堆栈内存溢出
  简体   繁体   English

在javacard上使用Curve25519

[英]Using Curve25519 on javacard

 原文  2015-08-04 11:03:55       encryption/ signature/ javacard/ curve-25519

问题描述

I'm looking into using curve25519 on a javacard 3.0.4 but I got stuck and I have the following questions: 我正在研究在javacard 3.0.4上使用curve25519但是我遇到了问题,我有以下问题:

Does javacard 3.0.4 support such a curve? javacard 3.0.4是否支持这样的曲线?

What I've tried so far was to convert the Montgomery equation to a Weierstrass equation. 到目前为止我所尝试的是将蒙哥马利方程转换为Weierstrass方程。 Doing this and using Bernstein's website I got the following parameters: 这样做并使用Bernstein的网站我得到了以下参数: 

p  = 0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed
a  = 0x2aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa984914a144
b  = 0x7b425ed097b425ed097b425ed097b425ed097b425ed097b4260b5e9c7710c864
r  = 0x1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed
Gx = 0x9
Gy = 0x20ae19a1b8a086b4e01edd2c7748d14c923d4d7e6d7c61b229e9c5a27eced3d9

As I found some other values on the internet I also tried with 当我在互联网上找到一些其他价值观时,我也试过了 

Gx: 0x2aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaad245a

Then I followed the implementation from ykneo-curves and ended up with this: 然后我跟着ykneo-curves的实现,最后得到了这个: 

public class Curve25519 {

   public final static byte[] p = { // 32 bytes
        (byte) 0x7f, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff,
        (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff,
        (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff,
        (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xed };

   public final static byte[] a = { // 32 bytes
        (byte) 0x2a, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa,
        (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa,
        (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa,
        (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0x98, (byte) 0x49, (byte) 0x14, (byte) 0xa1, (byte) 0x44 };

   public final static byte[] b = { // 32 bytes
        (byte) 0x7b, (byte) 0x42, (byte) 0x5e, (byte) 0xd0, (byte) 0x97, (byte) 0xb4, (byte) 0x25, (byte) 0xed,
        (byte) 0x09, (byte) 0x7b, (byte) 0x42, (byte) 0x5e, (byte) 0xd0, (byte) 0x97, (byte) 0xb4, (byte) 0x25,
        (byte) 0xed, (byte) 0x09, (byte) 0x7b, (byte) 0x42, (byte) 0x5e, (byte) 0xd0, (byte) 0x97, (byte) 0xb4,
        (byte) 0x26, (byte) 0x0b, (byte) 0x5e, (byte) 0x9c, (byte) 0x77, (byte) 0x10, (byte) 0xc8, (byte) 0x64 };

   public final static byte[] G = { // 65 bytes
        (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
        (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
        (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
        (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
        (byte) 0x09, (byte) 0x20, (byte) 0xae, (byte) 0x19, (byte) 0xa1, (byte) 0xb8, (byte) 0xa0, (byte) 0x86,
        (byte) 0xb4, (byte) 0xe0, (byte) 0x1e, (byte) 0xdd, (byte) 0x2c, (byte) 0x77, (byte) 0x48, (byte) 0xd1,
        (byte) 0x4c, (byte) 0x92, (byte) 0x3d, (byte) 0x4d, (byte) 0x7e, (byte) 0x6d, (byte) 0x7c, (byte) 0x61,
        (byte) 0xb2, (byte) 0x29, (byte) 0xe9, (byte) 0xc5, (byte) 0xa2, (byte) 0x7e, (byte) 0xce, (byte) 0xd3,
        (byte) 0xd9 };

   public final static byte[] r = { // 32 bytes
        (byte) 0x10, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
        (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
        (byte) 0x14, (byte) 0xde, (byte) 0xf9, (byte) 0xde, (byte) 0xa2, (byte) 0xf7, (byte) 0x9c, (byte) 0xd6,
        (byte) 0x58, (byte) 0x12, (byte) 0x63, (byte) 0x1a, (byte) 0x5c, (byte) 0xf5, (byte) 0xd3, (byte) 0xed };

   static public KeyPair newKeyPair() {
      KeyPair kp = new KeyPair(KeyPair.ALG_EC_FP, (short) 256);

      ECPrivateKey ecPrv = (ECPrivateKey) kp.getPrivate();
      ECPublicKey ecPub = (ECPublicKey) kp.getPublic();

      ecPrv.setFieldFP(p, (short) 0, (short) p.length);
      ecPrv.setA(a, (short) 0, (short) a.length);
      ecPrv.setB(b, (short) 0, (short) b.length);
      ecPrv.setG(G, (short) 0, (short) G.length);
      ecPrv.setR(r, (short) 0, (short) r.length);

      ecPub.setFieldFP(p, (short) 0, (short) p.length);
      ecPub.setA(a, (short) 0, (short) a.length);
      ecPub.setB(b, (short) 0, (short) b.length);
      ecPub.setG(G, (short) 0, (short) G.length);
      ecPub.setR(r, (short) 0, (short) r.length);

      return kp;
   }
}

In the applet I have the following code: 在applet中我有以下代码: 

private MyApplet(byte[] bArray, short bOffset, byte bLength) {
    ecKeyPair = Curve25519.newKeyPair();
    ecKeyPair.genKeyPair();
    register();
}
public static void install(byte[] bArray, short bOffset, byte bLength) {
        new MyApplet(bArray, bOffset, bLength);
}

When I try to install it on the javacard using GPP I get the following exception: 当我尝试使用GPP在javacard上安装它时,我得到以下异常: 

pro.javacard.gp.GPException: Install for Install and make selectable failed SW: 6F00
        at pro.javacard.gp.GlobalPlatform.check(GlobalPlatform.java:1092)
        at pro.javacard.gp.GlobalPlatform.installAndMakeSelectable(GlobalPlatform.java:798
)
        at pro.javacard.gp.GPTool.main(GPTool.java:478)

Can I use Curve25519 keypairs for ECDSA javacard signing? 我可以使用Curve25519密钥对进行ECDSA javacard签名吗?

2 个解决方案

解决方案1
 3  2015-08-04 13:46:05

No, such curves are not directly supported. 不,不直接支持这样的曲线。

All Java Card Elliptic Curve facilities use the Weierstraß equation which is 所有Java Card Elliptic Curve工具都使用Weierstraß方程

y^2 = x^3 + a*x + b mod p y ^ 2 = x ^ 3 + a * x + b mod p

Curve 25519 is based on 曲线25519基于

y^2 = x^3 + 486662*x^2 + x mod p y ^ 2 = x ^ 3 + 486662 * x ^ 2 + x mod p

Unfortunately its not possible to directly support such Montgomery curves. 不幸的是,它不可能直接支持这种蒙哥马利曲线。

解决方案2
 3  2015-08-06 09:54:35

Not quite. 不完全的。 Montgomery and Weierstrass forms can be converted into each other: http://samuelkerr.com/?p=431 蒙哥马利和Weierstrass表格可以互相转换: http ://samuelkerr.com/?p = 431

However, there are various caveats getting this to work on Javacards, and part of the curve operations / conversion has to be done on a PC talking to the card. 然而,有各种注意事项可以让它在Javacards上运行,并且部分曲线操作/转换必须在与卡通信的PC上完成。 I'm currently working on this and am happy to share the code once it's actually done. 我正在努力解决这个问题,并且很乐意在实际完成后分享代码。

UPDATE: I uploaded the respective code here: https://github.com/david-oswald/jc_curve25519 更新:我在这里上传了相应的代码: https//github.com/david-oswald/jc_curve25519

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在ECDSA中使用Curve25519 - Use of Curve25519 in ECDSA 使用加密模块从 node.js 中的 Curve25519(或 X25519)非对称密钥对生成共享密钥 - Generate shared secret key from Curve25519 (or X25519) asymmetric key pairs in node.js using crypto module 如何为diffie hellman算法生成curve25519密钥对? - How to generate curve25519 key pair for diffie hellman algorithm? 曲线 25519 对称密钥与 Python - Curve 25519 Symmetric Key with Python JavaCard中的SDA和DDA有何区别? - Differents between SDA and DDA in JavaCard? JavaCard小程序不适用于RSA加密 - JavaCard applet is not working with RSA encryption 如何使用 JavaScript 库使用椭圆曲线破译加密消息? - How to decipher the encrypted message using elliptic curve using JavaScript library? 验证在 JavaCard 上签名的数据时出现 Java BadPaddingException - Java BadPaddingException when verifying data signed on a JavaCard 如何在 X25519 中为 PrivateKey 生成 PublicKey? - How to generate PublicKey for PrivateKey in X25519? 我的Javacard支持哪种加密算法 - Which encryption algorithm does my Javacard support
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM