Add x-coord decoding method to ECPoint

Author: dufkan

JCMathLib/src/opencrypto/jcmathlib/ECPoint.java

@@ -424,7 +424,50 @@ public void negate() {
         ech.unlock(ech.uncompressed_point_arr1);
         PM.check(PM.TRAP_ECPOINT_NEGATE_5);
     }
-    
+
+    /**
+     * Restore point from X coordinate. Stores one of the two results into this point.
+     *
+     * @param xCoord byte array containing the X coordinate
+     * @param xOffset offset in the byte array
+     * @param xLen length of the X coordinate
+     */
+    public void from_x(byte[] xCoord, short xOffset, short xLen) {
+        ech.fnc_from_x_x.lock();
+        ech.fnc_from_x_x.set_size(xLen);
+        ech.fnc_from_x_x.from_byte_array(xLen, (short) 0, xCoord, xOffset);
+        from_x(ech.fnc_from_x_x);
+        ech.fnc_from_x_x.unlock();
+    }
+
+    /**
+     * Restore point from X coordinate. Stores one of the two results into this point.
+     *
+     * @param x the x coordinate
+     */
+    private void from_x(Bignat x) {
+        //Y^2 = X^3 + XA + B = x(x^2+A)+B
+        ech.fnc_from_x_y_sq.lock();
+        ech.fnc_from_x_y_sq.clone(x);
+        ech.fnc_from_x_y_sq.mod_exp(Bignat_Helper.TWO, this.theCurve.pBN);
+        ech.fnc_from_x_y_sq.mod_add(this.theCurve.aBN, this.theCurve.pBN);
+        ech.fnc_from_x_y_sq.mod_mult(ech.fnc_from_x_y_sq, x, this.theCurve.pBN);
+        ech.fnc_from_x_y_sq.mod_add(this.theCurve.bBN, this.theCurve.pBN);
+        ech.fnc_from_x_y.lock();
+        ech.fnc_from_x_y.clone(ech.fnc_from_x_y_sq);
+        ech.fnc_from_x_y_sq.unlock();
+        ech.fnc_from_x_y.sqrt_FP(this.theCurve.pBN);
+
+        // Construct public key with <x, y_1>
+        ech.lock(ech.uncompressed_point_arr1);
+        ech.uncompressed_point_arr1[0] = 0x04;
+        x.prepend_zeros(this.theCurve.COORD_SIZE, ech.uncompressed_point_arr1, (short) 1);
+        ech.fnc_from_x_y.prepend_zeros(this.theCurve.COORD_SIZE, ech.uncompressed_point_arr1, (short) (1 + theCurve.COORD_SIZE));
+        ech.fnc_from_x_y.unlock();
+        this.setW(ech.uncompressed_point_arr1, (short) 0, theCurve.POINT_SIZE);
+        ech.unlock(ech.uncompressed_point_arr1);
+    }
+
     /**
      * Compares this and provided point for equality. The comparison is made using hash of both values to prevent leak of position of mismatching byte.
      * @param other second point for comparison

JCMathLib/src/opencrypto/jcmathlib/ECPoint_Helper.java

@@ -6,7 +6,7 @@
 
 /**
  *
-* @author Petr Svenda
+ * @author Petr Svenda
  */
 public class ECPoint_Helper extends Base_Helper {
     // Selected constants missing from older JC API specs 
@@ -19,11 +19,11 @@ public class ECPoint_Helper extends Base_Helper {
      * set automatically after successful allocation of required engines
      */
     public boolean FLAG_FAST_EC_MULT_VIA_KA = false;
-    
+
     byte[] uncompressed_point_arr1;
     byte[] fnc_isEqual_hashArray;
     byte[] fnc_multiplication_resultArray;
-    
+
     // These Bignats are just pointing to some helperEC_BN_? so reasonable naming is preserved yet no need to actually allocated whole Bignat object
     Bignat fnc_add_x_r; // frequent write
     Bignat fnc_add_y_r; // frequent write
@@ -33,21 +33,25 @@ public class ECPoint_Helper extends Base_Helper {
     Bignat fnc_add_lambda; // write mod_mul (but only final result)
     Bignat fnc_add_nominator; // frequent write
     Bignat fnc_add_denominator; // frequent write
-    
+
     Bignat fnc_multiplication_x; // result write
     Bignat fnc_multiplication_y_sq; // frequent write
     Bignat fnc_multiplication_scalar; // write once, read
     Bignat fnc_multiplication_y1; // mostly just read, write inside sqrt_FP
     Bignat fnc_multiplication_y2; // mostly just read, result write
     Bignat fnc_negate_yBN; // mostly just read, result write
-    
+
+    Bignat fnc_from_x_x;
+    Bignat fnc_from_x_y_sq;
+    Bignat fnc_from_x_y;
+
     KeyAgreement fnc_multiplication_x_keyAgreement;
     Signature    fnc_SignVerifyECDSA_signEngine; 
     MessageDigest fnc_isEqual_hashEngine;
-    
+
     public ECPoint_Helper(ResourceManager rm) {
         super(rm);
-        
+
         FLAG_FAST_EC_MULT_VIA_KA = false; // set true only if succesfully allocated and tested below
         try {
             //fnc_multiplication_x_keyAgreement = KeyAgreement.getInstance(KeyAgreement.ALG_EC_SVDP_DHC, false);
@@ -57,9 +61,9 @@ public ECPoint_Helper(ResourceManager rm) {
             fnc_SignVerifyECDSA_signEngine = Signature.getInstance(Signature_ALG_ECDSA_SHA_256, false);
             FLAG_FAST_EC_MULT_VIA_KA = true;
         } catch (Exception ignored) {
-        } // Discard any exception        
+        } // Discard any exception
     }
-    
+
     void initialize() {
         // Important: assignment of helper BNs is made according to two criteria:
         // 1. Correctness: same BN must not be assigned to overlapping operations (guarded by lock/unlock) 
@@ -74,21 +78,23 @@ void initialize() {
         fnc_add_nominator = rm.helperEC_BN_B;
         fnc_add_denominator = rm.helperEC_BN_C;
         fnc_add_lambda = rm.helperEC_BN_A;
-        
+
         fnc_multiplication_scalar = rm.helperEC_BN_F;
         fnc_multiplication_x = rm.helperEC_BN_B;
         fnc_multiplication_y_sq = rm.helperEC_BN_C;
         fnc_multiplication_y1 = rm.helperEC_BN_D;
         fnc_multiplication_y2 = rm.helperEC_BN_B;
         fnc_multiplication_resultArray = rm.helper_BN_array1;
-        
+
         fnc_negate_yBN = rm.helperEC_BN_C;
-        
+
+        Bignat fnc_from_x_x;
+        Bignat fnc_from_x_y_sq;
+        Bignat fnc_from_x_y;
+
         fnc_isEqual_hashArray = rm.helper_hashArray;
         fnc_isEqual_hashEngine = rm.hashEngine;
 
         uncompressed_point_arr1 = rm.helper_uncompressed_point_arr1;
-        
     }
-    
 }