aboutsummaryrefslogtreecommitdiff
path: root/src/cz/crcs/ectester/applet/ECTesterApplet.java
diff options
context:
space:
mode:
Diffstat (limited to 'src/cz/crcs/ectester/applet/ECTesterApplet.java')
-rw-r--r--src/cz/crcs/ectester/applet/ECTesterApplet.java184
1 files changed, 62 insertions, 122 deletions
diff --git a/src/cz/crcs/ectester/applet/ECTesterApplet.java b/src/cz/crcs/ectester/applet/ECTesterApplet.java
index deb3aae..870fb3d 100644
--- a/src/cz/crcs/ectester/applet/ECTesterApplet.java
+++ b/src/cz/crcs/ectester/applet/ECTesterApplet.java
@@ -26,11 +26,7 @@
package cz.crcs.ectester.applet;
import javacard.framework.*;
-import javacard.security.ECPrivateKey;
-import javacard.security.ECPublicKey;
-import javacard.security.KeyAgreement;
-import javacard.security.KeyPair;
-import javacard.security.RandomData;
+import javacard.security.*;
import javacardx.apdu.ExtendedLength;
/**
@@ -55,8 +51,9 @@ public class ECTesterApplet extends Applet implements ExtendedLength {
public static final byte INS_ECDH_DIRECT = (byte) 0x71;
public static final byte INS_ECDSA = (byte) 0x72;
public static final byte INS_CLEANUP = (byte) 0x73;
- public static final byte INS_SUPPORT = (byte) 0x74;
+ //public static final byte INS_SUPPORT = (byte) 0x74;
public static final byte INS_ALLOCATE_KA = (byte) 0x75;
+ public static final byte INS_ALLOCATE_SIG = (byte) 0x76;
// PARAMETERS for P1 and P2
@@ -88,6 +85,13 @@ public class ECTesterApplet extends Applet implements ExtendedLength {
public static final byte KeyAgreement_ALG_EC_SVDP_DH_PLAIN_XY = 6;
public static final byte KeyAgreement_ALG_DH_PLAIN = 7;
+ // Class javacard.security.Signature
+ // javacard.security.Signature Fields:
+ public static final byte Signature_ALG_ECDSA_SHA = 17;
+ public static final byte Signature_ALG_ECDSA_SHA_256 = 33;
+ public static final byte Signature_ALG_ECDSA_SHA_384 = 34;
+ public static final byte Signature_ALG_ECDSA_SHA_224 = 37;
+ public static final byte Signature_ALG_ECDSA_SHA_512 = 38;
private static final short ARRAY_LENGTH = (short) 0xff;
private static final short APDU_MAX_LENGTH = (short) 1024;
@@ -98,13 +102,9 @@ public class ECTesterApplet extends Applet implements ExtendedLength {
// PERSISTENT ARRAY IN EEPROM
private byte[] dataArray = null; // unused
-
private RandomData randomData = null;
private ECKeyTester keyTester = null;
- private short ecdhSW;
- private short ecdhcSW;
- private short ecdsaSW;
private ECKeyGenerator keyGenerator = null;
private KeyPair localKeypair = null;
private KeyPair remoteKeypair = null;
@@ -133,11 +133,6 @@ public class ECTesterApplet extends Applet implements ExtendedLength {
keyGenerator = new ECKeyGenerator();
keyTester = new ECKeyTester();
- ecdhSW = keyTester.allocateECDH(KeyAgreement.ALG_EC_SVDP_DH);
- ecdhcSW = keyTester.allocateECDHC(KeyAgreement.ALG_EC_SVDP_DHC);
- //ecdhSW = keyTester.allocateECDH((byte) 3);
- //ecdhcSW = keyTester.allocateECDHC((byte) 4);
- ecdsaSW = keyTester.allocateECDSA();
}
register();
}
@@ -166,6 +161,9 @@ public class ECTesterApplet extends Applet implements ExtendedLength {
case INS_ALLOCATE_KA:
length = insAllocateKA(apdu);
break;
+ case INS_ALLOCATE_SIG:
+ length = insAllocateSig(apdu);
+ break;
case INS_ALLOCATE:
length = insAllocate(apdu);
break;
@@ -196,9 +194,6 @@ public class ECTesterApplet extends Applet implements ExtendedLength {
case INS_CLEANUP:
length = insCleanup(apdu);
break;
- case INS_SUPPORT:
- length = insSupport(apdu);
- break;
default:
// The INS code is not supported by the dispatcher
ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
@@ -210,7 +205,7 @@ public class ECTesterApplet extends Applet implements ExtendedLength {
}
/**
- * Allocates KeyAgreement object. returns allocate SW
+ * Allocates KeyAgreement object, returns allocate SW.
*
* @param apdu DATA = byte KeyAgreementType
* @return length of response
@@ -218,35 +213,25 @@ public class ECTesterApplet extends Applet implements ExtendedLength {
private short insAllocateKA(APDU apdu) {
short cdata = apdu.getOffsetCdata();
byte kaType = apduArray[cdata];
-/*
- short sw = SW_KA_UNSUPPORTED;
- switch (kaType) {
- case KeyAgreement_ALG_EC_SVDP_DH: // no break
- case KeyAgreement_ALG_EC_SVDP_DH_PLAIN:
- case KeyAgreement_ALG_EC_PACE_GM:
- case KeyAgreement_ALG_EC_SVDP_DH_PLAIN_XY:
- sw = keyTester.allocateECDH(kaType);
- break;
- case KeyAgreement_ALG_EC_SVDP_DHC:
- case KeyAgreement_ALG_EC_SVDP_DHC_PLAIN:
- sw = keyTester.allocateECDHC(kaType);
- break;
- default:
- sw = SW_KA_UNSUPPORTED;
- break;
- }
-*/
- // Allocate given type into both DH and DHC objects
- short sw = keyTester.allocateECDH(kaType);
- short offset = 0;
- Util.setShort(apdu.getBuffer(), offset, sw);
- offset += 2;
+ short sw = keyTester.allocateKA(kaType);
+ Util.setShort(apdu.getBuffer(), (short) 0, sw);
+ return 2;
+ }
- //sw = keyTester.allocateECDHC(kaType);
- Util.setShort(apdu.getBuffer(), offset, sw);
- offset += 2;
- return offset;
+ /**
+ * Allocates a Signature object, returns allocate SW.
+ *
+ * @param apdu DATA = byte SignatureType
+ * @return length of response
+ */
+ private short insAllocateSig(APDU apdu) {
+ short cdata = apdu.getOffsetCdata();
+ byte sigType = apduArray[cdata];
+ short sw = keyTester.allocateSig(sigType);
+ Util.setShort(apdu.getBuffer(), (short) 0, sw);
+ return 2;
}
+
/**
* Allocates local and remote keyPairs.
* returns allocate SWs
@@ -449,7 +434,8 @@ public class ECTesterApplet extends Applet implements ExtendedLength {
*
* @param apdu P1 = byte keyPair (KEYPAIR_*)
* P2 = byte export (EXPORT_TRUE || EXPORT_FALSE)
- * DATA = short dataLength (00 = random data generated, !00 = data length)
+ * DATA = byte sigType
+ * short dataLength (00 = random data generated, !00 = data length)
* byte[] data
* @return length of response
*/
@@ -457,13 +443,14 @@ public class ECTesterApplet extends Applet implements ExtendedLength {
byte keyPair = apduArray[ISO7816.OFFSET_P1];
byte export = apduArray[ISO7816.OFFSET_P2];
short cdata = apdu.getOffsetCdata();
+ byte sigType = apduArray[cdata];
short len = 0;
if ((keyPair & KEYPAIR_LOCAL) != 0) {
- len += ecdsa(localKeypair, export, apduArray, cdata, apdu.getBuffer(), (short) 0);
+ len += ecdsa(localKeypair, sigType, export, apduArray, cdata, apdu.getBuffer(), (short) 0);
}
if ((keyPair & KEYPAIR_REMOTE) != 0) {
- len += ecdsa(remoteKeypair, export, apduArray, cdata, apdu.getBuffer(), len);
+ len += ecdsa(remoteKeypair, sigType, export, apduArray, cdata, apdu.getBuffer(), len);
}
return len;
@@ -482,19 +469,6 @@ public class ECTesterApplet extends Applet implements ExtendedLength {
}
/**
- * Returns data about card support for various EC related tasks collected on applet
- * install.
- *
- * @param apdu no data
- * @return length of response
- */
- private short insSupport(APDU apdu) {
- byte[] apdubuf = apdu.getBuffer();
-
- return support(apdubuf, (short) 0);
- }
-
- /**
* @param keyPair which keyPair to use, local/remote (KEYPAIR_* | ...)
* @param keyLength key length to set
* @param keyClass key class to allocate
@@ -625,7 +599,7 @@ public class ECTesterApplet extends Applet implements ExtendedLength {
* @param privkey keyPair to use for private key, (KEYPAIR_LOCAL || KEYPAIR_REMOTE)
* @param export whether to export ECDH secret
* @param corruption whether to invalidate the pubkey before ECDH
- * @param type KeyAgreement type to test (EC_Consts.KA_* || ...)
+ * @param type KeyAgreement type to test
* @param outBuffer buffer to write sw to, and export ECDH secret {@code if(export == EXPORT_TRUE)}
* @param outOffset output offset in buffer
* @return length of data written to the buffer
@@ -637,23 +611,14 @@ public class ECTesterApplet extends Applet implements ExtendedLength {
KeyPair priv = ((privkey & KEYPAIR_LOCAL) != 0) ? localKeypair : remoteKeypair;
short secretLength = 0;
- switch (type) {
- case EC_Consts.KA_ECDH:
- secretLength = keyTester.testECDH(priv, pub, ramArray, (short) 0, ramArray2, (short) 0, corruption);
- break;
- case EC_Consts.KA_ECDHC:
- secretLength = keyTester.testECDHC(priv, pub, ramArray, (short) 0, ramArray2, (short) 0, corruption);
- break;
- case EC_Consts.KA_BOTH:
- secretLength = keyTester.testBOTH(priv, pub, ramArray, (short) 0, ramArray2, (short) 0, corruption);
- break;
- case EC_Consts.KA_ANY:
- secretLength = keyTester.testANY(priv, pub, ramArray, (short) 0, ramArray2, (short) 0, corruption);
- break;
- default:
- ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
+ if (keyTester.getKaType() == type) {
+ secretLength = keyTester.testKA(priv, pub, ramArray, (short) 0, ramArray2, (short) 0, corruption);
+ } else {
+ short allocateSW = keyTester.allocateKA(type);
+ if (allocateSW == ISO7816.SW_NO_ERROR) {
+ secretLength = keyTester.testKA(priv, pub, ramArray, (short) 0, ramArray2, (short) 0, corruption);
+ }
}
-
Util.setShort(outBuffer, outOffset, keyTester.getSW());
length += 2;
@@ -673,21 +638,13 @@ public class ECTesterApplet extends Applet implements ExtendedLength {
KeyPair priv = ((privkey & KEYPAIR_LOCAL) != 0) ? localKeypair : remoteKeypair;
short secretLength = 0;
- switch (type) {
- case EC_Consts.KA_ECDH:
- secretLength = keyTester.testECDH_direct(priv, apduArray, keyOffset, keyLength, outBuffer, outOffset, corruption);
- break;
- case EC_Consts.KA_ECDHC:
- secretLength = keyTester.testECDHC_direct(priv, apduArray, keyOffset, keyLength, outBuffer, outOffset, corruption);
- break;
- case EC_Consts.KA_BOTH:
- secretLength = keyTester.testBOTH_direct(priv, apduArray, keyOffset, keyLength, outBuffer, outOffset, corruption);
- break;
- case EC_Consts.KA_ANY:
- secretLength = keyTester.testANY_direct(priv, apduArray, keyOffset, keyLength, outBuffer, outOffset, corruption);
- break;
- default:
- ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
+ if (keyTester.getKaType() == type) {
+ secretLength = keyTester.testKA_direct(priv, apduArray, keyOffset, keyLength, ramArray2, (short) 0, corruption);
+ } else {
+ short allocateSW = keyTester.allocateKA(type);
+ if (allocateSW == ISO7816.SW_NO_ERROR) {
+ secretLength = keyTester.testKA_direct(priv, apduArray, keyOffset, keyLength, ramArray2, (short) 0, corruption);
+ }
}
Util.setShort(outBuffer, outOffset, keyTester.getSW());
@@ -704,6 +661,7 @@ public class ECTesterApplet extends Applet implements ExtendedLength {
/**
* @param sign keyPair to use for signing and verification
+ * @param sigType Signature type to use
* @param export whether to export ECDSA signature
* @param inBuffer buffer to read dataLength and data to sign from
* @param inOffset input offset in buffer
@@ -711,7 +669,7 @@ public class ECTesterApplet extends Applet implements ExtendedLength {
* @param outOffset output offset in buffer
* @return length of data written to the buffer
*/
- private short ecdsa(KeyPair sign, byte export, byte[] inBuffer, short inOffset, byte[] outBuffer, short outOffset) {
+ private short ecdsa(KeyPair sign, byte sigType, byte export, byte[] inBuffer, short inOffset, byte[] outBuffer, short outOffset) {
short length = 0;
short dataLength = Util.getShort(inBuffer, inOffset);
@@ -723,7 +681,15 @@ public class ECTesterApplet extends Applet implements ExtendedLength {
Util.arrayCopyNonAtomic(inBuffer, (short) (inOffset + 2), ramArray, (short) 0, dataLength);
}
- short signatureLength = keyTester.testECDSA((ECPrivateKey) sign.getPrivate(), (ECPublicKey) sign.getPublic(), ramArray, (short) 0, dataLength, ramArray2, (short) 0);
+ short signatureLength = 0;
+ if (keyTester.getSigType() == sigType) {
+ signatureLength = keyTester.testECDSA((ECPrivateKey) sign.getPrivate(), (ECPublicKey) sign.getPublic(), ramArray, (short) 0, dataLength, ramArray2, (short) 0);
+ } else {
+ short allocateSW = keyTester.allocateSig(sigType);
+ if (allocateSW == ISO7816.SW_NO_ERROR) {
+ signatureLength = keyTester.testECDSA((ECPrivateKey) sign.getPrivate(), (ECPublicKey) sign.getPublic(), ramArray, (short) 0, dataLength, ramArray2, (short) 0);
+ }
+ }
Util.setShort(outBuffer, outOffset, keyTester.getSW());
length += 2;
@@ -755,30 +721,4 @@ public class ECTesterApplet extends Applet implements ExtendedLength {
Util.setShort(buffer, offset, sw);
return 2;
}
-
- /**
- * @param buffer buffer to write sw to
- * @param offset output offset in buffer
- * @return length of data written to the buffer
- */
- private short support(byte[] buffer, short offset) {
-
- if (keyTester.hasECDH()) {
- Util.setShort(buffer, offset, ecdhSW);
- } else {
- Util.setShort(buffer, offset, ISO7816.SW_FUNC_NOT_SUPPORTED);
- }
- if (keyTester.hasECDHC()) {
- Util.setShort(buffer, (short) (offset + 2), ecdhcSW);
- } else {
- Util.setShort(buffer, (short) (offset + 2), ISO7816.SW_FUNC_NOT_SUPPORTED);
- }
- if (keyTester.hasECDSA()) {
- Util.setShort(buffer, (short) (offset + 4), ecdsaSW);
- } else {
- Util.setShort(buffer, (short) (offset + 4), ISO7816.SW_FUNC_NOT_SUPPORTED);
- }
-
- return 6;
- }
}
generated by cgit v1.2.3-70-g09d2 (git 2.51.2) at 2025-11-08 19:25:56 +0000