author: J08nY 2016-11-28 22:34:50 +0100
committer: J08nY 2016-11-28 22:35:48 +0100
commit: f4b67923063ca35ae1405d701b461bfda0c10515 (patch)
tree: c521a0e64629f93d2ff577bd3abe69a0d2d5b882 /src
parent: 0339a7ace66934d2aa21f7feccd16ae640c88b8d (diff)
download: ECTester-f4b67923063ca35ae1405d701b461bfda0c10515.tar.gz
ECTester-f4b67923063ca35ae1405d701b461bfda0c10515.tar.zst
ECTester-f4b67923063ca35ae1405d701b461bfda0c10515.zip
4 files changed, 134 insertions, 30 deletions
diff --git a/src/applets/ECKeyGenerator.java b/src/applets/ECKeyGenerator.java
index e9bdfa6..c4b71c0 100644
--- a/src/applets/ECKeyGenerator.java
+++ b/src/applets/ECKeyGenerator.java
@@ -73,39 +73,39 @@ public class ECKeyGenerator {
         if (sw != ISO7816.SW_NO_ERROR) return sw;
 
         //go through all params
-        byte param = EC_Consts.PARAMETER_A;
-        while (param > 0) {
+        short param = EC_Consts.PARAMETER_A;
+        while (param <= EC_Consts.PARAMETER_K) {
             length = EC_Consts.getCurveParameter(curve, param, buffer, offset);
             sw = setParameter(KEY_BOTH, param, buffer, offset, length);
             if (sw != ISO7816.SW_NO_ERROR) break;
-            param = (byte) (param << 1);
+            param = (short) (param << 1);
         }
         return sw;
     }
 
-    public short setCustomInvalidCurve(short keyClass, short keyLength, byte key, byte param, short corruptionType, byte[] buffer, short offset) {
+    public short setCustomInvalidCurve(short keyClass, short keyLength, byte key, short param, short corruptionType, byte[] buffer, short offset) {
         return setCustomInvalidCurve(EC_Consts.getCurve(keyClass, keyLength), key, param, corruptionType, buffer, offset);
     }
 
-    public short setCustomInvalidCurve(byte curve, byte key, byte param, short corruptionType, byte[] buffer, short offset) {
+    public short setCustomInvalidCurve(byte curve, byte key, short param, short corruptionType, byte[] buffer, short offset) {
         short sw = setCustomCurve(curve, buffer, offset);
         if (sw != ISO7816.SW_NO_ERROR) return sw;
 
         //go through param bit by bit, and invalidate all selected params
-        byte paramMask = 0x01;
-        while (paramMask > 0) {
-            byte masked = (byte) (paramMask & param);
+        short paramMask = 0x01;
+        while (paramMask <= EC_Consts.PARAMETER_K) {
+            short masked = (short) (paramMask & param);
             if (masked != 0) {
                 short length = EC_Consts.getCorruptCurveParameter(curve, masked, buffer, offset, corruptionType);
                 sw = setParameter(key, masked, buffer, offset, length);
                 if (sw != ISO7816.SW_NO_ERROR) return sw;
             }
-            paramMask = (byte) (paramMask << 1);
+            paramMask = (short) (paramMask << 1);
         }
         return sw;
     }
 
-    public short setParameter(byte key, byte param, byte[] data, short offset, short length) {
+    public short setParameter(byte key, short param, byte[] data, short offset, short length) {
         short result = ISO7816.SW_NO_ERROR;
         try {
             switch (param) {
@@ -160,6 +160,12 @@ public class ECKeyGenerator {
                     }
                     break;
                 }
+                case EC_Consts.PARAMETER_S:
+                    if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setS(data, offset, length);
+                    break;
+                case EC_Consts.PARAMETER_W:
+                    if ((key & KEY_PUBLIC) != 0) ecPublicKey.setW(data, offset, length);
+                    break;
                 default: {
                     ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
                 }
@@ -237,6 +243,11 @@ public class ECKeyGenerator {
                     if ((key & KEY_PRIVATE) != 0) Util.setShort(outputBuffer, outputOffset, ecPrivateKey.getK());
                     length = 2;
                     break;
+                case EC_Consts.PARAMETER_S:
+                    if ((key & KEY_PRIVATE) != 0) length = ecPrivateKey.getS(outputBuffer, outputOffset);
+                    break;
+                case EC_Consts.PARAMETER_W:
+                    if ((key & KEY_PUBLIC) != 0) length = ecPublicKey.getW(outputBuffer, outputOffset);
                 default:
                     ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
             }
diff --git a/src/applets/EC_Consts.java b/src/applets/EC_Consts.java
index 24d854c..bcf2b14 100644
--- a/src/applets/EC_Consts.java
+++ b/src/applets/EC_Consts.java
@@ -21,14 +21,16 @@ public class EC_Consts {
 
     private static byte[] EC_F2M_F2M = null; //[short i1, short i2, short i3], f = x^m + x^i1 + x^i2 + x^i3 + 1
 
-    public static final byte PARAMETER_FP = 0x01;
-    public static final byte PARAMETER_F2M = 0x02;
+    public static final short PARAMETER_FP = 0x0001;
+    public static final short PARAMETER_F2M = 0x0002;
 
-    public static final byte PARAMETER_A = 0x04;
-    public static final byte PARAMETER_B = 0x08;
-    public static final byte PARAMETER_G = 0x10;
-    public static final byte PARAMETER_R = 0x20;
-    public static final byte PARAMETER_K = 0x40;
+    public static final short PARAMETER_A = 0x0004;
+    public static final short PARAMETER_B = 0x0008;
+    public static final short PARAMETER_G = 0x0010;
+    public static final short PARAMETER_R = 0x0020;
+    public static final short PARAMETER_K = 0x0040;
+    public static final short PARAMETER_S = 0x0080;
+    public static final short PARAMETER_W = 0x0100;
 
     public static RandomData m_random = null;
 
@@ -1658,10 +1660,38 @@ public class EC_Consts {
         } else {
             ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
         }
-        return 0; //will not be reached
+        return 0;
     }
 
-    public static short getCurveParameter(byte curve, byte param, byte[] outputBuffer, short outputOffset) {
+    public static byte getAnomalousCurve(short keyClass, short keyLength) {
+        if (keyClass == KeyPair.ALG_EC_FP) {
+            switch (keyLength) {
+                case (short) 128:
+                    return CURVE_sp128;
+                case (short) 160:
+                    return CURVE_sp160;
+                case (short) 192:
+                    return CURVE_sp192;
+                case (short) 224:
+                    return CURVE_sp224;
+                case (short) 256:
+                    return CURVE_sp256;
+                case (short) 384:
+                    return CURVE_sp384;
+                case (short) 521:
+                    return CURVE_sp521;
+                default:
+                    ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
+            }
+        } else if (keyClass == KeyPair.ALG_EC_F2M) {
+            return 0;
+        } else {
+            ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
+        }
+        return 0;
+    }
+
+    public static short getCurveParameter(byte curve, short param, byte[] outputBuffer, short outputOffset) {
         byte alg = getCurveType(curve);
         switch (curve) {
             case CURVE_secp128r1: {
@@ -1905,7 +1935,7 @@ public class EC_Consts {
         return length;
     }
 
-    public static short getCorruptCurveParameter(byte curve, byte param, byte[] outputBuffer, short outputOffset, short corruptionType) {
+    public static short getCorruptCurveParameter(byte curve, short param, byte[] outputBuffer, short outputOffset, short corruptionType) {
         short length = getCurveParameter(curve, param, outputBuffer, outputOffset);
         if (length <= 0) {
             return length;
diff --git a/src/applets/SimpleECCApplet.java b/src/applets/SimpleECCApplet.java
index 9901aee..8cc4237 100644
--- a/src/applets/SimpleECCApplet.java
+++ b/src/applets/SimpleECCApplet.java
@@ -53,8 +53,11 @@ public class SimpleECCApplet extends Applet {
     public final static byte ECTEST_SET_EXTERNALCURVE = (byte) 0xcb;
     public final static byte ECTEST_GENERATE_KEYPAIR_EXTERNALCURVE = (byte) 0xcc;
     public final static byte ECTEST_ECDSA_SIGNATURE = (byte) 0xcd;
-    public final static byte ECTEST_SET_INVALIDFIELD = (byte) 0xce;
-    public final static byte ECTEST_GENERATE_KEYPAIR_INVALIDFIELD = (byte) 0xcf;
+    public final static byte ECTEST_SET_ANOMALOUSCURVE = (byte) 0xce;
+    public final static byte ECTEST_GENERATE_KEYPAIR_ANOMALOUSCURVE = (byte) 0xcf;
+    public final static byte ECTEST_ECDH_AGREEMENT_SMALL_DEGREE_POINT = (byte) 0xd0;
+    public final static byte ECTEST_SET_INVALIDFIELD = (byte) 0xd1;
+    public final static byte ECTEST_GENERATE_KEYPAIR_INVALIDFIELD = (byte) 0xd2;
 
     public final static short FLAG_ECTEST_ALLOCATE_KEYPAIR = (short) 0x0001;
     public final static short FLAG_ECTEST_GENERATE_KEYPAIR_DEFCURVE = (short) 0x0002;
@@ -65,8 +68,11 @@ public class SimpleECCApplet extends Applet {
     public final static short FLAG_ECTEST_ECDH_AGREEMENT_VALID_POINT = (short) 0x0040;
     public final static short FLAG_ECTEST_ECDH_AGREEMENT_INVALID_POINT = (short) 0x0080;
     public final static short FLAG_ECTEST_ECDSA_SIGNATURE = (short) 0x0100;
-    public final static short FLAG_ECTEST_SET_INVALIDFIELD = (short) 0x0200;
-    public final static short FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDFIELD = (short) 0x0400;
+    public final static short FLAG_ECTEST_SET_ANOMALOUSCURVE = (short) 0x0200;
+    public final static short FLAG_ECTEST_GENERATE_KEYPAIR_ANOMALOUSCUVE = (short) 0x0400;
+    public final static short FLAG_ECTEST_ECDH_AGREEMENT_SMALL_DEGREE_POINT = (short) 0x0800;
+    public final static short FLAG_ECTEST_SET_INVALIDFIELD = (short) 0x1000;
+    public final static short FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDFIELD = (short) 0x2000;
 
     public final static short FLAG_ECTEST_ALL = (short) 0xffff;
 
@@ -341,13 +347,55 @@ public class SimpleECCApplet extends Applet {
             if (sw == ISO7816.SW_NO_ERROR) {
                 sw = ecKeyTester.testECDSA(ecPrivKey, ecPubKey, m_ramArray2, (short) 0, (short) m_ramArray2.length, m_ramArray, (short) 0);
             }
+        }
+        Util.setShort(buffer, bufferOffset, sw);
+        bufferOffset += 2;
+
+        //
+        // 8. Set anomalous custom curve
+        //
+        buffer[bufferOffset] = ECTEST_SET_ANOMALOUSCURVE;
+        bufferOffset++;
+        sw = SW_SKIPPED;
+        if ((testFlags & FLAG_ECTEST_SET_ANOMALOUSCURVE) != (short) 0) {
+            sw = ecKeyGenerator.setCustomCurve(EC_Consts.getAnomalousCurve(keyClass, keyLen), m_ramArray, (short) 0);
+            if (sw != ISO7816.SW_NO_ERROR) {
+                testFlags &= ~FLAG_ECTEST_GENERATE_KEYPAIR_ANOMALOUSCUVE;
+            }
+        }
+        Util.setShort(buffer, bufferOffset, sw);
+        bufferOffset += 2;
+
+        //
+        // 9. Generate keypair with anomalous custom curve
+        //
+
+        buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_ANOMALOUSCURVE;
+        bufferOffset++;
+        sw = SW_SKIPPED;
+        if ((testFlags & FLAG_ECTEST_GENERATE_KEYPAIR_ANOMALOUSCUVE) != (short) 0) {
+            sw = ecKeyGenerator.generatePair();
+        }
+        Util.setShort(buffer, bufferOffset, sw);
+        bufferOffset += 2;
 
+        //
+        // 10. Test small degree pubkey
+        //
+
+        buffer[bufferOffset] = ECTEST_ECDH_AGREEMENT_SMALL_DEGREE_POINT;
+        bufferOffset++;
+        sw = SW_SKIPPED;
+        if ((testFlags & FLAG_ECTEST_ECDH_AGREEMENT_SMALL_DEGREE_POINT) != (short) 0) {
+            ecPubKey = ecKeyGenerator.getPublicKey();
+            ecPrivKey = ecKeyGenerator.getPrivateKey();
+            sw = ecKeyTester.testECDH_validPoint(ecPrivKey, ecPubKey, m_ramArray, (short) 0, m_ramArray2, (short) 1);
         }
         Util.setShort(buffer, bufferOffset, sw);
         bufferOffset += 2;
 
         //
-        // 8. Set invalid custom curve
+        // 11. Set invalid custom curve
         //
         buffer[bufferOffset] = ECTEST_SET_INVALIDCURVE;
         bufferOffset++;
@@ -363,7 +411,7 @@ public class SimpleECCApplet extends Applet {
         bufferOffset += 2;
 
         //
-        // 9. Generate keypair with invalid custom curve
+        // 12. Generate keypair with invalid custom curve
         //
         buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE;
         bufferOffset++;
@@ -375,7 +423,7 @@ public class SimpleECCApplet extends Applet {
         bufferOffset += 2;
 
         //
-        // 10. Set invalid field
+        // 13. Set invalid field
         //
         buffer[bufferOffset] = ECTEST_SET_INVALIDFIELD;
         bufferOffset++;
@@ -393,7 +441,7 @@ public class SimpleECCApplet extends Applet {
         Util.setShort(buffer, bufferOffset, sw);
         bufferOffset += 2;
 
-        // 11. Generate key with invalid field
+        // 14. Generate key with invalid field
         buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_INVALIDFIELD;
         bufferOffset++;
         sw = SW_SKIPPED;
diff --git a/src/simpleapdu/SimpleAPDU.java b/src/simpleapdu/SimpleAPDU.java
index 77478a0..44bf302 100644
--- a/src/simpleapdu/SimpleAPDU.java
+++ b/src/simpleapdu/SimpleAPDU.java
@@ -5,6 +5,7 @@ import applets.SimpleECCApplet;
 import javacard.framework.ISO7816;
 import javacard.security.CryptoException;
 import javacard.security.KeyPair;
+import sun.java2d.pipe.SpanShapeRenderer;
 
 import javax.smartcardio.ResponseAPDU;
 import java.io.FileNotFoundException;
@@ -73,6 +74,7 @@ public class SimpleAPDU {
     static void testSupportECGivenAlg(byte[] apdu, CardMngr cardManager) throws Exception {
         ReconnnectToCard();
         ResponseAPDU resp = cardManager.sendAPDU(apdu);
+        //byte[] resp = cardManager.sendAPDUSimulator(apdu);
         PrintECSupport(resp);
     }
 
@@ -143,7 +145,11 @@ public class SimpleAPDU {
 
         try {
             if (testAll) {
+                //byte[] installData = new byte[10];
+                //byte[] AID = {(byte) 0x4C, (byte) 0x61, (byte) 0x62, (byte) 0x61, (byte) 0x6B, (byte) 0x41, (byte) 0x70, (byte) 0x70, (byte) 0x6C, (byte) 0x65, (byte) 0x74};
+                //cardManager.prepareLocalSimulatorApplet(AID, installData, SimpleECCApplet.class);
                 if (cardManager.ConnectToCard()) {
+
                     // Test all default curves for both fields
                     testSupportECAll(cardManager);
 
@@ -301,7 +307,10 @@ public class SimpleAPDU {
     }
 
     static void PrintECSupport(ResponseAPDU resp) {
-        byte[] buffer = resp.getData();
+        PrintECSupport(resp.getData());
+    }
+
+    static void PrintECSupport(byte[] buffer) {
 
         m_SystemOutLogger.println();
         m_SystemOutLogger.println("### Test for support and with valid and invalid EC curves");
@@ -329,6 +338,9 @@ public class SimpleAPDU {
             bufferOffset = VerifyPrintResult("ECDH agreement with valid point:", SimpleECCApplet.ECTEST_ECDH_AGREEMENT_VALID_POINT, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED);
             bufferOffset = VerifyPrintResult("ECDH agreement with invalid point (fail is good):", SimpleECCApplet.ECTEST_ECDH_AGREEMENT_INVALID_POINT, buffer, bufferOffset, ExpResult.MUST_FAIL);
             bufferOffset = VerifyPrintResult("ECDSA signature on random data:", SimpleECCApplet.ECTEST_ECDSA_SIGNATURE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED);
+            bufferOffset = VerifyPrintResult("Set anomalous custom curve (may fail):", SimpleECCApplet.ECTEST_SET_ANOMALOUSCURVE, buffer, bufferOffset, ExpResult.MAY_FAIL);
+            bufferOffset = VerifyPrintResult("Generate key with anomalous curve (may fail):", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_ANOMALOUSCURVE, buffer, bufferOffset, ExpResult.MAY_FAIL);
+            bufferOffset = VerifyPrintResult("ECDH agreement with small order point (fail is good):", SimpleECCApplet.ECTEST_ECDH_AGREEMENT_SMALL_DEGREE_POINT, buffer, bufferOffset, ExpResult.MUST_FAIL);
             bufferOffset = VerifyPrintResult("Set invalid custom curve (may fail):", SimpleECCApplet.ECTEST_SET_INVALIDCURVE, buffer, bufferOffset, ExpResult.MAY_FAIL);
             bufferOffset = VerifyPrintResult("Generate key with invalid curve (fail is good):", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE, buffer, bufferOffset, ExpResult.MUST_FAIL);
             bufferOffset = VerifyPrintResult("Set invalid field (may fail):", SimpleECCApplet.ECTEST_SET_INVALIDFIELD, buffer, bufferOffset, ExpResult.MAY_FAIL);
@@ -339,7 +351,10 @@ public class SimpleAPDU {
     }
 
     static void PrintECKeyGenInvalidCurveB(ResponseAPDU resp) {
-        byte[] buffer = resp.getData();
+        PrintECKeyGenInvalidCurveB(resp.getData());
+    }
+
+    static void PrintECKeyGenInvalidCurveB(byte[] buffer) {
 
         m_SystemOutLogger.println();
         m_SystemOutLogger.println("### Test for computation with invalid parameter B for EC curve");
author	J08nY	2016-11-28 22:34:50 +0100
committer	J08nY	2016-11-28 22:35:48 +0100
commit	f4b67923063ca35ae1405d701b461bfda0c10515 (patch)
tree	c521a0e64629f93d2ff577bd3abe69a0d2d5b882 /src
parent	0339a7ace66934d2aa21f7feccd16ae640c88b8d (diff)
download	ECTester-f4b67923063ca35ae1405d701b461bfda0c10515.tar.gz ECTester-f4b67923063ca35ae1405d701b461bfda0c10515.tar.zst ECTester-f4b67923063ca35ae1405d701b461bfda0c10515.zip