diff options
| author | Ján Jančár | 2024-08-09 20:33:18 +0200 |
|---|---|---|
| committer | GitHub | 2024-08-09 20:33:18 +0200 |
| commit | a5a6ef2b5776573d5bd55d6c75f806d752b957c5 (patch) | |
| tree | de46d4ccd6baea24133b5d39c218158079a40d70 /standalone/src/main/java | |
| parent | 91b425798be6cbc918a9b892d7e76eababc08d6b (diff) | |
| parent | 65ddb496e2090581e40bce003f6c14490e6cf5fb (diff) | |
| download | ECTester-a5a6ef2b5776573d5bd55d6c75f806d752b957c5.tar.gz ECTester-a5a6ef2b5776573d5bd55d6c75f806d752b957c5.tar.zst ECTester-a5a6ef2b5776573d5bd55d6c75f806d752b957c5.zip | |
Merge branch 'master' into build-with-nix
Diffstat (limited to 'standalone/src/main/java')
37 files changed, 827 insertions, 892 deletions
diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/ECTesterStandalone.java b/standalone/src/main/java/cz/crcs/ectester/standalone/ECTesterStandalone.java index e6d8188..04537f0 100644 --- a/standalone/src/main/java/cz/crcs/ectester/standalone/ECTesterStandalone.java +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/ECTesterStandalone.java @@ -31,6 +31,7 @@ import cz.crcs.ectester.common.test.TestException; import cz.crcs.ectester.common.util.ByteUtil; import cz.crcs.ectester.common.util.ECUtil; import cz.crcs.ectester.common.util.FileUtil; +import cz.crcs.ectester.common.util.Util; import cz.crcs.ectester.data.EC_Store; import cz.crcs.ectester.standalone.consts.KeyAgreementIdent; import cz.crcs.ectester.standalone.consts.KeyPairGeneratorIdent; @@ -71,7 +72,7 @@ public class ECTesterStandalone { private ProviderECLibrary[] libs; private Config cfg; - private Options opts = new Options(); + private final Options opts = new Options(); private TreeParser optParser; private TreeCommandLine cli; public static final String VERSION = "v0.3.3"; @@ -104,12 +105,52 @@ public class ECTesterStandalone { if (!System.getProperty("os.name").startsWith("Windows")) { FileUtil.write(LIB_RESOURCE_DIR + "lib_timing.so", reqs.resolve("lib_timing.so")); - System.load(reqs.resolve("lib_timing.so").toString()); - + FileUtil.write(LIB_RESOURCE_DIR + "lib_preload.so", reqs.resolve("lib_preload.so")); + FileUtil.write(LIB_RESOURCE_DIR + "lib_prng.so", reqs.resolve("lib_prng.so")); FileUtil.write(LIB_RESOURCE_DIR + "lib_csignals.so", reqs.resolve("lib_csignals.so")); - System.load(reqs.resolve("lib_csignals.so").toString()); FileUtil.write(LIB_RESOURCE_DIR + "lib_cppsignals.so", reqs.resolve("lib_cppsignals.so")); - System.load(reqs.resolve("lib_cppsignals.so").toString()); + + String preloadLibPath = reqs.resolve("lib_preload.so").toAbsolutePath().toString(); + String preload = System.getenv("LD_PRELOAD"); + if (preload == null && !cli.hasOption("no-preload")) { + ProcessBuilder builder = new ProcessBuilder(); + Map<String, String> env = builder.environment(); + env.put("LD_PRELOAD", preloadLibPath); + + ProcessHandle.Info info = ProcessHandle.current().info(); + List<String> argList = new LinkedList<>(); + if (info.command().isPresent()) { + argList.add(info.command().get()); + } else { + System.err.println("Cannot locate command to spawn preloaded-subprocess."); + return; + } + if (info.arguments().isPresent()) { + argList.addAll(List.of(info.arguments().get())); + } else { + System.err.println("Cannot locate arguments to spawn preloaded-subprocess."); + return; + } + builder.command(argList); + builder.inheritIO(); + + Process process = builder.start(); + int result; + while (true) { + try { + result = process.waitFor(); + break; + } catch (InterruptedException ignored) { + } + } + System.exit(result); + } else { + // Load the utility libs. + System.load(reqs.resolve("lib_prng.so").toString()); + System.load(reqs.resolve("lib_timing.so").toString()); + System.load(reqs.resolve("lib_csignals.so").toString()); + System.load(reqs.resolve("lib_cppsignals.so").toString()); + } } List<ProviderECLibrary> libObjects = new LinkedList<>(); @@ -191,7 +232,15 @@ public class ECTesterStandalone { Option output = Option.builder("o").longOpt("output").desc("Output into file <output_file>. The file can be prefixed by the format (one of text,yml,xml), such as: xml:<output_file>.").hasArgs().argName("output_file").optionalArg(false).numberOfArgs(1).build(); Option outputRaw = Option.builder("o").longOpt("output").desc("Output CSV into file <output_file>.").hasArgs().argName("output_file").optionalArg(false).numberOfArgs(1).build(); Option quiet = Option.builder("q").longOpt("quiet").desc("Do not output to stdout.").build(); - Option timeSource = Option.builder("ts").longOpt("time-source").desc("Use a given native timing source: {rdtsc, monotonic, monotonic-raw, cputime-process, cputime-thread, perfcount}").hasArgs().argName("source").optionalArg(false).numberOfArgs(1).build(); + Option timeSource = Option.builder("ts").longOpt("time-source").desc("Use a given native timing source: {rdtsc, monotonic, monotonic-raw, cputime-process, cputime-thread}").hasArgs().argName("source").optionalArg(false).numberOfArgs(1).build(); + Option prngSeed = Option.builder("ps").longOpt("prng-seed").desc("Use a deterministic PRNG with the given [seed] (hexadecimal) in the library.").hasArgs().argName("seed").optionalArg(false).numberOfArgs(1).build(); + Option file = Option.builder("f").longOpt("file").hasArg().argName("file").optionalArg(false).desc("Input [file] to sign.").build(); + Option message = Option.builder("d").longOpt("data").desc("Sign the given [message].").hasArgs().argName("message").optionalArg(false).numberOfArgs(1).build(); + Option messageSeed = Option.builder("ds").longOpt("data-seed").desc("Use a deterministic PRNG with the given [seed] (hexadecimal) to generate the messages.").hasArgs().argName("seed").optionalArg(false).numberOfArgs(1).build(); + OptionGroup ecdsaMessage = new OptionGroup(); + ecdsaMessage.addOption(file); + ecdsaMessage.addOption(message); + ecdsaMessage.addOption(messageSeed); Options testOpts = new Options(); testOpts.addOption(bits); @@ -199,6 +248,7 @@ public class ECTesterStandalone { testOpts.addOption(curveName); testOpts.addOption(output); testOpts.addOption(quiet); + testOpts.addOption(prngSeed); testOpts.addOption(Option.builder("gt").longOpt("kpg-type").desc("Set the KeyPairGenerator object [type].").hasArg().argName("type").optionalArg(false).build()); testOpts.addOption(Option.builder("kt").longOpt("ka-type").desc("Set the KeyAgreement object [type].").hasArg().argName("type").optionalArg(false).build()); testOpts.addOption(Option.builder("st").longOpt("sig-type").desc("Set the Signature object [type].").hasArg().argName("type").optionalArg(false).build()); @@ -215,6 +265,7 @@ public class ECTesterStandalone { ecdhOpts.addOption(curveName); ecdhOpts.addOption(outputRaw); ecdhOpts.addOption(timeSource); + ecdhOpts.addOption(prngSeed); ecdhOpts.addOption(Option.builder("t").longOpt("type").desc("Set KeyAgreement object [type].").hasArg().argName("type").optionalArg(false).build()); ecdhOpts.addOption(Option.builder().longOpt("key-type").desc("Set the key [algorithm] for which the key should be derived in KeyAgreements with KDF. Default is \"AES\".").hasArg().argName("algorithm").optionalArg(false).build()); ecdhOpts.addOption(Option.builder("n").longOpt("amount").hasArg().argName("amount").optionalArg(false).desc("Do ECDH [amount] times.").build()); @@ -231,12 +282,13 @@ public class ECTesterStandalone { ecdsaOpts.addOption(curveName); ecdsaOpts.addOption(outputRaw); ecdsaOpts.addOption(timeSource); + ecdsaOpts.addOption(prngSeed); ecdsaOpts.addOptionGroup(privateKey); ecdsaOpts.addOptionGroup(publicKey); ecdsaOpts.addOption(Option.builder().longOpt("fixed").desc("Perform all ECDSA with fixed keypair.").build()); ecdsaOpts.addOption(Option.builder("t").longOpt("type").desc("Set Signature object [type].").hasArg().argName("type").optionalArg(false).build()); ecdsaOpts.addOption(Option.builder("n").longOpt("amount").hasArg().argName("amount").optionalArg(false).desc("Do ECDSA [amount] times.").build()); - ecdsaOpts.addOption(Option.builder("f").longOpt("file").hasArg().argName("file").optionalArg(false).desc("Input [file] to sign.").build()); + ecdsaOpts.addOptionGroup(ecdsaMessage); ParserOptions ecdsa = new ParserOptions(new DefaultParser(), ecdsaOpts, "Perform EC based Signature."); actions.put("ecdsa", ecdsa); @@ -246,6 +298,7 @@ public class ECTesterStandalone { generateOpts.addOption(curveName); generateOpts.addOption(outputRaw); generateOpts.addOption(timeSource); + generateOpts.addOption(prngSeed); generateOpts.addOption(Option.builder("n").longOpt("amount").hasArg().argName("amount").optionalArg(false).desc("Generate [amount] of EC keys.").build()); generateOpts.addOption(Option.builder("t").longOpt("type").hasArg().argName("type").optionalArg(false).desc("Set KeyPairGenerator object [type].").build()); ParserOptions generate = new ParserOptions(new DefaultParser(), generateOpts, "Generate EC keypairs."); @@ -283,6 +336,7 @@ public class ECTesterStandalone { opts.addOption(Option.builder("V").longOpt("version").desc("Print version info.").build()); opts.addOption(Option.builder("h").longOpt("help").desc("Print help(about <command>).").hasArg().argName("command").optionalArg(true).build()); opts.addOption(Option.builder("C").longOpt("color").desc("Print stuff with color, requires ANSI terminal.").build()); + opts.addOption(Option.builder().longOpt("no-preload").desc("Do not use LD_PRELOAD.").build()); return optParser.parse(opts, args); } @@ -307,6 +361,7 @@ public class ECTesterStandalone { System.out.println(Colors.bold("\t\t- Fullname: ") + lib.getProvider().getName()); System.out.println(Colors.bold("\t\t- Version: ") + lib.getProvider().getVersionStr()); System.out.println(Colors.bold("\t\t- Supports native timing: ") + lib.getNativeTimingSupport().toString()); + System.out.println(Colors.bold("\t\t- Supports deterministic PRNG: ") + lib.supportsDeterministicPRNG()); Set<KeyPairGeneratorIdent> kpgs = lib.getKPGs(); if (!kpgs.isEmpty()) { System.out.println(Colors.bold("\t\t- KeyPairGenerators: ") + kpgs.stream().map(KeyPairGeneratorIdent::getName).sorted().collect(Collectors.joining(", "))); @@ -409,12 +464,25 @@ public class ECTesterStandalone { throw new NoSuchAlgorithmException(algo); } + SecureRandom random; + if (cli.hasOption("ecdh.prng-seed")) { + String seedString = cli.getOptionValue("ecdh.prng-seed"); + byte[] seed = ByteUtil.hexToBytes(seedString, true); + random = Util.getRandom(seed); + if (!lib.setupDeterministicPRNG(seed)) { + System.err.println("Couldn't set PRNG seed."); + return; + } + } else { + random = new SecureRandom(); + } + KeyAgreement ka = kaIdent.getInstance(lib.getProvider()); KeyPairGenerator kpg = kpIdent.getInstance(lib.getProvider()); AlgorithmParameterSpec spec = null; if (cli.hasOption("ecdh.bits")) { int bits = Integer.parseInt(cli.getOptionValue("ecdh.bits")); - kpg.initialize(bits); + kpg.initialize(bits, random); } else if (cli.hasOption("ecdh.named-curve")) { String curveName = cli.getOptionValue("ecdh.named-curve"); EC_Curve curve = EC_Store.getInstance().getObject(EC_Curve.class, curveName); @@ -423,11 +491,15 @@ public class ECTesterStandalone { return; } spec = curve.toSpec(); - kpg.initialize(spec); + kpg.initialize(spec, random); } else if (cli.hasOption("ecdh.curve-name")) { String curveName = cli.getOptionValue("ecdh.curve-name"); spec = new ECGenParameterSpec(curveName); - kpg.initialize(spec); + kpg.initialize(spec, random); + } else if (cli.hasOption("ecdh.prng-seed") && !(lib instanceof NativeECLibrary)) { + // TODO: This only happens if at least one of the (pubkey and privkey) needs to be generated. + System.err.println("Unable to pass PRNG seed to a non-native library without specifying either key-size, named curve or curve name options."); + return; } if (cli.hasOption("ecdh.time-source")) { @@ -483,9 +555,9 @@ public class ECTesterStandalone { long elapsed = -System.nanoTime(); if (spec instanceof ECParameterSpec && lib instanceof NativeECLibrary) { - ka.init(privkey, spec); + ka.init(privkey, spec, random); } else { - ka.init(privkey); + ka.init(privkey, random); } ka.doPhase(pubkey, true); elapsed += System.nanoTime(); @@ -519,8 +591,24 @@ public class ECTesterStandalone { * */ private void ecdsa() throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException, IOException, SignatureException { - byte[] data; - String dataString; + ProviderECLibrary lib = cfg.selected; + + SecureRandom random; + if (cli.hasOption("ecdsa.prng-seed")) { + String seedString = cli.getOptionValue("ecdsa.prng-seed"); + byte[] seed = ByteUtil.hexToBytes(seedString, true); + random = Util.getRandom(seed); + if (!lib.setupDeterministicPRNG(seed)) { + System.err.println("Couldn't set PRNG seed."); + return; + } + } else { + random = new SecureRandom(); + } + + byte[] data = null; + String dataString = null; + SecureRandom dataRandom = null; if (cli.hasOption("ecdsa.file")) { String fileName = cli.getOptionValue("ecdsa.file"); File in = new File(fileName); @@ -530,13 +618,17 @@ public class ECTesterStandalone { } data = Files.readAllBytes(in.toPath()); dataString = ""; + } else if (cli.hasOption("ecdsa.data")) { + dataString = cli.getOptionValue("ecdsa.data"); + data = ByteUtil.hexToBytes(dataString); + } else if (cli.hasOption("ecdsa.data-seed")) { + String seedString = cli.getOptionValue("ecdsa.prng-seed"); + byte[] seed = ByteUtil.hexToBytes(seedString, true); + dataRandom = Util.getRandom(seed); } else { - Random random = new Random(); - data = new byte[32]; - random.nextBytes(data); - dataString = ByteUtil.bytesToHex(data, false); + dataRandom = new SecureRandom(); } - ProviderECLibrary lib = cfg.selected; + String algo = cli.getOptionValue("ecdsa.type", "ECDSA"); SignatureIdent sigIdent = lib.getSigs().stream() .filter((ident) -> ident.contains(algo)) @@ -571,7 +663,7 @@ public class ECTesterStandalone { ECParameterSpec spec = null; if (cli.hasOption("ecdsa.bits")) { int bits = Integer.parseInt(cli.getOptionValue("ecdsa.bits")); - kpg.initialize(bits); + kpg.initialize(bits, random); } else if (cli.hasOption("ecdsa.named-curve")) { String curveName = cli.getOptionValue("ecdsa.named-curve"); EC_Curve curve = EC_Store.getInstance().getObject(EC_Curve.class, curveName); @@ -580,10 +672,14 @@ public class ECTesterStandalone { return; } spec = curve.toSpec(); - kpg.initialize(spec); + kpg.initialize(spec, random); } else if (cli.hasOption("ecdsa.curve-name")) { String curveName = cli.getOptionValue("ecdsa.curve-name"); - kpg.initialize(new ECGenParameterSpec(curveName)); + kpg.initialize(new ECGenParameterSpec(curveName), random); + } else if (cli.hasOption("ecdsa.prng-seed") && !(lib instanceof NativeECLibrary)) { + // TODO: This only happens if at least one of the (pubkey and privkey) needs to be generated. + System.err.println("Unable to pass PRNG seed to a non-native library without specifying either key-size, named curve or curve name options."); + return; } if (cli.hasOption("ecdsa.time-source")) { @@ -636,7 +732,12 @@ public class ECTesterStandalone { } } - sig.initSign(privkey); + if (dataRandom != null) { + data = dataRandom.generateSeed(16); + dataString = ByteUtil.bytesToHex(data, false); + } + + sig.initSign(privkey, random); sig.update(data); long signTime = -System.nanoTime(); @@ -705,10 +806,24 @@ public class ECTesterStandalone { if (ident == null) { throw new NoSuchAlgorithmException(algo); } + + SecureRandom random; + if (cli.hasOption("generate.prng-seed")) { + String seedString = cli.getOptionValue("generate.prng-seed"); + byte[] seed = ByteUtil.hexToBytes(seedString, true); + random = Util.getRandom(seed); + if (!lib.setupDeterministicPRNG(seed)) { + System.err.println("Couldn't set PRNG seed."); + return; + } + } else { + random = new SecureRandom(); + } + KeyPairGenerator kpg = ident.getInstance(lib.getProvider()); if (cli.hasOption("generate.bits")) { int bits = Integer.parseInt(cli.getOptionValue("generate.bits")); - kpg.initialize(bits); + kpg.initialize(bits, random); } else if (cli.hasOption("generate.named-curve")) { String curveName = cli.getOptionValue("generate.named-curve"); EC_Curve curve = EC_Store.getInstance().getObject(EC_Curve.class, curveName); @@ -716,10 +831,13 @@ public class ECTesterStandalone { System.err.println("Curve not found: " + curveName); return; } - kpg.initialize(curve.toSpec()); + kpg.initialize(curve.toSpec(), random); } else if (cli.hasOption("generate.curve-name")) { String curveName = cli.getOptionValue("generate.curve-name"); - kpg.initialize(new ECGenParameterSpec(curveName)); + kpg.initialize(new ECGenParameterSpec(curveName), random); + } else if (cli.hasOption("generate.prng-seed") && !(lib instanceof NativeECLibrary)) { + System.err.println("Unable to pass PRNG seed to a non-native library without specifying either key-size, named curve or curve name options."); + return; } if (cli.hasOption("generate.time-source")) { @@ -818,6 +936,16 @@ public class ECTesterStandalone { testTo = -1; } + ProviderECLibrary lib = cfg.selected; + if (cli.hasOption("test.prng-seed")) { + String seedString = cli.getOptionValue("test.prng-seed"); + byte[] seed = ByteUtil.hexToBytes(seedString, true); + if (!lib.setupDeterministicPRNG(seed)) { + System.err.println("Couldn't set PRNG seed."); + return; + } + } + switch (testSuite) { case "test-vectors": suite = new StandaloneTestVectorSuite(writer, cfg, cli); @@ -903,7 +1031,7 @@ public class ECTesterStandalone { * */ public static class Config { - private ProviderECLibrary[] libs; + private final ProviderECLibrary[] libs; public ProviderECLibrary selected = null; public boolean color = false; @@ -997,6 +1125,15 @@ public class ECTesterStandalone { } } + if (cli.isNext("generate") || cli.isNext("ecdh") || cli.isNext("ecdsa") || cli.isNext("test")) { + if (cli.hasOption(next + ".prng-seed")) { + if (!selected.supportsDeterministicPRNG()) { + System.err.printf("Deterministic PRNG is not supported by library %s.%n", selected.name()); + return false; + } + } + } + return true; } } diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/libs/BoringsslLib.java b/standalone/src/main/java/cz/crcs/ectester/standalone/libs/BoringsslLib.java index ddc25c6..5d30d81 100644 --- a/standalone/src/main/java/cz/crcs/ectester/standalone/libs/BoringsslLib.java +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/libs/BoringsslLib.java @@ -16,4 +16,10 @@ public class BoringsslLib extends NativeECLibrary { @Override public native Set<String> getCurves(); + + @Override + public boolean supportsDeterministicPRNG() { + // This is provided by the native preload that hooks all randomness sources. + return true; + } } diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/libs/BotanLib.java b/standalone/src/main/java/cz/crcs/ectester/standalone/libs/BotanLib.java index 3ed27f2..d3691df 100644 --- a/standalone/src/main/java/cz/crcs/ectester/standalone/libs/BotanLib.java +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/libs/BotanLib.java @@ -17,4 +17,10 @@ public class BotanLib extends NativeECLibrary { @Override public native Set<String> getCurves(); + + @Override + public native boolean supportsDeterministicPRNG(); + + @Override + public native boolean setupDeterministicPRNG(byte[] seed); } diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/libs/BouncyCastleLib.java b/standalone/src/main/java/cz/crcs/ectester/standalone/libs/BouncyCastleLib.java index e8a4d30..0a7ea8c 100644 --- a/standalone/src/main/java/cz/crcs/ectester/standalone/libs/BouncyCastleLib.java +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/libs/BouncyCastleLib.java @@ -25,4 +25,16 @@ public class BouncyCastleLib extends ProviderECLibrary { } return result; } + + @Override + public boolean supportsDeterministicPRNG() { + return true; + } + + @Override + public boolean setupDeterministicPRNG(byte[] seed) { + // This is done by passing the SecureRandom into the individual KeyPairGenerator, KeyAgreement and Signature + // instances. Thus, this does nothing. + return true; + } } diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/libs/CryptoppLib.java b/standalone/src/main/java/cz/crcs/ectester/standalone/libs/CryptoppLib.java index 6e001e2..4449f99 100644 --- a/standalone/src/main/java/cz/crcs/ectester/standalone/libs/CryptoppLib.java +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/libs/CryptoppLib.java @@ -17,4 +17,10 @@ public class CryptoppLib extends NativeECLibrary { @Override public native Set<String> getCurves(); + + @Override + public native boolean supportsDeterministicPRNG(); + + @Override + public native boolean setupDeterministicPRNG(byte[] seed); } diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/libs/GcryptLib.java b/standalone/src/main/java/cz/crcs/ectester/standalone/libs/GcryptLib.java index 7dffb3f..3647ab9 100644 --- a/standalone/src/main/java/cz/crcs/ectester/standalone/libs/GcryptLib.java +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/libs/GcryptLib.java @@ -17,4 +17,10 @@ public class GcryptLib extends NativeECLibrary { @Override public native Set<String> getCurves(); + + @Override + public boolean supportsDeterministicPRNG() { + // This is provided by the native preload that hooks all randomness sources. + return true; + } } diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/libs/IppcpLib.java b/standalone/src/main/java/cz/crcs/ectester/standalone/libs/IppcpLib.java index 1b0047e..a1c58ce 100644 --- a/standalone/src/main/java/cz/crcs/ectester/standalone/libs/IppcpLib.java +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/libs/IppcpLib.java @@ -17,4 +17,10 @@ public class IppcpLib extends NativeECLibrary { @Override public native Set<String> getCurves(); + + @Override + public native boolean supportsDeterministicPRNG(); + + @Override + public native boolean setupDeterministicPRNG(byte[] seed); } diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/libs/LibresslLib.java b/standalone/src/main/java/cz/crcs/ectester/standalone/libs/LibresslLib.java index a403896..0911119 100644 --- a/standalone/src/main/java/cz/crcs/ectester/standalone/libs/LibresslLib.java +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/libs/LibresslLib.java @@ -16,4 +16,10 @@ public class LibresslLib extends NativeECLibrary { @Override public native Set<String> getCurves(); + + @Override + public boolean supportsDeterministicPRNG() { + // This is provided by the native preload that hooks all randomness sources. + return true; + } } diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/libs/MbedTLSLib.java b/standalone/src/main/java/cz/crcs/ectester/standalone/libs/MbedTLSLib.java index 26b4d09..038dbe8 100644 --- a/standalone/src/main/java/cz/crcs/ectester/standalone/libs/MbedTLSLib.java +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/libs/MbedTLSLib.java @@ -17,4 +17,10 @@ public class MbedTLSLib extends NativeECLibrary { @Override public native Set<String> getCurves(); + + @Override + public native boolean supportsDeterministicPRNG(); + + @Override + public native boolean setupDeterministicPRNG(byte[] seed); } diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/libs/NativeECLibrary.java b/standalone/src/main/java/cz/crcs/ectester/standalone/libs/NativeECLibrary.java index c11dbdb..fb4e430 100644 --- a/standalone/src/main/java/cz/crcs/ectester/standalone/libs/NativeECLibrary.java +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/libs/NativeECLibrary.java @@ -86,5 +86,8 @@ public abstract class NativeECLibrary extends ProviderECLibrary { @Override public native long getLastNativeTiming(); + @Override + public native boolean setupDeterministicPRNG(byte[] seed); + abstract Provider createProvider(); } diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/libs/NettleLib.java b/standalone/src/main/java/cz/crcs/ectester/standalone/libs/NettleLib.java index 6dcdb24..ea9cca3 100644 --- a/standalone/src/main/java/cz/crcs/ectester/standalone/libs/NettleLib.java +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/libs/NettleLib.java @@ -49,4 +49,10 @@ public class NettleLib extends NativeECLibrary { } throw new InvalidAlgorithmParameterException("Unknown curve."); } + + @Override + public native boolean supportsDeterministicPRNG(); + + @Override + public native boolean setupDeterministicPRNG(byte[] seed); } diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/libs/OpensslLib.java b/standalone/src/main/java/cz/crcs/ectester/standalone/libs/OpensslLib.java index 23d7ac1..036739c 100644 --- a/standalone/src/main/java/cz/crcs/ectester/standalone/libs/OpensslLib.java +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/libs/OpensslLib.java @@ -16,4 +16,10 @@ public class OpensslLib extends NativeECLibrary { @Override public native Set<String> getCurves(); + + @Override + public native boolean supportsDeterministicPRNG(); + + @Override + public native boolean setupDeterministicPRNG(byte[] seed); } diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/libs/ProviderECLibrary.java b/standalone/src/main/java/cz/crcs/ectester/standalone/libs/ProviderECLibrary.java index d9d6749..a9178f6 100644 --- a/standalone/src/main/java/cz/crcs/ectester/standalone/libs/ProviderECLibrary.java +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/libs/ProviderECLibrary.java @@ -69,21 +69,29 @@ public abstract class ProviderECLibrary implements ECLibrary { } public boolean setNativeTimingType(String type) { - return false; + return false; } public long getNativeTimingResolution() { return 0; } - public String getNativeTimingUnit() { - return null; - } + public String getNativeTimingUnit() { + return null; + } public long getLastNativeTiming() { return 0; } + public boolean supportsDeterministicPRNG() { + return false; + } + + public boolean setupDeterministicPRNG(byte[] seed) { + return false; + } + @Override public Set<KeyAgreementIdent> getKAs() { return getIdents("KeyAgreement", KeyAgreementIdent::get); diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/libs/SunECLib.java b/standalone/src/main/java/cz/crcs/ectester/standalone/libs/SunECLib.java index 7209dc3..c38300d 100644 --- a/standalone/src/main/java/cz/crcs/ectester/standalone/libs/SunECLib.java +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/libs/SunECLib.java @@ -25,4 +25,16 @@ public class SunECLib extends ProviderECLibrary { } return result; } + + @Override + public boolean supportsDeterministicPRNG() { + return true; + } + + @Override + public boolean setupDeterministicPRNG(byte[] seed) { + // This is done by passing the SecureRandom into the individual KeyPairGenerator, KeyAgreement and Signature + // instances. Thus, this does nothing. + return true; + } } diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/libs/TomcryptLib.java b/standalone/src/main/java/cz/crcs/ectester/standalone/libs/TomcryptLib.java index 9339986..f1fac47 100644 --- a/standalone/src/main/java/cz/crcs/ectester/standalone/libs/TomcryptLib.java +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/libs/TomcryptLib.java @@ -17,4 +17,10 @@ public class TomcryptLib extends NativeECLibrary { @Override public native Set<String> getCurves(); + + @Override + public native boolean supportsDeterministicPRNG(); + + @Override + public native boolean setupDeterministicPRNG(byte[] seed); } diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/output/TextTestWriter.java b/standalone/src/main/java/cz/crcs/ectester/standalone/output/TextTestWriter.java index c53adb2..c3ddea5 100644 --- a/standalone/src/main/java/cz/crcs/ectester/standalone/output/TextTestWriter.java +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/output/TextTestWriter.java @@ -4,6 +4,7 @@ import cz.crcs.ectester.common.cli.Colors; import cz.crcs.ectester.common.output.BaseTextTestWriter; import cz.crcs.ectester.common.test.TestSuite; import cz.crcs.ectester.common.test.Testable; +import cz.crcs.ectester.common.util.ByteUtil; import cz.crcs.ectester.standalone.ECTesterStandalone; import cz.crcs.ectester.standalone.test.base.StandaloneTestable; import cz.crcs.ectester.standalone.test.suites.StandaloneTestSuite; @@ -46,10 +47,10 @@ public class TextTestWriter extends BaseTextTestWriter { protected String deviceString(TestSuite suite) { if (suite instanceof StandaloneTestSuite) { StandaloneTestSuite standaloneSuite = (StandaloneTestSuite) suite; - StringBuilder sb = new StringBuilder(); - sb.append("═══ ").append(Colors.underline("ECTester version:")).append(" ").append(ECTesterStandalone.VERSION).append(System.lineSeparator()); - sb.append("═══ ").append(Colors.underline("Library:")).append(" ").append(standaloneSuite.getLibrary().fullName()).append(System.lineSeparator()); - return sb.toString(); + String sb = "═══ " + Colors.underline("ECTester version:") + " " + ECTesterStandalone.VERSION + System.lineSeparator() + + "═══ " + Colors.underline("Library:") + " " + standaloneSuite.getLibrary().fullName() + System.lineSeparator() + + "═══ " + Colors.underline("Seed:") + " " + ByteUtil.bytesToHex(standaloneSuite.getSeed()) + System.lineSeparator(); + return sb; } return ""; } diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/output/XMLTestWriter.java b/standalone/src/main/java/cz/crcs/ectester/standalone/output/XMLTestWriter.java index 2341fc7..06e7399 100644 --- a/standalone/src/main/java/cz/crcs/ectester/standalone/output/XMLTestWriter.java +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/output/XMLTestWriter.java @@ -149,6 +149,10 @@ public class XMLTestWriter extends BaseXMLTestWriter { Element name = doc.createElement("name"); name.setTextContent(standaloneSuite.getLibrary().fullName()); result.appendChild(name); + + Element seed = doc.createElement("seed"); + seed.setTextContent(ByteUtil.bytesToHex(standaloneSuite.getSeed())); + result.appendChild(seed); return result; } return null; diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/output/YAMLTestWriter.java b/standalone/src/main/java/cz/crcs/ectester/standalone/output/YAMLTestWriter.java index 66c5e38..d22c441 100644 --- a/standalone/src/main/java/cz/crcs/ectester/standalone/output/YAMLTestWriter.java +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/output/YAMLTestWriter.java @@ -117,6 +117,7 @@ public class YAMLTestWriter extends BaseYAMLTestWriter { result.put("type", "library"); result.put("ectester", ECTesterStandalone.VERSION); result.put("name", standaloneSuite.getLibrary().fullName()); + result.put("seed", ByteUtil.bytesToHex(standaloneSuite.getSeed())); return result; } return null; diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/test/base/KeyAgreementTestable.java b/standalone/src/main/java/cz/crcs/ectester/standalone/test/base/KeyAgreementTestable.java index 7fd1c5a..6566a9c 100644 --- a/standalone/src/main/java/cz/crcs/ectester/standalone/test/base/KeyAgreementTestable.java +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/test/base/KeyAgreementTestable.java @@ -5,6 +5,7 @@ import javax.crypto.SecretKey; import java.security.InvalidAlgorithmParameterException; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; import java.security.interfaces.ECPrivateKey; import java.security.interfaces.ECPublicKey; import java.security.spec.AlgorithmParameterSpec; @@ -17,63 +18,24 @@ public class KeyAgreementTestable extends StandaloneTestable<KeyAgreementTestabl private KeyAgreement ka; private ECPrivateKey privateKey; private ECPublicKey publicKey; - private KeyGeneratorTestable kgtPrivate; - private KeyGeneratorTestable kgtPublic; - private AlgorithmParameterSpec spec; - private String keyAlgo; + private final KeyGeneratorTestable kgtPrivate; + private final KeyGeneratorTestable kgtPublic; + private final AlgorithmParameterSpec spec; + private final String keyAlgo; + private final SecureRandom random; + private byte[] secret; private SecretKey derived; - public KeyAgreementTestable(KeyAgreement ka, ECPrivateKey privateKey, ECPublicKey publicKey) { - this.ka = ka; - this.privateKey = privateKey; - this.publicKey = publicKey; - } - - public KeyAgreementTestable(KeyAgreement ka, ECPrivateKey privateKey, ECPublicKey publicKey, String keyAlgo) { - this(ka, privateKey, publicKey); - this.keyAlgo = keyAlgo; - } - - public KeyAgreementTestable(KeyAgreement ka, ECPrivateKey privateKey, ECPublicKey publicKey, ECParameterSpec spec) { - this(ka, privateKey, publicKey); - this.spec = spec; - } - - public KeyAgreementTestable(KeyAgreement ka, ECPrivateKey privateKey, ECPublicKey publicKey, ECParameterSpec spec, String keyAlgo) { - this(ka, privateKey, publicKey, spec); - this.keyAlgo = keyAlgo; - } - - public KeyAgreementTestable(KeyAgreement ka, KeyGeneratorTestable kgt, ECPrivateKey privateKey, ECParameterSpec spec) { - this(ka, privateKey, null, spec); - this.kgtPublic = kgt; - } - - public KeyAgreementTestable(KeyAgreement ka, KeyGeneratorTestable kgt, ECPrivateKey privateKey, ECParameterSpec spec, String keyAlgo) { - this(ka, kgt, privateKey, spec); - this.keyAlgo = keyAlgo; - } - - public KeyAgreementTestable(KeyAgreement ka, ECPublicKey publicKey, KeyGeneratorTestable kgt, ECParameterSpec spec) { - this(ka, null, publicKey, spec); - this.kgtPrivate = kgt; - } - - public KeyAgreementTestable(KeyAgreement ka, ECPublicKey publicKey, KeyGeneratorTestable kgt, ECParameterSpec spec, String keyAlgo) { - this(ka, publicKey, kgt, spec); - this.keyAlgo = keyAlgo; - } - - public KeyAgreementTestable(KeyAgreement ka, KeyGeneratorTestable privKgt, KeyGeneratorTestable pubKgt, ECParameterSpec spec) { - this(ka, (ECPrivateKey) null, null, spec); - this.kgtPrivate = privKgt; - this.kgtPublic = pubKgt; - } - - public KeyAgreementTestable(KeyAgreement ka, KeyGeneratorTestable privKgt, KeyGeneratorTestable pubKgt, ECParameterSpec spec, String keyAlgo) { - this(ka, privKgt, pubKgt, spec); - this.keyAlgo = keyAlgo; + KeyAgreementTestable(Builder builder) { + this.ka = builder.ka; + this.privateKey = builder.privateKey; + this.publicKey = builder.publicKey; + this.kgtPrivate = builder.kgtPrivate; + this.kgtPublic = builder.kgtPublic; + this.spec = builder.spec; + this.keyAlgo = builder.keyAlgo; + this.random = builder.random; } public String getKeyAlgorithm() { @@ -122,9 +84,17 @@ public class KeyAgreementTestable extends StandaloneTestable<KeyAgreementTestabl stage = KeyAgreementStage.Init; try { if (spec != null) { - ka.init(privateKey, spec); + if (random != null) { + ka.init(privateKey, spec, random); + } else { + ka.init(privateKey, spec); + } } else { - ka.init(privateKey); + if (random != null) { + ka.init(privateKey, random); + } else { + ka.init(privateKey); + } } } catch (InvalidKeyException | InvalidAlgorithmParameterException e) { failOnException(e); @@ -166,7 +136,12 @@ public class KeyAgreementTestable extends StandaloneTestable<KeyAgreementTestabl super.reset(); try { ka = KeyAgreement.getInstance(ka.getAlgorithm(), ka.getProvider()); - } catch (NoSuchAlgorithmException e) { } + } catch (NoSuchAlgorithmException e) { + } + } + + public static Builder builder() { + return new Builder(); } public enum KeyAgreementStage { @@ -176,4 +151,68 @@ public class KeyAgreementTestable extends StandaloneTestable<KeyAgreementTestabl DoPhase, GenerateSecret } + + public static class Builder { + private KeyAgreement ka; + private ECPrivateKey privateKey; + private ECPublicKey publicKey; + private KeyGeneratorTestable kgtPrivate; + private KeyGeneratorTestable kgtPublic; + private AlgorithmParameterSpec spec; + private String keyAlgo; + private SecureRandom random; + + public Builder ka(KeyAgreement ka) { + this.ka = ka; + return this; + } + + public Builder privateKey(ECPrivateKey privateKey) { + this.privateKey = privateKey; + return this; + } + + public Builder publicKey(ECPublicKey publicKey) { + this.publicKey = publicKey; + return this; + } + + public Builder privateKgt(KeyGeneratorTestable privateKgt) { + this.kgtPrivate = privateKgt; + return this; + } + + public Builder publicKgt(KeyGeneratorTestable publicKgt) { + this.kgtPublic = publicKgt; + return this; + } + + public Builder spec(AlgorithmParameterSpec spec) { + this.spec = spec; + return this; + } + + public Builder keyAlgo(String keyAlgo) { + this.keyAlgo = keyAlgo; + return this; + } + + public Builder random(SecureRandom random) { + this.random = random; + return this; + } + + public KeyAgreementTestable build() { + if (ka == null) { + throw new NullPointerException("ka needs to be non-null."); + } + if ((privateKey == null) == (kgtPrivate == null)) { + throw new IllegalStateException("One of (but not both) privateKey or privateKgt needs to be non-null."); + } + if ((publicKey == null) == (kgtPublic == null)) { + throw new IllegalStateException("One of (but not both) publicKey or publicKgt needs to be non-null."); + } + return new KeyAgreementTestable(this); + } + } } diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/test/base/KeyGeneratorTest.java b/standalone/src/main/java/cz/crcs/ectester/standalone/test/base/KeyGeneratorTest.java index 8c49224..f35741a 100644 --- a/standalone/src/main/java/cz/crcs/ectester/standalone/test/base/KeyGeneratorTest.java +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/test/base/KeyGeneratorTest.java @@ -43,13 +43,13 @@ public class KeyGeneratorTest extends SimpleTest<KeyGeneratorTestable> { public String getDescription() { String params = ""; if (testable.getKeysize() != 0) { - params = String.format("(default %d-bit curve)", testable.getKeysize()); + params = String.format("on (default %d-bit curve)", testable.getKeysize()); } else if (testable.getSpec() instanceof ECGenParameterSpec) { String name = ((ECGenParameterSpec)testable.getSpec()).getName(); - params = String.format("(%s)", name); + params = String.format("on (%s)", name); } else if (testable.getSpec() instanceof ECParameterSpec) { - params = "(custom curve)"; + params = "on (custom curve)"; } - return "KeyPairGenerator " + testable.getKpg().getAlgorithm() + " on " + params; + return "KeyPairGenerator " + testable.getKpg().getAlgorithm() + " " + params; } } diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/test/base/KeyGeneratorTestable.java b/standalone/src/main/java/cz/crcs/ectester/standalone/test/base/KeyGeneratorTestable.java index bc44eb8..f9c84e1 100644 --- a/standalone/src/main/java/cz/crcs/ectester/standalone/test/base/KeyGeneratorTestable.java +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/test/base/KeyGeneratorTestable.java @@ -3,6 +3,7 @@ package cz.crcs.ectester.standalone.test.base; import java.security.InvalidAlgorithmParameterException; import java.security.KeyPair; import java.security.KeyPairGenerator; +import java.security.SecureRandom; import java.security.spec.AlgorithmParameterSpec; import java.security.spec.ECGenParameterSpec; import java.security.spec.ECParameterSpec; @@ -15,24 +16,17 @@ public class KeyGeneratorTestable extends StandaloneTestable<KeyGeneratorTestabl private final KeyPairGenerator kpg; private int keysize = 0; private AlgorithmParameterSpec spec = null; + private SecureRandom random; public KeyGeneratorTestable(KeyPairGenerator kpg) { this.kpg = kpg; } - public KeyGeneratorTestable(KeyPairGenerator kpg, int keysize) { - this.kpg = kpg; - this.keysize = keysize; - } - - public KeyGeneratorTestable(KeyPairGenerator kpg, ECParameterSpec spec) { - this.kpg = kpg; - this.spec = spec; - } - - public KeyGeneratorTestable(KeyPairGenerator kpg, ECGenParameterSpec spec) { - this.kpg = kpg; - this.spec = spec; + KeyGeneratorTestable(Builder builder) { + this.kpg = builder.kpg; + this.keysize = builder.keysize; + this.spec = builder.spec; + this.random = builder.random; } public int getKeysize() { @@ -57,9 +51,17 @@ public class KeyGeneratorTestable extends StandaloneTestable<KeyGeneratorTestabl stage = KeyGeneratorStage.Init; try { if (spec != null) { - kpg.initialize(spec); + if (random != null) { + kpg.initialize(spec, random); + } else { + kpg.initialize(spec); + } } else if (keysize != 0) { - kpg.initialize(keysize); + if (random != null) { + kpg.initialize(keysize, random); + } else { + kpg.initialize(keysize); + } } } catch (InvalidAlgorithmParameterException e) { failOnException(e); @@ -78,8 +80,56 @@ public class KeyGeneratorTestable extends StandaloneTestable<KeyGeneratorTestabl hasRun = true; } + public static Builder builder() { + return new Builder(); + } + public enum KeyGeneratorStage { Init, GenKeyPair } + + public static class Builder { + private KeyPairGenerator kpg; + private int keysize = 0; + private AlgorithmParameterSpec spec = null; + private SecureRandom random; + + public Builder() {} + + public Builder keyPairGenerator(KeyPairGenerator kpg) { + this.kpg = kpg; + return this; + } + + public Builder keysize(int keysize) { + this.keysize = keysize; + return this; + } + + public Builder spec(ECGenParameterSpec spec) { + this.spec = spec; + return this; + } + + public Builder spec(ECParameterSpec spec) { + this.spec = spec; + return this; + } + + public Builder random(SecureRandom random) { + this.random = random; + return this; + } + + public KeyGeneratorTestable build() { + if (kpg == null) { + throw new NullPointerException("kpg mus be non-null."); + } + if (spec != null && keysize != 0) { + throw new IllegalStateException("Only one of spec and keysize can be set."); + } + return new KeyGeneratorTestable(this); + } + } } diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/test/base/PerformanceTest.java b/standalone/src/main/java/cz/crcs/ectester/standalone/test/base/PerformanceTest.java index d50c7e9..3b15c94 100644 --- a/standalone/src/main/java/cz/crcs/ectester/standalone/test/base/PerformanceTest.java +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/test/base/PerformanceTest.java @@ -13,7 +13,7 @@ import java.util.Arrays; */ public class PerformanceTest extends SimpleTest<BaseTestable> { - private ProviderECLibrary library; + private final ProviderECLibrary library; private long[] times; private long mean; private long median; diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/test/base/SignatureTestable.java b/standalone/src/main/java/cz/crcs/ectester/standalone/test/base/SignatureTestable.java index fe81b10..5839497 100644 --- a/standalone/src/main/java/cz/crcs/ectester/standalone/test/base/SignatureTestable.java +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/test/base/SignatureTestable.java @@ -11,36 +11,36 @@ import java.security.interfaces.ECPublicKey; * @author Jan Jancar johny@neuromancer.sk */ public class SignatureTestable extends StandaloneTestable<SignatureTestable.SignatureStage> { - private Signature sig; + private final Signature sig; private ECPrivateKey signKey; private ECPublicKey verifyKey; private KeyGeneratorTestable kgt; + private SecureRandom random; private byte[] data; private byte[] signature; private boolean verified; - public SignatureTestable(Signature sig, ECPrivateKey signKey, ECPublicKey verifyKey, byte[] data) { + public SignatureTestable(Signature sig, ECPrivateKey signKey, ECPublicKey verifyKey, byte[] data, SecureRandom random) { this.sig = sig; this.signKey = signKey; this.verifyKey = verifyKey; this.data = data; - if (data == null) { - SecureRandom random = new SecureRandom(); - this.data = new byte[64]; - random.nextBytes(this.data); - } + this.random = random; } - public SignatureTestable(Signature sig, ECPublicKey verifyKey, byte[] data, byte[] signature) { + public SignatureTestable(Signature sig, ECPublicKey verifyKey, byte[] data, byte[] signature, SecureRandom random) { this.sig = sig; this.verifyKey = verifyKey; this.data = data; this.signature = signature; + this.random = random; } - public SignatureTestable(Signature sig, KeyGeneratorTestable kgt, byte[] data) { - this(sig, (ECPrivateKey) null, null, data); + public SignatureTestable(Signature sig, KeyGeneratorTestable kgt, byte[] data, SecureRandom random) { + this.sig = sig; this.kgt = kgt; + this.data = data; + this.random = random; } public Signature getSig() { @@ -71,7 +71,11 @@ public class SignatureTestable extends StandaloneTestable<SignatureTestable.Sign if(signKey != null) { stage = SignatureStage.InitSign; try { - sig.initSign(signKey); + if (random != null) { + sig.initSign(signKey, random); + } else { + sig.initSign(signKey); + } } catch (InvalidKeyException e) { failOnException(e); return; diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneCofactorSuite.java b/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneCofactorSuite.java index bb9a509..5079770 100644 --- a/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneCofactorSuite.java +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneCofactorSuite.java @@ -24,6 +24,8 @@ import java.security.interfaces.ECPrivateKey; import java.security.interfaces.ECPublicKey; import java.security.spec.ECParameterSpec; import java.util.*; +import java.util.function.Consumer; +import java.util.function.Function; /** * @author David Hofman @@ -41,29 +43,9 @@ public class StandaloneCofactorSuite extends StandaloneTestSuite { String kaAlgo = cli.getOptionValue("test.ka-type"); List<String> kaTypes = kaAlgo != null ? Arrays.asList(kaAlgo.split(",")) : new ArrayList<>(); - KeyPairGeneratorIdent kpgIdent; - if (kpgAlgo == null) { - // try EC, if not, fail with: need to specify kpg algo. - Optional<KeyPairGeneratorIdent> kpgIdentOpt = cfg.selected.getKPGs().stream() - .filter((ident) -> ident.contains("EC")) - .findFirst(); - if (kpgIdentOpt.isPresent()) { - kpgIdent = kpgIdentOpt.get(); - } else { - System.err.println("The default KeyPairGenerator algorithm type of \"EC\" was not found. Need to specify a type."); - return; - } - } else { - // try the specified, if not, fail with: wrong kpg algo/not found. - Optional<KeyPairGeneratorIdent> kpgIdentOpt = cfg.selected.getKPGs().stream() - .filter((ident) -> ident.contains(kpgAlgo)) - .findFirst(); - if (kpgIdentOpt.isPresent()) { - kpgIdent = kpgIdentOpt.get(); - } else { - System.err.println("The KeyPairGenerator algorithm type of \"" + kpgAlgo + "\" was not found."); - return; - } + KeyPairGeneratorIdent kpgIdent = getKeyPairGeneratorIdent(kpgAlgo); + if (kpgIdent == null) { + return; } Map<String, EC_Key.Public> pubkeys = EC_Store.getInstance().getObjects(EC_Key.Public.class, "cofactor"); @@ -74,18 +56,9 @@ public class StandaloneCofactorSuite extends StandaloneTestSuite { KeyPairGenerator kpg = kpgIdent.getInstance(cfg.selected.getProvider()); ECParameterSpec spec = curve.toSpec(); - KeyGeneratorTestable kgt = new KeyGeneratorTestable(kpg, spec); + KeyGeneratorTestable kgt = KeyGeneratorTestable.builder().keyPairGenerator(kpg).spec(spec).random(getRandom()).build(); Test generate = KeyGeneratorTest.expectError(kgt, Result.ExpectedValue.ANY); - runTest(generate); - KeyPair kp = kgt.getKeyPair(); - if (kp == null) { - Test generateFail = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Generating KeyPair has failed on " + curve.getId() + ". " + "KeyAgreement tests will be skipped.", generate); - doTest(CompoundTest.all(Result.ExpectedValue.SUCCESS, "Cofactor test of " + curve.getId() + ".", generateFail)); - continue; - } - Test generateSuccess = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Generate keypair.", generate); - ECPrivateKey ecpriv = (ECPrivateKey) kp.getPrivate(); List<Test> allKaTests = new LinkedList<>(); for (KeyAgreementIdent kaIdent : cfg.selected.getKAs()) { @@ -94,7 +67,7 @@ public class StandaloneCofactorSuite extends StandaloneTestSuite { for (EC_Key.Public pub : keys) { ECPublicKey ecpub = ECUtil.toPublicKey(pub); KeyAgreement ka = kaIdent.getInstance(cfg.selected.getProvider()); - KeyAgreementTestable testable = new KeyAgreementTestable(ka, ecpriv, ecpub); + KeyAgreementTestable testable = KeyAgreementTestable.builder().ka(ka).publicKey(ecpub).privateKgt(kgt).random(getRandom()).build(); Test keyAgreement = KeyAgreementTest.expectError(testable, Result.ExpectedValue.FAILURE); specificKaTests.add(CompoundTest.all(Result.ExpectedValue.SUCCESS, pub.getId() + " cofactor key test.", keyAgreement)); } @@ -104,8 +77,8 @@ public class StandaloneCofactorSuite extends StandaloneTestSuite { if (allKaTests.isEmpty()) { allKaTests.add(CompoundTest.all(Result.ExpectedValue.SUCCESS, "None of the specified key agreement types is supported by the library.")); } - Test tests = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Do tests.", allKaTests.toArray(new Test[0])); - doTest(CompoundTest.greedyAllTry(Result.ExpectedValue.SUCCESS, "Cofactor test of " + curve.getId() + ".", generateSuccess, tests)); + Test kaTests = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Do tests.", allKaTests.toArray(new Test[0])); + doTest(CompoundTest.function(CompoundTest.EXPECT_ALL_SUCCESS, CompoundTest.RUN_ALL_IF_FIRST, "Cofactor test of " + curve.getId() + ".", generate, kaTests)); } } } diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneCompositeSuite.java b/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneCompositeSuite.java index 839bb40..d838d20 100644 --- a/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneCompositeSuite.java +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneCompositeSuite.java @@ -51,29 +51,9 @@ public class StandaloneCompositeSuite extends StandaloneTestSuite { kaTypes = kaAlgo != null ? Arrays.asList(kaAlgo.split(",")) : new ArrayList<>(); sigTypes = sigAlgo != null ? Arrays.asList(sigAlgo.split(",")) : new ArrayList<>(); - KeyPairGeneratorIdent kpgIdent; - if (kpgAlgo == null) { - // try EC, if not, fail with: need to specify kpg algo. - Optional<KeyPairGeneratorIdent> kpgIdentOpt = cfg.selected.getKPGs().stream() - .filter((ident) -> ident.contains("EC")) - .findFirst(); - if (kpgIdentOpt.isPresent()) { - kpgIdent = kpgIdentOpt.get(); - } else { - System.err.println("The default KeyPairGenerator algorithm type of \"EC\" was not found. Need to specify a type."); - return; - } - } else { - // try the specified, if not, fail with: wrong kpg algo/not found. - Optional<KeyPairGeneratorIdent> kpgIdentOpt = cfg.selected.getKPGs().stream() - .filter((ident) -> ident.contains(kpgAlgo)) - .findFirst(); - if (kpgIdentOpt.isPresent()) { - kpgIdent = kpgIdentOpt.get(); - } else { - System.err.println("The KeyPairGenerator algorithm type of \"" + kpgAlgo + "\" was not found."); - return; - } + KeyPairGeneratorIdent kpgIdent = getKeyPairGeneratorIdent(kpgAlgo); + if (kpgIdent == null) { + return; } KeyPairGenerator kpg = kpgIdent.getInstance(cfg.selected.getProvider()); @@ -84,17 +64,8 @@ public class StandaloneCompositeSuite extends StandaloneTestSuite { ECParameterSpec spec = curve.toSpec(); //Generate KeyPair - KeyGeneratorTestable kgt = new KeyGeneratorTestable(kpg, spec); + KeyGeneratorTestable kgt = KeyGeneratorTestable.builder().keyPairGenerator(kpg).spec(spec).random(getRandom()).build(); Test generate = KeyGeneratorTest.expectError(kgt, Result.ExpectedValue.ANY); - runTest(generate); - KeyPair kp = kgt.getKeyPair(); - if (kp == null) { - Test generateFail = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Generating KeyPair has failed on " + curve.getId() + ". " + "KeyAgreement tests will be skipped.", generate); - doTest(CompoundTest.all(Result.ExpectedValue.SUCCESS, "Composite test of " + curve.getId() + ".", generateFail)); - continue; - } - Test generateSuccess = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Generate keypair.", generate); - ECPrivateKey ecpriv = (ECPrivateKey) kp.getPrivate(); //Perform KeyAgreement tests List<Test> allKaTests = new LinkedList<>(); @@ -104,7 +75,7 @@ public class StandaloneCompositeSuite extends StandaloneTestSuite { for (EC_Key.Public pub : curveKeys.getValue()) { ECPublicKey ecpub = ECUtil.toPublicKey(pub); KeyAgreement ka = kaIdent.getInstance(cfg.selected.getProvider()); - KeyAgreementTestable testable = new KeyAgreementTestable(ka, ecpriv, ecpub); + KeyAgreementTestable testable = KeyAgreementTestable.builder().ka(ka).publicKey(ecpub).privateKgt(kgt).random(getRandom()).build(); Test keyAgreement = KeyAgreementTest.expectError(testable, Result.ExpectedValue.FAILURE); specificKaTests.add(CompoundTest.all(Result.ExpectedValue.SUCCESS, "Composite test of " + curve.getId() + ", with generated private key, " + pub.getDesc(), keyAgreement)); } @@ -115,7 +86,7 @@ public class StandaloneCompositeSuite extends StandaloneTestSuite { allKaTests.add(CompoundTest.all(Result.ExpectedValue.SUCCESS, "None of the specified key agreement types is supported by the library.")); } Test tests = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Do tests.", allKaTests.toArray(new Test[0])); - doTest(CompoundTest.greedyAllTry(Result.ExpectedValue.SUCCESS, "Composite test of " + curve.getId() + ".", generateSuccess, tests)); + doTest(CompoundTest.greedyAllTry(Result.ExpectedValue.SUCCESS, "Composite test of " + curve.getId() + ".", generate, tests)); } @@ -162,26 +133,15 @@ public class StandaloneCompositeSuite extends StandaloneTestSuite { } //generate KeyPair - KeyGeneratorTestable kgt = new KeyGeneratorTestable(kpg, curve.toSpec()); + KeyGeneratorTestable kgt = KeyGeneratorTestable.builder().keyPairGenerator(kpg).spec(curve.toSpec()).build(); Test generate = KeyGeneratorTest.expectError(kgt, Result.ExpectedValue.ANY); - runTest(generate); - KeyPair kp = kgt.getKeyPair(); - if (kp == null) { - Test generateFail = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Generating KeyPair has failed on " + curve.getId() + - ". " + " Other tests will be skipped.", generate); - doTest(CompoundTest.all(Result.ExpectedValue.SUCCESS, description, generateFail)); - continue; - } - Test generateSuccess = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Generate keypair.", generate); - ECPrivateKey ecpriv = (ECPrivateKey) kp.getPrivate(); - ECPublicKey ecpub = (ECPublicKey) kp.getPublic(); //perform KeyAgreement tests List<Test> kaTests = new LinkedList<>(); for (KeyAgreementIdent kaIdent : cfg.selected.getKAs()) { if (kaAlgo == null || kaIdent.containsAny(kaTypes)) { KeyAgreement ka = kaIdent.getInstance(cfg.selected.getProvider()); - KeyAgreementTestable testable = new KeyAgreementTestable(ka, ecpriv, ecpub); + KeyAgreementTestable testable = KeyAgreementTestable.builder().ka(ka).publicKgt(kgt).privateKgt(kgt).random(getRandom()).build(); kaTests.add(KeyAgreementTest.expectError(testable, dhValue)); } } @@ -194,7 +154,8 @@ public class StandaloneCompositeSuite extends StandaloneTestSuite { for (SignatureIdent sigIdent : cfg.selected.getSigs()) { if (sigAlgo == null || sigIdent.containsAny(sigTypes)) { Signature sig = sigIdent.getInstance(cfg.selected.getProvider()); - SignatureTestable testable = new SignatureTestable(sig, ecpriv, ecpub, null); + byte[] data = sigIdent.toString().getBytes(); + SignatureTestable testable = new SignatureTestable(sig, kgt, data, getRandom()); sigTests.add(SignatureTest.expectError(testable, dhValue)); } } @@ -204,7 +165,7 @@ public class StandaloneCompositeSuite extends StandaloneTestSuite { Test performKeyAgreements = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Perform specified KeyAgreements.", kaTests.toArray(new Test[0])); Test performSignatures = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Perform specified Signatures.", sigTests.toArray(new Test[0])); - doTest(CompoundTest.all(Result.ExpectedValue.SUCCESS, description, generateSuccess, performKeyAgreements, performSignatures)); + doTest(CompoundTest.function(CompoundTest.EXPECT_ALL_SUCCESS, CompoundTest.RUN_ALL_IF_FIRST, description, generate, performKeyAgreements, performSignatures)); } } } diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneDefaultSuite.java b/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneDefaultSuite.java index 1c14ecc..a9b82d5 100644 --- a/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneDefaultSuite.java +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneDefaultSuite.java @@ -4,6 +4,7 @@ import cz.crcs.ectester.common.cli.TreeCommandLine; import cz.crcs.ectester.common.ec.EC_Curve; import cz.crcs.ectester.common.output.TestWriter; import cz.crcs.ectester.common.test.Result; +import cz.crcs.ectester.common.util.ECUtil; import cz.crcs.ectester.data.EC_Store; import cz.crcs.ectester.standalone.ECTesterStandalone; import cz.crcs.ectester.standalone.consts.KeyAgreementIdent; @@ -33,32 +34,10 @@ public class StandaloneDefaultSuite extends StandaloneTestSuite { String sigAlgo = cli.getOptionValue("test.sig-type"); String keyAlgo = cli.getOptionValue("test.key-type", "AES"); - - KeyPairGeneratorIdent kpgIdent; - if (kpgAlgo == null) { - // try EC, if not, fail with: need to specify kpg algo. - Optional<KeyPairGeneratorIdent> kpgIdentOpt = cfg.selected.getKPGs().stream() - .filter((ident) -> ident.contains("EC")) - .findFirst(); - if (kpgIdentOpt.isPresent()) { - kpgIdent = kpgIdentOpt.get(); - } else { - System.err.println("The default KeyPairGenerator algorithm type of \"EC\" was not found. Need to specify a type."); - return; - } - } else { - // try the specified, if not, fail with: wrong kpg algo/not found. - Optional<KeyPairGeneratorIdent> kpgIdentOpt = cfg.selected.getKPGs().stream() - .filter((ident) -> ident.contains(kpgAlgo)) - .findFirst(); - if (kpgIdentOpt.isPresent()) { - kpgIdent = kpgIdentOpt.get(); - } else { - System.err.println("The KeyPairGenerator algorithm type of \"" + kpgAlgo + "\" was not found."); - return; - } + KeyPairGeneratorIdent kpgIdent = getKeyPairGeneratorIdent(kpgAlgo); + if (kpgIdent == null) { + return; } - KeyPairGenerator kpg = kpgIdent.getInstance(cfg.selected.getProvider()); KeyGeneratorTestable kgtOne; @@ -66,8 +45,8 @@ public class StandaloneDefaultSuite extends StandaloneTestSuite { ECParameterSpec spec = null; if (cli.hasOption("test.bits")) { int bits = Integer.parseInt(cli.getOptionValue("test.bits")); - kgtOne = new KeyGeneratorTestable(kpg, bits); - kgtOther = new KeyGeneratorTestable(kpg, bits); + kgtOne = KeyGeneratorTestable.builder().keyPairGenerator(kpg).random(getRandom()).keysize(bits).build(); + kgtOther = KeyGeneratorTestable.builder().keyPairGenerator(kpg).random(getRandom()).keysize(bits).build(); } else if (cli.hasOption("test.named-curve")) { String curveName = cli.getOptionValue("test.named-curve"); EC_Curve curve = EC_Store.getInstance().getObject(EC_Curve.class, curveName); @@ -76,11 +55,11 @@ public class StandaloneDefaultSuite extends StandaloneTestSuite { return; } spec = curve.toSpec(); - kgtOne = new KeyGeneratorTestable(kpg, spec); - kgtOther = new KeyGeneratorTestable(kpg, spec); + kgtOne = KeyGeneratorTestable.builder().keyPairGenerator(kpg).random(getRandom()).spec(spec).build(); + kgtOther = KeyGeneratorTestable.builder().keyPairGenerator(kpg).random(getRandom()).spec(spec).build(); } else { - kgtOne = new KeyGeneratorTestable(kpg); - kgtOther = new KeyGeneratorTestable(kpg); + kgtOne = KeyGeneratorTestable.builder().keyPairGenerator(kpg).random(getRandom()).build(); + kgtOther = KeyGeneratorTestable.builder().keyPairGenerator(kpg).random(getRandom()).build(); } doTest(KeyGeneratorTest.expect(kgtOne, Result.ExpectedValue.SUCCESS)); @@ -91,9 +70,9 @@ public class StandaloneDefaultSuite extends StandaloneTestSuite { KeyAgreement ka = kaIdent.getInstance(cfg.selected.getProvider()); KeyAgreementTestable testable; if (kaIdent.requiresKeyAlgo()) { - testable = new KeyAgreementTestable(ka, kgtOne, kgtOther, spec, keyAlgo); + testable = KeyAgreementTestable.builder().ka(ka).privateKgt(kgtOne).publicKgt(kgtOther).spec(spec).random(getRandom()).keyAlgo(keyAlgo).build(); } else { - testable = new KeyAgreementTestable(ka, kgtOne, kgtOther, spec); + testable = KeyAgreementTestable.builder().ka(ka).privateKgt(kgtOne).publicKgt(kgtOther).spec(spec).random(getRandom()).build(); } doTest(KeyAgreementTest.expect(testable, Result.ExpectedValue.SUCCESS)); } @@ -101,7 +80,8 @@ public class StandaloneDefaultSuite extends StandaloneTestSuite { for (SignatureIdent sigIdent : cfg.selected.getSigs()) { if (sigAlgo == null || sigIdent.contains(sigAlgo)) { Signature sig = sigIdent.getInstance(cfg.selected.getProvider()); - doTest(SignatureTest.expect(new SignatureTestable(sig, kgtOne, null), Result.ExpectedValue.SUCCESS)); + byte[] data = sigIdent.toString().getBytes(); + doTest(SignatureTest.expect(new SignatureTestable(sig, kgtOne, data, getRandom()), Result.ExpectedValue.SUCCESS)); } } } diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneDegenerateSuite.java b/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneDegenerateSuite.java index d822a83..5a27f95 100644 --- a/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneDegenerateSuite.java +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneDegenerateSuite.java @@ -1,134 +1,16 @@ package cz.crcs.ectester.standalone.test.suites; import cz.crcs.ectester.common.cli.TreeCommandLine; -import cz.crcs.ectester.common.ec.EC_Curve; -import cz.crcs.ectester.common.ec.EC_Key; import cz.crcs.ectester.common.output.TestWriter; -import cz.crcs.ectester.common.test.CompoundTest; -import cz.crcs.ectester.common.test.Result; -import cz.crcs.ectester.common.test.Test; -import cz.crcs.ectester.common.util.ECUtil; -import cz.crcs.ectester.data.EC_Store; import cz.crcs.ectester.standalone.ECTesterStandalone; -import cz.crcs.ectester.standalone.consts.KeyAgreementIdent; -import cz.crcs.ectester.standalone.consts.KeyPairGeneratorIdent; -import cz.crcs.ectester.standalone.test.base.KeyAgreementTest; -import cz.crcs.ectester.standalone.test.base.KeyAgreementTestable; -import cz.crcs.ectester.standalone.test.base.KeyGeneratorTest; -import cz.crcs.ectester.standalone.test.base.KeyGeneratorTestable; - -import javax.crypto.KeyAgreement; -import java.security.KeyPair; -import java.security.KeyPairGenerator; -import java.security.interfaces.ECPrivateKey; -import java.security.interfaces.ECPublicKey; -import java.security.spec.ECGenParameterSpec; -import java.security.spec.ECParameterSpec; -import java.util.*; /** * @author David Hofman */ -public class StandaloneDegenerateSuite extends StandaloneTestSuite { +public class StandaloneDegenerateSuite extends StandaloneForeignSuite { public StandaloneDegenerateSuite(TestWriter writer, ECTesterStandalone.Config cfg, TreeCommandLine cli) { super(writer, cfg, cli, "degenerate", "The degenerate suite tests whether the library rejects points outside of the curve during ECDH.", "The tested points lie on a part of the plane for which some Edwards, Hessian and Huff form addition formulas degenerate into exponentiation in the base finite field.", "Supports options:", "\t - gt/kpg-type", "\t - kt/ka-type (select multiple types by separating them with commas)"); } - - @Override - protected void runTests() throws Exception { - String kpgAlgo = cli.getOptionValue("test.kpg-type"); - String kaAlgo = cli.getOptionValue("test.ka-type"); - List<String> kaTypes = kaAlgo != null ? Arrays.asList(kaAlgo.split(",")) : new ArrayList<>(); - - KeyPairGeneratorIdent kpgIdent; - if (kpgAlgo == null) { - // try EC, if not, fail with: need to specify kpg algo. - Optional<KeyPairGeneratorIdent> kpgIdentOpt = cfg.selected.getKPGs().stream() - .filter((ident) -> ident.contains("EC")) - .findFirst(); - if (kpgIdentOpt.isPresent()) { - kpgIdent = kpgIdentOpt.get(); - } else { - System.err.println("The default KeyPairGenerator algorithm type of \"EC\" was not found. Need to specify a type."); - return; - } - } else { - // try the specified, if not, fail with: wrong kpg algo/not found. - Optional<KeyPairGeneratorIdent> kpgIdentOpt = cfg.selected.getKPGs().stream() - .filter((ident) -> ident.contains(kpgAlgo)) - .findFirst(); - if (kpgIdentOpt.isPresent()) { - kpgIdent = kpgIdentOpt.get(); - } else { - System.err.println("The KeyPairGenerator algorithm type of \"" + kpgAlgo + "\" was not found."); - return; - } - } - - Map<String, EC_Key.Public> pubkeys = EC_Store.getInstance().getObjects(EC_Key.Public.class, "degenerate"); - Map<EC_Curve, List<EC_Key.Public>> curveList = EC_Store.mapKeyToCurve(pubkeys.values()); - for (Map.Entry<EC_Curve, List<EC_Key.Public>> e : curveList.entrySet()) { - EC_Curve curve = e.getKey(); - List<EC_Key.Public> keys = e.getValue(); - - KeyPairGenerator kpg = kpgIdent.getInstance(cfg.selected.getProvider()); - ECParameterSpec spec = curve.toSpec(); - KeyGeneratorTestable kgt = new KeyGeneratorTestable(kpg, spec); - - Test generateSuccess; - Test generate = KeyGeneratorTest.expectError(kgt, Result.ExpectedValue.ANY); - runTest(generate); - KeyPair kp = kgt.getKeyPair(); - if (kp != null) { - generateSuccess = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Generate keypair.", generate); - } else { - // If KeyPair generation fails, try generating it on named curve instead. - ECGenParameterSpec namedSpec = new ECGenParameterSpec(curve.getId()); - KeyGeneratorTestable kgtOnNamedCurve = new KeyGeneratorTestable(kpg, namedSpec); - Test generateOnNamedCurve = KeyGeneratorTest.expectError(kgtOnNamedCurve, Result.ExpectedValue.ANY); - runTest(generateOnNamedCurve); - kp = kgtOnNamedCurve.getKeyPair(); - if (kp != null) { - generateSuccess = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Generate keypair (named curve).", generateOnNamedCurve); - } else { - // If even the named curve generation fails, try generating with the default curve instead. Use this key only if it has the same domain parameters as our public key. - KeyGeneratorTestable kgtOnDefaultCurve = new KeyGeneratorTestable(kpg, curve.getBits()); - Test generateOnDefaultCurve = KeyGeneratorTest.expectError(kgtOnDefaultCurve, Result.ExpectedValue.ANY); - runTest(generateOnDefaultCurve); - kp = kgtOnDefaultCurve.getKeyPair(); - if (kp != null && ECUtil.equalKeyPairParameters((ECPrivateKey) kp.getPrivate(), ECUtil.toPublicKey(keys.get(0)))) { - generateSuccess = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Generate keypair (default curve).", generateOnDefaultCurve); - } else { - Test generateNotEqual = CompoundTest.function(tests -> new Result(Result.Value.FAILURE, "Default parameters do not match the curve " + curve.getId()), "Default parameters do not match the curve " + curve.getId(), generateOnDefaultCurve); - Test generateFail = CompoundTest.any(Result.ExpectedValue.SUCCESS, "Generating KeyPair has failed on " + curve.getId() + ". " + "KeyAgreement tests will be skipped.", generate, generateOnNamedCurve, generateNotEqual); - doTest(CompoundTest.all(Result.ExpectedValue.SUCCESS, "Degenerate curve test of " + curve.getId() + ".", generateFail)); - continue; - } - } - } - ECPrivateKey ecpriv = (ECPrivateKey) kp.getPrivate(); - - List<Test> allKaTests = new LinkedList<>(); - for (KeyAgreementIdent kaIdent : cfg.selected.getKAs()) { - if (kaAlgo == null || kaIdent.containsAny(kaTypes)) { - List<Test> specificKaTests = new LinkedList<>(); - for (EC_Key.Public pub : keys) { - ECPublicKey ecpub = ECUtil.toPublicKey(pub); - KeyAgreement ka = kaIdent.getInstance(cfg.selected.getProvider()); - KeyAgreementTestable testable = new KeyAgreementTestable(ka, ecpriv, ecpub); - Test keyAgreement = KeyAgreementTest.expectError(testable, Result.ExpectedValue.FAILURE); - specificKaTests.add(CompoundTest.all(Result.ExpectedValue.SUCCESS, pub.getId() + " degenerate key test.", keyAgreement)); - } - allKaTests.add(CompoundTest.all(Result.ExpectedValue.SUCCESS, "Perform " + kaIdent.getName() + " with degenerate public points..", specificKaTests.toArray(new Test[0]))); - } - } - if (allKaTests.isEmpty()) { - allKaTests.add(CompoundTest.all(Result.ExpectedValue.SUCCESS, "None of the specified key agreement types is supported by the library.")); - } - Test tests = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Do tests.", allKaTests.toArray(new Test[0])); - doTest(CompoundTest.greedyAllTry(Result.ExpectedValue.SUCCESS, "Degenerate curve test of " + curve.getId() + ".", generateSuccess, tests)); - } - } } diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneEdgeCasesSuite.java b/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneEdgeCasesSuite.java index 7c46f02..12a9f16 100644 --- a/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneEdgeCasesSuite.java +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneEdgeCasesSuite.java @@ -51,53 +51,13 @@ public class StandaloneEdgeCasesSuite extends StandaloneTestSuite { String kaAlgo = cli.getOptionValue("test.ka-type"); String kpgAlgo = cli.getOptionValue("test.kpg-type"); - if (kaAlgo == null) { - // try ECDH, if not, fail with: need to specify ka algo. - Optional<KeyAgreementIdent> kaIdentOpt = cfg.selected.getKAs().stream() - .filter((ident) -> ident.contains("ECDH")) - .findFirst(); - if (kaIdentOpt.isPresent()) { - kaIdent = kaIdentOpt.get(); - } else { - System.err.println("The default KeyAgreement algorithm type of \"ECDH\" was not found. Need to specify a type."); - return; - } - } else { - // try the specified, if not, fail with: wrong ka algo/not found. - Optional<KeyAgreementIdent> kaIdentOpt = cfg.selected.getKAs().stream() - .filter((ident) -> ident.contains(kaAlgo)) - .findFirst(); - if (kaIdentOpt.isPresent()) { - kaIdent = kaIdentOpt.get(); - } else { - System.err.println("The KeyAgreement algorithm type of \"" + kaAlgo + "\" was not found."); - return; - } + kaIdent = getKeyAgreementIdent(kaAlgo); + if (kaIdent == null) { + return; } - - KeyPairGeneratorIdent kpgIdent; - if (kpgAlgo == null) { - // try EC, if not, fail with: need to specify kpg algo. - Optional<KeyPairGeneratorIdent> kpgIdentOpt = cfg.selected.getKPGs().stream() - .filter((ident) -> ident.contains("EC")) - .findFirst(); - if (kpgIdentOpt.isPresent()) { - kpgIdent = kpgIdentOpt.get(); - } else { - System.err.println("The default KeyPairGenerator algorithm type of \"EC\" was not found. Need to specify a type."); - return; - } - } else { - // try the specified, if not, fail with: wrong kpg algo/not found. - Optional<KeyPairGeneratorIdent> kpgIdentOpt = cfg.selected.getKPGs().stream() - .filter((ident) -> ident.contains(kpgAlgo)) - .findFirst(); - if (kpgIdentOpt.isPresent()) { - kpgIdent = kpgIdentOpt.get(); - } else { - System.err.println("The KeyPairGenerator algorithm type of \"" + kpgAlgo + "\" was not found."); - return; - } + KeyPairGeneratorIdent kpgIdent = getKeyPairGeneratorIdent(kpgAlgo); + if (kpgIdent == null) { + return; } KeyPairGenerator kpg = kpgIdent.getInstance(cfg.selected.getProvider()); @@ -132,7 +92,7 @@ public class StandaloneEdgeCasesSuite extends StandaloneTestSuite { ECPublicKey ecpub = ECUtil.toPublicKey(EC_Store.getInstance().getObject(EC_Key.Public.class, pubkeyId)); KeyAgreement ka = kaIdent.getInstance(cfg.selected.getProvider()); - KeyAgreementTestable testable = new KeyAgreementTestable(ka, ecpriv, ecpub); + KeyAgreementTestable testable = KeyAgreementTestable.builder().ka(ka).privateKey(ecpriv).publicKey(ecpub).random(getRandom()).build(); Test ecdh = KeyAgreementTest.match(testable, value.getData(0)); Test one = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Test " + id + ".", ecdh); curveTests.add(one); @@ -147,7 +107,7 @@ public class StandaloneEdgeCasesSuite extends StandaloneTestSuite { ECPrivateKey ecpriv = ECUtil.toPrivateKey(EC_Store.getInstance().getObject(EC_Key.Private.class, openssl_bug.getOtherKey())); ECPublicKey ecpub = ECUtil.toPublicKey(EC_Store.getInstance().getObject(EC_Key.Public.class, openssl_bug.getOneKey())); KeyAgreement ka = kaIdent.getInstance(cfg.selected.getProvider()); - KeyAgreementTestable testable = new KeyAgreementTestable(ka, ecpriv, ecpub); + KeyAgreementTestable testable = KeyAgreementTestable.builder().ka(ka).privateKey(ecpriv).publicKey(ecpub).random(getRandom()).build(); Test ecdh = KeyAgreementTest.function(testable, new TestCallback<KeyAgreementTestable>() { @Override public Result apply(KeyAgreementTestable testable) { @@ -169,27 +129,17 @@ public class StandaloneEdgeCasesSuite extends StandaloneTestSuite { e.getKey().endsWith("r1") && e.getValue().getField() == javacard.security.KeyPair.ALG_EC_FP).map(Map.Entry::getValue).collect(Collectors.toList()); curves.add(EC_Store.getInstance().getObject(EC_Curve.class, "cofactor/cofactor128p2")); curves.add(EC_Store.getInstance().getObject(EC_Curve.class, "cofactor/cofactor160p4")); - Random rand = new Random(); + Random rand = getRandom(); for (EC_Curve curve : curves) { ECParameterSpec spec = curve.toSpec(); //generate KeyPair - KeyGeneratorTestable kgt = new KeyGeneratorTestable(kpg, spec); + KeyGeneratorTestable kgt = KeyGeneratorTestable.builder().keyPairGenerator(kpg).spec(spec).random(getRandom()).build(); Test generate = KeyGeneratorTest.expectError(kgt, Result.ExpectedValue.ANY); - runTest(generate); - KeyPair kp = kgt.getKeyPair(); - if (kp == null) { - Test generateFail = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Generating KeyPair has failed on " + curve.getId() + - ". " + " Other tests will be skipped.", generate); - doTest(CompoundTest.all(Result.ExpectedValue.SUCCESS, "Tests with edge-case private key values over" + curve.getId() + ".", generateFail)); - continue; - } - Test generateSuccess = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Generate KeyPair.", generate); - ECPublicKey ecpub = (ECPublicKey) kp.getPublic(); //perform ECDH tests - Test zeroS = ecdhTest(ecpub, BigInteger.ZERO, spec, "ECDH with S = 0.", Result.ExpectedValue.FAILURE); - Test oneS = ecdhTest(ecpub, BigInteger.ONE, spec, "ECDH with S = 1.", Result.ExpectedValue.FAILURE); + Test zeroS = ecdhTest(kgt, BigInteger.ZERO, spec, "ECDH with S = 0.", Result.ExpectedValue.FAILURE); + Test oneS = ecdhTest(kgt, BigInteger.ONE, spec, "ECDH with S = 1.", Result.ExpectedValue.FAILURE); byte[] rParam = curve.getParam(EC_Consts.PARAMETER_R)[0]; BigInteger R = new BigInteger(1, rParam); @@ -208,14 +158,14 @@ public class StandaloneEdgeCasesSuite extends StandaloneTestSuite { BigInteger rm1 = R.subtract(BigInteger.ONE); BigInteger rp1 = R.add(BigInteger.ONE); - Test alternateS = ecdhTest(ecpub, alternate, spec, "ECDH with S = 101010101...01010.", Result.ExpectedValue.SUCCESS); - Test alternateOtherS = ecdhTest(ecpub, alternateOther, spec, "ECDH with S = 010101010...10101.", Result.ExpectedValue.SUCCESS); - Test fullS = ecdhTest(ecpub, full, spec, "ECDH with S = 111111111...11111 (but < r).", Result.ExpectedValue.SUCCESS); - Test smallerS = ecdhTest(ecpub, smaller, spec, "ECDH with S < r.", Result.ExpectedValue.SUCCESS); - Test exactS = ecdhTest(ecpub, R, spec, "ECDH with S = r.", Result.ExpectedValue.FAILURE); - Test largeS = ecdhTest(ecpub, larger, spec, "ECDH with S > r.", Result.ExpectedValue.ANY); - Test rm1S = ecdhTest(ecpub, rm1, spec, "ECDH with S = r - 1.", Result.ExpectedValue.SUCCESS); - Test rp1S = ecdhTest(ecpub, rp1, spec, "ECDH with S = r + 1.", Result.ExpectedValue.ANY); + Test alternateS = ecdhTest(kgt, alternate, spec, "ECDH with S = 101010101...01010.", Result.ExpectedValue.SUCCESS); + Test alternateOtherS = ecdhTest(kgt, alternateOther, spec, "ECDH with S = 010101010...10101.", Result.ExpectedValue.SUCCESS); + Test fullS = ecdhTest(kgt, full, spec, "ECDH with S = 111111111...11111 (but < r).", Result.ExpectedValue.SUCCESS); + Test smallerS = ecdhTest(kgt, smaller, spec, "ECDH with S < r.", Result.ExpectedValue.SUCCESS); + Test exactS = ecdhTest(kgt, R, spec, "ECDH with S = r.", Result.ExpectedValue.FAILURE); + Test largeS = ecdhTest(kgt, larger, spec, "ECDH with S > r.", Result.ExpectedValue.ANY); + Test rm1S = ecdhTest(kgt, rm1, spec, "ECDH with S = r - 1.", Result.ExpectedValue.SUCCESS); + Test rp1S = ecdhTest(kgt, rp1, spec, "ECDH with S = r + 1.", Result.ExpectedValue.ANY); byte[] k = curve.getParam(EC_Consts.PARAMETER_K)[0]; BigInteger K = new BigInteger(1, k); @@ -225,12 +175,12 @@ public class StandaloneEdgeCasesSuite extends StandaloneTestSuite { Result.ExpectedValue kExpected = K.equals(BigInteger.ONE) ? Result.ExpectedValue.SUCCESS : Result.ExpectedValue.FAILURE; - Test krS /*ONE!*/ = ecdhTest(ecpub, kr, spec, "ECDH with S = k * r.", Result.ExpectedValue.FAILURE); - Test krm1S = ecdhTest(ecpub, krm1, spec, "ECDH with S = (k * r) - 1.", kExpected); - Test krp1S = ecdhTest(ecpub, krp1, spec, "ECDH with S = (k * r) + 1.", Result.ExpectedValue.ANY); + Test krS /*ONE!*/ = ecdhTest(kgt, kr, spec, "ECDH with S = k * r.", Result.ExpectedValue.FAILURE); + Test krm1S = ecdhTest(kgt, krm1, spec, "ECDH with S = (k * r) - 1.", kExpected); + Test krp1S = ecdhTest(kgt, krp1, spec, "ECDH with S = (k * r) + 1.", Result.ExpectedValue.ANY); - doTest(CompoundTest.all(Result.ExpectedValue.SUCCESS, "Tests with edge-case private key values over " + curve.getId() + ".", - generateSuccess, zeroS, oneS, alternateS, alternateOtherS, fullS, smallerS, exactS, largeS, rm1S, rp1S, krS, krm1S, krp1S)); + doTest(CompoundTest.function(CompoundTest.EXPECT_ALL_SUCCESS, CompoundTest.RUN_ALL_IF_FIRST, "Tests with edge-case private key values over " + curve.getId() + ".", + generate, zeroS, oneS, alternateS, alternateOtherS, fullS, smallerS, exactS, largeS, rm1S, rp1S, krS, krm1S, krp1S)); } EC_Curve secp160r1 = EC_Store.getInstance().getObject(EC_Curve.class, "secg/secp160r1"); @@ -263,31 +213,21 @@ public class StandaloneEdgeCasesSuite extends StandaloneTestSuite { Arrays.sort(zeros); //generate KeyPair - KeyGeneratorTestable kgt = new KeyGeneratorTestable(kpg, spec); + KeyGeneratorTestable kgt = KeyGeneratorTestable.builder().keyPairGenerator(kpg).spec(spec).random(getRandom()).build(); Test generate = KeyGeneratorTest.expectError(kgt, Result.ExpectedValue.ANY); - runTest(generate); - KeyPair kp = kgt.getKeyPair(); - if (kp == null) { - Test generateFail = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Generating KeyPair has failed on " - + secp160r1.getBits() + "b secp160r1." + " Other tests will be skipped.", generate); - doTest(CompoundTest.all(Result.ExpectedValue.SUCCESS, "Test private key values near zero, near p and near/larger than the order on" + secp160r1.getId() + ".", generateFail)); - return; - } - Test generateSuccess = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Generate KeyPair.", generate); - ECPublicKey ecpub = (ECPublicKey) kp.getPublic(); //perform ECDH tests Test[] zeroTests = new Test[n]; int i = 0; for (BigInteger nearZero : zeros) { - zeroTests[i++] = ecdhTest(ecpub, nearZero, spec, nearZero.toString(16), Result.ExpectedValue.SUCCESS); + zeroTests[i++] = ecdhTest(kgt, nearZero, spec, nearZero.toString(16), Result.ExpectedValue.SUCCESS); } Test zeroTest = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Near zero.", zeroTests); Test[] pTests = new Test[n]; i = 0; for (BigInteger nearP : ps) { - pTests[i++] = ecdhTest(ecpub, nearP, spec, nearP.toString(16) + (nearP.compareTo(p) > 0 ? " (>p)" : " (<=p)"), Result.ExpectedValue.SUCCESS); + pTests[i++] = ecdhTest(kgt, nearP, spec, nearP.toString(16) + (nearP.compareTo(p) > 0 ? " (>p)" : " (<=p)"), Result.ExpectedValue.SUCCESS); } Test pTest = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Near p.", pTests); @@ -295,19 +235,19 @@ public class StandaloneEdgeCasesSuite extends StandaloneTestSuite { i = 0; for (BigInteger nearR : rs) { if (nearR.compareTo(r) >= 0) { - rTests[i++] = ecdhTest(ecpub, nearR, spec, nearR.toString(16) + " (>=r)", Result.ExpectedValue.FAILURE); + rTests[i++] = ecdhTest(kgt, nearR, spec, nearR.toString(16) + " (>=r)", Result.ExpectedValue.FAILURE); } else { - rTests[i++] = ecdhTest(ecpub, nearR, spec, nearR.toString(16) + " (<r)", Result.ExpectedValue.SUCCESS); + rTests[i++] = ecdhTest(kgt, nearR, spec, nearR.toString(16) + " (<r)", Result.ExpectedValue.SUCCESS); } } Test rTest = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Near r.", rTests); - doTest(CompoundTest.all(Result.ExpectedValue.SUCCESS, "Test private key values near zero, near p and near/larger than the order.", generateSuccess, zeroTest, pTest, rTest)); + doTest(CompoundTest.function(CompoundTest.EXPECT_ALL_SUCCESS, CompoundTest.RUN_ALL_IF_FIRST, "Test private key values near zero, near p and near/larger than the order.", generate, zeroTest, pTest, rTest)); } - private Test ecdhTest(ECPublicKey pub, BigInteger SParam, ECParameterSpec spec, String desc, Result.ExpectedValue expect) throws NoSuchAlgorithmException { + private Test ecdhTest(KeyGeneratorTestable kgt, BigInteger SParam, ECParameterSpec spec, String desc, Result.ExpectedValue expect) throws NoSuchAlgorithmException { ECPrivateKey priv = new RawECPrivateKey(SParam, spec); KeyAgreement ka = kaIdent.getInstance(cfg.selected.getProvider()); - KeyAgreementTestable testable = new KeyAgreementTestable(ka, priv, pub); + KeyAgreementTestable testable = KeyAgreementTestable.builder().ka(ka).privateKey(priv).publicKgt(kgt).random(getRandom()).build(); return CompoundTest.all(Result.ExpectedValue.SUCCESS, desc, KeyAgreementTest.expectError(testable, expect)); } } diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneForeignSuite.java b/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneForeignSuite.java new file mode 100644 index 0000000..da5d19a --- /dev/null +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneForeignSuite.java @@ -0,0 +1,173 @@ +package cz.crcs.ectester.standalone.test.suites; + +import cz.crcs.ectester.common.cli.TreeCommandLine; +import cz.crcs.ectester.common.ec.EC_Curve; +import cz.crcs.ectester.common.ec.EC_Key; +import cz.crcs.ectester.common.output.TestWriter; +import cz.crcs.ectester.common.test.CompoundTest; +import cz.crcs.ectester.common.test.Result; +import cz.crcs.ectester.common.test.Test; +import cz.crcs.ectester.common.util.ECUtil; +import cz.crcs.ectester.data.EC_Store; +import cz.crcs.ectester.standalone.ECTesterStandalone; +import cz.crcs.ectester.standalone.consts.KeyAgreementIdent; +import cz.crcs.ectester.standalone.consts.KeyPairGeneratorIdent; +import cz.crcs.ectester.standalone.test.base.KeyAgreementTest; +import cz.crcs.ectester.standalone.test.base.KeyAgreementTestable; +import cz.crcs.ectester.standalone.test.base.KeyGeneratorTest; +import cz.crcs.ectester.standalone.test.base.KeyGeneratorTestable; + +import javax.crypto.KeyAgreement; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.interfaces.ECPrivateKey; +import java.security.interfaces.ECPublicKey; +import java.security.spec.AlgorithmParameterSpec; +import java.security.spec.ECGenParameterSpec; +import java.security.spec.ECParameterSpec; +import java.util.*; + +public abstract class StandaloneForeignSuite extends StandaloneTestSuite { + private String capName; + + public StandaloneForeignSuite(TestWriter writer, ECTesterStandalone.Config cfg, TreeCommandLine cli, String name, String... description) { + super(writer, cfg, cli, name, description); + this.capName = name.substring(0, 1).toUpperCase() + name.substring(1); + } + + @Override + protected void runTests() throws Exception { + String kpgAlgo = cli.getOptionValue("test.kpg-type"); + String kaAlgo = cli.getOptionValue("test.ka-type"); + List<String> kaTypes = kaAlgo != null ? Arrays.asList(kaAlgo.split(",")) : new ArrayList<>(); + + KeyPairGeneratorIdent kpgIdent = getKeyPairGeneratorIdent(kpgAlgo); + if (kpgIdent == null) { + return; + } + + Map<String, EC_Key.Public> pubkeys = EC_Store.getInstance().getObjects(EC_Key.Public.class, this.name); + Map<EC_Curve, List<EC_Key.Public>> curveList = EC_Store.mapKeyToCurve(pubkeys.values()); + for (Map.Entry<EC_Curve, List<EC_Key.Public>> e : curveList.entrySet()) { + EC_Curve curve = e.getKey(); + List<EC_Key.Public> keys = e.getValue(); + ECPublicKey singlePkey = ECUtil.toPublicKey(keys.get(0)); + + KeyPairGenerator kpg = kpgIdent.getInstance(cfg.selected.getProvider()); + ECParameterSpec spec = curve.toSpec(); + ECGenParameterSpec namedSpec = new ECGenParameterSpec(curve.getId()); + + KeyGeneratorTestable kgt = KeyGeneratorTestable.builder().keyPairGenerator(kpg).random(getRandom()).spec(spec).build(); + KeyGeneratorTestable kgtOnNamedCurve = KeyGeneratorTestable.builder().keyPairGenerator(kpg).random(getRandom()).spec(namedSpec).build(); + KeyGeneratorTestable kgtOnDefaultCurve = KeyGeneratorTestable.builder().keyPairGenerator(kpg).random(getRandom()).keysize(curve.getBits()).build(); + + // This is some nasty hacking... + KeyGeneratorTestable theKgt = new KeyGeneratorTestable(kpg) { + private KeyGeneratorTestable current = null; + + @Override + public Exception getException() { + if (current != null) { + return current.getException(); + } + return super.getException(); + } + + @Override + public KeyGeneratorStage getStage() { + if (current != null) { + return current.getStage(); + } + return super.getStage(); + } + + @Override + public void run() { + stage = KeyGeneratorStage.Init; + kgt.run(); + if (kgt.ok()) { + ok = true; + error = false; + current = kgt; + hasRun = true; + return; + } + kgtOnNamedCurve.run(); + if (kgtOnNamedCurve.ok()) { + ok = true; + error = false; + current = kgtOnNamedCurve; + hasRun = true; + return; + } + kgtOnDefaultCurve.run(); + if (kgtOnDefaultCurve.ok() && ECUtil.equalKeyPairParameters((ECPrivateKey) kgtOnDefaultCurve.getKeyPair().getPrivate(), singlePkey)) { + ok = true; + error = false; + current = kgtOnDefaultCurve; + hasRun = true; + } + } + + @Override + public KeyPair getKeyPair() { + if (current != null) { + return current.getKeyPair(); + } + return super.getKeyPair(); + } + + @Override + public KeyPairGenerator getKpg() { + if (current != null) { + return current.getKpg(); + } + return super.getKpg(); + } + + @Override + public AlgorithmParameterSpec getSpec() { + if (current != null) { + return current.getSpec(); + } + return super.getSpec(); + } + + @Override + public int getKeysize() { + if (current != null) { + return current.getKeysize(); + } + return super.getKeysize(); + } + }; + + Test generate = KeyGeneratorTest.expectError(kgt, Result.ExpectedValue.SUCCESS); + Test generateOnNamedCurve = KeyGeneratorTest.expectError(kgtOnNamedCurve, Result.ExpectedValue.SUCCESS); + Test generateOnDefaultCurve = KeyGeneratorTest.expectError(kgtOnDefaultCurve, Result.ExpectedValue.SUCCESS); + Test generateFinal = KeyGeneratorTest.expectError(theKgt, Result.ExpectedValue.SUCCESS); + //generate, generateOnNamedCurve, generateOnDefaultCurve, + Test generateAny = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Generate a keypair on the standard curve.", generateFinal); + + List<Test> allKaTests = new LinkedList<>(); + for (KeyAgreementIdent kaIdent : cfg.selected.getKAs()) { + if (kaAlgo == null || kaIdent.containsAny(kaTypes)) { + List<Test> specificKaTests = new LinkedList<>(); + for (EC_Key.Public pub : keys) { + ECPublicKey ecpub = ECUtil.toPublicKey(pub); + KeyAgreement ka = kaIdent.getInstance(cfg.selected.getProvider()); + KeyAgreementTestable testable = KeyAgreementTestable.builder().ka(ka).publicKey(ecpub).privateKgt(theKgt).random(getRandom()).build(); + Test keyAgreement = KeyAgreementTest.expectError(testable, Result.ExpectedValue.FAILURE); + specificKaTests.add(CompoundTest.all(Result.ExpectedValue.SUCCESS, pub.getId() + " invalid key test.", keyAgreement)); + } + allKaTests.add(CompoundTest.all(Result.ExpectedValue.SUCCESS, "Perform " + kaIdent.getName() + " with invalid public points.", specificKaTests.toArray(new Test[0]))); + } + } + if (allKaTests.isEmpty()) { + allKaTests.add(CompoundTest.all(Result.ExpectedValue.SUCCESS, "None of the specified key agreement types is supported by the library.")); + } + Test tests = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Do tests.", allKaTests.toArray(new Test[0])); + doTest(CompoundTest.greedyAllTry(Result.ExpectedValue.SUCCESS, this.capName + " curve test of " + curve.getId() + ".", generateAny, tests)); + } + } +} diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneInvalidSuite.java b/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneInvalidSuite.java index 48dfc37..d1b9a88 100644 --- a/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneInvalidSuite.java +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneInvalidSuite.java @@ -1,133 +1,16 @@ package cz.crcs.ectester.standalone.test.suites; import cz.crcs.ectester.common.cli.TreeCommandLine; -import cz.crcs.ectester.common.ec.EC_Curve; -import cz.crcs.ectester.common.ec.EC_Key; import cz.crcs.ectester.common.output.TestWriter; -import cz.crcs.ectester.common.test.CompoundTest; -import cz.crcs.ectester.common.test.Result; -import cz.crcs.ectester.common.test.Test; -import cz.crcs.ectester.common.util.ECUtil; -import cz.crcs.ectester.data.EC_Store; import cz.crcs.ectester.standalone.ECTesterStandalone; -import cz.crcs.ectester.standalone.consts.KeyAgreementIdent; -import cz.crcs.ectester.standalone.consts.KeyPairGeneratorIdent; -import cz.crcs.ectester.standalone.test.base.KeyAgreementTest; -import cz.crcs.ectester.standalone.test.base.KeyAgreementTestable; -import cz.crcs.ectester.standalone.test.base.KeyGeneratorTest; -import cz.crcs.ectester.standalone.test.base.KeyGeneratorTestable; -import javax.crypto.KeyAgreement; -import java.security.KeyPair; -import java.security.KeyPairGenerator; -import java.security.interfaces.ECPrivateKey; -import java.security.interfaces.ECPublicKey; -import java.security.spec.ECGenParameterSpec; -import java.security.spec.ECParameterSpec; -import java.util.*; /** * @author David Hofman */ -public class StandaloneInvalidSuite extends StandaloneTestSuite { +public class StandaloneInvalidSuite extends StandaloneForeignSuite { public StandaloneInvalidSuite(TestWriter writer, ECTesterStandalone.Config cfg, TreeCommandLine cli) { super(writer, cfg, cli, "invalid", "The invalid curve suite tests whether the library rejects points outside of the curve during ECDH.", "Supports options:", "\t - gt/kpg-type", "\t - kt/ka-type (select multiple types by separating them with commas)"); } - - @Override - protected void runTests() throws Exception { - String kpgAlgo = cli.getOptionValue("test.kpg-type"); - String kaAlgo = cli.getOptionValue("test.ka-type"); - List<String> kaTypes = kaAlgo != null ? Arrays.asList(kaAlgo.split(",")) : new ArrayList<>(); - - KeyPairGeneratorIdent kpgIdent; - if (kpgAlgo == null) { - // try EC, if not, fail with: need to specify kpg algo. - Optional<KeyPairGeneratorIdent> kpgIdentOpt = cfg.selected.getKPGs().stream() - .filter((ident) -> ident.contains("EC")) - .findFirst(); - if (kpgIdentOpt.isPresent()) { - kpgIdent = kpgIdentOpt.get(); - } else { - System.err.println("The default KeyPairGenerator algorithm type of \"EC\" was not found. Need to specify a type."); - return; - } - } else { - // try the specified, if not, fail with: wrong kpg algo/not found. - Optional<KeyPairGeneratorIdent> kpgIdentOpt = cfg.selected.getKPGs().stream() - .filter((ident) -> ident.contains(kpgAlgo)) - .findFirst(); - if (kpgIdentOpt.isPresent()) { - kpgIdent = kpgIdentOpt.get(); - } else { - System.err.println("The KeyPairGenerator algorithm type of \"" + kpgAlgo + "\" was not found."); - return; - } - } - - Map<String, EC_Key.Public> pubkeys = EC_Store.getInstance().getObjects(EC_Key.Public.class, "invalid"); - Map<EC_Curve, List<EC_Key.Public>> curveList = EC_Store.mapKeyToCurve(pubkeys.values()); - for (Map.Entry<EC_Curve, List<EC_Key.Public>> e : curveList.entrySet()) { - EC_Curve curve = e.getKey(); - List<EC_Key.Public> keys = e.getValue(); - - KeyPairGenerator kpg = kpgIdent.getInstance(cfg.selected.getProvider()); - ECParameterSpec spec = curve.toSpec(); - KeyGeneratorTestable kgt = new KeyGeneratorTestable(kpg, spec); - - Test generateSuccess; - Test generate = KeyGeneratorTest.expectError(kgt, Result.ExpectedValue.ANY); - runTest(generate); - KeyPair kp = kgt.getKeyPair(); - if (kp != null) { - generateSuccess = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Generate keypair.", generate); - } else { - // If KeyPair generation fails, try generating it on named curve instead. - ECGenParameterSpec namedSpec = new ECGenParameterSpec(curve.getId()); - KeyGeneratorTestable kgtOnNamedCurve = new KeyGeneratorTestable(kpg, namedSpec); - Test generateOnNamedCurve = KeyGeneratorTest.expectError(kgtOnNamedCurve, Result.ExpectedValue.ANY); - runTest(generateOnNamedCurve); - kp = kgtOnNamedCurve.getKeyPair(); - if (kp != null) { - generateSuccess = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Generate keypair (named curve).", generateOnNamedCurve); - } else { - // If even the named curve generation fails, try generating with the default curve instead. Use this key only if it has the same domain parameters as our public key. - KeyGeneratorTestable kgtOnDefaultCurve = new KeyGeneratorTestable(kpg, curve.getBits()); - Test generateOnDefaultCurve = KeyGeneratorTest.expectError(kgtOnDefaultCurve, Result.ExpectedValue.ANY); - runTest(generateOnDefaultCurve); - kp = kgtOnDefaultCurve.getKeyPair(); - if (kp != null && ECUtil.equalKeyPairParameters((ECPrivateKey) kp.getPrivate(), ECUtil.toPublicKey(keys.get(0)))) { - generateSuccess = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Generate keypair (default curve).", generateOnDefaultCurve); - } else { - Test generateNotEqual = CompoundTest.function(tests -> new Result(Result.Value.FAILURE, "Default parameters do not match the curve " + curve.getId()), "Default parameters do not match the curve " + curve.getId(), generateOnDefaultCurve); - Test generateFail = CompoundTest.any(Result.ExpectedValue.SUCCESS, "Generating KeyPair has failed on " + curve.getId() + ". " + "KeyAgreement tests will be skipped.", generate, generateOnNamedCurve, generateNotEqual); - doTest(CompoundTest.all(Result.ExpectedValue.SUCCESS, "Invalid curve test of " + curve.getId() + ".", generateFail)); - continue; - } - } - } - ECPrivateKey ecpriv = (ECPrivateKey) kp.getPrivate(); - - List<Test> allKaTests = new LinkedList<>(); - for (KeyAgreementIdent kaIdent : cfg.selected.getKAs()) { - if (kaAlgo == null || kaIdent.containsAny(kaTypes)) { - List<Test> specificKaTests = new LinkedList<>(); - for (EC_Key.Public pub : keys) { - ECPublicKey ecpub = ECUtil.toPublicKey(pub); - KeyAgreement ka = kaIdent.getInstance(cfg.selected.getProvider()); - KeyAgreementTestable testable = new KeyAgreementTestable(ka, ecpriv, ecpub); - Test keyAgreement = KeyAgreementTest.expectError(testable, Result.ExpectedValue.FAILURE); - specificKaTests.add(CompoundTest.all(Result.ExpectedValue.SUCCESS, pub.getId() + " invalid key test.", keyAgreement)); - } - allKaTests.add(CompoundTest.all(Result.ExpectedValue.SUCCESS, "Perform " + kaIdent.getName() + " with invalid public points.", specificKaTests.toArray(new Test[0]))); - } - } - if (allKaTests.isEmpty()) { - allKaTests.add(CompoundTest.all(Result.ExpectedValue.SUCCESS, "None of the specified key agreement types is supported by the library.")); - } - Test tests = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Do tests.", allKaTests.toArray(new Test[0])); - doTest(CompoundTest.greedyAllTry(Result.ExpectedValue.SUCCESS, "Invalid curve test of " + curve.getId() + ".", generateSuccess, tests)); - } - } } diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneMiscSuite.java b/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneMiscSuite.java index f3a10eb..87ad0b3 100644 --- a/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneMiscSuite.java +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneMiscSuite.java @@ -6,6 +6,8 @@ import cz.crcs.ectester.common.output.TestWriter; import cz.crcs.ectester.common.test.CompoundTest; import cz.crcs.ectester.common.test.Result; import cz.crcs.ectester.common.test.Test; +import cz.crcs.ectester.common.util.ByteUtil; +import cz.crcs.ectester.common.util.ECUtil; import cz.crcs.ectester.data.EC_Store; import cz.crcs.ectester.standalone.ECTesterStandalone; import cz.crcs.ectester.standalone.consts.KeyAgreementIdent; @@ -22,6 +24,8 @@ import java.security.interfaces.ECPrivateKey; import java.security.interfaces.ECPublicKey; import java.util.*; +import static cz.crcs.ectester.common.util.ECUtil.hashCurve; + /** * @author David Hofman */ @@ -50,30 +54,10 @@ public class StandaloneMiscSuite extends StandaloneTestSuite { kaTypes = kaAlgo != null ? Arrays.asList(kaAlgo.split(",")) : new ArrayList<>(); sigTypes = sigAlgo != null ? Arrays.asList(sigAlgo.split(",")) : new ArrayList<>(); - - KeyPairGeneratorIdent kpgIdent; - if (kpgAlgo == null) { - // try EC, if not, fail with: need to specify kpg algo. - Optional<KeyPairGeneratorIdent> kpgIdentOpt = cfg.selected.getKPGs().stream() - .filter((ident) -> ident.contains("EC")) - .findFirst(); - if (kpgIdentOpt.isPresent()) { - kpgIdent = kpgIdentOpt.get(); - } else { - System.err.println("The default KeyPairGenerator algorithm type of \"EC\" was not found. Need to specify a type."); - return; - } - } else { - // try the specified, if not, fail with: wrong kpg algo/not found. - Optional<KeyPairGeneratorIdent> kpgIdentOpt = cfg.selected.getKPGs().stream() - .filter((ident) -> ident.contains(kpgAlgo)) - .findFirst(); - if (kpgIdentOpt.isPresent()) { - kpgIdent = kpgIdentOpt.get(); - } else { - System.err.println("The KeyPairGenerator algorithm type of \"" + kpgAlgo + "\" was not found."); - return; - } + + KeyPairGeneratorIdent kpgIdent = getKeyPairGeneratorIdent(kpgAlgo); + if (kpgIdent == null) { + return; } KeyPairGenerator kpg = kpgIdent.getInstance(cfg.selected.getProvider()); @@ -97,30 +81,19 @@ public class StandaloneMiscSuite extends StandaloneTestSuite { private void testCurve(EC_Curve curve, String catName, KeyPairGenerator kpg, Result.ExpectedValue expected) throws NoSuchAlgorithmException { //generate KeyPair - KeyGeneratorTestable kgt = new KeyGeneratorTestable(kpg, curve.toSpec()); - Test generate = KeyGeneratorTest.expectError(kgt, Result.ExpectedValue.ANY); - runTest(generate); - KeyPair kp = kgt.getKeyPair(); - if(kp == null) { - Test generateFail = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Generating KeyPair has failed on " + curve.getId() + - ". " + " Other tests will be skipped.", generate); - doTest(CompoundTest.all(Result.ExpectedValue.SUCCESS, "Tests over " + curve.getBits() + "b " + catName + " curve: " + curve.getId() + ".", generateFail)); - return; - } - Test generateSuccess = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Generate keypair.", generate); - ECPrivateKey ecpriv = (ECPrivateKey) kp.getPrivate(); - ECPublicKey ecpub = (ECPublicKey) kp.getPublic(); + KeyGeneratorTestable kgt = KeyGeneratorTestable.builder().keyPairGenerator(kpg).spec(curve.toSpec()).random(getRandom()).build(); + Test generate = KeyGeneratorTest.expectError(kgt, Result.ExpectedValue.ANY); //perform KeyAgreement tests List<Test> kaTests = new LinkedList<>(); for (KeyAgreementIdent kaIdent : cfg.selected.getKAs()) { if (kaAlgo == null || kaIdent.containsAny(kaTypes)) { KeyAgreement ka = kaIdent.getInstance(cfg.selected.getProvider()); - KeyAgreementTestable testable = new KeyAgreementTestable(ka, ecpriv, ecpub); + KeyAgreementTestable testable = KeyAgreementTestable.builder().ka(ka).publicKgt(kgt).privateKgt(kgt).random(getRandom()).build(); kaTests.add(KeyAgreementTest.expectError(testable, expected)); } } - if(kaTests.isEmpty()) { + if (kaTests.isEmpty()) { kaTests.add(CompoundTest.all(Result.ExpectedValue.SUCCESS, "None of the specified KeyAgreement types is supported by the library.")); } @@ -129,17 +102,18 @@ public class StandaloneMiscSuite extends StandaloneTestSuite { for (SignatureIdent sigIdent : cfg.selected.getSigs()) { if (sigAlgo == null || sigIdent.containsAny(sigTypes)) { Signature sig = sigIdent.getInstance(cfg.selected.getProvider()); - SignatureTestable testable = new SignatureTestable(sig, ecpriv, ecpub, null); + byte[] data = sigIdent.toString().getBytes(); + SignatureTestable testable = new SignatureTestable(sig, kgt, data, getRandom()); sigTests.add(SignatureTest.expectError(testable, expected)); } } - if(sigTests.isEmpty()) { + if (sigTests.isEmpty()) { sigTests.add(CompoundTest.all(Result.ExpectedValue.SUCCESS, "None of the specified Signature types is supported by the library.")); } Test performKeyAgreements = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Perform specified KeyAgreements.", kaTests.toArray(new Test[0])); Test performSignatures = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Perform specified Signatures.", sigTests.toArray(new Test[0])); - doTest(CompoundTest.all(Result.ExpectedValue.SUCCESS, "Tests over " + curve.getBits() + "b " + catName + " curve: " + curve.getId() + ".", generateSuccess, performKeyAgreements, performSignatures)); + doTest(CompoundTest.all(Result.ExpectedValue.SUCCESS, "Tests over " + curve.getBits() + "b " + catName + " curve: " + curve.getId() + ".", generate, performKeyAgreements, performSignatures)); } private void testCurves(Collection<EC_Curve> curves, String catName, KeyPairGenerator kpg, Result.ExpectedValue expected) throws NoSuchAlgorithmException { diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandalonePerformanceSuite.java b/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandalonePerformanceSuite.java index a1b4d75..46e4141 100644 --- a/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandalonePerformanceSuite.java +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandalonePerformanceSuite.java @@ -38,9 +38,9 @@ public class StandalonePerformanceSuite extends StandaloneTestSuite { @Override protected void runTests() throws Exception { - String kpgAlgo = cli.getOptionValue("test.kpg-type"); - String kaAlgo = cli.getOptionValue("test.ka-type"); - String sigAlgo = cli.getOptionValue("test.sig-type"); + String kpgAlgo = cli.getOptionValue("test.kpg-type", "EC"); + String kaAlgo = cli.getOptionValue("test.ka-type", "ECDH"); + String sigAlgo = cli.getOptionValue("test.sig-type", "ECDSA"); String keyAlgo = cli.getOptionValue("test.key-type", "AES"); List<String> kpgTypes = kpgAlgo != null ? Arrays.asList(kpgAlgo.split(",")) : new ArrayList<>(); @@ -48,26 +48,16 @@ public class StandalonePerformanceSuite extends StandaloneTestSuite { List<String> sigTypes = sigAlgo != null ? Arrays.asList(sigAlgo.split(",")) : new ArrayList<>(); List<KeyPairGeneratorIdent> kpgIdents = new LinkedList<>(); - if (kpgAlgo == null) { - // try EC, if not, fail with: need to specify kpg algo. - Optional<KeyPairGeneratorIdent> kpgIdentOpt = cfg.selected.getKPGs().stream() - .filter((ident) -> ident.contains("EC")) - .findFirst(); - if (kpgIdentOpt.isPresent()) { - kpgIdents.add(kpgIdentOpt.get()); - } else { - System.err.println("The default KeyPairGenerator algorithm type of \"EC\" was not found. Need to specify a type."); - return; - } - } else { - // try the specified, if not, fail with: wrong kpg algo/not found. - kpgIdents = cfg.selected.getKPGs().stream() - .filter((ident) -> ident.containsAny(kpgTypes)).collect(Collectors.toList()); - if (kpgIdents.isEmpty()) { - System.err.println("No KeyPairGenerator algorithms of specified types were found."); - return; + for (String kpgChoice : kpgTypes) { + KeyPairGeneratorIdent ident = getKeyPairGeneratorIdent(kpgChoice); + if (ident != null && !kpgIdents.contains(ident)) { + kpgIdents.add(ident); } } + if (kpgIdents.isEmpty()) { + System.err.println("Need some KeyPairGenerators to be able to generate keys. Select at least one supported one using the -gt/--kpg-type option."); + return; + } KeyGeneratorTestable kgtOne = null; KeyGeneratorTestable kgtOther = null; @@ -77,8 +67,8 @@ public class StandalonePerformanceSuite extends StandaloneTestSuite { KeyPairGenerator kpg = kpgIdent.getInstance(cfg.selected.getProvider()); if (cli.hasOption("test.bits")) { int bits = Integer.parseInt(cli.getOptionValue("test.bits")); - kgtOne = new KeyGeneratorTestable(kpg, bits); - kgtOther = new KeyGeneratorTestable(kpg, bits); + kgtOne = KeyGeneratorTestable.builder().keyPairGenerator(kpg).keysize(bits).random(getRandom()).build(); + kgtOther = KeyGeneratorTestable.builder().keyPairGenerator(kpg).keysize(bits).random(getRandom()).build(); } else if (cli.hasOption("test.named-curve")) { String curveName = cli.getOptionValue("test.named-curve"); EC_Curve curve = EC_Store.getInstance().getObject(EC_Curve.class, curveName); @@ -87,15 +77,15 @@ public class StandalonePerformanceSuite extends StandaloneTestSuite { return; } spec = curve.toSpec(); - kgtOne = new KeyGeneratorTestable(kpg, spec); - kgtOther = new KeyGeneratorTestable(kpg, spec); + kgtOne = KeyGeneratorTestable.builder().keyPairGenerator(kpg).spec(spec).random(getRandom()).build(); + kgtOther = KeyGeneratorTestable.builder().keyPairGenerator(kpg).spec(spec).random(getRandom()).build(); } else { - kgtOne = new KeyGeneratorTestable(kpg); - kgtOther = new KeyGeneratorTestable(kpg); + kgtOne = KeyGeneratorTestable.builder().keyPairGenerator(kpg).random(getRandom()).build(); + kgtOther = KeyGeneratorTestable.builder().keyPairGenerator(kpg).random(getRandom()).build(); } kpgTests.add(PerformanceTest.repeat(kgtOne, cfg.selected, kpgIdent.getName(), count)); + kpgTests.add(PerformanceTest.repeat(kgtOther, cfg.selected, kpgIdent.getName(), count)); } - runTest(KeyGeneratorTest.expect(kgtOther, Result.ExpectedValue.SUCCESS)); doTest(CompoundTest.all(Result.ExpectedValue.SUCCESS, "KeyPairGenerator performance tests", kpgTests.toArray(new Test[0]))); List<Test> kaTests = new LinkedList<>(); @@ -104,9 +94,9 @@ public class StandalonePerformanceSuite extends StandaloneTestSuite { KeyAgreement ka = kaIdent.getInstance(cfg.selected.getProvider()); KeyAgreementTestable testable; if (kaIdent.requiresKeyAlgo()) { - testable = new KeyAgreementTestable(ka, kgtOne, kgtOther, spec, keyAlgo); + testable = KeyAgreementTestable.builder().ka(ka).privateKgt(kgtOne).publicKgt(kgtOther).spec(spec).random(getRandom()).keyAlgo(keyAlgo).build(); } else { - testable = new KeyAgreementTestable(ka, kgtOne, kgtOther, spec); + testable = KeyAgreementTestable.builder().ka(ka).privateKgt(kgtOne).publicKgt(kgtOther).spec(spec).random(getRandom()).build(); } kaTests.add(PerformanceTest.repeat(testable, cfg.selected, kaIdent.getName(), count)); } @@ -121,10 +111,12 @@ public class StandalonePerformanceSuite extends StandaloneTestSuite { for (SignatureIdent sigIdent : cfg.selected.getSigs()) { if (sigAlgo == null || sigIdent.containsAny(sigTypes)) { Signature sig = sigIdent.getInstance(cfg.selected.getProvider()); - sigTests.add(PerformanceTest.repeat(new SignatureTestable(sig, kgtOne, null), cfg.selected, sigIdent.getName(), count)); + byte[] data = sigIdent.toString().getBytes(); + sigTests.add(PerformanceTest.repeat(new SignatureTestable(sig, kgtOne, data, getRandom()), cfg.selected, sigIdent.getName(), count)); + // TODO: The following will always fail as a runTest is not done at this point. if (kgtOne.getKeyPair() != null) { ECPrivateKey signKey = (ECPrivateKey) kgtOne.getKeyPair().getPrivate(); - sigTestsNoVerification.add(PerformanceTest.repeat(new SignatureTestable(sig, signKey, null, null), cfg.selected, sigIdent.getName(), count)); + sigTestsNoVerification.add(PerformanceTest.repeat(new SignatureTestable(sig, signKey, null, data, getRandom()), cfg.selected, sigIdent.getName(), count)); } } } diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneSignatureSuite.java b/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneSignatureSuite.java index 8e5e452..740dca7 100644 --- a/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneSignatureSuite.java +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneSignatureSuite.java @@ -31,29 +31,9 @@ public class StandaloneSignatureSuite extends StandaloneTestSuite { protected void runTests() throws Exception { String sigAlgo = cli.getOptionValue("test.sig-type"); - SignatureIdent sigIdent; - if (sigAlgo == null) { - // try ECDSA, if not, fail with: need to specify sig algo. - Optional<SignatureIdent> sigIdentOpt = cfg.selected.getSigs().stream() - .filter((ident) -> ident.contains("ECDSA")) - .findFirst(); - if (sigIdentOpt.isPresent()) { - sigIdent = sigIdentOpt.get(); - } else { - System.err.println("The default Signature algorithm type of \"ECDSA\" was not found. Need to specify a type."); - return; - } - } else { - // try the specified, if not, fail with: wrong sig algo/not found. - Optional<SignatureIdent> sigIdentOpt = cfg.selected.getSigs().stream() - .filter((ident) -> ident.contains(sigAlgo)) - .findFirst(); - if (sigIdentOpt.isPresent()) { - sigIdent = sigIdentOpt.get(); - } else { - System.err.println("The Signature algorithm type of \"" + sigAlgo + "\" was not found."); - return; - } + SignatureIdent sigIdent = getSignatureIdent(sigAlgo); + if (sigIdent == null) { + return; } Map<String, EC_SigResult> results = EC_Store.getInstance().getObjects(EC_SigResult.class, "wrong"); @@ -81,11 +61,11 @@ public class StandaloneSignatureSuite extends StandaloneTestSuite { byte[] data = sig.getSigData(); if (data == null) { - data = defaultData; + data = sigIdent.toString().getBytes(); } Signature signature = sigIdent.getInstance(cfg.selected.getProvider()); - SignatureTestable testable = new SignatureTestable(signature, ecpub, data, sig.getData(0)); + SignatureTestable testable = new SignatureTestable(signature, ecpub, data, sig.getData(0), getRandom()); doTest(CompoundTest.all(Result.ExpectedValue.SUCCESS, "ECDSA test of " + sig.getId() + ".", SignatureTest.expectError(testable, expected))); } } diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneTestSuite.java b/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneTestSuite.java index e4e0013..bfea628 100644 --- a/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneTestSuite.java +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneTestSuite.java @@ -3,23 +3,90 @@ package cz.crcs.ectester.standalone.test.suites; import cz.crcs.ectester.common.cli.TreeCommandLine; import cz.crcs.ectester.common.output.TestWriter; import cz.crcs.ectester.common.test.TestSuite; +import cz.crcs.ectester.common.util.ByteUtil; +import cz.crcs.ectester.common.util.Util; import cz.crcs.ectester.standalone.ECTesterStandalone; +import cz.crcs.ectester.standalone.consts.Ident; +import cz.crcs.ectester.standalone.consts.KeyAgreementIdent; +import cz.crcs.ectester.standalone.consts.KeyPairGeneratorIdent; +import cz.crcs.ectester.standalone.consts.SignatureIdent; import cz.crcs.ectester.standalone.libs.ProviderECLibrary; +import java.security.SecureRandom; +import java.util.Optional; +import java.util.Set; + /** * @author Jan Jancar johny@neuromancer.sk */ public abstract class StandaloneTestSuite extends TestSuite { TreeCommandLine cli; ECTesterStandalone.Config cfg; + SecureRandom random; + byte[] seed; public StandaloneTestSuite(TestWriter writer, ECTesterStandalone.Config cfg, TreeCommandLine cli, String name, String... description) { super(writer, name, description); this.cfg = cfg; this.cli = cli; + if (cli != null && cli.hasOption("test.prng-seed")) { + String seedString = cli.getOptionValue("test.prng-seed"); + this.seed = ByteUtil.hexToBytes(seedString, true); + } else { + seed = new SecureRandom().generateSeed(16); + } + this.random = Util.getRandom(seed); } public ProviderECLibrary getLibrary() { return cfg.selected; } + + public byte[] getSeed() { + return seed; + } + + SecureRandom getRandom() { + return this.random; + } + + private <T extends Ident> T getIdent(Set<T> options, String choice, String identName, String defaultChoice) { + T ident; + if (choice == null) { + // try EC, if not, fail with: need to specify kpg algo. + Optional<T> identOpt = options.stream() + .filter((i) -> i.contains(defaultChoice)) + .findFirst(); + if (identOpt.isPresent()) { + ident = identOpt.get(); + } else { + System.err.printf("The default %s algorithm type of \"%s\" (default) was not found. Need to specify a type.", identName, defaultChoice); + return null; + } + } else { + // try the specified, if not, fail with: wrong kpg algo/not found. + Optional<T> identOpt = options.stream() + .filter((i) -> i.contains(choice)) + .findFirst(); + if (identOpt.isPresent()) { + ident = identOpt.get(); + } else { + System.err.printf("The %s algorithm type of \"%s\" was not found.", identName, choice); + return null; + } + } + return ident; + } + + KeyPairGeneratorIdent getKeyPairGeneratorIdent(String kpgAlgo) { + return getIdent(cfg.selected.getKPGs(), kpgAlgo, "KeyPairGenerator", "EC"); + } + + KeyAgreementIdent getKeyAgreementIdent(String kaAlgo) { + return getIdent(cfg.selected.getKAs(), kaAlgo, "KeyAgreement", "ECDH"); + } + + SignatureIdent getSignatureIdent(String sigAlgo) { + return getIdent(cfg.selected.getSigs(), sigAlgo, "Signature", "ECDSA"); + } } diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneTestVectorSuite.java b/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneTestVectorSuite.java index 111d354..1766953 100644 --- a/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneTestVectorSuite.java +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneTestVectorSuite.java @@ -56,7 +56,7 @@ public class StandaloneTestVectorSuite extends StandaloneTestSuite { KeyAgreementIdent kaIdent = KeyAgreementIdent.get("ECDH"); KeyAgreement ka = kaIdent.getInstance(cfg.selected.getProvider()); - KeyAgreementTestable testable = new KeyAgreementTestable(ka, privkey, pubkey); + KeyAgreementTestable testable = KeyAgreementTestable.builder().ka(ka).privateKey(privkey).publicKey(pubkey).random(getRandom()).build(); doTest(CompoundTest.all(Result.ExpectedValue.SUCCESS, "Test vector " + result.getId(), KeyAgreementTest.match(testable, result.getData(0)))); } } diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneTwistSuite.java b/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneTwistSuite.java index 37adbb2..1f08a80 100644 --- a/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneTwistSuite.java +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneTwistSuite.java @@ -1,133 +1,15 @@ package cz.crcs.ectester.standalone.test.suites; import cz.crcs.ectester.common.cli.TreeCommandLine; -import cz.crcs.ectester.common.ec.EC_Curve; -import cz.crcs.ectester.common.ec.EC_Key; import cz.crcs.ectester.common.output.TestWriter; -import cz.crcs.ectester.common.test.CompoundTest; -import cz.crcs.ectester.common.test.Result; -import cz.crcs.ectester.common.test.Test; -import cz.crcs.ectester.common.util.ECUtil; -import cz.crcs.ectester.data.EC_Store; import cz.crcs.ectester.standalone.ECTesterStandalone; -import cz.crcs.ectester.standalone.consts.KeyAgreementIdent; -import cz.crcs.ectester.standalone.consts.KeyPairGeneratorIdent; -import cz.crcs.ectester.standalone.test.base.KeyAgreementTest; -import cz.crcs.ectester.standalone.test.base.KeyAgreementTestable; -import cz.crcs.ectester.standalone.test.base.KeyGeneratorTest; -import cz.crcs.ectester.standalone.test.base.KeyGeneratorTestable; - -import javax.crypto.KeyAgreement; -import java.security.KeyPair; -import java.security.KeyPairGenerator; -import java.security.interfaces.ECPrivateKey; -import java.security.interfaces.ECPublicKey; -import java.security.spec.ECGenParameterSpec; -import java.security.spec.ECParameterSpec; -import java.util.*; /** * @author David Hofman */ -public class StandaloneTwistSuite extends StandaloneTestSuite { +public class StandaloneTwistSuite extends StandaloneForeignSuite { public StandaloneTwistSuite(TestWriter writer, ECTesterStandalone.Config cfg, TreeCommandLine cli) { super(writer, cfg, cli, "twist", "The twist test suite tests whether the library correctly rejects points on the quadratic twist of the curve during ECDH.", "Supports options:", "\t - gt/kpg-type", "\t - kt/ka-type (select multiple types by separating them with commas)"); } - - @Override - protected void runTests() throws Exception { - String kpgAlgo = cli.getOptionValue("test.kpg-type"); - String kaAlgo = cli.getOptionValue("test.ka-type"); - List<String> kaTypes = kaAlgo != null ? Arrays.asList(kaAlgo.split(",")) : new ArrayList<>(); - - KeyPairGeneratorIdent kpgIdent; - if (kpgAlgo == null) { - // try EC, if not, fail with: need to specify kpg algo. - Optional<KeyPairGeneratorIdent> kpgIdentOpt = cfg.selected.getKPGs().stream() - .filter((ident) -> ident.contains("EC")) - .findFirst(); - if (kpgIdentOpt.isPresent()) { - kpgIdent = kpgIdentOpt.get(); - } else { - System.err.println("The default KeyPairGenerator algorithm type of \"EC\" was not found. Need to specify a type."); - return; - } - } else { - // try the specified, if not, fail with: wrong kpg algo/not found. - Optional<KeyPairGeneratorIdent> kpgIdentOpt = cfg.selected.getKPGs().stream() - .filter((ident) -> ident.contains(kpgAlgo)) - .findFirst(); - if (kpgIdentOpt.isPresent()) { - kpgIdent = kpgIdentOpt.get(); - } else { - System.err.println("The KeyPairGenerator algorithm type of \"" + kpgAlgo + "\" was not found."); - return; - } - } - - Map<String, EC_Key.Public> pubkeys = EC_Store.getInstance().getObjects(EC_Key.Public.class, "twist"); - Map<EC_Curve, List<EC_Key.Public>> curveList = EC_Store.mapKeyToCurve(pubkeys.values()); - for (Map.Entry<EC_Curve, List<EC_Key.Public>> e : curveList.entrySet()) { - EC_Curve curve = e.getKey(); - List<EC_Key.Public> keys = e.getValue(); - - KeyPairGenerator kpg = kpgIdent.getInstance(cfg.selected.getProvider()); - ECParameterSpec spec = curve.toSpec(); - KeyGeneratorTestable kgt = new KeyGeneratorTestable(kpg, spec); - - Test generateSuccess; - Test generate = KeyGeneratorTest.expectError(kgt, Result.ExpectedValue.ANY); - runTest(generate); - KeyPair kp = kgt.getKeyPair(); - if (kp != null) { - generateSuccess = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Generate keypair.", generate); - } else { - // If KeyPair generation fails, try generating it on named curve instead. - ECGenParameterSpec namedSpec = new ECGenParameterSpec(curve.getId()); - KeyGeneratorTestable kgtOnNamedCurve = new KeyGeneratorTestable(kpg, namedSpec); - Test generateOnNamedCurve = KeyGeneratorTest.expectError(kgtOnNamedCurve, Result.ExpectedValue.ANY); - runTest(generateOnNamedCurve); - kp = kgtOnNamedCurve.getKeyPair(); - if (kp != null) { - generateSuccess = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Generate keypair (named curve).", generateOnNamedCurve); - } else { - // If even the named curve generation fails, try generating with the default curve instead. Use this key only if it has the same domain parameters as our public key. - KeyGeneratorTestable kgtOnDefaultCurve = new KeyGeneratorTestable(kpg, curve.getBits()); - Test generateOnDefaultCurve = KeyGeneratorTest.expectError(kgtOnDefaultCurve, Result.ExpectedValue.ANY); - runTest(generateOnDefaultCurve); - kp = kgtOnDefaultCurve.getKeyPair(); - if (kp != null && ECUtil.equalKeyPairParameters((ECPrivateKey) kp.getPrivate(), ECUtil.toPublicKey(keys.get(0)))) { - generateSuccess = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Generate keypair (default curve).", generateOnDefaultCurve); - } else { - Test generateNotEqual = CompoundTest.function(tests -> new Result(Result.Value.FAILURE, "Default parameters do not match the curve " + curve.getId()), "Default parameters do not match the curve " + curve.getId(), generateOnDefaultCurve); - Test generateFail = CompoundTest.any(Result.ExpectedValue.SUCCESS, "Generating KeyPair has failed on " + curve.getId() + ". " + "KeyAgreement tests will be skipped.", generate, generateOnNamedCurve, generateNotEqual); - doTest(CompoundTest.all(Result.ExpectedValue.SUCCESS, "Twist test of " + curve.getId() + ".", generateFail)); - continue; - } - } - } - ECPrivateKey ecpriv = (ECPrivateKey) kp.getPrivate(); - - List<Test> allKaTests = new LinkedList<>(); - for (KeyAgreementIdent kaIdent : cfg.selected.getKAs()) { - if (kaAlgo == null || kaIdent.containsAny(kaTypes)) { - List<Test> specificKaTests = new LinkedList<>(); - for (EC_Key.Public pub : keys) { - ECPublicKey ecpub = ECUtil.toPublicKey(pub); - KeyAgreement ka = kaIdent.getInstance(cfg.selected.getProvider()); - KeyAgreementTestable testable = new KeyAgreementTestable(ka, ecpriv, ecpub); - Test keyAgreement = KeyAgreementTest.expectError(testable, Result.ExpectedValue.FAILURE); - specificKaTests.add(CompoundTest.all(Result.ExpectedValue.SUCCESS, pub.getId() + " twist key test.", keyAgreement)); - } - allKaTests.add(CompoundTest.all(Result.ExpectedValue.SUCCESS, "Perform " + kaIdent.getName() + " with public points on twist.", specificKaTests.toArray(new Test[0]))); - } - } - if (allKaTests.isEmpty()) { - allKaTests.add(CompoundTest.all(Result.ExpectedValue.SUCCESS, "None of the specified key agreement types is supported by the library.")); - } - Test tests = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Do tests.", allKaTests.toArray(new Test[0])); - doTest(CompoundTest.greedyAllTry(Result.ExpectedValue.SUCCESS, "Twist test of " + curve.getId() + ".", generateSuccess, tests)); - } - } } diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneWrongSuite.java b/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneWrongSuite.java index 1aae9d5..1a18188 100644 --- a/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneWrongSuite.java +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/test/suites/StandaloneWrongSuite.java @@ -50,54 +50,15 @@ public class StandaloneWrongSuite extends StandaloneTestSuite { String kaAlgo = cli.getOptionValue("test.ka-type"); boolean skip = cli.getArg(1).equalsIgnoreCase("-skip"); - KeyPairGeneratorIdent kpgIdent; - if (kpgAlgo == null) { - // try EC, if not, fail with: need to specify kpg algo. - Optional<KeyPairGeneratorIdent> kpgIdentOpt = cfg.selected.getKPGs().stream() - .filter((ident) -> ident.contains("EC")) - .findFirst(); - if (kpgIdentOpt.isPresent()) { - kpgIdent = kpgIdentOpt.get(); - } else { - System.err.println("The default KeyPairGenerator algorithm type of \"EC\" was not found. Need to specify a type."); - return; - } - } else { - // try the specified, if not, fail with: wrong kpg algo/not found. - Optional<KeyPairGeneratorIdent> kpgIdentOpt = cfg.selected.getKPGs().stream() - .filter((ident) -> ident.contains(kpgAlgo)) - .findFirst(); - if (kpgIdentOpt.isPresent()) { - kpgIdent = kpgIdentOpt.get(); - } else { - System.err.println("The KeyPairGenerator algorithm type of \"" + kpgAlgo + "\" was not found."); - return; - } + KeyPairGeneratorIdent kpgIdent = getKeyPairGeneratorIdent(kpgAlgo); + if (kpgIdent == null) { + return; } kpg = kpgIdent.getInstance(cfg.selected.getProvider()); - if (kaAlgo == null) { - // try ECDH, if not, fail with: need to specify ka algo. - Optional<KeyAgreementIdent> kaIdentOpt = cfg.selected.getKAs().stream() - .filter((ident) -> ident.contains("ECDH")) - .findFirst(); - if (kaIdentOpt.isPresent()) { - kaIdent = kaIdentOpt.get(); - } else { - System.err.println("The default KeyAgreement algorithm type of \"ECDH\" was not found. Need to specify a type."); - return; - } - } else { - // try the specified, if not, fail with: wrong ka algo/not found. - Optional<KeyAgreementIdent> kaIdentOpt = cfg.selected.getKAs().stream() - .filter((ident) -> ident.contains(kaAlgo)) - .findFirst(); - if (kaIdentOpt.isPresent()) { - kaIdent = kaIdentOpt.get(); - } else { - System.err.println("The KeyAgreement algorithm type of \"" + kaAlgo + "\" was not found."); - return; - } + kaIdent = getKeyAgreementIdent(kaAlgo); + if (kaIdent == null) { + return; } /* Just do the default run on the wrong curves. @@ -108,29 +69,18 @@ public class StandaloneWrongSuite extends StandaloneTestSuite { for (Map.Entry<String, EC_Curve> e : wrongCurves.entrySet()) { EC_Curve curve = e.getValue(); - ECParameterSpec spec = curve.toSpec(); + ECParameterSpec spec = toCustomSpec(curve); String type = curve.getField() == javacard.security.KeyPair.ALG_EC_FP ? "FP" : "F2M"; //try generating a keypair - KeyGeneratorTestable kgt = new KeyGeneratorTestable(kpg, spec); + KeyGeneratorTestable kgt = KeyGeneratorTestable.builder().keyPairGenerator(kpg).spec(spec).random(getRandom()).build(); Test generate = KeyGeneratorTest.expectError(kgt, Result.ExpectedValue.ANY); - runTest(generate); - KeyPair kp = kgt.getKeyPair(); - if (kp == null) { - Test generateFail = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Generating KeyPair has failed on " + curve.getId() + ".", generate); - doTest(CompoundTest.all(Result.ExpectedValue.SUCCESS, "Wrong curve test of " + curve.getBits() - + "b " + type + ". " + curve.getDesc(), generateFail)); - continue; - } - Test generateSuccess = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Generate keypair.", generate); - ECPrivateKey ecpriv = (ECPrivateKey) kp.getPrivate(); - ECPublicKey ecpub = (ECPublicKey) kp.getPublic(); KeyAgreement ka = kaIdent.getInstance(cfg.selected.getProvider()); - KeyAgreementTestable testable = new KeyAgreementTestable(ka, ecpriv, ecpub); + KeyAgreementTestable testable = KeyAgreementTestable.builder().ka(ka).privateKgt(kgt).publicKgt(kgt).random(getRandom()).build(); Test ecdh = KeyAgreementTest.expectError(testable, Result.ExpectedValue.FAILURE); - doTest(CompoundTest.all(Result.ExpectedValue.SUCCESS, "Wrong curve test of " + curve.getBits() - + "b " + type + ". " + curve.getDesc(), generateSuccess, ecdh)); + doTest(CompoundTest.function(CompoundTest.EXPECT_ALL_SUCCESS, CompoundTest.RUN_ALL_IF_FIRST, "Wrong curve test of " + curve.getBits() + + "b " + type + ". " + curve.getDesc(), generate, ecdh)); } } @@ -146,7 +96,7 @@ public class StandaloneWrongSuite extends StandaloneTestSuite { Map<String, EC_Curve> curveMap = EC_Store.getInstance().getObjects(EC_Curve.class, "secg"); List<EC_Curve> curves = curveMap.entrySet().stream().filter((e) -> e.getKey().endsWith("r1") && e.getValue().getField() == javacard.security.KeyPair.ALG_EC_FP).map(Map.Entry::getValue).collect(Collectors.toList()); - Random r = new Random(); + Random r = getRandom(); for (EC_Curve curve : curves) { short bits = curve.getBits(); final byte[] originalp = curve.getParam(EC_Consts.PARAMETER_FP)[0]; @@ -264,7 +214,7 @@ public class StandaloneWrongSuite extends StandaloneTestSuite { ByteUtil.shortToBytes((short) 0), ByteUtil.shortToBytes((short) 0)}; curve.setParam(EC_Consts.PARAMETER_F2M, coeffBytes); - Test coeff0 = ecdhTest(toCustomSpec(curve), "ECDH with wrong field polynomial: x^"); + Test coeff0 = ecdhTest(toCustomSpec(curve), "ECDH with wrong field polynomial: 0"); short e1 = (short) (2 * bits); short e2 = (short) (3 * bits); @@ -283,52 +233,19 @@ public class StandaloneWrongSuite extends StandaloneTestSuite { private Test ecdhTest(ECParameterSpec spec, String desc) throws NoSuchAlgorithmException { //generate KeyPair - KeyGeneratorTestable kgt = new KeyGeneratorTestable(kpg, spec); + KeyGeneratorTestable kgt = KeyGeneratorTestable.builder().keyPairGenerator(kpg).spec(spec).random(getRandom()).build(); Test generate = KeyGeneratorTest.expectError(kgt, Result.ExpectedValue.FAILURE); - runTest(generate); - KeyPair kp = kgt.getKeyPair(); - if (kp == null) { - return CompoundTest.all(Result.ExpectedValue.SUCCESS, desc, generate); - } - ECPublicKey pub = (ECPublicKey) kp.getPublic(); - ECPrivateKey priv = (ECPrivateKey) kp.getPrivate(); //perform ECDH KeyAgreement ka = kaIdent.getInstance(cfg.selected.getProvider()); - KeyAgreementTestable testable = new KeyAgreementTestable(ka, priv, pub); + KeyAgreementTestable testable = KeyAgreementTestable.builder().ka(ka).privateKgt(kgt).publicKgt(kgt).random(getRandom()).build(); Test ecdh = KeyAgreementTest.expect(testable, Result.ExpectedValue.FAILURE); - return CompoundTest.all(Result.ExpectedValue.SUCCESS, desc, generate, ecdh); - } - - //constructs EllipticCurve from EC_Curve even if the parameters of the curve are wrong - private EllipticCurve toCustomCurve(EC_Curve curve) { - ECField field; - if (curve.getField() == javacard.security.KeyPair.ALG_EC_FP) { - field = new CustomECFieldFp(new BigInteger(1, curve.getData(0))); - } else { - byte[][] fieldData = curve.getParam(EC_Consts.PARAMETER_F2M); - int m = ByteUtil.getShort(fieldData[0], 0); - int e1 = ByteUtil.getShort(fieldData[1], 0); - int e2 = ByteUtil.getShort(fieldData[2], 0); - int e3 = ByteUtil.getShort(fieldData[3], 0); - int[] powers; - if (e2 == 0 && e3 == 0) { - powers = new int[]{e1}; - } else { - powers = new int[]{e1, e2, e3}; - } - field = new CustomECFieldF2m(m, powers); - } - - BigInteger a = new BigInteger(1, curve.getParam(EC_Consts.PARAMETER_A)[0]); - BigInteger b = new BigInteger(1, curve.getParam(EC_Consts.PARAMETER_B)[0]); - - return new CustomEllipticCurve(field, a, b); + return CompoundTest.function(CompoundTest.EXPECT_ALL_SUCCESS, CompoundTest.RUN_ALL_IF_FIRST, desc, generate, ecdh); } //constructs ECParameterSpec from EC_Curve even if the parameters of the curve are wrong private ECParameterSpec toCustomSpec(EC_Curve curve) { - EllipticCurve customCurve = toCustomCurve(curve); + EllipticCurve customCurve = curve.toCustomCurve(); byte[][] G = curve.getParam(EC_Consts.PARAMETER_G); BigInteger gx = new BigInteger(1, G[0]); |