From 48c54c5520382b3d2bc4899b7e2197afba976a04 Mon Sep 17 00:00:00 2001
From: J08nY
Date: Wed, 26 Oct 2016 01:12:07 +0200
Subject: refactoring ECTester: created ECKeyGenerator, ECKeyTester
---
src/applets/ECKeyGenerator.java | 179 ++++++++++++++++++++++++++++++++++++++++
1 file changed, 179 insertions(+)
create mode 100644 src/applets/ECKeyGenerator.java
(limited to 'src/applets/ECKeyGenerator.java')
diff --git a/src/applets/ECKeyGenerator.java b/src/applets/ECKeyGenerator.java
new file mode 100644
index 0000000..ff2193c
--- /dev/null
+++ b/src/applets/ECKeyGenerator.java
@@ -0,0 +1,179 @@
+package applets;
+
+import javacard.framework.ISO7816;
+import javacard.framework.Util;
+import javacard.security.CryptoException;
+import javacard.security.ECPrivateKey;
+import javacard.security.ECPublicKey;
+import javacard.security.KeyPair;
+
+/**
+ *
+ */
+public class ECKeyGenerator {
+
+ private KeyPair ecKeyPair = null;
+ private ECPrivateKey ecPrivateKey = null;
+ private ECPublicKey ecPublicKey = null;
+
+ public static final byte PARAMETER_FP = 1;
+ public static final byte PARAMETER_F2M_ONE = 2;
+ public static final byte PARAMETER_F2M_THREE = 3;
+ public static final byte PARAMETER_A = 4;
+ public static final byte PARAMETER_B = 5;
+ public static final byte PARAMETER_G = 6;
+ public static final byte PARAMETER_R = 7;
+ public static final byte PARAMETER_K = 8;
+
+ private static final byte PARAMETER_S = 9; //private key
+ private static final byte PARAMETER_W = 10;//public key
+
+ public static final byte KEY_PUBLIC = 0x1;
+ public static final byte KEY_PRIVATE = 0x2;
+ public static final byte KEY_BOTH = KEY_PUBLIC & KEY_PRIVATE;
+
+ public short allocatePair(byte algorithm, short keyLength) {
+ short result = ISO7816.SW_NO_ERROR;
+ try {
+ ecKeyPair = new KeyPair(algorithm, keyLength);
+ } catch (CryptoException ce) {
+ result = ce.getReason();
+ } catch (Exception e) {
+ result = ISO7816.SW_UNKNOWN;
+ }
+ return result;
+ }
+
+ public boolean isAlocated() {
+ return ecKeyPair != null && ecPrivateKey != null && ecPublicKey != null;
+ }
+
+ public short generatePair() {
+ short result = ISO7816.SW_NO_ERROR;
+ try {
+ ecKeyPair.genKeyPair();
+ ecPrivateKey = (ECPrivateKey) ecKeyPair.getPrivate(); //TODO, do I want to keep private and pubkey separate from the keypair?
+ ecPublicKey = (ECPublicKey) ecKeyPair.getPublic();
+ } catch (CryptoException ce) {
+ result = ce.getReason();
+ } catch (Exception e) {
+ result = ISO7816.SW_UNKNOWN;
+ }
+ return result;
+ }
+
+ public short setCustomCurve(byte keyClass, short keyLength) {
+ //TODO
+ return 0;
+ }
+
+ public short setCustomCurve(byte curve) {
+ //TODO
+ return 0;
+ }
+
+ public short setExternalParameter(byte key, byte param, byte[] data, short offset, short length) {
+ short result = ISO7816.SW_NO_ERROR;
+ try {
+ switch (param) {
+ case PARAMETER_FP:
+ if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setFieldFP(data, offset, length);
+ if ((key & KEY_PUBLIC) != 0) ecPublicKey.setFieldFP(data, offset, length);
+ break;
+ case PARAMETER_F2M_ONE:
+ if (length != 2) {
+ result = ISO7816.SW_UNKNOWN;
+ } else {
+ short i = Util.makeShort(data[offset], data[(short) (offset + 1)]);
+ if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setFieldF2M(i);
+ if ((key & KEY_PUBLIC) != 0) ecPublicKey.setFieldF2M(i);
+ }
+ break;
+ case PARAMETER_F2M_THREE:
+ if (length != 6) {
+ result = ISO7816.SW_UNKNOWN;
+ } else {
+ short i1 = Util.makeShort(data[offset], data[(short) (offset + 1)]);
+ short i2 = Util.makeShort(data[(short) (offset + 2)], data[(short) (offset + 3)]);
+ short i3 = Util.makeShort(data[(short) (offset + 4)], data[(short) (offset + 5)]);
+ if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setFieldF2M(i1, i2, i3);
+ if ((key & KEY_PUBLIC) != 0) ecPublicKey.setFieldF2M(i1, i2, i3);
+ }
+ break;
+ case PARAMETER_A:
+ if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setA(data, offset, length);
+ if ((key & KEY_PUBLIC) != 0) ecPublicKey.setA(data, offset, length);
+ break;
+ case PARAMETER_B:
+ if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setB(data, offset, length);
+ if ((key & KEY_PUBLIC) != 0) ecPublicKey.setB(data, offset, length);
+ break;
+ case PARAMETER_G:
+ if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setG(data, offset, length);
+ if ((key & KEY_PUBLIC) != 0) ecPublicKey.setG(data, offset, length);
+ break;
+ case PARAMETER_R:
+ if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setR(data, offset, length);
+ if ((key & KEY_PUBLIC) != 0) ecPublicKey.setR(data, offset, length);
+ break;
+ case PARAMETER_K:
+ if (length != 2) {
+ result = ISO7816.SW_UNKNOWN;
+ } else {
+ short k = Util.makeShort(data[offset], data[(short) (offset + 1)]);
+ if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setK(k);
+ if ((key & KEY_PUBLIC) != 0) ecPublicKey.setK(k);
+ }
+ break;
+ case PARAMETER_S:
+ if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setS(data, offset, length);
+ break;
+ case PARAMETER_W:
+ if ((key & KEY_PUBLIC) != 0) ecPublicKey.setW(data, offset, length);
+ break;
+ default:
+ result = ISO7816.SW_UNKNOWN;
+ }
+ } catch (CryptoException ce) {
+ result = ce.getReason();
+ } catch (Exception e) {
+ result = ISO7816.SW_UNKNOWN;
+ }
+ return result;
+ }
+
+ public short exportParameter(byte key, byte param, byte[] outputBuffer, short outputOffset) {
+ if (key == KEY_BOTH) {
+ return ISO7816.SW_UNKNOWN;
+ }
+ short result = ISO7816.SW_NO_ERROR;
+ try {
+ switch(param){
+ case PARAMETER_FP:
+
+ break;
+
+ default:
+
+ }
+ } catch (CryptoException ce) {
+
+ } catch (Exception e) {
+
+ }
+ //TODO
+ return result;
+ }
+
+ public ECPrivateKey getPrivateKey() {
+ return ecPrivateKey;
+ }
+
+ public ECPublicKey getPublicKey() {
+ return ecPublicKey;
+ }
+
+ public KeyPair getKeyPair() {
+ return ecKeyPair;
+ }
+}
--
cgit v1.2.3-70-g09d2
From b4d72715e7d770b4925fef70a192665744a6273d Mon Sep 17 00:00:00 2001
From: J08nY
Date: Sun, 30 Oct 2016 17:58:27 +0100
Subject: EC_Consts: added F2M curve support, + F2M curve sect163r1 to start
---
src/applets/ECKeyGenerator.java | 143 +++--
src/applets/ECKeyTester.java | 1 +
src/applets/EC_Consts.java | 1238 ++++++++++++++++++++++----------------
src/applets/SimpleECCApplet.java | 699 ++++++++-------------
src/simpleapdu/SimpleAPDU.java | 75 +--
5 files changed, 1087 insertions(+), 1069 deletions(-)
(limited to 'src/applets/ECKeyGenerator.java')
diff --git a/src/applets/ECKeyGenerator.java b/src/applets/ECKeyGenerator.java
index ff2193c..c7155de 100644
--- a/src/applets/ECKeyGenerator.java
+++ b/src/applets/ECKeyGenerator.java
@@ -16,26 +16,17 @@ public class ECKeyGenerator {
private ECPrivateKey ecPrivateKey = null;
private ECPublicKey ecPublicKey = null;
- public static final byte PARAMETER_FP = 1;
- public static final byte PARAMETER_F2M_ONE = 2;
- public static final byte PARAMETER_F2M_THREE = 3;
- public static final byte PARAMETER_A = 4;
- public static final byte PARAMETER_B = 5;
- public static final byte PARAMETER_G = 6;
- public static final byte PARAMETER_R = 7;
- public static final byte PARAMETER_K = 8;
-
- private static final byte PARAMETER_S = 9; //private key
- private static final byte PARAMETER_W = 10;//public key
-
public static final byte KEY_PUBLIC = 0x1;
public static final byte KEY_PRIVATE = 0x2;
public static final byte KEY_BOTH = KEY_PUBLIC & KEY_PRIVATE;
+
public short allocatePair(byte algorithm, short keyLength) {
short result = ISO7816.SW_NO_ERROR;
try {
ecKeyPair = new KeyPair(algorithm, keyLength);
+ ecPrivateKey = (ECPrivateKey) ecKeyPair.getPrivate();
+ ecPublicKey = (ECPublicKey) ecKeyPair.getPublic();
} catch (CryptoException ce) {
result = ce.getReason();
} catch (Exception e) {
@@ -44,7 +35,7 @@ public class ECKeyGenerator {
return result;
}
- public boolean isAlocated() {
+ public boolean isAllocated() {
return ecKeyPair != null && ecPrivateKey != null && ecPublicKey != null;
}
@@ -52,7 +43,7 @@ public class ECKeyGenerator {
short result = ISO7816.SW_NO_ERROR;
try {
ecKeyPair.genKeyPair();
- ecPrivateKey = (ECPrivateKey) ecKeyPair.getPrivate(); //TODO, do I want to keep private and pubkey separate from the keypair?
+ ecPrivateKey = (ECPrivateKey) ecKeyPair.getPrivate();
ecPublicKey = (ECPublicKey) ecKeyPair.getPublic();
} catch (CryptoException ce) {
result = ce.getReason();
@@ -62,61 +53,84 @@ public class ECKeyGenerator {
return result;
}
- public short setCustomCurve(byte keyClass, short keyLength) {
- //TODO
- return 0;
+ public short setCustomCurve(byte keyClass, short keyLength, byte[] buffer, short offset) {
+ return setCustomCurve(EC_Consts.getCurve(keyClass, keyLength), buffer, offset);
+ }
+
+ public short setCustomCurve(byte curve, byte[] buffer, short offset) {
+ byte alg = EC_Consts.getCurveType(curve);
+ short sw = ISO7816.SW_NO_ERROR;
+ short length;
+ if (alg == KeyPair.ALG_EC_FP) {
+ length = EC_Consts.getCurveParameter(curve, EC_Consts.PARAMETER_FP, buffer, offset);
+ sw = setExternalParameter(KEY_BOTH, EC_Consts.PARAMETER_FP, buffer, offset, length);
+ } else if (alg == KeyPair.ALG_EC_F2M) {
+ length = EC_Consts.getCurveParameter(curve, EC_Consts.PARAMETER_F2M, buffer, offset);
+ sw = setExternalParameter(KEY_BOTH, EC_Consts.PARAMETER_F2M, buffer, offset, length);
+ }
+ if (sw != ISO7816.SW_NO_ERROR) return sw;
+
+ for (byte param = EC_Consts.PARAMETER_A; param < EC_Consts.PARAMETER_K; ++param) {
+ length = EC_Consts.getCurveParameter(curve, param, buffer, offset);
+ sw = setExternalParameter(KEY_BOTH, param, buffer, offset, length);
+ if (sw != ISO7816.SW_NO_ERROR) break;
+ }
+ return sw;
+ }
+
+ public short setCustomInvalidCurve(short keyClass, short keyLength, byte key, byte param, short corruptionType, byte[] buffer, short offset) {
+ return setCustomInvalidCurve(EC_Consts.getCurve(keyClass, keyLength), key, param, corruptionType, buffer, offset);
}
- public short setCustomCurve(byte curve) {
- //TODO
- return 0;
+ public short setCustomInvalidCurve(byte curve, byte key, byte param, short corruptionType, byte[] buffer, short offset) {
+ short sw = setCustomCurve(curve, buffer, offset);
+ if (sw != ISO7816.SW_NO_ERROR) return sw;
+
+ short length = EC_Consts.getCorruptCurveParameter(curve, param, buffer, offset, corruptionType);
+ sw = setExternalParameter(key, param, buffer, offset, length);
+ return sw;
}
public short setExternalParameter(byte key, byte param, byte[] data, short offset, short length) {
short result = ISO7816.SW_NO_ERROR;
try {
switch (param) {
- case PARAMETER_FP:
+ case EC_Consts.PARAMETER_FP:
if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setFieldFP(data, offset, length);
if ((key & KEY_PUBLIC) != 0) ecPublicKey.setFieldFP(data, offset, length);
break;
- case PARAMETER_F2M_ONE:
- if (length != 2) {
- result = ISO7816.SW_UNKNOWN;
- } else {
+ case EC_Consts.PARAMETER_F2M:
+ if (length == 2) {
short i = Util.makeShort(data[offset], data[(short) (offset + 1)]);
if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setFieldF2M(i);
if ((key & KEY_PUBLIC) != 0) ecPublicKey.setFieldF2M(i);
- }
- break;
- case PARAMETER_F2M_THREE:
- if (length != 6) {
- result = ISO7816.SW_UNKNOWN;
- } else {
+ } else if (length == 6) {
short i1 = Util.makeShort(data[offset], data[(short) (offset + 1)]);
short i2 = Util.makeShort(data[(short) (offset + 2)], data[(short) (offset + 3)]);
short i3 = Util.makeShort(data[(short) (offset + 4)], data[(short) (offset + 5)]);
if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setFieldF2M(i1, i2, i3);
if ((key & KEY_PUBLIC) != 0) ecPublicKey.setFieldF2M(i1, i2, i3);
+ } else {
+ result = ISO7816.SW_UNKNOWN;
}
break;
- case PARAMETER_A:
+ case EC_Consts.PARAMETER_A:
if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setA(data, offset, length);
if ((key & KEY_PUBLIC) != 0) ecPublicKey.setA(data, offset, length);
break;
- case PARAMETER_B:
+ case EC_Consts.PARAMETER_B:
if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setB(data, offset, length);
if ((key & KEY_PUBLIC) != 0) ecPublicKey.setB(data, offset, length);
break;
- case PARAMETER_G:
+ case EC_Consts.PARAMETER_G:
if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setG(data, offset, length);
if ((key & KEY_PUBLIC) != 0) ecPublicKey.setG(data, offset, length);
break;
- case PARAMETER_R:
+ case EC_Consts.PARAMETER_R:
if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setR(data, offset, length);
if ((key & KEY_PUBLIC) != 0) ecPublicKey.setR(data, offset, length);
break;
- case PARAMETER_K:
+ case EC_Consts.PARAMETER_K:
if (length != 2) {
result = ISO7816.SW_UNKNOWN;
} else {
@@ -125,10 +139,10 @@ public class ECKeyGenerator {
if ((key & KEY_PUBLIC) != 0) ecPublicKey.setK(k);
}
break;
- case PARAMETER_S:
+ case EC_Consts.PARAMETER_S:
if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setS(data, offset, length);
break;
- case PARAMETER_W:
+ case EC_Consts.PARAMETER_W:
if ((key & KEY_PUBLIC) != 0) ecPublicKey.setW(data, offset, length);
break;
default:
@@ -142,27 +156,54 @@ public class ECKeyGenerator {
return result;
}
- public short exportParameter(byte key, byte param, byte[] outputBuffer, short outputOffset) {
+ public short exportParameter(byte key, short param, byte[] outputBuffer, short outputOffset) {
if (key == KEY_BOTH) {
- return ISO7816.SW_UNKNOWN;
- }
- short result = ISO7816.SW_NO_ERROR;
+ return -1;
+ }//TODO: change error handling.
+ short length = 0;
try {
- switch(param){
- case PARAMETER_FP:
-
+ switch (param) {
+ case EC_Consts.PARAMETER_FP:
+ case EC_Consts.PARAMETER_F2M:
+ if ((key & KEY_PUBLIC) != 0) length = ecPublicKey.getField(outputBuffer, outputOffset);
+ if ((key & KEY_PRIVATE) != 0) length = ecPrivateKey.getField(outputBuffer, outputOffset);
+ break;
+ case EC_Consts.PARAMETER_A:
+ if ((key & KEY_PUBLIC) != 0) length = ecPublicKey.getA(outputBuffer, outputOffset);
+ if ((key & KEY_PRIVATE) != 0) length = ecPrivateKey.getA(outputBuffer, outputOffset);
+ break;
+ case EC_Consts.PARAMETER_B:
+ if ((key & KEY_PUBLIC) != 0) length = ecPublicKey.getB(outputBuffer, outputOffset);
+ if ((key & KEY_PRIVATE) != 0) length = ecPrivateKey.getB(outputBuffer, outputOffset);
+ break;
+ case EC_Consts.PARAMETER_G:
+ if ((key & KEY_PUBLIC) != 0) length = ecPublicKey.getG(outputBuffer, outputOffset);
+ if ((key & KEY_PRIVATE) != 0) length = ecPrivateKey.getG(outputBuffer, outputOffset);
+ break;
+ case EC_Consts.PARAMETER_R:
+ if ((key & KEY_PUBLIC) != 0) length = ecPublicKey.getR(outputBuffer, outputOffset);
+ if ((key & KEY_PRIVATE) != 0) length = ecPrivateKey.getR(outputBuffer, outputOffset);
+ break;
+ case EC_Consts.PARAMETER_K:
+ if ((key & KEY_PUBLIC) != 0) Util.setShort(outputBuffer, outputOffset, ecPublicKey.getK());
+ if ((key & KEY_PRIVATE) != 0) Util.setShort(outputBuffer, outputOffset, ecPrivateKey.getK());
+ length = 2;
+ break;
+ case EC_Consts.PARAMETER_S:
+ if ((key & KEY_PRIVATE) != 0) length = ecPrivateKey.getS(outputBuffer, outputOffset);
+ break;
+ case EC_Consts.PARAMETER_W:
+ if ((key & KEY_PUBLIC) != 0) length = ecPublicKey.getW(outputBuffer, outputOffset);
break;
-
default:
-
+ length = -1;
}
} catch (CryptoException ce) {
-
+ length = -1;
} catch (Exception e) {
-
+ length = -1;
}
- //TODO
- return result;
+ return length;
}
public ECPrivateKey getPrivateKey() {
diff --git a/src/applets/ECKeyTester.java b/src/applets/ECKeyTester.java
index 91d7a8b..757ece7 100644
--- a/src/applets/ECKeyTester.java
+++ b/src/applets/ECKeyTester.java
@@ -13,6 +13,7 @@ public class ECKeyTester {
private KeyAgreement ecdhcKeyAgreement = null;
private Signature ecdsaSignature = null;
+ //TODO: move these SW definitions to the main applet class.
public final static short SW_SIG_LENGTH_MISMATCH = (short) 0xee4;
public final static short SW_SIG_VERIFY_FAIL = (short) 0xee5;
diff --git a/src/applets/EC_Consts.java b/src/applets/EC_Consts.java
index 3758f0b..7521979 100644
--- a/src/applets/EC_Consts.java
+++ b/src/applets/EC_Consts.java
@@ -3,642 +3,812 @@ package applets;
import javacard.framework.ISO7816;
import javacard.framework.ISOException;
import javacard.framework.Util;
-import javacard.security.ECPrivateKey;
-import javacard.security.ECPublicKey;
import javacard.security.KeyPair;
import javacard.security.RandomData;
public class EC_Consts {
- public static byte[] EC_FP_P = null;
- public static byte[] EC_FP_A = null;
- public static byte[] EC_FP_B = null;
- public static byte[] EC_FP_G_X = null;
- public static byte[] EC_FP_G_Y = null;
- public static byte[] EC_FP_R = null;
- public static short EC_FP_K = 1;
-
- public static RandomData m_random = null;
+ private static byte[] EC_FP_P = null; //p
+ private static byte[] EC_A = null; //a
+ private static byte[] EC_B = null; //b
+ private static byte[] EC_G_X = null; //G[x,y]
+ private static byte[] EC_G_Y = null; //
+ private static byte[] EC_R = null; //n
+ private static short EC_K = 1; //h
+
+ private static byte[] EC_F2M_F2M = null; //[short ii, short i2, short i3], f = x^m + x^i1 + x^i2 + x^i3 + 1
+
+ public static final byte PARAMETER_FP = 1;
+ public static final byte PARAMETER_F2M = 2;
+
+ public static final byte PARAMETER_A = 3;
+ public static final byte PARAMETER_B = 4;
+ public static final byte PARAMETER_G = 5;
+ public static final byte PARAMETER_R = 6;
+ public static final byte PARAMETER_K = 7;
+
+ //TODO make params maskable, to allow for PARAMETER_A | PARAMETER_B passed to for example ECKeyGenerator.setInvalidCustomCurve
+ public static final byte PARAMETER_S = 8; //private key
+ public static final byte PARAMETER_W = 9; //public key
+
+
+ public static RandomData m_random = null;
// secp128r1
public static final byte[] EC128_FP_P = new byte[]{
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFD,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF};
-
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFD,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF};
+
public static final byte[] EC128_FP_A = new byte[]{
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFD,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFC};
-
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFD,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFC};
+
public static final byte[] EC128_FP_B = new byte[]{
- (byte) 0xE8, (byte) 0x75, (byte) 0x79, (byte) 0xC1,
- (byte) 0x10, (byte) 0x79, (byte) 0xF4, (byte) 0x3D,
- (byte) 0xD8, (byte) 0x24, (byte) 0x99, (byte) 0x3C,
- (byte) 0x2C, (byte) 0xEE, (byte) 0x5E, (byte) 0xD3};
-
+ (byte) 0xE8, (byte) 0x75, (byte) 0x79, (byte) 0xC1,
+ (byte) 0x10, (byte) 0x79, (byte) 0xF4, (byte) 0x3D,
+ (byte) 0xD8, (byte) 0x24, (byte) 0x99, (byte) 0x3C,
+ (byte) 0x2C, (byte) 0xEE, (byte) 0x5E, (byte) 0xD3};
+
// G in compressed form / first part of ucompressed
public static final byte[] EC128_FP_G_X = new byte[]{
- (byte) 0x16, (byte) 0x1F, (byte) 0xF7, (byte) 0x52,
- (byte) 0x8B, (byte) 0x89, (byte) 0x9B, (byte) 0x2D,
- (byte) 0x0C, (byte) 0x28, (byte) 0x60, (byte) 0x7C,
- (byte) 0xA5, (byte) 0x2C, (byte) 0x5B, (byte) 0x86 };
-
+ (byte) 0x16, (byte) 0x1F, (byte) 0xF7, (byte) 0x52,
+ (byte) 0x8B, (byte) 0x89, (byte) 0x9B, (byte) 0x2D,
+ (byte) 0x0C, (byte) 0x28, (byte) 0x60, (byte) 0x7C,
+ (byte) 0xA5, (byte) 0x2C, (byte) 0x5B, (byte) 0x86};
+
// second part of G uncompressed
public static final byte[] EC128_FP_G_Y = new byte[]{
- (byte) 0xCF, (byte) 0x5A, (byte) 0xC8, (byte) 0x39,
- (byte) 0x5B, (byte) 0xAF, (byte) 0xEB, (byte) 0x13,
- (byte) 0xC0, (byte) 0x2D, (byte) 0xA2, (byte) 0x92,
- (byte) 0xDD, (byte) 0xED, (byte) 0x7A, (byte) 0x83};
+ (byte) 0xCF, (byte) 0x5A, (byte) 0xC8, (byte) 0x39,
+ (byte) 0x5B, (byte) 0xAF, (byte) 0xEB, (byte) 0x13,
+ (byte) 0xC0, (byte) 0x2D, (byte) 0xA2, (byte) 0x92,
+ (byte) 0xDD, (byte) 0xED, (byte) 0x7A, (byte) 0x83};
// Order of G
public static final byte[] EC128_FP_R = new byte[]{
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFE,
- (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
- (byte) 0x75, (byte) 0xA3, (byte) 0x0D, (byte) 0x1B,
- (byte) 0x90, (byte) 0x38, (byte) 0xA1, (byte) 0x15};
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFE,
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
+ (byte) 0x75, (byte) 0xA3, (byte) 0x0D, (byte) 0x1B,
+ (byte) 0x90, (byte) 0x38, (byte) 0xA1, (byte) 0x15};
// cofactor of G
public static final short EC128_FP_K = 1;
-
+
// secp160r1
public static final byte[] EC160_FP_P = new byte[]{
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0x7F, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF};
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0x7F, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF};
public static final byte[] EC160_FP_A = new byte[]{
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0x7F, (byte) 0xFF, (byte) 0xFF, (byte) 0xFC};
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0x7F, (byte) 0xFF, (byte) 0xFF, (byte) 0xFC};
public static final byte[] EC160_FP_B = new byte[]{
- (byte) 0x1C, (byte) 0x97, (byte) 0xBE, (byte) 0xFC,
- (byte) 0x54, (byte) 0xBD, (byte) 0x7A, (byte) 0x8B,
- (byte) 0x65, (byte) 0xAC, (byte) 0xF8, (byte) 0x9F,
- (byte) 0x81, (byte) 0xD4, (byte) 0xD4, (byte) 0xAD,
- (byte) 0xC5, (byte) 0x65, (byte) 0xFA, (byte) 0x45};
+ (byte) 0x1C, (byte) 0x97, (byte) 0xBE, (byte) 0xFC,
+ (byte) 0x54, (byte) 0xBD, (byte) 0x7A, (byte) 0x8B,
+ (byte) 0x65, (byte) 0xAC, (byte) 0xF8, (byte) 0x9F,
+ (byte) 0x81, (byte) 0xD4, (byte) 0xD4, (byte) 0xAD,
+ (byte) 0xC5, (byte) 0x65, (byte) 0xFA, (byte) 0x45};
// G in compressed form / first part of ucompressed
public static final byte[] EC160_FP_G_X = new byte[]{
- (byte) 0x4A, (byte) 0x96, (byte) 0xB5, (byte) 0x68,
- (byte) 0x8E, (byte) 0xF5, (byte) 0x73, (byte) 0x28,
- (byte) 0x46, (byte) 0x64, (byte) 0x69, (byte) 0x89,
- (byte) 0x68, (byte) 0xC3, (byte) 0x8B, (byte) 0xB9,
- (byte) 0x13, (byte) 0xCB, (byte) 0xFC, (byte) 0x82};
+ (byte) 0x4A, (byte) 0x96, (byte) 0xB5, (byte) 0x68,
+ (byte) 0x8E, (byte) 0xF5, (byte) 0x73, (byte) 0x28,
+ (byte) 0x46, (byte) 0x64, (byte) 0x69, (byte) 0x89,
+ (byte) 0x68, (byte) 0xC3, (byte) 0x8B, (byte) 0xB9,
+ (byte) 0x13, (byte) 0xCB, (byte) 0xFC, (byte) 0x82};
// second part of G uncompressed
public static final byte[] EC160_FP_G_Y = new byte[]{
- (byte) 0x23, (byte) 0xA6, (byte) 0x28, (byte) 0x55,
- (byte) 0x31, (byte) 0x68, (byte) 0x94, (byte) 0x7D,
- (byte) 0x59, (byte) 0xDC, (byte) 0xC9, (byte) 0x12,
- (byte) 0x04, (byte) 0x23, (byte) 0x51, (byte) 0x37,
- (byte) 0x7A, (byte) 0xC5, (byte) 0xFB, (byte) 0x32};
+ (byte) 0x23, (byte) 0xA6, (byte) 0x28, (byte) 0x55,
+ (byte) 0x31, (byte) 0x68, (byte) 0x94, (byte) 0x7D,
+ (byte) 0x59, (byte) 0xDC, (byte) 0xC9, (byte) 0x12,
+ (byte) 0x04, (byte) 0x23, (byte) 0x51, (byte) 0x37,
+ (byte) 0x7A, (byte) 0xC5, (byte) 0xFB, (byte) 0x32};
// Order of G
public static final byte[] EC160_FP_R = new byte[]{
- (byte) 0x01, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
- (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
- (byte) 0x00, (byte) 0x01, (byte) 0xF4, (byte) 0xC8,
- (byte) 0xF9, (byte) 0x27, (byte) 0xAE, (byte) 0xD3,
- (byte) 0xCA, (byte) 0x75, (byte) 0x22, (byte) 0x57};
+ (byte) 0x01, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
+ (byte) 0x00, (byte) 0x01, (byte) 0xF4, (byte) 0xC8,
+ (byte) 0xF9, (byte) 0x27, (byte) 0xAE, (byte) 0xD3,
+ (byte) 0xCA, (byte) 0x75, (byte) 0x22, (byte) 0x57};
// cofactor of G
- public static final short EC160_FP_K = 1;
-
-
+ public static final short EC160_FP_K = 1;
+
+
// secp192r1 from http://www.secg.org/sec2-v2.pdf
public static final byte[] EC192_FP_P = new byte[]{
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFE,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF};
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFE,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF};
public static final byte[] EC192_FP_A = new byte[]{
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFE,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFC};
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFE,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFC};
public static final byte[] EC192_FP_B = new byte[]{
- (byte) 0x64, (byte) 0x21, (byte) 0x05, (byte) 0x19,
- (byte) 0xE5, (byte) 0x9C, (byte) 0x80, (byte) 0xE7,
- (byte) 0x0F, (byte) 0xA7, (byte) 0xE9, (byte) 0xAB,
- (byte) 0x72, (byte) 0x24, (byte) 0x30, (byte) 0x49,
- (byte) 0xFE, (byte) 0xB8, (byte) 0xDE, (byte) 0xEC,
- (byte) 0xC1, (byte) 0x46, (byte) 0xB9, (byte) 0xB1};
+ (byte) 0x64, (byte) 0x21, (byte) 0x05, (byte) 0x19,
+ (byte) 0xE5, (byte) 0x9C, (byte) 0x80, (byte) 0xE7,
+ (byte) 0x0F, (byte) 0xA7, (byte) 0xE9, (byte) 0xAB,
+ (byte) 0x72, (byte) 0x24, (byte) 0x30, (byte) 0x49,
+ (byte) 0xFE, (byte) 0xB8, (byte) 0xDE, (byte) 0xEC,
+ (byte) 0xC1, (byte) 0x46, (byte) 0xB9, (byte) 0xB1};
// G in compressed form / first part of ucompressed
public static final byte[] EC192_FP_G_X = new byte[]{
- (byte) 0x18, (byte) 0x8D, (byte) 0xA8, (byte) 0x0E,
- (byte) 0xB0, (byte) 0x30, (byte) 0x90, (byte) 0xF6,
- (byte) 0x7C, (byte) 0xBF, (byte) 0x20, (byte) 0xEB,
- (byte) 0x43, (byte) 0xA1, (byte) 0x88, (byte) 0x00,
- (byte) 0xF4, (byte) 0xFF, (byte) 0x0A, (byte) 0xFD,
- (byte) 0x82, (byte) 0xFF, (byte) 0x10, (byte) 0x12};
+ (byte) 0x18, (byte) 0x8D, (byte) 0xA8, (byte) 0x0E,
+ (byte) 0xB0, (byte) 0x30, (byte) 0x90, (byte) 0xF6,
+ (byte) 0x7C, (byte) 0xBF, (byte) 0x20, (byte) 0xEB,
+ (byte) 0x43, (byte) 0xA1, (byte) 0x88, (byte) 0x00,
+ (byte) 0xF4, (byte) 0xFF, (byte) 0x0A, (byte) 0xFD,
+ (byte) 0x82, (byte) 0xFF, (byte) 0x10, (byte) 0x12};
// second part of G uncompressed
- public static final byte[] EC192_FP_G_Y = new byte[]{
- (byte) 0x07, (byte) 0x19, (byte) 0x2B, (byte) 0x95,
- (byte) 0xFF, (byte) 0xC8, (byte) 0xDA, (byte) 0x78,
- (byte) 0x63, (byte) 0x10, (byte) 0x11, (byte) 0xED,
- (byte) 0x6B, (byte) 0x24, (byte) 0xCD, (byte) 0xD5,
- (byte) 0x73, (byte) 0xF9, (byte) 0x77, (byte) 0xA1,
- (byte) 0x1E, (byte) 0x79, (byte) 0x48, (byte) 0x11};
+ public static final byte[] EC192_FP_G_Y = new byte[]{
+ (byte) 0x07, (byte) 0x19, (byte) 0x2B, (byte) 0x95,
+ (byte) 0xFF, (byte) 0xC8, (byte) 0xDA, (byte) 0x78,
+ (byte) 0x63, (byte) 0x10, (byte) 0x11, (byte) 0xED,
+ (byte) 0x6B, (byte) 0x24, (byte) 0xCD, (byte) 0xD5,
+ (byte) 0x73, (byte) 0xF9, (byte) 0x77, (byte) 0xA1,
+ (byte) 0x1E, (byte) 0x79, (byte) 0x48, (byte) 0x11};
// Order of G
public static final byte[] EC192_FP_R = new byte[]{
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0x99, (byte) 0xDE, (byte) 0xF8, (byte) 0x36,
- (byte) 0x14, (byte) 0x6B, (byte) 0xC9, (byte) 0xB1,
- (byte) 0xB4, (byte) 0xD2, (byte) 0x28, (byte) 0x31};
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0x99, (byte) 0xDE, (byte) 0xF8, (byte) 0x36,
+ (byte) 0x14, (byte) 0x6B, (byte) 0xC9, (byte) 0xB1,
+ (byte) 0xB4, (byte) 0xD2, (byte) 0x28, (byte) 0x31};
// cofactor of G
- public static final short EC192_FP_K = 1;
-
+ public static final short EC192_FP_K = 1;
+
// secp224r1 from http://www.secg.org/sec2-v2.pdf
public static final byte[] EC224_FP_P = new byte[]{
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
- (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
- (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x01};
-
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x01};
+
public static final byte[] EC224_FP_A = new byte[]{
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFE,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFE};
-
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFE,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFE};
+
public static final byte[] EC224_FP_B = new byte[]{
- (byte) 0xB4, (byte) 0x05, (byte) 0x0A, (byte) 0x85,
- (byte) 0x0C, (byte) 0x04, (byte) 0xB3, (byte) 0xAB,
- (byte) 0xF5, (byte) 0x41, (byte) 0x32, (byte) 0x56,
- (byte) 0x50, (byte) 0x44, (byte) 0xB0, (byte) 0xB7,
- (byte) 0xD7, (byte) 0xBF, (byte) 0xD8, (byte) 0xBA,
- (byte) 0x27, (byte) 0x0B, (byte) 0x39, (byte) 0x43,
- (byte) 0x23, (byte) 0x55, (byte) 0xFF, (byte) 0xB4};
-
+ (byte) 0xB4, (byte) 0x05, (byte) 0x0A, (byte) 0x85,
+ (byte) 0x0C, (byte) 0x04, (byte) 0xB3, (byte) 0xAB,
+ (byte) 0xF5, (byte) 0x41, (byte) 0x32, (byte) 0x56,
+ (byte) 0x50, (byte) 0x44, (byte) 0xB0, (byte) 0xB7,
+ (byte) 0xD7, (byte) 0xBF, (byte) 0xD8, (byte) 0xBA,
+ (byte) 0x27, (byte) 0x0B, (byte) 0x39, (byte) 0x43,
+ (byte) 0x23, (byte) 0x55, (byte) 0xFF, (byte) 0xB4};
+
// G in compressed form / first part of ucompressed
public static final byte[] EC224_FP_G_X = new byte[]{
- (byte) 0xB7, (byte) 0x0E, (byte) 0x0C, (byte) 0xBD,
- (byte) 0x6B, (byte) 0xB4, (byte) 0xBF, (byte) 0x7F,
- (byte) 0x32, (byte) 0x13, (byte) 0x90, (byte) 0xB9,
- (byte) 0x4A, (byte) 0x03, (byte) 0xC1, (byte) 0xD3,
- (byte) 0x56, (byte) 0xC2, (byte) 0x11, (byte) 0x22,
- (byte) 0x34, (byte) 0x32, (byte) 0x80, (byte) 0xD6,
- (byte) 0x11, (byte) 0x5C, (byte) 0x1D, (byte) 0x21};
+ (byte) 0xB7, (byte) 0x0E, (byte) 0x0C, (byte) 0xBD,
+ (byte) 0x6B, (byte) 0xB4, (byte) 0xBF, (byte) 0x7F,
+ (byte) 0x32, (byte) 0x13, (byte) 0x90, (byte) 0xB9,
+ (byte) 0x4A, (byte) 0x03, (byte) 0xC1, (byte) 0xD3,
+ (byte) 0x56, (byte) 0xC2, (byte) 0x11, (byte) 0x22,
+ (byte) 0x34, (byte) 0x32, (byte) 0x80, (byte) 0xD6,
+ (byte) 0x11, (byte) 0x5C, (byte) 0x1D, (byte) 0x21};
// second part of G uncompressed
public static final byte[] EC224_FP_G_Y = new byte[]{
- (byte) 0xBD, (byte) 0x37, (byte) 0x63, (byte) 0x88,
- (byte) 0xB5, (byte) 0xF7, (byte) 0x23, (byte) 0xFB,
- (byte) 0x4C, (byte) 0x22, (byte) 0xDF, (byte) 0xE6,
- (byte) 0xCD, (byte) 0x43, (byte) 0x75, (byte) 0xA0,
- (byte) 0x5A, (byte) 0x07, (byte) 0x47, (byte) 0x64,
- (byte) 0x44, (byte) 0xD5, (byte) 0x81, (byte) 0x99,
- (byte) 0x85, (byte) 0x00, (byte) 0x7E, (byte) 0x34};
+ (byte) 0xBD, (byte) 0x37, (byte) 0x63, (byte) 0x88,
+ (byte) 0xB5, (byte) 0xF7, (byte) 0x23, (byte) 0xFB,
+ (byte) 0x4C, (byte) 0x22, (byte) 0xDF, (byte) 0xE6,
+ (byte) 0xCD, (byte) 0x43, (byte) 0x75, (byte) 0xA0,
+ (byte) 0x5A, (byte) 0x07, (byte) 0x47, (byte) 0x64,
+ (byte) 0x44, (byte) 0xD5, (byte) 0x81, (byte) 0x99,
+ (byte) 0x85, (byte) 0x00, (byte) 0x7E, (byte) 0x34};
// Order of G
public static final byte[] EC224_FP_R = new byte[]{
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0x16, (byte) 0xA2,
- (byte) 0xE0, (byte) 0xB8, (byte) 0xF0, (byte) 0x3E,
- (byte) 0x13, (byte) 0xDD, (byte) 0x29, (byte) 0x45,
- (byte) 0x5C, (byte) 0x5C, (byte) 0x2A, (byte) 0x3D};
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0x16, (byte) 0xA2,
+ (byte) 0xE0, (byte) 0xB8, (byte) 0xF0, (byte) 0x3E,
+ (byte) 0x13, (byte) 0xDD, (byte) 0x29, (byte) 0x45,
+ (byte) 0x5C, (byte) 0x5C, (byte) 0x2A, (byte) 0x3D};
// cofactor of G
- public static final short EC224_FP_K = 1;
-
+ public static final short EC224_FP_K = 1;
+
// secp256r1 from http://www.secg.org/sec2-v2.pdf
public static final byte[] EC256_FP_P = new byte[]{
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x01,
- (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
- (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
- (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF};
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x01,
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF};
public static final byte[] EC256_FP_A = new byte[]{
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x01,
- (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
- (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
- (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFC};
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x01,
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFC};
public static final byte[] EC256_FP_B = new byte[]{
- (byte) 0x5A, (byte) 0xC6, (byte) 0x35, (byte) 0xD8,
- (byte) 0xAA, (byte) 0x3A, (byte) 0x93, (byte) 0xE7,
- (byte) 0xB3, (byte) 0xEB, (byte) 0xBD, (byte) 0x55,
- (byte) 0x76, (byte) 0x98, (byte) 0x86, (byte) 0xBC,
- (byte) 0x65, (byte) 0x1D, (byte) 0x06, (byte) 0xB0,
- (byte) 0xCC, (byte) 0x53, (byte) 0xB0, (byte) 0xF6,
- (byte) 0x3B, (byte) 0xCE, (byte) 0x3C, (byte) 0x3E,
- (byte) 0x27, (byte) 0xD2, (byte) 0x60, (byte) 0x4B};
+ (byte) 0x5A, (byte) 0xC6, (byte) 0x35, (byte) 0xD8,
+ (byte) 0xAA, (byte) 0x3A, (byte) 0x93, (byte) 0xE7,
+ (byte) 0xB3, (byte) 0xEB, (byte) 0xBD, (byte) 0x55,
+ (byte) 0x76, (byte) 0x98, (byte) 0x86, (byte) 0xBC,
+ (byte) 0x65, (byte) 0x1D, (byte) 0x06, (byte) 0xB0,
+ (byte) 0xCC, (byte) 0x53, (byte) 0xB0, (byte) 0xF6,
+ (byte) 0x3B, (byte) 0xCE, (byte) 0x3C, (byte) 0x3E,
+ (byte) 0x27, (byte) 0xD2, (byte) 0x60, (byte) 0x4B};
// G in compressed form / first part of ucompressed
public static final byte[] EC256_FP_G_X = new byte[]{
- (byte) 0x6B, (byte) 0x17, (byte) 0xD1, (byte) 0xF2,
- (byte) 0xE1, (byte) 0x2C, (byte) 0x42, (byte) 0x47,
- (byte) 0xF8, (byte) 0xBC, (byte) 0xE6, (byte) 0xE5,
- (byte) 0x63, (byte) 0xA4, (byte) 0x40, (byte) 0xF2,
- (byte) 0x77, (byte) 0x03, (byte) 0x7D, (byte) 0x81,
- (byte) 0x2D, (byte) 0xEB, (byte) 0x33, (byte) 0xA0,
- (byte) 0xF4, (byte) 0xA1, (byte) 0x39, (byte) 0x45,
- (byte) 0xD8, (byte) 0x98, (byte) 0xC2, (byte) 0x96};
+ (byte) 0x6B, (byte) 0x17, (byte) 0xD1, (byte) 0xF2,
+ (byte) 0xE1, (byte) 0x2C, (byte) 0x42, (byte) 0x47,
+ (byte) 0xF8, (byte) 0xBC, (byte) 0xE6, (byte) 0xE5,
+ (byte) 0x63, (byte) 0xA4, (byte) 0x40, (byte) 0xF2,
+ (byte) 0x77, (byte) 0x03, (byte) 0x7D, (byte) 0x81,
+ (byte) 0x2D, (byte) 0xEB, (byte) 0x33, (byte) 0xA0,
+ (byte) 0xF4, (byte) 0xA1, (byte) 0x39, (byte) 0x45,
+ (byte) 0xD8, (byte) 0x98, (byte) 0xC2, (byte) 0x96};
// second part of G uncompressed
public static final byte[] EC256_FP_G_Y = new byte[]{
- (byte) 0x4F, (byte) 0xE3, (byte) 0x42, (byte) 0xE2,
- (byte) 0xFE, (byte) 0x1A, (byte) 0x7F, (byte) 0x9B,
- (byte) 0x8E, (byte) 0xE7, (byte) 0xEB, (byte) 0x4A,
- (byte) 0x7C, (byte) 0x0F, (byte) 0x9E, (byte) 0x16,
- (byte) 0x2B, (byte) 0xCE, (byte) 0x33, (byte) 0x57,
- (byte) 0x6B, (byte) 0x31, (byte) 0x5E, (byte) 0xCE,
- (byte) 0xCB, (byte) 0xB6, (byte) 0x40, (byte) 0x68,
- (byte) 0x37, (byte) 0xBF, (byte) 0x51, (byte) 0xF5};
+ (byte) 0x4F, (byte) 0xE3, (byte) 0x42, (byte) 0xE2,
+ (byte) 0xFE, (byte) 0x1A, (byte) 0x7F, (byte) 0x9B,
+ (byte) 0x8E, (byte) 0xE7, (byte) 0xEB, (byte) 0x4A,
+ (byte) 0x7C, (byte) 0x0F, (byte) 0x9E, (byte) 0x16,
+ (byte) 0x2B, (byte) 0xCE, (byte) 0x33, (byte) 0x57,
+ (byte) 0x6B, (byte) 0x31, (byte) 0x5E, (byte) 0xCE,
+ (byte) 0xCB, (byte) 0xB6, (byte) 0x40, (byte) 0x68,
+ (byte) 0x37, (byte) 0xBF, (byte) 0x51, (byte) 0xF5};
// Order of G
public static final byte[] EC256_FP_R = new byte[]{
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xBC, (byte) 0xE6, (byte) 0xFA, (byte) 0xAD,
- (byte) 0xA7, (byte) 0x17, (byte) 0x9E, (byte) 0x84,
- (byte) 0xF3, (byte) 0xB9, (byte) 0xCA, (byte) 0xC2,
- (byte) 0xFC, (byte) 0x63, (byte) 0x25, (byte) 0x51};
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xBC, (byte) 0xE6, (byte) 0xFA, (byte) 0xAD,
+ (byte) 0xA7, (byte) 0x17, (byte) 0x9E, (byte) 0x84,
+ (byte) 0xF3, (byte) 0xB9, (byte) 0xCA, (byte) 0xC2,
+ (byte) 0xFC, (byte) 0x63, (byte) 0x25, (byte) 0x51};
// cofactor of G
- public static final short EC256_FP_K = 1;
-
+ public static final short EC256_FP_K = 1;
+
// secp384r1 from http://www.secg.org/sec2-v2.pdf
public static final byte[] EC384_FP_P = new byte[]{
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFE,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
- (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF};
-
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFE,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF};
+
public static final byte[] EC384_FP_A = new byte[]{
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFE,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
- (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFC};
-
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFE,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFC};
+
public static final byte[] EC384_FP_B = new byte[]{
- (byte) 0xB3, (byte) 0x31, (byte) 0x2F, (byte) 0xA7,
- (byte) 0xE2, (byte) 0x3E, (byte) 0xE7, (byte) 0xE4,
- (byte) 0x98, (byte) 0x8E, (byte) 0x05, (byte) 0x6B,
- (byte) 0xE3, (byte) 0xF8, (byte) 0x2D, (byte) 0x19,
- (byte) 0x18, (byte) 0x1D, (byte) 0x9C, (byte) 0x6E,
- (byte) 0xFE, (byte) 0x81, (byte) 0x41, (byte) 0x12,
- (byte) 0x03, (byte) 0x14, (byte) 0x08, (byte) 0x8F,
- (byte) 0x50, (byte) 0x13, (byte) 0x87, (byte) 0x5A,
- (byte) 0xC6, (byte) 0x56, (byte) 0x39, (byte) 0x8D,
- (byte) 0x8A, (byte) 0x2E, (byte) 0xD1, (byte) 0x9D,
- (byte) 0x2A, (byte) 0x85, (byte) 0xC8, (byte) 0xED,
- (byte) 0xD3, (byte) 0xEC, (byte) 0x2A, (byte) 0xEF};
-
+ (byte) 0xB3, (byte) 0x31, (byte) 0x2F, (byte) 0xA7,
+ (byte) 0xE2, (byte) 0x3E, (byte) 0xE7, (byte) 0xE4,
+ (byte) 0x98, (byte) 0x8E, (byte) 0x05, (byte) 0x6B,
+ (byte) 0xE3, (byte) 0xF8, (byte) 0x2D, (byte) 0x19,
+ (byte) 0x18, (byte) 0x1D, (byte) 0x9C, (byte) 0x6E,
+ (byte) 0xFE, (byte) 0x81, (byte) 0x41, (byte) 0x12,
+ (byte) 0x03, (byte) 0x14, (byte) 0x08, (byte) 0x8F,
+ (byte) 0x50, (byte) 0x13, (byte) 0x87, (byte) 0x5A,
+ (byte) 0xC6, (byte) 0x56, (byte) 0x39, (byte) 0x8D,
+ (byte) 0x8A, (byte) 0x2E, (byte) 0xD1, (byte) 0x9D,
+ (byte) 0x2A, (byte) 0x85, (byte) 0xC8, (byte) 0xED,
+ (byte) 0xD3, (byte) 0xEC, (byte) 0x2A, (byte) 0xEF};
+
// G in compressed form / first part of ucompressed
public static final byte[] EC384_FP_G_X = new byte[]{
- (byte) 0xAA, (byte) 0x87, (byte) 0xCA, (byte) 0x22,
- (byte) 0xBE, (byte) 0x8B, (byte) 0x05, (byte) 0x37,
- (byte) 0x8E, (byte) 0xB1, (byte) 0xC7, (byte) 0x1E,
- (byte) 0xF3, (byte) 0x20, (byte) 0xAD, (byte) 0x74,
- (byte) 0x6E, (byte) 0x1D, (byte) 0x3B, (byte) 0x62,
- (byte) 0x8B, (byte) 0xA7, (byte) 0x9B, (byte) 0x98,
- (byte) 0x59, (byte) 0xF7, (byte) 0x41, (byte) 0xE0,
- (byte) 0x82, (byte) 0x54, (byte) 0x2A, (byte) 0x38,
- (byte) 0x55, (byte) 0x02, (byte) 0xF2, (byte) 0x5D,
- (byte) 0xBF, (byte) 0x55, (byte) 0x29, (byte) 0x6C,
- (byte) 0x3A, (byte) 0x54, (byte) 0x5E, (byte) 0x38,
- (byte) 0x72, (byte) 0x76, (byte) 0x0A, (byte) 0xB7};
+ (byte) 0xAA, (byte) 0x87, (byte) 0xCA, (byte) 0x22,
+ (byte) 0xBE, (byte) 0x8B, (byte) 0x05, (byte) 0x37,
+ (byte) 0x8E, (byte) 0xB1, (byte) 0xC7, (byte) 0x1E,
+ (byte) 0xF3, (byte) 0x20, (byte) 0xAD, (byte) 0x74,
+ (byte) 0x6E, (byte) 0x1D, (byte) 0x3B, (byte) 0x62,
+ (byte) 0x8B, (byte) 0xA7, (byte) 0x9B, (byte) 0x98,
+ (byte) 0x59, (byte) 0xF7, (byte) 0x41, (byte) 0xE0,
+ (byte) 0x82, (byte) 0x54, (byte) 0x2A, (byte) 0x38,
+ (byte) 0x55, (byte) 0x02, (byte) 0xF2, (byte) 0x5D,
+ (byte) 0xBF, (byte) 0x55, (byte) 0x29, (byte) 0x6C,
+ (byte) 0x3A, (byte) 0x54, (byte) 0x5E, (byte) 0x38,
+ (byte) 0x72, (byte) 0x76, (byte) 0x0A, (byte) 0xB7};
// second part of G uncompressed
public static final byte[] EC384_FP_G_Y = new byte[]{
- (byte) 0x36, (byte) 0x17, (byte) 0xDE, (byte) 0x4A,
- (byte) 0x96, (byte) 0x26, (byte) 0x2C, (byte) 0x6F,
- (byte) 0x5D, (byte) 0x9E, (byte) 0x98, (byte) 0xBF,
- (byte) 0x92, (byte) 0x92, (byte) 0xDC, (byte) 0x29,
- (byte) 0xF8, (byte) 0xF4, (byte) 0x1D, (byte) 0xBD,
- (byte) 0x28, (byte) 0x9A, (byte) 0x14, (byte) 0x7C,
- (byte) 0xE9, (byte) 0xDA, (byte) 0x31, (byte) 0x13,
- (byte) 0xB5, (byte) 0xF0, (byte) 0xB8, (byte) 0xC0,
- (byte) 0x0A, (byte) 0x60, (byte) 0xB1, (byte) 0xCE,
- (byte) 0x1D, (byte) 0x7E, (byte) 0x81, (byte) 0x9D,
- (byte) 0x7A, (byte) 0x43, (byte) 0x1D, (byte) 0x7C,
- (byte) 0x90, (byte) 0xEA, (byte) 0x0E, (byte) 0x5F};
-
+ (byte) 0x36, (byte) 0x17, (byte) 0xDE, (byte) 0x4A,
+ (byte) 0x96, (byte) 0x26, (byte) 0x2C, (byte) 0x6F,
+ (byte) 0x5D, (byte) 0x9E, (byte) 0x98, (byte) 0xBF,
+ (byte) 0x92, (byte) 0x92, (byte) 0xDC, (byte) 0x29,
+ (byte) 0xF8, (byte) 0xF4, (byte) 0x1D, (byte) 0xBD,
+ (byte) 0x28, (byte) 0x9A, (byte) 0x14, (byte) 0x7C,
+ (byte) 0xE9, (byte) 0xDA, (byte) 0x31, (byte) 0x13,
+ (byte) 0xB5, (byte) 0xF0, (byte) 0xB8, (byte) 0xC0,
+ (byte) 0x0A, (byte) 0x60, (byte) 0xB1, (byte) 0xCE,
+ (byte) 0x1D, (byte) 0x7E, (byte) 0x81, (byte) 0x9D,
+ (byte) 0x7A, (byte) 0x43, (byte) 0x1D, (byte) 0x7C,
+ (byte) 0x90, (byte) 0xEA, (byte) 0x0E, (byte) 0x5F};
+
// Order of G
public static final byte[] EC384_FP_R = new byte[]{
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xC7, (byte) 0x63, (byte) 0x4D, (byte) 0x81,
- (byte) 0xF4, (byte) 0x37, (byte) 0x2D, (byte) 0xDF,
- (byte) 0x58, (byte) 0x1A, (byte) 0x0D, (byte) 0xB2,
- (byte) 0x48, (byte) 0xB0, (byte) 0xA7, (byte) 0x7A,
- (byte) 0xEC, (byte) 0xEC, (byte) 0x19, (byte) 0x6A,
- (byte) 0xCC, (byte) 0xC5, (byte) 0x29, (byte) 0x73};
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xC7, (byte) 0x63, (byte) 0x4D, (byte) 0x81,
+ (byte) 0xF4, (byte) 0x37, (byte) 0x2D, (byte) 0xDF,
+ (byte) 0x58, (byte) 0x1A, (byte) 0x0D, (byte) 0xB2,
+ (byte) 0x48, (byte) 0xB0, (byte) 0xA7, (byte) 0x7A,
+ (byte) 0xEC, (byte) 0xEC, (byte) 0x19, (byte) 0x6A,
+ (byte) 0xCC, (byte) 0xC5, (byte) 0x29, (byte) 0x73};
// cofactor of G
- public static final short EC384_FP_K = 1;
-
-
+ public static final short EC384_FP_K = 1;
+
+
// secp521r1 from http://www.secg.org/sec2-v2.pdf
public static final byte[] EC521_FP_P = new byte[]{
- (byte) 0x01, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF};
+ (byte) 0x01, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF};
public static final byte[] EC521_FP_A = new byte[]{
- (byte) 0x01, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFC};
+ (byte) 0x01, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFC};
public static final byte[] EC521_FP_B = new byte[]{
- (byte) 0x00, (byte) 0x51, (byte) 0x95, (byte) 0x3E,
- (byte) 0xB9, (byte) 0x61, (byte) 0x8E, (byte) 0x1C,
- (byte) 0x9A, (byte) 0x1F, (byte) 0x92, (byte) 0x9A,
- (byte) 0x21, (byte) 0xA0, (byte) 0xB6, (byte) 0x85,
- (byte) 0x40, (byte) 0xEE, (byte) 0xA2, (byte) 0xDA,
- (byte) 0x72, (byte) 0x5B, (byte) 0x99, (byte) 0xB3,
- (byte) 0x15, (byte) 0xF3, (byte) 0xB8, (byte) 0xB4,
- (byte) 0x89, (byte) 0x91, (byte) 0x8E, (byte) 0xF1,
- (byte) 0x09, (byte) 0xE1, (byte) 0x56, (byte) 0x19,
- (byte) 0x39, (byte) 0x51, (byte) 0xEC, (byte) 0x7E,
- (byte) 0x93, (byte) 0x7B, (byte) 0x16, (byte) 0x52,
- (byte) 0xC0, (byte) 0xBD, (byte) 0x3B, (byte) 0xB1,
- (byte) 0xBF, (byte) 0x07, (byte) 0x35, (byte) 0x73,
- (byte) 0xDF, (byte) 0x88, (byte) 0x3D, (byte) 0x2C,
- (byte) 0x34, (byte) 0xF1, (byte) 0xEF, (byte) 0x45,
- (byte) 0x1F, (byte) 0xD4, (byte) 0x6B, (byte) 0x50,
- (byte) 0x3F, (byte) 0x00};
+ (byte) 0x00, (byte) 0x51, (byte) 0x95, (byte) 0x3E,
+ (byte) 0xB9, (byte) 0x61, (byte) 0x8E, (byte) 0x1C,
+ (byte) 0x9A, (byte) 0x1F, (byte) 0x92, (byte) 0x9A,
+ (byte) 0x21, (byte) 0xA0, (byte) 0xB6, (byte) 0x85,
+ (byte) 0x40, (byte) 0xEE, (byte) 0xA2, (byte) 0xDA,
+ (byte) 0x72, (byte) 0x5B, (byte) 0x99, (byte) 0xB3,
+ (byte) 0x15, (byte) 0xF3, (byte) 0xB8, (byte) 0xB4,
+ (byte) 0x89, (byte) 0x91, (byte) 0x8E, (byte) 0xF1,
+ (byte) 0x09, (byte) 0xE1, (byte) 0x56, (byte) 0x19,
+ (byte) 0x39, (byte) 0x51, (byte) 0xEC, (byte) 0x7E,
+ (byte) 0x93, (byte) 0x7B, (byte) 0x16, (byte) 0x52,
+ (byte) 0xC0, (byte) 0xBD, (byte) 0x3B, (byte) 0xB1,
+ (byte) 0xBF, (byte) 0x07, (byte) 0x35, (byte) 0x73,
+ (byte) 0xDF, (byte) 0x88, (byte) 0x3D, (byte) 0x2C,
+ (byte) 0x34, (byte) 0xF1, (byte) 0xEF, (byte) 0x45,
+ (byte) 0x1F, (byte) 0xD4, (byte) 0x6B, (byte) 0x50,
+ (byte) 0x3F, (byte) 0x00};
// G in compressed form / first part of ucompressed
public static final byte[] EC521_FP_G_X = new byte[]{
- (byte) 0x00, (byte) 0xC6, (byte) 0x85, (byte) 0x8E,
- (byte) 0x06, (byte) 0xB7, (byte) 0x04, (byte) 0x04,
- (byte) 0xE9, (byte) 0xCD, (byte) 0x9E, (byte) 0x3E,
- (byte) 0xCB, (byte) 0x66, (byte) 0x23, (byte) 0x95,
- (byte) 0xB4, (byte) 0x42, (byte) 0x9C, (byte) 0x64,
- (byte) 0x81, (byte) 0x39, (byte) 0x05, (byte) 0x3F,
- (byte) 0xB5, (byte) 0x21, (byte) 0xF8, (byte) 0x28,
- (byte) 0xAF, (byte) 0x60, (byte) 0x6B, (byte) 0x4D,
- (byte) 0x3D, (byte) 0xBA, (byte) 0xA1, (byte) 0x4B,
- (byte) 0x5E, (byte) 0x77, (byte) 0xEF, (byte) 0xE7,
- (byte) 0x59, (byte) 0x28, (byte) 0xFE, (byte) 0x1D,
- (byte) 0xC1, (byte) 0x27, (byte) 0xA2, (byte) 0xFF,
- (byte) 0xA8, (byte) 0xDE, (byte) 0x33, (byte) 0x48,
- (byte) 0xB3, (byte) 0xC1, (byte) 0x85, (byte) 0x6A,
- (byte) 0x42, (byte) 0x9B, (byte) 0xF9, (byte) 0x7E,
- (byte) 0x7E, (byte) 0x31, (byte) 0xC2, (byte) 0xE5,
- (byte) 0xBD, (byte) 0x66};
-
+ (byte) 0x00, (byte) 0xC6, (byte) 0x85, (byte) 0x8E,
+ (byte) 0x06, (byte) 0xB7, (byte) 0x04, (byte) 0x04,
+ (byte) 0xE9, (byte) 0xCD, (byte) 0x9E, (byte) 0x3E,
+ (byte) 0xCB, (byte) 0x66, (byte) 0x23, (byte) 0x95,
+ (byte) 0xB4, (byte) 0x42, (byte) 0x9C, (byte) 0x64,
+ (byte) 0x81, (byte) 0x39, (byte) 0x05, (byte) 0x3F,
+ (byte) 0xB5, (byte) 0x21, (byte) 0xF8, (byte) 0x28,
+ (byte) 0xAF, (byte) 0x60, (byte) 0x6B, (byte) 0x4D,
+ (byte) 0x3D, (byte) 0xBA, (byte) 0xA1, (byte) 0x4B,
+ (byte) 0x5E, (byte) 0x77, (byte) 0xEF, (byte) 0xE7,
+ (byte) 0x59, (byte) 0x28, (byte) 0xFE, (byte) 0x1D,
+ (byte) 0xC1, (byte) 0x27, (byte) 0xA2, (byte) 0xFF,
+ (byte) 0xA8, (byte) 0xDE, (byte) 0x33, (byte) 0x48,
+ (byte) 0xB3, (byte) 0xC1, (byte) 0x85, (byte) 0x6A,
+ (byte) 0x42, (byte) 0x9B, (byte) 0xF9, (byte) 0x7E,
+ (byte) 0x7E, (byte) 0x31, (byte) 0xC2, (byte) 0xE5,
+ (byte) 0xBD, (byte) 0x66};
+
// second part of G uncompressed
public static final byte[] EC521_FP_G_Y = new byte[]{
- (byte) 0x01, (byte) 0x18, (byte) 0x39, (byte) 0x29,
- (byte) 0x6A, (byte) 0x78, (byte) 0x9A, (byte) 0x3B,
- (byte) 0xC0, (byte) 0x04, (byte) 0x5C, (byte) 0x8A,
- (byte) 0x5F, (byte) 0xB4, (byte) 0x2C, (byte) 0x7D,
- (byte) 0x1B, (byte) 0xD9, (byte) 0x98, (byte) 0xF5,
- (byte) 0x44, (byte) 0x49, (byte) 0x57, (byte) 0x9B,
- (byte) 0x44, (byte) 0x68, (byte) 0x17, (byte) 0xAF,
- (byte) 0xBD, (byte) 0x17, (byte) 0x27, (byte) 0x3E,
- (byte) 0x66, (byte) 0x2C, (byte) 0x97, (byte) 0xEE,
- (byte) 0x72, (byte) 0x99, (byte) 0x5E, (byte) 0xF4,
- (byte) 0x26, (byte) 0x40, (byte) 0xC5, (byte) 0x50,
- (byte) 0xB9, (byte) 0x01, (byte) 0x3F, (byte) 0xAD,
- (byte) 0x07, (byte) 0x61, (byte) 0x35, (byte) 0x3C,
- (byte) 0x70, (byte) 0x86, (byte) 0xA2, (byte) 0x72,
- (byte) 0xC2, (byte) 0x40, (byte) 0x88, (byte) 0xBE,
- (byte) 0x94, (byte) 0x76, (byte) 0x9F, (byte) 0xD1,
- (byte) 0x66, (byte) 0x50};
+ (byte) 0x01, (byte) 0x18, (byte) 0x39, (byte) 0x29,
+ (byte) 0x6A, (byte) 0x78, (byte) 0x9A, (byte) 0x3B,
+ (byte) 0xC0, (byte) 0x04, (byte) 0x5C, (byte) 0x8A,
+ (byte) 0x5F, (byte) 0xB4, (byte) 0x2C, (byte) 0x7D,
+ (byte) 0x1B, (byte) 0xD9, (byte) 0x98, (byte) 0xF5,
+ (byte) 0x44, (byte) 0x49, (byte) 0x57, (byte) 0x9B,
+ (byte) 0x44, (byte) 0x68, (byte) 0x17, (byte) 0xAF,
+ (byte) 0xBD, (byte) 0x17, (byte) 0x27, (byte) 0x3E,
+ (byte) 0x66, (byte) 0x2C, (byte) 0x97, (byte) 0xEE,
+ (byte) 0x72, (byte) 0x99, (byte) 0x5E, (byte) 0xF4,
+ (byte) 0x26, (byte) 0x40, (byte) 0xC5, (byte) 0x50,
+ (byte) 0xB9, (byte) 0x01, (byte) 0x3F, (byte) 0xAD,
+ (byte) 0x07, (byte) 0x61, (byte) 0x35, (byte) 0x3C,
+ (byte) 0x70, (byte) 0x86, (byte) 0xA2, (byte) 0x72,
+ (byte) 0xC2, (byte) 0x40, (byte) 0x88, (byte) 0xBE,
+ (byte) 0x94, (byte) 0x76, (byte) 0x9F, (byte) 0xD1,
+ (byte) 0x66, (byte) 0x50};
// Order of G
public static final byte[] EC521_FP_R = new byte[]{
- (byte) 0x01, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
- (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFA,
- (byte) 0x51, (byte) 0x86, (byte) 0x87, (byte) 0x83,
- (byte) 0xBF, (byte) 0x2F, (byte) 0x96, (byte) 0x6B,
- (byte) 0x7F, (byte) 0xCC, (byte) 0x01, (byte) 0x48,
- (byte) 0xF7, (byte) 0x09, (byte) 0xA5, (byte) 0xD0,
- (byte) 0x3B, (byte) 0xB5, (byte) 0xC9, (byte) 0xB8,
- (byte) 0x89, (byte) 0x9C, (byte) 0x47, (byte) 0xAE,
- (byte) 0xBB, (byte) 0x6F, (byte) 0xB7, (byte) 0x1E,
- (byte) 0x91, (byte) 0x38, (byte) 0x64, (byte) 0x09};
-
+ (byte) 0x01, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFA,
+ (byte) 0x51, (byte) 0x86, (byte) 0x87, (byte) 0x83,
+ (byte) 0xBF, (byte) 0x2F, (byte) 0x96, (byte) 0x6B,
+ (byte) 0x7F, (byte) 0xCC, (byte) 0x01, (byte) 0x48,
+ (byte) 0xF7, (byte) 0x09, (byte) 0xA5, (byte) 0xD0,
+ (byte) 0x3B, (byte) 0xB5, (byte) 0xC9, (byte) 0xB8,
+ (byte) 0x89, (byte) 0x9C, (byte) 0x47, (byte) 0xAE,
+ (byte) 0xBB, (byte) 0x6F, (byte) 0xB7, (byte) 0x1E,
+ (byte) 0x91, (byte) 0x38, (byte) 0x64, (byte) 0x09};
+
// cofactor of G
public static final short EC521_FP_K = 1;
+ //sect163r1 from http://www.secg.org/sec2-v2.pdf
+ // [short i1, short i2, short i3] f = x^163 + x^i1 + x^i2 + x^i3 + 1
+ public static final byte[] EC163_F2M_F = new byte[]{
+ (byte) 0, (byte) 7, (byte) 0, (byte) 6, (byte) 0, (byte) 3
+ };
+ public static final byte[] EC163_F2M_A = new byte[]{
+ (byte) 0x07, (byte) 0xB6, (byte) 0x88, (byte) 0x2C,
+ (byte) 0xAA, (byte) 0xEF, (byte) 0xA8, (byte) 0x4F,
+ (byte) 0x95, (byte) 0x54, (byte) 0xFF, (byte) 0x84,
+ (byte) 0x28, (byte) 0xBD, (byte) 0x88, (byte) 0xE2,
+ (byte) 0x46, (byte) 0xD2, (byte) 0x78, (byte) 0x2A,
+ (byte) 0xE2
+ };
-
- public static final byte VALID_KEY = 1;
- public static final byte INVALIDB_FIXED = 2;
- public static final byte INVALIDB_RANDOM = 3;
+ public static final byte[] EC163_F2M_B = new byte[]{
+ (byte) 0x07, (byte) 0x13, (byte) 0x61, (byte) 0x2D,
+ (byte) 0xCD, (byte) 0xDC, (byte) 0xB4, (byte) 0x0A,
+ (byte) 0xAB, (byte) 0x94, (byte) 0x6B, (byte) 0xDA,
+ (byte) 0x29, (byte) 0xCA, (byte) 0x91, (byte) 0xF7,
+ (byte) 0x3A, (byte) 0xF9, (byte) 0x58, (byte) 0xAF,
+ (byte) 0xD9
+ };
- public static void setValidECKeyParams(ECPublicKey ecPubKey, ECPrivateKey ecPrivKey, byte ecClass, short ecLength, byte[] auxBuffer) {
- setECKeyParams(ecPubKey, ecPrivKey, ecClass, ecLength, auxBuffer, VALID_KEY);
- }
- public static void setInValidECKeyParams(ECPublicKey ecPubKey, ECPrivateKey ecPrivKey, byte ecClass, short ecLength, byte[] auxBuffer) {
- setECKeyParams(ecPubKey, ecPrivKey, ecClass, ecLength, auxBuffer, INVALIDB_FIXED);
- }
- public static void setInValidECKeyParamsRandomB(ECPublicKey ecPubKey, ECPrivateKey ecPrivKey, byte ecClass, short ecLength, byte[] auxBuffer) {
- setECKeyParams(ecPubKey, ecPrivKey, ecClass, ecLength, auxBuffer, INVALIDB_RANDOM);
- }
- private static void setECKeyParams(ECPublicKey ecPubKey, ECPrivateKey ecPrivKey, byte ecClass, short ecLength, byte[] auxBuffer, byte bInvalidKeyType) {
- if (ecClass == KeyPair.ALG_EC_FP) {
- // Select proper courve parameters
- switch (ecLength) {
- case (short) 128: {
- EC_FP_P = EC128_FP_P;
- EC_FP_A = EC128_FP_A;
- EC_FP_B = EC128_FP_B;
- EC_FP_G_X = EC128_FP_G_X;
- EC_FP_G_Y = EC128_FP_G_Y;
- EC_FP_R = EC128_FP_R;
- EC_FP_K = EC128_FP_K;
- break;
- }
- case (short) 160: {
- EC_FP_P = EC160_FP_P;
- EC_FP_A = EC160_FP_A;
- EC_FP_B = EC160_FP_B;
- EC_FP_G_X = EC160_FP_G_X;
- EC_FP_G_Y = EC160_FP_G_Y;
- EC_FP_R = EC160_FP_R;
- EC_FP_K = EC160_FP_K;
- break;
- }
- case (short) 192: {
- EC_FP_P = EC192_FP_P;
- EC_FP_A = EC192_FP_A;
- EC_FP_B = EC192_FP_B;
- EC_FP_G_X = EC192_FP_G_X;
- EC_FP_G_Y = EC192_FP_G_Y;
- EC_FP_R = EC192_FP_R;
- EC_FP_K = EC192_FP_K;
- break;
- }
- case (short) 224: {
- EC_FP_P = EC224_FP_P;
- EC_FP_A = EC224_FP_A;
- EC_FP_B = EC224_FP_B;
- EC_FP_G_X = EC224_FP_G_X;
- EC_FP_G_Y = EC224_FP_G_Y;
- EC_FP_R = EC224_FP_R;
- EC_FP_K = EC224_FP_K;
- break;
- }
- case (short) 256: {
- EC_FP_P = EC256_FP_P;
- EC_FP_A = EC256_FP_A;
- EC_FP_B = EC256_FP_B;
- EC_FP_G_X = EC256_FP_G_X;
- EC_FP_G_Y = EC256_FP_G_Y;
- EC_FP_R = EC256_FP_R;
- EC_FP_K = EC256_FP_K;
- break;
- }
- case (short) 384: {
- EC_FP_P = EC384_FP_P;
- EC_FP_A = EC384_FP_A;
- EC_FP_B = EC384_FP_B;
- EC_FP_G_X = EC384_FP_G_X;
- EC_FP_G_Y = EC384_FP_G_Y;
- EC_FP_R = EC384_FP_R;
- EC_FP_K = EC384_FP_K;
- break;
- }
- case (short) 521: {
- EC_FP_P = EC521_FP_P;
- EC_FP_A = EC521_FP_A;
- EC_FP_B = EC521_FP_B;
- EC_FP_G_X = EC521_FP_G_X;
- EC_FP_G_Y = EC521_FP_G_Y;
- EC_FP_R = EC521_FP_R;
- EC_FP_K = EC521_FP_K;
- break;
- }
- default: {
+ // G in compressed form / first part of ucompressed
+ public static final byte[] EC163_F2M_G_X = new byte[]{
+ (byte) 0x03, (byte) 0x69, (byte) 0x97, (byte) 0x96,
+ (byte) 0x97, (byte) 0xAB, (byte) 0x43, (byte) 0x89,
+ (byte) 0x77, (byte) 0x89, (byte) 0x56, (byte) 0x67,
+ (byte) 0x89, (byte) 0x56, (byte) 0x7F, (byte) 0x78,
+ (byte) 0x7A, (byte) 0x78, (byte) 0x76, (byte) 0xA6,
+ (byte) 0x54
+ };
+
+ // second part of G uncompressed
+ public static final byte[] EC163_F2M_G_Y = new byte[]{
+ (byte) 0x00, (byte) 0x43, (byte) 0x5E, (byte) 0xDB,
+ (byte) 0x42, (byte) 0xEF, (byte) 0xAF, (byte) 0xB2,
+ (byte) 0x98, (byte) 0x9D, (byte) 0x51, (byte) 0xFE,
+ (byte) 0xFC, (byte) 0xE3, (byte) 0xC8, (byte) 0x09,
+ (byte) 0x88, (byte) 0xF4, (byte) 0x1F, (byte) 0xF8,
+ (byte) 0x83
+ };
+
+ // order of G
+ public static final byte[] EC163_F2M_R = new byte[]{
+ (byte) 0x03, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0x48,
+ (byte) 0xAA, (byte) 0xB6, (byte) 0x89, (byte) 0xC2,
+ (byte) 0x9C, (byte) 0xA7, (byte) 0x10, (byte) 0x27,
+ (byte) 0x9B
+ };
+
+ // cofactor of G
+ public static final short EC163_F2M_K = 2;
+
+ // getCorruptCurveParameter PARAMETER_CORRUPTION TYPES
+ public static final short CORRUPTION_NONE = 0x01;
+ public static final short CORRUPTION_FIXED = 0x02;
+ public static final short CORRUPTION_FULLRANDOM = 0x03;
+ public static final short CORRUPTION_ONEBYTERANDOM = 0x04;
+ public static final short CORRUPTION_ZERO = 0x05;
+ public static final short CORRUPTION_ONE = 0x06;
+
+ // Supported embedded curves, getCurveParameter
+ // SECP recommended curves over FP
+ public static final byte CURVE_secp128r1 = 1;
+ public static final byte CURVE_secp160r1 = 2;
+ public static final byte CURVE_secp192r1 = 3;
+ public static final byte CURVE_secp224r1 = 4;
+ public static final byte CURVE_secp256r1 = 5;
+ public static final byte CURVE_secp384r1 = 6;
+ public static final byte CURVE_secp521r1 = 7;
+
+ public static final byte FP_CURVES = 7;
+
+ // SECP recommended curves over F2M
+ public static final byte CURVE_sect163r1 = 8;
+ public static final byte CURVE_sect233r1 = 9;
+ public static final byte CURVE_sect283r1 = 10;
+ public static final byte CURVE_sect409r1 = 11;
+ public static final byte CURVE_sect571r1 = 12;
+
+ public static final byte F2M_CURVES = 12;
+
+ public static byte getCurve(short keyClass, short keyLength) {
+ if (keyClass == KeyPair.ALG_EC_FP) {
+ switch (keyLength) {
+ case (short) 128:
+ return CURVE_secp128r1;
+ case (short) 160:
+ return CURVE_secp160r1;
+ case (short) 192:
+ return CURVE_secp192r1;
+ case (short) 224:
+ return CURVE_secp224r1;
+ case (short) 256:
+ return CURVE_secp256r1;
+ case (short) 384:
+ return CURVE_secp384r1;
+ case (short) 521:
+ return CURVE_secp521r1;
+ default:
ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
- }
}
-
- // prepare an ANSI X9.62 uncompressed EC point representation for G
- short gSize = (short) 1;
- gSize += (short) EC_FP_G_X.length;
- gSize += (short) EC_FP_G_Y.length;
- auxBuffer[0] = 0x04;
- short off = 1;
- off = Util.arrayCopyNonAtomic(EC_FP_G_X, (short) 0, auxBuffer, off, (short) EC_FP_G_X.length);
- Util.arrayCopyNonAtomic(EC_FP_G_Y, (short) 0, auxBuffer, off, (short) EC_FP_G_Y.length);
- ecPubKey.setG(auxBuffer, (short) 0, gSize);
- ecPrivKey.setG(auxBuffer, (short) 0, gSize);
-
- // pre-set basic EC parameters:
- ecPubKey.setFieldFP(EC_FP_P, (short) 0, (short) EC_FP_P.length);
- ecPrivKey.setFieldFP(EC_FP_P, (short) 0, (short) EC_FP_P.length);
- ecPubKey.setA(EC_FP_A, (short) 0, (short) EC_FP_A.length);
- ecPrivKey.setA(EC_FP_A, (short) 0, (short) EC_FP_A.length);
-
- if (bInvalidKeyType == VALID_KEY) {
- // No corruption
- ecPubKey.setB(EC_FP_B, (short) 0, (short) EC_FP_B.length);
+ } else if (keyClass == KeyPair.ALG_EC_F2M) {
+ switch (keyLength) {
+ case (short) 163:
+ return CURVE_sect163r1;
+ case (short) 233:
+ return CURVE_sect233r1;
+ case (short) 283:
+ return CURVE_sect283r1;
+ case (short) 409:
+ return CURVE_sect409r1;
+ case (short) 571:
+ return CURVE_sect571r1;
+ default:
+ ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
+ }
+ } else {
+ ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
+ }
+ return 0; //will not be reached
+ }
+
+ public static short getCurveParameter(byte curve, byte param, byte[] outputBuffer, short outputOffset) {
+ byte alg = getCurveType(curve);
+ switch (curve) {
+ case CURVE_secp128r1: {
+ EC_FP_P = EC128_FP_P;
+ EC_A = EC128_FP_A;
+ EC_B = EC128_FP_B;
+ EC_G_X = EC128_FP_G_X;
+ EC_G_Y = EC128_FP_G_Y;
+ EC_R = EC128_FP_R;
+ EC_K = EC128_FP_K;
+ break;
+ }
+ case CURVE_secp160r1: {
+ EC_FP_P = EC160_FP_P;
+ EC_A = EC160_FP_A;
+ EC_B = EC160_FP_B;
+ EC_G_X = EC160_FP_G_X;
+ EC_G_Y = EC160_FP_G_Y;
+ EC_R = EC160_FP_R;
+ EC_K = EC160_FP_K;
+ break;
+ }
+ case CURVE_secp192r1: {
+ EC_FP_P = EC192_FP_P;
+ EC_A = EC192_FP_A;
+ EC_B = EC192_FP_B;
+ EC_G_X = EC192_FP_G_X;
+ EC_G_Y = EC192_FP_G_Y;
+ EC_R = EC192_FP_R;
+ EC_K = EC192_FP_K;
+ break;
+ }
+ case CURVE_secp224r1: {
+ EC_FP_P = EC224_FP_P;
+ EC_A = EC224_FP_A;
+ EC_B = EC224_FP_B;
+ EC_G_X = EC224_FP_G_X;
+ EC_G_Y = EC224_FP_G_Y;
+ EC_R = EC224_FP_R;
+ EC_K = EC224_FP_K;
+ break;
+ }
+ case CURVE_secp256r1: {
+ EC_FP_P = EC256_FP_P;
+ EC_A = EC256_FP_A;
+ EC_B = EC256_FP_B;
+ EC_G_X = EC256_FP_G_X;
+ EC_G_Y = EC256_FP_G_Y;
+ EC_R = EC256_FP_R;
+ EC_K = EC256_FP_K;
+ break;
+ }
+ case CURVE_secp384r1: {
+ EC_FP_P = EC384_FP_P;
+ EC_A = EC384_FP_A;
+ EC_B = EC384_FP_B;
+ EC_G_X = EC384_FP_G_X;
+ EC_G_Y = EC384_FP_G_Y;
+ EC_R = EC384_FP_R;
+ EC_K = EC384_FP_K;
+ break;
}
- if (bInvalidKeyType == INVALIDB_FIXED) {
- // corrupt curve if required for testing
- Util.arrayCopyNonAtomic(EC_FP_B, (short) 0, auxBuffer, (short) 0, (short) EC_FP_B.length);
- auxBuffer[(byte) 10] = (byte) 0xcc;
- auxBuffer[(byte) 11] = (byte) 0xcc;
- ecPubKey.setB(auxBuffer, (short) 0, (short) EC_FP_B.length);
+ case CURVE_secp521r1: {
+ EC_FP_P = EC521_FP_P;
+ EC_A = EC521_FP_A;
+ EC_B = EC521_FP_B;
+ EC_G_X = EC521_FP_G_X;
+ EC_G_Y = EC521_FP_G_Y;
+ EC_R = EC521_FP_R;
+ EC_K = EC521_FP_K;
+ break;
}
- if (bInvalidKeyType == INVALIDB_RANDOM) {
- // corrupt curve if required for testing
- m_random.generateData(auxBuffer, (short) 0, (short) EC_FP_B.length);
- ecPubKey.setB(auxBuffer, (short) 0, (short) EC_FP_B.length);
+ case CURVE_sect163r1: {
+ EC_F2M_F2M = EC163_F2M_F;
+ EC_A = EC163_F2M_A;
+ EC_B = EC163_F2M_B;
+ EC_G_X = EC163_F2M_G_X;
+ EC_G_Y = EC163_F2M_G_Y;
+ EC_R = EC163_F2M_R;
+ EC_K = EC163_F2M_K;
+ break;
}
- ecPrivKey.setB(EC_FP_B, (short) 0, (short) EC_FP_B.length);
-
- ecPubKey.setR(EC_FP_R, (short) 0, (short) EC_FP_R.length);
- ecPrivKey.setR(EC_FP_R, (short) 0, (short) EC_FP_R.length);
+ default:
+ ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
+ }
+ short length = 0;
+ switch (param) {
+ case PARAMETER_FP:
+ if (alg == KeyPair.ALG_EC_FP) {
+ length = Util.arrayCopyNonAtomic(outputBuffer, outputOffset, EC_FP_P, (short) 0, (short) EC_FP_P.length);
+ }
+ break;
+ case PARAMETER_F2M:
+ if (alg == KeyPair.ALG_EC_F2M) {
+ length = Util.arrayCopyNonAtomic(outputBuffer, outputOffset, EC_F2M_F2M, (short) 0, (short) EC_F2M_F2M.length);
+ }
+ break;
+ case PARAMETER_A:
+ length = Util.arrayCopyNonAtomic(outputBuffer, outputOffset, EC_A, (short) 0, (short) EC_A.length);
+ break;
+ case PARAMETER_B:
+ length = Util.arrayCopyNonAtomic(outputBuffer, outputOffset, EC_B, (short) 0, (short) EC_B.length);
+ break;
+ case PARAMETER_G:
+ length = decompressG(outputBuffer, outputOffset, EC_G_X, (short) 0, (short) EC_G_X.length, EC_G_Y, (short) 0, (short) EC_G_Y.length);
+ break;
+ case PARAMETER_R:
+ length = Util.arrayCopyNonAtomic(outputBuffer, outputOffset, EC_R, (short) 0, (short) EC_R.length);
+ break;
+ case PARAMETER_K:
+ length = 2;
+ Util.setShort(outputBuffer, outputOffset, EC_K);
+ break;
+ default:
+ length = -1;
+ }
+ return length;
+ }
- ecPubKey.setK(EC_FP_K);
- ecPrivKey.setK(EC_FP_K);
+ public static short getCorruptCurveParameter(byte curve, byte param, byte[] outputBuffer, short outputOffset, short corruptionType) {
+ short length = getCurveParameter(curve, param, outputBuffer, outputOffset);
+ if (length <= 0) {
+ return length;
}
- if (ecClass == KeyPair.ALG_EC_F2M) {
- // Not supported yet
- ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
+ switch (corruptionType) {
+ case CORRUPTION_NONE:
+ break;
+ case CORRUPTION_FIXED:
+ if (length >= 1) {
+ outputBuffer[outputOffset] = (byte) 0xcc;
+ outputBuffer[(short) (outputOffset + length - 1)] = (byte) 0xcc;
+ }
+ break;
+ case CORRUPTION_FULLRANDOM:
+ m_random.generateData(outputBuffer, outputOffset, length);
+ break;
+ case CORRUPTION_ONEBYTERANDOM:
+ short first = Util.getShort(outputBuffer, (short) 0); // save first two bytes
+
+ m_random.generateData(outputBuffer, (short) 0, (short) 2); // generate position
+ short rngPos = Util.getShort(outputBuffer, (short) 0); // save generated position
+
+ Util.setShort(outputBuffer, (short) 0, first); // restore first two bytes
+
+ if (rngPos < 0) { // make positive
+ rngPos = (short) -rngPos;
+ }
+ rngPos %= length; // make < param length
+
+ byte original = outputBuffer[rngPos];
+ while (original != outputBuffer[rngPos]){
+ m_random.generateData(outputBuffer, rngPos, (short) 1);
+ }
+ break;
+ case CORRUPTION_ZERO:
+ Util.arrayFillNonAtomic(outputBuffer, outputOffset, length, (byte) 0);
+ break;
+ case CORRUPTION_ONE:
+ Util.arrayFillNonAtomic(outputBuffer, outputOffset, length, (byte) 1);
+ break;
+ default:
+ ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
}
-
- }
-/*
- void setFPCurveParams(ECPublicKey ecPubKey, byte[] EC_FP_P, byte[] EC_FP_A, EC_FP_B) {
- ecPubKey.setFieldFP(EC_FP_P, (short) 0, (short) EC_FP_P.length);
- ecPrivKey.setA(EC_FP_A, (short) 0, (short) EC_FP_A.length);
- ecPrivKey.setB(EC_FP_B, (short) 0, (short) EC_FP_B.length);
- ecPrivKey.setG(auxBuffer, (short) 0, gSize);
- ecPrivKey.setR(EC_FP_R, (short) 0, (short) EC_FP_R.length);
- ecPrivKey.setK(EC_FP_K);
+ return length;
+ }
+
+ public static byte getCurveType(byte curve) {
+ return curve <= FP_CURVES ? KeyPair.ALG_EC_FP : KeyPair.ALG_EC_F2M;
+ }
+
+ private static short decompressG(byte[] outputBuffer, short outputOffset, byte[] gx, short gxOffset, short gxLength, byte[] gy, short gyOffset, short gyLength) {
+ short size = 1;
+ size += gxLength;
+ size += gyLength;
+ short offset = outputOffset;
+ offset += 1;
+
+ outputBuffer[offset] = 0x04;
+ offset = Util.arrayCopyNonAtomic(gx, gxOffset, outputBuffer, offset, gxLength);
+ Util.arrayCopyNonAtomic(gy, gyOffset, outputBuffer, offset, gyLength);
+ return size;
}
-
- , ECPrivateKey ecPrivKey ,
-*/
}
diff --git a/src/applets/SimpleECCApplet.java b/src/applets/SimpleECCApplet.java
index 720ee4e..79abd0e 100644
--- a/src/applets/SimpleECCApplet.java
+++ b/src/applets/SimpleECCApplet.java
@@ -6,97 +6,85 @@ package applets;
import javacard.framework.*;
import javacard.security.*;
-import javacardx.crypto.*;
-public class SimpleECCApplet extends javacard.framework.Applet
-{
+import javax.print.attribute.standard.MediaSize;
+
+public class SimpleECCApplet extends javacard.framework.Applet {
// MAIN INSTRUCTION CLASS
- final static byte CLA_SIMPLEECCAPPLET = (byte) 0xB0;
+ final static byte CLA_SIMPLEECCAPPLET = (byte) 0xB0;
// INSTRUCTIONS
- final static byte INS_GENERATEKEY = (byte) 0x5a;
- final static byte INS_ALLOCATEKEYPAIRS = (byte) 0x5b;
-
- final static byte INS_ALLOCATEKEYPAIR = (byte) 0x5c;
- final static byte INS_DERIVEECDHSECRET = (byte) 0x5d;
-
- final static byte INS_TESTECSUPPORTALL_FP = (byte) 0x5e;
- final static byte INS_TESTECSUPPORTALL_F2M = (byte) 0x5f;
- final static byte INS_TESTEC_GENERATEINVALID_FP = (byte) 0x70;
- final static byte INS_TESTECSUPPORT_GIVENALG = (byte) 0x71;
- final static byte INS_TESTEC_LASTUSEDPARAMS = (byte) 0x40;
-
-
-
+ final static byte INS_GENERATEKEY = (byte) 0x5a;
+ final static byte INS_ALLOCATEKEYPAIRS = (byte) 0x5b;
+
+ final static byte INS_ALLOCATEKEYPAIR = (byte) 0x5c;
+ final static byte INS_DERIVEECDHSECRET = (byte) 0x5d;
- final static short ARRAY_LENGTH = (short) 0xff;
- final static byte AES_BLOCK_LENGTH = (short) 0x16;
+ final static byte INS_TESTECSUPPORTALL_FP = (byte) 0x5e;
+ final static byte INS_TESTECSUPPORTALL_F2M = (byte) 0x5f;
+ final static byte INS_TESTEC_GENERATEINVALID_FP = (byte) 0x70;
+ final static byte INS_TESTECSUPPORT_GIVENALG = (byte) 0x71;
+ final static byte INS_TESTEC_LASTUSEDPARAMS = (byte) 0x40;
+
+
+ final static short ARRAY_LENGTH = (short) 0xff;
+ final static byte AES_BLOCK_LENGTH = (short) 0x16;
final static short EC_LENGTH_BITS = KeyBuilder.LENGTH_EC_FP_192;
//final static short EC_LENGTH_BITS = KeyBuilder.LENGTH_EC_FP_160;
//final static short EC_LENGTH_BITS = (short) 256;
-
- public final static byte ECTEST_SEPARATOR = (byte) 0xff;
- public final static byte ECTEST_ALLOCATE_KEYPAIR = (byte) 0xc1;
- public final static byte ECTEST_GENERATE_KEYPAIR_DEFCURVE = (byte) 0xc2;
- public final static byte ECTEST_SET_VALIDCURVE = (byte) 0xc3;
+
+ public final static byte ECTEST_SEPARATOR = (byte) 0xff;
+ public final static byte ECTEST_ALLOCATE_KEYPAIR = (byte) 0xc1;
+ public final static byte ECTEST_GENERATE_KEYPAIR_DEFCURVE = (byte) 0xc2;
+ public final static byte ECTEST_SET_VALIDCURVE = (byte) 0xc3;
public final static byte ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE = (byte) 0xc4;
- public final static byte ECTEST_SET_INVALIDCURVE = (byte) 0xc5;
+ public final static byte ECTEST_SET_INVALIDCURVE = (byte) 0xc5;
public final static byte ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE = (byte) 0xc6;
public final static byte ECTEST_ECDH_AGREEMENT_VALID_POINT = (byte) 0xc7;
public final static byte ECTEST_ECDH_AGREEMENT_INVALID_POINT = (byte) 0xc8;
public final static byte ECTEST_EXECUTED_REPEATS = (byte) 0xc9;
public final static byte ECTEST_DH_GENERATESECRET = (byte) 0xca;
- public final static short FLAG_ECTEST_ALLOCATE_KEYPAIR = (short) 0x0001;
+ public final static short FLAG_ECTEST_ALLOCATE_KEYPAIR = (short) 0x0001;
public final static short FLAG_ECTEST_GENERATE_KEYPAIR_DEFCURVE = (short) 0x0002;
- public final static short FLAG_ECTEST_SET_VALIDCURVE = (short) 0x0004;
+ public final static short FLAG_ECTEST_SET_VALIDCURVE = (short) 0x0004;
public final static short FLAG_ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE = (short) 0x0008;
- public final static short FLAG_ECTEST_SET_INVALIDCURVE = (short) 0x0010;
+ public final static short FLAG_ECTEST_SET_INVALIDCURVE = (short) 0x0010;
public final static short FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE = (short) 0x0020;
public final static short FLAG_ECTEST_ECDH_AGREEMENT_VALID_POINT = (short) 0x0040;
public final static short FLAG_ECTEST_ECDH_AGREEMENT_INVALID_POINT = (short) 0x0080;
-
+
public final static short FLAG_ECTEST_ALL = (short) 0x00ff;
-
- public final static short CORRUPT_B_FULLRANDOM = (short) 0x0001;
- public final static short CORRUPT_B_ONEBYTERANDOM = (short) 0x0002;
- public final static short CORRUPT_B_LASTBYTEINCREMENT = (short) 0x0003;
-
-
-
+
+
public final static short SW_SKIPPED = (short) 0x0ee1;
public final static short SW_KEYPAIR_GENERATED_INVALID = (short) 0x0ee2;
public final static short SW_INVALID_CORRUPTION_TYPE = (short) 0x0ee3;
-/*
+ /*
+ public static final byte[] EC192_FP_PUBLICW = new byte[]{
+ (byte) 0x04, (byte) 0xC9, (byte) 0xC0, (byte) 0xED, (byte) 0xFB, (byte) 0x27,
+ (byte) 0xB7, (byte) 0x1E, (byte) 0xBE, (byte) 0x30, (byte) 0x93, (byte) 0xFC,
+ (byte) 0x4F, (byte) 0x33, (byte) 0x76, (byte) 0x38, (byte) 0xCE, (byte) 0xE0,
+ (byte) 0x2F, (byte) 0x78, (byte) 0xF6, (byte) 0x3C, (byte) 0xEA, (byte) 0x90,
+ (byte) 0x22, (byte) 0x61, (byte) 0x32, (byte) 0x8E, (byte) 0x9F, (byte) 0x03,
+ (byte) 0x8A, (byte) 0xFD, (byte) 0x60, (byte) 0xA0, (byte) 0xCE, (byte) 0x01,
+ (byte) 0x9B, (byte) 0x76, (byte) 0x34, (byte) 0x59, (byte) 0x79, (byte) 0x64,
+ (byte) 0xD7, (byte) 0x79, (byte) 0x8E, (byte) 0x3B, (byte) 0x16, (byte) 0xD5,
+ (byte) 0x15};
+ */
public static final byte[] EC192_FP_PUBLICW = new byte[]{
- (byte) 0x04, (byte) 0xC9, (byte) 0xC0, (byte) 0xED, (byte) 0xFB, (byte) 0x27,
- (byte) 0xB7, (byte) 0x1E, (byte) 0xBE, (byte) 0x30, (byte) 0x93, (byte) 0xFC,
- (byte) 0x4F, (byte) 0x33, (byte) 0x76, (byte) 0x38, (byte) 0xCE, (byte) 0xE0,
- (byte) 0x2F, (byte) 0x78, (byte) 0xF6, (byte) 0x3C, (byte) 0xEA, (byte) 0x90,
- (byte) 0x22, (byte) 0x61, (byte) 0x32, (byte) 0x8E, (byte) 0x9F, (byte) 0x03,
- (byte) 0x8A, (byte) 0xFD, (byte) 0x60, (byte) 0xA0, (byte) 0xCE, (byte) 0x01,
- (byte) 0x9B, (byte) 0x76, (byte) 0x34, (byte) 0x59, (byte) 0x79, (byte) 0x64,
- (byte) 0xD7, (byte) 0x79, (byte) 0x8E, (byte) 0x3B, (byte) 0x16, (byte) 0xD5,
- (byte) 0x15};
- */
- public static final byte[] EC192_FP_PUBLICW = new byte[]{
- (byte) 0x04,
- (byte) 0x9d, (byte) 0x42, (byte) 0x76, (byte) 0x9d, (byte) 0xfd, (byte) 0xbe,
- (byte) 0x11, (byte) 0x3a, (byte) 0x85, (byte) 0x1b, (byte) 0xb6, (byte) 0xb0,
- (byte) 0x1b, (byte) 0x1a, (byte) 0x51, (byte) 0x5d, (byte) 0x89, (byte) 0x3b,
- (byte) 0x5a, (byte) 0xdb, (byte) 0xc1, (byte) 0xf6, (byte) 0x13, (byte) 0x29,
- (byte) 0x74, (byte) 0x74, (byte) 0x9a, (byte) 0xc0, (byte) 0x96, (byte) 0x7a,
- (byte) 0x8f, (byte) 0xf4, (byte) 0xcc, (byte) 0x54, (byte) 0xd9, (byte) 0x31,
- (byte) 0x87, (byte) 0x60, (byte) 0x2d, (byte) 0xd6, (byte) 0x7e, (byte) 0xb3,
- (byte) 0xd2, (byte) 0x29, (byte) 0x70a, (byte) 0xca, (byte) 0x2ca};
-
-
- private KeyPair ecKeyPair = null;
- private KeyPair ecKeyPair128 = null;
- private KeyPair ecKeyPair160 = null;
- private KeyPair ecKeyPair192 = null;
- private KeyPair ecKeyPair256 = null;
+ (byte) 0x04,
+ (byte) 0x9d, (byte) 0x42, (byte) 0x76, (byte) 0x9d, (byte) 0xfd, (byte) 0xbe,
+ (byte) 0x11, (byte) 0x3a, (byte) 0x85, (byte) 0x1b, (byte) 0xb6, (byte) 0xb0,
+ (byte) 0x1b, (byte) 0x1a, (byte) 0x51, (byte) 0x5d, (byte) 0x89, (byte) 0x3b,
+ (byte) 0x5a, (byte) 0xdb, (byte) 0xc1, (byte) 0xf6, (byte) 0x13, (byte) 0x29,
+ (byte) 0x74, (byte) 0x74, (byte) 0x9a, (byte) 0xc0, (byte) 0x96, (byte) 0x7a,
+ (byte) 0x8f, (byte) 0xf4, (byte) 0xcc, (byte) 0x54, (byte) 0xd9, (byte) 0x31,
+ (byte) 0x87, (byte) 0x60, (byte) 0x2d, (byte) 0xd6, (byte) 0x7e, (byte) 0xb3,
+ (byte) 0xd2, (byte) 0x29, (byte) 0x70a, (byte) 0xca, (byte) 0x2ca};
+
+
private ECPublicKey ecPubKey = null;
private ECPublicKey ecPubKey128 = null;
private ECPublicKey ecPubKey160 = null;
@@ -107,56 +95,66 @@ public class SimpleECCApplet extends javacard.framework.Applet
private ECPrivateKey ecPrivKey160 = null;
private ECPrivateKey ecPrivKey192 = null;
private ECPrivateKey ecPrivKey256 = null;
-
+
+ private ECKeyGenerator ecKeyGenerator = null;
+ private ECKeyTester ecKeyTester = null;
+
private KeyAgreement dhKeyAgreement = null;
private RandomData randomData = null;
-
+
// TEMPORARRY ARRAY IN RAM
private byte m_ramArray[] = null;
private byte m_ramArray2[] = null;
// PERSISTENT ARRAY IN EEPROM
- private byte m_dataArray[] = null;
-
- short m_lenB = 0;
+ private byte m_dataArray[] = null;
+
+ short m_lenB = 0;
protected SimpleECCApplet(byte[] buffer, short offset, byte length) {
short dataOffset = offset;
- if(length > 9) {
+ if (length > 9) {
// shift to privilege offset
- dataOffset += (short)( 1 + buffer[offset]);
+ dataOffset += (short) (1 + buffer[offset]);
// finally shift to Application specific offset
- dataOffset += (short)( 1 + buffer[dataOffset]);
+ dataOffset += (short) (1 + buffer[dataOffset]);
// go to proprietary data
dataOffset++;
m_ramArray = JCSystem.makeTransientByteArray(ARRAY_LENGTH, JCSystem.CLEAR_ON_RESET);
m_ramArray2 = JCSystem.makeTransientByteArray(ARRAY_LENGTH, JCSystem.CLEAR_ON_RESET);
-
+
m_dataArray = new byte[ARRAY_LENGTH];
Util.arrayFillNonAtomic(m_dataArray, (short) 0, ARRAY_LENGTH, (byte) 0);
-
+
randomData = RandomData.getInstance(RandomData.ALG_SECURE_RANDOM);
- }
+ EC_Consts.m_random = randomData;
+
+ ecKeyGenerator = new ECKeyGenerator();
+ ecKeyTester = new ECKeyTester();
+ ecKeyTester.allocateECDH();
+ ecKeyTester.allocateECDHC();
+ ecKeyTester.allocateECDSA();
+
+ }
register();
}
public static void install(byte[] bArray, short bOffset, byte bLength) throws ISOException {
// applet instance creation
- new SimpleECCApplet (bArray, bOffset, bLength);
+ new SimpleECCApplet(bArray, bOffset, bLength);
}
public boolean select() {
- return true;
+ return true;
}
public void deselect() {
return;
}
- public void process(APDU apdu) throws ISOException
- {
+ public void process(APDU apdu) throws ISOException {
// get the APDU buffer
byte[] apduBuffer = apdu.getBuffer();
@@ -165,8 +163,8 @@ public class SimpleECCApplet extends javacard.framework.Applet
return;
if (apduBuffer[ISO7816.OFFSET_CLA] == CLA_SIMPLEECCAPPLET) {
- switch ( apduBuffer[ISO7816.OFFSET_INS] ) {
-
+ switch (apduBuffer[ISO7816.OFFSET_INS]) {
+
case INS_TESTECSUPPORT_GIVENALG:
TestEC_SupportGivenLength(apdu);
break;
@@ -177,7 +175,7 @@ public class SimpleECCApplet extends javacard.framework.Applet
TestEC_F2M_SupportAllLengths(apdu);
break;
case INS_ALLOCATEKEYPAIR:
- AllocateKeyPairReturnDefCourve(apdu);
+ AllocateKeyPairReturnDefCurve(apdu);
break;
case INS_DERIVEECDHSECRET:
DeriveECDHSecret(apdu);
@@ -185,7 +183,7 @@ public class SimpleECCApplet extends javacard.framework.Applet
case INS_TESTEC_GENERATEINVALID_FP:
TestEC_FP_GenerateInvalidCurve(apdu);
break;
- case INS_TESTEC_LASTUSEDPARAMS:
+ case INS_TESTEC_LASTUSEDPARAMS:
TestECSupportInvalidCurve_lastUsedParams(apdu);
break;
/*
@@ -195,264 +193,171 @@ public class SimpleECCApplet extends javacard.framework.Applet
case INS_GENERATEKEY:
GenerateKey(apdu);
break;
-*/
- default :
+*/
+ default:
// The INS code is not supported by the dispatcher
- ISOException.throwIt( ISO7816.SW_INS_NOT_SUPPORTED ) ;
- break ;
+ ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
+ break;
}
- }
- else ISOException.throwIt( ISO7816.SW_CLA_NOT_SUPPORTED);
+ } else ISOException.throwIt(ISO7816.SW_CLA_NOT_SUPPORTED);
}
-
+
short TestECSupport(byte keyClass, short keyLen, byte[] buffer, short bufferOffset) {
short baseOffset = bufferOffset;
-
+
short testFlags = FLAG_ECTEST_ALL;
- ecKeyPair = null;
ecPubKey = null;
ecPrivKey = null;
-
- buffer[bufferOffset] = ECTEST_SEPARATOR; bufferOffset++;
- buffer[bufferOffset] = keyClass; bufferOffset++;
- Util.setShort(buffer, bufferOffset, keyLen); bufferOffset += 2;
-
+
+ buffer[bufferOffset] = ECTEST_SEPARATOR;
+ bufferOffset++;
+ buffer[bufferOffset] = keyClass;
+ bufferOffset++;
+ Util.setShort(buffer, bufferOffset, keyLen);
+ bufferOffset += 2;
+
+ short sw;
+
//
// 1. Allocate KeyPair object
//
- buffer[bufferOffset] = ECTEST_ALLOCATE_KEYPAIR; bufferOffset++;
+ buffer[bufferOffset] = ECTEST_ALLOCATE_KEYPAIR;
+ bufferOffset++;
+ sw = SW_SKIPPED;
if ((testFlags & FLAG_ECTEST_ALLOCATE_KEYPAIR) != (short) 0) {
- try {
- ecKeyPair = new KeyPair(keyClass, keyLen);
- Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR); bufferOffset += 2;
- }
- catch (CryptoException e) {
- Util.setShort(buffer, bufferOffset, e.getReason()); bufferOffset += 2;
- testFlags = 0; // Can't continue if keypair was not allocated
- }
- catch (Exception e) {
- Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN);
- bufferOffset += 2;
- testFlags = 0; // Can't continue if keypair was not allocated
+ sw = ecKeyGenerator.allocatePair(keyClass, keyLen);
+
+ if (sw != ISO7816.SW_NO_ERROR) {
+ testFlags = 0; //keyPair allocation failed, cannot continue with tests
}
- } else {
- Util.setShort(buffer, bufferOffset, SW_SKIPPED);
- bufferOffset += 2;
- }
+ }
+ Util.setShort(buffer, bufferOffset, sw);
+ bufferOffset += 2;
+
//
// 2. Test keypair generation without explicit curve (=> default curve preset)
//
buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_DEFCURVE;
bufferOffset++;
+ sw = SW_SKIPPED;
if ((testFlags & FLAG_ECTEST_GENERATE_KEYPAIR_DEFCURVE) != (short) 0) {
- try {
- ecKeyPair.genKeyPair();
- Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR);
- bufferOffset += 2;
- } catch (CryptoException e) {
- Util.setShort(buffer, bufferOffset, e.getReason());
- bufferOffset += 2;
- }
- catch (Exception e) {
- Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN);
- bufferOffset += 2;
- }
- } else {
- Util.setShort(buffer, bufferOffset, SW_SKIPPED);
- bufferOffset += 2;
+ sw = ecKeyGenerator.generatePair();
}
+ Util.setShort(buffer, bufferOffset, sw);
+ bufferOffset += 2;
//
// 3. Set valid custom curve
//
buffer[bufferOffset] = ECTEST_SET_VALIDCURVE;
bufferOffset++;
+ sw = SW_SKIPPED;
if ((testFlags & FLAG_ECTEST_SET_VALIDCURVE) != (short) 0) {
- try {
- ecPubKey = (ECPublicKey) ecKeyPair.getPublic();
- ecPrivKey = (ECPrivateKey) ecKeyPair.getPrivate();
- // Some implementation wil not return valid pub key until ecKeyPair.genKeyPair() is called
- // Other implementation will fail with exception if same is called => try catch
- try {
- if (ecPubKey == null) {
- ecKeyPair.genKeyPair();
- }
- } catch (Exception e) {} // do intentionally nothing
-
- // Initialize curve parameters
- EC_Consts.setValidECKeyParams(ecPubKey, ecPrivKey, keyClass, keyLen, m_ramArray);
- Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR);
- bufferOffset += 2;
- } catch (CryptoException e) {
- Util.setShort(buffer, bufferOffset, e.getReason());
- bufferOffset += 2;
- testFlags &= ~FLAG_ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE; // Don't try generate keypair if valid custom curve was not set
- }
- catch (Exception e) {
- Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN);
- bufferOffset += 2;
- testFlags &= ~FLAG_ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE; // Don't try generate keypair if valid custom curve was not set
+ sw = ecKeyGenerator.setCustomCurve(keyClass, keyLen, m_ramArray, (short) 0);
+
+ if (sw != ISO7816.SW_NO_ERROR) {
+ testFlags &= ~FLAG_ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE;
}
- } else {
- Util.setShort(buffer, bufferOffset, SW_SKIPPED);
- bufferOffset += 2;
}
+ Util.setShort(buffer, bufferOffset, sw);
+ bufferOffset += 2;
//
// 4. Generate keypair with custom curve
//
buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE;
bufferOffset++;
+ sw = SW_SKIPPED;
if ((testFlags & FLAG_ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE) != (short) 0) {
- try {
- ecKeyPair.genKeyPair();
- Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR);
- bufferOffset += 2;
- } catch (CryptoException e) {
- Util.setShort(buffer, bufferOffset, e.getReason());
- bufferOffset += 2;
- } catch (Exception e) {
- Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN);
- bufferOffset += 2;
- }
- } else {
- Util.setShort(buffer, bufferOffset, SW_SKIPPED);
- bufferOffset += 2;
+ sw = ecKeyGenerator.generatePair();
}
-
+ Util.setShort(buffer, bufferOffset, sw);
+ bufferOffset += 2;
+
//
// 5. ECDH agreement with valid public key
//
buffer[bufferOffset] = ECTEST_ECDH_AGREEMENT_VALID_POINT;
bufferOffset++;
+ sw = SW_SKIPPED;
if ((testFlags & FLAG_ECTEST_ECDH_AGREEMENT_VALID_POINT) != (short) 0) {
- try {
- // Generate fresh EC keypair
- ecKeyPair.genKeyPair();
- ecPubKey = (ECPublicKey) ecKeyPair.getPublic();
- ecPrivKey = (ECPrivateKey) ecKeyPair.getPrivate();
- if (dhKeyAgreement == null) {
- dhKeyAgreement = KeyAgreement.getInstance(KeyAgreement.ALG_EC_SVDP_DH, false);
- }
- dhKeyAgreement.init(ecPrivKey);
-
- short pubKeyLen = ecPubKey.getW(m_ramArray, (short) 0);
- short secretLen = dhKeyAgreement.generateSecret(m_ramArray, (short) 0, pubKeyLen, m_ramArray2, (short) 0);
-
- Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR);
- bufferOffset += 2;
- } catch (CryptoException e) {
- Util.setShort(buffer, bufferOffset, e.getReason());
- bufferOffset += 2;
- } catch (Exception e) {
- Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN);
- bufferOffset += 2;
+ sw = ecKeyGenerator.generatePair();
+ ecPubKey = ecKeyGenerator.getPublicKey();
+ ecPrivKey = ecKeyGenerator.getPrivateKey();
+ if (sw == ISO7816.SW_NO_ERROR) {
+ sw = ecKeyTester.testECDH_validPoint(ecPrivKey, ecPubKey, m_ramArray, (short) 0, m_ramArray2, (short) 1);
}
- } else {
- Util.setShort(buffer, bufferOffset, SW_SKIPPED);
- bufferOffset += 2;
}
-
+ Util.setShort(buffer, bufferOffset, sw);
+ bufferOffset += 2;
+
//
// 6. ECDH agreement with invalid public key
//
buffer[bufferOffset] = ECTEST_ECDH_AGREEMENT_INVALID_POINT;
bufferOffset++;
+ sw = SW_SKIPPED;
if ((testFlags & FLAG_ECTEST_ECDH_AGREEMENT_INVALID_POINT) != (short) 0) {
- try {
- // Generate fresh EC keypair
- ecKeyPair.genKeyPair();
- ecPubKey = (ECPublicKey) ecKeyPair.getPublic();
- ecPrivKey = (ECPrivateKey) ecKeyPair.getPrivate();
- dhKeyAgreement.init(ecPrivKey);
-
- short pubKeyLen = ecPubKey.getW(m_ramArray, (short) 0);
- m_ramArray[(byte) 10] = (byte) 0xcc; // Corrupt public key
- m_ramArray[(byte) 11] = (byte) 0xcc;
- short secretLen = dhKeyAgreement.generateSecret(m_ramArray, (short) 0, pubKeyLen, m_ramArray2, (short) 0);
-
- Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR);
- bufferOffset += 2;
- } catch (CryptoException e) {
- Util.setShort(buffer, bufferOffset, e.getReason());
- bufferOffset += 2;
- } catch (Exception e) {
- Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN);
- bufferOffset += 2;
+ sw = ecKeyGenerator.generatePair();
+ ecPubKey = ecKeyGenerator.getPublicKey();
+ ecPrivKey = ecKeyGenerator.getPrivateKey();
+ if (sw == ISO7816.SW_NO_ERROR) {
+ sw = ecKeyTester.testECDH_invalidPoint(ecPrivKey, ecPubKey, m_ramArray, (short) 0, m_ramArray2, (short) 1);
}
- } else {
- Util.setShort(buffer, bufferOffset, SW_SKIPPED);
- bufferOffset += 2;
}
-
+ Util.setShort(buffer, bufferOffset, sw);
+ bufferOffset += 2;
+
//
// 7. Set invalid custom curve
//
buffer[bufferOffset] = ECTEST_SET_INVALIDCURVE;
bufferOffset++;
+ sw = SW_SKIPPED;
if ((testFlags & FLAG_ECTEST_SET_INVALIDCURVE) != (short) 0) {
- try {
- // Initialize curve parameters
- EC_Consts.setInValidECKeyParams(ecPubKey, ecPrivKey, keyClass, keyLen, m_ramArray);
- Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR);
- bufferOffset += 2;
- } catch (CryptoException e) {
- Util.setShort(buffer, bufferOffset, e.getReason());
- bufferOffset += 2;
- testFlags &= ~FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE; // Don't try generate keypair if invalid custom curve was not set
- } catch (Exception e) {
- Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN);
- bufferOffset += 2;
- testFlags &= ~FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE; // Don't try generate keypair if invalid custom curve was not set
+ sw = ecKeyGenerator.setCustomInvalidCurve(keyClass, keyLen, ECKeyGenerator.KEY_PUBLIC, EC_Consts.PARAMETER_B, EC_Consts.CORRUPTION_FIXED, m_ramArray, (short) 0);
+
+ if (sw != ISO7816.SW_NO_ERROR) {
+ testFlags &= ~FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE;
}
- } else {
- Util.setShort(buffer, bufferOffset, SW_SKIPPED);
- bufferOffset += 2;
}
-
+ Util.setShort(buffer, bufferOffset, sw);
+ bufferOffset += 2;
+
//
// 8. Generate keypair with invalid custom curve
//
buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE;
bufferOffset++;
+ sw = SW_SKIPPED;
if ((testFlags & FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE) != (short) 0) {
- try {
- ecKeyPair.genKeyPair();
- Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR);
- bufferOffset += 2;
- } catch (CryptoException e) {
- Util.setShort(buffer, bufferOffset, e.getReason());
- bufferOffset += 2;
- } catch (Exception e) {
- Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN);
- bufferOffset += 2;
- }
- } else {
- Util.setShort(buffer, bufferOffset, SW_SKIPPED);
- bufferOffset += 2;
+ sw = ecKeyGenerator.generatePair();
}
+ Util.setShort(buffer, bufferOffset, sw);
+ bufferOffset += 2;
return (short) (bufferOffset - baseOffset);
}
-
+
void TestEC_SupportGivenLength(APDU apdu) {
byte[] apdubuf = apdu.getBuffer();
short len = apdu.setIncomingAndReceive();
short dataOffset = ISO7816.OFFSET_CDATA;
- byte algType = apdubuf[dataOffset]; dataOffset++;
+ byte algType = apdubuf[dataOffset];
+ dataOffset++;
short keyLength = Util.getShort(apdubuf, dataOffset);
dataOffset += 2;
dataOffset = 0;
dataOffset += TestECSupport(algType, keyLength, apdubuf, dataOffset);
-
+
apdu.setOutgoingAndSend((short) 0, dataOffset);
}
-
+
void TestEC_FP_SupportAllLengths(APDU apdu) {
byte[] apdubuf = apdu.getBuffer();
short len = apdu.setIncomingAndReceive();
@@ -468,7 +373,8 @@ public class SimpleECCApplet extends javacard.framework.Applet
dataOffset += TestECSupport(KeyPair.ALG_EC_FP, (short) 521, apdubuf, dataOffset);
apdu.setOutgoingAndSend((short) 0, dataOffset);
- }
+ }
+
void TestEC_F2M_SupportAllLengths(APDU apdu) {
byte[] apdubuf = apdu.getBuffer();
short len = apdu.setIncomingAndReceive();
@@ -479,10 +385,10 @@ public class SimpleECCApplet extends javacard.framework.Applet
dataOffset += TestECSupport(KeyPair.ALG_EC_F2M, (short) 131, apdubuf, dataOffset);
dataOffset += TestECSupport(KeyPair.ALG_EC_F2M, (short) 163, apdubuf, dataOffset);
dataOffset += TestECSupport(KeyPair.ALG_EC_F2M, (short) 193, apdubuf, dataOffset);
-
+
apdu.setOutgoingAndSend((short) 0, dataOffset);
}
-
+
void TestEC_FP_GenerateInvalidCurve(APDU apdu) {
byte[] apdubuf = apdu.getBuffer();
short len = apdu.setIncomingAndReceive();
@@ -494,7 +400,7 @@ public class SimpleECCApplet extends javacard.framework.Applet
offset += 2;
byte bRewindOnSuccess = apdubuf[offset];
offset++;
-
+
short dataOffset = 0;
// FP
@@ -502,13 +408,12 @@ public class SimpleECCApplet extends javacard.framework.Applet
apdu.setOutgoingAndSend((short) 0, dataOffset);
}
-
+
short TestECSupportInvalidCurve(byte keyClass, short keyLen, byte[] buffer, short bufferOffset, short repeats, short corruptionType, byte bRewindOnSuccess) {
short baseOffset = bufferOffset;
short testFlags = FLAG_ECTEST_ALL;
- ecKeyPair = null;
ecPubKey = null;
ecPrivKey = null;
@@ -518,53 +423,38 @@ public class SimpleECCApplet extends javacard.framework.Applet
bufferOffset++;
Util.setShort(buffer, bufferOffset, keyLen);
bufferOffset += 2;
-
+
short numExecutionsOffset = bufferOffset; // num executions to be stored later
bufferOffset += 2;
+ short sw;
+
//
// 1. Allocate KeyPair object
//
buffer[bufferOffset] = ECTEST_ALLOCATE_KEYPAIR;
bufferOffset++;
+ sw = SW_SKIPPED;
if ((testFlags & FLAG_ECTEST_ALLOCATE_KEYPAIR) != (short) 0) {
- try {
- ecKeyPair = new KeyPair(keyClass, keyLen);
- ecPrivKey = (ECPrivateKey) ecKeyPair.getPrivate();
- ecPubKey = (ECPublicKey) ecKeyPair.getPublic();
- // Some implementation wil not return valid pub key until ecKeyPair.genKeyPair() is called
- // Other implementation will fail with exception if same is called => try catch
- try {
- if (ecPubKey == null) {
- ecKeyPair.genKeyPair();
- }
- } catch (Exception e) {
- } // do intentionally nothing
- Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR);
- bufferOffset += 2;
- } catch (CryptoException e) {
- Util.setShort(buffer, bufferOffset, e.getReason());
- bufferOffset += 2;
- testFlags = 0; // Can't continue if keypair was not allocated
- } catch (Exception e) {
- Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN);
- bufferOffset += 2;
- testFlags = 0; // Can't continue if keypair was not allocated
+ sw = ecKeyGenerator.allocatePair(keyClass, keyLen);
+ if (sw == ISO7816.SW_NO_ERROR) {
+ ecPrivKey = ecKeyGenerator.getPrivateKey();
+ ecPubKey = ecKeyGenerator.getPublicKey();
+ } else {
+ testFlags = 0;
}
- } else {
- Util.setShort(buffer, bufferOffset, SW_SKIPPED);
- bufferOffset += 2;
}
+ Util.setShort(buffer, bufferOffset, sw);
+ bufferOffset += 2;
//
// 2. Set invalid custom curve (many times)
//
- EC_Consts.m_random = randomData;
- EC_Consts.setValidECKeyParams(ecPubKey, ecPrivKey, keyClass, keyLen, m_ramArray);
+ sw = ecKeyGenerator.setCustomCurve(keyClass, keyLen, m_ramArray, (short) 0);
+ ecPrivKey = ecKeyGenerator.getPrivateKey();
+ ecPubKey = ecKeyGenerator.getPublicKey();
+
- m_lenB = ecPubKey.getB(m_ramArray, (short) 0); // store valid B
- Util.arrayCopyNonAtomic(m_ramArray, (short) 0, m_ramArray2, (short) 0, m_lenB); // also in m_ramArray2
-
short startOffset = bufferOffset;
short i;
for (i = 0; i < repeats; i++) {
@@ -572,41 +462,27 @@ public class SimpleECCApplet extends javacard.framework.Applet
if (bRewindOnSuccess == 1) {
// if nothing unexpected happened, rewind bufferOffset back again
bufferOffset = startOffset;
- }
-
- // Store valid curve B param
- ecPubKey.getB(m_ramArray, (short) 0); // store valid B
- Util.arrayCopyNonAtomic(m_ramArray, (short) 0, m_ramArray2, (short) 0, m_lenB); // also in m_ramArray2
+ }
// set invalid curve
buffer[bufferOffset] = ECTEST_SET_INVALIDCURVE;
bufferOffset++;
-
+
// Supported types of invalid curve:
- // 1. Completely random B
- // 2. Valid B but with one random byte randomly changed
- // 3. Valid B but with last byte incremented
- switch (corruptionType) {
- case CORRUPT_B_FULLRANDOM:
- randomData.generateData(m_ramArray2, (short) 0, m_lenB);
- break;
- case CORRUPT_B_ONEBYTERANDOM:
- // Copy valid B into m_ramArray2
- Util.arrayCopyNonAtomic(m_ramArray, (short) 0, m_ramArray2, (short) 0, m_lenB);
- // Generate random position and one random byte for subsequent change
- // Note - we are using same array m_ramArray2, but in area unsued by stored B
- randomData.generateData(m_ramArray2, m_lenB, (short) 2);
-
- short rngPos = m_ramArray2[m_lenB]; // random position (within B)
- if (rngPos < 0) { rngPos = (short) -rngPos; } // make it positive
- rngPos %= m_lenB;
- m_ramArray2[rngPos] = m_ramArray2[(short) (m_lenB + 1)]; // set random byte on random position
- // Make sure its not the valid byte again
- if (m_ramArray[rngPos] == m_ramArray2[rngPos]) {
- m_ramArray2[rngPos] += 1; // if yes, just increment
- }
-
- break;
+ // CORRUPTION_NONE = 0x01, valid parameter
+ // CORRUPTION_FIXED = 0x02, first and last byte changed to a fixed value
+ // CORRUPTION_FULLRANDOM = 0x03, completely random parameter data
+ // CORRUPTION_ONEBYTERANDOM = 0x04, one random byte randomly changed
+ // CORRUPTION_ZERO = 0x05, parameter competely zero
+ // CORRUPTION_ONE = 0x06, parameter completely one
+ sw = ecKeyGenerator.setCustomInvalidCurve(keyClass, keyClass, ECKeyGenerator.KEY_PUBLIC, EC_Consts.PARAMETER_B, corruptionType, m_ramArray, (short) 0);
+ Util.setShort(buffer, bufferOffset, sw);
+ bufferOffset += 2;
+ if (sw != ISO7816.SW_NO_ERROR) {
+ // if we reach this line, we are interested in value of B that caused incorrect response
+ break; // stop execution, return B
+ }
+ /* //TODO implement CORRUPT_B_LASTBYTEINCREMENT somehow
case CORRUPT_B_LASTBYTEINCREMENT:
m_ramArray2[(short) (m_lenB - 1)] += 1;
// Make sure its not the valid byte again
@@ -614,101 +490,54 @@ public class SimpleECCApplet extends javacard.framework.Applet
m_ramArray2[(short) (m_lenB - 1)] += 1; // if yes, increment once more
}
break;
- default:
- ISOException.throwIt(SW_INVALID_CORRUPTION_TYPE);
- break;
- }
-
-
- // Set corrupted B parameter
- try {
- ecPubKey.setB(m_ramArray2, (short) 0, m_lenB);
- ecPrivKey.setB(m_ramArray2, (short) 0, m_lenB);
- Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR); // ok if setB itself will not emit exception
- bufferOffset += 2;
- }catch (CryptoException e) {
- Util.setShort(buffer, bufferOffset, e.getReason());
- bufferOffset += 2;
- // if we reach this line, we are interested in value of B that caused incorrect response
- break; // stop execution, return B
- }catch (Exception e) {
- Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN);
- bufferOffset += 2;
- // if we reach this line, we are interested in value of B that caused incorrect response
- break; // stop execution, return B
}
+ */
// Gen key pair with invalid curve
- try {
- buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE;
- bufferOffset++;
- // Should fail
- ecKeyPair.genKeyPair();
+
+ buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE;
+ bufferOffset++;
+ // Should fail
+ sw = ecKeyGenerator.generatePair();
+ Util.setShort(buffer, bufferOffset, sw);
+ bufferOffset += 2;
+
+ if (sw == ISO7816.SW_NO_ERROR) {
// If this line is reached, we generated key pair - what should not happen
- Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR);
- bufferOffset += 2;
-
- // if we reach this line, we are interested in value of B
- try {
- buffer[bufferOffset] = ECTEST_DH_GENERATESECRET;
- bufferOffset++;
- ecPrivKey = (ECPrivateKey) ecKeyPair.getPrivate();
- if (dhKeyAgreement == null) {
- dhKeyAgreement = KeyAgreement.getInstance(KeyAgreement.ALG_EC_SVDP_DH, false);
- }
- dhKeyAgreement.init(ecPrivKey);
- short lenW = ecPubKey.getW(m_ramArray2, (short) 0); // store valid B
- dhKeyAgreement.generateSecret(m_ramArray2, (short) 0, lenW, m_ramArray, (short) 0);
- } catch (CryptoException e) {
- Util.setShort(buffer, bufferOffset, e.getReason());
- bufferOffset += 2;
- } catch (Exception e) {
- Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN);
- bufferOffset += 2;
- }
-
- break; // stop execution, return B
- } catch (CryptoException e) {
- Util.setShort(buffer, bufferOffset, e.getReason());
- bufferOffset += 2;
- } catch (Exception e) {
- Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN);
+ buffer[bufferOffset] = ECTEST_DH_GENERATESECRET;
+ bufferOffset++;
+
+ ecPrivKey = ecKeyGenerator.getPrivateKey();
+ ecPubKey = ecKeyGenerator.getPublicKey();
+
+ sw = ecKeyTester.testECDH_validPoint(ecPrivKey, ecPubKey, m_ramArray, (short) 0, m_ramArray2, (short) 0);
+ Util.setShort(buffer, bufferOffset, sw);
bufferOffset += 2;
+ break; //stop execution, return B
}
-
- //
+
// Generate keypair with valid curve - to check that whole engine is not somehow blocked
// after previous attempt with invalid curve
//
// set valid curve
buffer[bufferOffset] = ECTEST_SET_VALIDCURVE;
bufferOffset++;
- EC_Consts.setValidECKeyParams(ecPubKey, ecPrivKey, keyClass, keyLen, m_ramArray);
-
- Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR);
+ sw = ecKeyGenerator.setCustomCurve(keyClass, keyLen, m_ramArray, (short) 0);
+
+ Util.setShort(buffer, bufferOffset, sw);
bufferOffset += 2;
// Gen key pair with valid curve
- try {
- buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE;
- bufferOffset++;
- // Should succeed
- ecKeyPair.genKeyPair();
- // If this line is reached, we generated valid key pair (expected)
- Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR);
- bufferOffset += 2;
- } catch (CryptoException e) {
- Util.setShort(buffer, bufferOffset, e.getReason());
- bufferOffset += 2;
- // if we reach this line, we are interested in value of B that caused incorrect response
- break; // stop execution, return B
- } catch (Exception e) {
- Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN);
- bufferOffset += 2;
- // if we reach this line, we are interested in value of B that caused incorrect response
- break; // stop execution, return B
+ buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE;
+ bufferOffset++;
+
+ sw = ecKeyGenerator.generatePair();
+ Util.setShort(buffer, bufferOffset, sw);
+ bufferOffset += 2;
+ if (sw != ISO7816.SW_NO_ERROR) {
+ break;
}
-
+
// If we reach this line => everything was as expected
// Rewind offset in array back (no storage of info about expected runs)
// bufferOffset = startOffset; done at beginning
@@ -717,76 +546,64 @@ public class SimpleECCApplet extends javacard.framework.Applet
bufferOffset += 2;
}
}
-
+
// Set number of executed repeats
Util.setShort(buffer, numExecutionsOffset, i);
-
+
return (short) (bufferOffset - baseOffset);
}
-
+
void TestECSupportInvalidCurve_lastUsedParams(APDU apdu) {
byte[] apdubuf = apdu.getBuffer();
apdu.setIncomingAndReceive();
-
+
short offset = 0;
Util.arrayCopyNonAtomic(m_ramArray2, (short) 0, apdubuf, offset, m_lenB);
offset += m_lenB;
-
+
apdu.setOutgoingAndSend((short) 0, offset);
}
-
- void AllocateKeyPairReturnDefCourve(APDU apdu) {
+
+ void AllocateKeyPairReturnDefCurve(APDU apdu) {
byte[] apdubuf = apdu.getBuffer();
apdu.setIncomingAndReceive();
short bitLen = Util.getShort(apdubuf, ISO7816.OFFSET_CDATA);
- // Note: all locations shoudl happen in constructor. But here it is intentional
+ // Note: all locations should happen in constructor. But here it is intentional
// as we like to test for result of allocation
- ecKeyPair = new KeyPair(KeyPair.ALG_EC_FP, bitLen);
+ ecKeyGenerator.allocatePair(KeyPair.ALG_EC_FP, bitLen);
// If required, generate also new key pair
if (apdubuf[ISO7816.OFFSET_P1] == (byte) 1) {
- ecPubKey = (ECPublicKey) ecKeyPair.getPublic();
- ecPrivKey = (ECPrivateKey) ecKeyPair.getPrivate();
- // Some implementation wil not return valid pub key until ecKeyPair.genKeyPair() is called
- // Other implementation will fail with exception if same is called => try catch
- try {
- if (ecPubKey == null) {
- ecKeyPair.genKeyPair();
- }
- } catch (Exception e) {
- } // do nothing
// If required, initialize curve parameters first
if (apdubuf[ISO7816.OFFSET_P2] == (byte) 2) {
- EC_Consts.setValidECKeyParams(ecPubKey, ecPrivKey, KeyPair.ALG_EC_FP, bitLen, m_ramArray);
+ ecKeyGenerator.setCustomCurve(KeyPair.ALG_EC_FP, bitLen, m_ramArray, (short) 0);
}
// Now generate new keypair with either default or custom curve
- ecKeyPair.genKeyPair();
- ecPubKey = (ECPublicKey) ecKeyPair.getPublic();
- ecPrivKey = (ECPrivateKey) ecKeyPair.getPrivate();
+ ecKeyGenerator.generatePair();
- short len = 0;
+ short len;
short offset = 0;
// Export curve public parameters
offset += 2; // reserve space for length
- len = ecPubKey.getField(apdubuf, offset);
+ len = ecKeyGenerator.exportParameter(ECKeyGenerator.KEY_PUBLIC, EC_Consts.PARAMETER_FP, apdubuf, offset);
Util.setShort(apdubuf, (short) (offset - 2), len);
offset += len;
offset += 2; // reserve space for length
- len = ecPubKey.getA(apdubuf, offset);
+ len = ecKeyGenerator.exportParameter(ECKeyGenerator.KEY_PUBLIC, EC_Consts.PARAMETER_A, apdubuf, offset);
Util.setShort(apdubuf, (short) (offset - 2), len);
offset += len;
offset += 2; // reserve space for length
- len = ecPubKey.getB(apdubuf, offset);
+ len = ecKeyGenerator.exportParameter(ECKeyGenerator.KEY_PUBLIC, EC_Consts.PARAMETER_B, apdubuf, offset);
Util.setShort(apdubuf, (short) (offset - 2), len);
offset += len;
offset += 2; // reserve space for length
- len = ecPubKey.getR(apdubuf, offset);
+ len = ecKeyGenerator.exportParameter(ECKeyGenerator.KEY_PUBLIC, EC_Consts.PARAMETER_R, apdubuf, offset);
Util.setShort(apdubuf, (short) (offset - 2), len);
offset += len;
/*
@@ -812,8 +629,8 @@ public class SimpleECCApplet extends javacard.framework.Applet
}
// Generate fresh EC keypair
- ecKeyPair.genKeyPair();
- ecPrivKey = (ECPrivateKey) ecKeyPair.getPrivate();
+ ecKeyGenerator.generatePair();
+ ecPrivKey = ecKeyGenerator.getPrivateKey();
if (dhKeyAgreement == null) {
dhKeyAgreement = KeyAgreement.getInstance(KeyAgreement.ALG_EC_SVDP_DH, false);
@@ -826,22 +643,6 @@ public class SimpleECCApplet extends javacard.framework.Applet
apdu.setOutgoingAndSend((short) 0, secretLen);
}
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
/*
void AllocateKeyPair(byte algorithm, short bitLen) {
@@ -913,6 +714,6 @@ public class SimpleECCApplet extends javacard.framework.Applet
apdu.setOutgoingAndSend((short) 0, offset);
}
-*/
+*/
}
diff --git a/src/simpleapdu/SimpleAPDU.java b/src/simpleapdu/SimpleAPDU.java
index 0ea9ca3..5baf9a6 100644
--- a/src/simpleapdu/SimpleAPDU.java
+++ b/src/simpleapdu/SimpleAPDU.java
@@ -1,50 +1,53 @@
package simpleapdu;
+import applets.EC_Consts;
import applets.SimpleECCApplet;
-import static applets.SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE;
-import static applets.SimpleECCApplet.ECTEST_SET_INVALIDCURVE;
import javacard.framework.ISO7816;
import javacard.security.CryptoException;
import javacard.security.KeyPair;
-import javax.smartcardio.ResponseAPDU;
import org.bouncycastle.util.Arrays;
+import javax.smartcardio.ResponseAPDU;
+
/**
- *
* @author Petr Svenda petr@svenda.com
*/
public class SimpleAPDU {
static CardMngr cardManager = new CardMngr();
- private final static byte SELECT_ECTESTERAPPLET[] = {(byte) 0x00, (byte) 0xa4, (byte) 0x04, (byte) 0x00, (byte) 0x0a,
- (byte) 0x45, (byte) 0x43, (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x65, (byte) 0x72, (byte) 0x30, (byte) 0x31};
+ private final static byte SELECT_ECTESTERAPPLET[] = {(byte) 0x00, (byte) 0xa4, (byte) 0x04, (byte) 0x00, (byte) 0x0a,
+ (byte) 0x45, (byte) 0x43, (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x65, (byte) 0x72, (byte) 0x30, (byte) 0x31};
private static final byte TESTECSUPPORTALL_FP[] = {(byte) 0xB0, (byte) 0x5E, (byte) 0x00, (byte) 0x00, (byte) 0x00};
private static final byte TESTECSUPPORTALL_F2M[] = {(byte) 0xB0, (byte) 0x5F, (byte) 0x00, (byte) 0x00, (byte) 0x00};
private static final byte TESTECSUPPORT_GIVENALG[] = {(byte) 0xB0, (byte) 0x71, (byte) 0x00, (byte) 0x00, (byte) 0x03, (byte) 0x00, (byte) 0x00, (byte) 0x00};
private static final short TESTECSUPPORT_ALG_OFFSET = 5;
private static final short TESTECSUPPORT_KEYLENGTH_OFFSET = 6;
-
+
private static final byte TESTECSUPPORTALL_LASTUSEDPARAMS[] = {(byte) 0xB0, (byte) 0x40, (byte) 0x00, (byte) 0x00, (byte) 0x00};
-
+
private static final byte TESTECSUPPORTALL_FP_KEYGEN_INVALIDCURVEB[] = {(byte) 0xB0, (byte) 0x70, (byte) 0x00, (byte) 0x00, (byte) 0x05, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00};
private static final short INVALIDCURVEB_NUMREPEATS_OFFSET = 5;
private static final short INVALIDCURVEB_CORRUPTIONTYPE_OFFSET = 7;
private static final short INVALIDCURVEB_REWINDONSUCCESS_OFFSET = 9;
-
+
static short getShort(byte[] array, int offset) {
- return (short) (((array[offset] & 0xFF) << 8) | (array[offset + 1] & 0xFF));
+ return (short) (((array[offset] & 0xFF) << 8) | (array[offset + 1] & 0xFF));
}
+
static void setShort(byte[] array, int offset, short value) {
array[offset + 1] = (byte) (value & 0xFF);
array[offset] = (byte) ((value >> 8) & 0xFF);
- }
+ }
+
static void testFPkeyGen_setNumRepeats(byte[] apduArray, short numRepeats) {
setShort(apduArray, INVALIDCURVEB_NUMREPEATS_OFFSET, numRepeats);
}
+
static void testFPkeyGen_setCorruptionType(byte[] apduArray, short corruptionType) {
setShort(apduArray, INVALIDCURVEB_CORRUPTIONTYPE_OFFSET, corruptionType);
}
+
static void testFPkeyGen_rewindOnSuccess(byte[] apduArray, boolean bRewind) {
apduArray[INVALIDCURVEB_REWINDONSUCCESS_OFFSET] = bRewind ? (byte) 1 : (byte) 0;
}
@@ -57,16 +60,17 @@ public class SimpleAPDU {
}
return cardManager;
}
-
+
static void testSupportECGivenAlg(byte[] apdu, CardMngr cardManager) throws Exception {
ReconnnectToCard();
ResponseAPDU resp = cardManager.sendAPDU(apdu);
PrintECSupport(resp);
}
+
static void testSupportECAll(CardMngr cardManager) throws Exception {
byte[] testAPDU = Arrays.clone(TESTECSUPPORT_GIVENALG);
- testAPDU[TESTECSUPPORT_ALG_OFFSET] = KeyPair.ALG_EC_FP;
+ testAPDU[TESTECSUPPORT_ALG_OFFSET] = KeyPair.ALG_EC_FP;
setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 128);
testSupportECGivenAlg(testAPDU, cardManager);
setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 160);
@@ -81,7 +85,7 @@ public class SimpleAPDU {
testSupportECGivenAlg(testAPDU, cardManager);
setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 521);
testSupportECGivenAlg(testAPDU, cardManager);
-
+
testAPDU[TESTECSUPPORT_ALG_OFFSET] = KeyPair.ALG_EC_F2M;
setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 113);
testSupportECGivenAlg(testAPDU, cardManager);
@@ -91,8 +95,9 @@ public class SimpleAPDU {
testSupportECGivenAlg(testAPDU, cardManager);
setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 193);
testSupportECGivenAlg(testAPDU, cardManager);
-
+
}
+
public static void main(String[] args) {
try {
//
@@ -101,11 +106,11 @@ public class SimpleAPDU {
if (cardManager.ConnectToCard()) {
testSupportECAll(cardManager);
-
+
// Test setting invalid parameter B of curve
byte[] testAPDU = Arrays.clone(TESTECSUPPORTALL_FP_KEYGEN_INVALIDCURVEB);
//testFPkeyGen_setCorruptionType(testAPDU, SimpleECCApplet.CORRUPT_B_LASTBYTEINCREMENT);
- testFPkeyGen_setCorruptionType(testAPDU, SimpleECCApplet.CORRUPT_B_ONEBYTERANDOM);
+ testFPkeyGen_setCorruptionType(testAPDU, EC_Consts.CORRUPTION_ONEBYTERANDOM);
//testFPkeyGen_setCorruptionType(testAPDU, SimpleECCApplet.CORRUPT_B_FULLRANDOM);
testFPkeyGen_setNumRepeats(testAPDU, (short) 10);
testFPkeyGen_rewindOnSuccess(testAPDU, true);
@@ -124,7 +129,7 @@ public class SimpleAPDU {
PrintECSupport(resp_fp);
PrintECSupport(resp_f2m);
*/
-
+
cardManager.DisconnectFromCard();
} else {
System.out.println("Failed to connect to card");
@@ -133,12 +138,11 @@ public class SimpleAPDU {
System.out.println("Exception : " + ex);
}
}
-
+
static String getPrintError(short code) {
if (code == ISO7816.SW_NO_ERROR) {
return "OK\t(0x9000)";
- }
- else {
+ } else {
String codeStr = "unknown";
if (code == CryptoException.ILLEGAL_VALUE) {
codeStr = "ILLEGAL_VALUE";
@@ -165,22 +169,22 @@ public class SimpleAPDU {
codeStr = "SW_INVALID_CORRUPTION_TYPE";
}
return String.format("fail\t(%s,\t0x%4x)", codeStr, code);
- }
+ }
}
-
+
enum ExpResult {
SHOULD_SUCCEDD,
MAY_FAIL,
MUST_FAIL
}
+
static int VerifyPrintResult(String message, byte expectedTag, byte[] buffer, int bufferOffset, ExpResult expRes) {
if (bufferOffset >= buffer.length) {
System.out.println(" No more data returned");
- }
- else {
+ } else {
if (buffer[bufferOffset] != expectedTag) {
System.out.println(" ERROR: mismatched tag");
- assert(buffer[bufferOffset] == expectedTag);
+ assert (buffer[bufferOffset] == expectedTag);
}
bufferOffset++;
short resCode = getShort(buffer, bufferOffset);
@@ -195,13 +199,13 @@ public class SimpleAPDU {
}
if (bHiglight) {
System.out.println(String.format("!! %-50s%s", message, getPrintError(resCode)));
- }
- else {
+ } else {
System.out.println(String.format(" %-50s%s", message, getPrintError(resCode)));
}
}
return bufferOffset;
}
+
static void PrintECSupport(ResponseAPDU resp) {
byte[] buffer = resp.getData();
@@ -209,7 +213,7 @@ public class SimpleAPDU {
System.out.println("### Test for support and with valid and invalid EC curves");
int bufferOffset = 0;
while (bufferOffset < buffer.length) {
- assert(buffer[bufferOffset] == SimpleECCApplet.ECTEST_SEPARATOR);
+ assert (buffer[bufferOffset] == SimpleECCApplet.ECTEST_SEPARATOR);
bufferOffset++;
String ecType = "unknown";
if (buffer[bufferOffset] == KeyPair.ALG_EC_FP) {
@@ -232,10 +236,11 @@ public class SimpleAPDU {
bufferOffset = VerifyPrintResult("ECDH agreement with invalid point (fail is good):", SimpleECCApplet.ECTEST_ECDH_AGREEMENT_INVALID_POINT, buffer, bufferOffset, ExpResult.MUST_FAIL);
bufferOffset = VerifyPrintResult("Set invalid custom curve (may fail):", SimpleECCApplet.ECTEST_SET_INVALIDCURVE, buffer, bufferOffset, ExpResult.MAY_FAIL);
bufferOffset = VerifyPrintResult("Generate key with invalid curve (fail is good):", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE, buffer, bufferOffset, ExpResult.MUST_FAIL);
-
+
System.out.println();
}
}
+
static void PrintECKeyGenInvalidCurveB(ResponseAPDU resp) {
byte[] buffer = resp.getData();
@@ -261,8 +266,8 @@ public class SimpleAPDU {
short numRepeats = getShort(buffer, bufferOffset);
bufferOffset += 2;
System.out.println(String.format("%-53s%d times", "Executed repeats before unexpected error: ", numRepeats));
-
-
+
+
bufferOffset = VerifyPrintResult("KeyPair object allocation:", SimpleECCApplet.ECTEST_ALLOCATE_KEYPAIR, buffer, bufferOffset, ExpResult.SHOULD_SUCCEDD);
while (bufferOffset < buffer.length) {
bufferOffset = VerifyPrintResult("Set invalid custom curve:", SimpleECCApplet.ECTEST_SET_INVALIDCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEDD);
@@ -277,7 +282,7 @@ public class SimpleAPDU {
System.out.println();
}
}
-
+
static void PrintECKeyGenInvalidCurveB_lastUserParams(ResponseAPDU resp) {
byte[] buffer = resp.getData();
short offset = 0;
@@ -286,6 +291,6 @@ public class SimpleAPDU {
System.out.print(String.format("%x ", buffer[offset]));
offset++;
}
-
- }
+
+ }
}
--
cgit v1.2.3-70-g09d2
From 6a68401612f5e61f966def58ed60eaff52b6f7f6 Mon Sep 17 00:00:00 2001
From: J08nY
Date: Wed, 2 Nov 2016 00:21:42 +0100
Subject: EC_Consts: made parameters maskable ECKeyGenerator: since parameters
are maskable, one can now setCustomInvalidCurve(curve, PARAMETER_A |
PARAMETER_B,...) and the resulting curve will have both A and B invalid.
---
src/applets/ECKeyGenerator.java | 27 ++++++++++++---------------
src/applets/ECKeyTester.java | 8 ++------
src/applets/EC_Consts.java | 20 ++++++++------------
src/applets/SimpleECCApplet.java | 23 ++++++++++++++---------
4 files changed, 36 insertions(+), 42 deletions(-)
(limited to 'src/applets/ECKeyGenerator.java')
diff --git a/src/applets/ECKeyGenerator.java b/src/applets/ECKeyGenerator.java
index c7155de..393c249 100644
--- a/src/applets/ECKeyGenerator.java
+++ b/src/applets/ECKeyGenerator.java
@@ -70,7 +70,7 @@ public class ECKeyGenerator {
}
if (sw != ISO7816.SW_NO_ERROR) return sw;
- for (byte param = EC_Consts.PARAMETER_A; param < EC_Consts.PARAMETER_K; ++param) {
+ for (byte param = EC_Consts.PARAMETER_A; param <= EC_Consts.PARAMETER_K; param = (byte)(param << 1)) {
length = EC_Consts.getCurveParameter(curve, param, buffer, offset);
sw = setExternalParameter(KEY_BOTH, param, buffer, offset, length);
if (sw != ISO7816.SW_NO_ERROR) break;
@@ -86,8 +86,17 @@ public class ECKeyGenerator {
short sw = setCustomCurve(curve, buffer, offset);
if (sw != ISO7816.SW_NO_ERROR) return sw;
- short length = EC_Consts.getCorruptCurveParameter(curve, param, buffer, offset, corruptionType);
- sw = setExternalParameter(key, param, buffer, offset, length);
+ //go through param bit by bit, and invalidate all selected params
+ byte paramMask = 0x01;
+ while (paramMask <= EC_Consts.PARAMETER_K) {
+ byte masked = (byte)(paramMask & param);
+ if (masked != 0){
+ short length = EC_Consts.getCorruptCurveParameter(curve, masked, buffer, offset, corruptionType);
+ sw = setExternalParameter(key, masked, buffer, offset, length);
+ if (sw != ISO7816.SW_NO_ERROR) return sw;
+ }
+ paramMask = (byte)(paramMask << 1);
+ }
return sw;
}
@@ -139,12 +148,6 @@ public class ECKeyGenerator {
if ((key & KEY_PUBLIC) != 0) ecPublicKey.setK(k);
}
break;
- case EC_Consts.PARAMETER_S:
- if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setS(data, offset, length);
- break;
- case EC_Consts.PARAMETER_W:
- if ((key & KEY_PUBLIC) != 0) ecPublicKey.setW(data, offset, length);
- break;
default:
result = ISO7816.SW_UNKNOWN;
}
@@ -189,12 +192,6 @@ public class ECKeyGenerator {
if ((key & KEY_PRIVATE) != 0) Util.setShort(outputBuffer, outputOffset, ecPrivateKey.getK());
length = 2;
break;
- case EC_Consts.PARAMETER_S:
- if ((key & KEY_PRIVATE) != 0) length = ecPrivateKey.getS(outputBuffer, outputOffset);
- break;
- case EC_Consts.PARAMETER_W:
- if ((key & KEY_PUBLIC) != 0) length = ecPublicKey.getW(outputBuffer, outputOffset);
- break;
default:
length = -1;
}
diff --git a/src/applets/ECKeyTester.java b/src/applets/ECKeyTester.java
index 757ece7..1031b06 100644
--- a/src/applets/ECKeyTester.java
+++ b/src/applets/ECKeyTester.java
@@ -13,10 +13,6 @@ public class ECKeyTester {
private KeyAgreement ecdhcKeyAgreement = null;
private Signature ecdsaSignature = null;
- //TODO: move these SW definitions to the main applet class.
- public final static short SW_SIG_LENGTH_MISMATCH = (short) 0xee4;
- public final static short SW_SIG_VERIFY_FAIL = (short) 0xee5;
-
public short allocateECDH() {
short result = ISO7816.SW_NO_ERROR;
try {
@@ -150,12 +146,12 @@ public class ECKeyTester {
short sigLength = ecdsaSignature.sign(inputBuffer, inputOffset, inputLength, sigBuffer, sigOffset);
if (sigLength != 20) { // per javacard.security.Signature an ALG_ECDSA_SHA should be 20 bytes.
- result = ECKeyTester.SW_SIG_LENGTH_MISMATCH;
+ result = SimpleECCApplet.SW_SIG_LENGTH_MISMATCH;
} else {
ecdsaSignature.init(verifyKey, Signature.MODE_VERIFY);
boolean correct = ecdsaSignature.verify(inputBuffer, inputOffset, inputLength, sigBuffer, sigOffset, sigLength);
if (!correct) {
- result = ECKeyTester.SW_SIG_VERIFY_FAIL;
+ result = SimpleECCApplet.SW_SIG_VERIFY_FAIL;
}
}
} catch (CryptoException ce) {
diff --git a/src/applets/EC_Consts.java b/src/applets/EC_Consts.java
index 7521979..8bfa7ff 100644
--- a/src/applets/EC_Consts.java
+++ b/src/applets/EC_Consts.java
@@ -17,18 +17,14 @@ public class EC_Consts {
private static byte[] EC_F2M_F2M = null; //[short ii, short i2, short i3], f = x^m + x^i1 + x^i2 + x^i3 + 1
- public static final byte PARAMETER_FP = 1;
- public static final byte PARAMETER_F2M = 2;
-
- public static final byte PARAMETER_A = 3;
- public static final byte PARAMETER_B = 4;
- public static final byte PARAMETER_G = 5;
- public static final byte PARAMETER_R = 6;
- public static final byte PARAMETER_K = 7;
-
- //TODO make params maskable, to allow for PARAMETER_A | PARAMETER_B passed to for example ECKeyGenerator.setInvalidCustomCurve
- public static final byte PARAMETER_S = 8; //private key
- public static final byte PARAMETER_W = 9; //public key
+ public static final byte PARAMETER_FP = 0x01;
+ public static final byte PARAMETER_F2M = 0x02;
+
+ public static final byte PARAMETER_A = 0x04;
+ public static final byte PARAMETER_B = 0x08;
+ public static final byte PARAMETER_G = 0x10;
+ public static final byte PARAMETER_R = 0x20;
+ public static final byte PARAMETER_K = 0x40;
public static RandomData m_random = null;
diff --git a/src/applets/SimpleECCApplet.java b/src/applets/SimpleECCApplet.java
index 79abd0e..683e61d 100644
--- a/src/applets/SimpleECCApplet.java
+++ b/src/applets/SimpleECCApplet.java
@@ -7,24 +7,24 @@ package applets;
import javacard.framework.*;
import javacard.security.*;
-import javax.print.attribute.standard.MediaSize;
public class SimpleECCApplet extends javacard.framework.Applet {
+
// MAIN INSTRUCTION CLASS
- final static byte CLA_SIMPLEECCAPPLET = (byte) 0xB0;
+ final static byte CLA_SIMPLEECCAPPLET = (byte) 0xB0;
// INSTRUCTIONS
- final static byte INS_GENERATEKEY = (byte) 0x5a;
- final static byte INS_ALLOCATEKEYPAIRS = (byte) 0x5b;
+ final static byte INS_GENERATEKEY = (byte) 0x5a;
+ final static byte INS_ALLOCATEKEYPAIRS = (byte) 0x5b;
- final static byte INS_ALLOCATEKEYPAIR = (byte) 0x5c;
- final static byte INS_DERIVEECDHSECRET = (byte) 0x5d;
+ final static byte INS_ALLOCATEKEYPAIR = (byte) 0x5c;
+ final static byte INS_DERIVEECDHSECRET = (byte) 0x5d;
- final static byte INS_TESTECSUPPORTALL_FP = (byte) 0x5e;
- final static byte INS_TESTECSUPPORTALL_F2M = (byte) 0x5f;
+ final static byte INS_TESTECSUPPORTALL_FP = (byte) 0x5e;
+ final static byte INS_TESTECSUPPORTALL_F2M = (byte) 0x5f;
final static byte INS_TESTEC_GENERATEINVALID_FP = (byte) 0x70;
final static byte INS_TESTECSUPPORT_GIVENALG = (byte) 0x71;
- final static byte INS_TESTEC_LASTUSEDPARAMS = (byte) 0x40;
+ final static byte INS_TESTEC_LASTUSEDPARAMS = (byte) 0x40;
final static short ARRAY_LENGTH = (short) 0xff;
@@ -61,6 +61,8 @@ public class SimpleECCApplet extends javacard.framework.Applet {
public final static short SW_SKIPPED = (short) 0x0ee1;
public final static short SW_KEYPAIR_GENERATED_INVALID = (short) 0x0ee2;
public final static short SW_INVALID_CORRUPTION_TYPE = (short) 0x0ee3;
+ public final static short SW_SIG_LENGTH_MISMATCH = (short) 0xee4;
+ public final static short SW_SIG_VERIFY_FAIL = (short) 0xee5;
/*
public static final byte[] EC192_FP_PUBLICW = new byte[]{
(byte) 0x04, (byte) 0xC9, (byte) 0xC0, (byte) 0xED, (byte) 0xFB, (byte) 0x27,
@@ -454,6 +456,7 @@ public class SimpleECCApplet extends javacard.framework.Applet {
ecPrivKey = ecKeyGenerator.getPrivateKey();
ecPubKey = ecKeyGenerator.getPublicKey();
+ m_lenB = ecPubKey.getB(m_ramArray2, (short) 0); //store valid B
short startOffset = bufferOffset;
short i;
@@ -511,6 +514,7 @@ public class SimpleECCApplet extends javacard.framework.Applet {
ecPubKey = ecKeyGenerator.getPublicKey();
sw = ecKeyTester.testECDH_validPoint(ecPrivKey, ecPubKey, m_ramArray, (short) 0, m_ramArray2, (short) 0);
+ m_lenB = ecPubKey.getB(m_ramArray2, (short) 0); //store B
Util.setShort(buffer, bufferOffset, sw);
bufferOffset += 2;
break; //stop execution, return B
@@ -553,6 +557,7 @@ public class SimpleECCApplet extends javacard.framework.Applet {
return (short) (bufferOffset - baseOffset);
}
+ //TODO: generalize invalid B setting to all curve params
void TestECSupportInvalidCurve_lastUsedParams(APDU apdu) {
byte[] apdubuf = apdu.getBuffer();
apdu.setIncomingAndReceive();
--
cgit v1.2.3-70-g09d2
From c2be46f5881a3a8e63c0815de28f0516ceeb7bcc Mon Sep 17 00:00:00 2001
From: J08nY
Date: Wed, 2 Nov 2016 21:05:56 +0100
Subject: Implemented External curve setting on applet side
SimpleECCApplet: added TestEC_SupportExternal which receives an FP or
F2M elliptic curve parameters in an APDU, sets it and tries ECDH, ECDSA.
ECKeyGenerator: added setExternalCurve, which reads and sets external
parameters from one buffer, with data order:
field | a | b | g | r | k
---
src/applets/ECKeyGenerator.java | 33 ++++++++
src/applets/SimpleECCApplet.java | 169 +++++++++++++++++++++++++++++++++++++--
src/simpleapdu/SimpleAPDU.java | 6 ++
3 files changed, 200 insertions(+), 8 deletions(-)
(limited to 'src/applets/ECKeyGenerator.java')
diff --git a/src/applets/ECKeyGenerator.java b/src/applets/ECKeyGenerator.java
index 393c249..28b3ed3 100644
--- a/src/applets/ECKeyGenerator.java
+++ b/src/applets/ECKeyGenerator.java
@@ -70,6 +70,7 @@ public class ECKeyGenerator {
}
if (sw != ISO7816.SW_NO_ERROR) return sw;
+ //go through all params
for (byte param = EC_Consts.PARAMETER_A; param <= EC_Consts.PARAMETER_K; param = (byte)(param << 1)) {
length = EC_Consts.getCurveParameter(curve, param, buffer, offset);
sw = setExternalParameter(KEY_BOTH, param, buffer, offset, length);
@@ -159,6 +160,38 @@ public class ECKeyGenerator {
return result;
}
+ public short setExternalCurve(byte key, byte keyClass, byte[] buffer, short offset, short fieldLength, short aLength, short bLength, short gxLength, short gyLength, short rLength){
+ short sw = ISO7816.SW_NO_ERROR;
+ if (keyClass == KeyPair.ALG_EC_FP) {
+ sw = setExternalParameter(key, EC_Consts.PARAMETER_FP, buffer, offset, fieldLength);
+ } else if (keyClass == KeyPair.ALG_EC_F2M) {
+ sw = setExternalParameter(key, EC_Consts.PARAMETER_F2M, buffer, offset, fieldLength);
+ }
+ if (sw != ISO7816.SW_NO_ERROR) return sw;
+
+ offset += fieldLength;
+
+ //go through all params
+ sw = setExternalParameter(key, EC_Consts.PARAMETER_A, buffer, offset, aLength);
+ if (sw != ISO7816.SW_NO_ERROR) return sw;
+ offset += aLength;
+ sw = setExternalParameter(key, EC_Consts.PARAMETER_B, buffer, offset, bLength);
+ if (sw != ISO7816.SW_NO_ERROR) return sw;
+ offset += bLength;
+
+ sw = setExternalParameter(key, EC_Consts.PARAMETER_G, buffer, offset, (short) (gxLength + gyLength));
+ if (sw != ISO7816.SW_NO_ERROR) return sw;
+ offset += gxLength + gyLength;
+
+
+ sw = setExternalParameter(key, EC_Consts.PARAMETER_R, buffer, offset, aLength);
+ if (sw != ISO7816.SW_NO_ERROR) return sw;
+ offset += rLength;
+
+ sw = setExternalParameter(key, EC_Consts.PARAMETER_K, buffer, offset, (short) 2);
+ return sw;
+ }
+
public short exportParameter(byte key, short param, byte[] outputBuffer, short outputOffset) {
if (key == KEY_BOTH) {
return -1;
diff --git a/src/applets/SimpleECCApplet.java b/src/applets/SimpleECCApplet.java
index 683e61d..3b5b514 100644
--- a/src/applets/SimpleECCApplet.java
+++ b/src/applets/SimpleECCApplet.java
@@ -11,20 +11,21 @@ import javacard.security.*;
public class SimpleECCApplet extends javacard.framework.Applet {
// MAIN INSTRUCTION CLASS
- final static byte CLA_SIMPLEECCAPPLET = (byte) 0xB0;
+ final static byte CLA_SIMPLEECCAPPLET = (byte) 0xB0;
// INSTRUCTIONS
- final static byte INS_GENERATEKEY = (byte) 0x5a;
- final static byte INS_ALLOCATEKEYPAIRS = (byte) 0x5b;
+ final static byte INS_GENERATEKEY = (byte) 0x5a;
+ final static byte INS_ALLOCATEKEYPAIRS = (byte) 0x5b;
- final static byte INS_ALLOCATEKEYPAIR = (byte) 0x5c;
- final static byte INS_DERIVEECDHSECRET = (byte) 0x5d;
+ final static byte INS_ALLOCATEKEYPAIR = (byte) 0x5c;
+ final static byte INS_DERIVEECDHSECRET = (byte) 0x5d;
- final static byte INS_TESTECSUPPORTALL_FP = (byte) 0x5e;
- final static byte INS_TESTECSUPPORTALL_F2M = (byte) 0x5f;
+ final static byte INS_TESTECSUPPORTALL_FP = (byte) 0x5e;
+ final static byte INS_TESTECSUPPORTALL_F2M = (byte) 0x5f;
final static byte INS_TESTEC_GENERATEINVALID_FP = (byte) 0x70;
final static byte INS_TESTECSUPPORT_GIVENALG = (byte) 0x71;
- final static byte INS_TESTEC_LASTUSEDPARAMS = (byte) 0x40;
+ final static byte INS_TESTECSUPPORT_EXTERNAL = (byte) 0x72;
+ final static byte INS_TESTEC_LASTUSEDPARAMS = (byte) 0x40;
final static short ARRAY_LENGTH = (short) 0xff;
@@ -45,6 +46,9 @@ public class SimpleECCApplet extends javacard.framework.Applet {
public final static byte ECTEST_ECDH_AGREEMENT_INVALID_POINT = (byte) 0xc8;
public final static byte ECTEST_EXECUTED_REPEATS = (byte) 0xc9;
public final static byte ECTEST_DH_GENERATESECRET = (byte) 0xca;
+ public final static byte ECTEST_SET_EXTERNALCURVE = (byte) 0xcb;
+ public final static byte ECTEST_GENERATE_KEYPAIR_EXTERNALCURVE = (byte) 0xcc;
+ public final static byte ECTEST_ECDSA_SIGNATURE = (byte) 0xcd;
public final static short FLAG_ECTEST_ALLOCATE_KEYPAIR = (short) 0x0001;
public final static short FLAG_ECTEST_GENERATE_KEYPAIR_DEFCURVE = (short) 0x0002;
@@ -188,6 +192,9 @@ public class SimpleECCApplet extends javacard.framework.Applet {
case INS_TESTEC_LASTUSEDPARAMS:
TestECSupportInvalidCurve_lastUsedParams(apdu);
break;
+ case INS_TESTECSUPPORT_EXTERNAL:
+ TestEC_SupportExternal(apdu);
+ break;
/*
case INS_ALLOCATEKEYPAIRS:
AllocateKeyPairs(apdu);
@@ -391,6 +398,152 @@ public class SimpleECCApplet extends javacard.framework.Applet {
apdu.setOutgoingAndSend((short) 0, dataOffset);
}
+ short TestECSupportExternalCurve(byte keyClass, short keyLength, byte[] buffer, short bufferOffset, short outputOffset) {
+ short startOffset = outputOffset;
+
+ short fieldLength = Util.getShort(buffer, bufferOffset);
+ bufferOffset += 2;
+ short aLength = Util.getShort(buffer, bufferOffset);
+ bufferOffset += 2;
+ short bLength = Util.getShort(buffer, bufferOffset);
+ bufferOffset += 2;
+ short gxLength = Util.getShort(buffer, bufferOffset);
+ bufferOffset += 2;
+ short gyLength = Util.getShort(buffer, bufferOffset);
+ bufferOffset += 2;
+ short rLength = Util.getShort(buffer, bufferOffset);
+ bufferOffset += 2;
+
+ buffer[outputOffset] = ECTEST_SEPARATOR;
+ outputOffset++;
+
+ // allocatePair
+ buffer[outputOffset] = ECTEST_ALLOCATE_KEYPAIR;
+ outputOffset++;
+ short sw = ecKeyGenerator.allocatePair(keyClass, keyLength);
+ Util.setShort(buffer, outputOffset, sw);
+ outputOffset += 2;
+ if (sw != ISO7816.SW_NO_ERROR) {
+ return (short) (outputOffset - startOffset);
+ }
+
+ // setExternalParam -> forall in {field, a, b, g, r, k}
+ buffer[outputOffset] = ECTEST_SET_EXTERNALCURVE;
+ outputOffset++;
+ sw = ecKeyGenerator.setExternalCurve(ECKeyGenerator.KEY_BOTH, keyClass, buffer, bufferOffset, fieldLength, aLength, bLength, gxLength, gyLength, rLength);
+ Util.setShort(buffer, outputOffset, sw);
+ outputOffset += 2;
+ if (sw != ISO7816.SW_NO_ERROR) {
+ return (short) (outputOffset - startOffset);
+ }
+
+ // generatePair
+ buffer[outputOffset] = ECTEST_GENERATE_KEYPAIR_EXTERNALCURVE;
+ outputOffset++;
+ sw = ecKeyGenerator.generatePair();
+ Util.setShort(buffer, outputOffset, sw);
+ outputOffset += 2;
+ if (sw != ISO7816.SW_NO_ERROR) {
+ return (short) (outputOffset - startOffset);
+ }
+
+ ecPubKey = ecKeyGenerator.getPublicKey();
+ ecPrivKey = ecKeyGenerator.getPrivateKey();
+
+ // test_ECDH
+ buffer[outputOffset] = ECTEST_ECDH_AGREEMENT_VALID_POINT;
+ outputOffset++;
+ sw = ecKeyTester.testECDH_validPoint(ecPrivKey, ecPubKey, m_ramArray, (short) 0, m_ramArray2, (short) 0);
+ Util.setShort(buffer, outputOffset, sw);
+ outputOffset += 2;
+ if (sw != ISO7816.SW_NO_ERROR) {
+ return (short) (outputOffset - startOffset);
+ }
+
+ // test_ECDH invalid
+ buffer[outputOffset] = ECTEST_ECDH_AGREEMENT_INVALID_POINT;
+ outputOffset++;
+ sw = ecKeyTester.testECDH_invalidPoint(ecPrivKey, ecPubKey, m_ramArray, (short) 0, m_ramArray2, (short) 0);
+ Util.setShort(buffer, outputOffset, sw);
+ outputOffset += 2;
+ if (sw != ISO7816.SW_NO_ERROR) {
+ return (short) (outputOffset - startOffset);
+ }
+
+ // test_ECDSA
+ buffer[outputOffset] = ECTEST_ECDSA_SIGNATURE;
+ outputOffset++;
+ randomData.generateData(m_ramArray, (short) 0, (short) (ARRAY_LENGTH / 2));
+ sw = ecKeyTester.testECDSA(ecPrivKey, ecPubKey, m_ramArray, (short) 0, (short) (ARRAY_LENGTH / 2), m_ramArray2, (short) 0);
+ Util.setShort(buffer, outputOffset, sw);
+ outputOffset += 2;
+ if (sw != ISO7816.SW_NO_ERROR) {
+ return (short) (outputOffset - startOffset);
+ }
+
+ return (short) (outputOffset - startOffset);
+ }
+
+ /**
+ * Receives an FP or F2M elliptic curve parameters in the APDU.
+ * Then allocates a new keypair, sets said curve and tries ECDH, ECDSA.
+ * APDU format:
+ * byte CLA = CLA_SIMPLEECCAPPLET
+ * byte INS = INS_TESTECSUPPORT_EXTERNAL
+ * byte P0
+ * byte P1
+ *
+ * CDATA:
+ * byte keyClass -> KeyPair.ALG_EC_FP or KeyPair.ALG_EC_F2\M
+ * short keyLength
+ * short fieldLength
+ * short aLength
+ * short bLength
+ * short gxLength
+ * short gyLength
+ * short rLength
+ * field -> FP: prime / F2M: three or one short representing the reduction polynomial
+ * a
+ * b
+ * gx
+ * gy
+ * r
+ * short k
+ *
+ * Response APDU format:
+ * CDATA:
+ * byte ECTEST_SEPARATOR
+ * byte ECTEST_ALLOCATE_KEYPAIR
+ * short sw
+ * byte ECTEST_SET_EXTERNALCURVE
+ * short sw
+ * byte ECTEST_GENERATE_KEYPAIR_EXTERNALCURVE
+ * short sw
+ * byte ECTEST_ECDH_AGREEMENT_VALID_POINT
+ * short sw
+ * byte ECTEST_ECDH_AGREEMENT_INVALID_POINT
+ * short sw
+ * byte ECTEST_ECDSA_SIGNATURE
+ * short sw
+ *
+ * @param apdu
+ */
+ void TestEC_SupportExternal(APDU apdu) {
+ byte[] apdubuf = apdu.getBuffer();
+ short len = apdu.setIncomingAndReceive();
+
+ short offset = ISO7816.OFFSET_CDATA;
+ byte keyClass = apdubuf[offset];
+ ++offset;
+ short keyLength = Util.getShort(apdubuf, offset);
+ offset += 2;
+
+ short dataLength = TestECSupportExternalCurve(keyClass, keyLength, apdubuf, offset, (short) 0);
+
+ apdu.setOutgoingAndSend((short) 0, dataLength);
+ }
+
+
void TestEC_FP_GenerateInvalidCurve(APDU apdu) {
byte[] apdubuf = apdu.getBuffer();
short len = apdu.setIncomingAndReceive();
diff --git a/src/simpleapdu/SimpleAPDU.java b/src/simpleapdu/SimpleAPDU.java
index 5baf9a6..7401509 100644
--- a/src/simpleapdu/SimpleAPDU.java
+++ b/src/simpleapdu/SimpleAPDU.java
@@ -168,6 +168,12 @@ public class SimpleAPDU {
if (code == SimpleECCApplet.SW_INVALID_CORRUPTION_TYPE) {
codeStr = "SW_INVALID_CORRUPTION_TYPE";
}
+ if (code == SimpleECCApplet.SW_SIG_LENGTH_MISMATCH) {
+ codeStr = "SW_SIG_LENGTH_MISMATCH";
+ }
+ if (code == SimpleECCApplet.SW_SIG_VERIFY_FAIL) {
+ codeStr = "SW_SIG_VERIFY_FAIL";
+ }
return String.format("fail\t(%s,\t0x%4x)", codeStr, code);
}
}
--
cgit v1.2.3-70-g09d2
From 7d946796d87638a5f54cc8562c9d3a95309cf3cc Mon Sep 17 00:00:00 2001
From: J08nY
Date: Mon, 7 Nov 2016 20:26:50 +0100
Subject: ECKeyGenerator: fixes to key genertion, ECKeyTester: fixed ECDH/ECDHC
pubkey length issue. EC_Consts: fixed decompressG and getCurveParameter array
copy mismatch SimpleECCApplet: fixed B parameter test
All tests now pass as before.
---
src/applets/ECKeyGenerator.java | 102 ++++++++++++++++++++++-----------------
src/applets/ECKeyTester.java | 16 +++---
src/applets/EC_Consts.java | 31 ++++++++----
src/applets/SimpleECCApplet.java | 29 +++++------
src/simpleapdu/SimpleAPDU.java | 2 +-
5 files changed, 102 insertions(+), 78 deletions(-)
(limited to 'src/applets/ECKeyGenerator.java')
diff --git a/src/applets/ECKeyGenerator.java b/src/applets/ECKeyGenerator.java
index 28b3ed3..e9bdfa6 100644
--- a/src/applets/ECKeyGenerator.java
+++ b/src/applets/ECKeyGenerator.java
@@ -1,6 +1,7 @@
package applets;
import javacard.framework.ISO7816;
+import javacard.framework.ISOException;
import javacard.framework.Util;
import javacard.security.CryptoException;
import javacard.security.ECPrivateKey;
@@ -16,17 +17,18 @@ public class ECKeyGenerator {
private ECPrivateKey ecPrivateKey = null;
private ECPublicKey ecPublicKey = null;
- public static final byte KEY_PUBLIC = 0x1;
- public static final byte KEY_PRIVATE = 0x2;
- public static final byte KEY_BOTH = KEY_PUBLIC & KEY_PRIVATE;
+ public static final byte KEY_PUBLIC = 0x01;
+ public static final byte KEY_PRIVATE = 0x02;
+ public static final byte KEY_BOTH = KEY_PUBLIC | KEY_PRIVATE;
- public short allocatePair(byte algorithm, short keyLength) {
+ //TODO: add something like allocateGenerate, or modify allocate to auto-generate a key-pair if it returns null key references after allocating
+ public short allocatePair(byte keyClass, short keyLength) {
short result = ISO7816.SW_NO_ERROR;
try {
- ecKeyPair = new KeyPair(algorithm, keyLength);
- ecPrivateKey = (ECPrivateKey) ecKeyPair.getPrivate();
+ ecKeyPair = new KeyPair(keyClass, keyLength);
ecPublicKey = (ECPublicKey) ecKeyPair.getPublic();
+ ecPrivateKey = (ECPrivateKey) ecKeyPair.getPrivate();
} catch (CryptoException ce) {
result = ce.getReason();
} catch (Exception e) {
@@ -36,15 +38,15 @@ public class ECKeyGenerator {
}
public boolean isAllocated() {
- return ecKeyPair != null && ecPrivateKey != null && ecPublicKey != null;
+ return ecKeyPair != null;
}
public short generatePair() {
short result = ISO7816.SW_NO_ERROR;
try {
ecKeyPair.genKeyPair();
- ecPrivateKey = (ECPrivateKey) ecKeyPair.getPrivate();
ecPublicKey = (ECPublicKey) ecKeyPair.getPublic();
+ ecPrivateKey = (ECPrivateKey) ecKeyPair.getPrivate();
} catch (CryptoException ce) {
result = ce.getReason();
} catch (Exception e) {
@@ -63,18 +65,20 @@ public class ECKeyGenerator {
short length;
if (alg == KeyPair.ALG_EC_FP) {
length = EC_Consts.getCurveParameter(curve, EC_Consts.PARAMETER_FP, buffer, offset);
- sw = setExternalParameter(KEY_BOTH, EC_Consts.PARAMETER_FP, buffer, offset, length);
+ sw = setParameter(KEY_BOTH, EC_Consts.PARAMETER_FP, buffer, offset, length);
} else if (alg == KeyPair.ALG_EC_F2M) {
length = EC_Consts.getCurveParameter(curve, EC_Consts.PARAMETER_F2M, buffer, offset);
- sw = setExternalParameter(KEY_BOTH, EC_Consts.PARAMETER_F2M, buffer, offset, length);
+ sw = setParameter(KEY_BOTH, EC_Consts.PARAMETER_F2M, buffer, offset, length);
}
if (sw != ISO7816.SW_NO_ERROR) return sw;
//go through all params
- for (byte param = EC_Consts.PARAMETER_A; param <= EC_Consts.PARAMETER_K; param = (byte)(param << 1)) {
+ byte param = EC_Consts.PARAMETER_A;
+ while (param > 0) {
length = EC_Consts.getCurveParameter(curve, param, buffer, offset);
- sw = setExternalParameter(KEY_BOTH, param, buffer, offset, length);
+ sw = setParameter(KEY_BOTH, param, buffer, offset, length);
if (sw != ISO7816.SW_NO_ERROR) break;
+ param = (byte) (param << 1);
}
return sw;
}
@@ -89,68 +93,76 @@ public class ECKeyGenerator {
//go through param bit by bit, and invalidate all selected params
byte paramMask = 0x01;
- while (paramMask <= EC_Consts.PARAMETER_K) {
- byte masked = (byte)(paramMask & param);
- if (masked != 0){
+ while (paramMask > 0) {
+ byte masked = (byte) (paramMask & param);
+ if (masked != 0) {
short length = EC_Consts.getCorruptCurveParameter(curve, masked, buffer, offset, corruptionType);
- sw = setExternalParameter(key, masked, buffer, offset, length);
+ sw = setParameter(key, masked, buffer, offset, length);
if (sw != ISO7816.SW_NO_ERROR) return sw;
}
- paramMask = (byte)(paramMask << 1);
+ paramMask = (byte) (paramMask << 1);
}
return sw;
}
- public short setExternalParameter(byte key, byte param, byte[] data, short offset, short length) {
+ public short setParameter(byte key, byte param, byte[] data, short offset, short length) {
short result = ISO7816.SW_NO_ERROR;
try {
switch (param) {
- case EC_Consts.PARAMETER_FP:
- if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setFieldFP(data, offset, length);
+ case EC_Consts.PARAMETER_FP: {
if ((key & KEY_PUBLIC) != 0) ecPublicKey.setFieldFP(data, offset, length);
+ if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setFieldFP(data, offset, length);
break;
- case EC_Consts.PARAMETER_F2M:
+ }
+ case EC_Consts.PARAMETER_F2M: {
if (length == 2) {
short i = Util.makeShort(data[offset], data[(short) (offset + 1)]);
- if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setFieldF2M(i);
if ((key & KEY_PUBLIC) != 0) ecPublicKey.setFieldF2M(i);
+ if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setFieldF2M(i);
} else if (length == 6) {
short i1 = Util.makeShort(data[offset], data[(short) (offset + 1)]);
short i2 = Util.makeShort(data[(short) (offset + 2)], data[(short) (offset + 3)]);
short i3 = Util.makeShort(data[(short) (offset + 4)], data[(short) (offset + 5)]);
- if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setFieldF2M(i1, i2, i3);
if ((key & KEY_PUBLIC) != 0) ecPublicKey.setFieldF2M(i1, i2, i3);
+ if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setFieldF2M(i1, i2, i3);
} else {
result = ISO7816.SW_UNKNOWN;
}
break;
- case EC_Consts.PARAMETER_A:
- if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setA(data, offset, length);
+ }
+ case EC_Consts.PARAMETER_A: {
if ((key & KEY_PUBLIC) != 0) ecPublicKey.setA(data, offset, length);
+ if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setA(data, offset, length);
break;
- case EC_Consts.PARAMETER_B:
- if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setB(data, offset, length);
+ }
+ case EC_Consts.PARAMETER_B: {
if ((key & KEY_PUBLIC) != 0) ecPublicKey.setB(data, offset, length);
+ if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setB(data, offset, length);
break;
- case EC_Consts.PARAMETER_G:
- if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setG(data, offset, length);
+ }
+ case EC_Consts.PARAMETER_G: {
if ((key & KEY_PUBLIC) != 0) ecPublicKey.setG(data, offset, length);
+ if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setG(data, offset, length);
break;
- case EC_Consts.PARAMETER_R:
- if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setR(data, offset, length);
+ }
+ case EC_Consts.PARAMETER_R: {
if ((key & KEY_PUBLIC) != 0) ecPublicKey.setR(data, offset, length);
+ if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setR(data, offset, length);
break;
- case EC_Consts.PARAMETER_K:
+ }
+ case EC_Consts.PARAMETER_K: {
if (length != 2) {
result = ISO7816.SW_UNKNOWN;
} else {
- short k = Util.makeShort(data[offset], data[(short) (offset + 1)]);
- if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setK(k);
+ short k = Util.getShort(data, offset);
if ((key & KEY_PUBLIC) != 0) ecPublicKey.setK(k);
+ if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setK(k);
}
break;
- default:
- result = ISO7816.SW_UNKNOWN;
+ }
+ default: {
+ ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
+ }
}
} catch (CryptoException ce) {
result = ce.getReason();
@@ -160,35 +172,35 @@ public class ECKeyGenerator {
return result;
}
- public short setExternalCurve(byte key, byte keyClass, byte[] buffer, short offset, short fieldLength, short aLength, short bLength, short gxLength, short gyLength, short rLength){
+ public short setExternalCurve(byte key, byte keyClass, byte[] buffer, short offset, short fieldLength, short aLength, short bLength, short gxLength, short gyLength, short rLength) {
short sw = ISO7816.SW_NO_ERROR;
if (keyClass == KeyPair.ALG_EC_FP) {
- sw = setExternalParameter(key, EC_Consts.PARAMETER_FP, buffer, offset, fieldLength);
+ sw = setParameter(key, EC_Consts.PARAMETER_FP, buffer, offset, fieldLength);
} else if (keyClass == KeyPair.ALG_EC_F2M) {
- sw = setExternalParameter(key, EC_Consts.PARAMETER_F2M, buffer, offset, fieldLength);
+ sw = setParameter(key, EC_Consts.PARAMETER_F2M, buffer, offset, fieldLength);
}
if (sw != ISO7816.SW_NO_ERROR) return sw;
offset += fieldLength;
//go through all params
- sw = setExternalParameter(key, EC_Consts.PARAMETER_A, buffer, offset, aLength);
+ sw = setParameter(key, EC_Consts.PARAMETER_A, buffer, offset, aLength);
if (sw != ISO7816.SW_NO_ERROR) return sw;
offset += aLength;
- sw = setExternalParameter(key, EC_Consts.PARAMETER_B, buffer, offset, bLength);
+ sw = setParameter(key, EC_Consts.PARAMETER_B, buffer, offset, bLength);
if (sw != ISO7816.SW_NO_ERROR) return sw;
offset += bLength;
- sw = setExternalParameter(key, EC_Consts.PARAMETER_G, buffer, offset, (short) (gxLength + gyLength));
+ sw = setParameter(key, EC_Consts.PARAMETER_G, buffer, offset, (short) (gxLength + gyLength));
if (sw != ISO7816.SW_NO_ERROR) return sw;
offset += gxLength + gyLength;
- sw = setExternalParameter(key, EC_Consts.PARAMETER_R, buffer, offset, aLength);
+ sw = setParameter(key, EC_Consts.PARAMETER_R, buffer, offset, aLength);
if (sw != ISO7816.SW_NO_ERROR) return sw;
offset += rLength;
- sw = setExternalParameter(key, EC_Consts.PARAMETER_K, buffer, offset, (short) 2);
+ sw = setParameter(key, EC_Consts.PARAMETER_K, buffer, offset, (short) 2);
return sw;
}
@@ -226,7 +238,7 @@ public class ECKeyGenerator {
length = 2;
break;
default:
- length = -1;
+ ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
}
} catch (CryptoException ce) {
length = -1;
diff --git a/src/applets/ECKeyTester.java b/src/applets/ECKeyTester.java
index 1031b06..d6ff6c1 100644
--- a/src/applets/ECKeyTester.java
+++ b/src/applets/ECKeyTester.java
@@ -91,13 +91,13 @@ public class ECKeyTester {
* exception reason otherwise
**/
public short testECDH_validPoint(ECPrivateKey privateKey, ECPublicKey publicKey, byte[] pubkeyBuffer, short pubkeyOffset, byte[] outputBuffer, short outputOffset) {
- publicKey.getW(pubkeyBuffer, pubkeyOffset);
- return testDH_validPoint(ecdhKeyAgreement, privateKey, pubkeyBuffer, pubkeyOffset, (short) pubkeyBuffer.length, outputBuffer, outputOffset);
+ short length = publicKey.getW(pubkeyBuffer, pubkeyOffset);
+ return testDH_validPoint(ecdhKeyAgreement, privateKey, pubkeyBuffer, pubkeyOffset, length, outputBuffer, outputOffset);
}
public short testECDH_invalidPoint(ECPrivateKey privateKey, ECPublicKey publicKey, byte[] pubkeyBuffer, short pubkeyOffset, byte[] outputBuffer, short outputOffset) {
- publicKey.getW(pubkeyBuffer, pubkeyOffset);
- return testDH_invalidPoint(ecdhKeyAgreement, privateKey, pubkeyBuffer, pubkeyOffset, (short) pubkeyBuffer.length, outputBuffer, outputOffset);
+ short length = publicKey.getW(pubkeyBuffer, pubkeyOffset);
+ return testDH_invalidPoint(ecdhKeyAgreement, privateKey, pubkeyBuffer, pubkeyOffset, length, outputBuffer, outputOffset);
}
@@ -115,13 +115,13 @@ public class ECKeyTester {
* exception reason otherwise
*/
public short testECDHC_validPoint(ECPrivateKey privateKey, ECPublicKey publicKey, byte[] pubkeyBuffer, short pubkeyOffset, byte[] outputBuffer, short outputOffset) {
- publicKey.getW(pubkeyBuffer, pubkeyOffset);
- return testDH_validPoint(ecdhcKeyAgreement, privateKey, pubkeyBuffer, pubkeyOffset, (short) pubkeyBuffer.length, outputBuffer, outputOffset);
+ short length = publicKey.getW(pubkeyBuffer, pubkeyOffset);
+ return testDH_validPoint(ecdhcKeyAgreement, privateKey, pubkeyBuffer, pubkeyOffset, length, outputBuffer, outputOffset);
}
public short testECDHC_invalidPoint(ECPrivateKey privateKey, ECPublicKey publicKey, byte[] pubkeyBuffer, short pubkeyOffset, byte[] outputBuffer, short outputOffset) {
- publicKey.getW(pubkeyBuffer, pubkeyOffset);
- return testDH_invalidPoint(ecdhcKeyAgreement, privateKey, pubkeyBuffer, pubkeyOffset, (short) pubkeyBuffer.length, outputBuffer, outputOffset);
+ short length = publicKey.getW(pubkeyBuffer, pubkeyOffset);
+ return testDH_invalidPoint(ecdhcKeyAgreement, privateKey, pubkeyBuffer, pubkeyOffset, length, outputBuffer, outputOffset);
}
/**
diff --git a/src/applets/EC_Consts.java b/src/applets/EC_Consts.java
index e39570a..d5f23d1 100644
--- a/src/applets/EC_Consts.java
+++ b/src/applets/EC_Consts.java
@@ -70,7 +70,7 @@ public class EC_Consts {
// cofactor of G
public static final short EC128_FP_K = 1;
- // secp160r1
+ // secp160r1
public static final byte[] EC160_FP_P = new byte[]{
(byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
(byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
@@ -1108,32 +1108,32 @@ public class EC_Consts {
switch (param) {
case PARAMETER_FP:
if (alg == KeyPair.ALG_EC_FP) {
- length = Util.arrayCopyNonAtomic(outputBuffer, outputOffset, EC_FP_P, (short) 0, (short) EC_FP_P.length);
+ length = Util.arrayCopyNonAtomic(EC_FP_P, (short) 0, outputBuffer, outputOffset, (short) EC_FP_P.length);
}
break;
case PARAMETER_F2M:
if (alg == KeyPair.ALG_EC_F2M) {
- length = Util.arrayCopyNonAtomic(outputBuffer, outputOffset, EC_F2M_F2M, (short) 0, (short) EC_F2M_F2M.length);
+ length = Util.arrayCopyNonAtomic(EC_F2M_F2M, (short) 0, outputBuffer, outputOffset, (short) EC_F2M_F2M.length);
}
break;
case PARAMETER_A:
- length = Util.arrayCopyNonAtomic(outputBuffer, outputOffset, EC_A, (short) 0, (short) EC_A.length);
+ length = Util.arrayCopyNonAtomic(EC_A, (short) 0, outputBuffer, outputOffset, (short) EC_A.length);
break;
case PARAMETER_B:
- length = Util.arrayCopyNonAtomic(outputBuffer, outputOffset, EC_B, (short) 0, (short) EC_B.length);
+ length = Util.arrayCopyNonAtomic(EC_B, (short) 0, outputBuffer, outputOffset, (short) EC_B.length);
break;
case PARAMETER_G:
length = decompressG(outputBuffer, outputOffset, EC_G_X, (short) 0, (short) EC_G_X.length, EC_G_Y, (short) 0, (short) EC_G_Y.length);
break;
case PARAMETER_R:
- length = Util.arrayCopyNonAtomic(outputBuffer, outputOffset, EC_R, (short) 0, (short) EC_R.length);
+ length = Util.arrayCopyNonAtomic(EC_R, (short) 0, outputBuffer, outputOffset, (short) EC_R.length);
break;
case PARAMETER_K:
length = 2;
Util.setShort(outputBuffer, outputOffset, EC_K);
break;
default:
- length = -1;
+ ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
}
return length;
}
@@ -1169,9 +1169,9 @@ public class EC_Consts {
rngPos %= length; // make < param length
byte original = outputBuffer[rngPos];
- while (original != outputBuffer[rngPos]) {
+ do {
m_random.generateData(outputBuffer, rngPos, (short) 1);
- }
+ } while (original == outputBuffer[rngPos]);
break;
case CORRUPTION_ZERO:
Util.arrayFillNonAtomic(outputBuffer, outputOffset, length, (byte) 0);
@@ -1181,6 +1181,16 @@ public class EC_Consts {
break;
default:
ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
+ /* //TODO implement CORRUPT_B_LASTBYTEINCREMENT somehow
+ case CORRUPT_B_LASTBYTEINCREMENT:
+ m_ramArray2[(short) (m_lenB - 1)] += 1;
+ // Make sure its not the valid byte again
+ if (m_ramArray[(short) (m_lenB - 1)] == m_ramArray2[(short) (m_lenB - 1)]) {
+ m_ramArray2[(short) (m_lenB - 1)] += 1; // if yes, increment once more
+ }
+ break;
+ }
+ */
}
return length;
}
@@ -1193,10 +1203,11 @@ public class EC_Consts {
short size = 1;
size += gxLength;
size += gyLength;
+
short offset = outputOffset;
+ outputBuffer[offset] = 0x04;
offset += 1;
- outputBuffer[offset] = 0x04;
offset = Util.arrayCopyNonAtomic(gx, gxOffset, outputBuffer, offset, gxLength);
Util.arrayCopyNonAtomic(gy, gyOffset, outputBuffer, offset, gyLength);
return size;
diff --git a/src/applets/SimpleECCApplet.java b/src/applets/SimpleECCApplet.java
index 3b5b514..404bf00 100644
--- a/src/applets/SimpleECCApplet.java
+++ b/src/applets/SimpleECCApplet.java
@@ -8,7 +8,7 @@ import javacard.framework.*;
import javacard.security.*;
-public class SimpleECCApplet extends javacard.framework.Applet {
+public class SimpleECCApplet extends Applet {
// MAIN INSTRUCTION CLASS
final static byte CLA_SIMPLEECCAPPLET = (byte) 0xB0;
@@ -297,7 +297,7 @@ public class SimpleECCApplet extends javacard.framework.Applet {
ecPubKey = ecKeyGenerator.getPublicKey();
ecPrivKey = ecKeyGenerator.getPrivateKey();
if (sw == ISO7816.SW_NO_ERROR) {
- sw = ecKeyTester.testECDH_validPoint(ecPrivKey, ecPubKey, m_ramArray, (short) 0, m_ramArray2, (short) 1);
+ sw = ecKeyTester.testECDH_validPoint(ecPrivKey, ecPubKey, m_ramArray, (short) 0, m_ramArray2, (short) 0);
}
}
Util.setShort(buffer, bufferOffset, sw);
@@ -427,7 +427,7 @@ public class SimpleECCApplet extends javacard.framework.Applet {
return (short) (outputOffset - startOffset);
}
- // setExternalParam -> forall in {field, a, b, g, r, k}
+ // setExternalCurve
buffer[outputOffset] = ECTEST_SET_EXTERNALCURVE;
outputOffset++;
sw = ecKeyGenerator.setExternalCurve(ECKeyGenerator.KEY_BOTH, keyClass, buffer, bufferOffset, fieldLength, aLength, bLength, gxLength, gyLength, rLength);
@@ -598,10 +598,18 @@ public class SimpleECCApplet extends javacard.framework.Applet {
} else {
testFlags = 0;
}
+
+ if (ecPubKey == null || ecPrivKey == null) {
+ ecKeyGenerator.generatePair();
+ ecPrivKey = ecKeyGenerator.getPrivateKey();
+ ecPubKey = ecKeyGenerator.getPublicKey();
+ }
}
Util.setShort(buffer, bufferOffset, sw);
bufferOffset += 2;
+
+
//
// 2. Set invalid custom curve (many times)
//
@@ -620,6 +628,8 @@ public class SimpleECCApplet extends javacard.framework.Applet {
bufferOffset = startOffset;
}
+ ecPubKey.getB(m_ramArray2, (short) 0); //store valid B
+
// set invalid curve
buffer[bufferOffset] = ECTEST_SET_INVALIDCURVE;
bufferOffset++;
@@ -631,23 +641,13 @@ public class SimpleECCApplet extends javacard.framework.Applet {
// CORRUPTION_ONEBYTERANDOM = 0x04, one random byte randomly changed
// CORRUPTION_ZERO = 0x05, parameter competely zero
// CORRUPTION_ONE = 0x06, parameter completely one
- sw = ecKeyGenerator.setCustomInvalidCurve(keyClass, keyClass, ECKeyGenerator.KEY_PUBLIC, EC_Consts.PARAMETER_B, corruptionType, m_ramArray, (short) 0);
+ sw = ecKeyGenerator.setCustomInvalidCurve(keyClass, keyLen, ECKeyGenerator.KEY_BOTH, EC_Consts.PARAMETER_B, corruptionType, m_ramArray, (short) 0);
Util.setShort(buffer, bufferOffset, sw);
bufferOffset += 2;
if (sw != ISO7816.SW_NO_ERROR) {
// if we reach this line, we are interested in value of B that caused incorrect response
break; // stop execution, return B
}
- /* //TODO implement CORRUPT_B_LASTBYTEINCREMENT somehow
- case CORRUPT_B_LASTBYTEINCREMENT:
- m_ramArray2[(short) (m_lenB - 1)] += 1;
- // Make sure its not the valid byte again
- if (m_ramArray[(short) (m_lenB - 1)] == m_ramArray2[(short) (m_lenB - 1)]) {
- m_ramArray2[(short) (m_lenB - 1)] += 1; // if yes, increment once more
- }
- break;
- }
- */
// Gen key pair with invalid curve
@@ -668,6 +668,7 @@ public class SimpleECCApplet extends javacard.framework.Applet {
sw = ecKeyTester.testECDH_validPoint(ecPrivKey, ecPubKey, m_ramArray, (short) 0, m_ramArray2, (short) 0);
m_lenB = ecPubKey.getB(m_ramArray2, (short) 0); //store B
+ //TODO: note, according to the previous version of this method, sw should get appended to the buffer only if sw != SW_NO_ERROR
Util.setShort(buffer, bufferOffset, sw);
bufferOffset += 2;
break; //stop execution, return B
diff --git a/src/simpleapdu/SimpleAPDU.java b/src/simpleapdu/SimpleAPDU.java
index 7401509..ead8fb7 100644
--- a/src/simpleapdu/SimpleAPDU.java
+++ b/src/simpleapdu/SimpleAPDU.java
@@ -106,7 +106,7 @@ public class SimpleAPDU {
if (cardManager.ConnectToCard()) {
testSupportECAll(cardManager);
-
+ //
// Test setting invalid parameter B of curve
byte[] testAPDU = Arrays.clone(TESTECSUPPORTALL_FP_KEYGEN_INVALIDCURVEB);
//testFPkeyGen_setCorruptionType(testAPDU, SimpleECCApplet.CORRUPT_B_LASTBYTEINCREMENT);
--
cgit v1.2.3-70-g09d2
From f4b67923063ca35ae1405d701b461bfda0c10515 Mon Sep 17 00:00:00 2001
From: J08nY
Date: Mon, 28 Nov 2016 22:34:50 +0100
Subject: Added test for small public key degree in ECDH
---
!uploader/simpleECC.cap | Bin 14367 -> 18068 bytes
dist/SimpleAPDU.jar | Bin 3071803 -> 3078811 bytes
src/applets/ECKeyGenerator.java | 31 +++++++++++++------
src/applets/EC_Consts.java | 50 ++++++++++++++++++++++++------
src/applets/SimpleECCApplet.java | 64 ++++++++++++++++++++++++++++++++++-----
src/simpleapdu/SimpleAPDU.java | 19 ++++++++++--
6 files changed, 134 insertions(+), 30 deletions(-)
(limited to 'src/applets/ECKeyGenerator.java')
diff --git a/!uploader/simpleECC.cap b/!uploader/simpleECC.cap
index 7d019f4..d9c360b 100644
Binary files a/!uploader/simpleECC.cap and b/!uploader/simpleECC.cap differ
diff --git a/dist/SimpleAPDU.jar b/dist/SimpleAPDU.jar
index 88b4ab9..9bb85ff 100644
Binary files a/dist/SimpleAPDU.jar and b/dist/SimpleAPDU.jar differ
diff --git a/src/applets/ECKeyGenerator.java b/src/applets/ECKeyGenerator.java
index e9bdfa6..c4b71c0 100644
--- a/src/applets/ECKeyGenerator.java
+++ b/src/applets/ECKeyGenerator.java
@@ -73,39 +73,39 @@ public class ECKeyGenerator {
if (sw != ISO7816.SW_NO_ERROR) return sw;
//go through all params
- byte param = EC_Consts.PARAMETER_A;
- while (param > 0) {
+ short param = EC_Consts.PARAMETER_A;
+ while (param <= EC_Consts.PARAMETER_K) {
length = EC_Consts.getCurveParameter(curve, param, buffer, offset);
sw = setParameter(KEY_BOTH, param, buffer, offset, length);
if (sw != ISO7816.SW_NO_ERROR) break;
- param = (byte) (param << 1);
+ param = (short) (param << 1);
}
return sw;
}
- public short setCustomInvalidCurve(short keyClass, short keyLength, byte key, byte param, short corruptionType, byte[] buffer, short offset) {
+ public short setCustomInvalidCurve(short keyClass, short keyLength, byte key, short param, short corruptionType, byte[] buffer, short offset) {
return setCustomInvalidCurve(EC_Consts.getCurve(keyClass, keyLength), key, param, corruptionType, buffer, offset);
}
- public short setCustomInvalidCurve(byte curve, byte key, byte param, short corruptionType, byte[] buffer, short offset) {
+ public short setCustomInvalidCurve(byte curve, byte key, short param, short corruptionType, byte[] buffer, short offset) {
short sw = setCustomCurve(curve, buffer, offset);
if (sw != ISO7816.SW_NO_ERROR) return sw;
//go through param bit by bit, and invalidate all selected params
- byte paramMask = 0x01;
- while (paramMask > 0) {
- byte masked = (byte) (paramMask & param);
+ short paramMask = 0x01;
+ while (paramMask <= EC_Consts.PARAMETER_K) {
+ short masked = (short) (paramMask & param);
if (masked != 0) {
short length = EC_Consts.getCorruptCurveParameter(curve, masked, buffer, offset, corruptionType);
sw = setParameter(key, masked, buffer, offset, length);
if (sw != ISO7816.SW_NO_ERROR) return sw;
}
- paramMask = (byte) (paramMask << 1);
+ paramMask = (short) (paramMask << 1);
}
return sw;
}
- public short setParameter(byte key, byte param, byte[] data, short offset, short length) {
+ public short setParameter(byte key, short param, byte[] data, short offset, short length) {
short result = ISO7816.SW_NO_ERROR;
try {
switch (param) {
@@ -160,6 +160,12 @@ public class ECKeyGenerator {
}
break;
}
+ case EC_Consts.PARAMETER_S:
+ if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setS(data, offset, length);
+ break;
+ case EC_Consts.PARAMETER_W:
+ if ((key & KEY_PUBLIC) != 0) ecPublicKey.setW(data, offset, length);
+ break;
default: {
ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
}
@@ -237,6 +243,11 @@ public class ECKeyGenerator {
if ((key & KEY_PRIVATE) != 0) Util.setShort(outputBuffer, outputOffset, ecPrivateKey.getK());
length = 2;
break;
+ case EC_Consts.PARAMETER_S:
+ if ((key & KEY_PRIVATE) != 0) length = ecPrivateKey.getS(outputBuffer, outputOffset);
+ break;
+ case EC_Consts.PARAMETER_W:
+ if ((key & KEY_PUBLIC) != 0) length = ecPublicKey.getW(outputBuffer, outputOffset);
default:
ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
}
diff --git a/src/applets/EC_Consts.java b/src/applets/EC_Consts.java
index 24d854c..bcf2b14 100644
--- a/src/applets/EC_Consts.java
+++ b/src/applets/EC_Consts.java
@@ -21,14 +21,16 @@ public class EC_Consts {
private static byte[] EC_F2M_F2M = null; //[short i1, short i2, short i3], f = x^m + x^i1 + x^i2 + x^i3 + 1
- public static final byte PARAMETER_FP = 0x01;
- public static final byte PARAMETER_F2M = 0x02;
+ public static final short PARAMETER_FP = 0x0001;
+ public static final short PARAMETER_F2M = 0x0002;
- public static final byte PARAMETER_A = 0x04;
- public static final byte PARAMETER_B = 0x08;
- public static final byte PARAMETER_G = 0x10;
- public static final byte PARAMETER_R = 0x20;
- public static final byte PARAMETER_K = 0x40;
+ public static final short PARAMETER_A = 0x0004;
+ public static final short PARAMETER_B = 0x0008;
+ public static final short PARAMETER_G = 0x0010;
+ public static final short PARAMETER_R = 0x0020;
+ public static final short PARAMETER_K = 0x0040;
+ public static final short PARAMETER_S = 0x0080;
+ public static final short PARAMETER_W = 0x0100;
public static RandomData m_random = null;
@@ -1658,10 +1660,38 @@ public class EC_Consts {
} else {
ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
}
- return 0; //will not be reached
+ return 0;
}
- public static short getCurveParameter(byte curve, byte param, byte[] outputBuffer, short outputOffset) {
+ public static byte getAnomalousCurve(short keyClass, short keyLength) {
+ if (keyClass == KeyPair.ALG_EC_FP) {
+ switch (keyLength) {
+ case (short) 128:
+ return CURVE_sp128;
+ case (short) 160:
+ return CURVE_sp160;
+ case (short) 192:
+ return CURVE_sp192;
+ case (short) 224:
+ return CURVE_sp224;
+ case (short) 256:
+ return CURVE_sp256;
+ case (short) 384:
+ return CURVE_sp384;
+ case (short) 521:
+ return CURVE_sp521;
+ default:
+ ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
+ }
+ } else if (keyClass == KeyPair.ALG_EC_F2M) {
+ return 0;
+ } else {
+ ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
+ }
+ return 0;
+ }
+
+ public static short getCurveParameter(byte curve, short param, byte[] outputBuffer, short outputOffset) {
byte alg = getCurveType(curve);
switch (curve) {
case CURVE_secp128r1: {
@@ -1905,7 +1935,7 @@ public class EC_Consts {
return length;
}
- public static short getCorruptCurveParameter(byte curve, byte param, byte[] outputBuffer, short outputOffset, short corruptionType) {
+ public static short getCorruptCurveParameter(byte curve, short param, byte[] outputBuffer, short outputOffset, short corruptionType) {
short length = getCurveParameter(curve, param, outputBuffer, outputOffset);
if (length <= 0) {
return length;
diff --git a/src/applets/SimpleECCApplet.java b/src/applets/SimpleECCApplet.java
index 9901aee..8cc4237 100644
--- a/src/applets/SimpleECCApplet.java
+++ b/src/applets/SimpleECCApplet.java
@@ -53,8 +53,11 @@ public class SimpleECCApplet extends Applet {
public final static byte ECTEST_SET_EXTERNALCURVE = (byte) 0xcb;
public final static byte ECTEST_GENERATE_KEYPAIR_EXTERNALCURVE = (byte) 0xcc;
public final static byte ECTEST_ECDSA_SIGNATURE = (byte) 0xcd;
- public final static byte ECTEST_SET_INVALIDFIELD = (byte) 0xce;
- public final static byte ECTEST_GENERATE_KEYPAIR_INVALIDFIELD = (byte) 0xcf;
+ public final static byte ECTEST_SET_ANOMALOUSCURVE = (byte) 0xce;
+ public final static byte ECTEST_GENERATE_KEYPAIR_ANOMALOUSCURVE = (byte) 0xcf;
+ public final static byte ECTEST_ECDH_AGREEMENT_SMALL_DEGREE_POINT = (byte) 0xd0;
+ public final static byte ECTEST_SET_INVALIDFIELD = (byte) 0xd1;
+ public final static byte ECTEST_GENERATE_KEYPAIR_INVALIDFIELD = (byte) 0xd2;
public final static short FLAG_ECTEST_ALLOCATE_KEYPAIR = (short) 0x0001;
public final static short FLAG_ECTEST_GENERATE_KEYPAIR_DEFCURVE = (short) 0x0002;
@@ -65,8 +68,11 @@ public class SimpleECCApplet extends Applet {
public final static short FLAG_ECTEST_ECDH_AGREEMENT_VALID_POINT = (short) 0x0040;
public final static short FLAG_ECTEST_ECDH_AGREEMENT_INVALID_POINT = (short) 0x0080;
public final static short FLAG_ECTEST_ECDSA_SIGNATURE = (short) 0x0100;
- public final static short FLAG_ECTEST_SET_INVALIDFIELD = (short) 0x0200;
- public final static short FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDFIELD = (short) 0x0400;
+ public final static short FLAG_ECTEST_SET_ANOMALOUSCURVE = (short) 0x0200;
+ public final static short FLAG_ECTEST_GENERATE_KEYPAIR_ANOMALOUSCUVE = (short) 0x0400;
+ public final static short FLAG_ECTEST_ECDH_AGREEMENT_SMALL_DEGREE_POINT = (short) 0x0800;
+ public final static short FLAG_ECTEST_SET_INVALIDFIELD = (short) 0x1000;
+ public final static short FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDFIELD = (short) 0x2000;
public final static short FLAG_ECTEST_ALL = (short) 0xffff;
@@ -341,13 +347,55 @@ public class SimpleECCApplet extends Applet {
if (sw == ISO7816.SW_NO_ERROR) {
sw = ecKeyTester.testECDSA(ecPrivKey, ecPubKey, m_ramArray2, (short) 0, (short) m_ramArray2.length, m_ramArray, (short) 0);
}
+ }
+ Util.setShort(buffer, bufferOffset, sw);
+ bufferOffset += 2;
+
+ //
+ // 8. Set anomalous custom curve
+ //
+ buffer[bufferOffset] = ECTEST_SET_ANOMALOUSCURVE;
+ bufferOffset++;
+ sw = SW_SKIPPED;
+ if ((testFlags & FLAG_ECTEST_SET_ANOMALOUSCURVE) != (short) 0) {
+ sw = ecKeyGenerator.setCustomCurve(EC_Consts.getAnomalousCurve(keyClass, keyLen), m_ramArray, (short) 0);
+ if (sw != ISO7816.SW_NO_ERROR) {
+ testFlags &= ~FLAG_ECTEST_GENERATE_KEYPAIR_ANOMALOUSCUVE;
+ }
+ }
+ Util.setShort(buffer, bufferOffset, sw);
+ bufferOffset += 2;
+
+ //
+ // 9. Generate keypair with anomalous custom curve
+ //
+
+ buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_ANOMALOUSCURVE;
+ bufferOffset++;
+ sw = SW_SKIPPED;
+ if ((testFlags & FLAG_ECTEST_GENERATE_KEYPAIR_ANOMALOUSCUVE) != (short) 0) {
+ sw = ecKeyGenerator.generatePair();
+ }
+ Util.setShort(buffer, bufferOffset, sw);
+ bufferOffset += 2;
+ //
+ // 10. Test small degree pubkey
+ //
+
+ buffer[bufferOffset] = ECTEST_ECDH_AGREEMENT_SMALL_DEGREE_POINT;
+ bufferOffset++;
+ sw = SW_SKIPPED;
+ if ((testFlags & FLAG_ECTEST_ECDH_AGREEMENT_SMALL_DEGREE_POINT) != (short) 0) {
+ ecPubKey = ecKeyGenerator.getPublicKey();
+ ecPrivKey = ecKeyGenerator.getPrivateKey();
+ sw = ecKeyTester.testECDH_validPoint(ecPrivKey, ecPubKey, m_ramArray, (short) 0, m_ramArray2, (short) 1);
}
Util.setShort(buffer, bufferOffset, sw);
bufferOffset += 2;
//
- // 8. Set invalid custom curve
+ // 11. Set invalid custom curve
//
buffer[bufferOffset] = ECTEST_SET_INVALIDCURVE;
bufferOffset++;
@@ -363,7 +411,7 @@ public class SimpleECCApplet extends Applet {
bufferOffset += 2;
//
- // 9. Generate keypair with invalid custom curve
+ // 12. Generate keypair with invalid custom curve
//
buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE;
bufferOffset++;
@@ -375,7 +423,7 @@ public class SimpleECCApplet extends Applet {
bufferOffset += 2;
//
- // 10. Set invalid field
+ // 13. Set invalid field
//
buffer[bufferOffset] = ECTEST_SET_INVALIDFIELD;
bufferOffset++;
@@ -393,7 +441,7 @@ public class SimpleECCApplet extends Applet {
Util.setShort(buffer, bufferOffset, sw);
bufferOffset += 2;
- // 11. Generate key with invalid field
+ // 14. Generate key with invalid field
buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_INVALIDFIELD;
bufferOffset++;
sw = SW_SKIPPED;
diff --git a/src/simpleapdu/SimpleAPDU.java b/src/simpleapdu/SimpleAPDU.java
index 77478a0..44bf302 100644
--- a/src/simpleapdu/SimpleAPDU.java
+++ b/src/simpleapdu/SimpleAPDU.java
@@ -5,6 +5,7 @@ import applets.SimpleECCApplet;
import javacard.framework.ISO7816;
import javacard.security.CryptoException;
import javacard.security.KeyPair;
+import sun.java2d.pipe.SpanShapeRenderer;
import javax.smartcardio.ResponseAPDU;
import java.io.FileNotFoundException;
@@ -73,6 +74,7 @@ public class SimpleAPDU {
static void testSupportECGivenAlg(byte[] apdu, CardMngr cardManager) throws Exception {
ReconnnectToCard();
ResponseAPDU resp = cardManager.sendAPDU(apdu);
+ //byte[] resp = cardManager.sendAPDUSimulator(apdu);
PrintECSupport(resp);
}
@@ -143,7 +145,11 @@ public class SimpleAPDU {
try {
if (testAll) {
+ //byte[] installData = new byte[10];
+ //byte[] AID = {(byte) 0x4C, (byte) 0x61, (byte) 0x62, (byte) 0x61, (byte) 0x6B, (byte) 0x41, (byte) 0x70, (byte) 0x70, (byte) 0x6C, (byte) 0x65, (byte) 0x74};
+ //cardManager.prepareLocalSimulatorApplet(AID, installData, SimpleECCApplet.class);
if (cardManager.ConnectToCard()) {
+
// Test all default curves for both fields
testSupportECAll(cardManager);
@@ -301,7 +307,10 @@ public class SimpleAPDU {
}
static void PrintECSupport(ResponseAPDU resp) {
- byte[] buffer = resp.getData();
+ PrintECSupport(resp.getData());
+ }
+
+ static void PrintECSupport(byte[] buffer) {
m_SystemOutLogger.println();
m_SystemOutLogger.println("### Test for support and with valid and invalid EC curves");
@@ -329,6 +338,9 @@ public class SimpleAPDU {
bufferOffset = VerifyPrintResult("ECDH agreement with valid point:", SimpleECCApplet.ECTEST_ECDH_AGREEMENT_VALID_POINT, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED);
bufferOffset = VerifyPrintResult("ECDH agreement with invalid point (fail is good):", SimpleECCApplet.ECTEST_ECDH_AGREEMENT_INVALID_POINT, buffer, bufferOffset, ExpResult.MUST_FAIL);
bufferOffset = VerifyPrintResult("ECDSA signature on random data:", SimpleECCApplet.ECTEST_ECDSA_SIGNATURE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED);
+ bufferOffset = VerifyPrintResult("Set anomalous custom curve (may fail):", SimpleECCApplet.ECTEST_SET_ANOMALOUSCURVE, buffer, bufferOffset, ExpResult.MAY_FAIL);
+ bufferOffset = VerifyPrintResult("Generate key with anomalous curve (may fail):", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_ANOMALOUSCURVE, buffer, bufferOffset, ExpResult.MAY_FAIL);
+ bufferOffset = VerifyPrintResult("ECDH agreement with small order point (fail is good):", SimpleECCApplet.ECTEST_ECDH_AGREEMENT_SMALL_DEGREE_POINT, buffer, bufferOffset, ExpResult.MUST_FAIL);
bufferOffset = VerifyPrintResult("Set invalid custom curve (may fail):", SimpleECCApplet.ECTEST_SET_INVALIDCURVE, buffer, bufferOffset, ExpResult.MAY_FAIL);
bufferOffset = VerifyPrintResult("Generate key with invalid curve (fail is good):", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE, buffer, bufferOffset, ExpResult.MUST_FAIL);
bufferOffset = VerifyPrintResult("Set invalid field (may fail):", SimpleECCApplet.ECTEST_SET_INVALIDFIELD, buffer, bufferOffset, ExpResult.MAY_FAIL);
@@ -339,7 +351,10 @@ public class SimpleAPDU {
}
static void PrintECKeyGenInvalidCurveB(ResponseAPDU resp) {
- byte[] buffer = resp.getData();
+ PrintECKeyGenInvalidCurveB(resp.getData());
+ }
+
+ static void PrintECKeyGenInvalidCurveB(byte[] buffer) {
m_SystemOutLogger.println();
m_SystemOutLogger.println("### Test for computation with invalid parameter B for EC curve");
--
cgit v1.2.3-70-g09d2
From 5f0ec2706a9dbb6aa72ea3c7eb798cd83045e867 Mon Sep 17 00:00:00 2001
From: J08nY
Date: Sat, 10 Dec 2016 23:32:41 +0100
Subject: Added CLI options, Apache commons-cli lib, anomalous curve key export
- Added CLI options, see SimpleAPDU.jar -h - Added Apache commons-cli for
CLI options, it uses Apache license - Added support for anomalous curve
export both reader/applet side: `java -jar SimpleAPDU.jar -g 10 -b 256 -fp
-s` generates 10 curves over ECSP256 an anomalous 256bit curve.
---
!uploader/simpleECC.cap | Bin 18215 -> 18296 bytes
README.md | 39 ++--
dist/SimpleAPDU.jar | Bin 3078963 -> 470966 bytes
lib/commons-cli-1.3.1-javadoc.jar | Bin 0 -> 169756 bytes
lib/commons-cli-1.3.1.jar | Bin 0 -> 52988 bytes
src/applets/ECKeyGenerator.java | 5 +-
src/applets/SimpleECCApplet.java | 23 ++-
src/simpleapdu/CardMngr.java | 7 +-
src/simpleapdu/DirtyLogger.java | 12 +-
src/simpleapdu/SimpleAPDU.java | 419 +++++++++++++++++++++-----------------
10 files changed, 285 insertions(+), 220 deletions(-)
create mode 100644 lib/commons-cli-1.3.1-javadoc.jar
create mode 100644 lib/commons-cli-1.3.1.jar
(limited to 'src/applets/ECKeyGenerator.java')
diff --git a/!uploader/simpleECC.cap b/!uploader/simpleECC.cap
index e76168c..52fef17 100644
Binary files a/!uploader/simpleECC.cap and b/!uploader/simpleECC.cap differ
diff --git a/README.md b/README.md
index df80750..ad76fc1 100644
--- a/README.md
+++ b/README.md
@@ -6,7 +6,7 @@ Tests support and behavior of smartcards with JavaCard platform with focus on El
Usage
------
1. Upload simpleECC.cap using your favorite tool (e.g., [GlobalPlatformPro tool](https://github.com/martinpaljak/GlobalPlatform))
-2. Run java -jar SimpleAPDU.jar
+2. Run `java -jar SimpleAPDU.jar`
3. Inspect output log with annotated results
Following operations are tested:
@@ -14,24 +14,33 @@ Following operations are tested:
- Generation of keypair with default curve
- Setting of custom curve and keypair generation
- Generation of shared secret via ECDH
-- Behavior of card when invalid curves/points are provided (shoudl fail)
+- Signature via ECDSA
+- Behavior of card when invalid curves/points are provided (should fail)
+
+See `java -jar SimpleAPDU.jar -h` for more.
Example output
--------------
- EC type: ALG_EC_FP
- EC key length (bits): 224 bits
- KeyPair object allocation: OK (0x9000)
- Generate key with def curve (fails if no def): fail (ILLEGAL_VALUE, 0x1)
- Set valid custom curve: OK (0x9000)
- Generate key with valid curve: OK (0x9000)
- !!ECDH agreement with valid point: fail (0x6f00)
- ECDH agreement with invalid point (fail is good): fail (unknown, 0x6f00)
- Set invalid custom curve (fail is good): fail (ILLEGAL_VALUE, 0x1)
- Generate key with invalid curve (fail is good): fail (skipped, 0xee1)
-
-
-*Explanation: ALG_EC_FP with 224b curve was tested. Is supported by card (KeyPair object allocation: OK), don't have preset default curve (Generate key with def curve: fail), custom curve can be set (Set valid custom curve: OK), new keypair can be generated (Generate key with valid curve: OK), ECDH key agreement failed to execute (ECDH agreement with valid point: fail) altough it was supposed to suceed (log line is therefore marked with !!), ECDH wil fail (expected behavior) if invalid point is provided (ECDH agreement with invalid point: fail), invalid custom curve cannot be set (expected behavior) (Set invalid custom curve: fail) and new keypair cannot be generated with invalid curve (Generate key with invalid curve: skipped) - last test was skipped as invalid curve canot be set.*
+ ### Test for support and with valid and invalid EC curves
+ EC type: ALG_EC_FP
+ EC key length (bits): 256 bits
+ KeyPair object allocation: OK (0x9000)
+ Generate key with def curve (fails if no def): OK (0x9000)
+ Set valid custom curve: OK (0x9000)
+ Generate key with valid curve: OK (0x9000)
+ !! ECDH agreement with valid point: fail (unknown, 0x6f00)
+ ECDH agreement with invalid point (fail is good): fail (ILLEGAL_VALUE, 0x 1)
+ ECDSA signature on random data: OK (0x9000)
+ Set anomalous custom curve (may fail): OK (0x9000)
+ Generate key with anomalous curve (may fail): fail (unknown, 0x6f00)
+ ECDH agreement with small order point (fail is good):fail (skipped, 0x ee1)
+ Set invalid custom curve (may fail): OK (0x9000)
+ Generate key with invalid curve (fail is good): fail (unknown, 0x6f00)
+ Set invalid field (may fail): OK (0x9000)
+ Generate key with invalid field (fail si good): fail (unknown, 0x6f00)
+
+*Explanation: ALG_EC_FP with 256b curve was tested. Is supported by card (KeyPair object allocation: OK), don't have preset default curve (Generate key with def curve: fail), custom curve can be set (Set valid custom curve: OK), new keypair can be generated (Generate key with valid curve: OK), ECDH key agreement failed to execute (ECDH agreement with valid point: fail) although it was supposed to succeed (log line is therefore marked with !!), ECDH wil fail (expected behavior) if invalid point is provided (ECDH agreement with invalid point: fail), ECDSA signature worked and verified correctly (ECDSA signature on random data: OK), anomalous curve can be set (Set anomalous custom curve: OK), however generating a key on it will fail (Generate key with anomalous curve: fail), ECDH with small-order public key provided will fail as intended (ECDH agreement with small order point: fail), invalid custom curve could be set (Set invalid custom curve: OK), new keypair cannot be generated with invalid curve (Generate key with invalid curve: fail), invalid field (non-prime) could be set (Set invalid field: OK), however a key could not be generated (Generate key with invalid field: fail).*
If you are interested in testing support for other JavaCard algorithms, please visit JCAlgTester project: https://github.com/crocs-muni/JCAlgTest
diff --git a/dist/SimpleAPDU.jar b/dist/SimpleAPDU.jar
index 09b7e73..1e96259 100644
Binary files a/dist/SimpleAPDU.jar and b/dist/SimpleAPDU.jar differ
diff --git a/lib/commons-cli-1.3.1-javadoc.jar b/lib/commons-cli-1.3.1-javadoc.jar
new file mode 100644
index 0000000..c741ec4
Binary files /dev/null and b/lib/commons-cli-1.3.1-javadoc.jar differ
diff --git a/lib/commons-cli-1.3.1.jar b/lib/commons-cli-1.3.1.jar
new file mode 100644
index 0000000..c3e7a1f
Binary files /dev/null and b/lib/commons-cli-1.3.1.jar differ
diff --git a/src/applets/ECKeyGenerator.java b/src/applets/ECKeyGenerator.java
index c4b71c0..491cd86 100644
--- a/src/applets/ECKeyGenerator.java
+++ b/src/applets/ECKeyGenerator.java
@@ -22,7 +22,6 @@ public class ECKeyGenerator {
public static final byte KEY_BOTH = KEY_PUBLIC | KEY_PRIVATE;
- //TODO: add something like allocateGenerate, or modify allocate to auto-generate a key-pair if it returns null key references after allocating
public short allocatePair(byte keyClass, short keyLength) {
short result = ISO7816.SW_NO_ERROR;
try {
@@ -105,6 +104,10 @@ public class ECKeyGenerator {
return sw;
}
+ public short setCustomAnomalousCurve(short keyClass, short keyLength, byte[] buffer, short offset) {
+ return setCustomCurve(EC_Consts.getAnomalousCurve(keyClass, keyLength), buffer, offset);
+ }
+
public short setParameter(byte key, short param, byte[] data, short offset, short length) {
short result = ISO7816.SW_NO_ERROR;
try {
diff --git a/src/applets/SimpleECCApplet.java b/src/applets/SimpleECCApplet.java
index e63bcf2..ecdfa4e 100644
--- a/src/applets/SimpleECCApplet.java
+++ b/src/applets/SimpleECCApplet.java
@@ -359,7 +359,7 @@ public class SimpleECCApplet extends Applet {
sw = SW_SKIPPED;
if ((testFlags & FLAG_ECTEST_SET_ANOMALOUSCURVE) != (short) 0) {
if (keyClass == KeyPair.ALG_EC_FP) { //Only FP supported at the moment
- sw = ecKeyGenerator.setCustomCurve(EC_Consts.getAnomalousCurve(keyClass, keyLen), m_ramArray, (short) 0);
+ sw = ecKeyGenerator.setCustomAnomalousCurve(keyClass, keyLen, m_ramArray, (short) 0);
}
if (sw != ISO7816.SW_NO_ERROR) {
testFlags &= ~FLAG_ECTEST_GENERATE_KEYPAIR_ANOMALOUSCUVE;
@@ -915,21 +915,30 @@ public class SimpleECCApplet extends Applet {
void GenerateAndReturnKey(APDU apdu) {
byte[] apdubuf = apdu.getBuffer();
apdu.setIncomingAndReceive();
+
+ short offset = ISO7816.OFFSET_CDATA;
+ byte keyClass = apdubuf[offset];
+ offset++;
- short bitLen = Util.getShort(apdubuf, ISO7816.OFFSET_CDATA);
+ short keyLength = Util.getShort(apdubuf, offset);
+ offset+=2;
- short offset = 0;
+ byte anomalous = apdubuf[offset];
+
+ offset = 0;
switch (apdubuf[ISO7816.OFFSET_P1]) {
case P1_SETCURVE: {
- ecKeyGenerator.allocatePair(KeyPair.ALG_EC_FP, bitLen);
+ ecKeyGenerator.allocatePair(keyClass, keyLength);
+ if(anomalous != 0) {
+ ecKeyGenerator.setCustomAnomalousCurve(keyClass, keyLength, m_ramArray, (short) 0);
+ } else {
+ ecKeyGenerator.setCustomCurve(keyClass, keyLength, m_ramArray, (short) 0);
+ }
ecKeyGenerator.generatePair();
ecPubKey = ecKeyGenerator.getPublicKey();
ecPrivKey = ecKeyGenerator.getPrivateKey();
-
- // If required, initialize curve parameters first
- ecKeyGenerator.setCustomCurve(KeyPair.ALG_EC_FP, bitLen, m_ramArray, (short) 0);
break;
}
case P1_GENERATEKEYPAIR: {
diff --git a/src/simpleapdu/CardMngr.java b/src/simpleapdu/CardMngr.java
index d778bc8..ae8bd55 100644
--- a/src/simpleapdu/CardMngr.java
+++ b/src/simpleapdu/CardMngr.java
@@ -105,7 +105,10 @@ public class CardMngr {
return true;
}
-
+
+ public boolean isConnected() {
+ return m_card != null;
+ }
public void DisconnectFromCard() throws Exception {
if (m_card != null) {
@@ -191,7 +194,7 @@ public class CardMngr {
if (responseAPDU.getSW1() == (byte) 0x61) {
CommandAPDU apduToSend = new CommandAPDU((byte) 0x00,
(byte) 0xC0, (byte) 0x00, (byte) 0x00,
- (int) responseAPDU.getSW1());
+ responseAPDU.getSW1());
responseAPDU = m_channel.transmit(apduToSend);
System.out.println(bytesToHex(responseAPDU.getBytes()));
diff --git a/src/simpleapdu/DirtyLogger.java b/src/simpleapdu/DirtyLogger.java
index 69e5e65..c06571b 100644
--- a/src/simpleapdu/DirtyLogger.java
+++ b/src/simpleapdu/DirtyLogger.java
@@ -1,14 +1,7 @@
-/*
- * To change this license header, choose License Headers in Project Properties.
- * To change this template file, choose Tools | Templates
- * and open the template in the editor.
- */
package simpleapdu;
import java.io.FileOutputStream;
import java.io.IOException;
-import java.util.logging.Level;
-import java.util.logging.Logger;
/**
*
@@ -17,6 +10,7 @@ import java.util.logging.Logger;
public class DirtyLogger {
FileOutputStream m_logFile;
boolean m_bOutputSystemOut = true;
+
public DirtyLogger(FileOutputStream logFile, boolean bOutputSystemOut) {
m_logFile = logFile;
m_bOutputSystemOut = bOutputSystemOut;
@@ -47,4 +41,8 @@ public class DirtyLogger {
} catch (IOException ex) {
}
}
+
+ void close() throws IOException {
+ m_logFile.close();
+ }
}
diff --git a/src/simpleapdu/SimpleAPDU.java b/src/simpleapdu/SimpleAPDU.java
index 44bf302..241ef4c 100644
--- a/src/simpleapdu/SimpleAPDU.java
+++ b/src/simpleapdu/SimpleAPDU.java
@@ -5,7 +5,13 @@ import applets.SimpleECCApplet;
import javacard.framework.ISO7816;
import javacard.security.CryptoException;
import javacard.security.KeyPair;
-import sun.java2d.pipe.SpanShapeRenderer;
+import org.apache.commons.cli.CommandLine;
+import org.apache.commons.cli.CommandLineParser;
+import org.apache.commons.cli.DefaultParser;
+import org.apache.commons.cli.HelpFormatter;
+import org.apache.commons.cli.Option;
+import org.apache.commons.cli.Options;
+import org.apache.commons.cli.ParseException;
import javax.smartcardio.ResponseAPDU;
import java.io.FileNotFoundException;
@@ -18,13 +24,17 @@ import java.util.Arrays;
* @author Petr Svenda petr@svenda.com
*/
public class SimpleAPDU {
- static CardMngr cardManager = new CardMngr();
+ private CardMngr cardManager = new CardMngr();
+ private DirtyLogger systemOutLogger = null;
+
+ private CommandLineParser cliParser = new DefaultParser();
+ private Options opts = new Options();
+ private static final String cliHeader = "";
+ private static final String cliFooter = "";
private final static byte SELECT_ECTESTERAPPLET[] = {(byte) 0x00, (byte) 0xa4, (byte) 0x04, (byte) 0x00, (byte) 0x0a,
(byte) 0x45, (byte) 0x43, (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x65, (byte) 0x72, (byte) 0x30, (byte) 0x31};
- static DirtyLogger m_SystemOutLogger = null;
-
private static final byte TESTECSUPPORTALL_FP[] = {(byte) 0xB0, (byte) 0x5E, (byte) 0x00, (byte) 0x00, (byte) 0x00};
private static final byte TESTECSUPPORTALL_F2M[] = {(byte) 0xB0, (byte) 0x5F, (byte) 0x00, (byte) 0x00, (byte) 0x00};
private static final byte TESTECSUPPORT_GIVENALG[] = {(byte) 0xB0, (byte) 0x71, (byte) 0x00, (byte) 0x00, (byte) 0x03, (byte) 0x00, (byte) 0x00, (byte) 0x00};
@@ -38,8 +48,104 @@ public class SimpleAPDU {
private static final short INVALIDCURVEB_CORRUPTIONTYPE_OFFSET = 7;
private static final short INVALIDCURVEB_REWINDONSUCCESS_OFFSET = 9;
- private static final byte TESTECSUPPORT_GENERATEECCKEY[] = {(byte) 0xB0, (byte) 0x5a, (byte) 0x00, (byte) 0x00, (byte) 0x02, (byte) 0x00, (byte) 0x00};
+ private static final byte TESTECSUPPORT_GENERATEECCKEY[] = {(byte) 0xB0, (byte) 0x5a, (byte) 0x00, (byte) 0x00, (byte) 0x04, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00};
+ private static final short GENERATEECKEY_ALG_OFFSET = 5;
+ private static final short GENERATEECKEY_KEYLENGTH_OFFSET = 6;
+ private static final short GENERATEECKEY_ANOMALOUS_OFFSET = 8;
+
+
+ public void run(String[] args) {
+ try {
+ //parse cmd args
+ CommandLine cli = parseArgs(args);
+
+ //byte[] installData = new byte[10];
+ //byte[] AID = {(byte) 0x4C, (byte) 0x61, (byte) 0x62, (byte) 0x61, (byte) 0x6B, (byte) 0x41, (byte) 0x70, (byte) 0x70, (byte) 0x6C, (byte) 0x65, (byte) 0x74};
+ //cardManager.prepareLocalSimulatorApplet(AID, installData, SimpleECCApplet.class);
+
+ //do stuff
+ if (cli.hasOption("help")) {
+ HelpFormatter help = new HelpFormatter();
+ help.printHelp("SimpleAPDU", cliHeader, opts, cliFooter);
+ } else {
+ //open log(only when actually doing something)
+ String logFileName = cli.getOptionValue("output-file", String.format("ECTESTER_log_%d.log", System.currentTimeMillis()));
+ FileOutputStream stdoutStream = new FileOutputStream(logFileName);
+ systemOutLogger = new DirtyLogger(stdoutStream, true);
+
+ boolean fp = cli.hasOption("fp");
+ boolean f2m = cli.hasOption("f2m");
+ if (!fp && !f2m) {
+ fp = true;
+ f2m = true;
+ }
+ int genAmount = Integer.parseInt(cli.getOptionValue("generate", "0"));
+ int keyLength = Integer.parseInt(cli.getOptionValue("b", "192"));
+
+ if (cli.hasOption("generate")) {
+ //generate EC keys
+ if (fp) {
+ generateECKeys(genAmount, KeyPair.ALG_EC_FP, (short) keyLength, cli.hasOption("anomalous"));
+ }
+ if (f2m) {
+ generateECKeys(genAmount, KeyPair.ALG_EC_F2M, (short) keyLength, cli.hasOption("anomalous"));
+ }
+ } else if (cli.hasOption("test")) {
+ if (cli.hasOption("bit-length")) {
+ //test only one bitsize
+ if (fp) {
+ testSupportECFp((short) keyLength);
+ }
+ if (f2m) {
+ testSupportECFp((short) keyLength);
+ }
+ } else {
+ //test default bit sizes
+ testSupportECAll(fp, f2m);
+ testFPkeyGen((short) 10, EC_Consts.CORRUPTION_ONEBYTERANDOM, true);
+ }
+ } else {
+ systemOutLogger.println("You need to specify one of -t / -g [num] commands.");
+ }
+
+ //close log
+ systemOutLogger.close();
+ }
+
+ //disconnect
+ cardManager.DisconnectFromCard();
+ } catch (Exception ex) {
+ if (systemOutLogger != null) {
+ systemOutLogger.println("Exception : " + ex);
+ }
+ }
+ }
+ private CommandLine parseArgs(String[] args) throws ParseException {
+
+ opts.addOption("h", "help", false, "show this help");
+ opts.addOption(Option.builder("g")
+ .longOpt("generate")
+ .hasArg()
+ .optionalArg(true)
+ .argName("num")
+ .desc("generate EC keys").build());
+ opts.addOption("t", "test", false, "test EC support (default)");
+ opts.addOption(Option.builder("b")
+ .longOpt("bit-length")
+ .hasArg()
+ .argName("bits")
+ .desc("set EC bit size").build());
+ opts.addOption("f2m", "use EC over binary-fields");
+ opts.addOption("fp", "user EC over prime-fields (default)");
+ opts.addOption("s", "anomalous", false, "generate anomalous (non-prime order, small pubkey order) curves");
+ opts.addOption(Option.builder("o")
+ .longOpt("output-file")
+ .hasArg()
+ .argName("file")
+ .desc("output file to log to").build());
+ return cliParser.parse(opts, args);
+ }
static short getShort(byte[] array, int offset) {
return (short) (((array[offset] & 0xFF) << 8) | (array[offset + 1] & 0xFF));
@@ -50,190 +156,125 @@ public class SimpleAPDU {
array[offset] = (byte) ((value >> 8) & 0xFF);
}
- static void testFPkeyGen_setNumRepeats(byte[] apduArray, short numRepeats) {
- setShort(apduArray, INVALIDCURVEB_NUMREPEATS_OFFSET, numRepeats);
- }
-
- static void testFPkeyGen_setCorruptionType(byte[] apduArray, short corruptionType) {
- setShort(apduArray, INVALIDCURVEB_CORRUPTIONTYPE_OFFSET, corruptionType);
- }
-
- static void testFPkeyGen_rewindOnSuccess(byte[] apduArray, boolean bRewind) {
- apduArray[INVALIDCURVEB_REWINDONSUCCESS_OFFSET] = bRewind ? (byte) 1 : (byte) 0;
- }
+ private boolean ReconnnectToCard() throws Exception {
+ if (cardManager.isConnected()) {
+ cardManager.DisconnectFromCard();
+ }
- static CardMngr ReconnnectToCard() throws Exception {
- cardManager.DisconnectFromCard();
- if (cardManager.ConnectToCard()) {
+ boolean result = cardManager.ConnectToCard();
+ if (result) {
// Select our application on card
cardManager.sendAPDU(SELECT_ECTESTERAPPLET);
}
- return cardManager;
+ return result;
}
- static void testSupportECGivenAlg(byte[] apdu, CardMngr cardManager) throws Exception {
+ private void testFPkeyGen(short numRepeats, short corruptionType, boolean bRewind) throws Exception {
+ byte[] apdu = Arrays.copyOf(TESTECSUPPORTALL_FP_KEYGEN_INVALIDCURVEB, TESTECSUPPORTALL_FP_KEYGEN_INVALIDCURVEB.length);
+ setShort(apdu, INVALIDCURVEB_NUMREPEATS_OFFSET, numRepeats);
+ setShort(apdu, INVALIDCURVEB_CORRUPTIONTYPE_OFFSET, corruptionType);
+ apdu[INVALIDCURVEB_REWINDONSUCCESS_OFFSET] = bRewind ? (byte) 1 : (byte) 0;
+
+ ReconnnectToCard();
+ ResponseAPDU resp_fp_keygen = cardManager.sendAPDU(apdu);
+ ResponseAPDU resp_keygen_params = cardManager.sendAPDU(TESTECSUPPORTALL_LASTUSEDPARAMS);
+ PrintECKeyGenInvalidCurveB(resp_fp_keygen);
+ PrintECKeyGenInvalidCurveB_lastUserParams(resp_keygen_params);
+ }
+
+ private void testSupportECGivenAlg(short keyLength, byte keyClass) throws Exception {
+ byte[] apdu = Arrays.copyOf(TESTECSUPPORT_GIVENALG, TESTECSUPPORT_GIVENALG.length);
+ apdu[TESTECSUPPORT_ALG_OFFSET] = keyClass;
+ setShort(apdu, TESTECSUPPORT_KEYLENGTH_OFFSET, keyLength);
+
ReconnnectToCard();
ResponseAPDU resp = cardManager.sendAPDU(apdu);
//byte[] resp = cardManager.sendAPDUSimulator(apdu);
PrintECSupport(resp);
}
- static void testSupportECAll(CardMngr cardManager) throws Exception {
- byte[] testAPDU = Arrays.copyOf(TESTECSUPPORT_GIVENALG, TESTECSUPPORT_GIVENALG.length);
-
- testAPDU[TESTECSUPPORT_ALG_OFFSET] = KeyPair.ALG_EC_FP;
- setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 128);
- testSupportECGivenAlg(testAPDU, cardManager);
- setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 160);
- testSupportECGivenAlg(testAPDU, cardManager);
- setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 192);
- testSupportECGivenAlg(testAPDU, cardManager);
- setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 224);
- testSupportECGivenAlg(testAPDU, cardManager);
- setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 256);
- testSupportECGivenAlg(testAPDU, cardManager);
- setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 384);
- testSupportECGivenAlg(testAPDU, cardManager);
- setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 521);
- testSupportECGivenAlg(testAPDU, cardManager);
-
- testAPDU[TESTECSUPPORT_ALG_OFFSET] = KeyPair.ALG_EC_F2M;
- setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 113);
- testSupportECGivenAlg(testAPDU, cardManager);
- setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 131);
- testSupportECGivenAlg(testAPDU, cardManager);
- setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 163);
- testSupportECGivenAlg(testAPDU, cardManager);
- setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 193);
- testSupportECGivenAlg(testAPDU, cardManager);
-
+ private void testSupportECFp(short keyLength) throws Exception {
+ testSupportECGivenAlg(keyLength, KeyPair.ALG_EC_FP);
}
- public static void main(String[] args) throws FileNotFoundException, IOException {
- //parse cli args. Should be replaced with some cli parsing library code in the future.
- boolean genKeys = false;
- int genAmount = 0;
- boolean testAll = false;
- if (args.length > 0) {
- for (int i = 0; i < args.length; i++) {
- if (args[i].equals("-g")) {
- genKeys = true;
- if (args.length >= i + 1) {
- try {
- genAmount = Integer.parseInt(args[i + 1]);
- }catch (NumberFormatException ignored) {
- //is another param, genAmount = 0 by default
- genAmount = 0;
- }
+ private void testSupportECF2m(short keyLength) throws Exception {
+ testSupportECGivenAlg(keyLength, KeyPair.ALG_EC_F2M);
+ }
- }
- } else if (args[i].equals("-a")) {
- testAll = true;
- }
- }
+ private void testSupportECAll(boolean testFp, boolean testF2m) throws Exception {
+ if (testFp) {
+ testSupportECFp((short) 128);
+ testSupportECFp((short) 192);
+ testSupportECFp((short) 224);
+ testSupportECFp((short) 256);
+ testSupportECFp((short) 384);
+ testSupportECFp((short) 521);
}
- //by default do the test
- if (!genKeys && !testAll) {
- testAll = true;
+ if (testF2m) {
+ testSupportECF2m((short) 113);
+ testSupportECF2m((short) 131);
+ testSupportECF2m((short) 163);
+ testSupportECF2m((short) 193);
}
+ }
+ private void generateECKeys(int amount, byte keyClass, short keyLength, boolean anomalous) throws Exception {
+ if (cardManager.ConnectToCardSelect()) {
+ cardManager.sendAPDU(SELECT_ECTESTERAPPLET);
- String logFileName = String.format("ECTESTER_log_%d.log", System.currentTimeMillis());
- FileOutputStream systemOutLogger = new FileOutputStream(logFileName);
- m_SystemOutLogger = new DirtyLogger(systemOutLogger, true);
-
- try {
- if (testAll) {
- //byte[] installData = new byte[10];
- //byte[] AID = {(byte) 0x4C, (byte) 0x61, (byte) 0x62, (byte) 0x61, (byte) 0x6B, (byte) 0x41, (byte) 0x70, (byte) 0x70, (byte) 0x6C, (byte) 0x65, (byte) 0x74};
- //cardManager.prepareLocalSimulatorApplet(AID, installData, SimpleECCApplet.class);
- if (cardManager.ConnectToCard()) {
-
- // Test all default curves for both fields
- testSupportECAll(cardManager);
-
- // Test setting invalid parameter B of curve
- byte[] testAPDU = Arrays.copyOf(TESTECSUPPORTALL_FP_KEYGEN_INVALIDCURVEB, TESTECSUPPORTALL_FP_KEYGEN_INVALIDCURVEB.length);
- testFPkeyGen_setCorruptionType(testAPDU, EC_Consts.CORRUPTION_ONEBYTERANDOM);
- testFPkeyGen_setNumRepeats(testAPDU, (short) 10);
- testFPkeyGen_rewindOnSuccess(testAPDU, true);
-
- ReconnnectToCard();
- ResponseAPDU resp_fp_keygen = cardManager.sendAPDU(testAPDU);
- ResponseAPDU resp_keygen_params = cardManager.sendAPDU(TESTECSUPPORTALL_LASTUSEDPARAMS);
- PrintECKeyGenInvalidCurveB(resp_fp_keygen);
- PrintECKeyGenInvalidCurveB_lastUserParams(resp_keygen_params);
-
- cardManager.DisconnectFromCard();
- } else {
- m_SystemOutLogger.println("Failed to connect to card");
+ String keyFileName = String.format("ECKEYS_%s_%d.log", keyClass == KeyPair.ALG_EC_FP ? "fp" : "f2m", System.currentTimeMillis());
+ FileOutputStream keysFile = new FileOutputStream(keyFileName);
+
+ String message = "index;time;pubW;privS\n";
+ keysFile.write(message.getBytes());
+ byte[] gatherKeyAPDU = Arrays.copyOf(TESTECSUPPORT_GENERATEECCKEY, TESTECSUPPORT_GENERATEECCKEY.length);
+ // Prepare keypair object
+ gatherKeyAPDU[ISO7816.OFFSET_P1] = SimpleECCApplet.P1_SETCURVE;
+ gatherKeyAPDU[GENERATEECKEY_ALG_OFFSET] = keyClass;
+ setShort(gatherKeyAPDU, GENERATEECKEY_KEYLENGTH_OFFSET, keyLength);
+ gatherKeyAPDU[GENERATEECKEY_ANOMALOUS_OFFSET] = anomalous ? (byte) 1 : (byte) 0;
+ ResponseAPDU respGather = cardManager.sendAPDU(gatherKeyAPDU);
+
+ // Generate new keypair
+ gatherKeyAPDU[ISO7816.OFFSET_P1] = SimpleECCApplet.P1_GENERATEKEYPAIR;
+ int counter = 0;
+ while (true) {
+ counter++;
+ long elapsed = -System.nanoTime();
+ respGather = cardManager.sendAPDU(gatherKeyAPDU);
+ elapsed += System.nanoTime();
+
+ byte[] data = respGather.getData();
+ int offset = 0;
+ String pubKeyW = "";
+ String privKeyS = "";
+ if (data[offset] == EC_Consts.TAG_ECPUBKEY) {
+ offset++;
+ short len = getShort(data, offset);
+ offset += 2;
+ pubKeyW = CardMngr.bytesToHex(data, offset, len, false);
+ offset += len;
+ }
+ if (data[offset] == EC_Consts.TAG_ECPRIVKEY) {
+ offset++;
+ short len = getShort(data, offset);
+ offset += 2;
+ privKeyS = CardMngr.bytesToHex(data, offset, len, false);
+ offset += len;
}
- }
-
- if (genKeys) {
- // Gather large number of ECC keypairs
- if (cardManager.ConnectToCardSelect()) {
- cardManager.sendAPDU(SELECT_ECTESTERAPPLET);
-
- String keyFileName = String.format("ECKEYS_%d.log", System.currentTimeMillis());
- FileOutputStream keysFile = new FileOutputStream(keyFileName);
-
- String message = "index;time;pubW;privS\n";
- keysFile.write(message.getBytes());
- byte[] gatherKeyAPDU = Arrays.copyOf(TESTECSUPPORT_GENERATEECCKEY, TESTECSUPPORT_GENERATEECCKEY.length);
- // Prepare keypair object
- gatherKeyAPDU[ISO7816.OFFSET_P1] = SimpleECCApplet.P1_SETCURVE;
- setShort(gatherKeyAPDU, (short) 5, (short) 192); // ecc length
- ResponseAPDU respGather = cardManager.sendAPDU(gatherKeyAPDU);
-
- // Generate new keypair
- gatherKeyAPDU[ISO7816.OFFSET_P1] = SimpleECCApplet.P1_GENERATEKEYPAIR;
- int counter = 0;
- while (true) {
- counter++;
- long elapsed = -System.nanoTime();
- respGather = cardManager.sendAPDU(gatherKeyAPDU);
- elapsed += System.nanoTime();
-
- byte[] data = respGather.getData();
- int offset = 0;
- String pubKeyW = "";
- String privKeyS = "";
- if (data[offset] == EC_Consts.TAG_ECPUBKEY) {
- offset++;
- short len = getShort(data, offset);
- offset += 2;
- pubKeyW = CardMngr.bytesToHex(data, offset, len, false);
- offset += len;
- }
- if (data[offset] == EC_Consts.TAG_ECPRIVKEY) {
- offset++;
- short len = getShort(data, offset);
- offset += 2;
- privKeyS = CardMngr.bytesToHex(data, offset, len, false);
- offset += len;
- }
- message = String.format("%d;%d;%s;%s\n", counter, elapsed / 1000000, pubKeyW, privKeyS);
- keysFile.write(message.getBytes());
+ message = String.format("%d;%d;%s;%s\n", counter, elapsed / 1000000, pubKeyW, privKeyS);
+ keysFile.write(message.getBytes());
- m_SystemOutLogger.flush();
- keysFile.flush();
+ this.systemOutLogger.flush();
+ keysFile.flush();
- //stop when we have enough keys, go on forever with 0
- if (counter >= genAmount && genAmount != 0)
- break;
- }
- }
+ //stop when we have enough keys, go on forever with 0
+ if (counter >= amount && amount != 0)
+ break;
}
-
-
- } catch (Exception ex) {
- m_SystemOutLogger.println("Exception : " + ex);
}
-
- systemOutLogger.close();
}
static String getPrintError(short code) {
@@ -278,12 +319,12 @@ public class SimpleAPDU {
MUST_FAIL
}
- static int VerifyPrintResult(String message, byte expectedTag, byte[] buffer, int bufferOffset, ExpResult expRes) {
+ private int VerifyPrintResult(String message, byte expectedTag, byte[] buffer, int bufferOffset, ExpResult expRes) {
if (bufferOffset >= buffer.length) {
- m_SystemOutLogger.println(" No more data returned");
+ systemOutLogger.println(" No more data returned");
} else {
if (buffer[bufferOffset] != expectedTag) {
- m_SystemOutLogger.println(" ERROR: mismatched tag");
+ systemOutLogger.println(" ERROR: mismatched tag");
assert (buffer[bufferOffset] == expectedTag);
}
bufferOffset++;
@@ -298,22 +339,21 @@ public class SimpleAPDU {
bHiglight = true;
}
if (bHiglight) {
- m_SystemOutLogger.println(String.format("!! %-50s%s", message, getPrintError(resCode)));
+ systemOutLogger.println(String.format("!! %-53s%s", message, getPrintError(resCode)));
} else {
- m_SystemOutLogger.println(String.format(" %-50s%s", message, getPrintError(resCode)));
+ systemOutLogger.println(String.format(" %-53s%s", message, getPrintError(resCode)));
}
}
return bufferOffset;
}
- static void PrintECSupport(ResponseAPDU resp) {
+ private void PrintECSupport(ResponseAPDU resp) {
PrintECSupport(resp.getData());
}
- static void PrintECSupport(byte[] buffer) {
-
- m_SystemOutLogger.println();
- m_SystemOutLogger.println("### Test for support and with valid and invalid EC curves");
+ private void PrintECSupport(byte[] buffer) {
+ systemOutLogger.println();
+ systemOutLogger.println("### Test for support and with valid and invalid EC curves");
int bufferOffset = 0;
while (bufferOffset < buffer.length) {
assert (buffer[bufferOffset] == SimpleECCApplet.ECTEST_SEPARATOR);
@@ -325,10 +365,10 @@ public class SimpleAPDU {
if (buffer[bufferOffset] == KeyPair.ALG_EC_F2M) {
ecType = "ALG_EC_F2M";
}
- m_SystemOutLogger.println(String.format("%-53s%s", "EC type:", ecType));
+ systemOutLogger.println(String.format("%-56s%s", "EC type:", ecType));
bufferOffset++;
short keyLen = getShort(buffer, bufferOffset);
- m_SystemOutLogger.println(String.format("%-53s%d bits", "EC key length (bits):", keyLen));
+ systemOutLogger.println(String.format("%-56s%d bits", "EC key length (bits):", keyLen));
bufferOffset += 2;
bufferOffset = VerifyPrintResult("KeyPair object allocation:", SimpleECCApplet.ECTEST_ALLOCATE_KEYPAIR, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED);
@@ -346,18 +386,17 @@ public class SimpleAPDU {
bufferOffset = VerifyPrintResult("Set invalid field (may fail):", SimpleECCApplet.ECTEST_SET_INVALIDFIELD, buffer, bufferOffset, ExpResult.MAY_FAIL);
bufferOffset = VerifyPrintResult("Generate key with invalid field (fail si good):", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_INVALIDFIELD, buffer, bufferOffset, ExpResult.MUST_FAIL);
- m_SystemOutLogger.println();
+ systemOutLogger.println();
}
}
- static void PrintECKeyGenInvalidCurveB(ResponseAPDU resp) {
+ private void PrintECKeyGenInvalidCurveB(ResponseAPDU resp) {
PrintECKeyGenInvalidCurveB(resp.getData());
}
- static void PrintECKeyGenInvalidCurveB(byte[] buffer) {
-
- m_SystemOutLogger.println();
- m_SystemOutLogger.println("### Test for computation with invalid parameter B for EC curve");
+ private void PrintECKeyGenInvalidCurveB(byte[] buffer) {
+ systemOutLogger.println();
+ systemOutLogger.println("### Test for computation with invalid parameter B for EC curve");
int bufferOffset = 0;
while (bufferOffset < buffer.length) {
assert (buffer[bufferOffset] == SimpleECCApplet.ECTEST_SEPARATOR);
@@ -369,15 +408,15 @@ public class SimpleAPDU {
if (buffer[bufferOffset] == KeyPair.ALG_EC_F2M) {
ecType = "ALG_EC_F2M";
}
- m_SystemOutLogger.println(String.format("%-53s%s", "EC type:", ecType));
+ systemOutLogger.println(String.format("%-53s%s", "EC type:", ecType));
bufferOffset++;
short keyLen = getShort(buffer, bufferOffset);
- m_SystemOutLogger.println(String.format("%-53s%d bits", "EC key length (bits):", keyLen));
+ systemOutLogger.println(String.format("%-53s%d bits", "EC key length (bits):", keyLen));
bufferOffset += 2;
short numRepeats = getShort(buffer, bufferOffset);
bufferOffset += 2;
- m_SystemOutLogger.println(String.format("%-53s%d times", "Executed repeats before unexpected error: ", numRepeats));
+ systemOutLogger.println(String.format("%-53s%d times", "Executed repeats before unexpected error: ", numRepeats));
bufferOffset = VerifyPrintResult("KeyPair object allocation:", SimpleECCApplet.ECTEST_ALLOCATE_KEYPAIR, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED);
while (bufferOffset < buffer.length) {
@@ -390,18 +429,22 @@ public class SimpleAPDU {
bufferOffset = VerifyPrintResult("Generate key with valid curve:", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED);
}
- m_SystemOutLogger.println();
+ systemOutLogger.println();
}
}
- static void PrintECKeyGenInvalidCurveB_lastUserParams(ResponseAPDU resp) {
+ private void PrintECKeyGenInvalidCurveB_lastUserParams(ResponseAPDU resp) {
byte[] buffer = resp.getData();
short offset = 0;
- m_SystemOutLogger.print("Last used value of B: ");
+ systemOutLogger.print("Last used value of B: ");
while (offset < buffer.length) {
- m_SystemOutLogger.print(String.format("%x ", buffer[offset]));
+ systemOutLogger.print(String.format("%x ", buffer[offset]));
offset++;
}
+ }
+ public static void main(String[] args) throws FileNotFoundException, IOException {
+ SimpleAPDU app = new SimpleAPDU();
+ app.run(args);
}
}
--
cgit v1.2.3-70-g09d2
From da1ee8381f2f7eaf1cfcd4941ec9f95287435625 Mon Sep 17 00:00:00 2001
From: J08nY
Date: Sun, 11 Dec 2016 14:20:00 +0100
Subject: Fixed some issues with errors in key generation, and their
propagation
---
!uploader/simpleECC.cap | Bin 18296 -> 18330 bytes
dist/SimpleAPDU.jar | Bin 470966 -> 471079 bytes
src/applets/ECKeyGenerator.java | 8 ++---
src/applets/SimpleECCApplet.java | 63 ++++++++++++++++++++-------------------
src/simpleapdu/SimpleAPDU.java | 11 +++++++
5 files changed, 47 insertions(+), 35 deletions(-)
(limited to 'src/applets/ECKeyGenerator.java')
diff --git a/!uploader/simpleECC.cap b/!uploader/simpleECC.cap
index 52fef17..886ce88 100644
Binary files a/!uploader/simpleECC.cap and b/!uploader/simpleECC.cap differ
diff --git a/dist/SimpleAPDU.jar b/dist/SimpleAPDU.jar
index 1e96259..be5599a 100644
Binary files a/dist/SimpleAPDU.jar and b/dist/SimpleAPDU.jar differ
diff --git a/src/applets/ECKeyGenerator.java b/src/applets/ECKeyGenerator.java
index 491cd86..2eb5679 100644
--- a/src/applets/ECKeyGenerator.java
+++ b/src/applets/ECKeyGenerator.java
@@ -215,8 +215,8 @@ public class ECKeyGenerator {
public short exportParameter(byte key, short param, byte[] outputBuffer, short outputOffset) {
if (key == KEY_BOTH) {
- return -1;
- }//TODO: change error handling.
+ ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
+ }
short length = 0;
try {
switch (param) {
@@ -255,9 +255,9 @@ public class ECKeyGenerator {
ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
}
} catch (CryptoException ce) {
- length = -1;
+ ISOException.throwIt(ce.getReason());
} catch (Exception e) {
- length = -1;
+ ISOException.throwIt(ISO7816.SW_UNKNOWN);
}
return length;
}
diff --git a/src/applets/SimpleECCApplet.java b/src/applets/SimpleECCApplet.java
index ecdfa4e..a56250c 100644
--- a/src/applets/SimpleECCApplet.java
+++ b/src/applets/SimpleECCApplet.java
@@ -14,22 +14,22 @@ public class SimpleECCApplet extends Applet {
final static byte CLA_SIMPLEECCAPPLET = (byte) 0xB0;
// INSTRUCTIONS
- final static byte INS_GENERATEKEY = (byte) 0x5a;
- final static byte INS_ALLOCATEKEYPAIRS = (byte) 0x5b;
-
- final static byte INS_ALLOCATEKEYPAIR = (byte) 0x5c;
- final static byte INS_DERIVEECDHSECRET = (byte) 0x5d;
-
- final static byte INS_TESTECSUPPORTALL_FP = (byte) 0x5e;
- final static byte INS_TESTECSUPPORTALL_F2M = (byte) 0x5f;
- final static byte INS_TESTEC_GENERATEINVALID_FP = (byte) 0x70;
- final static byte INS_TESTECSUPPORT_GIVENALG = (byte) 0x71;
- final static byte INS_TESTECSUPPORT_EXTERNAL = (byte) 0x72;
- final static byte INS_TESTEC_LASTUSEDPARAMS = (byte) 0x40;
-
-
- public final static byte P1_SETCURVE = (byte) 0x01;
- public final static byte P1_GENERATEKEYPAIR = (byte) 0x02;
+ final static byte INS_GENERATEKEY = (byte) 0x5a;
+ final static byte INS_ALLOCATEKEYPAIRS = (byte) 0x5b;
+
+ final static byte INS_ALLOCATEKEYPAIR = (byte) 0x5c;
+ final static byte INS_DERIVEECDHSECRET = (byte) 0x5d;
+
+ final static byte INS_TESTECSUPPORTALL_FP = (byte) 0x5e;
+ final static byte INS_TESTECSUPPORTALL_F2M = (byte) 0x5f;
+ final static byte INS_TESTEC_GENERATEINVALID_FP = (byte) 0x70;
+ final static byte INS_TESTECSUPPORT_GIVENALG = (byte) 0x71;
+ final static byte INS_TESTECSUPPORT_EXTERNAL = (byte) 0x72;
+ final static byte INS_TESTEC_LASTUSEDPARAMS = (byte) 0x40;
+
+
+ public final static byte P1_SETCURVE = (byte) 0x01;
+ public final static byte P1_GENERATEKEYPAIR = (byte) 0x02;
final static short ARRAY_LENGTH = (short) 0xff;
@@ -213,11 +213,11 @@ public class SimpleECCApplet extends Applet {
case INS_ALLOCATEKEYPAIRS:
AllocateKeyPairs(apdu);
break;
-*/
+*/
case INS_GENERATEKEY:
GenerateAndReturnKey(apdu);
break;
- default :
+ default:
// The INS code is not supported by the dispatcher
ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
break;
@@ -393,7 +393,7 @@ public class SimpleECCApplet extends Applet {
bufferOffset++;
sw = SW_SKIPPED;
if ((testFlags & FLAG_ECTEST_ECDH_AGREEMENT_SMALL_DEGREE_POINT) != (short) 0) {
- short pubLength = EC_Consts.getCurveParameter(EC_Consts.getAnomalousCurve(keyClass,keyLen), EC_Consts.PARAMETER_W, m_ramArray, (short) 0);
+ short pubLength = EC_Consts.getCurveParameter(EC_Consts.getAnomalousCurve(keyClass, keyLen), EC_Consts.PARAMETER_W, m_ramArray, (short) 0);
ecPrivKey = ecKeyGenerator.getPrivateKey();
sw = ecKeyTester.testECDH(ecPrivKey, m_ramArray, (short) 0, pubLength, m_ramArray2, (short) 1);
}
@@ -718,7 +718,6 @@ public class SimpleECCApplet extends Applet {
bufferOffset += 2;
-
//
// 2. Set invalid custom curve (many times)
//
@@ -919,23 +918,23 @@ public class SimpleECCApplet extends Applet {
short offset = ISO7816.OFFSET_CDATA;
byte keyClass = apdubuf[offset];
offset++;
-
+
short keyLength = Util.getShort(apdubuf, offset);
- offset+=2;
+ offset += 2;
byte anomalous = apdubuf[offset];
offset = 0;
-
+
switch (apdubuf[ISO7816.OFFSET_P1]) {
case P1_SETCURVE: {
ecKeyGenerator.allocatePair(keyClass, keyLength);
- if(anomalous != 0) {
+
+ if (anomalous != 0) {
ecKeyGenerator.setCustomAnomalousCurve(keyClass, keyLength, m_ramArray, (short) 0);
} else {
ecKeyGenerator.setCustomCurve(keyClass, keyLength, m_ramArray, (short) 0);
}
-
ecKeyGenerator.generatePair();
ecPubKey = ecKeyGenerator.getPublicKey();
ecPrivKey = ecKeyGenerator.getPrivateKey();
@@ -943,7 +942,10 @@ public class SimpleECCApplet extends Applet {
}
case P1_GENERATEKEYPAIR: {
// Assumption: proper EC keyPair is already allocated and initialized
- ecKeyGenerator.generatePair();
+ short sw = ecKeyGenerator.generatePair();
+ if (sw != ISO7816.SW_NO_ERROR) {
+ ISOException.throwIt(sw);
+ }
ecPubKey = ecKeyGenerator.getPublicKey();
ecPrivKey = ecKeyGenerator.getPrivateKey();
@@ -951,19 +953,18 @@ public class SimpleECCApplet extends Applet {
apdubuf[offset] = EC_Consts.TAG_ECPUBKEY;
offset++;
offset += 2; // reserve space for length
- short len = ecPubKey.getW(apdubuf, offset);
+ short len = ecKeyGenerator.exportParameter(ECKeyGenerator.KEY_PUBLIC, EC_Consts.PARAMETER_W, apdubuf, offset);
Util.setShort(apdubuf, (short) (offset - 2), len);
offset += len;
apdubuf[offset] = EC_Consts.TAG_ECPRIVKEY;
offset++;
offset += 2; // reserve space for length
- len = ecPrivKey.getS(apdubuf, offset);
+ len = ecKeyGenerator.exportParameter(ECKeyGenerator.KEY_PRIVATE, EC_Consts.PARAMETER_S, apdubuf, offset);
Util.setShort(apdubuf, (short) (offset - 2), len);
offset += len;
-
break;
}
- default:
+ default:
ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
}
@@ -1019,7 +1020,7 @@ public class SimpleECCApplet extends Applet {
}
-*/
+*/
}
diff --git a/src/simpleapdu/SimpleAPDU.java b/src/simpleapdu/SimpleAPDU.java
index 241ef4c..4f291f0 100644
--- a/src/simpleapdu/SimpleAPDU.java
+++ b/src/simpleapdu/SimpleAPDU.java
@@ -234,7 +234,13 @@ public class SimpleAPDU {
gatherKeyAPDU[GENERATEECKEY_ALG_OFFSET] = keyClass;
setShort(gatherKeyAPDU, GENERATEECKEY_KEYLENGTH_OFFSET, keyLength);
gatherKeyAPDU[GENERATEECKEY_ANOMALOUS_OFFSET] = anomalous ? (byte) 1 : (byte) 0;
+
ResponseAPDU respGather = cardManager.sendAPDU(gatherKeyAPDU);
+ if (respGather.getSW() != ISO7816.SW_NO_ERROR) {
+ systemOutLogger.println(String.format("Card error: %x", respGather.getSW()));
+ keysFile.close();
+ return;
+ }
// Generate new keypair
gatherKeyAPDU[ISO7816.OFFSET_P1] = SimpleECCApplet.P1_GENERATEKEYPAIR;
@@ -245,6 +251,10 @@ public class SimpleAPDU {
respGather = cardManager.sendAPDU(gatherKeyAPDU);
elapsed += System.nanoTime();
+ if (respGather.getSW() != ISO7816.SW_NO_ERROR) {
+ systemOutLogger.println(String.format("Card error: %x", respGather.getSW()));
+ break;
+ }
byte[] data = respGather.getData();
int offset = 0;
String pubKeyW = "";
@@ -274,6 +284,7 @@ public class SimpleAPDU {
if (counter >= amount && amount != 0)
break;
}
+ keysFile.close();
}
}
--
cgit v1.2.3-70-g09d2