author: J08nY 2019-02-22 09:35:18 +0100
committer: J08nY 2019-02-22 09:35:18 +0100
commit: 950f5c0fe204d64e3d1b60b1958b0342bfae4f86 (patch)
tree: 7db6dd76813e697fe67a7ee6a65f0eb513127966
parent: f98fb059fe39855784e03e1a7c117b12cdc8e5f5 (diff)
download: ECTester-950f5c0fe204d64e3d1b60b1958b0342bfae4f86.tar.gz
ECTester-950f5c0fe204d64e3d1b60b1958b0342bfae4f86.tar.zst
ECTester-950f5c0fe204d64e3d1b60b1958b0342bfae4f86.zip
1 files changed, 68 insertions, 15 deletions
diff --git a/src/cz/crcs/ectester/reader/test/CardTestVectorSuite.java b/src/cz/crcs/ectester/reader/test/CardTestVectorSuite.java
index 3abcebb..fec1a64 100644
--- a/src/cz/crcs/ectester/reader/test/CardTestVectorSuite.java
+++ b/src/cz/crcs/ectester/reader/test/CardTestVectorSuite.java
@@ -30,6 +30,8 @@ import java.util.ArrayList;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
+import java.util.function.BiFunction;
+import java.util.function.Function;
 import java.util.stream.Collectors;
 
 import static cz.crcs.ectester.common.test.Result.ExpectedValue;
@@ -96,10 +98,12 @@ public class CardTestVectorSuite extends CardTestSuite {
         }
 
         KeyAgreement ka;
+        Signature sig;
         KeyFactory kf;
         MessageDigest md;
         try {
             ka = KeyAgreement.getInstance("ECDH", "BC");
+            sig = Signature.getInstance("ECDSAwithSHA1", "BC");
             kf = KeyFactory.getInstance("ECDH", "BC");
             md = MessageDigest.getInstance("SHA1", "BC");
         } catch (NoSuchAlgorithmException | NoSuchProviderException ex) {
@@ -119,8 +123,26 @@ public class CardTestVectorSuite extends CardTestSuite {
             testVector.add(allocate);
             testVector.add(CommandTest.expect(new Command.Set(this.card, ECTesterApplet.KEYPAIR_BOTH, EC_Consts.CURVE_external, curve.getParams(), curve.flatten()), ExpectedValue.SUCCESS));
             testVector.add(CommandTest.expect(new Command.Generate(this.card, ECTesterApplet.KEYPAIR_BOTH), ExpectedValue.SUCCESS));
-            CommandTest export = CommandTest.expect(new Command.Export(this.card, ECTesterApplet.KEYPAIR_BOTH, EC_Consts.KEY_BOTH, EC_Consts.PARAMETERS_KEYPAIR), ExpectedValue.ANY);
-            testVector.add(export);
+            CommandTest exportLocal = CommandTest.expect(new Command.Export(this.card, ECTesterApplet.KEYPAIR_LOCAL, EC_Consts.KEY_PUBLIC, EC_Consts.PARAMETER_W), ExpectedValue.ANY);
+            CommandTest exportRemote = CommandTest.expect(new Command.Export(this.card, ECTesterApplet.KEYPAIR_REMOTE, EC_Consts.KEY_PRIVATE, EC_Consts.PARAMETER_S), ExpectedValue.ANY);
+            testVector.add(exportLocal);
+            testVector.add(exportRemote);
+            BiFunction<Response.Export, Response.Export, Key[]> getKeys = (localData, remoteData) -> {
+                byte[] pkey = localData.getParameter(ECTesterApplet.KEYPAIR_LOCAL, EC_Consts.PARAMETER_W);
+                byte[] skey = remoteData.getParameter(ECTesterApplet.KEYPAIR_REMOTE, EC_Consts.PARAMETER_S);
+                ECParameterSpec spec = curve.toSpec();
+                ECPrivateKeySpec privKeySpec = new ECPrivateKeySpec(new BigInteger(1, skey), spec);
+                ECPublicKeySpec pubKeySpec = new ECPublicKeySpec(ECUtil.fromX962(pkey, curve.toCurve()), spec);
+                PrivateKey privKey;
+                PublicKey pubKey;
+                try {
+                    privKey = kf.generatePrivate(privKeySpec);
+                    pubKey = kf.generatePublic(pubKeySpec);
+                } catch (InvalidKeySpecException ex) {
+                    return null;
+                }
+                return new Key[]{privKey, pubKey};
+            };
             TestCallback<CommandTestable> kaCallback = new TestCallback<CommandTestable>() {
                 @Override
                 public Result apply(CommandTestable testable) {
@@ -131,19 +153,17 @@ public class CardTestVectorSuite extends CardTestSuite {
                         return new Result(Value.FAILURE, "ECDH response did not contain the derived secret.");
                     }
                     byte[] secret = ecdhData.getSecret();
-                    Response.Export keyData = (Response.Export) export.getResponse();
-                    byte[] pkey = keyData.getParameter(ECTesterApplet.KEYPAIR_LOCAL, EC_Consts.PARAMETER_W);
-                    byte[] skey = keyData.getParameter(ECTesterApplet.KEYPAIR_REMOTE, EC_Consts.PARAMETER_S);
-                    ECParameterSpec spec = curve.toSpec();
-                    ECPrivateKeySpec privKeySpec = new ECPrivateKeySpec(new BigInteger(1, skey), spec);
-                    ECPublicKeySpec pubKeySpec = new ECPublicKeySpec(ECUtil.fromX962(pkey, curve.toCurve()), spec);
-                    PrivateKey privKey;
-                    PublicKey pubkey;
+                    Response.Export localData = (Response.Export) exportLocal.getResponse();
+                    Response.Export remoteData = (Response.Export) exportRemote.getResponse();
+                    Key[] keys = getKeys.apply(localData, remoteData);
+                    if (keys == null) {
+                        return new Result(Value.SUCCESS, "Result could not be verified. keyData unavailable.");
+                    }
+                    PrivateKey privKey = (PrivateKey) keys[0];
+                    PublicKey pubKey = (PublicKey) keys[1];
                     try {
-                        privKey = kf.generatePrivate(privKeySpec);
-                        pubkey = kf.generatePublic(pubKeySpec);
                         ka.init(privKey);
-                        ka.doPhase(pubkey, true);
+                        ka.doPhase(pubKey, true);
                         byte[] rawDerived = ka.generateSecret();
                         int fieldSize = (curve.getBits() + 7) / 8;
                         if (rawDerived.length < fieldSize) {
@@ -165,12 +185,45 @@ public class CardTestVectorSuite extends CardTestSuite {
                         } else {
                             return new Result(Value.FAILURE, "Derived secret does not match expected value, first difference was at byte " + String.valueOf(diff) + ".");
                         }
-                    } catch (InvalidKeySpecException | InvalidKeyException ex) {
+                    } catch (InvalidKeyException ex) {
+                        return new Result(Value.SUCCESS, "Result could not be verified. " + ex.getMessage());
+                    }
+                }
+            };
+            Test ecdhTest = CommandTest.function(new Command.ECDH(this.card, ECTesterApplet.KEYPAIR_LOCAL, ECTesterApplet.KEYPAIR_REMOTE, ECTesterApplet.EXPORT_TRUE, EC_Consts.TRANSFORMATION_NONE, EC_Consts.KeyAgreement_ALG_EC_SVDP_DH), kaCallback);
+            byte[] data = new byte[32];
+            TestCallback<CommandTestable> sigCallback = new TestCallback<CommandTestable>() {
+                @Override
+                public Result apply(CommandTestable testable) {
+                    Response.ECDSA ecdsaData = (Response.ECDSA) testable.getResponse();
+                    if (!ecdsaData.successful())
+                        return new Result(Value.FAILURE, "ECDSA was unsuccessful.");
+                    if (!ecdsaData.hasSignature()) {
+                        return new Result(Value.FAILURE, "ECDSA response did not contain the signature.");
+                    }
+                    byte[] signature = ecdsaData.getSignature();
+                    Response.Export localData = (Response.Export) exportLocal.getResponse();
+                    Response.Export remoteData = (Response.Export) exportRemote.getResponse();
+                    Key[] keys = getKeys.apply(localData, remoteData);
+                    if (keys == null) {
+                        return new Result(Value.SUCCESS, "Result could not be verified. keyData unavailable.");
+                    }
+                    PublicKey pubKey = (PublicKey) keys[1];
+                    try {
+                        sig.initVerify(pubKey);
+                        sig.update(data);
+                        if (sig.verify(signature)) {
+                            return new Result(Value.SUCCESS, "Signature verified.");
+                        } else {
+                            return new Result(Value.FAILURE, "Signature failed to verify.");
+                        }
+                    } catch (InvalidKeyException | SignatureException ex) {
                         return new Result(Value.SUCCESS, "Result could not be verified. " + ex.getMessage());
                     }
                 }
             };
-            testVector.add(CommandTest.function(new Command.ECDH(this.card, ECTesterApplet.KEYPAIR_LOCAL, ECTesterApplet.KEYPAIR_REMOTE, ECTesterApplet.EXPORT_TRUE, EC_Consts.TRANSFORMATION_NONE, EC_Consts.KeyAgreement_ALG_EC_SVDP_DH), kaCallback));
+            Test ecdsaTest = CommandTest.function(new Command.ECDSA_sign(this.card, ECTesterApplet.KEYPAIR_LOCAL, EC_Consts.Signature_ALG_ECDSA_SHA, ECTesterApplet.EXPORT_TRUE, data), sigCallback);
+            testVector.add(CompoundTest.all(ExpectedValue.SUCCESS, "", ecdhTest, ecdsaTest));
             if (cfg.cleanup) {
                 testVector.add(CommandTest.expect(new Command.Cleanup(this.card), ExpectedValue.ANY));
             }
author	J08nY	2019-02-22 09:35:18 +0100
committer	J08nY	2019-02-22 09:35:18 +0100
commit	950f5c0fe204d64e3d1b60b1958b0342bfae4f86 (patch)
tree	7db6dd76813e697fe67a7ee6a65f0eb513127966
parent	f98fb059fe39855784e03e1a7c117b12cdc8e5f5 (diff)
download	ECTester-950f5c0fe204d64e3d1b60b1958b0342bfae4f86.tar.gz ECTester-950f5c0fe204d64e3d1b60b1958b0342bfae4f86.tar.zst ECTester-950f5c0fe204d64e3d1b60b1958b0342bfae4f86.zip