aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJ08nY2016-11-26 19:24:37 +0100
committerJ08nY2016-11-26 19:46:32 +0100
commit1a0d0b14ff7720b98ffdda4651bf1b58d34203bd (patch)
tree325fa9160b154b543cf21419c5909aad95a815ae
parent7ef646a52fe3e470a0d283d0fb0db5265f444794 (diff)
downloadECTester-1a0d0b14ff7720b98ffdda4651bf1b58d34203bd.tar.gz
ECTester-1a0d0b14ff7720b98ffdda4651bf1b58d34203bd.tar.zst
ECTester-1a0d0b14ff7720b98ffdda4651bf1b58d34203bd.zip
Diffstat
-rw-r--r--!uploader/simpleECC.capbin9854 -> 14367 bytes
-rw-r--r--dist/SimpleAPDU.jarbin52783 -> 3071803 bytes
-rw-r--r--src/applets/ECKeyTester.java14
-rw-r--r--src/applets/SimpleECCApplet.java61
-rw-r--r--src/simpleapdu/SimpleAPDU.java52
5 files changed, 79 insertions, 48 deletions
diff --git a/!uploader/simpleECC.cap b/!uploader/simpleECC.cap
index 9d36664..7d019f4 100644
--- a/!uploader/simpleECC.cap
+++ b/!uploader/simpleECC.cap
Binary files differ
diff --git a/dist/SimpleAPDU.jar b/dist/SimpleAPDU.jar
index 3a13dc6..88b4ab9 100644
--- a/dist/SimpleAPDU.jar
+++ b/dist/SimpleAPDU.jar
Binary files differ
diff --git a/src/applets/ECKeyTester.java b/src/applets/ECKeyTester.java
index d6ff6c1..acfb64e 100644
--- a/src/applets/ECKeyTester.java
+++ b/src/applets/ECKeyTester.java
@@ -143,16 +143,12 @@ public class ECKeyTester {
short result = ISO7816.SW_NO_ERROR;
try {
ecdsaSignature.init(signKey, Signature.MODE_SIGN);
-
short sigLength = ecdsaSignature.sign(inputBuffer, inputOffset, inputLength, sigBuffer, sigOffset);
- if (sigLength != 20) { // per javacard.security.Signature an ALG_ECDSA_SHA should be 20 bytes.
- result = SimpleECCApplet.SW_SIG_LENGTH_MISMATCH;
- } else {
- ecdsaSignature.init(verifyKey, Signature.MODE_VERIFY);
- boolean correct = ecdsaSignature.verify(inputBuffer, inputOffset, inputLength, sigBuffer, sigOffset, sigLength);
- if (!correct) {
- result = SimpleECCApplet.SW_SIG_VERIFY_FAIL;
- }
+
+ ecdsaSignature.init(verifyKey, Signature.MODE_VERIFY);
+ boolean correct = ecdsaSignature.verify(inputBuffer, inputOffset, inputLength, sigBuffer, sigOffset, sigLength);
+ if (!correct) {
+ result = SimpleECCApplet.SW_SIG_VERIFY_FAIL;
}
} catch (CryptoException ce) {
result = ce.getReason();
diff --git a/src/applets/SimpleECCApplet.java b/src/applets/SimpleECCApplet.java
index 8ec9e67..9901aee 100644
--- a/src/applets/SimpleECCApplet.java
+++ b/src/applets/SimpleECCApplet.java
@@ -53,6 +53,8 @@ public class SimpleECCApplet extends Applet {
public final static byte ECTEST_SET_EXTERNALCURVE = (byte) 0xcb;
public final static byte ECTEST_GENERATE_KEYPAIR_EXTERNALCURVE = (byte) 0xcc;
public final static byte ECTEST_ECDSA_SIGNATURE = (byte) 0xcd;
+ public final static byte ECTEST_SET_INVALIDFIELD = (byte) 0xce;
+ public final static byte ECTEST_GENERATE_KEYPAIR_INVALIDFIELD = (byte) 0xcf;
public final static short FLAG_ECTEST_ALLOCATE_KEYPAIR = (short) 0x0001;
public final static short FLAG_ECTEST_GENERATE_KEYPAIR_DEFCURVE = (short) 0x0002;
@@ -62,15 +64,17 @@ public class SimpleECCApplet extends Applet {
public final static short FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE = (short) 0x0020;
public final static short FLAG_ECTEST_ECDH_AGREEMENT_VALID_POINT = (short) 0x0040;
public final static short FLAG_ECTEST_ECDH_AGREEMENT_INVALID_POINT = (short) 0x0080;
+ public final static short FLAG_ECTEST_ECDSA_SIGNATURE = (short) 0x0100;
+ public final static short FLAG_ECTEST_SET_INVALIDFIELD = (short) 0x0200;
+ public final static short FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDFIELD = (short) 0x0400;
- public final static short FLAG_ECTEST_ALL = (short) 0x00ff;
+ public final static short FLAG_ECTEST_ALL = (short) 0xffff;
public final static short SW_SKIPPED = (short) 0x0ee1;
public final static short SW_KEYPAIR_GENERATED_INVALID = (short) 0x0ee2;
public final static short SW_INVALID_CORRUPTION_TYPE = (short) 0x0ee3;
- public final static short SW_SIG_LENGTH_MISMATCH = (short) 0xee4;
- public final static short SW_SIG_VERIFY_FAIL = (short) 0xee5;
+ public final static short SW_SIG_VERIFY_FAIL = (short) 0xee4;
/*
public static final byte[] EC192_FP_PUBLICW = new byte[]{
(byte) 0x04, (byte) 0xC9, (byte) 0xC0, (byte) 0xED, (byte) 0xFB, (byte) 0x27,
@@ -325,7 +329,25 @@ public class SimpleECCApplet extends Applet {
bufferOffset += 2;
//
- // 7. Set invalid custom curve
+ // 7. ECDSA test
+ //
+ buffer[bufferOffset] = ECTEST_ECDSA_SIGNATURE;
+ bufferOffset++;
+ sw = SW_SKIPPED;
+ if ((testFlags & FLAG_ECTEST_ECDSA_SIGNATURE) != (short) 0) {
+ sw = ecKeyGenerator.generatePair();
+ ecPubKey = ecKeyGenerator.getPublicKey();
+ ecPrivKey = ecKeyGenerator.getPrivateKey();
+ if (sw == ISO7816.SW_NO_ERROR) {
+ sw = ecKeyTester.testECDSA(ecPrivKey, ecPubKey, m_ramArray2, (short) 0, (short) m_ramArray2.length, m_ramArray, (short) 0);
+ }
+
+ }
+ Util.setShort(buffer, bufferOffset, sw);
+ bufferOffset += 2;
+
+ //
+ // 8. Set invalid custom curve
//
buffer[bufferOffset] = ECTEST_SET_INVALIDCURVE;
bufferOffset++;
@@ -341,7 +363,7 @@ public class SimpleECCApplet extends Applet {
bufferOffset += 2;
//
- // 8. Generate keypair with invalid custom curve
+ // 9. Generate keypair with invalid custom curve
//
buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE;
bufferOffset++;
@@ -352,6 +374,35 @@ public class SimpleECCApplet extends Applet {
Util.setShort(buffer, bufferOffset, sw);
bufferOffset += 2;
+ //
+ // 10. Set invalid field
+ //
+ buffer[bufferOffset] = ECTEST_SET_INVALIDFIELD;
+ bufferOffset++;
+ sw = SW_SKIPPED;
+ if ((testFlags & FLAG_ECTEST_SET_INVALIDFIELD) != (short) 0) {
+ if (keyClass == KeyPair.ALG_EC_FP)
+ sw = ecKeyGenerator.setCustomInvalidCurve(keyClass, keyLen, ECKeyGenerator.KEY_BOTH, EC_Consts.PARAMETER_FP, EC_Consts.CORRUPTION_FULLRANDOM, m_ramArray, (short) 0);
+ else
+ sw = ecKeyGenerator.setCustomInvalidCurve(keyClass, keyLen, ECKeyGenerator.KEY_BOTH, EC_Consts.PARAMETER_F2M, EC_Consts.CORRUPTION_FULLRANDOM, m_ramArray, (short) 0);
+
+ if (sw != ISO7816.SW_NO_ERROR) {
+ testFlags &= ~FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDFIELD;
+ }
+ }
+ Util.setShort(buffer, bufferOffset, sw);
+ bufferOffset += 2;
+
+ // 11. Generate key with invalid field
+ buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_INVALIDFIELD;
+ bufferOffset++;
+ sw = SW_SKIPPED;
+ if ((testFlags & FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDFIELD) != (short) 0) {
+ sw = ecKeyGenerator.generatePair();
+ }
+ Util.setShort(buffer, bufferOffset, sw);
+ bufferOffset += 2;
+
return (short) (bufferOffset - baseOffset);
}
diff --git a/src/simpleapdu/SimpleAPDU.java b/src/simpleapdu/SimpleAPDU.java
index 8775217..77478a0 100644
--- a/src/simpleapdu/SimpleAPDU.java
+++ b/src/simpleapdu/SimpleAPDU.java
@@ -107,9 +107,8 @@ public class SimpleAPDU {
}
-
public static void main(String[] args) throws FileNotFoundException, IOException {
-
+ //parse cli args. Should be replaced with some cli parsing library code in the future.
boolean genKeys = false;
int genAmount = 0;
boolean testAll = false;
@@ -120,7 +119,7 @@ public class SimpleAPDU {
if (args.length >= i + 1) {
try {
genAmount = Integer.parseInt(args[i + 1]);
- }catch (NumberFormatException ignored) {
+ }catch (NumberFormatException ignored) {
//is another param, genAmount = 0 by default
genAmount = 0;
}
@@ -145,36 +144,21 @@ public class SimpleAPDU {
try {
if (testAll) {
if (cardManager.ConnectToCard()) {
- byte[] testAPDU2 = Arrays.copyOf(TESTECSUPPORT_GIVENALG, TESTECSUPPORT_GIVENALG.length);
- testAPDU2[TESTECSUPPORT_ALG_OFFSET] = KeyPair.ALG_EC_FP;
- setShort(testAPDU2, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 384);
- testSupportECGivenAlg(testAPDU2, cardManager);
-
+ // Test all default curves for both fields
testSupportECAll(cardManager);
- //
+
// Test setting invalid parameter B of curve
byte[] testAPDU = Arrays.copyOf(TESTECSUPPORTALL_FP_KEYGEN_INVALIDCURVEB, TESTECSUPPORTALL_FP_KEYGEN_INVALIDCURVEB.length);
- //testFPkeyGen_setCorruptionType(testAPDU, SimpleECCApplet.CORRUPT_B_LASTBYTEINCREMENT);
testFPkeyGen_setCorruptionType(testAPDU, EC_Consts.CORRUPTION_ONEBYTERANDOM);
- //testFPkeyGen_setCorruptionType(testAPDU, SimpleECCApplet.CORRUPT_B_FULLRANDOM);
testFPkeyGen_setNumRepeats(testAPDU, (short) 10);
testFPkeyGen_rewindOnSuccess(testAPDU, true);
+
ReconnnectToCard();
ResponseAPDU resp_fp_keygen = cardManager.sendAPDU(testAPDU);
ResponseAPDU resp_keygen_params = cardManager.sendAPDU(TESTECSUPPORTALL_LASTUSEDPARAMS);
PrintECKeyGenInvalidCurveB(resp_fp_keygen);
PrintECKeyGenInvalidCurveB_lastUserParams(resp_keygen_params);
- /*
- // Test support for different types of curves
- ReconnnectToCard();
- ResponseAPDU resp_fp = cardManager.sendAPDU(TESTECSUPPORTALL_FP);
- ReconnnectToCard();
- ResponseAPDU resp_f2m = cardManager.sendAPDU(TESTECSUPPORTALL_F2M);
- PrintECSupport(resp_fp);
- PrintECSupport(resp_f2m);
- */
-
cardManager.DisconnectFromCard();
} else {
m_SystemOutLogger.println("Failed to connect to card");
@@ -275,9 +259,6 @@ public class SimpleAPDU {
if (code == SimpleECCApplet.SW_INVALID_CORRUPTION_TYPE) {
codeStr = "SW_INVALID_CORRUPTION_TYPE";
}
- if (code == SimpleECCApplet.SW_SIG_LENGTH_MISMATCH) {
- codeStr = "SW_SIG_LENGTH_MISMATCH";
- }
if (code == SimpleECCApplet.SW_SIG_VERIFY_FAIL) {
codeStr = "SW_SIG_VERIFY_FAIL";
}
@@ -286,7 +267,7 @@ public class SimpleAPDU {
}
enum ExpResult {
- SHOULD_SUCCEDD,
+ SHOULD_SUCCEED,
MAY_FAIL,
MUST_FAIL
}
@@ -307,7 +288,7 @@ public class SimpleAPDU {
if ((expRes == ExpResult.MUST_FAIL) && (resCode == ISO7816.SW_NO_ERROR)) {
bHiglight = true;
}
- if ((expRes == ExpResult.SHOULD_SUCCEDD) && (resCode != ISO7816.SW_NO_ERROR)) {
+ if ((expRes == ExpResult.SHOULD_SUCCEED) && (resCode != ISO7816.SW_NO_ERROR)) {
bHiglight = true;
}
if (bHiglight) {
@@ -341,14 +322,17 @@ public class SimpleAPDU {
m_SystemOutLogger.println(String.format("%-53s%d bits", "EC key length (bits):", keyLen));
bufferOffset += 2;
- bufferOffset = VerifyPrintResult("KeyPair object allocation:", SimpleECCApplet.ECTEST_ALLOCATE_KEYPAIR, buffer, bufferOffset, ExpResult.SHOULD_SUCCEDD);
+ bufferOffset = VerifyPrintResult("KeyPair object allocation:", SimpleECCApplet.ECTEST_ALLOCATE_KEYPAIR, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED);
bufferOffset = VerifyPrintResult("Generate key with def curve (fails if no def):", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_DEFCURVE, buffer, bufferOffset, ExpResult.MAY_FAIL);
- bufferOffset = VerifyPrintResult("Set valid custom curve:", SimpleECCApplet.ECTEST_SET_VALIDCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEDD);
- bufferOffset = VerifyPrintResult("Generate key with valid curve:", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEDD);
- bufferOffset = VerifyPrintResult("ECDH agreement with valid point:", SimpleECCApplet.ECTEST_ECDH_AGREEMENT_VALID_POINT, buffer, bufferOffset, ExpResult.SHOULD_SUCCEDD);
+ bufferOffset = VerifyPrintResult("Set valid custom curve:", SimpleECCApplet.ECTEST_SET_VALIDCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED);
+ bufferOffset = VerifyPrintResult("Generate key with valid curve:", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED);
+ bufferOffset = VerifyPrintResult("ECDH agreement with valid point:", SimpleECCApplet.ECTEST_ECDH_AGREEMENT_VALID_POINT, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED);
bufferOffset = VerifyPrintResult("ECDH agreement with invalid point (fail is good):", SimpleECCApplet.ECTEST_ECDH_AGREEMENT_INVALID_POINT, buffer, bufferOffset, ExpResult.MUST_FAIL);
+ bufferOffset = VerifyPrintResult("ECDSA signature on random data:", SimpleECCApplet.ECTEST_ECDSA_SIGNATURE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED);
bufferOffset = VerifyPrintResult("Set invalid custom curve (may fail):", SimpleECCApplet.ECTEST_SET_INVALIDCURVE, buffer, bufferOffset, ExpResult.MAY_FAIL);
bufferOffset = VerifyPrintResult("Generate key with invalid curve (fail is good):", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE, buffer, bufferOffset, ExpResult.MUST_FAIL);
+ bufferOffset = VerifyPrintResult("Set invalid field (may fail):", SimpleECCApplet.ECTEST_SET_INVALIDFIELD, buffer, bufferOffset, ExpResult.MAY_FAIL);
+ bufferOffset = VerifyPrintResult("Generate key with invalid field (fail si good):", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_INVALIDFIELD, buffer, bufferOffset, ExpResult.MUST_FAIL);
m_SystemOutLogger.println();
}
@@ -380,15 +364,15 @@ public class SimpleAPDU {
bufferOffset += 2;
m_SystemOutLogger.println(String.format("%-53s%d times", "Executed repeats before unexpected error: ", numRepeats));
- bufferOffset = VerifyPrintResult("KeyPair object allocation:", SimpleECCApplet.ECTEST_ALLOCATE_KEYPAIR, buffer, bufferOffset, ExpResult.SHOULD_SUCCEDD);
+ bufferOffset = VerifyPrintResult("KeyPair object allocation:", SimpleECCApplet.ECTEST_ALLOCATE_KEYPAIR, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED);
while (bufferOffset < buffer.length) {
- bufferOffset = VerifyPrintResult("Set invalid custom curve:", SimpleECCApplet.ECTEST_SET_INVALIDCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEDD);
+ bufferOffset = VerifyPrintResult("Set invalid custom curve:", SimpleECCApplet.ECTEST_SET_INVALIDCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED);
bufferOffset = VerifyPrintResult("Generate key with invalid curve (fail is good):", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE, buffer, bufferOffset, ExpResult.MUST_FAIL);
if (buffer[bufferOffset] == SimpleECCApplet.ECTEST_DH_GENERATESECRET) {
bufferOffset = VerifyPrintResult("ECDH agreement with invalid point (fail is good):", SimpleECCApplet.ECTEST_DH_GENERATESECRET, buffer, bufferOffset, ExpResult.MUST_FAIL);
}
- bufferOffset = VerifyPrintResult("Set valid custom curve:", SimpleECCApplet.ECTEST_SET_VALIDCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEDD);
- bufferOffset = VerifyPrintResult("Generate key with valid curve:", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEDD);
+ bufferOffset = VerifyPrintResult("Set valid custom curve:", SimpleECCApplet.ECTEST_SET_VALIDCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED);
+ bufferOffset = VerifyPrintResult("Generate key with valid curve:", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED);
}
m_SystemOutLogger.println();
generated by cgit v1.2.3-70-g09d2 (git 2.51.2) at 2025-11-08 21:54:19 +0000