author: J08nY 2017-03-22 21:31:04 +0100
committer: J08nY 2017-03-22 21:31:04 +0100
commit: 930541a5e0dff04438318b7de8a28e2467c9ea9f (patch)
tree: 63add6dad1e5da4074fbe52d08bb4f0fb20edcd5 /src
parent: 62ad8d7ca9d95d62a78b66ac12ac467c19d63bb0 (diff)
download: ECTester-930541a5e0dff04438318b7de8a28e2467c9ea9f.tar.gz
ECTester-930541a5e0dff04438318b7de8a28e2467c9ea9f.tar.zst
ECTester-930541a5e0dff04438318b7de8a28e2467c9ea9f.zip
5 files changed, 47 insertions, 13 deletions
diff --git a/src/cz/crcs/ectester/applet/ECKeyGenerator.java b/src/cz/crcs/ectester/applet/ECKeyGenerator.java
index bd4b8c4..da6142f 100644
--- a/src/cz/crcs/ectester/applet/ECKeyGenerator.java
+++ b/src/cz/crcs/ectester/applet/ECKeyGenerator.java
@@ -137,7 +137,7 @@ public class ECKeyGenerator {
             short masked = (short) (paramMask & corruptParams);
             if (masked != 0) {
                 short length = exportParameter(keypair, key, masked, buffer, offset);
-                EC_Consts.corruptParameter(corruption, buffer, offset, length);
+                length = EC_Consts.corruptParameter(corruption, buffer, offset, length);
                 sw = setParameter(keypair, key, masked, buffer, offset, length);
                 if (sw != ISO7816.SW_NO_ERROR) break;
             }
diff --git a/src/cz/crcs/ectester/applet/ECKeyTester.java b/src/cz/crcs/ectester/applet/ECKeyTester.java
index a00b47d..89fd617 100644
--- a/src/cz/crcs/ectester/applet/ECKeyTester.java
+++ b/src/cz/crcs/ectester/applet/ECKeyTester.java
@@ -77,7 +77,7 @@ public class ECKeyTester {
      **/
     public short testECDH(ECPrivateKey privateKey, ECPublicKey publicKey, byte[] pubkeyBuffer, short pubkeyOffset, byte[] outputBuffer, short outputOffset, byte corruption) {
         short length = publicKey.getW(pubkeyBuffer, pubkeyOffset);
-        EC_Consts.corruptParameter(corruption, pubkeyBuffer, pubkeyOffset, length);
+        length = EC_Consts.corruptParameter(corruption, pubkeyBuffer, pubkeyOffset, length);
         return testKA(ecdhKeyAgreement, privateKey, pubkeyBuffer, pubkeyOffset, length, outputBuffer, outputOffset);
     }
 
@@ -98,7 +98,7 @@ public class ECKeyTester {
      */
     public short testECDHC(ECPrivateKey privateKey, ECPublicKey publicKey, byte[] pubkeyBuffer, short pubkeyOffset, byte[] outputBuffer, short outputOffset, byte corruption) {
         short length = publicKey.getW(pubkeyBuffer, pubkeyOffset);
-        EC_Consts.corruptParameter(corruption, pubkeyBuffer, pubkeyOffset, length);
+        length = EC_Consts.corruptParameter(corruption, pubkeyBuffer, pubkeyOffset, length);
         return testKA(ecdhcKeyAgreement, privateKey, pubkeyBuffer, pubkeyOffset, length, outputBuffer, outputOffset);
     }
 
diff --git a/src/cz/crcs/ectester/applet/EC_Consts.java b/src/cz/crcs/ectester/applet/EC_Consts.java
index 89cd8c9..64f8dca 100644
--- a/src/cz/crcs/ectester/applet/EC_Consts.java
+++ b/src/cz/crcs/ectester/applet/EC_Consts.java
@@ -949,7 +949,12 @@ public class EC_Consts {
     public static final byte CORRUPTION_ONE = (byte) 0x05;
     public static final byte CORRUPTION_MAX = (byte) 0x06;
     public static final byte CORRUPTION_INCREMENT = (byte) 0x07;
+    public static final byte CORRUPTION_INFINITY = (byte) 0x08;
 
+    // toX962 FORM types
+    public static final byte X962_UNCOMPRESSED = (byte) 0x00;
+    public static final byte X962_COMPRESSED = (byte) 0x01;
+    public static final byte X962_HYBRID = (byte) 0x02;
 
     // Supported embedded curves, getCurveParameter
     public static final byte CURVE_default = (byte) 0;
@@ -1198,7 +1203,7 @@ public class EC_Consts {
                 length = Util.arrayCopyNonAtomic(EC_B, (short) 0, outputBuffer, outputOffset, (short) EC_B.length);
                 break;
             case PARAMETER_G:
-                length = toX962(outputBuffer, outputOffset, EC_G_X, (short) 0, (short) EC_G_X.length, EC_G_Y, (short) 0, (short) EC_G_Y.length);
+                length = toX962(X962_UNCOMPRESSED, outputBuffer, outputOffset, EC_G_X, (short) 0, (short) EC_G_X.length, EC_G_Y, (short) 0, (short) EC_G_Y.length);
                 break;
             case PARAMETER_R:
                 length = Util.arrayCopyNonAtomic(EC_R, (short) 0, outputBuffer, outputOffset, (short) EC_R.length);
@@ -1211,7 +1216,7 @@ public class EC_Consts {
                 if (EC_W_X == null || EC_W_Y == null) {
                     return 0;
                 }
-                length = toX962(outputBuffer, outputOffset, EC_W_X, (short) 0, (short) EC_W_X.length, EC_W_Y, (short) 0, (short) EC_W_Y.length);
+                length = toX962(X962_UNCOMPRESSED, outputBuffer, outputOffset, EC_W_X, (short) 0, (short) EC_W_X.length, EC_W_Y, (short) 0, (short) EC_W_Y.length);
                 break;
             case PARAMETER_S:
                 if (EC_S == null) {
@@ -1225,7 +1230,7 @@ public class EC_Consts {
         return length;
     }
 
-    public static void corruptParameter(byte corruption, byte[] buffer, short offset, short length) {
+    public static short corruptParameter(byte corruption, byte[] buffer, short offset, short length) {
         switch (corruption) {
             case CORRUPTION_NONE:
                 break;
@@ -1274,26 +1279,52 @@ public class EC_Consts {
                     buffer[index--] = ++value;
                 } while (value == (byte) 0 && index >= offset);
                 break;
+            case CORRUPTION_INFINITY:
+                Util.arrayFillNonAtomic(buffer, offset, length, (byte) 0);
+                return 1;
             default:
                 ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
         }
+
+        return length;
     }
 
     public static byte getCurveType(byte curve) {
         return curve <= FP_CURVES ? KeyPair.ALG_EC_FP : KeyPair.ALG_EC_F2M;
     }
 
-    public static short toX962(byte[] outputBuffer, short outputOffset, byte[] xBuffer, short xOffset, short xLength, byte[] yBuffer, short yOffset, short yLength) {
+    public static short toX962(byte form, byte[] outputBuffer, short outputOffset, byte[] xBuffer, short xOffset, short xLength, byte[] yBuffer, short yOffset, short yLength) {
         short size = 1;
         size += xLength;
-        size += yLength;
 
         short offset = outputOffset;
-        outputBuffer[offset] = 0x04;
+        switch (form) {
+            case X962_UNCOMPRESSED:
+                outputBuffer[offset] = 0x04;
+                break;
+            case X962_COMPRESSED:
+                byte yLSB = yBuffer[(short) (yOffset + yLength)];
+                byte yBit = (byte) (yLSB & 0x01);
+
+                if (yBit == 1) {
+                    outputBuffer[offset] = 3;
+                } else {
+                    outputBuffer[offset] = 2;
+                }
+            case X962_HYBRID:
+                outputBuffer[offset] += 4;
+                break;
+            default:
+                ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
+        }
         offset += 1;
 
         offset = Util.arrayCopyNonAtomic(xBuffer, xOffset, outputBuffer, offset, xLength);
-        Util.arrayCopyNonAtomic(yBuffer, yOffset, outputBuffer, offset, yLength);
+        if (form == X962_HYBRID || form == X962_UNCOMPRESSED) {
+            Util.arrayCopyNonAtomic(yBuffer, yOffset, outputBuffer, offset, yLength);
+            size += yLength;
+        }
+
         return size;
     }
 
diff --git a/src/cz/crcs/ectester/reader/ECTester.java b/src/cz/crcs/ectester/reader/ECTester.java
index f70c119..e14bb38 100644
--- a/src/cz/crcs/ectester/reader/ECTester.java
+++ b/src/cz/crcs/ectester/reader/ECTester.java
@@ -256,15 +256,15 @@ public class ECTester {
         size.addOption(Option.builder("a").longOpt("all").desc("Test all curve sizes.").build());
         opts.addOptionGroup(size);
 
+        opts.addOption(Option.builder("fp").longOpt("prime-field").desc("Use a prime field.").build());
+        opts.addOption(Option.builder("f2m").longOpt("binary-field").desc("Use a binary field.").build());
+
         OptionGroup curve = new OptionGroup();
         curve.addOption(Option.builder("nc").longOpt("named-curve").desc("Use a named curve, from CurveDB: <cat/id>").hasArg().argName("cat/id").build());
         curve.addOption(Option.builder("c").longOpt("curve").desc("Use curve from file <curve_file> (field,a,b,gx,gy,r,k).").hasArg().argName("curve_file").build());
         curve.addOption(Option.builder("u").longOpt("custom").desc("Use a custom curve (applet-side embedded, SECG curves).").build());
         opts.addOptionGroup(curve);
 
-        opts.addOption(Option.builder("fp").longOpt("prime-field").desc("Use prime field curve.").build());
-        opts.addOption(Option.builder("f2m").longOpt("binary-field").desc("Use binary field curve.").build());
-
         OptionGroup pub = new OptionGroup();
         pub.addOption(Option.builder("npub").longOpt("named-public").desc("Use public key from KeyDB: <cat/id>").hasArg().argName("cat/id").build());
         pub.addOption(Option.builder("pub").longOpt("public").desc("Use public key from file <pubkey_file> (wx,wy).").hasArg().argName("pubkey_file").build());
diff --git a/src/cz/crcs/ectester/reader/Util.java b/src/cz/crcs/ectester/reader/Util.java
index 489de44..41a7821 100644
--- a/src/cz/crcs/ectester/reader/Util.java
+++ b/src/cz/crcs/ectester/reader/Util.java
@@ -225,6 +225,9 @@ public class Util {
             case EC_Consts.CORRUPTION_INCREMENT:
                 corrupt = "INCREMENT";
                 break;
+            case EC_Consts.CORRUPTION_INFINITY:
+                corrupt = "INFINITY";
+                break;
             default:
                 corrupt = "UNKNOWN";
                 break;
author	J08nY	2017-03-22 21:31:04 +0100
committer	J08nY	2017-03-22 21:31:04 +0100
commit	930541a5e0dff04438318b7de8a28e2467c9ea9f (patch)
tree	63add6dad1e5da4074fbe52d08bb4f0fb20edcd5 /src
parent	62ad8d7ca9d95d62a78b66ac12ac467c19d63bb0 (diff)
download	ECTester-930541a5e0dff04438318b7de8a28e2467c9ea9f.tar.gz ECTester-930541a5e0dff04438318b7de8a28e2467c9ea9f.tar.zst ECTester-930541a5e0dff04438318b7de8a28e2467c9ea9f.zip