diff options
Diffstat (limited to 'common/src')
3 files changed, 96 insertions, 45 deletions
diff --git a/common/src/main/java/cz/crcs/ectester/common/ec/EC_Curve.java b/common/src/main/java/cz/crcs/ectester/common/ec/EC_Curve.java index e26fc44..1fd6c3e 100644 --- a/common/src/main/java/cz/crcs/ectester/common/ec/EC_Curve.java +++ b/common/src/main/java/cz/crcs/ectester/common/ec/EC_Curve.java @@ -5,6 +5,7 @@ import org.bouncycastle.math.ec.ECCurve; import java.math.BigInteger; import java.security.spec.*; +import java.util.Arrays; /** * An Elliptic curve, contains parameters Fp/F2M, A, B, G, R, (K)?. @@ -96,7 +97,15 @@ public class EC_Curve extends EC_Params { BigInteger b = new BigInteger(1, getParam(EC_Consts.PARAMETER_B)[0]); BigInteger r = new BigInteger(1, getParam(EC_Consts.PARAMETER_R)[0]); BigInteger k = new BigInteger(1, getParam(EC_Consts.PARAMETER_K)[0]); - return new ECCurve.F2m(m, e1, e2, e3, a, b, r, k); + int[] powers = Arrays.stream(new int[]{e1, e2, e3}).sorted().toArray(); + e1 = powers[0]; + e2 = powers[1]; + e3 = powers[2]; + if (e1 == 0 && e2 == 0) { + return new ECCurve.F2m(m, e3, 0, 0, a, b, r, k); + } else { + return new ECCurve.F2m(m, e1, e2, e3, a, b, r, k); + } } } diff --git a/common/src/main/java/cz/crcs/ectester/common/util/CardUtil.java b/common/src/main/java/cz/crcs/ectester/common/util/CardUtil.java index eeb2159..2ab2d26 100644 --- a/common/src/main/java/cz/crcs/ectester/common/util/CardUtil.java +++ b/common/src/main/java/cz/crcs/ectester/common/util/CardUtil.java @@ -456,6 +456,23 @@ public class CardUtil { } } + public static String getSigTypeAlgoString(byte sigType) { + switch (sigType) { + case EC_Consts.Signature_ALG_ECDSA_SHA: + return "SHA1withECDSA"; + case EC_Consts.Signature_ALG_ECDSA_SHA_224: + return "SHA224withECDSA"; + case EC_Consts.Signature_ALG_ECDSA_SHA_256: + return "SHA256withECDSA"; + case EC_Consts.Signature_ALG_ECDSA_SHA_384: + return "SHA384withECDSA"; + case EC_Consts.Signature_ALG_ECDSA_SHA_512: + return "SHA512withECDSA"; + default: + return "unknown"; + } + } + public static byte getSigType(String sigTypeString) { switch (sigTypeString) { case "ECDSA_SHA": diff --git a/common/src/main/java/cz/crcs/ectester/common/util/ECUtil.java b/common/src/main/java/cz/crcs/ectester/common/util/ECUtil.java index e7f138e..4d74a87 100644 --- a/common/src/main/java/cz/crcs/ectester/common/util/ECUtil.java +++ b/common/src/main/java/cz/crcs/ectester/common/util/ECUtil.java @@ -14,6 +14,8 @@ import org.bouncycastle.jcajce.interfaces.EdDSAPrivateKey; import org.bouncycastle.jcajce.interfaces.EdDSAPublicKey; import org.bouncycastle.jcajce.interfaces.XDHPrivateKey; import org.bouncycastle.jcajce.interfaces.XDHPublicKey; +import org.bouncycastle.math.ec.ECCurve; +import org.bouncycastle.math.ec.ECFieldElement; import java.io.FileInputStream; import java.io.IOException; @@ -244,64 +246,87 @@ public class ECUtil { } public static EC_Params fullRandomPoint(EC_Curve curve) { - EllipticCurve ecCurve = curve.toCurve(); - - BigInteger p; - if (ecCurve.getField() instanceof ECFieldFp) { + if (curve.getField() == EC_Consts.ALG_EC_FP) { + EllipticCurve ecCurve = curve.toCurve(); ECFieldFp fp = (ECFieldFp) ecCurve.getField(); - p = fp.getP(); + BigInteger p = fp.getP(); if (!p.isProbablePrime(20)) { return null; } + BigInteger x; + BigInteger rhs; + do { + x = new BigInteger(ecCurve.getField().getFieldSize(), rand).mod(p); + rhs = computeRHS(x, ecCurve.getA(), ecCurve.getB(), p); + } while (!isResidue(rhs, p)); + BigInteger y = modSqrt(rhs, p); + if (rand.nextBoolean()) { + y = p.subtract(y); + } + + byte[] xArr = toByteArray(x, ecCurve.getField().getFieldSize()); + byte[] yArr = toByteArray(y, ecCurve.getField().getFieldSize()); + return new EC_Params(EC_Consts.PARAMETER_W, new byte[][]{xArr, yArr}); } else { - //TODO - return null; - } - BigInteger x; - BigInteger rhs; - do { - x = new BigInteger(ecCurve.getField().getFieldSize(), rand).mod(p); - rhs = computeRHS(x, ecCurve.getA(), ecCurve.getB(), p); - } while (!isResidue(rhs, p)); - BigInteger y = modSqrt(rhs, p); - if (rand.nextBoolean()) { - y = p.subtract(y); - } + ECCurve.F2m bcCurve = (ECCurve.F2m) curve.toBCCurve(); + BigInteger b = new BigInteger(bcCurve.getFieldSize(), rand); + org.bouncycastle.math.ec.ECPoint point; + while (true) { + try { + ECFieldElement.F2m x = (ECFieldElement.F2m) bcCurve.fromBigInteger(b); + byte[] pointTry = ByteUtil.concatenate(new byte[]{0x02}, x.getEncoded()); + point = bcCurve.decodePoint(pointTry); + break; + } catch (IllegalArgumentException iae) { + b = new BigInteger(bcCurve.getFieldSize(), rand); + } + } - byte[] xArr = toByteArray(x, ecCurve.getField().getFieldSize()); - byte[] yArr = toByteArray(y, ecCurve.getField().getFieldSize()); - return new EC_Params(EC_Consts.PARAMETER_W, new byte[][]{xArr, yArr}); + return new EC_Params(EC_Consts.PARAMETER_W, new byte[][] {point.getAffineXCoord().getEncoded(), point.getAffineYCoord().getEncoded()}); + } } public static EC_Params fixedRandomPoint(EC_Curve curve) { - EllipticCurve ecCurve = curve.toCurve(); - - BigInteger p; - if (ecCurve.getField() instanceof ECFieldFp) { + if (curve.getField() == EC_Consts.ALG_EC_FP) { + EllipticCurve ecCurve = curve.toCurve(); ECFieldFp fp = (ECFieldFp) ecCurve.getField(); - p = fp.getP(); + BigInteger p = fp.getP(); if (!p.isProbablePrime(20)) { return null; } - } else { - //TODO - return null; - } + BigInteger x = new BigInteger(1, hashCurve(curve)).mod(p); + BigInteger rhs = computeRHS(x, ecCurve.getA(), ecCurve.getB(), p); + while (!isResidue(rhs, p)) { + x = x.add(BigInteger.ONE).mod(p); + rhs = computeRHS(x, ecCurve.getA(), ecCurve.getB(), p); + } + BigInteger y = modSqrt(rhs, p); + if (y.bitCount() % 2 == 0) { + y = p.subtract(y); + } - BigInteger x = new BigInteger(1, hashCurve(curve)).mod(p); - BigInteger rhs = computeRHS(x, ecCurve.getA(), ecCurve.getB(), p); - while (!isResidue(rhs, p)) { - x = x.add(BigInteger.ONE).mod(p); - rhs = computeRHS(x, ecCurve.getA(), ecCurve.getB(), p); - } - BigInteger y = modSqrt(rhs, p); - if (y.bitCount() % 2 == 0) { - y = p.subtract(y); + byte[] xArr = toByteArray(x, ecCurve.getField().getFieldSize()); + byte[] yArr = toByteArray(y, ecCurve.getField().getFieldSize()); + return new EC_Params(EC_Consts.PARAMETER_W, new byte[][]{xArr, yArr}); + } else { + ECCurve.F2m bcCurve = (ECCurve.F2m) curve.toBCCurve(); + BigInteger b = new BigInteger(1, hashCurve(curve)); + while (b.bitLength() > bcCurve.getFieldSize()) { + b = b.shiftRight(1); + } + org.bouncycastle.math.ec.ECPoint point; + while (true) { + try { + ECFieldElement.F2m x = (ECFieldElement.F2m) bcCurve.fromBigInteger(b); + byte[] pointTry = ByteUtil.concatenate(new byte[]{0x02}, x.getEncoded()); + point = bcCurve.decodePoint(pointTry); + break; + } catch (IllegalArgumentException iae) { + b = b.add(BigInteger.ONE); + } + } + return new EC_Params(EC_Consts.PARAMETER_W, new byte[][] {point.getAffineXCoord().getEncoded(), point.getAffineYCoord().getEncoded()}); } - - byte[] xArr = toByteArray(x, ecCurve.getField().getFieldSize()); - byte[] yArr = toByteArray(y, ecCurve.getField().getFieldSize()); - return new EC_Params(EC_Consts.PARAMETER_W, new byte[][]{xArr, yArr}); } public static ECPoint toPoint(EC_Params params) { @@ -352,11 +377,11 @@ public class ECUtil { /** * Validate DER or PLAIN signature format. * - * @throws IllegalArgumentException in case of invalid format. * @param signature * @param params * @param hashAlgo * @param sigType + * @throws IllegalArgumentException in case of invalid format. */ public static void validateSignatureFormat(byte[] signature, ECParameterSpec params, String hashAlgo, String sigType) { BigInteger n = params.getOrder(); |