18212855a312dc8ebe081a3e08b1d2d8f8757af02Brian Carlstrompackage org.bouncycastle.crypto.agreement; 28212855a312dc8ebe081a3e08b1d2d8f8757af02Brian Carlstrom 38212855a312dc8ebe081a3e08b1d2d8f8757af02Brian Carlstromimport java.math.BigInteger; 48212855a312dc8ebe081a3e08b1d2d8f8757af02Brian Carlstrom 58212855a312dc8ebe081a3e08b1d2d8f8757af02Brian Carlstromimport org.bouncycastle.math.ec.ECPoint; 68212855a312dc8ebe081a3e08b1d2d8f8757af02Brian Carlstrom 78212855a312dc8ebe081a3e08b1d2d8f8757af02Brian Carlstromimport org.bouncycastle.crypto.BasicAgreement; 88212855a312dc8ebe081a3e08b1d2d8f8757af02Brian Carlstromimport org.bouncycastle.crypto.CipherParameters; 98212855a312dc8ebe081a3e08b1d2d8f8757af02Brian Carlstromimport org.bouncycastle.crypto.params.ECPublicKeyParameters; 108212855a312dc8ebe081a3e08b1d2d8f8757af02Brian Carlstromimport org.bouncycastle.crypto.params.ECPrivateKeyParameters; 118212855a312dc8ebe081a3e08b1d2d8f8757af02Brian Carlstrom 128212855a312dc8ebe081a3e08b1d2d8f8757af02Brian Carlstrom/** 138212855a312dc8ebe081a3e08b1d2d8f8757af02Brian Carlstrom * P1363 7.2.1 ECSVDP-DH 148212855a312dc8ebe081a3e08b1d2d8f8757af02Brian Carlstrom * 158212855a312dc8ebe081a3e08b1d2d8f8757af02Brian Carlstrom * ECSVDP-DH is Elliptic Curve Secret Value Derivation Primitive, 168212855a312dc8ebe081a3e08b1d2d8f8757af02Brian Carlstrom * Diffie-Hellman version. It is based on the work of [DH76], [Mil86], 178212855a312dc8ebe081a3e08b1d2d8f8757af02Brian Carlstrom * and [Kob87]. This primitive derives a shared secret value from one 188212855a312dc8ebe081a3e08b1d2d8f8757af02Brian Carlstrom * party's private key and another party's public key, where both have 198212855a312dc8ebe081a3e08b1d2d8f8757af02Brian Carlstrom * the same set of EC domain parameters. If two parties correctly 208212855a312dc8ebe081a3e08b1d2d8f8757af02Brian Carlstrom * execute this primitive, they will produce the same output. This 218212855a312dc8ebe081a3e08b1d2d8f8757af02Brian Carlstrom * primitive can be invoked by a scheme to derive a shared secret key; 228212855a312dc8ebe081a3e08b1d2d8f8757af02Brian Carlstrom * specifically, it may be used with the schemes ECKAS-DH1 and 238212855a312dc8ebe081a3e08b1d2d8f8757af02Brian Carlstrom * DL/ECKAS-DH2. It assumes that the input keys are valid (see also 248212855a312dc8ebe081a3e08b1d2d8f8757af02Brian Carlstrom * Section 7.2.2). 258212855a312dc8ebe081a3e08b1d2d8f8757af02Brian Carlstrom */ 268212855a312dc8ebe081a3e08b1d2d8f8757af02Brian Carlstrompublic class ECDHBasicAgreement 278212855a312dc8ebe081a3e08b1d2d8f8757af02Brian Carlstrom implements BasicAgreement 288212855a312dc8ebe081a3e08b1d2d8f8757af02Brian Carlstrom{ 298212855a312dc8ebe081a3e08b1d2d8f8757af02Brian Carlstrom private ECPrivateKeyParameters key; 308212855a312dc8ebe081a3e08b1d2d8f8757af02Brian Carlstrom 318212855a312dc8ebe081a3e08b1d2d8f8757af02Brian Carlstrom public void init( 328212855a312dc8ebe081a3e08b1d2d8f8757af02Brian Carlstrom CipherParameters key) 338212855a312dc8ebe081a3e08b1d2d8f8757af02Brian Carlstrom { 348212855a312dc8ebe081a3e08b1d2d8f8757af02Brian Carlstrom this.key = (ECPrivateKeyParameters)key; 358212855a312dc8ebe081a3e08b1d2d8f8757af02Brian Carlstrom } 368212855a312dc8ebe081a3e08b1d2d8f8757af02Brian Carlstrom 378212855a312dc8ebe081a3e08b1d2d8f8757af02Brian Carlstrom public BigInteger calculateAgreement( 388212855a312dc8ebe081a3e08b1d2d8f8757af02Brian Carlstrom CipherParameters pubKey) 398212855a312dc8ebe081a3e08b1d2d8f8757af02Brian Carlstrom { 408212855a312dc8ebe081a3e08b1d2d8f8757af02Brian Carlstrom ECPublicKeyParameters pub = (ECPublicKeyParameters)pubKey; 418212855a312dc8ebe081a3e08b1d2d8f8757af02Brian Carlstrom ECPoint P = pub.getQ().multiply(key.getD()); 428212855a312dc8ebe081a3e08b1d2d8f8757af02Brian Carlstrom 438212855a312dc8ebe081a3e08b1d2d8f8757af02Brian Carlstrom // if (p.isInfinity()) throw new RuntimeException("d*Q == infinity"); 448212855a312dc8ebe081a3e08b1d2d8f8757af02Brian Carlstrom 458212855a312dc8ebe081a3e08b1d2d8f8757af02Brian Carlstrom return P.getX().toBigInteger(); 468212855a312dc8ebe081a3e08b1d2d8f8757af02Brian Carlstrom } 478212855a312dc8ebe081a3e08b1d2d8f8757af02Brian Carlstrom} 48