Add ECCSI key generator process

gefeili · dghgit · commit b05a7b508d22 · 2025-03-09T08:14:28.000Z
diff --git a/core/src/main/java/org/bouncycastle/crypto/generators/ECCSIKeyPairGenerator.java b/core/src/main/java/org/bouncycastle/crypto/generators/ECCSIKeyPairGenerator.java
@@ -0,0 +1,78 @@
+package org.bouncycastle.crypto.generators;
+
+import java.math.BigInteger;
+import java.security.SecureRandom;
+
+import org.bouncycastle.asn1.x9.X9ECParameters;
+import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
+import org.bouncycastle.crypto.AsymmetricCipherKeyPairGenerator;
+import org.bouncycastle.crypto.CryptoServicePurpose;
+import org.bouncycastle.crypto.CryptoServicesRegistrar;
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.KeyGenerationParameters;
+import org.bouncycastle.crypto.constraints.DefaultServiceProperties;
+import org.bouncycastle.crypto.digests.SHA256Digest;
+import org.bouncycastle.crypto.ec.CustomNamedCurves;
+import org.bouncycastle.crypto.params.ECCSIKeyGenerationParameters;
+import org.bouncycastle.crypto.params.ECCSIPrivateKeyParameters;
+import org.bouncycastle.crypto.params.ECCSIPublicKeyParameters;
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.ECPoint;
+
+public class ECCSIKeyPairGenerator
+    implements AsymmetricCipherKeyPairGenerator
+{
+    // Initialize NIST P-256 curve
+    private static final X9ECParameters params = CustomNamedCurves.getByName("secP256r1");
+    private static final ECCurve curve = params.getCurve();
+
+    private static final BigInteger q = ((ECCurve.Fp)curve).getQ();
+
+    //BigInteger p = ((ECCurve.Fp)curve).getOrder();
+
+    // The subgroup order is available as:
+    //BigInteger n = params.getN();
+
+    // And the base point (generator) is:
+    private static final ECPoint G = params.getG();
+    //int N = 32; // 256 bits
+
+    private ECCSIKeyGenerationParameters parameters;
+
+    @Override
+    public void init(KeyGenerationParameters parameters)
+    {
+        this.parameters = (ECCSIKeyGenerationParameters)parameters;
+
+        CryptoServicesRegistrar.checkConstraints(new DefaultServiceProperties("ECCSI", 256, null, CryptoServicePurpose.KEYGEN));
+    }
+
+    @Override
+    public AsymmetricCipherKeyPair generateKeyPair()
+    {
+        SecureRandom random = parameters.getRandom();
+        byte[] id = parameters.getId();
+        ECPoint kpak = parameters.getKPAK();
+        // 1) Choose v, a random (ephemeral) non-zero element of F_q;
+        BigInteger v = new BigInteger(256, random).mod(q);
+        // 2) Compute PVT = [v]G
+        ECPoint pvt = G.multiply(v).normalize();
+
+        // 3) Compute a hash value HS = hash( G || KPAK || ID || PVT ), an N-octet integer;
+        Digest digest = new SHA256Digest();
+        byte[] tmp = G.getEncoded(false);
+        digest.update(tmp, 0, tmp.length);
+        tmp = kpak.getEncoded(false);
+        digest.update(tmp, 0, tmp.length);
+        digest.update(id, 0, id.length);
+        tmp = pvt.getEncoded(false);
+        digest.update(tmp, 0, tmp.length);
+        tmp = new byte[digest.getDigestSize()];
+        digest.doFinal(tmp, 0);
+        BigInteger HS = new BigInteger(1, tmp).mod(q);
+
+        // 4) Compute SSK = ( KSAK + HS * v ) modulo q;
+        BigInteger ssk = parameters.computeSSK(HS.multiply(v));
+        return new AsymmetricCipherKeyPair(new ECCSIPublicKeyParameters(pvt), new ECCSIPrivateKeyParameters(ssk));
+    }
+}
diff --git a/core/src/main/java/org/bouncycastle/crypto/params/ECCSIKeyGenerationParameters.java b/core/src/main/java/org/bouncycastle/crypto/params/ECCSIKeyGenerationParameters.java
@@ -0,0 +1,60 @@
+package org.bouncycastle.crypto.params;
+
+import java.math.BigInteger;
+import java.security.SecureRandom;
+
+import org.bouncycastle.asn1.x9.X9ECParameters;
+import org.bouncycastle.crypto.KeyGenerationParameters;
+import org.bouncycastle.crypto.ec.CustomNamedCurves;
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.ECPoint;
+import org.bouncycastle.util.Arrays;
+
+public class ECCSIKeyGenerationParameters
+    extends KeyGenerationParameters
+{
+    private static final X9ECParameters params = CustomNamedCurves.getByName("secP256r1");
+    private static final ECCurve curve = params.getCurve();
+
+    private static final BigInteger q = ((ECCurve.Fp)curve).getQ();
+
+    //BigInteger p = ((ECCurve.Fp)curve).getOrder();
+
+    // The subgroup order is available as:
+    //BigInteger n = params.getN();
+
+    // And the base point (generator) is:
+    private static final ECPoint G = params.getG();
+    private final byte[] id;
+    private final BigInteger ksak;
+    private final ECPoint kpak;
+
+    /**
+     * initialise the generator with a source of randomness
+     * and a strength (in bits).
+     *
+     * @param random the random byte source.
+     */
+    public ECCSIKeyGenerationParameters(SecureRandom random, byte[] id)
+    {
+        super(random, 256);
+        this.id = Arrays.clone(id);
+        this.ksak = new BigInteger(256, random).mod(q);
+        this.kpak = G.multiply(ksak).normalize();
+    }
+
+    public byte[] getId()
+    {
+        return id;
+    }
+
+    public ECPoint getKPAK()
+    {
+        return kpak;
+    }
+
+    public BigInteger computeSSK(BigInteger hs_v)
+    {
+        return ksak.add(hs_v).mod(q);
+    }
+}
diff --git a/core/src/main/java/org/bouncycastle/crypto/params/ECCSIPrivateKeyParameters.java b/core/src/main/java/org/bouncycastle/crypto/params/ECCSIPrivateKeyParameters.java
@@ -0,0 +1,14 @@
+package org.bouncycastle.crypto.params;
+
+import java.math.BigInteger;
+
+public class ECCSIPrivateKeyParameters
+    extends AsymmetricKeyParameter
+{
+    private final BigInteger ssk;
+    public ECCSIPrivateKeyParameters(BigInteger ssk)
+    {
+        super(true);
+        this.ssk = ssk;
+    }
+}
diff --git a/core/src/main/java/org/bouncycastle/crypto/params/ECCSIPublicKeyParameters.java b/core/src/main/java/org/bouncycastle/crypto/params/ECCSIPublicKeyParameters.java
@@ -0,0 +1,14 @@
+package org.bouncycastle.crypto.params;
+
+import org.bouncycastle.math.ec.ECPoint;
+
+public class ECCSIPublicKeyParameters
+    extends AsymmetricKeyParameter
+{
+    private final ECPoint pvt;
+    public ECCSIPublicKeyParameters(ECPoint pvt)
+    {
+        super(false);
+        this.pvt = pvt;
+    }
+}
diff --git a/core/src/main/java/org/bouncycastle/crypto/signers/ECCSISigner.java b/core/src/main/java/org/bouncycastle/crypto/signers/ECCSISigner.java
@@ -0,0 +1,108 @@
+package org.bouncycastle.crypto.signers;
+
+import java.math.BigInteger;
+import java.security.SecureRandom;
+
+import org.bouncycastle.asn1.x9.X9ECParameters;
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.CryptoException;
+import org.bouncycastle.crypto.DataLengthException;
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.Signer;
+import org.bouncycastle.crypto.digests.SHA256Digest;
+import org.bouncycastle.crypto.ec.CustomNamedCurves;
+import org.bouncycastle.crypto.params.ECCSIPrivateKeyParameters;
+import org.bouncycastle.crypto.params.ParametersWithRandom;
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.ECPoint;
+import org.bouncycastle.util.BigIntegers;
+
+public class ECCSISigner
+    implements Signer
+{
+    private static final X9ECParameters params = CustomNamedCurves.getByName("secP256r1");
+    private static final ECCurve curve = params.getCurve();
+
+    private static final BigInteger q = ((ECCurve.Fp)curve).getQ();
+
+    //BigInteger p = ((ECCurve.Fp)curve).getOrder();
+
+    // The subgroup order is available as:
+    //BigInteger n = params.getN();
+
+    // And the base point (generator) is:
+    private static final ECPoint G = params.getG();
+    private final Digest digest = new SHA256Digest();
+    BigInteger j;
+    ECPoint J;
+    BigInteger r;
+
+    public ECCSISigner()
+    {
+
+    }
+
+    @Override
+    public void init(boolean forSigning, CipherParameters param)
+    {
+        SecureRandom random = null;
+        if (param instanceof ParametersWithRandom)
+        {
+            random = ((ParametersWithRandom)param).getRandom();
+            param = ((ParametersWithRandom)param).getParameters();
+        }
+
+        if (forSigning)
+        {
+            ECCSIPrivateKeyParameters parameters = (ECCSIPrivateKeyParameters)param;
+
+            j = new BigInteger(256, random).mod(q);
+            J = G.multiply(j).normalize();
+            r = J.getAffineXCoord().toBigInteger();
+            byte[] rBytes = BigIntegers.asUnsignedByteArray(256, r);
+//            BigInteger kpak = parameters
+            byte[] tmp = G.getEncoded(false);
+            digest.update(tmp, 0, tmp.length);
+//            tmp = kpak.getEncoded(false);
+//            digest.update(tmp, 0, tmp.length);
+//            digest.update(id, 0, id.length);
+//            tmp = pvt.getEncoded(false);
+//            digest.update(tmp, 0, tmp.length);
+            tmp = new byte[digest.getDigestSize()];
+            digest.doFinal(tmp, 0);
+            BigInteger HS = new BigInteger(1, tmp).mod(q);
+        }
+
+    }
+
+    @Override
+    public void update(byte b)
+    {
+
+    }
+
+    @Override
+    public void update(byte[] in, int off, int len)
+    {
+
+    }
+
+    @Override
+    public byte[] generateSignature()
+        throws CryptoException, DataLengthException
+    {
+        return new byte[0];
+    }
+
+    @Override
+    public boolean verifySignature(byte[] signature)
+    {
+        return false;
+    }
+
+    @Override
+    public void reset()
+    {
+
+    }
+}
