandomFieldElement(r, p));
             ECFieldElement fe2 = this.fromBigInteger(implRandomFieldElement(r, p));
             return fe1.multiply(fe2);
@@ -619,7 +624,7 @@ public ECFieldElement randomFieldElementMult(SecureRandom r)
              * NOTE: BigInteger comparisons in the rejection sampling are not constant-time, so we
              * use the product of two independent elements to mitigate side-channels.
              */
-            BigInteger p = this.getField().getCharacteristic();
+            BigInteger p = this.getQ();
             ECFieldElement fe1 = this.fromBigInteger(implRandomFieldElementMult(r, p));
             ECFieldElement fe2 = this.fromBigInteger(implRandomFieldElementMult(r, p));
             return fe1.multiply(fe2);
@@ -702,12 +707,11 @@ public Fp(BigInteger q, BigInteger a, BigInteger b, BigInteger order, BigInteger
 
             if (isInternal)
             {
-                this.q = q;
                 knownQs.add(q);
             }
             else if (knownQs.contains(q) || validatedQs.contains(q))
             {
-                this.q = q;
+                // No need to validate
             }
             else
             {
@@ -727,10 +731,9 @@ else if (knownQs.contains(q) || validatedQs.contains(q))
                 }
 
                 validatedQs.add(q);
-
-                this.q = q;
             }
 
+            this.q = q;
             this.r = ECFieldElement.Fp.calculateResidue(q);
             this.infinity = new ECPoint.Fp(this, null, null);
 
diff --git a/pkix/src/main/jdk1.4/org/bouncycastle/eac/jcajce/JcaPublicKeyConverter.java b/pkix/src/main/jdk1.4/org/bouncycastle/eac/jcajce/JcaPublicKeyConverter.java
@@ -132,7 +132,7 @@ public PublicKeyDataObject getPublicKeyDataObject(ASN1ObjectIdentifier usage, Pu
 
             return new ECDSAPublicKey(
                 usage,
-                curve.getField().getCharacteristic(),
+                curve.getQ(),
                 curve.getA().toBigInteger(),
                 curve.getB().toBigInteger(),
                 params.getG().getEncoded(false),
diff --git a/prov/src/test/java/org/bouncycastle/jce/provider/test/DetDSATest.java b/prov/src/test/java/org/bouncycastle/jce/provider/test/DetDSATest.java
@@ -14,8 +14,8 @@
 
 import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.nist.NISTNamedCurves;
 import org.bouncycastle.asn1.x9.X9ECParameters;
+import org.bouncycastle.crypto.ec.CustomNamedCurves;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.math.ec.ECCurve;
 import org.bouncycastle.util.encoders.Hex;
@@ -78,13 +78,16 @@ private void doTestHMACDetDSATest(String algName, PrivateKey privKey, BigInteger
     private void testECHMacDeterministic()
         throws Exception
     {
-        X9ECParameters x9ECParameters = NISTNamedCurves.getByName("P-192");
-        ECCurve curve = x9ECParameters.getCurve();
+        X9ECParameters x9ECParameters = CustomNamedCurves.getByName("P-192");
+        ECCurve.AbstractFp curve = (ECCurve.AbstractFp)x9ECParameters.getCurve();
+        BigInteger q = curve.getQ();
+
+        org.bouncycastle.math.ec.ECPoint g = x9ECParameters.getG().normalize();
 
         ECPrivateKeySpec privKeySpec = new ECPrivateKeySpec(new BigInteger("6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4", 16),
             new ECParameterSpec(
-                new EllipticCurve(new ECFieldFp(((ECCurve.Fp)curve).getQ()), curve.getA().toBigInteger(), curve.getB().toBigInteger(), null),
-                new ECPoint(x9ECParameters.getG().getXCoord().toBigInteger(), x9ECParameters.getG().getYCoord().toBigInteger()),
+                new EllipticCurve(new ECFieldFp(q), curve.getA().toBigInteger(), curve.getB().toBigInteger(), null),
+                new ECPoint(g.getAffineXCoord().toBigInteger(), g.getAffineYCoord().toBigInteger()),
                 x9ECParameters.getN(), x9ECParameters.getH().intValue())
             );
 

Original file line number	Diff line number	Diff line change
`@@ -593,9 +593,14 @@ protected AbstractFp(BigInteger q)`
`593`	`593`	`super(FiniteFields.getPrimeField(q));`
`594`	`594`	`}`
`595`	`595`
	`596`	`+ public BigInteger getQ()`
	`597`	`+ {`
	`598`	`+ return getField().getCharacteristic();`
	`599`	`+ }`
	`600`	`+`
`596`	`601`	`public boolean isValidFieldElement(BigInteger x)`
`597`	`602`	`{`
`598`		`- return x != null && x.signum() >= 0 && x.compareTo(this.getField().getCharacteristic()) < 0;`
	`603`	`+ return x != null && x.signum() >= 0 && x.compareTo(this.getQ()) < 0;`
`599`	`604`	`}`
`600`	`605`
`601`	`606`	`public ECFieldElement randomFieldElement(SecureRandom r)`
`@@ -604,7 +609,7 @@ public ECFieldElement randomFieldElement(SecureRandom r)`
`604`	`609`	`* NOTE: BigInteger comparisons in the rejection sampling are not constant-time, so we`
`605`	`610`	`* use the product of two independent elements to mitigate side-channels.`
`606`	`611`	`*/`
`607`		`- BigInteger p = this.getField().getCharacteristic();`
	`612`	`+ BigInteger p = this.getQ();`
`608`	`613`	`ECFieldElement fe1 = this.fromBigInteger(implRandomFieldElement(r, p));`
`609`	`614`	`ECFieldElement fe2 = this.fromBigInteger(implRandomFieldElement(r, p));`
`610`	`615`	`return fe1.multiply(fe2);`
`@@ -616,7 +621,7 @@ public ECFieldElement randomFieldElementMult(SecureRandom r)`
`616`	`621`	`* NOTE: BigInteger comparisons in the rejection sampling are not constant-time, so we`
`617`	`622`	`* use the product of two independent elements to mitigate side-channels.`
`618`	`623`	`*/`
`619`		`- BigInteger p = this.getField().getCharacteristic();`
	`624`	`+ BigInteger p = this.getQ();`
`620`	`625`	`ECFieldElement fe1 = this.fromBigInteger(implRandomFieldElementMult(r, p));`
`621`	`626`	`ECFieldElement fe2 = this.fromBigInteger(implRandomFieldElementMult(r, p));`
`622`	`627`	`return fe1.multiply(fe2);`
`@@ -699,12 +704,11 @@ public Fp(BigInteger q, BigInteger a, BigInteger b, BigInteger order, BigInteger`
`699`	`704`
`700`	`705`	`if (isInternal)`
`701`	`706`	`{`
`702`		`- this.q = q;`
`703`	`707`	`knownQs.add(q);`
`704`	`708`	`}`
`705`	`709`	`else if (knownQs.contains(q) \|\| validatedQs.contains(q))`
`706`	`710`	`{`
`707`		`- this.q = q;`
	`711`	`+ // No need to validate`
`708`	`712`	`}`
`709`	`713`	`else`
`710`	`714`	`{`
`@@ -724,10 +728,9 @@ else if (knownQs.contains(q) \|\| validatedQs.contains(q))`
`724`	`728`	`}`
`725`	`729`
`726`	`730`	`validatedQs.add(q);`
`727`		`-`
`728`		`- this.q = q;`
`729`	`731`	`}`
`730`	`732`
	`733`	`+ this.q = q;`
`731`	`734`	`this.r = ECFieldElement.Fp.calculateResidue(q);`
`732`	`735`	`this.infinity = new ECPoint.Fp(this, null, null);`
`733`	`736`
Original file line number	Diff line number	Diff line change
`@@ -159,7 +159,7 @@ public BigInteger getH()`
`159`	`159`
`160`	`160`	`public BigInteger getQ()`
`161`	`161`	`{`
`162`		`- return curve.getField().getCharacteristic();`
	`162`	`+ return curve.getQ();`
`163`	`163`	`}`
`164`	`164`
`165`	`165`	`private static BigInteger calculateDeterminant(BigInteger q, BigInteger a, BigInteger b)`
Original file line number	Diff line number	Diff line change
`@@ -596,9 +596,14 @@ protected AbstractFp(BigInteger q)`
`596`	`596`	`super(FiniteFields.getPrimeField(q));`
`597`	`597`	`}`
`598`	`598`
	`599`	`+ public BigInteger getQ()`
	`600`	`+ {`
	`601`	`+ return getField().getCharacteristic();`
	`602`	`+ }`
	`603`	`+`
`599`	`604`	`public boolean isValidFieldElement(BigInteger x)`
`600`	`605`	`{`
`601`		`- return x != null && x.signum() >= 0 && x.compareTo(this.getField().getCharacteristic()) < 0;`
	`606`	`+ return x != null && x.signum() >= 0 && x.compareTo(getQ()) < 0;`
`602`	`607`	`}`
`603`	`608`
`604`	`609`	`public ECFieldElement randomFieldElement(SecureRandom r)`
`@@ -607,7 +612,7 @@ public ECFieldElement randomFieldElement(SecureRandom r)`
`607`	`612`	`* NOTE: BigInteger comparisons in the rejection sampling are not constant-time, so we`
`608`	`613`	`* use the product of two independent elements to mitigate side-channels.`
`609`	`614`	`*/`
`610`		`- BigInteger p = getField().getCharacteristic();`
	`615`	`+ BigInteger p = getQ();`
`611`	`616`	`ECFieldElement fe1 = fromBigInteger(implRandomFieldElement(r, p));`
`612`	`617`	`ECFieldElement fe2 = fromBigInteger(implRandomFieldElement(r, p));`
`613`	`618`	`return fe1.multiply(fe2);`
`@@ -619,7 +624,7 @@ public ECFieldElement randomFieldElementMult(SecureRandom r)`
`619`	`624`	`* NOTE: BigInteger comparisons in the rejection sampling are not constant-time, so we`
`620`	`625`	`* use the product of two independent elements to mitigate side-channels.`
`621`	`626`	`*/`
`622`		`- BigInteger p = getField().getCharacteristic();`
	`627`	`+ BigInteger p = getQ();`
`623`	`628`	`ECFieldElement fe1 = fromBigInteger(implRandomFieldElementMult(r, p));`
`624`	`629`	`ECFieldElement fe2 = fromBigInteger(implRandomFieldElementMult(r, p));`
`625`	`630`	`return fe1.multiply(fe2);`
`@@ -702,12 +707,11 @@ public Fp(BigInteger q, BigInteger a, BigInteger b, BigInteger order, BigInteger`
`702`	`707`
`703`	`708`	`if (isInternal)`
`704`	`709`	`{`
`705`		`- this.q = q;`
`706`	`710`	`knownQs.add(q);`
`707`	`711`	`}`
`708`	`712`	`else if (knownQs.contains(q) \|\| validatedQs.contains(q))`
`709`	`713`	`{`
`710`		`- this.q = q;`
	`714`	`+ // No need to validate`
`711`	`715`	`}`
`712`	`716`	`else`
`713`	`717`	`{`
`@@ -727,10 +731,9 @@ else if (knownQs.contains(q) \|\| validatedQs.contains(q))`
`727`	`731`	`}`
`728`	`732`
`729`	`733`	`validatedQs.add(q);`
`730`		`-`
`731`		`- this.q = q;`
`732`	`734`	`}`
`733`	`735`
	`736`	`+ this.q = q;`
`734`	`737`	`this.r = ECFieldElement.Fp.calculateResidue(q);`
`735`	`738`	`this.infinity = new ECPoint.Fp(this, null, null);`
`736`	`739`