diff options
| author | J08nY | 2018-05-29 17:42:25 +0200 |
|---|---|---|
| committer | J08nY | 2018-05-29 17:42:25 +0200 |
| commit | d970a9c64a8363a5b6b6fc65c1a767ea6951c298 (patch) | |
| tree | ec044d8288ad99e791b700b952de727af660fc35 /src | |
| parent | 298ffc18e590d07eb04d2c5c2b1d553f8fba71bd (diff) | |
| download | ECTester-d970a9c64a8363a5b6b6fc65c1a767ea6951c298.tar.gz ECTester-d970a9c64a8363a5b6b6fc65c1a767ea6951c298.tar.zst ECTester-d970a9c64a8363a5b6b6fc65c1a767ea6951c298.zip | |
Diffstat (limited to 'src')
12 files changed, 89 insertions, 23 deletions
diff --git a/src/cz/crcs/ectester/common/test/TestSuite.java b/src/cz/crcs/ectester/common/test/TestSuite.java index 9e08891..c8bb3f8 100644 --- a/src/cz/crcs/ectester/common/test/TestSuite.java +++ b/src/cz/crcs/ectester/common/test/TestSuite.java @@ -7,11 +7,11 @@ import cz.crcs.ectester.common.output.TestWriter; */ public abstract class TestSuite { protected String name; - protected String description; + protected String[] description; private TestWriter writer; private Test running; - public TestSuite(TestWriter writer, String name, String description) { + public TestSuite(TestWriter writer, String name, String... description) { this.writer = writer; this.name = name; this.description = description; @@ -70,7 +70,7 @@ public abstract class TestSuite { } public String getDescription() { - return description; + return String.join(System.lineSeparator(), description); } } diff --git a/src/cz/crcs/ectester/reader/test/CardCompressionSuite.java b/src/cz/crcs/ectester/reader/test/CardCompressionSuite.java index e58c38d..35cfd1d 100644 --- a/src/cz/crcs/ectester/reader/test/CardCompressionSuite.java +++ b/src/cz/crcs/ectester/reader/test/CardCompressionSuite.java @@ -24,7 +24,7 @@ import java.util.List; */ public class CardCompressionSuite extends CardTestSuite { public CardCompressionSuite(TestWriter writer, ECTesterReader.Config cfg, CardMngr cardManager) { - super(writer, cfg, cardManager, "compression", "The compression test suite tests cards support for compressed points in ECDH (as per ANSI X9.62).\n" + + super(writer, cfg, cardManager, "compression", "The compression test suite tests cards support for compressed points in ECDH (as per ANSI X9.62).", "It also tests for handling of bogus input by using the point at infinity and a hybrid point with the y coordinate corrupted."); } diff --git a/src/cz/crcs/ectester/reader/test/CardDegenerateCurvesSuite.java b/src/cz/crcs/ectester/reader/test/CardDegenerateCurvesSuite.java index 217544b..0cc9186 100644 --- a/src/cz/crcs/ectester/reader/test/CardDegenerateCurvesSuite.java +++ b/src/cz/crcs/ectester/reader/test/CardDegenerateCurvesSuite.java @@ -23,7 +23,7 @@ import java.util.Map; public class CardDegenerateCurvesSuite extends CardTestSuite { public CardDegenerateCurvesSuite(TestWriter writer, ECTesterReader.Config cfg, CardMngr cardManager) { - super(writer, cfg, cardManager, "degenerate", "The degenerate suite tests whether the card rejects points outside of the curve during ECDH.\n" + + super(writer, cfg, cardManager, "degenerate", "The degenerate suite tests whether the card rejects points outside of the curve during ECDH.", "The tested points lie on a part of the plane for which some Edwards, Hessian and Huff form addition formulas work."); } diff --git a/src/cz/crcs/ectester/reader/test/CardEdgeCasesSuite.java b/src/cz/crcs/ectester/reader/test/CardEdgeCasesSuite.java index 0a4515a..211dc58 100644 --- a/src/cz/crcs/ectester/reader/test/CardEdgeCasesSuite.java +++ b/src/cz/crcs/ectester/reader/test/CardEdgeCasesSuite.java @@ -27,7 +27,7 @@ import java.util.Map; */ public class CardEdgeCasesSuite extends CardTestSuite { public CardEdgeCasesSuite(TestWriter writer, ECTesterReader.Config cfg, CardMngr cardManager) { - super(writer, cfg, cardManager, "edge-cases", "The edge-cases test suite tests various inputs to ECDH which may cause an implementation to achieve a certain edge-case state during ECDH.\n" + + super(writer, cfg, cardManager, "edge-cases", "The edge-cases test suite tests various inputs to ECDH which may cause an implementation to achieve a certain edge-case state during ECDH.", "Some of the data is from the google/Wycheproof project. Tests include CVE-2017-10176 and CVE-2017-8932."); } diff --git a/src/cz/crcs/ectester/reader/test/CardTestSuite.java b/src/cz/crcs/ectester/reader/test/CardTestSuite.java index 0eccd16..3578f9c 100644 --- a/src/cz/crcs/ectester/reader/test/CardTestSuite.java +++ b/src/cz/crcs/ectester/reader/test/CardTestSuite.java @@ -12,7 +12,7 @@ public abstract class CardTestSuite extends TestSuite { ECTesterReader.Config cfg; CardMngr card; - CardTestSuite(TestWriter writer, ECTesterReader.Config cfg, CardMngr cardManager, String name, String description) { + CardTestSuite(TestWriter writer, ECTesterReader.Config cfg, CardMngr cardManager, String name, String... description) { super(writer, name, description); this.card = cardManager; this.cfg = cfg; diff --git a/src/cz/crcs/ectester/standalone/ECTesterStandalone.java b/src/cz/crcs/ectester/standalone/ECTesterStandalone.java index 392d604..18bfce6 100644 --- a/src/cz/crcs/ectester/standalone/ECTesterStandalone.java +++ b/src/cz/crcs/ectester/standalone/ECTesterStandalone.java @@ -141,6 +141,7 @@ public class ECTesterStandalone { testOpts.addOption(Option.builder("kt").longOpt("ka-type").desc("Set the KeyAgreement object [type].").hasArg().argName("type").optionalArg(false).build()); testOpts.addOption(Option.builder("st").longOpt("sig-type").desc("Set the Signature object [type].").hasArg().argName("type").optionalArg(false).build()); testOpts.addOption(Option.builder("f").longOpt("format").desc("Set the output format, one of text,yaml,xml.").hasArg().argName("format").optionalArg(false).build()); + testOpts.addOption(Option.builder().longOpt("key-type").desc("Set the key [algorithm] for which the key should be derived in KeyAgreements with KDF.").hasArg().argName("algorithm").optionalArg(false).build()); List<Argument> testArgs = new LinkedList<>(); testArgs.add(new Argument("test_suite", "The test suite to run.", true)); ParserOptions test = new ParserOptions(new DefaultParser(), testOpts, testArgs); diff --git a/src/cz/crcs/ectester/standalone/consts/KeyAgreementIdent.java b/src/cz/crcs/ectester/standalone/consts/KeyAgreementIdent.java index 0e4d311..6aae423 100644 --- a/src/cz/crcs/ectester/standalone/consts/KeyAgreementIdent.java +++ b/src/cz/crcs/ectester/standalone/consts/KeyAgreementIdent.java @@ -10,6 +10,8 @@ import java.util.List; * @author Jan Jancar johny@neuromancer.sk */ public class KeyAgreementIdent extends Ident { + private boolean requiresKeyAlgo; + private static final List<KeyAgreementIdent> ALL = new LinkedList<>(); static { @@ -18,16 +20,16 @@ public class KeyAgreementIdent extends Ident { ALL.add(new KeyAgreementIdent("ECDH")); ALL.add(new KeyAgreementIdent("ECDHC", "ECCDH")); // ECDH and ECDHC with SHA as KDF, OIDs from RFC 3278 - ALL.add(new KeyAgreementIdent("ECDHwithSHA1KDF", "1.3.133.16.840.63.0.2")); - ALL.add(new KeyAgreementIdent("ECCDHwithSHA1KDF", "1.3.133.16.840.63.0.3")); - ALL.add(new KeyAgreementIdent("ECDHwithSHA224KDF", "1.3.132.1.11.0")); - ALL.add(new KeyAgreementIdent("ECCDHwithSHA224KDF", "1.3.132.1.14.0")); - ALL.add(new KeyAgreementIdent("ECDHwithSHA256KDF", "1.3.132.1.11.1")); - ALL.add(new KeyAgreementIdent("ECCDHwithSHA256KDF", "1.3.132.1.14.1")); - ALL.add(new KeyAgreementIdent("ECDHwithSHA384KDF", "1.3.132.1.11.2")); - ALL.add(new KeyAgreementIdent("ECCDHwithSHA384KDF", "1.3.132.1.14.2")); - ALL.add(new KeyAgreementIdent("ECDHwithSHA512KDF", "1.3.132.1.11.3")); - ALL.add(new KeyAgreementIdent("ECCDHwithSHA512KDF", "1.3.132.1.14.3")); + ALL.add(new KeyAgreementIdent("ECDHwithSHA1KDF", true, "1.3.133.16.840.63.0.2")); + ALL.add(new KeyAgreementIdent("ECCDHwithSHA1KDF", true, "1.3.133.16.840.63.0.3")); + ALL.add(new KeyAgreementIdent("ECDHwithSHA224KDF",true, "1.3.132.1.11.0")); + ALL.add(new KeyAgreementIdent("ECCDHwithSHA224KDF", true, "1.3.132.1.14.0")); + ALL.add(new KeyAgreementIdent("ECDHwithSHA256KDF", true, "1.3.132.1.11.1")); + ALL.add(new KeyAgreementIdent("ECCDHwithSHA256KDF", true, "1.3.132.1.14.1")); + ALL.add(new KeyAgreementIdent("ECDHwithSHA384KDF", true, "1.3.132.1.11.2")); + ALL.add(new KeyAgreementIdent("ECCDHwithSHA384KDF", true, "1.3.132.1.14.2")); + ALL.add(new KeyAgreementIdent("ECDHwithSHA512KDF", true, "1.3.132.1.11.3")); + ALL.add(new KeyAgreementIdent("ECCDHwithSHA512KDF", true, "1.3.132.1.14.3")); // ECMQV - Disable for now as it needs diferent params(too different from DH) //ALL.add(new KeyAgreementIdent("ECMQV")); //ALL.add(new KeyAgreementIdent("ECMQVwithSHA1CKDF", "1.3.133.16.840.63.0.16")); @@ -54,6 +56,15 @@ public class KeyAgreementIdent extends Ident { super(name, aliases); } + private KeyAgreementIdent(String name, boolean requiresKeyAlgo, String... aliases) { + this(name, aliases); + this.requiresKeyAlgo = requiresKeyAlgo; + } + + public boolean requiresKeyAlgo() { + return requiresKeyAlgo; + } + public KeyAgreement getInstance(Provider provider) throws NoSuchAlgorithmException { KeyAgreement instance = getInstance((algorithm, provider1) -> { try { diff --git a/src/cz/crcs/ectester/standalone/libs/jni/NativeKeyAgreementSpi.java b/src/cz/crcs/ectester/standalone/libs/jni/NativeKeyAgreementSpi.java index 37c9add..f3242ba 100644 --- a/src/cz/crcs/ectester/standalone/libs/jni/NativeKeyAgreementSpi.java +++ b/src/cz/crcs/ectester/standalone/libs/jni/NativeKeyAgreementSpi.java @@ -5,6 +5,7 @@ import cz.crcs.ectester.common.util.ECUtil; import javax.crypto.KeyAgreementSpi; import javax.crypto.SecretKey; import javax.crypto.ShortBufferException; +import javax.crypto.spec.SecretKeySpec; import java.security.*; import java.security.interfaces.ECPrivateKey; import java.security.interfaces.ECPublicKey; @@ -77,7 +78,8 @@ public abstract class NativeKeyAgreementSpi extends KeyAgreementSpi { @Override protected SecretKey engineGenerateSecret(String algorithm) throws IllegalStateException, NoSuchAlgorithmException, InvalidKeyException { - throw new NoSuchAlgorithmException(algorithm); + // TODO: This is dangerous! + return new SecretKeySpec(engineGenerateSecret(), algorithm); } abstract byte[] generateSecret(byte[] pubkey, byte[] privkey, ECParameterSpec params); diff --git a/src/cz/crcs/ectester/standalone/test/base/KeyAgreementTest.java b/src/cz/crcs/ectester/standalone/test/base/KeyAgreementTest.java index 8297d76..bfd39fc 100644 --- a/src/cz/crcs/ectester/standalone/test/base/KeyAgreementTest.java +++ b/src/cz/crcs/ectester/standalone/test/base/KeyAgreementTest.java @@ -43,6 +43,7 @@ public class KeyAgreementTest extends SimpleTest<KeyAgreementTestable> { @Override public String getDescription() { - return "KeyAgreement " + testable.getKa().getAlgorithm(); + String keyAlgo = testable.getKeyAlgorithm() == null ? "" : " (" + testable.getKeyAlgorithm() + ")"; + return "KeyAgreement " + testable.getKa().getAlgorithm() + keyAlgo; } } diff --git a/src/cz/crcs/ectester/standalone/test/base/KeyAgreementTestable.java b/src/cz/crcs/ectester/standalone/test/base/KeyAgreementTestable.java index 1447373..1382c28 100644 --- a/src/cz/crcs/ectester/standalone/test/base/KeyAgreementTestable.java +++ b/src/cz/crcs/ectester/standalone/test/base/KeyAgreementTestable.java @@ -1,6 +1,7 @@ package cz.crcs.ectester.standalone.test.base; import javax.crypto.KeyAgreement; +import javax.crypto.SecretKey; import java.security.InvalidAlgorithmParameterException; import java.security.InvalidKeyException; import java.security.interfaces.ECPrivateKey; @@ -18,7 +19,9 @@ public class KeyAgreementTestable extends StandaloneTestable<KeyAgreementTestabl private KeyGeneratorTestable kgtPrivate; private KeyGeneratorTestable kgtPublic; private AlgorithmParameterSpec spec; + private String keyAlgo; private byte[] secret; + private SecretKey derived; public KeyAgreementTestable(KeyAgreement ka, ECPrivateKey privateKey, ECPublicKey publicKey) { this.ka = ka; @@ -26,27 +29,56 @@ public class KeyAgreementTestable extends StandaloneTestable<KeyAgreementTestabl this.publicKey = publicKey; } + public KeyAgreementTestable(KeyAgreement ka, ECPrivateKey privateKey, ECPublicKey publicKey, String keyAlgo) { + this(ka, privateKey, publicKey); + this.keyAlgo = keyAlgo; + } + public KeyAgreementTestable(KeyAgreement ka, ECPrivateKey privateKey, ECPublicKey publicKey, ECParameterSpec spec) { this(ka, privateKey, publicKey); this.spec = spec; } + public KeyAgreementTestable(KeyAgreement ka, ECPrivateKey privateKey, ECPublicKey publicKey, ECParameterSpec spec, String keyAlgo) { + this(ka, privateKey, publicKey, spec); + this.keyAlgo = keyAlgo; + } + public KeyAgreementTestable(KeyAgreement ka, KeyGeneratorTestable kgt, ECPrivateKey privateKey, ECParameterSpec spec) { this(ka, privateKey, null, spec); this.kgtPublic = kgt; } + public KeyAgreementTestable(KeyAgreement ka, KeyGeneratorTestable kgt, ECPrivateKey privateKey, ECParameterSpec spec, String keyAlgo) { + this(ka, kgt, privateKey, spec); + this.keyAlgo = keyAlgo; + } + public KeyAgreementTestable(KeyAgreement ka, ECPublicKey publicKey, KeyGeneratorTestable kgt, ECParameterSpec spec) { this(ka, null, publicKey, spec); this.kgtPrivate = kgt; } + public KeyAgreementTestable(KeyAgreement ka, ECPublicKey publicKey, KeyGeneratorTestable kgt, ECParameterSpec spec, String keyAlgo) { + this(ka, publicKey, kgt, spec); + this.keyAlgo = keyAlgo; + } + public KeyAgreementTestable(KeyAgreement ka, KeyGeneratorTestable privKgt, KeyGeneratorTestable pubKgt, ECParameterSpec spec) { this(ka, (ECPrivateKey) null, null, spec); this.kgtPrivate = privKgt; this.kgtPublic = pubKgt; } + public KeyAgreementTestable(KeyAgreement ka, KeyGeneratorTestable privKgt, KeyGeneratorTestable pubKgt, ECParameterSpec spec, String keyAlgo) { + this(ka, privKgt, pubKgt, spec); + this.keyAlgo = keyAlgo; + } + + public String getKeyAlgorithm() { + return keyAlgo; + } + public KeyAgreement getKa() { return ka; } @@ -66,6 +98,13 @@ public class KeyAgreementTestable extends StandaloneTestable<KeyAgreementTestabl return secret; } + public SecretKey getDerivedKey() { + if (!hasRun) { + return null; + } + return derived; + } + @Override public void run() { try { @@ -101,7 +140,12 @@ public class KeyAgreementTestable extends StandaloneTestable<KeyAgreementTestabl stage = KeyAgreementStage.GenerateSecret; try { - secret = ka.generateSecret(); + if (keyAlgo != null) { + derived = ka.generateSecret(keyAlgo); + secret = derived.getEncoded(); + } else { + secret = ka.generateSecret(); + } } catch (IllegalStateException | UnsupportedOperationException e) { failOnException(e); return; diff --git a/src/cz/crcs/ectester/standalone/test/suites/StandaloneDefaultSuite.java b/src/cz/crcs/ectester/standalone/test/suites/StandaloneDefaultSuite.java index e030664..1c14ecc 100644 --- a/src/cz/crcs/ectester/standalone/test/suites/StandaloneDefaultSuite.java +++ b/src/cz/crcs/ectester/standalone/test/suites/StandaloneDefaultSuite.java @@ -23,7 +23,7 @@ import java.util.Optional; public class StandaloneDefaultSuite extends StandaloneTestSuite { public StandaloneDefaultSuite(TestWriter writer, ECTesterStandalone.Config cfg, TreeCommandLine cli) { - super(writer, cfg, cli, "default", "The default test suite run basic support of ECDH and ECDSA."); + super(writer, cfg, cli, "default", "The default test suite run basic support of ECDH and ECDSA.", "Supports options:", "\t - gt/kpg-type", "\t - kt/ka-type", "\t - st/sig-type", "\t - key-type"); } @Override @@ -31,6 +31,7 @@ public class StandaloneDefaultSuite extends StandaloneTestSuite { String kpgAlgo = cli.getOptionValue("test.kpg-type"); String kaAlgo = cli.getOptionValue("test.ka-type"); String sigAlgo = cli.getOptionValue("test.sig-type"); + String keyAlgo = cli.getOptionValue("test.key-type", "AES"); KeyPairGeneratorIdent kpgIdent; @@ -88,7 +89,13 @@ public class StandaloneDefaultSuite extends StandaloneTestSuite { for (KeyAgreementIdent kaIdent : cfg.selected.getKAs()) { if (kaAlgo == null || kaIdent.contains(kaAlgo)) { KeyAgreement ka = kaIdent.getInstance(cfg.selected.getProvider()); - doTest(KeyAgreementTest.expect(new KeyAgreementTestable(ka, kgtOne, kgtOther, spec), Result.ExpectedValue.SUCCESS)); + KeyAgreementTestable testable; + if (kaIdent.requiresKeyAlgo()) { + testable = new KeyAgreementTestable(ka, kgtOne, kgtOther, spec, keyAlgo); + } else { + testable = new KeyAgreementTestable(ka, kgtOne, kgtOther, spec); + } + doTest(KeyAgreementTest.expect(testable, Result.ExpectedValue.SUCCESS)); } } for (SignatureIdent sigIdent : cfg.selected.getSigs()) { diff --git a/src/cz/crcs/ectester/standalone/test/suites/StandaloneTestSuite.java b/src/cz/crcs/ectester/standalone/test/suites/StandaloneTestSuite.java index c01f8cd..e4e0013 100644 --- a/src/cz/crcs/ectester/standalone/test/suites/StandaloneTestSuite.java +++ b/src/cz/crcs/ectester/standalone/test/suites/StandaloneTestSuite.java @@ -13,7 +13,7 @@ public abstract class StandaloneTestSuite extends TestSuite { TreeCommandLine cli; ECTesterStandalone.Config cfg; - public StandaloneTestSuite(TestWriter writer, ECTesterStandalone.Config cfg, TreeCommandLine cli, String name, String description) { + public StandaloneTestSuite(TestWriter writer, ECTesterStandalone.Config cfg, TreeCommandLine cli, String name, String... description) { super(writer, name, description); this.cfg = cfg; this.cli = cli; |