Package com.nimbusds.jose.crypto.utils

Class ECChecks

  • public class ECChecks
extends java.lang.Object
    Elliptic curve checks.
    Version:
    2017-04-13
    Author:
    Vladimir Dzhuvinov

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static boolean isPointOnCurve​(java.math.BigInteger x, java.math.BigInteger y, java.security.spec.ECParameterSpec ecParameterSpec)
      Checks if the specified (ephemeral) public key is on the given curve.
      static boolean isPointOnCurve​(java.security.interfaces.ECPublicKey publicKey, java.security.interfaces.ECPrivateKey privateKey)
      Checks if the specified (ephemeral) public key is on the curve of the private key.
      static boolean isPointOnCurve​(java.security.interfaces.ECPublicKey publicKey, java.security.spec.ECParameterSpec ecParameterSpec)
      Checks if the specified (ephemeral) public key is on the given curve.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Method Detail

      • isPointOnCurve

        public static boolean isPointOnCurve​(java.security.interfaces.ECPublicKey publicKey,
                                     java.security.interfaces.ECPrivateKey privateKey)
        Checks if the specified (ephemeral) public key is on the curve of the private key. Intended to prevent an "Invalid Curve Attack", independent from any JCA provider checks (the SUN provider in Java 1.8.0_51+ and BouncyCastle have them, other / older provider do not).

        See https://www.cs.bris.ac.uk/Research/CryptographySecurity/RWC/2017/nguyen.quan.pdf

        Parameters:
        publicKey - The public EC key. Must not be null.
        privateKey - The private EC key. Must not be null.
        Returns:
        true if public key passed the curve check.

      • isPointOnCurve

        public static boolean isPointOnCurve​(java.security.interfaces.ECPublicKey publicKey,
                                     java.security.spec.ECParameterSpec ecParameterSpec)
        Checks if the specified (ephemeral) public key is on the given curve. Intended to prevent an "Invalid Curve Attack", independent from any JCA provider checks (the SUN provider in Java 1.8.0_51+ and BouncyCastle have them, other / older provider do not).

        See https://www.cs.bris.ac.uk/Research/CryptographySecurity/RWC/2017/nguyen.quan.pdf

        Parameters:
        publicKey - The public EC key. Must not be null.
        ecParameterSpec - The EC spec. Must not be null.
        Returns:
        true if public key passed the curve check.

      • isPointOnCurve

        public static boolean isPointOnCurve​(java.math.BigInteger x,
                                     java.math.BigInteger y,
                                     java.security.spec.ECParameterSpec ecParameterSpec)
        Checks if the specified (ephemeral) public key is on the given curve. Intended to prevent an "Invalid Curve Attack", independent from any JCA provider checks (the SUN provider in Java 1.8.0_51+ and BouncyCastle have them, other / older provider do not).

        See https://www.cs.bris.ac.uk/Research/CryptographySecurity/RWC/2017/nguyen.quan.pdf

        Parameters:
        x - The public EC x coordinate. Must not be null.
        y - The public EC y coordinate. Must not be null.
        ecParameterSpec - The EC spec. Must not be null.
        Returns:
        true if public key passed the curve check.