diff options
| author | petrs | 2017-01-16 07:58:07 +0100 |
|---|---|---|
| committer | petrs | 2017-01-16 07:58:07 +0100 |
| commit | 329818bff525e55a8f2e3124facb115473fb1691 (patch) | |
| tree | ce73c11b89bdbe4d7f406d855a754a0dc4f2c362 | |
| parent | 185e598ffcddf4e2a7341e4646f577a003c67263 (diff) | |
| parent | da1ee8381f2f7eaf1cfcd4941ec9f95287435625 (diff) | |
| download | ECTester-329818bff525e55a8f2e3124facb115473fb1691.tar.gz ECTester-329818bff525e55a8f2e3124facb115473fb1691.tar.zst ECTester-329818bff525e55a8f2e3124facb115473fb1691.zip | |
| -rwxr-xr-x | !uploader/gppro_upload.sh | 7 | ||||
| -rwxr-xr-x | !uploader/gppro_upload_emv.sh | 8 | ||||
| -rw-r--r-- | !uploader/simpleECC.cap | bin | 9854 -> 18330 bytes | |||
| -rw-r--r-- | README.md | 39 | ||||
| -rw-r--r-- | dist/SimpleAPDU.jar | bin | 52783 -> 471079 bytes | |||
| -rw-r--r-- | jcbuild.xml | 2 | ||||
| -rw-r--r-- | lib/commons-cli-1.3.1-javadoc.jar | bin | 0 -> 169756 bytes | |||
| -rw-r--r-- | lib/commons-cli-1.3.1.jar | bin | 0 -> 52988 bytes | |||
| -rw-r--r-- | src/applets/ECKeyGenerator.java | 276 | ||||
| -rw-r--r-- | src/applets/ECKeyTester.java | 177 | ||||
| -rw-r--r-- | src/applets/EC_Consts.java | 2448 | ||||
| -rw-r--r-- | src/applets/SimpleECCApplet.java | 1028 | ||||
| -rw-r--r-- | src/simpleapdu/CardMngr.java | 7 | ||||
| -rw-r--r-- | src/simpleapdu/DirtyLogger.java | 12 | ||||
| -rw-r--r-- | src/simpleapdu/SimpleAPDU.java | 501 |
15 files changed, 3267 insertions, 1238 deletions
diff --git a/!uploader/gppro_upload.sh b/!uploader/gppro_upload.sh new file mode 100755 index 0000000..faeaf24 --- /dev/null +++ b/!uploader/gppro_upload.sh @@ -0,0 +1,7 @@ +#!/bin/bash +java -jar gp.jar -delete 4543546573746572 -deletedeps -verbose +java -jar gp.jar -deletedeps -verbose -delete 4A43416C6754657374 + +java -jar gp.jar -install simpleECC.cap -verbose + + diff --git a/!uploader/gppro_upload_emv.sh b/!uploader/gppro_upload_emv.sh new file mode 100755 index 0000000..9a51cd9 --- /dev/null +++ b/!uploader/gppro_upload_emv.sh @@ -0,0 +1,8 @@ +java -jar gp.jar -deletedeps -verbose -emv -delete 4C6162616B417070 +java -jar gp.jar -deletedeps -verbose -emv -delete 4A43416C6754657374 +java -jar gp.jar -deletedeps -verbose -emv -delete 4543546573746572 + + +java -jar gp.jar -install simpleECC.cap -verbose -emv -d + + diff --git a/!uploader/simpleECC.cap b/!uploader/simpleECC.cap Binary files differindex 9d36664..886ce88 100644 --- a/!uploader/simpleECC.cap +++ b/!uploader/simpleECC.cap @@ -6,7 +6,7 @@ Tests support and behavior of smartcards with JavaCard platform with focus on El Usage ------ 1. Upload simpleECC.cap using your favorite tool (e.g., [GlobalPlatformPro tool](https://github.com/martinpaljak/GlobalPlatform)) -2. Run java -jar SimpleAPDU.jar +2. Run `java -jar SimpleAPDU.jar` 3. Inspect output log with annotated results Following operations are tested: @@ -14,24 +14,33 @@ Following operations are tested: - Generation of keypair with default curve - Setting of custom curve and keypair generation - Generation of shared secret via ECDH -- Behavior of card when invalid curves/points are provided (shoudl fail) +- Signature via ECDSA +- Behavior of card when invalid curves/points are provided (should fail) + +See `java -jar SimpleAPDU.jar -h` for more. Example output -------------- - EC type: ALG_EC_FP - EC key length (bits): 224 bits - KeyPair object allocation: OK (0x9000) - Generate key with def curve (fails if no def): fail (ILLEGAL_VALUE, 0x1) - Set valid custom curve: OK (0x9000) - Generate key with valid curve: OK (0x9000) - !!ECDH agreement with valid point: fail (0x6f00) - ECDH agreement with invalid point (fail is good): fail (unknown, 0x6f00) - Set invalid custom curve (fail is good): fail (ILLEGAL_VALUE, 0x1) - Generate key with invalid curve (fail is good): fail (skipped, 0xee1) - - -*Explanation: ALG_EC_FP with 224b curve was tested. Is supported by card (KeyPair object allocation: OK), don't have preset default curve (Generate key with def curve: fail), custom curve can be set (Set valid custom curve: OK), new keypair can be generated (Generate key with valid curve: OK), ECDH key agreement failed to execute (ECDH agreement with valid point: fail) altough it was supposed to suceed (log line is therefore marked with !!), ECDH wil fail (expected behavior) if invalid point is provided (ECDH agreement with invalid point: fail), invalid custom curve cannot be set (expected behavior) (Set invalid custom curve: fail) and new keypair cannot be generated with invalid curve (Generate key with invalid curve: skipped) - last test was skipped as invalid curve canot be set.* + ### Test for support and with valid and invalid EC curves + EC type: ALG_EC_FP + EC key length (bits): 256 bits + KeyPair object allocation: OK (0x9000) + Generate key with def curve (fails if no def): OK (0x9000) + Set valid custom curve: OK (0x9000) + Generate key with valid curve: OK (0x9000) + !! ECDH agreement with valid point: fail (unknown, 0x6f00) + ECDH agreement with invalid point (fail is good): fail (ILLEGAL_VALUE, 0x 1) + ECDSA signature on random data: OK (0x9000) + Set anomalous custom curve (may fail): OK (0x9000) + Generate key with anomalous curve (may fail): fail (unknown, 0x6f00) + ECDH agreement with small order point (fail is good):fail (skipped, 0x ee1) + Set invalid custom curve (may fail): OK (0x9000) + Generate key with invalid curve (fail is good): fail (unknown, 0x6f00) + Set invalid field (may fail): OK (0x9000) + Generate key with invalid field (fail si good): fail (unknown, 0x6f00) + +*Explanation: ALG_EC_FP with 256b curve was tested. Is supported by card (KeyPair object allocation: OK), don't have preset default curve (Generate key with def curve: fail), custom curve can be set (Set valid custom curve: OK), new keypair can be generated (Generate key with valid curve: OK), ECDH key agreement failed to execute (ECDH agreement with valid point: fail) although it was supposed to succeed (log line is therefore marked with !!), ECDH wil fail (expected behavior) if invalid point is provided (ECDH agreement with invalid point: fail), ECDSA signature worked and verified correctly (ECDSA signature on random data: OK), anomalous curve can be set (Set anomalous custom curve: OK), however generating a key on it will fail (Generate key with anomalous curve: fail), ECDH with small-order public key provided will fail as intended (ECDH agreement with small order point: fail), invalid custom curve could be set (Set invalid custom curve: OK), new keypair cannot be generated with invalid curve (Generate key with invalid curve: fail), invalid field (non-prime) could be set (Set invalid field: OK), however a key could not be generated (Generate key with invalid field: fail).* If you are interested in testing support for other JavaCard algorithms, please visit JCAlgTester project: https://github.com/crocs-muni/JCAlgTest diff --git a/dist/SimpleAPDU.jar b/dist/SimpleAPDU.jar Binary files differindex 3a13dc6..be5599a 100644 --- a/dist/SimpleAPDU.jar +++ b/dist/SimpleAPDU.jar diff --git a/jcbuild.xml b/jcbuild.xml index 014117c..70d5370 100644 --- a/jcbuild.xml +++ b/jcbuild.xml @@ -16,7 +16,7 @@ <target name="SimpleECC"> <javacard jckit="${JC221}"> - <cap output="!uploader\simpleECC.cap" sources="src\applets" aid="4543546573746572" > + <cap output="!uploader/simpleECC.cap" sources="src/applets" aid="4543546573746572" > <applet class="applets.SimpleECCApplet" aid="45435465737465723031"/> </cap> </javacard> diff --git a/lib/commons-cli-1.3.1-javadoc.jar b/lib/commons-cli-1.3.1-javadoc.jar Binary files differnew file mode 100644 index 0000000..c741ec4 --- /dev/null +++ b/lib/commons-cli-1.3.1-javadoc.jar diff --git a/lib/commons-cli-1.3.1.jar b/lib/commons-cli-1.3.1.jar Binary files differnew file mode 100644 index 0000000..c3e7a1f --- /dev/null +++ b/lib/commons-cli-1.3.1.jar diff --git a/src/applets/ECKeyGenerator.java b/src/applets/ECKeyGenerator.java new file mode 100644 index 0000000..2eb5679 --- /dev/null +++ b/src/applets/ECKeyGenerator.java @@ -0,0 +1,276 @@ +package applets; + +import javacard.framework.ISO7816; +import javacard.framework.ISOException; +import javacard.framework.Util; +import javacard.security.CryptoException; +import javacard.security.ECPrivateKey; +import javacard.security.ECPublicKey; +import javacard.security.KeyPair; + +/** + * + */ +public class ECKeyGenerator { + + private KeyPair ecKeyPair = null; + private ECPrivateKey ecPrivateKey = null; + private ECPublicKey ecPublicKey = null; + + public static final byte KEY_PUBLIC = 0x01; + public static final byte KEY_PRIVATE = 0x02; + public static final byte KEY_BOTH = KEY_PUBLIC | KEY_PRIVATE; + + + public short allocatePair(byte keyClass, short keyLength) { + short result = ISO7816.SW_NO_ERROR; + try { + ecKeyPair = new KeyPair(keyClass, keyLength); + ecPublicKey = (ECPublicKey) ecKeyPair.getPublic(); + ecPrivateKey = (ECPrivateKey) ecKeyPair.getPrivate(); + } catch (CryptoException ce) { + result = ce.getReason(); + } catch (Exception e) { + result = ISO7816.SW_UNKNOWN; + } + return result; + } + + public boolean isAllocated() { + return ecKeyPair != null; + } + + public short generatePair() { + short result = ISO7816.SW_NO_ERROR; + try { + ecKeyPair.genKeyPair(); + ecPublicKey = (ECPublicKey) ecKeyPair.getPublic(); + ecPrivateKey = (ECPrivateKey) ecKeyPair.getPrivate(); + } catch (CryptoException ce) { + result = ce.getReason(); + } catch (Exception e) { + result = ISO7816.SW_UNKNOWN; + } + return result; + } + + public short setCustomCurve(byte keyClass, short keyLength, byte[] buffer, short offset) { + return setCustomCurve(EC_Consts.getCurve(keyClass, keyLength), buffer, offset); + } + + public short setCustomCurve(byte curve, byte[] buffer, short offset) { + byte alg = EC_Consts.getCurveType(curve); + short sw = ISO7816.SW_NO_ERROR; + short length; + if (alg == KeyPair.ALG_EC_FP) { + length = EC_Consts.getCurveParameter(curve, EC_Consts.PARAMETER_FP, buffer, offset); + sw = setParameter(KEY_BOTH, EC_Consts.PARAMETER_FP, buffer, offset, length); + } else if (alg == KeyPair.ALG_EC_F2M) { + length = EC_Consts.getCurveParameter(curve, EC_Consts.PARAMETER_F2M, buffer, offset); + sw = setParameter(KEY_BOTH, EC_Consts.PARAMETER_F2M, buffer, offset, length); + } + if (sw != ISO7816.SW_NO_ERROR) return sw; + + //go through all params + short param = EC_Consts.PARAMETER_A; + while (param <= EC_Consts.PARAMETER_K) { + length = EC_Consts.getCurveParameter(curve, param, buffer, offset); + sw = setParameter(KEY_BOTH, param, buffer, offset, length); + if (sw != ISO7816.SW_NO_ERROR) break; + param = (short) (param << 1); + } + return sw; + } + + public short setCustomInvalidCurve(short keyClass, short keyLength, byte key, short param, short corruptionType, byte[] buffer, short offset) { + return setCustomInvalidCurve(EC_Consts.getCurve(keyClass, keyLength), key, param, corruptionType, buffer, offset); + } + + public short setCustomInvalidCurve(byte curve, byte key, short param, short corruptionType, byte[] buffer, short offset) { + short sw = setCustomCurve(curve, buffer, offset); + if (sw != ISO7816.SW_NO_ERROR) return sw; + + //go through param bit by bit, and invalidate all selected params + short paramMask = 0x01; + while (paramMask <= EC_Consts.PARAMETER_K) { + short masked = (short) (paramMask & param); + if (masked != 0) { + short length = EC_Consts.getCorruptCurveParameter(curve, masked, buffer, offset, corruptionType); + sw = setParameter(key, masked, buffer, offset, length); + if (sw != ISO7816.SW_NO_ERROR) return sw; + } + paramMask = (short) (paramMask << 1); + } + return sw; + } + + public short setCustomAnomalousCurve(short keyClass, short keyLength, byte[] buffer, short offset) { + return setCustomCurve(EC_Consts.getAnomalousCurve(keyClass, keyLength), buffer, offset); + } + + public short setParameter(byte key, short param, byte[] data, short offset, short length) { + short result = ISO7816.SW_NO_ERROR; + try { + switch (param) { + case EC_Consts.PARAMETER_FP: { + if ((key & KEY_PUBLIC) != 0) ecPublicKey.setFieldFP(data, offset, length); + if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setFieldFP(data, offset, length); + break; + } + case EC_Consts.PARAMETER_F2M: { + if (length == 2) { + short i = Util.makeShort(data[offset], data[(short) (offset + 1)]); + if ((key & KEY_PUBLIC) != 0) ecPublicKey.setFieldF2M(i); + if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setFieldF2M(i); + } else if (length == 6) { + short i1 = Util.makeShort(data[offset], data[(short) (offset + 1)]); + short i2 = Util.makeShort(data[(short) (offset + 2)], data[(short) (offset + 3)]); + short i3 = Util.makeShort(data[(short) (offset + 4)], data[(short) (offset + 5)]); + if ((key & KEY_PUBLIC) != 0) ecPublicKey.setFieldF2M(i1, i2, i3); + if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setFieldF2M(i1, i2, i3); + } else { + result = ISO7816.SW_UNKNOWN; + } + break; + } + case EC_Consts.PARAMETER_A: { + if ((key & KEY_PUBLIC) != 0) ecPublicKey.setA(data, offset, length); + if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setA(data, offset, length); + break; + } + case EC_Consts.PARAMETER_B: { + if ((key & KEY_PUBLIC) != 0) ecPublicKey.setB(data, offset, length); + if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setB(data, offset, length); + break; + } + case EC_Consts.PARAMETER_G: { + if ((key & KEY_PUBLIC) != 0) ecPublicKey.setG(data, offset, length); + if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setG(data, offset, length); + break; + } + case EC_Consts.PARAMETER_R: { + if ((key & KEY_PUBLIC) != 0) ecPublicKey.setR(data, offset, length); + if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setR(data, offset, length); + break; + } + case EC_Consts.PARAMETER_K: { + if (length != 2) { + result = ISO7816.SW_UNKNOWN; + } else { + short k = Util.getShort(data, offset); + if ((key & KEY_PUBLIC) != 0) ecPublicKey.setK(k); + if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setK(k); + } + break; + } + case EC_Consts.PARAMETER_S: + if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setS(data, offset, length); + break; + case EC_Consts.PARAMETER_W: + if ((key & KEY_PUBLIC) != 0) ecPublicKey.setW(data, offset, length); + break; + default: { + ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); + } + } + } catch (CryptoException ce) { + result = ce.getReason(); + } catch (Exception e) { + result = ISO7816.SW_UNKNOWN; + } + return result; + } + + public short setExternalCurve(byte key, byte keyClass, byte[] buffer, short offset, short fieldLength, short aLength, short bLength, short gxLength, short gyLength, short rLength) { + short sw = ISO7816.SW_NO_ERROR; + if (keyClass == KeyPair.ALG_EC_FP) { + sw = setParameter(key, EC_Consts.PARAMETER_FP, buffer, offset, fieldLength); + } else if (keyClass == KeyPair.ALG_EC_F2M) { + sw = setParameter(key, EC_Consts.PARAMETER_F2M, buffer, offset, fieldLength); + } + if (sw != ISO7816.SW_NO_ERROR) return sw; + + offset += fieldLength; + + //go through all params + sw = setParameter(key, EC_Consts.PARAMETER_A, buffer, offset, aLength); + if (sw != ISO7816.SW_NO_ERROR) return sw; + offset += aLength; + sw = setParameter(key, EC_Consts.PARAMETER_B, buffer, offset, bLength); + if (sw != ISO7816.SW_NO_ERROR) return sw; + offset += bLength; + + sw = setParameter(key, EC_Consts.PARAMETER_G, buffer, offset, (short) (gxLength + gyLength)); + if (sw != ISO7816.SW_NO_ERROR) return sw; + offset += gxLength + gyLength; + + + sw = setParameter(key, EC_Consts.PARAMETER_R, buffer, offset, aLength); + if (sw != ISO7816.SW_NO_ERROR) return sw; + offset += rLength; + + sw = setParameter(key, EC_Consts.PARAMETER_K, buffer, offset, (short) 2); + return sw; + } + + public short exportParameter(byte key, short param, byte[] outputBuffer, short outputOffset) { + if (key == KEY_BOTH) { + ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); + } + short length = 0; + try { + switch (param) { + case EC_Consts.PARAMETER_FP: + case EC_Consts.PARAMETER_F2M: + if ((key & KEY_PUBLIC) != 0) length = ecPublicKey.getField(outputBuffer, outputOffset); + if ((key & KEY_PRIVATE) != 0) length = ecPrivateKey.getField(outputBuffer, outputOffset); + break; + case EC_Consts.PARAMETER_A: + if ((key & KEY_PUBLIC) != 0) length = ecPublicKey.getA(outputBuffer, outputOffset); + if ((key & KEY_PRIVATE) != 0) length = ecPrivateKey.getA(outputBuffer, outputOffset); + break; + case EC_Consts.PARAMETER_B: + if ((key & KEY_PUBLIC) != 0) length = ecPublicKey.getB(outputBuffer, outputOffset); + if ((key & KEY_PRIVATE) != 0) length = ecPrivateKey.getB(outputBuffer, outputOffset); + break; + case EC_Consts.PARAMETER_G: + if ((key & KEY_PUBLIC) != 0) length = ecPublicKey.getG(outputBuffer, outputOffset); + if ((key & KEY_PRIVATE) != 0) length = ecPrivateKey.getG(outputBuffer, outputOffset); + break; + case EC_Consts.PARAMETER_R: + if ((key & KEY_PUBLIC) != 0) length = ecPublicKey.getR(outputBuffer, outputOffset); + if ((key & KEY_PRIVATE) != 0) length = ecPrivateKey.getR(outputBuffer, outputOffset); + break; + case EC_Consts.PARAMETER_K: + if ((key & KEY_PUBLIC) != 0) Util.setShort(outputBuffer, outputOffset, ecPublicKey.getK()); + if ((key & KEY_PRIVATE) != 0) Util.setShort(outputBuffer, outputOffset, ecPrivateKey.getK()); + length = 2; + break; + case EC_Consts.PARAMETER_S: + if ((key & KEY_PRIVATE) != 0) length = ecPrivateKey.getS(outputBuffer, outputOffset); + break; + case EC_Consts.PARAMETER_W: + if ((key & KEY_PUBLIC) != 0) length = ecPublicKey.getW(outputBuffer, outputOffset); + default: + ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); + } + } catch (CryptoException ce) { + ISOException.throwIt(ce.getReason()); + } catch (Exception e) { + ISOException.throwIt(ISO7816.SW_UNKNOWN); + } + return length; + } + + public ECPrivateKey getPrivateKey() { + return ecPrivateKey; + } + + public ECPublicKey getPublicKey() { + return ecPublicKey; + } + + public KeyPair getKeyPair() { + return ecKeyPair; + } +} diff --git a/src/applets/ECKeyTester.java b/src/applets/ECKeyTester.java new file mode 100644 index 0000000..9dd0fd5 --- /dev/null +++ b/src/applets/ECKeyTester.java @@ -0,0 +1,177 @@ +package applets; + + +import javacard.framework.ISO7816; +import javacard.security.*; + +/** + * Class capable of testing ECDH/C and ECDSA. + * Note that ECDH and ECDHC output should equal, only the algorithm is different. + */ +public class ECKeyTester { + private KeyAgreement ecdhKeyAgreement = null; + private KeyAgreement ecdhcKeyAgreement = null; + private Signature ecdsaSignature = null; + + public short allocateECDH() { + short result = ISO7816.SW_NO_ERROR; + try { + ecdhKeyAgreement = KeyAgreement.getInstance(KeyAgreement.ALG_EC_SVDP_DH, false); + } catch (CryptoException ce) { + result = ce.getReason(); + } catch (Exception e) { + result = ISO7816.SW_UNKNOWN; + } + return result; + } + + public short allocateECDHC() { + short result = ISO7816.SW_NO_ERROR; + try { + ecdhcKeyAgreement = KeyAgreement.getInstance(KeyAgreement.ALG_EC_SVDP_DHC, false); + } catch (CryptoException ce) { + result = ce.getReason(); + } catch (Exception e) { + result = ISO7816.SW_UNKNOWN; + } + return result; + } + + public short allocateECDSA() { + short result = ISO7816.SW_NO_ERROR; + try { + ecdsaSignature = Signature.getInstance(Signature.ALG_ECDSA_SHA, false); + } catch (CryptoException ce) { + result = ce.getReason(); + } catch (Exception e) { + result = ISO7816.SW_UNKNOWN; + } + return result; + } + + private short testKA(KeyAgreement ka, ECPrivateKey privateKey, byte[] pubkeyBuffer, short pubkeyOffset, short pubkeyLength, byte[] outputBuffer, short outputOffset) { + short result = ISO7816.SW_NO_ERROR; + try { + ka.init(privateKey); + + short secretLength = ka.generateSecret(pubkeyBuffer, pubkeyOffset, pubkeyLength, outputBuffer, outputOffset); + //TODO, figure out how to separate the return value of this method (short) error, and return the secretLenght.. + } catch (CryptoException ce) { + result = ce.getReason(); + } catch (Exception e) { + result = ISO7816.SW_UNKNOWN; + } + return result; + } + + private short testKA_validPoint(KeyAgreement ka, ECPrivateKey privateKey, byte[] pubkeyBuffer, short pubkeyOffset, short pubkeyLength, byte[] outputBuffer, short outputOffset) { + return testKA(ka, privateKey, pubkeyBuffer, pubkeyOffset, pubkeyLength, outputBuffer, outputOffset); + } + + private short testKA_invalidPoint(KeyAgreement ka, ECPrivateKey privateKey, byte[] pubkeyBuffer, short pubkeyOffset, short pubkeyLength, byte[] outputBuffer, short outputOffset) { + pubkeyBuffer[(short)(pubkeyLength - 2)] += 0xcc; + pubkeyBuffer[(short)(pubkeyLength - 3)] += 0xcc; + short result = testKA(ka, privateKey, pubkeyBuffer, pubkeyOffset, pubkeyLength, outputBuffer, outputOffset); + pubkeyBuffer[(short)(pubkeyLength - 2)] -= 0xcc; + pubkeyBuffer[(short)(pubkeyLength - 3)] -= 0xcc; + return result; + } + + public short testECDH(ECPrivateKey privateKey, byte[] pubkeyBuffer, short pubkeyOffset, short pubkeyLength, byte[] outputBuffer, short outputOffset) { + return testKA(ecdhKeyAgreement, privateKey, pubkeyBuffer, pubkeyOffset, pubkeyLength, outputBuffer, outputOffset); + } + + /** + * Tests ECDH secret generation with given {@code privateKey} and {@code publicKey}. + * Uses {@code pubkeyBuffer} at {@code pubkeyOffset} for computations. + * Output should equal with ECDHC output. + * @param privateKey + * @param publicKey + * @param pubkeyBuffer + * @param pubkeyOffset + * @param outputBuffer + * @param outputOffset + * @return ISO7816.SW_NO_ERROR on correct operation, + * exception reason otherwise + **/ + public short testECDH_validPoint(ECPrivateKey privateKey, ECPublicKey publicKey, byte[] pubkeyBuffer, short pubkeyOffset, byte[] outputBuffer, short outputOffset) { + short length = publicKey.getW(pubkeyBuffer, pubkeyOffset); + return testKA_validPoint(ecdhKeyAgreement, privateKey, pubkeyBuffer, pubkeyOffset, length, outputBuffer, outputOffset); + } + + public short testECDH_invalidPoint(ECPrivateKey privateKey, ECPublicKey publicKey, byte[] pubkeyBuffer, short pubkeyOffset, byte[] outputBuffer, short outputOffset) { + short length = publicKey.getW(pubkeyBuffer, pubkeyOffset); + return testKA_invalidPoint(ecdhKeyAgreement, privateKey, pubkeyBuffer, pubkeyOffset, length, outputBuffer, outputOffset); + } + + + /** + * Tests ECDHC secret generation with given {@code privateKey} and {@code publicKey}. + * Uses {@code pubkeyBuffer} at {@code pubkeyOffset} for computations. + * Output should equal to ECDH output. + * @param privateKey + * @param publicKey + * @param pubkeyBuffer + * @param pubkeyOffset + * @param outputBuffer + * @param outputOffset + * @return ISO7816.SW_NO_ERROR on correct operation, + * exception reason otherwise + */ + public short testECDHC_validPoint(ECPrivateKey privateKey, ECPublicKey publicKey, byte[] pubkeyBuffer, short pubkeyOffset, byte[] outputBuffer, short outputOffset) { + short length = publicKey.getW(pubkeyBuffer, pubkeyOffset); + return testKA_validPoint(ecdhcKeyAgreement, privateKey, pubkeyBuffer, pubkeyOffset, length, outputBuffer, outputOffset); + } + + public short testECDHC_invalidPoint(ECPrivateKey privateKey, ECPublicKey publicKey, byte[] pubkeyBuffer, short pubkeyOffset, byte[] outputBuffer, short outputOffset) { + short length = publicKey.getW(pubkeyBuffer, pubkeyOffset); + return testKA_invalidPoint(ecdhcKeyAgreement, privateKey, pubkeyBuffer, pubkeyOffset, length, outputBuffer, outputOffset); + } + + /** + * Uses {@code signKey} to sign data from {@code inputBuffer} at {@code inputOffset} with {@code inputOffset}. + * Then checks for correct signature length. + * Then tries verifying the data with {@code verifyKey}. + * @param signKey + * @param verifyKey + * @param inputBuffer + * @param inputOffset + * @param inputLength + * @param sigBuffer + * @param sigOffset + * @return ISO7816.SW_NO_ERROR on correct operation, + * SW_SIG_VERIFY_FAIL, + * SW_SIG_LENGTH_MISMATCH + */ + public short testECDSA(ECPrivateKey signKey, ECPublicKey verifyKey, byte[] inputBuffer, short inputOffset, short inputLength, byte[] sigBuffer, short sigOffset) { + short result = ISO7816.SW_NO_ERROR; + try { + ecdsaSignature.init(signKey, Signature.MODE_SIGN); + short sigLength = ecdsaSignature.sign(inputBuffer, inputOffset, inputLength, sigBuffer, sigOffset); + + ecdsaSignature.init(verifyKey, Signature.MODE_VERIFY); + boolean correct = ecdsaSignature.verify(inputBuffer, inputOffset, inputLength, sigBuffer, sigOffset, sigLength); + if (!correct) { + result = SimpleECCApplet.SW_SIG_VERIFY_FAIL; + } + } catch (CryptoException ce) { + result = ce.getReason(); + } catch (Exception e) { + result = ISO7816.SW_UNKNOWN; + } + return result; + } + + public KeyAgreement getECDH() { + return ecdhKeyAgreement; + } + + public KeyAgreement getECDHC() { + return ecdhcKeyAgreement; + } + + public Signature getECDSA() { + return ecdsaSignature; + } + +} diff --git a/src/applets/EC_Consts.java b/src/applets/EC_Consts.java index b607921..d1f6842 100644 --- a/src/applets/EC_Consts.java +++ b/src/applets/EC_Consts.java @@ -3,644 +3,2018 @@ package applets; import javacard.framework.ISO7816; import javacard.framework.ISOException; import javacard.framework.Util; -import javacard.security.ECPrivateKey; -import javacard.security.ECPublicKey; import javacard.security.KeyPair; import javacard.security.RandomData; public class EC_Consts { + + private static byte[] EC_FP_P = null; //p + private static byte[] EC_A = null; //a + private static byte[] EC_B = null; //b + private static byte[] EC_G_X = null; //G[x,y] + private static byte[] EC_G_Y = null; // + private static byte[] EC_R = null; //n + private static short EC_K = 1; //h + + private static byte[] EC_W_X = null; //Pubkey[x,y] + private static byte[] EC_W_Y = null; + private static byte[] EC_S = null; //Private + + private static byte[] EC_F2M_F2M = null; //[short i1, short i2, short i3], f = x^m + x^i1 + x^i2 + x^i3 + 1 + + public static final short PARAMETER_FP = 0x0001; + public static final short PARAMETER_F2M = 0x0002; + + public static final short PARAMETER_A = 0x0004; + public static final short PARAMETER_B = 0x0008; + public static final short PARAMETER_G = 0x0010; + public static final short PARAMETER_R = 0x0020; + public static final short PARAMETER_K = 0x0040; + public static final short PARAMETER_S = 0x0080; + public static final short PARAMETER_W = 0x0100; + + public static RandomData m_random = null; + public static final byte TAG_ECPUBKEY = (byte) 0x41; public static final byte TAG_ECPRIVKEY = (byte) 0x42; - - public static byte[] EC_FP_P = null; - public static byte[] EC_FP_A = null; - public static byte[] EC_FP_B = null; - public static byte[] EC_FP_G_X = null; - public static byte[] EC_FP_G_Y = null; - public static byte[] EC_FP_R = null; - public static short EC_FP_K = 1; - - public static RandomData m_random = null; + // secp128r1 public static final byte[] EC128_FP_P = new byte[]{ - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFD, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF}; - + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFD, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF}; + public static final byte[] EC128_FP_A = new byte[]{ - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFD, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFC}; - + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFD, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFC}; + public static final byte[] EC128_FP_B = new byte[]{ - (byte) 0xE8, (byte) 0x75, (byte) 0x79, (byte) 0xC1, - (byte) 0x10, (byte) 0x79, (byte) 0xF4, (byte) 0x3D, - (byte) 0xD8, (byte) 0x24, (byte) 0x99, (byte) 0x3C, - (byte) 0x2C, (byte) 0xEE, (byte) 0x5E, (byte) 0xD3}; - + (byte) 0xE8, (byte) 0x75, (byte) 0x79, (byte) 0xC1, + (byte) 0x10, (byte) 0x79, (byte) 0xF4, (byte) 0x3D, + (byte) 0xD8, (byte) 0x24, (byte) 0x99, (byte) 0x3C, + (byte) 0x2C, (byte) 0xEE, (byte) 0x5E, (byte) 0xD3}; + // G in compressed form / first part of ucompressed public static final byte[] EC128_FP_G_X = new byte[]{ - (byte) 0x16, (byte) 0x1F, (byte) 0xF7, (byte) 0x52, - (byte) 0x8B, (byte) 0x89, (byte) 0x9B, (byte) 0x2D, - (byte) 0x0C, (byte) 0x28, (byte) 0x60, (byte) 0x7C, - (byte) 0xA5, (byte) 0x2C, (byte) 0x5B, (byte) 0x86 }; - + (byte) 0x16, (byte) 0x1F, (byte) 0xF7, (byte) 0x52, + (byte) 0x8B, (byte) 0x89, (byte) 0x9B, (byte) 0x2D, + (byte) 0x0C, (byte) 0x28, (byte) 0x60, (byte) 0x7C, + (byte) 0xA5, (byte) 0x2C, (byte) 0x5B, (byte) 0x86}; + // second part of G uncompressed public static final byte[] EC128_FP_G_Y = new byte[]{ - (byte) 0xCF, (byte) 0x5A, (byte) 0xC8, (byte) 0x39, - (byte) 0x5B, (byte) 0xAF, (byte) 0xEB, (byte) 0x13, - (byte) 0xC0, (byte) 0x2D, (byte) 0xA2, (byte) 0x92, - (byte) 0xDD, (byte) 0xED, (byte) 0x7A, (byte) 0x83}; + (byte) 0xCF, (byte) 0x5A, (byte) 0xC8, (byte) 0x39, + (byte) 0x5B, (byte) 0xAF, (byte) 0xEB, (byte) 0x13, + (byte) 0xC0, (byte) 0x2D, (byte) 0xA2, (byte) 0x92, + (byte) 0xDD, (byte) 0xED, (byte) 0x7A, (byte) 0x83}; // Order of G public static final byte[] EC128_FP_R = new byte[]{ - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFE, - (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, - (byte) 0x75, (byte) 0xA3, (byte) 0x0D, (byte) 0x1B, - (byte) 0x90, (byte) 0x38, (byte) 0xA1, (byte) 0x15}; + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFE, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x75, (byte) 0xA3, (byte) 0x0D, (byte) 0x1B, + (byte) 0x90, (byte) 0x38, (byte) 0xA1, (byte) 0x15}; // cofactor of G public static final short EC128_FP_K = 1; - - // secp160r1 + + // secp160r1 public static final byte[] EC160_FP_P = new byte[]{ - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0x7F, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF}; + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0x7F, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF}; public static final byte[] EC160_FP_A = new byte[]{ - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0x7F, (byte) 0xFF, (byte) 0xFF, (byte) 0xFC}; + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0x7F, (byte) 0xFF, (byte) 0xFF, (byte) 0xFC}; public static final byte[] EC160_FP_B = new byte[]{ - (byte) 0x1C, (byte) 0x97, (byte) 0xBE, (byte) 0xFC, - (byte) 0x54, (byte) 0xBD, (byte) 0x7A, (byte) 0x8B, - (byte) 0x65, (byte) 0xAC, (byte) 0xF8, (byte) 0x9F, - (byte) 0x81, (byte) 0xD4, (byte) 0xD4, (byte) 0xAD, - (byte) 0xC5, (byte) 0x65, (byte) 0xFA, (byte) 0x45}; + (byte) 0x1C, (byte) 0x97, (byte) 0xBE, (byte) 0xFC, + (byte) 0x54, (byte) 0xBD, (byte) 0x7A, (byte) 0x8B, + (byte) 0x65, (byte) 0xAC, (byte) 0xF8, (byte) 0x9F, + (byte) 0x81, (byte) 0xD4, (byte) 0xD4, (byte) 0xAD, + (byte) 0xC5, (byte) 0x65, (byte) 0xFA, (byte) 0x45}; // G in compressed form / first part of ucompressed public static final byte[] EC160_FP_G_X = new byte[]{ - (byte) 0x4A, (byte) 0x96, (byte) 0xB5, (byte) 0x68, - (byte) 0x8E, (byte) 0xF5, (byte) 0x73, (byte) 0x28, - (byte) 0x46, (byte) 0x64, (byte) 0x69, (byte) 0x89, - (byte) 0x68, (byte) 0xC3, (byte) 0x8B, (byte) 0xB9, - (byte) 0x13, (byte) 0xCB, (byte) 0xFC, (byte) 0x82}; + (byte) 0x4A, (byte) 0x96, (byte) 0xB5, (byte) 0x68, + (byte) 0x8E, (byte) 0xF5, (byte) 0x73, (byte) 0x28, + (byte) 0x46, (byte) 0x64, (byte) 0x69, (byte) 0x89, + (byte) 0x68, (byte) 0xC3, (byte) 0x8B, (byte) 0xB9, + (byte) 0x13, (byte) 0xCB, (byte) 0xFC, (byte) 0x82}; // second part of G uncompressed public static final byte[] EC160_FP_G_Y = new byte[]{ - (byte) 0x23, (byte) 0xA6, (byte) 0x28, (byte) 0x55, - (byte) 0x31, (byte) 0x68, (byte) 0x94, (byte) 0x7D, - (byte) 0x59, (byte) 0xDC, (byte) 0xC9, (byte) 0x12, - (byte) 0x04, (byte) 0x23, (byte) 0x51, (byte) 0x37, - (byte) 0x7A, (byte) 0xC5, (byte) 0xFB, (byte) 0x32}; + (byte) 0x23, (byte) 0xA6, (byte) 0x28, (byte) 0x55, + (byte) 0x31, (byte) 0x68, (byte) 0x94, (byte) 0x7D, + (byte) 0x59, (byte) 0xDC, (byte) 0xC9, (byte) 0x12, + (byte) 0x04, (byte) 0x23, (byte) 0x51, (byte) 0x37, + (byte) 0x7A, (byte) 0xC5, (byte) 0xFB, (byte) 0x32}; // Order of G public static final byte[] EC160_FP_R = new byte[]{ - (byte) 0x01, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, - (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, - (byte) 0x00, (byte) 0x01, (byte) 0xF4, (byte) 0xC8, - (byte) 0xF9, (byte) 0x27, (byte) 0xAE, (byte) 0xD3, - (byte) 0xCA, (byte) 0x75, (byte) 0x22, (byte) 0x57}; + (byte) 0x01, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x01, (byte) 0xF4, (byte) 0xC8, + (byte) 0xF9, (byte) 0x27, (byte) 0xAE, (byte) 0xD3, + (byte) 0xCA, (byte) 0x75, (byte) 0x22, (byte) 0x57}; // cofactor of G - public static final short EC160_FP_K = 1; - - + public static final short EC160_FP_K = 1; + + // secp192r1 from http://www.secg.org/sec2-v2.pdf public static final byte[] EC192_FP_P = new byte[]{ - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFE, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF}; + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFE, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF}; public static final byte[] EC192_FP_A = new byte[]{ - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFE, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFC}; + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFE, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFC}; public static final byte[] EC192_FP_B = new byte[]{ - (byte) 0x64, (byte) 0x21, (byte) 0x05, (byte) 0x19, - (byte) 0xE5, (byte) 0x9C, (byte) 0x80, (byte) 0xE7, - (byte) 0x0F, (byte) 0xA7, (byte) 0xE9, (byte) 0xAB, - (byte) 0x72, (byte) 0x24, (byte) 0x30, (byte) 0x49, - (byte) 0xFE, (byte) 0xB8, (byte) 0xDE, (byte) 0xEC, - (byte) 0xC1, (byte) 0x46, (byte) 0xB9, (byte) 0xB1}; + (byte) 0x64, (byte) 0x21, (byte) 0x05, (byte) 0x19, + (byte) 0xE5, (byte) 0x9C, (byte) 0x80, (byte) 0xE7, + (byte) 0x0F, (byte) 0xA7, (byte) 0xE9, (byte) 0xAB, + (byte) 0x72, (byte) 0x24, (byte) 0x30, (byte) 0x49, + (byte) 0xFE, (byte) 0xB8, (byte) 0xDE, (byte) 0xEC, + (byte) 0xC1, (byte) 0x46, (byte) 0xB9, (byte) 0xB1}; // G in compressed form / first part of ucompressed public static final byte[] EC192_FP_G_X = new byte[]{ - (byte) 0x18, (byte) 0x8D, (byte) 0xA8, (byte) 0x0E, - (byte) 0xB0, (byte) 0x30, (byte) 0x90, (byte) 0xF6, - (byte) 0x7C, (byte) 0xBF, (byte) 0x20, (byte) 0xEB, - (byte) 0x43, (byte) 0xA1, (byte) 0x88, (byte) 0x00, - (byte) 0xF4, (byte) 0xFF, (byte) 0x0A, (byte) 0xFD, - (byte) 0x82, (byte) 0xFF, (byte) 0x10, (byte) 0x12}; + (byte) 0x18, (byte) 0x8D, (byte) 0xA8, (byte) 0x0E, + (byte) 0xB0, (byte) 0x30, (byte) 0x90, (byte) 0xF6, + (byte) 0x7C, (byte) 0xBF, (byte) 0x20, (byte) 0xEB, + (byte) 0x43, (byte) 0xA1, (byte) 0x88, (byte) 0x00, + (byte) 0xF4, (byte) 0xFF, (byte) 0x0A, (byte) 0xFD, + (byte) 0x82, (byte) 0xFF, (byte) 0x10, (byte) 0x12}; // second part of G uncompressed - public static final byte[] EC192_FP_G_Y = new byte[]{ - (byte) 0x07, (byte) 0x19, (byte) 0x2B, (byte) 0x95, - (byte) 0xFF, (byte) 0xC8, (byte) 0xDA, (byte) 0x78, - (byte) 0x63, (byte) 0x10, (byte) 0x11, (byte) 0xED, - (byte) 0x6B, (byte) 0x24, (byte) 0xCD, (byte) 0xD5, - (byte) 0x73, (byte) 0xF9, (byte) 0x77, (byte) 0xA1, - (byte) 0x1E, (byte) 0x79, (byte) 0x48, (byte) 0x11}; + public static final byte[] EC192_FP_G_Y = new byte[]{ + (byte) 0x07, (byte) 0x19, (byte) 0x2B, (byte) 0x95, + (byte) 0xFF, (byte) 0xC8, (byte) 0xDA, (byte) 0x78, + (byte) 0x63, (byte) 0x10, (byte) 0x11, (byte) 0xED, + (byte) 0x6B, (byte) 0x24, (byte) 0xCD, (byte) 0xD5, + (byte) 0x73, (byte) 0xF9, (byte) 0x77, (byte) 0xA1, + (byte) 0x1E, (byte) 0x79, (byte) 0x48, (byte) 0x11}; // Order of G public static final byte[] EC192_FP_R = new byte[]{ - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0x99, (byte) 0xDE, (byte) 0xF8, (byte) 0x36, - (byte) 0x14, (byte) 0x6B, (byte) 0xC9, (byte) 0xB1, - (byte) 0xB4, (byte) 0xD2, (byte) 0x28, (byte) 0x31}; + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0x99, (byte) 0xDE, (byte) 0xF8, (byte) 0x36, + (byte) 0x14, (byte) 0x6B, (byte) 0xC9, (byte) 0xB1, + (byte) 0xB4, (byte) 0xD2, (byte) 0x28, (byte) 0x31}; // cofactor of G - public static final short EC192_FP_K = 1; - + public static final short EC192_FP_K = 1; + // secp224r1 from http://www.secg.org/sec2-v2.pdf public static final byte[] EC224_FP_P = new byte[]{ - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, - (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, - (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x01}; - + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x01}; + public static final byte[] EC224_FP_A = new byte[]{ - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFE, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFE}; - + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFE, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFE}; + public static final byte[] EC224_FP_B = new byte[]{ - (byte) 0xB4, (byte) 0x05, (byte) 0x0A, (byte) 0x85, - (byte) 0x0C, (byte) 0x04, (byte) 0xB3, (byte) 0xAB, - (byte) 0xF5, (byte) 0x41, (byte) 0x32, (byte) 0x56, - (byte) 0x50, (byte) 0x44, (byte) 0xB0, (byte) 0xB7, - (byte) 0xD7, (byte) 0xBF, (byte) 0xD8, (byte) 0xBA, - (byte) 0x27, (byte) 0x0B, (byte) 0x39, (byte) 0x43, - (byte) 0x23, (byte) 0x55, (byte) 0xFF, (byte) 0xB4}; - + (byte) 0xB4, (byte) 0x05, (byte) 0x0A, (byte) 0x85, + (byte) 0x0C, (byte) 0x04, (byte) 0xB3, (byte) 0xAB, + (byte) 0xF5, (byte) 0x41, (byte) 0x32, (byte) 0x56, + (byte) 0x50, (byte) 0x44, (byte) 0xB0, (byte) 0xB7, + (byte) 0xD7, (byte) 0xBF, (byte) 0xD8, (byte) 0xBA, + (byte) 0x27, (byte) 0x0B, (byte) 0x39, (byte) 0x43, + (byte) 0x23, (byte) 0x55, (byte) 0xFF, (byte) 0xB4}; + // G in compressed form / first part of ucompressed public static final byte[] EC224_FP_G_X = new byte[]{ - (byte) 0xB7, (byte) 0x0E, (byte) 0x0C, (byte) 0xBD, - (byte) 0x6B, (byte) 0xB4, (byte) 0xBF, (byte) 0x7F, - (byte) 0x32, (byte) 0x13, (byte) 0x90, (byte) 0xB9, - (byte) 0x4A, (byte) 0x03, (byte) 0xC1, (byte) 0xD3, - (byte) 0x56, (byte) 0xC2, (byte) 0x11, (byte) 0x22, - (byte) 0x34, (byte) 0x32, (byte) 0x80, (byte) 0xD6, - (byte) 0x11, (byte) 0x5C, (byte) 0x1D, (byte) 0x21}; + (byte) 0xB7, (byte) 0x0E, (byte) 0x0C, (byte) 0xBD, + (byte) 0x6B, (byte) 0xB4, (byte) 0xBF, (byte) 0x7F, + (byte) 0x32, (byte) 0x13, (byte) 0x90, (byte) 0xB9, + (byte) 0x4A, (byte) 0x03, (byte) 0xC1, (byte) 0xD3, + (byte) 0x56, (byte) 0xC2, (byte) 0x11, (byte) 0x22, + (byte) 0x34, (byte) 0x32, (byte) 0x80, (byte) 0xD6, + (byte) 0x11, (byte) 0x5C, (byte) 0x1D, (byte) 0x21}; // second part of G uncompressed public static final byte[] EC224_FP_G_Y = new byte[]{ - (byte) 0xBD, (byte) 0x37, (byte) 0x63, (byte) 0x88, - (byte) 0xB5, (byte) 0xF7, (byte) 0x23, (byte) 0xFB, - (byte) 0x4C, (byte) 0x22, (byte) 0xDF, (byte) 0xE6, - (byte) 0xCD, (byte) 0x43, (byte) 0x75, (byte) 0xA0, - (byte) 0x5A, (byte) 0x07, (byte) 0x47, (byte) 0x64, - (byte) 0x44, (byte) 0xD5, (byte) 0x81, (byte) 0x99, - (byte) 0x85, (byte) 0x00, (byte) 0x7E, (byte) 0x34}; + (byte) 0xBD, (byte) 0x37, (byte) 0x63, (byte) 0x88, + (byte) 0xB5, (byte) 0xF7, (byte) 0x23, (byte) 0xFB, + (byte) 0x4C, (byte) 0x22, (byte) 0xDF, (byte) 0xE6, + (byte) 0xCD, (byte) 0x43, (byte) 0x75, (byte) 0xA0, + (byte) 0x5A, (byte) 0x07, (byte) 0x47, (byte) 0x64, + (byte) 0x44, (byte) 0xD5, (byte) 0x81, (byte) 0x99, + (byte) 0x85, (byte) 0x00, (byte) 0x7E, (byte) 0x34}; // Order of G public static final byte[] EC224_FP_R = new byte[]{ - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0x16, (byte) 0xA2, - (byte) 0xE0, (byte) 0xB8, (byte) 0xF0, (byte) 0x3E, - (byte) 0x13, (byte) 0xDD, (byte) 0x29, (byte) 0x45, - (byte) 0x5C, (byte) 0x5C, (byte) 0x2A, (byte) 0x3D}; + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0x16, (byte) 0xA2, + (byte) 0xE0, (byte) 0xB8, (byte) 0xF0, (byte) 0x3E, + (byte) 0x13, (byte) 0xDD, (byte) 0x29, (byte) 0x45, + (byte) 0x5C, (byte) 0x5C, (byte) 0x2A, (byte) 0x3D}; // cofactor of G - public static final short EC224_FP_K = 1; - + public static final short EC224_FP_K = 1; + // secp256r1 from http://www.secg.org/sec2-v2.pdf public static final byte[] EC256_FP_P = new byte[]{ - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x01, - (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, - (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, - (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF}; + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x01, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF}; public static final byte[] EC256_FP_A = new byte[]{ - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x01, - (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, - (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, - (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFC}; + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x01, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFC}; public static final byte[] EC256_FP_B = new byte[]{ - (byte) 0x5A, (byte) 0xC6, (byte) 0x35, (byte) 0xD8, - (byte) 0xAA, (byte) 0x3A, (byte) 0x93, (byte) 0xE7, - (byte) 0xB3, (byte) 0xEB, (byte) 0xBD, (byte) 0x55, - (byte) 0x76, (byte) 0x98, (byte) 0x86, (byte) 0xBC, - (byte) 0x65, (byte) 0x1D, (byte) 0x06, (byte) 0xB0, - (byte) 0xCC, (byte) 0x53, (byte) 0xB0, (byte) 0xF6, - (byte) 0x3B, (byte) 0xCE, (byte) 0x3C, (byte) 0x3E, - (byte) 0x27, (byte) 0xD2, (byte) 0x60, (byte) 0x4B}; + (byte) 0x5A, (byte) 0xC6, (byte) 0x35, (byte) 0xD8, + (byte) 0xAA, (byte) 0x3A, (byte) 0x93, (byte) 0xE7, + (byte) 0xB3, (byte) 0xEB, (byte) 0xBD, (byte) 0x55, + (byte) 0x76, (byte) 0x98, (byte) 0x86, (byte) 0xBC, + (byte) 0x65, (byte) 0x1D, (byte) 0x06, (byte) 0xB0, + (byte) 0xCC, (byte) 0x53, (byte) 0xB0, (byte) 0xF6, + (byte) 0x3B, (byte) 0xCE, (byte) 0x3C, (byte) 0x3E, + (byte) 0x27, (byte) 0xD2, (byte) 0x60, (byte) 0x4B}; // G in compressed form / first part of ucompressed public static final byte[] EC256_FP_G_X = new byte[]{ - (byte) 0x6B, (byte) 0x17, (byte) 0xD1, (byte) 0xF2, - (byte) 0xE1, (byte) 0x2C, (byte) 0x42, (byte) 0x47, - (byte) 0xF8, (byte) 0xBC, (byte) 0xE6, (byte) 0xE5, - (byte) 0x63, (byte) 0xA4, (byte) 0x40, (byte) 0xF2, - (byte) 0x77, (byte) 0x03, (byte) 0x7D, (byte) 0x81, - (byte) 0x2D, (byte) 0xEB, (byte) 0x33, (byte) 0xA0, - (byte) 0xF4, (byte) 0xA1, (byte) 0x39, (byte) 0x45, - (byte) 0xD8, (byte) 0x98, (byte) 0xC2, (byte) 0x96}; + (byte) 0x6B, (byte) 0x17, (byte) 0xD1, (byte) 0xF2, + (byte) 0xE1, (byte) 0x2C, (byte) 0x42, (byte) 0x47, + (byte) 0xF8, (byte) 0xBC, (byte) 0xE6, (byte) 0xE5, + (byte) 0x63, (byte) 0xA4, (byte) 0x40, (byte) 0xF2, + (byte) 0x77, (byte) 0x03, (byte) 0x7D, (byte) 0x81, + (byte) 0x2D, (byte) 0xEB, (byte) 0x33, (byte) 0xA0, + (byte) 0xF4, (byte) 0xA1, (byte) 0x39, (byte) 0x45, + (byte) 0xD8, (byte) 0x98, (byte) 0xC2, (byte) 0x96}; // second part of G uncompressed public static final byte[] EC256_FP_G_Y = new byte[]{ - (byte) 0x4F, (byte) 0xE3, (byte) 0x42, (byte) 0xE2, - (byte) 0xFE, (byte) 0x1A, (byte) 0x7F, (byte) 0x9B, - (byte) 0x8E, (byte) 0xE7, (byte) 0xEB, (byte) 0x4A, - (byte) 0x7C, (byte) 0x0F, (byte) 0x9E, (byte) 0x16, - (byte) 0x2B, (byte) 0xCE, (byte) 0x33, (byte) 0x57, - (byte) 0x6B, (byte) 0x31, (byte) 0x5E, (byte) 0xCE, - (byte) 0xCB, (byte) 0xB6, (byte) 0x40, (byte) 0x68, - (byte) 0x37, (byte) 0xBF, (byte) 0x51, (byte) 0xF5}; + (byte) 0x4F, (byte) 0xE3, (byte) 0x42, (byte) 0xE2, + (byte) 0xFE, (byte) 0x1A, (byte) 0x7F, (byte) 0x9B, + (byte) 0x8E, (byte) 0xE7, (byte) 0xEB, (byte) 0x4A, + (byte) 0x7C, (byte) 0x0F, (byte) 0x9E, (byte) 0x16, + (byte) 0x2B, (byte) 0xCE, (byte) 0x33, (byte) 0x57, + (byte) 0x6B, (byte) 0x31, (byte) 0x5E, (byte) 0xCE, + (byte) 0xCB, (byte) 0xB6, (byte) 0x40, (byte) 0x68, + (byte) 0x37, (byte) 0xBF, (byte) 0x51, (byte) 0xF5}; // Order of G public static final byte[] EC256_FP_R = new byte[]{ - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xBC, (byte) 0xE6, (byte) 0xFA, (byte) 0xAD, - (byte) 0xA7, (byte) 0x17, (byte) 0x9E, (byte) 0x84, - (byte) 0xF3, (byte) 0xB9, (byte) 0xCA, (byte) 0xC2, - (byte) 0xFC, (byte) 0x63, (byte) 0x25, (byte) 0x51}; + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xBC, (byte) 0xE6, (byte) 0xFA, (byte) 0xAD, + (byte) 0xA7, (byte) 0x17, (byte) 0x9E, (byte) 0x84, + (byte) 0xF3, (byte) 0xB9, (byte) 0xCA, (byte) 0xC2, + (byte) 0xFC, (byte) 0x63, (byte) 0x25, (byte) 0x51}; // cofactor of G - public static final short EC256_FP_K = 1; - + public static final short EC256_FP_K = 1; + // secp384r1 from http://www.secg.org/sec2-v2.pdf public static final byte[] EC384_FP_P = new byte[]{ - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFE, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, - (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF}; - + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFE, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF}; + public static final byte[] EC384_FP_A = new byte[]{ - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFE, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, - (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFC}; - + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFE, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFC}; + public static final byte[] EC384_FP_B = new byte[]{ - (byte) 0xB3, (byte) 0x31, (byte) 0x2F, (byte) 0xA7, - (byte) 0xE2, (byte) 0x3E, (byte) 0xE7, (byte) 0xE4, - (byte) 0x98, (byte) 0x8E, (byte) 0x05, (byte) 0x6B, - (byte) 0xE3, (byte) 0xF8, (byte) 0x2D, (byte) 0x19, - (byte) 0x18, (byte) 0x1D, (byte) 0x9C, (byte) 0x6E, - (byte) 0xFE, (byte) 0x81, (byte) 0x41, (byte) 0x12, - (byte) 0x03, (byte) 0x14, (byte) 0x08, (byte) 0x8F, - (byte) 0x50, (byte) 0x13, (byte) 0x87, (byte) 0x5A, - (byte) 0xC6, (byte) 0x56, (byte) 0x39, (byte) 0x8D, - (byte) 0x8A, (byte) 0x2E, (byte) 0xD1, (byte) 0x9D, - (byte) 0x2A, (byte) 0x85, (byte) 0xC8, (byte) 0xED, - (byte) 0xD3, (byte) 0xEC, (byte) 0x2A, (byte) 0xEF}; - + (byte) 0xB3, (byte) 0x31, (byte) 0x2F, (byte) 0xA7, + (byte) 0xE2, (byte) 0x3E, (byte) 0xE7, (byte) 0xE4, + (byte) 0x98, (byte) 0x8E, (byte) 0x05, (byte) 0x6B, + (byte) 0xE3, (byte) 0xF8, (byte) 0x2D, (byte) 0x19, + (byte) 0x18, (byte) 0x1D, (byte) 0x9C, (byte) 0x6E, + (byte) 0xFE, (byte) 0x81, (byte) 0x41, (byte) 0x12, + (byte) 0x03, (byte) 0x14, (byte) 0x08, (byte) 0x8F, + (byte) 0x50, (byte) 0x13, (byte) 0x87, (byte) 0x5A, + (byte) 0xC6, (byte) 0x56, (byte) 0x39, (byte) 0x8D, + (byte) 0x8A, (byte) 0x2E, (byte) 0xD1, (byte) 0x9D, + (byte) 0x2A, (byte) 0x85, (byte) 0xC8, (byte) 0xED, + (byte) 0xD3, (byte) 0xEC, (byte) 0x2A, (byte) 0xEF}; + // G in compressed form / first part of ucompressed public static final byte[] EC384_FP_G_X = new byte[]{ - (byte) 0xAA, (byte) 0x87, (byte) 0xCA, (byte) 0x22, - (byte) 0xBE, (byte) 0x8B, (byte) 0x05, (byte) 0x37, - (byte) 0x8E, (byte) 0xB1, (byte) 0xC7, (byte) 0x1E, - (byte) 0xF3, (byte) 0x20, (byte) 0xAD, (byte) 0x74, - (byte) 0x6E, (byte) 0x1D, (byte) 0x3B, (byte) 0x62, - (byte) 0x8B, (byte) 0xA7, (byte) 0x9B, (byte) 0x98, - (byte) 0x59, (byte) 0xF7, (byte) 0x41, (byte) 0xE0, - (byte) 0x82, (byte) 0x54, (byte) 0x2A, (byte) 0x38, - (byte) 0x55, (byte) 0x02, (byte) 0xF2, (byte) 0x5D, - (byte) 0xBF, (byte) 0x55, (byte) 0x29, (byte) 0x6C, - (byte) 0x3A, (byte) 0x54, (byte) 0x5E, (byte) 0x38, - (byte) 0x72, (byte) 0x76, (byte) 0x0A, (byte) 0xB7}; + (byte) 0xAA, (byte) 0x87, (byte) 0xCA, (byte) 0x22, + (byte) 0xBE, (byte) 0x8B, (byte) 0x05, (byte) 0x37, + (byte) 0x8E, (byte) 0xB1, (byte) 0xC7, (byte) 0x1E, + (byte) 0xF3, (byte) 0x20, (byte) 0xAD, (byte) 0x74, + (byte) 0x6E, (byte) 0x1D, (byte) 0x3B, (byte) 0x62, + (byte) 0x8B, (byte) 0xA7, (byte) 0x9B, (byte) 0x98, + (byte) 0x59, (byte) 0xF7, (byte) 0x41, (byte) 0xE0, + (byte) 0x82, (byte) 0x54, (byte) 0x2A, (byte) 0x38, + (byte) 0x55, (byte) 0x02, (byte) 0xF2, (byte) 0x5D, + (byte) 0xBF, (byte) 0x55, (byte) 0x29, (byte) 0x6C, + (byte) 0x3A, (byte) 0x54, (byte) 0x5E, (byte) 0x38, + (byte) 0x72, (byte) 0x76, (byte) 0x0A, (byte) 0xB7}; // second part of G uncompressed public static final byte[] EC384_FP_G_Y = new byte[]{ - (byte) 0x36, (byte) 0x17, (byte) 0xDE, (byte) 0x4A, - (byte) 0x96, (byte) 0x26, (byte) 0x2C, (byte) 0x6F, - (byte) 0x5D, (byte) 0x9E, (byte) 0x98, (byte) 0xBF, - (byte) 0x92, (byte) 0x92, (byte) 0xDC, (byte) 0x29, - (byte) 0xF8, (byte) 0xF4, (byte) 0x1D, (byte) 0xBD, - (byte) 0x28, (byte) 0x9A, (byte) 0x14, (byte) 0x7C, - (byte) 0xE9, (byte) 0xDA, (byte) 0x31, (byte) 0x13, - (byte) 0xB5, (byte) 0xF0, (byte) 0xB8, (byte) 0xC0, - (byte) 0x0A, (byte) 0x60, (byte) 0xB1, (byte) 0xCE, - (byte) 0x1D, (byte) 0x7E, (byte) 0x81, (byte) 0x9D, - (byte) 0x7A, (byte) 0x43, (byte) 0x1D, (byte) 0x7C, - (byte) 0x90, (byte) 0xEA, (byte) 0x0E, (byte) 0x5F}; - + (byte) 0x36, (byte) 0x17, (byte) 0xDE, (byte) 0x4A, + (byte) 0x96, (byte) 0x26, (byte) 0x2C, (byte) 0x6F, + (byte) 0x5D, (byte) 0x9E, (byte) 0x98, (byte) 0xBF, + (byte) 0x92, (byte) 0x92, (byte) 0xDC, (byte) 0x29, + (byte) 0xF8, (byte) 0xF4, (byte) 0x1D, (byte) 0xBD, + (byte) 0x28, (byte) 0x9A, (byte) 0x14, (byte) 0x7C, + (byte) 0xE9, (byte) 0xDA, (byte) 0x31, (byte) 0x13, + (byte) 0xB5, (byte) 0xF0, (byte) 0xB8, (byte) 0xC0, + (byte) 0x0A, (byte) 0x60, (byte) 0xB1, (byte) 0xCE, + (byte) 0x1D, (byte) 0x7E, (byte) 0x81, (byte) 0x9D, + (byte) 0x7A, (byte) 0x43, (byte) 0x1D, (byte) 0x7C, + (byte) 0x90, (byte) 0xEA, (byte) 0x0E, (byte) 0x5F}; + // Order of G public static final byte[] EC384_FP_R = new byte[]{ - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xC7, (byte) 0x63, (byte) 0x4D, (byte) 0x81, - (byte) 0xF4, (byte) 0x37, (byte) 0x2D, (byte) 0xDF, - (byte) 0x58, (byte) 0x1A, (byte) 0x0D, (byte) 0xB2, - (byte) 0x48, (byte) 0xB0, (byte) 0xA7, (byte) 0x7A, - (byte) 0xEC, (byte) 0xEC, (byte) 0x19, (byte) 0x6A, - (byte) 0xCC, (byte) 0xC5, (byte) 0x29, (byte) 0x73}; + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xC7, (byte) 0x63, (byte) 0x4D, (byte) 0x81, + (byte) 0xF4, (byte) 0x37, (byte) 0x2D, (byte) 0xDF, + (byte) 0x58, (byte) 0x1A, (byte) 0x0D, (byte) 0xB2, + (byte) 0x48, (byte) 0xB0, (byte) 0xA7, (byte) 0x7A, + (byte) 0xEC, (byte) 0xEC, (byte) 0x19, (byte) 0x6A, + (byte) 0xCC, (byte) 0xC5, (byte) 0x29, (byte) 0x73}; // cofactor of G - public static final short EC384_FP_K = 1; - - + public static final short EC384_FP_K = 1; + + // secp521r1 from http://www.secg.org/sec2-v2.pdf public static final byte[] EC521_FP_P = new byte[]{ - (byte) 0x01, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF}; + (byte) 0x01, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF}; public static final byte[] EC521_FP_A = new byte[]{ - (byte) 0x01, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFC}; + (byte) 0x01, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFC}; public static final byte[] EC521_FP_B = new byte[]{ - (byte) 0x00, (byte) 0x51, (byte) 0x95, (byte) 0x3E, - (byte) 0xB9, (byte) 0x61, (byte) 0x8E, (byte) 0x1C, - (byte) 0x9A, (byte) 0x1F, (byte) 0x92, (byte) 0x9A, - (byte) 0x21, (byte) 0xA0, (byte) 0xB6, (byte) 0x85, - (byte) 0x40, (byte) 0xEE, (byte) 0xA2, (byte) 0xDA, - (byte) 0x72, (byte) 0x5B, (byte) 0x99, (byte) 0xB3, - (byte) 0x15, (byte) 0xF3, (byte) 0xB8, (byte) 0xB4, - (byte) 0x89, (byte) 0x91, (byte) 0x8E, (byte) 0xF1, - (byte) 0x09, (byte) 0xE1, (byte) 0x56, (byte) 0x19, - (byte) 0x39, (byte) 0x51, (byte) 0xEC, (byte) 0x7E, - (byte) 0x93, (byte) 0x7B, (byte) 0x16, (byte) 0x52, - (byte) 0xC0, (byte) 0xBD, (byte) 0x3B, (byte) 0xB1, - (byte) 0xBF, (byte) 0x07, (byte) 0x35, (byte) 0x73, - (byte) 0xDF, (byte) 0x88, (byte) 0x3D, (byte) 0x2C, - (byte) 0x34, (byte) 0xF1, (byte) 0xEF, (byte) 0x45, - (byte) 0x1F, (byte) 0xD4, (byte) 0x6B, (byte) 0x50, - (byte) 0x3F, (byte) 0x00}; + (byte) 0x00, (byte) 0x51, (byte) 0x95, (byte) 0x3E, + (byte) 0xB9, (byte) 0x61, (byte) 0x8E, (byte) 0x1C, + (byte) 0x9A, (byte) 0x1F, (byte) 0x92, (byte) 0x9A, + (byte) 0x21, (byte) 0xA0, (byte) 0xB6, (byte) 0x85, + (byte) 0x40, (byte) 0xEE, (byte) 0xA2, (byte) 0xDA, + (byte) 0x72, (byte) 0x5B, (byte) 0x99, (byte) 0xB3, + (byte) 0x15, (byte) 0xF3, (byte) 0xB8, (byte) 0xB4, + (byte) 0x89, (byte) 0x91, (byte) 0x8E, (byte) 0xF1, + (byte) 0x09, (byte) 0xE1, (byte) 0x56, (byte) 0x19, + (byte) 0x39, (byte) 0x51, (byte) 0xEC, (byte) 0x7E, + (byte) 0x93, (byte) 0x7B, (byte) 0x16, (byte) 0x52, + (byte) 0xC0, (byte) 0xBD, (byte) 0x3B, (byte) 0xB1, + (byte) 0xBF, (byte) 0x07, (byte) 0x35, (byte) 0x73, + (byte) 0xDF, (byte) 0x88, (byte) 0x3D, (byte) 0x2C, + (byte) 0x34, (byte) 0xF1, (byte) 0xEF, (byte) 0x45, + (byte) 0x1F, (byte) 0xD4, (byte) 0x6B, (byte) 0x50, + (byte) 0x3F, (byte) 0x00}; // G in compressed form / first part of ucompressed public static final byte[] EC521_FP_G_X = new byte[]{ - (byte) 0x00, (byte) 0xC6, (byte) 0x85, (byte) 0x8E, - (byte) 0x06, (byte) 0xB7, (byte) 0x04, (byte) 0x04, - (byte) 0xE9, (byte) 0xCD, (byte) 0x9E, (byte) 0x3E, - (byte) 0xCB, (byte) 0x66, (byte) 0x23, (byte) 0x95, - (byte) 0xB4, (byte) 0x42, (byte) 0x9C, (byte) 0x64, - (byte) 0x81, (byte) 0x39, (byte) 0x05, (byte) 0x3F, - (byte) 0xB5, (byte) 0x21, (byte) 0xF8, (byte) 0x28, - (byte) 0xAF, (byte) 0x60, (byte) 0x6B, (byte) 0x4D, - (byte) 0x3D, (byte) 0xBA, (byte) 0xA1, (byte) 0x4B, - (byte) 0x5E, (byte) 0x77, (byte) 0xEF, (byte) 0xE7, - (byte) 0x59, (byte) 0x28, (byte) 0xFE, (byte) 0x1D, - (byte) 0xC1, (byte) 0x27, (byte) 0xA2, (byte) 0xFF, - (byte) 0xA8, (byte) 0xDE, (byte) 0x33, (byte) 0x48, - (byte) 0xB3, (byte) 0xC1, (byte) 0x85, (byte) 0x6A, - (byte) 0x42, (byte) 0x9B, (byte) 0xF9, (byte) 0x7E, - (byte) 0x7E, (byte) 0x31, (byte) 0xC2, (byte) 0xE5, - (byte) 0xBD, (byte) 0x66}; - + (byte) 0x00, (byte) 0xC6, (byte) 0x85, (byte) 0x8E, + (byte) 0x06, (byte) 0xB7, (byte) 0x04, (byte) 0x04, + (byte) 0xE9, (byte) 0xCD, (byte) 0x9E, (byte) 0x3E, + (byte) 0xCB, (byte) 0x66, (byte) 0x23, (byte) 0x95, + (byte) 0xB4, (byte) 0x42, (byte) 0x9C, (byte) 0x64, + (byte) 0x81, (byte) 0x39, (byte) 0x05, (byte) 0x3F, + (byte) 0xB5, (byte) 0x21, (byte) 0xF8, (byte) 0x28, + (byte) 0xAF, (byte) 0x60, (byte) 0x6B, (byte) 0x4D, + (byte) 0x3D, (byte) 0xBA, (byte) 0xA1, (byte) 0x4B, + (byte) 0x5E, (byte) 0x77, (byte) 0xEF, (byte) 0xE7, + (byte) 0x59, (byte) 0x28, (byte) 0xFE, (byte) 0x1D, + (byte) 0xC1, (byte) 0x27, (byte) 0xA2, (byte) 0xFF, + (byte) 0xA8, (byte) 0xDE, (byte) 0x33, (byte) 0x48, + (byte) 0xB3, (byte) 0xC1, (byte) 0x85, (byte) 0x6A, + (byte) 0x42, (byte) 0x9B, (byte) 0xF9, (byte) 0x7E, + (byte) 0x7E, (byte) 0x31, (byte) 0xC2, (byte) 0xE5, + (byte) 0xBD, (byte) 0x66}; + // second part of G uncompressed public static final byte[] EC521_FP_G_Y = new byte[]{ - (byte) 0x01, (byte) 0x18, (byte) 0x39, (byte) 0x29, - (byte) 0x6A, (byte) 0x78, (byte) 0x9A, (byte) 0x3B, - (byte) 0xC0, (byte) 0x04, (byte) 0x5C, (byte) 0x8A, - (byte) 0x5F, (byte) 0xB4, (byte) 0x2C, (byte) 0x7D, - (byte) 0x1B, (byte) 0xD9, (byte) 0x98, (byte) 0xF5, - (byte) 0x44, (byte) 0x49, (byte) 0x57, (byte) 0x9B, - (byte) 0x44, (byte) 0x68, (byte) 0x17, (byte) 0xAF, - (byte) 0xBD, (byte) 0x17, (byte) 0x27, (byte) 0x3E, - (byte) 0x66, (byte) 0x2C, (byte) 0x97, (byte) 0xEE, - (byte) 0x72, (byte) 0x99, (byte) 0x5E, (byte) 0xF4, - (byte) 0x26, (byte) 0x40, (byte) 0xC5, (byte) 0x50, - (byte) 0xB9, (byte) 0x01, (byte) 0x3F, (byte) 0xAD, - (byte) 0x07, (byte) 0x61, (byte) 0x35, (byte) 0x3C, - (byte) 0x70, (byte) 0x86, (byte) 0xA2, (byte) 0x72, - (byte) 0xC2, (byte) 0x40, (byte) 0x88, (byte) 0xBE, - (byte) 0x94, (byte) 0x76, (byte) 0x9F, (byte) 0xD1, - (byte) 0x66, (byte) 0x50}; + (byte) 0x01, (byte) 0x18, (byte) 0x39, (byte) 0x29, + (byte) 0x6A, (byte) 0x78, (byte) 0x9A, (byte) 0x3B, + (byte) 0xC0, (byte) 0x04, (byte) 0x5C, (byte) 0x8A, + (byte) 0x5F, (byte) 0xB4, (byte) 0x2C, (byte) 0x7D, + (byte) 0x1B, (byte) 0xD9, (byte) 0x98, (byte) 0xF5, + (byte) 0x44, (byte) 0x49, (byte) 0x57, (byte) 0x9B, + (byte) 0x44, (byte) 0x68, (byte) 0x17, (byte) 0xAF, + (byte) 0xBD, (byte) 0x17, (byte) 0x27, (byte) 0x3E, + (byte) 0x66, (byte) 0x2C, (byte) 0x97, (byte) 0xEE, + (byte) 0x72, (byte) 0x99, (byte) 0x5E, (byte) 0xF4, + (byte) 0x26, (byte) 0x40, (byte) 0xC5, (byte) 0x50, + (byte) 0xB9, (byte) 0x01, (byte) 0x3F, (byte) 0xAD, + (byte) 0x07, (byte) 0x61, (byte) 0x35, (byte) 0x3C, + (byte) 0x70, (byte) 0x86, (byte) 0xA2, (byte) 0x72, + (byte) 0xC2, (byte) 0x40, (byte) 0x88, (byte) 0xBE, + (byte) 0x94, (byte) 0x76, (byte) 0x9F, (byte) 0xD1, + (byte) 0x66, (byte) 0x50}; // Order of G public static final byte[] EC521_FP_R = new byte[]{ - (byte) 0x01, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFA, - (byte) 0x51, (byte) 0x86, (byte) 0x87, (byte) 0x83, - (byte) 0xBF, (byte) 0x2F, (byte) 0x96, (byte) 0x6B, - (byte) 0x7F, (byte) 0xCC, (byte) 0x01, (byte) 0x48, - (byte) 0xF7, (byte) 0x09, (byte) 0xA5, (byte) 0xD0, - (byte) 0x3B, (byte) 0xB5, (byte) 0xC9, (byte) 0xB8, - (byte) 0x89, (byte) 0x9C, (byte) 0x47, (byte) 0xAE, - (byte) 0xBB, (byte) 0x6F, (byte) 0xB7, (byte) 0x1E, - (byte) 0x91, (byte) 0x38, (byte) 0x64, (byte) 0x09}; - + (byte) 0x01, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFA, + (byte) 0x51, (byte) 0x86, (byte) 0x87, (byte) 0x83, + (byte) 0xBF, (byte) 0x2F, (byte) 0x96, (byte) 0x6B, + (byte) 0x7F, (byte) 0xCC, (byte) 0x01, (byte) 0x48, + (byte) 0xF7, (byte) 0x09, (byte) 0xA5, (byte) 0xD0, + (byte) 0x3B, (byte) 0xB5, (byte) 0xC9, (byte) 0xB8, + (byte) 0x89, (byte) 0x9C, (byte) 0x47, (byte) 0xAE, + (byte) 0xBB, (byte) 0x6F, (byte) 0xB7, (byte) 0x1E, + (byte) 0x91, (byte) 0x38, (byte) 0x64, (byte) 0x09}; + // cofactor of G - public static final short EC521_FP_K = 1; + public static final short EC521_FP_K = 1; - - public static final byte VALID_KEY = 1; - public static final byte INVALIDB_FIXED = 2; - public static final byte INVALIDB_RANDOM = 3; - - - public static void setValidECKeyParams(ECPublicKey ecPubKey, ECPrivateKey ecPrivKey, byte ecClass, short ecLength, byte[] auxBuffer) { - setECKeyParams(ecPubKey, ecPrivKey, ecClass, ecLength, auxBuffer, VALID_KEY); - } - public static void setInValidECKeyParams(ECPublicKey ecPubKey, ECPrivateKey ecPrivKey, byte ecClass, short ecLength, byte[] auxBuffer) { - setECKeyParams(ecPubKey, ecPrivKey, ecClass, ecLength, auxBuffer, INVALIDB_FIXED); - } - public static void setInValidECKeyParamsRandomB(ECPublicKey ecPubKey, ECPrivateKey ecPrivKey, byte ecClass, short ecLength, byte[] auxBuffer) { - setECKeyParams(ecPubKey, ecPrivKey, ecClass, ecLength, auxBuffer, INVALIDB_RANDOM); - } - private static void setECKeyParams(ECPublicKey ecPubKey, ECPrivateKey ecPrivKey, byte ecClass, short ecLength, byte[] auxBuffer, byte bInvalidKeyType) { - if (ecClass == KeyPair.ALG_EC_FP) { - // Select proper courve parameters - switch (ecLength) { - case (short) 128: { - EC_FP_P = EC128_FP_P; - EC_FP_A = EC128_FP_A; - EC_FP_B = EC128_FP_B; - EC_FP_G_X = EC128_FP_G_X; - EC_FP_G_Y = EC128_FP_G_Y; - EC_FP_R = EC128_FP_R; - EC_FP_K = EC128_FP_K; - break; - } - case (short) 160: { - EC_FP_P = EC160_FP_P; - EC_FP_A = EC160_FP_A; - EC_FP_B = EC160_FP_B; - EC_FP_G_X = EC160_FP_G_X; - EC_FP_G_Y = EC160_FP_G_Y; - EC_FP_R = EC160_FP_R; - EC_FP_K = EC160_FP_K; - break; - } - case (short) 192: { - EC_FP_P = EC192_FP_P; - EC_FP_A = EC192_FP_A; - EC_FP_B = EC192_FP_B; - EC_FP_G_X = EC192_FP_G_X; - EC_FP_G_Y = EC192_FP_G_Y; - EC_FP_R = EC192_FP_R; - EC_FP_K = EC192_FP_K; - break; - } - case (short) 224: { - EC_FP_P = EC224_FP_P; - EC_FP_A = EC224_FP_A; - EC_FP_B = EC224_FP_B; - EC_FP_G_X = EC224_FP_G_X; - EC_FP_G_Y = EC224_FP_G_Y; - EC_FP_R = EC224_FP_R; - EC_FP_K = EC224_FP_K; - break; - } - case (short) 256: { - EC_FP_P = EC256_FP_P; - EC_FP_A = EC256_FP_A; - EC_FP_B = EC256_FP_B; - EC_FP_G_X = EC256_FP_G_X; - EC_FP_G_Y = EC256_FP_G_Y; - EC_FP_R = EC256_FP_R; - EC_FP_K = EC256_FP_K; - break; - } - case (short) 384: { - EC_FP_P = EC384_FP_P; - EC_FP_A = EC384_FP_A; - EC_FP_B = EC384_FP_B; - EC_FP_G_X = EC384_FP_G_X; - EC_FP_G_Y = EC384_FP_G_Y; - EC_FP_R = EC384_FP_R; - EC_FP_K = EC384_FP_K; - break; - } - case (short) 521: { - EC_FP_P = EC521_FP_P; - EC_FP_A = EC521_FP_A; - EC_FP_B = EC521_FP_B; - EC_FP_G_X = EC521_FP_G_X; - EC_FP_G_Y = EC521_FP_G_Y; - EC_FP_R = EC521_FP_R; - EC_FP_K = EC521_FP_K; - break; - } - default: { + //sect163r1 from http://www.secg.org/sec2-v2.pdf + // [short i1, short i2, short i3] f = x^163 + x^i1 + x^i2 + x^i3 + 1 + public static final byte[] EC163_F2M_F = new byte[]{ + (byte) 0x00, (byte) 0x07, + (byte) 0x00, (byte) 0x06, + (byte) 0x00, (byte) 0x03 + }; + + public static final byte[] EC163_F2M_A = new byte[]{ + (byte) 0x07, (byte) 0xB6, (byte) 0x88, (byte) 0x2C, + (byte) 0xAA, (byte) 0xEF, (byte) 0xA8, (byte) 0x4F, + (byte) 0x95, (byte) 0x54, (byte) 0xFF, (byte) 0x84, + (byte) 0x28, (byte) 0xBD, (byte) 0x88, (byte) 0xE2, + (byte) 0x46, (byte) 0xD2, (byte) 0x78, (byte) 0x2A, + (byte) 0xE2 + }; + + public static final byte[] EC163_F2M_B = new byte[]{ + (byte) 0x07, (byte) 0x13, (byte) 0x61, (byte) 0x2D, + (byte) 0xCD, (byte) 0xDC, (byte) 0xB4, (byte) 0x0A, + (byte) 0xAB, (byte) 0x94, (byte) 0x6B, (byte) 0xDA, + (byte) 0x29, (byte) 0xCA, (byte) 0x91, (byte) 0xF7, + (byte) 0x3A, (byte) 0xF9, (byte) 0x58, (byte) 0xAF, + (byte) 0xD9 + }; + + // G in compressed form / first part of ucompressed + public static final byte[] EC163_F2M_G_X = new byte[]{ + (byte) 0x03, (byte) 0x69, (byte) 0x97, (byte) 0x96, + (byte) 0x97, (byte) 0xAB, (byte) 0x43, (byte) 0x89, + (byte) 0x77, (byte) 0x89, (byte) 0x56, (byte) 0x67, + (byte) 0x89, (byte) 0x56, (byte) 0x7F, (byte) 0x78, + (byte) 0x7A, (byte) 0x78, (byte) 0x76, (byte) 0xA6, + (byte) 0x54 + }; + + // second part of G uncompressed + public static final byte[] EC163_F2M_G_Y = new byte[]{ + (byte) 0x00, (byte) 0x43, (byte) 0x5E, (byte) 0xDB, + (byte) 0x42, (byte) 0xEF, (byte) 0xAF, (byte) 0xB2, + (byte) 0x98, (byte) 0x9D, (byte) 0x51, (byte) 0xFE, + (byte) 0xFC, (byte) 0xE3, (byte) 0xC8, (byte) 0x09, + (byte) 0x88, (byte) 0xF4, (byte) 0x1F, (byte) 0xF8, + (byte) 0x83 + }; + + // order of G + public static final byte[] EC163_F2M_R = new byte[]{ + (byte) 0x03, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0x48, + (byte) 0xAA, (byte) 0xB6, (byte) 0x89, (byte) 0xC2, + (byte) 0x9C, (byte) 0xA7, (byte) 0x10, (byte) 0x27, + (byte) 0x9B + }; + + // cofactor of G + public static final short EC163_F2M_K = 2; + + //sect233r1 from http://www.secg.org/sec2-v2.pdf + // [short i1, short i2, short i3] f = x^233 + x^i1 + 1 + public static final byte[] EC233_F2M_F = new byte[]{ + (byte) 0x00, (byte) 0x4a + }; + + public static final byte[] EC233_F2M_A = new byte[]{ + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x01 + }; + + public static final byte[] EC233_F2M_B = new byte[]{ + (byte) 0x00, (byte) 0x66, (byte) 0x64, (byte) 0x7E, + (byte) 0xDE, (byte) 0x6C, (byte) 0x33, (byte) 0x2C, + (byte) 0x7F, (byte) 0x8C, (byte) 0x09, (byte) 0x23, + (byte) 0xBB, (byte) 0x58, (byte) 0x21, (byte) 0x3B, + (byte) 0x33, (byte) 0x3B, (byte) 0x20, (byte) 0xE9, + (byte) 0xCE, (byte) 0x42, (byte) 0x81, (byte) 0xFE, + (byte) 0x11, (byte) 0x5F, (byte) 0x7D, (byte) 0x8F, + (byte) 0x90, (byte) 0xAD + }; + + // G in compressed form / first part of ucompressed + public static final byte[] EC233_F2M_G_X = new byte[]{ + (byte) 0x00, (byte) 0xFA, (byte) 0xC9, (byte) 0xDF, + (byte) 0xCB, (byte) 0xAC, (byte) 0x83, (byte) 0x13, + (byte) 0xBB, (byte) 0x21, (byte) 0x39, (byte) 0xF1, + (byte) 0xBB, (byte) 0x75, (byte) 0x5F, (byte) 0xEF, + (byte) 0x65, (byte) 0xBC, (byte) 0x39, (byte) 0x1F, + (byte) 0x8B, (byte) 0x36, (byte) 0xF8, (byte) 0xF8, + (byte) 0xEB, (byte) 0x73, (byte) 0x71, (byte) 0xFD, + (byte) 0x55, (byte) 0x8B + }; + + // second part of G uncompressed + public static final byte[] EC233_F2M_G_Y = new byte[]{ + (byte) 0x01, (byte) 0x00, (byte) 0x6A, (byte) 0x08, + (byte) 0xA4, (byte) 0x19, (byte) 0x03, (byte) 0x35, + (byte) 0x06, (byte) 0x78, (byte) 0xE5, (byte) 0x85, + (byte) 0x28, (byte) 0xBE, (byte) 0xBF, (byte) 0x8A, + (byte) 0x0B, (byte) 0xEF, (byte) 0xF8, (byte) 0x67, + (byte) 0xA7, (byte) 0xCA, (byte) 0x36, (byte) 0x71, + (byte) 0x6F, (byte) 0x7E, (byte) 0x01, (byte) 0xF8, + (byte) 0x10, (byte) 0x52 + }; + + // order of G + public static final byte[] EC233_F2M_R = new byte[]{ + (byte) 0x01, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x13, + (byte) 0xE9, (byte) 0x74, (byte) 0xE7, (byte) 0x2F, + (byte) 0x8A, (byte) 0x69, (byte) 0x22, (byte) 0x03, + (byte) 0x1D, (byte) 0x26, (byte) 0x03, (byte) 0xCF, + (byte) 0xE0, (byte) 0xD7 + }; + + // cofactor of G + public static final short EC233_F2M_K = 2; + + //sect283r1 from http://www.secg.org/sec2-v2.pdf + // [short i1, short i2, short i3] f = x^283 + x^i1 + x^i2 + x^i3 + 1 + public static final byte[] EC283_F2M_F = new byte[]{ + (byte) 0x00, (byte) 0x0c, + (byte) 0x00, (byte) 0x07, + (byte) 0x00, (byte) 0x05 + }; + + public static final byte[] EC283_F2M_A = new byte[]{ + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x01 + }; + + public static final byte[] EC283_F2M_B = new byte[]{ + (byte) 0x02, (byte) 0x7B, (byte) 0x68, (byte) 0x0A, + (byte) 0xC8, (byte) 0xB8, (byte) 0x59, (byte) 0x6D, + (byte) 0xA5, (byte) 0xA4, (byte) 0xAF, (byte) 0x8A, + (byte) 0x19, (byte) 0xA0, (byte) 0x30, (byte) 0x3F, + (byte) 0xCA, (byte) 0x97, (byte) 0xFD, (byte) 0x76, + (byte) 0x45, (byte) 0x30, (byte) 0x9F, (byte) 0xA2, + (byte) 0xA5, (byte) 0x81, (byte) 0x48, (byte) 0x5A, + (byte) 0xF6, (byte) 0x26, (byte) 0x3E, (byte) 0x31, + (byte) 0x3B, (byte) 0x79, (byte) 0xA2, (byte) 0xF5 + }; + + // G in compressed form / first part of ucompressed + public static final byte[] EC283_F2M_G_X = new byte[]{ + (byte) 0x05, (byte) 0xF9, (byte) 0x39, (byte) 0x25, + (byte) 0x8D, (byte) 0xB7, (byte) 0xDD, (byte) 0x90, + (byte) 0xE1, (byte) 0x93, (byte) 0x4F, (byte) 0x8C, + (byte) 0x70, (byte) 0xB0, (byte) 0xDF, (byte) 0xEC, + (byte) 0x2E, (byte) 0xED, (byte) 0x25, (byte) 0xB8, + (byte) 0x55, (byte) 0x7E, (byte) 0xAC, (byte) 0x9C, + (byte) 0x80, (byte) 0xE2, (byte) 0xE1, (byte) 0x98, + (byte) 0xF8, (byte) 0xCD, (byte) 0xBE, (byte) 0xCD, + (byte) 0x86, (byte) 0xB1, (byte) 0x20, (byte) 0x53 + }; + + // second part of G uncompressed + public static final byte[] EC283_F2M_G_Y = new byte[]{ + (byte) 0x03, (byte) 0x67, (byte) 0x68, (byte) 0x54, + (byte) 0xFE, (byte) 0x24, (byte) 0x14, (byte) 0x1C, + (byte) 0xB9, (byte) 0x8F, (byte) 0xE6, (byte) 0xD4, + (byte) 0xB2, (byte) 0x0D, (byte) 0x02, (byte) 0xB4, + (byte) 0x51, (byte) 0x6F, (byte) 0xF7, (byte) 0x02, + (byte) 0x35, (byte) 0x0E, (byte) 0xDD, (byte) 0xB0, + (byte) 0x82, (byte) 0x67, (byte) 0x79, (byte) 0xC8, + (byte) 0x13, (byte) 0xF0, (byte) 0xDF, (byte) 0x45, + (byte) 0xBE, (byte) 0x81, (byte) 0x12, (byte) 0xF4 + }; + + // order of G + public static final byte[] EC283_F2M_R = new byte[]{ + (byte) 0x03, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xEF, (byte) 0x90, + (byte) 0x39, (byte) 0x96, (byte) 0x60, (byte) 0xFC, + (byte) 0x93, (byte) 0x8A, (byte) 0x90, (byte) 0x16, + (byte) 0x5B, (byte) 0x04, (byte) 0x2A, (byte) 0x7C, + (byte) 0xEF, (byte) 0xAD, (byte) 0xB3, (byte) 0x07 + }; + + // cofactor of G + public static final short EC283_F2M_K = 2; + + //sect409r1 from http://www.secg.org/sec2-v2.pdf + // [short i1, short i2, short i3] f = x^409 + x^i1 + 1 + public static final byte[] EC409_F2M_F = new byte[]{ + (byte) 0x00, (byte) 0x57 + }; + + public static final byte[] EC409_F2M_A = new byte[]{ + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x01 + }; + + public static final byte[] EC409_F2M_B = new byte[]{ + (byte) 0x00, (byte) 0x21, (byte) 0xA5, (byte) 0xC2, + (byte) 0xC8, (byte) 0xEE, (byte) 0x9F, (byte) 0xEB, + (byte) 0x5C, (byte) 0x4B, (byte) 0x9A, (byte) 0x75, + (byte) 0x3B, (byte) 0x7B, (byte) 0x47, (byte) 0x6B, + (byte) 0x7F, (byte) 0xD6, (byte) 0x42, (byte) 0x2E, + (byte) 0xF1, (byte) 0xF3, (byte) 0xDD, (byte) 0x67, + (byte) 0x47, (byte) 0x61, (byte) 0xFA, (byte) 0x99, + (byte) 0xD6, (byte) 0xAC, (byte) 0x27, (byte) 0xC8, + (byte) 0xA9, (byte) 0xA1, (byte) 0x97, (byte) 0xB2, + (byte) 0x72, (byte) 0x82, (byte) 0x2F, (byte) 0x6C, + (byte) 0xD5, (byte) 0x7A, (byte) 0x55, (byte) 0xAA, + (byte) 0x4F, (byte) 0x50, (byte) 0xAE, (byte) 0x31, + (byte) 0x7B, (byte) 0x13, (byte) 0x54, (byte) 0x5F + }; + + // G in compressed form / first part of ucompressed + public static final byte[] EC409_F2M_G_X = new byte[]{ + (byte) 0x01, (byte) 0x5D, (byte) 0x48, (byte) 0x60, + (byte) 0xD0, (byte) 0x88, (byte) 0xDD, (byte) 0xB3, + (byte) 0x49, (byte) 0x6B, (byte) 0x0C, (byte) 0x60, + (byte) 0x64, (byte) 0x75, (byte) 0x62, (byte) 0x60, + (byte) 0x44, (byte) 0x1C, (byte) 0xDE, (byte) 0x4A, + (byte) 0xF1, (byte) 0x77, (byte) 0x1D, (byte) 0x4D, + (byte) 0xB0, (byte) 0x1F, (byte) 0xFE, (byte) 0x5B, + (byte) 0x34, (byte) 0xE5, (byte) 0x97, (byte) 0x03, + (byte) 0xDC, (byte) 0x25, (byte) 0x5A, (byte) 0x86, + (byte) 0x8A, (byte) 0x11, (byte) 0x80, (byte) 0x51, + (byte) 0x56, (byte) 0x03, (byte) 0xAE, (byte) 0xAB, + (byte) 0x60, (byte) 0x79, (byte) 0x4E, (byte) 0x54, + (byte) 0xBB, (byte) 0x79, (byte) 0x96, (byte) 0xA7 + }; + + // second part of G uncompressed + public static final byte[] EC409_F2M_G_Y = new byte[]{ + (byte) 0x00, (byte) 0x61, (byte) 0xB1, (byte) 0xCF, + (byte) 0xAB, (byte) 0x6B, (byte) 0xE5, (byte) 0xF3, + (byte) 0x2B, (byte) 0xBF, (byte) 0xA7, (byte) 0x83, + (byte) 0x24, (byte) 0xED, (byte) 0x10, (byte) 0x6A, + (byte) 0x76, (byte) 0x36, (byte) 0xB9, (byte) 0xC5, + (byte) 0xA7, (byte) 0xBD, (byte) 0x19, (byte) 0x8D, + (byte) 0x01, (byte) 0x58, (byte) 0xAA, (byte) 0x4F, + (byte) 0x54, (byte) 0x88, (byte) 0xD0, (byte) 0x8F, + (byte) 0x38, (byte) 0x51, (byte) 0x4F, (byte) 0x1F, + (byte) 0xDF, (byte) 0x4B, (byte) 0x4F, (byte) 0x40, + (byte) 0xD2, (byte) 0x18, (byte) 0x1B, (byte) 0x36, + (byte) 0x81, (byte) 0xC3, (byte) 0x64, (byte) 0xBA, + (byte) 0x02, (byte) 0x73, (byte) 0xC7, (byte) 0x06 + }; + + // order of G + public static final byte[] EC409_F2M_R = new byte[]{ + (byte) 0x01, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x01, (byte) 0xE2, + (byte) 0xAA, (byte) 0xD6, (byte) 0xA6, (byte) 0x12, + (byte) 0xF3, (byte) 0x33, (byte) 0x07, (byte) 0xBE, + (byte) 0x5F, (byte) 0xA4, (byte) 0x7C, (byte) 0x3C, + (byte) 0x9E, (byte) 0x05, (byte) 0x2F, (byte) 0x83, + (byte) 0x81, (byte) 0x64, (byte) 0xCD, (byte) 0x37, + (byte) 0xD9, (byte) 0xA2, (byte) 0x11, (byte) 0x73 + }; + + // cofactor of G + public static final short EC409_F2M_K = 2; + + //sect571r1 from http://www.secg.org/sec2-v2.pdf + // [short i1, short i2, short i3] f = x^571 + x^i1 + x^i2 + x^i3 + 1 + public static final byte[] EC571_F2M_F = new byte[]{ + (byte) 0x00, (byte) 0x0a, + (byte) 0x00, (byte) 0x05, + (byte) 0x00, (byte) 0x02, + }; + + public static final byte[] EC571_F2M_A = new byte[]{ + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x01 + }; + + public static final byte[] EC571_F2M_B = new byte[]{ + (byte) 0x02, (byte) 0xF4, (byte) 0x0E, (byte) 0x7E, + (byte) 0x22, (byte) 0x21, (byte) 0xF2, (byte) 0x95, + (byte) 0xDE, (byte) 0x29, (byte) 0x71, (byte) 0x17, + (byte) 0xB7, (byte) 0xF3, (byte) 0xD6, (byte) 0x2F, + (byte) 0x5C, (byte) 0x6A, (byte) 0x97, (byte) 0xFF, + (byte) 0xCB, (byte) 0x8C, (byte) 0xEF, (byte) 0xF1, + (byte) 0xCD, (byte) 0x6B, (byte) 0xA8, (byte) 0xCE, + (byte) 0x4A, (byte) 0x9A, (byte) 0x18, (byte) 0xAD, + (byte) 0x84, (byte) 0xFF, (byte) 0xAB, (byte) 0xBD, + (byte) 0x8E, (byte) 0xFA, (byte) 0x59, (byte) 0x33, + (byte) 0x2B, (byte) 0xE7, (byte) 0xAD, (byte) 0x67, + (byte) 0x56, (byte) 0xA6, (byte) 0x6E, (byte) 0x29, + (byte) 0x4A, (byte) 0xFD, (byte) 0x18, (byte) 0x5A, + (byte) 0x78, (byte) 0xFF, (byte) 0x12, (byte) 0xAA, + (byte) 0x52, (byte) 0x0E, (byte) 0x4D, (byte) 0xE7, + (byte) 0x39, (byte) 0xBA, (byte) 0xCA, (byte) 0x0C, + (byte) 0x7F, (byte) 0xFE, (byte) 0xFF, (byte) 0x7F, + (byte) 0x29, (byte) 0x55, (byte) 0x72, (byte) 0x7A + }; + + // G in compressed form / first part of ucompressed + public static final byte[] EC571_F2M_G_X = new byte[]{ + (byte) 0x03, (byte) 0x03, (byte) 0x00, (byte) 0x1D, + (byte) 0x34, (byte) 0xB8, (byte) 0x56, (byte) 0x29, + (byte) 0x6C, (byte) 0x16, (byte) 0xC0, (byte) 0xD4, + (byte) 0x0D, (byte) 0x3C, (byte) 0xD7, (byte) 0x75, + (byte) 0x0A, (byte) 0x93, (byte) 0xD1, (byte) 0xD2, + (byte) 0x95, (byte) 0x5F, (byte) 0xA8, (byte) 0x0A, + (byte) 0xA5, (byte) 0xF4, (byte) 0x0F, (byte) 0xC8, + (byte) 0xDB, (byte) 0x7B, (byte) 0x2A, (byte) 0xBD, + (byte) 0xBD, (byte) 0xE5, (byte) 0x39, (byte) 0x50, + (byte) 0xF4, (byte) 0xC0, (byte) 0xD2, (byte) 0x93, + (byte) 0xCD, (byte) 0xD7, (byte) 0x11, (byte) 0xA3, + (byte) 0x5B, (byte) 0x67, (byte) 0xFB, (byte) 0x14, + (byte) 0x99, (byte) 0xAE, (byte) 0x60, (byte) 0x03, + (byte) 0x86, (byte) 0x14, (byte) 0xF1, (byte) 0x39, + (byte) 0x4A, (byte) 0xBF, (byte) 0xA3, (byte) 0xB4, + (byte) 0xC8, (byte) 0x50, (byte) 0xD9, (byte) 0x27, + (byte) 0xE1, (byte) 0xE7, (byte) 0x76, (byte) 0x9C, + (byte) 0x8E, (byte) 0xEC, (byte) 0x2D, (byte) 0x19 + }; + + // second part of G uncompressed + public static final byte[] EC571_F2M_G_Y = new byte[]{ + (byte) 0x03, (byte) 0x7B, (byte) 0xF2, (byte) 0x73, + (byte) 0x42, (byte) 0xDA, (byte) 0x63, (byte) 0x9B, + (byte) 0x6D, (byte) 0xCC, (byte) 0xFF, (byte) 0xFE, + (byte) 0xB7, (byte) 0x3D, (byte) 0x69, (byte) 0xD7, + (byte) 0x8C, (byte) 0x6C, (byte) 0x27, (byte) 0xA6, + (byte) 0x00, (byte) 0x9C, (byte) 0xBB, (byte) 0xCA, + (byte) 0x19, (byte) 0x80, (byte) 0xF8, (byte) 0x53, + (byte) 0x39, (byte) 0x21, (byte) 0xE8, (byte) 0xA6, + (byte) 0x84, (byte) 0x42, (byte) 0x3E, (byte) 0x43, + (byte) 0xBA, (byte) 0xB0, (byte) 0x8A, (byte) 0x57, + (byte) 0x62, (byte) 0x91, (byte) 0xAF, (byte) 0x8F, + (byte) 0x46, (byte) 0x1B, (byte) 0xB2, (byte) 0xA8, + (byte) 0xB3, (byte) 0x53, (byte) 0x1D, (byte) 0x2F, + (byte) 0x04, (byte) 0x85, (byte) 0xC1, (byte) 0x9B, + (byte) 0x16, (byte) 0xE2, (byte) 0xF1, (byte) 0x51, + (byte) 0x6E, (byte) 0x23, (byte) 0xDD, (byte) 0x3C, + (byte) 0x1A, (byte) 0x48, (byte) 0x27, (byte) 0xAF, + (byte) 0x1B, (byte) 0x8A, (byte) 0xC1, (byte) 0x5B + }; + + // order of G + public static final byte[] EC571_F2M_R = new byte[]{ + (byte) 0x03, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xE6, (byte) 0x61, (byte) 0xCE, (byte) 0x18, + (byte) 0xFF, (byte) 0x55, (byte) 0x98, (byte) 0x73, + (byte) 0x08, (byte) 0x05, (byte) 0x9B, (byte) 0x18, + (byte) 0x68, (byte) 0x23, (byte) 0x85, (byte) 0x1E, + (byte) 0xC7, (byte) 0xDD, (byte) 0x9C, (byte) 0xA1, + (byte) 0x16, (byte) 0x1D, (byte) 0xE9, (byte) 0x3D, + (byte) 0x51, (byte) 0x74, (byte) 0xD6, (byte) 0x6E, + (byte) 0x83, (byte) 0x82, (byte) 0xE9, (byte) 0xBB, + (byte) 0x2F, (byte) 0xE8, (byte) 0x4E, (byte) 0x47 + }; + + // cofactor of G + public static final short EC571_F2M_K = 2; + + //Anomalous curve(small-pub-128), with pubkey of order 5 + public static final byte[] ECSP128_FP_P = { + (byte) 0xcf, (byte) 0xba, (byte) 0x21, (byte) 0xfd, + (byte) 0x04, (byte) 0x83, (byte) 0xb1, (byte) 0xf3, + (byte) 0x00, (byte) 0xfa, (byte) 0x25, (byte) 0x06, + (byte) 0xa5, (byte) 0xa5, (byte) 0x66, (byte) 0xef + }; + + public static final byte[] ECSP128_FP_A = { + (byte) 0x36, (byte) 0xd9, (byte) 0xa5, (byte) 0xac, + (byte) 0xac, (byte) 0x27, (byte) 0xa0, (byte) 0x08, + (byte) 0xe3, (byte) 0x6c, (byte) 0xbe, (byte) 0x3e, + (byte) 0x9f, (byte) 0x10, (byte) 0x3f, (byte) 0xde + }; + + public static final byte[] ECSP128_FP_B = { + (byte) 0xa6, (byte) 0x7c, (byte) 0xf5, (byte) 0xfa, + (byte) 0x09, (byte) 0xfb, (byte) 0x1d, (byte) 0xb9, + (byte) 0x02, (byte) 0x06, (byte) 0x8c, (byte) 0x87, + (byte) 0x04, (byte) 0x6a, (byte) 0xe2, (byte) 0x1e + }; + + public static final byte[] ECSP128_FP_G_X = { + (byte) 0x47, (byte) 0xd7, (byte) 0x83, (byte) 0x91, + (byte) 0xa4, (byte) 0xb9, (byte) 0xff, (byte) 0xf6, + (byte) 0xa0, (byte) 0xdb, (byte) 0x12, (byte) 0x92, + (byte) 0xf9, (byte) 0xcd, (byte) 0x0e, (byte) 0x6a + }; + + public static final byte[] ECSP128_FP_G_Y = { + (byte) 0x9a, (byte) 0xed, (byte) 0x9c, (byte) 0x92, + (byte) 0xf8, (byte) 0xbb, (byte) 0x3d, (byte) 0xbd, + (byte) 0x42, (byte) 0x40, (byte) 0x21, (byte) 0x65, + (byte) 0xa2, (byte) 0x70, (byte) 0xbd, (byte) 0x6f + }; + + public static final byte[] ECSP128_FP_R = { + (byte) 0xcf, (byte) 0xba, (byte) 0x21, (byte) 0xfd, + (byte) 0x04, (byte) 0x83, (byte) 0xb1, (byte) 0xf3, + (byte) 0x33, (byte) 0xd6, (byte) 0x1a, (byte) 0x5a, + (byte) 0xf6, (byte) 0xad, (byte) 0xa2, (byte) 0xc7 + }; + + public static final short ECSP128_FP_K = 1; + + public static final byte[] ECSP128_FP_W_X = { + (byte) 0x63, (byte) 0x90, (byte) 0x1e, (byte) 0x12, + (byte) 0x27, (byte) 0x61, (byte) 0xd9, (byte) 0xc1, + (byte) 0x65, (byte) 0x65, (byte) 0xb2, (byte) 0xf3, + (byte) 0x8e, (byte) 0x99, (byte) 0x1f, (byte) 0x71 + }; + + public static final byte[] ECSP128_FP_W_Y = { + (byte) 0xb9, (byte) 0xd9, (byte) 0x9f, (byte) 0xbc, + (byte) 0x31, (byte) 0x54, (byte) 0xa9, (byte) 0x6c, + (byte) 0xa2, (byte) 0x3e, (byte) 0xcf, (byte) 0xf7, + (byte) 0x70, (byte) 0xcb, (byte) 0xbe, (byte) 0x4f + }; + + + //Anomalous curve(small-pub-160), with pubkey of order 3 + public static final byte[] ECSP160_FP_P = { + (byte) 0xdc, (byte) 0x13, (byte) 0x49, (byte) 0x0f, + (byte) 0xf9, (byte) 0x85, (byte) 0x7b, (byte) 0x11, + (byte) 0x1f, (byte) 0x44, (byte) 0xc0, (byte) 0x50, + (byte) 0x07, (byte) 0x70, (byte) 0xa6, (byte) 0x45, + (byte) 0x7e, (byte) 0x68, (byte) 0x32, (byte) 0x23 + }; + + public static final byte[] ECSP160_FP_A = { + (byte) 0xa3, (byte) 0xec, (byte) 0xd7, (byte) 0xd5, + (byte) 0x1e, (byte) 0x79, (byte) 0xd7, (byte) 0x2d, + (byte) 0x27, (byte) 0x00, (byte) 0x18, (byte) 0x4c, + (byte) 0x79, (byte) 0x5a, (byte) 0xa8, (byte) 0xa6, + (byte) 0xb8, (byte) 0xe6, (byte) 0x65, (byte) 0x73 + }; + + public static final byte[] ECSP160_FP_B = { + (byte) 0x8a, (byte) 0xc4, (byte) 0x35, (byte) 0x92, + (byte) 0x90, (byte) 0x5f, (byte) 0x99, (byte) 0x5c, + (byte) 0xb1, (byte) 0x3f, (byte) 0x36, (byte) 0x94, + (byte) 0x31, (byte) 0x7b, (byte) 0xf4, (byte) 0x70, + (byte) 0xad, (byte) 0xaf, (byte) 0xb6, (byte) 0x45 + }; + + public static final byte[] ECSP160_FP_G_X = { + (byte) 0x5f, (byte) 0x8e, (byte) 0x88, (byte) 0xaf, + (byte) 0xc1, (byte) 0x17, (byte) 0xc7, (byte) 0x22, + (byte) 0x85, (byte) 0x9f, (byte) 0xe8, (byte) 0xe5, + (byte) 0x56, (byte) 0x47, (byte) 0xbc, (byte) 0xa6, + (byte) 0x9b, (byte) 0xa8, (byte) 0x21, (byte) 0x50 + }; + + public static final byte[] ECSP160_FP_G_Y = { + (byte) 0x93, (byte) 0xe6, (byte) 0xdc, (byte) 0xae, + (byte) 0xe2, (byte) 0x71, (byte) 0xe9, (byte) 0xf2, + (byte) 0x83, (byte) 0x8c, (byte) 0x98, (byte) 0xb7, + (byte) 0xd0, (byte) 0x6e, (byte) 0xcc, (byte) 0xc5, + (byte) 0xd7, (byte) 0xc8, (byte) 0x00, (byte) 0xe5 + }; + + public static final byte[] ECSP160_FP_R = { + (byte) 0xdc, (byte) 0x13, (byte) 0x49, (byte) 0x0f, + (byte) 0xf9, (byte) 0x85, (byte) 0x7b, (byte) 0x11, + (byte) 0x1f, (byte) 0x44, (byte) 0x6e, (byte) 0xf4, + (byte) 0xa6, (byte) 0xd1, (byte) 0xe1, (byte) 0x71, + (byte) 0x5f, (byte) 0x6a, (byte) 0x6d, (byte) 0xff + }; + + public static final short ECSP160_FP_K = 1; + + public static final byte[] ECSP160_FP_W_X = { + (byte) 0x59, (byte) 0xc9, (byte) 0xc3, (byte) 0xc8, + (byte) 0xae, (byte) 0xf2, (byte) 0x9f, (byte) 0x1c, + (byte) 0x1c, (byte) 0x50, (byte) 0x0c, (byte) 0xaf, + (byte) 0xb4, (byte) 0x72, (byte) 0x6d, (byte) 0xa6, + (byte) 0x08, (byte) 0x6e, (byte) 0x6e, (byte) 0xb0 + }; + + public static final byte[] ECSP160_FP_W_Y = { + (byte) 0xd6, (byte) 0x95, (byte) 0xa7, (byte) 0x60, + (byte) 0x05, (byte) 0xed, (byte) 0xdb, (byte) 0x26, + (byte) 0xaf, (byte) 0xd4, (byte) 0x0e, (byte) 0xe2, + (byte) 0x09, (byte) 0x04, (byte) 0x77, (byte) 0x8b, + (byte) 0xb3, (byte) 0x49, (byte) 0x7b, (byte) 0xb1 + }; + + + //Anomalous curve(small-pub-192), with pubkey of order 4 + public static final byte[] ECSP192_FP_P = { + (byte) 0xce, (byte) 0x71, (byte) 0x4c, (byte) 0xc3, + (byte) 0xa1, (byte) 0x5c, (byte) 0xe7, (byte) 0xe5, + (byte) 0xda, (byte) 0xb0, (byte) 0x68, (byte) 0xc9, + (byte) 0xa1, (byte) 0xf8, (byte) 0xbe, (byte) 0x00, + (byte) 0xaa, (byte) 0xd4, (byte) 0x80, (byte) 0xab, + (byte) 0xcc, (byte) 0xae, (byte) 0xef, (byte) 0xc3 + }; + + public static final byte[] ECSP192_FP_A = { + (byte) 0x59, (byte) 0x7c, (byte) 0x78, (byte) 0x1f, + (byte) 0x64, (byte) 0xc3, (byte) 0x3e, (byte) 0xb8, + (byte) 0xef, (byte) 0x91, (byte) 0x9c, (byte) 0x41, + (byte) 0x59, (byte) 0x11, (byte) 0x51, (byte) 0x8e, + (byte) 0xa3, (byte) 0x23, (byte) 0xbe, (byte) 0x88, + (byte) 0xb9, (byte) 0x43, (byte) 0x7c, (byte) 0xaf + }; + + public static final byte[] ECSP192_FP_B = { + (byte) 0xf8, (byte) 0x15, (byte) 0x85, (byte) 0xa1, + (byte) 0xb1, (byte) 0x8f, (byte) 0x23, (byte) 0x3d, + (byte) 0x70, (byte) 0xad, (byte) 0xd7, (byte) 0xee, + (byte) 0x13, (byte) 0x42, (byte) 0xd2, (byte) 0x03, + (byte) 0x5c, (byte) 0x38, (byte) 0x6a, (byte) 0x92, + (byte) 0xe3, (byte) 0xab, (byte) 0x83, (byte) 0x20 + }; + + public static final byte[] ECSP192_FP_G_X = { + (byte) 0x15, (byte) 0x0f, (byte) 0xf0, (byte) 0xa4, + (byte) 0x0d, (byte) 0xea, (byte) 0xc6, (byte) 0x46, + (byte) 0x2b, (byte) 0x59, (byte) 0x87, (byte) 0x41, + (byte) 0x86, (byte) 0x17, (byte) 0xfd, (byte) 0xee, + (byte) 0xb6, (byte) 0xbf, (byte) 0xd7, (byte) 0x6d, + (byte) 0x4d, (byte) 0x60, (byte) 0xa0, (byte) 0x67 + }; + + public static final byte[] ECSP192_FP_G_Y = { + (byte) 0x84, (byte) 0x3d, (byte) 0x57, (byte) 0x73, + (byte) 0x71, (byte) 0xc5, (byte) 0xdc, (byte) 0xe1, + (byte) 0x22, (byte) 0xc2, (byte) 0xff, (byte) 0x20, + (byte) 0x6b, (byte) 0x2f, (byte) 0x42, (byte) 0xfa, + (byte) 0x0b, (byte) 0x84, (byte) 0x2b, (byte) 0x49, + (byte) 0xbd, (byte) 0xaf, (byte) 0x99, (byte) 0x0f + }; + + public static final byte[] ECSP192_FP_R = { + (byte) 0xce, (byte) 0x71, (byte) 0x4c, (byte) 0xc3, + (byte) 0xa1, (byte) 0x5c, (byte) 0xe7, (byte) 0xe5, + (byte) 0xda, (byte) 0xb0, (byte) 0x68, (byte) 0xc9, + (byte) 0xa3, (byte) 0x0b, (byte) 0xc9, (byte) 0x29, + (byte) 0x15, (byte) 0xbd, (byte) 0x86, (byte) 0x62, + (byte) 0xae, (byte) 0x88, (byte) 0x28, (byte) 0x87 + }; + + public static final short ECSP192_FP_K = 1; + + public static final byte[] ECSP192_FP_W_X = { + (byte) 0x17, (byte) 0x04, (byte) 0x7f, (byte) 0x91, + (byte) 0xdb, (byte) 0xe3, (byte) 0x30, (byte) 0x32, + (byte) 0xc9, (byte) 0xd0, (byte) 0x9b, (byte) 0xd2, + (byte) 0x9c, (byte) 0xea, (byte) 0xdd, (byte) 0x8a, + (byte) 0x09, (byte) 0xcc, (byte) 0xc3, (byte) 0x2a, + (byte) 0xc6, (byte) 0x30, (byte) 0x95, (byte) 0x41 + }; + + public static final byte[] ECSP192_FP_W_Y = { + (byte) 0x6a, (byte) 0x72, (byte) 0x6d, (byte) 0xe5, + (byte) 0x4f, (byte) 0xbd, (byte) 0x59, (byte) 0xcf, + (byte) 0xc3, (byte) 0x52, (byte) 0xe8, (byte) 0x38, + (byte) 0xb3, (byte) 0x37, (byte) 0xfa, (byte) 0x00, + (byte) 0x5a, (byte) 0x97, (byte) 0x18, (byte) 0x08, + (byte) 0x16, (byte) 0x13, (byte) 0x5e, (byte) 0x6a + }; + + + public static final byte[] ECSP224_FP_P = { + (byte) 0xee, (byte) 0xd4, (byte) 0xc3, (byte) 0xd9, + (byte) 0x8f, (byte) 0x1c, (byte) 0x9b, (byte) 0x95, + (byte) 0x18, (byte) 0xf1, (byte) 0x16, (byte) 0x26, + (byte) 0x3d, (byte) 0xb7, (byte) 0x70, (byte) 0x36, + (byte) 0x68, (byte) 0x77, (byte) 0xd1, (byte) 0x2d, + (byte) 0xf6, (byte) 0xa9, (byte) 0xcf, (byte) 0x08, + (byte) 0xb9, (byte) 0x6d, (byte) 0xd4, (byte) 0xbb + }; + + //Anomalous curve(small-pub-224), with pubkey of order 5 + public static final byte[] ECSP224_FP_A = { + (byte) 0x8d, (byte) 0x4d, (byte) 0xdd, (byte) 0xb0, + (byte) 0x31, (byte) 0x7d, (byte) 0x6a, (byte) 0x6b, + (byte) 0xf9, (byte) 0xa4, (byte) 0xdb, (byte) 0xbe, + (byte) 0xd3, (byte) 0xa4, (byte) 0x3f, (byte) 0xa2, + (byte) 0x1f, (byte) 0x79, (byte) 0x86, (byte) 0x9c, + (byte) 0x5a, (byte) 0xb9, (byte) 0x72, (byte) 0x9d, + (byte) 0x23, (byte) 0x9e, (byte) 0x92, (byte) 0x82 + }; + + public static final byte[] ECSP224_FP_B = { + (byte) 0x46, (byte) 0x87, (byte) 0x36, (byte) 0x14, + (byte) 0xbe, (byte) 0x3d, (byte) 0xff, (byte) 0xc9, + (byte) 0x21, (byte) 0x80, (byte) 0x82, (byte) 0x32, + (byte) 0x22, (byte) 0x10, (byte) 0xc0, (byte) 0x61, + (byte) 0x61, (byte) 0x40, (byte) 0x28, (byte) 0x6f, + (byte) 0x2d, (byte) 0x16, (byte) 0x05, (byte) 0x03, + (byte) 0xc1, (byte) 0xa9, (byte) 0x25, (byte) 0x0d + }; + + public static final byte[] ECSP224_FP_G_X = { + (byte) 0x96, (byte) 0x1b, (byte) 0xbb, (byte) 0x1f, + (byte) 0xc9, (byte) 0x95, (byte) 0x5a, (byte) 0x71, + (byte) 0xc9, (byte) 0x1a, (byte) 0x50, (byte) 0xae, + (byte) 0xdc, (byte) 0xd2, (byte) 0xf1, (byte) 0x4f, + (byte) 0xcc, (byte) 0xb6, (byte) 0x60, (byte) 0xaf, + (byte) 0x99, (byte) 0x2b, (byte) 0x00, (byte) 0x30, + (byte) 0xb9, (byte) 0xc9, (byte) 0x0b, (byte) 0x36 + }; + + public static final byte[] ECSP224_FP_G_Y = { + (byte) 0x1c, (byte) 0x00, (byte) 0xf6, (byte) 0xd0, + (byte) 0xbd, (byte) 0x40, (byte) 0x5d, (byte) 0xd7, + (byte) 0xd3, (byte) 0x01, (byte) 0x6f, (byte) 0xb8, + (byte) 0xc0, (byte) 0xc7, (byte) 0x5e, (byte) 0x4e, + (byte) 0xce, (byte) 0xc7, (byte) 0x0f, (byte) 0xe6, + (byte) 0x12, (byte) 0x37, (byte) 0xf6, (byte) 0xd2, + (byte) 0x40, (byte) 0x08, (byte) 0xa5, (byte) 0xfd + }; + + public static final byte[] ECSP224_FP_R = { + (byte) 0xee, (byte) 0xd4, (byte) 0xc3, (byte) 0xd9, + (byte) 0x8f, (byte) 0x1c, (byte) 0x9b, (byte) 0x95, + (byte) 0x18, (byte) 0xf1, (byte) 0x16, (byte) 0x26, + (byte) 0x3d, (byte) 0xb8, (byte) 0x21, (byte) 0xc3, + (byte) 0x6a, (byte) 0x06, (byte) 0xad, (byte) 0xae, + (byte) 0x17, (byte) 0x16, (byte) 0x2a, (byte) 0xd3, + (byte) 0x16, (byte) 0x2f, (byte) 0x68, (byte) 0xc3 + }; + + public static final short ECSP224_FP_K = 1; + + public static final byte[] ECSP224_FP_W_X = { + (byte) 0xcf, (byte) 0xd9, (byte) 0x2a, (byte) 0xea, + (byte) 0x0f, (byte) 0x79, (byte) 0x19, (byte) 0x0c, + (byte) 0x48, (byte) 0xca, (byte) 0x70, (byte) 0x3e, + (byte) 0xb8, (byte) 0xa9, (byte) 0xba, (byte) 0xa7, + (byte) 0x09, (byte) 0x9a, (byte) 0x23, (byte) 0xbb, + (byte) 0x39, (byte) 0x57, (byte) 0x82, (byte) 0x61, + (byte) 0xfe, (byte) 0x4d, (byte) 0x0f, (byte) 0x04 + }; + + public static final byte[] ECSP224_FP_W_Y = { + (byte) 0x25, (byte) 0x7a, (byte) 0x3d, (byte) 0x98, + (byte) 0xde, (byte) 0x44, (byte) 0xbd, (byte) 0x25, + (byte) 0x40, (byte) 0x49, (byte) 0x77, (byte) 0xa4, + (byte) 0xac, (byte) 0x7f, (byte) 0xc5, (byte) 0x6d, + (byte) 0x3d, (byte) 0x4e, (byte) 0x82, (byte) 0x7f, + (byte) 0x08, (byte) 0x5b, (byte) 0x7c, (byte) 0xf5, + (byte) 0x24, (byte) 0x75, (byte) 0x24, (byte) 0xc4 + }; + + + //Anomalous curve(small-pub-256), with pubkey of order 3 + public static final byte[] ECSP256_FP_P = { + (byte) 0xc9, (byte) 0xa8, (byte) 0x03, (byte) 0xb1, + (byte) 0xea, (byte) 0xf8, (byte) 0x49, (byte) 0xf1, + (byte) 0xc0, (byte) 0x2c, (byte) 0xfd, (byte) 0x1d, + (byte) 0xbf, (byte) 0xac, (byte) 0x68, (byte) 0x62, + (byte) 0x39, (byte) 0x85, (byte) 0xc8, (byte) 0x8b, + (byte) 0x37, (byte) 0x10, (byte) 0x3b, (byte) 0x33, + (byte) 0x8a, (byte) 0xe1, (byte) 0x1d, (byte) 0x25, + (byte) 0x97, (byte) 0xee, (byte) 0x84, (byte) 0x45 + }; + + public static final byte[] ECSP256_FP_A = { + (byte) 0x48, (byte) 0x41, (byte) 0xc5, (byte) 0x77, + (byte) 0x5a, (byte) 0x24, (byte) 0xa8, (byte) 0x84, + (byte) 0xca, (byte) 0x36, (byte) 0xec, (byte) 0x36, + (byte) 0x2b, (byte) 0x44, (byte) 0x64, (byte) 0x5a, + (byte) 0x2f, (byte) 0x60, (byte) 0xb2, (byte) 0x5d, + (byte) 0x00, (byte) 0x2c, (byte) 0x4f, (byte) 0xc1, + (byte) 0xd9, (byte) 0xf1, (byte) 0x39, (byte) 0x87, + (byte) 0x0f, (byte) 0xe0, (byte) 0xcc, (byte) 0x71 + }; + + public static final byte[] ECSP256_FP_B = { + (byte) 0x1b, (byte) 0x09, (byte) 0x74, (byte) 0x56, + (byte) 0x75, (byte) 0x1f, (byte) 0x35, (byte) 0x34, + (byte) 0x19, (byte) 0x0d, (byte) 0xae, (byte) 0x56, + (byte) 0x8f, (byte) 0x80, (byte) 0xa2, (byte) 0xc6, + (byte) 0xff, (byte) 0x55, (byte) 0xdd, (byte) 0xdf, + (byte) 0xe0, (byte) 0x72, (byte) 0xa7, (byte) 0xdc, + (byte) 0x64, (byte) 0x67, (byte) 0xa4, (byte) 0xb6, + (byte) 0x47, (byte) 0x6b, (byte) 0x68, (byte) 0x80 + }; + + public static final byte[] ECSP256_FP_G_X = { + (byte) 0xa1, (byte) 0xfd, (byte) 0x34, (byte) 0xa2, + (byte) 0x7a, (byte) 0xfb, (byte) 0x13, (byte) 0x40, + (byte) 0xb8, (byte) 0xe4, (byte) 0xa7, (byte) 0xdb, + (byte) 0x2a, (byte) 0x5e, (byte) 0xc5, (byte) 0xa1, + (byte) 0x43, (byte) 0x2c, (byte) 0x6d, (byte) 0xc8, + (byte) 0x55, (byte) 0x5a, (byte) 0xf9, (byte) 0xf7, + (byte) 0x8f, (byte) 0xca, (byte) 0x2c, (byte) 0xf7, + (byte) 0x40, (byte) 0xca, (byte) 0xb2, (byte) 0xb7 + }; + + public static final byte[] ECSP256_FP_G_Y = { + (byte) 0x98, (byte) 0x41, (byte) 0x9c, (byte) 0x69, + (byte) 0x8c, (byte) 0xab, (byte) 0x6c, (byte) 0x7d, + (byte) 0xbb, (byte) 0x53, (byte) 0xeb, (byte) 0x27, + (byte) 0x51, (byte) 0x41, (byte) 0x7b, (byte) 0x52, + (byte) 0xcc, (byte) 0xde, (byte) 0xd4, (byte) 0x68, + (byte) 0x0c, (byte) 0x5e, (byte) 0x09, (byte) 0x54, + (byte) 0x3f, (byte) 0x93, (byte) 0xc7, (byte) 0x88, + (byte) 0x6c, (byte) 0x3a, (byte) 0x17, (byte) 0x3e + }; + + public static final byte[] ECSP256_FP_R = { + (byte) 0xc9, (byte) 0xa8, (byte) 0x03, (byte) 0xb1, + (byte) 0xea, (byte) 0xf8, (byte) 0x49, (byte) 0xf1, + (byte) 0xc0, (byte) 0x2c, (byte) 0xfd, (byte) 0x1d, + (byte) 0xbf, (byte) 0xac, (byte) 0x68, (byte) 0x63, + (byte) 0x12, (byte) 0x8c, (byte) 0x5b, (byte) 0x1f, + (byte) 0xc5, (byte) 0xac, (byte) 0xd5, (byte) 0xb5, + (byte) 0xe0, (byte) 0xfc, (byte) 0x0a, (byte) 0x73, + (byte) 0x11, (byte) 0xfb, (byte) 0x5b, (byte) 0x1d + }; + + public static final short ECSP256_FP_K = 1; + + public static final byte[] ECSP256_FP_W_X = { + (byte) 0x75, (byte) 0xfc, (byte) 0xe7, (byte) 0x09, + (byte) 0x68, (byte) 0x86, (byte) 0x2d, (byte) 0x53, + (byte) 0xe2, (byte) 0x95, (byte) 0x48, (byte) 0xaa, + (byte) 0xd7, (byte) 0x05, (byte) 0x82, (byte) 0x51, + (byte) 0x4e, (byte) 0x96, (byte) 0x0d, (byte) 0x81, + (byte) 0x28, (byte) 0xbd, (byte) 0x3c, (byte) 0x5f, + (byte) 0x8c, (byte) 0x4d, (byte) 0xbe, (byte) 0x2c, + (byte) 0xf8, (byte) 0xda, (byte) 0xd6, (byte) 0x53 + }; + + public static final byte[] ECSP256_FP_W_Y = { + (byte) 0x55, (byte) 0xaa, (byte) 0x4b, (byte) 0x7d, + (byte) 0x38, (byte) 0x82, (byte) 0xfb, (byte) 0x0a, + (byte) 0x83, (byte) 0xbd, (byte) 0x00, (byte) 0xc9, + (byte) 0xc3, (byte) 0xba, (byte) 0xe1, (byte) 0x7f, + (byte) 0x10, (byte) 0x24, (byte) 0xd6, (byte) 0x4a, + (byte) 0xec, (byte) 0x67, (byte) 0xe1, (byte) 0xdb, + (byte) 0x38, (byte) 0xef, (byte) 0x67, (byte) 0x1e, + (byte) 0x63, (byte) 0x50, (byte) 0xbe, (byte) 0xae + }; + + + //Anomalous curve(small-pub-384), with pubkey of order 3 + public static final byte[] ECSP384_FP_P = { + (byte) 0xd0, (byte) 0xdf, (byte) 0x6c, (byte) 0x96, + (byte) 0xcf, (byte) 0xf7, (byte) 0x08, (byte) 0x1b, + (byte) 0xe8, (byte) 0x0d, (byte) 0x22, (byte) 0xb0, + (byte) 0x05, (byte) 0x75, (byte) 0x8a, (byte) 0x2e, + (byte) 0x2f, (byte) 0x04, (byte) 0x6e, (byte) 0x15, + (byte) 0xfe, (byte) 0x02, (byte) 0x0e, (byte) 0xf8, + (byte) 0x86, (byte) 0xe2, (byte) 0x1b, (byte) 0x49, + (byte) 0x2a, (byte) 0xc5, (byte) 0x72, (byte) 0x57, + (byte) 0xa9, (byte) 0x23, (byte) 0x14, (byte) 0x4b, + (byte) 0xca, (byte) 0xd9, (byte) 0x89, (byte) 0xab, + (byte) 0x63, (byte) 0x41, (byte) 0xbd, (byte) 0x3b, + (byte) 0x70, (byte) 0x0f, (byte) 0x91, (byte) 0x4b + }; + + public static final byte[] ECSP384_FP_A = { + (byte) 0x45, (byte) 0xc6, (byte) 0x45, (byte) 0x03, + (byte) 0xbe, (byte) 0x01, (byte) 0x9a, (byte) 0xfd, + (byte) 0x34, (byte) 0x62, (byte) 0xb3, (byte) 0x61, + (byte) 0xad, (byte) 0x2b, (byte) 0x2a, (byte) 0x3b, + (byte) 0xca, (byte) 0x0a, (byte) 0xec, (byte) 0xcc, + (byte) 0x54, (byte) 0x94, (byte) 0xa6, (byte) 0x24, + (byte) 0xfb, (byte) 0x63, (byte) 0x24, (byte) 0x55, + (byte) 0xe6, (byte) 0x2b, (byte) 0x4f, (byte) 0x0c, + (byte) 0x98, (byte) 0xf9, (byte) 0x44, (byte) 0xfa, + (byte) 0x97, (byte) 0xc3, (byte) 0x78, (byte) 0x11, + (byte) 0xda, (byte) 0x03, (byte) 0x98, (byte) 0x23, + (byte) 0xcd, (byte) 0x77, (byte) 0xc9, (byte) 0x06 + }; + + public static final byte[] ECSP384_FP_B = { + (byte) 0xd8, (byte) 0x55, (byte) 0x83, (byte) 0xf7, + (byte) 0xf1, (byte) 0x1a, (byte) 0xd2, (byte) 0x3e, + (byte) 0xc7, (byte) 0x5e, (byte) 0xd5, (byte) 0xa4, + (byte) 0x14, (byte) 0x15, (byte) 0x3a, (byte) 0x06, + (byte) 0xd6, (byte) 0x64, (byte) 0x09, (byte) 0x36, + (byte) 0xb8, (byte) 0x10, (byte) 0x3f, (byte) 0x5d, + (byte) 0xf6, (byte) 0x91, (byte) 0xfa, (byte) 0x95, + (byte) 0xcf, (byte) 0x2a, (byte) 0xfa, (byte) 0x78, + (byte) 0xf3, (byte) 0xea, (byte) 0x5a, (byte) 0xdd, + (byte) 0xc2, (byte) 0x25, (byte) 0xb1, (byte) 0x44, + (byte) 0x96, (byte) 0x40, (byte) 0x48, (byte) 0xc9, + (byte) 0xf7, (byte) 0x59, (byte) 0x2a, (byte) 0xe4 + }; + + public static final byte[] ECSP384_FP_G_X = { + (byte) 0x2b, (byte) 0x13, (byte) 0x41, (byte) 0xd1, + (byte) 0x2d, (byte) 0xff, (byte) 0x4f, (byte) 0x9c, + (byte) 0xf9, (byte) 0x42, (byte) 0x7c, (byte) 0x47, + (byte) 0x52, (byte) 0x96, (byte) 0x2b, (byte) 0x4c, + (byte) 0x2b, (byte) 0xdc, (byte) 0x8f, (byte) 0xbc, + (byte) 0xd8, (byte) 0x06, (byte) 0x52, (byte) 0x51, + (byte) 0x6c, (byte) 0x42, (byte) 0x1c, (byte) 0xc5, + (byte) 0x23, (byte) 0x21, (byte) 0x2a, (byte) 0x01, + (byte) 0xea, (byte) 0x63, (byte) 0xc7, (byte) 0x9d, + (byte) 0x6e, (byte) 0x9a, (byte) 0x9c, (byte) 0x84, + (byte) 0x93, (byte) 0x3e, (byte) 0x35, (byte) 0x3e, + (byte) 0x21, (byte) 0x24, (byte) 0x16, (byte) 0xec + }; + + public static final byte[] ECSP384_FP_G_Y = { + (byte) 0xce, (byte) 0x41, (byte) 0x6c, (byte) 0x6e, + (byte) 0x75, (byte) 0xfa, (byte) 0x9f, (byte) 0xd2, + (byte) 0x05, (byte) 0xed, (byte) 0x48, (byte) 0xfc, + (byte) 0x4e, (byte) 0x30, (byte) 0x99, (byte) 0xcb, + (byte) 0xb1, (byte) 0xd6, (byte) 0xed, (byte) 0x03, + (byte) 0x1b, (byte) 0x7d, (byte) 0xdb, (byte) 0xff, + (byte) 0x1d, (byte) 0x63, (byte) 0x4e, (byte) 0xb9, + (byte) 0x7a, (byte) 0x83, (byte) 0xd9, (byte) 0xb7, + (byte) 0x80, (byte) 0xcf, (byte) 0xd4, (byte) 0xde, + (byte) 0xdf, (byte) 0xdd, (byte) 0x2c, (byte) 0x76, + (byte) 0x04, (byte) 0xd1, (byte) 0x43, (byte) 0x19, + (byte) 0x6c, (byte) 0x08, (byte) 0xd9, (byte) 0x33 + }; + + public static final byte[] ECSP384_FP_R = { + (byte) 0xd0, (byte) 0xdf, (byte) 0x6c, (byte) 0x96, + (byte) 0xcf, (byte) 0xf7, (byte) 0x08, (byte) 0x1b, + (byte) 0xe8, (byte) 0x0d, (byte) 0x22, (byte) 0xb0, + (byte) 0x05, (byte) 0x75, (byte) 0x8a, (byte) 0x2e, + (byte) 0x2f, (byte) 0x04, (byte) 0x6e, (byte) 0x15, + (byte) 0xfe, (byte) 0x02, (byte) 0x0e, (byte) 0xf7, + (byte) 0x66, (byte) 0x4e, (byte) 0xd5, (byte) 0x1d, + (byte) 0x77, (byte) 0x01, (byte) 0xc8, (byte) 0x6b, + (byte) 0xf2, (byte) 0xa1, (byte) 0xe9, (byte) 0xf3, + (byte) 0x00, (byte) 0x2c, (byte) 0x26, (byte) 0xfe, + (byte) 0x00, (byte) 0x23, (byte) 0x14, (byte) 0xc3, + (byte) 0xc9, (byte) 0x2f, (byte) 0x1c, (byte) 0xa9 + }; + + public static final short ECSP384_FP_K = 1; + + public static final byte[] ECSP384_FP_W_X = { + (byte) 0xa4, (byte) 0xbd, (byte) 0x57, (byte) 0x5b, + (byte) 0xf2, (byte) 0x03, (byte) 0x00, (byte) 0xb0, + (byte) 0xcf, (byte) 0x8a, (byte) 0x2f, (byte) 0x41, + (byte) 0xdd, (byte) 0x5a, (byte) 0x03, (byte) 0xe9, + (byte) 0x08, (byte) 0x96, (byte) 0x6a, (byte) 0x42, + (byte) 0x29, (byte) 0xa5, (byte) 0xf2, (byte) 0x2f, + (byte) 0x5c, (byte) 0x19, (byte) 0x0d, (byte) 0x36, + (byte) 0x41, (byte) 0xac, (byte) 0x2d, (byte) 0x32, + (byte) 0xb7, (byte) 0xb2, (byte) 0x4a, (byte) 0x63, + (byte) 0x48, (byte) 0x2c, (byte) 0xbb, (byte) 0xcd, + (byte) 0x0c, (byte) 0x22, (byte) 0x57, (byte) 0xf8, + (byte) 0x34, (byte) 0x83, (byte) 0x4e, (byte) 0xf1 + }; + + public static final byte[] ECSP384_FP_W_Y = { + (byte) 0x38, (byte) 0xd5, (byte) 0x1c, (byte) 0x8f, + (byte) 0x9e, (byte) 0x90, (byte) 0x59, (byte) 0x2f, + (byte) 0x56, (byte) 0x7e, (byte) 0x81, (byte) 0xd0, + (byte) 0xe4, (byte) 0x85, (byte) 0x5e, (byte) 0x79, + (byte) 0x73, (byte) 0x1b, (byte) 0x57, (byte) 0x97, + (byte) 0x85, (byte) 0x7a, (byte) 0x4c, (byte) 0x7d, + (byte) 0xc2, (byte) 0x70, (byte) 0x65, (byte) 0x3b, + (byte) 0xc9, (byte) 0xf0, (byte) 0xc3, (byte) 0x1e, + (byte) 0x84, (byte) 0x69, (byte) 0x30, (byte) 0x07, + (byte) 0xb0, (byte) 0x9c, (byte) 0xeb, (byte) 0xf7, + (byte) 0x10, (byte) 0xd5, (byte) 0xae, (byte) 0x32, + (byte) 0x37, (byte) 0x30, (byte) 0x39, (byte) 0x49 + }; + + + //Anomalous curve(small-pub-521), with pubkey of order 4 + public static final byte[] ECSP521_FP_P = { + (byte) 0x01, (byte) 0xd3, (byte) 0xdf, (byte) 0x43, + (byte) 0x09, (byte) 0x24, (byte) 0x95, (byte) 0x6e, + (byte) 0x21, (byte) 0x0a, (byte) 0x60, (byte) 0x5b, + (byte) 0x4d, (byte) 0xbf, (byte) 0x4a, (byte) 0x2e, + (byte) 0x90, (byte) 0x9d, (byte) 0x7a, (byte) 0x80, + (byte) 0x16, (byte) 0x58, (byte) 0x97, (byte) 0x8c, + (byte) 0x88, (byte) 0xff, (byte) 0xd6, (byte) 0x8d, + (byte) 0xcc, (byte) 0x81, (byte) 0x7f, (byte) 0x5c, + (byte) 0xc7, (byte) 0x9c, (byte) 0xf1, (byte) 0x88, + (byte) 0xd9, (byte) 0xee, (byte) 0x82, (byte) 0xd1, + (byte) 0xa5, (byte) 0x1c, (byte) 0x44, (byte) 0xcb, + (byte) 0xd3, (byte) 0x1e, (byte) 0x9c, (byte) 0xc5, + (byte) 0xb8, (byte) 0x16, (byte) 0xd7, (byte) 0x6d, + (byte) 0x5b, (byte) 0x13, (byte) 0x12, (byte) 0xb0, + (byte) 0x05, (byte) 0xf7, (byte) 0xb6, (byte) 0x89, + (byte) 0x19, (byte) 0xe2, (byte) 0x75, (byte) 0xda, + (byte) 0xc9, (byte) 0x9f + }; + + public static final byte[] ECSP521_FP_A = { + (byte) 0x00, (byte) 0x40, (byte) 0x16, (byte) 0x39, + (byte) 0xf3, (byte) 0x6f, (byte) 0x2e, (byte) 0xe4, + (byte) 0x5f, (byte) 0xc1, (byte) 0x64, (byte) 0xea, + (byte) 0x3e, (byte) 0x1f, (byte) 0x14, (byte) 0xf4, + (byte) 0x80, (byte) 0x3f, (byte) 0xd7, (byte) 0xa7, + (byte) 0x7f, (byte) 0xfd, (byte) 0xfb, (byte) 0x39, + (byte) 0x2c, (byte) 0x3f, (byte) 0x8f, (byte) 0xe9, + (byte) 0x5d, (byte) 0x1a, (byte) 0xea, (byte) 0x33, + (byte) 0x14, (byte) 0x67, (byte) 0xf4, (byte) 0x61, + (byte) 0x8d, (byte) 0x59, (byte) 0xae, (byte) 0xee, + (byte) 0x49, (byte) 0xd5, (byte) 0xd7, (byte) 0xc7, + (byte) 0x0c, (byte) 0xaf, (byte) 0x32, (byte) 0x0f, + (byte) 0x7d, (byte) 0xd1, (byte) 0xac, (byte) 0x16, + (byte) 0x61, (byte) 0x14, (byte) 0xf5, (byte) 0x62, + (byte) 0x41, (byte) 0x34, (byte) 0x49, (byte) 0x99, + (byte) 0x1d, (byte) 0x3a, (byte) 0xa1, (byte) 0xa2, + (byte) 0xc4, (byte) 0x9e + }; + + public static final byte[] ECSP521_FP_B = { + (byte) 0x00, (byte) 0x4a, (byte) 0x26, (byte) 0xa8, + (byte) 0xc4, (byte) 0x7f, (byte) 0xce, (byte) 0x20, + (byte) 0x4b, (byte) 0xa9, (byte) 0x53, (byte) 0x01, + (byte) 0x5f, (byte) 0xa8, (byte) 0x67, (byte) 0x08, + (byte) 0xc0, (byte) 0xde, (byte) 0x72, (byte) 0x0f, + (byte) 0x27, (byte) 0x52, (byte) 0x39, (byte) 0x88, + (byte) 0xb0, (byte) 0x97, (byte) 0xe7, (byte) 0x74, + (byte) 0x16, (byte) 0x8c, (byte) 0x15, (byte) 0xf7, + (byte) 0xa2, (byte) 0x15, (byte) 0xaa, (byte) 0xf1, + (byte) 0x8a, (byte) 0x5f, (byte) 0x1b, (byte) 0x95, + (byte) 0x79, (byte) 0xab, (byte) 0x3d, (byte) 0xb9, + (byte) 0x35, (byte) 0xd4, (byte) 0x5b, (byte) 0xe1, + (byte) 0x4c, (byte) 0x9a, (byte) 0x87, (byte) 0xb7, + (byte) 0x11, (byte) 0x70, (byte) 0x39, (byte) 0x69, + (byte) 0x09, (byte) 0xb1, (byte) 0x4d, (byte) 0x06, + (byte) 0xf7, (byte) 0xa0, (byte) 0x99, (byte) 0x75, + (byte) 0xb3, (byte) 0xa6 + }; + + public static final byte[] ECSP521_FP_G_X = { + (byte) 0x01, (byte) 0xc8, (byte) 0x80, (byte) 0xae, + (byte) 0x0a, (byte) 0x35, (byte) 0x5a, (byte) 0x52, + (byte) 0x79, (byte) 0x1f, (byte) 0xc9, (byte) 0x60, + (byte) 0x0f, (byte) 0xd8, (byte) 0xb3, (byte) 0x57, + (byte) 0x26, (byte) 0xe9, (byte) 0xd7, (byte) 0x99, + (byte) 0x10, (byte) 0x14, (byte) 0x89, (byte) 0x16, + (byte) 0x1c, (byte) 0x8f, (byte) 0x90, (byte) 0xa9, + (byte) 0xc6, (byte) 0x63, (byte) 0x1d, (byte) 0x09, + (byte) 0xb3, (byte) 0xcb, (byte) 0x34, (byte) 0x75, + (byte) 0x84, (byte) 0x83, (byte) 0x7d, (byte) 0x9d, + (byte) 0xeb, (byte) 0x85, (byte) 0x66, (byte) 0xa9, + (byte) 0xc5, (byte) 0x84, (byte) 0x6a, (byte) 0xde, + (byte) 0xd0, (byte) 0xd0, (byte) 0x1e, (byte) 0xb9, + (byte) 0x47, (byte) 0xb4, (byte) 0xaf, (byte) 0xfd, + (byte) 0x34, (byte) 0xe8, (byte) 0xea, (byte) 0x7d, + (byte) 0xbe, (byte) 0x73, (byte) 0x3c, (byte) 0xbe, + (byte) 0xda, (byte) 0xfa + }; + + public static final byte[] ECSP521_FP_G_Y = { + (byte) 0x00, (byte) 0x05, (byte) 0x0f, (byte) 0x12, + (byte) 0x67, (byte) 0x2f, (byte) 0x16, (byte) 0x3f, + (byte) 0x19, (byte) 0xd5, (byte) 0xd4, (byte) 0x93, + (byte) 0xeb, (byte) 0x82, (byte) 0xef, (byte) 0x77, + (byte) 0x7b, (byte) 0x02, (byte) 0x13, (byte) 0xdd, + (byte) 0x4e, (byte) 0x0c, (byte) 0xf7, (byte) 0x5a, + (byte) 0x9b, (byte) 0x99, (byte) 0x72, (byte) 0x4f, + (byte) 0xbd, (byte) 0xb5, (byte) 0x4b, (byte) 0x0c, + (byte) 0xc4, (byte) 0xe0, (byte) 0x37, (byte) 0xbf, + (byte) 0x86, (byte) 0xa4, (byte) 0x8b, (byte) 0xac, + (byte) 0x28, (byte) 0x46, (byte) 0x7b, (byte) 0xdd, + (byte) 0x93, (byte) 0x6c, (byte) 0x31, (byte) 0x4c, + (byte) 0xe1, (byte) 0x3f, (byte) 0x6e, (byte) 0xc7, + (byte) 0xec, (byte) 0x69, (byte) 0xea, (byte) 0x09, + (byte) 0xae, (byte) 0x4f, (byte) 0x54, (byte) 0x44, + (byte) 0xdf, (byte) 0x4b, (byte) 0x2a, (byte) 0x11, + (byte) 0x7a, (byte) 0x66 + }; + + public static final byte[] ECSP521_FP_R = { + (byte) 0x01, (byte) 0xd3, (byte) 0xdf, (byte) 0x43, + (byte) 0x09, (byte) 0x24, (byte) 0x95, (byte) 0x6e, + (byte) 0x21, (byte) 0x0a, (byte) 0x60, (byte) 0x5b, + (byte) 0x4d, (byte) 0xbf, (byte) 0x4a, (byte) 0x2e, + (byte) 0x90, (byte) 0x9d, (byte) 0x7a, (byte) 0x80, + (byte) 0x16, (byte) 0x58, (byte) 0x97, (byte) 0x8c, + (byte) 0x88, (byte) 0xff, (byte) 0xd6, (byte) 0x8d, + (byte) 0xcc, (byte) 0x81, (byte) 0x7f, (byte) 0x5c, + (byte) 0xc7, (byte) 0xba, (byte) 0x08, (byte) 0x38, + (byte) 0x71, (byte) 0x7c, (byte) 0x19, (byte) 0x47, + (byte) 0xf9, (byte) 0x3c, (byte) 0xfd, (byte) 0xd3, + (byte) 0xed, (byte) 0x87, (byte) 0xec, (byte) 0x2c, + (byte) 0x2d, (byte) 0xf1, (byte) 0x81, (byte) 0xc7, + (byte) 0xad, (byte) 0xa5, (byte) 0x53, (byte) 0x34, + (byte) 0x6e, (byte) 0xc1, (byte) 0x49, (byte) 0x57, + (byte) 0x32, (byte) 0xa1, (byte) 0xe7, (byte) 0xff, + (byte) 0xe9, (byte) 0xb3 + }; + + public static final short ECSP521_FP_K = 1; + + public static final byte[] ECSP521_FP_W_X = { + (byte) 0x00, (byte) 0x28, (byte) 0x44, (byte) 0xdf, + (byte) 0x0f, (byte) 0x31, (byte) 0xf4, (byte) 0x6a, + (byte) 0x40, (byte) 0xe6, (byte) 0xc7, (byte) 0x00, + (byte) 0x6c, (byte) 0xde, (byte) 0x99, (byte) 0x15, + (byte) 0x5b, (byte) 0xd5, (byte) 0xd1, (byte) 0x8d, + (byte) 0x0e, (byte) 0x41, (byte) 0x50, (byte) 0x17, + (byte) 0x8a, (byte) 0x8e, (byte) 0x30, (byte) 0x7d, + (byte) 0x6a, (byte) 0xec, (byte) 0x08, (byte) 0xfd, + (byte) 0x02, (byte) 0xd4, (byte) 0x66, (byte) 0xc0, + (byte) 0x3c, (byte) 0x49, (byte) 0xb4, (byte) 0x9c, + (byte) 0x26, (byte) 0x54, (byte) 0xb7, (byte) 0xc9, + (byte) 0xa3, (byte) 0x2d, (byte) 0x88, (byte) 0xca, + (byte) 0x01, (byte) 0x40, (byte) 0x16, (byte) 0xa7, + (byte) 0xed, (byte) 0xdd, (byte) 0x44, (byte) 0x21, + (byte) 0x7b, (byte) 0xe9, (byte) 0x15, (byte) 0x50, + (byte) 0x5d, (byte) 0x22, (byte) 0x8e, (byte) 0xfb, + (byte) 0x93, (byte) 0x89 + }; + + public static final byte[] ECSP521_FP_W_Y = { + (byte) 0x01, (byte) 0x05, (byte) 0x92, (byte) 0x1e, + (byte) 0x21, (byte) 0x72, (byte) 0xc3, (byte) 0x05, + (byte) 0x0b, (byte) 0xa4, (byte) 0xc9, (byte) 0xd2, + (byte) 0xe7, (byte) 0x44, (byte) 0xfc, (byte) 0x5b, + (byte) 0x7b, (byte) 0x5e, (byte) 0x84, (byte) 0x51, + (byte) 0x75, (byte) 0x1e, (byte) 0x67, (byte) 0x80, + (byte) 0xc6, (byte) 0xde, (byte) 0x88, (byte) 0x22, + (byte) 0x94, (byte) 0x97, (byte) 0xbe, (byte) 0x7d, + (byte) 0x23, (byte) 0x55, (byte) 0x0b, (byte) 0xee, + (byte) 0xfa, (byte) 0x0c, (byte) 0xb7, (byte) 0xfa, + (byte) 0xfe, (byte) 0xbb, (byte) 0x4d, (byte) 0xd9, + (byte) 0xfa, (byte) 0xd1, (byte) 0x24, (byte) 0x4c, + (byte) 0x67, (byte) 0x33, (byte) 0xbe, (byte) 0xfe, + (byte) 0x5a, (byte) 0x97, (byte) 0x71, (byte) 0x0f, + (byte) 0x0d, (byte) 0xc5, (byte) 0x6d, (byte) 0xc0, + (byte) 0x8d, (byte) 0x9d, (byte) 0x9d, (byte) 0xf9, + (byte) 0xd8, (byte) 0x46 + }; + + + // getCorruptCurveParameter PARAMETER_CORRUPTION TYPES + public static final short CORRUPTION_NONE = 0x01; + public static final short CORRUPTION_FIXED = 0x02; + public static final short CORRUPTION_FULLRANDOM = 0x03; + public static final short CORRUPTION_ONEBYTERANDOM = 0x04; + public static final short CORRUPTION_ZERO = 0x05; + public static final short CORRUPTION_ONE = 0x06; + + // Supported embedded curves, getCurveParameter + // SECP recommended curves over FP + public static final byte CURVE_secp128r1 = 1; + public static final byte CURVE_secp160r1 = 2; + public static final byte CURVE_secp192r1 = 3; + public static final byte CURVE_secp224r1 = 4; + public static final byte CURVE_secp256r1 = 5; + public static final byte CURVE_secp384r1 = 6; + public static final byte CURVE_secp521r1 = 7; + + public static final byte CURVE_sp128 = 8; + public static final byte CURVE_sp160 = 9; + public static final byte CURVE_sp192 = 10; + public static final byte CURVE_sp224 = 11; + public static final byte CURVE_sp256 = 12; + public static final byte CURVE_sp384 = 13; + public static final byte CURVE_sp521 = 14; + + public static final byte FP_CURVES = 14; + + // SECP recommended curves over F2M + public static final byte CURVE_sect163r1 = 15; + public static final byte CURVE_sect233r1 = 16; + public static final byte CURVE_sect283r1 = 17; + public static final byte CURVE_sect409r1 = 18; + public static final byte CURVE_sect571r1 = 19; + + public static final byte F2M_CURVES = 12; + + public static byte getCurve(short keyClass, short keyLength) { + if (keyClass == KeyPair.ALG_EC_FP) { + switch (keyLength) { + case (short) 128: + return CURVE_secp128r1; + case (short) 160: + return CURVE_secp160r1; + case (short) 192: + return CURVE_secp192r1; + case (short) 224: + return CURVE_secp224r1; + case (short) 256: + return CURVE_secp256r1; + case (short) 384: + return CURVE_secp384r1; + case (short) 521: + return CURVE_secp521r1; + default: + ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); + } + } else if (keyClass == KeyPair.ALG_EC_F2M) { + switch (keyLength) { + case (short) 163: + return CURVE_sect163r1; + case (short) 233: + return CURVE_sect233r1; + case (short) 283: + return CURVE_sect283r1; + case (short) 409: + return CURVE_sect409r1; + case (short) 571: + return CURVE_sect571r1; + default: ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); - } } - - // prepare an ANSI X9.62 uncompressed EC point representation for G - short gSize = (short) 1; - gSize += (short) EC_FP_G_X.length; - gSize += (short) EC_FP_G_Y.length; - auxBuffer[0] = 0x04; - short off = 1; - off = Util.arrayCopyNonAtomic(EC_FP_G_X, (short) 0, auxBuffer, off, (short) EC_FP_G_X.length); - Util.arrayCopyNonAtomic(EC_FP_G_Y, (short) 0, auxBuffer, off, (short) EC_FP_G_Y.length); - ecPubKey.setG(auxBuffer, (short) 0, gSize); - ecPrivKey.setG(auxBuffer, (short) 0, gSize); + } else { + ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); + } + return 0; + } - // pre-set basic EC parameters: - ecPubKey.setFieldFP(EC_FP_P, (short) 0, (short) EC_FP_P.length); - ecPrivKey.setFieldFP(EC_FP_P, (short) 0, (short) EC_FP_P.length); - ecPubKey.setA(EC_FP_A, (short) 0, (short) EC_FP_A.length); - ecPrivKey.setA(EC_FP_A, (short) 0, (short) EC_FP_A.length); + public static byte getAnomalousCurve(short keyClass, short keyLength) { + if (keyClass == KeyPair.ALG_EC_FP) { + switch (keyLength) { + case (short) 128: + return CURVE_sp128; + case (short) 160: + return CURVE_sp160; + case (short) 192: + return CURVE_sp192; + case (short) 224: + return CURVE_sp224; + case (short) 256: + return CURVE_sp256; + case (short) 384: + return CURVE_sp384; + case (short) 521: + return CURVE_sp521; + default: + ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); + } + } else if (keyClass == KeyPair.ALG_EC_F2M) { + return 0; + } else { + ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); + } + return 0; + } - if (bInvalidKeyType == VALID_KEY) { - // No corruption - ecPubKey.setB(EC_FP_B, (short) 0, (short) EC_FP_B.length); + public static short getCurveParameter(byte curve, short param, byte[] outputBuffer, short outputOffset) { + byte alg = getCurveType(curve); + switch (curve) { + case CURVE_secp128r1: { + EC_FP_P = EC128_FP_P; + EC_A = EC128_FP_A; + EC_B = EC128_FP_B; + EC_G_X = EC128_FP_G_X; + EC_G_Y = EC128_FP_G_Y; + EC_R = EC128_FP_R; + EC_K = EC128_FP_K; + break; + } + case CURVE_secp160r1: { + EC_FP_P = EC160_FP_P; + EC_A = EC160_FP_A; + EC_B = EC160_FP_B; + EC_G_X = EC160_FP_G_X; + EC_G_Y = EC160_FP_G_Y; + EC_R = EC160_FP_R; + EC_K = EC160_FP_K; + break; + } + case CURVE_secp192r1: { + EC_FP_P = EC192_FP_P; + EC_A = EC192_FP_A; + EC_B = EC192_FP_B; + EC_G_X = EC192_FP_G_X; + EC_G_Y = EC192_FP_G_Y; + EC_R = EC192_FP_R; + EC_K = EC192_FP_K; + break; + } + case CURVE_secp224r1: { + EC_FP_P = EC224_FP_P; + EC_A = EC224_FP_A; + EC_B = EC224_FP_B; + EC_G_X = EC224_FP_G_X; + EC_G_Y = EC224_FP_G_Y; + EC_R = EC224_FP_R; + EC_K = EC224_FP_K; + break; + } + case CURVE_secp256r1: { + EC_FP_P = EC256_FP_P; + EC_A = EC256_FP_A; + EC_B = EC256_FP_B; + EC_G_X = EC256_FP_G_X; + EC_G_Y = EC256_FP_G_Y; + EC_R = EC256_FP_R; + EC_K = EC256_FP_K; + break; + } + case CURVE_secp384r1: { + EC_FP_P = EC384_FP_P; + EC_A = EC384_FP_A; + EC_B = EC384_FP_B; + EC_G_X = EC384_FP_G_X; + EC_G_Y = EC384_FP_G_Y; + EC_R = EC384_FP_R; + EC_K = EC384_FP_K; + break; + } + case CURVE_secp521r1: { + EC_FP_P = EC521_FP_P; + EC_A = EC521_FP_A; + EC_B = EC521_FP_B; + EC_G_X = EC521_FP_G_X; + EC_G_Y = EC521_FP_G_Y; + EC_R = EC521_FP_R; + EC_K = EC521_FP_K; + break; + } + case CURVE_sect163r1: { + EC_F2M_F2M = EC163_F2M_F; + EC_A = EC163_F2M_A; + EC_B = EC163_F2M_B; + EC_G_X = EC163_F2M_G_X; + EC_G_Y = EC163_F2M_G_Y; + EC_R = EC163_F2M_R; + EC_K = EC163_F2M_K; + break; + } + case CURVE_sect233r1: { + EC_F2M_F2M = EC233_F2M_F; + EC_A = EC233_F2M_A; + EC_B = EC233_F2M_B; + EC_G_X = EC233_F2M_G_X; + EC_G_Y = EC233_F2M_G_Y; + EC_R = EC233_F2M_R; + EC_K = EC233_F2M_K; + break; + } + case CURVE_sect283r1: { + EC_F2M_F2M = EC283_F2M_F; + EC_A = EC283_F2M_A; + EC_B = EC283_F2M_B; + EC_G_X = EC283_F2M_G_X; + EC_G_Y = EC283_F2M_G_Y; + EC_R = EC283_F2M_R; + EC_K = EC283_F2M_K; + break; + } + case CURVE_sect409r1: { + EC_F2M_F2M = EC409_F2M_F; + EC_A = EC409_F2M_A; + EC_B = EC409_F2M_B; + EC_G_X = EC409_F2M_G_X; + EC_G_Y = EC409_F2M_G_Y; + EC_R = EC409_F2M_R; + EC_K = EC409_F2M_K; + break; + } + case CURVE_sect571r1: { + EC_F2M_F2M = EC571_F2M_F; + EC_A = EC571_F2M_A; + EC_B = EC571_F2M_B; + EC_G_X = EC571_F2M_G_X; + EC_G_Y = EC571_F2M_G_Y; + EC_R = EC571_F2M_R; + EC_K = EC571_F2M_K; + break; } - if (bInvalidKeyType == INVALIDB_FIXED) { - // corrupt curve if required for testing - Util.arrayCopyNonAtomic(EC_FP_B, (short) 0, auxBuffer, (short) 0, (short) EC_FP_B.length); - auxBuffer[(byte) 10] = (byte) 0xcc; - auxBuffer[(byte) 11] = (byte) 0xcc; - ecPubKey.setB(auxBuffer, (short) 0, (short) EC_FP_B.length); + case CURVE_sp128: { + EC_FP_P = ECSP128_FP_P; + EC_A = ECSP128_FP_A; + EC_B = ECSP128_FP_B; + EC_G_X = ECSP128_FP_G_X; + EC_G_Y = ECSP128_FP_G_Y; + EC_R = ECSP128_FP_R; + EC_K = ECSP128_FP_K; + EC_W_X = ECSP128_FP_W_X; + EC_W_Y = ECSP128_FP_W_Y; + break; } - if (bInvalidKeyType == INVALIDB_RANDOM) { - // corrupt curve if required for testing - m_random.generateData(auxBuffer, (short) 0, (short) EC_FP_B.length); - ecPubKey.setB(auxBuffer, (short) 0, (short) EC_FP_B.length); + case CURVE_sp160: { + EC_FP_P = ECSP160_FP_P; + EC_A = ECSP160_FP_A; + EC_B = ECSP160_FP_B; + EC_G_X = ECSP160_FP_G_X; + EC_G_Y = ECSP160_FP_G_Y; + EC_R = ECSP160_FP_R; + EC_K = ECSP160_FP_K; + EC_W_X = ECSP160_FP_W_X; + EC_W_Y = ECSP160_FP_W_Y; + break; } - ecPrivKey.setB(EC_FP_B, (short) 0, (short) EC_FP_B.length); - - ecPubKey.setR(EC_FP_R, (short) 0, (short) EC_FP_R.length); - ecPrivKey.setR(EC_FP_R, (short) 0, (short) EC_FP_R.length); + case CURVE_sp192: { + EC_FP_P = ECSP192_FP_P; + EC_A = ECSP192_FP_A; + EC_B = ECSP192_FP_B; + EC_G_X = ECSP192_FP_G_X; + EC_G_Y = ECSP192_FP_G_Y; + EC_R = ECSP192_FP_R; + EC_K = ECSP192_FP_K; + EC_W_X = ECSP192_FP_W_X; + EC_W_Y = ECSP192_FP_W_Y; + break; + } + case CURVE_sp224: { + EC_FP_P = ECSP224_FP_P; + EC_A = ECSP224_FP_A; + EC_B = ECSP224_FP_B; + EC_G_X = ECSP224_FP_G_X; + EC_G_Y = ECSP224_FP_G_Y; + EC_R = ECSP224_FP_R; + EC_K = ECSP224_FP_K; + EC_W_X = ECSP224_FP_W_X; + EC_W_Y = ECSP224_FP_W_Y; + break; + } + case CURVE_sp256: { + EC_FP_P = ECSP256_FP_P; + EC_A = ECSP256_FP_A; + EC_B = ECSP256_FP_B; + EC_G_X = ECSP256_FP_G_X; + EC_G_Y = ECSP256_FP_G_Y; + EC_R = ECSP256_FP_R; + EC_K = ECSP256_FP_K; + EC_W_X = ECSP256_FP_W_X; + EC_W_Y = ECSP256_FP_W_Y; + break; + } + case CURVE_sp384: { + EC_FP_P = ECSP384_FP_P; + EC_A = ECSP384_FP_A; + EC_B = ECSP384_FP_B; + EC_G_X = ECSP384_FP_G_X; + EC_G_Y = ECSP384_FP_G_Y; + EC_R = ECSP384_FP_R; + EC_K = ECSP384_FP_K; + EC_W_X = ECSP384_FP_W_X; + EC_W_Y = ECSP384_FP_W_Y; + break; + } + case CURVE_sp521: { + EC_FP_P = ECSP521_FP_P; + EC_A = ECSP521_FP_A; + EC_B = ECSP521_FP_B; + EC_G_X = ECSP521_FP_G_X; + EC_G_Y = ECSP521_FP_G_Y; + EC_R = ECSP521_FP_R; + EC_K = ECSP521_FP_K; + EC_W_X = ECSP521_FP_W_X; + EC_W_Y = ECSP521_FP_W_Y; + break; + } + default: + ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); + } + short length = 0; + switch (param) { + case PARAMETER_FP: + if (alg == KeyPair.ALG_EC_FP) { + length = Util.arrayCopyNonAtomic(EC_FP_P, (short) 0, outputBuffer, outputOffset, (short) EC_FP_P.length); + } + break; + case PARAMETER_F2M: + if (alg == KeyPair.ALG_EC_F2M) { + length = Util.arrayCopyNonAtomic(EC_F2M_F2M, (short) 0, outputBuffer, outputOffset, (short) EC_F2M_F2M.length); + } + break; + case PARAMETER_A: + length = Util.arrayCopyNonAtomic(EC_A, (short) 0, outputBuffer, outputOffset, (short) EC_A.length); + break; + case PARAMETER_B: + length = Util.arrayCopyNonAtomic(EC_B, (short) 0, outputBuffer, outputOffset, (short) EC_B.length); + break; + case PARAMETER_G: + length = toX962(outputBuffer, outputOffset, EC_G_X, (short) 0, (short) EC_G_X.length, EC_G_Y, (short) 0, (short) EC_G_Y.length); + break; + case PARAMETER_R: + length = Util.arrayCopyNonAtomic(EC_R, (short) 0, outputBuffer, outputOffset, (short) EC_R.length); + break; + case PARAMETER_K: + length = 2; + Util.setShort(outputBuffer, outputOffset, EC_K); + break; + case PARAMETER_W: + length = toX962(outputBuffer, outputOffset, EC_W_X, (short) 0, (short) EC_W_X.length, EC_W_Y, (short) 0, (short) EC_W_Y.length); + break; + case PARAMETER_S: + length = Util.arrayCopyNonAtomic(EC_S, (short) 0, outputBuffer, outputOffset, (short) EC_S.length); + break; + default: + ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); + } + return length; + } - ecPubKey.setK(EC_FP_K); - ecPrivKey.setK(EC_FP_K); + public static short getCorruptCurveParameter(byte curve, short param, byte[] outputBuffer, short outputOffset, short corruptionType) { + short length = getCurveParameter(curve, param, outputBuffer, outputOffset); + if (length <= 0) { + return length; } - if (ecClass == KeyPair.ALG_EC_F2M) { - // Not supported yet - ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); + switch (corruptionType) { + case CORRUPTION_NONE: + break; + case CORRUPTION_FIXED: + if (length >= 1) { + outputBuffer[outputOffset] = (byte) 0xcc; + outputBuffer[(short) (outputOffset + length - 1)] = (byte) 0xcc; + } + break; + case CORRUPTION_FULLRANDOM: + m_random.generateData(outputBuffer, outputOffset, length); + break; + case CORRUPTION_ONEBYTERANDOM: + short first = Util.getShort(outputBuffer, (short) 0); // save first two bytes + + m_random.generateData(outputBuffer, (short) 0, (short) 2); // generate position + short rngPos = Util.getShort(outputBuffer, (short) 0); // save generated position + + Util.setShort(outputBuffer, (short) 0, first); // restore first two bytes + + if (rngPos < 0) { // make positive + rngPos = (short) -rngPos; + } + rngPos %= length; // make < param length + + byte original = outputBuffer[rngPos]; + do { + m_random.generateData(outputBuffer, rngPos, (short) 1); + } while (original == outputBuffer[rngPos]); + break; + case CORRUPTION_ZERO: + Util.arrayFillNonAtomic(outputBuffer, outputOffset, length, (byte) 0); + break; + case CORRUPTION_ONE: + Util.arrayFillNonAtomic(outputBuffer, outputOffset, length, (byte) 1); + break; + default: + ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); + /* //TODO implement CORRUPT_B_LASTBYTEINCREMENT somehow + case CORRUPT_B_LASTBYTEINCREMENT: + m_ramArray2[(short) (m_lenB - 1)] += 1; + // Make sure its not the valid byte again + if (m_ramArray[(short) (m_lenB - 1)] == m_ramArray2[(short) (m_lenB - 1)]) { + m_ramArray2[(short) (m_lenB - 1)] += 1; // if yes, increment once more + } + break; + } + */ } - - } -/* - void setFPCurveParams(ECPublicKey ecPubKey, byte[] EC_FP_P, byte[] EC_FP_A, EC_FP_B) { - ecPubKey.setFieldFP(EC_FP_P, (short) 0, (short) EC_FP_P.length); - ecPrivKey.setA(EC_FP_A, (short) 0, (short) EC_FP_A.length); - ecPrivKey.setB(EC_FP_B, (short) 0, (short) EC_FP_B.length); - ecPrivKey.setG(auxBuffer, (short) 0, gSize); - ecPrivKey.setR(EC_FP_R, (short) 0, (short) EC_FP_R.length); - ecPrivKey.setK(EC_FP_K); + return length; + } + + public static byte getCurveType(byte curve) { + return curve <= FP_CURVES ? KeyPair.ALG_EC_FP : KeyPair.ALG_EC_F2M; + } + + private static short toX962(byte[] outputBuffer, short outputOffset, byte[] xBuffer, short xOffset, short xLength, byte[] yBuffer, short yOffset, short yLength) { + short size = 1; + size += xLength; + size += yLength; + + short offset = outputOffset; + outputBuffer[offset] = 0x04; + offset += 1; + + offset = Util.arrayCopyNonAtomic(xBuffer, xOffset, outputBuffer, offset, xLength); + Util.arrayCopyNonAtomic(yBuffer, yOffset, outputBuffer, offset, yLength); + return size; } - - , ECPrivateKey ecPrivKey , -*/ + } diff --git a/src/applets/SimpleECCApplet.java b/src/applets/SimpleECCApplet.java index 18eec5a..a56250c 100644 --- a/src/applets/SimpleECCApplet.java +++ b/src/applets/SimpleECCApplet.java @@ -6,99 +6,105 @@ package applets; import javacard.framework.*; import javacard.security.*; -import javacardx.crypto.*; -public class SimpleECCApplet extends javacard.framework.Applet -{ + +public class SimpleECCApplet extends Applet { + // MAIN INSTRUCTION CLASS - final static byte CLA_SIMPLEECCAPPLET = (byte) 0xB0; + final static byte CLA_SIMPLEECCAPPLET = (byte) 0xB0; // INSTRUCTIONS - final static byte INS_GENERATEKEY = (byte) 0x5a; - final static byte INS_ALLOCATEKEYPAIRS = (byte) 0x5b; - - final static byte INS_ALLOCATEKEYPAIR = (byte) 0x5c; - final static byte INS_DERIVEECDHSECRET = (byte) 0x5d; - - final static byte INS_TESTECSUPPORTALL_FP = (byte) 0x5e; - final static byte INS_TESTECSUPPORTALL_F2M = (byte) 0x5f; - final static byte INS_TESTEC_GENERATEINVALID_FP = (byte) 0x70; - final static byte INS_TESTECSUPPORT_GIVENALG = (byte) 0x71; - final static byte INS_TESTEC_LASTUSEDPARAMS = (byte) 0x40; - - - public final static byte P1_SETCURVE = (byte) 0x01; - public final static byte P1_GENERATEKEYPAIR = (byte) 0x02; - + final static byte INS_GENERATEKEY = (byte) 0x5a; + final static byte INS_ALLOCATEKEYPAIRS = (byte) 0x5b; + + final static byte INS_ALLOCATEKEYPAIR = (byte) 0x5c; + final static byte INS_DERIVEECDHSECRET = (byte) 0x5d; + + final static byte INS_TESTECSUPPORTALL_FP = (byte) 0x5e; + final static byte INS_TESTECSUPPORTALL_F2M = (byte) 0x5f; + final static byte INS_TESTEC_GENERATEINVALID_FP = (byte) 0x70; + final static byte INS_TESTECSUPPORT_GIVENALG = (byte) 0x71; + final static byte INS_TESTECSUPPORT_EXTERNAL = (byte) 0x72; + final static byte INS_TESTEC_LASTUSEDPARAMS = (byte) 0x40; + - final static short ARRAY_LENGTH = (short) 0xff; - final static byte AES_BLOCK_LENGTH = (short) 0x16; + public final static byte P1_SETCURVE = (byte) 0x01; + public final static byte P1_GENERATEKEYPAIR = (byte) 0x02; + + + final static short ARRAY_LENGTH = (short) 0xff; + final static byte AES_BLOCK_LENGTH = (short) 0x16; final static short EC_LENGTH_BITS = KeyBuilder.LENGTH_EC_FP_192; //final static short EC_LENGTH_BITS = KeyBuilder.LENGTH_EC_FP_160; //final static short EC_LENGTH_BITS = (short) 256; - - public final static byte ECTEST_SEPARATOR = (byte) 0xff; - public final static byte ECTEST_ALLOCATE_KEYPAIR = (byte) 0xc1; - public final static byte ECTEST_GENERATE_KEYPAIR_DEFCURVE = (byte) 0xc2; - public final static byte ECTEST_SET_VALIDCURVE = (byte) 0xc3; + + public final static byte ECTEST_SEPARATOR = (byte) 0xff; + public final static byte ECTEST_ALLOCATE_KEYPAIR = (byte) 0xc1; + public final static byte ECTEST_GENERATE_KEYPAIR_DEFCURVE = (byte) 0xc2; + public final static byte ECTEST_SET_VALIDCURVE = (byte) 0xc3; public final static byte ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE = (byte) 0xc4; - public final static byte ECTEST_SET_INVALIDCURVE = (byte) 0xc5; + public final static byte ECTEST_SET_INVALIDCURVE = (byte) 0xc5; public final static byte ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE = (byte) 0xc6; public final static byte ECTEST_ECDH_AGREEMENT_VALID_POINT = (byte) 0xc7; public final static byte ECTEST_ECDH_AGREEMENT_INVALID_POINT = (byte) 0xc8; public final static byte ECTEST_EXECUTED_REPEATS = (byte) 0xc9; public final static byte ECTEST_DH_GENERATESECRET = (byte) 0xca; + public final static byte ECTEST_SET_EXTERNALCURVE = (byte) 0xcb; + public final static byte ECTEST_GENERATE_KEYPAIR_EXTERNALCURVE = (byte) 0xcc; + public final static byte ECTEST_ECDSA_SIGNATURE = (byte) 0xcd; + public final static byte ECTEST_SET_ANOMALOUSCURVE = (byte) 0xce; + public final static byte ECTEST_GENERATE_KEYPAIR_ANOMALOUSCURVE = (byte) 0xcf; + public final static byte ECTEST_ECDH_AGREEMENT_SMALL_DEGREE_POINT = (byte) 0xd0; + public final static byte ECTEST_SET_INVALIDFIELD = (byte) 0xd1; + public final static byte ECTEST_GENERATE_KEYPAIR_INVALIDFIELD = (byte) 0xd2; - public final static short FLAG_ECTEST_ALLOCATE_KEYPAIR = (short) 0x0001; + public final static short FLAG_ECTEST_ALLOCATE_KEYPAIR = (short) 0x0001; public final static short FLAG_ECTEST_GENERATE_KEYPAIR_DEFCURVE = (short) 0x0002; - public final static short FLAG_ECTEST_SET_VALIDCURVE = (short) 0x0004; + public final static short FLAG_ECTEST_SET_VALIDCURVE = (short) 0x0004; public final static short FLAG_ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE = (short) 0x0008; - public final static short FLAG_ECTEST_SET_INVALIDCURVE = (short) 0x0010; + public final static short FLAG_ECTEST_SET_INVALIDCURVE = (short) 0x0010; public final static short FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE = (short) 0x0020; public final static short FLAG_ECTEST_ECDH_AGREEMENT_VALID_POINT = (short) 0x0040; public final static short FLAG_ECTEST_ECDH_AGREEMENT_INVALID_POINT = (short) 0x0080; - - public final static short FLAG_ECTEST_ALL = (short) 0x00ff; - - public final static short CORRUPT_B_FULLRANDOM = (short) 0x0001; - public final static short CORRUPT_B_ONEBYTERANDOM = (short) 0x0002; - public final static short CORRUPT_B_LASTBYTEINCREMENT = (short) 0x0003; - - - + public final static short FLAG_ECTEST_ECDSA_SIGNATURE = (short) 0x0100; + public final static short FLAG_ECTEST_SET_ANOMALOUSCURVE = (short) 0x0200; + public final static short FLAG_ECTEST_GENERATE_KEYPAIR_ANOMALOUSCUVE = (short) 0x0400; + public final static short FLAG_ECTEST_ECDH_AGREEMENT_SMALL_DEGREE_POINT = (short) 0x0800; + public final static short FLAG_ECTEST_SET_INVALIDFIELD = (short) 0x1000; + public final static short FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDFIELD = (short) 0x2000; + + public final static short FLAG_ECTEST_ALL = (short) 0xffff; + + public final static short SW_SKIPPED = (short) 0x0ee1; public final static short SW_KEYPAIR_GENERATED_INVALID = (short) 0x0ee2; public final static short SW_INVALID_CORRUPTION_TYPE = (short) 0x0ee3; -/* + public final static short SW_SIG_VERIFY_FAIL = (short) 0xee4; + /* + public static final byte[] EC192_FP_PUBLICW = new byte[]{ + (byte) 0x04, (byte) 0xC9, (byte) 0xC0, (byte) 0xED, (byte) 0xFB, (byte) 0x27, + (byte) 0xB7, (byte) 0x1E, (byte) 0xBE, (byte) 0x30, (byte) 0x93, (byte) 0xFC, + (byte) 0x4F, (byte) 0x33, (byte) 0x76, (byte) 0x38, (byte) 0xCE, (byte) 0xE0, + (byte) 0x2F, (byte) 0x78, (byte) 0xF6, (byte) 0x3C, (byte) 0xEA, (byte) 0x90, + (byte) 0x22, (byte) 0x61, (byte) 0x32, (byte) 0x8E, (byte) 0x9F, (byte) 0x03, + (byte) 0x8A, (byte) 0xFD, (byte) 0x60, (byte) 0xA0, (byte) 0xCE, (byte) 0x01, + (byte) 0x9B, (byte) 0x76, (byte) 0x34, (byte) 0x59, (byte) 0x79, (byte) 0x64, + (byte) 0xD7, (byte) 0x79, (byte) 0x8E, (byte) 0x3B, (byte) 0x16, (byte) 0xD5, + (byte) 0x15}; + */ public static final byte[] EC192_FP_PUBLICW = new byte[]{ - (byte) 0x04, (byte) 0xC9, (byte) 0xC0, (byte) 0xED, (byte) 0xFB, (byte) 0x27, - (byte) 0xB7, (byte) 0x1E, (byte) 0xBE, (byte) 0x30, (byte) 0x93, (byte) 0xFC, - (byte) 0x4F, (byte) 0x33, (byte) 0x76, (byte) 0x38, (byte) 0xCE, (byte) 0xE0, - (byte) 0x2F, (byte) 0x78, (byte) 0xF6, (byte) 0x3C, (byte) 0xEA, (byte) 0x90, - (byte) 0x22, (byte) 0x61, (byte) 0x32, (byte) 0x8E, (byte) 0x9F, (byte) 0x03, - (byte) 0x8A, (byte) 0xFD, (byte) 0x60, (byte) 0xA0, (byte) 0xCE, (byte) 0x01, - (byte) 0x9B, (byte) 0x76, (byte) 0x34, (byte) 0x59, (byte) 0x79, (byte) 0x64, - (byte) 0xD7, (byte) 0x79, (byte) 0x8E, (byte) 0x3B, (byte) 0x16, (byte) 0xD5, - (byte) 0x15}; - */ - public static final byte[] EC192_FP_PUBLICW = new byte[]{ - (byte) 0x04, - (byte) 0x9d, (byte) 0x42, (byte) 0x76, (byte) 0x9d, (byte) 0xfd, (byte) 0xbe, - (byte) 0x11, (byte) 0x3a, (byte) 0x85, (byte) 0x1b, (byte) 0xb6, (byte) 0xb0, - (byte) 0x1b, (byte) 0x1a, (byte) 0x51, (byte) 0x5d, (byte) 0x89, (byte) 0x3b, - (byte) 0x5a, (byte) 0xdb, (byte) 0xc1, (byte) 0xf6, (byte) 0x13, (byte) 0x29, - (byte) 0x74, (byte) 0x74, (byte) 0x9a, (byte) 0xc0, (byte) 0x96, (byte) 0x7a, - (byte) 0x8f, (byte) 0xf4, (byte) 0xcc, (byte) 0x54, (byte) 0xd9, (byte) 0x31, - (byte) 0x87, (byte) 0x60, (byte) 0x2d, (byte) 0xd6, (byte) 0x7e, (byte) 0xb3, - (byte) 0xd2, (byte) 0x29, (byte) 0x70a, (byte) 0xca, (byte) 0x2ca}; - - - private KeyPair ecKeyPair = null; - private KeyPair ecKeyPair128 = null; - private KeyPair ecKeyPair160 = null; - private KeyPair ecKeyPair192 = null; - private KeyPair ecKeyPair256 = null; + (byte) 0x04, + (byte) 0x9d, (byte) 0x42, (byte) 0x76, (byte) 0x9d, (byte) 0xfd, (byte) 0xbe, + (byte) 0x11, (byte) 0x3a, (byte) 0x85, (byte) 0x1b, (byte) 0xb6, (byte) 0xb0, + (byte) 0x1b, (byte) 0x1a, (byte) 0x51, (byte) 0x5d, (byte) 0x89, (byte) 0x3b, + (byte) 0x5a, (byte) 0xdb, (byte) 0xc1, (byte) 0xf6, (byte) 0x13, (byte) 0x29, + (byte) 0x74, (byte) 0x74, (byte) 0x9a, (byte) 0xc0, (byte) 0x96, (byte) 0x7a, + (byte) 0x8f, (byte) 0xf4, (byte) 0xcc, (byte) 0x54, (byte) 0xd9, (byte) 0x31, + (byte) 0x87, (byte) 0x60, (byte) 0x2d, (byte) 0xd6, (byte) 0x7e, (byte) 0xb3, + (byte) 0xd2, (byte) 0x29, (byte) 0x70a, (byte) 0xca, (byte) 0x2ca}; + + private ECPublicKey ecPubKey = null; private ECPublicKey ecPubKey128 = null; private ECPublicKey ecPubKey160 = null; @@ -109,56 +115,66 @@ public class SimpleECCApplet extends javacard.framework.Applet private ECPrivateKey ecPrivKey160 = null; private ECPrivateKey ecPrivKey192 = null; private ECPrivateKey ecPrivKey256 = null; - + + private ECKeyGenerator ecKeyGenerator = null; + private ECKeyTester ecKeyTester = null; + private KeyAgreement dhKeyAgreement = null; private RandomData randomData = null; - + // TEMPORARRY ARRAY IN RAM private byte m_ramArray[] = null; private byte m_ramArray2[] = null; // PERSISTENT ARRAY IN EEPROM - private byte m_dataArray[] = null; - - short m_lenB = 0; + private byte m_dataArray[] = null; + + short m_lenB = 0; protected SimpleECCApplet(byte[] buffer, short offset, byte length) { short dataOffset = offset; - if(length > 9) { + if (length > 9) { // shift to privilege offset - dataOffset += (short)( 1 + buffer[offset]); + dataOffset += (short) (1 + buffer[offset]); // finally shift to Application specific offset - dataOffset += (short)( 1 + buffer[dataOffset]); + dataOffset += (short) (1 + buffer[dataOffset]); // go to proprietary data dataOffset++; m_ramArray = JCSystem.makeTransientByteArray(ARRAY_LENGTH, JCSystem.CLEAR_ON_RESET); m_ramArray2 = JCSystem.makeTransientByteArray(ARRAY_LENGTH, JCSystem.CLEAR_ON_RESET); - + m_dataArray = new byte[ARRAY_LENGTH]; Util.arrayFillNonAtomic(m_dataArray, (short) 0, ARRAY_LENGTH, (byte) 0); - + randomData = RandomData.getInstance(RandomData.ALG_SECURE_RANDOM); - } + EC_Consts.m_random = randomData; + + ecKeyGenerator = new ECKeyGenerator(); + ecKeyTester = new ECKeyTester(); + ecKeyTester.allocateECDH(); + ecKeyTester.allocateECDHC(); + ecKeyTester.allocateECDSA(); + + } register(); } public static void install(byte[] bArray, short bOffset, byte bLength) throws ISOException { // applet instance creation - new SimpleECCApplet (bArray, bOffset, bLength); + new SimpleECCApplet(bArray, bOffset, bLength); } public boolean select() { - return true; + return true; } public void deselect() { return; } - public void process(APDU apdu) throws ISOException - { + public void process(APDU apdu) throws ISOException { // get the APDU buffer byte[] apduBuffer = apdu.getBuffer(); @@ -167,8 +183,8 @@ public class SimpleECCApplet extends javacard.framework.Applet return; if (apduBuffer[ISO7816.OFFSET_CLA] == CLA_SIMPLEECCAPPLET) { - switch ( apduBuffer[ISO7816.OFFSET_INS] ) { - + switch (apduBuffer[ISO7816.OFFSET_INS]) { + case INS_TESTECSUPPORT_GIVENALG: TestEC_SupportGivenLength(apdu); break; @@ -179,7 +195,7 @@ public class SimpleECCApplet extends javacard.framework.Applet TestEC_F2M_SupportAllLengths(apdu); break; case INS_ALLOCATEKEYPAIR: - AllocateKeyPairReturnDefCourve(apdu); + AllocateKeyPairReturnDefCurve(apdu); break; case INS_DERIVEECDHSECRET: DeriveECDHSecret(apdu); @@ -187,274 +203,279 @@ public class SimpleECCApplet extends javacard.framework.Applet case INS_TESTEC_GENERATEINVALID_FP: TestEC_FP_GenerateInvalidCurve(apdu); break; - case INS_TESTEC_LASTUSEDPARAMS: + case INS_TESTEC_LASTUSEDPARAMS: TestECSupportInvalidCurve_lastUsedParams(apdu); break; + case INS_TESTECSUPPORT_EXTERNAL: + TestEC_SupportExternal(apdu); + break; /* case INS_ALLOCATEKEYPAIRS: AllocateKeyPairs(apdu); break; -*/ +*/ case INS_GENERATEKEY: GenerateAndReturnKey(apdu); break; - default : + default: // The INS code is not supported by the dispatcher - ISOException.throwIt( ISO7816.SW_INS_NOT_SUPPORTED ) ; - break ; + ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED); + break; } - } - else ISOException.throwIt( ISO7816.SW_CLA_NOT_SUPPORTED); + } else ISOException.throwIt(ISO7816.SW_CLA_NOT_SUPPORTED); } - + short TestECSupport(byte keyClass, short keyLen, byte[] buffer, short bufferOffset) { short baseOffset = bufferOffset; - + short testFlags = FLAG_ECTEST_ALL; - ecKeyPair = null; ecPubKey = null; ecPrivKey = null; - - buffer[bufferOffset] = ECTEST_SEPARATOR; bufferOffset++; - buffer[bufferOffset] = keyClass; bufferOffset++; - Util.setShort(buffer, bufferOffset, keyLen); bufferOffset += 2; - + + buffer[bufferOffset] = ECTEST_SEPARATOR; + bufferOffset++; + buffer[bufferOffset] = keyClass; + bufferOffset++; + Util.setShort(buffer, bufferOffset, keyLen); + bufferOffset += 2; + + short sw; + // // 1. Allocate KeyPair object // - buffer[bufferOffset] = ECTEST_ALLOCATE_KEYPAIR; bufferOffset++; + buffer[bufferOffset] = ECTEST_ALLOCATE_KEYPAIR; + bufferOffset++; + sw = SW_SKIPPED; if ((testFlags & FLAG_ECTEST_ALLOCATE_KEYPAIR) != (short) 0) { - try { - ecKeyPair = new KeyPair(keyClass, keyLen); - Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR); bufferOffset += 2; - } - catch (CryptoException e) { - Util.setShort(buffer, bufferOffset, e.getReason()); bufferOffset += 2; - testFlags = 0; // Can't continue if keypair was not allocated - } - catch (Exception e) { - Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN); - bufferOffset += 2; - testFlags = 0; // Can't continue if keypair was not allocated + sw = ecKeyGenerator.allocatePair(keyClass, keyLen); + + if (sw != ISO7816.SW_NO_ERROR) { + testFlags = 0; //keyPair allocation failed, cannot continue with tests } - } else { - Util.setShort(buffer, bufferOffset, SW_SKIPPED); - bufferOffset += 2; - } + } + Util.setShort(buffer, bufferOffset, sw); + bufferOffset += 2; + // // 2. Test keypair generation without explicit curve (=> default curve preset) // buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_DEFCURVE; bufferOffset++; + sw = SW_SKIPPED; if ((testFlags & FLAG_ECTEST_GENERATE_KEYPAIR_DEFCURVE) != (short) 0) { - try { - ecKeyPair.genKeyPair(); - Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR); - bufferOffset += 2; - } catch (CryptoException e) { - Util.setShort(buffer, bufferOffset, e.getReason()); - bufferOffset += 2; - } - catch (Exception e) { - Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN); - bufferOffset += 2; - } - } else { - Util.setShort(buffer, bufferOffset, SW_SKIPPED); - bufferOffset += 2; + sw = ecKeyGenerator.generatePair(); } + Util.setShort(buffer, bufferOffset, sw); + bufferOffset += 2; // // 3. Set valid custom curve // buffer[bufferOffset] = ECTEST_SET_VALIDCURVE; bufferOffset++; + sw = SW_SKIPPED; if ((testFlags & FLAG_ECTEST_SET_VALIDCURVE) != (short) 0) { - try { - ecPubKey = (ECPublicKey) ecKeyPair.getPublic(); - ecPrivKey = (ECPrivateKey) ecKeyPair.getPrivate(); - // Some implementation wil not return valid pub key until ecKeyPair.genKeyPair() is called - // Other implementation will fail with exception if same is called => try catch - try { - if (ecPubKey == null) { - ecKeyPair.genKeyPair(); - } - } catch (Exception e) {} // do intentionally nothing + sw = ecKeyGenerator.setCustomCurve(keyClass, keyLen, m_ramArray, (short) 0); - // Initialize curve parameters - EC_Consts.setValidECKeyParams(ecPubKey, ecPrivKey, keyClass, keyLen, m_ramArray); - Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR); - bufferOffset += 2; - } catch (CryptoException e) { - Util.setShort(buffer, bufferOffset, e.getReason()); - bufferOffset += 2; - testFlags &= ~FLAG_ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE; // Don't try generate keypair if valid custom curve was not set - } - catch (Exception e) { - Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN); - bufferOffset += 2; - testFlags &= ~FLAG_ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE; // Don't try generate keypair if valid custom curve was not set + if (sw != ISO7816.SW_NO_ERROR) { + testFlags &= ~FLAG_ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE; } - } else { - Util.setShort(buffer, bufferOffset, SW_SKIPPED); - bufferOffset += 2; } + Util.setShort(buffer, bufferOffset, sw); + bufferOffset += 2; // // 4. Generate keypair with custom curve // buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE; bufferOffset++; + sw = SW_SKIPPED; if ((testFlags & FLAG_ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE) != (short) 0) { - try { - ecKeyPair.genKeyPair(); - Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR); - bufferOffset += 2; - } catch (CryptoException e) { - Util.setShort(buffer, bufferOffset, e.getReason()); - bufferOffset += 2; - } catch (Exception e) { - Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN); - bufferOffset += 2; - } - } else { - Util.setShort(buffer, bufferOffset, SW_SKIPPED); - bufferOffset += 2; + sw = ecKeyGenerator.generatePair(); } - + Util.setShort(buffer, bufferOffset, sw); + bufferOffset += 2; + // // 5. ECDH agreement with valid public key // buffer[bufferOffset] = ECTEST_ECDH_AGREEMENT_VALID_POINT; bufferOffset++; + sw = SW_SKIPPED; if ((testFlags & FLAG_ECTEST_ECDH_AGREEMENT_VALID_POINT) != (short) 0) { - try { - // Generate fresh EC keypair - ecKeyPair.genKeyPair(); - ecPubKey = (ECPublicKey) ecKeyPair.getPublic(); - ecPrivKey = (ECPrivateKey) ecKeyPair.getPrivate(); - if (dhKeyAgreement == null) { - dhKeyAgreement = KeyAgreement.getInstance(KeyAgreement.ALG_EC_SVDP_DH, false); - } - dhKeyAgreement.init(ecPrivKey); - - short pubKeyLen = ecPubKey.getW(m_ramArray, (short) 0); - short secretLen = dhKeyAgreement.generateSecret(m_ramArray, (short) 0, pubKeyLen, m_ramArray2, (short) 0); - - Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR); - bufferOffset += 2; - } catch (CryptoException e) { - Util.setShort(buffer, bufferOffset, e.getReason()); - bufferOffset += 2; - } catch (Exception e) { - Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN); - bufferOffset += 2; + sw = ecKeyGenerator.generatePair(); + if (sw == ISO7816.SW_NO_ERROR) { + ecPubKey = ecKeyGenerator.getPublicKey(); + ecPrivKey = ecKeyGenerator.getPrivateKey(); + sw = ecKeyTester.testECDH_validPoint(ecPrivKey, ecPubKey, m_ramArray, (short) 0, m_ramArray2, (short) 0); } - } else { - Util.setShort(buffer, bufferOffset, SW_SKIPPED); - bufferOffset += 2; } - + Util.setShort(buffer, bufferOffset, sw); + bufferOffset += 2; + // // 6. ECDH agreement with invalid public key // buffer[bufferOffset] = ECTEST_ECDH_AGREEMENT_INVALID_POINT; bufferOffset++; + sw = SW_SKIPPED; if ((testFlags & FLAG_ECTEST_ECDH_AGREEMENT_INVALID_POINT) != (short) 0) { - try { - // Generate fresh EC keypair - ecKeyPair.genKeyPair(); - ecPubKey = (ECPublicKey) ecKeyPair.getPublic(); - ecPrivKey = (ECPrivateKey) ecKeyPair.getPrivate(); - dhKeyAgreement.init(ecPrivKey); + sw = ecKeyGenerator.generatePair(); + if (sw == ISO7816.SW_NO_ERROR) { + ecPubKey = ecKeyGenerator.getPublicKey(); + ecPrivKey = ecKeyGenerator.getPrivateKey(); + sw = ecKeyTester.testECDH_invalidPoint(ecPrivKey, ecPubKey, m_ramArray, (short) 0, m_ramArray2, (short) 1); + } + } + Util.setShort(buffer, bufferOffset, sw); + bufferOffset += 2; - short pubKeyLen = ecPubKey.getW(m_ramArray, (short) 0); - m_ramArray[(byte) 10] = (byte) 0xcc; // Corrupt public key - m_ramArray[(byte) 11] = (byte) 0xcc; - short secretLen = dhKeyAgreement.generateSecret(m_ramArray, (short) 0, pubKeyLen, m_ramArray2, (short) 0); + // + // 7. ECDSA test + // + buffer[bufferOffset] = ECTEST_ECDSA_SIGNATURE; + bufferOffset++; + sw = SW_SKIPPED; + if ((testFlags & FLAG_ECTEST_ECDSA_SIGNATURE) != (short) 0) { + sw = ecKeyGenerator.generatePair(); + if (sw == ISO7816.SW_NO_ERROR) { + ecPubKey = ecKeyGenerator.getPublicKey(); + ecPrivKey = ecKeyGenerator.getPrivateKey(); + sw = ecKeyTester.testECDSA(ecPrivKey, ecPubKey, m_ramArray2, (short) 0, (short) m_ramArray2.length, m_ramArray, (short) 0); + } + } + Util.setShort(buffer, bufferOffset, sw); + bufferOffset += 2; - Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR); - bufferOffset += 2; - } catch (CryptoException e) { - Util.setShort(buffer, bufferOffset, e.getReason()); - bufferOffset += 2; - } catch (Exception e) { - Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN); - bufferOffset += 2; + // + // 8. Set anomalous custom curve + // + buffer[bufferOffset] = ECTEST_SET_ANOMALOUSCURVE; + bufferOffset++; + sw = SW_SKIPPED; + if ((testFlags & FLAG_ECTEST_SET_ANOMALOUSCURVE) != (short) 0) { + if (keyClass == KeyPair.ALG_EC_FP) { //Only FP supported at the moment + sw = ecKeyGenerator.setCustomAnomalousCurve(keyClass, keyLen, m_ramArray, (short) 0); + } + if (sw != ISO7816.SW_NO_ERROR) { + testFlags &= ~FLAG_ECTEST_GENERATE_KEYPAIR_ANOMALOUSCUVE; + testFlags &= ~FLAG_ECTEST_ECDH_AGREEMENT_SMALL_DEGREE_POINT; } - } else { - Util.setShort(buffer, bufferOffset, SW_SKIPPED); - bufferOffset += 2; } - + Util.setShort(buffer, bufferOffset, sw); + bufferOffset += 2; + // - // 7. Set invalid custom curve + // 9. Generate keypair with anomalous custom curve + // + + buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_ANOMALOUSCURVE; + bufferOffset++; + sw = SW_SKIPPED; + if ((testFlags & FLAG_ECTEST_GENERATE_KEYPAIR_ANOMALOUSCUVE) != (short) 0) { + sw = ecKeyGenerator.generatePair(); + if (sw != ISO7816.SW_NO_ERROR) { + testFlags &= ~FLAG_ECTEST_ECDH_AGREEMENT_SMALL_DEGREE_POINT; + } + } + Util.setShort(buffer, bufferOffset, sw); + bufferOffset += 2; + + // + // 10. Test small degree pubkey + // + + buffer[bufferOffset] = ECTEST_ECDH_AGREEMENT_SMALL_DEGREE_POINT; + bufferOffset++; + sw = SW_SKIPPED; + if ((testFlags & FLAG_ECTEST_ECDH_AGREEMENT_SMALL_DEGREE_POINT) != (short) 0) { + short pubLength = EC_Consts.getCurveParameter(EC_Consts.getAnomalousCurve(keyClass, keyLen), EC_Consts.PARAMETER_W, m_ramArray, (short) 0); + ecPrivKey = ecKeyGenerator.getPrivateKey(); + sw = ecKeyTester.testECDH(ecPrivKey, m_ramArray, (short) 0, pubLength, m_ramArray2, (short) 1); + } + Util.setShort(buffer, bufferOffset, sw); + bufferOffset += 2; + + // + // 11. Set invalid custom curve // buffer[bufferOffset] = ECTEST_SET_INVALIDCURVE; bufferOffset++; + sw = SW_SKIPPED; if ((testFlags & FLAG_ECTEST_SET_INVALIDCURVE) != (short) 0) { - try { - // Initialize curve parameters - EC_Consts.setInValidECKeyParams(ecPubKey, ecPrivKey, keyClass, keyLen, m_ramArray); - Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR); - bufferOffset += 2; - } catch (CryptoException e) { - Util.setShort(buffer, bufferOffset, e.getReason()); - bufferOffset += 2; - testFlags &= ~FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE; // Don't try generate keypair if invalid custom curve was not set - } catch (Exception e) { - Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN); - bufferOffset += 2; - testFlags &= ~FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE; // Don't try generate keypair if invalid custom curve was not set + sw = ecKeyGenerator.setCustomInvalidCurve(keyClass, keyLen, ECKeyGenerator.KEY_PUBLIC, EC_Consts.PARAMETER_B, EC_Consts.CORRUPTION_FIXED, m_ramArray, (short) 0); + + if (sw != ISO7816.SW_NO_ERROR) { + testFlags &= ~FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE; } - } else { - Util.setShort(buffer, bufferOffset, SW_SKIPPED); - bufferOffset += 2; } - + Util.setShort(buffer, bufferOffset, sw); + bufferOffset += 2; + // - // 8. Generate keypair with invalid custom curve + // 12. Generate keypair with invalid custom curve // buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE; bufferOffset++; + sw = SW_SKIPPED; if ((testFlags & FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE) != (short) 0) { - try { - ecKeyPair.genKeyPair(); - Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR); - bufferOffset += 2; - } catch (CryptoException e) { - Util.setShort(buffer, bufferOffset, e.getReason()); - bufferOffset += 2; - } catch (Exception e) { - Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN); - bufferOffset += 2; + sw = ecKeyGenerator.generatePair(); + } + Util.setShort(buffer, bufferOffset, sw); + bufferOffset += 2; + + // + // 13. Set invalid field + // + buffer[bufferOffset] = ECTEST_SET_INVALIDFIELD; + bufferOffset++; + sw = SW_SKIPPED; + if ((testFlags & FLAG_ECTEST_SET_INVALIDFIELD) != (short) 0) { + if (keyClass == KeyPair.ALG_EC_FP) + sw = ecKeyGenerator.setCustomInvalidCurve(keyClass, keyLen, ECKeyGenerator.KEY_BOTH, EC_Consts.PARAMETER_FP, EC_Consts.CORRUPTION_FULLRANDOM, m_ramArray, (short) 0); + else + sw = ecKeyGenerator.setCustomInvalidCurve(keyClass, keyLen, ECKeyGenerator.KEY_BOTH, EC_Consts.PARAMETER_F2M, EC_Consts.CORRUPTION_FULLRANDOM, m_ramArray, (short) 0); + + if (sw != ISO7816.SW_NO_ERROR) { + testFlags &= ~FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDFIELD; } - } else { - Util.setShort(buffer, bufferOffset, SW_SKIPPED); - bufferOffset += 2; } + Util.setShort(buffer, bufferOffset, sw); + bufferOffset += 2; + + // 14. Generate key with invalid field + buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_INVALIDFIELD; + bufferOffset++; + sw = SW_SKIPPED; + if ((testFlags & FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDFIELD) != (short) 0) { + sw = ecKeyGenerator.generatePair(); + } + Util.setShort(buffer, bufferOffset, sw); + bufferOffset += 2; return (short) (bufferOffset - baseOffset); } - + void TestEC_SupportGivenLength(APDU apdu) { byte[] apdubuf = apdu.getBuffer(); short len = apdu.setIncomingAndReceive(); short dataOffset = ISO7816.OFFSET_CDATA; - byte algType = apdubuf[dataOffset]; dataOffset++; + byte algType = apdubuf[dataOffset]; + dataOffset++; short keyLength = Util.getShort(apdubuf, dataOffset); dataOffset += 2; dataOffset = 0; dataOffset += TestECSupport(algType, keyLength, apdubuf, dataOffset); - + apdu.setOutgoingAndSend((short) 0, dataOffset); } - + void TestEC_FP_SupportAllLengths(APDU apdu) { byte[] apdubuf = apdu.getBuffer(); short len = apdu.setIncomingAndReceive(); @@ -470,7 +491,8 @@ public class SimpleECCApplet extends javacard.framework.Applet dataOffset += TestECSupport(KeyPair.ALG_EC_FP, (short) 521, apdubuf, dataOffset); apdu.setOutgoingAndSend((short) 0, dataOffset); - } + } + void TestEC_F2M_SupportAllLengths(APDU apdu) { byte[] apdubuf = apdu.getBuffer(); short len = apdu.setIncomingAndReceive(); @@ -481,10 +503,156 @@ public class SimpleECCApplet extends javacard.framework.Applet dataOffset += TestECSupport(KeyPair.ALG_EC_F2M, (short) 131, apdubuf, dataOffset); dataOffset += TestECSupport(KeyPair.ALG_EC_F2M, (short) 163, apdubuf, dataOffset); dataOffset += TestECSupport(KeyPair.ALG_EC_F2M, (short) 193, apdubuf, dataOffset); - + apdu.setOutgoingAndSend((short) 0, dataOffset); } - + + short TestECSupportExternalCurve(byte keyClass, short keyLength, byte[] buffer, short bufferOffset, short outputOffset) { + short startOffset = outputOffset; + + short fieldLength = Util.getShort(buffer, bufferOffset); + bufferOffset += 2; + short aLength = Util.getShort(buffer, bufferOffset); + bufferOffset += 2; + short bLength = Util.getShort(buffer, bufferOffset); + bufferOffset += 2; + short gxLength = Util.getShort(buffer, bufferOffset); + bufferOffset += 2; + short gyLength = Util.getShort(buffer, bufferOffset); + bufferOffset += 2; + short rLength = Util.getShort(buffer, bufferOffset); + bufferOffset += 2; + + buffer[outputOffset] = ECTEST_SEPARATOR; + outputOffset++; + + // allocatePair + buffer[outputOffset] = ECTEST_ALLOCATE_KEYPAIR; + outputOffset++; + short sw = ecKeyGenerator.allocatePair(keyClass, keyLength); + Util.setShort(buffer, outputOffset, sw); + outputOffset += 2; + if (sw != ISO7816.SW_NO_ERROR) { + return (short) (outputOffset - startOffset); + } + + // setExternalCurve + buffer[outputOffset] = ECTEST_SET_EXTERNALCURVE; + outputOffset++; + sw = ecKeyGenerator.setExternalCurve(ECKeyGenerator.KEY_BOTH, keyClass, buffer, bufferOffset, fieldLength, aLength, bLength, gxLength, gyLength, rLength); + Util.setShort(buffer, outputOffset, sw); + outputOffset += 2; + if (sw != ISO7816.SW_NO_ERROR) { + return (short) (outputOffset - startOffset); + } + + // generatePair + buffer[outputOffset] = ECTEST_GENERATE_KEYPAIR_EXTERNALCURVE; + outputOffset++; + sw = ecKeyGenerator.generatePair(); + Util.setShort(buffer, outputOffset, sw); + outputOffset += 2; + if (sw != ISO7816.SW_NO_ERROR) { + return (short) (outputOffset - startOffset); + } + + ecPubKey = ecKeyGenerator.getPublicKey(); + ecPrivKey = ecKeyGenerator.getPrivateKey(); + + // test_ECDH + buffer[outputOffset] = ECTEST_ECDH_AGREEMENT_VALID_POINT; + outputOffset++; + sw = ecKeyTester.testECDH_validPoint(ecPrivKey, ecPubKey, m_ramArray, (short) 0, m_ramArray2, (short) 0); + Util.setShort(buffer, outputOffset, sw); + outputOffset += 2; + if (sw != ISO7816.SW_NO_ERROR) { + return (short) (outputOffset - startOffset); + } + + // test_ECDH invalid + buffer[outputOffset] = ECTEST_ECDH_AGREEMENT_INVALID_POINT; + outputOffset++; + sw = ecKeyTester.testECDH_invalidPoint(ecPrivKey, ecPubKey, m_ramArray, (short) 0, m_ramArray2, (short) 0); + Util.setShort(buffer, outputOffset, sw); + outputOffset += 2; + if (sw != ISO7816.SW_NO_ERROR) { + return (short) (outputOffset - startOffset); + } + + // test_ECDSA + buffer[outputOffset] = ECTEST_ECDSA_SIGNATURE; + outputOffset++; + randomData.generateData(m_ramArray, (short) 0, (short) (ARRAY_LENGTH / 2)); + sw = ecKeyTester.testECDSA(ecPrivKey, ecPubKey, m_ramArray, (short) 0, (short) (ARRAY_LENGTH / 2), m_ramArray2, (short) 0); + Util.setShort(buffer, outputOffset, sw); + outputOffset += 2; + if (sw != ISO7816.SW_NO_ERROR) { + return (short) (outputOffset - startOffset); + } + + return (short) (outputOffset - startOffset); + } + + /** + * Receives an FP or F2M elliptic curve parameters in the APDU. + * Then allocates a new keypair, sets said curve and tries ECDH, ECDSA. + * APDU format: + * byte CLA = CLA_SIMPLEECCAPPLET + * byte INS = INS_TESTECSUPPORT_EXTERNAL + * byte P0 + * byte P1 + * <p> + * CDATA: + * byte keyClass -> KeyPair.ALG_EC_FP or KeyPair.ALG_EC_F2\M + * short keyLength + * short fieldLength + * short aLength + * short bLength + * short gxLength + * short gyLength + * short rLength + * field -> FP: prime / F2M: three or one short representing the reduction polynomial + * a + * b + * gx + * gy + * r + * short k + * <p> + * Response APDU format: + * CDATA: + * byte ECTEST_SEPARATOR + * byte ECTEST_ALLOCATE_KEYPAIR + * short sw + * byte ECTEST_SET_EXTERNALCURVE + * short sw + * byte ECTEST_GENERATE_KEYPAIR_EXTERNALCURVE + * short sw + * byte ECTEST_ECDH_AGREEMENT_VALID_POINT + * short sw + * byte ECTEST_ECDH_AGREEMENT_INVALID_POINT + * short sw + * byte ECTEST_ECDSA_SIGNATURE + * short sw + * + * @param apdu + */ + void TestEC_SupportExternal(APDU apdu) { + byte[] apdubuf = apdu.getBuffer(); + short len = apdu.setIncomingAndReceive(); + + short offset = ISO7816.OFFSET_CDATA; + byte keyClass = apdubuf[offset]; + ++offset; + short keyLength = Util.getShort(apdubuf, offset); + offset += 2; + + short dataLength = TestECSupportExternalCurve(keyClass, keyLength, apdubuf, offset, (short) 0); + + apdu.setOutgoingAndSend((short) 0, dataLength); + } + + void TestEC_FP_GenerateInvalidCurve(APDU apdu) { byte[] apdubuf = apdu.getBuffer(); short len = apdu.setIncomingAndReceive(); @@ -496,7 +664,7 @@ public class SimpleECCApplet extends javacard.framework.Applet offset += 2; byte bRewindOnSuccess = apdubuf[offset]; offset++; - + short dataOffset = 0; // FP @@ -504,13 +672,12 @@ public class SimpleECCApplet extends javacard.framework.Applet apdu.setOutgoingAndSend((short) 0, dataOffset); } - + short TestECSupportInvalidCurve(byte keyClass, short keyLen, byte[] buffer, short bufferOffset, short repeats, short corruptionType, byte bRewindOnSuccess) { short baseOffset = bufferOffset; short testFlags = FLAG_ECTEST_ALL; - ecKeyPair = null; ecPubKey = null; ecPrivKey = null; @@ -520,53 +687,46 @@ public class SimpleECCApplet extends javacard.framework.Applet bufferOffset++; Util.setShort(buffer, bufferOffset, keyLen); bufferOffset += 2; - + short numExecutionsOffset = bufferOffset; // num executions to be stored later bufferOffset += 2; + short sw; + // // 1. Allocate KeyPair object // buffer[bufferOffset] = ECTEST_ALLOCATE_KEYPAIR; bufferOffset++; + sw = SW_SKIPPED; if ((testFlags & FLAG_ECTEST_ALLOCATE_KEYPAIR) != (short) 0) { - try { - ecKeyPair = new KeyPair(keyClass, keyLen); - ecPrivKey = (ECPrivateKey) ecKeyPair.getPrivate(); - ecPubKey = (ECPublicKey) ecKeyPair.getPublic(); - // Some implementation wil not return valid pub key until ecKeyPair.genKeyPair() is called - // Other implementation will fail with exception if same is called => try catch - try { - if (ecPubKey == null) { - ecKeyPair.genKeyPair(); - } - } catch (Exception e) { - } // do intentionally nothing - Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR); - bufferOffset += 2; - } catch (CryptoException e) { - Util.setShort(buffer, bufferOffset, e.getReason()); - bufferOffset += 2; - testFlags = 0; // Can't continue if keypair was not allocated - } catch (Exception e) { - Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN); - bufferOffset += 2; - testFlags = 0; // Can't continue if keypair was not allocated + sw = ecKeyGenerator.allocatePair(keyClass, keyLen); + if (sw == ISO7816.SW_NO_ERROR) { + ecPrivKey = ecKeyGenerator.getPrivateKey(); + ecPubKey = ecKeyGenerator.getPublicKey(); + } else { + testFlags = 0; + } + + if (ecPubKey == null || ecPrivKey == null) { + ecKeyGenerator.generatePair(); + ecPrivKey = ecKeyGenerator.getPrivateKey(); + ecPubKey = ecKeyGenerator.getPublicKey(); } - } else { - Util.setShort(buffer, bufferOffset, SW_SKIPPED); - bufferOffset += 2; } + Util.setShort(buffer, bufferOffset, sw); + bufferOffset += 2; + // // 2. Set invalid custom curve (many times) // - EC_Consts.m_random = randomData; - EC_Consts.setValidECKeyParams(ecPubKey, ecPrivKey, keyClass, keyLen, m_ramArray); + sw = ecKeyGenerator.setCustomCurve(keyClass, keyLen, m_ramArray, (short) 0); + ecPrivKey = ecKeyGenerator.getPrivateKey(); + ecPubKey = ecKeyGenerator.getPublicKey(); + + m_lenB = ecPubKey.getB(m_ramArray2, (short) 0); //store valid B - m_lenB = ecPubKey.getB(m_ramArray, (short) 0); // store valid B - Util.arrayCopyNonAtomic(m_ramArray, (short) 0, m_ramArray2, (short) 0, m_lenB); // also in m_ramArray2 - short startOffset = bufferOffset; short i; for (i = 0; i < repeats; i++) { @@ -574,143 +734,76 @@ public class SimpleECCApplet extends javacard.framework.Applet if (bRewindOnSuccess == 1) { // if nothing unexpected happened, rewind bufferOffset back again bufferOffset = startOffset; - } + } - // Store valid curve B param - ecPubKey.getB(m_ramArray, (short) 0); // store valid B - Util.arrayCopyNonAtomic(m_ramArray, (short) 0, m_ramArray2, (short) 0, m_lenB); // also in m_ramArray2 + ecPubKey.getB(m_ramArray2, (short) 0); //store valid B // set invalid curve buffer[bufferOffset] = ECTEST_SET_INVALIDCURVE; bufferOffset++; - - // Supported types of invalid curve: - // 1. Completely random B - // 2. Valid B but with one random byte randomly changed - // 3. Valid B but with last byte incremented - switch (corruptionType) { - case CORRUPT_B_FULLRANDOM: - randomData.generateData(m_ramArray2, (short) 0, m_lenB); - break; - case CORRUPT_B_ONEBYTERANDOM: - // Copy valid B into m_ramArray2 - Util.arrayCopyNonAtomic(m_ramArray, (short) 0, m_ramArray2, (short) 0, m_lenB); - // Generate random position and one random byte for subsequent change - // Note - we are using same array m_ramArray2, but in area unsued by stored B - randomData.generateData(m_ramArray2, m_lenB, (short) 2); - short rngPos = m_ramArray2[m_lenB]; // random position (within B) - if (rngPos < 0) { rngPos = (short) -rngPos; } // make it positive - rngPos %= m_lenB; - m_ramArray2[rngPos] = m_ramArray2[(short) (m_lenB + 1)]; // set random byte on random position - // Make sure its not the valid byte again - if (m_ramArray[rngPos] == m_ramArray2[rngPos]) { - m_ramArray2[rngPos] += 1; // if yes, just increment - } - - break; - case CORRUPT_B_LASTBYTEINCREMENT: - m_ramArray2[(short) (m_lenB - 1)] += 1; - // Make sure its not the valid byte again - if (m_ramArray[(short) (m_lenB - 1)] == m_ramArray2[(short) (m_lenB - 1)]) { - m_ramArray2[(short) (m_lenB - 1)] += 1; // if yes, increment once more - } - break; - default: - ISOException.throwIt(SW_INVALID_CORRUPTION_TYPE); - break; - } - - - // Set corrupted B parameter - try { - ecPubKey.setB(m_ramArray2, (short) 0, m_lenB); - ecPrivKey.setB(m_ramArray2, (short) 0, m_lenB); - Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR); // ok if setB itself will not emit exception - bufferOffset += 2; - }catch (CryptoException e) { - Util.setShort(buffer, bufferOffset, e.getReason()); - bufferOffset += 2; - // if we reach this line, we are interested in value of B that caused incorrect response - break; // stop execution, return B - }catch (Exception e) { - Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN); - bufferOffset += 2; + // Supported types of invalid curve: + // CORRUPTION_NONE = 0x01, valid parameter + // CORRUPTION_FIXED = 0x02, first and last byte changed to a fixed value + // CORRUPTION_FULLRANDOM = 0x03, completely random parameter data + // CORRUPTION_ONEBYTERANDOM = 0x04, one random byte randomly changed + // CORRUPTION_ZERO = 0x05, parameter competely zero + // CORRUPTION_ONE = 0x06, parameter completely one + sw = ecKeyGenerator.setCustomInvalidCurve(keyClass, keyLen, ECKeyGenerator.KEY_BOTH, EC_Consts.PARAMETER_B, corruptionType, m_ramArray, (short) 0); + Util.setShort(buffer, bufferOffset, sw); + bufferOffset += 2; + if (sw != ISO7816.SW_NO_ERROR) { // if we reach this line, we are interested in value of B that caused incorrect response break; // stop execution, return B } // Gen key pair with invalid curve - try { - buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE; - bufferOffset++; - // Should fail - ecKeyPair.genKeyPair(); + + buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE; + bufferOffset++; + // Should fail + sw = ecKeyGenerator.generatePair(); + Util.setShort(buffer, bufferOffset, sw); + bufferOffset += 2; + + if (sw == ISO7816.SW_NO_ERROR) { // If this line is reached, we generated key pair - what should not happen - Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR); - bufferOffset += 2; - - // if we reach this line, we are interested in value of B - try { - buffer[bufferOffset] = ECTEST_DH_GENERATESECRET; - bufferOffset++; - ecPrivKey = (ECPrivateKey) ecKeyPair.getPrivate(); - if (dhKeyAgreement == null) { - dhKeyAgreement = KeyAgreement.getInstance(KeyAgreement.ALG_EC_SVDP_DH, false); - } - dhKeyAgreement.init(ecPrivKey); - short lenW = ecPubKey.getW(m_ramArray2, (short) 0); // store valid B - dhKeyAgreement.generateSecret(m_ramArray2, (short) 0, lenW, m_ramArray, (short) 0); - } catch (CryptoException e) { - Util.setShort(buffer, bufferOffset, e.getReason()); - bufferOffset += 2; - } catch (Exception e) { - Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN); - bufferOffset += 2; - } - - break; // stop execution, return B - } catch (CryptoException e) { - Util.setShort(buffer, bufferOffset, e.getReason()); - bufferOffset += 2; - } catch (Exception e) { - Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN); + buffer[bufferOffset] = ECTEST_DH_GENERATESECRET; + bufferOffset++; + + ecPrivKey = ecKeyGenerator.getPrivateKey(); + ecPubKey = ecKeyGenerator.getPublicKey(); + + sw = ecKeyTester.testECDH_validPoint(ecPrivKey, ecPubKey, m_ramArray, (short) 0, m_ramArray2, (short) 0); + m_lenB = ecPubKey.getB(m_ramArray2, (short) 0); //store B + //TODO: note, according to the previous version of this method, sw should get appended to the buffer only if sw != SW_NO_ERROR + Util.setShort(buffer, bufferOffset, sw); bufferOffset += 2; + break; //stop execution, return B } - - // + // Generate keypair with valid curve - to check that whole engine is not somehow blocked // after previous attempt with invalid curve // // set valid curve buffer[bufferOffset] = ECTEST_SET_VALIDCURVE; bufferOffset++; - EC_Consts.setValidECKeyParams(ecPubKey, ecPrivKey, keyClass, keyLen, m_ramArray); - - Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR); + sw = ecKeyGenerator.setCustomCurve(keyClass, keyLen, m_ramArray, (short) 0); + + Util.setShort(buffer, bufferOffset, sw); bufferOffset += 2; // Gen key pair with valid curve - try { - buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE; - bufferOffset++; - // Should succeed - ecKeyPair.genKeyPair(); - // If this line is reached, we generated valid key pair (expected) - Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR); - bufferOffset += 2; - } catch (CryptoException e) { - Util.setShort(buffer, bufferOffset, e.getReason()); - bufferOffset += 2; - // if we reach this line, we are interested in value of B that caused incorrect response - break; // stop execution, return B - } catch (Exception e) { - Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN); - bufferOffset += 2; - // if we reach this line, we are interested in value of B that caused incorrect response - break; // stop execution, return B + buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE; + bufferOffset++; + + sw = ecKeyGenerator.generatePair(); + Util.setShort(buffer, bufferOffset, sw); + bufferOffset += 2; + if (sw != ISO7816.SW_NO_ERROR) { + break; } - + // If we reach this line => everything was as expected // Rewind offset in array back (no storage of info about expected runs) // bufferOffset = startOffset; done at beginning @@ -719,25 +812,26 @@ public class SimpleECCApplet extends javacard.framework.Applet bufferOffset += 2; } } - + // Set number of executed repeats Util.setShort(buffer, numExecutionsOffset, i); - + return (short) (bufferOffset - baseOffset); } - + + //TODO: generalize invalid B setting to all curve params void TestECSupportInvalidCurve_lastUsedParams(APDU apdu) { byte[] apdubuf = apdu.getBuffer(); apdu.setIncomingAndReceive(); - + short offset = 0; Util.arrayCopyNonAtomic(m_ramArray2, (short) 0, apdubuf, offset, m_lenB); offset += m_lenB; - + apdu.setOutgoingAndSend((short) 0, offset); } - - void AllocateKeyPairReturnDefCourve(APDU apdu) { + + void AllocateKeyPairReturnDefCurve(APDU apdu) { byte[] apdubuf = apdu.getBuffer(); apdu.setIncomingAndReceive(); @@ -745,50 +839,38 @@ public class SimpleECCApplet extends javacard.framework.Applet // Note: all locations should happen in constructor. But here it is intentional // as we like to test for result of allocation - ecKeyPair = new KeyPair(KeyPair.ALG_EC_FP, bitLen); + ecKeyGenerator.allocatePair(KeyPair.ALG_EC_FP, bitLen); // If required, generate also new key pair if (apdubuf[ISO7816.OFFSET_P1] == (byte) 1) { - ecPubKey = (ECPublicKey) ecKeyPair.getPublic(); - ecPrivKey = (ECPrivateKey) ecKeyPair.getPrivate(); - // Some implementation wil not return valid pub key until ecKeyPair.genKeyPair() is called - // Other implementation will fail with exception if same is called => try catch - try { - if (ecPubKey == null) { - ecKeyPair.genKeyPair(); - } - } catch (Exception e) { - } // do nothing // If required, initialize curve parameters first if (apdubuf[ISO7816.OFFSET_P2] == (byte) 2) { - EC_Consts.setValidECKeyParams(ecPubKey, ecPrivKey, KeyPair.ALG_EC_FP, bitLen, m_ramArray); + ecKeyGenerator.setCustomCurve(KeyPair.ALG_EC_FP, bitLen, m_ramArray, (short) 0); } // Now generate new keypair with either default or custom curve - ecKeyPair.genKeyPair(); - ecPubKey = (ECPublicKey) ecKeyPair.getPublic(); - ecPrivKey = (ECPrivateKey) ecKeyPair.getPrivate(); + ecKeyGenerator.generatePair(); - short len = 0; + short len; short offset = 0; // Export curve public parameters offset += 2; // reserve space for length - len = ecPubKey.getField(apdubuf, offset); + len = ecKeyGenerator.exportParameter(ECKeyGenerator.KEY_PUBLIC, EC_Consts.PARAMETER_FP, apdubuf, offset); Util.setShort(apdubuf, (short) (offset - 2), len); offset += len; offset += 2; // reserve space for length - len = ecPubKey.getA(apdubuf, offset); + len = ecKeyGenerator.exportParameter(ECKeyGenerator.KEY_PUBLIC, EC_Consts.PARAMETER_A, apdubuf, offset); Util.setShort(apdubuf, (short) (offset - 2), len); offset += len; offset += 2; // reserve space for length - len = ecPubKey.getB(apdubuf, offset); + len = ecKeyGenerator.exportParameter(ECKeyGenerator.KEY_PUBLIC, EC_Consts.PARAMETER_B, apdubuf, offset); Util.setShort(apdubuf, (short) (offset - 2), len); offset += len; offset += 2; // reserve space for length - len = ecPubKey.getR(apdubuf, offset); + len = ecKeyGenerator.exportParameter(ECKeyGenerator.KEY_PUBLIC, EC_Consts.PARAMETER_R, apdubuf, offset); Util.setShort(apdubuf, (short) (offset - 2), len); offset += len; /* @@ -814,8 +896,8 @@ public class SimpleECCApplet extends javacard.framework.Applet } // Generate fresh EC keypair - ecKeyPair.genKeyPair(); - ecPrivKey = (ECPrivateKey) ecKeyPair.getPrivate(); + ecKeyGenerator.generatePair(); + ecPrivKey = ecKeyGenerator.getPrivateKey(); if (dhKeyAgreement == null) { dhKeyAgreement = KeyAgreement.getInstance(KeyAgreement.ALG_EC_SVDP_DH, false); @@ -832,76 +914,63 @@ public class SimpleECCApplet extends javacard.framework.Applet void GenerateAndReturnKey(APDU apdu) { byte[] apdubuf = apdu.getBuffer(); apdu.setIncomingAndReceive(); - - short bitLen = Util.getShort(apdubuf, ISO7816.OFFSET_CDATA); - short offset = 0; - + short offset = ISO7816.OFFSET_CDATA; + byte keyClass = apdubuf[offset]; + offset++; + + short keyLength = Util.getShort(apdubuf, offset); + offset += 2; + + byte anomalous = apdubuf[offset]; + + offset = 0; + switch (apdubuf[ISO7816.OFFSET_P1]) { case P1_SETCURVE: { - ecKeyPair = new KeyPair(KeyPair.ALG_EC_FP, bitLen); - - ecPubKey = (ECPublicKey) ecKeyPair.getPublic(); - ecPrivKey = (ECPrivateKey) ecKeyPair.getPrivate(); - // Some implementation wil not return valid pub key until ecKeyPair.genKeyPair() is called - // Other implementation will fail with exception if same is called => try catch - try { - if (ecPubKey == null) { - ecKeyPair.genKeyPair(); - } - } catch (Exception e) { - } // do nothing + ecKeyGenerator.allocatePair(keyClass, keyLength); - // If required, initialize curve parameters first - EC_Consts.setValidECKeyParams(ecPubKey, ecPrivKey, KeyPair.ALG_EC_FP, bitLen, m_ramArray); - + if (anomalous != 0) { + ecKeyGenerator.setCustomAnomalousCurve(keyClass, keyLength, m_ramArray, (short) 0); + } else { + ecKeyGenerator.setCustomCurve(keyClass, keyLength, m_ramArray, (short) 0); + } + ecKeyGenerator.generatePair(); + ecPubKey = ecKeyGenerator.getPublicKey(); + ecPrivKey = ecKeyGenerator.getPrivateKey(); break; } case P1_GENERATEKEYPAIR: { // Assumption: proper EC keyPair is already allocated and initialized - ecKeyPair.genKeyPair(); - ecPubKey = (ECPublicKey) ecKeyPair.getPublic(); - ecPrivKey = (ECPrivateKey) ecKeyPair.getPrivate(); + short sw = ecKeyGenerator.generatePair(); + if (sw != ISO7816.SW_NO_ERROR) { + ISOException.throwIt(sw); + } + ecPubKey = ecKeyGenerator.getPublicKey(); + ecPrivKey = ecKeyGenerator.getPrivateKey(); offset = 0; apdubuf[offset] = EC_Consts.TAG_ECPUBKEY; offset++; offset += 2; // reserve space for length - short len = ecPubKey.getW(apdubuf, offset); + short len = ecKeyGenerator.exportParameter(ECKeyGenerator.KEY_PUBLIC, EC_Consts.PARAMETER_W, apdubuf, offset); Util.setShort(apdubuf, (short) (offset - 2), len); offset += len; apdubuf[offset] = EC_Consts.TAG_ECPRIVKEY; offset++; offset += 2; // reserve space for length - len = ecPrivKey.getS(apdubuf, offset); + len = ecKeyGenerator.exportParameter(ECKeyGenerator.KEY_PRIVATE, EC_Consts.PARAMETER_S, apdubuf, offset); Util.setShort(apdubuf, (short) (offset - 2), len); offset += len; - break; } - default: + default: ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2); } - - apdu.setOutgoingAndSend((short) 0, offset); } - - - - - - - - - - - - - - /* void AllocateKeyPair(byte algorithm, short bitLen) { // Select proper attributes @@ -951,6 +1020,7 @@ public class SimpleECCApplet extends javacard.framework.Applet } -*/ +*/ + } diff --git a/src/simpleapdu/CardMngr.java b/src/simpleapdu/CardMngr.java index d778bc8..ae8bd55 100644 --- a/src/simpleapdu/CardMngr.java +++ b/src/simpleapdu/CardMngr.java @@ -105,7 +105,10 @@ public class CardMngr { return true; } - + + public boolean isConnected() { + return m_card != null; + } public void DisconnectFromCard() throws Exception { if (m_card != null) { @@ -191,7 +194,7 @@ public class CardMngr { if (responseAPDU.getSW1() == (byte) 0x61) { CommandAPDU apduToSend = new CommandAPDU((byte) 0x00, (byte) 0xC0, (byte) 0x00, (byte) 0x00, - (int) responseAPDU.getSW1()); + responseAPDU.getSW1()); responseAPDU = m_channel.transmit(apduToSend); System.out.println(bytesToHex(responseAPDU.getBytes())); diff --git a/src/simpleapdu/DirtyLogger.java b/src/simpleapdu/DirtyLogger.java index 69e5e65..c06571b 100644 --- a/src/simpleapdu/DirtyLogger.java +++ b/src/simpleapdu/DirtyLogger.java @@ -1,14 +1,7 @@ -/* - * To change this license header, choose License Headers in Project Properties. - * To change this template file, choose Tools | Templates - * and open the template in the editor. - */ package simpleapdu; import java.io.FileOutputStream; import java.io.IOException; -import java.util.logging.Level; -import java.util.logging.Logger; /** * @@ -17,6 +10,7 @@ import java.util.logging.Logger; public class DirtyLogger { FileOutputStream m_logFile; boolean m_bOutputSystemOut = true; + public DirtyLogger(FileOutputStream logFile, boolean bOutputSystemOut) { m_logFile = logFile; m_bOutputSystemOut = bOutputSystemOut; @@ -47,4 +41,8 @@ public class DirtyLogger { } catch (IOException ex) { } } + + void close() throws IOException { + m_logFile.close(); + } } diff --git a/src/simpleapdu/SimpleAPDU.java b/src/simpleapdu/SimpleAPDU.java index 575f562..4f291f0 100644 --- a/src/simpleapdu/SimpleAPDU.java +++ b/src/simpleapdu/SimpleAPDU.java @@ -2,206 +2,296 @@ package simpleapdu; import applets.EC_Consts; import applets.SimpleECCApplet; -import java.io.FileNotFoundException; -import java.io.FileOutputStream; -import java.io.IOException; -import java.util.Arrays; import javacard.framework.ISO7816; import javacard.security.CryptoException; import javacard.security.KeyPair; +import org.apache.commons.cli.CommandLine; +import org.apache.commons.cli.CommandLineParser; +import org.apache.commons.cli.DefaultParser; +import org.apache.commons.cli.HelpFormatter; +import org.apache.commons.cli.Option; +import org.apache.commons.cli.Options; +import org.apache.commons.cli.ParseException; + import javax.smartcardio.ResponseAPDU; +import java.io.FileNotFoundException; +import java.io.FileOutputStream; +import java.io.IOException; +import java.util.Arrays; + /** - * * @author Petr Svenda petr@svenda.com */ public class SimpleAPDU { - static CardMngr cardManager = new CardMngr(); - static DirtyLogger m_SystemOutLogger = null; - - private final static byte SELECT_ECTESTERAPPLET[] = {(byte) 0x00, (byte) 0xa4, (byte) 0x04, (byte) 0x00, (byte) 0x0a, - (byte) 0x45, (byte) 0x43, (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x65, (byte) 0x72, (byte) 0x30, (byte) 0x31}; + private CardMngr cardManager = new CardMngr(); + private DirtyLogger systemOutLogger = null; + + private CommandLineParser cliParser = new DefaultParser(); + private Options opts = new Options(); + private static final String cliHeader = ""; + private static final String cliFooter = ""; + + private final static byte SELECT_ECTESTERAPPLET[] = {(byte) 0x00, (byte) 0xa4, (byte) 0x04, (byte) 0x00, (byte) 0x0a, + (byte) 0x45, (byte) 0x43, (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x65, (byte) 0x72, (byte) 0x30, (byte) 0x31}; private static final byte TESTECSUPPORTALL_FP[] = {(byte) 0xB0, (byte) 0x5E, (byte) 0x00, (byte) 0x00, (byte) 0x00}; private static final byte TESTECSUPPORTALL_F2M[] = {(byte) 0xB0, (byte) 0x5F, (byte) 0x00, (byte) 0x00, (byte) 0x00}; private static final byte TESTECSUPPORT_GIVENALG[] = {(byte) 0xB0, (byte) 0x71, (byte) 0x00, (byte) 0x00, (byte) 0x03, (byte) 0x00, (byte) 0x00, (byte) 0x00}; private static final short TESTECSUPPORT_ALG_OFFSET = 5; private static final short TESTECSUPPORT_KEYLENGTH_OFFSET = 6; - + private static final byte TESTECSUPPORTALL_LASTUSEDPARAMS[] = {(byte) 0xB0, (byte) 0x40, (byte) 0x00, (byte) 0x00, (byte) 0x00}; - + private static final byte TESTECSUPPORTALL_FP_KEYGEN_INVALIDCURVEB[] = {(byte) 0xB0, (byte) 0x70, (byte) 0x00, (byte) 0x00, (byte) 0x05, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00}; private static final short INVALIDCURVEB_NUMREPEATS_OFFSET = 5; private static final short INVALIDCURVEB_CORRUPTIONTYPE_OFFSET = 7; private static final short INVALIDCURVEB_REWINDONSUCCESS_OFFSET = 9; - - private static final byte TESTECSUPPORT_GENERATEECCKEY[] = {(byte) 0xB0, (byte) 0x5a, (byte) 0x00, (byte) 0x00, (byte) 0x02, (byte) 0x00, (byte) 0x00}; - + + private static final byte TESTECSUPPORT_GENERATEECCKEY[] = {(byte) 0xB0, (byte) 0x5a, (byte) 0x00, (byte) 0x00, (byte) 0x04, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00}; + private static final short GENERATEECKEY_ALG_OFFSET = 5; + private static final short GENERATEECKEY_KEYLENGTH_OFFSET = 6; + private static final short GENERATEECKEY_ANOMALOUS_OFFSET = 8; + + + public void run(String[] args) { + try { + //parse cmd args + CommandLine cli = parseArgs(args); + + //byte[] installData = new byte[10]; + //byte[] AID = {(byte) 0x4C, (byte) 0x61, (byte) 0x62, (byte) 0x61, (byte) 0x6B, (byte) 0x41, (byte) 0x70, (byte) 0x70, (byte) 0x6C, (byte) 0x65, (byte) 0x74}; + //cardManager.prepareLocalSimulatorApplet(AID, installData, SimpleECCApplet.class); + + //do stuff + if (cli.hasOption("help")) { + HelpFormatter help = new HelpFormatter(); + help.printHelp("SimpleAPDU", cliHeader, opts, cliFooter); + } else { + //open log(only when actually doing something) + String logFileName = cli.getOptionValue("output-file", String.format("ECTESTER_log_%d.log", System.currentTimeMillis())); + FileOutputStream stdoutStream = new FileOutputStream(logFileName); + systemOutLogger = new DirtyLogger(stdoutStream, true); + + boolean fp = cli.hasOption("fp"); + boolean f2m = cli.hasOption("f2m"); + if (!fp && !f2m) { + fp = true; + f2m = true; + } + int genAmount = Integer.parseInt(cli.getOptionValue("generate", "0")); + int keyLength = Integer.parseInt(cli.getOptionValue("b", "192")); + + if (cli.hasOption("generate")) { + //generate EC keys + if (fp) { + generateECKeys(genAmount, KeyPair.ALG_EC_FP, (short) keyLength, cli.hasOption("anomalous")); + } + if (f2m) { + generateECKeys(genAmount, KeyPair.ALG_EC_F2M, (short) keyLength, cli.hasOption("anomalous")); + } + } else if (cli.hasOption("test")) { + if (cli.hasOption("bit-length")) { + //test only one bitsize + if (fp) { + testSupportECFp((short) keyLength); + } + if (f2m) { + testSupportECFp((short) keyLength); + } + } else { + //test default bit sizes + testSupportECAll(fp, f2m); + testFPkeyGen((short) 10, EC_Consts.CORRUPTION_ONEBYTERANDOM, true); + } + } else { + systemOutLogger.println("You need to specify one of -t / -g [num] commands."); + } + + //close log + systemOutLogger.close(); + } + + //disconnect + cardManager.DisconnectFromCard(); + } catch (Exception ex) { + if (systemOutLogger != null) { + systemOutLogger.println("Exception : " + ex); + } + } + } + + private CommandLine parseArgs(String[] args) throws ParseException { + + opts.addOption("h", "help", false, "show this help"); + opts.addOption(Option.builder("g") + .longOpt("generate") + .hasArg() + .optionalArg(true) + .argName("num") + .desc("generate EC keys").build()); + opts.addOption("t", "test", false, "test EC support (default)"); + opts.addOption(Option.builder("b") + .longOpt("bit-length") + .hasArg() + .argName("bits") + .desc("set EC bit size").build()); + opts.addOption("f2m", "use EC over binary-fields"); + opts.addOption("fp", "user EC over prime-fields (default)"); + opts.addOption("s", "anomalous", false, "generate anomalous (non-prime order, small pubkey order) curves"); + opts.addOption(Option.builder("o") + .longOpt("output-file") + .hasArg() + .argName("file") + .desc("output file to log to").build()); + return cliParser.parse(opts, args); + } + static short getShort(byte[] array, int offset) { - return (short) (((array[offset] & 0xFF) << 8) | (array[offset + 1] & 0xFF)); + return (short) (((array[offset] & 0xFF) << 8) | (array[offset + 1] & 0xFF)); } + static void setShort(byte[] array, int offset, short value) { array[offset + 1] = (byte) (value & 0xFF); array[offset] = (byte) ((value >> 8) & 0xFF); - } - static void testFPkeyGen_setNumRepeats(byte[] apduArray, short numRepeats) { - setShort(apduArray, INVALIDCURVEB_NUMREPEATS_OFFSET, numRepeats); - } - static void testFPkeyGen_setCorruptionType(byte[] apduArray, short corruptionType) { - setShort(apduArray, INVALIDCURVEB_CORRUPTIONTYPE_OFFSET, corruptionType); - } - static void testFPkeyGen_rewindOnSuccess(byte[] apduArray, boolean bRewind) { - apduArray[INVALIDCURVEB_REWINDONSUCCESS_OFFSET] = bRewind ? (byte) 1 : (byte) 0; } - static CardMngr ReconnnectToCard() throws Exception { - cardManager.DisconnectFromCard(); - if (cardManager.ConnectToCard()) { + private boolean ReconnnectToCard() throws Exception { + if (cardManager.isConnected()) { + cardManager.DisconnectFromCard(); + } + + boolean result = cardManager.ConnectToCard(); + if (result) { // Select our application on card cardManager.sendAPDU(SELECT_ECTESTERAPPLET); } - return cardManager; + return result; + } + + private void testFPkeyGen(short numRepeats, short corruptionType, boolean bRewind) throws Exception { + byte[] apdu = Arrays.copyOf(TESTECSUPPORTALL_FP_KEYGEN_INVALIDCURVEB, TESTECSUPPORTALL_FP_KEYGEN_INVALIDCURVEB.length); + setShort(apdu, INVALIDCURVEB_NUMREPEATS_OFFSET, numRepeats); + setShort(apdu, INVALIDCURVEB_CORRUPTIONTYPE_OFFSET, corruptionType); + apdu[INVALIDCURVEB_REWINDONSUCCESS_OFFSET] = bRewind ? (byte) 1 : (byte) 0; + + ReconnnectToCard(); + ResponseAPDU resp_fp_keygen = cardManager.sendAPDU(apdu); + ResponseAPDU resp_keygen_params = cardManager.sendAPDU(TESTECSUPPORTALL_LASTUSEDPARAMS); + PrintECKeyGenInvalidCurveB(resp_fp_keygen); + PrintECKeyGenInvalidCurveB_lastUserParams(resp_keygen_params); } - - static void testSupportECGivenAlg(byte[] apdu, CardMngr cardManager) throws Exception { + + private void testSupportECGivenAlg(short keyLength, byte keyClass) throws Exception { + byte[] apdu = Arrays.copyOf(TESTECSUPPORT_GIVENALG, TESTECSUPPORT_GIVENALG.length); + apdu[TESTECSUPPORT_ALG_OFFSET] = keyClass; + setShort(apdu, TESTECSUPPORT_KEYLENGTH_OFFSET, keyLength); + ReconnnectToCard(); ResponseAPDU resp = cardManager.sendAPDU(apdu); + //byte[] resp = cardManager.sendAPDUSimulator(apdu); PrintECSupport(resp); } - static void testSupportECAll(CardMngr cardManager) throws Exception { - byte[] testAPDU = Arrays.copyOf(TESTECSUPPORT_GIVENALG, TESTECSUPPORT_GIVENALG.length); - testAPDU[TESTECSUPPORT_ALG_OFFSET] = KeyPair.ALG_EC_FP; - setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 128); - testSupportECGivenAlg(testAPDU, cardManager); - setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 160); - testSupportECGivenAlg(testAPDU, cardManager); - setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 192); - testSupportECGivenAlg(testAPDU, cardManager); - setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 224); - testSupportECGivenAlg(testAPDU, cardManager); - setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 256); - testSupportECGivenAlg(testAPDU, cardManager); - setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 384); - testSupportECGivenAlg(testAPDU, cardManager); - setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 521); - testSupportECGivenAlg(testAPDU, cardManager); - - testAPDU[TESTECSUPPORT_ALG_OFFSET] = KeyPair.ALG_EC_F2M; - setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 113); - testSupportECGivenAlg(testAPDU, cardManager); - setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 131); - testSupportECGivenAlg(testAPDU, cardManager); - setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 163); - testSupportECGivenAlg(testAPDU, cardManager); - setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 193); - testSupportECGivenAlg(testAPDU, cardManager); - + private void testSupportECFp(short keyLength) throws Exception { + testSupportECGivenAlg(keyLength, KeyPair.ALG_EC_FP); } - public static void main(String[] args) throws FileNotFoundException, IOException { - String logFileName = String.format("ECTESTER_log_%d.log", System.currentTimeMillis()); - FileOutputStream systemOutLogger = new FileOutputStream(logFileName); - m_SystemOutLogger = new DirtyLogger(systemOutLogger, true); - try { - // Gather large number of ECC keypairs - if (cardManager.ConnectToCardSelect()) { - cardManager.sendAPDU(SELECT_ECTESTERAPPLET); - - String keyFileName = String.format("ECKEYS_%d.log", System.currentTimeMillis()); - FileOutputStream keysFile = new FileOutputStream(keyFileName); + private void testSupportECF2m(short keyLength) throws Exception { + testSupportECGivenAlg(keyLength, KeyPair.ALG_EC_F2M); + } - String message = "index;pubW;privS\n"; - keysFile.write(message.getBytes()); - byte[] gatherKeyAPDU = Arrays.copyOf(TESTECSUPPORT_GENERATEECCKEY, TESTECSUPPORT_GENERATEECCKEY.length); - // Prepare keypair object - gatherKeyAPDU[ISO7816.OFFSET_P1] = SimpleECCApplet.P1_SETCURVE; - setShort(gatherKeyAPDU, (short) 5, (short) 192); // ecc length - ResponseAPDU respGather = cardManager.sendAPDU(gatherKeyAPDU); + private void testSupportECAll(boolean testFp, boolean testF2m) throws Exception { + if (testFp) { + testSupportECFp((short) 128); + testSupportECFp((short) 192); + testSupportECFp((short) 224); + testSupportECFp((short) 256); + testSupportECFp((short) 384); + testSupportECFp((short) 521); + } - // Generate new keypair - gatherKeyAPDU[ISO7816.OFFSET_P1] = SimpleECCApplet.P1_GENERATEKEYPAIR; - int counter = 0; - while (true) { - counter++; - long elapsed = -System.nanoTime(); - respGather = cardManager.sendAPDU(gatherKeyAPDU); - elapsed += System.nanoTime(); - - byte[] data = respGather.getData(); - int offset = 0; - String pubKeyW = ""; - String privKeyS = ""; - if (data[offset] == EC_Consts.TAG_ECPUBKEY) { - offset++; - short len = getShort(data, offset); - offset += 2; - pubKeyW = CardMngr.bytesToHex(data, offset, len, false); - offset += len; - } - if (data[offset] == EC_Consts.TAG_ECPRIVKEY) { - offset++; - short len = getShort(data, offset); - offset += 2; - privKeyS = CardMngr.bytesToHex(data, offset, len, false); - offset += len; - } - - message = String.format("%d;%d;%s;%s\n", counter, elapsed / 1000000, pubKeyW, privKeyS); - keysFile.write(message.getBytes()); + if (testF2m) { + testSupportECF2m((short) 113); + testSupportECF2m((short) 131); + testSupportECF2m((short) 163); + testSupportECF2m((short) 193); + } + } - m_SystemOutLogger.flush(); - keysFile.flush(); - } + private void generateECKeys(int amount, byte keyClass, short keyLength, boolean anomalous) throws Exception { + if (cardManager.ConnectToCardSelect()) { + cardManager.sendAPDU(SELECT_ECTESTERAPPLET); + + String keyFileName = String.format("ECKEYS_%s_%d.log", keyClass == KeyPair.ALG_EC_FP ? "fp" : "f2m", System.currentTimeMillis()); + FileOutputStream keysFile = new FileOutputStream(keyFileName); + + String message = "index;time;pubW;privS\n"; + keysFile.write(message.getBytes()); + byte[] gatherKeyAPDU = Arrays.copyOf(TESTECSUPPORT_GENERATEECCKEY, TESTECSUPPORT_GENERATEECCKEY.length); + // Prepare keypair object + gatherKeyAPDU[ISO7816.OFFSET_P1] = SimpleECCApplet.P1_SETCURVE; + gatherKeyAPDU[GENERATEECKEY_ALG_OFFSET] = keyClass; + setShort(gatherKeyAPDU, GENERATEECKEY_KEYLENGTH_OFFSET, keyLength); + gatherKeyAPDU[GENERATEECKEY_ANOMALOUS_OFFSET] = anomalous ? (byte) 1 : (byte) 0; + + ResponseAPDU respGather = cardManager.sendAPDU(gatherKeyAPDU); + if (respGather.getSW() != ISO7816.SW_NO_ERROR) { + systemOutLogger.println(String.format("Card error: %x", respGather.getSW())); + keysFile.close(); + return; } - if (cardManager.ConnectToCard()) { - byte[] testAPDU2 = Arrays.copyOf(TESTECSUPPORT_GIVENALG, TESTECSUPPORT_GIVENALG.length); - testAPDU2[TESTECSUPPORT_ALG_OFFSET] = KeyPair.ALG_EC_FP; - setShort(testAPDU2, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 384); - testSupportECGivenAlg(testAPDU2, cardManager); - - testSupportECAll(cardManager); - - // Test setting invalid parameter B of curve - byte[] testAPDU = Arrays.copyOf(TESTECSUPPORTALL_FP_KEYGEN_INVALIDCURVEB, TESTECSUPPORTALL_FP_KEYGEN_INVALIDCURVEB.length); - //testFPkeyGen_setCorruptionType(testAPDU, SimpleECCApplet.CORRUPT_B_LASTBYTEINCREMENT); - testFPkeyGen_setCorruptionType(testAPDU, SimpleECCApplet.CORRUPT_B_ONEBYTERANDOM); - //testFPkeyGen_setCorruptionType(testAPDU, SimpleECCApplet.CORRUPT_B_FULLRANDOM); - testFPkeyGen_setNumRepeats(testAPDU, (short) 10); - testFPkeyGen_rewindOnSuccess(testAPDU, true); - ReconnnectToCard(); - ResponseAPDU resp_fp_keygen = cardManager.sendAPDU(testAPDU); - ResponseAPDU resp_keygen_params = cardManager.sendAPDU(TESTECSUPPORTALL_LASTUSEDPARAMS); - PrintECKeyGenInvalidCurveB(resp_fp_keygen); - PrintECKeyGenInvalidCurveB_lastUserParams(resp_keygen_params); + // Generate new keypair + gatherKeyAPDU[ISO7816.OFFSET_P1] = SimpleECCApplet.P1_GENERATEKEYPAIR; + int counter = 0; + while (true) { + counter++; + long elapsed = -System.nanoTime(); + respGather = cardManager.sendAPDU(gatherKeyAPDU); + elapsed += System.nanoTime(); - /* - // Test support for different types of curves - ReconnnectToCard(); - ResponseAPDU resp_fp = cardManager.sendAPDU(TESTECSUPPORTALL_FP); - ReconnnectToCard(); - ResponseAPDU resp_f2m = cardManager.sendAPDU(TESTECSUPPORTALL_F2M); - PrintECSupport(resp_fp); - PrintECSupport(resp_f2m); - */ - - cardManager.DisconnectFromCard(); - } else { - m_SystemOutLogger.println("Failed to connect to card"); + if (respGather.getSW() != ISO7816.SW_NO_ERROR) { + systemOutLogger.println(String.format("Card error: %x", respGather.getSW())); + break; + } + byte[] data = respGather.getData(); + int offset = 0; + String pubKeyW = ""; + String privKeyS = ""; + if (data[offset] == EC_Consts.TAG_ECPUBKEY) { + offset++; + short len = getShort(data, offset); + offset += 2; + pubKeyW = CardMngr.bytesToHex(data, offset, len, false); + offset += len; + } + if (data[offset] == EC_Consts.TAG_ECPRIVKEY) { + offset++; + short len = getShort(data, offset); + offset += 2; + privKeyS = CardMngr.bytesToHex(data, offset, len, false); + offset += len; + } + + message = String.format("%d;%d;%s;%s\n", counter, elapsed / 1000000, pubKeyW, privKeyS); + keysFile.write(message.getBytes()); + + this.systemOutLogger.flush(); + keysFile.flush(); + + //stop when we have enough keys, go on forever with 0 + if (counter >= amount && amount != 0) + break; } - } catch (Exception ex) { - m_SystemOutLogger.println("Exception : " + ex); + keysFile.close(); } - - systemOutLogger.close(); } - + static String getPrintError(short code) { if (code == ISO7816.SW_NO_ERROR) { return "OK\t(0x9000)"; - } - else { + } else { String codeStr = "unknown"; if (code == CryptoException.ILLEGAL_VALUE) { codeStr = "ILLEGAL_VALUE"; @@ -227,23 +317,26 @@ public class SimpleAPDU { if (code == SimpleECCApplet.SW_INVALID_CORRUPTION_TYPE) { codeStr = "SW_INVALID_CORRUPTION_TYPE"; } + if (code == SimpleECCApplet.SW_SIG_VERIFY_FAIL) { + codeStr = "SW_SIG_VERIFY_FAIL"; + } return String.format("fail\t(%s,\t0x%4x)", codeStr, code); - } + } } - + enum ExpResult { - SHOULD_SUCCEDD, + SHOULD_SUCCEED, MAY_FAIL, MUST_FAIL } - static int VerifyPrintResult(String message, byte expectedTag, byte[] buffer, int bufferOffset, ExpResult expRes) { + + private int VerifyPrintResult(String message, byte expectedTag, byte[] buffer, int bufferOffset, ExpResult expRes) { if (bufferOffset >= buffer.length) { - m_SystemOutLogger.println(" No more data returned"); - } - else { + systemOutLogger.println(" No more data returned"); + } else { if (buffer[bufferOffset] != expectedTag) { - m_SystemOutLogger.println(" ERROR: mismatched tag"); - assert(buffer[bufferOffset] == expectedTag); + systemOutLogger.println(" ERROR: mismatched tag"); + assert (buffer[bufferOffset] == expectedTag); } bufferOffset++; short resCode = getShort(buffer, bufferOffset); @@ -253,26 +346,28 @@ public class SimpleAPDU { if ((expRes == ExpResult.MUST_FAIL) && (resCode == ISO7816.SW_NO_ERROR)) { bHiglight = true; } - if ((expRes == ExpResult.SHOULD_SUCCEDD) && (resCode != ISO7816.SW_NO_ERROR)) { + if ((expRes == ExpResult.SHOULD_SUCCEED) && (resCode != ISO7816.SW_NO_ERROR)) { bHiglight = true; } if (bHiglight) { - m_SystemOutLogger.println(String.format("!! %-50s%s", message, getPrintError(resCode))); - } - else { - m_SystemOutLogger.println(String.format(" %-50s%s", message, getPrintError(resCode))); + systemOutLogger.println(String.format("!! %-53s%s", message, getPrintError(resCode))); + } else { + systemOutLogger.println(String.format(" %-53s%s", message, getPrintError(resCode))); } } return bufferOffset; } - static void PrintECSupport(ResponseAPDU resp) { - byte[] buffer = resp.getData(); - m_SystemOutLogger.println(); - m_SystemOutLogger.println("### Test for support and with valid and invalid EC curves"); + private void PrintECSupport(ResponseAPDU resp) { + PrintECSupport(resp.getData()); + } + + private void PrintECSupport(byte[] buffer) { + systemOutLogger.println(); + systemOutLogger.println("### Test for support and with valid and invalid EC curves"); int bufferOffset = 0; while (bufferOffset < buffer.length) { - assert(buffer[bufferOffset] == SimpleECCApplet.ECTEST_SEPARATOR); + assert (buffer[bufferOffset] == SimpleECCApplet.ECTEST_SEPARATOR); bufferOffset++; String ecType = "unknown"; if (buffer[bufferOffset] == KeyPair.ALG_EC_FP) { @@ -281,29 +376,38 @@ public class SimpleAPDU { if (buffer[bufferOffset] == KeyPair.ALG_EC_F2M) { ecType = "ALG_EC_F2M"; } - m_SystemOutLogger.println(String.format("%-53s%s", "EC type:", ecType)); + systemOutLogger.println(String.format("%-56s%s", "EC type:", ecType)); bufferOffset++; short keyLen = getShort(buffer, bufferOffset); - m_SystemOutLogger.println(String.format("%-53s%d bits", "EC key length (bits):", keyLen)); + systemOutLogger.println(String.format("%-56s%d bits", "EC key length (bits):", keyLen)); bufferOffset += 2; - bufferOffset = VerifyPrintResult("KeyPair object allocation:", SimpleECCApplet.ECTEST_ALLOCATE_KEYPAIR, buffer, bufferOffset, ExpResult.SHOULD_SUCCEDD); + bufferOffset = VerifyPrintResult("KeyPair object allocation:", SimpleECCApplet.ECTEST_ALLOCATE_KEYPAIR, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED); bufferOffset = VerifyPrintResult("Generate key with def curve (fails if no def):", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_DEFCURVE, buffer, bufferOffset, ExpResult.MAY_FAIL); - bufferOffset = VerifyPrintResult("Set valid custom curve:", SimpleECCApplet.ECTEST_SET_VALIDCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEDD); - bufferOffset = VerifyPrintResult("Generate key with valid curve:", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEDD); - bufferOffset = VerifyPrintResult("ECDH agreement with valid point:", SimpleECCApplet.ECTEST_ECDH_AGREEMENT_VALID_POINT, buffer, bufferOffset, ExpResult.SHOULD_SUCCEDD); + bufferOffset = VerifyPrintResult("Set valid custom curve:", SimpleECCApplet.ECTEST_SET_VALIDCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED); + bufferOffset = VerifyPrintResult("Generate key with valid curve:", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED); + bufferOffset = VerifyPrintResult("ECDH agreement with valid point:", SimpleECCApplet.ECTEST_ECDH_AGREEMENT_VALID_POINT, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED); bufferOffset = VerifyPrintResult("ECDH agreement with invalid point (fail is good):", SimpleECCApplet.ECTEST_ECDH_AGREEMENT_INVALID_POINT, buffer, bufferOffset, ExpResult.MUST_FAIL); + bufferOffset = VerifyPrintResult("ECDSA signature on random data:", SimpleECCApplet.ECTEST_ECDSA_SIGNATURE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED); + bufferOffset = VerifyPrintResult("Set anomalous custom curve (may fail):", SimpleECCApplet.ECTEST_SET_ANOMALOUSCURVE, buffer, bufferOffset, ExpResult.MAY_FAIL); + bufferOffset = VerifyPrintResult("Generate key with anomalous curve (may fail):", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_ANOMALOUSCURVE, buffer, bufferOffset, ExpResult.MAY_FAIL); + bufferOffset = VerifyPrintResult("ECDH agreement with small order point (fail is good):", SimpleECCApplet.ECTEST_ECDH_AGREEMENT_SMALL_DEGREE_POINT, buffer, bufferOffset, ExpResult.MUST_FAIL); bufferOffset = VerifyPrintResult("Set invalid custom curve (may fail):", SimpleECCApplet.ECTEST_SET_INVALIDCURVE, buffer, bufferOffset, ExpResult.MAY_FAIL); bufferOffset = VerifyPrintResult("Generate key with invalid curve (fail is good):", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE, buffer, bufferOffset, ExpResult.MUST_FAIL); - - m_SystemOutLogger.println(); + bufferOffset = VerifyPrintResult("Set invalid field (may fail):", SimpleECCApplet.ECTEST_SET_INVALIDFIELD, buffer, bufferOffset, ExpResult.MAY_FAIL); + bufferOffset = VerifyPrintResult("Generate key with invalid field (fail si good):", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_INVALIDFIELD, buffer, bufferOffset, ExpResult.MUST_FAIL); + + systemOutLogger.println(); } } - static void PrintECKeyGenInvalidCurveB(ResponseAPDU resp) { - byte[] buffer = resp.getData(); - m_SystemOutLogger.println(); - m_SystemOutLogger.println("### Test for computation with invalid parameter B for EC curve"); + private void PrintECKeyGenInvalidCurveB(ResponseAPDU resp) { + PrintECKeyGenInvalidCurveB(resp.getData()); + } + + private void PrintECKeyGenInvalidCurveB(byte[] buffer) { + systemOutLogger.println(); + systemOutLogger.println("### Test for computation with invalid parameter B for EC curve"); int bufferOffset = 0; while (bufferOffset < buffer.length) { assert (buffer[bufferOffset] == SimpleECCApplet.ECTEST_SEPARATOR); @@ -315,40 +419,43 @@ public class SimpleAPDU { if (buffer[bufferOffset] == KeyPair.ALG_EC_F2M) { ecType = "ALG_EC_F2M"; } - m_SystemOutLogger.println(String.format("%-53s%s", "EC type:", ecType)); + systemOutLogger.println(String.format("%-53s%s", "EC type:", ecType)); bufferOffset++; short keyLen = getShort(buffer, bufferOffset); - m_SystemOutLogger.println(String.format("%-53s%d bits", "EC key length (bits):", keyLen)); + systemOutLogger.println(String.format("%-53s%d bits", "EC key length (bits):", keyLen)); bufferOffset += 2; short numRepeats = getShort(buffer, bufferOffset); bufferOffset += 2; - m_SystemOutLogger.println(String.format("%-53s%d times", "Executed repeats before unexpected error: ", numRepeats)); - - - bufferOffset = VerifyPrintResult("KeyPair object allocation:", SimpleECCApplet.ECTEST_ALLOCATE_KEYPAIR, buffer, bufferOffset, ExpResult.SHOULD_SUCCEDD); + systemOutLogger.println(String.format("%-53s%d times", "Executed repeats before unexpected error: ", numRepeats)); + + bufferOffset = VerifyPrintResult("KeyPair object allocation:", SimpleECCApplet.ECTEST_ALLOCATE_KEYPAIR, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED); while (bufferOffset < buffer.length) { - bufferOffset = VerifyPrintResult("Set invalid custom curve:", SimpleECCApplet.ECTEST_SET_INVALIDCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEDD); + bufferOffset = VerifyPrintResult("Set invalid custom curve:", SimpleECCApplet.ECTEST_SET_INVALIDCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED); bufferOffset = VerifyPrintResult("Generate key with invalid curve (fail is good):", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE, buffer, bufferOffset, ExpResult.MUST_FAIL); if (buffer[bufferOffset] == SimpleECCApplet.ECTEST_DH_GENERATESECRET) { bufferOffset = VerifyPrintResult("ECDH agreement with invalid point (fail is good):", SimpleECCApplet.ECTEST_DH_GENERATESECRET, buffer, bufferOffset, ExpResult.MUST_FAIL); } - bufferOffset = VerifyPrintResult("Set valid custom curve:", SimpleECCApplet.ECTEST_SET_VALIDCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEDD); - bufferOffset = VerifyPrintResult("Generate key with valid curve:", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEDD); + bufferOffset = VerifyPrintResult("Set valid custom curve:", SimpleECCApplet.ECTEST_SET_VALIDCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED); + bufferOffset = VerifyPrintResult("Generate key with valid curve:", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED); } - m_SystemOutLogger.println(); + systemOutLogger.println(); } } - - static void PrintECKeyGenInvalidCurveB_lastUserParams(ResponseAPDU resp) { + + private void PrintECKeyGenInvalidCurveB_lastUserParams(ResponseAPDU resp) { byte[] buffer = resp.getData(); short offset = 0; - m_SystemOutLogger.print("Last used value of B: "); + systemOutLogger.print("Last used value of B: "); while (offset < buffer.length) { - m_SystemOutLogger.print(String.format("%x ", buffer[offset])); + systemOutLogger.print(String.format("%x ", buffer[offset])); offset++; } - - } + } + + public static void main(String[] args) throws FileNotFoundException, IOException { + SimpleAPDU app = new SimpleAPDU(); + app.run(args); + } } |