diff options
Diffstat (limited to 'src/cz/crcs/ectester/applet/EC_Consts.java')
| -rw-r--r-- | src/cz/crcs/ectester/applet/EC_Consts.java | 115 |
1 files changed, 71 insertions, 44 deletions
diff --git a/src/cz/crcs/ectester/applet/EC_Consts.java b/src/cz/crcs/ectester/applet/EC_Consts.java index 4581fd6..3f3ddb6 100644 --- a/src/cz/crcs/ectester/applet/EC_Consts.java +++ b/src/cz/crcs/ectester/applet/EC_Consts.java @@ -12,6 +12,8 @@ import javacard.security.RandomData; */ public class EC_Consts { + public static final byte KeyAgreement_ALG_EC_SVDP_DH_KDF = 1; + public static final byte KeyAgreement_ALG_EC_SVDP_DHC_KDF = 2; private static byte[] EC_FP_P = null; //p private static byte[] EC_A = null; //a private static byte[] EC_B = null; //b @@ -981,17 +983,19 @@ public class EC_Consts { public static final short EC571_F2M_K = 2; - // getCorruptCurveParameter PARAMETER_CORRUPTION TYPES - public static final short CORRUPTION_NONE = (short) 0x00; - public static final short CORRUPTION_FIXED = (short) 0x01; - public static final short CORRUPTION_FULLRANDOM = (short) 0x02; - public static final short CORRUPTION_ONEBYTERANDOM = (short) 0x04; - public static final short CORRUPTION_ZERO = (short) 0x08; - public static final short CORRUPTION_ONE = (short) 0x10; - public static final short CORRUPTION_MAX = (short) 0x20; - public static final short CORRUPTION_INCREMENT = (short) 0x40; - public static final short CORRUPTION_INFINITY = (short) 0x80; - public static final short CORRUPTION_COMPRESS = (short) 0x0100; + // transformParameter TRANSFORMATION types + public static final short TRANSFORMATION_NONE = (short) 0x00; + public static final short TRANSFORMATION_FIXED = (short) 0x01; + public static final short TRANSFORMATION_FULLRANDOM = (short) 0x02; + public static final short TRANSFORMATION_ONEBYTERANDOM = (short) 0x04; + public static final short TRANSFORMATION_ZERO = (short) 0x08; + public static final short TRANSFORMATION_ONE = (short) 0x10; + public static final short TRANSFORMATION_MAX = (short) 0x20; + public static final short TRANSFORMATION_INCREMENT = (short) 0x40; + public static final short TRANSFORMATION_INFINITY = (short) 0x80; + public static final short TRANSFORMATION_COMPRESS = (short) 0x0100; + public static final short TRANSFORMATION_COMPRESS_HYBRID = (short) 0x0200; + public static final short TRANSFORMATION_04_MASK = (short) 0x0400; // toX962 FORM types public static final byte X962_UNCOMPRESSED = (byte) 0x00; @@ -1026,23 +1030,40 @@ public class EC_Consts { public static final short[] FP_SIZES = new short[]{112, 128, 160, 192, 224, 256, 384, 521}; public static final short[] F2M_SIZES = new short[]{163, 233, 283, 409, 571}; + // Class javacard.security.KeyAgreement + // javacard.security.KeyAgreement Fields: + public static final byte KeyAgreement_ALG_EC_SVDP_DH = 1; + public static final byte KeyAgreement_ALG_EC_SVDP_DHC = 2; + public static final byte KeyAgreement_ALG_EC_SVDP_DH_PLAIN = 3; + public static final byte KeyAgreement_ALG_EC_SVDP_DHC_PLAIN = 4; + public static final byte KeyAgreement_ALG_EC_PACE_GM = 5; + public static final byte KeyAgreement_ALG_EC_SVDP_DH_PLAIN_XY = 6; + public static final byte[] KA_TYPES = new byte[]{ - ECTesterApplet.KeyAgreement_ALG_EC_SVDP_DH, - //ECTesterApplet.KeyAgreement_ALG_EC_SVDP_DH_KDF, //duplicate - ECTesterApplet.KeyAgreement_ALG_EC_SVDP_DHC, - //ECTesterApplet.KeyAgreement_ALG_EC_SVDP_DHC_KDF, //duplicate - ECTesterApplet.KeyAgreement_ALG_EC_SVDP_DH_PLAIN, - ECTesterApplet.KeyAgreement_ALG_EC_SVDP_DHC_PLAIN, - ECTesterApplet.KeyAgreement_ALG_EC_PACE_GM, - ECTesterApplet.KeyAgreement_ALG_EC_SVDP_DH_PLAIN_XY + KeyAgreement_ALG_EC_SVDP_DH, + //KeyAgreement_ALG_EC_SVDP_DH_KDF, //duplicate + KeyAgreement_ALG_EC_SVDP_DHC, + //KeyAgreement_ALG_EC_SVDP_DHC_KDF, //duplicate + KeyAgreement_ALG_EC_SVDP_DH_PLAIN, + KeyAgreement_ALG_EC_SVDP_DHC_PLAIN, + KeyAgreement_ALG_EC_PACE_GM, + KeyAgreement_ALG_EC_SVDP_DH_PLAIN_XY }; + // Class javacard.security.Signature + // javacard.security.Signature Fields: + public static final byte Signature_ALG_ECDSA_SHA = 17; + public static final byte Signature_ALG_ECDSA_SHA_224 = 37; + public static final byte Signature_ALG_ECDSA_SHA_256 = 33; + public static final byte Signature_ALG_ECDSA_SHA_384 = 34; + public static final byte Signature_ALG_ECDSA_SHA_512 = 38; + public static final byte[] SIG_TYPES = new byte[]{ - ECTesterApplet.Signature_ALG_ECDSA_SHA, - ECTesterApplet.Signature_ALG_ECDSA_SHA_224, - ECTesterApplet.Signature_ALG_ECDSA_SHA_256, - ECTesterApplet.Signature_ALG_ECDSA_SHA_384, - ECTesterApplet.Signature_ALG_ECDSA_SHA_512 + Signature_ALG_ECDSA_SHA, + Signature_ALG_ECDSA_SHA_224, + Signature_ALG_ECDSA_SHA_256, + Signature_ALG_ECDSA_SHA_384, + Signature_ALG_ECDSA_SHA_512 }; public static byte getCurve(short keyLength, byte keyClass) { @@ -1307,27 +1328,27 @@ public class EC_Consts { return length; } - public static short corruptParameter(short corruption, byte[] buffer, short offset, short length) { - if (corruption == CORRUPTION_NONE) { + public static short transformParameter(short transformation, byte[] buffer, short offset, short length) { + if (transformation == TRANSFORMATION_NONE) { return length; } - short corruptionMask = CORRUPTION_FIXED; - while (corruptionMask <= CORRUPTION_COMPRESS) { - short corruptionPart = (short) (corruptionMask & corruption); - switch (corruptionPart) { + short transformationMask = TRANSFORMATION_FIXED; + while (transformationMask <= TRANSFORMATION_04_MASK) { + short transformationPart = (short) (transformationMask & transformation); + switch (transformationPart) { case (short) 0: break; - case CORRUPTION_FIXED: + case TRANSFORMATION_FIXED: if (length >= 1) { buffer[offset] = (byte) 0xcc; buffer[(short) (offset + length - 1)] = (byte) 0xcc; } break; - case CORRUPTION_FULLRANDOM: + case TRANSFORMATION_FULLRANDOM: randomData.generateData(buffer, offset, length); break; - case CORRUPTION_ONEBYTERANDOM: + case TRANSFORMATION_ONEBYTERANDOM: short first = Util.getShort(buffer, (short) 0); // save first two bytes randomData.generateData(buffer, (short) 0, (short) 2); // generate position @@ -1345,17 +1366,17 @@ public class EC_Consts { randomData.generateData(buffer, rngPos, (short) 1); } while (original == buffer[rngPos]); break; - case CORRUPTION_ZERO: + case TRANSFORMATION_ZERO: Util.arrayFillNonAtomic(buffer, offset, length, (byte) 0); break; - case CORRUPTION_ONE: + case TRANSFORMATION_ONE: Util.arrayFillNonAtomic(buffer, offset, length, (byte) 0); buffer[(short) (offset + length)] = (byte) 1; break; - case CORRUPTION_MAX: + case TRANSFORMATION_MAX: Util.arrayFillNonAtomic(buffer, offset, length, (byte) 1); break; - case CORRUPTION_INCREMENT: + case TRANSFORMATION_INCREMENT: short index = (short) (offset + length - 1); byte value; do { @@ -1363,12 +1384,12 @@ public class EC_Consts { buffer[index--] = ++value; } while (value == (byte) 0 && index >= offset); break; - case CORRUPTION_INFINITY: + case TRANSFORMATION_INFINITY: Util.arrayFillNonAtomic(buffer, offset, length, (byte) 0); length = 1; break; - case CORRUPTION_COMPRESS: - + case TRANSFORMATION_COMPRESS_HYBRID: + case TRANSFORMATION_COMPRESS: if ((short) (length % 2) != 1) { // an uncompressed point should have odd length (since 1 byte type, + 2 * coords) ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); @@ -1382,13 +1403,19 @@ public class EC_Consts { buffer[offset] = 2; } - length = (short) (half + 1); + if (transformationPart == TRANSFORMATION_COMPRESS) { + length = (short) (half + 1); + } else { + buffer[offset] += 4; + } + break; + case TRANSFORMATION_04_MASK: + buffer[offset] = 4; break; - //TODO: test hybrid form with not corresponding yBit (in first byte value) and y_value in the second half of the param default: ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); } - corruptionMask = (short) (corruptionMask << 1); + transformationMask = (short) (transformationMask << 1); } return length; } @@ -1409,7 +1436,7 @@ public class EC_Consts { break; case X962_HYBRID: outputBuffer[offset] = 4; - case X962_COMPRESSED: + case X962_COMPRESSED: /* fallthrough */ byte yLSB = yBuffer[(short) (yOffset + yLength)]; byte yBit = (byte) (yLSB & 0x01); |