aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/cz/crcs/ectester/common/util/ECUtil.java31
-rw-r--r--src/cz/crcs/ectester/data/cofactor/cofactor160p56467.csv1
-rw-r--r--src/cz/crcs/ectester/data/cofactor/cofactor160p65521.csv1
-rw-r--r--src/cz/crcs/ectester/data/cofactor/cofactor160p65535.csv1
-rw-r--r--src/cz/crcs/ectester/data/cofactor/curves.xml18
-rw-r--r--src/cz/crcs/ectester/data/cofactor/keys.xml18
-rw-r--r--src/cz/crcs/ectester/reader/test/CardCofactorSuite.java2
-rw-r--r--src/cz/crcs/ectester/reader/test/CardEdgeCasesSuite.java8
-rw-r--r--src/cz/crcs/ectester/reader/test/CardMiscSuite.java14
9 files changed, 84 insertions, 10 deletions
diff --git a/src/cz/crcs/ectester/common/util/ECUtil.java b/src/cz/crcs/ectester/common/util/ECUtil.java
index 75a75fc..4736f23 100644
--- a/src/cz/crcs/ectester/common/util/ECUtil.java
+++ b/src/cz/crcs/ectester/common/util/ECUtil.java
@@ -20,6 +20,7 @@ import java.security.interfaces.ECKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.*;
+import java.util.Random;
/**
* @author Jan Jancar johny@neuromancer.sk
@@ -97,7 +98,7 @@ public class ECUtil {
private static boolean isResidue(BigInteger a, BigInteger p) {
BigInteger exponent = p.subtract(BigInteger.ONE).divide(BigInteger.valueOf(2));
BigInteger result = a.modPow(exponent, p);
- return result.intValueExact() == 1;
+ return result.equals(BigInteger.ONE);
}
private static BigInteger modSqrt(BigInteger a, BigInteger p) {
@@ -329,4 +330,32 @@ public class ECUtil {
}
return null;
}
+
+ public static EC_Params randomPoint(EllipticCurve curve) {
+ BigInteger x;
+ BigInteger p;
+ if (curve.getField() instanceof ECFieldFp) {
+ ECFieldFp fp = (ECFieldFp) curve.getField();
+ p = fp.getP();
+ } else {
+ //TODO
+ throw new UnsupportedOperationException();
+ }
+ BigInteger rhs;
+ Random rand = new Random();
+ do {
+ x = new BigInteger(curve.getField().getFieldSize(), rand);
+ x = x.mod(p);
+ rhs = x.modPow(BigInteger.valueOf(3), p);
+ rhs = rhs.add(curve.getA().multiply(x)).mod(p);
+ rhs = rhs.add(curve.getB()).mod(p);
+ } while (!isResidue(rhs, p));
+ BigInteger y = modSqrt(rhs, p);
+ if (rand.nextBoolean()) {
+ y = p.subtract(y);
+ }
+ byte[] xArr = toByteArray(x, curve.getField().getFieldSize());
+ byte[] yArr = toByteArray(y, curve.getField().getFieldSize());
+ return new EC_Params(EC_Consts.PARAMETER_W, new byte[][]{xArr, yArr});
+ }
}
diff --git a/src/cz/crcs/ectester/data/cofactor/cofactor160p56467.csv b/src/cz/crcs/ectester/data/cofactor/cofactor160p56467.csv
new file mode 100644
index 0000000..f5355bf
--- /dev/null
+++ b/src/cz/crcs/ectester/data/cofactor/cofactor160p56467.csv
@@ -0,0 +1 @@
+0x9e1cee7f5d94e89ef3fd2495a5f441e4d0089761,0x652a7627dced8c162fe2550b47f3a0244e378343,0x534fba94f02ffd658a31473600f5ec9a105f8e9a,0x045ac019464f3462ea668abafb5e4132b3143015,0x2a7ee80b1b2077e5efe8be68363b96326db5379d,0x0000b781d03d6dbd8c8ac3d780a2924dcec0bfb7,0xdc93 \ No newline at end of file
diff --git a/src/cz/crcs/ectester/data/cofactor/cofactor160p65521.csv b/src/cz/crcs/ectester/data/cofactor/cofactor160p65521.csv
new file mode 100644
index 0000000..10e3605
--- /dev/null
+++ b/src/cz/crcs/ectester/data/cofactor/cofactor160p65521.csv
@@ -0,0 +1 @@
+0x9e1cee7f5d94e89ef3fbf9957f0cd8e42c99184b,0x9035f448a33d8ea2e07bb4d25235f9b537cda8ad,0x95c5b09f7e391ba56198394f6bef2f78d1988c6e,0x57fa57b33a0bf68349a6458cc4c31bdba1537923,0x1f1a0a3d7250ecd7aaccb90be7a5748099c7b398,0x00009e2632bc569dfbe0b62653897822ea67197d,0xfff1 \ No newline at end of file
diff --git a/src/cz/crcs/ectester/data/cofactor/cofactor160p65535.csv b/src/cz/crcs/ectester/data/cofactor/cofactor160p65535.csv
new file mode 100644
index 0000000..bd47372
--- /dev/null
+++ b/src/cz/crcs/ectester/data/cofactor/cofactor160p65535.csv
@@ -0,0 +1 @@
+0x9e1cee7f5d94e89ef3fc6e6bc13cd2ed3d5b1a59,0x75cb167293650be7c3be3dedb92f06f1d0200135,0x218e827ae606230fe9b076bf8beb5421cb467839,0x55ab2088b77a9f79e050a9f0de962090d1de4157,0x0add088122fda90ecb2e84eded3aba2bf6db1e2b,0x00009e1d8c9cea31d2d0c6cc6e17012be1873f03,0xffff \ No newline at end of file
diff --git a/src/cz/crcs/ectester/data/cofactor/curves.xml b/src/cz/crcs/ectester/data/cofactor/curves.xml
index 0b8c52e..30204e8 100644
--- a/src/cz/crcs/ectester/data/cofactor/curves.xml
+++ b/src/cz/crcs/ectester/data/cofactor/curves.xml
@@ -62,6 +62,24 @@
<field>prime</field>
<file>cofactor128p65535.csv</file>
</curve>
+ <curve>
+ <id>large/cofactor160p56467</id>
+ <bits>160</bits>
+ <field>prime</field>
+ <file>cofactor160p56467.csv</file>
+ </curve>
+ <curve>
+ <id>large/cofactor160p65521</id>
+ <bits>160</bits>
+ <field>prime</field>
+ <file>cofactor160p65521.csv</file>
+ </curve>
+ <curve>
+ <id>large/cofactor160p65535</id>
+ <bits>160</bits>
+ <field>prime</field>
+ <file>cofactor160p65535.csv</file>
+ </curve>
<curve>
<id>cofactor160p2</id>
diff --git a/src/cz/crcs/ectester/data/cofactor/keys.xml b/src/cz/crcs/ectester/data/cofactor/keys.xml
index 2be7238..d6058f0 100644
--- a/src/cz/crcs/ectester/data/cofactor/keys.xml
+++ b/src/cz/crcs/ectester/data/cofactor/keys.xml
@@ -721,4 +721,22 @@
<curve>cofactor/large/cofactor128p65535</curve>
<desc>cofactor order = 0xffff</desc>
</pubkey>
+ <pubkey>
+ <id>large/cofactor160p56467/0</id>
+ <inline>0x574d8a01e5ce61862b1f9504f81abe454ae30cf3,0x5c099446c1d7c24df133f85ecc0baa27a687c8e5</inline>
+ <curve>cofactor/large/cofactor160p56467</curve>
+ <desc>cofactor order = 0xdc93</desc>
+ </pubkey>
+ <pubkey>
+ <id>large/cofactor160p65521/0</id>
+ <inline>0x2567137bf265849618b13057f22ead81753bb39d,0x746c2fc9f040cf8ceeac2015f07522e9616bd094</inline>
+ <curve>cofactor/large/cofactor160p65521</curve>
+ <desc>cofactor order = 0xfff1</desc>
+ </pubkey>
+ <pubkey>
+ <id>large/cofactor160p65535/0</id>
+ <inline>0x0b16071db6d90823611ad35ed728b4f9a9abff9e,0x852a227d06c50d603cc4d8592770f535766927a2</inline>
+ <curve>cofactor/large/cofactor160p65535</curve>
+ <desc>cofactor order = 0xffff</desc>
+ </pubkey>
</keys>
diff --git a/src/cz/crcs/ectester/reader/test/CardCofactorSuite.java b/src/cz/crcs/ectester/reader/test/CardCofactorSuite.java
index 4a8fcc0..7d44870 100644
--- a/src/cz/crcs/ectester/reader/test/CardCofactorSuite.java
+++ b/src/cz/crcs/ectester/reader/test/CardCofactorSuite.java
@@ -47,7 +47,7 @@ public class CardCofactorSuite extends CardTestSuite {
for (EC_Key.Public pub : keys) {
Test setPub = CommandTest.expect(new Command.Set(this.card, ECTesterApplet.KEYPAIR_REMOTE, EC_Consts.CURVE_external, pub.getParams(), pub.flatten()), Result.ExpectedValue.FAILURE);
Test ecdh = CommandTest.expect(new Command.ECDH(this.card, ECTesterApplet.KEYPAIR_REMOTE, ECTesterApplet.KEYPAIR_LOCAL, ECTesterApplet.EXPORT_FALSE, EC_Consts.TRANSFORMATION_NONE, EC_Consts.KeyAgreement_ALG_EC_SVDP_DH), Result.ExpectedValue.FAILURE);
- Test objectEcdh = CompoundTest.any(Result.ExpectedValue.SUCCESS, CardUtil.getKATypeString(EC_Consts.KeyAgreement_ALG_EC_SVDP_DH) + " test with degenerate pubkey.", setPub, ecdh);
+ Test objectEcdh = CompoundTest.any(Result.ExpectedValue.SUCCESS, CardUtil.getKATypeString(EC_Consts.KeyAgreement_ALG_EC_SVDP_DH) + " test with cofactor pubkey.", setPub, ecdh);
Command ecdhCommand = new Command.ECDH_direct(this.card, ECTesterApplet.KEYPAIR_LOCAL, ECTesterApplet.EXPORT_FALSE, EC_Consts.TRANSFORMATION_NONE, EC_Consts.KeyAgreement_ALG_EC_SVDP_DH, pub.flatten());
Test rawEcdh = CommandTest.expect(ecdhCommand, ExpectedValue.FAILURE, "Card correctly rejected point on non-generator subgroup.", "Card incorrectly accepted point on non-generator subgroup.");
ecdhTests.add(CompoundTest.all(Result.ExpectedValue.SUCCESS, pub.getId() + " cofactor key test.", objectEcdh, rawEcdh));
diff --git a/src/cz/crcs/ectester/reader/test/CardEdgeCasesSuite.java b/src/cz/crcs/ectester/reader/test/CardEdgeCasesSuite.java
index cebbc36..9257b3d 100644
--- a/src/cz/crcs/ectester/reader/test/CardEdgeCasesSuite.java
+++ b/src/cz/crcs/ectester/reader/test/CardEdgeCasesSuite.java
@@ -33,7 +33,7 @@ public class CardEdgeCasesSuite extends CardTestSuite {
public CardEdgeCasesSuite(TestWriter writer, ECTesterReader.Config cfg, CardMngr cardManager) {
super(writer, cfg, cardManager, "edge-cases", null, "The edge-cases test suite tests various inputs to ECDH which may cause an implementation to achieve a certain edge-case state during it.",
"Some of the data is from the google/Wycheproof project. Tests include CVE-2017-10176 and CVE-2017-8932.",
- "Also tests values of the private key and public key that would trigger the OpenSSL modualr multiplication bug on the P-256 curve.",
+ "Also tests values of the private key and public key that would trigger the OpenSSL modular multiplication bug on the P-256 curve.",
"Various edge private key values are also tested.");
}
@@ -158,6 +158,7 @@ public class CardEdgeCasesSuite extends CardTestSuite {
CommandTest export = CommandTest.expect(new Command.Export(this.card, ECTesterApplet.KEYPAIR_LOCAL, EC_Consts.KEY_PUBLIC, EC_Consts.PARAMETER_W), Result.ExpectedValue.SUCCESS);
Test setup = runTest(CompoundTest.all(Result.ExpectedValue.SUCCESS, "KeyPair setup.", key, set, generate, export));
+ /*
byte[] pParam = curve.getParam(EC_Consts.PARAMETER_FP)[0];
BigInteger p = new BigInteger(1, pParam);
byte[] wParam = ((Response.Export) export.getResponse()).getParameter(ECTesterApplet.KEYPAIR_LOCAL, EC_Consts.PARAMETER_W);
@@ -171,6 +172,7 @@ public class CardEdgeCasesSuite extends CardTestSuite {
EC_Params negYParams = new EC_Params(EC_Consts.PARAMETER_W, new byte[][]{xValue, newY});
Test negYTest = ecdhTest(new Command.Set(this.card, ECTesterApplet.KEYPAIR_LOCAL, EC_Consts.CURVE_external, negYParams.getParams(), negYParams.flatten()), "ECDH with pubkey negated.", Result.ExpectedValue.FAILURE, Result.ExpectedValue.FAILURE);
+ */
Test zeroS = ecdhTest(new Command.Transform(this.card, ECTesterApplet.KEYPAIR_REMOTE, EC_Consts.CURVE_external, EC_Consts.PARAMETER_S, EC_Consts.TRANSFORMATION_ZERO), "ECDH with S = 0.", Result.ExpectedValue.FAILURE, Result.ExpectedValue.FAILURE);
Test oneS = ecdhTest(new Command.Transform(this.card, ECTesterApplet.KEYPAIR_REMOTE, EC_Consts.CURVE_external, EC_Consts.PARAMETER_S, EC_Consts.TRANSFORMATION_ONE), "ECDH with S = 1.", Result.ExpectedValue.FAILURE, Result.ExpectedValue.FAILURE);
@@ -237,9 +239,9 @@ public class CardEdgeCasesSuite extends CardTestSuite {
if (cfg.cleanup) {
Test cleanup = CommandTest.expect(new Command.Cleanup(this.card), Result.ExpectedValue.ANY);
- doTest(CompoundTest.all(Result.ExpectedValue.SUCCESS, "Tests with edge-case private key values over " + curve.getId() + ".", setup, negYTest, zeroS, oneS, alternateS, alternateOtherS, fullS, smallerS, exactS, largerS, rm1S, rp1S, krS, krm1S, krp1S, cleanup));
+ doTest(CompoundTest.all(Result.ExpectedValue.SUCCESS, "Tests with edge-case private key values over " + curve.getId() + ".", setup, zeroS, oneS, alternateS, alternateOtherS, fullS, smallerS, exactS, largerS, rm1S, rp1S, krS, krm1S, krp1S, cleanup));
} else {
- doTest(CompoundTest.all(Result.ExpectedValue.SUCCESS, "Tests with edge-case private key values over " + curve.getId() + ".", setup, negYTest, zeroS, oneS, alternateS, alternateOtherS, fullS, smallerS, exactS, largerS, rm1S, rp1S, krS, krm1S, krp1S));
+ doTest(CompoundTest.all(Result.ExpectedValue.SUCCESS, "Tests with edge-case private key values over " + curve.getId() + ".", setup, zeroS, oneS, alternateS, alternateOtherS, fullS, smallerS, exactS, largerS, rm1S, rp1S, krS, krm1S, krp1S));
}
}
diff --git a/src/cz/crcs/ectester/reader/test/CardMiscSuite.java b/src/cz/crcs/ectester/reader/test/CardMiscSuite.java
index d1a5c0f..f977466 100644
--- a/src/cz/crcs/ectester/reader/test/CardMiscSuite.java
+++ b/src/cz/crcs/ectester/reader/test/CardMiscSuite.java
@@ -3,10 +3,12 @@ package cz.crcs.ectester.reader.test;
import cz.crcs.ectester.applet.ECTesterApplet;
import cz.crcs.ectester.applet.EC_Consts;
import cz.crcs.ectester.common.ec.EC_Curve;
+import cz.crcs.ectester.common.ec.EC_Params;
import cz.crcs.ectester.common.output.TestWriter;
import cz.crcs.ectester.common.test.CompoundTest;
import cz.crcs.ectester.common.test.Result;
import cz.crcs.ectester.common.test.Test;
+import cz.crcs.ectester.common.util.ECUtil;
import cz.crcs.ectester.data.EC_Store;
import cz.crcs.ectester.reader.CardMngr;
import cz.crcs.ectester.reader.ECTesterReader;
@@ -23,7 +25,7 @@ import java.util.Map;
public class CardMiscSuite extends CardTestSuite {
public CardMiscSuite(TestWriter writer, ECTesterReader.Config cfg, CardMngr cardManager) {
- super(writer, cfg, cardManager, "miscellaneous",new String[]{"preset"}, "Some miscellaneous tests, tries ECDH and ECDSA over supersingular curves, anomalous curves,",
+ super(writer, cfg, cardManager, "miscellaneous", new String[]{"preset"}, "Some miscellaneous tests, tries ECDH and ECDSA over supersingular curves, anomalous curves,",
"Barreto-Naehrig curves with small embedding degree and CM discriminant, MNT curves,",
"some Montgomery curves transformed to short Weierstrass form and Curve25519 transformed to short Weierstrass form.");
}
@@ -57,15 +59,17 @@ public class CardMiscSuite extends CardTestSuite {
Test set = CommandTest.expect(new Command.Set(this.card, ECTesterApplet.KEYPAIR_BOTH, EC_Consts.CURVE_external, curve.getParams(), curve.flatten()), Result.ExpectedValue.SUCCESS);
Test generate = genOrPreset(curve, Result.ExpectedValue.ANY);
- Test ka = CommandTest.expect(new Command.ECDH(this.card, ECTesterApplet.KEYPAIR_LOCAL, ECTesterApplet.KEYPAIR_REMOTE, ECTesterApplet.EXPORT_FALSE, EC_Consts.TRANSFORMATION_NONE, EC_Consts.KeyAgreement_ALG_EC_SVDP_DH), expected);
- Test sig = CommandTest.expect(new Command.ECDSA(this.card, ECTesterApplet.KEYPAIR_LOCAL, EC_Consts.Signature_ALG_ECDSA_SHA, ECTesterApplet.EXPORT_FALSE, null), expected);
+ EC_Params randomPub = ECUtil.randomPoint(curve.toCurve());
+ Test setRemote = CommandTest.expect(new Command.Set(this.card, ECTesterApplet.KEYPAIR_REMOTE, EC_Consts.CURVE_external, randomPub.getParams(), randomPub.flatten()), Result.ExpectedValue.SUCCESS);
+ Test ka = CommandTest.expect(new Command.ECDH(this.card, ECTesterApplet.KEYPAIR_REMOTE, ECTesterApplet.KEYPAIR_LOCAL, ECTesterApplet.EXPORT_FALSE, EC_Consts.TRANSFORMATION_NONE, EC_Consts.KeyAgreement_ALG_EC_SVDP_DH), expected);
+ Test sig = CommandTest.expect(new Command.ECDSA_sign(this.card, ECTesterApplet.KEYPAIR_LOCAL, EC_Consts.Signature_ALG_ECDSA_SHA, ECTesterApplet.EXPORT_FALSE, null), expected);
Test perform = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Perform ECDH and ECDSA.", ka, sig);
if (cfg.cleanup) {
Test cleanup = CommandTest.expect(new Command.Cleanup(this.card), Result.ExpectedValue.ANY);
- doTest(CompoundTest.greedyAll(Result.ExpectedValue.SUCCESS, "Tests over " + curve.getBits() + "b " + catName + " curve: " + curve.getId() + ".", allocateFirst, set, generate, perform, cleanup));
+ doTest(CompoundTest.greedyAll(Result.ExpectedValue.SUCCESS, "Tests over " + curve.getBits() + "b " + catName + " curve: " + curve.getId() + ".", allocateFirst, set, generate, setRemote, perform, cleanup));
} else {
- doTest(CompoundTest.greedyAll(Result.ExpectedValue.SUCCESS, "Tests over " + curve.getBits() + "b " + catName + " curve: " + curve.getId() + ".", allocateFirst, set, generate, perform));
+ doTest(CompoundTest.greedyAll(Result.ExpectedValue.SUCCESS, "Tests over " + curve.getBits() + "b " + catName + " curve: " + curve.getId() + ".", allocateFirst, set, generate, setRemote, perform));
}
}
generated by cgit v1.2.3-70-g09d2 (git 2.51.2) at 2025-11-08 09:18:06 +0000