diff options
| -rw-r--r-- | !uploader/simpleECC.cap | bin | 9854 -> 14367 bytes | |||
| -rw-r--r-- | dist/SimpleAPDU.jar | bin | 52783 -> 3071803 bytes | |||
| -rw-r--r-- | src/applets/ECKeyTester.java | 14 | ||||
| -rw-r--r-- | src/applets/SimpleECCApplet.java | 61 | ||||
| -rw-r--r-- | src/simpleapdu/SimpleAPDU.java | 52 |
5 files changed, 79 insertions, 48 deletions
diff --git a/!uploader/simpleECC.cap b/!uploader/simpleECC.cap Binary files differindex 9d36664..7d019f4 100644 --- a/!uploader/simpleECC.cap +++ b/!uploader/simpleECC.cap diff --git a/dist/SimpleAPDU.jar b/dist/SimpleAPDU.jar Binary files differindex 3a13dc6..88b4ab9 100644 --- a/dist/SimpleAPDU.jar +++ b/dist/SimpleAPDU.jar diff --git a/src/applets/ECKeyTester.java b/src/applets/ECKeyTester.java index d6ff6c1..acfb64e 100644 --- a/src/applets/ECKeyTester.java +++ b/src/applets/ECKeyTester.java @@ -143,16 +143,12 @@ public class ECKeyTester { short result = ISO7816.SW_NO_ERROR; try { ecdsaSignature.init(signKey, Signature.MODE_SIGN); - short sigLength = ecdsaSignature.sign(inputBuffer, inputOffset, inputLength, sigBuffer, sigOffset); - if (sigLength != 20) { // per javacard.security.Signature an ALG_ECDSA_SHA should be 20 bytes. - result = SimpleECCApplet.SW_SIG_LENGTH_MISMATCH; - } else { - ecdsaSignature.init(verifyKey, Signature.MODE_VERIFY); - boolean correct = ecdsaSignature.verify(inputBuffer, inputOffset, inputLength, sigBuffer, sigOffset, sigLength); - if (!correct) { - result = SimpleECCApplet.SW_SIG_VERIFY_FAIL; - } + + ecdsaSignature.init(verifyKey, Signature.MODE_VERIFY); + boolean correct = ecdsaSignature.verify(inputBuffer, inputOffset, inputLength, sigBuffer, sigOffset, sigLength); + if (!correct) { + result = SimpleECCApplet.SW_SIG_VERIFY_FAIL; } } catch (CryptoException ce) { result = ce.getReason(); diff --git a/src/applets/SimpleECCApplet.java b/src/applets/SimpleECCApplet.java index 8ec9e67..9901aee 100644 --- a/src/applets/SimpleECCApplet.java +++ b/src/applets/SimpleECCApplet.java @@ -53,6 +53,8 @@ public class SimpleECCApplet extends Applet { public final static byte ECTEST_SET_EXTERNALCURVE = (byte) 0xcb; public final static byte ECTEST_GENERATE_KEYPAIR_EXTERNALCURVE = (byte) 0xcc; public final static byte ECTEST_ECDSA_SIGNATURE = (byte) 0xcd; + public final static byte ECTEST_SET_INVALIDFIELD = (byte) 0xce; + public final static byte ECTEST_GENERATE_KEYPAIR_INVALIDFIELD = (byte) 0xcf; public final static short FLAG_ECTEST_ALLOCATE_KEYPAIR = (short) 0x0001; public final static short FLAG_ECTEST_GENERATE_KEYPAIR_DEFCURVE = (short) 0x0002; @@ -62,15 +64,17 @@ public class SimpleECCApplet extends Applet { public final static short FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE = (short) 0x0020; public final static short FLAG_ECTEST_ECDH_AGREEMENT_VALID_POINT = (short) 0x0040; public final static short FLAG_ECTEST_ECDH_AGREEMENT_INVALID_POINT = (short) 0x0080; + public final static short FLAG_ECTEST_ECDSA_SIGNATURE = (short) 0x0100; + public final static short FLAG_ECTEST_SET_INVALIDFIELD = (short) 0x0200; + public final static short FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDFIELD = (short) 0x0400; - public final static short FLAG_ECTEST_ALL = (short) 0x00ff; + public final static short FLAG_ECTEST_ALL = (short) 0xffff; public final static short SW_SKIPPED = (short) 0x0ee1; public final static short SW_KEYPAIR_GENERATED_INVALID = (short) 0x0ee2; public final static short SW_INVALID_CORRUPTION_TYPE = (short) 0x0ee3; - public final static short SW_SIG_LENGTH_MISMATCH = (short) 0xee4; - public final static short SW_SIG_VERIFY_FAIL = (short) 0xee5; + public final static short SW_SIG_VERIFY_FAIL = (short) 0xee4; /* public static final byte[] EC192_FP_PUBLICW = new byte[]{ (byte) 0x04, (byte) 0xC9, (byte) 0xC0, (byte) 0xED, (byte) 0xFB, (byte) 0x27, @@ -325,7 +329,25 @@ public class SimpleECCApplet extends Applet { bufferOffset += 2; // - // 7. Set invalid custom curve + // 7. ECDSA test + // + buffer[bufferOffset] = ECTEST_ECDSA_SIGNATURE; + bufferOffset++; + sw = SW_SKIPPED; + if ((testFlags & FLAG_ECTEST_ECDSA_SIGNATURE) != (short) 0) { + sw = ecKeyGenerator.generatePair(); + ecPubKey = ecKeyGenerator.getPublicKey(); + ecPrivKey = ecKeyGenerator.getPrivateKey(); + if (sw == ISO7816.SW_NO_ERROR) { + sw = ecKeyTester.testECDSA(ecPrivKey, ecPubKey, m_ramArray2, (short) 0, (short) m_ramArray2.length, m_ramArray, (short) 0); + } + + } + Util.setShort(buffer, bufferOffset, sw); + bufferOffset += 2; + + // + // 8. Set invalid custom curve // buffer[bufferOffset] = ECTEST_SET_INVALIDCURVE; bufferOffset++; @@ -341,7 +363,7 @@ public class SimpleECCApplet extends Applet { bufferOffset += 2; // - // 8. Generate keypair with invalid custom curve + // 9. Generate keypair with invalid custom curve // buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE; bufferOffset++; @@ -352,6 +374,35 @@ public class SimpleECCApplet extends Applet { Util.setShort(buffer, bufferOffset, sw); bufferOffset += 2; + // + // 10. Set invalid field + // + buffer[bufferOffset] = ECTEST_SET_INVALIDFIELD; + bufferOffset++; + sw = SW_SKIPPED; + if ((testFlags & FLAG_ECTEST_SET_INVALIDFIELD) != (short) 0) { + if (keyClass == KeyPair.ALG_EC_FP) + sw = ecKeyGenerator.setCustomInvalidCurve(keyClass, keyLen, ECKeyGenerator.KEY_BOTH, EC_Consts.PARAMETER_FP, EC_Consts.CORRUPTION_FULLRANDOM, m_ramArray, (short) 0); + else + sw = ecKeyGenerator.setCustomInvalidCurve(keyClass, keyLen, ECKeyGenerator.KEY_BOTH, EC_Consts.PARAMETER_F2M, EC_Consts.CORRUPTION_FULLRANDOM, m_ramArray, (short) 0); + + if (sw != ISO7816.SW_NO_ERROR) { + testFlags &= ~FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDFIELD; + } + } + Util.setShort(buffer, bufferOffset, sw); + bufferOffset += 2; + + // 11. Generate key with invalid field + buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_INVALIDFIELD; + bufferOffset++; + sw = SW_SKIPPED; + if ((testFlags & FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDFIELD) != (short) 0) { + sw = ecKeyGenerator.generatePair(); + } + Util.setShort(buffer, bufferOffset, sw); + bufferOffset += 2; + return (short) (bufferOffset - baseOffset); } diff --git a/src/simpleapdu/SimpleAPDU.java b/src/simpleapdu/SimpleAPDU.java index 8775217..77478a0 100644 --- a/src/simpleapdu/SimpleAPDU.java +++ b/src/simpleapdu/SimpleAPDU.java @@ -107,9 +107,8 @@ public class SimpleAPDU { } - public static void main(String[] args) throws FileNotFoundException, IOException { - + //parse cli args. Should be replaced with some cli parsing library code in the future. boolean genKeys = false; int genAmount = 0; boolean testAll = false; @@ -120,7 +119,7 @@ public class SimpleAPDU { if (args.length >= i + 1) { try { genAmount = Integer.parseInt(args[i + 1]); - }catch (NumberFormatException ignored) { + }catch (NumberFormatException ignored) { //is another param, genAmount = 0 by default genAmount = 0; } @@ -145,36 +144,21 @@ public class SimpleAPDU { try { if (testAll) { if (cardManager.ConnectToCard()) { - byte[] testAPDU2 = Arrays.copyOf(TESTECSUPPORT_GIVENALG, TESTECSUPPORT_GIVENALG.length); - testAPDU2[TESTECSUPPORT_ALG_OFFSET] = KeyPair.ALG_EC_FP; - setShort(testAPDU2, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 384); - testSupportECGivenAlg(testAPDU2, cardManager); - + // Test all default curves for both fields testSupportECAll(cardManager); - // + // Test setting invalid parameter B of curve byte[] testAPDU = Arrays.copyOf(TESTECSUPPORTALL_FP_KEYGEN_INVALIDCURVEB, TESTECSUPPORTALL_FP_KEYGEN_INVALIDCURVEB.length); - //testFPkeyGen_setCorruptionType(testAPDU, SimpleECCApplet.CORRUPT_B_LASTBYTEINCREMENT); testFPkeyGen_setCorruptionType(testAPDU, EC_Consts.CORRUPTION_ONEBYTERANDOM); - //testFPkeyGen_setCorruptionType(testAPDU, SimpleECCApplet.CORRUPT_B_FULLRANDOM); testFPkeyGen_setNumRepeats(testAPDU, (short) 10); testFPkeyGen_rewindOnSuccess(testAPDU, true); + ReconnnectToCard(); ResponseAPDU resp_fp_keygen = cardManager.sendAPDU(testAPDU); ResponseAPDU resp_keygen_params = cardManager.sendAPDU(TESTECSUPPORTALL_LASTUSEDPARAMS); PrintECKeyGenInvalidCurveB(resp_fp_keygen); PrintECKeyGenInvalidCurveB_lastUserParams(resp_keygen_params); - /* - // Test support for different types of curves - ReconnnectToCard(); - ResponseAPDU resp_fp = cardManager.sendAPDU(TESTECSUPPORTALL_FP); - ReconnnectToCard(); - ResponseAPDU resp_f2m = cardManager.sendAPDU(TESTECSUPPORTALL_F2M); - PrintECSupport(resp_fp); - PrintECSupport(resp_f2m); - */ - cardManager.DisconnectFromCard(); } else { m_SystemOutLogger.println("Failed to connect to card"); @@ -275,9 +259,6 @@ public class SimpleAPDU { if (code == SimpleECCApplet.SW_INVALID_CORRUPTION_TYPE) { codeStr = "SW_INVALID_CORRUPTION_TYPE"; } - if (code == SimpleECCApplet.SW_SIG_LENGTH_MISMATCH) { - codeStr = "SW_SIG_LENGTH_MISMATCH"; - } if (code == SimpleECCApplet.SW_SIG_VERIFY_FAIL) { codeStr = "SW_SIG_VERIFY_FAIL"; } @@ -286,7 +267,7 @@ public class SimpleAPDU { } enum ExpResult { - SHOULD_SUCCEDD, + SHOULD_SUCCEED, MAY_FAIL, MUST_FAIL } @@ -307,7 +288,7 @@ public class SimpleAPDU { if ((expRes == ExpResult.MUST_FAIL) && (resCode == ISO7816.SW_NO_ERROR)) { bHiglight = true; } - if ((expRes == ExpResult.SHOULD_SUCCEDD) && (resCode != ISO7816.SW_NO_ERROR)) { + if ((expRes == ExpResult.SHOULD_SUCCEED) && (resCode != ISO7816.SW_NO_ERROR)) { bHiglight = true; } if (bHiglight) { @@ -341,14 +322,17 @@ public class SimpleAPDU { m_SystemOutLogger.println(String.format("%-53s%d bits", "EC key length (bits):", keyLen)); bufferOffset += 2; - bufferOffset = VerifyPrintResult("KeyPair object allocation:", SimpleECCApplet.ECTEST_ALLOCATE_KEYPAIR, buffer, bufferOffset, ExpResult.SHOULD_SUCCEDD); + bufferOffset = VerifyPrintResult("KeyPair object allocation:", SimpleECCApplet.ECTEST_ALLOCATE_KEYPAIR, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED); bufferOffset = VerifyPrintResult("Generate key with def curve (fails if no def):", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_DEFCURVE, buffer, bufferOffset, ExpResult.MAY_FAIL); - bufferOffset = VerifyPrintResult("Set valid custom curve:", SimpleECCApplet.ECTEST_SET_VALIDCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEDD); - bufferOffset = VerifyPrintResult("Generate key with valid curve:", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEDD); - bufferOffset = VerifyPrintResult("ECDH agreement with valid point:", SimpleECCApplet.ECTEST_ECDH_AGREEMENT_VALID_POINT, buffer, bufferOffset, ExpResult.SHOULD_SUCCEDD); + bufferOffset = VerifyPrintResult("Set valid custom curve:", SimpleECCApplet.ECTEST_SET_VALIDCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED); + bufferOffset = VerifyPrintResult("Generate key with valid curve:", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED); + bufferOffset = VerifyPrintResult("ECDH agreement with valid point:", SimpleECCApplet.ECTEST_ECDH_AGREEMENT_VALID_POINT, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED); bufferOffset = VerifyPrintResult("ECDH agreement with invalid point (fail is good):", SimpleECCApplet.ECTEST_ECDH_AGREEMENT_INVALID_POINT, buffer, bufferOffset, ExpResult.MUST_FAIL); + bufferOffset = VerifyPrintResult("ECDSA signature on random data:", SimpleECCApplet.ECTEST_ECDSA_SIGNATURE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED); bufferOffset = VerifyPrintResult("Set invalid custom curve (may fail):", SimpleECCApplet.ECTEST_SET_INVALIDCURVE, buffer, bufferOffset, ExpResult.MAY_FAIL); bufferOffset = VerifyPrintResult("Generate key with invalid curve (fail is good):", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE, buffer, bufferOffset, ExpResult.MUST_FAIL); + bufferOffset = VerifyPrintResult("Set invalid field (may fail):", SimpleECCApplet.ECTEST_SET_INVALIDFIELD, buffer, bufferOffset, ExpResult.MAY_FAIL); + bufferOffset = VerifyPrintResult("Generate key with invalid field (fail si good):", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_INVALIDFIELD, buffer, bufferOffset, ExpResult.MUST_FAIL); m_SystemOutLogger.println(); } @@ -380,15 +364,15 @@ public class SimpleAPDU { bufferOffset += 2; m_SystemOutLogger.println(String.format("%-53s%d times", "Executed repeats before unexpected error: ", numRepeats)); - bufferOffset = VerifyPrintResult("KeyPair object allocation:", SimpleECCApplet.ECTEST_ALLOCATE_KEYPAIR, buffer, bufferOffset, ExpResult.SHOULD_SUCCEDD); + bufferOffset = VerifyPrintResult("KeyPair object allocation:", SimpleECCApplet.ECTEST_ALLOCATE_KEYPAIR, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED); while (bufferOffset < buffer.length) { - bufferOffset = VerifyPrintResult("Set invalid custom curve:", SimpleECCApplet.ECTEST_SET_INVALIDCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEDD); + bufferOffset = VerifyPrintResult("Set invalid custom curve:", SimpleECCApplet.ECTEST_SET_INVALIDCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED); bufferOffset = VerifyPrintResult("Generate key with invalid curve (fail is good):", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE, buffer, bufferOffset, ExpResult.MUST_FAIL); if (buffer[bufferOffset] == SimpleECCApplet.ECTEST_DH_GENERATESECRET) { bufferOffset = VerifyPrintResult("ECDH agreement with invalid point (fail is good):", SimpleECCApplet.ECTEST_DH_GENERATESECRET, buffer, bufferOffset, ExpResult.MUST_FAIL); } - bufferOffset = VerifyPrintResult("Set valid custom curve:", SimpleECCApplet.ECTEST_SET_VALIDCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEDD); - bufferOffset = VerifyPrintResult("Generate key with valid curve:", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEDD); + bufferOffset = VerifyPrintResult("Set valid custom curve:", SimpleECCApplet.ECTEST_SET_VALIDCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED); + bufferOffset = VerifyPrintResult("Generate key with valid curve:", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED); } m_SystemOutLogger.println(); |