From 8d21a87b25550215a4c59ff4ef8d32e2f0736b3f Mon Sep 17 00:00:00 2001 From: J08nY Date: Sun, 29 Jul 2018 14:07:04 +0200 Subject: Update docs on Standalone testing. --- README.md | 78 ++++++++++++++-------- .../ectester/standalone/ECTesterStandalone.java | 2 +- 2 files changed, 53 insertions(+), 27 deletions(-) diff --git a/README.md b/README.md index 7121027..b18ebbd 100644 --- a/README.md +++ b/README.md @@ -231,6 +231,11 @@ For more information on ECC libraries see [LIBS](docs/LIBS.md). ### Setup +OpenJDK JRE is required to test ECDH on Windows properly, as Oracle JRE requires the Java Cryptography Providers +for certain classes (such as a [KeyAgreement](https://docs.oracle.com/javase/8/docs/api/javax/crypto/KeyAgreement.html)) +to be signed by keys that are signed by their JCA Code Signing Authority. ECTester internally uses Java Cryptography Provider +API to expose and test native libraries. OpenJDK for Windows can be obtained from [ojdkbuild/ojdkbuild](https://github.com/ojdkbuild/ojdkbuild). + Installing the Java Cryptography Extension Unlimited Strength policy files is necessary to do testing with quite a lot of practical key sizes, they are available for download: @@ -243,49 +248,70 @@ To install, place them in `${java.home}/jre/lib/security/`. ### Options ``` -usage: ECTesterStandalone.jar [-V] [-h] [ (ecdh [-t ] [-n ] [-b ] [-nc ]) | -(ecdsa [-t ] [-n ] [-b ] [-nc ] [-f ]) | -(export [-t ] [-b ]) | (generate [-nc ] [-n ] [-t -] [-b ]) | (list-data [what]) | (list-libs) | (test [-gt ] -[-kt ] [-st ] [-b ] [-nc ]) ] [lib] - - -V,--version Print version info. - -h,--help Print help. - [lib] What library to use. - - ecdh: +usage: ECTesterStandalone.jar [-V] [-h] [-C] + [ (ecdh [-b ] [-nc ] [-cn ] [-t ] [--key-type ] [-n ]) | + (ecdsa [-b ] [-nc ] [-cn ] [-t ] [-n ] [-f ]) | + (export [-b ] [-t ]) | + (generate [-b ] [-nc ] [-cn ] [-n ] [-t ]) | + (list-data [what]) | + (list-libs) | + (list-suites) | + (test [-b ] [-nc ] [-cn ] [-gt ] [-kt ] [-st ] [-f ] [--key-type ] + ) ] + [lib] + + ecdh: | Perform EC based KeyAgreement. | + -b,--bits What size of curve to use. + -nc,--named-curve Use a named curve, from CurveDB: + -cn,--curve-name Use a named curve, search from curves + supported by the library: -t,--type Set KeyAgreement object [type]. + --key-type Set the key [algorithm] for which the key + should be derived in KeyAgreements with + KDF. Default is "AES". -n,--amount Do ECDH [amount] times. + + ecdsa: | Perform EC based Signature. | -b,--bits What size of curve to use. -nc,--named-curve Use a named curve, from CurveDB: - - ecdsa: + -cn,--curve-name Use a named curve, search from curves + supported by the library: -t,--type Set Signature object [type]. -n,--amount Do ECDSA [amount] times. - -b,--bits What size of curve to use. - -nc,--named-curve Use a named curve, from CurveDB: -f,--file Input [file] to sign. - export: - -t,--type Set KeyPair object [type]. - -b,--bits What size of curve to use. + export: | Export default curve parameters. | + -b,--bits What size of curve to use. + -t,--type Set KeyPair object [type]. - generate: + generate: | Generate EC keypairs. | + -b,--bits What size of curve to use. -nc,--named-curve Use a named curve, from CurveDB: + -cn,--curve-name Use a named curve, search from curves + supported by the library: -n,--amount Generate [amount] of EC keys. -t,--type Set KeyPairGenerator object [type]. - -b,--bits What size of curve to use. - list-data: - [what] what to list. + list-data: | List/show contained EC domain parameters/keys. | + [what] what to list. + + list-libs: | List supported libraries. | - list-libs: + list-suites: | List supported test suites. | - test: + test: | Test a library. | + -b,--bits What size of curve to use. + -nc,--named-curve Use a named curve, from CurveDB: + -cn,--curve-name Use a named curve, search from curves + supported by the library: -gt,--kpg-type Set the KeyPairGenerator object [type]. -kt,--ka-type Set the KeyAgreement object [type]. -st,--sig-type Set the Signature object [type]. - -b,--bits What size of curve to use. - -nc,--named-curve Use a named curve, from CurveDB: + -f,--format Set the output format, one of + text,yaml,xml. + --key-type Set the key [algorithm] for which the key + should be derived in KeyAgreements with + KDF. Default is "AES". + The test suite to run. ``` diff --git a/src/cz/crcs/ectester/standalone/ECTesterStandalone.java b/src/cz/crcs/ectester/standalone/ECTesterStandalone.java index 2f132fa..31d291c 100644 --- a/src/cz/crcs/ectester/standalone/ECTesterStandalone.java +++ b/src/cz/crcs/ectester/standalone/ECTesterStandalone.java @@ -180,8 +180,8 @@ public class ECTesterStandalone { actions.put("generate", generate); Options exportOpts = new Options(); - exportOpts.addOption(Option.builder("t").longOpt("type").hasArg().argName("type").optionalArg(false).desc("Set KeyPair object [type].").build()); exportOpts.addOption(bits); + exportOpts.addOption(Option.builder("t").longOpt("type").hasArg().argName("type").optionalArg(false).desc("Set KeyPair object [type].").build()); ParserOptions export = new ParserOptions(new DefaultParser(), exportOpts, "Export default curve parameters."); actions.put("export", export); -- cgit v1.2.3-70-g09d2