diff options
61 files changed, 2094 insertions, 2310 deletions
diff --git a/!uploader/ectester.cap b/!uploader/ectester.cap Binary files differnew file mode 100644 index 0000000..f829de4 --- /dev/null +++ b/!uploader/ectester.cap diff --git a/!uploader/gppro_upload.bat b/!uploader/gppro_upload.bat index 0dd7864..cbfd5ae 100644 --- a/!uploader/gppro_upload.bat +++ b/!uploader/gppro_upload.bat @@ -1,6 +1,6 @@ gp.exe -delete 4543546573746572 -deletedeps -verbose gp.exe -deletedeps -verbose -delete 4A43416C6754657374 -gp.exe -install simpleECC.cap -verbose +gp.exe -install ectester.cap -verbose diff --git a/!uploader/gppro_upload.sh b/!uploader/gppro_upload.sh index faeaf24..47c7c97 100755 --- a/!uploader/gppro_upload.sh +++ b/!uploader/gppro_upload.sh @@ -2,6 +2,6 @@ java -jar gp.jar -delete 4543546573746572 -deletedeps -verbose java -jar gp.jar -deletedeps -verbose -delete 4A43416C6754657374 -java -jar gp.jar -install simpleECC.cap -verbose +java -jar gp.jar -install ectester.cap -verbose diff --git a/!uploader/gppro_upload_emv.bat b/!uploader/gppro_upload_emv.bat index a9b0b9c..737f8ac 100644 --- a/!uploader/gppro_upload_emv.bat +++ b/!uploader/gppro_upload_emv.bat @@ -3,6 +3,6 @@ gp.exe -deletedeps -verbose -emv -delete 4A43416C6754657374 gp.exe -deletedeps -verbose -emv -delete 4543546573746572 -gp.exe -install simpleECC.cap -verbose -emv -d +gp.exe -install ectester.cap -verbose -emv -d diff --git a/!uploader/gppro_upload_emv.sh b/!uploader/gppro_upload_emv.sh index 9a51cd9..8f0c994 100755 --- a/!uploader/gppro_upload_emv.sh +++ b/!uploader/gppro_upload_emv.sh @@ -1,8 +1,8 @@ -java -jar gp.jar -deletedeps -verbose -emv -delete 4C6162616B417070 -java -jar gp.jar -deletedeps -verbose -emv -delete 4A43416C6754657374 -java -jar gp.jar -deletedeps -verbose -emv -delete 4543546573746572 +java -jar gp.jar --deletedeps --verbose -emv --delete 4C6162616B417070 +java -jar gp.jar --deletedeps --verbose -emv --delete 4A43416C6754657374 +java -jar gp.jar --deletedeps --verbose -emv --delete 4543546573746572 -java -jar gp.jar -install simpleECC.cap -verbose -emv -d +java -jar gp.jar --install ectester.cap --verbose --emv -d @@ -5,8 +5,8 @@ Tests support and behavior of smartcards with JavaCard platform with focus on El Usage ------ -1. Upload simpleECC.cap using your favorite tool (e.g., [GlobalPlatformPro tool](https://github.com/martinpaljak/GlobalPlatform)) -2. Run `java -jar SimpleAPDU.jar` +1. Upload ectester.cap using your favorite tool (e.g., [GlobalPlatformPro tool](https://github.com/martinpaljak/GlobalPlatform)) +2. Run `java -jar ectester.jar` 3. Inspect output log with annotated results Following operations are tested: @@ -17,7 +17,7 @@ Following operations are tested: - Signature via ECDSA - Behavior of card when invalid curves/points are provided (should fail) -See `java -jar SimpleAPDU.jar -h` for more. +See `java -jar ectester.jar -h` for more. Example output -------------- @@ -70,4 +70,26 @@ nbproject/build-impl.xml file. --> + <!-- + <path id="classpath"> + <fileset dir="lib" includes="**/*.jar"/> + </path> + + <target name="clean"> + <delete file="dist/ECTester.jar"/> + </target> + <target name="build"> + <javac srcdir="src" destdir="dist/production/ECTester" classpathref="classpath" excludes="**/SimpleAPDU.java"/> + </target> + <target name="jar" depends="build"> + <jar destfile="dist/ECTester.jar"> + <fileset dir="dist/production/ECTester"/> + <fileset dir="dist/data"/> + <manifest> + <attribute name="Main-Class" value="ECTester"/> + <attribute name="Class-Path" value="lib/jcardsim-2.2.2-all.jar lib/commons-cli-1.3.1.jar"/> + </manifest> + </jar> + </target> + --> </project> diff --git a/dist/ECTester.jar b/dist/ECTester.jar Binary files differnew file mode 100644 index 0000000..2c14e00 --- /dev/null +++ b/dist/ECTester.jar diff --git a/dist/SimpleAPDU.jar b/dist/SimpleAPDU.jar Binary files differdeleted file mode 100644 index be5599a..0000000 --- a/dist/SimpleAPDU.jar +++ /dev/null diff --git a/dist/lib/commons-cli-1.3.1.jar b/dist/lib/commons-cli-1.3.1.jar Binary files differnew file mode 100644 index 0000000..c3e7a1f --- /dev/null +++ b/dist/lib/commons-cli-1.3.1.jar diff --git a/jcardsim-2.2.2-all.jar b/jcardsim-2.2.2-all.jar Binary files differdeleted file mode 100644 index 0ac10c0..0000000 --- a/jcardsim-2.2.2-all.jar +++ /dev/null diff --git a/jcbuild.xml b/jcbuild.xml index 70d5370..9b1dabb 100644 --- a/jcbuild.xml +++ b/jcbuild.xml @@ -1,5 +1,5 @@ <?xml version="1.0" encoding="UTF-8"?> -<project basedir="." default="all" name="ECTester"> +<project basedir="." default="build" name="ECTesterApplet"> <!-- Based on Martin Paljak's applets playground --> <!-- Applet building dependencies --> <property name="JC222" value="ext/java_card_kit-2_2_2"/> @@ -10,15 +10,17 @@ <!-- ant-javacard task from javacard.pro --> <taskdef name="javacard" classname="pro.javacard.ant.JavaCard" classpath="ext/ant-javacard.jar"/> - - <!-- All included applets --> - <target name="all" depends="SimpleECC" /> - - <target name="SimpleECC"> + + <target name="build" description="Builds the CAP file."> <javacard jckit="${JC221}"> - <cap output="!uploader/simpleECC.cap" sources="src/applets" aid="4543546573746572" > - <applet class="applets.SimpleECCApplet" aid="45435465737465723031"/> + <cap output="!uploader/ectester.cap" sources="src/cz/crcs/ectester/applet" aid="4543546573746572" > + <applet class="cz.crcs.ectester.applet.ECTesterApplet" aid="45435465737465723031"/> </cap> - </javacard> + </javacard> + </target> + + <target name="upload" depends="build" description="Uploads the CAP file to the card, using gp.jar"> + <exec dir="!uploader" executable="./gppro_upload.sh" osfamily="unix"/> + <exec dir="!uploader" executable="./gppro_upload.bat" osfamily="windows"/> </target> </project> diff --git a/manifest.mf b/manifest.mf index 328e8e5..32571b3 100644 --- a/manifest.mf +++ b/manifest.mf @@ -1,3 +1,5 @@ Manifest-Version: 1.0 X-COMMENT: Main-Class will be added automatically by build +Class-Path: lib/jcardsim-2.2.2-all.jar lib/commons-cli-1.3.1.jar +Main-Class: cz.crcs.ectester.reader.ECTester diff --git a/nbproject/project.properties b/nbproject/project.properties index 49b2ea6..41e7d89 100644 --- a/nbproject/project.properties +++ b/nbproject/project.properties @@ -25,6 +25,7 @@ debug.test.classpath=\ dist.archive.excludes= # This directory is removed when the project is cleaned: dist.dir=dist +<<<<<<< HEAD dist.jar=${dist.dir}/SimpleAPDU.jar dist.javadoc.dir=${dist.dir}/javadoc endorsed.classpath= @@ -33,6 +34,18 @@ includes=** jar.compress=false javac.classpath=\ ${libs.JCardSim2.2.classpath} +======= +dist.jar=${dist.dir}/ECTester.jar +dist.javadoc.dir=${dist.dir}/javadoc +endorsed.classpath= +#TODO remove SimpleAPDU when replaced with ECtester,java +excludes=**/SimpleAPDU.java +includes=** +jar.compress=false +javac.classpath=\ + lib/jcardsim-2.2.2-all.jar:\ + lib/commons-cli-1.3.1.jar +>>>>>>> 14b5b42... major changes, ECTester rewrite, moved to valid package # Space-separated list of extra javac options javac.compilerargs= javac.deprecation=false @@ -56,7 +69,11 @@ javadoc.splitindex=true javadoc.use=true javadoc.version=false javadoc.windowtitle= +<<<<<<< HEAD main.class=simpleapdu.SimpleAPDU +======= +main.class=cz.crcs.ectester.reader.ECTester +>>>>>>> 14b5b42... major changes, ECTester rewrite, moved to valid package manifest.file=manifest.mf meta.inf.dir=${src.dir}/META-INF mkdist.disabled=false diff --git a/src/applets/ECKeyGenerator.java b/src/applets/ECKeyGenerator.java deleted file mode 100644 index 2eb5679..0000000 --- a/src/applets/ECKeyGenerator.java +++ /dev/null @@ -1,276 +0,0 @@ -package applets; - -import javacard.framework.ISO7816; -import javacard.framework.ISOException; -import javacard.framework.Util; -import javacard.security.CryptoException; -import javacard.security.ECPrivateKey; -import javacard.security.ECPublicKey; -import javacard.security.KeyPair; - -/** - * - */ -public class ECKeyGenerator { - - private KeyPair ecKeyPair = null; - private ECPrivateKey ecPrivateKey = null; - private ECPublicKey ecPublicKey = null; - - public static final byte KEY_PUBLIC = 0x01; - public static final byte KEY_PRIVATE = 0x02; - public static final byte KEY_BOTH = KEY_PUBLIC | KEY_PRIVATE; - - - public short allocatePair(byte keyClass, short keyLength) { - short result = ISO7816.SW_NO_ERROR; - try { - ecKeyPair = new KeyPair(keyClass, keyLength); - ecPublicKey = (ECPublicKey) ecKeyPair.getPublic(); - ecPrivateKey = (ECPrivateKey) ecKeyPair.getPrivate(); - } catch (CryptoException ce) { - result = ce.getReason(); - } catch (Exception e) { - result = ISO7816.SW_UNKNOWN; - } - return result; - } - - public boolean isAllocated() { - return ecKeyPair != null; - } - - public short generatePair() { - short result = ISO7816.SW_NO_ERROR; - try { - ecKeyPair.genKeyPair(); - ecPublicKey = (ECPublicKey) ecKeyPair.getPublic(); - ecPrivateKey = (ECPrivateKey) ecKeyPair.getPrivate(); - } catch (CryptoException ce) { - result = ce.getReason(); - } catch (Exception e) { - result = ISO7816.SW_UNKNOWN; - } - return result; - } - - public short setCustomCurve(byte keyClass, short keyLength, byte[] buffer, short offset) { - return setCustomCurve(EC_Consts.getCurve(keyClass, keyLength), buffer, offset); - } - - public short setCustomCurve(byte curve, byte[] buffer, short offset) { - byte alg = EC_Consts.getCurveType(curve); - short sw = ISO7816.SW_NO_ERROR; - short length; - if (alg == KeyPair.ALG_EC_FP) { - length = EC_Consts.getCurveParameter(curve, EC_Consts.PARAMETER_FP, buffer, offset); - sw = setParameter(KEY_BOTH, EC_Consts.PARAMETER_FP, buffer, offset, length); - } else if (alg == KeyPair.ALG_EC_F2M) { - length = EC_Consts.getCurveParameter(curve, EC_Consts.PARAMETER_F2M, buffer, offset); - sw = setParameter(KEY_BOTH, EC_Consts.PARAMETER_F2M, buffer, offset, length); - } - if (sw != ISO7816.SW_NO_ERROR) return sw; - - //go through all params - short param = EC_Consts.PARAMETER_A; - while (param <= EC_Consts.PARAMETER_K) { - length = EC_Consts.getCurveParameter(curve, param, buffer, offset); - sw = setParameter(KEY_BOTH, param, buffer, offset, length); - if (sw != ISO7816.SW_NO_ERROR) break; - param = (short) (param << 1); - } - return sw; - } - - public short setCustomInvalidCurve(short keyClass, short keyLength, byte key, short param, short corruptionType, byte[] buffer, short offset) { - return setCustomInvalidCurve(EC_Consts.getCurve(keyClass, keyLength), key, param, corruptionType, buffer, offset); - } - - public short setCustomInvalidCurve(byte curve, byte key, short param, short corruptionType, byte[] buffer, short offset) { - short sw = setCustomCurve(curve, buffer, offset); - if (sw != ISO7816.SW_NO_ERROR) return sw; - - //go through param bit by bit, and invalidate all selected params - short paramMask = 0x01; - while (paramMask <= EC_Consts.PARAMETER_K) { - short masked = (short) (paramMask & param); - if (masked != 0) { - short length = EC_Consts.getCorruptCurveParameter(curve, masked, buffer, offset, corruptionType); - sw = setParameter(key, masked, buffer, offset, length); - if (sw != ISO7816.SW_NO_ERROR) return sw; - } - paramMask = (short) (paramMask << 1); - } - return sw; - } - - public short setCustomAnomalousCurve(short keyClass, short keyLength, byte[] buffer, short offset) { - return setCustomCurve(EC_Consts.getAnomalousCurve(keyClass, keyLength), buffer, offset); - } - - public short setParameter(byte key, short param, byte[] data, short offset, short length) { - short result = ISO7816.SW_NO_ERROR; - try { - switch (param) { - case EC_Consts.PARAMETER_FP: { - if ((key & KEY_PUBLIC) != 0) ecPublicKey.setFieldFP(data, offset, length); - if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setFieldFP(data, offset, length); - break; - } - case EC_Consts.PARAMETER_F2M: { - if (length == 2) { - short i = Util.makeShort(data[offset], data[(short) (offset + 1)]); - if ((key & KEY_PUBLIC) != 0) ecPublicKey.setFieldF2M(i); - if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setFieldF2M(i); - } else if (length == 6) { - short i1 = Util.makeShort(data[offset], data[(short) (offset + 1)]); - short i2 = Util.makeShort(data[(short) (offset + 2)], data[(short) (offset + 3)]); - short i3 = Util.makeShort(data[(short) (offset + 4)], data[(short) (offset + 5)]); - if ((key & KEY_PUBLIC) != 0) ecPublicKey.setFieldF2M(i1, i2, i3); - if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setFieldF2M(i1, i2, i3); - } else { - result = ISO7816.SW_UNKNOWN; - } - break; - } - case EC_Consts.PARAMETER_A: { - if ((key & KEY_PUBLIC) != 0) ecPublicKey.setA(data, offset, length); - if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setA(data, offset, length); - break; - } - case EC_Consts.PARAMETER_B: { - if ((key & KEY_PUBLIC) != 0) ecPublicKey.setB(data, offset, length); - if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setB(data, offset, length); - break; - } - case EC_Consts.PARAMETER_G: { - if ((key & KEY_PUBLIC) != 0) ecPublicKey.setG(data, offset, length); - if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setG(data, offset, length); - break; - } - case EC_Consts.PARAMETER_R: { - if ((key & KEY_PUBLIC) != 0) ecPublicKey.setR(data, offset, length); - if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setR(data, offset, length); - break; - } - case EC_Consts.PARAMETER_K: { - if (length != 2) { - result = ISO7816.SW_UNKNOWN; - } else { - short k = Util.getShort(data, offset); - if ((key & KEY_PUBLIC) != 0) ecPublicKey.setK(k); - if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setK(k); - } - break; - } - case EC_Consts.PARAMETER_S: - if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setS(data, offset, length); - break; - case EC_Consts.PARAMETER_W: - if ((key & KEY_PUBLIC) != 0) ecPublicKey.setW(data, offset, length); - break; - default: { - ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); - } - } - } catch (CryptoException ce) { - result = ce.getReason(); - } catch (Exception e) { - result = ISO7816.SW_UNKNOWN; - } - return result; - } - - public short setExternalCurve(byte key, byte keyClass, byte[] buffer, short offset, short fieldLength, short aLength, short bLength, short gxLength, short gyLength, short rLength) { - short sw = ISO7816.SW_NO_ERROR; - if (keyClass == KeyPair.ALG_EC_FP) { - sw = setParameter(key, EC_Consts.PARAMETER_FP, buffer, offset, fieldLength); - } else if (keyClass == KeyPair.ALG_EC_F2M) { - sw = setParameter(key, EC_Consts.PARAMETER_F2M, buffer, offset, fieldLength); - } - if (sw != ISO7816.SW_NO_ERROR) return sw; - - offset += fieldLength; - - //go through all params - sw = setParameter(key, EC_Consts.PARAMETER_A, buffer, offset, aLength); - if (sw != ISO7816.SW_NO_ERROR) return sw; - offset += aLength; - sw = setParameter(key, EC_Consts.PARAMETER_B, buffer, offset, bLength); - if (sw != ISO7816.SW_NO_ERROR) return sw; - offset += bLength; - - sw = setParameter(key, EC_Consts.PARAMETER_G, buffer, offset, (short) (gxLength + gyLength)); - if (sw != ISO7816.SW_NO_ERROR) return sw; - offset += gxLength + gyLength; - - - sw = setParameter(key, EC_Consts.PARAMETER_R, buffer, offset, aLength); - if (sw != ISO7816.SW_NO_ERROR) return sw; - offset += rLength; - - sw = setParameter(key, EC_Consts.PARAMETER_K, buffer, offset, (short) 2); - return sw; - } - - public short exportParameter(byte key, short param, byte[] outputBuffer, short outputOffset) { - if (key == KEY_BOTH) { - ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); - } - short length = 0; - try { - switch (param) { - case EC_Consts.PARAMETER_FP: - case EC_Consts.PARAMETER_F2M: - if ((key & KEY_PUBLIC) != 0) length = ecPublicKey.getField(outputBuffer, outputOffset); - if ((key & KEY_PRIVATE) != 0) length = ecPrivateKey.getField(outputBuffer, outputOffset); - break; - case EC_Consts.PARAMETER_A: - if ((key & KEY_PUBLIC) != 0) length = ecPublicKey.getA(outputBuffer, outputOffset); - if ((key & KEY_PRIVATE) != 0) length = ecPrivateKey.getA(outputBuffer, outputOffset); - break; - case EC_Consts.PARAMETER_B: - if ((key & KEY_PUBLIC) != 0) length = ecPublicKey.getB(outputBuffer, outputOffset); - if ((key & KEY_PRIVATE) != 0) length = ecPrivateKey.getB(outputBuffer, outputOffset); - break; - case EC_Consts.PARAMETER_G: - if ((key & KEY_PUBLIC) != 0) length = ecPublicKey.getG(outputBuffer, outputOffset); - if ((key & KEY_PRIVATE) != 0) length = ecPrivateKey.getG(outputBuffer, outputOffset); - break; - case EC_Consts.PARAMETER_R: - if ((key & KEY_PUBLIC) != 0) length = ecPublicKey.getR(outputBuffer, outputOffset); - if ((key & KEY_PRIVATE) != 0) length = ecPrivateKey.getR(outputBuffer, outputOffset); - break; - case EC_Consts.PARAMETER_K: - if ((key & KEY_PUBLIC) != 0) Util.setShort(outputBuffer, outputOffset, ecPublicKey.getK()); - if ((key & KEY_PRIVATE) != 0) Util.setShort(outputBuffer, outputOffset, ecPrivateKey.getK()); - length = 2; - break; - case EC_Consts.PARAMETER_S: - if ((key & KEY_PRIVATE) != 0) length = ecPrivateKey.getS(outputBuffer, outputOffset); - break; - case EC_Consts.PARAMETER_W: - if ((key & KEY_PUBLIC) != 0) length = ecPublicKey.getW(outputBuffer, outputOffset); - default: - ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); - } - } catch (CryptoException ce) { - ISOException.throwIt(ce.getReason()); - } catch (Exception e) { - ISOException.throwIt(ISO7816.SW_UNKNOWN); - } - return length; - } - - public ECPrivateKey getPrivateKey() { - return ecPrivateKey; - } - - public ECPublicKey getPublicKey() { - return ecPublicKey; - } - - public KeyPair getKeyPair() { - return ecKeyPair; - } -} diff --git a/src/applets/SimpleECCApplet.java b/src/applets/SimpleECCApplet.java deleted file mode 100644 index a56250c..0000000 --- a/src/applets/SimpleECCApplet.java +++ /dev/null @@ -1,1026 +0,0 @@ -/* - * PACKAGEID: 4C6162616B417070 - * APPLETID: 4C6162616B4170706C6574 - */ -package applets; - -import javacard.framework.*; -import javacard.security.*; - - -public class SimpleECCApplet extends Applet { - - // MAIN INSTRUCTION CLASS - final static byte CLA_SIMPLEECCAPPLET = (byte) 0xB0; - - // INSTRUCTIONS - final static byte INS_GENERATEKEY = (byte) 0x5a; - final static byte INS_ALLOCATEKEYPAIRS = (byte) 0x5b; - - final static byte INS_ALLOCATEKEYPAIR = (byte) 0x5c; - final static byte INS_DERIVEECDHSECRET = (byte) 0x5d; - - final static byte INS_TESTECSUPPORTALL_FP = (byte) 0x5e; - final static byte INS_TESTECSUPPORTALL_F2M = (byte) 0x5f; - final static byte INS_TESTEC_GENERATEINVALID_FP = (byte) 0x70; - final static byte INS_TESTECSUPPORT_GIVENALG = (byte) 0x71; - final static byte INS_TESTECSUPPORT_EXTERNAL = (byte) 0x72; - final static byte INS_TESTEC_LASTUSEDPARAMS = (byte) 0x40; - - - public final static byte P1_SETCURVE = (byte) 0x01; - public final static byte P1_GENERATEKEYPAIR = (byte) 0x02; - - - final static short ARRAY_LENGTH = (short) 0xff; - final static byte AES_BLOCK_LENGTH = (short) 0x16; - - final static short EC_LENGTH_BITS = KeyBuilder.LENGTH_EC_FP_192; - //final static short EC_LENGTH_BITS = KeyBuilder.LENGTH_EC_FP_160; - //final static short EC_LENGTH_BITS = (short) 256; - - public final static byte ECTEST_SEPARATOR = (byte) 0xff; - public final static byte ECTEST_ALLOCATE_KEYPAIR = (byte) 0xc1; - public final static byte ECTEST_GENERATE_KEYPAIR_DEFCURVE = (byte) 0xc2; - public final static byte ECTEST_SET_VALIDCURVE = (byte) 0xc3; - public final static byte ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE = (byte) 0xc4; - public final static byte ECTEST_SET_INVALIDCURVE = (byte) 0xc5; - public final static byte ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE = (byte) 0xc6; - public final static byte ECTEST_ECDH_AGREEMENT_VALID_POINT = (byte) 0xc7; - public final static byte ECTEST_ECDH_AGREEMENT_INVALID_POINT = (byte) 0xc8; - public final static byte ECTEST_EXECUTED_REPEATS = (byte) 0xc9; - public final static byte ECTEST_DH_GENERATESECRET = (byte) 0xca; - public final static byte ECTEST_SET_EXTERNALCURVE = (byte) 0xcb; - public final static byte ECTEST_GENERATE_KEYPAIR_EXTERNALCURVE = (byte) 0xcc; - public final static byte ECTEST_ECDSA_SIGNATURE = (byte) 0xcd; - public final static byte ECTEST_SET_ANOMALOUSCURVE = (byte) 0xce; - public final static byte ECTEST_GENERATE_KEYPAIR_ANOMALOUSCURVE = (byte) 0xcf; - public final static byte ECTEST_ECDH_AGREEMENT_SMALL_DEGREE_POINT = (byte) 0xd0; - public final static byte ECTEST_SET_INVALIDFIELD = (byte) 0xd1; - public final static byte ECTEST_GENERATE_KEYPAIR_INVALIDFIELD = (byte) 0xd2; - - public final static short FLAG_ECTEST_ALLOCATE_KEYPAIR = (short) 0x0001; - public final static short FLAG_ECTEST_GENERATE_KEYPAIR_DEFCURVE = (short) 0x0002; - public final static short FLAG_ECTEST_SET_VALIDCURVE = (short) 0x0004; - public final static short FLAG_ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE = (short) 0x0008; - public final static short FLAG_ECTEST_SET_INVALIDCURVE = (short) 0x0010; - public final static short FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE = (short) 0x0020; - public final static short FLAG_ECTEST_ECDH_AGREEMENT_VALID_POINT = (short) 0x0040; - public final static short FLAG_ECTEST_ECDH_AGREEMENT_INVALID_POINT = (short) 0x0080; - public final static short FLAG_ECTEST_ECDSA_SIGNATURE = (short) 0x0100; - public final static short FLAG_ECTEST_SET_ANOMALOUSCURVE = (short) 0x0200; - public final static short FLAG_ECTEST_GENERATE_KEYPAIR_ANOMALOUSCUVE = (short) 0x0400; - public final static short FLAG_ECTEST_ECDH_AGREEMENT_SMALL_DEGREE_POINT = (short) 0x0800; - public final static short FLAG_ECTEST_SET_INVALIDFIELD = (short) 0x1000; - public final static short FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDFIELD = (short) 0x2000; - - public final static short FLAG_ECTEST_ALL = (short) 0xffff; - - - public final static short SW_SKIPPED = (short) 0x0ee1; - public final static short SW_KEYPAIR_GENERATED_INVALID = (short) 0x0ee2; - public final static short SW_INVALID_CORRUPTION_TYPE = (short) 0x0ee3; - public final static short SW_SIG_VERIFY_FAIL = (short) 0xee4; - /* - public static final byte[] EC192_FP_PUBLICW = new byte[]{ - (byte) 0x04, (byte) 0xC9, (byte) 0xC0, (byte) 0xED, (byte) 0xFB, (byte) 0x27, - (byte) 0xB7, (byte) 0x1E, (byte) 0xBE, (byte) 0x30, (byte) 0x93, (byte) 0xFC, - (byte) 0x4F, (byte) 0x33, (byte) 0x76, (byte) 0x38, (byte) 0xCE, (byte) 0xE0, - (byte) 0x2F, (byte) 0x78, (byte) 0xF6, (byte) 0x3C, (byte) 0xEA, (byte) 0x90, - (byte) 0x22, (byte) 0x61, (byte) 0x32, (byte) 0x8E, (byte) 0x9F, (byte) 0x03, - (byte) 0x8A, (byte) 0xFD, (byte) 0x60, (byte) 0xA0, (byte) 0xCE, (byte) 0x01, - (byte) 0x9B, (byte) 0x76, (byte) 0x34, (byte) 0x59, (byte) 0x79, (byte) 0x64, - (byte) 0xD7, (byte) 0x79, (byte) 0x8E, (byte) 0x3B, (byte) 0x16, (byte) 0xD5, - (byte) 0x15}; - */ - public static final byte[] EC192_FP_PUBLICW = new byte[]{ - (byte) 0x04, - (byte) 0x9d, (byte) 0x42, (byte) 0x76, (byte) 0x9d, (byte) 0xfd, (byte) 0xbe, - (byte) 0x11, (byte) 0x3a, (byte) 0x85, (byte) 0x1b, (byte) 0xb6, (byte) 0xb0, - (byte) 0x1b, (byte) 0x1a, (byte) 0x51, (byte) 0x5d, (byte) 0x89, (byte) 0x3b, - (byte) 0x5a, (byte) 0xdb, (byte) 0xc1, (byte) 0xf6, (byte) 0x13, (byte) 0x29, - (byte) 0x74, (byte) 0x74, (byte) 0x9a, (byte) 0xc0, (byte) 0x96, (byte) 0x7a, - (byte) 0x8f, (byte) 0xf4, (byte) 0xcc, (byte) 0x54, (byte) 0xd9, (byte) 0x31, - (byte) 0x87, (byte) 0x60, (byte) 0x2d, (byte) 0xd6, (byte) 0x7e, (byte) 0xb3, - (byte) 0xd2, (byte) 0x29, (byte) 0x70a, (byte) 0xca, (byte) 0x2ca}; - - - private ECPublicKey ecPubKey = null; - private ECPublicKey ecPubKey128 = null; - private ECPublicKey ecPubKey160 = null; - private ECPublicKey ecPubKey192 = null; - private ECPublicKey ecPubKey256 = null; - private ECPrivateKey ecPrivKey = null; - private ECPrivateKey ecPrivKey128 = null; - private ECPrivateKey ecPrivKey160 = null; - private ECPrivateKey ecPrivKey192 = null; - private ECPrivateKey ecPrivKey256 = null; - - private ECKeyGenerator ecKeyGenerator = null; - private ECKeyTester ecKeyTester = null; - - private KeyAgreement dhKeyAgreement = null; - private RandomData randomData = null; - - // TEMPORARRY ARRAY IN RAM - private byte m_ramArray[] = null; - private byte m_ramArray2[] = null; - // PERSISTENT ARRAY IN EEPROM - private byte m_dataArray[] = null; - - short m_lenB = 0; - - protected SimpleECCApplet(byte[] buffer, short offset, byte length) { - short dataOffset = offset; - - if (length > 9) { - // shift to privilege offset - dataOffset += (short) (1 + buffer[offset]); - // finally shift to Application specific offset - dataOffset += (short) (1 + buffer[dataOffset]); - // go to proprietary data - dataOffset++; - - m_ramArray = JCSystem.makeTransientByteArray(ARRAY_LENGTH, JCSystem.CLEAR_ON_RESET); - m_ramArray2 = JCSystem.makeTransientByteArray(ARRAY_LENGTH, JCSystem.CLEAR_ON_RESET); - - m_dataArray = new byte[ARRAY_LENGTH]; - Util.arrayFillNonAtomic(m_dataArray, (short) 0, ARRAY_LENGTH, (byte) 0); - - randomData = RandomData.getInstance(RandomData.ALG_SECURE_RANDOM); - EC_Consts.m_random = randomData; - - ecKeyGenerator = new ECKeyGenerator(); - ecKeyTester = new ECKeyTester(); - ecKeyTester.allocateECDH(); - ecKeyTester.allocateECDHC(); - ecKeyTester.allocateECDSA(); - - } - - register(); - } - - public static void install(byte[] bArray, short bOffset, byte bLength) throws ISOException { - // applet instance creation - new SimpleECCApplet(bArray, bOffset, bLength); - } - - public boolean select() { - return true; - } - - public void deselect() { - return; - } - - public void process(APDU apdu) throws ISOException { - // get the APDU buffer - byte[] apduBuffer = apdu.getBuffer(); - - // ignore the applet select command dispached to the process - if (selectingApplet()) - return; - - if (apduBuffer[ISO7816.OFFSET_CLA] == CLA_SIMPLEECCAPPLET) { - switch (apduBuffer[ISO7816.OFFSET_INS]) { - - case INS_TESTECSUPPORT_GIVENALG: - TestEC_SupportGivenLength(apdu); - break; - case INS_TESTECSUPPORTALL_FP: - TestEC_FP_SupportAllLengths(apdu); - break; - case INS_TESTECSUPPORTALL_F2M: - TestEC_F2M_SupportAllLengths(apdu); - break; - case INS_ALLOCATEKEYPAIR: - AllocateKeyPairReturnDefCurve(apdu); - break; - case INS_DERIVEECDHSECRET: - DeriveECDHSecret(apdu); - break; - case INS_TESTEC_GENERATEINVALID_FP: - TestEC_FP_GenerateInvalidCurve(apdu); - break; - case INS_TESTEC_LASTUSEDPARAMS: - TestECSupportInvalidCurve_lastUsedParams(apdu); - break; - case INS_TESTECSUPPORT_EXTERNAL: - TestEC_SupportExternal(apdu); - break; -/* - case INS_ALLOCATEKEYPAIRS: - AllocateKeyPairs(apdu); - break; -*/ - case INS_GENERATEKEY: - GenerateAndReturnKey(apdu); - break; - default: - // The INS code is not supported by the dispatcher - ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED); - break; - - } - } else ISOException.throwIt(ISO7816.SW_CLA_NOT_SUPPORTED); - } - - - short TestECSupport(byte keyClass, short keyLen, byte[] buffer, short bufferOffset) { - short baseOffset = bufferOffset; - - short testFlags = FLAG_ECTEST_ALL; - - ecPubKey = null; - ecPrivKey = null; - - buffer[bufferOffset] = ECTEST_SEPARATOR; - bufferOffset++; - buffer[bufferOffset] = keyClass; - bufferOffset++; - Util.setShort(buffer, bufferOffset, keyLen); - bufferOffset += 2; - - short sw; - - // - // 1. Allocate KeyPair object - // - buffer[bufferOffset] = ECTEST_ALLOCATE_KEYPAIR; - bufferOffset++; - sw = SW_SKIPPED; - if ((testFlags & FLAG_ECTEST_ALLOCATE_KEYPAIR) != (short) 0) { - sw = ecKeyGenerator.allocatePair(keyClass, keyLen); - - if (sw != ISO7816.SW_NO_ERROR) { - testFlags = 0; //keyPair allocation failed, cannot continue with tests - } - } - Util.setShort(buffer, bufferOffset, sw); - bufferOffset += 2; - - // - // 2. Test keypair generation without explicit curve (=> default curve preset) - // - buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_DEFCURVE; - bufferOffset++; - sw = SW_SKIPPED; - if ((testFlags & FLAG_ECTEST_GENERATE_KEYPAIR_DEFCURVE) != (short) 0) { - sw = ecKeyGenerator.generatePair(); - } - Util.setShort(buffer, bufferOffset, sw); - bufferOffset += 2; - - // - // 3. Set valid custom curve - // - buffer[bufferOffset] = ECTEST_SET_VALIDCURVE; - bufferOffset++; - sw = SW_SKIPPED; - if ((testFlags & FLAG_ECTEST_SET_VALIDCURVE) != (short) 0) { - sw = ecKeyGenerator.setCustomCurve(keyClass, keyLen, m_ramArray, (short) 0); - - if (sw != ISO7816.SW_NO_ERROR) { - testFlags &= ~FLAG_ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE; - } - } - Util.setShort(buffer, bufferOffset, sw); - bufferOffset += 2; - - // - // 4. Generate keypair with custom curve - // - buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE; - bufferOffset++; - sw = SW_SKIPPED; - if ((testFlags & FLAG_ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE) != (short) 0) { - sw = ecKeyGenerator.generatePair(); - } - Util.setShort(buffer, bufferOffset, sw); - bufferOffset += 2; - - // - // 5. ECDH agreement with valid public key - // - buffer[bufferOffset] = ECTEST_ECDH_AGREEMENT_VALID_POINT; - bufferOffset++; - sw = SW_SKIPPED; - if ((testFlags & FLAG_ECTEST_ECDH_AGREEMENT_VALID_POINT) != (short) 0) { - sw = ecKeyGenerator.generatePair(); - if (sw == ISO7816.SW_NO_ERROR) { - ecPubKey = ecKeyGenerator.getPublicKey(); - ecPrivKey = ecKeyGenerator.getPrivateKey(); - sw = ecKeyTester.testECDH_validPoint(ecPrivKey, ecPubKey, m_ramArray, (short) 0, m_ramArray2, (short) 0); - } - } - Util.setShort(buffer, bufferOffset, sw); - bufferOffset += 2; - - // - // 6. ECDH agreement with invalid public key - // - buffer[bufferOffset] = ECTEST_ECDH_AGREEMENT_INVALID_POINT; - bufferOffset++; - sw = SW_SKIPPED; - if ((testFlags & FLAG_ECTEST_ECDH_AGREEMENT_INVALID_POINT) != (short) 0) { - sw = ecKeyGenerator.generatePair(); - if (sw == ISO7816.SW_NO_ERROR) { - ecPubKey = ecKeyGenerator.getPublicKey(); - ecPrivKey = ecKeyGenerator.getPrivateKey(); - sw = ecKeyTester.testECDH_invalidPoint(ecPrivKey, ecPubKey, m_ramArray, (short) 0, m_ramArray2, (short) 1); - } - } - Util.setShort(buffer, bufferOffset, sw); - bufferOffset += 2; - - // - // 7. ECDSA test - // - buffer[bufferOffset] = ECTEST_ECDSA_SIGNATURE; - bufferOffset++; - sw = SW_SKIPPED; - if ((testFlags & FLAG_ECTEST_ECDSA_SIGNATURE) != (short) 0) { - sw = ecKeyGenerator.generatePair(); - if (sw == ISO7816.SW_NO_ERROR) { - ecPubKey = ecKeyGenerator.getPublicKey(); - ecPrivKey = ecKeyGenerator.getPrivateKey(); - sw = ecKeyTester.testECDSA(ecPrivKey, ecPubKey, m_ramArray2, (short) 0, (short) m_ramArray2.length, m_ramArray, (short) 0); - } - } - Util.setShort(buffer, bufferOffset, sw); - bufferOffset += 2; - - // - // 8. Set anomalous custom curve - // - buffer[bufferOffset] = ECTEST_SET_ANOMALOUSCURVE; - bufferOffset++; - sw = SW_SKIPPED; - if ((testFlags & FLAG_ECTEST_SET_ANOMALOUSCURVE) != (short) 0) { - if (keyClass == KeyPair.ALG_EC_FP) { //Only FP supported at the moment - sw = ecKeyGenerator.setCustomAnomalousCurve(keyClass, keyLen, m_ramArray, (short) 0); - } - if (sw != ISO7816.SW_NO_ERROR) { - testFlags &= ~FLAG_ECTEST_GENERATE_KEYPAIR_ANOMALOUSCUVE; - testFlags &= ~FLAG_ECTEST_ECDH_AGREEMENT_SMALL_DEGREE_POINT; - } - } - Util.setShort(buffer, bufferOffset, sw); - bufferOffset += 2; - - // - // 9. Generate keypair with anomalous custom curve - // - - buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_ANOMALOUSCURVE; - bufferOffset++; - sw = SW_SKIPPED; - if ((testFlags & FLAG_ECTEST_GENERATE_KEYPAIR_ANOMALOUSCUVE) != (short) 0) { - sw = ecKeyGenerator.generatePair(); - if (sw != ISO7816.SW_NO_ERROR) { - testFlags &= ~FLAG_ECTEST_ECDH_AGREEMENT_SMALL_DEGREE_POINT; - } - } - Util.setShort(buffer, bufferOffset, sw); - bufferOffset += 2; - - // - // 10. Test small degree pubkey - // - - buffer[bufferOffset] = ECTEST_ECDH_AGREEMENT_SMALL_DEGREE_POINT; - bufferOffset++; - sw = SW_SKIPPED; - if ((testFlags & FLAG_ECTEST_ECDH_AGREEMENT_SMALL_DEGREE_POINT) != (short) 0) { - short pubLength = EC_Consts.getCurveParameter(EC_Consts.getAnomalousCurve(keyClass, keyLen), EC_Consts.PARAMETER_W, m_ramArray, (short) 0); - ecPrivKey = ecKeyGenerator.getPrivateKey(); - sw = ecKeyTester.testECDH(ecPrivKey, m_ramArray, (short) 0, pubLength, m_ramArray2, (short) 1); - } - Util.setShort(buffer, bufferOffset, sw); - bufferOffset += 2; - - // - // 11. Set invalid custom curve - // - buffer[bufferOffset] = ECTEST_SET_INVALIDCURVE; - bufferOffset++; - sw = SW_SKIPPED; - if ((testFlags & FLAG_ECTEST_SET_INVALIDCURVE) != (short) 0) { - sw = ecKeyGenerator.setCustomInvalidCurve(keyClass, keyLen, ECKeyGenerator.KEY_PUBLIC, EC_Consts.PARAMETER_B, EC_Consts.CORRUPTION_FIXED, m_ramArray, (short) 0); - - if (sw != ISO7816.SW_NO_ERROR) { - testFlags &= ~FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE; - } - } - Util.setShort(buffer, bufferOffset, sw); - bufferOffset += 2; - - // - // 12. Generate keypair with invalid custom curve - // - buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE; - bufferOffset++; - sw = SW_SKIPPED; - if ((testFlags & FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE) != (short) 0) { - sw = ecKeyGenerator.generatePair(); - } - Util.setShort(buffer, bufferOffset, sw); - bufferOffset += 2; - - // - // 13. Set invalid field - // - buffer[bufferOffset] = ECTEST_SET_INVALIDFIELD; - bufferOffset++; - sw = SW_SKIPPED; - if ((testFlags & FLAG_ECTEST_SET_INVALIDFIELD) != (short) 0) { - if (keyClass == KeyPair.ALG_EC_FP) - sw = ecKeyGenerator.setCustomInvalidCurve(keyClass, keyLen, ECKeyGenerator.KEY_BOTH, EC_Consts.PARAMETER_FP, EC_Consts.CORRUPTION_FULLRANDOM, m_ramArray, (short) 0); - else - sw = ecKeyGenerator.setCustomInvalidCurve(keyClass, keyLen, ECKeyGenerator.KEY_BOTH, EC_Consts.PARAMETER_F2M, EC_Consts.CORRUPTION_FULLRANDOM, m_ramArray, (short) 0); - - if (sw != ISO7816.SW_NO_ERROR) { - testFlags &= ~FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDFIELD; - } - } - Util.setShort(buffer, bufferOffset, sw); - bufferOffset += 2; - - // 14. Generate key with invalid field - buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_INVALIDFIELD; - bufferOffset++; - sw = SW_SKIPPED; - if ((testFlags & FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDFIELD) != (short) 0) { - sw = ecKeyGenerator.generatePair(); - } - Util.setShort(buffer, bufferOffset, sw); - bufferOffset += 2; - - return (short) (bufferOffset - baseOffset); - } - - void TestEC_SupportGivenLength(APDU apdu) { - byte[] apdubuf = apdu.getBuffer(); - short len = apdu.setIncomingAndReceive(); - - short dataOffset = ISO7816.OFFSET_CDATA; - byte algType = apdubuf[dataOffset]; - dataOffset++; - short keyLength = Util.getShort(apdubuf, dataOffset); - dataOffset += 2; - - dataOffset = 0; - dataOffset += TestECSupport(algType, keyLength, apdubuf, dataOffset); - - apdu.setOutgoingAndSend((short) 0, dataOffset); - } - - void TestEC_FP_SupportAllLengths(APDU apdu) { - byte[] apdubuf = apdu.getBuffer(); - short len = apdu.setIncomingAndReceive(); - short dataOffset = 0; - - // FP - dataOffset += TestECSupport(KeyPair.ALG_EC_FP, (short) 128, apdubuf, dataOffset); - dataOffset += TestECSupport(KeyPair.ALG_EC_FP, (short) 160, apdubuf, dataOffset); - dataOffset += TestECSupport(KeyPair.ALG_EC_FP, (short) 192, apdubuf, dataOffset); - dataOffset += TestECSupport(KeyPair.ALG_EC_FP, (short) 224, apdubuf, dataOffset); - dataOffset += TestECSupport(KeyPair.ALG_EC_FP, (short) 256, apdubuf, dataOffset); - dataOffset += TestECSupport(KeyPair.ALG_EC_FP, (short) 384, apdubuf, dataOffset); - dataOffset += TestECSupport(KeyPair.ALG_EC_FP, (short) 521, apdubuf, dataOffset); - - apdu.setOutgoingAndSend((short) 0, dataOffset); - } - - void TestEC_F2M_SupportAllLengths(APDU apdu) { - byte[] apdubuf = apdu.getBuffer(); - short len = apdu.setIncomingAndReceive(); - - short dataOffset = 0; - // F2M - dataOffset += TestECSupport(KeyPair.ALG_EC_F2M, (short) 113, apdubuf, dataOffset); - dataOffset += TestECSupport(KeyPair.ALG_EC_F2M, (short) 131, apdubuf, dataOffset); - dataOffset += TestECSupport(KeyPair.ALG_EC_F2M, (short) 163, apdubuf, dataOffset); - dataOffset += TestECSupport(KeyPair.ALG_EC_F2M, (short) 193, apdubuf, dataOffset); - - apdu.setOutgoingAndSend((short) 0, dataOffset); - } - - short TestECSupportExternalCurve(byte keyClass, short keyLength, byte[] buffer, short bufferOffset, short outputOffset) { - short startOffset = outputOffset; - - short fieldLength = Util.getShort(buffer, bufferOffset); - bufferOffset += 2; - short aLength = Util.getShort(buffer, bufferOffset); - bufferOffset += 2; - short bLength = Util.getShort(buffer, bufferOffset); - bufferOffset += 2; - short gxLength = Util.getShort(buffer, bufferOffset); - bufferOffset += 2; - short gyLength = Util.getShort(buffer, bufferOffset); - bufferOffset += 2; - short rLength = Util.getShort(buffer, bufferOffset); - bufferOffset += 2; - - buffer[outputOffset] = ECTEST_SEPARATOR; - outputOffset++; - - // allocatePair - buffer[outputOffset] = ECTEST_ALLOCATE_KEYPAIR; - outputOffset++; - short sw = ecKeyGenerator.allocatePair(keyClass, keyLength); - Util.setShort(buffer, outputOffset, sw); - outputOffset += 2; - if (sw != ISO7816.SW_NO_ERROR) { - return (short) (outputOffset - startOffset); - } - - // setExternalCurve - buffer[outputOffset] = ECTEST_SET_EXTERNALCURVE; - outputOffset++; - sw = ecKeyGenerator.setExternalCurve(ECKeyGenerator.KEY_BOTH, keyClass, buffer, bufferOffset, fieldLength, aLength, bLength, gxLength, gyLength, rLength); - Util.setShort(buffer, outputOffset, sw); - outputOffset += 2; - if (sw != ISO7816.SW_NO_ERROR) { - return (short) (outputOffset - startOffset); - } - - // generatePair - buffer[outputOffset] = ECTEST_GENERATE_KEYPAIR_EXTERNALCURVE; - outputOffset++; - sw = ecKeyGenerator.generatePair(); - Util.setShort(buffer, outputOffset, sw); - outputOffset += 2; - if (sw != ISO7816.SW_NO_ERROR) { - return (short) (outputOffset - startOffset); - } - - ecPubKey = ecKeyGenerator.getPublicKey(); - ecPrivKey = ecKeyGenerator.getPrivateKey(); - - // test_ECDH - buffer[outputOffset] = ECTEST_ECDH_AGREEMENT_VALID_POINT; - outputOffset++; - sw = ecKeyTester.testECDH_validPoint(ecPrivKey, ecPubKey, m_ramArray, (short) 0, m_ramArray2, (short) 0); - Util.setShort(buffer, outputOffset, sw); - outputOffset += 2; - if (sw != ISO7816.SW_NO_ERROR) { - return (short) (outputOffset - startOffset); - } - - // test_ECDH invalid - buffer[outputOffset] = ECTEST_ECDH_AGREEMENT_INVALID_POINT; - outputOffset++; - sw = ecKeyTester.testECDH_invalidPoint(ecPrivKey, ecPubKey, m_ramArray, (short) 0, m_ramArray2, (short) 0); - Util.setShort(buffer, outputOffset, sw); - outputOffset += 2; - if (sw != ISO7816.SW_NO_ERROR) { - return (short) (outputOffset - startOffset); - } - - // test_ECDSA - buffer[outputOffset] = ECTEST_ECDSA_SIGNATURE; - outputOffset++; - randomData.generateData(m_ramArray, (short) 0, (short) (ARRAY_LENGTH / 2)); - sw = ecKeyTester.testECDSA(ecPrivKey, ecPubKey, m_ramArray, (short) 0, (short) (ARRAY_LENGTH / 2), m_ramArray2, (short) 0); - Util.setShort(buffer, outputOffset, sw); - outputOffset += 2; - if (sw != ISO7816.SW_NO_ERROR) { - return (short) (outputOffset - startOffset); - } - - return (short) (outputOffset - startOffset); - } - - /** - * Receives an FP or F2M elliptic curve parameters in the APDU. - * Then allocates a new keypair, sets said curve and tries ECDH, ECDSA. - * APDU format: - * byte CLA = CLA_SIMPLEECCAPPLET - * byte INS = INS_TESTECSUPPORT_EXTERNAL - * byte P0 - * byte P1 - * <p> - * CDATA: - * byte keyClass -> KeyPair.ALG_EC_FP or KeyPair.ALG_EC_F2\M - * short keyLength - * short fieldLength - * short aLength - * short bLength - * short gxLength - * short gyLength - * short rLength - * field -> FP: prime / F2M: three or one short representing the reduction polynomial - * a - * b - * gx - * gy - * r - * short k - * <p> - * Response APDU format: - * CDATA: - * byte ECTEST_SEPARATOR - * byte ECTEST_ALLOCATE_KEYPAIR - * short sw - * byte ECTEST_SET_EXTERNALCURVE - * short sw - * byte ECTEST_GENERATE_KEYPAIR_EXTERNALCURVE - * short sw - * byte ECTEST_ECDH_AGREEMENT_VALID_POINT - * short sw - * byte ECTEST_ECDH_AGREEMENT_INVALID_POINT - * short sw - * byte ECTEST_ECDSA_SIGNATURE - * short sw - * - * @param apdu - */ - void TestEC_SupportExternal(APDU apdu) { - byte[] apdubuf = apdu.getBuffer(); - short len = apdu.setIncomingAndReceive(); - - short offset = ISO7816.OFFSET_CDATA; - byte keyClass = apdubuf[offset]; - ++offset; - short keyLength = Util.getShort(apdubuf, offset); - offset += 2; - - short dataLength = TestECSupportExternalCurve(keyClass, keyLength, apdubuf, offset, (short) 0); - - apdu.setOutgoingAndSend((short) 0, dataLength); - } - - - void TestEC_FP_GenerateInvalidCurve(APDU apdu) { - byte[] apdubuf = apdu.getBuffer(); - short len = apdu.setIncomingAndReceive(); - - short offset = ISO7816.OFFSET_CDATA; - short repeats = Util.getShort(apdubuf, offset); - offset += 2; - short corruptionType = Util.getShort(apdubuf, offset); - offset += 2; - byte bRewindOnSuccess = apdubuf[offset]; - offset++; - - short dataOffset = 0; - - // FP - dataOffset += TestECSupportInvalidCurve(KeyPair.ALG_EC_FP, (short) 160, apdubuf, dataOffset, repeats, corruptionType, bRewindOnSuccess); - - apdu.setOutgoingAndSend((short) 0, dataOffset); - } - - short TestECSupportInvalidCurve(byte keyClass, short keyLen, byte[] buffer, short bufferOffset, short repeats, short corruptionType, byte bRewindOnSuccess) { - short baseOffset = bufferOffset; - - short testFlags = FLAG_ECTEST_ALL; - - ecPubKey = null; - ecPrivKey = null; - - buffer[bufferOffset] = ECTEST_SEPARATOR; - bufferOffset++; - buffer[bufferOffset] = keyClass; - bufferOffset++; - Util.setShort(buffer, bufferOffset, keyLen); - bufferOffset += 2; - - short numExecutionsOffset = bufferOffset; // num executions to be stored later - bufferOffset += 2; - - short sw; - - // - // 1. Allocate KeyPair object - // - buffer[bufferOffset] = ECTEST_ALLOCATE_KEYPAIR; - bufferOffset++; - sw = SW_SKIPPED; - if ((testFlags & FLAG_ECTEST_ALLOCATE_KEYPAIR) != (short) 0) { - sw = ecKeyGenerator.allocatePair(keyClass, keyLen); - if (sw == ISO7816.SW_NO_ERROR) { - ecPrivKey = ecKeyGenerator.getPrivateKey(); - ecPubKey = ecKeyGenerator.getPublicKey(); - } else { - testFlags = 0; - } - - if (ecPubKey == null || ecPrivKey == null) { - ecKeyGenerator.generatePair(); - ecPrivKey = ecKeyGenerator.getPrivateKey(); - ecPubKey = ecKeyGenerator.getPublicKey(); - } - } - Util.setShort(buffer, bufferOffset, sw); - bufferOffset += 2; - - - // - // 2. Set invalid custom curve (many times) - // - sw = ecKeyGenerator.setCustomCurve(keyClass, keyLen, m_ramArray, (short) 0); - ecPrivKey = ecKeyGenerator.getPrivateKey(); - ecPubKey = ecKeyGenerator.getPublicKey(); - - m_lenB = ecPubKey.getB(m_ramArray2, (short) 0); //store valid B - - short startOffset = bufferOffset; - short i; - for (i = 0; i < repeats; i++) { - if ((testFlags & FLAG_ECTEST_SET_INVALIDCURVE) != (short) 0) { - if (bRewindOnSuccess == 1) { - // if nothing unexpected happened, rewind bufferOffset back again - bufferOffset = startOffset; - } - - ecPubKey.getB(m_ramArray2, (short) 0); //store valid B - - // set invalid curve - buffer[bufferOffset] = ECTEST_SET_INVALIDCURVE; - bufferOffset++; - - // Supported types of invalid curve: - // CORRUPTION_NONE = 0x01, valid parameter - // CORRUPTION_FIXED = 0x02, first and last byte changed to a fixed value - // CORRUPTION_FULLRANDOM = 0x03, completely random parameter data - // CORRUPTION_ONEBYTERANDOM = 0x04, one random byte randomly changed - // CORRUPTION_ZERO = 0x05, parameter competely zero - // CORRUPTION_ONE = 0x06, parameter completely one - sw = ecKeyGenerator.setCustomInvalidCurve(keyClass, keyLen, ECKeyGenerator.KEY_BOTH, EC_Consts.PARAMETER_B, corruptionType, m_ramArray, (short) 0); - Util.setShort(buffer, bufferOffset, sw); - bufferOffset += 2; - if (sw != ISO7816.SW_NO_ERROR) { - // if we reach this line, we are interested in value of B that caused incorrect response - break; // stop execution, return B - } - - // Gen key pair with invalid curve - - buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE; - bufferOffset++; - // Should fail - sw = ecKeyGenerator.generatePair(); - Util.setShort(buffer, bufferOffset, sw); - bufferOffset += 2; - - if (sw == ISO7816.SW_NO_ERROR) { - // If this line is reached, we generated key pair - what should not happen - buffer[bufferOffset] = ECTEST_DH_GENERATESECRET; - bufferOffset++; - - ecPrivKey = ecKeyGenerator.getPrivateKey(); - ecPubKey = ecKeyGenerator.getPublicKey(); - - sw = ecKeyTester.testECDH_validPoint(ecPrivKey, ecPubKey, m_ramArray, (short) 0, m_ramArray2, (short) 0); - m_lenB = ecPubKey.getB(m_ramArray2, (short) 0); //store B - //TODO: note, according to the previous version of this method, sw should get appended to the buffer only if sw != SW_NO_ERROR - Util.setShort(buffer, bufferOffset, sw); - bufferOffset += 2; - break; //stop execution, return B - } - - // Generate keypair with valid curve - to check that whole engine is not somehow blocked - // after previous attempt with invalid curve - // - // set valid curve - buffer[bufferOffset] = ECTEST_SET_VALIDCURVE; - bufferOffset++; - sw = ecKeyGenerator.setCustomCurve(keyClass, keyLen, m_ramArray, (short) 0); - - Util.setShort(buffer, bufferOffset, sw); - bufferOffset += 2; - - // Gen key pair with valid curve - buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE; - bufferOffset++; - - sw = ecKeyGenerator.generatePair(); - Util.setShort(buffer, bufferOffset, sw); - bufferOffset += 2; - if (sw != ISO7816.SW_NO_ERROR) { - break; - } - - // If we reach this line => everything was as expected - // Rewind offset in array back (no storage of info about expected runs) - // bufferOffset = startOffset; done at beginning - } else { - Util.setShort(buffer, bufferOffset, SW_SKIPPED); - bufferOffset += 2; - } - } - - // Set number of executed repeats - Util.setShort(buffer, numExecutionsOffset, i); - - return (short) (bufferOffset - baseOffset); - } - - //TODO: generalize invalid B setting to all curve params - void TestECSupportInvalidCurve_lastUsedParams(APDU apdu) { - byte[] apdubuf = apdu.getBuffer(); - apdu.setIncomingAndReceive(); - - short offset = 0; - Util.arrayCopyNonAtomic(m_ramArray2, (short) 0, apdubuf, offset, m_lenB); - offset += m_lenB; - - apdu.setOutgoingAndSend((short) 0, offset); - } - - void AllocateKeyPairReturnDefCurve(APDU apdu) { - byte[] apdubuf = apdu.getBuffer(); - apdu.setIncomingAndReceive(); - - short bitLen = Util.getShort(apdubuf, ISO7816.OFFSET_CDATA); - - // Note: all locations should happen in constructor. But here it is intentional - // as we like to test for result of allocation - ecKeyGenerator.allocatePair(KeyPair.ALG_EC_FP, bitLen); - - // If required, generate also new key pair - if (apdubuf[ISO7816.OFFSET_P1] == (byte) 1) { - - // If required, initialize curve parameters first - if (apdubuf[ISO7816.OFFSET_P2] == (byte) 2) { - ecKeyGenerator.setCustomCurve(KeyPair.ALG_EC_FP, bitLen, m_ramArray, (short) 0); - } - - // Now generate new keypair with either default or custom curve - ecKeyGenerator.generatePair(); - - short len; - short offset = 0; - - // Export curve public parameters - offset += 2; // reserve space for length - len = ecKeyGenerator.exportParameter(ECKeyGenerator.KEY_PUBLIC, EC_Consts.PARAMETER_FP, apdubuf, offset); - Util.setShort(apdubuf, (short) (offset - 2), len); - offset += len; - offset += 2; // reserve space for length - len = ecKeyGenerator.exportParameter(ECKeyGenerator.KEY_PUBLIC, EC_Consts.PARAMETER_A, apdubuf, offset); - Util.setShort(apdubuf, (short) (offset - 2), len); - offset += len; - - offset += 2; // reserve space for length - len = ecKeyGenerator.exportParameter(ECKeyGenerator.KEY_PUBLIC, EC_Consts.PARAMETER_B, apdubuf, offset); - Util.setShort(apdubuf, (short) (offset - 2), len); - offset += len; - offset += 2; // reserve space for length - len = ecKeyGenerator.exportParameter(ECKeyGenerator.KEY_PUBLIC, EC_Consts.PARAMETER_R, apdubuf, offset); - Util.setShort(apdubuf, (short) (offset - 2), len); - offset += len; - /* - offset += 2; // reserve space for length - len = ecPubKey.getW(apdubuf, offset); - Util.setShort(apdubuf, (short) (offset - 2), len); - offset += len; - */ - apdu.setOutgoingAndSend((short) 0, offset); - } - } - - void DeriveECDHSecret(APDU apdu) { - byte[] apdubuf = apdu.getBuffer(); - short len = apdu.setIncomingAndReceive(); - - // Assumption: proper EC keyPair is already allocated - // If public key point is provided, then use it - if (len == 0) { - // if not provided, use build-in one (valid only for 192 only) - Util.arrayCopyNonAtomic(EC192_FP_PUBLICW, (short) 0, apdubuf, ISO7816.OFFSET_CDATA, (short) EC192_FP_PUBLICW.length); - len = (short) EC192_FP_PUBLICW.length; - } - - // Generate fresh EC keypair - ecKeyGenerator.generatePair(); - ecPrivKey = ecKeyGenerator.getPrivateKey(); - - if (dhKeyAgreement == null) { - dhKeyAgreement = KeyAgreement.getInstance(KeyAgreement.ALG_EC_SVDP_DH, false); - } - dhKeyAgreement.init(ecPrivKey); - short secretLen = 0; - // Generate and export secret - secretLen = dhKeyAgreement.generateSecret(apdubuf, ISO7816.OFFSET_CDATA, len, m_ramArray, (short) 0); - Util.arrayCopyNonAtomic(m_ramArray, (short) 0, apdubuf, (short) 0, secretLen); - - apdu.setOutgoingAndSend((short) 0, secretLen); - } - - void GenerateAndReturnKey(APDU apdu) { - byte[] apdubuf = apdu.getBuffer(); - apdu.setIncomingAndReceive(); - - short offset = ISO7816.OFFSET_CDATA; - byte keyClass = apdubuf[offset]; - offset++; - - short keyLength = Util.getShort(apdubuf, offset); - offset += 2; - - byte anomalous = apdubuf[offset]; - - offset = 0; - - switch (apdubuf[ISO7816.OFFSET_P1]) { - case P1_SETCURVE: { - ecKeyGenerator.allocatePair(keyClass, keyLength); - - if (anomalous != 0) { - ecKeyGenerator.setCustomAnomalousCurve(keyClass, keyLength, m_ramArray, (short) 0); - } else { - ecKeyGenerator.setCustomCurve(keyClass, keyLength, m_ramArray, (short) 0); - } - ecKeyGenerator.generatePair(); - ecPubKey = ecKeyGenerator.getPublicKey(); - ecPrivKey = ecKeyGenerator.getPrivateKey(); - break; - } - case P1_GENERATEKEYPAIR: { - // Assumption: proper EC keyPair is already allocated and initialized - short sw = ecKeyGenerator.generatePair(); - if (sw != ISO7816.SW_NO_ERROR) { - ISOException.throwIt(sw); - } - ecPubKey = ecKeyGenerator.getPublicKey(); - ecPrivKey = ecKeyGenerator.getPrivateKey(); - - offset = 0; - apdubuf[offset] = EC_Consts.TAG_ECPUBKEY; - offset++; - offset += 2; // reserve space for length - short len = ecKeyGenerator.exportParameter(ECKeyGenerator.KEY_PUBLIC, EC_Consts.PARAMETER_W, apdubuf, offset); - Util.setShort(apdubuf, (short) (offset - 2), len); - offset += len; - apdubuf[offset] = EC_Consts.TAG_ECPRIVKEY; - offset++; - offset += 2; // reserve space for length - len = ecKeyGenerator.exportParameter(ECKeyGenerator.KEY_PRIVATE, EC_Consts.PARAMETER_S, apdubuf, offset); - Util.setShort(apdubuf, (short) (offset - 2), len); - offset += len; - break; - } - default: - ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2); - } - - apdu.setOutgoingAndSend((short) 0, offset); - } - -/* - void AllocateKeyPair(byte algorithm, short bitLen) { - // Select proper attributes - switch (bitLen) { - case (short) 128: { - ecKeyPair = ecKeyPair128; - ecKeyPair = ecKeyPair128; - ecPrivKey = ecPrivKey128; - break; - } - case (short) 160: { - ecKeyPair = ecKeyPair160; - ecKeyPair = ecKeyPair160; - ecPrivKey = ecPrivKey160; - break; - } - case (short) 192: { - ecKeyPair = ecKeyPair192; - ecKeyPair = ecKeyPair192; - ecPrivKey = ecPrivKey192; - break; - } - case (short) 256: { - ecKeyPair = ecKeyPair256; - ecKeyPair = ecKeyPair256; - ecPrivKey = ecPrivKey256; - break; - } - default: { - ISOException.throwIt((short) -1); - } - } - - // Allocate instance - ecKeyPair = new KeyPair(algorithm, bitLen); - ecKeyPair.genKeyPair(); - ecPubKey = (ECPublicKey) ecKeyPair.getPublic(); - // sometimes null is returned and previous one call to genKeyPair() - // is required before we can get public key - if (ecPubKey == null) { - ecKeyPair.genKeyPair(); - } - ecPubKey = (ECPublicKey) ecKeyPair.getPublic(); - ecPrivKey = (ECPrivateKey) ecKeyPair.getPrivate(); - // Set required EC parameters - EC_Consts.setValidECKeyParams(ecPubKey, ecPrivKey, KeyPair.ALG_EC_FP, bitLen, m_ramArray); - } - - -*/ - -} - diff --git a/src/cz/crcs/ectester/applet/ECKeyGenerator.java b/src/cz/crcs/ectester/applet/ECKeyGenerator.java new file mode 100644 index 0000000..47f9c94 --- /dev/null +++ b/src/cz/crcs/ectester/applet/ECKeyGenerator.java @@ -0,0 +1,381 @@ +package cz.crcs.ectester.applet; + +import javacard.framework.ISO7816; +import javacard.framework.ISOException; +import javacard.framework.Util; +import javacard.security.CryptoException; +import javacard.security.ECPrivateKey; +import javacard.security.ECPublicKey; +import javacard.security.KeyPair; + +/** + * @author Jan Jancar johny@neuromancer.sk + */ +public class ECKeyGenerator { + + public static final byte KEY_PUBLIC = 0x01; + public static final byte KEY_PRIVATE = 0x02; + public static final byte KEY_BOTH = KEY_PUBLIC | KEY_PRIVATE; + + private short sw = ISO7816.SW_NO_ERROR; + + /** + * @param keyClass + * @param keyLength + * @return + */ + public KeyPair allocatePair(byte keyClass, short keyLength) { + sw = ISO7816.SW_NO_ERROR; + KeyPair ecKeyPair = null; + try { + ecKeyPair = new KeyPair(keyClass, keyLength); + + if (ecKeyPair.getPublic() == null || ecKeyPair.getPrivate() == null) { + try { + ecKeyPair.genKeyPair(); + } catch (Exception ignored) { + } + } + } catch (CryptoException ce) { + sw = ce.getReason(); + } catch (Exception e) { + sw = ISO7816.SW_UNKNOWN; + } + return ecKeyPair; + } + + /** + * @param keypair + * @return + */ + public short generatePair(KeyPair keypair) { + sw = ISO7816.SW_NO_ERROR; + try { + keypair.genKeyPair(); + } catch (CryptoException ce) { + sw = ce.getReason(); + } catch (Exception e) { + sw = ISO7816.SW_UNKNOWN; + } + return sw; + } + + public short setCurve(KeyPair keypair, byte curve, byte[] buffer, short offset) { + return setCurve(keypair, curve, EC_Consts.PARAMETERS_ALL, buffer, offset); + } + + public short setCurve(KeyPair keypair, byte curve, short params, byte[] buffer, short offset) { + return setCurve(keypair, KEY_BOTH, curve, params, buffer, offset); + } + + public short setCurve(KeyPair keypair, byte key, byte curve, short params, byte[] buffer, short offset) { + byte alg = EC_Consts.getCurveType(curve); + sw = ISO7816.SW_NO_ERROR; + + short length; + if (alg == KeyPair.ALG_EC_FP && (params & EC_Consts.PARAMETER_FP) != 0) { + length = EC_Consts.getCurveParameter(curve, EC_Consts.PARAMETER_FP, buffer, offset); + sw = setParameter(keypair, key, EC_Consts.PARAMETER_FP, buffer, offset, length); + } else if (alg == KeyPair.ALG_EC_F2M && (params & EC_Consts.PARAMETER_F2M) != 0) { + length = EC_Consts.getCurveParameter(curve, EC_Consts.PARAMETER_F2M, buffer, offset); + sw = setParameter(keypair, key, EC_Consts.PARAMETER_F2M, buffer, offset, length); + } + if (sw != ISO7816.SW_NO_ERROR) return sw; + + //go through all params + short paramMask = EC_Consts.PARAMETER_A; + while (paramMask <= EC_Consts.PARAMETER_S) { + short masked = (short) (paramMask & params); + if (masked != 0) { + length = EC_Consts.getCurveParameter(curve, masked, buffer, offset); + sw = setParameter(keypair, key, masked, buffer, offset, length); + if (sw != ISO7816.SW_NO_ERROR) break; + } + paramMask = (short) (paramMask << 1); + } + return sw; + } + + /** + * @param keypair + * @param corruptParams + * @param corruption + * @param buffer + * @param offset + * @return + */ + public short corruptCurve(KeyPair keypair, short corruptParams, byte corruption, byte[] buffer, short offset) { + return corruptCurve(keypair, KEY_BOTH, corruptParams, corruption, buffer, offset); + } + + /** + * @param keypair + * @param key + * @param corruptParams + * @param corruption + * @param buffer + * @param offset + * @return + */ + public short corruptCurve(KeyPair keypair, byte key, short corruptParams, byte corruption, byte[] buffer, short offset) { + sw = ISO7816.SW_NO_ERROR; + + //go through param bit by bit, and invalidate all selected params + short paramMask = EC_Consts.PARAMETER_FP; + while (paramMask <= EC_Consts.PARAMETER_S) { + short masked = (short) (paramMask & corruptParams); + if (masked != 0) { + short length = exportParameter(keypair, key, masked, buffer, offset); + EC_Consts.corruptParameter(corruption, buffer, offset, length); + sw = setParameter(keypair, key, masked, buffer, offset, length); + if (sw != ISO7816.SW_NO_ERROR) break; + } + paramMask = (short) (paramMask << 1); + } + return sw; + } + + /** + * @param key + * @param param + * @param data + * @param offset + * @param length + * @return + */ + public short setParameter(KeyPair keypair, byte key, short param, byte[] data, short offset, short length) { + sw = ISO7816.SW_NO_ERROR; + ECPublicKey ecPublicKey = (ECPublicKey) keypair.getPublic(); + ECPrivateKey ecPrivateKey = (ECPrivateKey) keypair.getPrivate(); + + try { + switch (param) { + case EC_Consts.PARAMETER_FP: { + if ((key & KEY_PUBLIC) != 0) ecPublicKey.setFieldFP(data, offset, length); + if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setFieldFP(data, offset, length); + break; + } + case EC_Consts.PARAMETER_F2M: { + if (length == 2) { + short i = Util.makeShort(data[offset], data[(short) (offset + 1)]); + if ((key & KEY_PUBLIC) != 0) ecPublicKey.setFieldF2M(i); + if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setFieldF2M(i); + } else if (length == 6) { + short i1 = Util.makeShort(data[offset], data[(short) (offset + 1)]); + short i2 = Util.makeShort(data[(short) (offset + 2)], data[(short) (offset + 3)]); + short i3 = Util.makeShort(data[(short) (offset + 4)], data[(short) (offset + 5)]); + if ((key & KEY_PUBLIC) != 0) ecPublicKey.setFieldF2M(i1, i2, i3); + if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setFieldF2M(i1, i2, i3); + } else { + sw = ISO7816.SW_UNKNOWN; + } + break; + } + case EC_Consts.PARAMETER_A: { + if ((key & KEY_PUBLIC) != 0) ecPublicKey.setA(data, offset, length); + if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setA(data, offset, length); + break; + } + case EC_Consts.PARAMETER_B: { + if ((key & KEY_PUBLIC) != 0) ecPublicKey.setB(data, offset, length); + if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setB(data, offset, length); + break; + } + case EC_Consts.PARAMETER_G: { + if ((key & KEY_PUBLIC) != 0) ecPublicKey.setG(data, offset, length); + if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setG(data, offset, length); + break; + } + case EC_Consts.PARAMETER_R: { + if ((key & KEY_PUBLIC) != 0) ecPublicKey.setR(data, offset, length); + if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setR(data, offset, length); + break; + } + case EC_Consts.PARAMETER_K: { + short k = 0; + if (length > 2 || length <= 0) { + sw = ISO7816.SW_UNKNOWN; + break; + } else if (length == 2) { + k = Util.getShort(data, offset); + } else if (length == 1) { + k = data[offset]; + } + if ((key & KEY_PUBLIC) != 0) ecPublicKey.setK(k); + if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setK(k); + break; + } + case EC_Consts.PARAMETER_S: + if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setS(data, offset, length); + break; + case EC_Consts.PARAMETER_W: + if ((key & KEY_PUBLIC) != 0) ecPublicKey.setW(data, offset, length); + break; + default: { + ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); + } + } + } catch (CryptoException ce) { + sw = ce.getReason(); + } catch (Exception e) { + sw = ISO7816.SW_UNKNOWN; + } + return sw; + } + + /** + * @param keypair + * @param params + * @param inBuffer + * @param inOffset + * @return + */ + public short setExternalCurve(KeyPair keypair, short params, byte[] inBuffer, short inOffset) { + return setExternalCurve(keypair, KEY_BOTH, params, inBuffer, inOffset); + } + + /** + * @param keypair + * @param key + * @param params + * @param inBuffer + * @param inOffset + * @return + */ + public short setExternalCurve(KeyPair keypair, byte key, short params, byte[] inBuffer, short inOffset) { + sw = ISO7816.SW_NO_ERROR; + + short paramMask = EC_Consts.PARAMETER_FP; + while (paramMask <= EC_Consts.PARAMETER_S) { + short masked = (short) (paramMask & params); + if (masked != 0) { + short paramLength = Util.getShort(inBuffer, inOffset); + inOffset += 2; + sw = setParameter(keypair, key, masked, inBuffer, inOffset, paramLength); + inOffset += paramLength; + if (sw != ISO7816.SW_NO_ERROR) break; + } + paramMask = (short) (paramMask << 1); + } + return sw; + } + + /** + * @param key + * @param param + * @param outputBuffer + * @param outputOffset + * @return + */ + public short exportParameter(KeyPair keypair, byte key, short param, byte[] outputBuffer, short outputOffset) { + sw = ISO7816.SW_NO_ERROR; + ECPublicKey ecPublicKey = (ECPublicKey) keypair.getPublic(); + ECPrivateKey ecPrivateKey = (ECPrivateKey) keypair.getPrivate(); + + short length = 0; + try { + switch (param) { + case EC_Consts.PARAMETER_FP: + case EC_Consts.PARAMETER_F2M: + if ((key & KEY_PUBLIC) != 0) length = ecPublicKey.getField(outputBuffer, outputOffset); + if ((key & KEY_PRIVATE) != 0) length = ecPrivateKey.getField(outputBuffer, outputOffset); + break; + case EC_Consts.PARAMETER_A: + if ((key & KEY_PUBLIC) != 0) length = ecPublicKey.getA(outputBuffer, outputOffset); + if ((key & KEY_PRIVATE) != 0) length = ecPrivateKey.getA(outputBuffer, outputOffset); + break; + case EC_Consts.PARAMETER_B: + if ((key & KEY_PUBLIC) != 0) length = ecPublicKey.getB(outputBuffer, outputOffset); + if ((key & KEY_PRIVATE) != 0) length = ecPrivateKey.getB(outputBuffer, outputOffset); + break; + case EC_Consts.PARAMETER_G: + if ((key & KEY_PUBLIC) != 0) length = ecPublicKey.getG(outputBuffer, outputOffset); + if ((key & KEY_PRIVATE) != 0) length = ecPrivateKey.getG(outputBuffer, outputOffset); + break; + case EC_Consts.PARAMETER_R: + if ((key & KEY_PUBLIC) != 0) length = ecPublicKey.getR(outputBuffer, outputOffset); + if ((key & KEY_PRIVATE) != 0) length = ecPrivateKey.getR(outputBuffer, outputOffset); + break; + case EC_Consts.PARAMETER_K: + if ((key & KEY_PUBLIC) != 0) Util.setShort(outputBuffer, outputOffset, ecPublicKey.getK()); + if ((key & KEY_PRIVATE) != 0) Util.setShort(outputBuffer, outputOffset, ecPrivateKey.getK()); + length = 2; + break; + case EC_Consts.PARAMETER_W: + if ((key & KEY_PUBLIC) != 0) length = ecPublicKey.getW(outputBuffer, outputOffset); + break; + case EC_Consts.PARAMETER_S: + if ((key & KEY_PRIVATE) != 0) length = ecPrivateKey.getS(outputBuffer, outputOffset); + break; + default: + ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); + } + } catch (CryptoException ce) { + sw = ce.getReason(); + } catch (Exception e) { + sw = ISO7816.SW_UNKNOWN; + } + return length; + } + + /** + * @param keypair + * @param key + * @param params + * @param buffer + * @param offset + * @return + */ + public short exportParameters(KeyPair keypair, byte key, short params, byte[] buffer, short offset) { + sw = ISO7816.SW_NO_ERROR; + + short length = 0; + + short paramMask = EC_Consts.PARAMETER_FP; + while (paramMask <= EC_Consts.PARAMETER_S) { + short masked = (short) (paramMask & params); + if (masked != 0) { + short len = exportParameter(keypair, key, masked, buffer, (short) (offset + 2)); + if (len == 0) { + paramMask = (short) (paramMask << 1); + continue; + } + Util.setShort(buffer, offset, len); + offset += len + 2; + length += len + 2; + } + paramMask = (short) (paramMask << 1); + } + return length; + } + + /** + * Copies this KeyPairs curve parameters to another ECKeyGenerator. + * + * @param from + * @param to + * @param buffer + * @param offset + * @return + */ + public short copyCurve(KeyPair from, KeyPair to, byte[] buffer, short offset) { + sw = ISO7816.SW_NO_ERROR; + try { + short param = EC_Consts.PARAMETER_FP; + while (param <= EC_Consts.PARAMETER_K) { + short paramLength = exportParameter(from, KEY_PUBLIC, param, buffer, offset); + setParameter(to, KEY_BOTH, param, buffer, offset, paramLength); + param = (short) (param << 1); + } + } catch (CryptoException ce) { + sw = ce.getReason(); + } catch (Exception e) { + sw = ISO7816.SW_UNKNOWN; + } + return sw; + } + + public short getSW() { + return sw; + } +} diff --git a/src/applets/ECKeyTester.java b/src/cz/crcs/ectester/applet/ECKeyTester.java index 9dd0fd5..72fa165 100644 --- a/src/applets/ECKeyTester.java +++ b/src/cz/crcs/ectester/applet/ECKeyTester.java @@ -1,4 +1,4 @@ -package applets; +package cz.crcs.ectester.applet; import javacard.framework.ISO7816; @@ -7,61 +7,65 @@ import javacard.security.*; /** * Class capable of testing ECDH/C and ECDSA. * Note that ECDH and ECDHC output should equal, only the algorithm is different. + * + * @author Jan Jancar johny@neuromancer.sk */ public class ECKeyTester { + private KeyAgreement ecdhKeyAgreement = null; private KeyAgreement ecdhcKeyAgreement = null; private Signature ecdsaSignature = null; + private short sw = ISO7816.SW_NO_ERROR; + public short allocateECDH() { - short result = ISO7816.SW_NO_ERROR; + sw = ISO7816.SW_NO_ERROR; try { ecdhKeyAgreement = KeyAgreement.getInstance(KeyAgreement.ALG_EC_SVDP_DH, false); } catch (CryptoException ce) { - result = ce.getReason(); + sw = ce.getReason(); } catch (Exception e) { - result = ISO7816.SW_UNKNOWN; + sw = ISO7816.SW_UNKNOWN; } - return result; + return sw; } public short allocateECDHC() { - short result = ISO7816.SW_NO_ERROR; + sw = ISO7816.SW_NO_ERROR; try { ecdhcKeyAgreement = KeyAgreement.getInstance(KeyAgreement.ALG_EC_SVDP_DHC, false); } catch (CryptoException ce) { - result = ce.getReason(); + sw = ce.getReason(); } catch (Exception e) { - result = ISO7816.SW_UNKNOWN; + sw = ISO7816.SW_UNKNOWN; } - return result; + return sw; } public short allocateECDSA() { - short result = ISO7816.SW_NO_ERROR; + sw = ISO7816.SW_NO_ERROR; try { ecdsaSignature = Signature.getInstance(Signature.ALG_ECDSA_SHA, false); } catch (CryptoException ce) { - result = ce.getReason(); + sw = ce.getReason(); } catch (Exception e) { - result = ISO7816.SW_UNKNOWN; + sw = ISO7816.SW_UNKNOWN; } - return result; + return sw; } private short testKA(KeyAgreement ka, ECPrivateKey privateKey, byte[] pubkeyBuffer, short pubkeyOffset, short pubkeyLength, byte[] outputBuffer, short outputOffset) { - short result = ISO7816.SW_NO_ERROR; + sw = ISO7816.SW_NO_ERROR; + short length = 0; try { ka.init(privateKey); - - short secretLength = ka.generateSecret(pubkeyBuffer, pubkeyOffset, pubkeyLength, outputBuffer, outputOffset); - //TODO, figure out how to separate the return value of this method (short) error, and return the secretLenght.. + length = ka.generateSecret(pubkeyBuffer, pubkeyOffset, pubkeyLength, outputBuffer, outputOffset); } catch (CryptoException ce) { - result = ce.getReason(); + sw = ce.getReason(); } catch (Exception e) { - result = ISO7816.SW_UNKNOWN; + sw = ISO7816.SW_UNKNOWN; } - return result; + return length; } private short testKA_validPoint(KeyAgreement ka, ECPrivateKey privateKey, byte[] pubkeyBuffer, short pubkeyOffset, short pubkeyLength, byte[] outputBuffer, short outputOffset) { @@ -91,8 +95,8 @@ public class ECKeyTester { * @param pubkeyOffset * @param outputBuffer * @param outputOffset - * @return ISO7816.SW_NO_ERROR on correct operation, - * exception reason otherwise + * @return derived secret length + * **/ public short testECDH_validPoint(ECPrivateKey privateKey, ECPublicKey publicKey, byte[] pubkeyBuffer, short pubkeyOffset, byte[] outputBuffer, short outputOffset) { short length = publicKey.getW(pubkeyBuffer, pubkeyOffset); @@ -139,27 +143,26 @@ public class ECKeyTester { * @param inputLength * @param sigBuffer * @param sigOffset - * @return ISO7816.SW_NO_ERROR on correct operation, - * SW_SIG_VERIFY_FAIL, - * SW_SIG_LENGTH_MISMATCH + * @return signature length */ public short testECDSA(ECPrivateKey signKey, ECPublicKey verifyKey, byte[] inputBuffer, short inputOffset, short inputLength, byte[] sigBuffer, short sigOffset) { - short result = ISO7816.SW_NO_ERROR; + sw = ISO7816.SW_NO_ERROR; + short length = 0; try { ecdsaSignature.init(signKey, Signature.MODE_SIGN); - short sigLength = ecdsaSignature.sign(inputBuffer, inputOffset, inputLength, sigBuffer, sigOffset); + length = ecdsaSignature.sign(inputBuffer, inputOffset, inputLength, sigBuffer, sigOffset); ecdsaSignature.init(verifyKey, Signature.MODE_VERIFY); - boolean correct = ecdsaSignature.verify(inputBuffer, inputOffset, inputLength, sigBuffer, sigOffset, sigLength); + boolean correct = ecdsaSignature.verify(inputBuffer, inputOffset, inputLength, sigBuffer, sigOffset, length); if (!correct) { - result = SimpleECCApplet.SW_SIG_VERIFY_FAIL; + sw = ECTesterApplet.SW_SIG_VERIFY_FAIL; } } catch (CryptoException ce) { - result = ce.getReason(); + sw = ce.getReason(); } catch (Exception e) { - result = ISO7816.SW_UNKNOWN; + sw = ISO7816.SW_UNKNOWN; } - return result; + return length; } public KeyAgreement getECDH() { @@ -174,4 +177,8 @@ public class ECKeyTester { return ecdsaSignature; } + public short getSW() { + return sw; + } + } diff --git a/src/cz/crcs/ectester/applet/ECTesterApplet.java b/src/cz/crcs/ectester/applet/ECTesterApplet.java new file mode 100644 index 0000000..b461688 --- /dev/null +++ b/src/cz/crcs/ectester/applet/ECTesterApplet.java @@ -0,0 +1,427 @@ +/* + * PACKAGEID: 4C6162616B417070 + * APPLETID: 4C6162616B4170706C6574 + */ +package cz.crcs.ectester.applet; + +import javacard.framework.*; +import javacard.security.ECPrivateKey; +import javacard.security.ECPublicKey; +import javacard.security.KeyPair; +import javacard.security.RandomData; + +/** + * @author Petr Svenda petr@svenda.com + * @author Jan Jancar johny@neuromancer.sk + */ +public class ECTesterApplet extends Applet { + + // MAIN INSTRUCTION CLASS + public static final byte CLA_ECTESTERAPPLET = (byte) 0xB0; + + //INSTRUCTIONS + public static final byte INS_ALLOCATE = (byte) 0x5a; + public static final byte INS_SET = (byte) 0x5b; + public static final byte INS_GENERATE = (byte) 0x5c; + public static final byte INS_ECDH = (byte) 0x5d; + public static final byte INS_ECDSA = (byte) 0x5e; + + //PARAMETERS for P1 and P2 + public static final byte KEYPAIR_LOCAL = (byte) 0x01; + public static final byte KEYPAIR_REMOTE = (byte) 0x02; + public static final byte KEYPAIR_BOTH = KEYPAIR_LOCAL | KEYPAIR_REMOTE; + public static final byte EXPORT_PUBLIC = (byte) 0x04; + public static final byte EXPORT_PRIVATE = (byte) 0x08; + public static final byte EXPORT_BOTH = EXPORT_PUBLIC | EXPORT_PRIVATE; + public static final byte EXPORT_ECDH = (byte) 0x10; + public static final byte EXPORT_SIG = (byte) 0x20; + + //STATUS WORDS + public static final short SW_SIG_VERIFY_FAIL = (short) 0x0ee1; + + + private static final short ARRAY_LENGTH = (short) 0xff; + // TEMPORARRY ARRAY IN RAM + private byte ramArray[] = null; + private byte ramArray2[] = null; + // PERSISTENT ARRAY IN EEPROM + private byte dataArray[] = null; // unused + + + private RandomData randomData = null; + + private KeyPair localKeypair = null; + private KeyPair remoteKeypair = null; + private ECKeyTester keyTester = null; + private ECKeyGenerator keyGenerator = null; + + protected ECTesterApplet(byte[] buffer, short offset, byte length) { + if (length > 9) { + /* + short dataOffset = offset; + // shift to privilege offset + dataOffset += (short) (1 + buffer[offset]); + // finally shift to Application specific offset + dataOffset += (short) (1 + buffer[dataOffset]); + // go to proprietary data + dataOffset++; + */ + + ramArray = JCSystem.makeTransientByteArray(ARRAY_LENGTH, JCSystem.CLEAR_ON_RESET); + ramArray2 = JCSystem.makeTransientByteArray(ARRAY_LENGTH, JCSystem.CLEAR_ON_RESET); + + dataArray = new byte[ARRAY_LENGTH]; + Util.arrayFillNonAtomic(dataArray, (short) 0, ARRAY_LENGTH, (byte) 0); + + randomData = RandomData.getInstance(RandomData.ALG_SECURE_RANDOM); + EC_Consts.randomData = randomData; + + keyGenerator = new ECKeyGenerator(); + keyTester = new ECKeyTester(); + keyTester.allocateECDH(); + keyTester.allocateECDHC(); + keyTester.allocateECDSA(); + } + register(); + } + + public static void install(byte[] bArray, short bOffset, byte bLength) throws ISOException { + // applet instance creation + new ECTesterApplet(bArray, bOffset, bLength); + } + + public void process(APDU apdu) throws ISOException { + // get the APDU buffer + byte[] apduBuffer = apdu.getBuffer(); + + // ignore the applet select command dispached to the process + if (selectingApplet()) + return; + + if (apduBuffer[ISO7816.OFFSET_CLA] == CLA_ECTESTERAPPLET) { + switch (apduBuffer[ISO7816.OFFSET_INS]) { + case INS_ALLOCATE: + insAllocate(apdu); + break; + case INS_SET: + insSet(apdu); + break; + case INS_GENERATE: + insGenerate(apdu); + break; + case INS_ECDH: + insECDH(apdu); + break; + case INS_ECDSA: + insECDSA(apdu); + break; + default: + // The INS code is not supported by the dispatcher + ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED); + break; + } + } else ISOException.throwIt(ISO7816.SW_CLA_NOT_SUPPORTED); + } + + /** + * Allocate local and remote keypairs. + * returns allocate SWs + * + * @param apdu P1 = byte keypair (KEYPAIR_* | ...) + * P2 = + * DATA = short keyLength + * byte keyClass + */ + private void insAllocate(APDU apdu) { + apdu.setIncomingAndReceive(); + byte[] apdubuf = apdu.getBuffer(); + + byte keypair = apdubuf[ISO7816.OFFSET_P1]; + short keyLength = Util.getShort(apdubuf, ISO7816.OFFSET_CDATA); + byte keyClass = apdubuf[ISO7816.OFFSET_CDATA + 2]; + + short len = allocate(keypair, keyLength, keyClass, apdubuf, (short) 0); + + apdu.setOutgoingAndSend((short) 0, len); + } + + /** + * @param keypair which keypair to use, local/remote (KEYPAIR_* | ...) + * @param keyLength key length to set + * @param keyClass key class to allocate + * @param buffer apdu buffer + * @param offset offset into apdu buffer + * @return length of data written to the buffer + */ + private short allocate(byte keypair, short keyLength, byte keyClass, byte[] buffer, short offset) { + short length = 0; + if ((keypair & KEYPAIR_LOCAL) != 0) { + localKeypair = keyGenerator.allocatePair(keyClass, keyLength); + Util.setShort(buffer, offset, keyGenerator.getSW()); + length += 2; + } + + if ((keypair & KEYPAIR_REMOTE) != 0) { + remoteKeypair = keyGenerator.allocatePair(keyClass, keyLength); + Util.setShort(buffer, (short) (offset + length), keyGenerator.getSW()); + length += 2; + } + + return length; + } + + /** + * Sets curve parameters on local and remote keypairs. + * returns setCurve SWs, set params if export + * + * @param apdu P1 = byte keypair (KEYPAIR_* | ...) + * P2 = byte export (EXPORT_* | KEYPAIR_*) + * DATA = byte curve (EC_Consts.CURVE_*) + * short params (EC_Consts.PARAMETER_* | ...) + * short corruptedParams (EC_Consts.PARAMETER_* | ...) + * byte corruptionType (EC_Consts.CORRUPTION_*) + * <p> + * if curveID = CURVE_EXTERNAL: + * [short param_length, byte[] param], + * for all params in params, + * in order: field,a,b,g,r,k,w,s + */ + private void insSet(APDU apdu) { + apdu.setIncomingAndReceive(); + byte[] apdubuf = apdu.getBuffer(); + + byte keypair = apdubuf[ISO7816.OFFSET_P1]; + byte export = apdubuf[ISO7816.OFFSET_P2]; + byte curve = apdubuf[ISO7816.OFFSET_CDATA]; + short params = Util.getShort(apdubuf, (short) (ISO7816.OFFSET_CDATA + 1)); + short corruptedParams = Util.getShort(apdubuf, (short) (ISO7816.OFFSET_CDATA + 3)); + byte corruptionType = apdubuf[(short) (ISO7816.OFFSET_CDATA + 5)]; + + short len = 0; + + if ((keypair & KEYPAIR_LOCAL) != 0) + len += set(localKeypair, curve, params, corruptedParams, corruptionType, apdubuf, (short) (ISO7816.OFFSET_CDATA + 6), (short) 0); + if ((keypair & KEYPAIR_REMOTE) != 0) + len += set(remoteKeypair, curve, params, corruptedParams, corruptionType, apdubuf, (short) (ISO7816.OFFSET_CDATA + 6), len); + if ((export & KEYPAIR_LOCAL) != 0) + len += export(localKeypair, export, params, apdubuf, len); + if ((export & KEYPAIR_REMOTE) != 0) + len += export(remoteKeypair, export, params, apdubuf, len); + + apdu.setOutgoingAndSend((short) 0, len); + } + + /** + * @param keypair KeyPair to set params on + * @param curve curve to set (EC_Consts.CURVE_*) + * @param params parameters to set (EC_Consts.PARAMETER_* | ...) + * @param corrupted parameters to corrupt (EC_Consts.PARAMETER_* | ...) + * @param corruption corruption type (EC_Consts.CORRUPTION_*) + * @param buffer buffer to read params from and write sw to + * @param inOffset input offset in buffer + * @param outOffset output offset in buffer + * @return length of data written to the buffer + */ + private short set(KeyPair keypair, byte curve, short params, short corrupted, byte corruption, byte[] buffer, short inOffset, short outOffset) { + short sw = ISO7816.SW_NO_ERROR; + + switch (curve) { + case EC_Consts.CURVE_default: + //default, dont set anything + break; + case EC_Consts.CURVE_external: + //external + sw = keyGenerator.setExternalCurve(keypair, params, buffer, inOffset); + break; + default: + //custom + sw = keyGenerator.setCurve(keypair, curve, params, ramArray, (short) 0); + break; + } + + if (sw == ISO7816.SW_NO_ERROR) + sw = keyGenerator.corruptCurve(keypair, corrupted, corruption, ramArray, (short) 0); + Util.setShort(buffer, outOffset, sw); + return 2; + } + + /** + * Generates the local and remote keypairs. + * returns generate SWs, pubkey and privkey if export + * + * @param apdu P1 = byte keypair (KEYPAIR_* | ...) + * P2 = byte export (EXPORT_* | KEYPAIR_*) + */ + private void insGenerate(APDU apdu) { + apdu.setIncomingAndReceive(); + byte[] apdubuf = apdu.getBuffer(); + + byte keypair = apdubuf[ISO7816.OFFSET_P1]; + byte export = apdubuf[ISO7816.OFFSET_P2]; + + short len = 0; + if ((keypair & KEYPAIR_LOCAL) != 0) + len += generate(localKeypair, apdubuf, (short) 0); + if ((keypair & KEYPAIR_REMOTE) != 0) + len += generate(remoteKeypair, apdubuf, len); + if ((export & KEYPAIR_LOCAL) != 0) + len += export(localKeypair, export, (short) (EC_Consts.PARAMETER_W | EC_Consts.PARAMETER_S), apdubuf, len); + if ((export & KEYPAIR_REMOTE) != 0) + len += export(remoteKeypair, export, (short) (EC_Consts.PARAMETER_W | EC_Consts.PARAMETER_S), apdubuf, len); + + apdu.setOutgoingAndSend((short) 0, len); + } + + /** + * @param keypair KeyPair to generate + * @param buffer buffer to write sw to + * @param offset output offset in buffer + * @return length of data written to the buffer + */ + private short generate(KeyPair keypair, byte[] buffer, short offset) { + short sw = keyGenerator.generatePair(keypair); + Util.setShort(buffer, offset, sw); + + return 2; + } + + /** + * @param keypair KeyPair to export from + * @param export which key to export from (EXPORT_PUBLIC | EXPORT_PRIVATE) + * @param params which params to export (EC_Consts.PARAMETER_* | ...) + * @param buffer buffer to export params to + * @param offset output offset in buffer + * @return length of data written to the buffer + */ + private short export(KeyPair keypair, byte export, short params, byte[] buffer, short offset) { + short length = 0; + + if ((export & EXPORT_PUBLIC) != 0) { + //export params from public + length += keyGenerator.exportParameters(keypair, ECKeyGenerator.KEY_PUBLIC, params, buffer, offset); + } + + if ((export & EXPORT_PRIVATE) != 0) { + //export params from private + length += keyGenerator.exportParameters(keypair, ECKeyGenerator.KEY_PRIVATE, params, buffer, (short) (offset + length)); + + } + return length; + } + + /** + * Does ECDH, between the pubkey specified in P1(local/remote) and the privkey specified in P2(local/remote). + * returns deriveSecret SW, if export != 0 => short secretlen, byte[] secret + * + * @param apdu P1 = byte pubkey (KEYPAIR_*) + * P2 = byte privkey (KEYPAIR_*) + * DATA = byte export (EXPORT_ECDH || 0) + * byte invalid (00 = valid, !00 = invalid) + */ + private void insECDH(APDU apdu) { + apdu.setIncomingAndReceive(); + byte[] apdubuf = apdu.getBuffer(); + + byte pubkey = apdubuf[ISO7816.OFFSET_P1]; + byte privkey = apdubuf[ISO7816.OFFSET_P2]; + byte export = apdubuf[ISO7816.OFFSET_CDATA]; + byte invalid = apdubuf[(short) (ISO7816.OFFSET_CDATA + 1)]; + + short len = ecdh(pubkey, privkey, export, invalid, apdubuf, (short) 0); + + apdu.setOutgoingAndSend((short) 0, len); + } + + /** + * @param pubkey keypair to use for public key, (KEYPAIR_LOCAL || KEYPAIR_REMOTE) + * @param privkey keypair to use for private key, (KEYPAIR_LOCAL || KEYPAIR_REMOTE) + * @param export whether to export ECDH secret + * @param invalid whether to invalidate the pubkey before ECDH + * @param buffer buffer to write sw to, and export ECDH secret if (export & EXPORT_ECDH) != 0 + * @param offset output offset in buffer + * @return length of data written to the buffer + */ + private short ecdh(byte pubkey, byte privkey, byte export, byte invalid, byte[] buffer, short offset) { + short length = 0; + + KeyPair pub = ((pubkey & KEYPAIR_LOCAL) != 0) ? localKeypair : remoteKeypair; + KeyPair priv = ((privkey & KEYPAIR_LOCAL) != 0) ? localKeypair : remoteKeypair; + + short secretLength; + if (invalid != 0) { + secretLength = keyTester.testECDH_invalidPoint((ECPrivateKey) priv.getPrivate(), (ECPublicKey) pub.getPublic(), ramArray, (short) 0, ramArray2, (short) 0); + } else { + secretLength = keyTester.testECDH_validPoint((ECPrivateKey) priv.getPrivate(), (ECPublicKey) pub.getPublic(), ramArray, (short) 0, ramArray2, (short) 0); + } + + Util.setShort(buffer, offset, keyTester.getSW()); + length += 2; + + if ((export & EXPORT_ECDH) != 0) { + Util.setShort(buffer, (short) (offset + length), secretLength); + length += 2; + Util.arrayCopyNonAtomic(ramArray2, (short) 0, buffer, (short) (offset + length), secretLength); + length += secretLength; + } + + return length; + } + + /** + * Does and ECDSA signature and verification on data provided, using the keypair in P1(local/remote). + * returns ecdsa SW, if export != 0 => short signature_length, byte[] signature + * + * @param apdu P1 = byte keypair (KEYPAIR_*) + * P2 = byte export (EXPORT_SIG || 0) + * DATA = short data_length (00 = random data generated, !00 = data length) + * byte[] data + */ + private void insECDSA(APDU apdu) { + apdu.setIncomingAndReceive(); + byte[] apdubuf = apdu.getBuffer(); + + byte keypair = apdubuf[ISO7816.OFFSET_P1]; + byte export = apdubuf[ISO7816.OFFSET_P2]; + + short len = ecdsa(keypair, export, apdubuf, ISO7816.OFFSET_CDATA, (short) 0); + + apdu.setOutgoingAndSend((short) 0, len); + } + + /** + * @param keypair keypair to use for signing and verification (KEYPAIR_LOCAL || KEYPAIR_REMOTE) + * @param export whether to export ECDSA signature + * @param buffer buffer to write sw to, and export ECDSA signature if (export & EXPORT_SIG) != 0 + * @param inOffset input offset in buffer + * @param outOffset output offset in buffer + * @return length of data written to the buffer + */ + private short ecdsa(byte keypair, byte export, byte[] buffer, short inOffset, short outOffset) { + short length = 0; + + short dataLength = Util.getShort(buffer, inOffset); + if (dataLength == 0) { //no data to sign + //generate random + dataLength = 32; + randomData.generateData(ramArray, (short) 0, dataLength); + } else { + Util.arrayCopyNonAtomic(buffer, (short) (inOffset + 2), ramArray, (short) 0, dataLength); + } + + KeyPair sign = ((keypair & KEYPAIR_LOCAL) != 0) ? localKeypair : remoteKeypair; + + short signatureLength = keyTester.testECDSA((ECPrivateKey) sign.getPrivate(), (ECPublicKey) sign.getPublic(), ramArray, (short) 0, dataLength, ramArray2, (short) 0); + Util.setShort(buffer, outOffset, keyTester.getSW()); + length += 2; + + if ((export & EXPORT_SIG) != 0) { + Util.setShort(buffer, (short) (outOffset + length), signatureLength); + length += 2; + + Util.arrayCopyNonAtomic(ramArray2, (short) 0, buffer, (short) (outOffset + length), signatureLength); + length += signatureLength; + } + + return length; + } +} diff --git a/src/applets/EC_Consts.java b/src/cz/crcs/ectester/applet/EC_Consts.java index d1f6842..c70919c 100644 --- a/src/applets/EC_Consts.java +++ b/src/cz/crcs/ectester/applet/EC_Consts.java @@ -1,4 +1,4 @@ -package applets; +package cz.crcs.ectester.applet; import javacard.framework.ISO7816; import javacard.framework.ISOException; @@ -6,6 +6,10 @@ import javacard.framework.Util; import javacard.security.KeyPair; import javacard.security.RandomData; +/** + * @author Petr Svenda petr@svenda.com + * @author Jan Jancar johny@neuromancer.sk + */ public class EC_Consts { private static byte[] EC_FP_P = null; //p @@ -22,6 +26,7 @@ public class EC_Consts { private static byte[] EC_F2M_F2M = null; //[short i1, short i2, short i3], f = x^m + x^i1 + x^i2 + x^i3 + 1 + public static final short PARAMETER_FP = 0x0001; public static final short PARAMETER_F2M = 0x0002; @@ -30,13 +35,22 @@ public class EC_Consts { public static final short PARAMETER_G = 0x0010; public static final short PARAMETER_R = 0x0020; public static final short PARAMETER_K = 0x0040; - public static final short PARAMETER_S = 0x0080; - public static final short PARAMETER_W = 0x0100; + public static final short PARAMETER_W = 0x0080; + public static final short PARAMETER_S = 0x0100; - public static RandomData m_random = null; + public static final short PARAMETERS_NONE = 0x0000; + public static final short PARAMETERS_DOMAIN_FP = 0x007d; + /** + * FP,A,B,G,R,K + */ + public static final short PARAMETERS_DOMAIN_F2M = 0x007e; + /** + * F2M,A,B,G,R,K + */ + public static final short PARAMETERS_KEYPAIR = 0x0180; + public static final short PARAMETERS_ALL = 0x01ff; - public static final byte TAG_ECPUBKEY = (byte) 0x41; - public static final byte TAG_ECPRIVKEY = (byte) 0x42; + public static RandomData randomData = null; // secp128r1 @@ -918,712 +932,44 @@ public class EC_Consts { // cofactor of G public static final short EC571_F2M_K = 2; - //Anomalous curve(small-pub-128), with pubkey of order 5 - public static final byte[] ECSP128_FP_P = { - (byte) 0xcf, (byte) 0xba, (byte) 0x21, (byte) 0xfd, - (byte) 0x04, (byte) 0x83, (byte) 0xb1, (byte) 0xf3, - (byte) 0x00, (byte) 0xfa, (byte) 0x25, (byte) 0x06, - (byte) 0xa5, (byte) 0xa5, (byte) 0x66, (byte) 0xef - }; - - public static final byte[] ECSP128_FP_A = { - (byte) 0x36, (byte) 0xd9, (byte) 0xa5, (byte) 0xac, - (byte) 0xac, (byte) 0x27, (byte) 0xa0, (byte) 0x08, - (byte) 0xe3, (byte) 0x6c, (byte) 0xbe, (byte) 0x3e, - (byte) 0x9f, (byte) 0x10, (byte) 0x3f, (byte) 0xde - }; - - public static final byte[] ECSP128_FP_B = { - (byte) 0xa6, (byte) 0x7c, (byte) 0xf5, (byte) 0xfa, - (byte) 0x09, (byte) 0xfb, (byte) 0x1d, (byte) 0xb9, - (byte) 0x02, (byte) 0x06, (byte) 0x8c, (byte) 0x87, - (byte) 0x04, (byte) 0x6a, (byte) 0xe2, (byte) 0x1e - }; - - public static final byte[] ECSP128_FP_G_X = { - (byte) 0x47, (byte) 0xd7, (byte) 0x83, (byte) 0x91, - (byte) 0xa4, (byte) 0xb9, (byte) 0xff, (byte) 0xf6, - (byte) 0xa0, (byte) 0xdb, (byte) 0x12, (byte) 0x92, - (byte) 0xf9, (byte) 0xcd, (byte) 0x0e, (byte) 0x6a - }; - - public static final byte[] ECSP128_FP_G_Y = { - (byte) 0x9a, (byte) 0xed, (byte) 0x9c, (byte) 0x92, - (byte) 0xf8, (byte) 0xbb, (byte) 0x3d, (byte) 0xbd, - (byte) 0x42, (byte) 0x40, (byte) 0x21, (byte) 0x65, - (byte) 0xa2, (byte) 0x70, (byte) 0xbd, (byte) 0x6f - }; - - public static final byte[] ECSP128_FP_R = { - (byte) 0xcf, (byte) 0xba, (byte) 0x21, (byte) 0xfd, - (byte) 0x04, (byte) 0x83, (byte) 0xb1, (byte) 0xf3, - (byte) 0x33, (byte) 0xd6, (byte) 0x1a, (byte) 0x5a, - (byte) 0xf6, (byte) 0xad, (byte) 0xa2, (byte) 0xc7 - }; - - public static final short ECSP128_FP_K = 1; - - public static final byte[] ECSP128_FP_W_X = { - (byte) 0x63, (byte) 0x90, (byte) 0x1e, (byte) 0x12, - (byte) 0x27, (byte) 0x61, (byte) 0xd9, (byte) 0xc1, - (byte) 0x65, (byte) 0x65, (byte) 0xb2, (byte) 0xf3, - (byte) 0x8e, (byte) 0x99, (byte) 0x1f, (byte) 0x71 - }; - - public static final byte[] ECSP128_FP_W_Y = { - (byte) 0xb9, (byte) 0xd9, (byte) 0x9f, (byte) 0xbc, - (byte) 0x31, (byte) 0x54, (byte) 0xa9, (byte) 0x6c, - (byte) 0xa2, (byte) 0x3e, (byte) 0xcf, (byte) 0xf7, - (byte) 0x70, (byte) 0xcb, (byte) 0xbe, (byte) 0x4f - }; - - - //Anomalous curve(small-pub-160), with pubkey of order 3 - public static final byte[] ECSP160_FP_P = { - (byte) 0xdc, (byte) 0x13, (byte) 0x49, (byte) 0x0f, - (byte) 0xf9, (byte) 0x85, (byte) 0x7b, (byte) 0x11, - (byte) 0x1f, (byte) 0x44, (byte) 0xc0, (byte) 0x50, - (byte) 0x07, (byte) 0x70, (byte) 0xa6, (byte) 0x45, - (byte) 0x7e, (byte) 0x68, (byte) 0x32, (byte) 0x23 - }; - - public static final byte[] ECSP160_FP_A = { - (byte) 0xa3, (byte) 0xec, (byte) 0xd7, (byte) 0xd5, - (byte) 0x1e, (byte) 0x79, (byte) 0xd7, (byte) 0x2d, - (byte) 0x27, (byte) 0x00, (byte) 0x18, (byte) 0x4c, - (byte) 0x79, (byte) 0x5a, (byte) 0xa8, (byte) 0xa6, - (byte) 0xb8, (byte) 0xe6, (byte) 0x65, (byte) 0x73 - }; - - public static final byte[] ECSP160_FP_B = { - (byte) 0x8a, (byte) 0xc4, (byte) 0x35, (byte) 0x92, - (byte) 0x90, (byte) 0x5f, (byte) 0x99, (byte) 0x5c, - (byte) 0xb1, (byte) 0x3f, (byte) 0x36, (byte) 0x94, - (byte) 0x31, (byte) 0x7b, (byte) 0xf4, (byte) 0x70, - (byte) 0xad, (byte) 0xaf, (byte) 0xb6, (byte) 0x45 - }; - - public static final byte[] ECSP160_FP_G_X = { - (byte) 0x5f, (byte) 0x8e, (byte) 0x88, (byte) 0xaf, - (byte) 0xc1, (byte) 0x17, (byte) 0xc7, (byte) 0x22, - (byte) 0x85, (byte) 0x9f, (byte) 0xe8, (byte) 0xe5, - (byte) 0x56, (byte) 0x47, (byte) 0xbc, (byte) 0xa6, - (byte) 0x9b, (byte) 0xa8, (byte) 0x21, (byte) 0x50 - }; - - public static final byte[] ECSP160_FP_G_Y = { - (byte) 0x93, (byte) 0xe6, (byte) 0xdc, (byte) 0xae, - (byte) 0xe2, (byte) 0x71, (byte) 0xe9, (byte) 0xf2, - (byte) 0x83, (byte) 0x8c, (byte) 0x98, (byte) 0xb7, - (byte) 0xd0, (byte) 0x6e, (byte) 0xcc, (byte) 0xc5, - (byte) 0xd7, (byte) 0xc8, (byte) 0x00, (byte) 0xe5 - }; - - public static final byte[] ECSP160_FP_R = { - (byte) 0xdc, (byte) 0x13, (byte) 0x49, (byte) 0x0f, - (byte) 0xf9, (byte) 0x85, (byte) 0x7b, (byte) 0x11, - (byte) 0x1f, (byte) 0x44, (byte) 0x6e, (byte) 0xf4, - (byte) 0xa6, (byte) 0xd1, (byte) 0xe1, (byte) 0x71, - (byte) 0x5f, (byte) 0x6a, (byte) 0x6d, (byte) 0xff - }; - - public static final short ECSP160_FP_K = 1; - - public static final byte[] ECSP160_FP_W_X = { - (byte) 0x59, (byte) 0xc9, (byte) 0xc3, (byte) 0xc8, - (byte) 0xae, (byte) 0xf2, (byte) 0x9f, (byte) 0x1c, - (byte) 0x1c, (byte) 0x50, (byte) 0x0c, (byte) 0xaf, - (byte) 0xb4, (byte) 0x72, (byte) 0x6d, (byte) 0xa6, - (byte) 0x08, (byte) 0x6e, (byte) 0x6e, (byte) 0xb0 - }; - - public static final byte[] ECSP160_FP_W_Y = { - (byte) 0xd6, (byte) 0x95, (byte) 0xa7, (byte) 0x60, - (byte) 0x05, (byte) 0xed, (byte) 0xdb, (byte) 0x26, - (byte) 0xaf, (byte) 0xd4, (byte) 0x0e, (byte) 0xe2, - (byte) 0x09, (byte) 0x04, (byte) 0x77, (byte) 0x8b, - (byte) 0xb3, (byte) 0x49, (byte) 0x7b, (byte) 0xb1 - }; - - - //Anomalous curve(small-pub-192), with pubkey of order 4 - public static final byte[] ECSP192_FP_P = { - (byte) 0xce, (byte) 0x71, (byte) 0x4c, (byte) 0xc3, - (byte) 0xa1, (byte) 0x5c, (byte) 0xe7, (byte) 0xe5, - (byte) 0xda, (byte) 0xb0, (byte) 0x68, (byte) 0xc9, - (byte) 0xa1, (byte) 0xf8, (byte) 0xbe, (byte) 0x00, - (byte) 0xaa, (byte) 0xd4, (byte) 0x80, (byte) 0xab, - (byte) 0xcc, (byte) 0xae, (byte) 0xef, (byte) 0xc3 - }; - - public static final byte[] ECSP192_FP_A = { - (byte) 0x59, (byte) 0x7c, (byte) 0x78, (byte) 0x1f, - (byte) 0x64, (byte) 0xc3, (byte) 0x3e, (byte) 0xb8, - (byte) 0xef, (byte) 0x91, (byte) 0x9c, (byte) 0x41, - (byte) 0x59, (byte) 0x11, (byte) 0x51, (byte) 0x8e, - (byte) 0xa3, (byte) 0x23, (byte) 0xbe, (byte) 0x88, - (byte) 0xb9, (byte) 0x43, (byte) 0x7c, (byte) 0xaf - }; - - public static final byte[] ECSP192_FP_B = { - (byte) 0xf8, (byte) 0x15, (byte) 0x85, (byte) 0xa1, - (byte) 0xb1, (byte) 0x8f, (byte) 0x23, (byte) 0x3d, - (byte) 0x70, (byte) 0xad, (byte) 0xd7, (byte) 0xee, - (byte) 0x13, (byte) 0x42, (byte) 0xd2, (byte) 0x03, - (byte) 0x5c, (byte) 0x38, (byte) 0x6a, (byte) 0x92, - (byte) 0xe3, (byte) 0xab, (byte) 0x83, (byte) 0x20 - }; - - public static final byte[] ECSP192_FP_G_X = { - (byte) 0x15, (byte) 0x0f, (byte) 0xf0, (byte) 0xa4, - (byte) 0x0d, (byte) 0xea, (byte) 0xc6, (byte) 0x46, - (byte) 0x2b, (byte) 0x59, (byte) 0x87, (byte) 0x41, - (byte) 0x86, (byte) 0x17, (byte) 0xfd, (byte) 0xee, - (byte) 0xb6, (byte) 0xbf, (byte) 0xd7, (byte) 0x6d, - (byte) 0x4d, (byte) 0x60, (byte) 0xa0, (byte) 0x67 - }; - - public static final byte[] ECSP192_FP_G_Y = { - (byte) 0x84, (byte) 0x3d, (byte) 0x57, (byte) 0x73, - (byte) 0x71, (byte) 0xc5, (byte) 0xdc, (byte) 0xe1, - (byte) 0x22, (byte) 0xc2, (byte) 0xff, (byte) 0x20, - (byte) 0x6b, (byte) 0x2f, (byte) 0x42, (byte) 0xfa, - (byte) 0x0b, (byte) 0x84, (byte) 0x2b, (byte) 0x49, - (byte) 0xbd, (byte) 0xaf, (byte) 0x99, (byte) 0x0f - }; - - public static final byte[] ECSP192_FP_R = { - (byte) 0xce, (byte) 0x71, (byte) 0x4c, (byte) 0xc3, - (byte) 0xa1, (byte) 0x5c, (byte) 0xe7, (byte) 0xe5, - (byte) 0xda, (byte) 0xb0, (byte) 0x68, (byte) 0xc9, - (byte) 0xa3, (byte) 0x0b, (byte) 0xc9, (byte) 0x29, - (byte) 0x15, (byte) 0xbd, (byte) 0x86, (byte) 0x62, - (byte) 0xae, (byte) 0x88, (byte) 0x28, (byte) 0x87 - }; - - public static final short ECSP192_FP_K = 1; - - public static final byte[] ECSP192_FP_W_X = { - (byte) 0x17, (byte) 0x04, (byte) 0x7f, (byte) 0x91, - (byte) 0xdb, (byte) 0xe3, (byte) 0x30, (byte) 0x32, - (byte) 0xc9, (byte) 0xd0, (byte) 0x9b, (byte) 0xd2, - (byte) 0x9c, (byte) 0xea, (byte) 0xdd, (byte) 0x8a, - (byte) 0x09, (byte) 0xcc, (byte) 0xc3, (byte) 0x2a, - (byte) 0xc6, (byte) 0x30, (byte) 0x95, (byte) 0x41 - }; - - public static final byte[] ECSP192_FP_W_Y = { - (byte) 0x6a, (byte) 0x72, (byte) 0x6d, (byte) 0xe5, - (byte) 0x4f, (byte) 0xbd, (byte) 0x59, (byte) 0xcf, - (byte) 0xc3, (byte) 0x52, (byte) 0xe8, (byte) 0x38, - (byte) 0xb3, (byte) 0x37, (byte) 0xfa, (byte) 0x00, - (byte) 0x5a, (byte) 0x97, (byte) 0x18, (byte) 0x08, - (byte) 0x16, (byte) 0x13, (byte) 0x5e, (byte) 0x6a - }; - - - public static final byte[] ECSP224_FP_P = { - (byte) 0xee, (byte) 0xd4, (byte) 0xc3, (byte) 0xd9, - (byte) 0x8f, (byte) 0x1c, (byte) 0x9b, (byte) 0x95, - (byte) 0x18, (byte) 0xf1, (byte) 0x16, (byte) 0x26, - (byte) 0x3d, (byte) 0xb7, (byte) 0x70, (byte) 0x36, - (byte) 0x68, (byte) 0x77, (byte) 0xd1, (byte) 0x2d, - (byte) 0xf6, (byte) 0xa9, (byte) 0xcf, (byte) 0x08, - (byte) 0xb9, (byte) 0x6d, (byte) 0xd4, (byte) 0xbb - }; - - //Anomalous curve(small-pub-224), with pubkey of order 5 - public static final byte[] ECSP224_FP_A = { - (byte) 0x8d, (byte) 0x4d, (byte) 0xdd, (byte) 0xb0, - (byte) 0x31, (byte) 0x7d, (byte) 0x6a, (byte) 0x6b, - (byte) 0xf9, (byte) 0xa4, (byte) 0xdb, (byte) 0xbe, - (byte) 0xd3, (byte) 0xa4, (byte) 0x3f, (byte) 0xa2, - (byte) 0x1f, (byte) 0x79, (byte) 0x86, (byte) 0x9c, - (byte) 0x5a, (byte) 0xb9, (byte) 0x72, (byte) 0x9d, - (byte) 0x23, (byte) 0x9e, (byte) 0x92, (byte) 0x82 - }; - - public static final byte[] ECSP224_FP_B = { - (byte) 0x46, (byte) 0x87, (byte) 0x36, (byte) 0x14, - (byte) 0xbe, (byte) 0x3d, (byte) 0xff, (byte) 0xc9, - (byte) 0x21, (byte) 0x80, (byte) 0x82, (byte) 0x32, - (byte) 0x22, (byte) 0x10, (byte) 0xc0, (byte) 0x61, - (byte) 0x61, (byte) 0x40, (byte) 0x28, (byte) 0x6f, - (byte) 0x2d, (byte) 0x16, (byte) 0x05, (byte) 0x03, - (byte) 0xc1, (byte) 0xa9, (byte) 0x25, (byte) 0x0d - }; - - public static final byte[] ECSP224_FP_G_X = { - (byte) 0x96, (byte) 0x1b, (byte) 0xbb, (byte) 0x1f, - (byte) 0xc9, (byte) 0x95, (byte) 0x5a, (byte) 0x71, - (byte) 0xc9, (byte) 0x1a, (byte) 0x50, (byte) 0xae, - (byte) 0xdc, (byte) 0xd2, (byte) 0xf1, (byte) 0x4f, - (byte) 0xcc, (byte) 0xb6, (byte) 0x60, (byte) 0xaf, - (byte) 0x99, (byte) 0x2b, (byte) 0x00, (byte) 0x30, - (byte) 0xb9, (byte) 0xc9, (byte) 0x0b, (byte) 0x36 - }; - - public static final byte[] ECSP224_FP_G_Y = { - (byte) 0x1c, (byte) 0x00, (byte) 0xf6, (byte) 0xd0, - (byte) 0xbd, (byte) 0x40, (byte) 0x5d, (byte) 0xd7, - (byte) 0xd3, (byte) 0x01, (byte) 0x6f, (byte) 0xb8, - (byte) 0xc0, (byte) 0xc7, (byte) 0x5e, (byte) 0x4e, - (byte) 0xce, (byte) 0xc7, (byte) 0x0f, (byte) 0xe6, - (byte) 0x12, (byte) 0x37, (byte) 0xf6, (byte) 0xd2, - (byte) 0x40, (byte) 0x08, (byte) 0xa5, (byte) 0xfd - }; - - public static final byte[] ECSP224_FP_R = { - (byte) 0xee, (byte) 0xd4, (byte) 0xc3, (byte) 0xd9, - (byte) 0x8f, (byte) 0x1c, (byte) 0x9b, (byte) 0x95, - (byte) 0x18, (byte) 0xf1, (byte) 0x16, (byte) 0x26, - (byte) 0x3d, (byte) 0xb8, (byte) 0x21, (byte) 0xc3, - (byte) 0x6a, (byte) 0x06, (byte) 0xad, (byte) 0xae, - (byte) 0x17, (byte) 0x16, (byte) 0x2a, (byte) 0xd3, - (byte) 0x16, (byte) 0x2f, (byte) 0x68, (byte) 0xc3 - }; - - public static final short ECSP224_FP_K = 1; - - public static final byte[] ECSP224_FP_W_X = { - (byte) 0xcf, (byte) 0xd9, (byte) 0x2a, (byte) 0xea, - (byte) 0x0f, (byte) 0x79, (byte) 0x19, (byte) 0x0c, - (byte) 0x48, (byte) 0xca, (byte) 0x70, (byte) 0x3e, - (byte) 0xb8, (byte) 0xa9, (byte) 0xba, (byte) 0xa7, - (byte) 0x09, (byte) 0x9a, (byte) 0x23, (byte) 0xbb, - (byte) 0x39, (byte) 0x57, (byte) 0x82, (byte) 0x61, - (byte) 0xfe, (byte) 0x4d, (byte) 0x0f, (byte) 0x04 - }; - - public static final byte[] ECSP224_FP_W_Y = { - (byte) 0x25, (byte) 0x7a, (byte) 0x3d, (byte) 0x98, - (byte) 0xde, (byte) 0x44, (byte) 0xbd, (byte) 0x25, - (byte) 0x40, (byte) 0x49, (byte) 0x77, (byte) 0xa4, - (byte) 0xac, (byte) 0x7f, (byte) 0xc5, (byte) 0x6d, - (byte) 0x3d, (byte) 0x4e, (byte) 0x82, (byte) 0x7f, - (byte) 0x08, (byte) 0x5b, (byte) 0x7c, (byte) 0xf5, - (byte) 0x24, (byte) 0x75, (byte) 0x24, (byte) 0xc4 - }; - - - //Anomalous curve(small-pub-256), with pubkey of order 3 - public static final byte[] ECSP256_FP_P = { - (byte) 0xc9, (byte) 0xa8, (byte) 0x03, (byte) 0xb1, - (byte) 0xea, (byte) 0xf8, (byte) 0x49, (byte) 0xf1, - (byte) 0xc0, (byte) 0x2c, (byte) 0xfd, (byte) 0x1d, - (byte) 0xbf, (byte) 0xac, (byte) 0x68, (byte) 0x62, - (byte) 0x39, (byte) 0x85, (byte) 0xc8, (byte) 0x8b, - (byte) 0x37, (byte) 0x10, (byte) 0x3b, (byte) 0x33, - (byte) 0x8a, (byte) 0xe1, (byte) 0x1d, (byte) 0x25, - (byte) 0x97, (byte) 0xee, (byte) 0x84, (byte) 0x45 - }; - - public static final byte[] ECSP256_FP_A = { - (byte) 0x48, (byte) 0x41, (byte) 0xc5, (byte) 0x77, - (byte) 0x5a, (byte) 0x24, (byte) 0xa8, (byte) 0x84, - (byte) 0xca, (byte) 0x36, (byte) 0xec, (byte) 0x36, - (byte) 0x2b, (byte) 0x44, (byte) 0x64, (byte) 0x5a, - (byte) 0x2f, (byte) 0x60, (byte) 0xb2, (byte) 0x5d, - (byte) 0x00, (byte) 0x2c, (byte) 0x4f, (byte) 0xc1, - (byte) 0xd9, (byte) 0xf1, (byte) 0x39, (byte) 0x87, - (byte) 0x0f, (byte) 0xe0, (byte) 0xcc, (byte) 0x71 - }; - - public static final byte[] ECSP256_FP_B = { - (byte) 0x1b, (byte) 0x09, (byte) 0x74, (byte) 0x56, - (byte) 0x75, (byte) 0x1f, (byte) 0x35, (byte) 0x34, - (byte) 0x19, (byte) 0x0d, (byte) 0xae, (byte) 0x56, - (byte) 0x8f, (byte) 0x80, (byte) 0xa2, (byte) 0xc6, - (byte) 0xff, (byte) 0x55, (byte) 0xdd, (byte) 0xdf, - (byte) 0xe0, (byte) 0x72, (byte) 0xa7, (byte) 0xdc, - (byte) 0x64, (byte) 0x67, (byte) 0xa4, (byte) 0xb6, - (byte) 0x47, (byte) 0x6b, (byte) 0x68, (byte) 0x80 - }; - - public static final byte[] ECSP256_FP_G_X = { - (byte) 0xa1, (byte) 0xfd, (byte) 0x34, (byte) 0xa2, - (byte) 0x7a, (byte) 0xfb, (byte) 0x13, (byte) 0x40, - (byte) 0xb8, (byte) 0xe4, (byte) 0xa7, (byte) 0xdb, - (byte) 0x2a, (byte) 0x5e, (byte) 0xc5, (byte) 0xa1, - (byte) 0x43, (byte) 0x2c, (byte) 0x6d, (byte) 0xc8, - (byte) 0x55, (byte) 0x5a, (byte) 0xf9, (byte) 0xf7, - (byte) 0x8f, (byte) 0xca, (byte) 0x2c, (byte) 0xf7, - (byte) 0x40, (byte) 0xca, (byte) 0xb2, (byte) 0xb7 - }; - - public static final byte[] ECSP256_FP_G_Y = { - (byte) 0x98, (byte) 0x41, (byte) 0x9c, (byte) 0x69, - (byte) 0x8c, (byte) 0xab, (byte) 0x6c, (byte) 0x7d, - (byte) 0xbb, (byte) 0x53, (byte) 0xeb, (byte) 0x27, - (byte) 0x51, (byte) 0x41, (byte) 0x7b, (byte) 0x52, - (byte) 0xcc, (byte) 0xde, (byte) 0xd4, (byte) 0x68, - (byte) 0x0c, (byte) 0x5e, (byte) 0x09, (byte) 0x54, - (byte) 0x3f, (byte) 0x93, (byte) 0xc7, (byte) 0x88, - (byte) 0x6c, (byte) 0x3a, (byte) 0x17, (byte) 0x3e - }; - - public static final byte[] ECSP256_FP_R = { - (byte) 0xc9, (byte) 0xa8, (byte) 0x03, (byte) 0xb1, - (byte) 0xea, (byte) 0xf8, (byte) 0x49, (byte) 0xf1, - (byte) 0xc0, (byte) 0x2c, (byte) 0xfd, (byte) 0x1d, - (byte) 0xbf, (byte) 0xac, (byte) 0x68, (byte) 0x63, - (byte) 0x12, (byte) 0x8c, (byte) 0x5b, (byte) 0x1f, - (byte) 0xc5, (byte) 0xac, (byte) 0xd5, (byte) 0xb5, - (byte) 0xe0, (byte) 0xfc, (byte) 0x0a, (byte) 0x73, - (byte) 0x11, (byte) 0xfb, (byte) 0x5b, (byte) 0x1d - }; - - public static final short ECSP256_FP_K = 1; - - public static final byte[] ECSP256_FP_W_X = { - (byte) 0x75, (byte) 0xfc, (byte) 0xe7, (byte) 0x09, - (byte) 0x68, (byte) 0x86, (byte) 0x2d, (byte) 0x53, - (byte) 0xe2, (byte) 0x95, (byte) 0x48, (byte) 0xaa, - (byte) 0xd7, (byte) 0x05, (byte) 0x82, (byte) 0x51, - (byte) 0x4e, (byte) 0x96, (byte) 0x0d, (byte) 0x81, - (byte) 0x28, (byte) 0xbd, (byte) 0x3c, (byte) 0x5f, - (byte) 0x8c, (byte) 0x4d, (byte) 0xbe, (byte) 0x2c, - (byte) 0xf8, (byte) 0xda, (byte) 0xd6, (byte) 0x53 - }; - - public static final byte[] ECSP256_FP_W_Y = { - (byte) 0x55, (byte) 0xaa, (byte) 0x4b, (byte) 0x7d, - (byte) 0x38, (byte) 0x82, (byte) 0xfb, (byte) 0x0a, - (byte) 0x83, (byte) 0xbd, (byte) 0x00, (byte) 0xc9, - (byte) 0xc3, (byte) 0xba, (byte) 0xe1, (byte) 0x7f, - (byte) 0x10, (byte) 0x24, (byte) 0xd6, (byte) 0x4a, - (byte) 0xec, (byte) 0x67, (byte) 0xe1, (byte) 0xdb, - (byte) 0x38, (byte) 0xef, (byte) 0x67, (byte) 0x1e, - (byte) 0x63, (byte) 0x50, (byte) 0xbe, (byte) 0xae - }; - - - //Anomalous curve(small-pub-384), with pubkey of order 3 - public static final byte[] ECSP384_FP_P = { - (byte) 0xd0, (byte) 0xdf, (byte) 0x6c, (byte) 0x96, - (byte) 0xcf, (byte) 0xf7, (byte) 0x08, (byte) 0x1b, - (byte) 0xe8, (byte) 0x0d, (byte) 0x22, (byte) 0xb0, - (byte) 0x05, (byte) 0x75, (byte) 0x8a, (byte) 0x2e, - (byte) 0x2f, (byte) 0x04, (byte) 0x6e, (byte) 0x15, - (byte) 0xfe, (byte) 0x02, (byte) 0x0e, (byte) 0xf8, - (byte) 0x86, (byte) 0xe2, (byte) 0x1b, (byte) 0x49, - (byte) 0x2a, (byte) 0xc5, (byte) 0x72, (byte) 0x57, - (byte) 0xa9, (byte) 0x23, (byte) 0x14, (byte) 0x4b, - (byte) 0xca, (byte) 0xd9, (byte) 0x89, (byte) 0xab, - (byte) 0x63, (byte) 0x41, (byte) 0xbd, (byte) 0x3b, - (byte) 0x70, (byte) 0x0f, (byte) 0x91, (byte) 0x4b - }; - - public static final byte[] ECSP384_FP_A = { - (byte) 0x45, (byte) 0xc6, (byte) 0x45, (byte) 0x03, - (byte) 0xbe, (byte) 0x01, (byte) 0x9a, (byte) 0xfd, - (byte) 0x34, (byte) 0x62, (byte) 0xb3, (byte) 0x61, - (byte) 0xad, (byte) 0x2b, (byte) 0x2a, (byte) 0x3b, - (byte) 0xca, (byte) 0x0a, (byte) 0xec, (byte) 0xcc, - (byte) 0x54, (byte) 0x94, (byte) 0xa6, (byte) 0x24, - (byte) 0xfb, (byte) 0x63, (byte) 0x24, (byte) 0x55, - (byte) 0xe6, (byte) 0x2b, (byte) 0x4f, (byte) 0x0c, - (byte) 0x98, (byte) 0xf9, (byte) 0x44, (byte) 0xfa, - (byte) 0x97, (byte) 0xc3, (byte) 0x78, (byte) 0x11, - (byte) 0xda, (byte) 0x03, (byte) 0x98, (byte) 0x23, - (byte) 0xcd, (byte) 0x77, (byte) 0xc9, (byte) 0x06 - }; - - public static final byte[] ECSP384_FP_B = { - (byte) 0xd8, (byte) 0x55, (byte) 0x83, (byte) 0xf7, - (byte) 0xf1, (byte) 0x1a, (byte) 0xd2, (byte) 0x3e, - (byte) 0xc7, (byte) 0x5e, (byte) 0xd5, (byte) 0xa4, - (byte) 0x14, (byte) 0x15, (byte) 0x3a, (byte) 0x06, - (byte) 0xd6, (byte) 0x64, (byte) 0x09, (byte) 0x36, - (byte) 0xb8, (byte) 0x10, (byte) 0x3f, (byte) 0x5d, - (byte) 0xf6, (byte) 0x91, (byte) 0xfa, (byte) 0x95, - (byte) 0xcf, (byte) 0x2a, (byte) 0xfa, (byte) 0x78, - (byte) 0xf3, (byte) 0xea, (byte) 0x5a, (byte) 0xdd, - (byte) 0xc2, (byte) 0x25, (byte) 0xb1, (byte) 0x44, - (byte) 0x96, (byte) 0x40, (byte) 0x48, (byte) 0xc9, - (byte) 0xf7, (byte) 0x59, (byte) 0x2a, (byte) 0xe4 - }; - - public static final byte[] ECSP384_FP_G_X = { - (byte) 0x2b, (byte) 0x13, (byte) 0x41, (byte) 0xd1, - (byte) 0x2d, (byte) 0xff, (byte) 0x4f, (byte) 0x9c, - (byte) 0xf9, (byte) 0x42, (byte) 0x7c, (byte) 0x47, - (byte) 0x52, (byte) 0x96, (byte) 0x2b, (byte) 0x4c, - (byte) 0x2b, (byte) 0xdc, (byte) 0x8f, (byte) 0xbc, - (byte) 0xd8, (byte) 0x06, (byte) 0x52, (byte) 0x51, - (byte) 0x6c, (byte) 0x42, (byte) 0x1c, (byte) 0xc5, - (byte) 0x23, (byte) 0x21, (byte) 0x2a, (byte) 0x01, - (byte) 0xea, (byte) 0x63, (byte) 0xc7, (byte) 0x9d, - (byte) 0x6e, (byte) 0x9a, (byte) 0x9c, (byte) 0x84, - (byte) 0x93, (byte) 0x3e, (byte) 0x35, (byte) 0x3e, - (byte) 0x21, (byte) 0x24, (byte) 0x16, (byte) 0xec - }; - - public static final byte[] ECSP384_FP_G_Y = { - (byte) 0xce, (byte) 0x41, (byte) 0x6c, (byte) 0x6e, - (byte) 0x75, (byte) 0xfa, (byte) 0x9f, (byte) 0xd2, - (byte) 0x05, (byte) 0xed, (byte) 0x48, (byte) 0xfc, - (byte) 0x4e, (byte) 0x30, (byte) 0x99, (byte) 0xcb, - (byte) 0xb1, (byte) 0xd6, (byte) 0xed, (byte) 0x03, - (byte) 0x1b, (byte) 0x7d, (byte) 0xdb, (byte) 0xff, - (byte) 0x1d, (byte) 0x63, (byte) 0x4e, (byte) 0xb9, - (byte) 0x7a, (byte) 0x83, (byte) 0xd9, (byte) 0xb7, - (byte) 0x80, (byte) 0xcf, (byte) 0xd4, (byte) 0xde, - (byte) 0xdf, (byte) 0xdd, (byte) 0x2c, (byte) 0x76, - (byte) 0x04, (byte) 0xd1, (byte) 0x43, (byte) 0x19, - (byte) 0x6c, (byte) 0x08, (byte) 0xd9, (byte) 0x33 - }; - - public static final byte[] ECSP384_FP_R = { - (byte) 0xd0, (byte) 0xdf, (byte) 0x6c, (byte) 0x96, - (byte) 0xcf, (byte) 0xf7, (byte) 0x08, (byte) 0x1b, - (byte) 0xe8, (byte) 0x0d, (byte) 0x22, (byte) 0xb0, - (byte) 0x05, (byte) 0x75, (byte) 0x8a, (byte) 0x2e, - (byte) 0x2f, (byte) 0x04, (byte) 0x6e, (byte) 0x15, - (byte) 0xfe, (byte) 0x02, (byte) 0x0e, (byte) 0xf7, - (byte) 0x66, (byte) 0x4e, (byte) 0xd5, (byte) 0x1d, - (byte) 0x77, (byte) 0x01, (byte) 0xc8, (byte) 0x6b, - (byte) 0xf2, (byte) 0xa1, (byte) 0xe9, (byte) 0xf3, - (byte) 0x00, (byte) 0x2c, (byte) 0x26, (byte) 0xfe, - (byte) 0x00, (byte) 0x23, (byte) 0x14, (byte) 0xc3, - (byte) 0xc9, (byte) 0x2f, (byte) 0x1c, (byte) 0xa9 - }; - - public static final short ECSP384_FP_K = 1; - - public static final byte[] ECSP384_FP_W_X = { - (byte) 0xa4, (byte) 0xbd, (byte) 0x57, (byte) 0x5b, - (byte) 0xf2, (byte) 0x03, (byte) 0x00, (byte) 0xb0, - (byte) 0xcf, (byte) 0x8a, (byte) 0x2f, (byte) 0x41, - (byte) 0xdd, (byte) 0x5a, (byte) 0x03, (byte) 0xe9, - (byte) 0x08, (byte) 0x96, (byte) 0x6a, (byte) 0x42, - (byte) 0x29, (byte) 0xa5, (byte) 0xf2, (byte) 0x2f, - (byte) 0x5c, (byte) 0x19, (byte) 0x0d, (byte) 0x36, - (byte) 0x41, (byte) 0xac, (byte) 0x2d, (byte) 0x32, - (byte) 0xb7, (byte) 0xb2, (byte) 0x4a, (byte) 0x63, - (byte) 0x48, (byte) 0x2c, (byte) 0xbb, (byte) 0xcd, - (byte) 0x0c, (byte) 0x22, (byte) 0x57, (byte) 0xf8, - (byte) 0x34, (byte) 0x83, (byte) 0x4e, (byte) 0xf1 - }; - - public static final byte[] ECSP384_FP_W_Y = { - (byte) 0x38, (byte) 0xd5, (byte) 0x1c, (byte) 0x8f, - (byte) 0x9e, (byte) 0x90, (byte) 0x59, (byte) 0x2f, - (byte) 0x56, (byte) 0x7e, (byte) 0x81, (byte) 0xd0, - (byte) 0xe4, (byte) 0x85, (byte) 0x5e, (byte) 0x79, - (byte) 0x73, (byte) 0x1b, (byte) 0x57, (byte) 0x97, - (byte) 0x85, (byte) 0x7a, (byte) 0x4c, (byte) 0x7d, - (byte) 0xc2, (byte) 0x70, (byte) 0x65, (byte) 0x3b, - (byte) 0xc9, (byte) 0xf0, (byte) 0xc3, (byte) 0x1e, - (byte) 0x84, (byte) 0x69, (byte) 0x30, (byte) 0x07, - (byte) 0xb0, (byte) 0x9c, (byte) 0xeb, (byte) 0xf7, - (byte) 0x10, (byte) 0xd5, (byte) 0xae, (byte) 0x32, - (byte) 0x37, (byte) 0x30, (byte) 0x39, (byte) 0x49 - }; - - - //Anomalous curve(small-pub-521), with pubkey of order 4 - public static final byte[] ECSP521_FP_P = { - (byte) 0x01, (byte) 0xd3, (byte) 0xdf, (byte) 0x43, - (byte) 0x09, (byte) 0x24, (byte) 0x95, (byte) 0x6e, - (byte) 0x21, (byte) 0x0a, (byte) 0x60, (byte) 0x5b, - (byte) 0x4d, (byte) 0xbf, (byte) 0x4a, (byte) 0x2e, - (byte) 0x90, (byte) 0x9d, (byte) 0x7a, (byte) 0x80, - (byte) 0x16, (byte) 0x58, (byte) 0x97, (byte) 0x8c, - (byte) 0x88, (byte) 0xff, (byte) 0xd6, (byte) 0x8d, - (byte) 0xcc, (byte) 0x81, (byte) 0x7f, (byte) 0x5c, - (byte) 0xc7, (byte) 0x9c, (byte) 0xf1, (byte) 0x88, - (byte) 0xd9, (byte) 0xee, (byte) 0x82, (byte) 0xd1, - (byte) 0xa5, (byte) 0x1c, (byte) 0x44, (byte) 0xcb, - (byte) 0xd3, (byte) 0x1e, (byte) 0x9c, (byte) 0xc5, - (byte) 0xb8, (byte) 0x16, (byte) 0xd7, (byte) 0x6d, - (byte) 0x5b, (byte) 0x13, (byte) 0x12, (byte) 0xb0, - (byte) 0x05, (byte) 0xf7, (byte) 0xb6, (byte) 0x89, - (byte) 0x19, (byte) 0xe2, (byte) 0x75, (byte) 0xda, - (byte) 0xc9, (byte) 0x9f - }; - - public static final byte[] ECSP521_FP_A = { - (byte) 0x00, (byte) 0x40, (byte) 0x16, (byte) 0x39, - (byte) 0xf3, (byte) 0x6f, (byte) 0x2e, (byte) 0xe4, - (byte) 0x5f, (byte) 0xc1, (byte) 0x64, (byte) 0xea, - (byte) 0x3e, (byte) 0x1f, (byte) 0x14, (byte) 0xf4, - (byte) 0x80, (byte) 0x3f, (byte) 0xd7, (byte) 0xa7, - (byte) 0x7f, (byte) 0xfd, (byte) 0xfb, (byte) 0x39, - (byte) 0x2c, (byte) 0x3f, (byte) 0x8f, (byte) 0xe9, - (byte) 0x5d, (byte) 0x1a, (byte) 0xea, (byte) 0x33, - (byte) 0x14, (byte) 0x67, (byte) 0xf4, (byte) 0x61, - (byte) 0x8d, (byte) 0x59, (byte) 0xae, (byte) 0xee, - (byte) 0x49, (byte) 0xd5, (byte) 0xd7, (byte) 0xc7, - (byte) 0x0c, (byte) 0xaf, (byte) 0x32, (byte) 0x0f, - (byte) 0x7d, (byte) 0xd1, (byte) 0xac, (byte) 0x16, - (byte) 0x61, (byte) 0x14, (byte) 0xf5, (byte) 0x62, - (byte) 0x41, (byte) 0x34, (byte) 0x49, (byte) 0x99, - (byte) 0x1d, (byte) 0x3a, (byte) 0xa1, (byte) 0xa2, - (byte) 0xc4, (byte) 0x9e - }; - - public static final byte[] ECSP521_FP_B = { - (byte) 0x00, (byte) 0x4a, (byte) 0x26, (byte) 0xa8, - (byte) 0xc4, (byte) 0x7f, (byte) 0xce, (byte) 0x20, - (byte) 0x4b, (byte) 0xa9, (byte) 0x53, (byte) 0x01, - (byte) 0x5f, (byte) 0xa8, (byte) 0x67, (byte) 0x08, - (byte) 0xc0, (byte) 0xde, (byte) 0x72, (byte) 0x0f, - (byte) 0x27, (byte) 0x52, (byte) 0x39, (byte) 0x88, - (byte) 0xb0, (byte) 0x97, (byte) 0xe7, (byte) 0x74, - (byte) 0x16, (byte) 0x8c, (byte) 0x15, (byte) 0xf7, - (byte) 0xa2, (byte) 0x15, (byte) 0xaa, (byte) 0xf1, - (byte) 0x8a, (byte) 0x5f, (byte) 0x1b, (byte) 0x95, - (byte) 0x79, (byte) 0xab, (byte) 0x3d, (byte) 0xb9, - (byte) 0x35, (byte) 0xd4, (byte) 0x5b, (byte) 0xe1, - (byte) 0x4c, (byte) 0x9a, (byte) 0x87, (byte) 0xb7, - (byte) 0x11, (byte) 0x70, (byte) 0x39, (byte) 0x69, - (byte) 0x09, (byte) 0xb1, (byte) 0x4d, (byte) 0x06, - (byte) 0xf7, (byte) 0xa0, (byte) 0x99, (byte) 0x75, - (byte) 0xb3, (byte) 0xa6 - }; - - public static final byte[] ECSP521_FP_G_X = { - (byte) 0x01, (byte) 0xc8, (byte) 0x80, (byte) 0xae, - (byte) 0x0a, (byte) 0x35, (byte) 0x5a, (byte) 0x52, - (byte) 0x79, (byte) 0x1f, (byte) 0xc9, (byte) 0x60, - (byte) 0x0f, (byte) 0xd8, (byte) 0xb3, (byte) 0x57, - (byte) 0x26, (byte) 0xe9, (byte) 0xd7, (byte) 0x99, - (byte) 0x10, (byte) 0x14, (byte) 0x89, (byte) 0x16, - (byte) 0x1c, (byte) 0x8f, (byte) 0x90, (byte) 0xa9, - (byte) 0xc6, (byte) 0x63, (byte) 0x1d, (byte) 0x09, - (byte) 0xb3, (byte) 0xcb, (byte) 0x34, (byte) 0x75, - (byte) 0x84, (byte) 0x83, (byte) 0x7d, (byte) 0x9d, - (byte) 0xeb, (byte) 0x85, (byte) 0x66, (byte) 0xa9, - (byte) 0xc5, (byte) 0x84, (byte) 0x6a, (byte) 0xde, - (byte) 0xd0, (byte) 0xd0, (byte) 0x1e, (byte) 0xb9, - (byte) 0x47, (byte) 0xb4, (byte) 0xaf, (byte) 0xfd, - (byte) 0x34, (byte) 0xe8, (byte) 0xea, (byte) 0x7d, - (byte) 0xbe, (byte) 0x73, (byte) 0x3c, (byte) 0xbe, - (byte) 0xda, (byte) 0xfa - }; - - public static final byte[] ECSP521_FP_G_Y = { - (byte) 0x00, (byte) 0x05, (byte) 0x0f, (byte) 0x12, - (byte) 0x67, (byte) 0x2f, (byte) 0x16, (byte) 0x3f, - (byte) 0x19, (byte) 0xd5, (byte) 0xd4, (byte) 0x93, - (byte) 0xeb, (byte) 0x82, (byte) 0xef, (byte) 0x77, - (byte) 0x7b, (byte) 0x02, (byte) 0x13, (byte) 0xdd, - (byte) 0x4e, (byte) 0x0c, (byte) 0xf7, (byte) 0x5a, - (byte) 0x9b, (byte) 0x99, (byte) 0x72, (byte) 0x4f, - (byte) 0xbd, (byte) 0xb5, (byte) 0x4b, (byte) 0x0c, - (byte) 0xc4, (byte) 0xe0, (byte) 0x37, (byte) 0xbf, - (byte) 0x86, (byte) 0xa4, (byte) 0x8b, (byte) 0xac, - (byte) 0x28, (byte) 0x46, (byte) 0x7b, (byte) 0xdd, - (byte) 0x93, (byte) 0x6c, (byte) 0x31, (byte) 0x4c, - (byte) 0xe1, (byte) 0x3f, (byte) 0x6e, (byte) 0xc7, - (byte) 0xec, (byte) 0x69, (byte) 0xea, (byte) 0x09, - (byte) 0xae, (byte) 0x4f, (byte) 0x54, (byte) 0x44, - (byte) 0xdf, (byte) 0x4b, (byte) 0x2a, (byte) 0x11, - (byte) 0x7a, (byte) 0x66 - }; - - public static final byte[] ECSP521_FP_R = { - (byte) 0x01, (byte) 0xd3, (byte) 0xdf, (byte) 0x43, - (byte) 0x09, (byte) 0x24, (byte) 0x95, (byte) 0x6e, - (byte) 0x21, (byte) 0x0a, (byte) 0x60, (byte) 0x5b, - (byte) 0x4d, (byte) 0xbf, (byte) 0x4a, (byte) 0x2e, - (byte) 0x90, (byte) 0x9d, (byte) 0x7a, (byte) 0x80, - (byte) 0x16, (byte) 0x58, (byte) 0x97, (byte) 0x8c, - (byte) 0x88, (byte) 0xff, (byte) 0xd6, (byte) 0x8d, - (byte) 0xcc, (byte) 0x81, (byte) 0x7f, (byte) 0x5c, - (byte) 0xc7, (byte) 0xba, (byte) 0x08, (byte) 0x38, - (byte) 0x71, (byte) 0x7c, (byte) 0x19, (byte) 0x47, - (byte) 0xf9, (byte) 0x3c, (byte) 0xfd, (byte) 0xd3, - (byte) 0xed, (byte) 0x87, (byte) 0xec, (byte) 0x2c, - (byte) 0x2d, (byte) 0xf1, (byte) 0x81, (byte) 0xc7, - (byte) 0xad, (byte) 0xa5, (byte) 0x53, (byte) 0x34, - (byte) 0x6e, (byte) 0xc1, (byte) 0x49, (byte) 0x57, - (byte) 0x32, (byte) 0xa1, (byte) 0xe7, (byte) 0xff, - (byte) 0xe9, (byte) 0xb3 - }; - - public static final short ECSP521_FP_K = 1; - - public static final byte[] ECSP521_FP_W_X = { - (byte) 0x00, (byte) 0x28, (byte) 0x44, (byte) 0xdf, - (byte) 0x0f, (byte) 0x31, (byte) 0xf4, (byte) 0x6a, - (byte) 0x40, (byte) 0xe6, (byte) 0xc7, (byte) 0x00, - (byte) 0x6c, (byte) 0xde, (byte) 0x99, (byte) 0x15, - (byte) 0x5b, (byte) 0xd5, (byte) 0xd1, (byte) 0x8d, - (byte) 0x0e, (byte) 0x41, (byte) 0x50, (byte) 0x17, - (byte) 0x8a, (byte) 0x8e, (byte) 0x30, (byte) 0x7d, - (byte) 0x6a, (byte) 0xec, (byte) 0x08, (byte) 0xfd, - (byte) 0x02, (byte) 0xd4, (byte) 0x66, (byte) 0xc0, - (byte) 0x3c, (byte) 0x49, (byte) 0xb4, (byte) 0x9c, - (byte) 0x26, (byte) 0x54, (byte) 0xb7, (byte) 0xc9, - (byte) 0xa3, (byte) 0x2d, (byte) 0x88, (byte) 0xca, - (byte) 0x01, (byte) 0x40, (byte) 0x16, (byte) 0xa7, - (byte) 0xed, (byte) 0xdd, (byte) 0x44, (byte) 0x21, - (byte) 0x7b, (byte) 0xe9, (byte) 0x15, (byte) 0x50, - (byte) 0x5d, (byte) 0x22, (byte) 0x8e, (byte) 0xfb, - (byte) 0x93, (byte) 0x89 - }; - - public static final byte[] ECSP521_FP_W_Y = { - (byte) 0x01, (byte) 0x05, (byte) 0x92, (byte) 0x1e, - (byte) 0x21, (byte) 0x72, (byte) 0xc3, (byte) 0x05, - (byte) 0x0b, (byte) 0xa4, (byte) 0xc9, (byte) 0xd2, - (byte) 0xe7, (byte) 0x44, (byte) 0xfc, (byte) 0x5b, - (byte) 0x7b, (byte) 0x5e, (byte) 0x84, (byte) 0x51, - (byte) 0x75, (byte) 0x1e, (byte) 0x67, (byte) 0x80, - (byte) 0xc6, (byte) 0xde, (byte) 0x88, (byte) 0x22, - (byte) 0x94, (byte) 0x97, (byte) 0xbe, (byte) 0x7d, - (byte) 0x23, (byte) 0x55, (byte) 0x0b, (byte) 0xee, - (byte) 0xfa, (byte) 0x0c, (byte) 0xb7, (byte) 0xfa, - (byte) 0xfe, (byte) 0xbb, (byte) 0x4d, (byte) 0xd9, - (byte) 0xfa, (byte) 0xd1, (byte) 0x24, (byte) 0x4c, - (byte) 0x67, (byte) 0x33, (byte) 0xbe, (byte) 0xfe, - (byte) 0x5a, (byte) 0x97, (byte) 0x71, (byte) 0x0f, - (byte) 0x0d, (byte) 0xc5, (byte) 0x6d, (byte) 0xc0, - (byte) 0x8d, (byte) 0x9d, (byte) 0x9d, (byte) 0xf9, - (byte) 0xd8, (byte) 0x46 - }; - // getCorruptCurveParameter PARAMETER_CORRUPTION TYPES - public static final short CORRUPTION_NONE = 0x01; - public static final short CORRUPTION_FIXED = 0x02; - public static final short CORRUPTION_FULLRANDOM = 0x03; - public static final short CORRUPTION_ONEBYTERANDOM = 0x04; - public static final short CORRUPTION_ZERO = 0x05; - public static final short CORRUPTION_ONE = 0x06; + public static final byte CORRUPTION_NONE = (byte) 0x00; + public static final byte CORRUPTION_FIXED = (byte) 0x01; + public static final byte CORRUPTION_FULLRANDOM = (byte) 0x02; + public static final byte CORRUPTION_ONEBYTERANDOM = (byte) 0x03; + public static final byte CORRUPTION_ZERO = (byte) 0x04; + public static final byte CORRUPTION_ONE = (byte) 0x05; + // Supported embedded curves, getCurveParameter - // SECP recommended curves over FP - public static final byte CURVE_secp128r1 = 1; - public static final byte CURVE_secp160r1 = 2; - public static final byte CURVE_secp192r1 = 3; - public static final byte CURVE_secp224r1 = 4; - public static final byte CURVE_secp256r1 = 5; - public static final byte CURVE_secp384r1 = 6; - public static final byte CURVE_secp521r1 = 7; + public static final byte CURVE_default = (byte) 0; + public static final byte CURVE_external = (byte) 0xff; - public static final byte CURVE_sp128 = 8; - public static final byte CURVE_sp160 = 9; - public static final byte CURVE_sp192 = 10; - public static final byte CURVE_sp224 = 11; - public static final byte CURVE_sp256 = 12; - public static final byte CURVE_sp384 = 13; - public static final byte CURVE_sp521 = 14; + // SECP recommended curves over FP + public static final byte CURVE_secp128r1 = (byte) 1; + public static final byte CURVE_secp160r1 = (byte) 2; + public static final byte CURVE_secp192r1 = (byte) 3; + public static final byte CURVE_secp224r1 = (byte) 4; + public static final byte CURVE_secp256r1 = (byte) 5; + public static final byte CURVE_secp384r1 = (byte) 6; + public static final byte CURVE_secp521r1 = (byte) 7; - public static final byte FP_CURVES = 14; + public static final byte FP_CURVES = (byte) 7; // SECP recommended curves over F2M - public static final byte CURVE_sect163r1 = 15; - public static final byte CURVE_sect233r1 = 16; - public static final byte CURVE_sect283r1 = 17; - public static final byte CURVE_sect409r1 = 18; - public static final byte CURVE_sect571r1 = 19; + public static final byte CURVE_sect163r1 = (byte) 8; + public static final byte CURVE_sect233r1 = (byte) 9; + public static final byte CURVE_sect283r1 = (byte) 10; + public static final byte CURVE_sect409r1 = (byte) 11; + public static final byte CURVE_sect571r1 = (byte) 12; + + public static final byte F2M_CURVES = (byte) 12; - public static final byte F2M_CURVES = 12; + public static final short[] FP_SIZES = new short[]{128, 160, 192, 224, 256, 384, 521}; + public static final short[] F2M_SIZES = new short[]{163, 233, 283, 409, 571}; - public static byte getCurve(short keyClass, short keyLength) { + public static byte getCurve(short keyLength, byte keyClass) { if (keyClass == KeyPair.ALG_EC_FP) { switch (keyLength) { case (short) 128: @@ -1664,34 +1010,6 @@ public class EC_Consts { return 0; } - public static byte getAnomalousCurve(short keyClass, short keyLength) { - if (keyClass == KeyPair.ALG_EC_FP) { - switch (keyLength) { - case (short) 128: - return CURVE_sp128; - case (short) 160: - return CURVE_sp160; - case (short) 192: - return CURVE_sp192; - case (short) 224: - return CURVE_sp224; - case (short) 256: - return CURVE_sp256; - case (short) 384: - return CURVE_sp384; - case (short) 521: - return CURVE_sp521; - default: - ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); - } - } else if (keyClass == KeyPair.ALG_EC_F2M) { - return 0; - } else { - ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); - } - return 0; - } - public static short getCurveParameter(byte curve, short param, byte[] outputBuffer, short outputOffset) { byte alg = getCurveType(curve); switch (curve) { @@ -1703,6 +1021,9 @@ public class EC_Consts { EC_G_Y = EC128_FP_G_Y; EC_R = EC128_FP_R; EC_K = EC128_FP_K; + EC_W_X = null; + EC_W_Y = null; + EC_S = null; break; } case CURVE_secp160r1: { @@ -1713,6 +1034,9 @@ public class EC_Consts { EC_G_Y = EC160_FP_G_Y; EC_R = EC160_FP_R; EC_K = EC160_FP_K; + EC_W_X = null; + EC_W_Y = null; + EC_S = null; break; } case CURVE_secp192r1: { @@ -1723,6 +1047,9 @@ public class EC_Consts { EC_G_Y = EC192_FP_G_Y; EC_R = EC192_FP_R; EC_K = EC192_FP_K; + EC_W_X = null; + EC_W_Y = null; + EC_S = null; break; } case CURVE_secp224r1: { @@ -1733,6 +1060,7 @@ public class EC_Consts { EC_G_Y = EC224_FP_G_Y; EC_R = EC224_FP_R; EC_K = EC224_FP_K; + EC_S = null; break; } case CURVE_secp256r1: { @@ -1743,6 +1071,9 @@ public class EC_Consts { EC_G_Y = EC256_FP_G_Y; EC_R = EC256_FP_R; EC_K = EC256_FP_K; + EC_W_X = null; + EC_W_Y = null; + EC_S = null; break; } case CURVE_secp384r1: { @@ -1753,6 +1084,9 @@ public class EC_Consts { EC_G_Y = EC384_FP_G_Y; EC_R = EC384_FP_R; EC_K = EC384_FP_K; + EC_W_X = null; + EC_W_Y = null; + EC_S = null; break; } case CURVE_secp521r1: { @@ -1763,6 +1097,9 @@ public class EC_Consts { EC_G_Y = EC521_FP_G_Y; EC_R = EC521_FP_R; EC_K = EC521_FP_K; + EC_W_X = null; + EC_W_Y = null; + EC_S = null; break; } case CURVE_sect163r1: { @@ -1773,6 +1110,9 @@ public class EC_Consts { EC_G_Y = EC163_F2M_G_Y; EC_R = EC163_F2M_R; EC_K = EC163_F2M_K; + EC_W_X = null; + EC_W_Y = null; + EC_S = null; break; } case CURVE_sect233r1: { @@ -1783,6 +1123,9 @@ public class EC_Consts { EC_G_Y = EC233_F2M_G_Y; EC_R = EC233_F2M_R; EC_K = EC233_F2M_K; + EC_W_X = null; + EC_W_Y = null; + EC_S = null; break; } case CURVE_sect283r1: { @@ -1793,6 +1136,9 @@ public class EC_Consts { EC_G_Y = EC283_F2M_G_Y; EC_R = EC283_F2M_R; EC_K = EC283_F2M_K; + EC_W_X = null; + EC_W_Y = null; + EC_S = null; break; } case CURVE_sect409r1: { @@ -1803,6 +1149,9 @@ public class EC_Consts { EC_G_Y = EC409_F2M_G_Y; EC_R = EC409_F2M_R; EC_K = EC409_F2M_K; + EC_W_X = null; + EC_W_Y = null; + EC_S = null; break; } case CURVE_sect571r1: { @@ -1813,90 +1162,9 @@ public class EC_Consts { EC_G_Y = EC571_F2M_G_Y; EC_R = EC571_F2M_R; EC_K = EC571_F2M_K; - break; - } - case CURVE_sp128: { - EC_FP_P = ECSP128_FP_P; - EC_A = ECSP128_FP_A; - EC_B = ECSP128_FP_B; - EC_G_X = ECSP128_FP_G_X; - EC_G_Y = ECSP128_FP_G_Y; - EC_R = ECSP128_FP_R; - EC_K = ECSP128_FP_K; - EC_W_X = ECSP128_FP_W_X; - EC_W_Y = ECSP128_FP_W_Y; - break; - } - case CURVE_sp160: { - EC_FP_P = ECSP160_FP_P; - EC_A = ECSP160_FP_A; - EC_B = ECSP160_FP_B; - EC_G_X = ECSP160_FP_G_X; - EC_G_Y = ECSP160_FP_G_Y; - EC_R = ECSP160_FP_R; - EC_K = ECSP160_FP_K; - EC_W_X = ECSP160_FP_W_X; - EC_W_Y = ECSP160_FP_W_Y; - break; - } - case CURVE_sp192: { - EC_FP_P = ECSP192_FP_P; - EC_A = ECSP192_FP_A; - EC_B = ECSP192_FP_B; - EC_G_X = ECSP192_FP_G_X; - EC_G_Y = ECSP192_FP_G_Y; - EC_R = ECSP192_FP_R; - EC_K = ECSP192_FP_K; - EC_W_X = ECSP192_FP_W_X; - EC_W_Y = ECSP192_FP_W_Y; - break; - } - case CURVE_sp224: { - EC_FP_P = ECSP224_FP_P; - EC_A = ECSP224_FP_A; - EC_B = ECSP224_FP_B; - EC_G_X = ECSP224_FP_G_X; - EC_G_Y = ECSP224_FP_G_Y; - EC_R = ECSP224_FP_R; - EC_K = ECSP224_FP_K; - EC_W_X = ECSP224_FP_W_X; - EC_W_Y = ECSP224_FP_W_Y; - break; - } - case CURVE_sp256: { - EC_FP_P = ECSP256_FP_P; - EC_A = ECSP256_FP_A; - EC_B = ECSP256_FP_B; - EC_G_X = ECSP256_FP_G_X; - EC_G_Y = ECSP256_FP_G_Y; - EC_R = ECSP256_FP_R; - EC_K = ECSP256_FP_K; - EC_W_X = ECSP256_FP_W_X; - EC_W_Y = ECSP256_FP_W_Y; - break; - } - case CURVE_sp384: { - EC_FP_P = ECSP384_FP_P; - EC_A = ECSP384_FP_A; - EC_B = ECSP384_FP_B; - EC_G_X = ECSP384_FP_G_X; - EC_G_Y = ECSP384_FP_G_Y; - EC_R = ECSP384_FP_R; - EC_K = ECSP384_FP_K; - EC_W_X = ECSP384_FP_W_X; - EC_W_Y = ECSP384_FP_W_Y; - break; - } - case CURVE_sp521: { - EC_FP_P = ECSP521_FP_P; - EC_A = ECSP521_FP_A; - EC_B = ECSP521_FP_B; - EC_G_X = ECSP521_FP_G_X; - EC_G_Y = ECSP521_FP_G_Y; - EC_R = ECSP521_FP_R; - EC_K = ECSP521_FP_K; - EC_W_X = ECSP521_FP_W_X; - EC_W_Y = ECSP521_FP_W_Y; + EC_W_X = null; + EC_W_Y = null; + EC_S = null; break; } default: @@ -1931,9 +1199,15 @@ public class EC_Consts { Util.setShort(outputBuffer, outputOffset, EC_K); break; case PARAMETER_W: + if (EC_W_X == null || EC_W_Y == null) { + return 0; + } length = toX962(outputBuffer, outputOffset, EC_W_X, (short) 0, (short) EC_W_X.length, EC_W_Y, (short) 0, (short) EC_W_Y.length); break; case PARAMETER_S: + if (EC_S == null) { + return 0; + } length = Util.arrayCopyNonAtomic(EC_S, (short) 0, outputBuffer, outputOffset, (short) EC_S.length); break; default: @@ -1942,46 +1216,51 @@ public class EC_Consts { return length; } - public static short getCorruptCurveParameter(byte curve, short param, byte[] outputBuffer, short outputOffset, short corruptionType) { + public static short getCorruptCurveParameter(byte curve, short param, byte[] outputBuffer, short outputOffset, byte corruptionType) { short length = getCurveParameter(curve, param, outputBuffer, outputOffset); if (length <= 0) { return length; } - switch (corruptionType) { + corruptParameter(corruptionType, outputBuffer, outputOffset, length); + return length; + } + + public static void corruptParameter(byte corruption, byte[] buffer, short offset, short length) { + switch (corruption) { case CORRUPTION_NONE: break; case CORRUPTION_FIXED: if (length >= 1) { - outputBuffer[outputOffset] = (byte) 0xcc; - outputBuffer[(short) (outputOffset + length - 1)] = (byte) 0xcc; + buffer[offset] = (byte) 0xcc; + buffer[(short) (offset + length - 1)] = (byte) 0xcc; } break; case CORRUPTION_FULLRANDOM: - m_random.generateData(outputBuffer, outputOffset, length); + randomData.generateData(buffer, offset, length); break; case CORRUPTION_ONEBYTERANDOM: - short first = Util.getShort(outputBuffer, (short) 0); // save first two bytes + short first = Util.getShort(buffer, (short) 0); // save first two bytes - m_random.generateData(outputBuffer, (short) 0, (short) 2); // generate position - short rngPos = Util.getShort(outputBuffer, (short) 0); // save generated position + randomData.generateData(buffer, (short) 0, (short) 2); // generate position + short rngPos = Util.getShort(buffer, (short) 0); // save generated position - Util.setShort(outputBuffer, (short) 0, first); // restore first two bytes + Util.setShort(buffer, (short) 0, first); // restore first two bytes if (rngPos < 0) { // make positive rngPos = (short) -rngPos; } rngPos %= length; // make < param length - byte original = outputBuffer[rngPos]; + byte original = buffer[rngPos]; do { - m_random.generateData(outputBuffer, rngPos, (short) 1); - } while (original == outputBuffer[rngPos]); + randomData.generateData(buffer, rngPos, (short) 1); + } while (original == buffer[rngPos]); break; case CORRUPTION_ZERO: - Util.arrayFillNonAtomic(outputBuffer, outputOffset, length, (byte) 0); + Util.arrayFillNonAtomic(buffer, offset, length, (byte) 0); break; case CORRUPTION_ONE: - Util.arrayFillNonAtomic(outputBuffer, outputOffset, length, (byte) 1); + Util.arrayFillNonAtomic(buffer, offset, length, (byte) 1); break; default: ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); @@ -1996,14 +1275,13 @@ public class EC_Consts { } */ } - return length; } public static byte getCurveType(byte curve) { return curve <= FP_CURVES ? KeyPair.ALG_EC_FP : KeyPair.ALG_EC_F2M; } - private static short toX962(byte[] outputBuffer, short outputOffset, byte[] xBuffer, short xOffset, short xLength, byte[] yBuffer, short yOffset, short yLength) { + public static short toX962(byte[] outputBuffer, short outputOffset, byte[] xBuffer, short xOffset, short xLength, byte[] yBuffer, short yOffset, short yLength) { short size = 1; size += xLength; size += yLength; diff --git a/src/cz/crcs/ectester/data/ecsp128.csv b/src/cz/crcs/ectester/data/ecsp128.csv new file mode 100644 index 0000000..29cfe3b --- /dev/null +++ b/src/cz/crcs/ectester/data/ecsp128.csv @@ -0,0 +1,7 @@ +cfba21fd0483b1f300fa2506a5a566ef, +36d9a5acac27a008e36cbe3e9f103fde, +a67cf5fa09fb1db902068c87046ae21e, +47d78391a4b9fff6a0db1292f9cd0e6a, +9aed9c92f8bb3dbd42402165a270bd6f, +cfba21fd0483b1f333d61a5af6ada2c7, +1
\ No newline at end of file diff --git a/src/cz/crcs/ectester/data/ecsp128_pub.csv b/src/cz/crcs/ectester/data/ecsp128_pub.csv new file mode 100644 index 0000000..ee1f34d --- /dev/null +++ b/src/cz/crcs/ectester/data/ecsp128_pub.csv @@ -0,0 +1,2 @@ +63901e122761d9c16565b2f38e991f71, +b9d99fbc3154a96ca23ecff770cbbe4f
\ No newline at end of file diff --git a/src/cz/crcs/ectester/data/ecsp160.csv b/src/cz/crcs/ectester/data/ecsp160.csv new file mode 100644 index 0000000..49824d9 --- /dev/null +++ b/src/cz/crcs/ectester/data/ecsp160.csv @@ -0,0 +1,7 @@ +dc13490ff9857b111f44c0500770a6457e683223, +a3ecd7d51e79d72d2700184c795aa8a6b8e66573, +8ac43592905f995cb13f3694317bf470adafb645, +5f8e88afc117c722859fe8e55647bca69ba82150, +93e6dcaee271e9f2838c98b7d06eccc5d7c800e5, +dc13490ff9857b111f446ef4a6d1e1715f6a6dff, +1
\ No newline at end of file diff --git a/src/cz/crcs/ectester/data/ecsp160_pub.csv b/src/cz/crcs/ectester/data/ecsp160_pub.csv new file mode 100644 index 0000000..e2e164e --- /dev/null +++ b/src/cz/crcs/ectester/data/ecsp160_pub.csv @@ -0,0 +1,2 @@ +59c9c3c8aef29f1c1c500cafb4726da6086e6eb0, +d695a76005eddb26afd40ee20904778bb3497bb1
\ No newline at end of file diff --git a/src/cz/crcs/ectester/data/ecsp192.csv b/src/cz/crcs/ectester/data/ecsp192.csv new file mode 100644 index 0000000..ccb5537 --- /dev/null +++ b/src/cz/crcs/ectester/data/ecsp192.csv @@ -0,0 +1,7 @@ +ce714cc3a15ce7e5dab068c9a1f8be00aad480abccaeefc3, +597c781f64c33eb8ef919c415911518ea323be88b9437caf, +f81585a1b18f233d70add7ee1342d2035c386a92e3ab8320, +150ff0a40deac6462b5987418617fdeeb6bfd76d4d60a067, +843d577371c5dce122c2ff206b2f42fa0b842b49bdaf990f, +ce714cc3a15ce7e5dab068c9a30bc92915bd8662ae882887, +1
\ No newline at end of file diff --git a/src/cz/crcs/ectester/data/ecsp192_pub.csv b/src/cz/crcs/ectester/data/ecsp192_pub.csv new file mode 100644 index 0000000..ec7f822 --- /dev/null +++ b/src/cz/crcs/ectester/data/ecsp192_pub.csv @@ -0,0 +1,2 @@ +17047f91dbe33032c9d09bd29ceadd8a09ccc32ac6309541, +6a726de54fbd59cfc352e838b337fa005a97180816135e6a
\ No newline at end of file diff --git a/src/cz/crcs/ectester/data/ecsp224.csv b/src/cz/crcs/ectester/data/ecsp224.csv new file mode 100644 index 0000000..894e669 --- /dev/null +++ b/src/cz/crcs/ectester/data/ecsp224.csv @@ -0,0 +1,7 @@ +eed4c3d98f1c9b9518f116263db770366877d12df6a9cf08b96dd4bb, +8d4dddb0317d6a6bf9a4dbbed3a43fa21f79869c5ab9729d239e9282, +46873614be3dffc9218082322210c0616140286f2d160503c1a9250d, +961bbb1fc9955a71c91a50aedcd2f14fccb660af992b0030b9c90b36, +1c00f6d0bd405dd7d3016fb8c0c75e4ecec70fe61237f6d24008a5fd, +eed4c3d98f1c9b9518f116263db821c36a06adae17162ad3162f68c3, +1
\ No newline at end of file diff --git a/src/cz/crcs/ectester/data/ecsp224_pub.csv b/src/cz/crcs/ectester/data/ecsp224_pub.csv new file mode 100644 index 0000000..0999b99 --- /dev/null +++ b/src/cz/crcs/ectester/data/ecsp224_pub.csv @@ -0,0 +1,2 @@ +cfd92aea0f79190c48ca703eb8a9baa7099a23bb39578261fe4d0f04, +257a3d98de44bd25404977a4ac7fc56d3d4e827f085b7cf5247524c4
\ No newline at end of file diff --git a/src/cz/crcs/ectester/data/ecsp256.csv b/src/cz/crcs/ectester/data/ecsp256.csv new file mode 100644 index 0000000..17387a6 --- /dev/null +++ b/src/cz/crcs/ectester/data/ecsp256.csv @@ -0,0 +1,7 @@ +c9a803b1eaf849f1c02cfd1dbfac68623985c88b37103b338ae11d2597ee8445, +4841c5775a24a884ca36ec362b44645a2f60b25d002c4fc1d9f139870fe0cc71, +1b097456751f3534190dae568f80a2c6ff55dddfe072a7dc6467a4b6476b6880, +a1fd34a27afb1340b8e4a7db2a5ec5a1432c6dc8555af9f78fca2cf740cab2b7, +98419c698cab6c7dbb53eb2751417b52ccded4680c5e09543f93c7886c3a173e, +c9a803b1eaf849f1c02cfd1dbfac6863128c5b1fc5acd5b5e0fc0a7311fb5b1d, +1
\ No newline at end of file diff --git a/src/cz/crcs/ectester/data/ecsp256_pub.csv b/src/cz/crcs/ectester/data/ecsp256_pub.csv new file mode 100644 index 0000000..a8f0492 --- /dev/null +++ b/src/cz/crcs/ectester/data/ecsp256_pub.csv @@ -0,0 +1,2 @@ +75fce70968862d53e29548aad70582514e960d8128bd3c5f8c4dbe2cf8dad653, +55aa4b7d3882fb0a83bd00c9c3bae17f1024d64aec67e1db38ef671e6350beae
\ No newline at end of file diff --git a/src/cz/crcs/ectester/data/ecsp384.csv b/src/cz/crcs/ectester/data/ecsp384.csv new file mode 100644 index 0000000..9acae3f --- /dev/null +++ b/src/cz/crcs/ectester/data/ecsp384.csv @@ -0,0 +1,7 @@ +d0df6c96cff7081be80d22b005758a2e2f046e15fe020ef886e21b492ac57257a923144bcad989ab6341bd3b700f914b, +45c64503be019afd3462b361ad2b2a3bca0aeccc5494a624fb632455e62b4f0c98f944fa97c37811da039823cd77c906, +d85583f7f11ad23ec75ed5a414153a06d6640936b8103f5df691fa95cf2afa78f3ea5addc225b144964048c9f7592ae4, +2b1341d12dff4f9cf9427c4752962b4c2bdc8fbcd80652516c421cc523212a01ea63c79d6e9a9c84933e353e212416ec, +ce416c6e75fa9fd205ed48fc4e3099cbb1d6ed031b7ddbff1d634eb97a83d9b780cfd4dedfdd2c7604d143196c08d933, +d0df6c96cff7081be80d22b005758a2e2f046e15fe020ef7664ed51d7701c86bf2a1e9f3002c26fe002314c3c92f1ca9, +1
\ No newline at end of file diff --git a/src/cz/crcs/ectester/data/ecsp384_pub.csv b/src/cz/crcs/ectester/data/ecsp384_pub.csv new file mode 100644 index 0000000..4eb4a96 --- /dev/null +++ b/src/cz/crcs/ectester/data/ecsp384_pub.csv @@ -0,0 +1,2 @@ +a4bd575bf20300b0cf8a2f41dd5a03e908966a4229a5f22f5c190d3641ac2d32b7b24a63482cbbcd0c2257f834834ef1, +38d51c8f9e90592f567e81d0e4855e79731b5797857a4c7dc270653bc9f0c31e84693007b09cebf710d5ae3237303949
\ No newline at end of file diff --git a/src/cz/crcs/ectester/data/ecsp521.csv b/src/cz/crcs/ectester/data/ecsp521.csv new file mode 100644 index 0000000..1d36bd7 --- /dev/null +++ b/src/cz/crcs/ectester/data/ecsp521.csv @@ -0,0 +1,7 @@ +01d3df430924956e210a605b4dbf4a2e909d7a801658978c88ffd68dcc817f5cc79cf188d9ee82d1a51c44cbd31e9cc5b816d76d5b1312b005f7b68919e275dac99f, +00401639f36f2ee45fc164ea3e1f14f4803fd7a77ffdfb392c3f8fe95d1aea331467f4618d59aeee49d5d7c70caf320f7dd1ac166114f562413449991d3aa1a2c49e, +004a26a8c47fce204ba953015fa86708c0de720f27523988b097e774168c15f7a215aaf18a5f1b9579ab3db935d45be14c9a87b71170396909b14d06f7a09975b3a6, +01c880ae0a355a52791fc9600fd8b35726e9d799101489161c8f90a9c6631d09b3cb347584837d9deb8566a9c5846aded0d01eb947b4affd34e8ea7dbe733cbedafa, +00050f12672f163f19d5d493eb82ef777b0213dd4e0cf75a9b99724fbdb54b0cc4e037bf86a48bac28467bdd936c314ce13f6ec7ec69ea09ae4f5444df4b2a117a66, +01d3df430924956e210a605b4dbf4a2e909d7a801658978c88ffd68dcc817f5cc7ba0838717c1947f93cfdd3ed87ec2c2df181c7ada553346ec1495732a1e7ffe9b3, +1
\ No newline at end of file diff --git a/src/cz/crcs/ectester/data/ecsp521_pub.csv b/src/cz/crcs/ectester/data/ecsp521_pub.csv new file mode 100644 index 0000000..0e3f320 --- /dev/null +++ b/src/cz/crcs/ectester/data/ecsp521_pub.csv @@ -0,0 +1,2 @@ +002844df0f31f46a40e6c7006cde99155bd5d18d0e4150178a8e307d6aec08fd02d466c03c49b49c2654b7c9a32d88ca014016a7eddd44217be915505d228efb9389, +0105921e2172c3050ba4c9d2e744fc5b7b5e8451751e6780c6de88229497be7d23550beefa0cb7fafebb4dd9fad1244c6733befe5a97710f0dc56dc08d9d9df9d846
\ No newline at end of file diff --git a/src/cz/crcs/ectester/data/secp192k1.csv b/src/cz/crcs/ectester/data/secp192k1.csv new file mode 100644 index 0000000..c408b5e --- /dev/null +++ b/src/cz/crcs/ectester/data/secp192k1.csv @@ -0,0 +1,7 @@ +FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE FFFFEE37, +00000000 00000000 00000000 00000000 00000000 00000000, +00000000 00000000 00000000 00000000 00000000 00000003, +DB4FF10E C057E9AE 26B07D02 80B7F434 1DA5D1B1 EAE06C7D, +9B2F2F6D 9C5628A7 844163D0 15BE8634 4082AA88 D95E2F9D, +FFFFFFFF FFFFFFFF FFFFFFFE 26F2FC17 0F69466A 74DEFD8D, +1
\ No newline at end of file diff --git a/src/cz/crcs/ectester/data/secp192r1.csv b/src/cz/crcs/ectester/data/secp192r1.csv new file mode 100644 index 0000000..29305b0 --- /dev/null +++ b/src/cz/crcs/ectester/data/secp192r1.csv @@ -0,0 +1,7 @@ +FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE FFFFFFFF FFFFFFFF, +FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE FFFFFFFF FFFFFFFC, +64210519 E59C80E7 0FA7E9AB 72243049 FEB8DEEC C146B9B1, +188DA80E B03090F6 7CBF20EB 43A18800 F4FF0AFD 82FF1012, +07192B95 FFC8DA78 631011ED 6B24CDD5 73F977A1 1E794811, +FFFFFFFF FFFFFFFF FFFFFFFF 99DEF836 146BC9B1 B4D22831, +1
\ No newline at end of file diff --git a/src/cz/crcs/ectester/data/secp224r1.csv b/src/cz/crcs/ectester/data/secp224r1.csv new file mode 100644 index 0000000..f8f592e --- /dev/null +++ b/src/cz/crcs/ectester/data/secp224r1.csv @@ -0,0 +1,7 @@ +FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF 00000000 00000000 00000001, +FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE FFFFFFFF FFFFFFFF FFFFFFFE, +B4050A85 0C04B3AB F5413256 5044B0B7 D7BFD8BA 270B3943 2355FFB4, +B70E0CBD 6BB4BF7F 321390B9 4A03C1D3 56C21122 343280D6 115C1D21, +BD376388 B5F723FB 4C22DFE6 CD4375A0 5A074764 44D58199 85007E34, +FFFFFFFF FFFFFFFF FFFFFFFF FFFF16A2 E0B8F03E 13DD2945 5C5C2A3D, +1 diff --git a/src/cz/crcs/ectester/data/secp256k1.csv b/src/cz/crcs/ectester/data/secp256k1.csv new file mode 100644 index 0000000..19eeef7 --- /dev/null +++ b/src/cz/crcs/ectester/data/secp256k1.csv @@ -0,0 +1,7 @@ +FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE FFFFFC2F, +00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000, +00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000007, +79BE667E F9DCBBAC 55A06295 CE870B07 029BFCDB 2DCE28D9 59F2815B 16F81798, +483ADA77 26A3C465 5DA4FBFC 0E1108A8 FD17B448 A6855419 9C47D08F FB10D4B8, +FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE BAAEDCE6 AF48A03B BFD25E8C D0364141, +1 diff --git a/src/cz/crcs/ectester/data/secp256r1.csv b/src/cz/crcs/ectester/data/secp256r1.csv new file mode 100644 index 0000000..060f5aa --- /dev/null +++ b/src/cz/crcs/ectester/data/secp256r1.csv @@ -0,0 +1,7 @@ +FFFFFFFF 00000001 00000000 00000000 00000000 FFFFFFFF FFFFFFFF FFFFFFFF, +FFFFFFFF 00000001 00000000 00000000 00000000 FFFFFFFF FFFFFFFF FFFFFFFC, +5AC635D8 AA3A93E7 B3EBBD55 769886BC 651D06B0 CC53B0F6 3BCE3C3E 27D2604B, +6B17D1F2 E12C4247 F8BCE6E5 63A440F2 77037D81 2DEB33A0 F4A13945 D898C296, +4FE342E2 FE1A7F9B 8EE7EB4A 7C0F9E16 2BCE3357 6B315ECE CBB64068 37BF51F5, +FFFFFFFF 00000000 FFFFFFFF FFFFFFFF BCE6FAAD A7179E84 F3B9CAC2 FC632551, +1 diff --git a/src/cz/crcs/ectester/data/secp384r1.csv b/src/cz/crcs/ectester/data/secp384r1.csv new file mode 100644 index 0000000..08472ae --- /dev/null +++ b/src/cz/crcs/ectester/data/secp384r1.csv @@ -0,0 +1,7 @@ +FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE FFFFFFFF 00000000 00000000 FFFFFFFF, +FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE FFFFFFFF 00000000 00000000 FFFFFFFC, +B3312FA7 E23EE7E4 988E056B E3F82D19 181D9C6E FE814112 0314088F 5013875A C656398D 8A2ED19D 2A85C8ED D3EC2AEF, +AA87CA22 BE8B0537 8EB1C71E F320AD74 6E1D3B62 8BA79B98 59F741E0 82542A38 5502F25D BF55296C 3A545E38 72760AB7, +3617DE4A 96262C6F 5D9E98BF 9292DC29 F8F41DBD 289A147C E9DA3113 B5F0B8C0 0A60B1CE 1D7E819D 7A431D7C 90EA0E5F, +FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF C7634D81 F4372DDF 581A0DB2 48B0A77A ECEC196A CCC52973, +1 diff --git a/src/cz/crcs/ectester/data/secp521r1.csv b/src/cz/crcs/ectester/data/secp521r1.csv new file mode 100644 index 0000000..9e0f5d3 --- /dev/null +++ b/src/cz/crcs/ectester/data/secp521r1.csv @@ -0,0 +1,7 @@ +01FF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF, +01FF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFC, +0051 953EB961 8E1C9A1F 929A21A0 B68540EE A2DA725B 99B315F3 B8B48991 8EF109E1 56193951 EC7E937B 1652C0BD 3BB1BF07 3573DF88 3D2C34F1 EF451FD4 6B503F00, +00C6 858E06B7 0404E9CD 9E3ECB66 2395B442 9C648139 053FB521 F828AF60 6B4D3DBA A14B5E77 EFE75928 FE1DC127 A2FFA8DE 3348B3C1 856A429B F97E7E31 C2E5BD66, +0118 39296A78 9A3BC004 5C8A5FB4 2C7D1BD9 98F54449 579B4468 17AFBD17 273E662C 97EE7299 5EF42640 C550B901 3FAD0761 353C7086 A272C240 88BE9476 9FD16650, +01FF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFA 51868783 BF2F966B 7FCC0148 F709A5D0 3BB5C9B8 899C47AE BB6FB71E 91386409, +1 diff --git a/src/cz/crcs/ectester/data/sect163k1.csv b/src/cz/crcs/ectester/data/sect163k1.csv new file mode 100644 index 0000000..6e5142e --- /dev/null +++ b/src/cz/crcs/ectester/data/sect163k1.csv @@ -0,0 +1,9 @@ +0007, +0006, +0003, +00 00000000 00000000 00000000 00000000 00000001, +00 00000000 00000000 00000000 00000000 00000001, +02 FE13C053 7BBC11AC AA07D793 DE4E6D5E 5C94EEE8, +02 89070FB0 5D38FF58 321F2E80 0536D538 CCDAA3D9, +04 00000000 00000000 00020108 A2E0CC0D 99F8A5EF, +2 diff --git a/src/cz/crcs/ectester/data/sect163r1.csv b/src/cz/crcs/ectester/data/sect163r1.csv new file mode 100644 index 0000000..879f79b --- /dev/null +++ b/src/cz/crcs/ectester/data/sect163r1.csv @@ -0,0 +1,9 @@ +0007, +0006, +0003, +07 B6882CAA EFA84F95 54FF8428 BD88E246 D2782AE2, +07 13612DCD DCB40AAB 946BDA29 CA91F73A F958AFD9, +03 69979697 AB438977 89566789 567F787A 7876A654, +00 435EDB42 EFAFB298 9D51FEFC E3C80988 F41FF883, +03 FFFFFFFF FFFFFFFF FFFF48AA B689C29C A710279B, +2 diff --git a/src/cz/crcs/ectester/data/sect163r2.csv b/src/cz/crcs/ectester/data/sect163r2.csv new file mode 100644 index 0000000..eb7d453 --- /dev/null +++ b/src/cz/crcs/ectester/data/sect163r2.csv @@ -0,0 +1,9 @@ +0007, +0006, +0003, +00 00000000 00000000 00000000 00000000 00000001, +02 0A601907 B8C953CA 1481EB10 512F7874 4A3205FD, +03 F0EBA162 86A2D57E A0991168 D4994637 E8343E36, +00 D51FBC6C 71A0094F A2CDD545 B11C5C0C 797324F1, +04 00000000 00000000 000292FE 77E70C12 A4234C33, +2 diff --git a/src/cz/crcs/ectester/data/sect233k1.csv b/src/cz/crcs/ectester/data/sect233k1.csv new file mode 100644 index 0000000..b85fef0 --- /dev/null +++ b/src/cz/crcs/ectester/data/sect233k1.csv @@ -0,0 +1,7 @@ +004A, +0000 00000000 00000000 00000000 00000000 00000000 00000000 00000000, +0000 00000000 00000000 00000000 00000000 00000000 00000000 00000001, +0172 32BA853A 7E731AF1 29F22FF4 149563A4 19C26BF5 0A4C9D6E EFAD6126, +01DB 537DECE8 19B7F70F 555A67C4 27A8CD9B F18AEB9B 56E0C110 56FAE6A3, +80 00000000 00000000 00000000 00069D5B B915BCD4 6EFB1AD5 F173ABDF, +4 diff --git a/src/cz/crcs/ectester/data/sect233r1.csv b/src/cz/crcs/ectester/data/sect233r1.csv new file mode 100644 index 0000000..d0c6f14 --- /dev/null +++ b/src/cz/crcs/ectester/data/sect233r1.csv @@ -0,0 +1,7 @@ +004A, +0000 00000000 00000000 00000000 00000000 00000000 00000000 00000001, +0066 647EDE6C 332C7F8C 0923BB58 213B333B 20E9CE42 81FE115F 7D8F90AD, +00FA C9DFCBAC 8313BB21 39F1BB75 5FEF65BC 391F8B36 F8F8EB73 71FD558B, +0100 6A08A419 03350678 E58528BE BF8A0BEF F867A7CA 36716F7E 01F81052, +0100 00000000 00000000 00000000 0013E974 E72F8A69 22031D26 03CFE0D7, +2 diff --git a/src/cz/crcs/ectester/data/sect239k1.csv b/src/cz/crcs/ectester/data/sect239k1.csv new file mode 100644 index 0000000..d01bb08 --- /dev/null +++ b/src/cz/crcs/ectester/data/sect239k1.csv @@ -0,0 +1,7 @@ +009E, +0000 00000000 00000000 00000000 00000000 00000000 00000000 00000000, +0000 00000000 00000000 00000000 00000000 00000000 00000000 00000001, +29A0 B6A887A9 83E97309 88A68727 A8B2D126 C44CC2CC 7B2A6555 193035DC, +7631 0804F12E 549BDB01 1C103089 E73510AC B275FC31 2A5DC6B7 6553F0CA, +2000 00000000 00000000 00000000 005A79FE C67CB6E9 1F1C1DA8 00E478A5, +4 diff --git a/src/cz/crcs/ectester/data/sect283k1.csv b/src/cz/crcs/ectester/data/sect283k1.csv new file mode 100644 index 0000000..cc62698 --- /dev/null +++ b/src/cz/crcs/ectester/data/sect283k1.csv @@ -0,0 +1,9 @@ +000C, +0007, +0005, +00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000, +00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000001, +0503213F 78CA4488 3F1A3B81 62F188E5 53CD265F 23C1567A 16876913 B0C2AC24 58492836, +01CCDA38 0F1C9E31 8D90F95D 07E5426F E87E45C0 E8184698 E4596236 4E341161 77DD2259, +01FFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFE9AE 2ED07577 265DFF7F 94451E06 1E163C61, +4 diff --git a/src/cz/crcs/ectester/data/sect283r1.csv b/src/cz/crcs/ectester/data/sect283r1.csv new file mode 100644 index 0000000..27e2ff2 --- /dev/null +++ b/src/cz/crcs/ectester/data/sect283r1.csv @@ -0,0 +1,9 @@ +000C, +0007, +0005, +00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000001, +027B680A C8B8596D A5A4AF8A 19A0303F CA97FD76 45309FA2 A581485A F6263E31 3B79A2F5, +05F93925 8DB7DD90 E1934F8C 70B0DFEC 2EED25B8 557EAC9C 80E2E198 F8CDBECD 86B12053, +03676854 FE24141C B98FE6D4 B20D02B4 516FF702 350EDDB0 826779C8 13F0DF45 BE8112F4, +03FFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFEF90 399660FC 938A9016 5B042A7C EFADB307, +2 diff --git a/src/cz/crcs/ectester/data/sect409k1.csv b/src/cz/crcs/ectester/data/sect409k1.csv new file mode 100644 index 0000000..aeb2e76 --- /dev/null +++ b/src/cz/crcs/ectester/data/sect409k1.csv @@ -0,0 +1,7 @@ +0057, +00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000, +00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000001, +0060F05F 658F49C1 AD3AB189 0F718421 0EFD0987 E307C84C 27ACCFB8 F9F67CC2 C460189E B5AAAA62 EE222EB1 B35540CF E9023746, +01E36905 0B7C4E42 ACBA1DAC BF04299C 3460782F 918EA427 E6325165 E9EA10E3 DA5F6C42 E9C55215 AA9CA27A 5863EC48 D8E0286B, +7FFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFE5F 83B2D4EA 20400EC4 557D5ED3 E3E7CA5B 4B5C83B8 E01E5FCF, +4 diff --git a/src/cz/crcs/ectester/data/sect409r1.csv b/src/cz/crcs/ectester/data/sect409r1.csv new file mode 100644 index 0000000..5ac19dc --- /dev/null +++ b/src/cz/crcs/ectester/data/sect409r1.csv @@ -0,0 +1,7 @@ +0057, +00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000001, +0021A5C2 C8EE9FEB 5C4B9A75 3B7B476B 7FD6422E F1F3DD67 4761FA99 D6AC27C8 A9A197B2 72822F6C D57A55AA 4F50AE31 7B13545F, +015D4860 D088DDB3 496B0C60 64756260 441CDE4A F1771D4D B01FFE5B 34E59703 DC255A86 8A118051 5603AEAB 60794E54 BB7996A7, +0061B1CF AB6BE5F3 2BBFA783 24ED106A 7636B9C5 A7BD198D 0158AA4F 5488D08F 38514F1F DF4B4F40 D2181B36 81C364BA 0273C706, +01000000 00000000 00000000 00000000 00000000 00000000 000001E2 AAD6A612 F33307BE 5FA47C3C 9E052F83 8164CD37 D9A21173, +2 diff --git a/src/cz/crcs/ectester/data/sect571k1.csv b/src/cz/crcs/ectester/data/sect571k1.csv new file mode 100644 index 0000000..7d5fdf4 --- /dev/null +++ b/src/cz/crcs/ectester/data/sect571k1.csv @@ -0,0 +1,9 @@ +000A, +0005, +0002, +00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000, +00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000001, +026EB7A8 59923FBC 82189631 F8103FE4 AC9CA297 0012D5D4 60248048 01841CA4 43709584 93B205E6 47DA304D B4CEB08C BBD1BA39 494776FB 988B4717 4DCA88C7 E2945283 A01C8972, +0349DC80 7F4FBF37 4F4AEADE 3BCA9531 4DD58CEC 9F307A54 FFC61EFC 006D8A2C 9D4979C0 AC44AEA7 4FBEBBB9 F772AEDC B620B01A 7BA7AF1B 320430C8 591984F6 01CD4C14 3EF1C7A3, +02000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 131850E1 F19A63E4 B391A8DB 917F4138 B630D84B E5D63938 1E91DEB4 5CFE778F 637C1001, +4 diff --git a/src/cz/crcs/ectester/data/sect571r1.csv b/src/cz/crcs/ectester/data/sect571r1.csv new file mode 100644 index 0000000..850f0b9 --- /dev/null +++ b/src/cz/crcs/ectester/data/sect571r1.csv @@ -0,0 +1,9 @@ +000A, +0005, +0002, +00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000001, +02F40E7E 2221F295 DE297117 B7F3D62F 5C6A97FF CB8CEFF1 CD6BA8CE 4A9A18AD 84FFABBD 8EFA5933 2BE7AD67 56A66E29 4AFD185A 78FF12AA 520E4DE7 39BACA0C 7FFEFF7F 2955727A, +0303001D 34B85629 6C16C0D4 0D3CD775 0A93D1D2 955FA80A A5F40FC8 DB7B2ABD BDE53950 F4C0D293 CDD711A3 5B67FB14 99AE6003 8614F139 4ABFA3B4 C850D927 E1E7769C 8EEC2D19, +037BF273 42DA639B 6DCCFFFE B73D69D7 8C6C27A6 009CBBCA 1980F853 3921E8A6 84423E43 BAB08A57 6291AF8F 461BB2A8 B3531D2F 0485C19B 16E2F151 6E23DD3C 1A4827AF 1B8AC15B, +03FFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF E661CE18 FF559873 08059B18 6823851E C7DD9CA1 161DE93D 5174D66E 8382E9BB 2FE84E47, +2 diff --git a/src/simpleapdu/CardMngr.java b/src/cz/crcs/ectester/reader/CardMngr.java index e60f695..d7a5c5f 100644 --- a/src/simpleapdu/CardMngr.java +++ b/src/cz/crcs/ectester/reader/CardMngr.java @@ -1,15 +1,16 @@ -package simpleapdu; +package cz.crcs.ectester.reader; import com.licel.jcardsim.io.CAD; import com.licel.jcardsim.io.JavaxSmartCardInterface; import java.util.List; import java.util.Scanner; import javacard.framework.AID; + import javax.smartcardio.*; /** - * - * @author xsvenda + * @author Petr Svenda petr@svenda.com + * @author Jan Jancar johny@neuromancer.sk */ public class CardMngr { private CardTerminal m_terminal = null; @@ -20,6 +21,7 @@ public class CardMngr { private CAD m_cad = null; private JavaxSmartCardInterface m_simulator = null; + private boolean simulate = false; private final byte selectCM[] = { (byte) 0x00, (byte) 0xa4, (byte) 0x04, (byte) 0x00, (byte) 0x07, (byte) 0xa0, (byte) 0x00, (byte) 0x00, @@ -32,12 +34,24 @@ public class CardMngr { public static final byte OFFSET_LC = 0x04; public static final byte OFFSET_DATA = 0x05; public static final byte HEADER_LENGTH = 0x05; - public final static short DATA_RECORD_LENGTH = (short) 0x80; // 128B per record - public final static short NUMBER_OF_RECORDS = (short) 0x0a; // 10 records - public boolean ConnectToCard() throws Exception { + public static final short DATA_RECORD_LENGTH = (short) 0x80; // 128B per record + public static final short NUMBER_OF_RECORDS = (short) 0x0a; // 10 records + + public CardMngr() { + this(false); + } + + public CardMngr(boolean simulate) { + this.simulate = simulate; + } + + public boolean connectToCard() throws CardException { + if (simulate) + return true; + // TRY ALL READERS, FIND FIRST SELECTABLE - List<CardTerminal> terminalList = GetReaderList(); + List<CardTerminal> terminalList = getReaderList(); if (terminalList == null || terminalList.isEmpty()) { System.out.println("No terminals found"); @@ -48,15 +62,14 @@ public class CardMngr { boolean cardFound = false; for (int i = 0; i < terminalList.size(); i++) { System.out.println(i + " : " + terminalList.get(i)); - m_terminal = (CardTerminal) terminalList.get(i); + m_terminal = terminalList.get(i); if (m_terminal.isCardPresent()) { m_card = m_terminal.connect("*"); System.out.println("card: " + m_card); m_channel = m_card.getBasicChannel(); //reset the card - ATR atr = m_card.getATR(); - System.out.println(bytesToHex(m_card.getATR().getBytes())); + System.out.println(Util.bytesToHex(m_card.getATR().getBytes())); cardFound = true; } @@ -65,9 +78,12 @@ public class CardMngr { return cardFound; } - public boolean ConnectToCardSelect() throws CardException { + public boolean connectToCardSelect() throws CardException { + if (simulate) + return true; + // Test available card - if more present, let user to select one - List<CardTerminal> terminalList = CardMngr.GetReaderList(); + List<CardTerminal> terminalList = CardMngr.getReaderList(); if (terminalList == null || terminalList.isEmpty()) { System.out.println("ERROR: No suitable reader with card detected. Please check your reader connection"); return false; @@ -82,10 +98,10 @@ public class CardMngr { try { card = terminal.connect("*"); ATR atr = card.getATR(); - System.out.println(terminalIndex + " : " + terminal.getName() + " - " + CardMngr.bytesToHex(atr.getBytes())); + System.out.println(terminalIndex + " : " + terminal.getName() + " - " + Util.bytesToHex(atr.getBytes())); terminalIndex++; } catch (CardException ex) { - System.out.println(ex); + ex.printStackTrace(System.out); } } System.out.print("Select index of target reader you like to use 1.." + (terminalIndex - 1) + ": "); @@ -107,18 +123,37 @@ public class CardMngr { return true; } - public boolean isConnected() { - return m_card != null; + public boolean reconnectToCard(byte[] selectAPDU) throws CardException { + if (simulate) + return true; + + if (connected()) { + disconnectFromCard(); + } + + boolean result = connectToCard(); + if (result) { + // Select our application on card + send(selectAPDU); + } + return result; + } + + public boolean connected() { + return simulate || m_card != null; } - public void DisconnectFromCard() throws Exception { + public void disconnectFromCard() throws CardException { + if (simulate) + return; + if (m_card != null) { m_card.disconnect(false); m_card = null; } } - public byte[] GetCPLCData() throws Exception { + public byte[] getCPLCData() throws Exception { byte[] data; // TODO: Modify to obtain CPLC data @@ -129,7 +164,7 @@ public class CardMngr { apdu[OFFSET_P2] = (byte) 0x00; apdu[OFFSET_LC] = (byte) 0x00; - ResponseAPDU resp = sendAPDU(apdu); + ResponseAPDU resp = send(apdu); if (resp.getSW() != 0x9000) { // 0x9000 is "OK" System.out.println("Fail to obtain card's response data"); data = null; @@ -144,7 +179,7 @@ public class CardMngr { return data; } - public void ProbeCardCommands() throws Exception { + public void probeCardCommands() throws Exception { // TODO: modify to probe for instruction for (int i = 0; i <= 0; i++) { byte apdu[] = new byte[HEADER_LENGTH]; @@ -154,7 +189,7 @@ public class CardMngr { apdu[OFFSET_P2] = (byte) 0x00; apdu[OFFSET_LC] = (byte) 0x00; - ResponseAPDU resp = sendAPDU(apdu); + ResponseAPDU resp = send(apdu); System.out.println("Response: " + Integer.toHexString(resp.getSW())); @@ -164,32 +199,30 @@ public class CardMngr { } } - public static List<CardTerminal> GetReaderList() { + public static List<CardTerminal> getReaderList() { try { TerminalFactory factory = TerminalFactory.getDefault(); return factory.terminals().list(); - } catch (Exception ex) { + } catch (CardException ex) { System.out.println("Exception : " + ex); return null; } } - public ResponseAPDU sendAPDU(byte apdu[]) throws Exception { - CommandAPDU commandAPDU = new CommandAPDU(apdu); - + public ResponseAPDU sendAPDU(CommandAPDU apdu) throws CardException { System.out.println(">>>>"); - System.out.println(commandAPDU); + System.out.println(apdu); + + System.out.println(Util.bytesToHex(apdu.getBytes())); - System.out.println(bytesToHex(commandAPDU.getBytes())); - long elapsed = -System.nanoTime(); - ResponseAPDU responseAPDU = m_channel.transmit(commandAPDU); - + ResponseAPDU responseAPDU = m_channel.transmit(apdu); + elapsed += System.nanoTime(); System.out.println(responseAPDU); - System.out.println(bytesToHex(responseAPDU.getBytes())); + System.out.println(Util.bytesToHex(responseAPDU.getBytes())); if (responseAPDU.getSW1() == (byte) 0x61) { CommandAPDU apduToSend = new CommandAPDU((byte) 0x00, @@ -197,41 +230,17 @@ public class CardMngr { responseAPDU.getSW1()); responseAPDU = m_channel.transmit(apduToSend); - System.out.println(bytesToHex(responseAPDU.getBytes())); + System.out.println(Util.bytesToHex(responseAPDU.getBytes())); } System.out.println("<<<<"); System.out.println("Elapsed time (ms): " + elapsed / 1000000); - return (responseAPDU); + return responseAPDU; } - public static String byteToHex(byte data) { - StringBuilder buf = new StringBuilder(); - buf.append(toHexChar((data >>> 4) & 0x0F)); - buf.append(toHexChar(data & 0x0F)); - return buf.toString(); - } - - - public static char toHexChar(int i) { - if ((0 <= i) && (i <= 9)) { - return (char) ('0' + i); - } else { - return (char) ('a' + (i - 10)); - } - } - - public static String bytesToHex(byte[] data) { - return bytesToHex(data, 0, data.length, true); - } - - public static String bytesToHex(byte[] data, int offset, int len, boolean bAddSpace) { - StringBuilder buf = new StringBuilder(); - for (int i = offset; i < (offset + len); i++) { - buf.append(byteToHex(data[i])); - if (bAddSpace) { buf.append(" "); } - } - return (buf.toString()); + public ResponseAPDU sendAPDU(byte apdu[]) throws CardException { + CommandAPDU commandAPDU = new CommandAPDU(apdu); + return sendAPDU(commandAPDU); } public boolean prepareLocalSimulatorApplet(byte[] appletAIDArray, byte[] installData, Class appletClass) { @@ -243,18 +252,38 @@ public class CardMngr { AID appletAIDRes = m_simulator.installApplet(appletAID, appletClass, installData, (short) 0, (byte) installData.length); return m_simulator.selectApplet(appletAID); } - - public byte[] sendAPDUSimulator(byte apdu[]) throws Exception { + + public ResponseAPDU sendAPDUSimulator(CommandAPDU apdu) { System.out.println(">>>>"); - System.out.println(bytesToHex(apdu)); + System.out.println(Util.bytesToHex(apdu.getBytes())); - byte[] responseBytes = m_simulator.transmitCommand(apdu); + ResponseAPDU response = m_simulator.transmitCommand(apdu); + byte[] responseBytes = response.getBytes(); - System.out.println(bytesToHex(responseBytes)); + System.out.println(Util.bytesToHex(responseBytes)); System.out.println("<<<<"); - return responseBytes; + return response; } - - + + public ResponseAPDU sendAPDUSimulator(byte[] apdu) { + CommandAPDU commandAPDU = new CommandAPDU(apdu); + return sendAPDUSimulator(commandAPDU); + } + + public ResponseAPDU send(CommandAPDU apdu) throws CardException { + ResponseAPDU response; + if (simulate) { + response = sendAPDUSimulator(apdu); + } else { + response = sendAPDU(apdu); + } + return response; + } + + public ResponseAPDU send(byte[] apdu) throws CardException { + CommandAPDU commandAPDU = new CommandAPDU(apdu); + return send(commandAPDU); + } + } diff --git a/src/cz/crcs/ectester/reader/DirtyLogger.java b/src/cz/crcs/ectester/reader/DirtyLogger.java new file mode 100644 index 0000000..f69557d --- /dev/null +++ b/src/cz/crcs/ectester/reader/DirtyLogger.java @@ -0,0 +1,55 @@ +package cz.crcs.ectester.reader; + +import java.io.FileWriter; +import java.io.IOException; + +/** + * @author Petr Svenda petr@svenda.com + * @author Jan Jancar johny@neuromancer.sk + */ +public class DirtyLogger { + FileWriter log; + boolean systemOut; + + public DirtyLogger(String filePath) throws IOException { + this(filePath, true); + } + + public DirtyLogger(String filePath, boolean systemOut) throws IOException { + if (filePath != null) + this.log = new FileWriter(filePath); + this.systemOut = systemOut; + } + + public void println() { + print("\n"); + } + + public void println(String logLine) { + logLine += "\n"; + print(logLine); + } + + public void print(String logLine) { + if (systemOut) { + System.out.print(logLine); + } + if (log != null) { + try { + log.write(logLine); + } catch (IOException ignored) { + } + } + } + + void flush() { + try { + if (log != null) log.flush(); + } catch (IOException ignored) { + } + } + + void close() throws IOException { + if (log != null) log.close(); + } +} diff --git a/src/cz/crcs/ectester/reader/ECTester.java b/src/cz/crcs/ectester/reader/ECTester.java new file mode 100644 index 0000000..8c00ea9 --- /dev/null +++ b/src/cz/crcs/ectester/reader/ECTester.java @@ -0,0 +1,489 @@ +package cz.crcs.ectester.reader; + +import cz.crcs.ectester.applet.ECTesterApplet; +import cz.crcs.ectester.applet.EC_Consts; +import javacard.security.KeyPair; +import org.apache.commons.cli.*; + +import javax.smartcardio.CardException; +import javax.smartcardio.CommandAPDU; +import javax.smartcardio.ResponseAPDU; +import java.io.FileNotFoundException; +import java.io.FileOutputStream; +import java.io.FileWriter; +import java.io.IOException; + +/** + * @author Petr Svenda petr@svenda.com + * @author Jan Jancar johny@neuromancer.sk + */ +public class ECTester { + + private CardMngr cardManager = null; + private DirtyLogger systemOutLogger = null; + private FileOutputStream outputFile = null; + + //Options + private int optBits; + private boolean optAll; + private boolean optPrimeField = false; + private boolean optBinaryField = false; + private boolean optNamed = false; + private String optCurve = null; + private String optPublic = null; + private String optPrivate = null; + private String optKey = null; + private String optLog = null; + private String optOutput = null; + private boolean optSimulate = false; + + private int optGenerateAmount; + private String optECDSASign; + + private Options opts = new Options(); + private static final String CLI_HEADER = ""; + private static final String CLI_FOOTER = ""; + + + private static final byte[] SELECT_ECTESTERAPPLET = {(byte) 0x00, (byte) 0xa4, (byte) 0x04, (byte) 0x00, (byte) 0x0a, + (byte) 0x45, (byte) 0x43, (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x65, (byte) 0x72, (byte) 0x30, (byte) 0x31}; + private static final byte[] AID = {(byte) 0x4C, (byte) 0x61, (byte) 0x62, (byte) 0x61, (byte) 0x6B, (byte) 0x41, (byte) 0x70, (byte) 0x70, (byte) 0x6C, (byte) 0x65, (byte) 0x74}; + private static final byte[] INSTALL_DATA = new byte[10]; + + /* + private static final byte[] ALLOCATE = { + (byte) 0xB0, + (byte) 0x5a, //INS ALLOCATE + (byte) 0x00, //P1 *byte keypair + (byte) 0x00, //P2 + (byte) 0x03, //LC + (byte) 0x00, //DATA *short keyLength + (byte) 0x00, + (byte) 0x00 // *byte keyClass + }; + + private static final byte[] SET = { + (byte) 0xB0, + (byte) 0x5B, //INS SET + (byte) 0x00, //P1 *byte keypair + (byte) 0x00, //P2 *byte export + (byte) 0x06, //LC + (byte) 0x00, //DATA *byte curve + (byte) 0x00, // *short params + (byte) 0x00, // + (byte) 0x00, // *short corruptedParams + (byte) 0x00, // + (byte) 0x00 // *byte corruptionType + // [short paramLength, byte[] param] for all params in params + }; + + private static final byte[] GENERATE = { + (byte) 0xB0, + (byte) 0x5C, //INS GENERATE + (byte) 0x00, //P1 *byte keypair + (byte) 0x00, //P2 *byte export + (byte) 0x00 //LC + }; + + private static final byte[] ECDH = { + (byte) 0xB0, + (byte) 0x5D, //INS ECDH + (byte) 0x00, //P1 *byte keypair + (byte) 0x00, //P2 *byte export + (byte) 0x01, //LC + (byte) 0x00 //DATA *byte valid + }; + + private static final byte[] ECDSA = { + (byte) 0xB0, + (byte) 0x5E, //INS ECDSA + (byte) 0x00, //P1 *byte keypair + (byte) 0x00, //P2 *byte export + (byte) 0x00, //LC + //DATA [*short dataLength, byte[] data] + }; + */ + + private void run(String[] args) { + try { + CommandLine cli = parseArgs(args); + + //if help, print and quit + if (cli.hasOption("help")) { + help(); + return; + } + //if not, read other options first, into attributes, then do action + if (!readOptions(cli)) { + return; + } + cardManager = new CardMngr(optSimulate); + + if (optSimulate) { + if (!cardManager.prepareLocalSimulatorApplet(AID, INSTALL_DATA, ECTesterApplet.class)) { + System.err.println("Failed to establish a simulator."); + return; + } + } else { + if (!cardManager.connectToCardSelect()) { + System.err.println("Failed to connect to card."); + return; + } + cardManager.send(SELECT_ECTESTERAPPLET); + } + + systemOutLogger = new DirtyLogger(optLog, true); + + //do action + if (cli.hasOption("generate")) { + generate(); + } else if (cli.hasOption("test")) { + test(); + } else if (cli.hasOption("ecdh")) { + ecdh(); + } else if (cli.hasOption("ecdsa")) { + ecdsa(); + } + + cardManager.disconnectFromCard(); + systemOutLogger.close(); + + } catch (MissingOptionException moex) { + System.err.println("Missing required options, one of:"); + for (Object opt : moex.getMissingOptions().toArray()) { + if (opt instanceof OptionGroup) { + for (Option o : ((OptionGroup) opt).getOptions()) { + System.err.println(o); + } + } else if (opt instanceof String) { + System.err.println(opt); + } + } + } catch (MissingArgumentException maex) { + System.err.println("Option, " + maex.getOption().getOpt() + " requires an argument: " + maex.getOption().getArgName()); + } catch (AlreadySelectedException asex) { + System.err.println(asex.getMessage()); + } catch (ParseException | CardException pex) { + pex.printStackTrace(); + } catch (NumberFormatException nfex) { + System.err.println("Not a number. " + nfex.getMessage()); + nfex.printStackTrace(System.err); + } catch (FileNotFoundException fnfe) { + System.err.println("File " + fnfe.getMessage() + " not found."); + } catch (IOException e) { + e.printStackTrace(); + } + } + + private CommandLine parseArgs(String[] args) throws ParseException { + /* + * Actions: + * -h / --help + * -g / --generate [amount] + * -t / --test + * -dh / --ecdh + * -dsa / --ecdsa [data_file] + * + * Options: + * -b / --bit-size [b] / -a / --all + * -fp / --prime-field + * -f2m / --binary-field + * -n / --named + * -c / --curve [curve_file] field,a,b,gx,gy,r,k + * --public [pubkey_file] wx,wy + * --private [privkey_file] s + * -k / --key [key_file] wx,wy,s + * -o / --output [output_file] + * -s / --simulate + */ + OptionGroup actions = new OptionGroup(); + actions.setRequired(true); + actions.addOption(Option.builder("h").longOpt("help").desc("Print help.").build()); + actions.addOption(Option.builder("g").longOpt("generate").desc("Generate [amount] of EC keys.").hasArg().argName("amount").optionalArg(true).build()); + actions.addOption(Option.builder("t").longOpt("test").desc("Test ECC support.").build()); + actions.addOption(Option.builder("dh").longOpt("ecdh").desc("Do ECDH.").build()); + actions.addOption(Option.builder("dsa").longOpt("ecdsa").desc("Sign data with ECDSA.").hasArg().argName("data_file").optionalArg(true).build()); + opts.addOptionGroup(actions); + + OptionGroup size = new OptionGroup(); + size.addOption(Option.builder("b").longOpt("bit-size").desc("Set curve size.").hasArg().argName("b").build()); + size.addOption(Option.builder("a").longOpt("all").desc("Test all curve sizes.").build()); + opts.addOptionGroup(size); + + opts.addOption(Option.builder("fp").longOpt("prime-field").desc("Use prime field curve.").build()); + opts.addOption(Option.builder("f2m").longOpt("binary-field").desc("Use binary field curve.").build()); + opts.addOption(Option.builder("n").longOpt("named").desc("Use a named curve.").build()); + opts.addOption(Option.builder("c").longOpt("curve").desc("Use curve from file [curve_file] (field,a,b,gx,gy,r,k).").hasArg().argName("curve_file").build()); + opts.addOption(Option.builder("pub").longOpt("public").desc("Use public key from file [pubkey_file] (wx,wy).").hasArg().argName("pubkey_file").build()); + opts.addOption(Option.builder("priv").longOpt("private").desc("Use private key from file [privkey_file] (s).").hasArg().argName("privkey_file").build()); + opts.addOption(Option.builder("k").longOpt("key").desc("Use keypair from fileĀ [key_file] (wx,wy,s).").hasArg().argName("key_file").build()); + opts.addOption(Option.builder("o").longOpt("output").desc("Output into file [output_file].").hasArg().argName("output_file").build()); + opts.addOption(Option.builder("l").longOpt("log").desc("Log output into file [log_file].").hasArg().argName("log_file").optionalArg(true).build()); + opts.addOption(Option.builder("s").longOpt("simulate").desc("Simulate a card with jcardsim instead of using a terminal.").build()); + + CommandLineParser parser = new DefaultParser(); + return parser.parse(opts, args); + } + + /** + * Reads and validates options. + * + * @param cli cli object, with parsed args + * @return whether the options are valid. + */ + private boolean readOptions(CommandLine cli) { + optBits = Integer.parseInt(cli.getOptionValue("bit-size", "0")); + optAll = cli.hasOption("all"); + optPrimeField = cli.hasOption("fp"); + optBinaryField = cli.hasOption("f2m"); + optNamed = cli.hasOption("named"); + optCurve = cli.getOptionValue("curve"); + optPublic = cli.getOptionValue("public"); + optPrivate = cli.getOptionValue("private"); + optKey = cli.getOptionValue("key"); + if (cli.hasOption("log")) { + optLog = cli.getOptionValue("log", String.format("ECTESTER_log_%d.log", System.currentTimeMillis() / 1000)); + } + optOutput = cli.getOptionValue("output"); + optSimulate = cli.hasOption("simulate"); + + if (optKey != null && (optPublic != null || optPrivate != null)) { + System.err.print("Can only specify the whole key with --key or pubkey and privkey with --public and --private."); + return false; + } + if (optBits < 0) { + System.err.println("Bit-size must not be negative."); + return false; + } + if (optNamed && optCurve != null) { + System.err.println("Can only specify a named curve with --named or an external curve with --curve. (not both)"); + return false; + } + if (optBits == 0 || optAll) { + System.err.println("You have to specify curve bit-size."); + return false; + } + + if (cli.hasOption("generate")) { + if (optPrimeField == optBinaryField) { + System.err.print("Need to specify field with -fp or -f2m. (not both)"); + return false; + } + if (optKey != null || optPublic != null || optPrivate != null) { + System.err.println("Keys should not be specified when generating keys."); + return false; + } + + if (optOutput == null) { + System.err.println("You have to specify an output file for the key generation process."); + return false; + } + + optGenerateAmount = Integer.parseInt(cli.getOptionValue("generate", "0")); + if (optGenerateAmount < 0) { + System.err.println("Amount of keys generated cant be negative."); + return false; + } + } else if (cli.hasOption("test")) { + if (!optBinaryField && !optPrimeField) { + optBinaryField = true; + optPrimeField = true; + } + + } else if (cli.hasOption("ecdh")) { + } else if (cli.hasOption("ecdsa")) { + optECDSASign = cli.getOptionValue("ecdsa"); + } + + return true; + } + + /** + * Prints help. + */ + private void help() { + HelpFormatter help = new HelpFormatter(); + help.printHelp("ECTester.jar", CLI_HEADER, opts, CLI_FOOTER); + } + + /** + * Generates EC keypairs and outputs them to log. + */ + private void generate() throws CardException, IOException { + ///// + short keyLength = (short) optBits; + byte keyClass = optPrimeField ? KeyPair.ALG_EC_FP : KeyPair.ALG_EC_F2M; + short params = optPrimeField ? EC_Consts.PARAMETERS_DOMAIN_FP : EC_Consts.PARAMETERS_DOMAIN_F2M; + + cmdAllocate(ECTesterApplet.KEYPAIR_LOCAL, keyLength, keyClass); + + if (optNamed) { + cmdSet(ECTesterApplet.KEYPAIR_LOCAL, (byte) 0, EC_Consts.getCurve(keyLength, keyClass), params, EC_Consts.PARAMETERS_NONE, EC_Consts.CORRUPTION_NONE, null); + } else if (optCurve != null) { + byte[] external = ParamReader.flatten(params, ParamReader.readFile(optCurve)); + cmdSet(ECTesterApplet.KEYPAIR_LOCAL, (byte) 0, EC_Consts.CURVE_external, params, EC_Consts.PARAMETERS_NONE, EC_Consts.CORRUPTION_NONE, external); + } + ///// + + FileWriter keysFile = new FileWriter(optOutput); + keysFile.write("index;time;pubW;privS\n"); + + int generated = 0; + int retry = 0; + while (generated < optGenerateAmount || optGenerateAmount == 0) { + long elapsed = -System.nanoTime(); + ResponseAPDU response = cmdGenerate(ECTesterApplet.KEYPAIR_LOCAL, (byte) (ECTesterApplet.EXPORT_BOTH | ECTesterApplet.KEYPAIR_LOCAL)); + elapsed += System.nanoTime(); + + byte[] bytes = response.getData(); + if (bytes.length <= 2) { + //error, retry 10 times + if (retry < 10) { + retry++; + } else { + System.err.println("Keys could not be generated."); + break; + } + } else { + short publicLength = Util.getShort(bytes, 2); + String pubkey = Util.bytesToHex(bytes, 4, publicLength, false); + short privateLength = Util.getShort(bytes, 4 + publicLength); + String privkey = Util.bytesToHex(bytes, 6 + publicLength, privateLength, false); + + keysFile.write(String.format("%d;%d;%s;%s\n", generated, elapsed / 1000000, pubkey, privkey)); + keysFile.flush(); + generated++; + } + } + keysFile.close(); + } + + /** + * + */ + private void test() { + //TODO + // allocate + // set custom + // generate + // ecdh local, local, valid + // ecdh local, local, invalid + // ecdsa local, local, 00? + + } + + /** + * + */ + private void ecdh() { + //TODO + //allocate local + remote + //set curve if specified + // + } + + /** + */ + private void ecdsa() { + //TODO + } + + /** + * Sends the INS_ALLOCATE instruction to the card/simulation. + * + * @param keypair + * @param keyLength + * @param keyClass + * @return card response + * @throws CardException + */ + private ResponseAPDU cmdAllocate(byte keypair, short keyLength, byte keyClass) throws CardException { + byte[] data = new byte[]{0, 0, keyClass}; + Util.setShort(data, 0, keyLength); + + CommandAPDU allocate = new CommandAPDU(ECTesterApplet.CLA_ECTESTERAPPLET, ECTesterApplet.INS_ALLOCATE, keypair, 0x00, data); + return cardManager.send(allocate); + } + + /** + * Sends the INS_SET instruction to the card/simulation. + * + * @param keypair + * @param export + * @param curve + * @param params + * @param corrupted + * @param corruption + * @param external + * @return card response + * @throws CardException + */ + private ResponseAPDU cmdSet(byte keypair, byte export, byte curve, short params, short corrupted, byte corruption, byte[] external) throws CardException { + int len = external != null ? 6 + 2 + external.length : 6; + byte[] data = new byte[len]; + data[0] = curve; + Util.setShort(data, 1, params); + Util.setShort(data, 3, corrupted); + data[5] = corruption; + if (external != null) { + System.arraycopy(external, 0, data, 6, external.length); + } + + CommandAPDU set = new CommandAPDU(ECTesterApplet.CLA_ECTESTERAPPLET, ECTesterApplet.INS_SET, keypair, export, data); + return cardManager.send(set); + } + + /** + * Sends the INS_GENERATE instruction to the card/simulation. + * + * @param keypair + * @param export + * @return card response + */ + private ResponseAPDU cmdGenerate(byte keypair, byte export) throws CardException { + CommandAPDU generate = new CommandAPDU(ECTesterApplet.CLA_ECTESTERAPPLET, ECTesterApplet.INS_GENERATE, keypair, export); + return cardManager.send(generate); + } + + /** + * Sends the INS_ECDH instruction to the card/simulation. + * + * @param keypair + * @param export + * @param valid + * @return card response + * @throws CardException + */ + private ResponseAPDU cmdECDH(byte keypair, byte export, byte valid) throws CardException { + byte[] data = new byte[1]; + data[0] = valid; + + CommandAPDU ecdh = new CommandAPDU(ECTesterApplet.CLA_ECTESTERAPPLET, ECTesterApplet.INS_ECDH, keypair, export, data); + return cardManager.send(ecdh); + } + + /** + * Sends the INS_ECDSA instruction to the card/simulation. + * + * @param keypair + * @param export + * @param raw + * @return card response + */ + private ResponseAPDU cmdECDSA(byte keypair, byte export, byte[] raw) throws CardException { + int len = raw != null ? raw.length : 0; + byte[] data = new byte[2 + len]; + Util.setShort(data, 0, (short) len); + if (raw != null) { + System.arraycopy(raw, 0, data, 2, len); + } + + CommandAPDU ecdsa = new CommandAPDU(ECTesterApplet.CLA_ECTESTERAPPLET, ECTesterApplet.INS_ECDSA, keypair, export, data); + return cardManager.send(ecdsa); + } + + public static void main(String[] args) { + ECTester app = new ECTester(); + app.run(args); + } +} diff --git a/src/simpleapdu/ISO7816_status_words.txt b/src/cz/crcs/ectester/reader/ISO7816_status_words.txt index bf5af2b..bf5af2b 100644 --- a/src/simpleapdu/ISO7816_status_words.txt +++ b/src/cz/crcs/ectester/reader/ISO7816_status_words.txt diff --git a/src/cz/crcs/ectester/reader/ParamReader.java b/src/cz/crcs/ectester/reader/ParamReader.java new file mode 100644 index 0000000..5232326 --- /dev/null +++ b/src/cz/crcs/ectester/reader/ParamReader.java @@ -0,0 +1,134 @@ +package cz.crcs.ectester.reader; + +import cz.crcs.ectester.applet.EC_Consts; + +import java.io.*; +import java.util.LinkedList; +import java.util.List; +import java.util.Scanner; +import java.util.regex.Pattern; + +/** + * @author Jan Jancar johny@neuromancer.sk + */ +public class ParamReader { + private static final Pattern hex = Pattern.compile("[a-fA-F\\d]+"); + + /** + * Flattens params read from String[] data into a byte[] with their lengths prepended as short entries. + * @param params (EC_Consts.PARAMETER_* | ...) + * @param data data read by readString, readFile, readResource + * @return byte[] with params flattened + */ + public static byte[] flatten(short params, String[] data) { + if (!validate(data)) { + return null; + } + + ByteArrayOutputStream out = new ByteArrayOutputStream(); + short paramMask = EC_Consts.PARAMETER_FP; + int i = 0; + while (paramMask <= EC_Consts.PARAMETER_S) { + short masked = (short) (params & paramMask); + if (masked != 0) { + byte[] param = parse(data[i]); + if (masked == EC_Consts.PARAMETER_F2M && data.length == 9) { + //read and pad and append e_2, e_3 + param = Util.concatenate(param, parse(data[i + 1]), parse(data[i + 2])); + i += 2; + if (param.length != 6) + return null; + } + if (masked == EC_Consts.PARAMETER_G || masked == EC_Consts.PARAMETER_W) { + //read another param (the y coord) and put into X962 format. + byte[] y = parse(data[i + 1]); + param = Util.concatenate(new byte[]{4}, param, y); + i++; + } + if (param.length == 0) + return null; + + //write length + byte[] length = new byte[2]; + Util.setShort(length, 0, (short) param.length); + out.write(length, 0, 2); + //write data + out.write(param, 0, param.length); + i++; + } + paramMask = (short) (paramMask << 1); + } + + return (out.size() == 0) ? null : out.toByteArray(); + } + + /** + * Reads hex params from a CSV String data. + * @param data String containing CSV data(hex) + * @return String array containing the CSV entries + */ + public static String[] readString(String data) { + return read(new ByteArrayInputStream(data.getBytes())); + } + + /** + * Reads hex params from a CSV Resource (inside jar). + * @param resourcePath path to the resourse + * @return String array containing the CSV entries + */ + public static String[] readResource(String resourcePath) { + return read(ParamReader.class.getResourceAsStream(resourcePath)); + } + + /** + * Reads hex params from a CSV file. + * @param filePath path to the file + * @return String array containing the CSV entries + * @throws FileNotFoundException if the file cannot be opened + */ + public static String[] readFile(String filePath) throws FileNotFoundException { + return read(new FileInputStream(filePath)); + } + + private static String[] read(InputStream in) { + Scanner s = new Scanner(in); + + s.useDelimiter(",|;"); + List<String> data = new LinkedList<String>(); + while (s.hasNext()) { + String field = s.next(); + data.add(field.replaceAll("\\s+", "")); + } + return data.toArray(new String[data.size()]); + } + + private static boolean validate(String[] data) { + if (data == null || data.length == 0) { + return false; + } + for (String param : data) { + if (!hex.matcher(param).matches()) { + return false; + } + } + return true; + } + + private static byte[] parse(String hex) { + byte[] data = Util.hexToBytes(hex); + if (data == null) + return new byte[0]; + if (data.length < 2) + return pad(data); + return data; + } + + private static byte[] pad(byte[] data) { + if (data.length == 1) { + return new byte[]{(byte) 0, data[0]}; + } else if (data.length == 0 || data.length > 2) { + return data; + } + return null; + } +} diff --git a/src/simpleapdu/SimpleAPDU.java b/src/cz/crcs/ectester/reader/SimpleAPDU.java index 5e51221..f120608 100644 --- a/src/simpleapdu/SimpleAPDU.java +++ b/src/cz/crcs/ectester/reader/SimpleAPDU.java @@ -1,7 +1,6 @@ -package simpleapdu; +package cz.crcs.ectester.reader; -import applets.EC_Consts; -import applets.SimpleECCApplet; +import cz.crcs.ectester.applet.EC_Consts; import javacard.framework.ISO7816; import javacard.security.CryptoException; import javacard.security.KeyPair; @@ -112,7 +111,7 @@ public class SimpleAPDU { } //disconnect - cardManager.DisconnectFromCard(); + cardManager.disconnectFromCard(); } catch (Exception ex) { if (systemOutLogger != null) { systemOutLogger.println("Exception : " + ex); @@ -156,11 +155,11 @@ public class SimpleAPDU { } private boolean ReconnnectToCard() throws Exception { - if (cardManager.isConnected()) { - cardManager.DisconnectFromCard(); + if (cardManager.connected()) { + cardManager.disconnectFromCard(); } - boolean result = cardManager.ConnectToCard(); + boolean result = cardManager.connectToCard(); if (result) { // Select our application on card cardManager.sendAPDU(SELECT_ECTESTERAPPLET); @@ -219,7 +218,7 @@ public class SimpleAPDU { } private void generateECKeys(int amount, byte keyClass, short keyLength, boolean anomalous) throws Exception { - if (cardManager.ConnectToCardSelect()) { + if (cardManager.connectToCardSelect()) { cardManager.sendAPDU(SELECT_ECTESTERAPPLET); String keyFileName = String.format("ECKEYS_%s_%d.log", keyClass == KeyPair.ALG_EC_FP ? "fp" : "f2m", System.currentTimeMillis()); @@ -262,14 +261,14 @@ public class SimpleAPDU { offset++; short len = getShort(data, offset); offset += 2; - pubKeyW = CardMngr.bytesToHex(data, offset, len, false); + pubKeyW = Util.bytesToHex(data, offset, len, false); offset += len; } if (data[offset] == EC_Consts.TAG_ECPRIVKEY) { offset++; short len = getShort(data, offset); offset += 2; - privKeyS = CardMngr.bytesToHex(data, offset, len, false); + privKeyS = Util.bytesToHex(data, offset, len, false); offset += len; } diff --git a/src/cz/crcs/ectester/reader/Util.java b/src/cz/crcs/ectester/reader/Util.java new file mode 100644 index 0000000..7af6e9c --- /dev/null +++ b/src/cz/crcs/ectester/reader/Util.java @@ -0,0 +1,82 @@ +package cz.crcs.ectester.reader; + +/** + * @author Petr Svenda petr@svenda.com + * @author Jan Jancar johny@neuromancer.sk + */ +public class Util { + + public static short getShort(byte[] array, int offset) { + return (short) (((array[offset] & 0xFF) << 8) | (array[offset + 1] & 0xFF)); + } + + public static void setShort(byte[] array, int offset, short value) { + array[offset + 1] = (byte) (value & 0xFF); + array[offset] = (byte) ((value >> 8) & 0xFF); + } + + public static byte[] hexToBytes(String hex) { + return hexToBytes(hex, true); + } + + public static byte[] hexToBytes(String hex, boolean bigEndian) { + StringBuilder sb = new StringBuilder(hex.replace(" ", "")); + if (!bigEndian) { + sb.reverse(); + } + int len = sb.length(); + if (len % 2 == 1) { + sb.insert(0, "0"); + ++len; + } + + String data = sb.toString(); + byte[] result = new byte[len / 2]; + for (int i = 0; i < len; i += 2) { + result[i / 2] = (byte) ((Character.digit(data.charAt(i), 16) << 4) + + (Character.digit(data.charAt(i + 1), 16))); + } + return result; + } + + public static String byteToHex(byte data) { + return String.format("%02x", data); + } + + public static String bytesToHex(byte[] data) { + return bytesToHex(data, 0, data.length, true); + } + + public static String bytesToHex(byte[] data, int offset, int len) { + return bytesToHex(data, offset, len, true); + } + + public static String bytesToHex(byte[] data, int offset, int len, boolean bAddSpace) { + StringBuilder buf = new StringBuilder(); + for (int i = offset; i < (offset + len); i++) { + buf.append(byteToHex(data[i])); + if (bAddSpace && i != (offset + len - 1)) { + buf.append(" "); + } + } + return (buf.toString()); + } + + public static byte[] concatenate(byte[]... arrays) { + int len = 0; + for (byte[] array : arrays) { + if (array == null) + continue; + len += array.length; + } + byte[] out = new byte[len]; + int offset = 0; + for (byte[] array : arrays) { + if (array == null) + continue; + System.arraycopy(array, 0, out, offset, array.length); + offset += array.length; + } + return out; + } +} diff --git a/src/simpleapdu/DirtyLogger.java b/src/simpleapdu/DirtyLogger.java deleted file mode 100644 index c06571b..0000000 --- a/src/simpleapdu/DirtyLogger.java +++ /dev/null @@ -1,48 +0,0 @@ -package simpleapdu; - -import java.io.FileOutputStream; -import java.io.IOException; - -/** - * - * @author xsvenda - */ -public class DirtyLogger { - FileOutputStream m_logFile; - boolean m_bOutputSystemOut = true; - - public DirtyLogger(FileOutputStream logFile, boolean bOutputSystemOut) { - m_logFile = logFile; - m_bOutputSystemOut = bOutputSystemOut; - } - public void println() { - String logLine = "\n"; - print(logLine); - } - public void println(String logLine) { - logLine += "\n"; - print(logLine); - } - public void print(String logLine) { - if (m_bOutputSystemOut) { - System.out.print(logLine); - } - if (m_logFile != null) { - try { - m_logFile.write(logLine.getBytes()); - } catch (IOException ex) { - } - } - } - - void flush() { - try { - m_logFile.flush(); - } catch (IOException ex) { - } - } - - void close() throws IOException { - m_logFile.close(); - } -} |