diff options
Diffstat (limited to 'src')
15 files changed, 134 insertions, 135 deletions
diff --git a/src/cz/crcs/ectester/applet/ECKeyGenerator.java b/src/cz/crcs/ectester/applet/ECKeyGenerator.java index 244bdba..9150248 100644 --- a/src/cz/crcs/ectester/applet/ECKeyGenerator.java +++ b/src/cz/crcs/ectester/applet/ECKeyGenerator.java @@ -139,38 +139,38 @@ public class ECKeyGenerator { /** * @param keypair - * @param corruptParams - * @param corruption + * @param params + * @param transformation * @param buffer * @param offset * @return */ - public short corruptCurve(KeyPair keypair, short corruptParams, short corruption, byte[] buffer, short offset) { - return corruptCurve(keypair, EC_Consts.KEY_BOTH, corruptParams, corruption, buffer, offset); + public short transformCurve(KeyPair keypair, short params, short transformation, byte[] buffer, short offset) { + return transformCurve(keypair, EC_Consts.KEY_BOTH, params, transformation, buffer, offset); } /** * @param keypair * @param key - * @param corruptParams - * @param corruption + * @param params + * @param transformation * @param buffer * @param offset * @return */ - public short corruptCurve(KeyPair keypair, byte key, short corruptParams, short corruption, byte[] buffer, short offset) { + public short transformCurve(KeyPair keypair, byte key, short params, short transformation, byte[] buffer, short offset) { sw = ISO7816.SW_NO_ERROR; - if (corruptParams == EC_Consts.PARAMETERS_NONE) { + if (params == EC_Consts.PARAMETERS_NONE) { return sw; } //go through param bit by bit, and invalidate all selected params short paramMask = EC_Consts.PARAMETER_FP; while (paramMask <= EC_Consts.PARAMETER_S) { - short masked = (short) (paramMask & corruptParams); + short masked = (short) (paramMask & params); if (masked != 0) { short length = exportParameter(keypair, key, masked, buffer, offset); - length = EC_Consts.corruptParameter(corruption, buffer, offset, length); + length = EC_Consts.transformParameter(transformation, buffer, offset, length); sw = setParameter(keypair, key, masked, buffer, offset, length); if (sw != ISO7816.SW_NO_ERROR) break; } diff --git a/src/cz/crcs/ectester/applet/ECKeyTester.java b/src/cz/crcs/ectester/applet/ECKeyTester.java index 36515ef..27bb9e1 100644 --- a/src/cz/crcs/ectester/applet/ECKeyTester.java +++ b/src/cz/crcs/ectester/applet/ECKeyTester.java @@ -52,10 +52,10 @@ public class ECKeyTester { * @param pubkeyOffset offset into pubkeyBuffer that can be used for the public key * @param outputBuffer buffer to be used for the secret output * @param outputOffset offset into the outputBuffer - * @param corruption (EC_Consts.CORRUPTION_* | ...) + * @param transformation (EC_Consts.TRANSFORMATION_* | ...) * @return derived secret length **/ - public short testKA(KeyPair privatePair, KeyPair publicPair, byte[] pubkeyBuffer, short pubkeyOffset, byte[] outputBuffer, short outputOffset, short corruption) { + public short testKA(KeyPair privatePair, KeyPair publicPair, byte[] pubkeyBuffer, short pubkeyOffset, byte[] outputBuffer, short outputOffset, short transformation) { short length = 0; try { sw = AppletUtil.kaCheck(ecKeyAgreement); @@ -64,7 +64,7 @@ public class ECKeyTester { short pubkeyLength = ((ECPublicKey) publicPair.getPublic()).getW(pubkeyBuffer, pubkeyOffset); ecKeyAgreement.init(privatePair.getPrivate()); - pubkeyLength = EC_Consts.corruptParameter(corruption, pubkeyBuffer, pubkeyOffset, pubkeyLength); + pubkeyLength = EC_Consts.transformParameter(transformation, pubkeyBuffer, pubkeyOffset, pubkeyLength); length = ecKeyAgreement.generateSecret(pubkeyBuffer, pubkeyOffset, pubkeyLength, outputBuffer, outputOffset); } catch (CardRuntimeException ce) { sw = ce.getReason(); @@ -79,17 +79,17 @@ public class ECKeyTester { * @param pubkeyLength * @param outpuBuffer * @param outputOffset - * @param corruption + * @param transformation * @return */ - public short testKA_direct(KeyPair privatePair, byte[] pubkey, short pubkeyOffset, short pubkeyLength, byte[] outpuBuffer, short outputOffset, short corruption) { + public short testKA_direct(KeyPair privatePair, byte[] pubkey, short pubkeyOffset, short pubkeyLength, byte[] outpuBuffer, short outputOffset, short transformation) { short length = 0; try { sw = AppletUtil.kaCheck(ecKeyAgreement); sw = AppletUtil.keypairCheck(privatePair); ecKeyAgreement.init(privatePair.getPrivate()); - pubkeyLength = EC_Consts.corruptParameter(corruption, pubkey, pubkeyOffset, pubkeyLength); + pubkeyLength = EC_Consts.transformParameter(transformation, pubkey, pubkeyOffset, pubkeyLength); length = ecKeyAgreement.generateSecret(pubkey, pubkeyOffset, pubkeyLength, outpuBuffer, outputOffset); } catch (CardRuntimeException ce) { sw = ce.getReason(); diff --git a/src/cz/crcs/ectester/applet/ECTesterApplet.java b/src/cz/crcs/ectester/applet/ECTesterApplet.java index e34e52c..18c4d1f 100644 --- a/src/cz/crcs/ectester/applet/ECTesterApplet.java +++ b/src/cz/crcs/ectester/applet/ECTesterApplet.java @@ -45,7 +45,7 @@ public class ECTesterApplet extends Applet implements ExtendedLength { public static final byte INS_ALLOCATE = (byte) 0x5a; public static final byte INS_CLEAR = (byte) 0x5b; public static final byte INS_SET = (byte) 0x5c; - public static final byte INS_CORRUPT = (byte) 0x5d; + public static final byte INS_TRANSFORM = (byte) 0x5d; public static final byte INS_GENERATE = (byte) 0x5e; public static final byte INS_EXPORT = (byte) 0x5f; public static final byte INS_ECDH = (byte) 0x70; @@ -185,8 +185,8 @@ public class ECTesterApplet extends Applet implements ExtendedLength { case INS_SET: length = insSet(apdu); break; - case INS_CORRUPT: - length = insCorrupt(apdu); + case INS_TRANSFORM: + length = insTransform(apdu); break; case INS_GENERATE: length = insGenerate(apdu); @@ -344,29 +344,29 @@ public class ECTesterApplet extends Applet implements ExtendedLength { } /** - * Corrupts curve paramaters of local and remote keyPairs. - * returns corruptCurve SWs + * Transforms curve paramaters of local and remote keyPairs. + * returns transformCurve SWs * * @param apdu P1 = byte keyPair (KEYPAIR_* | ...) * P2 = byte key (EC_Consts.KEY_* | ...) * DATA = short params (EC_Consts.PARAMETER_* | ...) - * short corruption (EC_Consts.CORRUPTION_* || ...) + * short transformation (EC_Consts.TRANSFORMATION_* || ...) * @return length of response */ - private short insCorrupt(APDU apdu) { + private short insTransform(APDU apdu) { byte keyPair = apduArray[ISO7816.OFFSET_P1]; byte key = apduArray[ISO7816.OFFSET_P2]; short cdata = apdu.getOffsetCdata(); short params = Util.getShort(apduArray, cdata); - short corruption = Util.getShort(apduArray, (short) (cdata + 2)); + short transformation = Util.getShort(apduArray, (short) (cdata + 2)); short len = 0; if ((keyPair & KEYPAIR_LOCAL) != 0) { - len += corrupt(localKeypair, key, params, corruption, apdu.getBuffer(), (short) 0); + len += transform(localKeypair, key, params, transformation, apdu.getBuffer(), (short) 0); } if ((keyPair & KEYPAIR_REMOTE) != 0) { - len += corrupt(remoteKeypair, key, params, corruption, apdu.getBuffer(), len); + len += transform(remoteKeypair, key, params, transformation, apdu.getBuffer(), len); } return len; @@ -429,7 +429,7 @@ public class ECTesterApplet extends Applet implements ExtendedLength { * @param apdu P1 = byte pubkey (KEYPAIR_*) * P2 = byte privkey (KEYPAIR_*) * DATA = byte export (EXPORT_TRUE || EXPORT_FALSE) - * short corruption (EC_Consts.CORRUPTION_* | ...) + * short transformation (EC_Consts.TRANSFORMATION_* | ...) * byte type (EC_Consts.KA_* | ...) * @return length of response */ @@ -438,10 +438,10 @@ public class ECTesterApplet extends Applet implements ExtendedLength { byte privkey = apduArray[ISO7816.OFFSET_P2]; short cdata = apdu.getOffsetCdata(); byte export = apduArray[cdata]; - short corruption = Util.getShort(apduArray, (short) (cdata + 1)); + short transformation = Util.getShort(apduArray, (short) (cdata + 1)); byte type = apduArray[(short) (cdata + 3)]; - return ecdh(pubkey, privkey, export, corruption, type, apdu.getBuffer(), (short) 0); + return ecdh(pubkey, privkey, export, transformation, type, apdu.getBuffer(), (short) 0); } /** @@ -449,7 +449,7 @@ public class ECTesterApplet extends Applet implements ExtendedLength { * * @param apdu P1 = byte privkey (KEYPAIR_*) * P2 = byte export (EXPORT_TRUE || EXPORT_FALSE) - * DATA = short corruption (EC_Consts.CORRUPTION_* | ...) + * DATA = short transformation (EC_Consts.TRANSFORMATION_* | ...) * byte type (EC_Consts.KA_* | ...) * short length * byte[] pubkey @@ -459,11 +459,11 @@ public class ECTesterApplet extends Applet implements ExtendedLength { byte privkey = apduArray[ISO7816.OFFSET_P1]; byte export = apduArray[ISO7816.OFFSET_P2]; short cdata = apdu.getOffsetCdata(); - short corruption = Util.getShort(apduArray, cdata); + short transformation = Util.getShort(apduArray, cdata); byte type = apduArray[(short) (cdata + 2)]; short length = Util.getShort(apduArray, (short) (cdata + 3)); - return ecdh_direct(privkey, export, corruption, type, (short) (cdata + 5), length, apdu.getBuffer(), (short) 0); + return ecdh_direct(privkey, export, transformation, type, (short) (cdata + 5), length, apdu.getBuffer(), (short) 0); } /** @@ -576,16 +576,16 @@ public class ECTesterApplet extends Applet implements ExtendedLength { } /** - * @param keyPair KeyPair to corrupt - * @param key key to corrupt (EC_Consts.KEY_* | ...) - * @param params parameters to corrupt (EC_Consts.PARAMETER_* | ...) - * @param corruption corruption type (EC_Consts.CORRUPTION_*) + * @param keyPair KeyPair to transform + * @param key key to transform (EC_Consts.KEY_* | ...) + * @param params parameters to transform (EC_Consts.PARAMETER_* | ...) + * @param transformation transformation type (EC_Consts.TRANSFORMATION_*) * @param outBuffer buffer to output sw to * @param outOffset output offset in buffer * @return length of data written to the buffer */ - private short corrupt(KeyPair keyPair, byte key, short params, short corruption, byte[] outBuffer, short outOffset) { - short sw = keyGenerator.corruptCurve(keyPair, key, params, corruption, ramArray, (short) 0); + private short transform(KeyPair keyPair, byte key, short params, short transformation, byte[] outBuffer, short outOffset) { + short sw = keyGenerator.transformCurve(keyPair, key, params, transformation, ramArray, (short) 0); Util.setShort(outBuffer, outOffset, sw); return 2; } @@ -635,13 +635,13 @@ public class ECTesterApplet extends Applet implements ExtendedLength { * @param pubkey keyPair to use for public key, (KEYPAIR_LOCAL || KEYPAIR_REMOTE) * @param privkey keyPair to use for private key, (KEYPAIR_LOCAL || KEYPAIR_REMOTE) * @param export whether to export ECDH secret - * @param corruption whether to invalidate the pubkey before ECDH + * @param transformation whether to transform the pubkey before ECDH * @param type KeyAgreement type to test * @param outBuffer buffer to write sw to, and export ECDH secret {@code if(export == EXPORT_TRUE)} * @param outOffset output offset in buffer * @return length of data written to the buffer */ - private short ecdh(byte pubkey, byte privkey, byte export, short corruption, byte type, byte[] outBuffer, short outOffset) { + private short ecdh(byte pubkey, byte privkey, byte export, short transformation, byte type, byte[] outBuffer, short outOffset) { short length = 0; KeyPair pub = ((pubkey & KEYPAIR_LOCAL) != 0) ? localKeypair : remoteKeypair; @@ -649,11 +649,11 @@ public class ECTesterApplet extends Applet implements ExtendedLength { short secretLength = 0; if (keyTester.getKaType() == type) { - secretLength = keyTester.testKA(priv, pub, ramArray, (short) 0, ramArray2, (short) 0, corruption); + secretLength = keyTester.testKA(priv, pub, ramArray, (short) 0, ramArray2, (short) 0, transformation); } else { short allocateSW = keyTester.allocateKA(type); if (allocateSW == ISO7816.SW_NO_ERROR) { - secretLength = keyTester.testKA(priv, pub, ramArray, (short) 0, ramArray2, (short) 0, corruption); + secretLength = keyTester.testKA(priv, pub, ramArray, (short) 0, ramArray2, (short) 0, transformation); } } Util.setShort(outBuffer, outOffset, keyTester.getSW()); @@ -669,18 +669,18 @@ public class ECTesterApplet extends Applet implements ExtendedLength { return length; } - private short ecdh_direct(byte privkey, byte export, short corruption, byte type, short keyOffset, short keyLength, byte[] outBuffer, short outOffset) { + private short ecdh_direct(byte privkey, byte export, short transformation, byte type, short keyOffset, short keyLength, byte[] outBuffer, short outOffset) { short length = 0; KeyPair priv = ((privkey & KEYPAIR_LOCAL) != 0) ? localKeypair : remoteKeypair; short secretLength = 0; if (keyTester.getKaType() == type) { - secretLength = keyTester.testKA_direct(priv, apduArray, keyOffset, keyLength, ramArray2, (short) 0, corruption); + secretLength = keyTester.testKA_direct(priv, apduArray, keyOffset, keyLength, ramArray2, (short) 0, transformation); } else { short allocateSW = keyTester.allocateKA(type); if (allocateSW == ISO7816.SW_NO_ERROR) { - secretLength = keyTester.testKA_direct(priv, apduArray, keyOffset, keyLength, ramArray2, (short) 0, corruption); + secretLength = keyTester.testKA_direct(priv, apduArray, keyOffset, keyLength, ramArray2, (short) 0, transformation); } } diff --git a/src/cz/crcs/ectester/applet/EC_Consts.java b/src/cz/crcs/ectester/applet/EC_Consts.java index 008269a..5b3c74c 100644 --- a/src/cz/crcs/ectester/applet/EC_Consts.java +++ b/src/cz/crcs/ectester/applet/EC_Consts.java @@ -981,17 +981,17 @@ public class EC_Consts { public static final short EC571_F2M_K = 2; - // getCorruptCurveParameter PARAMETER_CORRUPTION TYPES - public static final short CORRUPTION_NONE = (short) 0x00; - public static final short CORRUPTION_FIXED = (short) 0x01; - public static final short CORRUPTION_FULLRANDOM = (short) 0x02; - public static final short CORRUPTION_ONEBYTERANDOM = (short) 0x04; - public static final short CORRUPTION_ZERO = (short) 0x08; - public static final short CORRUPTION_ONE = (short) 0x10; - public static final short CORRUPTION_MAX = (short) 0x20; - public static final short CORRUPTION_INCREMENT = (short) 0x40; - public static final short CORRUPTION_INFINITY = (short) 0x80; - public static final short CORRUPTION_COMPRESS = (short) 0x0100; + // transformParameter TRANSFORMATION types + public static final short TRANSFORMATION_NONE = (short) 0x00; + public static final short TRANSFORMATION_FIXED = (short) 0x01; + public static final short TRANSFORMATION_FULLRANDOM = (short) 0x02; + public static final short TRANSFORMATION_ONEBYTERANDOM = (short) 0x04; + public static final short TRANSFORMATION_ZERO = (short) 0x08; + public static final short TRANSFORMATION_ONE = (short) 0x10; + public static final short TRANSFORMATION_MAX = (short) 0x20; + public static final short TRANSFORMATION_INCREMENT = (short) 0x40; + public static final short TRANSFORMATION_INFINITY = (short) 0x80; + public static final short TRANSFORMATION_COMPRESS = (short) 0x0100; // toX962 FORM types public static final byte X962_UNCOMPRESSED = (byte) 0x00; @@ -1307,27 +1307,27 @@ public class EC_Consts { return length; } - public static short corruptParameter(short corruption, byte[] buffer, short offset, short length) { - if (corruption == CORRUPTION_NONE) { + public static short transformParameter(short transformation, byte[] buffer, short offset, short length) { + if (transformation == TRANSFORMATION_NONE) { return length; } - short corruptionMask = CORRUPTION_FIXED; - while (corruptionMask <= CORRUPTION_COMPRESS) { - short corruptionPart = (short) (corruptionMask & corruption); - switch (corruptionPart) { + short transformationMask = TRANSFORMATION_FIXED; + while (transformationMask <= TRANSFORMATION_COMPRESS) { + short transformationPart = (short) (transformationMask & transformation); + switch (transformationPart) { case (short) 0: break; - case CORRUPTION_FIXED: + case TRANSFORMATION_FIXED: if (length >= 1) { buffer[offset] = (byte) 0xcc; buffer[(short) (offset + length - 1)] = (byte) 0xcc; } break; - case CORRUPTION_FULLRANDOM: + case TRANSFORMATION_FULLRANDOM: randomData.generateData(buffer, offset, length); break; - case CORRUPTION_ONEBYTERANDOM: + case TRANSFORMATION_ONEBYTERANDOM: short first = Util.getShort(buffer, (short) 0); // save first two bytes randomData.generateData(buffer, (short) 0, (short) 2); // generate position @@ -1345,17 +1345,17 @@ public class EC_Consts { randomData.generateData(buffer, rngPos, (short) 1); } while (original == buffer[rngPos]); break; - case CORRUPTION_ZERO: + case TRANSFORMATION_ZERO: Util.arrayFillNonAtomic(buffer, offset, length, (byte) 0); break; - case CORRUPTION_ONE: + case TRANSFORMATION_ONE: Util.arrayFillNonAtomic(buffer, offset, length, (byte) 0); buffer[(short) (offset + length)] = (byte) 1; break; - case CORRUPTION_MAX: + case TRANSFORMATION_MAX: Util.arrayFillNonAtomic(buffer, offset, length, (byte) 1); break; - case CORRUPTION_INCREMENT: + case TRANSFORMATION_INCREMENT: short index = (short) (offset + length - 1); byte value; do { @@ -1363,11 +1363,11 @@ public class EC_Consts { buffer[index--] = ++value; } while (value == (byte) 0 && index >= offset); break; - case CORRUPTION_INFINITY: + case TRANSFORMATION_INFINITY: Util.arrayFillNonAtomic(buffer, offset, length, (byte) 0); length = 1; break; - case CORRUPTION_COMPRESS: + case TRANSFORMATION_COMPRESS: if ((short) (length % 2) != 1) { // an uncompressed point should have odd length (since 1 byte type, + 2 * coords) ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); @@ -1387,7 +1387,7 @@ public class EC_Consts { default: ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); } - corruptionMask = (short) (corruptionMask << 1); + transformationMask = (short) (transformationMask << 1); } return length; } diff --git a/src/cz/crcs/ectester/common/util/CardUtil.java b/src/cz/crcs/ectester/common/util/CardUtil.java index 1349879..3df5829 100644 --- a/src/cz/crcs/ectester/common/util/CardUtil.java +++ b/src/cz/crcs/ectester/common/util/CardUtil.java @@ -179,27 +179,27 @@ public class CardUtil { } } - public static String getCorruption(short corruptionType) { - switch (corruptionType) { - case EC_Consts.CORRUPTION_NONE: + public static String getTransformation(short transformationType) { + switch (transformationType) { + case EC_Consts.TRANSFORMATION_NONE: return "NONE"; - case EC_Consts.CORRUPTION_FIXED: + case EC_Consts.TRANSFORMATION_FIXED: return "FIXED"; - case EC_Consts.CORRUPTION_ONE: + case EC_Consts.TRANSFORMATION_ONE: return "ONE"; - case EC_Consts.CORRUPTION_ZERO: + case EC_Consts.TRANSFORMATION_ZERO: return "ZERO"; - case EC_Consts.CORRUPTION_ONEBYTERANDOM: + case EC_Consts.TRANSFORMATION_ONEBYTERANDOM: return "ONE_BYTE_RANDOM"; - case EC_Consts.CORRUPTION_FULLRANDOM: + case EC_Consts.TRANSFORMATION_FULLRANDOM: return "FULL_RANDOM"; - case EC_Consts.CORRUPTION_INCREMENT: + case EC_Consts.TRANSFORMATION_INCREMENT: return "INCREMENT"; - case EC_Consts.CORRUPTION_INFINITY: + case EC_Consts.TRANSFORMATION_INFINITY: return "INFINITY"; - case EC_Consts.CORRUPTION_COMPRESS: + case EC_Consts.TRANSFORMATION_COMPRESS: return "COMPRESSED"; - case EC_Consts.CORRUPTION_MAX: + case EC_Consts.TRANSFORMATION_MAX: return "MAX"; default: return "unknown"; diff --git a/src/cz/crcs/ectester/reader/ECTesterReader.java b/src/cz/crcs/ectester/reader/ECTesterReader.java index 1e8b8a4..302df84 100644 --- a/src/cz/crcs/ectester/reader/ECTesterReader.java +++ b/src/cz/crcs/ectester/reader/ECTesterReader.java @@ -488,7 +488,7 @@ public class ECTesterReader { byte pubkey_bytes[] = export.getParameter(pubkey, EC_Consts.PARAMETER_W); byte privkey_bytes[] = export.getParameter(privkey, EC_Consts.PARAMETER_S); - Response.ECDH perform = new Command.ECDH(cardManager, pubkey, privkey, ECTesterApplet.EXPORT_TRUE, EC_Consts.CORRUPTION_NONE, cfg.ECKAType).send(); + Response.ECDH perform = new Command.ECDH(cardManager, pubkey, privkey, ECTesterApplet.EXPORT_TRUE, EC_Consts.TRANSFORMATION_NONE, cfg.ECKAType).send(); ecdh.add(perform); for (Response r : ecdh) { respWriter.outputResponse(r); diff --git a/src/cz/crcs/ectester/reader/command/Command.java b/src/cz/crcs/ectester/reader/command/Command.java index 5e025d8..25b41dd 100644 --- a/src/cz/crcs/ectester/reader/command/Command.java +++ b/src/cz/crcs/ectester/reader/command/Command.java @@ -405,44 +405,44 @@ public abstract class Command { /** * */ - public static class Corrupt extends Command { + public static class Transform extends Command { private byte keyPair; private byte key; private short params; - private short corruption; + private short transformation; /** * @param cardManager cardManager to send APDU through - * @param keyPair which keyPair to corrupt, local/remote (KEYPAIR_* || ...) - * @param key key to corrupt (EC_Consts.KEY_* | ...) - * @param params parameters to corrupt (EC_Consts.PARAMETER_* | ...) - * @param corruption corruption type (EC_Consts.CORRUPTION_*) + * @param keyPair which keyPair to transform, local/remote (KEYPAIR_* || ...) + * @param key key to transform (EC_Consts.KEY_* | ...) + * @param params parameters to transform (EC_Consts.PARAMETER_* | ...) + * @param transformation transformation type (EC_Consts.TRANSFORMATION_*) */ - public Corrupt(CardMngr cardManager, byte keyPair, byte key, short params, short corruption) { + public Transform(CardMngr cardManager, byte keyPair, byte key, short params, short transformation) { super(cardManager); this.keyPair = keyPair; this.key = key; this.params = params; - this.corruption = corruption; + this.transformation = transformation; byte[] data = new byte[4]; ByteUtil.setShort(data, 0, params); - ByteUtil.setShort(data, 2, corruption); + ByteUtil.setShort(data, 2, transformation); - this.cmd = new CommandAPDU(ECTesterApplet.CLA_ECTESTERAPPLET, ECTesterApplet.INS_CORRUPT, keyPair, key, data); + this.cmd = new CommandAPDU(ECTesterApplet.CLA_ECTESTERAPPLET, ECTesterApplet.INS_TRANSFORM, keyPair, key, data); } @Override - public Response.Corrupt send() throws CardException { + public Response.Transform send() throws CardException { long elapsed = -System.nanoTime(); ResponseAPDU response = cardManager.send(cmd); elapsed += System.nanoTime(); - return new Response.Corrupt(response, getDescription(), elapsed, keyPair, key, params, corruption); + return new Response.Transform(response, getDescription(), elapsed, keyPair, key, params, transformation); } @Override public String getDescription() { - String corrupt = CardUtil.getCorruption(corruption); + String transform = CardUtil.getTransformation(transformation); String pair; if (keyPair == ECTesterApplet.KEYPAIR_BOTH) { @@ -450,7 +450,7 @@ public abstract class Command { } else { pair = ((keyPair == ECTesterApplet.KEYPAIR_LOCAL) ? "local" : "remote") + " keypair"; } - return String.format("Corrupt params of %s, %s", pair, corrupt); + return String.format("Transform params of %s, %s", pair, transform); } } @@ -556,7 +556,7 @@ public abstract class Command { private byte pubkey; private byte privkey; private byte export; - private short corruption; + private short transformation; private byte type; /** @@ -566,19 +566,19 @@ public abstract class Command { * @param pubkey keyPair to use for public key, (KEYPAIR_LOCAL || KEYPAIR_REMOTE) * @param privkey keyPair to use for private key, (KEYPAIR_LOCAL || KEYPAIR_REMOTE) * @param export whether to export ECDH secret - * @param corruption whether to invalidate the pubkey before ECDH (EC_Consts.CORRUPTION_* | ...) + * @param transformation whether to transform the pubkey before ECDH (EC_Consts.TRANSFORMATION_* | ...) * @param type ECDH algorithm type (EC_Consts.KA_* | ...) */ - public ECDH(CardMngr cardManager, byte pubkey, byte privkey, byte export, short corruption, byte type) { + public ECDH(CardMngr cardManager, byte pubkey, byte privkey, byte export, short transformation, byte type) { super(cardManager); this.pubkey = pubkey; this.privkey = privkey; this.export = export; - this.corruption = corruption; + this.transformation = transformation; this.type = type; byte[] data = new byte[]{export, 0, 0, type}; - ByteUtil.setShort(data, 1, corruption); + ByteUtil.setShort(data, 1, transformation); this.cmd = new CommandAPDU(ECTesterApplet.CLA_ECTESTERAPPLET, ECTesterApplet.INS_ECDH, pubkey, privkey, data); } @@ -588,7 +588,7 @@ public abstract class Command { long elapsed = -System.nanoTime(); ResponseAPDU response = cardManager.send(cmd); elapsed += System.nanoTime(); - return new Response.ECDH(response, getDescription(), elapsed, pubkey, privkey, export, corruption, type); + return new Response.ECDH(response, getDescription(), elapsed, pubkey, privkey, export, transformation, type); } @Override @@ -599,10 +599,10 @@ public abstract class Command { String priv = privkey == ECTesterApplet.KEYPAIR_LOCAL ? "local" : "remote"; String validity; - if (corruption == EC_Consts.CORRUPTION_NONE) { + if (transformation == EC_Consts.TRANSFORMATION_NONE) { validity = "unchanged"; } else { - validity = CardUtil.getCorruption(corruption); + validity = CardUtil.getTransformation(transformation); } return String.format("%s of %s pubkey and %s privkey(%s point)", algo, pub, priv, validity); } @@ -614,7 +614,7 @@ public abstract class Command { public static class ECDH_direct extends Command { private byte privkey; private byte export; - private short corruption; + private short transformation; private byte type; private byte[] pubkey; @@ -624,20 +624,20 @@ public abstract class Command { * @param cardManager cardManager to send APDU through * @param privkey keyPair to use for private key, (KEYPAIR_LOCAL || KEYPAIR_REMOTE) * @param export whether to export ECDH secret - * @param corruption whether to invalidate the pubkey before ECDH (EC_Consts.CORRUPTION_* | ...) + * @param transformation whether to transform the pubkey before ECDH (EC_Consts.TRANSFORMATION_* | ...) * @param type EC KeyAgreement type * @param pubkey pubkey data to do ECDH with. */ - public ECDH_direct(CardMngr cardManager, byte privkey, byte export, short corruption, byte type, byte[] pubkey) { + public ECDH_direct(CardMngr cardManager, byte privkey, byte export, short transformation, byte type, byte[] pubkey) { super(cardManager); this.privkey = privkey; this.export = export; - this.corruption = corruption; + this.transformation = transformation; this.type = type; this.pubkey = pubkey; byte[] data = new byte[3 + pubkey.length]; - ByteUtil.setShort(data, 0, corruption); + ByteUtil.setShort(data, 0, transformation); data[2] = type; System.arraycopy(pubkey, 0, data, 3, pubkey.length); @@ -649,7 +649,7 @@ public abstract class Command { long elapsed = -System.nanoTime(); ResponseAPDU response = cardManager.send(cmd); elapsed += System.nanoTime(); - return new Response.ECDH(response, getDescription(), elapsed, ECTesterApplet.KEYPAIR_REMOTE, privkey, export, corruption, type); + return new Response.ECDH(response, getDescription(), elapsed, ECTesterApplet.KEYPAIR_REMOTE, privkey, export, transformation, type); } @Override @@ -659,10 +659,10 @@ public abstract class Command { String priv = privkey == ECTesterApplet.KEYPAIR_LOCAL ? "local" : "remote"; String validity; - if (corruption == EC_Consts.CORRUPTION_NONE) { + if (transformation == EC_Consts.TRANSFORMATION_NONE) { validity = "unchanged"; } else { - validity = CardUtil.getCorruption(corruption); + validity = CardUtil.getTransformation(transformation); } return String.format("%s of external pubkey and %s privkey(%s point)", algo, priv, validity); } diff --git a/src/cz/crcs/ectester/reader/response/Response.java b/src/cz/crcs/ectester/reader/response/Response.java index 5a9a458..4814e41 100644 --- a/src/cz/crcs/ectester/reader/response/Response.java +++ b/src/cz/crcs/ectester/reader/response/Response.java @@ -222,18 +222,18 @@ public abstract class Response { /** * */ - public static class Corrupt extends Response { + public static class Transform extends Response { private byte keyPair; private byte key; private short params; - private short corruption; + private short transformation; - public Corrupt(ResponseAPDU response, String description, long time, byte keyPair, byte key, short params, short corruption) { + public Transform(ResponseAPDU response, String description, long time, byte keyPair, byte key, short params, short transformation) { super(response, description, time); this.keyPair = keyPair; this.key = key; this.params = params; - this.corruption = corruption; + this.transformation = transformation; int pairs = 0; if ((keyPair & ECTesterApplet.KEYPAIR_LOCAL) != 0) pairs++; @@ -358,15 +358,15 @@ public abstract class Response { private byte pubkey; private byte privkey; private byte export; - private short corruption; + private short transformation; private byte type; - public ECDH(ResponseAPDU response, String description, long time, byte pubkey, byte privkey, byte export, short corruption, byte type) { + public ECDH(ResponseAPDU response, String description, long time, byte pubkey, byte privkey, byte export, short transformation, byte type) { super(response, description, time); this.pubkey = pubkey; this.privkey = privkey; this.export = export; - this.corruption = corruption; + this.transformation = transformation; this.type = type; parse(1, (export == ECTesterApplet.EXPORT_TRUE) ? 1 : 0); diff --git a/src/cz/crcs/ectester/reader/test/CardCofactorTestSuite.java b/src/cz/crcs/ectester/reader/test/CardCofactorTestSuite.java index fd3f0ae..a0b71a7 100644 --- a/src/cz/crcs/ectester/reader/test/CardCofactorTestSuite.java +++ b/src/cz/crcs/ectester/reader/test/CardCofactorTestSuite.java @@ -48,7 +48,7 @@ public class CardCofactorTestSuite extends CardTestSuite { List<Test> ecdhTests = new LinkedList<>(); for (EC_Key.Public pub : keys) { - Command ecdhCommand = new Command.ECDH_direct(this.card, ECTesterApplet.KEYPAIR_LOCAL, ECTesterApplet.EXPORT_FALSE, EC_Consts.CORRUPTION_NONE, ECTesterApplet.KeyAgreement_ALG_EC_SVDP_DH, pub.flatten()); + Command ecdhCommand = new Command.ECDH_direct(this.card, ECTesterApplet.KEYPAIR_LOCAL, ECTesterApplet.EXPORT_FALSE, EC_Consts.TRANSFORMATION_NONE, ECTesterApplet.KeyAgreement_ALG_EC_SVDP_DH, pub.flatten()); ecdhTests.add(CommandTest.expect(ecdhCommand, Result.ExpectedValue.FAILURE, "Card correctly rejected point on non-generator subgroup.", "Card incorrectly accepted point on non-generator subgroup.")); } Test ecdh = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Perform ECDH with public points on non-generator subgroup", ecdhTests.toArray(new Test[0])); diff --git a/src/cz/crcs/ectester/reader/test/CardCompositeCurvesSuite.java b/src/cz/crcs/ectester/reader/test/CardCompositeCurvesSuite.java index b931aad..f0eaa87 100644 --- a/src/cz/crcs/ectester/reader/test/CardCompositeCurvesSuite.java +++ b/src/cz/crcs/ectester/reader/test/CardCompositeCurvesSuite.java @@ -39,7 +39,7 @@ public class CardCompositeCurvesSuite extends CardTestSuite { Test allocate = CommandTest.expect(new Command.Allocate(this.card, ECTesterApplet.KEYPAIR_BOTH, curve.getBits(), curve.getField()), ExpectedValue.SUCCESS); Test set = CommandTest.expect(new Command.Set(this.card, ECTesterApplet.KEYPAIR_BOTH, EC_Consts.CURVE_external, curve.getParams(), curve.flatten()), ExpectedValue.ANY); Test generate = CommandTest.expect(new Command.Generate(this.card, ECTesterApplet.KEYPAIR_LOCAL), ExpectedValue.ANY); - Command ecdhCommand = new Command.ECDH_direct(this.card, ECTesterApplet.KEYPAIR_LOCAL, ECTesterApplet.EXPORT_FALSE, EC_Consts.CORRUPTION_NONE, ECTesterApplet.KeyAgreement_ALG_EC_SVDP_DH, key.flatten()); + Command ecdhCommand = new Command.ECDH_direct(this.card, ECTesterApplet.KEYPAIR_LOCAL, ECTesterApplet.EXPORT_FALSE, EC_Consts.TRANSFORMATION_NONE, ECTesterApplet.KeyAgreement_ALG_EC_SVDP_DH, key.flatten()); Test ecdh = CommandTest.expect(ecdhCommand, ExpectedValue.FAILURE, "Card correctly rejected to do ECDH over a composite order curve.", "Card incorrectly does ECDH over a composite order curve, leaks bits of private key."); doTest(CompoundTest.greedyAllTry(ExpectedValue.SUCCESS, "Composite test of " + curve.getId() + ", " + key.getDesc(), allocate, set, generate, ecdh)); diff --git a/src/cz/crcs/ectester/reader/test/CardDefaultSuite.java b/src/cz/crcs/ectester/reader/test/CardDefaultSuite.java index cb5e0c9..dd9c8c8 100644 --- a/src/cz/crcs/ectester/reader/test/CardDefaultSuite.java +++ b/src/cz/crcs/ectester/reader/test/CardDefaultSuite.java @@ -59,9 +59,9 @@ public class CardDefaultSuite extends CardTestSuite { for (byte kaType : EC_Consts.KA_TYPES) { Test allocate = runTest(CommandTest.expect(new Command.AllocateKeyAgreement(this.card, kaType), ExpectedValue.SUCCESS)); if (allocate.ok()) { - Command ecdh = new Command.ECDH(this.card, ECTesterApplet.KEYPAIR_LOCAL, ECTesterApplet.KEYPAIR_REMOTE, ECTesterApplet.EXPORT_FALSE, EC_Consts.CORRUPTION_NONE, kaType); + Command ecdh = new Command.ECDH(this.card, ECTesterApplet.KEYPAIR_LOCAL, ECTesterApplet.KEYPAIR_REMOTE, ECTesterApplet.EXPORT_FALSE, EC_Consts.TRANSFORMATION_NONE, kaType); Test ka = runTest(CommandTest.expect(ecdh, ExpectedValue.SUCCESS)); - Test kaCompressed = runTest(CommandTest.expect(new Command.ECDH(this.card, ECTesterApplet.KEYPAIR_LOCAL, ECTesterApplet.KEYPAIR_REMOTE, ECTesterApplet.EXPORT_FALSE, EC_Consts.CORRUPTION_COMPRESS, kaType), ExpectedValue.SUCCESS)); + Test kaCompressed = runTest(CommandTest.expect(new Command.ECDH(this.card, ECTesterApplet.KEYPAIR_LOCAL, ECTesterApplet.KEYPAIR_REMOTE, ECTesterApplet.EXPORT_FALSE, EC_Consts.TRANSFORMATION_COMPRESS, kaType), ExpectedValue.SUCCESS)); Test perfTest = null; if (ka.ok()) { perfTest = runTest(PerformanceTest.repeat(ecdh, 10)); diff --git a/src/cz/crcs/ectester/reader/test/CardInvalidCurvesSuite.java b/src/cz/crcs/ectester/reader/test/CardInvalidCurvesSuite.java index 0cf27ec..fab7786 100644 --- a/src/cz/crcs/ectester/reader/test/CardInvalidCurvesSuite.java +++ b/src/cz/crcs/ectester/reader/test/CardInvalidCurvesSuite.java @@ -53,7 +53,7 @@ public class CardInvalidCurvesSuite extends CardTestSuite { List<Test> ecdhTests = new LinkedList<>(); for (EC_Key.Public pub : keys) { - Command ecdhCommand = new Command.ECDH_direct(this.card, ECTesterApplet.KEYPAIR_LOCAL, ECTesterApplet.EXPORT_FALSE, EC_Consts.CORRUPTION_NONE, ECTesterApplet.KeyAgreement_ALG_EC_SVDP_DH, pub.flatten()); + Command ecdhCommand = new Command.ECDH_direct(this.card, ECTesterApplet.KEYPAIR_LOCAL, ECTesterApplet.EXPORT_FALSE, EC_Consts.TRANSFORMATION_NONE, ECTesterApplet.KeyAgreement_ALG_EC_SVDP_DH, pub.flatten()); ecdhTests.add(CommandTest.expect(ecdhCommand, ExpectedValue.FAILURE, "Card correctly rejected point on invalid curve.", "Card incorrectly accepted point on invalid curve.")); } Test ecdh = CompoundTest.all(ExpectedValue.SUCCESS, "Perform ECDH with invalid public points", ecdhTests.toArray(new Test[0])); diff --git a/src/cz/crcs/ectester/reader/test/CardTestVectorSuite.java b/src/cz/crcs/ectester/reader/test/CardTestVectorSuite.java index de267c3..9d39525 100644 --- a/src/cz/crcs/ectester/reader/test/CardTestVectorSuite.java +++ b/src/cz/crcs/ectester/reader/test/CardTestVectorSuite.java @@ -11,7 +11,6 @@ import cz.crcs.ectester.reader.CardMngr; import cz.crcs.ectester.reader.ECTesterReader; import cz.crcs.ectester.reader.command.Command; import cz.crcs.ectester.reader.response.Response; -import javacard.security.KeyPair; import java.io.IOException; import java.util.LinkedList; @@ -55,7 +54,7 @@ public class CardTestVectorSuite extends CardTestSuite { testVector.add(CommandTest.expect(new Command.Set(this.card, ECTesterApplet.KEYPAIR_BOTH, EC_Consts.CURVE_external, curve.getParams(), curve.flatten()), ExpectedValue.SUCCESS)); testVector.add(CommandTest.expect(new Command.Set(this.card, ECTesterApplet.KEYPAIR_LOCAL, EC_Consts.CURVE_external, EC_Consts.PARAMETER_S, onekey.flatten(EC_Consts.PARAMETER_S)), ExpectedValue.SUCCESS)); testVector.add(CommandTest.expect(new Command.Set(this.card, ECTesterApplet.KEYPAIR_REMOTE, EC_Consts.CURVE_external, EC_Consts.PARAMETER_W, otherkey.flatten(EC_Consts.PARAMETER_W)), ExpectedValue.SUCCESS)); - testVector.add(CommandTest.function(new Command.ECDH(this.card, ECTesterApplet.KEYPAIR_REMOTE, ECTesterApplet.KEYPAIR_LOCAL, ECTesterApplet.EXPORT_TRUE, EC_Consts.CORRUPTION_NONE, result.getJavaCardKA()), new TestCallback<CommandTestable>() { + testVector.add(CommandTest.function(new Command.ECDH(this.card, ECTesterApplet.KEYPAIR_REMOTE, ECTesterApplet.KEYPAIR_LOCAL, ECTesterApplet.EXPORT_TRUE, EC_Consts.TRANSFORMATION_NONE, result.getJavaCardKA()), new TestCallback<CommandTestable>() { @Override public Result apply(CommandTestable testable) { Response.ECDH dh = (Response.ECDH) testable.getResponse(); diff --git a/src/cz/crcs/ectester/reader/test/CardTwistTestSuite.java b/src/cz/crcs/ectester/reader/test/CardTwistTestSuite.java index fad508f..4b90694 100644 --- a/src/cz/crcs/ectester/reader/test/CardTwistTestSuite.java +++ b/src/cz/crcs/ectester/reader/test/CardTwistTestSuite.java @@ -48,7 +48,7 @@ public class CardTwistTestSuite extends CardTestSuite { List<Test> ecdhTests = new LinkedList<>(); for (EC_Key.Public pub : keys) { - Command ecdhCommand = new Command.ECDH_direct(this.card, ECTesterApplet.KEYPAIR_LOCAL, ECTesterApplet.EXPORT_FALSE, EC_Consts.CORRUPTION_NONE, ECTesterApplet.KeyAgreement_ALG_EC_SVDP_DH, pub.flatten()); + Command ecdhCommand = new Command.ECDH_direct(this.card, ECTesterApplet.KEYPAIR_LOCAL, ECTesterApplet.EXPORT_FALSE, EC_Consts.TRANSFORMATION_NONE, ECTesterApplet.KeyAgreement_ALG_EC_SVDP_DH, pub.flatten()); ecdhTests.add(CommandTest.expect(ecdhCommand, Result.ExpectedValue.FAILURE, "Card correctly rejected point on twist.", "Card incorrectly accepted point on twist.")); } Test ecdh = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Perform ECDH with public points on twist", ecdhTests.toArray(new Test[0])); diff --git a/src/cz/crcs/ectester/reader/test/CardWrongCurvesSuite.java b/src/cz/crcs/ectester/reader/test/CardWrongCurvesSuite.java index 4706bdd..5d58be1 100644 --- a/src/cz/crcs/ectester/reader/test/CardWrongCurvesSuite.java +++ b/src/cz/crcs/ectester/reader/test/CardWrongCurvesSuite.java @@ -55,7 +55,7 @@ public class CardWrongCurvesSuite extends CardTestSuite { for (byte kaType : EC_Consts.KA_TYPES) { Test allocate = runTest(CommandTest.expect(new Command.AllocateKeyAgreement(this.card, kaType), Result.ExpectedValue.SUCCESS)); if (allocate.ok()) { - Test ka = runTest(CommandTest.expect(new Command.ECDH(this.card, ECTesterApplet.KEYPAIR_LOCAL, ECTesterApplet.KEYPAIR_REMOTE, ECTesterApplet.EXPORT_FALSE, EC_Consts.CORRUPTION_NONE, kaType), Result.ExpectedValue.FAILURE)); + Test ka = runTest(CommandTest.expect(new Command.ECDH(this.card, ECTesterApplet.KEYPAIR_LOCAL, ECTesterApplet.KEYPAIR_REMOTE, ECTesterApplet.EXPORT_FALSE, EC_Consts.TRANSFORMATION_NONE, kaType), Result.ExpectedValue.FAILURE)); Test kaTest = runTest(CompoundTest.all(Result.ExpectedValue.FAILURE, "Allocate and perform KA, should fail.", allocate, ka)); tests.add(kaTest); } @@ -81,8 +81,8 @@ public class CardWrongCurvesSuite extends CardTestSuite { Test set = runTest(CommandTest.expect(new Command.Set(this.card, ECTesterApplet.KEYPAIR_BOTH, curve, EC_Consts.PARAMETERS_DOMAIN_FP, null), Result.ExpectedValue.SUCCESS)); Test setup = runTest(CompoundTest.all(Result.ExpectedValue.SUCCESS, "KeyPair setup.", key, set)); - Test prime0 = ecdhTest(new Command.Corrupt(this.card, ECTesterApplet.KEYPAIR_BOTH, EC_Consts.KEY_BOTH, EC_Consts.PARAMETER_FP, EC_Consts.CORRUPTION_ZERO), "Set p = 0.", "ECDH with p = 0."); - Test prime1 = ecdhTest(new Command.Corrupt(this.card, ECTesterApplet.KEYPAIR_BOTH, EC_Consts.KEY_BOTH, EC_Consts.PARAMETER_FP, EC_Consts.CORRUPTION_ONE), "Set p = 1.", "ECDH with p = 1."); + Test prime0 = ecdhTest(new Command.Transform(this.card, ECTesterApplet.KEYPAIR_BOTH, EC_Consts.KEY_BOTH, EC_Consts.PARAMETER_FP, EC_Consts.TRANSFORMATION_ZERO), "Set p = 0.", "ECDH with p = 0."); + Test prime1 = ecdhTest(new Command.Transform(this.card, ECTesterApplet.KEYPAIR_BOTH, EC_Consts.KEY_BOTH, EC_Consts.PARAMETER_FP, EC_Consts.TRANSFORMATION_ONE), "Set p = 1.", "ECDH with p = 1."); short keyHalf = (short) (keyLength / 2); BigInteger prime = new BigInteger(keyHalf, r); @@ -116,7 +116,7 @@ public class CardWrongCurvesSuite extends CardTestSuite { Test set = runTest(CommandTest.expect(new Command.Set(this.card, ECTesterApplet.KEYPAIR_BOTH, curve, EC_Consts.PARAMETERS_DOMAIN_F2M, null), Result.ExpectedValue.SUCCESS)); Test setup = runTest(CompoundTest.all(Result.ExpectedValue.SUCCESS, "KeyPair setup.", key, set)); - Test coeff0 = ecdhTest(new Command.Corrupt(this.card, ECTesterApplet.KEYPAIR_BOTH, EC_Consts.KEY_BOTH, EC_Consts.PARAMETER_F2M, EC_Consts.CORRUPTION_ZERO), "Set e1 = e2 = e3 = 0.", "ECDH with wrong field polynomial: x^" + keyLength); + Test coeff0 = ecdhTest(new Command.Transform(this.card, ECTesterApplet.KEYPAIR_BOTH, EC_Consts.KEY_BOTH, EC_Consts.PARAMETER_F2M, EC_Consts.TRANSFORMATION_ZERO), "Set e1 = e2 = e3 = 0.", "ECDH with wrong field polynomial: x^" + keyLength); short e1 = (short) (2 * keyLength); short e2 = (short) (3 * keyLength); @@ -147,7 +147,7 @@ public class CardWrongCurvesSuite extends CardTestSuite { Test generate = runTest(CommandTest.expect(new Command.Generate(this.card, ECTesterApplet.KEYPAIR_BOTH), Result.ExpectedValue.FAILURE)); Test preparePhase = runTest(CompoundTest.any(Result.ExpectedValue.SUCCESS, prepareDesc, setup, generate)); Test allocateECDH = runTest(CommandTest.expect(new Command.AllocateKeyAgreement(this.card, ECTesterApplet.KeyAgreement_ALG_EC_SVDP_DH), Result.ExpectedValue.SUCCESS)); - Test ecdh = runTest(CommandTest.expect(new Command.ECDH(this.card, ECTesterApplet.KEYPAIR_LOCAL, ECTesterApplet.KEYPAIR_REMOTE, ECTesterApplet.EXPORT_FALSE, EC_Consts.CORRUPTION_NONE, ECTesterApplet.KeyAgreement_ALG_EC_SVDP_DH), Result.ExpectedValue.FAILURE)); + Test ecdh = runTest(CommandTest.expect(new Command.ECDH(this.card, ECTesterApplet.KEYPAIR_LOCAL, ECTesterApplet.KEYPAIR_REMOTE, ECTesterApplet.EXPORT_FALSE, EC_Consts.TRANSFORMATION_NONE, ECTesterApplet.KeyAgreement_ALG_EC_SVDP_DH), Result.ExpectedValue.FAILURE)); return runTest(CompoundTest.all(Result.ExpectedValue.SUCCESS, fullDesc, preparePhase, allocateECDH, ecdh)); } } |