aboutsummaryrefslogtreecommitdiff
path: root/src/applets
diff options
context:
space:
mode:
authorJ08nY2016-10-30 17:58:27 +0100
committerJ08nY2016-11-21 14:09:47 +0100
commitb4d72715e7d770b4925fef70a192665744a6273d (patch)
tree69f5a28240f0743d7ddca6a1fd4ba7c070a9e276 /src/applets
parent48c54c5520382b3d2bc4899b7e2197afba976a04 (diff)
downloadECTester-b4d72715e7d770b4925fef70a192665744a6273d.tar.gz
ECTester-b4d72715e7d770b4925fef70a192665744a6273d.tar.zst
ECTester-b4d72715e7d770b4925fef70a192665744a6273d.zip
Diffstat (limited to 'src/applets')
-rw-r--r--src/applets/ECKeyGenerator.java143
-rw-r--r--src/applets/ECKeyTester.java1
-rw-r--r--src/applets/EC_Consts.java1236
-rw-r--r--src/applets/SimpleECCApplet.java697
4 files changed, 1045 insertions, 1032 deletions
diff --git a/src/applets/ECKeyGenerator.java b/src/applets/ECKeyGenerator.java
index ff2193c..c7155de 100644
--- a/src/applets/ECKeyGenerator.java
+++ b/src/applets/ECKeyGenerator.java
@@ -16,26 +16,17 @@ public class ECKeyGenerator {
private ECPrivateKey ecPrivateKey = null;
private ECPublicKey ecPublicKey = null;
- public static final byte PARAMETER_FP = 1;
- public static final byte PARAMETER_F2M_ONE = 2;
- public static final byte PARAMETER_F2M_THREE = 3;
- public static final byte PARAMETER_A = 4;
- public static final byte PARAMETER_B = 5;
- public static final byte PARAMETER_G = 6;
- public static final byte PARAMETER_R = 7;
- public static final byte PARAMETER_K = 8;
-
- private static final byte PARAMETER_S = 9; //private key
- private static final byte PARAMETER_W = 10;//public key
-
public static final byte KEY_PUBLIC = 0x1;
public static final byte KEY_PRIVATE = 0x2;
public static final byte KEY_BOTH = KEY_PUBLIC & KEY_PRIVATE;
+
public short allocatePair(byte algorithm, short keyLength) {
short result = ISO7816.SW_NO_ERROR;
try {
ecKeyPair = new KeyPair(algorithm, keyLength);
+ ecPrivateKey = (ECPrivateKey) ecKeyPair.getPrivate();
+ ecPublicKey = (ECPublicKey) ecKeyPair.getPublic();
} catch (CryptoException ce) {
result = ce.getReason();
} catch (Exception e) {
@@ -44,7 +35,7 @@ public class ECKeyGenerator {
return result;
}
- public boolean isAlocated() {
+ public boolean isAllocated() {
return ecKeyPair != null && ecPrivateKey != null && ecPublicKey != null;
}
@@ -52,7 +43,7 @@ public class ECKeyGenerator {
short result = ISO7816.SW_NO_ERROR;
try {
ecKeyPair.genKeyPair();
- ecPrivateKey = (ECPrivateKey) ecKeyPair.getPrivate(); //TODO, do I want to keep private and pubkey separate from the keypair?
+ ecPrivateKey = (ECPrivateKey) ecKeyPair.getPrivate();
ecPublicKey = (ECPublicKey) ecKeyPair.getPublic();
} catch (CryptoException ce) {
result = ce.getReason();
@@ -62,61 +53,84 @@ public class ECKeyGenerator {
return result;
}
- public short setCustomCurve(byte keyClass, short keyLength) {
- //TODO
- return 0;
+ public short setCustomCurve(byte keyClass, short keyLength, byte[] buffer, short offset) {
+ return setCustomCurve(EC_Consts.getCurve(keyClass, keyLength), buffer, offset);
+ }
+
+ public short setCustomCurve(byte curve, byte[] buffer, short offset) {
+ byte alg = EC_Consts.getCurveType(curve);
+ short sw = ISO7816.SW_NO_ERROR;
+ short length;
+ if (alg == KeyPair.ALG_EC_FP) {
+ length = EC_Consts.getCurveParameter(curve, EC_Consts.PARAMETER_FP, buffer, offset);
+ sw = setExternalParameter(KEY_BOTH, EC_Consts.PARAMETER_FP, buffer, offset, length);
+ } else if (alg == KeyPair.ALG_EC_F2M) {
+ length = EC_Consts.getCurveParameter(curve, EC_Consts.PARAMETER_F2M, buffer, offset);
+ sw = setExternalParameter(KEY_BOTH, EC_Consts.PARAMETER_F2M, buffer, offset, length);
+ }
+ if (sw != ISO7816.SW_NO_ERROR) return sw;
+
+ for (byte param = EC_Consts.PARAMETER_A; param < EC_Consts.PARAMETER_K; ++param) {
+ length = EC_Consts.getCurveParameter(curve, param, buffer, offset);
+ sw = setExternalParameter(KEY_BOTH, param, buffer, offset, length);
+ if (sw != ISO7816.SW_NO_ERROR) break;
+ }
+ return sw;
}
- public short setCustomCurve(byte curve) {
- //TODO
- return 0;
+ public short setCustomInvalidCurve(short keyClass, short keyLength, byte key, byte param, short corruptionType, byte[] buffer, short offset) {
+ return setCustomInvalidCurve(EC_Consts.getCurve(keyClass, keyLength), key, param, corruptionType, buffer, offset);
+ }
+
+ public short setCustomInvalidCurve(byte curve, byte key, byte param, short corruptionType, byte[] buffer, short offset) {
+ short sw = setCustomCurve(curve, buffer, offset);
+ if (sw != ISO7816.SW_NO_ERROR) return sw;
+
+ short length = EC_Consts.getCorruptCurveParameter(curve, param, buffer, offset, corruptionType);
+ sw = setExternalParameter(key, param, buffer, offset, length);
+ return sw;
}
public short setExternalParameter(byte key, byte param, byte[] data, short offset, short length) {
short result = ISO7816.SW_NO_ERROR;
try {
switch (param) {
- case PARAMETER_FP:
+ case EC_Consts.PARAMETER_FP:
if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setFieldFP(data, offset, length);
if ((key & KEY_PUBLIC) != 0) ecPublicKey.setFieldFP(data, offset, length);
break;
- case PARAMETER_F2M_ONE:
- if (length != 2) {
- result = ISO7816.SW_UNKNOWN;
- } else {
+ case EC_Consts.PARAMETER_F2M:
+ if (length == 2) {
short i = Util.makeShort(data[offset], data[(short) (offset + 1)]);
if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setFieldF2M(i);
if ((key & KEY_PUBLIC) != 0) ecPublicKey.setFieldF2M(i);
- }
- break;
- case PARAMETER_F2M_THREE:
- if (length != 6) {
- result = ISO7816.SW_UNKNOWN;
- } else {
+ } else if (length == 6) {
short i1 = Util.makeShort(data[offset], data[(short) (offset + 1)]);
short i2 = Util.makeShort(data[(short) (offset + 2)], data[(short) (offset + 3)]);
short i3 = Util.makeShort(data[(short) (offset + 4)], data[(short) (offset + 5)]);
if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setFieldF2M(i1, i2, i3);
if ((key & KEY_PUBLIC) != 0) ecPublicKey.setFieldF2M(i1, i2, i3);
+ } else {
+ result = ISO7816.SW_UNKNOWN;
}
break;
- case PARAMETER_A:
+ case EC_Consts.PARAMETER_A:
if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setA(data, offset, length);
if ((key & KEY_PUBLIC) != 0) ecPublicKey.setA(data, offset, length);
break;
- case PARAMETER_B:
+ case EC_Consts.PARAMETER_B:
if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setB(data, offset, length);
if ((key & KEY_PUBLIC) != 0) ecPublicKey.setB(data, offset, length);
break;
- case PARAMETER_G:
+ case EC_Consts.PARAMETER_G:
if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setG(data, offset, length);
if ((key & KEY_PUBLIC) != 0) ecPublicKey.setG(data, offset, length);
break;
- case PARAMETER_R:
+ case EC_Consts.PARAMETER_R:
if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setR(data, offset, length);
if ((key & KEY_PUBLIC) != 0) ecPublicKey.setR(data, offset, length);
break;
- case PARAMETER_K:
+ case EC_Consts.PARAMETER_K:
if (length != 2) {
result = ISO7816.SW_UNKNOWN;
} else {
@@ -125,10 +139,10 @@ public class ECKeyGenerator {
if ((key & KEY_PUBLIC) != 0) ecPublicKey.setK(k);
}
break;
- case PARAMETER_S:
+ case EC_Consts.PARAMETER_S:
if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setS(data, offset, length);
break;
- case PARAMETER_W:
+ case EC_Consts.PARAMETER_W:
if ((key & KEY_PUBLIC) != 0) ecPublicKey.setW(data, offset, length);
break;
default:
@@ -142,27 +156,54 @@ public class ECKeyGenerator {
return result;
}
- public short exportParameter(byte key, byte param, byte[] outputBuffer, short outputOffset) {
+ public short exportParameter(byte key, short param, byte[] outputBuffer, short outputOffset) {
if (key == KEY_BOTH) {
- return ISO7816.SW_UNKNOWN;
- }
- short result = ISO7816.SW_NO_ERROR;
+ return -1;
+ }//TODO: change error handling.
+ short length = 0;
try {
- switch(param){
- case PARAMETER_FP:
-
+ switch (param) {
+ case EC_Consts.PARAMETER_FP:
+ case EC_Consts.PARAMETER_F2M:
+ if ((key & KEY_PUBLIC) != 0) length = ecPublicKey.getField(outputBuffer, outputOffset);
+ if ((key & KEY_PRIVATE) != 0) length = ecPrivateKey.getField(outputBuffer, outputOffset);
+ break;
+ case EC_Consts.PARAMETER_A:
+ if ((key & KEY_PUBLIC) != 0) length = ecPublicKey.getA(outputBuffer, outputOffset);
+ if ((key & KEY_PRIVATE) != 0) length = ecPrivateKey.getA(outputBuffer, outputOffset);
+ break;
+ case EC_Consts.PARAMETER_B:
+ if ((key & KEY_PUBLIC) != 0) length = ecPublicKey.getB(outputBuffer, outputOffset);
+ if ((key & KEY_PRIVATE) != 0) length = ecPrivateKey.getB(outputBuffer, outputOffset);
+ break;
+ case EC_Consts.PARAMETER_G:
+ if ((key & KEY_PUBLIC) != 0) length = ecPublicKey.getG(outputBuffer, outputOffset);
+ if ((key & KEY_PRIVATE) != 0) length = ecPrivateKey.getG(outputBuffer, outputOffset);
+ break;
+ case EC_Consts.PARAMETER_R:
+ if ((key & KEY_PUBLIC) != 0) length = ecPublicKey.getR(outputBuffer, outputOffset);
+ if ((key & KEY_PRIVATE) != 0) length = ecPrivateKey.getR(outputBuffer, outputOffset);
+ break;
+ case EC_Consts.PARAMETER_K:
+ if ((key & KEY_PUBLIC) != 0) Util.setShort(outputBuffer, outputOffset, ecPublicKey.getK());
+ if ((key & KEY_PRIVATE) != 0) Util.setShort(outputBuffer, outputOffset, ecPrivateKey.getK());
+ length = 2;
+ break;
+ case EC_Consts.PARAMETER_S:
+ if ((key & KEY_PRIVATE) != 0) length = ecPrivateKey.getS(outputBuffer, outputOffset);
+ break;
+ case EC_Consts.PARAMETER_W:
+ if ((key & KEY_PUBLIC) != 0) length = ecPublicKey.getW(outputBuffer, outputOffset);
break;
-
default:
-
+ length = -1;
}
} catch (CryptoException ce) {
-
+ length = -1;
} catch (Exception e) {
-
+ length = -1;
}
- //TODO
- return result;
+ return length;
}
public ECPrivateKey getPrivateKey() {
diff --git a/src/applets/ECKeyTester.java b/src/applets/ECKeyTester.java
index 91d7a8b..757ece7 100644
--- a/src/applets/ECKeyTester.java
+++ b/src/applets/ECKeyTester.java
@@ -13,6 +13,7 @@ public class ECKeyTester {
private KeyAgreement ecdhcKeyAgreement = null;
private Signature ecdsaSignature = null;
+ //TODO: move these SW definitions to the main applet class.
public final static short SW_SIG_LENGTH_MISMATCH = (short) 0xee4;
public final static short SW_SIG_VERIFY_FAIL = (short) 0xee5;
diff --git a/src/applets/EC_Consts.java b/src/applets/EC_Consts.java
index 3758f0b..7521979 100644
--- a/src/applets/EC_Consts.java
+++ b/src/applets/EC_Consts.java
@@ -3,642 +3,812 @@ package applets;
import javacard.framework.ISO7816;
import javacard.framework.ISOException;
import javacard.framework.Util;
-import javacard.security.ECPrivateKey;
-import javacard.security.ECPublicKey;
import javacard.security.KeyPair;
import javacard.security.RandomData;
public class EC_Consts {
- public static byte[] EC_FP_P = null;
- public static byte[] EC_FP_A = null;
- public static byte[] EC_FP_B = null;
- public static byte[] EC_FP_G_X = null;
- public static byte[] EC_FP_G_Y = null;
- public static byte[] EC_FP_R = null;
- public static short EC_FP_K = 1;
-
- public static RandomData m_random = null;
+ private static byte[] EC_FP_P = null; //p
+ private static byte[] EC_A = null; //a
+ private static byte[] EC_B = null; //b
+ private static byte[] EC_G_X = null; //G[x,y]
+ private static byte[] EC_G_Y = null; //
+ private static byte[] EC_R = null; //n
+ private static short EC_K = 1; //h
+
+ private static byte[] EC_F2M_F2M = null; //[short ii, short i2, short i3], f = x^m + x^i1 + x^i2 + x^i3 + 1
+
+ public static final byte PARAMETER_FP = 1;
+ public static final byte PARAMETER_F2M = 2;
+
+ public static final byte PARAMETER_A = 3;
+ public static final byte PARAMETER_B = 4;
+ public static final byte PARAMETER_G = 5;
+ public static final byte PARAMETER_R = 6;
+ public static final byte PARAMETER_K = 7;
+
+ //TODO make params maskable, to allow for PARAMETER_A | PARAMETER_B passed to for example ECKeyGenerator.setInvalidCustomCurve
+ public static final byte PARAMETER_S = 8; //private key
+ public static final byte PARAMETER_W = 9; //public key
+
+
+ public static RandomData m_random = null;
// secp128r1
public static final byte[] EC128_FP_P = new byte[]{
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFD,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF};
-
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFD,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF};
+
public static final byte[] EC128_FP_A = new byte[]{
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFD,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFC};
-
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFD,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFC};
+
public static final byte[] EC128_FP_B = new byte[]{
- (byte) 0xE8, (byte) 0x75, (byte) 0x79, (byte) 0xC1,
- (byte) 0x10, (byte) 0x79, (byte) 0xF4, (byte) 0x3D,
- (byte) 0xD8, (byte) 0x24, (byte) 0x99, (byte) 0x3C,
- (byte) 0x2C, (byte) 0xEE, (byte) 0x5E, (byte) 0xD3};
-
+ (byte) 0xE8, (byte) 0x75, (byte) 0x79, (byte) 0xC1,
+ (byte) 0x10, (byte) 0x79, (byte) 0xF4, (byte) 0x3D,
+ (byte) 0xD8, (byte) 0x24, (byte) 0x99, (byte) 0x3C,
+ (byte) 0x2C, (byte) 0xEE, (byte) 0x5E, (byte) 0xD3};
+
// G in compressed form / first part of ucompressed
public static final byte[] EC128_FP_G_X = new byte[]{
- (byte) 0x16, (byte) 0x1F, (byte) 0xF7, (byte) 0x52,
- (byte) 0x8B, (byte) 0x89, (byte) 0x9B, (byte) 0x2D,
- (byte) 0x0C, (byte) 0x28, (byte) 0x60, (byte) 0x7C,
- (byte) 0xA5, (byte) 0x2C, (byte) 0x5B, (byte) 0x86 };
-
+ (byte) 0x16, (byte) 0x1F, (byte) 0xF7, (byte) 0x52,
+ (byte) 0x8B, (byte) 0x89, (byte) 0x9B, (byte) 0x2D,
+ (byte) 0x0C, (byte) 0x28, (byte) 0x60, (byte) 0x7C,
+ (byte) 0xA5, (byte) 0x2C, (byte) 0x5B, (byte) 0x86};
+
// second part of G uncompressed
public static final byte[] EC128_FP_G_Y = new byte[]{
- (byte) 0xCF, (byte) 0x5A, (byte) 0xC8, (byte) 0x39,
- (byte) 0x5B, (byte) 0xAF, (byte) 0xEB, (byte) 0x13,
- (byte) 0xC0, (byte) 0x2D, (byte) 0xA2, (byte) 0x92,
- (byte) 0xDD, (byte) 0xED, (byte) 0x7A, (byte) 0x83};
+ (byte) 0xCF, (byte) 0x5A, (byte) 0xC8, (byte) 0x39,
+ (byte) 0x5B, (byte) 0xAF, (byte) 0xEB, (byte) 0x13,
+ (byte) 0xC0, (byte) 0x2D, (byte) 0xA2, (byte) 0x92,
+ (byte) 0xDD, (byte) 0xED, (byte) 0x7A, (byte) 0x83};
// Order of G
public static final byte[] EC128_FP_R = new byte[]{
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFE,
- (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
- (byte) 0x75, (byte) 0xA3, (byte) 0x0D, (byte) 0x1B,
- (byte) 0x90, (byte) 0x38, (byte) 0xA1, (byte) 0x15};
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFE,
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
+ (byte) 0x75, (byte) 0xA3, (byte) 0x0D, (byte) 0x1B,
+ (byte) 0x90, (byte) 0x38, (byte) 0xA1, (byte) 0x15};
// cofactor of G
public static final short EC128_FP_K = 1;
-
+
// secp160r1
public static final byte[] EC160_FP_P = new byte[]{
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0x7F, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF};
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0x7F, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF};
public static final byte[] EC160_FP_A = new byte[]{
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0x7F, (byte) 0xFF, (byte) 0xFF, (byte) 0xFC};
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0x7F, (byte) 0xFF, (byte) 0xFF, (byte) 0xFC};
public static final byte[] EC160_FP_B = new byte[]{
- (byte) 0x1C, (byte) 0x97, (byte) 0xBE, (byte) 0xFC,
- (byte) 0x54, (byte) 0xBD, (byte) 0x7A, (byte) 0x8B,
- (byte) 0x65, (byte) 0xAC, (byte) 0xF8, (byte) 0x9F,
- (byte) 0x81, (byte) 0xD4, (byte) 0xD4, (byte) 0xAD,
- (byte) 0xC5, (byte) 0x65, (byte) 0xFA, (byte) 0x45};
+ (byte) 0x1C, (byte) 0x97, (byte) 0xBE, (byte) 0xFC,
+ (byte) 0x54, (byte) 0xBD, (byte) 0x7A, (byte) 0x8B,
+ (byte) 0x65, (byte) 0xAC, (byte) 0xF8, (byte) 0x9F,
+ (byte) 0x81, (byte) 0xD4, (byte) 0xD4, (byte) 0xAD,
+ (byte) 0xC5, (byte) 0x65, (byte) 0xFA, (byte) 0x45};
// G in compressed form / first part of ucompressed
public static final byte[] EC160_FP_G_X = new byte[]{
- (byte) 0x4A, (byte) 0x96, (byte) 0xB5, (byte) 0x68,
- (byte) 0x8E, (byte) 0xF5, (byte) 0x73, (byte) 0x28,
- (byte) 0x46, (byte) 0x64, (byte) 0x69, (byte) 0x89,
- (byte) 0x68, (byte) 0xC3, (byte) 0x8B, (byte) 0xB9,
- (byte) 0x13, (byte) 0xCB, (byte) 0xFC, (byte) 0x82};
+ (byte) 0x4A, (byte) 0x96, (byte) 0xB5, (byte) 0x68,
+ (byte) 0x8E, (byte) 0xF5, (byte) 0x73, (byte) 0x28,
+ (byte) 0x46, (byte) 0x64, (byte) 0x69, (byte) 0x89,
+ (byte) 0x68, (byte) 0xC3, (byte) 0x8B, (byte) 0xB9,
+ (byte) 0x13, (byte) 0xCB, (byte) 0xFC, (byte) 0x82};
// second part of G uncompressed
public static final byte[] EC160_FP_G_Y = new byte[]{
- (byte) 0x23, (byte) 0xA6, (byte) 0x28, (byte) 0x55,
- (byte) 0x31, (byte) 0x68, (byte) 0x94, (byte) 0x7D,
- (byte) 0x59, (byte) 0xDC, (byte) 0xC9, (byte) 0x12,
- (byte) 0x04, (byte) 0x23, (byte) 0x51, (byte) 0x37,
- (byte) 0x7A, (byte) 0xC5, (byte) 0xFB, (byte) 0x32};
+ (byte) 0x23, (byte) 0xA6, (byte) 0x28, (byte) 0x55,
+ (byte) 0x31, (byte) 0x68, (byte) 0x94, (byte) 0x7D,
+ (byte) 0x59, (byte) 0xDC, (byte) 0xC9, (byte) 0x12,
+ (byte) 0x04, (byte) 0x23, (byte) 0x51, (byte) 0x37,
+ (byte) 0x7A, (byte) 0xC5, (byte) 0xFB, (byte) 0x32};
// Order of G
public static final byte[] EC160_FP_R = new byte[]{
- (byte) 0x01, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
- (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
- (byte) 0x00, (byte) 0x01, (byte) 0xF4, (byte) 0xC8,
- (byte) 0xF9, (byte) 0x27, (byte) 0xAE, (byte) 0xD3,
- (byte) 0xCA, (byte) 0x75, (byte) 0x22, (byte) 0x57};
+ (byte) 0x01, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
+ (byte) 0x00, (byte) 0x01, (byte) 0xF4, (byte) 0xC8,
+ (byte) 0xF9, (byte) 0x27, (byte) 0xAE, (byte) 0xD3,
+ (byte) 0xCA, (byte) 0x75, (byte) 0x22, (byte) 0x57};
// cofactor of G
- public static final short EC160_FP_K = 1;
-
-
+ public static final short EC160_FP_K = 1;
+
+
// secp192r1 from http://www.secg.org/sec2-v2.pdf
public static final byte[] EC192_FP_P = new byte[]{
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFE,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF};
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFE,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF};
public static final byte[] EC192_FP_A = new byte[]{
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFE,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFC};
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFE,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFC};
public static final byte[] EC192_FP_B = new byte[]{
- (byte) 0x64, (byte) 0x21, (byte) 0x05, (byte) 0x19,
- (byte) 0xE5, (byte) 0x9C, (byte) 0x80, (byte) 0xE7,
- (byte) 0x0F, (byte) 0xA7, (byte) 0xE9, (byte) 0xAB,
- (byte) 0x72, (byte) 0x24, (byte) 0x30, (byte) 0x49,
- (byte) 0xFE, (byte) 0xB8, (byte) 0xDE, (byte) 0xEC,
- (byte) 0xC1, (byte) 0x46, (byte) 0xB9, (byte) 0xB1};
+ (byte) 0x64, (byte) 0x21, (byte) 0x05, (byte) 0x19,
+ (byte) 0xE5, (byte) 0x9C, (byte) 0x80, (byte) 0xE7,
+ (byte) 0x0F, (byte) 0xA7, (byte) 0xE9, (byte) 0xAB,
+ (byte) 0x72, (byte) 0x24, (byte) 0x30, (byte) 0x49,
+ (byte) 0xFE, (byte) 0xB8, (byte) 0xDE, (byte) 0xEC,
+ (byte) 0xC1, (byte) 0x46, (byte) 0xB9, (byte) 0xB1};
// G in compressed form / first part of ucompressed
public static final byte[] EC192_FP_G_X = new byte[]{
- (byte) 0x18, (byte) 0x8D, (byte) 0xA8, (byte) 0x0E,
- (byte) 0xB0, (byte) 0x30, (byte) 0x90, (byte) 0xF6,
- (byte) 0x7C, (byte) 0xBF, (byte) 0x20, (byte) 0xEB,
- (byte) 0x43, (byte) 0xA1, (byte) 0x88, (byte) 0x00,
- (byte) 0xF4, (byte) 0xFF, (byte) 0x0A, (byte) 0xFD,
- (byte) 0x82, (byte) 0xFF, (byte) 0x10, (byte) 0x12};
+ (byte) 0x18, (byte) 0x8D, (byte) 0xA8, (byte) 0x0E,
+ (byte) 0xB0, (byte) 0x30, (byte) 0x90, (byte) 0xF6,
+ (byte) 0x7C, (byte) 0xBF, (byte) 0x20, (byte) 0xEB,
+ (byte) 0x43, (byte) 0xA1, (byte) 0x88, (byte) 0x00,
+ (byte) 0xF4, (byte) 0xFF, (byte) 0x0A, (byte) 0xFD,
+ (byte) 0x82, (byte) 0xFF, (byte) 0x10, (byte) 0x12};
// second part of G uncompressed
- public static final byte[] EC192_FP_G_Y = new byte[]{
- (byte) 0x07, (byte) 0x19, (byte) 0x2B, (byte) 0x95,
- (byte) 0xFF, (byte) 0xC8, (byte) 0xDA, (byte) 0x78,
- (byte) 0x63, (byte) 0x10, (byte) 0x11, (byte) 0xED,
- (byte) 0x6B, (byte) 0x24, (byte) 0xCD, (byte) 0xD5,
- (byte) 0x73, (byte) 0xF9, (byte) 0x77, (byte) 0xA1,
- (byte) 0x1E, (byte) 0x79, (byte) 0x48, (byte) 0x11};
+ public static final byte[] EC192_FP_G_Y = new byte[]{
+ (byte) 0x07, (byte) 0x19, (byte) 0x2B, (byte) 0x95,
+ (byte) 0xFF, (byte) 0xC8, (byte) 0xDA, (byte) 0x78,
+ (byte) 0x63, (byte) 0x10, (byte) 0x11, (byte) 0xED,
+ (byte) 0x6B, (byte) 0x24, (byte) 0xCD, (byte) 0xD5,
+ (byte) 0x73, (byte) 0xF9, (byte) 0x77, (byte) 0xA1,
+ (byte) 0x1E, (byte) 0x79, (byte) 0x48, (byte) 0x11};
// Order of G
public static final byte[] EC192_FP_R = new byte[]{
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0x99, (byte) 0xDE, (byte) 0xF8, (byte) 0x36,
- (byte) 0x14, (byte) 0x6B, (byte) 0xC9, (byte) 0xB1,
- (byte) 0xB4, (byte) 0xD2, (byte) 0x28, (byte) 0x31};
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0x99, (byte) 0xDE, (byte) 0xF8, (byte) 0x36,
+ (byte) 0x14, (byte) 0x6B, (byte) 0xC9, (byte) 0xB1,
+ (byte) 0xB4, (byte) 0xD2, (byte) 0x28, (byte) 0x31};
// cofactor of G
- public static final short EC192_FP_K = 1;
-
+ public static final short EC192_FP_K = 1;
+
// secp224r1 from http://www.secg.org/sec2-v2.pdf
public static final byte[] EC224_FP_P = new byte[]{
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
- (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
- (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x01};
-
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x01};
+
public static final byte[] EC224_FP_A = new byte[]{
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFE,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFE};
-
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFE,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFE};
+
public static final byte[] EC224_FP_B = new byte[]{
- (byte) 0xB4, (byte) 0x05, (byte) 0x0A, (byte) 0x85,
- (byte) 0x0C, (byte) 0x04, (byte) 0xB3, (byte) 0xAB,
- (byte) 0xF5, (byte) 0x41, (byte) 0x32, (byte) 0x56,
- (byte) 0x50, (byte) 0x44, (byte) 0xB0, (byte) 0xB7,
- (byte) 0xD7, (byte) 0xBF, (byte) 0xD8, (byte) 0xBA,
- (byte) 0x27, (byte) 0x0B, (byte) 0x39, (byte) 0x43,
- (byte) 0x23, (byte) 0x55, (byte) 0xFF, (byte) 0xB4};
-
+ (byte) 0xB4, (byte) 0x05, (byte) 0x0A, (byte) 0x85,
+ (byte) 0x0C, (byte) 0x04, (byte) 0xB3, (byte) 0xAB,
+ (byte) 0xF5, (byte) 0x41, (byte) 0x32, (byte) 0x56,
+ (byte) 0x50, (byte) 0x44, (byte) 0xB0, (byte) 0xB7,
+ (byte) 0xD7, (byte) 0xBF, (byte) 0xD8, (byte) 0xBA,
+ (byte) 0x27, (byte) 0x0B, (byte) 0x39, (byte) 0x43,
+ (byte) 0x23, (byte) 0x55, (byte) 0xFF, (byte) 0xB4};
+
// G in compressed form / first part of ucompressed
public static final byte[] EC224_FP_G_X = new byte[]{
- (byte) 0xB7, (byte) 0x0E, (byte) 0x0C, (byte) 0xBD,
- (byte) 0x6B, (byte) 0xB4, (byte) 0xBF, (byte) 0x7F,
- (byte) 0x32, (byte) 0x13, (byte) 0x90, (byte) 0xB9,
- (byte) 0x4A, (byte) 0x03, (byte) 0xC1, (byte) 0xD3,
- (byte) 0x56, (byte) 0xC2, (byte) 0x11, (byte) 0x22,
- (byte) 0x34, (byte) 0x32, (byte) 0x80, (byte) 0xD6,
- (byte) 0x11, (byte) 0x5C, (byte) 0x1D, (byte) 0x21};
+ (byte) 0xB7, (byte) 0x0E, (byte) 0x0C, (byte) 0xBD,
+ (byte) 0x6B, (byte) 0xB4, (byte) 0xBF, (byte) 0x7F,
+ (byte) 0x32, (byte) 0x13, (byte) 0x90, (byte) 0xB9,
+ (byte) 0x4A, (byte) 0x03, (byte) 0xC1, (byte) 0xD3,
+ (byte) 0x56, (byte) 0xC2, (byte) 0x11, (byte) 0x22,
+ (byte) 0x34, (byte) 0x32, (byte) 0x80, (byte) 0xD6,
+ (byte) 0x11, (byte) 0x5C, (byte) 0x1D, (byte) 0x21};
// second part of G uncompressed
public static final byte[] EC224_FP_G_Y = new byte[]{
- (byte) 0xBD, (byte) 0x37, (byte) 0x63, (byte) 0x88,
- (byte) 0xB5, (byte) 0xF7, (byte) 0x23, (byte) 0xFB,
- (byte) 0x4C, (byte) 0x22, (byte) 0xDF, (byte) 0xE6,
- (byte) 0xCD, (byte) 0x43, (byte) 0x75, (byte) 0xA0,
- (byte) 0x5A, (byte) 0x07, (byte) 0x47, (byte) 0x64,
- (byte) 0x44, (byte) 0xD5, (byte) 0x81, (byte) 0x99,
- (byte) 0x85, (byte) 0x00, (byte) 0x7E, (byte) 0x34};
+ (byte) 0xBD, (byte) 0x37, (byte) 0x63, (byte) 0x88,
+ (byte) 0xB5, (byte) 0xF7, (byte) 0x23, (byte) 0xFB,
+ (byte) 0x4C, (byte) 0x22, (byte) 0xDF, (byte) 0xE6,
+ (byte) 0xCD, (byte) 0x43, (byte) 0x75, (byte) 0xA0,
+ (byte) 0x5A, (byte) 0x07, (byte) 0x47, (byte) 0x64,
+ (byte) 0x44, (byte) 0xD5, (byte) 0x81, (byte) 0x99,
+ (byte) 0x85, (byte) 0x00, (byte) 0x7E, (byte) 0x34};
// Order of G
public static final byte[] EC224_FP_R = new byte[]{
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0x16, (byte) 0xA2,
- (byte) 0xE0, (byte) 0xB8, (byte) 0xF0, (byte) 0x3E,
- (byte) 0x13, (byte) 0xDD, (byte) 0x29, (byte) 0x45,
- (byte) 0x5C, (byte) 0x5C, (byte) 0x2A, (byte) 0x3D};
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0x16, (byte) 0xA2,
+ (byte) 0xE0, (byte) 0xB8, (byte) 0xF0, (byte) 0x3E,
+ (byte) 0x13, (byte) 0xDD, (byte) 0x29, (byte) 0x45,
+ (byte) 0x5C, (byte) 0x5C, (byte) 0x2A, (byte) 0x3D};
// cofactor of G
- public static final short EC224_FP_K = 1;
-
+ public static final short EC224_FP_K = 1;
+
// secp256r1 from http://www.secg.org/sec2-v2.pdf
public static final byte[] EC256_FP_P = new byte[]{
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x01,
- (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
- (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
- (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF};
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x01,
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF};
public static final byte[] EC256_FP_A = new byte[]{
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x01,
- (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
- (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
- (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFC};
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x01,
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFC};
public static final byte[] EC256_FP_B = new byte[]{
- (byte) 0x5A, (byte) 0xC6, (byte) 0x35, (byte) 0xD8,
- (byte) 0xAA, (byte) 0x3A, (byte) 0x93, (byte) 0xE7,
- (byte) 0xB3, (byte) 0xEB, (byte) 0xBD, (byte) 0x55,
- (byte) 0x76, (byte) 0x98, (byte) 0x86, (byte) 0xBC,
- (byte) 0x65, (byte) 0x1D, (byte) 0x06, (byte) 0xB0,
- (byte) 0xCC, (byte) 0x53, (byte) 0xB0, (byte) 0xF6,
- (byte) 0x3B, (byte) 0xCE, (byte) 0x3C, (byte) 0x3E,
- (byte) 0x27, (byte) 0xD2, (byte) 0x60, (byte) 0x4B};
+ (byte) 0x5A, (byte) 0xC6, (byte) 0x35, (byte) 0xD8,
+ (byte) 0xAA, (byte) 0x3A, (byte) 0x93, (byte) 0xE7,
+ (byte) 0xB3, (byte) 0xEB, (byte) 0xBD, (byte) 0x55,
+ (byte) 0x76, (byte) 0x98, (byte) 0x86, (byte) 0xBC,
+ (byte) 0x65, (byte) 0x1D, (byte) 0x06, (byte) 0xB0,
+ (byte) 0xCC, (byte) 0x53, (byte) 0xB0, (byte) 0xF6,
+ (byte) 0x3B, (byte) 0xCE, (byte) 0x3C, (byte) 0x3E,
+ (byte) 0x27, (byte) 0xD2, (byte) 0x60, (byte) 0x4B};
// G in compressed form / first part of ucompressed
public static final byte[] EC256_FP_G_X = new byte[]{
- (byte) 0x6B, (byte) 0x17, (byte) 0xD1, (byte) 0xF2,
- (byte) 0xE1, (byte) 0x2C, (byte) 0x42, (byte) 0x47,
- (byte) 0xF8, (byte) 0xBC, (byte) 0xE6, (byte) 0xE5,
- (byte) 0x63, (byte) 0xA4, (byte) 0x40, (byte) 0xF2,
- (byte) 0x77, (byte) 0x03, (byte) 0x7D, (byte) 0x81,
- (byte) 0x2D, (byte) 0xEB, (byte) 0x33, (byte) 0xA0,
- (byte) 0xF4, (byte) 0xA1, (byte) 0x39, (byte) 0x45,
- (byte) 0xD8, (byte) 0x98, (byte) 0xC2, (byte) 0x96};
+ (byte) 0x6B, (byte) 0x17, (byte) 0xD1, (byte) 0xF2,
+ (byte) 0xE1, (byte) 0x2C, (byte) 0x42, (byte) 0x47,
+ (byte) 0xF8, (byte) 0xBC, (byte) 0xE6, (byte) 0xE5,
+ (byte) 0x63, (byte) 0xA4, (byte) 0x40, (byte) 0xF2,
+ (byte) 0x77, (byte) 0x03, (byte) 0x7D, (byte) 0x81,
+ (byte) 0x2D, (byte) 0xEB, (byte) 0x33, (byte) 0xA0,
+ (byte) 0xF4, (byte) 0xA1, (byte) 0x39, (byte) 0x45,
+ (byte) 0xD8, (byte) 0x98, (byte) 0xC2, (byte) 0x96};
// second part of G uncompressed
public static final byte[] EC256_FP_G_Y = new byte[]{
- (byte) 0x4F, (byte) 0xE3, (byte) 0x42, (byte) 0xE2,
- (byte) 0xFE, (byte) 0x1A, (byte) 0x7F, (byte) 0x9B,
- (byte) 0x8E, (byte) 0xE7, (byte) 0xEB, (byte) 0x4A,
- (byte) 0x7C, (byte) 0x0F, (byte) 0x9E, (byte) 0x16,
- (byte) 0x2B, (byte) 0xCE, (byte) 0x33, (byte) 0x57,
- (byte) 0x6B, (byte) 0x31, (byte) 0x5E, (byte) 0xCE,
- (byte) 0xCB, (byte) 0xB6, (byte) 0x40, (byte) 0x68,
- (byte) 0x37, (byte) 0xBF, (byte) 0x51, (byte) 0xF5};
+ (byte) 0x4F, (byte) 0xE3, (byte) 0x42, (byte) 0xE2,
+ (byte) 0xFE, (byte) 0x1A, (byte) 0x7F, (byte) 0x9B,
+ (byte) 0x8E, (byte) 0xE7, (byte) 0xEB, (byte) 0x4A,
+ (byte) 0x7C, (byte) 0x0F, (byte) 0x9E, (byte) 0x16,
+ (byte) 0x2B, (byte) 0xCE, (byte) 0x33, (byte) 0x57,
+ (byte) 0x6B, (byte) 0x31, (byte) 0x5E, (byte) 0xCE,
+ (byte) 0xCB, (byte) 0xB6, (byte) 0x40, (byte) 0x68,
+ (byte) 0x37, (byte) 0xBF, (byte) 0x51, (byte) 0xF5};
// Order of G
public static final byte[] EC256_FP_R = new byte[]{
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xBC, (byte) 0xE6, (byte) 0xFA, (byte) 0xAD,
- (byte) 0xA7, (byte) 0x17, (byte) 0x9E, (byte) 0x84,
- (byte) 0xF3, (byte) 0xB9, (byte) 0xCA, (byte) 0xC2,
- (byte) 0xFC, (byte) 0x63, (byte) 0x25, (byte) 0x51};
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xBC, (byte) 0xE6, (byte) 0xFA, (byte) 0xAD,
+ (byte) 0xA7, (byte) 0x17, (byte) 0x9E, (byte) 0x84,
+ (byte) 0xF3, (byte) 0xB9, (byte) 0xCA, (byte) 0xC2,
+ (byte) 0xFC, (byte) 0x63, (byte) 0x25, (byte) 0x51};
// cofactor of G
- public static final short EC256_FP_K = 1;
-
+ public static final short EC256_FP_K = 1;
+
// secp384r1 from http://www.secg.org/sec2-v2.pdf
public static final byte[] EC384_FP_P = new byte[]{
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFE,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
- (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF};
-
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFE,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF};
+
public static final byte[] EC384_FP_A = new byte[]{
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFE,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
- (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFC};
-
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFE,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFC};
+
public static final byte[] EC384_FP_B = new byte[]{
- (byte) 0xB3, (byte) 0x31, (byte) 0x2F, (byte) 0xA7,
- (byte) 0xE2, (byte) 0x3E, (byte) 0xE7, (byte) 0xE4,
- (byte) 0x98, (byte) 0x8E, (byte) 0x05, (byte) 0x6B,
- (byte) 0xE3, (byte) 0xF8, (byte) 0x2D, (byte) 0x19,
- (byte) 0x18, (byte) 0x1D, (byte) 0x9C, (byte) 0x6E,
- (byte) 0xFE, (byte) 0x81, (byte) 0x41, (byte) 0x12,
- (byte) 0x03, (byte) 0x14, (byte) 0x08, (byte) 0x8F,
- (byte) 0x50, (byte) 0x13, (byte) 0x87, (byte) 0x5A,
- (byte) 0xC6, (byte) 0x56, (byte) 0x39, (byte) 0x8D,
- (byte) 0x8A, (byte) 0x2E, (byte) 0xD1, (byte) 0x9D,
- (byte) 0x2A, (byte) 0x85, (byte) 0xC8, (byte) 0xED,
- (byte) 0xD3, (byte) 0xEC, (byte) 0x2A, (byte) 0xEF};
-
+ (byte) 0xB3, (byte) 0x31, (byte) 0x2F, (byte) 0xA7,
+ (byte) 0xE2, (byte) 0x3E, (byte) 0xE7, (byte) 0xE4,
+ (byte) 0x98, (byte) 0x8E, (byte) 0x05, (byte) 0x6B,
+ (byte) 0xE3, (byte) 0xF8, (byte) 0x2D, (byte) 0x19,
+ (byte) 0x18, (byte) 0x1D, (byte) 0x9C, (byte) 0x6E,
+ (byte) 0xFE, (byte) 0x81, (byte) 0x41, (byte) 0x12,
+ (byte) 0x03, (byte) 0x14, (byte) 0x08, (byte) 0x8F,
+ (byte) 0x50, (byte) 0x13, (byte) 0x87, (byte) 0x5A,
+ (byte) 0xC6, (byte) 0x56, (byte) 0x39, (byte) 0x8D,
+ (byte) 0x8A, (byte) 0x2E, (byte) 0xD1, (byte) 0x9D,
+ (byte) 0x2A, (byte) 0x85, (byte) 0xC8, (byte) 0xED,
+ (byte) 0xD3, (byte) 0xEC, (byte) 0x2A, (byte) 0xEF};
+
// G in compressed form / first part of ucompressed
public static final byte[] EC384_FP_G_X = new byte[]{
- (byte) 0xAA, (byte) 0x87, (byte) 0xCA, (byte) 0x22,
- (byte) 0xBE, (byte) 0x8B, (byte) 0x05, (byte) 0x37,
- (byte) 0x8E, (byte) 0xB1, (byte) 0xC7, (byte) 0x1E,
- (byte) 0xF3, (byte) 0x20, (byte) 0xAD, (byte) 0x74,
- (byte) 0x6E, (byte) 0x1D, (byte) 0x3B, (byte) 0x62,
- (byte) 0x8B, (byte) 0xA7, (byte) 0x9B, (byte) 0x98,
- (byte) 0x59, (byte) 0xF7, (byte) 0x41, (byte) 0xE0,
- (byte) 0x82, (byte) 0x54, (byte) 0x2A, (byte) 0x38,
- (byte) 0x55, (byte) 0x02, (byte) 0xF2, (byte) 0x5D,
- (byte) 0xBF, (byte) 0x55, (byte) 0x29, (byte) 0x6C,
- (byte) 0x3A, (byte) 0x54, (byte) 0x5E, (byte) 0x38,
- (byte) 0x72, (byte) 0x76, (byte) 0x0A, (byte) 0xB7};
+ (byte) 0xAA, (byte) 0x87, (byte) 0xCA, (byte) 0x22,
+ (byte) 0xBE, (byte) 0x8B, (byte) 0x05, (byte) 0x37,
+ (byte) 0x8E, (byte) 0xB1, (byte) 0xC7, (byte) 0x1E,
+ (byte) 0xF3, (byte) 0x20, (byte) 0xAD, (byte) 0x74,
+ (byte) 0x6E, (byte) 0x1D, (byte) 0x3B, (byte) 0x62,
+ (byte) 0x8B, (byte) 0xA7, (byte) 0x9B, (byte) 0x98,
+ (byte) 0x59, (byte) 0xF7, (byte) 0x41, (byte) 0xE0,
+ (byte) 0x82, (byte) 0x54, (byte) 0x2A, (byte) 0x38,
+ (byte) 0x55, (byte) 0x02, (byte) 0xF2, (byte) 0x5D,
+ (byte) 0xBF, (byte) 0x55, (byte) 0x29, (byte) 0x6C,
+ (byte) 0x3A, (byte) 0x54, (byte) 0x5E, (byte) 0x38,
+ (byte) 0x72, (byte) 0x76, (byte) 0x0A, (byte) 0xB7};
// second part of G uncompressed
public static final byte[] EC384_FP_G_Y = new byte[]{
- (byte) 0x36, (byte) 0x17, (byte) 0xDE, (byte) 0x4A,
- (byte) 0x96, (byte) 0x26, (byte) 0x2C, (byte) 0x6F,
- (byte) 0x5D, (byte) 0x9E, (byte) 0x98, (byte) 0xBF,
- (byte) 0x92, (byte) 0x92, (byte) 0xDC, (byte) 0x29,
- (byte) 0xF8, (byte) 0xF4, (byte) 0x1D, (byte) 0xBD,
- (byte) 0x28, (byte) 0x9A, (byte) 0x14, (byte) 0x7C,
- (byte) 0xE9, (byte) 0xDA, (byte) 0x31, (byte) 0x13,
- (byte) 0xB5, (byte) 0xF0, (byte) 0xB8, (byte) 0xC0,
- (byte) 0x0A, (byte) 0x60, (byte) 0xB1, (byte) 0xCE,
- (byte) 0x1D, (byte) 0x7E, (byte) 0x81, (byte) 0x9D,
- (byte) 0x7A, (byte) 0x43, (byte) 0x1D, (byte) 0x7C,
- (byte) 0x90, (byte) 0xEA, (byte) 0x0E, (byte) 0x5F};
-
+ (byte) 0x36, (byte) 0x17, (byte) 0xDE, (byte) 0x4A,
+ (byte) 0x96, (byte) 0x26, (byte) 0x2C, (byte) 0x6F,
+ (byte) 0x5D, (byte) 0x9E, (byte) 0x98, (byte) 0xBF,
+ (byte) 0x92, (byte) 0x92, (byte) 0xDC, (byte) 0x29,
+ (byte) 0xF8, (byte) 0xF4, (byte) 0x1D, (byte) 0xBD,
+ (byte) 0x28, (byte) 0x9A, (byte) 0x14, (byte) 0x7C,
+ (byte) 0xE9, (byte) 0xDA, (byte) 0x31, (byte) 0x13,
+ (byte) 0xB5, (byte) 0xF0, (byte) 0xB8, (byte) 0xC0,
+ (byte) 0x0A, (byte) 0x60, (byte) 0xB1, (byte) 0xCE,
+ (byte) 0x1D, (byte) 0x7E, (byte) 0x81, (byte) 0x9D,
+ (byte) 0x7A, (byte) 0x43, (byte) 0x1D, (byte) 0x7C,
+ (byte) 0x90, (byte) 0xEA, (byte) 0x0E, (byte) 0x5F};
+
// Order of G
public static final byte[] EC384_FP_R = new byte[]{
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xC7, (byte) 0x63, (byte) 0x4D, (byte) 0x81,
- (byte) 0xF4, (byte) 0x37, (byte) 0x2D, (byte) 0xDF,
- (byte) 0x58, (byte) 0x1A, (byte) 0x0D, (byte) 0xB2,
- (byte) 0x48, (byte) 0xB0, (byte) 0xA7, (byte) 0x7A,
- (byte) 0xEC, (byte) 0xEC, (byte) 0x19, (byte) 0x6A,
- (byte) 0xCC, (byte) 0xC5, (byte) 0x29, (byte) 0x73};
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xC7, (byte) 0x63, (byte) 0x4D, (byte) 0x81,
+ (byte) 0xF4, (byte) 0x37, (byte) 0x2D, (byte) 0xDF,
+ (byte) 0x58, (byte) 0x1A, (byte) 0x0D, (byte) 0xB2,
+ (byte) 0x48, (byte) 0xB0, (byte) 0xA7, (byte) 0x7A,
+ (byte) 0xEC, (byte) 0xEC, (byte) 0x19, (byte) 0x6A,
+ (byte) 0xCC, (byte) 0xC5, (byte) 0x29, (byte) 0x73};
// cofactor of G
- public static final short EC384_FP_K = 1;
-
-
+ public static final short EC384_FP_K = 1;
+
+
// secp521r1 from http://www.secg.org/sec2-v2.pdf
public static final byte[] EC521_FP_P = new byte[]{
- (byte) 0x01, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF};
+ (byte) 0x01, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF};
public static final byte[] EC521_FP_A = new byte[]{
- (byte) 0x01, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFC};
+ (byte) 0x01, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFC};
public static final byte[] EC521_FP_B = new byte[]{
- (byte) 0x00, (byte) 0x51, (byte) 0x95, (byte) 0x3E,
- (byte) 0xB9, (byte) 0x61, (byte) 0x8E, (byte) 0x1C,
- (byte) 0x9A, (byte) 0x1F, (byte) 0x92, (byte) 0x9A,
- (byte) 0x21, (byte) 0xA0, (byte) 0xB6, (byte) 0x85,
- (byte) 0x40, (byte) 0xEE, (byte) 0xA2, (byte) 0xDA,
- (byte) 0x72, (byte) 0x5B, (byte) 0x99, (byte) 0xB3,
- (byte) 0x15, (byte) 0xF3, (byte) 0xB8, (byte) 0xB4,
- (byte) 0x89, (byte) 0x91, (byte) 0x8E, (byte) 0xF1,
- (byte) 0x09, (byte) 0xE1, (byte) 0x56, (byte) 0x19,
- (byte) 0x39, (byte) 0x51, (byte) 0xEC, (byte) 0x7E,
- (byte) 0x93, (byte) 0x7B, (byte) 0x16, (byte) 0x52,
- (byte) 0xC0, (byte) 0xBD, (byte) 0x3B, (byte) 0xB1,
- (byte) 0xBF, (byte) 0x07, (byte) 0x35, (byte) 0x73,
- (byte) 0xDF, (byte) 0x88, (byte) 0x3D, (byte) 0x2C,
- (byte) 0x34, (byte) 0xF1, (byte) 0xEF, (byte) 0x45,
- (byte) 0x1F, (byte) 0xD4, (byte) 0x6B, (byte) 0x50,
- (byte) 0x3F, (byte) 0x00};
+ (byte) 0x00, (byte) 0x51, (byte) 0x95, (byte) 0x3E,
+ (byte) 0xB9, (byte) 0x61, (byte) 0x8E, (byte) 0x1C,
+ (byte) 0x9A, (byte) 0x1F, (byte) 0x92, (byte) 0x9A,
+ (byte) 0x21, (byte) 0xA0, (byte) 0xB6, (byte) 0x85,
+ (byte) 0x40, (byte) 0xEE, (byte) 0xA2, (byte) 0xDA,
+ (byte) 0x72, (byte) 0x5B, (byte) 0x99, (byte) 0xB3,
+ (byte) 0x15, (byte) 0xF3, (byte) 0xB8, (byte) 0xB4,
+ (byte) 0x89, (byte) 0x91, (byte) 0x8E, (byte) 0xF1,
+ (byte) 0x09, (byte) 0xE1, (byte) 0x56, (byte) 0x19,
+ (byte) 0x39, (byte) 0x51, (byte) 0xEC, (byte) 0x7E,
+ (byte) 0x93, (byte) 0x7B, (byte) 0x16, (byte) 0x52,
+ (byte) 0xC0, (byte) 0xBD, (byte) 0x3B, (byte) 0xB1,
+ (byte) 0xBF, (byte) 0x07, (byte) 0x35, (byte) 0x73,
+ (byte) 0xDF, (byte) 0x88, (byte) 0x3D, (byte) 0x2C,
+ (byte) 0x34, (byte) 0xF1, (byte) 0xEF, (byte) 0x45,
+ (byte) 0x1F, (byte) 0xD4, (byte) 0x6B, (byte) 0x50,
+ (byte) 0x3F, (byte) 0x00};
// G in compressed form / first part of ucompressed
public static final byte[] EC521_FP_G_X = new byte[]{
- (byte) 0x00, (byte) 0xC6, (byte) 0x85, (byte) 0x8E,
- (byte) 0x06, (byte) 0xB7, (byte) 0x04, (byte) 0x04,
- (byte) 0xE9, (byte) 0xCD, (byte) 0x9E, (byte) 0x3E,
- (byte) 0xCB, (byte) 0x66, (byte) 0x23, (byte) 0x95,
- (byte) 0xB4, (byte) 0x42, (byte) 0x9C, (byte) 0x64,
- (byte) 0x81, (byte) 0x39, (byte) 0x05, (byte) 0x3F,
- (byte) 0xB5, (byte) 0x21, (byte) 0xF8, (byte) 0x28,
- (byte) 0xAF, (byte) 0x60, (byte) 0x6B, (byte) 0x4D,
- (byte) 0x3D, (byte) 0xBA, (byte) 0xA1, (byte) 0x4B,
- (byte) 0x5E, (byte) 0x77, (byte) 0xEF, (byte) 0xE7,
- (byte) 0x59, (byte) 0x28, (byte) 0xFE, (byte) 0x1D,
- (byte) 0xC1, (byte) 0x27, (byte) 0xA2, (byte) 0xFF,
- (byte) 0xA8, (byte) 0xDE, (byte) 0x33, (byte) 0x48,
- (byte) 0xB3, (byte) 0xC1, (byte) 0x85, (byte) 0x6A,
- (byte) 0x42, (byte) 0x9B, (byte) 0xF9, (byte) 0x7E,
- (byte) 0x7E, (byte) 0x31, (byte) 0xC2, (byte) 0xE5,
- (byte) 0xBD, (byte) 0x66};
-
+ (byte) 0x00, (byte) 0xC6, (byte) 0x85, (byte) 0x8E,
+ (byte) 0x06, (byte) 0xB7, (byte) 0x04, (byte) 0x04,
+ (byte) 0xE9, (byte) 0xCD, (byte) 0x9E, (byte) 0x3E,
+ (byte) 0xCB, (byte) 0x66, (byte) 0x23, (byte) 0x95,
+ (byte) 0xB4, (byte) 0x42, (byte) 0x9C, (byte) 0x64,
+ (byte) 0x81, (byte) 0x39, (byte) 0x05, (byte) 0x3F,
+ (byte) 0xB5, (byte) 0x21, (byte) 0xF8, (byte) 0x28,
+ (byte) 0xAF, (byte) 0x60, (byte) 0x6B, (byte) 0x4D,
+ (byte) 0x3D, (byte) 0xBA, (byte) 0xA1, (byte) 0x4B,
+ (byte) 0x5E, (byte) 0x77, (byte) 0xEF, (byte) 0xE7,
+ (byte) 0x59, (byte) 0x28, (byte) 0xFE, (byte) 0x1D,
+ (byte) 0xC1, (byte) 0x27, (byte) 0xA2, (byte) 0xFF,
+ (byte) 0xA8, (byte) 0xDE, (byte) 0x33, (byte) 0x48,
+ (byte) 0xB3, (byte) 0xC1, (byte) 0x85, (byte) 0x6A,
+ (byte) 0x42, (byte) 0x9B, (byte) 0xF9, (byte) 0x7E,
+ (byte) 0x7E, (byte) 0x31, (byte) 0xC2, (byte) 0xE5,
+ (byte) 0xBD, (byte) 0x66};
+
// second part of G uncompressed
public static final byte[] EC521_FP_G_Y = new byte[]{
- (byte) 0x01, (byte) 0x18, (byte) 0x39, (byte) 0x29,
- (byte) 0x6A, (byte) 0x78, (byte) 0x9A, (byte) 0x3B,
- (byte) 0xC0, (byte) 0x04, (byte) 0x5C, (byte) 0x8A,
- (byte) 0x5F, (byte) 0xB4, (byte) 0x2C, (byte) 0x7D,
- (byte) 0x1B, (byte) 0xD9, (byte) 0x98, (byte) 0xF5,
- (byte) 0x44, (byte) 0x49, (byte) 0x57, (byte) 0x9B,
- (byte) 0x44, (byte) 0x68, (byte) 0x17, (byte) 0xAF,
- (byte) 0xBD, (byte) 0x17, (byte) 0x27, (byte) 0x3E,
- (byte) 0x66, (byte) 0x2C, (byte) 0x97, (byte) 0xEE,
- (byte) 0x72, (byte) 0x99, (byte) 0x5E, (byte) 0xF4,
- (byte) 0x26, (byte) 0x40, (byte) 0xC5, (byte) 0x50,
- (byte) 0xB9, (byte) 0x01, (byte) 0x3F, (byte) 0xAD,
- (byte) 0x07, (byte) 0x61, (byte) 0x35, (byte) 0x3C,
- (byte) 0x70, (byte) 0x86, (byte) 0xA2, (byte) 0x72,
- (byte) 0xC2, (byte) 0x40, (byte) 0x88, (byte) 0xBE,
- (byte) 0x94, (byte) 0x76, (byte) 0x9F, (byte) 0xD1,
- (byte) 0x66, (byte) 0x50};
+ (byte) 0x01, (byte) 0x18, (byte) 0x39, (byte) 0x29,
+ (byte) 0x6A, (byte) 0x78, (byte) 0x9A, (byte) 0x3B,
+ (byte) 0xC0, (byte) 0x04, (byte) 0x5C, (byte) 0x8A,
+ (byte) 0x5F, (byte) 0xB4, (byte) 0x2C, (byte) 0x7D,
+ (byte) 0x1B, (byte) 0xD9, (byte) 0x98, (byte) 0xF5,
+ (byte) 0x44, (byte) 0x49, (byte) 0x57, (byte) 0x9B,
+ (byte) 0x44, (byte) 0x68, (byte) 0x17, (byte) 0xAF,
+ (byte) 0xBD, (byte) 0x17, (byte) 0x27, (byte) 0x3E,
+ (byte) 0x66, (byte) 0x2C, (byte) 0x97, (byte) 0xEE,
+ (byte) 0x72, (byte) 0x99, (byte) 0x5E, (byte) 0xF4,
+ (byte) 0x26, (byte) 0x40, (byte) 0xC5, (byte) 0x50,
+ (byte) 0xB9, (byte) 0x01, (byte) 0x3F, (byte) 0xAD,
+ (byte) 0x07, (byte) 0x61, (byte) 0x35, (byte) 0x3C,
+ (byte) 0x70, (byte) 0x86, (byte) 0xA2, (byte) 0x72,
+ (byte) 0xC2, (byte) 0x40, (byte) 0x88, (byte) 0xBE,
+ (byte) 0x94, (byte) 0x76, (byte) 0x9F, (byte) 0xD1,
+ (byte) 0x66, (byte) 0x50};
// Order of G
public static final byte[] EC521_FP_R = new byte[]{
- (byte) 0x01, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFA,
- (byte) 0x51, (byte) 0x86, (byte) 0x87, (byte) 0x83,
- (byte) 0xBF, (byte) 0x2F, (byte) 0x96, (byte) 0x6B,
- (byte) 0x7F, (byte) 0xCC, (byte) 0x01, (byte) 0x48,
- (byte) 0xF7, (byte) 0x09, (byte) 0xA5, (byte) 0xD0,
- (byte) 0x3B, (byte) 0xB5, (byte) 0xC9, (byte) 0xB8,
- (byte) 0x89, (byte) 0x9C, (byte) 0x47, (byte) 0xAE,
- (byte) 0xBB, (byte) 0x6F, (byte) 0xB7, (byte) 0x1E,
- (byte) 0x91, (byte) 0x38, (byte) 0x64, (byte) 0x09};
-
+ (byte) 0x01, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFA,
+ (byte) 0x51, (byte) 0x86, (byte) 0x87, (byte) 0x83,
+ (byte) 0xBF, (byte) 0x2F, (byte) 0x96, (byte) 0x6B,
+ (byte) 0x7F, (byte) 0xCC, (byte) 0x01, (byte) 0x48,
+ (byte) 0xF7, (byte) 0x09, (byte) 0xA5, (byte) 0xD0,
+ (byte) 0x3B, (byte) 0xB5, (byte) 0xC9, (byte) 0xB8,
+ (byte) 0x89, (byte) 0x9C, (byte) 0x47, (byte) 0xAE,
+ (byte) 0xBB, (byte) 0x6F, (byte) 0xB7, (byte) 0x1E,
+ (byte) 0x91, (byte) 0x38, (byte) 0x64, (byte) 0x09};
+
// cofactor of G
public static final short EC521_FP_K = 1;
+ //sect163r1 from http://www.secg.org/sec2-v2.pdf
+ // [short i1, short i2, short i3] f = x^163 + x^i1 + x^i2 + x^i3 + 1
+ public static final byte[] EC163_F2M_F = new byte[]{
+ (byte) 0, (byte) 7, (byte) 0, (byte) 6, (byte) 0, (byte) 3
+ };
+ public static final byte[] EC163_F2M_A = new byte[]{
+ (byte) 0x07, (byte) 0xB6, (byte) 0x88, (byte) 0x2C,
+ (byte) 0xAA, (byte) 0xEF, (byte) 0xA8, (byte) 0x4F,
+ (byte) 0x95, (byte) 0x54, (byte) 0xFF, (byte) 0x84,
+ (byte) 0x28, (byte) 0xBD, (byte) 0x88, (byte) 0xE2,
+ (byte) 0x46, (byte) 0xD2, (byte) 0x78, (byte) 0x2A,
+ (byte) 0xE2
+ };
-
- public static final byte VALID_KEY = 1;
- public static final byte INVALIDB_FIXED = 2;
- public static final byte INVALIDB_RANDOM = 3;
+ public static final byte[] EC163_F2M_B = new byte[]{
+ (byte) 0x07, (byte) 0x13, (byte) 0x61, (byte) 0x2D,
+ (byte) 0xCD, (byte) 0xDC, (byte) 0xB4, (byte) 0x0A,
+ (byte) 0xAB, (byte) 0x94, (byte) 0x6B, (byte) 0xDA,
+ (byte) 0x29, (byte) 0xCA, (byte) 0x91, (byte) 0xF7,
+ (byte) 0x3A, (byte) 0xF9, (byte) 0x58, (byte) 0xAF,
+ (byte) 0xD9
+ };
- public static void setValidECKeyParams(ECPublicKey ecPubKey, ECPrivateKey ecPrivKey, byte ecClass, short ecLength, byte[] auxBuffer) {
- setECKeyParams(ecPubKey, ecPrivKey, ecClass, ecLength, auxBuffer, VALID_KEY);
- }
- public static void setInValidECKeyParams(ECPublicKey ecPubKey, ECPrivateKey ecPrivKey, byte ecClass, short ecLength, byte[] auxBuffer) {
- setECKeyParams(ecPubKey, ecPrivKey, ecClass, ecLength, auxBuffer, INVALIDB_FIXED);
- }
- public static void setInValidECKeyParamsRandomB(ECPublicKey ecPubKey, ECPrivateKey ecPrivKey, byte ecClass, short ecLength, byte[] auxBuffer) {
- setECKeyParams(ecPubKey, ecPrivKey, ecClass, ecLength, auxBuffer, INVALIDB_RANDOM);
- }
- private static void setECKeyParams(ECPublicKey ecPubKey, ECPrivateKey ecPrivKey, byte ecClass, short ecLength, byte[] auxBuffer, byte bInvalidKeyType) {
- if (ecClass == KeyPair.ALG_EC_FP) {
- // Select proper courve parameters
- switch (ecLength) {
- case (short) 128: {
- EC_FP_P = EC128_FP_P;
- EC_FP_A = EC128_FP_A;
- EC_FP_B = EC128_FP_B;
- EC_FP_G_X = EC128_FP_G_X;
- EC_FP_G_Y = EC128_FP_G_Y;
- EC_FP_R = EC128_FP_R;
- EC_FP_K = EC128_FP_K;
- break;
- }
- case (short) 160: {
- EC_FP_P = EC160_FP_P;
- EC_FP_A = EC160_FP_A;
- EC_FP_B = EC160_FP_B;
- EC_FP_G_X = EC160_FP_G_X;
- EC_FP_G_Y = EC160_FP_G_Y;
- EC_FP_R = EC160_FP_R;
- EC_FP_K = EC160_FP_K;
- break;
- }
- case (short) 192: {
- EC_FP_P = EC192_FP_P;
- EC_FP_A = EC192_FP_A;
- EC_FP_B = EC192_FP_B;
- EC_FP_G_X = EC192_FP_G_X;
- EC_FP_G_Y = EC192_FP_G_Y;
- EC_FP_R = EC192_FP_R;
- EC_FP_K = EC192_FP_K;
- break;
- }
- case (short) 224: {
- EC_FP_P = EC224_FP_P;
- EC_FP_A = EC224_FP_A;
- EC_FP_B = EC224_FP_B;
- EC_FP_G_X = EC224_FP_G_X;
- EC_FP_G_Y = EC224_FP_G_Y;
- EC_FP_R = EC224_FP_R;
- EC_FP_K = EC224_FP_K;
- break;
- }
- case (short) 256: {
- EC_FP_P = EC256_FP_P;
- EC_FP_A = EC256_FP_A;
- EC_FP_B = EC256_FP_B;
- EC_FP_G_X = EC256_FP_G_X;
- EC_FP_G_Y = EC256_FP_G_Y;
- EC_FP_R = EC256_FP_R;
- EC_FP_K = EC256_FP_K;
- break;
- }
- case (short) 384: {
- EC_FP_P = EC384_FP_P;
- EC_FP_A = EC384_FP_A;
- EC_FP_B = EC384_FP_B;
- EC_FP_G_X = EC384_FP_G_X;
- EC_FP_G_Y = EC384_FP_G_Y;
- EC_FP_R = EC384_FP_R;
- EC_FP_K = EC384_FP_K;
- break;
- }
- case (short) 521: {
- EC_FP_P = EC521_FP_P;
- EC_FP_A = EC521_FP_A;
- EC_FP_B = EC521_FP_B;
- EC_FP_G_X = EC521_FP_G_X;
- EC_FP_G_Y = EC521_FP_G_Y;
- EC_FP_R = EC521_FP_R;
- EC_FP_K = EC521_FP_K;
- break;
- }
- default: {
+ // G in compressed form / first part of ucompressed
+ public static final byte[] EC163_F2M_G_X = new byte[]{
+ (byte) 0x03, (byte) 0x69, (byte) 0x97, (byte) 0x96,
+ (byte) 0x97, (byte) 0xAB, (byte) 0x43, (byte) 0x89,
+ (byte) 0x77, (byte) 0x89, (byte) 0x56, (byte) 0x67,
+ (byte) 0x89, (byte) 0x56, (byte) 0x7F, (byte) 0x78,
+ (byte) 0x7A, (byte) 0x78, (byte) 0x76, (byte) 0xA6,
+ (byte) 0x54
+ };
+
+ // second part of G uncompressed
+ public static final byte[] EC163_F2M_G_Y = new byte[]{
+ (byte) 0x00, (byte) 0x43, (byte) 0x5E, (byte) 0xDB,
+ (byte) 0x42, (byte) 0xEF, (byte) 0xAF, (byte) 0xB2,
+ (byte) 0x98, (byte) 0x9D, (byte) 0x51, (byte) 0xFE,
+ (byte) 0xFC, (byte) 0xE3, (byte) 0xC8, (byte) 0x09,
+ (byte) 0x88, (byte) 0xF4, (byte) 0x1F, (byte) 0xF8,
+ (byte) 0x83
+ };
+
+ // order of G
+ public static final byte[] EC163_F2M_R = new byte[]{
+ (byte) 0x03, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0x48,
+ (byte) 0xAA, (byte) 0xB6, (byte) 0x89, (byte) 0xC2,
+ (byte) 0x9C, (byte) 0xA7, (byte) 0x10, (byte) 0x27,
+ (byte) 0x9B
+ };
+
+ // cofactor of G
+ public static final short EC163_F2M_K = 2;
+
+ // getCorruptCurveParameter PARAMETER_CORRUPTION TYPES
+ public static final short CORRUPTION_NONE = 0x01;
+ public static final short CORRUPTION_FIXED = 0x02;
+ public static final short CORRUPTION_FULLRANDOM = 0x03;
+ public static final short CORRUPTION_ONEBYTERANDOM = 0x04;
+ public static final short CORRUPTION_ZERO = 0x05;
+ public static final short CORRUPTION_ONE = 0x06;
+
+ // Supported embedded curves, getCurveParameter
+ // SECP recommended curves over FP
+ public static final byte CURVE_secp128r1 = 1;
+ public static final byte CURVE_secp160r1 = 2;
+ public static final byte CURVE_secp192r1 = 3;
+ public static final byte CURVE_secp224r1 = 4;
+ public static final byte CURVE_secp256r1 = 5;
+ public static final byte CURVE_secp384r1 = 6;
+ public static final byte CURVE_secp521r1 = 7;
+
+ public static final byte FP_CURVES = 7;
+
+ // SECP recommended curves over F2M
+ public static final byte CURVE_sect163r1 = 8;
+ public static final byte CURVE_sect233r1 = 9;
+ public static final byte CURVE_sect283r1 = 10;
+ public static final byte CURVE_sect409r1 = 11;
+ public static final byte CURVE_sect571r1 = 12;
+
+ public static final byte F2M_CURVES = 12;
+
+ public static byte getCurve(short keyClass, short keyLength) {
+ if (keyClass == KeyPair.ALG_EC_FP) {
+ switch (keyLength) {
+ case (short) 128:
+ return CURVE_secp128r1;
+ case (short) 160:
+ return CURVE_secp160r1;
+ case (short) 192:
+ return CURVE_secp192r1;
+ case (short) 224:
+ return CURVE_secp224r1;
+ case (short) 256:
+ return CURVE_secp256r1;
+ case (short) 384:
+ return CURVE_secp384r1;
+ case (short) 521:
+ return CURVE_secp521r1;
+ default:
ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
- }
}
-
- // prepare an ANSI X9.62 uncompressed EC point representation for G
- short gSize = (short) 1;
- gSize += (short) EC_FP_G_X.length;
- gSize += (short) EC_FP_G_Y.length;
- auxBuffer[0] = 0x04;
- short off = 1;
- off = Util.arrayCopyNonAtomic(EC_FP_G_X, (short) 0, auxBuffer, off, (short) EC_FP_G_X.length);
- Util.arrayCopyNonAtomic(EC_FP_G_Y, (short) 0, auxBuffer, off, (short) EC_FP_G_Y.length);
- ecPubKey.setG(auxBuffer, (short) 0, gSize);
- ecPrivKey.setG(auxBuffer, (short) 0, gSize);
-
- // pre-set basic EC parameters:
- ecPubKey.setFieldFP(EC_FP_P, (short) 0, (short) EC_FP_P.length);
- ecPrivKey.setFieldFP(EC_FP_P, (short) 0, (short) EC_FP_P.length);
- ecPubKey.setA(EC_FP_A, (short) 0, (short) EC_FP_A.length);
- ecPrivKey.setA(EC_FP_A, (short) 0, (short) EC_FP_A.length);
+ } else if (keyClass == KeyPair.ALG_EC_F2M) {
+ switch (keyLength) {
+ case (short) 163:
+ return CURVE_sect163r1;
+ case (short) 233:
+ return CURVE_sect233r1;
+ case (short) 283:
+ return CURVE_sect283r1;
+ case (short) 409:
+ return CURVE_sect409r1;
+ case (short) 571:
+ return CURVE_sect571r1;
+ default:
+ ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
+ }
+ } else {
+ ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
+ }
+ return 0; //will not be reached
+ }
- if (bInvalidKeyType == VALID_KEY) {
- // No corruption
- ecPubKey.setB(EC_FP_B, (short) 0, (short) EC_FP_B.length);
+ public static short getCurveParameter(byte curve, byte param, byte[] outputBuffer, short outputOffset) {
+ byte alg = getCurveType(curve);
+ switch (curve) {
+ case CURVE_secp128r1: {
+ EC_FP_P = EC128_FP_P;
+ EC_A = EC128_FP_A;
+ EC_B = EC128_FP_B;
+ EC_G_X = EC128_FP_G_X;
+ EC_G_Y = EC128_FP_G_Y;
+ EC_R = EC128_FP_R;
+ EC_K = EC128_FP_K;
+ break;
+ }
+ case CURVE_secp160r1: {
+ EC_FP_P = EC160_FP_P;
+ EC_A = EC160_FP_A;
+ EC_B = EC160_FP_B;
+ EC_G_X = EC160_FP_G_X;
+ EC_G_Y = EC160_FP_G_Y;
+ EC_R = EC160_FP_R;
+ EC_K = EC160_FP_K;
+ break;
+ }
+ case CURVE_secp192r1: {
+ EC_FP_P = EC192_FP_P;
+ EC_A = EC192_FP_A;
+ EC_B = EC192_FP_B;
+ EC_G_X = EC192_FP_G_X;
+ EC_G_Y = EC192_FP_G_Y;
+ EC_R = EC192_FP_R;
+ EC_K = EC192_FP_K;
+ break;
+ }
+ case CURVE_secp224r1: {
+ EC_FP_P = EC224_FP_P;
+ EC_A = EC224_FP_A;
+ EC_B = EC224_FP_B;
+ EC_G_X = EC224_FP_G_X;
+ EC_G_Y = EC224_FP_G_Y;
+ EC_R = EC224_FP_R;
+ EC_K = EC224_FP_K;
+ break;
+ }
+ case CURVE_secp256r1: {
+ EC_FP_P = EC256_FP_P;
+ EC_A = EC256_FP_A;
+ EC_B = EC256_FP_B;
+ EC_G_X = EC256_FP_G_X;
+ EC_G_Y = EC256_FP_G_Y;
+ EC_R = EC256_FP_R;
+ EC_K = EC256_FP_K;
+ break;
+ }
+ case CURVE_secp384r1: {
+ EC_FP_P = EC384_FP_P;
+ EC_A = EC384_FP_A;
+ EC_B = EC384_FP_B;
+ EC_G_X = EC384_FP_G_X;
+ EC_G_Y = EC384_FP_G_Y;
+ EC_R = EC384_FP_R;
+ EC_K = EC384_FP_K;
+ break;
}
- if (bInvalidKeyType == INVALIDB_FIXED) {
- // corrupt curve if required for testing
- Util.arrayCopyNonAtomic(EC_FP_B, (short) 0, auxBuffer, (short) 0, (short) EC_FP_B.length);
- auxBuffer[(byte) 10] = (byte) 0xcc;
- auxBuffer[(byte) 11] = (byte) 0xcc;
- ecPubKey.setB(auxBuffer, (short) 0, (short) EC_FP_B.length);
+ case CURVE_secp521r1: {
+ EC_FP_P = EC521_FP_P;
+ EC_A = EC521_FP_A;
+ EC_B = EC521_FP_B;
+ EC_G_X = EC521_FP_G_X;
+ EC_G_Y = EC521_FP_G_Y;
+ EC_R = EC521_FP_R;
+ EC_K = EC521_FP_K;
+ break;
}
- if (bInvalidKeyType == INVALIDB_RANDOM) {
- // corrupt curve if required for testing
- m_random.generateData(auxBuffer, (short) 0, (short) EC_FP_B.length);
- ecPubKey.setB(auxBuffer, (short) 0, (short) EC_FP_B.length);
+ case CURVE_sect163r1: {
+ EC_F2M_F2M = EC163_F2M_F;
+ EC_A = EC163_F2M_A;
+ EC_B = EC163_F2M_B;
+ EC_G_X = EC163_F2M_G_X;
+ EC_G_Y = EC163_F2M_G_Y;
+ EC_R = EC163_F2M_R;
+ EC_K = EC163_F2M_K;
+ break;
}
- ecPrivKey.setB(EC_FP_B, (short) 0, (short) EC_FP_B.length);
-
- ecPubKey.setR(EC_FP_R, (short) 0, (short) EC_FP_R.length);
- ecPrivKey.setR(EC_FP_R, (short) 0, (short) EC_FP_R.length);
+ default:
+ ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
+ }
+ short length = 0;
+ switch (param) {
+ case PARAMETER_FP:
+ if (alg == KeyPair.ALG_EC_FP) {
+ length = Util.arrayCopyNonAtomic(outputBuffer, outputOffset, EC_FP_P, (short) 0, (short) EC_FP_P.length);
+ }
+ break;
+ case PARAMETER_F2M:
+ if (alg == KeyPair.ALG_EC_F2M) {
+ length = Util.arrayCopyNonAtomic(outputBuffer, outputOffset, EC_F2M_F2M, (short) 0, (short) EC_F2M_F2M.length);
+ }
+ break;
+ case PARAMETER_A:
+ length = Util.arrayCopyNonAtomic(outputBuffer, outputOffset, EC_A, (short) 0, (short) EC_A.length);
+ break;
+ case PARAMETER_B:
+ length = Util.arrayCopyNonAtomic(outputBuffer, outputOffset, EC_B, (short) 0, (short) EC_B.length);
+ break;
+ case PARAMETER_G:
+ length = decompressG(outputBuffer, outputOffset, EC_G_X, (short) 0, (short) EC_G_X.length, EC_G_Y, (short) 0, (short) EC_G_Y.length);
+ break;
+ case PARAMETER_R:
+ length = Util.arrayCopyNonAtomic(outputBuffer, outputOffset, EC_R, (short) 0, (short) EC_R.length);
+ break;
+ case PARAMETER_K:
+ length = 2;
+ Util.setShort(outputBuffer, outputOffset, EC_K);
+ break;
+ default:
+ length = -1;
+ }
+ return length;
+ }
- ecPubKey.setK(EC_FP_K);
- ecPrivKey.setK(EC_FP_K);
+ public static short getCorruptCurveParameter(byte curve, byte param, byte[] outputBuffer, short outputOffset, short corruptionType) {
+ short length = getCurveParameter(curve, param, outputBuffer, outputOffset);
+ if (length <= 0) {
+ return length;
}
- if (ecClass == KeyPair.ALG_EC_F2M) {
- // Not supported yet
- ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
+ switch (corruptionType) {
+ case CORRUPTION_NONE:
+ break;
+ case CORRUPTION_FIXED:
+ if (length >= 1) {
+ outputBuffer[outputOffset] = (byte) 0xcc;
+ outputBuffer[(short) (outputOffset + length - 1)] = (byte) 0xcc;
+ }
+ break;
+ case CORRUPTION_FULLRANDOM:
+ m_random.generateData(outputBuffer, outputOffset, length);
+ break;
+ case CORRUPTION_ONEBYTERANDOM:
+ short first = Util.getShort(outputBuffer, (short) 0); // save first two bytes
+
+ m_random.generateData(outputBuffer, (short) 0, (short) 2); // generate position
+ short rngPos = Util.getShort(outputBuffer, (short) 0); // save generated position
+
+ Util.setShort(outputBuffer, (short) 0, first); // restore first two bytes
+
+ if (rngPos < 0) { // make positive
+ rngPos = (short) -rngPos;
+ }
+ rngPos %= length; // make < param length
+
+ byte original = outputBuffer[rngPos];
+ while (original != outputBuffer[rngPos]){
+ m_random.generateData(outputBuffer, rngPos, (short) 1);
+ }
+ break;
+ case CORRUPTION_ZERO:
+ Util.arrayFillNonAtomic(outputBuffer, outputOffset, length, (byte) 0);
+ break;
+ case CORRUPTION_ONE:
+ Util.arrayFillNonAtomic(outputBuffer, outputOffset, length, (byte) 1);
+ break;
+ default:
+ ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
}
-
- }
-/*
- void setFPCurveParams(ECPublicKey ecPubKey, byte[] EC_FP_P, byte[] EC_FP_A, EC_FP_B) {
- ecPubKey.setFieldFP(EC_FP_P, (short) 0, (short) EC_FP_P.length);
- ecPrivKey.setA(EC_FP_A, (short) 0, (short) EC_FP_A.length);
- ecPrivKey.setB(EC_FP_B, (short) 0, (short) EC_FP_B.length);
- ecPrivKey.setG(auxBuffer, (short) 0, gSize);
- ecPrivKey.setR(EC_FP_R, (short) 0, (short) EC_FP_R.length);
- ecPrivKey.setK(EC_FP_K);
+ return length;
+ }
+
+ public static byte getCurveType(byte curve) {
+ return curve <= FP_CURVES ? KeyPair.ALG_EC_FP : KeyPair.ALG_EC_F2M;
+ }
+
+ private static short decompressG(byte[] outputBuffer, short outputOffset, byte[] gx, short gxOffset, short gxLength, byte[] gy, short gyOffset, short gyLength) {
+ short size = 1;
+ size += gxLength;
+ size += gyLength;
+ short offset = outputOffset;
+ offset += 1;
+
+ outputBuffer[offset] = 0x04;
+ offset = Util.arrayCopyNonAtomic(gx, gxOffset, outputBuffer, offset, gxLength);
+ Util.arrayCopyNonAtomic(gy, gyOffset, outputBuffer, offset, gyLength);
+ return size;
}
-
- , ECPrivateKey ecPrivKey ,
-*/
}
diff --git a/src/applets/SimpleECCApplet.java b/src/applets/SimpleECCApplet.java
index 720ee4e..79abd0e 100644
--- a/src/applets/SimpleECCApplet.java
+++ b/src/applets/SimpleECCApplet.java
@@ -6,97 +6,85 @@ package applets;
import javacard.framework.*;
import javacard.security.*;
-import javacardx.crypto.*;
-public class SimpleECCApplet extends javacard.framework.Applet
-{
+import javax.print.attribute.standard.MediaSize;
+
+public class SimpleECCApplet extends javacard.framework.Applet {
// MAIN INSTRUCTION CLASS
- final static byte CLA_SIMPLEECCAPPLET = (byte) 0xB0;
+ final static byte CLA_SIMPLEECCAPPLET = (byte) 0xB0;
// INSTRUCTIONS
- final static byte INS_GENERATEKEY = (byte) 0x5a;
- final static byte INS_ALLOCATEKEYPAIRS = (byte) 0x5b;
-
- final static byte INS_ALLOCATEKEYPAIR = (byte) 0x5c;
- final static byte INS_DERIVEECDHSECRET = (byte) 0x5d;
-
- final static byte INS_TESTECSUPPORTALL_FP = (byte) 0x5e;
- final static byte INS_TESTECSUPPORTALL_F2M = (byte) 0x5f;
- final static byte INS_TESTEC_GENERATEINVALID_FP = (byte) 0x70;
- final static byte INS_TESTECSUPPORT_GIVENALG = (byte) 0x71;
- final static byte INS_TESTEC_LASTUSEDPARAMS = (byte) 0x40;
-
-
-
+ final static byte INS_GENERATEKEY = (byte) 0x5a;
+ final static byte INS_ALLOCATEKEYPAIRS = (byte) 0x5b;
+
+ final static byte INS_ALLOCATEKEYPAIR = (byte) 0x5c;
+ final static byte INS_DERIVEECDHSECRET = (byte) 0x5d;
- final static short ARRAY_LENGTH = (short) 0xff;
- final static byte AES_BLOCK_LENGTH = (short) 0x16;
+ final static byte INS_TESTECSUPPORTALL_FP = (byte) 0x5e;
+ final static byte INS_TESTECSUPPORTALL_F2M = (byte) 0x5f;
+ final static byte INS_TESTEC_GENERATEINVALID_FP = (byte) 0x70;
+ final static byte INS_TESTECSUPPORT_GIVENALG = (byte) 0x71;
+ final static byte INS_TESTEC_LASTUSEDPARAMS = (byte) 0x40;
+
+
+ final static short ARRAY_LENGTH = (short) 0xff;
+ final static byte AES_BLOCK_LENGTH = (short) 0x16;
final static short EC_LENGTH_BITS = KeyBuilder.LENGTH_EC_FP_192;
//final static short EC_LENGTH_BITS = KeyBuilder.LENGTH_EC_FP_160;
//final static short EC_LENGTH_BITS = (short) 256;
-
- public final static byte ECTEST_SEPARATOR = (byte) 0xff;
- public final static byte ECTEST_ALLOCATE_KEYPAIR = (byte) 0xc1;
- public final static byte ECTEST_GENERATE_KEYPAIR_DEFCURVE = (byte) 0xc2;
- public final static byte ECTEST_SET_VALIDCURVE = (byte) 0xc3;
+
+ public final static byte ECTEST_SEPARATOR = (byte) 0xff;
+ public final static byte ECTEST_ALLOCATE_KEYPAIR = (byte) 0xc1;
+ public final static byte ECTEST_GENERATE_KEYPAIR_DEFCURVE = (byte) 0xc2;
+ public final static byte ECTEST_SET_VALIDCURVE = (byte) 0xc3;
public final static byte ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE = (byte) 0xc4;
- public final static byte ECTEST_SET_INVALIDCURVE = (byte) 0xc5;
+ public final static byte ECTEST_SET_INVALIDCURVE = (byte) 0xc5;
public final static byte ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE = (byte) 0xc6;
public final static byte ECTEST_ECDH_AGREEMENT_VALID_POINT = (byte) 0xc7;
public final static byte ECTEST_ECDH_AGREEMENT_INVALID_POINT = (byte) 0xc8;
public final static byte ECTEST_EXECUTED_REPEATS = (byte) 0xc9;
public final static byte ECTEST_DH_GENERATESECRET = (byte) 0xca;
- public final static short FLAG_ECTEST_ALLOCATE_KEYPAIR = (short) 0x0001;
+ public final static short FLAG_ECTEST_ALLOCATE_KEYPAIR = (short) 0x0001;
public final static short FLAG_ECTEST_GENERATE_KEYPAIR_DEFCURVE = (short) 0x0002;
- public final static short FLAG_ECTEST_SET_VALIDCURVE = (short) 0x0004;
+ public final static short FLAG_ECTEST_SET_VALIDCURVE = (short) 0x0004;
public final static short FLAG_ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE = (short) 0x0008;
- public final static short FLAG_ECTEST_SET_INVALIDCURVE = (short) 0x0010;
+ public final static short FLAG_ECTEST_SET_INVALIDCURVE = (short) 0x0010;
public final static short FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE = (short) 0x0020;
public final static short FLAG_ECTEST_ECDH_AGREEMENT_VALID_POINT = (short) 0x0040;
public final static short FLAG_ECTEST_ECDH_AGREEMENT_INVALID_POINT = (short) 0x0080;
-
+
public final static short FLAG_ECTEST_ALL = (short) 0x00ff;
-
- public final static short CORRUPT_B_FULLRANDOM = (short) 0x0001;
- public final static short CORRUPT_B_ONEBYTERANDOM = (short) 0x0002;
- public final static short CORRUPT_B_LASTBYTEINCREMENT = (short) 0x0003;
-
-
-
+
+
public final static short SW_SKIPPED = (short) 0x0ee1;
public final static short SW_KEYPAIR_GENERATED_INVALID = (short) 0x0ee2;
public final static short SW_INVALID_CORRUPTION_TYPE = (short) 0x0ee3;
-/*
+ /*
+ public static final byte[] EC192_FP_PUBLICW = new byte[]{
+ (byte) 0x04, (byte) 0xC9, (byte) 0xC0, (byte) 0xED, (byte) 0xFB, (byte) 0x27,
+ (byte) 0xB7, (byte) 0x1E, (byte) 0xBE, (byte) 0x30, (byte) 0x93, (byte) 0xFC,
+ (byte) 0x4F, (byte) 0x33, (byte) 0x76, (byte) 0x38, (byte) 0xCE, (byte) 0xE0,
+ (byte) 0x2F, (byte) 0x78, (byte) 0xF6, (byte) 0x3C, (byte) 0xEA, (byte) 0x90,
+ (byte) 0x22, (byte) 0x61, (byte) 0x32, (byte) 0x8E, (byte) 0x9F, (byte) 0x03,
+ (byte) 0x8A, (byte) 0xFD, (byte) 0x60, (byte) 0xA0, (byte) 0xCE, (byte) 0x01,
+ (byte) 0x9B, (byte) 0x76, (byte) 0x34, (byte) 0x59, (byte) 0x79, (byte) 0x64,
+ (byte) 0xD7, (byte) 0x79, (byte) 0x8E, (byte) 0x3B, (byte) 0x16, (byte) 0xD5,
+ (byte) 0x15};
+ */
public static final byte[] EC192_FP_PUBLICW = new byte[]{
- (byte) 0x04, (byte) 0xC9, (byte) 0xC0, (byte) 0xED, (byte) 0xFB, (byte) 0x27,
- (byte) 0xB7, (byte) 0x1E, (byte) 0xBE, (byte) 0x30, (byte) 0x93, (byte) 0xFC,
- (byte) 0x4F, (byte) 0x33, (byte) 0x76, (byte) 0x38, (byte) 0xCE, (byte) 0xE0,
- (byte) 0x2F, (byte) 0x78, (byte) 0xF6, (byte) 0x3C, (byte) 0xEA, (byte) 0x90,
- (byte) 0x22, (byte) 0x61, (byte) 0x32, (byte) 0x8E, (byte) 0x9F, (byte) 0x03,
- (byte) 0x8A, (byte) 0xFD, (byte) 0x60, (byte) 0xA0, (byte) 0xCE, (byte) 0x01,
- (byte) 0x9B, (byte) 0x76, (byte) 0x34, (byte) 0x59, (byte) 0x79, (byte) 0x64,
- (byte) 0xD7, (byte) 0x79, (byte) 0x8E, (byte) 0x3B, (byte) 0x16, (byte) 0xD5,
- (byte) 0x15};
- */
- public static final byte[] EC192_FP_PUBLICW = new byte[]{
- (byte) 0x04,
- (byte) 0x9d, (byte) 0x42, (byte) 0x76, (byte) 0x9d, (byte) 0xfd, (byte) 0xbe,
- (byte) 0x11, (byte) 0x3a, (byte) 0x85, (byte) 0x1b, (byte) 0xb6, (byte) 0xb0,
- (byte) 0x1b, (byte) 0x1a, (byte) 0x51, (byte) 0x5d, (byte) 0x89, (byte) 0x3b,
- (byte) 0x5a, (byte) 0xdb, (byte) 0xc1, (byte) 0xf6, (byte) 0x13, (byte) 0x29,
- (byte) 0x74, (byte) 0x74, (byte) 0x9a, (byte) 0xc0, (byte) 0x96, (byte) 0x7a,
- (byte) 0x8f, (byte) 0xf4, (byte) 0xcc, (byte) 0x54, (byte) 0xd9, (byte) 0x31,
- (byte) 0x87, (byte) 0x60, (byte) 0x2d, (byte) 0xd6, (byte) 0x7e, (byte) 0xb3,
- (byte) 0xd2, (byte) 0x29, (byte) 0x70a, (byte) 0xca, (byte) 0x2ca};
-
-
- private KeyPair ecKeyPair = null;
- private KeyPair ecKeyPair128 = null;
- private KeyPair ecKeyPair160 = null;
- private KeyPair ecKeyPair192 = null;
- private KeyPair ecKeyPair256 = null;
+ (byte) 0x04,
+ (byte) 0x9d, (byte) 0x42, (byte) 0x76, (byte) 0x9d, (byte) 0xfd, (byte) 0xbe,
+ (byte) 0x11, (byte) 0x3a, (byte) 0x85, (byte) 0x1b, (byte) 0xb6, (byte) 0xb0,
+ (byte) 0x1b, (byte) 0x1a, (byte) 0x51, (byte) 0x5d, (byte) 0x89, (byte) 0x3b,
+ (byte) 0x5a, (byte) 0xdb, (byte) 0xc1, (byte) 0xf6, (byte) 0x13, (byte) 0x29,
+ (byte) 0x74, (byte) 0x74, (byte) 0x9a, (byte) 0xc0, (byte) 0x96, (byte) 0x7a,
+ (byte) 0x8f, (byte) 0xf4, (byte) 0xcc, (byte) 0x54, (byte) 0xd9, (byte) 0x31,
+ (byte) 0x87, (byte) 0x60, (byte) 0x2d, (byte) 0xd6, (byte) 0x7e, (byte) 0xb3,
+ (byte) 0xd2, (byte) 0x29, (byte) 0x70a, (byte) 0xca, (byte) 0x2ca};
+
+
private ECPublicKey ecPubKey = null;
private ECPublicKey ecPubKey128 = null;
private ECPublicKey ecPubKey160 = null;
@@ -107,56 +95,66 @@ public class SimpleECCApplet extends javacard.framework.Applet
private ECPrivateKey ecPrivKey160 = null;
private ECPrivateKey ecPrivKey192 = null;
private ECPrivateKey ecPrivKey256 = null;
-
+
+ private ECKeyGenerator ecKeyGenerator = null;
+ private ECKeyTester ecKeyTester = null;
+
private KeyAgreement dhKeyAgreement = null;
private RandomData randomData = null;
-
+
// TEMPORARRY ARRAY IN RAM
private byte m_ramArray[] = null;
private byte m_ramArray2[] = null;
// PERSISTENT ARRAY IN EEPROM
- private byte m_dataArray[] = null;
-
- short m_lenB = 0;
+ private byte m_dataArray[] = null;
+
+ short m_lenB = 0;
protected SimpleECCApplet(byte[] buffer, short offset, byte length) {
short dataOffset = offset;
- if(length > 9) {
+ if (length > 9) {
// shift to privilege offset
- dataOffset += (short)( 1 + buffer[offset]);
+ dataOffset += (short) (1 + buffer[offset]);
// finally shift to Application specific offset
- dataOffset += (short)( 1 + buffer[dataOffset]);
+ dataOffset += (short) (1 + buffer[dataOffset]);
// go to proprietary data
dataOffset++;
m_ramArray = JCSystem.makeTransientByteArray(ARRAY_LENGTH, JCSystem.CLEAR_ON_RESET);
m_ramArray2 = JCSystem.makeTransientByteArray(ARRAY_LENGTH, JCSystem.CLEAR_ON_RESET);
-
+
m_dataArray = new byte[ARRAY_LENGTH];
Util.arrayFillNonAtomic(m_dataArray, (short) 0, ARRAY_LENGTH, (byte) 0);
-
+
randomData = RandomData.getInstance(RandomData.ALG_SECURE_RANDOM);
- }
+ EC_Consts.m_random = randomData;
+
+ ecKeyGenerator = new ECKeyGenerator();
+ ecKeyTester = new ECKeyTester();
+ ecKeyTester.allocateECDH();
+ ecKeyTester.allocateECDHC();
+ ecKeyTester.allocateECDSA();
+
+ }
register();
}
public static void install(byte[] bArray, short bOffset, byte bLength) throws ISOException {
// applet instance creation
- new SimpleECCApplet (bArray, bOffset, bLength);
+ new SimpleECCApplet(bArray, bOffset, bLength);
}
public boolean select() {
- return true;
+ return true;
}
public void deselect() {
return;
}
- public void process(APDU apdu) throws ISOException
- {
+ public void process(APDU apdu) throws ISOException {
// get the APDU buffer
byte[] apduBuffer = apdu.getBuffer();
@@ -165,8 +163,8 @@ public class SimpleECCApplet extends javacard.framework.Applet
return;
if (apduBuffer[ISO7816.OFFSET_CLA] == CLA_SIMPLEECCAPPLET) {
- switch ( apduBuffer[ISO7816.OFFSET_INS] ) {
-
+ switch (apduBuffer[ISO7816.OFFSET_INS]) {
+
case INS_TESTECSUPPORT_GIVENALG:
TestEC_SupportGivenLength(apdu);
break;
@@ -177,7 +175,7 @@ public class SimpleECCApplet extends javacard.framework.Applet
TestEC_F2M_SupportAllLengths(apdu);
break;
case INS_ALLOCATEKEYPAIR:
- AllocateKeyPairReturnDefCourve(apdu);
+ AllocateKeyPairReturnDefCurve(apdu);
break;
case INS_DERIVEECDHSECRET:
DeriveECDHSecret(apdu);
@@ -185,7 +183,7 @@ public class SimpleECCApplet extends javacard.framework.Applet
case INS_TESTEC_GENERATEINVALID_FP:
TestEC_FP_GenerateInvalidCurve(apdu);
break;
- case INS_TESTEC_LASTUSEDPARAMS:
+ case INS_TESTEC_LASTUSEDPARAMS:
TestECSupportInvalidCurve_lastUsedParams(apdu);
break;
/*
@@ -195,264 +193,171 @@ public class SimpleECCApplet extends javacard.framework.Applet
case INS_GENERATEKEY:
GenerateKey(apdu);
break;
-*/
- default :
+*/
+ default:
// The INS code is not supported by the dispatcher
- ISOException.throwIt( ISO7816.SW_INS_NOT_SUPPORTED ) ;
- break ;
+ ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
+ break;
}
- }
- else ISOException.throwIt( ISO7816.SW_CLA_NOT_SUPPORTED);
+ } else ISOException.throwIt(ISO7816.SW_CLA_NOT_SUPPORTED);
}
-
+
short TestECSupport(byte keyClass, short keyLen, byte[] buffer, short bufferOffset) {
short baseOffset = bufferOffset;
-
+
short testFlags = FLAG_ECTEST_ALL;
- ecKeyPair = null;
ecPubKey = null;
ecPrivKey = null;
-
- buffer[bufferOffset] = ECTEST_SEPARATOR; bufferOffset++;
- buffer[bufferOffset] = keyClass; bufferOffset++;
- Util.setShort(buffer, bufferOffset, keyLen); bufferOffset += 2;
-
+
+ buffer[bufferOffset] = ECTEST_SEPARATOR;
+ bufferOffset++;
+ buffer[bufferOffset] = keyClass;
+ bufferOffset++;
+ Util.setShort(buffer, bufferOffset, keyLen);
+ bufferOffset += 2;
+
+ short sw;
+
//
// 1. Allocate KeyPair object
//
- buffer[bufferOffset] = ECTEST_ALLOCATE_KEYPAIR; bufferOffset++;
+ buffer[bufferOffset] = ECTEST_ALLOCATE_KEYPAIR;
+ bufferOffset++;
+ sw = SW_SKIPPED;
if ((testFlags & FLAG_ECTEST_ALLOCATE_KEYPAIR) != (short) 0) {
- try {
- ecKeyPair = new KeyPair(keyClass, keyLen);
- Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR); bufferOffset += 2;
- }
- catch (CryptoException e) {
- Util.setShort(buffer, bufferOffset, e.getReason()); bufferOffset += 2;
- testFlags = 0; // Can't continue if keypair was not allocated
- }
- catch (Exception e) {
- Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN);
- bufferOffset += 2;
- testFlags = 0; // Can't continue if keypair was not allocated
+ sw = ecKeyGenerator.allocatePair(keyClass, keyLen);
+
+ if (sw != ISO7816.SW_NO_ERROR) {
+ testFlags = 0; //keyPair allocation failed, cannot continue with tests
}
- } else {
- Util.setShort(buffer, bufferOffset, SW_SKIPPED);
- bufferOffset += 2;
- }
+ }
+ Util.setShort(buffer, bufferOffset, sw);
+ bufferOffset += 2;
+
//
// 2. Test keypair generation without explicit curve (=> default curve preset)
//
buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_DEFCURVE;
bufferOffset++;
+ sw = SW_SKIPPED;
if ((testFlags & FLAG_ECTEST_GENERATE_KEYPAIR_DEFCURVE) != (short) 0) {
- try {
- ecKeyPair.genKeyPair();
- Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR);
- bufferOffset += 2;
- } catch (CryptoException e) {
- Util.setShort(buffer, bufferOffset, e.getReason());
- bufferOffset += 2;
- }
- catch (Exception e) {
- Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN);
- bufferOffset += 2;
- }
- } else {
- Util.setShort(buffer, bufferOffset, SW_SKIPPED);
- bufferOffset += 2;
+ sw = ecKeyGenerator.generatePair();
}
+ Util.setShort(buffer, bufferOffset, sw);
+ bufferOffset += 2;
//
// 3. Set valid custom curve
//
buffer[bufferOffset] = ECTEST_SET_VALIDCURVE;
bufferOffset++;
+ sw = SW_SKIPPED;
if ((testFlags & FLAG_ECTEST_SET_VALIDCURVE) != (short) 0) {
- try {
- ecPubKey = (ECPublicKey) ecKeyPair.getPublic();
- ecPrivKey = (ECPrivateKey) ecKeyPair.getPrivate();
- // Some implementation wil not return valid pub key until ecKeyPair.genKeyPair() is called
- // Other implementation will fail with exception if same is called => try catch
- try {
- if (ecPubKey == null) {
- ecKeyPair.genKeyPair();
- }
- } catch (Exception e) {} // do intentionally nothing
+ sw = ecKeyGenerator.setCustomCurve(keyClass, keyLen, m_ramArray, (short) 0);
- // Initialize curve parameters
- EC_Consts.setValidECKeyParams(ecPubKey, ecPrivKey, keyClass, keyLen, m_ramArray);
- Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR);
- bufferOffset += 2;
- } catch (CryptoException e) {
- Util.setShort(buffer, bufferOffset, e.getReason());
- bufferOffset += 2;
- testFlags &= ~FLAG_ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE; // Don't try generate keypair if valid custom curve was not set
- }
- catch (Exception e) {
- Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN);
- bufferOffset += 2;
- testFlags &= ~FLAG_ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE; // Don't try generate keypair if valid custom curve was not set
+ if (sw != ISO7816.SW_NO_ERROR) {
+ testFlags &= ~FLAG_ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE;
}
- } else {
- Util.setShort(buffer, bufferOffset, SW_SKIPPED);
- bufferOffset += 2;
}
+ Util.setShort(buffer, bufferOffset, sw);
+ bufferOffset += 2;
//
// 4. Generate keypair with custom curve
//
buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE;
bufferOffset++;
+ sw = SW_SKIPPED;
if ((testFlags & FLAG_ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE) != (short) 0) {
- try {
- ecKeyPair.genKeyPair();
- Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR);
- bufferOffset += 2;
- } catch (CryptoException e) {
- Util.setShort(buffer, bufferOffset, e.getReason());
- bufferOffset += 2;
- } catch (Exception e) {
- Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN);
- bufferOffset += 2;
- }
- } else {
- Util.setShort(buffer, bufferOffset, SW_SKIPPED);
- bufferOffset += 2;
+ sw = ecKeyGenerator.generatePair();
}
-
+ Util.setShort(buffer, bufferOffset, sw);
+ bufferOffset += 2;
+
//
// 5. ECDH agreement with valid public key
//
buffer[bufferOffset] = ECTEST_ECDH_AGREEMENT_VALID_POINT;
bufferOffset++;
+ sw = SW_SKIPPED;
if ((testFlags & FLAG_ECTEST_ECDH_AGREEMENT_VALID_POINT) != (short) 0) {
- try {
- // Generate fresh EC keypair
- ecKeyPair.genKeyPair();
- ecPubKey = (ECPublicKey) ecKeyPair.getPublic();
- ecPrivKey = (ECPrivateKey) ecKeyPair.getPrivate();
- if (dhKeyAgreement == null) {
- dhKeyAgreement = KeyAgreement.getInstance(KeyAgreement.ALG_EC_SVDP_DH, false);
- }
- dhKeyAgreement.init(ecPrivKey);
-
- short pubKeyLen = ecPubKey.getW(m_ramArray, (short) 0);
- short secretLen = dhKeyAgreement.generateSecret(m_ramArray, (short) 0, pubKeyLen, m_ramArray2, (short) 0);
-
- Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR);
- bufferOffset += 2;
- } catch (CryptoException e) {
- Util.setShort(buffer, bufferOffset, e.getReason());
- bufferOffset += 2;
- } catch (Exception e) {
- Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN);
- bufferOffset += 2;
+ sw = ecKeyGenerator.generatePair();
+ ecPubKey = ecKeyGenerator.getPublicKey();
+ ecPrivKey = ecKeyGenerator.getPrivateKey();
+ if (sw == ISO7816.SW_NO_ERROR) {
+ sw = ecKeyTester.testECDH_validPoint(ecPrivKey, ecPubKey, m_ramArray, (short) 0, m_ramArray2, (short) 1);
}
- } else {
- Util.setShort(buffer, bufferOffset, SW_SKIPPED);
- bufferOffset += 2;
}
-
+ Util.setShort(buffer, bufferOffset, sw);
+ bufferOffset += 2;
+
//
// 6. ECDH agreement with invalid public key
//
buffer[bufferOffset] = ECTEST_ECDH_AGREEMENT_INVALID_POINT;
bufferOffset++;
+ sw = SW_SKIPPED;
if ((testFlags & FLAG_ECTEST_ECDH_AGREEMENT_INVALID_POINT) != (short) 0) {
- try {
- // Generate fresh EC keypair
- ecKeyPair.genKeyPair();
- ecPubKey = (ECPublicKey) ecKeyPair.getPublic();
- ecPrivKey = (ECPrivateKey) ecKeyPair.getPrivate();
- dhKeyAgreement.init(ecPrivKey);
-
- short pubKeyLen = ecPubKey.getW(m_ramArray, (short) 0);
- m_ramArray[(byte) 10] = (byte) 0xcc; // Corrupt public key
- m_ramArray[(byte) 11] = (byte) 0xcc;
- short secretLen = dhKeyAgreement.generateSecret(m_ramArray, (short) 0, pubKeyLen, m_ramArray2, (short) 0);
-
- Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR);
- bufferOffset += 2;
- } catch (CryptoException e) {
- Util.setShort(buffer, bufferOffset, e.getReason());
- bufferOffset += 2;
- } catch (Exception e) {
- Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN);
- bufferOffset += 2;
+ sw = ecKeyGenerator.generatePair();
+ ecPubKey = ecKeyGenerator.getPublicKey();
+ ecPrivKey = ecKeyGenerator.getPrivateKey();
+ if (sw == ISO7816.SW_NO_ERROR) {
+ sw = ecKeyTester.testECDH_invalidPoint(ecPrivKey, ecPubKey, m_ramArray, (short) 0, m_ramArray2, (short) 1);
}
- } else {
- Util.setShort(buffer, bufferOffset, SW_SKIPPED);
- bufferOffset += 2;
}
-
+ Util.setShort(buffer, bufferOffset, sw);
+ bufferOffset += 2;
+
//
// 7. Set invalid custom curve
//
buffer[bufferOffset] = ECTEST_SET_INVALIDCURVE;
bufferOffset++;
+ sw = SW_SKIPPED;
if ((testFlags & FLAG_ECTEST_SET_INVALIDCURVE) != (short) 0) {
- try {
- // Initialize curve parameters
- EC_Consts.setInValidECKeyParams(ecPubKey, ecPrivKey, keyClass, keyLen, m_ramArray);
- Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR);
- bufferOffset += 2;
- } catch (CryptoException e) {
- Util.setShort(buffer, bufferOffset, e.getReason());
- bufferOffset += 2;
- testFlags &= ~FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE; // Don't try generate keypair if invalid custom curve was not set
- } catch (Exception e) {
- Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN);
- bufferOffset += 2;
- testFlags &= ~FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE; // Don't try generate keypair if invalid custom curve was not set
+ sw = ecKeyGenerator.setCustomInvalidCurve(keyClass, keyLen, ECKeyGenerator.KEY_PUBLIC, EC_Consts.PARAMETER_B, EC_Consts.CORRUPTION_FIXED, m_ramArray, (short) 0);
+
+ if (sw != ISO7816.SW_NO_ERROR) {
+ testFlags &= ~FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE;
}
- } else {
- Util.setShort(buffer, bufferOffset, SW_SKIPPED);
- bufferOffset += 2;
}
-
+ Util.setShort(buffer, bufferOffset, sw);
+ bufferOffset += 2;
+
//
// 8. Generate keypair with invalid custom curve
//
buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE;
bufferOffset++;
+ sw = SW_SKIPPED;
if ((testFlags & FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE) != (short) 0) {
- try {
- ecKeyPair.genKeyPair();
- Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR);
- bufferOffset += 2;
- } catch (CryptoException e) {
- Util.setShort(buffer, bufferOffset, e.getReason());
- bufferOffset += 2;
- } catch (Exception e) {
- Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN);
- bufferOffset += 2;
- }
- } else {
- Util.setShort(buffer, bufferOffset, SW_SKIPPED);
- bufferOffset += 2;
+ sw = ecKeyGenerator.generatePair();
}
+ Util.setShort(buffer, bufferOffset, sw);
+ bufferOffset += 2;
return (short) (bufferOffset - baseOffset);
}
-
+
void TestEC_SupportGivenLength(APDU apdu) {
byte[] apdubuf = apdu.getBuffer();
short len = apdu.setIncomingAndReceive();
short dataOffset = ISO7816.OFFSET_CDATA;
- byte algType = apdubuf[dataOffset]; dataOffset++;
+ byte algType = apdubuf[dataOffset];
+ dataOffset++;
short keyLength = Util.getShort(apdubuf, dataOffset);
dataOffset += 2;
dataOffset = 0;
dataOffset += TestECSupport(algType, keyLength, apdubuf, dataOffset);
-
+
apdu.setOutgoingAndSend((short) 0, dataOffset);
}
-
+
void TestEC_FP_SupportAllLengths(APDU apdu) {
byte[] apdubuf = apdu.getBuffer();
short len = apdu.setIncomingAndReceive();
@@ -468,7 +373,8 @@ public class SimpleECCApplet extends javacard.framework.Applet
dataOffset += TestECSupport(KeyPair.ALG_EC_FP, (short) 521, apdubuf, dataOffset);
apdu.setOutgoingAndSend((short) 0, dataOffset);
- }
+ }
+
void TestEC_F2M_SupportAllLengths(APDU apdu) {
byte[] apdubuf = apdu.getBuffer();
short len = apdu.setIncomingAndReceive();
@@ -479,10 +385,10 @@ public class SimpleECCApplet extends javacard.framework.Applet
dataOffset += TestECSupport(KeyPair.ALG_EC_F2M, (short) 131, apdubuf, dataOffset);
dataOffset += TestECSupport(KeyPair.ALG_EC_F2M, (short) 163, apdubuf, dataOffset);
dataOffset += TestECSupport(KeyPair.ALG_EC_F2M, (short) 193, apdubuf, dataOffset);
-
+
apdu.setOutgoingAndSend((short) 0, dataOffset);
}
-
+
void TestEC_FP_GenerateInvalidCurve(APDU apdu) {
byte[] apdubuf = apdu.getBuffer();
short len = apdu.setIncomingAndReceive();
@@ -494,7 +400,7 @@ public class SimpleECCApplet extends javacard.framework.Applet
offset += 2;
byte bRewindOnSuccess = apdubuf[offset];
offset++;
-
+
short dataOffset = 0;
// FP
@@ -502,13 +408,12 @@ public class SimpleECCApplet extends javacard.framework.Applet
apdu.setOutgoingAndSend((short) 0, dataOffset);
}
-
+
short TestECSupportInvalidCurve(byte keyClass, short keyLen, byte[] buffer, short bufferOffset, short repeats, short corruptionType, byte bRewindOnSuccess) {
short baseOffset = bufferOffset;
short testFlags = FLAG_ECTEST_ALL;
- ecKeyPair = null;
ecPubKey = null;
ecPrivKey = null;
@@ -518,53 +423,38 @@ public class SimpleECCApplet extends javacard.framework.Applet
bufferOffset++;
Util.setShort(buffer, bufferOffset, keyLen);
bufferOffset += 2;
-
+
short numExecutionsOffset = bufferOffset; // num executions to be stored later
bufferOffset += 2;
+ short sw;
+
//
// 1. Allocate KeyPair object
//
buffer[bufferOffset] = ECTEST_ALLOCATE_KEYPAIR;
bufferOffset++;
+ sw = SW_SKIPPED;
if ((testFlags & FLAG_ECTEST_ALLOCATE_KEYPAIR) != (short) 0) {
- try {
- ecKeyPair = new KeyPair(keyClass, keyLen);
- ecPrivKey = (ECPrivateKey) ecKeyPair.getPrivate();
- ecPubKey = (ECPublicKey) ecKeyPair.getPublic();
- // Some implementation wil not return valid pub key until ecKeyPair.genKeyPair() is called
- // Other implementation will fail with exception if same is called => try catch
- try {
- if (ecPubKey == null) {
- ecKeyPair.genKeyPair();
- }
- } catch (Exception e) {
- } // do intentionally nothing
- Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR);
- bufferOffset += 2;
- } catch (CryptoException e) {
- Util.setShort(buffer, bufferOffset, e.getReason());
- bufferOffset += 2;
- testFlags = 0; // Can't continue if keypair was not allocated
- } catch (Exception e) {
- Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN);
- bufferOffset += 2;
- testFlags = 0; // Can't continue if keypair was not allocated
+ sw = ecKeyGenerator.allocatePair(keyClass, keyLen);
+ if (sw == ISO7816.SW_NO_ERROR) {
+ ecPrivKey = ecKeyGenerator.getPrivateKey();
+ ecPubKey = ecKeyGenerator.getPublicKey();
+ } else {
+ testFlags = 0;
}
- } else {
- Util.setShort(buffer, bufferOffset, SW_SKIPPED);
- bufferOffset += 2;
}
+ Util.setShort(buffer, bufferOffset, sw);
+ bufferOffset += 2;
//
// 2. Set invalid custom curve (many times)
//
- EC_Consts.m_random = randomData;
- EC_Consts.setValidECKeyParams(ecPubKey, ecPrivKey, keyClass, keyLen, m_ramArray);
+ sw = ecKeyGenerator.setCustomCurve(keyClass, keyLen, m_ramArray, (short) 0);
+ ecPrivKey = ecKeyGenerator.getPrivateKey();
+ ecPubKey = ecKeyGenerator.getPublicKey();
+
- m_lenB = ecPubKey.getB(m_ramArray, (short) 0); // store valid B
- Util.arrayCopyNonAtomic(m_ramArray, (short) 0, m_ramArray2, (short) 0, m_lenB); // also in m_ramArray2
-
short startOffset = bufferOffset;
short i;
for (i = 0; i < repeats; i++) {
@@ -572,41 +462,27 @@ public class SimpleECCApplet extends javacard.framework.Applet
if (bRewindOnSuccess == 1) {
// if nothing unexpected happened, rewind bufferOffset back again
bufferOffset = startOffset;
- }
-
- // Store valid curve B param
- ecPubKey.getB(m_ramArray, (short) 0); // store valid B
- Util.arrayCopyNonAtomic(m_ramArray, (short) 0, m_ramArray2, (short) 0, m_lenB); // also in m_ramArray2
+ }
// set invalid curve
buffer[bufferOffset] = ECTEST_SET_INVALIDCURVE;
bufferOffset++;
-
- // Supported types of invalid curve:
- // 1. Completely random B
- // 2. Valid B but with one random byte randomly changed
- // 3. Valid B but with last byte incremented
- switch (corruptionType) {
- case CORRUPT_B_FULLRANDOM:
- randomData.generateData(m_ramArray2, (short) 0, m_lenB);
- break;
- case CORRUPT_B_ONEBYTERANDOM:
- // Copy valid B into m_ramArray2
- Util.arrayCopyNonAtomic(m_ramArray, (short) 0, m_ramArray2, (short) 0, m_lenB);
- // Generate random position and one random byte for subsequent change
- // Note - we are using same array m_ramArray2, but in area unsued by stored B
- randomData.generateData(m_ramArray2, m_lenB, (short) 2);
- short rngPos = m_ramArray2[m_lenB]; // random position (within B)
- if (rngPos < 0) { rngPos = (short) -rngPos; } // make it positive
- rngPos %= m_lenB;
- m_ramArray2[rngPos] = m_ramArray2[(short) (m_lenB + 1)]; // set random byte on random position
- // Make sure its not the valid byte again
- if (m_ramArray[rngPos] == m_ramArray2[rngPos]) {
- m_ramArray2[rngPos] += 1; // if yes, just increment
- }
-
- break;
+ // Supported types of invalid curve:
+ // CORRUPTION_NONE = 0x01, valid parameter
+ // CORRUPTION_FIXED = 0x02, first and last byte changed to a fixed value
+ // CORRUPTION_FULLRANDOM = 0x03, completely random parameter data
+ // CORRUPTION_ONEBYTERANDOM = 0x04, one random byte randomly changed
+ // CORRUPTION_ZERO = 0x05, parameter competely zero
+ // CORRUPTION_ONE = 0x06, parameter completely one
+ sw = ecKeyGenerator.setCustomInvalidCurve(keyClass, keyClass, ECKeyGenerator.KEY_PUBLIC, EC_Consts.PARAMETER_B, corruptionType, m_ramArray, (short) 0);
+ Util.setShort(buffer, bufferOffset, sw);
+ bufferOffset += 2;
+ if (sw != ISO7816.SW_NO_ERROR) {
+ // if we reach this line, we are interested in value of B that caused incorrect response
+ break; // stop execution, return B
+ }
+ /* //TODO implement CORRUPT_B_LASTBYTEINCREMENT somehow
case CORRUPT_B_LASTBYTEINCREMENT:
m_ramArray2[(short) (m_lenB - 1)] += 1;
// Make sure its not the valid byte again
@@ -614,101 +490,54 @@ public class SimpleECCApplet extends javacard.framework.Applet
m_ramArray2[(short) (m_lenB - 1)] += 1; // if yes, increment once more
}
break;
- default:
- ISOException.throwIt(SW_INVALID_CORRUPTION_TYPE);
- break;
- }
-
-
- // Set corrupted B parameter
- try {
- ecPubKey.setB(m_ramArray2, (short) 0, m_lenB);
- ecPrivKey.setB(m_ramArray2, (short) 0, m_lenB);
- Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR); // ok if setB itself will not emit exception
- bufferOffset += 2;
- }catch (CryptoException e) {
- Util.setShort(buffer, bufferOffset, e.getReason());
- bufferOffset += 2;
- // if we reach this line, we are interested in value of B that caused incorrect response
- break; // stop execution, return B
- }catch (Exception e) {
- Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN);
- bufferOffset += 2;
- // if we reach this line, we are interested in value of B that caused incorrect response
- break; // stop execution, return B
}
+ */
// Gen key pair with invalid curve
- try {
- buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE;
- bufferOffset++;
- // Should fail
- ecKeyPair.genKeyPair();
+
+ buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE;
+ bufferOffset++;
+ // Should fail
+ sw = ecKeyGenerator.generatePair();
+ Util.setShort(buffer, bufferOffset, sw);
+ bufferOffset += 2;
+
+ if (sw == ISO7816.SW_NO_ERROR) {
// If this line is reached, we generated key pair - what should not happen
- Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR);
- bufferOffset += 2;
-
- // if we reach this line, we are interested in value of B
- try {
- buffer[bufferOffset] = ECTEST_DH_GENERATESECRET;
- bufferOffset++;
- ecPrivKey = (ECPrivateKey) ecKeyPair.getPrivate();
- if (dhKeyAgreement == null) {
- dhKeyAgreement = KeyAgreement.getInstance(KeyAgreement.ALG_EC_SVDP_DH, false);
- }
- dhKeyAgreement.init(ecPrivKey);
- short lenW = ecPubKey.getW(m_ramArray2, (short) 0); // store valid B
- dhKeyAgreement.generateSecret(m_ramArray2, (short) 0, lenW, m_ramArray, (short) 0);
- } catch (CryptoException e) {
- Util.setShort(buffer, bufferOffset, e.getReason());
- bufferOffset += 2;
- } catch (Exception e) {
- Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN);
- bufferOffset += 2;
- }
-
- break; // stop execution, return B
- } catch (CryptoException e) {
- Util.setShort(buffer, bufferOffset, e.getReason());
- bufferOffset += 2;
- } catch (Exception e) {
- Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN);
+ buffer[bufferOffset] = ECTEST_DH_GENERATESECRET;
+ bufferOffset++;
+
+ ecPrivKey = ecKeyGenerator.getPrivateKey();
+ ecPubKey = ecKeyGenerator.getPublicKey();
+
+ sw = ecKeyTester.testECDH_validPoint(ecPrivKey, ecPubKey, m_ramArray, (short) 0, m_ramArray2, (short) 0);
+ Util.setShort(buffer, bufferOffset, sw);
bufferOffset += 2;
+ break; //stop execution, return B
}
-
- //
+
// Generate keypair with valid curve - to check that whole engine is not somehow blocked
// after previous attempt with invalid curve
//
// set valid curve
buffer[bufferOffset] = ECTEST_SET_VALIDCURVE;
bufferOffset++;
- EC_Consts.setValidECKeyParams(ecPubKey, ecPrivKey, keyClass, keyLen, m_ramArray);
-
- Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR);
+ sw = ecKeyGenerator.setCustomCurve(keyClass, keyLen, m_ramArray, (short) 0);
+
+ Util.setShort(buffer, bufferOffset, sw);
bufferOffset += 2;
// Gen key pair with valid curve
- try {
- buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE;
- bufferOffset++;
- // Should succeed
- ecKeyPair.genKeyPair();
- // If this line is reached, we generated valid key pair (expected)
- Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR);
- bufferOffset += 2;
- } catch (CryptoException e) {
- Util.setShort(buffer, bufferOffset, e.getReason());
- bufferOffset += 2;
- // if we reach this line, we are interested in value of B that caused incorrect response
- break; // stop execution, return B
- } catch (Exception e) {
- Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN);
- bufferOffset += 2;
- // if we reach this line, we are interested in value of B that caused incorrect response
- break; // stop execution, return B
+ buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE;
+ bufferOffset++;
+
+ sw = ecKeyGenerator.generatePair();
+ Util.setShort(buffer, bufferOffset, sw);
+ bufferOffset += 2;
+ if (sw != ISO7816.SW_NO_ERROR) {
+ break;
}
-
+
// If we reach this line => everything was as expected
// Rewind offset in array back (no storage of info about expected runs)
// bufferOffset = startOffset; done at beginning
@@ -717,76 +546,64 @@ public class SimpleECCApplet extends javacard.framework.Applet
bufferOffset += 2;
}
}
-
+
// Set number of executed repeats
Util.setShort(buffer, numExecutionsOffset, i);
-
+
return (short) (bufferOffset - baseOffset);
}
-
+
void TestECSupportInvalidCurve_lastUsedParams(APDU apdu) {
byte[] apdubuf = apdu.getBuffer();
apdu.setIncomingAndReceive();
-
+
short offset = 0;
Util.arrayCopyNonAtomic(m_ramArray2, (short) 0, apdubuf, offset, m_lenB);
offset += m_lenB;
-
+
apdu.setOutgoingAndSend((short) 0, offset);
}
-
- void AllocateKeyPairReturnDefCourve(APDU apdu) {
+
+ void AllocateKeyPairReturnDefCurve(APDU apdu) {
byte[] apdubuf = apdu.getBuffer();
apdu.setIncomingAndReceive();
short bitLen = Util.getShort(apdubuf, ISO7816.OFFSET_CDATA);
- // Note: all locations shoudl happen in constructor. But here it is intentional
+ // Note: all locations should happen in constructor. But here it is intentional
// as we like to test for result of allocation
- ecKeyPair = new KeyPair(KeyPair.ALG_EC_FP, bitLen);
+ ecKeyGenerator.allocatePair(KeyPair.ALG_EC_FP, bitLen);
// If required, generate also new key pair
if (apdubuf[ISO7816.OFFSET_P1] == (byte) 1) {
- ecPubKey = (ECPublicKey) ecKeyPair.getPublic();
- ecPrivKey = (ECPrivateKey) ecKeyPair.getPrivate();
- // Some implementation wil not return valid pub key until ecKeyPair.genKeyPair() is called
- // Other implementation will fail with exception if same is called => try catch
- try {
- if (ecPubKey == null) {
- ecKeyPair.genKeyPair();
- }
- } catch (Exception e) {
- } // do nothing
// If required, initialize curve parameters first
if (apdubuf[ISO7816.OFFSET_P2] == (byte) 2) {
- EC_Consts.setValidECKeyParams(ecPubKey, ecPrivKey, KeyPair.ALG_EC_FP, bitLen, m_ramArray);
+ ecKeyGenerator.setCustomCurve(KeyPair.ALG_EC_FP, bitLen, m_ramArray, (short) 0);
}
// Now generate new keypair with either default or custom curve
- ecKeyPair.genKeyPair();
- ecPubKey = (ECPublicKey) ecKeyPair.getPublic();
- ecPrivKey = (ECPrivateKey) ecKeyPair.getPrivate();
+ ecKeyGenerator.generatePair();
- short len = 0;
+ short len;
short offset = 0;
// Export curve public parameters
offset += 2; // reserve space for length
- len = ecPubKey.getField(apdubuf, offset);
+ len = ecKeyGenerator.exportParameter(ECKeyGenerator.KEY_PUBLIC, EC_Consts.PARAMETER_FP, apdubuf, offset);
Util.setShort(apdubuf, (short) (offset - 2), len);
offset += len;
offset += 2; // reserve space for length
- len = ecPubKey.getA(apdubuf, offset);
+ len = ecKeyGenerator.exportParameter(ECKeyGenerator.KEY_PUBLIC, EC_Consts.PARAMETER_A, apdubuf, offset);
Util.setShort(apdubuf, (short) (offset - 2), len);
offset += len;
offset += 2; // reserve space for length
- len = ecPubKey.getB(apdubuf, offset);
+ len = ecKeyGenerator.exportParameter(ECKeyGenerator.KEY_PUBLIC, EC_Consts.PARAMETER_B, apdubuf, offset);
Util.setShort(apdubuf, (short) (offset - 2), len);
offset += len;
offset += 2; // reserve space for length
- len = ecPubKey.getR(apdubuf, offset);
+ len = ecKeyGenerator.exportParameter(ECKeyGenerator.KEY_PUBLIC, EC_Consts.PARAMETER_R, apdubuf, offset);
Util.setShort(apdubuf, (short) (offset - 2), len);
offset += len;
/*
@@ -812,8 +629,8 @@ public class SimpleECCApplet extends javacard.framework.Applet
}
// Generate fresh EC keypair
- ecKeyPair.genKeyPair();
- ecPrivKey = (ECPrivateKey) ecKeyPair.getPrivate();
+ ecKeyGenerator.generatePair();
+ ecPrivKey = ecKeyGenerator.getPrivateKey();
if (dhKeyAgreement == null) {
dhKeyAgreement = KeyAgreement.getInstance(KeyAgreement.ALG_EC_SVDP_DH, false);
@@ -826,22 +643,6 @@ public class SimpleECCApplet extends javacard.framework.Applet
apdu.setOutgoingAndSend((short) 0, secretLen);
}
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
/*
void AllocateKeyPair(byte algorithm, short bitLen) {
@@ -913,6 +714,6 @@ public class SimpleECCApplet extends javacard.framework.Applet
apdu.setOutgoingAndSend((short) 0, offset);
}
-*/
+*/
}
generated by cgit v1.2.3-70-g09d2 (git 2.51.2) at 2025-11-08 22:40:11 +0000