From b4d72715e7d770b4925fef70a192665744a6273d Mon Sep 17 00:00:00 2001 From: J08nY Date: Sun, 30 Oct 2016 17:58:27 +0100 Subject: EC_Consts: added F2M curve support, + F2M curve sect163r1 to start --- src/applets/SimpleECCApplet.java | 699 ++++++++++++++------------------------- 1 file changed, 250 insertions(+), 449 deletions(-) (limited to 'src/applets/SimpleECCApplet.java') diff --git a/src/applets/SimpleECCApplet.java b/src/applets/SimpleECCApplet.java index 720ee4e..79abd0e 100644 --- a/src/applets/SimpleECCApplet.java +++ b/src/applets/SimpleECCApplet.java @@ -6,97 +6,85 @@ package applets; import javacard.framework.*; import javacard.security.*; -import javacardx.crypto.*; -public class SimpleECCApplet extends javacard.framework.Applet -{ +import javax.print.attribute.standard.MediaSize; + +public class SimpleECCApplet extends javacard.framework.Applet { // MAIN INSTRUCTION CLASS - final static byte CLA_SIMPLEECCAPPLET = (byte) 0xB0; + final static byte CLA_SIMPLEECCAPPLET = (byte) 0xB0; // INSTRUCTIONS - final static byte INS_GENERATEKEY = (byte) 0x5a; - final static byte INS_ALLOCATEKEYPAIRS = (byte) 0x5b; - - final static byte INS_ALLOCATEKEYPAIR = (byte) 0x5c; - final static byte INS_DERIVEECDHSECRET = (byte) 0x5d; - - final static byte INS_TESTECSUPPORTALL_FP = (byte) 0x5e; - final static byte INS_TESTECSUPPORTALL_F2M = (byte) 0x5f; - final static byte INS_TESTEC_GENERATEINVALID_FP = (byte) 0x70; - final static byte INS_TESTECSUPPORT_GIVENALG = (byte) 0x71; - final static byte INS_TESTEC_LASTUSEDPARAMS = (byte) 0x40; - - - + final static byte INS_GENERATEKEY = (byte) 0x5a; + final static byte INS_ALLOCATEKEYPAIRS = (byte) 0x5b; + + final static byte INS_ALLOCATEKEYPAIR = (byte) 0x5c; + final static byte INS_DERIVEECDHSECRET = (byte) 0x5d; - final static short ARRAY_LENGTH = (short) 0xff; - final static byte AES_BLOCK_LENGTH = (short) 0x16; + final static byte INS_TESTECSUPPORTALL_FP = (byte) 0x5e; + final static byte INS_TESTECSUPPORTALL_F2M = (byte) 0x5f; + final static byte INS_TESTEC_GENERATEINVALID_FP = (byte) 0x70; + final static byte INS_TESTECSUPPORT_GIVENALG = (byte) 0x71; + final static byte INS_TESTEC_LASTUSEDPARAMS = (byte) 0x40; + + + final static short ARRAY_LENGTH = (short) 0xff; + final static byte AES_BLOCK_LENGTH = (short) 0x16; final static short EC_LENGTH_BITS = KeyBuilder.LENGTH_EC_FP_192; //final static short EC_LENGTH_BITS = KeyBuilder.LENGTH_EC_FP_160; //final static short EC_LENGTH_BITS = (short) 256; - - public final static byte ECTEST_SEPARATOR = (byte) 0xff; - public final static byte ECTEST_ALLOCATE_KEYPAIR = (byte) 0xc1; - public final static byte ECTEST_GENERATE_KEYPAIR_DEFCURVE = (byte) 0xc2; - public final static byte ECTEST_SET_VALIDCURVE = (byte) 0xc3; + + public final static byte ECTEST_SEPARATOR = (byte) 0xff; + public final static byte ECTEST_ALLOCATE_KEYPAIR = (byte) 0xc1; + public final static byte ECTEST_GENERATE_KEYPAIR_DEFCURVE = (byte) 0xc2; + public final static byte ECTEST_SET_VALIDCURVE = (byte) 0xc3; public final static byte ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE = (byte) 0xc4; - public final static byte ECTEST_SET_INVALIDCURVE = (byte) 0xc5; + public final static byte ECTEST_SET_INVALIDCURVE = (byte) 0xc5; public final static byte ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE = (byte) 0xc6; public final static byte ECTEST_ECDH_AGREEMENT_VALID_POINT = (byte) 0xc7; public final static byte ECTEST_ECDH_AGREEMENT_INVALID_POINT = (byte) 0xc8; public final static byte ECTEST_EXECUTED_REPEATS = (byte) 0xc9; public final static byte ECTEST_DH_GENERATESECRET = (byte) 0xca; - public final static short FLAG_ECTEST_ALLOCATE_KEYPAIR = (short) 0x0001; + public final static short FLAG_ECTEST_ALLOCATE_KEYPAIR = (short) 0x0001; public final static short FLAG_ECTEST_GENERATE_KEYPAIR_DEFCURVE = (short) 0x0002; - public final static short FLAG_ECTEST_SET_VALIDCURVE = (short) 0x0004; + public final static short FLAG_ECTEST_SET_VALIDCURVE = (short) 0x0004; public final static short FLAG_ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE = (short) 0x0008; - public final static short FLAG_ECTEST_SET_INVALIDCURVE = (short) 0x0010; + public final static short FLAG_ECTEST_SET_INVALIDCURVE = (short) 0x0010; public final static short FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE = (short) 0x0020; public final static short FLAG_ECTEST_ECDH_AGREEMENT_VALID_POINT = (short) 0x0040; public final static short FLAG_ECTEST_ECDH_AGREEMENT_INVALID_POINT = (short) 0x0080; - + public final static short FLAG_ECTEST_ALL = (short) 0x00ff; - - public final static short CORRUPT_B_FULLRANDOM = (short) 0x0001; - public final static short CORRUPT_B_ONEBYTERANDOM = (short) 0x0002; - public final static short CORRUPT_B_LASTBYTEINCREMENT = (short) 0x0003; - - - + + public final static short SW_SKIPPED = (short) 0x0ee1; public final static short SW_KEYPAIR_GENERATED_INVALID = (short) 0x0ee2; public final static short SW_INVALID_CORRUPTION_TYPE = (short) 0x0ee3; -/* + /* + public static final byte[] EC192_FP_PUBLICW = new byte[]{ + (byte) 0x04, (byte) 0xC9, (byte) 0xC0, (byte) 0xED, (byte) 0xFB, (byte) 0x27, + (byte) 0xB7, (byte) 0x1E, (byte) 0xBE, (byte) 0x30, (byte) 0x93, (byte) 0xFC, + (byte) 0x4F, (byte) 0x33, (byte) 0x76, (byte) 0x38, (byte) 0xCE, (byte) 0xE0, + (byte) 0x2F, (byte) 0x78, (byte) 0xF6, (byte) 0x3C, (byte) 0xEA, (byte) 0x90, + (byte) 0x22, (byte) 0x61, (byte) 0x32, (byte) 0x8E, (byte) 0x9F, (byte) 0x03, + (byte) 0x8A, (byte) 0xFD, (byte) 0x60, (byte) 0xA0, (byte) 0xCE, (byte) 0x01, + (byte) 0x9B, (byte) 0x76, (byte) 0x34, (byte) 0x59, (byte) 0x79, (byte) 0x64, + (byte) 0xD7, (byte) 0x79, (byte) 0x8E, (byte) 0x3B, (byte) 0x16, (byte) 0xD5, + (byte) 0x15}; + */ public static final byte[] EC192_FP_PUBLICW = new byte[]{ - (byte) 0x04, (byte) 0xC9, (byte) 0xC0, (byte) 0xED, (byte) 0xFB, (byte) 0x27, - (byte) 0xB7, (byte) 0x1E, (byte) 0xBE, (byte) 0x30, (byte) 0x93, (byte) 0xFC, - (byte) 0x4F, (byte) 0x33, (byte) 0x76, (byte) 0x38, (byte) 0xCE, (byte) 0xE0, - (byte) 0x2F, (byte) 0x78, (byte) 0xF6, (byte) 0x3C, (byte) 0xEA, (byte) 0x90, - (byte) 0x22, (byte) 0x61, (byte) 0x32, (byte) 0x8E, (byte) 0x9F, (byte) 0x03, - (byte) 0x8A, (byte) 0xFD, (byte) 0x60, (byte) 0xA0, (byte) 0xCE, (byte) 0x01, - (byte) 0x9B, (byte) 0x76, (byte) 0x34, (byte) 0x59, (byte) 0x79, (byte) 0x64, - (byte) 0xD7, (byte) 0x79, (byte) 0x8E, (byte) 0x3B, (byte) 0x16, (byte) 0xD5, - (byte) 0x15}; - */ - public static final byte[] EC192_FP_PUBLICW = new byte[]{ - (byte) 0x04, - (byte) 0x9d, (byte) 0x42, (byte) 0x76, (byte) 0x9d, (byte) 0xfd, (byte) 0xbe, - (byte) 0x11, (byte) 0x3a, (byte) 0x85, (byte) 0x1b, (byte) 0xb6, (byte) 0xb0, - (byte) 0x1b, (byte) 0x1a, (byte) 0x51, (byte) 0x5d, (byte) 0x89, (byte) 0x3b, - (byte) 0x5a, (byte) 0xdb, (byte) 0xc1, (byte) 0xf6, (byte) 0x13, (byte) 0x29, - (byte) 0x74, (byte) 0x74, (byte) 0x9a, (byte) 0xc0, (byte) 0x96, (byte) 0x7a, - (byte) 0x8f, (byte) 0xf4, (byte) 0xcc, (byte) 0x54, (byte) 0xd9, (byte) 0x31, - (byte) 0x87, (byte) 0x60, (byte) 0x2d, (byte) 0xd6, (byte) 0x7e, (byte) 0xb3, - (byte) 0xd2, (byte) 0x29, (byte) 0x70a, (byte) 0xca, (byte) 0x2ca}; - - - private KeyPair ecKeyPair = null; - private KeyPair ecKeyPair128 = null; - private KeyPair ecKeyPair160 = null; - private KeyPair ecKeyPair192 = null; - private KeyPair ecKeyPair256 = null; + (byte) 0x04, + (byte) 0x9d, (byte) 0x42, (byte) 0x76, (byte) 0x9d, (byte) 0xfd, (byte) 0xbe, + (byte) 0x11, (byte) 0x3a, (byte) 0x85, (byte) 0x1b, (byte) 0xb6, (byte) 0xb0, + (byte) 0x1b, (byte) 0x1a, (byte) 0x51, (byte) 0x5d, (byte) 0x89, (byte) 0x3b, + (byte) 0x5a, (byte) 0xdb, (byte) 0xc1, (byte) 0xf6, (byte) 0x13, (byte) 0x29, + (byte) 0x74, (byte) 0x74, (byte) 0x9a, (byte) 0xc0, (byte) 0x96, (byte) 0x7a, + (byte) 0x8f, (byte) 0xf4, (byte) 0xcc, (byte) 0x54, (byte) 0xd9, (byte) 0x31, + (byte) 0x87, (byte) 0x60, (byte) 0x2d, (byte) 0xd6, (byte) 0x7e, (byte) 0xb3, + (byte) 0xd2, (byte) 0x29, (byte) 0x70a, (byte) 0xca, (byte) 0x2ca}; + + private ECPublicKey ecPubKey = null; private ECPublicKey ecPubKey128 = null; private ECPublicKey ecPubKey160 = null; @@ -107,56 +95,66 @@ public class SimpleECCApplet extends javacard.framework.Applet private ECPrivateKey ecPrivKey160 = null; private ECPrivateKey ecPrivKey192 = null; private ECPrivateKey ecPrivKey256 = null; - + + private ECKeyGenerator ecKeyGenerator = null; + private ECKeyTester ecKeyTester = null; + private KeyAgreement dhKeyAgreement = null; private RandomData randomData = null; - + // TEMPORARRY ARRAY IN RAM private byte m_ramArray[] = null; private byte m_ramArray2[] = null; // PERSISTENT ARRAY IN EEPROM - private byte m_dataArray[] = null; - - short m_lenB = 0; + private byte m_dataArray[] = null; + + short m_lenB = 0; protected SimpleECCApplet(byte[] buffer, short offset, byte length) { short dataOffset = offset; - if(length > 9) { + if (length > 9) { // shift to privilege offset - dataOffset += (short)( 1 + buffer[offset]); + dataOffset += (short) (1 + buffer[offset]); // finally shift to Application specific offset - dataOffset += (short)( 1 + buffer[dataOffset]); + dataOffset += (short) (1 + buffer[dataOffset]); // go to proprietary data dataOffset++; m_ramArray = JCSystem.makeTransientByteArray(ARRAY_LENGTH, JCSystem.CLEAR_ON_RESET); m_ramArray2 = JCSystem.makeTransientByteArray(ARRAY_LENGTH, JCSystem.CLEAR_ON_RESET); - + m_dataArray = new byte[ARRAY_LENGTH]; Util.arrayFillNonAtomic(m_dataArray, (short) 0, ARRAY_LENGTH, (byte) 0); - + randomData = RandomData.getInstance(RandomData.ALG_SECURE_RANDOM); - } + EC_Consts.m_random = randomData; + + ecKeyGenerator = new ECKeyGenerator(); + ecKeyTester = new ECKeyTester(); + ecKeyTester.allocateECDH(); + ecKeyTester.allocateECDHC(); + ecKeyTester.allocateECDSA(); + + } register(); } public static void install(byte[] bArray, short bOffset, byte bLength) throws ISOException { // applet instance creation - new SimpleECCApplet (bArray, bOffset, bLength); + new SimpleECCApplet(bArray, bOffset, bLength); } public boolean select() { - return true; + return true; } public void deselect() { return; } - public void process(APDU apdu) throws ISOException - { + public void process(APDU apdu) throws ISOException { // get the APDU buffer byte[] apduBuffer = apdu.getBuffer(); @@ -165,8 +163,8 @@ public class SimpleECCApplet extends javacard.framework.Applet return; if (apduBuffer[ISO7816.OFFSET_CLA] == CLA_SIMPLEECCAPPLET) { - switch ( apduBuffer[ISO7816.OFFSET_INS] ) { - + switch (apduBuffer[ISO7816.OFFSET_INS]) { + case INS_TESTECSUPPORT_GIVENALG: TestEC_SupportGivenLength(apdu); break; @@ -177,7 +175,7 @@ public class SimpleECCApplet extends javacard.framework.Applet TestEC_F2M_SupportAllLengths(apdu); break; case INS_ALLOCATEKEYPAIR: - AllocateKeyPairReturnDefCourve(apdu); + AllocateKeyPairReturnDefCurve(apdu); break; case INS_DERIVEECDHSECRET: DeriveECDHSecret(apdu); @@ -185,7 +183,7 @@ public class SimpleECCApplet extends javacard.framework.Applet case INS_TESTEC_GENERATEINVALID_FP: TestEC_FP_GenerateInvalidCurve(apdu); break; - case INS_TESTEC_LASTUSEDPARAMS: + case INS_TESTEC_LASTUSEDPARAMS: TestECSupportInvalidCurve_lastUsedParams(apdu); break; /* @@ -195,264 +193,171 @@ public class SimpleECCApplet extends javacard.framework.Applet case INS_GENERATEKEY: GenerateKey(apdu); break; -*/ - default : +*/ + default: // The INS code is not supported by the dispatcher - ISOException.throwIt( ISO7816.SW_INS_NOT_SUPPORTED ) ; - break ; + ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED); + break; } - } - else ISOException.throwIt( ISO7816.SW_CLA_NOT_SUPPORTED); + } else ISOException.throwIt(ISO7816.SW_CLA_NOT_SUPPORTED); } - + short TestECSupport(byte keyClass, short keyLen, byte[] buffer, short bufferOffset) { short baseOffset = bufferOffset; - + short testFlags = FLAG_ECTEST_ALL; - ecKeyPair = null; ecPubKey = null; ecPrivKey = null; - - buffer[bufferOffset] = ECTEST_SEPARATOR; bufferOffset++; - buffer[bufferOffset] = keyClass; bufferOffset++; - Util.setShort(buffer, bufferOffset, keyLen); bufferOffset += 2; - + + buffer[bufferOffset] = ECTEST_SEPARATOR; + bufferOffset++; + buffer[bufferOffset] = keyClass; + bufferOffset++; + Util.setShort(buffer, bufferOffset, keyLen); + bufferOffset += 2; + + short sw; + // // 1. Allocate KeyPair object // - buffer[bufferOffset] = ECTEST_ALLOCATE_KEYPAIR; bufferOffset++; + buffer[bufferOffset] = ECTEST_ALLOCATE_KEYPAIR; + bufferOffset++; + sw = SW_SKIPPED; if ((testFlags & FLAG_ECTEST_ALLOCATE_KEYPAIR) != (short) 0) { - try { - ecKeyPair = new KeyPair(keyClass, keyLen); - Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR); bufferOffset += 2; - } - catch (CryptoException e) { - Util.setShort(buffer, bufferOffset, e.getReason()); bufferOffset += 2; - testFlags = 0; // Can't continue if keypair was not allocated - } - catch (Exception e) { - Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN); - bufferOffset += 2; - testFlags = 0; // Can't continue if keypair was not allocated + sw = ecKeyGenerator.allocatePair(keyClass, keyLen); + + if (sw != ISO7816.SW_NO_ERROR) { + testFlags = 0; //keyPair allocation failed, cannot continue with tests } - } else { - Util.setShort(buffer, bufferOffset, SW_SKIPPED); - bufferOffset += 2; - } + } + Util.setShort(buffer, bufferOffset, sw); + bufferOffset += 2; + // // 2. Test keypair generation without explicit curve (=> default curve preset) // buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_DEFCURVE; bufferOffset++; + sw = SW_SKIPPED; if ((testFlags & FLAG_ECTEST_GENERATE_KEYPAIR_DEFCURVE) != (short) 0) { - try { - ecKeyPair.genKeyPair(); - Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR); - bufferOffset += 2; - } catch (CryptoException e) { - Util.setShort(buffer, bufferOffset, e.getReason()); - bufferOffset += 2; - } - catch (Exception e) { - Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN); - bufferOffset += 2; - } - } else { - Util.setShort(buffer, bufferOffset, SW_SKIPPED); - bufferOffset += 2; + sw = ecKeyGenerator.generatePair(); } + Util.setShort(buffer, bufferOffset, sw); + bufferOffset += 2; // // 3. Set valid custom curve // buffer[bufferOffset] = ECTEST_SET_VALIDCURVE; bufferOffset++; + sw = SW_SKIPPED; if ((testFlags & FLAG_ECTEST_SET_VALIDCURVE) != (short) 0) { - try { - ecPubKey = (ECPublicKey) ecKeyPair.getPublic(); - ecPrivKey = (ECPrivateKey) ecKeyPair.getPrivate(); - // Some implementation wil not return valid pub key until ecKeyPair.genKeyPair() is called - // Other implementation will fail with exception if same is called => try catch - try { - if (ecPubKey == null) { - ecKeyPair.genKeyPair(); - } - } catch (Exception e) {} // do intentionally nothing - - // Initialize curve parameters - EC_Consts.setValidECKeyParams(ecPubKey, ecPrivKey, keyClass, keyLen, m_ramArray); - Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR); - bufferOffset += 2; - } catch (CryptoException e) { - Util.setShort(buffer, bufferOffset, e.getReason()); - bufferOffset += 2; - testFlags &= ~FLAG_ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE; // Don't try generate keypair if valid custom curve was not set - } - catch (Exception e) { - Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN); - bufferOffset += 2; - testFlags &= ~FLAG_ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE; // Don't try generate keypair if valid custom curve was not set + sw = ecKeyGenerator.setCustomCurve(keyClass, keyLen, m_ramArray, (short) 0); + + if (sw != ISO7816.SW_NO_ERROR) { + testFlags &= ~FLAG_ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE; } - } else { - Util.setShort(buffer, bufferOffset, SW_SKIPPED); - bufferOffset += 2; } + Util.setShort(buffer, bufferOffset, sw); + bufferOffset += 2; // // 4. Generate keypair with custom curve // buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE; bufferOffset++; + sw = SW_SKIPPED; if ((testFlags & FLAG_ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE) != (short) 0) { - try { - ecKeyPair.genKeyPair(); - Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR); - bufferOffset += 2; - } catch (CryptoException e) { - Util.setShort(buffer, bufferOffset, e.getReason()); - bufferOffset += 2; - } catch (Exception e) { - Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN); - bufferOffset += 2; - } - } else { - Util.setShort(buffer, bufferOffset, SW_SKIPPED); - bufferOffset += 2; + sw = ecKeyGenerator.generatePair(); } - + Util.setShort(buffer, bufferOffset, sw); + bufferOffset += 2; + // // 5. ECDH agreement with valid public key // buffer[bufferOffset] = ECTEST_ECDH_AGREEMENT_VALID_POINT; bufferOffset++; + sw = SW_SKIPPED; if ((testFlags & FLAG_ECTEST_ECDH_AGREEMENT_VALID_POINT) != (short) 0) { - try { - // Generate fresh EC keypair - ecKeyPair.genKeyPair(); - ecPubKey = (ECPublicKey) ecKeyPair.getPublic(); - ecPrivKey = (ECPrivateKey) ecKeyPair.getPrivate(); - if (dhKeyAgreement == null) { - dhKeyAgreement = KeyAgreement.getInstance(KeyAgreement.ALG_EC_SVDP_DH, false); - } - dhKeyAgreement.init(ecPrivKey); - - short pubKeyLen = ecPubKey.getW(m_ramArray, (short) 0); - short secretLen = dhKeyAgreement.generateSecret(m_ramArray, (short) 0, pubKeyLen, m_ramArray2, (short) 0); - - Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR); - bufferOffset += 2; - } catch (CryptoException e) { - Util.setShort(buffer, bufferOffset, e.getReason()); - bufferOffset += 2; - } catch (Exception e) { - Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN); - bufferOffset += 2; + sw = ecKeyGenerator.generatePair(); + ecPubKey = ecKeyGenerator.getPublicKey(); + ecPrivKey = ecKeyGenerator.getPrivateKey(); + if (sw == ISO7816.SW_NO_ERROR) { + sw = ecKeyTester.testECDH_validPoint(ecPrivKey, ecPubKey, m_ramArray, (short) 0, m_ramArray2, (short) 1); } - } else { - Util.setShort(buffer, bufferOffset, SW_SKIPPED); - bufferOffset += 2; } - + Util.setShort(buffer, bufferOffset, sw); + bufferOffset += 2; + // // 6. ECDH agreement with invalid public key // buffer[bufferOffset] = ECTEST_ECDH_AGREEMENT_INVALID_POINT; bufferOffset++; + sw = SW_SKIPPED; if ((testFlags & FLAG_ECTEST_ECDH_AGREEMENT_INVALID_POINT) != (short) 0) { - try { - // Generate fresh EC keypair - ecKeyPair.genKeyPair(); - ecPubKey = (ECPublicKey) ecKeyPair.getPublic(); - ecPrivKey = (ECPrivateKey) ecKeyPair.getPrivate(); - dhKeyAgreement.init(ecPrivKey); - - short pubKeyLen = ecPubKey.getW(m_ramArray, (short) 0); - m_ramArray[(byte) 10] = (byte) 0xcc; // Corrupt public key - m_ramArray[(byte) 11] = (byte) 0xcc; - short secretLen = dhKeyAgreement.generateSecret(m_ramArray, (short) 0, pubKeyLen, m_ramArray2, (short) 0); - - Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR); - bufferOffset += 2; - } catch (CryptoException e) { - Util.setShort(buffer, bufferOffset, e.getReason()); - bufferOffset += 2; - } catch (Exception e) { - Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN); - bufferOffset += 2; + sw = ecKeyGenerator.generatePair(); + ecPubKey = ecKeyGenerator.getPublicKey(); + ecPrivKey = ecKeyGenerator.getPrivateKey(); + if (sw == ISO7816.SW_NO_ERROR) { + sw = ecKeyTester.testECDH_invalidPoint(ecPrivKey, ecPubKey, m_ramArray, (short) 0, m_ramArray2, (short) 1); } - } else { - Util.setShort(buffer, bufferOffset, SW_SKIPPED); - bufferOffset += 2; } - + Util.setShort(buffer, bufferOffset, sw); + bufferOffset += 2; + // // 7. Set invalid custom curve // buffer[bufferOffset] = ECTEST_SET_INVALIDCURVE; bufferOffset++; + sw = SW_SKIPPED; if ((testFlags & FLAG_ECTEST_SET_INVALIDCURVE) != (short) 0) { - try { - // Initialize curve parameters - EC_Consts.setInValidECKeyParams(ecPubKey, ecPrivKey, keyClass, keyLen, m_ramArray); - Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR); - bufferOffset += 2; - } catch (CryptoException e) { - Util.setShort(buffer, bufferOffset, e.getReason()); - bufferOffset += 2; - testFlags &= ~FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE; // Don't try generate keypair if invalid custom curve was not set - } catch (Exception e) { - Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN); - bufferOffset += 2; - testFlags &= ~FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE; // Don't try generate keypair if invalid custom curve was not set + sw = ecKeyGenerator.setCustomInvalidCurve(keyClass, keyLen, ECKeyGenerator.KEY_PUBLIC, EC_Consts.PARAMETER_B, EC_Consts.CORRUPTION_FIXED, m_ramArray, (short) 0); + + if (sw != ISO7816.SW_NO_ERROR) { + testFlags &= ~FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE; } - } else { - Util.setShort(buffer, bufferOffset, SW_SKIPPED); - bufferOffset += 2; } - + Util.setShort(buffer, bufferOffset, sw); + bufferOffset += 2; + // // 8. Generate keypair with invalid custom curve // buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE; bufferOffset++; + sw = SW_SKIPPED; if ((testFlags & FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE) != (short) 0) { - try { - ecKeyPair.genKeyPair(); - Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR); - bufferOffset += 2; - } catch (CryptoException e) { - Util.setShort(buffer, bufferOffset, e.getReason()); - bufferOffset += 2; - } catch (Exception e) { - Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN); - bufferOffset += 2; - } - } else { - Util.setShort(buffer, bufferOffset, SW_SKIPPED); - bufferOffset += 2; + sw = ecKeyGenerator.generatePair(); } + Util.setShort(buffer, bufferOffset, sw); + bufferOffset += 2; return (short) (bufferOffset - baseOffset); } - + void TestEC_SupportGivenLength(APDU apdu) { byte[] apdubuf = apdu.getBuffer(); short len = apdu.setIncomingAndReceive(); short dataOffset = ISO7816.OFFSET_CDATA; - byte algType = apdubuf[dataOffset]; dataOffset++; + byte algType = apdubuf[dataOffset]; + dataOffset++; short keyLength = Util.getShort(apdubuf, dataOffset); dataOffset += 2; dataOffset = 0; dataOffset += TestECSupport(algType, keyLength, apdubuf, dataOffset); - + apdu.setOutgoingAndSend((short) 0, dataOffset); } - + void TestEC_FP_SupportAllLengths(APDU apdu) { byte[] apdubuf = apdu.getBuffer(); short len = apdu.setIncomingAndReceive(); @@ -468,7 +373,8 @@ public class SimpleECCApplet extends javacard.framework.Applet dataOffset += TestECSupport(KeyPair.ALG_EC_FP, (short) 521, apdubuf, dataOffset); apdu.setOutgoingAndSend((short) 0, dataOffset); - } + } + void TestEC_F2M_SupportAllLengths(APDU apdu) { byte[] apdubuf = apdu.getBuffer(); short len = apdu.setIncomingAndReceive(); @@ -479,10 +385,10 @@ public class SimpleECCApplet extends javacard.framework.Applet dataOffset += TestECSupport(KeyPair.ALG_EC_F2M, (short) 131, apdubuf, dataOffset); dataOffset += TestECSupport(KeyPair.ALG_EC_F2M, (short) 163, apdubuf, dataOffset); dataOffset += TestECSupport(KeyPair.ALG_EC_F2M, (short) 193, apdubuf, dataOffset); - + apdu.setOutgoingAndSend((short) 0, dataOffset); } - + void TestEC_FP_GenerateInvalidCurve(APDU apdu) { byte[] apdubuf = apdu.getBuffer(); short len = apdu.setIncomingAndReceive(); @@ -494,7 +400,7 @@ public class SimpleECCApplet extends javacard.framework.Applet offset += 2; byte bRewindOnSuccess = apdubuf[offset]; offset++; - + short dataOffset = 0; // FP @@ -502,13 +408,12 @@ public class SimpleECCApplet extends javacard.framework.Applet apdu.setOutgoingAndSend((short) 0, dataOffset); } - + short TestECSupportInvalidCurve(byte keyClass, short keyLen, byte[] buffer, short bufferOffset, short repeats, short corruptionType, byte bRewindOnSuccess) { short baseOffset = bufferOffset; short testFlags = FLAG_ECTEST_ALL; - ecKeyPair = null; ecPubKey = null; ecPrivKey = null; @@ -518,53 +423,38 @@ public class SimpleECCApplet extends javacard.framework.Applet bufferOffset++; Util.setShort(buffer, bufferOffset, keyLen); bufferOffset += 2; - + short numExecutionsOffset = bufferOffset; // num executions to be stored later bufferOffset += 2; + short sw; + // // 1. Allocate KeyPair object // buffer[bufferOffset] = ECTEST_ALLOCATE_KEYPAIR; bufferOffset++; + sw = SW_SKIPPED; if ((testFlags & FLAG_ECTEST_ALLOCATE_KEYPAIR) != (short) 0) { - try { - ecKeyPair = new KeyPair(keyClass, keyLen); - ecPrivKey = (ECPrivateKey) ecKeyPair.getPrivate(); - ecPubKey = (ECPublicKey) ecKeyPair.getPublic(); - // Some implementation wil not return valid pub key until ecKeyPair.genKeyPair() is called - // Other implementation will fail with exception if same is called => try catch - try { - if (ecPubKey == null) { - ecKeyPair.genKeyPair(); - } - } catch (Exception e) { - } // do intentionally nothing - Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR); - bufferOffset += 2; - } catch (CryptoException e) { - Util.setShort(buffer, bufferOffset, e.getReason()); - bufferOffset += 2; - testFlags = 0; // Can't continue if keypair was not allocated - } catch (Exception e) { - Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN); - bufferOffset += 2; - testFlags = 0; // Can't continue if keypair was not allocated + sw = ecKeyGenerator.allocatePair(keyClass, keyLen); + if (sw == ISO7816.SW_NO_ERROR) { + ecPrivKey = ecKeyGenerator.getPrivateKey(); + ecPubKey = ecKeyGenerator.getPublicKey(); + } else { + testFlags = 0; } - } else { - Util.setShort(buffer, bufferOffset, SW_SKIPPED); - bufferOffset += 2; } + Util.setShort(buffer, bufferOffset, sw); + bufferOffset += 2; // // 2. Set invalid custom curve (many times) // - EC_Consts.m_random = randomData; - EC_Consts.setValidECKeyParams(ecPubKey, ecPrivKey, keyClass, keyLen, m_ramArray); + sw = ecKeyGenerator.setCustomCurve(keyClass, keyLen, m_ramArray, (short) 0); + ecPrivKey = ecKeyGenerator.getPrivateKey(); + ecPubKey = ecKeyGenerator.getPublicKey(); + - m_lenB = ecPubKey.getB(m_ramArray, (short) 0); // store valid B - Util.arrayCopyNonAtomic(m_ramArray, (short) 0, m_ramArray2, (short) 0, m_lenB); // also in m_ramArray2 - short startOffset = bufferOffset; short i; for (i = 0; i < repeats; i++) { @@ -572,41 +462,27 @@ public class SimpleECCApplet extends javacard.framework.Applet if (bRewindOnSuccess == 1) { // if nothing unexpected happened, rewind bufferOffset back again bufferOffset = startOffset; - } - - // Store valid curve B param - ecPubKey.getB(m_ramArray, (short) 0); // store valid B - Util.arrayCopyNonAtomic(m_ramArray, (short) 0, m_ramArray2, (short) 0, m_lenB); // also in m_ramArray2 + } // set invalid curve buffer[bufferOffset] = ECTEST_SET_INVALIDCURVE; bufferOffset++; - + // Supported types of invalid curve: - // 1. Completely random B - // 2. Valid B but with one random byte randomly changed - // 3. Valid B but with last byte incremented - switch (corruptionType) { - case CORRUPT_B_FULLRANDOM: - randomData.generateData(m_ramArray2, (short) 0, m_lenB); - break; - case CORRUPT_B_ONEBYTERANDOM: - // Copy valid B into m_ramArray2 - Util.arrayCopyNonAtomic(m_ramArray, (short) 0, m_ramArray2, (short) 0, m_lenB); - // Generate random position and one random byte for subsequent change - // Note - we are using same array m_ramArray2, but in area unsued by stored B - randomData.generateData(m_ramArray2, m_lenB, (short) 2); - - short rngPos = m_ramArray2[m_lenB]; // random position (within B) - if (rngPos < 0) { rngPos = (short) -rngPos; } // make it positive - rngPos %= m_lenB; - m_ramArray2[rngPos] = m_ramArray2[(short) (m_lenB + 1)]; // set random byte on random position - // Make sure its not the valid byte again - if (m_ramArray[rngPos] == m_ramArray2[rngPos]) { - m_ramArray2[rngPos] += 1; // if yes, just increment - } - - break; + // CORRUPTION_NONE = 0x01, valid parameter + // CORRUPTION_FIXED = 0x02, first and last byte changed to a fixed value + // CORRUPTION_FULLRANDOM = 0x03, completely random parameter data + // CORRUPTION_ONEBYTERANDOM = 0x04, one random byte randomly changed + // CORRUPTION_ZERO = 0x05, parameter competely zero + // CORRUPTION_ONE = 0x06, parameter completely one + sw = ecKeyGenerator.setCustomInvalidCurve(keyClass, keyClass, ECKeyGenerator.KEY_PUBLIC, EC_Consts.PARAMETER_B, corruptionType, m_ramArray, (short) 0); + Util.setShort(buffer, bufferOffset, sw); + bufferOffset += 2; + if (sw != ISO7816.SW_NO_ERROR) { + // if we reach this line, we are interested in value of B that caused incorrect response + break; // stop execution, return B + } + /* //TODO implement CORRUPT_B_LASTBYTEINCREMENT somehow case CORRUPT_B_LASTBYTEINCREMENT: m_ramArray2[(short) (m_lenB - 1)] += 1; // Make sure its not the valid byte again @@ -614,101 +490,54 @@ public class SimpleECCApplet extends javacard.framework.Applet m_ramArray2[(short) (m_lenB - 1)] += 1; // if yes, increment once more } break; - default: - ISOException.throwIt(SW_INVALID_CORRUPTION_TYPE); - break; - } - - - // Set corrupted B parameter - try { - ecPubKey.setB(m_ramArray2, (short) 0, m_lenB); - ecPrivKey.setB(m_ramArray2, (short) 0, m_lenB); - Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR); // ok if setB itself will not emit exception - bufferOffset += 2; - }catch (CryptoException e) { - Util.setShort(buffer, bufferOffset, e.getReason()); - bufferOffset += 2; - // if we reach this line, we are interested in value of B that caused incorrect response - break; // stop execution, return B - }catch (Exception e) { - Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN); - bufferOffset += 2; - // if we reach this line, we are interested in value of B that caused incorrect response - break; // stop execution, return B } + */ // Gen key pair with invalid curve - try { - buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE; - bufferOffset++; - // Should fail - ecKeyPair.genKeyPair(); + + buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE; + bufferOffset++; + // Should fail + sw = ecKeyGenerator.generatePair(); + Util.setShort(buffer, bufferOffset, sw); + bufferOffset += 2; + + if (sw == ISO7816.SW_NO_ERROR) { // If this line is reached, we generated key pair - what should not happen - Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR); - bufferOffset += 2; - - // if we reach this line, we are interested in value of B - try { - buffer[bufferOffset] = ECTEST_DH_GENERATESECRET; - bufferOffset++; - ecPrivKey = (ECPrivateKey) ecKeyPair.getPrivate(); - if (dhKeyAgreement == null) { - dhKeyAgreement = KeyAgreement.getInstance(KeyAgreement.ALG_EC_SVDP_DH, false); - } - dhKeyAgreement.init(ecPrivKey); - short lenW = ecPubKey.getW(m_ramArray2, (short) 0); // store valid B - dhKeyAgreement.generateSecret(m_ramArray2, (short) 0, lenW, m_ramArray, (short) 0); - } catch (CryptoException e) { - Util.setShort(buffer, bufferOffset, e.getReason()); - bufferOffset += 2; - } catch (Exception e) { - Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN); - bufferOffset += 2; - } - - break; // stop execution, return B - } catch (CryptoException e) { - Util.setShort(buffer, bufferOffset, e.getReason()); - bufferOffset += 2; - } catch (Exception e) { - Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN); + buffer[bufferOffset] = ECTEST_DH_GENERATESECRET; + bufferOffset++; + + ecPrivKey = ecKeyGenerator.getPrivateKey(); + ecPubKey = ecKeyGenerator.getPublicKey(); + + sw = ecKeyTester.testECDH_validPoint(ecPrivKey, ecPubKey, m_ramArray, (short) 0, m_ramArray2, (short) 0); + Util.setShort(buffer, bufferOffset, sw); bufferOffset += 2; + break; //stop execution, return B } - - // + // Generate keypair with valid curve - to check that whole engine is not somehow blocked // after previous attempt with invalid curve // // set valid curve buffer[bufferOffset] = ECTEST_SET_VALIDCURVE; bufferOffset++; - EC_Consts.setValidECKeyParams(ecPubKey, ecPrivKey, keyClass, keyLen, m_ramArray); - - Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR); + sw = ecKeyGenerator.setCustomCurve(keyClass, keyLen, m_ramArray, (short) 0); + + Util.setShort(buffer, bufferOffset, sw); bufferOffset += 2; // Gen key pair with valid curve - try { - buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE; - bufferOffset++; - // Should succeed - ecKeyPair.genKeyPair(); - // If this line is reached, we generated valid key pair (expected) - Util.setShort(buffer, bufferOffset, ISO7816.SW_NO_ERROR); - bufferOffset += 2; - } catch (CryptoException e) { - Util.setShort(buffer, bufferOffset, e.getReason()); - bufferOffset += 2; - // if we reach this line, we are interested in value of B that caused incorrect response - break; // stop execution, return B - } catch (Exception e) { - Util.setShort(buffer, bufferOffset, ISO7816.SW_UNKNOWN); - bufferOffset += 2; - // if we reach this line, we are interested in value of B that caused incorrect response - break; // stop execution, return B + buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE; + bufferOffset++; + + sw = ecKeyGenerator.generatePair(); + Util.setShort(buffer, bufferOffset, sw); + bufferOffset += 2; + if (sw != ISO7816.SW_NO_ERROR) { + break; } - + // If we reach this line => everything was as expected // Rewind offset in array back (no storage of info about expected runs) // bufferOffset = startOffset; done at beginning @@ -717,76 +546,64 @@ public class SimpleECCApplet extends javacard.framework.Applet bufferOffset += 2; } } - + // Set number of executed repeats Util.setShort(buffer, numExecutionsOffset, i); - + return (short) (bufferOffset - baseOffset); } - + void TestECSupportInvalidCurve_lastUsedParams(APDU apdu) { byte[] apdubuf = apdu.getBuffer(); apdu.setIncomingAndReceive(); - + short offset = 0; Util.arrayCopyNonAtomic(m_ramArray2, (short) 0, apdubuf, offset, m_lenB); offset += m_lenB; - + apdu.setOutgoingAndSend((short) 0, offset); } - - void AllocateKeyPairReturnDefCourve(APDU apdu) { + + void AllocateKeyPairReturnDefCurve(APDU apdu) { byte[] apdubuf = apdu.getBuffer(); apdu.setIncomingAndReceive(); short bitLen = Util.getShort(apdubuf, ISO7816.OFFSET_CDATA); - // Note: all locations shoudl happen in constructor. But here it is intentional + // Note: all locations should happen in constructor. But here it is intentional // as we like to test for result of allocation - ecKeyPair = new KeyPair(KeyPair.ALG_EC_FP, bitLen); + ecKeyGenerator.allocatePair(KeyPair.ALG_EC_FP, bitLen); // If required, generate also new key pair if (apdubuf[ISO7816.OFFSET_P1] == (byte) 1) { - ecPubKey = (ECPublicKey) ecKeyPair.getPublic(); - ecPrivKey = (ECPrivateKey) ecKeyPair.getPrivate(); - // Some implementation wil not return valid pub key until ecKeyPair.genKeyPair() is called - // Other implementation will fail with exception if same is called => try catch - try { - if (ecPubKey == null) { - ecKeyPair.genKeyPair(); - } - } catch (Exception e) { - } // do nothing // If required, initialize curve parameters first if (apdubuf[ISO7816.OFFSET_P2] == (byte) 2) { - EC_Consts.setValidECKeyParams(ecPubKey, ecPrivKey, KeyPair.ALG_EC_FP, bitLen, m_ramArray); + ecKeyGenerator.setCustomCurve(KeyPair.ALG_EC_FP, bitLen, m_ramArray, (short) 0); } // Now generate new keypair with either default or custom curve - ecKeyPair.genKeyPair(); - ecPubKey = (ECPublicKey) ecKeyPair.getPublic(); - ecPrivKey = (ECPrivateKey) ecKeyPair.getPrivate(); + ecKeyGenerator.generatePair(); - short len = 0; + short len; short offset = 0; // Export curve public parameters offset += 2; // reserve space for length - len = ecPubKey.getField(apdubuf, offset); + len = ecKeyGenerator.exportParameter(ECKeyGenerator.KEY_PUBLIC, EC_Consts.PARAMETER_FP, apdubuf, offset); Util.setShort(apdubuf, (short) (offset - 2), len); offset += len; offset += 2; // reserve space for length - len = ecPubKey.getA(apdubuf, offset); + len = ecKeyGenerator.exportParameter(ECKeyGenerator.KEY_PUBLIC, EC_Consts.PARAMETER_A, apdubuf, offset); Util.setShort(apdubuf, (short) (offset - 2), len); offset += len; offset += 2; // reserve space for length - len = ecPubKey.getB(apdubuf, offset); + len = ecKeyGenerator.exportParameter(ECKeyGenerator.KEY_PUBLIC, EC_Consts.PARAMETER_B, apdubuf, offset); Util.setShort(apdubuf, (short) (offset - 2), len); offset += len; offset += 2; // reserve space for length - len = ecPubKey.getR(apdubuf, offset); + len = ecKeyGenerator.exportParameter(ECKeyGenerator.KEY_PUBLIC, EC_Consts.PARAMETER_R, apdubuf, offset); Util.setShort(apdubuf, (short) (offset - 2), len); offset += len; /* @@ -812,8 +629,8 @@ public class SimpleECCApplet extends javacard.framework.Applet } // Generate fresh EC keypair - ecKeyPair.genKeyPair(); - ecPrivKey = (ECPrivateKey) ecKeyPair.getPrivate(); + ecKeyGenerator.generatePair(); + ecPrivKey = ecKeyGenerator.getPrivateKey(); if (dhKeyAgreement == null) { dhKeyAgreement = KeyAgreement.getInstance(KeyAgreement.ALG_EC_SVDP_DH, false); @@ -826,22 +643,6 @@ public class SimpleECCApplet extends javacard.framework.Applet apdu.setOutgoingAndSend((short) 0, secretLen); } - - - - - - - - - - - - - - - - /* void AllocateKeyPair(byte algorithm, short bitLen) { @@ -913,6 +714,6 @@ public class SimpleECCApplet extends javacard.framework.Applet apdu.setOutgoingAndSend((short) 0, offset); } -*/ +*/ } -- cgit v1.2.3-70-g09d2 From 6a68401612f5e61f966def58ed60eaff52b6f7f6 Mon Sep 17 00:00:00 2001 From: J08nY Date: Wed, 2 Nov 2016 00:21:42 +0100 Subject: EC_Consts: made parameters maskable ECKeyGenerator: since parameters are maskable, one can now setCustomInvalidCurve(curve, PARAMETER_A | PARAMETER_B,...) and the resulting curve will have both A and B invalid. --- src/applets/ECKeyGenerator.java | 27 ++++++++++++--------------- src/applets/ECKeyTester.java | 8 ++------ src/applets/EC_Consts.java | 20 ++++++++------------ src/applets/SimpleECCApplet.java | 23 ++++++++++++++--------- 4 files changed, 36 insertions(+), 42 deletions(-) (limited to 'src/applets/SimpleECCApplet.java') diff --git a/src/applets/ECKeyGenerator.java b/src/applets/ECKeyGenerator.java index c7155de..393c249 100644 --- a/src/applets/ECKeyGenerator.java +++ b/src/applets/ECKeyGenerator.java @@ -70,7 +70,7 @@ public class ECKeyGenerator { } if (sw != ISO7816.SW_NO_ERROR) return sw; - for (byte param = EC_Consts.PARAMETER_A; param < EC_Consts.PARAMETER_K; ++param) { + for (byte param = EC_Consts.PARAMETER_A; param <= EC_Consts.PARAMETER_K; param = (byte)(param << 1)) { length = EC_Consts.getCurveParameter(curve, param, buffer, offset); sw = setExternalParameter(KEY_BOTH, param, buffer, offset, length); if (sw != ISO7816.SW_NO_ERROR) break; @@ -86,8 +86,17 @@ public class ECKeyGenerator { short sw = setCustomCurve(curve, buffer, offset); if (sw != ISO7816.SW_NO_ERROR) return sw; - short length = EC_Consts.getCorruptCurveParameter(curve, param, buffer, offset, corruptionType); - sw = setExternalParameter(key, param, buffer, offset, length); + //go through param bit by bit, and invalidate all selected params + byte paramMask = 0x01; + while (paramMask <= EC_Consts.PARAMETER_K) { + byte masked = (byte)(paramMask & param); + if (masked != 0){ + short length = EC_Consts.getCorruptCurveParameter(curve, masked, buffer, offset, corruptionType); + sw = setExternalParameter(key, masked, buffer, offset, length); + if (sw != ISO7816.SW_NO_ERROR) return sw; + } + paramMask = (byte)(paramMask << 1); + } return sw; } @@ -139,12 +148,6 @@ public class ECKeyGenerator { if ((key & KEY_PUBLIC) != 0) ecPublicKey.setK(k); } break; - case EC_Consts.PARAMETER_S: - if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setS(data, offset, length); - break; - case EC_Consts.PARAMETER_W: - if ((key & KEY_PUBLIC) != 0) ecPublicKey.setW(data, offset, length); - break; default: result = ISO7816.SW_UNKNOWN; } @@ -189,12 +192,6 @@ public class ECKeyGenerator { if ((key & KEY_PRIVATE) != 0) Util.setShort(outputBuffer, outputOffset, ecPrivateKey.getK()); length = 2; break; - case EC_Consts.PARAMETER_S: - if ((key & KEY_PRIVATE) != 0) length = ecPrivateKey.getS(outputBuffer, outputOffset); - break; - case EC_Consts.PARAMETER_W: - if ((key & KEY_PUBLIC) != 0) length = ecPublicKey.getW(outputBuffer, outputOffset); - break; default: length = -1; } diff --git a/src/applets/ECKeyTester.java b/src/applets/ECKeyTester.java index 757ece7..1031b06 100644 --- a/src/applets/ECKeyTester.java +++ b/src/applets/ECKeyTester.java @@ -13,10 +13,6 @@ public class ECKeyTester { private KeyAgreement ecdhcKeyAgreement = null; private Signature ecdsaSignature = null; - //TODO: move these SW definitions to the main applet class. - public final static short SW_SIG_LENGTH_MISMATCH = (short) 0xee4; - public final static short SW_SIG_VERIFY_FAIL = (short) 0xee5; - public short allocateECDH() { short result = ISO7816.SW_NO_ERROR; try { @@ -150,12 +146,12 @@ public class ECKeyTester { short sigLength = ecdsaSignature.sign(inputBuffer, inputOffset, inputLength, sigBuffer, sigOffset); if (sigLength != 20) { // per javacard.security.Signature an ALG_ECDSA_SHA should be 20 bytes. - result = ECKeyTester.SW_SIG_LENGTH_MISMATCH; + result = SimpleECCApplet.SW_SIG_LENGTH_MISMATCH; } else { ecdsaSignature.init(verifyKey, Signature.MODE_VERIFY); boolean correct = ecdsaSignature.verify(inputBuffer, inputOffset, inputLength, sigBuffer, sigOffset, sigLength); if (!correct) { - result = ECKeyTester.SW_SIG_VERIFY_FAIL; + result = SimpleECCApplet.SW_SIG_VERIFY_FAIL; } } } catch (CryptoException ce) { diff --git a/src/applets/EC_Consts.java b/src/applets/EC_Consts.java index 7521979..8bfa7ff 100644 --- a/src/applets/EC_Consts.java +++ b/src/applets/EC_Consts.java @@ -17,18 +17,14 @@ public class EC_Consts { private static byte[] EC_F2M_F2M = null; //[short ii, short i2, short i3], f = x^m + x^i1 + x^i2 + x^i3 + 1 - public static final byte PARAMETER_FP = 1; - public static final byte PARAMETER_F2M = 2; - - public static final byte PARAMETER_A = 3; - public static final byte PARAMETER_B = 4; - public static final byte PARAMETER_G = 5; - public static final byte PARAMETER_R = 6; - public static final byte PARAMETER_K = 7; - - //TODO make params maskable, to allow for PARAMETER_A | PARAMETER_B passed to for example ECKeyGenerator.setInvalidCustomCurve - public static final byte PARAMETER_S = 8; //private key - public static final byte PARAMETER_W = 9; //public key + public static final byte PARAMETER_FP = 0x01; + public static final byte PARAMETER_F2M = 0x02; + + public static final byte PARAMETER_A = 0x04; + public static final byte PARAMETER_B = 0x08; + public static final byte PARAMETER_G = 0x10; + public static final byte PARAMETER_R = 0x20; + public static final byte PARAMETER_K = 0x40; public static RandomData m_random = null; diff --git a/src/applets/SimpleECCApplet.java b/src/applets/SimpleECCApplet.java index 79abd0e..683e61d 100644 --- a/src/applets/SimpleECCApplet.java +++ b/src/applets/SimpleECCApplet.java @@ -7,24 +7,24 @@ package applets; import javacard.framework.*; import javacard.security.*; -import javax.print.attribute.standard.MediaSize; public class SimpleECCApplet extends javacard.framework.Applet { + // MAIN INSTRUCTION CLASS - final static byte CLA_SIMPLEECCAPPLET = (byte) 0xB0; + final static byte CLA_SIMPLEECCAPPLET = (byte) 0xB0; // INSTRUCTIONS - final static byte INS_GENERATEKEY = (byte) 0x5a; - final static byte INS_ALLOCATEKEYPAIRS = (byte) 0x5b; + final static byte INS_GENERATEKEY = (byte) 0x5a; + final static byte INS_ALLOCATEKEYPAIRS = (byte) 0x5b; - final static byte INS_ALLOCATEKEYPAIR = (byte) 0x5c; - final static byte INS_DERIVEECDHSECRET = (byte) 0x5d; + final static byte INS_ALLOCATEKEYPAIR = (byte) 0x5c; + final static byte INS_DERIVEECDHSECRET = (byte) 0x5d; - final static byte INS_TESTECSUPPORTALL_FP = (byte) 0x5e; - final static byte INS_TESTECSUPPORTALL_F2M = (byte) 0x5f; + final static byte INS_TESTECSUPPORTALL_FP = (byte) 0x5e; + final static byte INS_TESTECSUPPORTALL_F2M = (byte) 0x5f; final static byte INS_TESTEC_GENERATEINVALID_FP = (byte) 0x70; final static byte INS_TESTECSUPPORT_GIVENALG = (byte) 0x71; - final static byte INS_TESTEC_LASTUSEDPARAMS = (byte) 0x40; + final static byte INS_TESTEC_LASTUSEDPARAMS = (byte) 0x40; final static short ARRAY_LENGTH = (short) 0xff; @@ -61,6 +61,8 @@ public class SimpleECCApplet extends javacard.framework.Applet { public final static short SW_SKIPPED = (short) 0x0ee1; public final static short SW_KEYPAIR_GENERATED_INVALID = (short) 0x0ee2; public final static short SW_INVALID_CORRUPTION_TYPE = (short) 0x0ee3; + public final static short SW_SIG_LENGTH_MISMATCH = (short) 0xee4; + public final static short SW_SIG_VERIFY_FAIL = (short) 0xee5; /* public static final byte[] EC192_FP_PUBLICW = new byte[]{ (byte) 0x04, (byte) 0xC9, (byte) 0xC0, (byte) 0xED, (byte) 0xFB, (byte) 0x27, @@ -454,6 +456,7 @@ public class SimpleECCApplet extends javacard.framework.Applet { ecPrivKey = ecKeyGenerator.getPrivateKey(); ecPubKey = ecKeyGenerator.getPublicKey(); + m_lenB = ecPubKey.getB(m_ramArray2, (short) 0); //store valid B short startOffset = bufferOffset; short i; @@ -511,6 +514,7 @@ public class SimpleECCApplet extends javacard.framework.Applet { ecPubKey = ecKeyGenerator.getPublicKey(); sw = ecKeyTester.testECDH_validPoint(ecPrivKey, ecPubKey, m_ramArray, (short) 0, m_ramArray2, (short) 0); + m_lenB = ecPubKey.getB(m_ramArray2, (short) 0); //store B Util.setShort(buffer, bufferOffset, sw); bufferOffset += 2; break; //stop execution, return B @@ -553,6 +557,7 @@ public class SimpleECCApplet extends javacard.framework.Applet { return (short) (bufferOffset - baseOffset); } + //TODO: generalize invalid B setting to all curve params void TestECSupportInvalidCurve_lastUsedParams(APDU apdu) { byte[] apdubuf = apdu.getBuffer(); apdu.setIncomingAndReceive(); -- cgit v1.2.3-70-g09d2 From c2be46f5881a3a8e63c0815de28f0516ceeb7bcc Mon Sep 17 00:00:00 2001 From: J08nY Date: Wed, 2 Nov 2016 21:05:56 +0100 Subject: Implemented External curve setting on applet side SimpleECCApplet: added TestEC_SupportExternal which receives an FP or F2M elliptic curve parameters in an APDU, sets it and tries ECDH, ECDSA. ECKeyGenerator: added setExternalCurve, which reads and sets external parameters from one buffer, with data order: field | a | b | g | r | k --- src/applets/ECKeyGenerator.java | 33 ++++++++ src/applets/SimpleECCApplet.java | 169 +++++++++++++++++++++++++++++++++++++-- src/simpleapdu/SimpleAPDU.java | 6 ++ 3 files changed, 200 insertions(+), 8 deletions(-) (limited to 'src/applets/SimpleECCApplet.java') diff --git a/src/applets/ECKeyGenerator.java b/src/applets/ECKeyGenerator.java index 393c249..28b3ed3 100644 --- a/src/applets/ECKeyGenerator.java +++ b/src/applets/ECKeyGenerator.java @@ -70,6 +70,7 @@ public class ECKeyGenerator { } if (sw != ISO7816.SW_NO_ERROR) return sw; + //go through all params for (byte param = EC_Consts.PARAMETER_A; param <= EC_Consts.PARAMETER_K; param = (byte)(param << 1)) { length = EC_Consts.getCurveParameter(curve, param, buffer, offset); sw = setExternalParameter(KEY_BOTH, param, buffer, offset, length); @@ -159,6 +160,38 @@ public class ECKeyGenerator { return result; } + public short setExternalCurve(byte key, byte keyClass, byte[] buffer, short offset, short fieldLength, short aLength, short bLength, short gxLength, short gyLength, short rLength){ + short sw = ISO7816.SW_NO_ERROR; + if (keyClass == KeyPair.ALG_EC_FP) { + sw = setExternalParameter(key, EC_Consts.PARAMETER_FP, buffer, offset, fieldLength); + } else if (keyClass == KeyPair.ALG_EC_F2M) { + sw = setExternalParameter(key, EC_Consts.PARAMETER_F2M, buffer, offset, fieldLength); + } + if (sw != ISO7816.SW_NO_ERROR) return sw; + + offset += fieldLength; + + //go through all params + sw = setExternalParameter(key, EC_Consts.PARAMETER_A, buffer, offset, aLength); + if (sw != ISO7816.SW_NO_ERROR) return sw; + offset += aLength; + sw = setExternalParameter(key, EC_Consts.PARAMETER_B, buffer, offset, bLength); + if (sw != ISO7816.SW_NO_ERROR) return sw; + offset += bLength; + + sw = setExternalParameter(key, EC_Consts.PARAMETER_G, buffer, offset, (short) (gxLength + gyLength)); + if (sw != ISO7816.SW_NO_ERROR) return sw; + offset += gxLength + gyLength; + + + sw = setExternalParameter(key, EC_Consts.PARAMETER_R, buffer, offset, aLength); + if (sw != ISO7816.SW_NO_ERROR) return sw; + offset += rLength; + + sw = setExternalParameter(key, EC_Consts.PARAMETER_K, buffer, offset, (short) 2); + return sw; + } + public short exportParameter(byte key, short param, byte[] outputBuffer, short outputOffset) { if (key == KEY_BOTH) { return -1; diff --git a/src/applets/SimpleECCApplet.java b/src/applets/SimpleECCApplet.java index 683e61d..3b5b514 100644 --- a/src/applets/SimpleECCApplet.java +++ b/src/applets/SimpleECCApplet.java @@ -11,20 +11,21 @@ import javacard.security.*; public class SimpleECCApplet extends javacard.framework.Applet { // MAIN INSTRUCTION CLASS - final static byte CLA_SIMPLEECCAPPLET = (byte) 0xB0; + final static byte CLA_SIMPLEECCAPPLET = (byte) 0xB0; // INSTRUCTIONS - final static byte INS_GENERATEKEY = (byte) 0x5a; - final static byte INS_ALLOCATEKEYPAIRS = (byte) 0x5b; + final static byte INS_GENERATEKEY = (byte) 0x5a; + final static byte INS_ALLOCATEKEYPAIRS = (byte) 0x5b; - final static byte INS_ALLOCATEKEYPAIR = (byte) 0x5c; - final static byte INS_DERIVEECDHSECRET = (byte) 0x5d; + final static byte INS_ALLOCATEKEYPAIR = (byte) 0x5c; + final static byte INS_DERIVEECDHSECRET = (byte) 0x5d; - final static byte INS_TESTECSUPPORTALL_FP = (byte) 0x5e; - final static byte INS_TESTECSUPPORTALL_F2M = (byte) 0x5f; + final static byte INS_TESTECSUPPORTALL_FP = (byte) 0x5e; + final static byte INS_TESTECSUPPORTALL_F2M = (byte) 0x5f; final static byte INS_TESTEC_GENERATEINVALID_FP = (byte) 0x70; final static byte INS_TESTECSUPPORT_GIVENALG = (byte) 0x71; - final static byte INS_TESTEC_LASTUSEDPARAMS = (byte) 0x40; + final static byte INS_TESTECSUPPORT_EXTERNAL = (byte) 0x72; + final static byte INS_TESTEC_LASTUSEDPARAMS = (byte) 0x40; final static short ARRAY_LENGTH = (short) 0xff; @@ -45,6 +46,9 @@ public class SimpleECCApplet extends javacard.framework.Applet { public final static byte ECTEST_ECDH_AGREEMENT_INVALID_POINT = (byte) 0xc8; public final static byte ECTEST_EXECUTED_REPEATS = (byte) 0xc9; public final static byte ECTEST_DH_GENERATESECRET = (byte) 0xca; + public final static byte ECTEST_SET_EXTERNALCURVE = (byte) 0xcb; + public final static byte ECTEST_GENERATE_KEYPAIR_EXTERNALCURVE = (byte) 0xcc; + public final static byte ECTEST_ECDSA_SIGNATURE = (byte) 0xcd; public final static short FLAG_ECTEST_ALLOCATE_KEYPAIR = (short) 0x0001; public final static short FLAG_ECTEST_GENERATE_KEYPAIR_DEFCURVE = (short) 0x0002; @@ -188,6 +192,9 @@ public class SimpleECCApplet extends javacard.framework.Applet { case INS_TESTEC_LASTUSEDPARAMS: TestECSupportInvalidCurve_lastUsedParams(apdu); break; + case INS_TESTECSUPPORT_EXTERNAL: + TestEC_SupportExternal(apdu); + break; /* case INS_ALLOCATEKEYPAIRS: AllocateKeyPairs(apdu); @@ -391,6 +398,152 @@ public class SimpleECCApplet extends javacard.framework.Applet { apdu.setOutgoingAndSend((short) 0, dataOffset); } + short TestECSupportExternalCurve(byte keyClass, short keyLength, byte[] buffer, short bufferOffset, short outputOffset) { + short startOffset = outputOffset; + + short fieldLength = Util.getShort(buffer, bufferOffset); + bufferOffset += 2; + short aLength = Util.getShort(buffer, bufferOffset); + bufferOffset += 2; + short bLength = Util.getShort(buffer, bufferOffset); + bufferOffset += 2; + short gxLength = Util.getShort(buffer, bufferOffset); + bufferOffset += 2; + short gyLength = Util.getShort(buffer, bufferOffset); + bufferOffset += 2; + short rLength = Util.getShort(buffer, bufferOffset); + bufferOffset += 2; + + buffer[outputOffset] = ECTEST_SEPARATOR; + outputOffset++; + + // allocatePair + buffer[outputOffset] = ECTEST_ALLOCATE_KEYPAIR; + outputOffset++; + short sw = ecKeyGenerator.allocatePair(keyClass, keyLength); + Util.setShort(buffer, outputOffset, sw); + outputOffset += 2; + if (sw != ISO7816.SW_NO_ERROR) { + return (short) (outputOffset - startOffset); + } + + // setExternalParam -> forall in {field, a, b, g, r, k} + buffer[outputOffset] = ECTEST_SET_EXTERNALCURVE; + outputOffset++; + sw = ecKeyGenerator.setExternalCurve(ECKeyGenerator.KEY_BOTH, keyClass, buffer, bufferOffset, fieldLength, aLength, bLength, gxLength, gyLength, rLength); + Util.setShort(buffer, outputOffset, sw); + outputOffset += 2; + if (sw != ISO7816.SW_NO_ERROR) { + return (short) (outputOffset - startOffset); + } + + // generatePair + buffer[outputOffset] = ECTEST_GENERATE_KEYPAIR_EXTERNALCURVE; + outputOffset++; + sw = ecKeyGenerator.generatePair(); + Util.setShort(buffer, outputOffset, sw); + outputOffset += 2; + if (sw != ISO7816.SW_NO_ERROR) { + return (short) (outputOffset - startOffset); + } + + ecPubKey = ecKeyGenerator.getPublicKey(); + ecPrivKey = ecKeyGenerator.getPrivateKey(); + + // test_ECDH + buffer[outputOffset] = ECTEST_ECDH_AGREEMENT_VALID_POINT; + outputOffset++; + sw = ecKeyTester.testECDH_validPoint(ecPrivKey, ecPubKey, m_ramArray, (short) 0, m_ramArray2, (short) 0); + Util.setShort(buffer, outputOffset, sw); + outputOffset += 2; + if (sw != ISO7816.SW_NO_ERROR) { + return (short) (outputOffset - startOffset); + } + + // test_ECDH invalid + buffer[outputOffset] = ECTEST_ECDH_AGREEMENT_INVALID_POINT; + outputOffset++; + sw = ecKeyTester.testECDH_invalidPoint(ecPrivKey, ecPubKey, m_ramArray, (short) 0, m_ramArray2, (short) 0); + Util.setShort(buffer, outputOffset, sw); + outputOffset += 2; + if (sw != ISO7816.SW_NO_ERROR) { + return (short) (outputOffset - startOffset); + } + + // test_ECDSA + buffer[outputOffset] = ECTEST_ECDSA_SIGNATURE; + outputOffset++; + randomData.generateData(m_ramArray, (short) 0, (short) (ARRAY_LENGTH / 2)); + sw = ecKeyTester.testECDSA(ecPrivKey, ecPubKey, m_ramArray, (short) 0, (short) (ARRAY_LENGTH / 2), m_ramArray2, (short) 0); + Util.setShort(buffer, outputOffset, sw); + outputOffset += 2; + if (sw != ISO7816.SW_NO_ERROR) { + return (short) (outputOffset - startOffset); + } + + return (short) (outputOffset - startOffset); + } + + /** + * Receives an FP or F2M elliptic curve parameters in the APDU. + * Then allocates a new keypair, sets said curve and tries ECDH, ECDSA. + * APDU format: + * byte CLA = CLA_SIMPLEECCAPPLET + * byte INS = INS_TESTECSUPPORT_EXTERNAL + * byte P0 + * byte P1 + *

+ * CDATA: + * byte keyClass -> KeyPair.ALG_EC_FP or KeyPair.ALG_EC_F2\M + * short keyLength + * short fieldLength + * short aLength + * short bLength + * short gxLength + * short gyLength + * short rLength + * field -> FP: prime / F2M: three or one short representing the reduction polynomial + * a + * b + * gx + * gy + * r + * short k + *

+ * Response APDU format: + * CDATA: + * byte ECTEST_SEPARATOR + * byte ECTEST_ALLOCATE_KEYPAIR + * short sw + * byte ECTEST_SET_EXTERNALCURVE + * short sw + * byte ECTEST_GENERATE_KEYPAIR_EXTERNALCURVE + * short sw + * byte ECTEST_ECDH_AGREEMENT_VALID_POINT + * short sw + * byte ECTEST_ECDH_AGREEMENT_INVALID_POINT + * short sw + * byte ECTEST_ECDSA_SIGNATURE + * short sw + * + * @param apdu + */ + void TestEC_SupportExternal(APDU apdu) { + byte[] apdubuf = apdu.getBuffer(); + short len = apdu.setIncomingAndReceive(); + + short offset = ISO7816.OFFSET_CDATA; + byte keyClass = apdubuf[offset]; + ++offset; + short keyLength = Util.getShort(apdubuf, offset); + offset += 2; + + short dataLength = TestECSupportExternalCurve(keyClass, keyLength, apdubuf, offset, (short) 0); + + apdu.setOutgoingAndSend((short) 0, dataLength); + } + + void TestEC_FP_GenerateInvalidCurve(APDU apdu) { byte[] apdubuf = apdu.getBuffer(); short len = apdu.setIncomingAndReceive(); diff --git a/src/simpleapdu/SimpleAPDU.java b/src/simpleapdu/SimpleAPDU.java index 5baf9a6..7401509 100644 --- a/src/simpleapdu/SimpleAPDU.java +++ b/src/simpleapdu/SimpleAPDU.java @@ -168,6 +168,12 @@ public class SimpleAPDU { if (code == SimpleECCApplet.SW_INVALID_CORRUPTION_TYPE) { codeStr = "SW_INVALID_CORRUPTION_TYPE"; } + if (code == SimpleECCApplet.SW_SIG_LENGTH_MISMATCH) { + codeStr = "SW_SIG_LENGTH_MISMATCH"; + } + if (code == SimpleECCApplet.SW_SIG_VERIFY_FAIL) { + codeStr = "SW_SIG_VERIFY_FAIL"; + } return String.format("fail\t(%s,\t0x%4x)", codeStr, code); } } -- cgit v1.2.3-70-g09d2 From 7d946796d87638a5f54cc8562c9d3a95309cf3cc Mon Sep 17 00:00:00 2001 From: J08nY Date: Mon, 7 Nov 2016 20:26:50 +0100 Subject: ECKeyGenerator: fixes to key genertion, ECKeyTester: fixed ECDH/ECDHC pubkey length issue. EC_Consts: fixed decompressG and getCurveParameter array copy mismatch SimpleECCApplet: fixed B parameter test All tests now pass as before. --- src/applets/ECKeyGenerator.java | 102 ++++++++++++++++++++++----------------- src/applets/ECKeyTester.java | 16 +++--- src/applets/EC_Consts.java | 31 ++++++++---- src/applets/SimpleECCApplet.java | 29 +++++------ src/simpleapdu/SimpleAPDU.java | 2 +- 5 files changed, 102 insertions(+), 78 deletions(-) (limited to 'src/applets/SimpleECCApplet.java') diff --git a/src/applets/ECKeyGenerator.java b/src/applets/ECKeyGenerator.java index 28b3ed3..e9bdfa6 100644 --- a/src/applets/ECKeyGenerator.java +++ b/src/applets/ECKeyGenerator.java @@ -1,6 +1,7 @@ package applets; import javacard.framework.ISO7816; +import javacard.framework.ISOException; import javacard.framework.Util; import javacard.security.CryptoException; import javacard.security.ECPrivateKey; @@ -16,17 +17,18 @@ public class ECKeyGenerator { private ECPrivateKey ecPrivateKey = null; private ECPublicKey ecPublicKey = null; - public static final byte KEY_PUBLIC = 0x1; - public static final byte KEY_PRIVATE = 0x2; - public static final byte KEY_BOTH = KEY_PUBLIC & KEY_PRIVATE; + public static final byte KEY_PUBLIC = 0x01; + public static final byte KEY_PRIVATE = 0x02; + public static final byte KEY_BOTH = KEY_PUBLIC | KEY_PRIVATE; - public short allocatePair(byte algorithm, short keyLength) { + //TODO: add something like allocateGenerate, or modify allocate to auto-generate a key-pair if it returns null key references after allocating + public short allocatePair(byte keyClass, short keyLength) { short result = ISO7816.SW_NO_ERROR; try { - ecKeyPair = new KeyPair(algorithm, keyLength); - ecPrivateKey = (ECPrivateKey) ecKeyPair.getPrivate(); + ecKeyPair = new KeyPair(keyClass, keyLength); ecPublicKey = (ECPublicKey) ecKeyPair.getPublic(); + ecPrivateKey = (ECPrivateKey) ecKeyPair.getPrivate(); } catch (CryptoException ce) { result = ce.getReason(); } catch (Exception e) { @@ -36,15 +38,15 @@ public class ECKeyGenerator { } public boolean isAllocated() { - return ecKeyPair != null && ecPrivateKey != null && ecPublicKey != null; + return ecKeyPair != null; } public short generatePair() { short result = ISO7816.SW_NO_ERROR; try { ecKeyPair.genKeyPair(); - ecPrivateKey = (ECPrivateKey) ecKeyPair.getPrivate(); ecPublicKey = (ECPublicKey) ecKeyPair.getPublic(); + ecPrivateKey = (ECPrivateKey) ecKeyPair.getPrivate(); } catch (CryptoException ce) { result = ce.getReason(); } catch (Exception e) { @@ -63,18 +65,20 @@ public class ECKeyGenerator { short length; if (alg == KeyPair.ALG_EC_FP) { length = EC_Consts.getCurveParameter(curve, EC_Consts.PARAMETER_FP, buffer, offset); - sw = setExternalParameter(KEY_BOTH, EC_Consts.PARAMETER_FP, buffer, offset, length); + sw = setParameter(KEY_BOTH, EC_Consts.PARAMETER_FP, buffer, offset, length); } else if (alg == KeyPair.ALG_EC_F2M) { length = EC_Consts.getCurveParameter(curve, EC_Consts.PARAMETER_F2M, buffer, offset); - sw = setExternalParameter(KEY_BOTH, EC_Consts.PARAMETER_F2M, buffer, offset, length); + sw = setParameter(KEY_BOTH, EC_Consts.PARAMETER_F2M, buffer, offset, length); } if (sw != ISO7816.SW_NO_ERROR) return sw; //go through all params - for (byte param = EC_Consts.PARAMETER_A; param <= EC_Consts.PARAMETER_K; param = (byte)(param << 1)) { + byte param = EC_Consts.PARAMETER_A; + while (param > 0) { length = EC_Consts.getCurveParameter(curve, param, buffer, offset); - sw = setExternalParameter(KEY_BOTH, param, buffer, offset, length); + sw = setParameter(KEY_BOTH, param, buffer, offset, length); if (sw != ISO7816.SW_NO_ERROR) break; + param = (byte) (param << 1); } return sw; } @@ -89,68 +93,76 @@ public class ECKeyGenerator { //go through param bit by bit, and invalidate all selected params byte paramMask = 0x01; - while (paramMask <= EC_Consts.PARAMETER_K) { - byte masked = (byte)(paramMask & param); - if (masked != 0){ + while (paramMask > 0) { + byte masked = (byte) (paramMask & param); + if (masked != 0) { short length = EC_Consts.getCorruptCurveParameter(curve, masked, buffer, offset, corruptionType); - sw = setExternalParameter(key, masked, buffer, offset, length); + sw = setParameter(key, masked, buffer, offset, length); if (sw != ISO7816.SW_NO_ERROR) return sw; } - paramMask = (byte)(paramMask << 1); + paramMask = (byte) (paramMask << 1); } return sw; } - public short setExternalParameter(byte key, byte param, byte[] data, short offset, short length) { + public short setParameter(byte key, byte param, byte[] data, short offset, short length) { short result = ISO7816.SW_NO_ERROR; try { switch (param) { - case EC_Consts.PARAMETER_FP: - if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setFieldFP(data, offset, length); + case EC_Consts.PARAMETER_FP: { if ((key & KEY_PUBLIC) != 0) ecPublicKey.setFieldFP(data, offset, length); + if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setFieldFP(data, offset, length); break; - case EC_Consts.PARAMETER_F2M: + } + case EC_Consts.PARAMETER_F2M: { if (length == 2) { short i = Util.makeShort(data[offset], data[(short) (offset + 1)]); - if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setFieldF2M(i); if ((key & KEY_PUBLIC) != 0) ecPublicKey.setFieldF2M(i); + if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setFieldF2M(i); } else if (length == 6) { short i1 = Util.makeShort(data[offset], data[(short) (offset + 1)]); short i2 = Util.makeShort(data[(short) (offset + 2)], data[(short) (offset + 3)]); short i3 = Util.makeShort(data[(short) (offset + 4)], data[(short) (offset + 5)]); - if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setFieldF2M(i1, i2, i3); if ((key & KEY_PUBLIC) != 0) ecPublicKey.setFieldF2M(i1, i2, i3); + if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setFieldF2M(i1, i2, i3); } else { result = ISO7816.SW_UNKNOWN; } break; - case EC_Consts.PARAMETER_A: - if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setA(data, offset, length); + } + case EC_Consts.PARAMETER_A: { if ((key & KEY_PUBLIC) != 0) ecPublicKey.setA(data, offset, length); + if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setA(data, offset, length); break; - case EC_Consts.PARAMETER_B: - if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setB(data, offset, length); + } + case EC_Consts.PARAMETER_B: { if ((key & KEY_PUBLIC) != 0) ecPublicKey.setB(data, offset, length); + if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setB(data, offset, length); break; - case EC_Consts.PARAMETER_G: - if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setG(data, offset, length); + } + case EC_Consts.PARAMETER_G: { if ((key & KEY_PUBLIC) != 0) ecPublicKey.setG(data, offset, length); + if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setG(data, offset, length); break; - case EC_Consts.PARAMETER_R: - if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setR(data, offset, length); + } + case EC_Consts.PARAMETER_R: { if ((key & KEY_PUBLIC) != 0) ecPublicKey.setR(data, offset, length); + if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setR(data, offset, length); break; - case EC_Consts.PARAMETER_K: + } + case EC_Consts.PARAMETER_K: { if (length != 2) { result = ISO7816.SW_UNKNOWN; } else { - short k = Util.makeShort(data[offset], data[(short) (offset + 1)]); - if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setK(k); + short k = Util.getShort(data, offset); if ((key & KEY_PUBLIC) != 0) ecPublicKey.setK(k); + if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setK(k); } break; - default: - result = ISO7816.SW_UNKNOWN; + } + default: { + ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); + } } } catch (CryptoException ce) { result = ce.getReason(); @@ -160,35 +172,35 @@ public class ECKeyGenerator { return result; } - public short setExternalCurve(byte key, byte keyClass, byte[] buffer, short offset, short fieldLength, short aLength, short bLength, short gxLength, short gyLength, short rLength){ + public short setExternalCurve(byte key, byte keyClass, byte[] buffer, short offset, short fieldLength, short aLength, short bLength, short gxLength, short gyLength, short rLength) { short sw = ISO7816.SW_NO_ERROR; if (keyClass == KeyPair.ALG_EC_FP) { - sw = setExternalParameter(key, EC_Consts.PARAMETER_FP, buffer, offset, fieldLength); + sw = setParameter(key, EC_Consts.PARAMETER_FP, buffer, offset, fieldLength); } else if (keyClass == KeyPair.ALG_EC_F2M) { - sw = setExternalParameter(key, EC_Consts.PARAMETER_F2M, buffer, offset, fieldLength); + sw = setParameter(key, EC_Consts.PARAMETER_F2M, buffer, offset, fieldLength); } if (sw != ISO7816.SW_NO_ERROR) return sw; offset += fieldLength; //go through all params - sw = setExternalParameter(key, EC_Consts.PARAMETER_A, buffer, offset, aLength); + sw = setParameter(key, EC_Consts.PARAMETER_A, buffer, offset, aLength); if (sw != ISO7816.SW_NO_ERROR) return sw; offset += aLength; - sw = setExternalParameter(key, EC_Consts.PARAMETER_B, buffer, offset, bLength); + sw = setParameter(key, EC_Consts.PARAMETER_B, buffer, offset, bLength); if (sw != ISO7816.SW_NO_ERROR) return sw; offset += bLength; - sw = setExternalParameter(key, EC_Consts.PARAMETER_G, buffer, offset, (short) (gxLength + gyLength)); + sw = setParameter(key, EC_Consts.PARAMETER_G, buffer, offset, (short) (gxLength + gyLength)); if (sw != ISO7816.SW_NO_ERROR) return sw; offset += gxLength + gyLength; - sw = setExternalParameter(key, EC_Consts.PARAMETER_R, buffer, offset, aLength); + sw = setParameter(key, EC_Consts.PARAMETER_R, buffer, offset, aLength); if (sw != ISO7816.SW_NO_ERROR) return sw; offset += rLength; - sw = setExternalParameter(key, EC_Consts.PARAMETER_K, buffer, offset, (short) 2); + sw = setParameter(key, EC_Consts.PARAMETER_K, buffer, offset, (short) 2); return sw; } @@ -226,7 +238,7 @@ public class ECKeyGenerator { length = 2; break; default: - length = -1; + ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); } } catch (CryptoException ce) { length = -1; diff --git a/src/applets/ECKeyTester.java b/src/applets/ECKeyTester.java index 1031b06..d6ff6c1 100644 --- a/src/applets/ECKeyTester.java +++ b/src/applets/ECKeyTester.java @@ -91,13 +91,13 @@ public class ECKeyTester { * exception reason otherwise **/ public short testECDH_validPoint(ECPrivateKey privateKey, ECPublicKey publicKey, byte[] pubkeyBuffer, short pubkeyOffset, byte[] outputBuffer, short outputOffset) { - publicKey.getW(pubkeyBuffer, pubkeyOffset); - return testDH_validPoint(ecdhKeyAgreement, privateKey, pubkeyBuffer, pubkeyOffset, (short) pubkeyBuffer.length, outputBuffer, outputOffset); + short length = publicKey.getW(pubkeyBuffer, pubkeyOffset); + return testDH_validPoint(ecdhKeyAgreement, privateKey, pubkeyBuffer, pubkeyOffset, length, outputBuffer, outputOffset); } public short testECDH_invalidPoint(ECPrivateKey privateKey, ECPublicKey publicKey, byte[] pubkeyBuffer, short pubkeyOffset, byte[] outputBuffer, short outputOffset) { - publicKey.getW(pubkeyBuffer, pubkeyOffset); - return testDH_invalidPoint(ecdhKeyAgreement, privateKey, pubkeyBuffer, pubkeyOffset, (short) pubkeyBuffer.length, outputBuffer, outputOffset); + short length = publicKey.getW(pubkeyBuffer, pubkeyOffset); + return testDH_invalidPoint(ecdhKeyAgreement, privateKey, pubkeyBuffer, pubkeyOffset, length, outputBuffer, outputOffset); } @@ -115,13 +115,13 @@ public class ECKeyTester { * exception reason otherwise */ public short testECDHC_validPoint(ECPrivateKey privateKey, ECPublicKey publicKey, byte[] pubkeyBuffer, short pubkeyOffset, byte[] outputBuffer, short outputOffset) { - publicKey.getW(pubkeyBuffer, pubkeyOffset); - return testDH_validPoint(ecdhcKeyAgreement, privateKey, pubkeyBuffer, pubkeyOffset, (short) pubkeyBuffer.length, outputBuffer, outputOffset); + short length = publicKey.getW(pubkeyBuffer, pubkeyOffset); + return testDH_validPoint(ecdhcKeyAgreement, privateKey, pubkeyBuffer, pubkeyOffset, length, outputBuffer, outputOffset); } public short testECDHC_invalidPoint(ECPrivateKey privateKey, ECPublicKey publicKey, byte[] pubkeyBuffer, short pubkeyOffset, byte[] outputBuffer, short outputOffset) { - publicKey.getW(pubkeyBuffer, pubkeyOffset); - return testDH_invalidPoint(ecdhcKeyAgreement, privateKey, pubkeyBuffer, pubkeyOffset, (short) pubkeyBuffer.length, outputBuffer, outputOffset); + short length = publicKey.getW(pubkeyBuffer, pubkeyOffset); + return testDH_invalidPoint(ecdhcKeyAgreement, privateKey, pubkeyBuffer, pubkeyOffset, length, outputBuffer, outputOffset); } /** diff --git a/src/applets/EC_Consts.java b/src/applets/EC_Consts.java index e39570a..d5f23d1 100644 --- a/src/applets/EC_Consts.java +++ b/src/applets/EC_Consts.java @@ -70,7 +70,7 @@ public class EC_Consts { // cofactor of G public static final short EC128_FP_K = 1; - // secp160r1 + // secp160r1 public static final byte[] EC160_FP_P = new byte[]{ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, @@ -1108,32 +1108,32 @@ public class EC_Consts { switch (param) { case PARAMETER_FP: if (alg == KeyPair.ALG_EC_FP) { - length = Util.arrayCopyNonAtomic(outputBuffer, outputOffset, EC_FP_P, (short) 0, (short) EC_FP_P.length); + length = Util.arrayCopyNonAtomic(EC_FP_P, (short) 0, outputBuffer, outputOffset, (short) EC_FP_P.length); } break; case PARAMETER_F2M: if (alg == KeyPair.ALG_EC_F2M) { - length = Util.arrayCopyNonAtomic(outputBuffer, outputOffset, EC_F2M_F2M, (short) 0, (short) EC_F2M_F2M.length); + length = Util.arrayCopyNonAtomic(EC_F2M_F2M, (short) 0, outputBuffer, outputOffset, (short) EC_F2M_F2M.length); } break; case PARAMETER_A: - length = Util.arrayCopyNonAtomic(outputBuffer, outputOffset, EC_A, (short) 0, (short) EC_A.length); + length = Util.arrayCopyNonAtomic(EC_A, (short) 0, outputBuffer, outputOffset, (short) EC_A.length); break; case PARAMETER_B: - length = Util.arrayCopyNonAtomic(outputBuffer, outputOffset, EC_B, (short) 0, (short) EC_B.length); + length = Util.arrayCopyNonAtomic(EC_B, (short) 0, outputBuffer, outputOffset, (short) EC_B.length); break; case PARAMETER_G: length = decompressG(outputBuffer, outputOffset, EC_G_X, (short) 0, (short) EC_G_X.length, EC_G_Y, (short) 0, (short) EC_G_Y.length); break; case PARAMETER_R: - length = Util.arrayCopyNonAtomic(outputBuffer, outputOffset, EC_R, (short) 0, (short) EC_R.length); + length = Util.arrayCopyNonAtomic(EC_R, (short) 0, outputBuffer, outputOffset, (short) EC_R.length); break; case PARAMETER_K: length = 2; Util.setShort(outputBuffer, outputOffset, EC_K); break; default: - length = -1; + ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); } return length; } @@ -1169,9 +1169,9 @@ public class EC_Consts { rngPos %= length; // make < param length byte original = outputBuffer[rngPos]; - while (original != outputBuffer[rngPos]) { + do { m_random.generateData(outputBuffer, rngPos, (short) 1); - } + } while (original == outputBuffer[rngPos]); break; case CORRUPTION_ZERO: Util.arrayFillNonAtomic(outputBuffer, outputOffset, length, (byte) 0); @@ -1181,6 +1181,16 @@ public class EC_Consts { break; default: ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); + /* //TODO implement CORRUPT_B_LASTBYTEINCREMENT somehow + case CORRUPT_B_LASTBYTEINCREMENT: + m_ramArray2[(short) (m_lenB - 1)] += 1; + // Make sure its not the valid byte again + if (m_ramArray[(short) (m_lenB - 1)] == m_ramArray2[(short) (m_lenB - 1)]) { + m_ramArray2[(short) (m_lenB - 1)] += 1; // if yes, increment once more + } + break; + } + */ } return length; } @@ -1193,10 +1203,11 @@ public class EC_Consts { short size = 1; size += gxLength; size += gyLength; + short offset = outputOffset; + outputBuffer[offset] = 0x04; offset += 1; - outputBuffer[offset] = 0x04; offset = Util.arrayCopyNonAtomic(gx, gxOffset, outputBuffer, offset, gxLength); Util.arrayCopyNonAtomic(gy, gyOffset, outputBuffer, offset, gyLength); return size; diff --git a/src/applets/SimpleECCApplet.java b/src/applets/SimpleECCApplet.java index 3b5b514..404bf00 100644 --- a/src/applets/SimpleECCApplet.java +++ b/src/applets/SimpleECCApplet.java @@ -8,7 +8,7 @@ import javacard.framework.*; import javacard.security.*; -public class SimpleECCApplet extends javacard.framework.Applet { +public class SimpleECCApplet extends Applet { // MAIN INSTRUCTION CLASS final static byte CLA_SIMPLEECCAPPLET = (byte) 0xB0; @@ -297,7 +297,7 @@ public class SimpleECCApplet extends javacard.framework.Applet { ecPubKey = ecKeyGenerator.getPublicKey(); ecPrivKey = ecKeyGenerator.getPrivateKey(); if (sw == ISO7816.SW_NO_ERROR) { - sw = ecKeyTester.testECDH_validPoint(ecPrivKey, ecPubKey, m_ramArray, (short) 0, m_ramArray2, (short) 1); + sw = ecKeyTester.testECDH_validPoint(ecPrivKey, ecPubKey, m_ramArray, (short) 0, m_ramArray2, (short) 0); } } Util.setShort(buffer, bufferOffset, sw); @@ -427,7 +427,7 @@ public class SimpleECCApplet extends javacard.framework.Applet { return (short) (outputOffset - startOffset); } - // setExternalParam -> forall in {field, a, b, g, r, k} + // setExternalCurve buffer[outputOffset] = ECTEST_SET_EXTERNALCURVE; outputOffset++; sw = ecKeyGenerator.setExternalCurve(ECKeyGenerator.KEY_BOTH, keyClass, buffer, bufferOffset, fieldLength, aLength, bLength, gxLength, gyLength, rLength); @@ -598,10 +598,18 @@ public class SimpleECCApplet extends javacard.framework.Applet { } else { testFlags = 0; } + + if (ecPubKey == null || ecPrivKey == null) { + ecKeyGenerator.generatePair(); + ecPrivKey = ecKeyGenerator.getPrivateKey(); + ecPubKey = ecKeyGenerator.getPublicKey(); + } } Util.setShort(buffer, bufferOffset, sw); bufferOffset += 2; + + // // 2. Set invalid custom curve (many times) // @@ -620,6 +628,8 @@ public class SimpleECCApplet extends javacard.framework.Applet { bufferOffset = startOffset; } + ecPubKey.getB(m_ramArray2, (short) 0); //store valid B + // set invalid curve buffer[bufferOffset] = ECTEST_SET_INVALIDCURVE; bufferOffset++; @@ -631,23 +641,13 @@ public class SimpleECCApplet extends javacard.framework.Applet { // CORRUPTION_ONEBYTERANDOM = 0x04, one random byte randomly changed // CORRUPTION_ZERO = 0x05, parameter competely zero // CORRUPTION_ONE = 0x06, parameter completely one - sw = ecKeyGenerator.setCustomInvalidCurve(keyClass, keyClass, ECKeyGenerator.KEY_PUBLIC, EC_Consts.PARAMETER_B, corruptionType, m_ramArray, (short) 0); + sw = ecKeyGenerator.setCustomInvalidCurve(keyClass, keyLen, ECKeyGenerator.KEY_BOTH, EC_Consts.PARAMETER_B, corruptionType, m_ramArray, (short) 0); Util.setShort(buffer, bufferOffset, sw); bufferOffset += 2; if (sw != ISO7816.SW_NO_ERROR) { // if we reach this line, we are interested in value of B that caused incorrect response break; // stop execution, return B } - /* //TODO implement CORRUPT_B_LASTBYTEINCREMENT somehow - case CORRUPT_B_LASTBYTEINCREMENT: - m_ramArray2[(short) (m_lenB - 1)] += 1; - // Make sure its not the valid byte again - if (m_ramArray[(short) (m_lenB - 1)] == m_ramArray2[(short) (m_lenB - 1)]) { - m_ramArray2[(short) (m_lenB - 1)] += 1; // if yes, increment once more - } - break; - } - */ // Gen key pair with invalid curve @@ -668,6 +668,7 @@ public class SimpleECCApplet extends javacard.framework.Applet { sw = ecKeyTester.testECDH_validPoint(ecPrivKey, ecPubKey, m_ramArray, (short) 0, m_ramArray2, (short) 0); m_lenB = ecPubKey.getB(m_ramArray2, (short) 0); //store B + //TODO: note, according to the previous version of this method, sw should get appended to the buffer only if sw != SW_NO_ERROR Util.setShort(buffer, bufferOffset, sw); bufferOffset += 2; break; //stop execution, return B diff --git a/src/simpleapdu/SimpleAPDU.java b/src/simpleapdu/SimpleAPDU.java index 7401509..ead8fb7 100644 --- a/src/simpleapdu/SimpleAPDU.java +++ b/src/simpleapdu/SimpleAPDU.java @@ -106,7 +106,7 @@ public class SimpleAPDU { if (cardManager.ConnectToCard()) { testSupportECAll(cardManager); - + // // Test setting invalid parameter B of curve byte[] testAPDU = Arrays.clone(TESTECSUPPORTALL_FP_KEYGEN_INVALIDCURVEB); //testFPkeyGen_setCorruptionType(testAPDU, SimpleECCApplet.CORRUPT_B_LASTBYTEINCREMENT); -- cgit v1.2.3-70-g09d2 From 1a0d0b14ff7720b98ffdda4651bf1b58d34203bd Mon Sep 17 00:00:00 2001 From: J08nY Date: Sat, 26 Nov 2016 19:24:37 +0100 Subject: Added tests for non-prime p, ECDSA into the main test suite. Also fixed ECDSA test. --- !uploader/simpleECC.cap | Bin 9854 -> 14367 bytes dist/SimpleAPDU.jar | Bin 52783 -> 3071803 bytes src/applets/ECKeyTester.java | 14 ++++----- src/applets/SimpleECCApplet.java | 61 +++++++++++++++++++++++++++++++++++---- src/simpleapdu/SimpleAPDU.java | 52 ++++++++++++--------------------- 5 files changed, 79 insertions(+), 48 deletions(-) (limited to 'src/applets/SimpleECCApplet.java') diff --git a/!uploader/simpleECC.cap b/!uploader/simpleECC.cap index 9d36664..7d019f4 100644 Binary files a/!uploader/simpleECC.cap and b/!uploader/simpleECC.cap differ diff --git a/dist/SimpleAPDU.jar b/dist/SimpleAPDU.jar index 3a13dc6..88b4ab9 100644 Binary files a/dist/SimpleAPDU.jar and b/dist/SimpleAPDU.jar differ diff --git a/src/applets/ECKeyTester.java b/src/applets/ECKeyTester.java index d6ff6c1..acfb64e 100644 --- a/src/applets/ECKeyTester.java +++ b/src/applets/ECKeyTester.java @@ -143,16 +143,12 @@ public class ECKeyTester { short result = ISO7816.SW_NO_ERROR; try { ecdsaSignature.init(signKey, Signature.MODE_SIGN); - short sigLength = ecdsaSignature.sign(inputBuffer, inputOffset, inputLength, sigBuffer, sigOffset); - if (sigLength != 20) { // per javacard.security.Signature an ALG_ECDSA_SHA should be 20 bytes. - result = SimpleECCApplet.SW_SIG_LENGTH_MISMATCH; - } else { - ecdsaSignature.init(verifyKey, Signature.MODE_VERIFY); - boolean correct = ecdsaSignature.verify(inputBuffer, inputOffset, inputLength, sigBuffer, sigOffset, sigLength); - if (!correct) { - result = SimpleECCApplet.SW_SIG_VERIFY_FAIL; - } + + ecdsaSignature.init(verifyKey, Signature.MODE_VERIFY); + boolean correct = ecdsaSignature.verify(inputBuffer, inputOffset, inputLength, sigBuffer, sigOffset, sigLength); + if (!correct) { + result = SimpleECCApplet.SW_SIG_VERIFY_FAIL; } } catch (CryptoException ce) { result = ce.getReason(); diff --git a/src/applets/SimpleECCApplet.java b/src/applets/SimpleECCApplet.java index 8ec9e67..9901aee 100644 --- a/src/applets/SimpleECCApplet.java +++ b/src/applets/SimpleECCApplet.java @@ -53,6 +53,8 @@ public class SimpleECCApplet extends Applet { public final static byte ECTEST_SET_EXTERNALCURVE = (byte) 0xcb; public final static byte ECTEST_GENERATE_KEYPAIR_EXTERNALCURVE = (byte) 0xcc; public final static byte ECTEST_ECDSA_SIGNATURE = (byte) 0xcd; + public final static byte ECTEST_SET_INVALIDFIELD = (byte) 0xce; + public final static byte ECTEST_GENERATE_KEYPAIR_INVALIDFIELD = (byte) 0xcf; public final static short FLAG_ECTEST_ALLOCATE_KEYPAIR = (short) 0x0001; public final static short FLAG_ECTEST_GENERATE_KEYPAIR_DEFCURVE = (short) 0x0002; @@ -62,15 +64,17 @@ public class SimpleECCApplet extends Applet { public final static short FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE = (short) 0x0020; public final static short FLAG_ECTEST_ECDH_AGREEMENT_VALID_POINT = (short) 0x0040; public final static short FLAG_ECTEST_ECDH_AGREEMENT_INVALID_POINT = (short) 0x0080; + public final static short FLAG_ECTEST_ECDSA_SIGNATURE = (short) 0x0100; + public final static short FLAG_ECTEST_SET_INVALIDFIELD = (short) 0x0200; + public final static short FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDFIELD = (short) 0x0400; - public final static short FLAG_ECTEST_ALL = (short) 0x00ff; + public final static short FLAG_ECTEST_ALL = (short) 0xffff; public final static short SW_SKIPPED = (short) 0x0ee1; public final static short SW_KEYPAIR_GENERATED_INVALID = (short) 0x0ee2; public final static short SW_INVALID_CORRUPTION_TYPE = (short) 0x0ee3; - public final static short SW_SIG_LENGTH_MISMATCH = (short) 0xee4; - public final static short SW_SIG_VERIFY_FAIL = (short) 0xee5; + public final static short SW_SIG_VERIFY_FAIL = (short) 0xee4; /* public static final byte[] EC192_FP_PUBLICW = new byte[]{ (byte) 0x04, (byte) 0xC9, (byte) 0xC0, (byte) 0xED, (byte) 0xFB, (byte) 0x27, @@ -325,7 +329,25 @@ public class SimpleECCApplet extends Applet { bufferOffset += 2; // - // 7. Set invalid custom curve + // 7. ECDSA test + // + buffer[bufferOffset] = ECTEST_ECDSA_SIGNATURE; + bufferOffset++; + sw = SW_SKIPPED; + if ((testFlags & FLAG_ECTEST_ECDSA_SIGNATURE) != (short) 0) { + sw = ecKeyGenerator.generatePair(); + ecPubKey = ecKeyGenerator.getPublicKey(); + ecPrivKey = ecKeyGenerator.getPrivateKey(); + if (sw == ISO7816.SW_NO_ERROR) { + sw = ecKeyTester.testECDSA(ecPrivKey, ecPubKey, m_ramArray2, (short) 0, (short) m_ramArray2.length, m_ramArray, (short) 0); + } + + } + Util.setShort(buffer, bufferOffset, sw); + bufferOffset += 2; + + // + // 8. Set invalid custom curve // buffer[bufferOffset] = ECTEST_SET_INVALIDCURVE; bufferOffset++; @@ -341,7 +363,7 @@ public class SimpleECCApplet extends Applet { bufferOffset += 2; // - // 8. Generate keypair with invalid custom curve + // 9. Generate keypair with invalid custom curve // buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE; bufferOffset++; @@ -352,6 +374,35 @@ public class SimpleECCApplet extends Applet { Util.setShort(buffer, bufferOffset, sw); bufferOffset += 2; + // + // 10. Set invalid field + // + buffer[bufferOffset] = ECTEST_SET_INVALIDFIELD; + bufferOffset++; + sw = SW_SKIPPED; + if ((testFlags & FLAG_ECTEST_SET_INVALIDFIELD) != (short) 0) { + if (keyClass == KeyPair.ALG_EC_FP) + sw = ecKeyGenerator.setCustomInvalidCurve(keyClass, keyLen, ECKeyGenerator.KEY_BOTH, EC_Consts.PARAMETER_FP, EC_Consts.CORRUPTION_FULLRANDOM, m_ramArray, (short) 0); + else + sw = ecKeyGenerator.setCustomInvalidCurve(keyClass, keyLen, ECKeyGenerator.KEY_BOTH, EC_Consts.PARAMETER_F2M, EC_Consts.CORRUPTION_FULLRANDOM, m_ramArray, (short) 0); + + if (sw != ISO7816.SW_NO_ERROR) { + testFlags &= ~FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDFIELD; + } + } + Util.setShort(buffer, bufferOffset, sw); + bufferOffset += 2; + + // 11. Generate key with invalid field + buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_INVALIDFIELD; + bufferOffset++; + sw = SW_SKIPPED; + if ((testFlags & FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDFIELD) != (short) 0) { + sw = ecKeyGenerator.generatePair(); + } + Util.setShort(buffer, bufferOffset, sw); + bufferOffset += 2; + return (short) (bufferOffset - baseOffset); } diff --git a/src/simpleapdu/SimpleAPDU.java b/src/simpleapdu/SimpleAPDU.java index 8775217..77478a0 100644 --- a/src/simpleapdu/SimpleAPDU.java +++ b/src/simpleapdu/SimpleAPDU.java @@ -107,9 +107,8 @@ public class SimpleAPDU { } - public static void main(String[] args) throws FileNotFoundException, IOException { - + //parse cli args. Should be replaced with some cli parsing library code in the future. boolean genKeys = false; int genAmount = 0; boolean testAll = false; @@ -120,7 +119,7 @@ public class SimpleAPDU { if (args.length >= i + 1) { try { genAmount = Integer.parseInt(args[i + 1]); - }catch (NumberFormatException ignored) { + }catch (NumberFormatException ignored) { //is another param, genAmount = 0 by default genAmount = 0; } @@ -145,36 +144,21 @@ public class SimpleAPDU { try { if (testAll) { if (cardManager.ConnectToCard()) { - byte[] testAPDU2 = Arrays.copyOf(TESTECSUPPORT_GIVENALG, TESTECSUPPORT_GIVENALG.length); - testAPDU2[TESTECSUPPORT_ALG_OFFSET] = KeyPair.ALG_EC_FP; - setShort(testAPDU2, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 384); - testSupportECGivenAlg(testAPDU2, cardManager); - + // Test all default curves for both fields testSupportECAll(cardManager); - // + // Test setting invalid parameter B of curve byte[] testAPDU = Arrays.copyOf(TESTECSUPPORTALL_FP_KEYGEN_INVALIDCURVEB, TESTECSUPPORTALL_FP_KEYGEN_INVALIDCURVEB.length); - //testFPkeyGen_setCorruptionType(testAPDU, SimpleECCApplet.CORRUPT_B_LASTBYTEINCREMENT); testFPkeyGen_setCorruptionType(testAPDU, EC_Consts.CORRUPTION_ONEBYTERANDOM); - //testFPkeyGen_setCorruptionType(testAPDU, SimpleECCApplet.CORRUPT_B_FULLRANDOM); testFPkeyGen_setNumRepeats(testAPDU, (short) 10); testFPkeyGen_rewindOnSuccess(testAPDU, true); + ReconnnectToCard(); ResponseAPDU resp_fp_keygen = cardManager.sendAPDU(testAPDU); ResponseAPDU resp_keygen_params = cardManager.sendAPDU(TESTECSUPPORTALL_LASTUSEDPARAMS); PrintECKeyGenInvalidCurveB(resp_fp_keygen); PrintECKeyGenInvalidCurveB_lastUserParams(resp_keygen_params); - /* - // Test support for different types of curves - ReconnnectToCard(); - ResponseAPDU resp_fp = cardManager.sendAPDU(TESTECSUPPORTALL_FP); - ReconnnectToCard(); - ResponseAPDU resp_f2m = cardManager.sendAPDU(TESTECSUPPORTALL_F2M); - PrintECSupport(resp_fp); - PrintECSupport(resp_f2m); - */ - cardManager.DisconnectFromCard(); } else { m_SystemOutLogger.println("Failed to connect to card"); @@ -275,9 +259,6 @@ public class SimpleAPDU { if (code == SimpleECCApplet.SW_INVALID_CORRUPTION_TYPE) { codeStr = "SW_INVALID_CORRUPTION_TYPE"; } - if (code == SimpleECCApplet.SW_SIG_LENGTH_MISMATCH) { - codeStr = "SW_SIG_LENGTH_MISMATCH"; - } if (code == SimpleECCApplet.SW_SIG_VERIFY_FAIL) { codeStr = "SW_SIG_VERIFY_FAIL"; } @@ -286,7 +267,7 @@ public class SimpleAPDU { } enum ExpResult { - SHOULD_SUCCEDD, + SHOULD_SUCCEED, MAY_FAIL, MUST_FAIL } @@ -307,7 +288,7 @@ public class SimpleAPDU { if ((expRes == ExpResult.MUST_FAIL) && (resCode == ISO7816.SW_NO_ERROR)) { bHiglight = true; } - if ((expRes == ExpResult.SHOULD_SUCCEDD) && (resCode != ISO7816.SW_NO_ERROR)) { + if ((expRes == ExpResult.SHOULD_SUCCEED) && (resCode != ISO7816.SW_NO_ERROR)) { bHiglight = true; } if (bHiglight) { @@ -341,14 +322,17 @@ public class SimpleAPDU { m_SystemOutLogger.println(String.format("%-53s%d bits", "EC key length (bits):", keyLen)); bufferOffset += 2; - bufferOffset = VerifyPrintResult("KeyPair object allocation:", SimpleECCApplet.ECTEST_ALLOCATE_KEYPAIR, buffer, bufferOffset, ExpResult.SHOULD_SUCCEDD); + bufferOffset = VerifyPrintResult("KeyPair object allocation:", SimpleECCApplet.ECTEST_ALLOCATE_KEYPAIR, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED); bufferOffset = VerifyPrintResult("Generate key with def curve (fails if no def):", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_DEFCURVE, buffer, bufferOffset, ExpResult.MAY_FAIL); - bufferOffset = VerifyPrintResult("Set valid custom curve:", SimpleECCApplet.ECTEST_SET_VALIDCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEDD); - bufferOffset = VerifyPrintResult("Generate key with valid curve:", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEDD); - bufferOffset = VerifyPrintResult("ECDH agreement with valid point:", SimpleECCApplet.ECTEST_ECDH_AGREEMENT_VALID_POINT, buffer, bufferOffset, ExpResult.SHOULD_SUCCEDD); + bufferOffset = VerifyPrintResult("Set valid custom curve:", SimpleECCApplet.ECTEST_SET_VALIDCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED); + bufferOffset = VerifyPrintResult("Generate key with valid curve:", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED); + bufferOffset = VerifyPrintResult("ECDH agreement with valid point:", SimpleECCApplet.ECTEST_ECDH_AGREEMENT_VALID_POINT, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED); bufferOffset = VerifyPrintResult("ECDH agreement with invalid point (fail is good):", SimpleECCApplet.ECTEST_ECDH_AGREEMENT_INVALID_POINT, buffer, bufferOffset, ExpResult.MUST_FAIL); + bufferOffset = VerifyPrintResult("ECDSA signature on random data:", SimpleECCApplet.ECTEST_ECDSA_SIGNATURE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED); bufferOffset = VerifyPrintResult("Set invalid custom curve (may fail):", SimpleECCApplet.ECTEST_SET_INVALIDCURVE, buffer, bufferOffset, ExpResult.MAY_FAIL); bufferOffset = VerifyPrintResult("Generate key with invalid curve (fail is good):", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE, buffer, bufferOffset, ExpResult.MUST_FAIL); + bufferOffset = VerifyPrintResult("Set invalid field (may fail):", SimpleECCApplet.ECTEST_SET_INVALIDFIELD, buffer, bufferOffset, ExpResult.MAY_FAIL); + bufferOffset = VerifyPrintResult("Generate key with invalid field (fail si good):", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_INVALIDFIELD, buffer, bufferOffset, ExpResult.MUST_FAIL); m_SystemOutLogger.println(); } @@ -380,15 +364,15 @@ public class SimpleAPDU { bufferOffset += 2; m_SystemOutLogger.println(String.format("%-53s%d times", "Executed repeats before unexpected error: ", numRepeats)); - bufferOffset = VerifyPrintResult("KeyPair object allocation:", SimpleECCApplet.ECTEST_ALLOCATE_KEYPAIR, buffer, bufferOffset, ExpResult.SHOULD_SUCCEDD); + bufferOffset = VerifyPrintResult("KeyPair object allocation:", SimpleECCApplet.ECTEST_ALLOCATE_KEYPAIR, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED); while (bufferOffset < buffer.length) { - bufferOffset = VerifyPrintResult("Set invalid custom curve:", SimpleECCApplet.ECTEST_SET_INVALIDCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEDD); + bufferOffset = VerifyPrintResult("Set invalid custom curve:", SimpleECCApplet.ECTEST_SET_INVALIDCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED); bufferOffset = VerifyPrintResult("Generate key with invalid curve (fail is good):", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE, buffer, bufferOffset, ExpResult.MUST_FAIL); if (buffer[bufferOffset] == SimpleECCApplet.ECTEST_DH_GENERATESECRET) { bufferOffset = VerifyPrintResult("ECDH agreement with invalid point (fail is good):", SimpleECCApplet.ECTEST_DH_GENERATESECRET, buffer, bufferOffset, ExpResult.MUST_FAIL); } - bufferOffset = VerifyPrintResult("Set valid custom curve:", SimpleECCApplet.ECTEST_SET_VALIDCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEDD); - bufferOffset = VerifyPrintResult("Generate key with valid curve:", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEDD); + bufferOffset = VerifyPrintResult("Set valid custom curve:", SimpleECCApplet.ECTEST_SET_VALIDCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED); + bufferOffset = VerifyPrintResult("Generate key with valid curve:", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED); } m_SystemOutLogger.println(); -- cgit v1.2.3-70-g09d2 From f4b67923063ca35ae1405d701b461bfda0c10515 Mon Sep 17 00:00:00 2001 From: J08nY Date: Mon, 28 Nov 2016 22:34:50 +0100 Subject: Added test for small public key degree in ECDH --- !uploader/simpleECC.cap | Bin 14367 -> 18068 bytes dist/SimpleAPDU.jar | Bin 3071803 -> 3078811 bytes src/applets/ECKeyGenerator.java | 31 +++++++++++++------ src/applets/EC_Consts.java | 50 ++++++++++++++++++++++++------ src/applets/SimpleECCApplet.java | 64 ++++++++++++++++++++++++++++++++++----- src/simpleapdu/SimpleAPDU.java | 19 ++++++++++-- 6 files changed, 134 insertions(+), 30 deletions(-) (limited to 'src/applets/SimpleECCApplet.java') diff --git a/!uploader/simpleECC.cap b/!uploader/simpleECC.cap index 7d019f4..d9c360b 100644 Binary files a/!uploader/simpleECC.cap and b/!uploader/simpleECC.cap differ diff --git a/dist/SimpleAPDU.jar b/dist/SimpleAPDU.jar index 88b4ab9..9bb85ff 100644 Binary files a/dist/SimpleAPDU.jar and b/dist/SimpleAPDU.jar differ diff --git a/src/applets/ECKeyGenerator.java b/src/applets/ECKeyGenerator.java index e9bdfa6..c4b71c0 100644 --- a/src/applets/ECKeyGenerator.java +++ b/src/applets/ECKeyGenerator.java @@ -73,39 +73,39 @@ public class ECKeyGenerator { if (sw != ISO7816.SW_NO_ERROR) return sw; //go through all params - byte param = EC_Consts.PARAMETER_A; - while (param > 0) { + short param = EC_Consts.PARAMETER_A; + while (param <= EC_Consts.PARAMETER_K) { length = EC_Consts.getCurveParameter(curve, param, buffer, offset); sw = setParameter(KEY_BOTH, param, buffer, offset, length); if (sw != ISO7816.SW_NO_ERROR) break; - param = (byte) (param << 1); + param = (short) (param << 1); } return sw; } - public short setCustomInvalidCurve(short keyClass, short keyLength, byte key, byte param, short corruptionType, byte[] buffer, short offset) { + public short setCustomInvalidCurve(short keyClass, short keyLength, byte key, short param, short corruptionType, byte[] buffer, short offset) { return setCustomInvalidCurve(EC_Consts.getCurve(keyClass, keyLength), key, param, corruptionType, buffer, offset); } - public short setCustomInvalidCurve(byte curve, byte key, byte param, short corruptionType, byte[] buffer, short offset) { + public short setCustomInvalidCurve(byte curve, byte key, short param, short corruptionType, byte[] buffer, short offset) { short sw = setCustomCurve(curve, buffer, offset); if (sw != ISO7816.SW_NO_ERROR) return sw; //go through param bit by bit, and invalidate all selected params - byte paramMask = 0x01; - while (paramMask > 0) { - byte masked = (byte) (paramMask & param); + short paramMask = 0x01; + while (paramMask <= EC_Consts.PARAMETER_K) { + short masked = (short) (paramMask & param); if (masked != 0) { short length = EC_Consts.getCorruptCurveParameter(curve, masked, buffer, offset, corruptionType); sw = setParameter(key, masked, buffer, offset, length); if (sw != ISO7816.SW_NO_ERROR) return sw; } - paramMask = (byte) (paramMask << 1); + paramMask = (short) (paramMask << 1); } return sw; } - public short setParameter(byte key, byte param, byte[] data, short offset, short length) { + public short setParameter(byte key, short param, byte[] data, short offset, short length) { short result = ISO7816.SW_NO_ERROR; try { switch (param) { @@ -160,6 +160,12 @@ public class ECKeyGenerator { } break; } + case EC_Consts.PARAMETER_S: + if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setS(data, offset, length); + break; + case EC_Consts.PARAMETER_W: + if ((key & KEY_PUBLIC) != 0) ecPublicKey.setW(data, offset, length); + break; default: { ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); } @@ -237,6 +243,11 @@ public class ECKeyGenerator { if ((key & KEY_PRIVATE) != 0) Util.setShort(outputBuffer, outputOffset, ecPrivateKey.getK()); length = 2; break; + case EC_Consts.PARAMETER_S: + if ((key & KEY_PRIVATE) != 0) length = ecPrivateKey.getS(outputBuffer, outputOffset); + break; + case EC_Consts.PARAMETER_W: + if ((key & KEY_PUBLIC) != 0) length = ecPublicKey.getW(outputBuffer, outputOffset); default: ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); } diff --git a/src/applets/EC_Consts.java b/src/applets/EC_Consts.java index 24d854c..bcf2b14 100644 --- a/src/applets/EC_Consts.java +++ b/src/applets/EC_Consts.java @@ -21,14 +21,16 @@ public class EC_Consts { private static byte[] EC_F2M_F2M = null; //[short i1, short i2, short i3], f = x^m + x^i1 + x^i2 + x^i3 + 1 - public static final byte PARAMETER_FP = 0x01; - public static final byte PARAMETER_F2M = 0x02; + public static final short PARAMETER_FP = 0x0001; + public static final short PARAMETER_F2M = 0x0002; - public static final byte PARAMETER_A = 0x04; - public static final byte PARAMETER_B = 0x08; - public static final byte PARAMETER_G = 0x10; - public static final byte PARAMETER_R = 0x20; - public static final byte PARAMETER_K = 0x40; + public static final short PARAMETER_A = 0x0004; + public static final short PARAMETER_B = 0x0008; + public static final short PARAMETER_G = 0x0010; + public static final short PARAMETER_R = 0x0020; + public static final short PARAMETER_K = 0x0040; + public static final short PARAMETER_S = 0x0080; + public static final short PARAMETER_W = 0x0100; public static RandomData m_random = null; @@ -1658,10 +1660,38 @@ public class EC_Consts { } else { ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); } - return 0; //will not be reached + return 0; } - public static short getCurveParameter(byte curve, byte param, byte[] outputBuffer, short outputOffset) { + public static byte getAnomalousCurve(short keyClass, short keyLength) { + if (keyClass == KeyPair.ALG_EC_FP) { + switch (keyLength) { + case (short) 128: + return CURVE_sp128; + case (short) 160: + return CURVE_sp160; + case (short) 192: + return CURVE_sp192; + case (short) 224: + return CURVE_sp224; + case (short) 256: + return CURVE_sp256; + case (short) 384: + return CURVE_sp384; + case (short) 521: + return CURVE_sp521; + default: + ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); + } + } else if (keyClass == KeyPair.ALG_EC_F2M) { + return 0; + } else { + ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); + } + return 0; + } + + public static short getCurveParameter(byte curve, short param, byte[] outputBuffer, short outputOffset) { byte alg = getCurveType(curve); switch (curve) { case CURVE_secp128r1: { @@ -1905,7 +1935,7 @@ public class EC_Consts { return length; } - public static short getCorruptCurveParameter(byte curve, byte param, byte[] outputBuffer, short outputOffset, short corruptionType) { + public static short getCorruptCurveParameter(byte curve, short param, byte[] outputBuffer, short outputOffset, short corruptionType) { short length = getCurveParameter(curve, param, outputBuffer, outputOffset); if (length <= 0) { return length; diff --git a/src/applets/SimpleECCApplet.java b/src/applets/SimpleECCApplet.java index 9901aee..8cc4237 100644 --- a/src/applets/SimpleECCApplet.java +++ b/src/applets/SimpleECCApplet.java @@ -53,8 +53,11 @@ public class SimpleECCApplet extends Applet { public final static byte ECTEST_SET_EXTERNALCURVE = (byte) 0xcb; public final static byte ECTEST_GENERATE_KEYPAIR_EXTERNALCURVE = (byte) 0xcc; public final static byte ECTEST_ECDSA_SIGNATURE = (byte) 0xcd; - public final static byte ECTEST_SET_INVALIDFIELD = (byte) 0xce; - public final static byte ECTEST_GENERATE_KEYPAIR_INVALIDFIELD = (byte) 0xcf; + public final static byte ECTEST_SET_ANOMALOUSCURVE = (byte) 0xce; + public final static byte ECTEST_GENERATE_KEYPAIR_ANOMALOUSCURVE = (byte) 0xcf; + public final static byte ECTEST_ECDH_AGREEMENT_SMALL_DEGREE_POINT = (byte) 0xd0; + public final static byte ECTEST_SET_INVALIDFIELD = (byte) 0xd1; + public final static byte ECTEST_GENERATE_KEYPAIR_INVALIDFIELD = (byte) 0xd2; public final static short FLAG_ECTEST_ALLOCATE_KEYPAIR = (short) 0x0001; public final static short FLAG_ECTEST_GENERATE_KEYPAIR_DEFCURVE = (short) 0x0002; @@ -65,8 +68,11 @@ public class SimpleECCApplet extends Applet { public final static short FLAG_ECTEST_ECDH_AGREEMENT_VALID_POINT = (short) 0x0040; public final static short FLAG_ECTEST_ECDH_AGREEMENT_INVALID_POINT = (short) 0x0080; public final static short FLAG_ECTEST_ECDSA_SIGNATURE = (short) 0x0100; - public final static short FLAG_ECTEST_SET_INVALIDFIELD = (short) 0x0200; - public final static short FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDFIELD = (short) 0x0400; + public final static short FLAG_ECTEST_SET_ANOMALOUSCURVE = (short) 0x0200; + public final static short FLAG_ECTEST_GENERATE_KEYPAIR_ANOMALOUSCUVE = (short) 0x0400; + public final static short FLAG_ECTEST_ECDH_AGREEMENT_SMALL_DEGREE_POINT = (short) 0x0800; + public final static short FLAG_ECTEST_SET_INVALIDFIELD = (short) 0x1000; + public final static short FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDFIELD = (short) 0x2000; public final static short FLAG_ECTEST_ALL = (short) 0xffff; @@ -341,13 +347,55 @@ public class SimpleECCApplet extends Applet { if (sw == ISO7816.SW_NO_ERROR) { sw = ecKeyTester.testECDSA(ecPrivKey, ecPubKey, m_ramArray2, (short) 0, (short) m_ramArray2.length, m_ramArray, (short) 0); } + } + Util.setShort(buffer, bufferOffset, sw); + bufferOffset += 2; + + // + // 8. Set anomalous custom curve + // + buffer[bufferOffset] = ECTEST_SET_ANOMALOUSCURVE; + bufferOffset++; + sw = SW_SKIPPED; + if ((testFlags & FLAG_ECTEST_SET_ANOMALOUSCURVE) != (short) 0) { + sw = ecKeyGenerator.setCustomCurve(EC_Consts.getAnomalousCurve(keyClass, keyLen), m_ramArray, (short) 0); + if (sw != ISO7816.SW_NO_ERROR) { + testFlags &= ~FLAG_ECTEST_GENERATE_KEYPAIR_ANOMALOUSCUVE; + } + } + Util.setShort(buffer, bufferOffset, sw); + bufferOffset += 2; + + // + // 9. Generate keypair with anomalous custom curve + // + + buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_ANOMALOUSCURVE; + bufferOffset++; + sw = SW_SKIPPED; + if ((testFlags & FLAG_ECTEST_GENERATE_KEYPAIR_ANOMALOUSCUVE) != (short) 0) { + sw = ecKeyGenerator.generatePair(); + } + Util.setShort(buffer, bufferOffset, sw); + bufferOffset += 2; + // + // 10. Test small degree pubkey + // + + buffer[bufferOffset] = ECTEST_ECDH_AGREEMENT_SMALL_DEGREE_POINT; + bufferOffset++; + sw = SW_SKIPPED; + if ((testFlags & FLAG_ECTEST_ECDH_AGREEMENT_SMALL_DEGREE_POINT) != (short) 0) { + ecPubKey = ecKeyGenerator.getPublicKey(); + ecPrivKey = ecKeyGenerator.getPrivateKey(); + sw = ecKeyTester.testECDH_validPoint(ecPrivKey, ecPubKey, m_ramArray, (short) 0, m_ramArray2, (short) 1); } Util.setShort(buffer, bufferOffset, sw); bufferOffset += 2; // - // 8. Set invalid custom curve + // 11. Set invalid custom curve // buffer[bufferOffset] = ECTEST_SET_INVALIDCURVE; bufferOffset++; @@ -363,7 +411,7 @@ public class SimpleECCApplet extends Applet { bufferOffset += 2; // - // 9. Generate keypair with invalid custom curve + // 12. Generate keypair with invalid custom curve // buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE; bufferOffset++; @@ -375,7 +423,7 @@ public class SimpleECCApplet extends Applet { bufferOffset += 2; // - // 10. Set invalid field + // 13. Set invalid field // buffer[bufferOffset] = ECTEST_SET_INVALIDFIELD; bufferOffset++; @@ -393,7 +441,7 @@ public class SimpleECCApplet extends Applet { Util.setShort(buffer, bufferOffset, sw); bufferOffset += 2; - // 11. Generate key with invalid field + // 14. Generate key with invalid field buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_INVALIDFIELD; bufferOffset++; sw = SW_SKIPPED; diff --git a/src/simpleapdu/SimpleAPDU.java b/src/simpleapdu/SimpleAPDU.java index 77478a0..44bf302 100644 --- a/src/simpleapdu/SimpleAPDU.java +++ b/src/simpleapdu/SimpleAPDU.java @@ -5,6 +5,7 @@ import applets.SimpleECCApplet; import javacard.framework.ISO7816; import javacard.security.CryptoException; import javacard.security.KeyPair; +import sun.java2d.pipe.SpanShapeRenderer; import javax.smartcardio.ResponseAPDU; import java.io.FileNotFoundException; @@ -73,6 +74,7 @@ public class SimpleAPDU { static void testSupportECGivenAlg(byte[] apdu, CardMngr cardManager) throws Exception { ReconnnectToCard(); ResponseAPDU resp = cardManager.sendAPDU(apdu); + //byte[] resp = cardManager.sendAPDUSimulator(apdu); PrintECSupport(resp); } @@ -143,7 +145,11 @@ public class SimpleAPDU { try { if (testAll) { + //byte[] installData = new byte[10]; + //byte[] AID = {(byte) 0x4C, (byte) 0x61, (byte) 0x62, (byte) 0x61, (byte) 0x6B, (byte) 0x41, (byte) 0x70, (byte) 0x70, (byte) 0x6C, (byte) 0x65, (byte) 0x74}; + //cardManager.prepareLocalSimulatorApplet(AID, installData, SimpleECCApplet.class); if (cardManager.ConnectToCard()) { + // Test all default curves for both fields testSupportECAll(cardManager); @@ -301,7 +307,10 @@ public class SimpleAPDU { } static void PrintECSupport(ResponseAPDU resp) { - byte[] buffer = resp.getData(); + PrintECSupport(resp.getData()); + } + + static void PrintECSupport(byte[] buffer) { m_SystemOutLogger.println(); m_SystemOutLogger.println("### Test for support and with valid and invalid EC curves"); @@ -329,6 +338,9 @@ public class SimpleAPDU { bufferOffset = VerifyPrintResult("ECDH agreement with valid point:", SimpleECCApplet.ECTEST_ECDH_AGREEMENT_VALID_POINT, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED); bufferOffset = VerifyPrintResult("ECDH agreement with invalid point (fail is good):", SimpleECCApplet.ECTEST_ECDH_AGREEMENT_INVALID_POINT, buffer, bufferOffset, ExpResult.MUST_FAIL); bufferOffset = VerifyPrintResult("ECDSA signature on random data:", SimpleECCApplet.ECTEST_ECDSA_SIGNATURE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED); + bufferOffset = VerifyPrintResult("Set anomalous custom curve (may fail):", SimpleECCApplet.ECTEST_SET_ANOMALOUSCURVE, buffer, bufferOffset, ExpResult.MAY_FAIL); + bufferOffset = VerifyPrintResult("Generate key with anomalous curve (may fail):", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_ANOMALOUSCURVE, buffer, bufferOffset, ExpResult.MAY_FAIL); + bufferOffset = VerifyPrintResult("ECDH agreement with small order point (fail is good):", SimpleECCApplet.ECTEST_ECDH_AGREEMENT_SMALL_DEGREE_POINT, buffer, bufferOffset, ExpResult.MUST_FAIL); bufferOffset = VerifyPrintResult("Set invalid custom curve (may fail):", SimpleECCApplet.ECTEST_SET_INVALIDCURVE, buffer, bufferOffset, ExpResult.MAY_FAIL); bufferOffset = VerifyPrintResult("Generate key with invalid curve (fail is good):", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE, buffer, bufferOffset, ExpResult.MUST_FAIL); bufferOffset = VerifyPrintResult("Set invalid field (may fail):", SimpleECCApplet.ECTEST_SET_INVALIDFIELD, buffer, bufferOffset, ExpResult.MAY_FAIL); @@ -339,7 +351,10 @@ public class SimpleAPDU { } static void PrintECKeyGenInvalidCurveB(ResponseAPDU resp) { - byte[] buffer = resp.getData(); + PrintECKeyGenInvalidCurveB(resp.getData()); + } + + static void PrintECKeyGenInvalidCurveB(byte[] buffer) { m_SystemOutLogger.println(); m_SystemOutLogger.println("### Test for computation with invalid parameter B for EC curve"); -- cgit v1.2.3-70-g09d2 From 022f37b399583053fc256b9fcab397f828309ebf Mon Sep 17 00:00:00 2001 From: J08nY Date: Mon, 28 Nov 2016 23:21:25 +0100 Subject: fixed small pubkey order test, this times out on some cards(SCARD_E_NOT_TRANSACTED) yet some cards run fine and report illegal value. --- src/applets/EC_Consts.java | 67 ++++++++++++++++++++++------------------ src/applets/SimpleECCApplet.java | 15 +++++---- 2 files changed, 46 insertions(+), 36 deletions(-) (limited to 'src/applets/SimpleECCApplet.java') diff --git a/src/applets/EC_Consts.java b/src/applets/EC_Consts.java index bcf2b14..49eb59f 100644 --- a/src/applets/EC_Consts.java +++ b/src/applets/EC_Consts.java @@ -16,8 +16,9 @@ public class EC_Consts { private static byte[] EC_R = null; //n private static short EC_K = 1; //h - private static byte[] EC_P_X = null; //Pubkey[x,y] - private static byte[] EC_P_Y = null; + private static byte[] EC_W_X = null; //Pubkey[x,y] + private static byte[] EC_W_Y = null; + private static byte[] EC_S = null; //Private private static byte[] EC_F2M_F2M = null; //[short i1, short i2, short i3], f = x^m + x^i1 + x^i2 + x^i3 + 1 @@ -962,14 +963,14 @@ public class EC_Consts { public static final short ECSP128_FP_K = 1; - public static final byte[] ECSP128_FP_P_X = { + public static final byte[] ECSP128_FP_W_X = { (byte) 0x63, (byte) 0x90, (byte) 0x1e, (byte) 0x12, (byte) 0x27, (byte) 0x61, (byte) 0xd9, (byte) 0xc1, (byte) 0x65, (byte) 0x65, (byte) 0xb2, (byte) 0xf3, (byte) 0x8e, (byte) 0x99, (byte) 0x1f, (byte) 0x71 }; - public static final byte[] ECSP128_FP_P_Y = { + public static final byte[] ECSP128_FP_W_Y = { (byte) 0xb9, (byte) 0xd9, (byte) 0x9f, (byte) 0xbc, (byte) 0x31, (byte) 0x54, (byte) 0xa9, (byte) 0x6c, (byte) 0xa2, (byte) 0x3e, (byte) 0xcf, (byte) 0xf7, @@ -1028,7 +1029,7 @@ public class EC_Consts { public static final short ECSP160_FP_K = 1; - public static final byte[] ECSP160_FP_P_X = { + public static final byte[] ECSP160_FP_W_X = { (byte) 0x59, (byte) 0xc9, (byte) 0xc3, (byte) 0xc8, (byte) 0xae, (byte) 0xf2, (byte) 0x9f, (byte) 0x1c, (byte) 0x1c, (byte) 0x50, (byte) 0x0c, (byte) 0xaf, @@ -1036,7 +1037,7 @@ public class EC_Consts { (byte) 0x08, (byte) 0x6e, (byte) 0x6e, (byte) 0xb0 }; - public static final byte[] ECSP160_FP_P_Y = { + public static final byte[] ECSP160_FP_W_Y = { (byte) 0xd6, (byte) 0x95, (byte) 0xa7, (byte) 0x60, (byte) 0x05, (byte) 0xed, (byte) 0xdb, (byte) 0x26, (byte) 0xaf, (byte) 0xd4, (byte) 0x0e, (byte) 0xe2, @@ -1102,7 +1103,7 @@ public class EC_Consts { public static final short ECSP192_FP_K = 1; - public static final byte[] ECSP192_FP_P_X = { + public static final byte[] ECSP192_FP_W_X = { (byte) 0xaa, (byte) 0xd0, (byte) 0xdb, (byte) 0xf8, (byte) 0xad, (byte) 0x1c, (byte) 0x2c, (byte) 0x4e, (byte) 0xf0, (byte) 0x67, (byte) 0xda, (byte) 0x63, @@ -1111,7 +1112,7 @@ public class EC_Consts { (byte) 0xb7, (byte) 0x7a, (byte) 0x59, (byte) 0x9c }; - public static final byte[] ECSP192_FP_P_Y = { + public static final byte[] ECSP192_FP_W_Y = { (byte) 0xae, (byte) 0x28, (byte) 0xd7, (byte) 0xea, (byte) 0xde, (byte) 0xba, (byte) 0x10, (byte) 0x48, (byte) 0x40, (byte) 0x64, (byte) 0x0d, (byte) 0x9b, @@ -1184,7 +1185,7 @@ public class EC_Consts { public static final short ECSP224_FP_K = 1; - public static final byte[] ECSP224_FP_P_X = { + public static final byte[] ECSP224_FP_W_X = { (byte) 0xcf, (byte) 0xd9, (byte) 0x2a, (byte) 0xea, (byte) 0x0f, (byte) 0x79, (byte) 0x19, (byte) 0x0c, (byte) 0x48, (byte) 0xca, (byte) 0x70, (byte) 0x3e, @@ -1194,7 +1195,7 @@ public class EC_Consts { (byte) 0xfe, (byte) 0x4d, (byte) 0x0f, (byte) 0x04 }; - public static final byte[] ECSP224_FP_P_Y = { + public static final byte[] ECSP224_FP_W_Y = { (byte) 0x25, (byte) 0x7a, (byte) 0x3d, (byte) 0x98, (byte) 0xde, (byte) 0x44, (byte) 0xbd, (byte) 0x25, (byte) 0x40, (byte) 0x49, (byte) 0x77, (byte) 0xa4, @@ -1274,7 +1275,7 @@ public class EC_Consts { public static final short ECSP256_FP_K = 1; - public static final byte[] ECSP256_FP_P_X = { + public static final byte[] ECSP256_FP_W_X = { (byte) 0x75, (byte) 0xfc, (byte) 0xe7, (byte) 0x09, (byte) 0x68, (byte) 0x86, (byte) 0x2d, (byte) 0x53, (byte) 0xe2, (byte) 0x95, (byte) 0x48, (byte) 0xaa, @@ -1285,7 +1286,7 @@ public class EC_Consts { (byte) 0xf8, (byte) 0xda, (byte) 0xd6, (byte) 0x53 }; - public static final byte[] ECSP256_FP_P_Y = { + public static final byte[] ECSP256_FP_W_Y = { (byte) 0x55, (byte) 0xaa, (byte) 0x4b, (byte) 0x7d, (byte) 0x38, (byte) 0x82, (byte) 0xfb, (byte) 0x0a, (byte) 0x83, (byte) 0xbd, (byte) 0x00, (byte) 0xc9, @@ -1390,7 +1391,7 @@ public class EC_Consts { public static final short ECSP384_FP_K = 1; - public static final byte[] ECSP384_FP_P_X = { + public static final byte[] ECSP384_FP_W_X = { (byte) 0xa4, (byte) 0xbd, (byte) 0x57, (byte) 0x5b, (byte) 0xf2, (byte) 0x03, (byte) 0x00, (byte) 0xb0, (byte) 0xcf, (byte) 0x8a, (byte) 0x2f, (byte) 0x41, @@ -1405,7 +1406,7 @@ public class EC_Consts { (byte) 0x34, (byte) 0x83, (byte) 0x4e, (byte) 0xf1 }; - public static final byte[] ECSP384_FP_P_Y = { + public static final byte[] ECSP384_FP_W_Y = { (byte) 0x38, (byte) 0xd5, (byte) 0x1c, (byte) 0x8f, (byte) 0x9e, (byte) 0x90, (byte) 0x59, (byte) 0x2f, (byte) 0x56, (byte) 0x7e, (byte) 0x81, (byte) 0xd0, @@ -1544,7 +1545,7 @@ public class EC_Consts { public static final short ECSP521_FP_K = 1; - public static final byte[] ECSP521_FP_P_X = { + public static final byte[] ECSP521_FP_W_X = { (byte) 0xfc, (byte) 0xcf, (byte) 0x5c, (byte) 0x11, (byte) 0x3b, (byte) 0xec, (byte) 0x94, (byte) 0x61, (byte) 0xdb, (byte) 0x3e, (byte) 0x56, (byte) 0x73, @@ -1564,7 +1565,7 @@ public class EC_Consts { (byte) 0xde }; - public static final byte[] ECSP521_FP_P_Y = { + public static final byte[] ECSP521_FP_W_Y = { (byte) 0xc3, (byte) 0x6d, (byte) 0x08, (byte) 0x8f, (byte) 0xc2, (byte) 0xfe, (byte) 0x3b, (byte) 0x42, (byte) 0x90, (byte) 0x7b, (byte) 0xbf, (byte) 0x8a, @@ -1822,8 +1823,8 @@ public class EC_Consts { EC_G_Y = ECSP128_FP_G_Y; EC_R = ECSP128_FP_R; EC_K = ECSP128_FP_K; - EC_P_X = ECSP128_FP_P_X; - EC_P_Y = ECSP128_FP_P_Y; + EC_W_X = ECSP128_FP_W_X; + EC_W_Y = ECSP128_FP_W_Y; break; } case CURVE_sp160: { @@ -1834,8 +1835,8 @@ public class EC_Consts { EC_G_Y = ECSP160_FP_G_Y; EC_R = ECSP160_FP_R; EC_K = ECSP160_FP_K; - EC_P_X = ECSP160_FP_P_X; - EC_P_Y = ECSP160_FP_P_Y; + EC_W_X = ECSP160_FP_W_X; + EC_W_Y = ECSP160_FP_W_Y; break; } case CURVE_sp192: { @@ -1846,8 +1847,8 @@ public class EC_Consts { EC_G_Y = ECSP192_FP_G_Y; EC_R = ECSP192_FP_R; EC_K = ECSP192_FP_K; - EC_P_X = ECSP192_FP_P_X; - EC_P_Y = ECSP192_FP_P_Y; + EC_W_X = ECSP192_FP_W_X; + EC_W_Y = ECSP192_FP_W_Y; break; } case CURVE_sp224: { @@ -1858,8 +1859,8 @@ public class EC_Consts { EC_G_Y = ECSP224_FP_G_Y; EC_R = ECSP224_FP_R; EC_K = ECSP224_FP_K; - EC_P_X = ECSP224_FP_P_X; - EC_P_Y = ECSP224_FP_P_Y; + EC_W_X = ECSP224_FP_W_X; + EC_W_Y = ECSP224_FP_W_Y; break; } case CURVE_sp256: { @@ -1870,8 +1871,8 @@ public class EC_Consts { EC_G_Y = ECSP256_FP_G_Y; EC_R = ECSP256_FP_R; EC_K = ECSP256_FP_K; - EC_P_X = ECSP256_FP_P_X; - EC_P_Y = ECSP256_FP_P_Y; + EC_W_X = ECSP256_FP_W_X; + EC_W_Y = ECSP256_FP_W_Y; break; } case CURVE_sp384: { @@ -1882,8 +1883,8 @@ public class EC_Consts { EC_G_Y = ECSP384_FP_G_Y; EC_R = ECSP384_FP_R; EC_K = ECSP384_FP_K; - EC_P_X = ECSP384_FP_P_X; - EC_P_Y = ECSP384_FP_P_Y; + EC_W_X = ECSP384_FP_W_X; + EC_W_Y = ECSP384_FP_W_Y; break; } case CURVE_sp521: { @@ -1894,8 +1895,8 @@ public class EC_Consts { EC_G_Y = ECSP521_FP_G_Y; EC_R = ECSP521_FP_R; EC_K = ECSP521_FP_K; - EC_P_X = ECSP521_FP_P_X; - EC_P_Y = ECSP521_FP_P_Y; + EC_W_X = ECSP521_FP_W_X; + EC_W_Y = ECSP521_FP_W_Y; break; } default: @@ -1929,6 +1930,12 @@ public class EC_Consts { length = 2; Util.setShort(outputBuffer, outputOffset, EC_K); break; + case PARAMETER_W: + length = toX962(outputBuffer, outputOffset, EC_W_X, (short) 0, (short) EC_W_X.length, EC_W_Y, (short) 0, (short) EC_W_Y.length); + break; + case PARAMETER_S: + length = Util.arrayCopyNonAtomic(EC_S, (short) 0, outputBuffer, outputOffset, (short) EC_S.length); + break; default: ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); } diff --git a/src/applets/SimpleECCApplet.java b/src/applets/SimpleECCApplet.java index 8cc4237..8043153 100644 --- a/src/applets/SimpleECCApplet.java +++ b/src/applets/SimpleECCApplet.java @@ -308,9 +308,9 @@ public class SimpleECCApplet extends Applet { sw = SW_SKIPPED; if ((testFlags & FLAG_ECTEST_ECDH_AGREEMENT_VALID_POINT) != (short) 0) { sw = ecKeyGenerator.generatePair(); - ecPubKey = ecKeyGenerator.getPublicKey(); - ecPrivKey = ecKeyGenerator.getPrivateKey(); if (sw == ISO7816.SW_NO_ERROR) { + ecPubKey = ecKeyGenerator.getPublicKey(); + ecPrivKey = ecKeyGenerator.getPrivateKey(); sw = ecKeyTester.testECDH_validPoint(ecPrivKey, ecPubKey, m_ramArray, (short) 0, m_ramArray2, (short) 0); } } @@ -325,9 +325,9 @@ public class SimpleECCApplet extends Applet { sw = SW_SKIPPED; if ((testFlags & FLAG_ECTEST_ECDH_AGREEMENT_INVALID_POINT) != (short) 0) { sw = ecKeyGenerator.generatePair(); - ecPubKey = ecKeyGenerator.getPublicKey(); - ecPrivKey = ecKeyGenerator.getPrivateKey(); if (sw == ISO7816.SW_NO_ERROR) { + ecPubKey = ecKeyGenerator.getPublicKey(); + ecPrivKey = ecKeyGenerator.getPrivateKey(); sw = ecKeyTester.testECDH_invalidPoint(ecPrivKey, ecPubKey, m_ramArray, (short) 0, m_ramArray2, (short) 1); } } @@ -342,9 +342,9 @@ public class SimpleECCApplet extends Applet { sw = SW_SKIPPED; if ((testFlags & FLAG_ECTEST_ECDSA_SIGNATURE) != (short) 0) { sw = ecKeyGenerator.generatePair(); - ecPubKey = ecKeyGenerator.getPublicKey(); - ecPrivKey = ecKeyGenerator.getPrivateKey(); if (sw == ISO7816.SW_NO_ERROR) { + ecPubKey = ecKeyGenerator.getPublicKey(); + ecPrivKey = ecKeyGenerator.getPrivateKey(); sw = ecKeyTester.testECDSA(ecPrivKey, ecPubKey, m_ramArray2, (short) 0, (short) m_ramArray2.length, m_ramArray, (short) 0); } } @@ -387,6 +387,9 @@ public class SimpleECCApplet extends Applet { bufferOffset++; sw = SW_SKIPPED; if ((testFlags & FLAG_ECTEST_ECDH_AGREEMENT_SMALL_DEGREE_POINT) != (short) 0) { + //TODO: this needs refactor, just quickly to see if it works + short pubLength = EC_Consts.getCurveParameter(EC_Consts.getAnomalousCurve(keyClass,keyLen), EC_Consts.PARAMETER_W, m_ramArray, (short) 0); + ecKeyGenerator.setParameter(ECKeyGenerator.KEY_PUBLIC, EC_Consts.PARAMETER_W, m_ramArray, (short)0, pubLength); ecPubKey = ecKeyGenerator.getPublicKey(); ecPrivKey = ecKeyGenerator.getPrivateKey(); sw = ecKeyTester.testECDH_validPoint(ecPrivKey, ecPubKey, m_ramArray, (short) 0, m_ramArray2, (short) 1); -- cgit v1.2.3-70-g09d2 From 2a455c2a12f69d5dc81d2b1f78db011e92d7f754 Mon Sep 17 00:00:00 2001 From: J08nY Date: Wed, 30 Nov 2016 00:23:29 +0100 Subject: Fixed small-pub degree test, still crashes most cards. --- !uploader/simpleECC.cap | Bin 18068 -> 18215 bytes dist/SimpleAPDU.jar | Bin 3078811 -> 3078963 bytes src/applets/ECKeyTester.java | 22 +++++++++++++--------- src/applets/SimpleECCApplet.java | 12 +++++++----- 4 files changed, 20 insertions(+), 14 deletions(-) (limited to 'src/applets/SimpleECCApplet.java') diff --git a/!uploader/simpleECC.cap b/!uploader/simpleECC.cap index d9c360b..e76168c 100644 Binary files a/!uploader/simpleECC.cap and b/!uploader/simpleECC.cap differ diff --git a/dist/SimpleAPDU.jar b/dist/SimpleAPDU.jar index 9bb85ff..09b7e73 100644 Binary files a/dist/SimpleAPDU.jar and b/dist/SimpleAPDU.jar differ diff --git a/src/applets/ECKeyTester.java b/src/applets/ECKeyTester.java index acfb64e..9dd0fd5 100644 --- a/src/applets/ECKeyTester.java +++ b/src/applets/ECKeyTester.java @@ -49,7 +49,7 @@ public class ECKeyTester { return result; } - private short testDH(KeyAgreement ka, ECPrivateKey privateKey, byte[] pubkeyBuffer, short pubkeyOffset, short pubkeyLength, byte[] outputBuffer, short outputOffset) { + private short testKA(KeyAgreement ka, ECPrivateKey privateKey, byte[] pubkeyBuffer, short pubkeyOffset, short pubkeyLength, byte[] outputBuffer, short outputOffset) { short result = ISO7816.SW_NO_ERROR; try { ka.init(privateKey); @@ -64,19 +64,23 @@ public class ECKeyTester { return result; } - private short testDH_validPoint(KeyAgreement ka, ECPrivateKey privateKey, byte[] pubkeyBuffer, short pubkeyOffset, short pubkeyLength, byte[] outputBuffer, short outputOffset) { - return testDH(ka, privateKey, pubkeyBuffer, pubkeyOffset, pubkeyLength, outputBuffer, outputOffset); + private short testKA_validPoint(KeyAgreement ka, ECPrivateKey privateKey, byte[] pubkeyBuffer, short pubkeyOffset, short pubkeyLength, byte[] outputBuffer, short outputOffset) { + return testKA(ka, privateKey, pubkeyBuffer, pubkeyOffset, pubkeyLength, outputBuffer, outputOffset); } - private short testDH_invalidPoint(KeyAgreement ka, ECPrivateKey privateKey, byte[] pubkeyBuffer, short pubkeyOffset, short pubkeyLength, byte[] outputBuffer, short outputOffset) { + private short testKA_invalidPoint(KeyAgreement ka, ECPrivateKey privateKey, byte[] pubkeyBuffer, short pubkeyOffset, short pubkeyLength, byte[] outputBuffer, short outputOffset) { pubkeyBuffer[(short)(pubkeyLength - 2)] += 0xcc; pubkeyBuffer[(short)(pubkeyLength - 3)] += 0xcc; - short result = testDH(ka, privateKey, pubkeyBuffer, pubkeyOffset, pubkeyLength, outputBuffer, outputOffset); + short result = testKA(ka, privateKey, pubkeyBuffer, pubkeyOffset, pubkeyLength, outputBuffer, outputOffset); pubkeyBuffer[(short)(pubkeyLength - 2)] -= 0xcc; pubkeyBuffer[(short)(pubkeyLength - 3)] -= 0xcc; return result; } + public short testECDH(ECPrivateKey privateKey, byte[] pubkeyBuffer, short pubkeyOffset, short pubkeyLength, byte[] outputBuffer, short outputOffset) { + return testKA(ecdhKeyAgreement, privateKey, pubkeyBuffer, pubkeyOffset, pubkeyLength, outputBuffer, outputOffset); + } + /** * Tests ECDH secret generation with given {@code privateKey} and {@code publicKey}. * Uses {@code pubkeyBuffer} at {@code pubkeyOffset} for computations. @@ -92,12 +96,12 @@ public class ECKeyTester { **/ public short testECDH_validPoint(ECPrivateKey privateKey, ECPublicKey publicKey, byte[] pubkeyBuffer, short pubkeyOffset, byte[] outputBuffer, short outputOffset) { short length = publicKey.getW(pubkeyBuffer, pubkeyOffset); - return testDH_validPoint(ecdhKeyAgreement, privateKey, pubkeyBuffer, pubkeyOffset, length, outputBuffer, outputOffset); + return testKA_validPoint(ecdhKeyAgreement, privateKey, pubkeyBuffer, pubkeyOffset, length, outputBuffer, outputOffset); } public short testECDH_invalidPoint(ECPrivateKey privateKey, ECPublicKey publicKey, byte[] pubkeyBuffer, short pubkeyOffset, byte[] outputBuffer, short outputOffset) { short length = publicKey.getW(pubkeyBuffer, pubkeyOffset); - return testDH_invalidPoint(ecdhKeyAgreement, privateKey, pubkeyBuffer, pubkeyOffset, length, outputBuffer, outputOffset); + return testKA_invalidPoint(ecdhKeyAgreement, privateKey, pubkeyBuffer, pubkeyOffset, length, outputBuffer, outputOffset); } @@ -116,12 +120,12 @@ public class ECKeyTester { */ public short testECDHC_validPoint(ECPrivateKey privateKey, ECPublicKey publicKey, byte[] pubkeyBuffer, short pubkeyOffset, byte[] outputBuffer, short outputOffset) { short length = publicKey.getW(pubkeyBuffer, pubkeyOffset); - return testDH_validPoint(ecdhcKeyAgreement, privateKey, pubkeyBuffer, pubkeyOffset, length, outputBuffer, outputOffset); + return testKA_validPoint(ecdhcKeyAgreement, privateKey, pubkeyBuffer, pubkeyOffset, length, outputBuffer, outputOffset); } public short testECDHC_invalidPoint(ECPrivateKey privateKey, ECPublicKey publicKey, byte[] pubkeyBuffer, short pubkeyOffset, byte[] outputBuffer, short outputOffset) { short length = publicKey.getW(pubkeyBuffer, pubkeyOffset); - return testDH_invalidPoint(ecdhcKeyAgreement, privateKey, pubkeyBuffer, pubkeyOffset, length, outputBuffer, outputOffset); + return testKA_invalidPoint(ecdhcKeyAgreement, privateKey, pubkeyBuffer, pubkeyOffset, length, outputBuffer, outputOffset); } /** diff --git a/src/applets/SimpleECCApplet.java b/src/applets/SimpleECCApplet.java index 8043153..d653c10 100644 --- a/src/applets/SimpleECCApplet.java +++ b/src/applets/SimpleECCApplet.java @@ -358,7 +358,9 @@ public class SimpleECCApplet extends Applet { bufferOffset++; sw = SW_SKIPPED; if ((testFlags & FLAG_ECTEST_SET_ANOMALOUSCURVE) != (short) 0) { - sw = ecKeyGenerator.setCustomCurve(EC_Consts.getAnomalousCurve(keyClass, keyLen), m_ramArray, (short) 0); + if (keyClass == KeyPair.ALG_EC_FP) { //Only FP supported at the moment + sw = ecKeyGenerator.setCustomCurve(EC_Consts.getAnomalousCurve(keyClass, keyLen), m_ramArray, (short) 0); + } if (sw != ISO7816.SW_NO_ERROR) { testFlags &= ~FLAG_ECTEST_GENERATE_KEYPAIR_ANOMALOUSCUVE; } @@ -375,6 +377,9 @@ public class SimpleECCApplet extends Applet { sw = SW_SKIPPED; if ((testFlags & FLAG_ECTEST_GENERATE_KEYPAIR_ANOMALOUSCUVE) != (short) 0) { sw = ecKeyGenerator.generatePair(); + if (sw != ISO7816.SW_NO_ERROR) { + testFlags &= ~FLAG_ECTEST_ECDH_AGREEMENT_SMALL_DEGREE_POINT; + } } Util.setShort(buffer, bufferOffset, sw); bufferOffset += 2; @@ -387,12 +392,9 @@ public class SimpleECCApplet extends Applet { bufferOffset++; sw = SW_SKIPPED; if ((testFlags & FLAG_ECTEST_ECDH_AGREEMENT_SMALL_DEGREE_POINT) != (short) 0) { - //TODO: this needs refactor, just quickly to see if it works short pubLength = EC_Consts.getCurveParameter(EC_Consts.getAnomalousCurve(keyClass,keyLen), EC_Consts.PARAMETER_W, m_ramArray, (short) 0); - ecKeyGenerator.setParameter(ECKeyGenerator.KEY_PUBLIC, EC_Consts.PARAMETER_W, m_ramArray, (short)0, pubLength); - ecPubKey = ecKeyGenerator.getPublicKey(); ecPrivKey = ecKeyGenerator.getPrivateKey(); - sw = ecKeyTester.testECDH_validPoint(ecPrivKey, ecPubKey, m_ramArray, (short) 0, m_ramArray2, (short) 1); + sw = ecKeyTester.testECDH(ecPrivKey, m_ramArray, (short) 0, pubLength, m_ramArray2, (short) 1); } Util.setShort(buffer, bufferOffset, sw); bufferOffset += 2; -- cgit v1.2.3-70-g09d2 From 31a9da5493cb5085354dbfa034cea4b1d45df3cb Mon Sep 17 00:00:00 2001 From: J08nY Date: Wed, 30 Nov 2016 15:10:43 +0100 Subject: Changed ECSP curves, 192b and 521b, to ones that have a prime pubkey order. --- src/applets/EC_Consts.java | 368 +++++++++++++++++++-------------------- src/applets/SimpleECCApplet.java | 1 + 2 files changed, 185 insertions(+), 184 deletions(-) (limited to 'src/applets/SimpleECCApplet.java') diff --git a/src/applets/EC_Consts.java b/src/applets/EC_Consts.java index 49eb59f..d1f6842 100644 --- a/src/applets/EC_Consts.java +++ b/src/applets/EC_Consts.java @@ -1048,77 +1048,77 @@ public class EC_Consts { //Anomalous curve(small-pub-192), with pubkey of order 4 public static final byte[] ECSP192_FP_P = { - (byte) 0xee, (byte) 0x8a, (byte) 0x97, (byte) 0x03, - (byte) 0x3b, (byte) 0xb1, (byte) 0x00, (byte) 0x60, - (byte) 0x0c, (byte) 0x3a, (byte) 0x9f, (byte) 0x9d, - (byte) 0x88, (byte) 0x2a, (byte) 0xca, (byte) 0xeb, - (byte) 0x6e, (byte) 0x24, (byte) 0xfc, (byte) 0x63, - (byte) 0x04, (byte) 0xd8, (byte) 0x60, (byte) 0x8f + (byte) 0xce, (byte) 0x71, (byte) 0x4c, (byte) 0xc3, + (byte) 0xa1, (byte) 0x5c, (byte) 0xe7, (byte) 0xe5, + (byte) 0xda, (byte) 0xb0, (byte) 0x68, (byte) 0xc9, + (byte) 0xa1, (byte) 0xf8, (byte) 0xbe, (byte) 0x00, + (byte) 0xaa, (byte) 0xd4, (byte) 0x80, (byte) 0xab, + (byte) 0xcc, (byte) 0xae, (byte) 0xef, (byte) 0xc3 }; public static final byte[] ECSP192_FP_A = { - (byte) 0xc3, (byte) 0xf5, (byte) 0x83, (byte) 0x61, - (byte) 0x41, (byte) 0x18, (byte) 0xd6, (byte) 0xc4, - (byte) 0x85, (byte) 0xde, (byte) 0x1c, (byte) 0xd9, - (byte) 0x0a, (byte) 0x86, (byte) 0xda, (byte) 0x7d, - (byte) 0xff, (byte) 0x3a, (byte) 0xa6, (byte) 0xbb, - (byte) 0x77, (byte) 0x5c, (byte) 0xe1, (byte) 0x24 + (byte) 0x59, (byte) 0x7c, (byte) 0x78, (byte) 0x1f, + (byte) 0x64, (byte) 0xc3, (byte) 0x3e, (byte) 0xb8, + (byte) 0xef, (byte) 0x91, (byte) 0x9c, (byte) 0x41, + (byte) 0x59, (byte) 0x11, (byte) 0x51, (byte) 0x8e, + (byte) 0xa3, (byte) 0x23, (byte) 0xbe, (byte) 0x88, + (byte) 0xb9, (byte) 0x43, (byte) 0x7c, (byte) 0xaf }; public static final byte[] ECSP192_FP_B = { - (byte) 0x96, (byte) 0x78, (byte) 0x63, (byte) 0x29, - (byte) 0x6d, (byte) 0x32, (byte) 0x01, (byte) 0x61, - (byte) 0xe6, (byte) 0x88, (byte) 0x0f, (byte) 0xa6, - (byte) 0xd9, (byte) 0xa4, (byte) 0x86, (byte) 0x79, - (byte) 0xdf, (byte) 0xdb, (byte) 0xb1, (byte) 0x2b, - (byte) 0xb7, (byte) 0xe3, (byte) 0x54, (byte) 0xb1 + (byte) 0xf8, (byte) 0x15, (byte) 0x85, (byte) 0xa1, + (byte) 0xb1, (byte) 0x8f, (byte) 0x23, (byte) 0x3d, + (byte) 0x70, (byte) 0xad, (byte) 0xd7, (byte) 0xee, + (byte) 0x13, (byte) 0x42, (byte) 0xd2, (byte) 0x03, + (byte) 0x5c, (byte) 0x38, (byte) 0x6a, (byte) 0x92, + (byte) 0xe3, (byte) 0xab, (byte) 0x83, (byte) 0x20 }; public static final byte[] ECSP192_FP_G_X = { - (byte) 0x7d, (byte) 0x6e, (byte) 0x93, (byte) 0x4a, - (byte) 0xbb, (byte) 0x41, (byte) 0x6c, (byte) 0x64, - (byte) 0xd4, (byte) 0x28, (byte) 0x90, (byte) 0xea, - (byte) 0x64, (byte) 0x40, (byte) 0xf5, (byte) 0x8a, - (byte) 0x0a, (byte) 0x5c, (byte) 0x5b, (byte) 0x31, - (byte) 0x2f, (byte) 0x35, (byte) 0x6b, (byte) 0x29 + (byte) 0x15, (byte) 0x0f, (byte) 0xf0, (byte) 0xa4, + (byte) 0x0d, (byte) 0xea, (byte) 0xc6, (byte) 0x46, + (byte) 0x2b, (byte) 0x59, (byte) 0x87, (byte) 0x41, + (byte) 0x86, (byte) 0x17, (byte) 0xfd, (byte) 0xee, + (byte) 0xb6, (byte) 0xbf, (byte) 0xd7, (byte) 0x6d, + (byte) 0x4d, (byte) 0x60, (byte) 0xa0, (byte) 0x67 }; public static final byte[] ECSP192_FP_G_Y = { - (byte) 0x47, (byte) 0x37, (byte) 0x7f, (byte) 0xed, - (byte) 0x17, (byte) 0xe2, (byte) 0x31, (byte) 0x74, - (byte) 0xf1, (byte) 0xb1, (byte) 0xb9, (byte) 0x01, - (byte) 0x6e, (byte) 0x28, (byte) 0x5e, (byte) 0x9c, - (byte) 0xac, (byte) 0x39, (byte) 0xe3, (byte) 0xbc, - (byte) 0xaa, (byte) 0x65, (byte) 0x22, (byte) 0xfd + (byte) 0x84, (byte) 0x3d, (byte) 0x57, (byte) 0x73, + (byte) 0x71, (byte) 0xc5, (byte) 0xdc, (byte) 0xe1, + (byte) 0x22, (byte) 0xc2, (byte) 0xff, (byte) 0x20, + (byte) 0x6b, (byte) 0x2f, (byte) 0x42, (byte) 0xfa, + (byte) 0x0b, (byte) 0x84, (byte) 0x2b, (byte) 0x49, + (byte) 0xbd, (byte) 0xaf, (byte) 0x99, (byte) 0x0f }; public static final byte[] ECSP192_FP_R = { - (byte) 0xee, (byte) 0x8a, (byte) 0x97, (byte) 0x03, - (byte) 0x3b, (byte) 0xb1, (byte) 0x00, (byte) 0x60, - (byte) 0x0c, (byte) 0x3a, (byte) 0x9f, (byte) 0x9e, - (byte) 0xcd, (byte) 0x2b, (byte) 0xb6, (byte) 0x46, - (byte) 0x75, (byte) 0x84, (byte) 0x34, (byte) 0xad, - (byte) 0xd3, (byte) 0xd0, (byte) 0xdf, (byte) 0xd0 + (byte) 0xce, (byte) 0x71, (byte) 0x4c, (byte) 0xc3, + (byte) 0xa1, (byte) 0x5c, (byte) 0xe7, (byte) 0xe5, + (byte) 0xda, (byte) 0xb0, (byte) 0x68, (byte) 0xc9, + (byte) 0xa3, (byte) 0x0b, (byte) 0xc9, (byte) 0x29, + (byte) 0x15, (byte) 0xbd, (byte) 0x86, (byte) 0x62, + (byte) 0xae, (byte) 0x88, (byte) 0x28, (byte) 0x87 }; public static final short ECSP192_FP_K = 1; public static final byte[] ECSP192_FP_W_X = { - (byte) 0xaa, (byte) 0xd0, (byte) 0xdb, (byte) 0xf8, - (byte) 0xad, (byte) 0x1c, (byte) 0x2c, (byte) 0x4e, - (byte) 0xf0, (byte) 0x67, (byte) 0xda, (byte) 0x63, - (byte) 0x97, (byte) 0x23, (byte) 0xe2, (byte) 0x0d, - (byte) 0xcf, (byte) 0xb4, (byte) 0x53, (byte) 0x52, - (byte) 0xb7, (byte) 0x7a, (byte) 0x59, (byte) 0x9c + (byte) 0x17, (byte) 0x04, (byte) 0x7f, (byte) 0x91, + (byte) 0xdb, (byte) 0xe3, (byte) 0x30, (byte) 0x32, + (byte) 0xc9, (byte) 0xd0, (byte) 0x9b, (byte) 0xd2, + (byte) 0x9c, (byte) 0xea, (byte) 0xdd, (byte) 0x8a, + (byte) 0x09, (byte) 0xcc, (byte) 0xc3, (byte) 0x2a, + (byte) 0xc6, (byte) 0x30, (byte) 0x95, (byte) 0x41 }; public static final byte[] ECSP192_FP_W_Y = { - (byte) 0xae, (byte) 0x28, (byte) 0xd7, (byte) 0xea, - (byte) 0xde, (byte) 0xba, (byte) 0x10, (byte) 0x48, - (byte) 0x40, (byte) 0x64, (byte) 0x0d, (byte) 0x9b, - (byte) 0x6e, (byte) 0x2c, (byte) 0x2d, (byte) 0x22, - (byte) 0x25, (byte) 0xd2, (byte) 0x5d, (byte) 0x79, - (byte) 0x3a, (byte) 0x65, (byte) 0x5f, (byte) 0xb1 + (byte) 0x6a, (byte) 0x72, (byte) 0x6d, (byte) 0xe5, + (byte) 0x4f, (byte) 0xbd, (byte) 0x59, (byte) 0xcf, + (byte) 0xc3, (byte) 0x52, (byte) 0xe8, (byte) 0x38, + (byte) 0xb3, (byte) 0x37, (byte) 0xfa, (byte) 0x00, + (byte) 0x5a, (byte) 0x97, (byte) 0x18, (byte) 0x08, + (byte) 0x16, (byte) 0x13, (byte) 0x5e, (byte) 0x6a }; @@ -1424,165 +1424,165 @@ public class EC_Consts { //Anomalous curve(small-pub-521), with pubkey of order 4 public static final byte[] ECSP521_FP_P = { - (byte) 0x01, (byte) 0x9f, (byte) 0x9b, (byte) 0x18, - (byte) 0x84, (byte) 0x55, (byte) 0xfc, (byte) 0xb2, - (byte) 0x4e, (byte) 0x68, (byte) 0xee, (byte) 0xba, - (byte) 0xbf, (byte) 0x2a, (byte) 0xfd, (byte) 0xa0, - (byte) 0xb5, (byte) 0x11, (byte) 0x4e, (byte) 0xc5, - (byte) 0xe8, (byte) 0x2b, (byte) 0x6d, (byte) 0xa1, - (byte) 0x8f, (byte) 0xa2, (byte) 0x64, (byte) 0x31, - (byte) 0xee, (byte) 0x72, (byte) 0x03, (byte) 0xa2, - (byte) 0x3d, (byte) 0x8b, (byte) 0xd7, (byte) 0xc4, - (byte) 0x16, (byte) 0x9b, (byte) 0x73, (byte) 0x0d, - (byte) 0xbc, (byte) 0x9c, (byte) 0xff, (byte) 0xd8, - (byte) 0xc0, (byte) 0xe7, (byte) 0x9d, (byte) 0xc4, - (byte) 0x03, (byte) 0x74, (byte) 0x12, (byte) 0x8d, - (byte) 0xeb, (byte) 0x03, (byte) 0x44, (byte) 0x56, - (byte) 0x96, (byte) 0x0b, (byte) 0x87, (byte) 0x3d, - (byte) 0xfd, (byte) 0x26, (byte) 0x2b, (byte) 0xe0, - (byte) 0xb6, (byte) 0xd5 + (byte) 0x01, (byte) 0xd3, (byte) 0xdf, (byte) 0x43, + (byte) 0x09, (byte) 0x24, (byte) 0x95, (byte) 0x6e, + (byte) 0x21, (byte) 0x0a, (byte) 0x60, (byte) 0x5b, + (byte) 0x4d, (byte) 0xbf, (byte) 0x4a, (byte) 0x2e, + (byte) 0x90, (byte) 0x9d, (byte) 0x7a, (byte) 0x80, + (byte) 0x16, (byte) 0x58, (byte) 0x97, (byte) 0x8c, + (byte) 0x88, (byte) 0xff, (byte) 0xd6, (byte) 0x8d, + (byte) 0xcc, (byte) 0x81, (byte) 0x7f, (byte) 0x5c, + (byte) 0xc7, (byte) 0x9c, (byte) 0xf1, (byte) 0x88, + (byte) 0xd9, (byte) 0xee, (byte) 0x82, (byte) 0xd1, + (byte) 0xa5, (byte) 0x1c, (byte) 0x44, (byte) 0xcb, + (byte) 0xd3, (byte) 0x1e, (byte) 0x9c, (byte) 0xc5, + (byte) 0xb8, (byte) 0x16, (byte) 0xd7, (byte) 0x6d, + (byte) 0x5b, (byte) 0x13, (byte) 0x12, (byte) 0xb0, + (byte) 0x05, (byte) 0xf7, (byte) 0xb6, (byte) 0x89, + (byte) 0x19, (byte) 0xe2, (byte) 0x75, (byte) 0xda, + (byte) 0xc9, (byte) 0x9f }; public static final byte[] ECSP521_FP_A = { - (byte) 0x8e, (byte) 0xdc, (byte) 0x39, (byte) 0xcd, - (byte) 0xdd, (byte) 0x0f, (byte) 0x31, (byte) 0x73, - (byte) 0x71, (byte) 0x67, (byte) 0x46, (byte) 0xac, - (byte) 0x53, (byte) 0x94, (byte) 0xb6, (byte) 0x1e, - (byte) 0x11, (byte) 0xc0, (byte) 0x56, (byte) 0x67, - (byte) 0xec, (byte) 0xba, (byte) 0x2f, (byte) 0x25, - (byte) 0x05, (byte) 0xb7, (byte) 0x28, (byte) 0x6c, - (byte) 0x5b, (byte) 0xab, (byte) 0x09, (byte) 0x02, - (byte) 0x09, (byte) 0x1d, (byte) 0xf8, (byte) 0xa6, - (byte) 0xbe, (byte) 0x38, (byte) 0xcd, (byte) 0x4a, - (byte) 0x45, (byte) 0xa8, (byte) 0x17, (byte) 0xad, - (byte) 0x2a, (byte) 0xfd, (byte) 0x57, (byte) 0x6f, - (byte) 0xdc, (byte) 0xbd, (byte) 0x2f, (byte) 0x27, - (byte) 0x01, (byte) 0xc4, (byte) 0x5e, (byte) 0xae, - (byte) 0x1a, (byte) 0x55, (byte) 0x88, (byte) 0xee, - (byte) 0xc7, (byte) 0xd1, (byte) 0x08, (byte) 0x42, - (byte) 0x3d + (byte) 0x00, (byte) 0x40, (byte) 0x16, (byte) 0x39, + (byte) 0xf3, (byte) 0x6f, (byte) 0x2e, (byte) 0xe4, + (byte) 0x5f, (byte) 0xc1, (byte) 0x64, (byte) 0xea, + (byte) 0x3e, (byte) 0x1f, (byte) 0x14, (byte) 0xf4, + (byte) 0x80, (byte) 0x3f, (byte) 0xd7, (byte) 0xa7, + (byte) 0x7f, (byte) 0xfd, (byte) 0xfb, (byte) 0x39, + (byte) 0x2c, (byte) 0x3f, (byte) 0x8f, (byte) 0xe9, + (byte) 0x5d, (byte) 0x1a, (byte) 0xea, (byte) 0x33, + (byte) 0x14, (byte) 0x67, (byte) 0xf4, (byte) 0x61, + (byte) 0x8d, (byte) 0x59, (byte) 0xae, (byte) 0xee, + (byte) 0x49, (byte) 0xd5, (byte) 0xd7, (byte) 0xc7, + (byte) 0x0c, (byte) 0xaf, (byte) 0x32, (byte) 0x0f, + (byte) 0x7d, (byte) 0xd1, (byte) 0xac, (byte) 0x16, + (byte) 0x61, (byte) 0x14, (byte) 0xf5, (byte) 0x62, + (byte) 0x41, (byte) 0x34, (byte) 0x49, (byte) 0x99, + (byte) 0x1d, (byte) 0x3a, (byte) 0xa1, (byte) 0xa2, + (byte) 0xc4, (byte) 0x9e }; public static final byte[] ECSP521_FP_B = { - (byte) 0x2d, (byte) 0x83, (byte) 0x7c, (byte) 0xac, - (byte) 0x89, (byte) 0x02, (byte) 0xfe, (byte) 0x65, - (byte) 0x1e, (byte) 0x81, (byte) 0x7f, (byte) 0x20, - (byte) 0x6d, (byte) 0x5c, (byte) 0x9e, (byte) 0xb7, - (byte) 0x8a, (byte) 0xed, (byte) 0xef, (byte) 0x80, - (byte) 0xd1, (byte) 0x6e, (byte) 0xa1, (byte) 0x67, - (byte) 0xbb, (byte) 0x37, (byte) 0x7c, (byte) 0xb7, - (byte) 0xff, (byte) 0xfc, (byte) 0x0c, (byte) 0x94, - (byte) 0x8e, (byte) 0xef, (byte) 0xea, (byte) 0x5f, - (byte) 0xd3, (byte) 0x46, (byte) 0xfe, (byte) 0x4c, - (byte) 0x82, (byte) 0xa1, (byte) 0x6d, (byte) 0x1a, - (byte) 0x46, (byte) 0xb8, (byte) 0xeb, (byte) 0x05, - (byte) 0xe5, (byte) 0x70, (byte) 0xcb, (byte) 0x76, - (byte) 0xe7, (byte) 0x1d, (byte) 0xb0, (byte) 0xad, - (byte) 0xc1, (byte) 0x99, (byte) 0xbd, (byte) 0xe2, - (byte) 0x83, (byte) 0x4a, (byte) 0xd6, (byte) 0x74, - (byte) 0x1f + (byte) 0x00, (byte) 0x4a, (byte) 0x26, (byte) 0xa8, + (byte) 0xc4, (byte) 0x7f, (byte) 0xce, (byte) 0x20, + (byte) 0x4b, (byte) 0xa9, (byte) 0x53, (byte) 0x01, + (byte) 0x5f, (byte) 0xa8, (byte) 0x67, (byte) 0x08, + (byte) 0xc0, (byte) 0xde, (byte) 0x72, (byte) 0x0f, + (byte) 0x27, (byte) 0x52, (byte) 0x39, (byte) 0x88, + (byte) 0xb0, (byte) 0x97, (byte) 0xe7, (byte) 0x74, + (byte) 0x16, (byte) 0x8c, (byte) 0x15, (byte) 0xf7, + (byte) 0xa2, (byte) 0x15, (byte) 0xaa, (byte) 0xf1, + (byte) 0x8a, (byte) 0x5f, (byte) 0x1b, (byte) 0x95, + (byte) 0x79, (byte) 0xab, (byte) 0x3d, (byte) 0xb9, + (byte) 0x35, (byte) 0xd4, (byte) 0x5b, (byte) 0xe1, + (byte) 0x4c, (byte) 0x9a, (byte) 0x87, (byte) 0xb7, + (byte) 0x11, (byte) 0x70, (byte) 0x39, (byte) 0x69, + (byte) 0x09, (byte) 0xb1, (byte) 0x4d, (byte) 0x06, + (byte) 0xf7, (byte) 0xa0, (byte) 0x99, (byte) 0x75, + (byte) 0xb3, (byte) 0xa6 }; public static final byte[] ECSP521_FP_G_X = { - (byte) 0xe5, (byte) 0xa6, (byte) 0x65, (byte) 0xfc, - (byte) 0x52, (byte) 0x93, (byte) 0xfa, (byte) 0xd7, - (byte) 0x05, (byte) 0x0f, (byte) 0x63, (byte) 0x31, - (byte) 0x18, (byte) 0xfb, (byte) 0x91, (byte) 0x55, - (byte) 0x23, (byte) 0x85, (byte) 0x71, (byte) 0xc8, - (byte) 0x17, (byte) 0xe6, (byte) 0x62, (byte) 0x6c, - (byte) 0xe5, (byte) 0x8e, (byte) 0x1c, (byte) 0xb5, - (byte) 0x11, (byte) 0x79, (byte) 0x3d, (byte) 0x03, - (byte) 0xab, (byte) 0x2e, (byte) 0x18, (byte) 0x0a, - (byte) 0x5d, (byte) 0xaf, (byte) 0xf4, (byte) 0x9c, - (byte) 0xfb, (byte) 0xb1, (byte) 0xf8, (byte) 0x88, - (byte) 0xc7, (byte) 0xd8, (byte) 0x06, (byte) 0x9a, - (byte) 0x60, (byte) 0xcd, (byte) 0x09, (byte) 0xcc, - (byte) 0x6a, (byte) 0xfc, (byte) 0x2b, (byte) 0x6b, - (byte) 0xb1, (byte) 0xea, (byte) 0x54, (byte) 0xea, - (byte) 0x98, (byte) 0x5e, (byte) 0x78, (byte) 0xd3, - (byte) 0x1f + (byte) 0x01, (byte) 0xc8, (byte) 0x80, (byte) 0xae, + (byte) 0x0a, (byte) 0x35, (byte) 0x5a, (byte) 0x52, + (byte) 0x79, (byte) 0x1f, (byte) 0xc9, (byte) 0x60, + (byte) 0x0f, (byte) 0xd8, (byte) 0xb3, (byte) 0x57, + (byte) 0x26, (byte) 0xe9, (byte) 0xd7, (byte) 0x99, + (byte) 0x10, (byte) 0x14, (byte) 0x89, (byte) 0x16, + (byte) 0x1c, (byte) 0x8f, (byte) 0x90, (byte) 0xa9, + (byte) 0xc6, (byte) 0x63, (byte) 0x1d, (byte) 0x09, + (byte) 0xb3, (byte) 0xcb, (byte) 0x34, (byte) 0x75, + (byte) 0x84, (byte) 0x83, (byte) 0x7d, (byte) 0x9d, + (byte) 0xeb, (byte) 0x85, (byte) 0x66, (byte) 0xa9, + (byte) 0xc5, (byte) 0x84, (byte) 0x6a, (byte) 0xde, + (byte) 0xd0, (byte) 0xd0, (byte) 0x1e, (byte) 0xb9, + (byte) 0x47, (byte) 0xb4, (byte) 0xaf, (byte) 0xfd, + (byte) 0x34, (byte) 0xe8, (byte) 0xea, (byte) 0x7d, + (byte) 0xbe, (byte) 0x73, (byte) 0x3c, (byte) 0xbe, + (byte) 0xda, (byte) 0xfa }; public static final byte[] ECSP521_FP_G_Y = { - (byte) 0x01, (byte) 0x06, (byte) 0x7b, (byte) 0x42, - (byte) 0x85, (byte) 0x9e, (byte) 0x5c, (byte) 0x33, - (byte) 0x98, (byte) 0xab, (byte) 0xa9, (byte) 0xec, - (byte) 0xc0, (byte) 0x2b, (byte) 0xf2, (byte) 0x89, - (byte) 0xf9, (byte) 0xe3, (byte) 0x13, (byte) 0x37, - (byte) 0x1e, (byte) 0x70, (byte) 0x21, (byte) 0xbf, - (byte) 0x1d, (byte) 0xb5, (byte) 0xae, (byte) 0xbe, - (byte) 0x2d, (byte) 0x52, (byte) 0x9e, (byte) 0x2f, - (byte) 0x66, (byte) 0x23, (byte) 0xa0, (byte) 0x6f, - (byte) 0x3b, (byte) 0x10, (byte) 0xe7, (byte) 0xf9, - (byte) 0x2c, (byte) 0x3e, (byte) 0xcc, (byte) 0x18, - (byte) 0x3d, (byte) 0xe1, (byte) 0xe5, (byte) 0x91, - (byte) 0x9b, (byte) 0x0d, (byte) 0x6d, (byte) 0x2e, - (byte) 0xd6, (byte) 0x55, (byte) 0xec, (byte) 0x31, - (byte) 0xc3, (byte) 0x13, (byte) 0x15, (byte) 0x9f, - (byte) 0x2c, (byte) 0x9d, (byte) 0xf9, (byte) 0x15, - (byte) 0xfb, (byte) 0xe0 + (byte) 0x00, (byte) 0x05, (byte) 0x0f, (byte) 0x12, + (byte) 0x67, (byte) 0x2f, (byte) 0x16, (byte) 0x3f, + (byte) 0x19, (byte) 0xd5, (byte) 0xd4, (byte) 0x93, + (byte) 0xeb, (byte) 0x82, (byte) 0xef, (byte) 0x77, + (byte) 0x7b, (byte) 0x02, (byte) 0x13, (byte) 0xdd, + (byte) 0x4e, (byte) 0x0c, (byte) 0xf7, (byte) 0x5a, + (byte) 0x9b, (byte) 0x99, (byte) 0x72, (byte) 0x4f, + (byte) 0xbd, (byte) 0xb5, (byte) 0x4b, (byte) 0x0c, + (byte) 0xc4, (byte) 0xe0, (byte) 0x37, (byte) 0xbf, + (byte) 0x86, (byte) 0xa4, (byte) 0x8b, (byte) 0xac, + (byte) 0x28, (byte) 0x46, (byte) 0x7b, (byte) 0xdd, + (byte) 0x93, (byte) 0x6c, (byte) 0x31, (byte) 0x4c, + (byte) 0xe1, (byte) 0x3f, (byte) 0x6e, (byte) 0xc7, + (byte) 0xec, (byte) 0x69, (byte) 0xea, (byte) 0x09, + (byte) 0xae, (byte) 0x4f, (byte) 0x54, (byte) 0x44, + (byte) 0xdf, (byte) 0x4b, (byte) 0x2a, (byte) 0x11, + (byte) 0x7a, (byte) 0x66 }; public static final byte[] ECSP521_FP_R = { - (byte) 0x01, (byte) 0x9f, (byte) 0x9b, (byte) 0x18, - (byte) 0x84, (byte) 0x55, (byte) 0xfc, (byte) 0xb2, - (byte) 0x4e, (byte) 0x68, (byte) 0xee, (byte) 0xba, - (byte) 0xbf, (byte) 0x2a, (byte) 0xfd, (byte) 0xa0, - (byte) 0xb5, (byte) 0x11, (byte) 0x4e, (byte) 0xc5, - (byte) 0xe8, (byte) 0x2b, (byte) 0x6d, (byte) 0xa1, - (byte) 0x8f, (byte) 0xa2, (byte) 0x64, (byte) 0x31, - (byte) 0xee, (byte) 0x72, (byte) 0x03, (byte) 0xa2, - (byte) 0x3d, (byte) 0x75, (byte) 0xdd, (byte) 0xed, - (byte) 0x80, (byte) 0x28, (byte) 0x58, (byte) 0xff, - (byte) 0xab, (byte) 0x06, (byte) 0x8f, (byte) 0x74, - (byte) 0xf8, (byte) 0x9c, (byte) 0xc7, (byte) 0x73, - (byte) 0x85, (byte) 0x0e, (byte) 0x1b, (byte) 0x56, - (byte) 0x84, (byte) 0x3f, (byte) 0x76, (byte) 0x7c, - (byte) 0x15, (byte) 0xef, (byte) 0x65, (byte) 0xb4, - (byte) 0x12, (byte) 0xe6, (byte) 0x50, (byte) 0xc9, - (byte) 0x7b, (byte) 0xd0 + (byte) 0x01, (byte) 0xd3, (byte) 0xdf, (byte) 0x43, + (byte) 0x09, (byte) 0x24, (byte) 0x95, (byte) 0x6e, + (byte) 0x21, (byte) 0x0a, (byte) 0x60, (byte) 0x5b, + (byte) 0x4d, (byte) 0xbf, (byte) 0x4a, (byte) 0x2e, + (byte) 0x90, (byte) 0x9d, (byte) 0x7a, (byte) 0x80, + (byte) 0x16, (byte) 0x58, (byte) 0x97, (byte) 0x8c, + (byte) 0x88, (byte) 0xff, (byte) 0xd6, (byte) 0x8d, + (byte) 0xcc, (byte) 0x81, (byte) 0x7f, (byte) 0x5c, + (byte) 0xc7, (byte) 0xba, (byte) 0x08, (byte) 0x38, + (byte) 0x71, (byte) 0x7c, (byte) 0x19, (byte) 0x47, + (byte) 0xf9, (byte) 0x3c, (byte) 0xfd, (byte) 0xd3, + (byte) 0xed, (byte) 0x87, (byte) 0xec, (byte) 0x2c, + (byte) 0x2d, (byte) 0xf1, (byte) 0x81, (byte) 0xc7, + (byte) 0xad, (byte) 0xa5, (byte) 0x53, (byte) 0x34, + (byte) 0x6e, (byte) 0xc1, (byte) 0x49, (byte) 0x57, + (byte) 0x32, (byte) 0xa1, (byte) 0xe7, (byte) 0xff, + (byte) 0xe9, (byte) 0xb3 }; public static final short ECSP521_FP_K = 1; public static final byte[] ECSP521_FP_W_X = { - (byte) 0xfc, (byte) 0xcf, (byte) 0x5c, (byte) 0x11, - (byte) 0x3b, (byte) 0xec, (byte) 0x94, (byte) 0x61, - (byte) 0xdb, (byte) 0x3e, (byte) 0x56, (byte) 0x73, - (byte) 0x34, (byte) 0xcb, (byte) 0xf9, (byte) 0x8e, - (byte) 0x32, (byte) 0xde, (byte) 0x58, (byte) 0x12, - (byte) 0x92, (byte) 0x07, (byte) 0x74, (byte) 0xdb, - (byte) 0x40, (byte) 0xd2, (byte) 0x94, (byte) 0x18, - (byte) 0xd2, (byte) 0x92, (byte) 0xc3, (byte) 0xc4, - (byte) 0xf6, (byte) 0xce, (byte) 0x08, (byte) 0xb2, - (byte) 0x00, (byte) 0x21, (byte) 0xfe, (byte) 0x0f, - (byte) 0x07, (byte) 0xf0, (byte) 0xe4, (byte) 0xc9, - (byte) 0xc3, (byte) 0xd1, (byte) 0x43, (byte) 0xe7, - (byte) 0xd0, (byte) 0xf8, (byte) 0xcd, (byte) 0xb6, - (byte) 0x16, (byte) 0x71, (byte) 0xa7, (byte) 0xe4, - (byte) 0x46, (byte) 0x8a, (byte) 0x93, (byte) 0xde, - (byte) 0xe6, (byte) 0x0c, (byte) 0x1d, (byte) 0x29, - (byte) 0xde + (byte) 0x00, (byte) 0x28, (byte) 0x44, (byte) 0xdf, + (byte) 0x0f, (byte) 0x31, (byte) 0xf4, (byte) 0x6a, + (byte) 0x40, (byte) 0xe6, (byte) 0xc7, (byte) 0x00, + (byte) 0x6c, (byte) 0xde, (byte) 0x99, (byte) 0x15, + (byte) 0x5b, (byte) 0xd5, (byte) 0xd1, (byte) 0x8d, + (byte) 0x0e, (byte) 0x41, (byte) 0x50, (byte) 0x17, + (byte) 0x8a, (byte) 0x8e, (byte) 0x30, (byte) 0x7d, + (byte) 0x6a, (byte) 0xec, (byte) 0x08, (byte) 0xfd, + (byte) 0x02, (byte) 0xd4, (byte) 0x66, (byte) 0xc0, + (byte) 0x3c, (byte) 0x49, (byte) 0xb4, (byte) 0x9c, + (byte) 0x26, (byte) 0x54, (byte) 0xb7, (byte) 0xc9, + (byte) 0xa3, (byte) 0x2d, (byte) 0x88, (byte) 0xca, + (byte) 0x01, (byte) 0x40, (byte) 0x16, (byte) 0xa7, + (byte) 0xed, (byte) 0xdd, (byte) 0x44, (byte) 0x21, + (byte) 0x7b, (byte) 0xe9, (byte) 0x15, (byte) 0x50, + (byte) 0x5d, (byte) 0x22, (byte) 0x8e, (byte) 0xfb, + (byte) 0x93, (byte) 0x89 }; public static final byte[] ECSP521_FP_W_Y = { - (byte) 0xc3, (byte) 0x6d, (byte) 0x08, (byte) 0x8f, - (byte) 0xc2, (byte) 0xfe, (byte) 0x3b, (byte) 0x42, - (byte) 0x90, (byte) 0x7b, (byte) 0xbf, (byte) 0x8a, - (byte) 0xf7, (byte) 0xf1, (byte) 0x9e, (byte) 0xda, - (byte) 0x94, (byte) 0x82, (byte) 0x10, (byte) 0x1d, - (byte) 0x4f, (byte) 0x73, (byte) 0xf8, (byte) 0xcd, - (byte) 0x46, (byte) 0x73, (byte) 0x6e, (byte) 0x06, - (byte) 0x35, (byte) 0xe1, (byte) 0xc5, (byte) 0xca, - (byte) 0xe1, (byte) 0x71, (byte) 0x09, (byte) 0x30, - (byte) 0x8c, (byte) 0x3a, (byte) 0xec, (byte) 0x74, - (byte) 0x10, (byte) 0xf7, (byte) 0xec, (byte) 0x06, - (byte) 0xfb, (byte) 0x78, (byte) 0xec, (byte) 0xa4, - (byte) 0xb8, (byte) 0xcb, (byte) 0xac, (byte) 0xb6, - (byte) 0x4d, (byte) 0xaf, (byte) 0x54, (byte) 0x8f, - (byte) 0x95, (byte) 0x02, (byte) 0xf4, (byte) 0x87, - (byte) 0x77, (byte) 0x53, (byte) 0xda, (byte) 0x15, - (byte) 0x2e + (byte) 0x01, (byte) 0x05, (byte) 0x92, (byte) 0x1e, + (byte) 0x21, (byte) 0x72, (byte) 0xc3, (byte) 0x05, + (byte) 0x0b, (byte) 0xa4, (byte) 0xc9, (byte) 0xd2, + (byte) 0xe7, (byte) 0x44, (byte) 0xfc, (byte) 0x5b, + (byte) 0x7b, (byte) 0x5e, (byte) 0x84, (byte) 0x51, + (byte) 0x75, (byte) 0x1e, (byte) 0x67, (byte) 0x80, + (byte) 0xc6, (byte) 0xde, (byte) 0x88, (byte) 0x22, + (byte) 0x94, (byte) 0x97, (byte) 0xbe, (byte) 0x7d, + (byte) 0x23, (byte) 0x55, (byte) 0x0b, (byte) 0xee, + (byte) 0xfa, (byte) 0x0c, (byte) 0xb7, (byte) 0xfa, + (byte) 0xfe, (byte) 0xbb, (byte) 0x4d, (byte) 0xd9, + (byte) 0xfa, (byte) 0xd1, (byte) 0x24, (byte) 0x4c, + (byte) 0x67, (byte) 0x33, (byte) 0xbe, (byte) 0xfe, + (byte) 0x5a, (byte) 0x97, (byte) 0x71, (byte) 0x0f, + (byte) 0x0d, (byte) 0xc5, (byte) 0x6d, (byte) 0xc0, + (byte) 0x8d, (byte) 0x9d, (byte) 0x9d, (byte) 0xf9, + (byte) 0xd8, (byte) 0x46 }; diff --git a/src/applets/SimpleECCApplet.java b/src/applets/SimpleECCApplet.java index d653c10..e63bcf2 100644 --- a/src/applets/SimpleECCApplet.java +++ b/src/applets/SimpleECCApplet.java @@ -363,6 +363,7 @@ public class SimpleECCApplet extends Applet { } if (sw != ISO7816.SW_NO_ERROR) { testFlags &= ~FLAG_ECTEST_GENERATE_KEYPAIR_ANOMALOUSCUVE; + testFlags &= ~FLAG_ECTEST_ECDH_AGREEMENT_SMALL_DEGREE_POINT; } } Util.setShort(buffer, bufferOffset, sw); -- cgit v1.2.3-70-g09d2 From 5f0ec2706a9dbb6aa72ea3c7eb798cd83045e867 Mon Sep 17 00:00:00 2001 From: J08nY Date: Sat, 10 Dec 2016 23:32:41 +0100 Subject: Added CLI options, Apache commons-cli lib, anomalous curve key export - Added CLI options, see SimpleAPDU.jar -h - Added Apache commons-cli for CLI options, it uses Apache license - Added support for anomalous curve export both reader/applet side: `java -jar SimpleAPDU.jar -g 10 -b 256 -fp -s` generates 10 curves over ECSP256 an anomalous 256bit curve. --- !uploader/simpleECC.cap | Bin 18215 -> 18296 bytes README.md | 39 ++-- dist/SimpleAPDU.jar | Bin 3078963 -> 470966 bytes lib/commons-cli-1.3.1-javadoc.jar | Bin 0 -> 169756 bytes lib/commons-cli-1.3.1.jar | Bin 0 -> 52988 bytes src/applets/ECKeyGenerator.java | 5 +- src/applets/SimpleECCApplet.java | 23 ++- src/simpleapdu/CardMngr.java | 7 +- src/simpleapdu/DirtyLogger.java | 12 +- src/simpleapdu/SimpleAPDU.java | 419 +++++++++++++++++++++----------------- 10 files changed, 285 insertions(+), 220 deletions(-) create mode 100644 lib/commons-cli-1.3.1-javadoc.jar create mode 100644 lib/commons-cli-1.3.1.jar (limited to 'src/applets/SimpleECCApplet.java') diff --git a/!uploader/simpleECC.cap b/!uploader/simpleECC.cap index e76168c..52fef17 100644 Binary files a/!uploader/simpleECC.cap and b/!uploader/simpleECC.cap differ diff --git a/README.md b/README.md index df80750..ad76fc1 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ Tests support and behavior of smartcards with JavaCard platform with focus on El Usage ------ 1. Upload simpleECC.cap using your favorite tool (e.g., [GlobalPlatformPro tool](https://github.com/martinpaljak/GlobalPlatform)) -2. Run java -jar SimpleAPDU.jar +2. Run `java -jar SimpleAPDU.jar` 3. Inspect output log with annotated results Following operations are tested: @@ -14,24 +14,33 @@ Following operations are tested: - Generation of keypair with default curve - Setting of custom curve and keypair generation - Generation of shared secret via ECDH -- Behavior of card when invalid curves/points are provided (shoudl fail) +- Signature via ECDSA +- Behavior of card when invalid curves/points are provided (should fail) + +See `java -jar SimpleAPDU.jar -h` for more. Example output -------------- - EC type: ALG_EC_FP - EC key length (bits): 224 bits - KeyPair object allocation: OK (0x9000) - Generate key with def curve (fails if no def): fail (ILLEGAL_VALUE, 0x1) - Set valid custom curve: OK (0x9000) - Generate key with valid curve: OK (0x9000) - !!ECDH agreement with valid point: fail (0x6f00) - ECDH agreement with invalid point (fail is good): fail (unknown, 0x6f00) - Set invalid custom curve (fail is good): fail (ILLEGAL_VALUE, 0x1) - Generate key with invalid curve (fail is good): fail (skipped, 0xee1) - - -*Explanation: ALG_EC_FP with 224b curve was tested. Is supported by card (KeyPair object allocation: OK), don't have preset default curve (Generate key with def curve: fail), custom curve can be set (Set valid custom curve: OK), new keypair can be generated (Generate key with valid curve: OK), ECDH key agreement failed to execute (ECDH agreement with valid point: fail) altough it was supposed to suceed (log line is therefore marked with !!), ECDH wil fail (expected behavior) if invalid point is provided (ECDH agreement with invalid point: fail), invalid custom curve cannot be set (expected behavior) (Set invalid custom curve: fail) and new keypair cannot be generated with invalid curve (Generate key with invalid curve: skipped) - last test was skipped as invalid curve canot be set.* + ### Test for support and with valid and invalid EC curves + EC type: ALG_EC_FP + EC key length (bits): 256 bits + KeyPair object allocation: OK (0x9000) + Generate key with def curve (fails if no def): OK (0x9000) + Set valid custom curve: OK (0x9000) + Generate key with valid curve: OK (0x9000) + !! ECDH agreement with valid point: fail (unknown, 0x6f00) + ECDH agreement with invalid point (fail is good): fail (ILLEGAL_VALUE, 0x 1) + ECDSA signature on random data: OK (0x9000) + Set anomalous custom curve (may fail): OK (0x9000) + Generate key with anomalous curve (may fail): fail (unknown, 0x6f00) + ECDH agreement with small order point (fail is good):fail (skipped, 0x ee1) + Set invalid custom curve (may fail): OK (0x9000) + Generate key with invalid curve (fail is good): fail (unknown, 0x6f00) + Set invalid field (may fail): OK (0x9000) + Generate key with invalid field (fail si good): fail (unknown, 0x6f00) + +*Explanation: ALG_EC_FP with 256b curve was tested. Is supported by card (KeyPair object allocation: OK), don't have preset default curve (Generate key with def curve: fail), custom curve can be set (Set valid custom curve: OK), new keypair can be generated (Generate key with valid curve: OK), ECDH key agreement failed to execute (ECDH agreement with valid point: fail) although it was supposed to succeed (log line is therefore marked with !!), ECDH wil fail (expected behavior) if invalid point is provided (ECDH agreement with invalid point: fail), ECDSA signature worked and verified correctly (ECDSA signature on random data: OK), anomalous curve can be set (Set anomalous custom curve: OK), however generating a key on it will fail (Generate key with anomalous curve: fail), ECDH with small-order public key provided will fail as intended (ECDH agreement with small order point: fail), invalid custom curve could be set (Set invalid custom curve: OK), new keypair cannot be generated with invalid curve (Generate key with invalid curve: fail), invalid field (non-prime) could be set (Set invalid field: OK), however a key could not be generated (Generate key with invalid field: fail).* If you are interested in testing support for other JavaCard algorithms, please visit JCAlgTester project: https://github.com/crocs-muni/JCAlgTest diff --git a/dist/SimpleAPDU.jar b/dist/SimpleAPDU.jar index 09b7e73..1e96259 100644 Binary files a/dist/SimpleAPDU.jar and b/dist/SimpleAPDU.jar differ diff --git a/lib/commons-cli-1.3.1-javadoc.jar b/lib/commons-cli-1.3.1-javadoc.jar new file mode 100644 index 0000000..c741ec4 Binary files /dev/null and b/lib/commons-cli-1.3.1-javadoc.jar differ diff --git a/lib/commons-cli-1.3.1.jar b/lib/commons-cli-1.3.1.jar new file mode 100644 index 0000000..c3e7a1f Binary files /dev/null and b/lib/commons-cli-1.3.1.jar differ diff --git a/src/applets/ECKeyGenerator.java b/src/applets/ECKeyGenerator.java index c4b71c0..491cd86 100644 --- a/src/applets/ECKeyGenerator.java +++ b/src/applets/ECKeyGenerator.java @@ -22,7 +22,6 @@ public class ECKeyGenerator { public static final byte KEY_BOTH = KEY_PUBLIC | KEY_PRIVATE; - //TODO: add something like allocateGenerate, or modify allocate to auto-generate a key-pair if it returns null key references after allocating public short allocatePair(byte keyClass, short keyLength) { short result = ISO7816.SW_NO_ERROR; try { @@ -105,6 +104,10 @@ public class ECKeyGenerator { return sw; } + public short setCustomAnomalousCurve(short keyClass, short keyLength, byte[] buffer, short offset) { + return setCustomCurve(EC_Consts.getAnomalousCurve(keyClass, keyLength), buffer, offset); + } + public short setParameter(byte key, short param, byte[] data, short offset, short length) { short result = ISO7816.SW_NO_ERROR; try { diff --git a/src/applets/SimpleECCApplet.java b/src/applets/SimpleECCApplet.java index e63bcf2..ecdfa4e 100644 --- a/src/applets/SimpleECCApplet.java +++ b/src/applets/SimpleECCApplet.java @@ -359,7 +359,7 @@ public class SimpleECCApplet extends Applet { sw = SW_SKIPPED; if ((testFlags & FLAG_ECTEST_SET_ANOMALOUSCURVE) != (short) 0) { if (keyClass == KeyPair.ALG_EC_FP) { //Only FP supported at the moment - sw = ecKeyGenerator.setCustomCurve(EC_Consts.getAnomalousCurve(keyClass, keyLen), m_ramArray, (short) 0); + sw = ecKeyGenerator.setCustomAnomalousCurve(keyClass, keyLen, m_ramArray, (short) 0); } if (sw != ISO7816.SW_NO_ERROR) { testFlags &= ~FLAG_ECTEST_GENERATE_KEYPAIR_ANOMALOUSCUVE; @@ -915,21 +915,30 @@ public class SimpleECCApplet extends Applet { void GenerateAndReturnKey(APDU apdu) { byte[] apdubuf = apdu.getBuffer(); apdu.setIncomingAndReceive(); + + short offset = ISO7816.OFFSET_CDATA; + byte keyClass = apdubuf[offset]; + offset++; - short bitLen = Util.getShort(apdubuf, ISO7816.OFFSET_CDATA); + short keyLength = Util.getShort(apdubuf, offset); + offset+=2; - short offset = 0; + byte anomalous = apdubuf[offset]; + + offset = 0; switch (apdubuf[ISO7816.OFFSET_P1]) { case P1_SETCURVE: { - ecKeyGenerator.allocatePair(KeyPair.ALG_EC_FP, bitLen); + ecKeyGenerator.allocatePair(keyClass, keyLength); + if(anomalous != 0) { + ecKeyGenerator.setCustomAnomalousCurve(keyClass, keyLength, m_ramArray, (short) 0); + } else { + ecKeyGenerator.setCustomCurve(keyClass, keyLength, m_ramArray, (short) 0); + } ecKeyGenerator.generatePair(); ecPubKey = ecKeyGenerator.getPublicKey(); ecPrivKey = ecKeyGenerator.getPrivateKey(); - - // If required, initialize curve parameters first - ecKeyGenerator.setCustomCurve(KeyPair.ALG_EC_FP, bitLen, m_ramArray, (short) 0); break; } case P1_GENERATEKEYPAIR: { diff --git a/src/simpleapdu/CardMngr.java b/src/simpleapdu/CardMngr.java index d778bc8..ae8bd55 100644 --- a/src/simpleapdu/CardMngr.java +++ b/src/simpleapdu/CardMngr.java @@ -105,7 +105,10 @@ public class CardMngr { return true; } - + + public boolean isConnected() { + return m_card != null; + } public void DisconnectFromCard() throws Exception { if (m_card != null) { @@ -191,7 +194,7 @@ public class CardMngr { if (responseAPDU.getSW1() == (byte) 0x61) { CommandAPDU apduToSend = new CommandAPDU((byte) 0x00, (byte) 0xC0, (byte) 0x00, (byte) 0x00, - (int) responseAPDU.getSW1()); + responseAPDU.getSW1()); responseAPDU = m_channel.transmit(apduToSend); System.out.println(bytesToHex(responseAPDU.getBytes())); diff --git a/src/simpleapdu/DirtyLogger.java b/src/simpleapdu/DirtyLogger.java index 69e5e65..c06571b 100644 --- a/src/simpleapdu/DirtyLogger.java +++ b/src/simpleapdu/DirtyLogger.java @@ -1,14 +1,7 @@ -/* - * To change this license header, choose License Headers in Project Properties. - * To change this template file, choose Tools | Templates - * and open the template in the editor. - */ package simpleapdu; import java.io.FileOutputStream; import java.io.IOException; -import java.util.logging.Level; -import java.util.logging.Logger; /** * @@ -17,6 +10,7 @@ import java.util.logging.Logger; public class DirtyLogger { FileOutputStream m_logFile; boolean m_bOutputSystemOut = true; + public DirtyLogger(FileOutputStream logFile, boolean bOutputSystemOut) { m_logFile = logFile; m_bOutputSystemOut = bOutputSystemOut; @@ -47,4 +41,8 @@ public class DirtyLogger { } catch (IOException ex) { } } + + void close() throws IOException { + m_logFile.close(); + } } diff --git a/src/simpleapdu/SimpleAPDU.java b/src/simpleapdu/SimpleAPDU.java index 44bf302..241ef4c 100644 --- a/src/simpleapdu/SimpleAPDU.java +++ b/src/simpleapdu/SimpleAPDU.java @@ -5,7 +5,13 @@ import applets.SimpleECCApplet; import javacard.framework.ISO7816; import javacard.security.CryptoException; import javacard.security.KeyPair; -import sun.java2d.pipe.SpanShapeRenderer; +import org.apache.commons.cli.CommandLine; +import org.apache.commons.cli.CommandLineParser; +import org.apache.commons.cli.DefaultParser; +import org.apache.commons.cli.HelpFormatter; +import org.apache.commons.cli.Option; +import org.apache.commons.cli.Options; +import org.apache.commons.cli.ParseException; import javax.smartcardio.ResponseAPDU; import java.io.FileNotFoundException; @@ -18,13 +24,17 @@ import java.util.Arrays; * @author Petr Svenda petr@svenda.com */ public class SimpleAPDU { - static CardMngr cardManager = new CardMngr(); + private CardMngr cardManager = new CardMngr(); + private DirtyLogger systemOutLogger = null; + + private CommandLineParser cliParser = new DefaultParser(); + private Options opts = new Options(); + private static final String cliHeader = ""; + private static final String cliFooter = ""; private final static byte SELECT_ECTESTERAPPLET[] = {(byte) 0x00, (byte) 0xa4, (byte) 0x04, (byte) 0x00, (byte) 0x0a, (byte) 0x45, (byte) 0x43, (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x65, (byte) 0x72, (byte) 0x30, (byte) 0x31}; - static DirtyLogger m_SystemOutLogger = null; - private static final byte TESTECSUPPORTALL_FP[] = {(byte) 0xB0, (byte) 0x5E, (byte) 0x00, (byte) 0x00, (byte) 0x00}; private static final byte TESTECSUPPORTALL_F2M[] = {(byte) 0xB0, (byte) 0x5F, (byte) 0x00, (byte) 0x00, (byte) 0x00}; private static final byte TESTECSUPPORT_GIVENALG[] = {(byte) 0xB0, (byte) 0x71, (byte) 0x00, (byte) 0x00, (byte) 0x03, (byte) 0x00, (byte) 0x00, (byte) 0x00}; @@ -38,8 +48,104 @@ public class SimpleAPDU { private static final short INVALIDCURVEB_CORRUPTIONTYPE_OFFSET = 7; private static final short INVALIDCURVEB_REWINDONSUCCESS_OFFSET = 9; - private static final byte TESTECSUPPORT_GENERATEECCKEY[] = {(byte) 0xB0, (byte) 0x5a, (byte) 0x00, (byte) 0x00, (byte) 0x02, (byte) 0x00, (byte) 0x00}; + private static final byte TESTECSUPPORT_GENERATEECCKEY[] = {(byte) 0xB0, (byte) 0x5a, (byte) 0x00, (byte) 0x00, (byte) 0x04, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00}; + private static final short GENERATEECKEY_ALG_OFFSET = 5; + private static final short GENERATEECKEY_KEYLENGTH_OFFSET = 6; + private static final short GENERATEECKEY_ANOMALOUS_OFFSET = 8; + + + public void run(String[] args) { + try { + //parse cmd args + CommandLine cli = parseArgs(args); + + //byte[] installData = new byte[10]; + //byte[] AID = {(byte) 0x4C, (byte) 0x61, (byte) 0x62, (byte) 0x61, (byte) 0x6B, (byte) 0x41, (byte) 0x70, (byte) 0x70, (byte) 0x6C, (byte) 0x65, (byte) 0x74}; + //cardManager.prepareLocalSimulatorApplet(AID, installData, SimpleECCApplet.class); + + //do stuff + if (cli.hasOption("help")) { + HelpFormatter help = new HelpFormatter(); + help.printHelp("SimpleAPDU", cliHeader, opts, cliFooter); + } else { + //open log(only when actually doing something) + String logFileName = cli.getOptionValue("output-file", String.format("ECTESTER_log_%d.log", System.currentTimeMillis())); + FileOutputStream stdoutStream = new FileOutputStream(logFileName); + systemOutLogger = new DirtyLogger(stdoutStream, true); + + boolean fp = cli.hasOption("fp"); + boolean f2m = cli.hasOption("f2m"); + if (!fp && !f2m) { + fp = true; + f2m = true; + } + int genAmount = Integer.parseInt(cli.getOptionValue("generate", "0")); + int keyLength = Integer.parseInt(cli.getOptionValue("b", "192")); + + if (cli.hasOption("generate")) { + //generate EC keys + if (fp) { + generateECKeys(genAmount, KeyPair.ALG_EC_FP, (short) keyLength, cli.hasOption("anomalous")); + } + if (f2m) { + generateECKeys(genAmount, KeyPair.ALG_EC_F2M, (short) keyLength, cli.hasOption("anomalous")); + } + } else if (cli.hasOption("test")) { + if (cli.hasOption("bit-length")) { + //test only one bitsize + if (fp) { + testSupportECFp((short) keyLength); + } + if (f2m) { + testSupportECFp((short) keyLength); + } + } else { + //test default bit sizes + testSupportECAll(fp, f2m); + testFPkeyGen((short) 10, EC_Consts.CORRUPTION_ONEBYTERANDOM, true); + } + } else { + systemOutLogger.println("You need to specify one of -t / -g [num] commands."); + } + + //close log + systemOutLogger.close(); + } + + //disconnect + cardManager.DisconnectFromCard(); + } catch (Exception ex) { + if (systemOutLogger != null) { + systemOutLogger.println("Exception : " + ex); + } + } + } + private CommandLine parseArgs(String[] args) throws ParseException { + + opts.addOption("h", "help", false, "show this help"); + opts.addOption(Option.builder("g") + .longOpt("generate") + .hasArg() + .optionalArg(true) + .argName("num") + .desc("generate EC keys").build()); + opts.addOption("t", "test", false, "test EC support (default)"); + opts.addOption(Option.builder("b") + .longOpt("bit-length") + .hasArg() + .argName("bits") + .desc("set EC bit size").build()); + opts.addOption("f2m", "use EC over binary-fields"); + opts.addOption("fp", "user EC over prime-fields (default)"); + opts.addOption("s", "anomalous", false, "generate anomalous (non-prime order, small pubkey order) curves"); + opts.addOption(Option.builder("o") + .longOpt("output-file") + .hasArg() + .argName("file") + .desc("output file to log to").build()); + return cliParser.parse(opts, args); + } static short getShort(byte[] array, int offset) { return (short) (((array[offset] & 0xFF) << 8) | (array[offset + 1] & 0xFF)); @@ -50,190 +156,125 @@ public class SimpleAPDU { array[offset] = (byte) ((value >> 8) & 0xFF); } - static void testFPkeyGen_setNumRepeats(byte[] apduArray, short numRepeats) { - setShort(apduArray, INVALIDCURVEB_NUMREPEATS_OFFSET, numRepeats); - } - - static void testFPkeyGen_setCorruptionType(byte[] apduArray, short corruptionType) { - setShort(apduArray, INVALIDCURVEB_CORRUPTIONTYPE_OFFSET, corruptionType); - } - - static void testFPkeyGen_rewindOnSuccess(byte[] apduArray, boolean bRewind) { - apduArray[INVALIDCURVEB_REWINDONSUCCESS_OFFSET] = bRewind ? (byte) 1 : (byte) 0; - } + private boolean ReconnnectToCard() throws Exception { + if (cardManager.isConnected()) { + cardManager.DisconnectFromCard(); + } - static CardMngr ReconnnectToCard() throws Exception { - cardManager.DisconnectFromCard(); - if (cardManager.ConnectToCard()) { + boolean result = cardManager.ConnectToCard(); + if (result) { // Select our application on card cardManager.sendAPDU(SELECT_ECTESTERAPPLET); } - return cardManager; + return result; } - static void testSupportECGivenAlg(byte[] apdu, CardMngr cardManager) throws Exception { + private void testFPkeyGen(short numRepeats, short corruptionType, boolean bRewind) throws Exception { + byte[] apdu = Arrays.copyOf(TESTECSUPPORTALL_FP_KEYGEN_INVALIDCURVEB, TESTECSUPPORTALL_FP_KEYGEN_INVALIDCURVEB.length); + setShort(apdu, INVALIDCURVEB_NUMREPEATS_OFFSET, numRepeats); + setShort(apdu, INVALIDCURVEB_CORRUPTIONTYPE_OFFSET, corruptionType); + apdu[INVALIDCURVEB_REWINDONSUCCESS_OFFSET] = bRewind ? (byte) 1 : (byte) 0; + + ReconnnectToCard(); + ResponseAPDU resp_fp_keygen = cardManager.sendAPDU(apdu); + ResponseAPDU resp_keygen_params = cardManager.sendAPDU(TESTECSUPPORTALL_LASTUSEDPARAMS); + PrintECKeyGenInvalidCurveB(resp_fp_keygen); + PrintECKeyGenInvalidCurveB_lastUserParams(resp_keygen_params); + } + + private void testSupportECGivenAlg(short keyLength, byte keyClass) throws Exception { + byte[] apdu = Arrays.copyOf(TESTECSUPPORT_GIVENALG, TESTECSUPPORT_GIVENALG.length); + apdu[TESTECSUPPORT_ALG_OFFSET] = keyClass; + setShort(apdu, TESTECSUPPORT_KEYLENGTH_OFFSET, keyLength); + ReconnnectToCard(); ResponseAPDU resp = cardManager.sendAPDU(apdu); //byte[] resp = cardManager.sendAPDUSimulator(apdu); PrintECSupport(resp); } - static void testSupportECAll(CardMngr cardManager) throws Exception { - byte[] testAPDU = Arrays.copyOf(TESTECSUPPORT_GIVENALG, TESTECSUPPORT_GIVENALG.length); - - testAPDU[TESTECSUPPORT_ALG_OFFSET] = KeyPair.ALG_EC_FP; - setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 128); - testSupportECGivenAlg(testAPDU, cardManager); - setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 160); - testSupportECGivenAlg(testAPDU, cardManager); - setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 192); - testSupportECGivenAlg(testAPDU, cardManager); - setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 224); - testSupportECGivenAlg(testAPDU, cardManager); - setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 256); - testSupportECGivenAlg(testAPDU, cardManager); - setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 384); - testSupportECGivenAlg(testAPDU, cardManager); - setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 521); - testSupportECGivenAlg(testAPDU, cardManager); - - testAPDU[TESTECSUPPORT_ALG_OFFSET] = KeyPair.ALG_EC_F2M; - setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 113); - testSupportECGivenAlg(testAPDU, cardManager); - setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 131); - testSupportECGivenAlg(testAPDU, cardManager); - setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 163); - testSupportECGivenAlg(testAPDU, cardManager); - setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 193); - testSupportECGivenAlg(testAPDU, cardManager); - + private void testSupportECFp(short keyLength) throws Exception { + testSupportECGivenAlg(keyLength, KeyPair.ALG_EC_FP); } - public static void main(String[] args) throws FileNotFoundException, IOException { - //parse cli args. Should be replaced with some cli parsing library code in the future. - boolean genKeys = false; - int genAmount = 0; - boolean testAll = false; - if (args.length > 0) { - for (int i = 0; i < args.length; i++) { - if (args[i].equals("-g")) { - genKeys = true; - if (args.length >= i + 1) { - try { - genAmount = Integer.parseInt(args[i + 1]); - }catch (NumberFormatException ignored) { - //is another param, genAmount = 0 by default - genAmount = 0; - } + private void testSupportECF2m(short keyLength) throws Exception { + testSupportECGivenAlg(keyLength, KeyPair.ALG_EC_F2M); + } - } - } else if (args[i].equals("-a")) { - testAll = true; - } - } + private void testSupportECAll(boolean testFp, boolean testF2m) throws Exception { + if (testFp) { + testSupportECFp((short) 128); + testSupportECFp((short) 192); + testSupportECFp((short) 224); + testSupportECFp((short) 256); + testSupportECFp((short) 384); + testSupportECFp((short) 521); } - //by default do the test - if (!genKeys && !testAll) { - testAll = true; + if (testF2m) { + testSupportECF2m((short) 113); + testSupportECF2m((short) 131); + testSupportECF2m((short) 163); + testSupportECF2m((short) 193); } + } + private void generateECKeys(int amount, byte keyClass, short keyLength, boolean anomalous) throws Exception { + if (cardManager.ConnectToCardSelect()) { + cardManager.sendAPDU(SELECT_ECTESTERAPPLET); - String logFileName = String.format("ECTESTER_log_%d.log", System.currentTimeMillis()); - FileOutputStream systemOutLogger = new FileOutputStream(logFileName); - m_SystemOutLogger = new DirtyLogger(systemOutLogger, true); - - try { - if (testAll) { - //byte[] installData = new byte[10]; - //byte[] AID = {(byte) 0x4C, (byte) 0x61, (byte) 0x62, (byte) 0x61, (byte) 0x6B, (byte) 0x41, (byte) 0x70, (byte) 0x70, (byte) 0x6C, (byte) 0x65, (byte) 0x74}; - //cardManager.prepareLocalSimulatorApplet(AID, installData, SimpleECCApplet.class); - if (cardManager.ConnectToCard()) { - - // Test all default curves for both fields - testSupportECAll(cardManager); - - // Test setting invalid parameter B of curve - byte[] testAPDU = Arrays.copyOf(TESTECSUPPORTALL_FP_KEYGEN_INVALIDCURVEB, TESTECSUPPORTALL_FP_KEYGEN_INVALIDCURVEB.length); - testFPkeyGen_setCorruptionType(testAPDU, EC_Consts.CORRUPTION_ONEBYTERANDOM); - testFPkeyGen_setNumRepeats(testAPDU, (short) 10); - testFPkeyGen_rewindOnSuccess(testAPDU, true); - - ReconnnectToCard(); - ResponseAPDU resp_fp_keygen = cardManager.sendAPDU(testAPDU); - ResponseAPDU resp_keygen_params = cardManager.sendAPDU(TESTECSUPPORTALL_LASTUSEDPARAMS); - PrintECKeyGenInvalidCurveB(resp_fp_keygen); - PrintECKeyGenInvalidCurveB_lastUserParams(resp_keygen_params); - - cardManager.DisconnectFromCard(); - } else { - m_SystemOutLogger.println("Failed to connect to card"); + String keyFileName = String.format("ECKEYS_%s_%d.log", keyClass == KeyPair.ALG_EC_FP ? "fp" : "f2m", System.currentTimeMillis()); + FileOutputStream keysFile = new FileOutputStream(keyFileName); + + String message = "index;time;pubW;privS\n"; + keysFile.write(message.getBytes()); + byte[] gatherKeyAPDU = Arrays.copyOf(TESTECSUPPORT_GENERATEECCKEY, TESTECSUPPORT_GENERATEECCKEY.length); + // Prepare keypair object + gatherKeyAPDU[ISO7816.OFFSET_P1] = SimpleECCApplet.P1_SETCURVE; + gatherKeyAPDU[GENERATEECKEY_ALG_OFFSET] = keyClass; + setShort(gatherKeyAPDU, GENERATEECKEY_KEYLENGTH_OFFSET, keyLength); + gatherKeyAPDU[GENERATEECKEY_ANOMALOUS_OFFSET] = anomalous ? (byte) 1 : (byte) 0; + ResponseAPDU respGather = cardManager.sendAPDU(gatherKeyAPDU); + + // Generate new keypair + gatherKeyAPDU[ISO7816.OFFSET_P1] = SimpleECCApplet.P1_GENERATEKEYPAIR; + int counter = 0; + while (true) { + counter++; + long elapsed = -System.nanoTime(); + respGather = cardManager.sendAPDU(gatherKeyAPDU); + elapsed += System.nanoTime(); + + byte[] data = respGather.getData(); + int offset = 0; + String pubKeyW = ""; + String privKeyS = ""; + if (data[offset] == EC_Consts.TAG_ECPUBKEY) { + offset++; + short len = getShort(data, offset); + offset += 2; + pubKeyW = CardMngr.bytesToHex(data, offset, len, false); + offset += len; + } + if (data[offset] == EC_Consts.TAG_ECPRIVKEY) { + offset++; + short len = getShort(data, offset); + offset += 2; + privKeyS = CardMngr.bytesToHex(data, offset, len, false); + offset += len; } - } - - if (genKeys) { - // Gather large number of ECC keypairs - if (cardManager.ConnectToCardSelect()) { - cardManager.sendAPDU(SELECT_ECTESTERAPPLET); - - String keyFileName = String.format("ECKEYS_%d.log", System.currentTimeMillis()); - FileOutputStream keysFile = new FileOutputStream(keyFileName); - - String message = "index;time;pubW;privS\n"; - keysFile.write(message.getBytes()); - byte[] gatherKeyAPDU = Arrays.copyOf(TESTECSUPPORT_GENERATEECCKEY, TESTECSUPPORT_GENERATEECCKEY.length); - // Prepare keypair object - gatherKeyAPDU[ISO7816.OFFSET_P1] = SimpleECCApplet.P1_SETCURVE; - setShort(gatherKeyAPDU, (short) 5, (short) 192); // ecc length - ResponseAPDU respGather = cardManager.sendAPDU(gatherKeyAPDU); - - // Generate new keypair - gatherKeyAPDU[ISO7816.OFFSET_P1] = SimpleECCApplet.P1_GENERATEKEYPAIR; - int counter = 0; - while (true) { - counter++; - long elapsed = -System.nanoTime(); - respGather = cardManager.sendAPDU(gatherKeyAPDU); - elapsed += System.nanoTime(); - - byte[] data = respGather.getData(); - int offset = 0; - String pubKeyW = ""; - String privKeyS = ""; - if (data[offset] == EC_Consts.TAG_ECPUBKEY) { - offset++; - short len = getShort(data, offset); - offset += 2; - pubKeyW = CardMngr.bytesToHex(data, offset, len, false); - offset += len; - } - if (data[offset] == EC_Consts.TAG_ECPRIVKEY) { - offset++; - short len = getShort(data, offset); - offset += 2; - privKeyS = CardMngr.bytesToHex(data, offset, len, false); - offset += len; - } - message = String.format("%d;%d;%s;%s\n", counter, elapsed / 1000000, pubKeyW, privKeyS); - keysFile.write(message.getBytes()); + message = String.format("%d;%d;%s;%s\n", counter, elapsed / 1000000, pubKeyW, privKeyS); + keysFile.write(message.getBytes()); - m_SystemOutLogger.flush(); - keysFile.flush(); + this.systemOutLogger.flush(); + keysFile.flush(); - //stop when we have enough keys, go on forever with 0 - if (counter >= genAmount && genAmount != 0) - break; - } - } + //stop when we have enough keys, go on forever with 0 + if (counter >= amount && amount != 0) + break; } - - - } catch (Exception ex) { - m_SystemOutLogger.println("Exception : " + ex); } - - systemOutLogger.close(); } static String getPrintError(short code) { @@ -278,12 +319,12 @@ public class SimpleAPDU { MUST_FAIL } - static int VerifyPrintResult(String message, byte expectedTag, byte[] buffer, int bufferOffset, ExpResult expRes) { + private int VerifyPrintResult(String message, byte expectedTag, byte[] buffer, int bufferOffset, ExpResult expRes) { if (bufferOffset >= buffer.length) { - m_SystemOutLogger.println(" No more data returned"); + systemOutLogger.println(" No more data returned"); } else { if (buffer[bufferOffset] != expectedTag) { - m_SystemOutLogger.println(" ERROR: mismatched tag"); + systemOutLogger.println(" ERROR: mismatched tag"); assert (buffer[bufferOffset] == expectedTag); } bufferOffset++; @@ -298,22 +339,21 @@ public class SimpleAPDU { bHiglight = true; } if (bHiglight) { - m_SystemOutLogger.println(String.format("!! %-50s%s", message, getPrintError(resCode))); + systemOutLogger.println(String.format("!! %-53s%s", message, getPrintError(resCode))); } else { - m_SystemOutLogger.println(String.format(" %-50s%s", message, getPrintError(resCode))); + systemOutLogger.println(String.format(" %-53s%s", message, getPrintError(resCode))); } } return bufferOffset; } - static void PrintECSupport(ResponseAPDU resp) { + private void PrintECSupport(ResponseAPDU resp) { PrintECSupport(resp.getData()); } - static void PrintECSupport(byte[] buffer) { - - m_SystemOutLogger.println(); - m_SystemOutLogger.println("### Test for support and with valid and invalid EC curves"); + private void PrintECSupport(byte[] buffer) { + systemOutLogger.println(); + systemOutLogger.println("### Test for support and with valid and invalid EC curves"); int bufferOffset = 0; while (bufferOffset < buffer.length) { assert (buffer[bufferOffset] == SimpleECCApplet.ECTEST_SEPARATOR); @@ -325,10 +365,10 @@ public class SimpleAPDU { if (buffer[bufferOffset] == KeyPair.ALG_EC_F2M) { ecType = "ALG_EC_F2M"; } - m_SystemOutLogger.println(String.format("%-53s%s", "EC type:", ecType)); + systemOutLogger.println(String.format("%-56s%s", "EC type:", ecType)); bufferOffset++; short keyLen = getShort(buffer, bufferOffset); - m_SystemOutLogger.println(String.format("%-53s%d bits", "EC key length (bits):", keyLen)); + systemOutLogger.println(String.format("%-56s%d bits", "EC key length (bits):", keyLen)); bufferOffset += 2; bufferOffset = VerifyPrintResult("KeyPair object allocation:", SimpleECCApplet.ECTEST_ALLOCATE_KEYPAIR, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED); @@ -346,18 +386,17 @@ public class SimpleAPDU { bufferOffset = VerifyPrintResult("Set invalid field (may fail):", SimpleECCApplet.ECTEST_SET_INVALIDFIELD, buffer, bufferOffset, ExpResult.MAY_FAIL); bufferOffset = VerifyPrintResult("Generate key with invalid field (fail si good):", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_INVALIDFIELD, buffer, bufferOffset, ExpResult.MUST_FAIL); - m_SystemOutLogger.println(); + systemOutLogger.println(); } } - static void PrintECKeyGenInvalidCurveB(ResponseAPDU resp) { + private void PrintECKeyGenInvalidCurveB(ResponseAPDU resp) { PrintECKeyGenInvalidCurveB(resp.getData()); } - static void PrintECKeyGenInvalidCurveB(byte[] buffer) { - - m_SystemOutLogger.println(); - m_SystemOutLogger.println("### Test for computation with invalid parameter B for EC curve"); + private void PrintECKeyGenInvalidCurveB(byte[] buffer) { + systemOutLogger.println(); + systemOutLogger.println("### Test for computation with invalid parameter B for EC curve"); int bufferOffset = 0; while (bufferOffset < buffer.length) { assert (buffer[bufferOffset] == SimpleECCApplet.ECTEST_SEPARATOR); @@ -369,15 +408,15 @@ public class SimpleAPDU { if (buffer[bufferOffset] == KeyPair.ALG_EC_F2M) { ecType = "ALG_EC_F2M"; } - m_SystemOutLogger.println(String.format("%-53s%s", "EC type:", ecType)); + systemOutLogger.println(String.format("%-53s%s", "EC type:", ecType)); bufferOffset++; short keyLen = getShort(buffer, bufferOffset); - m_SystemOutLogger.println(String.format("%-53s%d bits", "EC key length (bits):", keyLen)); + systemOutLogger.println(String.format("%-53s%d bits", "EC key length (bits):", keyLen)); bufferOffset += 2; short numRepeats = getShort(buffer, bufferOffset); bufferOffset += 2; - m_SystemOutLogger.println(String.format("%-53s%d times", "Executed repeats before unexpected error: ", numRepeats)); + systemOutLogger.println(String.format("%-53s%d times", "Executed repeats before unexpected error: ", numRepeats)); bufferOffset = VerifyPrintResult("KeyPair object allocation:", SimpleECCApplet.ECTEST_ALLOCATE_KEYPAIR, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED); while (bufferOffset < buffer.length) { @@ -390,18 +429,22 @@ public class SimpleAPDU { bufferOffset = VerifyPrintResult("Generate key with valid curve:", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED); } - m_SystemOutLogger.println(); + systemOutLogger.println(); } } - static void PrintECKeyGenInvalidCurveB_lastUserParams(ResponseAPDU resp) { + private void PrintECKeyGenInvalidCurveB_lastUserParams(ResponseAPDU resp) { byte[] buffer = resp.getData(); short offset = 0; - m_SystemOutLogger.print("Last used value of B: "); + systemOutLogger.print("Last used value of B: "); while (offset < buffer.length) { - m_SystemOutLogger.print(String.format("%x ", buffer[offset])); + systemOutLogger.print(String.format("%x ", buffer[offset])); offset++; } + } + public static void main(String[] args) throws FileNotFoundException, IOException { + SimpleAPDU app = new SimpleAPDU(); + app.run(args); } } -- cgit v1.2.3-70-g09d2 From da1ee8381f2f7eaf1cfcd4941ec9f95287435625 Mon Sep 17 00:00:00 2001 From: J08nY Date: Sun, 11 Dec 2016 14:20:00 +0100 Subject: Fixed some issues with errors in key generation, and their propagation --- !uploader/simpleECC.cap | Bin 18296 -> 18330 bytes dist/SimpleAPDU.jar | Bin 470966 -> 471079 bytes src/applets/ECKeyGenerator.java | 8 ++--- src/applets/SimpleECCApplet.java | 63 ++++++++++++++++++++------------------- src/simpleapdu/SimpleAPDU.java | 11 +++++++ 5 files changed, 47 insertions(+), 35 deletions(-) (limited to 'src/applets/SimpleECCApplet.java') diff --git a/!uploader/simpleECC.cap b/!uploader/simpleECC.cap index 52fef17..886ce88 100644 Binary files a/!uploader/simpleECC.cap and b/!uploader/simpleECC.cap differ diff --git a/dist/SimpleAPDU.jar b/dist/SimpleAPDU.jar index 1e96259..be5599a 100644 Binary files a/dist/SimpleAPDU.jar and b/dist/SimpleAPDU.jar differ diff --git a/src/applets/ECKeyGenerator.java b/src/applets/ECKeyGenerator.java index 491cd86..2eb5679 100644 --- a/src/applets/ECKeyGenerator.java +++ b/src/applets/ECKeyGenerator.java @@ -215,8 +215,8 @@ public class ECKeyGenerator { public short exportParameter(byte key, short param, byte[] outputBuffer, short outputOffset) { if (key == KEY_BOTH) { - return -1; - }//TODO: change error handling. + ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); + } short length = 0; try { switch (param) { @@ -255,9 +255,9 @@ public class ECKeyGenerator { ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); } } catch (CryptoException ce) { - length = -1; + ISOException.throwIt(ce.getReason()); } catch (Exception e) { - length = -1; + ISOException.throwIt(ISO7816.SW_UNKNOWN); } return length; } diff --git a/src/applets/SimpleECCApplet.java b/src/applets/SimpleECCApplet.java index ecdfa4e..a56250c 100644 --- a/src/applets/SimpleECCApplet.java +++ b/src/applets/SimpleECCApplet.java @@ -14,22 +14,22 @@ public class SimpleECCApplet extends Applet { final static byte CLA_SIMPLEECCAPPLET = (byte) 0xB0; // INSTRUCTIONS - final static byte INS_GENERATEKEY = (byte) 0x5a; - final static byte INS_ALLOCATEKEYPAIRS = (byte) 0x5b; - - final static byte INS_ALLOCATEKEYPAIR = (byte) 0x5c; - final static byte INS_DERIVEECDHSECRET = (byte) 0x5d; - - final static byte INS_TESTECSUPPORTALL_FP = (byte) 0x5e; - final static byte INS_TESTECSUPPORTALL_F2M = (byte) 0x5f; - final static byte INS_TESTEC_GENERATEINVALID_FP = (byte) 0x70; - final static byte INS_TESTECSUPPORT_GIVENALG = (byte) 0x71; - final static byte INS_TESTECSUPPORT_EXTERNAL = (byte) 0x72; - final static byte INS_TESTEC_LASTUSEDPARAMS = (byte) 0x40; - - - public final static byte P1_SETCURVE = (byte) 0x01; - public final static byte P1_GENERATEKEYPAIR = (byte) 0x02; + final static byte INS_GENERATEKEY = (byte) 0x5a; + final static byte INS_ALLOCATEKEYPAIRS = (byte) 0x5b; + + final static byte INS_ALLOCATEKEYPAIR = (byte) 0x5c; + final static byte INS_DERIVEECDHSECRET = (byte) 0x5d; + + final static byte INS_TESTECSUPPORTALL_FP = (byte) 0x5e; + final static byte INS_TESTECSUPPORTALL_F2M = (byte) 0x5f; + final static byte INS_TESTEC_GENERATEINVALID_FP = (byte) 0x70; + final static byte INS_TESTECSUPPORT_GIVENALG = (byte) 0x71; + final static byte INS_TESTECSUPPORT_EXTERNAL = (byte) 0x72; + final static byte INS_TESTEC_LASTUSEDPARAMS = (byte) 0x40; + + + public final static byte P1_SETCURVE = (byte) 0x01; + public final static byte P1_GENERATEKEYPAIR = (byte) 0x02; final static short ARRAY_LENGTH = (short) 0xff; @@ -213,11 +213,11 @@ public class SimpleECCApplet extends Applet { case INS_ALLOCATEKEYPAIRS: AllocateKeyPairs(apdu); break; -*/ +*/ case INS_GENERATEKEY: GenerateAndReturnKey(apdu); break; - default : + default: // The INS code is not supported by the dispatcher ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED); break; @@ -393,7 +393,7 @@ public class SimpleECCApplet extends Applet { bufferOffset++; sw = SW_SKIPPED; if ((testFlags & FLAG_ECTEST_ECDH_AGREEMENT_SMALL_DEGREE_POINT) != (short) 0) { - short pubLength = EC_Consts.getCurveParameter(EC_Consts.getAnomalousCurve(keyClass,keyLen), EC_Consts.PARAMETER_W, m_ramArray, (short) 0); + short pubLength = EC_Consts.getCurveParameter(EC_Consts.getAnomalousCurve(keyClass, keyLen), EC_Consts.PARAMETER_W, m_ramArray, (short) 0); ecPrivKey = ecKeyGenerator.getPrivateKey(); sw = ecKeyTester.testECDH(ecPrivKey, m_ramArray, (short) 0, pubLength, m_ramArray2, (short) 1); } @@ -718,7 +718,6 @@ public class SimpleECCApplet extends Applet { bufferOffset += 2; - // // 2. Set invalid custom curve (many times) // @@ -919,23 +918,23 @@ public class SimpleECCApplet extends Applet { short offset = ISO7816.OFFSET_CDATA; byte keyClass = apdubuf[offset]; offset++; - + short keyLength = Util.getShort(apdubuf, offset); - offset+=2; + offset += 2; byte anomalous = apdubuf[offset]; offset = 0; - + switch (apdubuf[ISO7816.OFFSET_P1]) { case P1_SETCURVE: { ecKeyGenerator.allocatePair(keyClass, keyLength); - if(anomalous != 0) { + + if (anomalous != 0) { ecKeyGenerator.setCustomAnomalousCurve(keyClass, keyLength, m_ramArray, (short) 0); } else { ecKeyGenerator.setCustomCurve(keyClass, keyLength, m_ramArray, (short) 0); } - ecKeyGenerator.generatePair(); ecPubKey = ecKeyGenerator.getPublicKey(); ecPrivKey = ecKeyGenerator.getPrivateKey(); @@ -943,7 +942,10 @@ public class SimpleECCApplet extends Applet { } case P1_GENERATEKEYPAIR: { // Assumption: proper EC keyPair is already allocated and initialized - ecKeyGenerator.generatePair(); + short sw = ecKeyGenerator.generatePair(); + if (sw != ISO7816.SW_NO_ERROR) { + ISOException.throwIt(sw); + } ecPubKey = ecKeyGenerator.getPublicKey(); ecPrivKey = ecKeyGenerator.getPrivateKey(); @@ -951,19 +953,18 @@ public class SimpleECCApplet extends Applet { apdubuf[offset] = EC_Consts.TAG_ECPUBKEY; offset++; offset += 2; // reserve space for length - short len = ecPubKey.getW(apdubuf, offset); + short len = ecKeyGenerator.exportParameter(ECKeyGenerator.KEY_PUBLIC, EC_Consts.PARAMETER_W, apdubuf, offset); Util.setShort(apdubuf, (short) (offset - 2), len); offset += len; apdubuf[offset] = EC_Consts.TAG_ECPRIVKEY; offset++; offset += 2; // reserve space for length - len = ecPrivKey.getS(apdubuf, offset); + len = ecKeyGenerator.exportParameter(ECKeyGenerator.KEY_PRIVATE, EC_Consts.PARAMETER_S, apdubuf, offset); Util.setShort(apdubuf, (short) (offset - 2), len); offset += len; - break; } - default: + default: ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2); } @@ -1019,7 +1020,7 @@ public class SimpleECCApplet extends Applet { } -*/ +*/ } diff --git a/src/simpleapdu/SimpleAPDU.java b/src/simpleapdu/SimpleAPDU.java index 241ef4c..4f291f0 100644 --- a/src/simpleapdu/SimpleAPDU.java +++ b/src/simpleapdu/SimpleAPDU.java @@ -234,7 +234,13 @@ public class SimpleAPDU { gatherKeyAPDU[GENERATEECKEY_ALG_OFFSET] = keyClass; setShort(gatherKeyAPDU, GENERATEECKEY_KEYLENGTH_OFFSET, keyLength); gatherKeyAPDU[GENERATEECKEY_ANOMALOUS_OFFSET] = anomalous ? (byte) 1 : (byte) 0; + ResponseAPDU respGather = cardManager.sendAPDU(gatherKeyAPDU); + if (respGather.getSW() != ISO7816.SW_NO_ERROR) { + systemOutLogger.println(String.format("Card error: %x", respGather.getSW())); + keysFile.close(); + return; + } // Generate new keypair gatherKeyAPDU[ISO7816.OFFSET_P1] = SimpleECCApplet.P1_GENERATEKEYPAIR; @@ -245,6 +251,10 @@ public class SimpleAPDU { respGather = cardManager.sendAPDU(gatherKeyAPDU); elapsed += System.nanoTime(); + if (respGather.getSW() != ISO7816.SW_NO_ERROR) { + systemOutLogger.println(String.format("Card error: %x", respGather.getSW())); + break; + } byte[] data = respGather.getData(); int offset = 0; String pubKeyW = ""; @@ -274,6 +284,7 @@ public class SimpleAPDU { if (counter >= amount && amount != 0) break; } + keysFile.close(); } } -- cgit v1.2.3-70-g09d2