6 files changed, 37 insertions, 39 deletions

diff --git a/src/cz/crcs/ectester/common/ec/EC_Category.java b/src/cz/crcs/ectester/common/ec/EC_Category.java
index 1eb818f..154403e 100644
--- a/src/cz/crcs/ectester/common/ec/EC_Category.java
+++ b/src/cz/crcs/ectester/common/ec/EC_Category.java
@@ -2,10 +2,8 @@ package cz.crcs.ectester.common.ec;
 
 import cz.crcs.ectester.common.cli.Colors;
 
-import java.util.Collections;
-import java.util.Map;
-import java.util.Objects;
-import java.util.TreeMap;
+import java.util.*;
+import java.util.stream.Collectors;
 
 /**
  * A category of EC_Data objects, has a name, description and represents a directory in
@@ -78,28 +76,17 @@ public class EC_Category {
         out.append("\t- ").append(Colors.bold(name)).append((desc == null || desc.equals("")) ? "" : ": " + desc);
         out.append(System.lineSeparator());
 
-        Map<String, EC_Curve> curves = getObjects(EC_Curve.class);
-        int size = curves.size();
-        if (size > 0) {
-            out.append(Colors.bold("\t\tCurves: "));
-            for (Map.Entry<String, EC_Curve> curve : curves.entrySet()) {
-                out.append(curve.getKey());
-                size--;
-                if (size > 0)
-                    out.append(", ");
-            }
-            out.append(System.lineSeparator());
-        }
-
-        String[] headers = new String[]{"Public keys", "Private keys", "KeyPairs", "Results(KA)", "Results(SIG)"};
-        Class<EC_Data>[] classes = new Class[]{EC_Key.Public.class, EC_Key.Private.class, EC_Keypair.class, EC_KAResult.class, EC_SigResult.class};
+        String[] headers = new String[]{"Curves", "Public keys", "Private keys", "KeyPairs", "Results(KA)", "Results(SIG)"};
+        Class<EC_Data>[] classes = new Class[]{EC_Curve.class, EC_Key.Public.class, EC_Key.Private.class, EC_Keypair.class, EC_KAResult.class, EC_SigResult.class};
         for (int i = 0; i < headers.length; ++i) {
             Map<String, EC_Data> data = getObjects(classes[i]);
-            size = data.size();
+            int size = data.size();
             if (size > 0) {
                 out.append(Colors.bold(String.format("\t\t%s: ", headers[i])));
-                for (Map.Entry<String, EC_Data> key : data.entrySet()) {
-                    out.append(key.getKey());
+                List<EC_Data> sorted = new ArrayList<>(data.values());
+                Collections.sort(sorted);
+                for (EC_Data element : sorted) {
+                    out.append(element.getId());
                     size--;
                     if (size > 0)
                         out.append(", ");
diff --git a/src/cz/crcs/ectester/common/ec/EC_Curve.java b/src/cz/crcs/ectester/common/ec/EC_Curve.java
index 2672b8a..d5d1516 100644
--- a/src/cz/crcs/ectester/common/ec/EC_Curve.java
+++ b/src/cz/crcs/ectester/common/ec/EC_Curve.java
@@ -65,7 +65,12 @@ public class EC_Curve extends EC_Params {
             int e1 = ByteUtil.getShort(fieldData[1], 0);
             int e2 = ByteUtil.getShort(fieldData[2], 0);
             int e3 = ByteUtil.getShort(fieldData[3], 0);
-            int[] powers = new int[]{e1, e2, e3};
+            int[] powers;
+            if (e2 == 0 && e3 == 0) {
+                powers = new int[]{e1};
+            } else {
+                powers = new int[]{e1, e2, e3};
+            }
             field = new ECFieldF2m(m, powers);
         }
 
diff --git a/src/cz/crcs/ectester/common/output/BaseTextTestWriter.java b/src/cz/crcs/ectester/common/output/BaseTextTestWriter.java
index 8ad50c7..5c449db 100644
--- a/src/cz/crcs/ectester/common/output/BaseTextTestWriter.java
+++ b/src/cz/crcs/ectester/common/output/BaseTextTestWriter.java
@@ -123,11 +123,12 @@ public abstract class BaseTextTestWriter implements TestWriter {
 
     private String errorString(Throwable error) {
         StringBuilder sb = new StringBuilder();
+        sb.append("═══ Exception: ═══").append(System.lineSeparator());
         for (Throwable t = error; t != null; t = t.getCause()) {
             sb.append("═══ ").append(t.toString()).append(" ═══");
             sb.append(System.lineSeparator());
         }
-        sb.append("═══ ═══").append(System.lineSeparator());
+        sb.append("═══ Stack trace: ═══").append(System.lineSeparator());
         for (StackTraceElement s : error.getStackTrace()) {
             sb.append("═══ ").append(s.toString()).append(" ═══");
             sb.append(System.lineSeparator());
diff --git a/src/cz/crcs/ectester/common/util/ECUtil.java b/src/cz/crcs/ectester/common/util/ECUtil.java
index a7aff10..9b0949d 100644
--- a/src/cz/crcs/ectester/common/util/ECUtil.java
+++ b/src/cz/crcs/ectester/common/util/ECUtil.java
@@ -248,6 +248,9 @@ public class ECUtil {
         if (ecCurve.getField() instanceof ECFieldFp) {
             ECFieldFp fp = (ECFieldFp) ecCurve.getField();
             p = fp.getP();
+            if (!p.isProbablePrime(20)) {
+                return null;
+            }
         } else {
             //TODO
             return null;
@@ -275,6 +278,9 @@ public class ECUtil {
         if (ecCurve.getField() instanceof ECFieldFp) {
             ECFieldFp fp = (ECFieldFp) ecCurve.getField();
             p = fp.getP();
+            if (!p.isProbablePrime(20)) {
+                return null;
+            }
         } else {
             //TODO
             return null;
diff --git a/src/cz/crcs/ectester/reader/test/CardCompositeSuite.java b/src/cz/crcs/ectester/reader/test/CardCompositeSuite.java
index 1a8d093..0076e3d 100644
--- a/src/cz/crcs/ectester/reader/test/CardCompositeSuite.java
+++ b/src/cz/crcs/ectester/reader/test/CardCompositeSuite.java
@@ -31,12 +31,6 @@ public class CardCompositeSuite extends CardTestSuite {
 
     @Override
     protected void runTests() throws Exception {
-        /* Do the default run with the public keys set to provided smallorder keys
-         * over composite order curves. Essentially small subgroup attacks.
-         * These should fail, the curves aren't safe so that if the computation with
-         * a small order public key succeeds the private key modulo the public key order
-         * is revealed.
-         */
         Map<String, EC_Key> keys = EC_Store.getInstance().getObjects(EC_Key.class, "composite");
         Map<EC_Curve, List<EC_Key>> mappedKeys = EC_Store.mapKeyToCurve(keys.values());
         for (Map.Entry<EC_Curve, List<EC_Key>> curveKeys : mappedKeys.entrySet()) {
@@ -52,9 +46,9 @@ public class CardCompositeSuite extends CardTestSuite {
 
             String name;
             if (cfg.testOptions.contains("preset")) {
-                name = "preset semi-random key";
+                name = "preset semi-random private key";
             } else {
-                name = "generated key";
+                name = "generated private key";
             }
             tests.add(genOrPreset(curve, ExpectedValue.ANY, ECTesterApplet.KEYPAIR_LOCAL));
             for (EC_Key key : curveKeys.getValue()) {
@@ -103,9 +97,9 @@ public class CardCompositeSuite extends CardTestSuite {
         for (EC_Curve curve : curves) {
             Test allocate = CommandTest.expect(new Command.Allocate(this.card, ECTesterApplet.KEYPAIR_BOTH, curve.getBits(), curve.getField()), ExpectedValue.SUCCESS);
             Test set = CommandTest.expect(new Command.Set(this.card, ECTesterApplet.KEYPAIR_BOTH, EC_Consts.CURVE_external, curve.getParams(), curve.flatten()), ExpectedValue.ANY);
-            Test generate = CommandTest.expect(new Command.Generate(this.card, ECTesterApplet.KEYPAIR_BOTH), ExpectedValue.ANY);
-            Test ecdh = CommandTest.expect(new Command.ECDH(this.card, ECTesterApplet.KEYPAIR_LOCAL, ECTesterApplet.KEYPAIR_REMOTE, ECTesterApplet.EXPORT_FALSE, EC_Consts.TRANSFORMATION_NONE, EC_Consts.KeyAgreement_ALG_EC_SVDP_DH), dhValue, ok, nok);
-            Test ecdsa = CommandTest.expect(new Command.ECDSA(this.card, ECTesterApplet.KEYPAIR_LOCAL, EC_Consts.Signature_ALG_ECDSA_SHA, ECTesterApplet.EXPORT_FALSE, null), dhValue, ok, nok);
+            Test generate = genOrPreset(curve, ExpectedValue.ANY, ECTesterApplet.KEYPAIR_BOTH);
+            Test ecdh = CommandTest.expect(new Command.ECDH(this.card, ECTesterApplet.KEYPAIR_REMOTE, ECTesterApplet.KEYPAIR_LOCAL, ECTesterApplet.EXPORT_FALSE, EC_Consts.TRANSFORMATION_NONE, EC_Consts.KeyAgreement_ALG_EC_SVDP_DH), dhValue, ok, nok);
+            Test ecdsa = CommandTest.expect(new Command.ECDSA_sign(this.card, ECTesterApplet.KEYPAIR_LOCAL, EC_Consts.Signature_ALG_ECDSA_SHA, ECTesterApplet.EXPORT_FALSE, null), dhValue, ok, nok);
 
             String description;
             if (testName == null) {
diff --git a/src/cz/crcs/ectester/reader/test/CardWrongSuite.java b/src/cz/crcs/ectester/reader/test/CardWrongSuite.java
index 1db8126..e1dbbe3 100644
--- a/src/cz/crcs/ectester/reader/test/CardWrongSuite.java
+++ b/src/cz/crcs/ectester/reader/test/CardWrongSuite.java
@@ -31,7 +31,7 @@ import static cz.crcs.ectester.common.test.Result.ExpectedValue;
 public class CardWrongSuite extends CardTestSuite {
 
     public CardWrongSuite(TestWriter writer, ECTesterReader.Config cfg, CardMngr cardManager) {
-        super(writer, cfg, cardManager, "wrong", null, "The wrong curve suite tests whether the card rejects domain parameters which are not curves.");
+        super(writer, cfg, cardManager, "wrong", new String[]{"preset"}, "The wrong curve suite tests whether the card rejects domain parameters which are not curves.");
     }
 
     @Override
@@ -117,8 +117,13 @@ public class CardWrongSuite extends CardTestSuite {
             Test zeroG = ecdhTest(new Command.Transform(this.card, ECTesterApplet.KEYPAIR_BOTH, EC_Consts.KEY_BOTH, EC_Consts.PARAMETER_G, EC_Consts.TRANSFORMATION_INFINITY), "Set G = inifnity.", "ECDH with G = infinity.");
             Test wrongG = CompoundTest.all(ExpectedValue.SUCCESS, "Tests with corrupted G parameter.", randomG, fullRandomG, zeroG);
 
-            byte[] originalR = new byte[keyLength];
-            EC_Consts.getCurveParameter(curve, EC_Consts.PARAMETER_R, originalR, (short) 0);
+            byte[] originalR = new byte[((keyLength + 7) / 8) + 1];
+            short origRlen = EC_Consts.getCurveParameter(curve, EC_Consts.PARAMETER_R, originalR, (short) 0);
+            if (origRlen != originalR.length) {
+                byte[] copyR = new byte[origRlen];
+                System.arraycopy(originalR, 0, copyR, 0, origRlen);
+                originalR = copyR;
+            }
             BigInteger originalBigR = new BigInteger(1, originalR);
 
             Test zeroR = ecdhTest(new Command.Transform(this.card, ECTesterApplet.KEYPAIR_BOTH, EC_Consts.CURVE_external, EC_Consts.PARAMETER_R, EC_Consts.TRANSFORMATION_ZERO), "Set R = 0.", "ECDH with R = 0.");
@@ -138,7 +143,7 @@ public class CardWrongSuite extends CardTestSuite {
             Test nextprimeWrongR = ecdhTest(new Command.Set(this.card, ECTesterApplet.KEYPAIR_BOTH, EC_Consts.CURVE_external, nextRData.getParams(), nextRData.flatten()), "Set R = some prime (but [r]G != infinity) larger than original R.", "ECDH with wrong R, nextprime.");
 
             byte[] nonprimeRBytes = nextRBytes.clone();
-            nonprimeRBytes[0] ^= 1;
+            nonprimeRBytes[nonprimeRBytes.length - 1] ^= 1;
             EC_Params nonprimeWrongRData = new EC_Params(EC_Consts.PARAMETER_R, new byte[][]{nonprimeRBytes});
             Test nonprimeWrongR = ecdhTest(new Command.Set(this.card, ECTesterApplet.KEYPAIR_BOTH, EC_Consts.CURVE_external, nonprimeWrongRData.getParams(), nonprimeWrongRData.flatten()), "Set R = some composite (but [r]G != infinity).", "ECDH with wrong R, composite.");