7 files changed, 121 insertions, 8 deletions

diff --git a/src/cz/crcs/ectester/reader/ECTesterReader.java b/src/cz/crcs/ectester/reader/ECTesterReader.java
index dfd71db..84c0439 100644
--- a/src/cz/crcs/ectester/reader/ECTesterReader.java
+++ b/src/cz/crcs/ectester/reader/ECTesterReader.java
@@ -49,8 +49,8 @@ import java.util.LinkedList;
 import java.util.List;
 import java.util.Scanner;
 
-import static cz.crcs.ectester.applet.ECTesterApplet.KeyAgreement_ALG_EC_SVDP_DH;
-import static cz.crcs.ectester.applet.ECTesterApplet.Signature_ALG_ECDSA_SHA;
+import static cz.crcs.ectester.applet.EC_Consts.KeyAgreement_ALG_EC_SVDP_DH;
+import static cz.crcs.ectester.applet.EC_Consts.Signature_ALG_ECDSA_SHA;
 
 /**
  * Reader part of ECTester, a tool for testing Elliptic curve support on javacards.
diff --git a/src/cz/crcs/ectester/reader/command/Command.java b/src/cz/crcs/ectester/reader/command/Command.java
index 25b41dd..d0eaf45 100644
--- a/src/cz/crcs/ectester/reader/command/Command.java
+++ b/src/cz/crcs/ectester/reader/command/Command.java
@@ -685,6 +685,10 @@ public abstract class Command {
          */
         public ECDSA(CardMngr cardManager, byte keyPair, byte sigType, byte export, byte[] raw) {
             super(cardManager);
+            if (keyPair == ECTesterApplet.KEYPAIR_BOTH) {
+                throw new IllegalArgumentException();
+            }
+
             this.keyPair = keyPair;
             this.sigType = sigType;
             this.export = export;
@@ -718,6 +722,115 @@ public abstract class Command {
         }
     }
 
+    public static class ECDSA_sign extends Command {
+        private byte keyPair;
+        private byte sigType;
+        private byte export;
+        private byte[] raw;
+
+        /**
+         * Creates the INS_ECDSA_SIGN instruction.
+         *
+         * @param cardManager cardManager to send APDU through
+         * @param keyPair     keyPair to use for signing and verification (KEYPAIR_LOCAL || KEYPAIR_REMOTE)
+         * @param sigType     Signature type to use
+         * @param export      whether to export ECDSA signature
+         * @param raw         data to sign, can be null, in which case random data is signed.
+         */
+        public ECDSA_sign(CardMngr cardManager, byte keyPair, byte sigType, byte export, byte[] raw) {
+            super(cardManager);
+            if (keyPair == ECTesterApplet.KEYPAIR_BOTH) {
+                throw new IllegalArgumentException();
+            }
+
+            this.keyPair = keyPair;
+            this.sigType = sigType;
+            this.export = export;
+            this.raw = raw;
+
+            int len = raw != null ? raw.length : 0;
+            byte[] data = new byte[3 + len];
+            data[0] = sigType;
+            ByteUtil.setShort(data, 1, (short) len);
+            if (raw != null) {
+                System.arraycopy(raw, 0, data, 3, len);
+            }
+
+            this.cmd = new CommandAPDU(ECTesterApplet.CLA_ECTESTERAPPLET, ECTesterApplet.INS_ECDSA_SIGN, keyPair, export, data);
+        }
+
+        @Override
+        public Response.ECDSA send() throws CardException {
+            long elapsed = -System.nanoTime();
+            ResponseAPDU response = cardManager.send(cmd);
+            elapsed += System.nanoTime();
+            return new Response.ECDSA(response, getDescription(), elapsed, keyPair, sigType, export, raw);
+        }
+
+        @Override
+        public String getDescription() {
+            String algo = CardUtil.getSigTypeString(sigType);
+            String key = keyPair == ECTesterApplet.KEYPAIR_LOCAL ? "local" : "remote";
+            String data = raw == null ? "random" : "provided";
+            return String.format("%s signature with %s keypair(%s data)", algo, key, data);
+        }
+    }
+
+    public static class ECDSA_verify extends Command {
+        private byte keyPair;
+        private byte sigType;
+        private byte[] raw;
+        private byte[] signature;
+
+        /**
+         * Creates the INS_ECDSA_VERIFY instruction.
+         *
+         * @param cardManager cardManager to send APDU through
+         * @param keyPair     keyPair to use for signing and verification (KEYPAIR_LOCAL || KEYPAIR_REMOTE)
+         * @param sigType     Signature type to use
+         * @param raw         data to sign
+         * @param signature   signature data
+         */
+        public ECDSA_verify(CardMngr cardManager, byte keyPair, byte sigType, byte[] raw, byte[] signature) {
+            super(cardManager);
+            if (keyPair == ECTesterApplet.KEYPAIR_BOTH) {
+                throw new IllegalArgumentException();
+            }
+            if (raw == null || signature == null) {
+                throw new IllegalArgumentException();
+            }
+
+            this.keyPair = keyPair;
+            this.sigType = sigType;
+            this.raw = raw;
+            this.signature = signature;
+
+            byte[] data = new byte[4 + raw.length + signature.length];
+            ByteUtil.setShort(data, 0, (short) raw.length);
+            System.arraycopy(raw, 0, data, 2, raw.length);
+            ByteUtil.setShort(data, 2 + raw.length, (short) signature.length);
+            System.arraycopy(signature, 0, data, 2 + raw.length + 2, signature.length);
+
+            this.cmd = new CommandAPDU(ECTesterApplet.CLA_ECTESTERAPPLET, ECTesterApplet.INS_ECDSA_SIGN, keyPair, sigType, data);
+        }
+
+        @Override
+        public Response.ECDSA send() throws CardException {
+            long elapsed = -System.nanoTime();
+            ResponseAPDU response = cardManager.send(cmd);
+            elapsed += System.nanoTime();
+            return new Response.ECDSA(response, getDescription(), elapsed, keyPair, sigType, ECTesterApplet.EXPORT_FALSE, raw);
+        }
+
+        @Override
+        public String getDescription() {
+            String algo = CardUtil.getSigTypeString(sigType);
+            String key = keyPair == ECTesterApplet.KEYPAIR_LOCAL ? "local" : "remote";
+            String data = raw == null ? "random" : "provided";
+            return String.format("%s verification with %s keypair(%s data)", algo, key, data);
+        }
+    }
+
     /**
      *
      */
diff --git a/src/cz/crcs/ectester/reader/test/CardCofactorTestSuite.java b/src/cz/crcs/ectester/reader/test/CardCofactorTestSuite.java
index a0b71a7..1ca05d4 100644
--- a/src/cz/crcs/ectester/reader/test/CardCofactorTestSuite.java
+++ b/src/cz/crcs/ectester/reader/test/CardCofactorTestSuite.java
@@ -48,7 +48,7 @@ public class CardCofactorTestSuite extends CardTestSuite {
 
             List<Test> ecdhTests = new LinkedList<>();
             for (EC_Key.Public pub : keys) {
-                Command ecdhCommand = new Command.ECDH_direct(this.card, ECTesterApplet.KEYPAIR_LOCAL, ECTesterApplet.EXPORT_FALSE, EC_Consts.TRANSFORMATION_NONE, ECTesterApplet.KeyAgreement_ALG_EC_SVDP_DH, pub.flatten());
+                Command ecdhCommand = new Command.ECDH_direct(this.card, ECTesterApplet.KEYPAIR_LOCAL, ECTesterApplet.EXPORT_FALSE, EC_Consts.TRANSFORMATION_NONE, EC_Consts.KeyAgreement_ALG_EC_SVDP_DH, pub.flatten());
                 ecdhTests.add(CommandTest.expect(ecdhCommand, Result.ExpectedValue.FAILURE, "Card correctly rejected point on non-generator subgroup.", "Card incorrectly accepted point on non-generator subgroup."));
             }
             Test ecdh = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Perform ECDH with public points on non-generator subgroup", ecdhTests.toArray(new Test[0]));
diff --git a/src/cz/crcs/ectester/reader/test/CardCompositeCurvesSuite.java b/src/cz/crcs/ectester/reader/test/CardCompositeCurvesSuite.java
index f0eaa87..95204dd 100644
--- a/src/cz/crcs/ectester/reader/test/CardCompositeCurvesSuite.java
+++ b/src/cz/crcs/ectester/reader/test/CardCompositeCurvesSuite.java
@@ -39,7 +39,7 @@ public class CardCompositeCurvesSuite extends CardTestSuite {
             Test allocate = CommandTest.expect(new Command.Allocate(this.card, ECTesterApplet.KEYPAIR_BOTH, curve.getBits(), curve.getField()), ExpectedValue.SUCCESS);
             Test set = CommandTest.expect(new Command.Set(this.card, ECTesterApplet.KEYPAIR_BOTH, EC_Consts.CURVE_external, curve.getParams(), curve.flatten()), ExpectedValue.ANY);
             Test generate = CommandTest.expect(new Command.Generate(this.card, ECTesterApplet.KEYPAIR_LOCAL), ExpectedValue.ANY);
-            Command ecdhCommand = new Command.ECDH_direct(this.card, ECTesterApplet.KEYPAIR_LOCAL, ECTesterApplet.EXPORT_FALSE, EC_Consts.TRANSFORMATION_NONE, ECTesterApplet.KeyAgreement_ALG_EC_SVDP_DH, key.flatten());
+            Command ecdhCommand = new Command.ECDH_direct(this.card, ECTesterApplet.KEYPAIR_LOCAL, ECTesterApplet.EXPORT_FALSE, EC_Consts.TRANSFORMATION_NONE, EC_Consts.KeyAgreement_ALG_EC_SVDP_DH, key.flatten());
             Test ecdh = CommandTest.expect(ecdhCommand, ExpectedValue.FAILURE, "Card correctly rejected to do ECDH over a composite order curve.", "Card incorrectly does ECDH over a composite order curve, leaks bits of private key.");
 
             doTest(CompoundTest.greedyAllTry(ExpectedValue.SUCCESS, "Composite test of " + curve.getId() + ", " + key.getDesc(), allocate, set, generate, ecdh));
diff --git a/src/cz/crcs/ectester/reader/test/CardInvalidCurvesSuite.java b/src/cz/crcs/ectester/reader/test/CardInvalidCurvesSuite.java
index fab7786..d3c5f99 100644
--- a/src/cz/crcs/ectester/reader/test/CardInvalidCurvesSuite.java
+++ b/src/cz/crcs/ectester/reader/test/CardInvalidCurvesSuite.java
@@ -53,7 +53,7 @@ public class CardInvalidCurvesSuite extends CardTestSuite {
 
             List<Test> ecdhTests = new LinkedList<>();
             for (EC_Key.Public pub : keys) {
-                Command ecdhCommand = new Command.ECDH_direct(this.card, ECTesterApplet.KEYPAIR_LOCAL, ECTesterApplet.EXPORT_FALSE, EC_Consts.TRANSFORMATION_NONE, ECTesterApplet.KeyAgreement_ALG_EC_SVDP_DH, pub.flatten());
+                Command ecdhCommand = new Command.ECDH_direct(this.card, ECTesterApplet.KEYPAIR_LOCAL, ECTesterApplet.EXPORT_FALSE, EC_Consts.TRANSFORMATION_NONE, EC_Consts.KeyAgreement_ALG_EC_SVDP_DH, pub.flatten());
                 ecdhTests.add(CommandTest.expect(ecdhCommand, ExpectedValue.FAILURE, "Card correctly rejected point on invalid curve.", "Card incorrectly accepted point on invalid curve."));
             }
             Test ecdh = CompoundTest.all(ExpectedValue.SUCCESS, "Perform ECDH with invalid public points", ecdhTests.toArray(new Test[0]));
diff --git a/src/cz/crcs/ectester/reader/test/CardTwistTestSuite.java b/src/cz/crcs/ectester/reader/test/CardTwistTestSuite.java
index 4b90694..c80db0d 100644
--- a/src/cz/crcs/ectester/reader/test/CardTwistTestSuite.java
+++ b/src/cz/crcs/ectester/reader/test/CardTwistTestSuite.java
@@ -48,7 +48,7 @@ public class CardTwistTestSuite extends CardTestSuite {
 
             List<Test> ecdhTests = new LinkedList<>();
             for (EC_Key.Public pub : keys) {
-                Command ecdhCommand = new Command.ECDH_direct(this.card, ECTesterApplet.KEYPAIR_LOCAL, ECTesterApplet.EXPORT_FALSE, EC_Consts.TRANSFORMATION_NONE, ECTesterApplet.KeyAgreement_ALG_EC_SVDP_DH, pub.flatten());
+                Command ecdhCommand = new Command.ECDH_direct(this.card, ECTesterApplet.KEYPAIR_LOCAL, ECTesterApplet.EXPORT_FALSE, EC_Consts.TRANSFORMATION_NONE, EC_Consts.KeyAgreement_ALG_EC_SVDP_DH, pub.flatten());
                 ecdhTests.add(CommandTest.expect(ecdhCommand, Result.ExpectedValue.FAILURE, "Card correctly rejected point on twist.", "Card incorrectly accepted point on twist."));
             }
             Test ecdh = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Perform ECDH with public points on twist", ecdhTests.toArray(new Test[0]));
diff --git a/src/cz/crcs/ectester/reader/test/CardWrongCurvesSuite.java b/src/cz/crcs/ectester/reader/test/CardWrongCurvesSuite.java
index 5d58be1..429b047 100644
--- a/src/cz/crcs/ectester/reader/test/CardWrongCurvesSuite.java
+++ b/src/cz/crcs/ectester/reader/test/CardWrongCurvesSuite.java
@@ -146,8 +146,8 @@ public class CardWrongCurvesSuite extends CardTestSuite {
         Test setup = runTest(CommandTest.expect(setupCmd, Result.ExpectedValue.FAILURE));
         Test generate = runTest(CommandTest.expect(new Command.Generate(this.card, ECTesterApplet.KEYPAIR_BOTH), Result.ExpectedValue.FAILURE));
         Test preparePhase = runTest(CompoundTest.any(Result.ExpectedValue.SUCCESS, prepareDesc, setup, generate));
-        Test allocateECDH = runTest(CommandTest.expect(new Command.AllocateKeyAgreement(this.card, ECTesterApplet.KeyAgreement_ALG_EC_SVDP_DH), Result.ExpectedValue.SUCCESS));
-        Test ecdh = runTest(CommandTest.expect(new Command.ECDH(this.card, ECTesterApplet.KEYPAIR_LOCAL, ECTesterApplet.KEYPAIR_REMOTE, ECTesterApplet.EXPORT_FALSE, EC_Consts.TRANSFORMATION_NONE, ECTesterApplet.KeyAgreement_ALG_EC_SVDP_DH), Result.ExpectedValue.FAILURE));
+        Test allocateECDH = runTest(CommandTest.expect(new Command.AllocateKeyAgreement(this.card, EC_Consts.KeyAgreement_ALG_EC_SVDP_DH), Result.ExpectedValue.SUCCESS));
+        Test ecdh = runTest(CommandTest.expect(new Command.ECDH(this.card, ECTesterApplet.KEYPAIR_LOCAL, ECTesterApplet.KEYPAIR_REMOTE, ECTesterApplet.EXPORT_FALSE, EC_Consts.TRANSFORMATION_NONE, EC_Consts.KeyAgreement_ALG_EC_SVDP_DH), Result.ExpectedValue.FAILURE));
         return runTest(CompoundTest.all(Result.ExpectedValue.SUCCESS, fullDesc, preparePhase, allocateECDH, ecdh));
     }
 }